@hydra-acp/cli 0.1.0

package/dist/index.js

@@ -0,0 +1,3119 @@
+// src/daemon/server.ts
+import * as fs5 from "fs";
+import * as fsp2 from "fs/promises";
+import Fastify from "fastify";
+import websocketPlugin from "@fastify/websocket";
+import pino from "pino";
+import createPinoRoll from "pino-roll";
+
+// src/core/config.ts
+import * as fs from "fs/promises";
+import { homedir as homedir2 } from "os";
+import { z } from "zod";
+
+// src/core/paths.ts
+import * as path from "path";
+import * as os from "os";
+var ROOT_ENV = "HYDRA_ACP_HOME";
+function hydraHome() {
+  const override = process.env[ROOT_ENV];
+  if (override && override.length > 0) {
+    return path.resolve(override);
+  }
+  return path.join(os.homedir(), ".hydra-acp");
+}
+var paths = {
+  home: hydraHome,
+  config: () => path.join(hydraHome(), "config.json"),
+  pidFile: () => path.join(hydraHome(), "daemon.pid"),
+  logFile: () => path.join(hydraHome(), "daemon.log"),
+  currentLogFile: () => path.join(hydraHome(), "current.log"),
+  registryCache: () => path.join(hydraHome(), "registry.json"),
+  agentsDir: () => path.join(hydraHome(), "agents"),
+  agentDir: (id) => path.join(hydraHome(), "agents", id),
+  sessionsDir: () => path.join(hydraHome(), "sessions"),
+  sessionFile: (id) => path.join(hydraHome(), "sessions", `${id}.json`),
+  extensionsDir: () => path.join(hydraHome(), "extensions"),
+  extensionLogFile: (name) => path.join(hydraHome(), "extensions", `${name}.log`),
+  extensionPidFile: (name) => path.join(hydraHome(), "extensions", `${name}.pid`),
+  tuiHistoryFile: () => path.join(hydraHome(), "tui-history")
+};
+
+// src/core/config.ts
+var REGISTRY_URL_DEFAULT = "https://cdn.agentclientprotocol.com/registry/v1/latest/registry.json";
+var TlsConfig = z.object({
+  cert: z.string(),
+  key: z.string()
+});
+var DaemonConfig = z.object({
+  host: z.string().default("127.0.0.1"),
+  port: z.number().int().positive().default(8765),
+  authToken: z.string().min(16),
+  logLevel: z.enum(["debug", "info", "warn", "error"]).default("info"),
+  tls: TlsConfig.optional(),
+  sessionIdleTimeoutSeconds: z.number().int().nonnegative().default(30)
+});
+var RegistryConfig = z.object({
+  url: z.string().url().default(REGISTRY_URL_DEFAULT),
+  ttlHours: z.number().positive().default(24)
+});
+var TuiConfig = z.object({
+  // Minimum interval (ms) between full-screen repaints driven by content
+  // events (agent text chunks, tool/plan updates, elapsed-tick refreshes).
+  // User-action repaints — scrolling, prompt-row changes, modal open/close,
+  // /clear, ^L, resize — bypass this throttle. Default 1000 (1 Hz) keeps
+  // CPU low during heavy streaming; bump to 250 for 4 Hz, 100 for ~10 Hz,
+  // or 0 to disable throttling entirely.
+  repaintThrottleMs: z.number().int().nonnegative().default(1e3)
+});
+var ExtensionName = z.string().min(1).regex(/^[A-Za-z0-9._-]+$/, "extension name must be filename-safe");
+var ExtensionBody = z.object({
+  // Optional: if omitted, the spawn command defaults to [name], so a
+  // package called `hydra-acp-slack` that exposes a `hydra-acp-slack` bin
+  // can be enabled with just an empty body `{}`.
+  command: z.array(z.string()).default([]),
+  args: z.array(z.string()).default([]),
+  env: z.record(z.string()).default({}),
+  enabled: z.boolean().default(true)
+});
+var HydraConfig = z.object({
+  daemon: DaemonConfig,
+  registry: RegistryConfig.default({ url: REGISTRY_URL_DEFAULT, ttlHours: 24 }),
+  defaultAgent: z.string().default("claude-acp"),
+  // Where new sessions land when POST /v1/sessions omits cwd. Stored as
+  // a literal string ("~", "~/dev", "$HOME/work") so the config file is
+  // portable across machines; expanded via expandHome at use time.
+  defaultCwd: z.string().default("~"),
+  // Cap on cold sessions shown in CLI `sessions` listing and the TUI
+  // picker. Live sessions are always included; cold are sorted by
+  // recency and truncated to this count. `--all` overrides in the CLI.
+  sessionListColdLimit: z.number().int().nonnegative().default(20),
+  extensions: z.record(ExtensionName, ExtensionBody).default({}),
+  tui: TuiConfig.default({ repaintThrottleMs: 1e3 })
+});
+function extensionList(config) {
+  return Object.entries(config.extensions).map(([name, body]) => ({
+    name,
+    ...body
+  }));
+}
+async function loadConfig() {
+  const configPath = paths.config();
+  let raw;
+  try {
+    raw = await fs.readFile(configPath, "utf8");
+  } catch (err) {
+    const e = err;
+    if (e.code === "ENOENT") {
+      throw new Error(
+        `No config found at ${configPath}. Run \`hydra-acp init\` to create one.`
+      );
+    }
+    throw err;
+  }
+  const parsed = JSON.parse(raw);
+  return HydraConfig.parse(parsed);
+}
+async function ensureConfig() {
+  try {
+    await fs.access(paths.config());
+  } catch (err) {
+    const e = err;
+    if (e.code !== "ENOENT") {
+      throw err;
+    }
+    const config = defaultConfig();
+    await writeConfig(config);
+    process.stderr.write(
+      `hydra-acp: initialized ${paths.config()} with a fresh auth token.
+`
+    );
+    return config;
+  }
+  return loadConfig();
+}
+async function writeConfig(config) {
+  await fs.mkdir(paths.home(), { recursive: true });
+  await fs.writeFile(paths.config(), JSON.stringify(config, null, 2) + "\n", {
+    encoding: "utf8",
+    mode: 384
+  });
+}
+function generateAuthToken() {
+  const bytes = new Uint8Array(32);
+  crypto.getRandomValues(bytes);
+  let hex = "";
+  for (const b of bytes) {
+    hex += b.toString(16).padStart(2, "0");
+  }
+  return `hydra_token_${hex}`;
+}
+function defaultConfig() {
+  return HydraConfig.parse({
+    daemon: {
+      authToken: generateAuthToken()
+    }
+  });
+}
+function expandHome(p) {
+  if (p === "~" || p === "$HOME") {
+    return homedir2();
+  }
+  if (p.startsWith("~/")) {
+    return homedir2() + p.slice(1);
+  }
+  if (p.startsWith("$HOME/")) {
+    return homedir2() + p.slice("$HOME".length);
+  }
+  return p;
+}
+
+// src/core/registry.ts
+import * as fs2 from "fs/promises";
+import { z as z2 } from "zod";
+var NpxDistribution = z2.object({
+  package: z2.string(),
+  args: z2.array(z2.string()).optional(),
+  env: z2.record(z2.string()).optional()
+});
+var BinaryTarget = z2.object({
+  archive: z2.string().url().optional(),
+  cmd: z2.string().optional()
+});
+var BinaryDistribution = z2.object({
+  "darwin-aarch64": BinaryTarget.optional(),
+  "darwin-x86_64": BinaryTarget.optional(),
+  "linux-aarch64": BinaryTarget.optional(),
+  "linux-x86_64": BinaryTarget.optional(),
+  "windows-x86_64": BinaryTarget.optional(),
+  "windows-aarch64": BinaryTarget.optional()
+});
+var UvxDistribution = z2.object({
+  package: z2.string(),
+  args: z2.array(z2.string()).optional(),
+  env: z2.record(z2.string()).optional()
+});
+var Distribution = z2.object({
+  npx: NpxDistribution.optional(),
+  binary: BinaryDistribution.optional(),
+  uvx: UvxDistribution.optional()
+});
+var RegistryAgent = z2.object({
+  id: z2.string(),
+  name: z2.string(),
+  version: z2.string().optional(),
+  description: z2.string().optional(),
+  authors: z2.array(z2.string()).optional(),
+  license: z2.string().optional(),
+  icon: z2.string().optional(),
+  repository: z2.string().optional(),
+  website: z2.string().optional(),
+  distribution: Distribution
+});
+var RegistryDocument = z2.object({
+  version: z2.string(),
+  agents: z2.array(RegistryAgent),
+  extensions: z2.array(z2.unknown()).optional()
+});
+var Registry = class {
+  constructor(config) {
+    this.config = config;
+  }
+  config;
+  cache;
+  async load() {
+    if (this.cache && this.isFresh(this.cache.fetchedAt)) {
+      return this.cache.data;
+    }
+    const onDisk = await this.readDiskCache();
+    if (onDisk && this.isFresh(onDisk.fetchedAt)) {
+      this.cache = onDisk;
+      return onDisk.data;
+    }
+    try {
+      const fresh = await this.fetchFromNetwork();
+      this.cache = fresh;
+      await this.writeDiskCache(fresh);
+      return fresh.data;
+    } catch (err) {
+      if (onDisk) {
+        this.cache = onDisk;
+        return onDisk.data;
+      }
+      throw err;
+    }
+  }
+  async refresh() {
+    const fresh = await this.fetchFromNetwork();
+    this.cache = fresh;
+    await this.writeDiskCache(fresh);
+    return fresh.data;
+  }
+  async getAgent(id) {
+    const doc = await this.load();
+    const exact = doc.agents.find((a) => a.id === id);
+    if (exact) {
+      return exact;
+    }
+    return doc.agents.find((a) => npxPackageBasename(a) === id);
+  }
+  isFresh(fetchedAt) {
+    const ageMs = Date.now() - fetchedAt;
+    const ttlMs = this.config.registry.ttlHours * 60 * 60 * 1e3;
+    return ageMs < ttlMs;
+  }
+  async fetchFromNetwork() {
+    const response = await fetch(this.config.registry.url);
+    if (!response.ok) {
+      throw new Error(`Registry fetch failed: HTTP ${response.status}`);
+    }
+    const json = await response.json();
+    const data = RegistryDocument.parse(json);
+    return { fetchedAt: Date.now(), data };
+  }
+  async readDiskCache() {
+    try {
+      const raw = await fs2.readFile(paths.registryCache(), "utf8");
+      const parsed = JSON.parse(raw);
+      if (typeof parsed.fetchedAt === "number" && parsed.data && Array.isArray(parsed.data.agents)) {
+        return parsed;
+      }
+    } catch (err) {
+      const e = err;
+      if (e.code !== "ENOENT") {
+        throw err;
+      }
+    }
+    return void 0;
+  }
+  async writeDiskCache(cache) {
+    await fs2.mkdir(paths.home(), { recursive: true });
+    await fs2.writeFile(
+      paths.registryCache(),
+      JSON.stringify(cache, null, 2) + "\n",
+      "utf8"
+    );
+  }
+};
+function npxPackageBasename(agent) {
+  const pkg = agent.distribution.npx?.package;
+  if (!pkg) {
+    return void 0;
+  }
+  const lastSlash = pkg.lastIndexOf("/");
+  const afterSlash = lastSlash === -1 ? pkg : pkg.slice(lastSlash + 1);
+  const atIdx = afterSlash.lastIndexOf("@");
+  return atIdx <= 0 ? afterSlash : afterSlash.slice(0, atIdx);
+}
+function planSpawn(agent, extraArgs = []) {
+  if (agent.distribution.npx) {
+    const npx = agent.distribution.npx;
+    const args = ["-y", npx.package, ...npx.args ?? [], ...extraArgs];
+    return {
+      command: "npx",
+      args,
+      env: npx.env ?? {}
+    };
+  }
+  if (agent.distribution.binary) {
+    throw new Error(
+      `Agent ${agent.id} uses binary distribution; not yet supported in hydra-acp. PRs welcome.`
+    );
+  }
+  if (agent.distribution.uvx) {
+    const uvx = agent.distribution.uvx;
+    const args = [uvx.package, ...uvx.args ?? [], ...extraArgs];
+    return {
+      command: "uvx",
+      args,
+      env: uvx.env ?? {}
+    };
+  }
+  throw new Error(`Agent ${agent.id} has no usable distribution method.`);
+}
+
+// src/core/agent-instance.ts
+import { spawn } from "child_process";
+
+// src/acp/types.ts
+import { z as z3 } from "zod";
+var JsonRpcErrorCodes = {
+  ParseError: -32700,
+  InvalidRequest: -32600,
+  MethodNotFound: -32601,
+  InvalidParams: -32602,
+  InternalError: -32603,
+  SessionNotFound: -32001,
+  PermissionDenied: -32002,
+  AlreadyAttached: -32003,
+  AgentNotInstalled: -32005
+};
+var InitializeParams = z3.object({
+  protocolVersion: z3.number().optional(),
+  clientCapabilities: z3.record(z3.unknown()).optional(),
+  clientInfo: z3.object({
+    name: z3.string(),
+    version: z3.string().optional()
+  }).optional()
+});
+var HistoryPolicy = z3.enum(["full", "pending_only", "none"]);
+var SessionNewParams = z3.object({
+  cwd: z3.string(),
+  agentId: z3.string().optional(),
