@hydra-acp/cli 0.1.52 → 0.1.53

package/dist/index.js

@@ -18,7 +18,7 @@ import pino from "pino";
 import createPinoRoll from "pino-roll";
 
 // src/core/config.ts
-import * as fs2 from "fs/promises";
+import * as fs3 from "fs/promises";
 import { homedir as homedir2 } from "os";
 import { z } from "zod";
 
@@ -156,6 +156,70 @@ async function ensureServiceToken() {
   return token;
 }
 
+// src/core/json-store.ts
+import * as fs2 from "fs/promises";
+import * as fsSync from "fs";
+import { randomBytes } from "crypto";
+async function writeJsonAtomic(filePath, data, opts = {}) {
+  const pretty = opts.pretty ?? true;
+  const body = (pretty ? JSON.stringify(data, null, 2) : JSON.stringify(data)) + "\n";
+  await writeFileAtomic(filePath, body, opts);
+}
+async function writeFileAtomic(filePath, body, opts = {}) {
+  const dir = dirname(filePath);
+  await fs2.mkdir(dir, { recursive: true });
+  const tmp = `${filePath}.tmp-${process.pid}-${randSuffix()}`;
+  try {
+    const writeOpts = {
+      encoding: "utf8"
+    };
+    if (opts.mode !== void 0) {
+      writeOpts.mode = opts.mode;
+    }
+    await fs2.writeFile(tmp, body, writeOpts);
+    await fs2.rename(tmp, filePath);
+  } catch (err) {
+    await fs2.unlink(tmp).catch(() => void 0);
+    throw err;
+  }
+  if (opts.mode !== void 0) {
+    try {
+      fsSync.chmodSync(filePath, opts.mode);
+    } catch {
+    }
+  }
+}
+async function readJsonSafe(filePath) {
+  let raw;
+  try {
+    raw = await fs2.readFile(filePath, "utf8");
+  } catch (err) {
+    const e = err;
+    if (e.code === "ENOENT") {
+      return void 0;
+    }
+    throw err;
+  }
+  if (raw.trim().length === 0) {
+    return void 0;
+  }
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return void 0;
+  }
+}
+function dirname(p) {
+  const slash = p.lastIndexOf("/");
+  if (slash <= 0) {
+    return ".";
+  }
+  return p.slice(0, slash);
+}
+function randSuffix() {
+  return randomBytes(4).toString("hex");
+}
+
 // src/core/config.ts
 var REGISTRY_URL_DEFAULT = "https://cdn.agentclientprotocol.com/registry/v1/latest/registry.json";
 var TlsConfig = z.object({
@@ -245,7 +309,22 @@ var TuiConfig = z.object({
   // shared across all sessions; it's append-only on disk, so long-lived
   // installs can grow past this — it's enforced at load time and per
   // append in memory.
-  promptHistoryMaxEntries: z.number().int().positive().default(2e3)
+  promptHistoryMaxEntries: z.number().int().positive().default(2e3),
+  // How edit-style tool calls (Edit, Write, str_replace) render in
+  // scrollback, *in addition to* the normal tool row inside the tools
+  // block.
+  //   "none" — nothing extra; the collapsed tool row is the only signal.
+  //   "edit" (default) — a one-line scrollback mark naming the file
+  //     that was touched, so the user can scroll back and see which
+  //     files moved without expanding the tools block. Suppressed on
+  //     tool-only turns (no agent prose) since the marks would only
+  //     duplicate the still-visible tool rows.
+  //   "diff" — same mark plus a syntax-highlighted unified diff body,
+  //     Claude Code's Update(file) look.
+  // The diff payload is extracted from the ACP wire (content[]
+  // type:"diff" entries, falling back to rawInput shapes), so any agent
+  // that emits one of those shapes gets the treatment.
+  showFileUpdates: z.enum(["none", "edit", "diff"]).default("edit")
 });
 var ExtensionName = z.string().min(1).regex(/^[A-Za-z0-9._-]+$/, "extension name must be filename-safe");
 var ExtensionBody = z.object({
@@ -300,7 +379,8 @@ var HydraConfig = z.object({
     progressIndicator: true,
     defaultEnterAction: "amend",
     showThoughts: true,
-    promptHistoryMaxEntries: 2e3
+    promptHistoryMaxEntries: 2e3,
+    showFileUpdates: "edit"
   })
 });
 function extensionList(config) {
@@ -316,17 +396,8 @@ function transformerList(config) {
   }));
 }
 async function readConfigFile() {
-  let raw;
-  try {
-    raw = await fs2.readFile(paths.config(), "utf8");
-  } catch (err) {
-    const e = err;
-    if (e.code === "ENOENT") {
-      return {};
-    }
-    throw err;
-  }
-  return JSON.parse(raw);
+  const parsed = await readJsonSafe(paths.config());
+  return parsed ?? {};
 }
 async function migrateLegacyAuthToken() {
   const raw = await readConfigFile();
@@ -337,7 +408,7 @@ async function migrateLegacyAuthToken() {
   }
   let tokenFileExists = false;
   try {
-    await fs2.access(paths.authToken());
+    await fs3.access(paths.authToken());
     tokenFileExists = true;
   } catch (err) {
     const e = err;
@@ -355,10 +426,7 @@ async function migrateLegacyAuthToken() {
   if (Object.keys(daemon).length === 0) {
     delete raw.daemon;
   }
-  await fs2.writeFile(paths.config(), JSON.stringify(raw, null, 2) + "\n", {
-    encoding: "utf8",
-    mode: 384
-  });
+  await writeJsonAtomic(paths.config(), raw, { mode: 384 });
   process.stderr.write(
     `hydra-acp: migrated auth token from ${paths.config()} to ${paths.authToken()}.
 `
@@ -369,11 +437,7 @@ async function loadConfig() {
   return HydraConfig.parse(await readConfigFile());
 }
 async function writeConfig(config) {
-  await fs2.mkdir(paths.home(), { recursive: true });
-  await fs2.writeFile(paths.config(), JSON.stringify(config, null, 2) + "\n", {
-    encoding: "utf8",
-    mode: 384
-  });
+  await writeJsonAtomic(paths.config(), config, { mode: 384 });
 }
 function defaultConfig() {
   return HydraConfig.parse({});
@@ -392,12 +456,12 @@ function expandHome(p) {
 }
 
 // src/core/registry.ts
-import * as fs4 from "fs/promises";
+import * as fs5 from "fs/promises";
 import * as path4 from "path";
 import { z as z2 } from "zod";
 
