@vellumai/assistant 0.3.6 → 0.3.8

package/src/daemon/handlers/subagents.ts

@@ -109,10 +109,17 @@ export function handleSubagentMessage(
     return;
   }
 
-  const sent = manager.sendMessage(msg.subagentId, msg.content);
+  const result = manager.sendMessage(msg.subagentId, msg.content);
 
-  if (!sent) {
-    log.warn({ subagentId: msg.subagentId }, 'Client sent message to terminal subagent');
+  if (result === 'queue_full') {
+    log.warn({ subagentId: msg.subagentId }, 'Subagent message rejected — queue full');
+    ctx.send(socket, {
+      type: 'error',
+      message: `Subagent "${msg.subagentId}" message queue is full. Please wait for current messages to be processed.`,
+      category: 'queue_full',
+    });
+  } else if (result !== 'sent') {
+    log.warn({ subagentId: msg.subagentId, reason: result }, 'Client sent message to terminal subagent');
     ctx.send(socket, {
       type: 'error',
       message: `Subagent "${msg.subagentId}" not found or in terminal state.`,

package/src/daemon/ipc-contract/sessions.ts

@@ -43,6 +43,12 @@ export interface SessionSwitchRequest {
   sessionId: string;
 }
 
+export interface SessionRenameRequest {
+  type: 'session_rename';
+  sessionId: string;
+  title: string;
+}
+
 export interface AuthMessage {
   type: 'auth';
   token: string;

package/src/daemon/ipc-contract-inventory.json

@@ -79,6 +79,7 @@
     "SecretResponse",
     "SessionCreateRequest",
     "SessionListRequest",
+    "SessionRenameRequest",
     "SessionSwitchRequest",
     "SessionsClearRequest",
     "ShareAppCloudRequest",
@@ -363,6 +364,7 @@
     "secret_response",
     "session_create",
     "session_list",
+    "session_rename",
     "session_switch",
     "sessions_clear",
     "share_app_cloud",

package/src/daemon/ipc-contract.ts

@@ -29,7 +29,7 @@ export * from './ipc-contract/inbox.js';
 export * from './ipc-contract/pairing.js';
 
 // Import types needed for aggregate unions and SubagentEvent
-import type { AuthMessage, PingMessage, CancelRequest, DeleteQueuedMessage, ModelGetRequest, ModelSetRequest, ImageGenModelSetRequest, HistoryRequest, UndoRequest, RegenerateRequest, UsageRequest, SandboxSetRequest, SessionListRequest, SessionCreateRequest, SessionSwitchRequest, SessionsClearRequest, ConversationSearchRequest } from './ipc-contract/sessions.js';
+import type { AuthMessage, PingMessage, CancelRequest, DeleteQueuedMessage, ModelGetRequest, ModelSetRequest, ImageGenModelSetRequest, HistoryRequest, UndoRequest, RegenerateRequest, UsageRequest, SandboxSetRequest, SessionListRequest, SessionCreateRequest, SessionSwitchRequest, SessionRenameRequest, SessionsClearRequest, ConversationSearchRequest } from './ipc-contract/sessions.js';
 import type { UserMessage, ConfirmationResponse, SecretResponse, SuggestionRequest } from './ipc-contract/messages.js';
 import type { UiSurfaceAction, UiSurfaceUndoRequest } from './ipc-contract/surfaces.js';
 import type { SkillsListRequest, SkillDetailRequest, SkillsEnableRequest, SkillsDisableRequest, SkillsConfigureRequest, SkillsInstallRequest, SkillsUninstallRequest, SkillsUpdateRequest, SkillsCheckUpdatesRequest, SkillsSearchRequest, SkillsInspectRequest } from './ipc-contract/skills.js';
@@ -84,6 +84,7 @@ export type ClientMessage =
   | SessionListRequest
   | SessionCreateRequest
   | SessionSwitchRequest
+  | SessionRenameRequest
   | PingMessage
   | CancelRequest
   | DeleteQueuedMessage

