npm - @poolzin/pool-bot - Versions diffs - 2026.2.23 → 2026.2.25 - Mend

@poolzin/pool-bot 2026.2.23 → 2026.2.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

package/CHANGELOG.md +29 -0
package/dist/acp/client.js +207 -18
package/dist/acp/secret-file.js +22 -0
package/dist/agents/agent-scope.js +10 -0
package/dist/agents/bash-process-registry.test-helpers.js +29 -0
package/dist/agents/bash-tools.exec-approval-request.js +20 -0
package/dist/agents/bash-tools.exec-host-gateway.js +230 -0
package/dist/agents/bash-tools.exec-host-node.js +235 -0
package/dist/agents/bash-tools.exec-types.js +1 -0
package/dist/agents/bash-tools.process.js +224 -218
package/dist/agents/content-blocks.js +16 -0
package/dist/agents/model-fallback.js +96 -101
package/dist/agents/models-config.providers.js +299 -182
package/dist/agents/pi-embedded-payloads.js +1 -0
package/dist/agents/pi-embedded-runner/run.overflow-compaction.fixture.js +34 -0
package/dist/agents/skills.test-helpers.js +13 -0
package/dist/agents/stable-stringify.js +12 -0
package/dist/agents/subagent-registry.mocks.shared.js +12 -0
package/dist/agents/test-helpers/assistant-message-fixtures.js +29 -0
package/dist/agents/test-helpers/pi-tools-sandbox-context.js +27 -0
package/dist/agents/tool-policy-shared.js +108 -0
package/dist/agents/tools/browser-tool.js +160 -54
package/dist/agents/tools/cron-tool.test-helpers.js +12 -0
package/dist/agents/tools/discord-actions-moderation-shared.js +27 -0
package/dist/agents/tools/image-tool.js +214 -99
package/dist/agents/tools/sessions-history-tool.js +140 -108
package/dist/agents/workspace.js +222 -46
package/dist/auto-reply/commands-registry.js +15 -18
package/dist/auto-reply/fallback-state.js +114 -0
package/dist/auto-reply/model-runtime.js +68 -0
package/dist/auto-reply/reply/agent-runner-execution.js +36 -4
package/dist/auto-reply/reply/agent-runner.js +165 -39
package/dist/auto-reply/reply/commands-setunset-standard.js +13 -0
package/dist/browser/config.js +26 -0
package/dist/browser/navigation-guard.js +31 -0
package/dist/browser/routes/agent.act.js +431 -424
package/dist/browser/routes/agent.shared.js +47 -3
package/dist/browser/routes/agent.snapshot.js +122 -116
package/dist/browser/routes/agent.storage.js +303 -297
package/dist/browser/routes/tabs.js +154 -100
package/dist/browser/server-lifecycle.js +37 -0
package/dist/build-info.json +3 -3
package/dist/channels/allow-from.js +25 -0
package/dist/channels/plugins/account-action-gate.js +13 -0
package/dist/channels/plugins/message-actions.js +10 -0
package/dist/channels/telegram/api.js +18 -0
package/dist/cli/argv.js +84 -21
package/dist/cli/banner.js +2 -1
package/dist/cli/exec-approvals-cli.js +92 -124
package/dist/cli/memory-cli.js +158 -61
package/dist/cli/nodes-cli/register.push.js +63 -0
package/dist/cli/nodes-media-utils.js +21 -0
package/dist/cli/plugins-cli.js +245 -61
package/dist/cli/program/build-program.js +3 -1
package/dist/cli/program/command-registry.js +223 -136
package/dist/cli/program/help.js +43 -12
package/dist/cli/route.js +1 -1
package/dist/cli/test-runtime-capture.js +24 -0
package/dist/commands/agent.js +163 -87
package/dist/commands/channels.mock-harness.js +23 -0
package/dist/commands/daemon-install-runtime-warning.js +11 -0
package/dist/commands/onboard-helpers.js +4 -4
package/dist/commands/sessions.test-helpers.js +61 -0
package/dist/compat/legacy-names.js +2 -2
package/dist/config/commands.js +3 -0
package/dist/config/config.js +1 -1
package/dist/config/env-substitution.js +62 -34
package/dist/config/env-vars.js +9 -0
package/dist/config/io.js +571 -171
package/dist/config/merge-patch.js +50 -4
package/dist/config/redact-snapshot.js +404 -76
package/dist/config/schema.js +58 -570
package/dist/config/validation.js +140 -85