 // src/core/binary-install.ts
-import * as fs3 from "fs";
+import * as fs4 from "fs";
 import * as fsp from "fs/promises";
 import * as path2 from "path";
 import { spawn } from "child_process";
@@ -530,7 +594,7 @@ async function downloadTo(args) {
     );
   }
   const total = Number(response.headers.get("content-length") ?? "0");
-  const out = fs3.createWriteStream(dest);
+  const out = fs4.createWriteStream(dest);
   const nodeStream = Readable.fromWeb(response.body);
   safeEmit(args.onProgress, {
     phase: "download_start",
@@ -1030,54 +1094,26 @@ var Registry = class {
     return cached;
   }
   async readDiskCache() {
-    let text;
-    try {
-      text = await fs4.readFile(paths.registryCache(), "utf8");
-    } catch (err) {
-      const e = err;
-      if (e.code === "ENOENT") {
-        return void 0;
-      }
-      throw err;
+    const parsed = await readJsonSafe(
+      paths.registryCache()
+    );
+    if (!parsed || typeof parsed.fetchedAt !== "number" || parsed.data === void 0) {
+      return void 0;
     }
     try {
-      const parsed = JSON.parse(text);
-      if (typeof parsed.fetchedAt !== "number" || parsed.data === void 0) {
-        return void 0;
-      }
       const data = RegistryDocument.parse(parsed.data);
       return { fetchedAt: parsed.fetchedAt, raw: parsed.data, data };
     } catch {
       return void 0;
     }
   }
-  // Atomic write: dump to a sibling temp path, then rename onto the
-  // target. POSIX rename is atomic within a filesystem, so readers
-  // either see the old file or the fully-written new file — never a
-  // truncated middle. This also makes simultaneous writers safe
-  // without a lock file: the loser of the rename race just gets its
-  // version replaced by the winner's.
   async writeDiskCache(cache) {
-    await fs4.mkdir(paths.home(), { recursive: true });
-    const final = paths.registryCache();
-    const tmp = `${final}.tmp-${process.pid}-${randSuffix()}`;
-    const body = JSON.stringify(
-      { fetchedAt: cache.fetchedAt, data: cache.raw },
-      null,
-      2
-    ) + "\n";
-    try {
-      await fs4.writeFile(tmp, body, "utf8");
-      await fs4.rename(tmp, final);
-    } catch (err) {
-      await fs4.unlink(tmp).catch(() => void 0);
-      throw err;
-    }
+    await writeJsonAtomic(paths.registryCache(), {
+      fetchedAt: cache.fetchedAt,
+      data: cache.raw
+    });
   }
 };
-function randSuffix() {
-  return Math.random().toString(36).slice(2, 10);
-}
 function npxPackageBasename(agent) {
   const pkg = agent.distribution.npx?.package;
   if (!pkg) {
@@ -1122,7 +1158,7 @@ async function agentInstallState(agent) {
 }
 async function fileExists3(p) {
   try {
-    await fs4.access(p);
+    await fs5.access(p);
     return true;
   } catch {
     return false;
@@ -1476,6 +1512,11 @@ var SessionListEntry = z3.object({
   importedFromUpstreamSessionId: z3.string().optional(),
   // Set when this session was spawned as a child by a transformer.
   parentSessionId: z3.string().optional(),
+  // Local-fork breadcrumbs set by hydra-acp/fork_session. Distinct from
+  // the imported* family above: a fork is a local branch off another
+  // local session, an import is a cross-machine takeover.
+  forkedFromSessionId: z3.string().optional(),
+  forkedFromMessageId: z3.string().optional(),
   // clientInfo from the process that issued session/new. Lets list views
   // hide cat-style ancillary sessions by default while letting an
   // override flag surface them.
@@ -2073,7 +2114,7 @@ stderr: ${tail}` : reason;
 };
 
 // src/core/session-manager.ts
-import * as fs10 from "fs/promises";
+import * as fs11 from "fs/promises";
 import * as os2 from "os";
 import { customAlphabet as customAlphabet3 } from "nanoid";
 
@@ -2553,22 +2594,22 @@ function hydraCommandsAsAdvertised() {
 }
 
 // src/core/queue-store.ts
-import * as fs5 from "fs/promises";
+import * as fs6 from "fs/promises";
 async function rewriteQueue(sessionId, entries) {
   const file = paths.queueFile(sessionId);
   if (entries.length === 0) {
-    await fs5.unlink(file).catch(() => void 0);
+    await fs6.unlink(file).catch(() => void 0);
     return;
   }
-  await fs5.mkdir(paths.sessionDir(sessionId), { recursive: true });
+  await fs6.mkdir(paths.sessionDir(sessionId), { recursive: true });
   const body = entries.map((e) => JSON.stringify(e)).join("\n") + "\n";
-  await fs5.writeFile(file, body, "utf8");
+  await fs6.writeFile(file, body, "utf8");
 }
 async function loadQueue(sessionId) {
   const file = paths.queueFile(sessionId);
   let text;
   try {
-    text = await fs5.readFile(file, "utf8");
+    text = await fs6.readFile(file, "utf8");
   } catch (err) {
     if (err.code === "ENOENT") {
       return [];
@@ -2590,7 +2631,7 @@ async function loadQueue(sessionId) {
 }
 async function deleteQueue(sessionId) {
   const file = paths.queueFile(sessionId);
-  await fs5.unlink(file).catch(() => void 0);
+  await fs6.unlink(file).catch(() => void 0);
 }
 
 // src/core/session.ts
@@ -2622,6 +2663,8 @@ var Session = class {
   agentCapabilities;
   agentArgs;
   parentSessionId;
+  forkedFromSessionId;
+  forkedFromMessageId;
   originatingClient;
   title;
   // Snapshot state delivered to attaching clients via the attach
@@ -2650,6 +2693,13 @@ var Session = class {
   // enqueue) and leave the file out of sync with in-memory state.
   queueWriteChain = Promise.resolve();
   closed = false;
+  // Set true at the start of close() / markClosed before any await yields.
+  // drainQueue checks this between iterations and bails out, so a queued
+  // entry can't be promoted to currentEntry (with its prompt_received and
+  // synthesized turn_complete(interrupted)) while the session is tearing
+  // down. markClosed sweeps the remaining queue with the normal abandoned
+  // / cancelled handling.
+  closing = false;
   closeHandlers = [];
   titleHandlers = [];
   // Subscribers notified after every entry that's actually persisted to
@@ -2777,6 +2827,8 @@ var Session = class {
     this.agentCapabilities = init.agentCapabilities;
     this.agentArgs = init.agentArgs;
     this.parentSessionId = init.parentSessionId;
+    this.forkedFromSessionId = init.forkedFromSessionId;
+    this.forkedFromMessageId = init.forkedFromMessageId;
     this.originatingClient = init.originatingClient;
     this.title = init.title;
     this.currentModel = init.currentModel;
@@ -3885,6 +3937,7 @@ var Session = class {
     if (this.closed) {
       return;
     }
+    this.closing = true;
     this.logger?.info(
       `session ${this.sessionId} closing deleteRecord=${opts.deleteRecord ?? false} regenTitle=${opts.regenTitle ?? false}`
     );
@@ -5016,21 +5069,22 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
     if (this.closed) {
       return;
     }
+    this.closing = true;
     this.closed = true;
     this.cancelIdleTimer();
     if (this.extensionCommandsUnsub) {
       this.extensionCommandsUnsub();
       this.extensionCommandsUnsub = void 0;
     }
-    if (this.currentEntry?.kind === "user") {
+    if (this.currentEntry?.kind === "user" && !this.recentlyTerminal.has(this.currentEntry.messageId)) {
       this.broadcastTurnComplete(
         this.currentEntry.clientId,
         { stopReason: "interrupted" },
         this.currentEntry.messageId,
         this.currentEntry.wasAmend
       );
-      this.currentEntry = void 0;
     }
+    this.currentEntry = void 0;
     const stranded = this.promptQueue;
     this.promptQueue = [];
     for (const entry of stranded) {
@@ -5359,6 +5413,9 @@ _(switched from \`${oldAgentId}\` to \`${newAgentId}\`)_
     await new Promise((r) => setImmediate(r));
     try {
       while (this.promptQueue.length > 0) {
+        if (this.closing) {
+          break;
+        }
         const next = this.promptQueue.shift();
         if (!next) {
           break;
@@ -5730,7 +5787,7 @@ function firstLine(text, max) {
 }
 
