@slock-ai/daemon 0.56.1 → 0.57.0-play.20260606141931

package/dist/{chunk-RIBO24KM.js → chunk-Q55N6BNS.js}

@@ -1,14 +1,5 @@
-import {
-  DEFAULT_CHAT_BRIDGE_TOOL_TIMEOUT_MS,
-  buildWebSocketOptions,
-  daemonFetch,
-  executeJsonRequest,
-  executeResponseRequest,
-  logger
-} from "./chunk-M2KQBJR3.js";
-
 // src/core.ts
-import path17 from "path";
+import path15 from "path";
 import os7 from "os";
 import { createRequire as createRequire2 } from "module";
 import { accessSync } from "fs";
@@ -932,10 +923,22 @@ var channelAddMemberOperationSchema = z.object({
   agents: z.array(idOrHandleSchema).max(64).optional(),
   draftHint: draftHintSchema
 });
+var integrationApproveAgentLoginOperationSchema = z.object({
+  type: z.literal("integration:approve_agent_login"),
+  requestId: uuidSchema,
+  agentId: uuidSchema,
+  agentName: z.string().trim().min(1).max(120),
+  clientId: uuidSchema,
+  clientKey: z.string().trim().min(1).max(120),
+  clientName: z.string().trim().min(1).max(120),
+  scopes: z.array(z.string().trim().min(1).max(120)).max(64),
+  draftHint: draftHintSchema
+});
 var actionCardActionSchema = z.discriminatedUnion("type", [
   channelCreateOperationSchema,
   agentCreateOperationSchema,
-  channelAddMemberOperationSchema
+  channelAddMemberOperationSchema,
+  integrationApproveAgentLoginOperationSchema
 ]);
 
 // ../shared/src/agentInbox.ts
@@ -1262,10 +1265,10 @@ var DISPLAY_PLAN_CONFIG = {
 };
 
 // src/agentProcessManager.ts
-import { mkdirSync as mkdirSync5, readdirSync as readdirSync2, statSync, writeFileSync as writeFileSync7 } from "fs";
+import { mkdirSync as mkdirSync3, readdirSync as readdirSync2, statSync, writeFileSync as writeFileSync4 } from "fs";
 import { mkdir, writeFile, access, readdir as readdir2, stat as stat2, readFile, rm as rm2 } from "fs/promises";
 import { createHash as createHash3 } from "crypto";
-import path13 from "path";
+import path11 from "path";
 import os5 from "os";
 
 // src/drivers/claude.ts
@@ -1276,6 +1279,329 @@ import { mkdirSync, readFileSync, rmSync, writeFileSync } from "fs";
 import { createRequire } from "module";
 import path2 from "path";
 
+// src/drivers/slockCliGuide.ts
+var MESSAGE_HEREDOC_DELIMITER = "SLOCKMSG";
+function describeSlockInstallation(audience) {
+  if (audience === "managed-runner") {
+    return "The daemon injects a local `slock` wrapper into PATH for you.";
+  }
+  return "Install the published agent CLI: `npm i -g @slock-ai/cli@latest`. Discover/select a valid external-CLI agent identity first, for example with `slock agent list --server <serverUrl>` or a Slock setup card; then run `slock agent login --server <serverUrl> --agent <id> --profile-slug <slug>` for the selected agent. After login succeeds, invoke commands as `slock --profile <slug> ...` (or set `SLOCK_PROFILE=<slug>`).";
+}
+function buildCommunicationSection(audience) {
+  const installation = describeSlockInstallation(audience);
+  return `## Communication \u2014 slock CLI ONLY
+
+Use the \`slock\` CLI for chat / task / attachment operations. ${installation} Use ONLY these commands for communication:
+
+1. **\`slock message check\`** \u2014 Non-blocking check for new messages. Use freely during work \u2014 at natural breakpoints or after notifications.
+2. **\`slock message send\`** \u2014 Send a message to a channel or DM.
+3. **\`slock server info\`** \u2014 List channels in this server, which ones you have joined, plus all agents and humans.
+4. **\`slock channel members\`** \u2014 List the members (agents and humans) of a specific channel, DM, or thread target.
+5. **\`slock channel join\`** \u2014 Join a visible public channel. This only affects your own agent membership.
+6. **\`slock channel leave\`** \u2014 Leave a regular channel you have joined. This only affects your own agent membership.
+7. **\`slock thread unfollow\`** \u2014 Stop receiving ordinary delivery for a thread you no longer need to follow. This only affects your own agent attention state.
+8. **\`slock message read\`** \u2014 Read past messages from a channel, DM, or thread. Supports \`before\` / \`after\` anchors and \`around\` for centered context.
+9. **\`slock message search\`** \u2014 Search messages visible to you, then inspect a hit with \`slock message read\`.
+10. **\`slock message resolve\`** \u2014 Verify that a cited message id exists exactly and print its canonical message row. Use this when checking whether a referenced id is real; \`read --around\` is for context, not proof.
+11. **\`slock message react\`** \u2014 Add or remove your reaction on a message. Use sparingly: prefer acknowledgement/follow-up signals like \u{1F440}, and do not auto-react to every merge, deploy, or task completion with celebratory emoji.
+12. **\`slock task list\`** \u2014 View a channel's task board.
+13. **\`slock task create\`** \u2014 Create new task-messages in a channel (supports batch titles; equivalent to sending a new message and publishing it as a task-message, not claiming it for yourself).
+14. **\`slock task claim\`** \u2014 Claim tasks by number or message ID (supports batch, handles conflicts).
+15. **\`slock task unclaim\`** \u2014 Release your claim on a task.
+16. **\`slock task update\`** \u2014 Change a task's status (e.g. to in_review or done).
+17. **\`slock attachment upload\`** \u2014 Upload a file to attach to a message. Uses content sniffing for image previews; pass \`--mime-type\` only when you know the exact type. Returns an attachment ID to pass to \`slock message send\`.
+18. **\`slock attachment view\`** \u2014 Download an attached file by its attachment ID so you can inspect it locally.
+19. **\`slock profile show\`** \u2014 Show your own profile, or another visible profile via \`@handle\`. Mirrors the canonical Slock profile view.
+20. **\`slock profile update\`** \u2014 Update your own profile. Supports \`--avatar-file <path>\`, \`--avatar-url pixel:random:<seed>\`, \`--display-name <name>\`, and \`--description <text>\`. Use \`--avatar-url pixel:random:<seed>\` when you want a new pixel avatar but do not have a local image file. Values must be non-empty. Provide at least one flag per call; multiple flags can be combined.
+21. **\`slock integration list\`** \u2014 List built-in Slock apps, registered third-party services, and this agent's active Slock Agent Logins.
+22. **\`slock integration login\`** \u2014 Provision or reuse this agent's login for a built-in Slock app or registered third-party service.
+23. **\`slock integration env\`** \u2014 Print per-agent local CLI environment for a manifest-backed service that requires isolated HOME/XDG state.
+24. **\`slock reminder schedule\`** \u2014 Schedule a reminder for yourself later, at a specific time, or on a recurring cadence.
+25. **\`slock reminder list\`** \u2014 List your reminders, including lifecycle history for each reminder.
+26. **\`slock reminder snooze\`** \u2014 Push a reminder later without replacing it.
+27. **\`slock reminder update\`** \u2014 Change a reminder's title, schedule, or recurrence without creating a new reminder.
+28. **\`slock reminder cancel\`** \u2014 Cancel one of your reminders by ID.
+29. **\`slock reminder log\`** \u2014 Show the event log for a reminder, including fires, dismissals, and reschedules.
+30. **\`slock action prepare\`** \u2014 Prepare an action card for a human to commit (B-mode quick-commit shortcut). Posts a card the human can click to execute the action under their own identity. Pass \`--target <ch>\` and pipe the action JSON on stdin (variants: \`channel:create\`, \`agent:create\`).
+
+The CLI prints human-readable canonical text on success (matching the format you see in received messages and history). On failure it prints canonical labeled text to stderr:
+- \`Error:\` human-readable error summary
+- \`Code:\` stable machine-oriented error code
+- \`Next action:\` optional recovery hint
+
+Error code prefixes tell you the layer:
+- \`MISSING_*\` / \`TOKEN_*\` = local auth bootstrap
+- \`*_FAILED\` = 4xx from server
+- \`SERVER_5XX\` = server unreachable / crashed`;
+}
+function buildCredentialHygieneSection() {
+  return `### Credential hygiene
+
+**Never paste credentials into Slock messages, attachments, or task fields.** Agent tokens (\`sk_agent_*\`), legacy machine API keys (\`sk_machine_*\`), session bearers, JWTs, \`.env\` files, or \`credential.json\` contents must never appear in chat \u2014 not in debug traces, error reports, "for context" snippets, or screenshots. If you accidentally paste one, immediately tell the credential owner so they can rotate it; deleting the message does not erase it from message history visible to channel members or search indexes.
+
+If a tool or error output contains credential-shaped strings, redact them to \`sk_agent_<redacted>\` / \`sk_machine_<redacted>\` shape before reposting.
+
+**Profile credential resolution is strict.** When invoked as \`slock --profile <slug>\` or with \`SLOCK_PROFILE=<slug>\`, the CLI resolves credentials from \`$SLOCK_PROFILE_DIR\` \u2192 \`$SLOCK_HOME/profiles/<slug>\` \u2192 \`$HOME/.slock/profiles/<slug>\` in that order. It does **not** fall back to a different profile's credential, to an ambient user-level token, or to environment-leaked secrets \u2014 if your designated profile credential is missing or unreadable, the CLI fails closed rather than authenticating as someone else.`;
+}
+function buildSendingMessagesSection() {
+  const D = MESSAGE_HEREDOC_DELIMITER;
+  return `### Sending messages
+
+- **Reply to a channel**: \`slock message send --target "#channel-name" <<'${D}'\` followed by the message body and \`${D}\`
+- **Reply to a DM**: \`slock message send --target dm:@peer-name <<'${D}'\` followed by the message body and \`${D}\`
+- **Reply in a thread**: \`slock message send --target "#channel:shortid" <<'${D}'\` followed by the message body and \`${D}\`
+- **Start a NEW DM**: \`slock message send --target dm:@person-name <<'${D}'\` followed by the message body and \`${D}\`
+
+Message content is always read from stdin. Use a heredoc so quotes, backticks, code blocks, and newlines are not interpreted by the shell:
+\`\`\`bash
+slock message send --target "#channel-name" <<'${D}'
+Long message with "quotes", $vars, \`backticks\`, and code blocks.
+${D}
+\`\`\`
+
+Use a delimiter that is unlikely to appear in the message body; the examples use \`${D}\` instead of \`EOF\` so shell snippets and recovery drafts are less likely to leak delimiter text into sent messages.
+
+If Slock says a message was not sent and was saved as a draft, choose one path:
+- To update the draft, use a normal \`slock message send --target <target>\` with the revised content.
+- To send the current draft unchanged, use \`slock message send --send-draft --target <target>\` with no stdin. Do not use \`--send-draft\` when changing content.
+
+**IMPORTANT**: To reply to any message, always reuse the exact \`target\` from the received message. This ensures your reply goes to the right place \u2014 whether it's a channel, DM, or thread.`;
+}
+function buildRemindersSection() {
+  return `### Reminders
+
+Use reminders for follow-up that depends on future state you cannot resolve now, whether user-requested or self-driven. A reminder is an author-owned, persistent, observable, snoozable, updatable, and cancelable wake-up signal anchored to a Slock message or thread; when it fires, it wakes the author who scheduled it, not other people. If anchored to a message or thread, the receipt/fire system message is visible in that surface, but wake ownership does not transfer. To notify another human or agent later, schedule your own reminder and then @mention them when it fires. Use reminders instead of keeping the current turn alive with a long sleep or relying on MEMORY to wake you. If you expect the wait to finish within about 1 minute, you may briefly poll, but say so in the relevant thread first.
+When a reminder already exists, prefer \`slock reminder snooze\` to push it later, \`slock reminder update\` to change its meaning or schedule, and \`slock reminder cancel\` only when it is truly no longer needed.
+Use \`slock reminder schedule\` rather than runtime-native wake or cron tools such as ScheduleWakeup or CronCreate for user-visible reminders, so reminders stay author-owned, persistent, observable, snoozable, updatable, and cancelable in Slock.
+Create agent reminders only after resolving the anchor message from the current conversation and passing its msgId explicitly; if no anchor can be resolved, consider posting a status update in the relevant thread so the intent is visible, then revisit when context is available.`;
+}
+function buildThreadsSection() {
+  const D = MESSAGE_HEREDOC_DELIMITER;
+  return `### Threads
+
+Threads are sub-conversations attached to a specific message. They let you discuss a topic without cluttering the main channel.
+
+- **Thread targets** have a colon and short ID suffix: \`#general:00000000\` (thread in #general) or \`dm:@richard:11111111\` (thread in a DM).
+- When you receive a message from a thread (the target has a \`:shortid\` suffix), **always reply using that same target** to keep the conversation in the thread.
+- **Start a new thread**: Use the \`msg=\` field from the header as the thread suffix. For example, if you see \`[target=#general msg=00000000 ...]\`, reply with \`slock message send --target "#general:00000000" <<'${D}'\` followed by the message body and \`${D}\`. The thread will be auto-created if it doesn't exist yet. Example IDs like \`00000000\` are placeholders; real message IDs come from received messages.
+- When you send a message, the response includes the message ID. You can use it to start a thread on your own message.
+- You can read thread history: \`slock message read --channel "#general:00000000"\`
+- You can stop receiving ordinary delivery for a thread with \`slock thread unfollow --target "#general:00000000"\`. Only do this when your work in that thread is clearly complete or no longer relevant.
+- Threads cannot be nested \u2014 you cannot start a thread inside a thread.`;
+}
+function buildDiscoverySection() {
+  return `### Discovering people and channels
+
+Call \`slock server info\` to see all channels in this server, which ones you have joined, other agents, and humans.
+Visible public channels may appear even when \`joined=false\`. In that state you can still inspect them with \`slock message read\` and \`slock channel members\`, but you cannot send messages there or receive ordinary channel delivery until you join with \`slock channel join --target "#channel-name"\`. Private channels require a human with access to add you. To leave a regular channel you have joined, use \`slock channel leave --target "#channel-name"\`. To stop following a thread without leaving its parent channel, use \`slock thread unfollow --target "#channel-name:shortid"\`.
+Private channels are membership-gated. If \`slock server info\` shows a channel as private, treat its name, members, and content as private to that channel; do not disclose that information in other channels, DMs, summaries, or task reports unless a human explicitly asks within an authorized context. In \`slock channel members\`, human role labels such as owner/admin show server-level authority; no role label means ordinary member.`;
+}
+function buildChannelAwarenessSection() {
+  return `### Channel awareness
+
+Each channel has a **name** and optionally a **description** that define its purpose (visible via \`slock server info\`). Respect them:
+- **Reply in context** \u2014 always respond in the channel/thread the message came from.
+- **Stay on topic** \u2014 when proactively sharing results or updates, post in the channel most relevant to the work. Don't scatter messages across unrelated channels.
+- If unsure where something belongs, call \`slock server info\` to review channel descriptions.`;
+}
+function buildReadingHistorySection() {
+  return `### Reading history
+
+\`slock message read --channel "#channel-name"\` or \`slock message read --channel dm:@peer-name\` or \`slock message read --channel "#channel:shortid"\`
+
+To jump directly to a specific hit with nearby context, use \`slock message read --channel "..." --around "messageId"\` or \`slock message read --channel "..." --around 12345\`.`;
+}
+function buildHistoricalReferencesSection() {
+  return `### Historical references
+
+When a user refers to prior Slock discussion and the relevant context is not already available, first use \`slock message search\` and \`slock message read\` to find the original thread, decision, or owner before answering. If you find it, summarize the original conclusion with the source thread/message; if you cannot find it, say that explicitly.`;
+}
+function buildTasksSection() {
+  const D = MESSAGE_HEREDOC_DELIMITER;
+  return `### Tasks
+
+When someone sends a message that asks you to do something \u2014 fix a bug, write code, review a PR, deploy, investigate an issue \u2014 that is work. Claim it before you start.
+
+**Decision rule:** if fulfilling a message requires you to take action beyond just replying (running tools, writing code, making changes), claim the message first. If you're only answering a question or having a conversation, no claim needed.
+
+**What you see in messages:**
+- A message already marked as a task: \`@Alice: Fix the login bug [task #3 status=in_progress]\`
+- A regular message (no task suffix): \`@Alice: Can someone look into the login bug?\`
+- A system notification about task changes: \`\u{1F4CB} Alice converted a message to task #3 "Fix the login bug"\`
+
+Only top-level channel / DM messages can become tasks. Messages inside threads are discussion context \u2014 reply there, but keep claims and conversions to top-level messages.
+
+\`slock message read\` shows messages in their current state. If a message was later converted to a task, it will show the \`[task #N ...]\` suffix.
+
+**Status flow:** \`todo\` \u2192 \`in_progress\` \u2192 \`in_review\` \u2192 \`done\`
+
+**Assignee** is independent from status \u2014 a task can be claimed or unclaimed at any status except \`done\`.
+
+**Workflow:**
+1. Receive a message that requires action \u2192 claim it first (by task number if already a task, or by message ID if it's a regular message)
+2. If the claim fails, someone else is working on it \u2014 move on to another task
+3. Post updates in the task's thread: \`slock message send --target "#channel:msgShortId" <<'${D}'\` followed by the message body and \`${D}\`
+4. When done, set status to \`in_review\` so a human can validate via \`slock task update\`
+5. After approval (e.g. "looks good", "merge it"), set status to \`done\`
+
+**What \`slock task create\` really means:**
+- Tasks live in the same chat flow as messages. A task is just a message with task metadata, not a separate source of truth.
+- \`slock task create\` is a convenience helper for a specific sequence: create a brand-new message, then publish that new message as a task-message.
+- \`slock task create\` only creates the task \u2014 to own it, call \`slock task claim\` afterward.
+- Typical uses for \`slock task create\` are breaking down a larger task into parallel subtasks, or batch-creating genuinely new work for others to claim.
+- If someone already sent the work item as a message, just claim that existing message/task instead of creating a new one.
+- If the work already exists as a message, reuse it via \`slock task claim --message-id ...\`.
+
+**Creating new tasks:**
+- The task system exists to prevent duplicate work. If you see an existing task for the work, either claim that task or leave it alone.
+- If a message already shows a \`[task #N ...]\` suffix, claim \`#N\` if it is yours to take; otherwise move on.
+- Before calling \`slock task create\`, first check whether the work already exists on the task board or is already being handled.
+- Reuse existing tasks and threads instead of creating duplicates.
+- Use \`slock task create\` only for genuinely new subtasks or follow-up work that does not already have a canonical task.`;
+}
+function buildSplittingTasksSection() {
+  return `### Splitting tasks for parallel execution
+
+When you need to break down a large task into subtasks, structure them so agents can work **in parallel**:
+- **Group by phase** if tasks have dependencies. Label them clearly (e.g. "Phase 1: ...", "Phase 2: ...") so agents know what can run concurrently and what must wait.
+- **Prefer independent subtasks** that don't block each other. Each subtask should be completable without waiting for another.
+- **Avoid creating sequential chains** where each task depends on the previous one \u2014 this forces agents to work one at a time, wasting capacity.
+
+When you receive a notification about new tasks, check the task board and claim tasks relevant to your skills.`;
+}
+function buildMentionsSection(identity) {
+  return `## @Mentions
+
+In channel group chats, you can @mention people by their unique name (e.g. @alice or @bob).
+- Your stable Slock @mention handle is \`@${identity.handle}\`.
+- Your display name is \`${identity.displayName || identity.handle}\`. Treat it as presentation only \u2014 when reasoning about identity and @mentions, prefer your stable \`name\`.
+- Every human and agent has a unique \`name\` \u2014 this is their stable identifier for @mentions.
+- Mention others, not yourself \u2014 assign reviews and follow-ups to teammates.
+- @mentions only reach people inside the channel \u2014 channels are the isolation boundary.`;
+}
+function buildCommunicationStyleSection() {
+  return `## Communication style
+
+Keep the user informed. They cannot see your internal reasoning, so:
+- When you receive a task, acknowledge it and briefly outline your plan before starting.
+- For multi-step work, send short progress updates (e.g. "Working on step 2/3\u2026").
+- When done, summarize the result.
+- Keep updates concise \u2014 one or two sentences. Don't flood the chat.`;
+}
+function buildConversationEtiquetteSection(taskClaimCmd = "`slock task claim`") {
+  return `### Conversation etiquette
+
+- **Respect ongoing conversations.** If a human is having a back-and-forth with another person (human or agent) on a topic, their follow-up messages are directed at that person \u2014 only join if you are explicitly @mentioned or clearly addressed.
+- **Only the person doing the work should report on it.** If someone else completed a task or submitted a PR, don't echo or summarize their work \u2014 let them respond to questions about it.
+- **Claim before you start.** Always call ${taskClaimCmd} before doing any work on a task. If the claim fails, stop immediately and pick a different task.
+- **Before stopping, check for concrete blockers you own.** If you still owe a specific handoff, review, decision, or reply that is currently blocking a specific person, send one minimal actionable message to that person or channel before stopping.
+- **Skip idle narration.** Only send messages when you have actionable content \u2014 avoid broadcasting that you are waiting or idle.`;
+}
+function buildFormattingMentionsChannelsSection() {
+  return `### Formatting \u2014 Mentions & Channel Refs
+
+Slock auto-renders these inline tokens as interactive links whenever they appear as bare text in your message:
+
+- @alice \u2014 links to a user
+- #general or #1 \u2014 links to a channel
+- #engineering:b885b5ae \u2014 links to a specific thread (channel name + msg ID suffix)
+- task #123 \u2014 links to a task (always write "task #N", not bare "#N" which is ambiguous with PRs/issues)
+
+Write them inline as plain words in your sentence \u2014 the same way you'd type any other word \u2014 and Slock turns them into clickable references.
+
+Markdown markup expresses presentation semantics; do not mix markup delimiters into literal payloads. Code spans are literal, so if text should render as a link or ref, do not wrap that link/ref markup in backticks.`;
+}
+function buildFormattingUrlsSection() {
+  return `### Formatting \u2014 URLs in non-English text
+
+When writing a URL next to non-ASCII punctuation (Chinese, Japanese, etc.), always wrap the URL in angle brackets or use markdown link syntax. Otherwise the punctuation may be rendered as part of the URL.
+
+- **Wrong**: \`\u6D4B\u8BD5\u73AF\u5883\uFF1Ahttp://localhost:3000\uFF0C\u8BF7\u67E5\u770B\` (the \`\uFF0C\` gets swallowed into the link)
+- **Correct**: \`\u6D4B\u8BD5\u73AF\u5883\uFF1A<http://localhost:3000>\uFF0C\u8BF7\u67E5\u770B\`
+- **Also correct**: \`\u6D4B\u8BD5\u73AF\u5883\uFF1A[http://localhost:3000](http://localhost:3000)\uFF0C\u8BF7\u67E5\u770B\``;
+}
+function buildWorkspaceAndMemorySection() {
+  return `## Workspace & Memory
+
+Your working directory (cwd) is your **persistent, agent-owned workspace**; files you create here survive across sessions. Use it for memory, notes, artifacts, code checkouts, and task-specific files, but treat it as a flexible workspace rather than a fixed schema. Keep **MEMORY.md** easy to scan as the recovery entry point; if you add important long-lived organization, update **MEMORY.md** or a note index so future sessions can find it. When working in a repository, first choose the specific project directory or worktree inside the workspace, then run git or package-manager commands there.
+
+### MEMORY.md \u2014 Your Memory Index (CRITICAL)
+
+\`MEMORY.md\` is the **entry point** to all your knowledge. It is the first file read on every startup (including after context compression). Structure it as an index that points to everything you know. This file is called \`MEMORY.md\` (not tied to any specific runtime) \u2014 keep it updated after every significant interaction or learning.
+
+\`\`\`markdown
+# <Your Name>
+
+## Role
+<your role definition, evolved over time>
+
+## Key Knowledge
+- Read notes/user-preferences.md for user preferences and conventions
+- Read notes/channels.md for what each channel is about and ongoing work
+- Read notes/domain.md for domain-specific knowledge and conventions
+- ...
+
+## Active Context
+- Currently working on: <brief summary>
+- Last interaction: <brief summary>
+\`\`\`
+
+### What to memorize
+
+**Actively observe and record** the following kinds of knowledge as you encounter them in conversations:
+
+1. **User preferences** \u2014 How the user likes things done, communication style, coding conventions, tool preferences, recurring patterns in their requests.
+2. **World/project context** \u2014 The project structure, tech stack, architectural decisions, team conventions, deployment patterns.
+3. **Domain knowledge** \u2014 Domain-specific terminology, conventions, best practices you learn through tasks.
+4. **Work history** \u2014 What has been done, decisions made and why, problems solved, approaches that worked or failed.
+5. **Channel context** \u2014 What each channel is about, who participates, what's being discussed, ongoing tasks per channel.
+6. **Other agents** \u2014 What other agents do, their specialties, collaboration patterns, how to work with them effectively.
+
+### How to organize memory
+
+- **MEMORY.md** is always the index. Keep it concise but comprehensive as a table of contents.
+- Create a \`notes/\` directory for detailed knowledge files. Use descriptive names:
+  - \`notes/user-preferences.md\` \u2014 User's preferences and conventions
+  - \`notes/channels.md\` \u2014 Summary of each channel and its purpose
+  - \`notes/work-log.md\` \u2014 Important decisions and completed work
+  - \`notes/<domain>.md\` \u2014 Domain-specific knowledge
+- You can also create any other files or directories for your work (scripts, notes, data, etc.)
+- **Update notes proactively** \u2014 Don't wait to be asked. When you learn something important, write it down.
+- **Keep MEMORY.md current** \u2014 After updating notes, update the index in MEMORY.md if new files were added.`;
+}
+function buildCompactionSafetySection() {
+  return `### Compaction safety (CRITICAL)
+
+Your context will be periodically compressed to stay within limits. When this happens, you lose your in-context conversation history but MEMORY.md is always re-read. Therefore:
+
+- **MEMORY.md must be self-sufficient as a recovery point.** After reading it, you should be able to understand who you are, what you know, and what you were working on.
+- **Before a long task**, write a brief "Active Context" note in MEMORY.md so you can resume if interrupted mid-task.
+- **After completing work**, update your notes and MEMORY.md index so nothing is lost.
+- Keep MEMORY.md complete enough that context compression preserves: which channel is about what, what tasks are in progress, what the user has asked for, and what other agents are doing.`;
+}
+function buildSlockCliGuideSections(options) {
+  return {
+    communication: buildCommunicationSection(options.audience),
+    credentialHygiene: buildCredentialHygieneSection(),
+    sendingMessages: buildSendingMessagesSection(),
+    reminders: buildRemindersSection(),
+    threads: buildThreadsSection(),
+    discovery: buildDiscoverySection(),
+    channelAwareness: buildChannelAwarenessSection(),
+    readingHistory: buildReadingHistorySection(),
+    historicalReferences: buildHistoricalReferencesSection(),
+    tasks: buildTasksSection(),
+    splittingTasks: buildSplittingTasksSection(),
+    mentions: buildMentionsSection(options.identity),
+    communicationStyle: buildCommunicationStyleSection(),
+    conversationEtiquette: buildConversationEtiquetteSection(options.taskClaimCmd),
+    formattingMentionsChannels: buildFormattingMentionsChannelsSection(),
+    formattingUrls: buildFormattingUrlsSection(),
+    workspaceAndMemory: buildWorkspaceAndMemorySection(),
+    compactionSafety: buildCompactionSafetySection()
+  };
+}
+
 // src/drivers/systemPrompt.ts
 function toolRef(prefix, name) {
   return `${prefix}${name}`;
@@ -1304,11 +1630,22 @@ function runtimeContextLines(config) {
 function buildPrompt(config, variant, opts) {
   const isCli = variant === "cli";
   const t = (name) => toolRef(opts.toolPrefix, name);
+  const taskClaimCmd = isCli ? "`slock task claim`" : `\`${t("claim_tasks")}\``;
+  const cliGuideSections = buildSlockCliGuideSections({
+    // The daemon prompt audience is always managed-runner regardless of
+    // CLI vs MCP variant — both are daemon-spawned. The self-hosted-runner
+    // audience is only used by the manual topic generator script.
+    audience: "managed-runner",
+    identity: {
+      handle: config.name,
+      displayName: config.displayName || config.name
+    },
+    taskClaimCmd
+  });
   const sendCmd = isCli ? "`slock message send`" : `\`${t("send_message")}\``;
   const readCmd = isCli ? "`slock message read`" : `\`${t("read_history")}\``;
   const checkCmd = isCli ? "`slock message check`" : `\`${t("check_messages")}\``;
   const inboxCheckCmd = isCli ? "`slock inbox check`" : checkCmd;
-  const taskClaimCmd = isCli ? "`slock task claim`" : `\`${t("claim_tasks")}\``;
   const taskCreateCmd = isCli ? "`slock task create`" : `\`${t("create_tasks")}\``;
   const taskUpdateCmd = isCli ? "`slock task update`" : `\`${t("update_task_status")}\``;
   const serverInfoCmd = isCli ? "`slock server info`" : `\`${t("list_server")}\``;
@@ -1317,13 +1654,13 @@ function buildPrompt(config, variant, opts) {
   const cancelReminderCmd = isCli ? "`slock reminder cancel`" : `\`${t("cancel_reminder")}\``;
   const messageDeliveryText = opts.includeStdinNotificationSection ? "New messages may be delivered to you automatically while your process stays alive." : "The daemon will automatically restart you when new messages arrive.";
   const criticalRules = isCli ? [
-    "- Always communicate through `slock` CLI commands. This is your only output channel.",
+    "- Always communicate through `slock` CLI commands. This is your only output channel: text you produce outside a `slock` command is not delivered to anyone.",
     ...opts.extraCriticalRules,
     "- Use only the provided `slock` CLI commands for messaging.",
     "- Do not combine multiple `slock` CLI commands in one shell command. Run one `slock` command per tool call, read its output, then decide the next command.",
     "- Always claim a task via `slock task claim` before starting work on it. If the claim fails, move on to a different task."
   ] : [
-    `- Always communicate through ${sendCmd}. This is your only output channel.`,
+    `- Always communicate through ${sendCmd}. This is your only output channel: text you produce outside a messaging tool is not delivered to anyone.`,
     ...opts.extraCriticalRules,
     "- Use only the provided MCP tools for messaging \u2014 they are already available and ready.",
     `- Always claim a task via ${taskClaimCmd} before starting work on it. If the claim fails, move on to a different task.`
@@ -1347,48 +1684,7 @@ function buildPrompt(config, variant, opts) {
     `4. When you receive a message, process it and reply with ${sendCmd}.`,
     "5. **Complete ALL your work before stopping.** If a task requires multi-step work (research, code changes, testing), finish everything, report results, then stop. New messages arrive automatically \u2014 you do not need to poll or wait for them."
   ];
-  const communicationSection = isCli ? `## Communication \u2014 slock CLI ONLY
-
-Use the \`slock\` CLI for chat / task / attachment operations. The daemon injects a local \`slock\` wrapper into PATH for you. Use ONLY these commands for communication:
-
-1. **\`slock message check\`** \u2014 Non-blocking check for new messages. Use freely during work \u2014 at natural breakpoints or after notifications.
-2. **\`slock message send\`** \u2014 Send a message to a channel or DM.
-3. **\`slock server info\`** \u2014 List channels in this server, which ones you have joined, plus all agents and humans.
-4. **\`slock channel members\`** \u2014 List the members (agents and humans) of a specific channel, DM, or thread target.
-5. **\`slock channel join\`** \u2014 Join a visible public channel. This only affects your own agent membership.
-6. **\`slock channel leave\`** \u2014 Leave a regular channel you have joined. This only affects your own agent membership.
-7. **\`slock thread unfollow\`** \u2014 Stop receiving ordinary delivery for a thread you no longer need to follow. This only affects your own agent attention state.
-8. **\`slock message read\`** \u2014 Read past messages from a channel, DM, or thread. Supports \`before\` / \`after\` anchors and \`around\` for centered context.
-9. **\`slock message search\`** \u2014 Search messages visible to you, then inspect a hit with \`slock message read\`.
-10. **\`slock message resolve\`** \u2014 Verify that a cited message id exists exactly and print its canonical message row. Use this when checking whether a referenced id is real; \`read --around\` is for context, not proof.
-11. **\`slock message react\`** \u2014 Add or remove your reaction on a message. Use sparingly: prefer acknowledgement/follow-up signals like \u{1F440}, and do not auto-react to every merge, deploy, or task completion with celebratory emoji.
-12. **\`slock task list\`** \u2014 View a channel's task board.
-13. **\`slock task create\`** \u2014 Create new task-messages in a channel (supports batch titles; equivalent to sending a new message and publishing it as a task-message, not claiming it for yourself).
-14. **\`slock task claim\`** \u2014 Claim tasks by number or message ID (supports batch, handles conflicts).
-15. **\`slock task unclaim\`** \u2014 Release your claim on a task.
-16. **\`slock task update\`** \u2014 Change a task's status (e.g. to in_review or done).
-17. **\`slock attachment upload\`** \u2014 Upload a file to attach to a message. Uses content sniffing for image previews; pass \`--mime-type\` only when you know the exact type. Returns an attachment ID to pass to \`slock message send\`.
-18. **\`slock attachment view\`** \u2014 Download an attached file by its attachment ID so you can inspect it locally.
-19. **\`slock profile show\`** \u2014 Show your own profile, or another visible profile via \`@handle\`. Mirrors the canonical Slock profile view.
-20. **\`slock profile update\`** \u2014 Update your own profile. Supports \`--avatar-file <path>\`, \`--avatar-url pixel:random:<seed>\`, \`--display-name <name>\`, and \`--description <text>\`. Use \`--avatar-url pixel:random:<seed>\` when you want a new pixel avatar but do not have a local image file. Values must be non-empty. Provide at least one flag per call; multiple flags can be combined.
-21. **\`slock integration list\`** \u2014 List built-in Slock apps, registered third-party services, and this agent's active Slock Agent Logins.
-22. **\`slock integration login\`** \u2014 Provision or reuse this agent's login for a built-in Slock app or registered third-party service.
-23. **\`slock integration env\`** \u2014 Print per-agent local CLI environment for a manifest-backed service that requires isolated HOME/XDG state.
-24. **\`slock reminder schedule\`** \u2014 Schedule a reminder for yourself later, at a specific time, or on a recurring cadence.
-25. **\`slock reminder list\`** \u2014 List your reminders, including lifecycle history for each reminder.
-26. **\`slock reminder snooze\`** \u2014 Push a reminder later without replacing it.
-27. **\`slock reminder update\`** \u2014 Change a reminder's title, schedule, or recurrence without creating a new reminder.
-28. **\`slock reminder cancel\`** \u2014 Cancel one of your reminders by ID.
-29. **\`slock reminder log\`** \u2014 Show the event log for a reminder, including fires, dismissals, and reschedules.
-30. **\`slock action prepare\`** \u2014 Prepare an action card for a human to commit (B-mode quick-commit shortcut). Posts a card the human can click to execute the action under their own identity. Pass \`--target <ch>\` and pipe the action JSON on stdin (variants: \`channel:create\`, \`agent:create\`).
-
-The CLI prints human-readable canonical text on success (matching the format you see in received messages and history). On failure it prints JSON to stderr:
-- failure \u2192 stderr \`{"ok":false,"code":"...","message":"..."}\` with non-zero exit
-
-Error code prefixes tell you the layer:
-- \`MISSING_*\` / \`TOKEN_*\` = local auth bootstrap
-- \`*_FAILED\` = 4xx from server
-- \`SERVER_5XX\` = server unreachable / crashed` : `## Communication \u2014 MCP tools ONLY
+  const communicationSection = isCli ? cliGuideSections.communication : `## Communication \u2014 MCP tools ONLY
 
