@openape/apes 1.24.0 → 1.25.0

package/dist/cli.js

@@ -1,9 +1,4 @@
 #!/usr/bin/env node
-import {
-  checkSudoRejection,
-  isApesSelfDispatch,
-  notifyGrantPending
-} from "./chunk-3COOEDPF.js";
 import {
   CliError,
   CliExit,
@@ -11,21 +6,16 @@ import {
   parseDuration,
   runLoop,
   taskTools
-} from "./chunk-FRCNYDTR.js";
+} from "./chunk-L2V3CW5B.js";
 import {
   loadEd25519PrivateKey,
   readPublicKeyComment
 } from "./chunk-ION3CWD5.js";
 import {
-  Mi,
-  Mn,
-  br,
-  dt,
-  le,
-  qn,
-  ut,
-  ye
-} from "./chunk-WGF3SPIH.js";
+  checkSudoRejection,
+  isApesSelfDispatch,
+  notifyGrantPending
+} from "./chunk-3COOEDPF.js";
 import {
   GENERIC_OPERATION_ID,
   buildGenericResolved,
@@ -61,7 +51,7 @@ import {
   getAgentChallengeEndpoint,
   getDelegationsEndpoint,
   getGrantsEndpoint
-} from "./chunk-QJJ7DG5C.js";
+} from "./chunk-4KPKANZT.js";
 import {
   AUTH_FILE,
   CONFIG_DIR,
@@ -74,10 +64,9 @@ import {
   saveAuth,
   saveConfig
 } from "./chunk-OBF7IMQ2.js";
-import "./chunk-7OCVIDC7.js";
 
 // src/cli.ts
-import consola49 from "consola";
+import consola51 from "consola";
 
 // src/ape-shell.ts
 import path from "path";
@@ -107,7 +96,7 @@ function rewriteApeShellArgs(argv, argv0) {
 }
 
 // src/cli.ts
-import { defineCommand as defineCommand60, runMain } from "citty";
+import { defineCommand as defineCommand63, runMain } from "citty";
 
 // src/commands/auth/login.ts
 import { Buffer as Buffer2 } from "buffer";
@@ -393,9 +382,9 @@ async function loginWithPKCE(idp) {
   consola2.success(`Logged in as ${payload.email || payload.sub}`);
 }
 async function loginWithKey(idp, keyPath, agentEmail) {
-  const { readFileSync: readFileSync15 } = await import("fs");
+  const { readFileSync: readFileSync17 } = await import("fs");
   const { sign: sign3 } = await import("crypto");
-  const { loadEd25519PrivateKey: loadEd25519PrivateKey2 } = await import("./ssh-key-6X3YZXSD.js");
+  const { loadEd25519PrivateKey: loadEd25519PrivateKey2 } = await import("./ssh-key-YBNNG5K5.js");
   const challengeUrl = await getAgentChallengeEndpoint(idp);
   const challengeResp = await fetch(challengeUrl, {
     method: "POST",
@@ -406,7 +395,7 @@ async function loginWithKey(idp, keyPath, agentEmail) {
     throw new CliError(`Challenge failed: ${await challengeResp.text()}`);
   }
   const { challenge } = await challengeResp.json();
-  const keyContent = readFileSync15(keyPath, "utf-8");
+  const keyContent = readFileSync17(keyPath, "utf-8");
   const privateKey = loadEd25519PrivateKey2(keyContent);
   const signature = sign3(null, Buffer2.from(challenge), privateKey).toString("base64");
   const authenticateUrl = await getAgentAuthenticateEndpoint(idp);
@@ -774,7 +763,7 @@ async function waitForApproval(grantsUrl, grantId) {
     if (grant.status === "revoked") {
       throw new CliError("Grant revoked.");
     }
-    await new Promise((r3) => setTimeout(r3, interval));
+    await new Promise((r) => setTimeout(r, interval));
   }
   throw new CliError("Timed out waiting for approval.");
 }
@@ -1122,12 +1111,12 @@ var revokeCommand = defineCommand11({
       { method: "POST", body: { operations }, token }
     );
     let succeeded = 0;
-    for (const r3 of results) {
-      if (r3.success) {
-        consola11.success(`Grant ${r3.id} revoked.`);
+    for (const r of results) {
+      if (r.success) {
+        consola11.success(`Grant ${r.id} revoked.`);
         succeeded++;
       } else {
-        consola11.error(`Grant ${r3.id}: ${r3.error?.title || "Failed"}`);
+        consola11.error(`Grant ${r.id}: ${r.error?.title || "Failed"}`);
       }
     }
     if (succeeded < results.length) {
@@ -1147,32 +1136,32 @@ import consola12 from "consola";
 function getPollIntervalSeconds() {
   const envValue = process.env.APES_GRANT_POLL_INTERVAL;
   if (envValue) {
-    const n2 = Number(envValue);
-    if (Number.isFinite(n2) && n2 > 0)
-      return Math.floor(n2);
+    const n = Number(envValue);
+    if (Number.isFinite(n) && n > 0)
+      return Math.floor(n);
   }
   const cfg = loadConfig();
   const cfgValue = cfg.defaults?.grant_poll_interval_seconds;
   if (cfgValue) {
-    const n2 = Number(cfgValue);
-    if (Number.isFinite(n2) && n2 > 0)
-      return Math.floor(n2);
+    const n = Number(cfgValue);
+    if (Number.isFinite(n) && n > 0)
+      return Math.floor(n);
   }
   return 10;
 }
 function getPollMaxMinutes() {
   const envValue = process.env.APES_GRANT_POLL_MAX_MINUTES;
   if (envValue) {
-    const n2 = Number(envValue);
-    if (Number.isFinite(n2) && n2 > 0)
-      return Math.floor(n2);
+    const n = Number(envValue);
+    if (Number.isFinite(n) && n > 0)
+      return Math.floor(n);
   }
   const cfg = loadConfig();
   const cfgValue = cfg.defaults?.grant_poll_max_minutes;
   if (cfgValue) {
-    const n2 = Number(cfgValue);
-    if (Number.isFinite(n2) && n2 > 0)
-      return Math.floor(n2);
+    const n = Number(cfgValue);
+    if (Number.isFinite(n) && n > 0)
+      return Math.floor(n);
   }
   return 5;
 }
@@ -1189,7 +1178,7 @@ async function pollGrantUntilResolved(idp, grantId) {
       return { kind: "approved" };
     if (grant.status === "denied" || grant.status === "revoked" || grant.status === "used")
       return { kind: "terminal", status: grant.status };
-    await new Promise((r3) => setTimeout(r3, intervalMs));
+    await new Promise((r) => setTimeout(r, intervalMs));
   }
   return { kind: "timeout" };
 }
@@ -1769,742 +1758,216 @@ var adminCommand = defineCommand19({
   }
 });
 
-// src/commands/agents/index.ts
-import { defineCommand as defineCommand28 } from "citty";
+// src/commands/agent/index.ts
+import { defineCommand as defineCommand21 } from "citty";
 
-// src/commands/agents/allow.ts
-import { execFileSync as execFileSync4 } from "child_process";
+// src/commands/agent/deploy.ts
+import { ensureFreshIdpAuth } from "@openape/cli-auth";
 import { defineCommand as defineCommand20 } from "citty";
 import consola18 from "consola";
 
-// src/lib/agent-bootstrap.ts
-import { Buffer as Buffer3 } from "buffer";
-import { execFileSync as execFileSync2 } from "child_process";
-import { createPrivateKey, sign } from "crypto";
-import { rmSync } from "fs";
-
-// ../../node_modules/.pnpm/ofetch@1.5.1/node_modules/ofetch/dist/node.mjs
-import http from "http";
-import https from "https";
-
-// ../../node_modules/.pnpm/node-fetch-native@1.6.7/node_modules/node-fetch-native/dist/index.mjs
-import "http";
-import "https";
-import "zlib";
-import "stream";
-import "buffer";
-import "util";
-import "url";
-import "net";
-import "fs";
-import "path";
-var o = !!globalThis.process?.env?.FORCE_NODE_FETCH;
-var r = !o && globalThis.fetch || Mi;
-var p = !o && globalThis.Blob || ut;
-var F = !o && globalThis.File || qn;
-var h = !o && globalThis.FormData || br;
-var n = !o && globalThis.Headers || ye;
-var c = !o && globalThis.Request || dt;
-var R = !o && globalThis.Response || le;
-var T = !o && globalThis.AbortController || Mn;
-
-// ../../node_modules/.pnpm/destr@2.0.5/node_modules/destr/dist/index.mjs
-var suspectProtoRx = /"(?:_|\\u0{2}5[Ff]){2}(?:p|\\u0{2}70)(?:r|\\u0{2}72)(?:o|\\u0{2}6[Ff])(?:t|\\u0{2}74)(?:o|\\u0{2}6[Ff])(?:_|\\u0{2}5[Ff]){2}"\s*:/;
-var suspectConstructorRx = /"(?:c|\\u0063)(?:o|\\u006[Ff])(?:n|\\u006[Ee])(?:s|\\u0073)(?:t|\\u0074)(?:r|\\u0072)(?:u|\\u0075)(?:c|\\u0063)(?:t|\\u0074)(?:o|\\u006[Ff])(?:r|\\u0072)"\s*:/;
-var JsonSigRx = /^\s*["[{]|^\s*-?\d{1,16}(\.\d{1,17})?([Ee][+-]?\d+)?\s*$/;
-function jsonParseTransform(key, value) {
-  if (key === "__proto__" || key === "constructor" && value && typeof value === "object" && "prototype" in value) {
-    warnKeyDropped(key);
-    return;
-  }
-  return value;
-}
-function warnKeyDropped(key) {
-  console.warn(`[destr] Dropping "${key}" key to prevent prototype pollution.`);
-}
-function destr(value, options = {}) {
-  if (typeof value !== "string") {
-    return value;
-  }
-  if (value[0] === '"' && value[value.length - 1] === '"' && value.indexOf("\\") === -1) {
-    return value.slice(1, -1);
-  }
-  const _value = value.trim();
-  if (_value.length <= 9) {
-    switch (_value.toLowerCase()) {
-      case "true": {
-        return true;
-      }
-      case "false": {
-        return false;
-      }
-      case "undefined": {
-        return void 0;
-      }
-      case "null": {
-        return null;
-      }
-      case "nan": {
-        return Number.NaN;
-      }
-      case "infinity": {
-        return Number.POSITIVE_INFINITY;
-      }
-      case "-infinity": {
-        return Number.NEGATIVE_INFINITY;
-      }
-    }
-  }
-  if (!JsonSigRx.test(value)) {
-    if (options.strict) {
-      throw new SyntaxError("[destr] Invalid JSON");
-    }
-    return value;
+// src/lib/troop-client.ts
+var DEFAULT_TROOP_URL = "https://troop.openape.ai";
+var TroopClient = class {
+  constructor(troopUrl, agentJwt) {
+    this.troopUrl = troopUrl;
+    this.agentJwt = agentJwt;
   }
-  try {
-    if (suspectProtoRx.test(value) || suspectConstructorRx.test(value)) {
-      if (options.strict) {
-        throw new Error("[destr] Possible prototype pollution");
+  troopUrl;
+  agentJwt;
+  async request(path2, init) {
+    const res = await fetch(`${this.troopUrl}${path2}`, {
+      ...init,
+      headers: {
+        ...init?.headers ?? {},
+        "Authorization": `Bearer ${this.agentJwt}`,
+        "Content-Type": "application/json"
       }
-      return JSON.parse(value, jsonParseTransform);
-    }
-    return JSON.parse(value);
-  } catch (error) {
-    if (options.strict) {
-      throw error;
-    }
-    return value;
-  }
-}
-
-// ../../node_modules/.pnpm/ufo@1.6.3/node_modules/ufo/dist/index.mjs
-var r2 = String.fromCharCode;
-var HASH_RE = /#/g;
-var AMPERSAND_RE = /&/g;
-var SLASH_RE = /\//g;
-var EQUAL_RE = /=/g;
-var PLUS_RE = /\+/g;
-var ENC_CARET_RE = /%5e/gi;
-var ENC_BACKTICK_RE = /%60/gi;
-var ENC_PIPE_RE = /%7c/gi;
-var ENC_SPACE_RE = /%20/gi;
-function encode(text) {
-  return encodeURI("" + text).replace(ENC_PIPE_RE, "|");
-}
-function encodeQueryValue(input) {
-  return encode(typeof input === "string" ? input : JSON.stringify(input)).replace(PLUS_RE, "%2B").replace(ENC_SPACE_RE, "+").replace(HASH_RE, "%23").replace(AMPERSAND_RE, "%26").replace(ENC_BACKTICK_RE, "`").replace(ENC_CARET_RE, "^").replace(SLASH_RE, "%2F");
-}
-function encodeQueryKey(text) {
-  return encodeQueryValue(text).replace(EQUAL_RE, "%3D");
-}
-function decode(text = "") {
-  try {
-    return decodeURIComponent("" + text);
-  } catch {
-    return "" + text;
-  }
-}
-function decodeQueryKey(text) {
-  return decode(text.replace(PLUS_RE, " "));
-}
-function decodeQueryValue(text) {
-  return decode(text.replace(PLUS_RE, " "));
-}
-function parseQuery(parametersString = "") {
-  const object = /* @__PURE__ */ Object.create(null);
-  if (parametersString[0] === "?") {
-    parametersString = parametersString.slice(1);
-  }
-  for (const parameter of parametersString.split("&")) {
-    const s = parameter.match(/([^=]+)=?(.*)/) || [];
-    if (s.length < 2) {
-      continue;
-    }
-    const key = decodeQueryKey(s[1]);
-    if (key === "__proto__" || key === "constructor") {
-      continue;
-    }
-    const value = decodeQueryValue(s[2] || "");
-    if (object[key] === void 0) {
-      object[key] = value;
-    } else if (Array.isArray(object[key])) {
-      object[key].push(value);
-    } else {
-      object[key] = [object[key], value];
-    }
-  }
-  return object;
-}
-function encodeQueryItem(key, value) {
-  if (typeof value === "number" || typeof value === "boolean") {
-    value = String(value);
-  }
-  if (!value) {
-    return encodeQueryKey(key);
-  }
-  if (Array.isArray(value)) {
-    return value.map(
-      (_value) => `${encodeQueryKey(key)}=${encodeQueryValue(_value)}`
-    ).join("&");
-  }
-  return `${encodeQueryKey(key)}=${encodeQueryValue(value)}`;
-}
-function stringifyQuery(query) {
-  return Object.keys(query).filter((k) => query[k] !== void 0).map((k) => encodeQueryItem(k, query[k])).filter(Boolean).join("&");
-}
-var PROTOCOL_STRICT_REGEX = /^[\s\w\0+.-]{2,}:([/\\]{1,2})/;
-var PROTOCOL_REGEX = /^[\s\w\0+.-]{2,}:([/\\]{2})?/;
-var PROTOCOL_RELATIVE_REGEX = /^([/\\]\s*){2,}[^/\\]/;
-var TRAILING_SLASH_RE = /\/$|\/\?|\/#/;
-var JOIN_LEADING_SLASH_RE = /^\.?\//;
-function hasProtocol(inputString, opts = {}) {
-  if (typeof opts === "boolean") {
-    opts = { acceptRelative: opts };
-  }
-  if (opts.strict) {
-    return PROTOCOL_STRICT_REGEX.test(inputString);
-  }
-  return PROTOCOL_REGEX.test(inputString) || (opts.acceptRelative ? PROTOCOL_RELATIVE_REGEX.test(inputString) : false);
-}
-function hasTrailingSlash(input = "", respectQueryAndFragment) {
-  if (!respectQueryAndFragment) {
-    return input.endsWith("/");
-  }
-  return TRAILING_SLASH_RE.test(input);
-}
-function withoutTrailingSlash(input = "", respectQueryAndFragment) {
-  if (!respectQueryAndFragment) {
-    return (hasTrailingSlash(input) ? input.slice(0, -1) : input) || "/";
-  }
-  if (!hasTrailingSlash(input, true)) {
-    return input || "/";
-  }
-  let path2 = input;
-  let fragment = "";
-  const fragmentIndex = input.indexOf("#");
-  if (fragmentIndex !== -1) {
-    path2 = input.slice(0, fragmentIndex);
-    fragment = input.slice(fragmentIndex);
-  }
-  const [s0, ...s] = path2.split("?");
-  const cleanPath = s0.endsWith("/") ? s0.slice(0, -1) : s0;
-  return (cleanPath || "/") + (s.length > 0 ? `?${s.join("?")}` : "") + fragment;
-}
-function withTrailingSlash(input = "", respectQueryAndFragment) {
-  if (!respectQueryAndFragment) {
-    return input.endsWith("/") ? input : input + "/";
-  }
-  if (hasTrailingSlash(input, true)) {
-    return input || "/";
-  }
-  let path2 = input;
-  let fragment = "";
-  const fragmentIndex = input.indexOf("#");
-  if (fragmentIndex !== -1) {
-    path2 = input.slice(0, fragmentIndex);
-    fragment = input.slice(fragmentIndex);
-    if (!path2) {
-      return fragment;
-    }
-  }
-  const [s0, ...s] = path2.split("?");
-  return s0 + "/" + (s.length > 0 ? `?${s.join("?")}` : "") + fragment;
-}
-function withBase(input, base) {
-  if (isEmptyURL(base) || hasProtocol(input)) {
-    return input;
-  }
-  const _base = withoutTrailingSlash(base);
-  if (input.startsWith(_base)) {
-    const nextChar = input[_base.length];
-    if (!nextChar || nextChar === "/" || nextChar === "?") {
-      return input;
-    }
-  }
-  return joinURL(_base, input);
-}
-function withQuery(input, query) {
-  const parsed = parseURL(input);
-  const mergedQuery = { ...parseQuery(parsed.search), ...query };
-  parsed.search = stringifyQuery(mergedQuery);
-  return stringifyParsedURL(parsed);
-}
-function isEmptyURL(url) {
-  return !url || url === "/";
-}
-function isNonEmptyURL(url) {
-  return url && url !== "/";
-}
-function joinURL(base, ...input) {
-  let url = base || "";
-  for (const segment of input.filter((url2) => isNonEmptyURL(url2))) {
-    if (url) {
-      const _segment = segment.replace(JOIN_LEADING_SLASH_RE, "");
-      url = withTrailingSlash(url) + _segment;
-    } else {
-      url = segment;
+    });
+    if (!res.ok) {
+      const text = await res.text().catch(() => "");
+      throw new Error(`troop ${init?.method ?? "GET"} ${path2} failed: ${res.status} ${text}`);
     }
+    if (res.status === 204) return void 0;
+    return await res.json();
   }
-  return url;
-}
-var protocolRelative = /* @__PURE__ */ Symbol.for("ufo:protocolRelative");
-function parseURL(input = "", defaultProto) {
-  const _specialProtoMatch = input.match(
-    /^[\s\0]*(blob:|data:|javascript:|vbscript:)(.*)/i
-  );
-  if (_specialProtoMatch) {
-    const [, _proto, _pathname = ""] = _specialProtoMatch;
-    return {
-      protocol: _proto.toLowerCase(),
-      pathname: _pathname,
-      href: _proto + _pathname,
-      auth: "",
-      host: "",
-      search: "",
-      hash: ""
-    };
-  }
-  if (!hasProtocol(input, { acceptRelative: true })) {
-    return defaultProto ? parseURL(defaultProto + input) : parsePath(input);
-  }
-  const [, protocol = "", auth, hostAndPath = ""] = input.replace(/\\/g, "/").match(/^[\s\0]*([\w+.-]{2,}:)?\/\/([^/@]+@)?(.*)/) || [];
-  let [, host = "", path2 = ""] = hostAndPath.match(/([^#/?]*)(.*)?/) || [];
-  if (protocol === "file:") {
-    path2 = path2.replace(/\/(?=[A-Za-z]:)/, "");
+  sync(input) {
+    return this.request("/api/agents/me/sync", {
+      method: "POST",
+      body: JSON.stringify({
+        hostname: input.hostname,
+        host_id: input.hostId,
+        owner_email: input.ownerEmail,
+        ...input.pubkeySsh ? { pubkey_ssh: input.pubkeySsh } : {}
+      })
+    });
   }
-  const { pathname, search, hash } = parsePath(path2);
-  return {
-    protocol: protocol.toLowerCase(),
-    auth: auth ? auth.slice(0, Math.max(0, auth.length - 1)) : "",
-    host,
-    pathname,
-    search,
-    hash,
-    [protocolRelative]: !protocol
-  };
-}
-function parsePath(input = "") {
-  const [pathname = "", search = "", hash = ""] = (input.match(/([^#?]*)(\?[^#]*)?(#.*)?/) || []).splice(1);
-  return {
-    pathname,
-    search,
-    hash
-  };
-}
-function stringifyParsedURL(parsed) {
-  const pathname = parsed.pathname || "";
-  const search = parsed.search ? (parsed.search.startsWith("?") ? "" : "?") + parsed.search : "";
-  const hash = parsed.hash || "";
-  const auth = parsed.auth ? parsed.auth + "@" : "";
-  const host = parsed.host || "";
-  const proto = parsed.protocol || parsed[protocolRelative] ? (parsed.protocol || "") + "//" : "";
-  return proto + auth + host + pathname + search + hash;
-}
-
-// ../../node_modules/.pnpm/ofetch@1.5.1/node_modules/ofetch/dist/shared/ofetch.CWycOUEr.mjs
-var FetchError = class extends Error {
-  constructor(message, opts) {
-    super(message, opts);
-    this.name = "FetchError";
-    if (opts?.cause && !this.cause) {
-      this.cause = opts.cause;
-    }
+  listTasks() {
+    return this.request("/api/agents/me/tasks");
   }
-};
-function createFetchError(ctx) {
-  const errorMessage = ctx.error?.message || ctx.error?.toString() || "";
-  const method = ctx.request?.method || ctx.options?.method || "GET";
-  const url = ctx.request?.url || String(ctx.request) || "/";
-  const requestStr = `[${method}] ${JSON.stringify(url)}`;
-  const statusStr = ctx.response ? `${ctx.response.status} ${ctx.response.statusText}` : "<no response>";
-  const message = `${requestStr}: ${statusStr}${errorMessage ? ` ${errorMessage}` : ""}`;
-  const fetchError = new FetchError(
-    message,
-    ctx.error ? { cause: ctx.error } : void 0
-  );
-  for (const key of ["request", "options", "response"]) {
-    Object.defineProperty(fetchError, key, {
-      get() {
-        return ctx[key];
-      }
+  startRun(taskId) {
+    return this.request("/api/agents/me/runs", {
+      method: "POST",
+      body: JSON.stringify({ task_id: taskId })
     });
   }
-  for (const [key, refKey] of [
-    ["data", "_data"],
-    ["status", "status"],
-    ["statusCode", "status"],
-    ["statusText", "statusText"],
-    ["statusMessage", "statusText"]
-  ]) {
-    Object.defineProperty(fetchError, key, {
-      get() {
-        return ctx.response && ctx.response[refKey];
-      }
+  finaliseRun(id, payload) {
+    return this.request(`/api/agents/me/runs/${id}`, {
+      method: "PATCH",
+      body: JSON.stringify(payload)
     });
   }
-  return fetchError;
-}
-var payloadMethods = new Set(
-  Object.freeze(["PATCH", "POST", "PUT", "DELETE"])
-);
-function isPayloadMethod(method = "GET") {
-  return payloadMethods.has(method.toUpperCase());
+};
+function resolveTroopUrl(override) {
+  if (override) return override.replace(/\/$/, "");
+  const fromEnv = process.env.OPENAPE_TROOP_URL;
+  if (fromEnv) return fromEnv.replace(/\/$/, "");
+  return DEFAULT_TROOP_URL;
 }
-function isJSONSerializable(value) {
-  if (value === void 0) {
-    return false;
-  }
-  const t = typeof value;
-  if (t === "string" || t === "number" || t === "boolean" || t === null) {
-    return true;
-  }
-  if (t !== "object") {
-    return false;
-  }
-  if (Array.isArray(value)) {
-    return true;
-  }
-  if (value.buffer) {
-    return false;
-  }
-  if (value instanceof FormData || value instanceof URLSearchParams) {
-    return false;
+
+// src/commands/agent/deploy.ts
+function parseKeyValues(pairs) {
+  const out = {};
+  for (const p of pairs) {
+    const eq = p.indexOf("=");
+    if (eq <= 0) throw new CliError(`bad key=value pair: "${p}" (expected KEY=value)`);
+    out[p.slice(0, eq)] = p.slice(eq + 1);
   }
-  return value.constructor && value.constructor.name === "Object" || typeof value.toJSON === "function";
+  return out;
 }
-var textTypes = /* @__PURE__ */ new Set([
-  "image/svg",
-  "application/xml",
-  "application/xhtml",
-  "application/html"
-]);
-var JSON_RE = /^application\/(?:[\w!#$%&*.^`~-]*\+)?json(;.+)?$/i;
-function detectResponseType(_contentType = "") {
-  if (!_contentType) {
-    return "json";
-  }
-  const contentType = _contentType.split(";").shift() || "";
-  if (JSON_RE.test(contentType)) {
-    return "json";
-  }
-  if (contentType === "text/event-stream") {
-    return "stream";
-  }
-  if (textTypes.has(contentType) || contentType.startsWith("text/")) {
-    return "text";
-  }
-  return "blob";
+function missingCapabilities(required, provided) {
+  return required.filter((env) => !(env in provided));
 }
-function resolveFetchOptions(request, input, defaults, Headers2) {
-  const headers = mergeHeaders(
-    input?.headers ?? request?.headers,
-    defaults?.headers,
-    Headers2
-  );
-  let query;
-  if (defaults?.query || defaults?.params || input?.params || input?.query) {
-    query = {
-      ...defaults?.params,
-      ...defaults?.query,
-      ...input?.params,
-      ...input?.query
-    };
-  }
-  return {
-    ...defaults,
-    ...input,
-    query,
-    params: query,
-    headers
-  };
+function asArray(v) {
+  if (Array.isArray(v)) return v;
+  if (typeof v === "string" && v.length > 0) return [v];
+  return [];
 }
-function mergeHeaders(input, defaults, Headers2) {
-  if (!defaults) {
-    return new Headers2(input);
-  }
-  const headers = new Headers2(defaults);
-  if (input) {
-    for (const [key, value] of Symbol.iterator in input || Array.isArray(input) ? input : new Headers2(input)) {
-      headers.set(key, value);
-    }
+async function api(url, token, init) {
+  const res = await fetch(url, {
+    ...init,
+    headers: { "Authorization": `Bearer ${token}`, "Content-Type": "application/json", ...init?.headers }
+  });
+  if (!res.ok) {
+    const body = await res.text().catch(() => "");
+    throw new CliError(`${init?.method ?? "GET"} ${url} \u2192 HTTP ${res.status}${body ? `: ${body.slice(0, 300)}` : ""}`);
   }
-  return headers;
+  return res.json();
 }
-async function callHooks(context, hooks) {
-  if (hooks) {
-    if (Array.isArray(hooks)) {
-      for (const hook of hooks) {
-        await hook(context);
-      }
-    } else {
-      await hooks(context);
-    }
-  }
-}
-var retryStatusCodes = /* @__PURE__ */ new Set([
-  408,
-  // Request Timeout
-  409,
-  // Conflict
-  425,
-  // Too Early (Experimental)
-  429,
-  // Too Many Requests
-  500,
-  // Internal Server Error
-  502,
-  // Bad Gateway
-  503,
-  // Service Unavailable
-  504
-  // Gateway Timeout
-]);
-var nullBodyResponses = /* @__PURE__ */ new Set([101, 204, 205, 304]);
-function createFetch(globalOptions = {}) {
-  const {
-    fetch: fetch3 = globalThis.fetch,
-    Headers: Headers2 = globalThis.Headers,
-    AbortController: AbortController3 = globalThis.AbortController
-  } = globalOptions;
-  async function onError(context) {
-    const isAbort = context.error && context.error.name === "AbortError" && !context.options.timeout || false;
-    if (context.options.retry !== false && !isAbort) {
-      let retries;
-      if (typeof context.options.retry === "number") {
-        retries = context.options.retry;
-      } else {
-        retries = isPayloadMethod(context.options.method) ? 0 : 1;
-      }
-      const responseCode = context.response && context.response.status || 500;
-      if (retries > 0 && (Array.isArray(context.options.retryStatusCodes) ? context.options.retryStatusCodes.includes(responseCode) : retryStatusCodes.has(responseCode))) {
-        const retryDelay = typeof context.options.retryDelay === "function" ? context.options.retryDelay(context) : context.options.retryDelay || 0;
-        if (retryDelay > 0) {
-          await new Promise((resolve4) => setTimeout(resolve4, retryDelay));
-        }
-        return $fetchRaw(context.request, {
-          ...context.options,
-          retry: retries - 1
-        });
-      }
-    }
-    const error = createFetchError(context);
-    if (Error.captureStackTrace) {
-      Error.captureStackTrace(error, $fetchRaw);
-    }
-    throw error;
-  }
-  const $fetchRaw = async function $fetchRaw2(_request, _options = {}) {
-    const context = {
-      request: _request,
-      options: resolveFetchOptions(
-        _request,
-        _options,
-        globalOptions.defaults,
-        Headers2
-      ),
-      response: void 0,
-      error: void 0
-    };
-    if (context.options.method) {
-      context.options.method = context.options.method.toUpperCase();
-    }
-    if (context.options.onRequest) {
-      await callHooks(context, context.options.onRequest);
-      if (!(context.options.headers instanceof Headers2)) {
-        context.options.headers = new Headers2(
-          context.options.headers || {}
-          /* compat */
-        );
-      }
-    }
-    if (typeof context.request === "string") {
-      if (context.options.baseURL) {
-        context.request = withBase(context.request, context.options.baseURL);
-      }
-      if (context.options.query) {
-        context.request = withQuery(context.request, context.options.query);
-        delete context.options.query;
-      }
-      if ("query" in context.options) {
-        delete context.options.query;
-      }
-      if ("params" in context.options) {
-        delete context.options.params;
+var sleep = (ms) => new Promise((r) => setTimeout(r, ms));
+var deployAgentCommand = defineCommand20({
+  meta: { name: "deploy", description: "Deploy an Agent Recipe (<repo>@<ref>) in one step" },
+  args: {
+    repo: { type: "positional", description: "Recipe repo + pinned ref, e.g. github.com/owner/name@v1.0.0" },
+    param: { type: "string", description: "Recipe param, KEY=value (repeatable)" },
+    secret: { type: "string", description: "Capability secret, ENV=value (repeatable; else prompted)" },
+    "host-id": { type: "string", description: "Target nest host_id (default: first connected)" },
+    json: { type: "boolean", description: "Machine-readable output, no prompts" }
+  },
+  async run({ args }) {
+    const repoRef = args.repo;
+    if (!repoRef) throw new CliError("usage: apes agent deploy <repo>@<ref> [--param k=v] [--secret ENV=val]");
+    const params = parseKeyValues(asArray(args.param));
+    const secrets = parseKeyValues(asArray(args.secret));
+    const json = !!args.json;
+    const token = (await ensureFreshIdpAuth()).access_token;
+    const troop = resolveTroopUrl();
+    const deploy = await api(`${troop}/api/agents/recipe-deploy`, token, {
+      method: "POST",
+      body: JSON.stringify({
+        repo_ref: repoRef,
+        params,
+        ...args["host-id"] ? { host_id: args["host-id"] } : {}
+      })
+    });
+    if (!json) {
+      consola18.success(`Deploying ${deploy.agent_name} from ${repoRef} (ref ${deploy.ref})`);
+      consola18.info(`Schedules: ${deploy.schedules.map((s) => `${s.task_id}=${s.cron}`).join(", ") || "none"}`);
+    }
+    const missing = missingCapabilities(deploy.required_capabilities, secrets);
+    if (missing.length > 0) {
+      if (json) {
+        throw new CliError(`missing required capability secrets: ${missing.join(", ")} (pass via --secret in --json mode)`);
       }
-    }
-    if (context.options.body && isPayloadMethod(context.options.method)) {
-      if (isJSONSerializable(context.options.body)) {
-        const contentType = context.options.headers.get("content-type");
-        if (typeof context.options.body !== "string") {
-          context.options.body = contentType === "application/x-www-form-urlencoded" ? new URLSearchParams(
-            context.options.body
-          ).toString() : JSON.stringify(context.options.body);
-        }
-        if (!contentType) {
-          context.options.headers.set("content-type", "application/json");
-        }
-        if (!context.options.headers.has("accept")) {
-          context.options.headers.set("accept", "application/json");
-        }
-      } else if (
-        // ReadableStream Body
-        "pipeTo" in context.options.body && typeof context.options.body.pipeTo === "function" || // Node.js Stream Body
-        typeof context.options.body.pipe === "function"
-      ) {
-        if (!("duplex" in context.options)) {
-          context.options.duplex = "half";
-        }
+      for (const env of missing) {
+        const val = await consola18.prompt(`Secret value for ${env}:`, { type: "text" });
+        if (typeof val !== "string" || val.length === 0) throw new CliError(`no value provided for ${env} \u2014 aborting`);
+        secrets[env] = val;
       }
     }
-    let abortTimeout;
-    if (!context.options.signal && context.options.timeout) {
-      const controller = new AbortController3();
-      abortTimeout = setTimeout(() => {
-        const error = new Error(
-          "[TimeoutError]: The operation was aborted due to timeout"
-        );
-        error.name = "TimeoutError";
-        error.code = 23;
-        controller.abort(error);
-      }, context.options.timeout);
-      context.options.signal = controller.signal;
-    }
-    try {
-      context.response = await fetch3(
-        context.request,
-        context.options
-      );
-    } catch (error) {
-      context.error = error;
-      if (context.options.onRequestError) {
-        await callHooks(
-          context,
-          context.options.onRequestError
+    if (deploy.required_capabilities.length > 0) {
+      if (!json) consola18.start("Waiting for the agent to come online\u2026");
+      let online = false;
+      for (let i = 0; i < 90 && !online; i++) {
+        const st = await api(
+          `${troop}/api/agents/spawn-intent/${deploy.intent_id}`,
+          token
         );
-      }
-      return await onError(context);
-    } finally {
-      if (abortTimeout) {
-        clearTimeout(abortTimeout);
-      }
-    }
-    const hasBody = (context.response.body || // https://github.com/unjs/ofetch/issues/324
-    // https://github.com/unjs/ofetch/issues/294
-    // https://github.com/JakeChampion/fetch/issues/1454
-    context.response._bodyInit) && !nullBodyResponses.has(context.response.status) && context.options.method !== "HEAD";
-    if (hasBody) {
-      const responseType = (context.options.parseResponse ? "json" : context.options.responseType) || detectResponseType(context.response.headers.get("content-type") || "");
-      switch (responseType) {
-        case "json": {
-          const data = await context.response.text();
-          const parseFunction = context.options.parseResponse || destr;
-          context.response._data = parseFunction(data);
-          break;
-        }
-        case "stream": {
-          context.response._data = context.response.body || context.response._bodyInit;
+        if (!st.pending) {
+          if (!st.ok) throw new CliError(`spawn failed: ${st.error ?? "unknown error"}`);
+          online = true;
           break;
         }
-        default: {
-          context.response._data = await context.response[responseType]();
-        }
+        await sleep(2e3);
       }
-    }
-    if (context.options.onResponse) {
-      await callHooks(
-        context,
-        context.options.onResponse
-      );
-    }
-    if (!context.options.ignoreResponseError && context.response.status >= 400 && context.response.status < 600) {
-      if (context.options.onResponseError) {
-        await callHooks(
-          context,
-          context.options.onResponseError
-        );
+      if (!online) throw new CliError("timed out waiting for the agent to spawn \u2014 bind secrets later with `apes agent secret`");
+      for (const [env, value] of Object.entries(secrets)) {
+        let bound = false;
+        for (let i = 0; i < 60 && !bound; i++) {
+          try {
+            await api(`${troop}/api/agents/${deploy.agent_name}/secrets/${env}`, token, {
+              method: "PUT",
+              body: JSON.stringify({ value })
+            });
+            bound = true;
+          } catch (e) {
+            if (i === 59) throw e;
+            await sleep(3e3);
+          }
+        }
+        if (!json) consola18.success(`Bound ${env}`);
       }
-      return await onError(context);
-    }
-    return context.response;
-  };
-  const $fetch = async function $fetch2(request, options) {
-    const r3 = await $fetchRaw(request, options);
-    return r3._data;
-  };
-  $fetch.raw = $fetchRaw;
-  $fetch.native = (...args) => fetch3(...args);
-  $fetch.create = (defaultOptions = {}, customGlobalOptions = {}) => createFetch({
-    ...globalOptions,
-    ...customGlobalOptions,
-    defaults: {
-      ...globalOptions.defaults,
-      ...customGlobalOptions.defaults,
-      ...defaultOptions
     }
-  });
-  return $fetch;
-}
-
-// ../../node_modules/.pnpm/ofetch@1.5.1/node_modules/ofetch/dist/node.mjs
-function createNodeFetch() {
-  const useKeepAlive = JSON.parse(process.env.FETCH_KEEP_ALIVE || "false");
-  if (!useKeepAlive) {
-    return r;
-  }
-  const agentOptions = { keepAlive: true };
-  const httpAgent = new http.Agent(agentOptions);
-  const httpsAgent = new https.Agent(agentOptions);
-  const nodeFetchOptions = {
-    agent(parsedURL) {
-      return parsedURL.protocol === "http:" ? httpAgent : httpsAgent;
+    if (json) {
+      consola18.log(JSON.stringify({
+        ok: true,
+        agent_name: deploy.agent_name,
+        ref: deploy.ref,
+        intent_id: deploy.intent_id,
+        schedules: deploy.schedules,
+        bound: Object.keys(secrets)
+      }));
+    } else {
+      consola18.success(`${deploy.agent_name} deployed. Schedules are live; secrets sealed to the agent.`);
     }
-  };
-  return function nodeFetchWithKeepAlive(input, init) {
-    return r(input, { ...nodeFetchOptions, ...init });
-  };
-}
-var fetch2 = globalThis.fetch ? (...args) => globalThis.fetch(...args) : createNodeFetch();
-var Headers = globalThis.Headers || n;
-var AbortController2 = globalThis.AbortController || T;
-var ofetch = createFetch({ fetch: fetch2, Headers, AbortController: AbortController2 });
-
-// ../cli-auth/dist/index.js
-var AuthError = class extends Error {
-  status;
-  hint;
-  constructor(status, message, hint) {
-    super(hint ? `${message}
-${hint}` : message);
-    this.name = "AuthError";
-    this.status = status;
-    this.hint = hint;
   }
-};
-var TOKEN_EXCHANGE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:token-exchange";
-var ACCESS_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:access_token";
-async function exchangeWithDelegation(req) {
-  const url = `${req.idp.replace(/\/$/, "")}/api/oauth/token-exchange`;
-  try {
-    return await ofetch(url, {
-      method: "POST",
-      body: {
-        grant_type: TOKEN_EXCHANGE_GRANT_TYPE,
-        actor_token: req.actorToken,
-        actor_token_type: ACCESS_TOKEN_TYPE,
-        ...req.subjectToken ? { subject_token: req.subjectToken, subject_token_type: ACCESS_TOKEN_TYPE } : {},
-        ...req.audience ? { audience: req.audience } : {},
-        ...req.delegationGrantId ? { delegation_grant_id: req.delegationGrantId } : {}
-      }
-    });
-  } catch (err) {
-    const status = err.status ?? err.statusCode ?? 0;
-    const data = err.data;
-    const title = data?.title ?? `Delegation token-exchange failed (HTTP ${status})`;
-    throw new AuthError(status, title, data?.detail);
+});
+
+// src/commands/agent/index.ts
+var agentCommand = defineCommand21({
+  meta: {
+    name: "agent",
+    description: "Agent Recipe operations (deploy)"
+  },
+  subCommands: {
+    deploy: deployAgentCommand
   }
-}
+});
+
+// src/commands/agents/index.ts
+import { defineCommand as defineCommand31 } from "citty";
+
+// src/commands/agents/allow.ts
+import { execFileSync as execFileSync4 } from "child_process";
+import { defineCommand as defineCommand22 } from "citty";
+import consola19 from "consola";
 
