@nordbyte/nordrelay 0.3.0 → 0.4.0

package/dist/session-format.js

@@ -17,8 +17,8 @@ export function renderSessionInfoPlain(info) {
         capabilities.fastMode
             ? `Reasoning/Fast: ${info.reasoningEffort ?? "(model default)"} / ${info.fastMode ? "on" : "off"}`
             : `${agentReasoningLabel(agentId)}: ${info.reasoningEffort ?? "(model default)"}`,
-        ...renderCodexUsagePlain(info),
-        ...renderAgentUsagePlain(info),
+        ...renderCodexUsagePlain(info, capabilities),
+        ...renderAgentUsagePlain(info, capabilities),
         info.sessionTokens ? formatSessionTokensPlain(info.sessionTokens) : undefined,
     ]
         .filter((line) => Boolean(line))
@@ -42,8 +42,8 @@ export function renderSessionInfoHTML(info) {
         capabilities.fastMode
             ? `<b>Reasoning/Fast:</b> <code>${escapeHTML(info.reasoningEffort ?? "(model default)")} / ${info.fastMode ? "on" : "off"}</code>`
             : `<b>${escapeHTML(agentReasoningLabel(agentId))}:</b> <code>${escapeHTML(info.reasoningEffort ?? "(model default)")}</code>`,
-        ...renderCodexUsageHTML(info),
-        ...renderAgentUsageHTML(info),
+        ...renderCodexUsageHTML(info, capabilities),
+        ...renderAgentUsageHTML(info, capabilities),
         info.sessionTokens ? `<b>Session tokens:</b> <code>${escapeHTML(formatSessionTokensValue(info.sessionTokens))}</code>` : undefined,
     ]
         .filter((line) => Boolean(line))
@@ -67,16 +67,16 @@ export function formatFileSize(bytes) {
     }
     return `${(bytes / (1024 * 1024)).toFixed(1).replace(/\.0$/, "")} MB`;
 }
-function renderCodexUsagePlain(info) {
+function renderCodexUsagePlain(info, capabilities) {
     const usage = info.codexUsage;
     if (!usage) {
         return [];
     }
     const lines = [];
-    if (usage.contextUsedPercent !== null && usage.contextWindow !== null && usage.lastTokenUsage) {
+    if (capabilities.usageStats && usage.contextUsedPercent !== null && usage.contextWindow !== null && usage.lastTokenUsage) {
         lines.push(`Context used: ${formatPercent(usage.contextUsedPercent)} (${formatCompactTokenCount(usage.lastTokenUsage.totalTokens)} / ${formatCompactTokenCount(usage.contextWindow)})`);
     }
-    if (usage.totalTokenUsage) {
+    if (capabilities.usageStats && usage.totalTokenUsage) {
         lines.push([
             `Tokens in: ${formatCompactTokenCount(usage.totalTokenUsage.inputTokens)}`,
             `cached: ${formatCompactTokenCount(usage.totalTokenUsage.cachedInputTokens)}`,
@@ -84,22 +84,24 @@ function renderCodexUsagePlain(info) {
             `reasoning out: ${formatCompactTokenCount(usage.totalTokenUsage.reasoningOutputTokens)}`,
         ].join(" · "));
     }
-    const limits = formatLimitsLeft(usage);
-    if (limits) {
-        lines.push(`Limits left: ${limits}`);
+    if (capabilities.subscriptionLimits) {
+        const limits = formatLimitsLeft(usage);
+        if (limits) {
+            lines.push(`Limits left: ${limits}`);
+        }
     }
     return lines;
 }
-function renderCodexUsageHTML(info) {
+function renderCodexUsageHTML(info, capabilities) {
     const usage = info.codexUsage;
     if (!usage) {
         return [];
     }
     const lines = [];
-    if (usage.contextUsedPercent !== null && usage.contextWindow !== null && usage.lastTokenUsage) {
+    if (capabilities.usageStats && usage.contextUsedPercent !== null && usage.contextWindow !== null && usage.lastTokenUsage) {
         lines.push(`<b>Context used:</b> <code>${escapeHTML(formatPercent(usage.contextUsedPercent))}</code> <i>(${escapeHTML(formatCompactTokenCount(usage.lastTokenUsage.totalTokens))} / ${escapeHTML(formatCompactTokenCount(usage.contextWindow))})</i>`);
     }
-    if (usage.totalTokenUsage) {
+    if (capabilities.usageStats && usage.totalTokenUsage) {
         lines.push(`<b>Tokens:</b> <code>${escapeHTML([
             `in ${formatCompactTokenCount(usage.totalTokenUsage.inputTokens)}`,
