@hydra-acp/cli 0.1.21 → 0.1.23

package/dist/cli.js

@@ -77,6 +77,12 @@ var init_paths = __esm({
       sessionDir: (id) => path.join(hydraHome(), "sessions", id),
       sessionFile: (id) => path.join(hydraHome(), "sessions", id, "meta.json"),
       historyFile: (id) => path.join(hydraHome(), "sessions", id, "history.jsonl"),
+      // Persisted prompt queue for a session. ndjson, one record per
+      // entry. Survives daemon restarts so queued prompts get a chance to
+      // run rather than being silently lost. Entries are removed BEFORE
+      // the agent invocation (see Session.drainQueue) so a crash mid-
+      // generation doesn't double-run on restart.
+      queueFile: (id) => path.join(hydraHome(), "sessions", id, "queue.ndjson"),
       extensionsDir: () => path.join(hydraHome(), "extensions"),
       extensionLogFile: (name) => path.join(hydraHome(), "extensions", `${name}.log`),
       extensionPidFile: (name) => path.join(hydraHome(), "extensions", `${name}.pid`),
@@ -86,8 +92,68 @@ var init_paths = __esm({
   }
 });
 
-// src/core/config.ts
+// src/core/service-token.ts
 import * as fs from "fs/promises";
+function generateServiceToken() {
+  const bytes = new Uint8Array(32);
+  crypto.getRandomValues(bytes);
+  let hex = "";
+  for (const b of bytes) {
+    hex += b.toString(16).padStart(2, "0");
+  }
+  return `hydra_token_${hex}`;
+}
+async function readServiceToken() {
+  try {
+    const text = await fs.readFile(paths.authToken(), "utf8");
+    const trimmed = text.trim();
+    return trimmed.length > 0 ? trimmed : void 0;
+  } catch (err) {
+    const e = err;
+    if (e.code === "ENOENT") {
+      return void 0;
+    }
+    throw err;
+  }
+}
+async function loadServiceToken() {
+  const token = await readServiceToken();
+  if (!token) {
+    throw new Error(
+      `No service token found at ${paths.authToken()}. Run \`hydra-acp init\` to create one.`
+    );
+  }
+  return token;
+}
+async function writeServiceToken(token) {
+  await fs.mkdir(paths.home(), { recursive: true });
+  await fs.writeFile(paths.authToken(), token + "\n", {
+    encoding: "utf8",
+    mode: 384
+  });
+}
+async function ensureServiceToken() {
+  const existing = await readServiceToken();
+  if (existing) {
+    return existing;
+  }
+  const token = generateServiceToken();
+  await writeServiceToken(token);
+  process.stderr.write(
+    `hydra-acp: initialized ${paths.authToken()} with a fresh service token.
+`
+  );
+  return token;
+}
+var init_service_token = __esm({
+  "src/core/service-token.ts"() {
+    "use strict";
+    init_paths();
+  }
+});
+
+// src/core/config.ts
+import * as fs2 from "fs/promises";
 import { homedir as homedir2 } from "os";
 import { z } from "zod";
 function extensionList(config) {
@@ -99,7 +165,7 @@ function extensionList(config) {
 async function readConfigFile() {
   let raw;
   try {
-    raw = await fs.readFile(paths.config(), "utf8");
+    raw = await fs2.readFile(paths.config(), "utf8");
   } catch (err) {
     const e = err;
     if (e.code === "ENOENT") {
@@ -109,44 +175,34 @@ async function readConfigFile() {
   }
   return JSON.parse(raw);
 }
-async function loadAuthToken() {
-  let tokenFile;
+async function migrateLegacyAuthToken() {
+  const raw = await readConfigFile();
+  const daemon = raw.daemon;
+  const legacy = daemon && typeof daemon.authToken === "string" ? daemon.authToken : void 0;
+  if (!legacy) {
+    return;
+  }
+  let tokenFileExists = false;
   try {
-    const text = await fs.readFile(paths.authToken(), "utf8");
-    const trimmed = text.trim();
-    if (trimmed.length > 0) {
-      tokenFile = trimmed;
-    }
+    await fs2.access(paths.authToken());
+    tokenFileExists = true;
   } catch (err) {
     const e = err;
     if (e.code !== "ENOENT") {
       throw err;
     }
   }
-  const raw = await readConfigFile();
-  const daemon = raw.daemon;
-  const legacy = daemon && typeof daemon.authToken === "string" ? daemon.authToken : void 0;
-  if (tokenFile && legacy) {
+  if (tokenFileExists) {
     throw new Error(
       `Auth token present in both ${paths.authToken()} and ${paths.config()} (daemon.authToken). Remove daemon.authToken from config.json to resolve.`
     );
   }
-  if (tokenFile) {
-    return tokenFile;
-  }
-  if (legacy) {
-    await migrateLegacyAuthToken(raw, daemon, legacy);
-    return legacy;
-  }
-  return void 0;
-}
-async function migrateLegacyAuthToken(raw, daemon, token) {
-  await writeAuthToken(token);
+  await writeServiceToken(legacy);
   delete daemon.authToken;
   if (Object.keys(daemon).length === 0) {
     delete raw.daemon;
   }
-  await fs.writeFile(paths.config(), JSON.stringify(raw, null, 2) + "\n", {
+  await fs2.writeFile(paths.config(), JSON.stringify(raw, null, 2) + "\n", {
     encoding: "utf8",
     mode: 384
   });
@@ -155,47 +211,9 @@ async function migrateLegacyAuthToken(raw, daemon, token) {
 `
   );
 }
-async function writeAuthToken(token) {
-  await fs.mkdir(paths.home(), { recursive: true });
-  await fs.writeFile(paths.authToken(), token + "\n", {
-    encoding: "utf8",
-    mode: 384
-  });
-}
 async function loadConfig() {
-  const token = await loadAuthToken();
-  if (!token) {
-    throw new Error(
-      `No auth token found at ${paths.authToken()}. Run \`hydra-acp init\` to create one.`
-    );
-  }
-  const raw = await readConfigFile();
-  const daemon = raw.daemon ??= {};
-  daemon.authToken = token;
-  return HydraConfig.parse(raw);
-}
-async function loadConfigReadOnly() {
-  return HydraConfigReadOnly.parse(await readConfigFile());
-}
-async function ensureConfig() {
-  if (!await loadAuthToken()) {
-    const token = generateAuthToken();
-    await writeAuthToken(token);
-    process.stderr.write(
-      `hydra-acp: initialized ${paths.authToken()} with a fresh auth token.
-`
-    );
-  }
-  return loadConfig();
-}
-function generateAuthToken() {
-  const bytes = new Uint8Array(32);
-  crypto.getRandomValues(bytes);
-  let hex = "";
-  for (const b of bytes) {
-    hex += b.toString(16).padStart(2, "0");
-  }
-  return `hydra_token_${hex}`;
+  await migrateLegacyAuthToken();
+  return HydraConfig.parse(await readConfigFile());
 }
 function expandHome(p) {
   if (p === "~" || p === "$HOME") {
@@ -209,20 +227,21 @@ function expandHome(p) {
   }
   return p;
 }
-var REGISTRY_URL_DEFAULT, TlsConfig, DaemonConfig, RegistryConfig, TuiConfig, ExtensionName, ExtensionBody, HydraConfig, HydraConfigReadOnly;
+var REGISTRY_URL_DEFAULT, TlsConfig, DEFAULT_DAEMON_PORT, DaemonConfig, RegistryConfig, TuiConfig, ExtensionName, ExtensionBody, HydraConfig;
 var init_config = __esm({
   "src/core/config.ts"() {
     "use strict";
     init_paths();
+    init_service_token();
     REGISTRY_URL_DEFAULT = "https://cdn.agentclientprotocol.com/registry/v1/latest/registry.json";
     TlsConfig = z.object({
       cert: z.string(),
       key: z.string()
     });
+    DEFAULT_DAEMON_PORT = 55514;
     DaemonConfig = z.object({
       host: z.string().default("127.0.0.1"),
-      port: z.number().int().positive().default(8765),
-      authToken: z.string().min(16),
+      port: z.number().int().positive().default(DEFAULT_DAEMON_PORT),
       logLevel: z.enum(["debug", "info", "warn", "error"]).default("info"),
       tls: TlsConfig.optional(),
       sessionIdleTimeoutSeconds: z.number().int().nonnegative().default(3600),
@@ -283,7 +302,7 @@ var init_config = __esm({
       enabled: z.boolean().default(true)
     });
     HydraConfig = z.object({
-      daemon: DaemonConfig,
+      daemon: DaemonConfig.default({}),
       registry: RegistryConfig.default({ url: REGISTRY_URL_DEFAULT, ttlHours: 24 }),
       defaultAgent: z.string().default("claude-acp"),
       // Optional per-agent default model id. When a brand-new agent process
@@ -303,6 +322,11 @@ var init_config = __esm({
       // recency and truncated to this count. `--all` overrides in the CLI.
       sessionListColdLimit: z.number().int().nonnegative().default(20),
       extensions: z.record(ExtensionName, ExtensionBody).default({}),
+      // npm registry URL used when installing npm-distributed agents into
+      // ~/.hydra-acp/agents. Overrides the global ~/.npmrc registry so a
+      // corporate .npmrc pointing at an internal registry doesn't break
+      // public-package installs. Omit to let npm use its own defaults.
+      npmRegistry: z.string().url().optional(),
       tui: TuiConfig.default({
         repaintThrottleMs: 1e3,
         maxScrollbackLines: 1e4,
@@ -312,9 +336,6 @@ var init_config = __esm({
         progressIndicator: true
       })
     });
-    HydraConfigReadOnly = HydraConfig.extend({
-      daemon: DaemonConfig.omit({ authToken: true }).default({})
-    });
   }
 });
 
@@ -389,12 +410,64 @@ function extractHydraMeta(meta) {
       out.availableCommands = cmds;
     }
   }
+  if (typeof obj.promptQueueing === "boolean") {
+    out.promptQueueing = obj.promptQueueing;
+  }
+  if (Array.isArray(obj.queue)) {
+    const entries = [];
+    for (const raw of obj.queue) {
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
+        continue;
+      }
+      const r = raw;
+      const orig = r.originator;
+      if (typeof r.messageId !== "string" || !orig || typeof orig.clientId !== "string" || !Array.isArray(r.prompt) || typeof r.position !== "number" || typeof r.enqueuedAt !== "number") {
+        continue;
+      }
+      const originator = { clientId: orig.clientId };
+      if (typeof orig.name === "string") originator.name = orig.name;
+      if (typeof orig.version === "string") originator.version = orig.version;
+      entries.push({
+        messageId: r.messageId,
+        originator,
+        prompt: r.prompt,
+        position: r.position,
+        enqueuedAt: r.enqueuedAt
+      });
+    }
+    if (entries.length > 0) {
+      out.queue = entries;
+    }
+  }
+  if (Array.isArray(obj.availableModes)) {
+    const modes = [];
+    for (const raw of obj.availableModes) {
+      if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
+        continue;
+      }
+      const m = raw;
+      if (typeof m.id !== "string") {
+        continue;
+      }
+      const mode = { id: m.id };
+      if (typeof m.name === "string") {
+        mode.name = m.name;
+      }
+      if (typeof m.description === "string") {
+        mode.description = m.description;
+      }
+      modes.push(mode);
+    }
+    if (modes.length > 0) {
+      out.availableModes = modes;
+    }
+  }
   return out;
 }
 function mergeMeta(passthrough, ours) {
   return { ...passthrough ?? {}, [HYDRA_META_KEY]: ours };
 }
-var ACP_PROTOCOL_VERSION, JsonRpcErrorCodes, InitializeParams, HistoryPolicy, SessionNewParams, SessionResumeHints, SessionAttachParams, HYDRA_META_KEY, SessionDetachParams, SessionListParams, SessionListUsage, SessionListEntry, SessionListResult, SessionPromptParams, SessionCancelParams, ProxyInitializeParams;
+var ACP_PROTOCOL_VERSION, JsonRpcErrorCodes, InitializeParams, HistoryPolicy, SessionNewParams, SessionResumeHints, SessionAttachParams, HYDRA_META_KEY, SessionDetachParams, SessionListParams, SessionListUsage, SessionListEntry, SessionListResult, SessionPromptParams, SessionCancelParams, PromptOriginatorSchema, PromptQueueAddedParams, PromptQueueUpdatedParams, PromptQueueRemovedParams, CancelPromptParams, CancelPromptResult, UpdatePromptParams, UpdatePromptResult, ProxyInitializeParams;
 var init_types = __esm({
   "src/acp/types.ts"() {
     "use strict";
@@ -517,6 +590,49 @@ var init_types = __esm({
     SessionCancelParams = z3.object({
       sessionId: z3.string()
     });
+    PromptOriginatorSchema = z3.object({
+      clientId: z3.string(),
+      name: z3.string().optional(),
+      version: z3.string().optional()
+    });
+    PromptQueueAddedParams = z3.object({
+      sessionId: z3.string(),
+      messageId: z3.string(),
+      originator: PromptOriginatorSchema,
+      prompt: z3.array(z3.unknown()),
+      // 0 = head (currently in-flight). At enqueue time the new entry's
+      // position equals the count of entries already ahead of it.
+      position: z3.number().int().nonnegative(),
+      queueDepth: z3.number().int().positive(),
+      enqueuedAt: z3.number()
+    });
+    PromptQueueUpdatedParams = z3.object({
+      sessionId: z3.string(),
+      messageId: z3.string(),
+      prompt: z3.array(z3.unknown())
+    });
+    PromptQueueRemovedParams = z3.object({
+      sessionId: z3.string(),
+      messageId: z3.string(),
+      reason: z3.enum(["started", "cancelled", "abandoned"])
+    });
+    CancelPromptParams = z3.object({
+      sessionId: z3.string(),
+      messageId: z3.string()
+    });
+    CancelPromptResult = z3.object({
+      cancelled: z3.boolean(),
+      reason: z3.enum(["ok", "not_found", "already_running"])
+    });
+    UpdatePromptParams = z3.object({
+      sessionId: z3.string(),
+      messageId: z3.string(),
+      prompt: z3.array(z3.unknown())
+    });
+    UpdatePromptResult = z3.object({
+      updated: z3.boolean(),
+      reason: z3.enum(["ok", "not_found", "already_running"])
+    });
     ProxyInitializeParams = z3.object({
       protocolVersion: z3.number().optional(),
       proxyInfo: z3.object({
@@ -766,6 +882,53 @@ var init_hydra_commands = __esm({
   }
 });
 
