@ouro.bot/cli 0.1.0-alpha.62 → 0.1.0-alpha.637

package/dist/heart/runtime-credentials.js

@@ -0,0 +1,367 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MACHINE_RUNTIME_CONFIG_ITEM_PREFIX = exports.RUNTIME_CONFIG_ITEM_NAME = void 0;
+exports.machineRuntimeConfigItemName = machineRuntimeConfigItemName;
+exports.readRuntimeCredentialConfig = readRuntimeCredentialConfig;
+exports.readMachineRuntimeCredentialConfig = readMachineRuntimeCredentialConfig;
+exports.cacheRuntimeCredentialConfig = cacheRuntimeCredentialConfig;
+exports.cacheMachineRuntimeCredentialConfig = cacheMachineRuntimeCredentialConfig;
+exports.applyRuntimeCredentialBootstrapMessage = applyRuntimeCredentialBootstrapMessage;
+exports.waitForRuntimeCredentialBootstrap = waitForRuntimeCredentialBootstrap;
+exports.refreshRuntimeCredentialConfig = refreshRuntimeCredentialConfig;
+exports.refreshMachineRuntimeCredentialConfig = refreshMachineRuntimeCredentialConfig;
+exports.upsertRuntimeCredentialConfig = upsertRuntimeCredentialConfig;
+exports.upsertMachineRuntimeCredentialConfig = upsertMachineRuntimeCredentialConfig;
+exports.resetRuntimeCredentialConfigCache = resetRuntimeCredentialConfigCache;
+const crypto = __importStar(require("node:crypto"));
+const runtime_1 = require("../nerves/runtime");
+const credential_access_1 = require("../repertoire/credential-access");
+const identity_1 = require("./identity");
+const provider_credentials_1 = require("./provider-credentials");
+exports.RUNTIME_CONFIG_ITEM_NAME = "runtime/config";
+exports.MACHINE_RUNTIME_CONFIG_ITEM_PREFIX = "runtime/machines";
+let cachedRuntimeConfigs = new Map();
+let cachedMachineRuntimeConfigs = new Map();
+function isRecord(value) {
+    return !!value && typeof value === "object" && !Array.isArray(value);
+}
+function isCredentialValue(value) {
+    return typeof value === "string" || typeof value === "number";
+}
+function isCredentialRecord(value) {
+    if (!isRecord(value))
+        return false;
+    return Object.values(value).every(isCredentialValue);
+}
+function isProviderCredentialRecord(value) {
+    if (!isRecord(value))
+        return false;
+    if (typeof value.provider !== "string")
+        return false;
+    if (typeof value.revision !== "string" || value.revision.trim().length === 0)
+        return false;
+    if (typeof value.updatedAt !== "string" || value.updatedAt.trim().length === 0)
+        return false;
+    if (!isCredentialRecord(value.credentials))
+        return false;
+    if (!isCredentialRecord(value.config))
+        return false;
+    const provenance = value.provenance;
+    if (!isRecord(provenance))
+        return false;
+    if (provenance.source !== "auth-flow" && provenance.source !== "manual")
+        return false;
+    if (typeof provenance.updatedAt !== "string" || provenance.updatedAt.trim().length === 0)
+        return false;
+    return true;
+}
+function stableJson(value) {
+    if (Array.isArray(value))
+        return `[${value.map(stableJson).join(",")}]`;
+    if (isRecord(value)) {
+        return `{${Object.keys(value).sort().map((key) => `${JSON.stringify(key)}:${stableJson(value[key])}`).join(",")}}`;
+    }
+    return JSON.stringify(value);
+}
+function runtimeConfigVaultPath(agentName, itemName = exports.RUNTIME_CONFIG_ITEM_NAME) {
+    return `vault:${agentName}:${itemName}`;
+}
+function machineRuntimeConfigItemName(machineId) {
+    const normalized = machineId.trim();
+    if (!normalized)
+        throw new Error("machineId must be non-empty");
+    return `${exports.MACHINE_RUNTIME_CONFIG_ITEM_PREFIX}/${normalized}/config`;
+}
+function runtimeConfigRevision(payload) {
+    return `runtime_${crypto
+        .createHash("sha256")
+        .update(stableJson(payload))
+        .digest("hex")
+        .slice(0, 16)}`;
+}
+function validateRuntimeCredentialPayload(value) {
+    if (!isRecord(value))
+        throw new Error("runtime credential payload must be an object");
+    if (value.schemaVersion !== 1)
+        throw new Error("runtime credential payload schemaVersion must be 1");
+    if (value.kind !== "runtime-config")
+        throw new Error("runtime credential payload kind must be runtime-config");
