@symerian/symi 2.6.6 → 2.6.8

package/dist/{gateway-cli-DYXn5A0z.js → gateway-cli-2yQf_hKZ.js}

@@ -21,7 +21,7 @@ import "./pairing-token-Byh6drgn.js";
 import { t as safeEqualSecret } from "./secret-equal-CbntzRkh.js";
 import { a as isValidIPv4, c as resolveClientIp, d as resolveHostName, f as rawDataToString, i as isTrustedProxyAddress, l as resolveGatewayBindHost, n as isLoopbackHost, o as normalizeHostHeader, t as isLoopbackAddress, u as resolveGatewayListenHosts } from "./net-DZ5Ayk-W.js";
 import { n as pickPrimaryTailnetIPv4, r as pickPrimaryTailnetIPv6 } from "./tailnet-Cmumpn76.js";
-import { $ as getCliSessionId, $t as setPreRestartDeferralCheck, An as DEFAULT_INPUT_TIMEOUT_MS, At as normalizeOptionalSessionKey, Bt as buildSafeExternalPrompt, Cn as enqueueSystemEvent, Cr as onAgentEvent, Dn as DEFAULT_INPUT_IMAGE_MAX_BYTES, E as createDefaultDeps, F as buildHistoryContextFromEntries, Ft as buildDeliveryFromLegacyPayload, H as getTotalPendingReplies, Ht as getHookType, In as resolveAgentTimeoutMs, It as hasLegacyDeliveryHints, J as runAgentTurn, Jt as emitGatewayRestart, Kt as consumeGatewaySigusr1RestartAuthorization, Lt as stripLegacyDeliveryFields, Mn as extractImageContentFromSource, Mt as normalizePayloadToSystemText, Nn as normalizeMimeList, Nt as normalizeRequiredName, O as resolveAgentAvatar, On as DEFAULT_INPUT_IMAGE_MIMES, Ot as inferLegacyName, Pn as resolveInputFileLimits, Pt as migrateLegacyCronPayload, Q as resolveModelProfile, Qt as setGatewaySigusr1RestartPolicy, Sr as getAgentRunContext, St as summarizeRestartSentinel, T as createOutboundSendDeps, Tt as normalizeHttpWebhookUrl, Ut as isExternalHookSession, Vt as detectSuspiciousPatterns, X as getActiveEmbeddedRunCount, Xt as markGatewaySigusr1RestartHandled, Yt as isGatewaySigusr1RestartExternallyAllowed, _ as readJsonBodyWithLimit, at as resolveAnnounceTargetFromKey, b as sleepWithAbort, br as clearAgentRunContext, bt as formatRestartSentinelMessage, cr as getActiveTaskCount, ct as resolveOutboundSessionRoute, dn as requestHeartbeatNow, dr as resetAllLanes, dt as resolveOutboundTarget, et as setCliSessionId, f as getPluginToolMeta, fr as setCommandLaneConcurrency, ft as resolveSessionDeliveryTarget, g as handleSlackHttpRequest, gt as runWithModelFallback, hr as DEFAULT_HEARTBEAT_ACK_MAX_CHARS, i as listDescendantRunsForRequester, it as readLatestAssistantReply, jn as extractFileContentFromSource, jt as normalizeOptionalText, kn as DEFAULT_INPUT_MAX_REDIRECTS, kt as normalizeOptionalAgentId, l as applyToolPolicyPipeline, m as loadSymiPlugins, mr as CommandLane, mt as resetDirectoryCache, n as countActiveRunsForSession, pr as waitForActiveTasks, q as resolveCronStyleNow, qt as deferGatewayRestartUntilIdle, r as initSubagentRegistry, rt as createSymiTools, s as runSubagentAnnounceFlow, t as countActiveDescendantRuns, tt as runCliAgent, u as buildDefaultToolPolicyPipelineSteps, ur as getTotalQueueSize, v as requestBodyErrorToText, vt as consumeRestartSentinel, wr as registerAgentRunContext, x as agentCommand, xr as emitAgentEvent, y as computeBackoff, yr as stripHeartbeatToken } from "./subagent-registry-CVQOC9Jw.js";