+// src/core/queue-store.ts
+import * as fs6 from "fs/promises";
+async function rewriteQueue(sessionId, entries) {
+  const file = paths.queueFile(sessionId);
+  if (entries.length === 0) {
+    await fs6.unlink(file).catch(() => void 0);
+    return;
+  }
+  await fs6.mkdir(paths.sessionDir(sessionId), { recursive: true });
+  const body = entries.map((e) => JSON.stringify(e)).join("\n") + "\n";
+  await fs6.writeFile(file, body, "utf8");
+}
+async function loadQueue(sessionId) {
+  const file = paths.queueFile(sessionId);
+  let text;
+  try {
+    text = await fs6.readFile(file, "utf8");
+  } catch (err) {
+    if (err.code === "ENOENT") {
+      return [];
+    }
+    throw err;
+  }
+  const out = [];
+  for (const line of text.split("\n")) {
+    if (!line.trim()) continue;
+    try {
+      const parsed = JSON.parse(line);
+      if (parsed && typeof parsed.messageId === "string" && Array.isArray(parsed.prompt) && typeof parsed.enqueuedAt === "number") {
+        out.push(parsed);
+      }
+    } catch {
+    }
+  }
+  return out;
+}
+async function deleteQueue(sessionId) {
+  const file = paths.queueFile(sessionId);
+  await fs6.unlink(file).catch(() => void 0);
+}
+var init_queue_store = __esm({
+  "src/core/queue-store.ts"() {
+    "use strict";
+    init_paths();
+  }
+});
+
 // src/core/session.ts
 import { customAlphabet } from "nanoid";
 function generateMessageId() {
@@ -797,6 +960,47 @@ function sameAdvertisedCommands(a, b) {
   }
   return true;
 }
+function sameAdvertisedModes(a, b) {
+  if (a.length !== b.length) {
+    return false;
+  }
+  for (let i = 0; i < a.length; i++) {
+    if (a[i]?.id !== b[i]?.id || a[i]?.name !== b[i]?.name || a[i]?.description !== b[i]?.description) {
+      return false;
+    }
+  }
+  return true;
+}
+function extractAdvertisedModes(params) {
+  const obj = params ?? {};
+  const update = obj.update ?? {};
+  if (update.sessionUpdate !== "available_modes_update") {
+    return null;
+  }
+  const list = update.availableModes;
+  if (!Array.isArray(list)) {
+    return [];
+  }
+  const out = [];
+  for (const raw of list) {
+    if (!raw || typeof raw !== "object") {
+      continue;
+    }
+    const m = raw;
+    if (typeof m.id !== "string" || m.id.length === 0) {
+      continue;
+    }
+    const mode = { id: m.id };
+    if (typeof m.name === "string") {
+      mode.name = m.name;
+    }
+    if (typeof m.description === "string") {
+      mode.description = m.description;
+    }
+    out.push(mode);
+  }
+  return out;
+}
 function captureInternalChunk(capture, params) {
   const obj = params ?? {};
   const update = obj.update ?? {};
@@ -955,6 +1159,7 @@ var init_session = __esm({
   "src/core/session.ts"() {
     "use strict";
     init_hydra_commands();
+    init_queue_store();
     init_types();
     HYDRA_ID_ALPHABET = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
     generateHydraId = customAlphabet(HYDRA_ID_ALPHABET, 16);
@@ -984,7 +1189,18 @@ var init_session = __esm({
       clients = /* @__PURE__ */ new Map();
       historyStore;
       promptQueue = [];
+      // The entry that drainQueue is currently awaiting. Distinct from
+      // promptQueue[0] (which is the *next* one to dequeue): once shifted
+      // off, the entry lives here for the duration of its task() so
+      // cancelQueuedPrompt can distinguish "still in line" from "running"
+      // and return already_running for the latter.
+      currentEntry;
       promptInFlight = false;
+      // Serialize disk writes to the persisted queue file. Without this
+      // chain, fire-and-forget appends/rewrites can interleave (e.g.
+      // drainQueue's rewrite-to-empty races a sibling's append-on-
+      // enqueue) and leave the file out of sync with in-memory state.
+      queueWriteChain = Promise.resolve();
       closed = false;
       closeHandlers = [];
       titleHandlers = [];
@@ -1037,10 +1253,14 @@ var init_session = __esm({
       // can deliver the merged list via _meta without depending on history
       // replay.
       agentAdvertisedCommands = [];
+      // Last available_modes_update we observed from the agent. Same
+      // pattern as commands: cache, persist, broadcast on change.
+      agentAdvertisedModes = [];
       // Persist hooks for snapshot-shaped state. SessionManager hooks these
       // to mirror changes into meta.json so cold-resurrect attaches can
       // surface the latest snapshot via the attach response _meta.
       agentCommandsHandlers = [];
+      agentModesHandlers = [];
       modelHandlers = [];
       modeHandlers = [];
       usageHandlers = [];
@@ -1059,6 +1279,9 @@ var init_session = __esm({
         if (init.agentCommands && init.agentCommands.length > 0) {
           this.agentAdvertisedCommands = [...init.agentCommands];
         }
+        if (init.agentModes && init.agentModes.length > 0) {
+          this.agentAdvertisedModes = [...init.agentModes];
+        }
         this.idleTimeoutMs = init.idleTimeoutMs ?? 0;
         this.spawnReplacementAgent = init.spawnReplacementAgent;
         this.logger = init.logger;
@@ -1087,6 +1310,15 @@ var init_session = __esm({
           }
         });
       }
+      broadcastAvailableModes() {
+        this.recordAndBroadcast("session/update", {
+          sessionId: this.upstreamSessionId,
+          update: {
+            sessionUpdate: "available_modes_update",
+            availableModes: this.agentAdvertisedModes
+          }
+        });
+      }
       // Register session/update, session/request_permission, and onExit
       // handlers on an agent connection. Re-run on every /hydra agent so
       // the new agent is plumbed identically. The exit handler's identity
@@ -1104,6 +1336,11 @@ var init_session = __esm({
             this.setAgentAdvertisedCommands(agentCmds);
             return;
           }
+          const agentModes = extractAdvertisedModes(params);
+          if (agentModes !== null) {
+            this.setAgentAdvertisedModes(agentModes);
+            return;
+          }
           if (this.maybeApplyAgentModel(params)) {
             this.recordAndBroadcast("session/update", params);
             return;
@@ -1280,7 +1517,7 @@ var init_session = __esm({
               sessionId,
               update: {
                 sessionUpdate: "current_mode_update",
-                currentMode: this.currentMode
+                currentModeId: this.currentMode
               }
             },
             recordedAt
@@ -1300,6 +1537,19 @@ var init_session = __esm({
             recordedAt
           });
         }
+        if (this.agentAdvertisedModes.length > 0) {
+          out.push({
+            method: "session/update",
+            params: {
+              sessionId,
+              update: {
+                sessionUpdate: "available_modes_update",
+                availableModes: [...this.agentAdvertisedModes]
+              }
+            },
+            recordedAt
+          });
+        }
         if (this.currentUsage !== void 0) {
           const u = this.currentUsage;
           const update = {
@@ -1390,34 +1640,28 @@ var init_session = __esm({
         if (promptText.startsWith("/hydra")) {
           return this.handleSlashCommand(promptText);
         }
-        this.broadcastPromptReceived(client, params);
+        const messageId = generateMessageId();
         this.maybeSeedTitleFromPrompt(params);
-        return this.enqueuePrompt(async () => {
-          let response;
-          try {
-            response = await this.agent.connection.request(
-              "session/prompt",
-              {
-                ...params,
-                sessionId: this.upstreamSessionId
-              }
-            );
-          } catch (err) {
-            this.broadcastTurnComplete(client.clientId, { stopReason: "error" });
-            throw err;
-          }
-          this.broadcastTurnComplete(client.clientId, response);
-          return response;
-        });
-      }
-      broadcastPromptReceived(client, params) {
-        const promptParams = params ?? {};
-        const sentBy = { clientId: client.clientId };
-        if (client.clientInfo?.name) {
-          sentBy.name = client.clientInfo.name;
-        }
-        if (client.clientInfo?.version) {
-          sentBy.version = client.clientInfo.version;
+        return this.enqueueUserPrompt(client, params, messageId);
+      }
+      // DEVIATION FROM RFD #533: this broadcast is deliberately deferred
+      // until the prompt actually becomes the active turn (i.e. drainQueue
+      // is about to forward it to the agent), NOT when hydra first accepts
+      // the request. The literal RFD doesn't pin the timing — it just says
+      // peers should learn about the turn — but it was authored before
+      // prompt queueing existed, so accept-time and start-time were the
+      // same moment. With hydra's per-session FIFO, deferring gives
+      // prompt_received a single, useful meaning ("the agent is now taking
+      // a turn on this prompt"), which is how attached clients (notably
+      // agent-shell) consume it. The accept-time signal that peers can use
+      // for queue chip rendering is hydra-acp/prompt_queue_added instead.
+      broadcastPromptReceived(entry) {
+        const sentBy = { clientId: entry.originator.clientId };
+        if (entry.originator.name) {
+          sentBy.name = entry.originator.name;
+        }
+        if (entry.originator.version) {
+          sentBy.version = entry.originator.version;
         }
         this.promptStartedAt = Date.now();
         this.recordAndBroadcast(
@@ -1426,14 +1670,14 @@ var init_session = __esm({
             sessionId: this.sessionId,
             update: {
               sessionUpdate: "prompt_received",
-              messageId: generateMessageId(),
-              prompt: promptParams.prompt,
+              messageId: entry.messageId,
+              prompt: entry.prompt,
               sentBy
             }
           },
-          client.clientId
+          entry.clientId
         );
-        const text = extractPromptText(promptParams.prompt);
+        const text = extractPromptText(entry.prompt);
         if (text.length > 0) {
           this.recordAndBroadcast(
             "session/update",
@@ -1445,7 +1689,7 @@ var init_session = __esm({
                 _meta: { "hydra-acp": { compatFor: "prompt_received" } }
               }
             },
-            client.clientId
+            entry.clientId
           );
         }
       }
@@ -1468,6 +1712,172 @@ var init_session = __esm({
           originatorClientId
         );
       }
+      // Total visible-or-running entries: the in-flight head (if any) plus
+      // the queue's user-visible waiting entries. Internal entries don't
+      // count — they're an implementation detail and the wire never
+      // surfaces them.
+      visibleQueueDepth() {
+        let count = this.currentEntry?.kind === "user" && !this.currentEntry.cancelled ? 1 : 0;
+        for (const entry of this.promptQueue) {
+          if (entry.kind === "user" && !entry.cancelled) count += 1;
+        }
+        return count;
+      }
+      broadcastQueueAdded(entry) {
+        const depth = this.visibleQueueDepth();
+        const position = Math.max(0, depth - 1);
+        const params = {
+          sessionId: this.sessionId,
+          messageId: entry.messageId,
+          originator: entry.originator,
+          prompt: entry.prompt,
+          position,
+          queueDepth: depth,
+          enqueuedAt: entry.enqueuedAt
+        };
+        this.broadcastQueueNotification("hydra-acp/prompt_queue_added", params);
+      }
+      broadcastQueueUpdated(messageId, prompt) {
+        this.broadcastQueueNotification("hydra-acp/prompt_queue_updated", {
+          sessionId: this.sessionId,
+          messageId,
+          prompt
+        });
+      }
+      broadcastQueueRemoved(messageId, reason) {
+        this.broadcastQueueNotification("hydra-acp/prompt_queue_removed", {
+          sessionId: this.sessionId,
+          messageId,
+          reason
+        });
+      }
+      // Fan-out for queue lifecycle notifications. Ephemeral by design —
+      // these signals describe transient daemon state, not conversation
+      // content, so we deliberately bypass recordAndBroadcast (no history,
+      // no idle-timer arm, no rewrite-for-client since we already emit the
+      // hydra sessionId).
+      broadcastQueueNotification(method, params) {
+        for (const client of this.clients.values()) {
+          void client.connection.notify(method, params).catch(() => void 0);
+        }
+      }
+      // Snapshot of user-visible queue state at this moment. Surfaced to
+      // late-attaching clients via the session/attach response _meta so
+      // they boot with the same chip list as their peers without waiting
+      // for new prompt_queue_added notifications. Internal entries are
+      // omitted (they're not surfaced on the wire at all).
+      queueSnapshot() {
+        const out = [];
+        let position = 0;
+        if (this.currentEntry?.kind === "user" && !this.currentEntry.cancelled) {
+          out.push({
+            messageId: this.currentEntry.messageId,
+            originator: this.currentEntry.originator,
+            prompt: this.currentEntry.prompt,
+            position: position++,
+            enqueuedAt: this.currentEntry.enqueuedAt
+          });
+        }
+        for (const entry of this.promptQueue) {
+          if (entry.kind !== "user" || entry.cancelled) continue;
+          out.push({
+            messageId: entry.messageId,
+            originator: entry.originator,
+            prompt: entry.prompt,
+            position: position++,
+            enqueuedAt: entry.enqueuedAt
+          });
+        }
+        return out;
+      }
+      // Wait for any pending queue-file writes to settle. Test hook so
+      // assertions about on-disk state don't race with fire-and-forget
+      // rewrites. Production code doesn't need this — the chain
+      // self-serializes.
+      async flushPersistWrites() {
+        await this.queueWriteChain.catch(() => void 0);
+      }
+      // Push pre-existing queue entries back through the daemon-side
+      // pipeline on startup. Called by SessionManager after resurrecting
+      // a session that had a non-empty queue.ndjson on disk. Each entry
+      // gets a synthetic UserPromptQueueEntry with no real caller
+      // (resolve/reject are no-ops since the original WS is long gone),
+      // then drainQueue picks it up like any other entry. Late-attaching
+      // clients see the entries via prompt_queue_added broadcasts and the
+      // attach-response snapshot.
+      replayPersistedQueue(entries) {
+        for (const persisted of entries) {
+          const originator = {
+            clientId: `hydra-resurrected_${persisted.messageId}`
+          };
+          if (persisted.originator.clientInfo.name !== void 0) {
+            originator.name = persisted.originator.clientInfo.name;
+          }
+          if (persisted.originator.clientInfo.version !== void 0) {
+            originator.version = persisted.originator.clientInfo.version;
+          }
+          const entry = {
+            kind: "user",
+            messageId: persisted.messageId,
+            originator,
+            // Synthetic clientId. broadcastTurnComplete uses this as
+            // excludeClientId for the peer-only broadcast; with a synthetic
+            // id no real attached client matches the exclude, so everyone
+            // sees turn_complete — which is what we want, since none of
+            // them originated this restart-replayed prompt.
+            clientId: originator.clientId,
+            prompt: persisted.prompt,
+            enqueuedAt: persisted.enqueuedAt,
+            cancelled: false,
+            resolve: () => void 0,
+            reject: () => void 0
+          };
+          this.promptQueue.push(entry);
+          this.broadcastQueueAdded(entry);
+        }
+        void this.drainQueue();
+      }
+      // Drop a queued prompt by messageId. Returns already_running when
+      // the messageId names the in-flight entry — callers should fall back
+      // to session/cancel for that case. Originator-agnostic: any attached
+      // client may cancel any queued prompt (matches the existing slack
+      // :stop_sign: reaction UX and the TUI's queue-edit dispatcher).
+      cancelQueuedPrompt(messageId) {
+        if (this.currentEntry?.messageId === messageId) {
+          return { cancelled: false, reason: "already_running" };
+        }
+        const idx = this.promptQueue.findIndex((e) => e.messageId === messageId);
+        if (idx < 0) {
+          return { cancelled: false, reason: "not_found" };
+        }
+        const entry = this.promptQueue[idx];
+        entry.cancelled = true;
+        this.promptQueue.splice(idx, 1);
+        if (entry.kind === "user") {
+          this.broadcastQueueRemoved(messageId, "cancelled");
+          this.persistRewrite();
+        }
+        entry.resolve({ stopReason: "cancelled" });
+        return { cancelled: true, reason: "ok" };
+      }
+      // Replace the prompt payload of a queued (not-yet-running) entry.
+      // Returns already_running for the in-flight head; not_found for
+      // unknown messageIds or for internal queue entries (internal tasks
+      // don't expose a mutable prompt). Broadcasts prompt_queue_updated on
+      // success so every attached client refreshes its chip.
+      updateQueuedPrompt(messageId, prompt) {
+        if (this.currentEntry?.messageId === messageId) {
+          return { updated: false, reason: "already_running" };
+        }
+        const entry = this.promptQueue.find((e) => e.messageId === messageId);
+        if (!entry || entry.kind !== "user") {
+          return { updated: false, reason: "not_found" };
+        }
+        entry.prompt = prompt;
+        this.broadcastQueueUpdated(messageId, prompt);
+        this.persistRewrite();
+        return { updated: true, reason: "ok" };
+      }
       async cancel(clientId) {
         const client = this.clients.get(clientId);
         if (!client) {
@@ -1594,7 +2004,7 @@ var init_session = __esm({
         if (update.sessionUpdate !== "current_mode_update") {
           return false;
         }
-        const raw = typeof update.currentMode === "string" ? update.currentMode : typeof update.mode === "string" ? update.mode : void 0;
+        const raw = typeof update.currentModeId === "string" ? update.currentModeId : typeof update.currentMode === "string" ? update.currentMode : typeof update.mode === "string" ? update.mode : void 0;
         if (raw === void 0) {
           return true;
         }
@@ -1672,12 +2082,29 @@ var init_session = __esm({
         }
         this.broadcastMergedCommands();
       }
+      setAgentAdvertisedModes(modes) {
+        if (sameAdvertisedModes(this.agentAdvertisedModes, modes)) {
+          this.broadcastAvailableModes();
+          return;
+        }
+        this.agentAdvertisedModes = modes;
+        for (const handler of this.agentModesHandlers) {
+          try {
+            handler(modes);
+          } catch {
+          }
+        }
+        this.broadcastAvailableModes();
+      }
       // Subscribe to snapshot-state updates. SessionManager wires these to
       // persist the new value into meta.json so cold resurrect can restore
       // them via the attach response _meta.
       onAgentCommandsChange(handler) {
         this.agentCommandsHandlers.push(handler);
       }
+      onAgentModesChange(handler) {
+        this.agentModesHandlers.push(handler);
+      }
       onModelChange(handler) {
         this.modelHandlers.push(handler);
       }
@@ -1699,6 +2126,10 @@ var init_session = __esm({
       agentOnlyAdvertisedCommands() {
         return [...this.agentAdvertisedCommands];
       }
+      // The agent's advertised modes list, for callers that need a snapshot.
+      availableModes() {
+        return [...this.agentAdvertisedModes];
+      }
       // Pick up an agent-emitted session_info_update and store its title
       // as our canonical record. The notification is also forwarded to
       // clients via the surrounding recordAndBroadcast call. Authoritative
@@ -2011,6 +2442,20 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
         }
         this.closed = true;
         this.cancelIdleTimer();
+        const stranded = this.promptQueue;
+        this.promptQueue = [];
+        for (const entry of stranded) {
+          entry.cancelled = true;
+          if (entry.kind === "user") {
+            this.broadcastQueueRemoved(entry.messageId, "abandoned");
+          }
+          try {
+            entry.resolve({ stopReason: "cancelled" });
+          } catch {
+          }
+        }
+        const sessionId = this.sessionId;
+        this.queueWriteChain = this.queueWriteChain.catch(() => void 0).then(() => deleteQueue(sessionId).catch(() => void 0));
         for (const client of this.clients.values()) {
           void client.connection.notify("hydra-acp/session_closed", { sessionId: this.sessionId }).catch(() => void 0);
         }
@@ -2056,7 +2501,7 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
         if (this.closed || this.idleTimeoutMs <= 0) {
           return;
         }
-        if (this.turnStartedAt !== void 0 || this.inFlightPermissions.size > 0) {
+        if (this.turnStartedAt !== void 0 || this.inFlightPermissions.size > 0 || this.promptQueue.length > 0) {
           this.armIdleTimer(this.idleTimeoutMs);
           return;
         }
@@ -2185,20 +2630,88 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
           }
         });
       }
+      // Schedule an internal task (title regen, agent swap transcript
+      // injection, import seed). Serializes behind any user prompts already
+      // in flight, but doesn't emit prompt_queue_* broadcasts — clients
+      // shouldn't see hydra's housekeeping in their chip list.
       async enqueuePrompt(task) {
         return new Promise((resolve5, reject) => {
-          const run3 = async () => {
-            try {
-              const result = await task();
-              resolve5(result);
-            } catch (err) {
-              reject(err);
-            }
+          const entry = {
+            kind: "internal",
+            messageId: generateMessageId(),
+            enqueuedAt: Date.now(),
+            cancelled: false,
+            task,
+            resolve: resolve5,
+            reject
           };
-          this.promptQueue.push(run3);
+          this.promptQueue.push(entry);
           void this.drainQueue();
         });
       }
+      // Schedule a user-originated session/prompt. Emits prompt_queue_added
+      // immediately on enqueue (so peer clients can render the queued chip)
+      // and prompt_queue_removed when the entry leaves the queue. The
+      // returned promise resolves with the upstream agent's session/prompt
+      // result, or { stopReason: "cancelled" } if the entry is dropped via
+      // cancelQueuedPrompt before reaching the head.
+      async enqueueUserPrompt(client, params, messageId) {
+        const promptArray = (params ?? {}).prompt ?? [];
+        const originator = { clientId: client.clientId };
+        if (client.clientInfo?.name) originator.name = client.clientInfo.name;
+        if (client.clientInfo?.version)
+          originator.version = client.clientInfo.version;
+        return new Promise((resolve5, reject) => {
+          const entry = {
+            kind: "user",
+            messageId,
+            originator,
+            clientId: client.clientId,
+            prompt: promptArray,
+            enqueuedAt: Date.now(),
+            cancelled: false,
+            resolve: resolve5,
+            reject
+          };
+          this.promptQueue.push(entry);
+          this.persistRewrite();
+          this.broadcastQueueAdded(entry);
+          void this.drainQueue();
+        });
+      }
+      // Rewrite the on-disk queue to reflect the current set of WAITING
+      // entries (excluding currentEntry, the in-flight head). Excluding
+      // the head is the key idempotency choice: once drainQueue shifts an
+      // entry off and calls persistRewrite, a daemon crash mid-generation
+      // will NOT re-run it on restart. Partial output (if any streamed
+      // before the crash) stays in history; the prompt itself is lost
+      // and the user can re-submit if they care.
+      //
+      // Snapshots in-memory state synchronously (so subsequent mutations
+      // can't perturb what we're about to write) and chains the write
+      // onto queueWriteChain so all persists are serialized.
+      persistRewrite() {
+        const entries = [];
+        for (const entry of this.promptQueue) {
+          if (entry.kind !== "user" || entry.cancelled) continue;
+          entries.push(this.persistedFromEntry(entry));
+        }
+        const sessionId = this.sessionId;
+        this.queueWriteChain = this.queueWriteChain.catch(() => void 0).then(() => rewriteQueue(sessionId, entries).catch(() => void 0));
+      }
+      persistedFromEntry(entry) {
+        return {
+          messageId: entry.messageId,
+          originator: {
+            clientInfo: {
+              ...entry.originator.name !== void 0 ? { name: entry.originator.name } : {},
+              ...entry.originator.version !== void 0 ? { version: entry.originator.version } : {}
+            }
+          },
+          prompt: entry.prompt,
+          enqueuedAt: entry.enqueuedAt
+        };
+      }
       async drainQueue() {
         if (this.promptInFlight) {
           return;
@@ -2207,27 +2720,78 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
         try {
           while (this.promptQueue.length > 0) {
             const next = this.promptQueue.shift();
-            if (next) {
-              await next();
+            if (!next) {
+              break;
+            }
+            if (next.cancelled) {
+              continue;
+            }
+            this.currentEntry = next;
+            if (next.kind === "user") {
+              this.persistRewrite();
+            }
+            if (next.kind === "user") {
+              this.broadcastQueueRemoved(next.messageId, "started");
+            }
+            try {
+              const result = await this.runQueueEntry(next);
+              next.resolve(result);
+            } catch (err) {
+              next.reject(err);
+            } finally {
+              this.currentEntry = void 0;
             }
           }
         } finally {
           this.promptInFlight = false;
         }
       }
+      // Execute a queue entry. User-prompt entries forward to the upstream
+      // agent and pair with broadcastTurnComplete; internal entries run
+      // their captured task closure. Reads entry.prompt at dispatch time
+      // so updateQueuedPrompt's mutations are honoured.
+      //
+      // For user entries, broadcastPromptReceived fires HERE — not in
+      // Session.prompt — so peer clients see prompt_received only when the
+      // turn actually starts (a deliberate deviation from a naive reading
+      // of RFD #533; see the comment on broadcastPromptReceived). Order on
+      // the wire: prompt_queue_removed{started} (already emitted by
+      // drainQueue) → prompt_received → upstream session/prompt.
+      async runQueueEntry(entry) {
+        if (entry.kind === "internal") {
+          return entry.task();
+        }
+        this.broadcastPromptReceived(entry);
+        let response;
+        try {
+          response = await this.agent.connection.request(
+            "session/prompt",
+            {
+              sessionId: this.upstreamSessionId,
+              prompt: entry.prompt
+            }
+          );
+        } catch (err) {
+          this.broadcastTurnComplete(entry.clientId, { stopReason: "error" });
+          throw err;
+        }
+        this.broadcastTurnComplete(entry.clientId, response);
+        return response;
+      }
     };
     STATE_UPDATE_KINDS = /* @__PURE__ */ new Set([
       "session_info_update",
       "current_model_update",
       "current_mode_update",
       "available_commands_update",
+      "available_modes_update",
       "usage_update"
     ]);
   }
 });
 
