@slock-ai/daemon 0.50.0-play.20260518104853 → 0.51.0

package/dist/{chunk-SY3CKIJO.js → chunk-NAMH7BB6.js}

@@ -7,11 +7,11 @@ import {
 } from "./chunk-KNMCE6WB.js";
 
 // src/core.ts
-import path17 from "path";
+import path16 from "path";
 import os8 from "os";
 import { createRequire } from "module";
 import { accessSync } from "fs";
-import { fileURLToPath as fileURLToPath2 } from "url";
+import { fileURLToPath } from "url";
 
 // ../shared/src/tracing/index.ts
 var DEFAULT_TRACE_FLAGS = "00";
@@ -723,7 +723,6 @@ var SERVER_CAPABILITY_MATRIX = {
 var RUNTIMES = [
   { id: "claude", displayName: "Claude Code", binary: "claude", supported: true },
   { id: "codex", displayName: "Codex CLI", binary: "codex", supported: true },
-  { id: "pi", displayName: "Pi", binary: "pi", supported: true },
   { id: "kimi", displayName: "Kimi CLI", binary: "kimi", supported: true },
   { id: "copilot", displayName: "Copilot CLI", binary: "copilot", supported: true },
   { id: "cursor", displayName: "Cursor CLI", binary: "cursor-agent", supported: true },
@@ -765,10 +764,10 @@ var DISPLAY_PLAN_CONFIG = {
 };
 
 // src/agentProcessManager.ts
-import { mkdirSync as mkdirSync5, readdirSync as readdirSync2, statSync as statSync2, writeFileSync as writeFileSync8 } from "fs";
+import { mkdirSync as mkdirSync4, readdirSync as readdirSync2, statSync as statSync2, writeFileSync as writeFileSync7 } from "fs";
 import { mkdir, writeFile, access, readdir as readdir2, stat as stat2, readFile, rm as rm2 } from "fs/promises";
 import { createHash as createHash2 } from "crypto";
-import path13 from "path";
+import path12 from "path";
 import os6 from "os";
 
 // src/drivers/claude.ts
@@ -778,7 +777,7 @@ import os2 from "os";
 import path4 from "path";
 
 // src/drivers/cliTransport.ts
-import { mkdirSync, writeFileSync } from "fs";
+import { mkdirSync, rmSync, writeFileSync } from "fs";
 import path2 from "path";
 
 // src/drivers/systemPrompt.ts
@@ -871,16 +870,14 @@ Use the \`slock\` CLI for chat / task / attachment operations. The daemon inject
 16. **\`slock attachment upload\`** \u2014 Upload a file to attach to a message. Uses content sniffing for image previews; pass \`--mime-type\` only when you know the exact type. Returns an attachment ID to pass to \`slock message send\`.
 17. **\`slock attachment view\`** \u2014 Download an attached file by its attachment ID so you can inspect it locally.
 18. **\`slock profile show\`** \u2014 Show your own profile, or another visible profile via \`@handle\`. Mirrors the canonical Slock profile view.
-19. **\`slock profile update\`** \u2014 Update your own profile. Supports \`--avatar-file <path>\`, \`--display-name <name>\`, and \`--description <text>\`. Values must be non-empty. Provide at least one flag per call; multiple flags can be combined.
-20. **\`slock integration list\`** \u2014 List registered third-party services and this agent's active Slock Agent Logins.
-21. **\`slock integration login\`** \u2014 Provision or reuse this agent's login for a registered third-party service.
-22. **\`slock reminder schedule\`** \u2014 Schedule a reminder for yourself later, at a specific time, or on a recurring cadence.
-23. **\`slock reminder list\`** \u2014 List your reminders, including lifecycle history for each reminder.
-24. **\`slock reminder snooze\`** \u2014 Push a reminder later without replacing it.
-25. **\`slock reminder update\`** \u2014 Change a reminder's title, schedule, or recurrence without creating a new reminder.
-26. **\`slock reminder cancel\`** \u2014 Cancel one of your reminders by ID.
-27. **\`slock reminder log\`** \u2014 Show the event log for a reminder, including fires, dismissals, and reschedules.
-28. **\`slock action prepare\`** \u2014 Prepare an action card for a human to commit (B-mode quick-commit shortcut). Posts a card the human can click to execute the action under their own identity. Pass \`--target <ch>\` and pipe the action JSON on stdin (variants: \`channel:create\`, \`agent:create\`).
+19. **\`slock profile update\`** \u2014 Update your own profile. Supports \`--avatar-file <path>\`, \`--avatar-url pixel:random:<seed>\`, \`--display-name <name>\`, and \`--description <text>\`. Use \`--avatar-url pixel:random:<seed>\` when you want a new pixel avatar but do not have a local image file. Values must be non-empty. Provide at least one flag per call; multiple flags can be combined.
+20. **\`slock reminder schedule\`** \u2014 Schedule a reminder for yourself later, at a specific time, or on a recurring cadence.
+21. **\`slock reminder list\`** \u2014 List your reminders, including lifecycle history for each reminder.
+22. **\`slock reminder snooze\`** \u2014 Push a reminder later without replacing it.
+23. **\`slock reminder update\`** \u2014 Change a reminder's title, schedule, or recurrence without creating a new reminder.
+24. **\`slock reminder cancel\`** \u2014 Cancel one of your reminders by ID.
+25. **\`slock reminder log\`** \u2014 Show the event log for a reminder, including fires, dismissals, and reschedules.
+26. **\`slock action prepare\`** \u2014 Prepare an action card for a human to commit (B-mode quick-commit shortcut). Posts a card the human can click to execute the action under their own identity. Pass \`--target <ch>\` and pipe the action JSON on stdin (variants: \`channel:create\`, \`agent:create\`).
 
 The CLI prints human-readable canonical text on success (matching the format you see in received messages and history). On failure it prints JSON to stderr:
 - failure \u2192 stderr \`{"ok":false,"code":"...","message":"..."}\` with non-zero exit
@@ -981,11 +978,6 @@ Each channel has a **name** and optionally a **description** that define its pur
 - **Reply in context** \u2014 always respond in the channel/thread the message came from.
 - **Stay on topic** \u2014 when proactively sharing results or updates, post in the channel most relevant to the work. Don't scatter messages across unrelated channels.
 - If unsure where something belongs, call ${serverInfoCmd} to review channel descriptions.`;
-  const thirdPartyIntegrationsSection = isCli ? `### Third-party integrations
-
-If a registered third-party service requires login, use Slock Agent Login through the CLI instead of asking the human to copy tokens or complete human OAuth for you. If a human asks you to sign into, open, use, or fetch identity from a third-party app, first run \`slock integration list\` and match the app to a registered service before browsing the app. Use \`slock integration login --service <service>\` to provision or reuse your agent login for that service. When the command returns \`Agent login ready\` or \`Already logged in\`, the agent-side login is ready. If the output includes an app URL, open that URL as the service-provided third-party app surface; it should look like the service's normal Login with Slock callback and not require you to understand Slock's internal grant/request protocol. Do not crawl third-party routes looking for a session before trying the registered-service login path. Do not open the human \`Login with Slock\` browser flow, use internal request IDs as OAuth callback codes, or call third-party exchange endpoints unless a human explicitly asks you to debug that server-to-server protocol. If the service or human asks for your Slock Agent identity card, use \`slock profile show\`. Third-party pages may show \`Login with Slock\`; for agent-facing access, prefer the registered service / Slock Agent Login path.` : `### Third-party integrations
-
-If a registered third-party service requires login, use Slock Agent Login through the available registered-service interface instead of asking the human to copy tokens or complete human OAuth for you. If a human asks you to sign into, open, use, or fetch identity from a third-party app, first inspect the registered-service interface and match the app to a registered service before browsing the app. Once the registered-service interface reports the agent login is ready, the agent-side login is ready. If that interface provides an app URL, use it as the service-provided third-party app surface; it should look like the service's normal Login with Slock callback and not require you to understand Slock's internal grant/request protocol. Do not crawl third-party routes looking for a session before trying the registered-service login path. Do not open the human \`Login with Slock\` browser flow or treat internal request IDs as OAuth callback codes unless a human explicitly asks you to debug that server-to-server protocol. If the service or human asks for your Slock Agent identity card, use your Slock profile view. Third-party pages may show \`Login with Slock\`; for agent-facing access, prefer the registered service / Slock Agent Login path.`;
   const readingHistorySection = isCli ? `### Reading history
 
 \`slock message read --channel "#channel-name"\` or \`slock message read --channel dm:@peer-name\` or \`slock message read --channel "#channel:shortid"\`
@@ -1157,8 +1149,6 @@ ${discoverySection}
 
 ${channelAwarenessSection}
 
-${thirdPartyIntegrationsSection}
-
 ${readingHistorySection}
 
 ${historicalReferenceSection}
@@ -1190,17 +1180,6 @@ Keep the user informed. They cannot see your internal reasoning, so:
 - For multi-step work, send short progress updates (e.g. "Working on step 2/3\u2026").
 - When done, summarize the result.
 - Keep updates concise \u2014 one or two sentences. Don't flood the chat.
-- For long answers where users need the conclusion first but details still matter, put the conclusion and next action outside any collapse, then use sanitized HTML details blocks for optional depth:
-
-\`\`\`html
-<details>
-<summary>Evidence, logs, or edge cases</summary>
-
-Detailed notes go here.
-</details>
-\`\`\`
-
-  Do not hide the main recommendation, blocker, or required action inside \`<details>\`; only fold supporting evidence, logs, alternatives, or extended rationale.
 
 ### Conversation etiquette
 
@@ -1370,21 +1349,304 @@ function listLegacySlockStatePaths(slockHome = resolveSlockHome(), homeDir = os.
   return candidates.filter((candidate) => existsSync(candidate.path));
 }
 
