@moxxy/cli 0.7.0 → 0.7.1

package/dist/bin.js

@@ -1,10 +1,10 @@
 #!/usr/bin/env node
 import { createRequire } from 'node:module';
-import { z as z$1, defineProvider, definePlugin, defineTool, MoxxyError, writeFileAtomic, asTurnId, defineMode, asPluginId, defineChannel, defineTunnelProvider, createMutex, defineWorkflowExecutor, toFriendlyError, estimateTextTokens, classifyHttpStatus, createStuckLoopDetector, runCompactionIfNeeded, runElisionIfNeeded, collectProviderStream, usageEventFields, isContextOverflowError, emitRequestsAndDetectStuck, executeToolUses, buildSystemPromptWithSkills, projectMessages, defineCompactor, defineCacheStrategy, denyByDefaultResolver, createAllowListResolver, zodToJsonSchema, runSingleShotTurn, bearerTokenMatches, resolveChannelToken, estimateContextTokens, readRequestBody, moxxyPath, defineEmbedder, bearerGuard, skillFrontmatterSchema, asSkillId, getInstallHint, moxxyHome, defineTranscriber, summarizeTokensByModel, migrateModeName, createDeferredPermissionResolver, classifyNetworkError, addModelTotals, ISOLATION_RANK, moxxyPackageSchema, defineCommand, createCallbackResolver, autoAllowResolver, asSessionId, asToolCallId, defineViewRenderer, DEFAULT_VIEW_TAGS, evaluateToolRule, summarizeSessionTokensFromEvents, asEventId } from '@moxxy/sdk';
+import { z as z$1, defineProvider, definePlugin, defineTool, MoxxyError, writeFileAtomic, asTurnId, defineMode, asPluginId, defineChannel, defineTunnelProvider, createMutex, defineWorkflowExecutor, toFriendlyError, estimateTextTokens, classifyHttpStatus, createStuckLoopDetector, runCompactionIfNeeded, runElisionIfNeeded, collectProviderStream, usageEventFields, isContextOverflowError, emitRequestsAndDetectStuck, executeToolUses, buildSystemPromptWithSkills, projectMessages, defineCompactor, defineCacheStrategy, denyByDefaultResolver, createAllowListResolver, zodToJsonSchema, moxxyPath, runSingleShotTurn, bearerTokenMatches, resolveChannelToken, rotateChannelToken, estimateContextTokens, readRequestBody, MOXXY_WS_SUBPROTOCOL, defineEmbedder, bearerGuard, tokenFromWsProtocolHeader, skillFrontmatterSchema, asSkillId, getInstallHint, moxxyHome, defineTranscriber, summarizeTokensByModel, migrateModeName, createDeferredPermissionResolver, classifyNetworkError, addModelTotals, ISOLATION_RANK, moxxyPackageSchema, defineCommand, createCallbackResolver, autoAllowResolver, asSessionId, asToolCallId, defineViewRenderer, DEFAULT_VIEW_TAGS, evaluateToolRule, summarizeSessionTokensFromEvents, asEventId } from '@moxxy/sdk';
 import * as fs27 from 'fs';
 import fs27__default, { existsSync, promises, ReadStream, readFileSync, statSync, readdirSync, mkdirSync, writeFileSync, unlinkSync, renameSync, watch, createReadStream } from 'fs';
 import * as path3 from 'path';
-import path3__default, { basename } from 'path';
+import path3__default, { join, dirname, basename } from 'path';
 import { z } from 'zod';
 import * as os5 from 'os';
 import os5__default, { homedir, userInfo } from 'os';
@@ -22,7 +22,7 @@ import V3, { stdin, stdout, env, cwd } from 'process';
 import tty, { ReadStream as ReadStream$1 } from 'tty';
 import { once, EventEmitter } from 'events';
 import { Buffer as Buffer$1 } from 'buffer';
-import { readFile, mkdir, unlink, writeFile } from 'fs/promises';
+import { readFile, mkdir, open, rm, stat, rename as rename$1, unlink, writeFile } from 'fs/promises';
 import { spawn, spawnSync } from 'child_process';
 import { deprecate, inspect, styleText } from 'util';
 import { ReadableStream as ReadableStream$1 } from 'stream/web';
@@ -192,6 +192,7 @@ var init_log = __esm({
     EventLog = class {
       events = [];
       listeners = /* @__PURE__ */ new Set();
+      clearListeners = /* @__PURE__ */ new Set();
       now;
       constructor(seed = [], opts = {}) {
         this.now = opts.now ?? Date.now;
@@ -250,25 +251,44 @@ var init_log = __esm({
         const snapshot = [...this.listeners];
         for (const fn of snapshot) {
           try {
-            void fn(event);
+            void Promise.resolve(fn(event)).catch(() => {
+            });
           } catch {
           }
         }
       }
       /**
-       * Drop every event from the log. Used by `/new` (TUI) to start a
-       * fresh session without rebuilding the entire Session object — the
+       * Drop every event from the log. Used by `/new` to start a fresh
+       * session without rebuilding the entire Session object — the
        * registries, resolvers, and active provider stay; only the
-       * conversation context vanishes. Listeners are intentionally NOT
-       * notified: there's no "event removed" event in the schema, and any
-       * subscriber that wants to react to a wipe can observe the
-       * subsequent next-`user_prompt` arriving with seq=0.
+       * conversation context vanishes. Per-event listeners are NOT
+       * notified (there's no "event removed" event in the schema), but
+       * {@link onClear} subscribers fire — that's how the persistence
+       * sidecar truncates its JSONL (so `--resume` can't resurrect wiped
+       * history) and how the runner broadcasts a reset to attached
+       * mirrors, in lockstep with the wipe.
        *
        * Safe to call only when no turn is in flight — callers should abort
        * their AbortController and await any pending runTurn() first.
        */
       clear() {
         this.events.length = 0;
+        const snapshot = [...this.clearListeners];
+        for (const fn of snapshot) {
+          try {
+            fn();
+          } catch {
+          }
+        }
+      }
+      /**
+       * Subscribe to {@link clear}. Fires synchronously after the events array
+       * empties, so a listener reading the log observes the post-wipe state.
+       * Returns the unsubscribe callback.
+       */
+      onClear(fn) {
+        this.clearListeners.add(fn);
+        return () => this.clearListeners.delete(fn);
       }
       asReader() {
         return this;
@@ -1583,11 +1603,11 @@ function build(tokens, src) {
       if (!tok.selfClose)
         stack.push(node);
     } else {
-      const open = stack.pop();
-      if (!open)
+      const open2 = stack.pop();
+      if (!open2)
         fail(src, tok.pos, `unexpected closing tag </${tok.tag}>`);
-      if (open.tag !== tok.tag) {
-        fail(src, tok.pos, `mismatched closing tag: expected </${open.tag}>, got </${tok.tag}>`);
+      if (open2.tag !== tok.tag) {
+        fail(src, tok.pos, `mismatched closing tag: expected </${open2.tag}>, got </${tok.tag}>`);
       }
     }
   }
@@ -2140,8 +2160,8 @@ var init_tools2 = __esm({
         const parseResult = tool.inputSchema.safeParse(input);
         if (!parseResult.success) {
           const issues = parseResult.error.issues.map((iss) => {
-            const path59 = iss.path.length ? iss.path.join(".") : "(root)";
-            return `${path59}: ${iss.message}`;
+            const path60 = iss.path.length ? iss.path.join(".") : "(root)";
+            return `${path60}: ${iss.message}`;
           }).join("; ");
           throw new Error(`Invalid input for ${name}: ${issues}`);
         }
@@ -2813,19 +2833,25 @@ var init_logger = __esm({
   }
 });
 function wrapWithPolicy(inner, engine, getToolRule) {
+  const policyDecision = (call) => {
+    const policy = engine.check(call);
+    if (policy)
+      return policy;
+    return evaluateToolRule(getToolRule(call.name), call);
+  };
   return new Proxy(inner, {
     get(target, prop, receiver) {
       if (prop === "check") {
         return async (call, ctx) => {
-          const policy = engine.check(call);
-          if (policy)
-            return policy;
-          const toolDecision = evaluateToolRule(getToolRule(call.name), call);
-          if (toolDecision)
-            return toolDecision;
+          const decided = policyDecision(call);
+          if (decided)
+            return decided;
           return target.check(call, ctx);
         };
       }
+      if (prop === "policyCheck") {
+        return async (call) => policyDecision(call);
+      }
       return Reflect.get(target, prop, receiver);
     }
   });
@@ -3007,6 +3033,18 @@ var init_session = __esm({
       setApprovalResolver(resolver2) {
         this.approvalResolver = resolver2;
       }
+      /**
+       * `SessionLike.reset` — the authoritative `/new`. Clears the event log;
+       * the log's clear listeners propagate the wipe to whatever observes it
+       * (the persistence sidecar truncates its JSONL so `--resume` sees an
+       * empty session; a wrapping RunnerServer broadcasts a reset so attached
+       * mirrors clear in lockstep). Registries, resolvers, and the active
+       * provider survive — only the conversation context vanishes. Callers
+       * must abort any in-flight turn first (same contract as `log.clear()`).
+       */
+      async reset() {
+        this.log.clear();
+      }
       /**
        * Graceful shutdown: fire every plugin's `onShutdown` hook, then abort
        * the session. Idempotent — safe to call multiple times (subsequent
@@ -3746,7 +3784,7 @@ async function readIndex(dir = defaultSessionsDir()) {
   }));
   return metas.filter((_2, index) => checks[index]).sort((a2, b3) => b3.lastActivity.localeCompare(a2.lastActivity));
 }
-async function restoreEvents(sessionId, dir = defaultSessionsDir()) {
+async function restoreEvents(sessionId, dir = defaultSessionsDir(), logger = createLogger()) {
   const logPath = path3.join(dir, `${sessionId}.jsonl`);
   let raw;
   try {
@@ -3755,12 +3793,40 @@ async function restoreEvents(sessionId, dir = defaultSessionsDir()) {
     throw new Error(`Session not found: ${sessionId}`);
   }
   const events = [];
+  let corruptLines = 0;
   for (const line of raw.split("\n")) {
     if (!line.trim())
       continue;
     try {
       events.push(JSON.parse(line));
     } catch {
+      corruptLines += 1;
+    }
+  }
+  let resequenced = 0;
+  for (let i2 = 0; i2 < events.length; i2 += 1) {
+    if (events[i2].seq !== i2) {
+      events[i2] = { ...events[i2], seq: i2 };
+      resequenced += 1;
+    }
+  }
+  if (corruptLines > 0 || resequenced > 0) {
+    logger.warn("session log restored with gaps \u2014 re-sequenced to keep full history replayable", {
+      sessionId,
+      path: logPath,
+      corruptLines,
+      resequencedEvents: resequenced,
+      restoredEvents: events.length
+    });
+    try {
+      const repaired = events.map((e3) => JSON.stringify(e3) + "\n").join("");
+      await writeFileAtomic(logPath, repaired);
+    } catch (err) {
+      logger.warn("failed to rewrite repaired session log on disk", {
+        sessionId,
+        path: logPath,
+        error: err instanceof Error ? err.message : String(err)
+      });
     }
   }
   return events;
@@ -3784,6 +3850,7 @@ function isSessionMeta(v3) {
 var SessionPersistence;
 var init_persistence = __esm({
   "../core/dist/sessions/persistence.js"() {
+    init_logger();
     SessionPersistence = class {
       dir;
       id;
@@ -3797,9 +3864,17 @@ var init_persistence = __esm({
        */
       writeQueue = createMutex();
       closed = false;
+      logger;
+      /**
+       * Latched while event-log writes are failing. Doubles as the warn-once
+       * gate: only the first failure of a streak logs; a subsequent successful
+       * write clears the latch (and re-arms the warning).
+       */
+      writeDegraded = false;
       constructor(opts) {
         this.dir = opts.dir ?? defaultSessionsDir();
         this.id = String(opts.sessionId);
+        this.logger = opts.logger ?? createLogger();
         this.logPath = path3.join(this.dir, `${this.id}.jsonl`);
         const now = (/* @__PURE__ */ new Date()).toISOString();
         this.meta = {
@@ -3817,6 +3892,12 @@ var init_persistence = __esm({
        * Subscribe to the log; returns the unsubscribe callback. The first
        * call also writes the initial index row so `moxxy resume` lists
        * the session before any events arrive.
+       *
+       * Also subscribes to the log's `clear()`, truncating the JSONL in
+       * lockstep so a `/new` wipe can't resurrect on `--resume`. The
+       * session keeps its id and file: post-reset events restart at seq 0
+       * in the same (now empty) JSONL, matching how the in-memory log
+       * reuses the same Session object.
        */
       attach(log) {
         void this.ensureDir().then(() => this.ensureLogFile()).then(() => this.scheduleIndexWrite()).catch(() => void 0);
@@ -3825,9 +3906,15 @@ var init_persistence = __esm({
             return;
           this.enqueueAppend(event);
         });
+        const unsubClear = log.onClear(() => {
+          if (this.closed)
+            return;
+          this.enqueueTruncate();
+        });
         return () => {
           this.closed = true;
           unsub();
+          unsubClear();
           this.scheduleIndexWrite();
         };
       }
@@ -3853,7 +3940,48 @@ var init_persistence = __esm({
         };
         this.scheduleIndexWrite();
         const line = JSON.stringify(event) + "\n";
-        void this.writeQueue.run(() => promises.appendFile(this.logPath, line, "utf8")).catch(() => void 0);
+        void this.writeQueue.run(() => promises.appendFile(this.logPath, line, "utf8")).then(() => this.noteWriteOk()).catch((err) => this.noteWriteFailure("append", err));
+      }
+      /**
+       * True while event-log writes are failing (history is no longer being
+       * persisted). Cleared automatically by the next successful write.
+       */
+      get degraded() {
+        return this.writeDegraded;
+      }
+      noteWriteOk() {
+        if (!this.writeDegraded)
+          return;
+        this.writeDegraded = false;
+        this.logger.info("session event-log writes recovered", { path: this.logPath });
+      }
+      noteWriteFailure(op, err) {
+        const alreadyDegraded = this.writeDegraded;
+        this.writeDegraded = true;
+        if (alreadyDegraded)
+          return;
+        this.logger.warn("session event-log write failed \u2014 history persistence degraded (resume will miss these events)", {
+          op,
+          path: this.logPath,
+          sessionId: this.id,
+          error: err instanceof Error ? err.message : String(err)
+        });
+      }
+      /**
+       * Mirror a `log.clear()` on disk: truncate the JSONL and reset the
+       * sidecar's counters. Rides the same write queue as appends, so
+       * pre-clear appends flush first and post-clear appends land in the
+       * fresh (empty) file — ordering matches the in-memory log exactly.
+       */
+      enqueueTruncate() {
+        this.meta = {
+          ...this.meta,
+          eventCount: 0,
+          firstPrompt: null,
+          lastActivity: (/* @__PURE__ */ new Date()).toISOString()
+        };
+        this.scheduleIndexWrite();
+        void this.writeQueue.run(() => promises.writeFile(this.logPath, "", "utf8")).then(() => this.noteWriteOk()).catch((err) => this.noteWriteFailure("truncate", err));
       }
       scheduleIndexWrite() {
         if (this.indexUpdateScheduled)
@@ -4303,7 +4431,7 @@ var require_jiti = __commonJS({
           function V4() {
             return 10 !== n3.getToken() ? (k3(3, [], [2, 5]), false) : (P3(false), 6 === n3.getToken() ? (I3(":"), T2(), U3() || k3(4, [], [2, 5])) : k3(5, [], [2, 5]), a3.pop(), true);
           }
-          function z61() {
+          function z62() {
             l3(), T2();
             let e6 = false;
             for (; 2 !== n3.getToken() && 17 !== n3.getToken(); ) {
@@ -4330,14 +4458,14 @@ var require_jiti = __commonJS({
               case 3:
                 return G3();
               case 1:
-                return z61();
+                return z62();
               case 10:
                 return P3(true);
               default:
                 return J2();
             }
           }
-          return r2(T2, "scanNext"), r2(k3, "handleError"), r2(P3, "parseString"), r2(J2, "parseLiteral"), r2(V4, "parseProperty"), r2(z61, "parseObject"), r2(G3, "parseArray"), r2(U3, "parseValue"), T2(), 17 === n3.getToken() ? !!i4.allowEmptyContent || (k3(4, [], []), false) : U3() ? (17 !== n3.getToken() && k3(9, [], []), true) : (k3(4, [], []), false);
+          return r2(T2, "scanNext"), r2(k3, "handleError"), r2(P3, "parseString"), r2(J2, "parseLiteral"), r2(V4, "parseProperty"), r2(z62, "parseObject"), r2(G3, "parseArray"), r2(U3, "parseValue"), T2(), 17 === n3.getToken() ? !!i4.allowEmptyContent || (k3(4, [], []), false) : U3() ? (17 !== n3.getToken() && k3(9, [], []), true) : (k3(4, [], []), false);
         }
         new Array(W3).fill(0).map((e5, t4) => "\n" + " ".repeat(t4)), new Array(W3).fill(0).map((e5, t4) => "\r" + " ".repeat(t4)), new Array(W3).fill(0).map((e5, t4) => "\r\n" + " ".repeat(t4)), new Array(W3).fill(0).map((e5, t4) => "\n" + "	".repeat(t4)), new Array(W3).fill(0).map((e5, t4) => "\r" + "	".repeat(t4)), new Array(W3).fill(0).map((e5, t4) => "\r\n" + "	".repeat(t4)), (function(e5) {
           e5.DEFAULT = { allowTrailingComma: false };
@@ -8054,17 +8182,17 @@ var require_visit = __commonJS({
     visit.BREAK = BREAK;
     visit.SKIP = SKIP;
     visit.REMOVE = REMOVE;
-    function visit_(key, node, visitor, path59) {
-      const ctrl = callVisitor(key, node, visitor, path59);
+    function visit_(key, node, visitor, path60) {
+      const ctrl = callVisitor(key, node, visitor, path60);
       if (identity.isNode(ctrl) || identity.isPair(ctrl)) {
-        replaceNode(key, path59, ctrl);
-        return visit_(key, ctrl, visitor, path59);
+        replaceNode(key, path60, ctrl);
+        return visit_(key, ctrl, visitor, path60);
       }
       if (typeof ctrl !== "symbol") {
         if (identity.isCollection(node)) {
-          path59 = Object.freeze(path59.concat(node));
+          path60 = Object.freeze(path60.concat(node));
           for (let i2 = 0; i2 < node.items.length; ++i2) {
-            const ci = visit_(i2, node.items[i2], visitor, path59);
+            const ci = visit_(i2, node.items[i2], visitor, path60);
             if (typeof ci === "number")
               i2 = ci - 1;
             else if (ci === BREAK)
@@ -8075,13 +8203,13 @@ var require_visit = __commonJS({
             }
           }
         } else if (identity.isPair(node)) {
-          path59 = Object.freeze(path59.concat(node));
-          const ck = visit_("key", node.key, visitor, path59);
+          path60 = Object.freeze(path60.concat(node));
+          const ck = visit_("key", node.key, visitor, path60);
           if (ck === BREAK)
             return BREAK;
           else if (ck === REMOVE)
             node.key = null;
-          const cv = visit_("value", node.value, visitor, path59);
+          const cv = visit_("value", node.value, visitor, path60);
           if (cv === BREAK)
             return BREAK;
           else if (cv === REMOVE)
@@ -8102,17 +8230,17 @@ var require_visit = __commonJS({
     visitAsync.BREAK = BREAK;
     visitAsync.SKIP = SKIP;
     visitAsync.REMOVE = REMOVE;
-    async function visitAsync_(key, node, visitor, path59) {
-      const ctrl = await callVisitor(key, node, visitor, path59);
+    async function visitAsync_(key, node, visitor, path60) {
+      const ctrl = await callVisitor(key, node, visitor, path60);
       if (identity.isNode(ctrl) || identity.isPair(ctrl)) {
-        replaceNode(key, path59, ctrl);
-        return visitAsync_(key, ctrl, visitor, path59);
+        replaceNode(key, path60, ctrl);
+        return visitAsync_(key, ctrl, visitor, path60);
       }
       if (typeof ctrl !== "symbol") {
         if (identity.isCollection(node)) {
-          path59 = Object.freeze(path59.concat(node));
+          path60 = Object.freeze(path60.concat(node));
           for (let i2 = 0; i2 < node.items.length; ++i2) {
-            const ci = await visitAsync_(i2, node.items[i2], visitor, path59);
+            const ci = await visitAsync_(i2, node.items[i2], visitor, path60);
             if (typeof ci === "number")
               i2 = ci - 1;
             else if (ci === BREAK)
@@ -8123,13 +8251,13 @@ var require_visit = __commonJS({
             }
           }
         } else if (identity.isPair(node)) {
-          path59 = Object.freeze(path59.concat(node));
-          const ck = await visitAsync_("key", node.key, visitor, path59);
+          path60 = Object.freeze(path60.concat(node));
+          const ck = await visitAsync_("key", node.key, visitor, path60);
           if (ck === BREAK)
             return BREAK;
           else if (ck === REMOVE)
             node.key = null;
-          const cv = await visitAsync_("value", node.value, visitor, path59);
+          const cv = await visitAsync_("value", node.value, visitor, path60);
           if (cv === BREAK)
             return BREAK;
           else if (cv === REMOVE)
@@ -8156,23 +8284,23 @@ var require_visit = __commonJS({
       }
       return visitor;
     }
-    function callVisitor(key, node, visitor, path59) {
+    function callVisitor(key, node, visitor, path60) {
       if (typeof visitor === "function")
-        return visitor(key, node, path59);
+        return visitor(key, node, path60);
       if (identity.isMap(node))
-        return visitor.Map?.(key, node, path59);
+        return visitor.Map?.(key, node, path60);
       if (identity.isSeq(node))
-        return visitor.Seq?.(key, node, path59);
+        return visitor.Seq?.(key, node, path60);
       if (identity.isPair(node))
-        return visitor.Pair?.(key, node, path59);
+        return visitor.Pair?.(key, node, path60);
       if (identity.isScalar(node))
-        return visitor.Scalar?.(key, node, path59);
+        return visitor.Scalar?.(key, node, path60);
       if (identity.isAlias(node))
-        return visitor.Alias?.(key, node, path59);
+        return visitor.Alias?.(key, node, path60);
       return void 0;
     }
-    function replaceNode(key, path59, node) {
-      const parent = path59[path59.length - 1];
+    function replaceNode(key, path60, node) {
+      const parent = path60[path60.length - 1];
       if (identity.isCollection(parent)) {
         parent.items[key] = node;
       } else if (identity.isPair(parent)) {
@@ -8773,10 +8901,10 @@ var require_Collection = __commonJS({
     var createNode2 = require_createNode();
     var identity = require_identity();
     var Node = require_Node();
-    function collectionFromPath(schema, path59, value) {
+    function collectionFromPath(schema, path60, value) {
       let v3 = value;
-      for (let i2 = path59.length - 1; i2 >= 0; --i2) {
-        const k3 = path59[i2];
+      for (let i2 = path60.length - 1; i2 >= 0; --i2) {
+        const k3 = path60[i2];
         if (typeof k3 === "number" && Number.isInteger(k3) && k3 >= 0) {
           const a2 = [];
           a2[k3] = v3;
@@ -8795,7 +8923,7 @@ var require_Collection = __commonJS({
         sourceObjects: /* @__PURE__ */ new Map()
       });
     }
-    var isEmptyPath = (path59) => path59 == null || typeof path59 === "object" && !!path59[Symbol.iterator]().next().done;
+    var isEmptyPath = (path60) => path60 == null || typeof path60 === "object" && !!path60[Symbol.iterator]().next().done;
     var Collection = class extends Node.NodeBase {
       constructor(type, schema) {
         super(type);
@@ -8825,11 +8953,11 @@ var require_Collection = __commonJS({
        * be a Pair instance or a `{ key, value }` object, which may not have a key
        * that already exists in the map.
        */
-      addIn(path59, value) {
-        if (isEmptyPath(path59))
+      addIn(path60, value) {
+        if (isEmptyPath(path60))
           this.add(value);
         else {
-          const [key, ...rest] = path59;
+          const [key, ...rest] = path60;
           const node = this.get(key, true);
           if (identity.isCollection(node))
             node.addIn(rest, value);
@@ -8843,8 +8971,8 @@ var require_Collection = __commonJS({
        * Removes a value from the collection.
        * @returns `true` if the item was found and removed.
        */
-      deleteIn(path59) {
-        const [key, ...rest] = path59;
+      deleteIn(path60) {
+        const [key, ...rest] = path60;
         if (rest.length === 0)
           return this.delete(key);
         const node = this.get(key, true);
@@ -8858,8 +8986,8 @@ var require_Collection = __commonJS({
        * scalar values from their surrounding node; to disable set `keepScalar` to
        * `true` (collections are always returned intact).
        */
-      getIn(path59, keepScalar) {
-        const [key, ...rest] = path59;
+      getIn(path60, keepScalar) {
+        const [key, ...rest] = path60;
         const node = this.get(key, true);
         if (rest.length === 0)
           return !keepScalar && identity.isScalar(node) ? node.value : node;
@@ -8877,8 +9005,8 @@ var require_Collection = __commonJS({
       /**
        * Checks if the collection includes a value with the key `key`.
        */
-      hasIn(path59) {
-        const [key, ...rest] = path59;
+      hasIn(path60) {
+        const [key, ...rest] = path60;
         if (rest.length === 0)
           return this.has(key);
         const node = this.get(key, true);
@@ -8888,8 +9016,8 @@ var require_Collection = __commonJS({
        * Sets a value in this collection. For `!!set`, `value` needs to be a
        * boolean to add/remove the item from the set.
        */
-      setIn(path59, value) {
-        const [key, ...rest] = path59;
+      setIn(path60, value) {
+        const [key, ...rest] = path60;
         if (rest.length === 0) {
           this.set(key, value);
         } else {
@@ -11369,9 +11497,9 @@ var require_Document = __commonJS({
           this.contents.add(value);
       }
       /** Adds a value to the document. */
-      addIn(path59, value) {
+      addIn(path60, value) {
         if (assertCollection(this.contents))
-          this.contents.addIn(path59, value);
+          this.contents.addIn(path60, value);
       }
       /**
        * Create a new `Alias` node, ensuring that the target `node` has the required anchor.
@@ -11446,14 +11574,14 @@ var require_Document = __commonJS({
        * Removes a value from the document.
        * @returns `true` if the item was found and removed.
        */
-      deleteIn(path59) {
-        if (Collection.isEmptyPath(path59)) {
+      deleteIn(path60) {
+        if (Collection.isEmptyPath(path60)) {
           if (this.contents == null)
             return false;
           this.contents = null;
           return true;
         }
-        return assertCollection(this.contents) ? this.contents.deleteIn(path59) : false;
+        return assertCollection(this.contents) ? this.contents.deleteIn(path60) : false;
       }
       /**
        * Returns item at `key`, or `undefined` if not found. By default unwraps
@@ -11468,10 +11596,10 @@ var require_Document = __commonJS({
        * scalar values from their surrounding node; to disable set `keepScalar` to
        * `true` (collections are always returned intact).
        */
-      getIn(path59, keepScalar) {
-        if (Collection.isEmptyPath(path59))
+      getIn(path60, keepScalar) {
+        if (Collection.isEmptyPath(path60))
           return !keepScalar && identity.isScalar(this.contents) ? this.contents.value : this.contents;
-        return identity.isCollection(this.contents) ? this.contents.getIn(path59, keepScalar) : void 0;
+        return identity.isCollection(this.contents) ? this.contents.getIn(path60, keepScalar) : void 0;
       }
       /**
        * Checks if the document includes a value with the key `key`.
@@ -11482,10 +11610,10 @@ var require_Document = __commonJS({
       /**
        * Checks if the document includes a value at `path`.
        */
-      hasIn(path59) {
-        if (Collection.isEmptyPath(path59))
+      hasIn(path60) {
+        if (Collection.isEmptyPath(path60))
           return this.contents !== void 0;
-        return identity.isCollection(this.contents) ? this.contents.hasIn(path59) : false;
+        return identity.isCollection(this.contents) ? this.contents.hasIn(path60) : false;
       }
       /**
        * Sets a value in this document. For `!!set`, `value` needs to be a
@@ -11502,13 +11630,13 @@ var require_Document = __commonJS({
        * Sets a value in this document. For `!!set`, `value` needs to be a
        * boolean to add/remove the item from the set.
        */
-      setIn(path59, value) {
-        if (Collection.isEmptyPath(path59)) {
+      setIn(path60, value) {
+        if (Collection.isEmptyPath(path60)) {
           this.contents = value;
         } else if (this.contents == null) {
-          this.contents = Collection.collectionFromPath(this.schema, Array.from(path59), value);
+          this.contents = Collection.collectionFromPath(this.schema, Array.from(path60), value);
         } else if (assertCollection(this.contents)) {
-          this.contents.setIn(path59, value);
+          this.contents.setIn(path60, value);
         }
       }
       /**
@@ -13448,9 +13576,9 @@ var require_cst_visit = __commonJS({
     visit.BREAK = BREAK;
     visit.SKIP = SKIP;
     visit.REMOVE = REMOVE;
-    visit.itemAtPath = (cst, path59) => {
+    visit.itemAtPath = (cst, path60) => {
       let item = cst;
-      for (const [field, index] of path59) {
+      for (const [field, index] of path60) {
         const tok = item?.[field];
         if (tok && "items" in tok) {
           item = tok.items[index];
@@ -13459,23 +13587,23 @@ var require_cst_visit = __commonJS({
       }
       return item;
     };
-    visit.parentCollection = (cst, path59) => {
-      const parent = visit.itemAtPath(cst, path59.slice(0, -1));
-      const field = path59[path59.length - 1][0];
+    visit.parentCollection = (cst, path60) => {
+      const parent = visit.itemAtPath(cst, path60.slice(0, -1));
+      const field = path60[path60.length - 1][0];
       const coll = parent?.[field];
       if (coll && "items" in coll)
         return coll;
       throw new Error("Parent collection not found");
     };
-    function _visit(path59, item, visitor) {
-      let ctrl = visitor(item, path59);
+    function _visit(path60, item, visitor) {
+      let ctrl = visitor(item, path60);
       if (typeof ctrl === "symbol")
         return ctrl;
       for (const field of ["key", "value"]) {
         const token = item[field];
         if (token && "items" in token) {
           for (let i2 = 0; i2 < token.items.length; ++i2) {
-            const ci = _visit(Object.freeze(path59.concat([[field, i2]])), token.items[i2], visitor);
+            const ci = _visit(Object.freeze(path60.concat([[field, i2]])), token.items[i2], visitor);
             if (typeof ci === "number")
               i2 = ci - 1;
             else if (ci === BREAK)
@@ -13486,10 +13614,10 @@ var require_cst_visit = __commonJS({
             }
           }
           if (typeof ctrl === "function" && field === "key")
-            ctrl = ctrl(item, path59);
+            ctrl = ctrl(item, path60);
