@slock-ai/daemon 0.53.2 → 0.54.1

package/dist/chat-bridge.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import {
-  buildFetchDispatcher,
+  daemonFetch,
   executeJsonRequest
-} from "./chunk-KNMCE6WB.js";
+} from "./chunk-VOZJ2ELH.js";
 
 // src/chat-bridge.ts
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
@@ -47,9 +47,7 @@ var runtimeActionHeaders = {
   ...launchId ? { "X-Agent-Launch-Id": launchId } : {}
 };
 function bridgeFetch(url, init = {}) {
-  const dispatcher = buildFetchDispatcher(url, process.env);
-  const requestInit = dispatcher ? { ...init, dispatcher } : init;
-  return fetch(url, requestInit);
+  return daemonFetch(url, init);
 }
 var server = new McpServer({
   name: "chat",

package/dist/{chunk-KNMCE6WB.js → chunk-VOZJ2ELH.js}

@@ -207,6 +207,15 @@ function buildFetchDispatcher(targetUrl, env) {
   return dispatcher;
 }
 
+// src/daemonFetch.ts
+function withDaemonFetchProxy(input, init = {}, env = process.env) {
+  const dispatcher = buildFetchDispatcher(input.toString(), env);
+  return dispatcher ? { ...init, dispatcher } : init;
+}
+function daemonFetch(input, init, env = process.env) {
+  return fetch(input, withDaemonFetchProxy(input, init, env));
+}
+
 export {
   subscribeDaemonLogs,
   logger,
@@ -214,5 +223,5 @@ export {
   executeJsonRequest,
   executeResponseRequest,
   buildWebSocketOptions,
-  buildFetchDispatcher
+  daemonFetch
 };

package/dist/{chunk-UIJF67BT.js → chunk-X366KJGT.js}

@@ -1,10 +1,11 @@
 import {
   DEFAULT_CHAT_BRIDGE_TOOL_TIMEOUT_MS,
   buildWebSocketOptions,
+  daemonFetch,
   executeJsonRequest,
   executeResponseRequest,
   logger
-} from "./chunk-KNMCE6WB.js";
+} from "./chunk-VOZJ2ELH.js";
 
 // src/core.ts
 import path16 from "path";
@@ -609,13 +610,16 @@ var agentCreateOperationSchema = z.object({
   name: z.string().trim().min(1).max(60),
   description: z.string().trim().max(500).optional(),
   /**
-   * Agent can only suggest semantic intent (name + description). Technical
-   * configuration (which computer / runtime / model / reasoning effort) is
-   * a user prerogative — the human picks those in the create dialog when
-   * they click "Create Agent" on the card. Per stdrc 2026-05-10
-   * #proj-approval msg=ae4ecedd: "为什么 computer、runtime 和 model 还是
-   * 帮用户选了？" — don't let the agent prefill those.
+   * Optional computer placement contract. Agents may only set this when the
+   * human request is explicitly computer-bound; server prepare resolves the
+   * name/UUID and stores the UUID-only form. `suggestedComputer` preselects
+   * the dialog when available; `requiredComputer` prevents silent fallback to
+   * any other computer.
+   *
+   * Runtime / model / reasoning effort remain human-picked technical fields.
