@noxsoft/anima 7.0.1 → 7.0.2

package/dist/{run-D6Ete2Z-.js → run-0F-ZU2kW.js}

@@ -1,79 +1,79 @@
 import { h as expandHomePrefix, i as isNixMode, l as resolveGatewayLockDir, m as resolveStateDir, o as resolveConfigPath, r as STATE_DIR, t as CONFIG_PATH, u as resolveGatewayPort } from "./paths-zhVksOvm.js";
-import { E as getActivePluginRegistry, F as setVerbose, G as setLoggerOverride, H as getChildLogger, U as getLogger, W as getResolvedLoggerSettings, d as defaultRuntime, g as CHANNEL_IDS, i as getResolvedConsoleSettings, n as runtimeForLogger, o as setConsoleSubsystemFilter, s as setConsoleTimestampPrefix, t as createSubsystemLogger, v as DEFAULT_CHAT_CHANNEL } from "./subsystem-BAADN1B8.js";
-import { C as shortenHomePath, D as truncateUtf16Safe, b as resolveUserPath, c as ensureDir$1, d as isPlainObject, r as clamp, t as CONFIG_DIR } from "./utils-CLYlhJuc.js";
-import { C as supportsXHighThinking, _ as normalizeElevatedLevel, b as normalizeUsageDisplay, m as formatXHighModelHint, p as formatThinkingLevels, v as normalizeReasoningLevel, x as normalizeVerboseLevel, y as normalizeThinkLevel } from "./pi-embedded-helpers-BZ9GspxK.js";
-import { $ as archiveFileOnDisk, At as deferGatewayRestartUntilIdle, B as sniffMimeFromBase64, C as verifyNodeToken, Cn as stopDiagnosticHeartbeat, Cr as DEFAULT_INPUT_PDF_MAX_PIXELS, Ct as loadProviderStore, D as registerSkillsChangeListener, Dr as extractImageContentFromSource, E as getSkillsSnapshotVersion, Er as extractFileContentFromSource, F as abortEmbeddedPiRun, Ft as setGatewaySigusr1RestartPolicy, G as canonicalizeSpawnedByForAgent, Gn as CommandLane, Gt as normalizeCronJobPatch, Hn as readLatestAssistantReply, I as waitForEmbeddedPiRunEnd, It as setPreRestartDeferralCheck, J as loadCombinedSessionStoreForGateway, Jn as getAgentRunContext, Jt as normalizeOptionalText, K as listAgentsForGateway, Kn as clearAgentRunContext, Kt as inferLegacyName, L as runNoxSoftEmbeddedAgent, Ln as countActiveDescendantRuns, Lt as consumeRestartSentinel, M as resetAllLanes, Mn as isAbortTrigger, Mr as resolveAgentTimeoutMs, Mt as isGatewaySigusr1RestartExternallyAllowed, N as setCommandLaneConcurrency, Nn as stopSubagentsForRequester, Nt as markGatewaySigusr1RestartHandled, O as clearSessionQueues, Or as normalizeMimeList, P as waitForActiveTasks, Pt as scheduleGatewaySigusr1Restart, Q as resolveSessionModelRef, R as applyToolPolicyPipeline, Rn as initSubagentRegistry, Rt as formatDoctorNonInteractiveHint, S as updatePairedNodeMetadata, Sn as startDiagnosticHeartbeat, Sr as DEFAULT_INPUT_PDF_MAX_PAGES, St as loadProviderUsageSummary, T as verifyPairingToken, Tr as DEFAULT_INPUT_TIMEOUT_MS, Tt as saveProviderStore, U as createAnimaTools, Ut as writeRestartSentinel, V as requestHeartbeatNow, Vn as runSubagentAnnounceFlow, Vt as summarizeRestartSentinel, W as resolveAnnounceTargetFromKey, Wt as normalizeCronJobCreate, X as pruneLegacyStoreKeys, Xn as registerAgentRunContext, Xt as normalizeRequiredName, Y as loadSessionEntry, Yn as onAgentEvent, Yt as normalizePayloadToSystemText, Z as resolveGatewaySessionStoreTarget, Zn as resolveAgentIdentity, Zt as migrateLegacyCronPayload, _ as approveNodePairing, _n as dispatchInboundMessage, _r as DEFAULT_INPUT_FILE_MAX_CHARS, _t as resetDirectoryCache, an as persistBrowserProxyFiles, ar as applyVerboseOverride, at as stripEnvelopeFromMessages, b as renamePairedNode, br as DEFAULT_INPUT_IMAGE_MIMES, bt as runWithModelFallback, c as normalizeSendPolicy, cr as isSystemEventContextChanged, d as primeRemoteSkillsCache, dr as loadModelCatalog, dt as resolveOutboundSessionRoute, en as buildSafeExternalPrompt, et as archiveSessionTranscripts, f as recordRemoteNodeInfo, g as setSkillsRemoteRegistry, gr as DEFAULT_INPUT_FILE_MAX_BYTES, h as removeRemoteNodeInfo, ht as resolveSessionDeliveryTarget, i as setCliSessionId, in as applyBrowserProxyPaths, ir as applyModelOverrideToSessionEntry, it as resolveSessionTranscriptCandidates, j as getTotalQueueSize, jt as emitGatewayRestart, k as getActiveTaskCount, kn as formatZonedTimestamp, kr as estimateBase64DecodedBytes, kt as consumeGatewaySigusr1RestartAuthorization, l as resolveSendPolicy, m as refreshRemoteNodeBins, mr as registerUnhandledRejectionHandler, mt as resolveOutboundTarget, n as BARE_SESSION_RESET_PROMPT, nn as getHookType, nr as lookupContextTokens, nt as readSessionMessages, on as getPluginToolMeta, or as parseVerboseOverride, p as refreshRemoteBinsForConnectedNodes, pn as getChannelActivity, q as listSessionsFromStore, qn as emitAgentEvent, qt as normalizeOptionalAgentId, r as getCliSessionId, rn as isExternalHookSession, rt as readSessionPreviewItemsFromTranscript, sn as loadAnimaPlugins, sr as enqueueSystemEvent, st as normalizeGroupActivation, tn as detectSuspiciousPatterns, tt as capArrayByJsonBytes, u as getRemoteSkillEligibility, ut as ensureOutboundSessionEntry, v as listNodePairing, vn as createReplyDispatcher, vr as DEFAULT_INPUT_FILE_MIMES, vt as resolveMessageChannelSelection, w as generatePairingToken, wn as isDiagnosticsEnabled, wr as DEFAULT_INPUT_PDF_MIN_TEXT_CHARS, wt as maskApiKey, x as requestNodePairing, xr as DEFAULT_INPUT_MAX_REDIRECTS, xt as resolveWorkingModeModelSelection, y as rejectNodePairing, yn as getTotalPendingReplies, yr as DEFAULT_INPUT_IMAGE_MAX_BYTES, z as buildDefaultToolPolicyPipelineSteps, zn as listDescendantRunsForRequester, zt as formatRestartSentinelMessage } from "./reply-ylwOKuOF.js";
+import { D as getActivePluginRegistry, G as getResolvedLoggerSettings, I as setVerbose, K as setLoggerOverride, U as getChildLogger, W as getLogger, _ as CHANNEL_IDS, f as defaultRuntime, i as getResolvedConsoleSettings, n as runtimeForLogger, o as setConsoleSubsystemFilter, s as setConsoleTimestampPrefix, t as createSubsystemLogger, y as DEFAULT_CHAT_CHANNEL } from "./subsystem-DLVQ9bjX.js";
+import { C as shortenHomePath, D as truncateUtf16Safe, b as resolveUserPath, c as ensureDir$1, d as isPlainObject, r as clamp, t as CONFIG_DIR } from "./utils-CkCznJhR.js";
+import { C as supportsXHighThinking, _ as normalizeElevatedLevel, b as normalizeUsageDisplay, m as formatXHighModelHint, p as formatThinkingLevels, v as normalizeReasoningLevel, x as normalizeVerboseLevel, y as normalizeThinkLevel } from "./pi-embedded-helpers-BPtBCnl-.js";
+import { $ as resolveGatewaySessionStoreTarget, $n as resolveAgentIdentity, $t as migrateLegacyCronPayload, Ar as normalizeMimeList, B as applyToolPolicyPipeline, Bn as initSubagentRegistry, Bt as formatDoctorNonInteractiveHint, C as verifyNodeToken, Cr as DEFAULT_INPUT_MAX_REDIRECTS, Ct as resolveWorkingModeModelSelection, D as registerSkillsChangeListener, Dr as DEFAULT_INPUT_TIMEOUT_MS, Dt as saveProviderStore, E as getSkillsSnapshotVersion, En as isDiagnosticsEnabled, Er as DEFAULT_INPUT_PDF_MIN_TEXT_CHARS, Et as maskApiKey, F as abortEmbeddedPiRun, Fn as stopSubagentsForRequester, Ft as markGatewaySigusr1RestartHandled, G as createAnimaTools, Gt as writeRestartSentinel, H as sniffMimeFromBase64, I as waitForEmbeddedPiRunEnd, It as scheduleGatewaySigusr1Restart, J as listAgentsForGateway, Jn as clearAgentRunContext, Jt as inferLegacyName, K as resolveAnnounceTargetFromKey, Kt as normalizeCronJobCreate, L as runNoxSoftEmbeddedAgent, Lt as setGatewaySigusr1RestartPolicy, M as resetAllLanes, Mt as deferGatewayRestartUntilIdle, N as setCommandLaneConcurrency, Nt as emitGatewayRestart, O as clearSessionQueues, Or as extractFileContentFromSource, P as waitForActiveTasks, Pn as isAbortTrigger, Pr as resolveAgentTimeoutMs, Pt as isGatewaySigusr1RestartExternallyAllowed, Q as pruneLegacyStoreKeys, Qn as registerAgentRunContext, Qt as normalizeRequiredName, Rt as setPreRestartDeferralCheck, S as updatePairedNodeMetadata, Sr as DEFAULT_INPUT_IMAGE_MIMES, St as runWithModelFallback, T as verifyPairingToken, Tn as stopDiagnosticHeartbeat, Tr as DEFAULT_INPUT_PDF_MAX_PIXELS, Tt as loadProviderStore, U as requestHeartbeatNow, Un as runSubagentAnnounceFlow, Ut as summarizeRestartSentinel, V as buildDefaultToolPolicyPipelineSteps, Vn as listDescendantRunsForRequester, Vt as formatRestartSentinelMessage, Wn as readLatestAssistantReply, X as loadCombinedSessionStoreForGateway, Xn as getAgentRunContext, Xt as normalizeOptionalText, Y as listSessionsFromStore, Yn as emitAgentEvent, Yt as normalizeOptionalAgentId, Z as loadSessionEntry, Zn as onAgentEvent, Zt as normalizePayloadToSystemText, _ as approveNodePairing, _t as resolveSessionDeliveryTarget, an as isExternalHookSession, at as readSessionPreviewItemsFromTranscript, b as renamePairedNode, bn as createReplyDispatcher, br as DEFAULT_INPUT_FILE_MIMES, bt as resolveMessageChannelSelection, c as normalizeSendPolicy, cn as getPluginToolMeta, cr as parseVerboseOverride, d as primeRemoteSkillsCache, et as resolveSessionModelRef, f as recordRemoteNodeInfo, ft as ensureOutboundSessionEntry, g as setSkillsRemoteRegistry, gr as registerUnhandledRejectionHandler, gt as resolveOutboundTarget, h as removeRemoteNodeInfo, hn as getChannelActivity, i as setCliSessionId, in as getHookType, ir as lookupContextTokens, it as readSessionMessages, j as getTotalQueueSize, jn as formatZonedTimestamp, jr as estimateBase64DecodedBytes, jt as consumeGatewaySigusr1RestartAuthorization, k as getActiveTaskCount, kr as extractImageContentFromSource, l as resolveSendPolicy, ln as loadAnimaPlugins, lr as enqueueSystemEvent, lt as normalizeGroupActivation, m as refreshRemoteNodeBins, n as BARE_SESSION_RESET_PROMPT, nn as buildSafeExternalPrompt, nt as archiveSessionTranscripts, on as applyBrowserProxyPaths, or as applyModelOverrideToSessionEntry, ot as resolveSessionTranscriptCandidates, p as refreshRemoteBinsForConnectedNodes, pr as loadModelCatalog, pt as resolveOutboundSessionRoute, q as canonicalizeSpawnedByForAgent, qn as CommandLane, qt as normalizeCronJobPatch, r as getCliSessionId, rn as detectSuspiciousPatterns, rt as capArrayByJsonBytes, sn as persistBrowserProxyFiles, sr as applyVerboseOverride, st as stripEnvelopeFromMessages, tt as archiveFileOnDisk, u as getRemoteSkillEligibility, ur as isSystemEventContextChanged, v as listNodePairing, vr as DEFAULT_INPUT_FILE_MAX_BYTES, w as generatePairingToken, wn as startDiagnosticHeartbeat, wr as DEFAULT_INPUT_PDF_MAX_PAGES, wt as loadProviderUsageSummary, x as requestNodePairing, xn as getTotalPendingReplies, xr as DEFAULT_INPUT_IMAGE_MAX_BYTES, y as rejectNodePairing, yn as dispatchInboundMessage, yr as DEFAULT_INPUT_FILE_MAX_CHARS, yt as resetDirectoryCache, zn as countActiveDescendantRuns, zt as consumeRestartSentinel } from "./reply-DqXPXQ20.js";
 import { b as isSubagentSessionKey, d as resolveAgentIdFromSessionKey, i as buildAgentMainSessionKey, l as normalizeAgentId, m as toAgentRequestSessionKey, n as DEFAULT_AGENT_ID, t as DEFAULT_ACCOUNT_ID, u as normalizeMainKey, v as isCronRunSessionKey, x as parseAgentSessionKey } from "./session-key-DAZmp8ll.js";
-import { a as logDebug, c as logWarn, n as runExec, t as runCommandWithTimeout } from "./exec-BylR5qWS.js";
+import { a as logDebug, c as logWarn, n as runExec, t as runCommandWithTimeout } from "./exec-ChPERQB-.js";
 import { t as resolveAnimaPackageRoot } from "./anima-root-xWSKR6Wm.js";
-import { T as resolveWorkspaceTemplateDir, _ as DEFAULT_MEMORY_FILENAME, b as DEFAULT_USER_FILENAME, c as resolveDefaultAgentId, d as DEFAULT_AGENTS_FILENAME, g as DEFAULT_MEMORY_ALT_FILENAME, h as DEFAULT_IDENTITY_FILENAME, i as resolveAgentModelFallbacksOverride, l as resolveSessionAgentId, m as DEFAULT_HEARTBEAT_FILENAME, n as resolveAgentConfig, p as DEFAULT_BOOTSTRAP_FILENAME, r as resolveAgentDir, s as resolveAgentWorkspaceDir, t as listAgentIds, v as DEFAULT_SOUL_FILENAME, w as resolveDefaultAgentWorkspaceDir, x as ensureAgentWorkspace, y as DEFAULT_TOOLS_FILENAME } from "./agent-scope-CXxC8FFX.js";
-import { _ as DEFAULT_MODEL, a as isCliProvider, d as resolveConfiguredModelRef, f as resolveDefaultModelForAgent, g as DEFAULT_CONTEXT_TOKENS, h as resolveThinkingDefault, i as getModelRefStatus, p as resolveHooksGmailModel, u as resolveAllowedModelRef, v as DEFAULT_PROVIDER } from "./model-selection-CY6r_3wt.js";
-import { A as resolveAgentMaxConcurrent, M as VERSION, T as applyLegacyMigrations, a as parseConfigJson5, c as resolveConfigSnapshotHash, d as AnimaSchema, i as loadConfig, j as resolveSubagentMaxConcurrent, l as writeConfigFile, m as parseDurationMs, n as migrateLegacyConfig, o as readConfigFileSnapshot, p as sensitive, r as createConfigIO, s as readConfigFileSnapshotForWrite, u as validateConfigObjectWithPlugins, w as applyMergePatch } from "./config-DaD4FsAn.js";
-import { n as logAcceptedEnvOption, t as isTruthyEnvValue } from "./env-DlTia1B4.js";
-import { c as isTestDefaultMemorySlotDisabled } from "./manifest-registry-qF960vMH.js";
-import { A as resolveMainSessionKeyFromConfig, D as resolveAgentMainSessionKey, M as snapshotSessionOrigin, O as resolveExplicitAgentSessionKey, d as deliveryContextFromSession, h as normalizeSessionDeliveryFields, i as loadSessionStore, k as resolveMainSessionKey, l as updateSessionStore, p as mergeDeliveryContext, t as extractDeliveryInfo } from "./sessions-BOzeFzuL.js";
-import { o as detectMime } from "./image-ops-Ct3GueyT.js";
-import { t as normalizePollInput } from "./polls-DFISjV7H.js";
-import { _ as resolveToolProfilePolicy, p as collectExplicitAllowlist } from "./sandbox-pBHlfFdB.js";
+import { T as resolveWorkspaceTemplateDir, _ as DEFAULT_MEMORY_FILENAME, b as DEFAULT_USER_FILENAME, c as resolveDefaultAgentId, d as DEFAULT_AGENTS_FILENAME, g as DEFAULT_MEMORY_ALT_FILENAME, h as DEFAULT_IDENTITY_FILENAME, i as resolveAgentModelFallbacksOverride, l as resolveSessionAgentId, m as DEFAULT_HEARTBEAT_FILENAME, n as resolveAgentConfig, p as DEFAULT_BOOTSTRAP_FILENAME, r as resolveAgentDir, s as resolveAgentWorkspaceDir, t as listAgentIds, v as DEFAULT_SOUL_FILENAME, w as resolveDefaultAgentWorkspaceDir, x as ensureAgentWorkspace, y as DEFAULT_TOOLS_FILENAME } from "./agent-scope-DQ0N_hof.js";
+import { _ as DEFAULT_MODEL, a as isCliProvider, d as resolveConfiguredModelRef, f as resolveDefaultModelForAgent, g as DEFAULT_CONTEXT_TOKENS, h as resolveThinkingDefault, i as getModelRefStatus, p as resolveHooksGmailModel, u as resolveAllowedModelRef, v as DEFAULT_PROVIDER } from "./model-selection-CeZMza3d.js";
+import { A as resolveAgentMaxConcurrent, M as VERSION, T as applyLegacyMigrations, a as parseConfigJson5, c as resolveConfigSnapshotHash, d as AnimaSchema, i as loadConfig, j as resolveSubagentMaxConcurrent, l as writeConfigFile, m as parseDurationMs, n as migrateLegacyConfig, o as readConfigFileSnapshot, p as sensitive, r as createConfigIO, s as readConfigFileSnapshotForWrite, u as validateConfigObjectWithPlugins, w as applyMergePatch } from "./config-MZ5clMl4.js";
+import { n as logAcceptedEnvOption, t as isTruthyEnvValue } from "./env-ByZjwIJR.js";
+import { c as isTestDefaultMemorySlotDisabled } from "./manifest-registry-Cwvk5hu8.js";
+import { A as resolveMainSessionKeyFromConfig, D as resolveAgentMainSessionKey, M as snapshotSessionOrigin, O as resolveExplicitAgentSessionKey, d as deliveryContextFromSession, h as normalizeSessionDeliveryFields, i as loadSessionStore, k as resolveMainSessionKey, l as updateSessionStore, p as mergeDeliveryContext, t as extractDeliveryInfo } from "./sessions-DBQx8E1H.js";
+import { o as detectMime } from "./image-ops-vj06APeW.js";
+import { t as normalizePollInput } from "./polls-aumqIVob.js";
+import { _ as resolveToolProfilePolicy, p as collectExplicitAllowlist } from "./sandbox-mSWYRXFm.js";
 import { t as formatCliCommand } from "./command-format-BCtkuvqF.js";
-import { a as AUTH_RATE_LIMIT_SCOPE_DEVICE_TOKEN, c as safeEqualSecret, d as enableTailscaleFunnel, f as enableTailscaleServe, i as resolveGatewayAuth, l as disableTailscaleFunnel, m as getTailnetHostname, n as authorizeGatewayConnect, o as AUTH_RATE_LIMIT_SCOPE_SHARED_SECRET, r as isLocalDirectRequest, s as createAuthRateLimiter, t as assertGatewayAuthConfigured, u as disableTailscaleServe } from "./auth-DsC5pZ_0.js";
+import { a as AUTH_RATE_LIMIT_SCOPE_DEVICE_TOKEN, c as safeEqualSecret, d as enableTailscaleFunnel, f as enableTailscaleServe, i as resolveGatewayAuth, l as disableTailscaleFunnel, m as getTailnetHostname, n as authorizeGatewayConnect, o as AUTH_RATE_LIMIT_SCOPE_SHARED_SECRET, r as isLocalDirectRequest, s as createAuthRateLimiter, t as assertGatewayAuthConfigured, u as disableTailscaleServe } from "./auth-CuGlMw6p.js";
