@openape/apes 1.29.1 → 1.31.0

package/dist/cli.js

@@ -50,7 +50,7 @@ import {
   getAgentChallengeEndpoint,
   getDelegationsEndpoint,
   getGrantsEndpoint
-} from "./chunk-NYJSBFLG.js";
+} from "./chunk-MMBFV5WN.js";
 import {
   AUTH_FILE,
   CONFIG_DIR,
@@ -65,7 +65,7 @@ import {
 } from "./chunk-OBF7IMQ2.js";
 
 // src/cli.ts
-import consola52 from "consola";
+import consola53 from "consola";
 
 // src/ape-shell.ts
 import path from "path";
@@ -98,7 +98,7 @@ function rewriteApeShellArgs(argv, argv0) {
 import { defineCommand as defineCommand64, runMain } from "citty";
 
 // src/commands/auth/login.ts
-import { Buffer as Buffer2 } from "buffer";
+import { Buffer } from "buffer";
 import { execFile } from "child_process";
 import { createServer } from "http";
 import { homedir as homedir2 } from "os";
@@ -308,7 +308,7 @@ async function loginWithPKCE(idp) {
   authUrl.searchParams.set("state", state);
   authUrl.searchParams.set("nonce", nonce);
   authUrl.searchParams.set("scope", "openid email profile offline_access");
-  const code = await new Promise((resolve4, reject) => {
+  const code = await new Promise((resolve5, reject) => {
     const server = createServer((req, res) => {
       const url = new URL(req.url, `http://localhost:${CALLBACK_PORT}`);
       if (url.pathname === "/callback") {
@@ -325,7 +325,7 @@ async function loginWithPKCE(idp) {
           res.writeHead(200, { "Content-Type": "text/html" });
           res.end("<h1>Login successful!</h1><p>You can close this window.</p>");
           server.close();
-          resolve4(authCode);
+          resolve5(authCode);
           return;
         }
         res.writeHead(400);
@@ -381,7 +381,7 @@ async function loginWithPKCE(idp) {
   consola2.success(`Logged in as ${payload.email || payload.sub}`);
 }
 async function loginWithKey(idp, keyPath, agentEmail) {
-  const { readFileSync: readFileSync21 } = await import("fs");
+  const { readFileSync: readFileSync19 } = await import("fs");
   const { sign: sign3 } = await import("crypto");
   const { loadEd25519PrivateKey: loadEd25519PrivateKey2 } = await import("./ssh-key-YBNNG5K5.js");
   const challengeUrl = await getAgentChallengeEndpoint(idp);
@@ -395,9 +395,9 @@ async function loginWithKey(idp, keyPath, agentEmail) {
     throw new CliError(`Challenge failed: ${await challengeResp.text()}`);
   }
   const { challenge } = await challengeResp.json();
-  const keyContent = readFileSync21(keyPath, "utf-8");
+  const keyContent = readFileSync19(keyPath, "utf-8");
   const privateKey = loadEd25519PrivateKey2(keyContent);
-  const signature = sign3(null, Buffer2.from(challenge), privateKey).toString("base64");
+  const signature = sign3(null, Buffer.from(challenge), privateKey).toString("base64");
   const authenticateUrl = await getAgentAuthenticateEndpoint(idp);
   const authResp = await fetch(authenticateUrl, {
     method: "POST",
@@ -888,7 +888,7 @@ async function waitForApproval2(grantsUrl, grantId) {
     if (grant.status === "revoked") {
       throw new CliError("Grant revoked.");
     }
-    await new Promise((resolve4) => setTimeout(resolve4, interval));
+    await new Promise((resolve5) => setTimeout(resolve5, interval));
   }
   throw new CliError("Timed out waiting for approval.");
 }
@@ -1976,15 +1976,13 @@ var agentCommand = defineCommand21({
 import { defineCommand as defineCommand32 } from "citty";
 
 // src/commands/agents/allow.ts
-import { execFileSync as execFileSync10 } from "child_process";
+import { execFileSync as execFileSync6 } from "child_process";
 import { defineCommand as defineCommand22 } from "citty";
 import consola19 from "consola";
 
 // src/lib/agent-bootstrap.ts
-import { Buffer as Buffer3 } from "buffer";
-import { execFileSync as execFileSync2 } from "child_process";
+import { Buffer as Buffer2 } from "buffer";
 import { createPrivateKey, sign } from "crypto";
-import { rmSync } from "fs";
 import { exchangeWithDelegation } from "@openape/cli-auth";
 var AGENT_NAME_REGEX = /^[a-z][a-z0-9-]{0,23}$/;
 var SSH_ED25519_PREFIX = "ssh-ed25519 ";
@@ -2049,7 +2047,7 @@ function decodeJwtClaims(token) {
     const part = token.split(".")[1];
     if (!part) return null;
     const padded = part + "=".repeat((4 - part.length % 4) % 4);
-    const json = Buffer3.from(padded, "base64").toString("utf8");
+    const json = Buffer2.from(padded, "base64").toString("utf8");
     return JSON.parse(json);
   } catch {
     return null;
@@ -2061,19 +2059,23 @@ async function issueAgentToken(input) {
   const challengeResp = await fetch(challengeUrl, {
     method: "POST",
     headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ agent_id: input.agentEmail })
+    // Canonical /api/auth/challenge expects `id` (M3). The legacy
+    // /api/agent/challenge field was `agent_id`; discovery now resolves
+    // the canonical endpoint, so the payload must use `id` to match.
+    body: JSON.stringify({ id: input.agentEmail })
   });
   if (!challengeResp.ok) {
     const text = await challengeResp.text().catch(() => "");
     throw new Error(`Challenge failed (${challengeResp.status}): ${text}`);
   }
   const { challenge } = await challengeResp.json();
-  const signature = sign(null, Buffer3.from(challenge), privateKey).toString("base64");
+  const signature = sign(null, Buffer2.from(challenge), privateKey).toString("base64");
   const authenticateUrl = await getAgentAuthenticateEndpoint(input.idp);
   const authResp = await fetch(authenticateUrl, {
     method: "POST",
     headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ agent_id: input.agentEmail, challenge, signature })
+    // Canonical /api/auth/authenticate expects `id` (same M3 rename).
+    body: JSON.stringify({ id: input.agentEmail, challenge, signature })
   });
   if (!authResp.ok) {
     const text = await authResp.text().catch(() => "");
@@ -2092,7 +2094,7 @@ ${content}
 ${SH_HEREDOC_DELIMITER}`;
 }
 function buildSpawnSetupScript(input) {
-  const { name, macOSUsername, homeDir, shellPath } = input;
+  const { name, homeDir, shellPath } = input;
   const privatePemForHeredoc = input.privateKeyPem.endsWith("\n") ? input.privateKeyPem : `${input.privateKeyPem}
 `;
   const claudeBlock = input.claudeSettingsJson && input.hookScriptSource ? `
@@ -2100,118 +2102,54 @@ mkdir -p "$HOME_DIR/.claude/hooks"
 cat > "$HOME_DIR/.claude/settings.json" ${shHeredoc(input.claudeSettingsJson)}
 cat > "$HOME_DIR/.claude/hooks/bash-via-ape-shell.sh" ${shHeredoc(input.hookScriptSource)}
 chmod 755 "$HOME_DIR/.claude/hooks/bash-via-ape-shell.sh"
-` : "";
-  const claudeTokenBlock = input.claudeOauthToken ? `
-mkdir -p "$HOME_DIR/.config/openape"
-cat > "$HOME_DIR/.config/openape/claude-token.env" ${shHeredoc(`# Auto-generated by 'apes agents spawn'. chmod 600 \u2014 contains a long-lived
-# Claude Code OAuth token. Rotate by editing this file in place; the
-# .zshenv / .profile source-lines below will pick it up automatically.
-export CLAUDE_CODE_OAUTH_TOKEN=${shQuote(input.claudeOauthToken)}
-`)}
-SOURCE_LINE='[ -f "$HOME/.config/openape/claude-token.env" ] && . "$HOME/.config/openape/claude-token.env"'
-for f in "$HOME_DIR/.zshenv" "$HOME_DIR/.profile"; do
-  touch "$f"
-  if ! grep -qF 'config/openape/claude-token.env' "$f" 2>/dev/null; then
-    {
-      echo ''
-      echo '# OpenApe: load Claude Code OAuth token (added by apes agents spawn)'
-      echo "$SOURCE_LINE"
-    } >> "$f"
-  fi
-done
 ` : "";
   return `#!/bin/bash
 set -euo pipefail
 
-# escapes-spawned scripts inherit a minimal PATH that doesn't include
-# /usr/sbin \u2014 which is where chown / dscl / pwpolicy live. Force a
-# wide PATH so the privileged setup commands resolve without absolute
-# paths everywhere.
-export PATH="/usr/sbin:/usr/bin:/bin:/sbin:/opt/homebrew/bin:/usr/local/bin"
+# Wide PATH so useradd / getent / install / chown resolve regardless of
+# how the privileged wrapper trimmed the environment.
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
 NAME=${shQuote(name)}
-MACOS_USER=${shQuote(macOSUsername)}
 HOME_DIR=${shQuote(homeDir)}
 SHELL_PATH=${shQuote(shellPath)}
 
-# Tombstone-reuse: \`apes agents destroy\` leaves the dscl user
-# record behind (opendirectoryd refuses \`dscl . -delete\` from
-# escapes' setuid-root context without admin auth, so we accept the
-# stranded record as a harmless tombstone \u2014 see
-# runPhaseGTeardownInProcess). When the operator re-spawns with the
-# same name, we recycle the tombstone instead of refusing: if the
-# previously-recorded home dir is gone from disk (matching the
-# Phase-G teardown's \`rm -rf\`), we reuse the existing UID +
-# overwrite the home. If the home is still on disk it's a real,
-# live agent \u2014 refuse.
-TOMBSTONE_REUSE=0
-if dscl . -read "/Users/$MACOS_USER" >/dev/null 2>&1; then
-  EXISTING_HOME=$(dscl . -read "/Users/$MACOS_USER" NFSHomeDirectory 2>/dev/null | awk '/NFSHomeDirectory:/ {print $2}')
-  if [ -n "$EXISTING_HOME" ] && [ -d "$EXISTING_HOME" ]; then
-    echo "User $MACOS_USER already exists with a live home at $EXISTING_HOME; refusing to overwrite." >&2
-    exit 1
-  fi
-  NEXT_UID=$(dscl . -read "/Users/$MACOS_USER" UniqueID 2>/dev/null | awk '/UniqueID:/ {print $2}')
-  if [ -z "$NEXT_UID" ]; then
-    echo "User $MACOS_USER exists but has no UniqueID; record is malformed, refusing to recycle." >&2
-    exit 1
-  fi
-  echo "Recycling tombstone dscl record for $MACOS_USER (uid=$NEXT_UID, prior home $EXISTING_HOME \u2014 gone)"
-  TOMBSTONE_REUSE=1
+# Agent homes live under /var/lib/openape/homes/ (the persisted
+# openape-homes volume) \u2014 out of /home/ where real operator accounts
+# live. useradd --create-home makes the leaf dir but not missing
+# parents; the volume mount provides the parent, but pre-create it
+# anyway so a bare-metal/non-volume run still works.
+mkdir -p /var/lib/openape/homes
+chmod 755 /var/lib/openape/homes
+
+# Create the agent's OS user if absent. spawn.ts already refused earlier
+# when the user existed, but guard here too so a re-run of the privileged
+# script is idempotent rather than erroring on a half-created account.
+if ! getent passwd "$NAME" >/dev/null 2>&1; then
+  useradd --create-home --home-dir "$HOME_DIR" --shell "$SHELL_PATH" --comment "OpenApe Agent $NAME" "$NAME"
 fi
 
-# Phase G: agent home dirs live under /var/openape/homes/, not
-# /Users/. Pre-create the parent and chmod it world-traversable
-# so per-agent dirs can be reached by their respective uids.
-mkdir -p /var/openape/homes
-chmod 755 /var/openape/homes
-
-if [ "$TOMBSTONE_REUSE" = "0" ]; then
-  # Pick the LOWEST free UID in the [200, 500) hidden service-account
-  # range. We must skip every occupied UID \u2014 agent users AND the many
-  # macOS system _* accounts \u2014 and reuse gaps. The old code took
-  # max(existing)+1, so a single agent landing on 499 wedged every
-  # future spawn ("No free UID") even with 100+ UIDs free. Now we scan
-  # for the first actually-unused UID.
-  OCCUPIED_UIDS=$(dscl . -list /Users UniqueID | awk '$2 >= 200 && $2 < 500 {print $2}' | sort -n -u)
-  NEXT_UID=""
-  candidate=200
-  while [ "$candidate" -lt 500 ]; do
-    if ! printf '%s
-' "$OCCUPIED_UIDS" | grep -qx "$candidate"; then
-      NEXT_UID=$candidate
-      break
-    fi
-    candidate=$((candidate + 1))
-  done
-  if [ -z "$NEXT_UID" ]; then
-    echo "No free UID in [200, 500) \u2014 refusing to clobber a real user." >&2
-    exit 1
-  fi
-
-  dscl . -create "/Users/$MACOS_USER"
-fi
-
-# Idempotent attribute writes \u2014 \`dscl . -create\` on an existing
-# property overwrites in place, so the tombstone-reuse path lands
-# the same end-state as a fresh create.
-dscl . -create "/Users/$MACOS_USER" UserShell "$SHELL_PATH"
-dscl . -create "/Users/$MACOS_USER" RealName "OpenApe Agent $NAME"
-dscl . -create "/Users/$MACOS_USER" UniqueID "$NEXT_UID"
-dscl . -create "/Users/$MACOS_USER" PrimaryGroupID 20
-dscl . -create "/Users/$MACOS_USER" NFSHomeDirectory "$HOME_DIR"
-dscl . -create "/Users/$MACOS_USER" IsHidden 1
+# Resolve the uid for the final report line (getent is the canonical read).
+NEW_UID=$(getent passwd "$NAME" | cut -d: -f3)
 
-mkdir -p "$HOME_DIR/.ssh" "$HOME_DIR/.config/apes"
+# Identity dirs \u2014 created owned by the agent so the file writes below land
+# with the right owner even before the final recursive chown.
+install -d -m 700 -o "$NAME" "$HOME_DIR/.ssh"
+install -d -m 700 -o "$NAME" "$HOME_DIR/.config"
+install -d -m 700 -o "$NAME" "$HOME_DIR/.config/apes"
+install -d -m 700 -o "$NAME" "$HOME_DIR/.config/openape"
 
 cat > "$HOME_DIR/.ssh/id_ed25519" ${shHeredoc(privatePemForHeredoc.trimEnd())}
-cat > "$HOME_DIR/.ssh/id_ed25519.pub" ${shHeredoc(`${input.publicKeySshLine}`)}
+cat > "$HOME_DIR/.ssh/id_ed25519.pub" ${shHeredoc(input.publicKeySshLine)}
 cat > "$HOME_DIR/.config/apes/auth.json" ${shHeredoc(input.authJson)}
-mkdir -p "$HOME_DIR/.config/openape"
 cat > "$HOME_DIR/.config/openape/agent-x25519.key" ${shHeredoc(input.x25519PrivateKey)}
 cat > "$HOME_DIR/.config/openape/agent-x25519.key.pub" ${shHeredoc(input.x25519PublicKey)}
-${claudeBlock}${claudeTokenBlock}${buildBridgeBlock(input.bridge)}${buildTroopBlock(input.troop)}
-chown -R "$MACOS_USER:staff" "$HOME_DIR"
+${claudeBlock}
+# Per-agent task dir that \`apes agents sync\` writes to (XDG-style on
+# Linux; was ~/Library/... on macOS).
+mkdir -p "$HOME_DIR/.openape/agent/tasks"
+
+chown -R "$NAME:" "$HOME_DIR"
 chmod 700 "$HOME_DIR/.ssh"
 chmod 700 "$HOME_DIR/.config"
 chmod 700 "$HOME_DIR/.config/openape"
@@ -2220,143 +2158,8 @@ chmod 644 "$HOME_DIR/.ssh/id_ed25519.pub"
 chmod 600 "$HOME_DIR/.config/apes/auth.json"
 chmod 600 "$HOME_DIR/.config/openape/agent-x25519.key"
 chmod 644 "$HOME_DIR/.config/openape/agent-x25519.key.pub"
-if [ -f "$HOME_DIR/.config/openape/claude-token.env" ]; then
-  chmod 700 "$HOME_DIR/.config/openape"
-  chmod 600 "$HOME_DIR/.config/openape/claude-token.env"
-fi
-
-echo "OK $NAME (macOS user $MACOS_USER) uid=$NEXT_UID home=$HOME_DIR"
-${buildBridgeBootstrapBlock(input.bridge, name)}${buildTroopBootstrapBlock(input.troop, name)}`;
-}
-function buildBridgeBlock(bridge) {
-  if (!bridge) return "";
-  return `
-mkdir -p "$HOME_DIR/Library/Application Support/openape/bridge" "$HOME_DIR/Library/Logs"
-cat > "$HOME_DIR/Library/Application Support/openape/bridge/.env" ${shHeredoc(bridge.envFile)}
-chmod 600 "$HOME_DIR/Library/Application Support/openape/bridge/.env"
-`;
-}
-function buildBridgeBootstrapBlock(_bridge, _name) {
-  return "";
-}
-function buildTroopBlock(_troop) {
-  return `
-mkdir -p "$HOME_DIR/Library/Logs" "$HOME_DIR/.openape/agent/tasks"
-`;
-}
-function buildTroopBootstrapBlock(_troop, _name) {
-  return "";
-}
-function runPhaseGTeardownInProcess(input) {
-  const { name, homeDir } = input;
-  const macOSUser = input.macOSUsername ?? name;
-  let uid = null;
-  try {
-    const out = execFileSync2("/usr/bin/dscl", [".", "-read", `/Users/${macOSUser}`, "UniqueID"], { encoding: "utf8" });
-    const m = out.match(/UniqueID:\s*(\d+)/);
-    if (m) uid = m[1];
-  } catch {
-  }
-  if (uid) {
-    try {
-      execFileSync2("/bin/launchctl", ["bootout", `user/${uid}`], { stdio: "ignore" });
-    } catch {
-    }
-    try {
-      execFileSync2("/usr/bin/pkill", ["-9", "-u", uid], { stdio: "ignore" });
-    } catch {
-    }
-  }
-  const agentDir = `/var/openape/agents/${name}`;
-  try {
-    rmSync(agentDir, { recursive: true, force: true });
-  } catch {
-  }
-  if (homeDir && homeDir !== "/" && homeDir.startsWith("/var/openape/homes/")) {
-    try {
-      rmSync(homeDir, { recursive: true, force: true });
-    } catch {
-    }
-  }
-  console.log(`OK Phase-G teardown done for ${name} (dscl record /Users/${macOSUser} kept as tombstone)`);
-}
-function buildDestroyTeardownScript(input) {
-  const { name, homeDir, adminUser } = input;
-  return `#!/bin/bash
-# Best-effort teardown. set -u catches typos; we deliberately do NOT use -e
-# because pkill / launchctl are allowed to fail when the user has no live
-# sessions.
-set -u
-
-NAME=${shQuote(name)}
-HOME_DIR=${shQuote(homeDir)}
-ADMIN_USER=${shQuote(adminUser)}
-
-# Read the admin password from stdin (line 1). The caller pipes it in.
-# We never accept it as an argv element so it can't show up in process
-# listings or escapes' audit log.
-read -r ADMIN_PASSWORD
-if [ -z "$ADMIN_PASSWORD" ]; then
-  echo "ERROR: no admin password on stdin (expected one line)." >&2
-  exit 2
-fi
-
-UID_OF=$(dscl . -read "/Users/$NAME" UniqueID 2>/dev/null | awk '/UniqueID:/ {print $2}')
-
-if [ -n "$UID_OF" ]; then
-  launchctl bootout "user/$UID_OF" 2>/dev/null || true
-  pkill -9 -u "$UID_OF" 2>/dev/null || true
-fi
-
-# Per-agent system LaunchDaemon written by spawn (unless --no-bridge). Bootout +
-# delete must come BEFORE we delete the user, otherwise launchd keeps a
-# zombie reference. No-op if the plist isn't there.
-BRIDGE_LABEL="eco.hofmann.apes.bridge.$NAME"
-BRIDGE_PLIST="/Library/LaunchDaemons/$BRIDGE_LABEL.plist"
-if [ -f "$BRIDGE_PLIST" ]; then
-  launchctl bootout "system/$BRIDGE_LABEL" 2>/dev/null || true
-  rm -f "$BRIDGE_PLIST"
-fi
-
-if [ -d "$HOME_DIR" ] && [ "$HOME_DIR" != "/" ] && [ "$HOME_DIR" != "" ]; then
-  rm -rf "$HOME_DIR"
-fi
-
-# \`escapes\` is a plain setuid binary \u2014 opendirectoryd sees no audit/PAM
-# session attached (AUDIT_SESSION_ID=unset) and rejects DirectoryService
-# writes from this context: a bare \`sysadminctl -deleteUser\` or
-# \`dscl . -delete\` hangs ~5 minutes and exits with eUndefinedError -14987
-# at DSRecord.m:563. Passing explicit -adminUser/-adminPassword bypasses
-# opendirectoryd's implicit "is current session admin?" check and
-# authenticates against DirectoryService directly \u2014 the delete then
-# completes in ~1 second.
-if ! command -v sysadminctl >/dev/null 2>&1; then
-  echo "ERROR: sysadminctl not available; cannot delete user record." >&2
-  exit 1
-fi
-
-sysadminctl \\
-  -deleteUser "$NAME" \\
-  -adminUser "$ADMIN_USER" \\
-  -adminPassword "$ADMIN_PASSWORD"
-SYSAD_EC=$?
-unset ADMIN_PASSWORD
-
-if [ $SYSAD_EC -ne 0 ]; then
-  echo "ERROR: sysadminctl -deleteUser failed (exit=$SYSAD_EC)." >&2
-  echo "       Common causes: wrong admin password, admin user '$ADMIN_USER'" >&2
-  echo "       not in admin group, or target user '$NAME' is the last secure" >&2
-  echo "       token holder (run \\\`sysadminctl -secureTokenStatus $NAME\\\`)." >&2
-  exit 1
-fi
 
-# Verify the record is actually gone.
-if dscl . -read "/Users/$NAME" >/dev/null 2>&1; then
-  echo "ERROR: user record /Users/$NAME still exists after teardown" >&2
-  exit 1
-fi
-
-echo "OK destroyed $NAME"
+echo "OK $NAME (linux user) uid=$NEW_UID home=$HOME_DIR"
 `;
 }
 function shQuote(s) {
@@ -2401,81 +2204,11 @@ print(json.dumps(out))
 '
 `;
 
