@getpaseo/server 0.1.92 → 0.1.94

package/dist/server/server/agent/agent-manager.d.ts

@@ -65,9 +65,13 @@ export interface AgentManagerOptions {
     idFactory?: () => string;
     registry?: AgentStorage;
     onAgentAttention?: AgentAttentionCallback;
+    onWorkspaceStateMayHaveChanged?: (params: {
+        cwd: string;
+    }) => void;
     durableTimelineStore?: AgentTimelineStore;
     terminalManager?: TerminalManager | null;
     mcpBaseUrl?: string;
+    mcpAuthToken?: string;
     appendSystemPrompt?: string;
     agentStreamCoalesceWindowMs?: number;
     rescueTimeouts?: AgentManagerRescueTimeouts;
@@ -179,9 +183,11 @@ export declare class AgentManager {
     private readonly backgroundTasks;
     private readonly agentStreamCoalescer;
     private mcpBaseUrl;
+    private readonly mcpAuthToken;
     private appendSystemPrompt;
     private onAgentAttention?;
     private onAgentArchived?;
+    private onWorkspaceStateMayHaveChanged?;
     private logger;
     private readonly rescueTimeouts;
     constructor(options: AgentManagerOptions);
@@ -194,6 +200,13 @@ export declare class AgentManager {
     setAgentAttentionCallback(callback: AgentAttentionCallback): void;
     setAgentArchivedCallback(callback: AgentArchivedCallback): void;
     setMcpBaseUrl(url: string | null): void;
+    /**
+     * Capability token the daemon's own MCP clients must present to the Agent MCP
+     * endpoint when a daemon password is configured. Read by the per-client
+     * session to authenticate its own MCP connection. Stays in the daemon — never
+     * sent to remote clients.
+     */
+    getMcpAuthToken(): string | null;
     setAppendSystemPrompt(prompt: string | null | undefined): void;
     getMetricsSnapshot(): AgentMetricsSnapshot;
     private touchUpdatedAt;
@@ -355,4 +368,5 @@ export declare class AgentManager {
     private requireAgent;
     private requireSessionAgent;
 }
+export declare function commandMayHaveChangedExternalState(command: string): boolean;
 //# sourceMappingURL=agent-manager.d.ts.map

package/dist/server/server/agent/agent-manager.js

@@ -177,7 +177,9 @@ export class AgentManager {
         this.registry = options?.registry;
         this.durableTimelineStore = options?.durableTimelineStore;
         this.onAgentAttention = options?.onAgentAttention;
+        this.onWorkspaceStateMayHaveChanged = options?.onWorkspaceStateMayHaveChanged;
         this.mcpBaseUrl = options?.mcpBaseUrl ?? null;
+        this.mcpAuthToken = options?.mcpAuthToken ?? null;
         this.appendSystemPrompt = options.appendSystemPrompt ?? "";
         this.logger = options.logger.child({ module: "agent", component: "agent-manager" });
         this.rescueTimeouts = {
@@ -224,6 +226,15 @@ export class AgentManager {
     setMcpBaseUrl(url) {
         this.mcpBaseUrl = url;
     }
+    /**
+     * Capability token the daemon's own MCP clients must present to the Agent MCP
+     * endpoint when a daemon password is configured. Read by the per-client
+     * session to authenticate its own MCP connection. Stays in the daemon — never
+     * sent to remote clients.
+     */
+    getMcpAuthToken() {
+        return this.mcpAuthToken;
+    }
     setAppendSystemPrompt(prompt) {
         this.appendSystemPrompt = prompt ?? "";
     }
@@ -2277,6 +2288,15 @@ export class AgentManager {
             epoch: this.timelineStore.getEpoch(agentId),
             timestamp: row.timestamp,
         });
+        if (item.type === "tool_call" &&
+            item.status === "completed" &&
+            item.detail?.type === "shell" &&
+            commandMayHaveChangedExternalState(item.detail.command)) {
+            const agent = this.agents.get(agentId);
+            if (agent) {
+                this.onWorkspaceStateMayHaveChanged?.({ cwd: agent.cwd });
+            }
+        }
         return event;
     }
     async appendSystemErrorTimelineMessage(agent, provider, message, options) {
@@ -2536,6 +2556,7 @@ export class AgentManager {
             config: storedConfig,
             agentId,
             mcpBaseUrl: this.mcpBaseUrl,
+            mcpAuthToken: this.mcpAuthToken,
         }));
         return { storedConfig, launchConfig };
     }
@@ -2626,4 +2647,19 @@ export class AgentManager {
         return agent;
     }
 }
+export function commandMayHaveChangedExternalState(command) {
+    const normalized = command.toLowerCase();
+    // Commands that operate on remote state and do NOT trigger local file
+    // watchers. Local git mutations (commit, checkout, merge, rebase, reset,
+    // pull) are already caught by watchers on .git/HEAD and refs/heads/.
+    return (
+    // GitHub PR operations (merge, close, create, edit, comment, review)
+    /\bgh\s+pr\s+(merge|close|create|edit|comment|review)\b/.test(normalized) ||
+        // Pushes to remote — local refs unchanged, but remote state (PR checks,
+        // mergeable status) may shift immediately after.
+        /\bgit\s+push\b/.test(normalized) ||
+        // Fetches update refs/remotes/ which our watchers do not watch, so
+        // ahead/behind counts can drift stale until the next refresh.
+        /\bgit\s+fetch\b/.test(normalized));
+}
 //# sourceMappingURL=agent-manager.js.map