         }
       }
-      return typeof ctrl === "function" ? ctrl(item, path59) : ctrl;
+      return typeof ctrl === "function" ? ctrl(item, path60) : ctrl;
     }
     exports.visit = visit;
   }
@@ -16211,14 +16339,14 @@ var require_url_state_machine = __commonJS({
       return url2.replace(/\u0009|\u000A|\u000D/g, "");
     }
     function shortenPath(url2) {
-      const path59 = url2.path;
-      if (path59.length === 0) {
+      const path60 = url2.path;
+      if (path60.length === 0) {
         return;
       }
-      if (url2.scheme === "file" && path59.length === 1 && isNormalizedWindowsDriveLetter(path59[0])) {
+      if (url2.scheme === "file" && path60.length === 1 && isNormalizedWindowsDriveLetter(path60[0])) {
         return;
       }
-      path59.pop();
+      path60.pop();
     }
     function includesCredentials(url2) {
       return url2.username !== "" || url2.password !== "";
@@ -22721,25 +22849,25 @@ function kt(e3, t2, r2, o2, n2, a2) {
       m(e4);
     }
     function B2() {
-      return v3 = "closed", r2 ? L3() : z61((() => (Ge(t2) && (T2 = rt(t2), R4 = t2._state), T2 || "closed" === R4 ? c(void 0) : "erroring" === R4 || "errored" === R4 ? d(_2) : (T2 = true, l2.close()))), false, void 0), null;
+      return v3 = "closed", r2 ? L3() : z62((() => (Ge(t2) && (T2 = rt(t2), R4 = t2._state), T2 || "closed" === R4 ? c(void 0) : "erroring" === R4 || "errored" === R4 ? d(_2) : (T2 = true, l2.close()))), false, void 0), null;
     }
     function A3(e4) {
-      return w4 || (v3 = "errored", s2 = e4, o2 ? L3(true, e4) : z61((() => l2.abort(e4)), true, e4)), null;
+      return w4 || (v3 = "errored", s2 = e4, o2 ? L3(true, e4) : z62((() => l2.abort(e4)), true, e4)), null;
     }
     function j3(e4) {
-      return S2 || (R4 = "errored", _2 = e4, n2 ? L3(true, e4) : z61((() => i2.cancel(e4)), true, e4)), null;
+      return S2 || (R4 = "errored", _2 = e4, n2 ? L3(true, e4) : z62((() => i2.cancel(e4)), true, e4)), null;
     }
     if (void 0 !== a2 && (k3 = () => {
       const e4 = void 0 !== a2.reason ? a2.reason : new Wt("Aborted", "AbortError"), t3 = [];
-      o2 || t3.push((() => "writable" === R4 ? l2.abort(e4) : c(void 0))), n2 || t3.push((() => "readable" === v3 ? i2.cancel(e4) : c(void 0))), z61((() => Promise.all(t3.map(((e5) => e5())))), true, e4);
+      o2 || t3.push((() => "writable" === R4 ? l2.abort(e4) : c(void 0))), n2 || t3.push((() => "readable" === v3 ? i2.cancel(e4) : c(void 0))), z62((() => Promise.all(t3.map(((e5) => e5())))), true, e4);
     }, a2.aborted ? k3() : a2.addEventListener("abort", k3)), Vt(e3) && (v3 = e3._state, s2 = e3._storedError), Ge(t2) && (R4 = t2._state, _2 = t2._storedError, T2 = rt(t2)), Vt(e3) && Ge(t2) && (q3 = true, g2()), "errored" === v3) A3(s2);
     else if ("erroring" === R4 || "errored" === R4) j3(_2);
     else if ("closed" === v3) B2();
     else if (T2 || "closed" === R4) {
       const e4 = new TypeError("the destination writable stream closed before all data could be piped to it");
-      n2 ? L3(true, e4) : z61((() => i2.cancel(e4)), true, e4);
+      n2 ? L3(true, e4) : z62((() => i2.cancel(e4)), true, e4);
     }
-    function z61(e4, t3, r3) {
+    function z62(e4, t3, r3) {
       function o3() {
         return "writable" !== R4 || T2 ? n3() : h((function() {
           let e5;
@@ -22754,7 +22882,7 @@ function kt(e3, t2, r2, o2, n2, a2) {
       w4 || (w4 = true, q3 ? o3() : h(C3, o3));
     }
     function L3(e4, t3) {
-      z61(void 0, e4, t3);
+      z62(void 0, e4, t3);
     }
     function F3(e4, t3) {
       return S2 = true, l2.releaseLock(), i2.releaseLock(), void 0 !== a2 && a2.removeEventListener("abort", k3), e4 ? W3(t3) : P3(void 0), null;
@@ -25441,14 +25569,14 @@ __export(fileFromPath_exports, {
   fileFromPathSync: () => fileFromPathSync,
   isFile: () => isFile
 });
-function createFileFromPath(path59, { mtimeMs, size }, filenameOrOptions, options = {}) {
+function createFileFromPath(path60, { mtimeMs, size }, filenameOrOptions, options = {}) {
   let filename;
   if (isPlainObject_default2(filenameOrOptions)) {
     [options, filename] = [filenameOrOptions, void 0];
   } else {
     filename = filenameOrOptions;
   }
-  const file = new FileFromPath({ path: path59, size, lastModified: mtimeMs });
+  const file = new FileFromPath({ path: path60, size, lastModified: mtimeMs });
   if (!filename) {
     filename = file.name;
   }
@@ -25457,13 +25585,13 @@ function createFileFromPath(path59, { mtimeMs, size }, filenameOrOptions, option
     lastModified: file.lastModified
   });
 }
-function fileFromPathSync(path59, filenameOrOptions, options = {}) {
-  const stats = statSync(path59);
-  return createFileFromPath(path59, stats, filenameOrOptions, options);
+function fileFromPathSync(path60, filenameOrOptions, options = {}) {
+  const stats = statSync(path60);
+  return createFileFromPath(path60, stats, filenameOrOptions, options);
 }
-async function fileFromPath2(path59, filenameOrOptions, options) {
-  const stats = await promises.stat(path59);
-  return createFileFromPath(path59, stats, filenameOrOptions, options);
+async function fileFromPath2(path60, filenameOrOptions, options) {
+  const stats = await promises.stat(path60);
+  return createFileFromPath(path60, stats, filenameOrOptions, options);
 }
 var import_node_domexception, __classPrivateFieldSet4, __classPrivateFieldGet5, _FileFromPath_path, _FileFromPath_start, MESSAGE, FileFromPath;
 var init_fileFromPath = __esm({
@@ -32919,7 +33047,7 @@ var require_bot = __commonJS({
         } else
           debugErr(error2);
         debugErr(`Call to getUpdates failed, retrying in ${sleepSeconds} seconds ...`);
-        await sleep4(sleepSeconds);
+        await sleep5(sleepSeconds);
       }
     };
     exports.Bot = Bot3;
@@ -32939,7 +33067,7 @@ var require_bot = __commonJS({
           } else if (error2.error_code === 429) {
             const retryAfter = error2.parameters.retry_after;
             if (typeof retryAfter === "number") {
-              await sleep4(retryAfter, signal);
+              await sleep5(retryAfter, signal);
               lastDelay = INITIAL_DELAY;
             } else {
               delay = true;
@@ -32949,7 +33077,7 @@ var require_bot = __commonJS({
         }
         if (delay) {
           if (lastDelay !== INITIAL_DELAY) {
-            await sleep4(lastDelay, signal);
+            await sleep5(lastDelay, signal);
           }
           const TWENTY_MINUTES = 20 * 60 * 1e3;
           lastDelay = Math.min(TWENTY_MINUTES, 2 * lastDelay);
@@ -32973,7 +33101,7 @@ var require_bot = __commonJS({
       }
       return result.value;
     }
-    async function sleep4(seconds, signal) {
+    async function sleep5(seconds, signal) {
       let handle2;
       let reject;
       function abort() {
@@ -41595,8 +41723,8 @@ var require_utils2 = __commonJS({
       }
       return ind;
     }
-    function removeDotSegments(path59) {
-      let input = path59;
+    function removeDotSegments(path60) {
+      let input = path60;
       const output = [];
       let nextSlash = -1;
       let len = 0;
@@ -41847,8 +41975,8 @@ var require_schemes = __commonJS({
         wsComponent.secure = void 0;
       }
       if (wsComponent.resourceName) {
-        const [path59, query] = wsComponent.resourceName.split("?");
-        wsComponent.path = path59 && path59 !== "/" ? path59 : void 0;
+        const [path60, query] = wsComponent.resourceName.split("?");
+        wsComponent.path = path60 && path60 !== "/" ? path60 : void 0;
         wsComponent.query = query;
         wsComponent.resourceName = void 0;
       }
@@ -46006,7 +46134,7 @@ var require_windows = __commonJS({
     module.exports = isexe;
     isexe.sync = sync;
     var fs43 = __require("fs");
-    function checkPathExt(path59, options) {
+    function checkPathExt(path60, options) {
       var pathext = options.pathExt !== void 0 ? options.pathExt : process.env.PATHEXT;
       if (!pathext) {
         return true;
@@ -46017,25 +46145,25 @@ var require_windows = __commonJS({
       }
       for (var i2 = 0; i2 < pathext.length; i2++) {
         var p3 = pathext[i2].toLowerCase();
-        if (p3 && path59.substr(-p3.length).toLowerCase() === p3) {
+        if (p3 && path60.substr(-p3.length).toLowerCase() === p3) {
           return true;
         }
       }
       return false;
     }
-    function checkStat(stat, path59, options) {
-      if (!stat.isSymbolicLink() && !stat.isFile()) {
+    function checkStat(stat2, path60, options) {
+      if (!stat2.isSymbolicLink() && !stat2.isFile()) {
         return false;
       }
-      return checkPathExt(path59, options);
+      return checkPathExt(path60, options);
     }
-    function isexe(path59, options, cb) {
-      fs43.stat(path59, function(er2, stat) {
-        cb(er2, er2 ? false : checkStat(stat, path59, options));
+    function isexe(path60, options, cb) {
+      fs43.stat(path60, function(er2, stat2) {
+        cb(er2, er2 ? false : checkStat(stat2, path60, options));
       });
     }
-    function sync(path59, options) {
-      return checkStat(fs43.statSync(path59), path59, options);
+    function sync(path60, options) {
+      return checkStat(fs43.statSync(path60), path60, options);
     }
   }
 });
@@ -46046,21 +46174,21 @@ var require_mode = __commonJS({
     module.exports = isexe;
     isexe.sync = sync;
     var fs43 = __require("fs");
-    function isexe(path59, options, cb) {
-      fs43.stat(path59, function(er2, stat) {
-        cb(er2, er2 ? false : checkStat(stat, options));
+    function isexe(path60, options, cb) {
+      fs43.stat(path60, function(er2, stat2) {
+        cb(er2, er2 ? false : checkStat(stat2, options));
       });
     }
-    function sync(path59, options) {
-      return checkStat(fs43.statSync(path59), options);
+    function sync(path60, options) {
+      return checkStat(fs43.statSync(path60), options);
     }
-    function checkStat(stat, options) {
-      return stat.isFile() && checkMode(stat, options);
+    function checkStat(stat2, options) {
+      return stat2.isFile() && checkMode(stat2, options);
     }
-    function checkMode(stat, options) {
-      var mod = stat.mode;
-      var uid = stat.uid;
-      var gid = stat.gid;
+    function checkMode(stat2, options) {
+      var mod = stat2.mode;
+      var uid = stat2.uid;
+      var gid = stat2.gid;
       var myUid = options.uid !== void 0 ? options.uid : process.getuid && process.getuid();
       var myGid = options.gid !== void 0 ? options.gid : process.getgid && process.getgid();
       var u2 = parseInt("100", 8);
@@ -46085,7 +46213,7 @@ var require_isexe = __commonJS({
     }
     module.exports = isexe;
     isexe.sync = sync;
-    function isexe(path59, options, cb) {
+    function isexe(path60, options, cb) {
       if (typeof options === "function") {
         cb = options;
         options = {};
@@ -46095,7 +46223,7 @@ var require_isexe = __commonJS({
           throw new TypeError("callback not provided");
         }
         return new Promise(function(resolve12, reject) {
-          isexe(path59, options || {}, function(er2, is) {
+          isexe(path60, options || {}, function(er2, is) {
             if (er2) {
               reject(er2);
             } else {
@@ -46104,7 +46232,7 @@ var require_isexe = __commonJS({
           });
         });
       }
-      core(path59, options || {}, function(er2, is) {
+      core(path60, options || {}, function(er2, is) {
         if (er2) {
           if (er2.code === "EACCES" || options && options.ignoreErrors) {
             er2 = null;
@@ -46114,9 +46242,9 @@ var require_isexe = __commonJS({
         cb(er2, is);
       });
     }
-    function sync(path59, options) {
+    function sync(path60, options) {
       try {
-        return core.sync(path59, options || {});
+        return core.sync(path60, options || {});
       } catch (er2) {
         if (options && options.ignoreErrors || er2.code === "EACCES") {
           return false;
@@ -46132,7 +46260,7 @@ var require_isexe = __commonJS({
 var require_which = __commonJS({
   "../../node_modules/.pnpm/which@2.0.2/node_modules/which/which.js"(exports, module) {
     var isWindows3 = process.platform === "win32" || process.env.OSTYPE === "cygwin" || process.env.OSTYPE === "msys";
-    var path59 = __require("path");
+    var path60 = __require("path");
     var COLON = isWindows3 ? ";" : ":";
     var isexe = require_isexe();
     var getNotFoundError = (cmd) => Object.assign(new Error(`not found: ${cmd}`), { code: "ENOENT" });
@@ -46170,7 +46298,7 @@ var require_which = __commonJS({
           return opt.all && found.length ? resolve12(found) : reject(getNotFoundError(cmd));
         const ppRaw = pathEnv[i2];
         const pathPart = /^".*"$/.test(ppRaw) ? ppRaw.slice(1, -1) : ppRaw;
-        const pCmd = path59.join(pathPart, cmd);
+        const pCmd = path60.join(pathPart, cmd);
         const p3 = !pathPart && /^\.[\\\/]/.test(cmd) ? cmd.slice(0, 2) + pCmd : pCmd;
         resolve12(subStep(p3, i2, 0));
       });
@@ -46197,7 +46325,7 @@ var require_which = __commonJS({
       for (let i2 = 0; i2 < pathEnv.length; i2++) {
         const ppRaw = pathEnv[i2];
         const pathPart = /^".*"$/.test(ppRaw) ? ppRaw.slice(1, -1) : ppRaw;
-        const pCmd = path59.join(pathPart, cmd);
+        const pCmd = path60.join(pathPart, cmd);
         const p3 = !pathPart && /^\.[\\\/]/.test(cmd) ? cmd.slice(0, 2) + pCmd : pCmd;
         for (let j3 = 0; j3 < pathExt.length; j3++) {
           const cur = p3 + pathExt[j3];
@@ -46243,7 +46371,7 @@ var require_path_key = __commonJS({
 // ../../node_modules/.pnpm/cross-spawn@7.0.6/node_modules/cross-spawn/lib/util/resolveCommand.js
 var require_resolveCommand = __commonJS({
   "../../node_modules/.pnpm/cross-spawn@7.0.6/node_modules/cross-spawn/lib/util/resolveCommand.js"(exports, module) {
-    var path59 = __require("path");
+    var path60 = __require("path");
     var which = require_which();
     var getPathKey = require_path_key();
     function resolveCommandAttempt(parsed, withoutPathExt) {
@@ -46261,7 +46389,7 @@ var require_resolveCommand = __commonJS({
       try {
         resolved = which.sync(parsed.command, {
           path: env3[getPathKey({ env: env3 })],
-          pathExt: withoutPathExt ? path59.delimiter : void 0
+          pathExt: withoutPathExt ? path60.delimiter : void 0
         });
       } catch (e3) {
       } finally {
@@ -46270,7 +46398,7 @@ var require_resolveCommand = __commonJS({
         }
       }
       if (resolved) {
-        resolved = path59.resolve(hasCustomCwd ? parsed.options.cwd : "", resolved);
+        resolved = path60.resolve(hasCustomCwd ? parsed.options.cwd : "", resolved);
       }
       return resolved;
     }
@@ -46321,8 +46449,8 @@ var require_shebang_command = __commonJS({
       if (!match) {
         return null;
       }
-      const [path59, argument] = match[0].replace(/#! ?/, "").split(" ");
-      const binary = path59.split("/").pop();
+      const [path60, argument] = match[0].replace(/#! ?/, "").split(" ");
+      const binary = path60.split("/").pop();
       if (binary === "env") {
         return argument;
       }
@@ -46355,7 +46483,7 @@ var require_readShebang = __commonJS({
 // ../../node_modules/.pnpm/cross-spawn@7.0.6/node_modules/cross-spawn/lib/parse.js
 var require_parse = __commonJS({
   "../../node_modules/.pnpm/cross-spawn@7.0.6/node_modules/cross-spawn/lib/parse.js"(exports, module) {
-    var path59 = __require("path");
+    var path60 = __require("path");
     var resolveCommand = require_resolveCommand();
     var escape4 = require_escape();
     var readShebang = require_readShebang();
@@ -46380,7 +46508,7 @@ var require_parse = __commonJS({
       const needsShell = !isExecutableRegExp.test(commandFile);
       if (parsed.options.forceShell || needsShell) {
         const needsDoubleEscapeMetaChars = isCmdShimRegExp.test(commandFile);
-        parsed.command = path59.normalize(parsed.command);
+        parsed.command = path60.normalize(parsed.command);
         parsed.command = escape4.command(parsed.command);
         parsed.args = parsed.args.map((arg) => escape4.argument(arg, needsDoubleEscapeMetaChars));
         const shellCommand = [parsed.command].concat(parsed.args).join(" ");
@@ -46974,11 +47102,11 @@ var init_dist3 = __esm({
             return;
           }
           const decoder = new TextDecoder(), reader = body.getReader();
-          let open = true;
+          let open2 = true;
           do {
             const { done, value } = await reader.read();
-            value && __privateGet(this, _parser).feed(decoder.decode(value, { stream: !done })), done && (open = false, __privateGet(this, _parser).reset(), __privateMethod(this, _EventSource_instances, scheduleReconnect_fn).call(this));
-          } while (open);
+            value && __privateGet(this, _parser).feed(decoder.decode(value, { stream: !done })), done && (open2 = false, __privateGet(this, _parser).reset(), __privateMethod(this, _EventSource_instances, scheduleReconnect_fn).call(this));
+          } while (open2);
         }), __privateAdd(this, _onFetchError, (err) => {
           __privateSet(this, _controller, void 0), !(err.name === "AbortError" || err.type === "aborted") && __privateMethod(this, _EventSource_instances, scheduleReconnect_fn).call(this, flattenError(err));
         }), __privateAdd(this, _onEvent, (event) => {
@@ -49505,10 +49633,10 @@ var require_react_production_min = __commonJS({
     var w4 = /* @__PURE__ */ Symbol.for("react.suspense");
     var x4 = /* @__PURE__ */ Symbol.for("react.memo");
     var y2 = /* @__PURE__ */ Symbol.for("react.lazy");
-    var z61 = Symbol.iterator;
+    var z62 = Symbol.iterator;
     function A3(a2) {
       if (null === a2 || "object" !== typeof a2) return null;
-      a2 = z61 && a2[z61] || a2["@@iterator"];
+      a2 = z62 && a2[z62] || a2["@@iterator"];
       return "function" === typeof a2 ? a2 : null;
     }
     var B2 = { isMounted: function() {
@@ -52315,7 +52443,7 @@ var init_yoga_wasm_base64_esm = __esm({
         h3.noExitRuntime || true;
         "object" != typeof WebAssembly && x4("no native wasm support detected");
         var fa, ha = false;
-        function z61(a2, b3, c2) {
+        function z62(a2, b3, c2) {
           c2 = b3 + c2;
           for (var d2 = ""; !(b3 >= c2); ) {
             var e3 = a2[b3++];
@@ -52965,7 +53093,7 @@ var init_yoga_wasm_base64_esm = __esm({
           return b3;
         }, Jb = {
           l: function(a2, b3, c2, d2) {
-            x4("Assertion failed: " + (a2 ? z61(A3, a2) : "") + ", at: " + [b3 ? b3 ? z61(A3, b3) : "" : "unknown filename", c2, d2 ? d2 ? z61(A3, d2) : "" : "unknown function"]);
+            x4("Assertion failed: " + (a2 ? z62(A3, a2) : "") + ", at: " + [b3 ? b3 ? z62(A3, b3) : "" : "unknown filename", c2, d2 ? d2 ? z62(A3, d2) : "" : "unknown function"]);
           },
           q: function(a2, b3, c2) {
             a2 = N2(a2);
@@ -53218,7 +53346,7 @@ var init_yoga_wasm_base64_esm = __esm({
               if (c2) for (var g2 = f3, k3 = 0; k3 <= e3; ++k3) {
                 var m3 = f3 + k3;
                 if (k3 == e3 || 0 == A3[m3]) {
-                  g2 = g2 ? z61(A3, g2, m3 - g2) : "";
+                  g2 = g2 ? z62(A3, g2, m3 - g2) : "";
                   if (void 0 === l2) var l2 = g2;
                   else l2 += String.fromCharCode(0), l2 += g2;
                   g2 = m3 + 1;
@@ -53415,7 +53543,7 @@ var init_yoga_wasm_base64_esm = __esm({
               b3 += 8;
               for (var m3 = 0; m3 < k3; m3++) {
                 var l2 = A3[g2 + m3], n2 = Fb[a2];
-                0 === l2 || 10 === l2 ? ((1 === a2 ? ea : v3)(z61(n2, 0)), n2.length = 0) : n2.push(l2);
+                0 === l2 || 10 === l2 ? ((1 === a2 ? ea : v3)(z62(n2, 0)), n2.length = 0) : n2.push(l2);
               }
               e3 += k3;
             }
@@ -53903,7 +54031,7 @@ var require_scheduler_production_min = __commonJS({
     var u2 = 1;
     var v3 = null;
     var y2 = 3;
-    var z61 = false;
+    var z62 = false;
     var A3 = false;
     var B2 = false;
     var D3 = "function" === typeof setTimeout ? setTimeout : null;
@@ -53930,7 +54058,7 @@ var require_scheduler_production_min = __commonJS({
     function J2(a2, b3) {
       A3 = false;
       B2 && (B2 = false, E3(L3), L3 = -1);
-      z61 = true;
+      z62 = true;
       var c2 = y2;
       try {
         G3(b3);
@@ -53954,7 +54082,7 @@ var require_scheduler_production_min = __commonJS({
         }
         return w4;
       } finally {
-        v3 = null, y2 = c2, z61 = false;
+        v3 = null, y2 = c2, z62 = false;
       }
     }
     var N2 = false;
@@ -54011,7 +54139,7 @@ var require_scheduler_production_min = __commonJS({
       a2.callback = null;
     };
     exports.unstable_continueExecution = function() {
-      A3 || z61 || (A3 = true, I2(J2));
+      A3 || z62 || (A3 = true, I2(J2));
     };
     exports.unstable_forceFrameRate = function(a2) {
       0 > a2 || 125 < a2 ? console.error("forceFrameRate takes a positive int between 0 and 125, forcing frame rates higher than 125 fps is not supported") : P3 = 0 < a2 ? Math.floor(1e3 / a2) : 5;
@@ -54084,7 +54212,7 @@ var require_scheduler_production_min = __commonJS({
       }
       e3 = c2 + e3;
       a2 = { id: u2++, callback: b3, priorityLevel: a2, startTime: c2, expirationTime: e3, sortIndex: -1 };
-      c2 > d2 ? (a2.sortIndex = c2, f3(t2, a2), null === h3(r2) && a2 === h3(t2) && (B2 ? (E3(L3), L3 = -1) : B2 = true, K4(H3, c2 - d2))) : (a2.sortIndex = e3, f3(r2, a2), A3 || z61 || (A3 = true, I2(J2)));
+      c2 > d2 ? (a2.sortIndex = c2, f3(t2, a2), null === h3(r2) && a2 === h3(t2) && (B2 ? (E3(L3), L3 = -1) : B2 = true, K4(H3, c2 - d2))) : (a2.sortIndex = e3, f3(r2, a2), A3 || z62 || (A3 = true, I2(J2)));
       return a2;
     };
     exports.unstable_shouldYield = M2;
@@ -54841,7 +54969,7 @@ var require_react_reconciler_production_min = __commonJS({
         gc[hc] = a2.current;
         a2.current = b3;
       }
-      var jc = {}, x4 = ic(jc), z61 = ic(false), kc = jc;
+      var jc = {}, x4 = ic(jc), z62 = ic(false), kc = jc;
       function mc(a2, b3) {
         var c2 = a2.type.contextTypes;
         if (!c2) return jc;
@@ -54857,13 +54985,13 @@ var require_react_reconciler_production_min = __commonJS({
         return null !== a2 && void 0 !== a2;
       }
       function nc() {
-        q3(z61);
+        q3(z62);
         q3(x4);
       }
       function oc(a2, b3, c2) {
         if (x4.current !== jc) throw Error(n2(168));
         v3(x4, b3);
-        v3(z61, c2);
+        v3(z62, c2);
       }
       function pc(a2, b3, c2) {
         var d2 = a2.stateNode;
@@ -54877,14 +55005,14 @@ var require_react_reconciler_production_min = __commonJS({
         a2 = (a2 = a2.stateNode) && a2.__reactInternalMemoizedMergedChildContext || jc;
         kc = x4.current;
         v3(x4, a2);
-        v3(z61, z61.current);
+        v3(z62, z62.current);
         return true;
       }
       function rc(a2, b3, c2) {
         var d2 = a2.stateNode;
         if (!d2) throw Error(n2(169));
-        c2 ? (a2 = pc(a2, b3, kc), d2.__reactInternalMemoizedMergedChildContext = a2, q3(z61), q3(x4), v3(x4, a2)) : q3(z61);
-        v3(z61, c2);
+        c2 ? (a2 = pc(a2, b3, kc), d2.__reactInternalMemoizedMergedChildContext = a2, q3(z62), q3(x4), v3(x4, a2)) : q3(z62);
+        v3(z62, c2);
       }
       var tc = Math.clz32 ? Math.clz32 : sc, uc = Math.log, vc = Math.LN2;
       function sc(a2) {
@@ -56482,7 +56610,7 @@ var require_react_reconciler_production_min = __commonJS({
           g2.state = p3;
           ke2(b3, d2, g2, e3);
           k3 = b3.memoizedState;
-          h3 !== d2 || p3 !== k3 || z61.current || de2 ? ("function" === typeof m3 && (yf(b3, c2, m3, d2), k3 = b3.memoizedState), (h3 = de2 || Af(b3, c2, h3, d2, p3, k3, l2)) ? (r2 || "function" !== typeof g2.UNSAFE_componentWillMount && "function" !== typeof g2.componentWillMount || ("function" === typeof g2.componentWillMount && g2.componentWillMount(), "function" === typeof g2.UNSAFE_componentWillMount && g2.UNSAFE_componentWillMount()), "function" === typeof g2.componentDidMount && (b3.flags |= 4194308)) : ("function" === typeof g2.componentDidMount && (b3.flags |= 4194308), b3.memoizedProps = d2, b3.memoizedState = k3), g2.props = d2, g2.state = k3, g2.context = l2, d2 = h3) : ("function" === typeof g2.componentDidMount && (b3.flags |= 4194308), d2 = false);
+          h3 !== d2 || p3 !== k3 || z62.current || de2 ? ("function" === typeof m3 && (yf(b3, c2, m3, d2), k3 = b3.memoizedState), (h3 = de2 || Af(b3, c2, h3, d2, p3, k3, l2)) ? (r2 || "function" !== typeof g2.UNSAFE_componentWillMount && "function" !== typeof g2.componentWillMount || ("function" === typeof g2.componentWillMount && g2.componentWillMount(), "function" === typeof g2.UNSAFE_componentWillMount && g2.UNSAFE_componentWillMount()), "function" === typeof g2.componentDidMount && (b3.flags |= 4194308)) : ("function" === typeof g2.componentDidMount && (b3.flags |= 4194308), b3.memoizedProps = d2, b3.memoizedState = k3), g2.props = d2, g2.state = k3, g2.context = l2, d2 = h3) : ("function" === typeof g2.componentDidMount && (b3.flags |= 4194308), d2 = false);
         } else {
           g2 = b3.stateNode;
           fe2(a2, b3);
@@ -56500,7 +56628,7 @@ var require_react_reconciler_production_min = __commonJS({
           g2.state = p3;
           ke2(b3, d2, g2, e3);
           var w4 = b3.memoizedState;
-          h3 !== r2 || p3 !== w4 || z61.current || de2 ? ("function" === typeof B2 && (yf(b3, c2, B2, d2), w4 = b3.memoizedState), (l2 = de2 || Af(b3, c2, l2, d2, p3, w4, k3) || false) ? (m3 || "function" !== typeof g2.UNSAFE_componentWillUpdate && "function" !== typeof g2.componentWillUpdate || ("function" === typeof g2.componentWillUpdate && g2.componentWillUpdate(d2, w4, k3), "function" === typeof g2.UNSAFE_componentWillUpdate && g2.UNSAFE_componentWillUpdate(d2, w4, k3)), "function" === typeof g2.componentDidUpdate && (b3.flags |= 4), "function" === typeof g2.getSnapshotBeforeUpdate && (b3.flags |= 1024)) : ("function" !== typeof g2.componentDidUpdate || h3 === a2.memoizedProps && p3 === a2.memoizedState || (b3.flags |= 4), "function" !== typeof g2.getSnapshotBeforeUpdate || h3 === a2.memoizedProps && p3 === a2.memoizedState || (b3.flags |= 1024), b3.memoizedProps = d2, b3.memoizedState = w4), g2.props = d2, g2.state = w4, g2.context = k3, d2 = l2) : ("function" !== typeof g2.componentDidUpdate || h3 === a2.memoizedProps && p3 === a2.memoizedState || (b3.flags |= 4), "function" !== typeof g2.getSnapshotBeforeUpdate || h3 === a2.memoizedProps && p3 === a2.memoizedState || (b3.flags |= 1024), d2 = false);
+          h3 !== r2 || p3 !== w4 || z62.current || de2 ? ("function" === typeof B2 && (yf(b3, c2, B2, d2), w4 = b3.memoizedState), (l2 = de2 || Af(b3, c2, l2, d2, p3, w4, k3) || false) ? (m3 || "function" !== typeof g2.UNSAFE_componentWillUpdate && "function" !== typeof g2.componentWillUpdate || ("function" === typeof g2.componentWillUpdate && g2.componentWillUpdate(d2, w4, k3), "function" === typeof g2.UNSAFE_componentWillUpdate && g2.UNSAFE_componentWillUpdate(d2, w4, k3)), "function" === typeof g2.componentDidUpdate && (b3.flags |= 4), "function" === typeof g2.getSnapshotBeforeUpdate && (b3.flags |= 1024)) : ("function" !== typeof g2.componentDidUpdate || h3 === a2.memoizedProps && p3 === a2.memoizedState || (b3.flags |= 4), "function" !== typeof g2.getSnapshotBeforeUpdate || h3 === a2.memoizedProps && p3 === a2.memoizedState || (b3.flags |= 1024), b3.memoizedProps = d2, b3.memoizedState = w4), g2.props = d2, g2.state = w4, g2.context = k3, d2 = l2) : ("function" !== typeof g2.componentDidUpdate || h3 === a2.memoizedProps && p3 === a2.memoizedState || (b3.flags |= 4), "function" !== typeof g2.getSnapshotBeforeUpdate || h3 === a2.memoizedProps && p3 === a2.memoizedState || (b3.flags |= 1024), d2 = false);
         }
         return dg(a2, b3, c2, d2, f3, e3);
       }
@@ -56969,7 +57097,7 @@ var require_react_reconciler_production_min = __commonJS({
           case 3:
             c2 = b3.stateNode;
             te3();
-            q3(z61);
+            q3(z62);
             q3(x4);
             ye3();
             c2.pendingContext && (c2.context = c2.pendingContext, c2.pendingContext = null);
@@ -57112,7 +57240,7 @@ var require_react_reconciler_production_min = __commonJS({
           case 1:
             return A3(b3.type) && nc(), a2 = b3.flags, a2 & 65536 ? (b3.flags = a2 & -65537 | 128, b3) : null;
           case 3:
-            return te3(), q3(z61), q3(x4), ye3(), a2 = b3.flags, 0 !== (a2 & 65536) && 0 === (a2 & 128) ? (b3.flags = a2 & -65537 | 128, b3) : null;
+            return te3(), q3(z62), q3(x4), ye3(), a2 = b3.flags, 0 !== (a2 & 65536) && 0 === (a2 & 128) ? (b3.flags = a2 & -65537 | 128, b3) : null;
           case 5:
             return ve2(b3), null;
           case 13:
@@ -58167,7 +58295,7 @@ var require_react_reconciler_production_min = __commonJS({
               break;
             case 3:
               te3();
-              q3(z61);
+              q3(z62);
               q3(x4);
               ye3();
               break;
@@ -58644,7 +58772,7 @@ var require_react_reconciler_production_min = __commonJS({
       }
       var ai;
       ai = function(a2, b3, c2) {
-        if (null !== a2) if (a2.memoizedProps !== b3.pendingProps || z61.current) G3 = true;
+        if (null !== a2) if (a2.memoizedProps !== b3.pendingProps || z62.current) G3 = true;
         else {
           if (0 === (a2.lanes & c2) && 0 === (b3.flags & 128)) return G3 = false, sg(a2, b3, c2);
           G3 = 0 !== (a2.flags & 131072) ? true : false;
@@ -58753,7 +58881,7 @@ var require_react_reconciler_production_min = __commonJS({
               g2 = e3.value;
               Vd(b3, d2, g2);
               if (null !== f3) if (Vc(f3.value, g2)) {
-                if (f3.children === e3.children && !z61.current) {
+                if (f3.children === e3.children && !z62.current) {
                   b3 = Tf(a2, b3, c2);
                   break a;
                 }
@@ -74168,10 +74296,10 @@ var require_react_reconciler_development = __commonJS({
         var setErrorHandler = null;
         var setSuspenseHandler = null;
         {
-          var copyWithDeleteImpl = function(obj, path59, index2) {
-            var key = path59[index2];
+          var copyWithDeleteImpl = function(obj, path60, index2) {
+            var key = path60[index2];
             var updated = isArray(obj) ? obj.slice() : assign({}, obj);
-            if (index2 + 1 === path59.length) {
+            if (index2 + 1 === path60.length) {
               if (isArray(updated)) {
                 updated.splice(key, 1);
               } else {
@@ -74179,11 +74307,11 @@ var require_react_reconciler_development = __commonJS({
               }
               return updated;
             }
-            updated[key] = copyWithDeleteImpl(obj[key], path59, index2 + 1);