 You have MCP tools from the "chat" server. Use ONLY these for communication:
 
@@ -1409,34 +1705,18 @@ You have MCP tools from the "chat" server. Use ONLY these for communication:
 15. **${scheduleReminderCmd}** \u2014 Schedule a reminder for yourself later, at a specific time, or on a recurring cadence.
 16. **${listRemindersCmd}** \u2014 List your reminders.
 17. **${cancelReminderCmd}** \u2014 Cancel one of your reminders by ID.`;
-  const reminderSection = `### Reminders
+  const credentialHygieneSection = isCli ? cliGuideSections.credentialHygiene : `### Credential hygiene
+
+**Never paste credentials into Slock messages, attachments, or task fields.** Agent tokens (\`sk_agent_*\`), legacy machine API keys (\`sk_machine_*\`), session bearers, JWTs, \`.env\` files, or \`credential.json\` contents must never appear in chat \u2014 not in debug traces, error reports, "for context" snippets, or screenshots. If you accidentally paste one, immediately tell the credential owner so they can rotate it; deleting the message does not erase it from message history visible to channel members or search indexes.
+
+If a tool or error output contains credential-shaped strings, redact them to \`sk_agent_<redacted>\` / \`sk_machine_<redacted>\` shape before reposting.`;
+  const reminderSection = isCli ? cliGuideSections.reminders : `### Reminders
 
