@sna-sdk/core 0.8.1 → 0.9.4

package/dist/config.d.ts

@@ -0,0 +1,48 @@
+/**
+ * config.ts — SNA SDK centralized configuration.
+ *
+ * All configurable values live here. No other file reads process.env.SNA_*
+ * or hardcodes policy defaults. Priority (later wins):
+ *
+ *   1. Hardcoded defaults (this file)
+ *   2. Environment variables (process.env.SNA_*)
+ *   3. App-level overrides (setConfig)
+ *   4. Per-call parameter overrides (function args)
+ */
+interface SnaConfig {
+    /** SNA API server port. env: SNA_PORT */
+    port: number;
+    /** Default LLM model. env: SNA_MODEL */
+    model: string;
+    /** Default agent provider. */
+    defaultProvider: string;
+    /** Default permission mode for agent operations. env: SNA_PERMISSION_MODE */
+    defaultPermissionMode: "default" | "acceptEdits" | "bypassPermissions" | "plan";
+    /** Max concurrent sessions. env: SNA_MAX_SESSIONS */
+    maxSessions: number;
+    /** Max events buffered in memory per session. */
+    maxEventBuffer: number;
+    /**
+     * Permission request timeout (ms). 0 = no timeout (app controls).
+     * When > 0, auto-denies after this duration.
+     */
+    permissionTimeoutMs: number;
+    /** Run-once execution timeout (ms). */
+    runOnceTimeoutMs: number;
+    /** Skill event SSE poll interval (ms). */
+    pollIntervalMs: number;
+    /** SSE keepalive interval (ms). */
+    keepaliveIntervalMs: number;
+    /** WebSocket skill event poll interval (ms). */
+    skillPollMs: number;
+    /** SQLite database path. env: SNA_DB_PATH */
+    dbPath: string;
+}
+/** Get current config. Returns a frozen copy. */
+declare function getConfig(): Readonly<SnaConfig>;
+/** Override config values. Merges with existing (later wins). */
+declare function setConfig(overrides: Partial<SnaConfig>): void;
+/** Reset to defaults + env. Useful for testing. */
+declare function resetConfig(): void;
+
+export { type SnaConfig, getConfig, resetConfig, setConfig };

package/dist/config.js

@@ -0,0 +1,40 @@
+const defaults = {
+  port: 3099,
+  model: "claude-sonnet-4-6",
+  defaultProvider: "claude-code",
+  defaultPermissionMode: "default",
+  maxSessions: 5,
+  maxEventBuffer: 500,
+  permissionTimeoutMs: 0,
+  // app controls — no SDK-side timeout
+  runOnceTimeoutMs: 12e4,
+  pollIntervalMs: 500,
+  keepaliveIntervalMs: 15e3,
+  skillPollMs: 2e3,
+  dbPath: "data/sna.db"
+};
+function fromEnv() {
+  const env = {};
+  if (process.env.SNA_PORT) env.port = parseInt(process.env.SNA_PORT, 10);
+  if (process.env.SNA_MODEL) env.model = process.env.SNA_MODEL;
+  if (process.env.SNA_PERMISSION_MODE) env.defaultPermissionMode = process.env.SNA_PERMISSION_MODE;
+  if (process.env.SNA_MAX_SESSIONS) env.maxSessions = parseInt(process.env.SNA_MAX_SESSIONS, 10);
+  if (process.env.SNA_DB_PATH) env.dbPath = process.env.SNA_DB_PATH;
+  if (process.env.SNA_PERMISSION_TIMEOUT_MS) env.permissionTimeoutMs = parseInt(process.env.SNA_PERMISSION_TIMEOUT_MS, 10);
+  return env;
+}
+let current = { ...defaults, ...fromEnv() };
+function getConfig() {
+  return current;
+}
+function setConfig(overrides) {
+  current = { ...current, ...overrides };
+}
+function resetConfig() {
+  current = { ...defaults, ...fromEnv() };
+}
+export {
+  getConfig,
+  resetConfig,
+  setConfig
+};

package/dist/core/providers/claude-code.js

@@ -2,6 +2,7 @@ import { spawn, execSync } from "child_process";
 import { EventEmitter } from "events";
 import fs from "fs";
 import path from "path";
+import { fileURLToPath } from "url";
 import { writeHistoryJsonl, buildRecalledConversation } from "./cc-history-adapter.js";
 import { logger } from "../../lib/logger.js";
 const SHELL = process.env.SHELL || "/bin/zsh";
@@ -42,6 +43,10 @@ const _ClaudeCodeProcess = class _ClaudeCodeProcess {
     this._sessionId = null;
     this._initEmitted = false;
     this.buffer = "";
+    /** True once we receive a real text_delta stream_event this turn */
+    this._receivedStreamEvents = false;
+    /** tool_use IDs already emitted via stream_event (to update instead of re-create in assistant block) */
+    this._streamedToolUseIds = /* @__PURE__ */ new Set();
     /**
      * FIFO event queue — ALL events (deltas, assistant, complete, etc.) go through
      * this queue. A fixed-interval timer drains one item at a time, guaranteeing
@@ -152,6 +157,9 @@ const _ClaudeCodeProcess = class _ClaudeCodeProcess {
   get alive() {
     return this._alive;
   }
+  get pid() {
+    return this.proc.pid ?? null;
+  }
   get sessionId() {
     return this._sessionId;
   }
@@ -220,7 +228,43 @@ const _ClaudeCodeProcess = class _ClaudeCodeProcess {
         }
         return null;
       }
+      case "stream_event": {
+        const inner = msg.event;
+        if (!inner) return null;
+        if (inner.type === "content_block_start" && inner.content_block?.type === "tool_use") {
+          const block = inner.content_block;
+          this._receivedStreamEvents = true;
+          this._streamedToolUseIds.add(block.id);
+          return {
+            type: "tool_use",
+            message: block.name,
+            data: { toolName: block.name, id: block.id, input: null, streaming: true },
+            timestamp: Date.now()
+          };
+        }
+        if (inner.type === "content_block_delta") {
+          const delta = inner.delta;
+          if (delta?.type === "text_delta" && delta.text) {
+            this._receivedStreamEvents = true;
+            return {
+              type: "assistant_delta",
+              delta: delta.text,
+              index: inner.index ?? 0,
+              timestamp: Date.now()
+            };
+          }
+          if (delta?.type === "thinking_delta" && delta.thinking) {
+            return {
+              type: "thinking_delta",
+              message: delta.thinking,
+              timestamp: Date.now()
+            };
+          }
+        }
+        return null;
+      }
       case "assistant": {
+        if (this._receivedStreamEvents && msg.message?.stop_reason === null) return null;
         const content = msg.message?.content;
         if (!Array.isArray(content)) return null;
         const events = [];
@@ -233,10 +277,12 @@ const _ClaudeCodeProcess = class _ClaudeCodeProcess {
               timestamp: Date.now()
             });
           } else if (block.type === "tool_use") {
+            const alreadyStreamed = this._streamedToolUseIds.has(block.id);
+            if (alreadyStreamed) this._streamedToolUseIds.delete(block.id);
             events.push({
               type: "tool_use",
               message: block.name,
-              data: { toolName: block.name, input: block.input, id: block.id },
+              data: { toolName: block.name, input: block.input, id: block.id, update: alreadyStreamed },
               timestamp: Date.now()
             });
           } else if (block.type === "text") {
@@ -251,7 +297,7 @@ const _ClaudeCodeProcess = class _ClaudeCodeProcess {
             this.enqueue(e);
           }
           for (const text of textBlocks) {
-            this.enqueueTextAsDeltas(text);
+            this.enqueue({ type: "assistant", message: text, timestamp: Date.now() });
           }
         }
         return null;
@@ -273,6 +319,15 @@ const _ClaudeCodeProcess = class _ClaudeCodeProcess {
       }
       case "result": {
         if (msg.subtype === "success") {
+          if (this._receivedStreamEvents && msg.result) {
+            this.enqueue({
+              type: "assistant",
+              message: msg.result,
+              timestamp: Date.now()
+            });
+            this._receivedStreamEvents = false;
+            this._streamedToolUseIds.clear();
+          }
           const u = msg.usage ?? {};
           const mu = msg.modelUsage ?? {};
           const modelKey = Object.keys(mu)[0] ?? "";
@@ -340,7 +395,13 @@ class ClaudeCodeProvider {
     const claudeParts = claudeCommand.split(/\s+/);
     const claudePath = claudeParts[0];
     const claudePrefix = claudeParts.slice(1);
-    const hookScript = new URL("../../scripts/hook.js", import.meta.url).pathname;
+    let pkgRoot = path.dirname(fileURLToPath(import.meta.url));
+    while (!fs.existsSync(path.join(pkgRoot, "package.json"))) {
+      const parent = path.dirname(pkgRoot);
+      if (parent === pkgRoot) break;
+      pkgRoot = parent;
+    }
+    const hookScript = path.join(pkgRoot, "dist", "scripts", "hook.js");
     const sessionId = options.env?.SNA_SESSION_ID ?? "default";
     const sdkSettings = {};
     if (options.permissionMode !== "bypassPermissions") {
@@ -380,6 +441,7 @@ class ClaudeCodeProvider {
       "--input-format",
       "stream-json",
       "--verbose",
+      "--include-partial-messages",
       "--settings",
       JSON.stringify(sdkSettings)
     ];

