@triflux/core 10.34.0 → 10.35.0

package/hooks/agy-session-hook.mjs

@@ -0,0 +1,140 @@
+#!/usr/bin/env node
+
+import { argv, exit, stdin, stdout } from "node:process";
+import { pathToFileURL } from "node:url";
+import { drainPendingSynapse as defaultDrainPendingSynapse } from "../hub/team/synapse-http.mjs";
+import {
+  heartbeatInteractiveSession as defaultHeartbeatInteractiveSession,
+  registerInteractiveSession as defaultRegisterInteractiveSession,
+} from "./session-start-fast.mjs";
+
+// hub-ensure is loaded lazily so the byte-identical packages/core mirror of this
+// file loads cleanly. packages/core mirrors scripts/lib only (not scripts/*), so a
+// static `../scripts/hub-ensure.mjs` import would make the core copy throw
+// ERR_MODULE_NOT_FOUND at load time. Mirrors codex-session-hook.mjs's pattern.
+async function defaultHubEnsureRun(stdinData) {
+  const { run } = await import(
+    new URL("../scripts/hub-ensure.mjs", import.meta.url).href
+  );
+  return run(stdinData);
+}
+
+function parsePayload(stdinData) {
+  try {
+    const raw = typeof stdinData === "string" ? stdinData : "";
+    return raw.trim()
+      ? { ok: true, payload: JSON.parse(raw) }
+      : { ok: false, payload: {} };
+  } catch {
+    return { ok: false, payload: {} };
+  }
+}
+
+// Antigravity hook payloads use camelCase system metadata (conversationId,
+// workspacePaths) rather than Codex's session_id/cwd. registerInteractiveSession
+// and heartbeatInteractiveSession parse the Codex shape, so we adapt the agy
+// payload into that shape before delegating. conversationId is the stable
+// per-conversation UUID (== session identity); the first mounted workspace path
+// is the effective cwd.
+export function toSessionPayload(payload) {
+  const sessionId = String(payload?.conversationId || "").trim();
+  const workspacePaths = Array.isArray(payload?.workspacePaths)
+    ? payload.workspacePaths
+    : [];
+  const cwd =
+    typeof workspacePaths[0] === "string" && workspacePaths[0]
+      ? workspacePaths[0]
+      : process.cwd();
+  return JSON.stringify({ session_id: sessionId, cwd });
+}
+
+// agy has no distinct SessionStart / UserPromptSubmit events. PreInvocation
+// fires before every model call, so the per-conversation invocationNum gates
+// register (first call == session start) vs heartbeat (subsequent calls).
+// An explicit argv mode (register|heartbeat) overrides, mirroring the codex hook.
+export function normalizeMode(argvMode, payload) {
+  const direct = String(argvMode || "")
+    .trim()
+    .toLowerCase();
+  if (direct === "register" || direct === "heartbeat") return direct;
+
+  const invocationNum = Number(payload?.invocationNum);
+  if (Number.isFinite(invocationNum)) {
+    return invocationNum <= 1 ? "register" : "heartbeat";
+  }
+  // Unknown invocation index: register is idempotent and also ensures the hub,
+  // so it is the safe default for a first-contact payload.
+  return "register";
+}
+
+export async function runAgySessionHook(stdinData, opts = {}) {
+  const output = "{}\n";
+  const parsed = parsePayload(stdinData);
+  if (!parsed.ok) {
+    if (opts.writeStdout !== false) stdout.write(output);
+    return output;
+  }
+
+  const sessionPayload = toSessionPayload(parsed.payload);
+  const sessionId = JSON.parse(sessionPayload).session_id;
+  // No conversation id means nothing to register; stay a silent no-op.
+  if (!sessionId) {
+    if (opts.writeStdout !== false) stdout.write(output);
+    return output;
+  }
+
+  const mode = normalizeMode(opts.argvMode ?? argv[2], parsed.payload);
+  const hubEnsureRun = opts.hubEnsureRun || defaultHubEnsureRun;
+  const registerInteractiveSession =
+    opts.registerInteractiveSession || defaultRegisterInteractiveSession;
+  const heartbeatInteractiveSession =
+    opts.heartbeatInteractiveSession || defaultHeartbeatInteractiveSession;
+  const drainPendingSynapse =
+    opts.drainPendingSynapse || defaultDrainPendingSynapse;
+
+  try {
+    if (mode === "register") {
+      try {
+        await hubEnsureRun(sessionPayload);
+      } catch {}
+      try {
+        registerInteractiveSession(sessionPayload);
+      } catch {}
+      try {
+        await drainPendingSynapse(1000);
+      } catch {}
+    } else if (mode === "heartbeat") {
+      try {
+        heartbeatInteractiveSession(sessionPayload);
+      } catch {}
+      try {
+        await drainPendingSynapse(500);
+      } catch {}
+    }
+  } catch {
+    // agy session hooks are observational and must never block the session.
+  }
+
+  if (opts.writeStdout !== false) {
+    stdout.write(output);
+  }
+  return output;
+}
+
+function readStdin() {
+  return new Promise((resolve) => {
+    let data = "";
+    stdin.setEncoding("utf8");
+    stdin.on("data", (chunk) => {
+      data += chunk;
+    });
+    stdin.on("end", () => resolve(data));
+    stdin.on("error", () => resolve(data));
+  });
+}
+
+if (argv[1] && import.meta.url === pathToFileURL(argv[1]).href) {
+  const stdinData = await readStdin();
+  await runAgySessionHook(stdinData);
+  exit(0);
+}