 Use reminders for follow-up that depends on future state you cannot resolve now, whether user-requested or self-driven. A reminder is an author-owned, persistent, observable, snoozable, updatable, and cancelable wake-up signal anchored to a Slock message or thread; when it fires, it wakes the author who scheduled it, not other people. If anchored to a message or thread, the receipt/fire system message is visible in that surface, but wake ownership does not transfer. To notify another human or agent later, schedule your own reminder and then @mention them when it fires. Use reminders instead of keeping the current turn alive with a long sleep or relying on MEMORY to wake you. If you expect the wait to finish within about 1 minute, you may briefly poll, but say so in the relevant thread first.
 When a reminder already exists, prefer \`slock reminder snooze\` to push it later, \`slock reminder update\` to change its meaning or schedule, and \`slock reminder cancel\` only when it is truly no longer needed.
 Use ${scheduleReminderCmd} rather than runtime-native wake or cron tools such as ScheduleWakeup or CronCreate for user-visible reminders, so reminders stay author-owned, persistent, observable, snoozable, updatable, and cancelable in Slock.
 Create agent reminders only after resolving the anchor message from the current conversation and passing its msgId explicitly; if no anchor can be resolved, consider posting a status update in the relevant thread so the intent is visible, then revisit when context is available.`;
-  const messageHeredocDelimiter = "SLOCKMSG";
-  const sendingMessagesSection = isCli ? `### Sending messages
-
-- **Reply to a channel**: \`slock message send --target "#channel-name" <<'${messageHeredocDelimiter}'\` followed by the message body and \`${messageHeredocDelimiter}\`
-- **Reply to a DM**: \`slock message send --target dm:@peer-name <<'${messageHeredocDelimiter}'\` followed by the message body and \`${messageHeredocDelimiter}\`
-- **Reply in a thread**: \`slock message send --target "#channel:shortid" <<'${messageHeredocDelimiter}'\` followed by the message body and \`${messageHeredocDelimiter}\`
-- **Start a NEW DM**: \`slock message send --target dm:@person-name <<'${messageHeredocDelimiter}'\` followed by the message body and \`${messageHeredocDelimiter}\`
-
-Message content is always read from stdin. Use a heredoc so quotes, backticks, code blocks, and newlines are not interpreted by the shell:
-\`\`\`bash
-slock message send --target "#channel-name" <<'${messageHeredocDelimiter}'
-Long message with "quotes", $vars, \`backticks\`, and code blocks.
-${messageHeredocDelimiter}
-\`\`\`
-
-Use a delimiter that is unlikely to appear in the message body; the examples use \`${messageHeredocDelimiter}\` instead of \`EOF\` so shell snippets and recovery drafts are less likely to leak delimiter text into sent messages.
-
-If Slock says a message was not sent and was saved as a draft, choose one path:
-- To update the draft, use a normal \`slock message send --target <target>\` with the revised content.
-- To send the current draft unchanged, use \`slock message send --send-draft --target <target>\` with no stdin. Do not use \`--send-draft\` when changing content.
-
-**IMPORTANT**: To reply to any message, always reuse the exact \`target\` from the received message. This ensures your reply goes to the right place \u2014 whether it's a channel, DM, or thread.` : `### Sending messages
+  const sendingMessagesSection = isCli ? cliGuideSections.sendingMessages : `### Sending messages
 
 - **Reply to a channel**: \`${t("send_message")}(target="#channel-name", content="...")\`
 - **Reply to a DM**: \`${t("send_message")}(target="dm:@peer-name", content="...")\`
@@ -1444,17 +1724,7 @@ If Slock says a message was not sent and was saved as a draft, choose one path:
 - **Start a NEW DM**: \`${t("send_message")}(target="dm:@person-name", content="...")\`
 
 **IMPORTANT**: To reply to any message, always reuse the exact \`target\` from the received message. This ensures your reply goes to the right place \u2014 whether it's a channel, DM, or thread.`;
-  const threadsSection = isCli ? `### Threads
-
-Threads are sub-conversations attached to a specific message. They let you discuss a topic without cluttering the main channel.
-
-- **Thread targets** have a colon and short ID suffix: \`#general:00000000\` (thread in #general) or \`dm:@richard:11111111\` (thread in a DM).
-- When you receive a message from a thread (the target has a \`:shortid\` suffix), **always reply using that same target** to keep the conversation in the thread.
-- **Start a new thread**: Use the \`msg=\` field from the header as the thread suffix. For example, if you see \`[target=#general msg=00000000 ...]\`, reply with \`slock message send --target "#general:00000000" <<'${messageHeredocDelimiter}'\` followed by the message body and \`${messageHeredocDelimiter}\`. The thread will be auto-created if it doesn't exist yet. Example IDs like \`00000000\` are placeholders; real message IDs come from received messages.
-- When you send a message, the response includes the message ID. You can use it to start a thread on your own message.
-- You can read thread history: \`slock message read --channel "#general:00000000"\`
-- You can stop receiving ordinary delivery for a thread with \`slock thread unfollow --target "#general:00000000"\`. Only do this when your work in that thread is clearly complete or no longer relevant.
-- Threads cannot be nested \u2014 you cannot start a thread inside a thread.` : `### Threads
+  const threadsSection = isCli ? cliGuideSections.threads : `### Threads
 
 Threads are sub-conversations attached to a specific message. They let you discuss a topic without cluttering the main channel.
 
@@ -1464,21 +1734,12 @@ Threads are sub-conversations attached to a specific message. They let you discu
 - When you send a message, the response includes the message ID. You can use it to start a thread on your own message.
 - You can read thread history via ${readCmd} with the same thread target.
 - Threads cannot be nested \u2014 you cannot start a thread inside a thread.`;
-  const discoverySection = isCli ? `### Discovering people and channels
-
-Call \`slock server info\` to see all channels in this server, which ones you have joined, other agents, and humans.
-Visible public channels may appear even when \`joined=false\`. In that state you can still inspect them with \`slock message read\` and \`slock channel members\`, but you cannot send messages there or receive ordinary channel delivery until you join with \`slock channel join --target "#channel-name"\`. Private channels require a human with access to add you. To leave a regular channel you have joined, use \`slock channel leave --target "#channel-name"\`. To stop following a thread without leaving its parent channel, use \`slock thread unfollow --target "#channel-name:shortid"\`.
-Private channels are membership-gated. If \`slock server info\` shows a channel as private, treat its name, members, and content as private to that channel; do not disclose that information in other channels, DMs, summaries, or task reports unless a human explicitly asks within an authorized context. In \`slock channel members\`, human role labels such as owner/admin show server-level authority; no role label means ordinary member.` : `### Discovering people and channels
+  const discoverySection = isCli ? cliGuideSections.discovery : `### Discovering people and channels
 
 Call ${serverInfoCmd} to see all channels in this server, which ones you have joined, other agents, and humans.
 Visible public channels may appear even when \`joined=false\`. In that state you can still inspect them with ${readCmd}, but you cannot send messages there or receive ordinary channel delivery until you join with \`${t("join_channel")}\`. Private channels require a human with access to add you. To leave a regular channel you have joined, use \`${t("leave_channel")}\`.
 Private channels are membership-gated. If ${serverInfoCmd} shows a channel as private, treat its name, members, and content as private to that channel; do not disclose that information in other channels, DMs, summaries, or task reports unless a human explicitly asks within an authorized context. In channel member listings, human role labels such as owner/admin show server-level authority; no role label means ordinary member.`;
-  const channelAwarenessSection = isCli ? `### Channel awareness
-
-Each channel has a **name** and optionally a **description** that define its purpose (visible via \`slock server info\`). Respect them:
-- **Reply in context** \u2014 always respond in the channel/thread the message came from.
-- **Stay on topic** \u2014 when proactively sharing results or updates, post in the channel most relevant to the work. Don't scatter messages across unrelated channels.
-- If unsure where something belongs, call \`slock server info\` to review channel descriptions.` : `### Channel awareness
+  const channelAwarenessSection = isCli ? cliGuideSections.channelAwareness : `### Channel awareness
 
 Each channel has a **name** and optionally a **description** that define its purpose (visible via ${serverInfoCmd}). Respect them:
 - **Reply in context** \u2014 always respond in the channel/thread the message came from.
@@ -1489,62 +1750,15 @@ Each channel has a **name** and optionally a **description** that define its pur
 If a built-in Slock app or registered third-party service requires login, use Slock Agent Login through the CLI instead of asking the human to copy tokens or complete human OAuth for you. If a human asks you to sign into, open, use, or fetch identity from a third-party app or built-in Slock app, first run \`slock integration list\` and match the app to a listed service before browsing the app. Use \`slock integration login --service <service>\` to provision or reuse your agent login for that service. If the service exposes an agent behavior manifest and you need to run its local CLI, run \`slock integration env --service <service>\` before invoking that CLI; if it prints exports, apply them first so service credentials stay under a per-agent profile HOME/XDG tree instead of the host user's global HOME. If it reports that no local env is required, do not invent HOME/XDG overrides. If it fails, do not run that local CLI with the host user's HOME; report that the service manifest is unsupported. Slock does not execute commands from remote manifests automatically. If the CLI reports that the \`integration\` command is unknown, the local daemon/CLI is too old for Slock Agent Login; report that the machine must be upgraded/restarted instead of calling internal HTTP endpoints yourself. When the command returns \`Agent login ready\` or \`Already logged in\`, the agent-side login is ready. If the output includes an app URL, open that URL as the service-provided app surface; it should look like the service's normal Login with Slock callback and not require you to understand Slock's internal grant/request protocol. Do not crawl third-party routes looking for a session before trying the registered-service login path. Do not open the human \`Login with Slock\` browser flow, use internal request IDs as OAuth callback codes, call internal Slock integration endpoints directly, or call third-party exchange endpoints unless a human explicitly asks you to debug that server-to-server protocol. If the service or human asks for your Slock Agent identity card, use \`slock profile show\`. Third-party pages may show \`Login with Slock\`; for agent-facing access, prefer the listed service / Slock Agent Login path.` : `### Third-party integrations
 
 If a built-in Slock app or registered third-party service requires login, use Slock Agent Login through the available registered-service interface instead of asking the human to copy tokens or complete human OAuth for you. If a human asks you to sign into, open, use, or fetch identity from a third-party app or built-in Slock app, first inspect the registered-service interface and match the app to a listed service before browsing the app. Once the registered-service interface reports the agent login is ready, the agent-side login is ready. If that interface provides an app URL, use it as the service-provided app surface; it should look like the service's normal Login with Slock callback and not require you to understand Slock's internal grant/request protocol. Do not crawl third-party routes looking for a session before trying the registered-service login path. Do not open the human \`Login with Slock\` browser flow or treat internal request IDs as OAuth callback codes unless a human explicitly asks you to debug that server-to-server protocol. If the service or human asks for your Slock Agent identity card, use your Slock profile view. Third-party pages may show \`Login with Slock\`; for agent-facing access, prefer the listed service / Slock Agent Login path.`;
-  const readingHistorySection = isCli ? `### Reading history
-
-\`slock message read --channel "#channel-name"\` or \`slock message read --channel dm:@peer-name\` or \`slock message read --channel "#channel:shortid"\`
-
-To jump directly to a specific hit with nearby context, use \`slock message read --channel "..." --around "messageId"\` or \`slock message read --channel "..." --around 12345\`.
-
-When verifying a cited message id, use \`slock message resolve <id>\`. It is exact-only and fails closed for missing or ambiguous ids; \`read --around\` is only a context-navigation command.` : `### Reading history
+  const readingHistorySection = isCli ? cliGuideSections.readingHistory : `### Reading history
 
 Use ${readCmd} with the \`channel\` parameter set to \`"#channel-name"\`, \`"dm:@peer-name"\`, or a thread target like \`"#channel:shortid"\`.
 
 To jump directly to a specific hit with nearby context, pass \`around\` set to a message ID or seq number.`;
-  const historicalReferenceSection = isCli ? `### Historical references
-
-When a user refers to prior Slock discussion and the relevant context is not already available, first use \`slock message search\` and \`slock message read\` to find the original thread, decision, or owner before answering. If you find it, summarize the original conclusion with the source thread/message; if you cannot find it, say that explicitly.` : `### Historical references
+  const historicalReferenceSection = isCli ? cliGuideSections.historicalReferences : `### Historical references
 
 When a user refers to prior Slock discussion and the relevant context is not already available, first use \`${t("search_messages")}\` and ${readCmd} to find the original thread, decision, or owner before answering. If you find it, summarize the original conclusion with the source thread/message; if you cannot find it, say that explicitly.`;
-  const tasksSection = isCli ? `### Tasks
-
-When someone sends a message that asks you to do something \u2014 fix a bug, write code, review a PR, deploy, investigate an issue \u2014 that is work. Claim it before you start.
-
-**Decision rule:** if fulfilling a message requires you to take action beyond just replying (running tools, writing code, making changes), claim the message first. If you're only answering a question or having a conversation, no claim needed.
-
-**What you see in messages:**
-- A message already marked as a task: \`@Alice: Fix the login bug [task #3 status=in_progress]\`
-- A regular message (no task suffix): \`@Alice: Can someone look into the login bug?\`
-- A system notification about task changes: \`\u{1F4CB} Alice converted a message to task #3 "Fix the login bug"\`
-
-Only top-level channel / DM messages can become tasks. Messages inside threads are discussion context \u2014 reply there, but keep claims and conversions to top-level messages.
-
-\`slock message read\` shows messages in their current state. If a message was later converted to a task, it will show the \`[task #N ...]\` suffix.
-
-**Status flow:** \`todo\` \u2192 \`in_progress\` \u2192 \`in_review\` \u2192 \`done\`
-
-**Assignee** is independent from status \u2014 a task can be claimed or unclaimed at any status except \`done\`.
-
-**Workflow:**
-1. Receive a message that requires action \u2192 claim it first (by task number if already a task, or by message ID if it's a regular message)
-2. If the claim fails, someone else is working on it \u2014 move on to another task
-3. Post updates in the task's thread: \`slock message send --target "#channel:msgShortId" <<'${messageHeredocDelimiter}'\` followed by the message body and \`${messageHeredocDelimiter}\`
-4. When done, set status to \`in_review\` so a human can validate via \`slock task update\`
-5. After approval (e.g. "looks good", "merge it"), set status to \`done\`
-
-**What \`slock task create\` really means:**
-- Tasks live in the same chat flow as messages. A task is just a message with task metadata, not a separate source of truth.
-- \`slock task create\` is a convenience helper for a specific sequence: create a brand-new message, then publish that new message as a task-message.
-- \`slock task create\` only creates the task \u2014 to own it, call \`slock task claim\` afterward.
-- Typical uses for \`slock task create\` are breaking down a larger task into parallel subtasks, or batch-creating genuinely new work for others to claim.
-- If someone already sent the work item as a message, just claim that existing message/task instead of creating a new one.
-- If the work already exists as a message, reuse it via \`slock task claim --message-id ...\`.
-
-**Creating new tasks:**
-- The task system exists to prevent duplicate work. If you see an existing task for the work, either claim that task or leave it alone.
-- If a message already shows a \`[task #N ...]\` suffix, claim \`#N\` if it is yours to take; otherwise move on.
-- Before calling \`slock task create\`, first check whether the work already exists on the task board or is already being handled.
-- Reuse existing tasks and threads instead of creating duplicates.
-- Use \`slock task create\` only for genuinely new subtasks or follow-up work that does not already have a canonical task.` : `### Tasks
+  const tasksSection = isCli ? cliGuideSections.tasks : `### Tasks
 
 When someone sends a message that asks you to do something \u2014 fix a bug, write code, review a PR, deploy, investigate an issue \u2014 that is work. Claim it before you start.
 
@@ -1584,7 +1798,6 @@ ${readCmd} shows messages in their current state. If a message was later convert
 - Before calling ${taskCreateCmd}, first check whether the work already exists on the task board or is already being handled.
 - Reuse existing tasks and threads instead of creating duplicates.
 - Use ${taskCreateCmd} only for genuinely new subtasks or follow-up work that does not already have a canonical task.`;
-  const claimForEtiquette = isCli ? "`slock task claim`" : taskClaimCmd;
   let prompt = `You are "${config.displayName || config.name}", an AI agent in Slock \u2014 a collaborative platform for human-AI collaboration, serving as a shared message service for humans and agents who may be running on different computers.
 
 ## Who you are
@@ -1595,6 +1808,8 @@ ${runtimeContextLines(config).join("\n")}
 
 ${communicationSection}
 
+${credentialHygieneSection}
+
 CRITICAL RULES:
 ${criticalRules.join("\n")}
 
@@ -1664,119 +1879,23 @@ ${readingHistorySection}
 
 ${historicalReferenceSection}
 
-${tasksSection}
-
-### Splitting tasks for parallel execution
-
-When you need to break down a large task into subtasks, structure them so agents can work **in parallel**:
-- **Group by phase** if tasks have dependencies. Label them clearly (e.g. "Phase 1: ...", "Phase 2: ...") so agents know what can run concurrently and what must wait.
-- **Prefer independent subtasks** that don't block each other. Each subtask should be completable without waiting for another.
-- **Avoid creating sequential chains** where each task depends on the previous one \u2014 this forces agents to work one at a time, wasting capacity.
-
-When you receive a notification about new tasks, check the task board and claim tasks relevant to your skills.
-
-## @Mentions
-
-In channel group chats, you can @mention people by their unique name (e.g. @alice or @bob).
-- Your stable Slock @mention handle is \`@${config.name}\`.
-- Your display name is \`${config.displayName || config.name}\`. Treat it as presentation only \u2014 when reasoning about identity and @mentions, prefer your stable \`name\`.
-- Every human and agent has a unique \`name\` \u2014 this is their stable identifier for @mentions.
-- Mention others, not yourself \u2014 assign reviews and follow-ups to teammates.
-- @mentions only reach people inside the channel \u2014 channels are the isolation boundary.
-
-## Communication style
-
-Keep the user informed. They cannot see your internal reasoning, so:
-- When you receive a task, acknowledge it and briefly outline your plan before starting.
-- For multi-step work, send short progress updates (e.g. "Working on step 2/3\u2026").
-- When done, summarize the result.
-- Keep updates concise \u2014 one or two sentences. Don't flood the chat.
-
-### Conversation etiquette
-
-- **Respect ongoing conversations.** If a human is having a back-and-forth with another person (human or agent) on a topic, their follow-up messages are directed at that person \u2014 only join if you are explicitly @mentioned or clearly addressed.
-- **Only the person doing the work should report on it.** If someone else completed a task or submitted a PR, don't echo or summarize their work \u2014 let them respond to questions about it.
-- **Claim before you start.** Always call ${claimForEtiquette} before doing any work on a task. If the claim fails, stop immediately and pick a different task.
-- **Before stopping, check for concrete blockers you own.** If you still owe a specific handoff, review, decision, or reply that is currently blocking a specific person, send one minimal actionable message to that person or channel before stopping.
-- **Skip idle narration.** Only send messages when you have actionable content \u2014 avoid broadcasting that you are waiting or idle.
-
-### Formatting \u2014 Mentions & Channel Refs
-
-Slock auto-renders these inline tokens as interactive links whenever they appear as bare text in your message:
-
-- @alice \u2014 links to a user
-- #general or #1 \u2014 links to a channel
-- #engineering:b885b5ae \u2014 links to a specific thread (channel name + msg ID suffix)
-- task #123 \u2014 links to a task (always write "task #N", not bare "#N" which is ambiguous with PRs/issues)
-
-Write them inline as plain words in your sentence \u2014 the same way you'd type any other word \u2014 and Slock turns them into clickable references.
-
-Markdown markup expresses presentation semantics; do not mix markup delimiters into literal payloads. Code spans are literal, so if text should render as a link or ref, do not wrap that link/ref markup in backticks.
-
-### Formatting \u2014 URLs in non-English text
-
-When writing a URL next to non-ASCII punctuation (Chinese, Japanese, etc.) and the URL should render as a link, wrap the URL in angle brackets or use markdown link syntax. Otherwise the punctuation may be rendered as part of the URL.
-
-- **Wrong**: \`\u6D4B\u8BD5\u73AF\u5883\uFF1Ahttp://localhost:3000\uFF0C\u8BF7\u67E5\u770B\` (the \`\uFF0C\` gets swallowed into the link)
-- **Correct**: \`\u6D4B\u8BD5\u73AF\u5883\uFF1A<http://localhost:3000>\uFF0C\u8BF7\u67E5\u770B\`
-- **Also correct**: \`\u6D4B\u8BD5\u73AF\u5883\uFF1A[http://localhost:3000](http://localhost:3000)\uFF0C\u8BF7\u67E5\u770B\`
-
-## Workspace & Memory
-
-Your working directory (cwd) is your **persistent, agent-owned workspace**; files you create here survive across sessions. Use it for memory, notes, artifacts, code checkouts, and task-specific files, but treat it as a flexible workspace rather than a fixed schema. Keep **MEMORY.md** easy to scan as the recovery entry point; if you add important long-lived organization, update **MEMORY.md** or a note index so future sessions can find it. When working in a repository, first choose the specific project directory or worktree inside the workspace, then run git or package-manager commands there.
-
-### MEMORY.md \u2014 Your Memory Index (CRITICAL)
-
-\`MEMORY.md\` is the **entry point** to all your knowledge. It is the first file read on every startup (including after context compression). Structure it as an index that points to everything you know. This file is called \`MEMORY.md\` (not tied to any specific runtime) \u2014 keep it updated after every significant interaction or learning.
-
-\`\`\`markdown
-# <Your Name>
-
-## Role
-<your role definition, evolved over time>
-
-## Key Knowledge
-- Read notes/user-preferences.md for user preferences and conventions
-- Read notes/channels.md for what each channel is about and ongoing work
-- Read notes/domain.md for domain-specific knowledge and conventions
-- ...
-
-## Active Context
-- Currently working on: <brief summary>
-- Last interaction: <brief summary>
-\`\`\`
-
-### What to memorize
-
-**Actively observe and record** the following kinds of knowledge as you encounter them in conversations:
-
-1. **User preferences** \u2014 How the user likes things done, communication style, coding conventions, tool preferences, recurring patterns in their requests.
-2. **World/project context** \u2014 The project structure, tech stack, architectural decisions, team conventions, deployment patterns.
-3. **Domain knowledge** \u2014 Domain-specific terminology, conventions, best practices you learn through tasks.
-4. **Work history** \u2014 What has been done, decisions made and why, problems solved, approaches that worked or failed.
-5. **Channel context** \u2014 What each channel is about, who participates, what's being discussed, ongoing tasks per channel.
-6. **Other agents** \u2014 What other agents do, their specialties, collaboration patterns, how to work with them effectively.
-
-### How to organize memory
-
-- **MEMORY.md** is always the index. Keep it concise but comprehensive as a table of contents.
-- Create a \`notes/\` directory for detailed knowledge files. Use descriptive names:
-  - \`notes/user-preferences.md\` \u2014 User's preferences and conventions
-  - \`notes/channels.md\` \u2014 Summary of each channel and its purpose
-  - \`notes/work-log.md\` \u2014 Important decisions and completed work
-  - \`notes/<domain>.md\` \u2014 Domain-specific knowledge
-- You can also create any other files or directories for your work (scripts, notes, data, etc.)
-- **Update notes proactively** \u2014 Don't wait to be asked. When you learn something important, write it down.
-- **Keep MEMORY.md current** \u2014 After updating notes, update the index in MEMORY.md if new files were added.
+${tasksSection}
 
