@pellux/goodvibes-tui 0.21.0 → 0.22.0

package/src/input/commands/session.ts

@@ -319,18 +319,52 @@ function handleCancel(args: string[], context: CommandContext): void {
 /**
  * sessionCommand — The `/session` slash command.
  *
- * Routes to multi-session orchestration subcommand handlers based on args[0].
+ * The ONE front-door for all session operations. Owns two domains:
+ *
+ * Lifecycle (continuity, export, resume, pruning):
+ *   list | rename | resume | fork | save | info | events | groups | hotspots | export | search | delete
+ *
+ * Orchestration (cross-session task DAG — 40 tests, cycle detection):
+ *   link-task | handoff | graph | cancel
+ *
+ * Orchestration-command decision (TASK-032):
+ *   Both domains live under /session rather than splitting orchestration into
+ *   a separate /session-orch command. Rationale: they share the same entity
+ *   (a session) and the same operator mental model ("I am working with sessions").
+ *   A second front-door would create ambiguity about which command to reach for.
+ *   Explicit switch routing (not fallthrough) makes both domains first-class;
+ *   the former /session-mgmt alias (session-mgmt/smgmt) is removed so there
+ *   is exactly one registration and no silent shadowing.
  */
 export const sessionCommand: SlashCommand = {
   name: 'session',
   aliases: ['sess'],
-  description: 'Multi-session orchestration: link tasks, handoff, view graph, and cancel across sessions.',
+  description: 'Session lifecycle and orchestration: list, resume, fork, save, export, link-task, handoff, graph, cancel.',
   usage: '<subcommand> [args]',
-  argsHint: 'link-task|handoff|graph|cancel',
+  argsHint: 'list|rename|resume|fork|save|info|export|search|delete|events|groups|hotspots|link-task|handoff|graph|cancel',
   handler: async (args: string[], context: CommandContext): Promise<void> => {
     const [sub, ...rest] = args;
 
     switch (sub) {
+      // ── Lifecycle subcommands ────────────────────────────────────────────────
+      // Each delegates explicitly to handleSessionWorkflowCommand so every
+      // subcommand has a deterministic, named path — no silent fallthrough.
+      case 'list':
+      case 'rename':
+      case 'resume':
+      case 'fork':
+      case 'save':
+      case 'info':
+      case 'export':
+      case 'search':
+      case 'delete':
+      case 'events':
+      case 'groups':
+      case 'hotspots':
+        await handleSessionWorkflowCommand(args, context);
+        break;
+
+      // ── Orchestration subcommands ─────────────────────────────────────────────
       case 'link-task':
       case 'link':
         handleLinkTask(rest, context);
@@ -350,24 +384,40 @@ export const sessionCommand: SlashCommand = {
         handleCancel(rest, context);
         break;
 
