@sna-sdk/core 0.1.0 → 0.2.3

package/dist/server/standalone.js

@@ -15,11 +15,20 @@ import { createRequire } from "module";
 import fs from "fs";
 import path from "path";
 var DB_PATH = path.join(process.cwd(), "data/sna.db");
+var NATIVE_DIR = path.join(process.cwd(), ".sna/native");
 var _db = null;
+function loadBetterSqlite3() {
+  const nativeEntry = path.join(NATIVE_DIR, "node_modules", "better-sqlite3");
+  if (fs.existsSync(nativeEntry)) {
+    const req2 = createRequire(path.join(NATIVE_DIR, "noop.js"));
+    return req2("better-sqlite3");
+  }
+  const req = createRequire(import.meta.url);
+  return req("better-sqlite3");
+}
 function getDb() {
   if (!_db) {
-    const req = createRequire(import.meta.url);
-    const BetterSqlite3 = req("better-sqlite3");
+    const BetterSqlite3 = loadBetterSqlite3();
     const dir = path.dirname(DB_PATH);
     if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
     _db = new BetterSqlite3(DB_PATH);
@@ -36,13 +45,29 @@ function migrateSkillEvents(db) {
     db.exec("DROP TABLE IF EXISTS skill_events");
   }
 }
+function migrateChatSessionsMeta(db) {
+  const cols = db.prepare("PRAGMA table_info(chat_sessions)").all();
+  if (cols.length > 0 && !cols.some((c) => c.name === "meta")) {
+    db.exec("ALTER TABLE chat_sessions ADD COLUMN meta TEXT");
+  }
+  if (cols.length > 0 && !cols.some((c) => c.name === "cwd")) {
+    db.exec("ALTER TABLE chat_sessions ADD COLUMN cwd TEXT");
+  }
+  if (cols.length > 0 && !cols.some((c) => c.name === "last_start_config")) {
+    db.exec("ALTER TABLE chat_sessions ADD COLUMN last_start_config TEXT");
+  }
+}
 function initSchema(db) {
   migrateSkillEvents(db);
+  migrateChatSessionsMeta(db);
   db.exec(`
     CREATE TABLE IF NOT EXISTS chat_sessions (
       id         TEXT PRIMARY KEY,
       label      TEXT NOT NULL DEFAULT '',
       type       TEXT NOT NULL DEFAULT 'main',
+      meta       TEXT,
+      cwd        TEXT,
+      last_start_config TEXT,
       created_at TEXT NOT NULL DEFAULT (datetime('now'))
     );
 
@@ -128,17 +153,41 @@ function eventsRoute(c) {
   });
 }
 
+// src/server/api-types.ts
+function httpJson(c, _op, data, status) {
+  return c.json(data, status);
+}
+function wsReply(ws, msg, data) {
+  if (ws.readyState !== ws.OPEN) return;
+  const out = { ...data, type: msg.type };
+  if (msg.rid != null) out.rid = msg.rid;
+  ws.send(JSON.stringify(out));
+}
+
 // src/server/routes/emit.ts
-async function emitRoute(c) {
-  const { skill, type, message, data } = await c.req.json();
-  if (!skill || !type || !message) {
-    return c.json({ error: "missing fields" }, 400);
-  }
-  const db = getDb();
-  const result = db.prepare(
-    `INSERT INTO skill_events (skill, type, message, data) VALUES (?, ?, ?, ?)`
-  ).run(skill, type, message, data ?? null);
-  return c.json({ id: result.lastInsertRowid });
+function createEmitRoute(sessionManager2) {
+  return async (c) => {
+    const body = await c.req.json();
+    const { skill, type, message, data, session_id } = body;
+    if (!skill || !type || !message) {
+      return c.json({ error: "missing fields" }, 400);
+    }
+    const db = getDb();
+    const result = db.prepare(
+      `INSERT INTO skill_events (session_id, skill, type, message, data) VALUES (?, ?, ?, ?, ?)`
+    ).run(session_id ?? null, skill, type, message, data ?? null);
+    const id = Number(result.lastInsertRowid);
+    sessionManager2.broadcastSkillEvent({
+      id,
+      session_id: session_id ?? null,
+      skill,
+      type,
+      message,
+      data: data ?? null,
+      created_at: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    return httpJson(c, "emit", { id });
+  };
 }
 
 // src/server/routes/run.ts
@@ -223,6 +272,7 @@ var tags = {
   stdin: chalk.bold.green(" IN  "),
   stdout: chalk.bold.yellow(" OUT "),
   route: chalk.bold.blue(" API "),
+  ws: chalk.bold.green(" WS  "),
   err: chalk.bold.red(" ERR ")
 };
 var tagPlain = {
@@ -232,6 +282,7 @@ var tagPlain = {
   stdin: " IN  ",
   stdout: " OUT ",
   route: " API ",
+  ws: " WS  ",
   err: " ERR "
 };
 function appendFile(tag, args) {
@@ -347,6 +398,11 @@ var ClaudeCodeProcess = class {
     logger.log("stdin", msg.slice(0, 200));
     this.proc.stdin.write(msg + "\n");
   }
+  interrupt() {
+    if (this._alive) {
+      this.proc.kill("SIGINT");
+    }
+  }
   kill() {
     if (this._alive) {
       this._alive = false;
@@ -444,7 +500,7 @@ var ClaudeCodeProcess = class {
             timestamp: Date.now()
           };
         }
-        if (msg.subtype === "error" || msg.is_error) {
+        if (msg.subtype?.startsWith("error") || msg.is_error) {
           return {
             type: "error",
             message: msg.result ?? msg.error ?? "Unknown error",
@@ -476,13 +532,14 @@ var ClaudeCodeProvider = class {
   }
   spawn(options) {
     const claudePath = resolveClaudePath(options.cwd);
-    const hookScript = path3.join(options.cwd, "node_modules/@sna-sdk/core/dist/scripts/hook.js");
+    const hookScript = new URL("../../scripts/hook.js", import.meta.url).pathname;
+    const sessionId = options.env?.SNA_SESSION_ID ?? "default";
     const sdkSettings = {};
     if (options.permissionMode !== "bypassPermissions") {
       sdkSettings.hooks = {
         PreToolUse: [{
           matcher: ".*",
-          hooks: [{ type: "command", command: `node "${hookScript}"` }]
+          hooks: [{ type: "command", command: `node "${hookScript}" --session=${sessionId}` }]
         }]
       };
     }
@@ -569,6 +626,58 @@ function getProvider(name = "claude-code") {
 function getSessionId(c) {
   return c.req.query("session") ?? "default";
 }
+var DEFAULT_RUN_ONCE_TIMEOUT = 12e4;
+async function runOnce(sessionManager2, opts) {
+  const sessionId = `run-once-${crypto.randomUUID().slice(0, 8)}`;
+  const timeout = opts.timeout ?? DEFAULT_RUN_ONCE_TIMEOUT;
+  const session = sessionManager2.createSession({
+    id: sessionId,
+    label: "run-once",
+    cwd: opts.cwd ?? process.cwd()
+  });
+  const provider2 = getProvider(opts.provider ?? "claude-code");
+  const extraArgs = opts.extraArgs ? [...opts.extraArgs] : [];
+  if (opts.systemPrompt) extraArgs.push("--system-prompt", opts.systemPrompt);