 // src/core/session-store.ts
-import * as fs5 from "fs/promises";
+import * as fs7 from "fs/promises";
 import * as path4 from "path";
 import { customAlphabet as customAlphabet2 } from "nanoid";
 import { z as z4 } from "zod";
@@ -2256,11 +2820,12 @@ function recordFromMemorySession(args) {
     currentMode: args.currentMode,
     currentUsage: args.currentUsage,
     agentCommands: args.agentCommands,
+    agentModes: args.agentModes,
     createdAt: args.createdAt ?? now,
     updatedAt: args.updatedAt ?? now
   };
 }
-var HYDRA_ID_ALPHABET2, generateRawId, HYDRA_LINEAGE_PREFIX, PersistedAgentCommand, PersistedUsage, SessionRecord, SESSION_ID_PATTERN, SessionStore;
+var HYDRA_ID_ALPHABET2, generateRawId, HYDRA_LINEAGE_PREFIX, PersistedAgentCommand, PersistedAgentMode, PersistedUsage, SessionRecord, SESSION_ID_PATTERN, SessionStore;
 var init_session_store = __esm({
   "src/core/session-store.ts"() {
     "use strict";
@@ -2272,6 +2837,11 @@ var init_session_store = __esm({
       name: z4.string(),
       description: z4.string().optional()
     });
+    PersistedAgentMode = z4.object({
+      id: z4.string(),
+      name: z4.string().optional(),
+      description: z4.string().optional()
+    });
     PersistedUsage = z4.object({
       used: z4.number().optional(),
       size: z4.number().optional(),
@@ -2317,6 +2887,7 @@ var init_session_store = __esm({
       currentMode: z4.string().optional(),
       currentUsage: PersistedUsage.optional(),
       agentCommands: z4.array(PersistedAgentCommand).optional(),
+      agentModes: z4.array(PersistedAgentMode).optional(),
       createdAt: z4.string(),
       updatedAt: z4.string()
     });
@@ -2324,9 +2895,9 @@ var init_session_store = __esm({
     SessionStore = class {
       async write(record) {
         assertSafeId(record.sessionId);
-        await fs5.mkdir(paths.sessionDir(record.sessionId), { recursive: true });
+        await fs7.mkdir(paths.sessionDir(record.sessionId), { recursive: true });
         const full = { version: 1, ...record };
-        await fs5.writeFile(
+        await fs7.writeFile(
           paths.sessionFile(record.sessionId),
           JSON.stringify(full, null, 2) + "\n",
           { encoding: "utf8", mode: 384 }
@@ -2338,7 +2909,7 @@ var init_session_store = __esm({
         }
         let raw;
         try {
-          raw = await fs5.readFile(paths.sessionFile(sessionId), "utf8");
+          raw = await fs7.readFile(paths.sessionFile(sessionId), "utf8");
         } catch (err) {
           const e = err;
           if (e.code === "ENOENT") {
@@ -2357,7 +2928,7 @@ var init_session_store = __esm({
           return;
         }
         try {
-          await fs5.unlink(paths.sessionFile(sessionId));
+          await fs7.unlink(paths.sessionFile(sessionId));
         } catch (err) {
           const e = err;
           if (e.code !== "ENOENT") {
@@ -2365,7 +2936,7 @@ var init_session_store = __esm({
           }
         }
         try {
-          await fs5.rmdir(paths.sessionDir(sessionId));
+          await fs7.rmdir(paths.sessionDir(sessionId));
         } catch (err) {
           const e = err;
           if (e.code !== "ENOENT" && e.code !== "ENOTEMPTY") {
@@ -2395,7 +2966,7 @@ var init_session_store = __esm({
       async list() {
         let entries;
         try {
-          entries = await fs5.readdir(paths.sessionsDir());
+          entries = await fs7.readdir(paths.sessionsDir());
         } catch (err) {
           const e = err;
           if (e.code === "ENOENT") {
@@ -2417,12 +2988,12 @@ var init_session_store = __esm({
 });
 
 // src/tui/history.ts
-import { promises as fs7 } from "fs";
+import { promises as fs9 } from "fs";
 import * as path5 from "path";
 async function loadHistory(file) {
   let text;
   try {
-    text = await fs7.readFile(file, "utf8");
+    text = await fs9.readFile(file, "utf8");
   } catch (err) {
     if (err.code === "ENOENT") {
       return [];
@@ -2462,9 +3033,9 @@ function appendEntry(history, entry) {
   return out;
 }
 async function saveHistory(file, history) {
-  await fs7.mkdir(path5.dirname(file), { recursive: true });
+  await fs9.mkdir(path5.dirname(file), { recursive: true });
   const lines = history.map((entry) => JSON.stringify(entry));
-  await fs7.writeFile(file, lines.length > 0 ? lines.join("\n") + "\n" : "");
+  await fs9.writeFile(file, lines.length > 0 ? lines.join("\n") + "\n" : "");
 }
 var HISTORY_CAP;
 var init_history = __esm({
@@ -2477,14 +3048,14 @@ var init_history = __esm({
 // src/core/hydra-version.ts
 import { fileURLToPath } from "url";
 import * as path6 from "path";
-import * as fs8 from "fs";
+import * as fs10 from "fs";
 function resolveVersion() {
   try {
     let dir = path6.dirname(fileURLToPath(import.meta.url));
     for (let i = 0; i < 8; i += 1) {
       const candidate = path6.join(dir, "package.json");
-      if (fs8.existsSync(candidate)) {
-        const pkg = JSON.parse(fs8.readFileSync(candidate, "utf8"));
+      if (fs10.existsSync(candidate)) {
+        const pkg = JSON.parse(fs10.readFileSync(candidate, "utf8"));
         if (typeof pkg.version === "string" && pkg.version.length > 0 && (typeof pkg.name !== "string" || pkg.name.includes("hydra-acp"))) {
           return pkg.version;
         }
@@ -2528,6 +3099,7 @@ function encodeBundle(params) {
       ...params.record.currentMode !== void 0 ? { currentMode: params.record.currentMode } : {},
       ...params.record.currentUsage !== void 0 ? { currentUsage: params.record.currentUsage } : {},
       ...params.record.agentCommands !== void 0 ? { agentCommands: params.record.agentCommands } : {},
+      ...params.record.agentModes !== void 0 ? { agentModes: params.record.agentModes } : {},
       createdAt: params.record.createdAt,
       updatedAt: params.record.updatedAt
     },
@@ -2571,6 +3143,7 @@ var init_bundle = __esm({
       currentMode: z5.string().optional(),
       currentUsage: PersistedUsage.optional(),
       agentCommands: z5.array(PersistedAgentCommand).optional(),
+      agentModes: z5.array(PersistedAgentMode).optional(),
       createdAt: z5.string(),
       updatedAt: z5.string()
     });
@@ -2631,6 +3204,8 @@ function mapUpdate(update) {
       return mapUsage(u);
     case "available_commands_update":
       return mapAvailableCommands(u);
+    case "available_modes_update":
+      return mapAvailableModes(u);
     case "session_info_update":
       return mapSessionInfo(u);
     default:
@@ -2692,6 +3267,31 @@ function mapAvailableCommands(u) {
   }
   return { kind: "available-commands", commands: normalizeAdvertisedCommands(list) };
 }
+function mapAvailableModes(u) {
+  const list = u.availableModes;
+  if (!Array.isArray(list)) {
+    return null;
+  }
+  const modes = [];
+  for (const raw of list) {
+    if (!raw || typeof raw !== "object") {
+      continue;
+    }
+    const m = raw;
+    if (typeof m.id !== "string" || m.id.length === 0) {
+      continue;
+    }
+    const mode = { id: sanitizeSingleLine(m.id) };
+    if (typeof m.name === "string") {
+      mode.name = sanitizeSingleLine(m.name);
+    }
+    if (typeof m.description === "string") {
+      mode.description = sanitizeSingleLine(m.description);
+    }
+    modes.push(mode);
+  }
+  return { kind: "available-modes", modes };
+}
 function mapUsage(u) {
   const event = { kind: "usage-update" };
   if (typeof u.used === "number") {
@@ -2812,7 +3412,7 @@ function mapPlan(u) {
   return { kind: "plan", entries: normalized };
 }
 function mapMode(u) {
-  const mode = readString(u, "currentMode") ?? readString(u, "mode");
+  const mode = readString(u, "currentModeId") ?? readString(u, "currentMode") ?? readString(u, "mode");
   if (!mode) {
     return null;
   }
@@ -3466,14 +4066,15 @@ var init_session_row = __esm({
 });
 
 // src/cli/commands/sessions.ts
-import * as fs13 from "fs/promises";
-import * as path8 from "path";
+import * as fs17 from "fs/promises";
+import * as path10 from "path";
 async function runSessionsList(opts = {}) {
   const config = await loadConfig();
+  const serviceToken = await loadServiceToken();
   const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   const url = new URL(`${baseUrl}/v1/sessions`);
   const response = await fetch(url.toString(), {
-    headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+    headers: { Authorization: `Bearer ${serviceToken}` }
   });
   if (!response.ok) {
     process.stderr.write(`Daemon returned HTTP ${response.status}
@@ -3529,10 +4130,11 @@ async function runSessionsKill(id) {
     process.exit(2);
   }
   const config = await loadConfig();
+  const serviceToken = await loadServiceToken();
   const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   const response = await fetch(`${baseUrl}/v1/sessions/${id}/kill`, {
     method: "POST",
-    headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+    headers: { Authorization: `Bearer ${serviceToken}` }
   });
   if (!response.ok && response.status !== 204) {
     process.stderr.write(`Daemon returned HTTP ${response.status}
@@ -3548,10 +4150,11 @@ async function runSessionsRemove(id) {
     process.exit(2);
   }
   const config = await loadConfig();
+  const serviceToken = await loadServiceToken();
   const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   const response = await fetch(`${baseUrl}/v1/sessions/${id}`, {
     method: "DELETE",
-    headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+    headers: { Authorization: `Bearer ${serviceToken}` }
   });
   if (!response.ok && response.status !== 204) {
     process.stderr.write(`Daemon returned HTTP ${response.status}
@@ -3569,11 +4172,12 @@ async function runSessionsExport(id, outPath) {
     process.exit(2);
   }
   const config = await loadConfig();
+  const serviceToken = await loadServiceToken();
   const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   const response = await fetch(
     `${baseUrl}/v1/sessions/${encodeURIComponent(id)}/export`,
     {
-      headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+      headers: { Authorization: `Bearer ${serviceToken}` }
     }
   );
   if (!response.ok) {
@@ -3591,8 +4195,8 @@ async function runSessionsExport(id, outPath) {
     return;
   }
   const resolved = outPath === "." ? deriveFilenameFrom(response, id) : outPath;
-  await fs13.mkdir(path8.dirname(path8.resolve(resolved)), { recursive: true });
-  await fs13.writeFile(resolved, body, { encoding: "utf8", mode: 384 });
+  await fs17.mkdir(path10.dirname(path10.resolve(resolved)), { recursive: true });
+  await fs17.writeFile(resolved, body, { encoding: "utf8", mode: 384 });
   process.stdout.write(`Wrote ${resolved}
 `);
 }
@@ -3610,14 +4214,15 @@ async function runSessionsTranscript(idOrFile, outPath) {
     const bundle = decodeBundleOrExit(localFile.raw);
     body = bundleToMarkdown(bundle);
     const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-    defaultName = `${path8.basename(idOrFile, path8.extname(idOrFile))}-${stamp}.md`;
+    defaultName = `${path10.basename(idOrFile, path10.extname(idOrFile))}-${stamp}.md`;
   } else {
     const config = await loadConfig();
+    const serviceToken = await loadServiceToken();
     const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
     const response = await fetch(
       `${baseUrl}/v1/sessions/${encodeURIComponent(idOrFile)}/transcript`,
       {
-        headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+        headers: { Authorization: `Bearer ${serviceToken}` }
       }
     );
     if (!response.ok) {
@@ -3638,21 +4243,21 @@ async function runSessionsTranscript(idOrFile, outPath) {
     return;
   }
   const resolved = outPath === "." ? defaultName : outPath;
-  await fs13.mkdir(path8.dirname(path8.resolve(resolved)), { recursive: true });
-  await fs13.writeFile(resolved, body, { encoding: "utf8", mode: 384 });
+  await fs17.mkdir(path10.dirname(path10.resolve(resolved)), { recursive: true });
+  await fs17.writeFile(resolved, body, { encoding: "utf8", mode: 384 });
   process.stdout.write(`Wrote ${resolved}
 `);
 }
 async function readBundleFileIfExists(arg) {
   try {
-    const stat4 = await fs13.stat(arg);
+    const stat4 = await fs17.stat(arg);
     if (!stat4.isFile()) {
       return null;
     }
   } catch {
     return null;
   }
-  const text = await fs13.readFile(arg, "utf8");
+  const text = await fs17.readFile(arg, "utf8");
   try {
     return { raw: JSON.parse(text) };
   } catch (err) {
@@ -3679,9 +4284,9 @@ async function runSessionsImport(file, opts = {}) {
   }
   let cwdOverride;
   if (opts.cwd !== void 0) {
-    const resolved = path8.resolve(opts.cwd);
+    const resolved = path10.resolve(opts.cwd);
     try {
-      const stat4 = await fs13.stat(resolved);
+      const stat4 = await fs17.stat(resolved);
       if (!stat4.isDirectory()) {
         process.stderr.write(`--cwd ${resolved} is not a directory
 `);
@@ -3698,7 +4303,7 @@ async function runSessionsImport(file, opts = {}) {
   if (file === "-") {
     body = await readStdin();
   } else {
-    body = await fs13.readFile(file, "utf8");
+    body = await fs17.readFile(file, "utf8");
   }
   let bundle;
   try {
@@ -3709,17 +4314,18 @@ async function runSessionsImport(file, opts = {}) {
     process.exit(1);
   }
   if (opts.info === true) {
-    const inspectConfig = await loadConfigReadOnly();
+    const inspectConfig = await loadConfig();
     printBundleInfo(bundle, inspectConfig.tui.cwdColumnMaxWidth);
     return;
   }
   const config = await loadConfig();
+  const serviceToken = await loadServiceToken();
   const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   const response = await fetch(`${baseUrl}/v1/sessions/import`, {
     method: "POST",
     headers: {
       "Content-Type": "application/json",
-      Authorization: `Bearer ${config.daemon.authToken}`
+      Authorization: `Bearer ${serviceToken}`
     },
     body: JSON.stringify({
       bundle,
@@ -3813,6 +4419,7 @@ var init_sessions = __esm({
   "src/cli/commands/sessions.ts"() {
     "use strict";
     init_config();
+    init_service_token();
     init_bundle();
     init_transcript();
     init_session_row();
@@ -4110,7 +4717,7 @@ var init_update_check = __esm({
 });
 
 // src/tui/discovery.ts
-async function listSessions(config, opts = {}, fetchImpl = fetch) {
+async function listSessions(config, serviceToken, opts = {}, fetchImpl = fetch) {
   const base = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   const url = new URL(`${base}/v1/sessions`);
   if (opts.cwd) {
@@ -4120,7 +4727,7 @@ async function listSessions(config, opts = {}, fetchImpl = fetch) {
     url.searchParams.set("all", "true");
   }
   const response = await fetchImpl(url.toString(), {
-    headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+    headers: { Authorization: `Bearer ${serviceToken}` }
   });
   if (!response.ok) {
     throw new Error(`daemon returned HTTP ${response.status}`);
@@ -4144,21 +4751,21 @@ async function listSessions(config, opts = {}, fetchImpl = fetch) {
     importedFromUpstreamSessionId: s.importedFromUpstreamSessionId
   }));
 }
-async function killSession(config, id, fetchImpl = fetch) {
+async function killSession(config, serviceToken, id, fetchImpl = fetch) {
   const base = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   const response = await fetchImpl(`${base}/v1/sessions/${id}/kill`, {
     method: "POST",
-    headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+    headers: { Authorization: `Bearer ${serviceToken}` }
   });
   if (!response.ok && response.status !== 204 && response.status !== 404) {
     throw new Error(`daemon returned HTTP ${response.status}`);
   }
 }
-async function deleteSession(config, id, fetchImpl = fetch) {
+async function deleteSession(config, serviceToken, id, fetchImpl = fetch) {
   const base = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   const response = await fetchImpl(`${base}/v1/sessions/${id}`, {
     method: "DELETE",
-    headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+    headers: { Authorization: `Bearer ${serviceToken}` }
   });
   if (!response.ok && response.status !== 204 && response.status !== 404) {
     throw new Error(`daemon returned HTTP ${response.status}`);
@@ -4408,7 +5015,7 @@ async function pickSession(term, opts) {
     };
     const refresh = async (preferredId) => {
       try {
-        const next = await listSessions(opts.config);
+        const next = await listSessions(opts.config, opts.serviceToken);
         allSessions = sortSessions(next);
         applyFilter();
         if (preferredId !== void 0) {
@@ -4439,9 +5046,9 @@ async function pickSession(term, opts) {
       paintIndicator();
       try {
         if (kind === "kill") {
-          await killSession(opts.config, target.sessionId);
+          await killSession(opts.config, opts.serviceToken, target.sessionId);
         } else {
-          await deleteSession(opts.config, target.sessionId);
+          await deleteSession(opts.config, opts.serviceToken, target.sessionId);
         }
         mode = "normal";
         pendingAction = null;
@@ -4709,9 +5316,9 @@ var init_picker = __esm({
 });
 