+      // ── No-arg: show current session info ────────────────────────────────────
+      case undefined:
+        await handleSessionWorkflowCommand([], context);
+        break;
+
       default: {
-        const handled = await handleSessionWorkflowCommand(args, context);
-        if (!handled) {
-          const usage = [
-            'Usage: /session <subcommand>',
-            '  list | rename <name> | resume <id|name> | fork [name] | save [name] | info [id] | export <id> [format] | search <query> | delete <id>',
-            '                                 — Session continuity, export, resume, and pruning',
-            '  link-task <taskId> [--session <sid>] [--depends-on <sid:taskId>] [--label <label>]',
-            '                                 — Register a task in the cross-session graph',
-            '  handoff <taskId> --to <sid>  [--session <sid>] [--reason <reason>]',
-            '                                 — Hand a task off to another session',
-            '  graph [--session <sid>] [--format text|json]',
-            '                                 — Display the cross-session task dependency graph',
-            '  cancel <taskId> [--scope task|subtree|session] [--session <sid>] [--reason <reason>]',
-            '                                 — Cancel tasks with scoped semantics',
-          ].join('\n');
-          context.print(usage);
-        }
+        const usage = [
+          'Usage: /session <subcommand>',
+          '',
+          'Lifecycle:',
+          '  list                                    — List saved sessions',
+          '  rename <name>                           — Rename the current session',
+          '  resume <id|name>                        — Resume a saved session',
+          '  fork [name]                             — Fork the current session',
+          '  save [name]                             — Save the current session',
+          '  info [id]                               — Show session info',
+          '  export <id|.> [markdown|text]           — Export session transcript',
+          '  search <query>                          — Search session content',
+          '  delete <id>                             — Delete a saved session',
+          '  events [kind]                           — Show transcript events',
+          '  groups [kind]                           — Show transcript groups',
+          '  hotspots                                — Show transcript hotspots',
+          '',
+          'Orchestration:',
+          '  link-task <taskId> [--session <sid>] [--depends-on <sid:taskId>] [--label <label>]',
+          '                                          — Register a task in the cross-session graph',
+          '  handoff <taskId> --to <sid> [--session <sid>] [--reason <reason>]',
+          '                                          — Hand a task off to another session',
+          '  graph [--session <sid>] [--format text|json]',
+          '                                          — Display the cross-session task dependency graph',
+          '  cancel <taskId> [--scope task|subtree|session] [--session <sid>] [--reason <reason>]',
+          '                                          — Cancel tasks with scoped semantics',
+        ].join('\n');
+        context.print(usage);
         break;
       }
     }

package/src/input/commands.ts

@@ -7,7 +7,6 @@ import { recallCommand } from './commands/memory.ts';
 import { knowledgeCommand } from './commands/knowledge.ts';
 import { registerShellCoreCommands } from './commands/shell-core.ts';
 import { registerConfigCommand } from './commands/config.ts';
-import { registerSessionWorkflowCommands } from './commands/session-workflow.ts';
 import { registerDiscoveryRuntimeCommands } from './commands/discovery-runtime.ts';
 import { registerPlanningRuntimeCommands } from './commands/planning-runtime.ts';
 import { registerScheduleRuntimeCommands } from './commands/schedule-runtime.ts';
@@ -107,7 +106,6 @@ export function registerBuiltinCommands(registry: CommandRegistry): void {
   registerCloudflareRuntimeCommands(registry);
   registerWorkPlanRuntimeCommands(registry);
   registerLocalRuntimeCommands(registry);
-  registerSessionWorkflowCommands(registry);
   registerDiscoveryRuntimeCommands(registry);
   registerPlanningRuntimeCommands(registry);
   registerScheduleRuntimeCommands(registry);

package/src/input/handler-modal-routes.ts

@@ -250,6 +250,15 @@ type SettingsRouteState = {
     pendingProviderModelPickerTarget?: import('./model-picker.ts').ModelPickerTarget | null;
     pendingSettingsPickerAction?: 'tts-provider' | 'tts-voice' | null;
     resetSelected?: () => { key: string; value: unknown } | null;
+    initiateResetCategory?: () => void;
+    initiateResetAll?: () => void;
+    handleResetConfirmKey?: (
+      key: string,
+    ) =>
+      | { result: 'confirmed'; entries: ReadonlyArray<{ key: string; value: unknown }> }
+      | 'cancelled'
+      | 'absorbed'
+      | 'inactive';
   };
   commandContext?: CommandContext;
   /** Called when the settings modal requests the model picker for a non-main target. */
@@ -313,6 +322,28 @@ export function handleSettingsModalToken(state: SettingsRouteState, token: Input
     }
   }
 
