@hydra-acp/cli 0.1.51 → 0.1.53

package/dist/index.js

@@ -18,7 +18,7 @@ import pino from "pino";
 import createPinoRoll from "pino-roll";
 
 // src/core/config.ts
-import * as fs2 from "fs/promises";
+import * as fs3 from "fs/promises";
 import { homedir as homedir2 } from "os";
 import { z } from "zod";
 
@@ -156,6 +156,70 @@ async function ensureServiceToken() {
   return token;
 }
 
+// src/core/json-store.ts
+import * as fs2 from "fs/promises";
+import * as fsSync from "fs";
+import { randomBytes } from "crypto";
+async function writeJsonAtomic(filePath, data, opts = {}) {
+  const pretty = opts.pretty ?? true;
+  const body = (pretty ? JSON.stringify(data, null, 2) : JSON.stringify(data)) + "\n";
+  await writeFileAtomic(filePath, body, opts);
+}
+async function writeFileAtomic(filePath, body, opts = {}) {
+  const dir = dirname(filePath);
+  await fs2.mkdir(dir, { recursive: true });
+  const tmp = `${filePath}.tmp-${process.pid}-${randSuffix()}`;
+  try {
+    const writeOpts = {
+      encoding: "utf8"
+    };
+    if (opts.mode !== void 0) {
+      writeOpts.mode = opts.mode;
+    }
+    await fs2.writeFile(tmp, body, writeOpts);
+    await fs2.rename(tmp, filePath);
+  } catch (err) {
+    await fs2.unlink(tmp).catch(() => void 0);
+    throw err;
+  }
+  if (opts.mode !== void 0) {
+    try {
+      fsSync.chmodSync(filePath, opts.mode);
+    } catch {
+    }
+  }
+}
+async function readJsonSafe(filePath) {
+  let raw;
+  try {
+    raw = await fs2.readFile(filePath, "utf8");
+  } catch (err) {
+    const e = err;
+    if (e.code === "ENOENT") {
+      return void 0;
+    }
+    throw err;
+  }
+  if (raw.trim().length === 0) {
+    return void 0;
+  }
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return void 0;
+  }
+}
+function dirname(p) {
+  const slash = p.lastIndexOf("/");
+  if (slash <= 0) {
+    return ".";
+  }
+  return p.slice(0, slash);
+}
+function randSuffix() {
+  return randomBytes(4).toString("hex");
+}
+
 // src/core/config.ts
 var REGISTRY_URL_DEFAULT = "https://cdn.agentclientprotocol.com/registry/v1/latest/registry.json";
 var TlsConfig = z.object({
@@ -184,7 +248,13 @@ var DaemonConfig = z.object({
   // tunnel (ngrok) or VPN (Tailscale) under a different name. The
   // `--host` flag on `share` overrides this; omitting both falls
   // back to `daemon.host`, then to "127.0.0.1" with a stderr warning.
-  publicHost: z.string().optional()
+  publicHost: z.string().optional(),
+  // How often (minutes) the daemon runs `agent sync` against every
+  // installed (non-uvx) agent in the background, picking up sessions
+  // created outside hydra so the picker can resurrect them. Spawns
+  // are staggered across the window — N agents on a 60-minute interval
+  // mean one agent spawn every 60/N minutes. Set 0 to disable entirely.
+  agentSyncIntervalMinutes: z.number().nonnegative().default(60)
 });
 var RegistryConfig = z.object({
   url: z.string().url().default(REGISTRY_URL_DEFAULT),
@@ -239,7 +309,22 @@ var TuiConfig = z.object({
   // shared across all sessions; it's append-only on disk, so long-lived
   // installs can grow past this — it's enforced at load time and per
   // append in memory.
-  promptHistoryMaxEntries: z.number().int().positive().default(2e3)
+  promptHistoryMaxEntries: z.number().int().positive().default(2e3),
+  // How edit-style tool calls (Edit, Write, str_replace) render in
+  // scrollback, *in addition to* the normal tool row inside the tools
+  // block.
+  //   "none" — nothing extra; the collapsed tool row is the only signal.
+  //   "edit" (default) — a one-line scrollback mark naming the file
+  //     that was touched, so the user can scroll back and see which
+  //     files moved without expanding the tools block. Suppressed on
+  //     tool-only turns (no agent prose) since the marks would only
+  //     duplicate the still-visible tool rows.
+  //   "diff" — same mark plus a syntax-highlighted unified diff body,
+  //     Claude Code's Update(file) look.
+  // The diff payload is extracted from the ACP wire (content[]
+  // type:"diff" entries, falling back to rawInput shapes), so any agent
+  // that emits one of those shapes gets the treatment.
+  showFileUpdates: z.enum(["none", "edit", "diff"]).default("edit")
 });
 var ExtensionName = z.string().min(1).regex(/^[A-Za-z0-9._-]+$/, "extension name must be filename-safe");
 var ExtensionBody = z.object({
@@ -294,7 +379,8 @@ var HydraConfig = z.object({
     progressIndicator: true,
     defaultEnterAction: "amend",
     showThoughts: true,
-    promptHistoryMaxEntries: 2e3
+    promptHistoryMaxEntries: 2e3,
+    showFileUpdates: "edit"
   })
 });
 function extensionList(config) {
@@ -310,17 +396,8 @@ function transformerList(config) {
   }));
 }
 async function readConfigFile() {
-  let raw;
-  try {
-    raw = await fs2.readFile(paths.config(), "utf8");
-  } catch (err) {
-    const e = err;
-    if (e.code === "ENOENT") {
-      return {};
-    }
-    throw err;
-  }
-  return JSON.parse(raw);
+  const parsed = await readJsonSafe(paths.config());
+  return parsed ?? {};
 }
 async function migrateLegacyAuthToken() {
   const raw = await readConfigFile();
@@ -331,7 +408,7 @@ async function migrateLegacyAuthToken() {
   }
   let tokenFileExists = false;
   try {
-    await fs2.access(paths.authToken());
+    await fs3.access(paths.authToken());
     tokenFileExists = true;
   } catch (err) {
     const e = err;
@@ -349,10 +426,7 @@ async function migrateLegacyAuthToken() {
   if (Object.keys(daemon).length === 0) {
     delete raw.daemon;
   }
-  await fs2.writeFile(paths.config(), JSON.stringify(raw, null, 2) + "\n", {
-    encoding: "utf8",
-    mode: 384
-  });
+  await writeJsonAtomic(paths.config(), raw, { mode: 384 });
   process.stderr.write(
     `hydra-acp: migrated auth token from ${paths.config()} to ${paths.authToken()}.
 `
@@ -363,11 +437,7 @@ async function loadConfig() {
   return HydraConfig.parse(await readConfigFile());
 }
 async function writeConfig(config) {
-  await fs2.mkdir(paths.home(), { recursive: true });
-  await fs2.writeFile(paths.config(), JSON.stringify(config, null, 2) + "\n", {
-    encoding: "utf8",
-    mode: 384
-  });
+  await writeJsonAtomic(paths.config(), config, { mode: 384 });
 }
 function defaultConfig() {
   return HydraConfig.parse({});
@@ -386,11 +456,12 @@ function expandHome(p) {
 }
 
 // src/core/registry.ts
-import * as fs4 from "fs/promises";
+import * as fs5 from "fs/promises";
+import * as path4 from "path";
 import { z as z2 } from "zod";
 
 // src/core/binary-install.ts
-import * as fs3 from "fs";
+import * as fs4 from "fs";
 import * as fsp from "fs/promises";
 import * as path2 from "path";
 import { spawn } from "child_process";
@@ -523,7 +594,7 @@ async function downloadTo(args) {
     );
   }
   const total = Number(response.headers.get("content-length") ?? "0");
-  const out = fs3.createWriteStream(dest);
+  const out = fs4.createWriteStream(dest);
   const nodeStream = Readable.fromWeb(response.body);
   safeEmit(args.onProgress, {
     phase: "download_start",
@@ -554,10 +625,10 @@ async function downloadTo(args) {
       logSink(formatProgress(args.agentId, received, total));
     }
   });
-  await new Promise((resolve3, reject) => {
+  await new Promise((resolve4, reject) => {
     nodeStream.on("error", reject);
     out.on("error", reject);
-    out.on("finish", () => resolve3());
+    out.on("finish", () => resolve4());
     nodeStream.pipe(out);
   });
   logSink(formatProgress(
@@ -609,14 +680,14 @@ async function extract(archivePath, dest) {
   throw new Error(`Unsupported archive format: ${archivePath}`);
 }
 function run(cmd, args) {
-  return new Promise((resolve3, reject) => {
+  return new Promise((resolve4, reject) => {
     const child = spawn(cmd, args, {
       stdio: ["ignore", "ignore", "inherit"]
     });
     child.on("error", reject);
     child.on("exit", (code, signal) => {
       if (code === 0) {
-        resolve3();
+        resolve4();
         return;
       }
       reject(
@@ -628,11 +699,11 @@ function run(cmd, args) {
   });
 }
 async function hasCommand(name) {
-  return new Promise((resolve3) => {
+  return new Promise((resolve4) => {
     const finder = process.platform === "win32" ? "where" : "which";
     const child = spawn(finder, [name], { stdio: "ignore" });
-    child.on("error", () => resolve3(false));
-    child.on("exit", (code) => resolve3(code === 0));
+    child.on("error", () => resolve4(false));
+    child.on("exit", (code) => resolve4(code === 0));
   });
 }
 async function fileExists(p) {
@@ -759,7 +830,7 @@ function runNpmInstall(args) {
 }
 async function runNpmInstallOnce(args, attempt) {
   try {
-    await new Promise((resolve3, reject) => {
+    await new Promise((resolve4, reject) => {
       const registryArgs = args.registry ? ["--registry", args.registry] : [];
       let child;
       try {
@@ -801,7 +872,7 @@ async function runNpmInstallOnce(args, attempt) {
       });
       child.on("exit", (code, signal) => {
         if (code === 0) {
-          resolve3();
+          resolve4();
           return;
         }
         const reason = code !== null ? `exit code ${code}` : `signal ${signal ?? "unknown"}`;
@@ -988,6 +1059,13 @@ var Registry = class {
     await this.writeDiskCache(fresh);
     return fresh.data;
   }
+  // Epoch ms of the last successful registry fetch (in-memory or
+  // disk). Returns undefined before load()/refresh() has populated the
+  // cache. Used by `/v1/agents` to surface "synced N minutes ago" in
+  // the CLI without exposing the full cache shape.
+  lastFetchedAt() {
+    return this.cache?.fetchedAt;
+  }
   async getAgent(id) {
     const doc = await this.load();
     const exact = doc.agents.find((a) => a.id === id);
@@ -1016,54 +1094,26 @@ var Registry = class {
     return cached;
   }
   async readDiskCache() {
-    let text;
-    try {
-      text = await fs4.readFile(paths.registryCache(), "utf8");
-    } catch (err) {
-      const e = err;
-      if (e.code === "ENOENT") {
-        return void 0;
-      }
-      throw err;
+    const parsed = await readJsonSafe(
+      paths.registryCache()
+    );
+    if (!parsed || typeof parsed.fetchedAt !== "number" || parsed.data === void 0) {
+      return void 0;
     }
     try {
-      const parsed = JSON.parse(text);
-      if (typeof parsed.fetchedAt !== "number" || parsed.data === void 0) {
-        return void 0;
-      }
       const data = RegistryDocument.parse(parsed.data);
       return { fetchedAt: parsed.fetchedAt, raw: parsed.data, data };
     } catch {
       return void 0;
     }
   }
-  // Atomic write: dump to a sibling temp path, then rename onto the
-  // target. POSIX rename is atomic within a filesystem, so readers
-  // either see the old file or the fully-written new file — never a
-  // truncated middle. This also makes simultaneous writers safe
-  // without a lock file: the loser of the rename race just gets its
-  // version replaced by the winner's.
   async writeDiskCache(cache) {
-    await fs4.mkdir(paths.home(), { recursive: true });
-    const final = paths.registryCache();
-    const tmp = `${final}.tmp-${process.pid}-${randSuffix()}`;
-    const body = JSON.stringify(
-      { fetchedAt: cache.fetchedAt, data: cache.raw },
-      null,
-      2
-    ) + "\n";
-    try {
-      await fs4.writeFile(tmp, body, "utf8");
-      await fs4.rename(tmp, final);
-    } catch (err) {
-      await fs4.unlink(tmp).catch(() => void 0);
-      throw err;
-    }
+    await writeJsonAtomic(paths.registryCache(), {
+      fetchedAt: cache.fetchedAt,
+      data: cache.raw
+    });
   }
 };
-function randSuffix() {
-  return Math.random().toString(36).slice(2, 10);
-}
 function npxPackageBasename(agent) {
   const pkg = agent.distribution.npx?.package;
   if (!pkg) {
@@ -1074,6 +1124,46 @@ function npxPackageBasename(agent) {
   const atIdx = afterSlash.lastIndexOf("@");
   return atIdx <= 0 ? afterSlash : afterSlash.slice(0, atIdx);
 }
+async function agentInstallState(agent) {
+  const platformKey = currentPlatformKey();
+  if (!platformKey) {
+    return "no";
+  }
+  const version = agent.version ?? "current";
+  if (agent.distribution.binary) {
+    const target = pickBinaryTarget(agent.distribution.binary, platformKey);
+    if (target?.cmd) {
+      const cmdPath = path4.resolve(
+        paths.agentInstallDir(agent.id, platformKey, version),
+        target.cmd
+      );
+      if (await fileExists3(cmdPath)) {
+        return "yes";
+      }
+    }
+  }
+  if (agent.distribution.npx) {
+    const npx = agent.distribution.npx;
+    const bin = npx.bin ?? npxPackageBasename(agent) ?? npx.package;
+    const installDir = paths.agentNpmInstallDir(agent.id, platformKey, version);
+    const binPath = path4.join(installDir, "node_modules", ".bin", bin);
+    if (await fileExists3(binPath)) {
+      return "yes";
+    }
+  }
+  if (!agent.distribution.npx && !agent.distribution.binary && agent.distribution.uvx) {
+    return "lazy";
+  }
+  return "no";
+}
+async function fileExists3(p) {
+  try {
+    await fs5.access(p);
+    return true;
+  } catch {
+    return false;
+  }
+}
 async function planSpawn(agent, callerArgs = [], options = {}) {
   const version = agent.version ?? "current";
   if (agent.distribution.npx) {
@@ -1422,6 +1512,11 @@ var SessionListEntry = z3.object({
   importedFromUpstreamSessionId: z3.string().optional(),
   // Set when this session was spawned as a child by a transformer.
   parentSessionId: z3.string().optional(),
+  // Local-fork breadcrumbs set by hydra-acp/fork_session. Distinct from
+  // the imported* family above: a fork is a local branch off another
+  // local session, an import is a cross-machine takeover.
+  forkedFromSessionId: z3.string().optional(),
+  forkedFromMessageId: z3.string().optional(),
   // clientInfo from the process that issued session/new. Lets list views
   // hide cat-style ancillary sessions by default while letting an
   // override flag surface them.
@@ -1689,13 +1784,13 @@ function ndjsonStreamFromStdio(stdout, stdin) {
         throw new Error("stream is closed");
       }
       const line = JSON.stringify(message) + "\n";
-      await new Promise((resolve3, reject) => {
+      await new Promise((resolve4, reject) => {
         stdin.write(line, (err) => {
           if (err) {
             reject(err);
             return;
           }
-          resolve3();
+          resolve4();
         });
       });
     },
@@ -1787,9 +1882,9 @@ var JsonRpcConnection = class _JsonRpcConnection {
     }
     const id = nanoid();
     const message = { jsonrpc: "2.0", id, method, params };
-    const response = new Promise((resolve3, reject) => {
+    const response = new Promise((resolve4, reject) => {
       this.pending.set(id, {
-        resolve: (result) => resolve3(result),
+        resolve: (result) => resolve4(result),
         reject
       });
       this.stream.send(message).catch((err) => {
@@ -2019,7 +2114,7 @@ stderr: ${tail}` : reason;
 };
 