+    if (typeof value.updatedAt !== "string" || value.updatedAt.trim().length === 0) {
+        throw new Error("runtime credential payload updatedAt must be non-empty");
+    }
+    if (!isRecord(value.config))
+        throw new Error("runtime credential payload config must be an object");
+    return value;
+}
+function resultFromPayload(agentName, payload) {
+    return {
+        ok: true,
+        itemPath: runtimeConfigVaultPath(agentName),
+        config: { ...payload.config },
+        revision: runtimeConfigRevision(payload),
+        updatedAt: payload.updatedAt,
+    };
+}
+function resultFromPayloadForItem(agentName, itemName, payload) {
+    return {
+        ok: true,
+        itemPath: runtimeConfigVaultPath(agentName, itemName),
+        config: { ...payload.config },
+        revision: runtimeConfigRevision(payload),
+        updatedAt: payload.updatedAt,
+    };
+}
+function missingRuntimeConfig(agentName, itemName = exports.RUNTIME_CONFIG_ITEM_NAME) {
+    return {
+        ok: false,
+        reason: "missing",
+        itemPath: runtimeConfigVaultPath(agentName, itemName),
+        error: `no runtime credentials stored at ${runtimeConfigVaultPath(agentName, itemName)}`,
+    };
+}
+function cacheResult(agentName, result) {
+    cachedRuntimeConfigs.set(agentName, result);
+    return result;
+}
+function cacheMachineResult(agentName, result) {
+    cachedMachineRuntimeConfigs.set(agentName, result);
+    return result;
+}
+function missingMachineRuntimeConfig(agentName) {
+    return {
+        ok: false,
+        reason: "missing",
+        itemPath: `vault:${agentName}:${exports.MACHINE_RUNTIME_CONFIG_ITEM_PREFIX}/<this-machine>/config`,
+        error: `no machine runtime credentials loaded for ${agentName}`,
+    };
+}
+function readRuntimeCredentialConfig(agentName = (0, identity_1.getAgentName)()) {
+    return cachedRuntimeConfigs.get(agentName) ?? missingRuntimeConfig(agentName);
+}
+function readMachineRuntimeCredentialConfig(agentName = (0, identity_1.getAgentName)()) {
+    return cachedMachineRuntimeConfigs.get(agentName) ?? missingMachineRuntimeConfig(agentName);
+}
+function cacheRuntimeCredentialConfig(agentName, config, now = new Date()) {
+    const payload = {
+        schemaVersion: 1,
+        kind: "runtime-config",
+        updatedAt: now.toISOString(),
+        config: { ...config },
+    };
+    return cacheResult(agentName, resultFromPayload(agentName, payload));
+}
+function cacheMachineRuntimeCredentialConfig(agentName, config, now = new Date(), machineId = "<this-machine>") {
+    const payload = {
+        schemaVersion: 1,
+        kind: "runtime-config",
+        updatedAt: now.toISOString(),
+        config: { ...config },
+    };
+    return cacheMachineResult(agentName, resultFromPayloadForItem(agentName, machineRuntimeConfigItemName(machineId), payload));
+}
+function isRuntimeCredentialBootstrapMessage(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value))
+        return false;
+    const record = value;
+    if (record.type !== "ouro.runtimeCredentialBootstrap")
+        return false;
+    if (typeof record.agentName !== "string" || record.agentName.trim().length === 0)
+        return false;
+    if (record.runtimeConfig !== undefined && !isRecord(record.runtimeConfig))
+        return false;
+    if (record.machineRuntimeConfig !== undefined && !isRecord(record.machineRuntimeConfig))
+        return false;
+    if (record.machineId !== undefined && (typeof record.machineId !== "string" || record.machineId.trim().length === 0))
+        return false;
+    if (record.providerCredentialRecords !== undefined
+        && (!Array.isArray(record.providerCredentialRecords)
+            || !record.providerCredentialRecords.every(isProviderCredentialRecord)))
+        return false;
+    return true;
+}
+function applyRuntimeCredentialBootstrapMessage(message) {
+    if (!isRuntimeCredentialBootstrapMessage(message))
+        return false;
+    const agentName = message.agentName.trim();
+    const now = new Date();
+    if (message.runtimeConfig) {
+        cacheRuntimeCredentialConfig(agentName, message.runtimeConfig, now);
+    }
+    if (message.machineRuntimeConfig) {