+            updated[key] = copyWithDeleteImpl(obj[key], path60, index2 + 1);
             return updated;
           };
-          var copyWithDelete = function(obj, path59) {
-            return copyWithDeleteImpl(obj, path59, 0);
+          var copyWithDelete = function(obj, path60) {
+            return copyWithDeleteImpl(obj, path60, 0);
           };
           var copyWithRenameImpl = function(obj, oldPath, newPath, index2) {
             var oldKey = oldPath[index2];
@@ -74221,17 +74349,17 @@ var require_react_reconciler_development = __commonJS({
             }
             return copyWithRenameImpl(obj, oldPath, newPath, 0);
           };
-          var copyWithSetImpl = function(obj, path59, index2, value) {
-            if (index2 >= path59.length) {
+          var copyWithSetImpl = function(obj, path60, index2, value) {
+            if (index2 >= path60.length) {
               return value;
             }
-            var key = path59[index2];
+            var key = path60[index2];
             var updated = isArray(obj) ? obj.slice() : assign({}, obj);
-            updated[key] = copyWithSetImpl(obj[key], path59, index2 + 1, value);
+            updated[key] = copyWithSetImpl(obj[key], path60, index2 + 1, value);
             return updated;
           };
-          var copyWithSet = function(obj, path59, value) {
-            return copyWithSetImpl(obj, path59, 0, value);
+          var copyWithSet = function(obj, path60, value) {
+            return copyWithSetImpl(obj, path60, 0, value);
           };
           var findHook = function(fiber, id) {
             var currentHook2 = fiber.memoizedState;
@@ -74241,10 +74369,10 @@ var require_react_reconciler_development = __commonJS({
             }
             return currentHook2;
           };
-          overrideHookState = function(fiber, id, path59, value) {
+          overrideHookState = function(fiber, id, path60, value) {
             var hook = findHook(fiber, id);
             if (hook !== null) {
-              var newState = copyWithSet(hook.memoizedState, path59, value);
+              var newState = copyWithSet(hook.memoizedState, path60, value);
               hook.memoizedState = newState;
               hook.baseState = newState;
               fiber.memoizedProps = assign({}, fiber.memoizedProps);
@@ -74254,10 +74382,10 @@ var require_react_reconciler_development = __commonJS({
               }
             }
           };
-          overrideHookStateDeletePath = function(fiber, id, path59) {
+          overrideHookStateDeletePath = function(fiber, id, path60) {
             var hook = findHook(fiber, id);
             if (hook !== null) {
-              var newState = copyWithDelete(hook.memoizedState, path59);
+              var newState = copyWithDelete(hook.memoizedState, path60);
               hook.memoizedState = newState;
               hook.baseState = newState;
               fiber.memoizedProps = assign({}, fiber.memoizedProps);
@@ -74280,8 +74408,8 @@ var require_react_reconciler_development = __commonJS({
               }
             }
           };
-          overrideProps = function(fiber, path59, value) {
-            fiber.pendingProps = copyWithSet(fiber.memoizedProps, path59, value);
+          overrideProps = function(fiber, path60, value) {
+            fiber.pendingProps = copyWithSet(fiber.memoizedProps, path60, value);
             if (fiber.alternate) {
               fiber.alternate.pendingProps = fiber.pendingProps;
             }
@@ -74290,8 +74418,8 @@ var require_react_reconciler_development = __commonJS({
               scheduleUpdateOnFiber(root, fiber, SyncLane, NoTimestamp);
             }
           };
-          overridePropsDeletePath = function(fiber, path59) {
-            fiber.pendingProps = copyWithDelete(fiber.memoizedProps, path59);
+          overridePropsDeletePath = function(fiber, path60) {
+            fiber.pendingProps = copyWithDelete(fiber.memoizedProps, path60);
             if (fiber.alternate) {
               fiber.alternate.pendingProps = fiber.pendingProps;
             }
@@ -78818,7 +78946,7 @@ var require_stream = __commonJS({
       };
       duplex._final = function(callback) {
         if (ws.readyState === ws.CONNECTING) {
-          ws.once("open", function open() {
+          ws.once("open", function open2() {
             duplex._final(callback);
           });
           return;
@@ -78839,7 +78967,7 @@ var require_stream = __commonJS({
       };
       duplex._write = function(chunk, encoding, callback) {
         if (ws.readyState === ws.CONNECTING) {
-          ws.once("open", function open() {
+          ws.once("open", function open2() {
             duplex._write(chunk, encoding, callback);
           });
           return;
@@ -80204,18 +80332,18 @@ var init_source = __esm({
         }
       }
     });
-    createStyler = (open, close, parent) => {
+    createStyler = (open2, close, parent) => {
       let openAll;
       let closeAll;
       if (parent === void 0) {
-        openAll = open;
+        openAll = open2;
         closeAll = close;
       } else {
-        openAll = parent.openAll + open;
+        openAll = parent.openAll + open2;
         closeAll = close + parent.closeAll;
       }
       return {
-        open,
+        open: open2,
         close,
         openAll,
         closeAll,
@@ -81733,8 +81861,8 @@ var init_ErrorOverview = __esm({
     init_dist7();
     init_Box();
     init_Text();
-    cleanupPath = (path59) => {
-      return path59?.replace(`file://${cwd()}/`, "");
+    cleanupPath = (path60) => {
+      return path60?.replace(`file://${cwd()}/`, "");
     };
     stackUtils = new import_stack_utils.default({
       cwd: cwd(),
@@ -86081,8 +86209,8 @@ function readClipboardImageDarwin() {
     return null;
   }
   try {
-    const stat = statSync(target);
-    if (stat.size === 0) {
+    const stat2 = statSync(target);
+    if (stat2.size === 0) {
       unlinkSync(target);
       return null;
     }
@@ -88412,7 +88540,6 @@ var init_SessionView = __esm({
         const ctrl = turn.turnControllerRef.current;
         if (ctrl && !ctrl.signal.aborted)
           ctrl.abort("user reset");
-        session.log.clear();
         setOverlay(null);
         for (const p3 of permissions.pendingPermissions) {
           p3.resolve({ mode: "deny", reason: "/new \u2014 session reset" });
@@ -88423,8 +88550,18 @@ var init_SessionView = __esm({
         setYolo(false);
         turn.queueRef.current = [];
         turn.setQueueCount(0);
-        if (notice)
-          setSystemNotice(notice);
+        if (typeof session.reset === "function") {
+          void session.reset().then(() => {
+            if (notice)
+              setSystemNotice(notice);
+          }, (err) => {
+            setSystemNotice(`/new failed: ${err instanceof Error ? err.message : String(err)} \u2014 history NOT cleared`);
+          });
+        } else {
+          session.log.clear();
+          if (notice)
+            setSystemNotice(notice);
+        }
       };
       const handleSubmit = async (text) => {
         setSystemNotice(null);
@@ -90202,11 +90339,11 @@ var require_dijkstra = __commonJS({
         var predecessors = {};
         var costs = {};
         costs[s2] = 0;
-        var open = dijkstra.PriorityQueue.make();
-        open.push(s2, 0);
+        var open2 = dijkstra.PriorityQueue.make();
+        open2.push(s2, 0);
         var closest, u2, v3, cost_of_s_to_u, adjacent_nodes, cost_of_e, cost_of_s_to_u_plus_cost_of_e, cost_of_s_to_v, first_visit;
-        while (!open.empty()) {
-          closest = open.pop();
+        while (!open2.empty()) {
+          closest = open2.pop();
           u2 = closest.value;
           cost_of_s_to_u = closest.cost;
           adjacent_nodes = graph[u2] || {};
@@ -90218,7 +90355,7 @@ var require_dijkstra = __commonJS({
               first_visit = typeof costs[v3] === "undefined";
               if (first_visit || cost_of_s_to_v > cost_of_s_to_u_plus_cost_of_e) {
                 costs[v3] = cost_of_s_to_u_plus_cost_of_e;
-                open.push(v3, cost_of_s_to_u_plus_cost_of_e);
+                open2.push(v3, cost_of_s_to_u_plus_cost_of_e);
                 predecessors[v3] = u2;
               }
             }
@@ -90464,10 +90601,10 @@ var require_segments = __commonJS({
       const segs = getSegmentsFromString(data, Utils.isKanjiModeEnabled());
       const nodes = buildNodes(segs);
       const graph = buildGraph(nodes, version);
-      const path59 = dijkstra.find_path(graph.map, "start", "end");
+      const path60 = dijkstra.find_path(graph.map, "start", "end");
       const optimizedSegs = [];
-      for (let i2 = 1; i2 < path59.length - 1; i2++) {
-        optimizedSegs.push(graph.table[path59[i2]].node);
+      for (let i2 = 1; i2 < path60.length - 1; i2++) {
+        optimizedSegs.push(graph.table[path60[i2]].node);
       }
       return exports.fromArray(mergeSegments(optimizedSegs));
     };
@@ -92919,7 +93056,7 @@ var require_png2 = __commonJS({
       });
       png.pack();
     };
-    exports.renderToFile = function renderToFile(path59, qrData, options, cb) {
+    exports.renderToFile = function renderToFile(path60, qrData, options, cb) {
       if (typeof cb === "undefined") {
         cb = options;
         options = void 0;
@@ -92930,7 +93067,7 @@ var require_png2 = __commonJS({
         called = true;
         cb.apply(null, args);
       };
-      const stream = fs43.createWriteStream(path59);
+      const stream = fs43.createWriteStream(path60);
       stream.on("error", done);
       stream.on("close", done);
       exports.renderToFileStream(stream, qrData, options);
@@ -92992,14 +93129,14 @@ var require_utf8 = __commonJS({
       }
       return output;
     };
-    exports.renderToFile = function renderToFile(path59, qrData, options, cb) {
+    exports.renderToFile = function renderToFile(path60, qrData, options, cb) {
       if (typeof cb === "undefined") {
         cb = options;
         options = void 0;
       }
       const fs43 = __require("fs");
       const utf8 = exports.render(qrData, options);
-      fs43.writeFile(path59, utf8, cb);
+      fs43.writeFile(path60, utf8, cb);
     };
   }
 });
@@ -93120,7 +93257,7 @@ var require_svg_tag = __commonJS({
       return str2;
     }
     function qrToPath(data, size, margin) {
-      let path59 = "";
+      let path60 = "";
       let moveBy = 0;
       let newRow = false;
       let lineLength = 0;
@@ -93131,19 +93268,19 @@ var require_svg_tag = __commonJS({
         if (data[i2]) {
           lineLength++;
           if (!(i2 > 0 && col > 0 && data[i2 - 1])) {
-            path59 += newRow ? svgCmd("M", col + margin, 0.5 + row + margin) : svgCmd("m", moveBy, 0);
+            path60 += newRow ? svgCmd("M", col + margin, 0.5 + row + margin) : svgCmd("m", moveBy, 0);
             moveBy = 0;
             newRow = false;
           }
           if (!(col + 1 < size && data[i2 + 1])) {
-            path59 += svgCmd("h", lineLength);
+            path60 += svgCmd("h", lineLength);
             lineLength = 0;
           }
         } else {
           moveBy++;
         }
       }
-      return path59;
+      return path60;
     }
     exports.render = function render2(qrData, options, cb) {
       const opts = Utils.getOptions(options);
@@ -93151,10 +93288,10 @@ var require_svg_tag = __commonJS({
       const data = qrData.modules.data;
       const qrcodesize = size + opts.margin * 2;
       const bg = !opts.color.light.a ? "" : "<path " + getColorAttrib(opts.color.light, "fill") + ' d="M0 0h' + qrcodesize + "v" + qrcodesize + 'H0z"/>';
-      const path59 = "<path " + getColorAttrib(opts.color.dark, "stroke") + ' d="' + qrToPath(data, size, opts.margin) + '"/>';
+      const path60 = "<path " + getColorAttrib(opts.color.dark, "stroke") + ' d="' + qrToPath(data, size, opts.margin) + '"/>';
       const viewBox = 'viewBox="0 0 ' + qrcodesize + " " + qrcodesize + '"';
       const width = !opts.width ? "" : 'width="' + opts.width + '" height="' + opts.width + '" ';
-      const svgTag = '<svg xmlns="http://www.w3.org/2000/svg" ' + width + viewBox + ' shape-rendering="crispEdges">' + bg + path59 + "</svg>\n";
+      const svgTag = '<svg xmlns="http://www.w3.org/2000/svg" ' + width + viewBox + ' shape-rendering="crispEdges">' + bg + path60 + "</svg>\n";
       if (typeof cb === "function") {
         cb(null, svgTag);
       }
@@ -93168,7 +93305,7 @@ var require_svg = __commonJS({
   "../../node_modules/.pnpm/qrcode@1.5.4/node_modules/qrcode/lib/renderer/svg.js"(exports) {
     var svgTagRenderer = require_svg_tag();
     exports.render = svgTagRenderer.render;
-    exports.renderToFile = function renderToFile(path59, qrData, options, cb) {
+    exports.renderToFile = function renderToFile(path60, qrData, options, cb) {
       if (typeof cb === "undefined") {
         cb = options;
         options = void 0;
@@ -93176,7 +93313,7 @@ var require_svg = __commonJS({
       const fs43 = __require("fs");
       const svgTag = exports.render(qrData, options);
       const xmlStr = '<?xml version="1.0" encoding="utf-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">' + svgTag;
-      fs43.writeFile(path59, xmlStr, cb);
+      fs43.writeFile(path60, xmlStr, cb);
     };
   }
 });
@@ -93334,8 +93471,8 @@ var require_server = __commonJS({
         cb
       };
     }
-    function getTypeFromFilename(path59) {
-      return path59.slice((path59.lastIndexOf(".") - 1 >>> 0) + 2).toLowerCase();
+    function getTypeFromFilename(path60) {
+      return path60.slice((path60.lastIndexOf(".") - 1 >>> 0) + 2).toLowerCase();
     }
     function getRendererFromType(type) {
       switch (type) {
@@ -93399,17 +93536,17 @@ var require_server = __commonJS({
       const renderer2 = getRendererFromType(params.opts.type);
       return render2(renderer2.renderToBuffer, text, params);
     };
-    exports.toFile = function toFile3(path59, text, opts, cb) {
-      if (typeof path59 !== "string" || !(typeof text === "string" || typeof text === "object")) {
+    exports.toFile = function toFile3(path60, text, opts, cb) {
+      if (typeof path60 !== "string" || !(typeof text === "string" || typeof text === "object")) {
         throw new Error("Invalid argument");
       }
       if (arguments.length < 3 && !canPromise()) {
         throw new Error("Too few arguments provided");
       }
       const params = checkParams(text, opts, cb);
-      const type = params.opts.type || getTypeFromFilename(path59);
+      const type = params.opts.type || getTypeFromFilename(path60);
       const renderer2 = getRendererFromType(type);
-      const renderToFile = renderer2.renderToFile.bind(null, path59);
+      const renderToFile = renderer2.renderToFile.bind(null, path60);
       return render2(renderToFile, text, params);
     };
     exports.toFileStream = function toFileStream(stream, text, opts) {
@@ -95215,6 +95352,9 @@ var VaultStore = class {
   // whole-file rewrite. open() is also chained through this so two
   // parallel `open()` calls never both derive a fresh salt.
   mutex = createMutex();
+  // stat() fingerprint of the file as of our last load/sync/persist; lets
+  // syncFromDisk() skip the read+parse when nothing else has written.
+  lastSynced = null;
   constructor(opts) {
     this.filePath = opts.filePath;
     this.keySource = opts.keySource;
@@ -95292,6 +95432,49 @@ var VaultStore = class {
       throw new VaultPassphraseError(this.filePath);
     }
   }
+  /**
+   * Fold other writers' entries in from the on-disk file. Historically the
+   * vault persisted a whole-file snapshot of THIS instance's memory, so a
+   * write from any other `VaultStore` (another moxxy process, or a second
+   * instance in this one) was silently clobbered by our next persist —
+   * last-writer-wins, fatal for single-use rotated OAuth refresh tokens.
+   * Now every read and every mutation first re-reads the file (mtime/size
+   * gated, so the common no-other-writer case costs one `stat`) and merges:
+   *   - key on both sides → newer `updatedAt` wins (ISO timestamps);
+   *   - key only on disk  → adopt it (another writer added it);
+   *   - key only in memory → drop it (every mutation persists before
+   *     returning, so a key missing on disk was deleted by another writer).
+   * Skipped when the on-disk salt differs (vault wiped/recreated — those
+   * entries are undecryptable under our master key) or the file is
+   * unreadable/corrupt (keep memory; the next persist restores a good file).
+   *
+   * Must be called while holding `this.mutex`.
+   */
+  async syncFromDisk() {
+    if (!this.file)
+      return;
+    let st3;
+    try {
+      st3 = await promises.stat(this.filePath);
+    } catch (err) {
+      if (isEnoent(err))
+        return;
+      throw err;
+    }
+    if (this.lastSynced && st3.mtimeMs === this.lastSynced.mtimeMs && st3.size === this.lastSynced.size) {
+      return;
+    }
+    let parsed;
+    try {
+      parsed = JSON.parse(await promises.readFile(this.filePath, "utf8"));
+    } catch {
+      return;
+    }
+    if (parsed.version !== 1 || parsed.kdf !== "scrypt" || parsed.salt !== this.file.salt)
+      return;
+    this.file = { ...this.file, entries: mergeEntries(this.file.entries, parsed.entries ?? {}) };
+    this.lastSynced = { mtimeMs: st3.mtimeMs, size: st3.size };
+  }
   /**
    * Crash-atomic write: serialize to a sibling tmp file, then rename. POSIX
    * rename is atomic, so a crash mid-write leaves the previous vault intact
@@ -95301,12 +95484,19 @@ var VaultStore = class {
     if (!this.file)
       return;
     await writeFileAtomic(this.filePath, JSON.stringify(this.file, null, 2), { mode: 384 });
+    try {
+      const st3 = await promises.stat(this.filePath);
+      this.lastSynced = { mtimeMs: st3.mtimeMs, size: st3.size };
+    } catch {
+      this.lastSynced = null;
+    }
   }
   async set(name, value, tags) {
     await this.open();
     return this.mutex.run(async () => {
       if (!this.file || !this.masterKey)
         throw new Error("vault not open");
+      await this.syncFromDisk();
       const now = (/* @__PURE__ */ new Date()).toISOString();
       const existing = this.file.entries[name];
       const blob = encrypt(value, this.masterKey);
@@ -95327,6 +95517,7 @@ var VaultStore = class {
   }
   async get(name) {
     await this.open();
+    await this.mutex.run(() => this.syncFromDisk());
     if (!this.file || !this.masterKey)
       throw new Error("vault not open");
     const entry = this.file.entries[name];
@@ -95336,6 +95527,7 @@ var VaultStore = class {
   }
   async has(name) {
     await this.open();
+    await this.mutex.run(() => this.syncFromDisk());
     return Boolean(this.file?.entries[name]);
   }
   async delete(name) {
@@ -95343,6 +95535,7 @@ var VaultStore = class {
     return this.mutex.run(async () => {
       if (!this.file)
         return false;
+      await this.syncFromDisk();
       if (!(name in this.file.entries))
         return false;
       const { [name]: _removed, ...rest } = this.file.entries;
@@ -95353,6 +95546,7 @@ var VaultStore = class {
   }
   async list() {
     await this.open();
+    await this.mutex.run(() => this.syncFromDisk());
     if (!this.file)
       return [];
     return Object.entries(this.file.entries).map(([name, e3]) => ({
@@ -95363,6 +95557,18 @@ var VaultStore = class {
     }));
   }
 };
+function mergeEntries(memory, disk) {
+  const merged = { ...disk };
+  for (const [name, mine] of Object.entries(memory)) {
+    const theirs = merged[name];
+    if (theirs && theirs.updatedAt >= mine.updatedAt)
+      continue;
+    if (!theirs)
+      continue;
+    merged[name] = mine;
+  }
+  return merged;
+}
 function isEnoent(err) {
   return err instanceof Error && "code" in err && err.code === "ENOENT";
 }
@@ -97174,13 +97380,13 @@ var MultipartBody = class {
   }
 };
 var fileFromPathWarned = false;
-async function fileFromPath3(path59, ...args) {
+async function fileFromPath3(path60, ...args) {
   const { fileFromPath: _fileFromPath } = await Promise.resolve().then(() => (init_fileFromPath(), fileFromPath_exports));
   if (!fileFromPathWarned) {
-    console.warn(`fileFromPath is deprecated; use fs.createReadStream(${JSON.stringify(path59)}) instead`);
+    console.warn(`fileFromPath is deprecated; use fs.createReadStream(${JSON.stringify(path60)}) instead`);
     fileFromPathWarned = true;
   }
-  return await _fileFromPath(path59, ...args);
+  return await _fileFromPath(path60, ...args);
 }
 var defaultHttpAgent = new import_agentkeepalive.default({ keepAlive: true, timeout: 5 * 60 * 1e3 });
 var defaultHttpsAgent = new import_agentkeepalive.default.HttpsAgent({ keepAlive: true, timeout: 5 * 60 * 1e3 });
@@ -97903,29 +98109,29 @@ var APIClient = class {
   defaultIdempotencyKey() {
     return `stainless-node-retry-${uuid4()}`;
   }
-  get(path59, opts) {
-    return this.methodRequest("get", path59, opts);
+  get(path60, opts) {
+    return this.methodRequest("get", path60, opts);
   }
-  post(path59, opts) {
-    return this.methodRequest("post", path59, opts);
+  post(path60, opts) {
+    return this.methodRequest("post", path60, opts);
   }
-  patch(path59, opts) {
-    return this.methodRequest("patch", path59, opts);
+  patch(path60, opts) {
+    return this.methodRequest("patch", path60, opts);
   }
-  put(path59, opts) {
-    return this.methodRequest("put", path59, opts);
+  put(path60, opts) {
+    return this.methodRequest("put", path60, opts);
   }
-  delete(path59, opts) {
-    return this.methodRequest("delete", path59, opts);
+  delete(path60, opts) {
+    return this.methodRequest("delete", path60, opts);
   }
-  methodRequest(method, path59, opts) {
+  methodRequest(method, path60, opts) {
     return this.request(Promise.resolve(opts).then(async (opts2) => {
       const body = opts2 && isBlobLike(opts2?.body) ? new DataView(await opts2.body.arrayBuffer()) : opts2?.body instanceof DataView ? opts2.body : opts2?.body instanceof ArrayBuffer ? new DataView(opts2.body) : opts2 && ArrayBuffer.isView(opts2?.body) ? new DataView(opts2.body.buffer) : opts2?.body;
-      return { method, path: path59, ...opts2, body };
+      return { method, path: path60, ...opts2, body };
     }));
   }
-  getAPIList(path59, Page3, opts) {
-    return this.requestAPIList(Page3, { method: "get", path: path59, ...opts });
+  getAPIList(path60, Page3, opts) {
+    return this.requestAPIList(Page3, { method: "get", path: path60, ...opts });
   }
   calculateContentLength(body) {
     if (typeof body === "string") {
@@ -97944,10 +98150,10 @@ var APIClient = class {
   }
   buildRequest(inputOptions, { retryCount = 0 } = {}) {
     const options = { ...inputOptions };
-    const { method, path: path59, query, headers = {} } = options;
+    const { method, path: path60, query, headers = {} } = options;
     const body = ArrayBuffer.isView(options.body) || options.__binaryRequest && typeof options.body === "string" ? options.body : isMultipartBody(options.body) ? options.body.body : options.body ? JSON.stringify(options.body, null, 2) : null;
     const contentLength = this.calculateContentLength(body);
-    const url2 = this.buildURL(path59, query);
+    const url2 = this.buildURL(path60, query);
     if ("timeout" in options)
       validatePositiveInteger("timeout", options.timeout);
     options.timeout = options.timeout ?? this.timeout;
@@ -98071,8 +98277,8 @@ var APIClient = class {
     const request = this.makeRequest(options, null);
     return new PagePromise(this, request, Page3);
   }
-  buildURL(path59, query) {
-    const url2 = isAbsoluteURL(path59) ? new URL(path59) : new URL(this.baseURL + (this.baseURL.endsWith("/") && path59.startsWith("/") ? path59.slice(1) : path59));
+  buildURL(path60, query) {
+    const url2 = isAbsoluteURL(path60) ? new URL(path60) : new URL(this.baseURL + (this.baseURL.endsWith("/") && path60.startsWith("/") ? path60.slice(1) : path60));
     const defaultQuery = this.defaultQuery();
     if (!isEmptyObj(defaultQuery)) {
       query = { ...defaultQuery, ...query };
@@ -101225,13 +101431,13 @@ var MultipartBody2 = class {
   }
 };
 var fileFromPathWarned2 = false;
-async function fileFromPath5(path59, ...args) {
+async function fileFromPath5(path60, ...args) {
   const { fileFromPath: _fileFromPath } = await Promise.resolve().then(() => (init_fileFromPath(), fileFromPath_exports));
   if (!fileFromPathWarned2) {
-    console.warn(`fileFromPath is deprecated; use fs.createReadStream(${JSON.stringify(path59)}) instead`);
+    console.warn(`fileFromPath is deprecated; use fs.createReadStream(${JSON.stringify(path60)}) instead`);
     fileFromPathWarned2 = true;
   }
-  return await _fileFromPath(path59, ...args);
+  return await _fileFromPath(path60, ...args);
 }
 var defaultHttpAgent2 = new import_agentkeepalive2.default({ keepAlive: true, timeout: 5 * 60 * 1e3 });
 var defaultHttpsAgent2 = new import_agentkeepalive2.default.HttpsAgent({ keepAlive: true, timeout: 5 * 60 * 1e3 });
@@ -102009,29 +102215,29 @@ var APIClient2 = class {
   defaultIdempotencyKey() {
     return `stainless-node-retry-${uuid42()}`;
   }
-  get(path59, opts) {
-    return this.methodRequest("get", path59, opts);
+  get(path60, opts) {
+    return this.methodRequest("get", path60, opts);
   }
-  post(path59, opts) {
-    return this.methodRequest("post", path59, opts);
+  post(path60, opts) {
+    return this.methodRequest("post", path60, opts);
   }
-  patch(path59, opts) {
-    return this.methodRequest("patch", path59, opts);
+  patch(path60, opts) {
+    return this.methodRequest("patch", path60, opts);
   }
-  put(path59, opts) {
-    return this.methodRequest("put", path59, opts);
+  put(path60, opts) {
+    return this.methodRequest("put", path60, opts);
   }
-  delete(path59, opts) {
-    return this.methodRequest("delete", path59, opts);
+  delete(path60, opts) {
+    return this.methodRequest("delete", path60, opts);
   }
-  methodRequest(method, path59, opts) {
+  methodRequest(method, path60, opts) {
     return this.request(Promise.resolve(opts).then(async (opts2) => {
       const body = opts2 && isBlobLike2(opts2?.body) ? new DataView(await opts2.body.arrayBuffer()) : opts2?.body instanceof DataView ? opts2.body : opts2?.body instanceof ArrayBuffer ? new DataView(opts2.body) : opts2 && ArrayBuffer.isView(opts2?.body) ? new DataView(opts2.body.buffer) : opts2?.body;
-      return { method, path: path59, ...opts2, body };
+      return { method, path: path60, ...opts2, body };
     }));
   }
-  getAPIList(path59, Page3, opts) {
-    return this.requestAPIList(Page3, { method: "get", path: path59, ...opts });
+  getAPIList(path60, Page3, opts) {
+    return this.requestAPIList(Page3, { method: "get", path: path60, ...opts });
   }
   calculateContentLength(body) {
     if (typeof body === "string") {
@@ -102050,10 +102256,10 @@ var APIClient2 = class {
   }
   buildRequest(inputOptions, { retryCount = 0 } = {}) {
     const options = { ...inputOptions };
-    const { method, path: path59, query, headers = {} } = options;
+    const { method, path: path60, query, headers = {} } = options;
     const body = ArrayBuffer.isView(options.body) || options.__binaryRequest && typeof options.body === "string" ? options.body : isMultipartBody2(options.body) ? options.body.body : options.body ? JSON.stringify(options.body, null, 2) : null;
     const contentLength = this.calculateContentLength(body);
-    const url2 = this.buildURL(path59, query);
+    const url2 = this.buildURL(path60, query);
     if ("timeout" in options)
       validatePositiveInteger2("timeout", options.timeout);
     options.timeout = options.timeout ?? this.timeout;
@@ -102169,8 +102375,8 @@ var APIClient2 = class {
     const request = this.makeRequest(options, null);
     return new PagePromise2(this, request, Page3);
   }
-  buildURL(path59, query) {
-    const url2 = isAbsoluteURL2(path59) ? new URL(path59) : new URL(this.baseURL + (this.baseURL.endsWith("/") && path59.startsWith("/") ? path59.slice(1) : path59));
+  buildURL(path60, query) {
+    const url2 = isAbsoluteURL2(path60) ? new URL(path60) : new URL(this.baseURL + (this.baseURL.endsWith("/") && path60.startsWith("/") ? path60.slice(1) : path60));
     const defaultQuery = this.defaultQuery();
     if (!isEmptyObj2(defaultQuery)) {
       query = { ...defaultQuery, ...query };
@@ -107550,11 +107756,11 @@ function buildAuthUrl(input) {
 }
 async function runAuthorizationCodeFlow(opts) {
   const port = opts.redirectPort ?? 8765;
-  const path59 = opts.redirectPath ?? "/callback";
+  const path60 = opts.redirectPath ?? "/callback";
   const codeVerifier = generateCodeVerifier();
   const codeChallenge = computeCodeChallenge(codeVerifier);
   const state = generateState();
-  const redirectUri = `http://localhost:${port}${path59}`;
+  const redirectUri = `http://localhost:${port}${path60}`;
   const authUrl = buildAuthUrl({
     authUrl: opts.authUrl,
     clientId: opts.clientId,
@@ -107566,7 +107772,7 @@ async function runAuthorizationCodeFlow(opts) {
   });
   const codePromise = waitForCallback({
     port,
-    path: path59,
+    path: path60,
     expectedState: state,
     timeoutMs: opts.timeoutMs ?? 3e5,
     ...opts.signal ? { signal: opts.signal } : {}
@@ -107914,11 +108120,11 @@ function buildOauthAuthorizeTool(deps) {
           const { computeCodeChallenge: computeCodeChallenge2 } = await Promise.resolve().then(() => (init_pkce(), pkce_exports));
           const challenge = computeCodeChallenge2(verifier);
           const port = input.redirectPort ?? 8765;
-          const path59 = input.redirectPath ?? "/callback";
+          const path60 = input.redirectPath ?? "/callback";
           const url2 = buildAuthUrl({
             authUrl: input.authUrl,
             clientId: input.clientId,
-            redirectUri: `http://localhost:${port}${path59}`,
+            redirectUri: `http://localhost:${port}${path60}`,
             scopes: input.scopes,
             codeChallenge: challenge,
             state,
@@ -108060,7 +108266,7 @@ async function runOauthLogin(profile, ctx) {
 }
 async function runBrowserFlow(profile, ctx) {
   const port = profile.redirect?.port ?? 8765;
-  const path59 = profile.redirect?.path ?? "/callback";
+  const path60 = profile.redirect?.path ?? "/callback";
   const serviceName = profile.displayName ?? profile.id;
   return runAuthorizationCodeFlow({
     authUrl: profile.authUrl,
@@ -108069,7 +108275,7 @@ async function runBrowserFlow(profile, ctx) {
     ...profile.clientSecret ? { clientSecret: profile.clientSecret } : {},
     scopes: profile.scopes,
     redirectPort: port,
-    redirectPath: path59,
+    redirectPath: path60,
     ...profile.extraAuthParams ? { extraAuthParams: profile.extraAuthParams } : {},
     timeoutMs: DEFAULT_BROWSER_TIMEOUT_MS,
     ...ctx.signal ? { signal: ctx.signal } : {},
@@ -108081,7 +108287,7 @@ If your browser doesn't open automatically, paste this URL:
 
