@sna-sdk/core 0.2.3 → 0.3.0

package/README.md

@@ -10,7 +10,7 @@ Server runtime for [Skills-Native Applications](https://github.com/neuradex/sna)
 - **Hono server factory** — `createSnaApp()` with events, emit, agent, chat, and run routes
 - **WebSocket API** — `attachWebSocket()` wrapping all HTTP routes over a single WS connection
 - **One-shot execution** — `POST /agent/run-once` for single-request LLM calls
-- **Lifecycle CLI** — `sna api:up`, `sna api:down`, `sna dispatch`, `sna validate`
+- **CLI** — `sna up/down/status`, `sna dispatch`, `sna gen client`, `sna tu` (mock API testing)
 - **Agent providers** — Claude Code and Codex process management
 - **Multi-session** — `SessionManager` with event pub/sub, permission management, and session metadata
 
@@ -84,6 +84,7 @@ const db = getDb(); // SQLite instance (data/sna.db)
 | `@sna-sdk/core/db/schema` | `getDb()`, `ChatSession`, `ChatMessage`, `SkillEvent` types |
 | `@sna-sdk/core/providers` | Agent provider factory, `ClaudeCodeProvider` |
 | `@sna-sdk/core/lib/sna-run` | `snaRun()` helper for spawning Claude Code |
+| `@sna-sdk/core/testing` | `startMockAnthropicServer()` for testing without real API calls |
 
