@geminixiang/mama 0.2.0-beta.1 → 0.2.0-beta.11

package/dist/main.js

@@ -1,29 +1,25 @@
 #!/usr/bin/env node
 import "./instrument.js";
 import { join, resolve } from "path";
+import { mkdirSync, statSync, writeFileSync } from "fs";
 import { homedir } from "os";
-import { mkdirSync, readFileSync, statSync } from "fs";
 import { fileURLToPath } from "url";
 import { dirname, join as pathJoin } from "path";
 import { DiscordBot } from "./adapters/discord/index.js";
 import { TelegramBot } from "./adapters/telegram/index.js";
 import { SlackBot as SlackBotClass } from "./adapters/slack/index.js";
-import { createRunner } from "./agent.js";
-import { createManagedSessionFile, createManagedSessionFileAtPath, getChannelSessionDir, getThreadSessionFile, } from "./session-store.js";
 import { downloadChannel } from "./download.js";
 import { createEventsWatcher } from "./events.js";
 import * as log from "./log.js";
-import { FileUserBindingStore } from "./bindings.js";
-import { startLinkServer } from "./link-server.js";
-import { parseLoginCommand } from "./login.js";
-import { InMemoryLinkTokenStore } from "./link-token.js";
+import { startLinkServer } from "./login/portal.js";
+import { InMemoryLinkTokenStore } from "./login/session.js";
+import { InMemorySessionViewTokenStore } from "./session-view/store.js";
 import { DockerContainerManager } from "./provisioner.js";
+import { createGlobalSettingsFile, loadAgentConfig, MissingGlobalSettingsError } from "./config.js";
+import { ensureDirExists, isRecord, readJsonFileIfExists } from "./file-guards.js";
 import { SandboxError, parseSandboxArg, validateSandbox } from "./sandbox.js";
-import { formatNothingRunning, formatStopping } from "./ui-copy.js";
 import { FileVaultManager } from "./vault.js";
-import { ensureSettingsFile } from "./config.js";
-import { createManagedVaultEntry, ensureSandboxVaultEntry, resolveActorVaultKey, } from "./vault-routing.js";
-import { addLifecycleBreadcrumb, applyRunScope } from "./sentry.js";
+import { createSessionRuntime } from "./runtime/index.js";
 import { ChannelStore } from "./store.js";
 import * as Sentry from "@sentry/node";
 // ============================================================================
@@ -38,31 +34,20 @@ function getVersion() {
         pathJoin(process.cwd(), "package.json"),
     ];
     for (const pkgPath of possiblePaths) {
-        try {
-            const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
-            if (pkg.version)
-                return pkg.version;
-        }
-        catch {
-            // Continue to next path
-        }
+        const pkg = readJsonFileIfExists(pkgPath, (value) => isRecord(value), () => "Ignoring package.json while resolving version");
+        if (typeof pkg?.version === "string" && pkg.version)
+            return pkg.version;
     }
     return "unknown";
 }
-const MOM_SLACK_APP_TOKEN = process.env.MOM_SLACK_APP_TOKEN;
-const MOM_SLACK_BOT_TOKEN = process.env.MOM_SLACK_BOT_TOKEN;
-const MOM_TELEGRAM_BOT_TOKEN = process.env.MOM_TELEGRAM_BOT_TOKEN;
-const MOM_DISCORD_BOT_TOKEN = process.env.MOM_DISCORD_BOT_TOKEN;
-/** Base URL of the web login portal, e.g. https://platform.trygemini.xyz */
-const MOM_LINK_URL = process.env.MOM_LINK_URL;
-/**
- * Port for the link callback HTTP server.
- * Defaults to 8181 when MOM_LINK_URL is set (behind a reverse proxy).
- * If neither is set, the server is not started.
