@vellumai/assistant 0.4.41 → 0.4.43

package/src/cli/{twitter.ts → commands/twitter/index.ts}

@@ -5,11 +5,14 @@
  * All commands output JSON to stdout. Use --json for machine-readable output.
  */
 
-import * as net from "node:net";
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
 
 import { Command } from "commander";
 
-import { createMessageParser, serialize } from "../daemon/ipc-protocol.js";
+const execFileAsync = promisify(execFile);
+
+import { httpSend } from "../../http-client.js";
 import {
   getBookmarks,
   getFollowers,
@@ -17,21 +20,19 @@ import {
   getHomeTimeline,
   getLikes,
   getNotifications,
-  getTweetDetail,
   getUserByScreenName,
   getUserMedia,
-  getUserTweets,
-  searchTweets,
   SessionExpiredError,
-} from "../twitter/client.js";
-import type { TwitterStrategy } from "../twitter/router.js";
-import { routedPostTweet } from "../twitter/router.js";
+} from "./client.js";
+import type { TwitterStrategy } from "./router.js";
 import {
-  clearSession,
-  importFromRecording,
-  loadSession,
-} from "../twitter/session.js";
-import { getSocketPath, readSessionToken } from "../util/platform.js";
+  routedGetTweetDetail,
+  routedGetUserByScreenName,
+  routedGetUserTweets,
+  routedPostTweet,
+  routedSearchTweets,
+} from "./router.js";
+import { clearSession, importFromRecording, loadSession } from "./session.js";
 
 // ---------------------------------------------------------------------------
 // Helpers
@@ -88,7 +89,8 @@ async function run(cmd: Command, fn: () => Promise<unknown>): Promise<void> {
       err instanceof Error &&
       (meta.pathUsed !== undefined ||
         meta.suggestAlternative !== undefined ||
-        meta.oauthError !== undefined)
+        meta.oauthError !== undefined ||
+        meta.proxyErrorCode !== undefined)
     ) {
       const payload: Record<string, unknown> = {
         ok: false,
@@ -98,6 +100,9 @@ async function run(cmd: Command, fn: () => Promise<unknown>): Promise<void> {
       if (meta.suggestAlternative !== undefined)
         payload.suggestAlternative = meta.suggestAlternative;
       if (meta.oauthError !== undefined) payload.oauthError = meta.oauthError;
+      if (meta.proxyErrorCode !== undefined)
+        payload.proxyErrorCode = meta.proxyErrorCode;
+      if (meta.retryable !== undefined) payload.retryable = meta.retryable;
       output(payload, getJson(cmd));
       process.exitCode = 1;
       return;
@@ -115,22 +120,25 @@ export function registerTwitterCommand(program: Command): void {
     .command("x")
     .alias("twitter")
     .description(
-      "Post on X and manage connections. Supports OAuth (official API) and browser session paths.",
+      "Post on X and manage connections. Supports managed (platform proxy), OAuth (official API), and browser session paths.",
     )
     .option("--json", "Machine-readable JSON output");
 
   tw.addHelpText(
     "after",
     `
-Twitter (X) uses a dual-path architecture for interacting with the platform:
+Twitter (X) supports multiple paths for interacting with the platform:
 
-  1. OAuth (official API) — uses an authenticated Twitter OAuth application for
+  1. Managed (platform proxy) — routes Twitter API calls through the platform,
+     which holds the OAuth credentials. Used when integrationMode is "managed".
+  2. OAuth (official API) — uses an authenticated Twitter OAuth application for
      posting and replying. Requires a connected OAuth credential.
-  2. Browser session (Ride Shotgun) — uses cookies captured from a real Chrome
+  3. Browser session (Ride Shotgun) — uses cookies captured from a real Chrome
      session to call Twitter's internal GraphQL API. Supports all read operations
      and posting as a fallback.
 
