@gajae-code/coding-agent 0.6.5 → 0.7.1

package/src/main.ts

@@ -47,6 +47,7 @@ import {
 import type { AgentSession } from "./session/agent-session";
 import type { AuthStorage } from "./session/auth-storage";
 import { resolveResumableSession, type SessionInfo, SessionManager } from "./session/session-manager";
+import { runStartupCredentialAutoImportIfNeeded } from "./setup/credential-auto-import";
 import { formatModelOnboardingGuidance } from "./setup/model-onboarding-guidance";
 import { executeBuiltinSlashCommand } from "./slash-commands/builtin-registry";
 import { resolvePromptInput } from "./system-prompt";
@@ -856,6 +857,14 @@ export async function runRootCommand(
 		settingsInstance.get("theme.light"),
 	);
 
+	const credentialAutoImportNotice = isInteractive
+		? await logger.time("credentialAutoImport", runStartupCredentialAutoImportIfNeeded, {
+				authStorage,
+				modelRegistry,
+				agentDir: settingsInstance.getAgentDir(),
+			})
+		: undefined;
+
 	let scopedModels: ScopedModel[] = [];
 	const modelPatterns = parsedArgs.models ?? settingsInstance.get("enabledModels");
 	const modelMatchPreferences = {
@@ -895,6 +904,24 @@ export async function runRootCommand(
 		sessionManager = await SessionManager.open(selectedPath);
 	}
 
+	// Restore the resumed session's working directory so the HUD branch, the
+	// project path, and the agent's tools all match where the session was
+	// created. A `--worktree` session lives in a linked worktree whose path
+	// differs from where `--continue`/`--resume` is invoked, which would
+	// otherwise leave the HUD pinned to the main checkout's branch.
+	if (sessionManager && !parsedArgs.cwd) {
+		const sessionCwd = sessionManager.getCwd();
+		if (sessionCwd && normalizePathForComparison(sessionCwd) !== normalizePathForComparison(getProjectDir())) {
+			try {
+				if ((await fs.stat(sessionCwd)).isDirectory()) {
+					setProjectDir(sessionCwd);
+				}
+			} catch {
+				// Session cwd no longer exists (e.g. worktree removed); keep current dir.
+			}
+		}
+	}
+
 	const { options: sessionOptions } = await logger.time(
 		"buildSessionOptions",
 		buildSessionOptions,
@@ -976,6 +1003,9 @@ export async function runRootCommand(
 		if (modelRegistryError) {
 			notifs.push({ kind: "error", message: modelRegistryError.message });
 		}
+		if (credentialAutoImportNotice) {
+			notifs.push({ kind: "info", message: credentialAutoImportNotice });
+		}
 
 		if (isInteractive && !session.model && !modelFallbackMessage) {
 			notifs.push({

package/src/modes/acp/acp-event-mapper.ts

@@ -244,6 +244,7 @@ export function mapAgentSessionEventToAcpSessionUpdates(
 		case "retry_fallback_succeeded":
 		case "ttsr_triggered":
 		case "irc_message":
+		case "subagent_steer_message":
 		case "notice":
 		case "thinking_level_changed":
 		case "goal_updated":

package/src/modes/components/hook-editor.ts

@@ -17,6 +17,10 @@ export interface HookEditorOptions {
 	promptStyle?: boolean;
 }
 
+function isWindowsRawLfNewlineInput(keyData: string): boolean {
+	return process.platform === "win32" && keyData === "\n";
+}
+
 export class HookEditorComponent extends Container {
 	#editor: Editor;
 	#onSubmitCallback: (value: string) => void;
@@ -92,8 +96,9 @@ export class HookEditorComponent extends Container {
 			return;
 		}
 
-		// Submit on any plain Enter encoding, including terminals that report unmodified Enter as LF.
-		if (matchesKey(keyData, "enter") || matchesKey(keyData, "return")) {
+		// Submit on plain Enter encodings. On Windows, raw LF is reserved for terminal
+		// newline mappings (Shift+Enter/Ctrl+J/Ctrl+Enter); plain Enter reports CR.
+		if (!isWindowsRawLfNewlineInput(keyData) && (matchesKey(keyData, "enter") || matchesKey(keyData, "return"))) {
 			this.#onSubmitCallback(this.#editor.getText());
 			return;
 		}