package/dist/core/providers/types.d.ts

@@ -5,7 +5,7 @@
  * Codex JSONL, etc.) into these common types.
  */
 interface AgentEvent {
-    type: "init" | "thinking" | "text_delta" | "assistant_delta" | "assistant" | "tool_use" | "tool_result" | "permission_needed" | "milestone" | "user_message" | "interrupted" | "error" | "complete";
+    type: "init" | "thinking" | "thinking_delta" | "text_delta" | "assistant_delta" | "assistant" | "tool_use" | "tool_result" | "permission_needed" | "milestone" | "user_message" | "interrupted" | "error" | "complete";
     message?: string;
     data?: Record<string, unknown>;
     /** Streaming text delta (for assistant_delta events only) */
@@ -30,6 +30,8 @@ interface AgentProcess {
     kill(): void;
     /** Whether the process is still running. */
     readonly alive: boolean;
+    /** OS process ID. */
+    readonly pid: number | null;
     /** Session ID assigned by the provider. */
     readonly sessionId: string | null;
     on(event: "event", handler: (e: AgentEvent) => void): void;

package/dist/electron/index.cjs

@@ -85,6 +85,7 @@ async function startSnaServer(options) {
     ...options.maxSessions != null ? { SNA_MAX_SESSIONS: String(options.maxSessions) } : {},
     ...options.permissionMode ? { SNA_PERMISSION_MODE: options.permissionMode } : {},
     ...options.model ? { SNA_MODEL: options.model } : {},
+    ...options.permissionTimeoutMs != null ? { SNA_PERMISSION_TIMEOUT_MS: String(options.permissionTimeoutMs) } : {},
     ...options.nativeBinding ? { SNA_SQLITE_NATIVE_BINDING: options.nativeBinding } : {},
     ...consumerModules ? { SNA_MODULES_PATH: consumerModules } : {},
     ...nodePath ? { NODE_PATH: nodePath } : {},

package/dist/electron/index.d.ts

@@ -54,6 +54,11 @@ interface SnaServerOptions {
     permissionMode?: "acceptEdits" | "bypassPermissions" | "default";
     /** Claude model to use. Default: SDK default (claude-sonnet-4-6) */
     model?: string;
+    /**
+     * Permission request timeout (ms). 0 = no timeout (app controls).
+     * Default: 0 (app is responsible for responding or timing out)
+     */
+    permissionTimeoutMs?: number;
     /**
      * Explicit path to the better-sqlite3 native .node binding.
      *

package/dist/electron/index.js

@@ -44,6 +44,7 @@ async function startSnaServer(options) {
     ...options.maxSessions != null ? { SNA_MAX_SESSIONS: String(options.maxSessions) } : {},
     ...options.permissionMode ? { SNA_PERMISSION_MODE: options.permissionMode } : {},
     ...options.model ? { SNA_MODEL: options.model } : {},
+    ...options.permissionTimeoutMs != null ? { SNA_PERMISSION_TIMEOUT_MS: String(options.permissionTimeoutMs) } : {},
     ...options.nativeBinding ? { SNA_SQLITE_NATIVE_BINDING: options.nativeBinding } : {},
     ...consumerModules ? { SNA_MODULES_PATH: consumerModules } : {},
     ...nodePath ? { NODE_PATH: nodePath } : {},

package/dist/index.d.ts

@@ -1,3 +1,4 @@
+export { SnaConfig, getConfig, resetConfig, setConfig } from './config.js';
 export { ChatMessage, ChatSession, SkillEvent } from './db/schema.js';
 export { AgentEvent, AgentProcess, AgentProvider, ContentBlock, HistoryMessage, SpawnOptions } from './core/providers/types.js';
 export { Session, SessionInfo, SessionManagerOptions, SessionState } from './server/session-manager.js';
@@ -10,6 +11,7 @@ import 'better-sqlite3';
  * Server, providers, session management, database, and CLI.
  * No React dependency.
  */
+
 declare const DEFAULT_SNA_PORT = 3099;
 declare const DEFAULT_SNA_URL = "http://localhost:3099";
 

package/dist/index.js

@@ -1,3 +1,4 @@
+import { getConfig, setConfig, resetConfig } from "./config.js";
 const DEFAULT_SNA_PORT = 3099;
 const DEFAULT_SNA_URL = `http://localhost:${DEFAULT_SNA_PORT}`;
 import { open, send, close, createHandle } from "./lib/dispatch.js";
@@ -7,5 +8,8 @@ export {
   createHandle as createDispatchHandle,
   close as dispatchClose,
   open as dispatchOpen,
-  send as dispatchSend
+  send as dispatchSend,
+  getConfig,
+  resetConfig,
+  setConfig
 };

package/dist/node/index.cjs

@@ -85,6 +85,7 @@ async function startSnaServer(options) {
     ...options.maxSessions != null ? { SNA_MAX_SESSIONS: String(options.maxSessions) } : {},
     ...options.permissionMode ? { SNA_PERMISSION_MODE: options.permissionMode } : {},
     ...options.model ? { SNA_MODEL: options.model } : {},
+    ...options.permissionTimeoutMs != null ? { SNA_PERMISSION_TIMEOUT_MS: String(options.permissionTimeoutMs) } : {},
     ...options.nativeBinding ? { SNA_SQLITE_NATIVE_BINDING: options.nativeBinding } : {},
     ...consumerModules ? { SNA_MODULES_PATH: consumerModules } : {},
     ...nodePath ? { NODE_PATH: nodePath } : {},