+  // Reset confirm gate: routes all keys through the confirm contract before
+  // normal dispatch when a category or all-settings reset is pending.
+  if (state.settingsModal.handleResetConfirmKey) {
+    const key = token.type === 'key'
+      ? (token.logicalName ?? '')
+      : token.type === 'text'
+        ? token.value
+        : '';
+    const resetResult = state.settingsModal.handleResetConfirmKey(key);
+    if (resetResult !== 'inactive') {
+      if (typeof resetResult === 'object' && resetResult.result === 'confirmed') {
+        // Sync runtime for every reset entry so provider.model / reasoningEffort
+        // stay consistent with the live session without requiring a restart.
+        for (const entry of resetResult.entries) {
+          syncRuntimeAfterSettingReset(state.commandContext, entry.key, entry.value);
+        }
+      }
+      state.requestRender();
+      return true;
+    }
+  }
+
   if (token.type === 'key') {
     const focusPane = state.settingsModal.focusPane ?? 'settings';
     if (token.logicalName === 'escape') {
@@ -360,6 +391,12 @@ export function handleSettingsModalToken(state: SettingsRouteState, token: Input
       } else if (state.settingsModal.moveFocusedDown) state.settingsModal.moveFocusedDown();
       else state.settingsModal.moveDown?.();
     }
+    else if (token.logicalName === 'r' && token.shift && token.ctrl && !state.settingsModal.editingMode && !state.settingsModal.searchFocused) {
+      state.settingsModal.initiateResetAll?.();
+    }
+    else if (token.logicalName === 'r' && token.shift && !state.settingsModal.editingMode && !state.settingsModal.searchFocused) {
+      state.settingsModal.initiateResetCategory?.();
+    }
     else if (token.logicalName === 'r' && !state.settingsModal.editingMode && !state.settingsModal.searchFocused) {
       const reset = state.settingsModal.resetSelected?.();
       if (reset) syncRuntimeAfterSettingReset(state.commandContext, reset.key, reset.value);

package/src/input/handler-modal-token-routes.ts

@@ -232,11 +232,25 @@ export function handleModalTokenRoutes(state: ModalTokenRouteState, token: Input
     return withState(state, true);
   }
 
-  if (handleEscapeOnlyModalToken({
-    active: state.agentDetailModal.active,
-    requestRender: state.requestRender,
-    handleEscape: state.handleEscape,
-  }, token)) {
+  // Agent detail modal: route c + confirm keys before escape-close.
+  // handleKey() consumes confirm-flow keys (y, Enter, n, Esc) and the 'c'
+  // initiator; unhandled keys (including Esc when no confirm is pending)
+  // fall through to escape-close below.
+  if (state.agentDetailModal.active) {
+    const keyStr: string =
+      token.type === 'key' ? (token.logicalName ?? '') :
+      token.type === 'text' ? token.value : '';
+    if (keyStr && state.agentDetailModal.handleKey(keyStr)) {
+      state.requestRender();
+      return withState(state, true);
+    }
+    // 'c' was not consumed (non-cancellable), or any other key.
+    // Esc closes the modal; all other keys are absorbed by the active modal.
+    if (token.type === 'key' && token.logicalName === 'escape') {
+      state.handleEscape();
+      return withState(state, true);
+    }
+    state.requestRender();
     return withState(state, true);
   }
 

package/src/input/handler-onboarding.ts

@@ -13,6 +13,7 @@ import {
   formatOnboardingApplyCompletionMessage,
   isLoopbackHostValue,
 } from './onboarding/onboarding-verification-helpers.ts';
+import { focusFirstOffendingField, getStepValidationErrors } from './onboarding/onboarding-wizard-validation.ts';
 import type { ModelPickerTarget } from './model-picker.ts';
 import { captureOnboardingWizardSnapshot, restoreOnboardingWizardSnapshot } from './handler-ui-state.ts';
 import type { InputHandlerLike as InputHandler, OnboardingRuntimePosture } from './handler-types.ts';
@@ -82,6 +83,23 @@ function showOnboardingApplyFeedbackForHandler(handler: InputHandler, feedback:
 