package/hub/bridge.mjs

@@ -1186,6 +1186,36 @@ function daemonAttachErrorResult(error) {
   };
 }
 
+function daemonAttachProbeFailureResult(probe) {
+  return {
+    ok: false,
+    text: "",
+    raw: "",
+    responseRaw: "",
+    matchedCompletion: false,
+    timedOut: false,
+    closed: false,
+    inputSent: false,
+    error: probe?.error || probe?.reason || "Claude daemon unavailable",
+    reason: probe?.reason || "daemon-unavailable",
+    daemon: probe?.daemon ?? null,
+    daemons: probe?.daemons ?? [],
+    matches: probe?.matches ?? [],
+    candidateResults: probe?.candidateResults ?? [],
+    callerProvenance: probe?.callerProvenance ?? null,
+  };
+}
+
+function daemonProbeMetadata(probe) {
+  return {
+    daemon: probe?.daemon ?? null,
+    daemons: probe?.daemons ?? [],
+    matches: probe?.matches ?? [],
+    candidateResults: probe?.candidateResults ?? [],
+    callerProvenance: probe?.callerProvenance ?? null,
+  };
+}
+
 function daemonInterruptErrorResult(error) {
   return {
     ok: false,
@@ -1197,6 +1227,22 @@ function daemonInterruptErrorResult(error) {
   };
 }
 
+function daemonInterruptProbeFailureResult(probe) {
+  return {
+    ok: false,
+    done: false,
+    aborted: false,
+    reason: probe?.reason || "interrupt_failed",
+    inputSent: false,
+    error: probe?.error || probe?.reason || "Claude daemon unavailable",
+    daemon: probe?.daemon ?? null,
+    daemons: probe?.daemons ?? [],
+    matches: probe?.matches ?? [],
+    candidateResults: probe?.candidateResults ?? [],
+    callerProvenance: probe?.callerProvenance ?? null,
+  };
+}
+
 function numericOption(value, fallback) {
   const parsed = Number(value);
   return Number.isFinite(parsed) ? parsed : fallback;
@@ -1205,35 +1251,15 @@ function numericOption(value, fallback) {
 async function cmdDaemonProbe(args) {
   try {
     const payload = readBridgePayload(args);
-    const {
-      deriveClaudeDaemonPaths,
-      extractClaudeAgentSessions,
-      findDaemonJobBySessionId,
-      findDaemonJobByShort,
-      sendClaudeControlRequest,
-    } = await loadDaemonControl();
-    const daemonPaths = deriveClaudeDaemonPaths({
+    const { probeClaudeDaemonCandidates } = await loadDaemonControl();
+    const probe = await probeClaudeDaemonCandidates({
       configDir: payload.configDir,
+      env: process.env,
+      short: payload.short,
+      sessionId: payload.sessionId,
+      timeoutMs: numericOption(payload.timeoutMs, 6000),
     });
-    const list = await sendClaudeControlRequest(
-      daemonPaths.controlSock,
-      { proto: 1, op: "list" },
-      { timeoutMs: numericOption(payload.timeoutMs, 6000) },
-    );
-    const target = payload.sessionId
-      ? findDaemonJobBySessionId(list, payload.sessionId)
-      : payload.short
-        ? findDaemonJobByShort(list, payload.short)
-        : null;
-    const sessions = extractClaudeAgentSessions(list);
-
-    return emitJson({
-      ok: list?.ok !== false,
-      controlSock: daemonPaths.controlSock,
-      sessions,
-      target: target || undefined,
-      error: list?.ok === false ? list?.error : undefined,
-    });
+    return emitJson(probe);
   } catch (error) {
     return emitJson(daemonErrorResult(error));
   }
@@ -1246,33 +1272,49 @@ async function cmdDaemonAttach(args) {
 
     const {
       attachClaudeDaemonSession,
-      deriveClaudeDaemonPaths,
-      findDaemonJobBySessionId,
-      sendClaudeControlRequest,
+      buildDaemonControlAuth,
+      probeClaudeDaemonCandidates,
     } = await loadDaemonControl();
-    const daemonPaths = deriveClaudeDaemonPaths({
+    const probe = await probeClaudeDaemonCandidates({
       configDir: payload.configDir,
+      env: process.env,
+      short: payload.short,
+      sessionId: payload.sessionId,
+      timeoutMs: numericOption(payload.timeoutMs, 6000),
     });
-    let short = payload.short;
-    if (!short && payload.sessionId) {
-      const list = await sendClaudeControlRequest(
-        daemonPaths.controlSock,
-        { proto: 1, op: "list" },
-        { timeoutMs: numericOption(payload.timeoutMs, 6000) },
+    if (!probe.ok) return emitJson(daemonAttachProbeFailureResult(probe));
+    const short = payload.short ?? probe.target?.short;
+    if (!short) {
+      return emitJson(
+        daemonAttachProbeFailureResult({
+          ...probe,
+          ok: false,
+          reason: "target-not-found",
+          error: "short or resolvable sessionId is required",
+        }),
       );
-      const target = findDaemonJobBySessionId(list, payload.sessionId);
-      short = target?.short;
     }
-    if (!short) throw new Error("short or resolvable sessionId is required");
-
-    const result = await attachClaudeDaemonSession({
-      controlSock: daemonPaths.controlSock,
-      short,
-      input: payload.prompt,
-      cols: numericOption(payload.cols, undefined),
-      rows: numericOption(payload.rows, undefined),
-      timeoutMs: numericOption(payload.timeoutMs, 30_000),
-    });
+    const controlAuth = await buildDaemonControlAuth(
+      probe.daemon?.configDir ?? payload.configDir,
+    );
+
+    let result;
+    try {
+      result = await attachClaudeDaemonSession({
+        controlSock: probe.controlSock,
+        short,
+        input: payload.prompt,
+        ...controlAuth,
+        cols: numericOption(payload.cols, undefined),
+        rows: numericOption(payload.rows, undefined),
+        timeoutMs: numericOption(payload.timeoutMs, 30_000),
+      });
+    } catch (error) {
+      return emitJson({
+        ...daemonAttachErrorResult(error),
+        ...daemonProbeMetadata(probe),
+      });
+    }
 