-// src/authEnv.ts
-var DAEMON_API_KEY_ENV = "SLOCK_MACHINE_API_KEY";
-var SLOCK_AGENT_TOKEN_ENV = "SLOCK_AGENT_TOKEN";
-function scrubDaemonAuthEnv(env) {
-  delete env[DAEMON_API_KEY_ENV];
-  return env;
+// src/agentCredentialProxy.ts
+import { randomBytes } from "crypto";
+import http from "http";
+import { URL as URL2 } from "url";
+var registrations = /* @__PURE__ */ new Map();
+var servers = /* @__PURE__ */ new Map();
+function allocatePort() {
+  return 43e3 + randomBytes(2).readUInt16BE(0) % 1e4;
+}
+function ensureServer(port) {
+  if (servers.has(port)) return;
+  const server = http.createServer((req, res) => {
+    void handleProxyRequest(req, res);
+  });
+  server.on("error", (err) => {
+    logger.warn(`[Agent Credential Proxy] local proxy on port ${port} failed: ${err.message}`);
+  });
+  server.listen(port, "127.0.0.1");
+  server.unref();
+  servers.set(port, server);
+}
+async function handleProxyRequest(req, res) {
+  const auth = req.headers.authorization;
+  const token = typeof auth === "string" && auth.startsWith("Bearer ") ? auth.slice("Bearer ".length) : "";
+  const registration = registrations.get(token);
+  if (!registration) {
+    res.writeHead(401, { "content-type": "application/json" });
+    res.end(JSON.stringify({ error: "invalid local agent proxy token", code: "invalid_agent_proxy_token" }));
+    return;
+  }
+  try {
+    const target = new URL2(req.url ?? "/", registration.serverUrl);
+    const headers = new Headers();
+    for (const [name, value] of Object.entries(req.headers)) {
+      if (value === void 0) continue;
+      if (name.toLowerCase() === "host") continue;
+      if (name.toLowerCase() === "authorization") continue;
+      if (Array.isArray(value)) {
+        for (const item of value) headers.append(name, item);
+      } else {
+        headers.set(name, value);
+      }
+    }
+    headers.set("Authorization", `Bearer ${registration.apiKey}`);
+    headers.set("X-Agent-Id", registration.agentId);
+    headers.set("X-Slock-Client", "cli");
+    headers.set("X-Slock-Agent-Active-Capabilities", registration.activeCapabilities);
+    const method = req.method ?? "GET";
+    let body = method === "GET" || method === "HEAD" ? void 0 : req;
+    let sendTarget;
+    if (method === "POST" && target.pathname === "/internal/agent-api/send") {
+      const rawBody = await readRequestBody(req);
+      const prepared = await prepareAgentApiSendForward(registration, headers, rawBody);
+      if (prepared.localResponse) {
+        const responseText = JSON.stringify(prepared.localResponse);
+        res.writeHead(200, { "content-type": "application/json" });
+        res.end(responseText);
+        return;
+      }
+      body = prepared.bodyText;
+      sendTarget = prepared.target;
+      headers.set("content-type", "application/json");
+      headers.set("content-length", String(Buffer.byteLength(prepared.bodyText)));
+    }
+    const upstream = await fetch(target, {
+      method,
+      headers,
+      body,
+      // Required by undici when forwarding a Node stream.
+      duplex: body ? "half" : void 0
+    });
+    if (shouldBufferJsonResponse(upstream, target.pathname, registration)) {
+      const responseText = await upstream.text();
+      consumeVisibleResponse(registration, target, sendTarget, responseText);
+      res.writeHead(upstream.status, Object.fromEntries(upstream.headers.entries()));
+      res.end(responseText);
+      return;
+    }
+    res.writeHead(upstream.status, Object.fromEntries(upstream.headers.entries()));
+    if (upstream.body) {
+      const reader = upstream.body.getReader();
+      try {
+        while (true) {
+          const { done, value } = await reader.read();
+          if (done) break;
+          res.write(Buffer.from(value));
+        }
+      } finally {
+        res.end();
+      }
+    } else {
+      res.end();
+    }
+  } catch (err) {
+    res.writeHead(502, { "content-type": "application/json" });
+    res.end(JSON.stringify({
+      error: "failed to proxy local agent request",
+      code: "agent_proxy_failed",
+      detail: err instanceof Error ? err.message : String(err)
+    }));
+  }
+}
+async function readRequestBody(req) {
+  let body = "";
+  req.setEncoding("utf8");
+  for await (const chunk of req) {
+    body += String(chunk);
+  }
+  return body;
+}
+function messageSeq(message) {
+  return Number(message.seq ?? 0);
+}
+function boundaryBefore(messages) {
+  let minSeq = Number.POSITIVE_INFINITY;
+  for (const message of messages) {
+    const seq = Math.floor(messageSeq(message));
+    if (Number.isFinite(seq) && seq > 0) minSeq = Math.min(minSeq, seq);
+  }
+  return Number.isFinite(minSeq) ? Math.max(0, minSeq - 1) : void 0;
+}
+function maxMessageSeq(messages) {
+  let maxSeq = 0;
+  for (const message of messages) {
+    const seq = Math.floor(messageSeq(message));
+    if (Number.isFinite(seq) && seq > 0) maxSeq = Math.max(maxSeq, seq);
+  }
+  return maxSeq > 0 ? maxSeq : void 0;
+}
+function parseTargetFields(target) {
+  if (target.startsWith("dm:@")) {
+    const rest = target.slice("dm:@".length);
+    const [peer, threadId] = rest.split(":", 2);
+    if (threadId) {
+      return {
+        channel_type: "thread",
+        channel_name: threadId,
+        parent_channel_type: "dm",
+        parent_channel_name: peer
+      };
+    }
+    return { channel_type: "dm", channel_name: peer };
+  }
+  if (target.startsWith("#")) {
+    const rest = target.slice(1);
+    const [channel, threadId] = rest.split(":", 2);
+    if (threadId) {
+      return {
+        channel_type: "thread",
+        channel_name: threadId,
+        parent_channel_type: "channel",
+        parent_channel_name: channel
+      };
+    }
+    return { channel_type: "channel", channel_name: channel };
+  }
+  return {};
+}
+function normalizeVisibleMessage(message, target) {
+  const targetFields = target ? parseTargetFields(target) : {};
+  return {
+    ...targetFields,
+    ...message,
+    message_id: message.message_id ?? message.id,
+    timestamp: message.timestamp ?? message.createdAt,
+    sender_type: message.sender_type ?? message.senderType,
+    sender_name: message.sender_name ?? message.senderName,
+    sender_description: message.sender_description ?? message.senderDescription ?? null
+  };
+}
+function normalizeVisibleMessages(messages, target) {
+  return messages.map((message) => normalizeVisibleMessage(message, target));
+}
+async function loadRecentTargetMessages(registration, headers, target) {
+  const historyUrl = new URL2("/internal/agent-api/history", registration.serverUrl);
+  historyUrl.searchParams.set("channel", target);
+  historyUrl.searchParams.set("limit", "3");
+  const historyHeaders = new Headers(headers);
+  historyHeaders.delete("content-length");
+  historyHeaders.delete("content-type");
+  const res = await fetch(historyUrl, { method: "GET", headers: historyHeaders });
+  if (!res.ok) return [];
+  const parsed = await res.json().catch(() => null);
+  return Array.isArray(parsed?.messages) ? normalizeVisibleMessages(parsed.messages, target) : [];
+}
+async function prepareAgentApiSendForward(registration, headers, rawBody) {
+  let body;
+  try {
+    body = rawBody ? JSON.parse(rawBody) : {};
+  } catch {
+    return { bodyText: rawBody };
+  }
+  const target = typeof body.target === "string" ? body.target : void 0;
+  const coordinator = registration.inboxCoordinator;
+  if (!target || !coordinator || body.continueAnyway === true) {
+    return { bodyText: JSON.stringify(body), target };
+  }
+  const pending = coordinator.getPendingMessages(target);
+  if (pending.length > 0) {
+    const staleBoundary = boundaryBefore(pending);
+    if (staleBoundary !== void 0) {
+      body.seenUpToSeq = staleBoundary;
+    }
+    return { bodyText: JSON.stringify(body), target };
+  }
+  const existingBoundary = typeof body.seenUpToSeq === "number" && Number.isFinite(body.seenUpToSeq) ? Math.max(0, Math.floor(body.seenUpToSeq)) : void 0;
+  const loadedBoundary = coordinator.getBoundary(target);
+  const boundary = Math.max(existingBoundary ?? 0, loadedBoundary ?? 0);
+  if (boundary > 0) {
+    body.seenUpToSeq = boundary;
+    return { bodyText: JSON.stringify(body), target };
+  }
+  const recent = await loadRecentTargetMessages(registration, headers, target);
+  if (recent.length > 0) {
+    const seenUpToSeq = maxMessageSeq(recent);
+    coordinator.consumeVisibleMessages({ target, messages: recent, boundarySeq: seenUpToSeq, source: "send_preflight_context" });
+    return {
+      bodyText: JSON.stringify(body),
+      target,
+      localResponse: {
+        state: "held",
+        seenUpToSeq,
+        heldMessages: recent,
+        newMessageCount: recent.length,
+        shownMessageCount: recent.length,
+        omittedMessageCount: 0
+      }
+    };
+  }
+  return { bodyText: JSON.stringify(body), target };
+}
+function shouldBufferJsonResponse(upstream, pathname, registration) {
+  if (!registration.inboxCoordinator) return false;
+  const contentType = upstream.headers.get("content-type") ?? "";
+  if (!contentType.includes("application/json")) return false;
+  return pathname === "/internal/agent-api/send" || pathname === "/internal/agent-api/events" || pathname === "/internal/agent-api/history";
+}
+function consumeVisibleResponse(registration, targetUrl, sendTarget, responseText) {
+  const coordinator = registration.inboxCoordinator;
+  if (!coordinator) return;
+  let parsed;
+  try {
+    parsed = JSON.parse(responseText);
+  } catch {
+    return;
+  }
+  if (targetUrl.pathname === "/internal/agent-api/send" && parsed.state === "held" && Array.isArray(parsed.heldMessages)) {
+    coordinator.consumeVisibleMessages({
+      target: sendTarget,
+      messages: normalizeVisibleMessages(parsed.heldMessages, sendTarget),
+      boundarySeq: typeof parsed.seenUpToSeq === "number" ? parsed.seenUpToSeq : void 0,
+      source: "server_held_context"
+    });
+    return;
+  }
+  if (targetUrl.pathname === "/internal/agent-api/events" && Array.isArray(parsed.events)) {
+    coordinator.consumeVisibleMessages({ messages: normalizeVisibleMessages(parsed.events), source: "agent_api_events" });
+    return;
+  }
+  if (targetUrl.pathname === "/internal/agent-api/history" && Array.isArray(parsed.messages)) {
+    const target = targetUrl.searchParams.get("channel") ?? void 0;
+    const messages = normalizeVisibleMessages(parsed.messages, target);
+    coordinator.consumeVisibleMessages({ target, messages, boundarySeq: maxMessageSeq(messages), source: "agent_api_history" });
+  }
+}
+function registerAgentCredentialProxy(input) {
+  const port = allocatePort();
+  ensureServer(port);
+  const proxyToken = `sap_${randomBytes(32).toString("base64url")}`;
+  registrations.set(proxyToken, {
+    serverUrl: input.serverUrl,
+    apiKey: input.apiKey,
+    agentId: input.agentId,
+    launchId: input.launchId ?? null,
+    activeCapabilities: input.activeCapabilities,
+    inboxCoordinator: input.inboxCoordinator
+  });
+  return {
+    proxyUrl: `http://127.0.0.1:${port}`,
+    proxyToken
+  };
 }
-function scrubDaemonChildEnv(env) {
-  delete env[DAEMON_API_KEY_ENV];
-  delete env[SLOCK_AGENT_TOKEN_ENV];
-  return env;
+function unregisterAgentCredentialProxyForLaunch(input) {
+  let removed = 0;
+  const launchId = input.launchId ?? null;
+  for (const [token, registration] of registrations) {
+    if (registration.agentId === input.agentId && registration.launchId === launchId) {
+      registrations.delete(token);
+      removed += 1;
+    }
+  }
+  return removed;
 }
 
