npm - @openparachute/agent - Versions diffs - 0.1.0 - Mend

@openparachute/agent 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (501) hide show

package/.claude/scheduled_tasks.lock +1 -0
package/.claude/settings.json +5 -0
package/.claude/skills/add-atomic-chat-tool/SKILL.md +243 -0
package/.claude/skills/add-atomic-chat-tool/atomic-chat-mcp-stdio.ts +229 -0
package/.claude/skills/add-codex/SKILL.md +161 -0
package/.claude/skills/add-dashboard/SKILL.md +138 -0
package/.claude/skills/add-dashboard/resources/dashboard-pusher.ts +495 -0
package/.claude/skills/add-emacs/SKILL.md +296 -0
package/.claude/skills/add-gcal-tool/SKILL.md +210 -0
package/.claude/skills/add-gchat/REMOVE.md +6 -0
package/.claude/skills/add-gchat/SKILL.md +92 -0
package/.claude/skills/add-gchat/VERIFY.md +3 -0
package/.claude/skills/add-github/REMOVE.md +6 -0
package/.claude/skills/add-github/SKILL.md +148 -0
package/.claude/skills/add-github/VERIFY.md +3 -0
package/.claude/skills/add-gmail-tool/SKILL.md +229 -0
package/.claude/skills/add-imessage/REMOVE.md +6 -0
package/.claude/skills/add-imessage/SKILL.md +113 -0
package/.claude/skills/add-imessage/VERIFY.md +3 -0
package/.claude/skills/add-karpathy-llm-wiki/SKILL.md +110 -0
package/.claude/skills/add-karpathy-llm-wiki/llm-wiki.md +75 -0
package/.claude/skills/add-linear/REMOVE.md +6 -0
package/.claude/skills/add-linear/SKILL.md +168 -0
package/.claude/skills/add-linear/VERIFY.md +3 -0
package/.claude/skills/add-macos-statusbar/SKILL.md +133 -0
package/.claude/skills/add-macos-statusbar/add/src/statusbar.swift +147 -0
package/.claude/skills/add-matrix/REMOVE.md +6 -0
package/.claude/skills/add-matrix/SKILL.md +148 -0
package/.claude/skills/add-matrix/VERIFY.md +3 -0
package/.claude/skills/add-ollama-provider/SKILL.md +179 -0
package/.claude/skills/add-ollama-tool/SKILL.md +193 -0
package/.claude/skills/add-opencode/SKILL.md +229 -0
package/.claude/skills/add-parallel/SKILL.md +290 -0
package/.claude/skills/add-resend/REMOVE.md +6 -0
package/.claude/skills/add-resend/SKILL.md +93 -0
package/.claude/skills/add-resend/VERIFY.md +3 -0
package/.claude/skills/add-signal/REMOVE.md +13 -0
package/.claude/skills/add-signal/SKILL.md +318 -0
package/.claude/skills/add-signal/VERIFY.md +5 -0
package/.claude/skills/add-slack/REMOVE.md +6 -0
package/.claude/skills/add-slack/SKILL.md +112 -0
package/.claude/skills/add-slack/VERIFY.md +3 -0
package/.claude/skills/add-teams/REMOVE.md +6 -0
package/.claude/skills/add-teams/SKILL.md +207 -0
package/.claude/skills/add-teams/VERIFY.md +3 -0
package/.claude/skills/add-vercel/SKILL.md +147 -0
package/.claude/skills/add-vercel/container-skills/vercel-cli/SKILL.md +103 -0
package/.claude/skills/add-webex/REMOVE.md +6 -0
package/.claude/skills/add-webex/SKILL.md +88 -0
package/.claude/skills/add-webex/VERIFY.md +3 -0
package/.claude/skills/add-wechat/REMOVE.md +49 -0
package/.claude/skills/add-wechat/SKILL.md +170 -0
package/.claude/skills/add-wechat/scripts/wire-dm.ts +172 -0
package/.claude/skills/add-whatsapp/SKILL.md +264 -0
package/.claude/skills/add-whatsapp-cloud/REMOVE.md +6 -0
package/.claude/skills/add-whatsapp-cloud/SKILL.md +95 -0
package/.claude/skills/add-whatsapp-cloud/VERIFY.md +3 -0
package/.claude/skills/claw/SKILL.md +131 -0
package/.claude/skills/claw/scripts/claw +374 -0
package/.claude/skills/convert-to-apple-container/SKILL.md +212 -0
package/.claude/skills/customize/SKILL.md +110 -0
package/.claude/skills/debug/SKILL.md +349 -0
package/.claude/skills/get-qodo-rules/SKILL.md +122 -0
package/.claude/skills/get-qodo-rules/references/output-format.md +41 -0
package/.claude/skills/get-qodo-rules/references/pagination.md +33 -0
package/.claude/skills/get-qodo-rules/references/repository-scope.md +26 -0
package/.claude/skills/init-first-agent/SKILL.md +120 -0
package/.claude/skills/init-onecli/SKILL.md +270 -0
package/.claude/skills/manage-channels/SKILL.md +87 -0
package/.claude/skills/manage-mounts/SKILL.md +47 -0
package/.claude/skills/migrate-from-openclaw/MIGRATE_CRONS.md +100 -0
package/.claude/skills/migrate-from-openclaw/SKILL.md +447 -0
package/.claude/skills/migrate-from-openclaw/scripts/discover-openclaw.ts +734 -0
package/.claude/skills/migrate-from-openclaw/scripts/extract-channel-credentials.ts +476 -0
package/.claude/skills/migrate-nanoclaw/SKILL.md +484 -0
package/.claude/skills/migrate-nanoclaw/diagnostics.md +51 -0
package/.claude/skills/qodo-pr-resolver/SKILL.md +326 -0
package/.claude/skills/qodo-pr-resolver/resources/providers.md +329 -0
package/.claude/skills/update-nanoclaw/SKILL.md +243 -0
package/.claude/skills/update-nanoclaw/diagnostics.md +48 -0
package/.claude/skills/update-skills/SKILL.md +130 -0
package/.claude/skills/use-native-credential-proxy/SKILL.md +167 -0
package/.claude/skills/x-integration/SKILL.md +417 -0
package/.claude/skills/x-integration/agent.ts +243 -0
package/.claude/skills/x-integration/host.ts +155 -0
package/.claude/skills/x-integration/lib/browser.ts +148 -0
package/.claude/skills/x-integration/lib/config.ts +62 -0
package/.claude/skills/x-integration/scripts/like.ts +56 -0
package/.claude/skills/x-integration/scripts/post.ts +66 -0
package/.claude/skills/x-integration/scripts/quote.ts +80 -0
package/.claude/skills/x-integration/scripts/reply.ts +74 -0
package/.claude/skills/x-integration/scripts/retweet.ts +62 -0
package/.claude/skills/x-integration/scripts/setup.ts +87 -0
package/.github/CODEOWNERS +10 -0
package/.github/PULL_REQUEST_TEMPLATE.md +18 -0
package/.github/workflows/bump-version.yml +35 -0
package/.github/workflows/ci.yml +39 -0
package/.github/workflows/label-pr.yml +40 -0
package/.github/workflows/update-tokens.yml +43 -0
package/.husky/pre-commit +1 -0
package/.mcp.json +3 -0
package/.nvmrc +1 -0
package/.parachute/module.json +14 -0