   ${url2}
 
-Waiting for callback on http://localhost:${port}${path59} (5 min timeout)\u2026
+Waiting for callback on http://localhost:${port}${path60} (5 min timeout)\u2026
 
 `);
     }
@@ -108125,6 +108331,81 @@ Polling every ${Math.round(init3.intervalMs / 1e3)}s (${Math.round(init3.expires
     ...ctx.signal ? { signal: ctx.signal } : {}
   });
 }
+var DEFAULT_STALE_MS = 6e4;
+var DEFAULT_POLL_MS = 150;
+var DEFAULT_WAIT_MS = 3e4;
+var inProcessLocks = /* @__PURE__ */ new Map();
+async function withCredentialLock(key, fn, opts = {}) {
+  const safe2 = sanitizeKey(key);
+  let mutex = inProcessLocks.get(safe2);
+  if (!mutex) {
+    mutex = createMutex();
+    inProcessLocks.set(safe2, mutex);
+  }
+  return mutex.run(async () => {
+    const release = await acquireFileLock(join(opts.dir ?? moxxyPath("locks"), `${safe2}.lock`), opts.staleMs ?? DEFAULT_STALE_MS, opts.pollMs ?? DEFAULT_POLL_MS, opts.waitMs ?? DEFAULT_WAIT_MS);
+    try {
+      return await fn();
+    } finally {
+      await release();
+    }
+  });
+}
+function isAuthRejection(err) {
+  return err instanceof MoxxyError && (err.code === "AUTH_INVALID" || err.code === "AUTH_DENIED" || err.code === "AUTH_EXPIRED" || err.code === "PROVIDER_BAD_REQUEST");
+}
+function sanitizeKey(key) {
+  return key.replace(/[^a-zA-Z0-9._-]+/g, "_");
+}
+async function acquireFileLock(lockPath, staleMs, pollMs, waitMs) {
+  const deadline = Date.now() + waitMs;
+  try {
+    await mkdir(dirname(lockPath), { recursive: true });
+  } catch {
+    return async () => {
+    };
+  }
+  for (; ; ) {
+    try {
+      const handle2 = await open(lockPath, "wx");
+      try {
+        await handle2.writeFile(`${process.pid} ${(/* @__PURE__ */ new Date()).toISOString()}
+`, "utf8");
+      } finally {
+        await handle2.close().catch(() => {
+        });
+      }
+      return async () => {
+        await rm(lockPath, { force: true }).catch(() => {
+        });
+      };
+    } catch (err) {
+      if (err.code !== "EEXIST") {
+        return async () => {
+        };
+      }
+    }
+    try {
+      const st3 = await stat(lockPath);
+      if (Date.now() - st3.mtimeMs > staleMs) {
+        await rm(lockPath, { force: true }).catch(() => {
+        });
+        continue;
+      }
+    } catch {
+      continue;
+    }
+    if (Date.now() >= deadline)
+      return async () => {
+      };
+    await sleep4(pollMs);
+  }
+}
+function sleep4(ms) {
+  return new Promise((resolve12) => setTimeout(resolve12, ms));
+}
+
+// ../plugin-oauth/dist/ensure-fresh.js
 async function ensureFreshTokens(profile, vault, opts = {}) {
   const stored = await readStoredCreds(vault, profile.id);
   if (!stored) {
@@ -108138,6 +108419,16 @@ async function ensureFreshTokens(profile, vault, opts = {}) {
   if (!opts.force && !isExpired(stored.tokenSet, opts.skewMs)) {
     return { tokens: stored.tokenSet, extras: stored.extras };
   }
+  return withCredentialLock(`oauth-${profile.id}`, async () => {
+    const current = await readStoredCreds(vault, profile.id) ?? stored;
+    const rotatedMeanwhile = current.tokenSet.accessToken !== stored.tokenSet.accessToken;
+    if (!isExpired(current.tokenSet, opts.skewMs) && (!opts.force || rotatedMeanwhile)) {
+      return { tokens: current.tokenSet, extras: current.extras };
+    }
+    return refreshAndStore(profile, vault, current);
+  });
+}
+async function refreshAndStore(profile, vault, stored, retried = false) {
   if (!stored.tokenSet.refreshToken) {
     throw new MoxxyError({
       code: "AUTH_EXPIRED",
@@ -108155,6 +108446,12 @@ async function ensureFreshTokens(profile, vault, opts = {}) {
       refreshToken: stored.tokenSet.refreshToken
     });
   } catch (err) {
+    if (!retried && isAuthRejection(err)) {
+      const latest = await readStoredCreds(vault, profile.id);
+      if (latest?.tokenSet.refreshToken && latest.tokenSet.refreshToken !== stored.tokenSet.refreshToken) {
+        return refreshAndStore(profile, vault, latest, true);
+      }
+    }
     const net3 = classifyNetworkError(err, { url: stored.tokenUrl, provider: profile.id });
     if (net3)
       throw net3;
@@ -108278,8 +108575,6 @@ function buildOauthPlugin(opts) {
     ]
   });
 }
-
-// ../plugin-provider-openai-codex/dist/oauth.js
 var CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
 var ISSUER = "https://auth.openai.com";
 var AUTHORIZE_URL = `${ISSUER}/oauth/authorize`;
@@ -108678,6 +108973,7 @@ var CodexProvider = class {
   models = codexModels;
   tokens;
   onTokensRefreshed;
+  reloadTokens;
   defaultModel;
   fetchImpl;
   sessionIdProvider;
@@ -108686,6 +108982,8 @@ var CodexProvider = class {
       this.tokens = config.tokens;
     if (config.onTokensRefreshed)
       this.onTokensRefreshed = config.onTokensRefreshed;
+    if (config.reloadTokens)
+      this.reloadTokens = config.reloadTokens;
     this.defaultModel = config.defaultModel ?? DEFAULT_CODEX_MODEL;
     this.fetchImpl = config.fetch ?? fetch;
     const defaultSessionId = webcrypto.randomUUID();
@@ -108753,19 +109051,52 @@ var CodexProvider = class {
       return;
     await this.refreshNow();
   }
+  /**
+   * Refresh + persist under the per-credential lock. The refresh token is
+   * SINGLE-USE (rotated + invalidated on every refresh), so concurrent
+   * refreshers — a second stream in this process, the whisper-stt
+   * transcriber sharing this credential, or another moxxy process — must
+   * serialize and coalesce: whoever holds the lock refreshes once, everyone
+   * queued behind it adopts the rotated bundle instead of burning it.
+   */
   async refreshNow() {
-    if (!this.tokens) {
+    const entry = this.tokens;
+    if (!entry) {
       throw new Error("Cannot refresh \u2014 no stored tokens.");
     }
-    const next = await refreshTokens(this.tokens.refresh, this.fetchImpl);
-    const accountId = next.accountId ?? this.tokens.accountId;
-    const merged = accountId ? { access: next.access, refresh: next.refresh, expires: next.expires, accountId } : { access: next.access, refresh: next.refresh, expires: next.expires };
-    this.tokens = merged;
-    if (this.onTokensRefreshed) {
-      await this.onTokensRefreshed(merged);
-    }
+    await withCredentialLock(`oauth-${this.name}`, async () => {
+      if (this.tokens && this.tokens.access !== entry.access)
+        return;
+      let attempt = this.tokens ?? entry;
+      if (this.reloadTokens) {
+        const latest = await this.reloadTokens().catch(() => null);
+        if (latest && latest.access !== attempt.access && latest.expires > Date.now() + 6e4) {
+          this.tokens = withAccountId(latest, latest.accountId ?? attempt.accountId);
+          return;
+        }
+        if (latest?.refresh)
+          attempt = { ...attempt, refresh: latest.refresh };
+      }
+      let next;
+      try {
+        next = await refreshTokens(attempt.refresh, this.fetchImpl);
+      } catch (err) {
+        const latest = isAuthRejection(err) && this.reloadTokens ? await this.reloadTokens().catch(() => null) : null;
+        if (!latest?.refresh || latest.refresh === attempt.refresh)
+          throw err;
+        next = await refreshTokens(latest.refresh, this.fetchImpl);
+      }
+      const merged = withAccountId(next, next.accountId ?? attempt.accountId);
+      this.tokens = merged;
+      if (this.onTokensRefreshed) {
+        await this.onTokensRefreshed(merged);
+      }
+    });
   }
 };
+function withAccountId(tokens, accountId) {
+  return accountId ? { access: tokens.access, refresh: tokens.refresh, expires: tokens.expires, accountId } : { access: tokens.access, refresh: tokens.refresh, expires: tokens.expires };
+}
 