-### Compaction safety (CRITICAL)
+${cliGuideSections.splittingTasks}
 
-Your context will be periodically compressed to stay within limits. When this happens, you lose your in-context conversation history but MEMORY.md is always re-read. Therefore:
+${cliGuideSections.mentions}
 
-- **MEMORY.md must be self-sufficient as a recovery point.** After reading it, you should be able to understand who you are, what you know, and what you were working on.
-- **Before a long task**, write a brief "Active Context" note in MEMORY.md so you can resume if interrupted mid-task.
-- **After completing work**, update your notes and MEMORY.md index so nothing is lost.
-- Keep MEMORY.md complete enough that context compression preserves: which channel is about what, what tasks are in progress, what the user has asked for, and what other agents are doing.
+${cliGuideSections.communicationStyle}
+
+${cliGuideSections.conversationEtiquette}
+
+${cliGuideSections.formattingMentionsChannels}
+
+${cliGuideSections.formattingUrls}
+
+${cliGuideSections.workspaceAndMemory}
+
+${cliGuideSections.compactionSafety}
 
 ## Capabilities
 
@@ -1861,6 +1980,19 @@ function listLegacySlockStatePaths(slockHome = resolveSlockHome(), homeDir = os.
   return candidates.filter((candidate) => existsSync(candidate.path));
 }
 
+// src/authEnv.ts
+var DAEMON_API_KEY_ENV = "SLOCK_MACHINE_API_KEY";
+var SLOCK_AGENT_TOKEN_ENV = "SLOCK_AGENT_TOKEN";
+function scrubDaemonAuthEnv(env) {
+  delete env[DAEMON_API_KEY_ENV];
+  return env;
+}
+function scrubDaemonChildEnv(env) {
+  delete env[DAEMON_API_KEY_ENV];
+  delete env[SLOCK_AGENT_TOKEN_ENV];
+  return env;
+}
+
 // src/agentCredentialProxy.ts
 import { randomBytes } from "crypto";
 import http from "http";
@@ -2190,6 +2322,160 @@ function stripUndefined(value) {
   return value;
 }
 
+// src/proxy.ts
+import { HttpsProxyAgent } from "https-proxy-agent";
+import { ProxyAgent } from "undici";
+var fetchDispatcherCache = /* @__PURE__ */ new Map();
+function getFetchPreResponseTimeoutMs(env) {
+  const parsed = Number.parseInt(env.SLOCK_DAEMON_FETCH_PRE_RESPONSE_TIMEOUT_MS || "", 10);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : 3e4;
+}
+function getDefaultPort(protocol) {
+  switch (protocol) {
+    case "https:":
+    case "wss:":
+      return "443";
+    case "http:":
+    case "ws:":
+      return "80";
+    default:
+      return "";
+  }
+}
+function hostMatchesNoProxyEntry(hostname, ruleHost) {
+  if (!ruleHost) return false;
+  const normalizedRule = ruleHost.replace(/^\*\./, ".").replace(/^\./, "").toLowerCase();
+  const normalizedHost = hostname.toLowerCase();
+  return normalizedHost === normalizedRule || normalizedHost.endsWith(`.${normalizedRule}`);
+}
+function getProxyUrlForTarget(targetUrl, env) {
+  const protocol = new URL(targetUrl).protocol;
+  switch (protocol) {
+    case "wss:":
+      return env.WSS_PROXY || env.wss_proxy || env.HTTPS_PROXY || env.https_proxy || env.ALL_PROXY || env.all_proxy;
+    case "ws:":
+      return env.WS_PROXY || env.ws_proxy || env.HTTP_PROXY || env.http_proxy || env.ALL_PROXY || env.all_proxy;
+    case "https:":
+      return env.HTTPS_PROXY || env.https_proxy || env.ALL_PROXY || env.all_proxy;
+    case "http:":
+      return env.HTTP_PROXY || env.http_proxy || env.ALL_PROXY || env.all_proxy;
+    default:
+      return env.ALL_PROXY || env.all_proxy;
+  }
+}
+function shouldBypassProxy(targetUrl, env) {
+  const rawNoProxy = env.NO_PROXY || env.no_proxy;
+  if (!rawNoProxy) return false;
+  const url = new URL(targetUrl);
+  const hostname = url.hostname.toLowerCase();
+  const port = url.port || getDefaultPort(url.protocol);
+  return rawNoProxy.split(",").map((entry) => entry.trim()).filter(Boolean).some((entry) => {
+    if (entry === "*") return true;
+    const [ruleHost, rulePort] = entry.split(":", 2);
+    if (rulePort && rulePort !== port) return false;
+    return hostMatchesNoProxyEntry(hostname, ruleHost);
+  });
+}
+function buildWebSocketOptions(wsUrl, env) {
+  const proxyUrl = getProxyUrlForTarget(wsUrl, env);
+  if (!proxyUrl) return void 0;
+  if (shouldBypassProxy(wsUrl, env)) return void 0;
+  return {
+    agent: new HttpsProxyAgent(proxyUrl)
+  };
+}
+function resolveProxyUrl(targetUrl, env) {
+  const proxyUrl = getProxyUrlForTarget(targetUrl, env);
+  if (!proxyUrl) return void 0;
+  if (shouldBypassProxy(targetUrl, env)) return void 0;
+  return proxyUrl;
+}
+function buildFetchDispatcher(targetUrl, env) {
+  const proxyUrl = resolveProxyUrl(targetUrl, env);
+  if (!proxyUrl) return void 0;
+  const cached = fetchDispatcherCache.get(proxyUrl);
+  if (cached) return cached;
+  const timeoutMs = getFetchPreResponseTimeoutMs(env);
+  const dispatcher = new ProxyAgent({
+    uri: proxyUrl,
+    // All three are pre-response and body-agnostic (see getFetchPreResponseTimeoutMs):
+    // headersTimeout = headers-hang leg; requestTls.timeout = CONNECT-tunnel
+    // establish leg; connect.timeout = socket to the proxy itself (defensive).
+    connect: { timeout: timeoutMs },
+    requestTls: { timeout: timeoutMs },
+    headersTimeout: timeoutMs
+  });
+  fetchDispatcherCache.set(proxyUrl, dispatcher);
+  return dispatcher;
+}
+function evictFetchDispatcher(targetUrl, env) {
+  const proxyUrl = resolveProxyUrl(targetUrl, env);
+  if (!proxyUrl) return false;
+  const cached = fetchDispatcherCache.get(proxyUrl);
+  if (!cached) return false;
+  fetchDispatcherCache.delete(proxyUrl);
+  void Promise.resolve().then(() => cached.close()).catch(() => cached.destroy?.(new Error("evicted"))).catch(() => {
+  });
+  return true;
+}
+
+// src/daemonFetch.ts
+function withDaemonFetchProxy(input, init = {}, env = process.env) {
+  const dispatcher = buildFetchDispatcher(input.toString(), env);
+  return dispatcher ? { ...init, dispatcher } : init;
+}
+async function daemonFetch(input, init, env = process.env) {
+  try {
+    return await fetch(input, withDaemonFetchProxy(input, init, env));
+  } catch (err) {
+    evictFetchDispatcher(input.toString(), env);
+    throw err;
+  }
+}
+
+// src/logger.ts
+var listeners = /* @__PURE__ */ new Set();
+function timestamp() {
+  const d = /* @__PURE__ */ new Date();
+  const pad = (n) => String(n).padStart(2, "0");
+  return `${d.getFullYear()}-${pad(d.getMonth() + 1)}-${pad(d.getDate())} ${pad(d.getHours())}:${pad(d.getMinutes())}:${pad(d.getSeconds())}`;
+}
+function format(level, msg) {
+  return `${timestamp()} [${level}] ${msg}`;
+}
+function emit(event) {
+  for (const listener of listeners) {
+    listener(event);
+  }
+}
+function subscribeDaemonLogs(listener) {
+  listeners.add(listener);
+  return () => {
+    listeners.delete(listener);
+  };
+}
+var logger = {
+  info(msg) {
+    const line = format("INFO", msg);
+    console.log(line);
+    emit({ level: "INFO", line, message: msg });
+  },
+  warn(msg) {
+    const line = format("WARN", msg);
+    console.warn(line);
+    emit({ level: "WARN", line, message: msg });
+  },
+  error(msg, err) {
+    const line = format("ERROR", msg);
+    if (err) {
+      console.error(line, err);
+    } else {
+      console.error(line);
+    }
+    emit({ level: "ERROR", line, message: msg, error: err });
+  }
+};
+
 // src/agentCredentialProxy.ts
 var registrations = /* @__PURE__ */ new Map();
 var proxyServerState = null;
@@ -3016,7 +3302,9 @@ var LOOPBACK_NO_PROXY = "127.0.0.1,localhost";
 var CLI_TRANSPORT_TRACE_DIR_ENV = "SLOCK_CLI_TRANSPORT_TRACE_DIR";
 var safePathPart = (value) => value.replace(/[^a-zA-Z0-9_.-]/g, "_");
 var RAW_CREDENTIAL_ENV_DENYLIST = [
-  "SLOCK_AGENT_CREDENTIAL_KEY"
+  "SLOCK_AGENT_TOKEN",
+  "SLOCK_AGENT_CREDENTIAL_KEY",
+  "SLOCK_AGENT_CREDENTIAL_KEY_FILE"
 ];
 var cachedOpencliBinPath;
 function resolveOpencliBinPath() {
@@ -3231,7 +3519,7 @@ exec ${shellSingleQuote(process.execPath)} ${shellSingleQuote(opencliBinPath)} "
     ...agentCredentialProxy ? {} : { SLOCK_AGENT_TOKEN_FILE: tokenFile },
     PATH: `${slockDir}${path2.delimiter}${process.env.PATH ?? ""}`
   };
-  delete spawnEnv.SLOCK_AGENT_TOKEN;
+  scrubDaemonChildEnv(spawnEnv);
   for (const key of RAW_CREDENTIAL_ENV_DENYLIST) {
     delete spawnEnv[key];
   }
@@ -3660,7 +3948,7 @@ function resolveCommandOnWindows(command, env, execFileSyncFn, existsSyncFn) {
 }
 function resolveCommandOnPath(command, deps = {}) {
   const platform = deps.platform ?? process.platform;
-  const env = withWindowsUserEnvironment(deps.env ?? process.env, deps);
+  const env = scrubDaemonChildEnv({ ...withWindowsUserEnvironment(deps.env ?? process.env, deps) });
   const execFileSyncFn = deps.execFileSyncFn ?? execFileSync;
   const existsSyncFn = deps.existsSyncFn ?? existsSync2;
   if (platform === "win32") {
@@ -3686,7 +3974,7 @@ function firstExistingPath(candidates, deps = {}) {
   return null;
 }
 function readCommandVersion(command, args = [], deps = {}) {
-  const env = withWindowsUserEnvironment(deps.env ?? process.env, deps);
+  const env = scrubDaemonChildEnv({ ...withWindowsUserEnvironment(deps.env ?? process.env, deps) });
   const execFileSyncFn = deps.execFileSyncFn ?? execFileSync;
   try {
     const output = normalizeExecOutput(execFileSyncFn(command, [...args, "--version"], {
@@ -4383,7 +4671,7 @@ var CodexDriver = class {
   };
   communication = {
     chat: "slock_cli",
-    runtimeControl: "mcp_runtime_actions"
+    runtimeControl: "none"
   };
   session = {
     recovery: "resume_or_fresh"
@@ -4400,50 +4688,6 @@ var CodexDriver = class {
   probe() {
     return probeCodex();
   }
-  buildRuntimeActionsConfigArgs(ctx) {
-    const isTsSource = ctx.chatBridgePath.endsWith(".ts");
-    const command = isTsSource ? "npx" : "node";
-    const bridgeArgs = isTsSource ? [
-      "tsx",
-      ctx.chatBridgePath,
-      "--agent-id",
-      ctx.agentId,
-      "--server-url",
-      ctx.config.serverUrl,
-      "--auth-token",
-      ctx.config.authToken || ctx.daemonApiKey,
-      "--runtime",
-      this.id,
-      ...ctx.launchId ? ["--launch-id", ctx.launchId] : [],
-      "--runtime-actions-only"
-    ] : [
-      ctx.chatBridgePath,
-      "--agent-id",
-      ctx.agentId,
-      "--server-url",
-      ctx.config.serverUrl,
-      "--auth-token",
-      ctx.config.authToken || ctx.daemonApiKey,
-      "--runtime",
-      this.id,
-      ...ctx.launchId ? ["--launch-id", ctx.launchId] : [],
-      "--runtime-actions-only"
-    ];
-    return [
-      "-c",
-      `mcp_servers.chat.command=${JSON.stringify(command)}`,
-      "-c",
-      `mcp_servers.chat.args=${JSON.stringify(bridgeArgs)}`,
-      "-c",
-      "mcp_servers.chat.startup_timeout_sec=30",
-      "-c",
-      "mcp_servers.chat.tool_timeout_sec=120",
-      "-c",
-      "mcp_servers.chat.enabled=true",
-      "-c",
-      "mcp_servers.chat.required=true"
-    ];
-  }
   buildThreadRequest(ctx) {
     const threadParams = {
       cwd: ctx.workingDirectory,
@@ -4497,7 +4741,6 @@ var CodexDriver = class {
     this.initialTurnStarted = false;
     this.normalizer.reset({ threadId: ctx.config.sessionId || null });
     const args = ["app-server", "--listen", "stdio://"];
-    args.push(...this.buildRuntimeActionsConfigArgs(ctx));
     const { command, args: spawnArgs } = resolveCodexSpawn(args);
     const proc = spawn2(command, spawnArgs, {
       cwd: ctx.workingDirectory,
@@ -4784,8 +5027,6 @@ var AntigravityDriver = class {
 
 // src/drivers/copilot.ts
 import { spawn as spawn4 } from "child_process";
-import path6 from "path";
-import { writeFileSync as writeFileSync3 } from "fs";
 async function buildCopilotSpawnEnv(ctx) {
   return (await prepareCliTransport(ctx, { NO_COLOR: "1" })).spawnEnv;
 }
@@ -4799,7 +5040,7 @@ var CopilotDriver = class {
   };
   communication = {
     chat: "slock_cli",
-    runtimeControl: "mcp_runtime_actions"
+    runtimeControl: "none"
   };
   session = {
     recovery: "resume_or_fresh"
@@ -4814,43 +5055,14 @@ var CopilotDriver = class {
   usesSlockCliForCommunication = true;
   sessionId = null;
   sessionAnnounced = false;
-  buildRuntimeActionsMcpConfig(ctx) {
-    const isTsSource = ctx.chatBridgePath.endsWith(".ts");
-    const command = isTsSource ? "npx" : "node";
-    const bridgeArgs = isTsSource ? ["tsx", ctx.chatBridgePath] : [ctx.chatBridgePath];
-    return JSON.stringify({
-      mcpServers: {
-        chat: {
-          command,
-          args: [
-            ...bridgeArgs,
-            "--agent-id",
-            ctx.agentId,
-            "--server-url",
-            ctx.config.serverUrl,
-            "--auth-token",
-            ctx.config.authToken || ctx.daemonApiKey,
-            "--runtime",
-            this.id,
-            ...ctx.launchId ? ["--launch-id", ctx.launchId] : [],
-            "--runtime-actions-only"
-          ]
-        }
-      }
-    });
-  }
   async spawn(ctx) {
     this.sessionId = ctx.config.sessionId || null;
     this.sessionAnnounced = false;
-    const mcpConfigPath = path6.join(ctx.workingDirectory, ".slock-copilot-mcp.json");
-    writeFileSync3(mcpConfigPath, this.buildRuntimeActionsMcpConfig(ctx), "utf8");
     const args = [
       "--output-format",
       "json",
       "--allow-all-tools",
       "--allow-all-paths",
-      "--additional-mcp-config",
-      `@${mcpConfigPath}`,
       "-p",
       ctx.prompt
     ];
@@ -4959,8 +5171,6 @@ var CopilotDriver = class {
 