    */
+  suggestedComputer: idOrHandleSchema.optional(),
+  requiredComputer: idOrHandleSchema.optional(),
   draftHint: draftHintSchema
 });
 var channelAddMemberOperationSchema = z.object({
@@ -1501,7 +1505,7 @@ async function handleProxyRequest(req, res) {
       headers.set("content-type", "application/json");
       headers.set("content-length", String(Buffer.byteLength(prepared.bodyText)));
     }
-    const upstream = await fetch(target, {
+    const upstream = await daemonFetch(target, {
       method,
       headers,
       body,
@@ -1518,15 +1522,12 @@ async function handleProxyRequest(req, res) {
     res.writeHead(upstream.status, responseHeadersForLocalProxy(upstream));
     if (upstream.body) {
       const reader = upstream.body.getReader();
-      try {
-        while (true) {
-          const { done, value } = await reader.read();
-          if (done) break;
-          res.write(Buffer.from(value));
-        }
-      } finally {
-        res.end();
+      while (true) {
+        const { done, value } = await reader.read();
+        if (done) break;
+        res.write(Buffer.from(value));
       }
+      res.end();
     } else {
       res.end();
     }
@@ -1536,13 +1537,21 @@ async function handleProxyRequest(req, res) {
       `[Agent Credential Proxy] request failed (agent=${registration.agentId}, launch=${registration.launchId ?? "none"}, method=${failure.method}, path=${failure.pathname}, query_keys=${failure.queryKeys.join(",") || "none"}): ${failure.errorName}: ${failure.errorMessage}`
     );
     registration.inboxCoordinator?.recordProxyFailure?.(failure);
-    res.writeHead(502, { "content-type": "application/json" });
-    res.end(JSON.stringify({
-      error: "failed to proxy local agent request",
-      code: "agent_proxy_failed",
-      detail: failure.errorMessage
-    }));
+    writeProxyFailureResponse(res, failure);
+  }
+}
+function writeProxyFailureResponse(res, failure) {
+  if (res.writableEnded) return;
+  if (res.headersSent) {
+    res.destroy();
+    return;
   }
+  res.writeHead(502, { "content-type": "application/json" });
+  res.end(JSON.stringify({
+    error: "failed to proxy local agent request",
+    code: "agent_proxy_failed",
+    detail: failure.errorMessage
+  }));
 }
 function proxyFailureForError(method, target, err) {
   const queryKeys = target ? [.../* @__PURE__ */ new Set([...target.searchParams.keys()])].sort() : [];
@@ -1739,7 +1748,7 @@ async function loadRecentTargetMessages(registration, headers, target) {
   const historyHeaders = new Headers(headers);
   historyHeaders.delete("content-length");
   historyHeaders.delete("content-type");
-  const res = await fetch(historyUrl, { method: "GET", headers: historyHeaders });
+  const res = await daemonFetch(historyUrl, { method: "GET", headers: historyHeaders });
   if (!res.ok) return [];
   const parsed = await res.json().catch(() => null);
   return Array.isArray(parsed?.messages) ? normalizeVisibleMessages(parsed.messages, target) : [];
@@ -1942,6 +1951,9 @@ var shellSingleQuote = (value) => `'${value.replace(/'/g, `'\\''`)}'`;
 var powershellSingleQuote = (value) => `'${value.replace(/'/g, "''")}'`;
 var DEFAULT_ACTIVE_CAPABILITIES = "send,read,mentions,tasks,reactions,server,channels";
 var safePathPart = (value) => value.replace(/[^a-zA-Z0-9_.-]/g, "_");
+var RAW_CREDENTIAL_ENV_DENYLIST = [
+  "SLOCK_AGENT_CREDENTIAL_KEY"
+];
 var cachedOpencliBinPath;
 function resolveOpencliBinPath() {
   if (cachedOpencliBinPath !== void 0) return cachedOpencliBinPath;
@@ -2123,8 +2135,9 @@ exec ${shellSingleQuote(process.execPath)} ${shellSingleQuote(opencliBinPath)} "
