@hydra-acp/cli 0.1.49 → 0.1.50

package/dist/cli.js

@@ -930,6 +930,9 @@ function extractHydraMeta(meta) {
   if (typeof obj.promptUpdating === "boolean") {
     out.promptUpdating = obj.promptUpdating;
   }
+  if (typeof obj.mcpStdin === "boolean") {
+    out.mcpStdin = obj.mcpStdin;
+  }
   if (typeof obj.promptAmending === "boolean") {
     out.promptAmending = obj.promptAmending;
   }
@@ -1163,6 +1166,10 @@ var init_types = __esm({
       importedFromUpstreamSessionId: z3.string().optional(),
       // Set when this session was spawned as a child by a transformer.
       parentSessionId: z3.string().optional(),
+      // clientInfo from the process that issued session/new. Lets list views
+      // hide cat-style ancillary sessions by default while letting an
+      // override flag surface them.
+      originatingClient: z3.object({ name: z3.string(), version: z3.string().optional() }).optional(),
       updatedAt: z3.string(),
       attachedClients: z3.number().int().nonnegative(),
       status: z3.enum(["live", "cold"]).default("live"),
@@ -1547,18 +1554,34 @@ var init_connection = __esm({
 
 // src/core/stream-buffer.ts
 import * as fsp3 from "fs/promises";
-var DEFAULT_CAPACITY_BYTES, STREAM_READ_MAX_BYTES, STREAM_WAIT_MAX_MS, SessionStreamBuffer;
+function escapeRegex(s) {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+var DEFAULT_CAPACITY_BYTES, INITIAL_CAPACITY_BYTES, STREAM_READ_MAX_BYTES, STREAM_WAIT_MAX_MS, STREAM_GREP_DEFAULT_MATCHES, STREAM_GREP_MAX_MATCHES, STREAM_GREP_DEFAULT_BYTES, STREAM_GREP_MAX_BYTES, STREAM_GREP_MAX_CONTEXT, SessionStreamBuffer;
 var init_stream_buffer = __esm({
   "src/core/stream-buffer.ts"() {
     "use strict";
-    DEFAULT_CAPACITY_BYTES = 16 * 1024 * 1024;
+    DEFAULT_CAPACITY_BYTES = 64 * 1024 * 1024;
+    INITIAL_CAPACITY_BYTES = 1 * 1024 * 1024;
     STREAM_READ_MAX_BYTES = 64 * 1024;
     STREAM_WAIT_MAX_MS = 6e4;
+    STREAM_GREP_DEFAULT_MATCHES = 100;
+    STREAM_GREP_MAX_MATCHES = 1e3;
+    STREAM_GREP_DEFAULT_BYTES = 64 * 1024;
+    STREAM_GREP_MAX_BYTES = 256 * 1024;
+    STREAM_GREP_MAX_CONTEXT = 20;
     SessionStreamBuffer = class {
       storage;
-      capacityBytes;
+      // The configured cap. Eviction begins once writeCursor exceeds this.
+      maxCapacityBytes;
+      // The size of the currently-allocated `storage`. Starts at
+      // INITIAL_CAPACITY_BYTES (clamped to maxCapacityBytes) and doubles on
+      // demand. Once it reaches maxCapacityBytes the ring behaves like a
+      // fixed-size buffer; before then, writeCursor < currentCapacityBytes
+      // always, so no wrap-around math is in play.
+      currentCapacityBytes;
       // Absolute monotonic byte offset of the next byte to be written. Also
-      // the count of bytes ever appended. `writeCursor - capacityBytes`
+      // the count of bytes ever appended. `writeCursor - currentCapacityBytes`
       // (clamped at 0) is the oldest still-resident byte's cursor.
       writeCursor = 0;
       closed = false;
@@ -1573,24 +1596,33 @@ var init_stream_buffer = __esm({
       // calls don't interleave their writes.
       fileWriteChain = Promise.resolve();
       constructor(opts = {}) {
-        this.capacityBytes = opts.capacityBytes ?? DEFAULT_CAPACITY_BYTES;
-        if (this.capacityBytes <= 0) {
+        this.maxCapacityBytes = opts.capacityBytes ?? DEFAULT_CAPACITY_BYTES;
+        if (this.maxCapacityBytes <= 0) {
           throw new Error("capacityBytes must be > 0");
         }
-        this.storage = Buffer.alloc(this.capacityBytes);
+        this.currentCapacityBytes = Math.min(
+          INITIAL_CAPACITY_BYTES,
+          this.maxCapacityBytes
+        );
+        this.storage = Buffer.alloc(this.currentCapacityBytes);
         this.filePath = opts.filePath;
         this.fileCapBytes = opts.fileCapBytes ?? Number.POSITIVE_INFINITY;
         this.onFileCapReached = opts.onFileCapReached;
         this.logWriteError = opts.logWriteError;
       }
       get capacity() {
-        return this.capacityBytes;
+        return this.maxCapacityBytes;
+      }
+      // Currently-allocated storage size (for observability / tests). May be
+      // anywhere between INITIAL_CAPACITY_BYTES and capacity.
+      get allocatedBytes() {
+        return this.currentCapacityBytes;
       }
       get writeCursorPos() {
         return this.writeCursor;
       }
       get oldestAvailable() {
-        return Math.max(0, this.writeCursor - this.capacityBytes);
+        return Math.max(0, this.writeCursor - this.currentCapacityBytes);
       }
       get isClosed() {
         return this.closed;
@@ -1735,6 +1767,136 @@ var init_stream_buffer = __esm({
           this.waiters.push(waiter);
         });
       }
+      // Scan the resident region line-by-line, returning lines that match
+      // `pattern`. Server-side filtering so the agent doesn't have to pull
+      // and decode 64 KiB base64 windows just to grep a multi-MB log.
+      //
+      // Lines are split on `\n` (LF). A trailing partial line (no LF) is
+      // skipped when the buffer is still open — its bytes might be the
+      // start of a longer line that's still being written — but is treated
+      // as a final full line once the buffer is closed.
+      //
+      // Caps: max 1000 matches and 256 KiB of output bytes per call. The
+      // agent should re-call with `cursor = nextCursor` to resume when
+      // `truncated:true`.