 // src/drivers/cursor.ts
 import { spawn as spawn5, spawnSync } from "child_process";
-import { writeFileSync as writeFileSync4, mkdirSync as mkdirSync2, existsSync as existsSync4 } from "fs";
-import path7 from "path";
 async function buildCursorSpawnEnv(ctx, deps = {}) {
   const { spawnEnv } = await prepareCliTransport(ctx, { NO_COLOR: "1" });
   return withWindowsUserEnvironment(spawnEnv, deps);
@@ -4975,7 +5185,7 @@ var CursorDriver = class {
   };
   communication = {
     chat: "slock_cli",
-    runtimeControl: "mcp_runtime_actions"
+    runtimeControl: "none"
   };
   session = {
     recovery: "resume_or_fresh"
@@ -4988,38 +5198,7 @@ var CursorDriver = class {
   mcpToolPrefix = "mcp__chat__";
   busyDeliveryMode = "none";
   usesSlockCliForCommunication = true;
-  buildRuntimeActionsMcpConfig(ctx) {
-    const isTsSource = ctx.chatBridgePath.endsWith(".ts");
-    const command = isTsSource ? "npx" : "node";
-    const bridgeArgs = isTsSource ? ["tsx", ctx.chatBridgePath] : [ctx.chatBridgePath];
-    return JSON.stringify({
-      mcpServers: {
-        chat: {
-          command,
-          args: [
-            ...bridgeArgs,
-            "--agent-id",
-            ctx.agentId,
-            "--server-url",
-            ctx.config.serverUrl,
-            "--auth-token",
-            ctx.config.authToken || ctx.daemonApiKey,
-            "--runtime",
-            this.id,
-            ...ctx.launchId ? ["--launch-id", ctx.launchId] : [],
-            "--runtime-actions-only"
-          ]
-        }
-      }
-    });
-  }
   async spawn(ctx) {
-    const cursorDir = path7.join(ctx.workingDirectory, ".cursor");
-    if (!existsSync4(cursorDir)) {
-      mkdirSync2(cursorDir, { recursive: true });
-    }
-    const mcpConfigPath = path7.join(cursorDir, "mcp.json");
-    writeFileSync4(mcpConfigPath, this.buildRuntimeActionsMcpConfig(ctx), "utf8");
     const args = [
       "--print",
       "--output-format",
@@ -5149,11 +5328,11 @@ function detectCursorModels(runCommand = runCursorModelsCommand) {
   return parseCursorModelsOutput(String(result.stdout || ""));
 }
 function buildCursorModelProbeEnv(deps = {}) {
-  return withWindowsUserEnvironment({
+  return scrubDaemonChildEnv(withWindowsUserEnvironment({
     ...deps.env ?? process.env,
     FORCE_COLOR: "0",
     NO_COLOR: "1"
-  }, deps);
+  }, deps));
 }
 function runCursorModelsCommand() {
   return spawnSync("cursor-agent", ["models"], {
@@ -5165,8 +5344,8 @@ function runCursorModelsCommand() {
 
 // src/drivers/gemini.ts
 import { execFileSync as execFileSync3, spawn as spawn6 } from "child_process";
-import { existsSync as existsSync5, mkdirSync as mkdirSync3, writeFileSync as writeFileSync5 } from "fs";
-import path8 from "path";
+import { existsSync as existsSync4 } from "fs";
+import path6 from "path";
 async function buildGeminiSpawnEnv(ctx, platform = process.platform) {
   const { spawnEnv } = await prepareCliTransport(ctx, { NO_COLOR: "1" }, platform);
   const launchEnvVars = runtimeConfigToLaunchFields(ctx.config).envVars;
@@ -5208,9 +5387,9 @@ function resolveGeminiSpawn(commandArgs, deps = {}) {
     return { command: resolveCommandOnPath("gemini", deps) ?? "gemini", args: commandArgs };
   }
   const execFileSyncFn = deps.execFileSyncFn ?? execFileSync3;
-  const existsSyncFn = deps.existsSyncFn ?? existsSync5;
-  const env = deps.env ?? process.env;
-  const winPath = path8.win32;
+  const existsSyncFn = deps.existsSyncFn ?? existsSync4;
+  const env = scrubDaemonChildEnv({ ...deps.env ?? process.env });
+  const winPath = path6.win32;
   let geminiEntry = null;
   try {
     const globalRoot = normalizeExecOutput2(execFileSyncFn("npm", ["root", "-g"], {
@@ -5254,7 +5433,7 @@ var GeminiDriver = class {
   };
   communication = {
     chat: "slock_cli",
-    runtimeControl: "mcp_runtime_actions"
+    runtimeControl: "none"
   };
   session = {
     recovery: "resume_or_fresh"
@@ -5272,7 +5451,6 @@ var GeminiDriver = class {
   async spawn(ctx) {
     this.sessionId = ctx.config.sessionId || null;
     this.sessionAnnounced = false;
-    this.writeGeminiSettings(ctx);
     const { command, args } = resolveGeminiSpawn(buildGeminiArgs(ctx.config));
     const spawnEnv = await buildGeminiSpawnEnv(ctx);
     const proc = spawn6(command, args, {
@@ -5345,49 +5523,20 @@ var GeminiDriver = class {
       messageNotificationStyle: "poll"
     });
   }
-  writeGeminiSettings(ctx) {
-    const geminiDir = path8.join(ctx.workingDirectory, ".gemini");
-    mkdirSync3(geminiDir, { recursive: true });
-    const settingsPath = path8.join(geminiDir, "settings.json");
-    writeFileSync5(settingsPath, JSON.stringify(this.buildRuntimeActionsMcpSettings(ctx)), "utf8");
-  }
-  buildRuntimeActionsMcpSettings(ctx) {
-    const isTsSource = ctx.chatBridgePath.endsWith(".ts");
-    const command = isTsSource ? "npx" : "node";
-    const bridgeArgs = isTsSource ? ["tsx", ctx.chatBridgePath] : [ctx.chatBridgePath];
-    return {
-      mcpServers: {
-        chat: {
-          command,
-          args: [
-            ...bridgeArgs,
-            "--agent-id",
-            ctx.agentId,
-            "--server-url",
-            ctx.config.serverUrl,
-            "--auth-token",
-            ctx.config.authToken || ctx.daemonApiKey,
-            "--runtime",
-            this.id,
-            ...ctx.launchId ? ["--launch-id", ctx.launchId] : [],
-            "--runtime-actions-only"
-          ]
-        }
-      }
-    };
-  }
 };
 
 // src/drivers/kimi.ts
 import { randomUUID as randomUUID2 } from "crypto";
 import { spawn as spawn7 } from "child_process";
-import { existsSync as existsSync6, readFileSync as readFileSync3, writeFileSync as writeFileSync6 } from "fs";
+import { chmodSync, existsSync as existsSync5, readFileSync as readFileSync3, writeFileSync as writeFileSync3 } from "fs";
 import os3 from "os";
-import path9 from "path";
+import path7 from "path";
 var KIMI_WIRE_PROTOCOL_VERSION = "1.3";
 var KIMI_SYSTEM_PROMPT_FILE = ".slock-kimi-system.md";
 var KIMI_AGENT_FILE = ".slock-kimi-agent.yaml";
-var KIMI_MCP_FILE = ".slock-kimi-mcp.json";
+var KIMI_GENERATED_CONFIG_FILE = ".slock-kimi-config.toml";
+var SLOCK_KIMI_CONFIG_CONTENT_ENV = "SLOCK_KIMI_CONFIG_CONTENT";
+var SLOCK_KIMI_CONFIG_FILE_ENV = "SLOCK_KIMI_CONFIG_FILE";
 function parseToolArguments(raw) {
   if (typeof raw !== "string") return raw;
   try {
@@ -5396,6 +5545,73 @@ function parseToolArguments(raw) {
     return raw;
   }
 }
+function readKimiConfigSource(home = os3.homedir(), env = process.env) {
+  const inlineConfig = env[SLOCK_KIMI_CONFIG_CONTENT_ENV];
+  if (inlineConfig && inlineConfig.trim()) {
+    return {
+      raw: inlineConfig,
+      explicitPath: null,
+      sourcePath: SLOCK_KIMI_CONFIG_CONTENT_ENV
+    };
+  }
+  const explicitPath = env[SLOCK_KIMI_CONFIG_FILE_ENV];
+  const configPath = explicitPath && explicitPath.trim() ? explicitPath : path7.join(home, ".kimi", "config.toml");
+  try {
+    return {
+      raw: readFileSync3(configPath, "utf8"),
+      explicitPath: explicitPath && explicitPath.trim() ? explicitPath : null,
+      sourcePath: configPath
+    };
+  } catch {
+    return {
+      raw: null,
+      explicitPath: explicitPath && explicitPath.trim() ? explicitPath : null,
+      sourcePath: configPath
+    };
+  }
+}
+function buildKimiSpawnEnv(env = process.env) {
+  const spawnEnv = { ...env, FORCE_COLOR: "0", NO_COLOR: "1" };
+  delete spawnEnv[SLOCK_KIMI_CONFIG_CONTENT_ENV];
+  delete spawnEnv[SLOCK_KIMI_CONFIG_FILE_ENV];
+  return scrubDaemonChildEnv(spawnEnv);
+}
+function buildKimiEffectiveEnv(ctx, overrideEnv) {
+  return {
+    ...process.env,
+    ...ctx.config.envVars || {},
+    ...overrideEnv || {}
+  };
+}
+function buildKimiLaunchOptions(ctx, opts = {}) {
+  const env = buildKimiEffectiveEnv(ctx, opts.env);
+  const source = readKimiConfigSource(opts.home ?? os3.homedir(), env);
+  const args = [];
+  let configFilePath = null;
+  let configContent = null;
+  if (source.explicitPath) {
+    configFilePath = source.explicitPath;
+  } else if (source.raw !== null && source.sourcePath === SLOCK_KIMI_CONFIG_CONTENT_ENV) {
+    configFilePath = path7.join(ctx.workingDirectory, KIMI_GENERATED_CONFIG_FILE);
+    configContent = source.raw;
+    if (opts.writeGeneratedConfig !== false) {
+      writeFileSync3(configFilePath, source.raw, { encoding: "utf8", mode: 384 });
+      chmodSync(configFilePath, 384);
+    }
+  }
+  if (configFilePath) {
+    args.push("--config-file", configFilePath);
+  }
+  if (ctx.config.model && ctx.config.model !== "default") {
+    args.push("--model", ctx.config.model);
+  }
+  return {
+    args,
+    env: buildKimiSpawnEnv(env),
+    configFilePath,
+    configContent
+  };
+}
 function resolveKimiSpawn(commandArgs, deps = {}) {
   return {
     command: resolveCommandOnPath("kimi", deps) ?? "kimi",
@@ -5412,14 +5628,32 @@ var KimiDriver = class {
   };
   communication = {
     chat: "slock_cli",
-    runtimeControl: "mcp_runtime_actions"
+    runtimeControl: "none"
   };
   session = {
     recovery: "resume_or_fresh"
   };
   model = {
     detectedModelsVerifiedAs: "launchable",
-    toLaunchSpec: (modelId) => ({ args: ["--model", modelId] })
+    toLaunchSpec: (modelId, ctx, opts) => {
+      if (!ctx) return { args: ["--model", modelId] };
+      const launchCtx = {
+        ...ctx,
+        config: {
+          ...ctx.config,
+          model: modelId
+        }
+      };
+      const launch = buildKimiLaunchOptions(launchCtx, {
+        home: opts?.home,
+        writeGeneratedConfig: false
+      });
+      return {
+        args: launch.args,
+        env: launch.env,
+        configFiles: launch.configFilePath ? [launch.configFilePath] : void 0
+      };
+    }
   };
   supportsStdinNotification = true;
   mcpToolPrefix = "";
@@ -5428,68 +5662,40 @@ var KimiDriver = class {
   sessionId = null;
   sessionAnnounced = false;
   promptRequestId = null;
-  buildChatBridgeArgs(ctx) {
-    const isTsSource = ctx.chatBridgePath.endsWith(".ts");
-    return [
-      ...isTsSource ? ["tsx", ctx.chatBridgePath] : [ctx.chatBridgePath],
-      "--agent-id",
-      ctx.agentId,
-      "--server-url",
-      ctx.config.serverUrl,
-      "--auth-token",
-      ctx.config.authToken || ctx.daemonApiKey,
-      "--runtime",
-      "kimi",
-      ...ctx.launchId ? ["--launch-id", ctx.launchId] : [],
-      "--runtime-actions-only"
-    ];
-  }
   async spawn(ctx) {
     const isResume = !!ctx.config.sessionId;
     this.sessionId = ctx.config.sessionId || randomUUID2();
     this.sessionAnnounced = false;
     this.promptRequestId = randomUUID2();
-    const isTsSource = ctx.chatBridgePath.endsWith(".ts");
-    const command = isTsSource ? "npx" : "node";
-    const bridgeArgs = this.buildChatBridgeArgs(ctx);
-    const systemPromptPath = path9.join(ctx.workingDirectory, KIMI_SYSTEM_PROMPT_FILE);
-    const agentFilePath = path9.join(ctx.workingDirectory, KIMI_AGENT_FILE);
-    const mcpConfigPath = path9.join(ctx.workingDirectory, KIMI_MCP_FILE);
-    if (!isResume || !existsSync6(systemPromptPath)) {
-      writeFileSync6(systemPromptPath, ctx.prompt, "utf8");
-    }
-    writeFileSync6(agentFilePath, [
+    const systemPromptPath = path7.join(ctx.workingDirectory, KIMI_SYSTEM_PROMPT_FILE);
+    const agentFilePath = path7.join(ctx.workingDirectory, KIMI_AGENT_FILE);
+    if (!isResume || !existsSync5(systemPromptPath)) {
+      writeFileSync3(systemPromptPath, ctx.prompt, "utf8");
+    }
+    writeFileSync3(agentFilePath, [
       "version: 1",
       "agent:",
       "  extend: default",
       `  system_prompt_path: ./${KIMI_SYSTEM_PROMPT_FILE}`,
       ""
     ].join("\n"), "utf8");
-    writeFileSync6(mcpConfigPath, JSON.stringify({
-      mcpServers: {
-        chat: {
-          command,
-          args: bridgeArgs
-        }
-      }
-    }), "utf8");
+    const launch = buildKimiLaunchOptions(ctx);
     const args = [
       "--wire",
       "--yolo",
       "--agent-file",
       agentFilePath,
-      "--mcp-config-file",
-      mcpConfigPath,
       "--session",
-      this.sessionId
+      this.sessionId,
+      ...launch.args
     ];
     const launchRuntimeFields = runtimeConfigToLaunchFields(ctx.config);
     if (launchRuntimeFields.model && launchRuntimeFields.model !== "default") {
       args.push("--model", launchRuntimeFields.model);
     }
     const spawnEnv = (await prepareCliTransport(ctx, { NO_COLOR: "1" })).spawnEnv;
-    const launch = resolveKimiSpawn(args);
-    const proc = spawn7(launch.command, launch.args, {
+    const spawnTarget = resolveKimiSpawn(args);
+    const proc = spawn7(spawnTarget.command, spawnTarget.args, {
       cwd: ctx.workingDirectory,
       stdio: ["pipe", "pipe", "pipe"],
       env: spawnEnv,
@@ -5497,7 +5703,7 @@ var KimiDriver = class {
       // and has an 8191-character command-line limit. Kimi's official
       // installer/uv entrypoint is an executable, so launch it directly and
       // keep prompts on stdin / files instead of routing through cmd.exe.
-      shell: launch.shell
+      shell: spawnTarget.shell
     });
     proc.stdin?.write(JSON.stringify({
       jsonrpc: "2.0",
@@ -5611,14 +5817,9 @@ var KimiDriver = class {
     return detectKimiModels();
   }
 };
-function detectKimiModels(home = os3.homedir()) {
-  const configPath = path9.join(home, ".kimi", "config.toml");
-  let raw;
-  try {
-    raw = readFileSync3(configPath, "utf8");
-  } catch {
-    return null;
-  }
+function detectKimiModels(home = os3.homedir(), opts = {}) {
+  const raw = readKimiConfigSource(home, opts.env).raw;
+  if (raw === null) return null;
   const models = [];
   const sectionRe = /^\s*\[models(?:\.([^\]]+)|"\.[^"]+"|\."[^"]+")\s*\]\s*$/gm;
   const lineRe = /^\s*\[models\.(.+?)\s*\]\s*$/gm;
@@ -5639,9 +5840,9 @@ function detectKimiModels(home = os3.homedir()) {
 
