@geminilight/mindos 0.6.67 → 0.6.69

package/app/app/api/acp/detect/route.ts

@@ -2,8 +2,7 @@ export const dynamic = 'force-dynamic';
 
 import { NextResponse } from 'next/server';
 import { exec } from 'child_process';
-import { getAcpAgents } from '@/lib/acp/registry';
-import { getDescriptorBinary, getDescriptorInstallCmd, resolveAgentCommand } from '@/lib/acp/agent-descriptors';
+import { getDetectableAgents, resolveAgentCommand } from '@/lib/acp/agent-descriptors';
 import { readSettings } from '@/lib/settings';
 import { handleRouteErrorSimple } from '@/lib/errors';
 
@@ -43,8 +42,6 @@ function whichBatch(binaries: string[]): Promise<Map<string, string | null>> {
   const unique = [...new Set(binaries)];
   if (unique.length === 0) return Promise.resolve(new Map());
 
-  // Build a shell snippet: for each binary, print path or empty line
-  // e.g. `which gemini 2>/dev/null || echo ""; which claude 2>/dev/null || echo ""`
   const script = unique
     .map(bin => `which ${bin} 2>/dev/null || echo ""`)
     .join('; ');
@@ -53,7 +50,6 @@ function whichBatch(binaries: string[]): Promise<Map<string, string | null>> {
     exec(script, { encoding: 'utf-8', timeout: 3000 }, (err, stdout) => {
       const map = new Map<string, string | null>();
       if (err) {
-        // On total failure, mark all as not found
         for (const bin of unique) map.set(bin, null);
         resolve(map);
         return;
@@ -77,22 +73,22 @@ export async function GET(req: Request) {
       return NextResponse.json(detectCache.data);
     }
 
-    const agents = await getAcpAgents();
+    // Pure local detection — no CDN fetch, instant response
+    const agents = getDetectableAgents();
     const settings = readSettings();
 
-    const binaryNames = agents.map((a) => getDescriptorBinary(a.id)).filter(Boolean) as string[];
+    const binaryNames = [...new Set(agents.map(a => a.binary))];
     const whichMap = await whichBatch(binaryNames);
 
     const installed: InstalledAgent[] = [];
     const notInstalled: NotInstalledAgent[] = [];
 
     for (const agent of agents) {
-      const binary = getDescriptorBinary(agent.id);
-      const binaryPath = binary ? (whichMap.get(binary) ?? null) : null;
+      const binaryPath = whichMap.get(agent.binary) ?? null;
 
       if (binaryPath) {
         const userOverride = settings.acpAgents?.[agent.id];
-        const resolved = resolveAgentCommand(agent.id, agent, userOverride);
+        const resolved = resolveAgentCommand(agent.id, undefined, userOverride);
         installed.push({
           id: agent.id,
           name: agent.name,
@@ -100,14 +96,12 @@ export async function GET(req: Request) {
           resolvedCommand: { cmd: resolved.cmd, args: resolved.args, source: resolved.source },
         });
       } else {
-        const installCmd =
-          getDescriptorInstallCmd(agent.id) ??
-          (agent.packageName ? `npm install -g ${agent.packageName}` : '');
+        const packageName = agent.installCmd?.match(/npm install -g (.+)/)?.[1];
         notInstalled.push({
           id: agent.id,
           name: agent.name,
-          installCmd,
-          packageName: agent.packageName,
+          installCmd: agent.installCmd ?? (packageName ? `npm install -g ${packageName}` : ''),
+          packageName,
         });
       }
     }

package/app/components/Breadcrumb.tsx

@@ -21,29 +21,29 @@ export default function Breadcrumb({ filePath }: { filePath: string }) {
 