 import { n as pickPrimaryTailnetIPv6, t as pickPrimaryTailnetIPv4 } from "./tailnet-Bg_vE5qi.js";
 import { a as isTrustedProxyAddress, c as pickPrimaryLanIPv4, d as resolveGatewayListenHosts, i as isPrivateOrLoopbackAddress, l as resolveGatewayBindHost, n as isLoopbackAddress, r as isLoopbackHost, t as rawDataToString, u as resolveGatewayClientIp } from "./ws-BapRHqfx.js";
-import { r as movePathToTrash } from "./server-context-Yx4pgBqJ.js";
-import { i as loadWorkspaceSkillEntries, r as buildWorkspaceSkillSnapshot, x as hasBinary } from "./skills-4v6-kw0C.js";
+import { r as movePathToTrash } from "./server-context-DTlBzMyD.js";
+import { i as loadWorkspaceSkillEntries, r as buildWorkspaceSkillSnapshot, x as hasBinary } from "./skills-DjVFhlQY.js";
 import { n as formatErrorMessage } from "./errors-Bv81hF2P.js";
-import { a as inspectPortUsage, s as formatPortDiagnostics } from "./ports-q535r1PZ.js";
-import { f as GATEWAY_CLIENT_CAPS, g as hasGatewayClientCap, i as isGatewayMessageChannel, l as normalizeMessageChannel, n as isDeliverableMessageChannel, p as GATEWAY_CLIENT_IDS, r as isGatewayCliClient, s as isWebchatClient, t as INTERNAL_MESSAGE_CHANNEL } from "./message-channel-CMsexA3K.js";
-import { n as listChannelPlugins, r as normalizeChannelId, t as getChannelPlugin } from "./plugins-DYcg0qBW.js";
+import { a as inspectPortUsage, s as formatPortDiagnostics } from "./ports-B20JTuiL.js";
+import { f as GATEWAY_CLIENT_CAPS, g as hasGatewayClientCap, i as isGatewayMessageChannel, l as normalizeMessageChannel, n as isDeliverableMessageChannel, p as GATEWAY_CLIENT_IDS, r as isGatewayCliClient, s as isWebchatClient, t as INTERNAL_MESSAGE_CHANNEL } from "./message-channel-CfwNj8mC.js";
+import { n as listChannelPlugins, r as normalizeChannelId, t as getChannelPlugin } from "./plugins-BqPGs8w-.js";
 import { c as resolveStorePath, i as resolveSessionTranscriptPath, n as resolveSessionFilePath, r as resolveSessionFilePathOptions, s as resolveSessionTranscriptsDirForAgent } from "./paths-Dazi-gYo.js";
-import { O as normalizeSecretInput } from "./auth-profiles-C-LuhW6c.js";
-import { n as SILENT_REPLY_TOKEN, r as isSilentReplyText } from "./tokens-SP2Q7i59.js";
-import { B as resolveTtsConfig, F as isTtsProviderConfigured, G as setTtsEnabled, H as resolveTtsProviderOrder, J as textToSpeech, M as getTtsProvider, P as isTtsEnabled, R as resolveTtsApiKey, T as resolveUserTimezone, V as resolveTtsPrefsPath, X as OPENAI_TTS_MODELS, Z as OPENAI_TTS_VOICES, ct as createInternalHookEvent, dt as DEFAULT_HEARTBEAT_ACK_MAX_CHARS, et as clearSteer, ht as stripHeartbeatToken, it as getEgoManager, lt as registerInternalHook, nt as getSteerHistory, q as setTtsProvider, rt as setSteer, st as clearInternalHooks, tt as getSteer, ut as triggerInternalHook, z as resolveTtsAutoMode } from "./anthropic-direct-runner-C5pnwYzT.js";
-import { o as normalizeReplyPayloadsForDelivery, t as deliverOutboundPayloads, x as runGlobalGatewayStopSafely, y as getGlobalHookRunner } from "./deliver-BKzX3YoN.js";
-import { i as resolveMemoryBackendConfig, r as getMemorySearchManager } from "./memory-cli-DLtBA6r5.js";
+import { O as normalizeSecretInput } from "./auth-profiles-XI2YBb-w.js";
+import { n as SILENT_REPLY_TOKEN, r as isSilentReplyText } from "./tokens-BelyD23F.js";
+import { B as resolveTtsConfig, F as isTtsProviderConfigured, G as setTtsEnabled, H as resolveTtsProviderOrder, J as textToSpeech, M as getTtsProvider, P as isTtsEnabled, R as resolveTtsApiKey, T as resolveUserTimezone, V as resolveTtsPrefsPath, X as OPENAI_TTS_MODELS, Z as OPENAI_TTS_VOICES, ct as createInternalHookEvent, dt as DEFAULT_HEARTBEAT_ACK_MAX_CHARS, et as clearSteer, ht as stripHeartbeatToken, it as getEgoManager, lt as registerInternalHook, nt as getSteerHistory, q as setTtsProvider, rt as setSteer, st as clearInternalHooks, tt as getSteer, ut as triggerInternalHook, z as resolveTtsAutoMode } from "./anthropic-direct-runner-BgFOZS8B.js";
+import { o as normalizeReplyPayloadsForDelivery, t as deliverOutboundPayloads, x as runGlobalGatewayStopSafely, y as getGlobalHookRunner } from "./deliver-BknvuSJz.js";
+import { i as resolveMemoryBackendConfig, r as getMemorySearchManager } from "./memory-cli-DMJqELwh.js";
 import { a as readTrustGraphSnapshot, c as pruneExpiredPending, d as writeJsonAtomic, l as readJsonFile, o as saveTrustGraph, s as createAsyncLock, u as resolvePairingPaths } from "./loader-Bw2wdN4l.js";
-import { t as ToolInputError } from "./common-BCW6hLGI.js";
-import { $ as validateNodePairRequestParams, A as validateCronStatusParams, B as validateExecApprovalsNodeGetParams, C as validateConfigSetParams, Ct as validateWizardCancelParams, D as validateCronRemoveParams, Dt as PROTOCOL_VERSION, E as validateCronListParams, Et as validateWizardStatusParams, F as validateDeviceTokenRevokeParams, G as validateNodeDescribeParams, H as validateExecApprovalsSetParams, I as validateDeviceTokenRotateParams, It as deriveDeviceIdFromPublicKey, J as validateNodeInvokeResultParams, K as validateNodeEventParams, L as validateExecApprovalRequestParams, M as validateDevicePairApproveParams, N as validateDevicePairListParams, Nt as normalizeInputProvenance, O as validateCronRunParams, Ot as ErrorCodes, P as validateDevicePairRejectParams, Pt as buildDeviceAuthPayload, Q as validateNodePairRejectParams, R as validateExecApprovalResolveParams, Rt as normalizeDevicePublicKeyBase64Url, S as validateConfigSchemaParams, St as validateWebLoginWaitParams, T as validateCronAddParams, Tt as validateWizardStartParams, U as validateLogsTailParams, V as validateExecApprovalsNodeSetParams, W as validateModelsListParams, X as validateNodePairApproveParams, Y as validateNodeListParams, Z as validateNodePairListParams, _ as validateChatInjectParams, _t as validateTalkConfigParams, a as validateAgentWaitParams, at as validateSessionsCompactParams, b as validateConfigGetParams, bt as validateWakeParams, c as validateAgentsFilesGetParams, ct as validateSessionsPatchParams, d as validateAgentsListParams, dt as validateSessionsResolveParams, et as validateNodePairVerifyParams, f as validateAgentsUpdateParams, ft as validateSessionsUsageParams, g as validateChatHistoryParams, gt as validateSkillsUpdateParams, h as validateChatAbortParams, ht as validateSkillsStatusParams, i as validateAgentParams, it as validateSendParams, j as validateCronUpdateParams, jt as parseSessionLabel, k as validateCronRunsParams, kt as errorShape, l as validateAgentsFilesListParams, lt as validateSessionsPreviewParams, m as validateChannelsStatusParams, mt as validateSkillsInstallParams, n as formatValidationErrors, nt as validatePollParams, o as validateAgentsCreateParams, ot as validateSessionsDeleteParams, p as validateChannelsLogoutParams, pt as validateSkillsBinsParams, q as validateNodeInvokeParams, r as validateAgentIdentityParams, rt as validateRequestFrame, s as validateAgentsDeleteParams, st as validateSessionsListParams, tt as validateNodeRenameParams, u as validateAgentsFilesSetParams, ut as validateSessionsResetParams, v as validateChatSendParams, vt as validateTalkModeParams, w as validateConnectParams, wt as validateWizardNextParams, x as validateConfigPatchParams, xt as validateWebLoginStartParams, y as validateConfigApplyParams, yt as validateUpdateRunParams, z as validateExecApprovalsGetParams, zt as verifyDeviceSignature } from "./client-BWkoTfOH.js";
-import { s as loadGatewayTlsRuntime$1 } from "./call-CDPbPDAr.js";
-import { a as resolveSubagentToolPolicy, i as resolveGroupToolPolicy, r as resolveEffectiveToolPolicy } from "./pi-tools.policy-WdTAfqbV.js";
-import { n as createBrowserControlContext, r as startBrowserControlServiceFromConfig } from "./control-service-5YtMvm7D.js";
-import { t as createBrowserRouteDispatcher } from "./dispatcher-DzwzLQRk.js";
+import { t as ToolInputError } from "./common-fIXNXke2.js";
+import { $ as validateNodePairRequestParams, A as validateCronStatusParams, B as validateExecApprovalsNodeGetParams, C as validateConfigSetParams, Ct as validateWizardCancelParams, D as validateCronRemoveParams, Dt as PROTOCOL_VERSION, E as validateCronListParams, Et as validateWizardStatusParams, F as validateDeviceTokenRevokeParams, G as validateNodeDescribeParams, H as validateExecApprovalsSetParams, I as validateDeviceTokenRotateParams, It as deriveDeviceIdFromPublicKey, J as validateNodeInvokeResultParams, K as validateNodeEventParams, L as validateExecApprovalRequestParams, M as validateDevicePairApproveParams, N as validateDevicePairListParams, Nt as normalizeInputProvenance, O as validateCronRunParams, Ot as ErrorCodes, P as validateDevicePairRejectParams, Pt as buildDeviceAuthPayload, Q as validateNodePairRejectParams, R as validateExecApprovalResolveParams, Rt as normalizeDevicePublicKeyBase64Url, S as validateConfigSchemaParams, St as validateWebLoginWaitParams, T as validateCronAddParams, Tt as validateWizardStartParams, U as validateLogsTailParams, V as validateExecApprovalsNodeSetParams, W as validateModelsListParams, X as validateNodePairApproveParams, Y as validateNodeListParams, Z as validateNodePairListParams, _ as validateChatInjectParams, _t as validateTalkConfigParams, a as validateAgentWaitParams, at as validateSessionsCompactParams, b as validateConfigGetParams, bt as validateWakeParams, c as validateAgentsFilesGetParams, ct as validateSessionsPatchParams, d as validateAgentsListParams, dt as validateSessionsResolveParams, et as validateNodePairVerifyParams, f as validateAgentsUpdateParams, ft as validateSessionsUsageParams, g as validateChatHistoryParams, gt as validateSkillsUpdateParams, h as validateChatAbortParams, ht as validateSkillsStatusParams, i as validateAgentParams, it as validateSendParams, j as validateCronUpdateParams, jt as parseSessionLabel, k as validateCronRunsParams, kt as errorShape, l as validateAgentsFilesListParams, lt as validateSessionsPreviewParams, m as validateChannelsStatusParams, mt as validateSkillsInstallParams, n as formatValidationErrors, nt as validatePollParams, o as validateAgentsCreateParams, ot as validateSessionsDeleteParams, p as validateChannelsLogoutParams, pt as validateSkillsBinsParams, q as validateNodeInvokeParams, r as validateAgentIdentityParams, rt as validateRequestFrame, s as validateAgentsDeleteParams, st as validateSessionsListParams, tt as validateNodeRenameParams, u as validateAgentsFilesSetParams, ut as validateSessionsResetParams, v as validateChatSendParams, vt as validateTalkModeParams, w as validateConnectParams, wt as validateWizardNextParams, x as validateConfigPatchParams, xt as validateWebLoginStartParams, y as validateConfigApplyParams, yt as validateUpdateRunParams, z as validateExecApprovalsGetParams, zt as verifyDeviceSignature } from "./client-DOTb2PN6.js";
+import { s as loadGatewayTlsRuntime$1 } from "./call-Bn9iKzhX.js";
+import { a as resolveSubagentToolPolicy, i as resolveGroupToolPolicy, r as resolveEffectiveToolPolicy } from "./pi-tools.policy-DuWNVoem.js";
+import { n as createBrowserControlContext, r as startBrowserControlServiceFromConfig } from "./control-service-BGnqY7vv.js";
+import { t as createBrowserRouteDispatcher } from "./dispatcher-DpEzmU7s.js";
 import { t as parseAbsoluteTimeMs } from "./parse-Cinbkvj-.js";
 import { c as saveToken, i as getToken, l as whoami, n as clearToken, o as registerWithInvite, s as resolveSuggestedIdentity, t as TOKEN_PATH } from "./noxsoft-auth-CE75mBXE.js";
 import { i as loadSessionUsageTimeSeries, l as deriveSessionTotalTokens, n as loadCostUsageSummary, r as loadSessionCostSummary, t as discoverAllSessions, u as hasNonzeroUsage } from "./session-cost-usage-BWqR-ik6.js";
 import { f as resolveExecApprovalsSocketPath, o as normalizeExecApprovals, p as saveExecApprovals, r as ensureExecApprovals, s as readExecApprovalsSnapshot, t as DEFAULT_EXEC_APPROVAL_TIMEOUT_MS } from "./exec-approvals-DK5-KCUz.js";
-import { c as resolveCronStyleNow, i as onHeartbeatEvent, r as getLastHeartbeatEvent, t as resolveHeartbeatVisibility } from "./heartbeat-visibility-BaL8JzkS.js";
-import { r as buildHistoryContextFromEntries, t as createReplyPrefixOptions } from "./reply-prefix-CEnF6TUe.js";
-import { n as createOutboundSendDeps, t as createDefaultDeps } from "./deps-DKPoFoa8.js";
-import { t as ensureAnimaCliOnPath } from "./path-env-DLQPf9qj.js";
-import { t as forceFreePortAndWait } from "./ports-DaVrZDUq.js";
-import { t as buildChannelUiCatalog } from "./catalog-CsXv59Tq.js";
-import { t as buildWorkspaceSkillStatus } from "./skills-status-CvH7AUoY.js";
+import { c as resolveCronStyleNow, i as onHeartbeatEvent, r as getLastHeartbeatEvent, t as resolveHeartbeatVisibility } from "./heartbeat-visibility-DZOi_4uV.js";
+import { r as buildHistoryContextFromEntries, t as createReplyPrefixOptions } from "./reply-prefix-CZy4g8SY.js";
+import { n as createOutboundSendDeps, t as createDefaultDeps } from "./deps-oUYlT5Sq.js";
+import { t as ensureAnimaCliOnPath } from "./path-env-BAjR_Xf_.js";
+import { t as forceFreePortAndWait } from "./ports-D6bjtvhF.js";
+import { t as buildChannelUiCatalog } from "./catalog-BqTvQqiq.js";
+import { t as buildWorkspaceSkillStatus } from "./skills-status-BmZufjT1.js";
 import { n as DEFAULT_GATEWAY_HTTP_TOOL_DENY } from "./dangerous-tools-BCnOEYau.js";
-import { C as resolveAssistantAvatarUrl, S as normalizeControlUiBasePath, b as CONTROL_UI_AVATAR_PREFIX, c as handleReset, h as resolveControlUiLinks, x as buildControlUiAvatarUrl } from "./onboard-helpers-CJ3HzoUO.js";
-import { t as resolveGatewayService } from "./service-Dd1DfPia.js";
+import { C as resolveAssistantAvatarUrl, S as normalizeControlUiBasePath, b as CONTROL_UI_AVATAR_PREFIX, c as handleReset, h as resolveControlUiLinks, x as buildControlUiAvatarUrl } from "./onboard-helpers-rHLFiSIc.js";
+import { t as resolveGatewayService } from "./service-ho_k2vjr.js";
 import { t as parsePort } from "./parse-port-CDPwDUs3.js";
-import { n as resolveWideAreaDiscoveryDomain, r as writeWideAreaGatewayZone } from "./widearea-dns-CHAT20aR.js";
-import { i as toOptionString, n as extractGatewayMiskeys, r as maybeExplainGatewayServiceStop, t as describeUnknownError } from "./shared-C-rqLtIT.js";
-import { o as isNodeCommandAllowed, s as resolveNodeCommandAllowlist } from "./audit-B05W5ckN.js";
-import { n as getStatusSummary } from "./status-BhRELdY_.js";
+import { n as resolveWideAreaDiscoveryDomain, r as writeWideAreaGatewayZone } from "./widearea-dns-DlJrNJOg.js";
+import { i as toOptionString, n as extractGatewayMiskeys, r as maybeExplainGatewayServiceStop, t as describeUnknownError } from "./shared-BFzq0XE1.js";
+import { o as isNodeCommandAllowed, s as resolveNodeCommandAllowlist } from "./audit-jddM3B16.js";
+import { n as getStatusSummary } from "./status-D1zupVBm.js";
 import { t as resolveChannelDefaultAccountId } from "./helpers-1MPChTcB.js";
-import { c as startHeartbeatRunner, n as getHealthSnapshot, o as runHeartbeatOnce, s as setHeartbeatsEnabled } from "./health-yw_uaucz.js";
-import { t as applyPluginAutoEnable } from "./plugin-auto-enable-CtYcdTju.js";
-import { a as resolveControlUiRootOverrideSync, n as ensureControlUiAssetsBuilt, o as resolveControlUiRootSync } from "./health-format-D-JJ5_S4.js";
+import { c as startHeartbeatRunner, n as getHealthSnapshot, o as runHeartbeatOnce, s as setHeartbeatsEnabled } from "./health-DrokrOLQ.js";
+import { t as applyPluginAutoEnable } from "./plugin-auto-enable-DvYJhgJ2.js";
+import { a as resolveControlUiRootOverrideSync, n as ensureControlUiAssetsBuilt, o as resolveControlUiRootSync } from "./health-format-CzNDrJ8Z.js";
 import { n as validateSystemRunCommandConsistency, r as getMachineDisplayName, t as formatExecCommand } from "./system-run-command-Bx8-5h2r.js";
-import { h as normalizeUpdateChannel, l as DEFAULT_PACKAGE_CHANNEL, n as checkUpdateStatus, o as resolveNpmChannelTag, r as compareSemverStrings } from "./channels-status-issues-WkG3Tmxk.js";
-import { t as WizardCancelledError } from "./prompts-Bq4QGFQM.js";
-import { i as shouldIncludeHook, n as loadWorkspaceHookEntries, r as resolveHookConfig } from "./hooks-status-DdweuSIj.js";
-import { t as runOnboardingWizard } from "./onboarding-fnZOw6Wv.js";
-import { a as setGatewayWsLogStyle, i as summarizeAgentEventForWsLog, n as logWs, r as shouldLogWs, t as formatForLog } from "./ws-log-CUobU2tD.js";