+  if (opts.appendSystemPrompt) extraArgs.push("--append-system-prompt", opts.appendSystemPrompt);
+  const proc = provider2.spawn({
+    cwd: session.cwd,
+    prompt: opts.message,
+    model: opts.model ?? "claude-sonnet-4-6",
+    permissionMode: opts.permissionMode ?? "bypassPermissions",
+    env: { SNA_SESSION_ID: sessionId },
+    extraArgs: extraArgs.length > 0 ? extraArgs : void 0
+  });
+  sessionManager2.setProcess(sessionId, proc);
+  try {
+    const result = await new Promise((resolve, reject) => {
+      const texts = [];
+      let usage = null;
+      const timer = setTimeout(() => {
+        reject(new Error(`run-once timed out after ${timeout}ms`));
+      }, timeout);
+      const unsub = sessionManager2.onSessionEvent(sessionId, (_cursor, e) => {
+        if (e.type === "assistant" && e.message) {
+          texts.push(e.message);
+        }
+        if (e.type === "complete") {
+          clearTimeout(timer);
+          unsub();
+          usage = e.data ?? null;
+          resolve({ result: texts.join("\n"), usage });
+        }
+        if (e.type === "error") {
+          clearTimeout(timer);
+          unsub();
+          reject(new Error(e.message ?? "Agent error"));
+        }
+      });
+    });
+    return result;
+  } finally {
+    sessionManager2.killSession(sessionId);
+    sessionManager2.removeSession(sessionId);
+  }
+}
 function createAgentRoutes(sessionManager2) {
   const app = new Hono();
   app.post("/sessions", async (c) => {
@@ -576,17 +685,18 @@ function createAgentRoutes(sessionManager2) {
     try {
       const session = sessionManager2.createSession({
         label: body.label,
-        cwd: body.cwd
+        cwd: body.cwd,
+        meta: body.meta
       });
       logger.log("route", `POST /sessions \u2192 created "${session.id}"`);
-      return c.json({ status: "created", sessionId: session.id, label: session.label });
+      return httpJson(c, "sessions.create", { status: "created", sessionId: session.id, label: session.label, meta: session.meta });
     } catch (e) {
       logger.err("err", `POST /sessions \u2192 ${e.message}`);
       return c.json({ status: "error", message: e.message }, 409);
     }
   });
   app.get("/sessions", (c) => {
-    return c.json({ sessions: sessionManager2.listSessions() });
+    return httpJson(c, "sessions.list", { sessions: sessionManager2.listSessions() });
   });
   app.delete("/sessions/:id", (c) => {
     const id = c.req.param("id");
@@ -598,18 +708,33 @@ function createAgentRoutes(sessionManager2) {
       return c.json({ status: "error", message: "Session not found" }, 404);
     }
     logger.log("route", `DELETE /sessions/${id} \u2192 removed`);
-    return c.json({ status: "removed" });
+    return httpJson(c, "sessions.remove", { status: "removed" });
+  });
+  app.post("/run-once", async (c) => {
+    const body = await c.req.json().catch(() => ({}));
+    if (!body.message) {
+      return c.json({ status: "error", message: "message is required" }, 400);
+    }
+    try {
+      const result = await runOnce(sessionManager2, body);
+      return httpJson(c, "agent.run-once", result);
+    } catch (e) {
+      logger.err("err", `POST /run-once \u2192 ${e.message}`);
+      return c.json({ status: "error", message: e.message }, 500);
+    }
   });
   app.post("/start", async (c) => {
     const sessionId = getSessionId(c);
     const body = await c.req.json().catch(() => ({}));
-    const session = sessionManager2.getOrCreateSession(sessionId);
+    const session = sessionManager2.getOrCreateSession(sessionId, {
+      cwd: body.cwd
+    });
     if (session.process?.alive && !body.force) {
       logger.log("route", `POST /start?session=${sessionId} \u2192 already_running`);
-      return c.json({
+      return httpJson(c, "agent.start", {
         status: "already_running",
         provider: "claude-code",
-        sessionId: session.process.sessionId
+        sessionId: session.process.sessionId ?? session.id
       });
     }
     if (session.process?.alive) {
@@ -631,18 +756,23 @@ function createAgentRoutes(sessionManager2) {
       }
     } catch {
     }
+    const providerName = body.provider ?? "claude-code";
+    const model = body.model ?? "claude-sonnet-4-6";
+    const permissionMode2 = body.permissionMode ?? "acceptEdits";
+    const extraArgs = body.extraArgs;
     try {
       const proc = provider2.spawn({
         cwd: session.cwd,
         prompt: body.prompt,
-        model: body.model ?? "claude-sonnet-4-6",
-        permissionMode: body.permissionMode ?? "acceptEdits",
+        model,
+        permissionMode: permissionMode2,
         env: { SNA_SESSION_ID: sessionId },
-        extraArgs: body.extraArgs
+        extraArgs
       });
       sessionManager2.setProcess(sessionId, proc);
+      sessionManager2.saveStartConfig(sessionId, { provider: providerName, model, permissionMode: permissionMode2, extraArgs });
       logger.log("route", `POST /start?session=${sessionId} \u2192 started`);
-      return c.json({
+      return httpJson(c, "agent.start", {
         status: "started",
         provider: provider2.name,
         sessionId: session.id
@@ -677,7 +807,7 @@ function createAgentRoutes(sessionManager2) {
     sessionManager2.touch(sessionId);
     logger.log("route", `POST /send?session=${sessionId} \u2192 "${body.message.slice(0, 80)}"`);
     session.process.send(body.message);
-    return c.json({ status: "sent" });
+    return httpJson(c, "agent.send", { status: "sent" });
   });
   app.get("/events", (c) => {
     const sessionId = getSessionId(c);
@@ -712,76 +842,75 @@ function createAgentRoutes(sessionManager2) {
       }
     });
   });
+  app.post("/restart", async (c) => {
+    const sessionId = getSessionId(c);
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const { config } = sessionManager2.restartSession(sessionId, body, (cfg) => {
+        const prov = getProvider(cfg.provider);
+        return prov.spawn({
+          cwd: sessionManager2.getSession(sessionId).cwd,
+          model: cfg.model,
+          permissionMode: cfg.permissionMode,
+          env: { SNA_SESSION_ID: sessionId },
+          extraArgs: [...cfg.extraArgs ?? [], "--resume"]