             `cached ${formatCompactTokenCount(usage.totalTokenUsage.cachedInputTokens)}`,
@@ -107,13 +109,18 @@ function renderCodexUsageHTML(info) {
             `reasoning out ${formatCompactTokenCount(usage.totalTokenUsage.reasoningOutputTokens)}`,
         ].join(" · "))}</code>`);
     }
-    const limits = formatLimitsLeft(usage);
-    if (limits) {
-        lines.push(`<b>Limits left:</b> <code>${escapeHTML(limits)}</code>`);
+    if (capabilities.subscriptionLimits) {
+        const limits = formatLimitsLeft(usage);
+        if (limits) {
+            lines.push(`<b>Limits left:</b> <code>${escapeHTML(limits)}</code>`);
+        }
     }
     return lines;
 }
-function renderAgentUsagePlain(info) {
+function renderAgentUsagePlain(info, capabilities) {
+    if (!capabilities.usageStats) {
+        return [];
+    }
     const lines = [];
     if (info.contextUsage?.percent !== undefined && info.contextUsage.percent !== null) {
         const contextWindow = info.contextUsage.contextWindow !== null && info.contextUsage.contextWindow !== undefined
@@ -131,7 +138,10 @@ function renderAgentUsagePlain(info) {
     }
     return lines;
 }
-function renderAgentUsageHTML(info) {
+function renderAgentUsageHTML(info, capabilities) {
+    if (!capabilities.usageStats) {
+        return [];
+    }
     const lines = [];
     if (info.contextUsage?.percent !== undefined && info.contextUsage.percent !== null) {
         const contextWindow = info.contextUsage.contextWindow !== null && info.contextUsage.contextWindow !== undefined

package/dist/session-registry.js

@@ -8,12 +8,12 @@ export class SessionRegistry {
     metadata = new Map();
     store;
     onRemoveCallback;
-    constructor(config) {
+    constructor(config, options = {}) {
         this.config = config;
         this.store = createDocumentStore({
             workspace: config.workspace,
-            fileName: "contexts.json",
-            sqliteKey: "contexts",
+            fileName: options.fileName ?? "contexts.json",
+            sqliteKey: options.sqliteKey ?? "contexts",
             backend: config.stateBackend,
         });
         this.loadPersistedMetadata();
@@ -64,7 +64,7 @@ export class SessionRegistry {
             agentId,
             threadId: null,
             workspace: previous?.workspace ?? this.config.workspace,
-            pinnedThreadIds: previous?.pinnedThreadIds,
+            pinnedThreadIdsByAgent: previous?.pinnedThreadIdsByAgent,
             updatedAt: Date.now(),
         };
         this.metadata.set(contextKey, next);
@@ -74,9 +74,12 @@ export class SessionRegistry {
     updateMetadata(contextKey, session) {
         const info = session.getInfo();
         const previous = this.metadata.get(contextKey);
-        const pinnedThreadIds = previous?.pinnedThreadIds ?? [];
+        const agentId = info.agentId ?? "codex";
+        const previousPinnedByAgent = previous?.pinnedThreadIdsByAgent ?? {};
+        const pinnedThreadIds = previousPinnedByAgent[agentId] ?? previous?.pinnedThreadIds ?? [];
         const next = {
             contextKey,
+            agentId,
             threadId: info.threadId,
             workspace: info.workspace,
             model: info.model,
@@ -84,49 +87,64 @@ export class SessionRegistry {
             launchProfileId: info.nextLaunchProfileId ?? info.launchProfileId,
             updatedAt: Date.now(),
         };
-        if (info.agentId && info.agentId !== "codex") {
-            next.agentId = info.agentId;
-        }
         if (info.sessionPath) {
             next.sessionPath = info.sessionPath;
         }
+        const nextPinnedByAgent = { ...previousPinnedByAgent };
         if (pinnedThreadIds.length > 0) {
-            next.pinnedThreadIds = pinnedThreadIds;
+            nextPinnedByAgent[agentId] = pinnedThreadIds;
+        }
+        else {
+            delete nextPinnedByAgent[agentId];
+        }
+        if (Object.keys(nextPinnedByAgent).length > 0) {
+            next.pinnedThreadIdsByAgent = nextPinnedByAgent;