-// src/lib/macos-user.ts
-import { execFileSync as execFileSync3 } from "child_process";
-import { existsSync as existsSync3, readFileSync as readFileSync2 } from "fs";
-function isDarwin() {
-  return process.platform === "darwin";
-}
-var MACOS_USER_PREFIX = "openape-agent-";
-function macOSUsernameForAgent(agentName) {
-  return `${MACOS_USER_PREFIX}${agentName}`;
-}
-function lookupMacOSUserForAgent(agentName) {
-  return readMacOSUser(macOSUsernameForAgent(agentName)) ?? readMacOSUser(agentName);
-}
-function listOrphanedAgentRecords() {
-  if (!isDarwin()) return [];
-  let output;
-  try {
-    output = execFileSync3("dscl", [".", "-list", "/Users", "NFSHomeDirectory"], {
-      encoding: "utf-8",
-      stdio: ["ignore", "pipe", "pipe"]
-    });
-  } catch {
-    return [];
-  }
-  const orphans = [];
-  for (const line of output.split("\n")) {
-    const parts = line.trim().split(/\s+/);
-    if (parts.length < 2) continue;
-    const name = parts[0];
-    const homeDir = parts.slice(1).join(" ");
-    const looksLikeAgent = name.startsWith(MACOS_USER_PREFIX) || homeDir.startsWith("/var/openape/homes/");
-    if (!looksLikeAgent) continue;
-    if (existsSync3(homeDir)) continue;
-    const record = readMacOSUser(name);
-    orphans.push({ name, uid: record?.uid ?? null, homeDir });
-  }
-  return orphans;
-}
-function readMacOSUser(name) {
-  let output;
-  try {
-    output = execFileSync3("dscl", [".", "-read", `/Users/${name}`], {
-      encoding: "utf-8",
-      stdio: ["ignore", "pipe", "pipe"]
-    });
-  } catch {
-    return null;
-  }
-  const uidMatch = output.match(/UniqueID:\s*(\d+)/);
-  const shellMatch = output.match(/UserShell:\s*(\S.*)$/m);
-  const homeMatch = output.match(/NFSHomeDirectory:\s*(\S.*)$/m);
-  return {
-    name,
-    uid: uidMatch ? Number.parseInt(uidMatch[1], 10) : null,
-    shell: shellMatch ? shellMatch[1].trim() : null,
-    homeDir: homeMatch ? homeMatch[1].trim() : null
-  };
-}
-function listMacOSUserNames() {
-  let output;
-  try {
-    output = execFileSync3("dscl", [".", "-list", "/Users"], {
-      encoding: "utf-8",
-      stdio: ["ignore", "pipe", "pipe"]
-    });
-  } catch {
-    return /* @__PURE__ */ new Set();
-  }
-  return new Set(
-    output.split("\n").map((line) => line.trim()).filter((line) => line.length > 0)
-  );
-}
+// src/lib/which.ts
+import { execFileSync as execFileSync2 } from "child_process";
 function whichBinary(name) {
   try {
-    const out = execFileSync3("which", [name], {
+    const out = execFileSync2("which", [name], {
       encoding: "utf-8",
       stdio: ["ignore", "pipe", "ignore"]
     }).trim();
@@ -2484,193 +2217,34 @@ function whichBinary(name) {
     return null;
   }
 }
-function isShellRegistered(shellPath) {
-  if (!existsSync3("/etc/shells")) return false;
-  const content = readFileSync2("/etc/shells", "utf-8");
-  return content.split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#")).includes(shellPath);
-}
 
 // src/lib/host-platform/index.ts
 import process2 from "process";
 
-// src/lib/macos-host.ts
-import { execFileSync as execFileSync4 } from "child_process";
-import { hostname as hostname3 } from "os";
-function getHostId() {
-  try {
-    const output = execFileSync4(
-      "/usr/sbin/ioreg",
-      ["-d2", "-c", "IOPlatformExpertDevice"],
-      { encoding: "utf8", timeout: 2e3 }
-    );
-    const match = output.match(/"IOPlatformUUID"\s*=\s*"([^"]+)"/);
-    return match ? match[1].trim().toLowerCase() : "";
-  } catch {
-    return "";
-  }
-}
-function getHostname() {
-  try {
-    return hostname3();
-  } catch {
-    return "";
-  }
-}
-
-// src/lib/host-platform/darwin-nest.ts
-import { execFileSync as execFileSync5 } from "child_process";
-import { existsSync as existsSync4, mkdirSync, readFileSync as readFileSync3, unlinkSync, writeFileSync } from "fs";
-import { userInfo } from "os";
-import { join as join2 } from "path";
-var PLIST_LABEL = "ai.openape.nest";
-function plistPath(userHome) {
-  return join2(userHome, "Library", "LaunchAgents", `${PLIST_LABEL}.plist`);
-}
-function xmlEscape(s) {
-  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
-}
-function buildNestPlist(spec) {
-  const logsDir = join2(spec.userHome, "Library", "Logs");
-  return `<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-  <key>Label</key>
-  <string>${xmlEscape(PLIST_LABEL)}</string>
-  <key>ProgramArguments</key>
-  <array>
-    <string>${xmlEscape(spec.nestBin)}</string>
-  </array>
-  <key>WorkingDirectory</key>
-  <string>${xmlEscape(spec.nestHome)}</string>
-  <key>RunAtLoad</key>
-  <true/>
-  <key>KeepAlive</key>
-  <true/>
-  <key>ThrottleInterval</key>
-  <integer>10</integer>
-  <key>EnvironmentVariables</key>
-  <dict>
-    <key>HOME</key><string>${xmlEscape(spec.nestHome)}</string>
-    <key>PATH</key><string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin</string>
-    <key>OPENAPE_NEST_PORT</key><string>${spec.port}</string>
-    <key>OPENAPE_APES_BIN</key><string>${xmlEscape(spec.apesBin)}</string>
-  </dict>
-  <key>StandardOutPath</key>
-  <string>${xmlEscape(logsDir)}/openape-nest.log</string>
-  <key>StandardErrorPath</key>
-  <string>${xmlEscape(logsDir)}/openape-nest.log</string>
-</dict>
-</plist>
-`;
-}
-async function installNestSupervisorOnDarwin(spec) {
-  const path2 = plistPath(spec.userHome);
-  mkdirSync(join2(spec.userHome, "Library", "LaunchAgents"), { recursive: true });
-  const desired = buildNestPlist(spec);
-  let existing = "";
-  try {
-    existing = readFileSync3(path2, "utf8");
-  } catch {
-  }
-  if (existing !== desired) {
-    writeFileSync(path2, desired, { mode: 420 });
-  }
-  const uid = userInfo().uid;
-  try {
-    execFileSync5("/bin/launchctl", ["bootout", `gui/${uid}/${PLIST_LABEL}`], { stdio: "ignore" });
-  } catch {
-  }
-  execFileSync5("/bin/launchctl", ["bootstrap", `gui/${uid}`, path2], { stdio: "inherit" });
-}
-async function uninstallNestSupervisorOnDarwin() {
-  const home = userInfo().homedir;
-  const uid = userInfo().uid;
-  const path2 = plistPath(home);
-  try {
-    execFileSync5("/bin/launchctl", ["bootout", `gui/${uid}/${PLIST_LABEL}`], { stdio: "ignore" });
-  } catch {
-  }
-  if (existsSync4(path2)) unlinkSync(path2);
-}
-
-// src/lib/host-platform/darwin-exec.ts
-import { execFileSync as execFileSync6, spawnSync } from "child_process";
-import { mkdtempSync, rmSync as rmSync2, writeFileSync as writeFileSync2 } from "fs";
-import { tmpdir } from "os";
-import { join as join3 } from "path";
-function resolveApesBinary() {
-  return process.env.OPENAPE_APES_BIN || "apes";
-}
-async function runPrivilegedBashOnDarwin(script) {
-  const dir = mkdtempSync(join3(tmpdir(), "apes-privileged-"));
-  const scriptPath = join3(dir, "run.sh");
-  writeFileSync2(scriptPath, script, { mode: 448 });
-  try {
-    if (process.getuid?.() === 0) {
-      execFileSync6("bash", [scriptPath], { stdio: "inherit" });
-    } else {
-      execFileSync6(resolveApesBinary(), ["run", "--as", "root", "--wait", "--", "bash", scriptPath], { stdio: "inherit" });
-    }
-  } finally {
-    try {
-      rmSync2(dir, { recursive: true, force: true });
-    } catch {
-    }
-  }
-}
-async function runAsAgentUserOnDarwin(agentName, argv) {
-  const r = spawnSync(
-    resolveApesBinary(),
-    ["run", "--as", agentName, "--wait", "--", ...argv],
-    { encoding: "utf8" }
-  );
-  return {
-    stdout: r.stdout ?? "",
-    stderr: r.stderr ?? "",
-    exitCode: r.status ?? 1
-  };
-}
-
-// src/lib/host-platform/darwin.ts
-var darwinHostPlatform = {
-  getHostId,
-  getHostname,
-  agentUsername: macOSUsernameForAgent,
-  lookupAgentUser: (agentName) => lookupMacOSUserForAgent(agentName),
-  readAgentUser: (osName) => readMacOSUser(osName),
-  listAgentUserNames: listMacOSUserNames,
-  listOrphanAgentUsers: () => listOrphanedAgentRecords().map((r) => ({ name: r.name, uid: r.uid, homeDir: r.homeDir })),
-  installNestSupervisor: installNestSupervisorOnDarwin,
-  uninstallNestSupervisor: uninstallNestSupervisorOnDarwin,
-  runPrivilegedBash: runPrivilegedBashOnDarwin,
-  runAsAgentUser: runAsAgentUserOnDarwin
-};
-
 // src/lib/host-platform/linux-host.ts
-import { hostname as hostname4 } from "os";
-import { existsSync as existsSync5, readFileSync as readFileSync4 } from "fs";
+import { hostname as hostname3 } from "os";
+import { existsSync as existsSync3, readFileSync as readFileSync2 } from "fs";
 var FALLBACK_PATHS = ["/etc/machine-id", "/var/lib/dbus/machine-id"];
 function getLinuxHostId() {
   for (const path2 of FALLBACK_PATHS) {
-    if (!existsSync5(path2)) continue;
+    if (!existsSync3(path2)) continue;
     try {
-      const v = readFileSync4(path2, "utf-8").trim();
+      const v = readFileSync2(path2, "utf-8").trim();
       if (v) return v;
     } catch {
     }
   }
-  return hostname4();
+  return hostname3();
 }
 function getLinuxHostname() {
-  return hostname4();
+  return hostname3();
 }
 
 // src/lib/host-platform/linux-user.ts
-import { execFileSync as execFileSync7 } from "child_process";
+import { execFileSync as execFileSync3 } from "child_process";
 function getentPasswd(name) {
   try {
-    return execFileSync7("getent", ["passwd", name], {
+    return execFileSync3("getent", ["passwd", name], {
       encoding: "utf-8",
       stdio: ["ignore", "pipe", "ignore"]
     }).trim() || null;
@@ -2698,7 +2272,7 @@ function readLinuxUser(name) {
 }
 function listLinuxUserNames() {
   try {
-    const out = execFileSync7("getent", ["passwd"], {
+    const out = execFileSync3("getent", ["passwd"], {
       encoding: "utf-8",
       stdio: ["ignore", "pipe", "ignore"]
     });
@@ -2714,29 +2288,29 @@ function listLinuxUserNames() {
 }
 
 // src/lib/host-platform/linux-exec.ts
-import { execFileSync as execFileSync8, spawnSync as spawnSync2 } from "child_process";
-import { mkdtempSync as mkdtempSync2, rmSync as rmSync3, writeFileSync as writeFileSync3 } from "fs";
-import { tmpdir as tmpdir2 } from "os";
-import { join as join4 } from "path";
+import { execFileSync as execFileSync4, spawnSync } from "child_process";
+import { mkdtempSync, rmSync, writeFileSync } from "fs";
+import { tmpdir } from "os";
+import { join as join2 } from "path";
 async function runPrivilegedBashOnLinux(script) {
-  const dir = mkdtempSync2(join4(tmpdir2(), "apes-privileged-"));
-  const scriptPath = join4(dir, "run.sh");
-  writeFileSync3(scriptPath, script, { mode: 448 });
+  const dir = mkdtempSync(join2(tmpdir(), "apes-privileged-"));
+  const scriptPath = join2(dir, "run.sh");
+  writeFileSync(scriptPath, script, { mode: 448 });
   try {
     if (process.getuid?.() === 0) {
-      execFileSync8("bash", [scriptPath], { stdio: "inherit" });
+      execFileSync4("bash", [scriptPath], { stdio: "inherit" });
     } else {
-      execFileSync8("sudo", ["-n", "--", "bash", scriptPath], { stdio: "inherit" });
+      execFileSync4("sudo", ["-n", "--", "bash", scriptPath], { stdio: "inherit" });
     }
   } finally {
     try {
-      rmSync3(dir, { recursive: true, force: true });
+      rmSync(dir, { recursive: true, force: true });
     } catch {
     }
   }
 }
 async function runAsAgentUserOnLinux(agentName, argv) {
-  const r = spawnSync2("sudo", ["-n", "-H", "-u", agentName, "--", ...argv], { encoding: "utf8" });
+  const r = spawnSync("sudo", ["-n", "-H", "-u", agentName, "--", ...argv], { encoding: "utf8" });
   return {
     stdout: r.stdout ?? "",
     stderr: r.stderr ?? "",
@@ -2745,8 +2319,8 @@ async function runAsAgentUserOnLinux(agentName, argv) {
 }
 
 // src/lib/host-platform/linux-nest.ts
-import { execFileSync as execFileSync9 } from "child_process";
-import { existsSync as existsSync6, readFileSync as readFileSync5, unlinkSync as unlinkSync2, writeFileSync as writeFileSync4 } from "fs";
+import { execFileSync as execFileSync5 } from "child_process";
+import { existsSync as existsSync4, readFileSync as readFileSync3, unlinkSync, writeFileSync as writeFileSync2 } from "fs";
 var UNIT_NAME = "openape-nest.service";
 var UNIT_PATH = `/etc/systemd/system/${UNIT_NAME}`;
 function buildNestUnit(spec) {
@@ -2776,23 +2350,23 @@ async function installNestSupervisorOnLinux(spec) {
   const desired = buildNestUnit(spec);
   let existing = "";
   try {
-    existing = readFileSync5(UNIT_PATH, "utf8");
+    existing = readFileSync3(UNIT_PATH, "utf8");
   } catch {
   }
   if (existing !== desired) {
-    writeFileSync4(UNIT_PATH, desired, { mode: 420 });
+    writeFileSync2(UNIT_PATH, desired, { mode: 420 });
   }
-  execFileSync9("systemctl", ["daemon-reload"], { stdio: "inherit" });
-  execFileSync9("systemctl", ["enable", "--now", UNIT_NAME], { stdio: "inherit" });
+  execFileSync5("systemctl", ["daemon-reload"], { stdio: "inherit" });
+  execFileSync5("systemctl", ["enable", "--now", UNIT_NAME], { stdio: "inherit" });
 }
 async function uninstallNestSupervisorOnLinux() {
   try {
-    execFileSync9("systemctl", ["disable", "--now", UNIT_NAME], { stdio: "inherit" });
+    execFileSync5("systemctl", ["disable", "--now", UNIT_NAME], { stdio: "inherit" });
   } catch {
   }
-  if (existsSync6(UNIT_PATH)) unlinkSync2(UNIT_PATH);
+  if (existsSync4(UNIT_PATH)) unlinkSync(UNIT_PATH);
   try {
-    execFileSync9("systemctl", ["daemon-reload"], { stdio: "inherit" });
+    execFileSync5("systemctl", ["daemon-reload"], { stdio: "inherit" });
   } catch {
   }
 }
@@ -2818,18 +2392,14 @@ var linuxHostPlatform = {
 };
 
 // src/lib/host-platform/index.ts
-function isDarwin2() {
-  return process2.platform === "darwin";
-}
 function isLinux() {
   return process2.platform === "linux";
 }
 var testOverride = null;
 function getHostPlatform() {
   if (testOverride) return testOverride;
-  if (isDarwin2()) return darwinHostPlatform;
   if (isLinux()) return linuxHostPlatform;
-  throw new Error(`unsupported host platform: ${process2.platform}`);
+  throw new Error(`unsupported host platform: ${process2.platform} \u2014 OpenApe nests are Linux-only`);
 }
 
 // src/commands/agents/allow.ts
@@ -2842,7 +2412,7 @@ var allowAgentCommand = defineCommand22({
     agent: {
       type: "positional",
       required: true,
-      description: "Agent name (the macOS short username spawn created)"
+      description: "Agent name (the Linux username spawn created)"
     },
     email: {
       type: "positional",
@@ -2859,11 +2429,8 @@ var allowAgentCommand = defineCommand22({
     if (!email.includes("@")) {
       throw new CliError(`Invalid email "${email}".`);
     }
-    if (!isDarwin2()) {
-      throw new CliError("`apes agents allow` is currently macOS-only.");
-    }
     if (!getHostPlatform().lookupAgentUser(agent)) {
-      throw new CliError(`No macOS user for agent "${agent}" \u2014 has it been spawned?`);
+      throw new CliError(`No OS user for agent "${agent}" \u2014 has it been spawned?`);
     }
     const apes = whichBinary("apes");
     if (!apes) throw new CliError("`apes` not found on PATH.");
@@ -2894,7 +2461,7 @@ PY
 chmod 600 "$F"
 `;
     consola19.start(`Adding ${email} to ${agent}'s allowlist\u2026`);
-    execFileSync10(apes, ["run", "--as", agent, "--wait", "--", "bash", "-c", script], { stdio: "inherit" });
+    execFileSync6(apes, ["run", "--as", agent, "--wait", "--", "bash", "-c", script], { stdio: "inherit" });
     consola19.success(`${agent} will auto-accept future contact requests from ${email} (within ~30s of next bridge connect).`);
   }
 });
@@ -2903,13 +2470,12 @@ function shQuote2(s) {
 }
 
 // src/commands/agents/cleanup-orphans.ts
-import { execFileSync as execFileSync11 } from "child_process";
 import { defineCommand as defineCommand23 } from "citty";
 import consola20 from "consola";
 var cleanupOrphansCommand = defineCommand23({
   meta: {
     name: "cleanup-orphans",
-    description: "Delete tombstoned macOS user records left behind by `apes agents destroy` (run with sudo)."
+    description: "Report agent-user tombstones. Linux userdel is atomic, so there are normally none."
   },
   args: {
     "dry-run": {
@@ -2921,81 +2487,37 @@ var cleanupOrphansCommand = defineCommand23({
       description: "Skip the interactive confirmation. Required when stdin is not a TTY."
     }
   },
-  async run({ args }) {
-    if (!isDarwin2()) {
-      throw new CliError(`\`apes agents cleanup-orphans\` is macOS-only. Detected platform: ${process.platform}.`);
-    }
+  async run() {
     const orphans = getHostPlatform().listOrphanAgentUsers();
     if (orphans.length === 0) {
-      consola20.success("No agent tombstones found \u2014 dscl is clean.");
+      consola20.success("No agent tombstones \u2014 userdel is clean on Linux.");
       return;
     }
-    consola20.info(`Found ${orphans.length} agent tombstone${orphans.length === 1 ? "" : "s"}:`);
+    consola20.warn(`Found ${orphans.length} unexpected agent tombstone${orphans.length === 1 ? "" : "s"}:`);
     for (const o of orphans) {
       console.log(`  \u2022 ${o.name}${o.uid !== null ? ` (uid=${o.uid})` : ""} \u2014 was ${o.homeDir}`);
     }
-    if (args["dry-run"]) {
-      consola20.info("Dry-run \u2014 no records deleted. Re-run without --dry-run to clean up.");
-      return;
-    }
-    if (process.geteuid?.() !== 0) {
-      throw new CliError(
-        "Must run as root so opendirectoryd accepts the sysadminctl-deleteUser calls. Re-run with `sudo apes agents cleanup-orphans` from a shell login (the sudo session inherits your admin audit-session, which opendirectoryd verifies)."
-      );
-    }
-    if (!args.force) {
-      if (!process.stdin.isTTY) {
-        throw new CliError(
-          "No TTY available for the interactive confirmation. Re-run with --force (this is the same flag CI / scripted callers use)."
-        );
-      }
-      const confirmed = await consola20.prompt(`Delete ${orphans.length} tombstone${orphans.length === 1 ? "" : "s"}?`, {
-        type: "confirm",
-        initial: false
-      });
-      if (typeof confirmed === "symbol" || !confirmed) {
-        consola20.info("Aborted \u2014 no records deleted.");
-        return;
-      }
-    }
-    let deleted = 0;
-    let failed = 0;
-    for (const o of orphans) {
-      try {
-        execFileSync11("/usr/sbin/sysadminctl", ["-deleteUser", o.name], {
-          stdio: ["ignore", "inherit", "inherit"]
-        });
-        consola20.success(`Deleted ${o.name}`);
-        deleted++;
-      } catch (err) {
-        consola20.warn(`Failed to delete ${o.name}: ${err instanceof Error ? err.message : String(err)}`);
-        failed++;
-      }
-    }
-    if (failed > 0) {
-      throw new CliError(`Cleanup finished with errors: ${deleted} deleted, ${failed} failed.`);
-    }
-    consola20.success(`Cleanup complete \u2014 ${deleted} tombstone${deleted === 1 ? "" : "s"} removed.`);
+    consola20.info("Remove each one manually with `userdel -r <name>`.");
   }
 });
 
 // src/commands/agents/code.ts
-import { existsSync as existsSync8, readFileSync as readFileSync7 } from "fs";
+import { existsSync as existsSync6, readFileSync as readFileSync5 } from "fs";
 import { homedir as homedir5 } from "os";
-import { join as join6 } from "path";
+import { join as join4 } from "path";
 import process3 from "process";
 import { defineCommand as defineCommand24 } from "citty";
 import { consola as consola21 } from "consola";
 import { taskTools, runApeShell, runCodingTask, buildIssueGet, detectForge, createLlmReviewer, createLlmRiskAssessor, resolveMergePolicy } from "@openape/agent-runtime";
 