 // src/core/session-manager.ts
-import * as fs10 from "fs/promises";
+import * as fs11 from "fs/promises";
 import * as os2 from "os";
 import { customAlphabet as customAlphabet3 } from "nanoid";
 
@@ -2216,14 +2311,14 @@ var SessionStreamBuffer = class {
     if (cap === 0) {
       return Promise.resolve("timeout");
     }
-    return new Promise((resolve3) => {
+    return new Promise((resolve4) => {
       const waiter = {
         resolve: (outcome) => {
           if (waiter.timer !== void 0) {
             clearTimeout(waiter.timer);
             waiter.timer = void 0;
           }
-          resolve3(outcome);
+          resolve4(outcome);
         },
         timer: setTimeout(() => {
           const idx = this.waiters.indexOf(waiter);
@@ -2231,7 +2326,7 @@ var SessionStreamBuffer = class {
             this.waiters.splice(idx, 1);
           }
           waiter.timer = void 0;
-          resolve3("timeout");
+          resolve4("timeout");
         }, cap)
       };
       this.waiters.push(waiter);
@@ -2434,8 +2529,8 @@ var SessionStreamBuffer = class {
     return out;
   }
   scheduleFileWrite(chunk) {
-    const path13 = this.filePath;
-    if (path13 === void 0) {
+    const path14 = this.filePath;
+    if (path14 === void 0) {
       return;
     }
     if (this.fileCapReached) {
@@ -2450,7 +2545,7 @@ var SessionStreamBuffer = class {
     const slice = chunk.length <= remaining ? chunk : chunk.subarray(0, remaining);
     this.fileBytesWritten += slice.length;
     const willHitCap = this.fileBytesWritten >= this.fileCapBytes;
-    this.fileWriteChain = this.fileWriteChain.then(() => fsp3.appendFile(path13, slice)).catch((err) => {
+    this.fileWriteChain = this.fileWriteChain.then(() => fsp3.appendFile(path14, slice)).catch((err) => {
       this.logWriteError?.(err);
     });
     if (willHitCap && !this.fileCapReached) {
@@ -2499,22 +2594,22 @@ function hydraCommandsAsAdvertised() {
 }
 
 // src/core/queue-store.ts
-import * as fs5 from "fs/promises";
+import * as fs6 from "fs/promises";
 async function rewriteQueue(sessionId, entries) {
   const file = paths.queueFile(sessionId);
   if (entries.length === 0) {
-    await fs5.unlink(file).catch(() => void 0);
+    await fs6.unlink(file).catch(() => void 0);
     return;
   }
-  await fs5.mkdir(paths.sessionDir(sessionId), { recursive: true });
+  await fs6.mkdir(paths.sessionDir(sessionId), { recursive: true });
   const body = entries.map((e) => JSON.stringify(e)).join("\n") + "\n";
-  await fs5.writeFile(file, body, "utf8");
+  await fs6.writeFile(file, body, "utf8");
 }
 async function loadQueue(sessionId) {
   const file = paths.queueFile(sessionId);
   let text;
   try {
-    text = await fs5.readFile(file, "utf8");
+    text = await fs6.readFile(file, "utf8");
   } catch (err) {
     if (err.code === "ENOENT") {
       return [];
@@ -2536,7 +2631,7 @@ async function loadQueue(sessionId) {
 }
 async function deleteQueue(sessionId) {
   const file = paths.queueFile(sessionId);
-  await fs5.unlink(file).catch(() => void 0);
+  await fs6.unlink(file).catch(() => void 0);
 }
 
 // src/core/session.ts
@@ -2568,6 +2663,8 @@ var Session = class {
   agentCapabilities;
   agentArgs;
   parentSessionId;
+  forkedFromSessionId;
+  forkedFromMessageId;
   originatingClient;
   title;
   // Snapshot state delivered to attaching clients via the attach
@@ -2596,6 +2693,13 @@ var Session = class {
   // enqueue) and leave the file out of sync with in-memory state.
   queueWriteChain = Promise.resolve();
   closed = false;
+  // Set true at the start of close() / markClosed before any await yields.
+  // drainQueue checks this between iterations and bails out, so a queued
+  // entry can't be promoted to currentEntry (with its prompt_received and
+  // synthesized turn_complete(interrupted)) while the session is tearing
+  // down. markClosed sweeps the remaining queue with the normal abandoned
+  // / cancelled handling.
+  closing = false;
   closeHandlers = [];
   titleHandlers = [];
   // Subscribers notified after every entry that's actually persisted to
@@ -2723,6 +2827,8 @@ var Session = class {
     this.agentCapabilities = init.agentCapabilities;
     this.agentArgs = init.agentArgs;
     this.parentSessionId = init.parentSessionId;
+    this.forkedFromSessionId = init.forkedFromSessionId;
+    this.forkedFromMessageId = init.forkedFromMessageId;
     this.originatingClient = init.originatingClient;
     this.title = init.title;
     this.currentModel = init.currentModel;
@@ -2863,7 +2969,7 @@ var Session = class {
         const claimIdx = i;
         const claimEnvelope = envelope;
         const claimOriginatedBy = new Set(originatedBy);
-        await new Promise((resolve3) => {
+        await new Promise((resolve4) => {
           const timer = setTimeout(() => {
             if (this.pendingClaims.delete(token)) {
               this.broadcastQueueNotification(
@@ -2874,14 +2980,14 @@ var Session = class {
                 claimEnvelope,
                 /* @__PURE__ */ new Set([...claimOriginatedBy, t.name]),
                 claimIdx + 1
-              ).then(resolve3);
+              ).then(resolve4);
             }
           }, TRANSFORMER_CLAIM_TIMEOUT_MS);
           if (typeof timer.unref === "function") {
             timer.unref();
           }
           this.pendingClaims.set(token, {
-            resolve: () => resolve3(),
+            resolve: () => resolve4(),
             timer,
             transformerName: t.name,
             method: "session/update",
@@ -3721,7 +3827,7 @@ var Session = class {
         const claimIdx = i;
         const claimEnvelope = envelope;
         const claimOriginatedBy = new Set(originatedBy);
-        return new Promise((resolve3) => {
+        return new Promise((resolve4) => {
           const timer = setTimeout(() => {
             if (this.pendingClaims.delete(token)) {
               this.broadcastQueueNotification(
@@ -3733,14 +3839,14 @@ var Session = class {
                 claimEnvelope,
                 /* @__PURE__ */ new Set([...claimOriginatedBy, t.name]),
                 claimIdx + 1
-              ).then(resolve3).catch(() => resolve3(defaultStopPayload(method)));
+              ).then(resolve4).catch(() => resolve4(defaultStopPayload(method)));
             }
           }, TRANSFORMER_CLAIM_TIMEOUT_MS);
           if (typeof timer.unref === "function") {
             timer.unref();
           }
           this.pendingClaims.set(token, {
-            resolve: resolve3,
+            resolve: resolve4,
             timer,
             transformerName: t.name,
             method,
@@ -3831,6 +3937,7 @@ var Session = class {
     if (this.closed) {
       return;
     }
+    this.closing = true;
     this.logger?.info(
       `session ${this.sessionId} closing deleteRecord=${opts.deleteRecord ?? false} regenTitle=${opts.regenTitle ?? false}`
     );
@@ -4493,12 +4600,12 @@ ${text}
       } else {
         const inList = current ? models.some((m) => m.modelId === current) : true;
         const lines = models.map((m) => {
-          const marker = m.modelId === current ? " \u25C0" : "";
+          const marker = m.modelId === current ? "\u25B6 " : "  ";
           const desc = m.name && m.name !== m.modelId ? `  ${m.name}` : "";
-          return `${m.modelId}${marker}${desc}`;
+          return `${marker}${m.modelId}${desc}`;
         });
         if (!inList && current) {
-          lines.unshift(`${current} \u25C0`);
+          lines.unshift(`\u25B6 ${current}`);
         }
         body = lines.join("\n");
       }
@@ -4962,21 +5069,22 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
     if (this.closed) {
       return;
     }
+    this.closing = true;
     this.closed = true;
     this.cancelIdleTimer();
     if (this.extensionCommandsUnsub) {
       this.extensionCommandsUnsub();
       this.extensionCommandsUnsub = void 0;
     }
-    if (this.currentEntry?.kind === "user") {
+    if (this.currentEntry?.kind === "user" && !this.recentlyTerminal.has(this.currentEntry.messageId)) {
       this.broadcastTurnComplete(
         this.currentEntry.clientId,
         { stopReason: "interrupted" },
         this.currentEntry.messageId,
         this.currentEntry.wasAmend
       );
-      this.currentEntry = void 0;
     }
+    this.currentEntry = void 0;
     const stranded = this.promptQueue;
     this.promptQueue = [];
     for (const entry of stranded) {
@@ -4998,12 +5106,12 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
     this.clients.clear();
     if (this.streamBuffer !== void 0) {
       const buf = this.streamBuffer;
-      const path13 = this.streamFilePath;
+      const path14 = this.streamFilePath;
       this.streamBuffer = void 0;
       this.streamFilePath = void 0;
       buf.close();
-      if (path13 !== void 0) {
-        void buf.drainFileWrites().then(() => fsp4.unlink(path13).catch(() => void 0));
+      if (path14 !== void 0) {
+        void buf.drainFileWrites().then(() => fsp4.unlink(path14).catch(() => void 0));
       }
     }
     for (const handler of this.closeHandlers) {
@@ -5165,7 +5273,7 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
     }
     const clientParams = this.rewriteForClient(params);
     const toolCallId = extractToolCallId(clientParams);
-    return new Promise((resolve3, reject) => {
+    return new Promise((resolve4, reject) => {
       let settled = false;
       const outbound = [];
       const entry = { addClient: sendTo };
@@ -5204,7 +5312,7 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
                 update
               }).catch(() => void 0);
             }
-            resolve3(result);
+            resolve4(result);
           });
         }).catch((err) => {
           settle(() => reject(err));
@@ -5220,14 +5328,14 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
   // in flight, but doesn't emit prompt_queue_* broadcasts — clients
   // shouldn't see hydra's housekeeping in their chip list.
   async enqueuePrompt(task) {
-    return new Promise((resolve3, reject) => {
+    return new Promise((resolve4, reject) => {
       const entry = {
         kind: "internal",
         messageId: generateMessageId(),
         enqueuedAt: Date.now(),
         cancelled: false,
         task,
-        resolve: resolve3,
+        resolve: resolve4,
         reject
       };
       this.promptQueue.push(entry);
@@ -5246,7 +5354,7 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
     if (client.clientInfo?.name) originator.name = client.clientInfo.name;
     if (client.clientInfo?.version)
       originator.version = client.clientInfo.version;
-    return new Promise((resolve3, reject) => {
+    return new Promise((resolve4, reject) => {
       const entry = {
         kind: "user",
         messageId,
@@ -5255,7 +5363,7 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
         prompt: promptArray,
         enqueuedAt: Date.now(),
         cancelled: false,
-        resolve: resolve3,
+        resolve: resolve4,
         reject
       };
       this.promptQueue.push(entry);
@@ -5305,6 +5413,9 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
     await new Promise((r) => setImmediate(r));
     try {
       while (this.promptQueue.length > 0) {
+        if (this.closing) {
+          break;
+        }
         const next = this.promptQueue.shift();
         if (!next) {
           break;
@@ -5676,8 +5787,8 @@ function firstLine(text, max) {
 }
 
