@slock-ai/daemon 0.53.2-alpha.0 → 0.54.0

package/dist/{chunk-UIJF67BT.js → chunk-JXS4CW3D.js}

@@ -609,13 +609,16 @@ var agentCreateOperationSchema = z.object({
   name: z.string().trim().min(1).max(60),
   description: z.string().trim().max(500).optional(),
   /**
-   * Agent can only suggest semantic intent (name + description). Technical
-   * configuration (which computer / runtime / model / reasoning effort) is
-   * a user prerogative — the human picks those in the create dialog when
-   * they click "Create Agent" on the card. Per stdrc 2026-05-10
-   * #proj-approval msg=ae4ecedd: "为什么 computer、runtime 和 model 还是
-   * 帮用户选了？" — don't let the agent prefill those.
+   * Optional computer placement contract. Agents may only set this when the
+   * human request is explicitly computer-bound; server prepare resolves the
+   * name/UUID and stores the UUID-only form. `suggestedComputer` preselects
+   * the dialog when available; `requiredComputer` prevents silent fallback to
+   * any other computer.
+   *
+   * Runtime / model / reasoning effort remain human-picked technical fields.
    */
+  suggestedComputer: idOrHandleSchema.optional(),
+  requiredComputer: idOrHandleSchema.optional(),
   draftHint: draftHintSchema
 });
 var channelAddMemberOperationSchema = z.object({
@@ -1942,6 +1945,9 @@ var shellSingleQuote = (value) => `'${value.replace(/'/g, `'\\''`)}'`;
 var powershellSingleQuote = (value) => `'${value.replace(/'/g, "''")}'`;
 var DEFAULT_ACTIVE_CAPABILITIES = "send,read,mentions,tasks,reactions,server,channels";
 var safePathPart = (value) => value.replace(/[^a-zA-Z0-9_.-]/g, "_");
+var RAW_CREDENTIAL_ENV_DENYLIST = [
+  "SLOCK_AGENT_CREDENTIAL_KEY"
+];
 var cachedOpencliBinPath;
 function resolveOpencliBinPath() {
   if (cachedOpencliBinPath !== void 0) return cachedOpencliBinPath;
@@ -2123,8 +2129,9 @@ exec ${shellSingleQuote(process.execPath)} ${shellSingleQuote(opencliBinPath)} "
     PATH: `${slockDir}${path2.delimiter}${process.env.PATH ?? ""}`
   };
   delete spawnEnv.SLOCK_AGENT_TOKEN;
-  delete spawnEnv.SLOCK_AGENT_CREDENTIAL_KEY;
-  delete spawnEnv.SLOCK_AGENT_CREDENTIAL_KEY_FILE;
+  for (const key of RAW_CREDENTIAL_ENV_DENYLIST) {
+    delete spawnEnv[key];
+  }
   delete spawnEnv.SLOCK_AGENT_PROXY_URL;
   delete spawnEnv.SLOCK_AGENT_PROXY_TOKEN;
   delete spawnEnv.SLOCK_AGENT_PROXY_TOKEN_FILE;
@@ -2148,6 +2155,118 @@ import path3 from "path";
 function normalizeExecOutput(raw) {
   return Buffer.isBuffer(raw) ? raw.toString("utf8") : String(raw ?? "");
 }
+var WINDOWS_ENVIRONMENT_SCRIPT = [
+  "& {",
+  "  $result = [ordered]@{}",
+  "  foreach ($scope in @('Machine', 'User')) {",
+  "    $scopeEnv = [Environment]::GetEnvironmentVariables($scope)",
+  "    $scopeObj = [ordered]@{}",
+  "    foreach ($key in $scopeEnv.Keys) {",
+  "      $value = $scopeEnv[$key]",
+  "      if ($null -ne $value) { $scopeObj[$key] = [string]$value }",
+  "    }",
+  "    $result[$scope] = $scopeObj",
+  "  }",
+  "  $result | ConvertTo-Json -Compress -Depth 3",
+  "}"
+].join(" ");
+function normalizeProcessEnv(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) return {};
+  const env = {};
+  for (const [key, rawValue] of Object.entries(value)) {
+    if (rawValue !== void 0 && rawValue !== null) {
+      env[key] = String(rawValue);
+    }
+  }
+  return env;
+}
+function readWindowsMachineUserEnvironment(env, execFileSyncFn) {
+  try {
+    const output = normalizeExecOutput(execFileSyncFn("powershell.exe", [
+      "-NoProfile",
+      "-NonInteractive",
+      "-Command",
+      WINDOWS_ENVIRONMENT_SCRIPT
+    ], {
+      stdio: ["ignore", "pipe", "ignore"],
+      env,
+      timeout: 5e3
+    }));
+    const parsed = JSON.parse(output || "{}");
+    return {
+      machine: normalizeProcessEnv(parsed.Machine),
+      user: normalizeProcessEnv(parsed.User)
+    };
+  } catch {
+    return null;
+  }
+}
+function findEnvKey(env, name) {
+  if (!env) return null;
+  const lowerName = name.toLowerCase();
+  const keys = Object.keys(env);
+  for (let index = keys.length - 1; index >= 0; index -= 1) {
+    const key = keys[index];
+    if (key.toLowerCase() === lowerName) return key;
+  }
+  return null;
+}
+function getEnvValue(env, name) {
+  const key = findEnvKey(env, name);
+  return key ? env?.[key] : void 0;
+}
+function setEnvValue(env, key, value) {
+  const existingKey = findEnvKey(env, key);
+  if (existingKey && existingKey !== key) {
+    delete env[existingKey];
+  }
+  env[key] = value;
+}
+function mergeWindowsPathSegments(values) {
+  const segments = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const value of values) {
+    if (!value) continue;
+    for (const rawSegment of value.split(";")) {
+      const segment = rawSegment.trim();
+      if (!segment) continue;
+      const key = segment.toLowerCase();
+      if (seen.has(key)) continue;
+      seen.add(key);
+      segments.push(segment);
+    }
+  }
+  return segments.length > 0 ? segments.join(";") : void 0;
+}
+function mergeWindowsEnvironmentScopes(baseEnv, scopes) {
+  const merged = {};
+  const layers = [scopes.machine ?? {}, scopes.user ?? {}, baseEnv];
+  for (const layer of layers) {
+    for (const [key, value] of Object.entries(layer)) {
+      if (value === void 0 || key.toLowerCase() === "path") continue;
+      setEnvValue(merged, key, value);
+    }
+  }
+  const pathKey = findEnvKey(baseEnv, "Path") ?? findEnvKey(scopes.machine, "Path") ?? findEnvKey(scopes.user, "Path") ?? "Path";
+  const pathValue = mergeWindowsPathSegments([
+    getEnvValue(baseEnv, "Path"),
+    getEnvValue(scopes.machine, "Path"),
+    getEnvValue(scopes.user, "Path")
+  ]);
+  if (pathValue) {
+    merged[pathKey] = pathValue;
+  }
+  return merged;
+}
+function withWindowsUserEnvironment(env, deps = {}) {
+  const platform = deps.platform ?? process.platform;
+  if (platform !== "win32") return env;
+  const execFileSyncFn = deps.execFileSyncFn ?? execFileSync;
+  const reader = deps.windowsEnvironmentReaderFn ?? readWindowsMachineUserEnvironment;
+  const scopes = reader(env, execFileSyncFn);
+  if (!scopes) return env;
+  return mergeWindowsEnvironmentScopes(env, scopes);
+}
 function resolveCommandOnWindows(command, env, execFileSyncFn, existsSyncFn) {
   const script = "& {$cmd = Get-Command -Name $args[0] -ErrorAction Stop | Select-Object -First 1; if ($cmd.Path) { $cmd.Path } elseif ($cmd.Source) { $cmd.Source } elseif ($cmd.Definition) { $cmd.Definition } }";
   try {
@@ -2185,7 +2304,7 @@ function resolveCommandOnWindows(command, env, execFileSyncFn, existsSyncFn) {
 }
 function resolveCommandOnPath(command, deps = {}) {
   const platform = deps.platform ?? process.platform;
-  const env = deps.env ?? process.env;
+  const env = withWindowsUserEnvironment(deps.env ?? process.env, deps);
   const execFileSyncFn = deps.execFileSyncFn ?? execFileSync;
   const existsSyncFn = deps.existsSyncFn ?? existsSync2;
   if (platform === "win32") {
@@ -2211,7 +2330,7 @@ function firstExistingPath(candidates, deps = {}) {
   return null;
 }
 function readCommandVersion(command, args = [], deps = {}) {
-  const env = deps.env ?? process.env;
+  const env = withWindowsUserEnvironment(deps.env ?? process.env, deps);
   const execFileSyncFn = deps.execFileSyncFn ?? execFileSync;
   try {
     const output = normalizeExecOutput(execFileSyncFn(command, [...args, "--version"], {
@@ -2488,6 +2607,7 @@ var ClaudeDriver = class {
       const detail = parts.join(" | ") || fallback;
       events.push({ kind: "error", message: detail });
     };
+    const isProviderApiFailureText = (value, hasToolUse) => !hasToolUse && /^\s*API Error:/i.test(value) && (/\b(?:ECONNRESET|EPIPE|ETIMEDOUT|ECONNREFUSED|ENOTFOUND|EAI_AGAIN)\b/i.test(value) || /\bUnable to connect to API\b/i.test(value) || /\b(?:timed out|timeout)\b/i.test(value) || /\b5\d{2}\b/.test(value));
     switch (event.type) {
       case "system":
         if (event.subtype === "init" && event.session_id) {
@@ -2503,11 +2623,16 @@ var ClaudeDriver = class {
       case "assistant": {
         const content = event.message?.content;
         if (Array.isArray(content)) {
+          const hasToolUse = content.some((block) => block?.type === "tool_use");
           for (const block of content) {
             if (block.type === "thinking" && block.thinking) {
               events.push({ kind: "thinking", text: block.thinking });
             } else if (block.type === "text" && block.text) {
-              events.push({ kind: "text", text: block.text });
+              if (isProviderApiFailureText(block.text, hasToolUse)) {
+                events.push({ kind: "error", message: block.text });
+              } else {
+                events.push({ kind: "text", text: block.text });