package/dist/config/zod-schema.hooks.js +40 -11
package/dist/config/zod-schema.installs.js +20 -0
package/dist/config/zod-schema.js +8 -7
package/dist/control-ui/assets/{index-HRr1grwl.js → index-Dvkl4Xlx.js} +2 -1
package/dist/control-ui/assets/{index-HRr1grwl.js.map → index-Dvkl4Xlx.js.map} +1 -1
package/dist/control-ui/index.html +1 -1
package/dist/daemon/cmd-argv.js +21 -0
package/dist/daemon/cmd-set.js +58 -0
package/dist/daemon/service-types.js +1 -0
package/dist/discord/monitor/exec-approvals.js +357 -162
package/dist/gateway/auth.js +38 -3
package/dist/gateway/call.js +149 -68
package/dist/gateway/canvas-capability.js +75 -0
package/dist/gateway/control-plane-audit.js +28 -0
package/dist/gateway/control-plane-rate-limit.js +53 -0
package/dist/gateway/events.js +1 -0
package/dist/gateway/hooks.js +109 -54
package/dist/gateway/http-common.js +22 -0
package/dist/gateway/method-scopes.js +169 -0
package/dist/gateway/net.js +23 -0
package/dist/gateway/openresponses-http.js +120 -110
package/dist/gateway/probe-auth.js +2 -0
package/dist/gateway/protocol/index.js +3 -2
package/dist/gateway/protocol/schema/protocol-schemas.js +2 -0
package/dist/gateway/protocol/schema/push.js +18 -0
package/dist/gateway/protocol/schema.js +1 -0
package/dist/gateway/server-http.js +236 -52
package/dist/gateway/server-methods/agent.js +162 -24
package/dist/gateway/server-methods/chat.js +461 -130
package/dist/gateway/server-methods/config.js +193 -150
package/dist/gateway/server-methods/nodes.helpers.js +12 -0
package/dist/gateway/server-methods/nodes.js +251 -69
package/dist/gateway/server-methods/push.js +53 -0
package/dist/gateway/server-reload-handlers.js +2 -3
package/dist/gateway/server-runtime-config.js +5 -0
package/dist/gateway/server-runtime-state.js +2 -0
package/dist/gateway/server-ws-runtime.js +1 -0
package/dist/gateway/server.impl.js +296 -139
package/dist/gateway/session-preview.test-helpers.js +11 -0
package/dist/gateway/startup-auth.js +126 -0
package/dist/gateway/test-helpers.agent-results.js +15 -0
package/dist/gateway/test-helpers.mocks.js +37 -14
package/dist/gateway/test-helpers.server.js +161 -77
package/dist/hooks/bundled/session-memory/handler.js +165 -34
package/dist/hooks/gmail-watcher-lifecycle.js +23 -0
package/dist/infra/archive-path.js +49 -0
package/dist/infra/device-pairing.js +148 -167
package/dist/infra/exec-approvals-allowlist.js +19 -70
package/dist/infra/exec-approvals-analysis.js +44 -17
package/dist/infra/exec-safe-bin-policy.js +269 -0
package/dist/infra/fixed-window-rate-limit.js +33 -0
package/dist/infra/git-root.js +61 -0
package/dist/infra/heartbeat-active-hours.js +2 -2
package/dist/infra/heartbeat-reason.js +40 -0
package/dist/infra/heartbeat-runner.js +72 -32
package/dist/infra/install-source-utils.js +91 -7
package/dist/infra/node-pairing.js +50 -105
package/dist/infra/npm-integrity.js +45 -0
package/dist/infra/npm-pack-install.js +40 -0
package/dist/infra/outbound/channel-adapters.js +20 -7
package/dist/infra/outbound/message-action-runner.js +107 -327
package/dist/infra/outbound/message.js +59 -36
package/dist/infra/outbound/outbound-policy.js +52 -25
package/dist/infra/outbound/outbound-send-service.js +58 -71
package/dist/infra/pairing-files.js +10 -0
package/dist/infra/plain-object.js +9 -0
package/dist/infra/push-apns.js +365 -0
package/dist/infra/restart-sentinel.js +16 -1
package/dist/infra/restart.js +229 -26
package/dist/infra/scp-host.js +54 -0
package/dist/infra/update-startup.js +86 -9
package/dist/media/inbound-path-policy.js +114 -0
package/dist/media/input-files.js +16 -0
package/dist/memory/test-manager.js +8 -0
package/dist/plugin-sdk/temp-path.js +47 -0
package/dist/plugins/discovery.js +217 -23