     PATH: `${slockDir}${path2.delimiter}${process.env.PATH ?? ""}`
   };
   delete spawnEnv.SLOCK_AGENT_TOKEN;
-  delete spawnEnv.SLOCK_AGENT_CREDENTIAL_KEY;
-  delete spawnEnv.SLOCK_AGENT_CREDENTIAL_KEY_FILE;
+  for (const key of RAW_CREDENTIAL_ENV_DENYLIST) {
+    delete spawnEnv[key];
+  }
   delete spawnEnv.SLOCK_AGENT_PROXY_URL;
   delete spawnEnv.SLOCK_AGENT_PROXY_TOKEN;
   delete spawnEnv.SLOCK_AGENT_PROXY_TOKEN_FILE;
@@ -2148,6 +2161,118 @@ import path3 from "path";
 function normalizeExecOutput(raw) {
   return Buffer.isBuffer(raw) ? raw.toString("utf8") : String(raw ?? "");
 }
+var WINDOWS_ENVIRONMENT_SCRIPT = [
+  "& {",
+  "  $result = [ordered]@{}",
+  "  foreach ($scope in @('Machine', 'User')) {",
+  "    $scopeEnv = [Environment]::GetEnvironmentVariables($scope)",
+  "    $scopeObj = [ordered]@{}",
+  "    foreach ($key in $scopeEnv.Keys) {",
+  "      $value = $scopeEnv[$key]",
+  "      if ($null -ne $value) { $scopeObj[$key] = [string]$value }",
+  "    }",
+  "    $result[$scope] = $scopeObj",
+  "  }",
+  "  $result | ConvertTo-Json -Compress -Depth 3",
+  "}"
+].join(" ");
+function normalizeProcessEnv(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) return {};
+  const env = {};
+  for (const [key, rawValue] of Object.entries(value)) {
+    if (rawValue !== void 0 && rawValue !== null) {
+      env[key] = String(rawValue);
+    }
+  }
+  return env;
+}
+function readWindowsMachineUserEnvironment(env, execFileSyncFn) {
+  try {
+    const output = normalizeExecOutput(execFileSyncFn("powershell.exe", [
+      "-NoProfile",
+      "-NonInteractive",
+      "-Command",
+      WINDOWS_ENVIRONMENT_SCRIPT
+    ], {
+      stdio: ["ignore", "pipe", "ignore"],
+      env,
+      timeout: 5e3
+    }));
+    const parsed = JSON.parse(output || "{}");
+    return {
+      machine: normalizeProcessEnv(parsed.Machine),
+      user: normalizeProcessEnv(parsed.User)
+    };
+  } catch {
+    return null;
+  }
+}
+function findEnvKey(env, name) {
+  if (!env) return null;
+  const lowerName = name.toLowerCase();
+  const keys = Object.keys(env);
+  for (let index = keys.length - 1; index >= 0; index -= 1) {
+    const key = keys[index];
+    if (key.toLowerCase() === lowerName) return key;
+  }
+  return null;
+}
+function getEnvValue(env, name) {
+  const key = findEnvKey(env, name);
+  return key ? env?.[key] : void 0;
+}
+function setEnvValue(env, key, value) {
+  const existingKey = findEnvKey(env, key);
+  if (existingKey && existingKey !== key) {
+    delete env[existingKey];
+  }
+  env[key] = value;
+}
+function mergeWindowsPathSegments(values) {
+  const segments = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const value of values) {
+    if (!value) continue;
+    for (const rawSegment of value.split(";")) {
+      const segment = rawSegment.trim();
+      if (!segment) continue;
+      const key = segment.toLowerCase();
+      if (seen.has(key)) continue;
+      seen.add(key);
+      segments.push(segment);
+    }
+  }
+  return segments.length > 0 ? segments.join(";") : void 0;
+}
+function mergeWindowsEnvironmentScopes(baseEnv, scopes) {
+  const merged = {};
+  const layers = [scopes.machine ?? {}, scopes.user ?? {}, baseEnv];
+  for (const layer of layers) {
+    for (const [key, value] of Object.entries(layer)) {
+      if (value === void 0 || key.toLowerCase() === "path") continue;
+      setEnvValue(merged, key, value);
+    }
+  }
+  const pathKey = findEnvKey(baseEnv, "Path") ?? findEnvKey(scopes.machine, "Path") ?? findEnvKey(scopes.user, "Path") ?? "Path";
+  const pathValue = mergeWindowsPathSegments([
+    getEnvValue(baseEnv, "Path"),
+    getEnvValue(scopes.machine, "Path"),