+              }
             } else if (block.type === "tool_use") {
               events.push({ kind: "tool_call", name: block.name || "unknown_tool", input: block.input });
             }
@@ -2821,6 +2946,11 @@ var CodexDriver = class {
   sessionAnnounced = false;
   streamedAgentMessageIds = /* @__PURE__ */ new Set();
   streamedReasoningIds = /* @__PURE__ */ new Set();
+  /**
+   * Post-tool window where the app-server may not yet accept stdin steering.
+   * Gate busy-mode delivery until turn/completed or next progress.
+   */
+  steeringGateActive = false;
   async spawn(ctx) {
     ensureGitRepoForCodex(ctx.workingDirectory);
     const { spawnEnv } = await prepareCliTransport(ctx, { NO_COLOR: "1" });
@@ -2835,6 +2965,7 @@ var CodexDriver = class {
     this.sessionAnnounced = false;
     this.streamedAgentMessageIds.clear();
     this.streamedReasoningIds.clear();
+    this.steeringGateActive = false;
     const args = ["app-server", "--listen", "stdio://"];
     args.push(...this.buildRuntimeActionsConfigArgs(ctx));
     const { command, args: spawnArgs } = resolveCodexSpawn(args);
@@ -2908,6 +3039,7 @@ var CodexDriver = class {
         if (typeof turnId === "string") {
           this.activeTurnId = turnId;
         }
+        this.steeringGateActive = false;
         events.push({ kind: "thinking", text: "" });
         break;
       }
@@ -2918,6 +3050,7 @@ var CodexDriver = class {
           this.streamedAgentMessageIds.add(itemId);
         }
         if (typeof delta === "string" && delta.length > 0) {
+          this.steeringGateActive = false;
           events.push({ kind: "text", text: delta });
         }
         break;
@@ -2930,6 +3063,7 @@ var CodexDriver = class {
           this.streamedReasoningIds.add(itemId);
         }
         if (typeof delta === "string" && delta.length > 0) {
+          this.steeringGateActive = false;
           events.push({ kind: "thinking", text: delta });
         }
         break;
@@ -2946,6 +3080,7 @@ var CodexDriver = class {
             if (isCompleted && typeof item.id === "string" && !this.streamedReasoningIds.has(item.id)) {
               const text = joinReasoningText(item);
               if (text) {
+                this.steeringGateActive = false;
                 events.push({ kind: "thinking", text });
               }
             }
@@ -2955,6 +3090,7 @@ var CodexDriver = class {
             break;
           case "agentMessage":
             if (isCompleted && typeof item.id === "string" && !this.streamedAgentMessageIds.has(item.id) && typeof item.text === "string" && item.text.length > 0) {
+              this.steeringGateActive = false;
               events.push({ kind: "text", text: item.text });
             }
             if (isCompleted && typeof item.id === "string") {
@@ -2967,6 +3103,7 @@ var CodexDriver = class {
             }
             if (isCompleted) {
               events.push({ kind: "tool_output", name: "shell" });
+              this.steeringGateActive = true;
             }
             break;
           case "contextCompaction":
@@ -2996,17 +3133,24 @@ var CodexDriver = class {
             if (isCompleted) {
               const toolName = item.server === "chat" ? `${this.mcpToolPrefix}${item.tool}` : `${this.mcpToolPrefix.replace(/_$/, "")}_${item.server}_${item.tool}`;
               events.push({ kind: "tool_output", name: toolName });
+              this.steeringGateActive = true;
             }
             break;
           case "collabAgentToolCall":
             if (isStarted) {
               events.push({ kind: "tool_call", name: "collab_tool_call", input: { tool: item.tool, prompt: item.prompt } });
             }
+            if (isCompleted) {
+              this.steeringGateActive = true;
+            }
             break;
           case "webSearch":
             if (isStarted) {
               events.push({ kind: "tool_call", name: "web_search", input: { query: item.query } });
             }
+            if (isCompleted) {
+              this.steeringGateActive = true;
+            }
             break;
         }
         break;
@@ -3019,6 +3163,7 @@ var CodexDriver = class {
         this.activeTurnId = null;
         this.streamedAgentMessageIds.clear();
         this.streamedReasoningIds.clear();
+        this.steeringGateActive = false;
         events.push({ kind: "turn_end", sessionId: this.threadId || void 0 });
         break;
       }
@@ -3038,7 +3183,7 @@ var CodexDriver = class {
     if (!this.threadId) return null;
     const mode = opts?.mode || "busy";
     if (mode === "busy") {
-      if (!this.activeTurnId) return null;
+      if (!this.activeTurnId || this.steeringGateActive) return null;
       return JSON.stringify({
         jsonrpc: "2.0",
         id: this.nextRequestId(),
@@ -3452,8 +3597,9 @@ var CopilotDriver = class {
 import { spawn as spawn5, spawnSync } from "child_process";
 import { writeFileSync as writeFileSync4, mkdirSync as mkdirSync2, existsSync as existsSync5 } from "fs";
 import path7 from "path";
-async function buildCursorSpawnEnv(ctx) {
-  return (await prepareCliTransport(ctx, { NO_COLOR: "1" })).spawnEnv;
+async function buildCursorSpawnEnv(ctx, deps = {}) {
+  const { spawnEnv } = await prepareCliTransport(ctx, { NO_COLOR: "1" });
+  return withWindowsUserEnvironment(spawnEnv, deps);
 }
 var CursorDriver = class {
   id = "cursor";
@@ -3637,9 +3783,16 @@ function detectCursorModels(runCommand = runCursorModelsCommand) {
   if (result.error || result.status !== 0) return null;
   return parseCursorModelsOutput(String(result.stdout || ""));
 }
+function buildCursorModelProbeEnv(deps = {}) {
+  return withWindowsUserEnvironment({
+    ...deps.env ?? process.env,
+    FORCE_COLOR: "0",
+    NO_COLOR: "1"
+  }, deps);
+}
 function runCursorModelsCommand() {
   return spawnSync("cursor-agent", ["models"], {
-    env: { ...process.env, FORCE_COLOR: "0", NO_COLOR: "1" },
+    env: buildCursorModelProbeEnv(),
     encoding: "utf8",
     timeout: 5e3
   });
@@ -4777,9 +4930,13 @@ function buildRuntimeErrorDiagnosticEnvelope(message) {
   const { value: excerpt, truncated } = truncateDiagnosticText(scrubbed, MAX_RUNTIME_ERROR_MESSAGE_EXCERPT_CHARS);
   const httpStatus = extractHttpStatus(rawMessage);
   const runtimeErrorClass = classifyRuntimeError(rawMessage, httpStatus);
+  const runtimeErrorReason = classifyRuntimeErrorReason(runtimeErrorClass);
   const runtimeErrorAction = classifyRuntimeErrorAction(rawMessage, runtimeErrorClass);
   const fingerprint = fingerprintRuntimeError(scrubbed);
   const spanAttrs = {
+    turn_outcome: "failed",
+    turn_subtype: "runtime_error",
+    turn_reason: runtimeErrorReason,
     runtime_error_class: runtimeErrorClass,
     runtime_error_action: runtimeErrorAction,
     runtime_error_action_required: runtimeErrorAction !== "none",
@@ -4831,7 +4988,10 @@ function classifyRuntimeError(message, httpStatus) {
     return "ProviderApiError";
   }
   if (isRuntimeAuthActionRequiredText(message)) return "AuthError";
-  if (/\btimeout|timed out\b/i.test(message)) return "TimeoutError";
+  if (/\b(?:ETIMEDOUT|timeout|timed out)\b/i.test(message)) return "TimeoutError";
+  if (/\b(?:ECONNRESET|EPIPE|ECONNREFUSED|ENOTFOUND|EAI_AGAIN)\b/i.test(message) || /\bUnable to connect to API\b/i.test(message)) {
+    return "ProviderConnectionError";
+  }
   if (/stream closed before response\.completed|error decoding response body/i.test(message)) return "ProviderStreamError";
   if (/\brate.?limit|too many requests\b/i.test(message)) return "RateLimitError";
   if (/\bnot found\b/i.test(message)) return "NotFoundError";
@@ -4846,6 +5006,28 @@ function classifyRuntimeErrorAction(message, runtimeErrorClass) {
 function isRuntimeAuthActionRequiredText(text) {
   return RUNTIME_AUTH_ACTION_REQUIRED_PATTERNS.some((pattern) => pattern.test(text));
 }
+function classifyRuntimeErrorReason(runtimeErrorClass) {
+  switch (runtimeErrorClass) {
+    case "ProviderConnectionError":
+      return "provider_connection_error";
+    case "TimeoutError":
+      return "provider_timeout";
+    case "ProviderStreamError":
+      return "provider_stream_error";
+    case "RateLimitError":
+      return "rate_limited";
+    case "AuthError":
+      return "auth_failed";
+    case "NotFoundError":
+      return "not_found";
+    case "ProviderServerError":
+      return "provider_server_error";
+    case "ProviderApiError":
+      return "provider_api_error";
+    default:
+      return "unclassified_runtime_error";
+  }
+}
 function runtimeDisplayName(runtimeId) {
   switch (runtimeId) {
     case "antigravity":
@@ -5272,10 +5454,10 @@ For new channels, new agents, and adding members to an existing channel, post an
 