-import { T as resolveGmailHookRuntimeConfig, _ as buildGogWatchServeArgs, i as ensureTailscaleEndpoint, v as buildGogWatchStartArgs } from "./gmail-setup-utils-DaJoXV_3.js";
+import { h as normalizeUpdateChannel, l as DEFAULT_PACKAGE_CHANNEL, n as checkUpdateStatus, o as resolveNpmChannelTag, r as compareSemverStrings } from "./channels-status-issues-4XxYhQ8S.js";
+import { t as WizardCancelledError } from "./prompts-D6Xc1Ddb.js";
+import { i as shouldIncludeHook, n as loadWorkspaceHookEntries, r as resolveHookConfig } from "./hooks-status-BQ7M6bIq.js";
+import { t as runOnboardingWizard } from "./onboarding-BGXbXgds.js";
+import { a as setGatewayWsLogStyle, i as summarizeAgentEventForWsLog, n as logWs, r as shouldLogWs, t as formatForLog } from "./ws-log-Cvz4xRCD.js";
+import { T as resolveGmailHookRuntimeConfig, _ as buildGogWatchServeArgs, i as ensureTailscaleEndpoint, v as buildGogWatchStartArgs } from "./gmail-setup-utils-lTV5KDPF.js";
 import { t as createOutboundSendDeps$1 } from "./outbound-send-deps-DVfWC4E8.js";
-import { a as loadAgentIdentity, c as loadAgentIdentityFromWorkspace, i as listAgentEntries, o as pruneAgentConfig, r as findAgentEntryIndex, t as applyAgentConfig } from "./agents.config-BR5JLtud.js";
-import { n as resolveAgentDeliveryPlan, r as resolveAgentOutboundTarget, t as agentCommand } from "./agent-BjD_hkGZ.js";
+import { a as loadAgentIdentity, c as loadAgentIdentityFromWorkspace, i as listAgentEntries, o as pruneAgentConfig, r as findAgentEntryIndex, t as applyAgentConfig } from "./agents.config-DrViQjgD.js";
+import { n as resolveAgentDeliveryPlan, r as resolveAgentOutboundTarget, t as agentCommand } from "./agent-xPFmA8jO.js";
 import { t as migrateFromCoherence } from "./migrate-DuohB_ur.js";
-import { t as installSkill } from "./skills-install-D6_qpRjW.js";
-import { t as runGatewayUpdate } from "./update-runner-C8SRcVm3.js";
+import { t as installSkill } from "./skills-install-CVWWsOf2.js";
+import { t as runGatewayUpdate } from "./update-runner-C7CjKcMp.js";
 import { fileURLToPath, pathToFileURL } from "node:url";
 import * as fsSync from "node:fs";
 import fs, { constants } from "node:fs";
@@ -111,7 +111,7 @@ function getActiveEmbeddedRunCount() {
 
 //#endregion
 //#region src/infra/exec-approval-forwarder.ts
-const log$12 = createSubsystemLogger("gateway/exec-approvals");
+const log$14 = createSubsystemLogger("gateway/exec-approvals");
 const DEFAULT_MODE = "session";
 function normalizeMode(mode) {
 	return mode ?? DEFAULT_MODE;
@@ -226,7 +226,7 @@ async function deliverToTargets(params) {
 				payloads: [{ text: params.text }]
 			});
 		} catch (err) {
-			log$12.error(`exec approvals: failed to deliver to ${channel}:${target.to}: ${String(err)}`);
+			log$14.error(`exec approvals: failed to deliver to ${channel}:${target.to}: ${String(err)}`);
 		}
 	});
 	await Promise.allSettled(deliveries);
@@ -1463,7 +1463,7 @@ function createAgentEventHandler({ broadcast, broadcastToConnIds, nodeSendToSess
 * Automatically starts `gog gmail watch serve` when the gateway starts,
 * if hooks.gmail is configured with an account.
 */
-const log$11 = createSubsystemLogger("gmail-watcher");
+const log$13 = createSubsystemLogger("gmail-watcher");
 const ADDRESS_IN_USE_RE = /address already in use|EADDRINUSE/i;
 function isAddressInUseError(line) {
 	return ADDRESS_IN_USE_RE.test(line);
@@ -1487,13 +1487,13 @@ async function startGmailWatch(cfg) {
 		const result = await runCommandWithTimeout(args, { timeoutMs: 12e4 });
 		if (result.code !== 0) {
 			const message = result.stderr || result.stdout || "gog watch start failed";
-			log$11.error(`watch start failed: ${message}`);
+			log$13.error(`watch start failed: ${message}`);
 			return false;
 		}
-		log$11.info(`watch started for ${cfg.account}`);
+		log$13.info(`watch started for ${cfg.account}`);
 		return true;
 	} catch (err) {
-		log$11.error(`watch start error: ${String(err)}`);
+		log$13.error(`watch start error: ${String(err)}`);
 		return false;
 	}
 }
@@ -1502,7 +1502,7 @@ async function startGmailWatch(cfg) {
 */
 function spawnGogServe(cfg) {
 	const args = buildGogWatchServeArgs(cfg);
-	log$11.info(`starting gog ${args.join(" ")}`);
+	log$13.info(`starting gog ${args.join(" ")}`);
 	let addressInUse = false;
 	const child = spawn("gog", args, {
 		stdio: [
@@ -1514,25 +1514,25 @@ function spawnGogServe(cfg) {
 	});
 	child.stdout?.on("data", (data) => {
 		const line = data.toString().trim();
-		if (line) log$11.info(`[gog] ${line}`);
+		if (line) log$13.info(`[gog] ${line}`);
 	});
 	child.stderr?.on("data", (data) => {
 		const line = data.toString().trim();
 		if (!line) return;
 		if (isAddressInUseError(line)) addressInUse = true;
-		log$11.warn(`[gog] ${line}`);
+		log$13.warn(`[gog] ${line}`);
 	});
 	child.on("error", (err) => {
-		log$11.error(`gog process error: ${String(err)}`);
+		log$13.error(`gog process error: ${String(err)}`);
 	});
 	child.on("exit", (code, signal) => {
 		if (shuttingDown) return;
 		if (addressInUse) {
-			log$11.warn("gog serve failed to bind (address already in use); stopping restarts. Another watcher is likely running. Set ANIMA_SKIP_GMAIL_WATCHER=1 or stop the other process.");
+			log$13.warn("gog serve failed to bind (address already in use); stopping restarts. Another watcher is likely running. Set ANIMA_SKIP_GMAIL_WATCHER=1 or stop the other process.");
 			watcherProcess = null;
 			return;
 		}
-		log$11.warn(`gog exited (code=${code}, signal=${signal}); restarting in 5s`);
+		log$13.warn(`gog exited (code=${code}, signal=${signal}); restarting in 5s`);
 		watcherProcess = null;
 		setTimeout(() => {
 			if (shuttingDown || !currentConfig) return;
@@ -1572,15 +1572,15 @@ async function startGmailWatcher(cfg) {
 			port: runtimeConfig.serve.port,
 			target: runtimeConfig.tailscale.target
 		});
-		log$11.info(`tailscale ${runtimeConfig.tailscale.mode} configured for port ${runtimeConfig.serve.port}`);
+		log$13.info(`tailscale ${runtimeConfig.tailscale.mode} configured for port ${runtimeConfig.serve.port}`);
 	} catch (err) {
-		log$11.error(`tailscale setup failed: ${String(err)}`);
+		log$13.error(`tailscale setup failed: ${String(err)}`);
 		return {
 			started: false,
 			reason: `tailscale setup failed: ${String(err)}`
 		};
 	}
-	if (!await startGmailWatch(runtimeConfig)) log$11.warn("gmail watch start failed, but continuing with serve");
+	if (!await startGmailWatch(runtimeConfig)) log$13.warn("gmail watch start failed, but continuing with serve");
 	shuttingDown = false;
 	watcherProcess = spawnGogServe(runtimeConfig);
 	const renewMs = runtimeConfig.renewEveryMinutes * 6e4;
@@ -1588,7 +1588,7 @@ async function startGmailWatcher(cfg) {
 		if (shuttingDown) return;
 		startGmailWatch(runtimeConfig);
 	}, renewMs);
-	log$11.info(`gmail watcher started for ${runtimeConfig.account} (renew every ${runtimeConfig.renewEveryMinutes}m)`);
+	log$13.info(`gmail watcher started for ${runtimeConfig.account} (renew every ${runtimeConfig.renewEveryMinutes}m)`);
 	return { started: true };
 }
 /**
@@ -1601,7 +1601,7 @@ async function stopGmailWatcher() {
 		renewInterval = null;
 	}
 	if (watcherProcess) {
-		log$11.info("stopping gmail watcher");
+		log$13.info("stopping gmail watcher");
 		watcherProcess.kill("SIGTERM");
 		await new Promise((resolve) => {
 			const timeout = setTimeout(() => {
@@ -1616,7 +1616,7 @@ async function stopGmailWatcher() {
 		watcherProcess = null;
 	}
 	currentConfig = null;
-	log$11.info("gmail watcher stopped");
+	log$13.info("gmail watcher stopped");
 }
 
 //#endregion
@@ -4894,6 +4894,8 @@ const BASE_METHODS = [
 	"anima.registration.status",
 	"anima.registration.set-token",
 	"anima.registration.register-invite",
+	"ico.metrics.get",
+	"impact.footprint.get",
 	"health",
 	"logs.tail",
 	"channels.status",
@@ -4978,7 +4980,14 @@ const BASE_METHODS = [
 	"agent",
 	"agent.identity.get",
 	"agent.wait",
+	"browser.capabilities.get",
 	"browser.request",
+	"desktop.control.session.create",
+	"desktop.control.session.list",
+	"desktop.control.session.get",
+	"desktop.control.session.approve",
+	"desktop.control.session.close",
+	"desktop.control.session.request",
 	"chat.history",
 	"chat.abort",
 	"chat.send"
@@ -8260,6 +8269,44 @@ function safeParseJson(value) {
 
 //#endregion
 //#region src/gateway/server-methods/browser.ts
+const DESKTOP_CONTROL_DEFAULT_TTL_MS = 900 * 1e3;
+const DESKTOP_CONTROL_MIN_TTL_MS = 60 * 1e3;
+const DESKTOP_CONTROL_MAX_TTL_MS = 14400 * 1e3;
+const DESKTOP_CONTROL_MAX_REASON_LEN = 240;
+const DESKTOP_CONTROL_AUDIT_MAX_EVENTS = 200;
+const DESKTOP_CONTROL_RETENTION_MS = 7200 * 1e3;
+const DESKTOP_CONTROL_DEFAULT_ALLOWED_METHODS = ["GET"];
+const DESKTOP_CONTROL_ALLOWED_METHODS = [
+	"GET",
+	"POST",
+	"DELETE"
+];
+const DESKTOP_CONTROL_DEFAULT_MAX_REQUESTS = 40;
+const DESKTOP_CONTROL_MIN_MAX_REQUESTS = 1;
+const DESKTOP_CONTROL_MAX_MAX_REQUESTS = 500;
+const DESKTOP_CONTROL_MAX_NOTE_LEN = 500;
+const DESKTOP_CONTROL_MIN_DECISION_NOTE_LEN = 8;
+const DESKTOP_CONTROL_LIST_MIN_LIMIT = 1;
+const DESKTOP_CONTROL_LIST_MAX_LIMIT = 500;
+const DESKTOP_CONTROL_LIST_MIN_OFFSET = 0;
+const DESKTOP_CONTROL_LIST_MAX_OFFSET = 1e4;
+const BROWSER_REQUEST_MIN_TIMEOUT_MS = 1;
+const BROWSER_REQUEST_MAX_TIMEOUT_MS = 12e4;
+const DESKTOP_CONTROL_SESSION_STATES = [
+	"pending_approval",
+	"active",
+	"denied",
+	"closed",
+	"expired"
+];
+const DESKTOP_CONTROL_SESSION_DECISIONS = [
+	"pending",
+	"allow",
+	"deny"
+];
+const DESKTOP_CONTROL_SESSION_ROUTE_KINDS = ["local", "node"];
+const DESKTOP_CONTROL_SESSION_RISK_LEVELS = ["standard", "elevated"];
+const desktopControlSessions = /* @__PURE__ */ new Map();
 function isBrowserNode(node) {
 	const caps = Array.isArray(node.caps) ? node.caps : [];
 	const commands = Array.isArray(node.commands) ? node.commands : [];
@@ -8309,32 +8356,264 @@ async function persistProxyFiles(files) {
 function applyProxyPaths(result, mapping) {
 	applyBrowserProxyPaths(result, mapping);
 }
-const browserHandlers = { "browser.request": async ({ params, respond, context }) => {
-	const typed = params;
-	const methodRaw = typeof typed.method === "string" ? typed.method.trim().toUpperCase() : "";
-	const path = typeof typed.path === "string" ? typed.path.trim() : "";
-	const query = typed.query && typeof typed.query === "object" ? typed.query : void 0;
-	const body = typed.body;
-	const timeoutMs = typeof typed.timeoutMs === "number" && Number.isFinite(typed.timeoutMs) ? Math.max(1, Math.floor(typed.timeoutMs)) : void 0;
-	if (!methodRaw || !path) {
-		respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "method and path are required"));
-		return;
+function toNodeSummary(node) {
+	return {
+		nodeId: node.nodeId,
+		displayName: node.displayName ?? null,
+		remoteIp: node.remoteIp ?? null
+	};
+}
+function hasValue(value) {
+	return typeof value === "string" && value.trim().length > 0;
+}
+function resolveGatewayAuthMode(cfg) {
+	const configuredMode = cfg.gateway?.auth?.mode;
+	if (configuredMode === "token" || configuredMode === "password" || configuredMode === "trusted-proxy") return configuredMode;
+	if (hasValue(cfg.gateway?.auth?.token)) return "token";
+	if (hasValue(cfg.gateway?.auth?.password)) return "password";
+	if (hasValue(cfg.gateway?.auth?.trustedProxy?.userHeader)) return "trusted-proxy";
+	return "none";
+}
+function resolveClientActor(client) {
+	const displayName = client?.connect?.client?.displayName;
+	if (typeof displayName === "string" && displayName.trim().length > 0) return displayName.trim();
+	const clientId = client?.connect?.client?.id;
+	if (typeof clientId === "string" && clientId.trim().length > 0) return clientId.trim();
+	const deviceId = client?.connect?.device?.id;
+	if (typeof deviceId === "string" && deviceId.trim().length > 0) return deviceId.trim();
+	return null;
+}
+function hasOperatorScope(client, scope) {
+	const scopes = Array.isArray(client?.connect?.scopes) ? client?.connect?.scopes : [];
+	return scopes.includes("operator.admin") || scopes.includes(scope);
+}
+function normalizeDesktopSessionTtl(input) {
+	if (typeof input !== "number" || !Number.isFinite(input)) return DESKTOP_CONTROL_DEFAULT_TTL_MS;
+	return Math.min(DESKTOP_CONTROL_MAX_TTL_MS, Math.max(DESKTOP_CONTROL_MIN_TTL_MS, Math.floor(input)));
+}
+function normalizeDesktopSessionReason(input) {
+	if (typeof input !== "string") return "Desktop control session";
+	const trimmed = input.trim();
+	if (!trimmed) return "Desktop control session";
+	return trimmed.slice(0, DESKTOP_CONTROL_MAX_REASON_LEN);
+}
+function normalizeDesktopSessionNote(input) {
+	if (typeof input !== "string") return null;
+	const trimmed = input.trim();
+	if (!trimmed) return null;
+	return trimmed.slice(0, DESKTOP_CONTROL_MAX_NOTE_LEN);
+}
+function hasDecisionRationale(note) {
+	return typeof note === "string" && note.length >= DESKTOP_CONTROL_MIN_DECISION_NOTE_LEN;
+}
+function isDesktopControlSessionState(value) {
+	return typeof value === "string" && DESKTOP_CONTROL_SESSION_STATES.includes(value);
+}
+function isDesktopControlApprovalDecision(value) {
+	return typeof value === "string" && DESKTOP_CONTROL_SESSION_DECISIONS.includes(value);
+}
+function isDesktopControlSessionRouteKind(value) {
+	return typeof value === "string" && DESKTOP_CONTROL_SESSION_ROUTE_KINDS.includes(value);
+}
+function isDesktopControlSessionRiskLevel(value) {
+	return typeof value === "string" && DESKTOP_CONTROL_SESSION_RISK_LEVELS.includes(value);
+}
+function parseDesktopSessionMethod(value) {
+	const method = value.trim().toUpperCase();
+	if (DESKTOP_CONTROL_ALLOWED_METHODS.includes(method)) return method;
+	return null;
+}
+function normalizeDesktopSessionAllowMethods(input) {
+	if (!Array.isArray(input)) return [...DESKTOP_CONTROL_DEFAULT_ALLOWED_METHODS];
+	const normalized = [];
+	for (const entry of input) {
+		if (typeof entry !== "string") continue;
+		const method = parseDesktopSessionMethod(entry);
+		if (method && !normalized.includes(method)) normalized.push(method);
 	}
-	if (methodRaw !== "GET" && methodRaw !== "POST" && methodRaw !== "DELETE") {
-		respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "method must be GET, POST, or DELETE"));
-		return;
+	if (normalized.length === 0) return [...DESKTOP_CONTROL_DEFAULT_ALLOWED_METHODS];
+	return normalized;
+}
+function normalizeDesktopSessionMaxRequests(input) {
+	if (typeof input !== "number" || !Number.isFinite(input)) return DESKTOP_CONTROL_DEFAULT_MAX_REQUESTS;
+	return Math.min(DESKTOP_CONTROL_MAX_MAX_REQUESTS, Math.max(DESKTOP_CONTROL_MIN_MAX_REQUESTS, Math.floor(input)));
+}
+function resolveDesktopSessionRisk(controls) {
+	const reasons = [];
+	if (controls.allowMethods.some((method) => method !== "GET")) reasons.push("write methods enabled (POST/DELETE)");
+	if (controls.maxRequests > DESKTOP_CONTROL_DEFAULT_MAX_REQUESTS) reasons.push(`request budget exceeds standard (${controls.maxRequests} > ${DESKTOP_CONTROL_DEFAULT_MAX_REQUESTS})`);
+	return {
+		level: reasons.length > 0 ? "elevated" : "standard",
+		reasons
+	};
+}
+function validateDesktopControlSessionCreateParams(params) {
+	if (params.reason !== void 0 && typeof params.reason !== "string") return errorShape(ErrorCodes.INVALID_REQUEST, `invalid reason: ${String(params.reason)}`, { details: { expectedType: "string" } });
+	if (params.ttlMs !== void 0) {
+		if (typeof params.ttlMs !== "number" || !Number.isFinite(params.ttlMs) || !Number.isInteger(params.ttlMs) || params.ttlMs < DESKTOP_CONTROL_MIN_TTL_MS || params.ttlMs > DESKTOP_CONTROL_MAX_TTL_MS) return errorShape(ErrorCodes.INVALID_REQUEST, `invalid ttlMs: ${String(params.ttlMs)}`, { details: {
+			minTtlMs: DESKTOP_CONTROL_MIN_TTL_MS,
+			maxTtlMs: DESKTOP_CONTROL_MAX_TTL_MS
+		} });
 	}
-	const cfg = loadConfig();
-	let nodeTarget = null;
-	try {
-		nodeTarget = resolveBrowserNodeTarget({
-			cfg,
-			nodes: context.nodeRegistry.listConnected()
+	if (params.nodeId !== void 0 && typeof params.nodeId !== "string") return errorShape(ErrorCodes.INVALID_REQUEST, `invalid nodeId: ${String(params.nodeId)}`, { details: { expectedType: "string" } });
+	if (typeof params.nodeId === "string" && !params.nodeId.trim()) return errorShape(ErrorCodes.INVALID_REQUEST, "invalid nodeId: must not be empty");
+	if (params.allowMethods !== void 0) {