 // src/core/session-store.ts
-import * as fs6 from "fs/promises";
+import * as fs7 from "fs/promises";
 import * as path5 from "path";
 import { customAlphabet as customAlphabet2 } from "nanoid";
 import { z as z4 } from "zod";
@@ -5815,6 +5872,12 @@ var SessionRecord = z4.object({
   // Set when this session was spawned as a child by a transformer via
   // hydra-acp/spawn_child_session. Points to the spawning session's id.
   parentSessionId: z4.string().optional(),
+  // Set when this session was created by hydra-acp/fork_session.
+  // forkedFromSessionId points to the local source session; forkedFromMessageId
+  // is the resolved forkAt — the messageId of the turn_complete the slice
+  // ended at. Kept so future UI can show "branched from turn N of session X".
+  forkedFromSessionId: z4.string().optional(),
+  forkedFromMessageId: z4.string().optional(),
   // clientInfo from the process that issued session/new. Picker and
   // `sessions list` use this to hide cat-style ancillary sessions by
   // default; carried in meta.json so cold sessions filter the same way.
@@ -5831,30 +5894,21 @@ function assertSafeId(id) {
 var SessionStore = class {
   async write(record) {
     assertSafeId(record.sessionId);
-    await fs6.mkdir(paths.sessionDir(record.sessionId), { recursive: true });
     const full = { version: 1, ...record };
-    await fs6.writeFile(
-      paths.sessionFile(record.sessionId),
-      JSON.stringify(full, null, 2) + "\n",
-      { encoding: "utf8", mode: 384 }
-    );
+    await writeJsonAtomic(paths.sessionFile(record.sessionId), full, {
+      mode: 384
+    });
   }
   async read(sessionId) {
     if (!SESSION_ID_PATTERN.test(sessionId)) {
       return void 0;
     }
-    let raw;
-    try {
-      raw = await fs6.readFile(paths.sessionFile(sessionId), "utf8");
-    } catch (err) {
-      const e = err;
-      if (e.code === "ENOENT") {
-        return void 0;
-      }
-      throw err;
+    const parsed = await readJsonSafe(paths.sessionFile(sessionId));
+    if (parsed === void 0) {
+      return void 0;
     }
     try {
-      return SessionRecord.parse(JSON.parse(raw));
+      return SessionRecord.parse(parsed);
     } catch {
       return void 0;
     }
@@ -5864,7 +5918,7 @@ var SessionStore = class {
       return;
     }
     try {
-      await fs6.unlink(paths.sessionFile(sessionId));
+      await fs7.unlink(paths.sessionFile(sessionId));
     } catch (err) {
       const e = err;
       if (e.code !== "ENOENT") {
@@ -5872,7 +5926,7 @@ var SessionStore = class {
       }
     }
     try {
-      await fs6.rmdir(paths.sessionDir(sessionId));
+      await fs7.rmdir(paths.sessionDir(sessionId));
     } catch (err) {
       const e = err;
       if (e.code !== "ENOENT" && e.code !== "ENOTEMPTY") {
@@ -5902,7 +5956,7 @@ var SessionStore = class {
   async list() {
     let entries;
     try {
-      entries = await fs6.readdir(paths.sessionsDir());
+      entries = await fs7.readdir(paths.sessionsDir());
     } catch (err) {
       const e = err;
       if (e.code === "ENOENT") {
@@ -5941,6 +5995,8 @@ function recordFromMemorySession(args) {
     agentModels: args.agentModels,
     pendingHistorySync: args.pendingHistorySync,
     parentSessionId: args.parentSessionId,
+    forkedFromSessionId: args.forkedFromSessionId,
+    forkedFromMessageId: args.forkedFromMessageId,
     originatingClient: args.originatingClient,
     createdAt: args.createdAt ?? now,
     updatedAt: args.updatedAt ?? now
@@ -5948,7 +6004,7 @@ function recordFromMemorySession(args) {
 }
 
 // src/core/history-store.ts
-import * as fs7 from "fs/promises";
+import * as fs8 from "fs/promises";
 var SESSION_ID_PATTERN2 = /^[A-Za-z0-9_-]+$/;
 var DEFAULT_MAX_ENTRIES = 1e3;
 var HistoryStore = class {
@@ -5965,9 +6021,9 @@ var HistoryStore = class {
       return;
     }
     return this.enqueue(sessionId, async () => {
-      await fs7.mkdir(paths.sessionDir(sessionId), { recursive: true });
+      await fs8.mkdir(paths.sessionDir(sessionId), { recursive: true });
       const line = JSON.stringify(entry) + "\n";
-      await fs7.appendFile(paths.historyFile(sessionId), line, {
+      await fs8.appendFile(paths.historyFile(sessionId), line, {
         encoding: "utf8",
         mode: 384
       });
@@ -5978,9 +6034,9 @@ var HistoryStore = class {
       return;
     }
     return this.enqueue(sessionId, async () => {
-      await fs7.mkdir(paths.sessionDir(sessionId), { recursive: true });
+      await fs8.mkdir(paths.sessionDir(sessionId), { recursive: true });
       const body = entries.length === 0 ? "" : entries.map((e) => JSON.stringify(e)).join("\n") + "\n";
-      await fs7.writeFile(paths.historyFile(sessionId), body, {
+      await fs8.writeFile(paths.historyFile(sessionId), body, {
         encoding: "utf8",
         mode: 384
       });
@@ -5997,7 +6053,7 @@ var HistoryStore = class {
     return this.enqueue(sessionId, async () => {
       let raw;
       try {
-        raw = await fs7.readFile(paths.historyFile(sessionId), "utf8");
+        raw = await fs8.readFile(paths.historyFile(sessionId), "utf8");
       } catch (err) {
         const e = err;
         if (e.code === "ENOENT") {
@@ -6010,7 +6066,7 @@ var HistoryStore = class {
         return;
       }
       const trimmed = lines.slice(-maxEntries);
-      await fs7.writeFile(paths.historyFile(sessionId), trimmed.join("\n") + "\n", {
+      await fs8.writeFile(paths.historyFile(sessionId), trimmed.join("\n") + "\n", {
         encoding: "utf8",
         mode: 384
       });
@@ -6026,7 +6082,7 @@ var HistoryStore = class {
     }
     let raw;
     try {
-      raw = await fs7.readFile(paths.historyFile(sessionId), "utf8");
+      raw = await fs8.readFile(paths.historyFile(sessionId), "utf8");
     } catch (err) {
       const e = err;
       if (e.code === "ENOENT") {
@@ -6066,13 +6122,26 @@ var HistoryStore = class {
     }
     return out;
   }
+  // Wait for every pending append/rewrite/compact across all sessions to
+  // settle. Daemon shutdown calls this after closing sessions so the final
+  // turn_complete(interrupted) emitted by markClosed reaches disk before
+  // the process exits — without this, history-replay attaches after a
+  // restart see an unmatched prompt_received and leak pendingTurns on
+  // every client.
+  async flushAll() {
+    const pending = [...this.writeQueues.values()];
+    if (pending.length === 0) {
+      return;
+    }
+    await Promise.allSettled(pending);
+  }
   async delete(sessionId) {
     if (!SESSION_ID_PATTERN2.test(sessionId)) {
       return;
     }
     return this.enqueue(sessionId, async () => {
       try {
-        await fs7.unlink(paths.historyFile(sessionId));
+        await fs8.unlink(paths.historyFile(sessionId));
       } catch (err) {
         const e = err;
         if (e.code !== "ENOENT") {
@@ -6080,7 +6149,7 @@ var HistoryStore = class {
         }
       }
       try {
-        await fs7.rmdir(paths.sessionDir(sessionId));
+        await fs8.rmdir(paths.sessionDir(sessionId));
       } catch (err) {
         const e = err;
         if (e.code !== "ENOENT" && e.code !== "ENOTEMPTY") {
@@ -6104,25 +6173,108 @@ var HistoryStore = class {
 };
 