+        });
+      });
+      logger.log("route", `POST /restart?session=${sessionId} \u2192 restarted`);
+      return httpJson(c, "agent.restart", {
+        status: "restarted",
+        provider: config.provider,
+        sessionId
+      });
+    } catch (e) {
+      logger.err("err", `POST /restart?session=${sessionId} \u2192 ${e.message}`);
+      return c.json({ status: "error", message: e.message }, 500);
+    }
+  });
+  app.post("/interrupt", async (c) => {
+    const sessionId = getSessionId(c);
+    const interrupted = sessionManager2.interruptSession(sessionId);
+    return httpJson(c, "agent.interrupt", { status: interrupted ? "interrupted" : "no_session" });
+  });
   app.post("/kill", async (c) => {
     const sessionId = getSessionId(c);
     const killed = sessionManager2.killSession(sessionId);
-    return c.json({ status: killed ? "killed" : "no_session" });
+    return httpJson(c, "agent.kill", { status: killed ? "killed" : "no_session" });
   });
   app.get("/status", (c) => {
     const sessionId = getSessionId(c);
     const session = sessionManager2.getSession(sessionId);
-    return c.json({
+    return httpJson(c, "agent.status", {
       alive: session?.process?.alive ?? false,
       sessionId: session?.process?.sessionId ?? null,
       eventCount: session?.eventCounter ?? 0
     });
   });
-  const pendingPermissions = /* @__PURE__ */ new Map();
   app.post("/permission-request", async (c) => {
     const sessionId = getSessionId(c);
     const body = await c.req.json().catch(() => ({}));
     logger.log("route", `POST /permission-request?session=${sessionId} \u2192 ${body.tool_name}`);
-    const session = sessionManager2.getSession(sessionId);
-    if (session) session.state = "permission";
-    const result = await new Promise((resolve) => {
-      pendingPermissions.set(sessionId, {
-        resolve,
-        request: body,
-        createdAt: Date.now()
-      });
-      setTimeout(() => {
-        if (pendingPermissions.has(sessionId)) {
-          pendingPermissions.delete(sessionId);
-          resolve(false);
-        }
-      }, 3e5);
-    });
+    const result = await sessionManager2.createPendingPermission(sessionId, body);
     return c.json({ approved: result });
   });
   app.post("/permission-respond", async (c) => {
     const sessionId = getSessionId(c);
     const body = await c.req.json().catch(() => ({}));
     const approved = body.approved ?? false;
-    const pending = pendingPermissions.get(sessionId);
-    if (!pending) {
+    const resolved = sessionManager2.resolvePendingPermission(sessionId, approved);
+    if (!resolved) {
       return c.json({ status: "error", message: "No pending permission request" }, 404);
     }
-    pending.resolve(approved);
-    pendingPermissions.delete(sessionId);
-    const session = sessionManager2.getSession(sessionId);
-    if (session) session.state = "processing";
     logger.log("route", `POST /permission-respond?session=${sessionId} \u2192 ${approved ? "approved" : "denied"}`);
-    return c.json({ status: approved ? "approved" : "denied" });
+    return httpJson(c, "permission.respond", { status: approved ? "approved" : "denied" });
   });
   app.get("/permission-pending", (c) => {
     const sessionId = c.req.query("session");
     if (sessionId) {
-      const pending = pendingPermissions.get(sessionId);
-      if (!pending) return c.json({ pending: null });
-      return c.json({
-        pending: {
-          sessionId,
-          request: pending.request,
-          createdAt: pending.createdAt
-        }
-      });
+      const pending = sessionManager2.getPendingPermission(sessionId);
+      return httpJson(c, "permission.pending", { pending: pending ? [{ sessionId, ...pending }] : [] });
     }
-    const all = Array.from(pendingPermissions.entries()).map(([id, p]) => ({
-      sessionId: id,
-      request: p.request,
-      createdAt: p.createdAt
-    }));
-    return c.json({ pending: all });
+    return httpJson(c, "permission.pending", { pending: sessionManager2.getAllPendingPermissions() });
   });
   return app;
 }
@@ -793,10 +922,14 @@ function createChatRoutes() {
   app.get("/sessions", (c) => {
     try {
       const db = getDb();
-      const sessions = db.prepare(
-        `SELECT id, label, type, created_at FROM chat_sessions ORDER BY created_at DESC`
+      const rows = db.prepare(
+        `SELECT id, label, type, meta, cwd, created_at FROM chat_sessions ORDER BY created_at DESC`
       ).all();
-      return c.json({ sessions });
+      const sessions = rows.map((r) => ({
+        ...r,
+        meta: r.meta ? JSON.parse(r.meta) : null
+      }));
+      return httpJson(c, "chat.sessions.list", { sessions });
     } catch (e) {
       return c.json({ status: "error", message: e.message, stack: e.stack }, 500);
     }
@@ -807,9 +940,9 @@ function createChatRoutes() {
     try {
       const db = getDb();
       db.prepare(
-        `INSERT OR IGNORE INTO chat_sessions (id, label, type) VALUES (?, ?, ?)`
-      ).run(id, body.label ?? id, body.type ?? "background");
-      return c.json({ status: "created", id });
+        `INSERT OR IGNORE INTO chat_sessions (id, label, type, meta) VALUES (?, ?, ?, ?)`
+      ).run(id, body.label ?? id, body.type ?? "background", body.meta ? JSON.stringify(body.meta) : null);
+      return httpJson(c, "chat.sessions.create", { status: "created", id, meta: body.meta ?? null });
     } catch (e) {
       return c.json({ status: "error", message: e.message }, 500);
     }
@@ -822,7 +955,7 @@ function createChatRoutes() {
     try {
       const db = getDb();
       db.prepare(`DELETE FROM chat_sessions WHERE id = ?`).run(id);
-      return c.json({ status: "deleted" });
+      return httpJson(c, "chat.sessions.remove", { status: "deleted" });
     } catch (e) {
       return c.json({ status: "error", message: e.message }, 500);
     }
@@ -834,7 +967,7 @@ function createChatRoutes() {
       const db = getDb();
       const query = sinceParam ? db.prepare(`SELECT * FROM chat_messages WHERE session_id = ? AND id > ? ORDER BY id ASC`) : db.prepare(`SELECT * FROM chat_messages WHERE session_id = ? ORDER BY id ASC`);