-The strategy system controls which path is used for operations that support both:
+The strategy system controls which path is used for operations that support multiple:
+  managed  — route through the platform proxy (platform holds credentials)
   oauth    — always use the OAuth API; fail if unavailable
   browser  — always use the browser session; fail if unavailable
   auto     — try OAuth first, fall back to browser session (default)
@@ -144,7 +152,8 @@ Session management:
 
 Examples:
   $ assistant x status
-  $ assistant x post "Hello world"
+  $ assistant x post "Hello world" --strategy managed
+  $ assistant x post "Hello world" --strategy auto
   $ assistant x timeline elonmusk --count 10
   $ assistant x search "from:vaborsh AI agents" --product Latest
   $ assistant x strategy set oauth`,
@@ -172,11 +181,10 @@ Examples:
     )
     .action(async (opts: { recording: string }, cmd: Command) => {
       await run(cmd, async () => {
-        const session = importFromRecording(opts.recording);
+        const session = await importFromRecording(opts.recording);
         return {
           message: "Session imported successfully",
           cookieCount: session.cookies.length,
-          recordingId: session.recordingId,
         };
       });
     });
@@ -196,8 +204,8 @@ OAuth credentials are not affected.
 Examples:
   $ assistant x logout`,
     )
-    .action((_opts: unknown, cmd: Command) => {
-      clearSession();
+    .action(async (_opts: unknown, cmd: Command) => {
+      await clearSession();
       output({ ok: true, message: "Session cleared" }, getJson(cmd));
     });
 
@@ -236,11 +244,11 @@ Examples:
       try {
         const result = await startLearnSession(duration);
         if (result.recordingPath) {
-          const session = importFromRecording(result.recordingPath);
+          const session = await importFromRecording(result.recordingPath);
 
           // Hide Chrome after capturing session
           try {
-            await minimizeChromeWindow(); // uses default CDP port
+            await minimizeChrome();
           } catch {
             /* best-effort */
           }
@@ -250,7 +258,6 @@ Examples:
               ok: true,
               message: "Session refreshed successfully",
               cookieCount: session.cookies.length,
-              recordingId: result.recordingId,
             },
             json,
           );
@@ -259,7 +266,6 @@ Examples:
             {
               ok: false,
               error: "Recording completed but no recording path returned",
-              recordingId: result.recordingId,
             },
             json,
           );
@@ -280,8 +286,7 @@ Examples:
       `
 Shows the current state of both authentication paths:
 
-  Browser session — whether cookies are loaded, cookie count, import timestamp,
-    and the recording ID they came from.
+  Browser session — whether cookies are loaded and the cookie count.
   OAuth — whether an OAuth credential is connected, the linked account, the
     current strategy setting, and whether a strategy has been explicitly configured.
 
@@ -292,27 +297,18 @@ Examples:
   $ assistant x status --json`,
     )
     .action(async (_opts: unknown, cmd: Command) => {
-      const session = loadSession();
+      const session = await loadSession();
       const browserInfo: Record<string, unknown> = session
         ? {
             browserSessionActive: true,
             cookieCount: session.cookies.length,
-            importedAt: session.importedAt,
-            recordingId: session.recordingId,
           }
         : { browserSessionActive: false };
 
       // Query daemon for OAuth / strategy config
       let oauthInfo: Record<string, unknown> = {};
       try {
-        const daemonResponse = await sendDaemonMessage(
-          {
-            type: "twitter_integration_config",
-            action: "get",
-          } as import("../daemon/ipc-protocol.js").ClientMessage,
-          "twitter_integration_config_response",
-        );
-        const r = daemonResponse as Record<string, unknown>;
+        const r = await sendTwitterConfigRequest("get");
         oauthInfo = {
           oauthConnected: r.connected ?? false,
           oauthAccount: r.accountInfo ?? undefined,
@@ -346,7 +342,7 @@ Examples:
   const strategyCli = tw
     .command("strategy")
     .description(
-      "Get or set the Twitter operation strategy (oauth, browser, auto)",
+      "Get or set the Twitter operation strategy (managed, oauth, browser, auto)",
     )
     .addHelpText(
       "after",
@@ -354,6 +350,7 @@ Examples:
 The strategy controls which authentication path is used for operations that
 support both OAuth and browser session:
 