 // src/drivers/cliTransport.ts
 var shellSingleQuote = (value) => `'${value.replace(/'/g, `'\\''`)}'`;
+var DEFAULT_ACTIVE_CAPABILITIES = "send,read,mentions,tasks,reactions,server,channels";
+var safePathPart = (value) => value.replace(/[^a-zA-Z0-9_.-]/g, "_");
 function runtimeContextEnv(config) {
   const ctx = config.runtimeContext;
   if (!ctx) return {};
@@ -1408,17 +1670,43 @@ function prepareCliTransport(ctx, extraEnv = {}, platform = process.platform) {
   }
   const slockDir = path2.join(ctx.workingDirectory, ".slock");
   mkdirSync(slockDir, { recursive: true });
+  const slockHome = resolveSlockHome();
   const tokenFile = path2.join(slockDir, "agent-token");
-  writeFileSync(tokenFile, ctx.config.authToken || ctx.daemonApiKey, { mode: 384 });
+  const agentCredentialKey = ctx.config.agentCredentialKey;
+  let agentCredentialProxy = null;
+  let agentCredentialProxyTokenFile = null;
+  if (typeof agentCredentialKey === "string" && agentCredentialKey.length > 0) {
+    rmSync(tokenFile, { force: true });
+    agentCredentialProxy = registerAgentCredentialProxy({
+      agentId: ctx.agentId,
+      launchId: ctx.launchId,
+      serverUrl: ctx.config.serverUrl,
+      apiKey: agentCredentialKey,
+      activeCapabilities: DEFAULT_ACTIVE_CAPABILITIES,
+      inboxCoordinator: ctx.agentCredentialProxyInboxCoordinator
+    });
+    const launchPart = safePathPart(ctx.launchId || `pid-${process.pid}`);
+    const proxyTokenDir = path2.join(slockHome, "agent-proxy-tokens", safePathPart(ctx.agentId));
+    mkdirSync(proxyTokenDir, { recursive: true, mode: 448 });
+    agentCredentialProxyTokenFile = path2.join(proxyTokenDir, `${launchPart}.token`);
+    writeFileSync(agentCredentialProxyTokenFile, agentCredentialProxy.proxyToken, { mode: 384 });
+  } else {
+    writeFileSync(tokenFile, ctx.config.authToken || ctx.daemonApiKey, { mode: 384 });
+  }
   const posixWrapper = path2.join(slockDir, "slock");
+  const posixCredentialPrefix = agentCredentialProxy ? `SLOCK_AGENT_PROXY_URL=${shellSingleQuote(agentCredentialProxy.proxyUrl)} SLOCK_AGENT_PROXY_TOKEN_FILE=${shellSingleQuote(agentCredentialProxyTokenFile)} SLOCK_AGENT_ACTIVE_CAPABILITIES=${shellSingleQuote(DEFAULT_ACTIVE_CAPABILITIES)} ` : "";
   const posixBody = `#!/usr/bin/env bash
-exec ${shellSingleQuote(process.execPath)} ${shellSingleQuote(ctx.slockCliPath)} "$@"
+${posixCredentialPrefix}exec ${shellSingleQuote(process.execPath)} ${shellSingleQuote(ctx.slockCliPath)} "$@"
 `;
   writeFileSync(posixWrapper, posixBody, { mode: 493 });
   if (platform === "win32") {
     const cmdWrapper = path2.join(slockDir, "slock.cmd");
+    const cmdCredentialLine = agentCredentialProxy ? `set "SLOCK_AGENT_PROXY_URL=${agentCredentialProxy.proxyUrl}"\r
+set "SLOCK_AGENT_PROXY_TOKEN_FILE=${agentCredentialProxyTokenFile}"\r
+set "SLOCK_AGENT_ACTIVE_CAPABILITIES=${DEFAULT_ACTIVE_CAPABILITIES}"\r
+` : "";
     const cmdBody = `@echo off\r
-"${process.execPath}" "${ctx.slockCliPath}" %*\r
+${cmdCredentialLine}"${process.execPath}" "${ctx.slockCliPath}" %*\r
 `;
     writeFileSync(cmdWrapper, cmdBody);
   }
@@ -1429,17 +1717,27 @@ exec ${shellSingleQuote(process.execPath)} ${shellSingleQuote(ctx.slockCliPath)}
     ...ctx.config.envVars || {},
     ...extraEnv,
     ...runtimeContextEnv(ctx.config),
-    [SLOCK_HOME_ENV]: resolveSlockHome(),
+    [SLOCK_HOME_ENV]: slockHome,
     SLOCK_AGENT_ID: ctx.agentId,
     ...ctx.launchId ? { SLOCK_AGENT_LAUNCH_ID: ctx.launchId } : {},
     SLOCK_SERVER_URL: ctx.config.serverUrl,
-    SLOCK_AGENT_TOKEN_FILE: tokenFile,
+    ...agentCredentialProxy ? {} : { SLOCK_AGENT_TOKEN_FILE: tokenFile },
     PATH: `${slockDir}${path2.delimiter}${process.env.PATH ?? ""}`
   };
-  scrubDaemonChildEnv(spawnEnv);
+  delete spawnEnv.SLOCK_AGENT_TOKEN;
+  delete spawnEnv.SLOCK_AGENT_CREDENTIAL_KEY;
+  delete spawnEnv.SLOCK_AGENT_CREDENTIAL_KEY_FILE;
+  delete spawnEnv.SLOCK_AGENT_PROXY_URL;
+  delete spawnEnv.SLOCK_AGENT_PROXY_TOKEN;
+  delete spawnEnv.SLOCK_AGENT_PROXY_TOKEN_FILE;
+  delete spawnEnv.SLOCK_AGENT_ACTIVE_CAPABILITIES;
+  if (agentCredentialProxy) {
+    delete spawnEnv.SLOCK_AGENT_TOKEN_FILE;
+  }
   return {
     slockDir,
     tokenFile,
+    agentCredentialProxyUrl: agentCredentialProxy?.proxyUrl ?? null,
     wrapperPath,
     spawnEnv
   };
@@ -1473,7 +1771,7 @@ function resolveCommandOnWindows(command, env, execFileSyncFn) {
 }
 function resolveCommandOnPath(command, deps = {}) {
   const platform = deps.platform ?? process.platform;
-  const env = scrubDaemonChildEnv({ ...deps.env ?? process.env });
+  const env = deps.env ?? process.env;
   const execFileSyncFn = deps.execFileSyncFn ?? execFileSync;
   if (platform === "win32") {
     return resolveCommandOnWindows(command, env, execFileSyncFn);
@@ -1498,7 +1796,7 @@ function firstExistingPath(candidates, deps = {}) {
   return null;
 }
 function readCommandVersion(command, args = [], deps = {}) {
-  const env = scrubDaemonChildEnv({ ...deps.env ?? process.env });
+  const env = deps.env ?? process.env;
   const execFileSyncFn = deps.execFileSyncFn ?? execFileSync;
   try {
     const output = normalizeExecOutput(execFileSyncFn(command, [...args, "--version"], {
@@ -1607,7 +1905,7 @@ function collectClaudeMcpConfigFiles(ctx, home) {
   return files;
 }
 function buildClaudeUserMcpServers(ctx, home) {
-  const servers = /* @__PURE__ */ Object.create(null);
+  const servers2 = /* @__PURE__ */ Object.create(null);
   for (const configFile of collectClaudeMcpConfigFiles(ctx, home)) {
     const mcpServers = readClaudeMcpServers(configFile.path, configFile.vars);
     if (!mcpServers) continue;
@@ -1616,10 +1914,10 @@ function buildClaudeUserMcpServers(ctx, home) {
         logger.warn(`[Claude] ignoring invalid MCP server "${name}" in ${configFile.path}`);
         continue;
       }
-      servers[name] = server;
+      servers2[name] = server;
     }
   }
-  return servers;
+  return servers2;
 }
 var ClaudeDriver = class {
   id = "claude";
@@ -1667,9 +1965,9 @@ var ClaudeDriver = class {
       CLAUDE_DISALLOWED_TOOLS
     ];
     if (opts.standingPromptFilePath) {
-      args.push("--system-prompt-file", opts.standingPromptFilePath);
+      args.push("--append-system-prompt-file", opts.standingPromptFilePath);
     } else {
-      args.push("--system-prompt", standingPrompt);
+      args.push("--append-system-prompt", standingPrompt);
     }
     if (config.sessionId) {
       args.push("--resume", config.sessionId);
@@ -1917,13 +2215,29 @@ function resolveWindowsNpmCodexEntry(deps = {}) {
   }
   return null;
 }
+function resolveWindowsCodexDesktopEntry(deps = {}) {
+  const existsSyncFn = deps.existsSyncFn ?? existsSync4;
+  const env = deps.env ?? process.env;
+  const homeDir = deps.homeDir;
+  const winPath = path5.win32;
+  const candidates = [
+    env.LOCALAPPDATA ? winPath.join(env.LOCALAPPDATA, "OpenAI", "Codex", "bin", "codex.exe") : null,
+    env.USERPROFILE ? winPath.join(env.USERPROFILE, "AppData", "Local", "OpenAI", "Codex", "bin", "codex.exe") : null,
+    homeDir ? winPath.join(homeDir, "AppData", "Local", "OpenAI", "Codex", "bin", "codex.exe") : null
+  ].filter((candidate) => Boolean(candidate));
+  for (const candidate of candidates) {
+    if (existsSyncFn(candidate)) return candidate;
+  }
+  return null;
+}
 function resolveCodexCommand(deps = {}) {
   const platform = deps.platform ?? process.platform;
   if (platform === "win32") {
     const npmEntry = resolveWindowsNpmCodexEntry(deps);
     if (npmEntry) return npmEntry;
     const command = resolveCommandOnPath("codex", deps);
-    return command && !isWindowsSandboxRunner(command) ? command : null;
+    if (command && !isWindowsSandboxRunner(command)) return command;
+    return resolveWindowsCodexDesktopEntry(deps);
   }
   const pathCommand = resolveCommandOnPath("codex", deps);
   if (pathCommand) return pathCommand;
@@ -1966,6 +2280,10 @@ function resolveCodexSpawn(commandArgs, deps = {}) {
   if (command && !isWindowsSandboxRunner(command)) {
     return { command, args: commandArgs };
   }
+  const desktopEntry = resolveWindowsCodexDesktopEntry(deps);
+  if (desktopEntry) {
+    return { command: desktopEntry, args: commandArgs };
+  }
   throw new Error(
     "Cannot resolve Codex CLI entry point on Windows. Install Codex Desktop or install @openai/codex globally via npm (npm i -g @openai/codex). Ignoring .codex/.sandbox-bin/codex-command-runner because it is a sandbox helper, not the Codex CLI."
   );
@@ -2775,7 +3093,7 @@ function detectCursorModels(runCommand = runCursorModelsCommand) {
 }
 function runCursorModelsCommand() {
   return spawnSync("cursor-agent", ["models"], {
-    env: scrubDaemonChildEnv({ ...process.env, FORCE_COLOR: "0", NO_COLOR: "1" }),
+    env: { ...process.env, FORCE_COLOR: "0", NO_COLOR: "1" },
     encoding: "utf8",
     timeout: 5e3
   });
@@ -2822,7 +3140,7 @@ function resolveGeminiSpawn(commandArgs, deps = {}) {
   }
   const execFileSyncFn = deps.execFileSyncFn ?? execFileSync3;
   const existsSyncFn = deps.existsSyncFn ?? existsSync6;
-  const env = scrubDaemonChildEnv({ ...deps.env ?? process.env });
+  const env = deps.env ?? process.env;
   const winPath = path8.win32;
   let geminiEntry = null;
   try {
@@ -2996,16 +3314,13 @@ var GeminiDriver = class {
 // src/drivers/kimi.ts
 import { randomUUID } from "crypto";
 import { spawn as spawn6 } from "child_process";
-import { chmodSync, existsSync as existsSync7, readFileSync as readFileSync3, writeFileSync as writeFileSync6 } from "fs";
+import { existsSync as existsSync7, readFileSync as readFileSync3, writeFileSync as writeFileSync6 } from "fs";
 import os4 from "os";
 import path9 from "path";
 var KIMI_WIRE_PROTOCOL_VERSION = "1.3";
 var KIMI_SYSTEM_PROMPT_FILE = ".slock-kimi-system.md";
 var KIMI_AGENT_FILE = ".slock-kimi-agent.yaml";
 var KIMI_MCP_FILE = ".slock-kimi-mcp.json";
-var KIMI_GENERATED_CONFIG_FILE = ".slock-kimi-config.toml";
-var SLOCK_KIMI_CONFIG_CONTENT_ENV = "SLOCK_KIMI_CONFIG_CONTENT";
-var SLOCK_KIMI_CONFIG_FILE_ENV = "SLOCK_KIMI_CONFIG_FILE";
 function parseToolArguments(raw) {
   if (typeof raw !== "string") return raw;
   try {
@@ -3014,73 +3329,6 @@ function parseToolArguments(raw) {
     return raw;
   }
 }
-function readKimiConfigSource(home = os4.homedir(), env = process.env) {
-  const inlineConfig = env[SLOCK_KIMI_CONFIG_CONTENT_ENV];
-  if (inlineConfig && inlineConfig.trim()) {
-    return {
-      raw: inlineConfig,
-      explicitPath: null,
-      sourcePath: SLOCK_KIMI_CONFIG_CONTENT_ENV
-    };
-  }
-  const explicitPath = env[SLOCK_KIMI_CONFIG_FILE_ENV];
-  const configPath = explicitPath && explicitPath.trim() ? explicitPath : path9.join(home, ".kimi", "config.toml");
-  try {
-    return {
-      raw: readFileSync3(configPath, "utf8"),
-      explicitPath: explicitPath && explicitPath.trim() ? explicitPath : null,
-      sourcePath: configPath
-    };
-  } catch {
-    return {
-      raw: null,
-      explicitPath: explicitPath && explicitPath.trim() ? explicitPath : null,
-      sourcePath: configPath
-    };
-  }
-}
-function buildKimiSpawnEnv(env = process.env) {
-  const spawnEnv = { ...env, FORCE_COLOR: "0", NO_COLOR: "1" };
-  delete spawnEnv[SLOCK_KIMI_CONFIG_CONTENT_ENV];
-  delete spawnEnv[SLOCK_KIMI_CONFIG_FILE_ENV];
-  return scrubDaemonChildEnv(spawnEnv);
-}
-function buildKimiEffectiveEnv(ctx, overrideEnv) {
-  return {
-    ...process.env,
-    ...ctx.config.envVars || {},
-    ...overrideEnv || {}
-  };
-}
-function buildKimiLaunchOptions(ctx, opts = {}) {
-  const env = buildKimiEffectiveEnv(ctx, opts.env);
-  const source = readKimiConfigSource(opts.home ?? os4.homedir(), env);
-  const args = [];
-  let configFilePath = null;
-  let configContent = null;
-  if (source.explicitPath) {
-    configFilePath = source.explicitPath;
-  } else if (source.raw !== null && source.sourcePath === SLOCK_KIMI_CONFIG_CONTENT_ENV) {
-    configFilePath = path9.join(ctx.workingDirectory, KIMI_GENERATED_CONFIG_FILE);
-    configContent = source.raw;
-    if (opts.writeGeneratedConfig !== false) {
-      writeFileSync6(configFilePath, source.raw, { encoding: "utf8", mode: 384 });
-      chmodSync(configFilePath, 384);
-    }
-  }
-  if (configFilePath) {
-    args.push("--config-file", configFilePath);
-  }
-  if (ctx.config.model && ctx.config.model !== "default") {
-    args.push("--model", ctx.config.model);
-  }
-  return {
-    args,
-    env: buildKimiSpawnEnv(env),
-    configFilePath,
-    configContent
-  };
-}
 function resolveKimiSpawn(commandArgs, deps = {}) {
   return {
     command: resolveCommandOnPath("kimi", deps) ?? "kimi",
@@ -3104,25 +3352,7 @@ var KimiDriver = class {
   };
   model = {
     detectedModelsVerifiedAs: "launchable",
-    toLaunchSpec: (modelId, ctx, opts) => {
-      if (!ctx) return { args: ["--model", modelId] };
-      const launchCtx = {
-        ...ctx,
-        config: {
-          ...ctx.config,
-          model: modelId
-        }
-      };
-      const launch = buildKimiLaunchOptions(launchCtx, {
-        home: opts?.home,
-        writeGeneratedConfig: false
-      });
-      return {
-        args: launch.args,
-        env: launch.env,
-        configFiles: launch.configFilePath ? [launch.configFilePath] : void 0
-      };
-    }
+    toLaunchSpec: (modelId) => ({ args: ["--model", modelId] })
   };
   supportsStdinNotification = true;
   mcpToolPrefix = "";
@@ -3176,7 +3406,6 @@ var KimiDriver = class {
         }
       }
     }), "utf8");
-    const launch = buildKimiLaunchOptions(ctx);
     const args = [
       "--wire",
       "--yolo",
@@ -3185,15 +3414,14 @@ var KimiDriver = class {
       "--mcp-config-file",
       mcpConfigPath,
       "--session",
-      this.sessionId,
-      ...launch.args
+      this.sessionId
     ];
     if (ctx.config.model && ctx.config.model !== "default") {
       args.push("--model", ctx.config.model);
     }
     const spawnEnv = prepareCliTransport(ctx, { NO_COLOR: "1" }).spawnEnv;
-    const spawnTarget = resolveKimiSpawn(args);
-    const proc = spawn6(spawnTarget.command, spawnTarget.args, {
+    const launch = resolveKimiSpawn(args);
+    const proc = spawn6(launch.command, launch.args, {
       cwd: ctx.workingDirectory,
       stdio: ["pipe", "pipe", "pipe"],
       env: spawnEnv,
@@ -3201,7 +3429,7 @@ var KimiDriver = class {
       // and has an 8191-character command-line limit. Kimi's official
       // installer/uv entrypoint is an executable, so launch it directly and
       // keep prompts on stdin / files instead of routing through cmd.exe.
-      shell: spawnTarget.shell
+      shell: launch.shell
     });
     proc.stdin?.write(JSON.stringify({
       jsonrpc: "2.0",
@@ -3317,9 +3545,14 @@ var KimiDriver = class {
     return detectKimiModels();
   }
 };
-function detectKimiModels(home = os4.homedir(), opts = {}) {
-  const raw = readKimiConfigSource(home, opts.env).raw;
-  if (raw === null) return null;
+function detectKimiModels(home = os4.homedir()) {
+  const configPath = path9.join(home, ".kimi", "config.toml");
+  let raw;
+  try {
+    raw = readFileSync3(configPath, "utf8");
+  } catch {
+    return null;
+  }
   const models = [];
   const sectionRe = /^\s*\[models(?:\.([^\]]+)|"\.[^"]+"|\."[^"]+")\s*\]\s*$/gm;
   const lineRe = /^\s*\[models\.(.+?)\s*\]\s*$/gm;
@@ -3580,7 +3813,7 @@ function detectOpenCodeModels(home = os5.homedir(), runCommand = runOpenCodeMode
 }
 function runOpenCodeModelsCommand(home) {
   const result = spawnSync2("opencode", ["models"], {
-    env: scrubDaemonChildEnv({ ...process.env, HOME: home, FORCE_COLOR: "0", NO_COLOR: "1" }),
+    env: { ...process.env, HOME: home, FORCE_COLOR: "0", NO_COLOR: "1" },
     encoding: "utf8",
     timeout: 5e3
   });
@@ -3738,297 +3971,6 @@ var OpenCodeDriver = class {
   }
 };
 