package/src/daemon/lifecycle.ts

@@ -35,6 +35,8 @@ import { QdrantManager } from '../memory/qdrant-manager.js';
 import { initQdrantClient } from '../memory/qdrant-client.js';
 import { startScheduler } from '../schedule/scheduler.js';
 import { RuntimeHttpServer } from '../runtime/http-server.js';
+import { assistantEventHub } from '../runtime/assistant-event-hub.js';
+import * as attachmentsStore from '../memory/attachments-store.js';
 import { getHookManager } from '../hooks/manager.js';
 import { installTemplates } from '../hooks/templates.js';
 import { installCliLaunchers } from './install-cli-launchers.js';
@@ -46,6 +48,7 @@ import { createApprovalCopyGenerator, createApprovalConversationGenerator } from
 import { initializeProvidersAndTools, registerWatcherProviders, registerMessagingProviders } from './providers-setup.js';
 import { installShutdownHandlers } from './shutdown-handlers.js';
 import { writePid, cleanupPidFile } from './daemon-control.js';
+import { initPairingHandlers } from './handlers/pairing.js';
 
 // Re-export public API so existing consumers don't need to change imports
 export {
@@ -259,11 +262,24 @@ export async function runDaemon(): Promise<void> {
     interfacesDir: getInterfacesDir(),
     approvalCopyGenerator: createApprovalCopyGenerator(),
     approvalConversationGenerator: createApprovalConversationGenerator(),
+    sendMessageDeps: {
+      getOrCreateSession: (conversationId) =>
+        server.getSessionForMessages(conversationId),
+      assistantEventHub,
+      resolveAttachments: (attachmentIds) =>
+        attachmentsStore.getAttachmentsByIds(attachmentIds).map((a) => ({
+          id: a.id,
+          filename: a.originalFilename,
+          mimeType: a.mimeType,
+          data: a.dataBase64,
+        })),
+    },
   });
   try {
     await runtimeHttp.start();
     setRelayBroadcast((msg) => server.broadcast(msg));
     runtimeHttp.setPairingBroadcast((msg) => server.broadcast(msg));
+    initPairingHandlers(runtimeHttp.getPairingStore(), bearerToken);
     server.setHttpPort(httpPort);
     log.info({ port: httpPort, hostname }, 'Daemon startup: runtime HTTP server listening');
   } catch (err) {

package/src/daemon/server.ts

@@ -819,6 +819,14 @@ export class DaemonServer {
     return { messageId };
   }
 
+  /**
+   * Expose session lookup for the POST /v1/messages handler.
+   * The handler manages busy-state checking and queueing itself.
+   */
+  async getSessionForMessages(conversationId: string): Promise<Session> {
+    return this.getOrCreateSession(conversationId, undefined, true);
+  }
+
   createRunOrchestrator(): RunOrchestrator {
     return new RunOrchestrator({
       getOrCreateSession: (conversationId, transport) =>

package/src/daemon/session-queue-manager.ts

@@ -78,11 +78,6 @@ export class MessageQueue {
 
     if (this.items.length >= MAX_QUEUE_DEPTH) {
       this.droppedCount++;
-      item.onEvent({
-        type: 'error',
-        message: 'Message queue is full. Please wait for current messages to be processed.',
-        category: 'queue_full',
-      });
       return false;
     }
 
@@ -149,21 +144,28 @@ export class MessageQueue {
   private expireStale(): void {
     const now = Date.now();
     const cutoff = now - this.maxWaitMs;
-    const before = this.items.length;
+    const expired: QueuedMessage[] = [];
     this.items = this.items.filter((item) => {
       if (item.queuedAt < cutoff) {
         this.expiredCount++;
-        log.warn({ requestId: item.requestId, waitMs: now - item.queuedAt }, 'Expiring stale queued message');
+        expired.push(item);
+        return false;
+      }
+      return true;
+    });
+    for (const item of expired) {
+      log.warn({ requestId: item.requestId, waitMs: now - item.queuedAt }, 'Expiring stale queued message');
+      try {
         item.onEvent({
           type: 'error',
           message: 'Your queued message was dropped because it waited too long in the queue.',
           category: 'queue_expired',
         });
-        return false;
+      } catch (e) {
+        log.debug({ err: e, requestId: item.requestId }, 'Failed to notify client of expired message');
       }
-      return true;
-    });
-    if (this.items.length < before && this.items.length / MAX_QUEUE_DEPTH < CAPACITY_WARNING_THRESHOLD) {
+    }
+    if (expired.length > 0 && this.items.length / MAX_QUEUE_DEPTH < CAPACITY_WARNING_THRESHOLD) {
       this.capacityWarned = false;
     }
   }