package/src/modes/components/oauth-selector.ts

@@ -4,6 +4,7 @@ import { Container, matchesKey, Spacer, TruncatedText } from "@gajae-code/tui";
 import { theme } from "../../modes/theme/theme";
 import { matchesSelectCancel } from "../../modes/utils/keybinding-matchers";
 import type { AuthStorage } from "../../session/auth-storage";
+import type { ImportableCredential } from "../../setup/credential-import";
 import { DynamicBorder } from "./dynamic-border";
 
 const OAUTH_SELECTOR_MAX_VISIBLE = 10;
@@ -22,6 +23,7 @@ export class OAuthSelectorComponent extends Container {
 	#validateAuthCallback?: (providerId: string) => Promise<boolean>;
 	#requestRenderCallback?: () => void;
 	#authState: Map<string, "checking" | "valid" | "invalid"> = new Map();
+	#externalCredentialCandidates: ImportableCredential[] = [];
 	#spinnerFrame: number = 0;
 	#spinnerInterval?: NodeJS.Timeout;
 	#validationGeneration: number = 0;
@@ -33,6 +35,7 @@ export class OAuthSelectorComponent extends Container {
 		options?: {
 			validateAuth?: (providerId: string) => Promise<boolean>;
 			requestRender?: () => void;
+			externalCredentialCandidates?: ImportableCredential[];
 		},
 	) {
 		super();
@@ -42,6 +45,7 @@ export class OAuthSelectorComponent extends Container {
 		this.#onCancelCallback = onCancel;
 		this.#validateAuthCallback = options?.validateAuth;
 		this.#requestRenderCallback = options?.requestRender;
+		this.#externalCredentialCandidates = options?.externalCredentialCandidates ?? [];
 		// Load all OAuth providers
 		this.#loadProviders();
 		this.addChild(new DynamicBorder());
@@ -195,6 +199,21 @@ export class OAuthSelectorComponent extends Container {
 			this.#listContainer.addChild(new Spacer(1));
 			this.#listContainer.addChild(new TruncatedText(theme.fg("warning", `  ${this.#statusMessage}`), 0, 0));
 		}
+		if (this.#mode === "login" && this.#externalCredentialCandidates.length > 0) {
+			this.#listContainer.addChild(new Spacer(1));
+			for (const credential of this.#externalCredentialCandidates) {
+				this.#listContainer.addChild(
+					new TruncatedText(
+						theme.fg(
+							"success",
+							`  ${theme.status.success} Imported ${credential.provider} from ${credential.source}`,
+						),
+						0,
+						0,
+					),
+				);
+			}
+		}
 	}
 	handleInput(keyData: string): void {
 		// Up arrow

package/src/modes/controllers/event-controller.ts

@@ -83,6 +83,7 @@ export class EventController {
 			todo_reminder: e => this.#handleTodoReminder(e),
 			todo_auto_clear: e => this.#handleTodoAutoClear(e),
 			irc_message: e => this.#handleIrcMessage(e),
+			subagent_steer_message: e => this.#handleSubagentSteerMessage(e),
 			notice: e => this.#handleNotice(e),
 			thinking_level_changed: async () => {},
 			goal_updated: async () => {},
@@ -284,6 +285,25 @@ export class EventController {
 		this.ctx.ui.requestRender();
 	}
 
+	async #handleSubagentSteerMessage(
+		event: Extract<AgentSessionEvent, { type: "subagent_steer_message" }>,
+	): Promise<void> {
+		const details = event.message.details as
+			| { observationId?: string; from?: string; to?: string; body?: string; state?: string }
+			| undefined;
+		const obsId = details?.observationId;
+		const signature = obsId
+			? `steer:${obsId}`
+			: `${event.message.role}:${event.message.customType}:${event.message.timestamp}:${details?.from}:${details?.to}:${details?.state}:${details?.body}`;
+		if (this.#renderedCustomMessages.has(signature)) {
+			return;
+		}
+		this.#renderedCustomMessages.add(signature);
+		this.#resetReadGroup();
+		this.ctx.addMessageToChat(event.message);
+		this.ctx.ui.requestRender();
+	}
+
 	#scheduleIrcExpiry(signature: string, components: Component[]): void {
 		if (components.length === 0 || this.#ircExpiryTimers.has(signature)) return;
 		const timer = setTimeout(() => {