 // src/lib/agent-secrets-runtime.ts
-import { existsSync as existsSync7, readdirSync, readFileSync as readFileSync6, watch } from "fs";
+import { existsSync as existsSync5, mkdirSync, readdirSync, readFileSync as readFileSync4, statSync, watch, writeFileSync as writeFileSync3 } from "fs";
 import { homedir as homedir4 } from "os";
-import { join as join5 } from "path";
+import { dirname, join as join3 } from "path";
 import { openString } from "@openape/core";
-var CONFIG_DIR2 = join5(homedir4(), ".config", "openape");
-var SECRETS_DIR = join5(CONFIG_DIR2, "secrets.d");
-var X25519_KEY_PATH = join5(CONFIG_DIR2, "agent-x25519.key");
+var CONFIG_DIR2 = join3(homedir4(), ".config", "openape");
+var SECRETS_DIR = join3(CONFIG_DIR2, "secrets.d");
+var X25519_KEY_PATH = join3(CONFIG_DIR2, "agent-x25519.key");
 var X25519_PUBKEY_PATH = `${X25519_KEY_PATH}.pub`;
 function envNameFromFile(file) {
   if (!file.endsWith(".blob")) return null;
@@ -3003,13 +2525,13 @@ function envNameFromFile(file) {
   return /^[A-Z][A-Z0-9_]*$/.test(env) ? env : null;
 }
 function readAgentEncryptionKey(keyPath = X25519_KEY_PATH) {
-  if (!existsSync7(keyPath)) return null;
-  const k = readFileSync6(keyPath, "utf8").trim();
+  if (!existsSync5(keyPath)) return null;
+  const k = readFileSync4(keyPath, "utf8").trim();
   return k.length > 0 ? k : null;
 }
 function readAgentEncryptionPublicKey(pubPath = X25519_PUBKEY_PATH) {
-  if (!existsSync7(pubPath)) return null;
-  const k = readFileSync6(pubPath, "utf8").trim();
+  if (!existsSync5(pubPath)) return null;
+  const k = readFileSync4(pubPath, "utf8").trim();
   return k.length > 0 ? k : null;
 }
 function materializeSecrets(opts = {}) {
@@ -3020,13 +2542,23 @@ function materializeSecrets(opts = {}) {
   const applied = [];
   const failed = [];
   const key = readAgentEncryptionKey(opts.keyPath);
-  const files = key && existsSync7(dir) ? readdirSync(dir) : [];
+  const files = key && existsSync5(dir) ? readdirSync(dir) : [];
   for (const file of files) {
     const name = envNameFromFile(file);
     if (!name) continue;
     try {
-      const box = JSON.parse(readFileSync6(join5(dir, file), "utf8"));
-      env[name] = openString(box, key);
+      const box = JSON.parse(readFileSync4(join3(dir, file), "utf8"));
+      const plaintext = openString(box, key);
+      const target = typeof box.materializeTo === "string" ? box.materializeTo : null;
+      if (target) {
+        const blobMtime = statSync(join3(dir, file)).mtimeMs;
+        if (!existsSync5(target) || statSync(target).mtimeMs < blobMtime) {
+          mkdirSync(dirname(target), { recursive: true });
+          writeFileSync3(target, plaintext, { mode: 384 });
+        }
+      } else {
+        env[name] = plaintext;
+      }
       applied.push(name);
     } catch (e) {
       failed.push(file);
@@ -3052,7 +2584,7 @@ function startSecretsWatcher(opts = {}) {
     appliedNames = new Set(r.applied);
   };
   run();
-  if (!existsSync7(dir)) return () => {
+  if (!existsSync5(dir)) return () => {
   };
   let timer = null;
   const watcher = watch(dir, () => {
@@ -3079,9 +2611,9 @@ var DEFAULT_PERSONA = [
 ].join(" ");
 function readLitellmConfig(model) {
   const env = {};
-  const envPath = join6(homedir5(), "litellm", ".env");
-  if (existsSync8(envPath)) {
-    for (const raw of readFileSync7(envPath, "utf8").split("\n")) {
+  const envPath = join4(homedir5(), "litellm", ".env");
+  if (existsSync6(envPath)) {
+    for (const raw of readFileSync5(envPath, "utf8").split("\n")) {
       const line = raw.trim();
       const m = /^([A-Z_][A-Z0-9_]*)=(.*)$/.exec(line);
       if (m) env[m[1]] = m[2].trim().replace(/^["']|["']$/g, "");
@@ -3097,11 +2629,11 @@ function readLitellmConfig(model) {
   return { apiBase, apiKey, model: model || process3.env.APE_CHAT_BRIDGE_MODEL || "claude-haiku-4-5" };
 }
 function readPersona(file) {
-  if (file && existsSync8(file)) return readFileSync7(file, "utf8");
-  const agentJson = join6(homedir5(), ".openape", "agent", "agent.json");
-  if (existsSync8(agentJson)) {
+  if (file && existsSync6(file)) return readFileSync5(file, "utf8");
+  const agentJson = join4(homedir5(), ".openape", "agent", "agent.json");
+  if (existsSync6(agentJson)) {
     try {
-      const p = JSON.parse(readFileSync7(agentJson, "utf8"));
+      const p = JSON.parse(readFileSync5(agentJson, "utf8"));
       if (p.systemPrompt?.trim()) return p.systemPrompt;
     } catch {
     }
@@ -3186,30 +2718,27 @@ ${result.reason}`);
 });
 
 // src/commands/agents/destroy.ts
-import { execFileSync as execFileSync12 } from "child_process";
-import { mkdtempSync as mkdtempSync3, rmSync as rmSync4, writeFileSync as writeFileSync6 } from "fs";
-import { tmpdir as tmpdir3, userInfo as userInfo2 } from "os";
-import { join as join8 } from "path";
 import { defineCommand as defineCommand25 } from "citty";
 import consola22 from "consola";
 
 // src/lib/nest-registry.ts
-import { existsSync as existsSync9, mkdirSync as mkdirSync2, readFileSync as readFileSync8, writeFileSync as writeFileSync5 } from "fs";
+import { existsSync as existsSync7, mkdirSync as mkdirSync2, readFileSync as readFileSync6, writeFileSync as writeFileSync4 } from "fs";
 import { homedir as homedir6 } from "os";
-import { join as join7 } from "path";
+import { join as join5 } from "path";
 function resolveRegistryPath() {
-  if (existsSync9("/var/openape/nest/agents.json")) return "/var/openape/nest/agents.json";
-  if (existsSync9("/var/openape/nest")) return "/var/openape/nest/agents.json";
-  return join7(homedir6(), ".openape", "nest", "agents.json");
+  if (process.env.OPENAPE_NEST_REGISTRY_PATH) return process.env.OPENAPE_NEST_REGISTRY_PATH;
+  if (existsSync7("/var/openape/nest/agents.json")) return "/var/openape/nest/agents.json";
+  if (existsSync7("/var/openape/nest")) return "/var/openape/nest/agents.json";
+  return join5(homedir6(), ".openape", "nest", "agents.json");
 }
 function emptyRegistry() {
   return { version: 1, agents: [] };
 }
 function readNestRegistry() {
   const path2 = resolveRegistryPath();
-  if (!existsSync9(path2)) return emptyRegistry();
+  if (!existsSync7(path2)) return emptyRegistry();
   try {
-    const parsed = JSON.parse(readFileSync8(path2, "utf8"));
+    const parsed = JSON.parse(readFileSync6(path2, "utf8"));
     if (parsed?.version !== 1 || !Array.isArray(parsed.agents)) return emptyRegistry();
     return parsed;
   } catch {
@@ -3223,7 +2752,7 @@ function writeNestRegistry(reg) {
     mkdirSync2(dir, { recursive: true });
   } catch {
   }
-  writeFileSync5(path2, `${JSON.stringify(reg, null, 2)}
+  writeFileSync4(path2, `${JSON.stringify(reg, null, 2)}
 `, { mode: 432 });
 }
 function upsertNestAgent(entry) {
@@ -3242,65 +2771,11 @@ function removeNestAgent(name) {
   return true;
 }
 
-// src/lib/silent-password.ts
-function readPasswordSilent(prompt) {
-  if (!process.stdin.isTTY) {
-    return Promise.reject(new CliError(
-      "No TTY available for the silent password prompt. Set APES_ADMIN_PASSWORD in the environment instead."
-    ));
-  }
-  return new Promise((resolve4, reject) => {
-    process.stdout.write(prompt);
-    const wasRaw = process.stdin.isRaw ?? false;
-    process.stdin.setRawMode(true);
-    process.stdin.resume();
-    process.stdin.setEncoding("utf8");
-    let buf = "";
-    let cleanupFn;
-    const cleanup = () => cleanupFn?.();
-    const onData = (chunk) => {
-      for (const ch of chunk) {
-        const code = ch.charCodeAt(0);
-        if (ch === "\r" || ch === "\n") {
-          cleanup();
-          process.stdout.write("\n");
-          resolve4(buf);
-          return;
-        }
-        if (code === 3) {
-          cleanup();
-          process.stdout.write("\n");
-          reject(new CliError("Aborted by user (Ctrl-C)."));
-          return;
-        }
-        if (code === 4 && buf.length === 0) {
-          cleanup();
-          process.stdout.write("\n");
-          reject(new CliError("Aborted by user (Ctrl-D)."));
-          return;
-        }
-        if (code === 127 || code === 8) {
-          if (buf.length > 0) buf = buf.slice(0, -1);
-          continue;
-        }
-        if (code < 32) continue;
-        buf += ch;
-      }
-    };
-    cleanupFn = () => {
-      process.stdin.removeListener("data", onData);
-      process.stdin.setRawMode(wasRaw);
-      process.stdin.pause();
-    };
-    process.stdin.on("data", onData);
-  });
-}
-
 // src/commands/agents/destroy.ts
 var destroyAgentCommand = defineCommand25({
   meta: {
     name: "destroy",
-    description: "Tear down an agent: remove macOS user, hard-delete IdP agent, drop all SSH keys"
+    description: "Tear down an agent: remove the OS user, hard-delete IdP agent, drop all SSH keys"
   },
   args: {
     name: {
@@ -3319,10 +2794,6 @@ var destroyAgentCommand = defineCommand25({
     "keep-os-user": {
       type: "boolean",
       description: "Skip OS-side teardown. Useful for CI where the agent has no OS user."
-    },
-    "root-stage": {
-      type: "boolean",
-      description: "Internal \u2014 destroy.ts re-invokes itself via `apes run --as root --` with this flag set, then runs only the Phase-G teardown (rm home, launchctl bootout, kill processes). Skips IdP + auth + interactive prompts since those already ran in the outer pass."
     }
   },
   async run({ args }) {
@@ -3332,18 +2803,6 @@ var destroyAgentCommand = defineCommand25({
         `Invalid agent name "${name}". Must match /^[a-z][a-z0-9-]{0,23}$/.`
       );
     }
-    if (args["root-stage"]) {
-      if (process.geteuid?.() !== 0) {
-        throw new CliError("--root-stage was passed but this process is not running as root. Refusing to continue.");
-      }
-      const platform = getHostPlatform();
-      const resolved = platform.lookupAgentUser(name);
-      const macOSUsername = resolved?.name ?? platform.agentUsername(name);
-      const homeDir = resolved?.homeDir ?? `/var/openape/homes/${macOSUsername}`;
-      consola22.start(`Running teardown for ${name} (Phase-G, root-stage)\u2026`);
-      runPhaseGTeardownInProcess({ name, homeDir, macOSUsername });
-      return;
-    }
     const auth = loadAuth();
     if (!auth) {
       throw new CliError("Not authenticated. Run `apes login` first.");
@@ -3355,7 +2814,7 @@ var destroyAgentCommand = defineCommand25({
     const owned = await apiFetch("/api/my-agents", { idp });
     const idpAgent = owned.find((u) => u.name === name);
     const idpExists = idpAgent !== void 0;
-    const osUser = isDarwin2() ? getHostPlatform().lookupAgentUser(name) : null;
+    const osUser = getHostPlatform().lookupAgentUser(name);
     const osUserExists = !args["keep-os-user"] && osUser !== null;
     if (!idpExists && !osUserExists) {
       consola22.info(`Nothing to destroy: no IdP agent and no OS user for "${name}".`);
@@ -3364,8 +2823,8 @@ var destroyAgentCommand = defineCommand25({
     if (!args.force) {
       const consequences = [];
       if (osUserExists) {
-        const home = osUser?.homeDir ?? `/Users/${name}`;
-        consequences.push(`\u2022 Remove macOS user ${osUser?.name ?? name} and rm -rf ${home}`);
+        const home = osUser?.homeDir ?? `/home/${name}`;
+        consequences.push(`\u2022 Remove OS user ${osUser?.name ?? name} and rm -rf ${home}`);
       }
       if (idpExists) {
         consequences.push(args.soft ? `\u2022 Deactivate IdP agent ${idpAgent.email} (PATCH isActive=false)` : `\u2022 Hard-delete IdP agent ${idpAgent.email} and all its SSH keys`);
@@ -3395,69 +2854,17 @@ ${consequences.join("\n")}`);
       consola22.info("No IdP agent to remove (skipped).");
     }
     if (osUserExists) {
-      const macOSUsername = osUser?.name ?? getHostPlatform().agentUsername(name);
-      const fallbackHome = macOSUsername.startsWith("openape-agent-") ? `/var/openape/homes/${macOSUsername}` : `/Users/${macOSUsername}`;
-      const homeDir = osUser?.homeDir ?? fallbackHome;
-      const isPhaseG = homeDir.startsWith("/var/openape/homes/");
-      if (isPhaseG) {
-        if (process.geteuid?.() === 0) {
-          consola22.start("Running teardown (Phase G \u2014 already root, no grant needed)\u2026");
-          runPhaseGTeardownInProcess({ name, homeDir, macOSUsername });
-        } else {
-          consola22.start("Running teardown (Phase G \u2014 no admin password needed)\u2026");
-          execFileSync12("apes", [
-            "run",
-            "--as",
-            "root",
-            "--wait",
-            "--",
-            "apes",
-            "agents",
-            "destroy",
-            name,
-            "--force",
-            "--root-stage"
-          ], { stdio: "inherit" });
-        }
-        consola22.info(`dscl record /Users/${macOSUsername} kept as tombstone (hidden, no home). Run \`sudo apes agents cleanup-orphans\` to sweep accumulated tombstones.`);
-      } else {
-        const sudo = whichBinary("sudo");
-        if (!sudo) {
-          throw new CliError("`sudo` not found on PATH; required for OS teardown.");
-        }
-        const adminUser = userInfo2().username;
-        let adminPassword;
-        try {
-          adminPassword = await collectAdminPassword({ adminUser });
-        } catch (err) {
-          const headless = !process.stdin.isTTY && !process.env.APES_ADMIN_PASSWORD;
-          if (headless) {
-            consola22.warn(`Legacy OS teardown for ${name} requires a TTY or APES_ADMIN_PASSWORD; skipping. Run \`apes agents destroy ${name}\` from a shell later to fully clean up /Users/${name} + dscl record.`);
-            adminPassword = "";
-          } else {
-            throw err;
-          }
-        }
-        if (adminPassword) {
-          const scratch = mkdtempSync3(join8(tmpdir3(), `apes-destroy-${name}-`));
-          const scriptPath = join8(scratch, "teardown.sh");
-          try {
-            const script = buildDestroyTeardownScript({ name, homeDir, adminUser });
-            writeFileSync6(scriptPath, script, { mode: 448 });
-            consola22.start("Running teardown via sudo\u2026");
-            execFileSync12(sudo, ["-S", "--prompt=", "--", "bash", scriptPath], {
-              input: `${adminPassword}
-${adminPassword}
-`,
-              stdio: ["pipe", "inherit", "inherit"]
-            });
-          } finally {
-            rmSync4(scratch, { recursive: true, force: true });
-          }
-        }
-      }
-    } else if (!args["keep-os-user"] && isDarwin2()) {
-      consola22.info("No macOS user to remove (skipped).");
+      consola22.start(`Removing OS user ${name}\u2026`);
+      await getHostPlatform().runPrivilegedBash(
+        `#!/bin/bash
+set -euo pipefail
+if getent passwd ${JSON.stringify(name)} >/dev/null 2>&1; then
+  pkill -9 -u ${JSON.stringify(name)} 2>/dev/null || true
+  userdel -r ${JSON.stringify(name)}
+fi
+`
+      );
+      consola22.success(`Removed OS user ${name}.`);
     }
     try {
       removeNestAgent(name);
@@ -3467,15 +2874,6 @@ ${adminPassword}
     consola22.success(`Destroyed ${name}.`);
   }
 });
-async function collectAdminPassword(opts) {
-  const fromEnv = process.env.APES_ADMIN_PASSWORD;
-  if (fromEnv && fromEnv.length > 0) return fromEnv;
-  const pw = await readPasswordSilent(`Password for ${opts.adminUser}: `);
-  if (pw.length === 0) {
-    throw new CliExit(0);
-  }
-  return pw;
-}
 
 // src/commands/agents/list.ts
 import { defineCommand as defineCommand26 } from "citty";
@@ -3507,7 +2905,7 @@ var listAgentsCommand = defineCommand26({
     const all = await apiFetch("/api/my-agents", { idp });
     const filtered = args["include-inactive"] ? all : all.filter((u) => u.isActive !== false);
     const platform = getHostPlatform();
-    const osUsers = isDarwin2() ? platform.listAgentUserNames() : /* @__PURE__ */ new Set();
+    const osUsers = platform.listAgentUserNames();
     const osStateOf = (agentName) => {
       const u = platform.lookupAgentUser(agentName);
       if (u) return { osUser: true, home: u.homeDir };
@@ -3543,14 +2941,14 @@ var listAgentsCommand = defineCommand26({
     for (const r of rows) {
       const active = r.isActive ? "\u2713" : "\u2717";
       const os = r.osUser ? "\u2713" : "\u2717";
-      const homeCol = r.home ?? (isDarwin2() ? "(missing)" : "(non-darwin)");
+      const homeCol = r.home ?? "(missing)";
       console.log(`${r.name.padEnd(nameW)}  ${r.email.padEnd(emailW)}  ${active.padEnd(6)}  ${os.padEnd(7)}  ${homeCol}`);
     }
   }
 });
 
 // src/commands/agents/register.ts
-import { existsSync as existsSync10, readFileSync as readFileSync9 } from "fs";
+import { existsSync as existsSync8, readFileSync as readFileSync7 } from "fs";
 import { defineCommand as defineCommand27 } from "citty";
 import consola24 from "consola";
 var registerAgentCommand = defineCommand27({
@@ -3598,10 +2996,10 @@ var registerAgentCommand = defineCommand27({
       throw new CliError("Pass either --public-key or --public-key-file, not both.");
     }
     if (!publicKey && keyFile) {
-      if (!existsSync10(keyFile)) {
+      if (!existsSync8(keyFile)) {
         throw new CliError(`Public-key file not found: ${keyFile}`);
       }
-      publicKey = readFileSync9(keyFile, "utf-8").trim();
+      publicKey = readFileSync7(keyFile, "utf-8").trim();
     }
     if (!publicKey) {
       throw new CliError('Provide --public-key "<ssh-ed25519 line>" or --public-key-file <path>.');
@@ -3636,19 +3034,19 @@ var registerAgentCommand = defineCommand27({
 });
 
 // src/commands/agents/run.ts
-import { existsSync as existsSync11, readFileSync as readFileSync10 } from "fs";
+import { existsSync as existsSync9, readFileSync as readFileSync8 } from "fs";
 import { homedir as homedir7 } from "os";
-import { join as join9 } from "path";
+import { join as join6 } from "path";
 import { defineCommand as defineCommand28 } from "citty";
 import consola25 from "consola";
 import { taskTools as taskTools2, runLoop } from "@openape/agent-runtime";
-var AUTH_PATH = join9(homedir7(), ".config", "apes", "auth.json");
-var TASK_CACHE_DIR = join9(homedir7(), ".openape", "agent", "tasks");
+var AUTH_PATH = join6(homedir7(), ".config", "apes", "auth.json");
+var TASK_CACHE_DIR = join6(homedir7(), ".openape", "agent", "tasks");
 function readAuth() {
-  if (!existsSync11(AUTH_PATH)) {
+  if (!existsSync9(AUTH_PATH)) {
     throw new CliError(`No agent auth found at ${AUTH_PATH}. Run \`apes agents spawn <name>\` first.`);
   }
-  const parsed = JSON.parse(readFileSync10(AUTH_PATH, "utf8"));
+  const parsed = JSON.parse(readFileSync8(AUTH_PATH, "utf8"));
   if (!parsed.access_token) throw new CliError("auth.json missing access_token");
   return parsed;
 }
@@ -3684,26 +3082,26 @@ ${msg}`.slice(0, 9e3);
   }
 }
 function readTaskSpec(taskId) {
-  const path2 = join9(TASK_CACHE_DIR, `${taskId}.json`);
-  if (!existsSync11(path2)) {
+  const path2 = join6(TASK_CACHE_DIR, `${taskId}.json`);
+  if (!existsSync9(path2)) {
     throw new CliError(`No cached task spec at ${path2}. Run \`apes agents sync\` first to pull the task list from troop.`);
   }
-  return JSON.parse(readFileSync10(path2, "utf8"));
+  return JSON.parse(readFileSync8(path2, "utf8"));
 }
-var AGENT_CONFIG_PATH = join9(homedir7(), ".openape", "agent", "agent.json");
+var AGENT_CONFIG_PATH = join6(homedir7(), ".openape", "agent", "agent.json");
 function readAgentConfig() {
-  if (!existsSync11(AGENT_CONFIG_PATH)) return { systemPrompt: "" };
+  if (!existsSync9(AGENT_CONFIG_PATH)) return { systemPrompt: "" };
   try {
-    return JSON.parse(readFileSync10(AGENT_CONFIG_PATH, "utf8"));
+    return JSON.parse(readFileSync8(AGENT_CONFIG_PATH, "utf8"));
   } catch {
     return { systemPrompt: "" };
   }
 }
 function readLitellmConfig2(model) {
-  const envPath = join9(homedir7(), "litellm", ".env");
+  const envPath = join6(homedir7(), "litellm", ".env");
   const env = {};
-  if (existsSync11(envPath)) {
-    for (const line of readFileSync10(envPath, "utf8").split(/\r?\n/)) {
+  if (existsSync9(envPath)) {
+    for (const line of readFileSync8(envPath, "utf8").split(/\r?\n/)) {
       const m = line.match(/^([A-Z_]+)=(.*)$/);
       if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, "");
     }
@@ -3809,18 +3207,18 @@ var runAgentCommand = defineCommand28({
 });
 
 // src/commands/agents/serve.ts
-import { existsSync as existsSync12, readFileSync as readFileSync11 } from "fs";
+import { existsSync as existsSync10, readFileSync as readFileSync9 } from "fs";
 import { homedir as homedir8 } from "os";
-import { join as join10 } from "path";
+import { join as join7 } from "path";
 import { createInterface } from "readline";
 import { defineCommand as defineCommand29 } from "citty";
 import { taskTools as taskTools3, runLoop as runLoop2, RpcSessionMap } from "@openape/agent-runtime";
-var AUTH_PATH2 = join10(homedir8(), ".config", "apes", "auth.json");
+var AUTH_PATH2 = join7(homedir8(), ".config", "apes", "auth.json");
 function readLitellmConfig3(model) {
-  const envPath = join10(homedir8(), "litellm", ".env");
+  const envPath = join7(homedir8(), "litellm", ".env");
   const env = {};
-  if (existsSync12(envPath)) {
-    for (const line of readFileSync11(envPath, "utf8").split(/\r?\n/)) {
+  if (existsSync10(envPath)) {
+    for (const line of readFileSync9(envPath, "utf8").split(/\r?\n/)) {
       const m = line.match(/^([A-Z_]+)=(.*)$/);
       if (m) env[m[1]] = m[2].replace(/^["']|["']$/g, "");
     }
@@ -3852,9 +3250,9 @@ var serveAgentCommand = defineCommand29({
     if (!args.rpc) {
       throw new CliError("apes agents serve currently only supports --rpc mode");
     }
-    if (existsSync12(AUTH_PATH2)) {
+    if (existsSync10(AUTH_PATH2)) {
       try {
-        JSON.parse(readFileSync11(AUTH_PATH2, "utf8"));
+        JSON.parse(readFileSync9(AUTH_PATH2, "utf8"));
       } catch {
       }
     }
@@ -3937,101 +3335,49 @@ async function handleInbound(msg, sessions) {
 import { defineCommand as defineCommand30 } from "citty";
 import consola26 from "consola";
 