+import { $ as getCliSessionId, $t as setPreRestartDeferralCheck, An as DEFAULT_INPUT_TIMEOUT_MS, At as normalizeOptionalSessionKey, Bt as buildSafeExternalPrompt, Cn as enqueueSystemEvent, Cr as onAgentEvent, Dn as DEFAULT_INPUT_IMAGE_MAX_BYTES, E as createDefaultDeps, F as buildHistoryContextFromEntries, Ft as buildDeliveryFromLegacyPayload, H as getTotalPendingReplies, Ht as getHookType, In as resolveAgentTimeoutMs, It as hasLegacyDeliveryHints, J as runAgentTurn, Jt as emitGatewayRestart, Kt as consumeGatewaySigusr1RestartAuthorization, Lt as stripLegacyDeliveryFields, Mn as extractImageContentFromSource, Mt as normalizePayloadToSystemText, Nn as normalizeMimeList, Nt as normalizeRequiredName, O as resolveAgentAvatar, On as DEFAULT_INPUT_IMAGE_MIMES, Ot as inferLegacyName, Pn as resolveInputFileLimits, Pt as migrateLegacyCronPayload, Q as resolveModelProfile, Qt as setGatewaySigusr1RestartPolicy, Sr as getAgentRunContext, St as summarizeRestartSentinel, T as createOutboundSendDeps, Tt as normalizeHttpWebhookUrl, Ut as isExternalHookSession, Vt as detectSuspiciousPatterns, X as getActiveEmbeddedRunCount, Xt as markGatewaySigusr1RestartHandled, Yt as isGatewaySigusr1RestartExternallyAllowed, _ as readJsonBodyWithLimit, at as resolveAnnounceTargetFromKey, b as sleepWithAbort, br as clearAgentRunContext, bt as formatRestartSentinelMessage, cr as getActiveTaskCount, ct as resolveOutboundSessionRoute, dn as requestHeartbeatNow, dr as resetAllLanes, dt as resolveOutboundTarget, et as setCliSessionId, f as getPluginToolMeta, fr as setCommandLaneConcurrency, ft as resolveSessionDeliveryTarget, g as handleSlackHttpRequest, gt as runWithModelFallback, hr as DEFAULT_HEARTBEAT_ACK_MAX_CHARS, i as listDescendantRunsForRequester, it as readLatestAssistantReply, jn as extractFileContentFromSource, jt as normalizeOptionalText, kn as DEFAULT_INPUT_MAX_REDIRECTS, kt as normalizeOptionalAgentId, l as applyToolPolicyPipeline, m as loadSymiPlugins, mr as CommandLane, mt as resetDirectoryCache, n as countActiveRunsForSession, pr as waitForActiveTasks, q as resolveCronStyleNow, qt as deferGatewayRestartUntilIdle, r as initSubagentRegistry, rt as createSymiTools, s as runSubagentAnnounceFlow, t as countActiveDescendantRuns, tt as runCliAgent, u as buildDefaultToolPolicyPipelineSteps, ur as getTotalQueueSize, v as requestBodyErrorToText, vt as consumeRestartSentinel, wr as registerAgentRunContext, x as agentCommand, xr as emitAgentEvent, y as computeBackoff, yr as stripHeartbeatToken } from "./subagent-registry-DovA8Baf.js";
 import { D as resolveSessionResetPolicy, F as resolveMainSessionKey, H as cleanStaleLockFiles, I as resolveMainSessionKeyFromConfig, K as mergeDeliveryContext, M as canonicalizeMainSessionAlias, N as resolveAgentMainSessionKey, T as evaluateSessionFreshness, W as deliveryContextFromSession, d as updateSessionStore, n as parseSessionThreadInfo, o as loadSessionStore } from "./sessions-CJXnZVjR.js";
 import { a as isSilentReplyText, n as SILENT_REPLY_TOKEN } from "./tokens-Csntmwwn.js";
 import { n as listChannelPlugins, o as normalizeWhatsAppTarget, r as normalizeChannelId, t as getChannelPlugin } from "./plugins-CwSlLxM8.js";