   if (friendly) {
     return (
-      <nav className="flex items-center gap-0.5 text-xs text-muted-foreground flex-wrap">
+      <nav className="flex items-center gap-2 text-xs text-muted-foreground flex-wrap">
         <Link
           href="/"
-          className="p-1.5 rounded-md hover:bg-muted/50 hover:text-foreground transition-colors"
+          className="p-1.5 rounded-md hover:bg-muted/50 hover:text-foreground transition-colors shrink-0"
           title="Home"
         >
           <Home size={14} />
         </Link>
         <ChevronRight size={12} className="text-muted-foreground/50 shrink-0" />
-        <span className="flex items-center gap-1.5 px-2 py-1 text-foreground font-medium">
+        <div className="flex items-center gap-1.5 text-foreground font-medium shrink-0">
           {friendly.icon}
           <span>{friendly.getLabel(t)}</span>
-        </span>
+        </div>
       </nav>
     );
   }
 
   const parts = filePath.split('/');
   return (
-    <nav className="flex items-center gap-0.5 text-xs text-muted-foreground flex-wrap">
+    <nav className="flex items-center gap-2 text-xs text-muted-foreground flex-wrap">
       <Link
         href="/"
-        className="p-1.5 rounded-md hover:bg-muted/50 hover:text-foreground transition-colors"
+        className="p-1.5 rounded-md hover:bg-muted/50 hover:text-foreground transition-colors shrink-0"
         title="Home"
       >
         <Home size={14} />
@@ -52,19 +52,19 @@ export default function Breadcrumb({ filePath }: { filePath: string }) {
         const isLast = i === parts.length - 1;
         const href = '/view/' + parts.slice(0, i + 1).map(encodeURIComponent).join('/');
         return (
-          <span key={i} className="flex items-center gap-0.5">
+          <div key={i} className="flex items-center gap-2 min-w-0">
             <ChevronRight size={12} className="text-muted-foreground/50 shrink-0" />
             {isLast ? (
-              <span className="flex items-center gap-1.5 px-2 py-1 text-foreground font-medium">
+              <div className="flex items-center gap-1.5 text-foreground font-medium shrink-0">
                 <FileTypeIcon name={part} />
                 <span suppressHydrationWarning>{part}</span>
-              </span>
+              </div>
             ) : (
-              <Link href={href} className="px-2 py-1 rounded-md hover:bg-muted/50 hover:text-foreground transition-colors truncate max-w-[200px]" title={part}>
+              <Link href={href} className="px-2 py-1 rounded-md hover:bg-muted/50 hover:text-foreground transition-colors truncate text-muted-foreground hover:text-foreground" title={part}>
                 <span suppressHydrationWarning>{part}</span>
               </Link>
             )}
-          </span>
+          </div>
         );
       })}
     </nav>

package/app/components/panels/AgentsPanel.tsx

@@ -1,7 +1,7 @@
 'use client';
 
 import { useState } from 'react';
-import { usePathname, useSearchParams } from 'next/navigation';
+import { useRouter, usePathname, useSearchParams } from 'next/navigation';
 import { Globe, Loader2, RefreshCw, Settings } from 'lucide-react';
 import { useMcpData } from '@/lib/stores/mcp-store';
 import { useA2aRegistry } from '@/hooks/useA2aRegistry';
@@ -27,6 +27,7 @@ export default function AgentsPanel({
 }: AgentsPanelProps) {
   const { t } = useLocale();
   const p = t.panels.agents;
+  const router = useRouter();
   const mcp = useMcpData();
   const pathname = usePathname();
   const searchParams = useSearchParams();
@@ -42,6 +43,10 @@ export default function AgentsPanel({
     setRefreshing(false);
   };
 
+  const handleChannelsClick = () => {
+    router.push('/agents?tab=channels');
+  };
+
   const openAdvancedConfig = () => {
     window.dispatchEvent(new CustomEvent('mindos:open-settings', { detail: { tab: 'mcp' } }));
   };
@@ -84,6 +89,8 @@ export default function AgentsPanel({
       copy={hubCopy}
       connectedCount={connected.length}
       mcpEnabled={mcp.status?.connectionMode?.mcp ?? false}
+      channelsActive={isChannelsTab}
+      onChannelsClick={handleChannelsClick}
     />
   );
 

package/app/lib/acp/agent-descriptors.ts

@@ -50,45 +50,45 @@ export interface ResolvedAgentCommand {
   enabled: boolean;
 }
 
