@syengup/friday-channel-next 0.1.13 → 0.1.14

package/dist/src/http/handlers/history-messages.js

@@ -0,0 +1,100 @@
+/**
+ * GET /friday-next/history/messages?sessionKey=&agentId=&limit=
+ *
+ * Returns a session's transcript history as a flat, normalized message stream.
+ * The Friday app groups these into rounds itself (by role transitions) and uses
+ * each message's stable `id` (the upstream transcript entry id) as its sync key.
+ *
+ * Reads via the gateway `sessions.get` method (exposed to plugins as
+ * `runtime.subagent.getSessionMessages`), which already resolves the active
+ * branch and compaction, then normalizes each raw message into a stable DTO.
+ */
+import { getFridayNextRuntime } from "../../runtime.js";
+import { extractBearerToken } from "../middleware/auth.js";
+import { normalizeHistoryMessages } from "../../history/normalize-message.js";
+import { readSessionTranscriptRawMessages, resolveSessionId } from "../../history/read-transcript.js";
+import { resolveMediaAttachment } from "./files.js";
+const DEFAULT_LIMIT = 200;
+const MAX_LIMIT = 1000;
+function resolveSubagentApi() {
+    try {
+        const runtime = getFridayNextRuntime();
+        return runtime.subagent;
+    }
+    catch {
+        return undefined;
+    }
+}
+export async function handleHistoryMessages(req, res) {
+    if (req.method !== "GET") {
+        res.statusCode = 405;
+        res.setHeader("Content-Type", "application/json");
+        res.end(JSON.stringify({ error: "Method Not Allowed" }));
+        return true;
+    }
+    const token = extractBearerToken(req);
+    if (!token) {
+        res.statusCode = 401;
+        res.setHeader("Content-Type", "application/json");
+        res.end(JSON.stringify({ error: "Unauthorized: bearer token mismatch" }));
+        return true;
+    }
+    const url = new URL(req.url ?? "/", "http://localhost");
+    const sessionKey = url.searchParams.get("sessionKey")?.trim();
+    if (!sessionKey) {
+        res.statusCode = 400;
+        res.setHeader("Content-Type", "application/json");
+        res.end(JSON.stringify({ error: "Missing required query param: sessionKey" }));
+        return true;
+    }
+    const agentId = url.searchParams.get("agentId")?.trim() || undefined;
+    const limitParam = Number(url.searchParams.get("limit"));
+    const limit = Number.isFinite(limitParam) && limitParam > 0
+        ? Math.min(Math.floor(limitParam), MAX_LIMIT)
+        : DEFAULT_LIMIT;
+    // Primary path: read the transcript file directly (works from an HTTP route).
+    let rawMessages = readSessionTranscriptRawMessages(sessionKey, limit);
+    // Fallback: the request-scoped gateway method (only works in some contexts).
+    if (rawMessages.length === 0) {
+        const sessionApi = resolveSubagentApi();
+        if (sessionApi?.getSessionMessages) {
+            try {
+                const response = await sessionApi.getSessionMessages({ sessionKey, limit });
+                rawMessages = Array.isArray(response?.messages) ? response.messages : [];
+            }
+            catch {
+                // Best-effort: an unreadable/unknown session yields an empty history
+                // rather than an error, so the app degrades gracefully.
+                rawMessages = [];
+            }
+        }
+    }
+    const messages = normalizeHistoryMessages(rawMessages);
+    // Resolve `MEDIA:<server-path>` references into downloadable attachment URLs
+    // (copies the file into the plugin's attachments/ dir — the same mechanism the
+    // live deliver path uses), then drop the raw paths from the wire.
+    for (const message of messages) {
+        if (!message.mediaPaths?.length)
+            continue;
+        const resolved = message.mediaPaths
+            .map((p) => resolveMediaAttachment(p))
+            .filter((r) => Boolean(r))
+            .map((r) => ({ url: r.url, filename: r.fileName }));
+        if (resolved.length) {
+            message.images = [...(message.images ?? []), ...resolved];
+        }
+        delete message.mediaPaths;
+    }
+    const sessionId = resolveSessionId(sessionKey);
+    res.statusCode = 200;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({
+        ok: true,
+        sessionKey,
+        ...(agentId ? { agentId } : {}),
+        ...(sessionId ? { sessionId } : {}),
+        totalMessages: messages.length,
+        messages,
+    }));
+    return true;
+}