         }
         this.metadata.set(contextKey, next);
         this.persistMetadata();
     }
     pinThread(contextKey, threadId) {
         const meta = this.metadata.get(contextKey) ?? this.createEmptyMetadata(contextKey);
-        const pinned = new Set(meta.pinnedThreadIds ?? []);
+        const agentId = meta.agentId ?? this.config.defaultAgent ?? "codex";
+        const pinnedByAgent = meta.pinnedThreadIdsByAgent ?? {};
+        const pinned = new Set(pinnedByAgent[agentId] ?? meta.pinnedThreadIds ?? []);
         pinned.add(threadId);
-        meta.pinnedThreadIds = [...pinned];
+        meta.pinnedThreadIdsByAgent = { ...pinnedByAgent, [agentId]: [...pinned] };
+        delete meta.pinnedThreadIds;
         meta.updatedAt = Date.now();
         this.metadata.set(contextKey, meta);
         this.persistMetadata();
-        return meta.pinnedThreadIds;
+        return meta.pinnedThreadIdsByAgent[agentId] ?? [];
     }
     unpinThread(contextKey, threadId) {
         const meta = this.metadata.get(contextKey) ?? this.createEmptyMetadata(contextKey);
-        meta.pinnedThreadIds = (meta.pinnedThreadIds ?? []).filter((id) => id !== threadId);
+        const agentId = meta.agentId ?? this.config.defaultAgent ?? "codex";
+        const pinnedByAgent = meta.pinnedThreadIdsByAgent ?? {};
+        meta.pinnedThreadIdsByAgent = {
+            ...pinnedByAgent,
+            [agentId]: (pinnedByAgent[agentId] ?? meta.pinnedThreadIds ?? []).filter((id) => id !== threadId),
+        };
+        delete meta.pinnedThreadIds;
         meta.updatedAt = Date.now();
         this.metadata.set(contextKey, meta);
         this.persistMetadata();
-        return meta.pinnedThreadIds;
+        return meta.pinnedThreadIdsByAgent[agentId] ?? [];
     }
     listPinnedThreadIds(contextKey) {
-        return [...(this.metadata.get(contextKey)?.pinnedThreadIds ?? [])];
+        const meta = this.metadata.get(contextKey);
+        const agentId = meta?.agentId ?? this.config.defaultAgent ?? "codex";
+        return [...(meta?.pinnedThreadIdsByAgent?.[agentId] ?? meta?.pinnedThreadIds ?? [])];
     }
     listContexts() {
         return [...this.metadata.values()].sort((left, right) => right.updatedAt - left.updatedAt);
     }
-    syncAllFromCodexState(options = {}) {
+    syncAllFromAgentState(options = {}) {
         const results = [];
         for (const [contextKey, session] of this.sessions.entries()) {
             if (!(session.getInfo().capabilities ?? CODEX_AGENT_CAPABILITIES).externalActivity) {
                 continue;
             }
-            const result = session.syncFromCodexState(options);
+            const result = session.syncFromAgentState(options);
             if (result.changed) {
                 this.updateMetadata(contextKey, session);
             }
@@ -168,7 +186,10 @@ export class SessionRegistry {
             }
             for (const entry of data) {
                 if (entry.contextKey) {
-                    this.metadata.set(entry.contextKey, entry);
+                    this.metadata.set(entry.contextKey, {
+                        ...entry,
+                        agentId: entry.agentId ?? "codex",
+                    });
                 }
             }
         }
@@ -179,6 +200,7 @@ export class SessionRegistry {
     createEmptyMetadata(contextKey) {
         return {
             contextKey,
+            agentId: this.config.defaultAgent ?? "codex",
             threadId: null,
             workspace: this.config.workspace,
             launchProfileId: this.config.defaultLaunchProfileId,
@@ -191,6 +213,9 @@ function resolveLaunchProfileId(config, meta) {
     if (!meta?.launchProfileId) {
         return undefined;
     }
+    if (meta.agentId === "pi" || meta.agentId === "hermes" || meta.agentId === "openclaw" || meta.agentId === "claude-code") {
+        return meta.launchProfileId;
+    }
     if (findLaunchProfile(config.launchProfiles, meta.launchProfileId)) {
         return meta.launchProfileId;
