@openparachute/agent 0.1.0 → 0.1.2

package/src/session-manager.ts

@@ -207,6 +207,15 @@ export function writeSessionRouting(agentGroupId: string, sessionId: string): vo
  * ⚠ Opens and closes the DB on every call. Do not refactor to reuse a
  * long-lived connection — see the "Cross-mount visibility invariants" note
  * at the top of this file.
+ *
+ * Attachment-extraction (decode base64 → write file → swap in localPath) is
+ * gated on `inserted === true`. Duplicate dispatches (sender-approval replay,
+ * Telegram getUpdates retry, chat-sdk re-emit) carry the same `message.id`,
+ * so the second INSERT silently no-ops via ON CONFLICT (paraclaw#92 / #95).
+ * Doing the file write up-front meant a mutated replay would clobber the
+ * on-disk file under the original messages_in.id while the row stayed
+ * unchanged — divergent state with no audit trail. Reordering keeps disk
+ * state strictly downstream of the DB row commit (paraclaw#96).
  */
 export function writeSessionMessage(
   agentGroupId: string,
@@ -230,12 +239,12 @@ export function writeSessionMessage(
     trigger?: 0 | 1;
   },
 ): void {
-  // Extract base64 attachment data, save to inbox, replace with file paths
-  const content = extractAttachmentFiles(agentGroupId, sessionId, message.id, message.content);
-
   const db = openInboundDb(agentGroupId, sessionId);
   let inserted: boolean;
   try {
+    // INSERT first with the raw content (potentially carrying inline base64
+    // attachment data). On conflict the helper returns inserted:false and
+    // we exit before any filesystem work happens.
     ({ inserted } = insertMessage(db, {
       id: message.id,
       kind: message.kind,
@@ -243,11 +252,20 @@ export function writeSessionMessage(
       platformId: message.platformId ?? null,
       channelType: message.channelType ?? null,
       threadId: message.threadId ?? null,
-      content,
+      content: message.content,
       processAfter: message.processAfter ?? null,
       recurrence: message.recurrence ?? null,
       trigger: message.trigger ?? 1,
     }));
+
+    if (inserted) {
+      // Row committed — safe to write attachment files to inbox/ and rewrite
+      // the row's content with the localPath form the container reads.
+      const extractedContent = extractAttachmentFiles(agentGroupId, sessionId, message.id, message.content);
+      if (extractedContent !== message.content) {
+        db.prepare('UPDATE messages_in SET content = ? WHERE id = ?').run(extractedContent, message.id);
+      }
+    }
   } finally {
     db.close();
   }

package/src/types.ts

@@ -102,7 +102,10 @@ export interface UserDm {
 
 // DB vocabulary. See dbToApi* in src/web/routes/channels.ts for wire equivalents in web/ui/src/lib/api.ts.
 export type EngageMode = 'pattern' | 'mention' | 'mention-sticky';
-// DB vocabulary. See dbToApi* in src/web/routes/channels.ts for wire equivalents in web/ui/src/lib/api.ts.
+// DB vocabulary. The DB-side `'all'` means "no sender filter"; the wire side
+// uses `'allowlist' | 'unrestricted'` (paraclaw#94 — kept the two unions
+// literal-disjoint so a grep-refactor can't conflate them through the
+// translator).
 export type SenderScope = 'all' | 'known';
 // DB vocabulary. See dbToApi* in src/web/routes/channels.ts for wire equivalents in web/ui/src/lib/api.ts.
 export type IgnoredMessagePolicy = 'drop' | 'accumulate';