-// src/lib/troop-bootstrap.ts
-var SYNC_LABEL_PREFIX = "openape.troop.sync";
-var SYNC_INTERVAL_SECONDS = 300;
-function syncPlistLabel(agentName) {
-  return `${SYNC_LABEL_PREFIX}.${agentName}`;
-}
-function escape(s) {
-  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
-}
-function buildSyncPlist(input) {
-  const pathDirs = (input.hostBinDirs && input.hostBinDirs.length > 0 ? input.hostBinDirs : ["/opt/homebrew/bin", "/usr/local/bin"]).join(":");
-  const pathLine = `    <key>PATH</key><string>${escape(pathDirs)}:/usr/bin:/bin</string>
-`;
-  const agentUserLine = `    <key>AGENT_USER</key><string>${escape(input.userName)}</string>
-`;
-  const envBlock = input.troopUrl ? `  <key>EnvironmentVariables</key>
-  <dict>
-    <key>HOME</key><string>${escape(input.homeDir)}</string>
-${pathLine}${agentUserLine}    <key>OPENAPE_TROOP_URL</key><string>${escape(input.troopUrl)}</string>
-  </dict>
-` : `  <key>EnvironmentVariables</key>
-  <dict>
-    <key>HOME</key><string>${escape(input.homeDir)}</string>
-${pathLine}${agentUserLine}  </dict>
-`;
-  return `<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-  <key>Label</key>
-  <string>${escape(syncPlistLabel(input.agentName))}</string>
-  <key>ProgramArguments</key>
-  <array>
-    <string>${escape(input.apesBin)}</string>
-    <string>agents</string>
-    <string>sync</string>
-  </array>
-  <key>WorkingDirectory</key>
-  <string>${escape(input.homeDir)}</string>
-${envBlock}  <key>StartInterval</key>
-  <integer>${SYNC_INTERVAL_SECONDS}</integer>
-  <key>RunAtLoad</key>
-  <true/>
-  <key>StandardOutPath</key>
-  <string>${escape(input.homeDir)}/Library/Logs/openape-troop-sync.log</string>
-  <key>StandardErrorPath</key>
-  <string>${escape(input.homeDir)}/Library/Logs/openape-troop-sync.log</string>
-</dict>
-</plist>
-`;
-}
-
 // src/lib/keygen.ts
-import { Buffer as Buffer4 } from "buffer";
-import { existsSync as existsSync13, mkdirSync as mkdirSync3, readFileSync as readFileSync12, writeFileSync as writeFileSync7 } from "fs";
+import { Buffer as Buffer3 } from "buffer";
+import { existsSync as existsSync11, mkdirSync as mkdirSync3, readFileSync as readFileSync10, writeFileSync as writeFileSync5 } from "fs";
 import { generateKeyPairSync } from "crypto";
 import { homedir as homedir9 } from "os";
-import { dirname, resolve as resolve2 } from "path";
+import { dirname as dirname2, resolve as resolve2 } from "path";
 import { generateX25519KeyPair } from "@openape/core";
 function resolveKeyPath(p) {
   return resolve2(p.replace(/^~/, homedir9()));
 }
 function buildSshEd25519Line(rawPub) {
   const keyTypeStr = "ssh-ed25519";
-  const keyTypeLen = Buffer4.alloc(4);
+  const keyTypeLen = Buffer3.alloc(4);
   keyTypeLen.writeUInt32BE(keyTypeStr.length);
-  const pubKeyLen = Buffer4.alloc(4);
+  const pubKeyLen = Buffer3.alloc(4);
   pubKeyLen.writeUInt32BE(rawPub.length);
-  const blob = Buffer4.concat([keyTypeLen, Buffer4.from(keyTypeStr), pubKeyLen, rawPub]);
+  const blob = Buffer3.concat([keyTypeLen, Buffer3.from(keyTypeStr), pubKeyLen, rawPub]);
   return `ssh-ed25519 ${blob.toString("base64")}`;
 }
 function readPublicKey(keyPath) {
   const pubPath = `${keyPath}.pub`;
-  if (existsSync13(pubPath)) {
-    return readFileSync12(pubPath, "utf-8").trim();
+  if (existsSync11(pubPath)) {
+    return readFileSync10(pubPath, "utf-8").trim();
   }
-  const keyContent = readFileSync12(keyPath, "utf-8");
+  const keyContent = readFileSync10(keyPath, "utf-8");
   const privateKey = loadEd25519PrivateKey(keyContent);
   const jwk = privateKey.export({ format: "jwk" });
-  const pubBytes = Buffer4.from(jwk.x, "base64url");
+  const pubBytes = Buffer3.from(jwk.x, "base64url");
   return buildSshEd25519Line(pubBytes);
 }
 function generateAndSaveKey(keyPath) {
   const resolved = resolveKeyPath(keyPath);
-  const dir = dirname(resolved);
-  if (!existsSync13(dir)) {
+  const dir = dirname2(resolved);
+  if (!existsSync11(dir)) {
     mkdirSync3(dir, { recursive: true });
   }
   const { publicKey, privateKey } = generateKeyPairSync("ed25519");
   const privatePem = privateKey.export({ type: "pkcs8", format: "pem" });
-  writeFileSync7(resolved, privatePem, { mode: 384 });
+  writeFileSync5(resolved, privatePem, { mode: 384 });
   const jwk = publicKey.export({ format: "jwk" });
-  const pubBytes = Buffer4.from(jwk.x, "base64url");
+  const pubBytes = Buffer3.from(jwk.x, "base64url");
   const pubKeyStr = buildSshEd25519Line(pubBytes);
-  writeFileSync7(`${resolved}.pub`, `${pubKeyStr}
+  writeFileSync5(`${resolved}.pub`, `${pubKeyStr}
 `, { mode: 420 });
   return pubKeyStr;
 }
@@ -4039,7 +3385,7 @@ function generateKeyPairInMemory() {
   const { publicKey, privateKey } = generateKeyPairSync("ed25519");
   const privatePem = privateKey.export({ type: "pkcs8", format: "pem" });
   const jwk = publicKey.export({ format: "jwk" });
-  const pubBytes = Buffer4.from(jwk.x, "base64url");
+  const pubBytes = Buffer3.from(jwk.x, "base64url");
   const enc = generateX25519KeyPair();
   return {
     privatePem,
@@ -4049,145 +3395,8 @@ function generateKeyPairInMemory() {
   };
 }
 
-// src/lib/llm-bridge.ts
-import { execFileSync as execFileSync13 } from "child_process";
-import { existsSync as existsSync14, readFileSync as readFileSync13 } from "fs";
-import { homedir as homedir10 } from "os";
-import { dirname as dirname2, join as join11 } from "path";
-var PLIST_LABEL_PREFIX = "eco.hofmann.apes.bridge";
-function readLitellmEnv(envPath = join11(homedir10(), "litellm", ".env")) {
-  if (!existsSync14(envPath)) return null;
-  try {
-    const text = readFileSync13(envPath, "utf8");
-    const out = {};
-    for (const line of text.split("\n")) {
-      const trimmed = line.trim();
-      if (!trimmed || trimmed.startsWith("#")) continue;
-      const eq = trimmed.indexOf("=");
-      if (eq < 0) continue;
-      const key = trimmed.slice(0, eq).trim();
-      const value = trimmed.slice(eq + 1).trim();
-      if (key === "LITELLM_MASTER_KEY" || key === "LITELLM_API_KEY") out.apiKey = value;
-      if (key === "LITELLM_BASE_URL") out.baseUrl = value;
-      if (key === "APE_CHAT_BRIDGE_MODEL") out.model = value;
-    }
-    return out;
-  } catch {
-    return null;
-  }
-}
-function resolveBridgeConfig(opts) {
-  const env = readLitellmEnv(opts.envPath);
-  const apiKey = opts.cliKey ?? env?.apiKey;
-  const baseUrl = opts.cliBaseUrl ?? env?.baseUrl ?? "http://127.0.0.1:4000/v1";
-  const model = opts.cliModel ?? env?.model;
-  if (!apiKey) {
-    throw new Error(
-      "No LITELLM_API_KEY resolved. Pass --bridge-key sk-\u2026 or write LITELLM_MASTER_KEY into ~/litellm/.env first."
-    );
-  }
-  return { baseUrl, apiKey, model };
-}
-function captureHostBinDirs() {
-  const dirs = [];
-  const seen = /* @__PURE__ */ new Set();
-  for (const bin of ["node", "ape-agent", "apes"]) {
-    let resolved;
-    try {
-      resolved = execFileSync13("/usr/bin/which", [bin], { encoding: "utf8" }).trim();
-    } catch {
-      const installCmd = bin === "ape-agent" ? "npm i -g @openape/ape-agent" : bin === "apes" ? "npm i -g @openape/apes" : "install Node.js (e.g. brew install node)";
-      throw new Error(`'${bin}' not found on host PATH. ${installCmd} before spawning agents \u2014 the bridge runtime resolves these at spawn time and bakes the dir into the agent's launchd plist.`);
-    }
-    const dir = dirname2(resolved);
-    if (!seen.has(dir)) {
-      seen.add(dir);
-      dirs.push(dir);
-    }
-  }
-  return dirs;
-}
-function bridgePlistLabel(agentName) {
-  return `${PLIST_LABEL_PREFIX}.${agentName}`;
-}
-function bridgePlistPath(agentName) {
-  return `/Library/LaunchDaemons/${bridgePlistLabel(agentName)}.plist`;
-}
-function buildBridgeEnvFile(cfg) {
-  const modelLine = cfg.model ? `APE_CHAT_BRIDGE_MODEL=${cfg.model}
-` : "";
-  return `# Auto-generated by 'apes agents spawn'.
-# Read by the chat-bridge daemon at boot to talk to the local LLM proxy.
-LITELLM_BASE_URL=${cfg.baseUrl}
-LITELLM_API_KEY=${cfg.apiKey}
-${modelLine}`;
-}
-function buildBridgeStartScript(hostBinDirs) {
-  const pathLine = `export PATH="${hostBinDirs.join(":")}:/usr/bin:/bin"`;
-  return `#!/usr/bin/env bash
-# Auto-generated by 'apes agents spawn'.
-# Slim launcher \u2014 bridge stack lives on the host, no per-agent install.
-set -euo pipefail
-
-${pathLine}
-
-# Token refresh is in-process via @openape/cli-auth's challenge-response
-# path (auth.json.key_path -> ~/.ssh/id_ed25519). No "apes login" needed
-# at boot \u2014 keeping start.sh slim avoids the rate-limit dance the old
-# refresh hit when KeepAlive crash-restarted the daemon every 1h.
-
-set -a
-. "$HOME/Library/Application Support/openape/bridge/.env"
-set +a
-exec ape-agent
-`;
-}
-function buildBridgePlist(agentName, homeDir, ownerEmail, hostBinDirs) {
-  const startScript = `${homeDir}/Library/Application Support/openape/bridge/start.sh`;
-  const stdoutLog = `${homeDir}/Library/Logs/ape-agent.log`;
-  const stderrLog = `${homeDir}/Library/Logs/ape-agent.err.log`;
-  const pathValue = `${hostBinDirs.join(":")}:/usr/bin:/bin`;
-  return `<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-    <key>Label</key>
-    <string>${bridgePlistLabel(agentName)}</string>
-    <key>UserName</key>
-    <string>${agentName}</string>
-    <key>ProgramArguments</key>
-    <array>
-        <string>/bin/bash</string>
-        <string>${startScript}</string>
-    </array>
-    <key>WorkingDirectory</key>
-    <string>${homeDir}</string>
-    <key>RunAtLoad</key>
-    <true/>
-    <key>KeepAlive</key>
-    <true/>
-    <key>ThrottleInterval</key>
-    <integer>10</integer>
-    <key>StandardOutPath</key>
-    <string>${stdoutLog}</string>
-    <key>StandardErrorPath</key>
-    <string>${stderrLog}</string>
-    <key>EnvironmentVariables</key>
-    <dict>
-        <key>HOME</key>
-        <string>${homeDir}</string>
-        <key>PATH</key>
-        <string>${pathValue}</string>
-        <key>OPENAPE_OWNER_EMAIL</key>
-        <string>${ownerEmail}</string>
-    </dict>
-</dict>
-</plist>
-`;
-}
-
 // src/commands/agents/spawn.ts
-function readMacOSUidOrNull(name) {
+function readUidOrNull(name) {
   try {
     const u = getHostPlatform().readAgentUser(name);
     return u?.uid ?? null;
@@ -4198,30 +3407,22 @@ function readMacOSUidOrNull(name) {
 var spawnAgentCommand = defineCommand30({
   meta: {
     name: "spawn",
-    description: "Provision a local macOS agent end-to-end (OS user, keypair, IdP agent, Claude hook)"
+    description: "Provision a local Linux agent end-to-end (OS user, keypair, IdP agent, Claude hook)"
   },
   args: {
     name: {
       type: "positional",
-      description: "Agent name \u2014 also the macOS short username (lowercase, [a-z0-9-], must start with a letter)",
+      description: "Agent name \u2014 also the Linux username (lowercase, [a-z0-9-], must start with a letter)",
       required: true
     },
     shell: {
       type: "string",
-      description: "Login shell for the macOS user. Default: /bin/zsh. Pass $(which ape-shell) to opt into the grant-mediated REPL as login shell."
+      description: "Login shell for the Linux user. Default: /bin/bash. Pass $(which ape-shell) to opt into the grant-mediated REPL as login shell."
     },
     "no-claude-hook": {
       type: "boolean",
       description: "Skip writing ~/.claude/settings.json + the Bash-rewrite hook"
     },
-    "claude-token": {
-      type: "string",
-      description: "Claude Code OAuth token (sk-ant-oat01-\u2026) from `claude setup-token`. Visible to ps \u2014 prefer --claude-token-stdin in scripts."
-    },
-    "claude-token-stdin": {
-      type: "boolean",
-      description: "Read the Claude Code OAuth token from stdin (paranoid form of --claude-token)."
-    },
     "no-bridge": {
       type: "boolean",
       description: "Skip the ape-agent runtime install. Default behaviour installs the runtime so the agent answers chat.openape.ai messages (reads LITELLM_API_KEY/BASE_URL from ~/litellm/.env; override via --bridge-key / --bridge-base-url). Use --no-bridge for headless / CI / IdP-only account provisioning where the agent will not run a chat loop."
@@ -4237,6 +3438,18 @@ var spawnAgentCommand = defineCommand30({
     "bridge-model": {
       type: "string",
       description: "Model the bridge sends in chat-completion requests (default: claude-haiku-4-5). Override when fronting a proxy that doesn't route the default \u2014 e.g. ChatGPT-only proxy needs `gpt-5.4`."
+    },
+    "kind": {
+      type: "string",
+      description: `Agent kind: "user" (default, connects to troop-chat) or "service" (polls an SP backend's task queue and runs each task through the LLM). With "service", --serves is required.`
+    },
+    "serves": {
+      type: "string",
+      description: "For --kind service: base URL of the SP backend this agent serves (e.g. https://zaz.delta-mind.at or http://127.0.0.1:3013). The agent pulls GetNextTask / posts ResolveTask there."
+    },
+    "poll-interval": {
+      type: "string",
+      description: "For --kind service: idle poll interval in ms (default 2000)."
     }
   },
   async run({ args }) {
@@ -4246,11 +3459,13 @@ var spawnAgentCommand = defineCommand30({
         `Invalid agent name "${name}". Must match /^[a-z][a-z0-9-]{0,23}$/ \u2014 lowercase letters, digits and hyphens, 1\u201324 chars, must start with a letter.`
       );
     }
-    if (!isDarwin2()) {
-      throw new CliError(
-        `\`apes agents spawn\` is currently macOS-only. Detected platform: ${process.platform}. Linux support is a follow-up; for now, use \`apes agents register\` plus a manually provisioned user.`
-      );
-    }
+    if (args.kind != null && args.kind !== "user" && args.kind !== "service")
+      throw new CliError(`Invalid --kind "${String(args.kind)}". Must be "user" or "service".`);
+    const isService = args.kind === "service";
+    const servesUrl = typeof args.serves === "string" ? args.serves.replace(/\/$/, "") : void 0;
+    if (isService && !servesUrl)
+      throw new CliError("--kind service requires --serves <SP base URL> (e.g. https://zaz.delta-mind.at).");
+    const pollMs = typeof args["poll-interval"] === "string" ? Number.parseInt(args["poll-interval"], 10) : void 0;
     const auth = loadAuth();
     if (!auth) {
       throw new CliError("Not authenticated. Run `apes login` first.");
@@ -4259,177 +3474,179 @@ var spawnAgentCommand = defineCommand30({
     if (!idp) {
       throw new CliError("No IdP URL configured. Run `apes login` first.");
     }
-    const loginShell = (args.shell ?? "/bin/zsh").toString();
-    const apes = whichBinary("apes");
-    if (!apes) {
-      throw new CliError("`apes` not found on PATH. Install @openape/apes globally first.");
-    }
-    const escapes = whichBinary("escapes");
-    if (!escapes) {
-      throw new CliError(
-        "`escapes` not found on PATH. spawn delegates the privileged setup phase to escapes; install it before running spawn."
-      );
-    }
-    if (!isShellRegistered(loginShell)) {
-      throw new CliError(
-        `${loginShell} is not registered in /etc/shells. macOS refuses to set it as a login shell. Run:
-  echo ${loginShell} | sudo tee -a /etc/shells
-and try again.`
-      );
-    }
+    const loginShell = (args.shell ?? "/bin/bash").toString();
     const platform = getHostPlatform();
-    const macOSUsername = platform.agentUsername(name);
-    const existing = platform.readAgentUser(macOSUsername) ?? platform.readAgentUser(name);
+    const osUsername = platform.agentUsername(name);
+    const existing = platform.readAgentUser(osUsername);
     if (existing) {
-      throw new CliError(`macOS user "${existing.name}" already exists (uid=${existing.uid ?? "?"}). Refusing to overwrite.`);
+      throw new CliError(`OS user "${existing.name}" already exists (uid=${existing.uid ?? "?"}). Refusing to overwrite.`);
+    }
+    const homeDir = `/var/lib/openape/homes/${osUsername}`;
+    consola26.start(`Generating keypair for ${name}\u2026`);
+    const { privatePem, publicSshLine, x25519PrivateKey, x25519PublicKey } = generateKeyPairInMemory();
+    consola26.start(`Registering agent at ${idp}\u2026`);
+    const registration = await registerAgentAtIdp({ name, publicKey: publicSshLine, idp });
+    consola26.success(`Registered as ${registration.email}`);
+    consola26.start("Issuing agent access token\u2026");
+    const { token, expiresIn } = await issueAgentToken({
+      idp,
+      agentEmail: registration.email,
+      privateKeyPem: privatePem
+    });
+    const authJson = buildAgentAuthJson({
+      idp,
+      accessToken: token,
+      email: registration.email,
+      expiresAt: Math.floor(Date.now() / 1e3) + expiresIn,
+      keyPath: `${homeDir}/.ssh/id_ed25519`,
+      // The IdP resolves the owner transitively (when the caller
+      // is itself an agent — e.g. a Nest spawning a child — the
+      // human at the top of the chain becomes owner). Use the
+      // server-resolved owner, not the local caller's auth.email,
+      // otherwise the agent's auth.json will carry the Nest's
+      // email and troop will reject sync calls because the
+      // encoded owner-domain in the agent email doesn't match
+      // the auth.json's owner_email domain.
+      ownerEmail: registration.owner
+    });
+    const includeClaudeHook = !args["no-claude-hook"];
+    const withBridge = !args["no-bridge"];
+    const script = buildSpawnSetupScript({
+      name,
+      homeDir,
+      shellPath: loginShell,
+      privateKeyPem: privatePem,
+      publicKeySshLine: publicSshLine,
+      x25519PrivateKey,
+      x25519PublicKey,
+      authJson,
+      claudeSettingsJson: includeClaudeHook ? CLAUDE_SETTINGS_JSON : null,
+      hookScriptSource: includeClaudeHook ? BASH_VIA_APE_SHELL_HOOK_SOURCE : null
+    });
+    consola26.start("Running privileged setup\u2026");
+    if (process.getuid?.() !== 0) {
+      consola26.info("You will be asked to approve the as=root grant in your DDISA inbox; this command blocks until you do.");
     }
-    const homeDir = `/var/openape/homes/${macOSUsername}`;
+    await platform.runPrivilegedBash(script);
     try {
-      consola26.start(`Generating keypair for ${name}\u2026`);
-      const { privatePem, publicSshLine, x25519PrivateKey, x25519PublicKey } = generateKeyPairInMemory();
-      consola26.start(`Registering agent at ${idp}\u2026`);
-      const registration = await registerAgentAtIdp({ name, publicKey: publicSshLine, idp });
-      consola26.success(`Registered as ${registration.email}`);
-      consola26.start("Issuing agent access token\u2026");
-      const { token, expiresIn } = await issueAgentToken({
-        idp,
-        agentEmail: registration.email,
-        privateKeyPem: privatePem
-      });
-      const authJson = buildAgentAuthJson({
-        idp,
-        accessToken: token,
-        email: registration.email,
-        expiresAt: Math.floor(Date.now() / 1e3) + expiresIn,
-        keyPath: `${homeDir}/.ssh/id_ed25519`,
-        // The IdP resolves the owner transitively (when the caller
-        // is itself an agent — e.g. a Nest spawning a child — the
-        // human at the top of the chain becomes owner). Use the
-        // server-resolved owner, not the local caller's auth.email,
-        // otherwise the agent's auth.json will carry the Nest's
-        // email and troop will reject sync calls because the
-        // encoded owner-domain in the agent email doesn't match
-        // the auth.json's owner_email domain.
-        ownerEmail: registration.owner
-      });
-      const includeClaudeHook = !args["no-claude-hook"];
-      const claudeOauthToken = await resolveClaudeToken({
-        flag: typeof args["claude-token"] === "string" ? args["claude-token"] : void 0,
-        fromStdin: !!args["claude-token-stdin"]
-      });
-      const withBridge = !args["no-bridge"];
-      const bridge = withBridge ? (() => {
-        const cfg = resolveBridgeConfig({
-          cliKey: typeof args["bridge-key"] === "string" ? args["bridge-key"] : void 0,
-          cliBaseUrl: typeof args["bridge-base-url"] === "string" ? args["bridge-base-url"] : void 0,
-          cliModel: typeof args["bridge-model"] === "string" ? args["bridge-model"] : void 0
-        });
-        const hostBinDirs = captureHostBinDirs();
-        return {
-          plistLabel: bridgePlistLabel(name),
-          plistPath: bridgePlistPath(name),
-          plistContent: buildBridgePlist(name, homeDir, auth.email, hostBinDirs),
-          startScript: buildBridgeStartScript(hostBinDirs),
-          envFile: buildBridgeEnvFile(cfg)
-        };
-      })() : null;
-      const troopPlistLabel = `openape.troop.sync.${name}`;
-      const troopPlistPath = `/Library/LaunchDaemons/${troopPlistLabel}.plist`;
-      const troopBinDirs = bridge ? captureHostBinDirs() : captureHostBinDirs();
-      const troop = {
-        plistLabel: troopPlistLabel,
-        plistPath: troopPlistPath,
-        plistContent: buildSyncPlist({ agentName: name, apesBin: apes, homeDir, userName: name, hostBinDirs: troopBinDirs })
-      };
-      const script = buildSpawnSetupScript({
+      const uid = readUidOrNull(osUsername) ?? -1;
+      upsertNestAgent({
         name,
-        macOSUsername,
-        homeDir,
-        shellPath: loginShell,
-        privateKeyPem: privatePem,
-        publicKeySshLine: publicSshLine,
-        x25519PrivateKey,
-        x25519PublicKey,
-        authJson,
-        claudeSettingsJson: includeClaudeHook ? CLAUDE_SETTINGS_JSON : null,
-        hookScriptSource: includeClaudeHook ? BASH_VIA_APE_SHELL_HOOK_SOURCE : null,
-        claudeOauthToken,
-        bridge,
-        troop
+        uid,
+        home: homeDir,
+        email: registration.email,
+        registeredAt: Math.floor(Date.now() / 1e3),
+        kind: isService ? "service" : void 0,
+        service: isService && servesUrl ? { spBaseUrl: servesUrl, pollIntervalMs: pollMs != null && Number.isFinite(pollMs) && pollMs > 0 ? pollMs : void 0 } : void 0,
+        // Service agents also carry bridge config — it's the LLM endpoint the
+        // worker forwards to (baseUrl/key/model from --bridge-*).
+        bridge: withBridge || isService ? {
+          baseUrl: typeof args["bridge-base-url"] === "string" ? args["bridge-base-url"] : void 0,
+          apiKey: typeof args["bridge-key"] === "string" ? args["bridge-key"] : void 0,
+          model: typeof args["bridge-model"] === "string" ? args["bridge-model"] : void 0
+        } : void 0
       });
-      consola26.start("Running privileged setup\u2026");
-      if (process.getuid?.() !== 0) {
-        consola26.info("You will be asked to approve the as=root grant in your DDISA inbox; this command blocks until you do.");
-      }
-      await platform.runPrivilegedBash(script);
-      try {
-        const uid = readMacOSUidOrNull(macOSUsername) ?? readMacOSUidOrNull(name);
-        upsertNestAgent({
-          name,
-          uid: uid ?? -1,
-          home: homeDir,
-          email: registration.email,
-          registeredAt: Math.floor(Date.now() / 1e3),
-          bridge: withBridge ? {
-            baseUrl: typeof args["bridge-base-url"] === "string" ? args["bridge-base-url"] : void 0,
-            apiKey: typeof args["bridge-key"] === "string" ? args["bridge-key"] : void 0,
-            model: typeof args["bridge-model"] === "string" ? args["bridge-model"] : void 0
-          } : void 0
-        });
-      } catch (err) {
-        consola26.warn(`Could not write to nest registry: ${err instanceof Error ? err.message : String(err)}`);
-      }
-      consola26.success(`Agent ${name} spawned.`);
-      consola26.info(`\u{1F517} Troop: https://troop.openape.ai/agents/${name}`);
-      if (withBridge) {
-        consola26.info(`On first boot, the bridge will send you a contact request from ${registration.email}.`);
-        consola26.info("Open chat.openape.ai and accept it to start chatting with the agent.");
-      }
-      console.log("");
-      console.log("Run as the agent with:");
-      console.log(`  apes run --as ${name} -- claude --session-name ${name} --dangerously-skip-permissions`);
-    } finally {
+    } catch (err) {
+      consola26.warn(`Could not write to nest registry: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    consola26.success(`Agent ${name} spawned.`);
+    consola26.info(`\u{1F517} Troop: https://troop.openape.ai/agents/${name}`);
+    if (withBridge) {
+      consola26.info(`On first boot, the bridge will send you a contact request from ${registration.email}.`);
+      consola26.info("Open chat.openape.ai and accept it to start chatting with the agent.");
     }
+    console.log("");
+    console.log("Run as the agent with:");
+    console.log(`  apes run --as ${name} -- claude --session-name ${name} --dangerously-skip-permissions`);
   }
 });
-async function resolveClaudeToken(opts) {
-  if (opts.flag && opts.fromStdin) {
-    throw new CliError("Pass --claude-token OR --claude-token-stdin, not both.");
-  }
-  let raw = null;
-  if (typeof opts.flag === "string") {
-    raw = opts.flag.trim();
-  } else if (opts.fromStdin) {
-    const chunks = [];
-    for await (const chunk of process.stdin) {
-      chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
-    }
-    raw = Buffer.concat(chunks).toString("utf-8").trim();
-  }
-  if (!raw) return null;
-  if (!raw.startsWith("sk-ant-oat01-")) {
-    throw new CliError(
-      `Claude token doesn't look right (expected sk-ant-oat01-\u2026). Run \`claude setup-token\` and paste the resulting token.`
-    );
-  }
-  return raw;
-}
 