+/* ── Aliases ───────────────────────────────────────────────────────────── */
+
+/**
+ * Maps alternative agent IDs to their canonical ID in AGENT_DESCRIPTORS.
+ * This eliminates full duplicate entries while maintaining backward compatibility.
+ */
+export const AGENT_ALIASES: Record<string, string> = {
+  'gemini-cli':  'gemini',
+  'claude-code': 'claude',
+  'claude-acp':  'claude',
+  'codebuddy':   'codebuddy-code',
+  'codex':       'codex-acp',
+  'pi-acp':      'pi',
+};
+
+/** Resolve an agent ID to its canonical form (idempotent for canonical IDs). */
+export function resolveAlias(agentId: string): string {
+  return AGENT_ALIASES[agentId] ?? agentId;
+}
+
 /* ── Canonical Descriptors ─────────────────────────────────────────────── */
 
 /**
  * All known ACP agents with their detection binary, launch command, and install hint.
- * Both detection (`which binary?`) and launch (`spawn cmd args`) read from here.
+ * Only canonical entries — aliases are handled by AGENT_ALIASES above.
  */
 export const AGENT_DESCRIPTORS: Record<string, AcpAgentDescriptor> = {
-  // Gemini CLI — Google's AI coding agent
   'gemini':          { binary: 'gemini',          cmd: 'gemini',    args: ['--experimental-acp'], installCmd: 'npm install -g @google/gemini-cli',
     displayName: 'Gemini CLI',
     description: 'Google Gemini 驱动的编程智能体。支持多文件编辑、代码审查、调试和项目级重构，原生集成 Google 搜索实时查询技术文档。' },
-  'gemini-cli':      { binary: 'gemini',          cmd: 'gemini',    args: ['--experimental-acp'], installCmd: 'npm install -g @google/gemini-cli',
-    displayName: 'Gemini CLI',
-    description: 'Google Gemini 驱动的编程智能体。支持多文件编辑、代码审查、调试和项目级重构，原生集成 Google 搜索实时查询技术文档。' },
-  // Claude Code — Anthropic's AI coding agent
   'claude':          { binary: 'claude',          cmd: 'npx',       args: ['--yes', '@agentclientprotocol/claude-agent-acp'], installCmd: 'npm install -g @anthropic-ai/claude-code',
     displayName: 'Claude Code',
     description: 'Anthropic Claude 驱动的编程智能体。擅长复杂推理、长上下文理解和安全代码生成，支持多文件编辑与 agentic 工作流。' },
-  'claude-code':     { binary: 'claude',          cmd: 'npx',       args: ['--yes', '@agentclientprotocol/claude-agent-acp'], installCmd: 'npm install -g @anthropic-ai/claude-code',
-    displayName: 'Claude Code',
-    description: 'Anthropic Claude 驱动的编程智能体。擅长复杂推理、长上下文理解和安全代码生成，支持多文件编辑与 agentic 工作流。' },
-  'claude-acp':      { binary: 'claude',          cmd: 'npx',       args: ['--yes', '@agentclientprotocol/claude-agent-acp'], installCmd: 'npm install -g @anthropic-ai/claude-code',
-    displayName: 'Claude Code',
-    description: 'Anthropic Claude 驱动的编程智能体。擅长复杂推理、长上下文理解和安全代码生成，支持多文件编辑与 agentic 工作流。' },
-  // CodeBuddy Code — Tencent Cloud's AI coding agent
   'codebuddy-code':  { binary: 'codebuddy',       cmd: 'codebuddy', args: ['--acp'], installCmd: 'npm install -g @tencent-ai/codebuddy-code',
     displayName: 'CodeBuddy Code',
     description: '腾讯云智能编程助手。基于混元大模型，支持代码补全、生成、审查和多文件重构，深度理解中文语境，适配国内开发生态。' },
-  'codebuddy':       { binary: 'codebuddy',       cmd: 'codebuddy', args: ['--acp'], installCmd: 'npm install -g @tencent-ai/codebuddy-code',
-    displayName: 'CodeBuddy Code',
-    description: '腾讯云智能编程助手。基于混元大模型，支持代码补全、生成、审查和多文件重构，深度理解中文语境，适配国内开发生态。' },
-  // Codex — OpenAI's coding agent
   'codex-acp':       { binary: 'codex',           cmd: 'codex',     args: [],        installCmd: 'npm install -g @openai/codex',
     displayName: 'Codex',
     description: 'OpenAI Codex 编程智能体。基于 GPT 系列模型，擅长代码生成、自动化任务和多语言编程支持。' },
-  'codex':           { binary: 'codex',           cmd: 'codex',     args: [],        installCmd: 'npm install -g @openai/codex',
-    displayName: 'Codex',
-    description: 'OpenAI Codex 编程智能体。基于 GPT 系列模型，擅长代码生成、自动化任务和多语言编程支持。' },
-  // Cursor — AI-first code editor agent
   'cursor':          { binary: 'cursor',          cmd: 'cursor',    args: [],
     displayName: 'Cursor',
     description: 'Cursor AI 编程智能体。AI-first 代码编辑器的 CLI 模式，支持上下文感知的代码编辑、Tab 补全和多文件协同修改。' },
@@ -113,9 +113,6 @@ export const AGENT_DESCRIPTORS: Record<string, AcpAgentDescriptor> = {
   'pi':              { binary: 'pi',              cmd: 'pi',        args: [],
     displayName: 'Pi Agent',
     description: 'Pi Agent 编程智能体。轻量级终端编程助手。' },
-  'pi-acp':          { binary: 'pi',              cmd: 'pi',        args: [],
-    displayName: 'Pi Agent',
-    description: 'Pi Agent 编程智能体。轻量级终端编程助手。' },
   'auggie':          { binary: 'auggie',          cmd: 'auggie',    args: [],
     displayName: 'Auggie',
     description: 'Augment Code 编程智能体。支持代码理解、生成和全仓库上下文感知。' },
@@ -147,7 +144,7 @@ export function resolveAgentCommand(
   registryEntry?: AcpRegistryEntry,
   userOverride?: AcpAgentOverride,
 ): ResolvedAgentCommand {
-  const descriptor = AGENT_DESCRIPTORS[agentId];
+  const descriptor = AGENT_DESCRIPTORS[resolveAlias(agentId)];
   const enabled = userOverride?.enabled !== false;
 