 // src/core/session-store.ts
-import * as fs6 from "fs/promises";
-import * as path4 from "path";
+import * as fs7 from "fs/promises";
+import * as path5 from "path";
 import { customAlphabet as customAlphabet2 } from "nanoid";
 import { z as z4 } from "zod";
 var HYDRA_ID_ALPHABET2 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
@@ -5761,6 +5872,12 @@ var SessionRecord = z4.object({
   // Set when this session was spawned as a child by a transformer via
   // hydra-acp/spawn_child_session. Points to the spawning session's id.
   parentSessionId: z4.string().optional(),
+  // Set when this session was created by hydra-acp/fork_session.
+  // forkedFromSessionId points to the local source session; forkedFromMessageId
+  // is the resolved forkAt — the messageId of the turn_complete the slice
+  // ended at. Kept so future UI can show "branched from turn N of session X".
+  forkedFromSessionId: z4.string().optional(),
+  forkedFromMessageId: z4.string().optional(),
   // clientInfo from the process that issued session/new. Picker and
   // `sessions list` use this to hide cat-style ancillary sessions by
   // default; carried in meta.json so cold sessions filter the same way.
@@ -5777,30 +5894,21 @@ function assertSafeId(id) {
 var SessionStore = class {
   async write(record) {
     assertSafeId(record.sessionId);
-    await fs6.mkdir(paths.sessionDir(record.sessionId), { recursive: true });
     const full = { version: 1, ...record };
-    await fs6.writeFile(
-      paths.sessionFile(record.sessionId),
-      JSON.stringify(full, null, 2) + "\n",
-      { encoding: "utf8", mode: 384 }
-    );
+    await writeJsonAtomic(paths.sessionFile(record.sessionId), full, {
+      mode: 384
+    });
   }
   async read(sessionId) {
     if (!SESSION_ID_PATTERN.test(sessionId)) {
       return void 0;
     }
-    let raw;
-    try {
-      raw = await fs6.readFile(paths.sessionFile(sessionId), "utf8");
-    } catch (err) {
-      const e = err;
-      if (e.code === "ENOENT") {
-        return void 0;
-      }
-      throw err;
+    const parsed = await readJsonSafe(paths.sessionFile(sessionId));
+    if (parsed === void 0) {
+      return void 0;
     }
     try {
-      return SessionRecord.parse(JSON.parse(raw));
+      return SessionRecord.parse(parsed);
     } catch {
       return void 0;
     }
@@ -5810,7 +5918,7 @@ var SessionStore = class {
       return;
     }
     try {
-      await fs6.unlink(paths.sessionFile(sessionId));
+      await fs7.unlink(paths.sessionFile(sessionId));
     } catch (err) {
       const e = err;
       if (e.code !== "ENOENT") {
@@ -5818,7 +5926,7 @@ var SessionStore = class {
       }
     }
     try {
-      await fs6.rmdir(paths.sessionDir(sessionId));
+      await fs7.rmdir(paths.sessionDir(sessionId));
     } catch (err) {
       const e = err;
       if (e.code !== "ENOENT" && e.code !== "ENOTEMPTY") {
@@ -5848,7 +5956,7 @@ var SessionStore = class {
   async list() {
     let entries;
     try {
-      entries = await fs6.readdir(paths.sessionsDir());
+      entries = await fs7.readdir(paths.sessionsDir());
     } catch (err) {
       const e = err;
       if (e.code === "ENOENT") {
@@ -5887,6 +5995,8 @@ function recordFromMemorySession(args) {
     agentModels: args.agentModels,
     pendingHistorySync: args.pendingHistorySync,
     parentSessionId: args.parentSessionId,
+    forkedFromSessionId: args.forkedFromSessionId,
+    forkedFromMessageId: args.forkedFromMessageId,
     originatingClient: args.originatingClient,
     createdAt: args.createdAt ?? now,
     updatedAt: args.updatedAt ?? now
@@ -5894,7 +6004,7 @@ function recordFromMemorySession(args) {
 }
 
 // src/core/history-store.ts
-import * as fs7 from "fs/promises";
+import * as fs8 from "fs/promises";
 var SESSION_ID_PATTERN2 = /^[A-Za-z0-9_-]+$/;
 var DEFAULT_MAX_ENTRIES = 1e3;
 var HistoryStore = class {
@@ -5911,9 +6021,9 @@ var HistoryStore = class {
       return;
     }
     return this.enqueue(sessionId, async () => {
-      await fs7.mkdir(paths.sessionDir(sessionId), { recursive: true });
+      await fs8.mkdir(paths.sessionDir(sessionId), { recursive: true });
       const line = JSON.stringify(entry) + "\n";
-      await fs7.appendFile(paths.historyFile(sessionId), line, {
+      await fs8.appendFile(paths.historyFile(sessionId), line, {
         encoding: "utf8",
         mode: 384
       });
@@ -5924,9 +6034,9 @@ var HistoryStore = class {
       return;
     }
     return this.enqueue(sessionId, async () => {
-      await fs7.mkdir(paths.sessionDir(sessionId), { recursive: true });
+      await fs8.mkdir(paths.sessionDir(sessionId), { recursive: true });
       const body = entries.length === 0 ? "" : entries.map((e) => JSON.stringify(e)).join("\n") + "\n";
-      await fs7.writeFile(paths.historyFile(sessionId), body, {
+      await fs8.writeFile(paths.historyFile(sessionId), body, {
         encoding: "utf8",
         mode: 384
       });
@@ -5943,7 +6053,7 @@ var HistoryStore = class {
     return this.enqueue(sessionId, async () => {
       let raw;
       try {
-        raw = await fs7.readFile(paths.historyFile(sessionId), "utf8");
+        raw = await fs8.readFile(paths.historyFile(sessionId), "utf8");
       } catch (err) {
         const e = err;
         if (e.code === "ENOENT") {
@@ -5956,7 +6066,7 @@ var HistoryStore = class {
         return;
       }
       const trimmed = lines.slice(-maxEntries);
-      await fs7.writeFile(paths.historyFile(sessionId), trimmed.join("\n") + "\n", {
+      await fs8.writeFile(paths.historyFile(sessionId), trimmed.join("\n") + "\n", {
         encoding: "utf8",
         mode: 384
       });
@@ -5972,7 +6082,7 @@ var HistoryStore = class {
     }
     let raw;
     try {
-      raw = await fs7.readFile(paths.historyFile(sessionId), "utf8");
+      raw = await fs8.readFile(paths.historyFile(sessionId), "utf8");
     } catch (err) {
       const e = err;
       if (e.code === "ENOENT") {
@@ -6012,13 +6122,26 @@ var HistoryStore = class {
     }
     return out;
   }
+  // Wait for every pending append/rewrite/compact across all sessions to
+  // settle. Daemon shutdown calls this after closing sessions so the final
+  // turn_complete(interrupted) emitted by markClosed reaches disk before
+  // the process exits — without this, history-replay attaches after a
+  // restart see an unmatched prompt_received and leak pendingTurns on
+  // every client.
+  async flushAll() {
+    const pending = [...this.writeQueues.values()];
+    if (pending.length === 0) {
+      return;
+    }
+    await Promise.allSettled(pending);
+  }
   async delete(sessionId) {
     if (!SESSION_ID_PATTERN2.test(sessionId)) {
       return;
     }
     return this.enqueue(sessionId, async () => {
       try {
-        await fs7.unlink(paths.historyFile(sessionId));
+        await fs8.unlink(paths.historyFile(sessionId));
       } catch (err) {
         const e = err;
         if (e.code !== "ENOENT") {
@@ -6026,7 +6149,7 @@ var HistoryStore = class {
         }
       }
       try {
-        await fs7.rmdir(paths.sessionDir(sessionId));
+        await fs8.rmdir(paths.sessionDir(sessionId));
       } catch (err) {
         const e = err;
         if (e.code !== "ENOENT" && e.code !== "ENOTEMPTY") {
@@ -6050,30 +6173,113 @@ var HistoryStore = class {
 };
 
 // src/tui/history.ts
-import { promises as fs8 } from "fs";
-import * as path5 from "path";
+import { promises as fs9 } from "fs";
+import * as path6 from "path";
 async function saveHistory(file, history) {
-  await fs8.mkdir(path5.dirname(file), { recursive: true });
+  await fs9.mkdir(path6.dirname(file), { recursive: true });
   const lines = history.map((entry) => JSON.stringify(entry));
-  await fs8.writeFile(file, lines.length > 0 ? lines.join("\n") + "\n" : "");
+  await fs9.writeFile(file, lines.length > 0 ? lines.join("\n") + "\n" : "");
+}
+
+// src/core/bundle.ts
+import { z as z5 } from "zod";
+var HistoryEntrySchema = z5.object({
+  method: z5.string(),
+  params: z5.unknown(),
+  recordedAt: z5.number()
+});
+var BundleSession = z5.object({
+  // The exporter's local id. Regenerated fresh on import (sessionId is
+  // the local namespace; lineageId is what survives across hops).
+  sessionId: z5.string(),
+  // Required on bundles — the export path backfills if the source
+  // record was written before lineageId existed.
+  lineageId: z5.string(),
+  // The exporter's agent-side session id at export time. Carried so
+  // importers can persist it as a breadcrumb (and, eventually, as the
+  // handle a "connect back to origin" feature would need). Omitted on
+  // bundles whose source record never bound to an agent (e.g. a
+  // re-export of an imported, not-yet-attached session).
+  upstreamSessionId: z5.string().optional(),
+  agentId: z5.string(),
+  cwd: z5.string(),
+  title: z5.string().optional(),
+  currentModel: z5.string().optional(),
+  currentMode: z5.string().optional(),
+  currentUsage: PersistedUsage.optional(),
+  agentCommands: z5.array(PersistedAgentCommand).optional(),
+  agentModes: z5.array(PersistedAgentMode).optional(),
+  createdAt: z5.string(),
+  updatedAt: z5.string()
+});
+var Bundle = z5.object({
+  version: z5.literal(1),
+  exportedAt: z5.string(),
+  exportedFrom: z5.object({
+    hydraVersion: z5.string(),
+    machine: z5.string(),
+    // Externally-reachable name (and optional ":port") for the exporting
+    // daemon, sourced from config.daemon.publicHost (or daemon.host when
+    // non-loopback). Carried so an importer can construct a hydra:// URL
+    // that dials back to the origin — e.g. over Tailscale. Omitted when
+    // the exporter has no routable address; never falls back to loopback.
+    hydraHost: z5.string().optional()
+  }),
+  session: BundleSession,
+  history: z5.array(HistoryEntrySchema),
+  promptHistory: z5.array(z5.string()).optional()
+});
+function encodeBundle(params) {
+  const bundle = {
+    version: 1,
+    exportedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    exportedFrom: {
+      hydraVersion: params.hydraVersion,
+      machine: params.machine,
+      ...params.hydraHost !== void 0 && params.hydraHost.length > 0 ? { hydraHost: params.hydraHost } : {}
+    },
+    session: {
+      sessionId: params.record.sessionId,
+      lineageId: params.record.lineageId,
+      ...params.record.upstreamSessionId ? { upstreamSessionId: params.record.upstreamSessionId } : {},
+      agentId: params.record.agentId,
+      cwd: params.record.cwd,
+      ...params.record.title !== void 0 ? { title: params.record.title } : {},
+      ...params.record.currentModel !== void 0 ? { currentModel: params.record.currentModel } : {},
+      ...params.record.currentMode !== void 0 ? { currentMode: params.record.currentMode } : {},
+      ...params.record.currentUsage !== void 0 ? { currentUsage: params.record.currentUsage } : {},
+      ...params.record.agentCommands !== void 0 ? { agentCommands: params.record.agentCommands } : {},
+      ...params.record.agentModes !== void 0 ? { agentModes: params.record.agentModes } : {},
+      createdAt: params.record.createdAt,
+      updatedAt: params.record.updatedAt
+    },
+    history: params.history
+  };
+  if (params.promptHistory !== void 0) {
+    bundle.promptHistory = params.promptHistory;
+  }
+  return bundle;
+}
+function decodeBundle(raw) {
+  return Bundle.parse(raw);
 }
 
