@venturewild/workspace 0.2.3 → 0.3.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@venturewild/workspace",
-  "version": "0.2.3",
+  "version": "0.3.0",
   "description": "Claude Code Web — Replit/Lovable-style chat-first browser UI that wraps the AI agent already installed on your machine.",
   "license": "MIT",
   "bin": {
@@ -42,10 +42,10 @@
   },
   "optionalDependencies": {
     "@homebridge/node-pty-prebuilt-multiarch": "0.13.1",
-    "@venturewild/workspace-daemon-darwin-arm64": "0.1.2",
-    "@venturewild/workspace-daemon-darwin-x64": "0.1.2",
-    "@venturewild/workspace-daemon-linux-x64": "0.1.2",
-    "@venturewild/workspace-daemon-win32-x64": "0.1.2"
+    "@venturewild/workspace-daemon-darwin-arm64": "0.1.3",
+    "@venturewild/workspace-daemon-darwin-x64": "0.1.3",
+    "@venturewild/workspace-daemon-linux-x64": "0.1.3",
+    "@venturewild/workspace-daemon-win32-x64": "0.1.3"
   },
   "devDependencies": {
     "@testing-library/jest-dom": "^6.9.1",

package/server/bin/wild-workspace.mjs

@@ -23,6 +23,9 @@ import { appendLine, listLogs, tailFile } from '../src/logpaths.mjs';
 import { runDoctor, renderDoctor, writeDoctorBundle } from '../src/doctor.mjs';
 import { enableOperator, disableOperator, operatorStatus } from '../src/operator.mjs';
 import { loadObservabilityConsent, setObservabilityConsent } from '../src/observability.mjs';
+import {
+  grantConsent, revokeConsent, consentStatus, readAudit, MAX_TIER, MAX_GRANT_MINUTES, OPERATE_TIER,
+} from '../src/support-consent.mjs';
 import {
   AutoUpdater, PACKAGE_NAME, npmInstall, recordUpdate,
   loadUpdateSettings, setUpdateEnabled, setUpdateChannel,
@@ -59,6 +62,10 @@ Usage:
   wild-workspace operator enable  let the wild-workspace team help with your install (mints a token)
   wild-workspace operator disable revoke the support token
   wild-workspace operator status  is the support channel on?
+  wild-workspace support allow --tier 1 --minutes 60   allow time-boxed support (works even when offline)
+  wild-workspace support revoke   revoke support access now
+  wild-workspace support status   is support access on, and for how long?
+  wild-workspace support audit    show what support has done (the audit feed)
   wild-workspace observability [on|off|status]   share session + install health so we can help (default on; never chat content)
   wild-workspace update [apply]   check for / install a newer version (auto by default)
   wild-workspace update on|off    toggle background auto-update
@@ -98,6 +105,8 @@ function parseArgs(argv) {
     else if (arg === '--yes' || arg === '-y') { opts.yes = true; }
     else if (arg === '--kind') { opts.kind = argv[++i]; }
     else if (arg === '--limit') { opts.limit = Number(argv[++i]); }
+    else if (arg === '--tier') { opts.tier = Number(argv[++i]); }
+    else if (arg === '--minutes') { opts.minutes = Number(argv[++i]); }
     else if (arg.startsWith('--')) {
       // ignore unknown flags
     } else {
@@ -667,6 +676,91 @@ async function runUpdateCommand(opts) {
   }
 }
 