 // src/tui/history.ts
-import { promises as fs8 } from "fs";
+import { promises as fs9 } from "fs";
 import * as path6 from "path";
 async function saveHistory(file, history) {
-  await fs8.mkdir(path6.dirname(file), { recursive: true });
+  await fs9.mkdir(path6.dirname(file), { recursive: true });
   const lines = history.map((entry) => JSON.stringify(entry));
-  await fs8.writeFile(file, lines.length > 0 ? lines.join("\n") + "\n" : "");
+  await fs9.writeFile(file, lines.length > 0 ? lines.join("\n") + "\n" : "");
+}
+
+// src/core/bundle.ts
+import { z as z5 } from "zod";
+var HistoryEntrySchema = z5.object({
+  method: z5.string(),
+  params: z5.unknown(),
+  recordedAt: z5.number()
+});
+var BundleSession = z5.object({
+  // The exporter's local id. Regenerated fresh on import (sessionId is
+  // the local namespace; lineageId is what survives across hops).
+  sessionId: z5.string(),
+  // Required on bundles — the export path backfills if the source
+  // record was written before lineageId existed.
+  lineageId: z5.string(),
+  // The exporter's agent-side session id at export time. Carried so
+  // importers can persist it as a breadcrumb (and, eventually, as the
+  // handle a "connect back to origin" feature would need). Omitted on
+  // bundles whose source record never bound to an agent (e.g. a
+  // re-export of an imported, not-yet-attached session).
+  upstreamSessionId: z5.string().optional(),
+  agentId: z5.string(),
+  cwd: z5.string(),
+  title: z5.string().optional(),
+  currentModel: z5.string().optional(),
+  currentMode: z5.string().optional(),
+  currentUsage: PersistedUsage.optional(),
+  agentCommands: z5.array(PersistedAgentCommand).optional(),
+  agentModes: z5.array(PersistedAgentMode).optional(),
+  createdAt: z5.string(),
+  updatedAt: z5.string()
+});
+var Bundle = z5.object({
+  version: z5.literal(1),
+  exportedAt: z5.string(),
+  exportedFrom: z5.object({
+    hydraVersion: z5.string(),
+    machine: z5.string(),
+    // Externally-reachable name (and optional ":port") for the exporting
+    // daemon, sourced from config.daemon.publicHost (or daemon.host when
+    // non-loopback). Carried so an importer can construct a hydra:// URL
+    // that dials back to the origin — e.g. over Tailscale. Omitted when
+    // the exporter has no routable address; never falls back to loopback.
+    hydraHost: z5.string().optional()
+  }),
+  session: BundleSession,
+  history: z5.array(HistoryEntrySchema),
+  promptHistory: z5.array(z5.string()).optional()
+});
+function encodeBundle(params) {
+  const bundle = {
+    version: 1,
+    exportedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    exportedFrom: {
+      hydraVersion: params.hydraVersion,
+      machine: params.machine,
+      ...params.hydraHost !== void 0 && params.hydraHost.length > 0 ? { hydraHost: params.hydraHost } : {}
+    },
+    session: {
+      sessionId: params.record.sessionId,
+      lineageId: params.record.lineageId,
+      ...params.record.upstreamSessionId ? { upstreamSessionId: params.record.upstreamSessionId } : {},
+      agentId: params.record.agentId,
+      cwd: params.record.cwd,
+      ...params.record.title !== void 0 ? { title: params.record.title } : {},
+      ...params.record.currentModel !== void 0 ? { currentModel: params.record.currentModel } : {},
+      ...params.record.currentMode !== void 0 ? { currentMode: params.record.currentMode } : {},
+      ...params.record.currentUsage !== void 0 ? { currentUsage: params.record.currentUsage } : {},
+      ...params.record.agentCommands !== void 0 ? { agentCommands: params.record.agentCommands } : {},
+      ...params.record.agentModes !== void 0 ? { agentModes: params.record.agentModes } : {},
+      createdAt: params.record.createdAt,
+      updatedAt: params.record.updatedAt
+    },
+    history: params.history
+  };
+  if (params.promptHistory !== void 0) {
+    bundle.promptHistory = params.promptHistory;
+  }
+  return bundle;
+}
+function decodeBundle(raw) {
+  return Bundle.parse(raw);
 }
 