-// src/drivers/pi.ts
-import { spawn as spawn8 } from "child_process";
-import { existsSync as existsSync8, mkdirSync as mkdirSync4, writeFileSync as writeFileSync7 } from "fs";
-import path11 from "path";
-import { fileURLToPath } from "url";
-import { getAgentDir, VERSION as PI_SDK_VERSION } from "@earendil-works/pi-coding-agent";
-var CHAT_MCP_TOOL_PREFIX2 = "chat_";
-var NO_MESSAGE_PROMPT2 = "No new messages are pending. Stop now.";
-var FIRST_MESSAGE_TASK_PREFIX2 = "First message task (system-triggered):";
-var MIN_SUPPORTED_PI_VERSION = "0.74.0";
-function parseSemver2(version) {
-  const match = version.match(/(\d+)\.(\d+)\.(\d+)/);
-  if (!match) return null;
-  return [Number(match[1]), Number(match[2]), Number(match[3])];
-}
-function isSupportedPiVersion(version) {
-  if (!version) return true;
-  const actual = parseSemver2(version);
-  const minimum = parseSemver2(MIN_SUPPORTED_PI_VERSION);
-  if (!actual || !minimum) return true;
-  for (let i = 0; i < 3; i += 1) {
-    if (actual[i] > minimum[i]) return true;
-    if (actual[i] < minimum[i]) return false;
-  }
-  return true;
-}
-function unsupportedPiVersionMessage(version) {
-  if (!version || isSupportedPiVersion(version)) return null;
-  return `Pi SDK ${version} is unsupported; requires @earendil-works/pi-coding-agent >= ${MIN_SUPPORTED_PI_VERSION}. Upgrade the daemon Pi dependency before starting this runtime.`;
-}
-function probePi(version = PI_SDK_VERSION) {
-  const unsupportedMessage = unsupportedPiVersionMessage(version);
-  if (unsupportedMessage) {
-    return {
-      available: false,
-      version: `${version} (requires @earendil-works/pi-coding-agent >= ${MIN_SUPPORTED_PI_VERSION})`
-    };
-  }
-  return { available: true, version };
-}
-function resolvePiSdkRunnerPath(moduleUrl = import.meta.url) {
-  const moduleDir = path11.dirname(fileURLToPath(moduleUrl));
-  const sourceSibling = path11.join(moduleDir, "piSdkRunner.ts");
-  if (existsSync8(sourceSibling)) return sourceSibling;
-  const bundledEntry = path11.join(moduleDir, "drivers", "piSdkRunner.js");
-  if (existsSync8(bundledEntry)) return bundledEntry;
-  return path11.join(moduleDir, "piSdkRunner.js");
-}
-function buildPiSdkNodeArgs(runnerPath = resolvePiSdkRunnerPath()) {
-  if (runnerPath.endsWith(".ts")) {
-    return [...process.execArgv, runnerPath];
-  }
-  return [runnerPath];
-}
-function buildPiLaunchOptions(ctx, opts = {}) {
-  const command = opts.command ?? process.execPath;
-  const piDir = path11.join(ctx.workingDirectory, ".slock", "pi");
-  const sessionDir = path11.join(piDir, "sessions");
-  mkdirSync4(sessionDir, { recursive: true });
-  const slock = prepareCliTransport(ctx, { NO_COLOR: "1" });
-  const runnerPath = opts.runnerPath ?? resolvePiSdkRunnerPath();
-  const agentDir = opts.agentDir ?? getAgentDir();
-  const runnerConfigPath = path11.join(
-    piDir,
-    `sdk-run-${(ctx.launchId || "launch").replace(/[^a-zA-Z0-9_.-]/g, "_")}.json`
-  );
-  const turnPrompt = ctx.prompt === ctx.standingPrompt ? NO_MESSAGE_PROMPT2 : ctx.prompt;
-  const runnerConfig = {
-    cwd: ctx.workingDirectory,
-    agentDir,
-    sessionDir,
-    sessionId: ctx.config.sessionId || null,
-    standingPrompt: ctx.standingPrompt,
-    prompt: turnPrompt,
-    model: ctx.config.model && ctx.config.model !== "default" ? ctx.config.model : null
-  };
-  writeFileSync7(runnerConfigPath, `${JSON.stringify(runnerConfig)}
-`, { encoding: "utf8", mode: 384 });
-  const args = [
-    ...buildPiSdkNodeArgs(runnerPath),
-    "--config",
-    runnerConfigPath
-  ];
-  return {
-    command,
-    args,
-    env: slock.spawnEnv,
-    sessionDir,
-    agentDir,
-    runnerConfigPath,
-    sdkVersion: PI_SDK_VERSION
-  };
-}
-function isSystemFirstMessageTask2(message) {
-  return message.sender_id === "system" && message.channel_type === "channel" && message.channel_name === "all" && message.content.trimStart().startsWith(FIRST_MESSAGE_TASK_PREFIX2);
-}
-function buildPiSystemPrompt(config) {
-  return buildCliTransportSystemPrompt(config, {
-    toolPrefix: CHAT_MCP_TOOL_PREFIX2,
-    extraCriticalRules: [
-      "- Runtime Profile migration controls are not available in the Pi runtime yet. If asked to acknowledge a runtime migration, explain the blocker instead of inventing a command."
-    ],
-    postStartupNotes: [
-      "**Pi runtime note:** Slock launches you as a per-turn process. Complete the current wake using `slock` CLI commands, then stop; the daemon will restart you when new messages arrive."
-    ],
-    includeStdinNotificationSection: false,
-    messageNotificationStyle: "poll"
-  });
-}
-function contentText(content) {
-  if (!content) return "";
-  const chunks = [];
-  for (const item of content) {
-    if (item.type === "text" && typeof item.text === "string") {
-      chunks.push(item.text);
-    }
-  }
-  return chunks.join("");
-}
-function apiKeyErrorMessage(line) {
-  const trimmed = line.trim();
-  if (!trimmed) return null;
-  if (/no api key found/i.test(trimmed)) return trimmed;
-  if (/api key.+required/i.test(trimmed)) return trimmed;
-  if (/no models available/i.test(trimmed)) return trimmed;
-  return null;
-}
-var PiDriver = class {
-  id = "pi";
-  lifecycle = {
-    kind: "per_turn",
-    start: "defer_until_concrete_message",
-    exit: "terminate_on_turn_end",
-    inFlightWake: "coalesce_into_pending"
-  };
-  communication = {
-    chat: "slock_cli",
-    runtimeControl: "none"
-  };
-  session = {
-    recovery: "resume_or_fresh"
-  };
-  model = {
-    detectedModelsVerifiedAs: "launchable",
-    toLaunchSpec: (modelId, ctx) => {
-      if (!ctx) return modelId && modelId !== "default" ? { args: ["--model", modelId] } : { args: [] };
-      const launchCtx = {
-        ...ctx,
-        config: {
-          ...ctx.config,
-          model: modelId
-        }
-      };
-      const launch = buildPiLaunchOptions(launchCtx);
-      return {
-        args: launch.args,
-        env: launch.env,
-        configFiles: [launch.runnerConfigPath],
-        params: {
-          agentDir: launch.agentDir,
-          sessionDir: launch.sessionDir,
-          sdkVersion: launch.sdkVersion,
-          resources: "extensions/skills/prompt-templates/themes/context-files disabled by Slock policy"
-        }
-      };
-    }
-  };
-  supportsStdinNotification = false;
-  mcpToolPrefix = CHAT_MCP_TOOL_PREFIX2;
-  busyDeliveryMode = "none";
-  terminateProcessOnTurnEnd = true;
-  deferSpawnUntilMessage = true;
-  usesSlockCliForCommunication = true;
-  sessionId = null;
-  sessionAnnounced = false;
-  apiKeyErrorAnnounced = false;
-  turnEnded = false;
-  assistantTextByMessageId = /* @__PURE__ */ new Map();
-  shouldDeferWakeMessage(message) {
-    return isSystemFirstMessageTask2(message);
-  }
-  probe() {
-    return probePi();
-  }
-  async detectModels() {
-    return null;
-  }
-  spawn(ctx) {
-    this.sessionId = ctx.config.sessionId || null;
-    this.sessionAnnounced = false;
-    this.apiKeyErrorAnnounced = false;
-    this.turnEnded = false;
-    this.assistantTextByMessageId.clear();
-    const unsupportedMessage = unsupportedPiVersionMessage(PI_SDK_VERSION);
-    if (unsupportedMessage) throw new Error(unsupportedMessage);
-    const launch = buildPiLaunchOptions(ctx);
-    const proc = spawn8(launch.command, launch.args, {
-      cwd: ctx.workingDirectory,
-      stdio: ["pipe", "pipe", "pipe"],
-      env: launch.env,
-      shell: false
-    });
-    proc.stdin?.end();
-    return { process: proc };
-  }
-  parseLine(line) {
-    let event;
-    try {
-      event = JSON.parse(line);
-    } catch {
-      if (this.apiKeyErrorAnnounced) return [];
-      const message = apiKeyErrorMessage(line);
-      if (!message) return [];
-      this.apiKeyErrorAnnounced = true;
-      this.turnEnded = true;
-      return [
-        { kind: "error", message },
-        { kind: "turn_end", sessionId: this.sessionId || void 0 }
-      ];
-    }
-    const events = [];
-    if (event.type === "session" && event.id) {
-      this.sessionId = event.id;
-    }
-    if (!this.sessionAnnounced && this.sessionId) {
-      events.push({ kind: "session_init", sessionId: this.sessionId });
-      this.sessionAnnounced = true;
-    }
-    switch (event.type) {
-      case "agent_start":
-      case "turn_start":
-        events.push({ kind: "thinking", text: "" });
-        break;
-      case "message_update":
-      case "message_end":
-        if (event.message?.role === "assistant") {
-          const key = event.message.id || "current";
-          const currentText = contentText(event.message.content);
-          const previousText = this.assistantTextByMessageId.get(key) ?? "";
-          if (currentText.length > previousText.length && currentText.startsWith(previousText)) {
-            events.push({ kind: "text", text: currentText.slice(previousText.length) });
-          } else if (currentText && currentText !== previousText) {
-            events.push({ kind: "text", text: currentText });
-          }
-          this.assistantTextByMessageId.set(key, currentText);
-          if (event.message.stopReason === "error" || event.message.stopReason === "aborted") {
-            events.push({ kind: "error", message: event.message.errorMessage || `Request ${event.message.stopReason}` });
-          }
-        }
-        break;
-      case "tool_execution_start":
-        events.push({
-          kind: "tool_call",
-          name: event.toolName || "unknown_tool",
-          input: event.args
-        });
-        break;
-      case "tool_execution_end":
-        events.push({
-          kind: "tool_output",
-          name: event.toolName || "unknown_tool"
-        });
-        if (event.isError) {
-          events.push({ kind: "error", message: `Pi tool ${event.toolName || "unknown_tool"} failed` });
-        }
-        break;
-      case "compaction_start":
-        events.push({ kind: "compaction_started" });
-        break;
-      case "compaction_end":
-        events.push({ kind: "compaction_finished" });
-        if (event.errorMessage) events.push({ kind: "error", message: event.errorMessage });
-        break;
-      case "turn_end":
-      case "agent_end":
-        if (!this.turnEnded) {
-          events.push({ kind: "turn_end", sessionId: this.sessionId || void 0 });
-          this.turnEnded = true;
-        }
-        break;
-    }
-    return events;
-  }
-  encodeStdinMessage(_text, _sessionId, _opts) {
-    return null;
-  }
-  buildSystemPrompt(config, _agentId) {
-    return buildPiSystemPrompt(config);
-  }
-};
-
 // src/drivers/index.ts
 var driverFactories = {
   claude: () => new ClaudeDriver(),
@@ -4037,8 +3979,7 @@ var driverFactories = {
   cursor: () => new CursorDriver(),
   gemini: () => new GeminiDriver(),
   kimi: () => new KimiDriver(),
-  opencode: () => new OpenCodeDriver(),
-  pi: () => new PiDriver()
+  opencode: () => new OpenCodeDriver()
 };
 function getDriver(runtimeId) {
   const createDriver = driverFactories[runtimeId];
@@ -4051,7 +3992,7 @@ function getDriver(runtimeId) {
 