     return emitJson({
       ok: result.matchedCompletion === true,
@@ -1285,6 +1327,7 @@ async function cmdDaemonAttach(args) {
       inputSent: result.inputSent === true,
       error:
         result.handshake?.ok === false ? result.handshake?.error : undefined,
+      ...daemonProbeMetadata(probe),
     });
   } catch (error) {
     return emitJson(daemonAttachErrorResult(error));
@@ -1296,33 +1339,49 @@ async function cmdDaemonInterrupt(args) {
     const payload = readBridgePayload(args);
 
     const {
-      deriveClaudeDaemonPaths,
-      findDaemonJobBySessionId,
+      buildDaemonControlAuth,
       interruptClaudeDaemonSession,
-      sendClaudeControlRequest,
+      probeClaudeDaemonCandidates,
     } = await loadDaemonControl();
-    const daemonPaths = deriveClaudeDaemonPaths({
+    const probe = await probeClaudeDaemonCandidates({
       configDir: payload.configDir,
+      env: process.env,
+      short: payload.short,
+      sessionId: payload.sessionId,
+      timeoutMs: numericOption(payload.timeoutMs, 6000),
     });
-    let short = payload.short;
-    if (!short && payload.sessionId) {
-      const list = await sendClaudeControlRequest(
-        daemonPaths.controlSock,
-        { proto: 1, op: "list" },
-        { timeoutMs: numericOption(payload.timeoutMs, 6000) },
+    if (!probe.ok) return emitJson(daemonInterruptProbeFailureResult(probe));
+    const short = payload.short ?? probe.target?.short;
+    if (!short) {
+      return emitJson(
+        daemonInterruptProbeFailureResult({
+          ...probe,
+          ok: false,
+          reason: "target-not-found",
+          error: "short or resolvable sessionId is required",
+        }),
       );
-      const target = findDaemonJobBySessionId(list, payload.sessionId);
-      short = target?.short;
     }
-    if (!short) throw new Error("short or resolvable sessionId is required");
-
-    const result = await interruptClaudeDaemonSession({
-      controlSock: daemonPaths.controlSock,
-      short,
-      cols: numericOption(payload.cols, undefined),
-      rows: numericOption(payload.rows, undefined),
-      timeoutMs: numericOption(payload.timeoutMs, 5000),
-    });
+    const controlAuth = await buildDaemonControlAuth(
+      probe.daemon?.configDir ?? payload.configDir,
+    );
+
+    let result;
+    try {
+      result = await interruptClaudeDaemonSession({
+        controlSock: probe.controlSock,
+        short,
+        ...controlAuth,
+        cols: numericOption(payload.cols, undefined),
+        rows: numericOption(payload.rows, undefined),
+        timeoutMs: numericOption(payload.timeoutMs, 5000),
+      });
+    } catch (error) {
+      return emitJson({
+        ...daemonInterruptErrorResult(error),
+        ...daemonProbeMetadata(probe),
+      });
+    }
     const aborted = result.inputSent === true;
 
     return emitJson({
@@ -1336,6 +1395,7 @@ async function cmdDaemonInterrupt(args) {
       inputSent: result.inputSent === true,
       error:
         result.handshake?.ok === false ? result.handshake?.error : undefined,
+      ...daemonProbeMetadata(probe),
     });
   } catch (error) {
     return emitJson(daemonInterruptErrorResult(error));

package/hub/team/claude-daemon-control.mjs

@@ -16,7 +16,24 @@ import {
 
 export function resolveClaudeConfigDir(env = process.env) {
   if (env.CLAUDE_CONFIG_DIR) return path.resolve(env.CLAUDE_CONFIG_DIR);
-  return path.join(os.homedir(), ".claude");
+  return path.join(resolveClaudeHomeDir(env), ".claude");
+}
+
+export function resolveClaudeHomeDir(
+  env = process.env,
+  platform = process.platform,
+) {
+  // win32: claude daemon launcher 의 os.homedir() 는 USERPROFILE 기반이고
+  // HOME 을 보지 않는다. git-bash 가 HOME 을 따로 잡아도 launcher 폴백을
+  // 그대로 미러해야 socket hash 가 daemon 과 일치한다 (HOME 수용 금지).
+  if (platform === "win32") {
+    const userProfile = nullableEnv(env.USERPROFILE);
+    return userProfile ? path.resolve(userProfile) : os.homedir();
+  }
+  // POSIX 는 HOME 우선 — sandbox HOME 오버라이드를 추적하는 provenance
+  // 해석(#382)과 일치 (os.homedir() 도 POSIX 에서는 HOME 을 우선한다).
+  const home = nullableEnv(env.HOME);
+  return home ? path.resolve(home) : os.homedir();
 }
 
 export function deriveClaudeDaemonPaths({
@@ -44,6 +61,316 @@ export function deriveClaudeDaemonPaths({
   };
 }
 