package/src/modes/controllers/selector-controller.ts

@@ -29,10 +29,14 @@ import {
 	setTheme,
 	theme,
 } from "../../modes/theme/theme";
-import type { InteractiveModeContext } from "../../modes/types";
+import type { InteractiveModeContext, OAuthSelectorOptions } from "../../modes/types";
 import { type SessionInfo, SessionManager } from "../../session/session-manager";
 import { FileSessionStorage } from "../../session/session-storage";
-import { discoverExternalCredentials, formatDiscoverySummary, importCredentials } from "../../setup/credential-import";
+import {
+	CREDENTIAL_AUTO_IMPORT_ROTATION_WARNING,
+	runExternalCredentialAutoImport,
+} from "../../setup/credential-auto-import";
+import { filterAutoImportOAuthCredentials, formatDiscoverySummary } from "../../setup/credential-import";
 import {
 	MODEL_ONBOARDING_API_PROVIDER_COMMAND,
 	MODEL_ONBOARDING_PROVIDER_PRESET_COMMAND,
@@ -156,10 +160,22 @@ export class SelectorController {
 
 	async #handleCredentialImport(): Promise<void> {
 		this.ctx.showStatus("Scanning for existing Claude Code / Codex CLI credentials…");
-		const result = await discoverExternalCredentials();
-		const summaryLines = formatDiscoverySummary(result);
+		const preview = await runExternalCredentialAutoImport({
+			authStorage: {
+				importCredentialIfAbsent: async () => ({
+					inserted: false,
+					reason: "skipped-existing",
+					provider: "",
+					entries: [],
+				}),
+			},
+			trigger: "bare-login",
+		});
+		const result = preview.discovery ?? { importable: [], skipped: [], environment: [] };
+		const candidates = filterAutoImportOAuthCredentials(result.importable);
+		const summaryLines = formatDiscoverySummary({ ...result, importable: candidates });
 
-		if (result.importable.length === 0) {
+		if (candidates.length === 0) {
 			this.ctx.chatContainer.addChild(new Spacer(1));
 			for (const line of summaryLines) {
 				this.ctx.chatContainer.addChild(new Text(theme.fg("dim", line), 1, 0));
@@ -168,7 +184,7 @@ export class SelectorController {
 				new Text(
 					theme.fg(
 						"warning",
-						"No importable Claude/Codex credentials found. Use /login or add a custom provider.",
+						"No importable Claude/Codex OAuth credentials found. Use /login or add a custom provider.",
 					),
 					1,
 					0,
@@ -179,7 +195,7 @@ export class SelectorController {
 		}
 
 		const confirmed = await this.ctx.showHookConfirm(
-			`Import ${result.importable.length} credential(s)?`,
+			`Import ${candidates.length} credential(s)?`,
 			summaryLines.join("\n"),
 		);
 		if (!confirmed) {
@@ -187,9 +203,10 @@ export class SelectorController {
 			return;
 		}
 
-		const summary = await importCredentials(result.importable, (provider, credential) =>
-			this.ctx.session.modelRegistry.authStorage.upsertCredential(provider, credential),
-		);
+		const summary = await runExternalCredentialAutoImport({
+			authStorage: this.ctx.session.modelRegistry.authStorage,
+			trigger: "bare-login",
+		});
 		await this.ctx.session.modelRegistry.refresh();
 
 		this.ctx.chatContainer.addChild(new Spacer(1));
@@ -202,13 +219,15 @@ export class SelectorController {
 				),
 			);
 		}
-		for (const failure of summary.failed) {
+		for (const skip of summary.skipped) {
 			this.ctx.chatContainer.addChild(
-				new Text(
-					theme.fg("error", `${theme.status.error} Failed ${failure.credential.provider}: ${failure.error}`),
-					1,
-					0,
-				),
+				new Text(theme.fg("dim", `${theme.status.info} Skipped ${skip.credential.provider}: ${skip.reason}`), 1, 0),
+			);
+		}
+		for (const failure of summary.failures) {
+			const provider = failure.credential?.provider ?? failure.origin ?? "credential discovery";
+			this.ctx.chatContainer.addChild(
+				new Text(theme.fg("error", `${theme.status.error} Failed ${provider}: ${failure.failureClass}`), 1, 0),
 			);
 		}
 		if (summary.imported.length > 0) {
@@ -1232,7 +1251,11 @@ export class SelectorController {
 		}
 	}
 