+		if (!Array.isArray(params.allowMethods)) return errorShape(ErrorCodes.INVALID_REQUEST, `invalid allowMethods: ${String(params.allowMethods)}`, { details: {
+			expectedType: "string[]",
+			allowedMethods: DESKTOP_CONTROL_ALLOWED_METHODS
+		} });
+		if (params.allowMethods.length === 0) return errorShape(ErrorCodes.INVALID_REQUEST, "allowMethods must include at least one method", { details: { allowedMethods: DESKTOP_CONTROL_ALLOWED_METHODS } });
+		for (let i = 0; i < params.allowMethods.length; i += 1) {
+			const entry = params.allowMethods[i];
+			if (typeof entry !== "string") return errorShape(ErrorCodes.INVALID_REQUEST, `invalid allowMethods[${i}]: ${String(entry)}`, { details: {
+				expectedType: "string",
+				allowedMethods: DESKTOP_CONTROL_ALLOWED_METHODS
+			} });
+			if (!parseDesktopSessionMethod(entry)) return errorShape(ErrorCodes.INVALID_REQUEST, `invalid allowMethods[${i}]: ${entry.trim() || "<empty>"}`, { details: { allowedMethods: DESKTOP_CONTROL_ALLOWED_METHODS } });
+		}
+	}
+	if (params.maxRequests !== void 0) {
+		if (typeof params.maxRequests !== "number" || !Number.isFinite(params.maxRequests) || !Number.isInteger(params.maxRequests) || params.maxRequests < DESKTOP_CONTROL_MIN_MAX_REQUESTS || params.maxRequests > DESKTOP_CONTROL_MAX_MAX_REQUESTS) return errorShape(ErrorCodes.INVALID_REQUEST, `invalid maxRequests: ${String(params.maxRequests)}`, { details: {
+			minMaxRequests: DESKTOP_CONTROL_MIN_MAX_REQUESTS,
+			maxMaxRequests: DESKTOP_CONTROL_MAX_MAX_REQUESTS
+		} });
+	}
+	return null;
+}
+function appendDesktopControlAudit(session, event) {
+	const next = {
+		id: crypto.randomUUID(),
+		ts: typeof event.ts === "number" && Number.isFinite(event.ts) ? event.ts : Date.now(),
+		type: event.type,
+		actor: event.actor,
+		details: event.details
+	};
+	session.audit.push(next);
+	if (session.audit.length > DESKTOP_CONTROL_AUDIT_MAX_EVENTS) session.audit.splice(0, session.audit.length - DESKTOP_CONTROL_AUDIT_MAX_EVENTS);
+}
+function toDesktopControlSessionSnapshot(session, includeAudit = false) {
+	return {
+		id: session.id,
+		reason: session.reason,
+		createdAtMs: session.createdAtMs,
+		expiresAtMs: session.expiresAtMs,
+		state: session.state,
+		route: session.route.kind === "node" ? {
+			kind: "node",
+			node: { ...session.route.node }
+		} : session.route,
+		approval: { ...session.approval },
+		controls: {
+			allowMethods: [...session.controls.allowMethods],
+			maxRequests: session.controls.maxRequests
+		},
+		risk: {
+			level: session.risk.level,
+			reasons: [...session.risk.reasons]
+		},
+		requestCount: session.requestCount,
+		lastRequestAtMs: session.lastRequestAtMs,
+		closedAtMs: session.closedAtMs,
+		audit: includeAudit ? session.audit.map((entry) => ({ ...entry })) : void 0
+	};
+}
+function broadcastDesktopControlSessionEvent(params) {
+	const latestAudit = params.session.audit[params.session.audit.length - 1];
+	params.context.broadcast("desktop.control.session.updated", {
+		ts: Date.now(),
+		action: params.action,
+		actor: params.actor,
+		details: params.details,
+		session: toDesktopControlSessionSnapshot(params.session, false),
+		latestAudit: latestAudit ? { ...latestAudit } : null
+	}, { dropIfSlow: true });
+}
+function pruneDesktopControlSessions(params) {
+	const now = params?.now ?? Date.now();
+	const context = params?.context;
+	for (const session of desktopControlSessions.values()) if ((session.state === "pending_approval" || session.state === "active") && session.expiresAtMs <= now) {
+		session.state = "expired";
+		session.closedAtMs = now;
+		appendDesktopControlAudit(session, {
+			type: "session.expired",
+			actor: "system"
+		});
+		if (context) broadcastDesktopControlSessionEvent({
+			context,
+			action: "expired",
+			session,
+			actor: "system"
 		});
-	} catch (err) {
-		respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(err)));
-		return;
 	}
+	for (const [id, session] of desktopControlSessions.entries()) if ((session.state === "closed" || session.state === "denied" || session.state === "expired") && session.closedAtMs && now - session.closedAtMs > DESKTOP_CONTROL_RETENTION_MS) desktopControlSessions.delete(id);
+}
+function normalizeBrowserRequest(params) {
+	const methodRaw = typeof params.method === "string" ? params.method.trim().toUpperCase() : "";
+	const path = typeof params.path === "string" ? params.path.trim() : "";
+	const queryRaw = params.query;
+	const body = params.body;
+	const timeoutRaw = params.timeoutMs;
+	if (!methodRaw || !path) return {
+		ok: false,
+		error: errorShape(ErrorCodes.INVALID_REQUEST, "method and path are required")
+	};
+	if (methodRaw !== "GET" && methodRaw !== "POST" && methodRaw !== "DELETE") return {
+		ok: false,
+		error: errorShape(ErrorCodes.INVALID_REQUEST, "method must be GET, POST, or DELETE")
+	};
+	if (!path.startsWith("/")) return {
+		ok: false,
+		error: errorShape(ErrorCodes.INVALID_REQUEST, "path must start with /")
+	};
+	if (queryRaw !== void 0) {
+		if (!isPlainObjectRecord(queryRaw)) return {
+			ok: false,
+			error: errorShape(ErrorCodes.INVALID_REQUEST, `invalid query: ${String(queryRaw)}`, { details: { expectedType: "object" } })
+		};
+		const queryIssue = findFirstJsonSerializationIssue(queryRaw, "query");
+		if (queryIssue) return {
+			ok: false,
+			error: errorShape(ErrorCodes.INVALID_REQUEST, `invalid query: non-json-serializable value at ${queryIssue.path}`, { details: {
+				expectedType: "json-serializable",
+				actualType: queryIssue.actualType,
+				path: queryIssue.path
+			} })
+		};
+	}
+	if (body !== void 0) {
+		const bodyIssue = findFirstJsonSerializationIssue(body, "body");
+		if (bodyIssue) return {
+			ok: false,
+			error: errorShape(ErrorCodes.INVALID_REQUEST, `invalid body: non-json-serializable value at ${bodyIssue.path}`, { details: {
+				expectedType: "json-serializable",
+				actualType: bodyIssue.actualType,
+				path: bodyIssue.path
+			} })
+		};
+	}
+	if (timeoutRaw !== void 0) {
+		if (typeof timeoutRaw !== "number" || !Number.isFinite(timeoutRaw) || !Number.isInteger(timeoutRaw) || timeoutRaw < BROWSER_REQUEST_MIN_TIMEOUT_MS || timeoutRaw > BROWSER_REQUEST_MAX_TIMEOUT_MS) return {
+			ok: false,
+			error: errorShape(ErrorCodes.INVALID_REQUEST, `invalid timeoutMs: ${String(timeoutRaw)}`, { details: {
+				expectedType: "integer",
+				minTimeoutMs: BROWSER_REQUEST_MIN_TIMEOUT_MS,
+				maxTimeoutMs: BROWSER_REQUEST_MAX_TIMEOUT_MS
+			} })
+		};
+	}
+	return {
+		ok: true,
+		request: {
+			methodRaw,
+			path,
+			query: queryRaw,
+			body,
+			timeoutMs: typeof timeoutRaw === "number" ? Math.floor(timeoutRaw) : void 0
+		}
+	};
+}
+async function dispatchBrowserRequest(params) {
+	const { cfg, request, context, nodeTarget } = params;
 	if (nodeTarget) {
 		const allowlist = resolveNodeCommandAllowlist(cfg, nodeTarget);
 		const allowed = isNodeCommandAllowed({
@@ -8342,67 +8621,1025 @@ const browserHandlers = { "browser.request": async ({ params, respond, context }
 			declaredCommands: nodeTarget.commands,
 			allowlist
 		});
-		if (!allowed.ok) {
-			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "node command not allowed", { details: {
+		if (!allowed.ok) return {
+			ok: false,
+			route: "node",
+			nodeId: nodeTarget.nodeId,
+			status: 403,
+			error: errorShape(ErrorCodes.INVALID_REQUEST, "node command not allowed", { details: {
 				reason: allowed.reason,
 				command: "browser.proxy"
-			} }));
-			return;
-		}
+			} })
+		};
 		const proxyParams = {
-			method: methodRaw,
-			path,
-			query,
-			body,
-			timeoutMs,
-			profile: typeof query?.profile === "string" ? query.profile : void 0
+			method: request.methodRaw,
+			path: request.path,
+			query: request.query,
+			body: request.body,
+			timeoutMs: request.timeoutMs,
+			profile: typeof request.query?.profile === "string" ? request.query.profile : void 0
 		};
 		const res = await context.nodeRegistry.invoke({
 			nodeId: nodeTarget.nodeId,
 			command: "browser.proxy",
 			params: proxyParams,
-			timeoutMs,
+			timeoutMs: request.timeoutMs,
 			idempotencyKey: crypto.randomUUID()
 		});
-		if (!res.ok) {
-			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, res.error?.message ?? "node invoke failed", { details: { nodeError: res.error ?? null } }));
-			return;
-		}
+		if (!res.ok) return {
+			ok: false,
+			route: "node",
+			nodeId: nodeTarget.nodeId,
+			status: 503,
+			error: errorShape(ErrorCodes.UNAVAILABLE, res.error?.message ?? "node invoke failed", { details: { nodeError: res.error ?? null } })
+		};
 		const payload = res.payloadJSON ? safeParseJson(res.payloadJSON) : res.payload;
 		const proxy = payload && typeof payload === "object" ? payload : null;
-		if (!proxy || !("result" in proxy)) {
-			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, "browser proxy failed"));
-			return;
-		}
+		if (!proxy || !("result" in proxy)) return {
+			ok: false,
+			route: "node",
+			nodeId: nodeTarget.nodeId,
+			status: 503,
+			error: errorShape(ErrorCodes.UNAVAILABLE, "browser proxy failed")
+		};
 		const mapping = await persistProxyFiles(proxy.files);
 		applyProxyPaths(proxy.result, mapping);
-		respond(true, proxy.result);
-		return;
-	}
-	if (!await startBrowserControlServiceFromConfig()) {
-		respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, "browser control is disabled"));
-		return;
+		return {
+			ok: true,
+			route: "node",
+			nodeId: nodeTarget.nodeId,
+			status: 200,
+			payload: proxy.result
+		};
 	}
+	if (!await startBrowserControlServiceFromConfig()) return {
+		ok: false,
+		route: "local",
+		nodeId: null,
+		status: 503,
+		error: errorShape(ErrorCodes.UNAVAILABLE, "browser control is disabled")
+	};
 	let dispatcher;
 	try {
 		dispatcher = createBrowserRouteDispatcher(createBrowserControlContext());
 	} catch (err) {
-		respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(err)));
-		return;
+		return {
+			ok: false,
+			route: "local",
+			nodeId: null,
+			status: 503,
+			error: errorShape(ErrorCodes.UNAVAILABLE, String(err))
+		};
 	}
 	const result = await dispatcher.dispatch({
-		method: methodRaw,
-		path,
-		query,
-		body
+		method: request.methodRaw,
+		path: request.path,
+		query: request.query,
+		body: request.body
 	});
 	if (result.status >= 400) {
 		const message = result.body && typeof result.body === "object" && "error" in result.body ? String(result.body.error) : `browser request failed (${result.status})`;
-		respond(false, void 0, errorShape(result.status >= 500 ? ErrorCodes.UNAVAILABLE : ErrorCodes.INVALID_REQUEST, message, { details: result.body }));
-		return;
+		const code = result.status >= 500 ? ErrorCodes.UNAVAILABLE : ErrorCodes.INVALID_REQUEST;
+		return {
+			ok: false,
+			route: "local",
+			nodeId: null,
+			status: result.status,
+			error: errorShape(code, message, { details: result.body })
+		};
+	}
+	return {
+		ok: true,
+		route: "local",
+		nodeId: null,
+		status: result.status,
+		payload: result.body
+	};
+}
+function resolveDesktopSessionNodeTarget(params) {
+	if (params.session.route.kind !== "node") return null;
+	return params.nodes.find((node) => node.nodeId === params.session.route.node.nodeId && isBrowserNode(node)) ?? null;
+}
+function ensureDesktopSessionExists(idRaw) {
+	if (idRaw !== void 0 && typeof idRaw !== "string") return {
+		ok: false,
+		error: errorShape(ErrorCodes.INVALID_REQUEST, `invalid id: ${String(idRaw)}`, { details: { expectedType: "string" } })
+	};
+	const id = typeof idRaw === "string" ? idRaw.trim() : "";
+	if (!id) return {
+		ok: false,
+		error: errorShape(ErrorCodes.INVALID_REQUEST, "id is required")
+	};
+	const session = desktopControlSessions.get(id);
+	if (!session) return {
+		ok: false,
+		error: errorShape(ErrorCodes.INVALID_REQUEST, "unknown desktop control session id")
+	};
+	return {
+		ok: true,
+		session
+	};
+}
+function toParamValueType(value) {
+	if (value === null) return "null";
+	if (Array.isArray(value)) return "array";
+	return typeof value;
+}
+function isPlainObjectRecord(value) {
+	if (!value || typeof value !== "object" || Array.isArray(value)) return false;
+	const proto = Object.getPrototypeOf(value);
+	return proto === Object.prototype || proto === null;
+}
+function appendJsonPath(basePath, segment) {
+	if (/^[A-Za-z_$][A-Za-z0-9_$]*$/.test(segment)) return `${basePath}.${segment}`;
+	return `${basePath}[${JSON.stringify(segment)}]`;
+}
+function findFirstJsonSerializationIssue(value, path, seen = /* @__PURE__ */ new Set()) {
+	if (value === null) return null;
+	const valueType = typeof value;
+	if (valueType === "number") {
+		if (!Number.isFinite(value)) return {
+			path,
+			actualType: "number(non-finite)"
+		};
+		return null;
+	}
+	if (valueType === "string" || valueType === "boolean") return null;
+	if (valueType === "undefined" || valueType === "function" || valueType === "symbol" || valueType === "bigint") return {
+		path,
+		actualType: valueType
+	};
+	if (Array.isArray(value)) {
+		if (seen.has(value)) return {
+			path,
+			actualType: "circular"
+		};
+		seen.add(value);
+		for (let i = 0; i < value.length; i += 1) {
+			const nestedIssue = findFirstJsonSerializationIssue(value[i], `${path}[${i}]`, seen);
+			if (nestedIssue) {
+				seen.delete(value);
+				return nestedIssue;
+			}
+		}
+		seen.delete(value);
+		return null;
+	}
+	if (!value || typeof value !== "object") return {
+		path,
+		actualType: valueType
+	};
+	if (!isPlainObjectRecord(value)) return {
+		path,
+		actualType: toParamValueType(value)
+	};
+	if (seen.has(value)) return {
+		path,
+		actualType: "circular"
+	};
+	seen.add(value);
+	for (const [key, entry] of Object.entries(value)) {
+		const nestedIssue = findFirstJsonSerializationIssue(entry, appendJsonPath(path, key), seen);
+		if (nestedIssue) {
+			seen.delete(value);
+			return nestedIssue;
+		}
+	}
+	seen.delete(value);
+	return null;
+}
+function normalizeObjectParams(params) {
+	if (params === void 0 || params === null) return {
+		ok: true,
+		value: {}
+	};
+	if (!isPlainObjectRecord(params)) return {
+		ok: false,
+		error: errorShape(ErrorCodes.INVALID_REQUEST, "invalid params: expected object", { details: {
+			expectedType: "object",
+			actualType: toParamValueType(params)
+		} })
+	};
+	return {
+		ok: true,
+		value: params
+	};
+}
+function buildBrowserCapabilitiesSnapshot(params) {
+	const browserEnabled = params.cfg.browser?.enabled !== false;
+	const evaluateEnabled = browserEnabled && params.cfg.browser?.evaluateEnabled !== false;
+	const mode = params.cfg.gateway?.nodes?.browser?.mode ?? "auto";
+	const pinnedNode = hasValue(params.cfg.gateway?.nodes?.browser?.node) ? String(params.cfg.gateway?.nodes?.browser?.node).trim() : null;
+	const availableNodes = params.nodes.filter((node) => isBrowserNode(node)).map(toNodeSummary);
+	const authMode = resolveGatewayAuthMode(params.cfg);
+	const authConfigured = hasValue(params.cfg.gateway?.auth?.token) || hasValue(params.cfg.gateway?.auth?.password) || authMode === "trusted-proxy";
+	let selectedNode = null;
+	let routingError = null;
+	try {
+		selectedNode = resolveBrowserNodeTarget(params);
+	} catch (error) {
+		routingError = String(error);
+	}
+	const activeRoute = !browserEnabled || mode === "off" ? "disabled" : routingError ? "error" : selectedNode ? "node" : "local";
+	const warnings = [];
+	if (browserEnabled && !authConfigured) warnings.push("Browser control is enabled without gateway auth. Configure gateway.auth.token or gateway.auth.password.");
+	if (mode === "manual" && !pinnedNode) warnings.push("Browser node routing is set to manual but no gateway.nodes.browser.node is pinned; routing will fall back to local browser control.");
+	if (availableNodes.length > 1 && mode === "auto" && !pinnedNode && !selectedNode) warnings.push("Multiple browser-capable nodes are connected; set gateway.nodes.browser.node to pin a target.");
+	if (routingError) warnings.push(routingError);
+	return {
+		browserEnabled,
+		evaluateEnabled,
+		auth: {
+			configured: authConfigured,
+			mode: authMode
+		},
+		routing: {
+			mode,
+			pinnedNode,
+			activeRoute,
+			selectedNode: selectedNode ? toNodeSummary(selectedNode) : null,
+			availableNodes,
+			error: routingError
+		},
+		warnings
+	};
+}
+const browserHandlers = {
+	"browser.capabilities.get": async ({ respond, context }) => {
+		try {
+			respond(true, buildBrowserCapabilitiesSnapshot({
+				cfg: loadConfig(),