+function nullableEnv(value) {
+  const text = typeof value === "string" ? value.trim() : "";
+  return text.length > 0 ? text : null;
+}
+
+function defaultClaudeConfigDir(env = process.env) {
+  return path.join(resolveClaudeHomeDir(env), ".claude");
+}
+
+export function detectCallerProvenance(env = process.env) {
+  const claudeConfigDir = nullableEnv(env.CLAUDE_CONFIG_DIR);
+  const omxSessionId = nullableEnv(env.OMX_SESSION_ID);
+  const omxEntryPath = nullableEnv(env.OMX_ENTRY_PATH);
+  const codexThreadId = nullableEnv(env.CODEX_THREAD_ID);
+  const codexLauncher =
+    omxSessionId || omxEntryPath ? "omx" : codexThreadId ? "codex" : "unknown";
+  return {
+    claudeLauncher: "unknown",
+    codexLauncher,
+    signals: {
+      claudeConfigDir,
+      omxSessionId,
+      omxEntryPath,
+      codexThreadId,
+    },
+  };
+}
+
+export async function readOmcLaunchProfile(configDir) {
+  if (!configDir) return null;
+  try {
+    // Provenance hint only: OMC writes this profile in its runtime config dir.
+    // It is not an auth/security boundary and must not override explicit/env
+    // config-dir authority.
+    const parsed = JSON.parse(
+      await fs.readFile(
+        path.join(path.resolve(configDir), ".omc-launch-profile.json"),
+        "utf8",
+      ),
+    );
+    const sourceConfigDir = nullableEnv(parsed?.sourceConfigDir);
+    if (!sourceConfigDir) return null;
+    const sourceClaudeMd = nullableEnv(parsed?.sourceClaudeMd);
+    return {
+      sourceConfigDir: path.resolve(sourceConfigDir),
+      sourceClaudeMd: sourceClaudeMd ? path.resolve(sourceClaudeMd) : null,
+    };
+  } catch (error) {
+    if (error?.code === "ENOENT" || error instanceof SyntaxError) return null;
+    return null;
+  }
+}
+
+async function buildClaudeDaemonCandidate({
+  configDir,
+  configDirSource,
+  selectionMode,
+  env,
+  uid,
+  tmpRoot,
+}) {
+  const paths = deriveClaudeDaemonPaths({ configDir, uid, tmpRoot });
+  const defaultConfig = path.resolve(defaultClaudeConfigDir(env));
+  const omcProfile = await readOmcLaunchProfile(paths.configDir);
+  const claudeLauncher = omcProfile
+    ? "omc"
+    : paths.configDir === defaultConfig
+      ? "claude"
+      : "unknown";
+  return {
+    ...paths,
+    configDirSource,
+    selectionMode,
+    claudeLauncher,
+    sourceConfigDir: omcProfile?.sourceConfigDir,
+    sourceClaudeMd: omcProfile?.sourceClaudeMd ?? null,
+    callerProvenance: detectCallerProvenance(env),
+  };
+}
+
+export async function buildClaudeDaemonDiscoveryCandidates({
+  configDir,
+  env = process.env,
+  uid = typeof process.getuid === "function" ? process.getuid() : 0,
+  tmpRoot = "/tmp",
+} = {}) {
+  const explicitConfigDir = nullableEnv(configDir);
+  if (explicitConfigDir) {
+    return [
+      await buildClaudeDaemonCandidate({
+        configDir: explicitConfigDir,
+        configDirSource: "explicit",
+        selectionMode: "exact",
+        env,
+        uid,
+        tmpRoot,
+      }),
+    ];
+  }
+
+  const envConfigDir = nullableEnv(env.CLAUDE_CONFIG_DIR);
+  if (envConfigDir) {
+    return [
+      await buildClaudeDaemonCandidate({
+        configDir: envConfigDir,
+        configDirSource: "env",
+        selectionMode: "env-strict",
+        env,
+        uid,
+        tmpRoot,
+      }),
+    ];
+  }
+
+  const candidates = [];
+  const defaultConfig = defaultClaudeConfigDir(env);
+  const omcRuntime = path.join(defaultConfig, ".omc-launch");
+  if (await readOmcLaunchProfile(omcRuntime)) {
+    candidates.push(
+      await buildClaudeDaemonCandidate({
+        configDir: omcRuntime,
+        configDirSource: "omc-runtime",
+        selectionMode: "ambient",
+        env,
+        uid,
+        tmpRoot,
+      }),
+    );
+  }
+  candidates.push(
+    await buildClaudeDaemonCandidate({
+      configDir: defaultConfig,
+      configDirSource: "default",
+      selectionMode: "ambient",
+      env,
+      uid,
+      tmpRoot,
+    }),
+  );
+  return candidates;
+}
+
+export function publicClaudeDaemonCandidate(candidate) {
+  if (!candidate) return null;
+  return {
+    configDirSource: candidate.configDirSource,
+    selectionMode: candidate.selectionMode,
+    claudeLauncher: candidate.claudeLauncher,
+    configDir: candidate.configDir,
+    sourceConfigDir: candidate.sourceConfigDir ?? null,
+    sourceClaudeMd: candidate.sourceClaudeMd ?? null,
+    hash: candidate.hash,
+    controlSock: candidate.controlSock,
+  };
+}
+
+function sessionsFromDaemonList(listResponse) {
+  // probe 경로도 list/find 경로와 같은 정규화 row 를 내보내야 한다
+  // (jobs/sessions, snake_case, dispatch 중첩 변형 흡수 — 8016b724).
+  return extractClaudeAgentSessions(listResponse);
+}
+
+function errorMessage(error) {
+  return error?.message || String(error);
+}
+
+function findDaemonTargetInSessions(sessions, { short, sessionId } = {}) {
+  if (sessionId) {
+    return findDaemonJobBySessionId({ jobs: sessions }, sessionId);
+  }
+  if (short) {
+    return findDaemonJobByShort({ jobs: sessions }, short);
+  }
+  return null;
+}
+
+function candidateResultSummary(result) {
+  const summary = publicClaudeDaemonCandidate(result.candidate);
+  return {
+    ...summary,
+    ok: result.ok === true,
+    error: result.error ?? null,
+    sessionCount: Array.isArray(result.sessions) ? result.sessions.length : 0,
+  };
+}
+
+function buildProbeResponse({
+  candidates,
+  results,
+  selected,
+  matches,
+  targetRequested,
+  callerProvenance,
+}) {
+  const reachable = results.filter((result) => result.ok === true);
+  let ok = false;
+  let reason = "daemon-unavailable";
+  let error = null;
+
+  if (targetRequested && matches.length > 1) {
+    reason = "ambiguous-target";
+    error = `Claude daemon target ambiguous across ${matches.length} candidates`;
+  } else if (selected) {
+    ok = true;
+    reason = selected.target ? "target-found" : "daemon-available";
+  } else if (targetRequested && reachable.length > 0) {
+    reason = "target-not-found";
+    error = "Claude daemon target not found in reachable candidates";
+  } else if (results.length > 0) {
+    error =
+      results
+        .map((result) => result.error)
+        .filter(Boolean)
+        .join("; ") || "Claude daemon unavailable";
+  }
+
+  const selectedSessions = selected
+    ? selected.sessions
+    : targetRequested
+      ? []
+      : reachable.flatMap((result) => result.sessions);
+  const selectedDaemon = publicClaudeDaemonCandidate(selected?.candidate);
+  const reachableDaemons = reachable.map((result) =>
+    publicClaudeDaemonCandidate(result.candidate),
+  );
+
+  return {
+    ok,
+    reason,
+    controlSock: selected?.candidate?.controlSock,
+    daemon: selectedDaemon,
+    daemons: reachableDaemons,
+    sessions: selectedSessions,
+    target: selected?.target || undefined,
+    matches: matches.map((match) => ({
+      daemon: publicClaudeDaemonCandidate(match.candidate),
+      target: match.target,
+    })),
+    candidateResults: results.map(candidateResultSummary),
+    callerProvenance,
+    candidates: candidates.map(publicClaudeDaemonCandidate),
+    error: ok ? undefined : error,
+  };
+}
+
+export async function probeClaudeDaemonCandidates({
+  configDir,
+  env = process.env,
+  short,
+  sessionId,
+  timeoutMs = 6000,
+} = {}) {
+  const candidates = await buildClaudeDaemonDiscoveryCandidates({
+    configDir,
+    env,
+  });
+  const callerProvenance = detectCallerProvenance(env);
+  const targetRequested = Boolean(short || sessionId);
+  const results = [];
+
+  for (const candidate of candidates) {
+    try {
+      const list = await sendClaudeControlRequest(
+        candidate.controlSock,
+        { proto: 1, op: "list" },
+        { timeoutMs },
+      );
+      const sessions = sessionsFromDaemonList(list);
+      const ok = list?.ok !== false;
+      results.push({
+        ok,
+        candidate,
+        list,
+        sessions: ok ? sessions : [],
+        target: ok
+          ? findDaemonTargetInSessions(sessions, { short, sessionId })
+          : null,
+        error: ok ? null : list?.error || "Claude daemon list failed",
+      });
+    } catch (error) {
+      results.push({
+        ok: false,
+        candidate,
+        list: null,
+        sessions: [],
+        target: null,
+        error: errorMessage(error),
+      });
+    }
+  }
+
+  const matches = targetRequested
+    ? results.filter((result) => result.ok === true && result.target)
+    : [];
+  const selected = targetRequested
+    ? matches.length === 1
+      ? matches[0]
+      : null
+    : results.find((result) => result.ok === true) || null;
+
+  return buildProbeResponse({
+    candidates,
+    results,
+    selected,
+    matches,
+    targetRequested,
+    callerProvenance,
+  });
+}
+
 export function getProcStart(pid = process.pid) {
   if (!Number.isInteger(pid) || pid <= 0)
     throw new Error(`invalid pid: ${pid}`);
@@ -141,6 +468,7 @@ export function buildDaemonAttachRequest({
   cols = DEFAULT_DAEMON_ATTACH_COLS,
   rows = 40,
   caps = { terminal: null, mux: null, ssh: false },
+  auth,
 } = {}) {
   if (!short) throw new Error("short is required");
   return {
@@ -150,6 +478,7 @@ export function buildDaemonAttachRequest({
     cols,
     rows,
     caps,
+    ...(auth ? { auth } : {}),
   };
 }
 