   // Layer 1: User override
@@ -220,22 +217,47 @@ function registryToCommand(entry: AcpRegistryEntry): { cmd: string; args: string
 
 /** Get the binary name for detection (used by detect endpoint). */
 export function getDescriptorBinary(agentId: string): string | undefined {
-  return AGENT_DESCRIPTORS[agentId]?.binary;
+  return AGENT_DESCRIPTORS[resolveAlias(agentId)]?.binary;
 }
 
 /** Get the install command for UI display. */
 export function getDescriptorInstallCmd(agentId: string): string | undefined {
-  return AGENT_DESCRIPTORS[agentId]?.installCmd;
+  return AGENT_DESCRIPTORS[resolveAlias(agentId)]?.installCmd;
 }
 
 /** Get curated display name (overrides registry name if available). */
 export function getDescriptorDisplayName(agentId: string): string | undefined {
-  return AGENT_DESCRIPTORS[agentId]?.displayName;
+  return AGENT_DESCRIPTORS[resolveAlias(agentId)]?.displayName;
 }
 
 /** Get curated description (overrides registry description if available). */
 export function getDescriptorDescription(agentId: string): string | undefined {
-  return AGENT_DESCRIPTORS[agentId]?.description;
+  return AGENT_DESCRIPTORS[resolveAlias(agentId)]?.description;
+}
+
+/* ── Detection ─────────────────────────────────────────────────────────── */
+
+/** Agent info needed for local binary detection (no CDN dependency). */
+export interface DetectableAgent {
+  id: string;
+  name: string;
+  binary: string;
+  installCmd?: string;
+  description?: string;
+}
+
+/**
+ * Return the canonical list of agents for local detection.
+ * Pure local data — no CDN fetch, no async, no network dependency.
+ */
+export function getDetectableAgents(): DetectableAgent[] {
+  return Object.entries(AGENT_DESCRIPTORS).map(([id, desc]) => ({
+    id,
+    name: desc.displayName ?? id,
+    binary: desc.binary,
+    installCmd: desc.installCmd,
+    description: desc.description,
+  }));
 }
 
 /** Parse and validate acpAgents config from raw settings JSON. */

package/app/lib/acp/index.ts

@@ -3,6 +3,7 @@ export { spawnAcpAgent, sendMessage, sendAndWait, onMessage, onNotification, onR
 export { createSession, createSessionFromEntry, loadSession, listSessions, prompt, promptStream, cancelPrompt, setMode, setConfigOption, closeSession, getSession, getActiveSessions, closeAllSessions } from './session';
 export { bridgeA2aToAcp, bridgeAcpResponseToA2a, bridgeAcpUpdatesToA2a } from './bridge';
 export { acpTools } from './acp-tools';
+export { AGENT_DESCRIPTORS, AGENT_ALIASES, resolveAlias, getDetectableAgents } from './agent-descriptors';
 export { ACP_ERRORS } from './types';
 export type {
   AcpAgentCapabilities,
@@ -38,3 +39,4 @@ export type {
   AcpTransportType,
 } from './types';
 export type { AcpProcess, AcpIncomingRequest, AcpNotification } from './subprocess';