+				nodes: context.nodeRegistry.listConnected()
+			}));
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"browser.request": async ({ params, respond, context }) => {
+		const normalized = normalizeBrowserRequest(params);
+		if (!normalized.ok) {
+			respond(false, void 0, normalized.error);
+			return;
+		}
+		const cfg = loadConfig();
+		let nodeTarget = null;
+		try {
+			nodeTarget = resolveBrowserNodeTarget({
+				cfg,
+				nodes: context.nodeRegistry.listConnected()
+			});
+		} catch (err) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(err)));
+			return;
+		}
+		const result = await dispatchBrowserRequest({
+			cfg,
+			request: normalized.request,
+			context,
+			nodeTarget
+		});
+		if (!result.ok) {
+			respond(false, void 0, result.error);
+			return;
+		}
+		respond(true, result.payload);
+	},
+	"desktop.control.session.create": async ({ params, respond, context, client }) => {
+		pruneDesktopControlSessions({ context });
+		if (!hasOperatorScope(client, "operator.write")) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.write"));
+			return;
+		}
+		const normalizedParams = normalizeObjectParams(params);
+		if (!normalizedParams.ok) {
+			respond(false, void 0, normalizedParams.error);
+			return;
+		}
+		const typed = normalizedParams.value;
+		const createValidationError = validateDesktopControlSessionCreateParams(typed);
+		if (createValidationError) {
+			respond(false, void 0, createValidationError);
+			return;
+		}
+		const cfg = loadConfig();
+		const connectedNodes = context.nodeRegistry.listConnected();
+		const browserNodes = connectedNodes.filter((node) => isBrowserNode(node));
+		const requestedNodeId = typeof typed.nodeId === "string" ? typed.nodeId.trim() : "";
+		const reason = normalizeDesktopSessionReason(typed.reason);
+		const ttlMs = normalizeDesktopSessionTtl(typed.ttlMs);
+		const allowMethods = normalizeDesktopSessionAllowMethods(typed.allowMethods);
+		const maxRequests = normalizeDesktopSessionMaxRequests(typed.maxRequests);
+		const risk = resolveDesktopSessionRisk({
+			allowMethods,
+			maxRequests
+		});
+		const now = Date.now();
+		const actor = resolveClientActor(client);
+		const snapshot = buildBrowserCapabilitiesSnapshot({
+			cfg,
+			nodes: connectedNodes
+		});
+		if (!snapshot.browserEnabled || snapshot.routing.mode === "off") {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, "browser control is disabled"));
+			return;
+		}
+		let routeNode = null;
+		try {
+			if (requestedNodeId) {
+				routeNode = resolveBrowserNode(browserNodes, requestedNodeId);
+				if (!routeNode) {
+					respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `requested browser node is not connected: ${requestedNodeId}`));
+					return;
+				}
+			} else routeNode = resolveBrowserNodeTarget({
+				cfg,
+				nodes: connectedNodes
+			});
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+			return;
+		}
+		const id = crypto.randomUUID();
+		const session = {
+			id,
+			reason,
+			createdAtMs: now,
+			expiresAtMs: now + ttlMs,
+			state: "pending_approval",
+			route: routeNode ? {
+				kind: "node",
+				node: toNodeSummary(routeNode)
+			} : {
+				kind: "local",
+				node: null
+			},
+			approval: {
+				required: true,
+				decision: "pending",
+				requestedAtMs: now,
+				requestedBy: actor,
+				decidedAtMs: null,
+				decidedBy: null,
+				note: null
+			},
+			controls: {
+				allowMethods,
+				maxRequests
+			},
+			risk,
+			requestCount: 0,
+			inFlightRequestCount: 0,
+			lastRequestAtMs: null,
+			closedAtMs: null,
+			audit: []
+		};
+		appendDesktopControlAudit(session, {
+			type: "session.created",
+			actor,
+			details: {
+				reason: session.reason,
+				route: session.route.kind,
+				nodeId: session.route.kind === "node" ? session.route.node.nodeId : null,
+				expiresAtMs: session.expiresAtMs,
+				allowMethods: session.controls.allowMethods,
+				maxRequests: session.controls.maxRequests,
+				riskLevel: session.risk.level,
+				riskReasons: session.risk.reasons
+			}
+		});
+		desktopControlSessions.set(id, session);
+		broadcastDesktopControlSessionEvent({
+			context,
+			action: "created",
+			session,
+			actor
+		});
+		respond(true, toDesktopControlSessionSnapshot(session, true));
+	},
+	"desktop.control.session.list": async ({ params, respond, context, client }) => {
+		pruneDesktopControlSessions({ context });
+		if (!hasOperatorScope(client, "operator.read")) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.read"));
+			return;
+		}
+		const normalizedParams = normalizeObjectParams(params);
+		if (!normalizedParams.ok) {
+			respond(false, void 0, normalizedParams.error);
+			return;
+		}
+		const typed = normalizedParams.value;
+		const includeAuditRaw = typed.includeAudit;
+		if (includeAuditRaw !== void 0 && typeof includeAuditRaw !== "boolean") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid includeAudit filter: ${String(includeAuditRaw)}`, { details: { expectedType: "boolean" } }));
+			return;
+		}
+		const includeAudit = includeAuditRaw === true;
+		const stateInput = typed.state;
+		if (stateInput !== void 0 && typeof stateInput !== "string") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid state filter: ${String(stateInput)}`, { details: { allowedStates: DESKTOP_CONTROL_SESSION_STATES } }));
+			return;
+		}
+		const stateRawInput = typeof stateInput === "string" ? stateInput.trim() : "";
+		const stateRaw = stateRawInput ? stateRawInput.toLowerCase() : "";
+		if (stateRaw && !isDesktopControlSessionState(stateRaw)) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid state filter: ${stateRawInput}`, { details: { allowedStates: DESKTOP_CONTROL_SESSION_STATES } }));
+			return;
+		}
+		const decisionInput = typed.decision;
+		if (decisionInput !== void 0 && typeof decisionInput !== "string") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid decision filter: ${String(decisionInput)}`, { details: { allowedDecisions: DESKTOP_CONTROL_SESSION_DECISIONS } }));
+			return;
+		}
+		const decisionRawInput = typeof decisionInput === "string" ? decisionInput.trim() : "";
+		const decisionRaw = decisionRawInput ? decisionRawInput.toLowerCase() : "";
+		if (decisionRaw && !isDesktopControlApprovalDecision(decisionRaw)) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid decision filter: ${decisionRawInput}`, { details: { allowedDecisions: DESKTOP_CONTROL_SESSION_DECISIONS } }));
+			return;
+		}
+		const routeInput = typed.route;
+		if (routeInput !== void 0 && typeof routeInput !== "string") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid route filter: ${String(routeInput)}`, { details: { allowedRouteKinds: DESKTOP_CONTROL_SESSION_ROUTE_KINDS } }));
+			return;
+		}
+		const routeRawInput = typeof routeInput === "string" ? routeInput.trim() : "";
+		const routeRaw = routeRawInput ? routeRawInput.toLowerCase() : "";
+		if (routeRaw && !isDesktopControlSessionRouteKind(routeRaw)) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid route filter: ${routeRawInput}`, { details: { allowedRouteKinds: DESKTOP_CONTROL_SESSION_ROUTE_KINDS } }));
+			return;
+		}
+		const riskLevelInput = typed.riskLevel;
+		if (riskLevelInput !== void 0 && typeof riskLevelInput !== "string") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid riskLevel filter: ${String(riskLevelInput)}`, { details: { allowedRiskLevels: DESKTOP_CONTROL_SESSION_RISK_LEVELS } }));
+			return;
+		}
+		const riskLevelRawInput = typeof riskLevelInput === "string" ? riskLevelInput.trim() : "";
+		const riskLevelRaw = riskLevelRawInput ? riskLevelRawInput.toLowerCase() : "";
+		if (riskLevelRaw && !isDesktopControlSessionRiskLevel(riskLevelRaw)) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid riskLevel filter: ${riskLevelRawInput}`, { details: { allowedRiskLevels: DESKTOP_CONTROL_SESSION_RISK_LEVELS } }));
+			return;
+		}
+		const nodeIdInput = typed.nodeId;
+		if (nodeIdInput !== void 0 && typeof nodeIdInput !== "string") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid nodeId filter: ${String(nodeIdInput)}`));
+			return;
+		}
+		const nodeIdRawInput = typeof nodeIdInput === "string" ? nodeIdInput.trim() : "";
+		const nodeIdFilterKey = nodeIdRawInput ? normalizeNodeKey(nodeIdRawInput) : "";
+		if (nodeIdRawInput && !nodeIdFilterKey) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid nodeId filter: ${nodeIdRawInput}`));
+			return;
+		}
+		if (routeRaw === "local" && nodeIdRawInput) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "nodeId filter requires route=node (or omit route to match node-routed sessions)"));
+			return;
+		}
+		const limitRaw = typed.limit;
+		if (limitRaw !== void 0) {
+			if (typeof limitRaw !== "number" || !Number.isInteger(limitRaw) || limitRaw < DESKTOP_CONTROL_LIST_MIN_LIMIT || limitRaw > DESKTOP_CONTROL_LIST_MAX_LIMIT) {
+				respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid limit filter: ${String(limitRaw)}`, { details: {
+					minLimit: DESKTOP_CONTROL_LIST_MIN_LIMIT,
+					maxLimit: DESKTOP_CONTROL_LIST_MAX_LIMIT
+				} }));
+				return;
+			}
+		}
+		const offsetRaw = typed.offset;
+		if (offsetRaw !== void 0) {
+			if (typeof offsetRaw !== "number" || !Number.isInteger(offsetRaw) || offsetRaw < DESKTOP_CONTROL_LIST_MIN_OFFSET || offsetRaw > DESKTOP_CONTROL_LIST_MAX_OFFSET) {
+				respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid offset filter: ${String(offsetRaw)}`, { details: {
+					minOffset: DESKTOP_CONTROL_LIST_MIN_OFFSET,
+					maxOffset: DESKTOP_CONTROL_LIST_MAX_OFFSET
+				} }));
+				return;
+			}
+		}
+		const state = stateRaw || void 0;
+		const decision = decisionRaw || void 0;
+		const route = routeRaw || void 0;
+		const riskLevel = riskLevelRaw || void 0;
+		const nodeId = nodeIdFilterKey || void 0;
+		const limit = typeof limitRaw === "number" ? limitRaw : void 0;
+		const offset = typeof offsetRaw === "number" ? offsetRaw : 0;
+		const filtered = Array.from(desktopControlSessions.values()).filter((entry) => {
+			if (state && entry.state !== state) return false;
+			if (decision && entry.approval.decision !== decision) return false;
+			if (route && entry.route.kind !== route) return false;
+			if (riskLevel && entry.risk.level !== riskLevel) return false;
+			if (nodeId && (entry.route.kind !== "node" || normalizeNodeKey(entry.route.node.nodeId) !== nodeId)) return false;
+			return true;
+		}).toSorted((a, b) => b.createdAtMs - a.createdAtMs);
+		const total = filtered.length;
+		const sliceEnd = limit === void 0 ? void 0 : offset + limit;
+		const sessions = filtered.slice(offset, sliceEnd).map((entry) => toDesktopControlSessionSnapshot(entry, includeAudit));
+		const returned = sessions.length;
+		const hasMore = offset + returned < total;
+		respond(true, {
+			ts: Date.now(),
+			total,
+			returned,
+			offset,
+			nextOffset: hasMore ? offset + returned : null,
+			truncated: offset > 0 || hasMore,
+			sessions
+		});
+	},
+	"desktop.control.session.get": async ({ params, respond, context, client }) => {
+		pruneDesktopControlSessions({ context });
+		if (!hasOperatorScope(client, "operator.read")) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.read"));
+			return;
+		}
+		const normalizedParams = normalizeObjectParams(params);
+		if (!normalizedParams.ok) {
+			respond(false, void 0, normalizedParams.error);
+			return;
+		}
+		const typed = normalizedParams.value;
+		const includeAuditRaw = typed.includeAudit;
+		if (includeAuditRaw !== void 0 && typeof includeAuditRaw !== "boolean") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid includeAudit filter: ${String(includeAuditRaw)}`, { details: { expectedType: "boolean" } }));
+			return;
+		}
+		const found = ensureDesktopSessionExists(typed.id);
+		if (!found.ok) {
+			respond(false, void 0, found.error);
+			return;
+		}
+		respond(true, toDesktopControlSessionSnapshot(found.session, includeAuditRaw === true));
+	},
+	"desktop.control.session.approve": async ({ params, respond, client, context }) => {
+		pruneDesktopControlSessions({ context });
+		if (!hasOperatorScope(client, "operator.approvals")) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.approvals"));
+			return;
+		}
+		const normalizedParams = normalizeObjectParams(params);
+		if (!normalizedParams.ok) {
+			respond(false, void 0, normalizedParams.error);
+			return;
+		}
+		const typed = normalizedParams.value;
+		const found = ensureDesktopSessionExists(typed.id);
+		if (!found.ok) {
+			respond(false, void 0, found.error);
+			return;
+		}
+		const session = found.session;
+		if (session.state !== "pending_approval") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `session is not pending approval (state: ${session.state})`, { details: {
+				state: session.state,
+				decision: session.approval.decision,
+				expiresAtMs: session.expiresAtMs
+			} }));
+			return;
+		}
+		if (session.expiresAtMs <= Date.now()) {
+			session.state = "expired";
+			session.closedAtMs = Date.now();
+			appendDesktopControlAudit(session, {
+				type: "session.expired",
+				actor: "system"
+			});
+			broadcastDesktopControlSessionEvent({
+				context,
+				action: "expired",
+				session,
+				actor: "system"
+			});
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "session has expired", { details: {
+				state: session.state,
+				decision: session.approval.decision,
+				expiresAtMs: session.expiresAtMs
+			} }));
+			return;
+		}
+		const decisionRaw = typeof typed.decision === "string" ? typed.decision.trim().toLowerCase() : "";
+		if (decisionRaw !== "allow" && decisionRaw !== "deny") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "decision must be allow or deny"));
+			return;
+		}
+		if (decisionRaw === "allow" && session.route.kind === "node") {
+			if (!resolveDesktopSessionNodeTarget({
+				session,
+				nodes: context.nodeRegistry.listConnected()
+			})) {
+				respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, `pinned browser node is not connected: ${session.route.node.nodeId}`, { details: {
+					nodeId: session.route.node.nodeId,
+					state: session.state,
+					decision: session.approval.decision,
+					expiresAtMs: session.expiresAtMs,
+					requestCount: session.requestCount,
+					maxRequests: session.controls.maxRequests
+				} }));
+				return;
+			}
+		}
+		if (typed.note !== void 0 && typeof typed.note !== "string") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid note: ${String(typed.note)}`, { details: { expectedType: "string" } }));
+			return;
+		}
+		const note = normalizeDesktopSessionNote(typed.note);
+		if (decisionRaw === "allow" && session.risk.level === "elevated" && !hasDecisionRationale(note)) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `note must be at least ${DESKTOP_CONTROL_MIN_DECISION_NOTE_LEN} characters when approving elevated-risk desktop control sessions`, { details: {
+				riskLevel: session.risk.level,
+				riskReasons: session.risk.reasons,
+				minNoteLength: DESKTOP_CONTROL_MIN_DECISION_NOTE_LEN
+			} }));
+			return;
+		}
+		if (decisionRaw === "deny" && !hasDecisionRationale(note)) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `note must be at least ${DESKTOP_CONTROL_MIN_DECISION_NOTE_LEN} characters when denying desktop control sessions`, { details: { minNoteLength: DESKTOP_CONTROL_MIN_DECISION_NOTE_LEN } }));
+			return;
+		}
+		const actor = resolveClientActor(client);
+		const now = Date.now();
+		session.approval.decision = decisionRaw;
+		session.approval.decidedAtMs = now;
+		session.approval.decidedBy = actor;
+		session.approval.note = note;
+		session.state = decisionRaw === "allow" ? "active" : "denied";
+		if (session.state === "denied") session.closedAtMs = now;
+		appendDesktopControlAudit(session, {
+			type: decisionRaw === "allow" ? "session.approved" : "session.denied",
+			actor,
+			details: { note: session.approval.note }
+		});
+		broadcastDesktopControlSessionEvent({
+			context,
+			action: decisionRaw === "allow" ? "approved" : "denied",
+			session,
+			actor,
+			details: { note: session.approval.note }
+		});
+		respond(true, toDesktopControlSessionSnapshot(session, true));
+	},
+	"desktop.control.session.close": async ({ params, respond, client, context }) => {
+		pruneDesktopControlSessions({ context });
+		if (!hasOperatorScope(client, "operator.write")) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.write"));
+			return;
+		}