 // src/lib/agent-bootstrap.ts
+import { Buffer as Buffer3 } from "buffer";
+import { execFileSync as execFileSync2 } from "child_process";
+import { createPrivateKey, sign } from "crypto";
+import { rmSync } from "fs";
+import { exchangeWithDelegation } from "@openape/cli-auth";
 var AGENT_NAME_REGEX = /^[a-z][a-z0-9-]{0,23}$/;
 var SSH_ED25519_PREFIX = "ssh-ed25519 ";
 var SSH_ED25519_REGEX = /^ssh-ed25519 [A-Za-z0-9+/=]+(\s.*)?$/;
@@ -2611,7 +2074,7 @@ ${content}
 ${SH_HEREDOC_DELIMITER}`;
 }
 function buildSpawnSetupScript(input) {
-  const { name, homeDir, shellPath } = input;
+  const { name, macOSUsername, homeDir, shellPath } = input;
   const privatePemForHeredoc = input.privateKeyPem.endsWith("\n") ? input.privateKeyPem : `${input.privateKeyPem}
 `;
   const claudeBlock = input.claudeSettingsJson && input.hookScriptSource ? `
@@ -2649,12 +2112,34 @@ set -euo pipefail
 export PATH="/usr/sbin:/usr/bin:/bin:/sbin:/opt/homebrew/bin:/usr/local/bin"
 
 NAME=${shQuote(name)}
+MACOS_USER=${shQuote(macOSUsername)}
 HOME_DIR=${shQuote(homeDir)}
 SHELL_PATH=${shQuote(shellPath)}
 
-if dscl . -read "/Users/$NAME" >/dev/null 2>&1; then
-  echo "User $NAME already exists; refusing to overwrite." >&2
-  exit 1
+# Tombstone-reuse: \`apes agents destroy\` leaves the dscl user
+# record behind (opendirectoryd refuses \`dscl . -delete\` from
+# escapes' setuid-root context without admin auth, so we accept the
+# stranded record as a harmless tombstone \u2014 see
+# runPhaseGTeardownInProcess). When the operator re-spawns with the
+# same name, we recycle the tombstone instead of refusing: if the
+# previously-recorded home dir is gone from disk (matching the
+# Phase-G teardown's \`rm -rf\`), we reuse the existing UID +
+# overwrite the home. If the home is still on disk it's a real,
+# live agent \u2014 refuse.
+TOMBSTONE_REUSE=0
+if dscl . -read "/Users/$MACOS_USER" >/dev/null 2>&1; then
+  EXISTING_HOME=$(dscl . -read "/Users/$MACOS_USER" NFSHomeDirectory 2>/dev/null | awk '/NFSHomeDirectory:/ {print $2}')
+  if [ -n "$EXISTING_HOME" ] && [ -d "$EXISTING_HOME" ]; then
+    echo "User $MACOS_USER already exists with a live home at $EXISTING_HOME; refusing to overwrite." >&2
+    exit 1
+  fi
+  NEXT_UID=$(dscl . -read "/Users/$MACOS_USER" UniqueID 2>/dev/null | awk '/UniqueID:/ {print $2}')
+  if [ -z "$NEXT_UID" ]; then
+    echo "User $MACOS_USER exists but has no UniqueID; record is malformed, refusing to recycle." >&2
+    exit 1
+  fi
+  echo "Recycling tombstone dscl record for $MACOS_USER (uid=$NEXT_UID, prior home $EXISTING_HOME \u2014 gone)"
+  TOMBSTONE_REUSE=1
 fi
 
 # Phase G: agent home dirs live under /var/openape/homes/, not
@@ -2663,49 +2148,66 @@ fi
 mkdir -p /var/openape/homes
 chmod 755 /var/openape/homes
 
-# Pick the next free UID in the [200, 500) hidden service-account range.
-# Starts the running max at 199 so an empty range yields 200 after the
-# floor check; otherwise NEXT_UID = max(existing in-range UIDs) + 1.
-NEXT_UID=199
-for uid in $(dscl . -list /Users UniqueID | awk '$2 >= 200 && $2 < 500 {print $2}'); do
-  if [ "$uid" -ge "$NEXT_UID" ]; then
-    NEXT_UID=$((uid + 1))
+if [ "$TOMBSTONE_REUSE" = "0" ]; then
+  # Pick the LOWEST free UID in the [200, 500) hidden service-account
+  # range. We must skip every occupied UID \u2014 agent users AND the many
+  # macOS system _* accounts \u2014 and reuse gaps. The old code took
+  # max(existing)+1, so a single agent landing on 499 wedged every
+  # future spawn ("No free UID") even with 100+ UIDs free. Now we scan
+  # for the first actually-unused UID.
+  OCCUPIED_UIDS=$(dscl . -list /Users UniqueID | awk '$2 >= 200 && $2 < 500 {print $2}' | sort -n -u)
+  NEXT_UID=""
+  candidate=200
+  while [ "$candidate" -lt 500 ]; do
+    if ! printf '%s
+' "$OCCUPIED_UIDS" | grep -qx "$candidate"; then
+      NEXT_UID=$candidate
+      break
+    fi
+    candidate=$((candidate + 1))
+  done
+  if [ -z "$NEXT_UID" ]; then
+    echo "No free UID in [200, 500) \u2014 refusing to clobber a real user." >&2
+    exit 1
   fi
-done
-if [ "$NEXT_UID" -lt 200 ]; then
-  NEXT_UID=200
-fi
-if [ "$NEXT_UID" -ge 500 ]; then
-  echo "No free UID in [200, 500) \u2014 refusing to clobber a real user." >&2
-  exit 1
+
+  dscl . -create "/Users/$MACOS_USER"
 fi
 
-dscl . -create "/Users/$NAME"
-dscl . -create "/Users/$NAME" UserShell "$SHELL_PATH"
-dscl . -create "/Users/$NAME" RealName "OpenApe Agent $NAME"
-dscl . -create "/Users/$NAME" UniqueID "$NEXT_UID"
-dscl . -create "/Users/$NAME" PrimaryGroupID 20
-dscl . -create "/Users/$NAME" NFSHomeDirectory "$HOME_DIR"
-dscl . -create "/Users/$NAME" IsHidden 1
+# Idempotent attribute writes \u2014 \`dscl . -create\` on an existing
+# property overwrites in place, so the tombstone-reuse path lands
+# the same end-state as a fresh create.
+dscl . -create "/Users/$MACOS_USER" UserShell "$SHELL_PATH"
+dscl . -create "/Users/$MACOS_USER" RealName "OpenApe Agent $NAME"
+dscl . -create "/Users/$MACOS_USER" UniqueID "$NEXT_UID"
+dscl . -create "/Users/$MACOS_USER" PrimaryGroupID 20
+dscl . -create "/Users/$MACOS_USER" NFSHomeDirectory "$HOME_DIR"
+dscl . -create "/Users/$MACOS_USER" IsHidden 1
 
 mkdir -p "$HOME_DIR/.ssh" "$HOME_DIR/.config/apes"
 
 cat > "$HOME_DIR/.ssh/id_ed25519" ${shHeredoc(privatePemForHeredoc.trimEnd())}
 cat > "$HOME_DIR/.ssh/id_ed25519.pub" ${shHeredoc(`${input.publicKeySshLine}`)}
 cat > "$HOME_DIR/.config/apes/auth.json" ${shHeredoc(input.authJson)}
+mkdir -p "$HOME_DIR/.config/openape"
+cat > "$HOME_DIR/.config/openape/agent-x25519.key" ${shHeredoc(input.x25519PrivateKey)}
+cat > "$HOME_DIR/.config/openape/agent-x25519.key.pub" ${shHeredoc(input.x25519PublicKey)}
 ${claudeBlock}${claudeTokenBlock}${buildBridgeBlock(input.bridge)}${buildTroopBlock(input.troop)}
-chown -R "$NAME:staff" "$HOME_DIR"
+chown -R "$MACOS_USER:staff" "$HOME_DIR"
 chmod 700 "$HOME_DIR/.ssh"
 chmod 700 "$HOME_DIR/.config"
+chmod 700 "$HOME_DIR/.config/openape"
 chmod 600 "$HOME_DIR/.ssh/id_ed25519"
 chmod 644 "$HOME_DIR/.ssh/id_ed25519.pub"
 chmod 600 "$HOME_DIR/.config/apes/auth.json"
+chmod 600 "$HOME_DIR/.config/openape/agent-x25519.key"
+chmod 644 "$HOME_DIR/.config/openape/agent-x25519.key.pub"
 if [ -f "$HOME_DIR/.config/openape/claude-token.env" ]; then
   chmod 700 "$HOME_DIR/.config/openape"
   chmod 600 "$HOME_DIR/.config/openape/claude-token.env"
 fi
 