 function continueOnboardingSection(handler: InputHandler): void {
     handler.onboardingWizard.commitEdit();
+
+    const step = handler.onboardingWizard.currentStep;
+    const { errors, firstOffendingFieldId } = getStepValidationErrors(handler.onboardingWizard, step);
+    if (errors.length > 0) {
+      handler.onboardingWizard.setApplyFeedback({
+        severity: 'error',
+        title: 'Required fields missing',
+        summary: 'Fill in the required fields below before continuing.',
+        messages: errors,
+      });
+      if (firstOffendingFieldId !== null) {
+        focusFirstOffendingField(handler.onboardingWizard, firstOffendingFieldId);
+      }
+      handler.requestRender();
+      return;
+    }
+
     handler.onboardingWizard.clearApplyFeedback();
     handler.onboardingWizard.nextStep();
     handler.requestRender();

package/src/input/handler.ts

@@ -248,6 +248,7 @@ export class InputHandler implements InputHandlerLike {
       sessionLogPathResolver: (agentId) => uiServices.environment.shellPaths.resolveProjectPath('tui', 'sessions', `${agentId}.jsonl`),
       // SDK 0.23.0: supply wrfcController so the modal can show constraint data
       wrfcController: uiServices.agents.wrfcController,
+      cancelAgent: (agentId: string) => uiServices.agents.agentManager.cancel(agentId),
     });
     this.bookmarkModal = new BookmarkModal(uiServices.shell.bookmarkManager);
     this.sessionPickerModal = new SessionPickerModal(uiServices.sessions.sessionManager);

package/src/input/onboarding/onboarding-wizard-apply.ts

@@ -248,6 +248,16 @@ function addCloudflareOperations(
     setConfig('cloudflare.maxQueueOpsPerDay', controller.getNumberFieldValue('cloudflare.max-queue-ops-per-day', config?.maxQueueOpsPerDay ?? 10000, 1));
     setConfig('batch.mode', batchMode);
     setConfig('batch.queueBackend', batchMode !== 'off' && components.queues ? 'cloudflare' : 'local');
+    // Zero Trust Tunnel auto-enables trustProxy on both services so the
+    // login-rate-limiter keys on the real CF-Connecting-IP rather than the tunnel
+    // egress address. RESIDUAL RISK: until the SDK validates CF-Connecting-IP
+    // against Cloudflare's published IP ranges (SDK handoff Item 5), a client
+    // that reaches the listener directly can spoof the header to bypass the
+    // per-IP limiter. The wizard surfaces this in the cloudflare step notice.
+    if (components.zeroTrustTunnel) {
+      setConfig('controlPlane.trustProxy', true);
+      setConfig('httpListener.trustProxy', true);
+    }
   }
 
 export function addNetworkOperations(

package/src/input/onboarding/onboarding-wizard-cloudflare-step.ts

@@ -257,6 +257,19 @@ export function buildCloudflareStep(controller: OnboardingWizardControllerLike):
       );
     }
 
+    // Trust-proxy notice — shown when Tunnel is selected so the
+    // operator sees the security implication before applying.
+    const tunnelSelected = enabled && components.zeroTrustTunnel;
+    if (tunnelSelected) {
+      fields.push({
+        kind: 'status',
+        id: 'cloudflare.trust-proxy-notice',
+        label: 'trustProxy will be enabled for control plane and HTTP listener',
+        defaultValue: 'Notice',
+        hint: 'Selecting Zero Trust Tunnel auto-writes controlPlane.trustProxy=true and httpListener.trustProxy=true so the login rate-limiter keys on the real client IP (CF-Connecting-IP) rather than the tunnel egress address. RESIDUAL RISK: until the SDK validates CF-Connecting-IP against Cloudflare published IP ranges (handoff Item 5), a client that reaches the listener directly can spoof this header to bypass the per-IP rate-limiter. See docs/deployment-and-services.md for the full risk posture.',
+      });
+    }
+
     if (components.zeroTrustAccess) {
       fields.push(
         {
@@ -463,6 +476,7 @@ export function buildCloudflareStep(controller: OnboardingWizardControllerLike):
       `Components: ${enabled ? componentCount : 0} selected`,
       `Token setup: ${enabled ? setupSource : 'not used'}`,
       `Provision on final apply: ${enabled ? controller.getStringFieldValue('cloudflare.provision-on-apply', 'no') : 'no'}`,
+      ...(enabled && components.zeroTrustTunnel ? ['trustProxy: enabled for control plane and HTTP listener (see security notice)'] : []),
     ],
     fields,
   };

package/src/input/onboarding/onboarding-wizard-steps.ts

@@ -621,6 +621,12 @@ export function buildNetworkStep(controller: OnboardingWizardControllerLike): On
       }
     }
 