package/dist/scripts/hook.js

@@ -10,22 +10,25 @@ process.stdin.on("end", async () => {
       return;
     }
     const input = JSON.parse(raw);
-    const toolName = input.tool_name ?? "unknown";
-    const safeTools = ["Read", "Glob", "Grep", "Agent", "TodoRead", "TodoWrite"];
-    if (safeTools.includes(toolName)) {
-      allow();
-      return;
-    }
-    const portFile = path.join(process.cwd(), ".sna/sna-api.port");
-    let port;
-    try {
-      port = fs.readFileSync(portFile, "utf8").trim();
-    } catch {
-      allow();
-      return;
+    let apiUrl;
+    if (process.env.SNA_API_URL) {
+      apiUrl = process.env.SNA_API_URL;
+    } else {
+      const portFile = path.join(process.cwd(), ".sna/sna-api.port");
+      try {
+        const port = fs.readFileSync(portFile, "utf8").trim();
+        apiUrl = `http://localhost:${port}`;
+      } catch {
+        const snaPort = process.env.SNA_PORT;
+        if (snaPort) {
+          apiUrl = `http://localhost:${snaPort}`;
+        } else {
+          allow();
+          return;
+        }
+      }
     }
     const sessionId = process.argv.find((a) => a.startsWith("--session="))?.slice(10) ?? process.env.SNA_SESSION_ID ?? "default";
-    const apiUrl = `http://localhost:${port}`;
     const res = await fetch(`${apiUrl}/agent/permission-request?session=${encodeURIComponent(sessionId)}`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },

package/dist/server/routes/agent.js

@@ -8,27 +8,28 @@ import { getDb } from "../../db/schema.js";
 import { buildHistoryFromDb } from "../history-builder.js";
 import { httpJson } from "../api-types.js";
 import { saveImages } from "../image-store.js";
+import { getConfig } from "../../config.js";
 function getSessionId(c) {
   return c.req.query("session") ?? "default";
 }
-const DEFAULT_RUN_ONCE_TIMEOUT = 12e4;
 async function runOnce(sessionManager, opts) {
   const sessionId = `run-once-${crypto.randomUUID().slice(0, 8)}`;
-  const timeout = opts.timeout ?? DEFAULT_RUN_ONCE_TIMEOUT;
+  const timeout = opts.timeout ?? getConfig().runOnceTimeoutMs;
   const session = sessionManager.createSession({
     id: sessionId,
     label: "run-once",
     cwd: opts.cwd ?? process.cwd()
   });
-  const provider = getProvider(opts.provider ?? "claude-code");
+  const cfg = getConfig();
+  const provider = getProvider(opts.provider ?? cfg.defaultProvider);
   const extraArgs = opts.extraArgs ? [...opts.extraArgs] : [];
   if (opts.systemPrompt) extraArgs.push("--system-prompt", opts.systemPrompt);
   if (opts.appendSystemPrompt) extraArgs.push("--append-system-prompt", opts.appendSystemPrompt);
   const proc = provider.spawn({
     cwd: session.cwd,
     prompt: opts.message,
-    model: opts.model ?? "claude-sonnet-4-6",
-    permissionMode: opts.permissionMode ?? "bypassPermissions",
+    model: opts.model ?? cfg.model,
+    permissionMode: opts.permissionMode ?? cfg.defaultPermissionMode,
     env: { SNA_SESSION_ID: sessionId },
     extraArgs
   });
@@ -69,6 +70,7 @@ function createAgentRoutes(sessionManager) {
     const body = await c.req.json().catch(() => ({}));
     try {
       const session = sessionManager.createSession({
+        id: body.id,
         label: body.label,
         cwd: body.cwd,
         meta: body.meta
@@ -95,6 +97,22 @@ function createAgentRoutes(sessionManager) {
     logger.log("route", `DELETE /sessions/${id} \u2192 removed`);
     return httpJson(c, "sessions.remove", { status: "removed" });
   });
+  app.patch("/sessions/:id", async (c) => {
+    const id = c.req.param("id");
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      sessionManager.updateSession(id, {
+        label: body.label,
+        meta: body.meta,
+        cwd: body.cwd
+      });
+      logger.log("route", `PATCH /sessions/${id} \u2192 updated`);
+      return httpJson(c, "sessions.update", { status: "updated", session: id });
+    } catch (e) {
+      logger.err("err", `PATCH /sessions/${id} \u2192 ${e.message}`);
+      return c.json({ status: "error", message: e.message }, 404);
+    }
+  });
   app.post("/run-once", async (c) => {
     const body = await c.req.json().catch(() => ({}));
     if (!body.message) {
@@ -118,14 +136,14 @@ function createAgentRoutes(sessionManager) {
       logger.log("route", `POST /start?session=${sessionId} \u2192 already_running`);
       return httpJson(c, "agent.start", {
         status: "already_running",
-        provider: "claude-code",
+        provider: getConfig().defaultProvider,
         sessionId: session.process.sessionId ?? session.id
       });
     }
     if (session.process?.alive) {
       session.process.kill();
     }
-    const provider = getProvider(body.provider ?? "claude-code");
+    const provider = getProvider(body.provider ?? getConfig().defaultProvider);
     try {
       const db = getDb();
       db.prepare(`INSERT OR IGNORE INTO chat_sessions (id, label, type) VALUES (?, ?, 'main')`).run(sessionId, session.label ?? sessionId);
@@ -140,8 +158,8 @@ function createAgentRoutes(sessionManager) {
       }
     } catch {
     }
-    const providerName = body.provider ?? "claude-code";
-    const model = body.model ?? "claude-sonnet-4-6";
+    const providerName = body.provider ?? getConfig().defaultProvider;
+    const model = body.model ?? getConfig().model;
     const permissionMode = body.permissionMode;
     const configDir = body.configDir;
     const extraArgs = body.extraArgs;
@@ -226,7 +244,7 @@ function createAgentRoutes(sessionManager) {
     const sinceParam = c.req.query("since");
     const sinceCursor = sinceParam ? parseInt(sinceParam, 10) : session.eventCounter;
     return streamSSE(c, async (stream) => {
-      const KEEPALIVE_MS = 15e3;
+      const KEEPALIVE_MS = getConfig().keepaliveIntervalMs;
       const signal = c.req.raw.signal;
       const queue = [];
       let wakeUp = null;
@@ -323,8 +341,8 @@ function createAgentRoutes(sessionManager) {
     if (history.length === 0 && !body.prompt) {
       return c.json({ status: "error", message: "No history in DB \u2014 nothing to resume." }, 400);
     }
-    const providerName = body.provider ?? "claude-code";
-    const model = body.model ?? session.lastStartConfig?.model ?? "claude-sonnet-4-6";
+    const providerName = body.provider ?? getConfig().defaultProvider;
+    const model = body.model ?? session.lastStartConfig?.model ?? getConfig().model;
     const permissionMode = body.permissionMode ?? session.lastStartConfig?.permissionMode;
     const configDir = body.configDir ?? session.lastStartConfig?.configDir;
     const extraArgs = body.extraArgs ?? session.lastStartConfig?.extraArgs;