 // src/commands/agents/sync.ts
-import { chownSync, existsSync as existsSync15, mkdirSync as mkdirSync4, readdirSync as readdirSync2, readFileSync as readFileSync14, rmSync as rmSync5, statSync, writeFileSync as writeFileSync8 } from "fs";
-import { homedir as homedir11 } from "os";
-import { join as join12 } from "path";
+import { chownSync, existsSync as existsSync13, mkdirSync as mkdirSync4, readdirSync as readdirSync2, readFileSync as readFileSync12, rmSync as rmSync3, statSync as statSync2, writeFileSync as writeFileSync7 } from "fs";
+import { homedir as homedir10 } from "os";
+import { join as join9 } from "path";
 import { defineCommand as defineCommand31 } from "citty";
+import consola28 from "consola";
+
+// src/lib/recipe-checkout.ts
+import { execFileSync as execFileSync7 } from "child_process";
+import { cpSync, existsSync as existsSync12, readFileSync as readFileSync11, rmSync as rmSync2, writeFileSync as writeFileSync6 } from "fs";
+import { join as join8, resolve as resolve3, sep } from "path";
 import consola27 from "consola";
-var AUTH_PATH3 = join12(homedir11(), ".config", "apes", "auth.json");
-var TASK_CACHE_DIR2 = join12(homedir11(), ".openape", "agent", "tasks");
+var MARKER_FILE = ".recipe-ref";
+var GITHUB_PREFIX = "github.com/";
+function ensureRecipeCheckout(recipeRef, recipeDir, exec2 = execFileSync7) {
+  const at = recipeRef.lastIndexOf("@");
+  if (at <= 0) {
+    consola27.warn(`recipe: malformed recipeRef "${recipeRef}" (expected <owner>/<name>[/<subdir>]@<ref>) \u2014 skipping checkout`);
+    return;
+  }
+  const spec = recipeRef.slice(0, at);
+  const ref = recipeRef.slice(at + 1);
+  const slug = spec.startsWith(GITHUB_PREFIX) ? spec.slice(GITHUB_PREFIX.length) : spec;
+  if (!slug || !ref) {
+    consola27.warn(`recipe: malformed recipeRef "${recipeRef}" (empty slug or ref) \u2014 skipping checkout`);
+    return;
+  }
+  const segments = slug.split("/").filter(Boolean);
+  if (segments.length < 2) {
+    consola27.warn(`recipe: malformed recipeRef "${recipeRef}" (expected <owner>/<name>[/<subdir>]@<ref>) \u2014 skipping checkout`);
+    return;
+  }
+  if (segments.some((s) => s === "." || s === ".." || s.includes("\\"))) {
+    consola27.warn(`recipe: unsafe path segment in recipeRef "${recipeRef}" \u2014 skipping checkout`);
+    return;
+  }
+  const repoSlug = segments.slice(0, 2).join("/");
+  const subdir = segments.slice(2).join("/");
+  const markerPath = join8(recipeDir, MARKER_FILE);
+  if (existsSync12(markerPath)) {
+    try {
+      if (readFileSync11(markerPath, "utf8") === recipeRef) return;
+    } catch {
+    }
+  }
+  const cloneUrl = `https://github.com/${repoSlug}`;
+  const staging = subdir ? `${recipeDir}.checkout` : recipeDir;
+  try {
+    rmSync2(recipeDir, { recursive: true, force: true });
+    if (subdir)
+      rmSync2(staging, { recursive: true, force: true });
+    exec2("git", ["clone", "--depth", "1", "--branch", ref, cloneUrl, staging]);
+    if (subdir) {
+      const src = join8(staging, subdir);
+      if (!resolve3(src).startsWith(resolve3(staging) + sep)) {
+        consola27.warn(`recipe: subdirectory "${subdir}" escapes the checkout dir \u2014 skipping`);
+        rmSync2(staging, { recursive: true, force: true });
+        return;
+      }
+      if (!existsSync12(src)) {
+        consola27.warn(`recipe: subdirectory "${subdir}" not found in ${repoSlug}@${ref} \u2014 skipping checkout`);
+        rmSync2(staging, { recursive: true, force: true });
+        return;
+      }
+      cpSync(src, recipeDir, { recursive: true });
+      rmSync2(staging, { recursive: true, force: true });
+    }
+    writeFileSync6(markerPath, recipeRef);
+    consola27.info(`recipe: checked out ${slug}@${ref} \u2192 ${recipeDir}`);
+  } catch (err) {
+    consola27.warn(`recipe: checkout of ${slug}@${ref} failed \u2014 ${err instanceof Error ? err.message : String(err)}`);
+    if (subdir)
+      rmSync2(staging, { recursive: true, force: true });
+  }
+}
+
+// src/commands/agents/sync.ts
+var AUTH_PATH3 = join9(homedir10(), ".config", "apes", "auth.json");
+var TASK_CACHE_DIR2 = join9(homedir10(), ".openape", "agent", "tasks");
 function readAuthJson() {
-  if (!existsSync15(AUTH_PATH3)) {
+  if (!existsSync13(AUTH_PATH3)) {
     throw new CliError(
       `No agent auth found at ${AUTH_PATH3}. Run \`apes agents spawn <name>\` to provision an agent first.`
     );
   }
-  const raw = readFileSync14(AUTH_PATH3, "utf8");
+  const raw = readFileSync12(AUTH_PATH3, "utf8");
   let parsed;
   try {
     parsed = JSON.parse(raw);
@@ -4478,7 +3695,7 @@ var syncAgentCommand = defineCommand31({
     if (!auth.owner_email) {
       throw new CliError(`${AUTH_PATH3} is missing owner_email \u2014 re-run \`apes agents spawn\` to update.`);
     }
-    consola27.start(`Syncing ${agentName} (${host}, hostId ${hostId.slice(0, 8)}\u2026) with ${troopUrl}`);
+    consola28.start(`Syncing ${agentName} (${host}, hostId ${hostId.slice(0, 8)}\u2026) with ${troopUrl}`);
     const pubkeyX25519 = readAgentEncryptionPublicKey() ?? void 0;
     const sync = await client.sync({
       hostname: host,
@@ -4486,17 +3703,17 @@ var syncAgentCommand = defineCommand31({
       ownerEmail: auth.owner_email,
       ...pubkeyX25519 ? { pubkeyX25519 } : {}
     });
-    consola27.info(sync.first_sync ? "\u2713 first sync \u2014 agent registered" : "\u2713 presence updated");
-    if (!pubkeyX25519) consola27.warn("No X25519 public key found on disk \u2014 sealed capability secrets cannot be bound until the agent is re-spawned.");
-    const { system_prompt: systemPrompt, tools, skills, tasks } = await client.listTasks();
-    consola27.info(`Pulled ${tasks.length} task${tasks.length === 1 ? "" : "s"}`);
-    consola27.info(`Tools enabled: ${tools.length === 0 ? "(none)" : tools.join(", ")}`);
-    consola27.info(`Skills: ${skills.length === 0 ? "(none)" : skills.map((s) => s.name).join(", ")}`);
+    consola28.info(sync.first_sync ? "\u2713 first sync \u2014 agent registered" : "\u2713 presence updated");
+    if (!pubkeyX25519) consola28.warn("No X25519 public key found on disk \u2014 sealed capability secrets cannot be bound until the agent is re-spawned.");
+    const { system_prompt: systemPrompt, tools, skills, tasks, recipe_ref: recipeRef } = await client.listTasks();
+    consola28.info(`Pulled ${tasks.length} task${tasks.length === 1 ? "" : "s"}`);
+    consola28.info(`Tools enabled: ${tools.length === 0 ? "(none)" : tools.join(", ")}`);
+    consola28.info(`Skills: ${skills.length === 0 ? "(none)" : skills.map((s) => s.name).join(", ")}`);
     let agentUid = null;
     let agentGid = null;
     if (process.geteuid?.() === 0) {
       try {
-        const homeStat = statSync(homedir11());
+        const homeStat = statSync2(homedir10());
         agentUid = homeStat.uid;
         agentGid = homeStat.gid;
       } catch {
@@ -4510,27 +3727,28 @@ var syncAgentCommand = defineCommand31({
         }
       }
     }
-    const agentDir = join12(homedir11(), ".openape", "agent");
+    const agentDir = join9(homedir10(), ".openape", "agent");
     mkdirSync4(agentDir, { recursive: true });
-    chownToAgent(join12(homedir11(), ".openape"));
+    chownToAgent(join9(homedir10(), ".openape"));
     chownToAgent(agentDir);
-    const agentJsonPath = join12(agentDir, "agent.json");
-    writeFileSync8(
+    const agentJsonPath = join9(agentDir, "agent.json");
+    writeFileSync7(
       agentJsonPath,
-      `${JSON.stringify({ systemPrompt, tools }, null, 2)}
+      `${JSON.stringify({ systemPrompt, tools, ...recipeRef ? { recipeRef } : {} }, null, 2)}
 `,
       { mode: 384 }
     );
     chownToAgent(agentJsonPath);
+    if (recipeRef) ensureRecipeCheckout(recipeRef, join9(homedir10(), "recipe"));
     mkdirSync4(TASK_CACHE_DIR2, { recursive: true });
     chownToAgent(TASK_CACHE_DIR2);
     for (const task of tasks) {
-      const path2 = join12(TASK_CACHE_DIR2, `${task.taskId}.json`);
-      writeFileSync8(path2, `${JSON.stringify(task, null, 2)}
+      const path2 = join9(TASK_CACHE_DIR2, `${task.taskId}.json`);
+      writeFileSync7(path2, `${JSON.stringify(task, null, 2)}
 `, { mode: 384 });
       chownToAgent(path2);
     }
-    const skillsDir = join12(agentDir, "skills");
+    const skillsDir = join9(agentDir, "skills");
     mkdirSync4(skillsDir, { recursive: true });
     chownToAgent(skillsDir);
     const incomingNames = new Set(skills.map((s) => s.name));
@@ -4538,22 +3756,22 @@ var syncAgentCommand = defineCommand31({
       for (const entry of readdirSync2(skillsDir)) {
         if (incomingNames.has(entry)) continue;
         try {
-          rmSync5(join12(skillsDir, entry), { recursive: true, force: true });
+          rmSync3(join9(skillsDir, entry), { recursive: true, force: true });
         } catch {
         }
       }
     } catch {
     }
     for (const skill of skills) {
-      const skillDir = join12(skillsDir, skill.name);
+      const skillDir = join9(skillsDir, skill.name);
       mkdirSync4(skillDir, { recursive: true });
       chownToAgent(skillDir);
-      const skillPath = join12(skillDir, "SKILL.md");
-      writeFileSync8(skillPath, skill.body.endsWith("\n") ? skill.body : `${skill.body}
+      const skillPath = join9(skillDir, "SKILL.md");
+      writeFileSync7(skillPath, skill.body.endsWith("\n") ? skill.body : `${skill.body}
 `, { mode: 384 });
       chownToAgent(skillPath);
     }
-    consola27.success("Sync complete.");
+    consola28.success("Sync complete.");
   }
 });
 
@@ -4581,21 +3799,21 @@ var agentsCommand = defineCommand32({
 import { defineCommand as defineCommand40 } from "citty";
 
 // src/commands/nest/authorize.ts
-import { execFileSync as execFileSync14 } from "child_process";
-import { existsSync as existsSync17, readFileSync as readFileSync15 } from "fs";
-import { join as join14 } from "path";
+import { execFileSync as execFileSync8 } from "child_process";
+import { existsSync as existsSync15, readFileSync as readFileSync13 } from "fs";
+import { join as join11 } from "path";
 import { defineCommand as defineCommand34 } from "citty";
-import consola29 from "consola";
+import consola30 from "consola";
 
 // src/commands/nest/enroll.ts
-import { hostname as hostname5, homedir as homedir12 } from "os";
-import { existsSync as existsSync16, mkdirSync as mkdirSync5, writeFileSync as writeFileSync9, chmodSync } from "fs";
-import { join as join13 } from "path";
+import { hostname as hostname4, homedir as homedir11 } from "os";
+import { existsSync as existsSync14, mkdirSync as mkdirSync5, writeFileSync as writeFileSync8, chmodSync } from "fs";
+import { join as join10 } from "path";
 import { defineCommand as defineCommand33 } from "citty";
-import consola28 from "consola";
-var NEST_DATA_DIR = join13(homedir12(), ".openape", "nest");
+import consola29 from "consola";
+var NEST_DATA_DIR = join10(homedir11(), ".openape", "nest");
 function nestAgentName() {
-  const raw = hostname5().toLowerCase();
+  const raw = hostname4().toLowerCase();
   const head = raw.split(".")[0] ?? raw;
   const safe = head.replace(/[^a-z0-9-]/g, "-").replace(/-+/g, "-").replace(/^-+|-+$/g, "");
   const trimmed = safe.slice(0, 16);
@@ -4626,25 +3844,25 @@ var enrollNestCommand = defineCommand33({
       throw new CliError("Run `apes login <email>` first \u2014 nest enroll attaches the new identity to your owner account.");
     }
     const name = args.name || nestAgentName();
-    const authPath = join13(NEST_DATA_DIR, ".config", "apes", "auth.json");
-    if (existsSync16(authPath) && !args.force) {
+    const authPath = join10(NEST_DATA_DIR, ".config", "apes", "auth.json");
+    if (existsSync14(authPath) && !args.force) {
       throw new CliError(`Nest already enrolled at ${authPath}. Pass --force to re-enroll.`);
     }
-    const sshDir = join13(NEST_DATA_DIR, ".ssh");
-    const configDir = join13(NEST_DATA_DIR, ".config", "apes");
+    const sshDir = join10(NEST_DATA_DIR, ".ssh");
+    const configDir = join10(NEST_DATA_DIR, ".config", "apes");
     mkdirSync5(sshDir, { recursive: true });
     mkdirSync5(configDir, { recursive: true });
-    consola28.start(`Generating keypair for ${name}\u2026`);
+    consola29.start(`Generating keypair for ${name}\u2026`);
     const { privatePem, publicSshLine } = generateKeyPairInMemory();
-    writeFileSync9(join13(sshDir, "id_ed25519"), `${privatePem.trimEnd()}
+    writeFileSync8(join10(sshDir, "id_ed25519"), `${privatePem.trimEnd()}
 `, { mode: 384 });
-    writeFileSync9(join13(sshDir, "id_ed25519.pub"), `${publicSshLine}
+    writeFileSync8(join10(sshDir, "id_ed25519.pub"), `${publicSshLine}
 `, { mode: 420 });
     chmodSync(sshDir, 448);
-    consola28.start(`Registering nest at ${idp}\u2026`);
+    consola29.start(`Registering nest at ${idp}\u2026`);
     const registration = await registerAgentAtIdp({ name, publicKey: publicSshLine, idp });
-    consola28.success(`Registered as ${registration.email}`);
-    consola28.start("Issuing nest access token\u2026");
+    consola29.success(`Registered as ${registration.email}`);
+    consola29.start("Issuing nest access token\u2026");
     const { token, expiresIn } = await issueAgentToken({
       idp,
       agentEmail: registration.email,
@@ -4655,16 +3873,16 @@ var enrollNestCommand = defineCommand33({
       accessToken: token,
       email: registration.email,
       expiresAt: Math.floor(Date.now() / 1e3) + expiresIn,
-      keyPath: join13(sshDir, "id_ed25519"),
+      keyPath: join10(sshDir, "id_ed25519"),
       ownerEmail: ownerAuth.email
     });
-    writeFileSync9(authPath, authJson, { mode: 384 });
+    writeFileSync8(authPath, authJson, { mode: 384 });
     chmodSync(configDir, 448);
-    consola28.success(`Nest enrolled \u2014 auth.json at ${authPath}`);
-    consola28.info("");
-    consola28.info("Next: configure the YOLO-policy so the nest can spawn/destroy without prompts:");
-    consola28.info("");
-    consola28.info("  apes nest authorize");
+    consola29.success(`Nest enrolled \u2014 auth.json at ${authPath}`);
+    consola29.info("");
+    consola29.info("Next: configure the YOLO-policy so the nest can spawn/destroy without prompts:");
+    consola29.info("");
+    consola29.info("  apes nest authorize");
   }
 });
 