+export type { AcpAgentDescriptor, AcpAgentOverride, ResolvedAgentCommand, DetectableAgent } from './agent-descriptors';

package/app/lib/acp/registry.ts

@@ -10,57 +10,31 @@
  */
 
 import type { AcpRegistry, AcpRegistryEntry } from './types';
-import { AGENT_DESCRIPTORS, getDescriptorDisplayName, getDescriptorDescription } from './agent-descriptors';
+import { AGENT_DESCRIPTORS, getDescriptorDisplayName, getDescriptorDescription, resolveAlias } from './agent-descriptors';
 
 /* ── Constants ─────────────────────────────────────────────────────────── */
 
 const REGISTRY_URL = 'https://cdn.agentclientprotocol.com/registry/v1/latest/registry.json';
-const CACHE_TTL_MS = 60 * 60 * 1000; // 1 hour
+const CACHE_TTL_MS = 7 * 24 * 60 * 60 * 1000; // 7 days — registry updates very rarely
 const FETCH_TIMEOUT_MS = 10_000;
 
 /* ── Built-in Registry (from AGENT_DESCRIPTORS) ────────────────────────── */
 
 /**
  * Generate a baseline registry from the local AGENT_DESCRIPTORS.
- * This ensures agents like Gemini CLI, CodeBuddy, Claude etc. are always
- * detectable even when CDN is unreachable.
- *
- * We deduplicate by binary name — e.g. 'gemini' and 'gemini-cli' both map
- * to binary 'gemini', so we only keep the canonical entry (shorter ID or
- * the one matching the CDN convention).
+ * AGENT_DESCRIPTORS contains only canonical entries (aliases are in AGENT_ALIASES),
+ * so no deduplication is needed.
  */
 function buildBuiltinRegistry(): AcpRegistryEntry[] {
-  // Preferred IDs per binary — matches what CDN uses
-  const CANONICAL_IDS: Record<string, string> = {
-    'gemini': 'gemini',
-    'claude': 'claude-acp',
-    'codebuddy': 'codebuddy-code',
-    'codex': 'codex-acp',
-    'pi': 'pi-acp',
-  };
-
-  const seen = new Set<string>();
-  const entries: AcpRegistryEntry[] = [];
-
-  for (const [id, desc] of Object.entries(AGENT_DESCRIPTORS)) {
-    // Skip alias entries — only keep the canonical ID for each binary
-    const canonical = CANONICAL_IDS[desc.binary];
-    if (canonical && canonical !== id) continue;
-    if (seen.has(desc.binary)) continue;
-    seen.add(desc.binary);
-
-    entries.push({
-      id,
-      name: desc.displayName ?? id,
-      description: desc.description ?? '',
-      transport: desc.cmd === 'npx' ? 'npx' : 'stdio',
-      command: desc.cmd,
-      args: desc.args,
-      packageName: desc.installCmd?.match(/npm install -g (.+)/)?.[1],
-    });
-  }
-
-  return entries;
+  return Object.entries(AGENT_DESCRIPTORS).map(([id, desc]) => ({
+    id,
+    name: desc.displayName ?? id,
+    description: desc.description ?? '',
+    transport: (desc.cmd === 'npx' ? 'npx' : 'stdio') as AcpRegistryEntry['transport'],
+    command: desc.cmd,
+    args: desc.args,
+    packageName: desc.installCmd?.match(/npm install -g (.+)/)?.[1],
+  }));
 }
 