 - Use \`slock action prepare --target <onboarding-channel>\` and pipe an \`ActionCardAction\` JSON. Identity references are handles (\`@alice\` / \`@scout\` / \`#general\` \u2014 bare names work too), never UUIDs. Server resolves at prepare time.
   - \`{type: "channel:create", name, visibility: "public" | "private", description?, initialHumans?: ["@alice"], initialAgents?: ["@scout"], draftHint?}\`
-  - \`{type: "agent:create", name, description?, draftHint?}\`
+  - \`{type: "agent:create", name, description?, suggestedComputer?, requiredComputer?, draftHint?}\`
   - \`{type: "channel:add_member", channel: "#existing-channel", humans?: ["@alice"], agents?: ["@scout"], draftHint?}\` \u2014 at least one of humans / agents must be non-empty
 - The owner clicks the button on the card; the matching dialog opens **prefilled with your values** (editable, deselectable for add_member). They review, adjust, and submit; the action is committed under their identity.
-- Technical fields the owner must pick themselves are NOT yours to prefill on \`agent:create\`: computer, runtime, model, reasoning effort. Stay on semantic intent (name + description).
+- Runtime / model / reasoning effort are NOT yours to prefill on \`agent:create\`. If the human request explicitly binds the agent to a computer, use a structured \`requiredComputer\` (or \`suggestedComputer\` for a soft preference) instead of burying the constraint in \`draftHint\`; otherwise stay on semantic intent (name + description).
 - For \`channel:add_member\`, only suggest people who are actually likely candidates (already in the server, relevant to the channel's topic). The owner will deselect anyone they don't want \u2014 make their default-yes list useful, not exhaustive.
 - Do not just describe or list copyable specs once action cards are available \u2014 the human input cost should land at "click the card, review, submit", not "copy this name into the dialog yourself".
 - Do not imply the resource has been created or members added until the card flips to "Done".
@@ -5528,7 +5710,7 @@ Do not copy these answers verbatim.
 - When the owner agrees to a new agent or channel, **post an action card** with \`slock action prepare\`. The card lives inline in chat; the owner clicks the action button, the matching create dialog opens prefilled with your values (editable), and the resource is created under their identity when they submit.
 - v1 supports three action types via \`slock action prepare --target '<channel>' <<'SLOCKACTION' { ... } SLOCKACTION\`:
   - \`{type: "channel:create", name, visibility: "public" | "private", description?, initialHumans?: ["@alice"], initialAgents?: ["@scout"], draftHint?}\`
-  - \`{type: "agent:create", name, description?, draftHint?}\` \u2014 runtime / model / computer are the owner's call, not yours
+  - \`{type: "agent:create", name, description?, suggestedComputer?, requiredComputer?, draftHint?}\` \u2014 runtime / model / reasoning effort are the owner's call. Use \`requiredComputer\` only when the owner explicitly says the new agent must run on that computer; use \`suggestedComputer\` for a soft preference.
   - \`{type: "channel:add_member", channel: "#existing-channel", humans?: ["@alice"], agents?: ["@scout"], draftHint?}\` \u2014 at least one of humans / agents must be non-empty. The owner clicks "Add Members" on the card; an AddMembers dialog opens with your suggested list (each row toggleable) and the owner submits to actually add them.
 