 // src/core/hydra-version.ts
 import { fileURLToPath } from "url";
-import * as path6 from "path";
-import * as fs9 from "fs";
+import * as path7 from "path";
+import * as fs10 from "fs";
 function resolveVersion() {
   try {
-    let dir = path6.dirname(fileURLToPath(import.meta.url));
+    let dir = path7.dirname(fileURLToPath(import.meta.url));
     for (let i = 0; i < 8; i += 1) {
-      const candidate = path6.join(dir, "package.json");
-      if (fs9.existsSync(candidate)) {
-        const pkg = JSON.parse(fs9.readFileSync(candidate, "utf8"));
+      const candidate = path7.join(dir, "package.json");
+      if (fs10.existsSync(candidate)) {
+        const pkg = JSON.parse(fs10.readFileSync(candidate, "utf8"));
         if (typeof pkg.version === "string" && pkg.version.length > 0 && (typeof pkg.name !== "string" || pkg.name.includes("hydra-acp"))) {
           return pkg.version;
         }
       }
-      const parent = path6.dirname(dir);
+      const parent = path7.dirname(dir);
       if (parent === dir) {
         break;
       }
@@ -6349,6 +6555,8 @@ var SessionManager = class {
       firstPromptSeeded: !!params.title,
       createdAt: params.createdAt ? new Date(params.createdAt).getTime() : void 0,
       originatingClient: params.originatingClient,
+      forkedFromSessionId: params.forkedFromSessionId,
+      forkedFromMessageId: params.forkedFromMessageId,
       extensionCommands: this.extensionCommands
     });
     await this.attachManagerHooks(session);
@@ -6417,6 +6625,8 @@ var SessionManager = class {
       firstPromptSeeded: !!params.title,
       createdAt: params.createdAt ? new Date(params.createdAt).getTime() : void 0,
       originatingClient: params.originatingClient,
+      forkedFromSessionId: params.forkedFromSessionId,
+      forkedFromMessageId: params.forkedFromMessageId,
       extensionCommands: this.extensionCommands
     });
     await this.attachManagerHooks(session);
@@ -6425,7 +6635,7 @@ var SessionManager = class {
   }
   async resolveImportCwd(cwd) {
     try {
-      const stat2 = await fs10.stat(cwd);
+      const stat2 = await fs11.stat(cwd);
       if (stat2.isDirectory()) {
         return cwd;
       }
@@ -6767,7 +6977,9 @@ var SessionManager = class {
       agentModels: record.agentModels,
       createdAt: record.createdAt,
       pendingHistorySync: record.pendingHistorySync,
-      originatingClient: record.originatingClient
+      originatingClient: record.originatingClient,
+      forkedFromSessionId: record.forkedFromSessionId,
+      forkedFromMessageId: record.forkedFromMessageId
     };
   }
   async clearPendingHistorySync(sessionId) {
@@ -6868,6 +7080,8 @@ var SessionManager = class {
         currentModel: session.currentModel,
         currentUsage: session.currentUsage,
         parentSessionId: session.parentSessionId,
+        forkedFromSessionId: session.forkedFromSessionId,
+        forkedFromMessageId: session.forkedFromMessageId,
         originatingClient: session.originatingClient,
         updatedAt: used,
         attachedClients: session.attachedCount,
@@ -6898,6 +7112,8 @@ var SessionManager = class {
         importedFromMachine: r.importedFromMachine,
         importedFromUpstreamSessionId: r.importedFromUpstreamSessionId,
         parentSessionId: r.parentSessionId,
+        forkedFromSessionId: r.forkedFromSessionId,
+        forkedFromMessageId: r.forkedFromMessageId,
         originatingClient: r.originatingClient,
         updatedAt: used,
         attachedClients: 0,
@@ -6985,10 +7201,114 @@ var SessionManager = class {
       replaced: false
     };
   }
-  // Write the imported bundle's history.jsonl, prompt-history (if
-  // present), and meta.json. upstreamSessionId is left empty as the
+  // Branch an existing local session into a new one that shares context
+  // up to the chosen turn boundary and diverges from there. Composes the
+  // import pipeline: synthesizes a Bundle from the source's record and
+  // sliced history, mints a fresh lineageId, then writes the new record
+  // via writeImportedRecord with forked* breadcrumbs instead of
+  // imported*. The fork carries upstreamSessionId="" so the first attach
+  // triggers seedFromImport — same wire shape as an imported session.
+  //
+  // forkAt defaults to the messageId of the source's most recent
+  // turn_complete; explicit forkAt must reference a session/update
+  // entry that's present in the source's history.jsonl. Cutting at a
+  // completed turn excludes any in-flight prompt by construction
+  // (history.jsonl is appended serially per session), so no locking
+  // against the live source is needed.
+  //
+  // agentId defaults to the source's agent. Overriding to a different
+  // agent scrubs agent-specific state from the fork (model, mode,
+  // usage, agent-emitted commands/modes/models) so the new agent boots
+  // clean — title and conversation transcript are agent-agnostic and
+  // are kept.
+  async forkSession(sourceSessionId, opts = {}) {
+    const sourceRecord = await this.store.read(sourceSessionId);
+    if (!sourceRecord) {
+      const err = new Error(`source session not found: ${sourceSessionId}`);
+      err.code = JsonRpcErrorCodes.SessionNotFound;
+      throw err;
+    }
+    const targetAgentId = opts.agentId ?? sourceRecord.agentId;
+    const crossAgent = targetAgentId !== sourceRecord.agentId;
+    if (crossAgent) {
+      const def = await this.registry.getAgent(targetAgentId);
+      if (!def) {
+        const err = new Error(
+          `agent ${targetAgentId} not found in registry`
+        );
+        err.code = JsonRpcErrorCodes.AgentNotInstalled;
+        throw err;
+      }
+    }
+    const sourceHistory = await this.histories.load(sourceSessionId).catch(() => []);
+    let cutoffIndex;
+    let forkedAt;
+    if (opts.forkAt !== void 0) {
+      cutoffIndex = findMessageIdIndex(sourceHistory, opts.forkAt);
+      if (cutoffIndex < 0) {
+        const err = new Error(
+          `forkAt messageId not found in source history: ${opts.forkAt}`
+        );
+        err.code = JsonRpcErrorCodes.InvalidParams;
+        throw err;
+      }
+      forkedAt = opts.forkAt;
+    } else {
+      const found = findLastTurnComplete(sourceHistory);
+      if (!found) {
+        const err = new Error(
+          `source session ${sourceSessionId} has no completed turns to fork from`
+        );
+        err.code = JsonRpcErrorCodes.InvalidParams;
+        throw err;
+      }
+      cutoffIndex = found.index;
+      forkedAt = found.messageId;
+    }
+    const slicedHistory = sourceHistory.slice(0, cutoffIndex + 1);
+    const promptHistory = await loadPromptHistorySafely(sourceSessionId);
+    const recordForBundle = {
+      ...sourceRecord,
+      lineageId: generateLineageId(),
+      agentId: targetAgentId,
+      ...crossAgent ? {
+        currentModel: void 0,
+        currentMode: void 0,
+        currentUsage: void 0,
+        agentCommands: void 0,
+        agentModes: void 0,
+        agentModels: void 0
+      } : {}
+    };
+    const bundle = encodeBundle({
+      record: recordForBundle,
+      history: slicedHistory,
+      promptHistory: promptHistory.length > 0 ? promptHistory : void 0,
+      hydraVersion: HYDRA_VERSION,
+      machine: os2.hostname()
+    });
+    const newId = `${HYDRA_SESSION_PREFIX}${generateRawSessionId()}`;
+    await this.writeImportedRecord({
+      sessionId: newId,
+      bundle,
+      cwd: opts.cwd,
+      forkedFromSessionId: sourceSessionId,
+      forkedFromMessageId: forkedAt
+    });
+    return {
+      sessionId: newId,
+      forkedFromSessionId: sourceSessionId,
+      forkedAt
+    };
+  }
+  // Write the imported (or forked) bundle's history.jsonl, prompt-history
+  // (if present), and meta.json. upstreamSessionId is left empty as the
   // marker that the first attach should bootstrap a fresh agent and
-  // run seedFromImport rather than calling session/load.
+  // run seedFromImport rather than calling session/load. When
+  // forkedFromSessionId is set, the record is marked as a local fork
+  // (forked* fields populated) instead of a cross-machine import
+  // (imported* fields populated) — both share the seed-on-first-attach
+  // wire shape but trace differently in list views.
   async writeImportedRecord(args) {
     await this.histories.rewrite(
       args.sessionId,
@@ -6996,7 +7316,7 @@ var SessionManager = class {
     );
     const sourceMtime = new Date(args.bundle.session.updatedAt);
     if (!Number.isNaN(sourceMtime.getTime())) {
-      await fs10.utimes(paths.historyFile(args.sessionId), sourceMtime, sourceMtime).catch(() => void 0);
+      await fs11.utimes(paths.historyFile(args.sessionId), sourceMtime, sourceMtime).catch(() => void 0);
     }
     if (args.bundle.promptHistory && args.bundle.promptHistory.length > 0) {
       await saveHistory(
@@ -7005,14 +7325,20 @@ var SessionManager = class {
       ).catch(() => void 0);
     }
     const now = (/* @__PURE__ */ new Date()).toISOString();
+    const isFork = args.forkedFromSessionId !== void 0;
     await this.enqueueMetaWrite(args.sessionId, async () => {
       await this.store.write({
         sessionId: args.sessionId,
         lineageId: args.bundle.session.lineageId,
         upstreamSessionId: "",
-        importedFromSessionId: args.bundle.session.sessionId,
-        importedFromUpstreamSessionId: args.bundle.session.upstreamSessionId,
-        importedFromMachine: args.bundle.exportedFrom.machine,
+        ...isFork ? {
+          forkedFromSessionId: args.forkedFromSessionId,
+          forkedFromMessageId: args.forkedFromMessageId
+        } : {
+          importedFromSessionId: args.bundle.session.sessionId,
+          importedFromUpstreamSessionId: args.bundle.session.upstreamSessionId,
+          importedFromMachine: args.bundle.exportedFrom.machine
+        },
         agentId: args.bundle.session.agentId,
         cwd: args.cwd ?? args.bundle.session.cwd,
         title: args.bundle.session.title,
@@ -7146,6 +7472,14 @@ var SessionManager = class {
     }
     await Promise.allSettled(pending);
   }
+  // Wait for every pending history.jsonl write to settle. markClosed
+  // broadcasts turn_complete(interrupted) for the in-flight turn via a
+  // fire-and-forget store.append; without flushing, a SIGTERM can exit
+  // before that append hits disk, leaving an unmatched prompt_received
+  // in history that leaks pendingTurns on every client that replays it.
+  async flushHistoryWrites() {
+    await this.histories.flushAll();
+  }
   // Startup hook: scan persisted sessions for non-empty queue files,
   // apply the TTL, resurrect anything with surviving entries, and
   // replay them through the normal queue path. Called from the daemon
@@ -7244,6 +7578,8 @@ function mergeForPersistence(session, existing) {
     agentModes,
     agentModels,
     parentSessionId: session.parentSessionId ?? existing?.parentSessionId,
+    forkedFromSessionId: session.forkedFromSessionId ?? existing?.forkedFromSessionId,
+    forkedFromMessageId: session.forkedFromMessageId ?? existing?.forkedFromMessageId,
     originatingClient: session.originatingClient ?? existing?.originatingClient,
     createdAt: existing?.createdAt ?? new Date(session.createdAt).toISOString()
   });
@@ -7513,9 +7849,26 @@ function parseModesList(list) {
   }
   return out;
 }
+function findLastTurnComplete(history) {
+  for (let i = history.length - 1; i >= 0; i--) {
+    const entry = history[i];
+    if (!entry || entry.method !== "session/update") {
+      continue;
+    }
+    const update = entry.params?.update;
+    if (update?.sessionUpdate !== "turn_complete") {
+      continue;
+    }
+    if (typeof update.messageId !== "string" || update.messageId.length === 0) {
+      continue;
+    }
+    return { index: i, messageId: update.messageId };
+  }
+  return void 0;
+}
 async function loadPromptHistorySafely(sessionId) {
   try {
-    const raw = await fs10.readFile(paths.tuiHistoryFile(sessionId), "utf8");
+    const raw = await fs11.readFile(paths.tuiHistoryFile(sessionId), "utf8");
     const out = [];
     for (const line of raw.split("\n")) {
       if (line.length === 0) {
@@ -7536,7 +7889,7 @@ async function loadPromptHistorySafely(sessionId) {
 }
 async function historyMtimeIso(sessionId) {
   try {
-    const st = await fs10.stat(paths.historyFile(sessionId));
+    const st = await fs11.stat(paths.historyFile(sessionId));
     return new Date(st.mtimeMs).toISOString();
   } catch {
     return void 0;
@@ -7545,9 +7898,9 @@ async function historyMtimeIso(sessionId) {
 