package/dist/plugins/hook-runner-global.js +16 -0
package/dist/plugins/loader.js +192 -26
package/dist/plugins/logger.js +8 -0
package/dist/plugins/manifest-registry.js +3 -0
package/dist/plugins/path-safety.js +34 -0
package/dist/plugins/registry.js +5 -2
package/dist/plugins/runtime/index.js +271 -206
package/dist/providers/github-copilot-models.js +4 -1
package/dist/security/audit-channel.js +8 -19
package/dist/security/audit-extra.async.js +354 -182
package/dist/security/audit-extra.js +11 -1
package/dist/security/audit-extra.sync.js +340 -33
package/dist/security/audit-fs.js +31 -13
package/dist/security/audit.js +145 -371
package/dist/security/dm-policy-shared.js +24 -0
package/dist/security/external-content.js +20 -8
package/dist/security/fix.js +49 -85
package/dist/security/scan-paths.js +20 -0
package/dist/security/secret-equal.js +3 -7
package/dist/security/windows-acl.js +30 -15
package/dist/shared/node-list-parse.js +13 -0
package/dist/shared/operator-scope-compat.js +37 -0
package/dist/shared/text-chunking.js +29 -0
package/dist/slack/blocks.test-helpers.js +31 -0
package/dist/slack/monitor/mrkdwn.js +8 -0
package/dist/telegram/bot-message-dispatch.js +366 -164
package/dist/telegram/draft-stream.js +30 -7
package/dist/telegram/reasoning-lane-coordinator.js +128 -0
package/dist/terminal/prompt-select-styled.js +9 -0
package/dist/test-utils/command-runner.js +6 -0
package/dist/test-utils/internal-hook-event-payload.js +10 -0
package/dist/test-utils/model-auth-mock.js +12 -0
package/dist/test-utils/provider-usage-fetch.js +14 -0
package/dist/test-utils/temp-home.js +33 -0
package/dist/tui/components/chat-log.js +9 -0
package/dist/tui/tui-command-handlers.js +36 -27
package/dist/tui/tui-event-handlers.js +122 -32
package/dist/tui/tui.js +181 -45
package/dist/utils/mask-api-key.js +10 -0
package/dist/utils/run-with-concurrency.js +39 -0
package/dist/web/media.js +4 -0
package/docs/tools/slash-commands.md +5 -1
package/extensions/bluebubbles/package.json +1 -1
package/extensions/copilot-proxy/package.json +1 -1
package/extensions/diagnostics-otel/package.json +1 -1
package/extensions/discord/package.json +1 -1
package/extensions/feishu/package.json +1 -1
package/extensions/feishu/src/external-keys.ts +19 -0
package/extensions/google-antigravity-auth/package.json +1 -1
package/extensions/google-gemini-cli-auth/package.json +1 -1
package/extensions/googlechat/package.json +1 -1
package/extensions/imessage/package.json +1 -1
package/extensions/irc/package.json +1 -1
package/extensions/line/package.json +1 -1
package/extensions/llm-task/package.json +1 -1
package/extensions/lobster/package.json +1 -1
package/extensions/lobster/src/windows-spawn.ts +193 -0
package/extensions/matrix/CHANGELOG.md +5 -0
package/extensions/matrix/package.json +1 -1
package/extensions/matrix/src/matrix/actions/limits.ts +6 -0
package/extensions/mattermost/package.json +1 -1
package/extensions/mattermost/src/mattermost/reactions.test-helpers.ts +83 -0
package/extensions/memory-core/package.json +1 -1
package/extensions/memory-lancedb/package.json +1 -1
package/extensions/minimax-portal-auth/package.json +1 -1
package/extensions/msteams/CHANGELOG.md +5 -0
package/extensions/msteams/package.json +1 -1
package/extensions/nextcloud-talk/package.json +1 -1
package/extensions/nostr/CHANGELOG.md +5 -0
package/extensions/nostr/package.json +1 -1
package/extensions/open-prose/package.json +1 -1
package/extensions/openai-codex-auth/package.json +1 -1
package/extensions/signal/package.json +1 -1
package/extensions/slack/package.json +1 -1
package/extensions/telegram/package.json +1 -1
package/extensions/tlon/package.json +1 -1
package/extensions/twitch/CHANGELOG.md +5 -0
package/extensions/twitch/package.json +1 -1
