@cotal-ai/connector-claude-code 0.3.1 → 0.4.0

package/README.md

@@ -0,0 +1,11 @@
+# @cotal-ai/connector-claude-code
+
+The Claude Code adapter: a bundled, installed plugin plus `claude/channel` push that turns a
+real `claude` session into a Cotal mesh peer. A thin client over
+[`@cotal-ai/connector-core`](../connector-core).
+
+**Tier:** `extensions/`. Peer-depends [`@cotal-ai/core`](../../packages/core); self-registers on
+import.
+
+See [docs/claude-code-integration.md](../../docs/claude-code-integration.md) for the full
+integration, and the [root AGENTS.md](../../AGENTS.md) for the tier rules.

package/dist/extension.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"extension.d.ts","sourceRoot":"","sources":["../src/extension.ts"],"names":[],"mappings":"AAEA,OAAO,EAA2B,KAAK,SAAS,EAAoC,MAAM,gBAAgB,CAAC;AAmB3G;;;;;GAKG;AACH,eAAO,MAAM,eAAe,EAAE,SA8D7B,CAAC"}
+{"version":3,"file":"extension.d.ts","sourceRoot":"","sources":["../src/extension.ts"],"names":[],"mappings":"AAIA,OAAO,EAA2B,KAAK,SAAS,EAAoC,MAAM,gBAAgB,CAAC;AAoB3G;;;;;GAKG;AACH,eAAO,MAAM,eAAe,EAAE,SA2F7B,CAAC"}