package/dist/src/http/handlers/history-sessions.d.ts

@@ -0,0 +1,23 @@
+/**
+ * GET /friday-next/history/sessions
+ *
+ * Lists every session across every configured agent (lightweight metadata only).
+ * The Friday app uses this to surface sessions created on other platforms /
+ * channels in its sidebar before lazily fetching each session's history.
+ *
+ * Session message bodies are intentionally NOT read here — that is the job of the
+ * per-session history endpoint. We only read each agent's `sessions.json` via the
+ * forward runtime (`loadSessionStore`), matching the read path already used for
+ * terminal lifecycle forwards.
+ */
+import type { IncomingMessage, ServerResponse } from "node:http";
+export interface FridayHistorySessionSummary {
+    /** Canonical app session key, e.g. "agent:main:main". */
+    sessionKey: string;
+    agentId: string;
+    sessionId?: string;
+    updatedAt?: number;
+    model?: string;
+    title?: string;
+}
+export declare function handleHistorySessions(req: IncomingMessage, res: ServerResponse): Promise<boolean>;

package/dist/src/http/handlers/history-sessions.js

@@ -0,0 +1,163 @@
+/**
+ * GET /friday-next/history/sessions
+ *
+ * Lists every session across every configured agent (lightweight metadata only).
+ * The Friday app uses this to surface sessions created on other platforms /
+ * channels in its sidebar before lazily fetching each session's history.
+ *
+ * Session message bodies are intentionally NOT read here — that is the job of the
+ * per-session history endpoint. We only read each agent's `sessions.json` via the
+ * forward runtime (`loadSessionStore`), matching the read path already used for
+ * terminal lifecycle forwards.
+ */
+import fs from "node:fs";
+import { getFridayAgentForwardRuntime } from "../../agent-forward-runtime.js";
+import { extractBearerToken } from "../middleware/auth.js";
+import { resolveTranscriptPath } from "../../history/read-transcript.js";
+const DEFAULT_AGENT_ID = "main";
+const SAFE_AGENT_ID = /^[a-z0-9][a-z0-9_-]*$/;
+/** Mirror of OpenClaw's `normalizeAgentId` (also used in agents-list.ts). */
+function normalizeAgentId(value) {
+    const trimmed = typeof value === "string" ? value.trim() : "";
+    if (!trimmed)
+        return DEFAULT_AGENT_ID;
+    const lowered = trimmed.toLowerCase();
+    if (SAFE_AGENT_ID.test(lowered))
+        return lowered;
+    return (lowered
+        .replace(/[^a-z0-9_-]+/g, "-")
+        .replace(/^-+|-+$/g, "")
+        .slice(0, 64) || DEFAULT_AGENT_ID);
+}
+function readString(value) {
+    return typeof value === "string" && value.trim() ? value.trim() : undefined;
+}
+function readNumber(value) {
+    return typeof value === "number" && Number.isFinite(value) ? value : undefined;
+}
+/** Configured agent ids (deduped). Falls back to the implicit "main" agent. */
+function resolveConfiguredAgentIds(config) {
+    const agents = config?.agents;
+    const list = agents?.list;
+    if (!Array.isArray(list) || list.length === 0)
+        return [DEFAULT_AGENT_ID];
+    const ids = new Set();
+    for (const agent of list) {
+        if (agent && typeof agent === "object")
+            ids.add(normalizeAgentId(agent.id));
+    }
+    if (ids.size === 0)
+        ids.add(DEFAULT_AGENT_ID);
+    return [...ids];
+}
+/** Build the canonical app session key from an agent + a raw sessions.json key. */
+function toCanonicalSessionKey(agentId, storeKey) {
+    const key = storeKey.trim();
+    if (key.toLowerCase().startsWith("agent:"))
+        return key;
+    return `agent:${agentId}:${key}`;
+}
+/** Session-id portion (everything after `agent:<id>:`). */
+function sessionRest(canonicalKey) {
+    const m = canonicalKey.match(/^agent:[^:]+:(.+)$/);
+    return (m?.[1] ?? canonicalKey).toLowerCase();
+}
+/**
+ * Internal/system sessions that aren't user-facing conversations — mirrors what
+ * OpenClaw's own `sessions.list` filters (cron/global/unknown/phantom) plus
+ * heartbeat / subagent / memory-dreaming runs.
+ */
+function isInternalSessionKey(canonicalKey, storeKey) {
+    const k = storeKey.toLowerCase();
+    if (k === "global" || k === "unknown")
+        return true;