@@ -54,7 +54,7 @@ import { i as formatPortDiagnostics, n as inspectPortUsage, t as ensurePortAvail
 import "./trash-CWQQXWX3.js";
 import "./dock-DKxQXuAg.js";
 import "./accounts-D51FXYdA.js";
-import { c as resolveStorePath, i as resolveSessionTranscriptPath } from "./paths-DNdWAq7b.js";
+import { c as resolveStorePath, i as resolveSessionTranscriptPath, s as resolveSessionTranscriptsDirForAgent } from "./paths-DNdWAq7b.js";
 import "./tool-images-CVLISeRT.js";
 import { d as supportsXHighThinking, l as normalizeVerboseLevel, s as normalizeThinkLevel } from "./thinking-8sKPnzpp.js";
 import "./models-config-CCMpqFyr.js";
@@ -77,7 +77,7 @@ import "./image-CO4meYzg.js";
 import "./tool-display-CXwOC-qw.js";
 import { d as registerUnhandledRejectionHandler } from "./runner-BORIO-D3.js";
 import { n as loadModelCatalog } from "./model-catalog-CqCsARJX.js";
-import { o as loadSessionEntry, u as lookupContextTokens } from "./session-utils-Bka9dR4m.js";
+import { a as loadCombinedSessionStoreForGateway, i as listSessionsFromStore, o as loadSessionEntry, u as lookupContextTokens } from "./session-utils-Bka9dR4m.js";
 import { S as registerSkillsChangeListener, c as recordRemoteNodeInfo, d as removeRemoteNodeInfo, f as setSkillsRemoteRegistry, l as refreshRemoteBinsForConnectedNodes, o as getRemoteSkillEligibility, s as primeRemoteSkillsCache, u as refreshRemoteNodeBins, v as updatePairedNodeMetadata, x as getSkillsSnapshotVersion } from "./skill-commands-C8BcwE33.js";
 import "./workspace-dirs-CPNL2Acu.js";
 import { a as readChannelAllowFromStoreSync } from "./pairing-store-vpO8vXVN.js";
@@ -130,20 +130,20 @@ import { n as resolveWideAreaDiscoveryDomain, r as writeWideAreaGatewayZone } fr
 import { i as toOptionString, n as extractGatewayMiskeys, r as maybeExplainGatewayServiceStop, t as describeUnknownError } from "./shared-BtG9rny3.js";
 import { c as probeGateway, s as resolveNodeCommandAllowlist } from "./audit-Byo5jCLN.js";
 import { t as discoverGatewayBeacons } from "./bonjour-discovery-CA_XIzr_.js";
-import { i as pickGatewaySelfPresence } from "./status-CfLq5R5j.js";
-import { a as styleHealthChannelLine, l as startHeartbeatRunner, n as getHealthSnapshot, s as runHeartbeatOnce, t as formatHealthChannelLines } from "./health-DUKLANXu.js";
+import { i as pickGatewaySelfPresence } from "./status-CChK9DsL.js";
+import { a as styleHealthChannelLine, l as startHeartbeatRunner, n as getHealthSnapshot, s as runHeartbeatOnce, t as formatHealthChannelLines } from "./health-CBwxQHlQ.js";
 import { a as resolveControlUiRootSync, i as resolveControlUiRootOverrideSync, t as ensureControlUiAssetsBuilt } from "./control-ui-assets-BseSWee1.js";
 import { a as resolveNpmChannelTag, c as DEFAULT_PACKAGE_CHANNEL, m as normalizeUpdateChannel, n as compareSemverStrings, t as checkUpdateStatus } from "./update-check-ZdimP1aU.js";
-import { t as runOnboardingWizard } from "./onboarding-By0D-QmK.js";