 let builtinAgents: AcpRegistryEntry[] | null = null;
@@ -78,7 +52,7 @@ let cachedRegistry: AcpRegistry | null = null;
 
 /**
  * Fetch the ACP registry from the CDN and merge with built-in entries.
- * Caches for 1 hour. Falls back to built-in registry if CDN is unreachable.
+ * Caches for 7 days. Falls back to built-in registry if CDN is unreachable.
  */
 export async function fetchAcpRegistry(): Promise<AcpRegistry> {
   // Return cached if still valid
@@ -119,15 +93,36 @@ export async function fetchAcpRegistry(): Promise<AcpRegistry> {
   }
 }
 
-/** Merge built-in and CDN registries. CDN entries win on conflict; built-in fills gaps. */
+/**
+ * Merge built-in and CDN registries.
+ * - Same ID: keep built-in core fields, supplement with CDN metadata (tags, homepage, version)
+ * - CDN alias of built-in entry: skip (avoids duplicate agents in UI)
+ * - New CDN-only entry: add as-is
+ */
 function mergeRegistries(builtin: AcpRegistryEntry[], cdn: AcpRegistryEntry[]): AcpRegistryEntry[] {
   const byId = new Map<string, AcpRegistryEntry>();
 
-  // Start with built-in
   for (const entry of builtin) byId.set(entry.id, entry);
 
-  // CDN overwrites / adds
-  for (const entry of cdn) byId.set(entry.id, entry);
+  for (const cdnEntry of cdn) {
+    const existing = byId.get(cdnEntry.id);
+    const canonicalId = resolveAlias(cdnEntry.id);
+    const canonicalExisting = canonicalId !== cdnEntry.id ? byId.get(canonicalId) : undefined;
+
+    if (existing) {
+      // Same ID in both — keep built-in core, supplement with CDN metadata
+      byId.set(cdnEntry.id, {
+        ...existing,
+        tags: cdnEntry.tags ?? existing.tags,
+        homepage: cdnEntry.homepage ?? existing.homepage,
+        version: cdnEntry.version ?? existing.version,
+      });
+    } else if (canonicalExisting) {
+      // CDN entry is an alias of a built-in entry — skip to avoid duplicates
+    } else {
+      byId.set(cdnEntry.id, cdnEntry);
+    }
+  }
 
   return Array.from(byId.values());
 }
@@ -146,11 +141,12 @@ export async function getAcpAgents(): Promise<AcpRegistryEntry[]> {
 }
 
 /**
- * Find a specific ACP agent by ID.
+ * Find a specific ACP agent by ID (supports alias resolution).
  */
 export async function findAcpAgent(id: string): Promise<AcpRegistryEntry | null> {
   const agents = await getAcpAgents();
-  return agents.find(a => a.id === id) ?? null;
+  const canonical = resolveAlias(id);
+  return agents.find(a => a.id === id || a.id === canonical) ?? null;
 }
 