package/.prettierrc +4 -0
package/CHANGELOG.md +215 -0
package/CLAUDE.md +307 -0
package/CODE_OF_CONDUCT.md +128 -0
package/CONTRIBUTING.md +159 -0
package/CONTRIBUTORS.md +26 -0
package/LICENSE +21 -0
package/README.md +190 -0
package/README_ja.md +194 -0
package/README_zh.md +194 -0
package/assets/nanoclaw-favicon.png +0 -0
package/assets/nanoclaw-icon.png +0 -0
package/assets/nanoclaw-logo-dark.png +0 -0
package/assets/nanoclaw-logo.png +0 -0
package/assets/nanoclaw-profile.jpeg +0 -0
package/assets/nanoclaw-sales.png +0 -0
package/assets/social-preview.jpg +0 -0
package/config-examples/mount-allowlist.json +25 -0
package/container/.dockerignore +2 -0
package/container/CLAUDE.md +21 -0
package/container/Dockerfile +121 -0
package/container/agent-runner/bun.lock +243 -0
package/container/agent-runner/package.json +22 -0
package/container/agent-runner/scripts/sdk-signal-probe.ts +169 -0
package/container/agent-runner/src/config.ts +55 -0
package/container/agent-runner/src/db/connection.ts +267 -0
package/container/agent-runner/src/db/index.ts +20 -0
package/container/agent-runner/src/db/messages-in.ts +138 -0
package/container/agent-runner/src/db/messages-out.ts +143 -0
package/container/agent-runner/src/db/session-routing.ts +30 -0
package/container/agent-runner/src/db/session-state.test.ts +100 -0
package/container/agent-runner/src/db/session-state.ts +79 -0
package/container/agent-runner/src/destinations.ts +135 -0
package/container/agent-runner/src/formatter.test.ts +167 -0
package/container/agent-runner/src/formatter.ts +260 -0
package/container/agent-runner/src/index.ts +110 -0
package/container/agent-runner/src/integration.test.ts +121 -0
package/container/agent-runner/src/mcp-tools/agents.instructions.md +26 -0
package/container/agent-runner/src/mcp-tools/agents.ts +66 -0
package/container/agent-runner/src/mcp-tools/core.instructions.md +27 -0
package/container/agent-runner/src/mcp-tools/core.ts +262 -0
package/container/agent-runner/src/mcp-tools/index.ts +22 -0
package/container/agent-runner/src/mcp-tools/interactive.instructions.md +22 -0
package/container/agent-runner/src/mcp-tools/interactive.ts +169 -0
package/container/agent-runner/src/mcp-tools/scheduling.instructions.md +40 -0
package/container/agent-runner/src/mcp-tools/scheduling.ts +299 -0
package/container/agent-runner/src/mcp-tools/self-mod.instructions.md +25 -0
package/container/agent-runner/src/mcp-tools/self-mod.ts +120 -0
package/container/agent-runner/src/mcp-tools/server.ts +54 -0
package/container/agent-runner/src/mcp-tools/types.ts +6 -0
package/container/agent-runner/src/poll-loop.test.ts +248 -0
package/container/agent-runner/src/poll-loop.ts +437 -0
package/container/agent-runner/src/providers/claude.ts +379 -0
package/container/agent-runner/src/providers/factory.test.ts +19 -0
package/container/agent-runner/src/providers/factory.ts +13 -0
package/container/agent-runner/src/providers/index.ts +6 -0
package/container/agent-runner/src/providers/mock.ts +77 -0
package/container/agent-runner/src/providers/provider-registry.ts +33 -0
package/container/agent-runner/src/providers/types.ts +82 -0
package/container/agent-runner/src/scheduling/task-script.ts +121 -0
package/container/agent-runner/src/timezone.test.ts +93 -0
package/container/agent-runner/src/timezone.ts +107 -0
package/container/agent-runner/tsconfig.json +14 -0
package/container/build.sh +48 -0
package/container/entrypoint.sh +16 -0
package/container/skills/agent-browser/SKILL.md +159 -0
package/container/skills/frontend-engineer/SKILL.md +157 -0
package/container/skills/self-customize/SKILL.md +87 -0
package/container/skills/slack-formatting/SKILL.md +94 -0
package/container/skills/vercel-cli/SKILL.md +111 -0
package/container/skills/welcome/SKILL.md +85 -0
package/docs/APPLE-CONTAINER-NETWORKING.md +90 -0
package/docs/BRANCH-FORK-MAINTENANCE.md +81 -0
package/docs/README.md +25 -0
package/docs/SDK_DEEP_DIVE.md +643 -0
package/docs/SECURITY.md +162 -0
package/docs/agent-runner-details.md +749 -0
package/docs/api-details.md +365 -0
package/docs/architecture-diagram.html +422 -0
package/docs/architecture-diagram.md +215 -0
package/docs/architecture.md +751 -0
package/docs/audit/2026-04-30-channel-endpoint-audit.md +36 -0
package/docs/build-and-runtime.md +80 -0
package/docs/cross-mount-stress/README.md +112 -0
package/docs/cross-mount-stress/container-writer-retry.mjs +55 -0
package/docs/cross-mount-stress/container-writer-slow.mjs +42 -0
package/docs/cross-mount-stress/container-writer.mjs +47 -0
package/docs/cross-mount-stress/host-writer-retry.mjs +55 -0
package/docs/cross-mount-stress/host-writer-slow.mjs +43 -0
package/docs/cross-mount-stress/host-writer.mjs +47 -0
package/docs/db-central.md +316 -0
package/docs/db-session.md +183 -0
package/docs/db.md +119 -0
package/docs/design/2026-04-29-vault-management-ui.md +231 -0
package/docs/design/2026-04-30-channel-wiring-rework.md +234 -0
package/docs/design/2026-05-01-channel-wiring-approvals-deep-dive.md +272 -0
package/docs/design/2026-05-02-channel-policy-and-approval-routing.md +250 -0
package/docs/docker-sandboxes.md +359 -0
package/docs/isolation-model.md +88 -0
package/docs/ollama.md +79 -0
package/docs/parachute-integration.md +109 -0
package/docs/post-night-rebirth-reflections.md +151 -0
package/eslint.config.js +32 -0
package/package.json +54 -0
package/pnpm-workspace.yaml +8 -0
package/repo-tokens/README.md +113 -0
package/repo-tokens/action.yml +186 -0
package/repo-tokens/badge.svg +23 -0
package/repo-tokens/examples/green.svg +14 -0
package/repo-tokens/examples/red.svg +14 -0
package/repo-tokens/examples/yellow-green.svg +14 -0
package/repo-tokens/examples/yellow.svg +14 -0
package/scripts/chat.ts +101 -0
package/scripts/cleanup-sessions.sh +150 -0