package/src/daemon/session-surfaces.ts

@@ -140,7 +140,14 @@ export function createSurfaceMutex(): <T>(surfaceId: string, fn: () => T | Promi
     const prev = chains.get(surfaceId) ?? Promise.resolve();
     const next = prev.then(fn, fn);
     // Keep the chain alive but swallow errors so one failure doesn't block subsequent ops
-    chains.set(surfaceId, next.then(() => {}, () => {}));
+    const tail = next.then(() => {}, () => {});
+    chains.set(surfaceId, tail);
+    // Clean up the map entry once the queue settles to prevent unbounded growth
+    tail.then(() => {
+      if (chains.get(surfaceId) === tail) {
+        chains.delete(surfaceId);
+      }
+    });
     return next;
   };
 }

package/src/memory/migrations/016-memory-segments-indexes.ts

@@ -1,11 +1,12 @@
 import type { DrizzleDb } from '../db-connection.js';
 
 /**
- * Idempotent migration to ensure memory_segments has indexes on scope_id and
- * conversation_id for faster lookups.  scope_id was already covered by
- * db-init, but we include both here for completeness.
+ * Idempotent migration to add a scope_id index on memory_segments.
+ * conversation_id is already covered by the composite index
+ * idx_memory_segments_conversation_created(conversation_id, created_at DESC)
+ * in db-init, so a standalone index is unnecessary.
  */
 export function migrateMemorySegmentsIndexes(database: DrizzleDb): void {
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_memory_segments_scope_id ON memory_segments(scope_id)`);
-  database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_memory_segments_conversation_id ON memory_segments(conversation_id)`);
+  database.run(/*sql*/ `DROP INDEX IF EXISTS idx_memory_segments_conversation_id`);
 }

package/src/memory/migrations/017-memory-items-indexes.ts

@@ -1,10 +1,12 @@
 import type { DrizzleDb } from '../db-connection.js';
 
 /**
- * Idempotent migration to add indexes on memory_items for scope_id and
- * fingerprint — critical for duplicate detection and scope-filtered queries.
+ * Idempotent migration to add an index on memory_items.scope_id for
+ * scope-filtered queries. The standalone fingerprint index is intentionally
+ * omitted — it's superseded by the compound unique index
+ * idx_memory_items_fingerprint_scope(fingerprint, scope_id), which already
+ * covers single-column lookups on fingerprint as its leading column.
  */
 export function migrateMemoryItemsIndexes(database: DrizzleDb): void {
   database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_memory_items_scope_id ON memory_items(scope_id)`);
-  database.run(/*sql*/ `CREATE INDEX IF NOT EXISTS idx_memory_items_fingerprint ON memory_items(fingerprint)`);
 }

package/src/memory/retriever.ts

@@ -779,7 +779,10 @@ function isAbortError(err: unknown): boolean {
  * in the message. This avoids false positives from dimension numbers like 512.
  */
 function getErrorStatusCode(err: Error): unknown {
-  if ('status' in err) return (err as { status: unknown }).status;
+  if ('status' in err) {
+    const status = (err as { status: unknown }).status;
+    if (status != null) return status;
+  }
   if ('statusCode' in err) return (err as { statusCode: unknown }).statusCode;
   return undefined;
 }

package/src/memory/schema.ts

@@ -64,7 +64,6 @@ export const memorySegments = sqliteTable('memory_segments', {
   updatedAt: integer('updated_at').notNull(),
 }, (table) => [
   index('idx_memory_segments_scope_id').on(table.scopeId),
-  index('idx_memory_segments_conversation_id').on(table.conversationId),
 ]);
 
 export const memoryItems = sqliteTable('memory_items', {

package/src/permissions/checker.ts

@@ -16,16 +16,23 @@ import type { ManifestOverride } from '../tools/execution-target.js';
 