 // src/core/hydra-version.ts
 import { fileURLToPath } from "url";
 import * as path7 from "path";
-import * as fs9 from "fs";
+import * as fs10 from "fs";
 function resolveVersion() {
   try {
     let dir = path7.dirname(fileURLToPath(import.meta.url));
     for (let i = 0; i < 8; i += 1) {
       const candidate = path7.join(dir, "package.json");
-      if (fs9.existsSync(candidate)) {
-        const pkg = JSON.parse(fs9.readFileSync(candidate, "utf8"));
+      if (fs10.existsSync(candidate)) {
+        const pkg = JSON.parse(fs10.readFileSync(candidate, "utf8"));
         if (typeof pkg.version === "string" && pkg.version.length > 0 && (typeof pkg.name !== "string" || pkg.name.includes("hydra-acp"))) {
           return pkg.version;
         }
@@ -6403,6 +6555,8 @@ var SessionManager = class {
       firstPromptSeeded: !!params.title,
       createdAt: params.createdAt ? new Date(params.createdAt).getTime() : void 0,
       originatingClient: params.originatingClient,
+      forkedFromSessionId: params.forkedFromSessionId,
+      forkedFromMessageId: params.forkedFromMessageId,
       extensionCommands: this.extensionCommands
     });
     await this.attachManagerHooks(session);
@@ -6471,6 +6625,8 @@ var SessionManager = class {
       firstPromptSeeded: !!params.title,
       createdAt: params.createdAt ? new Date(params.createdAt).getTime() : void 0,
       originatingClient: params.originatingClient,
+      forkedFromSessionId: params.forkedFromSessionId,
+      forkedFromMessageId: params.forkedFromMessageId,
       extensionCommands: this.extensionCommands
     });
     await this.attachManagerHooks(session);
@@ -6479,7 +6635,7 @@ var SessionManager = class {
   }
   async resolveImportCwd(cwd) {
     try {
-      const stat2 = await fs10.stat(cwd);
+      const stat2 = await fs11.stat(cwd);
       if (stat2.isDirectory()) {
         return cwd;
       }
@@ -6821,7 +6977,9 @@ var SessionManager = class {
       agentModels: record.agentModels,
       createdAt: record.createdAt,
       pendingHistorySync: record.pendingHistorySync,
-      originatingClient: record.originatingClient
+      originatingClient: record.originatingClient,
+      forkedFromSessionId: record.forkedFromSessionId,
+      forkedFromMessageId: record.forkedFromMessageId
     };
   }
   async clearPendingHistorySync(sessionId) {
@@ -6922,6 +7080,8 @@ var SessionManager = class {
         currentModel: session.currentModel,
         currentUsage: session.currentUsage,
         parentSessionId: session.parentSessionId,
+        forkedFromSessionId: session.forkedFromSessionId,
+        forkedFromMessageId: session.forkedFromMessageId,
         originatingClient: session.originatingClient,
         updatedAt: used,
         attachedClients: session.attachedCount,
@@ -6952,6 +7112,8 @@ var SessionManager = class {
         importedFromMachine: r.importedFromMachine,
         importedFromUpstreamSessionId: r.importedFromUpstreamSessionId,
         parentSessionId: r.parentSessionId,
+        forkedFromSessionId: r.forkedFromSessionId,
+        forkedFromMessageId: r.forkedFromMessageId,
         originatingClient: r.originatingClient,
         updatedAt: used,
         attachedClients: 0,
@@ -7039,10 +7201,114 @@ var SessionManager = class {
       replaced: false
     };
   }
-  // Write the imported bundle's history.jsonl, prompt-history (if
-  // present), and meta.json. upstreamSessionId is left empty as the
+  // Branch an existing local session into a new one that shares context
+  // up to the chosen turn boundary and diverges from there. Composes the
+  // import pipeline: synthesizes a Bundle from the source's record and
+  // sliced history, mints a fresh lineageId, then writes the new record
+  // via writeImportedRecord with forked* breadcrumbs instead of
+  // imported*. The fork carries upstreamSessionId="" so the first attach
+  // triggers seedFromImport — same wire shape as an imported session.
+  //
+  // forkAt defaults to the messageId of the source's most recent
+  // turn_complete; explicit forkAt must reference a session/update
+  // entry that's present in the source's history.jsonl. Cutting at a
+  // completed turn excludes any in-flight prompt by construction
+  // (history.jsonl is appended serially per session), so no locking
+  // against the live source is needed.
+  //
+  // agentId defaults to the source's agent. Overriding to a different
+  // agent scrubs agent-specific state from the fork (model, mode,
+  // usage, agent-emitted commands/modes/models) so the new agent boots
+  // clean — title and conversation transcript are agent-agnostic and
+  // are kept.
+  async forkSession(sourceSessionId, opts = {}) {
+    const sourceRecord = await this.store.read(sourceSessionId);
+    if (!sourceRecord) {
+      const err = new Error(`source session not found: ${sourceSessionId}`);
+      err.code = JsonRpcErrorCodes.SessionNotFound;
+      throw err;
+    }
+    const targetAgentId = opts.agentId ?? sourceRecord.agentId;
+    const crossAgent = targetAgentId !== sourceRecord.agentId;
+    if (crossAgent) {
+      const def = await this.registry.getAgent(targetAgentId);
+      if (!def) {
+        const err = new Error(
+          `agent ${targetAgentId} not found in registry`
+        );
+        err.code = JsonRpcErrorCodes.AgentNotInstalled;
+        throw err;
+      }
+    }
+    const sourceHistory = await this.histories.load(sourceSessionId).catch(() => []);
+    let cutoffIndex;
+    let forkedAt;
+    if (opts.forkAt !== void 0) {
+      cutoffIndex = findMessageIdIndex(sourceHistory, opts.forkAt);
+      if (cutoffIndex < 0) {
+        const err = new Error(
+          `forkAt messageId not found in source history: ${opts.forkAt}`
+        );
+        err.code = JsonRpcErrorCodes.InvalidParams;
+        throw err;
+      }
+      forkedAt = opts.forkAt;
+    } else {
+      const found = findLastTurnComplete(sourceHistory);
+      if (!found) {
+        const err = new Error(
+          `source session ${sourceSessionId} has no completed turns to fork from`
+        );
+        err.code = JsonRpcErrorCodes.InvalidParams;
+        throw err;
+      }
+      cutoffIndex = found.index;
+      forkedAt = found.messageId;
+    }
+    const slicedHistory = sourceHistory.slice(0, cutoffIndex + 1);
+    const promptHistory = await loadPromptHistorySafely(sourceSessionId);
+    const recordForBundle = {
+      ...sourceRecord,
+      lineageId: generateLineageId(),
+      agentId: targetAgentId,
+      ...crossAgent ? {
+        currentModel: void 0,
+        currentMode: void 0,
+        currentUsage: void 0,
+        agentCommands: void 0,
+        agentModes: void 0,
+        agentModels: void 0
+      } : {}
+    };
+    const bundle = encodeBundle({
+      record: recordForBundle,
+      history: slicedHistory,
+      promptHistory: promptHistory.length > 0 ? promptHistory : void 0,
+      hydraVersion: HYDRA_VERSION,
+      machine: os2.hostname()
+    });
+    const newId = `${HYDRA_SESSION_PREFIX}${generateRawSessionId()}`;
+    await this.writeImportedRecord({
+      sessionId: newId,
+      bundle,
+      cwd: opts.cwd,
+      forkedFromSessionId: sourceSessionId,
+      forkedFromMessageId: forkedAt
+    });
+    return {
+      sessionId: newId,
+      forkedFromSessionId: sourceSessionId,
+      forkedAt
+    };
+  }
+  // Write the imported (or forked) bundle's history.jsonl, prompt-history
+  // (if present), and meta.json. upstreamSessionId is left empty as the
   // marker that the first attach should bootstrap a fresh agent and
-  // run seedFromImport rather than calling session/load.
+  // run seedFromImport rather than calling session/load. When
+  // forkedFromSessionId is set, the record is marked as a local fork
+  // (forked* fields populated) instead of a cross-machine import
+  // (imported* fields populated) — both share the seed-on-first-attach
+  // wire shape but trace differently in list views.
   async writeImportedRecord(args) {
     await this.histories.rewrite(
       args.sessionId,
@@ -7050,7 +7316,7 @@ var SessionManager = class {
     );
     const sourceMtime = new Date(args.bundle.session.updatedAt);
     if (!Number.isNaN(sourceMtime.getTime())) {
-      await fs10.utimes(paths.historyFile(args.sessionId), sourceMtime, sourceMtime).catch(() => void 0);
+      await fs11.utimes(paths.historyFile(args.sessionId), sourceMtime, sourceMtime).catch(() => void 0);
     }
     if (args.bundle.promptHistory && args.bundle.promptHistory.length > 0) {
       await saveHistory(
@@ -7059,14 +7325,20 @@ var SessionManager = class {
       ).catch(() => void 0);
     }
     const now = (/* @__PURE__ */ new Date()).toISOString();
+    const isFork = args.forkedFromSessionId !== void 0;
     await this.enqueueMetaWrite(args.sessionId, async () => {
       await this.store.write({
         sessionId: args.sessionId,
         lineageId: args.bundle.session.lineageId,
         upstreamSessionId: "",
-        importedFromSessionId: args.bundle.session.sessionId,
-        importedFromUpstreamSessionId: args.bundle.session.upstreamSessionId,
-        importedFromMachine: args.bundle.exportedFrom.machine,
+        ...isFork ? {
+          forkedFromSessionId: args.forkedFromSessionId,
+          forkedFromMessageId: args.forkedFromMessageId
+        } : {
+          importedFromSessionId: args.bundle.session.sessionId,
+          importedFromUpstreamSessionId: args.bundle.session.upstreamSessionId,
+          importedFromMachine: args.bundle.exportedFrom.machine
+        },
         agentId: args.bundle.session.agentId,
         cwd: args.cwd ?? args.bundle.session.cwd,
         title: args.bundle.session.title,
@@ -7200,6 +7472,14 @@ var SessionManager = class {
     }
     await Promise.allSettled(pending);
   }
+  // Wait for every pending history.jsonl write to settle. markClosed
+  // broadcasts turn_complete(interrupted) for the in-flight turn via a
+  // fire-and-forget store.append; without flushing, a SIGTERM can exit
+  // before that append hits disk, leaving an unmatched prompt_received
+  // in history that leaks pendingTurns on every client that replays it.
+  async flushHistoryWrites() {
+    await this.histories.flushAll();
+  }
   // Startup hook: scan persisted sessions for non-empty queue files,
   // apply the TTL, resurrect anything with surviving entries, and
   // replay them through the normal queue path. Called from the daemon
@@ -7298,6 +7578,8 @@ function mergeForPersistence(session, existing) {
     agentModes,
     agentModels,
     parentSessionId: session.parentSessionId ?? existing?.parentSessionId,
+    forkedFromSessionId: session.forkedFromSessionId ?? existing?.forkedFromSessionId,
+    forkedFromMessageId: session.forkedFromMessageId ?? existing?.forkedFromMessageId,
     originatingClient: session.originatingClient ?? existing?.originatingClient,
     createdAt: existing?.createdAt ?? new Date(session.createdAt).toISOString()
   });
@@ -7567,9 +7849,26 @@ function parseModesList(list) {
   }
   return out;
 }
+function findLastTurnComplete(history) {
+  for (let i = history.length - 1; i >= 0; i--) {
+    const entry = history[i];
+    if (!entry || entry.method !== "session/update") {
+      continue;
+    }
+    const update = entry.params?.update;
+    if (update?.sessionUpdate !== "turn_complete") {
+      continue;
+    }
+    if (typeof update.messageId !== "string" || update.messageId.length === 0) {
+      continue;
+    }
+    return { index: i, messageId: update.messageId };
+  }
+  return void 0;
+}
 async function loadPromptHistorySafely(sessionId) {
   try {
-    const raw = await fs10.readFile(paths.tuiHistoryFile(sessionId), "utf8");
+    const raw = await fs11.readFile(paths.tuiHistoryFile(sessionId), "utf8");
     const out = [];
     for (const line of raw.split("\n")) {
       if (line.length === 0) {
@@ -7590,7 +7889,7 @@ async function loadPromptHistorySafely(sessionId) {
 }
 async function historyMtimeIso(sessionId) {
   try {
-    const st = await fs10.stat(paths.historyFile(sessionId));
+    const st = await fs11.stat(paths.historyFile(sessionId));
     return new Date(st.mtimeMs).toISOString();
   } catch {
     return void 0;
@@ -7599,7 +7898,7 @@ async function historyMtimeIso(sessionId) {
 