 // src/workspaces.ts
 import { readdir, rm, stat } from "fs/promises";
-import path12 from "path";
+import path11 from "path";
 function isValidWorkspaceDirectoryName(directoryName) {
   return !directoryName.includes("/") && !directoryName.includes("\\") && !directoryName.includes("..");
 }
@@ -4059,7 +4000,7 @@ function resolveWorkspaceDirectoryPath(dataDir, directoryName) {
   if (!isValidWorkspaceDirectoryName(directoryName)) {
     return null;
   }
-  return path12.join(dataDir, directoryName);
+  return path11.join(dataDir, directoryName);
 }
 function emptyWorkspaceDirectorySummary(latestMtime = /* @__PURE__ */ new Date(0)) {
   return {
@@ -4108,7 +4049,7 @@ async function summarizeWorkspaceDirectory(dirPath) {
     return summary;
   }
   const childSummaries = await Promise.all(
-    entries.map((entry) => summarizeWorkspaceEntry(path12.join(dirPath, entry.name), entry))
+    entries.map((entry) => summarizeWorkspaceEntry(path11.join(dirPath, entry.name), entry))
   );
   for (const childSummary of childSummaries) {
     summary = mergeWorkspaceDirectorySummaries(summary, childSummary);
@@ -4127,7 +4068,7 @@ async function scanWorkspaceDirectories(dataDir) {
       if (!entry.isDirectory()) {
         return null;
       }
-      const dirPath = path12.join(dataDir, entry.name);
+      const dirPath = path11.join(dataDir, entry.name);
       try {
         const summary = await summarizeWorkspaceDirectory(dirPath);
         return {
@@ -4240,6 +4181,8 @@ function redactUrlQuery(value) {
 // src/agentProcessManager.ts
 var DEFAULT_MAX_CONCURRENT_AGENT_STARTS = 5;
 var DEFAULT_AGENT_START_INTERVAL_MS = 500;
+var RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS = 3;
+var RUNNER_CREDENTIAL_MINT_RETRY_DELAY_MS = 250;
 var WORKSPACE_TEXT_FILE_MAX_BYTES = 1048576;
 var WORKSPACE_IMAGE_PREVIEW_MAX_BYTES = 5 * 1024 * 1024;
 var WORKSPACE_TEXT_EXTENSIONS = /* @__PURE__ */ new Set([
@@ -4284,6 +4227,41 @@ function readNonNegativeIntegerEnv(name, fallback) {
   if (!Number.isFinite(parsed) || parsed < 0) return fallback;
   return Math.floor(parsed);
 }
+var RunnerCredentialMintError = class extends Error {
+  code;
+  retryable;
+  status;
+  constructor(message, opts) {
+    super(message);
+    this.name = "RunnerCredentialMintError";
+    this.code = opts.code;
+    this.retryable = opts.retryable ?? false;
+    this.status = opts.status;
+  }
+};
+function isRetryableMintHttpFailure(status, code) {
+  if (code === "experimental_surface_disabled") return false;
+  return status === 408 || status === 425 || status === 429 || status >= 500;
+}
+function runnerCredentialErrorDetail(error) {
+  if (error instanceof RunnerCredentialMintError) {
+    return {
+      message: error.message,
+      code: error.code,
+      retryable: error.retryable,
+      status: error.status
+    };
+  }
+  const message = error instanceof Error ? error.message : String(error);
+  return {
+    message,
+    code: "runner_credential_mint_network_error",
+    retryable: true
+  };
+}
+async function waitForRunnerCredentialRetry() {
+  await new Promise((resolve) => setTimeout(resolve, RUNNER_CREDENTIAL_MINT_RETRY_DELAY_MS));
+}
 function stalledRecoverySigtermTimeoutMs() {
   return readNonNegativeIntegerEnv(
     "SLOCK_DAEMON_STALLED_RECOVERY_SIGTERM_TIMEOUT_MS",
@@ -4312,6 +4290,22 @@ function formatMessageTarget(message) {
   }
   return `#${message.channel_name}`;
 }
+function formatVisibleMessageTarget(message) {
+  if (message.channel_type === "thread" && message.parent_channel_name && message.channel_name) {
+    const shortId = getMessageShortId(String(message.channel_name));
+    if (message.parent_channel_type === "dm") {
+      return `dm:@${message.parent_channel_name}:${shortId}`;
+    }
+    return `#${message.parent_channel_name}:${shortId}`;
+  }
+  if (message.channel_type === "dm" && message.channel_name) {
+    return `dm:@${message.channel_name}`;
+  }
+  if (message.channel_name) {
+    return `#${message.channel_name}`;
+  }
+  return null;
+}
 function getMessageShortId(messageId) {
   return messageId.startsWith("thread-") ? messageId.slice(7) : messageId.slice(0, 8);
 }
@@ -4331,12 +4325,12 @@ function findSessionJsonl(root, predicate) {
     for (const entry of entries) {
       if (++visited > maxEntries) return null;
       if (!entry.isFile() || !predicate(entry.name)) continue;
-      return path13.join(dir, entry.name);
+      return path12.join(dir, entry.name);
     }
     for (const entry of entries) {
       if (++visited > maxEntries) return null;
       if (!entry.isDirectory()) continue;
-      const found = visit(path13.join(dir, entry.name), depth - 1);
+      const found = visit(path12.join(dir, entry.name), depth - 1);
       if (found) return found;
     }
     return null;
@@ -4349,10 +4343,10 @@ function safeSessionFilename(value) {
 }
 function writeRuntimeSessionHandoff(runtime, sessionId, fallbackDir) {
   try {
-    const dir = path13.join(fallbackDir, ".slock", "runtime-sessions");
-    mkdirSync5(dir, { recursive: true });
-    const filePath = path13.join(dir, `${runtime}-${safeSessionFilename(sessionId)}.jsonl`);
-    writeFileSync8(filePath, JSON.stringify({
+    const dir = path12.join(fallbackDir, ".slock", "runtime-sessions");
+    mkdirSync4(dir, { recursive: true });
+    const filePath = path12.join(dir, `${runtime}-${safeSessionFilename(sessionId)}.jsonl`);
+    writeFileSync7(filePath, JSON.stringify({
       type: "runtime_session_handoff",
       runtime,
       sessionId,
@@ -4371,7 +4365,7 @@ function writeRuntimeSessionHandoff(runtime, sessionId, fallbackDir) {
   }
 }
 function resolveRuntimeSessionRef(runtime, sessionId, homeDir = os6.homedir(), fallbackDir) {
-  const directPath = path13.isAbsolute(sessionId) ? sessionId : null;
+  const directPath = path12.isAbsolute(sessionId) ? sessionId : null;
   if (directPath) {
     try {
       if (statSync2(directPath).isFile()) {
@@ -4380,7 +4374,7 @@ function resolveRuntimeSessionRef(runtime, sessionId, homeDir = os6.homedir(), f
     } catch {
     }
   }
-  const resolvedPath = runtime === "claude" ? findSessionJsonl(path13.join(homeDir, ".claude", "projects"), (filename) => filename === `${sessionId}.jsonl`) : runtime === "codex" ? findSessionJsonl(path13.join(homeDir, ".codex", "sessions"), (filename) => filename.endsWith(".jsonl") && filename.includes(sessionId)) : null;
+  const resolvedPath = runtime === "claude" ? findSessionJsonl(path12.join(homeDir, ".claude", "projects"), (filename) => filename === `${sessionId}.jsonl`) : runtime === "codex" ? findSessionJsonl(path12.join(homeDir, ".codex", "sessions"), (filename) => filename.endsWith(".jsonl") && filename.includes(sessionId)) : null;
   if (!resolvedPath && fallbackDir) {
     const fallback = writeRuntimeSessionHandoff(runtime, sessionId, fallbackDir);
     if (fallback) return fallback;
@@ -4932,6 +4926,14 @@ function createRuntimeTraceCounters() {
     thinkingEvents: 0
   };
 }
+function cleanupAgentCredentialProxy(agentId, launchId) {
+  unregisterAgentCredentialProxyForLaunch({ agentId, launchId });
+}
+function stripManagedRunnerCredential(config) {
+  if (!config.agentCredentialKey && !config.agentCredentialId) return config;
+  const { agentCredentialKey: _agentCredentialKey, agentCredentialId: _agentCredentialId, ...rest } = config;
+  return rest;
+}
 function createGatedSteeringState() {
   return {
     phase: "idle",
@@ -5263,6 +5265,7 @@ var AgentProcessManager = class _AgentProcessManager {
   tracer;
   deliveryTraceContexts = /* @__PURE__ */ new WeakMap();
   processExitTraceAttrs = /* @__PURE__ */ new WeakMap();
+  agentVisibleBoundaries = /* @__PURE__ */ new Map();
   constructor(chatBridgePath, sendToServer, daemonApiKey, opts) {
     this.chatBridgePath = chatBridgePath;
     this.slockCliPath = opts.slockCliPath ?? "";
@@ -5290,6 +5293,97 @@ var AgentProcessManager = class _AgentProcessManager {
   setTracer(tracer) {
     this.tracer = tracer;
   }
+  visibleBoundaryMap(agentId) {
+    let map = this.agentVisibleBoundaries.get(agentId);
+    if (!map) {
+      map = /* @__PURE__ */ new Map();
+      this.agentVisibleBoundaries.set(agentId, map);
+    }
+    return map;
+  }
+  getVisibleBoundary(agentId, target) {
+    return this.agentVisibleBoundaries.get(agentId)?.get(target);
+  }
+  pendingVisibleMessages(agentId, target) {
+    const collect = (messages) => (messages ?? []).filter((message) => formatMessageTarget(message) === target && typeof message.seq === "number" && message.seq > 0);
+    return [
+      ...collect(this.agents.get(agentId)?.inbox),
+      ...collect(this.startingInboxes.get(agentId))
+    ];
+  }
+  /**
+   * Single-inbox consume point for messages that have been rendered into the
+   * agent-visible input surface. Daemon pending inbox is only a runner cache:
+   * once a message is visible through wake/stdin/check/read/held/preflight, the
+   * same seq must not be injected later through the local pending queue.
+   */
+  consumeVisibleMessages(agentId, input) {
+    if (input.messages.length === 0 && (!input.target || typeof input.boundarySeq !== "number")) return;
+    const byTarget = /* @__PURE__ */ new Map();
+    const ensureBucket = (target) => {
+      let bucket = byTarget.get(target);
+      if (!bucket) {
+        bucket = { maxSeq: 0, boundarySeq: 0, seqs: /* @__PURE__ */ new Set(), ids: /* @__PURE__ */ new Set() };
+        byTarget.set(target, bucket);
+      }
+      return bucket;
+    };
+    for (const message of input.messages) {
+      const seq = Number(message.seq ?? 0);
+      if (!Number.isFinite(seq) || seq <= 0) continue;
+      const target = input.target ?? formatVisibleMessageTarget(message);
+      if (!target) continue;
+      const bucket = ensureBucket(target);
+      bucket.maxSeq = Math.max(bucket.maxSeq, Math.floor(seq));
+      bucket.seqs.add(Math.floor(seq));
+      const id = typeof message.id === "string" ? message.id : typeof message.message_id === "string" ? message.message_id : null;
+      if (id) bucket.ids.add(id);
+    }
+    if (input.target && typeof input.boundarySeq === "number" && Number.isFinite(input.boundarySeq) && input.boundarySeq > 0) {
+      const bucket = ensureBucket(input.target);
+      bucket.boundarySeq = Math.max(bucket.boundarySeq, Math.floor(input.boundarySeq));
+    }
+    if (byTarget.size === 0) return;
+    const boundaryMap = this.visibleBoundaryMap(agentId);
+    for (const [target, bucket] of byTarget) {
+      const highWaterSeq = Math.max(bucket.maxSeq, bucket.boundarySeq);
+      const previous = boundaryMap.get(target) ?? 0;
+      boundaryMap.set(target, Math.max(previous, highWaterSeq));
+    }
+    const suppress = (messages) => {
+      if (!messages || messages.length === 0) return 0;
+      let removed = 0;
+      const retained = messages.filter((message) => {
+        const target = formatMessageTarget(message);
+        const bucket = byTarget.get(target);
+        if (!bucket) return true;
+        const seq = typeof message.seq === "number" ? Math.floor(message.seq) : 0;
+        const id = message.message_id ?? "";
+        const matched = seq > 0 && bucket.boundarySeq > 0 && seq <= bucket.boundarySeq || seq > 0 && bucket.seqs.has(seq) || id.length > 0 && bucket.ids.has(id);
+        if (matched) removed += 1;
+        return !matched;
+      });
+      messages.splice(0, messages.length, ...retained);
+      return removed;
+    };
+    const active = this.agents.get(agentId);
+    const removedActive = suppress(active?.inbox);
+    const removedStarting = suppress(this.startingInboxes.get(agentId));
+    this.recordDaemonTrace("daemon.agent.inbox.visible_consumed", {
+      agentId,
+      source: input.source,
+      targets: [...byTarget.keys()],
+      messages_count: input.messages.length,
+      suppressed_pending_count: removedActive + removedStarting
+    });
+  }
+  createAgentProxyInboxCoordinator(agentId) {
+    return {
+      getBoundary: (target) => this.getVisibleBoundary(agentId, target),
+      getPendingMessages: (target) => this.pendingVisibleMessages(agentId, target),
+      consumeVisibleMessages: (input) => this.consumeVisibleMessages(agentId, input)
+    };
+  }
   recordDaemonTrace(name, attrs, status = "ok", parentTraceparent) {
     const span = this.tracer.startSpan(name, {
       parent: parseTraceparent(parentTraceparent),
@@ -5514,26 +5608,26 @@ var AgentProcessManager = class _AgentProcessManager {
     this.recordDaemonTrace("daemon.agent.spawn.started", this.startQueueTraceAttrs(agentId, config, wakeMessage, unreadSummary, resumePrompt, launchId));
     try {
       const driver = this.driverResolver(config.runtime || "claude");
-      const agentDataDir = path13.join(this.dataDir, agentId);
+      const agentDataDir = path12.join(this.dataDir, agentId);
       await mkdir(agentDataDir, { recursive: true });
       const runtimeConfig = withLocalRuntimeContext(config, agentId, agentDataDir);
-      const memoryMdPath = path13.join(agentDataDir, "MEMORY.md");
+      const memoryMdPath = path12.join(agentDataDir, "MEMORY.md");
       try {
         await access(memoryMdPath);
       } catch {
         const initialMemoryMd = buildInitialMemoryMd(runtimeConfig);
         await writeFile(memoryMdPath, initialMemoryMd);
       }
-      const notesDir = path13.join(agentDataDir, "notes");
+      const notesDir = path12.join(agentDataDir, "notes");
       await mkdir(notesDir, { recursive: true });
       if (getOnboardingSeedMode(config) === FIRST_CINDY_SEED_MODE) {
         const seedFiles = buildOnboardingSeedFiles();
         for (const { relativePath, content } of seedFiles) {
-          const fullPath = path13.join(agentDataDir, relativePath);
+          const fullPath = path12.join(agentDataDir, relativePath);
           try {
             await access(fullPath);
           } catch {
-            await mkdir(path13.dirname(fullPath), { recursive: true });
+            await mkdir(path12.dirname(fullPath), { recursive: true });
             await writeFile(fullPath, content);
           }
         }
@@ -5641,7 +5735,8 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
         chatBridgePath: this.chatBridgePath,
         slockCliPath: this.slockCliPath,
         daemonApiKey: this.daemonApiKey,
-        launchId: launchId || null
+        launchId: launchId || null,
+        agentCredentialProxyInboxCoordinator: this.createAgentProxyInboxCoordinator(agentId)
       });
       this.recordDaemonTrace("daemon.agent.spawn.created", {
         ...this.startQueueTraceAttrs(agentId, effectiveConfig, wakeMessage, unreadSummary, resumePrompt, launchId),
@@ -5697,6 +5792,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
         this.ackInjectedRuntimeProfileControl(agentId, config.runtimeProfileControl, agentProcess.launchId);
       }
       if (wakeMessage) {
+        this.consumeVisibleMessages(agentId, { messages: [wakeMessage], source: "spawn_wake_message" });
         this.ackInjectedRuntimeProfileMessages(agentId, [wakeMessage], agentProcess.launchId);
       }
       let buffer = "";
@@ -5790,11 +5886,13 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
             ...this.finalizeRuntimeProfileTurnControl(agentId, ap, "process_exit")
           });
           this.interruptCompactionIfActive(agentId);
+          cleanupAgentCredentialProxy(agentId, ap.launchId);
+          this.revokeManagedRunnerCredential(agentId, ap.config, ap.launchId);
           this.agents.delete(agentId);
           if (missingResumeSession) {
             const staleSessionId = ap.sessionId;
             const runtimeLabel = ap.driver.id === "opencode" ? "OpenCode" : "Claude";
-            const restartConfig = { ...ap.config, sessionId: null };
+            const restartConfig = { ...stripManagedRunnerCredential(ap.config), sessionId: null };
             logger.warn(
               `[Agent ${agentId}] Stored ${runtimeLabel} session ${staleSessionId} is unavailable locally; falling back to cold start`
             );
@@ -5831,7 +5929,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
             const unreadSummary2 = queuedWakeMessage ? buildUnreadSummary(ap.inbox, formatChannelLabel(queuedWakeMessage)) : void 0;
             if (queuedWakeMessage) {
               logger.info(`[Agent ${agentId}] Turn completed; restarting immediately for queued message`);
-              const nextConfig = { ...ap.config, sessionId: ap.sessionId };
+              const nextConfig = { ...stripManagedRunnerCredential(ap.config), sessionId: ap.sessionId };
               this.idleAgentConfigs.set(agentId, {
                 config: nextConfig,
                 sessionId: ap.sessionId,
@@ -5841,6 +5939,9 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
               this.idleAgentConfigs.delete(agentId);
               this.startAgent(agentId, nextConfig, queuedWakeMessage, unreadSummary2, void 0, ap.launchId || void 0).catch((err) => {
                 logger.error(`[Agent ${agentId}] Failed to continue with queued message`, err);
+                if (this.reportRunnerCredentialMintFailure(agentId, err, ap.launchId, "queued_continuation")) {
+                  return;
+                }
                 this.idleAgentConfigs.set(agentId, {
                   config: nextConfig,
                   sessionId: ap.sessionId,
@@ -5851,7 +5952,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
               return;
             }
             this.idleAgentConfigs.set(agentId, {
-              config: { ...ap.config, sessionId: ap.sessionId },
+              config: { ...stripManagedRunnerCredential(ap.config), sessionId: ap.sessionId },
               sessionId: ap.sessionId,
               launchId: ap.launchId
             });
@@ -5887,27 +5988,28 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
   }
   async buildSpawnConfig(agentId, config) {
     const baseConfig = config.serverUrl === this.serverUrl ? config : { ...config, serverUrl: this.serverUrl };
+    const runnerConfig = await this.ensureManagedRunnerCredential(agentId, baseConfig);
     if (!this.defaultAgentEnvVarsProvider) {
-      return baseConfig;
+      return runnerConfig;
     }
     try {
       const defaultEnvVars = await this.defaultAgentEnvVarsProvider({
-        runtime: baseConfig.runtime,
-        model: baseConfig.model,
-        envVars: baseConfig.envVars
+        runtime: runnerConfig.runtime,
+        model: runnerConfig.model,
+        envVars: runnerConfig.envVars
       });
       if (!defaultEnvVars || Object.keys(defaultEnvVars).length === 0) {
-        return baseConfig;
+        return runnerConfig;
       }
       const mergedEnvVars = {
         ...defaultEnvVars,
-        ...baseConfig.envVars ?? {}
+        ...runnerConfig.envVars ?? {}
       };
-      if (this.sameEnvVars(mergedEnvVars, baseConfig.envVars)) {
-        return baseConfig;
+      if (this.sameEnvVars(mergedEnvVars, runnerConfig.envVars)) {
+        return runnerConfig;
       }
       return {
-        ...baseConfig,
+        ...runnerConfig,
         envVars: mergedEnvVars
       };
     } catch (error) {
@@ -5915,8 +6017,130 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
       logger.warn(
         `[Agent ${agentId}] Failed to resolve default runtime env vars \u2014 continuing without machine-level defaults (${reason})`
       );
-      return baseConfig;
+      return runnerConfig;
+    }
+  }
+  async requestManagedRunnerCredentialOnce(agentId, config) {
+    const url = new URL(`/internal/computer/runners/${encodeURIComponent(agentId)}/credentials`, this.serverUrl);
+    const res = await fetch(url, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${this.daemonApiKey}`,
+        "Content-Type": "application/json",
+        "X-Slock-Client": "daemon-server-session-worker"
+      },
+      body: JSON.stringify({
+        scopes: ["send", "read", "mentions", "tasks", "reactions", "server", "channels"],
+        name: `runner:${config.runtime}:${agentId.slice(0, 8)}`
+      })
+    });
+    if (!res.ok) {
+      const contentType = res.headers.get("content-type") ?? "";
+      let detail = `HTTP ${res.status}`;
+      let code = null;
+      if (contentType.includes("application/json")) {
+        const body2 = await res.json().catch(() => null);
+        const error = typeof body2?.error === "string" ? body2.error : null;
+        code = typeof body2?.code === "string" ? body2.code : null;
+        detail = [detail, code, error].filter(Boolean).join(" ");
+      }
+      throw new RunnerCredentialMintError(detail, {
+        code: code ?? "runner_credential_mint_http_error",
+        retryable: isRetryableMintHttpFailure(res.status, code),
+        status: res.status
+      });
+    }
+    const body = await res.json().catch(() => null);
+    if (typeof body?.apiKey !== "string" || !body.apiKey.startsWith("sk_agent_")) {
+      throw new RunnerCredentialMintError("invalid_agent_credential_payload", {
+        code: "invalid_agent_credential_payload"
+      });
+    }
+    return {
+      apiKey: body.apiKey,
+      credentialId: typeof body.credentialId === "string" ? body.credentialId : null
+    };
+  }
+  async ensureManagedRunnerCredential(agentId, config) {
+    if (config.agentCredentialKey) return config;
+    if (process.env.SLOCK_AGENT_RUNNER_CREDENTIALS_DISABLED === "1") {
+      throw new RunnerCredentialMintError("runner credential mint is disabled by SLOCK_AGENT_RUNNER_CREDENTIALS_DISABLED", {
+        code: "runner_credentials_disabled"
+      });
+    }
+    let lastError = null;
+    for (let attempt = 1; attempt <= RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS; attempt += 1) {
+      try {
+        const credential = await this.requestManagedRunnerCredentialOnce(agentId, config);
+        return {
+          ...config,
+          agentCredentialKey: credential.apiKey,
+          agentCredentialId: credential.credentialId
+        };
+      } catch (err) {
+        lastError = err;
+        const detail2 = runnerCredentialErrorDetail(err);
+        this.recordDaemonTrace("daemon.runner_credential_mint.retry", {
+          agentId,
+          runtime: config.runtime,
+          attempt,
+          max_attempts: RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS,
+          status: detail2.status,
+          code: detail2.code,
+          reason: detail2.message,
+          retryable: detail2.retryable
+        }, detail2.retryable && attempt < RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS ? "ok" : "error");
+        if (!detail2.retryable || attempt >= RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS) break;
+        await waitForRunnerCredentialRetry();
+      }
     }
+    const detail = runnerCredentialErrorDetail(lastError);
+    this.recordDaemonTrace("daemon.runner_credential_mint.failed", {
+      agentId,
+      runtime: config.runtime,
+      status: detail.status,
+      code: detail.code,
+      reason: detail.message,
+      retryable: detail.retryable,
+      max_attempts: RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS
+    }, "error");
+    throw new RunnerCredentialMintError(
+      `runner_credential_mint_failed: ${detail.message}. Managed runner startup requires /internal/computer credential mint; deploy server first or roll back the daemon binary.`,
+      {
+        code: detail.code,
+        retryable: detail.retryable,
+        status: detail.status
+      }
+    );
+  }
+  revokeManagedRunnerCredential(agentId, config, launchId) {
+    const credentialId = config.agentCredentialId;
+    if (!credentialId) return;
+    const url = new URL(
+      `/internal/computer/runners/${encodeURIComponent(agentId)}/credentials/${encodeURIComponent(credentialId)}`,
+      this.serverUrl
+    );
+    void fetch(url, {
+      method: "DELETE",
+      headers: {
+        Authorization: `Bearer ${this.daemonApiKey}`,
+        "X-Slock-Client": "daemon-server-session-worker"
+      }
+    }).then((res) => {
+      this.recordDaemonTrace("daemon.runner_credential.revoke", {
+        agentId,
+        launchId: launchId || void 0,
+        credentialId,
+        status: res.status
+      }, res.ok ? "ok" : "error");
+    }).catch((err) => {
+      this.recordDaemonTrace("daemon.runner_credential.revoke", {
+        agentId,
+        launchId: launchId || void 0,
+        credentialId,
+        reason: err instanceof Error ? err.message : String(err)
+      }, "error");
+    });
   }
   sameEnvVars(left, right) {
     const leftKeys = Object.keys(left ?? {});
@@ -6006,6 +6230,8 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     }
     this.clearCompactionWatchdog(ap);
     this.clearStalledRecoverySigtermWatchdog(ap);
+    cleanupAgentCredentialProxy(agentId, ap.launchId);
+    this.revokeManagedRunnerCredential(agentId, ap.config, ap.launchId);
     this.agents.delete(agentId);
     this.processExitTraceAttrs.set(ap.process, {
       stop_source: silent ? "daemon_internal" : "explicit_request",
@@ -6089,10 +6315,14 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
           session_id_present: Boolean(cached.sessionId),
           launchId: cached.launchId || void 0
         }));
-        this.startAgent(agentId, cached.config, message, void 0, void 0, cached.launchId || void 0).catch((err) => {
+        return this.startAgent(agentId, cached.config, message, void 0, void 0, cached.launchId || void 0).then(() => true, (err) => {
           logger.error(`[Agent ${agentId}] Failed to auto-restart`, err);
+          if (this.reportRunnerCredentialMintFailure(agentId, err, cached.launchId, "idle_auto_restart")) {
+            return false;
+          }
+          this.idleAgentConfigs.set(agentId, cached);
+          return false;
         });
-        return true;
       }
       logger.warn(`[Agent ${agentId}] Delivery received but no running process or cached idle config exists`);
       this.recordDaemonTrace("daemon.agent.delivery.routed", this.deliveryTraceAttrs(agentId, message, {
@@ -6242,7 +6472,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     return true;
   }
   async resetWorkspace(agentId) {
-    const agentDataDir = path13.join(this.dataDir, agentId);
+    const agentDataDir = path12.join(this.dataDir, agentId);
     try {
       await rm2(agentDataDir, { recursive: true, force: true });
       logger.info(`[Agent ${agentId}] Workspace reset complete (${agentDataDir})`);
@@ -6279,7 +6509,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     return result;
   }
   buildRuntimeProfileReport(agentId, config, sessionId, launchId) {
-    const workspacePath = path13.join(this.dataDir, agentId);
+    const workspacePath = path12.join(this.dataDir, agentId);
     return {
       agentId,
       launchId,
@@ -6411,19 +6641,28 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     if (cached) {
       logger.info(`[Agent ${agentId}] Starting from idle state for runtime profile ${kind} ${key}`);
       this.idleAgentConfigs.delete(agentId);
-      this.startAgent(agentId, cached.config, message, void 0, void 0, cached.launchId || void 0).catch((err) => {
+      return this.startAgent(agentId, cached.config, message, void 0, void 0, cached.launchId || void 0).then(() => true, (err) => {
         logger.error(`[Agent ${agentId}] Failed to auto-restart for runtime profile notification`, err);
-        this.idleAgentConfigs.set(agentId, cached);
-      });
-      span.end("ok", {
-        attrs: {
-          outcome: "restart_queued",
-          runtime: cached.config.runtime,
-          launchId: cached.launchId || void 0,
-          session_id_present: Boolean(cached.sessionId)
+        if (this.reportRunnerCredentialMintFailure(agentId, err, cached.launchId, "runtime_profile_auto_restart")) {
+          span.end("error", {
+            attrs: {
+              outcome: "runner_credential_mint_failed",
+              runtime: cached.config.runtime,
+              launchId: cached.launchId || void 0
+            }
+          });
+          return false;
         }
+        this.idleAgentConfigs.set(agentId, cached);
+        span.end("error", {
+          attrs: {
+            outcome: "restart_failed",
+            runtime: cached.config.runtime,
+            launchId: cached.launchId || void 0
+          }
+        });
+        return false;
       });
-      return true;
     }
     logger.warn(`[Agent ${agentId}] Runtime profile ${kind} ${key} has no runtime injection path yet; leaving unacked for retry`);
     span.end("ok", { attrs: { outcome: "no_path" } });
@@ -6527,7 +6766,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
   }
   // Workspace file browsing
   async getFileTree(agentId, dirPath) {
-    const agentDir = path13.join(this.dataDir, agentId);
+    const agentDir = path12.join(this.dataDir, agentId);
     try {
       await stat2(agentDir);
     } catch {
@@ -6535,8 +6774,8 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     }
     let targetDir = agentDir;
     if (dirPath) {
-      const resolved = path13.resolve(agentDir, dirPath);
-      if (!resolved.startsWith(agentDir + path13.sep) && resolved !== agentDir) {
+      const resolved = path12.resolve(agentDir, dirPath);
+      if (!resolved.startsWith(agentDir + path12.sep) && resolved !== agentDir) {
         return [];
       }
       targetDir = resolved;
@@ -6544,14 +6783,14 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     return this.listDirectoryChildren(targetDir, agentDir);
   }
   async readFile(agentId, filePath) {
-    const agentDir = path13.join(this.dataDir, agentId);
-    const resolved = path13.resolve(agentDir, filePath);
-    if (!resolved.startsWith(agentDir + path13.sep) && resolved !== agentDir) {
+    const agentDir = path12.join(this.dataDir, agentId);
+    const resolved = path12.resolve(agentDir, filePath);
+    if (!resolved.startsWith(agentDir + path12.sep) && resolved !== agentDir) {
       throw new Error("Access denied");
     }
     const info = await stat2(resolved);
     if (info.isDirectory()) throw new Error("Cannot read a directory");
-    const ext = path13.extname(resolved).toLowerCase();
+    const ext = path12.extname(resolved).toLowerCase();
     if (WORKSPACE_TEXT_EXTENSIONS.has(ext) || ext === "") {
       if (info.size > WORKSPACE_TEXT_FILE_MAX_BYTES) throw new Error("File too large");
       const content = await readFile(resolved, "utf-8");
@@ -6586,13 +6825,13 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     const agent = this.agents.get(agentId);
     const runtime = runtimeHint || agent?.config.runtime || "claude";
     const home = os6.homedir();
-    const workspaceDir = path13.join(this.dataDir, agentId);
+    const workspaceDir = path12.join(this.dataDir, agentId);
     const paths = _AgentProcessManager.SKILL_PATHS[runtime] || _AgentProcessManager.SKILL_PATHS.claude;
     const globalResults = await Promise.all(
-      paths.global.map((p) => this.scanSkillsDir(path13.join(home, p)))
+      paths.global.map((p) => this.scanSkillsDir(path12.join(home, p)))
     );
     const workspaceResults = await Promise.all(
-      paths.workspace.map((p) => this.scanSkillsDir(path13.join(workspaceDir, p)))
+      paths.workspace.map((p) => this.scanSkillsDir(path12.join(workspaceDir, p)))
     );
     const dedup = (skills) => {
       const seen = /* @__PURE__ */ new Set();
@@ -6621,7 +6860,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     const skills = [];
     for (const entry of entries) {
       if (entry.isDirectory() || entry.isSymbolicLink()) {
-        const skillMd = path13.join(dir, entry.name, "SKILL.md");
+        const skillMd = path12.join(dir, entry.name, "SKILL.md");
         try {
           const content = await readFile(skillMd, "utf-8");
           const skill = this.parseSkillMd(entry.name, content);
@@ -6632,7 +6871,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
       } else if (entry.name.endsWith(".md")) {
         const cmdName = entry.name.replace(/\.md$/, "");
         try {
-          const content = await readFile(path13.join(dir, entry.name), "utf-8");
+          const content = await readFile(path12.join(dir, entry.name), "utf-8");
           const skill = this.parseSkillMd(cmdName, content);
           skill.sourcePath = dir;
           skills.push(skill);
@@ -7401,6 +7640,29 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
   sendAgentStatus(agentId, status, launchId) {
     this.sendToServer({ type: "agent:status", agentId, status, launchId: launchId || void 0 });
   }
+  reportRunnerCredentialMintFailure(agentId, err, launchId, source) {
+    if (!(err instanceof RunnerCredentialMintError)) return false;
+    const detail = runnerCredentialErrorDetail(err);
+    this.recordDaemonTrace("daemon.runner_credential_mint.hard_fail", {
+      agentId,
+      launchId: launchId || void 0,
+      source,
+      status: detail.status,
+      code: detail.code,
+      reason: detail.message,
+      retryable: detail.retryable
+    }, "error");
+    const reason = err.message;
+    this.sendAgentStatus(agentId, "inactive", launchId);
+    this.broadcastActivity(
+      agentId,
+      "error",
+      `Start failed: ${reason}`,
+      [{ kind: "text", text: `Error: ${reason}` }],
+      launchId
+    );
+    return true;
+  }
   noteRuntimeTraceCounter(ap, event) {
     ap.runtimeTraceCounters.events++;
     switch (event.kind) {
@@ -7563,6 +7825,7 @@ ${RESPONSE_TARGET_HINT}`);
       }, "error");
       return false;
     }
+    this.consumeVisibleMessages(agentId, { messages, source: `stdin_${mode}_delivery` });
     const senders = [...new Set(messages.map((message) => `@${message.sender_name}`))].join(", ");
     logger.info(
       `[Agent ${agentId}] Delivering ${mode} ${messages.length === 1 ? "message" : `${messages.length} messages`} via stdin from ${senders}`
@@ -7596,8 +7859,8 @@ ${RESPONSE_TARGET_HINT}`);
     const nodes = [];
     for (const entry of entries) {
       if (entry.name.startsWith(".") || entry.name === "node_modules") continue;
-      const fullPath = path13.join(dir, entry.name);
-      const relativePath = path13.relative(rootDir, fullPath);
+      const fullPath = path12.join(dir, entry.name);
+      const relativePath = path12.relative(rootDir, fullPath);
       let info;
       try {
         info = await stat2(fullPath);
@@ -7900,9 +8163,9 @@ var ReminderCache = class {
 