 // ── Risk classification cache ────────────────────────────────────────────────
 // classifyRisk() is called on every permission check and can invoke WASM
-// parsing for shell commands. Cache results keyed on (toolName, inputHash).
+// parsing for shell commands. Cache results keyed on
+// (toolName, inputHash, workingDir, manifestOverride).
 // Invalidated when trust rules change since risk classification for file tools
 // depends on skill source path checks which reference config, but the core
 // risk logic is input-deterministic.
 const RISK_CACHE_MAX = 256;
 const riskCache = new Map<string, RiskLevel>();
 
-function riskCacheKey(toolName: string, input: Record<string, unknown>): string {
+function riskCacheKey(toolName: string, input: Record<string, unknown>, workingDir?: string, manifestOverride?: ManifestOverride): string {
   const inputJson = JSON.stringify(input);
-  const hash = createHash('sha256').update(inputJson).digest('hex');
+  const hash = createHash('sha256')
+    .update(inputJson)
+    .update('\0')
+    .update(workingDir ?? '')
+    .update('\0')
+    .update(manifestOverride ? JSON.stringify(manifestOverride) : '')
+    .digest('hex');
   return `${toolName}\0${hash}`;
 }
 
@@ -305,11 +312,11 @@ async function buildCommandCandidates(toolName: string, input: Record<string, un
 }
 
 export async function classifyRisk(toolName: string, input: Record<string, unknown>, workingDir?: string, preParsed?: ParsedCommand, manifestOverride?: ManifestOverride, signal?: AbortSignal): Promise<RiskLevel> {
-  if (signal?.aborted) throw new Error('Cancelled');
+  signal?.throwIfAborted();
 
   // Check cache first (skip when preParsed is provided since caller already
   // parsed and we'd just be duplicating the key computation cost).
-  const cacheKey = preParsed ? null : riskCacheKey(toolName, input);
+  const cacheKey = preParsed ? null : riskCacheKey(toolName, input, workingDir, manifestOverride);
   if (cacheKey) {
     const cached = riskCache.get(cacheKey);
     if (cached !== undefined) {
@@ -466,7 +473,7 @@ export async function check(
   manifestOverride?: ManifestOverride,
   signal?: AbortSignal,
 ): Promise<PermissionCheckResult> {
-  if (signal?.aborted) throw new Error('Cancelled');
+  signal?.throwIfAborted();
 
   // For shell tools, parse once and share the result to avoid duplicate tree-sitter work.
   let shellParsed: ParsedCommand | undefined;
@@ -608,7 +615,7 @@ function friendlyHostname(url: URL): string {
 }
 
 export async function generateAllowlistOptions(toolName: string, input: Record<string, unknown>, signal?: AbortSignal): Promise<AllowlistOption[]> {
-  if (signal?.aborted) throw new Error('Cancelled');
+  signal?.throwIfAborted();
   if (toolName === 'bash' || toolName === 'host_bash') {
     const command = ((input.command as string) ?? '').trim();
     return buildShellAllowlistOptions(command);

package/src/runtime/assistant-event-hub.ts

@@ -123,7 +123,9 @@ export class AssistantEventHub {
     for (const entry of snapshot) {
       if (!entry.active) continue;
       if (entry.filter.assistantId !== event.assistantId) continue;
-      if (entry.filter.sessionId != null && entry.filter.sessionId !== event.sessionId) continue;
+      // System events (no sessionId) match all subscribers; scoped events
+      // must match the subscriber's sessionId filter when present.
+      if (event.sessionId != null && entry.filter.sessionId != null && entry.filter.sessionId !== event.sessionId) continue;
       try {
         await entry.callback(event);
       } catch (err) {

package/src/runtime/http-server.ts

@@ -1,8 +1,8 @@
 /**
  * Optional HTTP server that exposes the canonical runtime API.
  *
- * Runs in the same process as the daemon. Started only when
- * `RUNTIME_HTTP_PORT` is set (default: disabled).
+ * Runs in the same process as the daemon. Always started on the
+ * configured port (default: 7821).
  */
 
 import { existsSync, readFileSync } from 'node:fs';
@@ -77,6 +77,9 @@ import type { BrowserRelayWebSocketData } from '../browser-extension-relay/serve
 import { handleSubscribeAssistantEvents } from './routes/events-routes.js';
 import { consumeCallback, consumeCallbackError } from '../security/oauth-callback-registry.js';
 import { PairingStore } from '../daemon/pairing-store.js';
+import type { ServerMessage } from '../daemon/ipc-contract.js';
+import { assistantEventHub } from './assistant-event-hub.js';
+import { buildAssistantEvent } from './assistant-event.js';
 