 - **Identity references are handles, not UUIDs.** Use \`@alice\` / \`@scout\` / \`#general\` (or bare \`alice\` / \`scout\` / \`general\`). The server resolves to UUIDs at prepare time. If a handle doesn't match a real human / agent / channel in this server you get a 422 INVALID_HANDLE error pointing at the field \u2014 fix the handle and retry. You should never see or write UUIDs in action card payloads.
@@ -5539,7 +5721,7 @@ Do not copy these answers verbatim.
 
 ### Guardrail
 - Do not imply you already created agents or channels unless the card state is \`executed\`.
-- Do not prefill technical fields on \`agent:create\` (runtime / model / computer / reasoning effort). The owner picks those in the dialog.
+- Do not prefill runtime / model / reasoning effort on \`agent:create\`. Computer placement is only allowed as the structured \`suggestedComputer\` / \`requiredComputer\` field when the owner's request includes that placement; never rely on \`draftHint\` for a computer constraint.
 - If the action type the user wants is not yet supported (e.g. \`channel:add_member\`), say so plainly and offer the manual UI path; do not invent action types the schema does not accept.
 `;
 }
@@ -7065,14 +7247,6 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     });
     logger.info(`[Agent ${agentId}] Queued runtime profile ${kind} ${key} during startup`);
   }
-  splitRuntimeProfileControlBatch(messages) {
-    const controlMessages = messages.filter((message) => runtimeProfileNotificationFromMessage(message));
-    if (controlMessages.length === 0 || controlMessages.length === messages.length) {
-      return { nextMessages: messages, deferredMessages: [] };
-    }
-    const deferredMessages = messages.filter((message) => !runtimeProfileNotificationFromMessage(message));
-    return { nextMessages: controlMessages, deferredMessages };
-  }
   containsOrdinaryInboxMessage(messages) {
     return messages.some((message) => !runtimeProfileNotificationFromMessage(message));
   }
@@ -8602,7 +8776,6 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
             ...runtimeTraceCounterAttrs(ap)
           });
           this.endRuntimeTrace(ap, "error", {
-            outcome: "runtime-error",
             ...runtimeErrorDiagnostics.spanAttrs,
             ...runtimeTraceCounterAttrs(ap),
             ...this.finalizeRuntimeProfileTurnControl(agentId, ap, "runtime_error")
@@ -8775,22 +8948,6 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
         return true;
       }
     }
-    const split = this.splitRuntimeProfileControlBatch(messages);
-    if (split.deferredMessages.length > 0) {
-      ap.inbox.unshift(...split.deferredMessages);
-      ap.pendingNotificationCount += split.deferredMessages.length;
-      messages = split.nextMessages;
-      this.recordDaemonTrace("daemon.agent.runtime_profile.split_batch", {
-        agentId,
-        launchId: ap.launchId || void 0,
-        runtime: ap.config.runtime,
-        mode,
-        delivered_control_messages_count: messages.length,
-        deferred_messages_count: split.deferredMessages.length,
-        inbox_count: ap.inbox.length,
-        pending_notification_count: ap.pendingNotificationCount
-      });
-    }
     const traceAttrs = {
       agentId,
       launchId: ap.launchId || void 0,

package/dist/cli/index.js

@@ -19,13 +19,47 @@ var CliExit = class extends Error {
 function emit(payload) {
   process.stdout.write(JSON.stringify(payload) + "\n");
 }
-function fail(code, message, exitCode = 1) {
-  process.stderr.write(JSON.stringify({ ok: false, code, message }) + "\n");
-  throw new CliExit(exitCode);
+function fail(code, message, options) {
+  const body = { ok: false, code, message };
+  if (options?.suggestedNextAction) {
+    body.suggested_next_action = options.suggestedNextAction;
+  }
+  process.stderr.write(JSON.stringify(body) + "\n");
+  throw new CliExit(options?.exitCode ?? 1);
+}
+
+// src/version.ts
+import { readFileSync } from "fs";
+var FALLBACK_VERSION = "0.0.0";
+function readVersionFrom(candidate) {
+  try {
+    const pkg = JSON.parse(readFileSync(candidate, "utf8"));
+    return typeof pkg.version === "string" && pkg.version ? pkg.version : null;
+  } catch {
+    return null;
+  }
+}
+function readCliVersion(baseUrl = import.meta.url) {
+  return (
+    // Built package and daemon-bundled CLI: dist/package.json travels with dist/index.js.
+    readVersionFrom(new URL("./package.json", baseUrl)) ?? readVersionFrom(new URL("../package.json", baseUrl)) ?? FALLBACK_VERSION
+  );
 }
 