-	async showOAuthSelector(mode: "login" | "logout", providerId?: string): Promise<void> {
+	async showOAuthSelector(
+		mode: "login" | "logout",
+		providerId?: string,
+		options?: OAuthSelectorOptions,
+	): Promise<void> {
 		if (providerId) {
 			const oauthProvider = getOAuthProviders().find(provider => provider.id === providerId);
 			if (!oauthProvider && !this.ctx.session.modelRegistry.getModelProfiles().has(providerId)) {
@@ -1259,6 +1282,45 @@ export class SelectorController {
 			}
 		}
 
+		let externalCredentialCandidates: ReturnType<typeof filterAutoImportOAuthCredentials> = [];
+		if (
+			mode === "login" &&
+			providerId === undefined &&
+			options?.allowExternalCredentialDiscovery === true &&
+			options.trigger === "bare-login"
+		) {
+			const preview = await runExternalCredentialAutoImport({
+				authStorage: {
+					importCredentialIfAbsent: async () => ({
+						inserted: false,
+						reason: "skipped-existing",
+						provider: "",
+						entries: [],
+					}),
+				},
+				trigger: "bare-login",
+				discover: options.externalCredentialDiscover,
+			});
+			const result = preview.discovery ?? { importable: [], skipped: [], environment: [] };
+			const candidates = filterAutoImportOAuthCredentials(result.importable);
+			if (candidates.length > 0) {
+				const confirmed = await this.ctx.showHookConfirm(
+					`Import ${candidates.length} external credential(s)?`,
+					`${formatDiscoverySummary({ ...result, importable: candidates }).join("\n")}\n\n${CREDENTIAL_AUTO_IMPORT_ROTATION_WARNING}`,
+				);
+				if (confirmed) {
+					const summary = await runExternalCredentialAutoImport({
+						authStorage: this.ctx.session.modelRegistry.authStorage,
+						trigger: "bare-login",
+						discover: options.externalCredentialDiscover,
+					});
+					externalCredentialCandidates = summary.imported;
+					if (externalCredentialCandidates.length > 0) {
+						await this.ctx.session.modelRegistry.refresh("offline");
+					}
+				}
+			}
+		}
 		this.showSelector(done => {
 			let selector: OAuthSelectorComponent;
 			selector = new OAuthSelectorComponent(
@@ -1289,6 +1351,7 @@ export class SelectorController {
 					requestRender: () => {
 						this.ctx.ui.requestRender();
 					},
+					externalCredentialCandidates,
 				},
 			);
 			return { component: selector, focus: selector };

package/src/modes/interactive-mode.ts

@@ -2502,8 +2502,12 @@ export class InteractiveMode implements InteractiveModeContext {
 		return this.#selectorController.handleSessionDeleteCommand();
 	}
 
-	showOAuthSelector(mode: "login" | "logout", providerId?: string): Promise<void> {
-		return this.#selectorController.showOAuthSelector(mode, providerId);
+	showOAuthSelector(
+		mode: "login" | "logout",
+		providerId?: string,
+		options?: import("./types").OAuthSelectorOptions,
+	): Promise<void> {
+		return this.#selectorController.showOAuthSelector(mode, providerId, options);
 	}
 
 	showHookConfirm(title: string, message: string): Promise<boolean> {

package/src/modes/runtime-init.ts

@@ -78,6 +78,7 @@ export async function initializeExtensions(session: AgentSession, options: Initi
 			shutdown,
 			getContextUsage: () => session.getContextUsage(),
 			getSystemPrompt: () => session.systemPrompt,
+			getWorkflowGate: () => session.getWorkflowGateEmitter(),
 			compact: instructionsOrOptions => runExtensionCompact(session, instructionsOrOptions),
 		},
 		// ExtensionCommandContextActions — commands invokable via prompt("/command")

package/src/modes/shared/agent-wire/event-contract.ts

@@ -49,6 +49,7 @@ const AGENT_SESSION_EVENT_TYPE_REGISTRY: Record<AgentWireEventType, true> = {
 	todo_reminder: true,
 	todo_auto_clear: true,
 	irc_message: true,
+	subagent_steer_message: true,
 	notice: true,
 	thinking_level_changed: true,
 	goal_updated: true,

package/src/modes/shared/agent-wire/event-envelope.ts

@@ -50,6 +50,7 @@ export function agentSessionEventType(event: AgentSessionEvent): AgentWireEventT
 		case "todo_reminder":
 		case "todo_auto_clear":
 		case "irc_message":
+		case "subagent_steer_message":
 		case "notice":
 		case "thinking_level_changed":
 		case "goal_updated":