 // Middleware
 import {
@@ -118,6 +121,7 @@ export type {
   RuntimeAttachmentMetadata,
   ApprovalCopyGenerator,
   ApprovalConversationGenerator,
+  SendMessageDeps,
 } from './http-types.js';
 
 import type {
@@ -126,6 +130,7 @@ import type {
   RuntimeHttpServerOptions,
   ApprovalCopyGenerator,
   ApprovalConversationGenerator,
+  SendMessageDeps,
 } from './http-types.js';
 
 const log = getLogger('runtime-http');
@@ -152,7 +157,8 @@ export class RuntimeHttpServer {
   private retrySweepTimer: ReturnType<typeof setInterval> | null = null;
   private sweepInProgress = false;
   private pairingStore = new PairingStore();
-  private pairingBroadcast?: (msg: { type: string; [key: string]: unknown }) => void;
+  private pairingBroadcast?: (msg: ServerMessage) => void;
+  private sendMessageDeps?: SendMessageDeps;
 
   constructor(options: RuntimeHttpServerOptions = {}) {
     this.port = options.port ?? DEFAULT_PORT;
@@ -164,6 +170,7 @@ export class RuntimeHttpServer {
     this.approvalCopyGenerator = options.approvalCopyGenerator;
     this.approvalConversationGenerator = options.approvalConversationGenerator;
     this.interfacesDir = options.interfacesDir ?? null;
+    this.sendMessageDeps = options.sendMessageDeps;
   }
 
   /** The port the server is actually listening on (resolved after start). */
@@ -177,15 +184,24 @@ export class RuntimeHttpServer {
   }
 
   /** Set a callback for broadcasting IPC messages (wired by daemon server). */
-  setPairingBroadcast(fn: (msg: { type: string; [key: string]: unknown }) => void): void {
+  setPairingBroadcast(fn: (msg: ServerMessage) => void): void {
     this.pairingBroadcast = fn;
   }
 
   private get pairingContext(): PairingHandlerContext {
+    const ipcBroadcast = this.pairingBroadcast;
     return {
       pairingStore: this.pairingStore,
       bearerToken: this.bearerToken,
-      pairingBroadcast: this.pairingBroadcast,
+      pairingBroadcast: ipcBroadcast
+        ? (msg) => {
+            // Broadcast to IPC socket clients (local Unix socket)
+            ipcBroadcast(msg);
+            // Also publish to the event hub so HTTP/SSE clients (e.g. macOS
+            // app with localHttpEnabled) receive pairing approval requests.
+            void assistantEventHub.publish(buildAssistantEvent('self', msg));
+          }
+        : undefined,
     };
   }
 
@@ -546,6 +562,7 @@ export class RuntimeHttpServer {
         return await handleSendMessage(req, {
           processMessage: this.processMessage,
           persistAndProcessMessage: this.persistAndProcessMessage,
+          sendMessageDeps: this.sendMessageDeps,
         });
       }
 

package/src/runtime/http-types.ts

@@ -5,6 +5,8 @@ import type { ChannelId } from '../channels/types.js';
 import type { RunOrchestrator } from './run-orchestrator.js';
 import type { GuardianRuntimeContext } from '../daemon/session-runtime-assembly.js';
 import type { ApprovalMessageContext, ComposeApprovalMessageGenerativeOptions } from './approval-message-composer.js';
+import type { Session } from '../daemon/session.js';
+import type { AssistantEventHub } from './assistant-event-hub.js';
 
 /**
  * Daemon-injected function that generates approval copy using a provider.
@@ -84,6 +86,24 @@ export type NonBlockingMessageProcessor = (
   sourceChannel?: ChannelId,
 ) => Promise<{ messageId: string }>;
 