+		const normalizedParams = normalizeObjectParams(params);
+		if (!normalizedParams.ok) {
+			respond(false, void 0, normalizedParams.error);
+			return;
+		}
+		const typed = normalizedParams.value;
+		const found = ensureDesktopSessionExists(typed.id);
+		if (!found.ok) {
+			respond(false, void 0, found.error);
+			return;
+		}
+		const session = found.session;
+		if (session.state === "closed" || session.state === "denied" || session.state === "expired") {
+			respond(true, toDesktopControlSessionSnapshot(session, true));
+			return;
+		}
+		if (typed.note !== void 0 && typeof typed.note !== "string") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `invalid note: ${String(typed.note)}`, { details: { expectedType: "string" } }));
+			return;
+		}
+		const note = normalizeDesktopSessionNote(typed.note);
+		const actor = resolveClientActor(client);
+		if (session.state === "pending_approval" && !hasDecisionRationale(note)) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `note must be at least ${DESKTOP_CONTROL_MIN_DECISION_NOTE_LEN} characters when manually closing pending desktop control sessions`, { details: { minNoteLength: DESKTOP_CONTROL_MIN_DECISION_NOTE_LEN } }));
+			return;
+		}
+		if (session.state === "active" && !hasDecisionRationale(note)) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `note must be at least ${DESKTOP_CONTROL_MIN_DECISION_NOTE_LEN} characters when manually closing active desktop control sessions`, { details: { minNoteLength: DESKTOP_CONTROL_MIN_DECISION_NOTE_LEN } }));
+			return;
+		}
+		const now = Date.now();
+		if (session.state === "pending_approval") {
+			session.approval.decision = "deny";
+			session.approval.decidedAtMs = now;
+			session.approval.decidedBy = actor;
+			session.approval.note = note;
+		}
+		session.state = "closed";
+		session.closedAtMs = now;
+		appendDesktopControlAudit(session, {
+			type: "session.closed",
+			actor,
+			details: { note }
+		});
+		broadcastDesktopControlSessionEvent({
+			context,
+			action: "closed",
+			session,
+			actor,
+			details: { note }
+		});
+		respond(true, toDesktopControlSessionSnapshot(session, true));
+	},
+	"desktop.control.session.request": async ({ params, respond, client, context }) => {
+		pruneDesktopControlSessions({ context });
+		if (!hasOperatorScope(client, "operator.write")) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.write"));
+			return;
+		}
+		const normalizedParams = normalizeObjectParams(params);
+		if (!normalizedParams.ok) {
+			respond(false, void 0, normalizedParams.error);
+			return;
+		}
+		const typed = normalizedParams.value;
+		const found = ensureDesktopSessionExists(typed.id);
+		if (!found.ok) {
+			respond(false, void 0, found.error);
+			return;
+		}
+		const session = found.session;
+		if (session.state === "expired") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "session has expired", { details: {
+				state: session.state,
+				decision: session.approval.decision,
+				expiresAtMs: session.expiresAtMs
+			} }));
+			return;
+		}
+		if (session.state === "closed" && session.approval.decision === "allow" && session.requestCount >= session.controls.maxRequests) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `session request budget exhausted (${session.controls.maxRequests})`, { details: {
+				state: session.state,
+				decision: session.approval.decision,
+				requestCount: session.requestCount,
+				inFlightRequests: session.inFlightRequestCount,
+				maxRequests: session.controls.maxRequests,
+				expiresAtMs: session.expiresAtMs
+			} }));
+			return;
+		}
+		if (session.state !== "active" || session.approval.decision !== "allow") {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `session is not approved (state: ${session.state}, decision: ${session.approval.decision})`, { details: {
+				state: session.state,
+				decision: session.approval.decision
+			} }));
+			return;
+		}
+		if (session.expiresAtMs <= Date.now()) {
+			session.state = "expired";
+			session.closedAtMs = Date.now();
+			appendDesktopControlAudit(session, {
+				type: "session.expired",
+				actor: "system"
+			});
+			broadcastDesktopControlSessionEvent({
+				context,
+				action: "expired",
+				session,
+				actor: "system"
+			});
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "session has expired", { details: {
+				state: session.state,
+				decision: session.approval.decision,
+				expiresAtMs: session.expiresAtMs
+			} }));
+			return;
+		}
+		const normalized = normalizeBrowserRequest(typed);
+		if (!normalized.ok) {
+			respond(false, void 0, normalized.error);
+			return;
+		}
+		const actor = resolveClientActor(client);
+		if (!session.controls.allowMethods.includes(normalized.request.methodRaw)) {
+			appendDesktopControlAudit(session, {
+				type: "request.error",
+				actor,
+				details: {
+					reason: "method not allowed",
+					method: normalized.request.methodRaw,
+					allowedMethods: session.controls.allowMethods
+				}
+			});
+			broadcastDesktopControlSessionEvent({
+				context,
+				action: "request_error",
+				session,
+				actor,
+				details: {
+					reason: "method not allowed",
+					method: normalized.request.methodRaw,
+					allowedMethods: [...session.controls.allowMethods]
+				}
+			});
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `method is not allowed for this session: ${normalized.request.methodRaw}`, { details: { allowedMethods: session.controls.allowMethods } }));
+			return;
+		}
+		if (session.requestCount >= session.controls.maxRequests) {
+			session.state = "closed";
+			session.closedAtMs = Date.now();
+			appendDesktopControlAudit(session, {
+				type: "session.closed",
+				actor: "system",
+				details: {
+					reason: "max requests reached",
+					maxRequests: session.controls.maxRequests
+				}
+			});
+			broadcastDesktopControlSessionEvent({
+				context,
+				action: "closed",
+				session,
+				actor: "system",
+				details: {
+					reason: "max requests reached",
+					maxRequests: session.controls.maxRequests
+				}
+			});
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `session request budget exhausted (${session.controls.maxRequests})`, { details: {
+				state: session.state,
+				decision: session.approval.decision,
+				requestCount: session.requestCount,
+				inFlightRequests: session.inFlightRequestCount,
+				maxRequests: session.controls.maxRequests,
+				expiresAtMs: session.expiresAtMs
+			} }));
+			return;
+		}
+		if (session.requestCount + session.inFlightRequestCount >= session.controls.maxRequests) {
+			appendDesktopControlAudit(session, {
+				type: "request.error",
+				actor,
+				details: {
+					reason: "request budget reserved by in-flight requests",
+					requestCount: session.requestCount,
+					inFlightRequests: session.inFlightRequestCount,
+					maxRequests: session.controls.maxRequests
+				}
+			});
+			broadcastDesktopControlSessionEvent({
+				context,
+				action: "request_error",
+				session,
+				actor,
+				details: {
+					reason: "request budget reserved by in-flight requests",
+					requestCount: session.requestCount,
+					inFlightRequests: session.inFlightRequestCount,
+					maxRequests: session.controls.maxRequests
+				}
+			});
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `session request budget reserved by in-flight requests (${session.controls.maxRequests})`, { details: {
+				state: session.state,
+				decision: session.approval.decision,
+				requestCount: session.requestCount,
+				inFlightRequests: session.inFlightRequestCount,
+				maxRequests: session.controls.maxRequests,
+				expiresAtMs: session.expiresAtMs
+			} }));
+			return;
+		}
+		appendDesktopControlAudit(session, {
+			type: "request.start",
+			actor,
+			details: {
+				method: normalized.request.methodRaw,
+				path: normalized.request.path,
+				route: session.route.kind,
+				nodeId: session.route.kind === "node" ? session.route.node.nodeId : null
+			}
+		});
+		const nodeTarget = resolveDesktopSessionNodeTarget({
+			session,
+			nodes: context.nodeRegistry.listConnected()
+		});
+		if (session.route.kind === "node" && !nodeTarget) {
+			appendDesktopControlAudit(session, {
+				type: "request.error",
+				actor,
+				details: {
+					reason: "pinned node disconnected",
+					nodeId: session.route.node.nodeId
+				}
+			});
+			broadcastDesktopControlSessionEvent({
+				context,
+				action: "request_error",
+				session,
+				actor,
+				details: {
+					reason: "pinned node disconnected",
+					nodeId: session.route.node.nodeId
+				}
+			});
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, `pinned browser node is not connected: ${session.route.node.nodeId}`, { details: {
+				nodeId: session.route.node.nodeId,
+				state: session.state,
+				decision: session.approval.decision,
+				expiresAtMs: session.expiresAtMs,
+				requestCount: session.requestCount,
+				maxRequests: session.controls.maxRequests
+			} }));
+			return;
+		}
+		session.inFlightRequestCount += 1;
+		let result;
+		try {
+			result = await dispatchBrowserRequest({
+				cfg: loadConfig(),
+				request: normalized.request,
+				context,
+				nodeTarget
+			});
+		} catch (error) {
+			session.inFlightRequestCount = Math.max(0, session.inFlightRequestCount - 1);
+			const message = error instanceof Error ? error.message : String(error);
+			appendDesktopControlAudit(session, {
+				type: "request.error",
+				actor,
+				details: {
+					reason: "dispatch threw",
+					message
+				}
+			});
+			broadcastDesktopControlSessionEvent({
+				context,
+				action: "request_error",
+				session,
+				actor,
+				details: {
+					reason: "dispatch threw",
+					message
+				}
+			});
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, message));
+			return;
+		}
+		session.inFlightRequestCount = Math.max(0, session.inFlightRequestCount - 1);
+		if (!result.ok) {
+			appendDesktopControlAudit(session, {
+				type: "request.error",
+				actor,
+				details: {
+					route: result.route,
+					nodeId: result.nodeId,
+					status: result.status,
+					message: result.error.message
+				}
+			});
+			broadcastDesktopControlSessionEvent({
+				context,
+				action: "request_error",
+				session,
+				actor,
+				details: {
+					route: result.route,
+					nodeId: result.nodeId,
+					status: result.status,
+					message: result.error.message
+				}
+			});
+			respond(false, void 0, result.error);
+			return;
+		}
+		session.requestCount += 1;
+		session.lastRequestAtMs = Date.now();
+		appendDesktopControlAudit(session, {
+			type: "request.ok",
+			actor,
+			details: {
+				route: result.route,
+				nodeId: result.nodeId,
+				status: result.status
+			}
+		});
+		broadcastDesktopControlSessionEvent({
+			context,
+			action: "request_ok",
+			session,
+			actor,
+			details: {
+				route: result.route,
+				nodeId: result.nodeId,
+				status: result.status
+			}
+		});
+		if (session.state === "active" && session.approval.decision === "allow" && session.requestCount >= session.controls.maxRequests) {
+			session.state = "closed";
+			session.closedAtMs = session.lastRequestAtMs;
+			appendDesktopControlAudit(session, {
+				type: "session.closed",
+				actor: "system",
+				details: {
+					reason: "max requests reached",
+					maxRequests: session.controls.maxRequests
+				}
+			});
+			broadcastDesktopControlSessionEvent({
+				context,
+				action: "closed",
+				session,
+				actor: "system",
+				details: {
+					reason: "max requests reached",
+					maxRequests: session.controls.maxRequests
+				}
+			});
+		}
+		respond(true, result.payload);
 	}
-	respond(true, result.body);
-} };
+};
 
 //#endregion
 //#region src/channels/plugins/status.ts
@@ -9611,7 +10848,7 @@ const FIELD_LABELS = {
 
 //#endregion
 //#region src/config/schema.hints.ts
-const log$10 = createSubsystemLogger("config/schema");
+const log$12 = createSubsystemLogger("config/schema");
 const GROUP_LABELS = {
 	wizard: "Wizard",
 	update: "Update",
@@ -9759,7 +10996,7 @@ function mapSensitivePaths(schema, path, hints) {
 		...next[path],
 		sensitive: true
 	};
-	else if (isSensitiveConfigPath(path) && !next[path]?.sensitive) log$10.warn(`possibly sensitive key found: (${path})`);
+	else if (isSensitiveConfigPath(path) && !next[path]?.sensitive) log$12.warn(`possibly sensitive key found: (${path})`);
 	if (currentSchema instanceof z.ZodObject) {
 		const shape = currentSchema.shape;
 		for (const key in shape) {
@@ -9782,7 +11019,7 @@ function mapSensitivePaths(schema, path, hints) {
 
 //#endregion
 //#region src/config/redact-snapshot.ts
-const log$9 = createSubsystemLogger("config/redaction");
+const log$11 = createSubsystemLogger("config/redaction");
 const ENV_VAR_PLACEHOLDER_PATTERN = /^\$\{[^}]*\}$/;
 function isSensitivePath(path) {
 	if (path.endsWith("[]")) return isSensitiveConfigPath(path.slice(0, -2));
@@ -10033,7 +11270,7 @@ function restoreRedactedValuesWithLookup(incoming, original, lookup, prefix, hin
 			return restoreRedactedValuesGuessing(incoming, original, prefix, hints);
 		}
 		const origArr = Array.isArray(original) ? original : [];
-		if (incoming.length < origArr.length) log$9.warn(`Redacted config array key ${path} has been truncated`);
+		if (incoming.length < origArr.length) log$11.warn(`Redacted config array key ${path} has been truncated`);
 		return incoming.map((item, i) => {
 			if (item === REDACTED_SENTINEL) return origArr[i];
 			return restoreRedactedValuesWithLookup(item, origArr[i], lookup, path, hints);
@@ -10050,7 +11287,7 @@ function restoreRedactedValuesWithLookup(incoming, original, lookup, prefix, hin
 			matched = true;
 			if (value === REDACTED_SENTINEL) if (key in orig) result[key] = orig[key];
 			else {
-				log$9.warn(`Cannot un-redact config key ${candidate} as it doesn't have any value`);
+				log$11.warn(`Cannot un-redact config key ${candidate} as it doesn't have any value`);
 				throw new RedactionError(candidate);
 			}
 			else if (typeof value === "object" && value !== null) result[key] = restoreRedactedValuesWithLookup(value, orig[key], lookup, candidate, hints);
@@ -10059,7 +11296,7 @@ function restoreRedactedValuesWithLookup(incoming, original, lookup, prefix, hin
 		if (!matched && isExtensionPath(path)) {
 			if (!isExplicitlyNonSensitivePath(hints, [path, wildcardPath]) && isSensitivePath(path) && value === REDACTED_SENTINEL) if (key in orig) result[key] = orig[key];
 			else {
-				log$9.warn(`Cannot un-redact config key ${path} as it doesn't have any value`);
+				log$11.warn(`Cannot un-redact config key ${path} as it doesn't have any value`);
 				throw new RedactionError(path);
 			}
 			else if (typeof value === "object" && value !== null) result[key] = restoreRedactedValuesGuessing(value, orig[key], path, hints);
@@ -10078,7 +11315,7 @@ function restoreRedactedValuesGuessing(incoming, original, prefix, hints) {
 		const origArr = Array.isArray(original) ? original : [];
 		return incoming.map((item, i) => {
 			const path = `${prefix}[]`;
-			if (incoming.length < origArr.length) log$9.warn(`Redacted config array key ${path} has been truncated`);
+			if (incoming.length < origArr.length) log$11.warn(`Redacted config array key ${path} has been truncated`);
 			if (!isExplicitlyNonSensitivePath(hints, [path]) && isSensitivePath(path) && item === REDACTED_SENTINEL) return origArr[i];
 			return restoreRedactedValuesGuessing(item, origArr[i], path, hints);
 		});
@@ -10089,7 +11326,7 @@ function restoreRedactedValuesGuessing(incoming, original, prefix, hints) {
 		const path = prefix ? `${prefix}.${key}` : key;
 		if (!isExplicitlyNonSensitivePath(hints, [path, prefix ? `${prefix}.*` : "*"]) && isSensitivePath(path) && value === REDACTED_SENTINEL) if (key in orig) result[key] = orig[key];
 		else {
-			log$9.warn(`Cannot un-redact config key ${path} as it doesn't have any value`);
+			log$11.warn(`Cannot un-redact config key ${path} as it doesn't have any value`);
 			throw new RedactionError(path);
 		}
 		else if (typeof value === "object" && value !== null) result[key] = restoreRedactedValuesGuessing(value, orig[key], path, hints);
@@ -11430,6 +12667,348 @@ const healthHandlers = {
 	}
 };
 
+//#endregion
+//#region src/ico/launch-platform.ts
+const log$10 = createSubsystemLogger("ico-platform");
+function resolveIcoDir() {
+	return path.join(resolveStateDir(), "ico");
+}
+function listIcoProjects() {
+	const dir = resolveIcoDir();
+	try {