 ## Documentation
 

package/dist/core/providers/claude-code.js

@@ -5,6 +5,7 @@ import path from "path";
 import { logger } from "../../lib/logger.js";
 const SHELL = process.env.SHELL || "/bin/zsh";
 function resolveClaudePath(cwd) {
+  if (process.env.SNA_CLAUDE_COMMAND) return process.env.SNA_CLAUDE_COMMAND;
   const cached = path.join(cwd, ".sna/claude-path");
   if (fs.existsSync(cached)) {
     const p = fs.readFileSync(cached, "utf8").trim();
@@ -38,6 +39,7 @@ class ClaudeCodeProcess {
     this.emitter = new EventEmitter();
     this._alive = true;
     this._sessionId = null;
+    this._initEmitted = false;
     this.buffer = "";
     this.proc = proc;
     proc.stdout.on("data", (chunk) => {
@@ -77,6 +79,29 @@ class ClaudeCodeProcess {
       this._alive = false;
       this.emitter.emit("error", err);
     });
+    if (options.history?.length) {
+      if (!options.prompt) {
+        throw new Error("history requires a prompt \u2014 the last stdin message must be a user message");
+      }
+      for (const msg of options.history) {
+        if (msg.role === "user") {
+          const line = JSON.stringify({
+            type: "user",
+            message: { role: "user", content: msg.content }
+          });
+          this.proc.stdin.write(line + "\n");
+        } else if (msg.role === "assistant") {
+          const line = JSON.stringify({
+            type: "assistant",
+            message: {
+              role: "assistant",
+              content: [{ type: "text", text: msg.content }]
+            }
+          });
+          this.proc.stdin.write(line + "\n");
+        }
+      }
+    }
     if (options.prompt) {
       this.send(options.prompt);
     }
@@ -89,20 +114,41 @@ class ClaudeCodeProcess {
   }
   /**
    * Send a user message to the persistent Claude process via stdin.
+   * Accepts plain string or content block array (text + images).
    */
   send(input) {
     if (!this._alive || !this.proc.stdin.writable) return;
+    const content = typeof input === "string" ? input : input;
     const msg = JSON.stringify({
       type: "user",
-      message: { role: "user", content: input }
+      message: { role: "user", content }
     });
     logger.log("stdin", msg.slice(0, 200));
     this.proc.stdin.write(msg + "\n");
   }
   interrupt() {
-    if (this._alive) {
-      this.proc.kill("SIGINT");
-    }
+    if (!this._alive || !this.proc.stdin.writable) return;
+    const msg = JSON.stringify({
+      type: "control_request",
+      request: { subtype: "interrupt" }
+    });
+    this.proc.stdin.write(msg + "\n");
+  }
+  setModel(model) {
+    if (!this._alive || !this.proc.stdin.writable) return;
+    const msg = JSON.stringify({
+      type: "control_request",
+      request: { subtype: "set_model", model }
+    });
+    this.proc.stdin.write(msg + "\n");
+  }
+  setPermissionMode(mode) {
+    if (!this._alive || !this.proc.stdin.writable) return;
+    const msg = JSON.stringify({
+      type: "control_request",
+      request: { subtype: "set_permission_mode", permission_mode: mode }
+    });
+    this.proc.stdin.write(msg + "\n");
   }
   kill() {
     if (this._alive) {
@@ -120,6 +166,8 @@ class ClaudeCodeProcess {
     switch (msg.type) {
       case "system": {
         if (msg.subtype === "init") {
+          if (this._initEmitted) return null;
+          this._initEmitted = true;
           return {
             type: "init",
             message: `Agent ready (${msg.model ?? "unknown"})`,
@@ -201,6 +249,14 @@ class ClaudeCodeProcess {
             timestamp: Date.now()
           };
         }
+        if (msg.subtype === "error_during_execution" && msg.is_error === false) {
+          return {
+            type: "interrupted",
+            message: "Turn interrupted by user",
+            data: { durationMs: msg.duration_ms, costUsd: msg.total_cost_usd },
+            timestamp: Date.now()
+          };
+        }
         if (msg.subtype?.startsWith("error") || msg.is_error) {
           return {
             type: "error",
@@ -232,7 +288,10 @@ class ClaudeCodeProvider {
     }
   }
   spawn(options) {
-    const claudePath = resolveClaudePath(options.cwd);
+    const claudeCommand = resolveClaudePath(options.cwd);
+    const claudeParts = claudeCommand.split(/\s+/);
+    const claudePath = claudeParts[0];
+    const claudePrefix = claudeParts.slice(1);
     const hookScript = new URL("../../scripts/hook.js", import.meta.url).pathname;
     const sessionId = options.env?.SNA_SESSION_ID ?? "default";
     const sdkSettings = {};
@@ -289,12 +348,13 @@ class ClaudeCodeProvider {
     delete cleanEnv.CLAUDECODE;
     delete cleanEnv.CLAUDE_CODE_ENTRYPOINT;
     delete cleanEnv.CLAUDE_CODE_SESSION_ACCESS_TOKEN;
-    const proc = spawn(claudePath, args, {
+    delete cleanEnv.CLAUDE_CODE_OAUTH_TOKEN;
+    const proc = spawn(claudePath, [...claudePrefix, ...args], {
       cwd: options.cwd,
       env: cleanEnv,
       stdio: ["pipe", "pipe", "pipe"]
     });
-    logger.log("agent", `spawned claude-code (pid=${proc.pid}) \u2192 ${claudePath} ${args.join(" ")}`);
+    logger.log("agent", `spawned claude-code (pid=${proc.pid}) \u2192 ${claudeCommand} ${args.join(" ")}`);
     return new ClaudeCodeProcess(proc, options);
   }
 }