+      grep(opts) {
+        const oldest = this.oldestAvailable;
+        const requested = opts.cursor;
+        let start = requested ?? oldest;
+        let gap = 0;
+        if (requested !== void 0 && requested < oldest) {
+          gap = oldest - requested;
+          start = oldest;
+        }
+        if (start > this.writeCursor) {
+          start = this.writeCursor;
+        }
+        const slice = this.sliceFromRing(start, this.writeCursor - start);
+        const useRegex = opts.regex ?? true;
+        const flags = opts.caseInsensitive === true ? "i" : "";
+        const re = useRegex ? new RegExp(opts.pattern, flags) : new RegExp(escapeRegex(opts.pattern), flags);
+        const invert = opts.invert ?? false;
+        const maxMatches = Math.max(
+          1,
+          Math.min(
+            opts.maxMatches ?? STREAM_GREP_DEFAULT_MATCHES,
+            STREAM_GREP_MAX_MATCHES
+          )
+        );
+        const maxBytes = Math.max(
+          1,
+          Math.min(opts.maxBytes ?? STREAM_GREP_DEFAULT_BYTES, STREAM_GREP_MAX_BYTES)
+        );
+        const contextBefore = Math.max(
+          0,
+          Math.min(opts.contextBefore ?? 0, STREAM_GREP_MAX_CONTEXT)
+        );
+        const contextAfter = Math.max(
+          0,
+          Math.min(opts.contextAfter ?? 0, STREAM_GREP_MAX_CONTEXT)
+        );
+        const matches = [];
+        const beforeRing = [];
+        const pendingAfter = [];
+        let bytesUsed = 0;
+        let truncated = false;
+        let lineStartByte = 0;
+        let resumeFromLineStart = 0;
+        const processLine = (lineCursor, lineText) => {
+          for (const pa of pendingAfter) {
+            if (pa.remaining > 0) {
+              if (pa.match.after === void 0) {
+                pa.match.after = [];
+              }
+              pa.match.after.push({ cursor: lineCursor, line: lineText });
+              pa.remaining--;
+              bytesUsed += lineText.length;
+            }
+          }
+          while (pendingAfter.length > 0 && pendingAfter[0].remaining === 0) {
+            pendingAfter.shift();
+          }
+          const matched = re.test(lineText) !== invert;
+          if (matched && matches.length < maxMatches) {
+            const m = { cursor: lineCursor, line: lineText };
+            if (contextBefore > 0 && beforeRing.length > 0) {
+              m.before = beforeRing.slice();
+              for (const b of m.before) {
+                bytesUsed += b.line.length;
+              }
+            }
+            bytesUsed += lineText.length;
+            matches.push(m);
+            if (contextAfter > 0) {
+              pendingAfter.push({ match: m, remaining: contextAfter });
+            }
+          }
+          if (contextBefore > 0) {
+            beforeRing.push({ cursor: lineCursor, line: lineText });
+            while (beforeRing.length > contextBefore) {
+              beforeRing.shift();
+            }
+          }
+          const hitMaxMatches = matches.length >= maxMatches && pendingAfter.length === 0;
+          const hitMaxBytes = bytesUsed >= maxBytes;
+          return hitMaxMatches || hitMaxBytes;
+        };
+        for (let i = 0; i < slice.length; i++) {
+          if (slice[i] !== 10) {
+            continue;
+          }
+          const lineText = slice.subarray(lineStartByte, i).toString("utf8");
+          const lineCursor = start + lineStartByte;
+          lineStartByte = i + 1;
+          resumeFromLineStart = lineStartByte;
+          if (processLine(lineCursor, lineText)) {
+            truncated = true;
+            break;
+          }
+        }
+        if (!truncated && lineStartByte < slice.length && this.closed) {
+          const lineText = slice.subarray(lineStartByte).toString("utf8");
+          const lineCursor = start + lineStartByte;
+          if (processLine(lineCursor, lineText)) {
+            truncated = true;
+          }
+          resumeFromLineStart = slice.length;
+        }
+        const nextCursor = Math.min(start + resumeFromLineStart, this.writeCursor);
+        const result = {
+          matches,
+          truncated,
+          nextCursor,
+          scannedBytes: resumeFromLineStart
+        };
+        if (gap > 0) {
+          result.gap = gap;
+        }
+        if (this.closed && nextCursor >= this.writeCursor) {
+          result.eof = true;
+        }
+        return result;
+      }
       wakeWaiters(outcome) {
         if (this.waiters.length === 0) {
           return;
@@ -1745,15 +1907,42 @@ var init_stream_buffer = __esm({
           w.resolve(outcome);
         }
       }
+      // Grow `storage` if needed to fit `additionalBytes` more bytes without
+      // wrapping. Caps at maxCapacityBytes; once we're at the cap, callers
+      // fall back to ring-wrap behavior. Doubles each grow so we amortize.
+      // Only called before we've ever wrapped (writeCursor < currentCapacity
+      // always holds while we're growing), so the existing bytes live at
+      // storage[0..writeCursor] and we can just copy them flat.
+      growIfNeeded(additionalBytes) {
+        if (this.currentCapacityBytes >= this.maxCapacityBytes) {
+          return;
+        }
+        const needed = this.writeCursor + additionalBytes;
+        if (needed <= this.currentCapacityBytes) {
+          return;
+        }
+        let next = this.currentCapacityBytes;
+        while (next < needed && next < this.maxCapacityBytes) {
+          next = Math.min(this.maxCapacityBytes, next * 2);
+        }
+        if (next === this.currentCapacityBytes) {
+          return;
+        }
+        const newStorage = Buffer.alloc(next);
+        this.storage.copy(newStorage, 0, 0, this.writeCursor);
+        this.storage = newStorage;
+        this.currentCapacityBytes = next;
+      }
       writeRing(chunk) {
         const len = chunk.length;
-        if (len >= this.capacityBytes) {
-          const tailStart = len - this.capacityBytes;
+        this.growIfNeeded(len);
+        if (len >= this.currentCapacityBytes) {
+          const tailStart = len - this.currentCapacityBytes;
           chunk.copy(this.storage, 0, tailStart, len);
           return;
         }
-        const offset = this.writeCursor % this.capacityBytes;
-        const tailRoom = this.capacityBytes - offset;
+        const offset = this.writeCursor % this.currentCapacityBytes;
+        const tailRoom = this.currentCapacityBytes - offset;
         if (len <= tailRoom) {
           chunk.copy(this.storage, offset, 0, len);
         } else {
@@ -1766,8 +1955,8 @@ var init_stream_buffer = __esm({
           return Buffer.alloc(0);
         }
         const out = Buffer.alloc(length);
-        const offset = fromCursor % this.capacityBytes;
-        const tailLen = Math.min(length, this.capacityBytes - offset);
+        const offset = fromCursor % this.currentCapacityBytes;
+        const tailLen = Math.min(length, this.currentCapacityBytes - offset);
         this.storage.copy(out, 0, offset, offset + tailLen);
         if (tailLen < length) {
           this.storage.copy(out, tailLen, 0, length - tailLen);
@@ -2191,6 +2380,7 @@ var init_session = __esm({
       agentCapabilities;
       agentArgs;
       parentSessionId;
+      originatingClient;
       title;
       // Snapshot state delivered to attaching clients via the attach
       // response _meta rather than via history replay (which would be
@@ -2345,6 +2535,7 @@ var init_session = __esm({
         this.agentCapabilities = init.agentCapabilities;
         this.agentArgs = init.agentArgs;
         this.parentSessionId = init.parentSessionId;
+        this.originatingClient = init.originatingClient;
         this.title = init.title;
         this.currentModel = init.currentModel;
         this.currentMode = init.currentMode;
@@ -4532,6 +4723,43 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
         }
         return out;
       }
+      streamTail(bytes) {
+        const buf = this.requireStreamBuffer();
+        const r = buf.tail(bytes);
+        return {
+          bytes: r.bytes.toString("base64"),
+          startCursor: r.startCursor,
+          endCursor: r.endCursor,
+          truncated: r.truncated
+        };
+      }
+      streamHead(bytes) {
+        const buf = this.requireStreamBuffer();