-import { _ as getHandshakeTimeoutMs, a as DEFAULT_ASSISTANT_IDENTITY, b as resolveCronRunLogPath, c as upsertPresence, d as DEDUPE_MAX, f as DEDUPE_TTL_MS, g as TICK_INTERVAL_MS, h as MAX_PAYLOAD_BYTES, i as safeParseJson, l as formatError, m as MAX_BUFFERED_BYTES, n as handleGatewayRequest, o as resolveAssistantIdentity, p as HEALTH_REFRESH_INTERVAL_MS, r as broadcastPresenceSnapshot, s as listSystemPresence, t as coreGatewayHandlers, u as loadVoiceWakeConfig, v as abortChatRunById, x as startGatewayConfigReloader, y as appendCronRunLog } from "./server-methods-D1W-tViM.js";
-import { d as shouldLogWs, f as summarizeAgentEventForWsLog, l as formatForLog, p as setGatewayWsLogStyle, u as logWs } from "./push-apns-CVRC-O3Q.js";
+import { t as runOnboardingWizard } from "./onboarding-D1AsOvXd.js";
+import { _ as getHandshakeTimeoutMs, a as DEFAULT_ASSISTANT_IDENTITY, b as resolveCronRunLogPath, c as upsertPresence, d as DEDUPE_MAX, f as DEDUPE_TTL_MS, g as TICK_INTERVAL_MS, h as MAX_PAYLOAD_BYTES, i as safeParseJson, l as formatError, m as MAX_BUFFERED_BYTES, n as handleGatewayRequest, o as resolveAssistantIdentity, p as HEALTH_REFRESH_INTERVAL_MS, r as broadcastPresenceSnapshot, s as listSystemPresence, t as coreGatewayHandlers, u as loadVoiceWakeConfig, v as abortChatRunById, x as startGatewayConfigReloader, y as appendCronRunLog } from "./server-methods-B7KrCq1B.js";
+import { d as shouldLogWs, f as summarizeAgentEventForWsLog, l as formatForLog, p as setGatewayWsLogStyle, u as logWs } from "./push-apns-A--Taj2b.js";
 import { T as resolveGmailHookRuntimeConfig, _ as buildGogWatchServeArgs, i as ensureTailscaleEndpoint, v as buildGogWatchStartArgs } from "./gmail-setup-utils-CzWeiE-Y.js";
-import "./agents.config-DIumfxnN.js";
+import "./agents.config-CwoBiqZ_.js";
 import "./dm-policy-shared-DJ-61hCT.js";
 import "./node-service-fcZExd22.js";
 import "./status.update-DbmZz0Aq.js";
 import "./skills-install-1ZdwGTnh.js";
-import "./update-runner-DdPdhkw5.js";
+import "./update-runner-DvkWGO1t.js";
 import { t as resolveAgentSessionDirs } from "./session-dirs-DWgIYmAt.js";
 import { i as shouldIncludeHook, r as resolveHookConfig, t as loadWorkspaceHookEntries } from "./workspace-B51TF6q3.js";
 import { n as forceFreePortAndWait } from "./ports-Dn122MUd.js";
@@ -7321,7 +7321,7 @@ function applyControlUiSecurityHeaders(res) {
 	res.setHeader("X-Content-Type-Options", "nosniff");
 	res.setHeader("Referrer-Policy", "no-referrer");
 }
-function sendJson$2(res, status, body) {
+function sendJson$3(res, status, body) {
 	res.statusCode = status;
 	res.setHeader("Content-Type", "application/json; charset=utf-8");
 	res.setHeader("Cache-Control", "no-cache");
@@ -7348,7 +7348,7 @@ function handleControlUiAvatarRequest(req, res, opts) {
 	}
 	if (url.searchParams.get("meta") === "1") {
 		const resolved = opts.resolveAvatar(agentId);
-		sendJson$2(res, 200, { avatarUrl: resolved.kind === "local" ? buildControlUiAvatarUrl(basePath, agentId) : resolved.kind === "remote" || resolved.kind === "data" ? resolved.url : null });
+		sendJson$3(res, 200, { avatarUrl: resolved.kind === "local" ? buildControlUiAvatarUrl(basePath, agentId) : resolved.kind === "remote" || resolved.kind === "data" ? resolved.url : null });
 		return true;
 	}
 	const resolved = opts.resolveAvatar(agentId);
@@ -7444,7 +7444,7 @@ function handleControlUiHttpRequest(req, res, opts) {