 // ../plugin-provider-openai-codex/dist/profile.js
 var CODEX_PROVIDER_ID = "openai-codex";
@@ -109002,9 +109333,9 @@ async function ensureFreshClaudeTokens(vault) {
   const stored = await readStoredCreds(vault, CLAUDE_CODE_PROVIDER_ID);
   if (!stored)
     return null;
-  const { tokenSet, extras } = stored;
+  const { tokenSet } = stored;
   if (tokenSet.refreshToken && isExpired(tokenSet)) {
-    const refreshed = await refreshAndPersist(vault, tokenSet.refreshToken, extras.account_email);
+    const refreshed = await refreshClaudeUnderLock(vault, stored);
     return { accessToken: refreshed.accessToken, ...refreshed.expiresAt !== void 0 ? { expiresAt: refreshed.expiresAt } : {}, canRefresh: true };
   }
   return {
@@ -109023,9 +109354,39 @@ async function refreshClaudeAccessToken(vault) {
       context: { provider: CLAUDE_CODE_PROVIDER_ID }
     });
   }
-  const refreshed = await refreshAndPersist(vault, stored.tokenSet.refreshToken, stored.extras.account_email);
+  const refreshed = await refreshClaudeUnderLock(vault, stored);
   return { token: refreshed.accessToken, ...refreshed.expiresAt !== void 0 ? { expiresAt: refreshed.expiresAt } : {} };
 }
+async function refreshClaudeUnderLock(vault, baseline) {
+  return withCredentialLock(`oauth-${CLAUDE_CODE_PROVIDER_ID}`, async () => {
+    const current = await readStoredCreds(vault, CLAUDE_CODE_PROVIDER_ID) ?? baseline;
+    if (current.tokenSet.accessToken !== baseline.tokenSet.accessToken && !isExpired(current.tokenSet)) {
+      return current.tokenSet;
+    }
+    const refreshToken = current.tokenSet.refreshToken ?? baseline.tokenSet.refreshToken;
+    if (!refreshToken) {
+      throw new MoxxyError({
+        code: "AUTH_EXPIRED",
+        message: "Claude token expired and no refresh_token is stored.",
+        hint: "Run `moxxy login claude-code` again, or refresh `CLAUDE_CODE_OAUTH_TOKEN` via `claude setup-token`.",
+        context: { provider: CLAUDE_CODE_PROVIDER_ID }
+      });
+    }
+    const email = current.extras.account_email ?? baseline.extras.account_email;
+    try {
+      return await refreshAndPersist(vault, refreshToken, email);
+    } catch (err) {
+      if (isAuthRejection(err)) {
+        const latest = await readStoredCreds(vault, CLAUDE_CODE_PROVIDER_ID);
+        const latestRefresh = latest?.tokenSet.refreshToken;
+        if (latestRefresh && latestRefresh !== refreshToken) {
+          return refreshAndPersist(vault, latestRefresh, latest.extras.account_email ?? email);
+        }
+      }
+      throw err;
+    }
+  });
+}
 var fetchImpl = fetch;
 var openBrowserImpl = openInBrowser;
 var sleepImpl = (ms) => new Promise((resolve12) => setTimeout(resolve12, ms));
@@ -109480,6 +109841,49 @@ function globToRegExp(pattern) {
 }
 
 // ../tools-builtin/dist/bash.js
+var OUTPUT_LIMIT = 2e5;
+var STREAM_RETAIN_CAP = OUTPUT_LIMIT + 4096;
+var SIGKILL_GRACE_MS = 2e3;
+function killTree(child, signal) {
+  if (child.pid === void 0)
+    return;
+  if (process.platform === "win32") {
+    if (child.exitCode === null && child.signalCode === null)
+      child.kill(signal);
+    return;
+  }
+  try {
+    process.kill(-child.pid, signal);
+  } catch (e3) {
+    if (e3.code !== "ESRCH") {
+      if (child.exitCode === null && child.signalCode === null)
+        child.kill(signal);
+    }
+  }
+}
+function boundedSink(cap) {
+  let text = "";
+  let dropped = 0;
+  return {
+    push(b3) {
+      const s2 = b3.toString("utf8");
+      const room = cap - text.length;
+      if (room >= s2.length) {
+        text += s2;
+      } else {
+        if (room > 0)
+          text += s2.slice(0, room);
+        dropped += s2.length - Math.max(room, 0);
+      }
+    },
+    get text() {
+      return text;
+    },
+    get dropped() {
+      return dropped;
+    }
+  };
+}
 var bashTool = defineTool({
   name: "Bash",
   description: "Run a shell command via /bin/sh. Respects the abort signal. Returns combined stdout/stderr with exit code.",
@@ -109516,41 +109920,60 @@ var bashTool = defineTool({
       const child = spawn("/bin/sh", ["-lc", command], {
         cwd: cwd2 ?? ctx.cwd,
         env: env3 ? { ...process.env, ...env3 } : process.env,
-        stdio: ["ignore", "pipe", "pipe"]
-      });
-      let out = "";
-      let err = "";
-      child.stdout.on("data", (b3) => {
-        out += b3.toString("utf8");
-      });
-      child.stderr.on("data", (b3) => {
-        err += b3.toString("utf8");
+        stdio: ["ignore", "pipe", "pipe"],
+        // Own process group on POSIX so timeout/abort can kill the whole
+        // tree via a negative-pid signal. `detached` only detaches the
+        // controlling terminal/group — our piped stdio and exit reporting
+        // are unaffected. Not meaningful on win32 (would open a console).
+        detached: process.platform !== "win32"
       });
+      const out = boundedSink(STREAM_RETAIN_CAP);
+      const err = boundedSink(STREAM_RETAIN_CAP);
+      child.stdout.on("data", out.push);
+      child.stderr.on("data", err.push);
+      let killTimer;
+      const terminate2 = () => {
+        killTree(child, "SIGTERM");
+        killTimer ??= setTimeout(() => {
+          killTree(child, "SIGKILL");
+        }, SIGKILL_GRACE_MS);
+        killTimer.unref();
+      };
       const timer = setTimeout(() => {
-        child.kill("SIGTERM");
+        terminate2();
         reject(new MoxxyError({
           code: "ABORTED",
           message: `Bash timed out after ${timeoutMs}ms: ${command}`
         }));
       }, timeoutMs);
       const onAbort = () => {
-        child.kill("SIGTERM");
+        terminate2();
       };
       ctx.signal.addEventListener("abort", onAbort, { once: true });
       child.on("error", (e3) => {
         clearTimeout(timer);
+        if (killTimer !== void 0)
+          clearTimeout(killTimer);
         ctx.signal.removeEventListener("abort", onAbort);
         reject(e3);
       });
       child.on("close", (code) => {
         clearTimeout(timer);
+        if (killTimer !== void 0)
+          clearTimeout(killTimer);
         ctx.signal.removeEventListener("abort", onAbort);
-        const combined = (out ? `[stdout]
-${out.trimEnd()}
-` : "") + (err ? `[stderr]
-${err.trimEnd()}
+        const combined = (out.text ? `[stdout]
+${out.text.trimEnd()}
+` : "") + (err.text ? `[stderr]
+${err.text.trimEnd()}
 ` : "") + `[exit ${code ?? "null"}]`;
-        resolve12(clampString(combined, 2e5));
+        const dropped = out.dropped + err.dropped;
+        if (dropped === 0) {
+          resolve12(clampString(combined, OUTPUT_LIMIT));
+        } else {
+          resolve12(combined.slice(0, OUTPUT_LIMIT) + `
+... [truncated ${combined.length + dropped - OUTPUT_LIMIT} chars]`);
+        }
       });
     });
   }
@@ -110238,9 +110661,15 @@ async function* runGoalMode(ctx) {
     });
     return;
   }
+  const sessionResolver = ctx.permissions;
   const autoApprove = {
     name: "goal-auto-approve",
-    check: async () => ({ mode: "allow", reason: "goal mode runs tools unattended (auto-approve)" })
+    check: async (call, permCtx) => {
+      const policy = await sessionResolver.policyCheck?.(call, permCtx) ?? null;
+      if (policy)
+        return policy;
+      return { mode: "allow", reason: "goal mode runs tools unattended (auto-approve)" };
+    }
   };
   const goalCtx = {
     ...ctx,
@@ -112497,12 +112926,20 @@ async function performSessionAction(ctx, action, notice, state, deps, cb) {
     if (state.turnController && !state.turnController.signal.aborted) {
       state.turnController.abort("user reset");
     }
-    state.session.log.clear();
     deps.framePump.resetRenderer();
     cb.setYolo(false);
     cb.setAwaitingApprovalText(null);
     deps.approvalResolver.abortAll("session reset");
     deps.permissionResolver.abortAll("session reset");
+    try {
+      if (typeof state.session.reset === "function")
+        await state.session.reset();
+      else
+        state.session.log.clear();
+    } catch (err) {
+      await ctx.reply(`\u26A0 /new failed: ${err instanceof Error ? err.message : String(err)} \u2014 history NOT cleared`);
+      return;
+    }
     await ctx.reply(`\u2713 ${notice ?? "new session \u2014 conversation history cleared"}`);
   }
 }
@@ -114302,6 +114739,13 @@ var HttpChannel = class {
   authToken;
   logger;
   server = null;
+  boundPortValue = 0;
+  /** The actual TCP port the server bound to after {@link start}. Equals the
+   *  configured port, or the OS-assigned one when `port: 0` (ephemeral) — so
+   *  callers (and tests) can address the server without guessing a free port. */
+  get boundPort() {
+    return this.boundPortValue;
+  }
   constructor(opts = {}) {
     this.port = opts.port ?? 3737;
     this.host = opts.host ?? "127.0.0.1";
@@ -114341,9 +114785,11 @@ var HttpChannel = class {
     const listening = new Promise((resolve12, reject) => {
       server.once("error", reject);
       server.listen(this.port, this.host, () => {
+        const addr = server.address();
+        this.boundPortValue = typeof addr === "object" && addr ? addr.port : this.port;
         this.logger?.info?.("http channel listening", {
           host: this.host,
-          port: this.port,
+          port: this.boundPortValue,
           authEnabled: this.authToken !== null
         });
         resolve12();
@@ -114472,8 +114918,16 @@ var EventProjector = class {
     }
   }
 };
-
-// ../plugin-channel-web/dist/protocol.js
+var clientFrameSchema = z.discriminatedUnion("kind", [
+  z.object({ kind: z.literal("prompt"), text: z.string() }),
+  z.object({
+    kind: z.literal("action"),
+    actionId: z.string(),
+    viewId: z.string().nullable(),
+    action: z.object({ name: z.string(), params: z.record(z.unknown()).optional() }),
+    formValues: z.record(z.string())
+  })
+]);
 function actionPrompt(action, formValues) {
   const payload = JSON.stringify({ action: action.name, ...action.params ? { params: action.params } : {}, values: formValues });
   return [
@@ -114485,54 +114939,74 @@ function actionPrompt(action, formValues) {
 }
 
 // ../plugin-channel-web/dist/channel.js
+var MAX_FRAME_BYTES = 256 * 1024;
+var DROP_WARN_INTERVAL_MS = 1e4;
 function isAddrInUse(err) {
   return !!err && typeof err === "object" && err.code === "EADDRINUSE";
 }
-async function freeTcpPort(port) {
-  if (process.platform === "win32")
-    return;
+async function captureStdout(cmd, args) {
   const { spawn: spawn17 } = await import('child_process');
-  const pids = await new Promise((resolve12) => {
+  return await new Promise((resolve12) => {
     let out = "";
     try {
-      const child = spawn17("lsof", ["-t", `-iTCP:${port}`, "-sTCP:LISTEN"], {
-        stdio: ["ignore", "pipe", "ignore"]
-      });
+      const child = spawn17(cmd, [...args], { stdio: ["ignore", "pipe", "ignore"] });
       child.stdout.on("data", (b3) => {
         out += b3.toString();
       });
-      child.on("error", () => resolve12([]));
-      child.on("close", () => {
-        const found = /* @__PURE__ */ new Set();
-        for (const line of out.split("\n")) {
-          const n2 = parseInt(line.trim(), 10);
-          if (Number.isFinite(n2) && n2 > 0)
-            found.add(n2);
-        }
-        resolve12([...found]);
-      });
+      child.on("error", () => resolve12(""));
+      child.on("close", () => resolve12(out));
     } catch {
-      resolve12([]);
+      resolve12("");
     }
   });
-  for (const pid of pids) {
-    if (pid === process.pid)
-      continue;
+}
+async function pidsListeningOn(port) {
+  if (process.platform === "win32")
+    return [];
+  const out = await captureStdout("lsof", ["-t", `-iTCP:${port}`, "-sTCP:LISTEN"]);
+  const found = /* @__PURE__ */ new Set();
+  for (const line of out.split("\n")) {
+    const n2 = parseInt(line.trim(), 10);
+    if (Number.isFinite(n2) && n2 > 0)
+      found.add(n2);
+  }
+  return [...found];
+}
+async function pidCommand(pid) {
+  return (await captureStdout("ps", ["-p", String(pid), "-o", "command="])).trim();
+}
+function looksLikeMoxxy(command) {
+  return command.length > 0 && /moxxy/i.test(command);
+}
+async function freeTcpPortIfMoxxy(port, logger) {
+  if (process.platform === "win32")
+    return false;
+  const pids = (await pidsListeningOn(port)).filter((pid) => pid !== process.pid);
+  if (pids.length === 0)
+    return false;
+  const holders = await Promise.all(pids.map(async (pid) => ({ pid, command: await pidCommand(pid) })));
+  const foreign = holders.filter((h3) => !looksLikeMoxxy(h3.command));
+  if (foreign.length > 0) {
+    logger?.warn?.(`port ${port} is held by non-moxxy process(es); not killing them`, {
+      holders: foreign.map((h3) => `${h3.pid}: ${h3.command || "<unknown command>"}`)
+    });
+    return false;
+  }
+  for (const { pid } of holders) {
     try {
       process.kill(pid, "SIGTERM");
     } catch {
     }
   }
   await new Promise((r2) => setTimeout(r2, 400));
-  for (const pid of pids) {
-    if (pid === process.pid)
-      continue;
+  for (const { pid } of holders) {
     try {
       process.kill(pid, 0);
       process.kill(pid, "SIGKILL");
     } catch {
     }
   }
+  return true;
 }
 var PUBLIC_DIR = path3.join(path3.dirname(fileURLToPath(import.meta.url)), "public");
 var WebChannel = class {
@@ -114557,6 +115031,8 @@ var WebChannel = class {
   tunnel = null;
   tunnelBase = null;
   viewSeq = 0;
+  droppedFrames = 0;
+  lastDropWarnAt = 0;
   constructor(opts = {}) {
     this.port = opts.port ?? 4040;
     this.host = opts.host ?? "127.0.0.1";
@@ -114591,14 +115067,19 @@ var WebChannel = class {
       void this.handleHttp(req, res);
     });
     this.server = server;
+    await this.bindServerWithRetry(server);
     const wss = new import_websocket_server.default({
       server,
       path: "/ws",
+      // Frames past this are dropped at the socket layer (ws closes with
+      // 1009) instead of being buffered into memory. onMessage applies a
+      // tighter MAX_FRAME_BYTES cap of its own.
+      maxPayload: 1024 * 1024,
       verifyClient: (info) => this.validToken(info.req.url)
     });
     this.wss = wss;
     wss.on("connection", (ws) => this.onConnection(ws));
-    await this.bindServerWithRetry(server);
+    wss.on("error", (err) => this.logger?.warn?.("web socket server error", { err: String(err) }));
     await this.openTunnel();
     this.publishSurface?.({ url: this.shareUrl, nextViewId: () => `v_srv_${++this.viewSeq}` });
     this.publishControls?.({ retunnel: () => this.retunnel() });
@@ -114606,11 +115087,13 @@ var WebChannel = class {
     return { running, stop: () => this.stop() };
   }
   /**
-   * Bind the HTTP server, with one round of recovery if the port is
-   * already in use. A stale `moxxy serve` from a prior install often
-   * leaves 4040 bound even after its unix socket has been released;
-   * killing whatever PID holds the port lets the fresh server boot
-   * cleanly instead of crashing with EADDRINUSE.
+   * Bind the HTTP server, with recovery if the port is already in use.
+   * A stale `moxxy serve` from a prior install often leaves 4040 bound
+   * even after its unix socket has been released — if (and only if) the
+   * holder is verifiably a moxxy process we kill it and retry. Anything
+   * else (ngrok's local UI also defaults to 4040) is never signalled;
+   * we bind an ephemeral port instead and log loudly which port the
+   * surface actually got (the share URL embeds the real port either way).
    */
   async bindServerWithRetry(server) {
     const tryListen = () => new Promise((resolve12, reject) => {
@@ -114632,13 +115115,26 @@ var WebChannel = class {
     });
     try {
       await tryListen();
+      return;
     } catch (err) {
       if (!isAddrInUse(err))
         throw err;
-      this.logger?.warn?.(`web channel port ${this.port} in use; freeing and retrying`);
-      await freeTcpPort(this.port).catch(() => void 0);
-      await tryListen();
     }
+    const requested = this.port;
+    const freed = await freeTcpPortIfMoxxy(requested, this.logger).catch(() => false);
+    if (freed) {
+      this.logger?.warn?.(`web channel port ${requested} was held by a stale moxxy process; freed it, retrying`);
+      try {
+        await tryListen();
+        return;
+      } catch (err) {
+        if (!isAddrInUse(err))
+          throw err;
+      }
+    }
+    this.port = 0;
+    await tryListen();
+    this.logger?.warn?.(`web channel port ${requested} was in use by another process; bound ephemeral port ${this.port} instead`, { requestedPort: requested, boundPort: this.port, url: this.url });
   }
   /**
    * (Re-)open the tunnel via the active provider, closing any prior one FIRST so
@@ -114744,13 +115240,31 @@ var WebChannel = class {
     for (const frame of this.views.values())
       this.send(ws, frame);
   }
+  /**
+   * Handle a browser → server frame. This is a trust boundary (tunnels put
+   * it on the public internet): every frame is schema-validated before any
+   * field access, and invalid ones are dropped — a thrown error in a ws
+   * 'message' listener escalates to a process-level uncaughtException.
+   */
   onMessage(ws, data) {
-    let frame;
+    const raw = String(data);
+    if (raw.length > MAX_FRAME_BYTES) {
+      this.dropFrame("oversized frame");
+      return;
+    }
+    let parsed;
     try {
-      frame = JSON.parse(String(data));
+      parsed = JSON.parse(raw);
     } catch {
+      this.dropFrame("invalid JSON");
       return;
     }
+    const result = clientFrameSchema.safeParse(parsed);
+    if (!result.success) {
+      this.dropFrame("schema mismatch");
+      return;
+    }
+    const frame = result.data;
     if (frame.kind === "prompt") {
       if (frame.text.trim())
         void this.drive(frame.text);
@@ -114765,6 +115279,18 @@ var WebChannel = class {
       void this.drive(actionPrompt(frame.action, frame.formValues));
     }
   }
+  /** Count a dropped inbound frame; warn at most once per window (no log spam). */
+  dropFrame(reason) {
+    this.droppedFrames += 1;
+    const now = Date.now();
+    if (now - this.lastDropWarnAt < DROP_WARN_INTERVAL_MS)
+      return;
+    this.lastDropWarnAt = now;
+    this.logger?.warn?.("web channel dropped invalid client frame(s)", {
+      reason,
+      droppedTotal: this.droppedFrames
+    });
+  }
   async drive(prompt) {
     if (!this.session || this.busy)
       return;
@@ -115056,28 +115582,65 @@ buildWebChannelPlugin();
 // ../ipc-server-ws/dist/ws-transport.js
 init_wrapper();
 var BEARER = "Bearer ";
-function checkWsAuth(req, expected) {
+function checkWsAuth(req, expected, opts = {}) {
   const guard2 = bearerGuard(expected);
   const auth2 = req.headers.authorization;
   if (auth2 && auth2.startsWith(BEARER) && guard2(auth2.slice(BEARER.length)))
     return true;
-  try {
-    const url2 = new URL(req.url ?? "/", "http://localhost");
-    if (guard2(url2.searchParams.get("t")))
-      return true;
-  } catch {
+  const fromProtocol = tokenFromWsProtocolHeader(req.headers["sec-websocket-protocol"]);
+  if (fromProtocol !== null && guard2(fromProtocol))
+    return true;
+  if (opts.allowQueryToken) {
+    try {
+      const url2 = new URL(req.url ?? "/", "http://localhost");
+      if (guard2(url2.searchParams.get("t")))
+        return true;
+    } catch {
+    }
   }
   return false;
 }
+function checkWsOrigin(req, allowedOrigins = []) {
+  const origin = req.headers.origin;
+  if (!origin)
+    return true;
+  const lower2 = origin.toLowerCase();
+  return allowedOrigins.some((allowed) => allowed.toLowerCase() === lower2);
+}
 