       const messages = sinceParam ? query.all(id, parseInt(sinceParam, 10)) : query.all(id);
-      return c.json({ messages });
+      return httpJson(c, "chat.messages.list", { messages });
     } catch (e) {
       return c.json({ status: "error", message: e.message, stack: e.stack }, 500);
     }
@@ -857,7 +990,7 @@ function createChatRoutes() {
         body.skill_name ?? null,
         body.meta ? JSON.stringify(body.meta) : null
       );
-      return c.json({ status: "created", id: result.lastInsertRowid });
+      return httpJson(c, "chat.messages.create", { status: "created", id: Number(result.lastInsertRowid) });
     } catch (e) {
       return c.json({ status: "error", message: e.message }, 500);
     }
@@ -867,7 +1000,7 @@ function createChatRoutes() {
     try {
       const db = getDb();
       db.prepare(`DELETE FROM chat_messages WHERE session_id = ?`).run(id);
-      return c.json({ status: "cleared" });
+      return httpJson(c, "chat.messages.clear", { status: "cleared" });
     } catch (e) {
       return c.json({ status: "error", message: e.message }, 500);
     }
@@ -878,16 +1011,80 @@ function createChatRoutes() {
 // src/server/session-manager.ts
 var DEFAULT_MAX_SESSIONS = 5;
 var MAX_EVENT_BUFFER = 500;
+var PERMISSION_TIMEOUT_MS = 3e5;
 var SessionManager = class {
   constructor(options = {}) {
     this.sessions = /* @__PURE__ */ new Map();
+    this.eventListeners = /* @__PURE__ */ new Map();
+    this.pendingPermissions = /* @__PURE__ */ new Map();
+    this.skillEventListeners = /* @__PURE__ */ new Set();
+    this.permissionRequestListeners = /* @__PURE__ */ new Set();
+    this.lifecycleListeners = /* @__PURE__ */ new Set();
     this.maxSessions = options.maxSessions ?? DEFAULT_MAX_SESSIONS;
+    this.restoreFromDb();
+  }
+  /** Restore session metadata from DB (cwd, label, meta). Process state is not restored. */
+  restoreFromDb() {
+    try {
+      const db = getDb();
+      const rows = db.prepare(
+        `SELECT id, label, meta, cwd, last_start_config, created_at FROM chat_sessions`
+      ).all();
+      for (const row of rows) {
+        if (this.sessions.has(row.id)) continue;
+        this.sessions.set(row.id, {
+          id: row.id,
+          process: null,
+          eventBuffer: [],
+          eventCounter: 0,
+          label: row.label,
+          cwd: row.cwd ?? process.cwd(),
+          meta: row.meta ? JSON.parse(row.meta) : null,
+          state: "idle",
+          lastStartConfig: row.last_start_config ? JSON.parse(row.last_start_config) : null,
+          createdAt: new Date(row.created_at).getTime() || Date.now(),
+          lastActivityAt: Date.now()
+        });
+      }
+    } catch {
+    }
+  }
+  /** Persist session metadata to DB. */
+  persistSession(session) {
+    try {
+      const db = getDb();
+      db.prepare(
+        `INSERT OR REPLACE INTO chat_sessions (id, label, type, meta, cwd, last_start_config) VALUES (?, ?, 'main', ?, ?, ?)`
+      ).run(
+        session.id,
+        session.label,
+        session.meta ? JSON.stringify(session.meta) : null,
+        session.cwd,
+        session.lastStartConfig ? JSON.stringify(session.lastStartConfig) : null
+      );
+    } catch {
+    }
   }
   /** Create a new session. Throws if max sessions reached. */
   createSession(opts = {}) {
     const id = opts.id ?? crypto.randomUUID().slice(0, 8);
     if (this.sessions.has(id)) {
-      return this.sessions.get(id);
+      const existing = this.sessions.get(id);
+      let changed = false;
+      if (opts.cwd && opts.cwd !== existing.cwd) {
+        existing.cwd = opts.cwd;
+        changed = true;
+      }
+      if (opts.label && opts.label !== existing.label) {
+        existing.label = opts.label;
+        changed = true;
+      }
+      if (opts.meta !== void 0 && opts.meta !== existing.meta) {
+        existing.meta = opts.meta ?? null;
+        changed = true;
+      }
+      if (changed) this.persistSession(existing);
+      return existing;
     }
     const aliveCount = Array.from(this.sessions.values()).filter((s) => s.process?.alive).length;
     if (aliveCount >= this.maxSessions) {
@@ -900,11 +1097,14 @@ var SessionManager = class {
       eventCounter: 0,
       label: opts.label ?? id,
       cwd: opts.cwd ?? process.cwd(),
+      meta: opts.meta ?? null,
       state: "idle",
+      lastStartConfig: null,
       createdAt: Date.now(),
       lastActivityAt: Date.now()
     };
     this.sessions.set(id, session);
+    this.persistSession(session);
     return session;
   }
   /** Get a session by ID. */
@@ -914,7 +1114,13 @@ var SessionManager = class {
   /** Get or create a session (used for "default" backward compat). */
   getOrCreateSession(id, opts) {
     const existing = this.sessions.get(id);
-    if (existing) return existing;
+    if (existing) {
+      if (opts?.cwd && opts.cwd !== existing.cwd) {
+        existing.cwd = opts.cwd;
+        this.persistSession(existing);
+      }
+      return existing;
+    }
     return this.createSession({ id, ...opts });
   }
   /** Set the agent process for a session. Subscribes to events. */
@@ -934,13 +1140,144 @@ var SessionManager = class {
         session.state = "waiting";
       }
       this.persistEvent(sessionId, e);
+      const listeners = this.eventListeners.get(sessionId);
+      if (listeners) {
+        for (const cb of listeners) cb(session.eventCounter, e);
+      }
+    });
+    proc.on("exit", (code) => {
+      session.state = "idle";
+      this.emitLifecycle({ session: sessionId, state: code != null ? "exited" : "crashed", code });
     });
+    proc.on("error", () => {
+      session.state = "idle";
+      this.emitLifecycle({ session: sessionId, state: "crashed" });
+    });
+    this.emitLifecycle({ session: sessionId, state: "started" });
+  }
+  // ── Event pub/sub (for WebSocket) ─────────────────────────────
+  /** Subscribe to real-time events for a session. Returns unsubscribe function. */
+  onSessionEvent(sessionId, cb) {
+    let set = this.eventListeners.get(sessionId);
+    if (!set) {
+      set = /* @__PURE__ */ new Set();
+      this.eventListeners.set(sessionId, set);
+    }
+    set.add(cb);
+    return () => {
+      set.delete(cb);