     }

package/dist/settings-service.js

@@ -1,9 +1,11 @@
-import { existsSync, readFileSync } from "node:fs";
 import { mkdir, readFile, writeFile } from "node:fs/promises";
 import path from "node:path";
 const SECRET_KEYS = new Set([
     "TELEGRAM_BOT_TOKEN",
     "CODEX_API_KEY",
+    "HERMES_API_KEY",
+    "OPENCLAW_GATEWAY_TOKEN",
+    "OPENCLAW_GATEWAY_PASSWORD",
     "OPENAI_API_KEY",
     "TELEGRAM_WEBHOOK_SECRET",
     "NORDRELAY_DASHBOARD_TOKEN",
@@ -17,7 +19,7 @@ export const SETTING_DEFINITIONS = [
     setting("TELEGRAM_ALLOWED_CHAT_IDS", "Allowed chat IDs", "Telegram", "list", "Optional chat allowlist.", true),
     setting("TELEGRAM_ALLOW_ANY_CHAT", "Allow any Telegram chat", "Telegram", "boolean", "Unsafe override; keep off for normal use.", true),
     setting("TELEGRAM_ROLE_POLICIES_JSON", "Role policy JSON", "Telegram", "json", "Granular Telegram permission policy.", true),
-    setting("TELEGRAM_TRANSPORT", "Telegram transport", "Telegram", "string", "polling or webhook.", true),
+    setting("TELEGRAM_TRANSPORT", "Telegram transport", "Telegram", "string", "polling or webhook.", true, ["polling", "webhook"]),
     setting("TELEGRAM_WEBHOOK_URL", "Webhook public URL", "Telegram", "string", "Public base URL for webhook mode.", true),
     setting("TELEGRAM_WEBHOOK_HOST", "Webhook bind host", "Telegram", "string", "Local webhook bind host.", true),
     setting("TELEGRAM_WEBHOOK_PORT", "Webhook bind port", "Telegram", "number", "Local webhook bind port.", true),
@@ -25,7 +27,10 @@ export const SETTING_DEFINITIONS = [
     setting("TELEGRAM_WEBHOOK_SECRET", "Webhook secret", "Telegram", "secret", "Optional Telegram webhook secret token.", true),
     setting("NORDRELAY_CODEX_ENABLED", "Enable Codex", "Agents", "boolean", "Allow Codex sessions.", true),
     setting("NORDRELAY_PI_ENABLED", "Enable Pi", "Agents", "boolean", "Allow Pi sessions.", true),
-    setting("NORDRELAY_DEFAULT_AGENT", "Default agent", "Agents", "string", "codex or pi.", true),
+    setting("NORDRELAY_HERMES_ENABLED", "Enable Hermes", "Agents", "boolean", "Allow Hermes sessions through the Hermes API Server.", true),
+    setting("NORDRELAY_OPENCLAW_ENABLED", "Enable OpenClaw", "Agents", "boolean", "Allow OpenClaw sessions through the OpenClaw Gateway.", true),
+    setting("NORDRELAY_CLAUDE_CODE_ENABLED", "Enable Claude Code", "Agents", "boolean", "Allow Claude Code sessions through the Claude Agent SDK.", true),
+    setting("NORDRELAY_DEFAULT_AGENT", "Default agent", "Agents", "string", "codex, pi, hermes, openclaw, or claude-code.", true, ["codex", "pi", "hermes", "openclaw", "claude-code"]),
     setting("CODEX_API_KEY", "Codex API key", "Codex", "secret", "Optional Codex SDK API key.", true),
     setting("CODEX_CLI_PATH", "Codex CLI path", "Codex", "string", "Optional explicit Codex executable path.", true),
     setting("CODEX_USE_BUNDLED_CLI", "Use bundled Codex CLI", "Codex", "boolean", "Force SDK-bundled CLI instead of host CLI.", true),
@@ -33,28 +38,53 @@ export const SETTING_DEFINITIONS = [
     setting("CODEX_SYNC_INTERVAL_MS", "Codex sync interval", "Codex", "number", "Local state sync interval.", true),
     setting("CODEX_EXTERNAL_BUSY_CHECK_MS", "External busy check", "Codex", "number", "External CLI busy polling interval.", true),
     setting("CODEX_EXTERNAL_BUSY_STALE_MS", "External busy stale timeout", "Codex", "number", "External CLI stale timeout.", true),
-    setting("CODEX_SANDBOX_MODE", "Codex sandbox mode", "Codex", "string", "read-only, workspace-write, or danger-full-access.", true),
-    setting("CODEX_APPROVAL_POLICY", "Codex approval policy", "Codex", "string", "never, on-request, on-failure, or untrusted.", true),
+    setting("CODEX_SANDBOX_MODE", "Codex sandbox mode", "Codex", "string", "read-only, workspace-write, or danger-full-access.", true, ["read-only", "workspace-write", "danger-full-access"]),