+  mcpServers: z3.array(z3.unknown()).optional()
+});
+var SessionResumeHints = z3.object({
+  upstreamSessionId: z3.string(),
+  agentId: z3.string(),
+  cwd: z3.string(),
+  title: z3.string().optional(),
+  agentArgs: z3.array(z3.string()).optional()
+});
+var SessionAttachParams = z3.object({
+  sessionId: z3.string(),
+  historyPolicy: HistoryPolicy.default("full"),
+  clientInfo: z3.object({
+    name: z3.string(),
+    version: z3.string().optional()
+  }).optional(),
+  _meta: z3.record(z3.unknown()).optional()
+});
+var HYDRA_META_KEY = "hydra-acp";
+function extractHydraMeta(meta) {
+  if (!meta) {
+    return {};
+  }
+  const namespaced = meta[HYDRA_META_KEY];
+  if (!namespaced || typeof namespaced !== "object" || Array.isArray(namespaced)) {
+    return {};
+  }
+  const obj = namespaced;
+  const out = {};
+  if (typeof obj.upstreamSessionId === "string") {
+    out.upstreamSessionId = obj.upstreamSessionId;
+  }
+  if (typeof obj.agentId === "string") {
+    out.agentId = obj.agentId;
+  }
+  if (typeof obj.cwd === "string") {
+    out.cwd = obj.cwd;
+  }
+  if (typeof obj.name === "string") {
+    out.name = obj.name;
+  }
+  if (Array.isArray(obj.agentArgs) && obj.agentArgs.every((a) => typeof a === "string")) {
+    out.agentArgs = obj.agentArgs;
+  }
+  if (obj.resume) {
+    const parsed = SessionResumeHints.safeParse(obj.resume);
+    if (parsed.success) {
+      out.resume = parsed.data;
+    }
+  }
+  return out;
+}
+function mergeMeta(passthrough, ours) {
+  return { ...passthrough ?? {}, [HYDRA_META_KEY]: ours };
+}
+var SessionDetachParams = z3.object({
+  sessionId: z3.string()
+});
+var SessionListParams = z3.object({
+  cwd: z3.string().optional(),
+  cursor: z3.string().optional(),
+  limit: z3.number().int().positive().max(200).optional()
+});
+var SessionListEntry = z3.object({
+  sessionId: z3.string(),
+  upstreamSessionId: z3.string().optional(),
+  cwd: z3.string(),
+  title: z3.string().optional(),
+  agentId: z3.string().optional(),
+  updatedAt: z3.string(),
+  attachedClients: z3.number().int().nonnegative(),
+  status: z3.enum(["live", "cold"]).default("live"),
+  _meta: z3.record(z3.unknown()).optional()
+});
+var SessionListResult = z3.object({
+  sessions: z3.array(SessionListEntry),
+  nextCursor: z3.string().optional()
+});
+var SessionPromptParams = z3.object({
+  sessionId: z3.string(),
+  prompt: z3.array(z3.unknown())
+});
+var SessionCancelParams = z3.object({
+  sessionId: z3.string()
+});
+var ProxyInitializeParams = z3.object({
+  protocolVersion: z3.number().optional(),
+  proxyInfo: z3.object({
+    name: z3.string(),
+    version: z3.string().optional()
+  }).optional(),
+  successor: z3.object({
+    command: z3.array(z3.string()),
+    env: z3.record(z3.string()).optional()
+  }).optional()
+});
+
+// src/acp/framing.ts
+function ndjsonStreamFromStdio(stdout, stdin) {
+  let buffer = "";
+  const messageHandlers = [];
+  const closeHandlers = [];
+  let closed = false;
+  const emitClose = (err) => {
+    if (closed) {
+      return;
+    }
+    closed = true;
+    for (const handler of closeHandlers) {
+      handler(err);
+    }
+  };
+  stdout.setEncoding("utf8");
+  stdout.on("data", (chunk) => {
+    buffer += chunk;
+    let newlineIndex = buffer.indexOf("\n");
+    while (newlineIndex !== -1) {
+      const line = buffer.slice(0, newlineIndex).trim();
+      buffer = buffer.slice(newlineIndex + 1);
+      if (line.length > 0) {
+        try {
+          const parsed = JSON.parse(line);
+          for (const handler of messageHandlers) {
+            handler(parsed);
+          }
+        } catch (err) {
+          for (const handler of messageHandlers) {
+            handler({
+              jsonrpc: "2.0",
+              id: 0,
+              error: {
+                code: JsonRpcErrorCodes.ParseError,
+                message: `Failed to parse ndjson line: ${err.message}`
+              }
+            });
+          }
+        }
+      }
+      newlineIndex = buffer.indexOf("\n");
+    }
+  });
+  stdout.on("end", () => emitClose());
+  stdout.on("error", (err) => emitClose(err));
+  stdin.on("error", (err) => emitClose(err));
+  return {
+    async send(message) {
+      if (closed) {
+        throw new Error("stream is closed");
+      }
+      const line = JSON.stringify(message) + "\n";
+      await new Promise((resolve2, reject) => {
+        stdin.write(line, (err) => {
+          if (err) {
+            reject(err);
+            return;
+          }
+          resolve2();
+        });
+      });
+    },
+    onMessage(handler) {
+      messageHandlers.push(handler);
+    },
+    onClose(handler) {
+      closeHandlers.push(handler);
+    },
+    async close() {
+      stdin.end();
+      emitClose();
+    }
+  };
+}
+
+// src/acp/connection.ts
+import { nanoid } from "nanoid";
+var JsonRpcConnection = class {
+  constructor(stream) {
+    this.stream = stream;
+    this.stream.onMessage((m) => this.handleIncoming(m));
+    this.stream.onClose((err) => this.handleClose(err));
+  }
+  stream;
+  requestHandlers = /* @__PURE__ */ new Map();
+  defaultRequestHandler;
+  notificationHandlers = /* @__PURE__ */ new Map();
+  pending = /* @__PURE__ */ new Map();
+  closed = false;
+  closeHandlers = [];
+  onRequest(method, handler) {
+    this.requestHandlers.set(method, handler);
+  }
+  setDefaultHandler(handler) {
+    this.defaultRequestHandler = handler;
+  }
+  onNotification(method, handler) {
+    this.notificationHandlers.set(method, handler);
+  }
+  onClose(handler) {
+    this.closeHandlers.push(handler);
+  }
+  async request(method, params) {
+    return this.requestWithId(method, params).response;
+  }
+  // Same as request() but exposes the JSON-RPC id assigned to the outbound
+  // message. Used when the caller needs to correlate later sideband signals
+  // (e.g. permission fan-out) with the specific recipient's request id.
+  requestWithId(method, params) {
+    if (this.closed) {
+      return {
+        id: "",
+        response: Promise.reject(new Error("connection is closed"))
+      };
+    }
+    const id = nanoid();
+    const message = { jsonrpc: "2.0", id, method, params };
+    const response = new Promise((resolve2, reject) => {
+      this.pending.set(id, {
+        resolve: (result) => resolve2(result),
+        reject
+      });
+      this.stream.send(message).catch((err) => {
+        this.pending.delete(id);
+        reject(err);
+      });
+    });
+    return { id, response };
+  }
+  notify(method, params) {
+    if (this.closed) {
+      return Promise.resolve();
+    }
+    const message = { jsonrpc: "2.0", method, params };
+    return this.stream.send(message);
+  }
+  async close() {
+    if (this.closed) {
+      return;
+    }
+    await this.stream.close();
+  }
+  handleIncoming(message) {
+    if ("method" in message) {
+      if ("id" in message && message.id !== void 0) {
+        this.handleRequest(message).catch(() => void 0);
+      } else {
+        this.handleNotification(message);
+      }
+    } else if ("id" in message) {
+      this.handleResponse(message);
+    }
+  }
+  async handleRequest(req) {
+    const handler = this.requestHandlers.get(req.method) ?? this.defaultRequestHandler;
+    if (!handler) {
+      await this.sendError(req.id, {
+        code: JsonRpcErrorCodes.MethodNotFound,
+        message: `Method not found: ${req.method}`
+      }).catch(() => void 0);
+      return;
+    }
+    try {
+      const result = await handler(req.params, req.method);
+      const response = {
+        jsonrpc: "2.0",
+        id: req.id,
+        result
+      };
+      await this.stream.send(response).catch(() => void 0);
+    } catch (err) {
+      const error = err;
+      await this.sendError(req.id, {
+        code: error.code ?? JsonRpcErrorCodes.InternalError,
+        message: error.message,
+        data: error.data
+      }).catch(() => void 0);
+    }
+  }
+  handleNotification(note) {
+    const handler = this.notificationHandlers.get(note.method);
+    if (handler) {
+      handler(note.params, note.method);
+    }
+  }
+  handleResponse(res) {
+    const pending = this.pending.get(res.id);
+    if (!pending) {
+      return;
+    }
+    this.pending.delete(res.id);
+    if (res.error) {
+      const err = new Error(res.error.message);
+      err.code = res.error.code;
+      err.data = res.error.data;
+      pending.reject(err);
+    } else {
+      pending.resolve(res.result);
+    }
+  }
+  async sendError(id, error) {
+    const response = {
+      jsonrpc: "2.0",
+      id,
+      error
+    };
+    await this.stream.send(response);
+  }
+  handleClose(err) {
+    if (this.closed) {
+      return;
+    }
+    this.closed = true;
+    for (const pending of this.pending.values()) {
+      pending.reject(err ?? new Error("connection closed"));
+    }
+    this.pending.clear();
+    for (const handler of this.closeHandlers) {
+      handler(err);
+    }
+  }
+};
+
+// src/core/agent-instance.ts
+var AgentInstance = class _AgentInstance {
+  agentId;
+  cwd;
+  connection;
+  child;
+  exited = false;
+  exitHandlers = [];
+  constructor(opts, child) {
+    this.agentId = opts.agentId;
+    this.cwd = opts.cwd;
+    this.child = child;
+    if (!child.stdout || !child.stdin) {
+      throw new Error("agent subprocess missing stdio");
+    }
+    const stream = ndjsonStreamFromStdio(child.stdout, child.stdin);
+    this.connection = new JsonRpcConnection(stream);
+    child.stderr?.setEncoding("utf8");
+    child.stderr?.on("data", (chunk) => {
+      process.stderr.write(`[${opts.agentId}] ${chunk}`);
+    });
+    child.on("exit", (code, signal) => {
+      this.exited = true;
+      for (const handler of this.exitHandlers) {
+        handler(code, signal);
+      }
+    });
+  }
+  static spawn(opts) {
+    const env = {
+      ...process.env,
+      ...opts.plan.env,
+      ...opts.extraEnv ?? {}
+    };
+    const child = spawn(opts.plan.command, opts.plan.args, {
+      cwd: opts.cwd,
+      env,
+      stdio: ["pipe", "pipe", "pipe"]
+    });
+    return new _AgentInstance(opts, child);
+  }
+  onExit(handler) {
+    this.exitHandlers.push(handler);
+  }
+  isAlive() {
+    return !this.exited;
+  }
+  async kill(signal = "SIGTERM") {
+    if (this.exited) {
+      return;
+    }
+    await this.connection.close().catch(() => void 0);
+    this.child.kill(signal);
+  }
+};
+
+// src/core/session.ts
+import { customAlphabet } from "nanoid";
+
+// src/core/hydra-commands.ts
+var HYDRA_COMMANDS = [
+  {
+    verb: "title",
+    name: "/hydra title",
+    description: "Regenerate the session title via the agent (or set manually with an arg)"
+  },
+  {
+    verb: "switch",
+    name: "/hydra switch",
+    argsHint: "<agent>",
+    description: "Swap the agent backing this session, preserving context"
+  }
+];
+var VERB_INDEX = new Map(HYDRA_COMMANDS.map((c) => [c.verb, c]));
+function hydraCommandsAsAdvertised() {
+  return HYDRA_COMMANDS.map((c) => ({
+    name: c.argsHint ? `${c.name} ${c.argsHint}` : c.name,
+    description: c.description
+  }));
+}
+
+// src/core/session.ts
+var HYDRA_ID_ALPHABET = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+var generateHydraId = customAlphabet(HYDRA_ID_ALPHABET, 16);
+var HYDRA_SESSION_PREFIX = "hydra_session_";
+var Session = class {
+  sessionId;
+  cwd;
+  // agent / agentId / upstreamSessionId are mutable so /hydra switch can
+  // replace the underlying agent process while keeping the same Session
+  // record. agentMeta is the metadata returned by the agent at session/new
+  // time; it gets refreshed on switch too.