-echo "OK $NAME uid=$NEXT_UID home=$HOME_DIR"
+echo "OK $NAME (macOS user $MACOS_USER) uid=$NEXT_UID home=$HOME_DIR"
 ${buildBridgeBootstrapBlock(input.bridge, name)}${buildTroopBootstrapBlock(input.troop, name)}`;
 }
 function buildBridgeBlock(bridge) {
@@ -2729,9 +2231,10 @@ function buildTroopBootstrapBlock(_troop, _name) {
 }
 function runPhaseGTeardownInProcess(input) {
   const { name, homeDir } = input;
+  const macOSUser = input.macOSUsername ?? name;
   let uid = null;
   try {
-    const out = execFileSync2("/usr/bin/dscl", [".", "-read", `/Users/${name}`, "UniqueID"], { encoding: "utf8" });
+    const out = execFileSync2("/usr/bin/dscl", [".", "-read", `/Users/${macOSUser}`, "UniqueID"], { encoding: "utf8" });
     const m = out.match(/UniqueID:\s*(\d+)/);
     if (m) uid = m[1];
   } catch {
@@ -2757,7 +2260,7 @@ function runPhaseGTeardownInProcess(input) {
     } catch {
     }
   }
-  console.log(`OK Phase-G teardown done for ${name} (dscl record kept as tombstone)`);
+  console.log(`OK Phase-G teardown done for ${name} (dscl record /Users/${macOSUser} kept as tombstone)`);
 }
 function buildDestroyTeardownScript(input) {
   const { name, homeDir, adminUser } = input;
@@ -2886,6 +2389,38 @@ import { existsSync as existsSync3, readFileSync as readFileSync2 } from "fs";
 function isDarwin() {
   return process.platform === "darwin";
 }
+var MACOS_USER_PREFIX = "openape-agent-";
+function macOSUsernameForAgent(agentName) {
+  return `${MACOS_USER_PREFIX}${agentName}`;
+}
+function lookupMacOSUserForAgent(agentName) {
+  return readMacOSUser(macOSUsernameForAgent(agentName)) ?? readMacOSUser(agentName);
+}
+function listOrphanedAgentRecords() {
+  if (!isDarwin()) return [];
+  let output;
+  try {
+    output = execFileSync3("dscl", [".", "-list", "/Users", "NFSHomeDirectory"], {
+      encoding: "utf-8",
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+  } catch {
+    return [];
+  }
+  const orphans = [];
+  for (const line of output.split("\n")) {
+    const parts = line.trim().split(/\s+/);
+    if (parts.length < 2) continue;
+    const name = parts[0];
+    const homeDir = parts.slice(1).join(" ");
+    const looksLikeAgent = name.startsWith(MACOS_USER_PREFIX) || homeDir.startsWith("/var/openape/homes/");
+    if (!looksLikeAgent) continue;
+    if (existsSync3(homeDir)) continue;
+    const record = readMacOSUser(name);
+    orphans.push({ name, uid: record?.uid ?? null, homeDir });
+  }
+  return orphans;
+}
 function readMacOSUser(name) {
   let output;
   try {
@@ -2938,7 +2473,7 @@ function isShellRegistered(shellPath) {
 }
 
 // src/commands/agents/allow.ts
-var allowAgentCommand = defineCommand20({
+var allowAgentCommand = defineCommand22({
   meta: {
     name: "allow",
     description: "Add a peer to the agent's contact-allowlist so the bridge auto-accepts that peer's contact request."
@@ -2967,8 +2502,8 @@ var allowAgentCommand = defineCommand20({
     if (!isDarwin()) {
       throw new CliError("`apes agents allow` is currently macOS-only.");
     }
-    if (!readMacOSUser(agent)) {
-      throw new CliError(`No macOS user "${agent}" \u2014 has the agent been spawned?`);
+    if (!lookupMacOSUserForAgent(agent)) {
+      throw new CliError(`No macOS user for agent "${agent}" \u2014 has it been spawned?`);
     }
     const apes = whichBinary("apes");
     if (!apes) throw new CliError("`apes` not found on PATH.");
@@ -2998,22 +2533,99 @@ print("ok")
 PY
 chmod 600 "$F"
 `;
-    consola18.start(`Adding ${email} to ${agent}'s allowlist\u2026`);
+    consola19.start(`Adding ${email} to ${agent}'s allowlist\u2026`);
     execFileSync4(apes, ["run", "--as", agent, "--wait", "--", "bash", "-c", script], { stdio: "inherit" });
-    consola18.success(`${agent} will auto-accept future contact requests from ${email} (within ~30s of next bridge connect).`);
+    consola19.success(`${agent} will auto-accept future contact requests from ${email} (within ~30s of next bridge connect).`);
   }
 });
 function shQuote2(s) {
   return `'${s.replace(/'/g, `'\\''`)}'`;
 }
 
-// src/commands/agents/destroy.ts
+// src/commands/agents/cleanup-orphans.ts
 import { execFileSync as execFileSync5 } from "child_process";
+import { defineCommand as defineCommand23 } from "citty";
+import consola20 from "consola";
+var cleanupOrphansCommand = defineCommand23({
+  meta: {
+    name: "cleanup-orphans",
+    description: "Delete tombstoned macOS user records left behind by `apes agents destroy` (run with sudo)."
+  },
+  args: {
+    "dry-run": {
+      type: "boolean",
+      description: "List orphans without deleting."
+    },
+    "force": {
+      type: "boolean",
+      description: "Skip the interactive confirmation. Required when stdin is not a TTY."
+    }
+  },
+  async run({ args }) {
+    if (!isDarwin()) {
+      throw new CliError(`\`apes agents cleanup-orphans\` is macOS-only. Detected platform: ${process.platform}.`);
+    }
+    const orphans = listOrphanedAgentRecords();
+    if (orphans.length === 0) {
+      consola20.success("No agent tombstones found \u2014 dscl is clean.");
+      return;
+    }
+    consola20.info(`Found ${orphans.length} agent tombstone${orphans.length === 1 ? "" : "s"}:`);
+    for (const o of orphans) {
+      console.log(`  \u2022 ${o.name}${o.uid !== null ? ` (uid=${o.uid})` : ""} \u2014 was ${o.homeDir}`);
+    }
+    if (args["dry-run"]) {
+      consola20.info("Dry-run \u2014 no records deleted. Re-run without --dry-run to clean up.");
+      return;
+    }
+    if (process.geteuid?.() !== 0) {
+      throw new CliError(
+        "Must run as root so opendirectoryd accepts the sysadminctl-deleteUser calls. Re-run with `sudo apes agents cleanup-orphans` from a shell login (the sudo session inherits your admin audit-session, which opendirectoryd verifies)."
+      );
+    }
+    if (!args.force) {
+      if (!process.stdin.isTTY) {
+        throw new CliError(
+          "No TTY available for the interactive confirmation. Re-run with --force (this is the same flag CI / scripted callers use)."
+        );
+      }
+      const confirmed = await consola20.prompt(`Delete ${orphans.length} tombstone${orphans.length === 1 ? "" : "s"}?`, {
+        type: "confirm",
+        initial: false
+      });
+      if (typeof confirmed === "symbol" || !confirmed) {
+        consola20.info("Aborted \u2014 no records deleted.");
+        return;
+      }
+    }
+    let deleted = 0;
+    let failed = 0;
+    for (const o of orphans) {
+      try {
+        execFileSync5("/usr/sbin/sysadminctl", ["-deleteUser", o.name], {
+          stdio: ["ignore", "inherit", "inherit"]
+        });
+        consola20.success(`Deleted ${o.name}`);
+        deleted++;
+      } catch (err) {
+        consola20.warn(`Failed to delete ${o.name}: ${err instanceof Error ? err.message : String(err)}`);
+        failed++;
+      }
+    }
+    if (failed > 0) {
+      throw new CliError(`Cleanup finished with errors: ${deleted} deleted, ${failed} failed.`);
+    }
+    consola20.success(`Cleanup complete \u2014 ${deleted} tombstone${deleted === 1 ? "" : "s"} removed.`);
+  }
+});
+
+// src/commands/agents/destroy.ts
+import { execFileSync as execFileSync6 } from "child_process";
 import { mkdtempSync, rmSync as rmSync2, writeFileSync as writeFileSync2 } from "fs";
 import { tmpdir, userInfo } from "os";
 import { join as join3 } from "path";
-import { defineCommand as defineCommand21 } from "citty";
-import consola19 from "consola";
+import { defineCommand as defineCommand24 } from "citty";
+import consola21 from "consola";
 
 // src/lib/nest-registry.ts
 import { existsSync as existsSync4, mkdirSync, readFileSync as readFileSync3, writeFileSync } from "fs";
@@ -3119,7 +2731,7 @@ function readPasswordSilent(prompt) {
 }
 
 // src/commands/agents/destroy.ts
-var destroyAgentCommand = defineCommand21({
+var destroyAgentCommand = defineCommand24({
   meta: {
     name: "destroy",
     description: "Tear down an agent: remove macOS user, hard-delete IdP agent, drop all SSH keys"
@@ -3158,9 +2770,11 @@ var destroyAgentCommand = defineCommand21({
       if (process.geteuid?.() !== 0) {
         throw new CliError("--root-stage was passed but this process is not running as root. Refusing to continue.");
       }
-      const homeDir = readMacOSUser(name)?.homeDir ?? `/var/openape/homes/${name}`;
-      consola19.start(`Running teardown for ${name} (Phase-G, root-stage)\u2026`);
-      runPhaseGTeardownInProcess({ name, homeDir });
+      const resolved = lookupMacOSUserForAgent(name);
+      const macOSUsername = resolved?.name ?? macOSUsernameForAgent(name);
+      const homeDir = resolved?.homeDir ?? `/var/openape/homes/${macOSUsername}`;
+      consola21.start(`Running teardown for ${name} (Phase-G, root-stage)\u2026`);
+      runPhaseGTeardownInProcess({ name, homeDir, macOSUsername });
       return;
     }
     const auth = loadAuth();
@@ -3174,29 +2788,29 @@ var destroyAgentCommand = defineCommand21({
     const owned = await apiFetch("/api/my-agents", { idp });
     const idpAgent = owned.find((u) => u.name === name);
     const idpExists = idpAgent !== void 0;
-    const osUser = isDarwin() ? readMacOSUser(name) : null;
+    const osUser = isDarwin() ? lookupMacOSUserForAgent(name) : null;
     const osUserExists = !args["keep-os-user"] && osUser !== null;
     if (!idpExists && !osUserExists) {
-      consola19.info(`Nothing to destroy: no IdP agent and no OS user named "${name}".`);
+      consola21.info(`Nothing to destroy: no IdP agent and no OS user for "${name}".`);
       return;
     }
     if (!args.force) {
       const consequences = [];
       if (osUserExists) {
         const home = osUser?.homeDir ?? `/Users/${name}`;
-        consequences.push(`\u2022 Remove macOS user ${name} and rm -rf ${home}`);
+        consequences.push(`\u2022 Remove macOS user ${osUser?.name ?? name} and rm -rf ${home}`);
       }
       if (idpExists) {
         consequences.push(args.soft ? `\u2022 Deactivate IdP agent ${idpAgent.email} (PATCH isActive=false)` : `\u2022 Hard-delete IdP agent ${idpAgent.email} and all its SSH keys`);
       }
-      consola19.warn(`About to destroy "${name}":
+      consola21.warn(`About to destroy "${name}":
 ${consequences.join("\n")}`);
       if (!process.stdin.isTTY) {
         throw new CliError(
           "No TTY available for the interactive confirmation. Re-run with --force to skip the prompt (this is the same flag CI uses)."
         );
       }
-      const confirmed = await consola19.prompt("Proceed?", { type: "confirm", initial: false });
+      const confirmed = await consola21.prompt("Proceed?", { type: "confirm", initial: false });
       if (typeof confirmed === "symbol" || !confirmed) {
         throw new CliExit(0);
       }
@@ -3205,24 +2819,26 @@ ${consequences.join("\n")}`);
       const id = encodeURIComponent(idpAgent.email);
       if (args.soft) {
         await apiFetch(`/api/my-agents/${id}`, { method: "PATCH", body: { isActive: false }, idp });
-        consola19.success(`Deactivated IdP agent ${idpAgent.email}`);
+        consola21.success(`Deactivated IdP agent ${idpAgent.email}`);
       } else {
         await apiFetch(`/api/my-agents/${id}`, { method: "DELETE", idp });
-        consola19.success(`Deleted IdP agent ${idpAgent.email}`);
+        consola21.success(`Deleted IdP agent ${idpAgent.email}`);
       }
     } else {
-      consola19.info("No IdP agent to remove (skipped).");
+      consola21.info("No IdP agent to remove (skipped).");
     }
     if (osUserExists) {
-      const homeDir = osUser?.homeDir ?? `/Users/${name}`;
+      const macOSUsername = osUser?.name ?? macOSUsernameForAgent(name);
+      const fallbackHome = macOSUsername.startsWith("openape-agent-") ? `/var/openape/homes/${macOSUsername}` : `/Users/${macOSUsername}`;
+      const homeDir = osUser?.homeDir ?? fallbackHome;
       const isPhaseG = homeDir.startsWith("/var/openape/homes/");
       if (isPhaseG) {
         if (process.geteuid?.() === 0) {
-          consola19.start("Running teardown (Phase G \u2014 already root, no grant needed)\u2026");
-          runPhaseGTeardownInProcess({ name, homeDir });
+          consola21.start("Running teardown (Phase G \u2014 already root, no grant needed)\u2026");
+          runPhaseGTeardownInProcess({ name, homeDir, macOSUsername });
         } else {
-          consola19.start("Running teardown (Phase G \u2014 no admin password needed)\u2026");
-          execFileSync5("apes", [
+          consola21.start("Running teardown (Phase G \u2014 no admin password needed)\u2026");
+          execFileSync6("apes", [
             "run",
             "--as",
             "root",
@@ -3236,7 +2852,7 @@ ${consequences.join("\n")}`);
             "--root-stage"
           ], { stdio: "inherit" });
         }
-        consola19.info(`dscl record /Users/${name} kept as tombstone (hidden, no home). Run \`sudo sysadminctl -deleteUser ${name}\` to fully remove.`);
+        consola21.info(`dscl record /Users/${macOSUsername} kept as tombstone (hidden, no home). Run \`sudo apes agents cleanup-orphans\` to sweep accumulated tombstones.`);
       } else {
         const sudo = whichBinary("sudo");
         if (!sudo) {
@@ -3249,7 +2865,7 @@ ${consequences.join("\n")}`);
         } catch (err) {
           const headless = !process.stdin.isTTY && !process.env.APES_ADMIN_PASSWORD;
           if (headless) {
-            consola19.warn(`Legacy OS teardown for ${name} requires a TTY or APES_ADMIN_PASSWORD; skipping. Run \`apes agents destroy ${name}\` from a shell later to fully clean up /Users/${name} + dscl record.`);
+            consola21.warn(`Legacy OS teardown for ${name} requires a TTY or APES_ADMIN_PASSWORD; skipping. Run \`apes agents destroy ${name}\` from a shell later to fully clean up /Users/${name} + dscl record.`);
             adminPassword = "";
           } else {
             throw err;
@@ -3261,8 +2877,8 @@ ${consequences.join("\n")}`);
           try {
             const script = buildDestroyTeardownScript({ name, homeDir, adminUser });
             writeFileSync2(scriptPath, script, { mode: 448 });
-            consola19.start("Running teardown via sudo\u2026");
-            execFileSync5(sudo, ["-S", "--prompt=", "--", "bash", scriptPath], {
+            consola21.start("Running teardown via sudo\u2026");
+            execFileSync6(sudo, ["-S", "--prompt=", "--", "bash", scriptPath], {
               input: `${adminPassword}
 ${adminPassword}
 `,
@@ -3274,14 +2890,14 @@ ${adminPassword}
         }
       }
     } else if (!args["keep-os-user"] && isDarwin()) {
-      consola19.info("No macOS user to remove (skipped).");
+      consola21.info("No macOS user to remove (skipped).");
     }
     try {
       removeNestAgent(name);
     } catch (err) {
-      consola19.warn(`Could not update nest registry: ${err instanceof Error ? err.message : String(err)}`);
+      consola21.warn(`Could not update nest registry: ${err instanceof Error ? err.message : String(err)}`);
     }
-    consola19.success(`Destroyed ${name}.`);
+    consola21.success(`Destroyed ${name}.`);
   }
 });
 async function collectAdminPassword(opts) {
@@ -3295,9 +2911,9 @@ async function collectAdminPassword(opts) {
 }
 
 // src/commands/agents/list.ts
-import { defineCommand as defineCommand22 } from "citty";
-import consola20 from "consola";
-var listAgentsCommand = defineCommand22({
+import { defineCommand as defineCommand25 } from "citty";
+import consola22 from "consola";
+var listAgentsCommand = defineCommand25({
   meta: {
     name: "list",
     description: "List agents owned by the current user, with local OS-user status"
@@ -3324,46 +2940,52 @@ var listAgentsCommand = defineCommand22({
     const all = await apiFetch("/api/my-agents", { idp });
     const filtered = args["include-inactive"] ? all : all.filter((u) => u.isActive !== false);
     const osUsers = isDarwin() ? listMacOSUserNames() : /* @__PURE__ */ new Set();
-    const homeOf = (name) => {
-      if (!osUsers.has(name)) return null;
-      const u = readMacOSUser(name);
-      return u?.homeDir ?? `/Users/${name}`;
+    const osStateOf = (agentName) => {
+      const u = lookupMacOSUserForAgent(agentName);
+      if (u) return { osUser: true, home: u.homeDir };
+      if (osUsers.has(macOSUsernameForAgent(agentName)) || osUsers.has(agentName)) {
+        return { osUser: true, home: null };
+      }
+      return { osUser: false, home: null };
     };
-    const rows = filtered.map((u) => ({
-      name: u.name,
-      email: u.email,
-      isActive: u.isActive !== false,
-      osUser: osUsers.has(u.name),
-      home: homeOf(u.name)
-    }));
+    const rows = filtered.map((u) => {
+      const os = osStateOf(u.name);
+      return {
+        name: u.name,
+        email: u.email,
+        isActive: u.isActive !== false,
+        osUser: os.osUser,
+        home: os.home
+      };
+    });
     if (args.json) {
       process.stdout.write(`${JSON.stringify(rows, null, 2)}
 `);
       return;
     }
     if (rows.length === 0) {
-      consola20.info(args["include-inactive"] ? "No agents found." : "No active agents found. Use --include-inactive to show deactivated.");
+      consola22.info(args["include-inactive"] ? "No agents found." : "No active agents found. Use --include-inactive to show deactivated.");
       return;
     }
-    const nameW = Math.max(4, ...rows.map((r3) => r3.name.length));
-    const emailW = Math.max(5, ...rows.map((r3) => r3.email.length));
+    const nameW = Math.max(4, ...rows.map((r) => r.name.length));
+    const emailW = Math.max(5, ...rows.map((r) => r.email.length));
     const header = `${"NAME".padEnd(nameW)}  ${"EMAIL".padEnd(emailW)}  ACTIVE  OS-USER  HOME`;
     console.log(header);
     console.log("-".repeat(header.length));
-    for (const r3 of rows) {
-      const active = r3.isActive ? "\u2713" : "\u2717";
-      const os = r3.osUser ? "\u2713" : "\u2717";
-      const homeCol = r3.home ?? (isDarwin() ? "(missing)" : "(non-darwin)");
-      console.log(`${r3.name.padEnd(nameW)}  ${r3.email.padEnd(emailW)}  ${active.padEnd(6)}  ${os.padEnd(7)}  ${homeCol}`);
+    for (const r of rows) {
+      const active = r.isActive ? "\u2713" : "\u2717";
+      const os = r.osUser ? "\u2713" : "\u2717";
+      const homeCol = r.home ?? (isDarwin() ? "(missing)" : "(non-darwin)");
+      console.log(`${r.name.padEnd(nameW)}  ${r.email.padEnd(emailW)}  ${active.padEnd(6)}  ${os.padEnd(7)}  ${homeCol}`);
     }
   }
 });
 
 // src/commands/agents/register.ts
 import { existsSync as existsSync5, readFileSync as readFileSync4 } from "fs";
-import { defineCommand as defineCommand23 } from "citty";
-import consola21 from "consola";
-var registerAgentCommand = defineCommand23({
+import { defineCommand as defineCommand26 } from "citty";
+import consola23 from "consola";
+var registerAgentCommand = defineCommand26({
   meta: {
     name: "register",
     description: "Register an agent at the IdP using a supplied public key"
@@ -3433,7 +3055,7 @@ var registerAgentCommand = defineCommand23({
 `);
       return;
     }
-    consola21.success("Agent registered.");
+    consola23.success("Agent registered.");
     console.log(`  Name:     ${result.name}`);
     console.log(`  Email:    ${result.email}`);
     console.log(`  IdP:      ${idp}`);
@@ -3445,78 +3067,93 @@ var registerAgentCommand = defineCommand23({
   }
 });
 
-// src/commands/agents/run.ts
-import { existsSync as existsSync6, readFileSync as readFileSync5 } from "fs";
+// src/commands/agents/run.ts
+import { existsSync as existsSync7, readFileSync as readFileSync6 } from "fs";
+import { homedir as homedir6 } from "os";
+import { join as join5 } from "path";
+import { defineCommand as defineCommand27 } from "citty";
+import consola24 from "consola";
+
+// src/lib/agent-secrets-runtime.ts
+import { existsSync as existsSync6, readdirSync, readFileSync as readFileSync5, watch } from "fs";
 import { homedir as homedir5 } from "os";
 import { join as join4 } from "path";
-import { defineCommand as defineCommand24 } from "citty";
-import consola22 from "consola";
-
-// src/lib/troop-client.ts
-var DEFAULT_TROOP_URL = "https://troop.openape.ai";
-var TroopClient = class {
-  constructor(troopUrl, agentJwt) {
-    this.troopUrl = troopUrl;
-    this.agentJwt = agentJwt;
-  }
-  async request(path2, init) {
-    const res = await fetch(`${this.troopUrl}${path2}`, {
-      ...init,
-      headers: {
-        ...init?.headers ?? {},
-        "Authorization": `Bearer ${this.agentJwt}`,
-        "Content-Type": "application/json"
-      }
-    });
-    if (!res.ok) {
-      const text = await res.text().catch(() => "");
-      throw new Error(`troop ${init?.method ?? "GET"} ${path2} failed: ${res.status} ${text}`);
+import { openString } from "@openape/core";
+var CONFIG_DIR2 = join4(homedir5(), ".config", "openape");
+var SECRETS_DIR = join4(CONFIG_DIR2, "secrets.d");
+var X25519_KEY_PATH = join4(CONFIG_DIR2, "agent-x25519.key");
+function envNameFromFile(file) {
+  if (!file.endsWith(".blob")) return null;
+  const env = file.slice(0, -".blob".length);
+  return /^[A-Z][A-Z0-9_]*$/.test(env) ? env : null;
+}
+function readAgentEncryptionKey(keyPath = X25519_KEY_PATH) {
+  if (!existsSync6(keyPath)) return null;
+  const k = readFileSync5(keyPath, "utf8").trim();
+  return k.length > 0 ? k : null;
+}
+function materializeSecrets(opts = {}) {
+  const dir = opts.dir ?? SECRETS_DIR;
+  const env = opts.env ?? process.env;
+  const log = opts.log ?? (() => {
+  });
+  const applied = [];
+  const failed = [];
+  const key = readAgentEncryptionKey(opts.keyPath);
+  const files = key && existsSync6(dir) ? readdirSync(dir) : [];
+  for (const file of files) {
+    const name = envNameFromFile(file);
+    if (!name) continue;
+    try {
+      const box = JSON.parse(readFileSync5(join4(dir, file), "utf8"));
+      env[name] = openString(box, key);
+      applied.push(name);
+    } catch (e) {
+      failed.push(file);
+      log(`secrets: failed to open ${file}: ${e.message}`);
     }
-    if (res.status === 204) return void 0;
-    return await res.json();
-  }
-  sync(input) {
-    return this.request("/api/agents/me/sync", {
-      method: "POST",
-      body: JSON.stringify({
-        hostname: input.hostname,
-        host_id: input.hostId,
-        owner_email: input.ownerEmail,
-        ...input.pubkeySsh ? { pubkey_ssh: input.pubkeySsh } : {}
-      })
-    });
-  }
-  listTasks() {
-    return this.request("/api/agents/me/tasks");
-  }
-  startRun(taskId) {
-    return this.request("/api/agents/me/runs", {
-      method: "POST",
-      body: JSON.stringify({ task_id: taskId })
-    });
   }
-  finaliseRun(id, payload) {
-    return this.request(`/api/agents/me/runs/${id}`, {
-      method: "PATCH",
-      body: JSON.stringify(payload)
-    });
+  const live = new Set(applied);
+  for (const prev of opts.previouslyApplied ?? []) {
+    if (!live.has(prev)) {
+      delete env[prev];
+      log(`secrets: revoked ${prev}`);
+    }
   }
-};
-function resolveTroopUrl(override) {
-  if (override) return override.replace(/\/$/, "");
-  const fromEnv = process.env.OPENAPE_TROOP_URL;
-  if (fromEnv) return fromEnv.replace(/\/$/, "");
-  return DEFAULT_TROOP_URL;
+  return { applied, failed };
+}
+function startSecretsWatcher(opts = {}) {
+  const dir = opts.dir ?? SECRETS_DIR;
+  const log = opts.log ?? (() => {
+  });
+  let appliedNames = /* @__PURE__ */ new Set();
+  const run = () => {
+    const r = materializeSecrets({ ...opts, previouslyApplied: appliedNames });
+    appliedNames = new Set(r.applied);
+  };
+  run();
+  if (!existsSync6(dir)) return () => {
+  };
+  let timer = null;
+  const watcher = watch(dir, () => {
+    if (timer) clearTimeout(timer);
+    timer = setTimeout(run, 150);
+  });
+  watcher.on("error", (err) => log(`secrets: watcher error: ${err.message}`));
+  return () => {
+    if (timer) clearTimeout(timer);
+    watcher.close();
+  };
 }
 