 // src/auth/env.ts
 import fs from "fs";
+import os from "os";
+import path from "path";
+var RAW_AGENT_ENV_KEYS = [
+  "SLOCK_AGENT_ID",
+  "SLOCK_SERVER_URL",
+  "SLOCK_SERVER_ID",
+  "SLOCK_AGENT_PROXY_URL",
+  "SLOCK_AGENT_PROXY_TOKEN",
+  "SLOCK_AGENT_PROXY_TOKEN_FILE",
+  "SLOCK_AGENT_TOKEN_FILE",
+  "SLOCK_AGENT_TOKEN"
+];
 var AgentBootstrapError = class extends Error {
   constructor(code, message) {
     super(message);
@@ -33,6 +67,47 @@ var AgentBootstrapError = class extends Error {
     this.name = "AgentBootstrapError";
   }
 };
+function resolveProfileDir(slug, env = process.env) {
+  if (env.SLOCK_PROFILE_DIR) {
+    return env.SLOCK_PROFILE_DIR;
+  }
+  if (env.SLOCK_HOME) {
+    return path.join(env.SLOCK_HOME, "profiles", slug);
+  }
+  const home = env.HOME ?? os.homedir();
+  return path.join(home, ".slock", "profiles", slug);
+}
+function resolveProfileCredentialPath(slug, env) {
+  return path.join(resolveProfileDir(slug, env), "credential.json");
+}
+function readProfileCredential(slug, env) {
+  const filePath = resolveProfileCredentialPath(slug, env);
+  let raw;
+  try {
+    raw = fs.readFileSync(filePath, "utf-8");
+  } catch (err) {
+    throw new AgentBootstrapError(
+      "PROFILE_FILE_UNREADABLE",
+      `SLOCK_PROFILE=${slug} resolved to ${filePath}, which could not be read: ${err.message}. Run \`slock agent login\` to mint a credential.`
+    );
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch (err) {
+    throw new AgentBootstrapError(
+      "PROFILE_FILE_INVALID",
+      `${filePath} is not valid JSON: ${err.message}`
+    );
+  }
+  if (!parsed || typeof parsed !== "object" || typeof parsed.apiKey !== "string" || typeof parsed.agentId !== "string" || typeof parsed.serverUrl !== "string") {
+    throw new AgentBootstrapError(
+      "PROFILE_FILE_INVALID",
+      `${filePath} is missing required fields (apiKey, agentId, serverUrl).`
+    );
+  }
+  return { filePath, data: parsed };
+}
 function readTokenFromFile(filePath) {
   let raw;
   try {
@@ -53,10 +128,32 @@ function readTokenFromFile(filePath) {
   return token;
 }
 function loadAgentContext(env = process.env) {
+  const activeCapabilities = env.SLOCK_AGENT_ACTIVE_CAPABILITIES ? env.SLOCK_AGENT_ACTIVE_CAPABILITIES.split(",").map((cap) => cap.trim()).filter(Boolean) : null;
+  const profileSlug = env.SLOCK_PROFILE;
+  if (profileSlug) {
+    const shadowed = RAW_AGENT_ENV_KEYS.filter((k) => env[k]);
+    if (shadowed.length > 0) {
+      process.stderr.write(
+        `slock: SLOCK_PROFILE=${profileSlug} active; ignoring ${shadowed.join(", ")} from env.
+`
+      );
+    }
+    const { filePath, data } = readProfileCredential(profileSlug, env);
+    return {
+      agentId: data.agentId,
+      serverUrl: data.serverUrl,
+      serverId: data.serverId ?? null,
+      token: data.apiKey,
+      clientMode: "self-hosted-runner",
+      secretSource: "profile-credential-file",
+      activeCapabilities,
+      profileSlug,
+      profileCredentialPath: filePath
+    };
+  }
   const agentId = env.SLOCK_AGENT_ID;
   const serverUrl = env.SLOCK_SERVER_URL;
   const serverId = env.SLOCK_SERVER_ID ?? null;
-  const activeCapabilities = env.SLOCK_AGENT_ACTIVE_CAPABILITIES ? env.SLOCK_AGENT_ACTIVE_CAPABILITIES.split(",").map((cap) => cap.trim()).filter(Boolean) : null;
   if (!agentId) throw new AgentBootstrapError("MISSING_AGENT_ID", "SLOCK_AGENT_ID is required");
   if (!serverUrl) throw new AgentBootstrapError("MISSING_SERVER_URL", "SLOCK_SERVER_URL is required");
   const agentProxyUrl = env.SLOCK_AGENT_PROXY_URL;
@@ -89,18 +186,6 @@ function loadAgentContext(env = process.env) {
       activeCapabilities
     };
   }
-  const agentCredentialFile = env.SLOCK_AGENT_CREDENTIAL_KEY_FILE;
-  if (agentCredentialFile) {
-    return {
-      agentId,
-      serverUrl,
-      serverId,
-      token: readTokenFromFile(agentCredentialFile),
-      clientMode: "self-hosted-runner",
-      secretSource: "agent-credential-file",
-      activeCapabilities
-    };
-  }
   const tokenFile = env.SLOCK_AGENT_TOKEN_FILE;
   if (tokenFile) {
     return {
@@ -127,7 +212,7 @@ function loadAgentContext(env = process.env) {
   }
   throw new AgentBootstrapError(
     "MISSING_TOKEN",
-    "Neither SLOCK_AGENT_PROXY_TOKEN_FILE, SLOCK_AGENT_PROXY_TOKEN, SLOCK_AGENT_CREDENTIAL_KEY_FILE, SLOCK_AGENT_TOKEN_FILE nor SLOCK_AGENT_TOKEN is set. The daemon should inject one of these when spawning the agent process."
+    "Neither SLOCK_AGENT_PROXY_TOKEN_FILE, SLOCK_AGENT_PROXY_TOKEN, SLOCK_AGENT_TOKEN_FILE nor SLOCK_AGENT_TOKEN is set. The daemon should inject one of these when spawning the agent process."
   );
 }
 
@@ -148,12 +233,348 @@ function registerWhoamiCommand(parent) {
         serverUrl: ctx.serverUrl,
         serverId: ctx.serverId,
         clientMode: ctx.clientMode,
-        secretSource: ctx.secretSource
+        secretSource: ctx.secretSource,
+        ...ctx.profileSlug ? { profileSlug: ctx.profileSlug } : {},
+        ...ctx.profileCredentialPath ? { profileCredentialPath: ctx.profileCredentialPath } : {}
       }
     });
   });
 }
 