+  agentId;
+  agent;
+  upstreamSessionId;
+  agentMeta;
+  agentArgs;
+  title;
+  updatedAt;
+  clients = /* @__PURE__ */ new Map();
+  history = [];
+  promptQueue = [];
+  promptInFlight = false;
+  closed = false;
+  closeHandlers = [];
+  titleHandlers = [];
+  // True once we've observed our first session/prompt; gates the
+  // first-prompt-seeded title so subsequent prompts don't churn it.
+  firstPromptSeeded = false;
+  // Permission requests that have been broadcast to one or more
+  // clients but have not yet resolved. Replayed to clients that
+  // attach mid-flight so a late joiner sees the prompt instead of an
+  // empty session waiting on something they can't see. Settled entries
+  // are removed so this map only ever contains live requests.
+  inFlightPermissions = /* @__PURE__ */ new Set();
+  // While set, agent-emitted session/update notifications are
+  // captured into `chunks` and NOT broadcast to clients. Used by
+  // /hydra slash-command sub-prompts (e.g. title regeneration) so
+  // the conversation log doesn't get polluted with the meta-prompt
+  // and its reply.
+  internalPromptCapture;
+  idleTimeoutMs;
+  idleTimer;
+  spawnReplacementAgent;
+  agentChangeHandlers = [];
+  // Last available_commands_update we observed from the agent. Stored so
+  // we can re-broadcast a merged (hydra ∪ agent) list whenever either
+  // half changes — most importantly when a fresh client attaches and
+  // replays history, since the in-cache update is the daemon's merged
+  // form (the agent's raw form is never broadcast).
+  agentAdvertisedCommands = [];
+  constructor(init) {
+    this.sessionId = init.sessionId ?? `${HYDRA_SESSION_PREFIX}${generateHydraId()}`;
+    this.cwd = init.cwd;
+    this.agentId = init.agentId;
+    this.agent = init.agent;
+    this.upstreamSessionId = init.upstreamSessionId;
+    this.agentMeta = init.agentMeta;
+    this.agentArgs = init.agentArgs;
+    this.title = init.title;
+    this.idleTimeoutMs = init.idleTimeoutMs ?? 0;
+    this.spawnReplacementAgent = init.spawnReplacementAgent;
+    this.updatedAt = Date.now();
+    this.wireAgent(this.agent);
+    this.broadcastMergedCommands();
+  }
+  broadcastMergedCommands() {
+    const merged = [
+      ...hydraCommandsAsAdvertised(),
+      ...this.agentAdvertisedCommands
+    ];
+    this.recordAndBroadcast("session/update", {
+      sessionId: this.upstreamSessionId,
+      update: {
+        sessionUpdate: "available_commands_update",
+        availableCommands: merged
+      }
+    });
+  }
+  // Register session/update, session/request_permission, and onExit
+  // handlers on an agent connection. Re-run on every /hydra switch so
+  // the new agent is plumbed identically. The exit handler's identity
+  // check is what makes switching safe: when the *old* agent exits as
+  // part of a swap, this.agent has already been replaced, so we no-op
+  // and don't tear the session down.
+  wireAgent(agent) {
+    agent.connection.onNotification("session/update", (params) => {
+      if (this.internalPromptCapture) {
+        captureInternalChunk(this.internalPromptCapture, params);
+        return;
+      }
+      const agentCmds = extractAdvertisedCommands(params);
+      if (agentCmds !== null) {
+        this.agentAdvertisedCommands = agentCmds;
+        this.broadcastMergedCommands();
+        return;
+      }
+      this.maybeApplyAgentSessionInfo(params);
+      this.recordAndBroadcast("session/update", params);
+    });
+    agent.connection.onRequest("session/request_permission", async (params) => {
+      return this.handlePermissionRequest(params);
+    });
+    agent.onExit(() => {
+      if (this.agent !== agent) {
+        return;
+      }
+      this.markClosed({ deleteRecord: false });
+    });
+  }
+  onAgentChange(handler) {
+    this.agentChangeHandlers.push(handler);
+  }
+  get attachedCount() {
+    return this.clients.size;
+  }
+  attach(client, historyPolicy) {
+    if (this.closed) {
+      throw withCode(
+        new Error("session is closed"),
+        JsonRpcErrorCodes.SessionNotFound
+      );
+    }
+    if (this.clients.has(client.clientId)) {
+      throw withCode(
+        new Error(`client ${client.clientId} is already attached`),
+        JsonRpcErrorCodes.AlreadyAttached
+      );
+    }
+    this.clients.set(client.clientId, client);
+    this.updatedAt = Date.now();
+    this.cancelIdleTimer();
+    if (historyPolicy === "none") {
+      return [];
+    }
+    if (historyPolicy === "pending_only") {
+      return [];
+    }
+    return [...this.history];
+  }
+  // Dispatch in-flight permission requests to a freshly-attached
+  // client. Called by the daemon's WS handler *after* it finishes
+  // replaying history, so the prompt lands at the bottom of the
+  // transcript rather than above the conversation.
+  replayPendingPermissions(client) {
+    for (const pending of this.inFlightPermissions) {
+      pending.addClient(client);
+    }
+  }
+  detach(clientId) {
+    if (this.clients.delete(clientId)) {
+      this.updatedAt = Date.now();
+      this.maybeStartIdleTimer();
+    }
+  }
+  async prompt(clientId, params) {
+    const client = this.clients.get(clientId);
+    if (!client) {
+      throw withCode(
+        new Error("client not attached"),
+        JsonRpcErrorCodes.SessionNotFound
+      );
+    }
+    const promptText = extractPromptText(
+      (params ?? {}).prompt
+    ).trim();
+    if (promptText.startsWith("/hydra")) {
+      return this.handleSlashCommand(promptText);
+    }
+    this.broadcastPromptReceived(client, params);
+    this.maybeSeedTitleFromPrompt(params);
+    return this.enqueuePrompt(async () => {
+      const response = await this.agent.connection.request(
+        "session/prompt",
+        {
+          ...params,
+          sessionId: this.upstreamSessionId
+        }
+      );
+      this.broadcastTurnComplete(client.clientId, response);
+      return response;
+    });
+  }
+  broadcastPromptReceived(client, params) {
+    const promptParams = params ?? {};
+    const sentBy = { clientId: client.clientId };
+    if (client.clientInfo?.name) {
+      sentBy.name = client.clientInfo.name;
+    }
+    if (client.clientInfo?.version) {
+      sentBy.version = client.clientInfo.version;
+    }
+    this.recordAndBroadcast(
+      "session/update",
+      {
+        sessionId: this.sessionId,
+        update: {
+          sessionUpdate: "prompt_received",
+          prompt: promptParams.prompt,
+          sentBy
+        }
+      },
+      client.clientId
+    );
+    const text = extractPromptText(promptParams.prompt);
+    if (text.length > 0) {
+      this.recordAndBroadcast(
+        "session/update",
+        {
+          sessionId: this.sessionId,
+          update: {
+            sessionUpdate: "user_message_chunk",
+            content: { type: "text", text },
+            _meta: { "hydra-acp": { compatFor: "prompt_received" } }
+          }
+        },
+        client.clientId
+      );
+    }
+  }
+  broadcastTurnComplete(originatorClientId, response) {
+    const stopReason = response && typeof response === "object" && "stopReason" in response && typeof response.stopReason === "string" ? response.stopReason : void 0;
+    const update = {
+      sessionUpdate: "turn_complete"
+    };
+    if (stopReason !== void 0) {
+      update.stopReason = stopReason;
+    }
+    this.recordAndBroadcast(
+      "session/update",
+      {
+        sessionId: this.sessionId,
+        update
+      },
+      originatorClientId
+    );
+  }
+  async cancel(clientId) {
+    const client = this.clients.get(clientId);
+    if (!client) {
+      throw withCode(
+        new Error("client not attached"),
+        JsonRpcErrorCodes.SessionNotFound
+      );
+    }
+    await this.agent.connection.notify("session/cancel", {
+      sessionId: this.upstreamSessionId
+    });
+  }
+  async forwardRequest(method, params) {
+    return this.agent.connection.request(method, this.rewriteForAgent(params));
+  }
+  rewriteForAgent(params) {
+    if (params && typeof params === "object" && !Array.isArray(params)) {
+      const obj = params;
+      if (obj.sessionId === this.sessionId) {
+        return { ...obj, sessionId: this.upstreamSessionId };
+      }
+    }
+    return params;
+  }
+  async close(opts = {}) {
+    if (this.closed) {
+      return;
+    }
+    this.cancelIdleTimer();
+    await this.agent.kill().catch(() => void 0);
+    this.markClosed({ deleteRecord: opts.deleteRecord ?? false });
+  }
+  onClose(handler) {
+    this.closeHandlers.push(handler);
+  }
+  // Subscribe to title updates. The SessionManager hooks this to
+  // persist the new title to disk so a daemon restart restores it.
+  onTitleChange(handler) {
+    this.titleHandlers.push(handler);
+  }
+  // Update the canonical title and broadcast a session_info_update to
+  // every attached client. Clients that already speak the spec's
+  // session_info_update need no hydra-specific wiring to pick this up.
+  // Idempotent on identical values.
+  setTitle(title) {
+    const trimmed = title.trim();
+    if (!trimmed || trimmed === this.title) {
+      return;
+    }
+    this.title = trimmed;
+    this.recordAndBroadcast("session/update", {
+      sessionId: this.sessionId,
+      update: {
+        sessionUpdate: "session_info_update",
+        title: trimmed,
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+      }
+    });
+    for (const handler of this.titleHandlers) {
+      try {
+        handler(trimmed);
+      } catch {
+      }
+    }
+  }
+  // First-prompt heuristic: derive a session title from the first
+  // session/prompt's text. Replaces whatever was set at session/new
+  // (typically an editor frame name like "Claude Agent @ hydra-acp")
+  // — the first prompt is a better summary for cross-client display
+  // than the editor's static frame label. Subsequent prompts don't
+  // touch the title; that'd flap as conversations evolved.
+  maybeSeedTitleFromPrompt(params) {
+    if (this.firstPromptSeeded) {
+      return;
+    }
+    const promptParams = params ?? {};
+    const text = extractPromptText(promptParams.prompt);
+    const seed = firstLine(text, 80);
+    if (!seed) {
+      return;
+    }
+    this.firstPromptSeeded = true;
+    this.setTitle(seed);
+  }
+  // Pick up an agent-emitted session_info_update and store its title
+  // as our canonical record. The notification is also forwarded to
+  // clients via the surrounding recordAndBroadcast call. Authoritative
+  // — overrides our placeholder.
+  maybeApplyAgentSessionInfo(params) {
+    const obj = params ?? {};
+    const update = obj.update ?? {};
+    if (update.sessionUpdate !== "session_info_update") {
+      return;
+    }
+    if (typeof update.title !== "string") {
+      return;
+    }
+    const trimmed = update.title.trim();
+    if (!trimmed || trimmed === this.title) {
+      return;
+    }
+    this.title = trimmed;
+    this.firstPromptSeeded = true;
+    for (const handler of this.titleHandlers) {
+      try {
+        handler(trimmed);
+      } catch {
+      }
+    }
+  }
+  // Dispatch a /hydra <verb> [args] slash command typed in any client's
+  // composer. Returns a synthesized session/prompt response so the
+  // caller's promise resolves like a normal turn. To add a verb: append
+  // an entry to HYDRA_COMMANDS (drives validation + client advertising)
+  // and a dispatch case in the switch below.