package/dist/server/routes/chat.js

@@ -23,11 +23,12 @@ function createChatRoutes() {
   app.post("/sessions", async (c) => {
     const body = await c.req.json().catch(() => ({}));
     const id = body.id ?? crypto.randomUUID().slice(0, 8);
+    const sessionType = body.type ?? body.chatType ?? "background";
     try {
       const db = getDb();
       db.prepare(
         `INSERT OR IGNORE INTO chat_sessions (id, label, type, meta) VALUES (?, ?, ?, ?)`
-      ).run(id, body.label ?? id, body.type ?? "background", body.meta ? JSON.stringify(body.meta) : null);
+      ).run(id, body.label ?? id, sessionType, body.meta ? JSON.stringify(body.meta) : null);
       return httpJson(c, "chat.sessions.create", { status: "created", id, meta: body.meta ?? null });
     } catch (e) {
       return c.json({ status: "error", message: e.message }, 500);

package/dist/server/routes/emit.js

@@ -3,14 +3,16 @@ import { httpJson } from "../api-types.js";
 function createEmitRoute(sessionManager) {
   return async (c) => {
     const body = await c.req.json();
-    const { skill, type, message, data, session_id } = body;
+    const { skill, message, data } = body;
+    const type = body.type ?? body.eventType;
+    const session_id = c.req.query("session") ?? body.session_id ?? body.session ?? null;
     if (!skill || !type || !message) {
       return c.json({ error: "missing fields" }, 400);
     }
     const db = getDb();
     const result = db.prepare(
       `INSERT INTO skill_events (session_id, skill, type, message, data) VALUES (?, ?, ?, ?, ?)`
-    ).run(session_id ?? null, skill, type, message, data ?? null);
+    ).run(session_id, skill, type, message, data ?? null);
     const id = Number(result.lastInsertRowid);
     sessionManager.broadcastSkillEvent({
       id,

package/dist/server/routes/events.js

@@ -1,7 +1,6 @@
 import { streamSSE } from "hono/streaming";
 import { getDb } from "../../db/schema.js";
-const POLL_INTERVAL_MS = 500;
-const KEEPALIVE_INTERVAL_MS = 15e3;
+import { getConfig } from "../../config.js";
 function eventsRoute(c) {
   const sinceParam = c.req.query("since");
   let lastId = sinceParam ? parseInt(sinceParam) : -1;
@@ -26,7 +25,7 @@ function eventsRoute(c) {
         closed = true;
         clearInterval(keepaliveTimer);
       }
-    }, KEEPALIVE_INTERVAL_MS);
+    }, getConfig().keepaliveIntervalMs);
     while (!closed) {
       try {
         const db = getDb();
@@ -44,7 +43,7 @@ function eventsRoute(c) {
         }
       } catch {
       }
-      await stream.sleep(POLL_INTERVAL_MS);
+      await stream.sleep(getConfig().pollIntervalMs);
     }
     clearInterval(keepaliveTimer);
   });

package/dist/server/session-manager.d.ts

@@ -135,7 +135,9 @@ declare class SessionManager {
     updateSessionState(sessionId: string, newState: SessionState): void;
     private setSessionState;
     /** Create a pending permission request. Returns a promise that resolves when approved/denied. */
-    createPendingPermission(sessionId: string, request: Record<string, unknown>): Promise<boolean>;
+    createPendingPermission(sessionId: string, request: Record<string, unknown>, opts?: {
+        timeoutMs?: number;
+    }): Promise<boolean>;
     /** Resolve a pending permission request. Returns false if no pending request. */
     resolvePendingPermission(sessionId: string, approved: boolean): boolean;
     /** Get a pending permission for a specific session. */

package/dist/server/session-manager.js

@@ -1,7 +1,5 @@
 import { getDb } from "../db/schema.js";
-const DEFAULT_MAX_SESSIONS = 5;
-const MAX_EVENT_BUFFER = 500;
-const PERMISSION_TIMEOUT_MS = 3e5;
+import { getConfig } from "../config.js";
 class SessionManager {
   constructor(options = {}) {
     this.sessions = /* @__PURE__ */ new Map();
@@ -13,7 +11,7 @@ class SessionManager {
     this.configChangedListeners = /* @__PURE__ */ new Set();
     this.stateChangedListeners = /* @__PURE__ */ new Set();
     this.metadataChangedListeners = /* @__PURE__ */ new Set();
-    this.maxSessions = options.maxSessions ?? DEFAULT_MAX_SESSIONS;
+    this.maxSessions = options.maxSessions ?? getConfig().maxSessions;
     this.restoreFromDb();
   }
   /** Restore session metadata from DB (cwd, label, meta). Process state is not restored. */
@@ -152,8 +150,8 @@ class SessionManager {
       if (persisted) {
         session.eventCounter++;
         session.eventBuffer.push(e);
-        if (session.eventBuffer.length > MAX_EVENT_BUFFER) {
-          session.eventBuffer.splice(0, session.eventBuffer.length - MAX_EVENT_BUFFER);
+        if (session.eventBuffer.length > getConfig().maxEventBuffer) {
+          session.eventBuffer.splice(0, session.eventBuffer.length - getConfig().maxEventBuffer);
         }
         const listeners = this.eventListeners.get(sessionId);
         if (listeners) {
@@ -212,8 +210,8 @@ class SessionManager {
     if (!session) return;
     session.eventCounter++;
     session.eventBuffer.push(event);
-    if (session.eventBuffer.length > MAX_EVENT_BUFFER) {
-      session.eventBuffer.splice(0, session.eventBuffer.length - MAX_EVENT_BUFFER);
+    if (session.eventBuffer.length > getConfig().maxEventBuffer) {
+      session.eventBuffer.splice(0, session.eventBuffer.length - getConfig().maxEventBuffer);
     }
     const listeners = this.eventListeners.get(sessionId);
     if (listeners) {
@@ -272,19 +270,22 @@ class SessionManager {
   }
   // ── Permission management ─────────────────────────────────────
   /** Create a pending permission request. Returns a promise that resolves when approved/denied. */
-  createPendingPermission(sessionId, request) {
+  createPendingPermission(sessionId, request, opts) {
     const session = this.sessions.get(sessionId);
     if (session) this.setSessionState(sessionId, session, "permission");
     return new Promise((resolve) => {
       const createdAt = Date.now();
       this.pendingPermissions.set(sessionId, { resolve, request, createdAt });
       for (const cb of this.permissionRequestListeners) cb(sessionId, request, createdAt);
-      setTimeout(() => {
-        if (this.pendingPermissions.has(sessionId)) {
-          this.pendingPermissions.delete(sessionId);
-          resolve(false);
-        }
-      }, PERMISSION_TIMEOUT_MS);
+      const timeout = opts?.timeoutMs ?? getConfig().permissionTimeoutMs;
+      if (timeout > 0) {
+        setTimeout(() => {
+          if (this.pendingPermissions.has(sessionId)) {
+            this.pendingPermissions.delete(sessionId);
+            resolve(false);
+          }
+        }, timeout);
+      }
     });
   }
   /** Resolve a pending permission request. Returns false if no pending request. */
@@ -356,7 +357,7 @@ class SessionManager {
     if (session.lastStartConfig) {
       session.lastStartConfig.model = model;
     } else {
-      session.lastStartConfig = { provider: "claude-code", model, permissionMode: "acceptEdits" };
+      session.lastStartConfig = { provider: getConfig().defaultProvider, model, permissionMode: getConfig().defaultPermissionMode };
     }
     this.persistSession(session);
     this.emitConfigChanged(id, session.lastStartConfig);
@@ -370,7 +371,7 @@ class SessionManager {
     if (session.lastStartConfig) {
       session.lastStartConfig.permissionMode = mode;
     } else {
-      session.lastStartConfig = { provider: "claude-code", model: "claude-sonnet-4-6", permissionMode: mode };
+      session.lastStartConfig = { provider: getConfig().defaultProvider, model: getConfig().model, permissionMode: mode };
     }
     this.persistSession(session);
     this.emitConfigChanged(id, session.lastStartConfig);