+/**
+ * Dependencies for the POST /v1/messages handler.
+ *
+ * The handler needs direct access to the session so it can check busy state,
+ * persist user messages, fire the agent loop, or queue messages when busy.
+ * Hub publishing wires outbound events to the SSE stream.
+ */
+export interface SendMessageDeps {
+  getOrCreateSession: (conversationId: string) => Promise<Session>;
+  assistantEventHub: AssistantEventHub;
+  resolveAttachments: (attachmentIds: string[]) => Array<{
+    id: string;
+    filename: string;
+    mimeType: string;
+    data: string;
+  }>;
+}
+
 export interface RuntimeHttpServerOptions {
   port?: number;
   /** Hostname / IP to bind to. Defaults to '127.0.0.1' (loopback-only). */
@@ -101,6 +121,8 @@ export interface RuntimeHttpServerOptions {
   approvalCopyGenerator?: ApprovalCopyGenerator;
   /** Daemon-injected generator for conversational approval flow (provider-backed). */
   approvalConversationGenerator?: ApprovalConversationGenerator;
+  /** Dependencies for the POST /v1/messages queue-if-busy handler. */
+  sendMessageDeps?: SendMessageDeps;
 }
 
 export interface RuntimeAttachmentMetadata {

package/src/runtime/routes/conversation-routes.ts

@@ -18,7 +18,13 @@ import type {
   NonBlockingMessageProcessor,
   RuntimeAttachmentMetadata,
   RuntimeMessagePayload,
+  SendMessageDeps,
 } from '../http-types.js';
+import type { ServerMessage } from '../../daemon/ipc-protocol.js';
+import { buildAssistantEvent } from '../assistant-event.js';
+import { getLogger } from '../../util/logger.js';
+
+const log = getLogger('conversation-routes');
 
 const SUGGESTION_CACHE_MAX = 100;
 
@@ -134,11 +140,40 @@ export function handleListMessages(
   return Response.json({ messages });
 }
 
+/**
+ * Build an `onEvent` callback that publishes every outbound event to the
+ * assistant event hub, maintaining ordered delivery through a serial chain.
+ */
+function makeHubPublisher(
+  deps: SendMessageDeps,
+  conversationId: string,
+): (msg: ServerMessage) => void {
+  let hubChain: Promise<void> = Promise.resolve();
+  return (msg: ServerMessage) => {
+    const msgRecord = msg as unknown as Record<string, unknown>;
+    const msgSessionId =
+      'sessionId' in msg && typeof msgRecord.sessionId === 'string'
+        ? (msgRecord.sessionId as string)
+        : undefined;
+    const resolvedSessionId = msgSessionId ?? conversationId;
+    const event = buildAssistantEvent('self', msg, resolvedSessionId);
+    hubChain = (async () => {
+      await hubChain;
+      try {
+        await deps.assistantEventHub.publish(event);
+      } catch (err) {
+        log.warn({ err }, 'assistant-events hub subscriber threw during POST /messages');
+      }
+    })();
+  };
+}
+
 export async function handleSendMessage(
   req: Request,
   deps: {
     processMessage?: MessageProcessor;
     persistAndProcessMessage?: NonBlockingMessageProcessor;
+    sendMessageDeps?: SendMessageDeps;
   },
 ): Promise<Response> {
   const body = await req.json() as {
@@ -204,6 +239,47 @@ export async function handleSendMessage(
 
   const mapping = getOrCreateConversation(conversationKey);
 