package/src/web/routes/channels-mga-detail.test.ts

@@ -115,7 +115,10 @@ function makeRes(): MockRes & http.ServerResponse {
 }
 
 function seedFullWire(
-  override: { mgaId?: string; engage?: Partial<Pick<MessagingGroupAgent, 'engage_mode' | 'engage_pattern'>> } = {},
+  override: {
+    mgaId?: string;
+    engage?: Partial<Pick<MessagingGroupAgent, 'engage_mode' | 'engage_pattern' | 'sender_scope'>>;
+  } = {},
 ): { mga: MessagingGroupAgent } {
   const ag = seedAgentGroup({ id: 'ag_routing', folder: 'routing', name: 'Routing agent' });
   const mg = seedMg({ id: 'mg_routing' });
@@ -125,6 +128,7 @@ function seedFullWire(
     agent_group_id: ag.id,
     engage_mode: override.engage?.engage_mode ?? 'mention',
     engage_pattern: override.engage?.engage_pattern ?? null,
+    sender_scope: override.engage?.sender_scope ?? 'all',
   });
   return { mga };
 }
@@ -154,7 +158,7 @@ describe('handleChannelsRoute — GET /api/channels/mga/:id', () => {
       platformId: 'telegram:111111:222222',
       engageMode: 'mention',
       engagePattern: null,
-      senderScope: 'all',
+      senderScope: 'unrestricted',
       ignoredMessagePolicy: 'drop',
       priority: 0,
     });
@@ -346,6 +350,49 @@ describe('handleChannelsRoute — PATCH /api/channels/mga/:id', () => {
     });
   });
 
+  it("round-trips senderScope='unrestricted' to DB sender_scope='all' and back (paraclaw#94)", async () => {
+    // The wire vocabulary used to share the literal 'all' with the DB side
+    // (DB: 'all'|'known'; wire: 'allowlist'|'all') — both meant "no filter"
+    // but a grep-refactor of one side would have silently broken the
+    // translator. Renamed wire-side 'all' → 'unrestricted' to keep the
+    // unions literal-disjoint. Pin the round-trip so a future contributor
+    // who collapses the two back to one literal sees this fail.
+    seedFullWire({ engage: { sender_scope: 'known' } });
+
+    const res = makeRes();
+    await handleChannelsRoute({
+      pathname: '/api/channels/mga/mga_routing',
+      method: 'PATCH',
+      req: makeReq({ senderScope: 'unrestricted' }),
+      res,
+    });
+
+    expect(res.statusCode).toBe(200);
+    const body = res.json() as { wire: { senderScope: string } };
+    expect(body.wire.senderScope).toBe('unrestricted');
+    expect(getMessagingGroupAgent('mga_routing')!.sender_scope).toBe('all');
+  });
+
+  it("rejects the legacy wire literal senderScope='all' with 400 (paraclaw#94)", async () => {
+    // Belt-and-suspenders for the rename above: even if a client still
+    // sends the old wire vocabulary by mistake, validatePatchInput must
+    // reject it rather than silently mapping into the DB's 'all'. This is
+    // also the test that fails loudly if someone re-introduces 'all' to
+    // VALID_SENDER_SCOPES alongside 'unrestricted'.
+    seedFullWire();
+
+    const res = makeRes();
+    await handleChannelsRoute({
+      pathname: '/api/channels/mga/mga_routing',
+      method: 'PATCH',
+      req: makeReq({ senderScope: 'all' }),
+      res,
+    });
+
+    expect(res.statusCode).toBe(400);
+    expect(res.json()).toMatchObject({ error: expect.stringMatching(/invalid senderScope: all/) });
+  });
+
   it('returns 404 when the wire does not exist', async () => {
     const res = makeRes();
     await handleChannelsRoute({

package/src/web/routes/channels.ts

@@ -1,28 +1,35 @@
 /**
  * /api/channels — channel-wire CRUD for the /channels page.
  *
- * A "channel wire" in the night/arch terminology = a row in the legacy
- * `messaging_group_agents` table joined with its messaging_groups +
- * agent_groups parents. We translate the storage shape (snake_case +
- * legacy enum names) to the camelCase API shape declared in
- * web/ui/src/lib/api.ts:ChannelWireView.
+ * The wire-shape <-> DB-shape translator now lives in
+ * `src/channels/api-translator.ts` (paraclaw#123) and is shared with the
+ * MCP `*-channel-wire` tools. See that module's docblock for the enum
+ * translation contract and the paraclaw#94/#122 motivation.
  *
- * Enum translation: night/arch's API contract uses `engageMode = mention |
- * pattern | all`, `senderScope = allowlist | all`, `ignoredMessagePolicy =
- * drop | silent`. The DB still stores the pre-rebuild values: engage_mode
- * = pattern | mention | mention-sticky (with engage_pattern='.' as the
- * sentinel for "match every message"), sender_scope = all | known,
- * ignored_message_policy = drop | accumulate. The translator collapses the
- * pattern + '.' sentinel into the API's `all` mode, lossy on the
- * mention-sticky distinction (rendered as `mention` to the UI). When the
- * DB schema migrates to the new shape, this translator becomes a no-op.
+ * This route file owns only the HTTP transport: routing, json/error
+ * helpers, the mg/:id messaging-group detail block, and the per-MGA join
+ * query. Validation + Db <-> Api translation come from the shared module.
  *
- * PATCH translates the inverse direction. DELETE is a straight pass-through
- * to deleteMessagingGroupAgent — the agent_destinations row created at wire
- * time is left in place; deleting destinations is a separate concern.
+ * DELETE is a straight pass-through to deleteMessagingGroupAgent — the
+ * agent_destinations row created at wire time is left in place; deleting
+ * destinations is a separate concern.
  */
 import http from 'node:http';
 