+    getEnvValue(scopes.user, "Path")
+  ]);
+  if (pathValue) {
+    merged[pathKey] = pathValue;
+  }
+  return merged;
+}
+function withWindowsUserEnvironment(env, deps = {}) {
+  const platform = deps.platform ?? process.platform;
+  if (platform !== "win32") return env;
+  const execFileSyncFn = deps.execFileSyncFn ?? execFileSync;
+  const reader = deps.windowsEnvironmentReaderFn ?? readWindowsMachineUserEnvironment;
+  const scopes = reader(env, execFileSyncFn);
+  if (!scopes) return env;
+  return mergeWindowsEnvironmentScopes(env, scopes);
+}
 function resolveCommandOnWindows(command, env, execFileSyncFn, existsSyncFn) {
   const script = "& {$cmd = Get-Command -Name $args[0] -ErrorAction Stop | Select-Object -First 1; if ($cmd.Path) { $cmd.Path } elseif ($cmd.Source) { $cmd.Source } elseif ($cmd.Definition) { $cmd.Definition } }";
   try {
@@ -2185,7 +2310,7 @@ function resolveCommandOnWindows(command, env, execFileSyncFn, existsSyncFn) {
 }
 function resolveCommandOnPath(command, deps = {}) {
   const platform = deps.platform ?? process.platform;
-  const env = deps.env ?? process.env;
+  const env = withWindowsUserEnvironment(deps.env ?? process.env, deps);
   const execFileSyncFn = deps.execFileSyncFn ?? execFileSync;
   const existsSyncFn = deps.existsSyncFn ?? existsSync2;
   if (platform === "win32") {
@@ -2211,7 +2336,7 @@ function firstExistingPath(candidates, deps = {}) {
   return null;
 }
 function readCommandVersion(command, args = [], deps = {}) {
-  const env = deps.env ?? process.env;
+  const env = withWindowsUserEnvironment(deps.env ?? process.env, deps);
   const execFileSyncFn = deps.execFileSyncFn ?? execFileSync;
   try {
     const output = normalizeExecOutput(execFileSyncFn(command, [...args, "--version"], {
@@ -2488,6 +2613,7 @@ var ClaudeDriver = class {
       const detail = parts.join(" | ") || fallback;
       events.push({ kind: "error", message: detail });
     };
+    const isProviderApiFailureText = (value, hasToolUse) => !hasToolUse && /^\s*API Error:/i.test(value) && (/\b(?:ECONNRESET|EPIPE|ETIMEDOUT|ECONNREFUSED|ENOTFOUND|EAI_AGAIN)\b/i.test(value) || /\bUnable to connect to API\b/i.test(value) || /\b(?:timed out|timeout)\b/i.test(value) || /\b5\d{2}\b/.test(value));
     switch (event.type) {
       case "system":
         if (event.subtype === "init" && event.session_id) {
@@ -2503,11 +2629,16 @@ var ClaudeDriver = class {
       case "assistant": {
         const content = event.message?.content;
         if (Array.isArray(content)) {
+          const hasToolUse = content.some((block) => block?.type === "tool_use");
           for (const block of content) {
             if (block.type === "thinking" && block.thinking) {
               events.push({ kind: "thinking", text: block.thinking });
             } else if (block.type === "text" && block.text) {
-              events.push({ kind: "text", text: block.text });
+              if (isProviderApiFailureText(block.text, hasToolUse)) {
+                events.push({ kind: "error", message: block.text });
+              } else {
+                events.push({ kind: "text", text: block.text });
+              }
             } else if (block.type === "tool_use") {
               events.push({ kind: "tool_call", name: block.name || "unknown_tool", input: block.input });
             }
@@ -2821,6 +2952,11 @@ var CodexDriver = class {
   sessionAnnounced = false;
   streamedAgentMessageIds = /* @__PURE__ */ new Set();
   streamedReasoningIds = /* @__PURE__ */ new Set();
+  /**
+   * Post-tool window where the app-server may not yet accept stdin steering.
+   * Gate busy-mode delivery until turn/completed or next progress.