 // src/core/extensions.ts
 import { spawn as spawn4 } from "child_process";
-import * as fs11 from "fs";
+import * as fs12 from "fs";
 import * as fsp5 from "fs/promises";
 import * as path8 from "path";
 var RESTART_BASE_MS = 1e3;
@@ -7895,7 +8194,7 @@ var ExtensionManager = class {
     }
     const ext = entry.config;
     const command = ext.command.length > 0 ? ext.command : [ext.name];
-    const logStream = fs11.createWriteStream(paths.extensionLogFile(ext.name), {
+    const logStream = fs12.createWriteStream(paths.extensionLogFile(ext.name), {
       flags: "a"
     });
     logStream.write(
@@ -7948,7 +8247,7 @@ var ExtensionManager = class {
     }
     if (typeof child.pid === "number") {
       try {
-        fs11.writeFileSync(paths.extensionPidFile(ext.name), `${child.pid}
+        fs12.writeFileSync(paths.extensionPidFile(ext.name), `${child.pid}
 `, {
           encoding: "utf8",
           mode: 384
@@ -7973,7 +8272,7 @@ var ExtensionManager = class {
     });
     child.on("exit", (code, signal) => {
       try {
-        fs11.unlinkSync(paths.extensionPidFile(ext.name));
+        fs12.unlinkSync(paths.extensionPidFile(ext.name));
       } catch {
       }
       logStream.write(
@@ -8035,7 +8334,7 @@ function withCode2(err, code) {
 
 // src/core/transformer-manager.ts
 import { spawn as spawn5 } from "child_process";
-import * as fs12 from "fs";
+import * as fs13 from "fs";
 import * as fsp6 from "fs/promises";
 import * as path9 from "path";
 var RESTART_BASE_MS2 = 1e3;
@@ -8355,7 +8654,7 @@ var TransformerManager = class {
     }
     const t = entry.config;
     const command = t.command.length > 0 ? t.command : [t.name];
-    const logStream = fs12.createWriteStream(paths.transformerLogFile(t.name), {
+    const logStream = fs13.createWriteStream(paths.transformerLogFile(t.name), {
       flags: "a"
     });
     logStream.write(
@@ -8408,7 +8707,7 @@ var TransformerManager = class {
     }
     if (typeof child.pid === "number") {
       try {
-        fs12.writeFileSync(paths.transformerPidFile(t.name), `${child.pid}
+        fs13.writeFileSync(paths.transformerPidFile(t.name), `${child.pid}
 `, {
           encoding: "utf8",
           mode: 384
@@ -8433,7 +8732,7 @@ var TransformerManager = class {
     });
     child.on("exit", (code, signal) => {
       try {
-        fs12.unlinkSync(paths.transformerPidFile(t.name));
+        fs13.unlinkSync(paths.transformerPidFile(t.name));
       } catch {
       }
       logStream.write(
@@ -8688,9 +8987,8 @@ function startAgentSyncScheduler(opts) {
 }
 