+        cacheMachineRuntimeCredentialConfig(agentName, message.machineRuntimeConfig, now, message.machineId ?? "<this-machine>");
+    }
+    if (message.providerCredentialRecords && message.providerCredentialRecords.length > 0) {
+        (0, provider_credentials_1.cacheProviderCredentialRecords)(agentName, message.providerCredentialRecords, now);
+    }
+    (0, runtime_1.emitNervesEvent)({
+        component: "config/identity",
+        event: "config.runtime_credentials_bootstrapped",
+        message: "loaded runtime credentials from daemon bootstrap",
+        meta: {
+            agentName,
+            runtimeConfig: !!message.runtimeConfig,
+            machineRuntimeConfig: !!message.machineRuntimeConfig,
+            providerCredentialRecords: message.providerCredentialRecords?.length ?? 0,
+        },
+    });
+    return true;
+}
+function waitForRuntimeCredentialBootstrap(agentName, options = {}) {
+    const timeoutMs = options.timeoutMs ?? 1_500;
+    return new Promise((resolve) => {
+        let settled = false;
+        let timer = null;
+        const finish = (value) => {
+            /* v8 ignore next -- defensive: listener cleanup and timer cleanup prevent double settlement @preserve */
+            if (settled)
+                return;
+            settled = true;
+            /* v8 ignore next -- defensive: timer is assigned immediately after listener registration @preserve */
+            if (timer)
+                clearTimeout(timer);
+            process.off?.("message", onMessage);
+            resolve(value);
+        };
+        const onMessage = (message) => {
+            if (!isRuntimeCredentialBootstrapMessage(message))
+                return;
+            if (message.agentName.trim() !== agentName.trim())
+                return;
+            finish(applyRuntimeCredentialBootstrapMessage(message));
+        };
+        process.on?.("message", onMessage);
+        timer = setTimeout(() => finish(false), timeoutMs);
+    });
+}
+async function refreshRuntimeCredentialConfigItem(agentName, itemName, cache, options = {}) {
+    try {
+        const store = (0, credential_access_1.getCredentialStore)(agentName);
+        const raw = await store.getRawSecret(itemName, "password");
+        const payload = validateRuntimeCredentialPayload(JSON.parse(raw));
+        const result = resultFromPayloadForItem(agentName, itemName, payload);
+        (0, runtime_1.emitNervesEvent)({
+            component: "config/identity",
+            event: "config.runtime_credentials_loaded",
+            message: "loaded runtime credentials from vault",
+            meta: { agentName, itemPath: result.itemPath, revision: result.revision },
+        });
+        return cache(agentName, result);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        const existing = cache === cacheMachineResult
+            ? cachedMachineRuntimeConfigs.get(agentName)
+            : cachedRuntimeConfigs.get(agentName);
+        const reason = message.includes(`no credential found for domain "${itemName}"`)
+            ? "missing"
+            : message.includes("runtime credential payload")
+                ? "invalid"
+                : "unavailable";
+        const result = {
+            ok: false,
+            reason,
+            itemPath: runtimeConfigVaultPath(agentName, itemName),
+            error: reason === "missing" ? `no runtime credentials stored at ${runtimeConfigVaultPath(agentName, itemName)}` : message,
+        };
+        (0, runtime_1.emitNervesEvent)({
+            level: reason === "missing" ? "warn" : "error",
+            component: "config/identity",
+            event: "config.runtime_credentials_unavailable",
+            message: "runtime credentials unavailable",
+            meta: { agentName, reason, itemPath: result.itemPath },
+        });
+        if (options.preserveCachedOnFailure && existing?.ok)
+            return existing;
+        return cache(agentName, result);
+    }
+}
+async function refreshRuntimeCredentialConfig(agentName, options = {}) {
+    return refreshRuntimeCredentialConfigItem(agentName, exports.RUNTIME_CONFIG_ITEM_NAME, cacheResult, options);
+}