package/scripts/init-cli-agent.ts +171 -0
package/scripts/init-first-agent.ts +377 -0
package/scripts/parachute.ts +158 -0
package/scripts/run-migrations.ts +105 -0
package/scripts/sanity-live-poll.ts +95 -0
package/scripts/seed-discord.ts +79 -0
package/scripts/test-v2-agent.ts +106 -0
package/scripts/test-v2-channel-e2e.ts +265 -0
package/scripts/test-v2-host.ts +184 -0
package/src/channels/adapter.ts +214 -0
package/src/channels/ask-question.ts +46 -0
package/src/channels/channel-registry.test.ts +421 -0
package/src/channels/channel-registry.ts +313 -0
package/src/channels/chat-sdk-bridge.test.ts +84 -0
package/src/channels/chat-sdk-bridge.ts +652 -0
package/src/channels/cli.ts +276 -0
package/src/channels/discord.ts +90 -0
package/src/channels/index.ts +17 -0
package/src/channels/telegram-markdown-sanitize.test.ts +78 -0
package/src/channels/telegram-markdown-sanitize.ts +55 -0
package/src/channels/telegram-pairing.test.ts +254 -0
package/src/channels/telegram-pairing.ts +339 -0
package/src/channels/telegram.ts +279 -0
package/src/channels/trust-hint.test.ts +48 -0
package/src/channels/trust-hint.ts +75 -0
package/src/claude-md-compose.migrate.test.ts +64 -0
package/src/claude-md-compose.ts +205 -0
package/src/command-gate.ts +63 -0
package/src/config.test.ts +93 -0
package/src/config.ts +108 -0
package/src/container-config.ts +167 -0
package/src/container-runner.test.ts +32 -0
package/src/container-runner.ts +576 -0
package/src/container-runtime.test.ts +169 -0
package/src/container-runtime.ts +92 -0
package/src/db/_bun-sqlite-shim.ts +88 -0
package/src/db/agent-activity.test.ts +155 -0
package/src/db/agent-activity.ts +121 -0
package/src/db/agent-groups.ts +77 -0
package/src/db/connection.migrate.test.ts +143 -0
package/src/db/connection.ts +224 -0
package/src/db/db-v2.test.ts +440 -0
package/src/db/dropped-messages.ts +44 -0
package/src/db/index.ts +40 -0
package/src/db/messaging-groups.ts +252 -0
package/src/db/migrations/001-initial.ts +112 -0
package/src/db/migrations/002-chat-sdk-state.ts +36 -0
package/src/db/migrations/008-dropped-messages.ts +27 -0
package/src/db/migrations/009-drop-pending-credentials.ts +13 -0
package/src/db/migrations/010-engage-modes.ts +103 -0
package/src/db/migrations/011-pending-sender-approvals.ts +40 -0
package/src/db/migrations/012-channel-registration.ts +48 -0
package/src/db/migrations/013-approval-render-metadata.ts +27 -0
package/src/db/migrations/014-secrets.ts +44 -0
package/src/db/migrations/015-secrets-drop-host-pattern.ts +18 -0
package/src/db/migrations/016-secret-assignments.ts +30 -0
package/src/db/migrations/017-agent-activity.ts +40 -0
package/src/db/migrations/018-oauth-app-configs.ts +34 -0
package/src/db/migrations/019-oauth-app-connections.ts +48 -0
package/src/db/migrations/020-agent-app-connections.ts +28 -0
package/src/db/migrations/021-pending-oauth-states.ts +35 -0
package/src/db/migrations/022-app-connections-provider.ts +25 -0
package/src/db/migrations/023-agent-group-secret-mode.test.ts +124 -0
package/src/db/migrations/023-agent-group-secret-mode.ts +65 -0
package/src/db/migrations/024-collapse-approvals.test.ts +249 -0
package/src/db/migrations/024-collapse-approvals.ts +182 -0
package/src/db/migrations/025-secret-mode-check.test.ts +155 -0
package/src/db/migrations/025-secret-mode-check.ts +49 -0
package/src/db/migrations/026-user-dms-bot-id.test.ts +116 -0
package/src/db/migrations/026-user-dms-bot-id.ts +54 -0
package/src/db/migrations/027-provider-credentials.ts +41 -0
package/src/db/migrations/_test-helpers.ts +41 -0
package/src/db/migrations/index.ts +127 -0
package/src/db/migrations/module-agent-to-agent-destinations.ts +84 -0
package/src/db/migrations/module-approvals-pending-approvals.ts +42 -0
package/src/db/migrations/module-approvals-title-options.ts +40 -0
package/src/db/schema.ts +258 -0
package/src/db/session-db.test.ts +93 -0
package/src/db/session-db.ts +325 -0
package/src/db/sessions.ts +241 -0
package/src/delivery.test.ts +148 -0
package/src/delivery.ts +445 -0
package/src/env.ts +74 -0
package/src/group-folder.test.ts +35 -0
package/src/group-folder.ts +44 -0
package/src/group-init.ts +92 -0
package/src/host-core.test.ts +456 -0
package/src/host-sweep.test.ts +146 -0
package/src/host-sweep.ts +287 -0
package/src/index.ts +227 -0
package/src/install-slug.ts +33 -0
package/src/log.test.ts +81 -0
package/src/log.ts +117 -0
package/src/mcp/http.ts +72 -0
package/src/mcp/server.ts +92 -0
package/src/mcp/stdio.ts +51 -0
package/src/mcp/tools/activity.ts +88 -0
package/src/mcp/tools/agent-groups.ts +183 -0
package/src/mcp/tools/approvals.ts +122 -0
package/src/mcp/tools/channels.ts +199 -0
package/src/mcp/tools/index.ts +27 -0
package/src/mcp/tools/oauth.ts +48 -0
package/src/mcp/tools/secrets.ts +169 -0
package/src/mcp/tools/sessions.ts +135 -0
package/src/mcp/types.ts +51 -0
package/src/modules/agent-to-agent/agent-route.test.ts +46 -0
package/src/modules/agent-to-agent/agent-route.ts +223 -0
package/src/modules/agent-to-agent/create-agent.ts +127 -0
package/src/modules/agent-to-agent/db/agent-destinations.ts +135 -0
package/src/modules/agent-to-agent/index.ts +22 -0
package/src/modules/agent-to-agent/write-destinations.ts +59 -0
package/src/modules/approvals/agent.md +45 -0
package/src/modules/approvals/index.ts +21 -0
package/src/modules/approvals/picks.test.ts +291 -0
package/src/modules/approvals/primitive.ts +279 -0
package/src/modules/approvals/project.md +27 -0
package/src/modules/approvals/response-handler.ts +87 -0
package/src/modules/index.ts +24 -0
package/src/modules/interactive/agent.md +21 -0
package/src/modules/interactive/index.ts +69 -0
package/src/modules/interactive/project.md +12 -0
package/src/modules/mount-security/index.ts +448 -0
package/src/modules/mount-security/migrate.test.ts +91 -0