 // src/core/session-tokens.ts
-import * as fs13 from "fs/promises";
 import * as path11 from "path";
-import { createHash, randomBytes, timingSafeEqual } from "crypto";
+import { createHash, randomBytes as randomBytes2, timingSafeEqual } from "crypto";
 var TOKEN_PREFIX = "hydra_session_";
 var DEFAULT_TTL_SEC = 60 * 60 * 24 * 30;
 var ID_LENGTH = 12;
@@ -8703,7 +9001,7 @@ function sha256Hex(input) {
   return createHash("sha256").update(input).digest("hex");
 }
 function randomHex(bytes) {
-  return randomBytes(bytes).toString("hex");
+  return randomBytes2(bytes).toString("hex");
 }
 function generateId() {
   return randomHex(ID_LENGTH).slice(0, ID_LENGTH * 2);
@@ -8723,17 +9021,11 @@ var SessionTokenStore = class _SessionTokenStore {
   }
   static async load() {
     let records = [];
-    try {
-      const raw = await fs13.readFile(tokensFilePath(), "utf8");
-      const parsed = JSON.parse(raw);
-      if (parsed && Array.isArray(parsed.records)) {
-        records = parsed.records.filter(isRecord);
-      }
-    } catch (err) {
-      const e = err;
-      if (e.code !== "ENOENT") {
-        throw err;
-      }
+    const parsed = await readJsonSafe(
+      tokensFilePath()
+    );
+    if (parsed && Array.isArray(parsed.records)) {
+      records = parsed.records.filter(isRecord);
     }
     const store = new _SessionTokenStore(records);
     const removed = store.sweepExpired(/* @__PURE__ */ new Date());
@@ -8850,14 +9142,11 @@ var SessionTokenStore = class _SessionTokenStore {
       await this.writeInflight;
     }
     const records = Array.from(this.records.values());
-    const payload = JSON.stringify({ records }, null, 2) + "\n";
-    this.writeInflight = (async () => {
-      await fs13.mkdir(paths.home(), { recursive: true });
-      await fs13.writeFile(tokensFilePath(), payload, {
-        encoding: "utf8",
-        mode: 384
-      });
-    })();
+    this.writeInflight = writeJsonAtomic(
+      tokensFilePath(),
+      { records },
+      { mode: 384 }
+    );
     try {
       await this.writeInflight;
     } finally {
@@ -9025,89 +9314,6 @@ var AuthRateLimiter = class {
 // src/daemon/routes/sessions.ts
 import * as os3 from "os";
 