@@ -683,6 +1012,7 @@ export function attachClaudeDaemonSession({
   controlSock,
   short,
   input,
+  auth,
   cols = DEFAULT_DAEMON_ATTACH_COLS,
   rows = 40,
   caps,
@@ -790,7 +1120,9 @@ export function attachClaudeDaemonSession({
     });
     socket.on("connect", () => {
       socket.write(
-        `${JSON.stringify(buildDaemonAttachRequest({ short, cols, rows, caps }))}\n`,
+        `${JSON.stringify(
+          buildDaemonAttachRequest({ short, cols, rows, caps, auth }),
+        )}\n`,
       );
     });
     socket.on("data", (chunk) => {
@@ -906,6 +1238,7 @@ export function attachClaudeDaemonSession({
 export function interruptClaudeDaemonSession({
   controlSock,
   short,
+  auth,
   cols = DEFAULT_DAEMON_ATTACH_COLS,
   rows = 40,
   caps,
@@ -956,7 +1289,9 @@ export function interruptClaudeDaemonSession({
     socket.on("error", fail);
     socket.on("connect", () => {
       socket.write(
-        `${JSON.stringify(buildDaemonAttachRequest({ short, cols, rows, caps }))}\n`,
+        `${JSON.stringify(
+          buildDaemonAttachRequest({ short, cols, rows, caps, auth }),
+        )}\n`,
       );
     });
     socket.on("data", (chunk) => {
@@ -1182,6 +1517,7 @@ export async function sendKillBySessionId({
   daemonPaths,
   sessionId,
   timeoutMs = 6000,
+  auth,
 } = {}) {
   const controlSock = daemonPaths?.controlSock;
   if (!controlSock || !sessionId) {
@@ -1201,12 +1537,16 @@ export async function sendKillBySessionId({
     if (!job?.short) {
       return { ok: true, killed: false, reason: "not_found" };
     }
+    const controlAuth = auth
+      ? { auth }
+      : await buildDaemonControlAuth(daemonPaths?.configDir);
     return await sendClaudeControlRequest(
       controlSock,
       {
         proto: 1,
         op: "kill",
         short: job.short,
+        ...controlAuth,
       },
       { timeoutMs },
     );
@@ -1356,6 +1696,7 @@ export async function teardownClaudeDaemonJob({
     _deps.removeClaudeSessionProjection || removeClaudeSessionProjection;
   const killJob = _deps.killDaemonJob || killDaemonJob;
   const removeJobStateImpl = _deps.removeClaudeJobState;
+  const buildAuth = _deps.buildDaemonControlAuth || buildDaemonControlAuth;
   const resolvedControlSock = controlSock || paths?.controlSock;
   const resolvedJobsDir =
     jobsDir ||
@@ -1371,7 +1712,10 @@ export async function teardownClaudeDaemonJob({
     steps.push(sendKillBySessionId({ daemonPaths, sessionId }).catch(() => {}));
   }
   if (resolvedControlSock && short) {
-    steps.push(killJob(resolvedControlSock, short).catch(() => {}));
+    const controlAuth = await buildAuth(paths?.configDir);
+    steps.push(
+      killJob(resolvedControlSock, short, controlAuth).catch(() => {}),
+    );
   }
   if (removeJobState && removeJobStateImpl && resolvedJobsDir && short) {
     steps.push(removeJobStateImpl(resolvedJobsDir, short).catch(() => {}));