package/dist/server/server/agent/agent-sdk-types.d.ts

@@ -133,6 +133,7 @@ export interface AgentFeatureSelect {
 }
 export type AgentFeature = AgentFeatureToggle | AgentFeatureSelect;
 export interface AgentCapabilityFlags {
+    [capability: string]: boolean | undefined;
     supportsStreaming: boolean;
     supportsSessionPersistence: boolean;
     supportsSessionListing?: boolean;

package/dist/server/server/agent/providers/claude/agent.d.ts

@@ -3,6 +3,7 @@ import type { Logger } from "pino";
 import { type ClaudeQueryFactory } from "./query.js";
 import { type AgentCapabilityFlags, type AgentClient, type AgentCreateSessionOptions, type AgentFeature, type AgentLaunchContext, type AgentMetadata, type AgentModelDefinition, type AgentPersistenceHandle, type AgentSession, type AgentSessionConfig, type AgentTimelineItem, type ImportableProviderSession, type ImportProviderSessionContext, type ImportProviderSessionInput, type ListImportableSessionsOptions, type ListModelsOptions, type McpServerConfig } from "../../agent-sdk-types.js";
 import { type ProviderRuntimeSettings } from "../../provider-launch-config.js";
+export declare function normalizeClaudeAskUserQuestionRequestInput(toolName: string, input: AgentMetadata): AgentMetadata;
 export declare function normalizeClaudeAskUserQuestionUpdatedInput(updatedInput: AgentMetadata | undefined, fallbackInput: AgentMetadata | undefined): AgentMetadata;
 interface EventIdentifiers {
     taskId: string | null;