+      if (set.size === 0) this.eventListeners.delete(sessionId);
+    };
+  }
+  // ── Skill event pub/sub ────────────────────────────────────────
+  /** Subscribe to skill events broadcast. Returns unsubscribe function. */
+  onSkillEvent(cb) {
+    this.skillEventListeners.add(cb);
+    return () => this.skillEventListeners.delete(cb);
+  }
+  /** Broadcast a skill event to all subscribers (called after DB insert). */
+  broadcastSkillEvent(event) {
+    for (const cb of this.skillEventListeners) cb(event);
+  }
+  // ── Permission pub/sub ────────────────────────────────────────
+  /** Subscribe to permission request notifications. Returns unsubscribe function. */
+  onPermissionRequest(cb) {
+    this.permissionRequestListeners.add(cb);
+    return () => this.permissionRequestListeners.delete(cb);
+  }
+  // ── Session lifecycle pub/sub ──────────────────────────────────
+  /** Subscribe to session lifecycle events (started/killed/exited/crashed). Returns unsubscribe function. */
+  onSessionLifecycle(cb) {
+    this.lifecycleListeners.add(cb);
+    return () => this.lifecycleListeners.delete(cb);
+  }
+  emitLifecycle(event) {
+    for (const cb of this.lifecycleListeners) cb(event);
+  }
+  // ── Permission management ─────────────────────────────────────
+  /** Create a pending permission request. Returns a promise that resolves when approved/denied. */
+  createPendingPermission(sessionId, request) {
+    const session = this.sessions.get(sessionId);
+    if (session) session.state = "permission";
+    return new Promise((resolve) => {
+      const createdAt = Date.now();
+      this.pendingPermissions.set(sessionId, { resolve, request, createdAt });
+      for (const cb of this.permissionRequestListeners) cb(sessionId, request, createdAt);
+      setTimeout(() => {
+        if (this.pendingPermissions.has(sessionId)) {
+          this.pendingPermissions.delete(sessionId);
+          resolve(false);
+        }
+      }, PERMISSION_TIMEOUT_MS);
+    });
+  }
+  /** Resolve a pending permission request. Returns false if no pending request. */
+  resolvePendingPermission(sessionId, approved) {
+    const pending = this.pendingPermissions.get(sessionId);
+    if (!pending) return false;
+    pending.resolve(approved);
+    this.pendingPermissions.delete(sessionId);
+    const session = this.sessions.get(sessionId);
+    if (session) session.state = "processing";
+    return true;
+  }
+  /** Get a pending permission for a specific session. */
+  getPendingPermission(sessionId) {
+    const p = this.pendingPermissions.get(sessionId);
+    return p ? { request: p.request, createdAt: p.createdAt } : null;
+  }
+  /** Get all pending permissions across sessions. */
+  getAllPendingPermissions() {
+    return Array.from(this.pendingPermissions.entries()).map(([id, p]) => ({
+      sessionId: id,
+      request: p.request,
+      createdAt: p.createdAt
+    }));
+  }
+  // ── Session lifecycle ─────────────────────────────────────────
+  /** Kill the agent process in a session (session stays, can be restarted). */
+  /** Save the start config for a session (called by start handlers). */
+  saveStartConfig(id, config) {
+    const session = this.sessions.get(id);
+    if (!session) return;
+    session.lastStartConfig = config;
+    this.persistSession(session);
+  }
+  /** Restart session: kill → re-spawn with merged config + --resume. */
+  restartSession(id, overrides, spawnFn) {
+    const session = this.sessions.get(id);
+    if (!session) throw new Error(`Session "${id}" not found`);
+    const base = session.lastStartConfig;
+    if (!base) throw new Error(`Session "${id}" has no previous start config`);
+    const config = {
+      provider: overrides.provider ?? base.provider,
+      model: overrides.model ?? base.model,
+      permissionMode: overrides.permissionMode ?? base.permissionMode,
+      extraArgs: overrides.extraArgs ?? base.extraArgs
+    };
+    if (session.process?.alive) session.process.kill();
+    session.eventBuffer.length = 0;
+    const proc = spawnFn(config);
+    this.setProcess(id, proc);
+    session.lastStartConfig = config;
+    this.persistSession(session);
+    this.emitLifecycle({ session: id, state: "restarted" });
+    return { config };
+  }
+  /** Interrupt the current turn (SIGINT). Process stays alive, returns to waiting. */
+  interruptSession(id) {
+    const session = this.sessions.get(id);
+    if (!session?.process?.alive) return false;
+    session.process.interrupt();
+    session.state = "waiting";
+    return true;
   }
   /** Kill the agent process in a session (session stays, can be restarted). */
   killSession(id) {
     const session = this.sessions.get(id);
     if (!session?.process?.alive) return false;
     session.process.kill();
+    this.emitLifecycle({ session: id, state: "killed" });
     return true;
   }
   /** Remove a session entirely. Cannot remove "default". */
@@ -949,6 +1286,8 @@ var SessionManager = class {
     const session = this.sessions.get(id);
     if (!session) return false;
     if (session.process?.alive) session.process.kill();
+    this.eventListeners.delete(id);
+    this.pendingPermissions.delete(id);
     this.sessions.delete(id);
     return true;
   }
@@ -960,6 +1299,7 @@ var SessionManager = class {
       alive: s.process?.alive ?? false,
       state: s.state,
       cwd: s.cwd,
+      meta: s.meta,
       eventCount: s.eventCounter,
       createdAt: s.createdAt,
       lastActivityAt: s.lastActivityAt
@@ -1016,13 +1356,492 @@ var SessionManager = class {
   }
 };
 
+// src/server/ws.ts
+import { WebSocketServer } from "ws";
+function send(ws, data) {
+  if (ws.readyState === ws.OPEN) {
+    ws.send(JSON.stringify(data));
+  }
+}
+function reply(ws, msg, data) {
+  send(ws, { ...data, type: msg.type, ...msg.rid != null ? { rid: msg.rid } : {} });
+}
+function replyError(ws, msg, message) {
+  send(ws, { type: "error", ...msg.rid != null ? { rid: msg.rid } : {}, message });
+}
+function attachWebSocket(server2, sessionManager2) {
+  const wss = new WebSocketServer({ noServer: true });
+  server2.on("upgrade", (req, socket, head) => {
+    const url = new URL(req.url ?? "/", `http://${req.headers.host}`);