package/extensions/voice-call/CHANGELOG.md +5 -0
package/extensions/voice-call/package.json +1 -1
package/extensions/whatsapp/package.json +1 -1
package/extensions/zalo/CHANGELOG.md +5 -0
package/extensions/zalo/package.json +1 -1
package/extensions/zalouser/CHANGELOG.md +5 -0
package/extensions/zalouser/package.json +1 -1
package/package.json +1 -1

package/dist/gateway/server-methods/agent.js CHANGED Viewed

@@ -1,24 +1,99 @@
 import { randomUUID } from "node:crypto";
-import { agentCommand } from "../../commands/agent.js";
 import { listAgentIds } from "../../agents/agent-scope.js";
+import { BARE_SESSION_RESET_PROMPT } from "../../auto-reply/reply/session-reset-prompt.js";
+import { agentCommand } from "../../commands/agent.js";
 import { loadConfig } from "../../config/config.js";
 import { resolveAgentIdFromSessionKey, resolveExplicitAgentSessionKey, resolveAgentMainSessionKey, updateSessionStore, } from "../../config/sessions.js";
 import { registerAgentRunContext } from "../../infra/agent-events.js";
 import { resolveAgentDeliveryPlan, resolveAgentOutboundTarget, } from "../../infra/outbound/agent-delivery.js";
+import { classifySessionKeyShape, normalizeAgentId } from "../../routing/session-key.js";
 import { defaultRuntime } from "../../runtime.js";
+import { normalizeInputProvenance } from "../../sessions/input-provenance.js";
 import { resolveSendPolicy } from "../../sessions/send-policy.js";
 import { normalizeSessionDeliveryFields } from "../../utils/delivery-context.js";
 import { INTERNAL_MESSAGE_CHANNEL, isDeliverableMessageChannel, isGatewayMessageChannel, normalizeMessageChannel, } from "../../utils/message-channel.js";
-import { normalizeAgentId } from "../../routing/session-key.js";
+import { resolveAssistantIdentity } from "../assistant-identity.js";
 import { parseMessageWithAttachments } from "../chat-attachments.js";
+import { resolveAssistantAvatarUrl } from "../control-ui-shared.js";
+import { GATEWAY_CLIENT_CAPS, hasGatewayClientCap } from "../protocol/client-info.js";
 import { ErrorCodes, errorShape, formatValidationErrors, validateAgentIdentityParams, validateAgentParams, validateAgentWaitParams, } from "../protocol/index.js";
-import { loadSessionEntry } from "../session-utils.js";
+import { canonicalizeSpawnedByForAgent, loadSessionEntry, pruneLegacyStoreKeys, resolveGatewaySessionStoreTarget, } from "../session-utils.js";
 import { formatForLog } from "../ws-log.js";
-import { resolveAssistantIdentity } from "../assistant-identity.js";
-import { resolveAssistantAvatarUrl } from "../control-ui-shared.js";
 import { waitForAgentJob } from "./agent-job.js";
+import { injectTimestamp, timestampOptsFromConfig } from "./agent-timestamp.js";
+import { normalizeRpcAttachmentsToChatAttachments } from "./attachment-normalize.js";
+import { sessionsHandlers } from "./sessions.js";
+const RESET_COMMAND_RE = /^\/(new|reset)(?:\s+([\s\S]*))?$/i;
+function isGatewayErrorShape(value) {
+    if (!value || typeof value !== "object") {
+        return false;
+    }
+    const candidate = value;
+    return typeof candidate.code === "string" && typeof candidate.message === "string";
+}
+async function runSessionResetFromAgent(params) {
+    return await new Promise((resolve) => {
+        let settled = false;
+        const settle = (result) => {
+            if (settled) {
+                return;
+            }
+            settled = true;
+            resolve(result);
+        };
+        const respond = (ok, payload, error) => {
+            if (!ok) {
+                settle({
+                    ok: false,
+                    error: isGatewayErrorShape(error)
+                        ? error
+                        : errorShape(ErrorCodes.UNAVAILABLE, String(error ?? "sessions.reset failed")),