+  managed  — route through the platform proxy (platform holds OAuth credentials).
   oauth    — always use the official Twitter OAuth API. Fails if no OAuth
              credential is connected. Best for reliable posting.
   browser  — always use the browser session (captured cookies). Fails if no
@@ -371,14 +368,7 @@ Examples:
     .action(async (_opts: unknown, cmd: Command) => {
       const json = getJson(cmd);
       try {
-        const daemonResponse = await sendDaemonMessage(
-          {
-            type: "twitter_integration_config",
-            action: "get_strategy",
-          } as import("../daemon/ipc-protocol.js").ClientMessage,
-          "twitter_integration_config_response",
-        );
-        const r = daemonResponse as Record<string, unknown>;
+        const r = await sendTwitterConfigRequest("get_strategy");
         output({ ok: true, strategy: r.strategy ?? "auto" }, json);
       } catch (err) {
         outputError(err instanceof Error ? err.message : String(err));
@@ -397,7 +387,8 @@ Arguments:
 
 Sets the preferred strategy for Twitter operations that support dual-path
 routing. The setting is persisted by the assistant and applies to all subsequent
-operations until changed.
+operations until changed. Note: "managed" is determined by integration mode
+and cannot be set manually.
 
 Examples:
   $ assistant x strategy set oauth
@@ -407,15 +398,9 @@ Examples:
     .action(async (value: string, _opts: unknown, cmd: Command) => {
       const json = getJson(cmd);
       try {
-        const daemonResponse = await sendDaemonMessage(
-          {
-            type: "twitter_integration_config",
-            action: "set_strategy",
-            strategy: value,
-          } as import("../daemon/ipc-protocol.js").ClientMessage,
-          "twitter_integration_config_response",
-        );
-        const r = daemonResponse as Record<string, unknown>;
+        const r = await sendTwitterConfigRequest("set_strategy", {
+          strategy: value,
+        });
         if (r.success) {
           output({ ok: true, strategy: r.strategy }, json);
         } else {
@@ -438,7 +423,7 @@ Examples:
     .argument("<text>", "Tweet text")
     .requiredOption(
       "--strategy <strategy>",
-      "Operation strategy: oauth, browser, or auto",
+      "Operation strategy: oauth, browser, auto, or managed",
     )
     .option(
       "--oauth-token <token>",
@@ -450,14 +435,20 @@ Examples:
 Arguments:
   text   The tweet text to post (max 280 characters)
 
-Posts a new tweet using the routed dual-path system. The --strategy flag
-controls which path is used. The response includes the tweet ID, URL, and
-which path was used.
+Posts a new tweet using the routed system. The --strategy flag controls which
+path is used. The response includes the tweet ID, URL, and which path was used.
+
+Strategies:
+  oauth    — use the local OAuth token directly
+  browser  — use the browser session (CDP)
+  auto     — try OAuth first, fall back to browser
+  managed  — route through the platform proxy (platform holds OAuth credentials)
 
 Examples:
   $ assistant x post "Hello world" --strategy browser
   $ assistant x post "Hello world" --strategy oauth --oauth-token "$TOKEN"
-  $ assistant x post "Hello world" --strategy auto --oauth-token "$TOKEN"`,
+  $ assistant x post "Hello world" --strategy auto --oauth-token "$TOKEN"
+  $ assistant x post "Hello world" --strategy managed`,
     )
     .action(
       async (
@@ -470,10 +461,11 @@ Examples:
           if (
             strategy !== "oauth" &&
             strategy !== "browser" &&
-            strategy !== "auto"
+            strategy !== "auto" &&
+            strategy !== "managed"
           ) {
             throw new Error(
-              `Invalid strategy "${opts.strategy}". Must be oauth, browser, or auto.`,
+              `Invalid strategy "${opts.strategy}". Must be oauth, browser, auto, or managed.`,
             );
           }
           const { result, pathUsed } = await routedPostTweet(text, {
@@ -499,7 +491,7 @@ Examples:
     .argument("<text>", "Reply text")
     .requiredOption(
       "--strategy <strategy>",
-      "Operation strategy: oauth, browser, or auto",
+      "Operation strategy: oauth, browser, auto, or managed",
     )
     .option(
       "--oauth-token <token>",
@@ -518,7 +510,8 @@ URL. The --strategy flag controls which path is used.
 