+        const r = buf.head(bytes);
+        return {
+          bytes: r.bytes.toString("base64"),
+          startCursor: r.startCursor,
+          endCursor: r.endCursor,
+          truncated: r.truncated
+        };
+      }
+      async streamWaitFor(cursor, timeoutMs) {
+        const buf = this.requireStreamBuffer();
+        return buf.waitForData(cursor, timeoutMs);
+      }
+      streamGrep(opts) {
+        const buf = this.requireStreamBuffer();
+        return buf.grep(opts);
+      }
+      streamInfo() {
+        const buf = this.requireStreamBuffer();
+        return {
+          writeCursor: buf.writeCursorPos,
+          oldestAvailable: buf.oldestAvailable,
+          capacity: buf.capacity,
+          closed: buf.isClosed
+        };
+      }
       requireStreamBuffer() {
         if (this.streamBuffer === void 0) {
           const err = new Error(
@@ -5122,11 +5350,12 @@ function resolveVersion() {
   }
   return "0.0.0";
 }
-var HYDRA_VERSION;
+var HYDRA_VERSION, HYDRA_CAT_CLIENT_NAME;
 var init_hydra_version = __esm({
   "src/core/hydra-version.ts"() {
     "use strict";
     HYDRA_VERSION = resolveVersion();
+    HYDRA_CAT_CLIENT_NAME = "hydra-acp-cat";
   }
 });
 
@@ -5714,7 +5943,8 @@ async function listSessions(target, opts = {}, fetchImpl = fetch) {
     title: s.title,
     importedFromMachine: s.importedFromMachine,
     importedFromUpstreamSessionId: s.importedFromUpstreamSessionId,
-    busy: s.busy
+    busy: s.busy,
+    originatingClient: s.originatingClient
   }));
 }
 async function killSession(target, id, fetchImpl = fetch) {
@@ -6234,6 +6464,47 @@ var init_resilient_ws = __esm({
   }
 });
 
+// src/acp/permission-pick.ts
+function pickPermissionOptionId(params, preferredKinds) {
+  const options = params && typeof params === "object" ? params.options : void 0;
+  if (Array.isArray(options)) {
+    for (const kind of preferredKinds) {
+      const match = options.find(
+        (o) => typeof o === "object" && o !== null && o.kind === kind && typeof o.optionId === "string"
+      );
+      if (match?.optionId !== void 0) {
+        return match.optionId;
+      }
+    }
+    const fallback = options.find(
+      (o) => typeof o === "object" && o !== null && typeof o.optionId === "string"
+    );
+    if (fallback?.optionId !== void 0) {
+      return fallback.optionId;
+    }
+  }
+  return preferredKinds[0] ?? "allow";
+}
+function buildApproveResponse(params) {
+  const optionId = pickPermissionOptionId(params, [
+    "allow_once",
+    "allow_always"
+  ]);
+  return { outcome: { outcome: "selected", optionId } };
+}
+function buildRejectResponse(params) {
+  const optionId = pickPermissionOptionId(params, [
+    "reject_once",
+    "reject_always"
+  ]);
+  return { outcome: { outcome: "selected", optionId } };
+}
+var init_permission_pick = __esm({
+  "src/acp/permission-pick.ts"() {
+    "use strict";
+  }
+});
+
 // src/core/update-check.ts
 function disabled() {
   if (process.env.NO_UPDATE_NOTIFIER === "1") {
@@ -10582,7 +10853,9 @@ var init_import_action_prompt = __esm({
 
 // src/tui/picker.ts
 function createPickerPrefs() {
-  return { filters: { cwdOnly: false, hostFilter: "__local" } };
+  return {
+    filters: { cwdOnly: false, hostFilter: "__local", showCat: false }
+  };
 }
 async function pickSession(term, opts) {
   process.stdout.write("\x1B[<u");
@@ -10624,6 +10897,11 @@ async function pickSession(term, opts) {
     if (prefs.filters.cwdOnly) {
       base = base.filter((s) => s.cwd === opts.cwd);
     }
+    if (!prefs.filters.showCat) {
+      base = base.filter(
+        (s) => s.originatingClient?.name !== HYDRA_CAT_CLIENT_NAME
+      );
+    }
     base = filterByHost(base, prefs.filters.hostFilter);
     return base;
   };
@@ -10816,6 +11094,9 @@ async function pickSession(term, opts) {
         prefs.filters.hostFilter === "__local" ? "host: local" : `host: ${prefs.filters.hostFilter}`
       );
     }
+    if (prefs.filters.showCat) {
+      parts.push("+cat");
+    }
     if (above > 0) {
       parts.push(`\u2191 ${above} above`);
     }
@@ -12012,6 +12293,14 @@ ${cells}`;
           renderFromScratch();
           return;
         }
+        if (name === "i" || name === "I") {
+          const keepId = selectedIdx > 0 ? visible[selectedIdx - 1]?.sessionId : void 0;
+          prefs.filters.showCat = !prefs.filters.showCat;
+          applyFilter();
+          restoreCursorAfterFilter(keepId);
+          renderFromScratch();
+          return;
+        }
         if (name === "r" || name === "R") {
           const currentId = selectedIdx > 0 ? visible[selectedIdx - 1]?.sessionId : void 0;
           void refresh(currentId);
@@ -12238,6 +12527,7 @@ var init_picker = __esm({
     init_session_row();
     init_paths();
     init_session();
+    init_hydra_version();
     init_discovery();
     init_input();
     init_screen();
@@ -12262,6 +12552,7 @@ var init_picker = __esm({
       ["^f", "find in session history (content + tool inputs)"],
       ["o", "toggle cwd-only filter"],
       ["h", "cycle host filter (local / <peer> / all)"],
+      ["i", "toggle include-cat filter"],
       ["r", "refresh from daemon"],
       null,
       ["k", "kill the selected live session"],
@@ -13798,6 +14089,9 @@ async function runSession(term, config, target, opts, exitHint, viewPrefs, picke
     if (teardownStarted) {
       return { outcome: { outcome: "cancelled" } };
     }
+    if (opts.dangerouslySkipPermissions) {
+      return buildApproveResponse(params);
+    }
     const p = params ?? {};
     const rawOptions = Array.isArray(p.options) ? p.options : [];
     const options = rawOptions.map((o) => ({
@@ -15810,6 +16104,7 @@ var init_app = __esm({
     init_session();
     init_paths();
     init_hydra_version();
+    init_permission_pick();
     init_update_check();
     init_history();
     init_discovery();
@@ -15878,12 +16173,14 @@ import { dirname as dirname6, resolve as resolve5 } from "path";
 // src/cli/parse-args.ts
 var KNOWN_BOOLEAN_FLAGS = /* @__PURE__ */ new Set([
   "all",
+  "dangerously-skip-permissions",
   "detach",
   "disabled",
   "follow",
   "force",
   "foreground",
   "help",
+  "include-cat",
   "info",
   "json",
   "new",
@@ -15891,7 +16188,6 @@ var KNOWN_BOOLEAN_FLAGS = /* @__PURE__ */ new Set([
   "readonly",
   "replace",
   "rotate-token",
-  "stream",
   "version"
 ]);
 var KNOWN_VALUE_FLAGS = /* @__PURE__ */ new Set([
@@ -15907,7 +16203,6 @@ var KNOWN_VALUE_FLAGS = /* @__PURE__ */ new Set([
   "prompt",
   "session",
   "stream-bytes",
-  "stream-file-cap",
   "stream-threshold",
   "tail"
 ]);
@@ -17065,6 +17360,10 @@ var PersistedUsage = z4.object({
   costCurrency: z4.string().optional(),
   cumulativeCost: z4.number().optional()
 });
+var PersistedOriginatingClient = z4.object({
+  name: z4.string(),
+  version: z4.string().optional()
+});
 var SessionRecord = z4.object({
   version: z4.literal(1),
   sessionId: z4.string(),
@@ -17115,6 +17414,10 @@ var SessionRecord = z4.object({
   // Set when this session was spawned as a child by a transformer via
   // hydra-acp/spawn_child_session. Points to the spawning session's id.
   parentSessionId: z4.string().optional(),
+  // clientInfo from the process that issued session/new. Picker and
+  // `sessions list` use this to hide cat-style ancillary sessions by
+  // default; carried in meta.json so cold sessions filter the same way.
+  originatingClient: PersistedOriginatingClient.optional(),
   createdAt: z4.string(),
   updatedAt: z4.string()
 });
@@ -17237,6 +17540,7 @@ function recordFromMemorySession(args) {
     agentModels: args.agentModels,
     pendingHistorySync: args.pendingHistorySync,
     parentSessionId: args.parentSessionId,
+    originatingClient: args.originatingClient,
     createdAt: args.createdAt ?? now,
     updatedAt: args.updatedAt ?? now
   };
@@ -17495,6 +17799,7 @@ var SessionManager = class {
       agentModels: fresh.initialModels,
       transformChain: params.transformChain,
       parentSessionId: params.parentSessionId,
+      originatingClient: params.originatingClient,
       extensionCommands: this.extensionCommands
     });
     await this.attachManagerHooks(session);
@@ -17666,6 +17971,7 @@ var SessionManager = class {
       // than stay stuck.