package/src/modules/permissions/access.ts +28 -0
package/src/modules/permissions/channel-approval.test.ts +389 -0
package/src/modules/permissions/channel-approval.ts +188 -0
package/src/modules/permissions/db/agent-group-members.ts +44 -0
package/src/modules/permissions/db/pending-channel-approvals.test.ts +86 -0
package/src/modules/permissions/db/pending-channel-approvals.ts +66 -0
package/src/modules/permissions/db/pending-sender-approvals.ts +60 -0
package/src/modules/permissions/db/user-dms.ts +58 -0
package/src/modules/permissions/db/user-roles.ts +85 -0
package/src/modules/permissions/db/users.ts +38 -0
package/src/modules/permissions/index.ts +421 -0
package/src/modules/permissions/permissions.test.ts +358 -0
package/src/modules/permissions/sender-approval.test.ts +470 -0
package/src/modules/permissions/sender-approval.ts +165 -0
package/src/modules/permissions/user-dm.ts +200 -0
package/src/modules/provider-credentials/db.ts +121 -0
package/src/modules/provider-credentials/index.ts +12 -0
package/src/modules/provider-credentials/spawn.test.ts +206 -0
package/src/modules/provider-credentials/spawn.ts +114 -0
package/src/modules/scheduling/actions.ts +113 -0
package/src/modules/scheduling/db.test.ts +282 -0
package/src/modules/scheduling/db.ts +148 -0
package/src/modules/scheduling/index.ts +34 -0
package/src/modules/scheduling/recurrence.test.ts +98 -0
package/src/modules/scheduling/recurrence.ts +54 -0
package/src/modules/self-mod/agent.md +30 -0
package/src/modules/self-mod/apply.ts +85 -0
package/src/modules/self-mod/index.ts +30 -0
package/src/modules/self-mod/project.md +39 -0
package/src/modules/self-mod/request.ts +91 -0
package/src/modules/typing/index.ts +165 -0
package/src/oauth/agent-app-connections.ts +103 -0
package/src/oauth/app-configs.test.ts +64 -0
package/src/oauth/app-configs.ts +114 -0
package/src/oauth/app-connections.test.ts +109 -0
package/src/oauth/app-connections.ts +178 -0
package/src/oauth/crypto.ts +56 -0
package/src/oauth/flow.ts +104 -0
package/src/oauth/providers/google.test.ts +38 -0
package/src/oauth/providers/google.ts +46 -0
package/src/oauth/providers/index.ts +48 -0
package/src/oauth/state-store.test.ts +54 -0
package/src/oauth/state-store.ts +93 -0
package/src/parachute/README.md +27 -0
package/src/parachute/create-agent.test.ts +83 -0
package/src/parachute/create-agent.ts +122 -0
package/src/parachute/group-status.test.ts +165 -0
package/src/parachute/group-status.ts +136 -0
package/src/parachute/types.ts +41 -0
package/src/parachute/vault-mcp.test.ts +251 -0
package/src/parachute/vault-mcp.ts +232 -0
package/src/platform-id.test.ts +104 -0
package/src/platform-id.ts +109 -0
package/src/providers/index.ts +6 -0
package/src/providers/provider-container-registry.ts +58 -0
package/src/response-registry.ts +45 -0
package/src/router.ts +530 -0
package/src/secrets/crypto.test.ts +45 -0
package/src/secrets/crypto.ts +55 -0
package/src/secrets/index.ts +355 -0
package/src/secrets/master-key.ts +70 -0
package/src/secrets/secrets.test.ts +354 -0
package/src/session-manager.migrate.test.ts +59 -0
package/src/session-manager.ts +433 -0
package/src/startup-bootstrap.test.ts +226 -0
package/src/startup-bootstrap.ts +207 -0
package/src/state-sqlite.ts +182 -0
package/src/timezone.test.ts +64 -0
package/src/timezone.ts +37 -0
package/src/types.ts +230 -0
package/src/web/auth.test.ts +335 -0
package/src/web/auth.ts +214 -0
package/src/web/discord-validate.test.ts +77 -0
package/src/web/discord-validate.ts +88 -0
package/src/web/hub-discovery.test.ts +98 -0
package/src/web/hub-discovery.ts +69 -0
package/src/web/routes/activity.ts +106 -0
package/src/web/routes/agent-provider.test.ts +282 -0
package/src/web/routes/agent-provider.ts +309 -0
package/src/web/routes/approvals.ts +185 -0
package/src/web/routes/apps.ts +434 -0
package/src/web/routes/channels-mg-detail.test.ts +324 -0
package/src/web/routes/channels-mga-detail.test.ts +425 -0
package/src/web/routes/channels.ts +489 -0
package/src/web/routes/oauth-providers.ts +42 -0
package/src/web/routes/secrets.test.ts +175 -0
package/src/web/routes/secrets.ts +282 -0
package/src/web/routes/sessions.ts +123 -0
package/src/web/routes/settings.test.ts +106 -0
package/src/web/routes/settings.ts +247 -0
package/src/web/routes/setup-status.ts +205 -0
package/src/web/routes/vaults.test.ts +389 -0
package/src/web/routes/vaults.ts +225 -0
package/src/web/server-version.test.ts +16 -0
package/src/web/server.ts +1003 -0
package/src/web/services-manifest.test.ts +120 -0
package/src/web/services-manifest.ts +61 -0
package/src/web/static-serve.test.ts +255 -0
package/src/web/static-serve.ts +104 -0
package/src/web/telegram-validate.test.ts +116 -0
package/src/web/telegram-validate.ts +107 -0
package/src/web/vault-proxy.test.ts +214 -0
package/src/web/vault-proxy.ts +120 -0
package/src/web/wire-channel.ts +181 -0
package/src/webhook-server.ts +134 -0
package/tsconfig.json +21 -0
package/vitest.config.ts +18 -0
package/web/README.md +63 -0
package/web/ui/index.html +13 -0
package/web/ui/package.json +35 -0
package/web/ui/pnpm-lock.yaml +2164 -0
package/web/ui/scripts/verify-base.mjs +31 -0
package/web/ui/src/App.tsx +88 -0
package/web/ui/src/components/ActivityFeed.tsx +444 -0
package/web/ui/src/components/AgentGroupPicker.tsx +263 -0
package/web/ui/src/components/AgentProviderCards.tsx +220 -0
package/web/ui/src/components/CredentialForm.tsx +214 -0
package/web/ui/src/components/ScopeGrants.tsx +74 -0
package/web/ui/src/components/StatusDot.tsx +43 -0
package/web/ui/src/components/VaultPicker.tsx +127 -0
package/web/ui/src/components/setup/AdapterInstallStep.tsx +178 -0
package/web/ui/src/components/setup/AgentGroupStep.tsx +43 -0
package/web/ui/src/components/setup/ChannelPickStep.tsx +74 -0