+    setting("CODEX_APPROVAL_POLICY", "Codex approval policy", "Codex", "string", "never, on-request, on-failure, or untrusted.", true, ["never", "on-request", "on-failure", "untrusted"]),
     setting("CODEX_LAUNCH_PROFILES_JSON", "Launch profiles JSON", "Codex", "json", "Additional launch profile definitions.", true),
     setting("CODEX_DEFAULT_LAUNCH_PROFILE", "Default launch profile", "Codex", "string", "Launch profile ID used by default.", true),
     setting("ENABLE_UNSAFE_LAUNCH_PROFILES", "Enable unsafe profiles", "Codex", "boolean", "Expose danger-full-access profiles.", true),
     setting("PI_CLI_PATH", "Pi CLI path", "Pi", "string", "Optional Pi executable path.", true),
     setting("PI_SESSION_DIR", "Pi session dir", "Pi", "string", "Optional Pi session directory.", true),
     setting("PI_DEFAULT_MODEL", "Default Pi model", "Pi", "string", "Default Pi model slug.", false),
-    setting("PI_DEFAULT_THINKING", "Default Pi thinking", "Pi", "string", "off, minimal, low, medium, high, or xhigh.", false),
-    setting("CONNECTOR_LOG_FORMAT", "Log format", "Operations", "string", "text or json.", true),
-    setting("TOOL_VERBOSITY", "Tool verbosity", "Operations", "string", "all, summary, errors-only, or none.", false),
+    setting("PI_DEFAULT_THINKING", "Default Pi thinking", "Pi", "string", "off, minimal, low, medium, high, or xhigh.", false, ["off", "minimal", "low", "medium", "high", "xhigh"]),
+    setting("PI_DEFAULT_PROFILE", "Default Pi profile", "Pi", "string", "default, readonly, no-tools, offline, or safe-offline.", true, ["default", "readonly", "no-tools", "offline", "safe-offline"]),
+    setting("HERMES_CLI_PATH", "Hermes CLI path", "Hermes", "string", "Optional Hermes executable path.", true),
+    setting("HERMES_HOME", "Hermes home", "Hermes", "string", "Optional Hermes home directory. Defaults to ~/.hermes.", true),
+    setting("HERMES_STATE_DB_PATH", "Hermes state DB path", "Hermes", "string", "Optional explicit Hermes state.db path.", true),
+    setting("HERMES_API_BASE_URL", "Hermes API base URL", "Hermes", "string", "Hermes API Server base URL.", true),
+    setting("HERMES_API_KEY", "Hermes API key", "Hermes", "secret", "Bearer token for the Hermes API Server.", true),
+    setting("HERMES_DEFAULT_MODEL", "Default Hermes model", "Hermes", "string", "Default model label sent to Hermes API runs.", false),
+    setting("HERMES_DEFAULT_REASONING", "Default Hermes reasoning", "Hermes", "string", "none, minimal, low, medium, high, or xhigh.", false, ["none", "minimal", "low", "medium", "high", "xhigh"]),
+    setting("HERMES_DEFAULT_PROFILE", "Default Hermes profile", "Hermes", "string", "default, safe, readonly, or yolo.", true, ["default", "safe", "readonly", "yolo"]),
+    setting("OPENCLAW_CLI_PATH", "OpenClaw CLI path", "OpenClaw", "string", "Optional OpenClaw executable path.", true),
+    setting("OPENCLAW_GATEWAY_URL", "OpenClaw Gateway URL", "OpenClaw", "string", "OpenClaw Gateway WebSocket URL.", true),
+    setting("OPENCLAW_GATEWAY_TOKEN", "OpenClaw Gateway token", "OpenClaw", "secret", "Shared-secret token for the OpenClaw Gateway.", true),
+    setting("OPENCLAW_GATEWAY_PASSWORD", "OpenClaw Gateway password", "OpenClaw", "secret", "Shared-secret password for the OpenClaw Gateway.", true),
+    setting("OPENCLAW_AGENT_ID", "OpenClaw agent ID", "OpenClaw", "string", "Configured OpenClaw agent id, for example main or work.", false),
+    setting("OPENCLAW_HOME", "OpenClaw home", "OpenClaw", "string", "Optional OpenClaw home directory. Defaults to ~/.openclaw.", true),
+    setting("OPENCLAW_STATE_DIR", "OpenClaw state dir", "OpenClaw", "string", "Optional OpenClaw state directory.", true),
+    setting("OPENCLAW_DEFAULT_MODEL", "Default OpenClaw model", "OpenClaw", "string", "Default OpenClaw model id.", false),
+    setting("OPENCLAW_DEFAULT_THINKING", "Default OpenClaw thinking", "OpenClaw", "string", "off, minimal, low, medium, high, or xhigh.", false, ["off", "minimal", "low", "medium", "high", "xhigh"]),