+  async handleSlashCommand(text) {
+    const rest = text.slice("/hydra".length).trim();
+    const match = rest.match(/^(\S+)(?:\s+([\s\S]*))?$/);
+    const verb = match?.[1] ?? "";
+    const arg = (match?.[2] ?? "").trim();
+    if (verb === "") {
+      return { stopReason: "end_turn" };
+    }
+    if (!HYDRA_COMMANDS.some((c) => c.verb === verb)) {
+      const known = HYDRA_COMMANDS.map((c) => c.verb).join(", ");
+      const err = new Error(
+        `unknown /hydra verb: ${verb} (known: ${known})`
+      );
+      err.code = JsonRpcErrorCodes.InvalidParams;
+      throw err;
+    }
+    switch (verb) {
+      case "title":
+        return this.runTitleCommand(arg);
+      case "switch":
+        return this.runSwitchCommand(arg);
+      default: {
+        const err = new Error(
+          `no dispatcher for /hydra verb ${verb}`
+        );
+        err.code = JsonRpcErrorCodes.InternalError;
+        throw err;
+      }
+    }
+  }
+  // Runs as a normal queued prompt (so it serializes after any in-flight
+  // turn). With an arg, sets the title directly. Without one, runs a
+  // suppressed sub-prompt to the agent and uses its reply as the title.
+  // Either path ends with setTitle, which broadcasts session_info_update
+  // — that's what every other client observes.
+  runTitleCommand(arg) {
+    return this.enqueuePrompt(async () => {
+      if (arg) {
+        this.setTitle(arg);
+        return { stopReason: "end_turn" };
+      }
+      return this.runTitleRegen();
+    });
+  }
+  async runTitleRegen() {
+    const collected = await this.runInternalPrompt(
+      "Reply with ONLY a short title (\u226480 chars) summarizing this conversation so far. No quotes, no markdown, no explanation."
+    );
+    const title = firstLine(collected.trim(), 80);
+    if (title) {
+      this.setTitle(title);
+    }
+    return { stopReason: "end_turn" };
+  }
+  // Send a prompt to the underlying agent and capture its reply chunks
+  // privately (no fan-out to clients, no recording into history). Used
+  // by /hydra title's regen path and /hydra switch's transcript-injection
+  // path. Returns the joined agent_message_chunk text.
+  async runInternalPrompt(text) {
+    if (this.internalPromptCapture) {
+      throw new Error("internal prompt already in flight");
+    }
+    const capture = { chunks: [] };
+    this.internalPromptCapture = capture;
+    try {
+      await this.agent.connection.request("session/prompt", {
+        sessionId: this.upstreamSessionId,
+        prompt: [{ type: "text", text }]
+      });
+      return capture.chunks.join("");
+    } finally {
+      this.internalPromptCapture = void 0;
+    }
+  }
+  // Swap the underlying agent process while keeping the same Session
+  // record. Spawns the new agent first so a failure leaves the old one
+  // intact; then injects a synthesized transcript so the new agent has
+  // context for the next turn.
+  runSwitchCommand(newAgentId) {
+    if (!newAgentId) {
+      throw withCode(
+        new Error("/hydra switch requires an agent id"),
+        JsonRpcErrorCodes.InvalidParams
+      );
+    }
+    if (newAgentId === this.agentId) {
+      throw withCode(
+        new Error(`already on agent ${newAgentId}`),
+        JsonRpcErrorCodes.InvalidParams
+      );
+    }
+    if (!this.spawnReplacementAgent) {
+      throw withCode(
+        new Error("agent switching not configured for this session"),
+        JsonRpcErrorCodes.InternalError
+      );
+    }
+    const spawnAgent = this.spawnReplacementAgent;
+    return this.enqueuePrompt(async () => {
+      const oldAgentId = this.agentId;
+      const transcript = this.buildSwitchTranscript(oldAgentId);
+      const fresh = await spawnAgent({
+        agentId: newAgentId,
+        cwd: this.cwd,
+        agentArgs: this.agentArgs
+      });
+      this.wireAgent(fresh.agent);
+      const oldAgent = this.agent;
+      this.agent = fresh.agent;
+      this.agentId = newAgentId;
+      this.upstreamSessionId = fresh.upstreamSessionId;
+      this.agentMeta = fresh.agentMeta;
+      this.agentAdvertisedCommands = [];
+      this.broadcastMergedCommands();
+      await oldAgent.kill().catch(() => void 0);
+      if (transcript) {
+        await this.runInternalPrompt(transcript).catch(() => void 0);
+      }
+      this.broadcastAgentSwitch(oldAgentId, newAgentId);
+      const info = {
+        agentId: this.agentId,
+        upstreamSessionId: this.upstreamSessionId
+      };
+      for (const handler of this.agentChangeHandlers) {
+        try {
+          handler(info);
+        } catch {
+        }
+      }
+      return { stopReason: "end_turn" };
+    });
+  }
+  // Walk this.history (rewritten-for-clients notification cache) and
+  // produce a labeled transcript suitable for handing to a fresh agent.
+  // Includes user prompts, agent replies, and tool-call outcomes; skips
+  // hydra-synthesized markers (so multi-hop switches don't accumulate
+  // banners) and other update kinds we don't think the next agent
+  // benefits from re-seeing (plans, thoughts, mode/model/usage).
+  buildSwitchTranscript(prevAgentId) {
+    const lines = [];
+    for (const note of this.history) {
+      if (note.method !== "session/update") {
+        continue;
+      }
+      const params = note.params ?? {};
+      const update = params.update;
+      if (!update) {
+        continue;
+      }
+      const meta = update._meta;
+      if (meta?.["hydra-acp"]?.synthetic) {
+        continue;
+      }
+      const kind = update.sessionUpdate;
+      if (kind === "prompt_received") {
+        const text = extractPromptText(update.prompt);
+        if (text) {
+          lines.push({ speaker: "user", text });
+        }
+      } else if (kind === "agent_message_chunk") {
+        const content = update.content;
+        const text = content?.text;
+        if (text) {
+          lines.push({ speaker: `agent: ${prevAgentId}`, text });
+        }
+      } else if (kind === "tool_call" || kind === "tool_call_update") {
+        const status = update.status;
+        const title = update.title;
+        if (status === "completed" || status === "failed") {
+          lines.push({
+            speaker: "tool",
+            text: `${title ?? "?"} ${status}`
+          });
+        }
+      }
+    }
+    if (lines.length === 0) {
+      return "";
+    }
+    const coalesced = [];
+    let current;
+    for (const line of lines) {
+      if (current && current.speaker === line.speaker) {
+        current.text += line.text;
+      } else {
+        if (current) {
+          coalesced.push(`<${current.speaker}>: ${current.text.trim()}`);
+        }
+        current = { speaker: line.speaker, text: line.text };
+      }
+    }
+    if (current) {
+      coalesced.push(`<${current.speaker}>: ${current.text.trim()}`);
+    }
+    return [
+      `You are taking over this conversation from ${prevAgentId}. Below is the transcript so far.`,
+      `Each line is prefixed with its speaker. Continue from where ${prevAgentId} left off, responding to the user's most recent message.`,
+      "",
+      "--- begin transcript ---",
+      ...coalesced,
+      "--- end transcript ---"
+    ].join("\n");
+  }
+  // Tell every attached client (a) the agent identity has changed
+  // (session_info_update with an agentId field — clients that already
+  // listen for title updates pick this up; older clients ignore unknown
+  // fields harmlessly) and (b) drop a visible banner into the transcript
+  // so users see the switch rather than just suddenly getting answers
+  // from a different agent. Both updates carry _meta["hydra-acp"].synthetic
+  // so a future /hydra switch's transcript builder filters them out.
+  broadcastAgentSwitch(oldAgentId, newAgentId) {
+    this.recordAndBroadcast("session/update", {
+      sessionId: this.sessionId,
+      update: {
+        sessionUpdate: "session_info_update",
+        agentId: newAgentId,
+        _meta: { "hydra-acp": { synthetic: true } }
+      }
+    });
+    this.recordAndBroadcast("session/update", {
+      sessionId: this.sessionId,
+      update: {
+        sessionUpdate: "agent_message_chunk",
+        content: {
+          type: "text",
+          text: `
+_(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
+`
+        },
+        _meta: { "hydra-acp": { synthetic: true } }
+      }
+    });
+  }
+  markClosed(opts) {
+    if (this.closed) {
+      return;
+    }
+    this.closed = true;
+    this.cancelIdleTimer();
+    for (const client of this.clients.values()) {
+      void client.connection.notify("hydra-acp/session_closed", { sessionId: this.sessionId }).catch(() => void 0);
+    }
+    this.clients.clear();
+    for (const handler of this.closeHandlers) {
+      handler(opts);
+    }
+  }
+  maybeStartIdleTimer() {
+    if (this.closed || this.clients.size > 0 || this.idleTimeoutMs <= 0) {
+      return;
+    }
+    if (this.idleTimer) {
+      return;
+    }
+    this.idleTimer = setTimeout(() => {
+      this.idleTimer = void 0;
+      void this.close({ deleteRecord: false }).catch(() => void 0);
+    }, this.idleTimeoutMs);
+    if (typeof this.idleTimer.unref === "function") {
+      this.idleTimer.unref();
+    }
+  }
+  cancelIdleTimer() {
+    if (this.idleTimer) {
+      clearTimeout(this.idleTimer);
+      this.idleTimer = void 0;
+    }
+  }
+  rewriteForClient(params) {
+    if (params && typeof params === "object" && !Array.isArray(params)) {
+      const obj = params;
+      if (obj.sessionId === this.upstreamSessionId) {
+        return { ...obj, sessionId: this.sessionId };
+      }
+    }
+    return params;
+  }
+  recordAndBroadcast(method, params, excludeClientId) {
+    const rewritten = this.rewriteForClient(params);
+    this.history.push({ method, params: rewritten, recordedAt: Date.now() });
+    if (this.history.length > 1e3) {
+      this.history = this.history.slice(-500);
+    }
+    this.updatedAt = Date.now();
+    for (const client of this.clients.values()) {
+      if (excludeClientId && client.clientId === excludeClientId) {
+        continue;
+      }
+      void client.connection.notify(method, rewritten).catch(() => void 0);
+    }
+  }
+  async handlePermissionRequest(params) {
+    const initialClients = [...this.clients.values()];
+    if (initialClients.length === 0) {
+      throw withCode(
+        new Error("no clients attached to handle permission request"),
+        JsonRpcErrorCodes.PermissionDenied
+      );
+    }
+    const clientParams = this.rewriteForClient(params);
+    return new Promise((resolve2, reject) => {
+      let settled = false;
+      const outbound = [];
+      const entry = { addClient: sendTo };
+      this.inFlightPermissions.add(entry);
+      const settle = (fn) => {
+        if (settled) {
+          return;
+        }
+        settled = true;
+        this.inFlightPermissions.delete(entry);
+        fn();
+      };
+      function sendTo(client) {
+        if (settled) {
+          return;
+        }
+        const { id, response } = client.connection.requestWithId(
+          "session/request_permission",
+          clientParams
+        );
+        outbound.push({ client, id });
+        void response.then((result) => {
+          settle(() => {
+            for (const o of outbound) {
+              if (o.client.clientId === client.clientId) {
+                continue;
+              }
+              void o.client.connection.notify("session/permission_resolved", {
+                ...clientParams,
+                requestId: o.id,
+                resolvedBy: client.clientId,
+                result
+              }).catch(() => void 0);
+            }
+            resolve2(result);
+          });
+        }).catch((err) => {
+          settle(() => reject(err));
+        });
+      }
+      for (const client of initialClients) {
+        sendTo(client);
+      }
+    });
+  }
+  async enqueuePrompt(task) {
+    return new Promise((resolve2, reject) => {
+      const run = async () => {
+        try {