+    const rest = sessionRest(canonicalKey);
+    return (rest === "sessions" || // phantom agent-store entry
+        rest.startsWith("subagent:") ||
+        rest.startsWith("cron:") ||
+        rest.startsWith("dreaming-narrative") ||
+        rest === "heartbeat" ||
+        rest.endsWith(":heartbeat"));
+}
+/** A session counts as archived/empty when its transcript file is gone or empty. */
+function hasLiveTranscript(entry, storePath) {
+    const filePath = resolveTranscriptPath(entry, storePath);
+    if (!filePath)
+        return false;
+    try {
+        return fs.statSync(filePath).size > 0;
+    }
+    catch {
+        return false; // archived (moved to .deleted/.bak) or never written
+    }
+}
+function readAgentSessions(agentId) {
+    const rt = getFridayAgentForwardRuntime();
+    if (!rt)
+        return [];
+    let storePath;
+    let store;
+    try {
+        storePath = rt.resolveStorePath(undefined, { agentId });
+        store = rt.loadSessionStore(storePath) ?? {};
+    }
+    catch {
+        return [];
+    }
+    const summaries = [];
+    for (const [storeKey, rawEntry] of Object.entries(store)) {
+        if (!rawEntry || typeof rawEntry !== "object")
+            continue;
+        const entry = rawEntry;
+        const canonicalKey = toCanonicalSessionKey(agentId, storeKey);
+        // Drop internal/system sessions and subagent links.
+        if (isInternalSessionKey(canonicalKey, storeKey))
+            continue;
+        if (entry.spawnedBy || entry.subagentRole || entry.parentSessionKey)
+            continue;
+        // Drop archived/empty sessions (transcript moved away or never written).
+        if (!hasLiveTranscript(entry, storePath))
+            continue;
+        summaries.push({
+            sessionKey: canonicalKey,
+            agentId,
+            ...(readString(entry.sessionId) ? { sessionId: readString(entry.sessionId) } : {}),
+            ...(readNumber(entry.updatedAt) !== undefined ? { updatedAt: readNumber(entry.updatedAt) } : {}),
+            ...(readString(entry.model) ?? readString(entry.modelOverride)
+                ? { model: readString(entry.model) ?? readString(entry.modelOverride) }
+                : {}),
+            // Server-side session display name (matches OpenClaw's resolution order).
+            ...(readString(entry.displayName) ?? readString(entry.label)
+                ? { title: readString(entry.displayName) ?? readString(entry.label) }
+                : {}),
+        });
+    }
+    return summaries;
+}
+export async function handleHistorySessions(req, res) {
+    if (req.method !== "GET") {
+        res.statusCode = 405;
+        res.setHeader("Content-Type", "application/json");
+        res.end(JSON.stringify({ error: "Method Not Allowed" }));
+        return true;
+    }
+    const token = extractBearerToken(req);
+    if (!token) {
+        res.statusCode = 401;
+        res.setHeader("Content-Type", "application/json");
+        res.end(JSON.stringify({ error: "Unauthorized: bearer token mismatch" }));
+        return true;
+    }
+    const rt = getFridayAgentForwardRuntime();
+    const config = rt?.getConfig();
+    const agentIds = resolveConfiguredAgentIds(config);
+    const sessions = [];
+    for (const agentId of agentIds) {
+        sessions.push(...readAgentSessions(agentId));
+    }
+    sessions.sort((a, b) => (b.updatedAt ?? 0) - (a.updatedAt ?? 0));
+    res.statusCode = 200;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ ok: true, sessions }));
+    return true;
+}

package/dist/src/http/handlers/history-set-title.d.ts

@@ -0,0 +1,10 @@
+/**
+ * PUT /friday-next/sessions/title  body: { sessionKey, title }
+ *
+ * Syncs the app-set session name to the server session's `displayName` (the
+ * field OpenClaw resolves first for a session's display title, ahead of `label`).
+ * Writes via `updateSessionStoreEntry` (cache-owning, not request-scoped), so the
+ * change is also visible to webui and other clients.
+ */
+import type { IncomingMessage, ServerResponse } from "node:http";
+export declare function handleHistorySetTitle(req: IncomingMessage, res: ServerResponse): Promise<boolean>;