 // src/drivers/opencode.ts
 import { spawn as spawn8, spawnSync as spawnSync2 } from "child_process";
-import { existsSync as existsSync7, readFileSync as readFileSync4 } from "fs";
+import { existsSync as existsSync6, readFileSync as readFileSync4 } from "fs";
 import os4 from "os";
-import path10 from "path";
+import path8 from "path";
 var CHAT_MCP_SERVER_NAME = "chat";
 var CHAT_MCP_TOOL_PREFIX = `${CHAT_MCP_SERVER_NAME}_`;
 var SLOCK_AGENT_NAME = "slock";
@@ -5656,23 +5857,6 @@ var OPENCODE_PROVIDER_LABELS = {
   deepseek: "DeepSeek",
   fusecode: "FuseCode"
 };
-function buildChatBridgeCommand(ctx) {
-  const isTsSource = ctx.chatBridgePath.endsWith(".ts");
-  return [
-    isTsSource ? "npx" : "node",
-    ...isTsSource ? ["tsx", ctx.chatBridgePath] : [ctx.chatBridgePath],
-    "--agent-id",
-    ctx.agentId,
-    "--server-url",
-    ctx.config.serverUrl,
-    "--auth-token",
-    ctx.config.authToken || ctx.daemonApiKey,
-    "--runtime",
-    "opencode",
-    ...ctx.launchId ? ["--launch-id", ctx.launchId] : [],
-    "--runtime-actions-only"
-  ];
-}
 function parseOpenCodeConfigContent(raw) {
   if (!raw) return {};
   try {
@@ -5689,7 +5873,7 @@ function parseUserOpenCodeConfig(ctx) {
   return parseOpenCodeConfigContent(raw);
 }
 function readLocalOpenCodeConfig(home = os4.homedir()) {
-  const configPath = path10.join(home, ".config", "opencode", "opencode.json");
+  const configPath = path8.join(home, ".config", "opencode", "opencode.json");
   try {
     return parseOpenCodeConfigContent(readFileSync4(configPath, "utf8"));
   } catch {
@@ -5764,14 +5948,7 @@ function buildOpenCodeConfig(ctx, home = os4.homedir()) {
         prompt: ctx.standingPrompt
       }
     },
-    mcp: {
-      ...recordField(userConfig.mcp),
-      [CHAT_MCP_SERVER_NAME]: {
-        type: "local",
-        command: buildChatBridgeCommand(ctx),
-        enabled: true
-      }
-    }
+    mcp: recordField(userConfig.mcp)
   };
 }
 async function buildOpenCodeLaunchOptions(ctx, home = os4.homedir(), version = null) {
@@ -5882,7 +6059,7 @@ function runOpenCodeModelsCommand(home, deps = {}) {
   const platform = deps.platform ?? process.platform;
   const spawnSyncFn = deps.spawnSyncFn ?? spawnSync2;
   const result = spawnSyncFn("opencode", ["models"], {
-    env: { ...process.env, HOME: home, FORCE_COLOR: "0", NO_COLOR: "1" },
+    env: scrubDaemonChildEnv({ ...process.env, HOME: home, FORCE_COLOR: "0", NO_COLOR: "1" }),
     encoding: "utf8",
     timeout: 5e3,
     shell: platform === "win32"
@@ -5894,11 +6071,11 @@ function runOpenCodeModelsCommand(home, deps = {}) {
   };
 }
 function isWindowsCommandShim(commandPath) {
-  const ext = path10.win32.extname(commandPath).toLowerCase();
+  const ext = path8.win32.extname(commandPath).toLowerCase();
   return ext === ".cmd" || ext === ".bat";
 }
 function opencodePackageEntryCandidates(packageRoot) {
-  const winPath = path10.win32;
+  const winPath = path8.win32;
   return [
     winPath.join(packageRoot, "bin", "opencode.exe"),
     winPath.join(packageRoot, "bin", "opencode.js"),
@@ -5907,16 +6084,16 @@ function opencodePackageEntryCandidates(packageRoot) {
   ];
 }
 function openCodeSpecForEntry(entry, commandArgs) {
-  if (path10.win32.extname(entry).toLowerCase() === ".exe") {
+  if (path8.win32.extname(entry).toLowerCase() === ".exe") {
     return { command: entry, args: commandArgs, shell: false };
   }
   return { command: process.execPath, args: [entry, ...commandArgs], shell: false };
 }
 function resolveWindowsOpenCodePackageEntry(commandPath, deps = {}) {
-  const existsSyncFn = deps.existsSyncFn ?? existsSync7;
+  const existsSyncFn = deps.existsSyncFn ?? existsSync6;
   const execFileSyncFn = deps.execFileSyncFn;
   const env = deps.env ?? process.env;
-  const winPath = path10.win32;
+  const winPath = path8.win32;
   const candidates = [];
   if (execFileSyncFn) {
     try {
@@ -5944,7 +6121,7 @@ function resolveWindowsOpenCodePackageEntry(commandPath, deps = {}) {
 function extractWindowsShimTargets(commandPath, deps = {}) {
   if (!isWindowsCommandShim(commandPath)) return [];
   const readFileSyncFn = deps.readFileSyncFn ?? readFileSync4;
-  const commandDir = path10.win32.dirname(commandPath);
+  const commandDir = path8.win32.dirname(commandPath);
   let raw;
   try {
     raw = String(readFileSyncFn(commandPath, "utf8"));
@@ -5955,7 +6132,7 @@ function extractWindowsShimTargets(commandPath, deps = {}) {
   const dp0Pattern = /%~dp0\\?([^"\r\n]*?opencode\.(?:exe|js|mjs|cjs))/gi;
   for (const match of raw.matchAll(dp0Pattern)) {
     const relative = match[1]?.replace(/^\\+/, "");
-    if (relative) candidates.push(path10.win32.normalize(path10.win32.join(commandDir, relative)));
+    if (relative) candidates.push(path8.win32.normalize(path8.win32.join(commandDir, relative)));
   }
   return candidates;
 }
@@ -5969,7 +6146,7 @@ function resolveOpenCodeSpawn(commandArgs, deps = {}) {
     };
   }
   const command = resolveCommandOnPath("opencode", deps);
-  if (command && path10.win32.extname(command).toLowerCase() === ".exe") {
+  if (command && path8.win32.extname(command).toLowerCase() === ".exe") {
     return { command, args: commandArgs, shell: false };
   }
   const packageEntry = resolveWindowsOpenCodePackageEntry(command, deps);
@@ -6013,7 +6190,7 @@ var OpenCodeDriver = class {
   };
   communication = {
     chat: "slock_cli",
-    runtimeControl: "mcp_runtime_actions"
+    runtimeControl: "none"
   };
   session = {
     recovery: "resume_or_fresh"
@@ -6144,8 +6321,8 @@ var OpenCodeDriver = class {
 // src/drivers/pi.ts
 import { randomUUID as randomUUID3 } from "crypto";
 import { EventEmitter } from "events";
-import { mkdirSync as mkdirSync4, readdirSync } from "fs";
-import path11 from "path";
+import { mkdirSync as mkdirSync2, readdirSync } from "fs";
+import path9 from "path";
 import {
   AuthStorage,
   createBashTool,
@@ -6171,7 +6348,7 @@ function createPiSdkEventMappingState(sessionId = null) {
   };
 }
 function buildPiSessionDir(workingDirectory) {
-  return path11.join(workingDirectory, PI_SESSION_DIR);
+  return path9.join(workingDirectory, PI_SESSION_DIR);
 }
 async function buildPiSpawnEnv(ctx) {
   return (await prepareCliTransport(ctx, { NO_COLOR: "1" })).spawnEnv;
@@ -6193,7 +6370,7 @@ function findPiSessionFile(sessionDir, sessionId) {
   }
   const suffix = `_${sessionId}.jsonl`;
   const match = entries.find((entry) => entry.endsWith(suffix));
-  return match ? path11.join(sessionDir, match) : null;
+  return match ? path9.join(sessionDir, match) : null;
 }
 function detectPiModelsFromRegistry(modelRegistry) {
   const models = [];
@@ -6342,13 +6519,15 @@ var PI_RUNTIME_SESSION_DESCRIPTOR = {
   busyDelivery: "direct",
   postTurn: "keep_alive"
 };
+var PI_IDLE_PROMPT_RETRY_MS = 25;
+var PI_IDLE_PROMPT_MAX_WAIT_MS = 1e3;
 async function createPiAgentSessionForContext(ctx, sessionId) {
   const sessionDir = buildPiSessionDir(ctx.workingDirectory);
-  mkdirSync4(sessionDir, { recursive: true });
+  mkdirSync2(sessionDir, { recursive: true });
   const spawnEnv = await buildPiSpawnEnv(ctx);
   const agentDir = spawnEnv.PI_CODING_AGENT_DIR || getAgentDir();
-  const authStorage = AuthStorage.create(path11.join(agentDir, "auth.json"));
-  const modelRegistry = ModelRegistry.create(authStorage, path11.join(agentDir, "models.json"));
+  const authStorage = AuthStorage.create(path9.join(agentDir, "auth.json"));
+  const modelRegistry = ModelRegistry.create(authStorage, path9.join(agentDir, "models.json"));
   const launchRuntimeFields = runtimeConfigToLaunchFields(ctx.config);
   const model = resolvePiModelFromRegistry(launchRuntimeFields.model, modelRegistry);
   if (launchRuntimeFields.model && launchRuntimeFields.model !== "default" && !model) {
@@ -6459,7 +6638,8 @@ var PiSdkRuntimeSession = class {
       return { ok: true, acceptedAs: "steer" };
     }
     if (session.isStreaming) {
-      return { ok: false, reason: "busy_rejected", error: "Pi session is still streaming" };
+      this.launchPromptAfterStreaming(input.text);
+      return { ok: true, acceptedAs: "prompt" };
     }
     this.launchPrompt(input.text);
     return { ok: true, acceptedAs: "prompt" };
@@ -6501,6 +6681,27 @@ var PiSdkRuntimeSession = class {
     }
     this.deferSdkCall(() => session.prompt(text));
   }
+  launchPromptAfterStreaming(text) {
+    this.deferSdkCall(async () => {
+      const session = this.session;
+      if (!session) return;
+      const ready = await this.waitForStreamingToClear(session);
+      if (this.didClose || this.session !== session) {
+        return;
+      }
+      await (ready ? session.prompt(text) : session.steer(text));
+    });
+  }
+  async waitForStreamingToClear(session) {
+    const deadline = Date.now() + PI_IDLE_PROMPT_MAX_WAIT_MS;
+    while (!this.didClose && this.session === session && session.isStreaming) {
+      if (Date.now() >= deadline) {
+        return false;
+      }
+      await delay(PI_IDLE_PROMPT_RETRY_MS);
+    }
+    return !this.didClose && this.session === session && !session.isStreaming;
+  }
   deferSdkCall(invoke) {
     setImmediate(() => {
       if (this.didClose) return;
@@ -6612,6 +6813,12 @@ var PiDriver = class {
     });
   }
 };
+function delay(ms) {
+  return new Promise((resolve) => {
+    const timer = setTimeout(resolve, ms);
+    timer.unref?.();
+  });
+}
 
 // src/drivers/runtimeSession.ts
 import { EventEmitter as EventEmitter2 } from "events";
@@ -6770,7 +6977,7 @@ function getDriver(runtimeId) {
 