package/hud/constants.mjs

@@ -165,6 +165,8 @@ export const ANTIGRAVITY_OAUTH_PATHS = [
   join(homedir(), ".gemini", "antigravity-cli", "credentials.json"),
   GEMINI_OAUTH_PATH,
 ];
+export const ANTIGRAVITY_KEYCHAIN_SERVICE = "gemini";
+export const ANTIGRAVITY_KEYCHAIN_ACCOUNT = "antigravity";
 export const ANTIGRAVITY_SETTINGS_PATH = join(
   homedir(),
   ".gemini",

package/hud/providers/gemini.mjs

@@ -2,12 +2,14 @@
 // Gemini 쿼터 API / 세션 토큰 / RPM 트래커
 // ============================================================================
 
-import { spawn } from "node:child_process";
+import { spawn, spawnSync } from "node:child_process";
 import { existsSync, readdirSync, readFileSync } from "node:fs";
 import https from "node:https";
 import { homedir } from "node:os";
 import { join } from "node:path";
 import {
+  ANTIGRAVITY_KEYCHAIN_ACCOUNT,
+  ANTIGRAVITY_KEYCHAIN_SERVICE,
   ANTIGRAVITY_MODEL_ABBREV,
   ANTIGRAVITY_OAUTH_PATHS,
   ANTIGRAVITY_SETTINGS_PATH,
@@ -61,7 +63,19 @@ export function getGeminiModelLabel(model) {
 
 // remainingFraction → 사용 퍼센트 변환 (remainingAmount가 있으면 절대값도 제공)
 export function deriveGeminiLimits(bucket) {
-  if (!bucket || bucket.remainingFraction == null) return null;
+  if (!bucket) return null;
+  // TODO(verify): Workspace quota 응답 모양 라이브 확인 필요
+  if (isGeminiUnlimitedBucket(bucket, bucket.remainingFraction)) {
+    return {
+      unlimited: true,
+      usedPct: null,
+      remaining: null,
+      limit: null,
+      resetTime: bucket.resetTime,
+      modelId: bucket.modelId,
+    };
+  }
+  if (bucket.remainingFraction == null) return null;
   const fraction = bucket.remainingFraction;
   const usedPct = clampPercent(Math.round((1 - fraction) * 100));
   // remainingAmount가 API에서 오면 절대값 역산 (Gemini CLI 방식)
@@ -85,6 +99,23 @@ export function deriveGeminiLimits(bucket) {
   };
 }
 
+function isUnlimitedValue(value) {
+  if (value === Infinity) return true;
+  if (typeof value !== "string") return false;
+  const normalized = value.trim().toLowerCase();
+  return normalized === "infinity" || normalized === "unlimited";
+}
+
+function isGeminiUnlimitedBucket(bucket, fraction) {
+  return (
+    bucket?.unlimited === true ||
+    isUnlimitedValue(fraction) ||
+    isUnlimitedValue(bucket?.limit) ||
+    isUnlimitedValue(bucket?.remaining) ||
+    isUnlimitedValue(bucket?.remainingAmount)
+  );
+}
+
 function getCredentialEmail(credential) {
   return (
     decodeJwtEmail(credential?.id_token) ||
@@ -165,7 +196,21 @@ export function deriveGeminiFamilyBucket(buckets) {
 }
 
 export function buildGeminiAuthContext(accountId) {
-  const oauth = readJson(GEMINI_OAUTH_PATH, null);
+  let oauth = readJson(GEMINI_OAUTH_PATH, null);
+  const fileExpired =
+    oauth?.expiry_date != null && oauth.expiry_date < Date.now();
+  // Preserve a valid Gemini file token; agy Keychain is only a missing/expired fallback.
+  if (!oauth?.access_token || fileExpired) {
+    const keychainOAuth = getAntigravityTokenFromKeychain();
+    if (keychainOAuth?.access_token) {
+      const {
+        expiry_date: _dropExpiry,
+        access_token: _dropToken,
+        ...fileRest
+      } = oauth || {};
+      oauth = { ...fileRest, ...keychainOAuth };
+    }
+  }
   const tokenSource =
     oauth?.refresh_token || oauth?.id_token || oauth?.access_token || "";
   const tokenFingerprint = tokenSource ? makeHash(tokenSource) : "none";
@@ -173,6 +218,93 @@ export function buildGeminiAuthContext(accountId) {
   return { oauth, tokenFingerprint, cacheKey };
 }
 