+                });
+                return;
+            }
+            const payloadObj = payload;
+            const key = typeof payloadObj?.key === "string" ? payloadObj.key : params.key;
+            const sessionId = payloadObj?.entry && typeof payloadObj.entry.sessionId === "string"
+                ? payloadObj.entry.sessionId
+                : undefined;
+            settle({ ok: true, key, sessionId });
+        };
+        const resetResult = sessionsHandlers["sessions.reset"]({
+            req: {
+                type: "req",
+                id: `${params.idempotencyKey}:reset`,
+                method: "sessions.reset",
+            },
+            params: {
+                key: params.key,
+                reason: params.reason,
+            },
+            context: params.context,
+            client: params.client,
+            isWebchatConnect: params.isWebchatConnect,
+            respond,
+        });
+        void (async () => {
+            try {
+                await resetResult;
+                if (!settled) {
+                    settle({
+                        ok: false,
+                        error: errorShape(ErrorCodes.UNAVAILABLE, "sessions.reset completed without returning a response"),
+                    });
+                }
+            }
+            catch (err) {
+                settle({
+                    ok: false,
+                    error: errorShape(ErrorCodes.UNAVAILABLE, String(err)),
+                });
+            }
+        })();
+    });
+}
 export const agentHandlers = {
-    agent: async ({ params, respond, context }) => {
+    agent: async ({ params, respond, context, client, isWebchatConnect }) => {
         const p = params;
         if (!validateAgentParams(p)) {
             respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, `invalid agent params: ${formatValidationErrors(validateAgentParams.errors)}`));
@@ -34,6 +109,7 @@ export const agentHandlers = {
         let resolvedGroupChannel = groupChannelRaw || undefined;
         let resolvedGroupSpace = groupSpaceRaw || undefined;
         let spawnedByValue = typeof request.spawnedBy === "string" ? request.spawnedBy.trim() : undefined;
+        const inputProvenance = normalizeInputProvenance(request.inputProvenance);
         const cached = context.dedupe.get(`agent:${idem}`);
         if (cached) {
             respond(cached.ok, cached.payload, cached.error, {
@@ -41,18 +117,7 @@ export const agentHandlers = {
             });
             return;
         }
-        const normalizedAttachments = request.attachments
-            ?.map((a) => ({
-            type: typeof a?.type === "string" ? a.type : undefined,
-            mimeType: typeof a?.mimeType === "string" ? a.mimeType : undefined,
-            fileName: typeof a?.fileName === "string" ? a.fileName : undefined,
-            content: typeof a?.content === "string"
-                ? a.content
-                : ArrayBuffer.isView(a?.content)
-                    ? Buffer.from(a.content.buffer, a.content.byteOffset, a.content.byteLength).toString("base64")
-                    : undefined,
-        }))
-            .filter((a) => a.content) ?? [];
+        const normalizedAttachments = normalizeRpcAttachmentsToChatAttachments(request.attachments);
         let message = request.message.trim();
         let images = [];
         if (normalizedAttachments.length > 0) {
@@ -93,7 +158,12 @@ export const agentHandlers = {
         const requestedSessionKeyRaw = typeof request.sessionKey === "string" && request.sessionKey.trim()
             ? request.sessionKey.trim()
             : undefined;
-        const requestedSessionKey = requestedSessionKeyRaw ??