package/dist/server/server/agent/providers/claude/agent.js

@@ -31,6 +31,42 @@ const CLAUDE_SETTING_SOURCES = [
 function readNonEmptyString(value) {
     return typeof value === "string" && value.trim().length > 0 ? value : null;
 }
+export function normalizeClaudeAskUserQuestionRequestInput(toolName, input) {
+    if (toolName !== "AskUserQuestion" || !Array.isArray(input.questions)) {
+        return input;
+    }
+    // Claude Code's AskUserQuestion schema says "Other" is host-provided, not a
+    // model-supplied option. Paseo's shared question UI uses allowOther for that
+    // freeform answer path.
+    return {
+        ...input,
+        questions: input.questions.map((item) => {
+            if (!isMetadata(item)) {
+                return item;
+            }
+            return {
+                ...item,
+                allowOther: true,
+            };
+        }),
+    };
+}
+function stripClaudeAskUserQuestionUiMetadata(input) {
+    if (!Array.isArray(input.questions)) {
+        return input;
+    }
+    return {
+        ...input,
+        questions: input.questions.map((item) => {
+            if (!isMetadata(item) || !("allowOther" in item)) {
+                return item;
+            }
+            const itemForClaude = { ...item };
+            delete itemForClaude.allowOther;
+            return itemForClaude;
+        }),
+    };
+}
 export function normalizeClaudeAskUserQuestionUpdatedInput(updatedInput, fallbackInput) {
     const fallback = isMetadata(fallbackInput) ? fallbackInput : {};
     const base = isMetadata(updatedInput) ? updatedInput : {};
@@ -38,7 +74,7 @@ export function normalizeClaudeAskUserQuestionUpdatedInput(updatedInput, fallbac
     // AskUserQuestion tool expects answer keys to match the full question text. Merge
     // the original request payload back in so provider callbacks that only return
     // `{ answers }` still satisfy Claude's full tool input schema.
-    const merged = { ...fallback, ...base };
+    const merged = stripClaudeAskUserQuestionUiMetadata({ ...fallback, ...base });
     const questions = (Array.isArray(base.questions) ? base.questions : null) ??
         (Array.isArray(fallback.questions) ? fallback.questions : null);
     const answers = isMetadata(base.answers) ? base.answers : null;
@@ -131,10 +167,28 @@ const REWIND_COMMAND = {
     description: "Rewind tracked files to a previous user message",
     argumentHint: "[user_message_uuid]",
 };
+const CLAUDE_ROOT_ONLY_COMMANDS = new Set([
+    "clear",
+    "compact",
+    "context",
+    "debug",
+    "extra-usage",
+    "heapdump",
+    "init",
+    "loop",
+    "schedule",
+    "usage",
+]);
 const INTERRUPT_TOOL_USE_PLACEHOLDER = "[Request interrupted by user for tool use]";
 const INTERRUPT_PLACEHOLDER_PATTERN = /^\[Request interrupted by user(?:[^\]]*)\]$/;
 const NO_RESPONSE_REQUESTED_PLACEHOLDER = "No response requested.";
 const UUID_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-8][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+function classifyClaudeSlashCommand(commandName) {
+    // Claude exposes commands and skills as one flat SDK list, without structured source
+    // metadata. Keep obvious root-only/session controls out of inline autocomplete and
+    // treat the rest as skills; the worst failure mode is an inert inline suggestion.
+    return CLAUDE_ROOT_ONLY_COMMANDS.has(commandName) ? "command" : "skill";
+}
 function resolvePathEnvKey() {
     if (process.env["Path"] !== undefined)
         return "Path";
@@ -1204,6 +1258,7 @@ class ClaudeAgentSession {
         this.handlePermissionRequest = async (toolName, input, options) => {
             const requestId = `permission-${randomUUID()}`;
             const kind = resolvePermissionKind(toolName, input);
+            const requestInput = normalizeClaudeAskUserQuestionRequestInput(toolName, input);
             const metadata = {};
             if (options.toolUseID) {
                 metadata.toolUseId = options.toolUseID;
@@ -1224,7 +1279,7 @@ class ClaudeAgentSession {
                 provider: "claude",
                 name: toolName,
                 kind,
-                input,
+                input: requestInput,
                 detail: toolDetail,
                 suggestions: options.suggestions?.map((suggestion) => ({
                     ...suggestion,
@@ -1665,7 +1720,7 @@ class ClaudeAgentSession {
                     name: cmd.name,
                     description: cmd.description,
                     argumentHint: cmd.argumentHint,
-                    kind: "command",
+                    kind: classifyClaudeSlashCommand(cmd.name),
                 });
             }
         }