package/src/modes/shared/agent-wire/event-observation.ts

@@ -235,6 +235,22 @@ export function observeAgentSessionEvent(event: AgentSessionEvent): AgentWireOwn
 				semantic: false,
 				coalesceKey: null,
 			});
+		case "subagent_steer_message": {
+			const details = recordObject(event.message.details);
+			return obs(event, {
+				kind: "rpc_subagent_steer",
+				signal: null,
+				evidence: {
+					from: str(details?.from) ?? null,
+					to: str(details?.to) ?? null,
+					state: str(details?.state) ?? null,
+					observationId: str(details?.observationId) ?? null,
+				},
+				severity: "info",
+				semantic: false,
+				coalesceKey: null,
+			});
+		}
 		case "notice": {
 			const level = event.level;
 			return obs(event, {

package/src/modes/shared/agent-wire/unattended-session.ts

@@ -59,6 +59,14 @@ export interface WorkflowGateEmitter {
 	isUnattended(): boolean;
 	/** Open + emit a gate; resolves with the agent's answer (from workflow_gate_response). */
 	emitGate(input: OpenGateInput): Promise<unknown>;
+	/**
+	 * Optional bridge surface (present on {@link UnattendedSessionControlPlane}) that
+	 * lets an in-process extension observe emitted gates and answer them — used by
+	 * the notifications SDK to resolve a real ask gate from a remote reply.
+	 */
+	onGateEmitted?(listener: (gate: RpcWorkflowGate) => void): () => void;
+	resolveGate?(response: RpcWorkflowGateResponse): Promise<RpcWorkflowGateResolution>;
+	listPendingGates?(): RpcWorkflowGate[];
 }
 
 export interface UnattendedSessionOptions {
@@ -82,6 +90,7 @@ export class UnattendedSessionControlPlane implements RpcUnattendedControlPlane,
 	#broker: WorkflowGateBroker | undefined;
 	readonly #pending = new Map<string, { resolve: (answer: unknown) => void; reject: (err: Error) => void }>();
 	readonly #earlyAnswers = new Map<string, unknown>();
+	readonly #gateListeners = new Set<(gate: RpcWorkflowGate) => void>();
 
 	constructor(private readonly opts: UnattendedSessionOptions) {}
 
@@ -89,6 +98,12 @@ export class UnattendedSessionControlPlane implements RpcUnattendedControlPlane,
 		return this.#controller !== undefined;
 	}
 
+	/** Observe every emitted gate (e.g. so an extension can map an ask to its gate_id). */
+	onGateEmitted(listener: (gate: RpcWorkflowGate) => void): () => void {
+		this.#gateListeners.add(listener);
+		return () => this.#gateListeners.delete(listener);
+	}
+
 	get controller(): UnattendedRunController | undefined {
 		return this.#controller;
 	}
@@ -195,6 +210,13 @@ export class UnattendedSessionControlPlane implements RpcUnattendedControlPlane,
 			return Promise.reject(new Error("cannot emit a workflow gate before unattended mode is negotiated"));
 		}
 		const gate = this.#broker.openGate(input);
+		for (const listener of this.#gateListeners) {
+			try {
+				listener(gate);
+			} catch {
+				// A misbehaving observer must never break gate emission.
+			}
+		}
 		if (this.#earlyAnswers.has(gate.gate_id)) {
 			const answer = this.#earlyAnswers.get(gate.gate_id);
 			this.#earlyAnswers.delete(gate.gate_id);

package/src/modes/types.ts

@@ -17,6 +17,7 @@ import type { MCPManager } from "../runtime-mcp";
 import type { AgentSession, AgentSessionEvent } from "../session/agent-session";
 import type { HistoryStorage } from "../session/history-storage";
 import type { SessionContext, SessionManager } from "../session/session-manager";
+import type { CredentialAutoImportOptions } from "../setup/credential-auto-import";
 import type { LspStartupServerInfo } from "../tools";
 import type { AssistantMessageComponent } from "./components/assistant-message";
 import type { BashExecutionComponent } from "./components/bash-execution";
@@ -247,7 +248,7 @@ export interface InteractiveModeContext {
 	showSessionSelector(): void;
 	handleResumeSession(sessionPath: string): Promise<void>;
 	handleSessionDeleteCommand(): Promise<void>;
-	showOAuthSelector(mode: "login" | "logout", providerId?: string): Promise<void>;
+	showOAuthSelector(mode: "login" | "logout", providerId?: string, options?: OAuthSelectorOptions): Promise<void>;
 	showHookConfirm(title: string, message: string): Promise<boolean>;
 	showDebugSelector(): void;
 	showSessionObserver(): void;
@@ -311,3 +312,8 @@ export interface InteractiveModeContext {
 	showExtensionError(extensionPath: string, error: string): void;
 	showToolError(toolName: string, error: string): void;
 }
+export interface OAuthSelectorOptions {
+	allowExternalCredentialDiscovery?: boolean;
+	trigger?: "bare-login";
+	externalCredentialDiscover?: CredentialAutoImportOptions["discover"];
+}