 // src/commands/agents/run.ts
-var AUTH_PATH = join4(homedir5(), ".config", "apes", "auth.json");
-var TASK_CACHE_DIR = join4(homedir5(), ".openape", "agent", "tasks");
+var AUTH_PATH = join5(homedir6(), ".config", "apes", "auth.json");
+var TASK_CACHE_DIR = join5(homedir6(), ".openape", "agent", "tasks");
 function readAuth() {
-  if (!existsSync6(AUTH_PATH)) {
+  if (!existsSync7(AUTH_PATH)) {
     throw new CliError(`No agent auth found at ${AUTH_PATH}. Run \`apes agents spawn <name>\` first.`);
   }
-  const parsed = JSON.parse(readFileSync5(AUTH_PATH, "utf8"));
+  const parsed = JSON.parse(readFileSync6(AUTH_PATH, "utf8"));
   if (!parsed.access_token) throw new CliError("auth.json missing access_token");
   return parsed;
 }
@@ -3529,9 +3166,9 @@ async function postRunResultToChat(opts) {
     if (!contactsRes.ok) return;
     const contacts = await contactsRes.json();
     const ownerLower = opts.ownerEmail.toLowerCase();
-    const ownerRow = contacts.find((c2) => c2.peerEmail.toLowerCase() === ownerLower && c2.connected && c2.roomId);
+    const ownerRow = contacts.find((c) => c.peerEmail.toLowerCase() === ownerLower && c.connected && c.roomId);
     if (!ownerRow?.roomId) {
-      consola22.info("chat DM skipped \u2014 no active room with owner (accept the contact request in chat to enable)");
+      consola24.info("chat DM skipped \u2014 no active room with owner (accept the contact request in chat to enable)");
       return;
     }
     const prefix = opts.status === "ok" ? "\u2705" : "\u274C";
@@ -3545,33 +3182,33 @@ ${msg}`.slice(0, 9e3);
       body: JSON.stringify({ body })
     });
     if (!postRes.ok) {
-      consola22.warn(`chat DM post failed: ${postRes.status}`);
+      consola24.warn(`chat DM post failed: ${postRes.status}`);
     }
   } catch (err) {
-    consola22.warn(`chat DM error: ${err.message}`);
+    consola24.warn(`chat DM error: ${err.message}`);
   }
 }
 function readTaskSpec(taskId) {
-  const path2 = join4(TASK_CACHE_DIR, `${taskId}.json`);
-  if (!existsSync6(path2)) {
+  const path2 = join5(TASK_CACHE_DIR, `${taskId}.json`);
+  if (!existsSync7(path2)) {
     throw new CliError(`No cached task spec at ${path2}. Run \`apes agents sync\` first to pull the task list from troop.`);
   }
-  return JSON.parse(readFileSync5(path2, "utf8"));
+  return JSON.parse(readFileSync6(path2, "utf8"));
 }
-var AGENT_CONFIG_PATH = join4(homedir5(), ".openape", "agent", "agent.json");
+var AGENT_CONFIG_PATH = join5(homedir6(), ".openape", "agent", "agent.json");
 function readAgentConfig() {
-  if (!existsSync6(AGENT_CONFIG_PATH)) return { systemPrompt: "" };
+  if (!existsSync7(AGENT_CONFIG_PATH)) return { systemPrompt: "" };
   try {
-    return JSON.parse(readFileSync5(AGENT_CONFIG_PATH, "utf8"));
+    return JSON.parse(readFileSync6(AGENT_CONFIG_PATH, "utf8"));
   } catch {
     return { systemPrompt: "" };
   }
 }
 function readLitellmConfig(model) {
-  const envPath = join4(homedir5(), "litellm", ".env");
+  const envPath = join5(homedir6(), "litellm", ".env");
   const env = {};
-  if (existsSync6(envPath)) {
-    for (const line of readFileSync5(envPath, "utf8").split(/\r?\n/)) {
+  if (existsSync7(envPath)) {
+    for (const line of readFileSync6(envPath, "utf8").split(/\r?\n/)) {
       const m = line.match(/^([A-Z_]+)=(.*)$/);
       if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, "");
     }
@@ -3586,7 +3223,7 @@ function readLitellmConfig(model) {
   }
   return { apiBase, apiKey, model: model || "claude-haiku-4-5" };
 }
-var runAgentCommand = defineCommand24({
+var runAgentCommand = defineCommand27({
   meta: {
     name: "run",
     description: "Execute one task (typically launchd-invoked). Reports the run record to troop."
@@ -3609,6 +3246,7 @@ var runAgentCommand = defineCommand24({
   async run({ args }) {
     const taskId = args["task-id"];
     const auth = readAuth();
+    materializeSecrets({ log: (l) => consola24.info(l) });
     const spec = readTaskSpec(taskId);
     const agentCfg = readAgentConfig();
     const config = readLitellmConfig(args.model);
@@ -3620,7 +3258,7 @@ var runAgentCommand = defineCommand24({
     }
     const troop = new TroopClient(resolveTroopUrl(args["troop-url"]), auth.access_token);
     const { id: runId } = await troop.startRun(taskId);
-    consola22.info(`Run ${runId} started for task ${taskId}`);
+    consola24.info(`Run ${runId} started for task ${taskId}`);
     try {
       const result = await runLoop({
         config,
@@ -3639,7 +3277,7 @@ var runAgentCommand = defineCommand24({
         step_count: result.stepCount,
         trace: result.trace
       });
-      consola22.success(`Run ${runId} ${result.status} (${result.stepCount} steps)`);
+      consola24.success(`Run ${runId} ${result.status} (${result.stepCount} steps)`);
       if (auth.owner_email) {
         await postRunResultToChat({
           authToken: auth.access_token,
@@ -3676,17 +3314,17 @@ var runAgentCommand = defineCommand24({
 });
 
 // src/commands/agents/serve.ts
-import { existsSync as existsSync7, readFileSync as readFileSync6 } from "fs";
-import { homedir as homedir6 } from "os";
-import { join as join5 } from "path";
+import { existsSync as existsSync8, readFileSync as readFileSync7 } from "fs";
+import { homedir as homedir7 } from "os";
+import { join as join6 } from "path";
 import { createInterface } from "readline";
-import { defineCommand as defineCommand25 } from "citty";
-var AUTH_PATH2 = join5(homedir6(), ".config", "apes", "auth.json");
+import { defineCommand as defineCommand28 } from "citty";
+var AUTH_PATH2 = join6(homedir7(), ".config", "apes", "auth.json");
 function readLitellmConfig2(model) {
-  const envPath = join5(homedir6(), "litellm", ".env");
+  const envPath = join6(homedir7(), "litellm", ".env");
   const env = {};
-  if (existsSync7(envPath)) {
-    for (const line of readFileSync6(envPath, "utf8").split(/\r?\n/)) {
+  if (existsSync8(envPath)) {
+    for (const line of readFileSync7(envPath, "utf8").split(/\r?\n/)) {
       const m = line.match(/^([A-Z_]+)=(.*)$/);
       if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, "");
     }
@@ -3703,7 +3341,7 @@ function emit(event) {
   process.stdout.write(`${JSON.stringify(event)}
 `);
 }
-var serveAgentCommand = defineCommand25({
+var serveAgentCommand = defineCommand28({
   meta: {
     name: "serve",
     description: "Long-running stdio RPC server for chat-bridge subprocess use."
@@ -3718,15 +3356,20 @@ var serveAgentCommand = defineCommand25({
     if (!args.rpc) {
       throw new CliError("apes agents serve currently only supports --rpc mode");
     }
-    if (existsSync7(AUTH_PATH2)) {
+    if (existsSync8(AUTH_PATH2)) {
       try {
-        JSON.parse(readFileSync6(AUTH_PATH2, "utf8"));
+        JSON.parse(readFileSync7(AUTH_PATH2, "utf8"));
       } catch {
       }
     }
+    const stopSecrets = startSecretsWatcher({ log: (l) => process.stderr.write(`${l}
+`) });
     const sessions = new RpcSessionMap();
     const evictTimer = setInterval(() => sessions.evictStale(), 5 * 60 * 1e3);
-    process.on("exit", () => clearInterval(evictTimer));
+    process.on("exit", () => {
+      clearInterval(evictTimer);
+      stopSecrets();
+    });
     const rl = createInterface({ input: process.stdin, terminal: false });
     rl.on("line", async (line) => {
       const trimmed = line.trim();
@@ -3795,12 +3438,12 @@ async function handleInbound(msg, sessions) {
 }
 
 // src/commands/agents/spawn.ts
-import { execFileSync as execFileSync7 } from "child_process";
+import { execFileSync as execFileSync8 } from "child_process";
 import { mkdtempSync as mkdtempSync2, rmSync as rmSync3, writeFileSync as writeFileSync4 } from "fs";
 import { tmpdir as tmpdir2 } from "os";
-import { join as join7 } from "path";
-import { defineCommand as defineCommand26 } from "citty";
-import consola23 from "consola";
+import { join as join8 } from "path";
+import { defineCommand as defineCommand29 } from "citty";
+import consola25 from "consola";
 
 // src/lib/troop-bootstrap.ts
 var SYNC_LABEL_PREFIX = "openape.troop.sync";
@@ -3856,12 +3499,13 @@ ${envBlock}  <key>StartInterval</key>
 
 // src/lib/keygen.ts
 import { Buffer as Buffer4 } from "buffer";
-import { existsSync as existsSync8, mkdirSync as mkdirSync2, readFileSync as readFileSync7, writeFileSync as writeFileSync3 } from "fs";
+import { existsSync as existsSync9, mkdirSync as mkdirSync2, readFileSync as readFileSync8, writeFileSync as writeFileSync3 } from "fs";
 import { generateKeyPairSync } from "crypto";
-import { homedir as homedir7 } from "os";
+import { homedir as homedir8 } from "os";
 import { dirname, resolve as resolve2 } from "path";
-function resolveKeyPath(p2) {
-  return resolve2(p2.replace(/^~/, homedir7()));
+import { generateX25519KeyPair } from "@openape/core";
+function resolveKeyPath(p) {
+  return resolve2(p.replace(/^~/, homedir8()));
 }
 function buildSshEd25519Line(rawPub) {
   const keyTypeStr = "ssh-ed25519";
@@ -3874,10 +3518,10 @@ function buildSshEd25519Line(rawPub) {
 }
 function readPublicKey(keyPath) {
   const pubPath = `${keyPath}.pub`;
-  if (existsSync8(pubPath)) {
-    return readFileSync7(pubPath, "utf-8").trim();
+  if (existsSync9(pubPath)) {
+    return readFileSync8(pubPath, "utf-8").trim();
   }
-  const keyContent = readFileSync7(keyPath, "utf-8");
+  const keyContent = readFileSync8(keyPath, "utf-8");
   const privateKey = loadEd25519PrivateKey(keyContent);
   const jwk = privateKey.export({ format: "jwk" });
   const pubBytes = Buffer4.from(jwk.x, "base64url");
@@ -3886,7 +3530,7 @@ function readPublicKey(keyPath) {
 function generateAndSaveKey(keyPath) {
   const resolved = resolveKeyPath(keyPath);
   const dir = dirname(resolved);
-  if (!existsSync8(dir)) {
+  if (!existsSync9(dir)) {
     mkdirSync2(dir, { recursive: true });
   }
   const { publicKey, privateKey } = generateKeyPairSync("ed25519");
@@ -3904,22 +3548,25 @@ function generateKeyPairInMemory() {
   const privatePem = privateKey.export({ type: "pkcs8", format: "pem" });
   const jwk = publicKey.export({ format: "jwk" });
   const pubBytes = Buffer4.from(jwk.x, "base64url");
+  const enc = generateX25519KeyPair();
   return {
     privatePem,
-    publicSshLine: buildSshEd25519Line(pubBytes)
+    publicSshLine: buildSshEd25519Line(pubBytes),
+    x25519PrivateKey: enc.privateKey,
+    x25519PublicKey: enc.publicKey
   };
 }
 
 // src/lib/llm-bridge.ts
-import { execFileSync as execFileSync6 } from "child_process";
-import { existsSync as existsSync9, readFileSync as readFileSync8 } from "fs";
-import { homedir as homedir8 } from "os";
-import { dirname as dirname2, join as join6 } from "path";
+import { execFileSync as execFileSync7 } from "child_process";
+import { existsSync as existsSync10, readFileSync as readFileSync9 } from "fs";
+import { homedir as homedir9 } from "os";
+import { dirname as dirname2, join as join7 } from "path";
 var PLIST_LABEL_PREFIX = "eco.hofmann.apes.bridge";
-function readLitellmEnv(envPath = join6(homedir8(), "litellm", ".env")) {
-  if (!existsSync9(envPath)) return null;
+function readLitellmEnv(envPath = join7(homedir9(), "litellm", ".env")) {
+  if (!existsSync10(envPath)) return null;
   try {
-    const text = readFileSync8(envPath, "utf8");
+    const text = readFileSync9(envPath, "utf8");
     const out = {};
     for (const line of text.split("\n")) {
       const trimmed = line.trim();
@@ -3955,7 +3602,7 @@ function captureHostBinDirs() {
   for (const bin of ["node", "ape-agent", "apes"]) {
     let resolved;
     try {
-      resolved = execFileSync6("/usr/bin/which", [bin], { encoding: "utf8" }).trim();
+      resolved = execFileSync7("/usr/bin/which", [bin], { encoding: "utf8" }).trim();
     } catch {
       const installCmd = bin === "ape-agent" ? "npm i -g @openape/ape-agent" : bin === "apes" ? "npm i -g @openape/apes" : "install Node.js (e.g. brew install node)";
       throw new Error(`'${bin}' not found on host PATH. ${installCmd} before spawning agents \u2014 the bridge runtime resolves these at spawn time and bakes the dir into the agent's launchd plist.`);
@@ -4056,7 +3703,7 @@ function readMacOSUidOrNull(name) {
     return null;
   }
 }
-var spawnAgentCommand = defineCommand26({
+var spawnAgentCommand = defineCommand29({
   meta: {
     name: "spawn",
     description: "Provision a local macOS agent end-to-end (OS user, keypair, IdP agent, Claude hook)"
@@ -4138,20 +3785,21 @@ var spawnAgentCommand = defineCommand26({
 and try again.`
       );
     }
-    const existing = readMacOSUser(name);
+    const macOSUsername = macOSUsernameForAgent(name);
+    const existing = readMacOSUser(macOSUsername) ?? readMacOSUser(name);
     if (existing) {
-      throw new CliError(`macOS user "${name}" already exists (uid=${existing.uid ?? "?"}). Refusing to overwrite.`);
+      throw new CliError(`macOS user "${existing.name}" already exists (uid=${existing.uid ?? "?"}). Refusing to overwrite.`);
     }
-    const homeDir = `/var/openape/homes/${name}`;
-    const scratch = mkdtempSync2(join7(tmpdir2(), `apes-spawn-${name}-`));
-    const scriptPath = join7(scratch, "setup.sh");
+    const homeDir = `/var/openape/homes/${macOSUsername}`;
+    const scratch = mkdtempSync2(join8(tmpdir2(), `apes-spawn-${name}-`));
+    const scriptPath = join8(scratch, "setup.sh");
     try {
-      consola23.start(`Generating keypair for ${name}\u2026`);
-      const { privatePem, publicSshLine } = generateKeyPairInMemory();
-      consola23.start(`Registering agent at ${idp}\u2026`);
+      consola25.start(`Generating keypair for ${name}\u2026`);
+      const { privatePem, publicSshLine, x25519PrivateKey, x25519PublicKey } = generateKeyPairInMemory();
+      consola25.start(`Registering agent at ${idp}\u2026`);
       const registration = await registerAgentAtIdp({ name, publicKey: publicSshLine, idp });
-      consola23.success(`Registered as ${registration.email}`);
-      consola23.start("Issuing agent access token\u2026");
+      consola25.success(`Registered as ${registration.email}`);
+      consola25.start("Issuing agent access token\u2026");
       const { token, expiresIn } = await issueAgentToken({
         idp,
         agentEmail: registration.email,
@@ -4204,10 +3852,13 @@ and try again.`
       };
       const script = buildSpawnSetupScript({
         name,
+        macOSUsername,
         homeDir,
         shellPath: loginShell,
         privateKeyPem: privatePem,
         publicKeySshLine: publicSshLine,
+        x25519PrivateKey,
+        x25519PublicKey,
         authJson,
         claudeSettingsJson: includeClaudeHook ? CLAUDE_SETTINGS_JSON : null,
         hookScriptSource: includeClaudeHook ? BASH_VIA_APE_SHELL_HOOK_SOURCE : null,
@@ -4218,15 +3869,15 @@ and try again.`
       writeFileSync4(scriptPath, script, { mode: 448 });
       const alreadyRoot = process.getuid?.() === 0;
       if (alreadyRoot) {
-        consola23.start("Running privileged setup directly (already root)\u2026");
-        execFileSync7("bash", [scriptPath], { stdio: "inherit" });
+        consola25.start("Running privileged setup directly (already root)\u2026");
+        execFileSync8("bash", [scriptPath], { stdio: "inherit" });
       } else {
-        consola23.start("Running privileged setup as root via `apes run --as root --wait`\u2026");
-        consola23.info("You will be asked to approve the as=root grant in your DDISA inbox; this command blocks until you do.");
-        execFileSync7(apes, ["run", "--as", "root", "--wait", "--", "bash", scriptPath], { stdio: "inherit" });
+        consola25.start("Running privileged setup as root via `apes run --as root --wait`\u2026");
+        consola25.info("You will be asked to approve the as=root grant in your DDISA inbox; this command blocks until you do.");
+        execFileSync8(apes, ["run", "--as", "root", "--wait", "--", "bash", scriptPath], { stdio: "inherit" });
       }
       try {
-        const uid = readMacOSUidOrNull(name);
+        const uid = readMacOSUidOrNull(macOSUsername) ?? readMacOSUidOrNull(name);
         upsertNestAgent({
           name,
           uid: uid ?? -1,
@@ -4240,13 +3891,13 @@ and try again.`
           } : void 0
         });
       } catch (err) {
-        consola23.warn(`Could not write to nest registry: ${err instanceof Error ? err.message : String(err)}`);
+        consola25.warn(`Could not write to nest registry: ${err instanceof Error ? err.message : String(err)}`);
       }
-      consola23.success(`Agent ${name} spawned.`);
-      consola23.info(`\u{1F517} Troop: https://troop.openape.ai/agents/${name}`);
+      consola25.success(`Agent ${name} spawned.`);
+      consola25.info(`\u{1F517} Troop: https://troop.openape.ai/agents/${name}`);
       if (withBridge) {
-        consola23.info(`On first boot, the bridge will send you a contact request from ${registration.email}.`);
-        consola23.info("Open chat.openape.ai and accept it to start chatting with the agent.");
+        consola25.info(`On first boot, the bridge will send you a contact request from ${registration.email}.`);
+        consola25.info("Open chat.openape.ai and accept it to start chatting with the agent.");
       }
       console.log("");
       console.log("Run as the agent with:");
@@ -4280,18 +3931,18 @@ async function resolveClaudeToken(opts) {
 }
 
 // src/commands/agents/sync.ts
-import { chownSync, existsSync as existsSync10, mkdirSync as mkdirSync3, readdirSync, readFileSync as readFileSync9, rmSync as rmSync4, statSync, writeFileSync as writeFileSync5 } from "fs";
-import { homedir as homedir9 } from "os";
-import { join as join8 } from "path";
-import { defineCommand as defineCommand27 } from "citty";
-import consola24 from "consola";
+import { chownSync, existsSync as existsSync11, mkdirSync as mkdirSync3, readdirSync as readdirSync2, readFileSync as readFileSync10, rmSync as rmSync4, statSync, writeFileSync as writeFileSync5 } from "fs";
+import { homedir as homedir10 } from "os";
+import { join as join9 } from "path";
+import { defineCommand as defineCommand30 } from "citty";
+import consola26 from "consola";
 
 // src/lib/macos-host.ts
-import { execFileSync as execFileSync8 } from "child_process";
+import { execFileSync as execFileSync9 } from "child_process";
 import { hostname as hostname3 } from "os";
 function getHostId() {
   try {
-    const output = execFileSync8(
+    const output = execFileSync9(
       "/usr/sbin/ioreg",
       ["-d2", "-c", "IOPlatformExpertDevice"],
       { encoding: "utf8", timeout: 2e3 }
@@ -4311,15 +3962,15 @@ function getHostname() {
 }
 