package/dist/extension.js

@@ -1,6 +1,9 @@
-import { resolve } from "node:path";
+import { mkdtempSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import { loadAgentFile, registry } from "@cotal-ai/core";
+import { launchEnv, mcpServerEnvKeys } from "@cotal-ai/connector-core";
 /** Name the cotal MCP server is registered under via --mcp-config (see buildLaunch). */
 const MCP_SERVER_NAME = "cotal";
 /** Channel ref for `--dangerously-load-development-channels`, which turns on the cotal MCP server's
@@ -27,16 +30,25 @@ export const claudeConnector = {
     name: "claude",
     pluginRoot: PLUGIN_ROOT,
     buildLaunch(opts) {
+        // Operator MCP servers shared with this agent (default none — see the --mcp-config block).
+        const shared = opts.mcpServers ?? {};
+        // claude auths via macOS Keychain / an OAuth token, not an env key → forward NO provider key.
+        // The OS allow-list (PATH/HOME/TERM/…) is the only thing inherited from the manager env, plus
+        // — only when a shared server declares them via `${VAR}` — the named secrets it needs (mcpKeys,
+        // by name). The operator's unrelated secrets don't reach the child (P3).
         const env = {
+            ...launchEnv({ mcpKeys: mcpServerEnvKeys(shared) }),
             COTAL_SPACE: opts.space,
             COTAL_NAME: opts.name,
             // Force the connector to emit channel wake-nudges: Claude doesn't advertise the
             // `claude/channel` capability back over MCP, so auto-detection would see it "off".
             COTAL_CHANNEL: "1",
-            // Managed sessions mirror their own transcript to `tr-<name>` so peers can read
-            // what the agent actually did. Personal sessions (no buildLaunch) never mirror.
-            COTAL_TRANSCRIPT: "1",
         };
+        // A session can mirror its own transcript to `tr-<name>` so peers can read what the
+        // agent actually did — OFF by default (transcripts are verbose and may carry sensitive
+        // content); `--transcript` (opts.transcript === true) opts in. Personal sessions never mirror.
+        if (opts.transcript === true)
+            env.COTAL_TRANSCRIPT = "1";
         if (opts.role)
             env.COTAL_ROLE = opts.role;
         if (opts.id)
@@ -54,13 +66,39 @@ export const claudeConnector = {
         // can look something up under `npx` (no repo on disk) without prompting the operator
         // mid-demo. Additive under the default permission mode — leaves other tools as-is.
         args.push("--allowedTools", "WebFetch(domain:github.com),WebFetch(domain:raw.githubusercontent.com)");
-        // Isolate the spawned session's MCP to ONLY the cotal server. --strict-mcp-config drops every
-        // other MCP source — including the operator's personal ~/.claude.json servers (e.g. a headless
-        // Chromium, a DB server) that a meshed teammate never needs and that, multiplied across several
-        // spawns on a busy machine, starve memory and kill the session before it registers presence —
-        // and --mcp-config re-supplies cotal so its tools + presence still load. The plugin itself stays
-        // enabled (its hooks + the dev-channels wake path are unaffected; only MCP config is scoped).
-        args.push("--strict-mcp-config", "--mcp-config", JSON.stringify({ mcpServers: { [MCP_SERVER_NAME]: { command: "node", args: [MCP_CJS] } } }));
+        // Isolate the spawned session's MCP. --strict-mcp-config drops every ambient MCP source —
+        // including the operator's personal ~/.claude.json servers (e.g. a headless Chromium, a DB
+        // server) that a meshed teammate never needs and that, multiplied across several spawns on a
+        // busy machine, starve memory and kill the session before it registers presence — so the ONLY
+        // servers that load are the ones we name in --mcp-config: cotal (always, for its tools +
+        // presence) plus any the operator explicitly opted to share (`shared`, from the cotal config).
+        // The plugin itself stays enabled (its hooks + the dev-channels wake path are unaffected).
+        // cotal is spread LAST so a shared server can never shadow the mesh server by reusing its name.
+        const mcpServers = { ...shared, [MCP_SERVER_NAME]: { command: "node", args: [MCP_CJS] } };
+        // Default (no shared servers): pass the config inline, unchanged. With shared servers, write it
+        // to a file instead and pass the path. Either way the secret stays a `${VAR}` reference (Claude
+        // expands it from the child env at launch — see the mcpKeys forwarding above), never the resolved
+        // value, so nothing secret reaches disk or argv. We prefer the file when sharing because env
+        // expansion is only *documented* for --mcp-config files (inline expansion does work today, but
+        // isn't contracted), and a file keeps a potentially multi-server config off the process argv.
+        // Verified end-to-end on claude 2.1.183: ${VAR} expands in the --mcp-config file and the value
+        // is handed to the shared server. This is host-version behavior — if a future claude stops
+        // expanding here, a shared server would receive a literal `${VAR}`; re-check on host upgrades.
+        let mcpConfig;
+        if (Object.keys(shared).length === 0) {
+            mcpConfig = JSON.stringify({ mcpServers });
+        }
+        else {
+            // A private 0700 temp dir (unique per spawn) holds the 0600 config. mkdtemp can't be raced
+            // by a pre-created or symlinked path the way a predictable name in the world-writable tmpdir
+            // could, and a fresh file guarantees the 0600 mode applies on creation (mode is ignored on an
+            // overwrite). Left for the OS to reap: the file must outlive this call (Claude reads it at
+            // startup and on /mcp reconnect), and buildLaunch doesn't own the child's lifecycle.
+            const dir = mkdtempSync(join(tmpdir(), "cotal-mcp-"));
+            mcpConfig = join(dir, "mcp.json");
+            writeFileSync(mcpConfig, JSON.stringify({ mcpServers }, null, 2), { mode: 0o600 });
+        }
+        args.push("--strict-mcp-config", "--mcp-config", mcpConfig);
         // An agent file carries identity (read in-session via COTAL_AGENT_FILE) plus
         // persona + model, which can only be applied to a `claude` session at launch.
         if (opts.configPath) {