+    if (url.pathname === "/ws") {
+      wss.handleUpgrade(req, socket, head, (ws) => {
+        wss.emit("connection", ws, req);
+      });
+    } else {
+      socket.destroy();
+    }
+  });
+  wss.on("connection", (ws) => {
+    logger.log("ws", "client connected");
+    const state = { agentUnsubs: /* @__PURE__ */ new Map(), skillEventUnsub: null, skillPollTimer: null, permissionUnsub: null, lifecycleUnsub: null };
+    state.lifecycleUnsub = sessionManager2.onSessionLifecycle((event) => {
+      send(ws, { type: "session.lifecycle", ...event });
+    });
+    ws.on("message", (raw) => {
+      let msg;
+      try {
+        msg = JSON.parse(raw.toString());
+      } catch {
+        send(ws, { type: "error", message: "invalid JSON" });
+        return;
+      }
+      if (!msg.type) {
+        send(ws, { type: "error", message: "type is required" });
+        return;
+      }
+      handleMessage(ws, msg, sessionManager2, state);
+    });
+    ws.on("close", () => {
+      logger.log("ws", "client disconnected");
+      for (const unsub of state.agentUnsubs.values()) unsub();
+      state.agentUnsubs.clear();
+      state.skillEventUnsub?.();
+      state.skillEventUnsub = null;
+      if (state.skillPollTimer) {
+        clearInterval(state.skillPollTimer);
+        state.skillPollTimer = null;
+      }
+      state.permissionUnsub?.();
+      state.permissionUnsub = null;
+      state.lifecycleUnsub?.();
+      state.lifecycleUnsub = null;
+    });
+  });
+  return wss;
+}
+function handleMessage(ws, msg, sm, state) {
+  switch (msg.type) {
+    // ── Session CRUD ──────────────────────────────────
+    case "sessions.create":
+      return handleSessionsCreate(ws, msg, sm);
+    case "sessions.list":
+      return wsReply(ws, msg, { sessions: sm.listSessions() });
+    case "sessions.remove":
+      return handleSessionsRemove(ws, msg, sm);
+    // ── Agent lifecycle ───────────────────────────────
+    case "agent.start":
+      return handleAgentStart(ws, msg, sm);
+    case "agent.send":
+      return handleAgentSend(ws, msg, sm);
+    case "agent.restart":
+      return handleAgentRestart(ws, msg, sm);
+    case "agent.interrupt":
+      return handleAgentInterrupt(ws, msg, sm);
+    case "agent.kill":
+      return handleAgentKill(ws, msg, sm);
+    case "agent.status":
+      return handleAgentStatus(ws, msg, sm);
+    case "agent.run-once":
+      handleAgentRunOnce(ws, msg, sm);
+      return;
+    // ── Agent event subscription ──────────────────────
+    case "agent.subscribe":
+      return handleAgentSubscribe(ws, msg, sm, state);
+    case "agent.unsubscribe":
+      return handleAgentUnsubscribe(ws, msg, state);
+    // ── Skill events ──────────────────────────────────
+    case "events.subscribe":
+      return handleEventsSubscribe(ws, msg, sm, state);
+    case "events.unsubscribe":
+      return handleEventsUnsubscribe(ws, msg, state);
+    case "emit":
+      return handleEmit(ws, msg, sm);
+    // ── Permission ────────────────────────────────────
+    case "permission.respond":
+      return handlePermissionRespond(ws, msg, sm);
+    case "permission.pending":
+      return handlePermissionPending(ws, msg, sm);
+    case "permission.subscribe":
+      return handlePermissionSubscribe(ws, msg, sm, state);
+    case "permission.unsubscribe":
+      return handlePermissionUnsubscribe(ws, msg, state);
+    // ── Chat sessions ─────────────────────────────────
+    case "chat.sessions.list":
+      return handleChatSessionsList(ws, msg);
+    case "chat.sessions.create":
+      return handleChatSessionsCreate(ws, msg);
+    case "chat.sessions.remove":
+      return handleChatSessionsRemove(ws, msg);
+    // ── Chat messages ─────────────────────────────────
+    case "chat.messages.list":
+      return handleChatMessagesList(ws, msg);
+    case "chat.messages.create":
+      return handleChatMessagesCreate(ws, msg);
+    case "chat.messages.clear":
+      return handleChatMessagesClear(ws, msg);
+    default:
+      replyError(ws, msg, `Unknown message type: ${msg.type}`);
+  }
+}
+function handleSessionsCreate(ws, msg, sm) {
+  try {
+    const session = sm.createSession({
+      label: msg.label,
+      cwd: msg.cwd,
+      meta: msg.meta
+    });
+    wsReply(ws, msg, { status: "created", sessionId: session.id, label: session.label, meta: session.meta });
+  } catch (e) {
+    replyError(ws, msg, e.message);
+  }
+}
+function handleSessionsRemove(ws, msg, sm) {
+  const id = msg.session;
+  if (!id) return replyError(ws, msg, "session is required");
+  if (id === "default") return replyError(ws, msg, "Cannot remove default session");
+  const removed = sm.removeSession(id);
+  if (!removed) return replyError(ws, msg, "Session not found");
+  wsReply(ws, msg, { status: "removed" });
+}
+function handleAgentStart(ws, msg, sm) {
+  const sessionId = msg.session ?? "default";
+  const session = sm.getOrCreateSession(sessionId, {
+    cwd: msg.cwd
+  });
+  if (session.process?.alive && !msg.force) {
+    wsReply(ws, msg, { status: "already_running", provider: "claude-code", sessionId: session.id });
+    return;
+  }
+  if (session.process?.alive) session.process.kill();
+  session.eventBuffer.length = 0;
+  const provider2 = getProvider(msg.provider ?? "claude-code");
+  try {
+    const db = getDb();
+    db.prepare(`INSERT OR IGNORE INTO chat_sessions (id, label, type) VALUES (?, ?, 'main')`).run(sessionId, session.label ?? sessionId);
+    if (msg.prompt) {
+      db.prepare(`INSERT INTO chat_messages (session_id, role, content, meta) VALUES (?, 'user', ?, ?)`).run(sessionId, msg.prompt, msg.meta ? JSON.stringify(msg.meta) : null);
+    }
+    const skillMatch = msg.prompt?.match(/^Execute the skill:\s*(\S+)/);
+    if (skillMatch) {
+      db.prepare(`INSERT INTO skill_events (session_id, skill, type, message) VALUES (?, ?, 'invoked', ?)`).run(sessionId, skillMatch[1], `Skill ${skillMatch[1]} invoked`);
+    }
+  } catch {
+  }
+  const providerName = msg.provider ?? "claude-code";
+  const model = msg.model ?? "claude-sonnet-4-6";
+  const permissionMode2 = msg.permissionMode ?? "acceptEdits";
+  const extraArgs = msg.extraArgs;
+  try {
+    const proc = provider2.spawn({