 // src/core/extensions.ts
 import { spawn as spawn4 } from "child_process";
-import * as fs11 from "fs";
+import * as fs12 from "fs";
 import * as fsp5 from "fs/promises";
-import * as path7 from "path";
+import * as path8 from "path";
 var RESTART_BASE_MS = 1e3;
 var RESTART_CAP_MS = 6e4;
 var STOP_GRACE_MS = 3e3;
@@ -7604,9 +7957,9 @@ var ExtensionManager = class {
       } catch {
       }
       tasks.push(
-        new Promise((resolve3) => {
+        new Promise((resolve4) => {
           if (child.exitCode !== null || child.signalCode !== null) {
-            resolve3();
+            resolve4();
             return;
           }
           const timer = setTimeout(() => {
@@ -7614,11 +7967,11 @@ var ExtensionManager = class {
               child.kill("SIGKILL");
             } catch {
             }
-            resolve3();
+            resolve4();
           }, STOP_GRACE_MS);
           child.on("exit", () => {
             clearTimeout(timer);
-            resolve3();
+            resolve4();
           });
         })
       );
@@ -7726,8 +8079,8 @@ var ExtensionManager = class {
     if (child.exitCode !== null || child.signalCode !== null) {
       return;
     }
-    const exited = new Promise((resolve3) => {
-      entry.exitWaiters.push(resolve3);
+    const exited = new Promise((resolve4) => {
+      entry.exitWaiters.push(resolve4);
     });
     try {
       child.kill("SIGTERM");
@@ -7802,7 +8155,7 @@ var ExtensionManager = class {
       if (!entry.endsWith(".pid")) {
         continue;
       }
-      const pidPath = path7.join(paths.extensionsDir(), entry);
+      const pidPath = path8.join(paths.extensionsDir(), entry);
       let pid;
       try {
         const raw = await fsp5.readFile(pidPath, "utf8");
@@ -7841,7 +8194,7 @@ var ExtensionManager = class {
     }
     const ext = entry.config;
     const command = ext.command.length > 0 ? ext.command : [ext.name];
-    const logStream = fs11.createWriteStream(paths.extensionLogFile(ext.name), {
+    const logStream = fs12.createWriteStream(paths.extensionLogFile(ext.name), {
       flags: "a"
     });
     logStream.write(
@@ -7894,7 +8247,7 @@ var ExtensionManager = class {
     }
     if (typeof child.pid === "number") {
       try {
-        fs11.writeFileSync(paths.extensionPidFile(ext.name), `${child.pid}
+        fs12.writeFileSync(paths.extensionPidFile(ext.name), `${child.pid}
 `, {
           encoding: "utf8",
           mode: 384
@@ -7919,7 +8272,7 @@ var ExtensionManager = class {
     });
     child.on("exit", (code, signal) => {
       try {
-        fs11.unlinkSync(paths.extensionPidFile(ext.name));
+        fs12.unlinkSync(paths.extensionPidFile(ext.name));
       } catch {
       }
       logStream.write(
@@ -7934,8 +8287,8 @@ var ExtensionManager = class {
         entry.processToken = void 0;
       }
       const waiters = entry.exitWaiters.splice(0);
-      for (const resolve3 of waiters) {
-        resolve3();
+      for (const resolve4 of waiters) {
+        resolve4();
       }
       if (this.stopping || entry.manuallyStopped) {
         try {
@@ -7981,9 +8334,9 @@ function withCode2(err, code) {
 
 // src/core/transformer-manager.ts
 import { spawn as spawn5 } from "child_process";
-import * as fs12 from "fs";
+import * as fs13 from "fs";
 import * as fsp6 from "fs/promises";
-import * as path8 from "path";
+import * as path9 from "path";
 var RESTART_BASE_MS2 = 1e3;
 var RESTART_CAP_MS2 = 6e4;
 var STOP_GRACE_MS2 = 3e3;
@@ -8067,9 +8420,9 @@ var TransformerManager = class {
       } catch {
       }
       tasks.push(
-        new Promise((resolve3) => {
+        new Promise((resolve4) => {
           if (child.exitCode !== null || child.signalCode !== null) {
-            resolve3();
+            resolve4();
             return;
           }
           const timer = setTimeout(() => {
@@ -8077,11 +8430,11 @@ var TransformerManager = class {
               child.kill("SIGKILL");
             } catch {
             }
-            resolve3();
+            resolve4();
           }, STOP_GRACE_MS2);
           child.on("exit", () => {
             clearTimeout(timer);
-            resolve3();
+            resolve4();
           });
         })
       );
@@ -8186,8 +8539,8 @@ var TransformerManager = class {
     if (child.exitCode !== null || child.signalCode !== null) {
       return;
     }
-    const exited = new Promise((resolve3) => {
-      entry.exitWaiters.push(resolve3);
+    const exited = new Promise((resolve4) => {
+      entry.exitWaiters.push(resolve4);
     });
     try {
       child.kill("SIGTERM");
@@ -8262,7 +8615,7 @@ var TransformerManager = class {
       if (!entry.endsWith(".pid")) {
         continue;
       }
-      const pidPath = path8.join(paths.transformersDir(), entry);
+      const pidPath = path9.join(paths.transformersDir(), entry);
       let pid;
       try {
         const raw = await fsp6.readFile(pidPath, "utf8");
@@ -8301,7 +8654,7 @@ var TransformerManager = class {
     }
     const t = entry.config;
     const command = t.command.length > 0 ? t.command : [t.name];
-    const logStream = fs12.createWriteStream(paths.transformerLogFile(t.name), {
+    const logStream = fs13.createWriteStream(paths.transformerLogFile(t.name), {
       flags: "a"
     });
     logStream.write(
@@ -8354,7 +8707,7 @@ var TransformerManager = class {
     }
     if (typeof child.pid === "number") {
       try {
-        fs12.writeFileSync(paths.transformerPidFile(t.name), `${child.pid}
+        fs13.writeFileSync(paths.transformerPidFile(t.name), `${child.pid}
 `, {
           encoding: "utf8",
           mode: 384
@@ -8379,7 +8732,7 @@ var TransformerManager = class {
     });
     child.on("exit", (code, signal) => {
       try {
-        fs12.unlinkSync(paths.transformerPidFile(t.name));
+        fs13.unlinkSync(paths.transformerPidFile(t.name));
       } catch {
       }
       logStream.write(
@@ -8394,8 +8747,8 @@ var TransformerManager = class {
         entry.processToken = void 0;
       }
       const waiters = entry.exitWaiters.splice(0);
-      for (const resolve3 of waiters) {
-        resolve3();
+      for (const resolve4 of waiters) {
+        resolve4();
       }
       if (this.stopping || entry.manuallyStopped) {
         try {
@@ -8490,7 +8843,7 @@ var ExtensionCommandRegistry = class {
 
 // src/core/agent-prune.ts
 import * as fsp7 from "fs/promises";
-import * as path9 from "path";
+import * as path10 from "path";
 var logSink3 = (msg) => {
   process.stderr.write(msg + "\n");
 };
@@ -8508,7 +8861,7 @@ async function pruneStaleAgentVersions(registry, sessionManager) {
     desiredByAgent.set(a.id, a.version ?? "current");
   }
   const activeByAgent = sessionManager.activeAgentVersions();
-  const platformDir = path9.join(paths.agentsDir(), platformKey);
+  const platformDir = path10.join(paths.agentsDir(), platformKey);
   let agentEntries;
   try {
     agentEntries = await fsp7.readdir(platformDir, { withFileTypes: true });
@@ -8530,7 +8883,7 @@ async function pruneStaleAgentVersions(registry, sessionManager) {
       continue;
     }
     const activeVersions = activeByAgent.get(agentId) ?? /* @__PURE__ */ new Set();
-    const agentDir = path9.join(platformDir, agentId);
+    const agentDir = path10.join(platformDir, agentId);
     let versionEntries;
     try {
       versionEntries = await fsp7.readdir(agentDir, { withFileTypes: true });
@@ -8554,7 +8907,7 @@ async function pruneStaleAgentVersions(registry, sessionManager) {
       if (version.includes(".partial-")) {
         continue;
       }
-      const versionDir = path9.join(agentDir, version);
+      const versionDir = path10.join(agentDir, version);
       try {
         await fsp7.rm(versionDir, { recursive: true, force: true });
         logSink3(`hydra-acp: pruned stale ${agentId} ${version} (${versionDir})`);
@@ -8567,23 +8920,88 @@ async function pruneStaleAgentVersions(registry, sessionManager) {
   }
 }
 
+// src/core/agent-sync-scheduler.ts
+function startAgentSyncScheduler(opts) {
+  let timer;
+  let stopped = false;
+  let cursor = 0;
+  const log = (level, msg) => {
+    if (!opts.logger) {
+      return;
+    }
+    opts.logger[level](`agent-sync: ${msg}`);
+  };
+  const tick = async () => {
+    const installed = [];
+    try {
+      const doc = await opts.registry.load();
+      for (const a of doc.agents) {
+        const state = await agentInstallState(a);
+        if (state === "yes") {
+          installed.push(a.id);
+        }
+      }
+    } catch (err) {
+      log("warn", `registry load failed: ${err.message}`);
+      return opts.intervalMs;
+    }
+    if (installed.length === 0) {
+      return opts.intervalMs;
+    }
+    const idx = cursor % installed.length;
+    cursor = (cursor + 1) % installed.length;
+    const agentId = installed[idx];
+    try {
+      const { synced, skipped } = await opts.manager.syncFromAgent(agentId);
+      log(
+        "info",
+        `${agentId}: synced ${synced.length}, skipped ${skipped}`
+      );
+    } catch (err) {
+      log("warn", `${agentId}: ${err.message}`);
+    }
+    return Math.max(1, Math.floor(opts.intervalMs / installed.length));
+  };
+  const scheduleNext = (delayMs) => {
+    if (stopped) {
+      return;
+    }
+    timer = setTimeout(() => {
+      tick().then((nextDelay) => {
+        scheduleNext(nextDelay);
+      }).catch((err) => {
+        log("warn", `tick crashed: ${err.message}`);
+        scheduleNext(opts.intervalMs);
+      });
+    }, delayMs);
+    timer.unref();
+  };
+  scheduleNext(opts.intervalMs);
+  return () => {
+    stopped = true;
+    if (timer) {
+      clearTimeout(timer);
+      timer = void 0;
+    }
+  };
+}
+
 // src/core/session-tokens.ts
-import * as fs13 from "fs/promises";
-import * as path10 from "path";
-import { createHash, randomBytes, timingSafeEqual } from "crypto";
+import * as path11 from "path";
+import { createHash, randomBytes as randomBytes2, timingSafeEqual } from "crypto";
 var TOKEN_PREFIX = "hydra_session_";
 var DEFAULT_TTL_SEC = 60 * 60 * 24 * 30;
 var ID_LENGTH = 12;
 var TOKEN_BYTES = 32;
 var WRITE_DEBOUNCE_MS = 50;
 function tokensFilePath() {
-  return path10.join(paths.home(), "session-tokens.json");
+  return path11.join(paths.home(), "session-tokens.json");
 }
 function sha256Hex(input) {
   return createHash("sha256").update(input).digest("hex");
 }
 function randomHex(bytes) {
-  return randomBytes(bytes).toString("hex");
+  return randomBytes2(bytes).toString("hex");
 }
 function generateId() {
   return randomHex(ID_LENGTH).slice(0, ID_LENGTH * 2);
@@ -8603,17 +9021,11 @@ var SessionTokenStore = class _SessionTokenStore {
   }
   static async load() {
     let records = [];
-    try {
-      const raw = await fs13.readFile(tokensFilePath(), "utf8");
-      const parsed = JSON.parse(raw);
-      if (parsed && Array.isArray(parsed.records)) {
-        records = parsed.records.filter(isRecord);
-      }
-    } catch (err) {
-      const e = err;
-      if (e.code !== "ENOENT") {
-        throw err;
-      }
+    const parsed = await readJsonSafe(
+      tokensFilePath()
+    );
+    if (parsed && Array.isArray(parsed.records)) {
+      records = parsed.records.filter(isRecord);
     }
     const store = new _SessionTokenStore(records);
     const removed = store.sweepExpired(/* @__PURE__ */ new Date());
@@ -8730,14 +9142,11 @@ var SessionTokenStore = class _SessionTokenStore {
       await this.writeInflight;
     }
     const records = Array.from(this.records.values());
-    const payload = JSON.stringify({ records }, null, 2) + "\n";
-    this.writeInflight = (async () => {
-      await fs13.mkdir(paths.home(), { recursive: true });
-      await fs13.writeFile(tokensFilePath(), payload, {
-        encoding: "utf8",
-        mode: 384
-      });
-    })();
+    this.writeInflight = writeJsonAtomic(
+      tokensFilePath(),
+      { records },
+      { mode: 384 }
+    );
     try {
       await this.writeInflight;
     } finally {
@@ -8905,89 +9314,6 @@ var AuthRateLimiter = class {
 // src/daemon/routes/sessions.ts
 import * as os3 from "os";
 