 Examples:
   $ assistant x reply https://x.com/elonmusk/status/1234567890 "Great point!" --strategy browser
-  $ assistant x reply 1234567890 "Interesting thread" --strategy oauth --oauth-token "$TOKEN"`,
+  $ assistant x reply 1234567890 "Interesting thread" --strategy oauth --oauth-token "$TOKEN"
+  $ assistant x reply 1234567890 "Nice!" --strategy managed`,
     )
     .action(
       async (
@@ -532,10 +525,11 @@ Examples:
           if (
             strategy !== "oauth" &&
             strategy !== "browser" &&
-            strategy !== "auto"
+            strategy !== "auto" &&
+            strategy !== "managed"
           ) {
             throw new Error(
-              `Invalid strategy "${opts.strategy}". Must be oauth, browser, or auto.`,
+              `Invalid strategy "${opts.strategy}". Must be oauth, browser, auto, or managed.`,
             );
           }
           // Extract tweet ID: either a bare numeric ID or the last numeric segment of a URL
@@ -566,30 +560,54 @@ Examples:
     .description("Fetch a user's recent tweets")
     .argument("<screenName>", "Twitter screen name (without @)")
     .option("--count <n>", "Number of tweets to fetch", "20")
+    .option(
+      "--strategy <strategy>",
+      "Operation strategy: managed or browser (default: browser)",
+    )
     .addHelpText(
       "after",
       `
 Arguments:
   screenName   Twitter screen name without the @ prefix (e.g. "elonmusk", not "@elonmusk")
 
-Fetches a user's recent tweets via the browser session. Resolves the screen name
-to a user ID first, then retrieves their tweet timeline. The --count flag controls
-how many tweets to return (default: 20).
+Fetches a user's recent tweets. Resolves the screen name to a user ID first,
+then retrieves their tweet timeline. The --count flag controls how many tweets
+to return (default: 20). Use --strategy managed to route through the platform proxy.
 
 Examples:
   $ assistant x timeline elonmusk
   $ assistant x timeline vaborsh --count 50
-  $ assistant x timeline openai --count 10 --json`,
+  $ assistant x timeline openai --count 10 --json
+  $ assistant x timeline elonmusk --strategy managed`,
     )
     .action(
-      async (screenName: string, opts: { count: string }, cmd: Command) => {
+      async (
+        screenName: string,
+        opts: { count: string; strategy?: string },
+        cmd: Command,
+      ) => {
         await run(cmd, async () => {
-          const user = await getUserByScreenName(screenName.replace(/^@/, ""));
-          const tweets = await getUserTweets(
+          const strategy = (opts.strategy ?? "browser") as TwitterStrategy;
+          if (
+            strategy !== "oauth" &&
+            strategy !== "browser" &&
+            strategy !== "auto" &&
+            strategy !== "managed"
+          ) {
+            throw new Error(
+              `Invalid strategy "${opts.strategy}". Must be oauth, browser, auto, or managed.`,
+            );
+          }
+          const { result: user, pathUsed } = await routedGetUserByScreenName(
+            screenName.replace(/^@/, ""),
+            { strategy },
+          );
+          const { result: tweets } = await routedGetUserTweets(
             user.userId,
             parseInt(opts.count, 10),
+            { strategy },
           );
-          return { user, tweets };
+          return { user, tweets, pathUsed };
         });
       },
     );
@@ -600,6 +618,10 @@ Examples:
   tw.command("tweet")
     .description("Fetch a tweet and its reply thread")
     .argument("<tweetIdOrUrl>", "Tweet ID or URL")
+    .option(
+      "--strategy <strategy>",
+      "Operation strategy: managed or browser (default: browser)",
+    )
     .addHelpText(
       "after",
       `
@@ -607,24 +629,45 @@ Arguments:
   tweetIdOrUrl   A bare tweet ID (e.g. 1234567890) or a full tweet URL
                  (e.g. https://x.com/user/status/1234567890)
 