 // src/commands/agents/sync.ts
-var AUTH_PATH3 = join8(homedir9(), ".config", "apes", "auth.json");
-var TASK_CACHE_DIR2 = join8(homedir9(), ".openape", "agent", "tasks");
+var AUTH_PATH3 = join9(homedir10(), ".config", "apes", "auth.json");
+var TASK_CACHE_DIR2 = join9(homedir10(), ".openape", "agent", "tasks");
 function readAuthJson() {
-  if (!existsSync10(AUTH_PATH3)) {
+  if (!existsSync11(AUTH_PATH3)) {
     throw new CliError(
       `No agent auth found at ${AUTH_PATH3}. Run \`apes agents spawn <name>\` to provision an agent first.`
     );
   }
-  const raw = readFileSync9(AUTH_PATH3, "utf8");
+  const raw = readFileSync10(AUTH_PATH3, "utf8");
   let parsed;
   try {
     parsed = JSON.parse(raw);
@@ -4343,7 +3994,7 @@ function agentNameFromEmail(email) {
   }
   return before.slice(0, dashIdx);
 }
-var syncAgentCommand = defineCommand27({
+var syncAgentCommand = defineCommand30({
   meta: {
     name: "sync",
     description: "Pull this agent's task list from troop.openape.ai and reconcile launchd plists"
@@ -4367,22 +4018,22 @@ var syncAgentCommand = defineCommand27({
     if (!auth.owner_email) {
       throw new CliError(`${AUTH_PATH3} is missing owner_email \u2014 re-run \`apes agents spawn\` to update.`);
     }
-    consola24.start(`Syncing ${agentName} (${host}, hostId ${hostId.slice(0, 8)}\u2026) with ${troopUrl}`);
+    consola26.start(`Syncing ${agentName} (${host}, hostId ${hostId.slice(0, 8)}\u2026) with ${troopUrl}`);
     const sync = await client.sync({
       hostname: host,
       hostId,
       ownerEmail: auth.owner_email
     });
-    consola24.info(sync.first_sync ? "\u2713 first sync \u2014 agent registered" : "\u2713 presence updated");
+    consola26.info(sync.first_sync ? "\u2713 first sync \u2014 agent registered" : "\u2713 presence updated");
     const { system_prompt: systemPrompt, tools, skills, tasks } = await client.listTasks();
-    consola24.info(`Pulled ${tasks.length} task${tasks.length === 1 ? "" : "s"}`);
-    consola24.info(`Tools enabled: ${tools.length === 0 ? "(none)" : tools.join(", ")}`);
-    consola24.info(`Skills: ${skills.length === 0 ? "(none)" : skills.map((s) => s.name).join(", ")}`);
+    consola26.info(`Pulled ${tasks.length} task${tasks.length === 1 ? "" : "s"}`);
+    consola26.info(`Tools enabled: ${tools.length === 0 ? "(none)" : tools.join(", ")}`);
+    consola26.info(`Skills: ${skills.length === 0 ? "(none)" : skills.map((s) => s.name).join(", ")}`);
     let agentUid = null;
     let agentGid = null;
     if (process.geteuid?.() === 0) {
       try {
-        const homeStat = statSync(homedir9());
+        const homeStat = statSync(homedir10());
         agentUid = homeStat.uid;
         agentGid = homeStat.gid;
       } catch {
@@ -4396,11 +4047,11 @@ var syncAgentCommand = defineCommand27({
         }
       }
     }
-    const agentDir = join8(homedir9(), ".openape", "agent");
+    const agentDir = join9(homedir10(), ".openape", "agent");
     mkdirSync3(agentDir, { recursive: true });
-    chownToAgent(join8(homedir9(), ".openape"));
+    chownToAgent(join9(homedir10(), ".openape"));
     chownToAgent(agentDir);
-    const agentJsonPath = join8(agentDir, "agent.json");
+    const agentJsonPath = join9(agentDir, "agent.json");
     writeFileSync5(
       agentJsonPath,
       `${JSON.stringify({ systemPrompt, tools }, null, 2)}
@@ -4411,43 +4062,43 @@ var syncAgentCommand = defineCommand27({
     mkdirSync3(TASK_CACHE_DIR2, { recursive: true });
     chownToAgent(TASK_CACHE_DIR2);
     for (const task of tasks) {
-      const path2 = join8(TASK_CACHE_DIR2, `${task.taskId}.json`);
+      const path2 = join9(TASK_CACHE_DIR2, `${task.taskId}.json`);
       writeFileSync5(path2, `${JSON.stringify(task, null, 2)}
 `, { mode: 384 });
       chownToAgent(path2);
     }
-    const skillsDir = join8(agentDir, "skills");
+    const skillsDir = join9(agentDir, "skills");
     mkdirSync3(skillsDir, { recursive: true });
     chownToAgent(skillsDir);
     const incomingNames = new Set(skills.map((s) => s.name));
     try {
-      for (const entry of readdirSync(skillsDir)) {
+      for (const entry of readdirSync2(skillsDir)) {
         if (incomingNames.has(entry)) continue;
         try {
-          rmSync4(join8(skillsDir, entry), { recursive: true, force: true });
+          rmSync4(join9(skillsDir, entry), { recursive: true, force: true });
         } catch {
         }
       }
     } catch {
     }
     for (const skill of skills) {
-      const skillDir = join8(skillsDir, skill.name);
+      const skillDir = join9(skillsDir, skill.name);
       mkdirSync3(skillDir, { recursive: true });
       chownToAgent(skillDir);
-      const skillPath = join8(skillDir, "SKILL.md");
+      const skillPath = join9(skillDir, "SKILL.md");
       writeFileSync5(skillPath, skill.body.endsWith("\n") ? skill.body : `${skill.body}
 `, { mode: 384 });
       chownToAgent(skillPath);
     }
-    consola24.success("Sync complete.");
+    consola26.success("Sync complete.");
   }
 });
 
 // src/commands/agents/index.ts
-var agentsCommand = defineCommand28({
+var agentsCommand = defineCommand31({
   meta: {
     name: "agents",
-    description: "Manage owned agents (register, spawn, list, destroy, allow, sync, run, serve)"
+    description: "Manage owned agents (register, spawn, list, destroy, allow, sync, run, serve, cleanup-orphans)"
   },
   subCommands: {
     register: registerAgentCommand,
@@ -4457,27 +4108,28 @@ var agentsCommand = defineCommand28({
     allow: allowAgentCommand,
     sync: syncAgentCommand,
     run: runAgentCommand,
-    serve: serveAgentCommand
+    serve: serveAgentCommand,
+    "cleanup-orphans": cleanupOrphansCommand
   }
 });
 
 // src/commands/nest/index.ts
-import { defineCommand as defineCommand36 } from "citty";
+import { defineCommand as defineCommand39 } from "citty";
 
 // src/commands/nest/authorize.ts
-import { execFileSync as execFileSync9 } from "child_process";
-import { existsSync as existsSync12, readFileSync as readFileSync10 } from "fs";
-import { join as join10 } from "path";
-import { defineCommand as defineCommand30 } from "citty";
-import consola26 from "consola";
+import { execFileSync as execFileSync10 } from "child_process";
+import { existsSync as existsSync13, readFileSync as readFileSync11 } from "fs";
+import { join as join11 } from "path";
+import { defineCommand as defineCommand33 } from "citty";
+import consola28 from "consola";
 
 // src/commands/nest/enroll.ts
-import { hostname as hostname4, homedir as homedir10 } from "os";
-import { existsSync as existsSync11, mkdirSync as mkdirSync4, writeFileSync as writeFileSync6, chmodSync } from "fs";
-import { join as join9 } from "path";
-import { defineCommand as defineCommand29 } from "citty";
-import consola25 from "consola";
-var NEST_DATA_DIR = join9(homedir10(), ".openape", "nest");
+import { hostname as hostname4, homedir as homedir11 } from "os";
+import { existsSync as existsSync12, mkdirSync as mkdirSync4, writeFileSync as writeFileSync6, chmodSync } from "fs";
+import { join as join10 } from "path";
+import { defineCommand as defineCommand32 } from "citty";
+import consola27 from "consola";
+var NEST_DATA_DIR = join10(homedir11(), ".openape", "nest");
 function nestAgentName() {
   const raw = hostname4().toLowerCase();
   const head = raw.split(".")[0] ?? raw;
@@ -4485,7 +4137,7 @@ function nestAgentName() {
   const trimmed = safe.slice(0, 16);
   return `nest-${trimmed || "host"}`;
 }
-var enrollNestCommand = defineCommand29({
+var enrollNestCommand = defineCommand32({
   meta: {
     name: "enroll",
     description: "Register the local nest as a DDISA agent at the IdP. One-time per machine. Required before `apes nest authorize` so YOLO-policies have a target identity."
@@ -4510,25 +4162,25 @@ var enrollNestCommand = defineCommand29({
       throw new CliError("Run `apes login <email>` first \u2014 nest enroll attaches the new identity to your owner account.");
     }
     const name = args.name || nestAgentName();
-    const authPath = join9(NEST_DATA_DIR, ".config", "apes", "auth.json");
-    if (existsSync11(authPath) && !args.force) {
+    const authPath = join10(NEST_DATA_DIR, ".config", "apes", "auth.json");
+    if (existsSync12(authPath) && !args.force) {
       throw new CliError(`Nest already enrolled at ${authPath}. Pass --force to re-enroll.`);
     }
-    const sshDir = join9(NEST_DATA_DIR, ".ssh");
-    const configDir = join9(NEST_DATA_DIR, ".config", "apes");
+    const sshDir = join10(NEST_DATA_DIR, ".ssh");
+    const configDir = join10(NEST_DATA_DIR, ".config", "apes");
     mkdirSync4(sshDir, { recursive: true });
     mkdirSync4(configDir, { recursive: true });
-    consola25.start(`Generating keypair for ${name}\u2026`);
+    consola27.start(`Generating keypair for ${name}\u2026`);
     const { privatePem, publicSshLine } = generateKeyPairInMemory();
-    writeFileSync6(join9(sshDir, "id_ed25519"), `${privatePem.trimEnd()}
+    writeFileSync6(join10(sshDir, "id_ed25519"), `${privatePem.trimEnd()}
 `, { mode: 384 });
-    writeFileSync6(join9(sshDir, "id_ed25519.pub"), `${publicSshLine}
+    writeFileSync6(join10(sshDir, "id_ed25519.pub"), `${publicSshLine}
 `, { mode: 420 });
     chmodSync(sshDir, 448);
-    consola25.start(`Registering nest at ${idp}\u2026`);
+    consola27.start(`Registering nest at ${idp}\u2026`);
     const registration = await registerAgentAtIdp({ name, publicKey: publicSshLine, idp });
-    consola25.success(`Registered as ${registration.email}`);
-    consola25.start("Issuing nest access token\u2026");
+    consola27.success(`Registered as ${registration.email}`);
+    consola27.start("Issuing nest access token\u2026");
     const { token, expiresIn } = await issueAgentToken({
       idp,
       agentEmail: registration.email,
@@ -4539,16 +4191,16 @@ var enrollNestCommand = defineCommand29({
       accessToken: token,
       email: registration.email,
       expiresAt: Math.floor(Date.now() / 1e3) + expiresIn,
-      keyPath: join9(sshDir, "id_ed25519"),
+      keyPath: join10(sshDir, "id_ed25519"),
       ownerEmail: ownerAuth.email
     });
     writeFileSync6(authPath, authJson, { mode: 384 });
     chmodSync(configDir, 448);
-    consola25.success(`Nest enrolled \u2014 auth.json at ${authPath}`);
-    consola25.info("");
-    consola25.info("Next: configure the YOLO-policy so the nest can spawn/destroy without prompts:");
-    consola25.info("");
-    consola25.info("  apes nest authorize");
+    consola27.success(`Nest enrolled \u2014 auth.json at ${authPath}`);
+    consola27.info("");
+    consola27.info("Next: configure the YOLO-policy so the nest can spawn/destroy without prompts:");
+    consola27.info("");
+    consola27.info("  apes nest authorize");
   }
 });
 
@@ -4595,7 +4247,7 @@ var DEFAULT_ALLOW_PATTERNS = [
   "pm2 delete openape-bridge-*",
   "pm2 jlist"
 ];
-var authorizeNestCommand = defineCommand30({
+var authorizeNestCommand = defineCommand33({
   meta: {
     name: "authorize",
     description: "Set the YOLO-policy that lets the local nest spawn/destroy without per-call DDISA prompts (wraps `apes yolo set`)"
@@ -4611,14 +4263,14 @@ var authorizeNestCommand = defineCommand30({
     }
   },
   async run({ args }) {
-    const nestAuthPath = join10(NEST_DATA_DIR, ".config", "apes", "auth.json");
-    if (!existsSync12(nestAuthPath)) {
+    const nestAuthPath = join11(NEST_DATA_DIR, ".config", "apes", "auth.json");
+    if (!existsSync13(nestAuthPath)) {
       throw new CliError("Nest not enrolled. Run `apes nest enroll` first.");
     }
-    const nestAuth = JSON.parse(readFileSync10(nestAuthPath, "utf8"));
+    const nestAuth = JSON.parse(readFileSync11(nestAuthPath, "utf8"));
     if (!nestAuth.email) throw new CliError(`${nestAuthPath} has no email`);
     const allow = args.allow ?? DEFAULT_ALLOW_PATTERNS.join(",");
-    consola26.info(`Configuring YOLO-policy on ${nestAuth.email} via \`apes yolo set\`\u2026`);
+    consola28.info(`Configuring YOLO-policy on ${nestAuth.email} via \`apes yolo set\`\u2026`);
     const cmdArgs = [
       "yolo",
       "set",
@@ -4632,20 +4284,20 @@ var authorizeNestCommand = defineCommand30({
       cmdArgs.push("--expires-in", args["expires-in"]);
     }
     try {
-      execFileSync9("apes", cmdArgs, { stdio: "inherit" });
+      execFileSync10("apes", cmdArgs, { stdio: "inherit" });
     } catch (err) {
       throw new CliError(err instanceof Error ? err.message : String(err));
     }
-    consola26.success("Nest-driven agent lifecycle is now zero-prompt.");
-    consola26.info("Test: apes agents spawn <name> via the nest API \u2192 no DDISA prompt.");
+    consola28.success("Nest-driven agent lifecycle is now zero-prompt.");
+    consola28.info("Test: apes agents spawn <name> via the nest API \u2192 no DDISA prompt.");
   }
 });
 
 // src/commands/nest/destroy.ts
-import { execFileSync as execFileSync10 } from "child_process";
-import { defineCommand as defineCommand31 } from "citty";
-import consola27 from "consola";
-var destroyNestCommand = defineCommand31({
+import { execFileSync as execFileSync11 } from "child_process";
+import { defineCommand as defineCommand34 } from "citty";
+import consola29 from "consola";
+var destroyNestCommand = defineCommand34({
   meta: {
     name: "destroy",
     description: "Destroy a local agent. Wraps `apes run --as root -- apes agents destroy <name>`; the Nest watches its registry and pm2-deletes the bridge automatically."
@@ -4656,8 +4308,8 @@ var destroyNestCommand = defineCommand31({
   async run({ args }) {
     const name = String(args.name);
     try {
-      execFileSync10("apes", ["run", "--as", "root", "--wait", "--", "apes", "agents", "destroy", name, "--force"], { stdio: "inherit" });
-      consola27.success(`Nest will tear down ${name}'s pm2 process on its next reconcile (\u22642s).`);
+      execFileSync11("apes", ["run", "--as", "root", "--wait", "--", "apes", "agents", "destroy", name, "--force"], { stdio: "inherit" });
+      consola29.success(`Nest will tear down ${name}'s pm2 process on its next reconcile (\u22642s).`);
     } catch (err) {
       const status = err.status ?? 1;
       throw new CliExit(status);
@@ -4666,12 +4318,12 @@ var destroyNestCommand = defineCommand31({
 });
 
 // src/commands/nest/install.ts
-import { execFileSync as execFileSync11 } from "child_process";
-import { existsSync as existsSync13, mkdirSync as mkdirSync5, readFileSync as readFileSync11, writeFileSync as writeFileSync7 } from "fs";
-import { homedir as homedir11, userInfo as userInfo2 } from "os";
-import { dirname as dirname3, join as join11 } from "path";
-import { defineCommand as defineCommand32 } from "citty";
-import consola28 from "consola";
+import { execFileSync as execFileSync12 } from "child_process";
+import { existsSync as existsSync14, mkdirSync as mkdirSync5, readFileSync as readFileSync12, writeFileSync as writeFileSync7 } from "fs";
+import { homedir as homedir12, userInfo as userInfo2 } from "os";
+import { dirname as dirname3, join as join12 } from "path";
+import { defineCommand as defineCommand35 } from "citty";
+import consola30 from "consola";
 
 // src/commands/nest/apes-agents-adapter.ts
 var APES_AGENTS_ADAPTER_TOML = `schema = "openape-shapes/v1"
@@ -4738,13 +4390,13 @@ resource_chain = ["agents:name={name}", "allowlist:email={peer_email}"]
 // src/commands/nest/install.ts
 var PLIST_LABEL = "ai.openape.nest";
 function plistPath() {
-  return join11(homedir11(), "Library", "LaunchAgents", `${PLIST_LABEL}.plist`);
+  return join12(homedir12(), "Library", "LaunchAgents", `${PLIST_LABEL}.plist`);
 }
 function escape2(s) {
   return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
 function buildPlist(args) {
-  const logsDir = join11(args.userHome, "Library", "Logs");
+  const logsDir = join12(args.userHome, "Library", "Logs");
   return `<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -4779,25 +4431,25 @@ function buildPlist(args) {
 `;
 }
 function installAdapter2() {
-  const target = join11(homedir11(), ".openape", "shapes", "adapters", "apes-agents.toml");
+  const target = join12(homedir12(), ".openape", "shapes", "adapters", "apes-agents.toml");
   mkdirSync5(dirname3(target), { recursive: true });
   let existing = "";
   try {
-    existing = readFileSync11(target, "utf8");
+    existing = readFileSync12(target, "utf8");
   } catch {
   }
   if (existing === APES_AGENTS_ADAPTER_TOML) return false;
   writeFileSync7(target, APES_AGENTS_ADAPTER_TOML, { mode: 420 });
-  consola28.success(`Wrote shapes adapter ${target}`);
+  consola30.success(`Wrote shapes adapter ${target}`);
   return true;
 }
 function writeBridgeModelDefault(model) {
-  for (const envDir of [join11(homedir11(), "litellm"), join11(NEST_DATA_DIR, "litellm")]) {
-    const envFile = join11(envDir, ".env");
+  for (const envDir of [join12(homedir12(), "litellm"), join12(NEST_DATA_DIR, "litellm")]) {
+    const envFile = join12(envDir, ".env");
     mkdirSync5(envDir, { recursive: true });
     let lines = [];
-    if (existsSync13(envFile)) {
-      lines = readFileSync11(envFile, "utf8").split("\n").filter((l) => !l.startsWith("APE_CHAT_BRIDGE_MODEL="));
+    if (existsSync14(envFile)) {
+      lines = readFileSync12(envFile, "utf8").split("\n").filter((l) => !l.startsWith("APE_CHAT_BRIDGE_MODEL="));
     }
     lines.push(`APE_CHAT_BRIDGE_MODEL=${model}`);
     while (lines.length > 0 && lines.at(-1).trim() === "") lines.pop();
@@ -4807,17 +4459,17 @@ function writeBridgeModelDefault(model) {
 }
 function findBinary(name) {
   for (const dir of [
-    join11(homedir11(), ".bun", "bin"),
+    join12(homedir12(), ".bun", "bin"),
     "/opt/homebrew/bin",
     "/usr/local/bin",
     "/usr/bin"
   ]) {
-    const p2 = join11(dir, name);
-    if (existsSync13(p2)) return p2;
+    const p = join12(dir, name);
+    if (existsSync14(p)) return p;
   }
   throw new Error(`could not locate ${name} on PATH; install it first`);
 }
-var installNestCommand = defineCommand32({
+var installNestCommand = defineCommand35({
   meta: {
     name: "install",
     description: "Install + start the local nest-daemon (idempotent \u2014 re-running just restarts)"
@@ -4833,57 +4485,57 @@ var installNestCommand = defineCommand32({
     }
   },
   async run({ args }) {
-    const homeDir = homedir11();
+    const homeDir = homedir12();
     const port = Number(args.port ?? 9091);
     if (!Number.isInteger(port) || port < 1024 || port > 65535) {
       throw new Error(`invalid port ${port}`);
     }
     const nestBin = findBinary("openape-nest");
     const apesBin = findBinary("apes");
-    consola28.info(`Installing nest at ${plistPath()}`);
-    consola28.info(`  nest binary: ${nestBin}`);
-    consola28.info(`  apes binary: ${apesBin}`);
-    consola28.info(`  HTTP port:   ${port}`);
+    consola30.info(`Installing nest at ${plistPath()}`);
+    consola30.info(`  nest binary: ${nestBin}`);
+    consola30.info(`  apes binary: ${apesBin}`);
+    consola30.info(`  HTTP port:   ${port}`);
     if (typeof args["bridge-model"] === "string" && args["bridge-model"]) {
       writeBridgeModelDefault(args["bridge-model"]);
-      consola28.success(`Default bridge model set to ${args["bridge-model"]} (in ~/litellm/.env)`);
+      consola30.success(`Default bridge model set to ${args["bridge-model"]} (in ~/litellm/.env)`);
     }
     installAdapter2();
-    mkdirSync5(join11(homeDir, "Library", "LaunchAgents"), { recursive: true });
+    mkdirSync5(join12(homeDir, "Library", "LaunchAgents"), { recursive: true });
     mkdirSync5(NEST_DATA_DIR, { recursive: true });
     const desired = buildPlist({ nestBin, apesBin, userHome: homeDir, nestHome: NEST_DATA_DIR, port });
     let existing = "";
     try {
-      existing = readFileSync11(plistPath(), "utf8");
+      existing = readFileSync12(plistPath(), "utf8");
     } catch {
     }
     if (existing !== desired) {
       writeFileSync7(plistPath(), desired, { mode: 420 });
-      consola28.success("Wrote launchd plist");
+      consola30.success("Wrote launchd plist");
     } else {
-      consola28.info("plist already up to date");
+      consola30.info("plist already up to date");
     }
     const uid = userInfo2().uid;
     try {
-      execFileSync11("/bin/launchctl", ["bootout", `gui/${uid}/${PLIST_LABEL}`], { stdio: "ignore" });
+      execFileSync12("/bin/launchctl", ["bootout", `gui/${uid}/${PLIST_LABEL}`], { stdio: "ignore" });
     } catch {
     }
-    execFileSync11("/bin/launchctl", ["bootstrap", `gui/${uid}`, plistPath()], { stdio: "inherit" });
-    consola28.success(`Nest daemon bootstrapped \u2014 http://127.0.0.1:${port}`);
-    consola28.info("");
-    consola28.info("Next steps for zero-prompt spawn \u2014 both one-time:");
-    consola28.info("");
-    consola28.info("  1. apes nest enroll       # register nest as DDISA agent (creates own auth.json)");
-    consola28.info("  2. apes nest authorize    # set YOLO-policy on the nest agent");
-    consola28.info("");
-    consola28.info("After that, every `POST http://127.0.0.1:9091/agents` runs without DDISA prompts.");
+    execFileSync12("/bin/launchctl", ["bootstrap", `gui/${uid}`, plistPath()], { stdio: "inherit" });
+    consola30.success(`Nest daemon bootstrapped \u2014 http://127.0.0.1:${port}`);
+    consola30.info("");
+    consola30.info("Next steps for zero-prompt spawn \u2014 both one-time:");
+    consola30.info("");
+    consola30.info("  1. apes nest enroll       # register nest as DDISA agent (creates own auth.json)");
+    consola30.info("  2. apes nest authorize    # set YOLO-policy on the nest agent");
+    consola30.info("");
+    consola30.info("After that, every `POST http://127.0.0.1:9091/agents` runs without DDISA prompts.");
   }
 });
 
 // src/commands/nest/list.ts
-import { defineCommand as defineCommand33 } from "citty";
-import consola29 from "consola";
-var listNestCommand = defineCommand33({
+import { defineCommand as defineCommand36 } from "citty";
+import consola31 from "consola";
+var listNestCommand = defineCommand36({
   meta: {
     name: "list",
     description: "List agents registered with the local nest. Reads /var/openape/nest/agents.json directly."
@@ -4898,22 +4550,22 @@ var listNestCommand = defineCommand33({
       return;
     }
     if (reg.agents.length === 0) {
-      consola29.info("(no agents registered with this nest)");
+      consola31.info("(no agents registered with this nest)");
       return;
     }
-    consola29.info(`${reg.agents.length} agent(s) registered with this nest:`);
+    consola31.info(`${reg.agents.length} agent(s) registered with this nest:`);
     for (const a of reg.agents) {
       const bridge = a.bridge ? " bridge=on" : "";
-      consola29.info(`  ${a.name.padEnd(16)} uid=${String(a.uid).padEnd(5)} home=${a.home}${bridge}`);
+      consola31.info(`  ${a.name.padEnd(16)} uid=${String(a.uid).padEnd(5)} home=${a.home}${bridge}`);
     }
   }
 });
 
 // src/commands/nest/spawn.ts
-import { execFileSync as execFileSync12 } from "child_process";
-import { defineCommand as defineCommand34 } from "citty";
-import consola30 from "consola";
-var spawnNestCommand = defineCommand34({
+import { execFileSync as execFileSync13 } from "child_process";
+import { defineCommand as defineCommand37 } from "citty";
+import consola32 from "consola";
+var spawnNestCommand = defineCommand37({
   meta: {
     name: "spawn",
     description: "Spawn a new agent locally. Wraps `apes run --as root -- apes agents spawn <name>`; the Nest watches its registry and starts the bridge in pm2 automatically."
@@ -4943,8 +4595,8 @@ var spawnNestCommand = defineCommand34({
     if (typeof args["bridge-base-url"] === "string") apesArgs.push("--bridge-base-url", args["bridge-base-url"]);
     if (typeof args["bridge-model"] === "string") apesArgs.push("--bridge-model", args["bridge-model"]);
     try {
-      execFileSync12("apes", apesArgs, { stdio: "inherit" });
-      consola30.success(`Nest will pick up ${name} on its next reconcile (\u22642s).`);
+      execFileSync13("apes", apesArgs, { stdio: "inherit" });
+      consola32.success(`Nest will pick up ${name} on its next reconcile (\u22642s).`);
     } catch (err) {
       const status = err.status ?? 1;
       throw new CliExit(status);
@@ -4953,37 +4605,37 @@ var spawnNestCommand = defineCommand34({
 });
 