- */
-const MOM_LINK_PORT = process.env.MOM_LINK_PORT
-    ? parseInt(process.env.MOM_LINK_PORT, 10)
-    : MOM_LINK_URL
+const MAMA_SLACK_APP_TOKEN = process.env.MAMA_SLACK_APP_TOKEN;
+const MAMA_SLACK_BOT_TOKEN = process.env.MAMA_SLACK_BOT_TOKEN;
+const MAMA_TELEGRAM_BOT_TOKEN = process.env.MAMA_TELEGRAM_BOT_TOKEN;
+const MAMA_DISCORD_BOT_TOKEN = process.env.MAMA_DISCORD_BOT_TOKEN;
+const MAMA_LINK_URL = process.env.MAMA_LINK_URL;
+const MAMA_LINK_PORT = process.env.MAMA_LINK_PORT
+    ? parseInt(process.env.MAMA_LINK_PORT, 10)
+    : MAMA_LINK_URL
         ? 8181
         : undefined;
 function parseArgs() {
@@ -71,12 +56,16 @@ function parseArgs() {
     let workingDir;
     let stateDirArg;
     let downloadChannelId;
+    let showOnboard = false;
     let showVersion = false;
     for (let i = 0; i < args.length; i++) {
         const arg = args[i];
         if (arg === "--version" || arg === "-v" || arg === "-V") {
             showVersion = true;
         }
+        else if (arg === "--onboard") {
+            showOnboard = true;
+        }
         else if (arg.startsWith("--sandbox=")) {
             sandbox = parseSandboxArg(arg.slice("--sandbox=".length));
         }
@@ -104,16 +93,11 @@ function parseArgs() {
         stateDir: stateDirArg ? resolve(stateDirArg) : undefined,
         sandbox,
         downloadChannel: downloadChannelId,
+        showOnboard,
         showVersion,
     };
 }
 const WORLD_WRITABLE_MODE = 0o002;
-/**
- * Create stateDir if missing and refuse to use it if another local user could
- * tamper with its contents. stateDir holds vaults, bindings, and settings —
- * a world-writable or foreign-owned directory there would let a local attacker
- * swap in credentials or change routing.
- */
 function ensureSecureStateDir(path) {
     let stat;
     try {
@@ -152,7 +136,21 @@ function handleStartupError(error) {
         }
         process.exit(1);
     }
-    throw error;
+    if (error instanceof MissingGlobalSettingsError) {
+        console.error(`Missing global settings: ${error.settingsPath}`);
+        console.error("");
+        console.error("Run onboarding to create it:");
+        console.error(`  mama --onboard --state-dir ${stateDir}`);
+        console.error("");
+        console.error("Then review the generated settings.json and start mama again.");
+        process.exit(1);
+    }
+    if (error instanceof Error) {
+        console.error(`Error: ${error.message}`);
+        process.exit(1);
+    }
+    console.error(String(error));
+    process.exit(1);
 }
 let parsedArgs;
 try {
@@ -166,47 +164,51 @@ if (parsedArgs.showVersion) {
     console.log(getVersion());
     process.exit(0);
 }
+// Handle --onboard mode
+if (parsedArgs.showOnboard) {
+    const stateDir = parsedArgs.stateDir ?? join(homedir(), ".mama");
+    process.env.MAMA_STATE_DIR = stateDir;
+    ensureSecureStateDir(stateDir);
+    try {
+        const settingsPath = createGlobalSettingsFile(stateDir);
+        console.log(`Created global settings at ${settingsPath}`);
+        console.log("Review the file, then start mama with your working directory.");
+        process.exit(0);
+    }
+    catch (err) {
+        console.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+}
 // Handle --download mode (Slack only)
 if (parsedArgs.downloadChannel) {
-    if (!MOM_SLACK_BOT_TOKEN) {
-        console.error("Missing env: MOM_SLACK_BOT_TOKEN");
+    if (!MAMA_SLACK_BOT_TOKEN) {
+        console.error("Missing env: MAMA_SLACK_BOT_TOKEN");
         process.exit(1);
     }
-    await downloadChannel(parsedArgs.downloadChannel, MOM_SLACK_BOT_TOKEN);
+    await downloadChannel(parsedArgs.downloadChannel, MAMA_SLACK_BOT_TOKEN);
     process.exit(0);
 }
 // Normal bot mode - require working dir
 if (!parsedArgs.workingDir) {
-    console.error("Usage: mama [--sandbox=host|container:<name>|image:<image>|firecracker:<vm-id>:<host-path>] [--state-dir=<path>] <working-directory>");
+    console.error("Usage: mama [--state-dir=<dir>] [--sandbox=host|container:<name>|image:<image>|firecracker:<vm-id>:<host-path>|cloudflare:<sandbox-id>] <working-directory>");
+    console.error("       mama --onboard [--state-dir=<dir>]");
     console.error("       mama --download <channel-id>");
     process.exit(1);
 }
 const { workingDir, sandbox } = { workingDir: parsedArgs.workingDir, sandbox: parsedArgs.sandbox };
-// stateDir holds operator-managed files (vaults, settings, bindings).