+import {
+  ALL_MESSAGES_PATTERN_SENTINEL,
+  type ApiEngageMode,
+  type ApiIgnoredMessagePolicy,
+  type ApiSenderScope,
+  apiToDbPatch,
+  type ChannelWireView,
+  dbToApiEngage,
+  dbToApiIgnoredPolicy,
+  dbToApiSenderScope,
+  rowToView,
+  validatePatchInput,
+  type WireJoinRow,
+} from '../../channels/api-translator.js';
 import { getAgentGroup } from '../../db/agent-groups.js';
 import { getDb } from '../../db/connection.js';
 import {
@@ -33,121 +40,7 @@ import {
   updateMessagingGroupAgent,
 } from '../../db/messaging-groups.js';
 import { log } from '../../log.js';
-import type {
-  EngageMode as DbEngageMode,
-  IgnoredMessagePolicy as DbIgnoredMessagePolicy,
-  MessagingGroup,
-  SenderScope as DbSenderScope,
-  MessagingGroupAgent,
-  UnknownSenderPolicy,
-} from '../../types.js';
-
-type ApiEngageMode = 'mention' | 'pattern' | 'all';
-type ApiSenderScope = 'allowlist' | 'all';
-type ApiIgnoredMessagePolicy = 'drop' | 'silent';
-
-interface ChannelWireView {
-  id: string;
-  channelType: string;
-  messagingGroupId: string;
-  platformId: string;
-  displayName: string | null;
-  agentGroupId: string;
-  agentGroupFolder: string;
-  agentGroupName: string;
-  engageMode: ApiEngageMode;
-  engagePattern: string | null;
-  senderScope: ApiSenderScope;
-  ignoredMessagePolicy: ApiIgnoredMessagePolicy;
-  priority: number;
-  createdAt: string;
-}
-
-const ALL_MESSAGES_PATTERN_SENTINEL = '.';
-
-function dbToApiEngage(mode: DbEngageMode, pattern: string | null): ApiEngageMode {
-  if (mode === 'pattern') {
-    return pattern === ALL_MESSAGES_PATTERN_SENTINEL ? 'all' : 'pattern';
-  }
-  // mention + mention-sticky both render as 'mention' on the UI today.
-  return 'mention';
-}
-
-function dbToApiSenderScope(s: DbSenderScope): ApiSenderScope {
-  return s === 'known' ? 'allowlist' : 'all';
-}
-
-function dbToApiIgnoredPolicy(p: DbIgnoredMessagePolicy): ApiIgnoredMessagePolicy {
-  return p === 'accumulate' ? 'silent' : 'drop';
-}
-
-interface PatchInput {
-  engageMode?: ApiEngageMode;
-  engagePattern?: string | null;
-  senderScope?: ApiSenderScope;
-  ignoredMessagePolicy?: ApiIgnoredMessagePolicy;
-  priority?: number;
-}
-
-interface DbPatch {
-  engage_mode?: DbEngageMode;
-  engage_pattern?: string | null;
-  sender_scope?: DbSenderScope;
-  ignored_message_policy?: DbIgnoredMessagePolicy;
-  priority?: number;
-}
-
-function apiToDbPatch(input: PatchInput, current: MessagingGroupAgent): DbPatch {
-  const out: DbPatch = {};
-
-  // engageMode is paired with engagePattern: 'all' encodes as
-  // mode='pattern' + pattern='.', which the router treats as match-every.
-  if (input.engageMode !== undefined) {
-    if (input.engageMode === 'all') {
-      out.engage_mode = 'pattern';
-      out.engage_pattern = ALL_MESSAGES_PATTERN_SENTINEL;
-    } else if (input.engageMode === 'pattern') {
-      out.engage_mode = 'pattern';
-      // Pattern body comes from input.engagePattern when present; otherwise
-      // preserve what's already on the row. validatePatchInput already
-      // rejects bare '.' here so the next read can't silently collapse to
-      // 'all'.
-      if (input.engagePattern !== undefined) {
-        out.engage_pattern = input.engagePattern;
-      }
-    } else if (input.engageMode === 'mention') {
-      // Preserve mention-sticky if that's what's currently on the row;
-      // collapsing it to plain mention here would silently change router
-      // behavior (sticky engagement persists across replies). The UI
-      // doesn't expose sticky → it sees `mention` for both, but a PATCH
-      // that doesn't touch the sticky distinction shouldn't lose it.
-      out.engage_mode = current.engage_mode === 'mention-sticky' ? 'mention-sticky' : 'mention';
-      out.engage_pattern = null;
-    }
-  } else if (input.engagePattern !== undefined) {
-    // pattern body changed without changing the mode.
-    out.engage_pattern = input.engagePattern;
-  }
-
-  if (input.senderScope !== undefined) {
-    out.sender_scope = input.senderScope === 'allowlist' ? 'known' : 'all';
-  }
-  if (input.ignoredMessagePolicy !== undefined) {
-    out.ignored_message_policy = input.ignoredMessagePolicy === 'silent' ? 'accumulate' : 'drop';
-  }
-  if (input.priority !== undefined) {
-    out.priority = input.priority;
-  }
-  return out;
-}
-
-interface WireJoinRow extends MessagingGroupAgent {
-  mg_channel_type: string;
-  mg_platform_id: string;
-  mg_name: string | null;
-  ag_folder: string;
-  ag_name: string;
-}
+import type { MessagingGroup, MessagingGroupAgent, UnknownSenderPolicy } from '../../types.js';
 