+   */
+  steeringGateActive = false;
   async spawn(ctx) {
     ensureGitRepoForCodex(ctx.workingDirectory);
     const { spawnEnv } = await prepareCliTransport(ctx, { NO_COLOR: "1" });
@@ -2835,6 +2971,7 @@ var CodexDriver = class {
     this.sessionAnnounced = false;
     this.streamedAgentMessageIds.clear();
     this.streamedReasoningIds.clear();
+    this.steeringGateActive = false;
     const args = ["app-server", "--listen", "stdio://"];
     args.push(...this.buildRuntimeActionsConfigArgs(ctx));
     const { command, args: spawnArgs } = resolveCodexSpawn(args);
@@ -2908,6 +3045,7 @@ var CodexDriver = class {
         if (typeof turnId === "string") {
           this.activeTurnId = turnId;
         }
+        this.steeringGateActive = false;
         events.push({ kind: "thinking", text: "" });
         break;
       }
@@ -2918,6 +3056,7 @@ var CodexDriver = class {
           this.streamedAgentMessageIds.add(itemId);
         }
         if (typeof delta === "string" && delta.length > 0) {
+          this.steeringGateActive = false;
           events.push({ kind: "text", text: delta });
         }
         break;
@@ -2930,6 +3069,7 @@ var CodexDriver = class {
           this.streamedReasoningIds.add(itemId);
         }
         if (typeof delta === "string" && delta.length > 0) {
+          this.steeringGateActive = false;
           events.push({ kind: "thinking", text: delta });
         }
         break;
@@ -2946,6 +3086,7 @@ var CodexDriver = class {
             if (isCompleted && typeof item.id === "string" && !this.streamedReasoningIds.has(item.id)) {
               const text = joinReasoningText(item);
               if (text) {
+                this.steeringGateActive = false;
                 events.push({ kind: "thinking", text });
               }
             }
@@ -2955,6 +3096,7 @@ var CodexDriver = class {
             break;
           case "agentMessage":
             if (isCompleted && typeof item.id === "string" && !this.streamedAgentMessageIds.has(item.id) && typeof item.text === "string" && item.text.length > 0) {
+              this.steeringGateActive = false;
               events.push({ kind: "text", text: item.text });
             }
             if (isCompleted && typeof item.id === "string") {
@@ -2967,6 +3109,7 @@ var CodexDriver = class {
             }
             if (isCompleted) {
               events.push({ kind: "tool_output", name: "shell" });
+              this.steeringGateActive = true;
             }
             break;
           case "contextCompaction":
@@ -2996,17 +3139,24 @@ var CodexDriver = class {
             if (isCompleted) {
               const toolName = item.server === "chat" ? `${this.mcpToolPrefix}${item.tool}` : `${this.mcpToolPrefix.replace(/_$/, "")}_${item.server}_${item.tool}`;
               events.push({ kind: "tool_output", name: toolName });
+              this.steeringGateActive = true;
             }
             break;
           case "collabAgentToolCall":
             if (isStarted) {
               events.push({ kind: "tool_call", name: "collab_tool_call", input: { tool: item.tool, prompt: item.prompt } });
             }
+            if (isCompleted) {
+              this.steeringGateActive = true;
+            }
             break;
           case "webSearch":
             if (isStarted) {
               events.push({ kind: "tool_call", name: "web_search", input: { query: item.query } });
             }
+            if (isCompleted) {
+              this.steeringGateActive = true;
+            }
             break;
         }
         break;
@@ -3019,6 +3169,7 @@ var CodexDriver = class {
         this.activeTurnId = null;
         this.streamedAgentMessageIds.clear();
         this.streamedReasoningIds.clear();
+        this.steeringGateActive = false;
         events.push({ kind: "turn_end", sessionId: this.threadId || void 0 });
         break;
       }
@@ -3038,7 +3189,7 @@ var CodexDriver = class {
     if (!this.threadId) return null;
     const mode = opts?.mode || "busy";
     if (mode === "busy") {
-      if (!this.activeTurnId) return null;
+      if (!this.activeTurnId || this.steeringGateActive) return null;
       return JSON.stringify({
         jsonrpc: "2.0",