       firstPromptSeeded: !!params.title,
       createdAt: params.createdAt ? new Date(params.createdAt).getTime() : void 0,
+      originatingClient: params.originatingClient,
       extensionCommands: this.extensionCommands
     });
     await this.attachManagerHooks(session);
@@ -17733,6 +18039,7 @@ var SessionManager = class {
       agentModels: advertisedModels,
       firstPromptSeeded: !!params.title,
       createdAt: params.createdAt ? new Date(params.createdAt).getTime() : void 0,
+      originatingClient: params.originatingClient,
       extensionCommands: this.extensionCommands
     });
     await this.attachManagerHooks(session);
@@ -18082,7 +18389,8 @@ var SessionManager = class {
       agentModes: record.agentModes,
       agentModels: record.agentModels,
       createdAt: record.createdAt,
-      pendingHistorySync: record.pendingHistorySync
+      pendingHistorySync: record.pendingHistorySync,
+      originatingClient: record.originatingClient
     };
   }
   async clearPendingHistorySync(sessionId) {
@@ -18183,6 +18491,7 @@ var SessionManager = class {
         currentModel: session.currentModel,
         currentUsage: session.currentUsage,
         parentSessionId: session.parentSessionId,
+        originatingClient: session.originatingClient,
         updatedAt: used,
         attachedClients: session.attachedCount,
         status: "live",
@@ -18212,6 +18521,7 @@ var SessionManager = class {
         importedFromMachine: r.importedFromMachine,
         importedFromUpstreamSessionId: r.importedFromUpstreamSessionId,
         parentSessionId: r.parentSessionId,
+        originatingClient: r.originatingClient,
         updatedAt: used,
         attachedClients: 0,
         status: "cold",
@@ -18557,6 +18867,7 @@ function mergeForPersistence(session, existing) {
     agentModes,
     agentModels,
     parentSessionId: session.parentSessionId ?? existing?.parentSessionId,
+    originatingClient: session.originatingClient ?? existing?.originatingClient,
     createdAt: existing?.createdAt ?? new Date(session.createdAt).toISOString()
   });
 }
@@ -21705,6 +22016,7 @@ import { nanoid as nanoid2 } from "nanoid";
 import * as os5 from "os";
 import * as path13 from "path";
 init_hydra_version();
+import { randomBytes as randomBytes3 } from "crypto";
 function registerAcpWsEndpoint(app, deps) {
   app.get("/acp", { websocket: true }, async (socket, request) => {
     const token = tokenFromUpgradeRequest({
@@ -21742,6 +22054,12 @@ function registerAcpWsEndpoint(app, deps) {
     };
     connection.onRequest("initialize", async (raw) => {
       const params = InitializeParams.parse(raw ?? {});
+      if (params.clientInfo?.name) {
+        state.clientInfo = {
+          name: params.clientInfo.name,
+          ...params.clientInfo.version !== void 0 ? { version: params.clientInfo.version } : {}
+        };
+      }
       const version = params.clientInfo?.version;
       if (version && processIdentity) {
         if (processIdentity.kind === "extension") {
@@ -21921,16 +22239,50 @@ function registerAcpWsEndpoint(app, deps) {
       );
       const transformerNames = Array.isArray(hydraMeta.transformers) && hydraMeta.transformers.every((t) => typeof t === "string") ? hydraMeta.transformers : deps.manager.defaultTransformers ?? [];
       const transformChain = deps.transformers?.resolveChain(transformerNames) ?? [];
-      const session = await deps.manager.create({
-        cwd: params.cwd,
-        agentId: params.agentId ?? deps.defaultAgent,
-        mcpServers: params.mcpServers,
-        title: hydraMeta.name,
-        agentArgs: hydraMeta.agentArgs,
-        model: hydraMeta.model,
-        onInstallProgress: makeInstallProgressForwarder(connection),
-        transformChain
-      });
+      let stdinToken;
+      let stdinReservation;
+      let augmentedMcpServers = params.mcpServers;
+      if (hydraMeta.mcpStdin === true && deps.stdinMcpRegistry !== void 0 && deps.getDaemonOrigin !== void 0) {
+        stdinToken = randomBytes3(32).toString("hex");
+        stdinReservation = deps.stdinMcpRegistry.reserve(stdinToken);
+        const url = `${deps.getDaemonOrigin()}/mcp/stdin`;
+        const descriptor = {
+          name: "hydra_stdin",
+          type: "http",
+          url,
+          headers: [
+            { name: "Authorization", value: `Bearer ${stdinToken}` }
+          ]
+        };
+        augmentedMcpServers = [...params.mcpServers ?? [], descriptor];
+      }
+      let session;
+      try {
+        session = await deps.manager.create({
+          cwd: params.cwd,
+          agentId: params.agentId ?? deps.defaultAgent,
+          mcpServers: augmentedMcpServers,
+          title: hydraMeta.name,
+          agentArgs: hydraMeta.agentArgs,
+          model: hydraMeta.model,
+          onInstallProgress: makeInstallProgressForwarder(connection),
+          transformChain,
+          originatingClient: state.clientInfo
+        });
+      } catch (err) {
+        if (stdinReservation !== void 0) {
+          stdinReservation.abandon(err instanceof Error ? err : void 0);
+        }
+        throw err;
+      }
+      if (stdinToken !== void 0 && stdinReservation !== void 0 && deps.stdinMcpRegistry !== void 0) {
+        const token2 = stdinToken;
+        const registry = deps.stdinMcpRegistry;
+        stdinReservation.complete(session);
+        session.onClose(() => {
+          void registry.unbind(token2);
+        });
+      }
       const client = bindClientToSession(connection, session, state);
       const { entries: replay } = await session.attach(client, "full");
       state.attached.set(session.sessionId, {
@@ -22651,6 +23003,336 @@ function bindClientToSession(connection, session, state, clientInfo, callerClien
   };
 }
 
+// src/daemon/mcp/stdin-registry.ts
+var StdinMcpRegistry = class {
+  byToken = /* @__PURE__ */ new Map();
+  // Reserve a token slot before the session exists. Used by acp-ws when
+  // we need to inject the bearer into the agent's mcpServers BEFORE
+  // manager.create() returns — claude-acp connects to /mcp/stdin during
+  // session/new initialization (eagerly), so the route handler must be
+  // able to find the token by the time the agent's first request lands.
+  reserve(token) {
+    if (this.byToken.has(token)) {
+      throw new Error(`stdin MCP token already bound`);
+    }
+    let resolveSession2;
+    let rejectSession;
+    const sessionReady = new Promise((resolve6, reject) => {
+      resolveSession2 = resolve6;
+      rejectSession = reject;
+    });
+    sessionReady.catch(() => void 0);
+    const entry = { session: void 0, sessionReady };
+    this.byToken.set(token, entry);
+    return {
+      complete: (session) => {
+        entry.session = session;
+        resolveSession2(session);
+      },
+      abandon: (reason) => {
+        this.byToken.delete(token);
+        rejectSession(reason ?? new Error("stdin MCP reservation abandoned"));
+      }
+    };
+  }
+  // Convenience for callers that already have the session in hand (and
+  // for tests). Equivalent to reserve() + complete() back-to-back.
+  bind(token, session) {
+    const { complete } = this.reserve(token);
+    complete(session);
+  }
+  lookup(token) {
+    return this.byToken.get(token);
+  }
+  attachTransport(token, server, transport) {
+    const ep = this.byToken.get(token);
+    if (!ep) {
+      return;
+    }
+    ep.server = server;
+    ep.transport = transport;
+  }
+  async unbind(token) {
+    const ep = this.byToken.get(token);
+    if (!ep) {
+      return;
+    }
+    this.byToken.delete(token);
+    if (ep.transport) {
+      try {
+        await ep.transport.close();
+      } catch {
+      }
+    }
+    if (ep.server) {
+      try {
+        await ep.server.close();
+      } catch {
+      }
+    }
+  }
+  size() {
+    return this.byToken.size;
+  }
+};
+
+// src/daemon/mcp/stdin-server.ts
+import { randomUUID } from "crypto";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { z as z7 } from "zod";
+var BEARER_PREFIX2 = "Bearer ";
+function extractBearer(req) {
+  const header = req.headers.authorization;
+  if (typeof header !== "string") {
+    return void 0;
+  }
+  if (!header.startsWith(BEARER_PREFIX2)) {
+    return void 0;
+  }
+  const token = header.slice(BEARER_PREFIX2.length).trim();
+  return token.length > 0 ? token : void 0;
+}
+function buildMcpServer(session) {
+  const server = new McpServer(
+    { name: "hydra-stdin", version: "1.0.0" },
+    {
+      instructions: "Piped input from `hydra cat --stream` is exposed here as a byte stream. Use `tail_stdin` for the latest N bytes (good for finding the end of a log), `head_stdin` for the first N bytes (good for headers/preamble), `read_stdin` for windowed reads against an absolute byte cursor, `wait_for_more` to block until new bytes arrive past a cursor, and `stdin_info` for the current cursors/capacity/closed status. Byte payloads come back base64-encoded."