 function listAllWires(): ChannelWireView[] {
   const rows = getDb()
@@ -167,26 +60,6 @@ function listAllWires(): ChannelWireView[] {
   return rows.map(rowToView);
 }
 
-function rowToView(row: WireJoinRow): ChannelWireView {
-  return {
-    id: row.id,
-    channelType: row.mg_channel_type,
-    messagingGroupId: row.messaging_group_id,
-    platformId: row.mg_platform_id,
-    displayName: row.mg_name,
-    agentGroupId: row.agent_group_id,
-    agentGroupFolder: row.ag_folder,
-    agentGroupName: row.ag_name,
-    engageMode: dbToApiEngage(row.engage_mode, row.engage_pattern),
-    engagePattern:
-      row.engage_mode === 'pattern' && row.engage_pattern !== ALL_MESSAGES_PATTERN_SENTINEL ? row.engage_pattern : null,
-    senderScope: dbToApiSenderScope(row.sender_scope),
-    ignoredMessagePolicy: dbToApiIgnoredPolicy(row.ignored_message_policy),
-    priority: row.priority,
-    createdAt: row.created_at,
-  };
-}
-
 function getOneWireView(id: string): ChannelWireView | null {
   const mga = getMessagingGroupAgent(id);
   if (!mga) return null;
@@ -218,57 +91,6 @@ async function readJsonBody<T>(req: http.IncomingMessage): Promise<T> {
   return JSON.parse(Buffer.concat(chunks).toString('utf8')) as T;
 }
 