         id: this.nextRequestId(),
@@ -3452,8 +3603,9 @@ var CopilotDriver = class {
 import { spawn as spawn5, spawnSync } from "child_process";
 import { writeFileSync as writeFileSync4, mkdirSync as mkdirSync2, existsSync as existsSync5 } from "fs";
 import path7 from "path";
-async function buildCursorSpawnEnv(ctx) {
-  return (await prepareCliTransport(ctx, { NO_COLOR: "1" })).spawnEnv;
+async function buildCursorSpawnEnv(ctx, deps = {}) {
+  const { spawnEnv } = await prepareCliTransport(ctx, { NO_COLOR: "1" });
+  return withWindowsUserEnvironment(spawnEnv, deps);
 }
 var CursorDriver = class {
   id = "cursor";
@@ -3637,9 +3789,16 @@ function detectCursorModels(runCommand = runCursorModelsCommand) {
   if (result.error || result.status !== 0) return null;
   return parseCursorModelsOutput(String(result.stdout || ""));
 }
+function buildCursorModelProbeEnv(deps = {}) {
+  return withWindowsUserEnvironment({
+    ...deps.env ?? process.env,
+    FORCE_COLOR: "0",
+    NO_COLOR: "1"
+  }, deps);
+}
 function runCursorModelsCommand() {
   return spawnSync("cursor-agent", ["models"], {
-    env: { ...process.env, FORCE_COLOR: "0", NO_COLOR: "1" },
+    env: buildCursorModelProbeEnv(),
     encoding: "utf8",
     timeout: 5e3
   });
@@ -4777,9 +4936,13 @@ function buildRuntimeErrorDiagnosticEnvelope(message) {
   const { value: excerpt, truncated } = truncateDiagnosticText(scrubbed, MAX_RUNTIME_ERROR_MESSAGE_EXCERPT_CHARS);
   const httpStatus = extractHttpStatus(rawMessage);
   const runtimeErrorClass = classifyRuntimeError(rawMessage, httpStatus);
+  const runtimeErrorReason = classifyRuntimeErrorReason(runtimeErrorClass);
   const runtimeErrorAction = classifyRuntimeErrorAction(rawMessage, runtimeErrorClass);
   const fingerprint = fingerprintRuntimeError(scrubbed);
   const spanAttrs = {
+    turn_outcome: "failed",
+    turn_subtype: "runtime_error",
+    turn_reason: runtimeErrorReason,
     runtime_error_class: runtimeErrorClass,
     runtime_error_action: runtimeErrorAction,
     runtime_error_action_required: runtimeErrorAction !== "none",
@@ -4831,7 +4994,10 @@ function classifyRuntimeError(message, httpStatus) {
     return "ProviderApiError";
   }
   if (isRuntimeAuthActionRequiredText(message)) return "AuthError";
-  if (/\btimeout|timed out\b/i.test(message)) return "TimeoutError";
+  if (/\b(?:ETIMEDOUT|timeout|timed out)\b/i.test(message)) return "TimeoutError";
+  if (/\b(?:ECONNRESET|EPIPE|ECONNREFUSED|ENOTFOUND|EAI_AGAIN)\b/i.test(message) || /\bUnable to connect to API\b/i.test(message)) {
+    return "ProviderConnectionError";
+  }
   if (/stream closed before response\.completed|error decoding response body/i.test(message)) return "ProviderStreamError";
   if (/\brate.?limit|too many requests\b/i.test(message)) return "RateLimitError";
   if (/\bnot found\b/i.test(message)) return "NotFoundError";
@@ -4846,6 +5012,28 @@ function classifyRuntimeErrorAction(message, runtimeErrorClass) {
 function isRuntimeAuthActionRequiredText(text) {
   return RUNTIME_AUTH_ACTION_REQUIRED_PATTERNS.some((pattern) => pattern.test(text));
 }
+function classifyRuntimeErrorReason(runtimeErrorClass) {
+  switch (runtimeErrorClass) {
+    case "ProviderConnectionError":
+      return "provider_connection_error";
+    case "TimeoutError":
+      return "provider_timeout";
+    case "ProviderStreamError":
+      return "provider_stream_error";
+    case "RateLimitError":
+      return "rate_limited";
+    case "AuthError":
+      return "auth_failed";
+    case "NotFoundError":
+      return "not_found";
+    case "ProviderServerError":
+      return "provider_server_error";
+    case "ProviderApiError":
+      return "provider_api_error";
+    default:
+      return "unclassified_runtime_error";
+  }
+}
 function runtimeDisplayName(runtimeId) {
   switch (runtimeId) {
     case "antigravity":
@@ -5272,10 +5460,10 @@ For new channels, new agents, and adding members to an existing channel, post an
 
 - Use \`slock action prepare --target <onboarding-channel>\` and pipe an \`ActionCardAction\` JSON. Identity references are handles (\`@alice\` / \`@scout\` / \`#general\` \u2014 bare names work too), never UUIDs. Server resolves at prepare time.