+async function refreshMachineRuntimeCredentialConfig(agentName, machineId, options = {}) {
+    return refreshRuntimeCredentialConfigItem(agentName, machineRuntimeConfigItemName(machineId), cacheMachineResult, options);
+}
+async function upsertRuntimeCredentialConfig(agentName, config, now = new Date()) {
+    const payload = {
+        schemaVersion: 1,
+        kind: "runtime-config",
+        updatedAt: now.toISOString(),
+        config: { ...config },
+    };
+    const store = (0, credential_access_1.getCredentialStore)(agentName);
+    await store.store(exports.RUNTIME_CONFIG_ITEM_NAME, {
+        username: "runtime/config",
+        password: JSON.stringify(payload),
+        notes: "Ouro runtime credentials for senses and integrations. Provider credentials live in providers/* items.",
+    });
+    const result = resultFromPayload(agentName, payload);
+    (0, runtime_1.emitNervesEvent)({
+        component: "config/identity",
+        event: "config.runtime_credentials_upserted",
+        message: "upserted runtime credential config in vault",
+        meta: { agentName, itemPath: result.itemPath, revision: result.revision },
+    });
+    cacheResult(agentName, result);
+    return result;
+}
+async function upsertMachineRuntimeCredentialConfig(agentName, machineId, config, now = new Date()) {
+    const payload = {
+        schemaVersion: 1,
+        kind: "runtime-config",
+        updatedAt: now.toISOString(),
+        config: { ...config },
+    };
+    const itemName = machineRuntimeConfigItemName(machineId);
+    const store = (0, credential_access_1.getCredentialStore)(agentName);
+    await store.store(itemName, {
+        username: itemName,
+        password: JSON.stringify(payload),
+        notes: "Ouro machine-local runtime credentials for senses attached to one machine. Portable runtime credentials live in runtime/config.",
+    });
+    const result = resultFromPayloadForItem(agentName, itemName, payload);
+    (0, runtime_1.emitNervesEvent)({
+        component: "config/identity",
+        event: "config.runtime_credentials_upserted",
+        message: "upserted machine runtime credential config in vault",
+        meta: { agentName, itemPath: result.itemPath, revision: result.revision },
+    });
+    cacheMachineResult(agentName, result);
+    return result;
+}
+function resetRuntimeCredentialConfigCache() {
+    cachedRuntimeConfigs = new Map();
+    cachedMachineRuntimeConfigs = new Map();
+}

package/dist/heart/runtime-cwd.js

@@ -0,0 +1,87 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.recoverRuntimeCwd = recoverRuntimeCwd;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const runtime_1 = require("../nerves/runtime");
+function defaultRuntimeRoot() {
+    return path.resolve(__dirname, "../..");
+}
+const defaultDeps = {
+    cwd: process.cwd.bind(process),
+    chdir: process.chdir.bind(process),
+    existsSync: fs.existsSync,
+};
+function recoverRuntimeCwd(fallback = defaultRuntimeRoot(), deps = defaultDeps) {
+    try {
+        return deps.cwd();
+    }
+    catch (error) {
+        const reason = error instanceof Error ? error.message : String(error);
+        let recovered = false;
+        let resolved = fallback;
+        let repairReason;
+        try {
+            if (deps.existsSync(fallback)) {
+                deps.chdir(fallback);
+                resolved = deps.cwd();
+                recovered = true;
+            }
+            else {
+                repairReason = "fallback cwd does not exist";
+            }
+        }
+        catch (repairError) {
+            repairReason = repairError instanceof Error ? repairError.message : String(repairError);
+        }
+        (0, runtime_1.emitNervesEvent)({
+            level: recovered ? "warn" : "error",
+            component: "heart",
+            event: "heart.cwd_recovery",
+            message: recovered
+                ? "recovered process cwd after the previous working directory disappeared"
+                : "process cwd disappeared and could not be repaired automatically",
+            meta: {
+                reason,
+                fallback,
+                resolved,
+                recovered,