-// src/core/bundle.ts
-import { z as z5 } from "zod";
-var HistoryEntrySchema = z5.object({
-  method: z5.string(),
-  params: z5.unknown(),
-  recordedAt: z5.number()
-});
-var BundleSession = z5.object({
-  // The exporter's local id. Regenerated fresh on import (sessionId is
-  // the local namespace; lineageId is what survives across hops).
-  sessionId: z5.string(),
-  // Required on bundles — the export path backfills if the source
-  // record was written before lineageId existed.
-  lineageId: z5.string(),
-  // The exporter's agent-side session id at export time. Carried so
-  // importers can persist it as a breadcrumb (and, eventually, as the
-  // handle a "connect back to origin" feature would need). Omitted on
-  // bundles whose source record never bound to an agent (e.g. a
-  // re-export of an imported, not-yet-attached session).
-  upstreamSessionId: z5.string().optional(),
-  agentId: z5.string(),
-  cwd: z5.string(),
-  title: z5.string().optional(),
-  currentModel: z5.string().optional(),
-  currentMode: z5.string().optional(),
-  currentUsage: PersistedUsage.optional(),
-  agentCommands: z5.array(PersistedAgentCommand).optional(),
-  agentModes: z5.array(PersistedAgentMode).optional(),
-  createdAt: z5.string(),
-  updatedAt: z5.string()
-});
-var Bundle = z5.object({
-  version: z5.literal(1),
-  exportedAt: z5.string(),
-  exportedFrom: z5.object({
-    hydraVersion: z5.string(),
-    machine: z5.string(),
-    // Externally-reachable name (and optional ":port") for the exporting
-    // daemon, sourced from config.daemon.publicHost (or daemon.host when
-    // non-loopback). Carried so an importer can construct a hydra:// URL
-    // that dials back to the origin — e.g. over Tailscale. Omitted when
-    // the exporter has no routable address; never falls back to loopback.
-    hydraHost: z5.string().optional()
-  }),
-  session: BundleSession,
-  history: z5.array(HistoryEntrySchema),
-  promptHistory: z5.array(z5.string()).optional()
-});
-function encodeBundle(params) {
-  const bundle = {
-    version: 1,
-    exportedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    exportedFrom: {
-      hydraVersion: params.hydraVersion,
-      machine: params.machine,
-      ...params.hydraHost !== void 0 && params.hydraHost.length > 0 ? { hydraHost: params.hydraHost } : {}
-    },
-    session: {
-      sessionId: params.record.sessionId,
-      lineageId: params.record.lineageId,
-      ...params.record.upstreamSessionId ? { upstreamSessionId: params.record.upstreamSessionId } : {},
-      agentId: params.record.agentId,
-      cwd: params.record.cwd,
-      ...params.record.title !== void 0 ? { title: params.record.title } : {},
-      ...params.record.currentModel !== void 0 ? { currentModel: params.record.currentModel } : {},
-      ...params.record.currentMode !== void 0 ? { currentMode: params.record.currentMode } : {},
-      ...params.record.currentUsage !== void 0 ? { currentUsage: params.record.currentUsage } : {},
-      ...params.record.agentCommands !== void 0 ? { agentCommands: params.record.agentCommands } : {},
-      ...params.record.agentModes !== void 0 ? { agentModes: params.record.agentModes } : {},
-      createdAt: params.record.createdAt,
-      updatedAt: params.record.updatedAt
-    },
-    history: params.history
-  };
-  if (params.promptHistory !== void 0) {
-    bundle.promptHistory = params.promptHistory;
-  }
-  return bundle;
-}
-function decodeBundle(raw) {
-  return Bundle.parse(raw);
-}
-
 // src/core/render-update.ts
 import stripAnsi from "strip-ansi";
 var STRIP_CONTROLS = /[\x00-\x08\x0b-\x1f\x7f]/g;
@@ -9301,6 +9507,51 @@ function isExitPlanModeTool(name) {
   const normalised = name.toLowerCase().replace(/[_\s-]/g, "");
   return normalised === "exitplanmode";
 }
+function extractEditDiff(u) {
+  const content = u.content;
+  if (Array.isArray(content)) {
+    for (const block of content) {
+      if (!block || typeof block !== "object") {
+        continue;
+      }
+      const b = block;
+      if (b.type !== "diff") {
+        continue;
+      }
+      const oldText = typeof b.oldText === "string" ? b.oldText : void 0;
+      const newText = typeof b.newText === "string" ? b.newText : void 0;
+      if (oldText === void 0 && newText === void 0) {
+        continue;
+      }
+      const path14 = typeof b.path === "string" ? b.path : void 0;
+      return {
+        ...path14 !== void 0 ? { path: path14 } : {},
+        oldText: oldText ?? "",
+        newText: newText ?? ""
+      };
+    }
+  }
+  const rawInput = u.rawInput;
+  if (rawInput && typeof rawInput === "object" && !Array.isArray(rawInput)) {
+    const r = rawInput;
+    const filePath = typeof r.file_path === "string" ? r.file_path : typeof r.path === "string" ? r.path : void 0;
+    if (typeof r.old_string === "string" && typeof r.new_string === "string") {
+      return {
+        ...filePath !== void 0 ? { path: filePath } : {},
+        oldText: r.old_string,
+        newText: r.new_string
+      };
+    }
+    if (typeof r.content === "string") {
+      return {
+        ...filePath !== void 0 ? { path: filePath } : {},
+        oldText: "",
+        newText: r.content
+      };
+    }
+  }
+  return null;
+}
 function readExitPlanMarkdown(u) {
   const rawInput = u.rawInput;
   if (!rawInput || typeof rawInput !== "object" || Array.isArray(rawInput)) {
@@ -9340,6 +9591,10 @@ function mapToolCall(u) {
   if (rawKind !== void 0) {
     event.rawKind = rawKind;
   }
+  const diff = extractEditDiff(u);
+  if (diff !== null) {
+    event.editDiff = diff;
+  }
   return event;
 }
 function mapToolCallUpdate(u) {
@@ -9350,7 +9605,8 @@ function mapToolCallUpdate(u) {
   const rawTitle = readString(u, "title");
   const title = rawTitle !== void 0 ? sanitizeSingleLine(rawTitle) : void 0;
   const status = readString(u, "status");
-  const meaningful = title !== void 0 || status === "completed" || status === "failed" || status === "rejected" || status === "cancelled";
+  const diff = extractEditDiff(u);
+  const meaningful = title !== void 0 || diff !== null || status === "completed" || status === "failed" || status === "rejected" || status === "cancelled";
   if (!meaningful) {
     return null;
   }
@@ -9373,6 +9629,9 @@ function mapToolCallUpdate(u) {
   if (status !== void 0) {
     event.status = status;
   }
+  if (diff !== null) {
+    event.editDiff = diff;
+  }
   if (status === "failed") {
     const errorText = extractToolFailureText(u);
     if (errorText !== null) {
@@ -10292,6 +10551,48 @@ function registerSessionRoutes(app, manager, defaults) {
     reply.header("Content-Type", "text/markdown; charset=utf-8");
     reply.code(200).send(bundleToMarkdown(bundle));
   });
+  app.post("/v1/sessions/:id/fork", async (request, reply) => {
+    const raw = request.params.id;
+    const id = await manager.resolveCanonicalId(raw) ?? raw;
+    const body = request.body ?? {};
+    const opts = {};
+    if (body.forkAt !== void 0) {
+      if (typeof body.forkAt !== "string" || body.forkAt.length === 0) {
+        reply.code(400).send({ error: "forkAt must be a non-empty string" });
+        return;
+      }
+      opts.forkAt = body.forkAt;
+    }
+    if (body.cwd !== void 0) {
+      if (typeof body.cwd !== "string" || body.cwd.length === 0) {
+        reply.code(400).send({ error: "cwd must be a non-empty string" });
+        return;
+      }
+      opts.cwd = expandHome(body.cwd);
+    }
+    if (body.agentId !== void 0) {
+      if (typeof body.agentId !== "string" || body.agentId.length === 0) {
+        reply.code(400).send({ error: "agentId must be a non-empty string" });
+        return;
+      }
+      opts.agentId = body.agentId;
+    }
+    try {
+      const result = await manager.forkSession(id, opts);
+      reply.code(201).send(result);
+    } catch (err) {
+      const e = err;
+      if (e.code === JsonRpcErrorCodes.SessionNotFound) {
+        reply.code(404).send({ error: e.message });
+        return;
+      }
+      if (e.code === JsonRpcErrorCodes.InvalidParams || e.code === JsonRpcErrorCodes.AgentNotInstalled) {
+        reply.code(400).send({ error: e.message });
+        return;
+      }
+      reply.code(500).send({ error: e.message });
+    }
+  });
   app.post("/v1/sessions/import", async (request, reply) => {
     const body = request.body ?? {};
     if (body.bundle === void 0) {
@@ -10737,7 +11038,7 @@ import { z as z6 } from "zod";
 // src/core/password.ts
 import * as fs14 from "fs/promises";
 import * as path12 from "path";
-import { randomBytes as randomBytes2, scrypt, timingSafeEqual as timingSafeEqual2 } from "crypto";
+import { randomBytes as randomBytes3, scrypt, timingSafeEqual as timingSafeEqual2 } from "crypto";
 import { promisify } from "util";
 var scryptAsync = promisify(scrypt);
 function passwordHashPath() {
@@ -10959,7 +11260,7 @@ function wsToMessageStream(ws) {
 // src/daemon/acp-ws.ts
 import * as os4 from "os";
 import * as path13 from "path";
-import { randomBytes as randomBytes3 } from "crypto";
+import { randomBytes as randomBytes4 } from "crypto";
 function registerAcpWsEndpoint(app, deps) {
   app.get("/acp", { websocket: true }, async (socket, request) => {
     const token = tokenFromUpgradeRequest({
@@ -11156,6 +11457,23 @@ function registerAcpWsEndpoint(app, deps) {
         });
         return { childSessionId: child.sessionId };
       });
+      connection.onRequest("hydra-acp/fork_session", async (raw) => {
+        const params = raw ?? {};
+        if (typeof params.sessionId !== "string") {
+          throw Object.assign(
+            new Error("fork_session requires sessionId"),
+            { code: JsonRpcErrorCodes.InvalidParams }
+          );
+        }
+        const forkAt = typeof params.forkAt === "string" ? params.forkAt : void 0;
+        const cwd = typeof params.cwd === "string" ? params.cwd : void 0;
+        const agentId = typeof params.agentId === "string" ? params.agentId : void 0;
+        return await deps.manager.forkSession(params.sessionId, {
+          ...forkAt !== void 0 ? { forkAt } : {},
+          ...cwd !== void 0 ? { cwd } : {},
+          ...agentId !== void 0 ? { agentId } : {}
+        });
+      });
       connection.onRequest("hydra-acp/await_child", async (raw) => {
         const params = raw ?? {};
         const childSessionId = typeof params.childSessionId === "string" ? params.childSessionId : void 0;
@@ -11230,7 +11548,7 @@ function registerAcpWsEndpoint(app, deps) {
       let stdinReservation;
       let augmentedMcpServers = params.mcpServers;
       if (hydraMeta.mcpStdin === true && deps.mcpTokenRegistry !== void 0 && deps.getDaemonOrigin !== void 0) {
-        stdinToken = randomBytes3(32).toString("hex");
+        stdinToken = randomBytes4(32).toString("hex");
         stdinReservation = deps.mcpTokenRegistry.reserve(stdinToken);
         const url = `${deps.getDaemonOrigin()}/mcp/hydra-acp-stdin`;
         const descriptor = {
@@ -11248,7 +11566,7 @@ function registerAcpWsEndpoint(app, deps) {
       if (deps.extensionMcp !== void 0 && deps.mcpTokenRegistry !== void 0 && deps.getDaemonOrigin !== void 0) {
         const extNames = deps.extensionMcp.list();
         if (extNames.length > 0) {
-          extMcpToken = randomBytes3(32).toString("hex");
+          extMcpToken = randomBytes4(32).toString("hex");
           extMcpReservation = deps.mcpTokenRegistry.reserve(extMcpToken);
           const origin = deps.getDaemonOrigin();
           const descriptors = extNames.map((name) => ({
@@ -12807,6 +13125,7 @@ async function startDaemon(config, serviceToken) {
     await transformers.stop();
     await manager.closeAll();
     await manager.flushMetaWrites();
+    await manager.flushHistoryWrites();
     setBinaryInstallLogger(null);
     setNpmInstallLogger(null);
     setAgentPruneLogger(null);