@@ -4727,14 +3945,14 @@ var authorizeNestCommand = defineCommand34({
     }
   },
   async run({ args }) {
-    const nestAuthPath = join14(NEST_DATA_DIR, ".config", "apes", "auth.json");
-    if (!existsSync17(nestAuthPath)) {
+    const nestAuthPath = join11(NEST_DATA_DIR, ".config", "apes", "auth.json");
+    if (!existsSync15(nestAuthPath)) {
       throw new CliError("Nest not enrolled. Run `apes nest enroll` first.");
     }
-    const nestAuth = JSON.parse(readFileSync15(nestAuthPath, "utf8"));
+    const nestAuth = JSON.parse(readFileSync13(nestAuthPath, "utf8"));
     if (!nestAuth.email) throw new CliError(`${nestAuthPath} has no email`);
     const allow = args.allow ?? DEFAULT_ALLOW_PATTERNS.join(",");
-    consola29.info(`Configuring YOLO-policy on ${nestAuth.email} via \`apes yolo set\`\u2026`);
+    consola30.info(`Configuring YOLO-policy on ${nestAuth.email} via \`apes yolo set\`\u2026`);
     const cmdArgs = [
       "yolo",
       "set",
@@ -4748,19 +3966,19 @@ var authorizeNestCommand = defineCommand34({
       cmdArgs.push("--expires-in", args["expires-in"]);
     }
     try {
-      execFileSync14("apes", cmdArgs, { stdio: "inherit" });
+      execFileSync8("apes", cmdArgs, { stdio: "inherit" });
     } catch (err) {
       throw new CliError(err instanceof Error ? err.message : String(err));
     }
-    consola29.success("Nest-driven agent lifecycle is now zero-prompt.");
-    consola29.info("Test: apes agents spawn <name> via the nest API \u2192 no DDISA prompt.");
+    consola30.success("Nest-driven agent lifecycle is now zero-prompt.");
+    consola30.info("Test: apes agents spawn <name> via the nest API \u2192 no DDISA prompt.");
   }
 });
 
 // src/commands/nest/destroy.ts
-import { execFileSync as execFileSync15 } from "child_process";
+import { execFileSync as execFileSync9 } from "child_process";
 import { defineCommand as defineCommand35 } from "citty";
-import consola30 from "consola";
+import consola31 from "consola";
 var destroyNestCommand = defineCommand35({
   meta: {
     name: "destroy",
@@ -4772,8 +3990,8 @@ var destroyNestCommand = defineCommand35({
   async run({ args }) {
     const name = String(args.name);
     try {
-      execFileSync15("apes", ["run", "--as", "root", "--wait", "--", "apes", "agents", "destroy", name, "--force"], { stdio: "inherit" });
-      consola30.success(`Nest will tear down ${name}'s pm2 process on its next reconcile (\u22642s).`);
+      execFileSync9("apes", ["run", "--as", "root", "--wait", "--", "apes", "agents", "destroy", name, "--force"], { stdio: "inherit" });
+      consola31.success(`Nest will tear down ${name}'s pm2 process on its next reconcile (\u22642s).`);
     } catch (err) {
       const status = err.status ?? 1;
       throw new CliExit(status);
@@ -4782,11 +4000,11 @@ var destroyNestCommand = defineCommand35({
 });
 
 // src/commands/nest/install.ts
-import { existsSync as existsSync18, mkdirSync as mkdirSync6, readFileSync as readFileSync16, writeFileSync as writeFileSync10 } from "fs";
-import { homedir as homedir13 } from "os";
-import { dirname as dirname3, join as join15 } from "path";
+import { existsSync as existsSync16, mkdirSync as mkdirSync6, readFileSync as readFileSync14, writeFileSync as writeFileSync9 } from "fs";
+import { homedir as homedir12 } from "os";
+import { dirname as dirname3, join as join12 } from "path";
 import { defineCommand as defineCommand36 } from "citty";
-import consola31 from "consola";
+import consola32 from "consola";
 
 // src/commands/nest/apes-agents-adapter.ts
 var APES_AGENTS_ADAPTER_TOML = `schema = "openape-shapes/v1"
@@ -4852,41 +4070,41 @@ resource_chain = ["agents:name={name}", "allowlist:email={peer_email}"]
 
 // src/commands/nest/install.ts
 function installAdapter2() {
-  const target = join15(homedir13(), ".openape", "shapes", "adapters", "apes-agents.toml");
+  const target = join12(homedir12(), ".openape", "shapes", "adapters", "apes-agents.toml");
   mkdirSync6(dirname3(target), { recursive: true });
   let existing = "";
   try {
-    existing = readFileSync16(target, "utf8");
+    existing = readFileSync14(target, "utf8");
   } catch {
   }
   if (existing === APES_AGENTS_ADAPTER_TOML) return false;
-  writeFileSync10(target, APES_AGENTS_ADAPTER_TOML, { mode: 420 });
-  consola31.success(`Wrote shapes adapter ${target}`);
+  writeFileSync9(target, APES_AGENTS_ADAPTER_TOML, { mode: 420 });
+  consola32.success(`Wrote shapes adapter ${target}`);
   return true;
 }
 function writeBridgeModelDefault(model) {
-  for (const envDir of [join15(homedir13(), "litellm"), join15(NEST_DATA_DIR, "litellm")]) {
-    const envFile = join15(envDir, ".env");
+  for (const envDir of [join12(homedir12(), "litellm"), join12(NEST_DATA_DIR, "litellm")]) {
+    const envFile = join12(envDir, ".env");
     mkdirSync6(envDir, { recursive: true });
     let lines = [];
-    if (existsSync18(envFile)) {
-      lines = readFileSync16(envFile, "utf8").split("\n").filter((l) => !l.startsWith("APE_CHAT_BRIDGE_MODEL="));
+    if (existsSync16(envFile)) {
+      lines = readFileSync14(envFile, "utf8").split("\n").filter((l) => !l.startsWith("APE_CHAT_BRIDGE_MODEL="));
     }
     lines.push(`APE_CHAT_BRIDGE_MODEL=${model}`);
     while (lines.length > 0 && lines.at(-1).trim() === "") lines.pop();
-    writeFileSync10(envFile, `${lines.join("\n")}
+    writeFileSync9(envFile, `${lines.join("\n")}
 `, { mode: 384 });
   }
 }
 function findBinary(name) {
   for (const dir of [
-    join15(homedir13(), ".bun", "bin"),
+    join12(homedir12(), ".bun", "bin"),
     "/opt/homebrew/bin",
     "/usr/local/bin",
     "/usr/bin"
   ]) {
-    const p = join15(dir, name);
-    if (existsSync18(p)) return p;
+    const p = join12(dir, name);
+    if (existsSync16(p)) return p;
   }
   throw new Error(`could not locate ${name} on PATH; install it first`);
 }
@@ -4906,20 +4124,20 @@ var installNestCommand = defineCommand36({
     }
   },
   async run({ args }) {
-    const homeDir = homedir13();
+    const homeDir = homedir12();
     const port = Number(args.port ?? 9091);
     if (!Number.isInteger(port) || port < 1024 || port > 65535) {
       throw new Error(`invalid port ${port}`);
     }
     const nestBin = findBinary("openape-nest");
     const apesBin = findBinary("apes");
-    consola31.info(`Installing nest supervisor`);
-    consola31.info(`  nest binary: ${nestBin}`);
-    consola31.info(`  apes binary: ${apesBin}`);
-    consola31.info(`  HTTP port:   ${port}`);
+    consola32.info(`Installing nest supervisor`);
+    consola32.info(`  nest binary: ${nestBin}`);
+    consola32.info(`  apes binary: ${apesBin}`);
+    consola32.info(`  HTTP port:   ${port}`);
     if (typeof args["bridge-model"] === "string" && args["bridge-model"]) {
       writeBridgeModelDefault(args["bridge-model"]);
-      consola31.success(`Default bridge model set to ${args["bridge-model"]} (in ~/litellm/.env)`);
+      consola32.success(`Default bridge model set to ${args["bridge-model"]} (in ~/litellm/.env)`);
     }
     installAdapter2();
     mkdirSync6(NEST_DATA_DIR, { recursive: true });
@@ -4930,20 +4148,20 @@ var installNestCommand = defineCommand36({
       nestHome: NEST_DATA_DIR,
       port
     });
-    consola31.success(`Nest daemon bootstrapped \u2014 http://127.0.0.1:${port}`);
-    consola31.info("");
-    consola31.info("Next steps for zero-prompt spawn \u2014 both one-time:");
-    consola31.info("");
-    consola31.info("  1. apes nest enroll       # register nest as DDISA agent (creates own auth.json)");
-    consola31.info("  2. apes nest authorize    # set YOLO-policy on the nest agent");
-    consola31.info("");
-    consola31.info("After that, every `POST http://127.0.0.1:9091/agents` runs without DDISA prompts.");
+    consola32.success(`Nest daemon bootstrapped \u2014 http://127.0.0.1:${port}`);
+    consola32.info("");
+    consola32.info("Next steps for zero-prompt spawn \u2014 both one-time:");
+    consola32.info("");
+    consola32.info("  1. apes nest enroll       # register nest as DDISA agent (creates own auth.json)");
+    consola32.info("  2. apes nest authorize    # set YOLO-policy on the nest agent");
+    consola32.info("");
+    consola32.info("After that, every `POST http://127.0.0.1:9091/agents` runs without DDISA prompts.");
   }
 });
 
 // src/commands/nest/list.ts
 import { defineCommand as defineCommand37 } from "citty";
-import consola32 from "consola";
+import consola33 from "consola";
 var listNestCommand = defineCommand37({
   meta: {
     name: "list",
@@ -4959,21 +4177,21 @@ var listNestCommand = defineCommand37({
       return;
     }
     if (reg.agents.length === 0) {
-      consola32.info("(no agents registered with this nest)");
+      consola33.info("(no agents registered with this nest)");
       return;
     }
-    consola32.info(`${reg.agents.length} agent(s) registered with this nest:`);
+    consola33.info(`${reg.agents.length} agent(s) registered with this nest:`);
     for (const a of reg.agents) {
       const bridge = a.bridge ? " bridge=on" : "";
-      consola32.info(`  ${a.name.padEnd(16)} uid=${String(a.uid).padEnd(5)} home=${a.home}${bridge}`);
+      consola33.info(`  ${a.name.padEnd(16)} uid=${String(a.uid).padEnd(5)} home=${a.home}${bridge}`);
     }
   }
 });
 
 // src/commands/nest/spawn.ts
-import { execFileSync as execFileSync16 } from "child_process";
+import { execFileSync as execFileSync10 } from "child_process";
 import { defineCommand as defineCommand38 } from "citty";
-import consola33 from "consola";
+import consola34 from "consola";
 var spawnNestCommand = defineCommand38({
   meta: {
     name: "spawn",
@@ -5004,8 +4222,8 @@ var spawnNestCommand = defineCommand38({
     if (typeof args["bridge-base-url"] === "string") apesArgs.push("--bridge-base-url", args["bridge-base-url"]);
     if (typeof args["bridge-model"] === "string") apesArgs.push("--bridge-model", args["bridge-model"]);
     try {
-      execFileSync16("apes", apesArgs, { stdio: "inherit" });
-      consola33.success(`Nest will pick up ${name} on its next reconcile (\u22642s).`);
+      execFileSync10("apes", apesArgs, { stdio: "inherit" });
+      consola34.success(`Nest will pick up ${name} on its next reconcile (\u22642s).`);
     } catch (err) {
       const status = err.status ?? 1;
       throw new CliExit(status);
@@ -5015,7 +4233,7 @@ var spawnNestCommand = defineCommand38({
 
 // src/commands/nest/uninstall.ts
 import { defineCommand as defineCommand39 } from "citty";
-import consola34 from "consola";
+import consola35 from "consola";
 var uninstallNestCommand = defineCommand39({
   meta: {
     name: "uninstall",
@@ -5023,8 +4241,8 @@ var uninstallNestCommand = defineCommand39({
   },
   async run() {
     await getHostPlatform().uninstallNestSupervisor();
-    consola34.success("Nest daemon stopped + supervisor unit removed");
-    consola34.info("Registry at ~/.openape/nest/agents.json kept \u2014 re-run `apes nest install` to resume supervision.");
+    consola35.success("Nest daemon stopped + supervisor unit removed");
+    consola35.info("Registry at ~/.openape/nest/agents.json kept \u2014 re-run `apes nest install` to resume supervision.");
   }
 });
 
@@ -5050,7 +4268,7 @@ import { defineCommand as defineCommand44 } from "citty";
 
 // src/commands/yolo/clear.ts
 import { defineCommand as defineCommand41 } from "citty";
-import consola35 from "consola";
+import consola36 from "consola";
 var yoloClearCommand = defineCommand41({
   meta: {
     name: "clear",
@@ -5080,13 +4298,13 @@ var yoloClearCommand = defineCommand41({
       const text = await res.text().catch(() => "");
       throw new CliError(`DELETE /yolo-policy failed (${res.status}): ${text}`);
     }
-    consola35.success(`YOLO-policy cleared on ${email}`);
+    consola36.success(`YOLO-policy cleared on ${email}`);
   }
 });
 
 // src/commands/yolo/set.ts
 import { defineCommand as defineCommand42 } from "citty";
-import consola36 from "consola";
+import consola37 from "consola";
 var VALID_MODES = ["allow-list", "deny-list"];
 var yoloSetCommand = defineCommand42({
   meta: {
@@ -5136,12 +4354,12 @@ var yoloSetCommand = defineCommand42({
     const denyPatterns = parseList(args.deny);
     const denyRiskThreshold = args["deny-risk"] ?? null;
     const expiresAt = parseExpiresIn(args["expires-in"]);
-    consola36.info(`Setting YOLO-policy on ${email}`);
-    consola36.info(`  mode:           ${mode}`);
-    if (allowPatterns.length) consola36.info(`  allow_patterns: ${allowPatterns.join(", ")}`);
-    if (denyPatterns.length) consola36.info(`  deny_patterns:  ${denyPatterns.join(", ")}`);
-    if (denyRiskThreshold) consola36.info(`  deny_risk:      ${denyRiskThreshold}`);
-    if (expiresAt) consola36.info(`  expires_at:     ${new Date(expiresAt * 1e3).toISOString()}`);
+    consola37.info(`Setting YOLO-policy on ${email}`);
+    consola37.info(`  mode:           ${mode}`);
+    if (allowPatterns.length) consola37.info(`  allow_patterns: ${allowPatterns.join(", ")}`);
+    if (denyPatterns.length) consola37.info(`  deny_patterns:  ${denyPatterns.join(", ")}`);
+    if (denyRiskThreshold) consola37.info(`  deny_risk:      ${denyRiskThreshold}`);
+    if (expiresAt) consola37.info(`  expires_at:     ${new Date(expiresAt * 1e3).toISOString()}`);
     const url = `${idp}/api/users/${encodeURIComponent(email)}/yolo-policy`;
     const res = await fetch(url, {
       method: "PUT",
@@ -5161,7 +4379,7 @@ var yoloSetCommand = defineCommand42({
       const text = await res.text().catch(() => "");
       throw new CliError(`PUT /yolo-policy failed (${res.status}): ${text}`);
     }
-    consola36.success(`YOLO-policy applied to ${email}`);
+    consola37.success(`YOLO-policy applied to ${email}`);
   }
 });
 function parseList(s) {
@@ -5180,7 +4398,7 @@ function parseExpiresIn(s) {
 
 // src/commands/yolo/show.ts
 import { defineCommand as defineCommand43 } from "citty";
-import consola37 from "consola";
+import consola38 from "consola";
 var yoloShowCommand = defineCommand43({
   meta: {
     name: "show",
@@ -5218,12 +4436,12 @@ var yoloShowCommand = defineCommand43({
       console.log(JSON.stringify(policy, null, 2));
       return;
     }
-    consola37.info(`YOLO-policy for ${email}`);
-    consola37.info(`  mode:           ${policy.mode}`);
-    consola37.info(`  allow_patterns: ${policy.allowPatterns.length ? policy.allowPatterns.join(", ") : "(none)"}`);
-    consola37.info(`  deny_patterns:  ${policy.denyPatterns.length ? policy.denyPatterns.join(", ") : "(none)"}`);
-    consola37.info(`  deny_risk:      ${policy.denyRiskThreshold ?? "(none)"}`);
-    consola37.info(`  expires_at:     ${policy.expiresAt ? new Date(policy.expiresAt * 1e3).toISOString() : "(never)"}`);
+    consola38.info(`YOLO-policy for ${email}`);
+    consola38.info(`  mode:           ${policy.mode}`);
+    consola38.info(`  allow_patterns: ${policy.allowPatterns.length ? policy.allowPatterns.join(", ") : "(none)"}`);
+    consola38.info(`  deny_patterns:  ${policy.denyPatterns.length ? policy.denyPatterns.join(", ") : "(none)"}`);
+    consola38.info(`  deny_risk:      ${policy.denyRiskThreshold ?? "(none)"}`);
+    consola38.info(`  expires_at:     ${policy.expiresAt ? new Date(policy.expiresAt * 1e3).toISOString() : "(never)"}`);
   }
 });
 
@@ -5242,7 +4460,7 @@ var yoloCommand = defineCommand44({
 
 // src/commands/adapter/index.ts
 import { defineCommand as defineCommand45 } from "citty";
-import consola38 from "consola";
+import consola39 from "consola";
 var adapterCommand = defineCommand45({
   meta: {
     name: "adapter",
@@ -5280,7 +4498,7 @@ var adapterCommand = defineCommand45({
 `);
             return;
           }
-          consola38.info(`Registry: ${index2.adapters.length} adapters (${index2.generated_at})`);
+          consola39.info(`Registry: ${index2.adapters.length} adapters (${index2.generated_at})`);
           for (const a of index2.adapters) {
             const installed = isInstalled(a.id, false) ? " [installed]" : "";
             console.log(`  ${a.id.padEnd(12)} ${a.name.padEnd(24)} ${a.category}${installed}`);
@@ -5302,7 +4520,7 @@ var adapterCommand = defineCommand45({
           return;
         }
         if (local.length === 0) {
-          consola38.info("No adapters installed. Use `apes adapter list --remote` to see available adapters.");
+          consola39.info("No adapters installed. Use `apes adapter list --remote` to see available adapters.");
           return;
         }
         for (const a of local) {
@@ -5339,20 +4557,20 @@ var adapterCommand = defineCommand45({
         for (const id of ids) {
           const entry = findAdapter(index, id);
           if (!entry) {
-            consola38.error(`Adapter "${id}" not found in registry. Use \`apes adapter search ${id}\` to search.`);
+            consola39.error(`Adapter "${id}" not found in registry. Use \`apes adapter search ${id}\` to search.`);
             continue;
           }
           const conflicts = findConflictingAdapters(entry.executable, id);
           if (conflicts.length > 0) {
             for (const c of conflicts) {
-              consola38.warn(`Conflicting adapter found: ${c.path} (id: ${c.adapterId}, executable: ${c.executable})`);
-              consola38.warn(`  Remove it with: apes adapter remove ${c.adapterId}`);
+              consola39.warn(`Conflicting adapter found: ${c.path} (id: ${c.adapterId}, executable: ${c.executable})`);
+              consola39.warn(`  Remove it with: apes adapter remove ${c.adapterId}`);
             }
           }
           const result = await installAdapter(entry, { local });
           const verb = result.updated ? "Updated" : "Installed";
-          consola38.success(`${verb} ${result.id} \u2192 ${result.path}`);
-          consola38.info(`Digest: ${result.digest}`);
+          consola39.success(`${verb} ${result.id} \u2192 ${result.path}`);
+          consola39.info(`Digest: ${result.digest}`);
         }
       }
     }),
@@ -5379,9 +4597,9 @@ var adapterCommand = defineCommand45({
         let failed = false;
         for (const id of ids) {
           if (removeAdapter(id, local)) {
-            consola38.success(`Removed adapter: ${id}`);
+            consola39.success(`Removed adapter: ${id}`);
           } else {
-            consola38.error(`Adapter "${id}" is not installed${local ? " locally" : ""}`);
+            consola39.error(`Adapter "${id}" is not installed${local ? " locally" : ""}`);
             failed = true;
           }
         }
@@ -5463,7 +4681,7 @@ var adapterCommand = defineCommand45({
           return;
         }
         if (results.length === 0) {
-          consola38.info(`No adapters matching "${query}"`);
+          consola39.info(`No adapters matching "${query}"`);
           return;
         }
         for (const a of results) {
@@ -5498,29 +4716,29 @@ var adapterCommand = defineCommand45({
         const targetId = args.id ? String(args.id) : void 0;
         const targets = targetId ? [targetId] : index.adapters.map((a) => a.id).filter((id) => isInstalled(id, false));
         if (targets.length === 0) {
-          consola38.info("No adapters installed to update.");
+          consola39.info("No adapters installed to update.");
           return;
         }
         for (const id of targets) {
           const entry = findAdapter(index, id);
           if (!entry) {
-            consola38.warn(`${id}: not found in registry, skipping`);
+            consola39.warn(`${id}: not found in registry, skipping`);
             continue;
           }
           const localDigest = getInstalledDigest(id, false);
           if (localDigest === entry.digest) {
-            consola38.info(`${id}: already up to date`);
+            consola39.info(`${id}: already up to date`);
             continue;
           }
           if (localDigest && !args.yes) {
-            consola38.warn(`${id}: digest will change \u2014 existing grants for this adapter will be invalidated`);
-            consola38.info(`  Old: ${localDigest}`);
-            consola38.info(`  New: ${entry.digest}`);
-            consola38.info("  Use --yes to confirm");
+            consola39.warn(`${id}: digest will change \u2014 existing grants for this adapter will be invalidated`);
+            consola39.info(`  Old: ${localDigest}`);
+            consola39.info(`  New: ${entry.digest}`);
+            consola39.info("  Use --yes to confirm");
             continue;
           }
           const result = await installAdapter(entry);
-          consola38.success(`Updated ${result.id} \u2192 ${result.path}`);
+          consola39.success(`Updated ${result.id} \u2192 ${result.path}`);
         }
       }
     }),
@@ -5557,7 +4775,7 @@ var adapterCommand = defineCommand45({
         if (!localDigest)
           throw new Error(`Adapter "${id}" is not installed${local ? " locally" : ""}`);
         if (localDigest === entry.digest) {
-          consola38.success(`${id}: digest matches registry`);
+          consola39.success(`${id}: digest matches registry`);
         } else {
           console.log(`  Local:    ${localDigest}`);
           console.log(`  Registry: ${entry.digest}`);
@@ -5569,14 +4787,13 @@ var adapterCommand = defineCommand45({
 });
 