 // src/tui/attachments.ts
-import path9 from "path";
+import path11 from "path";
 function mimeFromExtension(p) {
-  return EXTENSION_TO_MIME[path9.extname(p).toLowerCase()] ?? null;
+  return EXTENSION_TO_MIME[path11.extname(p).toLowerCase()] ?? null;
 }
 function isSupportedImagePath(p) {
   return mimeFromExtension(p) !== null;
@@ -4820,6 +5427,10 @@ var init_attachments = __esm({
 // src/tui/screen.ts
 import stringWidth from "string-width";
 import wrapAnsi from "wrap-ansi";
+function matchBareUrl(text) {
+  const stripped = text.replace(/\r\n?$|\n$/, "");
+  return BARE_URL_RE.test(stripped) ? stripped : null;
+}
 function formattedLineSig(zone, width, line, highlight2 = null, activeCol = null) {
   const active = activeCol === null ? "" : `a${activeCol}`;
   if (!line) {
@@ -5283,6 +5894,8 @@ function mapKeyName(name) {
     case "ALT_ENTER":
     case "META_ENTER":
       return "alt-enter";
+    case "CTRL_T":
+      return "ctrl-t";
     case "SHIFT_TAB":
       return "shift-tab";
     case "TAB":
@@ -5343,7 +5956,7 @@ function mapKeyName(name) {
       return null;
   }
 }
-var SESSIONBAR_ROWS, BANNER_ROWS, SEPARATOR_ROWS, MAX_PROMPT_ROWS, MAX_QUEUED_ROWS, MAX_PERMISSION_ROWS, MAX_COMPLETION_ROWS, MAX_CHIP_ROWS, CONFIRM_PROMPT_ROWS, DEFAULT_CONTENT_REPAINT_THROTTLE_MS, DEFAULT_MAX_SCROLLBACK_LINES, Screen, NON_ASCII, SEGMENTER, TK_MARKUP_STYLE_CHAR, shortId;
+var SESSIONBAR_ROWS, BANNER_ROWS, SEPARATOR_ROWS, MAX_PROMPT_ROWS, MAX_QUEUED_ROWS, MAX_PERMISSION_ROWS, MAX_COMPLETION_ROWS, MAX_CHIP_ROWS, CONFIRM_PROMPT_ROWS, DEFAULT_CONTENT_REPAINT_THROTTLE_MS, DEFAULT_MAX_SCROLLBACK_LINES, BARE_URL_RE, Screen, NON_ASCII, SEGMENTER, TK_MARKUP_STYLE_CHAR, shortId;
 var init_screen = __esm({
   "src/tui/screen.ts"() {
     "use strict";
@@ -5362,6 +5975,7 @@ var init_screen = __esm({
     CONFIRM_PROMPT_ROWS = 2;
     DEFAULT_CONTENT_REPAINT_THROTTLE_MS = 1e3;
     DEFAULT_MAX_SCROLLBACK_LINES = 1e4;
+    BARE_URL_RE = /^(https?|ftp):\/\/\S+$/;
     Screen = class {
       term;
       dispatcher;
@@ -5445,8 +6059,8 @@ var init_screen = __esm({
       bannerSearchIndicator = null;
       banner = {
         status: "ready",
-        planMode: false,
-        hint: "\u21E7\u21E5 plan \xB7 \u2325\u23CE newline \xB7 \u2303V paste \xB7 \u2303P pick \xB7 \u2303C cancel \xB7 \u2303D detach",
+        currentMode: void 0,
+        hint: "\u21E7\u21E5 mode \xB7 \u2303V paste \xB7 \u2303P pick \xB7 \u2303C cancel \xB7 \u2303D detach",
         queued: 0
       };
       sessionbar = { agent: "?", cwd: "?", sessionId: "?" };
@@ -5591,7 +6205,10 @@ var init_screen = __esm({
           }
           const startIdx = text.indexOf(startMarker);
           if (startIdx === -1) {
-            if (this.terminalKitStdinHandler) {
+            const url = matchBareUrl(text);
+            if (url !== null) {
+              this.onKey([{ type: "paste", text: url }]);
+            } else if (this.terminalKitStdinHandler) {
               this.terminalKitStdinHandler(Buffer.from(text, "binary"));
             }
             return;
@@ -5821,11 +6438,11 @@ var init_screen = __esm({
           return;
         }
         this.lastWindowTitle = clean;
-        process.stdout.write(`\x1B]2;${clean}\x1B\\`);
+        process.stdout.write(`\x1B]0;${clean}\x1B\\`);
       }
       clearWindowTitle() {
         this.lastWindowTitle = null;
-        process.stdout.write("\x1B]2;\x1B\\");
+        process.stdout.write("\x1B]0;\x1B\\");
       }
       setBanner(banner) {
         this.banner = { ...this.banner, ...banner };
@@ -5833,6 +6450,9 @@ var init_screen = __esm({
         this.drawBanner();
         this.placeCursor();
       }
+      currentModeId() {
+        return this.banner.currentMode;
+      }
       // OSC 9;4 progress-bar control. State 3 = indeterminate (pulsing
       // taskbar / dock badge while a turn is running); state 0 = remove.
       // ConEmu-flavor sequence — supported by Windows Terminal, WezTerm,
@@ -6785,10 +7405,9 @@ var init_screen = __esm({
         const elapsedStr = this.banner.status === "busy" && this.banner.elapsedMs !== void 0 && this.banner.elapsedMs >= 1e3 ? formatElapsed(this.banner.elapsedMs) : "";
         const right = this.bannerRightContent();
         const rightSig = right ? `${right.kind}|${right.text}` : "";
-        const sig = `bnr|${w}|${this.banner.status}|${elapsedStr}|${this.banner.queued}|${this.scrollOffset}|${this.banner.planMode ? "1" : "0"}|${this.banner.hint}|` + rightSig;
+        const sig = `bnr|${w}|${this.banner.status}|${elapsedStr}|${this.banner.queued}|${this.scrollOffset}|${this.banner.currentMode ?? ""}|${this.banner.hint}|` + rightSig;
         this.paintRow(row, sig, () => {
           const dot = this.banner.status === "busy" ? "\u25CF" : "\u25CB";
-          const planLabel = this.banner.planMode ? "plan: ON " : "plan: off";
           if (this.banner.status === "busy") {
             this.term.brightYellow(`${dot} ${this.banner.status}`);
             if (elapsedStr) {
@@ -6807,13 +7426,11 @@ var init_screen = __esm({
           if (this.scrollOffset > 0) {
             this.term(" \xB7 ").brightCyan(`\u2191 ${this.scrollOffset}`);
           }
-          this.term(" \xB7 ");
-          if (this.banner.planMode) {
-            this.term.brightYellow(planLabel);
-          } else {
-            this.term.dim(planLabel);
-          }
-          this.term(" \xB7 ").dim(this.banner.hint);
+          const hint = this.banner.currentMode ? this.banner.hint.replace(
+            "\u21E7\u21E5 mode",
+            `\u21E7\u21E5 mode(${this.banner.currentMode})`
+          ) : this.banner.hint;
+          this.term(" \xB7 ").dim(hint);
           if (right) {
             const visibleWidth = stringWidth(right.text);
             const col = Math.max(1, w - visibleWidth + 1);
@@ -7156,7 +7773,7 @@ var init_input = __esm({
               this.retreatHistorySearch();
               return [];
             }
-            if (event.name === "escape") {
+            if (event.name === "escape" || event.name === "ctrl-c") {
               this.cancelHistorySearch();
               return [];
             }
@@ -7252,6 +7869,8 @@ var init_input = __esm({
             return [{ type: "redraw" }];
           case "ctrl-p":
             return [{ type: "switch-session" }];
+          case "ctrl-t":
+            return [{ type: "next-live-session" }];
           case "ctrl-r":
             return this.startHistorySearch();
           case "ctrl-s":
@@ -7741,9 +8360,9 @@ var init_input = __esm({
 
 // src/tui/clipboard.ts
 import { spawn as nodeSpawn } from "child_process";
-import fs14 from "fs/promises";
+import fs18 from "fs/promises";
 import os4 from "os";
-import path10 from "path";
+import path12 from "path";
 async function readClipboard(envIn = {}) {
   const env = { ...defaultEnv, ...envIn };
   if (env.platform === "darwin") {
@@ -7758,7 +8377,7 @@ async function readClipboard(envIn = {}) {
   };
 }
 async function readMacOS(env) {
-  const tmpPath = path10.join(
+  const tmpPath = path12.join(
     env.tmpdir(),
     `hydra-clipboard-${Date.now()}-${process.pid}.png`
   );
@@ -7782,7 +8401,7 @@ async function readMacOS(env) {
       return img;
     }
   } catch {
-    await fs14.unlink(tmpPath).catch(() => void 0);
+    await fs18.unlink(tmpPath).catch(() => void 0);
   }
   try {
     const buf = await runCapture(env.spawn, "pbpaste", []);
@@ -7870,9 +8489,9 @@ async function which(env, cmd) {
 }
 async function readFileAsAttachment(p, unlinkAfter) {
   try {
-    const buf = await fs14.readFile(p);
+    const buf = await fs18.readFile(p);
     if (unlinkAfter) {
-      await fs14.unlink(p).catch(() => void 0);
+      await fs18.unlink(p).catch(() => void 0);
     }
     if (buf.length === 0) {
       return { ok: false, reason: "no image on clipboard" };
@@ -8062,6 +8681,7 @@ function formatEvent(event) {
     case "usage-update":
       return [];
     case "available-commands":
+    case "available-modes":
       return [];
     case "session-info":
       return [];
@@ -8269,11 +8889,12 @@ function toolIconStyle(status) {
   }
 }
 function formatPlan(event) {
+  const stopped = event.stopped === true;
   if (event.entries.length === 0) {
     return [
       {
         prefix: "\u25A3 ",
-        prefixStyle: "plan",
+        prefixStyle: stopped ? "tool-status-fail" : "plan",
         body: "(empty plan)",
         bodyStyle: "dim"
       }
@@ -8282,7 +8903,7 @@ function formatPlan(event) {
   const allComplete = event.entries.every(
     (e) => (e.status ?? "pending") === "completed"
   );
-  const headerStyle = allComplete ? "plan-done" : "plan";
+  const headerStyle = allComplete ? "plan-done" : stopped ? "tool-status-fail" : "plan";
   const lines = [
     {
       prefix: "\u25A3 ",
@@ -8294,7 +8915,7 @@ function formatPlan(event) {
   for (const entry of event.entries) {
     const status = entry.status ?? "pending";
     const marker = status === "completed" ? "[x]" : status === "in_progress" ? "[~]" : "[ ]";
-    const style = status === "completed" ? "plan-done" : status === "in_progress" ? "plan" : "plan-pending";
+    const style = status === "completed" ? "plan-done" : status === "in_progress" ? stopped ? "plan-pending" : "plan" : "plan-pending";
     lines.push({
       prefix: "  ",
       body: `${marker} ${entry.content}`,
@@ -8359,17 +8980,18 @@ var init_format = __esm({
 import { appendFileSync, statSync, renameSync } from "fs";
 import { nanoid as nanoid3 } from "nanoid";
 import termkit from "terminal-kit";
-import fs15 from "fs/promises";
-import path11 from "path";
+import fs19 from "fs/promises";
+import path13 from "path";
 async function runTuiApp(opts) {
-  const config = await ensureConfig();
+  const config = await loadConfig();
+  const serviceToken = await ensureServiceToken();
   logMaxBytes = config.tui.logMaxBytes;
   await ensureDaemonReachable(config);
   const term = termkit.terminal;
   const exitHint = {};
   let nextOpts = opts;
   while (nextOpts !== null) {
-    nextOpts = await runSession(term, config, nextOpts, exitHint);
+    nextOpts = await runSession(term, config, serviceToken, nextOpts, exitHint);
   }
   const pendingUpdate = await getPendingUpdate();
   if (pendingUpdate) {
@@ -8382,8 +9004,8 @@ async function runTuiApp(opts) {
 `);
   }
 }
-async function runSession(term, config, opts, exitHint) {
-  const ctx = await resolveSession(term, config, opts);
+async function runSession(term, config, serviceToken, opts, exitHint) {
+  const ctx = await resolveSession(term, config, serviceToken, opts);
   if (!ctx) {
     term.grabInput(false);
     process.exit(0);
@@ -8392,7 +9014,7 @@ async function runSession(term, config, opts, exitHint) {
   term.brightYellow(launchLabel)("\n");
   const protocol = config.daemon.tls ? "wss" : "ws";
   const wsUrl = `${protocol}://${config.daemon.host}:${config.daemon.port}/acp`;
-  const subprotocols = ["acp.v1", `hydra-acp-token.${config.daemon.authToken}`];
+  const subprotocols = ["acp.v1", `hydra-acp-token.${serviceToken}`];
   let onReconnect = null;
   let onDisconnectHook = null;
   const stream = new ResilientWsStream({
@@ -8461,9 +9083,7 @@ async function runSession(term, config, opts, exitHint) {
         screenRef.setBanner({ status: "ready", elapsedMs: void 0 });
       }
     }
-    if (delta < 0) {
-      tickWorker();
-    }
+    void delta;
   };
   let screenRef = null;
   let dispatcherRef = null;
@@ -8480,23 +9100,91 @@ async function runSession(term, config, opts, exitHint) {
     } else if (event?.kind === "turn-complete") {
       adjustPendingTurns(-1);
     }
-    if (rawTag === "permission_resolved") {
-      handlePermissionResolved(update);
-      return;
+    if (rawTag === "permission_resolved") {
+      handlePermissionResolved(update);
+      return;
+    }
+    appendRender(event);
+    maybeDismissPermissionByToolUpdate(update);
+  });
+  conn.onNotification("hydra-acp/session_closed", () => {
+    if (teardownStarted) {
+      return;
+    }
+    if (pendingTurns > 0) {
+      adjustPendingTurns(-pendingTurns);
+    }
+    const screenReady = typeof screenRef !== "undefined" && screenRef !== null;
+    if (screenReady) {
+      screenRef.setBanner({ status: "cold", elapsedMs: void 0 });
+    }
+  });
+  conn.onNotification("hydra-acp/prompt_queue_added", (params) => {
+    if (teardownStarted) return;
+    const p = params ?? {};
+    if (typeof p.messageId !== "string") return;
+    queueCache.set(p.messageId, chipFromPrompt(p.messageId, p.prompt));
+    if (screenRef && dispatcherRef) {
+      refreshQueueDisplay();
+    }
+    if (ownClientId !== void 0 && p.originator?.clientId === ownClientId) {
+      const echo = pendingEchoes.shift();
+      if (echo) {
+        echo.messageId = p.messageId;
+        ownPendingByMid.set(p.messageId, echo);
+      }
+    }
+  });
+  conn.onNotification("hydra-acp/prompt_queue_updated", (params) => {
+    if (teardownStarted) return;
+    const p = params ?? {};
+    if (typeof p.messageId !== "string") return;
+    if (!queueCache.has(p.messageId)) return;
+    queueCache.set(p.messageId, chipFromPrompt(p.messageId, p.prompt));
+    const pending = ownPendingByMid.get(p.messageId);
+    if (pending) {
+      const blocks = Array.isArray(p.prompt) ? p.prompt : [];
+      let text = "";
+      const attachments = [];
+      for (const raw of blocks) {
+        if (!raw || typeof raw !== "object") continue;
+        const b = raw;
+        if (b.type === "text" && typeof b.text === "string") {
+          text += b.text;
+        } else if (b.type === "image" && typeof b.data === "string" && typeof b.mimeType === "string") {
+          attachments.push({
+            data: b.data,
+            mimeType: b.mimeType,
+            sizeBytes: Math.floor(b.data.length * 3 / 4)
+          });
+        }
+      }
+      pending.text = text;
+      pending.attachments = attachments;
+    }
+    if (screenRef && dispatcherRef) {
+      refreshQueueDisplay();
     }
-    appendRender(event);
-    maybeDismissPermissionByToolUpdate(update);
   });
-  conn.onNotification("hydra-acp/session_closed", () => {
-    if (teardownStarted) {
-      return;
-    }
-    if (pendingTurns > 0) {
-      adjustPendingTurns(-pendingTurns);
+  conn.onNotification("hydra-acp/prompt_queue_removed", (params) => {
+    if (teardownStarted) return;
+    const p = params ?? {};
+    if (typeof p.messageId !== "string") return;
+    const hadChip = queueCache.delete(p.messageId);
+    if (hadChip && screenRef && dispatcherRef) {
+      refreshQueueDisplay();
     }
-    const screenReady = typeof screenRef !== "undefined" && screenRef !== null;
-    if (screenReady) {
-      screenRef.setBanner({ status: "cold", elapsedMs: void 0 });
+    const echo = ownPendingByMid.get(p.messageId);
+    if (echo) {
+      ownPendingByMid.delete(p.messageId);
+      if (p.reason === "started") {
+        echo.flushed = true;
+        appendRender({
+          kind: "user-text",
+          text: echo.text,
+          attachments: echo.attachments
+        });
+      }
     }
   });
   const handlePermissionResolved = (update) => {
@@ -8626,9 +9314,12 @@ async function runSession(term, config, opts, exitHint) {
   let resolvedAgentId = ctx.agentId;
   let resolvedCwd = ctx.cwd;
   let resolvedTitle;
+  let ownClientId;
   let initialModel;
   let initialMode;
   let initialCommands;
+  let initialModes;
+  let initialQueue;
   let initialUsage;
   let initialTurnStartedAt;
   if (ctx.sessionId === "__new__") {
@@ -8645,6 +9336,9 @@ async function runSession(term, config, opts, exitHint) {
       ...Object.keys(hydraNewMeta).length > 0 ? { _meta: { [HYDRA_META_KEY]: hydraNewMeta } } : {}
     });
     resolvedSessionId = created.sessionId;
+    if (created.clientId) {
+      ownClientId = created.clientId;
+    }
     exitHint.sessionId = resolvedSessionId;
     const hydraMeta = extractHydraMeta(created._meta ?? void 0);
     upstreamSessionId = hydraMeta.upstreamSessionId;
@@ -8664,6 +9358,10 @@ async function runSession(term, config, opts, exitHint) {
     if (hydraMeta.availableCommands) {
       initialCommands = normalizeAdvertisedCommands(hydraMeta.availableCommands);
     }
+    if (hydraMeta.availableModes) {
+      initialModes = hydraMeta.availableModes;
+    }
+    initialQueue = hydraMeta.queue;
   } else {
     const attached = await conn.request("session/attach", {
       sessionId: ctx.sessionId,
@@ -8671,6 +9369,9 @@ async function runSession(term, config, opts, exitHint) {
       clientInfo: { name: "hydra-acp-tui", version: HYDRA_VERSION }
     });
     resolvedSessionId = attached.sessionId;
+    if (attached.clientId) {
+      ownClientId = attached.clientId;
+    }
     exitHint.sessionId = resolvedSessionId;
     const hydraMeta = extractHydraMeta(attached._meta ?? void 0);
     upstreamSessionId = hydraMeta.upstreamSessionId;
@@ -8690,6 +9391,10 @@ async function runSession(term, config, opts, exitHint) {
     if (hydraMeta.availableCommands) {
       initialCommands = normalizeAdvertisedCommands(hydraMeta.availableCommands);
     }
+    if (hydraMeta.availableModes) {
+      initialModes = hydraMeta.availableModes;
+    }
+    initialQueue = hydraMeta.queue;
   }
   const historyFile = paths.tuiHistoryFile(resolvedSessionId);
   let history = await loadHistory(historyFile).catch(() => []);
@@ -8749,6 +9454,7 @@ async function runSession(term, config, opts, exitHint) {
     { name: "/demo-tool", description: "Inject a synthetic tool-call sequence (UI test)" }
   ];
   let agentCommands = initialCommands ?? [];
+  let agentModes = initialModes ?? [];
   const allCommands = () => {
     const seen = /* @__PURE__ */ new Set();
     const out = [];
@@ -8904,7 +9610,7 @@ async function runSession(term, config, opts, exitHint) {
     usage: { ...usage }
   });
   if (initialMode) {
-    screen.appendLines(formatEvent({ kind: "mode-changed", mode: initialMode }));
+    screen.setBanner({ currentMode: initialMode });
   }
   void getPendingUpdate().then((info) => {
     if (info) {
@@ -8941,7 +9647,7 @@ async function runSession(term, config, opts, exitHint) {
     }
     let onlyClient = false;
     try {
-      const sessions = await listSessions(config);
+      const sessions = await listSessions(config, serviceToken);
       const me = sessions.find((s) => s.sessionId === resolvedSessionId);
       onlyClient = !me || me.attachedClients <= 1;
     } catch {
@@ -9033,11 +9739,12 @@ async function runSession(term, config, opts, exitHint) {
     screen.pauseRepaint();
     screen.stop();
     saveHistory(historyFile, history).catch(() => void 0);
-    const sessions = await listSessions(config);
+    const sessions = await listSessions(config, serviceToken);
     const choice = await pickSession(term, {
       cwd: resolvedCwd,
       sessions,
       config,
+      serviceToken,
       currentSessionId: resolvedSessionId
     });
     if (choice.kind === "abort") {
@@ -9065,37 +9772,76 @@ async function runSession(term, config, opts, exitHint) {
     }
     resume(nextOpts);
   };
-  const queueHeadOffset = () => workerActive ? 1 : 0;
+  const cycleLiveSession = async () => {
+    if (!finishSession)
+      return;
+    const sessions = await listSessions(config, serviceToken);
+    const live = sessions.filter((s) => s.status === "live");
+    if (live.length <= 1)
+      return;
+    const idx = live.findIndex((s) => s.sessionId === resolvedSessionId);
+    const next = live[(idx + 1) % live.length];
+    const resume = finishSession;
+    finishSession = null;
+    process.off("SIGINT", sigintHandler);
+    void stream.close().catch(() => void 0);
+    const nextOpts = { ...opts, sessionId: next.sessionId, cwd: resolvedCwd };
+    if (next.agentId !== void 0)
+      nextOpts.agentId = next.agentId;
+    resume(nextOpts);
+  };
   const handleEffect = (effect) => {
     switch (effect.type) {
       case "send":
-        enqueuePrompt(effect.text, effect.planMode, effect.attachments);
+        enqueuePrompt(effect.text, effect.attachments);
         return;
       case "queue-edit": {
-        const realIdx = effect.index + queueHeadOffset();
-        const existing = promptQueue[realIdx];
-        if (existing) {
-          promptQueue[realIdx] = {
-            text: effect.text,
-            planMode: existing.planMode,
-            attachments: effect.attachments
-          };
-          refreshQueueDisplay();
+        const mid = queueMessageIdAt(effect.index);
+        if (!mid) {
+          return;
+        }
+        const blocks = [];
+        if (effect.text.length > 0) {
+          blocks.push({ type: "text", text: effect.text });
         }
+        for (const a of effect.attachments) {
+          blocks.push({ type: "image", data: a.data, mimeType: a.mimeType });
+        }
+        conn.request("hydra-acp/update_prompt", {
+          sessionId: resolvedSessionId,
+          messageId: mid,
+          prompt: blocks
+        }).then((raw) => {
+          const res = raw;
+          if (!res.updated && res.reason !== "ok") {
+            screen.notify(`queue edit skipped (${res.reason})`);
+          }
+        }).catch((err) => {
+          screen.notify(`queue edit failed: ${err.message}`);
+        });
         return;
       }
       case "queue-remove": {
-        const realIdx = effect.index + queueHeadOffset();
-        if (realIdx >= 0 && realIdx < promptQueue.length) {
-          promptQueue.splice(realIdx, 1);
-          refreshQueueDisplay();
+        const mid = queueMessageIdAt(effect.index);
+        if (!mid) {
+          return;
         }
+        conn.request("hydra-acp/cancel_prompt", {
+          sessionId: resolvedSessionId,
+          messageId: mid
+        }).then((raw) => {
+          const res = raw;
+          if (!res.cancelled && res.reason !== "ok") {
+            screen.notify(`queue cancel skipped (${res.reason})`);
+          }
+        }).catch((err) => {
+          screen.notify(`queue cancel failed: ${err.message}`);
+        });
         return;
       }
       case "cancel": {
         if (effect.prefill && turnInFlight) {
-          const headOffset = workerActive ? 1 : 0;
-          const waitingEmpty = promptQueue.length <= headOffset;
+          const waitingEmpty = queueCache.size === 0;
           const bufferEmpty = dispatcher.state().buffer.every((line) => line === "");
           if (waitingEmpty && bufferEmpty) {
             pendingPrefill = {
@@ -9115,7 +9861,7 @@ async function runSession(term, config, opts, exitHint) {
         void requestExit();
         return;
       case "plan-toggle":
-        screen.setBanner({ planMode: effect.on });
+        void handleModeToggle(effect.on);
         return;
       case "redraw-banner":
         screen.setBanner({});
@@ -9132,6 +9878,9 @@ async function runSession(term, config, opts, exitHint) {
       case "switch-session":
         void switchSession();
         return;
+      case "next-live-session":
+        void cycleLiveSession();
+        return;
       case "toggle-tools":
         toolsExpanded = !toolsExpanded;
         renderToolsBlock();
@@ -9175,11 +9924,11 @@ async function runSession(term, config, opts, exitHint) {
       }
       const mimeType = mimeFromExtension(token);
       if (!mimeType) {
-        screen.notify(`unsupported image type: ${path11.basename(token)}`);
+        screen.notify(`unsupported image type: ${path13.basename(token)}`);
         continue;
       }
       try {
-        const buf = await fs15.readFile(token);
+        const buf = await fs19.readFile(token);
         if (buf.length > MAX_ATTACHMENT_BYTES) {
           screen.notify(
             `image too large (${formatSize(buf.length)}, max ${formatSize(MAX_ATTACHMENT_BYTES)})`
@@ -9189,13 +9938,13 @@ async function runSession(term, config, opts, exitHint) {
         dispatcher.addAttachment({
           mimeType,
           data: buf.toString("base64"),
-          name: path11.basename(token),
+          name: path13.basename(token),
           sizeBytes: buf.length
         });
         added++;
       } catch (err) {
         screen.notify(
-          `cannot read ${path11.basename(token)}: ${err.message}`
+          `cannot read ${path13.basename(token)}: ${err.message}`
         );
       }
     }
@@ -9226,18 +9975,53 @@ async function runSession(term, config, opts, exitHint) {
     }
     screen.refreshPrompt();
   };
-  const promptQueue = [];
-  let workerActive = false;
+  const formatQueueChipText = (entry) => entry.attachmentCount > 0 ? `${entry.text} \xB7 \u{1F4CE}\xD7${entry.attachmentCount}` : entry.text;
+  const chipFromPrompt = (messageId, prompt) => {
+    const blocks = Array.isArray(prompt) ? prompt : [];
+    let text = "";
+    let attachmentCount = 0;
+    for (const raw of blocks) {
+      if (!raw || typeof raw !== "object") continue;
+      const b = raw;
+      if (b.type === "text" && typeof b.text === "string") {
+        text += b.text;
+      } else if (b.type === "image") {
+        attachmentCount += 1;
+      }
+    }
+    return {
+      messageId,
+      text: sanitizeSingleLine(text),
+      attachmentCount
+    };
+  };
+  const queueCache = /* @__PURE__ */ new Map();
+  const pendingEchoes = [];
+  const ownPendingByMid = /* @__PURE__ */ new Map();
   const refreshQueueDisplay = () => {
-    const waiting = promptQueue.slice(workerActive ? 1 : 0);
-    const displayTexts = waiting.map(
-      (p) => p.attachments.length > 0 ? `${p.text} \xB7 \u{1F4CE}\xD7${p.attachments.length}` : p.text
-    );
+    const entries = [...queueCache.values()];
+    const displayTexts = entries.map(formatQueueChipText);
     screen.setQueuedPrompts(displayTexts);
-    screen.setBanner({ queued: waiting.length });
-    dispatcher.setQueue(waiting.map((p) => p.text));
+    screen.setBanner({ queued: entries.length });
+    dispatcher.setQueue(entries.map((e) => e.text));
+  };
+  const queueMessageIdAt = (index) => {
+    const entries = [...queueCache.values()];
+    return entries[index]?.messageId;
   };
-  const enqueuePrompt = (text, planMode, attachments) => {
+  if (initialQueue && initialQueue.length > 0) {
+    for (const entry of initialQueue) {
+      if (entry.position === 0) continue;
+      queueCache.set(
+        entry.messageId,
+        chipFromPrompt(entry.messageId, entry.prompt)
+      );
+    }
+    if (queueCache.size > 0) {
+      refreshQueueDisplay();
+    }
+  }
+  const enqueuePrompt = (text, attachments) => {
     screen.scrollToBottom();
     if (handleBuiltinCommand(text)) {
       return;
@@ -9245,15 +10029,29 @@ async function runSession(term, config, opts, exitHint) {
     history = appendEntry(history, text);
     dispatcher.setHistory(history);
     saveHistory(historyFile, history).catch(() => void 0);
-    promptQueue.push({ text, planMode, attachments });
-    refreshQueueDisplay();
-    tickWorker();
+    void runPrompt(text, attachments);
   };
-  const tickWorker = () => {
-    if (workerActive || pendingTurns > 0 || promptQueue.length === 0) {
+  const handleModeToggle = async (_on) => {
+    if (agentModes.length === 0) {
+      screen.notify("no modes advertised by agent");
+      return;
+    }
+    const currentMode = screen.currentModeId();
+    const idx = agentModes.findIndex((m) => m.id === currentMode);
+    const nextIdx = idx === -1 ? 0 : (idx + 1) % agentModes.length;
+    const newModeId = agentModes[nextIdx]?.id;
+    if (!newModeId) {
       return;
     }
-    void runQueueWorker();
+    screen.setBanner({ currentMode: newModeId });
+    try {
+      await conn.request("session/set_mode", {
+        sessionId: resolvedSessionId,
+        modeId: newModeId
+      });
+    } catch (err) {
+      screen.notify(`set_mode failed: ${err.message}`);
+    }
   };
   const handleBuiltinCommand = (text) => {
     const trimmed = text.trim();
@@ -9403,33 +10201,7 @@ async function runSession(term, config, opts, exitHint) {
         return false;
     }
   };
-  const runQueueWorker = async () => {
-    workerActive = true;
-    try {
-      while (promptQueue.length > 0 && pendingTurns === 0) {
-        const next = promptQueue[0];
-        if (!next) {
-          break;
-        }
-        refreshQueueDisplay();
-        await processPrompt(next.text, next.planMode, next.attachments);
-        promptQueue.shift();
-      }
-    } finally {
-      workerActive = false;
-      refreshQueueDisplay();
-      if (pendingPrefill !== null) {
-        const { text, attachments } = pendingPrefill;
-        pendingPrefill = null;
-        const bufferEmpty = dispatcher.state().buffer.every((line) => line === "");
-        if (bufferEmpty) {
-          dispatcher.setBuffer(text, attachments);
-          screen.refreshPrompt();
-        }
-      }
-    }
-  };
-  const processPrompt = async (text, planMode, attachments) => {
+  const runPrompt = async (text, attachments) => {
     const userBlocks = [];
     if (text.length > 0) {
       userBlocks.push({ type: "text", text });
@@ -9437,9 +10209,9 @@ async function runSession(term, config, opts, exitHint) {
     for (const a of attachments) {
       userBlocks.push({ type: "image", data: a.data, mimeType: a.mimeType });
     }
-    const promptArr = planMode ? [{ type: "text", text: PLAN_PREFIX_TEXT }, ...userBlocks] : userBlocks;
     adjustPendingTurns(1);
-    appendRender({ kind: "user-text", text, attachments });
+    const echo = { text, attachments, flushed: false };
+    pendingEchoes.push(echo);
     let cancelled = false;
     turnInFlight = {
       text,
@@ -9458,23 +10230,44 @@ async function runSession(term, config, opts, exitHint) {
     try {
       const response = await conn.request("session/prompt", {
         sessionId: resolvedSessionId,
-        prompt: promptArr
+        prompt: userBlocks
       });
       if (response && typeof response.stopReason === "string") {
         stopReason = response.stopReason;
       }
     } catch (err) {
-      appendRender({
-        kind: "unknown",
-        sessionUpdate: "error",
-        raw: { error: err.message }
-      });
+      const idx = pendingEchoes.indexOf(echo);
+      if (idx >= 0) {
+        pendingEchoes.splice(idx, 1);
+      }
+      if (echo.messageId !== void 0) {
+        ownPendingByMid.delete(echo.messageId);
+      }
+      screen.appendLines([
+        {
+          prefix: "\u2717 ",
+          prefixStyle: "tool-status-fail",
+          body: err.message,
+          bodyStyle: "tool-status-fail"
+        }
+      ]);
     } finally {
       turnInFlight = null;
       adjustPendingTurns(-1);
-      appendRender(
-        stopReason !== void 0 ? { kind: "turn-complete", stopReason } : { kind: "turn-complete" }
-      );
+      if (echo.flushed) {
+        appendRender(
+          stopReason !== void 0 ? { kind: "turn-complete", stopReason } : { kind: "turn-complete" }
+        );
+      }
+      if (pendingPrefill !== null) {
+        const { text: pt, attachments: pa } = pendingPrefill;
+        pendingPrefill = null;
+        const bufferEmpty = dispatcher.state().buffer.every((line) => line === "");
+        if (bufferEmpty) {
+          dispatcher.setBuffer(pt, pa);
+          screen.refreshPrompt();
+        }
+      }
     }
   };
   const toolStates = /* @__PURE__ */ new Map();
@@ -9483,6 +10276,7 @@ async function runSession(term, config, opts, exitHint) {
   let toolsBlockStartedAt = null;
   let toolsBlockEndedAt = null;
   let toolsBlockStopReason = null;
+  let lastPlanEvent = null;
   const TOOLS_COLLAPSED_LIMIT = 5;
   let agentBuffer = "";
   let agentKey = null;
@@ -9603,6 +10397,14 @@ async function runSession(term, config, opts, exitHint) {
       refreshCompletions();
       return;
     }
+    if (event.kind === "available-modes") {
+      agentModes = event.modes;
+      return;
+    }
+    if (event.kind === "mode-changed") {
+      screen.setBanner({ currentMode: event.mode || void 0 });
+      return;
+    }
     if (event.kind === "session-info") {
       if (event.title !== void 0) {
         screen.setSessionbar({ title: event.title });
@@ -9645,6 +10447,7 @@ async function runSession(term, config, opts, exitHint) {
       }
       screen.clearKey("tools");
       screen.clearKey("plan");
+      lastPlanEvent = null;
       toolStates.clear();
       toolCallOrder.length = 0;
       toolsExpanded = false;
@@ -9670,6 +10473,7 @@ async function runSession(term, config, opts, exitHint) {
     }
     if (event.kind === "plan") {
       closeAgentText();
+      lastPlanEvent = event;
       const lines = formatEvent(event);
       if (lines.length > 0) {
         screen.upsertLines("plan", lines);
@@ -9691,6 +10495,13 @@ async function runSession(term, config, opts, exitHint) {
     }
     if (event.kind === "turn-complete") {
       closeAgentText();
+      if (lastPlanEvent !== null && event.stopReason !== void 0 && event.stopReason !== "end_turn") {
+        const lines = formatEvent({ ...lastPlanEvent, stopped: true });
+        if (lines.length > 0) {
+          screen.upsertLines("plan", lines);
+        }
+      }
+      lastPlanEvent = null;
       screen.clearKey("plan");
       if (toolsBlockStartedAt !== null) {
         toolsBlockEndedAt = Date.now();
@@ -9757,6 +10568,7 @@ async function runSession(term, config, opts, exitHint) {
       toolsExpanded = false;
     }
     screen.clearKey("plan");
+    lastPlanEvent = null;
     if (pendingTurns > 0) {
       adjustPendingTurns(-pendingTurns);
     }
@@ -9834,7 +10646,7 @@ connection lost: ${err.message}
   process.on("SIGINT", sigintHandler);
   return await sessionDone;
 }
-async function resolveSession(term, config, opts) {
+async function resolveSession(term, config, serviceToken, opts) {
   const cwd = opts.cwd ?? process.cwd();
   if (opts.sessionId) {
     return {
@@ -9847,7 +10659,7 @@ async function resolveSession(term, config, opts) {
     return newCtx(opts, cwd, config);
   }
   if (opts.resume) {
-    const sessions2 = await listSessions(config, { cwd, all: true });
+    const sessions2 = await listSessions(config, serviceToken, { cwd, all: true });
     const target = pickMostRecent(sessions2, cwd);
     if (!target) {
       term.yellow(`No sessions found for ${cwd}.
@@ -9860,14 +10672,15 @@ async function resolveSession(term, config, opts) {
       cwd
     };
   }
-  const sessions = await listSessions(config);
+  const sessions = await listSessions(config, serviceToken);
   if (sessions.length === 0) {
     return newCtx(opts, cwd, config);
   }
   const choice = await pickSession(term, {
     cwd,
     sessions,
-    config
+    config,
+    serviceToken
   });
   if (choice.kind === "abort") {
     return null;
@@ -9922,7 +10735,7 @@ function rotateIfBig(target) {
   } catch {
   }
 }
-var PLAN_PREFIX_TEXT, logMaxBytes;
+var logMaxBytes;
 var init_app = __esm({
   "src/tui/app.ts"() {
     "use strict";
@@ -9930,6 +10743,7 @@ var init_app = __esm({
     init_types();
     init_resilient_ws();
     init_config();
+    init_service_token();
     init_daemon_bootstrap();
     init_session();
     init_paths();
@@ -9945,7 +10759,6 @@ var init_app = __esm({
     init_completion();
     init_render_update();
     init_format();
-    PLAN_PREFIX_TEXT = "Plan mode is on. Outline what you would do without making any changes. Do not edit files, run shell commands, or otherwise execute side effects; produce a plan only.";
     logMaxBytes = 5 * 1024 * 1024;
   }
 });
@@ -10043,23 +10856,25 @@ function resolveOption(flags, key) {
 // src/cli/commands/init.ts
 init_paths();
 init_config();
-import * as fs2 from "fs/promises";
+init_service_token();
+import * as fs3 from "fs/promises";
 async function runInit(flags) {
-  await fs2.mkdir(paths.home(), { recursive: true });
-  const existingToken = await loadAuthToken();
+  await fs3.mkdir(paths.home(), { recursive: true });
+  await migrateLegacyAuthToken();
+  const existingToken = await readServiceToken();
   if (!existingToken) {
-    const token = generateAuthToken();
-    await writeAuthToken(token);
+    const token = generateServiceToken();
+    await writeServiceToken(token);
     process.stdout.write(
       `Initialized ${paths.authToken()}
-Auth token: ${token}
+Service token: ${token}
 `
     );
     return;
   }
   if (flagBool(flags, "rotate-token")) {
-    const newToken = generateAuthToken();
-    await writeAuthToken(newToken);
+    const newToken = generateServiceToken();
+    await writeServiceToken(newToken);
     process.stdout.write(
       `Rotated token in ${paths.authToken()}
 New token: ${newToken}
@@ -10067,20 +10882,21 @@ New token: ${newToken}
     );
     return;
   }
-  process.stdout.write(`Auth token already exists at ${paths.authToken()}.
+  process.stdout.write(`Service token already exists at ${paths.authToken()}.
 `);
-  process.stdout.write("Pass --rotate-token to generate a new auth token.\n");
+  process.stdout.write("Pass --rotate-token to generate a new service token.\n");
 }
 