+    }
+  );
+  server.registerTool(
+    "tail_stdin",
+    {
+      description: "Return the most recent `bytes` bytes of piped stdin (capped server-side, default 64 KiB max). `truncated:true` means older bytes existed but have been evicted from the ring.",
+      inputSchema: {
+        bytes: z7.number().int().min(1).describe("How many trailing bytes to return.")
+      }
+    },
+    async ({ bytes }) => {
+      const r = session.streamTail(bytes);
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(r)
+          }
+        ],
+        structuredContent: r
+      };
+    }
+  );
+  server.registerTool(
+    "head_stdin",
+    {
+      description: "Return the first `bytes` bytes of piped stdin (capped server-side, default 64 KiB max). `truncated:true` means the head has already been evicted from the ring and the returned bytes start at the oldest still-resident cursor.",
+      inputSchema: {
+        bytes: z7.number().int().min(1).describe("How many leading bytes to return.")
+      }
+    },
+    async ({ bytes }) => {
+      const r = session.streamHead(bytes);
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(r)
+          }
+        ],
+        structuredContent: r
+      };
+    }
+  );
+  server.registerTool(
+    "read_stdin",
+    {
+      description: "Read up to `max_bytes` bytes starting at absolute byte `cursor`. Returns `{bytes, nextCursor, gap?, eof?}` \u2014 `gap` is the number of bytes silently skipped because the ring had evicted them; `eof:true` means the producer closed and there is nothing left to read.",
+      inputSchema: {
+        cursor: z7.number().int().min(0).describe(
+          "Absolute byte offset to start reading from. Use 0 to read from the very beginning (may produce a gap if old bytes have been evicted)."
+        ),
+        max_bytes: z7.number().int().min(1).optional().describe(
+          "Optional cap on how many bytes to return. Server caps at 64 KiB regardless."
+        ),
+        wait_ms: z7.number().int().min(0).optional().describe(
+          "If no bytes are available, block up to this many ms for more (capped server-side at 60_000)."
+        )
+      }
+    },
+    async ({ cursor, max_bytes, wait_ms }) => {
+      const r = await session.streamRead(cursor, max_bytes, wait_ms);
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(r)
+          }
+        ],
+        structuredContent: r
+      };
+    }
+  );
+  server.registerTool(
+    "wait_for_more",
+    {
+      description: "Block until bytes are available past `cursor`, the stream closes, or `timeout_ms` elapses. Returns one of {data, eof, timeout} plus the current `writeCursor`. Use this when you've consumed everything up to a cursor and want to wait for more without busy-polling.",
+      inputSchema: {
+        cursor: z7.number().int().min(0).describe("The cursor you've already consumed up to."),
+        timeout_ms: z7.number().int().min(0).describe("Maximum ms to block (server caps at 60_000).")
+      }
+    },
+    async ({ cursor, timeout_ms }) => {
+      const outcome = await session.streamWaitFor(cursor, timeout_ms);
+      const info = session.streamInfo();
+      const payload = { outcome, writeCursor: info.writeCursor, closed: info.closed };
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(payload)
+          }
+        ],
+        structuredContent: payload
+      };
+    }
+  );
+  server.registerTool(
+    "grep_stdin",
+    {
+      description: "Scan piped stdin line-by-line and return lines matching `pattern`. Prefer this over `read_stdin` when the question is 'find lines that mention X' \u2014 it filters server-side so you don't pull and decode 64 KiB base64 windows. Returns `{matches: [{cursor, line, before?, after?}], truncated, nextCursor, gap?, scannedBytes, eof?}`. Lines come back as decoded UTF-8 strings (not base64). When `truncated:true`, re-call with `cursor: nextCursor` to resume.",
+      inputSchema: {
+        pattern: z7.string().min(1).describe(
+          "Search pattern. Treated as a JavaScript regular expression by default (set `regex:false` for a literal substring match)."
+        ),
+        regex: z7.boolean().optional().describe("Default true. Pass false to treat `pattern` as a literal substring."),
+        case_insensitive: z7.boolean().optional().describe("Default false. Pass true for case-insensitive matching."),
+        invert: z7.boolean().optional().describe("Default false. Pass true to return lines that do NOT match the pattern."),
+        max_matches: z7.number().int().min(1).optional().describe("Default 100. Capped server-side at 1000."),
+        max_bytes: z7.number().int().min(1).optional().describe("Default 64 KiB output. Capped server-side at 256 KiB."),
+        context_before: z7.number().int().min(0).optional().describe("Default 0. Number of lines before each match to include (capped at 20)."),
+        context_after: z7.number().int().min(0).optional().describe("Default 0. Number of lines after each match to include (capped at 20)."),
+        cursor: z7.number().int().min(0).optional().describe(
+          "Optional absolute byte offset to start scanning from. Omit to scan from the oldest still-resident byte. Pass the `nextCursor` from a previous truncated call to resume."
+        )
+      }
+    },
+    async (args) => {
+      const opts = { pattern: args.pattern };
+      if (args.regex !== void 0) {
+        opts.regex = args.regex;
+      }
+      if (args.case_insensitive !== void 0) {
+        opts.caseInsensitive = args.case_insensitive;
+      }
+      if (args.invert !== void 0) {
+        opts.invert = args.invert;
+      }
+      if (args.max_matches !== void 0) {
+        opts.maxMatches = args.max_matches;
+      }
+      if (args.max_bytes !== void 0) {
+        opts.maxBytes = args.max_bytes;
+      }
+      if (args.context_before !== void 0) {
+        opts.contextBefore = args.context_before;
+      }
+      if (args.context_after !== void 0) {
+        opts.contextAfter = args.context_after;
+      }
+      if (args.cursor !== void 0) {
+        opts.cursor = args.cursor;
+      }
+      const r = session.streamGrep(opts);
+      const payload = r;
+      return {
+        content: [{ type: "text", text: JSON.stringify(r) }],
+        structuredContent: payload
+      };
+    }
+  );
+  server.registerTool(
+    "stdin_info",
+    {
+      description: "Report cursor / capacity / closed state of the stdin ring. Cheap; safe to call repeatedly.",
+      inputSchema: {}
+    },
+    async () => {
+      const r = session.streamInfo();
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify(r)
+          }
+        ],
+        structuredContent: r
+      };
+    }
+  );
+  return server;
+}
+async function ensureTransport(token, session, registry) {
+  const existing = registry.lookup(token);
+  if (existing?.transport !== void 0) {
+    return existing.transport;
+  }
+  const server = buildMcpServer(session);
+  const transport = new StreamableHTTPServerTransport({
+    sessionIdGenerator: () => randomUUID()
+  });
+  await server.connect(transport);
+  registry.attachTransport(token, server, transport);
+  return transport;
+}
+var SESSION_READY_TIMEOUT_MS = 1e4;
+async function handle(req, reply, registry) {
+  const token = extractBearer(req);
+  if (token === void 0) {
+    reply.code(401).send({ error: "missing bearer token" });
+    return;
+  }
+  const ep = registry.lookup(token);
+  if (ep === void 0) {
+    reply.code(404).send({ error: "unknown stdin token" });
+    return;
+  }
+  let session;
+  if (ep.session !== void 0) {
+    session = ep.session;
+  } else {
+    let timer;
+    const timeout = new Promise((resolve6) => {
+      timer = setTimeout(() => resolve6(void 0), SESSION_READY_TIMEOUT_MS);
+    });
+    const resolved = await Promise.race([
+      ep.sessionReady.catch(() => void 0),
+      timeout
+    ]);
+    if (timer !== void 0) {
+      clearTimeout(timer);
+    }
+    if (resolved === void 0) {
+      reply.code(503).send({ error: "session not ready" });
+      return;
+    }
+    session = resolved;
+  }
+  const transport = await ensureTransport(token, session, registry);
+  reply.hijack();
+  await transport.handleRequest(req.raw, reply.raw, req.body);
+}
+function registerStdinMcpRoutes(app, registry) {
+  const opts = { config: { skipAuth: true } };
+  app.post("/mcp/stdin", opts, async (req, reply) => {
+    await handle(req, reply, registry);
+  });
+  app.get("/mcp/stdin", opts, async (req, reply) => {
+    await handle(req, reply, registry);
+  });
+  app.delete("/mcp/stdin", opts, async (req, reply) => {