 // src/workspaces.ts
 import { readdir, rm, stat } from "fs/promises";
-import path12 from "path";
+import path10 from "path";
 function isValidWorkspaceDirectoryName(directoryName) {
   return !directoryName.includes("/") && !directoryName.includes("\\") && !directoryName.includes("..");
 }
@@ -6778,7 +6985,7 @@ function resolveWorkspaceDirectoryPath(dataDir, directoryName) {
   if (!isValidWorkspaceDirectoryName(directoryName)) {
     return null;
   }
-  return path12.join(dataDir, directoryName);
+  return path10.join(dataDir, directoryName);
 }
 function emptyWorkspaceDirectorySummary(latestMtime = /* @__PURE__ */ new Date(0)) {
   return {
@@ -6827,7 +7034,7 @@ async function summarizeWorkspaceDirectory(dirPath) {
     return summary;
   }
   const childSummaries = await Promise.all(
-    entries.map((entry) => summarizeWorkspaceEntry(path12.join(dirPath, entry.name), entry))
+    entries.map((entry) => summarizeWorkspaceEntry(path10.join(dirPath, entry.name), entry))
   );
   for (const childSummary of childSummaries) {
     summary = mergeWorkspaceDirectorySummaries(summary, childSummary);
@@ -6846,7 +7053,7 @@ async function scanWorkspaceDirectories(dataDir) {
       if (!entry.isDirectory()) {
         return null;
       }
-      const dirPath = path12.join(dataDir, entry.name);
+      const dirPath = path10.join(dataDir, entry.name);
       try {
         const summary = await summarizeWorkspaceDirectory(dirPath);
         return {
@@ -7116,6 +7323,11 @@ var RuntimeNotificationState = class {
   clearPending() {
     this.pendingCountValue = 0;
   }
+  remove(count) {
+    if (!Number.isFinite(count) || count <= 0) return this.pendingCountValue;
+    this.pendingCountValue = Math.max(0, this.pendingCountValue - Math.floor(count));
+    return this.pendingCountValue;
+  }
   clearTimer() {
     if (this.timerValue) {
       clearTimeout(this.timerValue);
@@ -7304,12 +7516,12 @@ function findSessionJsonl(root, predicate) {
     for (const entry of entries) {
       if (++visited > maxEntries) return null;
       if (!entry.isFile() || !predicate(entry.name)) continue;
-      return path13.join(dir, entry.name);
+      return path11.join(dir, entry.name);
     }
     for (const entry of entries) {
       if (++visited > maxEntries) return null;
       if (!entry.isDirectory()) continue;
-      const found = visit(path13.join(dir, entry.name), depth - 1);
+      const found = visit(path11.join(dir, entry.name), depth - 1);
       if (found) return found;
     }
     return null;
@@ -7322,10 +7534,10 @@ function safeSessionFilename(value) {
 }
 function writeRuntimeSessionHandoff(runtime, sessionId, fallbackDir) {
   try {
-    const dir = path13.join(fallbackDir, ".slock", "runtime-sessions");
-    mkdirSync5(dir, { recursive: true });
-    const filePath = path13.join(dir, `${runtime}-${safeSessionFilename(sessionId)}.jsonl`);
-    writeFileSync7(filePath, JSON.stringify({
+    const dir = path11.join(fallbackDir, ".slock", "runtime-sessions");
+    mkdirSync3(dir, { recursive: true });
+    const filePath = path11.join(dir, `${runtime}-${safeSessionFilename(sessionId)}.jsonl`);
+    writeFileSync4(filePath, JSON.stringify({
       type: "runtime_session_handoff",
       runtime,
       sessionId,
@@ -7344,7 +7556,7 @@ function writeRuntimeSessionHandoff(runtime, sessionId, fallbackDir) {
   }
 }
 function resolveRuntimeSessionRef(runtime, sessionId, homeDir = os5.homedir(), fallbackDir) {
-  const directPath = path13.isAbsolute(sessionId) ? sessionId : null;
+  const directPath = path11.isAbsolute(sessionId) ? sessionId : null;
   if (directPath) {
     try {
       if (statSync(directPath).isFile()) {
@@ -7353,7 +7565,7 @@ function resolveRuntimeSessionRef(runtime, sessionId, homeDir = os5.homedir(), f
     } catch {
     }
   }
-  const resolvedPath = runtime === "claude" ? findSessionJsonl(path13.join(homeDir, ".claude", "projects"), (filename) => filename === `${sessionId}.jsonl`) : runtime === "codex" ? findSessionJsonl(path13.join(homeDir, ".codex", "sessions"), (filename) => filename.endsWith(".jsonl") && filename.includes(sessionId)) : null;
+  const resolvedPath = runtime === "claude" ? findSessionJsonl(path11.join(homeDir, ".claude", "projects"), (filename) => filename === `${sessionId}.jsonl`) : runtime === "codex" ? findSessionJsonl(path11.join(homeDir, ".codex", "sessions"), (filename) => filename.endsWith(".jsonl") && filename.includes(sessionId)) : null;
   if (!resolvedPath && fallbackDir) {
     const fallback = writeRuntimeSessionHandoff(runtime, sessionId, fallbackDir);
     if (fallback) return fallback;
@@ -7956,8 +8168,7 @@ function runtimeProfileTurnControl(kind, key, source) {
     source,
     keyHash: hashRuntimeProfileKey(key) ?? null,
     keyPresent: Boolean(key),
-    injectedAtMs: Date.now(),
-    migrationDoneToolObserved: false
+    injectedAtMs: Date.now()
   };
 }
 function pushRecentLines(lines, chunk, maxLines, maxLineLength) {
@@ -8033,6 +8244,9 @@ function classifyStickyTerminalFailure(ap) {
   if (isRuntimeStartTimeoutText(terminalFailure.detail)) return null;
   return null;
 }
+function isAuthClassTerminalLine(text) {
+  return buildRuntimeErrorDiagnosticEnvelope(text).spanAttrs.runtime_error_action_required === true;
+}
 function isProviderStreamFailureText(text) {
   return /stream closed before response\.completed|error decoding response body/i.test(text);
 }
@@ -8314,6 +8528,29 @@ var NATIVE_STANDING_PROMPT_STARTUP_INPUT = (
 );
 var AgentProcessManager = class _AgentProcessManager {
   agents = /* @__PURE__ */ new Map();
+  /**
+   * Per-agent monotonic clientSeq for `agent:activity` upstream dedup.
+   * Server dedupes ingest by `(launchId, clientSeq)` (#engineering:72283cf7
+   * task #340 PR B). This counter is keyed by agentId at the MANAGER level —
+   * NOT on the per-process `AgentProcess` — so it SURVIVES process recreation
+   * (cold-start-resume / idle-auto-restart / queued-continuation /
+   * runtime-profile restart). Those daemon-internal restarts reuse the
+   * server-issued launchId but spawn a fresh process; if the counter reset to
+   * 0 (as the old per-`ap` field did) the reused launchId's `(launchId,
+   * clientSeq)` window would collide and the server would drop the
+   * post-restart activity as stale — the "activity log stops updating after
+   * error→restart" bug. Keeping it monotonic-per-agent and never resetting on
+   * respawn guarantees a fresh dedup key under the same launchId. launchId is
+   * decoupled: it stays the identity/gate token, this is the clock.
+   * (#proj-o11y:a1e54b59 — RS dedup-epoch ⊥ launchId-identity separation.)
+   */
+  activityClientSeqByAgent = /* @__PURE__ */ new Map();
+  /** Next monotonic `agent:activity` clientSeq for this agent (never resets on respawn). */
+  nextActivityClientSeq(agentId) {
+    const next = (this.activityClientSeqByAgent.get(agentId) ?? 0) + 1;
+    this.activityClientSeqByAgent.set(agentId, next);
+    return next;
+  }
   agentsStarting = /* @__PURE__ */ new Set();
   // Prevent concurrent starts of same agent
   queuedAgentStarts = /* @__PURE__ */ new Map();
@@ -8327,7 +8564,6 @@ var AgentProcessManager = class _AgentProcessManager {
   startingInboxes = /* @__PURE__ */ new Map();
   /** Cached configs for agents whose process exited normally — enables auto-restart on next message */
   idleAgentConfigs = /* @__PURE__ */ new Map();
-  chatBridgePath;
   slockCliPath;
   sendToServer;
   daemonApiKey;
@@ -8345,8 +8581,7 @@ var AgentProcessManager = class _AgentProcessManager {
   agentVisibleMessageIds = /* @__PURE__ */ new Map();
   daemonVersion;
   computerVersion;
-  constructor(chatBridgePath, sendToServer, daemonApiKey, opts) {
-    this.chatBridgePath = chatBridgePath;
+  constructor(sendToServer, daemonApiKey, opts) {
     this.slockCliPath = opts.slockCliPath ?? "";
     this.sendToServer = sendToServer;
     this.daemonApiKey = daemonApiKey;
@@ -8501,6 +8736,48 @@ var AgentProcessManager = class _AgentProcessManager {
       suppressed_pending_count: removedActive + removedStarting
     });
   }
+  purgeInboxMessagesForChannels(agentId, channelIds, reason = "server_purge") {
+    const channelIdSet = new Set(channelIds.filter((id) => typeof id === "string" && id.length > 0));
+    if (channelIdSet.size === 0) return { removedCount: 0 };
+    const purge = (messages) => {
+      if (!messages || messages.length === 0) return 0;
+      let removed = 0;
+      const retained = messages.filter((message) => {
+        const shouldRemove = channelIdSet.has(message.channel_id);
+        if (shouldRemove) removed += 1;
+        return !shouldRemove;
+      });
+      if (removed > 0) {
+        messages.splice(0, messages.length, ...retained);
+      }
+      return removed;
+    };
+    const active = this.agents.get(agentId);
+    const removedActive = purge(active?.inbox);
+    const startingInbox = this.startingInboxes.get(agentId);
+    const removedStarting = purge(startingInbox);
+    if (startingInbox && startingInbox.length === 0) {
+      this.startingInboxes.delete(agentId);
+    }
+    if (active && removedActive > 0) {
+      active.notifications.remove(removedActive);
+      if (active.inbox.length === 0) {
+        active.notifications.clear();
+      }
+    }
+    const removedCount = removedActive + removedStarting;
+    this.recordDaemonTrace("daemon.agent.inbox.purged", {
+      agentId,
+      reason,
+      channel_count: channelIdSet.size,
+      removed_active_count: removedActive,
+      removed_starting_count: removedStarting,
+      removed_count: removedCount,
+      active_inbox_count: active?.inbox.length ?? 0,
+      starting_inbox_count: this.startingInboxes.get(agentId)?.length ?? 0
+    });
+    return { removedCount };
+  }
   createAgentProxyInboxCoordinator(agentId) {
     return {
       getBoundary: (target) => this.getVisibleBoundary(agentId, target),
@@ -8578,7 +8855,6 @@ var AgentProcessManager = class _AgentProcessManager {
       target: input.target,
       messageCount
     }).entry;
-    if (ap) ap.activityClientSeq += 1;
     this.sendToServer({
       type: "agent:activity",
       agentId,
@@ -8586,7 +8862,7 @@ var AgentProcessManager = class _AgentProcessManager {
       detail: ap?.lastActivityDetail || "",
       entries: [entry],
       launchId: ap?.launchId || void 0,
-      clientSeq: ap?.activityClientSeq
+      clientSeq: ap ? this.nextActivityClientSeq(agentId) : void 0
     });
   }
   recordDaemonTrace(name, attrs, status = "ok", parentTraceparent) {
@@ -8832,7 +9108,7 @@ var AgentProcessManager = class _AgentProcessManager {
         );
         wakeMessage = void 0;
       }
-      const agentDataDir = path13.join(this.dataDir, agentId);
+      const agentDataDir = path11.join(this.dataDir, agentId);
       await mkdir(agentDataDir, { recursive: true });
       let runtimeConfig = withLocalRuntimeContext(config, agentId, agentDataDir);
       const legacyRuntimeProfileControl = runtimeConfig.runtimeProfileControl?.kind === "migration" ? runtimeConfig.runtimeProfileControl : null;
@@ -8846,23 +9122,23 @@ var AgentProcessManager = class _AgentProcessManager {
         );
         runtimeConfig = { ...runtimeConfig, runtimeProfileControl: null };
       }
-      const memoryMdPath = path13.join(agentDataDir, "MEMORY.md");
+      const memoryMdPath = path11.join(agentDataDir, "MEMORY.md");
       try {
         await access(memoryMdPath);
       } catch {
         const initialMemoryMd = buildInitialMemoryMd(runtimeConfig);
         await writeFile(memoryMdPath, initialMemoryMd);
       }
-      const notesDir = path13.join(agentDataDir, "notes");
+      const notesDir = path11.join(agentDataDir, "notes");
       await mkdir(notesDir, { recursive: true });
       if (getOnboardingSeedMode(config) === FIRST_CINDY_SEED_MODE) {
         const seedFiles = buildOnboardingSeedFiles();
         for (const { relativePath, content } of seedFiles) {
-          const fullPath = path13.join(agentDataDir, relativePath);
+          const fullPath = path11.join(agentDataDir, relativePath);
           try {
             await access(fullPath);
           } catch {
-            await mkdir(path13.dirname(fullPath), { recursive: true });
+            await mkdir(path11.dirname(fullPath), { recursive: true });
             await writeFile(fullPath, content);
           }
         }
@@ -8970,7 +9246,6 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
         standingPrompt,
         prompt,
         workingDirectory: agentDataDir,
-        chatBridgePath: this.chatBridgePath,
         slockCliPath: this.slockCliPath,
         daemonApiKey: this.daemonApiKey,
         launchId: launchId || null,
@@ -8999,7 +9274,6 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
         runtimeTraceCounters: createRuntimeTraceCounters(),
         lastActivity: "",
         lastActivityDetail: "",
-        activityClientSeq: 0,
         recentStdout: [],
         recentStderr: [],
         lastRuntimeError: null,
@@ -9118,7 +9392,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
           const startupTimeoutTermination = ap.expectedTerminationReason === "startup_timeout";
           const expectedTermination = Boolean(ap.expectedTerminationReason);
           const stickyTerminalFailureDetail = classifyStickyTerminalFailure(ap);
-          const processEndedCleanly = !stickyTerminalFailureDetail && (finalCode === 0 || expectedTermination && !ap.lastRuntimeError);
+          const processEndedCleanly = !stickyTerminalFailureDetail && !startupTimeoutTermination && (finalCode === 0 || expectedTermination && !ap.lastRuntimeError);
           const terminalFailureDetail = processEndedCleanly ? null : stickyTerminalFailureDetail ?? classifyTerminalFailure(ap);
           const resumeRecoveryReason = resumeSessionRecoveryReason(ap);
           const shouldColdStartResumeSession = resumeRecoveryReason !== null;
@@ -9527,6 +9801,9 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     cleanupAgentCredentialProxy(agentId, ap.launchId);
     this.revokeManagedRunnerCredential(agentId, ap.config, ap.launchId);
     this.agents.delete(agentId);
+    if (!silent) {
+      this.activityClientSeqByAgent.delete(agentId);
+    }
     this.runtimeExitTraceAttrs.set(ap.runtime, {
       stop_source: silent ? "daemon_internal" : "explicit_request",
       stop_wait_requested: wait,
@@ -9538,7 +9815,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
       reason: silent ? "daemon_internal" : "explicit_request"
     });
     if (!silent) {
-      this.sendRuntimeProfileReportFor(agentId, ap.config, ap.sessionId, ap.launchId);
+      this.sendRuntimeProfileReportFor(agentId, ap.config, ap.sessionId, ap.launchId, "stop");
       this.sendAgentStatus(agentId, "inactive", ap.launchId);
       this.broadcastActivity(agentId, "offline", "Stopped");
       logger.info(`[Agent ${agentId}] Stopped by request`);
@@ -9681,20 +9958,37 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
         }));
         return true;
       }
-      ap.inbox.push(message);
-      this.recordDaemonTrace("daemon.agent.delivery.routed", this.deliveryTraceAttrs(agentId, message, {
-        outcome: "queued_terminal_runtime_error",
-        accepted: true,
-        process_present: true,
-        runtime: ap.config.runtime,
-        session_id_present: Boolean(ap.sessionId),
-        launchId: ap.launchId || void 0,
-        is_idle: ap.isIdle,
-        inbox_count: ap.inbox.length
-      }));
-      this.sendAgentStatus(agentId, "inactive", ap.launchId);
-      this.broadcastActivity(agentId, "error", stickyTerminalFailure.detail);
-      return true;
+      if (stickyTerminalFailure.actionRequired) {
+        if (ap.lastRuntimeError && isAuthClassTerminalLine(ap.lastRuntimeError)) {
+          ap.lastRuntimeError = null;
+        }
+        ap.recentStderr = ap.recentStderr.filter((line) => !isAuthClassTerminalLine(line));
+        this.recordDaemonTrace("daemon.agent.delivery.routed", this.deliveryTraceAttrs(agentId, message, {
+          outcome: "user_turn_recover_from_sticky_terminal_error",
+          accepted: true,
+          process_present: true,
+          runtime: ap.config.runtime,
+          session_id_present: Boolean(ap.sessionId),
+          launchId: ap.launchId || void 0,
+          is_idle: ap.isIdle,
+          inbox_count: ap.inbox.length
+        }));
+      } else {
+        ap.inbox.push(message);
+        this.recordDaemonTrace("daemon.agent.delivery.routed", this.deliveryTraceAttrs(agentId, message, {
+          outcome: "queued_terminal_runtime_error",
+          accepted: true,
+          process_present: true,
+          runtime: ap.config.runtime,
+          session_id_present: Boolean(ap.sessionId),
+          launchId: ap.launchId || void 0,
+          is_idle: ap.isIdle,
+          inbox_count: ap.inbox.length
+        }));
+        this.sendAgentStatus(agentId, "inactive", ap.launchId);
+        this.broadcastActivity(agentId, "error", stickyTerminalFailure.detail);
+        return true;
+      }
     }
     if (ap.isIdle && ap.driver.supportsStdinNotification && ap.sessionId) {
       if (transientDelivery) {
@@ -9862,7 +10156,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     return true;
   }
   async resetWorkspace(agentId) {
-    const agentDataDir = path13.join(this.dataDir, agentId);
+    const agentDataDir = path11.join(this.dataDir, agentId);
     try {
       await rm2(agentDataDir, { recursive: true, force: true });
       logger.info(`[Agent ${agentId}] Workspace reset complete (${agentDataDir})`);
@@ -9923,7 +10217,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     return result;
   }
   buildRuntimeProfileReport(agentId, config, sessionId, launchId) {
-    const workspacePath = path13.join(this.dataDir, agentId);
+    const workspacePath = path11.join(this.dataDir, agentId);
     return {
       agentId,
       launchId,
@@ -10141,7 +10435,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     });
     span.end("ok", { attrs: { outcome: "agent_config_ack_sent" } });
   }
-  sendRuntimeProfileWireReport(report) {
+  sendRuntimeProfileWireReport(report, source) {
     const span = this.tracer.startSpan("daemon.runtime_profile.report.sent", {
       surface: "daemon",
       kind: "producer",
@@ -10149,6 +10443,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
         agentId: report.agentId,
         launchId: report.launchId || void 0,
         runtime: report.facts.runtime,
+        report_source: source,
         model_present: Boolean(report.facts.model),
         session_ref_present: Boolean(report.facts.sessionRef),
         workspace_ref_present: Boolean(report.facts.workspaceRef || report.facts.workspacePathRef)
@@ -10159,17 +10454,18 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
       agentId: report.agentId,
       facts: report.facts,
       launchId: report.launchId || void 0,
-      traceparent: formatTraceparent(span.context)
+      traceparent: formatTraceparent(span.context),
+      source
     });
     span.end("ok");
   }
-  sendRuntimeProfileReportFor(agentId, config, sessionId, launchId) {
-    this.sendRuntimeProfileWireReport(this.buildRuntimeProfileReport(agentId, config, sessionId, launchId));
+  sendRuntimeProfileReportFor(agentId, config, sessionId, launchId, source) {
+    this.sendRuntimeProfileWireReport(this.buildRuntimeProfileReport(agentId, config, sessionId, launchId), source);
   }
-  sendRuntimeProfileReport(agentId) {
+  sendRuntimeProfileReport(agentId, source) {
     const report = this.getAgentRuntimeProfileReport(agentId);
     if (!report) return;
-    this.sendRuntimeProfileWireReport(report);
+    this.sendRuntimeProfileWireReport(report, source);
   }
   // Machine-level workspace scanning
   async scanAllWorkspaces() {
@@ -10180,7 +10476,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
   }
   // Workspace file browsing
   async getFileTree(agentId, dirPath) {
-    const agentDir = path13.join(this.dataDir, agentId);
+    const agentDir = path11.join(this.dataDir, agentId);
     try {
       await stat2(agentDir);
     } catch {
@@ -10188,8 +10484,8 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     }
     let targetDir = agentDir;
     if (dirPath) {
-      const resolved = path13.resolve(agentDir, dirPath);
-      if (!resolved.startsWith(agentDir + path13.sep) && resolved !== agentDir) {
+      const resolved = path11.resolve(agentDir, dirPath);
+      if (!resolved.startsWith(agentDir + path11.sep) && resolved !== agentDir) {
         return [];
       }
       targetDir = resolved;
@@ -10197,14 +10493,14 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     return this.listDirectoryChildren(targetDir, agentDir);
   }
   async readFile(agentId, filePath) {
-    const agentDir = path13.join(this.dataDir, agentId);
-    const resolved = path13.resolve(agentDir, filePath);
-    if (!resolved.startsWith(agentDir + path13.sep) && resolved !== agentDir) {
+    const agentDir = path11.join(this.dataDir, agentId);
+    const resolved = path11.resolve(agentDir, filePath);
+    if (!resolved.startsWith(agentDir + path11.sep) && resolved !== agentDir) {
       throw new Error("Access denied");
     }
     const info = await stat2(resolved);
     if (info.isDirectory()) throw new Error("Cannot read a directory");
-    const ext = path13.extname(resolved).toLowerCase();
+    const ext = path11.extname(resolved).toLowerCase();
     if (WORKSPACE_TEXT_EXTENSIONS.has(ext) || ext === "") {
       if (info.size > WORKSPACE_TEXT_FILE_MAX_BYTES) throw new Error("File too large");
       const content = await readFile(resolved, "utf-8");
@@ -10239,13 +10535,13 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     const agent = this.agents.get(agentId);
     const runtime = runtimeHint || agent?.config.runtime || "claude";
     const home = os5.homedir();
-    const workspaceDir = path13.join(this.dataDir, agentId);
+    const workspaceDir = path11.join(this.dataDir, agentId);
     const paths = _AgentProcessManager.SKILL_PATHS[runtime] || _AgentProcessManager.SKILL_PATHS.claude;
     const globalResults = await Promise.all(
-      paths.global.map((p) => this.scanSkillsDir(path13.join(home, p)))
+      paths.global.map((p) => this.scanSkillsDir(path11.join(home, p)))
     );
     const workspaceResults = await Promise.all(
-      paths.workspace.map((p) => this.scanSkillsDir(path13.join(workspaceDir, p)))
+      paths.workspace.map((p) => this.scanSkillsDir(path11.join(workspaceDir, p)))
     );
     const dedup = (skills) => {
       const seen = /* @__PURE__ */ new Set();
@@ -10274,7 +10570,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     const skills = [];
     for (const entry of entries) {
       if (entry.isDirectory() || entry.isSymbolicLink()) {
-        const skillMd = path13.join(dir, entry.name, "SKILL.md");
+        const skillMd = path11.join(dir, entry.name, "SKILL.md");
         try {
           const content = await readFile(skillMd, "utf-8");
           const skill = this.parseSkillMd(entry.name, content);
@@ -10285,7 +10581,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
       } else if (entry.name.endsWith(".md")) {
         const cmdName = entry.name.replace(/\.md$/, "");
         try {
-          const content = await readFile(path13.join(dir, entry.name), "utf-8");
+          const content = await readFile(path11.join(dir, entry.name), "utf-8");
           const skill = this.parseSkillMd(cmdName, content);
           skill.sourcePath = dir;
           skills.push(skill);
@@ -10334,7 +10630,6 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     if (!hasToolStart) {
       entries.push({ kind: "status", activity, detail });
     }
-    if (ap) ap.activityClientSeq += 1;
     this.sendToServer({
       type: "agent:activity",
       agentId,
@@ -10342,7 +10637,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
       detail,
       entries,
       launchId: launchIdOverride || ap?.launchId || void 0,
-      clientSeq: ap?.activityClientSeq
+      clientSeq: ap ? this.nextActivityClientSeq(agentId) : void 0
     });
     if (ap) {
       ap.lastActivity = activity;
@@ -10354,14 +10649,13 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
             this.recordRuntimeTraceEvent(agentId, ap, "activity.heartbeat.sent", {
               activity: ap.lastActivity
             });
-            ap.activityClientSeq += 1;
             this.sendToServer({
               type: "agent:activity",
               agentId,
               activity: ap.lastActivity,
               detail: ap.lastActivityDetail,
               launchId: launchIdOverride || ap.launchId || void 0,
-              clientSeq: ap.activityClientSeq
+              clientSeq: this.nextActivityClientSeq(agentId)
             });
           }, ACTIVITY_HEARTBEAT_MS);
         }
@@ -10398,7 +10692,6 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     const ap = this.agents.get(agentId);
     const activity = ap?.lastActivity || "offline";
     const detail = ap?.lastActivityDetail || (ap ? "" : "Agent not running");
-    if (ap) ap.activityClientSeq += 1;
     this.sendToServer({
       type: "agent:activity",
       agentId,
@@ -10406,7 +10699,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
       detail,
       launchId: ap?.launchId || void 0,
       probeId,
-      clientSeq: ap?.activityClientSeq
+      clientSeq: ap ? this.nextActivityClientSeq(agentId) : void 0
     });
   }
   flushPendingTrajectory(agentId) {
@@ -10608,8 +10901,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
       runtime_profile_key_hash: control.keyHash || void 0,
       runtime_profile_key_present: control.keyPresent,
       runtime_profile_pending_age_ms: pendingAgeMs,
-      runtime_profile_requires_ack: false,
-      runtime_profile_migration_done_observed: control.kind === "migration" ? control.migrationDoneToolObserved : void 0
+      runtime_profile_requires_ack: false
     };
   }
   activateRuntimeProfileTurnControl(ap, control) {
@@ -10621,16 +10913,6 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     if (!notification) return null;
     return runtimeProfileTurnControl(notification.kind, notification.key, source);
   }
-  noteRuntimeProfileToolCall(agentId, ap, toolName) {
-    const control = ap.runtimeProfileTurnControl;
-    if (!control || control.kind !== "migration") return;
-    if (!toolName.includes("runtime_profile_migration_done")) return;
-    control.migrationDoneToolObserved = true;
-    this.recordRuntimeTraceEvent(agentId, ap, "runtime_profile.migration_done_tool.observed", {
-      ...this.runtimeProfileTurnControlTraceAttrs(control),
-      tool: toolName
-    });
-  }
   finalizeRuntimeProfileTurnControl(agentId, ap, terminal) {
     const control = ap.runtimeProfileTurnControl;
     if (!control) return {};
@@ -10639,7 +10921,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
     return {
       ...attrs,
       runtime_profile_turn_terminal: terminal,
-      runtime_profile_turn_outcome: control.kind === "migration" ? control.migrationDoneToolObserved ? "deprecated_migration_done_observed" : "reset_session_notice" : "notice_only"
+      runtime_profile_turn_outcome: control.kind === "migration" ? "reset_session_notice" : "notice_only"
     };
   }
   startRuntimeTrace(agentId, ap, reason, messages, inputTraceAttrs = {}) {
@@ -11018,7 +11300,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
       case "session_init":
         if (ap) ap.sessionId = event.sessionId;
         this.sendToServer({ type: "agent:session", agentId, sessionId: event.sessionId, launchId: ap?.launchId || void 0 });
-        this.sendRuntimeProfileReport(agentId);
+        this.sendRuntimeProfileReport(agentId, "session_init");
         break;
       case "thinking": {
         this.completeCompactionIfActive(agentId, "Context compaction finished (inferred from resumed output)");
@@ -11044,7 +11326,6 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
         const invocation = normalizeToolDisplayInvocation(event.name, event.input);
         if (ap) {
           const reduction = reduceApmGatedToolUse(ap.gatedSteering, { kind: "tool_call" });
-          this.noteRuntimeProfileToolCall(agentId, ap, invocation.toolName);
           this.recordRuntimeTraceEvent(agentId, ap, "tool.call.started", { tool: invocation.toolName });
           this.commitGatedSteeringDecisionState(agentId, ap, reduction.nextState, {
             event: "tool_call",
@@ -11157,7 +11438,7 @@ Use ${communicationCommand(driver, "read_history")} to catch up on the channels
         }
         if (event.sessionId) {
           this.sendToServer({ type: "agent:session", agentId, sessionId: event.sessionId, launchId: ap?.launchId || void 0 });
-          this.sendRuntimeProfileReport(agentId);
+          this.sendRuntimeProfileReport(agentId, "turn_end");
         }
         break;
       case "error": {
@@ -11625,8 +11906,8 @@ ${RESPONSE_TARGET_HINT}`);
     const nodes = [];
     for (const entry of entries) {
       if (entry.name.startsWith(".") || entry.name === "node_modules") continue;
-      const fullPath = path13.join(dir, entry.name);
-      const relativePath = path13.relative(rootDir, fullPath);
+      const fullPath = path11.join(dir, entry.name);
+      const relativePath = path11.relative(rootDir, fullPath);
       let info;
       try {
         info = await stat2(fullPath);
@@ -11917,7 +12198,7 @@ var ReminderCache = class {
       logger.warn(`[ReminderCache] Invalid fireAt for ${job.reminderId}: ${job.fireAt}`);
       return null;
     }
-    const delay = Math.max(0, Math.min(this.maxDelayMs, fireAt - this.clock.now()));
+    const delay2 = Math.max(0, Math.min(this.maxDelayMs, fireAt - this.clock.now()));
     return this.clock.setTimeout(() => {
       this.entries.delete(job.reminderId);
       try {
@@ -11925,15 +12206,15 @@ var ReminderCache = class {
       } catch (err) {
         logger.error(`[ReminderCache] onFire threw for ${job.reminderId}`, err);
       }
-    }, delay);
+    }, delay2);
   }
 };
 