+          const result = await task();
+          resolve2(result);
+        } catch (err) {
+          reject(err);
+        }
+      };
+      this.promptQueue.push(run);
+      void this.drainQueue();
+    });
+  }
+  async drainQueue() {
+    if (this.promptInFlight) {
+      return;
+    }
+    this.promptInFlight = true;
+    try {
+      while (this.promptQueue.length > 0) {
+        const next = this.promptQueue.shift();
+        if (next) {
+          await next();
+        }
+      }
+    } finally {
+      this.promptInFlight = false;
+    }
+  }
+};
+function withCode(err, code) {
+  err.code = code;
+  return err;
+}
+function captureInternalChunk(capture, params) {
+  const obj = params ?? {};
+  const update = obj.update ?? {};
+  if (update.sessionUpdate !== "agent_message_chunk") {
+    return;
+  }
+  const content = update.content ?? {};
+  if (typeof content.text === "string") {
+    capture.chunks.push(content.text);
+  }
+}
+function extractAdvertisedCommands(params) {
+  const obj = params ?? {};
+  const update = obj.update ?? {};
+  if (update.sessionUpdate !== "available_commands_update") {
+    return null;
+  }
+  const list = update.availableCommands ?? update.commands;
+  if (!Array.isArray(list)) {
+    return [];
+  }
+  const out = [];
+  for (const raw of list) {
+    if (!raw || typeof raw !== "object") {
+      continue;
+    }
+    const c = raw;
+    if (typeof c.name !== "string" || c.name.length === 0) {
+      continue;
+    }
+    const cmd = { name: c.name };
+    if (typeof c.description === "string") {
+      cmd.description = c.description;
+    }
+    out.push(cmd);
+  }
+  return out;
+}
+function extractPromptText(prompt) {
+  if (typeof prompt === "string") {
+    return prompt;
+  }
+  if (!Array.isArray(prompt)) {
+    return "";
+  }
+  return prompt.map((b) => {
+    if (b && typeof b === "object" && typeof b.text === "string") {
+      return b.text;
+    }
+    return "";
+  }).join("");
+}
+function firstLine(text, max) {
+  for (const raw of text.split(/\r?\n/)) {
+    const line = raw.trim();
+    if (!line) {
+      continue;
+    }
+    return line.length > max ? `${line.slice(0, max)}\u2026` : line;
+  }
+  return void 0;
+}
+
+// src/core/session-store.ts
+import * as fs3 from "fs/promises";
+import * as path2 from "path";
+import { z as z4 } from "zod";
+var SessionRecord = z4.object({
+  version: z4.literal(1),
+  sessionId: z4.string(),
+  upstreamSessionId: z4.string(),
+  agentId: z4.string(),
+  cwd: z4.string(),
+  title: z4.string().optional(),
+  agentArgs: z4.array(z4.string()).optional(),
+  createdAt: z4.string(),
+  updatedAt: z4.string()
+});
+var SESSION_ID_PATTERN = /^[A-Za-z0-9_-]+$/;
+function assertSafeId(id) {
+  if (!SESSION_ID_PATTERN.test(id)) {
+    throw new Error(`unsafe session id: ${id}`);
+  }
+}
+var SessionStore = class {
+  async write(record) {
+    assertSafeId(record.sessionId);
+    await fs3.mkdir(paths.sessionsDir(), { recursive: true });
+    const full = { version: 1, ...record };
+    await fs3.writeFile(
+      paths.sessionFile(record.sessionId),
+      JSON.stringify(full, null, 2) + "\n",
+      { encoding: "utf8", mode: 384 }
+    );
+  }
+  async read(sessionId) {
+    if (!SESSION_ID_PATTERN.test(sessionId)) {
+      return void 0;
+    }
+    let raw;
+    try {
+      raw = await fs3.readFile(paths.sessionFile(sessionId), "utf8");
+    } catch (err) {
+      const e = err;
+      if (e.code === "ENOENT") {
+        return void 0;
+      }
+      throw err;
+    }
+    try {
+      return SessionRecord.parse(JSON.parse(raw));
+    } catch {
+      return void 0;
+    }
+  }
+  async delete(sessionId) {
+    if (!SESSION_ID_PATTERN.test(sessionId)) {
+      return;
+    }
+    try {
+      await fs3.unlink(paths.sessionFile(sessionId));
+    } catch (err) {
+      const e = err;
+      if (e.code !== "ENOENT") {
+        throw err;
+      }
+    }
+  }
+  async list() {
+    let entries;
+    try {
+      entries = await fs3.readdir(paths.sessionsDir());
+    } catch (err) {
+      const e = err;
+      if (e.code === "ENOENT") {
+        return [];
+      }
+      throw err;
+    }
+    const records = [];
+    for (const entry of entries) {
+      if (!entry.endsWith(".json")) {
+        continue;
+      }
+      const id = entry.slice(0, -".json".length);
+      const record = await this.read(id);
+      if (record) {
+        records.push(record);
+      }
+    }
+    return records;
+  }
+};
+function recordFromMemorySession(args) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    sessionId: args.sessionId,
+    upstreamSessionId: args.upstreamSessionId,
+    agentId: args.agentId,
+    cwd: args.cwd,
+    title: args.title,
+    agentArgs: args.agentArgs,
+    createdAt: args.createdAt ?? now,
+    updatedAt: args.updatedAt ?? now
+  };
+}
+
+// src/core/session-manager.ts
+var SessionManager = class {
+  constructor(registry, spawner, store, options = {}) {
+    this.registry = registry;
+    this.spawner = spawner ?? ((opts) => AgentInstance.spawn(opts));
+    this.store = store ?? new SessionStore();
+    this.idleTimeoutMs = options.idleTimeoutMs ?? 0;
+  }
+  registry;
+  sessions = /* @__PURE__ */ new Map();
+  resurrectionInflight = /* @__PURE__ */ new Map();
+  spawner;
+  store;
+  idleTimeoutMs;
+  async create(params) {
+    const fresh = await this.bootstrapAgent({
+      agentId: params.agentId,
+      cwd: params.cwd,
+      agentArgs: params.agentArgs,
+      mcpServers: params.mcpServers
+    });
+    const session = new Session({
+      cwd: params.cwd,
+      agentId: params.agentId,
+      agent: fresh.agent,
+      upstreamSessionId: fresh.upstreamSessionId,
+      agentMeta: fresh.agentMeta,
+      title: params.title,
+      agentArgs: params.agentArgs,
+      idleTimeoutMs: this.idleTimeoutMs,
+      spawnReplacementAgent: (p) => this.bootstrapAgent({ ...p, mcpServers: [] })
+    });
+    await this.attachManagerHooks(session);
+    return session;
+  }
+  async resurrect(params) {
+    const existing = this.sessions.get(params.hydraSessionId);
+    if (existing) {
+      if (existing.upstreamSessionId !== params.upstreamSessionId) {
+        const err = new Error(
+          `session ${params.hydraSessionId} already exists with a different upstream id`
+        );
+        err.code = JsonRpcErrorCodes.AlreadyAttached;
+        throw err;
+      }
+      return existing;
+    }
+    const inflight = this.resurrectionInflight.get(params.hydraSessionId);
+    if (inflight) {
+      return inflight;
+    }
+    const promise = this.doResurrect(params);
+    this.resurrectionInflight.set(params.hydraSessionId, promise);
+    try {
+      return await promise;
+    } finally {
+      this.resurrectionInflight.delete(params.hydraSessionId);
+    }
+  }
+  async doResurrect(params) {
+    const existing = this.sessions.get(params.hydraSessionId);
+    if (existing) {
+      return existing;
+    }
+    const agentDef = await this.registry.getAgent(params.agentId);
+    if (!agentDef) {
+      const err = new Error(
+        `agent ${params.agentId} not found in registry; cannot resurrect`
+      );
+      err.code = JsonRpcErrorCodes.AgentNotInstalled;
+      throw err;
+    }
+    const plan = planSpawn(agentDef, params.agentArgs ?? []);
+    const agent = this.spawner({
+      agentId: params.agentId,
+      cwd: params.cwd,
+      plan
+    });
+    await agent.connection.request("initialize", {
+      protocolVersion: 1,
+      clientCapabilities: {},
+      clientInfo: { name: "hydra", version: "0.1.0" }
+    });
+    let loadResult;
+    try {
+      loadResult = await agent.connection.request("session/load", {
+        sessionId: params.upstreamSessionId,
+        cwd: params.cwd,
+        mcpServers: []
+      });
+    } catch (err) {
+      await agent.kill().catch(() => void 0);
+      throw new Error(
+        `agent ${params.agentId} failed to load upstream session ${params.upstreamSessionId}: ${err.message}`
+      );
+    }
+    const session = new Session({
+      sessionId: params.hydraSessionId,
+      cwd: params.cwd,
+      agentId: params.agentId,
+      agent,
+      upstreamSessionId: params.upstreamSessionId,
+      agentMeta: loadResult?._meta,
+      title: params.title,
+      agentArgs: params.agentArgs,
+      idleTimeoutMs: this.idleTimeoutMs,
+      spawnReplacementAgent: (p) => this.bootstrapAgent({ ...p, mcpServers: [] })
+    });
+    await this.attachManagerHooks(session);
+    return session;
+  }
+  // Bootstrap a fresh agent process: registry resolve → spawn → initialize
+  // → session/new. Shared by create() and the /hydra switch path so both
+  // go through the same env / capabilities / error-handling.
+  async bootstrapAgent(params) {
+    const agentDef = await this.registry.getAgent(params.agentId);
+    if (!agentDef) {
+      const err = new Error(
+        `agent ${params.agentId} not found in registry`
+      );
+      err.code = JsonRpcErrorCodes.AgentNotInstalled;
+      throw err;
+    }
+    const plan = planSpawn(agentDef, params.agentArgs ?? []);
+    const agent = this.spawner({
+      agentId: params.agentId,
+      cwd: params.cwd,
+      plan
+    });
+    try {
+      await agent.connection.request("initialize", {
+        protocolVersion: 1,
+        clientCapabilities: {},
+        clientInfo: { name: "hydra", version: "0.1.0" }
+      });
+      const newResult = await agent.connection.request("session/new", {
+        cwd: params.cwd,
+        mcpServers: params.mcpServers ?? []
+      });
+      return {
+        agent,
+        upstreamSessionId: newResult.sessionId,
+        agentMeta: newResult._meta
+      };
+    } catch (err) {
+      await agent.kill().catch(() => void 0);
+      throw err;
+    }
+  }
+  // Hooks that bridge a Session into the manager's persistence/listing
+  // bookkeeping. Called from both create() and resurrect() so the same
+  // session record + lifecycle handlers are wired regardless of origin.
+  // Returns once the initial disk record is written — callers should
+  // await so a subsequent /hydra switch's persistAgentChange (which
+  // does read-then-write) finds the file in place.
+  async attachManagerHooks(session) {
+    session.onClose(({ deleteRecord }) => {
+      this.sessions.delete(session.sessionId);
+      if (deleteRecord) {
+        void this.store.delete(session.sessionId).catch(() => void 0);
+      }
+    });
+    session.onTitleChange((title) => {
+      void this.persistTitle(session.sessionId, title).catch(() => void 0);
+    });
+    session.onAgentChange(({ agentId, upstreamSessionId }) => {
+      void this.persistAgentChange(session.sessionId, agentId, upstreamSessionId).catch(
+        () => void 0
+      );
+    });
+    this.sessions.set(session.sessionId, session);
+    await this.store.write(
+      recordFromMemorySession({
+        sessionId: session.sessionId,
+        upstreamSessionId: session.upstreamSessionId,
+        agentId: session.agentId,
+        cwd: session.cwd,
+        title: session.title,
+        agentArgs: session.agentArgs
+      })
+    ).catch(() => void 0);
+  }
+  async loadFromDisk(sessionId) {
+    const record = await this.store.read(sessionId);
+    if (!record) {
+      return void 0;
+    }
+    return {
+      hydraSessionId: record.sessionId,
+      upstreamSessionId: record.upstreamSessionId,
+      agentId: record.agentId,
+      cwd: record.cwd,
+      title: record.title,
+      agentArgs: record.agentArgs
+    };
+  }
+  get(sessionId) {
+    return this.sessions.get(sessionId);
+  }
+  // Resolve a user-typed session id (which may have the hydra_session_
+  // prefix stripped — that's what `sessions list` and the picker show) to
+  // the canonical form that actually exists. Tries the input as-given
+  // first, then with the prefix prepended. Returns undefined if neither
+  // form resolves to a live or stored session. Foreign ids (anything not
+  // following our prefix convention) pass through via the first lookup.