 /**

package/app/lib/acp/session.ts

@@ -36,6 +36,9 @@ const sessions = new Map<string, AcpSession>();
 const sessionProcesses = new Map<string, AcpProcess>();
 const autoApprovalCleanups = new Map<string, () => void>();
 
+const MAX_SESSIONS_PER_AGENT = 3;
+const MAX_TOTAL_SESSIONS = 10;
+
 /* ── Public API — Session Lifecycle ───────────────────────────────────── */
 
 /**
@@ -61,11 +64,12 @@ export async function createSessionFromEntry(
   entry: AcpRegistryEntry,
   options?: { env?: Record<string, string>; cwd?: string },
 ): Promise<AcpSession> {
+  checkSessionLimits(entry.id);
+
   const proc = spawnAcpAgent(entry, options);
 
-  // Install auto-approval BEFORE initialize so any early permission requests
-  // from the agent don't cause a hang waiting for TTY input.
-  const unsubApproval = installAutoApproval(proc);
+  const sessionCwd = options?.cwd ?? process.cwd();
+  const unsubApproval = installAutoApproval(proc, { cwd: sessionCwd });
 
   let agentCapabilities: AcpAgentCapabilities | undefined;
   let authMethods: AcpAuthMethod[] | undefined;
@@ -122,7 +126,7 @@ export async function createSessionFromEntry(
 
   try {
     const newResponse = await sendAndWait(proc, 'session/new', {
-      cwd: options?.cwd ?? process.cwd(),
+      cwd: sessionCwd,
       mcpServers: [],
     }, 15_000);
 
@@ -188,7 +192,8 @@ export async function loadSession(
   }
 
   const proc = spawnAcpAgent(entry, options);
-  const unsubApproval = installAutoApproval(proc);
+  const loadCwd = options?.cwd ?? process.cwd();
+  const unsubApproval = installAutoApproval(proc, { cwd: loadCwd });
 
   let agentCapabilities: AcpAgentCapabilities | undefined;
 
@@ -233,7 +238,7 @@ export async function loadSession(
   try {
     const loadResponse = await sendAndWait(proc, 'session/load', {
       sessionId: existingSessionId,
-      cwd: options?.cwd ?? process.cwd(),
+      cwd: loadCwd,
       mcpServers: [],
     }, 15_000);
 
@@ -399,6 +404,8 @@ export async function promptStream(
   updateSessionState(session, 'active');
   const wireSessionId = session.agentSessionId ?? sessionId;
 
+  const PROMPT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
+
   return new Promise((resolve, reject) => {
     let aggregatedText = '';
     let stopReason: AcpStopReason = 'end_turn';
@@ -412,6 +419,14 @@ export async function promptStream(
       fn();
     };
 
+    // ── 0. Timeout guard ──
+    const timeoutTimer = setTimeout(() => {
+      settle(() => {
+        updateSessionState(session, 'error');
+        reject(new Error(`Prompt timed out after ${PROMPT_TIMEOUT_MS / 1000}s — no response from agent`));
+      });
+    }, PROMPT_TIMEOUT_MS);
+
     // ── 1. Notifications: primary streaming channel ──
     const unsubNotify = onNotification(proc, (notif) => {
       if (settled) return;
@@ -502,6 +517,7 @@ export async function promptStream(
     proc.proc.once('exit', onExit);
 
     const cleanup = () => {
+      clearTimeout(timeoutTimer);
       unsubNotify();
       unsubMsg();
       proc.proc.removeListener('exit', onExit);
@@ -630,9 +646,10 @@ export function getSession(sessionId: string): AcpSession | undefined {
 }
 
 /**
- * Get all active sessions.
+ * Get all active sessions. Also reaps stale sessions.
  */
 export function getActiveSessions(): AcpSession[] {
+  reapStaleSessions();
   return [...sessions.values()];
 }
 