-Fetches a single tweet and its reply thread via the browser session. The tweet
-ID is extracted from the last numeric segment of the input. Returns an array of
-tweets representing the conversation thread.
+Fetches a single tweet and its reply thread. The tweet ID is extracted from the
+last numeric segment of the input. Returns an array of tweets representing the
+conversation thread. Use --strategy managed to route through the platform proxy.
 
 Examples:
   $ assistant x tweet 1234567890
   $ assistant x tweet https://x.com/elonmusk/status/1234567890
-  $ assistant x tweet https://x.com/openai/status/9876543210 --json`,
+  $ assistant x tweet https://x.com/openai/status/9876543210 --json
+  $ assistant x tweet 1234567890 --strategy managed`,
     )
-    .action(async (tweetIdOrUrl: string, _opts: unknown, cmd: Command) => {
-      await run(cmd, async () => {
-        const idMatch = tweetIdOrUrl.match(/(\d+)\s*$/);
-        if (!idMatch)
-          throw new Error(`Could not extract tweet ID from: ${tweetIdOrUrl}`);
-        const tweets = await getTweetDetail(idMatch[1]);
-        return { tweets };
-      });
-    });
+    .action(
+      async (
+        tweetIdOrUrl: string,
+        opts: { strategy?: string },
+        cmd: Command,
+      ) => {
+        await run(cmd, async () => {
+          const idMatch = tweetIdOrUrl.match(/(\d+)\s*$/);
+          if (!idMatch)
+            throw new Error(`Could not extract tweet ID from: ${tweetIdOrUrl}`);
+          const strategy = (opts.strategy ?? "browser") as TwitterStrategy;
+          if (
+            strategy !== "oauth" &&
+            strategy !== "browser" &&
+            strategy !== "auto" &&
+            strategy !== "managed"
+          ) {
+            throw new Error(
+              `Invalid strategy "${opts.strategy}". Must be oauth, browser, auto, or managed.`,
+            );
+          }
+          const { result: tweets, pathUsed } = await routedGetTweetDetail(
+            idMatch[1],
+            { strategy },
+          );
+          return { tweets, pathUsed };
+        });
+      },
+    );
 
   // =========================================================================
   // search — search tweets
@@ -633,6 +676,10 @@ Examples:
     .description("Search tweets")
     .argument("<query>", "Search query")
     .option("--product <type>", "Top, Latest, People, or Media", "Top")
+    .option(
+      "--strategy <strategy>",
+      "Operation strategy: managed or browser (default: browser)",
+    )
     .addHelpText(
       "after",
       `
@@ -646,22 +693,43 @@ The --product flag selects the search result type:
   People   — user accounts matching the query
   Media    — tweets containing images or video
 
-Uses the browser session path. Requires an active browser session.
+Use --strategy managed to route through the platform proxy (uses Twitter's
+recent search API).
 
 Examples:
   $ assistant x search "AI agents"
   $ assistant x search "from:elonmusk SpaceX" --product Latest
-  $ assistant x search "machine learning" --product Media --json`,
+  $ assistant x search "machine learning" --product Media --json
+  $ assistant x search "AI agents" --strategy managed`,
     )
-    .action(async (query: string, opts: { product: string }, cmd: Command) => {
-      await run(cmd, async () => {
-        const tweets = await searchTweets(
-          query,
-          opts.product as "Top" | "Latest" | "People" | "Media",
-        );
-        return { query, tweets };
-      });
-    });
+    .action(
+      async (
+        query: string,
+        opts: { product: string; strategy?: string },
+        cmd: Command,
+      ) => {
+        await run(cmd, async () => {
+          const strategy = (opts.strategy ?? "browser") as TwitterStrategy;
+          if (
+            strategy !== "oauth" &&
+            strategy !== "browser" &&
+            strategy !== "auto" &&
+            strategy !== "managed"
+          ) {
+            throw new Error(
+              `Invalid strategy "${opts.strategy}". Must be oauth, browser, auto, or managed.`,
+            );
+          }
+          const product = opts.product as "Top" | "Latest" | "People" | "Media";
+          const { result: tweets, pathUsed } = await routedSearchTweets(
+            query,
+            product,
+            { strategy },
+          );
+          return { query, tweets, pathUsed };
+        });
+      },
+    );
 