package/web/ui/src/components/setup/DoneStep.tsx +49 -0
package/web/ui/src/components/setup/PrereqStep.tsx +129 -0
package/web/ui/src/components/setup/TestConnectionStep.tsx +108 -0
package/web/ui/src/components/setup/TestMessageStep.tsx +104 -0
package/web/ui/src/components/setup/WireChannelStep.tsx +166 -0
package/web/ui/src/components/setup/types.ts +105 -0
package/web/ui/src/lib/api.test.ts +410 -0
package/web/ui/src/lib/api.ts +1210 -0
package/web/ui/src/lib/auth.test.ts +139 -0
package/web/ui/src/lib/auth.ts +348 -0
package/web/ui/src/lib/channel-adapters.ts +136 -0
package/web/ui/src/main.tsx +19 -0
package/web/ui/src/routes/ApprovalsList.tsx +294 -0
package/web/ui/src/routes/Apps.tsx +613 -0
package/web/ui/src/routes/ChannelWireDetail.test.tsx +233 -0
package/web/ui/src/routes/ChannelWireDetail.tsx +403 -0
package/web/ui/src/routes/ChannelsList.tsx +158 -0
package/web/ui/src/routes/GroupDetail.tsx +755 -0
package/web/ui/src/routes/GroupList.tsx +187 -0
package/web/ui/src/routes/MessagingGroupDetail.test.tsx +233 -0
package/web/ui/src/routes/MessagingGroupDetail.tsx +306 -0
package/web/ui/src/routes/NewGroupWizard.tsx +390 -0
package/web/ui/src/routes/OAuthCallback.tsx +56 -0
package/web/ui/src/routes/SecretsList.tsx +921 -0
package/web/ui/src/routes/SessionsList.tsx +220 -0
package/web/ui/src/routes/SettingsAgentProvider.tsx +109 -0
package/web/ui/src/routes/SettingsApprovals.tsx +234 -0
package/web/ui/src/routes/SetupWizard.tsx +219 -0
package/web/ui/src/routes/VaultDetail.test.tsx +361 -0
package/web/ui/src/routes/VaultDetail.tsx +960 -0
package/web/ui/src/routes/VaultsList.tsx +295 -0
package/web/ui/src/routes/WireChannelPage.tsx +413 -0
package/web/ui/src/styles.css +608 -0
package/web/ui/src/test/setup.ts +23 -0
package/web/ui/src/vite-env.d.ts +10 -0
package/web/ui/tsconfig.json +20 -0
package/web/ui/vite.config.ts +34 -0
package/web/ui/vitest.config.ts +25 -0

package/web/ui/src/routes/MessagingGroupDetail.tsx ADDED Viewed

@@ -0,0 +1,306 @@
+/**
+ * /channels/mg/:id — per-messaging-group detail + policy editor.
+ *
+ * What's here:
+ *   - read-only metadata (channel type, platform id, denial flag, created)
+ *   - the `unknownSenderPolicy` editor as a 3-radio toggle
+ *   - a read-only summary of wired agents (links to per-MGA detail land in PR3)
+ *
+ * The MG-id is a UUID generated server-side; the disambiguation prefix
+ * `mg/` keeps the route clean against future per-MGA routes (`mga/`)
+ * without needing a discriminator query param.
+ */
+import { useCallback, useEffect, useState } from 'react';
+import { Link, useParams } from 'react-router-dom';
+import {
+  getMessagingGroupDetail,
+  HttpError,
+  updateMessagingGroupPolicy,
+  type MessagingGroupDetailView,
+  type UnknownSenderPolicy,
+} from '../lib/api.ts';
+type State =
+  | { kind: 'loading' }
+  | { kind: 'ok'; mg: MessagingGroupDetailView }
+  | { kind: 'error'; status: number | null; message: string };
+interface PolicyChoice {
+  value: UnknownSenderPolicy;
+  label: string;
+  blurb: string;
+}
+const POLICY_CHOICES: PolicyChoice[] = [
+  {
+    value: 'request_approval',
+    label: 'Request approval',
+    blurb: 'Pause the message and DM you an approve / reject card. Default for newly auto-created channels.',
+  },
+  {
+    value: 'strict',
+    label: 'Strict',
+    blurb: 'Drop messages from unknown senders silently. Use when the channel should only see vetted traffic.',
+  },
+  {
+    value: 'public',
+    label: 'Public',
+    blurb:
+      'Admit every sender and route normally. Use for channels you trust by ambient context (private servers, allowlisted chats).',
+  },
+];
+export function MessagingGroupDetail() {
+  const { id: rawId } = useParams<{ id: string }>();
+  const id = rawId ?? '';
+  const [state, setState] = useState<State>({ kind: 'loading' });
+  const [reloadKey, setReloadKey] = useState(0);
+  const [savingPolicy, setSavingPolicy] = useState<UnknownSenderPolicy | null>(null);
+  const [saveError, setSaveError] = useState<string | null>(null);
+  const reload = useCallback(() => setReloadKey((k) => k + 1), []);
+  useEffect(() => {
+    if (!id) {
+      setState({ kind: 'error', status: null, message: 'no messaging group id in URL' });
+      return;
+    }
+    let cancelled = false;
+    getMessagingGroupDetail(id)
+      .then((mg) => !cancelled && setState({ kind: 'ok', mg }))
+      .catch((err) => {
+        if (cancelled) return;
+        const status = err instanceof HttpError ? err.status : null;
+        setState({
+          kind: 'error',
+          status,
+          message: err instanceof Error ? err.message : String(err),
+        });
+      });
+    return () => {
+      cancelled = true;
+    };
+  }, [id, reloadKey]);
+  const onPick = async (next: UnknownSenderPolicy) => {
+    if (state.kind !== 'ok') return;
+    if (next === state.mg.unknownSenderPolicy) return;
+    setSavingPolicy(next);
+    setSaveError(null);
+    try {
+      const updated = await updateMessagingGroupPolicy(id, next);
+      setState({ kind: 'ok', mg: updated });
+    } catch (err) {
+      setSaveError(err instanceof Error ? err.message : String(err));
+    } finally {
+      setSavingPolicy(null);
+    }
+  };
+  if (state.kind === 'loading') {
+    return (
+      <div>
+        <h2>Channel</h2>
+        <ul className="skeleton-list" aria-busy="true">
+          <li className="skeleton skeleton-row" />
+          <li className="skeleton skeleton-row" />
+        </ul>
+      </div>
+    );
+  }
+  if (state.kind === 'error') {
+    return (
+      <div>
+        <h2>Channel</h2>
+        <div className="error-banner">
+          {state.status === 404 ? (
+            <>
+              No channel with id <code>{id}</code> — it may have been removed.