package/dist/core/providers/types.d.ts

@@ -5,7 +5,7 @@
  * Codex JSONL, etc.) into these common types.
  */
 interface AgentEvent {
-    type: "init" | "thinking" | "text_delta" | "assistant" | "tool_use" | "tool_result" | "permission_needed" | "milestone" | "error" | "complete";
+    type: "init" | "thinking" | "text_delta" | "assistant" | "tool_use" | "tool_result" | "permission_needed" | "milestone" | "interrupted" | "error" | "complete";
     message?: string;
     data?: Record<string, unknown>;
     timestamp: number;
@@ -14,10 +14,14 @@ interface AgentEvent {
  * A running agent process. Wraps a child_process with typed event handlers.
  */
 interface AgentProcess {
-    /** Send a user message to the agent's stdin. */
-    send(input: string): void;
-    /** Interrupt the current turn (SIGINT). Process stays alive. */
+    /** Send a user message to the agent's stdin. Accepts string or content blocks (text + images). */
+    send(input: string | ContentBlock[]): void;
+    /** Interrupt the current turn. Process stays alive. */
     interrupt(): void;
+    /** Change model at runtime via control message. No restart needed. */
+    setModel(model: string): void;
+    /** Change permission mode at runtime via control message. No restart needed. */
+    setPermissionMode(mode: string): void;
     /** Kill the agent process. */
     kill(): void;
     /** Whether the process is still running. */
@@ -32,12 +36,33 @@ interface AgentProcess {
 /**
  * Options for spawning an agent session.
  */
+type ContentBlock = {
+    type: "text";
+    text: string;
+} | {
+    type: "image";
+    source: {
+        type: "base64";
+        media_type: string;
+        data: string;
+    };
+};
+interface HistoryMessage {
+    role: "user" | "assistant";
+    content: string;
+}
 interface SpawnOptions {
     cwd: string;
     prompt?: string;
     model?: string;
     permissionMode?: "default" | "acceptEdits" | "bypassPermissions" | "plan";
     env?: Record<string, string>;
+    /**
+     * Conversation history to inject before the first prompt.
+     * Written to stdin as NDJSON — Claude Code treats these as prior conversation turns.
+     * Must alternate user→assistant. Assistant content is auto-wrapped in array format.
+     */
+    history?: HistoryMessage[];
     /**
      * Additional CLI flags passed directly to the agent binary.
      * e.g. ["--system-prompt", "You are...", "--append-system-prompt", "Also...", "--mcp-config", "path"]
@@ -56,4 +81,4 @@ interface AgentProvider {
     spawn(options: SpawnOptions): AgentProcess;
 }
 
-export type { AgentEvent, AgentProcess, AgentProvider, SpawnOptions };
+export type { AgentEvent, AgentProcess, AgentProvider, ContentBlock, HistoryMessage, SpawnOptions };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 export { ChatMessage, ChatSession, SkillEvent } from './db/schema.js';
-export { AgentEvent, AgentProcess, AgentProvider, SpawnOptions } from './core/providers/types.js';
+export { AgentEvent, AgentProcess, AgentProvider, ContentBlock, HistoryMessage, SpawnOptions } from './core/providers/types.js';
 export { Session, SessionInfo, SessionManagerOptions, SessionState } from './server/session-manager.js';
 export { DispatchCloseOptions, DispatchEventType, DispatchOpenOptions, DispatchOpenResult, DispatchSendOptions, createHandle as createDispatchHandle, close as dispatchClose, open as dispatchOpen, send as dispatchSend } from './lib/dispatch.js';
 import 'better-sqlite3';