+        if (requestedSessionKeyRaw &&
+            classifySessionKeyShape(requestedSessionKeyRaw) === "malformed_agent") {
+            respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, `invalid agent params: malformed session key "${requestedSessionKeyRaw}"`));
+            return;
+        }
+        let requestedSessionKey = requestedSessionKeyRaw ??
             resolveExplicitAgentSessionKey({
                 cfg,
                 agentId,
@@ -109,13 +179,51 @@ export const agentHandlers = {
         let sessionEntry;
         let bestEffortDeliver = false;
         let cfgForAgent;
+        let resolvedSessionKey = requestedSessionKey;
+        let skipTimestampInjection = false;
+        const resetCommandMatch = message.match(RESET_COMMAND_RE);
+        if (resetCommandMatch && requestedSessionKey) {
+            const resetReason = resetCommandMatch[1]?.toLowerCase() === "new" ? "new" : "reset";
+            const resetResult = await runSessionResetFromAgent({
+                key: requestedSessionKey,
+                reason: resetReason,
+                idempotencyKey: idem,
+                context,
+                client,
+                isWebchatConnect,
+            });
+            if (!resetResult.ok) {
+                respond(false, undefined, resetResult.error);
+                return;
+            }
+            requestedSessionKey = resetResult.key;
+            resolvedSessionId = resetResult.sessionId ?? resolvedSessionId;
+            const postResetMessage = resetCommandMatch[2]?.trim() ?? "";
+            if (postResetMessage) {
+                message = postResetMessage;
+            }
+            else {
+                // Keep bare /new and /reset behavior aligned with chat.send:
+                // reset first, then run a fresh-session greeting prompt in-place.
+                message = BARE_SESSION_RESET_PROMPT;
+                skipTimestampInjection = true;
+            }
+        }
+        // Inject timestamp into user-authored messages that don't already have one.
+        // Channel messages (Discord, Telegram, etc.) get timestamps via envelope
+        // formatting in a separate code path — they never reach this handler.
+        // See: https://github.com/moltbot/moltbot/issues/3658
+        if (!skipTimestampInjection) {
+            message = injectTimestamp(message, timestampOptsFromConfig(cfg));
+        }
         if (requestedSessionKey) {
             const { cfg, storePath, entry, canonicalKey } = loadSessionEntry(requestedSessionKey);
             cfgForAgent = cfg;
             const now = Date.now();
             const sessionId = entry?.sessionId ?? randomUUID();
             const labelValue = request.label?.trim() || entry?.label;
-            spawnedByValue = spawnedByValue || entry?.spawnedBy;
+            const sessionAgent = resolveAgentIdFromSessionKey(canonicalKey);
+            spawnedByValue = canonicalizeSpawnedByForAgent(cfg, sessionAgent, spawnedByValue || entry?.spawnedBy);
             let inheritedGroup;
             if (spawnedByValue && (!resolvedGroupId || !resolvedGroupChannel || !resolvedGroupSpace)) {
                 try {
@@ -151,6 +259,7 @@ export const agentHandlers = {
                 providerOverride: entry?.providerOverride,
                 label: labelValue,
                 spawnedBy: spawnedByValue,
+                spawnDepth: entry?.spawnDepth,
                 channel: entry?.channel ?? request.channel?.trim(),
                 groupId: resolvedGroupId ?? entry?.groupId,
                 groupChannel: resolvedGroupChannel ?? entry?.groupChannel,
@@ -162,7 +271,7 @@ export const agentHandlers = {
             const sendPolicy = resolveSendPolicy({
                 cfg,
                 entry,
-                sessionKey: requestedSessionKey,
+                sessionKey: canonicalKey,
                 channel: entry?.channel,
                 chatType: entry?.chatType,
             });
@@ -172,23 +281,47 @@ export const agentHandlers = {