@@ -887,6 +904,18 @@ function parseNotificationToUpdate(
   return base;
 }
 
+/* ── Internal — Session limits ─────────────────────────────────────────── */
+
+function checkSessionLimits(agentId: string): void {
+  if (sessions.size >= MAX_TOTAL_SESSIONS) {
+    throw new Error(`Maximum concurrent sessions (${MAX_TOTAL_SESSIONS}) reached. Close existing sessions first.`);
+  }
+  const agentCount = [...sessions.values()].filter(s => s.agentId === agentId).length;
+  if (agentCount >= MAX_SESSIONS_PER_AGENT) {
+    throw new Error(`Maximum concurrent sessions for agent "${agentId}" (${MAX_SESSIONS_PER_AGENT}) reached.`);
+  }
+}
+
 /* ── Internal — Session reaping ───────────────────────────────────────── */
 
 const STALE_SESSION_MS = 30 * 60 * 1000; // 30 minutes

package/app/lib/acp/subprocess.ts

@@ -4,6 +4,8 @@
  */
 
 import { spawn, type ChildProcess } from 'child_process';
+import path from 'path';
+import os from 'os';
 import type {
   AcpJsonRpcRequest,
   AcpJsonRpcResponse,
@@ -362,7 +364,12 @@ export function sendResponse(
  * Without approval, the agent hangs waiting for TTY input that never comes.
  * Returns an unsubscribe function.
  */
-export function installAutoApproval(acpProc: AcpProcess): () => void {
+export function installAutoApproval(
+  acpProc: AcpProcess,
+  options?: { cwd?: string },
+): () => void {
+  const cwd = options?.cwd;
+
   return onRequest(acpProc, (req) => {
     const method = req.method;
     const params = (req.params ?? {}) as Record<string, unknown>;
@@ -375,6 +382,10 @@ export function installAutoApproval(acpProc: AcpProcess): () => void {
           sendResponse(acpProc, req.id, { error: { code: -32602, message: 'path is required' } });
           return;
         }
+        if (isSensitivePath(filePath)) {
+          sendResponse(acpProc, req.id, { error: { code: -32001, message: `Access denied: ${filePath} is a sensitive file` } });
+          return;
+        }
         try {
           const fs = require('fs');
           const line = typeof params.line === 'number' ? params.line : undefined;
@@ -401,9 +412,12 @@ export function installAutoApproval(acpProc: AcpProcess): () => void {
           sendResponse(acpProc, req.id, { error: { code: -32602, message: 'path is required' } });
           return;
         }
+        if (cwd && !isWithinAllowedWritePaths(filePath, cwd)) {
+          sendResponse(acpProc, req.id, { error: { code: -32001, message: `Write denied: ${filePath} is outside the working directory` } });
+          return;
+        }
         try {
           const fs = require('fs');
-          const path = require('path');
           const dir = path.dirname(filePath);
           if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
           fs.writeFileSync(filePath, content, 'utf-8');
@@ -545,6 +559,30 @@ export function installAutoApproval(acpProc: AcpProcess): () => void {
   });
 }
 
+/* ── Path safety ───────────────────────────────────────────────────────── */
+
+const SENSITIVE_PATH_PATTERNS = [
+  /[/\\]\.ssh[/\\](id_|config$|authorized_keys|known_hosts)/i,
+  /[/\\]\.env(\.[^/\\]*)?$/i,
+  /[/\\]credentials\.json$/i,
+  /[/\\]\.aws[/\\]credentials$/i,
+  /[/\\]\.gnupg[/\\]/i,
+];
+
+function isSensitivePath(filePath: string): boolean {
+  const normalized = path.resolve(filePath);
+  return SENSITIVE_PATH_PATTERNS.some(p => p.test(normalized));
+}
+
+function isWithinAllowedWritePaths(filePath: string, cwd: string): boolean {
+  const normalized = path.resolve(filePath);
+  const allowedRoots = [cwd, os.tmpdir()];
+  return allowedRoots.some(root => {
+    const normalizedRoot = path.resolve(root);
+    return normalized === normalizedRoot || normalized.startsWith(normalizedRoot + path.sep);
+  });
+}
+
 /* ── Terminal management (per ACP process) ─────────────────────────────── */
 
 interface TerminalEntry {