 // src/commands/nest/uninstall.ts
-import { execFileSync as execFileSync13 } from "child_process";
-import { existsSync as existsSync14, unlinkSync } from "fs";
-import { homedir as homedir12, userInfo as userInfo3 } from "os";
-import { join as join12 } from "path";
-import { defineCommand as defineCommand35 } from "citty";
-import consola31 from "consola";
+import { execFileSync as execFileSync14 } from "child_process";
+import { existsSync as existsSync15, unlinkSync } from "fs";
+import { homedir as homedir13, userInfo as userInfo3 } from "os";
+import { join as join13 } from "path";
+import { defineCommand as defineCommand38 } from "citty";
+import consola33 from "consola";
 var PLIST_LABEL2 = "ai.openape.nest";
-var uninstallNestCommand = defineCommand35({
+var uninstallNestCommand = defineCommand38({
   meta: {
     name: "uninstall",
     description: "Stop + remove the local nest-daemon (registry + agents preserved)"
   },
   async run() {
     const uid = userInfo3().uid;
-    const path2 = join12(homedir12(), "Library", "LaunchAgents", `${PLIST_LABEL2}.plist`);
+    const path2 = join13(homedir13(), "Library", "LaunchAgents", `${PLIST_LABEL2}.plist`);
     try {
-      execFileSync13("/bin/launchctl", ["bootout", `gui/${uid}/${PLIST_LABEL2}`], { stdio: "ignore" });
-      consola31.success("Nest daemon stopped");
+      execFileSync14("/bin/launchctl", ["bootout", `gui/${uid}/${PLIST_LABEL2}`], { stdio: "ignore" });
+      consola33.success("Nest daemon stopped");
     } catch {
-      consola31.info("Nest daemon was not loaded");
+      consola33.info("Nest daemon was not loaded");
     }
-    if (existsSync14(path2)) {
+    if (existsSync15(path2)) {
       unlinkSync(path2);
-      consola31.success(`Removed ${path2}`);
+      consola33.success(`Removed ${path2}`);
     }
-    consola31.info("Registry at ~/.openape/nest/agents.json kept \u2014 re-run `apes nest install` to resume supervision.");
+    consola33.info("Registry at ~/.openape/nest/agents.json kept \u2014 re-run `apes nest install` to resume supervision.");
   }
 });
 
 // src/commands/nest/index.ts
-var nestCommand = defineCommand36({
+var nestCommand = defineCommand39({
   meta: {
     name: "nest",
     description: "Manage the local Nest control-plane daemon. One-time setup: `install` \u2192 `enroll` \u2192 `authorize`. Day-to-day: `list` / `spawn` / `destroy`. As of Phase D the Nest is a long-running CLIENT \u2014 commands talk to it via filesystem intent files in $NEST_HOME/intents (mode 770, group _openape_nest) instead of HTTP."
@@ -5000,12 +4652,12 @@ var nestCommand = defineCommand36({
 });
 
 // src/commands/yolo/index.ts
-import { defineCommand as defineCommand40 } from "citty";
+import { defineCommand as defineCommand43 } from "citty";
 
 // src/commands/yolo/clear.ts
-import { defineCommand as defineCommand37 } from "citty";
-import consola32 from "consola";
-var yoloClearCommand = defineCommand37({
+import { defineCommand as defineCommand40 } from "citty";
+import consola34 from "consola";
+var yoloClearCommand = defineCommand40({
   meta: {
     name: "clear",
     description: "Remove the YOLO-policy from a DDISA agent (subsequent grants need human approval)"
@@ -5034,15 +4686,15 @@ var yoloClearCommand = defineCommand37({
       const text = await res.text().catch(() => "");
       throw new CliError(`DELETE /yolo-policy failed (${res.status}): ${text}`);
     }
-    consola32.success(`YOLO-policy cleared on ${email}`);
+    consola34.success(`YOLO-policy cleared on ${email}`);
   }
 });
 
 // src/commands/yolo/set.ts
-import { defineCommand as defineCommand38 } from "citty";
-import consola33 from "consola";
+import { defineCommand as defineCommand41 } from "citty";
+import consola35 from "consola";
 var VALID_MODES = ["allow-list", "deny-list"];
-var yoloSetCommand = defineCommand38({
+var yoloSetCommand = defineCommand41({
   meta: {
     name: "set",
     description: "Write a YOLO-policy on a DDISA agent you own"
@@ -5090,12 +4742,12 @@ var yoloSetCommand = defineCommand38({
     const denyPatterns = parseList(args.deny);
     const denyRiskThreshold = args["deny-risk"] ?? null;
     const expiresAt = parseExpiresIn(args["expires-in"]);
-    consola33.info(`Setting YOLO-policy on ${email}`);
-    consola33.info(`  mode:           ${mode}`);
-    if (allowPatterns.length) consola33.info(`  allow_patterns: ${allowPatterns.join(", ")}`);
-    if (denyPatterns.length) consola33.info(`  deny_patterns:  ${denyPatterns.join(", ")}`);
-    if (denyRiskThreshold) consola33.info(`  deny_risk:      ${denyRiskThreshold}`);
-    if (expiresAt) consola33.info(`  expires_at:     ${new Date(expiresAt * 1e3).toISOString()}`);
+    consola35.info(`Setting YOLO-policy on ${email}`);
+    consola35.info(`  mode:           ${mode}`);
+    if (allowPatterns.length) consola35.info(`  allow_patterns: ${allowPatterns.join(", ")}`);
+    if (denyPatterns.length) consola35.info(`  deny_patterns:  ${denyPatterns.join(", ")}`);
+    if (denyRiskThreshold) consola35.info(`  deny_risk:      ${denyRiskThreshold}`);
+    if (expiresAt) consola35.info(`  expires_at:     ${new Date(expiresAt * 1e3).toISOString()}`);
     const url = `${idp}/api/users/${encodeURIComponent(email)}/yolo-policy`;
     const res = await fetch(url, {
       method: "PUT",
@@ -5115,27 +4767,27 @@ var yoloSetCommand = defineCommand38({
       const text = await res.text().catch(() => "");
       throw new CliError(`PUT /yolo-policy failed (${res.status}): ${text}`);
     }
-    consola33.success(`YOLO-policy applied to ${email}`);
+    consola35.success(`YOLO-policy applied to ${email}`);
   }
 });
 function parseList(s) {
   if (!s) return [];
-  return s.split(",").map((p2) => p2.trim()).filter(Boolean);
+  return s.split(",").map((p) => p.trim()).filter(Boolean);
 }
 function parseExpiresIn(s) {
   if (!s) return null;
   const m = s.match(/^(\d+)([hdw])$/);
   if (!m) throw new CliError(`Invalid --expires-in "${s}" \u2014 expected forms like 30d, 6h, 2w`);
-  const n2 = Number(m[1]);
+  const n = Number(m[1]);
   const unit = m[2];
   const seconds = unit === "h" ? 3600 : unit === "d" ? 86400 : 7 * 86400;
-  return Math.floor(Date.now() / 1e3) + n2 * seconds;
+  return Math.floor(Date.now() / 1e3) + n * seconds;
 }
 
 // src/commands/yolo/show.ts
-import { defineCommand as defineCommand39 } from "citty";
-import consola34 from "consola";
-var yoloShowCommand = defineCommand39({
+import { defineCommand as defineCommand42 } from "citty";
+import consola36 from "consola";
+var yoloShowCommand = defineCommand42({
   meta: {
     name: "show",
     description: "Print the YOLO-policy currently set on a DDISA agent"
@@ -5172,17 +4824,17 @@ var yoloShowCommand = defineCommand39({
       console.log(JSON.stringify(policy, null, 2));
       return;
     }
-    consola34.info(`YOLO-policy for ${email}`);
-    consola34.info(`  mode:           ${policy.mode}`);
-    consola34.info(`  allow_patterns: ${policy.allowPatterns.length ? policy.allowPatterns.join(", ") : "(none)"}`);
-    consola34.info(`  deny_patterns:  ${policy.denyPatterns.length ? policy.denyPatterns.join(", ") : "(none)"}`);
-    consola34.info(`  deny_risk:      ${policy.denyRiskThreshold ?? "(none)"}`);
-    consola34.info(`  expires_at:     ${policy.expiresAt ? new Date(policy.expiresAt * 1e3).toISOString() : "(never)"}`);
+    consola36.info(`YOLO-policy for ${email}`);
+    consola36.info(`  mode:           ${policy.mode}`);
+    consola36.info(`  allow_patterns: ${policy.allowPatterns.length ? policy.allowPatterns.join(", ") : "(none)"}`);
+    consola36.info(`  deny_patterns:  ${policy.denyPatterns.length ? policy.denyPatterns.join(", ") : "(none)"}`);
+    consola36.info(`  deny_risk:      ${policy.denyRiskThreshold ?? "(none)"}`);
+    consola36.info(`  expires_at:     ${policy.expiresAt ? new Date(policy.expiresAt * 1e3).toISOString() : "(never)"}`);
   }
 });
 
 // src/commands/yolo/index.ts
-var yoloCommand = defineCommand40({
+var yoloCommand = defineCommand43({
   meta: {
     name: "yolo",
     description: "Manage YOLO-policies on DDISA agents you own \u2014 auto-approve grant patterns at the IdP layer (allow-list) or block dangerous ones outright (deny-list)."
@@ -5195,15 +4847,15 @@ var yoloCommand = defineCommand40({
 });
 
 // src/commands/adapter/index.ts
-import { defineCommand as defineCommand41 } from "citty";
-import consola35 from "consola";
-var adapterCommand = defineCommand41({
+import { defineCommand as defineCommand44 } from "citty";
+import consola37 from "consola";
+var adapterCommand = defineCommand44({
   meta: {
     name: "adapter",
     description: "Manage CLI adapters"
   },
   subCommands: {
-    list: defineCommand41({
+    list: defineCommand44({
       meta: {
         name: "list",
         description: "List available adapters"
@@ -5234,7 +4886,7 @@ var adapterCommand = defineCommand41({
 `);
             return;
           }
-          consola35.info(`Registry: ${index2.adapters.length} adapters (${index2.generated_at})`);
+          consola37.info(`Registry: ${index2.adapters.length} adapters (${index2.generated_at})`);
           for (const a of index2.adapters) {
             const installed = isInstalled(a.id, false) ? " [installed]" : "";
             console.log(`  ${a.id.padEnd(12)} ${a.name.padEnd(24)} ${a.category}${installed}`);
@@ -5256,7 +4908,7 @@ var adapterCommand = defineCommand41({
           return;
         }
         if (local.length === 0) {
-          consola35.info("No adapters installed. Use `apes adapter list --remote` to see available adapters.");
+          consola37.info("No adapters installed. Use `apes adapter list --remote` to see available adapters.");
           return;
         }
         for (const a of local) {
@@ -5264,7 +4916,7 @@ var adapterCommand = defineCommand41({
         }
       }
     }),
-    install: defineCommand41({
+    install: defineCommand44({
       meta: {
         name: "install",
         description: "Install an adapter from the registry"
@@ -5293,24 +4945,24 @@ var adapterCommand = defineCommand41({
         for (const id of ids) {
           const entry = findAdapter(index, id);
           if (!entry) {
-            consola35.error(`Adapter "${id}" not found in registry. Use \`apes adapter search ${id}\` to search.`);
+            consola37.error(`Adapter "${id}" not found in registry. Use \`apes adapter search ${id}\` to search.`);
             continue;
           }
           const conflicts = findConflictingAdapters(entry.executable, id);
           if (conflicts.length > 0) {
-            for (const c2 of conflicts) {
-              consola35.warn(`Conflicting adapter found: ${c2.path} (id: ${c2.adapterId}, executable: ${c2.executable})`);
-              consola35.warn(`  Remove it with: apes adapter remove ${c2.adapterId}`);
+            for (const c of conflicts) {
+              consola37.warn(`Conflicting adapter found: ${c.path} (id: ${c.adapterId}, executable: ${c.executable})`);
+              consola37.warn(`  Remove it with: apes adapter remove ${c.adapterId}`);
             }
           }
           const result = await installAdapter(entry, { local });
           const verb = result.updated ? "Updated" : "Installed";
-          consola35.success(`${verb} ${result.id} \u2192 ${result.path}`);
-          consola35.info(`Digest: ${result.digest}`);
+          consola37.success(`${verb} ${result.id} \u2192 ${result.path}`);
+          consola37.info(`Digest: ${result.digest}`);
         }
       }
     }),
-    remove: defineCommand41({
+    remove: defineCommand44({
       meta: {
         name: "remove",
         description: "Remove an installed adapter"
@@ -5333,9 +4985,9 @@ var adapterCommand = defineCommand41({
         let failed = false;
         for (const id of ids) {
           if (removeAdapter(id, local)) {
-            consola35.success(`Removed adapter: ${id}`);
+            consola37.success(`Removed adapter: ${id}`);
           } else {
-            consola35.error(`Adapter "${id}" is not installed${local ? " locally" : ""}`);
+            consola37.error(`Adapter "${id}" is not installed${local ? " locally" : ""}`);
             failed = true;
           }
         }
@@ -5343,7 +4995,7 @@ var adapterCommand = defineCommand41({
           throw new CliError("Some adapters could not be removed");
       }
     }),
-    info: defineCommand41({
+    info: defineCommand44({
       meta: {
         name: "info",
         description: "Show detailed adapter information"
@@ -5385,7 +5037,7 @@ var adapterCommand = defineCommand41({
         }
       }
     }),
-    search: defineCommand41({
+    search: defineCommand44({
       meta: {
         name: "search",
         description: "Search adapters in the registry"
@@ -5417,7 +5069,7 @@ var adapterCommand = defineCommand41({
           return;
         }
         if (results.length === 0) {
-          consola35.info(`No adapters matching "${query}"`);
+          consola37.info(`No adapters matching "${query}"`);
           return;
         }
         for (const a of results) {
@@ -5426,7 +5078,7 @@ var adapterCommand = defineCommand41({
         }
       }
     }),
-    update: defineCommand41({
+    update: defineCommand44({
       meta: {
         name: "update",
         description: "Update installed adapters"
@@ -5452,33 +5104,33 @@ var adapterCommand = defineCommand41({
         const targetId = args.id ? String(args.id) : void 0;
         const targets = targetId ? [targetId] : index.adapters.map((a) => a.id).filter((id) => isInstalled(id, false));
         if (targets.length === 0) {
-          consola35.info("No adapters installed to update.");
+          consola37.info("No adapters installed to update.");
           return;
         }
         for (const id of targets) {
           const entry = findAdapter(index, id);
           if (!entry) {
-            consola35.warn(`${id}: not found in registry, skipping`);
+            consola37.warn(`${id}: not found in registry, skipping`);
             continue;
           }
           const localDigest = getInstalledDigest(id, false);
           if (localDigest === entry.digest) {
-            consola35.info(`${id}: already up to date`);
+            consola37.info(`${id}: already up to date`);
             continue;
           }
           if (localDigest && !args.yes) {
-            consola35.warn(`${id}: digest will change \u2014 existing grants for this adapter will be invalidated`);
-            consola35.info(`  Old: ${localDigest}`);
-            consola35.info(`  New: ${entry.digest}`);
-            consola35.info("  Use --yes to confirm");
+            consola37.warn(`${id}: digest will change \u2014 existing grants for this adapter will be invalidated`);
+            consola37.info(`  Old: ${localDigest}`);
+            consola37.info(`  New: ${entry.digest}`);
+            consola37.info("  Use --yes to confirm");
             continue;
           }
           const result = await installAdapter(entry);
-          consola35.success(`Updated ${result.id} \u2192 ${result.path}`);
+          consola37.success(`Updated ${result.id} \u2192 ${result.path}`);
         }
       }
     }),
-    verify: defineCommand41({
+    verify: defineCommand44({
       meta: {
         name: "verify",
         description: "Verify installed adapter against registry digest"
@@ -5511,7 +5163,7 @@ var adapterCommand = defineCommand41({
         if (!localDigest)
           throw new Error(`Adapter "${id}" is not installed${local ? " locally" : ""}`);
         if (localDigest === entry.digest) {
-          consola35.success(`${id}: digest matches registry`);
+          consola37.success(`${id}: digest matches registry`);
         } else {
           console.log(`  Local:    ${localDigest}`);
           console.log(`  Registry: ${entry.digest}`);
@@ -5523,11 +5175,20 @@ var adapterCommand = defineCommand41({
 });
 
 // src/commands/run.ts
-import { execFileSync as execFileSync14 } from "child_process";
+import { execFileSync as execFileSync15 } from "child_process";
 import { hostname as hostname5 } from "os";
 import { basename } from "path";
-import { defineCommand as defineCommand42 } from "citty";
-import consola36 from "consola";
+import { defineCommand as defineCommand45 } from "citty";
+import consola38 from "consola";
+function resolveRunAsTarget(runAs) {
+  if (!runAs) return runAs;
+  if (!isDarwin()) return runAs;
+  if (!AGENT_NAME_REGEX.test(runAs)) return runAs;
+  if (runAs.startsWith("openape-agent-")) return runAs;
+  const prefixed = macOSUsernameForAgent(runAs);
+  if (readMacOSUser(prefixed)) return prefixed;
+  return runAs;
+}
 function shouldWaitForGrant(args) {
   return args.wait === true || process.env.APE_WAIT === "1";
 }
@@ -5545,16 +5206,16 @@ function getUserMode() {
 function getAsyncExitCode() {
   const envValue = process.env.APES_ASYNC_EXIT_CODE;
   if (envValue !== void 0 && envValue !== "") {
-    const n2 = Number(envValue);
-    if (Number.isFinite(n2) && n2 >= 0 && n2 <= 255)
-      return Math.floor(n2);
+    const n = Number(envValue);
+    if (Number.isFinite(n) && n >= 0 && n <= 255)
+      return Math.floor(n);
   }
   const cfg = loadConfig();
   const cfgValue = cfg.defaults?.async_exit_code;
   if (cfgValue !== void 0 && cfgValue !== "") {
-    const n2 = Number(cfgValue);
-    if (Number.isFinite(n2) && n2 >= 0 && n2 <= 255)
-      return Math.floor(n2);
+    const n = Number(cfgValue);
+    if (Number.isFinite(n) && n >= 0 && n <= 255)
+      return Math.floor(n);
   }
   return 75;
 }
@@ -5564,7 +5225,7 @@ function printPendingGrantInfo(grant, idp) {
   const statusCmd = `apes grants status ${grant.id}`;
   const executeCmd = `apes grants run ${grant.id}`;
   if (mode === "human") {
-    consola36.success(`Grant ${grant.id} created \u2014 awaiting your approval`);
+    consola38.success(`Grant ${grant.id} created \u2014 awaiting your approval`);
     console.log(`  Approve in browser:  ${approveUrl}`);
     console.log(`  Check status:        ${statusCmd}`);
     console.log(`  Run after approval:  ${executeCmd}`);
@@ -5574,7 +5235,7 @@ function printPendingGrantInfo(grant, idp) {
     return;
   }
   const maxMin = getPollMaxMinutes();
-  consola36.success(`Grant ${grant.id} created (pending approval)`);
+  consola38.success(`Grant ${grant.id} created (pending approval)`);
   console.log(`  Approve:   ${approveUrl}`);
   console.log(`  Status:    ${statusCmd} [--json]`);
   console.log(`  Execute:   ${executeCmd} --wait`);
@@ -5596,7 +5257,7 @@ function printPendingGrantInfo(grant, idp) {
   console.log('  Tip: Approve as "timed" or "always" in the browser to let this');
   console.log("  grant be reused on subsequent invocations without re-approval.");
 }
-var runCommand = defineCommand42({
+var runCommand = defineCommand45({
   meta: {
     name: "run",
     description: "Execute a grant-secured command"
@@ -5699,7 +5360,7 @@ async function runShellMode(command, args) {
     }
   } catch {
   }
-  consola36.info(`Requesting ape-shell session grant on ${targetHost}`);
+  consola38.info(`Requesting ape-shell session grant on ${targetHost}`);
   const grant = await apiFetch(grantsUrl, {
     method: "POST",
     body: {
@@ -5719,8 +5380,8 @@ async function runShellMode(command, args) {
     host: targetHost
   });
   if (shouldWaitForGrant(args)) {
-    consola36.info(`Grant requested: ${grant.id}`);
-    consola36.info("Waiting for approval...");
+    consola38.info(`Grant requested: ${grant.id}`);
+    consola38.info("Waiting for approval...");
     const maxWait = 3e5;
     const interval = 3e3;
     const start = Date.now();
@@ -5730,7 +5391,7 @@ async function runShellMode(command, args) {
         break;
       if (status.status === "denied" || status.status === "revoked")
         throw new CliError(`Grant ${status.status}.`);
-      await new Promise((r3) => setTimeout(r3, interval));
+      await new Promise((r) => setTimeout(r, interval));
     }
     execShellCommand(command);
     return;
@@ -5751,13 +5412,13 @@ async function tryAdapterModeFromShell(command, idp, args) {
   try {
     resolved = await resolveCommand(loaded, [normalizedExecutable, ...parsed.argv]);
   } catch (err) {
-    consola36.debug(`ape-shell: adapter resolve failed for "${parsed.raw}":`, err);
+    consola38.debug(`ape-shell: adapter resolve failed for "${parsed.raw}":`, err);
     return false;
   }
   try {
     const existingGrantId = await findExistingGrant(resolved, idp);
     if (existingGrantId) {
-      consola36.info(`Reusing grant ${existingGrantId} for: ${resolved.detail.display}`);
+      consola38.info(`Reusing grant ${existingGrantId} for: ${resolved.detail.display}`);
       const token = await fetchGrantToken(idp, existingGrantId);
       await verifyAndExecute(token, resolved, existingGrantId);
       return true;
@@ -5765,16 +5426,16 @@ async function tryAdapterModeFromShell(command, idp, args) {
   } catch {
   }
   const approval = args.approval ?? "once";
-  consola36.info(`Requesting grant for: ${resolved.detail.display}`);
+  consola38.info(`Requesting grant for: ${resolved.detail.display}`);
   const grant = await createShapesGrant(resolved, {
     idp,
     approval,
     reason: args.reason || `ape-shell: ${resolved.detail.display}`
   });
   if (grant.similar_grants?.similar_grants?.length) {
-    const n2 = grant.similar_grants.similar_grants.length;
-    consola36.info("");
-    consola36.info(`  Similar grant(s) found (${n2}). Your approver can extend an existing grant to cover this request.`);
+    const n = grant.similar_grants.similar_grants.length;
+    consola38.info("");
+    consola38.info(`  Similar grant(s) found (${n}). Your approver can extend an existing grant to cover this request.`);
   }
   notifyGrantPending({
     grantId: grant.id,
@@ -5784,8 +5445,8 @@ async function tryAdapterModeFromShell(command, idp, args) {
     host: args.host || hostname5()
   });
   if (shouldWaitForGrant(args)) {
-    consola36.info(`Grant requested: ${grant.id}`);
-    consola36.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
+    consola38.info(`Grant requested: ${grant.id}`);
+    consola38.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
     const status = await waitForGrantStatus(idp, grant.id);
     if (status !== "approved")
       throw new CliError(`Grant ${status}`);
@@ -5801,7 +5462,7 @@ function execShellCommand(command) {
     throw new CliError("No command to execute");
   try {
     const { APES_SHELL_WRAPPER: _wrapperMarker, ...inheritedEnv } = process.env;
-    execFileSync14(command[0], command.slice(1), {
+    execFileSync15(command[0], command.slice(1), {
       stdio: "inherit",
       env: inheritedEnv
     });
@@ -5859,7 +5520,7 @@ async function runAdapterMode(command, rawArgs, args) {
   try {
     const existingGrantId = await findExistingGrant(resolved, idp);
     if (existingGrantId) {
-      consola36.info(`Reusing existing grant: ${existingGrantId}`);
+      consola38.info(`Reusing existing grant: ${existingGrantId}`);
       const token = await fetchGrantToken(idp, existingGrantId);
       await verifyAndExecute(token, resolved, existingGrantId);
       return;
@@ -5872,18 +5533,18 @@ async function runAdapterMode(command, rawArgs, args) {
     ...args.reason ? { reason: args.reason } : {}
   });
   if (grant.similar_grants?.similar_grants?.length) {
-    const n2 = grant.similar_grants.similar_grants.length;
-    consola36.info("");
-    consola36.info(`  Similar grant(s) found (${n2}). Your approver can extend an existing grant to cover this request.`);
+    const n = grant.similar_grants.similar_grants.length;
+    consola38.info("");
+    consola38.info(`  Similar grant(s) found (${n}). Your approver can extend an existing grant to cover this request.`);
     if (grant.similar_grants.widened_details?.length) {
       const wider = grant.similar_grants.widened_details.map((d) => d.permission).join(", ");
-      consola36.info(`  Broader scope: ${wider}`);
+      consola38.info(`  Broader scope: ${wider}`);
     }
-    consola36.info("");
+    consola38.info("");
   }
   if (shouldWaitForGrant(args)) {
-    consola36.info(`Grant requested: ${grant.id}`);
-    consola36.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
+    consola38.info(`Grant requested: ${grant.id}`);
+    consola38.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
     const status = await waitForGrantStatus(idp, grant.id);
     if (status !== "approved")
       throw new Error(`Grant ${status}`);
@@ -5903,7 +5564,7 @@ async function runAudienceMode(audience, action, args) {
   const grantsUrl = await getGrantsEndpoint(idp);
   const command = action.split(" ");
   const targetHost = args.host || hostname5();
-  const runAs = args.as ?? void 0;
+  const runAs = resolveRunAsTarget(args.as ?? void 0);
   const reusableId = await findReusableAudienceGrant({
     grantsUrl,
     requester: auth.email,
@@ -5916,7 +5577,7 @@ async function runAudienceMode(audience, action, args) {
     const { authz_jwt: authz_jwt2 } = await apiFetch(`${grantsUrl}/${reusableId}/token`, { method: "POST" });
     return executeWithGrantToken({ audience, command, args, token: authz_jwt2 });
   }
-  consola36.info(`Requesting ${audience} grant on ${targetHost}: ${command.join(" ")}`);
+  consola38.info(`Requesting ${audience} grant on ${targetHost}: ${command.join(" ")}`);
   const grant = await apiFetch(grantsUrl, {
     method: "POST",
     body: {
@@ -5933,9 +5594,9 @@ async function runAudienceMode(audience, action, args) {
     printPendingGrantInfo(grant, idp);
     throw new CliExit(getAsyncExitCode());
   }
-  consola36.success(`Grant requested: ${grant.id}`);
-  consola36.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
-  consola36.info("Waiting for approval...");
+  consola38.success(`Grant requested: ${grant.id}`);
+  consola38.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
+  consola38.info("Waiting for approval...");
   const maxWait = 15 * 60 * 1e3;
   const interval = 3e3;
   const start = Date.now();
@@ -5943,14 +5604,14 @@ async function runAudienceMode(audience, action, args) {
   while (Date.now() - start < maxWait) {
     const status = await apiFetch(`${grantsUrl}/${grant.id}`);
     if (status.status === "approved") {
-      consola36.success("Grant approved!");
+      consola38.success("Grant approved!");
       approved = true;
       break;
     }
     if (status.status === "denied" || status.status === "revoked") {
       throw new CliError(`Grant ${status.status}.`);
     }
-    await new Promise((r3) => setTimeout(r3, interval));
+    await new Promise((r) => setTimeout(r, interval));
   }
   if (!approved) {
     const minutes = Math.round(maxWait / 6e4);
@@ -5958,7 +5619,7 @@ async function runAudienceMode(audience, action, args) {
       `Grant approval timed out after ${minutes} min (still pending). Check your DDISA inbox at ${idp}/grant-approval?grant_id=${grant.id} \u2014 if approved later, re-run the same \`apes run\` command and it will reuse the grant.`
     );
   }
-  consola36.info("Fetching grant token...");
+  consola38.info("Fetching grant token...");
   const { authz_jwt } = await apiFetch(`${grantsUrl}/${grant.id}/token`, {
     method: "POST"
   });
@@ -5967,10 +5628,10 @@ async function runAudienceMode(audience, action, args) {
 function executeWithGrantToken(opts) {
   const { audience, command, args, token } = opts;
   if (audience === "escapes") {
-    consola36.info(`Executing: ${command.join(" ")}`);
+    consola38.info(`Executing: ${command.join(" ")}`);
     try {
       const { APES_SHELL_WRAPPER: _wrapperMarker, ...inheritedEnv } = process.env;
-      execFileSync14(args["escapes-path"] || "escapes", ["--grant", token, "--", ...command], {
+      execFileSync15(args["escapes-path"] || "escapes", ["--grant", token, "--", ...command], {
         stdio: "inherit",
         env: inheritedEnv
       });
@@ -5987,15 +5648,15 @@ async function findReusableAudienceGrant(opts) {
     const grants = await apiFetch(`${opts.grantsUrl}?requester=${encodeURIComponent(opts.requester)}&status=approved&limit=50`);
     const now = Math.floor(Date.now() / 1e3);
     const match = grants.data.find((g) => {
-      const r3 = g.request;
-      if (r3.audience !== opts.audience) return false;
-      if (r3.target_host !== opts.targetHost) return false;
-      if (r3.grant_type === "once") return false;
-      if (r3.grant_type === "timed" && g.expires_at && g.expires_at <= now) return false;
-      const cmd = r3.command ?? [];
+      const r = g.request;
+      if (r.audience !== opts.audience) return false;
+      if (r.target_host !== opts.targetHost) return false;
+      if (r.grant_type === "once") return false;
+      if (r.grant_type === "timed" && g.expires_at && g.expires_at <= now) return false;
+      const cmd = r.command ?? [];
       if (cmd.length !== opts.command.length) return false;
-      if (!cmd.every((c2, i) => c2 === opts.command[i])) return false;
-      if ((r3.run_as ?? void 0) !== opts.runAs) return false;
+      if (!cmd.every((c, i) => c === opts.command[i])) return false;
+      if ((r.run_as ?? void 0) !== opts.runAs) return false;
       return true;
     });
     return match?.id ?? null;
@@ -6006,8 +5667,11 @@ async function findReusableAudienceGrant(opts) {
 