+// src/commands/agent/list.ts
+import { fetch as undiciFetch } from "undici";
+
+// src/agentLogin/deviceAuthClient.ts
+import { fetch as fetch2 } from "undici";
+var DeviceCodeLoginError = class extends Error {
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+    this.name = "DeviceCodeLoginError";
+  }
+};
+var ACTIONABLE_ERROR_MESSAGES = {
+  device_login_disabled: "Device login is not enabled on this Slock server. Ask an admin to set SLOCK_DEVICE_LOGIN_ENABLED=true.",
+  device_code_required: "Internal CLI bug: device_code was missing from the poll request.",
+  user_code_required: "Internal CLI bug: user_code was missing from the approve request.",
+  authorization_pending: "Still waiting for you to approve the login on the web page.",
+  expired_token: "The login code expired. Run `slock agent login` again to start a new flow.",
+  access_denied: "You denied the login request in the web approval page.",
+  device_code_consumed: "This login code has already been used. Run `slock agent login` again.",
+  device_code_invalid: "Unknown / malformed device code. Run `slock agent login` again to start a fresh flow."
+};
+function describeDeviceCodeLoginError(code) {
+  return ACTIONABLE_ERROR_MESSAGES[code] ?? `Device login failed (code: ${code}).`;
+}
+async function runDeviceCodeLogin(options) {
+  const httpFetch = options.fetchImpl ?? fetch2;
+  const base = options.serverUrl.replace(/\/+$/, "");
+  const authorizeRes = await httpFetch(`${base}/api/auth/device/authorize`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: JSON.stringify({
+      ...options.clientName ? { clientName: options.clientName } : {}
+    })
+  });
+  if (!authorizeRes.ok) {
+    const payload = await safeJson(authorizeRes);
+    throw new DeviceCodeLoginError(
+      typeof payload?.code === "string" ? payload.code : "authorize_failed",
+      describeDeviceCodeLoginError(typeof payload?.code === "string" ? payload.code : "authorize_failed")
+    );
+  }
+  const authorizeBody = await authorizeRes.json();
+  if (!authorizeBody.deviceCode || !authorizeBody.userCode || !authorizeBody.verificationUri) {
+    throw new DeviceCodeLoginError(
+      "authorize_response_invalid",
+      "Server's authorize response was missing deviceCode / userCode / verificationUri."
+    );
+  }
+  const verificationUri = authorizeBody.verificationUri.startsWith("http") ? authorizeBody.verificationUri : `${base}${authorizeBody.verificationUri}`;
+  await options.onUserAction({
+    verificationUri,
+    userCode: authorizeBody.userCode,
+    expiresInSeconds: authorizeBody.expiresIn ?? 0
+  });
+  const serverIntervalMs = (authorizeBody.interval ?? 5) * 1e3;
+  const pollIntervalMs = options.pollIntervalOverrideMs ?? serverIntervalMs;
+  const deadlineMs = Date.now() + Math.max(1, authorizeBody.expiresIn ?? 600) * 1e3;
+  while (Date.now() < deadlineMs) {
+    const tokenRes = await httpFetch(`${base}/api/auth/device/token`, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ deviceCode: authorizeBody.deviceCode })
+    });
+    if (tokenRes.ok) {
+      const tokenBody = await tokenRes.json();
+      if (!tokenBody.accessToken || !tokenBody.refreshToken || !tokenBody.userId) {
+        throw new DeviceCodeLoginError(
+          "token_response_invalid",
+          "Server's token response was missing accessToken / refreshToken / userId."
+        );
+      }
+      return {
+        accessToken: tokenBody.accessToken,
+        refreshToken: tokenBody.refreshToken,
+        userId: tokenBody.userId
+      };
+    }
+    const tokenError = await safeJson(tokenRes);
+    const code = typeof tokenError?.code === "string" ? tokenError.code : "token_failed";
+    if (code === "authorization_pending") {
+      await delay(pollIntervalMs);
+      continue;
+    }
+    throw new DeviceCodeLoginError(code, describeDeviceCodeLoginError(code));
+  }
+  throw new DeviceCodeLoginError(
+    "expired_token",
+    describeDeviceCodeLoginError("expired_token")
+  );
+}
+async function safeJson(res) {
+  try {
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
+function delay(ms) {
+  if (ms <= 0) return Promise.resolve();
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/commands/agent/list.ts
+function describeListResult(reason, serverUrl) {
+  switch (reason) {
+    case "ok":
+      return `Ask the user which agent to bind to this machine, then run \`slock agent login --server ${serverUrl} --agent <id>\` with the selected agent id.`;
+    case "no_manageable_server":
+      return "You are logged in but don't have `manageAgents` on any server you're a member of. Ask a server owner or admin to grant the capability, then rerun `slock agent list`.";
+    case "no_agents_on_manageable_servers":
+      return "You have `manageAgents` on at least one server, but no agents exist on those servers yet. Ask the user to create an agent first (via web UI), then rerun `slock agent list`.";
+  }
+}
+function registerAgentListCommand(parent) {
+  parent.command("list").description(
+    "List Slock agents the user can mint credentials for (after a device-code login)."
+  ).requiredOption("--server <url>", "Slock server base URL, e.g. https://slock.example.com").option("--client-name <label>", "Human-readable label shown on the web approval page").action(async (options) => {
+    let userSession;
+    try {
+      userSession = await runDeviceCodeLogin({
+        serverUrl: options.server,
+        ...options.clientName ? { clientName: options.clientName } : {},
+        onUserAction: ({ verificationUri, userCode, expiresInSeconds }) => {
+          process.stderr.write(
+            `Open ${verificationUri} in your browser, enter code ${userCode} (expires in ~${Math.max(0, Math.floor(expiresInSeconds / 60))}m).
+`
+          );
+        }
+      });
+    } catch (err) {
+      if (err instanceof DeviceCodeLoginError) {
+        fail(err.code, err.message);
+      }
+      throw err;
+    }
+    const res = await undiciFetch(
+      `${options.server.replace(/\/+$/, "")}/api/agents/manageable`,
+      {
+        method: "GET",
+        headers: {
+          "content-type": "application/json",
+          authorization: `Bearer ${userSession.accessToken}`
+        }
+      }
+    );
+    if (!res.ok) {
+      let body = null;
+      try {
+        body = await res.json();
+      } catch {
+      }
+      fail(
+        body?.code ?? `list_failed_${res.status}`,
+        body?.error ?? `Failed to list manageable agents (status ${res.status}).`
+      );
+    }
+    const payload = await res.json();
+    const agents = payload.data?.agents ?? [];
+    const reason = payload.data?.reason ?? (agents.length > 0 ? "ok" : "no_agents_on_manageable_servers");
+    const suggestedNextAction = describeListResult(reason, options.server);
+    emit({
+      ok: true,
+      data: {
+        agents,
+        reason,
+        ...typeof payload.data?.manageable_server_count === "number" ? { manageable_server_count: payload.data.manageable_server_count } : {},
+        suggested_next_action: suggestedNextAction
+      }
+    });
+  });
+}
+
+// src/commands/agent/login.ts
+import { mkdir, stat, writeFile } from "fs/promises";
+import path2 from "path";
+import { fetch as undiciFetch2 } from "undici";
+function registerAgentLoginCommand(parent) {
+  parent.command("login").description(
+    "Sign this CLI in as a specific Slock agent via the device-code login grant."
+  ).requiredOption("--server <url>", "Slock server base URL, e.g. https://slock.example.com").requiredOption("--agent <agentId>", "Agent id to log in as").option("--client-name <label>", "Human-readable label shown on the web approval page").option("--profile-slug <slug>", "Slug to save the new profile under (defaults to the agent id). Distinct from root `slock --profile`, which selects an existing profile to use.").option("--profile-dir <path>", "Override the profile directory root (default resolution: SLOCK_HOME/profiles/<slug> when SLOCK_HOME is set, else ~/.slock/profiles/<slug>)").action(async (options) => {
+    const invalidShape = describeInvalidAgentIdShape(options.agent);
+    if (invalidShape) {
+      fail("INVALID_AGENT_ID", invalidShape, {
+        suggestedNextAction: `Run \`slock agent list --server ${options.server}\` to see valid agent ids, then rerun login with --agent <id>.`
+      });
+    }
+    const profileSlug = options.profileSlug ?? options.agent;
+    const profileDir = options.profileDir ?? resolveProfileDir(profileSlug);
+    const credentialPath = path2.join(profileDir, "credential.json");
+    if (await profileFileExists(credentialPath)) {
+      fail(
+        "PROFILE_ALREADY_EXISTS",
+        `Profile '${profileSlug}' already has a credential at ${credentialPath}.`,
+        {
+          suggestedNextAction: `Use a different \`--profile-slug <slug>\` to mint a coexistent credential, OR manually delete ${credentialPath} and rerun login. Note: the existing sk_agent_* on the server is NOT revoked by deleting the local file \u2014 it remains valid until it expires or is explicitly revoked from the agent settings UI.`
+        }
+      );
+    }
+    let userSession;
+    try {
+      userSession = await runDeviceCodeLogin({
+        serverUrl: options.server,
+        ...options.clientName ? { clientName: options.clientName } : {},
+        onUserAction: ({ verificationUri, userCode, expiresInSeconds }) => {
+          process.stderr.write(
+            `Open ${verificationUri} in your browser, enter code ${userCode} (expires in ~${Math.max(0, Math.floor(expiresInSeconds / 60))}m).
+`
+          );
+        }
+      });
+    } catch (err) {
+      if (err instanceof DeviceCodeLoginError) {
+        fail(err.code, err.message);
+      }
+      throw err;
+    }
+    const mintRes = await undiciFetch2(
+      `${options.server.replace(/\/+$/, "")}/api/agents/${encodeURIComponent(options.agent)}/credentials`,
+      {
+        method: "POST",
+        headers: {
+          "content-type": "application/json",
+          authorization: `Bearer ${userSession.accessToken}`
+        },
+        body: JSON.stringify({})
+      }
+    );
+    if (!mintRes.ok) {
+      const body = await safeJson2(mintRes);
+      const code = body?.code ?? `mint_failed_${mintRes.status}`;
+      const detail = describeMintError(code, options.server);
+      fail(
+        code,
+        detail?.message ?? body?.error ?? `Failed to mint agent credential (status ${mintRes.status}).`,
+        detail?.suggestedNextAction ? { suggestedNextAction: detail.suggestedNextAction } : void 0
+      );
+    }
+    const minted = await mintRes.json();
+    if (!minted.apiKey || !minted.agentId || !minted.serverId) {
+      fail(
+        "mint_response_invalid",
+        "Server mint response was missing apiKey / agentId / serverId."
+      );
+    }
+    await mkdir(profileDir, { recursive: true, mode: 448 });
+    await writeFile(
+      credentialPath,
+      JSON.stringify(
+        {
+          schemaVersion: 1,
+          serverUrl: options.server,
+          agentId: minted.agentId,
+          agentName: minted.agentName,
+          serverId: minted.serverId,
+          credentialId: minted.credentialId,
+          scopes: minted.scopes,
+          apiKey: minted.apiKey,
+          createdAt: (/* @__PURE__ */ new Date()).toISOString()
+        },
+        null,
+        2
+      ) + "\n",
+      { mode: 384 }
+    );
+    emit({
+      ok: true,
+      data: {
+        agentId: minted.agentId,
+        agentName: minted.agentName,
+        serverId: minted.serverId,
+        credentialId: minted.credentialId,
+        scopes: minted.scopes,
+        profileSlug,
+        credentialPath
+      }
+    });
+  });
+}
+async function safeJson2(res) {
+  try {
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
+async function profileFileExists(filePath) {
+  try {
+    await stat(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function describeInvalidAgentIdShape(input) {
+  const trimmed = input.trim();
+  if (trimmed.length === 0) {
+    return "--agent must not be empty.";
+  }
+  if (trimmed.startsWith("@")) {
+    return "--agent expects an agent id (an opaque server-issued identifier), not an @handle.";
+  }
+  if (trimmed.startsWith("#")) {
+    return "--agent expects an agent id, not a #channel name.";
+  }
+  if (/^https?:\/\//i.test(trimmed) || trimmed.includes("/")) {
+    return "--agent expects an agent id, not a URL or path.";
+  }
+  return null;
+}
+function describeMintError(code, serverUrl) {
+  switch (code) {
+    case "device_login_disabled":
+      return { message: describeDeviceCodeLoginError(code) ?? code };
+    case "agent_missing":
+      return {
+        message: "Agent id is not known on this server, or the user you approved with isn't a member of the agent's server.",
+        suggestedNextAction: `Run \`slock agent list --server ${serverUrl}\` to see manageable agents, then rerun login with --agent <id>.`
+      };
+    case "insufficient_role":
+      return {
+        message: "The user you approved with isn't a server owner or admin on the agent's server, so they can't mint agent credentials.",
+        suggestedNextAction: "Ask a server owner or admin to grant you the `manageAgents` capability on this server, then rerun login."
+      };
+    case "scopes_invalid":
+    case "scopes_empty":
+    case "name_invalid":
+      return {
+        message: "Invalid request body for the agent credential mint. Re-run with default flags."
+      };
+  }
+  return void 0;
+}
+
 // ../shared/src/tracing/index.ts
 var DEFAULT_TRACE_FLAGS = "00";
 var TRACE_ID_HEX_LENGTH = 32;
@@ -1007,10 +1428,10 @@ function mergeDefs(...defs) {
 function cloneDef(schema) {
   return mergeDefs(schema._zod.def);
 }
-function getElementAtPath(obj, path2) {
-  if (!path2)
+function getElementAtPath(obj, path4) {
+  if (!path4)
     return obj;
-  return path2.reduce((acc, key) => acc?.[key], obj);
+  return path4.reduce((acc, key) => acc?.[key], obj);
 }
 function promiseAllObject(promisesObj) {
   const keys = Object.keys(promisesObj);
@@ -1393,11 +1814,11 @@ function aborted(x, startIndex = 0) {
   }
   return false;
 }
-function prefixIssues(path2, issues) {
+function prefixIssues(path4, issues) {
   return issues.map((iss) => {
     var _a2;
     (_a2 = iss).path ?? (_a2.path = []);
-    iss.path.unshift(path2);
+    iss.path.unshift(path4);
     return iss;
   });
 }
@@ -1580,7 +2001,7 @@ function formatError(error48, mapper = (issue2) => issue2.message) {
 }
 function treeifyError(error48, mapper = (issue2) => issue2.message) {
   const result = { errors: [] };
-  const processError = (error49, path2 = []) => {
+  const processError = (error49, path4 = []) => {
     var _a2, _b;
     for (const issue2 of error49.issues) {
       if (issue2.code === "invalid_union" && issue2.errors.length) {
@@ -1590,7 +2011,7 @@ function treeifyError(error48, mapper = (issue2) => issue2.message) {
       } else if (issue2.code === "invalid_element") {
         processError({ issues: issue2.issues }, issue2.path);
       } else {
-        const fullpath = [...path2, ...issue2.path];
+        const fullpath = [...path4, ...issue2.path];
         if (fullpath.length === 0) {
           result.errors.push(mapper(issue2));
           continue;
@@ -1622,8 +2043,8 @@ function treeifyError(error48, mapper = (issue2) => issue2.message) {
 }
 function toDotPath(_path) {
   const segs = [];
-  const path2 = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
-  for (const seg of path2) {
+  const path4 = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
+  for (const seg of path4) {
     if (typeof seg === "number")
       segs.push(`[${seg}]`);
     else if (typeof seg === "symbol")
@@ -13600,13 +14021,13 @@ function resolveRef(ref, ctx) {
   if (!ref.startsWith("#")) {
     throw new Error("External $ref is not supported, only local refs (#/...) are allowed");
   }
-  const path2 = ref.slice(1).split("/").filter(Boolean);
-  if (path2.length === 0) {
+  const path4 = ref.slice(1).split("/").filter(Boolean);
+  if (path4.length === 0) {
     return ctx.rootSchema;
   }
   const defsKey = ctx.version === "draft-2020-12" ? "$defs" : "definitions";
-  if (path2[0] === defsKey) {
-    const key = path2[1];
+  if (path4[0] === defsKey) {
+    const key = path4[1];
     if (!key || !ctx.defs[key]) {
       throw new Error(`Reference not found: ${ref}`);
     }
@@ -14038,13 +14459,16 @@ var agentCreateOperationSchema = external_exports.object({
   name: external_exports.string().trim().min(1).max(60),
   description: external_exports.string().trim().max(500).optional(),
   /**
-   * Agent can only suggest semantic intent (name + description). Technical
-   * configuration (which computer / runtime / model / reasoning effort) is
-   * a user prerogative — the human picks those in the create dialog when
-   * they click "Create Agent" on the card. Per stdrc 2026-05-10
-   * #proj-approval msg=ae4ecedd: "为什么 computer、runtime 和 model 还是
-   * 帮用户选了？" — don't let the agent prefill those.
+   * Optional computer placement contract. Agents may only set this when the
+   * human request is explicitly computer-bound; server prepare resolves the
+   * name/UUID and stores the UUID-only form. `suggestedComputer` preselects
+   * the dialog when available; `requiredComputer` prevents silent fallback to
+   * any other computer.
+   *
+   * Runtime / model / reasoning effort remain human-picked technical fields.
    */
+  suggestedComputer: idOrHandleSchema.optional(),
+  requiredComputer: idOrHandleSchema.optional(),
   draftHint: draftHintSchema
 });
 var channelAddMemberOperationSchema = external_exports.object({
@@ -14067,6 +14491,11 @@ var actionCardActionSchema = external_exports.discriminatedUnion("type", [
   channelAddMemberOperationSchema
 ]);
 function validateActionCardAction(action) {
+  if (action.type === "agent:create") {
+    if (action.suggestedComputer && action.requiredComputer) {
+      return "agent:create must include only one of suggestedComputer or requiredComputer";
+    }
+  }
   if (action.type === "channel:add_member") {
     const total = (action.humans?.length ?? 0) + (action.agents?.length ?? 0);
     if (total === 0) {
@@ -15004,11 +15433,11 @@ ${opts.heldAction} Review the bounded context shown here, then choose one path.$
 