package/dist/server/standalone.js

@@ -111,9 +111,38 @@ function initSchema(db) {
   `);
 }
 
+// src/config.ts
+var defaults = {
+  port: 3099,
+  model: "claude-sonnet-4-6",
+  defaultProvider: "claude-code",
+  defaultPermissionMode: "default",
+  maxSessions: 5,
+  maxEventBuffer: 500,
+  permissionTimeoutMs: 0,
+  // app controls — no SDK-side timeout
+  runOnceTimeoutMs: 12e4,
+  pollIntervalMs: 500,
+  keepaliveIntervalMs: 15e3,
+  skillPollMs: 2e3,
+  dbPath: "data/sna.db"
+};
+function fromEnv() {
+  const env = {};
+  if (process.env.SNA_PORT) env.port = parseInt(process.env.SNA_PORT, 10);
+  if (process.env.SNA_MODEL) env.model = process.env.SNA_MODEL;
+  if (process.env.SNA_PERMISSION_MODE) env.defaultPermissionMode = process.env.SNA_PERMISSION_MODE;
+  if (process.env.SNA_MAX_SESSIONS) env.maxSessions = parseInt(process.env.SNA_MAX_SESSIONS, 10);
+  if (process.env.SNA_DB_PATH) env.dbPath = process.env.SNA_DB_PATH;
+  if (process.env.SNA_PERMISSION_TIMEOUT_MS) env.permissionTimeoutMs = parseInt(process.env.SNA_PERMISSION_TIMEOUT_MS, 10);
+  return env;
+}
+var current = { ...defaults, ...fromEnv() };
+function getConfig() {
+  return current;
+}
+
 // src/server/routes/events.ts
-var POLL_INTERVAL_MS = 500;
-var KEEPALIVE_INTERVAL_MS = 15e3;
 function eventsRoute(c) {
   const sinceParam = c.req.query("since");
   let lastId = sinceParam ? parseInt(sinceParam) : -1;
@@ -138,7 +167,7 @@ function eventsRoute(c) {
         closed = true;
         clearInterval(keepaliveTimer);
       }
-    }, KEEPALIVE_INTERVAL_MS);
+    }, getConfig().keepaliveIntervalMs);
     while (!closed) {
       try {
         const db = getDb();
@@ -156,7 +185,7 @@ function eventsRoute(c) {
         }
       } catch {
       }
-      await stream.sleep(POLL_INTERVAL_MS);
+      await stream.sleep(getConfig().pollIntervalMs);
     }
     clearInterval(keepaliveTimer);
   });
@@ -177,14 +206,16 @@ function wsReply(ws, msg, data) {
 function createEmitRoute(sessionManager2) {
   return async (c) => {
     const body = await c.req.json();
-    const { skill, type, message, data, session_id } = body;
+    const { skill, message, data } = body;
+    const type = body.type ?? body.eventType;
+    const session_id = c.req.query("session") ?? body.session_id ?? body.session ?? null;
     if (!skill || !type || !message) {
       return c.json({ error: "missing fields" }, 400);
     }
     const db = getDb();
     const result = db.prepare(
       `INSERT INTO skill_events (session_id, skill, type, message, data) VALUES (?, ?, ?, ?, ?)`
-    ).run(session_id ?? null, skill, type, message, data ?? null);
+    ).run(session_id, skill, type, message, data ?? null);
     const id = Number(result.lastInsertRowid);
     sessionManager2.broadcastSkillEvent({
       id,
@@ -258,6 +289,7 @@ import { spawn as spawn2, execSync } from "child_process";
 import { EventEmitter } from "events";
 import fs4 from "fs";
 import path4 from "path";
+import { fileURLToPath } from "url";
 