 // src/cli/commands/daemon.ts
 init_paths();
 init_config();
+init_service_token();
 import * as fsp6 from "fs/promises";
 import { setTimeout as sleep2 } from "timers/promises";
 
 // src/daemon/server.ts
 init_config();
-import * as fs11 from "fs";
+import * as fs15 from "fs";
 import * as fsp4 from "fs/promises";
 import Fastify from "fastify";
 import websocketPlugin from "@fastify/websocket";
@@ -10089,12 +10905,12 @@ import createPinoRoll from "pino-roll";
 
 // src/core/registry.ts
 init_paths();
-import * as fs4 from "fs/promises";
+import * as fs5 from "fs/promises";
 import { z as z2 } from "zod";
 
 // src/core/binary-install.ts
 init_paths();
-import * as fs3 from "fs";
+import * as fs4 from "fs";
 import * as fsp from "fs/promises";
 import * as path2 from "path";
 import { spawn } from "child_process";
@@ -10199,7 +11015,7 @@ async function downloadTo(args) {
     );
   }
   const total = Number(response.headers.get("content-length") ?? "0");
-  const out = fs3.createWriteStream(dest);
+  const out = fs4.createWriteStream(dest);
   const nodeStream = Readable.fromWeb(response.body);
   let received = 0;
   let lastEmit = Date.now();
@@ -10326,7 +11142,8 @@ async function ensureNpmPackage(args) {
   await installInto({
     agentId: args.agentId,
     packageSpec: args.packageSpec,
-    installDir
+    installDir,
+    registry: args.registry
   });
   if (!await fileExists2(binPath)) {
     throw new Error(
@@ -10344,7 +11161,8 @@ async function installInto(args) {
     );
     await runNpmInstall({
       packageSpec: args.packageSpec,
-      cwd: tempDir
+      cwd: tempDir,
+      registry: args.registry
     });
     try {
       await fsp2.rename(tempDir, args.installDir);
@@ -10368,9 +11186,10 @@ async function installInto(args) {
 }
 function runNpmInstall(args) {
   return new Promise((resolve5, reject) => {
+    const registryArgs = args.registry ? ["--registry", args.registry] : [];
     const child = spawn2(
       "npm",
-      ["install", "--no-audit", "--no-fund", "--silent", args.packageSpec],
+      ["install", "--no-audit", "--no-fund", "--silent", ...registryArgs, args.packageSpec],
       {
         cwd: args.cwd,
         stdio: ["ignore", "pipe", "pipe"]
@@ -10523,7 +11342,7 @@ var Registry = class {
   async readDiskCache() {
     let text;
     try {
-      text = await fs4.readFile(paths.registryCache(), "utf8");
+      text = await fs5.readFile(paths.registryCache(), "utf8");
     } catch (err) {
       const e = err;
       if (e.code === "ENOENT") {
@@ -10549,7 +11368,7 @@ var Registry = class {
   // without a lock file: the loser of the rename race just gets its
   // version replaced by the winner's.
   async writeDiskCache(cache) {
-    await fs4.mkdir(paths.home(), { recursive: true });
+    await fs5.mkdir(paths.home(), { recursive: true });
     const final = paths.registryCache();
     const tmp = `${final}.tmp-${process.pid}-${randSuffix()}`;
     const body = JSON.stringify(
@@ -10558,10 +11377,10 @@ var Registry = class {
       2
     ) + "\n";
     try {
-      await fs4.writeFile(tmp, body, "utf8");
-      await fs4.rename(tmp, final);
+      await fs5.writeFile(tmp, body, "utf8");
+      await fs5.rename(tmp, final);
     } catch (err) {
-      await fs4.unlink(tmp).catch(() => void 0);
+      await fs5.unlink(tmp).catch(() => void 0);
       throw err;
     }
   }
@@ -10579,7 +11398,7 @@ function npxPackageBasename(agent) {
   const atIdx = afterSlash.lastIndexOf("@");
   return atIdx <= 0 ? afterSlash : afterSlash.slice(0, atIdx);
 }
-async function planSpawn(agent, callerArgs = []) {
+async function planSpawn(agent, callerArgs = [], options = {}) {
   if (agent.distribution.npx) {
     const npx = agent.distribution.npx;
     const tail = callerArgs.length > 0 ? callerArgs : npx.args ?? [];
@@ -10595,7 +11414,8 @@ async function planSpawn(agent, callerArgs = []) {
       agentId: agent.id,
       version: agent.version ?? "current",
       packageSpec: npx.package,
-      bin
+      bin,
+      registry: options.npmRegistry
     });
     return {
       command: binPath,
@@ -10820,7 +11640,7 @@ stderr: ${tail}` : reason;
 };
 
 // src/core/session-manager.ts
-import * as fs9 from "fs/promises";
+import * as fs11 from "fs/promises";
 import * as os2 from "os";
 import { customAlphabet as customAlphabet3 } from "nanoid";
 init_session();
@@ -10828,7 +11648,7 @@ init_session_store();
 