   // =========================================================================
   // bookmarks — fetch bookmarks
@@ -875,108 +943,94 @@ Examples:
 }
 
 // ---------------------------------------------------------------------------
-// Daemon IPC helper — send a message and wait for the first response
+// Daemon HTTP helper — send requests to the daemon's HTTP API
 // ---------------------------------------------------------------------------
 
-function sendDaemonMessage(
-  message: import("../daemon/ipc-protocol.js").ClientMessage,
-  expectedResponseType: string,
+/**
+ * Send a Twitter integration config request to the daemon via HTTP.
+ *
+ * Maps the old IPC `twitter_integration_config` message actions to HTTP
+ * endpoints on the settings routes:
+ *   - "get" / "get_strategy" → GET /v1/integrations/twitter/auth/status
+ *   - "set_strategy"         → PUT /v1/settings/client (key=twitter.strategy)
+ */
+async function sendTwitterConfigRequest(
+  action: string,
+  extra?: Record<string, unknown>,
 ): Promise<Record<string, unknown>> {
-  return new Promise((resolve, reject) => {
-    const socketPath = getSocketPath();
-    const sessionToken = readSessionToken();
-    const socket = net.createConnection(socketPath);
-    const parser = createMessageParser();
-
-    const timeoutHandle = setTimeout(() => {
-      socket.destroy();
-      reject(new Error("Request timed out after 10s"));
-    }, 10_000);
-    timeoutHandle.unref();
-
-    let authenticated = !sessionToken;
-    let messageSent = false;
-
-    const sendPayload = () => {
-      if (messageSent) return;
-      messageSent = true;
-      socket.write(serialize(message));
-    };
-
-    socket.on("error", (err) => {
-      clearTimeout(timeoutHandle);
-      reject(
-        new Error(
-          `Cannot connect to assistant: ${err.message}. Is the assistant running?`,
-        ),
-      );
+  if (action === "get" || action === "get_strategy") {
+    const response = await httpSend("/v1/integrations/twitter/auth/status", {
+      method: "GET",
     });
+    if (!response.ok) {
+      const text = await response.text();
+      throw new Error(`Assistant returned an error: ${text}`);
+    }
+    const data = (await response.json()) as Record<string, unknown>;
+    // Map the HTTP response shape to the old IPC response shape
+    return {
+      type: "twitter_integration_config_response",
+      success: true,
+      connected: data.connected ?? false,
+      accountInfo: data.accountInfo,
+      strategy: data.strategy ?? "auto",
+      strategyConfigured: data.strategyConfigured ?? false,
+      mode: data.mode,
+      managedAvailable: data.managedAvailable ?? false,
+      managedPrerequisites: data.managedPrerequisites,
+      localClientConfigured: data.localClientConfigured ?? false,
+    };
+  }
 