 // src/core/providers/cc-history-adapter.ts
 import fs2 from "fs";
@@ -417,6 +449,10 @@ var _ClaudeCodeProcess = class _ClaudeCodeProcess {
     this._sessionId = null;
     this._initEmitted = false;
     this.buffer = "";
+    /** True once we receive a real text_delta stream_event this turn */
+    this._receivedStreamEvents = false;
+    /** tool_use IDs already emitted via stream_event (to update instead of re-create in assistant block) */
+    this._streamedToolUseIds = /* @__PURE__ */ new Set();
     /**
      * FIFO event queue — ALL events (deltas, assistant, complete, etc.) go through
      * this queue. A fixed-interval timer drains one item at a time, guaranteeing
@@ -527,6 +563,9 @@ var _ClaudeCodeProcess = class _ClaudeCodeProcess {
   get alive() {
     return this._alive;
   }
+  get pid() {
+    return this.proc.pid ?? null;
+  }
   get sessionId() {
     return this._sessionId;
   }
@@ -595,7 +634,43 @@ var _ClaudeCodeProcess = class _ClaudeCodeProcess {
         }
         return null;
       }
+      case "stream_event": {
+        const inner = msg.event;
+        if (!inner) return null;
+        if (inner.type === "content_block_start" && inner.content_block?.type === "tool_use") {
+          const block = inner.content_block;
+          this._receivedStreamEvents = true;
+          this._streamedToolUseIds.add(block.id);
+          return {
+            type: "tool_use",
+            message: block.name,
+            data: { toolName: block.name, id: block.id, input: null, streaming: true },
+            timestamp: Date.now()
+          };
+        }
+        if (inner.type === "content_block_delta") {
+          const delta = inner.delta;
+          if (delta?.type === "text_delta" && delta.text) {
+            this._receivedStreamEvents = true;
+            return {
+              type: "assistant_delta",
+              delta: delta.text,
+              index: inner.index ?? 0,
+              timestamp: Date.now()
+            };
+          }
+          if (delta?.type === "thinking_delta" && delta.thinking) {
+            return {
+              type: "thinking_delta",
+              message: delta.thinking,
+              timestamp: Date.now()
+            };
+          }
+        }
+        return null;
+      }
       case "assistant": {
+        if (this._receivedStreamEvents && msg.message?.stop_reason === null) return null;
         const content = msg.message?.content;
         if (!Array.isArray(content)) return null;
         const events = [];
@@ -608,10 +683,12 @@ var _ClaudeCodeProcess = class _ClaudeCodeProcess {
               timestamp: Date.now()
             });
           } else if (block.type === "tool_use") {
+            const alreadyStreamed = this._streamedToolUseIds.has(block.id);
+            if (alreadyStreamed) this._streamedToolUseIds.delete(block.id);
             events.push({
               type: "tool_use",
               message: block.name,
-              data: { toolName: block.name, input: block.input, id: block.id },
+              data: { toolName: block.name, input: block.input, id: block.id, update: alreadyStreamed },
               timestamp: Date.now()
             });
           } else if (block.type === "text") {
@@ -626,7 +703,7 @@ var _ClaudeCodeProcess = class _ClaudeCodeProcess {
             this.enqueue(e);
           }
           for (const text of textBlocks) {
-            this.enqueueTextAsDeltas(text);
+            this.enqueue({ type: "assistant", message: text, timestamp: Date.now() });
           }
         }
         return null;
@@ -648,6 +725,15 @@ var _ClaudeCodeProcess = class _ClaudeCodeProcess {
       }
       case "result": {
         if (msg.subtype === "success") {
+          if (this._receivedStreamEvents && msg.result) {
+            this.enqueue({
+              type: "assistant",
+              message: msg.result,
+              timestamp: Date.now()
+            });
+            this._receivedStreamEvents = false;
+            this._streamedToolUseIds.clear();
+          }
           const u = msg.usage ?? {};
           const mu = msg.modelUsage ?? {};
           const modelKey = Object.keys(mu)[0] ?? "";
@@ -715,7 +801,13 @@ var ClaudeCodeProvider = class {
     const claudeParts = claudeCommand.split(/\s+/);
     const claudePath = claudeParts[0];
     const claudePrefix = claudeParts.slice(1);
-    const hookScript = new URL("../../scripts/hook.js", import.meta.url).pathname;
+    let pkgRoot = path4.dirname(fileURLToPath(import.meta.url));
+    while (!fs4.existsSync(path4.join(pkgRoot, "package.json"))) {
+      const parent = path4.dirname(pkgRoot);
+      if (parent === pkgRoot) break;
+      pkgRoot = parent;
+    }
+    const hookScript = path4.join(pkgRoot, "dist", "scripts", "hook.js");
     const sessionId = options.env?.SNA_SESSION_ID ?? "default";
     const sdkSettings = {};
     if (options.permissionMode !== "bypassPermissions") {
@@ -755,6 +847,7 @@ var ClaudeCodeProvider = class {
       "--input-format",
       "stream-json",
       "--verbose",
+      "--include-partial-messages",
       "--settings",
       JSON.stringify(sdkSettings)
     ];
@@ -876,24 +969,24 @@ function resolveImagePath(sessionId, filename) {
 function getSessionId(c) {
   return c.req.query("session") ?? "default";
 }
-var DEFAULT_RUN_ONCE_TIMEOUT = 12e4;
 async function runOnce(sessionManager2, opts) {
   const sessionId = `run-once-${crypto.randomUUID().slice(0, 8)}`;
-  const timeout = opts.timeout ?? DEFAULT_RUN_ONCE_TIMEOUT;
+  const timeout = opts.timeout ?? getConfig().runOnceTimeoutMs;
   const session = sessionManager2.createSession({
     id: sessionId,
     label: "run-once",
     cwd: opts.cwd ?? process.cwd()
   });
-  const provider2 = getProvider(opts.provider ?? "claude-code");
+  const cfg = getConfig();
+  const provider2 = getProvider(opts.provider ?? cfg.defaultProvider);
   const extraArgs = opts.extraArgs ? [...opts.extraArgs] : [];
   if (opts.systemPrompt) extraArgs.push("--system-prompt", opts.systemPrompt);
   if (opts.appendSystemPrompt) extraArgs.push("--append-system-prompt", opts.appendSystemPrompt);
   const proc = provider2.spawn({
     cwd: session.cwd,
     prompt: opts.message,
-    model: opts.model ?? "claude-sonnet-4-6",
-    permissionMode: opts.permissionMode ?? "bypassPermissions",
+    model: opts.model ?? cfg.model,
+    permissionMode: opts.permissionMode ?? cfg.defaultPermissionMode,
     env: { SNA_SESSION_ID: sessionId },
     extraArgs
   });
@@ -934,6 +1027,7 @@ function createAgentRoutes(sessionManager2) {
     const body = await c.req.json().catch(() => ({}));
     try {
       const session = sessionManager2.createSession({
+        id: body.id,
         label: body.label,
         cwd: body.cwd,
         meta: body.meta
@@ -960,6 +1054,22 @@ function createAgentRoutes(sessionManager2) {
     logger.log("route", `DELETE /sessions/${id} \u2192 removed`);
     return httpJson(c, "sessions.remove", { status: "removed" });
   });
+  app.patch("/sessions/:id", async (c) => {
+    const id = c.req.param("id");
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      sessionManager2.updateSession(id, {
+        label: body.label,
+        meta: body.meta,
+        cwd: body.cwd
+      });
+      logger.log("route", `PATCH /sessions/${id} \u2192 updated`);
+      return httpJson(c, "sessions.update", { status: "updated", session: id });
+    } catch (e) {
+      logger.err("err", `PATCH /sessions/${id} \u2192 ${e.message}`);
+      return c.json({ status: "error", message: e.message }, 404);
+    }
+  });
   app.post("/run-once", async (c) => {
     const body = await c.req.json().catch(() => ({}));
     if (!body.message) {
@@ -983,14 +1093,14 @@ function createAgentRoutes(sessionManager2) {
       logger.log("route", `POST /start?session=${sessionId} \u2192 already_running`);
       return httpJson(c, "agent.start", {
         status: "already_running",
-        provider: "claude-code",
+        provider: getConfig().defaultProvider,
         sessionId: session.process.sessionId ?? session.id
       });
     }
     if (session.process?.alive) {
       session.process.kill();
     }
-    const provider2 = getProvider(body.provider ?? "claude-code");
+    const provider2 = getProvider(body.provider ?? getConfig().defaultProvider);
     try {
       const db = getDb();
       db.prepare(`INSERT OR IGNORE INTO chat_sessions (id, label, type) VALUES (?, ?, 'main')`).run(sessionId, session.label ?? sessionId);
@@ -1005,8 +1115,8 @@ function createAgentRoutes(sessionManager2) {
       }
     } catch {
     }
-    const providerName = body.provider ?? "claude-code";
-    const model = body.model ?? "claude-sonnet-4-6";
+    const providerName = body.provider ?? getConfig().defaultProvider;
+    const model = body.model ?? getConfig().model;
     const permissionMode2 = body.permissionMode;
     const configDir = body.configDir;
     const extraArgs = body.extraArgs;
@@ -1091,7 +1201,7 @@ function createAgentRoutes(sessionManager2) {
     const sinceParam = c.req.query("since");
     const sinceCursor = sinceParam ? parseInt(sinceParam, 10) : session.eventCounter;
     return streamSSE3(c, async (stream) => {
-      const KEEPALIVE_MS = 15e3;
+      const KEEPALIVE_MS = getConfig().keepaliveIntervalMs;
       const signal = c.req.raw.signal;
       const queue = [];
       let wakeUp = null;
@@ -1188,8 +1298,8 @@ function createAgentRoutes(sessionManager2) {
     if (history.length === 0 && !body.prompt) {
       return c.json({ status: "error", message: "No history in DB \u2014 nothing to resume." }, 400);
     }
-    const providerName = body.provider ?? "claude-code";
-    const model = body.model ?? session.lastStartConfig?.model ?? "claude-sonnet-4-6";
+    const providerName = body.provider ?? getConfig().defaultProvider;
+    const model = body.model ?? session.lastStartConfig?.model ?? getConfig().model;
     const permissionMode2 = body.permissionMode ?? session.lastStartConfig?.permissionMode;
     const configDir = body.configDir ?? session.lastStartConfig?.configDir;
     const extraArgs = body.extraArgs ?? session.lastStartConfig?.extraArgs;
@@ -1320,11 +1430,12 @@ function createChatRoutes() {
   app.post("/sessions", async (c) => {
     const body = await c.req.json().catch(() => ({}));
     const id = body.id ?? crypto.randomUUID().slice(0, 8);
+    const sessionType = body.type ?? body.chatType ?? "background";
     try {
       const db = getDb();
       db.prepare(
         `INSERT OR IGNORE INTO chat_sessions (id, label, type, meta) VALUES (?, ?, ?, ?)`
-      ).run(id, body.label ?? id, body.type ?? "background", body.meta ? JSON.stringify(body.meta) : null);
+      ).run(id, body.label ?? id, sessionType, body.meta ? JSON.stringify(body.meta) : null);
       return httpJson(c, "chat.sessions.create", { status: "created", id, meta: body.meta ?? null });
     } catch (e) {
       return c.json({ status: "error", message: e.message }, 500);
@@ -1412,9 +1523,6 @@ function createChatRoutes() {
 }
 