 // src/core/history-store.ts
 init_paths();
-import * as fs6 from "fs/promises";
+import * as fs8 from "fs/promises";
 var SESSION_ID_PATTERN2 = /^[A-Za-z0-9_-]+$/;
 var DEFAULT_MAX_ENTRIES = 1e3;
 var HistoryStore = class {
@@ -10845,9 +11665,9 @@ var HistoryStore = class {
       return;
     }
     return this.enqueue(sessionId, async () => {
-      await fs6.mkdir(paths.sessionDir(sessionId), { recursive: true });
+      await fs8.mkdir(paths.sessionDir(sessionId), { recursive: true });
       const line = JSON.stringify(entry) + "\n";
-      await fs6.appendFile(paths.historyFile(sessionId), line, {
+      await fs8.appendFile(paths.historyFile(sessionId), line, {
         encoding: "utf8",
         mode: 384
       });
@@ -10858,9 +11678,9 @@ var HistoryStore = class {
       return;
     }
     return this.enqueue(sessionId, async () => {
-      await fs6.mkdir(paths.sessionDir(sessionId), { recursive: true });
+      await fs8.mkdir(paths.sessionDir(sessionId), { recursive: true });
       const body = entries.length === 0 ? "" : entries.map((e) => JSON.stringify(e)).join("\n") + "\n";
-      await fs6.writeFile(paths.historyFile(sessionId), body, {
+      await fs8.writeFile(paths.historyFile(sessionId), body, {
         encoding: "utf8",
         mode: 384
       });
@@ -10877,7 +11697,7 @@ var HistoryStore = class {
     return this.enqueue(sessionId, async () => {
       let raw;
       try {
-        raw = await fs6.readFile(paths.historyFile(sessionId), "utf8");
+        raw = await fs8.readFile(paths.historyFile(sessionId), "utf8");
       } catch (err) {
         const e = err;
         if (e.code === "ENOENT") {
@@ -10890,7 +11710,7 @@ var HistoryStore = class {
         return;
       }
       const trimmed = lines.slice(-maxEntries);
-      await fs6.writeFile(paths.historyFile(sessionId), trimmed.join("\n") + "\n", {
+      await fs8.writeFile(paths.historyFile(sessionId), trimmed.join("\n") + "\n", {
         encoding: "utf8",
         mode: 384
       });
@@ -10906,7 +11726,7 @@ var HistoryStore = class {
     }
     let raw;
     try {
-      raw = await fs6.readFile(paths.historyFile(sessionId), "utf8");
+      raw = await fs8.readFile(paths.historyFile(sessionId), "utf8");
     } catch (err) {
       const e = err;
       if (e.code === "ENOENT") {
@@ -10952,7 +11772,7 @@ var HistoryStore = class {
     }
     return this.enqueue(sessionId, async () => {
       try {
-        await fs6.unlink(paths.historyFile(sessionId));
+        await fs8.unlink(paths.historyFile(sessionId));
       } catch (err) {
         const e = err;
         if (e.code !== "ENOENT") {
@@ -10960,7 +11780,7 @@ var HistoryStore = class {
         }
       }
       try {
-        await fs6.rmdir(paths.sessionDir(sessionId));
+        await fs8.rmdir(paths.sessionDir(sessionId));
       } catch (err) {
         const e = err;
         if (e.code !== "ENOENT" && e.code !== "ENOTEMPTY") {
@@ -10988,6 +11808,8 @@ init_paths();
 init_history();
 init_types();
 init_hydra_version();
+init_queue_store();
+var QUEUE_REPLAY_TTL_MS = 15 * 60 * 1e3;
 var HYDRA_ID_ALPHABET3 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
 var generateRawSessionId = customAlphabet3(HYDRA_ID_ALPHABET3, 16);
 var SessionManager = class {
@@ -11000,6 +11822,7 @@ var SessionManager = class {
     this.idleTimeoutMs = options.idleTimeoutMs ?? 0;
     this.defaultModels = options.defaultModels ?? {};
     this.logger = options.logger;
+    this.npmRegistry = options.npmRegistry;
   }
   registry;
   sessions = /* @__PURE__ */ new Map();
@@ -11015,6 +11838,7 @@ var SessionManager = class {
   // back-to-back) don't lose writes via interleaved reads.
   metaWriteQueues = /* @__PURE__ */ new Map();
   logger;
+  npmRegistry;
   async create(params) {
     const fresh = await this.bootstrapAgent({
       agentId: params.agentId,
@@ -11036,7 +11860,9 @@ var SessionManager = class {
       spawnReplacementAgent: (p) => this.bootstrapAgent({ ...p, mcpServers: [] }),
       historyStore: this.histories,
       historyMaxEntries: this.sessionHistoryMaxEntries,
-      currentModel: fresh.initialModel
+      currentModel: fresh.initialModel,
+      currentMode: fresh.initialMode,
+      agentModes: fresh.initialModes
     });
     await this.attachManagerHooks(session);
     return session;
@@ -11081,7 +11907,7 @@ var SessionManager = class {
     if (params.upstreamSessionId === "") {
       return this.doResurrectFromImport(params);
     }
-    const plan = await planSpawn(agentDef, params.agentArgs ?? []);
+    const plan = await planSpawn(agentDef, params.agentArgs ?? [], { npmRegistry: this.npmRegistry });
     const agent = this.spawner({
       agentId: params.agentId,
       cwd: params.cwd,
@@ -11135,9 +11961,10 @@ var SessionManager = class {
       // this fix), fall back to the model the agent ships in its
       // session/load response body.
       currentModel: params.currentModel ?? extractInitialModel(loadResult ?? {}),
-      currentMode: params.currentMode,
+      currentMode: params.currentMode ?? extractInitialCurrentMode(loadResult ?? {}),
       currentUsage: params.currentUsage,
       agentCommands: params.agentCommands,
+      agentModes: params.agentModes ?? nonEmptyOrUndefined(extractInitialModes(loadResult ?? {})),
       // Only gate the first-prompt title heuristic when we actually have
       // a title to preserve. A title-less session (lost to a write race
       // or never seeded) should re-derive from the next prompt rather
@@ -11180,9 +12007,10 @@ var SessionManager = class {
       // Prefer the stored value (set by a previous current_model_update);
       // fall back to whatever the agent ships in its session/new response.
       currentModel: params.currentModel ?? fresh.initialModel,
-      currentMode: params.currentMode,
+      currentMode: params.currentMode ?? fresh.initialMode,
       currentUsage: params.currentUsage,
       agentCommands: params.agentCommands,
+      agentModes: params.agentModes ?? fresh.initialModes,
       firstPromptSeeded: !!params.title,
       createdAt: params.createdAt ? new Date(params.createdAt).getTime() : void 0
     });
@@ -11192,7 +12020,7 @@ var SessionManager = class {
   }
   async resolveImportCwd(cwd) {
     try {
-      const stat4 = await fs9.stat(cwd);
+      const stat4 = await fs11.stat(cwd);
       if (stat4.isDirectory()) {
         return cwd;
       }
@@ -11212,7 +12040,7 @@ var SessionManager = class {
       err.code = JsonRpcErrorCodes.AgentNotInstalled;
       throw err;
     }
-    const plan = await planSpawn(agentDef, params.agentArgs ?? []);
+    const plan = await planSpawn(agentDef, params.agentArgs ?? [], { npmRegistry: this.npmRegistry });
     const agent = this.spawner({
       agentId: params.agentId,
       cwd: params.cwd,
@@ -11249,11 +12077,15 @@ var SessionManager = class {
         } catch {
         }
       }
+      const initialModes = extractInitialModes(newResult);
+      const initialMode = extractInitialCurrentMode(newResult);
       return {
         agent,
         upstreamSessionId: sessionIdRaw,
         agentMeta: newResult._meta,
-        initialModel
+        initialModel,
+        initialModes: initialModes.length > 0 ? initialModes : void 0,
+        initialMode
       };
     } catch (err) {
       await agent.kill().catch(() => void 0);
@@ -11305,6 +12137,15 @@ var SessionManager = class {
         }))
       }).catch(() => void 0);
     });
+    session.onAgentModesChange((modes) => {
+      void this.persistSnapshot(session.sessionId, {
+        agentModes: modes.map((m) => ({
+          id: m.id,
+          ...m.name !== void 0 ? { name: m.name } : {},
+          ...m.description !== void 0 ? { description: m.description } : {}
+        }))
+      }).catch(() => void 0);
+    });
     this.sessions.set(session.sessionId, session);
     await this.enqueueMetaWrite(session.sessionId, async () => {
       const existing = await this.store.read(session.sessionId);
@@ -11347,6 +12188,7 @@ var SessionManager = class {
       currentMode: record.currentMode,
       currentUsage: persistedUsageToSnapshot(record.currentUsage),
       agentCommands: record.agentCommands,
+      agentModes: record.agentModes,
       createdAt: record.createdAt
     };
   }
@@ -11624,6 +12466,7 @@ var SessionManager = class {
         ...update.currentMode !== void 0 ? { currentMode: update.currentMode } : {},
         ...update.currentUsage !== void 0 ? { currentUsage: update.currentUsage } : {},
         ...update.agentCommands !== void 0 ? { agentCommands: update.agentCommands } : {},
+        ...update.agentModes !== void 0 ? { agentModes: update.agentModes } : {},
         updatedAt: (/* @__PURE__ */ new Date()).toISOString()
       });
     });
@@ -11657,6 +12500,53 @@ var SessionManager = class {
     }
     await Promise.allSettled(pending);
   }
+  // Startup hook: scan persisted sessions for non-empty queue files,
+  // apply the TTL, resurrect anything with surviving entries, and
+  // replay them through the normal queue path. Called from the daemon
+  // boot sequence; failures per session are logged and don't block
+  // the boot.
+  //
+  // Concurrency is deliberately sequential — resurrect each session
+  // one at a time so a runaway daemon with 100 queued sessions
+  // doesn't burst-spawn 100 agents on startup. Inside a single
+  // session, the queue still drains in parallel-friendly fashion via
+  // drainQueue once resurrect() completes.
+  async resurrectPendingQueues() {
+    const records = await this.store.list().catch(() => []);
+    for (const rec of records) {
+      const queue = await loadQueue(rec.sessionId).catch(() => []);
+      if (queue.length === 0) continue;
+      const now = Date.now();
+      const fresh = queue.filter((e) => now - e.enqueuedAt < QUEUE_REPLAY_TTL_MS);
+      const dropped = queue.length - fresh.length;
+      if (dropped > 0) {
+        this.logger?.info(
+          `queue replay: dropping ${dropped} stale prompt(s) for ${rec.sessionId} (TTL ${QUEUE_REPLAY_TTL_MS / 1e3}s)`
+        );
+        await rewriteQueue(rec.sessionId, fresh).catch(() => void 0);
+      }
+      if (fresh.length === 0) continue;
+      const fromDisk = await this.loadFromDisk(rec.sessionId).catch(() => void 0);
+      if (!fromDisk) {
+        this.logger?.warn(
+          `queue replay: no meta for ${rec.sessionId}; discarding ${fresh.length} entr${fresh.length === 1 ? "y" : "ies"}`
+        );
+        await rewriteQueue(rec.sessionId, []).catch(() => void 0);
+        continue;
+      }
+      try {
+        const session = await this.resurrect(fromDisk);
+        this.logger?.info(
+          `queue replay: resurrected ${rec.sessionId} and replaying ${fresh.length} prompt(s)`
+        );
+        session.replayPersistedQueue(fresh);
+      } catch (err) {
+        this.logger?.warn(
+          `queue replay: failed to resurrect ${rec.sessionId}: ${err.message}`
+        );
+      }
+    }
+  }
 };
 function mergeForPersistence(session, existing) {
   const persistedCommands = session.mergedAvailableCommands().length > 0 ? session.agentOnlyAdvertisedCommands().map((c) => {
@@ -11666,6 +12556,18 @@ function mergeForPersistence(session, existing) {
     return { name: c.name };
   }) : void 0;
   const agentCommands = persistedCommands ?? existing?.agentCommands;
+  const sessionModes = session.availableModes();
+  const persistedModes = sessionModes.length > 0 ? sessionModes.map((m) => {
+    const out = { id: m.id };
+    if (m.name !== void 0) {
+      out.name = m.name;
+    }
+    if (m.description !== void 0) {
+      out.description = m.description;
+    }
+    return out;
+  }) : void 0;
+  const agentModes = persistedModes ?? existing?.agentModes;
   return recordFromMemorySession({
     sessionId: session.sessionId,
     lineageId: existing?.lineageId ?? generateLineageId(),
@@ -11681,6 +12583,7 @@ function mergeForPersistence(session, existing) {
     currentMode: session.currentMode ?? existing?.currentMode,
     currentUsage: usageSnapshotToPersisted(session.currentUsage) ?? existing?.currentUsage,
     agentCommands,
+    agentModes,
     createdAt: existing?.createdAt ?? new Date(session.createdAt).toISOString()
   });
 }
@@ -11743,9 +12646,103 @@ function asString(value) {
   const trimmed = value.trim();
   return trimmed.length > 0 ? trimmed : void 0;
 }
+function nonEmptyOrUndefined(arr) {
+  return arr.length > 0 ? arr : void 0;
+}
+function extractInitialModes(result) {
+  const direct = parseModesList(result.availableModes);
+  if (direct.length > 0) {
+    return direct;
+  }
+  const modes = result.modes;
+  if (modes && typeof modes === "object" && !Array.isArray(modes)) {
+    const fromModesObj = parseModesList(
+      modes.availableModes
+    );
+    if (fromModesObj.length > 0) {
+      return fromModesObj;
+    }
+  }
+  const meta = result._meta;
+  if (meta && typeof meta === "object" && !Array.isArray(meta)) {
+    for (const [key, value] of Object.entries(
+      meta
+    )) {
+      if (key === "hydra-acp") {
+        continue;
+      }
+      if (value && typeof value === "object" && !Array.isArray(value)) {
+        const fromMeta = parseModesList(
+          value.availableModes
+        );
+        if (fromMeta.length > 0) {
+          return fromMeta;
+        }
+      }
+    }
+  }
+  return [];
+}
+function extractInitialCurrentMode(result) {
+  const direct = asString(result.currentModeId) ?? asString(result.currentMode) ?? asString(result.modeId) ?? asString(result.mode);
+  if (direct) {
+    return direct;
+  }
+  const modes = result.modes;
+  if (modes && typeof modes === "object" && !Array.isArray(modes)) {
+    const m = asString(modes.currentModeId) ?? asString(modes.currentMode);
+    if (m) {
+      return m;
+    }
+  }
+  const meta = result._meta;
+  if (meta && typeof meta === "object" && !Array.isArray(meta)) {
+    for (const [key, value] of Object.entries(
+      meta
+    )) {
+      if (key === "hydra-acp") {
+        continue;
+      }
+      if (value && typeof value === "object" && !Array.isArray(value)) {
+        const m = asString(value.currentModeId) ?? asString(value.currentMode) ?? asString(value.modeId);
+        if (m) {
+          return m;
+        }
+      }
+    }
+  }
+  return void 0;
+}
+function parseModesList(list) {
+  if (!Array.isArray(list)) {
+    return [];
+  }
+  const out = [];
+  for (const raw of list) {
+    if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
+      continue;
+    }
+    const r = raw;
+    const id = asString(r.id) ?? asString(r.modeId);
+    if (!id) {
+      continue;
+    }
+    const mode = { id };
+    const name = asString(r.name);
+    if (name) {
+      mode.name = name;
+    }
+    const description = asString(r.description);
+    if (description) {
+      mode.description = description;
+    }
+    out.push(mode);
+  }
+  return out;
+}
 async function loadPromptHistorySafely(sessionId) {
   try {
-    const raw = await fs9.readFile(paths.tuiHistoryFile(sessionId), "utf8");
+    const raw = await fs11.readFile(paths.tuiHistoryFile(sessionId), "utf8");
     const out = [];
     for (const line of raw.split("\n")) {
       if (line.length === 0) {
@@ -11766,7 +12763,7 @@ async function loadPromptHistorySafely(sessionId) {
 }
 async function historyMtimeIso(sessionId) {
   try {
-    const st = await fs9.stat(paths.historyFile(sessionId));
+    const st = await fs11.stat(paths.historyFile(sessionId));
     return new Date(st.mtimeMs).toISOString();
   } catch {
     return void 0;
@@ -11776,7 +12773,7 @@ async function historyMtimeIso(sessionId) {
 // src/core/extensions.ts
 init_paths();
 import { spawn as spawn4 } from "child_process";
-import * as fs10 from "fs";
+import * as fs12 from "fs";
 import * as fsp3 from "fs/promises";
 import * as path7 from "path";
 var RESTART_BASE_MS = 1e3;
@@ -12059,7 +13056,7 @@ var ExtensionManager = class {
     }
     const ext = entry.config;
     const command = ext.command.length > 0 ? ext.command : [ext.name];
-    const logStream = fs10.createWriteStream(paths.extensionLogFile(ext.name), {
+    const logStream = fs12.createWriteStream(paths.extensionLogFile(ext.name), {
       flags: "a"
     });
     logStream.write(
@@ -12071,7 +13068,7 @@ var ExtensionManager = class {
       HYDRA_ACP_DAEMON_URL: ctx.daemonUrl,
       HYDRA_ACP_DAEMON_HOST: ctx.daemonHost,
       HYDRA_ACP_DAEMON_PORT: String(ctx.daemonPort),
-      HYDRA_ACP_TOKEN: ctx.daemonToken,
+      HYDRA_ACP_TOKEN: ctx.serviceToken,
       HYDRA_ACP_WS_URL: ctx.daemonWsUrl,
       HYDRA_ACP_HOME: ctx.hydraHome,
       HYDRA_ACP_EXTENSION_NAME: ext.name,
@@ -12109,7 +13106,7 @@ var ExtensionManager = class {
     }
     if (typeof child.pid === "number") {
       try {
-        fs10.writeFileSync(paths.extensionPidFile(ext.name), `${child.pid}
+        fs12.writeFileSync(paths.extensionPidFile(ext.name), `${child.pid}
 `, {
           encoding: "utf8",
           mode: 384
@@ -12134,7 +13131,7 @@ var ExtensionManager = class {
     });
     child.on("exit", (code, signal) => {
       try {
-        fs10.unlinkSync(paths.extensionPidFile(ext.name));
+        fs12.unlinkSync(paths.extensionPidFile(ext.name));
       } catch {
       }
       logStream.write(
@@ -12177,25 +13174,245 @@ var ExtensionManager = class {
     }
   }
 };
-function isAlive(pid) {
-  try {
-    process.kill(pid, 0);
-    return true;
-  } catch {
+function isAlive(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function withCode2(err, code) {
+  err.code = code;
+  return err;
+}
+
+// src/daemon/server.ts
+init_paths();
+init_hydra_version();
+
+// src/core/session-tokens.ts
+init_paths();
+import * as fs13 from "fs/promises";
+import * as path8 from "path";
+import { createHash, randomBytes, timingSafeEqual } from "crypto";
+var TOKEN_PREFIX = "hydra_session_";
+var DEFAULT_TTL_SEC = 60 * 60 * 24 * 30;
+var ID_LENGTH = 12;
+var TOKEN_BYTES = 32;
+var WRITE_DEBOUNCE_MS = 50;
+function tokensFilePath() {
+  return path8.join(paths.home(), "session-tokens.json");
+}
+function sha256Hex(input) {
+  return createHash("sha256").update(input).digest("hex");
+}
+function randomHex(bytes) {
+  return randomBytes(bytes).toString("hex");
+}
+function generateId() {
+  return randomHex(ID_LENGTH).slice(0, ID_LENGTH * 2);
+}
+function generateToken() {
+  return `${TOKEN_PREFIX}${randomHex(TOKEN_BYTES)}`;
+}
+var SessionTokenStore = class _SessionTokenStore {
+  records = /* @__PURE__ */ new Map();
+  // keyed by hash
+  writeTimer = null;
+  writeInflight = null;
+  constructor(records) {
+    for (const r of records) {
+      this.records.set(r.hash, r);
+    }
+  }
+  static async load() {
+    let records = [];
+    try {
+      const raw = await fs13.readFile(tokensFilePath(), "utf8");
+      const parsed = JSON.parse(raw);
+      if (parsed && Array.isArray(parsed.records)) {
+        records = parsed.records.filter(isRecord);
+      }
+    } catch (err) {
+      const e = err;
+      if (e.code !== "ENOENT") {
+        throw err;
+      }
+    }
+    const store = new _SessionTokenStore(records);
+    const removed = store.sweepExpired(/* @__PURE__ */ new Date());
+    if (removed > 0) {
+      await store.flush();
+    }
+    return store;
+  }
+  async issue(opts = {}) {
+    const token = generateToken();
+    const hash = sha256Hex(token);
+    const id = generateId();
+    const now = /* @__PURE__ */ new Date();
+    const ttlSec = opts.ttlSec && opts.ttlSec > 0 ? opts.ttlSec : DEFAULT_TTL_SEC;
+    const expiresAt = new Date(now.getTime() + ttlSec * 1e3);
+    const record = {
+      id,
+      hash,
+      label: opts.label,
+      createdAt: now.toISOString(),
+      expiresAt: expiresAt.toISOString(),
+      lastUsedAt: now.toISOString()
+    };
+    this.records.set(hash, record);
+    this.scheduleWrite();
+    return { id, token, expiresAt: record.expiresAt };
+  }
+  // Verifies a presented token. Returns the matching record id (so the
+  // caller can revoke it on logout) and bumps lastUsedAt; returns
+  // undefined when no record matches or when the matched record has
+  // expired.
+  async verify(token) {
+    if (typeof token !== "string" || !token.startsWith(TOKEN_PREFIX)) {
+      return void 0;
+    }
+    const hash = sha256Hex(token);
+    const record = this.records.get(hash);
+    if (!record) {
+      return void 0;
+    }
+    const expected = Buffer.from(record.hash, "hex");
+    const actual = Buffer.from(hash, "hex");
+    if (expected.length !== actual.length || !timingSafeEqual(expected, actual)) {
+      return void 0;
+    }
+    const now = /* @__PURE__ */ new Date();
+    if (new Date(record.expiresAt).getTime() <= now.getTime()) {
+      this.records.delete(hash);
+      this.scheduleWrite();
+      return void 0;
+    }
+    record.lastUsedAt = now.toISOString();
+    this.scheduleWrite();
+    return record.id;
+  }
+  async revoke(id) {
+    for (const [hash, r] of this.records) {
+      if (r.id === id) {
+        this.records.delete(hash);
+        this.scheduleWrite();
+        return true;
+      }
+    }
+    return false;
+  }
+  async revokeAll() {
+    const n = this.records.size;
+    this.records.clear();
+    this.scheduleWrite();
+    return n;
+  }
+  list() {
+    return Array.from(this.records.values()).map(({ id, label, createdAt, expiresAt, lastUsedAt }) => ({
+      id,
+      label,
+      createdAt,
+      expiresAt,
+      lastUsedAt
+    })).sort((a, b) => b.createdAt.localeCompare(a.createdAt));
+  }
+  sweepExpired(now = /* @__PURE__ */ new Date()) {
+    let removed = 0;
+    for (const [hash, r] of this.records) {
+      if (new Date(r.expiresAt).getTime() <= now.getTime()) {
+        this.records.delete(hash);
+        removed += 1;
+      }
+    }
+    if (removed > 0) {
+      this.scheduleWrite();
+    }
+    return removed;
+  }
+  // Force any pending write to complete. Useful in tests and at shutdown.
+  async flush() {
+    if (this.writeTimer) {
+      clearTimeout(this.writeTimer);
+      this.writeTimer = null;
+    }
+    await this.persist();
+  }
+  scheduleWrite() {
+    if (this.writeTimer) {
+      return;
+    }
+    this.writeTimer = setTimeout(() => {
+      this.writeTimer = null;
+      this.persist().catch(() => {
+      });
+    }, WRITE_DEBOUNCE_MS);
+  }
+  async persist() {
+    if (this.writeInflight) {
+      await this.writeInflight;
+    }
+    const records = Array.from(this.records.values());
+    const payload = JSON.stringify({ records }, null, 2) + "\n";
+    this.writeInflight = (async () => {
+      await fs13.mkdir(paths.home(), { recursive: true });
+      await fs13.writeFile(tokensFilePath(), payload, {
+        encoding: "utf8",
+        mode: 384
+      });
+    })();
+    try {
+      await this.writeInflight;
+    } finally {
+      this.writeInflight = null;
+    }
+  }
+};
+function isRecord(value) {
+  if (!value || typeof value !== "object") {
     return false;
   }
+  const v = value;
+  return typeof v.id === "string" && typeof v.hash === "string" && typeof v.createdAt === "string" && typeof v.expiresAt === "string" && typeof v.lastUsedAt === "string" && (v.label === void 0 || typeof v.label === "string");
 }
-function withCode2(err, code) {
-  err.code = code;
-  return err;
-}
-
-// src/daemon/server.ts
-init_paths();
-init_hydra_version();
 