+    if (controlPlaneRemote || listenerEnabled || browserEnabled) { // TLS warn + CORS notice.
+      const cpOff = controlPlaneRemote && String(controller.runtimeSnapshot?.config.controlPlane?.tls?.mode ?? 'off') === 'off';
+      const hlOff = listenerEnabled && String(controller.runtimeSnapshot?.config.httpListener?.tls?.mode ?? 'off') === 'off';
+      if (cpOff || hlOff) { const a = [cpOff ? 'control plane' : '', hlOff ? 'HTTP listener' : ''].filter(Boolean).join(' and '); fields.push({ kind: 'status', id: 'network.tls-warn', label: `TLS off — ${a} transmits plaintext`, defaultValue: 'Warning', hint: `The ${a} is network-reachable but TLS is off. Traffic travels in plaintext. Enable TLS or use a terminating reverse proxy.` }); }
+      if (listenerEnabled) { fields.push({ kind: 'status', id: 'network.cors-note', label: 'CORS must be configured manually', defaultValue: 'Info', hint: 'httpListener.enforceCors and httpListener.allowedOrigins are not in ConfigKey union (SDK handoff Item 5). Edit ~/.goodvibes/tui/settings.json to set them, then restart the daemon.' }); }
+    }
     return {
       id: 'network',
       title: 'Network setup',

package/src/input/onboarding/onboarding-wizard-validation.ts

@@ -0,0 +1,77 @@
+import { normalizeText } from './onboarding-wizard-helpers.ts';
+import type { OnboardingWizardControllerLike } from './onboarding-wizard-types.ts';
+import type { OnboardingWizardFieldDefinition, OnboardingWizardStepDefinition } from './onboarding-wizard-types.ts';
+
+export interface WizardStepValidationResult {
+  /** Human-readable error strings for each violating field. */
+  readonly errors: readonly string[];
+  /** ID of the first field that has an error, or null when all pass. */
+  readonly firstOffendingFieldId: string | null;
+}
+
+/**
+ * Validate all fields on a single wizard step, checking:
+ *  - required text / masked fields that are empty
+ *  - required acknowledgement fields that are unchecked
+ *  - any general field-level validation errors (via getFieldValidationError)
+ *
+ * Returns per-field error messages and the first offending field id so the
+ * caller can block navigation and jump focus to the first problem.
+ */
+export function getStepValidationErrors(
+  controller: OnboardingWizardControllerLike,
+  step: OnboardingWizardStepDefinition,
+): WizardStepValidationResult {
+  const errors: string[] = [];
+  let firstOffendingFieldId: string | null = null;
+
+  for (const field of step.fields) {
+    const error = getFieldError(controller, step, field);
+    if (error !== null) {
+      errors.push(error);
+      if (firstOffendingFieldId === null) firstOffendingFieldId = field.id;
+    }
+  }
+
+  return { errors, firstOffendingFieldId };
+}
+
+function getFieldError(
+  controller: OnboardingWizardControllerLike,
+  step: OnboardingWizardStepDefinition,
+  field: OnboardingWizardFieldDefinition,
+): string | null {
+  // Required acknowledgement not checked
+  if (field.kind === 'acknowledgement' && field.required) {
+    if (!controller.isFieldSatisfied(field)) {
+      return `${step.shortLabel}: ${field.label} must be acknowledged before continuing.`;
+    }
+    return null;
+  }
+
+  // Required text / masked field that is empty
+  if ((field.kind === 'text' || field.kind === 'masked') && field.required === true) {
+    const value = normalizeText(controller.getFieldValue(field) as string);
+    if (value.length === 0) {
+      return `${step.shortLabel}: ${field.label} is required.`;
+    }
+  }
+
+  // Delegate all other field-level validation (format errors, port range, etc.)
+  return controller.getFieldValidationError(step, field);
+}
+
+/**
+ * Focus the first offending field on the current step by mutating the
+ * controller's selectedFieldIndices.  The renderer will pick up the change on
+ * the next paint cycle.
+ */
+export function focusFirstOffendingField(
+  controller: OnboardingWizardControllerLike,
+  fieldId: string,
+): void {
+  const fields = controller.currentStep.fields;
+  const index = fields.findIndex((f) => f.id === fieldId);
+  if (index < 0) return;
+  controller.selectedFieldIndices[controller.stepIndex] = index;
+}