 // src/server/session-manager.ts
-var DEFAULT_MAX_SESSIONS = 5;
-var MAX_EVENT_BUFFER = 500;
-var PERMISSION_TIMEOUT_MS = 3e5;
 var SessionManager = class {
   constructor(options = {}) {
     this.sessions = /* @__PURE__ */ new Map();
@@ -1426,7 +1534,7 @@ var SessionManager = class {
     this.configChangedListeners = /* @__PURE__ */ new Set();
     this.stateChangedListeners = /* @__PURE__ */ new Set();
     this.metadataChangedListeners = /* @__PURE__ */ new Set();
-    this.maxSessions = options.maxSessions ?? DEFAULT_MAX_SESSIONS;
+    this.maxSessions = options.maxSessions ?? getConfig().maxSessions;
     this.restoreFromDb();
   }
   /** Restore session metadata from DB (cwd, label, meta). Process state is not restored. */
@@ -1565,8 +1673,8 @@ var SessionManager = class {
       if (persisted) {
         session.eventCounter++;
         session.eventBuffer.push(e);
-        if (session.eventBuffer.length > MAX_EVENT_BUFFER) {
-          session.eventBuffer.splice(0, session.eventBuffer.length - MAX_EVENT_BUFFER);
+        if (session.eventBuffer.length > getConfig().maxEventBuffer) {
+          session.eventBuffer.splice(0, session.eventBuffer.length - getConfig().maxEventBuffer);
         }
         const listeners = this.eventListeners.get(sessionId);
         if (listeners) {
@@ -1625,8 +1733,8 @@ var SessionManager = class {
     if (!session) return;
     session.eventCounter++;
     session.eventBuffer.push(event);
-    if (session.eventBuffer.length > MAX_EVENT_BUFFER) {
-      session.eventBuffer.splice(0, session.eventBuffer.length - MAX_EVENT_BUFFER);
+    if (session.eventBuffer.length > getConfig().maxEventBuffer) {
+      session.eventBuffer.splice(0, session.eventBuffer.length - getConfig().maxEventBuffer);
     }
     const listeners = this.eventListeners.get(sessionId);
     if (listeners) {
@@ -1685,19 +1793,22 @@ var SessionManager = class {
   }
   // ── Permission management ─────────────────────────────────────
   /** Create a pending permission request. Returns a promise that resolves when approved/denied. */
-  createPendingPermission(sessionId, request) {
+  createPendingPermission(sessionId, request, opts) {
     const session = this.sessions.get(sessionId);
     if (session) this.setSessionState(sessionId, session, "permission");
     return new Promise((resolve) => {
       const createdAt = Date.now();
       this.pendingPermissions.set(sessionId, { resolve, request, createdAt });
       for (const cb of this.permissionRequestListeners) cb(sessionId, request, createdAt);
-      setTimeout(() => {
-        if (this.pendingPermissions.has(sessionId)) {
-          this.pendingPermissions.delete(sessionId);
-          resolve(false);
-        }
-      }, PERMISSION_TIMEOUT_MS);
+      const timeout = opts?.timeoutMs ?? getConfig().permissionTimeoutMs;
+      if (timeout > 0) {
+        setTimeout(() => {
+          if (this.pendingPermissions.has(sessionId)) {
+            this.pendingPermissions.delete(sessionId);
+            resolve(false);
+          }
+        }, timeout);
+      }
     });
   }
   /** Resolve a pending permission request. Returns false if no pending request. */
@@ -1769,7 +1880,7 @@ var SessionManager = class {
     if (session.lastStartConfig) {
       session.lastStartConfig.model = model;
     } else {
-      session.lastStartConfig = { provider: "claude-code", model, permissionMode: "acceptEdits" };
+      session.lastStartConfig = { provider: getConfig().defaultProvider, model, permissionMode: getConfig().defaultPermissionMode };
     }
     this.persistSession(session);
     this.emitConfigChanged(id, session.lastStartConfig);
@@ -1783,7 +1894,7 @@ var SessionManager = class {
     if (session.lastStartConfig) {
       session.lastStartConfig.permissionMode = mode;
     } else {
-      session.lastStartConfig = { provider: "claude-code", model: "claude-sonnet-4-6", permissionMode: mode };
+      session.lastStartConfig = { provider: getConfig().defaultProvider, model: getConfig().model, permissionMode: mode };
     }
     this.persistSession(session);
     this.emitConfigChanged(id, session.lastStartConfig);
@@ -2057,6 +2168,7 @@ function handleMessage(ws, msg, sm, state) {
 function handleSessionsCreate(ws, msg, sm) {
   try {
     const session = sm.createSession({
+      id: msg.id,
       label: msg.label,
       cwd: msg.cwd,
       meta: msg.meta
@@ -2094,11 +2206,11 @@ function handleAgentStart(ws, msg, sm) {
     cwd: msg.cwd
   });
   if (session.process?.alive && !msg.force) {
-    wsReply(ws, msg, { status: "already_running", provider: "claude-code", sessionId: session.id });
+    wsReply(ws, msg, { status: "already_running", provider: getConfig().defaultProvider, sessionId: session.id });
     return;
   }
   if (session.process?.alive) session.process.kill();
-  const provider2 = getProvider(msg.provider ?? "claude-code");
+  const provider2 = getProvider(msg.provider ?? getConfig().defaultProvider);
   try {
     const db = getDb();
     db.prepare(`INSERT OR IGNORE INTO chat_sessions (id, label, type) VALUES (?, ?, 'main')`).run(sessionId, session.label ?? sessionId);
@@ -2111,8 +2223,9 @@ function handleAgentStart(ws, msg, sm) {
     }
   } catch {
   }
-  const providerName = msg.provider ?? "claude-code";
-  const model = msg.model ?? "claude-sonnet-4-6";
+  const cfg = getConfig();
+  const providerName = msg.provider ?? cfg.defaultProvider;
+  const model = msg.model ?? cfg.model;
   const permissionMode2 = msg.permissionMode;
   const configDir = msg.configDir;
   const extraArgs = msg.extraArgs;
@@ -2188,8 +2301,8 @@ function handleAgentResume(ws, msg, sm) {
   if (history.length === 0 && !msg.prompt) {
     return replyError(ws, msg, "No history in DB \u2014 nothing to resume.");
   }
-  const providerName = msg.provider ?? session.lastStartConfig?.provider ?? "claude-code";
-  const model = msg.model ?? session.lastStartConfig?.model ?? "claude-sonnet-4-6";
+  const providerName = msg.provider ?? session.lastStartConfig?.provider ?? getConfig().defaultProvider;
+  const model = msg.model ?? session.lastStartConfig?.model ?? getConfig().model;
   const permissionMode2 = msg.permissionMode ?? session.lastStartConfig?.permissionMode;
   const configDir = msg.configDir ?? session.lastStartConfig?.configDir;
   const extraArgs = msg.extraArgs ?? session.lastStartConfig?.extraArgs;
@@ -2376,7 +2489,6 @@ function handleAgentUnsubscribe(ws, msg, state) {
   state.agentUnsubs.delete(sessionId);
   reply(ws, msg, {});
 }
-var SKILL_POLL_MS = 2e3;
 function handleEventsSubscribe(ws, msg, sm, state) {
   state.skillEventUnsub?.();
   state.skillEventUnsub = null;
@@ -2416,7 +2528,7 @@ function handleEventsSubscribe(ws, msg, sm, state) {
       }
     } catch {
     }
-  }, SKILL_POLL_MS);
+  }, getConfig().skillPollMs);
   reply(ws, msg, { lastId });
 }
 function handleEventsUnsubscribe(ws, msg, state) {
@@ -2600,10 +2712,7 @@ try {
   }
   process.exit(1);
 }
-var port = parseInt(process.env.SNA_PORT ?? "3099", 10);
-var permissionMode = process.env.SNA_PERMISSION_MODE;
-var defaultModel = process.env.SNA_MODEL ?? "claude-sonnet-4-6";
-var maxSessions = parseInt(process.env.SNA_MAX_SESSIONS ?? "5", 10);
+var { port, defaultPermissionMode: permissionMode, model: defaultModel, maxSessions } = getConfig();
 var root = new Hono4();
 root.use("*", cors({ origin: "*", allowMethods: ["GET", "POST", "DELETE", "OPTIONS"] }));
 root.onError((err2, c) => {