 			assistantAgentId: identity.agentId
 		};
 		if (opts?.isLocalClient && opts?.gatewayToken) bootstrapConfig.gatewayToken = opts.gatewayToken;
-		sendJson$2(res, 200, bootstrapConfig);
+		sendJson$3(res, 200, bootstrapConfig);
 		return true;
 	}
 	const rootState = opts?.root;
@@ -7521,7 +7521,7 @@ function setDefaultSecurityHeaders(res) {
 	res.setHeader("X-Content-Type-Options", "nosniff");
 	res.setHeader("Referrer-Policy", "no-referrer");
 }
-function sendJson$1(res, status, body) {
+function sendJson$2(res, status, body) {
 	res.statusCode = status;
 	res.setHeader("Content-Type", "application/json; charset=utf-8");
 	res.end(JSON.stringify(body));
@@ -7536,14 +7536,14 @@ function sendMethodNotAllowed(res, allow = "POST") {
 	sendText(res, 405, "Method Not Allowed");
 }
 function sendUnauthorized(res) {
-	sendJson$1(res, 401, { error: {
+	sendJson$2(res, 401, { error: {
 		message: "Unauthorized",
 		type: "unauthorized"
 	} });
 }
 function sendRateLimited(res, retryAfterMs) {
 	if (retryAfterMs && retryAfterMs > 0) res.setHeader("Retry-After", String(Math.ceil(retryAfterMs / 1e3)));
-	sendJson$1(res, 429, { error: {
+	sendJson$2(res, 429, { error: {
 		message: "Too many failed authentication attempts. Please try again later.",
 		type: "rate_limited"
 	} });
@@ -7556,7 +7556,7 @@ function sendGatewayAuthFailure(res, authResult) {
 	sendUnauthorized(res);
 }
 function sendInvalidRequest(res, message) {
-	sendJson$1(res, 400, { error: {
+	sendJson$2(res, 400, { error: {
 		message,
 		type: "invalid_request_error"
 	} });
@@ -7565,14 +7565,14 @@ async function readJsonBodyOrError(req, res, maxBytes) {
 	const body = await readJsonBody(req, maxBytes);
 	if (!body.ok) {
 		if (body.error === "payload too large") {
-			sendJson$1(res, 413, { error: {
+			sendJson$2(res, 413, { error: {
 				message: "Payload too large",
 				type: "invalid_request_error"
 			} });
 			return;
 		}
 		if (body.error === "request body timeout") {
-			sendJson$1(res, 408, { error: {
+			sendJson$2(res, 408, { error: {
 				message: "Request body timeout",
 				type: "invalid_request_error"
 			} });
@@ -7802,7 +7802,7 @@ async function handleOpenAiHttpRequest(req, res, opts) {
 	});
 	const prompt = buildAgentPrompt$1(payload.messages);
 	if (!prompt.message) {
-		sendJson$1(res, 400, { error: {
+		sendJson$2(res, 400, { error: {
 			message: "Missing user message in `messages`.",
 			type: "invalid_request_error"
 		} });
@@ -7821,7 +7821,7 @@ async function handleOpenAiHttpRequest(req, res, opts) {
 				messageChannel: "webchat",
 				bestEffortDeliver: false
 			}, defaultRuntime, deps));
-			sendJson$1(res, 200, {
+			sendJson$2(res, 200, {
 				id: runId,
 				object: "chat.completion",
 				created: Math.floor(Date.now() / 1e3),
@@ -7842,7 +7842,7 @@ async function handleOpenAiHttpRequest(req, res, opts) {
 			});
 		} catch (err) {
 			logWarn(`openai-compat: chat completion failed: ${String(err)}`);
-			sendJson$1(res, 500, { error: {
+			sendJson$2(res, 500, { error: {
 				message: "internal error",
 				type: "api_error"
 			} });
@@ -8406,7 +8406,7 @@ async function handleOpenResponsesHttpRequest(req, res, opts) {