package/dist/scripts/sna.js

@@ -17,6 +17,9 @@ const PORT = process.env.PORT ?? "3000";
 const CLAUDE_PATH_FILE = path.join(STATE_DIR, "claude-path");
 const SNA_CORE_DIR = path.join(ROOT, "node_modules/@sna-sdk/core");
 const NATIVE_DIR = path.join(STATE_DIR, "native");
+const MOCK_API_PID_FILE = path.join(STATE_DIR, "mock-api.pid");
+const MOCK_API_PORT_FILE = path.join(STATE_DIR, "mock-api.port");
+const MOCK_API_LOG_FILE = path.join(STATE_DIR, "mock-api.log");
 function ensureStateDir() {
   if (!fs.existsSync(STATE_DIR)) fs.mkdirSync(STATE_DIR, { recursive: true });
 }
@@ -194,6 +197,161 @@ function cmdApiDown() {
   }
   clearSnaApiState();
 }
+function cmdTu(args2) {
+  const sub = args2[0];
+  switch (sub) {
+    case "api:up":
+      cmdTuApiUp();
+      break;
+    case "api:down":
+      cmdTuApiDown();
+      break;
+    case "api:log":
+      cmdTuApiLog(args2.slice(1));
+      break;
+    case "claude":
+      cmdTuClaude(args2.slice(1));
+      break;
+    default:
+      console.log(`
+  sna tu \u2014 Test utilities (mock Anthropic API)
+
+  Commands:
+    sna tu api:up       Start mock Anthropic API server
+    sna tu api:down     Stop mock API server
+    sna tu api:log      Show mock API request/response log
+    sna tu api:log -f   Follow log in real-time (tail -f)
+    sna tu claude ...   Run claude with mock API env vars (proxy)
+
+  Flow:
+    1. sna tu api:up            \u2192 mock server on random port
+    2. sna tu claude "say hi"   \u2192 real claude \u2192 mock API \u2192 mock response
+    3. sna tu api:log -f        \u2192 watch requests/responses in real-time
+    4. sna tu api:down          \u2192 cleanup
+
+  All requests/responses are logged to .sna/mock-api.log
+`);
+  }
+}
+function cmdTuApiUp() {
+  ensureStateDir();
+  const existingPid = readPidFile(MOCK_API_PID_FILE);
+  const existingPort = readPortFile(MOCK_API_PORT_FILE);
+  if (existingPid && isProcessRunning(existingPid)) {
+    step(`Mock API already running on :${existingPort} (pid=${existingPid})`);
+    return;
+  }
+  const scriptDir = path.dirname(new URL(import.meta.url).pathname);
+  const mockEntry = path.join(scriptDir, "../testing/mock-api.js");
+  const mockEntrySrc = path.join(scriptDir, "../testing/mock-api.ts");
+  const resolvedMockEntry = fs.existsSync(mockEntry) ? mockEntry : mockEntrySrc;
+  if (!fs.existsSync(resolvedMockEntry)) {
+    console.error("\u2717  Mock API server not found. Run pnpm build first.");
+    process.exit(1);
+  }
+  const logStream = fs.openSync(MOCK_API_LOG_FILE, "w");
+  const startScript = `
+    import { startMockAnthropicServer } from "${resolvedMockEntry.replace(/\\/g, "/")}";
+    const mock = await startMockAnthropicServer();
+    const fs = await import("fs");
+    fs.writeFileSync("${MOCK_API_PORT_FILE.replace(/\\/g, "/")}", String(mock.port));
+    console.log("Mock Anthropic API ready on :" + mock.port);
+    // Keep alive
+    process.on("SIGTERM", () => { mock.close(); process.exit(0); });
+  `;
+  const child = spawn("node", ["--import", "tsx", "-e", startScript], {
+    cwd: ROOT,
+    detached: true,
+    stdio: ["ignore", logStream, logStream]
+  });
+  child.unref();
+  fs.writeFileSync(MOCK_API_PID_FILE, String(child.pid));
+  for (let i = 0; i < 20; i++) {
+    if (fs.existsSync(MOCK_API_PORT_FILE) && fs.readFileSync(MOCK_API_PORT_FILE, "utf8").trim()) break;
+    execSync("sleep 0.3", { stdio: "pipe" });
+  }
+  const port = readPortFile(MOCK_API_PORT_FILE);
+  if (port) {
+    step(`Mock Anthropic API \u2192 http://localhost:${port} (log: .sna/mock-api.log)`);
+  } else {
+    console.error("\u2717  Mock API failed to start. Check .sna/mock-api.log");
+  }
+}
+function cmdTuApiDown() {
+  const pid = readPidFile(MOCK_API_PID_FILE);
+  if (pid && isProcessRunning(pid)) {
+    try {
+      process.kill(pid, "SIGTERM");
+    } catch {
+    }
+    console.log(`   Mock API    \u2713  stopped (pid=${pid})`);
+  } else {
+    console.log(`   Mock API    \u2014  not running`);
+  }
+  try {
+    fs.unlinkSync(MOCK_API_PID_FILE);
+  } catch {
+  }
+  try {
+    fs.unlinkSync(MOCK_API_PORT_FILE);
+  } catch {
+  }
+}
+function cmdTuApiLog(args2) {
+  if (!fs.existsSync(MOCK_API_LOG_FILE)) {
+    console.log("No log file. Start mock API with: sna tu api:up");
+    return;
+  }
+  const follow = args2.includes("-f") || args2.includes("--follow");
+  if (follow) {
+    execSync(`tail -f "${MOCK_API_LOG_FILE}"`, { stdio: "inherit" });
+  } else {
+    execSync(`cat "${MOCK_API_LOG_FILE}"`, { stdio: "inherit" });
+  }
+}
+function cmdTuClaude(args2) {
+  const port = readPortFile(MOCK_API_PORT_FILE);
+  if (!port) {
+    console.error("\u2717  Mock API not running. Start with: sna tu api:up");
+    process.exit(1);
+  }
+  const claudePath = resolveAndCacheClaudePath();
+  const mockConfigDir = path.join(STATE_DIR, "mock-claude-config");
+  fs.mkdirSync(mockConfigDir, { recursive: true });
+  const env = {
+    PATH: process.env.PATH ?? "",
+    HOME: process.env.HOME ?? "",
+    SHELL: process.env.SHELL ?? "/bin/zsh",
+    TERM: process.env.TERM ?? "xterm-256color",
+    LANG: process.env.LANG ?? "en_US.UTF-8",
+    ANTHROPIC_BASE_URL: `http://localhost:${port}`,
+    ANTHROPIC_API_KEY: "sk-test-mock-sna",
+    CLAUDE_CONFIG_DIR: mockConfigDir
+  };
+  try {
+    execSync(`"${claudePath}" ${args2.map((a) => `"${a}"`).join(" ")}`, {
+      stdio: "inherit",
+      env,
+      cwd: ROOT
+    });
+  } catch (e) {
+    process.exit(e.status ?? 1);
+  }
+}
+function readPidFile(filePath) {
+  try {
+    return parseInt(fs.readFileSync(filePath, "utf8").trim(), 10) || null;
+  } catch {
+    return null;
+  }
+}
+function readPortFile(filePath) {
+  try {
+    return fs.readFileSync(filePath, "utf8").trim() || null;
+  } catch {
+    return null;
+  }
+}
 function isPortInUse(port) {
   try {
     execSync(`lsof -ti:${port}`, { stdio: "pipe" });
@@ -606,7 +764,12 @@ Lifecycle:
   sna restart         Stop + start
   sna init [--force]  Initialize .claude/settings.json and skills
   sna validate        Check project setup (skills.json, hooks, deps)
+
+Tools:
   sna dispatch        Unified event dispatcher (open/send/close)
+  sna gen client      Generate typed skill client + .sna/skills.json
+  sna api:up          Start standalone SNA API server
+  sna api:down        Stop SNA API server
 