-// Defaults to ~/.mama to keep secrets outside the project workspace mounted into sandboxes.
 const stateDir = parsedArgs.stateDir ?? join(homedir(), ".mama");
-ensureSecureStateDir(stateDir);
-// Share stateDir with instrument.ts (for Sentry config loading)
 process.env.MAMA_STATE_DIR = stateDir;
-// Ensure settings.json exists; create a template if first run.
-const { created: settingsCreated, config: agentSettings } = ensureSettingsFile(stateDir);
-if (settingsCreated) {
-    console.log(`Created default settings: ${join(stateDir, "settings.json")}`);
-    console.log("Review and update provider/model before starting.");
-}
-if (!agentSettings.provider || !agentSettings.model) {
-    console.error(`Error: 'provider' and 'model' must be set in ${join(stateDir, "settings.json")}`);
-    process.exit(1);
-}
+ensureSecureStateDir(stateDir);
 // Validate platform tokens
-const hasSlack = !!(MOM_SLACK_APP_TOKEN && MOM_SLACK_BOT_TOKEN);
-const hasTelegram = !!MOM_TELEGRAM_BOT_TOKEN;
-const hasDiscord = !!MOM_DISCORD_BOT_TOKEN;
+const hasSlack = !!(MAMA_SLACK_APP_TOKEN && MAMA_SLACK_BOT_TOKEN);
+const hasTelegram = !!MAMA_TELEGRAM_BOT_TOKEN;
+const hasDiscord = !!MAMA_DISCORD_BOT_TOKEN;
 if (!hasSlack && !hasTelegram && !hasDiscord) {
     console.error("No platform tokens found. Set one of:\n" +
-        "  Slack:    MOM_SLACK_APP_TOKEN + MOM_SLACK_BOT_TOKEN\n" +
-        "  Telegram: MOM_TELEGRAM_BOT_TOKEN\n" +
-        "  Discord:  MOM_DISCORD_BOT_TOKEN");
+        "  Slack:    MAMA_SLACK_APP_TOKEN + MAMA_SLACK_BOT_TOKEN\n" +
+        "  Telegram: MAMA_TELEGRAM_BOT_TOKEN\n" +
+        "  Discord:  MAMA_DISCORD_BOT_TOKEN");
     process.exit(1);
 }
 try {
@@ -218,297 +220,69 @@ catch (error) {
 const vaultManager = new FileVaultManager(stateDir);
 if (vaultManager.isEnabled()) {
     console.log(sandbox.type === "container"
-        ? "  Vault system enabled. Shared container vault active."
-        : "  Vault system enabled. Per-user credential routing active.");
-}
-const bindingStore = new FileUserBindingStore(stateDir);
-if (bindingStore.isEnabled()) {
-    console.log(sandbox.type === "container"
-        ? "  Binding store enabled. Shared container mode ignores per-user vault bindings."
-        : "  Binding store enabled. Platform user → vault routing active.");
-}
-const provisioner = sandbox.type === "image" ? new DockerContainerManager(sandbox.image, workingDir) : undefined;
-const linkTokenStore = new InMemoryLinkTokenStore();
-// Purge expired link tokens every 5 minutes
-setInterval(() => linkTokenStore.purge(), 5 * 60 * 1000).unref();
-const conversationStates = new Map();
-/** Track in-flight runs for graceful shutdown */
-const inFlightRuns = new Set();
-/** Flag to stop accepting new events during shutdown */
-let isShuttingDown = false;
-/** Maximum number of cached sessions */
-const MAX_SESSIONS = 500;
-/** Idle timeout before a non-running session can be evicted (10 minutes) */
-const IDLE_TIMEOUT_MS = 600000;
-if (provisioner) {
-    await provisioner.reconcile();
-    await provisioner.stopIdle(IDLE_TIMEOUT_MS);
-}
-// Stop idle containers every hour (same cadence as session eviction)
-if (provisioner) {
-    setInterval(() => provisioner.stopIdle(IDLE_TIMEOUT_MS), IDLE_TIMEOUT_MS).unref();
+        ? "  Vault system enabled. Container vault active."
+        : sandbox.type === "image" || sandbox.type === "firecracker" || sandbox.type === "cloudflare"
+            ? "  Vault system enabled. Conversation-scoped credential routing active."