package/dist/src/http/handlers/history-set-title.js

@@ -0,0 +1,77 @@
+/**
+ * PUT /friday-next/sessions/title  body: { sessionKey, title }
+ *
+ * Syncs the app-set session name to the server session's `displayName` (the
+ * field OpenClaw resolves first for a session's display title, ahead of `label`).
+ * Writes via `updateSessionStoreEntry` (cache-owning, not request-scoped), so the
+ * change is also visible to webui and other clients.
+ */
+import { getFridayAgentForwardRuntime } from "../../agent-forward-runtime.js";
+import { extractBearerToken } from "../middleware/auth.js";
+import { readJsonBody } from "../middleware/body.js";
+import { agentIdFromSessionKey, toSessionStoreKey } from "../../session/session-manager.js";
+function json(res, status, body) {
+    res.statusCode = status;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify(body));
+    return true;
+}
+/** Real store key matching `sessionKey`, tolerating deviceId case differences. */
+function resolveStoreKey(store, sessionKey) {
+    if (store[sessionKey])
+        return sessionKey;
+    const canonical = toSessionStoreKey(sessionKey);
+    if (store[canonical])
+        return canonical;
+    const target = canonical.toLowerCase();
+    for (const k of Object.keys(store)) {
+        if (k.toLowerCase() === target)
+            return k;
+    }
+    return undefined;
+}
+export async function handleHistorySetTitle(req, res) {
+    if (req.method !== "PUT" && req.method !== "POST") {
+        return json(res, 405, { error: "Method Not Allowed" });
+    }
+    if (!extractBearerToken(req)) {
+        return json(res, 401, { error: "Unauthorized: bearer token mismatch" });
+    }
+    const body = (await readJsonBody(req));
+    const sessionKey = typeof body?.sessionKey === "string" ? body.sessionKey.trim() : "";
+    const title = typeof body?.title === "string" ? body.title.trim() : "";
+    if (!sessionKey) {
+        return json(res, 400, { error: "Missing required field: sessionKey" });
+    }
+    const rt = getFridayAgentForwardRuntime();
+    if (!rt?.updateSessionStoreEntry) {
+        return json(res, 503, { error: "Session store write not available" });
+    }
+    const agentId = agentIdFromSessionKey(sessionKey);
+    let storePath;
+    let store;
+    try {
+        storePath = rt.resolveStorePath(undefined, { agentId });
+        store = rt.loadSessionStore(storePath) ?? {};
+    }
+    catch {
+        return json(res, 500, { error: "Failed to load session store" });
+    }
+    const storeKey = resolveStoreKey(store, sessionKey);
+    if (!storeKey) {
+        return json(res, 404, { error: `Session not found: ${sessionKey}` });
+    }
+    try {
+        const updated = await rt.updateSessionStoreEntry({
+            storePath,
+            sessionKey: storeKey,
+            // Empty title clears the override so the server can derive its own again.
+            update: () => ({ displayName: title || undefined }),
+        });
+        const sessionId = updated && typeof updated.sessionId === "string" ? updated.sessionId : undefined;
+        return json(res, 200, { ok: true, sessionKey, ...(sessionId ? { sessionId } : {}), title });
+    }
+    catch {
+        return json(res, 500, { error: "Failed to update session title" });
+    }
+}