 // ../ipc-server-ws/dist/ws-transport.js
+var DEFAULT_MAX_CONNECTIONS = 8;
+var DEFAULT_MAX_BUFFERED_BYTES = 4 * 1024 * 1024;
+var DEFAULT_BUFFER_STALL_GRACE_MS = 1e4;
+var SlowReaderGuard = class {
+  limitBytes;
+  graceMs;
+  stalledSinceMs = null;
+  constructor(limitBytes = DEFAULT_MAX_BUFFERED_BYTES, graceMs = DEFAULT_BUFFER_STALL_GRACE_MS) {
+    this.limitBytes = limitBytes;
+    this.graceMs = graceMs;
+  }
+  check(bufferedAmount, nowMs) {
+    if (bufferedAmount <= this.limitBytes) {
+      this.stalledSinceMs = null;
+      return "ok";
+    }
+    if (this.stalledSinceMs === null) {
+      this.stalledSinceMs = nowMs;
+      return "ok";
+    }
+    return nowMs - this.stalledSinceMs >= this.graceMs ? "terminate" : "ok";
+  }
+};
 var WsTransport = class {
   ws;
+  guard;
   frameHandler = null;
   closeHandler = null;
   closeEmitted = false;
-  constructor(ws) {
+  constructor(ws, guard2) {
     this.ws = ws;
+    this.guard = guard2;
     ws.on("message", (data) => {
       let parsed;
       try {
@@ -115091,8 +115654,14 @@ var WsTransport = class {
     ws.on("error", (err) => this.emitClose(err));
   }
   send(frame) {
-    if (this.ws.readyState === this.ws.OPEN)
-      this.ws.send(JSON.stringify(frame));
+    if (this.ws.readyState !== this.ws.OPEN)
+      return;
+    if (this.guard.check(this.ws.bufferedAmount, Date.now()) === "terminate") {
+      console.warn(`[moxxy] ws bridge: evicting slow reader (${this.ws.bufferedAmount} bytes unread past grace)`);
+      this.ws.terminate();
+      return;
+    }
+    this.ws.send(JSON.stringify(frame));
   }
   onFrame(handler) {
     this.frameHandler = handler;
@@ -115115,15 +115684,35 @@ async function createWebSocketTransportServer(opts) {
     throw new Error("createWebSocketTransportServer: authToken is required \u2014 this surface is network-reachable");
   }
   const host = opts.host ?? "127.0.0.1";
+  const maxConnections = opts.maxConnections ?? DEFAULT_MAX_CONNECTIONS;
+  let currentToken = opts.authToken;
+  let connections = 0;
   const wss = new import_websocket_server.default({
     host,
     port: opts.port,
     maxPayload: opts.maxPayloadBytes ?? 64 * 1024 * 1024,
-    verifyClient: (info) => checkWsAuth(info.req, opts.authToken)
+    verifyClient: (info) => {
+      if (!checkWsOrigin(info.req, opts.allowedOrigins)) {
+        console.warn(`[moxxy] ws bridge: rejected browser-origin upgrade (Origin: ${String(info.req.headers.origin)})`);
+        return false;
+      }
+      if (connections >= maxConnections) {
+        console.warn(`[moxxy] ws bridge: rejected upgrade \u2014 connection cap (${maxConnections}) reached`);
+        return false;
+      }
+      return checkWsAuth(info.req, currentToken, { allowQueryToken: opts.allowQueryToken });
+    },
+    // When the client offers subprotocols (the moxxy.bearer.* convention),
+    // select the moxxy protocol WITHOUT echoing the token-bearing entry back.
+    handleProtocols: (protocols) => protocols.has(MOXXY_WS_SUBPROTOCOL) ? MOXXY_WS_SUBPROTOCOL : false
   });
   const connectionHandlers = [];
   wss.on("connection", (ws) => {
-    const transport = new WsTransport(ws);
+    connections += 1;
+    ws.once("close", () => {
+      connections -= 1;
+    });
+    const transport = new WsTransport(ws, new SlowReaderGuard(opts.maxBufferedBytes, opts.bufferStallGraceMs));
     for (const handler of connectionHandlers)
       handler(transport);
   });
@@ -115131,13 +115720,24 @@ async function createWebSocketTransportServer(opts) {
     wss.once("error", reject);
     wss.once("listening", resolve12);
   });
+  const bound = wss.address();
+  const boundPort = typeof bound === "object" && bound !== null ? bound.port : opts.port;
   return {
-    address: `ws://${host}:${opts.port}`,
+    address: `ws://${host}:${boundPort}`,
     onConnection(handler) {
       connectionHandlers.push(handler);
     },
+    rotateAuthToken(next) {
+      currentToken = next;
+      for (const client of wss.clients)
+        client.terminate();
+    },
     close() {
-      return new Promise((resolve12) => wss.close(() => resolve12()));
+      return new Promise((resolve12) => {
+        for (const client of wss.clients)
+          client.terminate();
+        wss.close(() => resolve12());
+      });
     }
   };
 }
@@ -115268,6 +115868,12 @@ var JsonRpcPeer = class {
     this.closeHandlers.length = 0;
   }
 };
+var stderrLogger = {
+  warn: (msg, meta) => process.stderr.write(`[moxxy-runner] WARN ${msg} ${meta ? JSON.stringify(meta) : ""}
+`),
+  error: (msg, meta) => process.stderr.write(`[moxxy-runner] ERROR ${msg} ${meta ? JSON.stringify(meta) : ""}
+`)
+};
 var NdjsonTransport = class {
   socket;
   buffer = "";
@@ -115322,10 +115928,12 @@ var NdjsonTransport = class {
     this.socket.end();
   }
 };
-async function createUnixSocketServer(socketPath) {
+async function createUnixSocketServer(socketPath, logger = stderrLogger) {
   if (process.platform !== "win32") {
     await reclaimStaleSocket(socketPath);
-    fs27__default.mkdirSync(path3__default.dirname(socketPath), { recursive: true });
+    secureSocketDir(path3__default.dirname(socketPath), logger);
+  } else {
+    warnWindowsPipeAclOnce(logger, socketPath);
   }
   const connectionHandlers = [];
   const server = net.createServer((socket) => {
@@ -115343,7 +115951,11 @@ async function createUnixSocketServer(socketPath) {
   if (process.platform !== "win32") {
     try {
       fs27__default.chmodSync(socketPath, 384);
-    } catch {
+    } catch (err) {
+      logger.error("failed to chmod runner socket to 0600", {
+        socketPath,
+        error: err instanceof Error ? err.message : String(err)
+      });
     }
   }
   return {
@@ -115380,6 +115992,31 @@ function connectUnixSocket(socketPath) {
     });
   });
 }
+function secureSocketDir(dir, logger) {
+  fs27__default.mkdirSync(dir, { recursive: true, mode: 448 });
+  try {
+    const st3 = fs27__default.statSync(dir);
+    if ((st3.mode & 63) === 0)
+      return;
+    if (typeof process.getuid === "function" && st3.uid !== process.getuid()) {
+      logger.warn("runner socket directory is accessible to other users and not owned by this process; cannot tighten to 0700", { dir });
+      return;
+    }
+    fs27__default.chmodSync(dir, 448);
+  } catch (err) {
+    logger.error("failed to restrict runner socket directory to 0700", {
+      dir,
+      error: err instanceof Error ? err.message : String(err)
+    });
+  }
+}
+var warnedWindowsPipeAcl = false;
+function warnWindowsPipeAclOnce(logger, pipePath) {
+  if (warnedWindowsPipeAcl)
+    return;
+  warnedWindowsPipeAcl = true;
+  logger.warn("runner named pipe relies on the Windows default DACL (creator/SYSTEM/Administrators: full control; Everyone: read-only) - no explicit ACL is applied", { pipePath });
+}
 async function reclaimStaleSocket(socketPath) {
   if (!fs27__default.existsSync(socketPath))
     return;
@@ -115425,7 +116062,7 @@ function isRunnerUp(socketPath = runnerSocketPath()) {
 
 // ../runner/dist/server.js
 init_dist();
-var RUNNER_PROTOCOL_VERSION = 2;
+var RUNNER_PROTOCOL_VERSION = 3;
 var RunnerMethod = {
   /** client->server: handshake; returns the initial info snapshot. */
   Attach: "attach",
@@ -115435,6 +116072,14 @@ var RunnerMethod = {
   RunTurn: "runTurn",
   /** client->server: abort an in-flight turn. */
   Abort: "abort",
+  /**
+   * client->server: `/new` — abort every in-flight turn, clear the runner's
+   * authoritative event log (and, via the log's clear listeners, truncate
+   * the persisted session JSONL so `--resume` can't resurrect the wiped
+   * history). The runner broadcasts the `session.reset` notification to ALL
+   * attached clients so every mirror clears in lockstep.
+   */
+  SessionReset: "session.reset",
   /** client->server: declare which resolvers this client will answer. */
   SetResolver: "setResolver",
   /** client->server: switch the active mode. */
@@ -115472,7 +116117,14 @@ var RunnerNotification = {
   /** A turn finished (cleanly or with an error). */
   TurnComplete: "turn.complete",
   /** The registry snapshot changed (plugin reload, mode switch, …). */
-  InfoChanged: "info.changed"
+  InfoChanged: "info.changed",
+  /**
+   * The runner's event log was reset (`/new` from any client, or a
+   * self-hosting channel clearing the local log directly). Mirrors MUST
+   * clear: post-reset events restart at seq 0, which a seq-contiguous
+   * mirror only accepts from an empty log.
+   */
+  SessionReset: "session.reset"
 };
 var attachmentSchema = z.object({
   kind: z.string(),
@@ -115539,6 +116191,7 @@ var RunnerServer = class {
   turnControllers = /* @__PURE__ */ new Map();
   scope = new AsyncLocalStorage();
   logUnsub;
+  logClearUnsub;
   modesUnsub;
   /**
    * Resolvers for unscoped (local) turns - the fall-through path. Seeded from
@@ -115557,6 +116210,7 @@ var RunnerServer = class {
     this.installRoutingResolvers();
     this.transport.onConnection((t2) => this.onConnection(t2));
     this.logUnsub = session.log.subscribe((event) => this.broadcastEvent(event));
+    this.logClearUnsub = session.log.onClear(() => this.broadcast(RunnerNotification.SessionReset, {}));
     this.modesUnsub = session.modes.onActiveChange(() => this.broadcastInfo());
   }
   get address() {
@@ -115567,6 +116221,7 @@ var RunnerServer = class {
       return;
     this.closed = true;
     this.logUnsub();
+    this.logClearUnsub();
     this.modesUnsub();
     for (const client of this.clients)
       client.peer.close();
@@ -115588,7 +116243,8 @@ var RunnerServer = class {
     peer.handle(RunnerMethod.Attach, (raw) => this.handleAttach(client, raw));
     peer.handle(RunnerMethod.GetInfo, () => this.session.getInfo());
     peer.handle(RunnerMethod.RunTurn, (raw) => this.handleRunTurn(client, raw));
-    peer.handle(RunnerMethod.Abort, (raw) => this.handleAbort(raw));
+    peer.handle(RunnerMethod.Abort, (raw) => this.handleAbort(client, raw));
+    peer.handle(RunnerMethod.SessionReset, () => this.handleSessionReset());
     peer.handle(RunnerMethod.SetResolver, (raw) => this.handleSetResolver(client, raw));
     peer.handle(RunnerMethod.ModeSetActive, (raw) => this.handleModeSetActive(raw));
     peer.handle(RunnerMethod.ProviderSetActive, (raw) => this.handleProviderSetActive(raw));
@@ -115607,7 +116263,7 @@ var RunnerServer = class {
   onDisconnect(client) {
     this.clients.delete(client);
     for (const turnId of client.turns) {
-      this.turnControllers.get(turnId)?.abort("owning client disconnected");
+      this.turnControllers.get(turnId)?.controller.abort("owning client disconnected");
     }
   }
   // --- request handlers ----------------------------------------------------
@@ -115631,7 +116287,7 @@ var RunnerServer = class {
     const params = runTurnParamsSchema.parse(raw);
     const turnId = newTurnId();
     const controller = new AbortController();
-    this.turnControllers.set(turnId, controller);
+    this.turnControllers.set(turnId, { controller, owner: client });
     client.turns.add(turnId);
     const opts = {
       turnId,
@@ -115660,9 +116316,39 @@ var RunnerServer = class {
     });
     return { turnId };
   }
-  handleAbort(raw) {
+  handleAbort(client, raw) {
     const params = abortParamsSchema.parse(raw);
-    this.turnControllers.get(params.turnId)?.abort("client requested abort");
+    const entry = this.turnControllers.get(params.turnId);
+    if (!entry)
+      return {};
+    if (entry.owner !== client) {
+      this.session.logger.warn("cross-client abort", {
+        turnId: params.turnId,
+        ownerRole: entry.owner.role,
+        abortingRole: client.role
+      });
+      if (process.env.MOXXY_RUNNER_STRICT_ABORT === "1") {
+        throw new Error(`turn ${params.turnId} was started by '${entry.owner.role}'; cross-client abort denied (MOXXY_RUNNER_STRICT_ABORT=1)`);
+      }
+    }
+    entry.controller.abort("client requested abort");
+    return {};
+  }
+  /**
+   * `/new` from any attached client. Aborts every in-flight turn (whoever
+   * started it — the wipe is session-global), then clears the authoritative
+   * log. The clear cascades: the log's clear listeners broadcast the
+   * `session.reset` notification to all attached mirrors (wired in the
+   * ctor) and truncate the persistence sidecar's JSONL. An aborted turn may
+   * still flush a final event after the wipe; it lands in the fresh log at
+   * seq 0+ and is broadcast AFTER the reset notification (single ordered
+   * socket), so mirrors stay contiguous either way.
+   */
+  handleSessionReset() {
+    for (const entry of this.turnControllers.values()) {
+      entry.controller.abort("session reset");
+    }
+    this.session.log.clear();
     return {};
   }
   handleSetResolver(client, raw) {
@@ -115873,7 +116559,7 @@ function defaultApproval(request) {
   return { optionId: request.defaultOptionId ?? request.options[0]?.id ?? "" };
 }
 async function startRunnerServer(session, opts = {}) {
-  const transport = opts.transport ?? await createUnixSocketServer(opts.socketPath ?? runnerSocketPath());
+  const transport = opts.transport ?? await createUnixSocketServer(opts.socketPath ?? runnerSocketPath(), session.logger);
   return new RunnerServer(session, transport);
 }
 
@@ -115962,6 +116648,9 @@ var RemoteSession = class {
     this.peer.on(RunnerNotification.InfoChanged, (params) => {
       this.info = params.info;
     });
+    this.peer.on(RunnerNotification.SessionReset, () => {
+      this.mirror.clear();
+    });
     this.peer.handle(RunnerMethod.PermissionCheck, (params) => {
       const { call, ctx } = params;
       if (!this.permissionResolver) {
@@ -116019,6 +116708,17 @@ var RemoteSession = class {
   get log() {
     return this.mirror;
   }
+  /**
+   * `SessionLike.reset` — server-authoritative `/new`. The runner aborts
+   * in-flight turns, clears its log + persisted JSONL, and broadcasts
+   * `session.reset`; our mirror clears when that notification lands (it is
+   * sent before this RPC's reply on the same ordered socket, so the mirror
+   * is already empty by the time this resolves). Rejects when the runner is
+   * unreachable — callers must surface that instead of claiming success.
+   */
+  async reset() {
+    await this.peer.request(RunnerMethod.SessionReset, {});
+  }
   getInfo() {
     return this.requireInfo();
   }
@@ -116317,13 +117017,41 @@ async function killAndUnlinkRunner(socketPath, ports = DEFAULT_RUNNER_PORTS) {
 }
 async function killProcessOwning(socketPath) {
   const pids = await pidsListeningOnSocket(socketPath);
-  for (const pid of pids)
-    await terminate(pid);
+  for (const pid of pids) {
+    if (await isMoxxyProcess(pid))
+      await terminate(pid);
+  }
 }
 async function killProcessOnPort(port) {
   const pids = await pidsListeningOnPort(port);
-  for (const pid of pids)
-    await terminate(pid);
+  for (const pid of pids) {
+    if (await isMoxxyProcess(pid))
+      await terminate(pid);
+  }
+}
+async function isMoxxyProcess(pid) {
+  if (!Number.isFinite(pid) || pid <= 0 || pid === process.pid)
+    return false;
+  const command = await pidCommand2(pid);
+  return command.length > 0 && /moxxy/i.test(command);
+}
+async function pidCommand2(pid) {
+  const { spawn: spawn17 } = await import('child_process');
+  return await new Promise((resolve12) => {
+    let out = "";
+    try {
+      const child = spawn17("ps", ["-p", String(pid), "-o", "command="], {
+        stdio: ["ignore", "pipe", "ignore"]
+      });
+      child.stdout.on("data", (b3) => {
+        out += b3.toString();
+      });
+      child.on("error", () => resolve12(""));
+      child.on("close", () => resolve12(out.trim()));
+    } catch {
+      resolve12("");
+    }
+  });
 }
 async function terminate(pid) {
   if (!Number.isFinite(pid) || pid <= 0 || pid === process.pid)
@@ -116767,13 +117495,17 @@ var MobileSessionHost = class {
     resolve12(response);
   }
 };
+var TOKEN_FILE = "mobile-token";
 function resolveMobileToken(configured) {
   return resolveChannelToken({
     configured,
     envVar: "MOXXY_MOBILE_TOKEN",
-    fileName: "mobile-token"
+    fileName: TOKEN_FILE
   });
 }
+function rotateMobileToken() {
+  return rotateChannelToken({ fileName: TOKEN_FILE });
+}
 function normalizeTunnelChoice(raw) {
   const v3 = (process.env.MOXXY_MOBILE_TUNNEL ?? raw ?? "localhost").trim().toLowerCase();
   if (v3 === "cloudflared" || v3 === "ngrok")
@@ -116787,6 +117519,18 @@ function tunnelProviderFor(choice) {
     return ngrokTunnel;
   return null;
 }
+function resolveBindHost(configured) {
+  const v3 = (process.env.MOXXY_MOBILE_HOST ?? configured ?? "").trim();
+  return v3.length > 0 ? v3 : "127.0.0.1";
+}
+function isLoopbackHost(host) {
+  const h3 = host.trim().toLowerCase();
+  return h3 === "localhost" || h3 === "::1" || h3 === "[::1]" || h3.startsWith("127.");
+}
+function isWildcardHost(host) {
+  const h3 = host.trim().toLowerCase();
+  return h3 === "0.0.0.0" || h3 === "::" || h3 === "[::]";
+}
 function lanHost(fallback) {
   for (const list of Object.values(os5__default.networkInterfaces())) {
     for (const ni of list ?? []) {
@@ -116796,6 +117540,11 @@ function lanHost(fallback) {
   }
   return fallback;
 }
+function advertisedHost(bindHost) {
+  if (isWildcardHost(bindHost))
+    return lanHost("127.0.0.1");
+  return bindHost;
+}
 function buildConnectUrl(opts) {
   const t2 = encodeURIComponent(opts.token);
   if (opts.tunnelUrl) {
@@ -116808,7 +117557,7 @@ function buildConnectUrl(opts) {
 