+  async resolveCanonicalId(input) {
+    if (this.sessions.has(input) || await this.store.read(input)) {
+      return input;
+    }
+    if (input.startsWith(HYDRA_SESSION_PREFIX)) {
+      return void 0;
+    }
+    const prefixed = HYDRA_SESSION_PREFIX + input;
+    if (this.sessions.has(prefixed) || await this.store.read(prefixed)) {
+      return prefixed;
+    }
+    return void 0;
+  }
+  require(sessionId) {
+    const session = this.sessions.get(sessionId);
+    if (!session) {
+      const err = new Error(`session ${sessionId} not found`);
+      err.code = JsonRpcErrorCodes.SessionNotFound;
+      throw err;
+    }
+    return session;
+  }
+  async list(filter = {}) {
+    const entries = [];
+    const liveIds = /* @__PURE__ */ new Set();
+    for (const session of this.sessions.values()) {
+      if (filter.cwd && session.cwd !== filter.cwd) {
+        continue;
+      }
+      liveIds.add(session.sessionId);
+      entries.push({
+        sessionId: session.sessionId,
+        upstreamSessionId: session.upstreamSessionId,
+        cwd: session.cwd,
+        title: session.title,
+        agentId: session.agentId,
+        updatedAt: new Date(session.updatedAt).toISOString(),
+        attachedClients: session.attachedCount,
+        status: "live"
+      });
+    }
+    const records = await this.store.list().catch(() => []);
+    for (const r of records) {
+      if (liveIds.has(r.sessionId)) {
+        continue;
+      }
+      if (filter.cwd && r.cwd !== filter.cwd) {
+        continue;
+      }
+      entries.push({
+        sessionId: r.sessionId,
+        upstreamSessionId: r.upstreamSessionId,
+        cwd: r.cwd,
+        title: r.title,
+        agentId: r.agentId,
+        updatedAt: r.updatedAt,
+        attachedClients: 0,
+        status: "cold"
+      });
+    }
+    entries.sort((a, b) => a.updatedAt < b.updatedAt ? 1 : -1);
+    return entries;
+  }
+  async deleteRecord(sessionId) {
+    const record = await this.store.read(sessionId);
+    if (!record) {
+      return false;
+    }
+    await this.store.delete(sessionId).catch(() => void 0);
+    return true;
+  }
+  // Persist a title update from Session.setTitle. The on-disk record
+  // was written at create time; updating it here keeps the session
+  // record's title in sync with what was broadcast to clients so a
+  // daemon restart (and later resurrect) restores the same title.
+  async persistTitle(sessionId, title) {
+    const record = await this.store.read(sessionId);
+    if (!record) {
+      return;
+    }
+    await this.store.write({
+      ...record,
+      title,
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  }
+  // Persist an agent swap from /hydra switch. The on-disk record's
+  // agentId + upstreamSessionId both rotate so a daemon restart (and
+  // later resurrect) brings the session back up on the agent the user
+  // most recently switched to, not the one it was originally created on.
+  async persistAgentChange(sessionId, agentId, upstreamSessionId) {
+    const record = await this.store.read(sessionId);
+    if (!record) {
+      return;
+    }
+    await this.store.write({
+      ...record,
+      agentId,
+      upstreamSessionId,
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  }
+  async closeAll() {
+    const sessions = [...this.sessions.values()];
+    await Promise.allSettled(sessions.map((s) => s.close()));
+    this.sessions.clear();
+  }
+};
+
+// src/core/extensions.ts
+import { spawn as spawn2 } from "child_process";
+import * as fs4 from "fs";
+import * as fsp from "fs/promises";
+import * as path3 from "path";
+var RESTART_BASE_MS = 1e3;
+var RESTART_CAP_MS = 6e4;
+var STOP_GRACE_MS = 3e3;
+var ExtensionManager = class {
+  entries = /* @__PURE__ */ new Map();
+  stopping = false;
+  context;
+  constructor(extensions, context) {
+    this.context = context;
+    for (const ext of extensions) {
+      this.entries.set(ext.name, this.makeEntry(ext));
+    }
+  }
+  setContext(context) {
+    this.context = context;
+  }
+  async start() {
+    if (!this.context) {
+      throw new Error("ExtensionManager: setContext must be called before start");
+    }
+    await fsp.mkdir(paths.extensionsDir(), { recursive: true });
+    await this.reapOrphans();
+    for (const entry of this.entries.values()) {
+      if (!entry.config.enabled) {
+        continue;
+      }
+      this.spawn(entry, 0);
+    }
+  }
+  async stop() {
+    this.stopping = true;
+    const tasks = [];
+    for (const entry of this.entries.values()) {
+      if (entry.restartTimer) {
+        clearTimeout(entry.restartTimer);
+        entry.restartTimer = void 0;
+      }
+      const child = entry.child;
+      if (!child) {
+        continue;
+      }
+      try {
+        child.kill("SIGTERM");
+      } catch {
+      }
+      tasks.push(
+        new Promise((resolve2) => {
+          if (child.exitCode !== null || child.signalCode !== null) {
+            resolve2();
+            return;
+          }
+          const timer = setTimeout(() => {
+            try {
+              child.kill("SIGKILL");
+            } catch {
+            }
+            resolve2();
+          }, STOP_GRACE_MS);
+          child.on("exit", () => {
+            clearTimeout(timer);
+            resolve2();
+          });
+        })
+      );
+    }
+    await Promise.allSettled(tasks);
+    for (const entry of this.entries.values()) {
+      try {
+        entry.logStream?.end();
+      } catch {
+      }
+      entry.child = void 0;
+      entry.logStream = void 0;
+      entry.pid = void 0;
+    }
+  }
+  list() {
+    return [...this.entries.values()].map((entry) => this.infoFor(entry));
+  }
+  get(name) {
+    const entry = this.entries.get(name);
+    return entry ? this.infoFor(entry) : void 0;
+  }
+  has(name) {
+    return this.entries.has(name);
+  }
+  async startByName(name) {
+    const entry = this.entries.get(name);
+    if (!entry) {
+      throw withCode2(new Error(`unknown extension: ${name}`), "NOT_FOUND");
+    }
+    if (entry.child) {
+      throw withCode2(new Error(`extension ${name} already running`), "CONFLICT");
+    }
+    if (entry.restartTimer) {
+      clearTimeout(entry.restartTimer);
+      entry.restartTimer = void 0;
+    }
+    entry.manuallyStopped = false;
+    entry.restartCount = 0;
+    this.spawn(entry, 0);
+    return this.infoFor(entry);
+  }
+  async stopByName(name) {
+    const entry = this.entries.get(name);
+    if (!entry) {
+      throw withCode2(new Error(`unknown extension: ${name}`), "NOT_FOUND");
+    }
+    entry.manuallyStopped = true;
+    if (entry.restartTimer) {
+      clearTimeout(entry.restartTimer);
+      entry.restartTimer = void 0;
+    }
+    const child = entry.child;
+    if (!child) {
+      return this.infoFor(entry);
+    }
+    await this.terminate(entry, child);
+    return this.infoFor(entry);
+  }
+  async restartByName(name) {
+    await this.stopByName(name);
+    return this.startByName(name);
+  }
+  // Register a new extension and (if enabled) start it. Used by the
+  // POST /v1/extensions endpoint so `hydra-acp extensions add` can take
+  // effect without a daemon restart.
+  register(config) {
+    if (this.entries.has(config.name)) {
+      throw withCode2(
+        new Error(`extension ${config.name} already exists`),
+        "CONFLICT"
+      );
+    }
+    if (!this.context) {
+      throw new Error("ExtensionManager: setContext must be called before register");
+    }
+    const entry = this.makeEntry(config);
+    this.entries.set(config.name, entry);
+    if (config.enabled) {
+      this.spawn(entry, 0);
+    }
+    return this.infoFor(entry);
+  }
+  async unregister(name) {
+    const entry = this.entries.get(name);
+    if (!entry) {
+      throw withCode2(new Error(`unknown extension: ${name}`), "NOT_FOUND");
+    }
+    entry.manuallyStopped = true;
+    if (entry.restartTimer) {
+      clearTimeout(entry.restartTimer);
+      entry.restartTimer = void 0;
+    }
+    const child = entry.child;
+    if (child) {
+      await this.terminate(entry, child);
+    }
+    try {
+      entry.logStream?.end();
+    } catch {
+    }
+    this.entries.delete(name);
+  }
+  async terminate(entry, child) {
+    if (child.exitCode !== null || child.signalCode !== null) {
+      return;
+    }
+    const exited = new Promise((resolve2) => {
+      entry.exitWaiters.push(resolve2);
+    });
+    try {
+      child.kill("SIGTERM");
+    } catch {
+    }
+    const killTimer = setTimeout(() => {
+      try {
+        child.kill("SIGKILL");
+      } catch {
+      }
+    }, STOP_GRACE_MS);
+    if (typeof killTimer.unref === "function") {
+      killTimer.unref();
+    }
+    try {
+      await exited;
+    } finally {
+      clearTimeout(killTimer);
+    }
+  }
+  infoFor(entry) {
+    let status;
+    if (entry.child) {
+      status = "running";
+    } else if (entry.restartTimer) {
+      status = "restarting";
+    } else if (!entry.config.enabled) {
+      status = "disabled";
+    } else {
+      status = "stopped";
+    }
+    return {
+      name: entry.config.name,
+      status,
+      pid: entry.pid,
+      enabled: entry.config.enabled,
+      restartCount: entry.restartCount,
+      startedAt: entry.startedAt,
+      lastExitCode: entry.lastExitCode,
+      logPath: paths.extensionLogFile(entry.config.name)
+    };
+  }
+  makeEntry(config) {
+    return {
+      config,
+      child: void 0,
+      logStream: void 0,
+      restartTimer: void 0,
+      pid: void 0,
+      startedAt: void 0,
+      restartCount: 0,
+      lastExitCode: void 0,
+      manuallyStopped: false,
+      exitWaiters: []
+    };
+  }
+  async reapOrphans() {
+    let entries;
+    try {
+      entries = await fsp.readdir(paths.extensionsDir());
+    } catch (err) {
+      const e = err;
+      if (e.code === "ENOENT") {
+        return;
+      }
+      throw err;
+    }
+    for (const entry of entries) {
+      if (!entry.endsWith(".pid")) {
+        continue;
+      }
+      const pidPath = path3.join(paths.extensionsDir(), entry);
+      let pid;
+      try {
+        const raw = await fsp.readFile(pidPath, "utf8");
+        const parsed = Number.parseInt(raw.trim(), 10);
+        if (Number.isInteger(parsed) && parsed > 0) {
+          pid = parsed;
+        }
+      } catch {
+      }
+      if (typeof pid === "number" && isAlive(pid)) {
+        try {
+          process.kill(pid, "SIGTERM");
+        } catch {
+        }
+        const deadline = Date.now() + STOP_GRACE_MS;
+        while (Date.now() < deadline && isAlive(pid)) {
+          await new Promise((r) => setTimeout(r, 50));
+        }
+        if (isAlive(pid)) {
+          try {
+            process.kill(pid, "SIGKILL");
+          } catch {
+          }
+        }
+      }
+      await fsp.unlink(pidPath).catch(() => void 0);
+    }
+  }
+  spawn(entry, attempt) {
+    if (this.stopping || entry.manuallyStopped) {
+      return;
+    }
+    const ctx = this.context;
+    if (!ctx) {
+      throw new Error("ExtensionManager.spawn called before setContext");
+    }
+    const ext = entry.config;
+    const command = ext.command.length > 0 ? ext.command : [ext.name];
+    const logStream = fs4.createWriteStream(paths.extensionLogFile(ext.name), {
+      flags: "a"
+    });
+    logStream.write(
+      `[hydra-acp] ${(/* @__PURE__ */ new Date()).toISOString()} starting extension ${ext.name} (attempt ${attempt + 1})
+`
+    );
+    const env = {
+      ...process.env,
+      HYDRA_ACP_DAEMON_URL: ctx.daemonUrl,
+      HYDRA_ACP_DAEMON_HOST: ctx.daemonHost,
+      HYDRA_ACP_DAEMON_PORT: String(ctx.daemonPort),
+      HYDRA_ACP_TOKEN: ctx.daemonToken,
+      HYDRA_ACP_WS_URL: ctx.daemonWsUrl,
+      HYDRA_ACP_HOME: ctx.hydraHome,
+      HYDRA_ACP_EXTENSION_NAME: ext.name,
+      ...ext.env
+    };
+    const [cmd, ...baseArgs] = command;
+    if (cmd === void 0) {
+      logStream.write(`[hydra-acp] extension ${ext.name} has empty command
+`);
+      logStream.end();
+      return;
+    }
+    const args = [...baseArgs, ...ext.args];
+    let child;
+    try {
+      child = spawn2(cmd, args, {
+        env,
+        stdio: ["ignore", "pipe", "pipe"],
+        detached: false
+      });
+    } catch (err) {
+      logStream.write(
+        `[hydra-acp] failed to spawn ${ext.name}: ${err.message}
+`
+      );
+      logStream.end();
+      this.scheduleRestart(entry, attempt);
+      return;
+    }
+    if (child.stdout) {
+      child.stdout.pipe(logStream, { end: false });
+    }