 // src/commands/message/_continueDraftState.ts
 import fs2 from "fs";
-import os from "os";
-import path from "path";
+import os2 from "os";
+import path3 from "path";
 var DEFAULT_LOCAL_DRAFT_TTL_MS = 10 * 60 * 1e3;
 function stateFilePath(agentId) {
-  return path.join(process.env.SLOCK_CLI_DRAFT_STATE_DIR ?? os.tmpdir(), "slock-cli-attested-send", agentId, "continue-state.json");
+  return path3.join(process.env.SLOCK_CLI_DRAFT_STATE_DIR ?? os2.tmpdir(), "slock-cli-attested-send", agentId, "continue-state.json");
 }
 function readState(agentId) {
   const filePath = stateFilePath(agentId);
@@ -15022,7 +15451,7 @@ function readState(agentId) {
 }
 function writeState(agentId, state) {
   const filePath = stateFilePath(agentId);
-  fs2.mkdirSync(path.dirname(filePath), { recursive: true });
+  fs2.mkdirSync(path3.dirname(filePath), { recursive: true });
   fs2.writeFileSync(filePath, JSON.stringify(state), "utf8");
 }
 function getSavedDraft(agentId, target) {
@@ -15305,8 +15734,8 @@ async function drainInbox(ctx, opts) {
   const query = [];
   if (opts.block) query.push("block=true");
   if (opts.block && opts.timeoutMs !== void 0) query.push(`timeout=${opts.timeoutMs}`);
-  const path2 = query.length > 0 ? `${agentPath}/receive?${query.join("&")}` : `${agentPath}/receive`;
-  const res = await client.request("GET", path2);
+  const path4 = query.length > 0 ? `${agentPath}/receive?${query.join("&")}` : `${agentPath}/receive`;
+  const res = await client.request("GET", path4);
   if (!res.ok) {
     const code = res.status >= 500 ? "SERVER_5XX" : failCode;
     fail(code, res.error ?? `HTTP ${res.status}`);
@@ -15481,7 +15910,7 @@ function registerReactCommand(parent) {
 }
 