+// `wild-workspace support [allow|revoke|status]` — Phase 3 consent for the
+// daemon-hosted, out-of-band support channel (reachable even when your workspace
+// is offline). OFF by default + time-boxed; the bmo-sync daemon enforces it
+// locally and revoke is instant (this writes/deletes ~/.wild-workspace/
+// support-consent.json, which the daemon re-reads). Runs as its own process so it
+// works when the server is down.
+function fmtRemaining(ms) {
+  const m = Math.round(ms / 60000);
+  if (m < 60) return `${m} min`;
+  return `${Math.floor(m / 60)}h ${m % 60}m`;
+}
+async function runSupportCommand(action = 'status', opts = {}) {
+  const gdir = globalDir();
+
+  if (action === 'allow') {
+    const tier = opts.tier || 1;
+    const minutes = opts.minutes || 60;
+    if (tier < 1 || tier > MAX_TIER) {
+      console.error(
+        `tier must be 1..${MAX_TIER} (1 = read-only diagnostics/logs, 2 = curated fixes, ` +
+          `3 = let support operate your agent, 4 = raw shell).`,
+      );
+      process.exitCode = 1;
+      return;
+    }
+    // Tiers 3–4 let support OPERATE the machine (drive the agent / run commands).
+    // Require an explicit --yes so it's never a slip of the keyboard.
+    if (tier >= OPERATE_TIER && !opts.yes) {
+      console.error(
+        `tier ${tier} lets VentureWild support ${tier >= 4 ? 'run shell commands on' : 'operate the agent on'} ` +
+          `your machine (time-boxed, audited, revocable). Re-run with --yes to confirm:\n` +
+          `  wild-workspace support allow --tier ${tier} --minutes ${minutes} --yes`,
+      );
+      process.exitCode = 1;
+      return;
+    }
+    const rec = grantConsent(gdir, { tier, minutes });
+    if (!rec) {
+      console.error(`Could not write support consent to ${gdir}.`);
+      process.exitCode = 1;
+      return;
+    }
+    const tierDesc =
+      rec.tier >= 4
+        ? 'read diagnostics/logs + curated fixes + operate your agent + run raw shell commands'
+        : rec.tier >= 3
+          ? 'read diagnostics/logs + curated fixes + operate your agent on a task'
+          : rec.tier >= 2
+            ? 'read diagnostics/logs + run curated fixes (restart sync, relink, reinstall)'
+            : 'read diagnostics + logs only';
+    console.log(`✓ VentureWild support allowed at tier ${rec.tier} for ${fmtRemaining(rec.expiresAt - rec.grantedAt)} (max ${MAX_GRANT_MINUTES / 60}h).`);
+    console.log(`  tier ${rec.tier} = ${tierDesc}.`);
+    console.log('  It auto-expires; revoke anytime with: wild-workspace support revoke');
+    return;
+  }
+  if (action === 'revoke') {
+    const removed = revokeConsent(gdir);
+    console.log(removed ? '✓ support access revoked.' : 'support access was not enabled.');
+    return;
+  }
+  if (action === 'audit') {
+    const entries = readAudit(gdir, { limit: opts.limit || 20 });
+    if (!entries.length) {
+      console.log('no support actions recorded yet.');
+      return;
+    }
+    console.log('recent support actions (newest first):');
+    for (const e of entries) {
+      const when = e.ts ? new Date(e.ts).toISOString() : '?';
+      console.log(`  ${when}  ${e.ok ? '✓' : '✗'} ${e.action} (tier ${e.tier ?? '?'})`);
+    }
+    return;
+  }
+  // status (default)
+  const s = consentStatus(gdir);
+  if (s.enabled) {
+    console.log(`support access: ON (tier ${s.tier}) — ${fmtRemaining(s.remainingMs)} remaining.`);
+    console.log('  revoke : wild-workspace support revoke');
+  } else {
+    console.log('support access: OFF (default).');
+    console.log('  allow  : wild-workspace support allow --tier 1 --minutes 60');
+  }
+  console.log(`  file   : ${s.file}`);
+}
+
 // `wild-workspace operator [enable|disable|status]` — the consented support
 // channel (docs/SECURITY.md). OFF by default; `enable` mints a token to hand to
 // the wild-workspace team so they can diagnose + run a fixed set of safe fixes.
@@ -805,6 +899,9 @@ async function main() {
   if (opts.positional[0] === 'update') {
     return runUpdateCommand(opts);
   }
+  if (opts.positional[0] === 'support') {
+    return runSupportCommand(opts.positional[1], opts);
+  }
   if (opts.positional[0] === 'operator') {
     return runOperatorCommand(opts.positional[1], opts);
   }