+    if (child.stderr) {
+      child.stderr.pipe(logStream, { end: false });
+    }
+    if (typeof child.pid === "number") {
+      try {
+        fs4.writeFileSync(paths.extensionPidFile(ext.name), `${child.pid}
+`, {
+          encoding: "utf8",
+          mode: 384
+        });
+      } catch (err) {
+        logStream.write(
+          `[hydra-acp] failed to write pid file for ${ext.name}: ${err.message}
+`
+        );
+      }
+    }
+    entry.child = child;
+    entry.logStream = logStream;
+    entry.pid = typeof child.pid === "number" ? child.pid : void 0;
+    entry.startedAt = Date.now();
+    entry.lastExitCode = void 0;
+    child.on("error", (err) => {
+      logStream.write(
+        `[hydra-acp] extension ${ext.name} error: ${err.message}
+`
+      );
+    });
+    child.on("exit", (code, signal) => {
+      try {
+        fs4.unlinkSync(paths.extensionPidFile(ext.name));
+      } catch {
+      }
+      logStream.write(
+        `[hydra-acp] extension ${ext.name} exited code=${code ?? "null"} signal=${signal ?? "null"}
+`
+      );
+      entry.child = void 0;
+      entry.pid = void 0;
+      entry.lastExitCode = typeof code === "number" ? code : void 0;
+      const waiters = entry.exitWaiters.splice(0);
+      for (const resolve2 of waiters) {
+        resolve2();
+      }
+      if (this.stopping || entry.manuallyStopped) {
+        try {
+          logStream.end();
+        } catch {
+        }
+        entry.logStream = void 0;
+        return;
+      }
+      entry.restartCount += 1;
+      this.scheduleRestart(entry, attempt + 1);
+    });
+  }
+  scheduleRestart(entry, attempt) {
+    if (this.stopping || entry.manuallyStopped) {
+      return;
+    }
+    const delay = Math.min(
+      RESTART_BASE_MS * 2 ** Math.min(attempt, 10),
+      RESTART_CAP_MS
+    );
+    entry.restartTimer = setTimeout(() => {
+      entry.restartTimer = void 0;
+      this.spawn(entry, attempt);
+    }, delay);
+    if (typeof entry.restartTimer.unref === "function") {
+      entry.restartTimer.unref();
+    }
+  }
+};
+function isAlive(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function withCode2(err, code) {
+  err.code = code;
+  return err;
+}
+
+// src/daemon/auth.ts
+var BEARER_PREFIX = "Bearer ";
+function bearerAuth(opts) {
+  return async function authMiddleware(request, reply) {
+    const header = request.headers.authorization;
+    if (!header || !header.startsWith(BEARER_PREFIX)) {
+      reply.code(401).send({ error: "Missing bearer token" });
+      return;
+    }
+    const token = header.slice(BEARER_PREFIX.length).trim();
+    if (!constantTimeEqual(token, opts.config.daemon.authToken)) {
+      reply.code(403).send({ error: "Invalid token" });
+      return;
+    }
+  };
+}
+function tokenFromUpgradeRequest(req) {
+  const proto = req.headers["sec-websocket-protocol"];
+  const protoString = Array.isArray(proto) ? proto.join(",") : proto;
+  if (protoString) {
+    for (const part of protoString.split(",")) {
+      const trimmed = part.trim();
+      const prefix = "hydra-acp-token.";
+      if (trimmed.startsWith(prefix)) {
+        return trimmed.slice(prefix.length);
+      }
+    }
+  }
+  if (req.url) {
+    try {
+      const u = new URL(req.url, "http://localhost");
+      const queryToken = u.searchParams.get("token");
+      if (queryToken) {
+        return queryToken;
+      }
+    } catch {
+      return void 0;
+    }
+  }
+  return void 0;
+}
+function constantTimeEqual(a, b) {
+  if (a.length !== b.length) {
+    return false;
+  }
+  let mismatch = 0;
+  for (let i = 0; i < a.length; i += 1) {
+    mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return mismatch === 0;
+}
+
+// src/daemon/routes/sessions.ts
+function registerSessionRoutes(app, manager, defaults) {
+  app.get("/v1/sessions", async (request) => {
+    const query = request.query;
+    const all = query?.all === "true" || query?.all === "1";
+    const sessions = await manager.list({ cwd: query?.cwd, all });
+    return { sessions };
+  });
+  app.post("/v1/sessions", async (request, reply) => {
+    const body = request.body ?? {};
+    const cwd = expandHome(body.cwd ?? defaults.cwd);
+    const agentId = body.agentId ?? defaults.agentId;
+    try {
+      const session = await manager.create({
+        cwd,
+        agentId,
+        mcpServers: body.mcpServers
+      });
+      reply.code(201).send({
+        sessionId: session.sessionId,
+        agentId: session.agentId,
+        cwd: session.cwd
+      });
+    } catch (err) {
+      reply.code(500).send({ error: err.message });
+    }
+  });
+  app.delete("/v1/sessions/:id", async (request, reply) => {
+    const raw = request.params.id;
+    const id = await manager.resolveCanonicalId(raw) ?? raw;
+    const session = manager.get(id);
+    if (session) {
+      await session.close({ deleteRecord: true });
+      reply.code(204).send();
+      return;
+    }
+    const removed = await manager.deleteRecord(id);
+    if (!removed) {
+      reply.code(404).send({ error: "session not found" });
+      return;
+    }
+    reply.code(204).send();
+  });
+}
+
+// src/daemon/routes/agents.ts
+function registerAgentRoutes(app, registry) {
+  app.get("/v1/agents", async () => {
+    const doc = await registry.load();
+    return {
+      version: doc.version,
+      agents: doc.agents.map((a) => ({
+        id: a.id,
+        name: a.name,
+        version: a.version,
+        description: a.description,
+        distributions: Object.keys(a.distribution)
+      }))
+    };
+  });
+  app.get("/v1/registry", async () => {
+    return registry.load();
+  });
+  app.post("/v1/registry/refresh", async () => {
+    const doc = await registry.refresh();
+    return { version: doc.version, agentCount: doc.agents.length };
+  });
+}
+
+// src/daemon/routes/health.ts
+function registerHealthRoutes(app, version) {
+  app.get("/v1/health", { config: { skipAuth: true } }, async () => {
+    return { status: "ok", version };
+  });
+}
+
+// src/daemon/routes/extensions.ts
+var NAME_RE = /^[A-Za-z0-9._-]+$/;
+function registerExtensionRoutes(app, extensions) {
+  app.get("/v1/extensions", async () => {
+    return { extensions: extensions.list() };
+  });
+  app.get("/v1/extensions/:name", async (request, reply) => {
+    const name = request.params.name;
+    const info = extensions.get(name);
+    if (!info) {
+      reply.code(404).send({ error: `unknown extension: ${name}` });
+      return;
+    }
+    return info;
+  });
+  app.post("/v1/extensions", async (request, reply) => {
+    const body = request.body ?? {};
+    const parsed = parseRegisterBody(body);
+    if ("error" in parsed) {
+      reply.code(400).send({ error: parsed.error });
+      return;
+    }
+    try {
+      const info = extensions.register(parsed.config);
+      reply.code(201).send(info);
+    } catch (err) {
+      sendError(reply, err);
+    }
+  });
+  app.delete("/v1/extensions/:name", async (request, reply) => {
+    const name = request.params.name;
+    try {
+      await extensions.unregister(name);
+      reply.code(204).send();
+    } catch (err) {
+      sendError(reply, err);
+    }
+  });
+  app.post("/v1/extensions/:name/start", async (request, reply) => {
+    const name = request.params.name;
+    try {
+      const info = await extensions.startByName(name);
+      reply.code(200).send(info);
+    } catch (err) {
+      sendError(reply, err);
+    }
+  });
+  app.post("/v1/extensions/:name/stop", async (request, reply) => {
+    const name = request.params.name;
+    try {
+      const info = await extensions.stopByName(name);
+      reply.code(200).send(info);
+    } catch (err) {
+      sendError(reply, err);
+    }
+  });
+  app.post("/v1/extensions/:name/restart", async (request, reply) => {
+    const name = request.params.name;
+    try {
+      const info = await extensions.restartByName(name);
+      reply.code(200).send(info);
+    } catch (err) {
+      sendError(reply, err);
+    }
+  });
+}
+function sendError(reply, err) {
+  const code = err.code;
+  const message = err.message ?? "unknown error";
+  if (code === "NOT_FOUND") {
+    reply.code(404).send({ error: message });
+    return;
+  }
+  if (code === "CONFLICT") {
+    reply.code(409).send({ error: message });
+    return;
+  }
+  reply.code(500).send({ error: message });
+}
+function parseRegisterBody(body) {
+  const name = body.name;
+  if (typeof name !== "string" || !NAME_RE.test(name)) {
+    return { error: "name must match [A-Za-z0-9._-]+" };
+  }
+  const command = body.command;
+  if (command !== void 0 && (!Array.isArray(command) || command.some((c) => typeof c !== "string"))) {
+    return { error: "command must be string[]" };
+  }
+  const args = body.args;
+  if (args !== void 0 && (!Array.isArray(args) || args.some((a) => typeof a !== "string"))) {
+    return { error: "args must be string[]" };
+  }
+  const env = body.env;
+  if (env !== void 0 && (typeof env !== "object" || env === null || Array.isArray(env))) {
+    return { error: "env must be an object of string\u2192string" };
+  }
+  if (env && Object.values(env).some((v) => typeof v !== "string")) {
+    return { error: "env values must be strings" };
+  }
+  const enabled = body.enabled;
+  if (enabled !== void 0 && typeof enabled !== "boolean") {
+    return { error: "enabled must be a boolean" };
+  }
+  return {
+    config: {
+      name,
+      command: command ?? [],
+      args: args ?? [],
+      env: env ?? {},
+      enabled: enabled === void 0 ? true : enabled
+    }
+  };
+}
+
+// src/daemon/acp-ws.ts
+import { nanoid as nanoid2 } from "nanoid";
+
+// src/acp/ws-stream.ts
+function wsToMessageStream(ws) {
+  const messageHandlers = [];
+  const closeHandlers = [];
+  let closed = false;
+  const emitClose = (err) => {
+    if (closed) {
+      return;
+    }
+    closed = true;
+    for (const handler of closeHandlers) {
+      handler(err);
+    }
+  };
+  ws.on("message", (data, isBinary) => {
+    if (isBinary) {
+      return;
+    }
+    const text = data.toString("utf8");
+    try {
+      const parsed = JSON.parse(text);
+      for (const handler of messageHandlers) {
+        handler(parsed);
+      }
+    } catch (err) {
+      for (const handler of messageHandlers) {
+        handler({
+          jsonrpc: "2.0",
+          id: 0,
+          error: {
+            code: JsonRpcErrorCodes.ParseError,
+            message: `Failed to parse WS frame: ${err.message}`
+          }
+        });
+      }
+    }
+  });
+  ws.on("close", () => emitClose());
+  ws.on("error", (err) => emitClose(err));
+  return {
+    async send(message) {
+      if (closed) {
+        throw new Error("ws is closed");
+      }
+      const text = JSON.stringify(message);
+      await new Promise((resolve2, reject) => {
+        ws.send(text, (err) => {
+          if (err) {
+            reject(err);
+            return;
+          }
+          resolve2();
+        });
+      });
+    },
+    onMessage(handler) {
+      messageHandlers.push(handler);
+    },
+    onClose(handler) {
+      closeHandlers.push(handler);
+    },
+    async close() {
+      if (closed) {
+        return;
+      }
+      ws.close();
+      emitClose();
+    }
+  };
+}
+
+// src/daemon/acp-ws.ts
+var HYDRA_VERSION = "0.1.0";
+var HYDRA_PROTOCOL_VERSION = 1;
+function registerAcpWsEndpoint(app, deps) {
+  app.get("/acp", { websocket: true }, (socket, request) => {
+    const token = tokenFromUpgradeRequest({
+      headers: request.headers,
+      url: request.url
+    });
+    if (!token || !constantTimeEqual(token, deps.config.daemon.authToken)) {
+      socket.close(4401, "Unauthorized");
+      return;
+    }
+    const stream = wsToMessageStream(socket);
+    const connection = new JsonRpcConnection(stream);
+    const state = {
+      clientId: `hydra_client_${nanoid2(12)}`,
+      attached: /* @__PURE__ */ new Map()
+    };
+    connection.onClose(() => {
+      for (const att of state.attached.values()) {
+        const session = deps.manager.get(att.sessionId);
+        session?.detach(att.clientId);
+      }
+      state.attached.clear();
+    });
+    connection.onRequest("initialize", async (raw) => {
+      InitializeParams.parse(raw ?? {});
+      return buildInitializeResult();
+    });
+    connection.onRequest("proxy/initialize", async (raw) => {
+      ProxyInitializeParams.parse(raw ?? {});
+      return buildInitializeResult();
+    });
+    connection.onRequest("session/new", async (raw) => {
+      const params = SessionNewParams.parse(raw);