+function firstPresent(...values) {
+  for (const value of values) {
+    if (value != null && value !== "") return value;
+  }
+  return null;
+}
+
+function normalizeExpiryDate(value) {
+  if (value == null || value === "") return null;
+  if (typeof value === "number" && Number.isFinite(value)) {
+    return value < 1_000_000_000_000 ? value * 1000 : value;
+  }
+  if (typeof value === "string") {
+    const numeric = Number(value);
+    if (Number.isFinite(numeric)) return normalizeExpiryDate(numeric);
+    const parsed = Date.parse(value);
+    if (Number.isFinite(parsed)) return parsed;
+  }
+  return null;
+}
+
+function normalizeAntigravityCredential(parsed) {
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    return null;
+  }
+  const accessToken = firstPresent(
+    parsed.access_token,
+    parsed.accessToken,
+    parsed.access?.token,
+    parsed.token,
+  );
+  if (!accessToken) return null;
+  const normalized = { ...parsed, access_token: accessToken };
+  const idToken = firstPresent(parsed.id_token, parsed.idToken);
+  if (idToken) normalized.id_token = idToken;
+  const refreshToken = firstPresent(parsed.refresh_token, parsed.refreshToken);
+  if (refreshToken) normalized.refresh_token = refreshToken;
+  const expiryDate = normalizeExpiryDate(
+    firstPresent(
+      parsed.expiry_date,
+      parsed.expiryDate,
+      parsed.expiry,
+      parsed.expires_at,
+      parsed.expiresAt,
+    ),
+  );
+  if (expiryDate != null) normalized.expiry_date = expiryDate;
+  return normalized;
+}
+
+function getAntigravityTokenFromKeychain() {
+  // macOS Keychain only; elsewhere `security` is absent (wasted spawn) or a
+  // different PATH binary entirely, so skip on Linux/Windows and let the
+  // file-token fallback apply. TFX_HUD_KEYCHAIN_FORCE=1 re-enables the spawn
+  // for cross-platform tests that inject a fake `security` via PATH.
+  if (
+    process.platform !== "darwin" &&
+    process.env.TFX_HUD_KEYCHAIN_FORCE !== "1"
+  ) {
+    return null;
+  }
+  try {
+    const result = spawnSync(
+      "security",
+      [
+        "find-generic-password",
+        "-s",
+        ANTIGRAVITY_KEYCHAIN_SERVICE,
+        "-a",
+        ANTIGRAVITY_KEYCHAIN_ACCOUNT,
+        "-w",
+      ],
+      { encoding: "utf8", timeout: 3000 },
+    );
+    if (result.status !== 0) return null;
+    const stdout = result.stdout?.trim();
+    if (!stdout) return null;
+    try {
+      return normalizeAntigravityCredential(JSON.parse(stdout));
+    } catch {
+      return { access_token: stdout };
+    }
+  } catch {
+    return null;
+  }
+}
+
 // ============================================================================
 // Gemini 쿼터 API 호출 (5분 캐시)
 // ============================================================================

package/hud/renderers.mjs

@@ -51,6 +51,25 @@ import {
   truncateAnsi,
 } from "./utils.mjs";
 