+                ...(repairReason ? { repairReason } : {}),
+            },
+        });
+        return resolved;
+    }
+}

package/dist/heart/sense-truth.js

@@ -7,12 +7,18 @@ const SENSES = [
     { sense: "cli", label: "CLI", daemonManaged: false },
     { sense: "teams", label: "Teams", daemonManaged: true },
     { sense: "bluebubbles", label: "BlueBubbles", daemonManaged: true },
+    { sense: "mail", label: "Mail", daemonManaged: true },
+    { sense: "voice", label: "Voice", daemonManaged: true },
 ];
 function configuredSenses(senses) {
-    return senses ?? {
-        cli: { ...identity_1.DEFAULT_AGENT_SENSES.cli },
-        teams: { ...identity_1.DEFAULT_AGENT_SENSES.teams },
-        bluebubbles: { ...identity_1.DEFAULT_AGENT_SENSES.bluebubbles },
+    const configured = senses ?? {};
+    return {
+        ...configured,
+        cli: configured.cli ?? { ...identity_1.DEFAULT_AGENT_SENSES.cli },
+        teams: configured.teams ?? { ...identity_1.DEFAULT_AGENT_SENSES.teams },
+        bluebubbles: configured.bluebubbles ?? { ...identity_1.DEFAULT_AGENT_SENSES.bluebubbles },
+        mail: configured.mail ?? { ...identity_1.DEFAULT_AGENT_SENSES.mail },
+        voice: configured.voice ?? { ...identity_1.DEFAULT_AGENT_SENSES.voice },
     };
 }
 function resolveStatus(enabled, daemonManaged, runtimeInfo) {
@@ -28,6 +34,9 @@ function resolveStatus(enabled, daemonManaged, runtimeInfo) {
     if (runtimeInfo?.runtime === "running") {
         return "running";
     }
+    if (runtimeInfo?.configured === false && runtimeInfo.optional) {
+        return "not_attached";
+    }
     if (runtimeInfo?.configured === false) {
         return "needs_config";
     }

package/dist/heart/session-activity.js

@@ -38,6 +38,8 @@ exports.findFreshestFriendSession = findFreshestFriendSession;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const runtime_1 = require("../nerves/runtime");
+const config_1 = require("./config");
+const session_events_1 = require("./session-events");
 const DEFAULT_ACTIVE_THRESHOLD_MS = 24 * 60 * 60 * 1000;
 function activityPriority(source) {
     return source === "friend-facing" ? 0 : 1;
@@ -54,7 +56,7 @@ function resolveFriendName(friendId, friendsDir, agentName) {
         return friendId;
     }
 }
-function parseFriendActivity(sessionPath) {
+function parseFriendActivity(sessionPath, activeThresholdMs, nowMs) {
     let mtimeMs;
     try {
         mtimeMs = fs.statSync(sessionPath).mtimeMs;
@@ -62,32 +64,49 @@ function parseFriendActivity(sessionPath) {
     catch {
         return null;
     }
-    try {
-        const raw = fs.readFileSync(sessionPath, "utf-8");
-        const parsed = JSON.parse(raw);
-        const explicit = parsed?.state?.lastFriendActivityAt;
-        if (typeof explicit === "string") {
-            const parsedMs = Date.parse(explicit);
-            if (Number.isFinite(parsedMs)) {
-                return {
-                    lastActivityMs: parsedMs,
-                    lastActivityAt: new Date(parsedMs).toISOString(),
-                    activitySource: "friend-facing",
-                };
-            }
+    if (Number.isFinite(activeThresholdMs) && nowMs - mtimeMs > activeThresholdMs) {
+        return null;
+    }
+    const envelope = (0, session_events_1.loadSessionEnvelopeFile)(sessionPath);
+    const chronology = envelope ? (0, session_events_1.deriveSessionChronology)(envelope.events) : null;
+    const explicit = envelope?.state.lastFriendActivityAt;
+    if (typeof explicit === "string") {
+        const parsedMs = Date.parse(explicit);
+        if (Number.isFinite(parsedMs)) {
+            return {
+                lastActivityMs: parsedMs,
+                lastActivityAt: new Date(parsedMs).toISOString(),
+                activitySource: "friend-facing",
+                lastInboundAt: chronology?.lastInboundAt ?? null,
+                lastOutboundAt: chronology?.lastOutboundAt ?? null,
+                unansweredInboundCount: chronology?.unansweredInboundCount ?? 0,
+            };
         }
     }
-    catch {
-        // fall back to file mtime below
+    if (chronology?.lastInboundAt) {
+        const parsedMs = Date.parse(chronology.lastInboundAt);
+        if (Number.isFinite(parsedMs)) {