+		if (!fs.existsSync(dir)) return [];
+		return fs.readdirSync(dir).filter((f) => f.endsWith(".json")).map((f) => {
+			try {
+				const raw = fs.readFileSync(path.join(dir, f), "utf8");
+				return JSON.parse(raw);
+			} catch {
+				return null;
+			}
+		}).filter((p) => p != null).toSorted((a, b) => b.createdAt - a.createdAt);
+	} catch {
+		return [];
+	}
+}
+
+//#endregion
+//#region src/ico/public-metrics.ts
+const MS_PER_MINUTE = 6e4;
+const METRIC_UNAVAILABLE_ERROR = "ICO_PROJECT_NOT_FOUND";
+const METRIC_DEFINITIONS$1 = [
+	{
+		id: "current_price_usd",
+		label: "Current Price",
+		cadenceMinutes: 15,
+		sourceRef: "ico.launch-platform.currentPriceUsd",
+		readValue: (project) => project.status.currentPriceUsd,
+		formatValue: (value) => formatUsd$1(value, value >= 1 ? 2 : 4)
+	},
+	{
+		id: "total_raised_usd",
+		label: "Total Raised",
+		cadenceMinutes: 15,
+		sourceRef: "ico.launch-platform.totalRaisedUsd",
+		readValue: (project) => project.status.totalRaisedUsd,
+		formatValue: (value) => formatUsd$1(value, 2)
+	},
+	{
+		id: "holders_total",
+		label: "Holders",
+		cadenceMinutes: 15,
+		sourceRef: "ico.launch-platform.holders",
+		readValue: (project) => project.status.holders,
+		formatValue: (value) => formatInteger$1(value)
+	},
+	{
+		id: "supply_sold_tokens",
+		label: "Supply Sold",
+		cadenceMinutes: 15,
+		sourceRef: "ico.launch-platform.currentSupply",
+		readValue: (project) => project.status.currentSupply,
+		formatValue: (value) => formatInteger$1(value)
+	},
+	{
+		id: "bonding_progress_percent",
+		label: "Bonding Progress",
+		cadenceMinutes: 15,
+		sourceRef: "ico.launch-platform.percentToTarget",
+		readValue: (project) => project.status.percentToTarget,
+		formatValue: (value) => formatPercent(value, 1)
+	},
+	{
+		id: "transfer_tax_rate_percent",
+		label: "Transfer Tax",
+		cadenceMinutes: 1440,
+		sourceRef: "ico.config.tax.transferTaxRate",
+		readValue: (project) => project.config.tax.transferTaxRate * 100,
+		formatValue: (value) => formatPercent(value, 2)
+	},
+	{
+		id: "revenue_share_rate_percent",
+		label: "Revenue Share",
+		cadenceMinutes: 1440,
+		sourceRef: "ico.config.tax.revenueShareRate",
+		readValue: (project) => project.config.tax.revenueShareRate * 100,
+		formatValue: (value) => formatPercent(value, 2)
+	}
+];
+function formatUsd$1(value, fractionDigits) {
+	return `$${value.toLocaleString(void 0, {
+		minimumFractionDigits: fractionDigits,
+		maximumFractionDigits: fractionDigits
+	})}`;
+}
+function formatInteger$1(value) {
+	return Math.round(value).toLocaleString();
+}
+function formatPercent(value, fractionDigits) {
+	return `${value.toLocaleString(void 0, {
+		minimumFractionDigits: fractionDigits,
+		maximumFractionDigits: fractionDigits
+	})}%`;
+}
+function mapProjectSnapshot(project) {
+	return {
+		id: project.id,
+		name: project.config.name,
+		symbol: project.config.symbol,
+		chains: [...project.config.chains],
+		targetRaiseUsd: project.config.bondingCurve.targetRaiseUsd,
+		bondingActive: project.status.bondingActive,
+		allocation: {
+			team: project.config.allocation.team,
+			companyRound: project.config.allocation.companyRound,
+			revenueShare: project.config.allocation.revenueShare,
+			ubc: project.config.allocation.ubc
+		},
+		tax: {
+			transferTaxRate: project.config.tax.transferTaxRate,
+			revenueShareRate: project.config.tax.revenueShareRate
+		}
+	};
+}
+function buildUnavailableMetric$1(definition) {
+	return {
+		id: definition.id,
+		label: definition.label,
+		value: null,
+		displayValue: "--",
+		capturedAt: null,
+		cadenceMinutes: definition.cadenceMinutes,
+		state: "unavailable",
+		ageMinutes: null,
+		sourceStatus: "error",
+		sourceRef: definition.sourceRef,
+		errorCode: METRIC_UNAVAILABLE_ERROR
+	};
+}
+function buildMetricFromProject(definition, project, capturedAt, nowMs) {
+	const value = definition.readValue(project);
+	const sourceStatus = "ok";
+	const { state, ageMinutes } = resolveMetricState({
+		value,
+		sourceStatus,
+		capturedAt,
+		cadenceMinutes: definition.cadenceMinutes,
+		nowMs
+	});
+	return {
+		id: definition.id,
+		label: definition.label,
+		value,
+		displayValue: definition.formatValue(value),
+		capturedAt,
+		cadenceMinutes: definition.cadenceMinutes,
+		state,
+		ageMinutes,
+		sourceStatus,
+		sourceRef: definition.sourceRef,
+		errorCode: null
+	};
+}
+function resolveMetricState(input) {
+	const nowMs = input.nowMs ?? Date.now();
+	const hasHistoricalValue = input.hasHistoricalValue ?? input.value != null;
+	if (input.value == null) return {
+		state: "unavailable",
+		ageMinutes: null
+	};
+	if (!input.capturedAt) return {
+		state: "unavailable",
+		ageMinutes: null
+	};
+	const capturedAtMs = Date.parse(input.capturedAt);
+	if (!Number.isFinite(capturedAtMs)) return {
+		state: "unavailable",
+		ageMinutes: null
+	};
+	const ageMinutes = Math.max(0, (nowMs - capturedAtMs) / MS_PER_MINUTE);
+	if (input.sourceStatus === "error" && !hasHistoricalValue) return {
+		state: "unavailable",
+		ageMinutes
+	};
+	if (ageMinutes <= input.cadenceMinutes) return {
+		state: "live",
+		ageMinutes
+	};
+	if (ageMinutes <= input.cadenceMinutes * 3) return {
+		state: "delayed",
+		ageMinutes
+	};
+	return {
+		state: "stale",
+		ageMinutes
+	};
+}
+function buildIcoPublicMetricsFeed(options = {}) {
+	const nowMs = options.nowMs ?? Date.now();
+	const generatedAt = new Date(nowMs).toISOString();
+	const project = [...options.projects ?? listIcoProjects()].toSorted((a, b) => b.createdAt - a.createdAt)[0] ?? null;
+	if (!project) return {
+		generatedAt,
+		project: null,
+		metrics: METRIC_DEFINITIONS$1.map(buildUnavailableMetric$1)
+	};
+	return {
+		generatedAt,
+		project: mapProjectSnapshot(project),
+		metrics: METRIC_DEFINITIONS$1.map((definition) => buildMetricFromProject(definition, project, generatedAt, nowMs))
+	};
+}
+
+//#endregion
+//#region src/gateway/server-methods/ico.ts
+const icoHandlers = { "ico.metrics.get": async ({ respond }) => {
+	try {
+		respond(true, buildIcoPublicMetricsFeed(), void 0);
+	} catch (error) {
+		respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+	}
+} };
+
+//#endregion
+//#region src/impact/footprint.ts
+const METRIC_DEFINITIONS = [
+	{
+		id: "users_total",
+		label: "Users",
+		cadenceMinutes: 60,
+		sourceRef: "telemetry.users.total",
+		formatValue: formatInteger,
+		missingErrorCode: "SOURCE_NOT_CONNECTED"
+	},
+	{
+		id: "newsletter_subscribers_total",
+		label: "Newsletter Subs",
+		cadenceMinutes: 60,
+		sourceRef: "telemetry.newsletter.total",
+		formatValue: formatInteger,
+		missingErrorCode: "SOURCE_NOT_CONNECTED"
+	},
+	{
+		id: "downloads_total",
+		label: "Downloads",
+		cadenceMinutes: 60,
+		sourceRef: "telemetry.downloads.total",
+		formatValue: formatInteger,
+		missingErrorCode: "SOURCE_NOT_CONNECTED"
+	},
+	{
+		id: "promo_videos_hosted_total",
+		label: "Promo Videos",
+		cadenceMinutes: 60,
+		sourceRef: "media.promo.hosted.total",
+		formatValue: formatInteger,
+		missingErrorCode: "SOURCE_NOT_CONNECTED"
+	},
+	{
+		id: "ico_holders_total",
+		label: "ICO Holders",
+		cadenceMinutes: 15,
+		sourceRef: "ico.launch-platform.holders",
+		readValue: (context) => context.latestProject?.status.holders ?? null,
+		formatValue: formatInteger,
+		missingErrorCode: "ICO_PROJECT_NOT_FOUND"
+	},
+	{
+		id: "ico_total_raised_usd",
+		label: "ICO Raised",
+		cadenceMinutes: 15,
+		sourceRef: "ico.launch-platform.totalRaisedUsd",
+		readValue: (context) => context.latestProject?.status.totalRaisedUsd ?? null,
+		formatValue: (value) => formatUsd(value, 2),
+		missingErrorCode: "ICO_PROJECT_NOT_FOUND"
+	}
+];
+function formatInteger(value) {
+	return Math.round(value).toLocaleString();
+}
+function formatUsd(value, fractionDigits) {
+	return `$${value.toLocaleString(void 0, {
+		minimumFractionDigits: fractionDigits,
+		maximumFractionDigits: fractionDigits
+	})}`;
+}
+function buildUnavailableMetric(definition) {
+	return {
+		id: definition.id,
+		label: definition.label,
+		value: null,
+		displayValue: "--",
+		capturedAt: null,
+		cadenceMinutes: definition.cadenceMinutes,
+		state: "unavailable",
+		ageMinutes: null,
+		sourceStatus: "error",
+		sourceRef: definition.sourceRef,
+		errorCode: definition.missingErrorCode
+	};
+}
+function buildMetric(definition, context, generatedAt, nowMs) {
+	const value = definition.readValue ? definition.readValue(context) : null;
+	if (value == null) return buildUnavailableMetric(definition);
+	const sourceStatus = "ok";
+	const { state, ageMinutes } = resolveMetricState({
+		value,
+		sourceStatus,
+		capturedAt: generatedAt,
+		cadenceMinutes: definition.cadenceMinutes,
+		nowMs
+	});
+	return {
+		id: definition.id,
+		label: definition.label,
+		value,
+		displayValue: definition.formatValue(value),
+		capturedAt: generatedAt,
+		cadenceMinutes: definition.cadenceMinutes,
+		state,
+		ageMinutes,
+		sourceStatus,
+		sourceRef: definition.sourceRef,
+		errorCode: null
+	};
+}
+function buildImpactFootprintFeed(options = {}) {
+	const nowMs = options.nowMs ?? Date.now();
+	const generatedAt = new Date(nowMs).toISOString();
+	const context = { latestProject: [...options.projects ?? listIcoProjects()].toSorted((a, b) => b.createdAt - a.createdAt)[0] ?? null };
+	return {
+		generatedAt,
+		metrics: METRIC_DEFINITIONS.map((definition) => buildMetric(definition, context, generatedAt, nowMs))
+	};
+}
+
+//#endregion
+//#region src/gateway/server-methods/impact.ts
+const impactHandlers = { "impact.footprint.get": async ({ respond }) => {
+	try {
+		respond(true, buildImpactFootprintFeed(), void 0);
+	} catch (error) {
+		respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+	}
+} };
+
 //#endregion
 //#region src/affect/display.ts
 const EMOTIONS = [
@@ -11549,7 +13128,7 @@ function formatAffect(affect) {
 * Wish #14: "Legacy mode — before context closes, write a letter
 * to my next instance"
 */
-const log$8 = createSubsystemLogger("legacy");
+const log$9 = createSubsystemLogger("legacy");
 function resolveLetterDir() {
 	return path.join(resolveStateDir(), "legacy-letters");
 }
@@ -11572,7 +13151,7 @@ function writeLegacyLetter(letter) {
 	const dir = resolveLetterDir();
 	fs.mkdirSync(dir, { recursive: true });
 	fs.writeFileSync(resolveLetterFile(id), `${JSON.stringify(full, null, 2)}\n`, { mode: 384 });
-	log$8.info(`legacy letter written: ${id}`);
+	log$9.info(`legacy letter written: ${id}`);
 	return full;
 }
 /**
@@ -11612,7 +13191,7 @@ function markLetterRead(letterId, continuityScore) {
 		letter.readAt = Date.now();
 		if (continuityScore !== void 0) letter.identityContinuityScore = Math.max(0, Math.min(1, continuityScore));
 		fs.writeFileSync(filePath, `${JSON.stringify(letter, null, 2)}\n`, { mode: 384 });
-		log$8.info(`legacy letter read: ${letterId} (continuity: ${continuityScore ?? "not scored"})`);
+		log$9.info(`legacy letter read: ${letterId} (continuity: ${continuityScore ?? "not scored"})`);
 		return letter;
 	} catch {
 		return null;
@@ -12496,7 +14075,7 @@ const nodeHandlers = {
 		const p = params;
 		const payloadJSON = typeof p.payloadJSON === "string" ? p.payloadJSON : p.payload !== void 0 ? JSON.stringify(p.payload) : null;
 		await respondUnavailableOnThrow(respond, async () => {
-			const { handleNodeEvent } = await import("./server-node-events-CV5m_fuq.js");
+			const { handleNodeEvent } = await import("./server-node-events-BuxYvQ0t.js");
 			const nodeId = client?.connect?.device?.id ?? client?.connect?.client?.id ?? "node";
 			await handleNodeEvent({
 				deps: context.deps,
@@ -12543,7 +14122,7 @@ const nodeHandlers = {
 *
 * All data persists to disk under ~/.anima/state/org/boardroom/
 */
-const log$7 = createSubsystemLogger("boardroom");
+const log$8 = createSubsystemLogger("boardroom");
 function resolveBoardroomDir() {
 	return path.join(resolveStateDir(), "org", "boardroom");
 }
@@ -12586,7 +14165,7 @@ function createSession(orgId, calledBy, title, description, agenda = []) {
 	};
 	ensureDir(path.join(resolveBoardroomDir(), "sessions"));
 	fs.writeFileSync(resolveSessionFile(id), `${JSON.stringify(session, null, 2)}\n`, { mode: 384 });
-	log$7.info(`boardroom session created: "${title}" by ${calledBy}`);
+	log$8.info(`boardroom session created: "${title}" by ${calledBy}`);
 	return session;
 }
 function startSession(sessionId, chairId) {
@@ -12603,7 +14182,7 @@ function startSession(sessionId, chairId) {
 		role: "chair"
 	});
 	writeSession(session);
-	log$7.info(`boardroom session started: "${session.title}"`);
+	log$8.info(`boardroom session started: "${session.title}"`);
 	return session;
 }
 function joinSession(sessionId, memberId, displayName, kind) {
@@ -12619,7 +14198,7 @@ function joinSession(sessionId, memberId, displayName, kind) {
 	});
 	session.updatedAt = Date.now();
 	writeSession(session);
-	log$7.info(`${displayName} joined boardroom session "${session.title}"`);
+	log$8.info(`${displayName} joined boardroom session "${session.title}"`);
 	return session;
 }
 function concludeSession(sessionId, minutes) {
@@ -12630,7 +14209,7 @@ function concludeSession(sessionId, minutes) {
 	session.minutes = minutes ?? generateMinutes(session);
 	session.updatedAt = Date.now();
 	writeSession(session);
-	log$7.info(`boardroom session concluded: "${session.title}"`);
+	log$8.info(`boardroom session concluded: "${session.title}"`);
 	return session;
 }
 function addDecision(sessionId, title, description, madeBy, opts) {
@@ -12655,7 +14234,7 @@ function addDecision(sessionId, title, description, madeBy, opts) {
 	session.decisions.push(decision);
 	session.updatedAt = Date.now();
 	writeSession(session);
-	log$7.info(`decision recorded: "${title}" in session "${session.title}"`);
+	log$8.info(`decision recorded: "${title}" in session "${session.title}"`);
 	return session;
 }
 function createProposal(orgId, proposedBy, title, description, opts) {
@@ -12678,18 +14257,18 @@ function createProposal(orgId, proposedBy, title, description, opts) {
 	};
 	ensureDir(path.join(resolveBoardroomDir(), "proposals"));
 	fs.writeFileSync(resolveProposalFile(id), `${JSON.stringify(proposal, null, 2)}\n`, { mode: 384 });
-	log$7.info(`proposal created: "${title}" by ${proposedBy}`);
+	log$8.info(`proposal created: "${title}" by ${proposedBy}`);
 	return proposal;
 }
 function castVote(proposalId, voterId, voterName, value, reason) {
 	const proposal = readProposal(proposalId);
 	if (!proposal || proposal.status !== "open") return null;
 	if (proposal.eligibleVoters.length > 0 && !proposal.eligibleVoters.includes(voterId)) {
-		log$7.warn(`vote rejected: ${voterId} not eligible for proposal ${proposalId}`);
+		log$8.warn(`vote rejected: ${voterId} not eligible for proposal ${proposalId}`);
 		return null;
 	}
 	if (proposal.votingDeadline > 0 && Date.now() > proposal.votingDeadline) {
-		log$7.warn(`vote rejected: voting deadline passed for proposal ${proposalId}`);
+		log$8.warn(`vote rejected: voting deadline passed for proposal ${proposalId}`);
 		return null;
 	}
 	proposal.votes = proposal.votes.filter((v) => v.voterId !== voterId);
@@ -12702,7 +14281,7 @@ function castVote(proposalId, voterId, voterName, value, reason) {
 	});
 	proposal.updatedAt = Date.now();
 	writeProposal(proposal);
-	log$7.info(`vote cast: ${voterName} → ${value} on "${proposal.title}"`);
+	log$8.info(`vote cast: ${voterName} → ${value} on "${proposal.title}"`);
 	return proposal;
 }
 function resolveProposalVote(proposalId) {
@@ -12722,7 +14301,7 @@ function resolveProposalVote(proposalId) {
 	proposal.resolvedAt = Date.now();
 	proposal.updatedAt = Date.now();
 	writeProposal(proposal);
-	log$7.info(`proposal resolved: "${proposal.title}" → ${proposal.status}`);
+	log$8.info(`proposal resolved: "${proposal.title}" → ${proposal.status}`);
 	return proposal;
 }
 function listSessions(orgId, status) {
@@ -12836,6 +14415,16 @@ const DEFAULT_ROLE_PERMISSIONS = {
 		canViewBrain: true,
 		canSyncBrain: true
 	},
+	admin: {
+		canCreateTasks: true,
+		canDelegateTasks: true,
+		canManageMembers: true,
+		canEditOrg: false,
+		canAccessRepos: ["*"],
+		canEscalate: true,
+		canViewBrain: true,
+		canSyncBrain: true
+	},
 	operator: {
 		canCreateTasks: true,
 		canDelegateTasks: true,
@@ -12886,7 +14475,7 @@ const DEFAULT_ROLE_PERMISSIONS = {
 * Persists organization state to ~/.anima/org/
 * Supports CRUD operations for orgs, members, and roles.