+            : "  Vault system enabled. Host mode will not inject vault env.");
 }
-function normalizeLoginBaseUrl() {
-    if (MOM_LINK_URL) {
-        return MOM_LINK_URL.replace(/\/+$/, "");
-    }
-    if (MOM_LINK_PORT) {
-        return `http://localhost:${MOM_LINK_PORT}`;
+const startupConfig = (() => {
+    try {
+        return loadAgentConfig();
     }
-    return undefined;
-}
-function ensureLoginVault(platform, platformUserId) {
-    const vaultId = resolveActorVaultKey(sandbox, vaultManager, bindingStore, platform, platformUserId);
-    ensureSandboxVaultEntry(sandbox, vaultManager, platform, platformUserId, vaultId);
-    if (sandbox.type !== "image" && sandbox.type !== "container") {
-        vaultManager.addEntry(vaultId, createManagedVaultEntry(platform, platformUserId, vaultId, false));
+    catch (error) {
+        handleStartupError(error);
     }
-    return vaultId;
-}
-async function getState(conversationId, sessionKey) {
-    const key = sessionKey ?? conversationId;
-    let state = conversationStates.get(key);
-    if (!state) {
-        const conversationDir = join(workingDir, conversationId);
-        state = {
-            running: false,
-            runner: await createRunner(sandbox, key, conversationId, conversationDir, workingDir, vaultManager, bindingStore, provisioner, stateDir),
-            stopRequested: false,
-            lastAccessedAt: Date.now(),
-        };
-        conversationStates.set(key, state);
+})();
+const sandboxLimits = startupConfig.sandboxCpus || startupConfig.sandboxMemory
+    ? { cpus: startupConfig.sandboxCpus, memory: startupConfig.sandboxMemory }
+    : undefined;
+const sandboxBoostLimits = startupConfig.sandboxBoostCpus || startupConfig.sandboxBoostMemory
+    ? { cpus: startupConfig.sandboxBoostCpus, memory: startupConfig.sandboxBoostMemory }
+    : undefined;
+const provisioner = sandbox.type === "image"
+    ? new DockerContainerManager(sandbox.image, {
+        limits: sandboxLimits,
+        boostLimits: sandboxBoostLimits,
+    })
+    : undefined;
+if (sandbox.type === "image") {
+    ensureDirExists(join(workingDir, "skills"));
+    ensureDirExists(join(workingDir, "events"));
+    try {
+        writeFileSync(join(workingDir, "MEMORY.md"), "", { flag: "wx" });
     }
-    else {
-        state.lastAccessedAt = Date.now();
+    catch (err) {
+        if (err.code !== "EEXIST")
+            throw err;
     }
-    return state;
 }
-/**
- * Evict idle sessions from conversationStates to bound memory usage.
- * Called after each handleEvent completes.
- */
-function evictIdleSessions() {
-    const now = Date.now();
-    for (const [key, state] of conversationStates) {
-        if (!state.running && now - state.lastAccessedAt > IDLE_TIMEOUT_MS) {
-            conversationStates.delete(key);
-        }
-    }
-    if (conversationStates.size > MAX_SESSIONS) {
-        const idleSessions = [];
-        for (const [key, state] of conversationStates) {
-            if (!state.running) {
-                idleSessions.push({ key, lastAccessedAt: state.lastAccessedAt });
-            }
-        }
-        idleSessions.sort((a, b) => a.lastAccessedAt - b.lastAccessedAt);
-        const toEvict = conversationStates.size - MAX_SESSIONS;
-        for (let i = 0; i < toEvict && i < idleSessions.length; i++) {
-            conversationStates.delete(idleSessions[i].key);
-        }
-    }
+const linkTokenStore = new InMemoryLinkTokenStore();
+const sessionViewTokenStore = new InMemorySessionViewTokenStore();
+setInterval(() => linkTokenStore.purge(), 5 * 60 * 1000).unref();
+setInterval(() => sessionViewTokenStore.purge(), 5 * 60 * 1000).unref();
+function portalBaseUrl() {
+    if (MAMA_LINK_URL)
+        return MAMA_LINK_URL.replace(/\/+$/, "");
+    if (MAMA_LINK_PORT)
+        return `http://localhost:${MAMA_LINK_PORT}`;
+    return undefined;
 }
-// ============================================================================
-// Handler
-// ============================================================================
-const handler = {
-    isRunning(sessionKey) {
-        const state = conversationStates.get(sessionKey);
-        return !!state?.running;
-    },
-    getRunningSessions() {
-        const sessions = [];
-        for (const [sessionKey, state] of conversationStates) {
-            if (state.running && state.startedAt) {
-                // Get current step from runner