package/src/modes/utils/ui-helpers.ts

@@ -203,6 +203,29 @@ export class UiHelpers {
 						}
 						return components;
 					}
+					if (message.customType === "subagent:steer" || message.customType === "subagent:steer:relay") {
+						const details = (
+							message as CustomMessage<{
+								from?: string;
+								to?: string;
+								body?: string;
+								state?: string;
+							}>
+						).details;
+						const components: Component[] = [];
+						const header = `${theme.fg("accent", `[Steer ${details?.state ?? "queued"}] ${details?.from ?? "?"} ⇨ ${details?.to ?? "?"}`)}`;
+						const headerComponent = new Text(header, 1, 0);
+						this.ctx.chatContainer.addChild(headerComponent);
+						components.push(headerComponent);
+						if (details?.body) {
+							for (const line of details.body.split("\n")) {
+								const lineComponent = new Text(theme.fg("muted", `  ${line}`), 0, 0);
+								this.ctx.chatContainer.addChild(lineComponent);
+								components.push(lineComponent);
+							}
+						}
+						return components;
+					}
 					const renderer = this.ctx.session.extensionRunner?.getMessageRenderer(message.customType);
 					// Both HookMessage and CustomMessage have the same structure, cast for compatibility
 					const component = new CustomMessageComponent(message as CustomMessage<unknown>, renderer);

package/src/notifications/config-commands.ts

@@ -0,0 +1,50 @@
+/**
+ * In-thread configuration slash commands for the threaded session surface.
+ *
+ * Replies are thread-native now (the old `/answer <sessionId> …` command is
+ * removed), but the user can still adjust per-surface behaviour from inside a
+ * session thread with small slash commands:
+ *
+ * - `/verbose`            switch the mirror to verbose (full tool output + reasoning)
+ * - `/lean`               switch back to lean (assistant text + tool names)
+ * - `/verbosity lean|verbose`
+ * - `/redact on|off`      toggle redaction of streamed content
+ *
+ * This parser is pure so the command grammar is unit-testable; the daemon maps
+ * the returned change onto a `config_command` frame / settings update.
+ */
+
+/** A parsed in-thread configuration change. */
+export interface ConfigCommandChange {
+	verbosity?: "lean" | "verbose";
+	redact?: boolean;
+}
+
+/**
+ * Parse an in-thread config command. Returns the requested change, or
+ * `undefined` when the text is not a recognised config command (so the daemon
+ * can fall through to treating it as a free-text injection).
+ */
+export function parseInThreadConfigCommand(text: string): ConfigCommandChange | undefined {
+	const trimmed = text.trim();
+	if (!trimmed.startsWith("/")) return undefined;
+	const [rawCommand, ...rest] = trimmed.slice(1).split(/\s+/);
+	const command = rawCommand?.toLowerCase();
+	const arg = rest[0]?.toLowerCase();
+
+	switch (command) {
+		case "verbose":
+			return { verbosity: "verbose" };
+		case "lean":
+			return { verbosity: "lean" };
+		case "verbosity":
+			if (arg === "lean" || arg === "verbose") return { verbosity: arg };
+			return undefined;
+		case "redact":
+			if (arg === "on" || arg === "true" || arg === "1") return { redact: true };
+			if (arg === "off" || arg === "false" || arg === "0") return { redact: false };
+			return undefined;
+		default:
+			return undefined;
+	}
+}