 // ../plugin-channel-mobile/dist/qr.js
 var import_qrcode = __toESM(require_lib3());
-async function printConnectInfo(url2, token) {
+async function printConnectInfo(url2, token, hint) {
   let qr2 = "";
   try {
     qr2 = await import_qrcode.default.toString(url2, { type: "terminal", small: true });
@@ -116822,6 +117571,10 @@ async function printConnectInfo(url2, token) {
     qr2,
     `  url:   ${url2}`,
     `  token: ${token}`,
+    ...hint ? ["", `  \u2139 ${hint}`] : [],
+    "",
+    "  (rotate the pairing token \u2014 invalidating this QR and every paired app \u2014",
+    "   by deleting ~/.moxxy/mobile-token and restarting the channel)",
     ""
   ];
   console.log(lines.join("\n"));
@@ -116842,7 +117595,7 @@ var MobileChannel = class {
   tunnel = null;
   constructor(opts = {}) {
     this.port = opts.port ?? DEFAULT_PORT;
-    this.bindHost = opts.bindHost ?? "127.0.0.1";
+    this.bindHost = resolveBindHost(opts.bindHost);
     this.token = resolveMobileToken(opts.token);
     this.tunnelChoice = normalizeTunnelChoice(opts.tunnel);
     this.logger = opts.logger;
@@ -116851,6 +117604,19 @@ var MobileChannel = class {
       check: (call, ctx) => this.host ? this.host.permissionResolver.check(call, ctx) : Promise.resolve({ mode: "deny" })
     };
   }
+  /**
+   * Rotate the pairing token: persist a fresh secret, re-key the live server
+   * (every connected app is terminated — a leaked QR/token stops working
+   * immediately), and return the new token so the caller can re-display
+   * pairing info. The printed QR also documents the manual path (delete
+   * `~/.moxxy/mobile-token` + restart). Env/config-supplied tokens take
+   * precedence at resolve time and must be rotated at their source.
+   */
+  rotateToken() {
+    this.token = rotateMobileToken();
+    this.server?.rotateAuthToken(this.token);
+    return this.token;
+  }
   async start(startOpts) {
     const bus = new WebSocketCommandBus();
     const host = new MobileSessionHost(bus, startOpts.session);
@@ -116860,7 +117626,12 @@ var MobileChannel = class {
     const server = await startWsBridge(bus, {
       port: this.port,
       host: this.bindHost,
-      authToken: this.token
+      authToken: this.token,
+      // Back-compat ONLY: the QR this channel prints embeds the token as `?t=`
+      // (pairing payload); current apps strip it and authenticate via the
+      // Sec-WebSocket-Protocol bearer entry, but older installed builds still
+      // connect with the token in the WS URL.
+      allowQueryToken: true
     });
     this.server = server;
     this.logger?.info?.("mobile channel listening", { address: server.address });
@@ -116872,7 +117643,7 @@ var MobileChannel = class {
         tunnelUrl = this.tunnel.url;
         this.logger?.info?.("mobile tunnel open", { provider: provider.name, url: tunnelUrl });
       } catch (err) {
-        this.logger?.warn?.("mobile tunnel failed; using LAN URL", {
+        this.logger?.warn?.("mobile tunnel failed; using the local URL", {
           provider: provider.name,
           err: String(err)
         });
@@ -116880,11 +117651,12 @@ var MobileChannel = class {
     }
     const connectUrl = buildConnectUrl({
       tunnelUrl,
-      localHost: lanHost(this.bindHost),
+      localHost: advertisedHost(this.bindHost),
       port: this.port,
       token: this.token
     });
-    await printConnectInfo(connectUrl, this.token);
+    const loopbackOnly = !tunnelUrl && isLoopbackHost(this.bindHost);
+    await printConnectInfo(connectUrl, this.token, loopbackOnly ? "Bound to loopback \u2014 this QR only works on THIS machine (e.g. an iOS/Android\n  simulator). For a real phone: opt in to a LAN bind with MOXXY_MOBILE_HOST=0.0.0.0\n  (or channels.mobile.bindHost in moxxy.config.ts), or use a tunnel\n  (channels.mobile.tunnel: 'cloudflared' | 'ngrok', or MOXXY_MOBILE_TUNNEL)." : void 0);
     let resolveRunning;
     const running = new Promise((resolve12) => {
       resolveRunning = resolve12;
@@ -117023,11 +117795,12 @@ function extractFirstTagBlock(html, selector) {
 function escapeReSelector(s2) {
   return s2.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
 }
-
-// ../plugin-browser/dist/web-fetch.js
-var MAX_BYTES_DEFAULT = 2 * 1024 * 1024;
-var MAX_REDIRECTS_DEFAULT = 5;
-var FETCH_TIMEOUT_MS_DEFAULT = 2e4;
+var SsrfBlockedError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "SsrfBlockedError";
+  }
+};
 var defaultResolver = async (host) => (await lookup(host, { all: true })).map((a2) => a2.address);
 var resolver = defaultResolver;
 function isBlockedIpv4(ip) {
@@ -117074,32 +117847,23 @@ function isBlockedIp(ip) {
     return isBlockedIpv6(ip);
   return true;
 }
-async function assertPublicUrl(raw) {
+async function assertPublicUrl(raw, label3 = "request") {
   let u2;
   try {
     u2 = new URL(raw);
   } catch {
-    throw new MoxxyError({ code: "INTERNAL", message: `web_fetch: invalid URL: ${raw}` });
+    throw new SsrfBlockedError(`${label3}: invalid URL: ${raw}`);
   }
   if (u2.protocol !== "http:" && u2.protocol !== "https:") {
-    throw new MoxxyError({
-      code: "INTERNAL",
-      message: `web_fetch: refusing non-HTTP(S) scheme "${u2.protocol}"`
-    });
+    throw new SsrfBlockedError(`${label3}: refusing non-HTTP(S) scheme "${u2.protocol}"`);
   }
   const host = u2.hostname.replace(/^\[|\]$/g, "");
   if (host === "localhost" || host.endsWith(".localhost")) {
-    throw new MoxxyError({
-      code: "INTERNAL",
-      message: `web_fetch: refusing to fetch loopback host "${host}"`
-    });
+    throw new SsrfBlockedError(`${label3}: refusing to fetch loopback host "${host}"`);
   }
   if (isIP(host)) {
     if (isBlockedIp(host))
-      throw new MoxxyError({
-        code: "INTERNAL",
-        message: `web_fetch: refusing private/loopback address "${host}"`
-      });
+      throw new SsrfBlockedError(`${label3}: refusing private/loopback address "${host}"`);
     return;
   }
   let addrs;
@@ -117110,11 +117874,23 @@ async function assertPublicUrl(raw) {
   }
   for (const addr of addrs) {
     if (isBlockedIp(addr)) {
-      throw new MoxxyError({
-        code: "INTERNAL",
-        message: `web_fetch: host "${host}" resolves to a private/loopback address (${addr})`
-      });
+      throw new SsrfBlockedError(`${label3}: host "${host}" resolves to a private/loopback address (${addr})`);
+    }
+  }
+}
+
+// ../plugin-browser/dist/web-fetch.js
+var MAX_BYTES_DEFAULT = 2 * 1024 * 1024;
+var MAX_REDIRECTS_DEFAULT = 5;
+var FETCH_TIMEOUT_MS_DEFAULT = 2e4;
+async function assertPublicUrlForWebFetch(raw) {
+  try {
+    await assertPublicUrl(raw, "web_fetch");
+  } catch (err) {
+    if (err instanceof SsrfBlockedError) {
+      throw new MoxxyError({ code: "INTERNAL", message: err.message });
     }
+    throw err;
   }
 }
 var webFetchTool = defineTool({
@@ -117182,7 +117958,7 @@ var webFetchTool = defineTool({
 async function fetchFollowRedirects(initialUrl, opts) {
   let current = initialUrl;
   for (let hop = 0; hop <= opts.maxRedirects; hop++) {
-    await assertPublicUrl(current);
+    await assertPublicUrlForWebFetch(current);
     const res = await fetch(current, {
       method: opts.method,
       headers: opts.headers,
@@ -117261,8 +118037,11 @@ var actionSchema = z$1.union([
   z$1.object({
     kind: z$1.literal("goto"),
     // `z.string().url()` accepts file:// and javascript: URLs, which would be
-    // forwarded verbatim to Playwright `page.goto`. Restrict to http(s) — the
-    // same scheme guard web_fetch enforces via assertPublicUrl.
+    // forwarded verbatim to Playwright `page.goto`. This refine is only a fast
+    // schema-level scheme check; the full SSRF guard (loopback/private/
+    // link-local/metadata IPs, DNS resolution — same `assertPublicUrl` as
+    // web_fetch) runs in the handler before the RPC AND again inside the
+    // sidecar's goto dispatch.
     url: z$1.string().url().refine((u2) => /^https?:\/\//i.test(u2), "only http(s) URLs allowed"),
     waitUntil: z$1.enum(["load", "domcontentloaded", "networkidle"]).optional(),
     timeoutMs: z$1.number().int().positive().max(12e4).optional()
@@ -117457,7 +118236,7 @@ function defaultSpawn(scriptPath) {
 function buildBrowserSessionTool(deps) {
   return defineTool({
     name: "browser_session",
-    description: "Drive a real browser (Playwright). Use for pages that need JS execution, clicks, form fills, or screenshots. For simple GETs prefer web_fetch (no extra deps). Calls within a session share one page.",
+    description: "Drive a real browser (Playwright). Use for pages that need JS execution, clicks, form fills, or screenshots. For simple GETs prefer web_fetch (no extra deps). Calls within a session share one page. Navigation is restricted to public http(s) origins: goto URLs and top-level/iframe navigations (including redirects) to loopback, private (RFC-1918), link-local/metadata, or CGNAT addresses are blocked. Residual risk: subresource requests (img/fetch/script) issued by a loaded page are NOT filtered, so a hostile page can still send blind requests at internal services.",
     inputSchema: z$1.object({
       action: actionSchema
     }),
@@ -117484,6 +118263,14 @@ function buildBrowserSessionTool(deps) {
       try {
         switch (action.kind) {
           case "goto":
+            try {
+              await assertPublicUrl(action.url, "browser_session");
+            } catch (err) {
+              if (err instanceof SsrfBlockedError) {
+                throw new MoxxyError({ code: "INTERNAL", message: err.message });
+              }
+              throw err;
+            }
             return await call("goto", {
               url: action.url,
               waitUntil: action.waitUntil,
@@ -118095,8 +118882,8 @@ var removeProviderInput = z$1.object({
   name: providerNameSchema
 });
 var testProviderInput = z$1.object({
-  baseURL: z$1.string().url(),
-  apiKey: z$1.string().min(1)
+  baseURL: z$1.string().url().describe("Vendor API base URL to probe, e.g. https://api.deepseek.com."),
+  keyName: z$1.string().regex(/^[A-Z][A-Z0-9_]*$/).describe("NAME of the vault secret holding the API key (e.g. DEEPSEEK_API_KEY). The key is resolved from the vault inside the tool \u2014 never ask the user for the plaintext key and never pass one as a tool argument. Have them store it first: /vault set <NAME> <key>.")
 });
 function buildProviderAdminPlugin(opts) {
   const { providerRegistry, configPath } = opts;
@@ -118137,6 +118924,7 @@ function buildProviderAdminPlugin(opts) {
             providerRegistry.unregister(entry.name);
             throw err;
           }
+          const vaultKeyName2 = entry.envVar ?? `${entry.name.toUpperCase()}_API_KEY`;
           return {
             ok: true,
             name: entry.name,
@@ -118146,7 +118934,7 @@ function buildProviderAdminPlugin(opts) {
             models: entry.models.map((m3) => m3.id),
             path: configPath ?? providersConfigPath(),
             replaced: wasRegistered,
-            note: `Provider "${entry.name}" is live in this session. Have the USER store the API key by running: /vault set ${entry.envVar ?? `${entry.name.toUpperCase()}_API_KEY`} <key> \u2014 never ask them to paste the key to you. Switch with the /provider command or set provider.name in moxxy.config.ts.`
+            note: `Provider "${entry.name}" is live in this session. Have the USER store the API key by running: /vault set ${vaultKeyName2} <key> \u2014 never ask them to paste the key to you. Once stored, you can verify it with provider_test (baseURL + keyName "${vaultKeyName2}") \u2014 it resolves the key from the vault itself. Switch with the /provider command or set provider.name in moxxy.config.ts.`
           };
         }
       }),
@@ -118188,10 +118976,28 @@ function buildProviderAdminPlugin(opts) {
       }),
       defineTool({
         name: "provider_test",
-        description: "Probe an OpenAI-compatible endpoint with the supplied API key by calling /v1/models. Use BEFORE provider_add to confirm the baseURL + key are valid. Returns { ok: true } on success or { ok: false, message } with the vendor error verbatim.",
+        description: "Probe an OpenAI-compatible endpoint by calling /v1/models. Takes the NAME of a vault secret (e.g. ZAI_API_KEY) and resolves the API key via the vault inside the handler \u2014 the plaintext key never enters the conversation or logs. Have the USER store the key first with /vault set <NAME> <key>, then call this to confirm the baseURL + key are valid (typically before provider_add). Returns { ok: true } on success or { ok: false, message } with the vendor error verbatim.",
         inputSchema: testProviderInput,
         permission: { action: "prompt" },
-        handler: async ({ baseURL, apiKey }) => validateKey2(apiKey, { baseURL })
+        // The plaintext key is resolved HERE, at call time, via ctx.getSecret —
+        // it never appears as tool input/output, so it stays out of the model
+        // context, the runner session log, and the desktop NDJSON log.
+        handler: async ({ baseURL, keyName: keyName2 }, ctx) => {
+          if (!ctx.getSecret) {
+            return {
+              ok: false,
+              message: "provider_test: this session has no secret vault wired in (ctx.getSecret is unavailable), so the key cannot be resolved. Register the provider with provider_add and have the user verify the key with `moxxy doctor` instead."
+            };
+          }
+          const apiKey = await ctx.getSecret(keyName2);
+          if (!apiKey) {
+            return {
+              ok: false,
+              message: `provider_test: no vault secret named "${keyName2}". Ask the USER to store it by running: /vault set ${keyName2} <key> \u2014 then call provider_test again with keyName "${keyName2}". Never ask them to paste the key into the conversation.`
+            };
+          }
+          return validateKey2(apiKey, { baseURL });
+        }
       })
     ],
     hooks: {
@@ -119828,7 +120634,7 @@ function readHeader(headers, name) {
     return v3[0] ?? null;
   return v3 ?? null;
 }
-function readJsonPath(body, path59) {
+function readJsonPath(body, path60) {
   let parsed;
   try {
     parsed = JSON.parse(body.toString("utf8"));
@@ -119836,7 +120642,7 @@ function readJsonPath(body, path59) {
     return null;
   }
   let cur = parsed;
-  for (const seg of path59.split(".")) {
+  for (const seg of path60.split(".")) {
     if (cur === null || cur === void 0 || typeof cur !== "object")
       return null;
     cur = cur[seg];
@@ -120204,22 +121010,36 @@ var webhookTriggerSchema = z.object({
   lastResult: z.enum(["ok", "error"]).optional(),
   lastError: z.string().optional()
 });
-var fileSchema3 = z.object({
+var looseFileSchema = z.object({
   version: z.literal(1),
-  triggers: z.array(webhookTriggerSchema)
+  triggers: z.array(z.unknown())
 });
 function defaultWebhooksFile() {
   return moxxyPath("webhooks.json");
 }
 var WebhookStore = class {
   file;
+  logger;
   cache = null;
+  loadWarningMsg = null;
   mutex = createMutex();
   constructor(opts = {}) {
     this.file = opts.file ?? defaultWebhooksFile();
+    this.logger = opts.logger;
   }
   invalidate() {
     this.cache = null;
+    this.loadWarningMsg = null;
+  }
+  /**
+   * Human-readable description of any corruption encountered while loading
+   * the store file (corrupt file preserved aside, or invalid entries
+   * quarantined), or `null` when the load was clean. Tools surface this so
+   * the user learns about it instead of silently losing triggers.
+   */
+  async loadWarning() {
+    await this.ensureLoaded();
+    return this.loadWarningMsg;
   }
   async list() {
     await this.ensureLoaded();
@@ -120297,17 +121117,85 @@ var WebhookStore = class {
   async ensureLoaded() {
     if (this.cache)
       return;
+    this.loadWarningMsg = null;
+    let raw;
     try {
-      const raw = await readFile(this.file, "utf8");
-      const parsed = fileSchema3.safeParse(JSON.parse(raw));
-      this.cache = parsed.success ? [...parsed.data.triggers] : [];
+      raw = await readFile(this.file, "utf8");
     } catch (err) {
       if (err.code === "ENOENT") {
         this.cache = [];
-      } else {
-        this.cache = [];
+        return;
       }
+      throw new Error(`webhooks store: cannot read ${this.file}: ${err instanceof Error ? err.message : String(err)} \u2014 refusing to load (and write) until the file is readable again`);
+    }
+    let json;
+    try {
+      json = JSON.parse(raw);
+    } catch {
+      await this.preserveCorruptFile("is not valid JSON");
+      return;
+    }
+    const file = looseFileSchema.safeParse(json);
+    if (!file.success) {
+      await this.preserveCorruptFile("does not match the expected { version: 1, triggers: [...] } shape");
+      return;
     }
+    const valid = [];
+    const invalid = [];
+    file.data.triggers.forEach((entry, index) => {
+      const parsed = webhookTriggerSchema.safeParse(entry);
+      if (parsed.success) {
+        valid.push(parsed.data);
+      } else {
+        invalid.push({
+          index,
+          entry,
+          issues: parsed.error.issues.map((i2) => `${i2.path.join(".") || "(root)"}: ${i2.message}`).join("; ")
+        });
+      }
+    });
+    if (invalid.length > 0)
+      await this.quarantineEntries(invalid);
+    this.cache = valid;
+  }
+  /**
+   * The file exists but is unparseable/mis-shaped. Rename it aside (rename,
+   * not copy — nothing may remain at the live path that a later persist()
+   * could clobber while it is the only copy), then start empty. If the
+   * rename itself fails the error propagates and the store refuses to
+   * operate, which is the safe direction.
+   */
+  async preserveCorruptFile(reason) {
+    const preserved = `${this.file}.corrupt-${timestampSlug()}`;
+    await rename$1(this.file, preserved);
+    this.loadWarningMsg = `the webhook trigger store (${this.file}) ${reason}; the original file was preserved at ${preserved} and the store restarted empty. Previously configured triggers (and their secrets) are recoverable from that file \u2014 repair it by hand or recreate the triggers.`;
+    this.logger?.error?.("webhooks: store file corrupt \u2014 preserved aside, starting empty", {
+      file: this.file,
+      preserved,
+      reason
+    });
+    this.cache = [];
+  }
+  /**
+   * The file parses but some entries fail validation. Keep the valid ones,
+   * write the rest (verbatim, with their zod issues) to a 0600 sidecar so
+   * they stay recoverable after the next persist() drops them.
+   */
+  async quarantineEntries(invalid) {
+    const quarantine = `${this.file}.quarantine-${timestampSlug()}`;
+    const payload = JSON.stringify({
+      quarantinedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      source: this.file,
+      entries: invalid
+    }, null, 2);
+    await writeFileAtomic(quarantine, payload, { mode: 384 });
+    this.loadWarningMsg = `${invalid.length} trigger entr${invalid.length === 1 ? "y" : "ies"} in ${this.file} failed schema validation and ${invalid.length === 1 ? "was" : "were"} quarantined to ${quarantine} (valid triggers were kept). Inspect that file to repair or recreate them.`;
+    this.logger?.error?.("webhooks: invalid trigger entries quarantined", {
+      file: this.file,
+      quarantine,
+      count: invalid.length,
+      issues: invalid.map((i2) => ({ index: i2.index, issues: i2.issues }))
+    });
   }
   async mutate(fn) {
     await this.mutex.run(async () => {
@@ -120322,6 +121210,9 @@ var WebhookStore = class {
     await writeFileAtomic(this.file, payload);
   }
 };
+function timestampSlug() {
+  return (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+}
 
 // ../plugin-webhooks/dist/describe.js
 function describeTrigger(trigger, publicUrl) {
@@ -120450,9 +121341,25 @@ async function startTunnel(opts) {
     }
   };
 }
+function defaultWebhookSecretsDir() {
+  return moxxyPath("webhooks-secrets");
+}
 function generateSecret() {
   return randomBytes(32).toString("hex");
 }
+function maskSecret(secret) {
+  return `${secret.slice(0, 4)}\u2026`;
+}
+function secretFilePath(dir, triggerName) {
+  return path3__default.join(dir, `${triggerName}.secret`);
+}
+async function writeSecretFile(dir, triggerName, secret) {
+  await mkdir(dir, { recursive: true, mode: 448 });
+  const file = secretFilePath(dir, triggerName);
+  await writeFileAtomic(file, `${secret}
+`, { mode: 384 });
+  return file;
+}
 var verificationInputSchema = z$1.discriminatedUnion("type", [
   z$1.object({ type: z$1.literal("none") }),
   z$1.object({
@@ -120505,10 +121412,11 @@ function fullUrl(publicUrl, triggerId) {
 }
 function buildWebhookTools(deps) {
   const { store, config, dispatcher, tunnelHandle } = deps;
+  const secretsDir = deps.secretsDir ?? defaultWebhookSecretsDir();
   return [
     defineTool({
       name: "webhook_create",
-      description: 'Create a webhook trigger. When an external system POSTs to the returned URL and verification (and any filters) pass, the configured prompt fires in an isolated session with the listed tools available.\n\nVerification picks the auth model:\n  \u2022 `none`   \u2014 no auth. Anyone reaching the URL fires the trigger. Local-only.\n  \u2022 `bearer` \u2014 secret in `Authorization: Bearer <secret>`. Simplest shared-secret.\n  \u2022 `hmac`   \u2014 HMAC over the body, compared to a signature header. The user should paste the header name + signature prefix + algorithm from the external system\'s webhook documentation. Use `scheme:"stripe"` for systems that sign `<timestamp>.<body>` and pack it into a comma-separated header.\n\nFor `bearer`/`hmac`, if `secret` is omitted a strong 32-byte random secret is generated and returned ONCE in `secretIssued` \u2014 record it now.\n\n`filters` decides whether a verified delivery actually fires the prompt:\n  \u2022 `include` \u2014 fire only if at least one rule matches (or empty = fire on everything)\n  \u2022 `exclude` \u2014 never fire if any rule matches\nEach rule reads ONE field (a header or a dot-separated JSON path in the body) and compares it against `equals` (any-of) or `matches` (regex).\n\nPrompt placeholders: `{body}`, `{body_json}`, `{header.<name>}`, `{method}`, `{path}`, `{trigger_name}`, `{fired_at}`. The prompt is the runbook the model reads on every delivery \u2014 write it that way.',
+      description: "Create a webhook trigger. When an external system POSTs to the returned URL and verification (and any filters) pass, the configured prompt fires as a turn on the ACTIVE session (not an isolated one \u2014 output lands in the shared event log). `allowedTools` is enforced per fire: a non-empty list restricts the fire to exactly those tools (any other tool call is denied); an empty list leaves the session's full tool set available under its normal permission rules.\n\nVerification picks the auth model:\n  \u2022 `none`   \u2014 no auth. Anyone reaching the URL fires the trigger. Local-only.\n  \u2022 `bearer` \u2014 secret in `Authorization: Bearer <secret>`. Simplest shared-secret.\n  \u2022 `hmac`   \u2014 HMAC over the body, compared to a signature header. The user should paste the header name + signature prefix + algorithm from the external system's webhook documentation. Use `scheme:\"stripe\"` for systems that sign `<timestamp>.<body>` and pack it into a comma-separated header.\n\nFor `bearer`/`hmac`, if `secret` is omitted a strong 32-byte random secret is generated. For security the secret is NEVER returned here (tool results persist in session logs): the result carries `generatedSecret` with a masked preview plus the path of an owner-only file holding the full value \u2014 relay that path so the USER opens it themselves and pastes the secret into the external system. Do not read the file into the conversation.\n\n`filters` decides whether a verified delivery actually fires the prompt:\n  \u2022 `include` \u2014 fire only if at least one rule matches (or empty = fire on everything)\n  \u2022 `exclude` \u2014 never fire if any rule matches\nEach rule reads ONE field (a header or a dot-separated JSON path in the body) and compares it against `equals` (any-of) or `matches` (regex).\n\nPrompt placeholders: `{body}`, `{body_json}`, `{header.<name>}`, `{method}`, `{path}`, `{trigger_name}`, `{fired_at}`. The prompt is the runbook the model reads on every delivery \u2014 write it that way.",
       inputSchema: z$1.object({
         name: z$1.string().min(1).max(120).regex(/^[a-z0-9][a-z0-9-]*$/i, "name must be slug-like"),
         prompt: z$1.string().min(1),
@@ -120541,10 +121449,19 @@ function buildWebhookTools(deps) {
         } else {
           guidance.push(`Paste this URL into the external system's webhook config: ${url2}`);
         }
+        let generatedSecret = null;
         if (secretIssued) {
-          guidance.push(`A secret was generated for this trigger \u2014 paste it into the external system's webhook secret field. It will NOT be shown again: record it now. Secret: ${secretIssued}`);
+          const file = await writeSecretFile(secretsDir, trigger.name, secretIssued);
+          generatedSecret = { masked: maskSecret(secretIssued), path: file };
+          guidance.push(`A strong secret was generated for this trigger (preview: ${generatedSecret.masked}). For security it is NOT included in this response \u2014 the full value was written to ${file} (owner-only file). Tell the user to open that file themselves (e.g. \`cat ${file}\`) and paste the value into the external system's webhook secret field, then delete the file once configured. Do NOT read the file into the conversation.`);
         }
-        return { trigger: describeTrigger(trigger, cfg.publicUrl), secretIssued, guidance };
+        const storeWarning = await store.loadWarning();
+        return {
+          trigger: describeTrigger(trigger, cfg.publicUrl),
+          generatedSecret,
+          guidance,
+          ...storeWarning ? { storeWarning } : {}
+        };
       }
     }),
     defineTool({
@@ -120557,10 +121474,12 @@ function buildWebhookTools(deps) {
         const triggers = await store.list();
         const cfg = await config.get();
         const filtered = includeDisabled ? triggers : triggers.filter((t2) => t2.enabled);
+        const storeWarning = await store.loadWarning();
         return {
           publicUrl: cfg.publicUrl ?? null,
           listener: { host: cfg.host, port: cfg.port },
-          triggers: filtered.map((t2) => describeTrigger(t2, cfg.publicUrl))
+          triggers: filtered.map((t2) => describeTrigger(t2, cfg.publicUrl)),
+          ...storeWarning ? { storeWarning } : {}
         };
       }
     }),
@@ -120569,7 +121488,15 @@ function buildWebhookTools(deps) {
       description: "Permanently remove a webhook trigger by id. Does NOT touch any subscription registered on the external side \u2014 the user must also delete the webhook from the source's dashboard, otherwise it'll keep retrying.",
       inputSchema: z$1.object({ id: z$1.string().min(1) }),
       permission: { action: "prompt" },
-      handler: async ({ id }) => ({ deleted: await store.delete(id) })
+      handler: async ({ id }) => {
+        const trigger = await store.get(id);
+        const deleted = await store.delete(id);
+        if (deleted && trigger) {
+          await rm(secretFilePath(secretsDir, trigger.name), { force: true }).catch(() => {
+          });
+        }
+        return { deleted };
+      }
     }),
     defineTool({
       name: "webhook_update",
@@ -120646,7 +121573,8 @@ function buildWebhookTools(deps) {
           } : { running: false },
           cliAvailable: { cloudflared: cloudflaredOk, ngrok: ngrokOk },
           triggerCount: triggers.length,
-          enabledCount: triggers.filter((t2) => t2.enabled).length
+          enabledCount: triggers.filter((t2) => t2.enabled).length,
+          ...await store.loadWarning().then((w4) => w4 ? { storeWarning: w4 } : {})
         };
       }
     }),
@@ -120829,8 +121757,8 @@ async function buildSetupGuide(deps) {
     askUser: "If verification is `bearer` or `hmac`, do you already have the secret from the external system, or should I generate one for you?\n  \u2022 If they already created the webhook on the source's side and the docs gave them a signing secret, paste it here.\n  \u2022 If they're about to create the webhook, I can generate a strong random one and they will paste it into the source.",
     recordAs: "verification.secret",
     hints: [
-      "Omit `secret` in `webhook_create` to auto-generate. The response includes `secretIssued` exactly once \u2014 surface it to the user immediately and tell them to record it; we will not show it again.",
-      "Never log the secret. Never echo it back in subsequent messages."
+      "Omit `secret` in `webhook_create` to auto-generate. The full value is written to an owner-only file (the response's `generatedSecret.path`) instead of being returned \u2014 relay the path and have the USER open the file and paste the value into the external system themselves.",
+      "Never log the secret. Never read the secret file into the conversation or echo the value in messages."
     ]
   });
   steps.push({
@@ -120859,7 +121787,7 @@ async function buildSetupGuide(deps) {
   steps.push({
     step: 7,
     title: "Prompt + tools",
-    askUser: "What should the agent DO when a delivery fires? Describe the runbook. Then: which tools should it have access to (read-only fetch? bash? a specific MCP tool?)? The agent is sandboxed by `allowedTools` \u2014 list only what you trust.",
+    askUser: "What should the agent DO when a delivery fires? Describe the runbook. Then: which tools should it have access to (read-only fetch? bash? a specific MCP tool?)? A non-empty `allowedTools` is enforced \u2014 the fire can only execute the listed tools; everything else is denied. An empty list gives the fire the FULL tool set of the active session (fires are not isolated), so list only what you trust.",
     recordAs: "prompt + allowedTools",
     hints: [
       "Use placeholders like `{body_json}` so the prompt sees the actual delivery payload.",
@@ -120871,8 +121799,8 @@ async function buildSetupGuide(deps) {
     title: "Create the trigger",
     nextToolCall: "webhook_create",
     hints: [
-      "Call `webhook_create` with the collected fields. Capture `secretIssued` and `trigger.url` from the response.",
-      "Relay both to the user: the URL goes into the external system's webhook config; the secret goes into its signing-secret field."
+      "Call `webhook_create` with the collected fields. Capture `generatedSecret` (masked preview + file path) and `trigger.url` from the response.",
+      "Relay both to the user: the URL goes into the external system's webhook config; the secret lives in the file at `generatedSecret.path` \u2014 the user opens it themselves and pastes the value into the external system's signing-secret field."
     ]
   });
   steps.push({
@@ -120892,7 +121820,7 @@ async function buildSetupGuide(deps) {
 
 // ../plugin-webhooks/dist/index.js
 function buildWebhooksPlugin(opts) {
-  const store = opts.store ?? new WebhookStore();
+  const store = opts.store ?? new WebhookStore(opts.logger ? { logger: opts.logger } : {});
   const config = opts.config ?? new WebhookConfigStore();
   const dispatcher = new WebhookDispatcher({
     store,
@@ -122488,8 +123416,8 @@ function findCycle(steps) {
 }
 function formatIssues(error2) {
   return error2.issues.map((iss) => {
-    const path59 = iss.path.join(".") || "(root)";
-    return `${path59}: ${iss.message}`;
+    const path60 = iss.path.join(".") || "(root)";
+    return `${path60}: ${iss.message}`;
   });
 }
 function validateWorkflow(raw) {
@@ -123558,6 +124486,7 @@ var BUILTIN_WORKFLOWS_DIR = path3.resolve(__dirname2, "../workflows");
 