-                const currentStep = state.runner.getCurrentStep();
-                sessions.push({
-                    sessionKey,
-                    startedAt: state.startedAt,
-                    lastActivityAt: state.lastActivityAt,
-                    currentTool: currentStep?.label || currentStep?.toolName,
-                });
-            }
-        }
-        return sessions;
-    },
-    async handleStop(sessionKey, conversationId, bot) {
-        const state = conversationStates.get(sessionKey);
-        if (state?.running) {
-            state.stopRequested = true;
-            state.runner.abort();
-            const ts = await bot.postMessage(conversationId, formatStopping(bot));
-            state.stopMessageTs = ts;
-        }
-        else {
-            await bot.postMessage(conversationId, formatNothingRunning(bot));
-        }
-    },
-    forceStop(sessionKey) {
-        const state = conversationStates.get(sessionKey);
-        if (state?.running) {
-            log.logInfo(`[Force Stop] Force stopping session: ${sessionKey}`);
-            state.stopRequested = true;
-            state.runner.abort();
-            state.running = false;
-        }
-    },
-    async handleNew(sessionKey, conversationId, bot) {
-        const state = conversationStates.get(sessionKey);
-        if (state?.running) {
-            state.stopRequested = true;
-            state.runner.abort();
-        }
-        // Channel sessions rotate via current pointer. Thread sessions reset in place.
-        const conversationDir = join(workingDir, conversationId);
-        if (sessionKey.includes(":")) {
-            createManagedSessionFileAtPath(getThreadSessionFile(conversationDir, sessionKey), conversationDir);
-        }
-        else {
-            createManagedSessionFile(getChannelSessionDir(conversationDir), conversationDir);
-        }
-        // Remove from in-memory cache
-        conversationStates.delete(sessionKey);
-        log.logInfo(`[${conversationId}] Session reset: ${sessionKey}`);
-        await bot.postMessage(conversationId, "Conversation reset. Send a new message to start fresh.");
-    },
-    async handleLogin(platform, platformUserId, conversationId, bot, commandText, isPrivateConversation) {
-        const parsed = parseLoginCommand(commandText);
-        if (!parsed) {
-            return;
-        }
-        if (!isPrivateConversation) {
-            await bot.postMessage(conversationId, "为了保护你的凭证，`/login` 只能在与机器人的私聊中使用。请先私信机器人，再重新执行 `/login`。");
-            return;
-        }
-        const baseUrl = normalizeLoginBaseUrl();
-        if (!baseUrl) {
-            await bot.postMessage(conversationId, "Login is not configured. Set `MOM_LINK_URL` or `MOM_LINK_PORT` on the server.");
-            return;
-        }
-        let vaultId;
-        try {
-            vaultId = ensureLoginVault(platform, platformUserId);
-        }
-        catch (error) {
-            log.logWarning(`[${conversationId}] Failed to prepare login vault for ${platform}/${platformUserId}`, error instanceof Error ? error.message : String(error));
-            await bot.postMessage(conversationId, "Login setup failed on the server. 请稍后重试，或联系管理员检查 vault 存储权限。");
-            return;
-        }
-        const loginLabel = "credential";
-        const vaultLabel = sandbox.type === "container" ? "the shared container vault" : "your vault";
-        await bot.postMessage(conversationId, `Open this link to store ${loginLabel} in ${vaultLabel} ` +
-            `(expires in 15 minutes):\n${baseUrl}/link?token=${linkTokenStore.create(platform, platformUserId, conversationId, vaultId, "").token}`);
-    },
-    async handleEvent(event, bot, adapters, _isEvent) {
-        // Don't accept new events during shutdown
-        if (isShuttingDown) {
-            log.logInfo(`[${event.conversationId}] Rejected event during shutdown: ${event.text.substring(0, 50)}`);
-            return;
-        }
-        const sessionKey = event.sessionKey ?? `${event.conversationId}:${event.thread_ts ?? event.ts}`;
-        const state = await getState(event.conversationId, sessionKey);
-        // Start run
-        state.running = true;
-        state.stopRequested = false;
-        state.startedAt = Date.now();
-        state.lastActivityAt = Date.now();
-        log.logInfo(`[${event.conversationId}] Starting run: ${event.text.substring(0, 50)}`);