-// src/core/bundle.ts
-import { z as z5 } from "zod";
-var HistoryEntrySchema = z5.object({
-  method: z5.string(),
-  params: z5.unknown(),
-  recordedAt: z5.number()
-});
-var BundleSession = z5.object({
-  // The exporter's local id. Regenerated fresh on import (sessionId is
-  // the local namespace; lineageId is what survives across hops).
-  sessionId: z5.string(),
-  // Required on bundles — the export path backfills if the source
-  // record was written before lineageId existed.
-  lineageId: z5.string(),
-  // The exporter's agent-side session id at export time. Carried so
-  // importers can persist it as a breadcrumb (and, eventually, as the
-  // handle a "connect back to origin" feature would need). Omitted on
-  // bundles whose source record never bound to an agent (e.g. a
-  // re-export of an imported, not-yet-attached session).
-  upstreamSessionId: z5.string().optional(),
-  agentId: z5.string(),
-  cwd: z5.string(),
-  title: z5.string().optional(),
-  currentModel: z5.string().optional(),
-  currentMode: z5.string().optional(),
-  currentUsage: PersistedUsage.optional(),
-  agentCommands: z5.array(PersistedAgentCommand).optional(),
-  agentModes: z5.array(PersistedAgentMode).optional(),
-  createdAt: z5.string(),
-  updatedAt: z5.string()
-});
-var Bundle = z5.object({
-  version: z5.literal(1),
-  exportedAt: z5.string(),
-  exportedFrom: z5.object({
-    hydraVersion: z5.string(),
-    machine: z5.string(),
-    // Externally-reachable name (and optional ":port") for the exporting
-    // daemon, sourced from config.daemon.publicHost (or daemon.host when
-    // non-loopback). Carried so an importer can construct a hydra:// URL
-    // that dials back to the origin — e.g. over Tailscale. Omitted when
-    // the exporter has no routable address; never falls back to loopback.
-    hydraHost: z5.string().optional()
-  }),
-  session: BundleSession,
-  history: z5.array(HistoryEntrySchema),
-  promptHistory: z5.array(z5.string()).optional()
-});
-function encodeBundle(params) {
-  const bundle = {
-    version: 1,
-    exportedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    exportedFrom: {
-      hydraVersion: params.hydraVersion,
-      machine: params.machine,
-      ...params.hydraHost !== void 0 && params.hydraHost.length > 0 ? { hydraHost: params.hydraHost } : {}
-    },
-    session: {
-      sessionId: params.record.sessionId,
-      lineageId: params.record.lineageId,
-      ...params.record.upstreamSessionId ? { upstreamSessionId: params.record.upstreamSessionId } : {},
-      agentId: params.record.agentId,
-      cwd: params.record.cwd,
-      ...params.record.title !== void 0 ? { title: params.record.title } : {},
-      ...params.record.currentModel !== void 0 ? { currentModel: params.record.currentModel } : {},
-      ...params.record.currentMode !== void 0 ? { currentMode: params.record.currentMode } : {},
-      ...params.record.currentUsage !== void 0 ? { currentUsage: params.record.currentUsage } : {},
-      ...params.record.agentCommands !== void 0 ? { agentCommands: params.record.agentCommands } : {},
-      ...params.record.agentModes !== void 0 ? { agentModes: params.record.agentModes } : {},
-      createdAt: params.record.createdAt,
-      updatedAt: params.record.updatedAt
-    },
-    history: params.history
-  };
-  if (params.promptHistory !== void 0) {
-    bundle.promptHistory = params.promptHistory;
-  }
-  return bundle;
-}
-function decodeBundle(raw) {
-  return Bundle.parse(raw);
-}
-
 // src/core/render-update.ts
 import stripAnsi from "strip-ansi";
 var STRIP_CONTROLS = /[\x00-\x08\x0b-\x1f\x7f]/g;
@@ -9181,6 +9507,51 @@ function isExitPlanModeTool(name) {
   const normalised = name.toLowerCase().replace(/[_\s-]/g, "");
   return normalised === "exitplanmode";
 }
+function extractEditDiff(u) {
+  const content = u.content;
+  if (Array.isArray(content)) {
+    for (const block of content) {
+      if (!block || typeof block !== "object") {
+        continue;
+      }
+      const b = block;
+      if (b.type !== "diff") {
+        continue;
+      }
+      const oldText = typeof b.oldText === "string" ? b.oldText : void 0;
+      const newText = typeof b.newText === "string" ? b.newText : void 0;
+      if (oldText === void 0 && newText === void 0) {
+        continue;
+      }
+      const path14 = typeof b.path === "string" ? b.path : void 0;
+      return {
+        ...path14 !== void 0 ? { path: path14 } : {},
+        oldText: oldText ?? "",
+        newText: newText ?? ""
+      };
+    }
+  }
+  const rawInput = u.rawInput;
+  if (rawInput && typeof rawInput === "object" && !Array.isArray(rawInput)) {
+    const r = rawInput;
+    const filePath = typeof r.file_path === "string" ? r.file_path : typeof r.path === "string" ? r.path : void 0;
+    if (typeof r.old_string === "string" && typeof r.new_string === "string") {
+      return {
+        ...filePath !== void 0 ? { path: filePath } : {},
+        oldText: r.old_string,
+        newText: r.new_string
+      };
+    }
+    if (typeof r.content === "string") {
+      return {
+        ...filePath !== void 0 ? { path: filePath } : {},
+        oldText: "",
+        newText: r.content
+      };
+    }
+  }
+  return null;
+}
 function readExitPlanMarkdown(u) {
   const rawInput = u.rawInput;
   if (!rawInput || typeof rawInput !== "object" || Array.isArray(rawInput)) {
@@ -9220,6 +9591,10 @@ function mapToolCall(u) {
   if (rawKind !== void 0) {
     event.rawKind = rawKind;
   }
+  const diff = extractEditDiff(u);
+  if (diff !== null) {
+    event.editDiff = diff;
+  }
   return event;
 }
 function mapToolCallUpdate(u) {
@@ -9230,7 +9605,8 @@ function mapToolCallUpdate(u) {
   const rawTitle = readString(u, "title");
   const title = rawTitle !== void 0 ? sanitizeSingleLine(rawTitle) : void 0;
   const status = readString(u, "status");
-  const meaningful = title !== void 0 || status === "completed" || status === "failed" || status === "rejected" || status === "cancelled";
+  const diff = extractEditDiff(u);
+  const meaningful = title !== void 0 || diff !== null || status === "completed" || status === "failed" || status === "rejected" || status === "cancelled";
   if (!meaningful) {
     return null;
   }
@@ -9253,6 +9629,9 @@ function mapToolCallUpdate(u) {
   if (status !== void 0) {
     event.status = status;
   }
+  if (diff !== null) {
+    event.editDiff = diff;
+  }
   if (status === "failed") {
     const errorText = extractToolFailureText(u);
     if (errorText !== null) {
@@ -10172,6 +10551,48 @@ function registerSessionRoutes(app, manager, defaults) {
     reply.header("Content-Type", "text/markdown; charset=utf-8");
     reply.code(200).send(bundleToMarkdown(bundle));
   });
+  app.post("/v1/sessions/:id/fork", async (request, reply) => {
+    const raw = request.params.id;
+    const id = await manager.resolveCanonicalId(raw) ?? raw;
+    const body = request.body ?? {};
+    const opts = {};
+    if (body.forkAt !== void 0) {
+      if (typeof body.forkAt !== "string" || body.forkAt.length === 0) {
+        reply.code(400).send({ error: "forkAt must be a non-empty string" });
+        return;
+      }
+      opts.forkAt = body.forkAt;
+    }
+    if (body.cwd !== void 0) {
+      if (typeof body.cwd !== "string" || body.cwd.length === 0) {
+        reply.code(400).send({ error: "cwd must be a non-empty string" });
+        return;
+      }
+      opts.cwd = expandHome(body.cwd);
+    }
+    if (body.agentId !== void 0) {
+      if (typeof body.agentId !== "string" || body.agentId.length === 0) {
+        reply.code(400).send({ error: "agentId must be a non-empty string" });
+        return;
+      }
+      opts.agentId = body.agentId;
+    }
+    try {
+      const result = await manager.forkSession(id, opts);
+      reply.code(201).send(result);
+    } catch (err) {
+      const e = err;
+      if (e.code === JsonRpcErrorCodes.SessionNotFound) {
+        reply.code(404).send({ error: e.message });
+        return;
+      }
+      if (e.code === JsonRpcErrorCodes.InvalidParams || e.code === JsonRpcErrorCodes.AgentNotInstalled) {
+        reply.code(400).send({ error: e.message });
+        return;
+      }
+      reply.code(500).send({ error: e.message });
+    }
+  });
   app.post("/v1/sessions/import", async (request, reply) => {
     const body = request.body ?? {};
     if (body.bundle === void 0) {
@@ -10284,15 +10705,20 @@ function registerSessionRoutes(app, manager, defaults) {
 function registerAgentRoutes(app, registry, manager, opts = {}) {
   app.get("/v1/agents", async () => {
     const doc = await registry.load();
-    return {
-      version: doc.version,
-      agents: doc.agents.map((a) => ({
+    const agents = await Promise.all(
+      doc.agents.map(async (a) => ({
         id: a.id,
         name: a.name,
         version: a.version,
         description: a.description,
-        distributions: Object.keys(a.distribution)
+        distributions: Object.keys(a.distribution),
+        installed: await agentInstallState(a)
       }))
+    );
+    return {
+      version: doc.version,
+      fetchedAt: registry.lastFetchedAt(),
+      agents
     };
   });
   app.get("/v1/registry", async () => {
@@ -10611,12 +11037,12 @@ import { z as z6 } from "zod";
 
 // src/core/password.ts
 import * as fs14 from "fs/promises";
-import * as path11 from "path";
-import { randomBytes as randomBytes2, scrypt, timingSafeEqual as timingSafeEqual2 } from "crypto";
+import * as path12 from "path";
+import { randomBytes as randomBytes3, scrypt, timingSafeEqual as timingSafeEqual2 } from "crypto";
 import { promisify } from "util";
 var scryptAsync = promisify(scrypt);
 function passwordHashPath() {
-  return path11.join(paths.home(), "password-hash");
+  return path12.join(paths.home(), "password-hash");
 }
 var DEFAULT_N = 1 << 15;
 var MAX_MEM = 128 * 1024 * 1024;
@@ -10805,13 +11231,13 @@ function wsToMessageStream(ws) {
         throw new Error("ws is closed");
       }
       const text = JSON.stringify(message);
-      await new Promise((resolve3, reject) => {
+      await new Promise((resolve4, reject) => {
         ws.send(text, (err) => {
           if (err) {
             reject(err);
             return;
           }
-          resolve3();
+          resolve4();
         });
       });
     },
@@ -10833,8 +11259,8 @@ function wsToMessageStream(ws) {
 