package/dist/server/server/agent/providers/claude/models.js

@@ -15,6 +15,13 @@ const CLAUDE_OPUS_EXTENDED_THINKING_OPTIONS = [
     { id: "max", label: "Max" },
 ];
 const CLAUDE_MODELS = [
+    {
+        provider: "claude",
+        id: "claude-fable-5",
+        label: "Fable 5",
+        description: "Fable 5 · Most powerful model",
+        thinkingOptions: [...CLAUDE_OPUS_EXTENDED_THINKING_OPTIONS],
+    },
     {
         provider: "claude",
         id: "claude-opus-4-8[1m]",
@@ -170,6 +177,14 @@ export function normalizeClaudeRuntimeModelId(value) {
     if (CLAUDE_MODELS.some((model) => model.id === trimmed)) {
         return trimmed;
     }
+    // Fable uses a single-segment version (claude-fable-5), not the {major}-{minor}
+    // scheme of opus/sonnet/haiku, so match it separately. This maps dated runtime
+    // strings (e.g. claude-fable-5-20260301) back to the catalog ID. No [1m] variant:
+    // Fable 5 is natively 1M, so there is no 200K-default model to opt into 1M.
+    const fableMatch = trimmed.match(/(?:claude-)?fable[-_ ]+(\d+)/i);
+    if (fableMatch) {
+        return `claude-fable-${fableMatch[1]}`;
+    }
     // Match: claude-{family}-{major}-{minor}[1m]? possibly followed by a date suffix
     const runtimeMatch = trimmed.match(/(?:claude-)?(opus|sonnet|haiku)[-_ ]+(\d+)[-.](\d+)(\[1m\])?/i);
     if (!runtimeMatch) {

package/dist/server/server/agent/providers/claude/task-notification-tool-call.d.ts

@@ -10,15 +10,15 @@ declare const TaskNotificationEnvelopeSchema: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
     status: string | null;
     messageId: string | null;
-    taskId: string | null;
     summary: string | null;
+    taskId: string | null;
     outputFile: string | null;
     rawText: string | null;
 }, {
     status: string | null;
     messageId: string | null;
-    taskId: string | null;
     summary: string | null;
+    taskId: string | null;
     outputFile: string | null;
     rawText: string | null;
 }>;

package/dist/server/server/agent/providers/mock-load-test-agent.js

@@ -64,8 +64,54 @@ const MODELS = [
 function shouldEmitPlanApprovalPrompt(prompt) {
     return /emit\s+(?:a\s+)?synthetic\s+plan\s+approval/i.test(promptToText(prompt));
 }
-function shouldEmitQuestionPrompt(prompt) {
-    return /emit\s+(?:a\s+)?synthetic\s+questions?/i.test(promptToText(prompt));
+function parseMockQuestionPrompt(prompt) {
+    const text = promptToText(prompt);
+    if (!/emit\s+(?:a\s+)?synthetic\s+questions?/i.test(text)) {
+        return null;
+    }
+    if (/free[-\s]?write|freeform|text[-\s]?only/i.test(text)) {
+        return {
+            questions: [
+                {
+                    question: "What is the GitHub private repo URL to push to?",
+                    header: "repoUrl",
+                    options: [],
+                    multiSelect: false,
+                    placeholder: "git@github.com:user/repo.git",
+                },
+                {
+                    question: "What should the first commit message be?",
+                    header: "commitMessage",
+                    options: [],
+                    multiSelect: false,
+                    placeholder: "Initial commit",
+                },
+            ],
+        };
+    }
+    return {
+        questions: [
+            {
+                question: "Which surface should this apply to?",
+                header: "surface",
+                options: [{ label: "App" }, { label: "Desktop" }],
+                multiSelect: false,
+            },
+            {
+                question: "Which rollout should we use?",
+                header: "rollout",
+                options: [{ label: "Immediately" }, { label: "Behind feature flag" }],
+                multiSelect: false,
+            },
+            {
+                question: "What success criteria should we use?",
+                header: "success",
+                options: [],
+                multiSelect: false,
+                placeholder: "Describe success...",
+            },
+        ],
+    };
 }
 function resolveModelProfile(modelId) {
     const model = MODELS.find((entry) => entry.id === modelId) ?? MODELS[0];
@@ -399,11 +445,12 @@ export class MockLoadTestAgentSession {
         }, 0);
         const largePayload = parseLargeAgentStreamPayloadPrompt(prompt);
         const stress = parseAgentStreamStressPrompt(prompt);
+        const questionPrompt = parseMockQuestionPrompt(prompt);
         if (shouldEmitPlanApprovalPrompt(prompt)) {
             this.schedulePlanApprovalTurn(turn);
         }
-        else if (shouldEmitQuestionPrompt(prompt)) {
-            this.scheduleQuestionPromptTurn(turn);
+        else if (questionPrompt) {
+            this.scheduleQuestionPromptTurn(turn, questionPrompt);
         }
         else if (largePayload) {
             this.scheduleLargePayloadTurn(turn, largePayload);
@@ -547,9 +594,9 @@ export class MockLoadTestAgentSession {
         }, 0);
         turn.timer.unref?.();
     }
-    scheduleQuestionPromptTurn(turn) {
+    scheduleQuestionPromptTurn(turn, questionPrompt) {
         turn.timer = setTimeout(() => {
-            this.emitQuestionPromptTurn(turn);
+            this.emitQuestionPromptTurn(turn, questionPrompt);
         }, 0);
         turn.timer.unref?.();
     }
@@ -601,7 +648,7 @@ export class MockLoadTestAgentSession {
             turnId: turn.turnId,
         });
     }
-    emitQuestionPromptTurn(turn) {
+    emitQuestionPromptTurn(turn, questionPrompt) {
         if (this.activeTurn !== turn) {
             return;
         }
@@ -618,27 +665,7 @@ export class MockLoadTestAgentSession {
             kind: "question",
             title: "Questions",
             input: {
-                questions: [
-                    {
-                        question: "Which surface should this apply to?",
-                        header: "surface",
-                        options: [{ label: "App" }, { label: "Desktop" }],
-                        multiSelect: false,
-                    },
-                    {
-                        question: "Which rollout should we use?",
-                        header: "rollout",
-                        options: [{ label: "Immediately" }, { label: "Behind feature flag" }],
-                        multiSelect: false,
-                    },
-                    {
-                        question: "What success criteria should we use?",
-                        header: "success",
-                        options: [],
-                        multiSelect: false,
-                        placeholder: "Describe success...",
-                    },
-                ],
+                questions: questionPrompt.questions,
             },
             metadata: {
                 source: "mock_questions",