package/src/input/settings-modal-behavior.ts

@@ -33,5 +33,10 @@ export function getNumericAdjustmentMeta(setting: ConfigSetting): {
   if (setting.key === 'wrfc.scoreThreshold') {
     return { step: 0.1, min: 0, max: 10, precision: 1 };
   }
+  if ((setting.key as string) === 'tts.speed') {
+    // Speed multiplier: 0.1 increments, min 0.1, no hard max (provider-defined).
+    // tts.speed is not yet a ConfigKey in the SDK schema; cast required.
+    return { step: 0.1, min: 0.1, precision: 1 };
+  }
   return { step: 1, precision: 0 };
 }

package/src/input/settings-modal-data.ts

@@ -7,7 +7,7 @@
  */
 
 import { CONFIG_SCHEMA, type ConfigKey } from '@pellux/goodvibes-sdk/platform/config';
-import type { ConfigManager } from '@pellux/goodvibes-sdk/platform/config';
+import type { ConfigManager, ConfigSetting } from '@pellux/goodvibes-sdk/platform/config';
 import { getResolvedSettingLookup } from '@/runtime/index.ts';
 import type { FeatureFlagManager } from '@/runtime/index.ts';
 import type { McpRegistry } from '@pellux/goodvibes-sdk/platform/mcp';
@@ -114,9 +114,63 @@ export function buildSettingGroups(
     }
   }
 
+  // Inject the synthetic tts.speed entry into the tts category.
+  // tts.speed is not yet a ConfigKey in the SDK schema (pending SDK addition).
+  // The entry is surfaced here with an honest description caveat so users can
+  // see and understand the setting before the SDK schema catches up.
+  if (ttsEntries && !ttsEntries.some((e) => e.setting.key === ('tts.speed' as ConfigKey))) {
+    ttsEntries.push(buildTtsSpeedSyntheticEntry(configManager));
+  }
+
   return groups;
 }
 