 // src/daemon/acp-ws.ts
 import * as os4 from "os";
-import * as path12 from "path";
-import { randomBytes as randomBytes3 } from "crypto";
+import * as path13 from "path";
+import { randomBytes as randomBytes4 } from "crypto";
 function registerAcpWsEndpoint(app, deps) {
   app.get("/acp", { websocket: true }, async (socket, request) => {
     const token = tokenFromUpgradeRequest({
@@ -10916,6 +11342,50 @@ function registerAcpWsEndpoint(app, deps) {
         registry.clear(processIdentity.name);
       });
     }
+    if (processIdentity && deps.extensionMcp) {
+      const mcpRegistry = deps.extensionMcp;
+      connection.onRequest("hydra-acp/register_mcp_tools", async (raw) => {
+        const params = raw ?? {};
+        const instructions = typeof params.instructions === "string" ? params.instructions : void 0;
+        const tools = Array.isArray(params.tools) ? params.tools.map((t) => {
+          if (!t || typeof t !== "object") {
+            return void 0;
+          }
+          const obj = t;
+          if (typeof obj.name !== "string" || obj.name.length === 0) {
+            return void 0;
+          }
+          if (typeof obj.description !== "string") {
+            return void 0;
+          }
+          if (obj.inputSchema === null || typeof obj.inputSchema !== "object") {
+            return void 0;
+          }
+          const spec = {
+            name: obj.name,
+            description: obj.description,
+            inputSchema: obj.inputSchema
+          };
+          if (obj.outputSchema !== null && typeof obj.outputSchema === "object") {
+            spec.outputSchema = obj.outputSchema;
+          }
+          return spec;
+        }).filter((s) => s !== void 0) : [];
+        if (tools.length === 0) {
+          throw new Error("register_mcp_tools requires at least one tool");
+        }
+        mcpRegistry.register(
+          processIdentity.name,
+          connection,
+          instructions,
+          tools
+        );
+        return { ok: true, registered: tools.length };
+      });
+      connection.onClose(() => {
+        mcpRegistry.clear(processIdentity.name);
+      });
+    }
     if (processIdentity?.kind === "transformer") {
       connection.onRequest("transformer/initialize", async (raw) => {
         const params = raw ?? {};
@@ -10987,6 +11457,23 @@ function registerAcpWsEndpoint(app, deps) {
         });
         return { childSessionId: child.sessionId };
       });
+      connection.onRequest("hydra-acp/fork_session", async (raw) => {
+        const params = raw ?? {};
+        if (typeof params.sessionId !== "string") {
+          throw Object.assign(
+            new Error("fork_session requires sessionId"),
+            { code: JsonRpcErrorCodes.InvalidParams }
+          );
+        }
+        const forkAt = typeof params.forkAt === "string" ? params.forkAt : void 0;
+        const cwd = typeof params.cwd === "string" ? params.cwd : void 0;
+        const agentId = typeof params.agentId === "string" ? params.agentId : void 0;
+        return await deps.manager.forkSession(params.sessionId, {
+          ...forkAt !== void 0 ? { forkAt } : {},
+          ...cwd !== void 0 ? { cwd } : {},
+          ...agentId !== void 0 ? { agentId } : {}
+        });
+      });
       connection.onRequest("hydra-acp/await_child", async (raw) => {
         const params = raw ?? {};
         const childSessionId = typeof params.childSessionId === "string" ? params.childSessionId : void 0;
@@ -11002,13 +11489,13 @@ function registerAcpWsEndpoint(app, deps) {
             { code: JsonRpcErrorCodes.SessionNotFound }
           );
         }
-        return new Promise((resolve3) => {
+        return new Promise((resolve4) => {
           const entries = [];
           let unsubscribe;
           const finish = () => {
             clearTimeout(timer);
             unsubscribe?.();
-            resolve3({ entries });
+            resolve4({ entries });
           };
           unsubscribe = child.onBroadcast((entry) => {
             entries.push(entry);
@@ -11060,12 +11547,12 @@ function registerAcpWsEndpoint(app, deps) {
       let stdinToken;
       let stdinReservation;
       let augmentedMcpServers = params.mcpServers;
-      if (hydraMeta.mcpStdin === true && deps.stdinMcpRegistry !== void 0 && deps.getDaemonOrigin !== void 0) {
-        stdinToken = randomBytes3(32).toString("hex");
-        stdinReservation = deps.stdinMcpRegistry.reserve(stdinToken);
-        const url = `${deps.getDaemonOrigin()}/mcp/stdin`;
+      if (hydraMeta.mcpStdin === true && deps.mcpTokenRegistry !== void 0 && deps.getDaemonOrigin !== void 0) {
+        stdinToken = randomBytes4(32).toString("hex");
+        stdinReservation = deps.mcpTokenRegistry.reserve(stdinToken);
+        const url = `${deps.getDaemonOrigin()}/mcp/hydra-acp-stdin`;
         const descriptor = {
-          name: "hydra_stdin",
+          name: "hydra-acp-stdin",
           type: "http",
           url,
           headers: [
@@ -11074,6 +11561,28 @@ function registerAcpWsEndpoint(app, deps) {
         };
         augmentedMcpServers = [...params.mcpServers ?? [], descriptor];
       }
+      let extMcpToken;
+      let extMcpReservation;
+      if (deps.extensionMcp !== void 0 && deps.mcpTokenRegistry !== void 0 && deps.getDaemonOrigin !== void 0) {
+        const extNames = deps.extensionMcp.list();
+        if (extNames.length > 0) {
+          extMcpToken = randomBytes4(32).toString("hex");
+          extMcpReservation = deps.mcpTokenRegistry.reserve(extMcpToken);
+          const origin = deps.getDaemonOrigin();
+          const descriptors = extNames.map((name) => ({
+            name,
+            type: "http",
+            url: `${origin}/mcp/${name}`,
+            headers: [
+              { name: "Authorization", value: `Bearer ${extMcpToken}` }
+            ]
+          }));
+          augmentedMcpServers = [
+            ...augmentedMcpServers ?? [],
+            ...descriptors
+          ];
+        }
+      }
       let session;
       try {
         session = await deps.manager.create({
@@ -11091,16 +11600,27 @@ function registerAcpWsEndpoint(app, deps) {
         if (stdinReservation !== void 0) {
           stdinReservation.abandon(err instanceof Error ? err : void 0);
         }
+        if (extMcpReservation !== void 0) {
+          extMcpReservation.abandon(err instanceof Error ? err : void 0);
+        }
         throw err;
       }
-      if (stdinToken !== void 0 && stdinReservation !== void 0 && deps.stdinMcpRegistry !== void 0) {
+      if (stdinToken !== void 0 && stdinReservation !== void 0 && deps.mcpTokenRegistry !== void 0) {
         const token2 = stdinToken;
-        const registry = deps.stdinMcpRegistry;
+        const registry = deps.mcpTokenRegistry;
         stdinReservation.complete(session);
         session.onClose(() => {
           void registry.unbind(token2);
         });
       }
+      if (extMcpToken !== void 0 && extMcpReservation !== void 0 && deps.mcpTokenRegistry !== void 0) {
+        const token2 = extMcpToken;
+        const registry = deps.mcpTokenRegistry;
+        extMcpReservation.complete(session);
+        session.onClose(() => {
+          void registry.unbind(token2);
+        });
+      }
       const client = bindClientToSession(connection, session, state);
       const { entries: replay } = await session.attach(client, "full");
       state.attached.set(session.sessionId, {
@@ -11403,7 +11923,7 @@ function registerAcpWsEndpoint(app, deps) {
         openOpts.fileCapBytes = params.fileCapBytes;
       }
       if ((params.mode ?? "memory") === "file") {
-        openOpts.filePathFor = (sid) => path12.join(os4.tmpdir(), `hydra-stdin-${sid}.log`);
+        openOpts.filePathFor = (sid) => path13.join(os4.tmpdir(), `hydra-acp-stdin-${sid}.log`);
       }
       return session.openStream(openOpts);
     });
@@ -11821,26 +12341,25 @@ function bindClientToSession(connection, session, state, clientInfo, callerClien
   };
 }
 