package/server/src/config.mjs

@@ -54,7 +54,13 @@ function readSecretsFile(file) {
   try {
     const parsed = JSON.parse(fs.readFileSync(file, 'utf8'));
     if (parsed && parsed.partnerToken && parsed.shareSecret) {
-      return { partnerToken: parsed.partnerToken, shareSecret: parsed.shareSecret };
+      return {
+        partnerToken: parsed.partnerToken,
+        shareSecret: parsed.shareSecret,
+        // Phase 4: the loopback support-channel secret (may be absent on installs
+        // created before Phase 4 — loadOrCreateSecrets backfills it).
+        supportChannelSecret: parsed.supportChannelSecret,
+      };
     }
   } catch {
     // missing / unreadable / malformed
@@ -68,7 +74,22 @@ function loadOrCreateSecrets(dataDir, env = process.env) {
 
   // 1. The stable per-install location wins.
   const stable = readSecretsFile(stablePath);
-  if (stable) return stable;
+  if (stable) {
+    // Backfill the Phase-4 support-channel secret on installs created earlier,
+    // WITHOUT rotating the login-signing tokens (which would log everyone out).
+    // Re-read + rewrite the raw file so any other fields are preserved.
+    if (!stable.supportChannelSecret) {
+      stable.supportChannelSecret = crypto.randomBytes(32).toString('base64url');
+      try {
+        const raw = JSON.parse(fs.readFileSync(stablePath, 'utf8'));
+        raw.supportChannelSecret = stable.supportChannelSecret;
+        fs.writeFileSync(stablePath, JSON.stringify(raw, null, 2), { mode: 0o600 });
+      } catch {
+        // can't persist (read-only fs?) — still usable for this run
+      }
+    }
+    return stable;
+  }
 
   // 2. Migrate a legacy in-workspace secrets file (preserve its tokens so
   //    pre-existing login cookies keep validating); otherwise generate fresh.
@@ -77,6 +98,11 @@ function loadOrCreateSecrets(dataDir, env = process.env) {
     partnerToken: crypto.randomBytes(24).toString('base64url'),
     shareSecret: crypto.randomBytes(32).toString('base64url'),
   };
+  // The support-channel secret can be (re)generated freely — it's not used to
+  // sign anything durable, just to authenticate the local daemon → server hop.
+  if (!secrets.supportChannelSecret) {
+    secrets.supportChannelSecret = crypto.randomBytes(32).toString('base64url');
+  }
 
   // 3. Persist to the stable location.
   try {
@@ -305,6 +331,13 @@ export function buildConfig(overrides = {}) {
       overrides.shareSecret ||
       env.WILD_WORKSPACE_SHARE_SECRET ||
       secrets().shareSecret,
+    // Phase 4: authenticates the local bmo-sync daemon's loopback call to
+    // POST /api/support/agent-task (the daemon reads it from ~/.wild-workspace/
+    // secrets.json by the same convention). Never sent to the browser.
+    supportChannelSecret:
+      overrides.supportChannelSecret ||
+      env.WILD_WORKSPACE_SUPPORT_SECRET ||
+      secrets().supportChannelSecret,
     // The operator-channel token — null unless the user explicitly enabled the
     // channel (`wild-workspace operator enable`). Off by default. Server-side
     // only; never broadcast to the browser.