+    setting("OPENCLAW_DEFAULT_PROFILE", "Default OpenClaw profile", "OpenClaw", "string", "default, safe, readonly, local, or deliver.", true, ["default", "safe", "readonly", "local", "deliver"]),
+    setting("CLAUDE_CODE_CLI_PATH", "Claude Code CLI path", "Claude Code", "string", "Optional Claude Code executable path. Defaults to claude on PATH or the SDK bundled runtime.", true),
+    setting("CLAUDE_CONFIG_DIR", "Claude config dir", "Claude Code", "string", "Optional Claude config directory. Defaults to ~/.claude.", true),
+    setting("CLAUDE_CODE_DEFAULT_MODEL", "Default Claude Code model", "Claude Code", "string", "Default Claude Code model alias or model id.", false),
+    setting("CLAUDE_CODE_DEFAULT_EFFORT", "Default Claude Code effort", "Claude Code", "string", "off, low, medium, high, or xhigh.", false, ["off", "low", "medium", "high", "xhigh"]),
+    setting("CLAUDE_CODE_DEFAULT_PROFILE", "Default Claude Code profile", "Claude Code", "string", "default, accept-edits, plan, readonly, no-tools, or bypass-permissions.", true, ["default", "accept-edits", "plan", "readonly", "no-tools", "bypass-permissions"]),
+    setting("CLAUDE_CODE_MAX_TURNS", "Claude Code max turns", "Claude Code", "number", "Maximum agentic turns for each Claude Code prompt.", false),
+    setting("CONNECTOR_LOG_FORMAT", "Log format", "Operations", "string", "text or json.", true, ["text", "json"]),
+    setting("TOOL_VERBOSITY", "Tool verbosity", "Operations", "string", "all, summary, errors-only, or none.", false, ["all", "summary", "errors-only", "none"]),
     setting("SHOW_TURN_TOKEN_USAGE", "Show turn token usage", "Operations", "boolean", "Append per-turn token usage.", false),
     setting("ENABLE_TELEGRAM_LOGIN", "Enable Telegram login", "Operations", "boolean", "Allow /login and /logout.", true),
     setting("ENABLE_TELEGRAM_REACTIONS", "Enable Telegram reactions", "Operations", "boolean", "Send Telegram reactions.", true),
     setting("TELEGRAM_RATE_LIMIT_MIN_INTERVAL_MS", "Telegram send interval", "Operations", "number", "Minimum send interval.", true),
     setting("TELEGRAM_EDIT_MIN_INTERVAL_MS", "Telegram edit interval", "Operations", "number", "Minimum edit interval.", true),
-    setting("TELEGRAM_CLI_MIRROR_MODE", "CLI mirror mode", "Operations", "string", "off, status, final, or full.", false),
+    setting("TELEGRAM_CLI_MIRROR_MODE", "CLI mirror mode", "Operations", "string", "off, status, final, or full.", false, ["off", "status", "final", "full"]),
     setting("TELEGRAM_CLI_MIRROR_MIN_UPDATE_MS", "CLI mirror update interval", "Operations", "number", "Minimum mirrored edit interval.", true),
-    setting("TELEGRAM_NOTIFY_MODE", "Notify mode", "Operations", "string", "off, minimal, or all.", false),
+    setting("TELEGRAM_NOTIFY_MODE", "Notify mode", "Operations", "string", "off, minimal, or all.", false, ["off", "minimal", "all"]),
     setting("TELEGRAM_QUIET_HOURS", "Quiet hours", "Operations", "string", "HH-HH or blank.", false),
     setting("TELEGRAM_REDACT_PATTERNS", "Redaction patterns", "Operations", "list", "Additional comma-separated regex patterns.", true),
-    setting("NORDRELAY_UPDATE_METHOD", "Update method", "Operations", "string", "auto, npm, or git.", true),
+    setting("NORDRELAY_UPDATE_METHOD", "Update method", "Operations", "string", "auto, npm, or git.", true, ["auto", "npm", "git"]),
     setting("MAX_FILE_SIZE", "Max file size", "Artifacts", "number", "Max inbound/outbound file size.", true),
     setting("ARTIFACT_RETENTION_DAYS", "Artifact retention days", "Artifacts", "number", "Days before pruning.", true),
     setting("ARTIFACT_MAX_TURNS", "Max artifact turns", "Artifacts", "number", "Maximum artifact turns retained.", true),
@@ -64,12 +94,12 @@ export const SETTING_DEFINITIONS = [
     setting("TELEGRAM_AUTO_SEND_ARTIFACTS", "Auto-send artifacts", "Artifacts", "boolean", "Automatically send artifact files.", false),
     setting("WORKSPACE_ALLOWED_ROOTS", "Workspace allowed roots", "Workspace", "list", "Restrict selectable workspaces.", true),