+      cwd: session.cwd,
+      prompt: msg.prompt,
+      model,
+      permissionMode: permissionMode2,
+      env: { SNA_SESSION_ID: sessionId },
+      extraArgs
+    });
+    sm.setProcess(sessionId, proc);
+    sm.saveStartConfig(sessionId, { provider: providerName, model, permissionMode: permissionMode2, extraArgs });
+    wsReply(ws, msg, { status: "started", provider: provider2.name, sessionId: session.id });
+  } catch (e) {
+    replyError(ws, msg, e.message);
+  }
+}
+function handleAgentSend(ws, msg, sm) {
+  const sessionId = msg.session ?? "default";
+  const session = sm.getSession(sessionId);
+  if (!session?.process?.alive) {
+    return replyError(ws, msg, `No active agent session "${sessionId}". Start first.`);
+  }
+  if (!msg.message) {
+    return replyError(ws, msg, "message is required");
+  }
+  try {
+    const db = getDb();
+    db.prepare(`INSERT OR IGNORE INTO chat_sessions (id, label, type) VALUES (?, ?, 'main')`).run(sessionId, session.label ?? sessionId);
+    db.prepare(`INSERT INTO chat_messages (session_id, role, content, meta) VALUES (?, 'user', ?, ?)`).run(sessionId, msg.message, msg.meta ? JSON.stringify(msg.meta) : null);
+  } catch {
+  }
+  session.state = "processing";
+  sm.touch(sessionId);
+  session.process.send(msg.message);
+  wsReply(ws, msg, { status: "sent" });
+}
+function handleAgentRestart(ws, msg, sm) {
+  const sessionId = msg.session ?? "default";
+  try {
+    const { config } = sm.restartSession(
+      sessionId,
+      {
+        provider: msg.provider,
+        model: msg.model,
+        permissionMode: msg.permissionMode,
+        extraArgs: msg.extraArgs
+      },
+      (cfg) => {
+        const prov = getProvider(cfg.provider);
+        return prov.spawn({
+          cwd: sm.getSession(sessionId).cwd,
+          model: cfg.model,
+          permissionMode: cfg.permissionMode,
+          env: { SNA_SESSION_ID: sessionId },
+          extraArgs: [...cfg.extraArgs ?? [], "--resume"]
+        });
+      }
+    );
+    wsReply(ws, msg, { status: "restarted", provider: config.provider, sessionId });
+  } catch (e) {
+    replyError(ws, msg, e.message);
+  }
+}
+function handleAgentInterrupt(ws, msg, sm) {
+  const sessionId = msg.session ?? "default";
+  const interrupted = sm.interruptSession(sessionId);
+  wsReply(ws, msg, { status: interrupted ? "interrupted" : "no_session" });
+}
+function handleAgentKill(ws, msg, sm) {
+  const sessionId = msg.session ?? "default";
+  const killed = sm.killSession(sessionId);
+  wsReply(ws, msg, { status: killed ? "killed" : "no_session" });
+}
+function handleAgentStatus(ws, msg, sm) {
+  const sessionId = msg.session ?? "default";
+  const session = sm.getSession(sessionId);
+  wsReply(ws, msg, {
+    alive: session?.process?.alive ?? false,
+    sessionId: session?.process?.sessionId ?? null,
+    eventCount: session?.eventCounter ?? 0
+  });
+}
+async function handleAgentRunOnce(ws, msg, sm) {
+  if (!msg.message) return replyError(ws, msg, "message is required");
+  try {
+    const { result, usage } = await runOnce(sm, msg);
+    wsReply(ws, msg, { result, usage });
+  } catch (e) {
+    replyError(ws, msg, e.message);
+  }
+}
+function handleAgentSubscribe(ws, msg, sm, state) {
+  const sessionId = msg.session ?? "default";
+  const session = sm.getOrCreateSession(sessionId);
+  state.agentUnsubs.get(sessionId)?.();
+  let cursor = typeof msg.since === "number" ? msg.since : session.eventCounter;
+  if (cursor < session.eventCounter) {
+    const startIdx = Math.max(0, session.eventBuffer.length - (session.eventCounter - cursor));
+    const events = session.eventBuffer.slice(startIdx);
+    for (const event of events) {
+      cursor++;
+      send(ws, { type: "agent.event", session: sessionId, cursor, event });
+    }
+  }
+  const unsub = sm.onSessionEvent(sessionId, (eventCursor, event) => {
+    send(ws, { type: "agent.event", session: sessionId, cursor: eventCursor, event });
+  });
+  state.agentUnsubs.set(sessionId, unsub);
+  reply(ws, msg, { cursor });
+}
+function handleAgentUnsubscribe(ws, msg, state) {
+  const sessionId = msg.session ?? "default";
+  state.agentUnsubs.get(sessionId)?.();
+  state.agentUnsubs.delete(sessionId);
+  reply(ws, msg, {});
+}
+var SKILL_POLL_MS = 2e3;
+function handleEventsSubscribe(ws, msg, sm, state) {
+  state.skillEventUnsub?.();
+  state.skillEventUnsub = null;
+  if (state.skillPollTimer) {
+    clearInterval(state.skillPollTimer);
+    state.skillPollTimer = null;
+  }
+  let lastId = typeof msg.since === "number" ? msg.since : -1;
+  if (lastId <= 0) {
+    try {
+      const db = getDb();
+      const row = db.prepare("SELECT MAX(id) as maxId FROM skill_events").get();
+      lastId = row.maxId ?? 0;
+    } catch {
+      lastId = 0;
+    }
+  }
+  state.skillEventUnsub = sm.onSkillEvent((event) => {
+    const eventId = event.id;
+    if (eventId > lastId) {
+      lastId = eventId;
+      send(ws, { type: "skill.event", data: event });
+    }
+  });
+  state.skillPollTimer = setInterval(() => {
+    try {
+      const db = getDb();
+      const rows = db.prepare(
+        `SELECT id, session_id, skill, type, message, data, created_at
+         FROM skill_events WHERE id > ? ORDER BY id ASC LIMIT 50`
+      ).all(lastId);
+      for (const row of rows) {
+        if (row.id > lastId) {
+          lastId = row.id;
+          send(ws, { type: "skill.event", data: row });
+        }
+      }
+    } catch {
+    }
+  }, SKILL_POLL_MS);
+  reply(ws, msg, { lastId });
+}
+function handleEventsUnsubscribe(ws, msg, state) {
+  state.skillEventUnsub?.();
+  state.skillEventUnsub = null;
+  if (state.skillPollTimer) {
+    clearInterval(state.skillPollTimer);
+    state.skillPollTimer = null;
+  }
+  reply(ws, msg, {});
+}
+function handleEmit(ws, msg, sm) {
+  const skill = msg.skill;
+  const eventType = msg.eventType;
+  const emitMessage = msg.message;
+  const data = msg.data;
+  const sessionId = msg.session;
+  if (!skill || !eventType || !emitMessage) {
+    return replyError(ws, msg, "skill, eventType, message are required");
+  }
+  try {
+    const db = getDb();
+    const result = db.prepare(