+    await handle(req, reply, registry);
+  });
+}
+
 // src/daemon/server.ts
 async function startDaemon(config, serviceToken) {
   ensureLoopbackOrTls(config);
@@ -22756,6 +23438,19 @@ async function startDaemon(config, serviceToken) {
     store: sessionTokenStore,
     rateLimiter: authRateLimiter
   });
+  const stdinMcpRegistry = new StdinMcpRegistry();
+  registerStdinMcpRoutes(app, stdinMcpRegistry);
+  let daemonOriginCached;
+  const getDaemonOrigin = () => {
+    if (daemonOriginCached !== void 0) {
+      return daemonOriginCached;
+    }
+    const addr = app.server.address();
+    const port = addr && typeof addr === "object" ? addr.port : config.daemon.port;
+    const scheme2 = config.daemon.tls ? "https" : "http";
+    daemonOriginCached = `${scheme2}://${config.daemon.host}:${port}`;
+    return daemonOriginCached;
+  };
   registerAcpWsEndpoint(app, {
     validator,
     manager,
@@ -22764,7 +23459,9 @@ async function startDaemon(config, serviceToken) {
     onExtensionVersion: (name, version) => extensions.reportVersion(name, version),
     onTransformerVersion: (name, version) => transformers.reportVersion(name, version),
     transformers,
-    extensionCommands
+    extensionCommands,
+    stdinMcpRegistry,
+    getDaemonOrigin
   });
   await app.listen({ host: config.daemon.host, port: config.daemon.port });
   const address = app.server.address();
@@ -23020,14 +23717,14 @@ async function runDaemonStart(flags = {}) {
   }
   if (flagBool(flags, "foreground")) {
     process.title = "hydra-daemon";
-    const handle = await startDaemon(config, serviceToken);
+    const handle2 = await startDaemon(config, serviceToken);
     process.stdout.write(
       `hydra-acp daemon listening on ${config.daemon.host}:${config.daemon.port}
 `
     );
     const shutdown = async () => {
       process.stdout.write("Shutting down...\n");
-      await handle.shutdown();
+      await handle2.shutdown();
       process.exit(0);
     };
     process.on("SIGINT", () => void shutdown());
@@ -23197,6 +23894,7 @@ init_remote_target();
 init_remote_url();
 init_session();
 init_discovery();
+init_hydra_version();
 import * as fs19 from "fs/promises";
 import * as path14 from "path";
 init_session_row();
@@ -23214,10 +23912,13 @@ async function runSessionsList(opts = {}) {
     process.exit(1);
   }
   const body = await response.json();
+  const sessionsAfterCatFilter = opts.includeCat ? body.sessions : body.sessions.filter(
+    (s) => s.originatingClient?.name !== HYDRA_CAT_CLIENT_NAME
+  );
   const host = opts.host ?? "local";
-  const hostFiltered = host === "all" ? body.sessions : host === "local" ? body.sessions.filter(
+  const hostFiltered = host === "all" ? sessionsAfterCatFilter : host === "local" ? sessionsAfterCatFilter.filter(
     (s) => !s.importedFromMachine || !!s.upstreamSessionId
-  ) : body.sessions.filter(
+  ) : sessionsAfterCatFilter.filter(
     (s) => s.importedFromMachine === host && !s.upstreamSessionId
   );
   if (opts.json) {
@@ -25068,6 +25769,9 @@ function isResponse2(msg) {
   return !("method" in msg) && "id" in msg;
 }
 
+// src/shim/proxy.ts
+init_permission_pick();
+
 // src/core/process-title.ts
 init_bin_name();
 import { writeFileSync as writeFileSync3 } from "fs";
@@ -25152,6 +25856,14 @@ function wireShim({
 }) {
   upstream.onMessage((msg) => {
     tracker.observeFromServer(msg);
+    if (opts.dangerouslySkipPermissions === true && isPermissionRequest(msg)) {
+      void upstream.send({
+        jsonrpc: "2.0",
+        id: msg.id,
+        result: buildApproveResponse(msg.params)
+      });
+      return;
+    }
     maybeReplyToResolvedPermission(msg, tracker, downstream);
     void downstream.send(msg);
   });
@@ -25301,6 +26013,9 @@ async function replayAttach(stream, ctx, afterMessageId) {
 function isSessionNewRequest(msg) {
   return "method" in msg && "id" in msg && msg.id !== void 0 && msg.method === "session/new";
 }
+function isPermissionRequest(msg) {
+  return "method" in msg && "id" in msg && msg.id !== void 0 && msg.method === "session/request_permission";
+}
 function buildAttachFromNew(msg, sessionId) {
   return {
     jsonrpc: "2.0",
@@ -25347,6 +26062,10 @@ init_daemon_bootstrap();
 init_render_update();
 init_types();
 init_hydra_version();
+init_permission_pick();
+import { mkdtempSync, rmSync } from "fs";
+import { tmpdir as tmpdir2 } from "os";
+import { join as join11 } from "path";
 import { WebSocket as WebSocket2 } from "ws";
 
 // src/cli/commands/cat-chunker.ts
@@ -25401,8 +26120,26 @@ function createChunker(opts) {
 }
 
 // src/cli/commands/cat.ts
-var DEFAULT_STREAM_THRESHOLD = 32 * 1024;
-var DEFAULT_STREAM_FILE_CAP = 64 * 1024 * 1024;
+var DEFAULT_STREAM_THRESHOLD = 1 * 1024 * 1024;
+var HYDRA_STDIN_TOOL_PREFIX = "mcp__hydra_stdin__";
+function isHydraStdinPermissionRequest(params) {
+  if (!params || typeof params !== "object") {
+    return false;
+  }
+  const toolCall = params.toolCall;
+  if (!toolCall || typeof toolCall !== "object") {
+    return false;
+  }
+  const title = toolCall.title;
+  if (typeof title === "string" && title.startsWith(HYDRA_STDIN_TOOL_PREFIX)) {
+    return true;
+  }
+  const toolName = toolCall.toolName;
+  if (typeof toolName === "string" && toolName.startsWith(HYDRA_STDIN_TOOL_PREFIX)) {
+    return true;
+  }
+  return false;
+}
 async function runCat(opts) {
   setHydraProcessTitle(buildTitleFromArgv(process.argv.slice(2)));
   if (process.stdin.isTTY && !opts.prompt && !opts.sessionId) {
@@ -25412,6 +26149,18 @@ async function runCat(opts) {
     process.exit(2);
     return;
   }
+  if (!opts.sessionId && opts.cwd === void 0 && process.stdin.isTTY !== true) {
+    const sandbox = mkdtempSync(join11(tmpdir2(), "hydra-cat-"));
+    opts.cwd = sandbox;
+    if (!opts.detach) {
+      process.on("exit", () => {
+        try {
+          rmSync(sandbox, { recursive: true, force: true });
+        } catch {
+        }
+      });
+    }
+  }
   const config = await loadConfig();
   const target = opts.target ?? await resolveLocalTarget(config);
   if (target.isLocal && !opts.target) {
@@ -25435,9 +26184,19 @@ async function runCat(opts) {
 }
 async function runCatLoop(args) {
   const { conn, opts, stdin, stdinIsTty, stdout, stderr } = args;
+  const useAutoStream = !stdinIsTty && opts.sessionId === void 0 && opts.follow !== true;
   conn.setDefaultHandler(async () => {
     return { error: { code: -32601, message: "method not implemented" } };
   });
+  conn.onRequest("session/request_permission", async (params) => {
+    if (opts.dangerouslySkipPermissions) {
+      return buildApproveResponse(params);
+    }
+    if (!isHydraStdinPermissionRequest(params)) {
+      return buildRejectResponse(params);
+    }
+    return buildApproveResponse(params);
+  });
   try {
     await conn.request("initialize", {
       protocolVersion: ACP_PROTOCOL_VERSION,
@@ -25445,11 +26204,11 @@ async function runCatLoop(args) {
         fs: { readTextFile: false, writeTextFile: false },
         terminal: false
       },
-      clientInfo: { name: "hydra-acp-cat", version: HYDRA_VERSION }
+      clientInfo: { name: HYDRA_CAT_CLIENT_NAME, version: HYDRA_VERSION }
     });
   } catch {
   }
-  const sessionId = await openOrAttachSession(conn, opts);
+  const sessionId = await openOrAttachSession(conn, opts, useAutoStream);
   let turnHadOutput = false;
   let lastCharWasNewline = true;
   const writeStdout = (text) => {
@@ -25478,9 +26237,10 @@ async function runCatLoop(args) {
       finalizeTurn();
     }
   });
+  let firstChunkSent = false;
   const sendChunk = async (text) => {
     const promptBlocks = [];
-    if (opts.prompt) {
+    if (opts.prompt && !firstChunkSent) {
       promptBlocks.push({ type: "text", text: opts.prompt });
     }
     if (text.length > 0) {
@@ -25494,6 +26254,7 @@ async function runCatLoop(args) {
         sessionId,
         prompt: promptBlocks
       });
+      firstChunkSent = true;
     } catch (err) {
       stderr(`hydra-acp cat: prompt failed: ${err.message}
 `);
@@ -25552,22 +26313,6 @@ async function runCatLoop(args) {
       }
     }
   };
-  const chunker = createChunker({
-    // setImmediate fires in the libuv "check" phase, after pending
-    // I/O has been polled and any back-to-back "data" events have
-    // been emitted. That makes it the natural hook for "the writer
-    // has paused, time to flush": if more bytes were sitting in the
-    // pipe buffer, Node would have emitted another "data" event
-    // before this fires, and the chunker would detect that and defer.