 // src/daemon/auth.ts
 var BEARER_PREFIX = "Bearer ";
+var StaticTokenValidator = class {
+  constructor(token) {
+    this.token = token;
+  }
+  token;
+  async validate(token) {
+    return constantTimeEqual(token, this.token) ? "service" : void 0;
+  }
+};
+var SessionTokenValidator = class {
+  constructor(store) {
+    this.store = store;
+  }
+  store;
+  async validate(token) {
+    return this.store.verify(token);
+  }
+};
+var CompositeTokenValidator = class {
+  constructor(validators) {
+    this.validators = validators;
+  }
+  validators;
+  async validate(token) {
+    for (const v of this.validators) {
+      const id = await v.validate(token);
+      if (id !== void 0) {
+        return id;
+      }
+    }
+    return void 0;
+  }
+};
 function bearerAuth(opts) {
   return async function authMiddleware(request, reply) {
     const header = request.headers.authorization;
@@ -12204,10 +13421,12 @@ function bearerAuth(opts) {
       return;
     }
     const token = header.slice(BEARER_PREFIX.length).trim();
-    if (!constantTimeEqual(token, opts.config.daemon.authToken)) {
+    const identity = await opts.validator.validate(token);
+    if (!identity) {
       reply.code(403).send({ error: "Invalid token" });
       return;
     }
+    request.authIdentity = identity;
   };
 }
 function tokenFromUpgradeRequest(req) {
@@ -12246,6 +13465,40 @@ function constantTimeEqual(a, b) {
   return mismatch === 0;
 }
 
+// src/daemon/rate-limit.ts
+var AuthRateLimiter = class {
+  entries = /* @__PURE__ */ new Map();
+  maxFails;
+  windowMs;
+  constructor(maxFails = 10, windowMs = 15 * 60 * 1e3) {
+    this.maxFails = maxFails;
+    this.windowMs = windowMs;
+  }
+  isBlocked(ip) {
+    const e = this.entries.get(ip);
+    if (!e) {
+      return false;
+    }
+    if (Date.now() - e.windowStart > this.windowMs) {
+      this.entries.delete(ip);
+      return false;
+    }
+    return e.fails >= this.maxFails;
+  }
+  recordFailure(ip) {
+    const now = Date.now();
+    const e = this.entries.get(ip);
+    if (!e || now - e.windowStart > this.windowMs) {
+      this.entries.set(ip, { fails: 1, windowStart: now });
+      return;
+    }
+    e.fails += 1;
+  }
+  recordSuccess(ip) {
+    this.entries.delete(ip);
+  }
+};
+
 // src/daemon/routes/sessions.ts
 init_config();
 init_bundle();
@@ -12613,6 +13866,181 @@ function registerConfigRoutes(app, defaults) {
   });
 }
 
+// src/daemon/routes/auth.ts
+import { z as z6 } from "zod";
+
+// src/core/password.ts
+init_paths();
+import * as fs14 from "fs/promises";
+import * as path9 from "path";
+import { randomBytes as randomBytes2, scrypt, timingSafeEqual as timingSafeEqual2 } from "crypto";
+import { promisify } from "util";
+var scryptAsync = promisify(scrypt);
+function passwordHashPath() {
+  return path9.join(paths.home(), "password-hash");
+}
+var DEFAULT_N = 1 << 15;
+var DEFAULT_R = 8;
+var DEFAULT_P = 1;
+var KEY_LEN = 64;
+var SALT_LEN = 16;
+var MAX_MEM = 128 * 1024 * 1024;
+async function setPassword(plaintext) {
+  if (typeof plaintext !== "string" || plaintext.length === 0) {
+    throw new Error("password must be a non-empty string");
+  }
+  const salt = randomBytes2(SALT_LEN);
+  const key = await scryptAsync(plaintext, salt, KEY_LEN, {
+    N: DEFAULT_N,
+    r: DEFAULT_R,
+    p: DEFAULT_P,
+    maxmem: MAX_MEM
+  });
+  const encoded = `scrypt$${DEFAULT_N}$${DEFAULT_R}$${DEFAULT_P}$${salt.toString("hex")}$${key.toString("hex")}
+`;
+  await fs14.mkdir(paths.home(), { recursive: true });
+  await fs14.writeFile(passwordHashPath(), encoded, {
+    encoding: "utf8",
+    mode: 384
+  });
+}
+async function hasPassword() {
+  try {
+    const text = await fs14.readFile(passwordHashPath(), "utf8");
+    return text.trim().length > 0;
+  } catch (err) {
+    const e = err;
+    if (e.code === "ENOENT") {
+      return false;
+    }
+    throw err;
+  }
+}
+async function verifyPassword(plaintext) {
+  if (typeof plaintext !== "string" || plaintext.length === 0) {
+    return false;
+  }
+  let line;
+  try {
+    line = (await fs14.readFile(passwordHashPath(), "utf8")).trim();
+  } catch (err) {
+    const e = err;
+    if (e.code === "ENOENT") {
+      return false;
+    }
+    throw err;
+  }
+  const parts = line.split("$");
+  if (parts.length !== 6 || parts[0] !== "scrypt") {
+    return false;
+  }
+  const N = parseInt(parts[1], 10);
+  const r = parseInt(parts[2], 10);
+  const p = parseInt(parts[3], 10);
+  if (!Number.isFinite(N) || !Number.isFinite(r) || !Number.isFinite(p)) {
+    return false;
+  }
+  const salt = Buffer.from(parts[4], "hex");
+  const expected = Buffer.from(parts[5], "hex");
+  if (salt.length === 0 || expected.length === 0) {
+    return false;
+  }
+  const actual = await scryptAsync(plaintext, salt, expected.length, {
+    N,
+    r,
+    p,
+    maxmem: MAX_MEM
+  });
+  if (actual.length !== expected.length) {
+    return false;
+  }
+  return timingSafeEqual2(actual, expected);
+}
+
+// src/daemon/routes/auth.ts
+var LoginBody = z6.object({
+  password: z6.string().min(1),
+  label: z6.string().min(1).max(256).optional(),
+  ttlSec: z6.number().int().positive().optional()
+});
+var LogoutBody = z6.object({
+  id: z6.string().optional()
+}).optional();
+function registerAuthRoutes(app, deps) {
+  app.post(
+    "/v1/auth/login",
+    { config: { skipAuth: true } },
+    async (request, reply) => {
+      const ip = remoteIp(request);
+      if (deps.rateLimiter.isBlocked(ip)) {
+        return reply.code(429).send({
+          error: "Too many failed attempts; try again later."
+        });
+      }
+      let body;
+      try {
+        body = LoginBody.parse(request.body);
+      } catch {
+        return reply.code(400).send({ error: "Invalid request body" });
+      }
+      if (!await hasPassword()) {
+        return reply.code(403).send({
+          error: "No password configured. Run `hydra-acp auth password` on the daemon host."
+        });
+      }
+      const ok = await verifyPassword(body.password);
+      if (!ok) {
+        deps.rateLimiter.recordFailure(ip);
+        return reply.code(401).send({ error: "Invalid password" });
+      }
+      deps.rateLimiter.recordSuccess(ip);
+      const issued = await deps.store.issue({
+        label: body.label,
+        ttlSec: body.ttlSec
+      });
+      return reply.code(200).send({
+        session_token: issued.token,
+        id: issued.id,
+        expires_at: issued.expiresAt
+      });
+    }
+  );
+  app.post("/v1/auth/logout", async (request, reply) => {
+    let body = void 0;
+    try {
+      body = LogoutBody.parse(request.body ?? void 0);
+    } catch {
+      return reply.code(400).send({ error: "Invalid request body" });
+    }
+    const id = body?.id ?? request.authIdentity;
+    if (!id || id === "service") {
+      return reply.code(200).send({ revoked: false });
+    }
+    const revoked = await deps.store.revoke(id);
+    return reply.code(200).send({ revoked });
+  });
+  app.get("/v1/auth/verify", async (_request, reply) => {
+    return reply.code(200).send({ ok: true });
+  });
+  app.get("/v1/auth/sessions", async (_request, reply) => {
+    return reply.code(200).send({ sessions: deps.store.list() });
+  });
+  app.delete(
+    "/v1/auth/sessions/:id",
+    async (request, reply) => {
+      const id = request.params.id;
+      const revoked = await deps.store.revoke(id);
+      if (!revoked) {
+        return reply.code(404).send({ error: "Not found" });
+      }
+      return reply.code(204).send();
+    }
+  );
+}
+function remoteIp(request) {
+  return request.ip || "unknown";
+}
+
 // src/daemon/acp-ws.ts
 init_connection();
 init_ws_stream();
@@ -12620,12 +14048,12 @@ init_types();
 import { nanoid as nanoid2 } from "nanoid";
 init_hydra_version();
 function registerAcpWsEndpoint(app, deps) {
-  app.get("/acp", { websocket: true }, (socket, request) => {
+  app.get("/acp", { websocket: true }, async (socket, request) => {
     const token = tokenFromUpgradeRequest({
       headers: request.headers,
       url: request.url
     });
-    if (!token || !constantTimeEqual(token, deps.config.daemon.authToken)) {
+    if (!token || !await deps.validator.validate(token)) {
       socket.close(4401, "Unauthorized");
       return;
     }
@@ -12676,8 +14104,15 @@ function registerAcpWsEndpoint(app, deps) {
           }
         })();
       });
+      const modesPayload = buildModesPayload(session);
       return {
         sessionId: session.sessionId,
+        // session/new is implicitly an attach; mirror session/attach's
+        // shape by including the clientId so deferred-echo clients
+        // (TUI's queue work) can recognize their own prompt_queue_added
+        // events without an extra round-trip.
+        clientId: client.clientId,
+        ...modesPayload ? { modes: modesPayload } : {},
         _meta: buildResponseMeta(session)
       };
     });
@@ -12738,6 +14173,7 @@ function registerAcpWsEndpoint(app, deps) {
         await connection.notify(note.method, note.params);
       }
       session.replayPendingPermissions(client);
+      const modesPayload = buildModesPayload(session);
       return {
         sessionId: session.sessionId,
         clientId: client.clientId,
@@ -12748,6 +14184,7 @@ function registerAcpWsEndpoint(app, deps) {
         // ran, not what was asked for.
         historyPolicy: appliedPolicy,
         replayed: replay.length,
+        ...modesPayload ? { modes: modesPayload } : {},
         _meta: buildResponseMeta(session)
       };
     });
@@ -12781,7 +14218,29 @@ function registerAcpWsEndpoint(app, deps) {
         err.code = JsonRpcErrorCodes.SessionNotFound;
         throw err;
       }
-      const session = deps.manager.require(params.sessionId);
+      let session = deps.manager.get(params.sessionId);
+      if (!session) {
+        const fromDisk = await deps.manager.loadFromDisk(params.sessionId);
+        if (!fromDisk) {
+          const err = new Error(
+            `session ${params.sessionId} not found`
+          );
+          err.code = JsonRpcErrorCodes.SessionNotFound;
+          throw err;
+        }
+        app.log.info(
+          `session/prompt auto-resurrecting cold sessionId=${params.sessionId}`
+        );
+        session = await deps.manager.resurrect(fromDisk);
+        const client = bindClientToSession(
+          connection,
+          session,
+          state,
+          void 0,
+          att.clientId
+        );
+        await session.attach(client, "none");
+      }
       return session.prompt(att.clientId, params);
     });
     const handleCancelParams = (raw) => {
@@ -12813,6 +14272,26 @@ function registerAcpWsEndpoint(app, deps) {
       handleCancelParams(raw);
       return null;
     });
+    connection.onRequest("hydra-acp/cancel_prompt", async (raw) => {
+      const params = CancelPromptParams.parse(raw);
+      const session = deps.manager.get(params.sessionId);
+      if (!session) {
+        const err = new Error(`session ${params.sessionId} not found`);
+        err.code = JsonRpcErrorCodes.SessionNotFound;
+        throw err;
+      }
+      return session.cancelQueuedPrompt(params.messageId);
+    });
+    connection.onRequest("hydra-acp/update_prompt", async (raw) => {
+      const params = UpdatePromptParams.parse(raw);
+      const session = deps.manager.get(params.sessionId);
+      if (!session) {
+        const err = new Error(`session ${params.sessionId} not found`);
+        err.code = JsonRpcErrorCodes.SessionNotFound;
+        throw err;
+      }
+      return session.updateQueuedPrompt(params.messageId, params.prompt);
+    });
     connection.onRequest("session/load", async (raw) => {
       const rawObj = raw ?? {};
       const rawSessionId = typeof rawObj.sessionId === "string" ? rawObj.sessionId : void 0;
@@ -12844,8 +14323,13 @@ function registerAcpWsEndpoint(app, deps) {
         await connection.notify(note.method, note.params);
       }
       session.replayPendingPermissions(client);
+      const modesPayload = buildModesPayload(session);
       return {
         sessionId: session.sessionId,
+        // Same as session/new: include clientId so the deferred-echo
+        // path in queue-aware clients can recognize own broadcasts.
+        clientId: client.clientId,
+        ...modesPayload ? { modes: modesPayload } : {},
         _meta: buildResponseMeta(session)
       };
     });
@@ -12871,6 +14355,26 @@ function registerAcpWsEndpoint(app, deps) {
     });
   });
 }
+function buildModesPayload(session) {
+  const modes = session.availableModes();
+  if (modes.length === 0) {
+    return void 0;
+  }
+  const availableModes = modes.map((m) => {
+    const out = {
+      id: m.id,
+      // ACP spec requires `name` — fall back to id when the agent didn't
+      // supply one so we never emit an invalid SessionMode.
+      name: m.name ?? m.id
+    };
+    if (m.description !== void 0) {
+      out.description = m.description;
+    }
+    return out;
+  });
+  const currentModeId = session.currentMode ?? modes[0].id;
+  return { currentModeId, availableModes };
+}
 function buildResponseMeta(session) {
   const ours = {
     upstreamSessionId: session.upstreamSessionId,
@@ -12896,9 +14400,17 @@ function buildResponseMeta(session) {
   if (commands.length > 0) {
     ours.availableCommands = commands;
   }
+  const modes = session.availableModes();
+  if (modes.length > 0) {
+    ours.availableModes = modes;
+  }
   if (session.turnStartedAt !== void 0) {
     ours.turnStartedAt = session.turnStartedAt;
   }
+  const queue = session.queueSnapshot();
+  if (queue.length > 0) {
+    ours.queue = queue;
+  }
   return mergeMeta(session.agentMeta, ours);
 }
 function buildInitializeResult() {
@@ -12929,7 +14441,13 @@ function buildInitializeResult() {
         id: "bearer-token",
         description: "Bearer token presented at WS upgrade"
       }
-    ]
+    ],
+    // Advertise hydra-only capabilities via _meta["hydra-acp"]. Generic
+    // ACP clients ignore the field; capability-aware clients learn here
+    // that hydra accepts concurrent session/prompt requests and emits
+    // prompt_queue_* notifications so they can stop running their own
+    // local queue.
+    _meta: mergeMeta(void 0, { promptQueueing: true })
   };
 }
 function bindClientToSession(connection, session, state, clientInfo, callerClientId) {
@@ -12943,7 +14461,7 @@ function bindClientToSession(connection, session, state, clientInfo, callerClien
 }
 