 Workflow:
   sna new <skill> [--param val ...]    Create a task from a workflow.yml
@@ -616,7 +779,15 @@ Workflow:
   sna <task-id> cancel                 Cancel a running task
   sna tasks                            List all tasks with status
 
-  Task IDs are 10-digit timestamps (MMDDHHmmss), e.g. 0317143052
+Testing:
+  sna tu api:up       Start mock Anthropic API server
+  sna tu api:down     Stop mock API server
+  sna tu api:log      Show mock API request/response log
+  sna tu api:log -f   Follow log in real-time
+  sna tu claude ...   Run claude with mock API (isolated env, no account pollution)
+
+  Set SNA_CLAUDE_COMMAND to override claude binary in SDK.
+  See: docs/testing.md
 
 Run "sna help workflow" for workflow.yml specification.
 Run "sna help submit" for data submission patterns.`);
@@ -816,6 +987,9 @@ Run "sna help submit" for data submission patterns.`);
       cmdApiDown();
       cmdApiUp();
       break;
+    case "tu":
+      cmdTu(args);
+      break;
     case "restart":
       cmdDown();
       console.log();

package/dist/server/api-types.d.ts

@@ -33,13 +33,28 @@ interface ApiResponses {
     "agent.interrupt": {
         status: "interrupted" | "no_session";
     };
+    "agent.set-model": {
+        status: "updated" | "no_session";
+        model: string;
+    };
+    "agent.set-permission-mode": {
+        status: "updated" | "no_session";
+        permissionMode: string;
+    };
     "agent.kill": {
         status: "killed" | "no_session";
     };
     "agent.status": {
         alive: boolean;
         sessionId: string | null;
+        ccSessionId: string | null;
         eventCount: number;
+        config: {
+            provider: string;
+            model: string;
+            permissionMode: string;
+            extraArgs?: string[];
+        } | null;
     };
     "agent.run-once": {
         result: string;

package/dist/server/image-store.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Image storage — saves base64 images to disk and serves them.
+ *
+ * Storage path: data/images/{sessionId}/{hash}.{ext}
+ * Retrieve via: GET /chat/images/:sessionId/:filename
+ */
+interface SavedImage {
+    filename: string;
+    path: string;
+}
+/**
+ * Save base64 images to disk. Returns filenames for meta storage.
+ */
+declare function saveImages(sessionId: string, images: Array<{
+    base64: string;
+    mimeType: string;
+}>): string[];
+/**
+ * Resolve an image file path. Returns null if not found.
+ */
+declare function resolveImagePath(sessionId: string, filename: string): string | null;
+
+export { type SavedImage, resolveImagePath, saveImages };