-    scheduleFlushCheck: (cb) => {
-      const h = setImmediate(cb);
-      return () => clearImmediate(h);
-    },
-    onChunk: (text) => {
-      chunkQueue.push(text);
-      void drainQueue();
-    }
-  });
   if (stdinIsTty && !opts.sessionId) {
     if (opts.prompt) {
       await sendChunk("");
@@ -25575,7 +26320,7 @@ async function runCatLoop(args) {
     await settle(0);
     return done;
   }
-  if (opts.stream && !stdinIsTty) {
+  if (useAutoStream) {
     if (typeof stdin.setEncoding === "function") {
       stdin.setEncoding("utf8");
     }
@@ -25616,15 +26361,49 @@ async function runCatLoop(args) {
   if (typeof stdin.setEncoding === "function") {
     stdin.setEncoding("utf8");
   }
+  const useFollow = opts.follow === true || stdinIsTty && Boolean(opts.sessionId);
+  if (useFollow) {
+    const chunker = createChunker({
+      scheduleFlushCheck: (cb) => {
+        const h = setImmediate(cb);
+        return () => clearImmediate(h);
+      },
+      onChunk: (text) => {
+        chunkQueue.push(text);
+        void drainQueue();
+      }
+    });
+    stdin.on("data", (data) => {
+      chunker.feed(typeof data === "string" ? data : data.toString("utf8"));
+    });
+    stdin.on("end", () => {
+      chunker.eof();
+      stdinEnded = true;
+      if (!draining && chunkQueue.length === 0) {
+        void settle(exitCode);
+      }
+    });
+    stdin.on("error", (err) => {
+      stderr(`hydra-acp cat: stdin error: ${err.message}
+`);
+      exitCode = 1;
+      stdinEnded = true;
+      if (!draining && chunkQueue.length === 0) {
+        void settle(exitCode);
+      }
+    });
+    return done;
+  }
+  let oneShotBuffer = "";
   stdin.on("data", (data) => {
-    chunker.feed(typeof data === "string" ? data : data.toString("utf8"));
+    oneShotBuffer += typeof data === "string" ? data : data.toString("utf8");
   });
   stdin.on("end", () => {
-    chunker.eof();
     stdinEnded = true;
-    if (!draining && chunkQueue.length === 0) {
-      void settle(exitCode);
+    if (oneShotBuffer.length > 0) {
+      chunkQueue.push(oneShotBuffer);
     }
+    void drainQueue();
   });
   stdin.on("error", (err) => {
     stderr(`hydra-acp cat: stdin error: ${err.message}
@@ -25677,12 +26456,11 @@ function runStreamingPath(args) {
     try {
       const openParams = {
         sessionId,
-        mode: "file"
+        mode: "memory"
       };
       if (opts.streamBufferBytes !== void 0) {
         openParams.capacityBytes = opts.streamBufferBytes;
       }
-      openParams.fileCapBytes = opts.streamFileCapBytes ?? DEFAULT_STREAM_FILE_CAP;
       open2 = await conn.request("hydra-acp/stream_open", openParams);
     } catch (err) {
       args.onPromptFailed(
@@ -25690,23 +26468,12 @@ function runStreamingPath(args) {
       );
       return;
     }
-    const filePath = open2.filePath;
-    if (filePath === void 0) {
-      args.onPromptFailed(
-        new Error("daemon did not return a filePath for stream mode")
-      );
-      return;
-    }
     if (headBuffer.length > 0) {
       writeToStream(headBuffer, false);
       headBuffer = Buffer.alloc(0);
     }
     await writeChain.catch(() => void 0);
-    const promptText = buildStreamPromptText(
-      opts.prompt,
-      filePath,
-      opts.streamFileCapBytes ?? DEFAULT_STREAM_FILE_CAP
-    );
+    const promptText = buildStreamPromptText(opts.prompt, open2.capacityBytes);
     const promptDone = conn.request("session/prompt", {
       sessionId,
       prompt: [{ type: "text", text: promptText }]
@@ -25749,22 +26516,35 @@ function runStreamingPath(args) {
   });
   stdin.on("error", args.onError);
 }
-function buildStreamPromptText(standing, filePath, fileCapBytes) {
-  const capHuman = fileCapBytes >= 1024 * 1024 ? `${(fileCapBytes / (1024 * 1024)).toFixed(0)} MB` : `${(fileCapBytes / 1024).toFixed(0)} KB`;
-  const note = `Stdin is being streamed to ${filePath}. The file is being appended to live; use whatever shell tools fit (\`tail -f\`, \`head\`, \`grep\`, \`wc -l\`, etc.). Soft cap ${capHuman} \u2014 if more is written past that, older bytes are dropped.`;
+function buildStreamPromptText(standing, ringCapacityBytes) {
+  const capHuman = ringCapacityBytes >= 1024 * 1024 ? `${(ringCapacityBytes / (1024 * 1024)).toFixed(0)} MB` : `${(ringCapacityBytes / 1024).toFixed(0)} KB`;
+  const toolNote = `The user has piped data into this session. The bytes are NOT in your prompt; they live in the \`hydra_stdin\` MCP server and you read them via its tools:
+- \`stdin_info()\` \u2014 current writeCursor / oldestAvailable / capacity / closed. Cheap; call first to see how much data is there.
+- \`grep_stdin({pattern, regex?, case_insensitive?, context_before?, context_after?, cursor?})\` \u2014 server-side line filter; returns matching lines as decoded strings (not base64). Prefer this for "find lines that mention X" questions on multi-MB inputs.
+- \`head_stdin({bytes})\` \u2014 first N bytes (good for headers / preamble / file signatures).
+- \`tail_stdin({bytes})\` \u2014 most recent N bytes (good for log endings / recent errors).
+- \`read_stdin({cursor, max_bytes, wait_ms})\` \u2014 windowed read at an absolute byte cursor; iterate to sweep the whole stream.
+- \`wait_for_more({cursor, timeout_ms})\` \u2014 block for new bytes past a cursor (only useful for live tails).