+            </>
+          ) : (
+            <>
+              Couldn't load this channel: <code>{state.message}</code>
+            </>
+          )}
+        </div>
+        <div className="actions" style={{ marginTop: '1rem' }}>
+          <Link to="/channels">
+            <button className="secondary">Back to channels</button>
+          </Link>
+          {state.status !== 404 && <button onClick={reload}>Retry</button>}
+        </div>
+      </div>
+    );
+  }
+  const { mg } = state;
+  return (
+    <div>
+      <div className="list-header">
+        <h2 style={{ display: 'flex', alignItems: 'center', gap: '0.5rem', flexWrap: 'wrap' }}>
+          <Link to="/channels" className="muted" style={{ textDecoration: 'none' }}>
+            Channels
+          </Link>
+          <span className="dim">/</span>
+          <span style={{ textTransform: 'capitalize' }}>{mg.channelType}</span>
+          {mg.displayName && <span className="dim">· {mg.displayName}</span>}
+        </h2>
+      </div>
+      {mg.deniedAt && (
+        <div
+          className="banner"
+          style={{
+            background: 'var(--warn-bg, #fff7e0)',
+            border: '1px solid var(--warn, #c08a00)',
+            borderRadius: '8px',
+            padding: '0.75rem 1rem',
+            marginBottom: '1rem',
+          }}
+        >
+          <strong>Denied channel.</strong> The owner explicitly blocked this messaging group at{' '}
+          <code>{mg.deniedAt}</code>. The router drops messages here before any wiring or policy below applies — undeny
+          from the central admin surface to restore routing.
+        </div>
+      )}
+      <section
+        style={{
+          background: 'white',
+          border: '1px solid var(--border)',
+          borderRadius: '8px',
+          padding: '1rem 1.25rem',
+          marginBottom: '1rem',
+        }}
+      >
+        <h3 style={{ marginTop: 0 }}>Group details</h3>
+        <div className="kv">
+          <div>id</div>
+          <div>
+            <code>{mg.id}</code>
+          </div>
+          <div>channel</div>
+          <div style={{ textTransform: 'capitalize' }}>{mg.channelType}</div>
+          <div>platform id</div>
+          <div>
+            <code>{mg.platformId}</code>
+          </div>
+          <div>kind</div>
+          <div>{mg.isGroup ? 'group / channel' : 'direct message'}</div>
+          <div>name</div>
+          <div>{mg.displayName ?? <span className="dim">(unset)</span>}</div>
+          <div>created</div>
+          <div>
+            <code>{mg.createdAt}</code>
+          </div>
+        </div>
+      </section>
+      <section
+        style={{
+          background: 'white',
+          border: '1px solid var(--border)',
+          borderRadius: '8px',
+          padding: '1rem 1.25rem',
+          marginBottom: '1rem',
+        }}
+      >
+        <h3 style={{ marginTop: 0 }}>Unknown-sender policy</h3>
+        <p className="muted">
+          What should happen when a sender the messaging group hasn't seen before posts a message?
+        </p>
+        <div role="radiogroup" aria-label="Unknown-sender policy">
+          {POLICY_CHOICES.map((choice) => {
+            const selected = mg.unknownSenderPolicy === choice.value;
+            const saving = savingPolicy === choice.value;
+            return (
+              <label
+                key={choice.value}
+                style={{
+                  display: 'block',
+                  padding: '0.6rem 0.75rem',
+                  borderRadius: '6px',
+                  background: selected ? 'var(--accent-bg, #eef4ff)' : 'transparent',
+                  border: selected ? '1px solid var(--accent, #5076ff)' : '1px solid transparent',
+                  cursor: savingPolicy === null ? 'pointer' : 'progress',
+                  marginBottom: '0.4rem',
+                }}
+              >
+                <input
+                  type="radio"
+                  name="unknownSenderPolicy"
+                  value={choice.value}
+                  checked={selected}
+                  disabled={savingPolicy !== null}
+                  onChange={() => onPick(choice.value)}
+                />{' '}
+                <strong>{choice.label}</strong>
+                {saving && <span className="dim"> · saving…</span>}
+                <p className="muted" style={{ margin: '0.25rem 0 0 1.6rem' }}>
+                  {choice.blurb}
+                </p>
+              </label>
+            );
+          })}
+        </div>
+        {saveError && (
+          <div className="error-banner" style={{ marginTop: '0.5rem' }}>
+            Couldn't save: <code>{saveError}</code>
+          </div>
+        )}
+      </section>
+      <section
+        style={{
+          background: 'white',
+          border: '1px solid var(--border)',
+          borderRadius: '8px',
+          padding: '1rem 1.25rem',
+        }}
+      >
+        <h3 style={{ marginTop: 0 }}>Wired agents ({mg.wiredAgents.length})</h3>
+        {mg.wiredAgents.length === 0 ? (
+          <p className="muted" style={{ margin: 0 }}>
+            No agents wired to this group yet. Wire one from <Link to="/channels/new">Channels → New</Link>.