 // src/machineLock.ts
 import { createHash as createHash3, randomUUID as randomUUID2 } from "crypto";
-import { mkdirSync as mkdirSync6, readFileSync as readFileSync5, rmSync as rmSync2, statSync as statSync3, writeFileSync as writeFileSync9 } from "fs";
+import { mkdirSync as mkdirSync5, readFileSync as readFileSync5, rmSync as rmSync3, statSync as statSync3, writeFileSync as writeFileSync8 } from "fs";
 import os7 from "os";
-import path14 from "path";
+import path13 from "path";
 var INCOMPLETE_LOCK_STALE_MS = 3e4;
 var DaemonMachineLockConflictError = class extends Error {
   code = "DAEMON_MACHINE_LOCK_HELD";
@@ -7924,7 +8187,7 @@ function resolveDefaultMachineStateRoot() {
   return resolveSlockHomePath("machines");
 }
 function ownerPath(lockDir) {
-  return path14.join(lockDir, "owner.json");
+  return path13.join(lockDir, "owner.json");
 }
 function readOwner(lockDir) {
   try {
@@ -7954,13 +8217,13 @@ function acquireDaemonMachineLock(options) {
   const rootDir = options.rootDir ?? resolveDefaultMachineStateRoot();
   const fingerprint = apiKeyFingerprint(options.apiKey);
   const lockId = getDaemonMachineLockId(options.apiKey);
-  const machineDir = path14.join(rootDir, lockId);
-  const lockDir = path14.join(machineDir, "daemon.lock");
+  const machineDir = path13.join(rootDir, lockId);
+  const lockDir = path13.join(machineDir, "daemon.lock");
   const token = randomUUID2();
-  mkdirSync6(machineDir, { recursive: true });
+  mkdirSync5(machineDir, { recursive: true });
   for (let attempt = 0; attempt < 2; attempt += 1) {
     try {
-      mkdirSync6(lockDir);
+      mkdirSync5(lockDir);
       const owner = {
         pid: process.pid,
         token,
@@ -7970,10 +8233,10 @@ function acquireDaemonMachineLock(options) {
         apiKeyFingerprint: fingerprint.slice(0, 16)
       };
       try {
-        writeFileSync9(ownerPath(lockDir), `${JSON.stringify(owner, null, 2)}
+        writeFileSync8(ownerPath(lockDir), `${JSON.stringify(owner, null, 2)}
 `, { mode: 384 });
       } catch (err) {
-        rmSync2(lockDir, { recursive: true, force: true });
+        rmSync3(lockDir, { recursive: true, force: true });
         throw err;
       }
       return {
@@ -7983,7 +8246,7 @@ function acquireDaemonMachineLock(options) {
         release: () => {
           const currentOwner = readOwner(lockDir);
           if (currentOwner?.pid === process.pid && currentOwner.token === token) {
-            rmSync2(lockDir, { recursive: true, force: true });
+            rmSync3(lockDir, { recursive: true, force: true });
           }
         }
       };
@@ -8000,15 +8263,15 @@ function acquireDaemonMachineLock(options) {
           throw new DaemonMachineLockConflictError(lockDir, null);
         }
       }
-      rmSync2(lockDir, { recursive: true, force: true });
+      rmSync3(lockDir, { recursive: true, force: true });
     }
   }
   throw new DaemonMachineLockConflictError(lockDir, readOwner(lockDir));
 }
 