-        // Wrap in-flight run tracking
-        Sentry.metrics.count("agent.run.started", 1, {
-            attributes: { channel: event.conversationId },
-        });
-        Sentry.metrics.gauge("agent.sessions.active", inFlightRuns.size + 1);
-        const runPromise = Sentry.startSpan({
-            name: "agent.run",
-            op: "agent",
-            attributes: { channelId: event.conversationId, sessionKey },
-        }, async () => {
-            return Sentry.withScope(async (scope) => {
-                const { message, responseCtx, platform } = adapters;
-                applyRunScope(scope, {
-                    conversationId: event.conversationId,
-                    sessionKey,
-                    messageId: message.id,
-                    platform: platform.name,
-                    userId: message.userId,
-                    userName: message.userName,
-                    threadTs: message.threadTs,
-                    isEvent: _isEvent,
-                });
-                addLifecycleBreadcrumb("agent.run.started", {
-                    channel_id: event.conversationId,
-                    platform: platform.name,
-                    has_attachments: (message.attachments?.length ?? 0) > 0,
-                });
-                try {
-                    await responseCtx.setTyping(true);
-                    await responseCtx.setWorking(true);
-                    const result = await state.runner.run(message, responseCtx, platform);
-                    await responseCtx.setWorking(false);
-                    const durationMs = Date.now() - state.startedAt;
-                    Sentry.metrics.distribution("agent.run.duration", durationMs, {
-                        unit: "millisecond",
-                        attributes: {
-                            channel: event.conversationId,
-                            platform: platform.name,
-                            stop_reason: result.stopReason,
-                        },
-                    });
-                    Sentry.metrics.count("agent.run.completed", 1, {
-                        attributes: {
-                            channel: event.conversationId,
-                            platform: platform.name,
-                            stop_reason: result.stopReason,
-                        },
-                    });
-                    addLifecycleBreadcrumb("agent.run.completed", {
-                        channel_id: event.conversationId,
-                        platform: platform.name,
-                        stop_reason: result.stopReason,
-                        duration_ms: durationMs,
-                    });
-                    if (result.stopReason === "aborted" && state.stopRequested) {
-                        if (state.stopMessageTs) {
-                            await bot.updateMessage(event.conversationId, state.stopMessageTs, "_Stopped_");
-                            state.stopMessageTs = undefined;
-                        }
-                        else {
-                            await bot.postMessage(event.conversationId, "_Stopped_");
-                        }
-                    }
-                }
-                catch (err) {
-                    scope.setContext("agent_run_error", {
-                        conversationId: event.conversationId,
-                        sessionKey,
-                        platform: adapters.platform.name,
-                        messageId: adapters.message.id,
-                        threadTs: adapters.message.threadTs,
-                    });
-                    Sentry.captureException(err);
-                    Sentry.metrics.count("agent.run.errors", 1, {
-                        attributes: { channel: event.conversationId, platform: adapters.platform.name },
-                    });
-                    log.logWarning(`[${event.conversationId}] Run error`, err instanceof Error ? err.message : String(err));
-                }
-                finally {
-                    state.running = false;
-                    state.lastAccessedAt = Date.now();
-                    Sentry.metrics.gauge("agent.sessions.active", inFlightRuns.size - 1);
-                    evictIdleSessions();
-                }
-            });
-        });
-        inFlightRuns.add(runPromise);
-        try {
-            await runPromise;
-        }