 // src/commands/run.ts
-import { execFileSync as execFileSync17 } from "child_process";
-import { hostname as hostname6 } from "os";
+import { execFileSync as execFileSync11 } from "child_process";
+import { hostname as hostname5 } from "os";
 import { basename } from "path";
 import { defineCommand as defineCommand46 } from "citty";
-import consola39 from "consola";
+import consola40 from "consola";
 function resolveRunAsTarget(runAs) {
   if (!runAs) return runAs;
-  if (!isDarwin2()) return runAs;
   if (!AGENT_NAME_REGEX.test(runAs)) return runAs;
   if (runAs.startsWith("openape-agent-")) return runAs;
   const platform = getHostPlatform();
@@ -5630,7 +4847,7 @@ function printPendingGrantInfo(grant, idp) {
   const statusCmd = `apes grants status ${grant.id}`;
   const executeCmd = `apes grants run ${grant.id}`;
   if (mode === "human") {
-    consola39.success(`Grant ${grant.id} created \u2014 awaiting your approval`);
+    consola40.success(`Grant ${grant.id} created \u2014 awaiting your approval`);
     console.log(`  Approve in browser:  ${approveUrl}`);
     console.log(`  Check status:        ${statusCmd}`);
     console.log(`  Run after approval:  ${executeCmd}`);
@@ -5640,7 +4857,7 @@ function printPendingGrantInfo(grant, idp) {
     return;
   }
   const maxMin = getPollMaxMinutes();
-  consola39.success(`Grant ${grant.id} created (pending approval)`);
+  consola40.success(`Grant ${grant.id} created (pending approval)`);
   console.log(`  Approve:   ${approveUrl}`);
   console.log(`  Status:    ${statusCmd} [--json]`);
   console.log(`  Execute:   ${executeCmd} --wait`);
@@ -5754,7 +4971,7 @@ async function runShellMode(command, args) {
   const adapterHandled = await tryAdapterModeFromShell(command, idp, args);
   if (adapterHandled) return;
   const grantsUrl = await getGrantsEndpoint(idp);
-  const targetHost = args.host || hostname6();
+  const targetHost = args.host || hostname5();
   try {
     const grants = await apiFetch(
       `${grantsUrl}?requester=${encodeURIComponent(auth.email)}&status=approved&limit=20`
@@ -5768,7 +4985,7 @@ async function runShellMode(command, args) {
     }
   } catch {
   }
-  consola39.info(`Requesting ape-shell session grant on ${targetHost}`);
+  consola40.info(`Requesting ape-shell session grant on ${targetHost}`);
   const grant = await apiFetch(grantsUrl, {
     method: "POST",
     body: {
@@ -5788,8 +5005,8 @@ async function runShellMode(command, args) {
     host: targetHost
   });
   if (shouldWaitForGrant(args)) {
-    consola39.info(`Grant requested: ${grant.id}`);
-    consola39.info("Waiting for approval...");
+    consola40.info(`Grant requested: ${grant.id}`);
+    consola40.info("Waiting for approval...");
     const maxWait = 3e5;
     const interval = 3e3;
     const start = Date.now();
@@ -5820,13 +5037,13 @@ async function tryAdapterModeFromShell(command, idp, args) {
   try {
     resolved = await resolveCommand(loaded, [normalizedExecutable, ...parsed.argv]);
   } catch (err) {
-    consola39.debug(`ape-shell: adapter resolve failed for "${parsed.raw}":`, err);
+    consola40.debug(`ape-shell: adapter resolve failed for "${parsed.raw}":`, err);
     return false;
   }
   try {
     const existingGrantId = await findExistingGrant(resolved, idp);
     if (existingGrantId) {
-      consola39.info(`Reusing grant ${existingGrantId} for: ${resolved.detail.display}`);
+      consola40.info(`Reusing grant ${existingGrantId} for: ${resolved.detail.display}`);
       const token = await fetchGrantToken(idp, existingGrantId);
       await verifyAndExecute(token, resolved, existingGrantId);
       return true;
@@ -5834,7 +5051,7 @@ async function tryAdapterModeFromShell(command, idp, args) {
   } catch {
   }
   const approval = args.approval ?? "once";
-  consola39.info(`Requesting grant for: ${resolved.detail.display}`);
+  consola40.info(`Requesting grant for: ${resolved.detail.display}`);
   const grant = await createShapesGrant(resolved, {
     idp,
     approval,
@@ -5842,19 +5059,19 @@ async function tryAdapterModeFromShell(command, idp, args) {
   });
   if (grant.similar_grants?.similar_grants?.length) {
     const n = grant.similar_grants.similar_grants.length;
-    consola39.info("");
-    consola39.info(`  Similar grant(s) found (${n}). Your approver can extend an existing grant to cover this request.`);
+    consola40.info("");
+    consola40.info(`  Similar grant(s) found (${n}). Your approver can extend an existing grant to cover this request.`);
   }
   notifyGrantPending({
     grantId: grant.id,
     approveUrl: `${idp}/grant-approval?grant_id=${grant.id}`,
     command: resolved.detail?.display || parsed?.raw || "unknown",
     audience: resolved.adapter?.cli?.audience ?? "shapes",
-    host: args.host || hostname6()
+    host: args.host || hostname5()
   });
   if (shouldWaitForGrant(args)) {
-    consola39.info(`Grant requested: ${grant.id}`);
-    consola39.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
+    consola40.info(`Grant requested: ${grant.id}`);
+    consola40.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
     const status = await waitForGrantStatus(idp, grant.id);
     if (status !== "approved")
       throw new CliError(`Grant ${status}`);
@@ -5870,7 +5087,7 @@ function execShellCommand(command) {
     throw new CliError("No command to execute");
   try {
     const { APES_SHELL_WRAPPER: _wrapperMarker, ...inheritedEnv } = process.env;
-    execFileSync17(command[0], command.slice(1), {
+    execFileSync11(command[0], command.slice(1), {
       stdio: "inherit",
       env: inheritedEnv
     });
@@ -5928,7 +5145,7 @@ async function runAdapterMode(command, rawArgs, args) {
   try {
     const existingGrantId = await findExistingGrant(resolved, idp);
     if (existingGrantId) {
-      consola39.info(`Reusing existing grant: ${existingGrantId}`);
+      consola40.info(`Reusing existing grant: ${existingGrantId}`);
       const token = await fetchGrantToken(idp, existingGrantId);
       await verifyAndExecute(token, resolved, existingGrantId);
       return;
@@ -5942,17 +5159,17 @@ async function runAdapterMode(command, rawArgs, args) {
   });
   if (grant.similar_grants?.similar_grants?.length) {
     const n = grant.similar_grants.similar_grants.length;
-    consola39.info("");
-    consola39.info(`  Similar grant(s) found (${n}). Your approver can extend an existing grant to cover this request.`);
+    consola40.info("");
+    consola40.info(`  Similar grant(s) found (${n}). Your approver can extend an existing grant to cover this request.`);
     if (grant.similar_grants.widened_details?.length) {
       const wider = grant.similar_grants.widened_details.map((d) => d.permission).join(", ");
-      consola39.info(`  Broader scope: ${wider}`);
+      consola40.info(`  Broader scope: ${wider}`);
     }
-    consola39.info("");
+    consola40.info("");
   }
   if (shouldWaitForGrant(args)) {
-    consola39.info(`Grant requested: ${grant.id}`);
-    consola39.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
+    consola40.info(`Grant requested: ${grant.id}`);
+    consola40.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
     const status = await waitForGrantStatus(idp, grant.id);
     if (status !== "approved")
       throw new Error(`Grant ${status}`);
@@ -5971,7 +5188,7 @@ async function runAudienceMode(audience, action, args, commandArgv) {
   const idp = getIdpUrl(args.idp);
   const grantsUrl = await getGrantsEndpoint(idp);
   const command = commandArgv ?? action.split(" ");
-  const targetHost = args.host || hostname6();
+  const targetHost = args.host || hostname5();
   const runAs = resolveRunAsTarget(args.as ?? void 0);
   const reusableId = await findReusableAudienceGrant({
     grantsUrl,
@@ -5985,7 +5202,7 @@ async function runAudienceMode(audience, action, args, commandArgv) {
     const { authz_jwt: authz_jwt2 } = await apiFetch(`${grantsUrl}/${reusableId}/token`, { method: "POST" });
     return executeWithGrantToken({ audience, command, args, token: authz_jwt2 });
   }
-  consola39.info(`Requesting ${audience} grant on ${targetHost}: ${command.join(" ")}`);
+  consola40.info(`Requesting ${audience} grant on ${targetHost}: ${command.join(" ")}`);
   const grant = await apiFetch(grantsUrl, {
     method: "POST",
     body: {
@@ -6002,9 +5219,9 @@ async function runAudienceMode(audience, action, args, commandArgv) {
     printPendingGrantInfo(grant, idp);
     throw new CliExit(getAsyncExitCode());
   }
-  consola39.success(`Grant requested: ${grant.id}`);
-  consola39.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
-  consola39.info("Waiting for approval...");
+  consola40.success(`Grant requested: ${grant.id}`);
+  consola40.info(`Approve at: ${idp}/grant-approval?grant_id=${grant.id}`);
+  consola40.info("Waiting for approval...");
   const maxWait = 15 * 60 * 1e3;
   const interval = 3e3;
   const start = Date.now();
@@ -6012,7 +5229,7 @@ async function runAudienceMode(audience, action, args, commandArgv) {
   while (Date.now() - start < maxWait) {
     const status = await apiFetch(`${grantsUrl}/${grant.id}`);
     if (status.status === "approved") {
-      consola39.success("Grant approved!");
+      consola40.success("Grant approved!");
       approved = true;
       break;
     }
@@ -6027,7 +5244,7 @@ async function runAudienceMode(audience, action, args, commandArgv) {
       `Grant approval timed out after ${minutes} min (still pending). Check your DDISA inbox at ${idp}/grant-approval?grant_id=${grant.id} \u2014 if approved later, re-run the same \`apes run\` command and it will reuse the grant.`
     );
   }
-  consola39.info("Fetching grant token...");
+  consola40.info("Fetching grant token...");
   const { authz_jwt } = await apiFetch(`${grantsUrl}/${grant.id}/token`, {
     method: "POST"
   });
@@ -6036,10 +5253,10 @@ async function runAudienceMode(audience, action, args, commandArgv) {
 function executeWithGrantToken(opts) {
   const { audience, command, args, token } = opts;
   if (audience === "escapes") {
-    consola39.info(`Executing: ${command.join(" ")}`);
+    consola40.info(`Executing: ${command.join(" ")}`);
     try {
       const { APES_SHELL_WRAPPER: _wrapperMarker, ...inheritedEnv } = process.env;
-      execFileSync17(args["escapes-path"] || "escapes", ["--grant", token, "--", ...command], {
+      execFileSync11(args["escapes-path"] || "escapes", ["--grant", token, "--", ...command], {
         stdio: "inherit",
         env: inheritedEnv
       });
@@ -6075,11 +5292,11 @@ async function findReusableAudienceGrant(opts) {
 
 // src/commands/proxy.ts
 import { spawn as spawn2 } from "child_process";
-import { existsSync as existsSync20 } from "fs";
-import { homedir as homedir14 } from "os";
-import { join as join18 } from "path";
+import { existsSync as existsSync18 } from "fs";
+import { homedir as homedir13 } from "os";
+import { join as join15 } from "path";
 import { defineCommand as defineCommand47 } from "citty";
-import consola40 from "consola";
+import consola41 from "consola";
 
 // src/proxy/config.ts
 function buildDefaultProxyConfigToml(opts) {
@@ -6113,10 +5330,10 @@ note = "VPC-internal hostname suffix"
 
 // src/proxy/local-proxy.ts
 import { spawn } from "child_process";
-import { mkdtempSync as mkdtempSync4, rmSync as rmSync6, writeFileSync as writeFileSync11 } from "fs";
+import { mkdtempSync as mkdtempSync2, rmSync as rmSync4, writeFileSync as writeFileSync10 } from "fs";
 import { createRequire } from "module";
-import { tmpdir as tmpdir4 } from "os";
-import { dirname as dirname4, join as join16, resolve as resolve3 } from "path";
+import { tmpdir as tmpdir2 } from "os";
+import { dirname as dirname4, join as join13, resolve as resolve4 } from "path";
 var require2 = createRequire(import.meta.url);
 function findProxyBin() {
   const pkgPath = require2.resolve("@openape/proxy/package.json");
@@ -6125,12 +5342,12 @@ function findProxyBin() {
   if (!binRel) {
     throw new Error("@openape/proxy is missing the openape-proxy bin entry");
   }
-  return resolve3(dirname4(pkgPath), binRel);
+  return resolve4(dirname4(pkgPath), binRel);
 }
 async function startEphemeralProxy(configToml) {
-  const tmpDir = mkdtempSync4(join16(tmpdir4(), "openape-proxy-"));
-  const configPath = join16(tmpDir, "config.toml");
-  writeFileSync11(configPath, configToml, { mode: 384 });
+  const tmpDir = mkdtempSync2(join13(tmpdir2(), "openape-proxy-"));
+  const configPath = join13(tmpDir, "config.toml");
+  writeFileSync10(configPath, configToml, { mode: 384 });
   const binPath = findProxyBin();
   const child = spawn(process.execPath, [binPath, "-c", configPath], {
     stdio: ["ignore", "pipe", "pipe"],
@@ -6138,7 +5355,7 @@ async function startEphemeralProxy(configToml) {
   });
   const cleanupTmp = () => {
     try {
-      rmSync6(tmpDir, { recursive: true, force: true });
+      rmSync4(tmpDir, { recursive: true, force: true });
     } catch {
     }
   };
@@ -6212,9 +5429,9 @@ function waitForListenLine(child) {
 }
 
 // src/proxy/trust-bundle.ts
-import { existsSync as existsSync19, mkdtempSync as mkdtempSync5, readFileSync as readFileSync17, rmdirSync, unlinkSync as unlinkSync3, writeFileSync as writeFileSync12 } from "fs";
-import { tmpdir as tmpdir5 } from "os";
-import { join as join17 } from "path";
+import { existsSync as existsSync17, mkdtempSync as mkdtempSync3, readFileSync as readFileSync15, rmdirSync, unlinkSync as unlinkSync2, writeFileSync as writeFileSync11 } from "fs";
+import { tmpdir as tmpdir3 } from "os";
+import { join as join14 } from "path";
 var CANDIDATES = [
   "/etc/ssl/cert.pem",
   // macOS
@@ -6227,25 +5444,25 @@ var CANDIDATES = [
 ];
 function detectSystemCaPath() {
   for (const p of CANDIDATES) {
-    if (existsSync19(p)) return p;
+    if (existsSync17(p)) return p;
   }
   throw new Error(
     `Could not locate a system CA bundle. Tried: ${CANDIDATES.join(", ")}. Set NODE_EXTRA_CA_CERTS yourself or pass --allow-no-system-ca.`
   );
 }
 function buildTrustBundle(opts) {
-  const dir = mkdtempSync5(join17(tmpdir5(), "openape-trust-"));
-  const path2 = join17(dir, "bundle.pem");
-  const sys = readFileSync17(opts.systemCaPath, "utf-8");
-  const local = readFileSync17(opts.localCaPath, "utf-8");
-  writeFileSync12(path2, `${sys.trimEnd()}
+  const dir = mkdtempSync3(join14(tmpdir3(), "openape-trust-"));
+  const path2 = join14(dir, "bundle.pem");
+  const sys = readFileSync15(opts.systemCaPath, "utf-8");
+  const local = readFileSync15(opts.localCaPath, "utf-8");
+  writeFileSync11(path2, `${sys.trimEnd()}
 ${local.trimEnd()}
 `, { mode: 384 });
   return {
     path: path2,
     cleanup: () => {
       try {
-        unlinkSync3(path2);
+        unlinkSync2(path2);
       } catch {
       }
       try {
@@ -6267,7 +5484,7 @@ function resolveProxyConfigOptions() {
       77
     );
   }
-  consola40.info(`[apes proxy] IdP-mediated mode \u2014 agent=${auth.email}, idp=${auth.idp}`);
+  consola41.info(`[apes proxy] IdP-mediated mode \u2014 agent=${auth.email}, idp=${auth.idp}`);
   return { agentEmail: auth.email, idpUrl: auth.idp, mediated: true };
 }
 var proxyCommand = defineCommand47({
@@ -6294,9 +5511,9 @@ var proxyCommand = defineCommand47({
     let close = null;
     if (reuseHostPort) {
       proxyUrl = `http://${reuseHostPort}`;
-      consola40.info(`[apes proxy] using long-running daemon at ${proxyUrl}`);
-      const localCaPath = join18(homedir14(), ".openape", "proxy", "ca.crt");
-      if (!existsSync20(localCaPath)) {
+      consola41.info(`[apes proxy] using long-running daemon at ${proxyUrl}`);
+      const localCaPath = join15(homedir13(), ".openape", "proxy", "ca.crt");
+      if (!existsSync18(localCaPath)) {
         throw new CliError(
           `OPENAPE_PROXY is set but no local CA found at ${localCaPath}. Start the daemon (sudo -u <agent> apes proxy --global < secrets.toml) first.`
         );
@@ -6305,15 +5522,15 @@ var proxyCommand = defineCommand47({
         systemCaPath: detectSystemCaPath(),
         localCaPath
       });
-      consola40.debug(`[apes proxy] trust bundle: ${bundle.path}`);
+      consola41.debug(`[apes proxy] trust bundle: ${bundle.path}`);
     } else if (reuseUrl) {
       proxyUrl = reuseUrl;
-      consola40.info(`[apes proxy] reusing existing proxy at ${proxyUrl}`);
+      consola41.info(`[apes proxy] reusing existing proxy at ${proxyUrl}`);
     } else {
       const ephemeral = await startEphemeralProxy(buildDefaultProxyConfigToml(resolveProxyConfigOptions()));
       proxyUrl = ephemeral.url;
       close = ephemeral.close;
-      consola40.info(`[apes proxy] started ephemeral proxy at ${proxyUrl}`);
+      consola41.info(`[apes proxy] started ephemeral proxy at ${proxyUrl}`);
     }
     const noProxy = process.env.NO_PROXY ?? process.env.no_proxy ?? "127.0.0.1,localhost";
     const childEnv = {
@@ -6354,7 +5571,7 @@ var proxyCommand = defineCommand47({
           else resolveExit(code ?? 0);
         });
         child.once("error", (err) => {
-          consola40.error(`[apes proxy] failed to spawn '${wrapped[0]}':`, err.message);
+          consola41.error(`[apes proxy] failed to spawn '${wrapped[0]}':`, err.message);
           resolveExit(127);
         });
       });
@@ -6411,7 +5628,7 @@ var explainCommand = defineCommand48({
 
 // src/commands/config/get.ts
 import { defineCommand as defineCommand49 } from "citty";
-import consola41 from "consola";
+import consola42 from "consola";
 var configGetCommand = defineCommand49({
   meta: {
     name: "get",
@@ -6432,7 +5649,7 @@ var configGetCommand = defineCommand49({
         if (idp)
           console.log(idp);
         else
-          consola41.info("No IdP configured.");
+          consola42.info("No IdP configured.");
         break;
       }
       case "email": {
@@ -6440,7 +5657,7 @@ var configGetCommand = defineCommand49({
         if (auth?.email)
           console.log(auth.email);
         else
-          consola41.info("Not logged in.");
+          consola42.info("Not logged in.");
         break;
       }
       default: {
@@ -6453,7 +5670,7 @@ var configGetCommand = defineCommand49({
           if (sectionObj && field in sectionObj) {
             console.log(sectionObj[field]);
           } else {
-            consola41.info(`Key "${key}" not set.`);
+            consola42.info(`Key "${key}" not set.`);
           }
         } else {
           throw new CliError(`Unknown key: "${key}". Use: idp, email, defaults.idp, defaults.approval, agent.key, agent.email`);
@@ -6465,7 +5682,7 @@ var configGetCommand = defineCommand49({
 
 // src/commands/config/set.ts
 import { defineCommand as defineCommand50 } from "citty";
-import consola42 from "consola";
+import consola43 from "consola";
 var configSetCommand = defineCommand50({
   meta: {
     name: "set",
@@ -6502,7 +5719,7 @@ var configSetCommand = defineCommand50({
       throw new CliError(`Unknown section: "${section}". Use: defaults, agent`);
     }
     saveConfig(config);
-    consola42.success(`Set ${key} = ${value}`);
+    consola43.success(`Set ${key} = ${value}`);
   }
 });
 
@@ -6638,42 +5855,42 @@ var mcpCommand = defineCommand52({
     if (transport !== "stdio" && transport !== "sse") {
       throw new Error('Transport must be "stdio" or "sse"');
     }
-    const { startMcpServer } = await import("./server-FB7FC2NT.js");
+    const { startMcpServer } = await import("./server-MDXOGP2U.js");
     await startMcpServer(transport, port);
   }
 });
 