package/server/src/index.mjs

@@ -8,7 +8,7 @@ import { Hono } from 'hono';
 import { serveStatic } from '@hono/node-server/serve-static';
 import { serve } from '@hono/node-server';
 import { WebSocketServer } from 'ws';
-import { existsSync, mkdirSync, readFileSync, writeFileSync, readdirSync } from 'node:fs';
+import { existsSync, mkdirSync, readFileSync, writeFileSync, readdirSync, unlinkSync } from 'node:fs';
 import path from 'node:path';
 import url from 'node:url';
 import {
@@ -36,6 +36,7 @@ import { ActivityBus } from './activity.mjs';
 import { loadIdentity, saveIdentity, markOnboarded, TONES } from './agent-identity.mjs';
 import { probeAgentReadiness } from './agent-readiness.mjs';
 import { AutoUpdater, npmInstall, recordUpdate, loadUpdateSettings, PACKAGE_NAME } from './auto-update.mjs';
+import { consentStatus, revokeConsent, readAudit, OPERATE_TIER } from './support-consent.mjs';
 import { ClaudeLoginSession } from './agent-login.mjs';
 import { ErrorReporter } from './error-reporter.mjs';
 import { DaemonBridge } from './daemon.mjs';
@@ -1036,6 +1037,195 @@ export async function createServer(overrides = {}) {
     });
   });
 