-const VALID_ENGAGE_MODES: ApiEngageMode[] = ['mention', 'pattern', 'all'];
-const VALID_SENDER_SCOPES: ApiSenderScope[] = ['allowlist', 'all'];
-const VALID_IGNORED_POLICIES: ApiIgnoredMessagePolicy[] = ['drop', 'silent'];
-
-function validatePatchInput(body: unknown): { ok: true; input: PatchInput } | { ok: false; reason: string } {
-  if (!body || typeof body !== 'object') return { ok: false, reason: 'body must be an object' };
-  const b = body as Record<string, unknown>;
-  const out: PatchInput = {};
-  if ('engageMode' in b) {
-    if (!VALID_ENGAGE_MODES.includes(b.engageMode as ApiEngageMode)) {
-      return { ok: false, reason: `invalid engageMode: ${String(b.engageMode)}` };
-    }
-    out.engageMode = b.engageMode as ApiEngageMode;
-  }
-  if ('engagePattern' in b) {
-    if (b.engagePattern !== null && typeof b.engagePattern !== 'string') {
-      return { ok: false, reason: 'engagePattern must be string or null' };
-    }
-    // Bare '.' is the wire-format sentinel for engageMode='all' — accepting
-    // it as a literal pattern would silently round-trip back as 'all' on the
-    // next read and lose the user's intent. Force the caller to disambiguate.
-    if (b.engagePattern === ALL_MESSAGES_PATTERN_SENTINEL) {
-      return {
-        ok: false,
-        reason:
-          "engagePattern '.' is reserved as the 'all' sentinel — use '\\\\.' (escaped) to match a literal dot, or set engageMode to 'all'",
-      };
-    }
-    out.engagePattern = b.engagePattern as string | null;
-  }
-  if ('senderScope' in b) {
-    if (!VALID_SENDER_SCOPES.includes(b.senderScope as ApiSenderScope)) {
-      return { ok: false, reason: `invalid senderScope: ${String(b.senderScope)}` };
-    }
-    out.senderScope = b.senderScope as ApiSenderScope;
-  }
-  if ('ignoredMessagePolicy' in b) {
-    if (!VALID_IGNORED_POLICIES.includes(b.ignoredMessagePolicy as ApiIgnoredMessagePolicy)) {
-      return { ok: false, reason: `invalid ignoredMessagePolicy: ${String(b.ignoredMessagePolicy)}` };
-    }
-    out.ignoredMessagePolicy = b.ignoredMessagePolicy as ApiIgnoredMessagePolicy;
-  }
-  if ('priority' in b) {
-    if (typeof b.priority !== 'number' || !Number.isFinite(b.priority)) {
-      return { ok: false, reason: 'priority must be a finite number' };
-    }
-    out.priority = b.priority;
-  }
-  return { ok: true, input: out };
-}
-
 // ─── /api/channels/mg/:id — per-MG detail + policy editor ──────────────
 //
 // Path is namespaced under `mg/` so it can't collide with `/api/channels/:mga-id`

package/src/web/routes/secrets.test.ts

@@ -19,7 +19,7 @@ import { getDb } from '../../db/connection.js';
 import { closeDb, initTestDb, runMigrations } from '../../db/index.js';
 import { _setMasterKeyForTest } from '../../secrets/master-key.js';
 import { addAssignment, putSecret } from '../../secrets/index.js';
-import { handleSecretsRoute } from './secrets.js';
+import { handleSecretsRoute, listInjectableSecretsForGroupView } from './secrets.js';
 
 beforeEach(() => {
   const db = initTestDb();
@@ -173,3 +173,48 @@ describe('GET /api/secrets/:id/stale-sessions', () => {
     expect(handled).toBe(false);
   });
 });
+
+describe('listInjectableSecretsForGroupView (paraclaw#104)', () => {
+  it('projects scoped/assigned/global rows into the wire shape', () => {
+    seedAgentGroup('group-x', 'all');
+    const scopedId = putSecret('SCOPED', 'v', { agent_group_id: 'group-x' });
+    const assignedId = putSecret('ASSIGNED', 'v');
+    addAssignment(assignedId, 'group-x');
+    const globalId = putSecret('GLOBAL', 'v');
+
+    const view = listInjectableSecretsForGroupView('group-x');
+    const byName = new Map(view.map((r) => [r.name, r]));
+
+    expect(byName.get('SCOPED')).toMatchObject({
+      id: scopedId,
+      name: 'SCOPED',
+      kind: 'generic',
+      agentGroupId: 'group-x',
+      scope: 'scoped',
+    });
+    expect(byName.get('ASSIGNED')).toMatchObject({
+      id: assignedId,
+      agentGroupId: null,
+      scope: 'assigned',
+    });
+    expect(byName.get('GLOBAL')).toMatchObject({
+      id: globalId,
+      agentGroupId: null,
+      scope: 'global',
+    });
+
+    // Wire shape is camelCase, never the snake_case DB row.
+    for (const row of view) {
+      expect(row).not.toHaveProperty('agent_group_id');
+      expect(row).not.toHaveProperty('value_encrypted');
+      expect(row).toHaveProperty('createdAt');
+      expect(row).toHaveProperty('updatedAt');
+    }
+  });
+
+  it('returns [] for a group whose secret_mode is selective with no assignments', () => {
+    seedAgentGroup('empty', 'selective');
+    putSecret('GLOBAL', 'v');
+    expect(listInjectableSecretsForGroupView('empty')).toEqual([]);
+  });
+});