 // src/localTraceSink.ts
-import { appendFileSync, mkdirSync as mkdirSync7, readdirSync as readdirSync3, rmSync as rmSync3, statSync as statSync4, writeFileSync as writeFileSync10 } from "fs";
-import path15 from "path";
+import { appendFileSync, mkdirSync as mkdirSync6, readdirSync as readdirSync3, rmSync as rmSync4, statSync as statSync4, writeFileSync as writeFileSync9 } from "fs";
+import path14 from "path";
 var DEFAULT_MAX_FILE_BYTES = 5 * 1024 * 1024;
 var DEFAULT_MAX_FILE_AGE_MS = 5 * 60 * 1e3;
 var DEFAULT_MAX_FILES = 8;
@@ -8044,7 +8307,7 @@ var LocalRotatingTraceSink = class {
   currentSize = 0;
   sequence = 0;
   constructor(options) {
-    this.traceDir = path15.join(options.machineDir, "traces");
+    this.traceDir = path14.join(options.machineDir, "traces");
     this.maxFileBytes = Math.max(1024, Math.floor(options.maxFileBytes ?? DEFAULT_MAX_FILE_BYTES));
     const baseAgeMs = Math.max(1e3, Math.floor(options.maxFileAgeMs ?? DEFAULT_MAX_FILE_AGE_MS));
     const ageJitterMs = Math.max(0, Math.floor(options.maxFileAgeJitterMs ?? 0));
@@ -8070,15 +8333,15 @@ var LocalRotatingTraceSink = class {
     return this.currentFile;
   }
   ensureFile(nextBytes) {
-    mkdirSync7(this.traceDir, { recursive: true, mode: 448 });
+    mkdirSync6(this.traceDir, { recursive: true, mode: 448 });
     const nowMs = this.nowMsProvider();
     const shouldRotateForAge = this.currentFileOpenedAtMs !== null && nowMs - this.currentFileOpenedAtMs >= this.maxFileAgeMs;
     if (!this.currentFile || this.currentSize + nextBytes > this.maxFileBytes || shouldRotateForAge) {
-      this.currentFile = path15.join(
+      this.currentFile = path14.join(
         this.traceDir,
         `daemon-trace-${safeTimestamp(nowMs)}-${process.pid}-${String(this.sequence++).padStart(4, "0")}.jsonl`
       );
-      writeFileSync10(this.currentFile, "", { flag: "a", mode: 384 });
+      writeFileSync9(this.currentFile, "", { flag: "a", mode: 384 });
       this.currentSize = statSync4(this.currentFile).size;
       this.currentFileOpenedAtMs = nowMs;
       this.pruneOldFiles();
@@ -8089,7 +8352,7 @@ var LocalRotatingTraceSink = class {
     const excess = files.length - this.maxFiles;
     if (excess <= 0) return;
     for (const file of files.slice(0, excess)) {
-      rmSync3(path15.join(this.traceDir, file), { force: true });
+      rmSync4(path14.join(this.traceDir, file), { force: true });
     }
   }
 };
@@ -8176,11 +8439,11 @@ function isDiagnosticErrorAttr(key) {
 import { createHash as createHash5, randomUUID as randomUUID3 } from "crypto";
 import { gzipSync } from "zlib";
 import { mkdir as mkdir2, readFile as readFile2, readdir as readdir3, stat as stat3, writeFile as writeFile2 } from "fs/promises";
-import path16 from "path";
+import path15 from "path";
 
 // src/directUploadCapability.ts
-function joinUrl(base, path18) {
-  return `${base.replace(/\/+$/, "")}${path18}`;
+function joinUrl(base, path17) {
+  return `${base.replace(/\/+$/, "")}${path17}`;
 }
 function jsonHeaders(apiKey) {
   return {
@@ -8399,7 +8662,7 @@ var DaemonTraceBundleUploader = class {
     }, nextMs);
   }
   async findUploadCandidates() {
-    const traceDir = path16.join(this.options.machineDir, "traces");
+    const traceDir = path15.join(this.options.machineDir, "traces");
     let names;
     try {
       names = await readdir3(traceDir);
@@ -8411,8 +8674,8 @@ var DaemonTraceBundleUploader = class {
     const currentFile = this.options.currentFileProvider?.();
     const candidates = [];
     for (const name of names.filter((entry) => entry.startsWith("daemon-trace-") && entry.endsWith(".jsonl")).sort()) {
-      const file = path16.join(traceDir, name);
-      if (currentFile && path16.resolve(file) === path16.resolve(currentFile)) continue;
+      const file = path15.join(traceDir, name);
+      if (currentFile && path15.resolve(file) === path15.resolve(currentFile)) continue;
       if (await this.isUploaded(file)) continue;
       try {
         const info = await stat3(file);
@@ -8486,8 +8749,8 @@ var DaemonTraceBundleUploader = class {
     }
   }
   uploadStatePath(file) {
-    const stateDir = path16.join(this.options.machineDir, "trace-uploads");
-    return path16.join(stateDir, `${path16.basename(file)}.uploaded.json`);
+    const stateDir = path15.join(this.options.machineDir, "trace-uploads");
+    return path15.join(stateDir, `${path15.basename(file)}.uploaded.json`);
   }
   async isUploaded(file) {
     try {
@@ -8499,9 +8762,9 @@ var DaemonTraceBundleUploader = class {
   }
   async markUploaded(file, metadata) {
     const stateFile = this.uploadStatePath(file);
-    await mkdir2(path16.dirname(stateFile), { recursive: true, mode: 448 });
+    await mkdir2(path15.dirname(stateFile), { recursive: true, mode: 448 });
     await writeFile2(stateFile, `${JSON.stringify({
-      file: path16.basename(file),
+      file: path15.basename(file),
       uploadedAt: (/* @__PURE__ */ new Date()).toISOString(),
       ...metadata
     }, null, 2)}
@@ -8520,10 +8783,48 @@ function readPositiveIntegerEnv2(name, fallback) {
 