package/src/notifications/config.ts

@@ -0,0 +1,107 @@
+import * as crypto from "node:crypto";
+import type { Settings } from "../config/settings";
+
+export interface NotificationConfig {
+	enabled: boolean;
+	botToken?: string;
+	chatId?: string;
+	redact: boolean;
+	verbosity: "lean" | "verbose";
+	idleTimeoutMs: number;
+}
+
+/** Read typed config from Settings. */
+export function getNotificationConfig(settings: Settings): NotificationConfig {
+	return {
+		enabled: settings.get("notifications.enabled"),
+		botToken: settings.get("notifications.telegram.botToken"),
+		chatId: settings.get("notifications.telegram.chatId"),
+		redact: settings.get("notifications.redact"),
+		verbosity: settings.get("notifications.verbosity") === "verbose" ? "verbose" : "lean",
+		idleTimeoutMs: settings.get("notifications.daemon.idleTimeoutMs"),
+	};
+}
+
+/** Is global config sufficient for auto-on (enabled + botToken + chatId all present)? */
+export function isGloballyConfigured(cfg: NotificationConfig): boolean {
+	return cfg.enabled && Boolean(cfg.botToken) && Boolean(cfg.chatId);
+}
+
+/** Resolve whether the notifications extension should be registered at SDK startup. */
+export function shouldRegisterNotificationsExtension(input: {
+	env: NodeJS.ProcessEnv;
+	cfg?: NotificationConfig;
+}): boolean {
+	if (input.env.GJC_NOTIFICATIONS === "0") return false;
+	if (input.env.GJC_NOTIFICATIONS === "1" || input.env.GJC_NOTIFICATIONS_TOKEN) return true;
+	return input.cfg ? isGloballyConfigured(input.cfg) : false;
+}
+
+/**
+ * Resolve whether THIS session should run notifications.
+ * Precedence (highest first):
+ *  1) env.GJC_NOTIFICATIONS === "0"  -> false (hard opt-out)
+ *  2) sessionDisabled === true       -> false (local /notify off)
+ *  3) env.GJC_NOTIFICATIONS === "1" || env.GJC_NOTIFICATIONS_TOKEN present -> true (legacy explicit)
+ *  4) isGloballyConfigured(cfg)      -> true (global auto-on)
+ *  5) otherwise false
+ */
+export function isSessionNotificationsEnabled(input: {
+	cfg: NotificationConfig;
+	env: NodeJS.ProcessEnv;
+	sessionDisabled: boolean;
+}): boolean {
+	if (input.env.GJC_NOTIFICATIONS === "0") return false;
+	if (input.sessionDisabled) return false;
+	if (input.env.GJC_NOTIFICATIONS === "1" || input.env.GJC_NOTIFICATIONS_TOKEN) return true;
+	return isGloballyConfigured(input.cfg);
+}
+
+/** Mask a bot token for display: first 4 chars + "…" + "(len N)"; "(unset)" when undefined/empty. Never reveal full token. */
+export function maskToken(token: string | undefined): string {
+	if (!token) return "(unset)";
+	return `${token.slice(0, 4)}…(len ${token.length})`;
+}
+
+/** Stable non-reversible fingerprint of a token: sha256 hex, first 12 chars. */
+export function tokenFingerprint(token: string): string {
+	return crypto.createHash("sha256").update(token).digest("hex").slice(0, 12);
+}
+
+/** Short session tag for display, e.g. last 6 chars of sessionId. */
+export function sessionTag(sessionId: string): string {
+	return sessionId.slice(-6);
+}
+
+export interface RedactableAction {
+	id: string;
+	kind: string;
+	sessionId: string;
+	question?: string;
+	options?: string[];
+	summary?: string;
+}
+
+/**
+ * When redact is true, strip sensitive content for remote delivery:
+ *  - ask: NOT redacted. An ask is an interactive prompt the human must read and
+ *    answer on the remote surface; redacting its question/options would make it
+ *    unanswerable, defeating remote answering. Asks are returned unchanged.
+ *  - idle: summary removed, (no question/options).
+ * When redact is false, return the action unchanged.
+ *
+ * Redaction still applies to streamed content frames (turn_stream, context_update,
+ * image_attachment) which are suppressed at their emit sites, not here.
+ */
+export function buildRedactedAction(
+	action: RedactableAction,
+	opts: { redact: boolean; sessionTag: string },
+): RedactableAction {
+	if (!opts.redact) return action;
+
+	// Asks stay fully readable/answerable even under redaction.
+	if (action.kind === "ask") return action;
+
+	const { summary: _summary, question: _question, ...base } = action;
+	return base;
+}