package/src/web/routes/secrets.ts

@@ -14,6 +14,7 @@ import http from 'node:http';
 import { getAgentGroupSecretMode, getAgentGroupSecretModes, setAgentGroupSecretMode } from '../../db/agent-groups.js';
 import {
   type AssignedMode,
+  type InjectableSecretView,
   type SecretKind,
   type SecretRow,
   addAssignment,
@@ -21,6 +22,7 @@ import {
   findStaleSessionsForSecret,
   getSecretById,
   listAssignments,
+  listInjectableSecretsForGroup,
   listSecrets,
   putSecret,
   removeAssignment,
@@ -280,3 +282,36 @@ export async function handleSecretsRoute(ctx: SecretsRouteContext): Promise<bool
 
   return false;
 }
+
+/**
+ * Per-group projection of `resolveInjectableSecrets` — metadata only, never
+ * decrypts. Powers the "Secrets" panel on GroupDetail (paraclaw#104). The
+ * caller (server.ts group-route dispatch) has already authenticated the
+ * request as `agent:read` and resolved `folder` → group; we just receive the
+ * group id.
+ */
+export interface InjectableSecretViewWire {
+  id: string;
+  name: string;
+  kind: SecretKind;
+  agentGroupId: string | null;
+  scope: 'global' | 'scoped' | 'assigned';
+  createdAt: string;
+  updatedAt: string;
+}
+
+function toInjectableView(r: InjectableSecretView): InjectableSecretViewWire {
+  return {
+    id: r.id,
+    name: r.name,
+    kind: r.kind,
+    agentGroupId: r.agent_group_id,
+    scope: r.scope,
+    createdAt: r.created_at,
+    updatedAt: r.updated_at,
+  };
+}
+
+export function listInjectableSecretsForGroupView(agentGroupId: string): InjectableSecretViewWire[] {
+  return listInjectableSecretsForGroup(agentGroupId).map(toInjectableView);
+}

package/src/web/server.ts

@@ -29,7 +29,7 @@ import path from 'node:path';
 // pattern (see parachute-vault src/routing.ts).
 import pkg from '../../package.json' with { type: 'json' };
 
-import { CENTRAL_DB_PATH, DATA_DIR, GROUPS_DIR } from '../config.js';
+import { CENTRAL_DB_PATH, DATA_DIR, GROUPS_DIR, PROJECT_ROOT } from '../config.js';
 import { openDb, type Database } from '../db/connection.js';
 import {
   attachVaultToGroup,
@@ -63,7 +63,7 @@ import { handleApprovalsRoute } from './routes/approvals.js';
 import { handleChannelsRoute } from './routes/channels.js';
 import { handleActivityRoute } from './routes/activity.js';
 import { handleOauthProvidersRoute } from './routes/oauth-providers.js';
-import { handleSecretsRoute } from './routes/secrets.js';
+import { handleSecretsRoute, listInjectableSecretsForGroupView } from './routes/secrets.js';
 import { handleSessionsRoute } from './routes/sessions.js';
 import { handleSettingsRoute } from './routes/settings.js';
 import { handleAgentProviderRoute, handleGroupAgentProviderRoute } from './routes/agent-provider.js';
@@ -81,7 +81,6 @@ import { getSecret, putSecret } from '../secrets/index.js';
 import { channelTokenSecretName } from '../startup-bootstrap.js';
 import { readEnvWithLegacy } from '../env.js';
 