+      const hydraMeta = extractHydraMeta(
+        raw?._meta
+      );
+      const session = await deps.manager.create({
+        cwd: params.cwd,
+        agentId: params.agentId ?? deps.defaultAgent,
+        mcpServers: params.mcpServers,
+        title: hydraMeta.name,
+        agentArgs: hydraMeta.agentArgs
+      });
+      const client = bindClientToSession(connection, session, state);
+      session.attach(client, "full");
+      state.attached.set(session.sessionId, {
+        sessionId: session.sessionId,
+        clientId: client.clientId
+      });
+      return {
+        sessionId: session.sessionId,
+        _meta: buildResponseMeta(session)
+      };
+    });
+    connection.onRequest("session/attach", async (raw) => {
+      const params = SessionAttachParams.parse(raw);
+      const hydraHints = extractHydraMeta(params._meta).resume;
+      app.log.info(
+        `session/attach sessionId=${params.sessionId} hasResumeHints=${!!hydraHints}`
+      );
+      const lookupId = hydraHints ? params.sessionId : await deps.manager.resolveCanonicalId(params.sessionId) ?? params.sessionId;
+      let session = deps.manager.get(lookupId);
+      if (!session) {
+        let resurrectParams = hydraHints ? {
+          hydraSessionId: params.sessionId,
+          upstreamSessionId: hydraHints.upstreamSessionId,
+          agentId: hydraHints.agentId,
+          cwd: hydraHints.cwd,
+          title: hydraHints.title,
+          agentArgs: hydraHints.agentArgs
+        } : await deps.manager.loadFromDisk(lookupId);
+        if (!resurrectParams) {
+          const err = new Error(
+            `session ${params.sessionId} not found and no resume hints provided`
+          );
+          err.code = JsonRpcErrorCodes.SessionNotFound;
+          throw err;
+        }
+        session = await deps.manager.resurrect(resurrectParams);
+      }
+      const client = bindClientToSession(
+        connection,
+        session,
+        state,
+        params.clientInfo
+      );
+      const replay = session.attach(client, params.historyPolicy);
+      state.attached.set(session.sessionId, {
+        sessionId: session.sessionId,
+        clientId: client.clientId
+      });
+      app.log.info(
+        `session/attach OK sessionId=${session.sessionId} clientId=${client.clientId} attachedCount=${state.attached.size}`
+      );
+      for (const note of replay) {
+        await connection.notify(note.method, note.params);
+      }
+      session.replayPendingPermissions(client);
+      return {
+        sessionId: session.sessionId,
+        replayed: replay.length,
+        _meta: buildResponseMeta(session)
+      };
+    });
+    connection.onRequest("session/detach", async (raw) => {
+      const params = SessionDetachParams.parse(raw);
+      const att = state.attached.get(params.sessionId);
+      if (!att) {
+        const err = new Error("client not attached to that session");
+        err.code = JsonRpcErrorCodes.SessionNotFound;
+        throw err;
+      }
+      const session = deps.manager.get(params.sessionId);
+      session?.detach(att.clientId);
+      state.attached.delete(params.sessionId);
+      return { detached: true };
+    });
+    connection.onRequest("session/list", async (raw) => {
+      const params = SessionListParams.parse(raw ?? {});
+      const sessions = await deps.manager.list({ cwd: params.cwd });
+      const result = { sessions };
+      return result;
+    });
+    connection.onRequest("session/prompt", async (raw) => {
+      const params = SessionPromptParams.parse(raw);
+      const att = state.attached.get(params.sessionId);
+      if (!att) {
+        app.log.warn(
+          `session/prompt rejected: not attached sessionId=${params.sessionId} attachedKeys=[${[...state.attached.keys()].join(",")}]`
+        );
+        const err = new Error("not attached to session");
+        err.code = JsonRpcErrorCodes.SessionNotFound;
+        throw err;
+      }
+      const session = deps.manager.require(params.sessionId);
+      return session.prompt(att.clientId, params);
+    });
+    const handleCancelParams = (raw) => {
+      let params;
+      try {
+        params = SessionCancelParams.parse(raw);
+      } catch (err) {
+        app.log.warn(
+          `session/cancel: invalid params: ${err.message}`
+        );
+        return;
+      }
+      const att = state.attached.get(params.sessionId);
+      if (!att) {
+        return;
+      }
+      const session = deps.manager.get(params.sessionId);
+      if (!session) {
+        return;
+      }
+      session.cancel(att.clientId).catch((err) => {
+        app.log.warn(
+          `session/cancel for ${params.sessionId}: ${err.message}`
+        );
+      });
+    };
+    connection.onNotification("session/cancel", handleCancelParams);
+    connection.onRequest("session/cancel", async (raw) => {
+      handleCancelParams(raw);
+      return null;
+    });
+    connection.onRequest("session/load", async (raw) => {
+      const rawObj = raw ?? {};
+      const rawSessionId = typeof rawObj.sessionId === "string" ? rawObj.sessionId : void 0;
+      if (!rawSessionId) {
+        const err = new Error("session/load requires sessionId");
+        err.code = JsonRpcErrorCodes.InvalidParams;
+        throw err;
+      }
+      const sessionId = await deps.manager.resolveCanonicalId(rawSessionId) ?? rawSessionId;
+      let session = deps.manager.get(sessionId);
+      if (!session) {
+        const fromDisk = await deps.manager.loadFromDisk(sessionId);
+        if (!fromDisk) {
+          const err = new Error(
+            `session ${rawSessionId} not found in memory or on disk`
+          );
+          err.code = JsonRpcErrorCodes.SessionNotFound;
+          throw err;
+        }
+        session = await deps.manager.resurrect(fromDisk);
+      }
+      const client = bindClientToSession(connection, session, state);
+      const replay = session.attach(client, "pending_only");
+      state.attached.set(session.sessionId, {
+        sessionId: session.sessionId,
+        clientId: client.clientId
+      });
+      for (const note of replay) {
+        await connection.notify(note.method, note.params);
+      }
+      session.replayPendingPermissions(client);
+      return {
+        sessionId: session.sessionId,
+        _meta: buildResponseMeta(session)
+      };
+    });
+    connection.setDefaultHandler(async (rawParams, method) => {
+      if (!method.startsWith("session/") || rawParams === null || typeof rawParams !== "object") {
+        const err = new Error(`Method not found: ${method}`);
+        err.code = JsonRpcErrorCodes.MethodNotFound;
+        throw err;
+      }
+      const sessionId = rawParams.sessionId;
+      if (typeof sessionId !== "string") {
+        const err = new Error(`Method not found: ${method}`);
+        err.code = JsonRpcErrorCodes.MethodNotFound;
+        throw err;
+      }
+      const session = deps.manager.get(sessionId);
+      if (!session) {
+        const err = new Error(`session ${sessionId} not found`);
+        err.code = JsonRpcErrorCodes.SessionNotFound;
+        throw err;
+      }
+      return session.forwardRequest(method, rawParams);
+    });
+  });
+}
+function buildResponseMeta(session) {
+  const ours = {
+    upstreamSessionId: session.upstreamSessionId,
+    agentId: session.agentId,
+    cwd: session.cwd
+  };
+  if (session.title !== void 0) {
+    ours.name = session.title;
+  }
+  if (session.agentArgs && session.agentArgs.length > 0) {
+    ours.agentArgs = session.agentArgs;
+  }
+  return mergeMeta(session.agentMeta, ours);
+}
+function buildInitializeResult() {
+  return {
+    protocolVersion: HYDRA_PROTOCOL_VERSION,
+    agentInfo: { name: "hydra", version: HYDRA_VERSION },
+    agentCapabilities: {
+      // hydra is a transparent proxy: prompt blocks and MCP server configs are
+      // forwarded to the underlying agent unchanged. We claim the union of
+      // relevant capabilities; the agent ultimately decides what it accepts.
+      promptCapabilities: {
+        image: true,
+        audio: true,
+        embeddedContext: true
+      },
+      mcpCapabilities: {
+        http: true,
+        sse: true
+      },
+      loadSession: true,
+      sessionCapabilities: {
+        attach: {},
+        list: true
+      }
+    },
+    authMethods: [
+      {
+        id: "bearer-token",
+        description: "Bearer token presented at WS upgrade"
+      }
+    ]
+  };
+}
+function bindClientToSession(connection, session, state, clientInfo) {
+  void state;
+  void session;
+  return {
+    clientId: `cli_${nanoid2(8)}`,
+    connection,
+    clientInfo
+  };
+}
+
+// src/daemon/server.ts
+var HYDRA_VERSION2 = "0.1.0";
+async function startDaemon(config) {
+  ensureLoopbackOrTls(config);
+  const httpsOptions = config.daemon.tls ? {
+    key: await fsp2.readFile(config.daemon.tls.key),
+    cert: await fsp2.readFile(config.daemon.tls.cert)
+  } : void 0;
+  await fsp2.mkdir(paths.home(), { recursive: true });
+  const { stream: logStream, fileStream } = await buildLogStream(
+    config.daemon.logLevel
+  );
+  const app = Fastify({
+    logger: {
+      level: config.daemon.logLevel,
+      stream: logStream
+    },
+    https: httpsOptions ?? null
+  });
+  await app.register(websocketPlugin);
+  const auth = bearerAuth({ config });
+  app.addHook("onRequest", async (request, reply) => {
+    if (request.routeOptions.config?.skipAuth) {
+      return;
+    }
+    if (request.url === "/acp" || request.url?.startsWith("/acp?")) {
+      return;
+    }
+    await auth(request, reply);
+  });
+  const registry = new Registry(config);
+  const manager = new SessionManager(registry, void 0, void 0, {
+    idleTimeoutMs: config.daemon.sessionIdleTimeoutSeconds * 1e3
+  });
+  const extensions = new ExtensionManager(extensionList(config));
+  registerHealthRoutes(app, HYDRA_VERSION2);
+  registerSessionRoutes(app, manager, {
+    agentId: config.defaultAgent,
+    cwd: config.defaultCwd
+  });
+  registerAgentRoutes(app, registry);
+  registerExtensionRoutes(app, extensions);
+  registerAcpWsEndpoint(app, {
+    config,
+    manager,
+    defaultAgent: config.defaultAgent
+  });
+  await app.listen({ host: config.daemon.host, port: config.daemon.port });
+  const address = app.server.address();
+  const boundPort = address && typeof address === "object" ? address.port : config.daemon.port;
+  await fsp2.mkdir(paths.home(), { recursive: true });
+  await fsp2.writeFile(
+    paths.pidFile(),
+    JSON.stringify({
+      pid: process.pid,
+      host: config.daemon.host,
+      port: boundPort,
+      startedAt: (/* @__PURE__ */ new Date()).toISOString()
+    }) + "\n",
+    { encoding: "utf8", mode: 384 }
+  );
+  const scheme = config.daemon.tls ? "https" : "http";
+  const wsScheme = config.daemon.tls ? "wss" : "ws";
+  extensions.setContext({
+    daemonUrl: `${scheme}://${config.daemon.host}:${boundPort}`,
+    daemonHost: config.daemon.host,
+    daemonPort: boundPort,
+    daemonToken: config.daemon.authToken,
+    daemonWsUrl: `${wsScheme}://${config.daemon.host}:${boundPort}/acp`,
+    hydraHome: paths.home()
+  });
+  await extensions.start();
+  const shutdown = async () => {
+    await extensions.stop();
+    await manager.closeAll();
+    await app.close();
+    try {
+      fs5.unlinkSync(paths.pidFile());
+    } catch {
+    }
+    try {
+      fileStream.flushSync();
+    } catch {
+    }
+  };
+  return { app, manager, registry, extensions, shutdown };
+}
+async function buildLogStream(level) {
+  const fileStream = await createPinoRoll({
+    file: paths.logFile(),
+    size: "10m",
+    frequency: "daily",
+    mkdir: true,
+    symlink: true
+  });
+  const stderrStream = pino.destination(2);
+  const stream = pino.multistream([
+    { stream: fileStream, level },
+    { stream: stderrStream, level }
+  ]);
+  return { stream, fileStream };
+}
+function ensureLoopbackOrTls(config) {
+  const host = config.daemon.host;
+  const isLoopback = host === "127.0.0.1" || host === "::1" || host === "localhost" || host === "[::1]";
+  if (!isLoopback && !config.daemon.tls) {
+    throw new Error(
+      `Refusing to bind to non-loopback host ${host} without TLS configured.`
+    );
+  }
+}
+export {
+  AgentInstance,
+  JsonRpcConnection,
+  Registry,
+  Session,
+  SessionManager,
+  defaultConfig,
+  ensureConfig,
+  generateAuthToken,
+  loadConfig,
+  ndjsonStreamFromStdio,
+  paths,
+  planSpawn,
+  startDaemon,
+  writeConfig,
+  wsToMessageStream
+};