package/dist/src/http/server.js

@@ -14,6 +14,9 @@ import { handleNodesApprove } from "./handlers/nodes-approve.js";
 import { handleSessionsSettings } from "./handlers/sessions-settings.js";
 import { handleModelsList } from "./handlers/models-list.js";
 import { handleAgentsList } from "./handlers/agents-list.js";
+import { handleHistorySessions } from "./handlers/history-sessions.js";
+import { handleHistoryMessages } from "./handlers/history-messages.js";
+import { handleHistorySetTitle } from "./handlers/history-set-title.js";
 import { handleStatus } from "./handlers/status.js";
 import { handleHealth } from "./handlers/health.js";
 import { applyCorsHeaders } from "./middleware/cors.js";
@@ -68,6 +71,18 @@ async function handleFridayNextRoute(req, res) {
     if (req.method === "GET" && pathname === "/friday-next/status") {
         return await handleStatus(req, res);
     }
+    // Route: GET /friday-next/history/sessions (list all sessions across agents)
+    if (req.method === "GET" && pathname === "/friday-next/history/sessions") {
+        return await handleHistorySessions(req, res);
+    }
+    // Route: GET /friday-next/history/messages?sessionKey=&agentId=&limit=
+    if (req.method === "GET" && pathname === "/friday-next/history/messages") {
+        return await handleHistoryMessages(req, res);
+    }
+    // Route: PUT /friday-next/sessions/title (sync app session name → server displayName)
+    if ((req.method === "PUT" || req.method === "POST") && pathname === "/friday-next/sessions/title") {
+        return await handleHistorySetTitle(req, res);
+    }
     // Route: GET /friday-next/health?deviceId=...&nodeDeviceId=...&selfHeal=true
     if (req.method === "GET" && pathname === "/friday-next/health") {
         return await handleHealth(req, res);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@syengup/friday-channel-next",
-  "version": "0.1.13",
+  "version": "0.1.14",
   "description": "OpenClaw Friday Next Apple channel plugin",
   "license": "MIT",
   "type": "module",
@@ -12,15 +12,6 @@
     "tsconfig.json",
     "openclaw.plugin.json"
   ],
-  "scripts": {
-    "build": "tsc -p tsconfig.json",
-    "prepublishOnly": "pnpm build",
-    "test": "npm run test:unit && npm run test:e2e",
-    "test:unit": "vitest run",
-    "test:e2e": "vitest run --config vitest.e2e.config.ts",
-    "test:smoke": "node scripts/e2e-smoke.mjs",
-    "test:msg-live": "node scripts/message-roundtrip-live.mjs"
-  },
   "bin": {
     "friday-channel-next": "install.js"
   },
@@ -66,5 +57,13 @@
     "typescript": "^6.0.3",
     "vitest": "^4.1.5",
     "zod": "^4.3.6"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "test": "npm run test:unit && npm run test:e2e",
+    "test:unit": "vitest run",
+    "test:e2e": "vitest run --config vitest.e2e.config.ts",
+    "test:smoke": "node scripts/e2e-smoke.mjs",
+    "test:msg-live": "node scripts/message-roundtrip-live.mjs"
   }
-}
+}

package/src/agent-forward-runtime.ts

@@ -6,6 +6,14 @@ export type FridayAgentForwardRuntime = {
     path: string,
     options?: { skipCache?: boolean; maintenanceConfig?: unknown; clone?: boolean },
   ) => Record<string, unknown>;
+  /** Cache-owning entry write (syncs the app session name → server `displayName`). */
+  updateSessionStoreEntry?: (params: {
+    storePath: string;
+    sessionKey: string;
+    update: (
+      entry: Record<string, unknown>,
+    ) => Record<string, unknown> | null | Promise<Record<string, unknown> | null>;
+  }) => Promise<Record<string, unknown> | null>;
   getConfig: () => unknown;
 };
 
@@ -16,6 +24,8 @@ export function setFridayAgentForwardRuntime(api: OpenClawPluginApi): void {
   forwardRuntime = {
     resolveStorePath: api.runtime.agent.session.resolveStorePath,
     loadSessionStore: api.runtime.agent.session.loadSessionStore,
+    updateSessionStoreEntry: (api.runtime.agent.session as Record<string, unknown>)
+      .updateSessionStoreEntry as FridayAgentForwardRuntime["updateSessionStoreEntry"],
     getConfig: () => api.runtime.config.current(),
   };
 }