     setting("WORKSPACE_WARN_ROOTS", "Workspace warn roots", "Workspace", "list", "Warn for broad workspace roots.", true),
-    setting("NORDRELAY_STATE_BACKEND", "State backend", "Workspace", "string", "json or sqlite.", true),
+    setting("NORDRELAY_STATE_BACKEND", "State backend", "Workspace", "string", "json or sqlite.", true, ["json", "sqlite"]),
     setting("NORDRELAY_AUDIT_MAX_EVENTS", "Audit max events", "Workspace", "number", "Retained audit events.", true),
     setting("NORDRELAY_SESSION_LOCK_TTL_MS", "Session lock TTL", "Workspace", "number", "Write-lock TTL.", true),
     setting("NORDRELAY_VERSION_CACHE_TTL_MS", "Version cache TTL", "Workspace", "number", "NPM version cache TTL.", true),
     setting("OPENAI_API_KEY", "OpenAI API key", "Voice", "secret", "Whisper fallback API key.", true),
-    setting("VOICE_PREFERRED_BACKEND", "Voice backend", "Voice", "string", "auto, parakeet, faster-whisper, or openai.", false),
+    setting("VOICE_PREFERRED_BACKEND", "Voice backend", "Voice", "string", "auto, parakeet, faster-whisper, or openai.", false, ["auto", "parakeet", "faster-whisper", "openai"]),
     setting("VOICE_DEFAULT_LANGUAGE", "Voice language", "Voice", "string", "Default transcription language.", false),
     setting("VOICE_TRANSCRIBE_ONLY", "Voice transcribe only", "Voice", "boolean", "Do not send voice transcripts as prompts.", false),
     setting("FASTER_WHISPER_PYTHON", "faster-whisper Python", "Voice", "string", "Python executable.", true),
@@ -89,15 +119,15 @@ export class SettingsService {
     constructor(envPath) {
         this.envPath = envPath;
     }
-    async snapshot(env = process.env) {
+    async snapshot(env = process.env, activeValues = {}) {
         const parsed = await readEnvFile(this.envPath);
         const settings = SETTING_DEFINITIONS.map((definition) => {
             const configuredValue = parsed[definition.key];
-            const effectiveValue = configuredValue ?? env[definition.key] ?? "";
+            const effectiveValue = configuredValue ?? activeValues[definition.key] ?? env[definition.key] ?? "";
             const masked = SECRET_KEYS.has(definition.key) && Boolean(effectiveValue);
             return {
                 ...definition,
-                value: masked ? maskSecret(effectiveValue) : effectiveValue,
+                value: configuredValue === undefined ? "" : SECRET_KEYS.has(definition.key) && configuredValue ? maskSecret(configuredValue) : configuredValue,
                 effectiveValue: masked ? maskSecret(effectiveValue) : effectiveValue,
                 configured: configuredValue !== undefined,
                 masked,
@@ -108,6 +138,7 @@ export class SettingsService {
     async update(patch) {
         const current = await readEnvFile(this.envPath);
         const changedKeys = [];
+        const errors = [];
         const definitions = new Map(SETTING_DEFINITIONS.map((definition) => [definition.key, definition]));
         for (const [key, rawValue] of Object.entries(patch)) {
             const definition = definitions.get(key);
@@ -125,18 +156,24 @@ export class SettingsService {
                 }
                 continue;
             }
+            const validationError = validateSettingValue(definition, value);
+            if (validationError) {
+                errors.push({ key, message: validationError });
+                continue;
+            }
             if (current[key] !== value) {
                 current[key] = value;
                 changedKeys.push(key);
             }
         }
-        if (changedKeys.length > 0) {
+        if (changedKeys.length > 0 && errors.length === 0) {
             await writeEnvFile(this.envPath, current);
         }
         return {
             envPath: this.envPath,
-            changedKeys,
-            restartRequired: changedKeys.some((key) => definitions.get(key)?.restartRequired),
+            changedKeys: errors.length === 0 ? changedKeys : [],