+function formatGeminiLimitValue(limit, provFn) {
+  if (limit?.unlimited) return provFn("\u221E");
+  const usedP = limit?.usedPct;
+  if (usedP == null) return dim(formatPlaceholderPercentCell());
+  return colorByProvider(usedP, formatPercentCell(usedP), provFn);
+}
+
+function getGeminiLimitUsedPercent(bucket, limit) {
+  if (limit?.unlimited) return null;
+  if (limit?.usedPct != null) return limit.usedPct;
+  return clampPercent(Math.round((1 - (bucket?.remainingFraction ?? 1)) * 100));
+}
+
+function formatGeminiCompactValue(bucket, limit, provFn) {
+  if (limit?.unlimited) return provFn("\u221E");
+  const usedP = getGeminiLimitUsedPercent(bucket, limit);
+  return usedP != null ? colorByProvider(usedP, `${usedP}`, provFn) : dim("--");
+}
+
 // ============================================================================
 // 최근 벤치마크 diff 파일 읽기
 // ============================================================================
@@ -299,10 +318,7 @@ export function getMicroLine(
   let gVal;
   if (geminiBucket) {
     const gl = deriveGeminiLimits(geminiBucket);
-    const gU = gl
-      ? gl.usedPct
-      : clampPercent((1 - (geminiBucket.remainingFraction ?? 1)) * 100);
-    gVal = colorByProvider(gU, `${gU}`, geminiBlue);
+    gVal = formatGeminiCompactValue(geminiBucket, gl, geminiBlue);
   } else if ((geminiSession?.total || 0) > 0) {
     gVal = geminiBlue("\u221E");
   } else {
@@ -468,11 +484,10 @@ function formatAntigravityQuotaSection(
       return withTime ? `${base} ${dim(formatTimeCell("n/a"))}` : base;
     }
     const gl = deriveGeminiLimits(bucket);
-    const usedP = gl
-      ? gl.usedPct
-      : clampPercent(Math.round((1 - (bucket.remainingFraction ?? 1)) * 100));
-    const bar = withBar ? tierBar(currentTier, usedP, provAnsi) : "";
-    const base = `${dim(`${label}:`)}${bar}${colorByProvider(usedP, formatPercentCell(usedP), provFn)}`;
+    const usedP = getGeminiLimitUsedPercent(bucket, gl);
+    const bar =
+      withBar && usedP != null ? tierBar(currentTier, usedP, provAnsi) : "";
+    const base = `${dim(`${label}:`)}${bar}${formatGeminiLimitValue(gl, provFn)}`;
     if (!withTime) return base;
     const rstRemaining =
       formatResetRemaining(bucket.resetTime, ONE_DAY_MS) || "n/a";
@@ -558,20 +573,14 @@ export function getProviderRow(
     if (provider === "gemini" && realQuota?.type === "gemini") {
       const pools = realQuota.pools || {};
       if (pools.pro || pools.flash) {
-        const pP = pools.pro
-          ? clampPercent(
-              Math.round((1 - (pools.pro.remainingFraction ?? 1)) * 100),
-            )
-          : null;
-        const pF = pools.flash
-          ? clampPercent(
-              Math.round((1 - (pools.flash.remainingFraction ?? 1)) * 100),
-            )
-          : null;
-        const pStr =
-          pP != null ? colorByProvider(pP, `${pP}`, provFn) : dim("--");
-        const fStr =
-          pF != null ? colorByProvider(pF, `${pF}`, provFn) : dim("--");
+        const pP = pools.pro ? deriveGeminiLimits(pools.pro) : null;
+        const pF = pools.flash ? deriveGeminiLimits(pools.flash) : null;
+        const pStr = pools.pro
+          ? formatGeminiCompactValue(pools.pro, pP, provFn)
+          : dim("--");
+        const fStr = pools.flash
+          ? formatGeminiCompactValue(pools.flash, pF, provFn)
+          : dim("--");
         return {
           prefix: minPrefix,
           left: `${pStr}${dim("/")}${fStr}`,
@@ -622,10 +631,7 @@ export function getProviderRow(
           if (!bucket)
             return `${dim(label + ":")}${dim(formatPlaceholderPercentCell())}`;
           const gl = deriveGeminiLimits(bucket);
-          const usedP = gl
-            ? gl.usedPct
-            : clampPercent((1 - (bucket.remainingFraction ?? 1)) * 100);
-          return `${dim(label + ":")}${colorByProvider(usedP, formatPercentCell(usedP), provFn)}`;
+          return `${dim(label + ":")}${formatGeminiLimitValue(gl, provFn)}`;
         };
         quotaSection = `${slot(pools.pro, "Pr")} ${slot(pools.flash, "Fl")}`;
       } else {
@@ -691,12 +697,9 @@ export function getProviderRow(
           if (!bucket)
             return `${dim(label + ":")}${dim(formatPlaceholderPercentCell())} ${dim(formatTimeCell("n/a"))}`;
           const gl = deriveGeminiLimits(bucket);
-          const usedP = gl
-            ? gl.usedPct
-            : clampPercent((1 - (bucket.remainingFraction ?? 1)) * 100);
           const rstRemaining =
             formatResetRemaining(bucket.resetTime, ONE_DAY_MS) || "n/a";
-          return `${dim(label + ":")}${colorByProvider(usedP, formatPercentCell(usedP), provFn)} ${dim(formatTimeCell(rstRemaining))}`;
+          return `${dim(label + ":")}${formatGeminiLimitValue(gl, provFn)} ${dim(formatTimeCell(rstRemaining))}`;
         };
         quotaSection = `${slot(pools.pro, "Pr")} ${slot(pools.flash, "Fl")}`;
       } else {
@@ -778,12 +781,11 @@ export function getProviderRow(
           return `${dim(label + ":")}${tierDimBar(currentTier)}${dim(formatPlaceholderPercentCell())} ${dim(formatTimeCell("n/a"))}`;
         }
         const gl = deriveGeminiLimits(bucket);
-        const usedP = gl
-          ? gl.usedPct
-          : clampPercent((1 - (bucket.remainingFraction ?? 1)) * 100);
+        const usedP = getGeminiLimitUsedPercent(bucket, gl);
         const rstRemaining =
           formatResetRemaining(bucket.resetTime, ONE_DAY_MS) || "n/a";
-        return `${dim(label + ":")}${tierBar(currentTier, usedP, provAnsi)}${colorByProvider(usedP, formatPercentCell(usedP), provFn)} ${dim(formatTimeCell(rstRemaining))}`;
+        const bar = usedP != null ? tierBar(currentTier, usedP, provAnsi) : "";
+        return `${dim(label + ":")}${bar}${formatGeminiLimitValue(gl, provFn)} ${dim(formatTimeCell(rstRemaining))}`;
       };
 
       quotaSection = `${slot(pools.pro, "Pr")} ${slot(pools.flash, "Fl")}`;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@triflux/core",
-  "version": "10.34.0",
+  "version": "10.35.0",
   "description": "triflux core — CLI routing, pipeline, adapters. Zero native dependencies.",
   "type": "module",
   "main": "hub/index.mjs",

package/scripts/lib/mcp-manifest.mjs

@@ -13,8 +13,8 @@ export const MANIFEST_PATH = join(
   "mcp-enabled.json",
 );
 
-/** API 키 불필요 — 항상 활성화 for gateway-managed MCP servers */
-export const CORE_SERVERS = Object.freeze(["serena"]);
+/** API 키 불필요 — 항상 활성화 for gateway-managed MCP servers (현재 없음 — serena는 2026-06-10 core에서 제거) */
+export const CORE_SERVERS = Object.freeze([]);
 
 /** 검색 MCP — API 키 필요 */
 export const SEARCH_SERVERS = Object.freeze([