-const PROJECT_ROOT = process.cwd();
 const UI_DIST = path.resolve(PROJECT_ROOT, 'web/ui/dist');
 // Canonical Parachute slot per parachute-patterns/patterns/canonical-ports.md
 // (1944, claimed for parachute-agent 2026-04-27 via parachute-hub#…). Override
@@ -105,6 +104,11 @@ interface AgentGroupRow {
   name: string;
   folder: string;
   agent_provider: string | null;
+  // Per-group injection policy for secrets — the GroupDetail "Secrets" panel
+  // (paraclaw#104) renders this so an empty list under `selective` reads as
+  // "by design" rather than "broken". Already a column on agent_groups
+  // (migration 023); just surface it on the wire.
+  secret_mode: 'all' | 'selective';
   created_at: string;
 }
 
@@ -126,7 +130,9 @@ function listAgentGroups(): AgentGroupView[] {
   const db = getReadonlyDb();
   try {
     const rows = db
-      .prepare('SELECT id, name, folder, agent_provider, created_at FROM agent_groups ORDER BY created_at DESC')
+      .prepare(
+        'SELECT id, name, folder, agent_provider, secret_mode, created_at FROM agent_groups ORDER BY created_at DESC',
+      )
       .all() as AgentGroupRow[];
     return rows.map((r) => ({
       ...r,
@@ -142,7 +148,7 @@ function getAgentGroup(folder: string): AgentGroupView | null {
   const db = getReadonlyDb();
   try {
     const row = db
-      .prepare('SELECT id, name, folder, agent_provider, created_at FROM agent_groups WHERE folder = ?')
+      .prepare('SELECT id, name, folder, agent_provider, secret_mode, created_at FROM agent_groups WHERE folder = ?')
       .get(folder) as AgentGroupRow | undefined;
     if (!row) return null;
     return {
@@ -608,16 +614,14 @@ async function handleApi(
     const folder = decodeURIComponent(groupRoute[1]);
     const sub = groupRoute[2] ?? '';
 
-    // Reads at the group root + the agent-provider subroute go through
-    // agent:read; writes default to agent:write; agent-provider writes
-    // (paraclaw#86) bump to agent:admin since they store API keys.
+    // Reads at the group root + the agent-provider subroute + the
+    // injectable-secrets panel (paraclaw#104) go through agent:read; writes
+    // default to agent:write; agent-provider writes (paraclaw#86) bump to
+    // agent:admin since they store API keys.
     const isAgentProviderSub = sub === '/agent-provider';
+    const isReadSub = sub === '' || isAgentProviderSub || sub === '/secrets';
     const requiredScope: AgentScope =
-      method === 'GET' && (sub === '' || isAgentProviderSub)
-        ? SCOPE_AGENT_READ
-        : isAgentProviderSub
-          ? SCOPE_AGENT_ADMIN
-          : SCOPE_AGENT_WRITE;
+      method === 'GET' && isReadSub ? SCOPE_AGENT_READ : isAgentProviderSub ? SCOPE_AGENT_ADMIN : SCOPE_AGENT_WRITE;
     // Authenticate once; capture sub so the agent-provider sub-route's
     // audit log doesn't have to re-decode the JWT.
     const auth = await authenticate(req.headers.authorization, requiredScope);
@@ -890,6 +894,19 @@ async function handleApi(
       return;
     }
 
+    // Read-only mirror of resolveInjectableSecrets() for the GroupDetail
+    // "Secrets" panel — what env vars this group will see at next session
+    // spawn, with scope badges (paraclaw#104). Metadata only; values stay
+    // encrypted at rest and only decrypt at container spawn time.
+    if (sub === '/secrets' && method === 'GET') {
+      try {
+        json(res, 200, { secrets: listInjectableSecretsForGroupView(group.id) });
+      } catch (err) {
+        error(res, 500, err instanceof Error ? err.message : String(err));
+      }
+      return;
+    }
+
     error(res, 405, `method not allowed: ${method} ${pathname}`);
     return;
   }
@@ -991,6 +1008,10 @@ export function startWebServer(): http.Server {
         version: SERVICE_VERSION,
         displayName: 'Parachute Agent',
         tagline: 'Manage your Parachute agent groups + vault attachments.',
+        // Lets hub resolve `parachute restart agent` back to the checkout
+        // it should drive without a vendored fallback (paraclaw#115,
+        // third-party-module hook from parachute-hub#84).
+        installDir: PROJECT_ROOT,
       });
     } catch (err) {
       log.warn('Skipped services manifest update', {