-    socket.on("data", (chunk) => {
-      const messages = parser.feed(chunk.toString("utf-8"));
-      for (const msg of messages) {
-        const m = msg as unknown as Record<string, unknown>;
-
-        if (!authenticated && m.type === "auth_result") {
-          if ((m as { success: boolean }).success) {
-            authenticated = true;
-            sendPayload();
-          } else {
-            clearTimeout(timeoutHandle);
-            socket.destroy();
-            reject(new Error("Authentication failed"));
-          }
-          continue;
-        }
-
-        // Reject immediately on daemon error frames so the CLI surfaces the
-        // real failure reason instead of hanging until the timeout fires.
-        if (m.type === "error") {
-          clearTimeout(timeoutHandle);
-          socket.destroy();
-          reject(
-            new Error(
-              (m as { message?: string }).message ??
-                "Assistant returned an error",
-            ),
-          );
-          return;
-        }
-
-        // Only resolve on the expected response type; skip everything else
-        if (m.type === expectedResponseType) {
-          clearTimeout(timeoutHandle);
-          socket.destroy();
-          resolve(m);
-          return;
-        }
-        // Skip all other message types (auth_result, daemon_status, pong, session_info, tasks_changed, etc.)
-      }
+  if (action === "set_strategy") {
+    const strategy = extra?.strategy as string | undefined;
+    if (!strategy) throw new Error("strategy is required for set_strategy");
+    const response = await httpSend("/v1/settings/client", {
+      method: "PUT",
+      body: JSON.stringify({ key: "twitter.strategy", value: strategy }),
     });
+    if (!response.ok) {
+      const text = await response.text();
+      throw new Error(`Assistant returned an error: ${text}`);
+    }
+    return {
+      type: "twitter_integration_config_response",
+      success: true,
+      strategy,
+    };
+  }
 
-    socket.on("connect", () => {
-      if (sessionToken) {
-        socket.write(
-          serialize({
-            type: "auth",
-            token: sessionToken,
-          } as unknown as import("../daemon/ipc-protocol.js").ClientMessage),
-        );
-      } else {
-        sendPayload();
-      }
-    });
-  });
+  throw new Error(`Unsupported twitter_integration_config action: ${action}`);
 }
 
 // ---------------------------------------------------------------------------
-// Chrome CDP helpers (shared)
+// Chrome CDP helpers (via `assistant browser chrome` CLI)
 // ---------------------------------------------------------------------------
 
-import {
-  ensureChromeWithCdp,
-  minimizeChromeWindow,
-} from "../tools/browser/chrome-cdp.js";
+async function launchChromeCdp(
+  startUrl?: string,
+): Promise<{ baseUrl: string }> {
+  const args = ["browser", "chrome", "launch"];
+  if (startUrl) args.push("--start-url", startUrl);
+  const { stdout } = await execFileAsync("assistant", args);
+  const result = JSON.parse(stdout) as {
+    ok: boolean;
+    baseUrl?: string;
+    error?: string;
+  };
+  if (!result.ok || !result.baseUrl) {
+    throw new Error(result.error ?? "Failed to launch Chrome with CDP");
+  }
+  return { baseUrl: result.baseUrl };
+}
+
+async function minimizeChrome(): Promise<void> {
+  try {
+    await execFileAsync("assistant", ["browser", "chrome", "minimize"]);
+  } catch {
+    // best-effort — same as the original
+  }
+}
 
 // ---------------------------------------------------------------------------
 // Ride Shotgun learn session helper
@@ -1012,100 +1066,95 @@ async function navigateToX(cdpBase: string): Promise<void> {
 async function startLearnSession(
   durationSeconds: number,
 ): Promise<LearnResult> {
-  const cdpSession = await ensureChromeWithCdp({
-    startUrl: "https://x.com/login",
-  });
+  const cdpSession = await launchChromeCdp("https://x.com/login");
   await navigateToX(cdpSession.baseUrl);
 
-  return new Promise((resolve, reject) => {
-    const socketPath = getSocketPath();
-    const sessionToken = readSessionToken();
-    const socket = net.createConnection(socketPath);
-    const parser = createMessageParser();
-
-    socket.on("error", (err) => {
-      reject(
-        new Error(
-          `Cannot connect to assistant: ${err.message}. Is the assistant running?`,
-        ),
-      );
-    });
+  // Start ride shotgun via HTTP
+  const response = await httpSend("/v1/computer-use/ride-shotgun/start", {
+    method: "POST",
+    body: JSON.stringify({
+      durationSeconds,
+      intervalSeconds: 5,
+      mode: "learn",
+      targetDomain: "x.com",
+    }),
+  });
+
+  if (!response.ok) {
+    const body = await response.text();
+    throw new Error(
+      `Cannot connect to assistant: ${response.status} ${body}. Is the assistant running?`,
+    );
+  }
+
+  const startResult = (await response.json()) as {
+    watchId?: string;
+    sessionId?: string;
+  };
 