 	const parseResult = CreateResponseBodySchema.safeParse(handled.body);
 	if (!parseResult.success) {
 		const issue = parseResult.error.issues[0];
-		sendJson$1(res, 400, { error: {
+		sendJson$2(res, 400, { error: {
 			message: issue ? `${issue.path.join(".")}: ${issue.message}` : "Invalid request body",
 			type: "invalid_request_error"
 		} });
@@ -8463,7 +8463,7 @@ async function handleOpenResponsesHttpRequest(req, res, opts) {
 		}
 	} catch (err) {
 		logWarn(`openresponses: request parsing failed: ${String(err)}`);
-		sendJson$1(res, 400, { error: {
+		sendJson$2(res, 400, { error: {
 			message: "invalid request",
 			type: "invalid_request_error"
 		} });
@@ -8481,7 +8481,7 @@ async function handleOpenResponsesHttpRequest(req, res, opts) {
 		toolChoicePrompt = toolChoiceResult.extraSystemPrompt;
 	} catch (err) {
 		logWarn(`openresponses: tool configuration failed: ${String(err)}`);
-		sendJson$1(res, 400, { error: {
+		sendJson$2(res, 400, { error: {
 			message: "invalid tool configuration",
 			type: "invalid_request_error"
 		} });
@@ -8505,7 +8505,7 @@ async function handleOpenResponsesHttpRequest(req, res, opts) {
 		fileContext
 	].filter(Boolean).join("\n\n");
 	if (!prompt.message) {
-		sendJson$1(res, 400, { error: {
+		sendJson$2(res, 400, { error: {
 			message: "Missing user message in `input`.",
 			type: "invalid_request_error"
 		} });
@@ -8534,7 +8534,7 @@ async function handleOpenResponsesHttpRequest(req, res, opts) {
 			const pendingToolCalls = meta && typeof meta === "object" ? meta.pendingToolCalls : void 0;
 			if (stopReason === "tool_calls" && pendingToolCalls && pendingToolCalls.length > 0) {
 				const functionCall = pendingToolCalls[0];
-				sendJson$1(res, 200, createResponseResource({
+				sendJson$2(res, 200, createResponseResource({
 					id: responseId,
 					model,
 					status: "incomplete",
@@ -8549,7 +8549,7 @@ async function handleOpenResponsesHttpRequest(req, res, opts) {
 				}));
 				return true;
 			}
-			sendJson$1(res, 200, createResponseResource({
+			sendJson$2(res, 200, createResponseResource({
 				id: responseId,
 				model,
 				status: "completed",
@@ -8562,7 +8562,7 @@ async function handleOpenResponsesHttpRequest(req, res, opts) {
 			}));
 		} catch (err) {
 			logWarn(`openresponses: non-stream response failed: ${String(err)}`);
-			sendJson$1(res, 500, createResponseResource({
+			sendJson$2(res, 500, createResponseResource({
 				id: responseId,
 				model,
 				status: "failed",
@@ -8829,6 +8829,138 @@ async function handleOpenResponsesHttpRequest(req, res, opts) {
 	return true;
 }
 
+//#endregion
+//#region src/gateway/server-sessions-api.ts
+/**
+* HTTP API for session history — serves the Glass UI History drawer.
+*
+* GET /api/sessions — List all sessions with metadata
+* GET /api/transcript?file=<filename> — Read a session transcript
+*
+* Both endpoints are read-only and serve data from the existing session
+* store and .jsonl transcript files.
+*
+* @module
+*/
+/**
+* Handle /api/sessions and /api/transcript HTTP requests.
+* Returns true if the request was handled, false otherwise.