   - \`{type: "channel:create", name, visibility: "public" | "private", description?, initialHumans?: ["@alice"], initialAgents?: ["@scout"], draftHint?}\`
-  - \`{type: "agent:create", name, description?, draftHint?}\`
+  - \`{type: "agent:create", name, description?, suggestedComputer?, requiredComputer?, draftHint?}\`
   - \`{type: "channel:add_member", channel: "#existing-channel", humans?: ["@alice"], agents?: ["@scout"], draftHint?}\` \u2014 at least one of humans / agents must be non-empty
 - The owner clicks the button on the card; the matching dialog opens **prefilled with your values** (editable, deselectable for add_member). They review, adjust, and submit; the action is committed under their identity.
-- Technical fields the owner must pick themselves are NOT yours to prefill on \`agent:create\`: computer, runtime, model, reasoning effort. Stay on semantic intent (name + description).
+- Runtime / model / reasoning effort are NOT yours to prefill on \`agent:create\`. If the human request explicitly binds the agent to a computer, use a structured \`requiredComputer\` (or \`suggestedComputer\` for a soft preference) instead of burying the constraint in \`draftHint\`; otherwise stay on semantic intent (name + description).
 - For \`channel:add_member\`, only suggest people who are actually likely candidates (already in the server, relevant to the channel's topic). The owner will deselect anyone they don't want \u2014 make their default-yes list useful, not exhaustive.
 - Do not just describe or list copyable specs once action cards are available \u2014 the human input cost should land at "click the card, review, submit", not "copy this name into the dialog yourself".
 - Do not imply the resource has been created or members added until the card flips to "Done".
@@ -5528,7 +5716,7 @@ Do not copy these answers verbatim.
 - When the owner agrees to a new agent or channel, **post an action card** with \`slock action prepare\`. The card lives inline in chat; the owner clicks the action button, the matching create dialog opens prefilled with your values (editable), and the resource is created under their identity when they submit.
 - v1 supports three action types via \`slock action prepare --target '<channel>' <<'SLOCKACTION' { ... } SLOCKACTION\`:
   - \`{type: "channel:create", name, visibility: "public" | "private", description?, initialHumans?: ["@alice"], initialAgents?: ["@scout"], draftHint?}\`
-  - \`{type: "agent:create", name, description?, draftHint?}\` \u2014 runtime / model / computer are the owner's call, not yours
+  - \`{type: "agent:create", name, description?, suggestedComputer?, requiredComputer?, draftHint?}\` \u2014 runtime / model / reasoning effort are the owner's call. Use \`requiredComputer\` only when the owner explicitly says the new agent must run on that computer; use \`suggestedComputer\` for a soft preference.
   - \`{type: "channel:add_member", channel: "#existing-channel", humans?: ["@alice"], agents?: ["@scout"], draftHint?}\` \u2014 at least one of humans / agents must be non-empty. The owner clicks "Add Members" on the card; an AddMembers dialog opens with your suggested list (each row toggleable) and the owner submits to actually add them.
 
 - **Identity references are handles, not UUIDs.** Use \`@alice\` / \`@scout\` / \`#general\` (or bare \`alice\` / \`scout\` / \`general\`). The server resolves to UUIDs at prepare time. If a handle doesn't match a real human / agent / channel in this server you get a 422 INVALID_HANDLE error pointing at the field \u2014 fix the handle and retry. You should never see or write UUIDs in action card payloads.
@@ -5539,7 +5727,7 @@ Do not copy these answers verbatim.
 
 ### Guardrail
 - Do not imply you already created agents or channels unless the card state is \`executed\`.
-- Do not prefill technical fields on \`agent:create\` (runtime / model / computer / reasoning effort). The owner picks those in the dialog.
+- Do not prefill runtime / model / reasoning effort on \`agent:create\`. Computer placement is only allowed as the structured \`suggestedComputer\` / \`requiredComputer\` field when the owner's request includes that placement; never rely on \`draftHint\` for a computer constraint.
 - If the action type the user wants is not yet supported (e.g. \`channel:add_member\`), say so plainly and offer the manual UI path; do not invent action types the schema does not accept.