+          </p>
+        ) : (
+          <ul style={{ listStyle: 'none', padding: 0, margin: 0 }}>
+            {mg.wiredAgents.map((wa) => (
+              <li
+                key={wa.messagingGroupAgentId}
+                style={{
+                  borderTop: '1px solid var(--border)',
+                  padding: '0.6rem 0',
+                  display: 'flex',
+                  alignItems: 'center',
+                  gap: '0.5rem',
+                  flexWrap: 'wrap',
+                }}
+              >
+                <Link to={`/groups/${encodeURIComponent(wa.agentGroupFolder)}`}>{wa.agentGroupName}</Link>
+                <span className="tag muted">priority {wa.priority}</span>
+                <span className="dim">
+                  engage <code>{wa.engageMode}</code>
+                  {wa.engagePattern && (
+                    <>
+                      {' '}
+                      · pattern <code>{wa.engagePattern}</code>
+                    </>
+                  )}{' '}
+                  · senders <code>{wa.senderScope}</code> · ignored <code>{wa.ignoredMessagePolicy}</code>
+                </span>
+                <Link
+                  to={`/channels/mga/${encodeURIComponent(wa.messagingGroupAgentId)}`}
+                  style={{ marginLeft: 'auto' }}
+                >
+                  Routing rules →
+                </Link>
+              </li>
+            ))}
+          </ul>
+        )}
+      </section>
+    </div>
+  );
+}

package/web/ui/src/routes/NewGroupWizard.tsx ADDED Viewed

@@ -0,0 +1,390 @@
+import { useCallback, useEffect, useRef, useState } from 'react';
+import { Link, useNavigate } from 'react-router-dom';
+import { ScopeGrants, SCOPE_OPTIONS } from '../components/ScopeGrants.tsx';
+import { VaultPicker } from '../components/VaultPicker.tsx';
+import {
+  checkFolderAvailability,
+  createGroup,
+  fetchFolderSuggestion,
+  type FolderAvailability,
+  type VaultScope,
+} from '../lib/api.ts';
+type Step = 'identity' | 'vault' | 'confirm';
+export function NewGroupWizard() {
+  const navigate = useNavigate();
+  const [step, setStep] = useState<Step>('identity');
+  // Identity.
+  const [name, setName] = useState('');
+  const [folder, setFolder] = useState('');
+  const [folderTouched, setFolderTouched] = useState(false);
+  const [instructions, setInstructions] = useState('');
+  const [folderCheck, setFolderCheck] = useState<FolderAvailability | null>(null);
+  const [folderChecking, setFolderChecking] = useState(false);
+  // Vault.
+  const [attachVault, setAttachVault] = useState(false);
+  const [scope, setScope] = useState<VaultScope>('vault:read');
+  // Empty initial value — VaultPicker fills it in with the first registered
+  // vault's URL once /api/vaults resolves, or surfaces a free-text input
+  // when discovery is empty / errors.
+  const [vaultBaseUrl, setVaultBaseUrl] = useState('');
+  const [pickedVaultName, setPickedVaultName] = useState<string | null>(null);
+  const [pasteToken, setPasteToken] = useState('');
+  const [tokenLabel, setTokenLabel] = useState('');
+  // Submit.
+  const [submitting, setSubmitting] = useState(false);
+  const [submitError, setSubmitError] = useState<string | null>(null);
+  // Suggest a folder slug from the name when the user hasn't typed one.
+  useEffect(() => {
+    if (folderTouched) return;
+    const trimmed = name.trim();
+    if (!trimmed) {
+      setFolder('');
+      return;
+    }
+    let cancelled = false;
+    fetchFolderSuggestion(trimmed)
+      .then((slug) => {
+        if (!cancelled && !folderTouched) setFolder(slug);
+      })
+      .catch(() => {
+        // Suggestion failure is non-fatal; user can type their own.
+      });
+    return () => {
+      cancelled = true;
+    };
+  }, [name, folderTouched]);
+  // Debounce folder availability check.
+  const folderCheckTimer = useRef<ReturnType<typeof setTimeout> | null>(null);
+  useEffect(() => {
+    if (!folder) {
+      setFolderCheck(null);
+      return;
+    }
+    if (folderCheckTimer.current) clearTimeout(folderCheckTimer.current);
+    setFolderChecking(true);
+    folderCheckTimer.current = setTimeout(async () => {
+      try {
+        const result = await checkFolderAvailability(folder);
+        setFolderCheck(result);
+      } catch (err) {
+        setFolderCheck({
+          slug: folder,
+          valid: false,
+          available: false,
+          reason: err instanceof Error ? err.message : String(err),
+        });
+      } finally {
+        setFolderChecking(false);
+      }
+    }, 250);
+    return () => {
+      if (folderCheckTimer.current) clearTimeout(folderCheckTimer.current);
+    };
+  }, [folder]);
+  const identityReady =
+    name.trim().length > 0 && folder.length > 0 && folderCheck?.valid === true && folderCheck?.available === true;
+  const onFolderChange = useCallback((next: string) => {
+    setFolderTouched(true);
+    setFolder(next);
+  }, []);
+  const onCreate = async () => {
+    setSubmitting(true);
+    setSubmitError(null);
+    try {
+      const result = await createGroup(
+        {
+          name: name.trim(),
+          folder,
+          instructions: instructions.trim() || undefined,
+          vault: attachVault
+            ? {
+                scope,
+                vaultBaseUrl: vaultBaseUrl.trim().replace(/\/+$/, ''),
+                tokenLabel: tokenLabel.trim() || undefined,
+                token: pasteToken.trim() || undefined,
+              }
+            : undefined,
+        },
+        {
+          // Same scope-threading as GroupDetail's attach: the create handler
+          // forwards our JWT to the vault for the implicit-mint, and a 403
+          // without this hint would loop on re-auth (paraclaw#56).
+          authExtraScopes:
+            attachVault && pickedVaultName ? [`vault:${pickedVaultName}:admin`] : undefined,
+        },
+      );
+      navigate(`/groups/${encodeURIComponent(result.group.folder)}`);
+    } catch (err) {
+      setSubmitError(err instanceof Error ? err.message : String(err));
+    } finally {
+      setSubmitting(false);
+    }
+  };
+  return (
+    <div>
+      <Link to="/" className="muted">
+        ← All groups
+      </Link>
+      <h2 style={{ marginTop: '0.5rem' }}>New agent group</h2>
+      <WizardSteps current={step} />
+      {step === 'identity' && (
+        <div className="section">
+          <h3>Identity</h3>
+          <form
+            onSubmit={(e) => {
+              e.preventDefault();
+              if (identityReady) setStep('vault');
+            }}
+          >
+            <div className="row">
+              <label htmlFor="name">Name</label>
+              <input
+                id="name"
+                type="text"
+                value={name}
+                onChange={(e) => setName(e.target.value)}
+                placeholder="e.g. Forge"
+                autoFocus
+              />
+              <p className="dim">The display name. Folder slug is derived from this — you can override below.</p>
+            </div>
+            <div className="row">
+              <label htmlFor="folder">Folder slug</label>
+              <input
+                id="folder"
+                type="text"
+                value={folder}
+                onChange={(e) => onFolderChange(e.target.value)}
+                placeholder="e.g. forge"
+              />
+              <FolderHint folder={folder} checking={folderChecking} check={folderCheck} />
+            </div>
+            <div className="row">
+              <label htmlFor="instructions">Instructions (optional)</label>
+              <textarea
+                id="instructions"
+                value={instructions}
+                onChange={(e) => setInstructions(e.target.value)}
+                placeholder="Goes into CLAUDE.local.md. Leave blank for the default."