+*/
+function handleSessionsApiRequest(req, res, cfg) {
+	const url = new URL(req.url ?? "/", "http://localhost");
+	if (url.pathname === "/api/sessions" && req.method === "GET") {
+		handleListSessions(res, cfg);
+		return true;
+	}
+	if (url.pathname === "/api/transcript" && req.method === "GET") {
+		handleTranscript(res, cfg, url.searchParams.get("file"));
+		return true;
+	}
+	return false;
+}
+function sendJson$1(res, data, status = 200) {
+	res.writeHead(status, { "Content-Type": "application/json" });
+	res.end(JSON.stringify(data));
+}
+function handleListSessions(res, cfg) {
+	try {
+		const sessionsDir = resolveSessionTranscriptsDirForAgent(resolveDefaultAgentId(cfg));
+		const { storePath, store } = loadCombinedSessionStoreForGateway(cfg);
+		const storeSessions = listSessionsFromStore({
+			cfg,
+			storePath,
+			store,
+			opts: {
+				includeDerivedTitles: true,
+				includeLastMessage: true
+			}
+		}).sessions.map((s) => ({
+			file: s.sessionId ? `${s.sessionId}.jsonl` : void 0,
+			sessionId: s.sessionId,
+			sessionKey: s.key,
+			isArchived: false,
+			mtime: s.updatedAt ? new Date(s.updatedAt).toISOString() : void 0,
+			preview: s.lastMessagePreview || s.derivedTitle || s.displayName || s.label || void 0,
+			msgCount: (s.inputTokens ?? 0) > 0 || (s.outputTokens ?? 0) > 0 ? void 0 : void 0,
+			size: void 0,
+			model: s.model,
+			modelProvider: s.modelProvider
+		}));
+		const archivedSessions = [];
+		if (fs.existsSync(sessionsDir)) {
+			const files = fs.readdirSync(sessionsDir);
+			for (const file of files) {
+				if (!file.includes(".jsonl.")) continue;
+				const parts = file.split(".jsonl.");
+				if (parts.length < 2 || !parts[1]) continue;
+				const filePath = path.join(sessionsDir, file);
+				try {
+					const stat = fs.statSync(filePath);
+					const lines = fs.readFileSync(filePath, "utf-8").split(/\r?\n/).filter((l) => l.trim());
+					let preview;
+					let msgCount = 0;
+					for (const line of lines) try {
+						const parsed = JSON.parse(line);
+						if (parsed?.message?.role === "user" || parsed?.message?.role === "assistant") msgCount++;
+						if (!preview && parsed?.message?.role === "user") preview = (typeof parsed.message.content === "string" ? parsed.message.content : Array.isArray(parsed.message.content) ? parsed.message.content.filter((b) => b.type === "text").map((b) => b.text ?? "").join(" ") : "").trim().slice(0, 80) || void 0;
+					} catch {}
+					const suffix = parts[1];
+					const dotIdx = suffix.indexOf(".");
+					const archivedAt = dotIdx >= 0 ? suffix.slice(dotIdx + 1).replace(/-(?=\d{2}[T:-])/g, ":") : void 0;
+					archivedSessions.push({
+						file,
+						sessionId: parts[0],
+						isArchived: true,
+						archivedAt: archivedAt || stat.mtime.toISOString(),
+						mtime: stat.mtime.toISOString(),
+						preview,
+						msgCount,
+						size: stat.size
+					});
+				} catch {}
+			}
+		}
+		sendJson$1(res, [...storeSessions.filter((s) => s.sessionId), ...archivedSessions].toSorted((a, b) => {
+			const aArchived = Boolean(a.isArchived);
+			const bArchived = Boolean(b.isArchived);
+			if (!aArchived && bArchived) return -1;
+			if (aArchived && !bArchived) return 1;
+			const aDate = typeof a.mtime === "string" ? a.mtime : typeof a.archivedAt === "string" ? a.archivedAt : "";
+			return (typeof b.mtime === "string" ? b.mtime : typeof b.archivedAt === "string" ? b.archivedAt : "").localeCompare(aDate);