-        finally {
-            inFlightRuns.delete(runPromise);
-        }
-    },
-};
+/** Idle timeout for managed image containers (10 minutes) */
+const IMAGE_IDLE_TIMEOUT_MS = 10 * 60 * 1000;
+if (provisioner) {
+    await provisioner.reconcile();
+    await provisioner.stopIdle(IMAGE_IDLE_TIMEOUT_MS);
+    setInterval(() => provisioner.stopIdle(IMAGE_IDLE_TIMEOUT_MS), IMAGE_IDLE_TIMEOUT_MS).unref();
+}
+const handler = createSessionRuntime({
+    workingDir,
+    sandbox,
+    vaultManager,
+    provisioner,
+    linkTokenStore,
+    sessionViewTokenStore,
+    portalBaseUrl: portalBaseUrl(),
+});
 // ============================================================================
 // Start
 // ============================================================================
@@ -518,24 +292,23 @@ const sandboxDesc = sandbox.type === "host"
         ? `container:${sandbox.container}`
         : sandbox.type === "image"
             ? `image:${sandbox.image}`
-            : `firecracker:${sandbox.vmId}`;
+            : sandbox.type === "firecracker"
+                ? `firecracker:${sandbox.vmId}`
+                : `cloudflare:${sandbox.sandboxId}`;
 log.logStartup(workingDir, sandboxDesc);
-// Start link callback server if port is configured
-if (MOM_LINK_PORT) {
-    startLinkServer(MOM_LINK_PORT, linkTokenStore, vaultManager, async (platform, conversationId, msg) => {
-        const bot = botsByPlatform[platform];
-        if (bot)
-            await bot.postMessage(conversationId, msg);
-    });
-}
 // Create platform bots
 const bots = [];
 const botsByPlatform = {};
 if (hasSlack) {
-    const sharedStore = new ChannelStore({ workingDir, botToken: MOM_SLACK_BOT_TOKEN });
+    const slackBotToken = MAMA_SLACK_BOT_TOKEN;
+    const slackAppToken = MAMA_SLACK_APP_TOKEN;
+    if (!slackBotToken || !slackAppToken) {
+        throw new Error("Slack startup requires both MAMA_SLACK_APP_TOKEN and MAMA_SLACK_BOT_TOKEN");
+    }
+    const sharedStore = new ChannelStore({ workingDir, botToken: slackBotToken });
     const slackBot = new SlackBotClass(handler, {
-        appToken: MOM_SLACK_APP_TOKEN,
-        botToken: MOM_SLACK_BOT_TOKEN,
+        appToken: slackAppToken,
+        botToken: slackBotToken,
         workingDir,
         store: sharedStore,
     });
@@ -544,8 +317,12 @@ if (hasSlack) {
     log.logInfo("Platform: Slack");
 }
 if (hasTelegram) {
+    const telegramToken = MAMA_TELEGRAM_BOT_TOKEN;
+    if (!telegramToken) {
+        throw new Error("Telegram startup requires MAMA_TELEGRAM_BOT_TOKEN");
+    }
     const telegramBot = new TelegramBot(handler, {
-        token: MOM_TELEGRAM_BOT_TOKEN,
+        token: telegramToken,
         workingDir,
     });
     bots.push(telegramBot);
@@ -553,14 +330,25 @@ if (hasTelegram) {
     log.logInfo("Platform: Telegram");
 }
 if (hasDiscord) {
+    const discordToken = MAMA_DISCORD_BOT_TOKEN;
+    if (!discordToken) {
+        throw new Error("Discord startup requires MAMA_DISCORD_BOT_TOKEN");
+    }
     const discordBot = new DiscordBot(handler, {
-        token: MOM_DISCORD_BOT_TOKEN,
+        token: discordToken,
         workingDir,
     });
     bots.push(discordBot);
     botsByPlatform.discord = discordBot;
     log.logInfo("Platform: Discord");
 }
+if (MAMA_LINK_PORT) {
+    startLinkServer(MAMA_LINK_PORT, linkTokenStore, vaultManager, async (platform, conversationId, message) => {
+        const bot = botsByPlatform[platform];
+        if (bot)
+            await bot.postMessage(conversationId, message);
+    }, sessionViewTokenStore, { handler, botsByPlatform });
+}
 // Start events watcher with explicit platform routing
 const eventsWatcher = createEventsWatcher(workingDir, botsByPlatform);
 const slackBot = botsByPlatform.slack;
@@ -570,17 +358,7 @@ if (slackBot) {
 eventsWatcher.start();
 // Handle shutdown
 async function shutdown() {
-    if (isShuttingDown)
-        return;
-    isShuttingDown = true;
-    log.logInfo("Shutting down gracefully...");
-    const timeout = Date.now() + 30000;
-    while (inFlightRuns.size > 0 && Date.now() < timeout) {
-        await new Promise((resolve) => setTimeout(resolve, 500));
-    }
-    if (inFlightRuns.size > 0) {
-        log.logWarning(`Forcing exit with ${inFlightRuns.size} runs still in progress`);
-    }
+    await handler.shutdown();
     eventsWatcher.stop();
     await Sentry.close(5000);
     process.exit(0);