package/dist/server/image-store.js

@@ -0,0 +1,34 @@
+import fs from "fs";
+import path from "path";
+import { createHash } from "crypto";
+const IMAGE_DIR = path.join(process.cwd(), "data/images");
+const MIME_TO_EXT = {
+  "image/png": "png",
+  "image/jpeg": "jpg",
+  "image/gif": "gif",
+  "image/webp": "webp",
+  "image/svg+xml": "svg"
+};
+function saveImages(sessionId, images) {
+  const dir = path.join(IMAGE_DIR, sessionId);
+  fs.mkdirSync(dir, { recursive: true });
+  return images.map((img) => {
+    const ext = MIME_TO_EXT[img.mimeType] ?? "bin";
+    const hash = createHash("sha256").update(img.base64).digest("hex").slice(0, 12);
+    const filename = `${hash}.${ext}`;
+    const filePath = path.join(dir, filename);
+    if (!fs.existsSync(filePath)) {
+      fs.writeFileSync(filePath, Buffer.from(img.base64, "base64"));
+    }
+    return filename;
+  });
+}
+function resolveImagePath(sessionId, filename) {
+  if (filename.includes("..") || filename.includes("/")) return null;
+  const filePath = path.join(IMAGE_DIR, sessionId, filename);
+  return fs.existsSync(filePath) ? filePath : null;
+}
+export {
+  resolveImagePath,
+  saveImages
+};

package/dist/server/index.d.ts

@@ -1,7 +1,7 @@
 import * as hono_types from 'hono/types';
 import { Hono } from 'hono';
 import { SessionManager } from './session-manager.js';
-export { Session, SessionInfo, SessionLifecycleEvent, SessionLifecycleState, SessionManagerOptions, StartConfig } from './session-manager.js';
+export { Session, SessionConfigChangedEvent, SessionInfo, SessionLifecycleEvent, SessionLifecycleState, SessionManagerOptions, StartConfig } from './session-manager.js';
 export { eventsRoute } from './routes/events.js';
 export { createEmitRoute, emitRoute } from './routes/emit.js';
 export { createRunRoute } from './routes/run.js';