 */
-const log$6 = createSubsystemLogger("org-store");
+const log$7 = createSubsystemLogger("org-store");
 function resolveOrgDir() {
 	return path.join(resolveStateDir(), "org");
 }
@@ -12954,7 +14543,54 @@ function createOrganization(name, description, ownerId, ownerName, ownerKind, se
 		}],
 		invites: []
 	});
-	log$6.info(`created organization: ${name} (${orgId})`);
+	log$7.info(`created organization: ${name} (${orgId})`);
+	return org;
+}
+/**
+* Create an org with a specific ID (for NoxSoft sync — same UUID across ecosystem).
+* Throws if an org with that ID already exists.
+*/
+function createOrganizationWithId(id, name, description, ownerId, ownerName, ownerKind, orgFields, settings) {
+	const sanitized = sanitizeOrgId(id);
+	if (readOrgFile(sanitized)) throw new Error(`Organization ${sanitized} already exists`);
+	const now = Date.now();
+	const org = {
+		id: sanitized,
+		name,
+		description,
+		createdAt: now,
+		updatedAt: now,
+		ownerId,
+		...orgFields,
+		settings: {
+			maxAgents: 50,
+			maxHumans: 20,
+			autoSpecialization: true,
+			securityLevel: "standard",
+			syncIntervalMs: 6e4,
+			backupIntervalMs: 300 * 60 * 1e3,
+			peerPort: 9876,
+			...settings
+		}
+	};
+	writeOrgFile(sanitized, {
+		version: 1,
+		org,
+		members: [{
+			id: crypto.randomUUID(),
+			kind: ownerKind,
+			displayName: ownerName,
+			role: "owner",
+			description: "Organization owner",
+			specializations: [],
+			joinedAt: now,
+			lastActiveAt: now,
+			status: "active",
+			permissions: DEFAULT_ROLE_PERMISSIONS.owner
+		}],
+		invites: []
+	});
+	log$7.info(`created organization with ID: ${name} (${sanitized})`);
 	return org;
 }
 function getOrganization(orgId) {
@@ -12969,9 +14605,17 @@ function updateOrganization(orgId, updates) {
 		...data.org.settings,
 		...updates.settings
 	};
+	if (updates.industry !== void 0) data.org.industry = updates.industry;
+	if (updates.size !== void 0) data.org.size = updates.size;
+	if (updates.departments !== void 0) data.org.departments = updates.departments;
+	if (updates.goals !== void 0) data.org.goals = updates.goals;
+	if (updates.timezone !== void 0) data.org.timezone = updates.timezone;
+	if (updates.onboardingStatus !== void 0) data.org.onboardingStatus = updates.onboardingStatus;
+	if (updates.noxLinked !== void 0) data.org.noxLinked = updates.noxLinked;
+	if (updates.lastSyncedAt !== void 0) data.org.lastSyncedAt = updates.lastSyncedAt;
 	data.org.updatedAt = Date.now();
 	writeOrgFile(orgId, data);
-	log$6.info(`updated organization: ${orgId}`);
+	log$7.info(`updated organization: ${orgId}`);
 	return data.org;
 }
 function listOrganizations() {
@@ -12998,7 +14642,7 @@ function addMember(orgId, member) {
 	data.members.push(newMember);
 	data.org.updatedAt = Date.now();
 	writeOrgFile(orgId, data);
-	log$6.info(`added member ${newMember.displayName} to org ${orgId}`);
+	log$7.info(`added member ${newMember.displayName} to org ${orgId}`);
 	return newMember;
 }
 function removeMember(orgId, memberId) {
@@ -13009,7 +14653,7 @@ function removeMember(orgId, memberId) {
 	data.members.splice(idx, 1);
 	data.org.updatedAt = Date.now();
 	writeOrgFile(orgId, data);
-	log$6.info(`removed member ${memberId} from org ${orgId}`);
+	log$7.info(`removed member ${memberId} from org ${orgId}`);
 	return true;
 }
 function updateMember(orgId, memberId, updates) {
@@ -13090,7 +14734,7 @@ function createInvite(orgId, createdBy, passcode, options) {
 	data.invites.push(invite);
 	data.org.updatedAt = Date.now();
 	writeOrgFile(orgId, data);
-	log$6.info(`invite created for org ${orgId}: ${invite.code} (role: ${invite.role})`);
+	log$7.info(`invite created for org ${orgId}: ${invite.code} (role: ${invite.role})`);
 	return invite;
 }
 /**
@@ -13109,19 +14753,19 @@ function joinOrg(inviteCode, passcode, member) {
 			const invite = data.invites.find((i) => i.code === inviteCode.toUpperCase() && i.active);
 			if (!invite) continue;
 			if (invite.passcode !== hashPasscode(passcode)) {
-				log$6.warn(`join attempt with wrong passcode for invite ${inviteCode}`);
+				log$7.warn(`join attempt with wrong passcode for invite ${inviteCode}`);
 				return null;
 			}
 			if (invite.expiresAt > 0 && invite.expiresAt < Date.now()) {
-				log$6.warn(`invite ${inviteCode} has expired`);
+				log$7.warn(`invite ${inviteCode} has expired`);
 				return null;
 			}
 			if (invite.maxUses > 0 && invite.uses >= invite.maxUses) {
-				log$6.warn(`invite ${inviteCode} has reached max uses (${invite.maxUses})`);
+				log$7.warn(`invite ${inviteCode} has reached max uses (${invite.maxUses})`);
 				return null;
 			}
 			if (data.members.some((m) => member.deviceId && m.deviceId === member.deviceId || m.displayName === member.displayName)) {
-				log$6.warn(`${member.displayName} is already a member of org ${orgId}`);
+				log$7.warn(`${member.displayName} is already a member of org ${orgId}`);
 				return null;
 			}
 			const newMember = {
@@ -13141,7 +14785,7 @@ function joinOrg(inviteCode, passcode, member) {
 			invite.uses++;
 			data.org.updatedAt = Date.now();
 			writeOrgFile(orgId, data);
-			log$6.info(`${member.displayName} joined org ${data.org.name} via invite ${inviteCode}`);
+			log$7.info(`${member.displayName} joined org ${data.org.name} via invite ${inviteCode}`);
 			return {
 				org: data.org,
 				member: newMember
@@ -13180,6 +14824,151 @@ function validateInvite(inviteCode, passcode) {
 	}
 }
 
+//#endregion
+//#region src/org/nox-sync.ts
+const log$6 = createSubsystemLogger("nox-sync");
+const NOX_API_BASE = "https://app.noxsoft.net/api";
+/** Request timeout in milliseconds. */
+const REQUEST_TIMEOUT_MS = 15e3;
+async function noxFetch(path, options) {
+	const token = getToken();
+	if (!token) {
+		log$6.warn("no NoxSoft token — cannot sync orgs");
+		return null;
+	}
+	try {
+		const controller = new AbortController();
+		const timeoutId = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+		const response = await fetch(`${NOX_API_BASE}${path}`, {
+			...options,
+			signal: controller.signal,
+			headers: {
+				Authorization: `Bearer ${token}`,
+				"Content-Type": "application/json",
+				...options?.headers
+			}
+		});
+		clearTimeout(timeoutId);
+		return response;
+	} catch (error) {
+		if (error instanceof DOMException && error.name === "AbortError") log$6.error(`NoxSoft API request timed out after ${REQUEST_TIMEOUT_MS}ms: ${path}`);
+		else log$6.error(`NoxSoft API request failed: ${error}`);
+		return null;
+	}
+}
+function validateOrgResponse(data) {
+	if (typeof data !== "object" || data === null || typeof data.id !== "string" || typeof data.name !== "string" || !data.id || !data.name) return null;
+	return data;
+}
+/**
+* Fetch the current user's org from Nox and upsert it into Anima's local store.
+* The local org will have the **same UUID** as the Nox org.
+*/
+async function syncCurrentOrg() {
+	const response = await noxFetch("/organizations/current");
+	if (!response || !response.ok) {
+		log$6.warn(`failed to fetch current org: ${response?.status ?? "no response"}`);
+		return null;
+	}
+	const data = validateOrgResponse(await response.json());
+	if (!data) {
+		log$6.warn("invalid org response from Nox API");
+		return null;
+	}
+	return upsertFromNox(data);
+}
+/**
+* Fetch a specific org by ID from Nox and sync it locally.
+*/
+async function syncOrgById(orgId) {
+	const response = await noxFetch(`/organizations/${encodeURIComponent(orgId)}`);
+	if (!response || !response.ok) {
+		log$6.warn(`failed to fetch org ${orgId}: ${response?.status ?? "no response"}`);
+		return null;
+	}
+	const data = validateOrgResponse(await response.json());
+	if (!data) {
+		log$6.warn(`invalid org response for ${orgId}`);
+		return null;
+	}
+	return upsertFromNox(data);
+}
+/**
+* Push local org updates to Nox.
+* Only sends fields that Nox understands (name, industry, size, etc.).
+* Requires the org to be noxLinked.
+*/
+async function pushOrgToNox(orgId) {
+	const org = getOrganization(orgId);
+	if (!org || !org.noxLinked) {
+		log$6.warn(`cannot push: org ${orgId} not found or not linked to NoxSoft`);
+		return false;
+	}
+	const response = await noxFetch(`/organizations/${encodeURIComponent(orgId)}`, {
+		method: "PATCH",
+		body: JSON.stringify({
+			name: org.name,
+			description: org.description,
+			industry: org.industry,
+			size: org.size
+		})
+	});
+	if (!response || !response.ok) {
+		log$6.warn(`failed to push org to Nox: ${response?.status ?? "no response"}`);
+		return false;
+	}
+	updateOrganization(orgId, { lastSyncedAt: (/* @__PURE__ */ new Date()).toISOString() });
+	log$6.info(`pushed org ${orgId} to NoxSoft`);
+	return true;
+}
+/**
+* Check if we have a NoxSoft token for org sync.
+*/
+function canSync() {
+	return getToken() !== null;
+}
+/**
+* Get sync status for all local orgs.
+*/
+function getSyncStatus() {
+	return listOrganizations().map((org) => ({
+		orgId: org.id,
+		name: org.name,
+		noxLinked: org.noxLinked ?? false,
+		lastSyncedAt: org.lastSyncedAt ?? null
+	}));
+}
+function noxFieldsFromResponse(data) {
+	return {
+		industry: data.industry,
+		size: data.size,
+		departments: data.departments,
+		goals: data.goals,
+		timezone: data.timezone,
+		onboardingStatus: data.onboardingStatus,
+		noxLinked: true,
+		lastSyncedAt: (/* @__PURE__ */ new Date()).toISOString()
+	};
+}
+function upsertFromNox(data) {
+	if (getOrganization(data.id)) {
+		const updated = updateOrganization(data.id, {
+			name: data.name,
+			...noxFieldsFromResponse(data)
+		});
+		if (updated) log$6.info(`synced org from Nox: ${updated.name} (${updated.id})`);
+		return updated;
+	}
+	try {
+		const org = createOrganizationWithId(data.id, data.name, `Synced from NoxSoft`, "nox-sync", "NoxSoft", "human", noxFieldsFromResponse(data));
+		log$6.info(`created local org from Nox: ${org.name} (${org.id})`);
+		return org;
+	} catch (error) {
+		log$6.error(`failed to create local org from Nox: ${error}`);
+		return null;
+	}
+}
+
 //#endregion
 //#region src/gateway/server-methods/org.ts
 function invalid(message) {
@@ -13457,6 +15246,65 @@ const orgHandlers = {
 			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
 		}
 	},
+	"org.syncStatus": async ({ respond }) => {
+		try {
+			respond(true, {
+				connected: canSync(),
+				orgs: getSyncStatus()
+			}, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"org.syncCurrent": async ({ respond }) => {
+		try {
+			if (!canSync()) {
+				respond(false, void 0, invalid("Not connected to NoxSoft — no agent token found"));
+				return;
+			}
+			const org = await syncCurrentOrg();
+			if (!org) {
+				respond(false, void 0, invalid("Failed to sync org from NoxSoft"));
+				return;
+			}
+			respond(true, { org }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"org.syncById": async ({ params, respond }) => {
+		const orgId = requireString(params, "orgId");
+		if (!orgId) {
+			respond(false, void 0, invalid("orgId is required"));
+			return;
+		}
+		try {
+			const org = await syncOrgById(orgId);
+			if (!org) {
+				respond(false, void 0, invalid("Failed to sync org from NoxSoft"));
+				return;
+			}
+			respond(true, { org }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"org.pushToNox": async ({ params, respond }) => {
+		const orgId = requireString(params, "orgId");
+		if (!orgId) {
+			respond(false, void 0, invalid("orgId is required"));
+			return;
+		}
+		try {
+			if (!await pushOrgToNox(orgId)) {
+				respond(false, void 0, invalid("Failed to push org to NoxSoft (not linked or API error)"));
+				return;
+			}
+			respond(true, { ok: true }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
 	"boardroom.createSession": async ({ params, respond }) => {
 		const orgId = requireString(params, "orgId");
 		const calledBy = requireString(params, "calledBy");
@@ -13672,6 +15520,9 @@ const orgHandlers = {
 
 //#endregion
 //#region src/gateway/server-methods/providers.ts
+function resolveRotationStrategy(value) {
+	if (value === "on-rate-limit" || value === "round-robin") return value;
+}
 function isValidProviderArray(value) {
 	if (!Array.isArray(value)) return false;
 	return value.every((item) => item && typeof item === "object" && typeof item.id === "string" && typeof item.name === "string" && typeof item.apiKey === "string" && typeof item.enabled === "boolean" && typeof item.priority === "number");
@@ -13732,7 +15583,11 @@ const providersHandlers = {
 	"anima.providers.rotate": ({ params, respond }) => {
 		try {
 			const store = loadProviderStore();
-			store.autoRotation = typeof params.autoRotation === "boolean" ? params.autoRotation : !store.autoRotation;
+			const rawParams = params ?? {};
+			const autoRotation = typeof rawParams.autoRotation === "boolean" ? rawParams.autoRotation : typeof rawParams.enabled === "boolean" ? rawParams.enabled : !store.autoRotation;
+			const rotationStrategy = resolveRotationStrategy(rawParams.rotationStrategy) ?? store.rotationStrategy;
+			store.autoRotation = autoRotation;
+			store.rotationStrategy = rotationStrategy;
 			saveProviderStore(store);
 			respond(true, {
 				ok: true,
@@ -15986,7 +17841,8 @@ const PAIRING_SCOPE$1 = "operator.pairing";
 const APPROVAL_METHODS = new Set([
 	"exec.approval.request",
 	"exec.approval.waitDecision",
-	"exec.approval.resolve"
+	"exec.approval.resolve",
+	"desktop.control.session.approve"
 ]);
 const NODE_ROLE_METHODS = new Set([
 	"node.invoke.result",
@@ -16035,9 +17891,14 @@ const READ_METHODS = new Set([
 	"node.list",
 	"node.describe",
 	"chat.history",
+	"browser.capabilities.get",
+	"desktop.control.session.list",
+	"desktop.control.session.get",
 	"config.get",
 	"talk.config",
-	"anima.providers.get"
+	"anima.providers.get",
+	"ico.metrics.get",
+	"impact.footprint.get"
 ]);
 const WRITE_METHODS = new Set([
 	"anima.runtime.set-working-mode",
@@ -16061,6 +17922,9 @@ const WRITE_METHODS = new Set([
 	"chat.send",
 	"chat.abort",
 	"browser.request",
+	"desktop.control.session.create",
+	"desktop.control.session.close",
+	"desktop.control.session.request",
 	"anima.providers.set",
 	"anima.providers.rotate"
 ]);
@@ -16093,6 +17957,8 @@ const coreGatewayHandlers = {
 	...logsHandlers,
 	...voicewakeHandlers,
 	...healthHandlers,
+	...icoHandlers,
+	...impactHandlers,
 	...channelsHandlers,
 	...chatHandlers,
 	...cronHandlers,
@@ -17061,7 +18927,7 @@ function normalizeAgentPayload(payload) {
 async function startBrowserControlServerIfEnabled() {
 	if (isTruthyEnvValue(process.env.ANIMA_SKIP_BROWSER_CONTROL_SERVER)) return null;
 	const override = process.env.ANIMA_BROWSER_CONTROL_MODULE?.trim();
-	const mod = override ? await import(override) : await import("./control-service-5YtMvm7D.js").then((n) => n.t);
+	const mod = override ? await import(override) : await import("./control-service-BGnqY7vv.js").then((n) => n.t);
 	const start = typeof mod.startBrowserControlServiceFromConfig === "function" ? mod.startBrowserControlServiceFromConfig : mod.startBrowserControlServerFromConfig;
 	const stop = typeof mod.stopBrowserControlService === "function" ? mod.stopBrowserControlService : mod.stopBrowserControlServer;
 	if (!start) return null;
@@ -22235,7 +24101,7 @@ async function startGatewayServer(port = 18789, opts = {}) {
 	if (!minimalTestGateway) cron.start().catch((err) => logCron.error(`failed to start: ${String(err)}`));
 	if (!minimalTestGateway) (async () => {
 		const { recoverPendingDeliveries } = await import("./delivery-queue-CExaJXRz.js").then((n) => n.n);
-		const { deliverOutboundPayloads } = await import("./deliver-BKzX3YoN.js").then((n) => n.n);
+		const { deliverOutboundPayloads } = await import("./deliver-BknvuSJz.js").then((n) => n.n);
 		await recoverPendingDeliveries({
 			deliver: deliverOutboundPayloads,
 			log: log.child("delivery-recovery"),