package/dist/extension.js.map

@@ -1 +1 @@
-{"version":3,"file":"extension.js","sourceRoot":"","sources":["../src/extension.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAoD,MAAM,gBAAgB,CAAC;AAE3G,wFAAwF;AACxF,MAAM,eAAe,GAAG,OAAO,CAAC;AAChC;;;;;+EAK+E;AAC/E,MAAM,WAAW,GAAG,UAAU,eAAe,EAAE,CAAC;AAEhD;qEACqE;AACrE,MAAM,WAAW,GAAG,aAAa,CAAC,IAAI,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAClE;0DAC0D;AAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAExD;;;;;GAKG;AACH,MAAM,CAAC,MAAM,eAAe,GAAc;IACxC,IAAI,EAAE,WAAW;IACjB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE,WAAW;IACvB,WAAW,CAAC,IAAgB;QAC1B,MAAM,GAAG,GAA2B;YAClC,WAAW,EAAE,IAAI,CAAC,KAAK;YACvB,UAAU,EAAE,IAAI,CAAC,IAAI;YACrB,gFAAgF;YAChF,mFAAmF;YACnF,aAAa,EAAE,GAAG;YAClB,gFAAgF;YAChF,gFAAgF;YAChF,gBAAgB,EAAE,GAAG;SACtB,CAAC;QACF,IAAI,IAAI,CAAC,IAAI;YAAE,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC;QAC1C,IAAI,IAAI,CAAC,EAAE;YAAE,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,EAAE,CAAC;QACpC,IAAI,IAAI,CAAC,KAAK;YAAE,GAAG,CAAC,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC;QAC7C,IAAI,IAAI,CAAC,OAAO;YAAE,GAAG,CAAC,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC;QAEnD,4EAA4E;QAC5E,mEAAmE;QACnE,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM;YACtB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,yCAAyC,EAAE,WAAW,CAAC;YACvE,CAAC,CAAC,CAAC,yCAAyC,EAAE,WAAW,CAAC,CAAC;QAE7D,kFAAkF;QAClF,qFAAqF;QACrF,mFAAmF;QACnF,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,wEAAwE,CAAC,CAAC;QAEtG,8FAA8F;QAC9F,+FAA+F;QAC/F,gGAAgG;QAChG,8FAA8F;QAC9F,iGAAiG;QACjG,8FAA8F;QAC9F,IAAI,CAAC,IAAI,CACP,qBAAqB,EACrB,cAAc,EACd,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,EAAE,CAAC,eAAe,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,CAC5F,CAAC;QAEF,6EAA6E;QAC7E,8EAA8E;QAC9E,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACtC,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC;YAC5B,MAAM,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;YAChC,IAAI,GAAG,CAAC,OAAO;gBAAE,IAAI,CAAC,IAAI,CAAC,wBAAwB,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAClE,IAAI,GAAG,CAAC,KAAK;gBAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;QACjD,CAAC;QAED,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,IAAI;YACJ,GAAG;YACH,wEAAwE;YACxE,yEAAyE;YACzE,OAAO,EAAE,kBAAkB;SAC5B,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC"}
+{"version":3,"file":"extension.js","sourceRoot":"","sources":["../src/extension.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAoD,MAAM,gBAAgB,CAAC;AAC3G,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAEvE,wFAAwF;AACxF,MAAM,eAAe,GAAG,OAAO,CAAC;AAChC;;;;;+EAK+E;AAC/E,MAAM,WAAW,GAAG,UAAU,eAAe,EAAE,CAAC;AAEhD;qEACqE;AACrE,MAAM,WAAW,GAAG,aAAa,CAAC,IAAI,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAClE;0DAC0D;AAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAExD;;;;;GAKG;AACH,MAAM,CAAC,MAAM,eAAe,GAAc;IACxC,IAAI,EAAE,WAAW;IACjB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE,WAAW;IACvB,WAAW,CAAC,IAAgB;QAC1B,2FAA2F;QAC3F,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;QACrC,8FAA8F;QAC9F,8FAA8F;QAC9F,gGAAgG;QAChG,yEAAyE;QACzE,MAAM,GAAG,GAA2B;YAClC,GAAG,SAAS,CAAC,EAAE,OAAO,EAAE,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;YACnD,WAAW,EAAE,IAAI,CAAC,KAAK;YACvB,UAAU,EAAE,IAAI,CAAC,IAAI;YACrB,gFAAgF;YAChF,mFAAmF;YACnF,aAAa,EAAE,GAAG;SACnB,CAAC;QACF,oFAAoF;QACpF,uFAAuF;QACvF,+FAA+F;QAC/F,IAAI,IAAI,CAAC,UAAU,KAAK,IAAI;YAAE,GAAG,CAAC,gBAAgB,GAAG,GAAG,CAAC;QACzD,IAAI,IAAI,CAAC,IAAI;YAAE,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC;QAC1C,IAAI,IAAI,CAAC,EAAE;YAAE,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,EAAE,CAAC;QACpC,IAAI,IAAI,CAAC,KAAK;YAAE,GAAG,CAAC,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC;QAC7C,IAAI,IAAI,CAAC,OAAO;YAAE,GAAG,CAAC,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC;QAEnD,4EAA4E;QAC5E,mEAAmE;QACnE,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM;YACtB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,yCAAyC,EAAE,WAAW,CAAC;YACvE,CAAC,CAAC,CAAC,yCAAyC,EAAE,WAAW,CAAC,CAAC;QAE7D,kFAAkF;QAClF,qFAAqF;QACrF,mFAAmF;QACnF,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,wEAAwE,CAAC,CAAC;QAEtG,0FAA0F;QAC1F,2FAA2F;QAC3F,6FAA6F;QAC7F,8FAA8F;QAC9F,yFAAyF;QACzF,+FAA+F;QAC/F,2FAA2F;QAC3F,gGAAgG;QAChG,MAAM,UAAU,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC,eAAe,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QAC1F,gGAAgG;QAChG,gGAAgG;QAChG,kGAAkG;QAClG,6FAA6F;QAC7F,+FAA+F;QAC/F,8FAA8F;QAC9F,+FAA+F;QAC/F,2FAA2F;QAC3F,+FAA+F;QAC/F,IAAI,SAAiB,CAAC;QACtB,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,2FAA2F;YAC3F,6FAA6F;YAC7F,8FAA8F;YAC9F,2FAA2F;YAC3F,qFAAqF;YACrF,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,YAAY,CAAC,CAAC,CAAC;YACtD,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YAClC,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACrF,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC;QAE5D,6EAA6E;QAC7E,8EAA8E;QAC9E,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACtC,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC;YAC5B,MAAM,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;YAChC,IAAI,GAAG,CAAC,OAAO;gBAAE,IAAI,CAAC,IAAI,CAAC,wBAAwB,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAClE,IAAI,GAAG,CAAC,KAAK;gBAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;QACjD,CAAC;QAED,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,IAAI;YACJ,GAAG;YACH,wEAAwE;YACxE,yEAAyE;YACzE,OAAO,EAAE,kBAAkB;SAC5B,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC"}