package/dist/server/routes/agent.js

@@ -6,6 +6,7 @@ import {
 import { logger } from "../../lib/logger.js";
 import { getDb } from "../../db/schema.js";
 import { httpJson } from "../api-types.js";
+import { saveImages } from "../image-store.js";
 function getSessionId(c) {
   return c.req.query("session") ?? "default";
 }
@@ -28,7 +29,7 @@ async function runOnce(sessionManager, opts) {
     model: opts.model ?? "claude-sonnet-4-6",
     permissionMode: opts.permissionMode ?? "bypassPermissions",
     env: { SNA_SESSION_ID: sessionId },
-    extraArgs: extraArgs.length > 0 ? extraArgs : void 0
+    extraArgs
   });
   sessionManager.setProcess(sessionId, proc);
   try {
@@ -150,6 +151,7 @@ function createAgentRoutes(sessionManager) {
         model,
         permissionMode,
         env: { SNA_SESSION_ID: sessionId },
+        history: body.history,
         extraArgs
       });
       sessionManager.setProcess(sessionId, proc);
@@ -176,20 +178,38 @@ function createAgentRoutes(sessionManager) {
       );
     }
     const body = await c.req.json().catch(() => ({}));
-    if (!body.message) {
+    if (!body.message && !body.images?.length) {
       logger.err("err", `POST /send?session=${sessionId} \u2192 empty message`);
-      return c.json({ status: "error", message: "message is required" }, 400);
+      return c.json({ status: "error", message: "message or images required" }, 400);
+    }
+    const textContent = body.message ?? "(image)";
+    let meta = body.meta ? { ...body.meta } : {};
+    if (body.images?.length) {
+      const filenames = saveImages(sessionId, body.images);
+      meta.images = filenames;
     }
     try {
       const db = getDb();
       db.prepare(`INSERT OR IGNORE INTO chat_sessions (id, label, type) VALUES (?, ?, 'main')`).run(sessionId, session.label ?? sessionId);
-      db.prepare(`INSERT INTO chat_messages (session_id, role, content, meta) VALUES (?, 'user', ?, ?)`).run(sessionId, body.message, body.meta ? JSON.stringify(body.meta) : null);
+      db.prepare(`INSERT INTO chat_messages (session_id, role, content, meta) VALUES (?, 'user', ?, ?)`).run(sessionId, textContent, Object.keys(meta).length > 0 ? JSON.stringify(meta) : null);
     } catch {
     }
     session.state = "processing";
     sessionManager.touch(sessionId);
-    logger.log("route", `POST /send?session=${sessionId} \u2192 "${body.message.slice(0, 80)}"`);
-    session.process.send(body.message);
+    if (body.images?.length) {
+      const content = [
+        ...body.images.map((img) => ({
+          type: "image",
+          source: { type: "base64", media_type: img.mimeType, data: img.base64 }
+        })),
+        ...body.message ? [{ type: "text", text: body.message }] : []
+      ];
+      logger.log("route", `POST /send?session=${sessionId} \u2192 ${body.images.length} image(s) + "${(body.message ?? "").slice(0, 40)}"`);
+      session.process.send(content);
+    } else {
+      logger.log("route", `POST /send?session=${sessionId} \u2192 "${body.message.slice(0, 80)}"`);
+      session.process.send(body.message);
+    }
     return httpJson(c, "agent.send", { status: "sent" });
   });
   app.get("/events", (c) => {
@@ -229,14 +249,16 @@ function createAgentRoutes(sessionManager) {
     const sessionId = getSessionId(c);
     const body = await c.req.json().catch(() => ({}));
     try {
+      const ccSessionId = sessionManager.getSession(sessionId)?.ccSessionId;
       const { config } = sessionManager.restartSession(sessionId, body, (cfg) => {
         const prov = getProvider(cfg.provider);
+        const resumeArgs = ccSessionId ? ["--resume", ccSessionId] : ["--resume"];
         return prov.spawn({
           cwd: sessionManager.getSession(sessionId).cwd,
           model: cfg.model,
           permissionMode: cfg.permissionMode,
           env: { SNA_SESSION_ID: sessionId },
-          extraArgs: [...cfg.extraArgs ?? [], "--resume"]
+          extraArgs: [...cfg.extraArgs ?? [], ...resumeArgs]
         });
       });
       logger.log("route", `POST /restart?session=${sessionId} \u2192 restarted`);
@@ -255,6 +277,20 @@ function createAgentRoutes(sessionManager) {
     const interrupted = sessionManager.interruptSession(sessionId);
     return httpJson(c, "agent.interrupt", { status: interrupted ? "interrupted" : "no_session" });
   });
+  app.post("/set-model", async (c) => {
+    const sessionId = getSessionId(c);
+    const body = await c.req.json().catch(() => ({}));
+    if (!body.model) return c.json({ status: "error", message: "model is required" }, 400);
+    const updated = sessionManager.setSessionModel(sessionId, body.model);
+    return httpJson(c, "agent.set-model", { status: updated ? "updated" : "no_session", model: body.model });
+  });
+  app.post("/set-permission-mode", async (c) => {
+    const sessionId = getSessionId(c);
+    const body = await c.req.json().catch(() => ({}));
+    if (!body.permissionMode) return c.json({ status: "error", message: "permissionMode is required" }, 400);
+    const updated = sessionManager.setSessionPermissionMode(sessionId, body.permissionMode);
+    return httpJson(c, "agent.set-permission-mode", { status: updated ? "updated" : "no_session", permissionMode: body.permissionMode });
+  });
   app.post("/kill", async (c) => {
     const sessionId = getSessionId(c);
     const killed = sessionManager.killSession(sessionId);
@@ -266,7 +302,9 @@ function createAgentRoutes(sessionManager) {
     return httpJson(c, "agent.status", {
       alive: session?.process?.alive ?? false,
       sessionId: session?.process?.sessionId ?? null,
-      eventCount: session?.eventCounter ?? 0
+      ccSessionId: session?.ccSessionId ?? null,
+      eventCount: session?.eventCounter ?? 0,
+      config: session?.lastStartConfig ?? null
     });
   });
   app.post("/permission-request", async (c) => {