package/dist/server/server/agent/providers/pi/agent.js

@@ -12,7 +12,7 @@ import { buildBinaryDiagnosticRows, formatDiagnosticStatus, formatProviderDiagno
 import { getUserMessageText, streamPiHistory, } from "./history-mapper.js";
 import { PiCliRuntime } from "./cli-runtime.js";
 import { revertPiConversation } from "./rewind.js";
-import { listPiImportableSessions } from "./session-descriptor.js";
+import { listPiImportableSessions, readPiImportSessionConfig } from "./session-descriptor.js";
 import { mapToolDetail, parseToolArgs, parseToolResult, resolveToolCallName, } from "./tool-call-mapper.js";
 const PI_PROVIDER = "pi";
 const DEFAULT_PI_THINKING_LEVEL = "medium";
@@ -1557,11 +1557,13 @@ export class PiRpcAgentClient {
         });
     }
     async importSession(input, context) {
+        const importConfig = await readPiImportSessionConfig(input.providerHandleId);
         return importSessionFromPersistence({
             provider: PI_PROVIDER,
             request: input,
             context,
             resumeSession: this.resumeSession.bind(this),
+            config: importConfig,
         });
     }
     async isAvailable() {

package/dist/server/server/agent/providers/pi/session-descriptor.d.ts

@@ -6,6 +6,11 @@ interface PiSessionDescriptorOptions extends ListImportableSessionsOptions {
     env?: NodeJS.ProcessEnv;
     homeDir?: string;
 }
+export interface PiImportSessionConfig {
+    model?: string;
+    thinkingOptionId?: string;
+}
 export declare function listPiImportableSessions(options?: PiSessionDescriptorOptions): Promise<ImportableProviderSession[]>;
+export declare function readPiImportSessionConfig(filePath: string): Promise<PiImportSessionConfig>;
 export {};
 //# sourceMappingURL=session-descriptor.d.ts.map