+		}));
+	} catch (err) {
+		sendJson$1(res, { error: String(err) }, 500);
+	}
+}
+function handleTranscript(res, cfg, file) {
+	if (!file) {
+		sendJson$1(res, { error: "Missing file parameter" }, 400);
+		return;
+	}
+	const basename = path.basename(file);
+	if (basename !== file || file.includes("..")) {
+		sendJson$1(res, { error: "Invalid file parameter" }, 400);
+		return;
+	}
+	try {
+		const sessionsDir = resolveSessionTranscriptsDirForAgent(resolveDefaultAgentId(cfg));
+		const filePath = path.join(sessionsDir, basename);
+		if (!fs.existsSync(filePath)) {
+			sendJson$1(res, { error: "Session file not found" }, 404);
+			return;
+		}
+		const lines = fs.readFileSync(filePath, "utf-8").split(/\r?\n/).filter((l) => l.trim());
+		const messages = [];
+		for (const line of lines) try {
+			const parsed = JSON.parse(line);
+			if (parsed?.message?.role) messages.push(parsed.message);
+		} catch {}
+		sendJson$1(res, { messages });
+	} catch (err) {
+		sendJson$1(res, { error: String(err) }, 500);
+	}
+}
+
 //#endregion
 //#region src/gateway/tools-invoke-http.ts
 const DEFAULT_BODY_BYTES = 2 * 1024 * 1024;
@@ -8911,7 +9043,7 @@ async function handleToolsInvokeHttpRequest(req, res, opts) {
 	if (process.env.VITEST && MEMORY_TOOL_NAMES.has(toolName)) {
 		const reasons = resolveMemoryToolDisableReasons(cfg);
 		if (reasons.length > 0) {
-			sendJson$1(res, 400, {
+			sendJson$2(res, 400, {
 				ok: false,
 				error: {
 					type: "invalid_request",
@@ -8983,7 +9115,7 @@ async function handleToolsInvokeHttpRequest(req, res, opts) {
 	const gatewayDenySet = new Set(gatewayDenyNames);
 	const tool = subagentFiltered.filter((t) => !gatewayDenySet.has(t.name)).find((t) => t.name === toolName);
 	if (!tool) {
-		sendJson$1(res, 404, {
+		sendJson$2(res, 404, {
 			ok: false,
 			error: {
 				type: "not_found",
@@ -8998,14 +9130,14 @@ async function handleToolsInvokeHttpRequest(req, res, opts) {
 			action,
 			args
 		});
-		sendJson$1(res, 200, {
+		sendJson$2(res, 200, {
 			ok: true,
 			result: await tool.execute?.(`http-${Date.now()}`, toolArgs)
 		});
 	} catch (err) {
 		const inputStatus = resolveToolInputErrorStatus(err);
 		if (inputStatus !== null) {
-			sendJson$1(res, inputStatus, {
+			sendJson$2(res, inputStatus, {
 				ok: false,
 				error: {
 					type: "tool_error",
@@ -9015,7 +9147,7 @@ async function handleToolsInvokeHttpRequest(req, res, opts) {
 			return true;
 		}
 		logWarn(`tools-invoke: tool execution failed: ${String(err)}`);
-		sendJson$1(res, 500, {
+		sendJson$2(res, 500, {
 			ok: false,
 			error: {
 				type: "tool_error",
@@ -9435,6 +9567,7 @@ function createGatewayHttpServer(opts) {
 				if (await handleA2uiHttpRequest(req, res)) return;
 				if (await canvasHost.handleHttpRequest(req, res)) return;
 			}
+			if (controlUiEnabled && handleSessionsApiRequest(req, res, configSnapshot)) return;
 			if (controlUiEnabled) {
 				if (handleControlUiAvatarRequest(req, res, {
 					basePath: controlUiBasePath,
@@ -11702,7 +11835,7 @@ async function startGatewayServer(port = 18789, opts = {}) {
 	});
 	let glassUiBridgeCleanup = null;
 	if (!minimalTestGateway) {
-		const { createGlassUiBridge } = await import("./glass-ui-ws-Cj9wbO1L.js");
+		const { createGlassUiBridge } = await import("./glass-ui-ws-ibSNo7RU.js");
 		glassUiBridgeCleanup = createGlassUiBridge({
 			wss: glassUiWss,
 			context: gatewayRequestContext,