-    const timeoutHandle = setTimeout(
-      () => {
-        socket.destroy();
+  if (!startResult.watchId) {
+    throw new Error("Ride-shotgun start response missing watchId");
+  }
+
+  // Poll the status endpoint using watchId to correlate completion
+  const { watchId } = startResult;
+  const timeoutMs = (durationSeconds + 30) * 1000;
+  const pollIntervalMs = 2000;
+  const startTime = Date.now();
+
+  return new Promise<LearnResult>((resolve, reject) => {
+    const tick = async () => {
+      if (Date.now() - startTime > timeoutMs) {
         reject(
           new Error(`Learn session timed out after ${durationSeconds + 30}s`),
         );
-      },
-      (durationSeconds + 30) * 1000,
-    );
-    timeoutHandle.unref();
-
-    let authenticated = !sessionToken;
-
-    const sendStartCommand = () => {
-      socket.write(
-        serialize({
-          type: "ride_shotgun_start",
-          durationSeconds,
-          intervalSeconds: 5,
-          mode: "learn",
-          targetDomain: "x.com",
-        } as unknown as import("../daemon/ipc-protocol.js").ClientMessage),
-      );
-    };
-
-    socket.on("data", (chunk) => {
-      const messages = parser.feed(chunk.toString("utf-8"));
-      for (const msg of messages) {
-        const m = msg as unknown as Record<string, unknown>;
+        return;
+      }
 
-        if (!authenticated && m.type === "auth_result") {
-          if ((m as { success: boolean }).success) {
-            authenticated = true;
-            sendStartCommand();
-          } else {
-            clearTimeout(timeoutHandle);
-            socket.destroy();
-            reject(new Error("Authentication failed"));
-          }
-          continue;
+      try {
+        const statusRes = await httpSend(
+          `/v1/computer-use/ride-shotgun/status/${watchId}`,
+          { method: "GET" },
+        );
+        if (!statusRes.ok) {
+          setTimeout(tick, pollIntervalMs);
+          return;
         }
 
-        if (m.type === "auth_result") {
-          continue;
-        }
+        const status = (await statusRes.json()) as {
+          status: string;
+          recordingId?: string;
+          savedRecordingPath?: string;
+          bootstrapFailureReason?: string;
+        };
 
-        if (m.type === "ride_shotgun_error") {
-          clearTimeout(timeoutHandle);
-          socket.destroy();
-          reject(new Error((m as { message: string }).message));
-          continue;
+        if (status.bootstrapFailureReason) {
+          reject(
+            new Error(`Learn session failed: ${status.bootstrapFailureReason}`),
+          );
+          return;
         }
 
-        if (m.type === "ride_shotgun_result") {
-          clearTimeout(timeoutHandle);
-          socket.destroy();
-          resolve({
-            recordingId: m.recordingId as string | undefined,
-            recordingPath: m.recordingPath as string | undefined,
-          });
+        if (status.status === "completed") {
+          if (status.recordingId) {
+            resolve({
+              recordingId: status.recordingId,
+              recordingPath: status.savedRecordingPath,
+            });
+          } else {
+            reject(
+              new Error("Learn session completed but no recording was saved."),
+            );
+          }
+          return;
         }
+      } catch {
+        // Status endpoint not reachable — continue polling
       }
-    });
 
-    socket.on("connect", () => {
-      if (sessionToken) {
-        socket.write(
-          serialize({
-            type: "auth",
-            token: sessionToken,
-          } as unknown as import("../daemon/ipc-protocol.js").ClientMessage),
-        );
-      } else {
-        sendStartCommand();
-      }
-    });
+      setTimeout(tick, pollIntervalMs);
+    };
+
+    setTimeout(tick, pollIntervalMs);
   });
 }