package/dist/server/server/agent/providers/pi/session-descriptor.js

@@ -26,6 +26,12 @@ export async function listPiImportableSessions(options = {}) {
         .sort((left, right) => right.lastActivityAt.getTime() - left.lastActivityAt.getTime())
         .slice(0, limit);
 }
+export async function readPiImportSessionConfig(filePath) {
+    const descriptor = await readPiSessionDescriptor(filePath);
+    if (!descriptor)
+        return {};
+    return toPiImportSessionConfig(descriptor);
+}
 async function resolvePiSessionsDir(options) {
     const env = options.env ?? process.env;
     const homeDir = options.homeDir ?? homedir();
@@ -103,6 +109,19 @@ async function walkJsonlFiles(root) {
     return files.flat();
 }
 async function readPiImportableSession(filePath) {
+    const descriptor = await readPiSessionDescriptor(filePath);
+    if (!descriptor)
+        return null;
+    return {
+        providerHandleId: filePath,
+        cwd: descriptor.cwd,
+        title: descriptor.title,
+        firstPromptPreview: normalizePromptPreview(descriptor.firstUserMessage),
+        lastPromptPreview: normalizePromptPreview(descriptor.lastUserMessage ?? descriptor.firstUserMessage),
+        lastActivityAt: descriptor.lastActivityAt,
+    };
+}
+async function readPiSessionDescriptor(filePath) {
     const firstLine = await readFirstLine(filePath);
     if (!firstLine)
         return null;
@@ -113,14 +132,23 @@ async function readPiImportableSession(filePath) {
     const tailInfo = parseSessionTail(tail);
     const headInfo = await scanSessionHead(filePath);
     const title = tailInfo.title ?? headInfo.title ?? headInfo.firstUserMessage;
+    const model = tailInfo.model ?? headInfo.model;
+    const thinkingOptionId = tailInfo.thinkingOptionId ?? headInfo.thinkingOptionId;
     const lastActivityAt = tailInfo.lastActivityAt ?? (await readFileMtime(filePath)) ?? header.createdAt ?? new Date(0);
     return {
-        providerHandleId: filePath,
         cwd: header.cwd,
         title,
-        firstPromptPreview: normalizePromptPreview(headInfo.firstUserMessage),
-        lastPromptPreview: normalizePromptPreview(tailInfo.lastUserMessage ?? headInfo.firstUserMessage),
+        firstUserMessage: headInfo.firstUserMessage,
+        lastUserMessage: tailInfo.lastUserMessage,
         lastActivityAt,
+        model,
+        thinkingOptionId,
+    };
+}
+function toPiImportSessionConfig(descriptor) {
+    return {
+        ...(descriptor.model ? { model: descriptor.model } : {}),
+        ...(descriptor.thinkingOptionId ? { thinkingOptionId: descriptor.thinkingOptionId } : {}),
     };
 }
 async function readFirstLine(filePath) {
@@ -179,6 +207,8 @@ function parseSessionTail(tail) {
     let lastActivityAt = null;
     let fallbackTimestamp = null;
     let lastUserMessage = null;
+    let model = null;
+    let thinkingOptionId = null;
     for (let index = lines.length - 1; index >= 0; index -= 1) {
         const entry = parseJsonRecord(lines[index].trim());
         if (!entry)
@@ -186,24 +216,32 @@ function parseSessionTail(tail) {
         if (!title && entry.type === "session_info") {
             title = readNonEmptyString(entry.name);
         }
+        if (!model) {
+            model = extractModel(entry);
+        }
+        if (!thinkingOptionId) {
+            thinkingOptionId = extractThinkingOptionId(entry);
+        }
         const entryTimestamp = parseDate(entry.timestamp);
         if (!fallbackTimestamp && entryTimestamp) {
             fallbackTimestamp = entryTimestamp;
         }
-        if (entry.type !== "message") {
+        if (entry.type !== "message")
             continue;
-        }
         if (!lastActivityAt && entryTimestamp) {
             lastActivityAt = entryTimestamp;
         }
         if (!lastUserMessage && isRecord(entry.message) && entry.message.role === "user") {
             lastUserMessage = extractMessageText(entry.message.content);
         }
-        if (title && lastActivityAt && lastUserMessage) {
-            break;
-        }
     }
-    return { title, lastActivityAt: lastActivityAt ?? fallbackTimestamp, lastUserMessage };
+    return {
+        title,
+        lastActivityAt: lastActivityAt ?? fallbackTimestamp,
+        lastUserMessage,
+        model,
+        thinkingOptionId,
+    };
 }
 async function scanSessionHead(filePath) {
     let content;
@@ -211,10 +249,12 @@ async function scanSessionHead(filePath) {
         content = await readFile(filePath, "utf8");
     }
     catch {
-        return { title: null, firstUserMessage: null };
+        return { title: null, firstUserMessage: null, model: null, thinkingOptionId: null };
     }
     let title = null;
     let firstUserMessage = null;
+    let model = null;
+    let thinkingOptionId = null;
     let lineCount = 0;
     for (const rawLine of content.split(/\r?\n/u)) {
         lineCount += 1;
@@ -224,19 +264,41 @@ async function scanSessionHead(filePath) {
         if (entry.type === "session_info") {
             title = readNonEmptyString(entry.name) ?? title;
         }
+        model = extractModel(entry) ?? model;
+        thinkingOptionId = extractThinkingOptionId(entry) ?? thinkingOptionId;
         if (!firstUserMessage && entry.type === "message" && isRecord(entry.message)) {
             if (entry.message.role === "user") {
                 firstUserMessage = extractMessageText(entry.message.content);
             }
         }
-        if (title && firstUserMessage) {
+        if (title && firstUserMessage && model && thinkingOptionId) {
             break;
         }
         if (lineCount >= FULL_SCAN_LINE_LIMIT && firstUserMessage) {
             break;
         }
     }
-    return { title, firstUserMessage };
+    return { title, firstUserMessage, model, thinkingOptionId };
+}
+function extractModel(entry) {
+    if (entry.type === "model_change") {
+        return buildModelId(entry.provider, entry.modelId);
+    }
+    if (entry.type === "message" && isRecord(entry.message)) {
+        return buildModelId(entry.message.provider, entry.message.model);
+    }
+    return null;
+}
+function extractThinkingOptionId(entry) {
+    return entry.type === "thinking_level_change" ? readNonEmptyString(entry.thinkingLevel) : null;
+}
+function buildModelId(provider, modelId) {
+    const providerName = readNonEmptyString(provider);
+    const modelName = readNonEmptyString(modelId);
+    if (!providerName || !modelName) {
+        return null;
+    }
+    return `${providerName}/${modelName}`;
 }
 function parseJsonRecord(line) {
     if (!line)