+            restartRequired: errors.length === 0 && changedKeys.some((key) => definitions.get(key)?.restartRequired),
+            errors,
         };
     }
 }
@@ -144,11 +181,8 @@ export function resolveDashboardEnvPath(home, cwd = process.cwd()) {
     if (process.env.NORDRELAY_ENV_FILE) {
         return path.resolve(process.env.NORDRELAY_ENV_FILE);
     }
-    const homeEnv = path.join(home, "nordrelay.env");
-    if (existsSync(homeEnv)) {
-        return homeEnv;
-    }
-    return path.join(cwd, ".env");
+    void cwd;
+    return path.join(home, "nordrelay.env");
 }
 export function maskSecret(value) {
     if (!value) {
@@ -159,8 +193,28 @@ export function maskSecret(value) {
     }
     return `${value.slice(0, 4)}...${value.slice(-4)}`;
 }
-function setting(key, label, group, kind, description, restartRequired) {
-    return { key, label, group, kind, description, restartRequired };
+function setting(key, label, group, kind, description, restartRequired, options) {
+    return { key, label, group, kind, description, restartRequired, options };
+}
+function validateSettingValue(definition, value) {
+    if (definition.kind === "number" && !Number.isFinite(Number(value))) {
+        return "Must be a number.";
+    }
+    if (definition.kind === "boolean" && !["true", "false", "1", "0", "yes", "no", "on", "off"].includes(value.toLowerCase())) {
+        return "Must be true or false.";
+    }
+    if (definition.kind === "json") {
+        try {
+            JSON.parse(value);
+        }
+        catch (error) {
+            return `Invalid JSON: ${error instanceof Error ? error.message : String(error)}`;
+        }
+    }
+    if (definition.options && !definition.options.includes(value)) {
+        return `Must be one of: ${definition.options.join(", ")}.`;
+    }
+    return null;
 }
 async function readEnvFile(filePath) {
     try {

package/dist/state-backend.js

@@ -1,4 +1,5 @@
 import { createRequire } from "node:module";
+import { mkdirSync } from "node:fs";
 import path from "node:path";
 import { readJsonFileWithBackup, writeJsonFileAtomic } from "./persistence.js";
 const require = createRequire(import.meta.url);
@@ -40,14 +41,22 @@ function tryCreateSqliteDocumentStore(options) {
         return null;
     }
     const filePath = stateBackendPath(options.workspace, "sqlite");
-    const db = new Database(filePath);
-    db.exec([
-        "CREATE TABLE IF NOT EXISTS documents (",
-        "key TEXT PRIMARY KEY,",
-        "json TEXT NOT NULL,",
-        "updated_at TEXT NOT NULL",
-        ")",
-    ].join(" "));
+    let db;
+    try {
+        mkdirSync(path.dirname(filePath), { recursive: true });
+        db = new Database(filePath);
+        db.exec([
+            "CREATE TABLE IF NOT EXISTS documents (",
+            "key TEXT PRIMARY KEY,",
+            "json TEXT NOT NULL,",
+            "updated_at TEXT NOT NULL",
+            ")",
+        ].join(" "));
+    }
+    catch (error) {
+        console.warn(`SQLite state backend failed at ${filePath}:`, error instanceof Error ? error.message : String(error));
+        return null;
+    }
     return {
         kind: "sqlite",
         filePath,

package/dist/web-dashboard-ui.js

@@ -0,0 +1,18 @@
+export const DASHBOARD_PAGES = [
+    { id: "overview", label: "Overview" },
+    { id: "chat", label: "Chat" },
+    { id: "sessions", label: "Sessions" },
+    { id: "queue", label: "Queue" },
+    { id: "tasks", label: "Tasks" },
+    { id: "activity", label: "Activity" },
+    { id: "artifacts", label: "Artifacts" },
+    { id: "adapters", label: "Adapters" },
+    { id: "access", label: "Access" },
+    { id: "version", label: "Version" },
+    { id: "settings", label: "Settings" },
+    { id: "logs", label: "Logs" },
+    { id: "diagnostics", label: "Diagnostics" },
+];
+export function renderDashboardNav(activePage = "overview") {
+    return DASHBOARD_PAGES.map((page) => `<button data-page="${page.id}"${page.id === activePage ? ' class="active"' : ""}>${page.label}</button>`).join("\n        ");
+}