 // src/daemon/server.ts
-async function startDaemon(config) {
+async function startDaemon(config, serviceToken) {
   ensureLoopbackOrTls(config);
   const httpsOptions = config.daemon.tls ? {
     key: await fsp4.readFile(config.daemon.tls.key),
@@ -12970,7 +14488,13 @@ async function startDaemon(config) {
   setNpmInstallLogger((msg) => {
     app.log.info(msg);
   });
-  const auth = bearerAuth({ config });
+  const sessionTokenStore = await SessionTokenStore.load();
+  const authRateLimiter = new AuthRateLimiter();
+  const validator = new CompositeTokenValidator([
+    new StaticTokenValidator(serviceToken),
+    new SessionTokenValidator(sessionTokenStore)
+  ]);
+  const auth = bearerAuth({ validator });
   app.addHook("onRequest", async (request, reply) => {
     if (request.routeOptions.config?.skipAuth) {
       return;
@@ -12980,6 +14504,13 @@ async function startDaemon(config) {
     }
     await auth(request, reply);
   });
+  const sweepInterval = setInterval(
+    () => {
+      sessionTokenStore.sweepExpired();
+    },
+    5 * 60 * 1e3
+  );
+  sweepInterval.unref();
   const registry = new Registry(config);
   const agentLogger = {
     info: (msg) => app.log.info(msg),
@@ -12994,7 +14525,8 @@ async function startDaemon(config) {
     idleTimeoutMs: config.daemon.sessionIdleTimeoutSeconds * 1e3,
     defaultModels: config.defaultModels,
     sessionHistoryMaxEntries: config.daemon.sessionHistoryMaxEntries,
-    logger: agentLogger
+    logger: agentLogger,
+    npmRegistry: config.npmRegistry
   });
   const extensions = new ExtensionManager(extensionList(config));
   registerHealthRoutes(app, HYDRA_VERSION);
@@ -13008,8 +14540,12 @@ async function startDaemon(config) {
     defaultAgent: config.defaultAgent,
     defaultCwd: config.defaultCwd
   });
+  registerAuthRoutes(app, {
+    store: sessionTokenStore,
+    rateLimiter: authRateLimiter
+  });
   registerAcpWsEndpoint(app, {
-    config,
+    validator,
     manager,
     defaultAgent: config.defaultAgent
   });
@@ -13033,12 +14569,19 @@ async function startDaemon(config) {
     daemonUrl: `${scheme}://${config.daemon.host}:${boundPort}`,
     daemonHost: config.daemon.host,
     daemonPort: boundPort,
-    daemonToken: config.daemon.authToken,
+    serviceToken,
     daemonWsUrl: `${wsScheme}://${config.daemon.host}:${boundPort}/acp`,
     hydraHome: paths.home()
   });
   await extensions.start();
+  void manager.resurrectPendingQueues().catch((err) => {
+    app.log.warn(
+      `queue replay scan failed: ${err.message}`
+    );
+  });
   const shutdown = async () => {
+    clearInterval(sweepInterval);
+    await sessionTokenStore.flush();
     await extensions.stop();
     await manager.closeAll();
     await manager.flushMetaWrites();
@@ -13046,7 +14589,7 @@ async function startDaemon(config) {
     setNpmInstallLogger(null);
     await app.close();
     try {
-      fs11.unlinkSync(paths.pidFile());
+      fs15.unlinkSync(paths.pidFile());
     } catch {
     }
     try {
@@ -13085,7 +14628,7 @@ function ensureLoopbackOrTls(config) {
 init_daemon_bootstrap();
 
 // src/cli/commands/log-tail.ts
-import * as fs12 from "fs";
+import * as fs16 from "fs";
 import * as fsp5 from "fs/promises";
 async function runLogTail(logPath, argv, notFoundMessage) {
   const opts = parseLogTailFlags(argv);
@@ -13109,7 +14652,7 @@ async function runLogTail(logPath, argv, notFoundMessage) {
   process.stdout.write(`-- following ${logPath} --
 `);
   let pending = false;
-  const watcher = fs12.watch(logPath, () => {
+  const watcher = fs16.watch(logPath, () => {
     if (pending) {
       return;
     }
@@ -13209,7 +14752,8 @@ function parseLogTailFlags(argv) {
 
 // src/cli/commands/daemon.ts
 async function runDaemonStart(flags = {}) {
-  const config = await ensureConfig();
+  const config = await loadConfig();
+  const serviceToken = await ensureServiceToken();
   if (await pingHealth(config)) {
     const info2 = await readPidFile();
     process.stdout.write(
@@ -13219,7 +14763,7 @@ async function runDaemonStart(flags = {}) {
     return;
   }
   if (flagBool(flags, "foreground")) {
-    const handle = await startDaemon(config);
+    const handle = await startDaemon(config, serviceToken);
     process.stdout.write(
       `hydra-acp daemon listening on ${config.daemon.host}:${config.daemon.port}
 `
@@ -13257,7 +14801,8 @@ async function runDaemonStop() {
   }
 }
 async function runDaemonRestart() {
-  const config = await ensureConfig();
+  const config = await loadConfig();
+  await ensureServiceToken();
   const info = await readPidFile();
   if (info && isProcessAlive(info.pid)) {
     process.stdout.write(`Stopping daemon pid ${info.pid}...
@@ -13345,16 +14890,18 @@ init_sessions();
 
 // src/cli/commands/extensions.ts
 init_config();
+init_service_token();
 init_paths();
 import * as fsp7 from "fs/promises";
 init_sessions();
 async function runExtensionsList() {
   const config = await loadConfig();
+  const serviceToken = await loadServiceToken();
   const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   let body;
   try {
     const r = await fetch(`${baseUrl}/v1/extensions`, {
-      headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+      headers: { Authorization: `Bearer ${serviceToken}` }
     });
     if (!r.ok) {
       process.stderr.write(`Daemon returned HTTP ${r.status}
@@ -13457,13 +15004,14 @@ async function runExtensionsAdd(name, argv) {
   process.stdout.write(`Added extension '${name}' to ${paths.config()}
 `);
   const config = await loadConfig();
+  const serviceToken = await loadServiceToken();
   const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   const registerBody = { name, ...body };
   try {
     const r = await fetch(`${baseUrl}/v1/extensions`, {
       method: "POST",
       headers: {
-        Authorization: `Bearer ${config.daemon.authToken}`,
+        Authorization: `Bearer ${serviceToken}`,
         "Content-Type": "application/json"
       },
       body: JSON.stringify(registerBody)
@@ -13511,11 +15059,12 @@ async function runExtensionsRemove(name) {
   process.stdout.write(`Removed extension '${name}' from ${paths.config()}
 `);
   const config = await loadConfig();
+  const serviceToken = await loadServiceToken();
   const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   try {
     const r = await fetch(`${baseUrl}/v1/extensions/${encodeURIComponent(name)}`, {
       method: "DELETE",
-      headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+      headers: { Authorization: `Bearer ${serviceToken}` }
     });
     if (r.status === 204 || r.status === 404) {
       process.stdout.write(`${name}: stopped
@@ -13575,12 +15124,13 @@ async function postLifecycle(name, verb) {
     return;
   }
   const config = await loadConfig();
+  const serviceToken = await loadServiceToken();
   const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   let r;
   try {
     r = await fetch(`${baseUrl}/v1/extensions/${encodeURIComponent(name)}/${verb}`, {
       method: "POST",
-      headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+      headers: { Authorization: `Bearer ${serviceToken}` }
     });
   } catch (err) {
     process.stderr.write(
@@ -13611,8 +15161,9 @@ async function postLifecycle(name, verb) {
 }
 async function postLifecycleAll(verb) {
   const config = await loadConfig();
+  const serviceToken = await loadServiceToken();
   const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
-  const auth = { Authorization: `Bearer ${config.daemon.authToken}` };
+  const auth = { Authorization: `Bearer ${serviceToken}` };
   let listBody;
   try {
     const r = await fetch(`${baseUrl}/v1/extensions`, { headers: auth });
@@ -13778,14 +15329,16 @@ function maxLen2(headerCell, values) {
 
 // src/cli/commands/agents.ts
 init_config();
+init_service_token();
 init_sessions();
 async function runAgentsList() {
   const config = await loadConfig();
+  const serviceToken = await loadServiceToken();
   const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   let body;
   try {
     const r = await fetch(`${baseUrl}/v1/agents`, {
-      headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+      headers: { Authorization: `Bearer ${serviceToken}` }
     });
     if (!r.ok) {
       process.stderr.write(`Daemon returned HTTP ${r.status}
@@ -13842,12 +15395,13 @@ Registry version: ${body.version}
 }
 async function runAgentsRefresh() {
   const config = await loadConfig();
+  const serviceToken = await loadServiceToken();
   const baseUrl = httpBase(config.daemon.host, config.daemon.port, !!config.daemon.tls);
   let body;
   try {
     const r = await fetch(`${baseUrl}/v1/registry/refresh`, {
       method: "POST",
-      headers: { Authorization: `Bearer ${config.daemon.authToken}` }
+      headers: { Authorization: `Bearer ${serviceToken}` }
     });
     if (!r.ok) {
       process.stderr.write(`Daemon returned HTTP ${r.status}
@@ -13878,8 +15432,197 @@ function maxLen3(headerCell, values) {
   return max;
 }
 
+// src/cli/commands/auth.ts
+init_config();
+init_service_token();
+init_sessions();
+async function promptPassword(prompt) {
+  process.stdout.write(prompt);
+  if (!process.stdin.isTTY) {
+    return readLineFromStdin();
+  }
+  return new Promise((resolve5, reject) => {
+    const stdin = process.stdin;
+    const wasRaw = stdin.isRaw === true;
+    let buffer = "";
+    const cleanup = () => {
+      stdin.removeListener("data", onData);
+      stdin.removeListener("error", onError);
+      if (!wasRaw) {
+        stdin.setRawMode(false);
+      }
+      stdin.pause();
+    };
+    const onData = (chunk) => {
+      for (const byte of chunk) {
+        if (byte === 10 || byte === 13) {
+          process.stdout.write("\n");
+          cleanup();
+          resolve5(buffer);
+          return;
+        }
+        if (byte === 3) {
+          cleanup();
+          reject(new Error("password entry cancelled"));
+          return;
+        }
+        if (byte === 127 || byte === 8) {
+          buffer = buffer.slice(0, -1);
+          continue;
+        }
+        buffer += String.fromCharCode(byte);
+      }
+    };
+    const onError = (err) => {
+      cleanup();
+      reject(err);
+    };
+    stdin.setRawMode(true);
+    stdin.resume();
+    stdin.on("data", onData);
+    stdin.on("error", onError);
+  });
+}
+function readLineFromStdin() {
+  return new Promise((resolve5, reject) => {
+    let buffer = "";
+    process.stdin.setEncoding("utf8");
+    const onData = (chunk) => {
+      buffer += chunk;
+      const nl = buffer.indexOf("\n");
+      if (nl !== -1) {
+        process.stdin.removeListener("data", onData);
+        process.stdin.removeListener("error", onError);
+        resolve5(buffer.slice(0, nl).replace(/\r$/, ""));
+      }
+    };
+    const onError = (err) => {
+      process.stdin.removeListener("data", onData);
+      process.stdin.removeListener("error", onError);
+      reject(err);
+    };
+    process.stdin.on("data", onData);
+    process.stdin.on("error", onError);
+  });
+}
+async function runAuthPasswordSet(flags) {
+  const force = flagBool(flags, "force");
+  if (await hasPassword() && !force) {
+    const current = await promptPassword("Current password: ");
+    if (!await verifyPassword(current)) {
+      process.stderr.write("Wrong password.\n");
+      process.exit(1);
+    }
+  }
+  const next = await promptPassword("New password: ");
+  if (next.length === 0) {
+    process.stderr.write("Password must not be empty.\n");
+    process.exit(2);
+  }
+  const confirm = await promptPassword("Confirm new password: ");
+  if (next !== confirm) {
+    process.stderr.write("Passwords did not match.\n");
+    process.exit(1);
+  }
+  await setPassword(next);
+  process.stdout.write("Password set.\n");
+}
+async function runAuthList() {
+  const config = await loadConfig();
+  const token = await loadServiceToken();
+  const baseUrl = httpBase(
+    config.daemon.host,
+    config.daemon.port,
+    !!config.daemon.tls
+  );
+  const r = await fetch(`${baseUrl}/v1/auth/sessions`, {
+    headers: { Authorization: `Bearer ${token}` }
+  });
+  if (!r.ok) {
+    process.stderr.write(`Daemon returned HTTP ${r.status}
+`);
+    process.exit(1);
+  }
+  const body = await r.json();
+  if (body.sessions.length === 0) {
+    process.stdout.write("No active session tokens.\n");
+    return;
+  }
+  const header = {
+    id: "ID",
+    label: "LABEL",
+    createdAt: "CREATED",
+    expiresAt: "EXPIRES",
+    lastUsedAt: "LAST USED"
+  };
+  const rows = body.sessions.map((s) => ({
+    id: s.id,
+    label: s.label ?? "-",
+    createdAt: s.createdAt,
+    expiresAt: s.expiresAt,
+    lastUsedAt: s.lastUsedAt
+  }));
+  const widths = {
+    id: maxLen4(header.id, rows.map((r2) => r2.id)),
+    label: maxLen4(header.label, rows.map((r2) => r2.label)),
+    createdAt: maxLen4(header.createdAt, rows.map((r2) => r2.createdAt)),
+    expiresAt: maxLen4(header.expiresAt, rows.map((r2) => r2.expiresAt))
+  };
+  const fmt = (r2) => [
+    r2.id.padEnd(widths.id),
+    r2.label.padEnd(widths.label),
+    r2.createdAt.padEnd(widths.createdAt),
+    r2.expiresAt.padEnd(widths.expiresAt),
+    r2.lastUsedAt
+  ].join("  ");
+  process.stdout.write(fmt(header) + "\n");
+  for (const r2 of rows) {
+    process.stdout.write(fmt(r2) + "\n");
+  }
+}
+async function runAuthRevoke(id) {
+  if (!id) {
+    process.stderr.write("Usage: hydra-acp auth revoke <id>\n");
+    process.exit(2);
+  }
+  const config = await loadConfig();
+  const token = await loadServiceToken();
+  const baseUrl = httpBase(
+    config.daemon.host,
+    config.daemon.port,
+    !!config.daemon.tls
+  );
+  const r = await fetch(`${baseUrl}/v1/auth/sessions/${id}`, {
+    method: "DELETE",
+    headers: { Authorization: `Bearer ${token}` }
+  });
+  if (r.status === 204) {
+    process.stdout.write(`Revoked ${id}
+`);
+    return;
+  }
+  if (r.status === 404) {
+    process.stderr.write(`No session token with id ${id}
+`);
+    process.exit(1);
+  }
+  process.stderr.write(`Daemon returned HTTP ${r.status}
+`);
+  process.exit(1);
+}
+function maxLen4(headerCell, values) {
+  let max = headerCell.length;
+  for (const v of values) {
+    if (v.length > max) {
+      max = v.length;
+    }
+  }
+  return max;
+}
+
 // src/shim/proxy.ts
 init_config();
+init_service_token();
 init_daemon_bootstrap();
 init_resilient_ws();
 
@@ -14054,13 +15797,14 @@ function isResponse2(msg) {
 
 // src/shim/proxy.ts
 async function runShim(opts) {
-  const config = await ensureConfig();
+  const config = await loadConfig();
+  const serviceToken = await ensureServiceToken();
   await ensureDaemonReachable(config);
   const tracker = new SessionTracker();
   const downstream = ndjsonStreamFromStdio(process.stdin, process.stdout);
   const protocol = config.daemon.tls ? "wss" : "ws";
   const url = `${protocol}://${config.daemon.host}:${config.daemon.port}/acp`;
-  const subprotocols = ["acp.v1", `hydra-acp-token.${config.daemon.authToken}`];
+  const subprotocols = ["acp.v1", `hydra-acp-token.${serviceToken}`];
   const upstream = new ResilientWsStream({
     url,
     subprotocols,
@@ -14401,6 +16145,7 @@ async function main() {
       process.exit(2);
       return;
     }
+    case "session":
     case "sessions": {
       const sub = positional[1];
       if (sub === void 0 || sub === "list") {
@@ -14437,13 +16182,14 @@ async function main() {
         });
         return;
       }
-      process.stderr.write(`Unknown sessions subcommand: ${sub}
+      process.stderr.write(`Unknown session subcommand: ${sub}
 `);
       process.exit(2);
       return;
     }
+    case "extension":
     case "extensions": {
-      const extIdx = argv.indexOf("extensions");
+      const extIdx = argv.indexOf(subcommand);
       const tail = argv.slice(extIdx + 1);
       const sub = tail[0];
       const name2 = tail[1];
@@ -14476,11 +16222,12 @@ async function main() {
         await runExtensionsLogs(name2, rest);
         return;
       }
-      process.stderr.write(`Unknown extensions subcommand: ${sub}
+      process.stderr.write(`Unknown extension subcommand: ${sub}
 `);
       process.exit(2);
       return;
     }
+    case "agent":
     case "agents": {
       const sub = positional[1];
       if (sub === void 0 || sub === "list") {
@@ -14491,7 +16238,33 @@ async function main() {
         await runAgentsRefresh();
         return;
       }
-      process.stderr.write(`Unknown agents subcommand: ${sub}
+      process.stderr.write(`Unknown agent subcommand: ${sub}
+`);
+      process.exit(2);
+      return;
+    }
+    case "auth": {
+      const sub = positional[1];
+      if (sub === "password") {
+        const action = positional[2];
+        if (action === void 0 || action === "set") {
+          await runAuthPasswordSet(flags);
+          return;
+        }
+        process.stderr.write(`Unknown auth password action: ${action}
+`);
+        process.exit(2);
+        return;
+      }
+      if (sub === void 0 || sub === "list") {
+        await runAuthList();
+        return;
+      }
+      if (sub === "revoke") {
+        await runAuthRevoke(positional[2]);
+        return;
+      }
+      process.stderr.write(`Unknown auth subcommand: ${sub}
 `);
       process.exit(2);
       return;
@@ -14571,23 +16344,26 @@ function printHelp() {
       "  hydra-acp daemon start [--foreground]   Start daemon (detached by default; --foreground to attach)",
       "  hydra-acp daemon stop|restart|status",
       "  hydra-acp daemon logs [-f] [-n N]  Tail or follow the daemon log",
-      "  hydra-acp sessions [list] [--all] [--json]",
+      "  hydra-acp session [list] [--all] [--json]",
       "                                     List sessions (live + 20 most-recent cold; --all for everything; --json emits the raw daemon response as JSON for scripts)",
-      "  hydra-acp sessions kill <id>       Demote a live session to cold (keeps the on-disk record)",
-      "  hydra-acp sessions remove <id>     Remove a session entirely (live or cold)",
-      "  hydra-acp sessions export <id> [--out <file>|.]",
+      "  hydra-acp session kill <id>        Demote a live session to cold (keeps the on-disk record)",
+      "  hydra-acp session remove <id>      Remove a session entirely (live or cold)",
+      "  hydra-acp session export <id> [--out <file>|.]",
       "                                     Write a session bundle to <file>, to a default-named file when --out=., or to stdout",
-      "  hydra-acp sessions transcript <id>|<file> [--out <file>|.]",
+      "  hydra-acp session transcript <id>|<file> [--out <file>|.]",
       "                                     Render a session as a markdown transcript. Accepts a session id (renders via the daemon) or a local .hydra bundle file (rendered in-process). Writes to <file>, to a default-named file when --out=., or to stdout",
-      "  hydra-acp sessions import <file>|- [--replace] [--cwd <path>] [--info]",
+      "  hydra-acp session import <file>|- [--replace] [--cwd <path>] [--info]",
       "                                     Import a bundle from <file> or stdin (-); --replace overwrites a lineage match (kills it if live); --cwd overrides the bundle's recorded working directory; --info prints the bundle's meta without importing",
-      "  hydra-acp extensions list                   List configured extensions and live state",
-      "  hydra-acp extensions add <name> [opts]      Add an extension to config",
-      "  hydra-acp extensions remove <name>          Remove an extension from config",
-      "  hydra-acp extensions start|stop|restart <n>|all  Lifecycle on one or all",
-      "  hydra-acp extensions logs <name> [-f] [-n N]Tail or follow an extension's log",
-      "  hydra-acp agents [list]                     List agents in the cached registry",
-      "  hydra-acp agents refresh                    Force a registry re-fetch",
+      "  hydra-acp extension list                    List configured extensions and live state",
+      "  hydra-acp extension add <name> [opts]       Add an extension to config",
+      "  hydra-acp extension remove <name>           Remove an extension from config",
+      "  hydra-acp extension start|stop|restart <n>|all   Lifecycle on one or all",
+      "  hydra-acp extension logs <name> [-f] [-n N]      Tail or follow an extension's log",
+      "  hydra-acp agent [list]                      List agents in the cached registry",
+      "  hydra-acp agent refresh                     Force a registry re-fetch",
+      "  hydra-acp auth password [--force]           Set the daemon's master password",
+      "  hydra-acp auth [list]                       List active session tokens",
+      "  hydra-acp auth revoke <id>                  Revoke a session token",
       "  hydra-acp tui flags: [--resume <id>] [--reattach] [--new] [--agent <id>] [--model <id>] [--cwd <path>] [--name <label>]",
       "                                     --resume <id> attaches to a specific session; --reattach picks the most-recent in cwd.",
       "                                     Smart default (no flags): shows a picker when sessions exist, else new.",