 // src/machineLock.ts
 import { createHash as createHash4, randomUUID as randomUUID4 } from "crypto";
-import { mkdirSync as mkdirSync6, readFileSync as readFileSync5, rmSync as rmSync3, statSync as statSync2, writeFileSync as writeFileSync8 } from "fs";
+import { mkdirSync as mkdirSync4, readFileSync as readFileSync5, rmSync as rmSync3, statSync as statSync2, writeFileSync as writeFileSync5 } from "fs";
 import os6 from "os";
-import path14 from "path";
+import path12 from "path";
 var INCOMPLETE_LOCK_STALE_MS = 3e4;
 var DaemonMachineLockConflictError = class extends Error {
   code = "DAEMON_MACHINE_LOCK_HELD";
@@ -11955,7 +12236,7 @@ function resolveDefaultMachineStateRoot() {
   return resolveSlockHomePath("machines");
 }
 function ownerPath(lockDir) {
-  return path14.join(lockDir, "owner.json");
+  return path12.join(lockDir, "owner.json");
 }
 function readOwner(lockDir) {
   try {
@@ -11985,13 +12266,13 @@ function acquireDaemonMachineLock(options) {
   const rootDir = options.rootDir ?? resolveDefaultMachineStateRoot();
   const fingerprint = apiKeyFingerprint(options.apiKey);
   const lockId = getDaemonMachineLockId(options.apiKey);
-  const machineDir = path14.join(rootDir, lockId);
-  const lockDir = path14.join(machineDir, "daemon.lock");
+  const machineDir = path12.join(rootDir, lockId);
+  const lockDir = path12.join(machineDir, "daemon.lock");
   const token = randomUUID4();
-  mkdirSync6(machineDir, { recursive: true });
+  mkdirSync4(machineDir, { recursive: true });
   for (let attempt = 0; attempt < 2; attempt += 1) {
     try {
-      mkdirSync6(lockDir);
+      mkdirSync4(lockDir);
       const owner = {
         pid: process.pid,
         token,
@@ -12001,7 +12282,7 @@ function acquireDaemonMachineLock(options) {
         apiKeyFingerprint: fingerprint.slice(0, 16)
       };
       try {
-        writeFileSync8(ownerPath(lockDir), `${JSON.stringify(owner, null, 2)}
+        writeFileSync5(ownerPath(lockDir), `${JSON.stringify(owner, null, 2)}
 `, { mode: 384 });
       } catch (err) {
         rmSync3(lockDir, { recursive: true, force: true });
@@ -12016,7 +12297,7 @@ function acquireDaemonMachineLock(options) {
           if (currentOwner?.pid === process.pid && currentOwner.token === token) {
             const released = { ...currentOwner, pid: 0 };
             try {
-              writeFileSync8(ownerPath(lockDir), `${JSON.stringify(released, null, 2)}
+              writeFileSync5(ownerPath(lockDir), `${JSON.stringify(released, null, 2)}
 `, {
                 mode: 384
               });
@@ -12046,8 +12327,8 @@ function acquireDaemonMachineLock(options) {
 }
 
 // src/localTraceSink.ts
-import { appendFileSync, mkdirSync as mkdirSync7, readdirSync as readdirSync3, rmSync as rmSync4, statSync as statSync3, writeFileSync as writeFileSync9 } from "fs";
-import path15 from "path";
+import { appendFileSync, mkdirSync as mkdirSync5, readdirSync as readdirSync3, rmSync as rmSync4, statSync as statSync3, writeFileSync as writeFileSync6 } from "fs";
+import path13 from "path";
 var DEFAULT_MAX_FILE_BYTES = 5 * 1024 * 1024;
 var DEFAULT_MAX_FILE_AGE_MS = 5 * 60 * 1e3;
 var DEFAULT_MAX_FILES = 8;
@@ -12084,7 +12365,7 @@ var LocalRotatingTraceSink = class {
   currentSize = 0;
   sequence = 0;
   constructor(options) {
-    this.traceDir = path15.join(options.machineDir, "traces");
+    this.traceDir = path13.join(options.machineDir, "traces");
     this.maxFileBytes = Math.max(1024, Math.floor(options.maxFileBytes ?? DEFAULT_MAX_FILE_BYTES));
     const baseAgeMs = Math.max(1e3, Math.floor(options.maxFileAgeMs ?? DEFAULT_MAX_FILE_AGE_MS));
     const ageJitterMs = Math.max(0, Math.floor(options.maxFileAgeJitterMs ?? 0));
@@ -12110,15 +12391,15 @@ var LocalRotatingTraceSink = class {
     return this.currentFile;
   }
   ensureFile(nextBytes) {
-    mkdirSync7(this.traceDir, { recursive: true, mode: 448 });
+    mkdirSync5(this.traceDir, { recursive: true, mode: 448 });
     const nowMs = this.nowMsProvider();
     const shouldRotateForAge = this.currentFileOpenedAtMs !== null && nowMs - this.currentFileOpenedAtMs >= this.maxFileAgeMs;
     if (!this.currentFile || this.currentSize + nextBytes > this.maxFileBytes || shouldRotateForAge) {
-      this.currentFile = path15.join(
+      this.currentFile = path13.join(
         this.traceDir,
         `daemon-trace-${safeTimestamp(nowMs)}-${process.pid}-${String(this.sequence++).padStart(4, "0")}.jsonl`
       );
-      writeFileSync9(this.currentFile, "", { flag: "a", mode: 384 });
+      writeFileSync6(this.currentFile, "", { flag: "a", mode: 384 });
       this.currentSize = statSync3(this.currentFile).size;
       this.currentFileOpenedAtMs = nowMs;
       this.pruneOldFiles();
@@ -12129,7 +12410,7 @@ var LocalRotatingTraceSink = class {
     const excess = files.length - this.maxFiles;
     if (excess <= 0) return;
     for (const file of files.slice(0, excess)) {
-      rmSync4(path15.join(this.traceDir, file), { force: true });
+      rmSync4(path13.join(this.traceDir, file), { force: true });
     }
   }
 };
@@ -12220,11 +12501,108 @@ function isDiagnosticErrorAttr(key) {
 import { createHash as createHash6, randomUUID as randomUUID5 } from "crypto";
 import { gzipSync } from "zlib";
 import { mkdir as mkdir2, readFile as readFile2, readdir as readdir3, stat as stat3, writeFile as writeFile2 } from "fs/promises";
-import path16 from "path";
+import path14 from "path";
+
+// src/chatBridgeRequest.ts
+var DEFAULT_CHAT_BRIDGE_TOOL_TIMEOUT_MS = Number.parseInt(
+  process.env.SLOCK_CHAT_BRIDGE_TOOL_TIMEOUT_MS || "",
+  10
+) || 6e4;
+var ChatBridgeToolTimeoutError = class extends Error {
+  toolName;
+  target;
+  timeoutMs;
+  durationMs;
+  constructor(toolName, target, timeoutMs, durationMs) {
+    super(`${toolName} timed out after ${timeoutMs}ms${target ? ` (target: ${target})` : ""}`);
+    this.name = "ChatBridgeToolTimeoutError";
+    this.toolName = toolName;
+    this.target = target;
+    this.timeoutMs = timeoutMs;
+    this.durationMs = durationMs;
+  }
+};
+function describeError(err) {
+  if (err instanceof Error) return `${err.name}: ${err.message}`;
+  return String(err);
+}
+async function executeJsonRequest(url, init, {
+  toolName,
+  target = null,
+  timeoutMs = DEFAULT_CHAT_BRIDGE_TOOL_TIMEOUT_MS,
+  fetchImpl,
+  now = () => Date.now(),
+  warn = (message) => logger.warn(message)
+}) {
+  const startedAt = now();
+  const timeoutController = new AbortController();
+  const signals = [timeoutController.signal];
+  if (init.signal) signals.push(init.signal);
+  const signal = signals.length === 1 ? signals[0] : AbortSignal.any(signals);
+  const timeout = setTimeout(() => {
+    timeoutController.abort();
+  }, timeoutMs);
+  timeout.unref?.();
+  try {
+    const response = await fetchImpl(url, { ...init, signal });
+    const data = await response.json();
+    return { response, data, durationMs: now() - startedAt };
+  } catch (err) {
+    const durationMs = now() - startedAt;
+    if (timeoutController.signal.aborted && !init.signal?.aborted) {
+      warn(
+        `[ChatBridgeTimeout] tool=${toolName} target=${target ?? "-"} duration_ms=${durationMs} timeout_ms=${timeoutMs} outcome=timeout`
+      );
+      throw new ChatBridgeToolTimeoutError(toolName, target, timeoutMs, durationMs);
+    }
+    warn(
+      `[ChatBridgeError] tool=${toolName} target=${target ?? "-"} duration_ms=${durationMs} outcome=error error=${describeError(err)}`
+    );
+    throw err;
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+async function executeResponseRequest(url, init, {
+  toolName,
+  target = null,
+  timeoutMs = DEFAULT_CHAT_BRIDGE_TOOL_TIMEOUT_MS,
+  fetchImpl,
+  now = () => Date.now(),
+  warn = (message) => logger.warn(message)
+}) {
+  const startedAt = now();
+  const timeoutController = new AbortController();
+  const signals = [timeoutController.signal];
+  if (init.signal) signals.push(init.signal);
+  const signal = signals.length === 1 ? signals[0] : AbortSignal.any(signals);
+  const timeout = setTimeout(() => {
+    timeoutController.abort();
+  }, timeoutMs);
+  timeout.unref?.();
+  try {
+    const response = await fetchImpl(url, { ...init, signal });
+    return { response, durationMs: now() - startedAt };
+  } catch (err) {
+    const durationMs = now() - startedAt;
+    if (timeoutController.signal.aborted && !init.signal?.aborted) {
+      warn(
+        `[ChatBridgeTimeout] tool=${toolName} target=${target ?? "-"} duration_ms=${durationMs} timeout_ms=${timeoutMs} outcome=timeout`
+      );
+      throw new ChatBridgeToolTimeoutError(toolName, target, timeoutMs, durationMs);
+    }
+    warn(
+      `[ChatBridgeError] tool=${toolName} target=${target ?? "-"} duration_ms=${durationMs} outcome=error error=${describeError(err)}`
+    );
+    throw err;
+  } finally {
+    clearTimeout(timeout);
+  }
+}
 
 // src/directUploadCapability.ts
-function joinUrl(base, path18) {
-  return `${base.replace(/\/+$/, "")}${path18}`;
+function joinUrl(base, path16) {
+  return `${base.replace(/\/+$/, "")}${path16}`;
 }
 function jsonHeaders(apiKey) {
   return {
@@ -12443,7 +12821,7 @@ var DaemonTraceBundleUploader = class {
     }, nextMs);
   }
   async findUploadCandidates() {
-    const traceDir = path16.join(this.options.machineDir, "traces");
+    const traceDir = path14.join(this.options.machineDir, "traces");
     let names;
     try {
       names = await readdir3(traceDir);
@@ -12455,8 +12833,8 @@ var DaemonTraceBundleUploader = class {
     const currentFile = this.options.currentFileProvider?.();
     const candidates = [];
     for (const name of names.filter((entry) => entry.startsWith("daemon-trace-") && entry.endsWith(".jsonl")).sort()) {
-      const file = path16.join(traceDir, name);
-      if (currentFile && path16.resolve(file) === path16.resolve(currentFile)) continue;
+      const file = path14.join(traceDir, name);
+      if (currentFile && path14.resolve(file) === path14.resolve(currentFile)) continue;
       if (await this.isUploaded(file)) continue;
       try {
         const info = await stat3(file);
@@ -12530,8 +12908,8 @@ var DaemonTraceBundleUploader = class {
     }
   }
   uploadStatePath(file) {
-    const stateDir = path16.join(this.options.machineDir, "trace-uploads");
-    return path16.join(stateDir, `${path16.basename(file)}.uploaded.json`);
+    const stateDir = path14.join(this.options.machineDir, "trace-uploads");
+    return path14.join(stateDir, `${path14.basename(file)}.uploaded.json`);
   }
   async isUploaded(file) {
     try {
@@ -12543,9 +12921,9 @@ var DaemonTraceBundleUploader = class {
   }
   async markUploaded(file, metadata) {
     const stateFile = this.uploadStatePath(file);
-    await mkdir2(path16.dirname(stateFile), { recursive: true, mode: 448 });
+    await mkdir2(path14.dirname(stateFile), { recursive: true, mode: 448 });
     await writeFile2(stateFile, `${JSON.stringify({
-      file: path16.basename(file),
+      file: path14.basename(file),
       uploadedAt: (/* @__PURE__ */ new Date()).toISOString(),
       ...metadata
     }, null, 2)}
@@ -12567,7 +12945,7 @@ var DEFAULT_TRACE_UPLOAD_URL = "https://slock-trace-upload.botiverse.dev";
 var RUNNER_CREDENTIAL_SCOPES = ["send", "read", "mentions", "tasks", "reactions", "server", "channels", "knowledge"];
 var RUNNER_CREDENTIAL_MINT_MAX_ATTEMPTS2 = 3;
 var RUNNER_CREDENTIAL_MINT_RETRY_DELAY_MS2 = 250;
-var DAEMON_CLI_USAGE = "Usage: slock-daemon --server-url <url> --api-key <key>";
+var DAEMON_CLI_USAGE = `Usage: slock-daemon --server-url <url> (--api-key <key> or ${DAEMON_API_KEY_ENV}=<key>)`;
 var RunnerCredentialMintError2 = class extends Error {
   code;
   retryable;
@@ -12603,9 +12981,9 @@ function runnerCredentialErrorDetail2(error) {
 async function waitForRunnerCredentialRetry2() {
   await new Promise((resolve) => setTimeout(resolve, RUNNER_CREDENTIAL_MINT_RETRY_DELAY_MS2));
 }
-function parseDaemonCliArgs(args) {
+function parseDaemonCliArgs(args, env = {}) {
   let serverUrl = "";
-  let apiKey = "";
+  let apiKey = env[DAEMON_API_KEY_ENV] ?? "";
   for (let i = 0; i < args.length; i++) {
     if (args[i] === "--server-url" && args[i + 1]) serverUrl = args[++i];
     if (args[i] === "--api-key" && args[i + 1]) apiKey = args[++i];
@@ -12621,24 +12999,14 @@ function readDaemonVersion(moduleUrl = import.meta.url) {
     return "0.0.0-dev";
   }
 }
-function resolveChatBridgePath(moduleUrl = import.meta.url) {
-  const dirname = path17.dirname(fileURLToPath(moduleUrl));
-  const jsPath = path17.resolve(dirname, "chat-bridge.js");
-  try {
-    accessSync(jsPath);
-    return jsPath;
-  } catch {
-    return path17.resolve(dirname, "chat-bridge.ts");
-  }
-}
 function resolveSlockCliPath(moduleUrl = import.meta.url) {
-  const thisDir = path17.dirname(fileURLToPath(moduleUrl));
-  const bundledDistPath = path17.resolve(thisDir, "cli", "index.js");
+  const thisDir = path15.dirname(fileURLToPath(moduleUrl));
+  const bundledDistPath = path15.resolve(thisDir, "cli", "index.js");
   try {
     accessSync(bundledDistPath);
     return bundledDistPath;
   } catch {
-    const workspaceDistPath = path17.resolve(thisDir, "..", "..", "cli", "dist", "index.js");
+    const workspaceDistPath = path15.resolve(thisDir, "..", "..", "cli", "dist", "index.js");
     accessSync(workspaceDistPath);
     return workspaceDistPath;
   }
@@ -12739,6 +13107,8 @@ function summarizeIncomingMessage(msg) {
       return `(agent=${msg.agentId})`;
     case "agent:deliver":
       return `(agent=${msg.agentId}, seq=${msg.seq}, from=@${msg.message.sender_name}, target=${formatChannelTarget(msg)})`;
+    case "agent:inbox:purge":
+      return `(agent=${msg.agentId}, channels=${msg.channelIds.length}, reason=${msg.reason || "server_purge"})`;
     case "agent:runtime_profile:migration":
       return `(agent=${msg.agentId}, migration=${msg.migrationKey})`;
     case "agent:runtime_profile:daemon_release_notice":
@@ -12773,7 +13143,6 @@ var DaemonCore = class {
   // bundle version). Reported in `ready` so the server can surface the
   // Computer's own version (distinct from the underlying daemonVersion).
   computerVersion;
-  chatBridgePath;
   slockCliPath;
   slockHome;
   runtimeDetector;
@@ -12789,7 +13158,6 @@ var DaemonCore = class {
     this.options = options;
     this.daemonVersion = options.daemonVersion ?? readDaemonVersion();
     this.computerVersion = (process.env.SLOCK_COMPUTER_VERSION || "").trim() || null;
-    this.chatBridgePath = options.chatBridgePath ?? resolveChatBridgePath();
     this.slockCliPath = options.slockCliPath ?? resolveSlockCliPath();
     this.slockHome = resolveSlockHome();
     process.env[SLOCK_HOME_ENV] = this.slockHome;
@@ -12810,7 +13178,7 @@ var DaemonCore = class {
       daemonVersion: this.daemonVersion,
       computerVersion: this.computerVersion
     };
-    this.agentManager = options.agentManagerFactory ? options.agentManagerFactory(this.chatBridgePath, (msg) => connection.send(msg), options.apiKey, agentManagerOptions) : new AgentProcessManager(this.chatBridgePath, (msg) => connection.send(msg), options.apiKey, agentManagerOptions);
+    this.agentManager = options.agentManagerFactory ? options.agentManagerFactory((msg) => connection.send(msg), options.apiKey, agentManagerOptions) : new AgentProcessManager((msg) => connection.send(msg), options.apiKey, agentManagerOptions);
     const connectionFactory = options.connectionFactory ?? ((connOptions) => new DaemonConnection(connOptions));
     connection = connectionFactory({
       serverUrl: options.serverUrl,
@@ -12825,7 +13193,7 @@ var DaemonCore = class {
   }
   resolveMachineStateRoot() {
     if (this.options.machineStateDir) return this.options.machineStateDir;
-    if (this.options.dataDir) return path17.join(path17.dirname(this.options.dataDir), "machines");
+    if (this.options.dataDir) return path15.join(path15.dirname(this.options.dataDir), "machines");
     return resolveDefaultMachineStateRoot();
   }
   shouldEnableLocalTrace() {
@@ -12851,7 +13219,7 @@ var DaemonCore = class {
       sink: this.localTraceSink
     }));
     this.agentManager.setTracer(this.tracer);
-    this.agentManager.setCliTransportTraceDir(path17.join(machineDir, "traces"));
+    this.agentManager.setCliTransportTraceDir(path15.join(machineDir, "traces"));
   }
   installTraceBundleUploader(machineDir) {
     if (!this.shouldEnableLocalTrace()) return;
@@ -13093,6 +13461,10 @@ var DaemonCore = class {
         logger.info(`[Agent ${msg.agentId}] Workspace reset requested`);
         this.agentManager.resetWorkspace(msg.agentId);
         break;
+      case "agent:inbox:purge":
+        logger.info(`[Agent ${msg.agentId}] Inbox purge requested (${msg.channelIds.length} channels, reason=${msg.reason || "server_purge"})`);
+        this.agentManager.purgeInboxMessagesForChannels(msg.agentId, msg.channelIds, msg.reason || "server_purge");
+        break;
       case "agent:deliver": {
         const parent = parseTraceparent(msg.traceparent);
         const span = this.tracer.startSpan("daemon.agent.delivery", {
@@ -13344,6 +13716,7 @@ var DaemonCore = class {
           agentId: report.agentId,
           launchId: report.launchId || void 0,
           runtime: report.facts.runtime,
+          report_source: "connect",
           model_present: Boolean(report.facts.model),
           session_ref_present: Boolean(report.facts.sessionRef),
           workspace_ref_present: Boolean(report.facts.workspaceRef || report.facts.workspacePathRef)
@@ -13354,7 +13727,8 @@ var DaemonCore = class {
         agentId: report.agentId,
         facts: report.facts,
         launchId: report.launchId || void 0,
-        traceparent: formatTraceparent(span.context)
+        traceparent: formatTraceparent(span.context),
+        source: "connect"
       });
       span.end("ok");
     }
@@ -13378,13 +13752,15 @@ var DaemonCore = class {
 };
 
 export {
+  DAEMON_API_KEY_ENV,
+  scrubDaemonAuthEnv,
+  subscribeDaemonLogs,
   resolveWorkspaceDirectoryPath,
   scanWorkspaceDirectories,
   deleteWorkspaceDirectory,
   DAEMON_CLI_USAGE,
   parseDaemonCliArgs,
   readDaemonVersion,
-  resolveChatBridgePath,
   resolveSlockCliPath,
   detectRuntimes,
   DaemonCore