package/dist/hook.cjs

@@ -14708,6 +14708,53 @@ var require_mod6 = __commonJS({
 var import_node_os = require("node:os");
 var import_node_fs2 = require("node:fs");
 
+// ../../packages/core/dist/subjects.js
+function subjectMatches(pattern, subject) {
+  const p = pattern.split(".");
+  const s = subject.split(".");
+  for (let i = 0; i < p.length; i++) {
+    if (p[i] === ">")
+      return i < s.length;
+    if (i >= s.length)
+      return false;
+    if (p[i] === "*")
+      continue;
+    if (p[i] !== s[i])
+      return false;
+  }
+  return p.length === s.length;
+}
+function assertValidChannel(channel) {
+  const segs = channel.split(".");
+  if (!channel.length || segs.some((s) => s.length === 0))
+    throw new Error(`invalid channel "${channel}": empty segment (no leading/trailing/double dots)`);
+  segs.forEach((s, i) => {
+    if (s === ">") {
+      if (i !== segs.length - 1)
+        throw new Error(`invalid channel "${channel}": '>' is only valid as the last segment`);
+      return;
+    }
+    if (s === "*")
+      return;
+    if (!/^[A-Za-z0-9_-]+$/.test(s))
+      throw new Error(`invalid channel "${channel}": segment "${s}" must be a NATS-safe token ([A-Za-z0-9_-]), '*', or '>' \u2014 policy channel names can't contain characters the wire layer would rewrite`);
+  });
+  return channel;
+}
+function channelInAllow(allow, channel) {
+  return allow.some((a) => subjectMatches(a, channel));
+}
+
+// ../../packages/core/dist/resolve.js
+function assertValidName(name) {
+  if (name.length === 0 || name !== name.trim())
+    throw new Error(`invalid name ${JSON.stringify(name)}: must be non-empty with no surrounding whitespace`);
+  if (/[\r\n]/.test(name))
+    throw new Error(`invalid name ${JSON.stringify(name)}: must be a single line`);
+  if (name.includes("/"))
+    throw new Error(`invalid name ${JSON.stringify(name)}: "/" is reserved (the owner/name separator)`);
+}
+
 // ../../packages/core/dist/link.js
 function parseJoinLink(link) {
   const tls = link.startsWith("cotals://");
@@ -16419,10 +16466,28 @@ function loadAgentFile(path) {
   const name = str("name");
   if (!name)
     throw new Error(`agent file ${path}: "name" is required`);
+  assertValidName(name);
   const kind = str("kind");
   if (kind && kind !== "agent" && kind !== "endpoint")
     throw new Error(`agent file ${path}: "kind" must be "agent" or "endpoint"`);
-  const known = /* @__PURE__ */ new Set(["name", "role", "kind", "description", "tags", "channels", "publish", "model"]);
+  for (const old of ["channels", "publish"])
+    if (old in fm)
+      throw new Error(`agent file ${path}: "${old}" was renamed \u2014 use "subscribe"/"allowSubscribe" (read) and "allowPublish" (post)`);
+  const subscribe = list("subscribe");
+  const allowSubscribe = list("allowSubscribe");
+  const allowPublish = list("allowPublish");
+  for (const ch of [...subscribe ?? [], ...allowSubscribe ?? [], ...allowPublish ?? []])
+    try {
+      assertValidChannel(ch);
+    } catch (e) {
+      throw new Error(`agent file ${path}: ${e.message}`);
+    }
+  const effSubscribe = subscribe?.length ? subscribe : ["general"];