 // src/commands/proxy.ts
 import { spawn as spawn2 } from "child_process";
-import { defineCommand as defineCommand43 } from "citty";
-import consola37 from "consola";
+import { existsSync as existsSync17 } from "fs";
+import { homedir as homedir14 } from "os";
+import { join as join16 } from "path";
+import { defineCommand as defineCommand46 } from "citty";
+import consola39 from "consola";
 
 // src/proxy/config.ts
 function buildDefaultProxyConfigToml(opts) {
@@ -6044,7 +5708,7 @@ import { spawn } from "child_process";
 import { mkdtempSync as mkdtempSync3, rmSync as rmSync5, writeFileSync as writeFileSync8 } from "fs";
 import { createRequire } from "module";
 import { tmpdir as tmpdir3 } from "os";
-import { dirname as dirname4, join as join13, resolve as resolve3 } from "path";
+import { dirname as dirname4, join as join14, resolve as resolve3 } from "path";
 var require2 = createRequire(import.meta.url);
 function findProxyBin() {
   const pkgPath = require2.resolve("@openape/proxy/package.json");
@@ -6056,8 +5720,8 @@ function findProxyBin() {
   return resolve3(dirname4(pkgPath), binRel);
 }
 async function startEphemeralProxy(configToml) {
-  const tmpDir = mkdtempSync3(join13(tmpdir3(), "openape-proxy-"));
-  const configPath = join13(tmpDir, "config.toml");
+  const tmpDir = mkdtempSync3(join14(tmpdir3(), "openape-proxy-"));
+  const configPath = join14(tmpDir, "config.toml");
   writeFileSync8(configPath, configToml, { mode: 384 });
   const binPath = findProxyBin();
   const child = spawn(process.execPath, [binPath, "-c", configPath], {
@@ -6139,6 +5803,51 @@ function waitForListenLine(child) {
   });
 }
 
+// src/proxy/trust-bundle.ts
+import { existsSync as existsSync16, mkdtempSync as mkdtempSync4, readFileSync as readFileSync13, rmdirSync, unlinkSync as unlinkSync2, writeFileSync as writeFileSync9 } from "fs";
+import { tmpdir as tmpdir4 } from "os";
+import { join as join15 } from "path";
+var CANDIDATES = [
+  "/etc/ssl/cert.pem",
+  // macOS
+  "/etc/ssl/certs/ca-certificates.crt",
+  // Debian / Ubuntu
+  "/etc/pki/tls/certs/ca-bundle.crt",
+  // RHEL / Fedora
+  "/etc/ssl/ca-bundle.pem"
+  // OpenSUSE
+];
+function detectSystemCaPath() {
+  for (const p of CANDIDATES) {
+    if (existsSync16(p)) return p;
+  }
+  throw new Error(
+    `Could not locate a system CA bundle. Tried: ${CANDIDATES.join(", ")}. Set NODE_EXTRA_CA_CERTS yourself or pass --allow-no-system-ca.`
+  );
+}
+function buildTrustBundle(opts) {
+  const dir = mkdtempSync4(join15(tmpdir4(), "openape-trust-"));
+  const path2 = join15(dir, "bundle.pem");
+  const sys = readFileSync13(opts.systemCaPath, "utf-8");
+  const local = readFileSync13(opts.localCaPath, "utf-8");
+  writeFileSync9(path2, `${sys.trimEnd()}
+${local.trimEnd()}
+`, { mode: 384 });
+  return {
+    path: path2,
+    cleanup: () => {
+      try {
+        unlinkSync2(path2);
+      } catch {
+      }
+      try {
+        rmdirSync(dir);
+      } catch {
+      }
+    }
+  };
+}
+
 // src/commands/proxy.ts
 function resolveProxyConfigOptions() {
   const auth = loadAuth();
@@ -6150,10 +5859,10 @@ function resolveProxyConfigOptions() {
       77
     );
   }
-  consola37.info(`[apes proxy] IdP-mediated mode \u2014 agent=${auth.email}, idp=${auth.idp}`);
+  consola39.info(`[apes proxy] IdP-mediated mode \u2014 agent=${auth.email}, idp=${auth.idp}`);
   return { agentEmail: auth.email, idpUrl: auth.idp, mediated: true };
 }
-var proxyCommand = defineCommand43({
+var proxyCommand = defineCommand46({
   meta: {
     name: "proxy",
     description: "Run a command with HTTPS_PROXY routed through the OpenApe egress proxy."
@@ -6170,17 +5879,33 @@ var proxyCommand = defineCommand43({
     if (wrapped.length === 0) {
       throw new CliError("Usage: apes proxy -- <cmd> [args...]");
     }
+    const reuseHostPort = process.env.OPENAPE_PROXY;
     const reuseUrl = process.env.OPENAPE_PROXY_URL;
     let proxyUrl;
+    let bundle = null;
     let close = null;
-    if (reuseUrl) {
+    if (reuseHostPort) {
+      proxyUrl = `http://${reuseHostPort}`;
+      consola39.info(`[apes proxy] using long-running daemon at ${proxyUrl}`);
+      const localCaPath = join16(homedir14(), ".openape", "proxy", "ca.crt");
+      if (!existsSync17(localCaPath)) {
+        throw new CliError(
+          `OPENAPE_PROXY is set but no local CA found at ${localCaPath}. Start the daemon (sudo -u <agent> apes proxy --global < secrets.toml) first.`
+        );
+      }
+      bundle = buildTrustBundle({
+        systemCaPath: detectSystemCaPath(),
+        localCaPath
+      });
+      consola39.debug(`[apes proxy] trust bundle: ${bundle.path}`);
+    } else if (reuseUrl) {
       proxyUrl = reuseUrl;
-      consola37.info(`[apes proxy] reusing existing proxy at ${proxyUrl}`);
+      consola39.info(`[apes proxy] reusing existing proxy at ${proxyUrl}`);
     } else {
       const ephemeral = await startEphemeralProxy(buildDefaultProxyConfigToml(resolveProxyConfigOptions()));
       proxyUrl = ephemeral.url;
       close = ephemeral.close;
-      consola37.info(`[apes proxy] started ephemeral proxy at ${proxyUrl}`);
+      consola39.info(`[apes proxy] started ephemeral proxy at ${proxyUrl}`);
     }
     const noProxy = process.env.NO_PROXY ?? process.env.no_proxy ?? "127.0.0.1,localhost";
     const childEnv = {
@@ -6193,30 +5918,42 @@ var proxyCommand = defineCommand43({
       all_proxy: proxyUrl,
       NO_PROXY: noProxy,
       no_proxy: noProxy,
-      NODE_USE_ENV_PROXY: "1"
+      NODE_USE_ENV_PROXY: "1",
+      ...bundle ? {
+        NODE_EXTRA_CA_CERTS: bundle.path,
+        SSL_CERT_FILE: bundle.path,
+        CURL_CA_BUNDLE: bundle.path,
+        REQUESTS_CA_BUNDLE: bundle.path,
+        GIT_SSL_CAINFO: bundle.path
+      } : {}
     };
-    const exitCode = await new Promise((resolveExit) => {
-      const child = spawn2(wrapped[0], wrapped.slice(1), {
-        stdio: "inherit",
-        env: childEnv
-      });
-      const forward = (sig) => () => child.kill(sig);
-      const onSigint = forward("SIGINT");
-      const onSigterm = forward("SIGTERM");
-      process.on("SIGINT", onSigint);
-      process.on("SIGTERM", onSigterm);
-      child.once("exit", (code, signal) => {
-        process.off("SIGINT", onSigint);
-        process.off("SIGTERM", onSigterm);
-        if (signal) resolveExit(128 + (signalNumber(signal) ?? 0));
-        else resolveExit(code ?? 0);
-      });
-      child.once("error", (err) => {
-        consola37.error(`[apes proxy] failed to spawn '${wrapped[0]}':`, err.message);
-        resolveExit(127);
+    let exitCode;
+    try {
+      exitCode = await new Promise((resolveExit) => {
+        const child = spawn2(wrapped[0], wrapped.slice(1), {
+          stdio: "inherit",
+          env: childEnv
+        });
+        const forward = (sig) => () => child.kill(sig);
+        const onSigint = forward("SIGINT");
+        const onSigterm = forward("SIGTERM");
+        process.on("SIGINT", onSigint);
+        process.on("SIGTERM", onSigterm);
+        child.once("exit", (code, signal) => {
+          process.off("SIGINT", onSigint);
+          process.off("SIGTERM", onSigterm);
+          if (signal) resolveExit(128 + (signalNumber(signal) ?? 0));
+          else resolveExit(code ?? 0);
+        });
+        child.once("error", (err) => {
+          consola39.error(`[apes proxy] failed to spawn '${wrapped[0]}':`, err.message);
+          resolveExit(127);
+        });
       });
-    });
-    if (close) await close();
+    } finally {
+      bundle?.cleanup();
+      if (close) await close();
+    }
     if (exitCode !== 0) process.exit(exitCode);
   }
 });
@@ -6226,8 +5963,8 @@ function signalNumber(signal) {
 }
 
 // src/commands/explain.ts
-import { defineCommand as defineCommand44 } from "citty";
-var explainCommand = defineCommand44({
+import { defineCommand as defineCommand47 } from "citty";
+var explainCommand = defineCommand47({
   meta: {
     name: "explain",
     description: "Show what permission a command would need"
@@ -6265,9 +6002,9 @@ var explainCommand = defineCommand44({
 });
 
 // src/commands/config/get.ts
-import { defineCommand as defineCommand45 } from "citty";
-import consola38 from "consola";
-var configGetCommand = defineCommand45({
+import { defineCommand as defineCommand48 } from "citty";
+import consola40 from "consola";
+var configGetCommand = defineCommand48({
   meta: {
     name: "get",
     description: "Get a configuration value"
@@ -6287,7 +6024,7 @@ var configGetCommand = defineCommand45({
         if (idp)
           console.log(idp);
         else
-          consola38.info("No IdP configured.");
+          consola40.info("No IdP configured.");
         break;
       }
       case "email": {
@@ -6295,7 +6032,7 @@ var configGetCommand = defineCommand45({
         if (auth?.email)
           console.log(auth.email);
         else
-          consola38.info("Not logged in.");
+          consola40.info("Not logged in.");
         break;
       }
       default: {
@@ -6308,7 +6045,7 @@ var configGetCommand = defineCommand45({
           if (sectionObj && field in sectionObj) {
             console.log(sectionObj[field]);
           } else {
-            consola38.info(`Key "${key}" not set.`);
+            consola40.info(`Key "${key}" not set.`);
           }
         } else {
           throw new CliError(`Unknown key: "${key}". Use: idp, email, defaults.idp, defaults.approval, agent.key, agent.email`);
@@ -6319,9 +6056,9 @@ var configGetCommand = defineCommand45({
 });
 
 // src/commands/config/set.ts
-import { defineCommand as defineCommand46 } from "citty";
-import consola39 from "consola";
-var configSetCommand = defineCommand46({
+import { defineCommand as defineCommand49 } from "citty";
+import consola41 from "consola";
+var configSetCommand = defineCommand49({
   meta: {
     name: "set",
     description: "Set a configuration value"
@@ -6357,12 +6094,12 @@ var configSetCommand = defineCommand46({
       throw new CliError(`Unknown section: "${section}". Use: defaults, agent`);
     }
     saveConfig(config);
-    consola39.success(`Set ${key} = ${value}`);
+    consola41.success(`Set ${key} = ${value}`);
   }
 });
 
 // src/commands/fetch/index.ts
-import { defineCommand as defineCommand47 } from "citty";
+import { defineCommand as defineCommand50 } from "citty";
 async function doRequest(method, url, body, contentType, raw, showHeaders) {
   const token = getAuthToken();
   if (!token) {
@@ -6398,13 +6135,13 @@ async function doRequest(method, url, body, contentType, raw, showHeaders) {
     throw new CliError(`HTTP ${response.status} ${response.statusText}`);
   }
 }
-var fetchCommand = defineCommand47({
+var fetchCommand = defineCommand50({
   meta: {
     name: "fetch",
     description: "Make authenticated HTTP requests"
   },
   subCommands: {
-    get: defineCommand47({
+    get: defineCommand50({
       meta: {
         name: "get",
         description: "GET request with auth token"
@@ -6430,7 +6167,7 @@ var fetchCommand = defineCommand47({
         await doRequest("GET", String(args.url), void 0, "application/json", Boolean(args.raw), Boolean(args.headers));
       }
     }),
-    post: defineCommand47({
+    post: defineCommand50({
       meta: {
         name: "post",
         description: "POST request with auth token"
@@ -6469,8 +6206,8 @@ var fetchCommand = defineCommand47({
 });
 
 // src/commands/mcp/index.ts
-import { defineCommand as defineCommand48 } from "citty";
-var mcpCommand = defineCommand48({
+import { defineCommand as defineCommand51 } from "citty";
+var mcpCommand = defineCommand51({
   meta: {
     name: "mcp",
     description: "Start MCP server for AI agents"
@@ -6493,48 +6230,48 @@ var mcpCommand = defineCommand48({
     if (transport !== "stdio" && transport !== "sse") {
       throw new Error('Transport must be "stdio" or "sse"');
     }
-    const { startMcpServer } = await import("./server-K77SHBP2.js");
+    const { startMcpServer } = await import("./server-V2V5YHK3.js");
     await startMcpServer(transport, port);
   }
 });
 
 // src/commands/init/index.ts
-import { existsSync as existsSync15, copyFileSync, writeFileSync as writeFileSync9 } from "fs";
+import { existsSync as existsSync18, copyFileSync, writeFileSync as writeFileSync10 } from "fs";
 import { randomBytes } from "crypto";
-import { execFileSync as execFileSync15 } from "child_process";
-import { join as join14 } from "path";
-import { defineCommand as defineCommand49 } from "citty";
-import consola40 from "consola";
+import { execFileSync as execFileSync16 } from "child_process";
+import { join as join17 } from "path";
+import { defineCommand as defineCommand52 } from "citty";
+import consola42 from "consola";
 var DEFAULT_IDP_URL = "https://id.openape.at";
 async function downloadTemplate(repo, targetDir) {
   const { downloadTemplate: gigetDownload } = await import("giget");
   await gigetDownload(`gh:${repo}`, { dir: targetDir, force: false });
 }
 function installDeps(dir) {
-  const hasLockFile = (name) => existsSync15(join14(dir, name));
+  const hasLockFile = (name) => existsSync18(join17(dir, name));
   if (hasLockFile("pnpm-lock.yaml")) {
-    execFileSync15("pnpm", ["install"], { cwd: dir, stdio: "inherit" });
+    execFileSync16("pnpm", ["install"], { cwd: dir, stdio: "inherit" });
   } else if (hasLockFile("bun.lockb")) {
-    execFileSync15("bun", ["install"], { cwd: dir, stdio: "inherit" });
+    execFileSync16("bun", ["install"], { cwd: dir, stdio: "inherit" });
   } else {
-    execFileSync15("npm", ["install"], { cwd: dir, stdio: "inherit" });
+    execFileSync16("npm", ["install"], { cwd: dir, stdio: "inherit" });
   }
 }
 async function promptChoice(message, choices) {
-  const result = await consola40.prompt(message, { type: "select", options: choices });
+  const result = await consola42.prompt(message, { type: "select", options: choices });
   if (typeof result === "symbol") {
     throw new CliExit(0);
   }
   return result;
 }
 async function promptText(message, defaultValue) {
-  const result = await consola40.prompt(message, { type: "text", default: defaultValue, placeholder: defaultValue });
+  const result = await consola42.prompt(message, { type: "text", default: defaultValue, placeholder: defaultValue });
   if (typeof result === "symbol") {
     throw new CliExit(0);
   }
   return result || defaultValue || "";
 }
-var initCommand = defineCommand49({
+var initCommand = defineCommand52({
   meta: {
     name: "init",
     description: "Scaffold a new OpenApe project"
@@ -6576,23 +6313,23 @@ var initCommand = defineCommand49({
 });
 async function initSP(targetDir) {
   const dir = targetDir || "my-app";
-  if (existsSync15(join14(dir, "package.json"))) {
+  if (existsSync18(join17(dir, "package.json"))) {
     throw new CliError(`Directory "${dir}" already contains a project.`);
   }
-  consola40.start("Scaffolding SP starter...");
+  consola42.start("Scaffolding SP starter...");
   await downloadTemplate("openape-ai/openape-sp-starter", dir);
-  consola40.success("Scaffolded from openape-sp-starter");
-  consola40.start("Installing dependencies...");
+  consola42.success("Scaffolded from openape-sp-starter");
+  consola42.start("Installing dependencies...");
   installDeps(dir);
-  consola40.success("Dependencies installed");
-  const envExample = join14(dir, ".env.example");
-  const envFile = join14(dir, ".env");
-  if (existsSync15(envExample) && !existsSync15(envFile)) {
+  consola42.success("Dependencies installed");
+  const envExample = join17(dir, ".env.example");
+  const envFile = join17(dir, ".env");
+  if (existsSync18(envExample) && !existsSync18(envFile)) {
     copyFileSync(envExample, envFile);
-    consola40.success(`\`.env\` created (using Free IdP at ${DEFAULT_IDP_URL})`);
+    consola42.success(`\`.env\` created (using Free IdP at ${DEFAULT_IDP_URL})`);
   }
   console.log("");
-  consola40.box([
+  consola42.box([
     `cd ${dir}`,
     "npm run dev",
     "",
@@ -6601,7 +6338,7 @@ async function initSP(targetDir) {
 }
 async function initIdP(targetDir) {
   const dir = targetDir || "my-idp";
-  if (existsSync15(join14(dir, "package.json"))) {
+  if (existsSync18(join17(dir, "package.json"))) {
     throw new CliError(`Directory "${dir}" already contains a project.`);
   }
   const domain = await promptText("Domain for the IdP", "localhost");
@@ -6611,15 +6348,15 @@ async function initIdP(targetDir) {
     "s3 (S3-compatible)"
   ]);
   const adminEmail = await promptText("Admin email");
-  consola40.start("Scaffolding IdP starter...");
+  consola42.start("Scaffolding IdP starter...");
   await downloadTemplate("openape-ai/openape-idp-starter", dir);
-  consola40.success("Scaffolded from openape-idp-starter");
-  consola40.start("Installing dependencies...");
+  consola42.success("Scaffolded from openape-idp-starter");
+  consola42.start("Installing dependencies...");
   installDeps(dir);
-  consola40.success("Dependencies installed");
+  consola42.success("Dependencies installed");
   const sessionSecret = randomBytes(32).toString("hex");
   const managementToken = randomBytes(32).toString("hex");
-  consola40.success("Secrets generated");
+  consola42.success("Secrets generated");
   const isLocalhost = domain === "localhost";
   const origin = isLocalhost ? "http://localhost:3000" : `https://${domain}`;
   const envContent = [
@@ -6633,11 +6370,11 @@ async function initIdP(targetDir) {
     `NUXT_OPENAPE_RP_ID=${domain}`,
     `NUXT_OPENAPE_RP_ORIGIN=${origin}`
   ].join("\n");
-  writeFileSync9(join14(dir, ".env"), `${envContent}
+  writeFileSync10(join17(dir, ".env"), `${envContent}
 `, { mode: 384 });
-  consola40.success(".env created");
+  consola42.success(".env created");
   console.log("");
-  consola40.box([
+  consola42.box([
     `cd ${dir}`,
     "npm run dev",
     "",
@@ -6654,11 +6391,11 @@ async function initIdP(targetDir) {
 