package/src/channel-actions.test.ts

@@ -0,0 +1,111 @@
+import fs from "node:fs";
+import path from "node:path";
+import { EventEmitter } from "node:events";
+import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import { handleMessageAction } from "./channel-actions.js";
+import { sseEmitter } from "./sse/emitter.js";
+import { setOfflineQueueBaseDirForTest } from "./sse/offline-queue.js";
+import { registerRunRoute } from "./run-metadata.js";
+import { createTempHistoryDir, removeTempHistoryDir, setMockRuntime } from "./test-support/mock-runtime.js";
+
+/**
+ * The `message` tool's `action=send` is handled here (NOT via outbound.sendText/sendMedia).
+ * `ctx.sessionKey` is the agent's base/main session, so the send must recover the app session that
+ * started the device's active run from the run-route registry — otherwise attachments land in a
+ * device-level / main session instead of the user's current session.
+ */
+
+class MockRes extends EventEmitter {
+  writes: string[] = [];
+  write(chunk: string): boolean {
+    this.writes.push(chunk);
+    return true;
+  }
+  end(): void {
+    // no-op
+  }
+}
+
+type OutboundFrame = { type: string; data: Record<string, unknown> };
+
+function parseOutboundFrames(res: MockRes): OutboundFrame[] {
+  const frames: OutboundFrame[] = [];
+  for (const block of res.writes.join("").split("\n\n")) {
+    if (!block.trim()) continue;
+    let type = "";
+    let data: Record<string, unknown> | undefined;
+    for (const line of block.split("\n")) {
+      if (line.startsWith("event: ")) type = line.slice("event: ".length).trim();
+      else if (line.startsWith("data: ")) {
+        try {
+          data = JSON.parse(line.slice("data: ".length));
+        } catch {
+          // ignore
+        }
+      }
+    }
+    if (data) frames.push({ type, data });
+  }
+  return frames;
+}
+
+describe("channel-actions handleSend sessionKey routing", () => {
+  let historyDir = "";
+
+  beforeEach(() => {
+    sseEmitter.resetForTest();
+    historyDir = createTempHistoryDir();
+    setOfflineQueueBaseDirForTest(historyDir);
+    setMockRuntime({ historyDir, authToken: "test-token" });
+  });
+
+  afterEach(() => {
+    setOfflineQueueBaseDirForTest(null);
+    removeTempHistoryDir(historyDir);
+  });
+
+  function connect(deviceId: string): MockRes {
+    const res = new MockRes();
+    sseEmitter.addConnection(deviceId, res as never);
+    return res;
+  }
+
+  it("send media routes to the active run's app session, not ctx.sessionKey", async () => {
+    const deviceId = "DEV-ACT-1";
+    const runId = "run-act-1";
+    const appSession = "agent:operator:friday:direct:dev-act-1:1780561609";
+    const mediaFile = path.join(historyDir, "shot.png");
+    fs.writeFileSync(mediaFile, "png-bytes");
+    registerRunRoute({ runId, deviceId, sessionKey: appSession });
+    sseEmitter.trackDeviceForRun(deviceId, runId);
+    const res = connect(deviceId);
+
+    const result = await handleMessageAction({
+      action: "send",
+      params: { to: deviceId, message: "桌面截图来了 📸", media: mediaFile },
+      sessionKey: "agent:operator:main", // ctx gives the base/main session — must be overridden
+    });
+
+    expect((result as { ok?: boolean }).ok).toBe(true);
+    const frames = parseOutboundFrames(res);
+    const media = frames.find((f) => f.type === "outbound" && f.data.op === "media");
+    const text = frames.find((f) => f.type === "outbound" && f.data.op === "text");
+    expect(media?.data.sessionKey).toBe(appSession);
+    expect(text?.data.sessionKey).toBe(appSession);
+    expect(media?.data.deviceId).toBe(deviceId);
+  });
+
+  it("falls back to ctx.sessionKey when the device has no active run-route", async () => {
+    const deviceId = "DEV-ACT-2";
+    const res = connect(deviceId);
+
+    await handleMessageAction({
+      action: "send",
+      params: { to: deviceId, message: "hi" },
+      sessionKey: "agent:operator:friday:direct:fallback-session",
+    });
+
+    const text = parseOutboundFrames(res).find((f) => f.type === "outbound" && f.data.op === "text");
+    expect(text?.data.sessionKey).toBe("agent:operator:friday:direct:fallback-session");
+  });
+});

package/src/channel-actions.ts

@@ -2,6 +2,8 @@ import crypto from "node:crypto";
 import fs from "node:fs";
 import { sseEmitter } from "./sse/emitter.js";
 import { guessMimeType } from "./http/handlers/files.js";
+import { getRunRoute } from "./run-metadata.js";
+import { resolveHistorySessionKeyForFridayDevice } from "./friday-session.js";
 
 type MessageActionCtx = {
   action: string;
@@ -64,7 +66,14 @@ async function handleSend(ctx: MessageActionCtx): Promise<unknown> {
   }
 
   const runId = crypto.randomUUID();
-  const sessionKey = ctx.sessionKey ?? undefined;
+  // The `message` tool's send runs as a fresh action; `ctx.sessionKey` is the agent's base/main
+  // session, not the app session that started the active run on this device. Recover the latter via
+  // the device's last tracked run-route so attachments land in the user's current session.
+  const activeRunId = sseEmitter.getLastRunIdForDevice(to) ?? undefined;
+  const sessionKey =
+    (activeRunId ? getRunRoute(activeRunId)?.sessionKey : undefined) ??
+    ctx.sessionKey ??
+    resolveHistorySessionKeyForFridayDevice(to);
 
   // Send text via SSE outbound
   if (text) {