+      `INSERT INTO skill_events (session_id, skill, type, message, data) VALUES (?, ?, ?, ?, ?)`
+    ).run(sessionId ?? null, skill, eventType, emitMessage, data ?? null);
+    const id = Number(result.lastInsertRowid);
+    sm.broadcastSkillEvent({
+      id,
+      session_id: sessionId ?? null,
+      skill,
+      type: eventType,
+      message: emitMessage,
+      data: data ?? null,
+      created_at: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    wsReply(ws, msg, { id });
+  } catch (e) {
+    replyError(ws, msg, e.message);
+  }
+}
+function handlePermissionRespond(ws, msg, sm) {
+  const sessionId = msg.session ?? "default";
+  const approved = msg.approved === true;
+  const resolved = sm.resolvePendingPermission(sessionId, approved);
+  if (!resolved) return replyError(ws, msg, "No pending permission request");
+  wsReply(ws, msg, { status: approved ? "approved" : "denied" });
+}
+function handlePermissionPending(ws, msg, sm) {
+  const sessionId = msg.session;
+  if (sessionId) {
+    const pending = sm.getPendingPermission(sessionId);
+    wsReply(ws, msg, { pending: pending ? [{ sessionId, ...pending }] : [] });
+  } else {
+    wsReply(ws, msg, { pending: sm.getAllPendingPermissions() });
+  }
+}
+function handlePermissionSubscribe(ws, msg, sm, state) {
+  state.permissionUnsub?.();
+  state.permissionUnsub = sm.onPermissionRequest((sessionId, request, createdAt) => {
+    send(ws, { type: "permission.request", session: sessionId, request, createdAt });
+  });
+  reply(ws, msg, {});
+}
+function handlePermissionUnsubscribe(ws, msg, state) {
+  state.permissionUnsub?.();
+  state.permissionUnsub = null;
+  reply(ws, msg, {});
+}
+function handleChatSessionsList(ws, msg) {
+  try {
+    const db = getDb();
+    const rows = db.prepare(
+      `SELECT id, label, type, meta, cwd, created_at FROM chat_sessions ORDER BY created_at DESC`
+    ).all();
+    const sessions = rows.map((r) => ({ ...r, meta: r.meta ? JSON.parse(r.meta) : null }));
+    wsReply(ws, msg, { sessions });
+  } catch (e) {
+    replyError(ws, msg, e.message);
+  }
+}
+function handleChatSessionsCreate(ws, msg) {
+  const id = msg.id ?? crypto.randomUUID().slice(0, 8);
+  try {
+    const db = getDb();
+    db.prepare(`INSERT OR IGNORE INTO chat_sessions (id, label, type, meta) VALUES (?, ?, ?, ?)`).run(id, msg.label ?? id, msg.chatType ?? "background", msg.meta ? JSON.stringify(msg.meta) : null);
+    wsReply(ws, msg, { status: "created", id, meta: msg.meta ?? null });
+  } catch (e) {
+    replyError(ws, msg, e.message);
+  }
+}
+function handleChatSessionsRemove(ws, msg) {
+  const id = msg.session;
+  if (!id) return replyError(ws, msg, "session is required");
+  if (id === "default") return replyError(ws, msg, "Cannot delete default session");
+  try {
+    const db = getDb();
+    db.prepare(`DELETE FROM chat_sessions WHERE id = ?`).run(id);
+    wsReply(ws, msg, { status: "deleted" });
+  } catch (e) {
+    replyError(ws, msg, e.message);
+  }
+}
+function handleChatMessagesList(ws, msg) {
+  const id = msg.session;
+  if (!id) return replyError(ws, msg, "session is required");
+  try {
+    const db = getDb();
+    const query = msg.since != null ? db.prepare(`SELECT * FROM chat_messages WHERE session_id = ? AND id > ? ORDER BY id ASC`) : db.prepare(`SELECT * FROM chat_messages WHERE session_id = ? ORDER BY id ASC`);
+    const messages = msg.since != null ? query.all(id, msg.since) : query.all(id);
+    wsReply(ws, msg, { messages });
+  } catch (e) {
+    replyError(ws, msg, e.message);
+  }
+}
+function handleChatMessagesCreate(ws, msg) {
+  const sessionId = msg.session;
+  if (!sessionId) return replyError(ws, msg, "session is required");
+  if (!msg.role) return replyError(ws, msg, "role is required");
+  try {
+    const db = getDb();
+    db.prepare(`INSERT OR IGNORE INTO chat_sessions (id, label, type) VALUES (?, ?, 'main')`).run(sessionId, sessionId);
+    const result = db.prepare(
+      `INSERT INTO chat_messages (session_id, role, content, skill_name, meta) VALUES (?, ?, ?, ?, ?)`
+    ).run(
+      sessionId,
+      msg.role,
+      msg.content ?? "",
+      msg.skill_name ?? null,
+      msg.meta ? JSON.stringify(msg.meta) : null
+    );
+    wsReply(ws, msg, { status: "created", id: Number(result.lastInsertRowid) });
+  } catch (e) {
+    replyError(ws, msg, e.message);
+  }
+}
+function handleChatMessagesClear(ws, msg) {
+  const id = msg.session;
+  if (!id) return replyError(ws, msg, "session is required");
+  try {
+    const db = getDb();
+    db.prepare(`DELETE FROM chat_messages WHERE session_id = ?`).run(id);
+    wsReply(ws, msg, { status: "cleared" });
+  } catch (e) {
+    replyError(ws, msg, e.message);
+  }
+}
+
 // src/server/index.ts
 function createSnaApp(options = {}) {
   const sessionManager2 = options.sessionManager ?? new SessionManager();
   const app = new Hono3();
   app.get("/health", (c) => c.json({ ok: true, name: "sna", version: "1" }));
   app.get("/events", eventsRoute);
-  app.post("/emit", emitRoute);
+  app.post("/emit", createEmitRoute(sessionManager2));
   app.route("/agent", createAgentRoutes(sessionManager2));
   app.route("/chat", createChatRoutes());
   if (options.runCommands) {
@@ -1038,7 +1857,8 @@ try {
   if (err2.message?.includes("NODE_MODULE_VERSION")) {
     console.error(`
 \u2717  better-sqlite3 was compiled for a different Node.js version.`);
-    console.error(`   Run: pnpm rebuild better-sqlite3
+    console.error(`   This usually happens when electron-rebuild overwrites the native binary.`);
+    console.error(`   Fix: run "sna api:up" which auto-installs an isolated copy in .sna/native/
 `);
   } else {
     console.error(`
@@ -1108,8 +1928,10 @@ process.on("uncaughtException", (err2) => {
 server = serve({ fetch: root.fetch, port }, () => {
   console.log("");
   logger.log("sna", chalk2.green.bold(`API server ready \u2192 http://localhost:${port}`));
+  logger.log("sna", chalk2.dim(`WebSocket endpoint \u2192 ws://localhost:${port}/ws`));
   console.log("");
 });
+attachWebSocket(server, sessionManager);
 agentProcess.on("event", (e) => {
   if (e.type === "init") {
     logger.log("agent", chalk2.green(`agent ready (session=${e.data?.sessionId ?? "?"})`));