+
+Byte payloads (head/tail/read) come back base64-encoded \u2014 decode before reading them as text. \`grep_stdin\` returns plain strings. The ring holds the most recent ~${capHuman}; older bytes are evicted, and the byte tools report the gap when that happens. Per-call cap is 64 KiB for byte tools; loop \`read_stdin\` (advancing the cursor by \`nextCursor\`) when you need more.`;
   if (standing && standing.length > 0) {
-    return `${standing}
+    return `${toolNote}
 
-${note}`;
+Use those tools NOW to answer the user's question \u2014 do not ask whether to check stdin; just check it. Pick the right tool for the question (grep_stdin for finding specific lines, head for preamble / file type, tail for recent events, read_stdin + cursor sweep for whole-stream scans), then answer.
+
+User's question:
+${standing}`;
   }
-  return note;
+  return `${toolNote}
+
+Use those tools to inspect the piped input and report what's there. Start with \`stdin_info()\` to see the size, then \`head_stdin\` and/or \`tail_stdin\` to look at the bytes.`;
 }
-async function openOrAttachSession(conn, opts) {
+async function openOrAttachSession(conn, opts, useAutoStream) {
   if (opts.sessionId) {
     const attached = await conn.request("session/attach", {
       sessionId: opts.sessionId,
       historyPolicy: "pending_only",
-      clientInfo: { name: "hydra-acp-cat", version: HYDRA_VERSION }
+      clientInfo: { name: HYDRA_CAT_CLIENT_NAME, version: HYDRA_VERSION }
     });
     return attached.sessionId;
   }
@@ -25775,6 +26555,9 @@ async function openOrAttachSession(conn, opts) {
   if (opts.model) {
     hydraMeta.model = opts.model;
   }
+  if (useAutoStream) {
+    hydraMeta.mcpStdin = true;
+  }
   const cwd = opts.cwd ?? process.cwd();
   const params = { cwd };
   if (opts.agentId) {
@@ -25806,6 +26589,16 @@ async function openWs2(url, subprotocols) {
 // src/cli.ts
 init_update_check();
 var suppressUpdateNotice = false;
+var dangerousNoticePrinted = false;
+function warnIfDangerouslySkipping(active) {
+  if (!active || dangerousNoticePrinted) {
+    return;
+  }
+  dangerousNoticePrinted = true;
+  process.stderr.write(
+    "hydra-acp: --dangerously-skip-permissions is set \u2014 all tool permission requests will be auto-approved.\n"
+  );
+}
 async function main() {
   const argv = process.argv.slice(2);
   const launchIdx = argv.indexOf("launch");
@@ -25838,11 +26631,14 @@ async function main() {
     const name2 = resolveOption(flags2, "name");
     const model2 = resolveOption(flags2, "model");
     suppressUpdateNotice = true;
+    const dangerous = flags2["dangerously-skip-permissions"] === true;
+    warnIfDangerouslySkipping(dangerous);
     const shimOpts = {
       agentId,
       agentArgs,
       name: name2,
-      model: model2
+      model: model2,
+      dangerouslySkipPermissions: dangerous
     };
     if (resolved2?.sessionId !== void 0) {
       shimOpts.sessionId = resolved2.sessionId;
@@ -25868,6 +26664,8 @@ async function main() {
   const name = resolveOption(flags, "name");
   const agentIdFromFlag = resolveOption(flags, "agent");
   const model = resolveOption(flags, "model");
+  const dangerouslySkipPermissions = flags["dangerously-skip-permissions"] === true;
+  warnIfDangerouslySkipping(dangerouslySkipPermissions);
   const sessionInput = readSessionInput(flags);
   const interactive = subcommand === "tui" || subcommand === void 0 && process.stdout.isTTY;
   const resolved = await resolveSessionFlagOrExit(sessionInput, {
@@ -25889,7 +26687,8 @@ async function main() {
         agentId: agentIdFromFlag,
         name,
         model,
-        target: sessionTarget
+        target: sessionTarget,
+        dangerouslySkipPermissions
       });
       return;
     }
@@ -25897,7 +26696,8 @@ async function main() {
     const shimOpts = {
       name,
       model,
-      agentId: agentIdFromFlag
+      agentId: agentIdFromFlag,
+      dangerouslySkipPermissions
     };
     if (sessionId !== void 0) {
       shimOpts.sessionId = sessionId;
@@ -25914,7 +26714,8 @@ async function main() {
       const shimOpts = {
         name,
         model,
-        agentId: agentIdFromFlag
+        agentId: agentIdFromFlag,
+        dangerouslySkipPermissions
       };
       if (sessionId !== void 0) {
         shimOpts.sessionId = sessionId;
@@ -25937,7 +26738,8 @@ async function main() {
         model,
         agentId: agentIdFromFlag,
         detach: flags.detach === true,
-        stream: flags.stream === true
+        follow: flags.follow === true,
+        dangerouslySkipPermissions
       };
       if (cwd !== void 0) {
         catOpts.cwd = cwd;
@@ -25953,10 +26755,6 @@ async function main() {
       if (streamBufferBytes !== void 0) {
         catOpts.streamBufferBytes = streamBufferBytes;
       }
-      const streamFileCap = parseNumericFlag(flags, "stream-file-cap");
-      if (streamFileCap !== void 0) {
-        catOpts.streamFileCapBytes = streamFileCap;
-      }
       suppressUpdateNotice = true;
       await runCat(catOpts);
       return;
@@ -26000,7 +26798,8 @@ async function main() {
         await runSessionsList({
           all: flags.all === true,
           json: flags.json === true,
-          host: typeof flags.host === "string" ? flags.host : void 0
+          host: typeof flags.host === "string" ? flags.host : void 0,
+          includeCat: flags["include-cat"] === true
         });
         return;
       }
@@ -26182,7 +26981,8 @@ async function main() {
         agentId: agentIdFromFlag,
         name,
         model,
-        target: sessionTarget
+        target: sessionTarget,
+        dangerouslySkipPermissions
       });
       return;
     default:
@@ -26224,6 +27024,9 @@ async function dispatchTui(flags, base) {
   if (base.target !== void 0) {
     tuiOpts.target = base.target;
   }
+  if (base.dangerouslySkipPermissions === true) {
+    tuiOpts.dangerouslySkipPermissions = true;
+  }
   await runTui(tuiOpts);
 }
 function parseNumericFlag(flags, name) {
@@ -26325,15 +27128,17 @@ function printHelp() {
       "  --reattach                         Pick the most-recent session for the current cwd.",
       "  --new                              Force a fresh session.",
       "  --readonly                         Open a session as a transcript viewer (requires --session).",
+      "  --dangerously-skip-permissions     Auto-approve every tool permission request (tui / shim / launch / cat).",
       "  HYDRA_ACP_SESSION                  Env var equivalent of --session (flag wins).",
       "  hydra-acp init [--rotate-token]    Initialize ~/.hydra-acp/config.json",
       "  hydra-acp daemon [status]          Show daemon pid/version (default when no subcommand)",
       "  hydra-acp daemon start [--foreground]   Start daemon (detached by default; --foreground to attach)",
       "  hydra-acp daemon stop|restart",
       "  hydra-acp daemon logs [-f] [-n N]  Tail or follow the daemon log",
-      "  hydra-acp session [list] [--all] [--json] [--host=<host>]",
+      "  hydra-acp session [list] [--all] [--json] [--host=<host>] [--include-cat]",
       "                                     List sessions (live + 20 most-recent cold; --all for everything; --json emits JSON for scripts).",
       "                                     --host filters by origin machine: 'local' (default) shows only sessions created here, 'all' shows everything, or pass a hostname (e.g. machine-b) to show only imports from that peer.",
+      "                                     --include-cat surfaces sessions spawned by `hydra cat` (hidden by default).",
       "  hydra-acp session kill <id>        Demote a live session to cold (keeps the on-disk record)",
       "  hydra-acp session remove <id>      Remove a session entirely (live or cold)",
       "  hydra-acp session export <id> [--out <file>|.]",