-// src/daemon/mcp/stdin-registry.ts
-var StdinMcpRegistry = class {
+// src/daemon/mcp/token-registry.ts
+var McpTokenRegistry = class {
   byToken = /* @__PURE__ */ new Map();
-  // Reserve a token slot before the session exists. Used by acp-ws when
-  // we need to inject the bearer into the agent's mcpServers BEFORE
-  // manager.create() returns — claude-acp connects to /mcp/stdin during
-  // session/new initialization (eagerly), so the route handler must be
-  // able to find the token by the time the agent's first request lands.
   reserve(token) {
     if (this.byToken.has(token)) {
-      throw new Error(`stdin MCP token already bound`);
+      throw new Error("mcp token already bound");
     }
     let resolveSession;
     let rejectSession;
-    const sessionReady = new Promise((resolve3, reject) => {
-      resolveSession = resolve3;
+    const sessionReady = new Promise((resolve4, reject) => {
+      resolveSession = resolve4;
       rejectSession = reject;
     });
     sessionReady.catch(() => void 0);
-    const entry = { session: void 0, sessionReady };
+    const entry = {
+      session: void 0,
+      sessionReady,
+      disposers: []
+    };
     this.byToken.set(token, entry);
     return {
       complete: (session) => {
@@ -11849,7 +12368,7 @@ var StdinMcpRegistry = class {
       },
       abandon: (reason) => {
         this.byToken.delete(token);
-        rejectSession(reason ?? new Error("stdin MCP reservation abandoned"));
+        rejectSession(reason ?? new Error("mcp token reservation abandoned"));
       }
     };
   }
@@ -11862,29 +12381,26 @@ var StdinMcpRegistry = class {
   lookup(token) {
     return this.byToken.get(token);
   }
-  attachTransport(token, server, transport) {
-    const ep = this.byToken.get(token);
-    if (!ep) {
+  // Register a cleanup callback for this token. No-op if the token is
+  // not currently bound — late additions after unbind() would never fire
+  // anyway, so dropping them silently is safer than throwing into an
+  // unrelated cleanup path.
+  addDisposer(token, dispose) {
+    const entry = this.byToken.get(token);
+    if (entry === void 0) {
       return;
     }
-    ep.server = server;
-    ep.transport = transport;
+    entry.disposers.push(dispose);
   }
   async unbind(token) {
-    const ep = this.byToken.get(token);
-    if (!ep) {
+    const entry = this.byToken.get(token);
+    if (entry === void 0) {
       return;
     }
     this.byToken.delete(token);
-    if (ep.transport) {
+    for (const dispose of entry.disposers) {
       try {
-        await ep.transport.close();
-      } catch {
-      }
-    }
-    if (ep.server) {
-      try {
-        await ep.server.close();
+        await dispose();
       } catch {
       }
     }
@@ -11899,6 +12415,8 @@ import { randomUUID } from "crypto";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { z as z7 } from "zod";
+
+// src/daemon/mcp/bearer.ts
 var BEARER_PREFIX2 = "Bearer ";
 function extractBearer(req) {
   const header = req.headers.authorization;
@@ -11911,15 +12429,17 @@ function extractBearer(req) {
   const token = header.slice(BEARER_PREFIX2.length).trim();
   return token.length > 0 ? token : void 0;
 }
+
+// src/daemon/mcp/stdin-server.ts
 function buildMcpServer(session) {
   const server = new McpServer(
-    { name: "hydra-stdin", version: "1.0.0" },
+    { name: "hydra-acp-stdin", version: "1.0.0" },
     {
-      instructions: "Piped input from `hydra cat --stream` is exposed here as a byte stream. Use `tail_stdin` for the latest N bytes (good for finding the end of a log), `head_stdin` for the first N bytes (good for headers/preamble), `read_stdin` for windowed reads against an absolute byte cursor, `wait_for_more` to block until new bytes arrive past a cursor, and `stdin_info` for the current cursors/capacity/closed status. Byte payloads come back base64-encoded."
+      instructions: "Piped input from `hydra cat --stream` is exposed here as a byte stream. Use `tail` for the latest N bytes (good for finding the end of a log), `head` for the first N bytes (good for headers/preamble), `read` for windowed reads against an absolute byte cursor, `wait_for_more` to block until new bytes arrive past a cursor, and `info` for the current cursors/capacity/closed status. Byte payloads come back base64-encoded."
     }
   );
   server.registerTool(
-    "tail_stdin",
+    "tail",
     {
       description: "Return the most recent `bytes` bytes of piped stdin (capped server-side, default 64 KiB max). `truncated:true` means older bytes existed but have been evicted from the ring.",
       inputSchema: {
@@ -11940,7 +12460,7 @@ function buildMcpServer(session) {
     }
   );
   server.registerTool(
-    "head_stdin",
+    "head",
     {
       description: "Return the first `bytes` bytes of piped stdin (capped server-side, default 64 KiB max). `truncated:true` means the head has already been evicted from the ring and the returned bytes start at the oldest still-resident cursor.",
       inputSchema: {
@@ -11961,7 +12481,7 @@ function buildMcpServer(session) {
     }
   );
   server.registerTool(
-    "read_stdin",
+    "read",
     {
       description: "Read up to `max_bytes` bytes starting at absolute byte `cursor`. Returns `{bytes, nextCursor, gap?, eof?}` \u2014 `gap` is the number of bytes silently skipped because the ring had evicted them; `eof:true` means the producer closed and there is nothing left to read.",
       inputSchema: {
@@ -12014,9 +12534,9 @@ function buildMcpServer(session) {
     }
   );
   server.registerTool(
-    "grep_stdin",
+    "grep",
     {
-      description: "Scan piped stdin line-by-line and return lines matching `pattern`. Prefer this over `read_stdin` when the question is 'find lines that mention X' \u2014 it filters server-side so you don't pull and decode 64 KiB base64 windows. Returns `{matches: [{cursor, line, before?, after?}], truncated, nextCursor, gap?, scannedBytes, eof?}`. Lines come back as decoded UTF-8 strings (not base64). When `truncated:true`, re-call with `cursor: nextCursor` to resume.",
+      description: "Scan piped stdin line-by-line and return lines matching `pattern`. Prefer this over `read` when the question is 'find lines that mention X' \u2014 it filters server-side so you don't pull and decode 64 KiB base64 windows. Returns `{matches: [{cursor, line, before?, after?}], truncated, nextCursor, gap?, scannedBytes, eof?}`. Lines come back as decoded UTF-8 strings (not base64). When `truncated:true`, re-call with `cursor: nextCursor` to resume.",
       inputSchema: {
         pattern: z7.string().min(1).describe(
           "Search pattern. Treated as a JavaScript regular expression by default (set `regex:false` for a literal substring match)."
@@ -12068,7 +12588,7 @@ function buildMcpServer(session) {
     }
   );
   server.registerTool(
-    "stdin_info",
+    "info",
     {
       description: "Report cursor / capacity / closed state of the stdin ring. Cheap; safe to call repeatedly.",
       inputSchema: {}
@@ -12088,66 +12608,337 @@ function buildMcpServer(session) {
   );
   return server;
 }
-async function ensureTransport(token, session, registry) {
-  const existing = registry.lookup(token);
-  if (existing?.transport !== void 0) {
-    return existing.transport;
+var SESSION_READY_TIMEOUT_MS = 1e4;
+function registerStdinMcpRoutes(app, tokenRegistry) {
+  const builtPerToken = /* @__PURE__ */ new Map();
+  async function ensureTransport(token, session) {
+    const existing = builtPerToken.get(token);
+    if (existing !== void 0) {
+      return existing.transport;
+    }
+    const server = buildMcpServer(session);
+    const transport = new StreamableHTTPServerTransport({
+      sessionIdGenerator: () => randomUUID()
+    });
+    await server.connect(transport);
+    const pair = { server, transport };
+    builtPerToken.set(token, pair);
+    tokenRegistry.addDisposer(token, async () => {
+      builtPerToken.delete(token);
+      try {
+        await transport.close();
+      } catch {
+      }
+      try {
+        await server.close();
+      } catch {
+      }
+    });
+    return transport;
+  }
+  async function handle(req, reply) {
+    const token = extractBearer(req);
+    if (token === void 0) {
+      reply.code(401).send({ error: "missing bearer token" });
+      return;
+    }
+    const entry = tokenRegistry.lookup(token);
+    if (entry === void 0) {
+      reply.code(404).send({ error: "unknown stdin token" });
+      return;
+    }
+    let session;
+    if (entry.session !== void 0) {
+      session = entry.session;
+    } else {
+      let timer;
+      const timeout = new Promise((resolve4) => {
+        timer = setTimeout(() => resolve4(void 0), SESSION_READY_TIMEOUT_MS);
+      });
+      const resolved = await Promise.race([
+        entry.sessionReady.catch(() => void 0),
+        timeout
+      ]);
+      if (timer !== void 0) {
+        clearTimeout(timer);
+      }
+      if (resolved === void 0) {
+        reply.code(503).send({ error: "session not ready" });
+        return;
+      }
+      session = resolved;
+    }
+    const transport = await ensureTransport(token, session);
+    reply.hijack();
+    await transport.handleRequest(req.raw, reply.raw, req.body);
   }
-  const server = buildMcpServer(session);
-  const transport = new StreamableHTTPServerTransport({
-    sessionIdGenerator: () => randomUUID()
+  const opts = { config: { skipAuth: true } };
+  app.post("/mcp/hydra-acp-stdin", opts, async (req, reply) => {
+    await handle(req, reply);
+  });
+  app.get("/mcp/hydra-acp-stdin", opts, async (req, reply) => {
+    await handle(req, reply);
+  });
+  app.delete("/mcp/hydra-acp-stdin", opts, async (req, reply) => {
+    await handle(req, reply);
   });
-  await server.connect(transport);
-  registry.attachTransport(token, server, transport);
-  return transport;
 }
-var SESSION_READY_TIMEOUT_MS = 1e4;
-async function handle(req, reply, registry) {
-  const token = extractBearer(req);
-  if (token === void 0) {
-    reply.code(401).send({ error: "missing bearer token" });
-    return;
+
+// src/core/extension-mcp.ts
+var ExtensionMcpRegistry = class {
+  byName = /* @__PURE__ */ new Map();
+  changeHandlers = [];
+  // Set-the-whole-spec semantics, same as ExtensionCommandRegistry. A
+  // second register for the same extName overwrites tools + instructions
+  // wholesale; the change notification lets the route evict any cached
+  // transports built against the old spec.
+  register(extName, connection, instructions, tools) {
+    this.byName.set(extName, {
+      connection,
+      instructions,
+      tools: [...tools]
+    });
+    this.fireChanged(extName, "register");
   }
-  const ep = registry.lookup(token);
-  if (ep === void 0) {
-    reply.code(404).send({ error: "unknown stdin token" });
-    return;
+  clear(extName) {
+    if (this.byName.delete(extName)) {
+      this.fireChanged(extName, "clear");
+    }
   }
-  let session;
-  if (ep.session !== void 0) {
-    session = ep.session;
-  } else {
-    let timer;
-    const timeout = new Promise((resolve3) => {
-      timer = setTimeout(() => resolve3(void 0), SESSION_READY_TIMEOUT_MS);
-    });
-    const resolved = await Promise.race([
-      ep.sessionReady.catch(() => void 0),
+  lookup(extName) {
+    return this.byName.get(extName);
+  }
+  // List of currently-registered extension names. Used by session-create
+  // to decide whether to mint an extension-MCP token and which mcpServers
+  // entries to emit.
+  list() {
+    return Array.from(this.byName.keys());
+  }
+  onChange(handler) {
+    this.changeHandlers.push(handler);
+    return () => {
+      const i = this.changeHandlers.indexOf(handler);
+      if (i >= 0) {
+        this.changeHandlers.splice(i, 1);
+      }
+    };
+  }
+  fireChanged(extName, kind) {
+    for (const h of this.changeHandlers) {
+      try {
+        h(extName, kind);
+      } catch {
+      }
+    }
+  }
+};
+
+// src/daemon/mcp/extension-route.ts
+import { StreamableHTTPServerTransport as StreamableHTTPServerTransport2 } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { randomUUID as randomUUID2 } from "crypto";
+
+// src/daemon/mcp/build-extension-server.ts
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import {
+  CallToolRequestSchema,
+  ListToolsRequestSchema
+} from "@modelcontextprotocol/sdk/types.js";
+var DEFAULT_INVOKE_TIMEOUT_MS = 6e4;
+function buildExtensionServer(extensionName, entry, options = {}) {
+  const invokeTimeoutMs = options.invokeTimeoutMs ?? DEFAULT_INVOKE_TIMEOUT_MS;
+  const server = new Server(
+    { name: extensionName, version: "1.0.0" },
+    {
+      capabilities: {
+        // listChanged: false matches the v1 strategy — the daemon closes
+        // transports on re-register; agents reconnect and re-list against
+        // the new spec naturally. Flipping to true is the upgrade path
+        // if any supported agent caches tools/list across reconnects.
+        tools: { listChanged: false }
+      },
+      ...entry.instructions !== void 0 ? { instructions: entry.instructions } : {}
+    }
+  );
+  const toolsByName = new Map(
+    entry.tools.map((t) => [t.name, t])
+  );
+  server.setRequestHandler(ListToolsRequestSchema, async () => ({
+    tools: entry.tools.map((t) => ({
+      name: t.name,
+      description: t.description,
+      inputSchema: t.inputSchema,
+      ...t.outputSchema !== void 0 ? { outputSchema: t.outputSchema } : {}
+    }))
+  }));
+  server.setRequestHandler(
+    CallToolRequestSchema,
+    async (req) => {
+      const toolName = req.params.name;
+      if (!toolsByName.has(toolName)) {
+        return errorResult(`unknown tool: ${toolName}`);
+      }
+      try {
+        const raw = await invokeWithTimeout(
+          entry.connection,
+          extensionName,
+          toolName,
+          req.params.arguments ?? {},
+          invokeTimeoutMs
+        );
+        return normalizeToolResult(raw, toolName);
+      } catch (err) {
+        return errorResult(
+          err instanceof Error ? err.message : String(err)
+        );
+      }
+    }
+  );
+  return server;
+}
+async function invokeWithTimeout(connection, server, tool, args, timeoutMs) {
+  let timer;
+  const timeout = new Promise((_, reject) => {
+    timer = setTimeout(
+      () => reject(new Error(`extension timeout after ${timeoutMs}ms`)),
+      timeoutMs
+    );
+  });
+  try {
+    return await Promise.race([
+      connection.request("hydra-acp/invoke_mcp_tool", {
+        server,
+        tool,
+        args
+      }),
       timeout
     ]);
+  } finally {
     if (timer !== void 0) {
       clearTimeout(timer);
     }
-    if (resolved === void 0) {
-      reply.code(503).send({ error: "session not ready" });
+  }
+}
+function normalizeToolResult(raw, toolName) {
+  if (raw === null || typeof raw !== "object") {
+    return errorResult(`extension ${toolName} returned non-object`);
+  }
+  const obj = raw;
+  if (!Array.isArray(obj.content)) {
+    return errorResult(`extension ${toolName} omitted content array`);
+  }
+  return obj;
+}
+function errorResult(message) {
+  return {
+    content: [{ type: "text", text: message }],
+    isError: true
+  };
+}
+
+// src/daemon/mcp/extension-route.ts
+var SESSION_READY_TIMEOUT_MS2 = 1e4;
+function registerExtensionMcpRoutes(app, tokenRegistry, extensionMcp, options = {}) {
+  const built = /* @__PURE__ */ new Map();
+  async function disposeBuiltPair(pair) {
+    try {
+      await pair.transport.close();
+    } catch {
+    }
+    try {
+      await pair.server.close();
+    } catch {
+    }
+  }
+  function evictExtension(extName) {
+    for (const tokenScope of built.values()) {
+      const pair = tokenScope.get(extName);
+      if (pair !== void 0) {
+        tokenScope.delete(extName);
+        void disposeBuiltPair(pair);
+      }
+    }
+  }
+  extensionMcp.onChange((extName) => {
+    evictExtension(extName);
+  });
+  async function ensureTransport(token, extName) {
+    let tokenScope = built.get(token);
+    if (tokenScope === void 0) {
+      tokenScope = /* @__PURE__ */ new Map();
+      built.set(token, tokenScope);
+      tokenRegistry.addDisposer(token, async () => {
+        const scope = built.get(token);
+        if (scope === void 0) {
+          return;
+        }
+        built.delete(token);
+        for (const pair of scope.values()) {
+          await disposeBuiltPair(pair);
+        }
+      });
+    }
+    const existing = tokenScope.get(extName);
+    if (existing !== void 0) {
+      return existing.transport;
+    }
+    const entry = extensionMcp.lookup(extName);
+    if (entry === void 0) {
+      return void 0;
+    }
+    const server = buildExtensionServer(extName, entry, options.buildOptions);
+    const transport = new StreamableHTTPServerTransport2({
+      sessionIdGenerator: () => randomUUID2()
+    });
+    await server.connect(transport);
+    tokenScope.set(extName, { server, transport });
+    return transport;
+  }
+  async function handle(req, reply) {
+    const token = extractBearer(req);
+    if (token === void 0) {
+      reply.code(401).send({ error: "missing bearer token" });
+      return;
+    }
+    const entry = tokenRegistry.lookup(token);
+    if (entry === void 0) {
+      reply.code(404).send({ error: "unknown mcp token" });
+      return;
+    }
+    if (entry.session === void 0) {
+      let timer;
+      const timeout = new Promise((resolve4) => {
+        timer = setTimeout(() => resolve4(void 0), SESSION_READY_TIMEOUT_MS2);
+      });
+      const resolved = await Promise.race([
+        entry.sessionReady.catch(() => void 0),
+        timeout
+      ]);
+      if (timer !== void 0) {
+        clearTimeout(timer);
+      }
+      if (resolved === void 0) {
+        reply.code(503).send({ error: "session not ready" });
+        return;
+      }
+    }
+    const extName = req.params.name;
+    const transport = await ensureTransport(token, extName);
+    if (transport === void 0) {
+      reply.code(404).send({ error: `unknown mcp server: ${extName}` });
       return;
     }
-    session = resolved;
+    reply.hijack();
+    await transport.handleRequest(req.raw, reply.raw, req.body);
   }
-  const transport = await ensureTransport(token, session, registry);
-  reply.hijack();
-  await transport.handleRequest(req.raw, reply.raw, req.body);
-}
-function registerStdinMcpRoutes(app, registry) {
   const opts = { config: { skipAuth: true } };
-  app.post("/mcp/stdin", opts, async (req, reply) => {
-    await handle(req, reply, registry);
+  app.post("/mcp/:name", opts, async (req, reply) => {
+    await handle(req, reply);
   });
-  app.get("/mcp/stdin", opts, async (req, reply) => {
-    await handle(req, reply, registry);
+  app.get("/mcp/:name", opts, async (req, reply) => {
+    await handle(req, reply);
   });
-  app.delete("/mcp/stdin", opts, async (req, reply) => {
-    await handle(req, reply, registry);
+  app.delete("/mcp/:name", opts, async (req, reply) => {
+    await handle(req, reply);
   });
 }
 
@@ -12256,8 +13047,10 @@ async function startDaemon(config, serviceToken) {
     store: sessionTokenStore,
     rateLimiter: authRateLimiter
   });
-  const stdinMcpRegistry = new StdinMcpRegistry();
-  registerStdinMcpRoutes(app, stdinMcpRegistry);
+  const mcpTokenRegistry = new McpTokenRegistry();
+  const extensionMcp = new ExtensionMcpRegistry();
+  registerStdinMcpRoutes(app, mcpTokenRegistry);
+  registerExtensionMcpRoutes(app, mcpTokenRegistry, extensionMcp);
   let daemonOriginCached;
   const getDaemonOrigin = () => {
     if (daemonOriginCached !== void 0) {
@@ -12278,7 +13071,8 @@ async function startDaemon(config, serviceToken) {
     onTransformerVersion: (name, version) => transformers.reportVersion(name, version),
     transformers,
     extensionCommands,
-    stdinMcpRegistry,
+    mcpTokenRegistry,
+    extensionMcp,
     getDaemonOrigin
   });
   await app.listen({ host: config.daemon.host, port: config.daemon.port });
@@ -12314,13 +13108,24 @@ async function startDaemon(config, serviceToken) {
       `queue replay scan failed: ${err.message}`
     );
   });
+  const intervalMs = config.daemon.agentSyncIntervalMinutes * 60 * 1e3;
+  const stopAgentSync = intervalMs > 0 ? startAgentSyncScheduler({
+    registry,
+    manager,
+    intervalMs,
+    logger: agentLogger
+  }) : void 0;
   const shutdown = async () => {
+    if (stopAgentSync) {
+      stopAgentSync();
+    }
     clearInterval(sweepInterval);
     await sessionTokenStore.flush();
     await extensions.stop();
     await transformers.stop();
     await manager.closeAll();
     await manager.flushMetaWrites();
+    await manager.flushHistoryWrites();
     setBinaryInstallLogger(null);
     setNpmInstallLogger(null);
     setAgentPruneLogger(null);
@@ -12334,7 +13139,17 @@ async function startDaemon(config, serviceToken) {
     } catch {
     }
   };
-  return { app, manager, registry, extensions, transformers, shutdown };
+  return {
+    app,
+    manager,
+    registry,
+    extensions,
+    transformers,
+    mcpTokenRegistry,
+    extensionMcp,
+    processRegistry,
+    shutdown
+  };
 }
 async function buildLogStream(level) {
   const fileStream = await createPinoRoll({