+              />
+              <p className="dim">What the agent should know about itself. Empty = the standard scaffold.</p>
+            </div>
+            <div className="actions">
+              <button type="submit" disabled={!identityReady}>
+                Next: vault
+              </button>
+              <Link to="/" className="muted" style={{ marginLeft: '0.5rem' }}>
+                Cancel
+              </Link>
+            </div>
+          </form>
+        </div>
+      )}
+      {step === 'vault' && (
+        <div className="section">
+          <h3>Vault attachment</h3>
+          <p className="muted">
+            Attach {pickedVaultName ? <code>{pickedVaultName}</code> : 'a'} parachute vault now, or skip and attach later
+            from the group's detail page.
+          </p>
+          <div className="row" style={{ marginTop: '0.5rem' }}>
+            <label className="wizard-toggle">
+              <input type="checkbox" checked={attachVault} onChange={(e) => setAttachVault(e.target.checked)} />
+              <span>Attach vault now</span>
+            </label>
+          </div>
+          {attachVault && (
+            <>
+              <div className="row">
+                <label htmlFor="vaultBaseUrl">Vault</label>
+                <VaultPicker
+                  inputId="vaultBaseUrl"
+                  value={vaultBaseUrl}
+                  onChange={setVaultBaseUrl}
+                  onPickedName={setPickedVaultName}
+                />
+              </div>
+              <div className="row">
+                <label htmlFor="scope">Scope</label>
+                <select id="scope" value={scope} onChange={(e) => setScope(e.target.value as VaultScope)}>
+                  {SCOPE_OPTIONS.map((s) => (
+                    <option key={s.value} value={s.value}>
+                      {s.label}
+                    </option>
+                  ))}
+                </select>
+                <ScopeGrants scope={scope} />
+              </div>
+              <div className="row">
+                <label htmlFor="tokenLabel">Token label</label>
+                <input
+                  id="tokenLabel"
+                  type="text"
+                  value={tokenLabel}
+                  onChange={(e) => setTokenLabel(e.target.value)}
+                  placeholder={`agent-${folder || '<folder>'}`}
+                />
+                <p className="dim">
+                  Used for revocation. Default: <code>agent-{folder || '<folder>'}</code>.
+                </p>
+              </div>
+              <div className="row">
+                <label htmlFor="pasteToken">Paste an existing token (optional)</label>
+                <input
+                  id="pasteToken"
+                  type="text"
+                  value={pasteToken}
+                  onChange={(e) => setPasteToken(e.target.value)}
+                  placeholder="pvt_…  (leave blank to mint via the parachute CLI)"
+                />
+                <p className="dim">
+                  When blank, the server runs <code>parachute vault tokens create</code> for you.
+                </p>
+              </div>
+            </>
+          )}
+          <div className="actions" style={{ marginTop: '1rem' }}>
+            <button className="secondary" onClick={() => setStep('identity')}>
+              Back
+            </button>
+            <button onClick={() => setStep('confirm')}>Next: confirm</button>
+          </div>
+        </div>
+      )}
+      {step === 'confirm' && (
+        <div className="section">
+          <h3>Confirm</h3>
+          <div className="kv">
+            <div>name</div>
+            <div>{name}</div>
+            <div>folder</div>
+            <div>
+              <code>{folder}</code>
+            </div>
+            <div>instructions</div>
+            <div>{instructions.trim() ? <em>(custom)</em> : <span className="dim">default</span>}</div>
+            <div>vault</div>
+            <div>
+              {attachVault ? (
+                <>
+                  <span className="tag">{scope}</span>{' '}
+                  {pickedVaultName ? <code>{pickedVaultName}</code> : null}{' '}
+                  <code>{vaultBaseUrl.trim().replace(/\/+$/, '')}</code>
+                </>
+              ) : (
+                <span className="dim">skip — attach later</span>
+              )}
+            </div>
+            {attachVault && (
+              <>
+                <div>token label</div>
+                <div>
+                  <code>{tokenLabel.trim() || `agent-${folder}`}</code>
+                </div>
+                <div>token</div>
+                <div>
+                  {pasteToken.trim() ? (
+                    <span className="dim">using pasted token</span>
+                  ) : (
+                    <span className="dim">server will mint a fresh token</span>
+                  )}
+                </div>
+              </>
+            )}
+          </div>
+          {submitError && (
+            <div className="error-banner" style={{ marginTop: '1rem' }}>
+              {submitError}
+            </div>
+          )}
+          <div className="actions" style={{ marginTop: '1rem' }}>
+            <button className="secondary" onClick={() => setStep('vault')} disabled={submitting}>
+              Back
+            </button>
+            <button onClick={onCreate} disabled={submitting}>
+              {submitting ? 'Creating…' : 'Create agent group'}
+            </button>
+          </div>
+        </div>
+      )}
+    </div>
+  );
+}
+function FolderHint({
+  folder,
+  checking,
+  check,
+}: {
+  folder: string;
+  checking: boolean;
+  check: FolderAvailability | null;
+}) {
+  if (!folder) {
+    return (
+      <p className="dim">
+        Lowercase letters, digits, and dashes; ≤ 48 chars. Becomes <code>groups/&lt;slug&gt;/</code>.
+      </p>
+    );
+  }
+  if (checking || !check) {
+    return (
+      <p className="dim">
+        Checking <code>{folder}</code>…
+      </p>
+    );
+  }
+  if (!check.valid) {
+    return <p className="wizard-folder-error">{check.reason ?? 'Invalid slug.'}</p>;
+  }
+  if (!check.available) {
+    return <p className="wizard-folder-error">{check.reason ?? 'Already taken.'}</p>;
+  }
+  return (
+    <p className="wizard-folder-ok">
+      <code>groups/{folder}/</code> is available.
+    </p>
+  );
+}
+function WizardSteps({ current }: { current: Step }) {
+  const steps: { key: Step; label: string }[] = [
+    { key: 'identity', label: '1. Identity' },
+    { key: 'vault', label: '2. Vault' },
+    { key: 'confirm', label: '3. Confirm' },
+  ];
+  return (
+    <ol className="wizard-steps">
+      {steps.map((s) => (
+        <li key={s.key} className={`wizard-step${s.key === current ? ' active' : ''}`}>
+          {s.label}
+        </li>
+      ))}
+    </ol>
+  );
+}