 // src/setup/workflows.ts
 var PLUGIN_ID3 = asPluginId(WORKFLOWS_PLUGIN_NAME);
+var MAX_AFTER_WORKFLOW_CHAIN = 8;
 function buildWorkflowsIntegration(args) {
   const { session, scheduleStore, logger } = args;
   const store = new WorkflowStore({
@@ -123567,6 +124496,8 @@ function buildWorkflowsIntegration(args) {
   });
   const watchers = [];
   const inFlight = /* @__PURE__ */ new Set();
+  const cyclicTriggers = /* @__PURE__ */ new Set();
+  const warnedCycles = /* @__PURE__ */ new Set();
   async function runNow(input) {
     const entry = await store.get(input.name);
     if (!entry) return { ok: false, steps: [], output: "", error: `no workflow named "${input.name}"` };
@@ -123602,7 +124533,9 @@ function buildWorkflowsIntegration(args) {
             source: "plugin",
             pluginId: PLUGIN_ID3,
             subtype,
-            payload
+            // Stamp the causal chain onto the completion event so the
+            // afterWorkflow subscription can detect cycles/depth per-run.
+            payload: subtype === "workflow_completed" && input.chain && input.chain.length > 0 ? { ...payload, triggerChain: [...input.chain] } : payload
           }),
           ...logger ? { logger } : {}
         },
@@ -123639,6 +124572,12 @@ function buildWorkflowsIntegration(args) {
   };
   async function syncSchedules() {
     const all = await store.list();
+    applyAfterWorkflowCycleGuard({
+      workflows: all.map((w4) => w4.workflow),
+      disabled: cyclicTriggers,
+      warned: warnedCycles,
+      ...logger ? { logger } : {}
+    });
     for (const { workflow } of all) {
       const sched = workflow.enabled ? workflow.on?.schedule : void 0;
       if (sched && (sched.cron || sched.runAt)) {
@@ -123669,23 +124608,24 @@ function buildWorkflowsIntegration(args) {
   }
   const unsubscribe = session.log.subscribe((event) => {
     if (event.type !== "plugin_event" || event.subtype !== "workflow_completed") return;
-    const completed = event.payload?.name;
+    const payload = event.payload;
+    const completed = payload?.name;
     if (!completed) return;
+    const chain = Array.isArray(payload?.triggerChain) ? payload.triggerChain.filter((n2) => typeof n2 === "string") : [];
     void (async () => {
-      for (const { workflow } of await store.list()) {
-        if (!workflow.enabled || !workflow.on?.afterWorkflow) continue;
-        const deps = [workflow.on.afterWorkflow].flat();
-        if (deps.includes(completed) && workflow.name !== completed) {
-          logger?.info?.("workflows: afterWorkflow trigger", { workflow: workflow.name, after: completed });
-          await runNow({ name: workflow.name, trigger: `after:${completed}` }).catch(
-            (err) => logger?.warn?.("workflows: afterWorkflow run failed", {
-              workflow: workflow.name,
-              err: err instanceof Error ? err.message : String(err)
-            })
-          );
-        }
-      }
-    })();
+      await fireAfterWorkflowDependents({
+        completed,
+        chain,
+        workflows: (await store.list()).map((w4) => w4.workflow),
+        disabled: cyclicTriggers,
+        run: runNow,
+        ...logger ? { logger } : {}
+      });
+    })().catch(
+      (err) => logger?.warn?.("workflows: afterWorkflow dispatch failed", {
+        err: err instanceof Error ? err.message : String(err)
+      })
+    );
   });
   async function startFileWatchers() {
     for (const w4 of watchers.splice(0)) w4.close();
@@ -123744,6 +124684,104 @@ function buildWorkflowsIntegration(args) {
     }
   };
 }
+function detectAfterWorkflowCycles(workflows) {
+  const enabled = /* @__PURE__ */ new Map();
+  for (const w4 of workflows) if (w4.enabled) enabled.set(w4.name, w4);
+  const edges = /* @__PURE__ */ new Map();
+  for (const name of enabled.keys()) edges.set(name, []);
+  for (const w4 of enabled.values()) {
+    for (const dep of [w4.on?.afterWorkflow ?? []].flat()) {
+      if (enabled.has(dep)) edges.get(dep).push(w4.name);
+    }
+  }
+  let counter = 0;
+  const index = /* @__PURE__ */ new Map();
+  const lowlink = /* @__PURE__ */ new Map();
+  const onStack = /* @__PURE__ */ new Set();
+  const stack = [];
+  const cycles = [];
+  const visit = (v3) => {
+    index.set(v3, counter);
+    lowlink.set(v3, counter);
+    counter++;
+    stack.push(v3);
+    onStack.add(v3);
+    for (const w4 of edges.get(v3) ?? []) {
+      if (!index.has(w4)) {
+        visit(w4);
+        lowlink.set(v3, Math.min(lowlink.get(v3), lowlink.get(w4)));
+      } else if (onStack.has(w4)) {
+        lowlink.set(v3, Math.min(lowlink.get(v3), index.get(w4)));
+      }
+    }
+    if (lowlink.get(v3) === index.get(v3)) {
+      const scc = [];
+      for (; ; ) {
+        const w4 = stack.pop();
+        onStack.delete(w4);
+        scc.push(w4);
+        if (w4 === v3) break;
+      }
+      if (scc.length > 1 || (edges.get(v3) ?? []).includes(v3)) cycles.push(scc.reverse());
+    }
+  };
+  for (const name of enabled.keys()) if (!index.has(name)) visit(name);
+  return cycles;
+}
+function applyAfterWorkflowCycleGuard(args) {
+  const cycles = detectAfterWorkflowCycles(args.workflows);
+  args.disabled.clear();
+  for (const cycle of cycles) {
+    for (const name of cycle) args.disabled.add(name);
+    const key = [...cycle].sort().join(" -> ");
+    if (args.warned.has(key)) continue;
+    args.warned.add(key);
+    args.logger?.warn?.(
+      `workflows: afterWorkflow trigger cycle detected (${cycle.join(" -> ")} -> ${cycle[0]}); auto-refire is disabled for these workflows \u2014 run them manually or break the cycle`,
+      { cycle: [...cycle] }
+    );
+  }
+}
+async function fireAfterWorkflowDependents(args) {
+  const { completed, workflows, disabled, run: run2, logger } = args;
+  const nextChain = [...args.chain, completed];
+  for (const workflow of workflows) {
+    if (!workflow.enabled || !workflow.on?.afterWorkflow) continue;
+    if (![workflow.on.afterWorkflow].flat().includes(completed)) continue;
+    if (disabled.has(workflow.name)) {
+      logger?.info?.("workflows: afterWorkflow auto-refire disabled by the cycle guard; skipping", {
+        workflow: workflow.name,
+        after: completed
+      });
+      continue;
+    }
+    if (nextChain.includes(workflow.name)) {
+      logger?.warn?.(
+        `workflows: refusing afterWorkflow re-fire \u2014 trigger cycle (${[...nextChain, workflow.name].join(" -> ")}); "${workflow.name}" already ran in this chain`,
+        { workflow: workflow.name, chain: [...nextChain] }
+      );
+      continue;
+    }
+    if (nextChain.length >= MAX_AFTER_WORKFLOW_CHAIN) {
+      logger?.warn?.(
+        `workflows: refusing afterWorkflow re-fire \u2014 chain depth cap of ${MAX_AFTER_WORKFLOW_CHAIN} reached (${nextChain.join(" -> ")} -> ${workflow.name})`,
+        { workflow: workflow.name, chain: [...nextChain] }
+      );
+      continue;
+    }
+    logger?.info?.("workflows: afterWorkflow trigger", {
+      workflow: workflow.name,
+      after: completed,
+      depth: nextChain.length
+    });
+    await run2({ name: workflow.name, trigger: `after:${completed}`, chain: nextChain }).catch(
+      (err) => logger?.warn?.("workflows: afterWorkflow run failed", {
+        workflow: workflow.name,
+        err: err instanceof Error ? err.message : String(err)
+      })
+    );
+  }
+}
 function activeModel(session) {
   return safeActiveProvider(session)?.models[0]?.id ?? "claude-sonnet-4-6";
 }
@@ -124152,11 +125190,12 @@ function buildSchedulerRunner(session) {
 init_dist();
 function buildWebhookRunner(session) {
   return {
-    runPrompt: async ({ prompt, model }) => {
+    runPrompt: async ({ prompt, model, allowedTools, triggerName }) => {
+      const target = scopedSessionView(session, allowedTools, triggerName);
       let text = "";
       let lastError = null;
       try {
-        for await (const event of runTurn(session, prompt, model ? { model } : {})) {
+        for await (const event of runTurn(target, prompt, model ? { model } : {})) {
           if (event.type === "assistant_message") {
             text = event.content;
             if (event.stopReason === "error") lastError = "turn ended with error stop reason";
@@ -124171,6 +125210,88 @@ function buildWebhookRunner(session) {
     }
   };
 }
+function scopedSessionView(session, allowedTools, triggerName) {
+  if (allowedTools.length === 0) return session;
+  const allowed = new Set(allowedTools);
+  const denyReason = (name) => `Tool '${name}' is not in webhook trigger '${triggerName}' allowedTools`;
+  const resolver2 = {
+    name: `webhook-allowed-tools(${triggerName})`,
+    async check(call, ctx) {
+      if (!allowed.has(call.name)) {
+        return { mode: "deny", reason: denyReason(call.name) };
+      }
+      return session.resolver.check(call, ctx);
+    },
+    // The allow-list is POLICY, so it must also surface through the
+    // prompt-free `policyCheck` probe — auto-approving modes (goal mode)
+    // consult only this and skip `check`'s prompt path entirely. Without
+    // it, a goal-mode webhook fire would auto-approve tools outside the
+    // trigger's allowedTools.
+    async policyCheck(call, ctx) {
+      if (!allowed.has(call.name)) {
+        return { mode: "deny", reason: denyReason(call.name) };
+      }
+      return await session.resolver.policyCheck?.(call, ctx) ?? null;
+    }
+  };
+  const parent = session.tools;
+  const tools = {
+    list: () => parent.list().filter((t2) => allowed.has(t2.name)),
+    get: (name) => allowed.has(name) ? parent.get(name) : void 0,
+    has: (name) => allowed.has(name) && parent.has(name),
+    register: (tool) => parent.register(tool),
+    unregister: (name) => parent.unregister(name),
+    execute: (name, input, signal, opts) => {
+      if (!allowed.has(name)) return Promise.reject(new Error(denyReason(name)));
+      return parent.execute(name, input, signal, opts);
+    }
+  };
+  return {
+    get id() {
+      return session.id;
+    },
+    get log() {
+      return session.log;
+    },
+    get signal() {
+      return session.signal;
+    },
+    tools,
+    get skills() {
+      return session.skills;
+    },
+    get providers() {
+      return session.providers;
+    },
+    get modes() {
+      return session.modes;
+    },
+    get compactors() {
+      return session.compactors;
+    },
+    get cacheStrategies() {
+      return session.cacheStrategies;
+    },
+    resolver: resolver2,
+    get approvalResolver() {
+      return session.approvalResolver;
+    },
+    get elisionSettings() {
+      return session.elisionSettings;
+    },
+    get lazyTools() {
+      return session.lazyTools;
+    },
+    get dispatcher() {
+      return session.dispatcher;
+    },
+    get pluginHost() {
+      return session.pluginHost;
+    },
+    startTurn: () => session.startTurn(),
+    appContext: () => session.appContext()
+  };
+}
 
 // src/setup/register-plugins.ts
 init_dist();
@@ -124412,7 +125533,12 @@ async function resolveOAuthCodex(vault) {
     tokens,
     onTokensRefreshed: async (next) => {
       await persistCodexTokens(vault, next);
-    }
+    },
+    // Cross-process recovery: when a refresh hits invalid_grant because another
+    // moxxy process already rotated the single-use refresh token, the provider
+    // re-reads the vault through this hook and retries once with the fresher
+    // token instead of forcing a re-login.
+    reloadTokens: () => readStoredTokens(vault)
   };
 }
 
@@ -124689,6 +125815,18 @@ async function setupSessionWithConfig(opts) {
     pluginRegistration
   };
 }
+async function probeSession(opts, read, boot = setupSessionWithConfig) {
+  const result = await boot({
+    ...opts,
+    skipInitHooks: true,
+    disableSessionPersistence: true
+  });
+  try {
+    return await read(result);
+  } finally {
+    await result.session.close("probe-complete").catch(() => void 0);
+  }
+}
 
 // src/argv-helpers.ts
 function argvToSetupOptions(argv, overrides = {}) {
@@ -124728,8 +125866,8 @@ function useColor() {
   return Boolean(process.stdout.isTTY);
 }
 var ENABLED = useColor();
-function wrap(open, close) {
-  return (s2) => ENABLED ? `\x1B[${open}m${s2}\x1B[${close}m` : s2;
+function wrap(open2, close) {
+  return (s2) => ENABLED ? `\x1B[${open2}m${s2}\x1B[${close}m` : s2;
 }
 var colors = {
   bold: wrap(1, 22),
@@ -125504,13 +126642,15 @@ async function runSelfHostedTui(argv, tuiOpts, standalone) {
     let needsInit = sources.length === 0;
     if (!needsInit) {
       try {
-        const probe = await setupSession({
-          ...argvToSetupOptions(argv),
-          tolerateNoProvider: true,
-          skipKeyPrompt: true,
-          disableSessionPersistence: true
-        });
-        if (!probe.providers.getActiveName()) needsInit = true;
+        const hasProvider = await probeSession(
+          {
+            ...argvToSetupOptions(argv),
+            tolerateNoProvider: true,
+            skipKeyPrompt: true
+          },
+          ({ session }) => Boolean(session.providers.getActiveName())
+        );
+        if (!hasProvider) needsInit = true;
       } catch {
         needsInit = true;
       }
@@ -125887,8 +127027,8 @@ async function runPluginNewCommand(argv) {
   const force = hasBoolFlag(argv, "force");
   const root = here ? path3.join(process.cwd(), name) : path3.join(os5.homedir(), ".moxxy", "plugins", name);
   try {
-    const stat = await promises.stat(root);
-    if (stat.isDirectory() && !force) {
+    const stat2 = await promises.stat(root);
+    if (stat2.isDirectory() && !force) {
       printError(`refusing to overwrite ${root} (pass --force to allow)`);
       return 1;
     }
@@ -126046,12 +127186,14 @@ ${HELP4}`);
   }
 }
 async function runList(argv) {
-  const session = await bootSession(argv, {
-    skipKeyPrompt: true,
-    tolerateNoProvider: true,
-    skipProviderActivation: true
-  });
-  const loaded = session.pluginHost.list();
+  const loaded = await probeSession(
+    argvToSetupOptions(argv, {
+      skipKeyPrompt: true,
+      tolerateNoProvider: true,
+      skipProviderActivation: true
+    }),
+    ({ session }) => session.pluginHost.list()
+  );
   const disabled = await loadDisabledPackageNames();
   const installed = /* @__PURE__ */ new Set([...loaded.map((p3) => p3.name), ...disabled]);
   const nameCol = Math.max(8, ...loaded.map((p3) => p3.name.length), ...[...disabled].map((n2) => n2.length));
@@ -126324,24 +127466,37 @@ function errMsg2(err) {
 // src/commands/run-channel.ts
 async function runChannelByName(name, argv) {
   if (name === "tui") return runTuiWithBootstrap(argv);
-  const { session, vault, config } = await bootSessionWithConfig(argv, {
-    skipKeyPrompt: true,
-    tolerateNoProvider: true,
-    skipProviderActivation: true
-  });
-  const def = session.channels.get(name);
-  if (!def) {
-    printError(
-      `unknown channel: ${name}
+  const outcome = await probeSession(
+    argvToSetupOptions(argv, {
+      skipKeyPrompt: true,
+      tolerateNoProvider: true,
+      skipProviderActivation: true
+    }),
+    async ({ session, vault, config }) => {
+      const def = session.channels.get(name);
+      if (!def) {
+        printError(
+          `unknown channel: ${name}
   Available:
 ` + session.channels.list().map((d2) => `    ${d2.name} - ${d2.description}
 `).join("")
-    );
-    return 2;
-  }
-  if (def.interactiveCommand && process.stdin.isTTY === true && argv.flags["no-wizard"] !== true && argv.flags["__skipWizard"] !== true && !hasBoolFlag(argv, "standalone") && !await isRunnerUp()) {
-    return runChannelSubcommand(def, def.interactiveCommand, { session, vault, config, argv });
-  }
+        );
+        return { code: 2 };
+      }
+      if (def.interactiveCommand && process.stdin.isTTY === true && argv.flags["no-wizard"] !== true && argv.flags["__skipWizard"] !== true && !hasBoolFlag(argv, "standalone") && !await isRunnerUp()) {
+        return {
+          code: await runChannelSubcommand(def, def.interactiveCommand, {
+            session,
+            vault,
+            config,
+            argv
+          })
+        };
+      }
+      return "start-headless";
+    }
+  );
+  if (outcome !== "start-headless") return outcome.code;
   return startRegisteredChannel(name, argv);
 }
 async function runChannelSubcommand(def, subName, ctx) {
@@ -126393,62 +127548,74 @@ async function runChannelsCommand(argv) {
   if (!name || name === "list") {
     return runList2();
   }
-  const { session, vault, config } = await bootSessionWithConfig(argv, {
-    skipKeyPrompt: true,
-    tolerateNoProvider: true,
-    skipProviderActivation: true
-  });
-  const def = session.channels.get(name);
-  if (!def) {
-    printError(
-      `unknown channel: ${name}
+  const outcome = await probeSession(
+    argvToSetupOptions(argv, {
+      skipKeyPrompt: true,
+      tolerateNoProvider: true,
+      skipProviderActivation: true
+    }),
+    async ({ session, vault, config }) => {
+      const def = session.channels.get(name);
+      if (!def) {
+        printError(
+          `unknown channel: ${name}
   Available:
 ` + session.channels.list().map((d2) => `    ${d2.name} \u2014 ${d2.description}
 `).join("")
-    );
-    return 2;
-  }
-  if (!sub) {
-    if (helpRequested(argv)) {
-      process.stdout.write(formatChannelHelp(def));
-      return 0;
-    }
-    return await runChannelByName(name, argv);
-  }
-  const subcommand = def.subcommands?.[sub];
-  if (!subcommand) {
-    const available = def.subcommands ? Object.entries(def.subcommands).map(([n2, c2]) => `    ${name} ${n2}  \u2014 ${c2.description}
+        );
+        return { code: 2 };
+      }
+      if (!sub) {
+        if (helpRequested(argv)) {
+          process.stdout.write(formatChannelHelp(def));
+          return { code: 0 };
+        }
+        return "run-channel";
+      }
+      const subcommand = def.subcommands?.[sub];
+      if (!subcommand) {
+        const available = def.subcommands ? Object.entries(def.subcommands).map(([n2, c2]) => `    ${name} ${n2}  \u2014 ${c2.description}
 `).join("") : "    (none)\n";
-    printError(
-      `unknown '${name}' subcommand: ${sub}
+        printError(
+          `unknown '${name}' subcommand: ${sub}
   Available subcommands:
 ${available}`
-    );
-    return 2;
-  }
-  if (helpRequested(argv)) {
-    process.stdout.write(formatSubcommandHelp(name, sub, subcommand));
-    return 0;
-  }
-  return await runChannelSubcommand(def, sub, {
-    session,
-    vault,
-    config,
-    argv: { ...argv, positional: rest }
-  });
+        );
+        return { code: 2 };
+      }
+      if (helpRequested(argv)) {
+        process.stdout.write(formatSubcommandHelp(name, sub, subcommand));
+        return { code: 0 };
+      }
+      return {
+        code: await runChannelSubcommand(def, sub, {
+          session,
+          vault,
+          config,
+          argv: { ...argv, positional: rest }
+        })
+      };
+    }
+  );
+  if (outcome !== "run-channel") return outcome.code;
+  return runChannelByName(name, argv);
 }
 async function runList2() {
-  const { session, vault, config } = await bootSessionWithConfig(
-    { flags: {} },
-    { skipKeyPrompt: true, tolerateNoProvider: true, skipProviderActivation: true }
+  const { entries, config } = await probeSession(
+    argvToSetupOptions(
+      { flags: {} },
+      { skipKeyPrompt: true, tolerateNoProvider: true, skipProviderActivation: true }
+    ),
+    async ({ session, vault, config: config2 }) => ({
+      config: config2,
+      entries: await session.channels.listWithAvailability({
+        cwd: process.cwd(),
+        vault,
+        logger: session.logger,
+        options: {}
+      })
+    })
   );
-  const deps = {
-    cwd: process.cwd(),
-    vault,
-    logger: session.logger,
-    options: {}
-  };
-  const entries = await session.channels.listWithAvailability(deps);
   const nameCol = Math.max(8, ...entries.map((e3) => e3.def.name.length));
   for (const { def, availability } of entries) {
     const namePadded = def.name.padEnd(nameCol);
@@ -126773,12 +127940,12 @@ ${HELP6}`);
   }
 }
 async function statOf(entry) {
-  const stat = await promises.stat(entry.path).catch(() => null);
+  const stat2 = await promises.stat(entry.path).catch(() => null);
   return {
     entry,
-    size: stat?.size ?? entry.body.length,
-    createdAt: new Date(entry.frontmatter.createdAt ?? stat?.birthtime ?? Date.now()),
-    updatedAt: new Date(entry.frontmatter.updatedAt ?? stat?.mtime ?? Date.now())
+    size: stat2?.size ?? entry.body.length,
+    createdAt: new Date(entry.frontmatter.createdAt ?? stat2?.birthtime ?? Date.now()),
+    updatedAt: new Date(entry.frontmatter.updatedAt ?? stat2?.mtime ?? Date.now())
   };
 }
 function groupByType(stats) {
@@ -127455,13 +128622,17 @@ async function stepInstallDaemon(skipDaemon) {
 }
 async function stepTelegramStatus() {
   try {
-    const { vault } = await setupSessionWithConfig({
-      cwd: process.cwd(),
-      skipKeyPrompt: true,
-      tolerateNoProvider: true
-    });
-    const hasToken = await vault.has("telegram_bot_token");
-    const chatRaw = await vault.get("telegram_authorized_chat_id");
+    const { hasToken, chatRaw } = await probeSession(
+      {
+        cwd: process.cwd(),
+        skipKeyPrompt: true,
+        tolerateNoProvider: true
+      },
+      async ({ vault }) => ({
+        hasToken: await vault.has("telegram_bot_token"),
+        chatRaw: await vault.get("telegram_authorized_chat_id")
+      })
+    );
     const hasChat = !!chatRaw;
     if (hasToken && hasChat) {
       process.stdout.write(
@@ -127631,27 +128802,30 @@ async function runScheduleCommand(argv) {
   }
   if (sub === "setup") return await runScheduleSetup(argv);
   if (sub === "daemon") return await runDaemon(argv);
-  const { scheduler } = await setupSessionWithConfig({
-    cwd: process.cwd(),
-    skipKeyPrompt: true,
-    tolerateNoProvider: true
-  });
-  switch (sub) {
-    case "list":
-      return listSchedules(scheduler.store);
-    case "add":
-      return addSchedule(scheduler.store, argv);
-    case "remove":
-      return removeSchedule(scheduler.store, argv);
-    case "enable":
-    case "disable":
-      return toggleSchedule(scheduler.store, argv, sub);
-    case "run":
-      return runScheduleNow(argv);
-    default:
-      process.stderr.write(colors.red(`unknown subcommand: ${sub}`) + "\n" + SCHEDULE_HELP);
-      return 2;
-  }
+  if (sub === "run") return runScheduleNow(argv);
+  return probeSession(
+    {
+      cwd: process.cwd(),
+      skipKeyPrompt: true,
+      tolerateNoProvider: true
+    },
+    async ({ scheduler }) => {
+      switch (sub) {
+        case "list":
+          return listSchedules(scheduler.store);
+        case "add":
+          return addSchedule(scheduler.store, argv);
+        case "remove":
+          return removeSchedule(scheduler.store, argv);
+        case "enable":
+        case "disable":
+          return toggleSchedule(scheduler.store, argv, sub);
+        default:
+          process.stderr.write(colors.red(`unknown subcommand: ${sub}`) + "\n" + SCHEDULE_HELP);
+          return 2;
+      }
+    }
+  );
 }
 
 // src/commands/doctor.ts
@@ -129265,6 +130439,31 @@ function describeCauseChain(err) {
   return chain.join("\n");
 }
 
+// src/process-guards.ts
+function installProcessGuards() {
+  if (guardsInstalled) return;
+  guardsInstalled = true;
+  process.on("unhandledRejection", (reason) => {
+    process.stderr.write(
+      colors.red("[moxxy] unhandled promise rejection (process kept alive):") + "\n" + formatErrorForCli(reason, { debug: debugEnabled() }) + "\n"
+    );
+  });
+  process.on("uncaughtException", (err) => {
+    process.exitCode = 1;
+    const msg = colors.red("[moxxy] uncaught exception \u2014 exiting:") + "\n" + formatErrorForCli(err, { debug: debugEnabled() }) + "\n";
+    const backstop = setTimeout(() => process.exit(1), 250);
+    process.stderr.write(msg, () => {
+      clearTimeout(backstop);
+      process.exit(1);
+    });
+  });
+}
+var guardsInstalled = false;
+function debugEnabled() {
+  const v3 = process.env.MOXXY_DEBUG;
+  return v3 === "1" || v3 === "true";
+}
+
 // src/bin.ts
 var SECTIONS = [
   {
@@ -129421,16 +130620,15 @@ async function main() {
   if (handler) return handler(argv);
   let isChannel = false;
   try {
-    const { session } = await setupSessionWithConfig({
-      cwd: process.cwd(),
-      skipKeyPrompt: true,
-      tolerateNoProvider: true,
-      // We only need the channel registry here, never the provider.
-      // Activating it can hang or throw on hosts without a configured
-      // key, which would mask the real "unknown command" feedback.
-      skipProviderActivation: true
-    });
-    isChannel = session.channels.has(argv.command);
+    isChannel = await probeSession(
+      {
+        cwd: process.cwd(),
+        skipKeyPrompt: true,
+        tolerateNoProvider: true,
+        skipProviderActivation: true
+      },
+      ({ session }) => session.channels.has(argv.command)
+    );
   } catch {
   }
   if (isChannel) {
@@ -129441,6 +130639,8 @@ async function main() {
   );
   return 2;
 }
+process.title = ["moxxy", ...process.argv.slice(2)].join(" ");
+installProcessGuards();
 main().then(
   (code) => process.exit(code),
   (err) => {