             }
             resolvedSessionId = sessionId;
             const canonicalSessionKey = canonicalKey;
+            resolvedSessionKey = canonicalSessionKey;
             const agentId = resolveAgentIdFromSessionKey(canonicalSessionKey);
             const mainSessionKey = resolveAgentMainSessionKey({ cfg, agentId });
             if (storePath) {
                 await updateSessionStore(storePath, (store) => {
+                    const target = resolveGatewaySessionStoreTarget({
+                        cfg,
+                        key: requestedSessionKey,
+                        store,
+                    });
+                    pruneLegacyStoreKeys({
+                        store,
+                        canonicalKey: target.canonicalKey,
+                        candidates: target.storeKeys,
+                    });
                     store[canonicalSessionKey] = nextEntry;
                 });
             }
             if (canonicalSessionKey === mainSessionKey || canonicalSessionKey === "global") {
                 context.addChatRun(idem, {
-                    sessionKey: requestedSessionKey,
+                    sessionKey: canonicalSessionKey,
                     clientRunId: idem,
                 });
                 bestEffortDeliver = true;
             }
-            registerAgentRunContext(idem, { sessionKey: requestedSessionKey });
+            registerAgentRunContext(idem, { sessionKey: canonicalSessionKey });
         }
         const runId = idem;
+        const connId = typeof client?.connId === "string" ? client.connId : undefined;
+        const wantsToolEvents = hasGatewayClientCap(client?.connect?.caps, GATEWAY_CLIENT_CAPS.TOOL_EVENTS);
+        if (connId && wantsToolEvents) {
+            context.registerToolEventRecipient(runId, connId);
+            // Register for any other active runs *in the same session* so
+            // late-joining clients (e.g. page refresh mid-response) receive
+            // in-progress tool events without leaking cross-session data.
+            for (const [activeRunId, active] of context.chatAbortControllers) {
+                if (activeRunId !== runId && active.sessionKey === requestedSessionKey) {
+                    context.registerToolEventRecipient(activeRunId, connId);
+                }
+            }
+        }
         const wantsDelivery = request.deliver === true;
         const explicitTo = typeof request.replyTo === "string" && request.replyTo.trim()
             ? request.replyTo.trim()
@@ -241,7 +374,7 @@ export const agentHandlers = {
             images,
             to: resolvedTo,
             sessionId: resolvedSessionId,
-            sessionKey: requestedSessionKey,
+            sessionKey: resolvedSessionKey,
             thinking: request.thinking,
             deliver,
             deliveryTargetMode,
@@ -266,6 +399,7 @@ export const agentHandlers = {
             runId,
             lane: request.lane,
             extraSystemPrompt: request.extraSystemPrompt,
+            inputProvenance,
         }, defaultRuntime, context.deps)
             .then((result) => {
             const payload = {
@@ -312,6 +446,10 @@ export const agentHandlers = {
         const sessionKeyRaw = typeof p.sessionKey === "string" ? p.sessionKey.trim() : "";
         let agentId = agentIdRaw ? normalizeAgentId(agentIdRaw) : undefined;
         if (sessionKeyRaw) {
+            if (classifySessionKeyShape(sessionKeyRaw) === "malformed_agent") {
+                respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, `invalid agent.identity.get params: malformed session key "${sessionKeyRaw}"`));
+                return;
+            }
             const resolved = resolveAgentIdFromSessionKey(sessionKeyRaw);
             if (agentId && resolved !== agentId) {
                 respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, `invalid agent.identity.get params: agent "${agentIdRaw}" does not match session key agent "${resolved}"`));