+  // Support consent + audit (Phase 3, Pillar E) — the user's view of the
+  // out-of-band support channel: is support allowed (tier/expiry), was it acting
+  // recently, and a feed of everything it did (the daemon writes the audit; this
+  // is the read side the UI banner polls + the one-tap revoke). The daemon is the
+  // enforcement gate; these are the owner-facing surfaces.
+  const SUPPORT_ACTIVE_WINDOW_MS = 120_000; // a recent action = "support acting"
+
+  // Phase 4, Pillar E — the LIVE operate state for the agent-task channel: while
+  // support is driving the agent, the owner must SEE it happening and be able to
+  // stop it mid-flight (the screen-share promise). `agent-task` populates this; the
+  // banner polls it via /api/support/status and can hit /operate/cancel.
+  const OPERATE_LINE_CAP = 40;
+  const OPERATE_LINGER_MS = 12_000; // keep the finished transcript briefly visible
+  let supportOperate = null; // { taskId, startedAt, endedAt, done, lines, session }
+  const operateLineFor = (chunk) => {
+    if (!chunk || typeof chunk !== 'object') return null;
+    if (chunk.type === 'text' && chunk.text) return chunk.text.trim().slice(0, 160);
+    if (chunk.type === 'tool-use' && chunk.name) return `⚙ ${chunk.name}`;
+    if (chunk.type === 'error' && chunk.message) return `⚠ ${String(chunk.message).slice(0, 160)}`;
+    return null;
+  };
+
+  app.get('/api/support/status', (c) => {
+    const forbidden = require(c, 'chat');
+    if (forbidden) return forbidden;
+    const s = consentStatus(globalDir());
+    const audit = readAudit(globalDir(), { limit: 1 });
+    const last = audit[0] || null;
+    const active = Boolean(last && Date.now() - (last.ts || 0) < SUPPORT_ACTIVE_WINDOW_MS);
+    const operate = supportOperate
+      ? {
+          active: !supportOperate.done,
+          taskId: supportOperate.taskId,
+          startedAt: supportOperate.startedAt,
+          lines: supportOperate.lines.slice(-12),
+        }
+      : null;
+    return c.json({
+      enabled: s.enabled,
+      tier: s.tier,
+      expiresAt: s.expiresAt,
+      remainingMs: s.remainingMs,
+      active,
+      operate,
+      lastAction: last ? { action: last.action, ts: last.ts, ok: last.ok } : null,
+    });
+  });
+
+  app.get('/api/support/audit', (c) => {
+    const forbidden = require(c, 'chat');
+    if (forbidden) return forbidden;
+    const limit = Math.min(200, Math.max(1, Number(c.req.query('limit')) || 50));
+    return c.json({ audit: readAudit(globalDir(), { limit }) });
+  });
+
+  app.post('/api/support/revoke', (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    const removed = revokeConsent(globalDir());
+    appendLine('operator', `support consent revoked via UI removed=${removed}`);
+    activityBus.publish({ type: 'support-revoked', at: Date.now() });
+    return c.json({ revoked: removed });
+  });
+
+  // Phase 4 (Pillar E): stop a running support agent-task mid-flight (the banner's
+  // "Stop" button). Owner-gated like revoke. Kills the local AgentSession; the
+  // daemon's streaming relay ends, and the operator's SSE closes.
+  app.post('/api/support/operate/cancel', (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    const had = Boolean(supportOperate && !supportOperate.done);
+    try {
+      supportOperate?.session?.cancel();
+    } catch {
+      /* best-effort */
+    }
+    if (had) appendLine('operator', `agent-task ${supportOperate?.taskId} stopped by owner`);
+    return c.json({ cancelled: had });
+  });
+
+  // Phase 4 (agent-mediated operation, server-up path). The bmo-sync daemon's
+  // tier-3 `agent-task` action calls this over GENUINE LOOPBACK when :5173 is up,
+  // so the support task runs with the user's real agent + workspace context
+  // (the daemon-spawn fallback for when :5173 is down is PR 4.2). Triple-gated:
+  //   1. loopback-only — a tunneled visitor 404s (never reachable publicly);
+  //   2. the daemon-shared support-channel secret (config.supportChannelSecret);
+  //   3. a LIVE tier-3 consent grant — defense in depth (the daemon already gates,
+  //      but we re-check so a direct hit can't operate un-consented).
+  // Streams the agent's chunks back as NDJSON (one JSON object per line) for the
+  // daemon to relay upward as `control_progress` frames.
+  app.post('/api/support/agent-task', async (c) => {
+    if (!isGenuineLoopback(c)) return c.json({ error: 'not_found' }, 404);
+    const secret = c.req.header('x-support-secret');
+    if (!config.supportChannelSecret || secret !== config.supportChannelSecret) {
+      return c.json({ error: 'forbidden' }, 403);
+    }
+    const cs = consentStatus(globalDir());
+    if (!cs.enabled || (cs.tier || 0) < OPERATE_TIER) {
+      return c.json({ error: cs.enabled ? 'tier-insufficient' : 'no-consent' }, 403);
+    }
+    if (!activeAgent) return c.json({ error: 'no-agent' }, 503);
+
+    let body;
+    try {
+      body = await c.req.json();
+    } catch {
+      body = {};
+    }
+    const prompt = typeof body.prompt === 'string' ? body.prompt.trim() : '';
+    if (!prompt) return c.json({ error: 'no-prompt' }, 400);
+    const taskId = typeof body.taskId === 'string' ? body.taskId.slice(0, 64) : 'task';
+    const mode = body.mode === 'plan' ? 'plan' : 'build';
+
+    appendLine('operator', `agent-task ${taskId} start mode=${mode} agent=${activeAgent.id}`);
+    activityBus.publish({ type: 'support-agent-task', taskId, at: Date.now() });
+
+    const enc = new TextEncoder();
+    const session = new AgentSession(activeAgent);
+    // Pillar E: publish the LIVE operate state so the owner's banner shows
+    // "support is operating your agent" + a transcript + a Stop button.
+    supportOperate = { taskId, startedAt: Date.now(), endedAt: null, done: false, lines: [], session };
+    const recordLine = (chunk) => {
+      const line = operateLineFor(chunk);
+      if (!line || !supportOperate) return;
+      supportOperate.lines.push({ ts: Date.now(), text: line });
+      if (supportOperate.lines.length > OPERATE_LINE_CAP) supportOperate.lines.shift();
+    };
+    const SUPPORT_SYS =
+      "You are VentureWild support, operating this machine with the user's explicit, " +
+      'time-boxed consent. Work the given task end to end, narrate what you do in plain ' +
+      'language, and stop when it is resolved.';
+
+    const stream = new ReadableStream({
+      start(controller) {
+        let closed = false;
+        const push = (obj) => {
+          if (closed) return;
+          try {
+            controller.enqueue(enc.encode(JSON.stringify(obj) + '\n'));
+          } catch {
+            closed = true;
+          }
+        };
+        session.on('chunk', (chunk) => {
+          recordLine(chunk);
+          push(chunk);
+        });
+        session.on('stderr', (text) => push({ type: 'stderr', text }));
+        session.on('error', (err) => push({ type: 'error', message: String(err?.message || err) }));
+        session.on('end', ({ code }) => {
+          push({ type: 'end', code });
+          appendLine('operator', `agent-task ${taskId} end code=${code}`);
+          // Mark the operate session finished; keep the transcript briefly visible,
+          // then clear it so the banner returns to the resting state.
+          if (supportOperate && supportOperate.taskId === taskId) {
+            supportOperate.done = true;
+            supportOperate.endedAt = Date.now();
+            const finished = supportOperate;
+            setTimeout(() => {
+              if (supportOperate === finished) supportOperate = null;
+            }, OPERATE_LINGER_MS).unref?.();
+          }
+          if (!closed) {
+            closed = true;
+            try {
+              controller.close();
+            } catch {}
+          }
+        });
+        session.send(prompt, {
+          cwd: config.workspaceDir,
+          mode,
+          appendSystemPrompt: SUPPORT_SYS,
+        });
+      },
+      cancel() {
+        // Operator disconnected mid-task (the daemon dropped the relay) — kill it.
+        try {
+          session.cancel();
+        } catch {}
+      },
+    });
+
+    return c.body(stream, 200, {
+      'Content-Type': 'application/x-ndjson',
+      'Cache-Control': 'no-cache',
+    });
+  });
+
   // In-app "Sign in to Claude" — drives `claude auth login` in a real PTY so the
   // browser OAuth callback auto-completes and the user never touches a terminal.
   // (See agent-login.mjs.) Claude opens the OAuth URL in the user's browser itself
@@ -1809,6 +1999,22 @@ export async function createServer(overrides = {}) {
     httpServer.once('error', reject);
   });
 