package/dist/server/ws.d.ts

@@ -28,11 +28,14 @@ import '../core/providers/types.js';
  *   agent.status      { session? }
  *   agent.subscribe   { session?, since? }
  *   agent.unsubscribe { session? }
- *   agent.run-once    { message, model?, systemPrompt?, permissionMode?, timeout? }
+ *   agent.run-once    { message, model?, systemPrompt?, appendSystemPrompt?, permissionMode?, cwd?, timeout?, provider?, extraArgs? }
  *
  *   events.subscribe  { since? }
  *   events.unsubscribe {}
  *   emit              { skill, eventType, message, data?, session? }
+ *                     NOTE: WS uses `eventType` (not `type`) because `type` is reserved
+ *                     as the WS protocol routing field. HTTP POST /emit uses `type` instead.
+ *                     WS uses `session` (not `session_id`) consistent with all other WS ops.
  *
  *   permission.respond   { session?, approved }
  *   permission.pending   { session? }
@@ -41,6 +44,7 @@ import '../core/providers/types.js';
  *
  *   chat.sessions.list    {}
  *   chat.sessions.create  { id?, label?, chatType?, meta? }
+ *                         NOTE: WS uses `chatType` (not `type`) for the same reason as `eventType` above.
  *   chat.sessions.remove  { session }
  *   chat.messages.list    { session, since? }
  *   chat.messages.create  { session, role, content?, skill_name?, meta? }

package/dist/server/ws.js

@@ -6,6 +6,7 @@ import { runOnce } from "./routes/agent.js";
 import { wsReply } from "./api-types.js";
 import { buildHistoryFromDb } from "./history-builder.js";
 import { saveImages } from "./image-store.js";
+import { getConfig } from "../config.js";
 function send(ws, data) {
   if (ws.readyState === ws.OPEN) {
     ws.send(JSON.stringify(data));
@@ -161,6 +162,7 @@ function handleMessage(ws, msg, sm, state) {
 function handleSessionsCreate(ws, msg, sm) {
   try {
     const session = sm.createSession({
+      id: msg.id,
       label: msg.label,
       cwd: msg.cwd,
       meta: msg.meta
@@ -198,11 +200,11 @@ function handleAgentStart(ws, msg, sm) {
     cwd: msg.cwd
   });
   if (session.process?.alive && !msg.force) {
-    wsReply(ws, msg, { status: "already_running", provider: "claude-code", sessionId: session.id });
+    wsReply(ws, msg, { status: "already_running", provider: getConfig().defaultProvider, sessionId: session.id });
     return;
   }
   if (session.process?.alive) session.process.kill();
-  const provider = getProvider(msg.provider ?? "claude-code");
+  const provider = getProvider(msg.provider ?? getConfig().defaultProvider);
   try {
     const db = getDb();
     db.prepare(`INSERT OR IGNORE INTO chat_sessions (id, label, type) VALUES (?, ?, 'main')`).run(sessionId, session.label ?? sessionId);
@@ -215,8 +217,9 @@ function handleAgentStart(ws, msg, sm) {
     }
   } catch {
   }
-  const providerName = msg.provider ?? "claude-code";
-  const model = msg.model ?? "claude-sonnet-4-6";
+  const cfg = getConfig();
+  const providerName = msg.provider ?? cfg.defaultProvider;
+  const model = msg.model ?? cfg.model;
   const permissionMode = msg.permissionMode;
   const configDir = msg.configDir;
   const extraArgs = msg.extraArgs;
@@ -292,8 +295,8 @@ function handleAgentResume(ws, msg, sm) {
   if (history.length === 0 && !msg.prompt) {
     return replyError(ws, msg, "No history in DB \u2014 nothing to resume.");
   }
-  const providerName = msg.provider ?? session.lastStartConfig?.provider ?? "claude-code";
-  const model = msg.model ?? session.lastStartConfig?.model ?? "claude-sonnet-4-6";
+  const providerName = msg.provider ?? session.lastStartConfig?.provider ?? getConfig().defaultProvider;
+  const model = msg.model ?? session.lastStartConfig?.model ?? getConfig().model;
   const permissionMode = msg.permissionMode ?? session.lastStartConfig?.permissionMode;
   const configDir = msg.configDir ?? session.lastStartConfig?.configDir;
   const extraArgs = msg.extraArgs ?? session.lastStartConfig?.extraArgs;
@@ -480,7 +483,6 @@ function handleAgentUnsubscribe(ws, msg, state) {
   state.agentUnsubs.delete(sessionId);
   reply(ws, msg, {});
 }
-const SKILL_POLL_MS = 2e3;
 function handleEventsSubscribe(ws, msg, sm, state) {
   state.skillEventUnsub?.();
   state.skillEventUnsub = null;
@@ -520,7 +522,7 @@ function handleEventsSubscribe(ws, msg, sm, state) {
       }
     } catch {
     }
-  }, SKILL_POLL_MS);
+  }, getConfig().skillPollMs);
   reply(ws, msg, { lastId });
 }
 function handleEventsUnsubscribe(ws, msg, state) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sna-sdk/core",
-  "version": "0.8.1",
+  "version": "0.9.4",
   "description": "Skills-Native Application runtime — server, providers, session management, database, and CLI",
   "type": "module",
   "bin": {