package/dist/server/server/agent/runtime-mcp-config.d.ts

@@ -4,5 +4,11 @@ export declare function withRuntimePaseoMcpServer(params: {
     config: AgentSessionConfig;
     agentId: string;
     mcpBaseUrl: string | null;
+    /**
+     * Capability token authenticating the injected connection to the daemon's
+     * Agent MCP endpoint. The daemon password is gated off this route, so without
+     * this header the agent's MCP requests are rejected when a password is set.
+     */
+    mcpAuthToken: string | null;
 }): AgentSessionConfig;
 //# sourceMappingURL=runtime-mcp-config.d.ts.map

package/dist/server/server/agent/runtime-mcp-config.js

@@ -31,6 +31,9 @@ export function withRuntimePaseoMcpServer(params) {
             [PASEO_MCP_SERVER_NAME]: {
                 type: "http",
                 url: `${params.mcpBaseUrl}?callerAgentId=${params.agentId}`,
+                ...(params.mcpAuthToken
+                    ? { headers: { Authorization: `Bearer ${params.mcpAuthToken}` } }
+                    : {}),
             },
             ...storedConfig.mcpServers,
         },

package/dist/server/server/auth.d.ts

@@ -21,5 +21,18 @@ export declare function extractWsBearerProtocol(value: string | undefined): stri
 export declare function extractWsBearerToken(protocol: string | null): string | null;
 export declare function createRequireBearerMiddleware(auth: DaemonAuthConfig | undefined, onReject?: (context: BearerAuthRejectContext) => void): RequestHandler;
 export declare function shouldBypassBearerAuth(method: string, path: string): boolean;
+/**
+ * Authorizes a request to the Agent MCP endpoint (/mcp/agents), which is exempt
+ * from the global daemon-password middleware. Accepts either the per-daemon-run
+ * capability token the daemon injects into its own agents' configs and MCP
+ * client, or a valid daemon-password bearer (so existing password-authenticated
+ * callers keep working). When no daemon password is configured the endpoint is
+ * open, matching the global middleware's behavior.
+ */
+export declare function isAgentMcpRequestAuthorized(input: {
+    password: string | undefined;
+    capabilityToken: string | null;
+    authorizationHeader: string | undefined;
+}): Promise<boolean>;
 export {};
 //# sourceMappingURL=auth.d.ts.map