+            return {
+                lastActivityMs: parsedMs,
+                lastActivityAt: new Date(parsedMs).toISOString(),
+                activitySource: "friend-facing",
+                lastInboundAt: chronology.lastInboundAt,
+                lastOutboundAt: chronology.lastOutboundAt,
+                unansweredInboundCount: chronology.unansweredInboundCount,
+            };
+        }
     }
     return {
         lastActivityMs: mtimeMs,
         lastActivityAt: new Date(mtimeMs).toISOString(),
         activitySource: "mtime-fallback",
+        lastInboundAt: chronology?.lastInboundAt ?? null,
+        lastOutboundAt: chronology?.lastOutboundAt ?? null,
+        unansweredInboundCount: chronology?.unansweredInboundCount ?? 0,
     };
 }
 function listSessionActivity(query) {
-    const { sessionsDir, friendsDir, agentName, activeThresholdMs = DEFAULT_ACTIVE_THRESHOLD_MS, currentSession = null, } = query;
+    const { sessionsDir, friendsDir, agentName, activeThresholdMs = DEFAULT_ACTIVE_THRESHOLD_MS, nowMs = Date.now(), currentSession = null, } = query;
     (0, runtime_1.emitNervesEvent)({
         component: "daemon",
         event: "daemon.session_activity_scan",
@@ -99,7 +118,6 @@ function listSessionActivity(query) {
     });
     if (!fs.existsSync(sessionsDir))
         return [];
-    const now = Date.now();
     const results = [];
     let friendDirs;
     try {
@@ -130,14 +148,17 @@ function listSessionActivity(query) {
                 if (!keyFile.endsWith(".json"))
                     continue;
                 const key = keyFile.replace(/\.json$/, "");
-                if (currentSession && friendId === currentSession.friendId && channel === currentSession.channel && key === currentSession.key) {
+                // Compare with sanitizeKey on both sides — session keys from the filesystem
+                // are already sanitized (colons → underscores), but the canonical key from
+                // the pipeline may still have colons (e.g. "chat:any" vs "chat_any").
+                if (currentSession && friendId === currentSession.friendId && channel === currentSession.channel && (0, config_1.sanitizeKey)(key) === (0, config_1.sanitizeKey)(currentSession.key)) {
                     continue;
                 }
                 const sessionPath = path.join(channelPath, keyFile);
-                const activity = parseFriendActivity(sessionPath);
+                const activity = parseFriendActivity(sessionPath, activeThresholdMs, nowMs);
                 if (!activity)
                     continue;
-                if (now - activity.lastActivityMs > activeThresholdMs)
+                if (nowMs - activity.lastActivityMs > activeThresholdMs)
                     continue;
                 results.push({
                     friendId,
@@ -148,6 +169,9 @@ function listSessionActivity(query) {
                     lastActivityAt: activity.lastActivityAt,
                     lastActivityMs: activity.lastActivityMs,
                     activitySource: activity.activitySource,
+                    lastInboundAt: activity.lastInboundAt,
+                    lastOutboundAt: activity.lastOutboundAt,
+                    unansweredInboundCount: activity.unansweredInboundCount,
                 });
             }
         }
@@ -160,10 +184,10 @@ function listSessionActivity(query) {
     });
 }
 function findFreshestFriendSession(query) {
-    const { activeOnly = false, activeThresholdMs = DEFAULT_ACTIVE_THRESHOLD_MS, ...rest } = query;
+    const { activeOnly = false, activeThresholdMs = DEFAULT_ACTIVE_THRESHOLD_MS, nowMs, ...rest } = query;
     const currentSession = rest.currentSession ?? null;
     const all = activeOnly
-        ? listSessionActivity({ ...rest, activeThresholdMs, currentSession })
-        : listSessionActivity({ ...rest, activeThresholdMs: Number.MAX_SAFE_INTEGER, currentSession });
+        ? listSessionActivity({ ...rest, activeThresholdMs, nowMs, currentSession })
+        : listSessionActivity({ ...rest, activeThresholdMs: Number.MAX_SAFE_INTEGER, nowMs, currentSession });
     return all.find((entry) => entry.friendId === query.friendId) ?? null;
 }