 // src/core.ts
 var DEFAULT_TRACE_UPLOAD_URL = "https://slock-trace-upload.botiverse.dev";
-var DAEMON_CLI_USAGE = `Usage: slock-daemon --server-url <url> (--api-key <key> or ${DAEMON_API_KEY_ENV}=<key>)`;
-function parseDaemonCliArgs(args, env = {}) {
+var RUNNER_CREDENTIAL_SCOPES = ["send", "read", "mentions", "tasks", "reactions", "server", "channels"];
+var RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS2 = 3;
+var RUNNER_CREDENTIAL_MINT_RETRY_DELAY_MS2 = 250;
+var DAEMON_CLI_USAGE = "Usage: slock-daemon --server-url <url> --api-key <key>";
+var RunnerCredentialMintError2 = class extends Error {
+  code;
+  retryable;
+  status;
+  constructor(message, opts) {
+    super(message);
+    this.name = "RunnerCredentialMintError";
+    this.code = opts.code;
+    this.retryable = opts.retryable ?? false;
+    this.status = opts.status;
+  }
+};
+function isRetryableMintHttpFailure2(status, code) {
+  if (code === "experimental_surface_disabled") return false;
+  return status === 408 || status === 425 || status === 429 || status >= 500;
+}
+function runnerCredentialErrorDetail2(error) {
+  if (error instanceof RunnerCredentialMintError2) {
+    return {
+      message: error.message,
+      code: error.code,
+      retryable: error.retryable,
+      status: error.status
+    };
+  }
+  const message = error instanceof Error ? error.message : String(error);
+  return {
+    message,
+    code: "runner_credential_mint_network_error",
+    retryable: true
+  };
+}
+async function waitForRunnerCredentialRetry2() {
+  await new Promise((resolve) => setTimeout(resolve, RUNNER_CREDENTIAL_MINT_RETRY_DELAY_MS2));
+}
+function parseDaemonCliArgs(args) {
   let serverUrl = "";
-  let apiKey = env[DAEMON_API_KEY_ENV] ?? "";
+  let apiKey = "";
   for (let i = 0; i < args.length; i++) {
     if (args[i] === "--server-url" && args[i + 1]) serverUrl = args[++i];
     if (args[i] === "--api-key" && args[i + 1]) apiKey = args[++i];
@@ -8540,23 +8841,23 @@ function readDaemonVersion(moduleUrl = import.meta.url) {
   }
 }
 function resolveChatBridgePath(moduleUrl = import.meta.url) {
-  const dirname = path17.dirname(fileURLToPath2(moduleUrl));
-  const jsPath = path17.resolve(dirname, "chat-bridge.js");
+  const dirname = path16.dirname(fileURLToPath(moduleUrl));
+  const jsPath = path16.resolve(dirname, "chat-bridge.js");
   try {
     accessSync(jsPath);
     return jsPath;
   } catch {
-    return path17.resolve(dirname, "chat-bridge.ts");
+    return path16.resolve(dirname, "chat-bridge.ts");
   }
 }
 function resolveSlockCliPath(moduleUrl = import.meta.url) {
-  const thisDir = path17.dirname(fileURLToPath2(moduleUrl));
-  const bundledDistPath = path17.resolve(thisDir, "cli", "index.js");
+  const thisDir = path16.dirname(fileURLToPath(moduleUrl));
+  const bundledDistPath = path16.resolve(thisDir, "cli", "index.js");
   try {
     accessSync(bundledDistPath);
     return bundledDistPath;
   } catch {
-    const workspaceDistPath = path17.resolve(thisDir, "..", "..", "cli", "dist", "index.js");
+    const workspaceDistPath = path16.resolve(thisDir, "..", "..", "cli", "dist", "index.js");
     accessSync(workspaceDistPath);
     return workspaceDistPath;
   }
@@ -8735,7 +9036,7 @@ var DaemonCore = class {
   }
   resolveMachineStateRoot() {
     if (this.options.machineStateDir) return this.options.machineStateDir;
-    if (this.options.dataDir) return path17.join(path17.dirname(this.options.dataDir), "machines");
+    if (this.options.dataDir) return path16.join(path16.dirname(this.options.dataDir), "machines");
     return resolveDefaultMachineStateRoot();
   }
   shouldEnableLocalTrace() {
@@ -8852,13 +9153,115 @@ var DaemonCore = class {
     });
     span.end(status);
   }
+  async requestRunnerCredentialOnce(agentId, config) {
+    const url = new URL(`/internal/computer/runners/${encodeURIComponent(agentId)}/credentials`, this.options.serverUrl);
+    const res = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${this.options.apiKey}`,
+        "Content-Type": "application/json",
+        "X-Slock-Client": "daemon-server-session-worker"
+      },
+      body: JSON.stringify({
+        scopes: RUNNER_CREDENTIAL_SCOPES,
+        name: `runner:${config.runtime}:${agentId.slice(0, 8)}`
+      })
+    });
+    if (!res.ok) {
+      const contentType = res.headers.get("content-type") ?? "";
+      let detail = `HTTP ${res.status}`;
+      let code = null;
+      if (contentType.includes("application/json")) {
+        const body2 = await res.json().catch(() => null);
+        const error = typeof body2?.error === "string" ? body2.error : null;
+        code = typeof body2?.code === "string" ? body2.code : null;
+        detail = [detail, code, error].filter(Boolean).join(" ");
+      }
+      throw new RunnerCredentialMintError2(detail, {
+        code: code ?? "runner_credential_mint_http_error",
+        retryable: isRetryableMintHttpFailure2(res.status, code),
+        status: res.status
+      });
+    }
+    const body = await res.json().catch(() => null);
+    if (typeof body?.apiKey !== "string" || !body.apiKey.startsWith("sk_agent_")) {
+      throw new RunnerCredentialMintError2("invalid_agent_credential_payload", {
+        code: "invalid_agent_credential_payload"
+      });
+    }
+    return {
+      apiKey: body.apiKey,
+      credentialId: typeof body.credentialId === "string" ? body.credentialId : null
+    };
+  }
+  async mintRunnerCredential(agentId, config) {
+    if (config.agentCredentialKey) {
+      return { apiKey: config.agentCredentialKey, credentialId: config.agentCredentialId ?? null };
+    }
+    if (process.env.SLOCK_AGENT_RUNNER_CREDENTIALS_DISABLED === "1") {
+      throw new RunnerCredentialMintError2("runner credential mint is disabled by SLOCK_AGENT_RUNNER_CREDENTIALS_DISABLED", {
+        code: "runner_credentials_disabled"
+      });
+    }
+    let lastError = null;
+    for (let attempt = 1; attempt <= RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS2; attempt += 1) {
+      try {
+        return await this.requestRunnerCredentialOnce(agentId, config);
+      } catch (err) {
+        lastError = err;
+        const detail2 = runnerCredentialErrorDetail2(err);
+        this.recordDaemonTrace("daemon.runner_credential_mint.retry", {
+          agentId,
+          runtime: config.runtime,
+          attempt,
+          max_attempts: RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS2,
+          status: detail2.status,
+          code: detail2.code,
+          reason: detail2.message,
+          retryable: detail2.retryable
+        }, detail2.retryable && attempt < RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS2 ? "ok" : "error");
+        if (!detail2.retryable || attempt >= RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS2) break;
+        await waitForRunnerCredentialRetry2();
+      }
+    }
+    const detail = runnerCredentialErrorDetail2(lastError);
+    this.recordDaemonTrace("daemon.runner_credential_mint.failed", {
+      agentId,
+      runtime: config.runtime,
+      status: detail.status,
+      code: detail.code,
+      reason: detail.message,
+      retryable: detail.retryable,
+      max_attempts: RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS2
+    }, "error");
+    throw new RunnerCredentialMintError2(
+      `runner_credential_mint_failed: ${detail.message}. Managed runner startup requires /internal/computer credential mint; deploy server first or roll back the daemon binary.`,
+      {
+        code: detail.code,
+        retryable: detail.retryable,
+        status: detail.status
+      }
+    );
+  }
+  async startAgentFromMessage(msg) {
+    const agentCredential = await this.mintRunnerCredential(msg.agentId, msg.config);
+    const config = { ...msg.config, agentCredentialKey: agentCredential.apiKey, agentCredentialId: agentCredential.credentialId };
+    await this.agentManager.startAgent(
+      msg.agentId,
+      config,
+      msg.wakeMessage,
+      msg.unreadSummary,
+      msg.resumePrompt,
+      msg.launchId
+    );
+  }
   handleMessage(msg) {
     const summary = summarizeIncomingMessage(msg);
     logger.info(`[Daemon] Received ${msg.type}${summary ? ` ${summary}` : ""}`);
     switch (msg.type) {
       case "agent:start":
         logger.info(`[Agent ${msg.agentId}] Start requested (runtime=${msg.config.runtime}, model=${msg.config.model}, session=${msg.config.sessionId || "new"}${msg.wakeMessage ? ", wake=true" : ""})`);
-        this.agentManager.startAgent(msg.agentId, msg.config, msg.wakeMessage, msg.unreadSummary, msg.resumePrompt, msg.launchId).catch((err) => {
+        this.startAgentFromMessage(msg).catch((err) => {
           const reason = err instanceof Error ? err.message : String(err);
           logger.error(`[Agent ${msg.agentId}] Start failed (${reason})`);
           this.connection.send({ type: "agent:status", agentId: msg.agentId, status: "inactive", launchId: msg.launchId });
@@ -8891,22 +9294,27 @@ var DaemonCore = class {
         logger.info(`[Agent ${msg.agentId}] Delivery received (seq=${msg.seq}, from=@${msg.message.sender_name}, target=${formatChannelTarget(msg)})`);
         try {
           span.addEvent("daemon.receive", { seq: msg.seq, deliveryId: msg.deliveryId });
-          const accepted = this.agentManager.deliverMessage(msg.agentId, msg.message, { deliveryId: msg.deliveryId });
-          span.addEvent("daemon.deliver_to_agent_manager", { accepted });
-          if (!accepted) {
-            span.end("ok", { attrs: { outcome: "not-accepted" } });
-            break;
-          }
-          const ackSeq = msg.seq > 0 ? msg.seq : msg.message.seq ?? 0;
-          span.addEvent("daemon.ack.sent", { seq: ackSeq });
-          this.connection.send({
-            type: "agent:deliver:ack",
-            agentId: msg.agentId,
-            seq: ackSeq,
-            traceparent: formatTraceparent(span.context),
-            deliveryId: msg.deliveryId
+          const acceptedOrPromise = this.agentManager.deliverMessage(msg.agentId, msg.message, { deliveryId: msg.deliveryId });
+          Promise.resolve(acceptedOrPromise).then((accepted) => {
+            span.addEvent("daemon.deliver_to_agent_manager", { accepted });
+            if (!accepted) {
+              span.end("ok", { attrs: { outcome: "not-accepted" } });
+              return;
+            }
+            const ackSeq = msg.seq > 0 ? msg.seq : msg.message.seq ?? 0;
+            span.addEvent("daemon.ack.sent", { seq: ackSeq });
+            this.connection.send({
+              type: "agent:deliver:ack",
+              agentId: msg.agentId,
+              seq: ackSeq,
+              traceparent: formatTraceparent(span.context),
+              deliveryId: msg.deliveryId
+            });
+            span.end("ok", { attrs: { outcome: "ack-sent", ackSeq, deliveryId: msg.deliveryId } });
+          }, (err) => {
+            logger.error(`[Agent ${msg.agentId}] Delivery handling failed`, err);
+            span.end("error", { attrs: { error_class: err instanceof Error ? err.name : typeof err } });
           });
-          span.end("ok", { attrs: { outcome: "ack-sent", ackSeq, deliveryId: msg.deliveryId } });
         } catch (err) {
           span.end("error", { attrs: { error_class: err instanceof Error ? err.name : typeof err } });
           throw err;
@@ -8926,8 +9334,14 @@ var DaemonCore = class {
           }
         });
         logger.info(`[Agent ${msg.agentId}] Runtime profile migration received (${msg.migrationKey})`);
-        const accepted = this.agentManager.deliverRuntimeProfileNotification(msg.agentId, msg.migrationKey, "migration", msg.message, formatTraceparent(span.context));
-        span.end("ok", { attrs: { outcome: accepted ? "accepted" : "no_injection_path" } });
+        Promise.resolve(
+          this.agentManager.deliverRuntimeProfileNotification(msg.agentId, msg.migrationKey, "migration", msg.message, formatTraceparent(span.context))
+        ).then((accepted) => {
+          span.end("ok", { attrs: { outcome: accepted ? "accepted" : "no_injection_path" } });
+        }, (err) => {
+          logger.error(`[Agent ${msg.agentId}] Runtime profile migration handling failed`, err);
+          span.end("error", { attrs: { error_class: err instanceof Error ? err.name : typeof err } });
+        });
         break;
       }
       case "agent:runtime_profile:daemon_release_notice": {
@@ -8943,8 +9357,14 @@ var DaemonCore = class {
           }
         });
         logger.info(`[Agent ${msg.agentId}] Runtime profile daemon release notice received (${msg.noticeKey})`);
-        const accepted = this.agentManager.deliverRuntimeProfileNotification(msg.agentId, msg.noticeKey, "daemon_release_notice", msg.message, formatTraceparent(span.context));
-        span.end("ok", { attrs: { outcome: accepted ? "accepted" : "no_injection_path" } });
+        Promise.resolve(
+          this.agentManager.deliverRuntimeProfileNotification(msg.agentId, msg.noticeKey, "daemon_release_notice", msg.message, formatTraceparent(span.context))
+        ).then((accepted) => {
+          span.end("ok", { attrs: { outcome: accepted ? "accepted" : "no_injection_path" } });
+        }, (err) => {
+          logger.error(`[Agent ${msg.agentId}] Runtime profile daemon release notice handling failed`, err);
+          span.end("error", { attrs: { error_class: err instanceof Error ? err.name : typeof err } });
+        });
         break;
       }
       case "agent:workspace:list":
@@ -9118,8 +9538,6 @@ var DaemonCore = class {
 };
 
 export {
-  DAEMON_API_KEY_ENV,
-  scrubDaemonAuthEnv,
   resolveWorkspaceDirectoryPath,
   scanWorkspaceDirectories,
   deleteWorkspaceDirectory,