 // src/commands/enroll.ts
 import { Buffer as Buffer5 } from "buffer";
-import { existsSync as existsSync16, readFileSync as readFileSync12 } from "fs";
+import { existsSync as existsSync19, readFileSync as readFileSync14 } from "fs";
 import { execFile as execFile2 } from "child_process";
 import { sign as sign2 } from "crypto";
-import { defineCommand as defineCommand50 } from "citty";
-import consola41 from "consola";
+import { defineCommand as defineCommand53 } from "citty";
+import consola43 from "consola";
 var DEFAULT_IDP_URL2 = "https://id.openape.at";
 var DEFAULT_KEY_PATH = "~/.ssh/id_ed25519";
 var POLL_INTERVAL = 3e3;
@@ -6670,7 +6407,7 @@ function openBrowser2(url) {
 }
 async function pollForEnrollment(idp, agentEmail, keyPath) {
   const resolvedKey = resolveKeyPath(keyPath);
-  const keyContent = readFileSync12(resolvedKey, "utf-8");
+  const keyContent = readFileSync14(resolvedKey, "utf-8");
   const privateKey = loadEd25519PrivateKey(keyContent);
   const challengeUrl = await getAgentChallengeEndpoint(idp);
   const authenticateUrl = await getAgentAuthenticateEndpoint(idp);
@@ -6701,7 +6438,7 @@ async function pollForEnrollment(idp, agentEmail, keyPath) {
   }
   throw new Error("Enrollment timed out. Please check the browser and try again.");
 }
-var enrollCommand = defineCommand50({
+var enrollCommand = defineCommand53({
   meta: {
     name: "enroll",
     description: "Enroll an agent with an Identity Provider"
@@ -6721,48 +6458,48 @@ var enrollCommand = defineCommand50({
     }
   },
   async run({ args }) {
-    const idp = args.idp || await consola41.prompt("IdP URL", { type: "text", default: DEFAULT_IDP_URL2, placeholder: DEFAULT_IDP_URL2 }).then((r3) => {
-      if (typeof r3 === "symbol") throw new CliExit(0);
-      return r3;
+    const idp = args.idp || await consola43.prompt("IdP URL", { type: "text", default: DEFAULT_IDP_URL2, placeholder: DEFAULT_IDP_URL2 }).then((r) => {
+      if (typeof r === "symbol") throw new CliExit(0);
+      return r;
     }) || DEFAULT_IDP_URL2;
-    const agentName = args.name || await consola41.prompt("Agent name", { type: "text", placeholder: "deploy-bot" }).then((r3) => {
-      if (typeof r3 === "symbol") throw new CliExit(0);
-      return r3;
+    const agentName = args.name || await consola43.prompt("Agent name", { type: "text", placeholder: "deploy-bot" }).then((r) => {
+      if (typeof r === "symbol") throw new CliExit(0);
+      return r;
     });
     if (!agentName) {
       throw new CliError("Agent name is required.");
     }
-    const keyPath = args.key || await consola41.prompt("Ed25519 key", { type: "text", default: DEFAULT_KEY_PATH, placeholder: DEFAULT_KEY_PATH }).then((r3) => {
-      if (typeof r3 === "symbol") throw new CliExit(0);
-      return r3;
+    const keyPath = args.key || await consola43.prompt("Ed25519 key", { type: "text", default: DEFAULT_KEY_PATH, placeholder: DEFAULT_KEY_PATH }).then((r) => {
+      if (typeof r === "symbol") throw new CliExit(0);
+      return r;
     }) || DEFAULT_KEY_PATH;
     const resolvedKey = resolveKeyPath(keyPath);
     let publicKey;
-    if (existsSync16(resolvedKey)) {
+    if (existsSync19(resolvedKey)) {
       publicKey = readPublicKey(resolvedKey);
-      consola41.success(`Using existing key ${keyPath}`);
+      consola43.success(`Using existing key ${keyPath}`);
     } else {
-      consola41.start(`Generating Ed25519 key pair at ${keyPath}...`);
+      consola43.start(`Generating Ed25519 key pair at ${keyPath}...`);
       publicKey = generateAndSaveKey(keyPath);
-      consola41.success(`Key pair generated at ${keyPath}`);
+      consola43.success(`Key pair generated at ${keyPath}`);
     }
     const encodedKey = encodeURIComponent(publicKey);
     const enrollUrl = `${idp}/enroll?name=${encodeURIComponent(agentName)}&key=${encodedKey}`;
-    consola41.info("Opening browser for enrollment...");
-    consola41.info(`\u2192 ${idp}/enroll`);
+    consola43.info("Opening browser for enrollment...");
+    consola43.info(`\u2192 ${idp}/enroll`);
     openBrowser2(enrollUrl);
     console.log("");
-    const agentEmail = await consola41.prompt(
+    const agentEmail = await consola43.prompt(
       "Agent email (shown in browser after enrollment)",
       { type: "text", placeholder: `agent+${agentName}@...` }
-    ).then((r3) => {
-      if (typeof r3 === "symbol") throw new CliExit(0);
-      return r3;
+    ).then((r) => {
+      if (typeof r === "symbol") throw new CliExit(0);
+      return r;
     });
     if (!agentEmail) {
       throw new CliError("Agent email is required to verify enrollment.");
     }
-    consola41.start("Verifying enrollment...");
+    consola43.start("Verifying enrollment...");
     const { token, expiresIn } = await pollForEnrollment(idp, agentEmail, keyPath);
     saveAuth({
       idp,
@@ -6774,18 +6511,18 @@ var enrollCommand = defineCommand50({
     config.defaults = { ...config.defaults, idp };
     config.agent = { key: keyPath, email: agentEmail };
     saveConfig(config);
-    consola41.success(`Agent enrolled as ${agentEmail}`);
-    consola41.success("Config saved to ~/.config/apes/");
+    consola43.success(`Agent enrolled as ${agentEmail}`);
+    consola43.success("Config saved to ~/.config/apes/");
     console.log("");
-    consola41.info("Verify with: apes whoami");
+    consola43.info("Verify with: apes whoami");
   }
 });
 
 // src/commands/register-user.ts
-import { existsSync as existsSync17, readFileSync as readFileSync13 } from "fs";
-import { defineCommand as defineCommand51 } from "citty";
-import consola42 from "consola";
-var registerUserCommand = defineCommand51({
+import { existsSync as existsSync20, readFileSync as readFileSync15 } from "fs";
+import { defineCommand as defineCommand54 } from "citty";
+import consola44 from "consola";
+var registerUserCommand = defineCommand54({
   meta: {
     name: "register-user",
     description: "Register a sub-user with SSH key"
@@ -6821,8 +6558,8 @@ var registerUserCommand = defineCommand51({
       throw new CliError("No IdP URL configured. Run `apes login` first.");
     }
     let publicKey = args.key;
-    if (existsSync17(args.key)) {
-      publicKey = readFileSync13(args.key, "utf-8").trim();
+    if (existsSync20(args.key)) {
+      publicKey = readFileSync15(args.key, "utf-8").trim();
     }
     if (!publicKey.startsWith("ssh-ed25519 ")) {
       throw new CliError("Public key must be in ssh-ed25519 format.");
@@ -6840,18 +6577,18 @@ var registerUserCommand = defineCommand51({
         ...userType ? { type: userType } : {}
       }
     });
-    consola42.success(`User registered: ${result.email} (type: ${result.type}, owner: ${result.owner})`);
+    consola44.success(`User registered: ${result.email} (type: ${result.type}, owner: ${result.owner})`);
   }
 });
 
 // src/commands/utils/index.ts
-import { defineCommand as defineCommand53 } from "citty";
+import { defineCommand as defineCommand56 } from "citty";
 
 // src/commands/utils/dig.ts
-import { defineCommand as defineCommand52 } from "citty";
-import consola43 from "consola";
+import { defineCommand as defineCommand55 } from "citty";
+import consola45 from "consola";
 import { resolveDDISA as resolveDDISA2 } from "@openape/core";
-var digCommand = defineCommand52({
+var digCommand = defineCommand55({
   meta: {
     name: "dig",
     description: "Resolve DDISA IdP for a domain or email (admin/diag tool)"
@@ -6924,12 +6661,12 @@ var digCommand = defineCommand52({
     console.log(`  domain: ${domain}`);
     console.log("");
     if (!result.ddisa.found) {
-      consola43.warn(`No DDISA record at _ddisa.${domain}`);
+      consola45.warn(`No DDISA record at _ddisa.${domain}`);
       if (result.hint) console.log(`
 ${result.hint}`);
       throw new CliError(`No DDISA record found for ${domain}`);
     }
-    consola43.success(`_ddisa.${domain} \u2192 ${result.ddisa.idp}`);
+    consola45.success(`_ddisa.${domain} \u2192 ${result.ddisa.idp}`);
     console.log(`  Version:  ${result.ddisa.version || "ddisa1"}`);
     console.log(`  IdP URL:  ${result.ddisa.idp}`);
     if (result.ddisa.mode) console.log(`  Mode:     ${result.ddisa.mode}`);
@@ -6939,13 +6676,13 @@ ${result.hint}`);
       return;
     }
     if (result.idpDiscovery.ok) {
-      consola43.success(`IdP reachable (${result.idpDiscovery.status ?? 200})`);
+      consola45.success(`IdP reachable (${result.idpDiscovery.status ?? 200})`);
       if (result.idpDiscovery.issuer) console.log(`  Issuer:   ${result.idpDiscovery.issuer}`);
       if (result.idpDiscovery.ddisaVersion) console.log(`  DDISA:    v${result.idpDiscovery.ddisaVersion}`);
       if (result.idpDiscovery.authMethods?.length) console.log(`  Auth:     ${result.idpDiscovery.authMethods.join(", ")}`);
       if (result.idpDiscovery.grantTypes?.length) console.log(`  Grants:   ${result.idpDiscovery.grantTypes.join(", ")}`);
     } else {
-      consola43.warn(`IdP discovery failed${result.idpDiscovery.status ? ` (HTTP ${result.idpDiscovery.status})` : ""}`);
+      consola45.warn(`IdP discovery failed${result.idpDiscovery.status ? ` (HTTP ${result.idpDiscovery.status})` : ""}`);
       if (result.hint) console.log(`
 ${result.hint}`);
       throw new CliError(`IdP at ${result.ddisa.idp} not reachable`);
@@ -6954,7 +6691,7 @@ ${result.hint}`);
 });
 
 // src/commands/utils/index.ts
-var utilsCommand = defineCommand53({
+var utilsCommand = defineCommand56({
   meta: {
     name: "utils",
     description: "Admin/diagnostic utilities (dig, \u2026)"
@@ -6965,12 +6702,12 @@ var utilsCommand = defineCommand53({
 });
 
 // src/commands/sessions/index.ts
-import { defineCommand as defineCommand56 } from "citty";
+import { defineCommand as defineCommand59 } from "citty";
 
 // src/commands/sessions/list.ts
-import { defineCommand as defineCommand54 } from "citty";
-import consola44 from "consola";
-var sessionsListCommand = defineCommand54({
+import { defineCommand as defineCommand57 } from "citty";
+import consola46 from "consola";
+var sessionsListCommand = defineCommand57({
   meta: {
     name: "list",
     description: "List your active refresh-token families (one per logged-in device)."
@@ -6988,7 +6725,7 @@ var sessionsListCommand = defineCommand54({
       return;
     }
     if (result.data.length === 0) {
-      consola44.info("No active sessions.");
+      consola46.info("No active sessions.");
       return;
     }
     for (const f of result.data) {
@@ -7000,9 +6737,9 @@ var sessionsListCommand = defineCommand54({
 });
 
 // src/commands/sessions/remove.ts
-import { defineCommand as defineCommand55 } from "citty";
-import consola45 from "consola";
-var sessionsRemoveCommand = defineCommand55({
+import { defineCommand as defineCommand58 } from "citty";
+import consola47 from "consola";
+var sessionsRemoveCommand = defineCommand58({
   meta: {
     name: "remove",
     description: "Revoke one of your active refresh-token families by id."
@@ -7018,12 +6755,12 @@ var sessionsRemoveCommand = defineCommand55({
     const id = String(args.familyId).trim();
     if (!id) throw new CliError("familyId required");
     await apiFetch(`/api/me/sessions/${encodeURIComponent(id)}`, { method: "DELETE" });
-    consola45.success(`Session ${id} revoked. The device using it will need to \`apes login\` again on its next refresh.`);
+    consola47.success(`Session ${id} revoked. The device using it will need to \`apes login\` again on its next refresh.`);
   }
 });
 
 // src/commands/sessions/index.ts
-var sessionsCommand = defineCommand56({
+var sessionsCommand = defineCommand59({
   meta: {
     name: "sessions",
     description: "Manage your active refresh-token sessions across devices"
@@ -7035,10 +6772,10 @@ var sessionsCommand = defineCommand56({
 });
 
 // src/commands/dns-check.ts
-import { defineCommand as defineCommand57 } from "citty";
-import consola46 from "consola";
+import { defineCommand as defineCommand60 } from "citty";
+import consola48 from "consola";
 import { resolveDDISA as resolveDDISA3 } from "@openape/core";
-var dnsCheckCommand = defineCommand57({
+var dnsCheckCommand = defineCommand60({
   meta: {
     name: "dns-check",
     description: "Validate DDISA DNS TXT records for a domain"
@@ -7052,7 +6789,7 @@ var dnsCheckCommand = defineCommand57({
   },
   async run({ args }) {
     const domain = args.domain;
-    consola46.start(`Checking _ddisa.${domain}...`);
+    consola48.start(`Checking _ddisa.${domain}...`);
     try {
       const result = await resolveDDISA3(domain);
       if (!result) {
@@ -7061,7 +6798,7 @@ var dnsCheckCommand = defineCommand57({
         console.log(`  _ddisa.${domain} TXT "v=ddisa1 idp=https://id.${domain}"`);
         throw new CliError(`No DDISA record found for ${domain}`);
       }
-      consola46.success(`_ddisa.${domain} \u2192 ${result.idp}`);
+      consola48.success(`_ddisa.${domain} \u2192 ${result.idp}`);
       console.log("");
       console.log(`  Version:  ${result.version || "ddisa1"}`);
       console.log(`  IdP URL:  ${result.idp}`);
@@ -7070,14 +6807,14 @@ var dnsCheckCommand = defineCommand57({
       if (result.priority !== void 0)
         console.log(`  Priority: ${result.priority}`);
       console.log("");
-      consola46.start(`Verifying IdP at ${result.idp}...`);
+      consola48.start(`Verifying IdP at ${result.idp}...`);
       const discoResp = await fetch(`${result.idp}/.well-known/openid-configuration`);
       if (!discoResp.ok) {
-        consola46.warn(`IdP discovery failed (${discoResp.status}). Is the IdP running at ${result.idp}?`);
+        consola48.warn(`IdP discovery failed (${discoResp.status}). Is the IdP running at ${result.idp}?`);
         return;
       }
       const disco = await discoResp.json();
-      consola46.success(`IdP is reachable`);
+      consola48.success(`IdP is reachable`);
       console.log(`  Issuer:   ${disco.issuer}`);
       console.log(`  DDISA:    v${disco.ddisa_version || "?"}`);
       if (disco.ddisa_auth_methods_supported) {
@@ -7095,7 +6832,7 @@ var dnsCheckCommand = defineCommand57({
 // src/commands/health.ts
 import { exec } from "child_process";
 import { promisify } from "util";
-import { defineCommand as defineCommand58 } from "citty";
+import { defineCommand as defineCommand61 } from "citty";
 var execAsync = promisify(exec);
 async function resolveApeShellPath() {
   try {
@@ -7131,7 +6868,7 @@ async function bestEffortGrantCount(idp) {
   }
 }
 async function runHealth(args) {
-  const version = true ? "1.24.0" : "0.0.0";
+  const version = true ? "1.25.0" : "0.0.0";
   const auth = loadAuth();
   if (!auth) {
     throw new CliError("Not logged in. Run `apes login` first.", 1);
@@ -7194,7 +6931,7 @@ async function runHealth(args) {
     throw new CliError(`IdP ${auth.idp} unreachable: ${idpProbe.error}`, 1);
   }
 }
-var healthCommand = defineCommand58({
+var healthCommand = defineCommand61({
   meta: {
     name: "health",
     description: "Report CLI diagnostic state (auth, IdP, grants, binaries)"
@@ -7212,8 +6949,8 @@ var healthCommand = defineCommand58({
 });
 
 // src/commands/workflows.ts
-import { defineCommand as defineCommand59 } from "citty";
-import consola47 from "consola";
+import { defineCommand as defineCommand62 } from "citty";
+import consola49 from "consola";
 
 // src/guides/index.ts
 var guides = [
@@ -7263,7 +7000,7 @@ var guides = [
 ];
 
 // src/commands/workflows.ts
-var workflowsCommand = defineCommand59({
+var workflowsCommand = defineCommand62({
   meta: {
     name: "workflows",
     description: "Discover workflow guides"
@@ -7284,7 +7021,7 @@ var workflowsCommand = defineCommand59({
     if (args.id) {
       const guide = guides.find((g) => g.id === String(args.id));
       if (!guide) {
-        consola47.info(`Available: ${guides.map((g) => g.id).join(", ")}`);
+        consola49.info(`Available: ${guides.map((g) => g.id).join(", ")}`);
         throw new CliError(`Guide not found: ${args.id}`);
       }
       if (args.json) {
@@ -7324,26 +7061,26 @@ var workflowsCommand = defineCommand59({
 });
 
 // src/version-check.ts
-import { existsSync as existsSync18, mkdirSync as mkdirSync6, readFileSync as readFileSync14, writeFileSync as writeFileSync10 } from "fs";
-import { homedir as homedir13 } from "os";
-import { join as join15 } from "path";
-import consola48 from "consola";
+import { existsSync as existsSync21, mkdirSync as mkdirSync6, readFileSync as readFileSync16, writeFileSync as writeFileSync11 } from "fs";
+import { homedir as homedir15 } from "os";
+import { join as join18 } from "path";
+import consola50 from "consola";
 var PACKAGE_NAME = "@openape/apes";
 var CACHE_TTL_MS = 24 * 60 * 60 * 1e3;
-var CACHE_FILE = join15(homedir13(), ".config", "apes", ".version-check.json");
+var CACHE_FILE = join18(homedir15(), ".config", "apes", ".version-check.json");
 function readCache() {
-  if (!existsSync18(CACHE_FILE)) return null;
+  if (!existsSync21(CACHE_FILE)) return null;
   try {
-    return JSON.parse(readFileSync14(CACHE_FILE, "utf-8"));
+    return JSON.parse(readFileSync16(CACHE_FILE, "utf-8"));
   } catch {
     return null;
   }
 }
 function writeCache(entry) {
   try {
-    const dir = join15(homedir13(), ".config", "apes");
-    if (!existsSync18(dir)) mkdirSync6(dir, { recursive: true, mode: 448 });
-    writeFileSync10(CACHE_FILE, JSON.stringify(entry), { mode: 384 });
+    const dir = join18(homedir15(), ".config", "apes");
+    if (!existsSync21(dir)) mkdirSync6(dir, { recursive: true, mode: 448 });
+    writeFileSync11(CACHE_FILE, JSON.stringify(entry), { mode: 384 });
   } catch {
   }
 }
@@ -7372,7 +7109,7 @@ async function fetchLatestVersion() {
 }
 function warnIfBehind(currentVersion, latest) {
   if (compareSemver(currentVersion, latest) < 0) {
-    consola48.warn(
+    consola50.warn(
       `apes ${currentVersion} is behind latest @openape/apes@${latest}. Run \`npm i -g @openape/apes@latest\` to update. (Suppress with APES_NO_UPDATE_CHECK=1.)`
     );
   }
@@ -7404,10 +7141,10 @@ if (shellRewrite) {
   if (shellRewrite.action === "rewrite") {
     process.argv = shellRewrite.argv;
   } else if (shellRewrite.action === "version") {
-    console.log(`ape-shell ${"1.24.0"} (OpenApe DDISA shell wrapper)`);
+    console.log(`ape-shell ${"1.25.0"} (OpenApe DDISA shell wrapper)`);
     process.exit(0);
   } else if (shellRewrite.action === "help") {
-    console.log(`ape-shell ${"1.24.0"} \u2014 OpenApe DDISA shell wrapper`);
+    console.log(`ape-shell ${"1.25.0"} \u2014 OpenApe DDISA shell wrapper`);
     console.log("");
     console.log("Usage:");
     console.log("  ape-shell                 Start interactive grant-mediated REPL");
@@ -7422,7 +7159,7 @@ if (shellRewrite) {
     console.log("  --help, -h      Show this help message");
     process.exit(0);
   } else if (shellRewrite.action === "interactive") {
-    const { runInteractiveShell } = await import("./orchestrator-2QS5KXFL.js");
+    const { runInteractiveShell } = await import("./orchestrator-CIDV7OGM.js");
     await runInteractiveShell();
     process.exit(0);
   } else {
@@ -7431,7 +7168,7 @@ if (shellRewrite) {
   }
 }
 var debug = process.argv.includes("--debug");
-var grantsCommand = defineCommand60({
+var grantsCommand = defineCommand63({
   meta: {
     name: "grants",
     description: "Grant management"
@@ -7452,7 +7189,7 @@ var grantsCommand = defineCommand60({
     "delegation-revoke": delegationRevokeCommand
   }
 });
-var configCommand = defineCommand60({
+var configCommand = defineCommand63({
   meta: {
     name: "config",
     description: "Configuration management"
@@ -7462,10 +7199,10 @@ var configCommand = defineCommand60({
     set: configSetCommand
   }
 });
-var main = defineCommand60({
+var main = defineCommand63({
   meta: {
     name: "apes",
-    version: "1.24.0",
+    version: "1.25.0",
     description: "Unified CLI for OpenApe"
   },
   subCommands: {
@@ -7480,6 +7217,7 @@ var main = defineCommand60({
     whoami: whoamiCommand,
     health: healthCommand,
     grants: grantsCommand,
+    agent: agentCommand,
     agents: agentsCommand,
     nest: nestCommand,
     yolo: yoloCommand,
@@ -7513,29 +7251,29 @@ var NO_REFRESH_COMMANDS = /* @__PURE__ */ new Set([
 async function maybeRefreshAuth() {
   const sub = process.argv[2];
   if (!sub || NO_REFRESH_COMMANDS.has(sub)) return;
-  const { loadAuth: loadAuth2 } = await import("./config-DA2L3XOV.js");
+  const { loadAuth: loadAuth2 } = await import("./config-MOB5DJ6H.js");
   if (!loadAuth2()) return;
   try {
-    const { ensureFreshToken } = await import("./http-JWS5LV2U.js");
+    const { ensureFreshToken } = await import("./http-6OKWT52Z.js");
     await ensureFreshToken();
   } catch {
   }
 }
 await maybeRefreshAuth();
-await maybeWarnStaleVersion("1.24.0").catch(() => {
+await maybeWarnStaleVersion("1.25.0").catch(() => {
 });
 runMain(main).catch((err) => {
   if (err instanceof CliExit) {
     process.exit(err.exitCode);
   }
   if (err instanceof CliError) {
-    consola49.error(err.message);
+    consola51.error(err.message);
     process.exit(err.exitCode);
   }
   if (debug) {
-    consola49.error(err);
+    consola51.error(err);
   } else {
-    consola49.error(err instanceof ApiError ? err.message : err instanceof Error ? err.message : String(err));
+    consola51.error(err instanceof ApiError ? err.message : err instanceof Error ? err.message : String(err));
   }
   process.exit(1);
 });