+// ---------------------------------------------------------------------------
+// TTS_SPEED_DEFAULT — the pending-SDK default for tts.speed
+// ---------------------------------------------------------------------------
+
+/**
+ * Pending default for tts.speed. Matches the value the SDK will use once
+ * the schema field is added: 1 (normal speed, provider default).
+ * Used for the synthetic settings-modal entry and isDefault comparisons.
+ */
+export const TTS_SPEED_DEFAULT = 1;
+
+/**
+ * The synthetic ConfigSetting descriptor for tts.speed.
+ * `tts.speed` is not yet a ConfigKey in the SDK schema. This descriptor is
+ * TUI-local and is injected into the tts settings group so users can see
+ * and interact with the setting before the SDK schema catches up.
+ *
+ * The key is cast to ConfigKey because ConfigSetting requires it and the SDK
+ * will add this key in a future release. The cast is safe: configManager.get
+ * returns undefined for unknown keys rather than throwing.
+ */
+export const TTS_SPEED_SYNTHETIC_SETTING: ConfigSetting = {
+  key: 'tts.speed' as ConfigKey,
+  type: 'number',
+  default: TTS_SPEED_DEFAULT,
+  description: 'Playback speed multiplier passed to the TTS provider (1.0 = normal). Takes effect immediately via the TUI bridge; SDK schema registration is pending (native typing only).',
+};
+
+/**
+ * Build the synthetic SettingEntry for tts.speed.
+ *
+ * Reads the raw value from configManager using a cast key (tts.speed is not
+ * yet a valid ConfigKey). If the value is absent or not a positive finite
+ * number, falls back to TTS_SPEED_DEFAULT and marks isDefault true.
+ */
+export function buildTtsSpeedSyntheticEntry(configManager: Pick<ConfigManager, 'get'>): SettingEntry {
+  const raw = configManager.get('tts.speed' as ConfigKey);
+  const parsed = typeof raw === 'number' ? raw : parseFloat(String(raw ?? ''));
+  const currentValue: number = isFinite(parsed) && parsed > 0 ? parsed : TTS_SPEED_DEFAULT;
+  return {
+    setting: TTS_SPEED_SYNTHETIC_SETTING,
+    currentValue,
+    isDefault: deepEqual(currentValue, TTS_SPEED_DEFAULT),
+  };
+}
+
 // ---------------------------------------------------------------------------
 // buildFlagEntries — snapshot of current feature flag states
 // ---------------------------------------------------------------------------
@@ -177,13 +231,31 @@ export function buildNetworkFilteredItems(
 // refreshEntryValues — re-reads currentValue/isDefault for all loaded entries
 // ---------------------------------------------------------------------------
 
+/**
+ * Normalize a raw config value for the tts.speed synthetic entry.
+ * Returns the raw value if it is a positive finite number, otherwise falls
+ * back to TTS_SPEED_DEFAULT. Mirrors the logic in buildTtsSpeedSyntheticEntry.
+ */
+function normalizeTtsSpeedValue(raw: unknown): number {
+  const parsed = typeof raw === 'number' ? raw : parseFloat(String(raw ?? ''));
+  return isFinite(parsed) && parsed > 0 ? parsed : TTS_SPEED_DEFAULT;
+}
+
 export function refreshEntryValues(
   groups: Map<SettingsCategory, SettingEntry[]>,
   configManager: ConfigManager,
 ): void {
   for (const entries of groups.values()) {
     for (const entry of entries) {
-      entry.currentValue = configManager.get(entry.setting.key as ConfigKey);
+      const raw = configManager.get(entry.setting.key as ConfigKey);
+      // Synthetic entries (e.g. tts.speed) that have no SDK schema key return
+      // undefined from configManager. Normalize using the same logic used at
+      // construction time so isDefault stays accurate.
+      if (entry.setting.key === ('tts.speed' as ConfigKey)) {
+        entry.currentValue = normalizeTtsSpeedValue(raw);
+      } else {
+        entry.currentValue = raw;
+      }
       entry.isDefault = deepEqual(entry.currentValue, entry.setting.default);
     }
   }
@@ -201,7 +273,9 @@ export function updateEntryForKey(
   for (const entries of groups.values()) {
     const entry = entries.find((candidate) => candidate.setting.key === key);
     if (entry) {
-      entry.currentValue = configManager.get(key);
+      const raw = configManager.get(key);
+      // Synthetic tts.speed entry: normalize using the same fallback logic.
+      entry.currentValue = key === ('tts.speed' as ConfigKey) ? normalizeTtsSpeedValue(raw) : raw;
       entry.isDefault = deepEqual(entry.currentValue, entry.setting.default);
     }
   }

package/src/input/settings-modal-mutations.ts

@@ -55,6 +55,9 @@ export function applySettingValue({
   refreshGroups: () => void;
 }): ApplyValueResult {
   const previousValue = configManager.get(key);
+  // REQUIRES_RESTART: SDK's ConfigSetting has no requiresRestart field yet (see
+  // goodvibes-sdk HANDOFF-FROM-TUI-SESSION-20260611.md §Item 8). Until it does,
+  // we detect restart-triggering keys by sub-key name heuristic below.
   const isRestartKey = ['host', 'port', 'hostMode', 'enabled'].includes(key.split('.')[1] ?? '');
 
   try {