+  const effAllow = allowSubscribe?.length ? allowSubscribe : effSubscribe;
+  for (const ch of effSubscribe)
+    if (!channelInAllow(effAllow, ch))
+      throw new Error(`agent file ${path}: subscribe channel "${ch}" is not within allowSubscribe [${effAllow.join(", ")}]`);
+  const known = /* @__PURE__ */ new Set(["name", "role", "kind", "description", "tags", "subscribe", "allowSubscribe", "allowPublish", "model", "capabilities", "owner"]);
   const meta = {};
   for (const [k, v] of Object.entries(fm))
     if (!known.has(k) && typeof v === "string")
@@ -16433,9 +16498,12 @@ function loadAgentFile(path) {
     kind,
     description: str("description"),
     tags: list("tags"),
-    channels: list("channels"),
-    publish: list("publish"),
+    subscribe,
+    allowSubscribe,
+    allowPublish,
     model: str("model"),
+    capabilities: list("capabilities"),
+    owner: str("owner"),
     meta: Object.keys(meta).length ? meta : void 0,
     persona: persona || void 0
   };
@@ -16493,9 +16561,17 @@ function configFromEnv(env = process.env) {
   const name = env.COTAL_NAME?.trim() || def?.name || (link ? (0, import_node_os.userInfo)().username : void 0);
   if (!name)
     throw new Error("COTAL_NAME, COTAL_AGENT_FILE or COTAL_LINK is required \u2014 a Cotal session needs an explicit identity from its launcher");
-  const channels = splitList(env.COTAL_CHANNELS);
-  const resolvedChannels = channels.length ? channels : def?.channels ?? link?.channels ?? ["general"];
-  const publish = splitList(env.COTAL_PUBLISH);
+  const subscribe = splitList(env.COTAL_SUBSCRIBE);
+  const resolvedSubscribe = subscribe.length ? subscribe : def?.subscribe ?? link?.channels ?? ["general"];
+  const allowSub = splitList(env.COTAL_ALLOW_SUBSCRIBE);
+  const resolvedAllowSub = allowSub.length ? allowSub : def?.allowSubscribe ?? resolvedSubscribe;
+  for (const ch of resolvedSubscribe)
+    if (!channelInAllow(resolvedAllowSub, ch))
+      throw new Error(`COTAL config: subscribe channel "${ch}" is not within allowSubscribe [${resolvedAllowSub.join(", ")}]`);
+  const allowPub = splitList(env.COTAL_ALLOW_PUBLISH);
+  const resolvedAllowPub = allowPub.length ? allowPub : def?.allowPublish ?? [];
+  for (const ch of [...resolvedSubscribe, ...resolvedAllowSub, ...resolvedAllowPub])
+    assertValidChannel(ch);
   const credsPath = env.COTAL_CREDS?.trim();
   return {
     space: env.COTAL_SPACE?.trim() || link?.space || "demo",
@@ -16506,8 +16582,11 @@ function configFromEnv(env = process.env) {
     description: def?.description,
     tags: def?.tags,
     servers: env.COTAL_SERVERS?.trim() || link?.servers || DEFAULT_SERVER,
-    channels: resolvedChannels,
-    publish: publish.length ? publish : def?.publish ?? resolvedChannels,
+    subscribe: resolvedSubscribe,
+    allowSubscribe: resolvedAllowSub,
+    // Post ACL is default-DENY: only what's explicitly declared (env > agent-file). The broker
+    // enforces it under auth; in open mode posting is unrestricted regardless (see laneLine).
+    allowPublish: resolvedAllowPub,
     kind: env.COTAL_KIND?.trim() || def?.kind || "agent",
     token: env.COTAL_TOKEN?.trim() || link?.token,
     user: link?.user,