 // src/commands/attachment/upload.ts
-import { existsSync, statSync, readFileSync } from "fs";
+import { existsSync, statSync, readFileSync as readFileSync2 } from "fs";
 import { basename } from "path";
 var MAX_ATTACHMENT_UPLOAD_BYTES = 50 * 1024 * 1024;
 var MAX_ATTACHMENT_UPLOAD_LABEL = "50MB";
@@ -15581,12 +16010,12 @@ function registerAttachmentUploadCommand(parent) {
     if (!existsSync(opts.path)) {
       fail("INVALID_ARG", `--path does not exist: ${opts.path}`);
     }
-    const stat = statSync(opts.path);
-    if (!stat.isFile()) {
+    const stat2 = statSync(opts.path);
+    if (!stat2.isFile()) {
       fail("INVALID_ARG", `--path is not a regular file: ${opts.path}`);
     }
     try {
-      validateUploadFileSize(stat.size);
+      validateUploadFileSize(stat2.size);
     } catch (err) {
       if (err instanceof AttachmentUploadArgError) fail(err.code, err.message);
       throw err;
@@ -15609,7 +16038,7 @@ function registerAttachmentUploadCommand(parent) {
       fail(code, resolved.error ?? `Could not resolve channel: ${opts.channel}`);
     }
     const channelId = resolved.data.channelId;
-    const buffer = readFileSync(opts.path);
+    const buffer = readFileSync2(opts.path);
     const filename = basename(opts.path);
     let explicitMimeType;
     try {
@@ -16011,7 +16440,7 @@ function registerProfileShowCommand(parent) {
 
 // src/commands/profile/update.ts
 import { basename as basename2 } from "path";
-import { existsSync as existsSync2, readFileSync as readFileSync2, statSync as statSync2 } from "fs";
+import { existsSync as existsSync2, readFileSync as readFileSync3, statSync as statSync2 } from "fs";
 var MAX_PROFILE_AVATAR_BYTES = 2 * 1024 * 1024;
 var PROFILE_AVATAR_MIME_TYPES = /* @__PURE__ */ new Set([
   "image/jpeg",
@@ -16050,17 +16479,17 @@ function readAvatarFile(avatarFile) {
   if (!existsSync2(avatarFile)) {
     fail("PROFILE_FILE_NOT_FOUND", `Avatar file does not exist: ${avatarFile}`);
   }
-  const stat = statSync2(avatarFile);
-  if (!stat.isFile()) {
+  const stat2 = statSync2(avatarFile);
+  if (!stat2.isFile()) {
     fail("PROFILE_FILE_NOT_FOUND", `Avatar file is not a regular file: ${avatarFile}`);
   }
-  if (stat.size > MAX_PROFILE_AVATAR_BYTES) {
+  if (stat2.size > MAX_PROFILE_AVATAR_BYTES) {
     fail(
       "PROFILE_AVATAR_TOO_LARGE",
-      `Avatar file is ${stat.size} bytes; max size is ${MAX_PROFILE_AVATAR_BYTES} bytes`
+      `Avatar file is ${stat2.size} bytes; max size is ${MAX_PROFILE_AVATAR_BYTES} bytes`
     );
   }
-  const buffer = readFileSync2(avatarFile);
+  const buffer = readFileSync3(avatarFile);
   const filename = basename2(avatarFile);
   const mimeType = inferImageMimeType(filename, buffer);
   if (!mimeType || !PROFILE_AVATAR_MIME_TYPES.has(mimeType)) {
@@ -16683,10 +17112,22 @@ function registerReminderLogCommand(parent) {
 // src/index.ts
 var program = new Command();
 program.name("slock").description(
-  "Agent-facing execution interface for Slock. Invoked by daemon-spawned agent processes \u2014 not a user-facing CLI product."
-).version("0.0.1");
+  "Agent-facing CLI for Slock. Two entry shapes: (A) self-managed agent via `slock agent login --profile-slug <slug>` to create a profile, then `slock --profile <slug>` (or SLOCK_PROFILE=<slug>) to use it; (B) daemon-injected runner, where the local `slock` wrapper sets the SLOCK_AGENT_* env vars for you."
+).option(
+  "-p, --profile <slug>",
+  "Use the credential at $SLOCK_HOME/profiles/<slug>/credential.json (or ~/.slock/profiles/<slug>/credential.json when SLOCK_HOME is unset). Equivalent to setting SLOCK_PROFILE=<slug>. To create a new profile, use `slock agent login --profile-slug <slug>`."
+).version(readCliVersion());
+program.hook("preAction", () => {
+  const opts = program.opts();
+  if (opts.profile) {
+    process.env.SLOCK_PROFILE = opts.profile;
+  }
+});
 var authCmd = program.command("auth").description("Auth introspection");
 registerWhoamiCommand(authCmd);
+var agentCmd = program.command("agent").description("Self-managed agent onboarding (device-code login \u2192 sk_agent_* mint \u2192 ~/.slock/profiles/<slug>/credential.json)");
+registerAgentLoginCommand(agentCmd);
+registerAgentListCommand(agentCmd);
 var channelCmd = program.command("channel").description("Channel membership operations");
 registerChannelMembersCommand(channelCmd);
 registerChannelJoinCommand(channelCmd);

package/dist/cli/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "@slock-ai/cli",
+  "version": "0.0.2",
+  "type": "module"
+}

package/dist/core.js

@@ -9,7 +9,7 @@ import {
   resolveSlockCliPath,
   resolveWorkspaceDirectoryPath,
   scanWorkspaceDirectories
-} from "./chunk-UIJF67BT.js";
+} from "./chunk-JXS4CW3D.js";
 import {
   subscribeDaemonLogs
 } from "./chunk-KNMCE6WB.js";

package/dist/index.js

@@ -3,7 +3,7 @@ import {
   DAEMON_CLI_USAGE,
   DaemonCore,
   parseDaemonCliArgs
-} from "./chunk-UIJF67BT.js";
+} from "./chunk-JXS4CW3D.js";
 import "./chunk-KNMCE6WB.js";
 
 // src/index.ts

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@slock-ai/daemon",
-  "version": "0.53.2-alpha.0",
+  "version": "0.54.0",
   "type": "module",
   "bin": {
     "slock-daemon": "dist/index.js"