+  // ── Queue-if-busy path (preferred when sendMessageDeps is wired) ────
+  if (deps.sendMessageDeps) {
+    const smDeps = deps.sendMessageDeps;
+    const session = await smDeps.getOrCreateSession(mapping.conversationId);
+    const onEvent = makeHubPublisher(smDeps, mapping.conversationId);
+
+    const attachments = hasAttachments
+      ? smDeps.resolveAttachments(attachmentIds)
+      : [];
+
+    if (session.isProcessing()) {
+      // Queue the message so it's processed when the current turn completes
+      const requestId = crypto.randomUUID();
+      const result = session.enqueueMessage(
+        content ?? '',
+        attachments,
+        onEvent,
+        requestId,
+      );
+      if (result.rejected) {
+        return Response.json(
+          { error: 'Message queue is full. Please retry later.' },
+          { status: 429 },
+        );
+      }
+      return Response.json({ accepted: true, queued: true }, { status: 202 });
+    }
+
+    // Session is idle — persist and fire agent loop immediately
+    const requestId = crypto.randomUUID();
+    const messageId = session.persistUserMessage(content ?? '', attachments, requestId);
+
+    // Fire-and-forget the agent loop; events flow to the hub via onEvent
+    session.runAgentLoop(content ?? '', messageId, onEvent).catch((err) => {
+      log.error({ err, conversationId: mapping.conversationId }, 'Agent loop failed (POST /messages)');
+    });
+
+    return Response.json({ accepted: true, messageId }, { status: 202 });
+  }
+
+  // ── Legacy path (fallback when sendMessageDeps not wired) ───────────
   const processor = deps.persistAndProcessMessage ?? deps.processMessage;
   if (!processor) {
     return Response.json({ error: 'Message processing not configured' }, { status: 503 });
@@ -217,7 +293,7 @@ export async function handleSendMessage(
       undefined,
       sourceChannel,
     );
-    return Response.json({ accepted: true, messageId: result.messageId });
+    return Response.json({ accepted: true, messageId: result.messageId }, { status: 202 });
   } catch (err) {
     if (err instanceof Error && err.message === 'Session is already processing a message') {
       return Response.json(

package/src/runtime/routes/pairing-routes.ts

@@ -9,13 +9,14 @@ import {
   refreshDevice,
   hashDeviceId,
 } from '../../daemon/approved-devices-store.js';
+import type { ServerMessage } from '../../daemon/ipc-contract.js';
 
 const log = getLogger('runtime-http');
 
 export interface PairingHandlerContext {
   pairingStore: PairingStore;
   bearerToken: string | undefined;
-  pairingBroadcast?: (msg: { type: string; [key: string]: unknown }) => void;
+  pairingBroadcast?: (msg: ServerMessage) => void;
 }
 
 /**

package/src/subagent/manager.ts

@@ -343,20 +343,20 @@ export class SubagentManager {
 
   // ── Send message to subagent ──────────────────────────────────────────
 
-  sendMessage(subagentId: string, content: string): boolean {
+  sendMessage(subagentId: string, content: string): 'sent' | 'empty' | 'not_found' | 'terminal' | 'queue_full' {
     const trimmed = content?.trim();
-    if (!trimmed) return false;
+    if (!trimmed) return 'empty';
 
     const managed = this.subagents.get(subagentId);
-    if (!managed) return false;
-    if (TERMINAL_STATUSES.has(managed.state.status)) return false;
+    if (!managed) return 'not_found';
+    if (TERMINAL_STATUSES.has(managed.state.status)) return 'terminal';
 
     const onEvent = managed.session.sendToClient;
     const requestId = uuid();
 
     // If the session is busy, queue the message; otherwise process immediately.
     const result = managed.session.enqueueMessage(trimmed, [], onEvent, requestId);
-    if (result.rejected) return false;
+    if (result.rejected) return 'queue_full';
     if (!result.queued) {
       // Session is idle — send directly.  Fire-and-forget so we don't block.
       const messageId = managed.session.persistUserMessage(trimmed, []);
@@ -364,7 +364,7 @@ export class SubagentManager {
         log.error({ subagentId, err }, 'Subagent message processing failed');
       });
     }
-    return true;
+    return 'sent';
   }
 
   // ── Queries ───────────────────────────────────────────────────────────

package/src/tools/browser/browser-execution.ts

@@ -320,7 +320,10 @@ export async function executeBrowserNavigate(
       if (challenge?.type === 'captcha') {
         log.info('CAPTCHA detected, waiting up to 5s for auto-resolve');
         for (let i = 0; i < 5; i++) {
-          if (context.signal?.aborted) break;
+          if (context.signal?.aborted) {
+            if (sender) updateBrowserStatus(context.sessionId, sender, 'idle');
+            return { content: 'Navigation cancelled.', isError: true };
+          }
           await new Promise((r) => setTimeout(r, 1000));
           const still = await detectCaptchaChallenge(page);
           if (!still) {