 // src/commands/init/index.ts
-import { existsSync as existsSync21, copyFileSync, writeFileSync as writeFileSync13 } from "fs";
+import { existsSync as existsSync19, copyFileSync, writeFileSync as writeFileSync12 } from "fs";
 import { randomBytes } from "crypto";
-import { execFileSync as execFileSync18 } from "child_process";
-import { join as join19 } from "path";
+import { execFileSync as execFileSync12 } from "child_process";
+import { join as join16 } from "path";
 import { defineCommand as defineCommand53 } from "citty";
-import consola43 from "consola";
+import consola44 from "consola";
 var DEFAULT_IDP_URL = "https://id.openape.at";
 async function downloadTemplate(repo, targetDir) {
   const { downloadTemplate: gigetDownload } = await import("giget");
   await gigetDownload(`gh:${repo}`, { dir: targetDir, force: false });
 }
 function installDeps(dir) {
-  const hasLockFile = (name) => existsSync21(join19(dir, name));
+  const hasLockFile = (name) => existsSync19(join16(dir, name));
   if (hasLockFile("pnpm-lock.yaml")) {
-    execFileSync18("pnpm", ["install"], { cwd: dir, stdio: "inherit" });
+    execFileSync12("pnpm", ["install"], { cwd: dir, stdio: "inherit" });
   } else if (hasLockFile("bun.lockb")) {
-    execFileSync18("bun", ["install"], { cwd: dir, stdio: "inherit" });
+    execFileSync12("bun", ["install"], { cwd: dir, stdio: "inherit" });
   } else {
-    execFileSync18("npm", ["install"], { cwd: dir, stdio: "inherit" });
+    execFileSync12("npm", ["install"], { cwd: dir, stdio: "inherit" });
   }
 }
 async function promptChoice(message, choices) {
-  const result = await consola43.prompt(message, { type: "select", options: choices });
+  const result = await consola44.prompt(message, { type: "select", options: choices });
   if (typeof result === "symbol") {
     throw new CliExit(0);
   }
   return result;
 }
 async function promptText(message, defaultValue) {
-  const result = await consola43.prompt(message, { type: "text", default: defaultValue, placeholder: defaultValue });
+  const result = await consola44.prompt(message, { type: "text", default: defaultValue, placeholder: defaultValue });
   if (typeof result === "symbol") {
     throw new CliExit(0);
   }
@@ -6721,23 +5938,23 @@ var initCommand = defineCommand53({
 });
 async function initSP(targetDir) {
   const dir = targetDir || "my-app";
-  if (existsSync21(join19(dir, "package.json"))) {
+  if (existsSync19(join16(dir, "package.json"))) {
     throw new CliError(`Directory "${dir}" already contains a project.`);
   }
-  consola43.start("Scaffolding SP starter...");
+  consola44.start("Scaffolding SP starter...");
   await downloadTemplate("openape-ai/openape-sp-starter", dir);
-  consola43.success("Scaffolded from openape-sp-starter");
-  consola43.start("Installing dependencies...");
+  consola44.success("Scaffolded from openape-sp-starter");
+  consola44.start("Installing dependencies...");
   installDeps(dir);
-  consola43.success("Dependencies installed");
-  const envExample = join19(dir, ".env.example");
-  const envFile = join19(dir, ".env");
-  if (existsSync21(envExample) && !existsSync21(envFile)) {
+  consola44.success("Dependencies installed");
+  const envExample = join16(dir, ".env.example");
+  const envFile = join16(dir, ".env");
+  if (existsSync19(envExample) && !existsSync19(envFile)) {
     copyFileSync(envExample, envFile);
-    consola43.success(`\`.env\` created (using Free IdP at ${DEFAULT_IDP_URL})`);
+    consola44.success(`\`.env\` created (using Free IdP at ${DEFAULT_IDP_URL})`);
   }
   console.log("");
-  consola43.box([
+  consola44.box([
     `cd ${dir}`,
     "npm run dev",
     "",
@@ -6746,7 +5963,7 @@ async function initSP(targetDir) {
 }
 async function initIdP(targetDir) {
   const dir = targetDir || "my-idp";
-  if (existsSync21(join19(dir, "package.json"))) {
+  if (existsSync19(join16(dir, "package.json"))) {
     throw new CliError(`Directory "${dir}" already contains a project.`);
   }
   const domain = await promptText("Domain for the IdP", "localhost");
@@ -6756,15 +5973,15 @@ async function initIdP(targetDir) {
     "s3 (S3-compatible)"
   ]);
   const adminEmail = await promptText("Admin email");
-  consola43.start("Scaffolding IdP starter...");
+  consola44.start("Scaffolding IdP starter...");
   await downloadTemplate("openape-ai/openape-idp-starter", dir);
-  consola43.success("Scaffolded from openape-idp-starter");
-  consola43.start("Installing dependencies...");
+  consola44.success("Scaffolded from openape-idp-starter");
+  consola44.start("Installing dependencies...");
   installDeps(dir);
-  consola43.success("Dependencies installed");
+  consola44.success("Dependencies installed");
   const sessionSecret = randomBytes(32).toString("hex");
   const managementToken = randomBytes(32).toString("hex");
-  consola43.success("Secrets generated");
+  consola44.success("Secrets generated");
   const isLocalhost = domain === "localhost";
   const origin = isLocalhost ? "http://localhost:3000" : `https://${domain}`;
   const envContent = [
@@ -6778,11 +5995,11 @@ async function initIdP(targetDir) {
     `NUXT_OPENAPE_RP_ID=${domain}`,
     `NUXT_OPENAPE_RP_ORIGIN=${origin}`
   ].join("\n");
-  writeFileSync13(join19(dir, ".env"), `${envContent}
+  writeFileSync12(join16(dir, ".env"), `${envContent}
 `, { mode: 384 });
-  consola43.success(".env created");
+  consola44.success(".env created");
   console.log("");
-  consola43.box([
+  consola44.box([
     `cd ${dir}`,
     "npm run dev",
     "",
@@ -6798,12 +6015,12 @@ async function initIdP(targetDir) {
 }
 
 // src/commands/enroll.ts
-import { Buffer as Buffer5 } from "buffer";
-import { existsSync as existsSync22, readFileSync as readFileSync18 } from "fs";
+import { Buffer as Buffer4 } from "buffer";
+import { existsSync as existsSync20, readFileSync as readFileSync16 } from "fs";
 import { execFile as execFile2 } from "child_process";
 import { sign as sign2 } from "crypto";
 import { defineCommand as defineCommand54 } from "citty";
-import consola44 from "consola";
+import consola45 from "consola";
 var DEFAULT_IDP_URL2 = "https://id.openape.at";
 var DEFAULT_KEY_PATH = "~/.ssh/id_ed25519";
 var POLL_INTERVAL = 3e3;
@@ -6815,7 +6032,7 @@ function openBrowser2(url) {
 }
 async function pollForEnrollment(idp, agentEmail, keyPath) {
   const resolvedKey = resolveKeyPath(keyPath);
-  const keyContent = readFileSync18(resolvedKey, "utf-8");
+  const keyContent = readFileSync16(resolvedKey, "utf-8");
   const privateKey = loadEd25519PrivateKey(keyContent);
   const challengeUrl = await getAgentChallengeEndpoint(idp);
   const authenticateUrl = await getAgentAuthenticateEndpoint(idp);
@@ -6829,7 +6046,7 @@ async function pollForEnrollment(idp, agentEmail, keyPath) {
       });
       if (challengeResp.ok) {
         const { challenge } = await challengeResp.json();
-        const signature = sign2(null, Buffer5.from(challenge), privateKey).toString("base64");
+        const signature = sign2(null, Buffer4.from(challenge), privateKey).toString("base64");
         const authResp = await fetch(authenticateUrl, {
           method: "POST",
           headers: { "Content-Type": "application/json" },
@@ -6842,7 +6059,7 @@ async function pollForEnrollment(idp, agentEmail, keyPath) {
       }
     } catch {
     }
-    await new Promise((resolve4) => setTimeout(resolve4, POLL_INTERVAL));
+    await new Promise((resolve5) => setTimeout(resolve5, POLL_INTERVAL));
   }
   throw new Error("Enrollment timed out. Please check the browser and try again.");
 }
@@ -6866,38 +6083,38 @@ var enrollCommand = defineCommand54({
     }
   },
   async run({ args }) {
-    const idp = args.idp || await consola44.prompt("IdP URL", { type: "text", default: DEFAULT_IDP_URL2, placeholder: DEFAULT_IDP_URL2 }).then((r) => {
+    const idp = args.idp || await consola45.prompt("IdP URL", { type: "text", default: DEFAULT_IDP_URL2, placeholder: DEFAULT_IDP_URL2 }).then((r) => {
       if (typeof r === "symbol") throw new CliExit(0);
       return r;
     }) || DEFAULT_IDP_URL2;
-    const agentName = args.name || await consola44.prompt("Agent name", { type: "text", placeholder: "deploy-bot" }).then((r) => {
+    const agentName = args.name || await consola45.prompt("Agent name", { type: "text", placeholder: "deploy-bot" }).then((r) => {
       if (typeof r === "symbol") throw new CliExit(0);
       return r;
     });
     if (!agentName) {
       throw new CliError("Agent name is required.");
     }
-    const keyPath = args.key || await consola44.prompt("Ed25519 key", { type: "text", default: DEFAULT_KEY_PATH, placeholder: DEFAULT_KEY_PATH }).then((r) => {
+    const keyPath = args.key || await consola45.prompt("Ed25519 key", { type: "text", default: DEFAULT_KEY_PATH, placeholder: DEFAULT_KEY_PATH }).then((r) => {
       if (typeof r === "symbol") throw new CliExit(0);
       return r;
     }) || DEFAULT_KEY_PATH;
     const resolvedKey = resolveKeyPath(keyPath);
     let publicKey;
-    if (existsSync22(resolvedKey)) {
+    if (existsSync20(resolvedKey)) {
       publicKey = readPublicKey(resolvedKey);
-      consola44.success(`Using existing key ${keyPath}`);
+      consola45.success(`Using existing key ${keyPath}`);
     } else {
-      consola44.start(`Generating Ed25519 key pair at ${keyPath}...`);
+      consola45.start(`Generating Ed25519 key pair at ${keyPath}...`);
       publicKey = generateAndSaveKey(keyPath);
-      consola44.success(`Key pair generated at ${keyPath}`);
+      consola45.success(`Key pair generated at ${keyPath}`);
     }
     const encodedKey = encodeURIComponent(publicKey);
     const enrollUrl = `${idp}/enroll?name=${encodeURIComponent(agentName)}&key=${encodedKey}`;
-    consola44.info("Opening browser for enrollment...");
-    consola44.info(`\u2192 ${idp}/enroll`);
+    consola45.info("Opening browser for enrollment...");
+    consola45.info(`\u2192 ${idp}/enroll`);
     openBrowser2(enrollUrl);
     console.log("");
-    const agentEmail = await consola44.prompt(
+    const agentEmail = await consola45.prompt(
       "Agent email (shown in browser after enrollment)",
       { type: "text", placeholder: `agent+${agentName}@...` }
     ).then((r) => {
@@ -6907,7 +6124,7 @@ var enrollCommand = defineCommand54({
     if (!agentEmail) {
       throw new CliError("Agent email is required to verify enrollment.");
     }
-    consola44.start("Verifying enrollment...");
+    consola45.start("Verifying enrollment...");
     const { token, expiresIn } = await pollForEnrollment(idp, agentEmail, keyPath);
     saveAuth({
       idp,
@@ -6919,17 +6136,17 @@ var enrollCommand = defineCommand54({
     config.defaults = { ...config.defaults, idp };
     config.agent = { key: keyPath, email: agentEmail };
     saveConfig(config);
-    consola44.success(`Agent enrolled as ${agentEmail}`);
-    consola44.success("Config saved to ~/.config/apes/");
+    consola45.success(`Agent enrolled as ${agentEmail}`);
+    consola45.success("Config saved to ~/.config/apes/");
     console.log("");
-    consola44.info("Verify with: apes whoami");
+    consola45.info("Verify with: apes whoami");
   }
 });
 
 // src/commands/register-user.ts
-import { existsSync as existsSync23, readFileSync as readFileSync19 } from "fs";
+import { existsSync as existsSync21, readFileSync as readFileSync17 } from "fs";
 import { defineCommand as defineCommand55 } from "citty";
-import consola45 from "consola";
+import consola46 from "consola";
 var registerUserCommand = defineCommand55({
   meta: {
     name: "register-user",
@@ -6966,8 +6183,8 @@ var registerUserCommand = defineCommand55({
       throw new CliError("No IdP URL configured. Run `apes login` first.");
     }
     let publicKey = args.key;
-    if (existsSync23(args.key)) {
-      publicKey = readFileSync19(args.key, "utf-8").trim();
+    if (existsSync21(args.key)) {
+      publicKey = readFileSync17(args.key, "utf-8").trim();
     }
     if (!publicKey.startsWith("ssh-ed25519 ")) {
       throw new CliError("Public key must be in ssh-ed25519 format.");
@@ -6985,7 +6202,7 @@ var registerUserCommand = defineCommand55({
         ...userType ? { type: userType } : {}
       }
     });
-    consola45.success(`User registered: ${result.email} (type: ${result.type}, owner: ${result.owner})`);
+    consola46.success(`User registered: ${result.email} (type: ${result.type}, owner: ${result.owner})`);
   }
 });
 
@@ -6994,7 +6211,7 @@ import { defineCommand as defineCommand57 } from "citty";
 
 // src/commands/utils/dig.ts
 import { defineCommand as defineCommand56 } from "citty";
-import consola46 from "consola";
+import consola47 from "consola";
 import { resolveDDISA as resolveDDISA2 } from "@openape/core";
 var digCommand = defineCommand56({
   meta: {
@@ -7069,12 +6286,12 @@ var digCommand = defineCommand56({
     console.log(`  domain: ${domain}`);
     console.log("");
     if (!result.ddisa.found) {
-      consola46.warn(`No DDISA record at _ddisa.${domain}`);
+      consola47.warn(`No DDISA record at _ddisa.${domain}`);
       if (result.hint) console.log(`
 ${result.hint}`);
       throw new CliError(`No DDISA record found for ${domain}`);
     }
-    consola46.success(`_ddisa.${domain} \u2192 ${result.ddisa.idp}`);
+    consola47.success(`_ddisa.${domain} \u2192 ${result.ddisa.idp}`);
     console.log(`  Version:  ${result.ddisa.version || "ddisa1"}`);
     console.log(`  IdP URL:  ${result.ddisa.idp}`);
     if (result.ddisa.mode) console.log(`  Mode:     ${result.ddisa.mode}`);
@@ -7084,13 +6301,13 @@ ${result.hint}`);
       return;
     }
     if (result.idpDiscovery.ok) {
-      consola46.success(`IdP reachable (${result.idpDiscovery.status ?? 200})`);
+      consola47.success(`IdP reachable (${result.idpDiscovery.status ?? 200})`);
       if (result.idpDiscovery.issuer) console.log(`  Issuer:   ${result.idpDiscovery.issuer}`);
       if (result.idpDiscovery.ddisaVersion) console.log(`  DDISA:    v${result.idpDiscovery.ddisaVersion}`);
       if (result.idpDiscovery.authMethods?.length) console.log(`  Auth:     ${result.idpDiscovery.authMethods.join(", ")}`);
       if (result.idpDiscovery.grantTypes?.length) console.log(`  Grants:   ${result.idpDiscovery.grantTypes.join(", ")}`);
     } else {
-      consola46.warn(`IdP discovery failed${result.idpDiscovery.status ? ` (HTTP ${result.idpDiscovery.status})` : ""}`);
+      consola47.warn(`IdP discovery failed${result.idpDiscovery.status ? ` (HTTP ${result.idpDiscovery.status})` : ""}`);
       if (result.hint) console.log(`
 ${result.hint}`);
       throw new CliError(`IdP at ${result.ddisa.idp} not reachable`);
@@ -7114,7 +6331,7 @@ import { defineCommand as defineCommand60 } from "citty";
 
 // src/commands/sessions/list.ts
 import { defineCommand as defineCommand58 } from "citty";
-import consola47 from "consola";
+import consola48 from "consola";
 var sessionsListCommand = defineCommand58({
   meta: {
     name: "list",
@@ -7133,7 +6350,7 @@ var sessionsListCommand = defineCommand58({
       return;
     }
     if (result.data.length === 0) {
-      consola47.info("No active sessions.");
+      consola48.info("No active sessions.");
       return;
     }
     for (const f of result.data) {
@@ -7146,7 +6363,7 @@ var sessionsListCommand = defineCommand58({
 
 // src/commands/sessions/remove.ts
 import { defineCommand as defineCommand59 } from "citty";
-import consola48 from "consola";
+import consola49 from "consola";
 var sessionsRemoveCommand = defineCommand59({
   meta: {
     name: "remove",
@@ -7163,7 +6380,7 @@ var sessionsRemoveCommand = defineCommand59({
     const id = String(args.familyId).trim();
     if (!id) throw new CliError("familyId required");
     await apiFetch(`/api/me/sessions/${encodeURIComponent(id)}`, { method: "DELETE" });
-    consola48.success(`Session ${id} revoked. The device using it will need to \`apes login\` again on its next refresh.`);
+    consola49.success(`Session ${id} revoked. The device using it will need to \`apes login\` again on its next refresh.`);
   }
 });
 
@@ -7181,7 +6398,7 @@ var sessionsCommand = defineCommand60({
 
 // src/commands/dns-check.ts
 import { defineCommand as defineCommand61 } from "citty";
-import consola49 from "consola";
+import consola50 from "consola";
 import { resolveDDISA as resolveDDISA3 } from "@openape/core";
 var dnsCheckCommand = defineCommand61({
   meta: {
@@ -7197,7 +6414,7 @@ var dnsCheckCommand = defineCommand61({
   },
   async run({ args }) {
     const domain = args.domain;
-    consola49.start(`Checking _ddisa.${domain}...`);
+    consola50.start(`Checking _ddisa.${domain}...`);
     try {
       const result = await resolveDDISA3(domain);
       if (!result) {
@@ -7206,7 +6423,7 @@ var dnsCheckCommand = defineCommand61({
         console.log(`  _ddisa.${domain} TXT "v=ddisa1 idp=https://id.${domain}"`);
         throw new CliError(`No DDISA record found for ${domain}`);
       }
-      consola49.success(`_ddisa.${domain} \u2192 ${result.idp}`);
+      consola50.success(`_ddisa.${domain} \u2192 ${result.idp}`);
       console.log("");
       console.log(`  Version:  ${result.version || "ddisa1"}`);
       console.log(`  IdP URL:  ${result.idp}`);
@@ -7215,14 +6432,14 @@ var dnsCheckCommand = defineCommand61({
       if (result.priority !== void 0)
         console.log(`  Priority: ${result.priority}`);
       console.log("");
-      consola49.start(`Verifying IdP at ${result.idp}...`);
+      consola50.start(`Verifying IdP at ${result.idp}...`);
       const discoResp = await fetch(`${result.idp}/.well-known/openid-configuration`);
       if (!discoResp.ok) {
-        consola49.warn(`IdP discovery failed (${discoResp.status}). Is the IdP running at ${result.idp}?`);
+        consola50.warn(`IdP discovery failed (${discoResp.status}). Is the IdP running at ${result.idp}?`);
         return;
       }
       const disco = await discoResp.json();
-      consola49.success(`IdP is reachable`);
+      consola50.success(`IdP is reachable`);
       console.log(`  Issuer:   ${disco.issuer}`);
       console.log(`  DDISA:    v${disco.ddisa_version || "?"}`);
       if (disco.ddisa_auth_methods_supported) {
@@ -7276,7 +6493,7 @@ async function bestEffortGrantCount(idp) {
   }
 }
 async function runHealth(args) {
-  const version = true ? "1.29.1" : "0.0.0";
+  const version = true ? "1.31.0" : "0.0.0";
   const auth = loadAuth();
   if (!auth) {
     throw new CliError("Not logged in. Run `apes login` first.", 1);
@@ -7358,7 +6575,7 @@ var healthCommand = defineCommand62({
 
 // src/commands/workflows.ts
 import { defineCommand as defineCommand63 } from "citty";
-import consola50 from "consola";
+import consola51 from "consola";
 
 // src/guides/index.ts
 var guides = [
@@ -7429,7 +6646,7 @@ var workflowsCommand = defineCommand63({
     if (args.id) {
       const guide = guides.find((g) => g.id === String(args.id));
       if (!guide) {
-        consola50.info(`Available: ${guides.map((g) => g.id).join(", ")}`);
+        consola51.info(`Available: ${guides.map((g) => g.id).join(", ")}`);
         throw new CliError(`Guide not found: ${args.id}`);
       }
       if (args.json) {
@@ -7469,26 +6686,26 @@ var workflowsCommand = defineCommand63({
 });
 
 // src/version-check.ts
-import { existsSync as existsSync24, mkdirSync as mkdirSync7, readFileSync as readFileSync20, writeFileSync as writeFileSync14 } from "fs";
-import { homedir as homedir15 } from "os";
-import { join as join20 } from "path";
-import consola51 from "consola";
+import { existsSync as existsSync22, mkdirSync as mkdirSync7, readFileSync as readFileSync18, writeFileSync as writeFileSync13 } from "fs";
+import { homedir as homedir14 } from "os";
+import { join as join17 } from "path";
+import consola52 from "consola";
 var PACKAGE_NAME = "@openape/apes";
 var CACHE_TTL_MS = 24 * 60 * 60 * 1e3;
-var CACHE_FILE = join20(homedir15(), ".config", "apes", ".version-check.json");
+var CACHE_FILE = join17(homedir14(), ".config", "apes", ".version-check.json");
 function readCache() {
-  if (!existsSync24(CACHE_FILE)) return null;
+  if (!existsSync22(CACHE_FILE)) return null;
   try {
-    return JSON.parse(readFileSync20(CACHE_FILE, "utf-8"));
+    return JSON.parse(readFileSync18(CACHE_FILE, "utf-8"));
   } catch {
     return null;
   }
 }
 function writeCache(entry) {
   try {
-    const dir = join20(homedir15(), ".config", "apes");
-    if (!existsSync24(dir)) mkdirSync7(dir, { recursive: true, mode: 448 });
-    writeFileSync14(CACHE_FILE, JSON.stringify(entry), { mode: 384 });
+    const dir = join17(homedir14(), ".config", "apes");
+    if (!existsSync22(dir)) mkdirSync7(dir, { recursive: true, mode: 448 });
+    writeFileSync13(CACHE_FILE, JSON.stringify(entry), { mode: 384 });
   } catch {
   }
 }
@@ -7517,7 +6734,7 @@ async function fetchLatestVersion() {
 }
 function warnIfBehind(currentVersion, latest) {
   if (compareSemver(currentVersion, latest) < 0) {
-    consola51.warn(
+    consola52.warn(
       `apes ${currentVersion} is behind latest @openape/apes@${latest}. Run \`npm i -g @openape/apes@latest\` to update. (Suppress with APES_NO_UPDATE_CHECK=1.)`
     );
   }
@@ -7549,10 +6766,10 @@ if (shellRewrite) {
   if (shellRewrite.action === "rewrite") {
     process.argv = shellRewrite.argv;
   } else if (shellRewrite.action === "version") {
-    console.log(`ape-shell ${"1.29.1"} (OpenApe DDISA shell wrapper)`);
+    console.log(`ape-shell ${"1.31.0"} (OpenApe DDISA shell wrapper)`);
     process.exit(0);
   } else if (shellRewrite.action === "help") {
-    console.log(`ape-shell ${"1.29.1"} \u2014 OpenApe DDISA shell wrapper`);
+    console.log(`ape-shell ${"1.31.0"} \u2014 OpenApe DDISA shell wrapper`);
     console.log("");
     console.log("Usage:");
     console.log("  ape-shell                 Start interactive grant-mediated REPL");
@@ -7567,7 +6784,7 @@ if (shellRewrite) {
     console.log("  --help, -h      Show this help message");
     process.exit(0);
   } else if (shellRewrite.action === "interactive") {
-    const { runInteractiveShell } = await import("./orchestrator-P7QFDBBK.js");
+    const { runInteractiveShell } = await import("./orchestrator-6PZXCE54.js");
     await runInteractiveShell();
     process.exit(0);
   } else {
@@ -7610,7 +6827,7 @@ var configCommand = defineCommand64({
 var main = defineCommand64({
   meta: {
     name: "apes",
-    version: "1.29.1",
+    version: "1.31.0",
     description: "Unified CLI for OpenApe"
   },
   subCommands: {
@@ -7662,26 +6879,26 @@ async function maybeRefreshAuth() {
   const { loadAuth: loadAuth2 } = await import("./config-MOB5DJ6H.js");
   if (!loadAuth2()) return;
   try {
-    const { ensureFreshToken } = await import("./http-UPOTOYQV.js");
+    const { ensureFreshToken } = await import("./http-SILH37L7.js");
     await ensureFreshToken();
   } catch {
   }
 }
 await maybeRefreshAuth();
-await maybeWarnStaleVersion("1.29.1").catch(() => {
+await maybeWarnStaleVersion("1.31.0").catch(() => {
 });
 runMain(main).catch((err) => {
   if (err instanceof CliExit) {
     process.exit(err.exitCode);
   }
   if (err instanceof CliError) {
-    consola52.error(err.message);
+    consola53.error(err.message);
     process.exit(err.exitCode);
   }
   if (debug) {
-    consola52.error(err);
+    consola53.error(err);
   } else {
-    consola52.error(err instanceof ApiError ? err.message : err instanceof Error ? err.message : String(err));
+    consola53.error(err instanceof ApiError ? err.message : err instanceof Error ? err.message : String(err));
   }
   process.exit(1);
 });