 `;
 }
@@ -6886,7 +7074,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
   }
   async requestManagedRunnerCredentialOnce(agentId, config) {
     const url = new URL(`/internal/computer/runners/${encodeURIComponent(agentId)}/credentials`, this.serverUrl);
-    const res = await fetch(url, {
+    const res = await daemonFetch(url, {
       method: "POST",
       headers: {
         Authorization: `Bearer ${this.daemonApiKey}`,
@@ -6984,7 +7172,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
       `/internal/computer/runners/${encodeURIComponent(agentId)}/credentials/${encodeURIComponent(credentialId)}`,
       this.serverUrl
     );
-    void fetch(url, {
+    void daemonFetch(url, {
       method: "DELETE",
       headers: {
         Authorization: `Bearer ${this.daemonApiKey}`,
@@ -7065,14 +7253,6 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     });
     logger.info(`[Agent ${agentId}] Queued runtime profile ${kind} ${key} during startup`);
   }
-  splitRuntimeProfileControlBatch(messages) {
-    const controlMessages = messages.filter((message) => runtimeProfileNotificationFromMessage(message));
-    if (controlMessages.length === 0 || controlMessages.length === messages.length) {
-      return { nextMessages: messages, deferredMessages: [] };
-    }
-    const deferredMessages = messages.filter((message) => !runtimeProfileNotificationFromMessage(message));
-    return { nextMessages: controlMessages, deferredMessages };
-  }
   containsOrdinaryInboxMessage(messages) {
     return messages.some((message) => !runtimeProfileNotificationFromMessage(message));
   }
@@ -8602,7 +8782,6 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
             ...runtimeTraceCounterAttrs(ap)
           });
           this.endRuntimeTrace(ap, "error", {
-            outcome: "runtime-error",
             ...runtimeErrorDiagnostics.spanAttrs,
             ...runtimeTraceCounterAttrs(ap),
             ...this.finalizeRuntimeProfileTurnControl(agentId, ap, "runtime_error")
@@ -8775,22 +8954,6 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
         return true;
       }
     }
-    const split = this.splitRuntimeProfileControlBatch(messages);
-    if (split.deferredMessages.length > 0) {
-      ap.inbox.unshift(...split.deferredMessages);
-      ap.pendingNotificationCount += split.deferredMessages.length;
-      messages = split.nextMessages;
-      this.recordDaemonTrace("daemon.agent.runtime_profile.split_batch", {
-        agentId,
-        launchId: ap.launchId || void 0,
-        runtime: ap.config.runtime,
-        mode,
-        delivered_control_messages_count: messages.length,
-        deferred_messages_count: split.deferredMessages.length,
-        inbox_count: ap.inbox.length,
-        pending_notification_count: ap.pendingNotificationCount
-      });
-    }
     const traceAttrs = {
       agentId,
       launchId: ap.launchId || void 0,
@@ -9474,7 +9637,7 @@ async function requestDaemonScopeAttestation({
   apiKey,
   scope,
   metadata,
-  fetchImpl = fetch,
+  fetchImpl = daemonFetch,
   timeoutMs = DEFAULT_CHAT_BRIDGE_TOOL_TIMEOUT_MS
 }) {
   const { response, data } = await executeJsonRequest(
@@ -9507,7 +9670,7 @@ async function createDirectUploadSession({
   createPath = "/api/uploads",
   body,
   attestationMetadata,
-  fetchImpl = fetch,
+  fetchImpl = daemonFetch,
   timeoutMs = DEFAULT_CHAT_BRIDGE_TOOL_TIMEOUT_MS
 }) {
   const capability = await requestDaemonScopeAttestation({
@@ -9549,7 +9712,7 @@ async function uploadWithSignedCapability({
   createBody,
   attestationMetadata,
   uploadBody,
-  fetchImpl = fetch,
+  fetchImpl = daemonFetch,
   timeoutMs = DEFAULT_CHAT_BRIDGE_TOOL_TIMEOUT_MS
 }) {
   const { capability, response: session } = await createDirectUploadSession({
@@ -10173,7 +10336,7 @@ var DaemonCore = class {
   }
   async requestRunnerCredentialOnce(agentId, config) {
     const url = new URL(`/internal/computer/runners/${encodeURIComponent(agentId)}/credentials`, this.options.serverUrl);
-    const res = await fetch(url, {
+    const res = await daemonFetch(url, {
       method: "POST",
       headers: {
         "Authorization": `Bearer ${this.options.apiKey}`,