+  // Phase 3: record our pid so the bmo-sync daemon's out-of-band `restart-server`
+  // support action can KILL us (the always-on supervisor then respawns) — even
+  // when :5173 is unreachable from outside. {pid, startedAt, port} lets the killer
+  // validate it's really us before signalling (see the daemon's restart-server).
+  // Skipped under tests (many parallel servers would clobber the shared file).
+  if (process.env.VITEST !== 'true' && config.nodeEnv !== 'test') {
+    try {
+      mkdirSync(globalDir(), { recursive: true });
+      writeFileSync(
+        path.join(globalDir(), 'server.pid'),
+        JSON.stringify({ pid: process.pid, startedAt: Date.now(), port: config.port }),
+        { mode: 0o600 },
+      );
+    } catch { /* best-effort — restart-server falls back to a health probe */ }
+  }
+
   // --- websocket bridge ---
   const wss = new WebSocketServer({ noServer: true });
   httpServer.on('upgrade', async (req, socket, head) => {
@@ -1971,6 +2177,15 @@ export async function createServer(overrides = {}) {
       try { inboxWatcher.stop(); } catch {}
       try { daemonBridge?.stop(); } catch {}
       try { tunnelWatchdog?.stop(); } catch {}
+      // Drop our server.pid marker if it's still ours (best-effort; a crash
+      // leaves a stale one, which restart-server validates pid-alive before using).
+      if (process.env.VITEST !== 'true' && config.nodeEnv !== 'test') {
+        try {
+          const pf = path.join(globalDir(), 'server.pid');
+          const rec = JSON.parse(readFileSync(pf, 'utf8'));
+          if (rec?.pid === process.pid) unlinkSync(pf);
+        } catch { /* gone or not ours */ }
+      }
       // The daemon is deliberately NOT stopped here — it is detached so sync
       // keeps running after wild-workspace closes. `wild-workspace daemon
       // stop` is the explicit off-switch.

package/server/src/supervisor.mjs

@@ -115,6 +115,16 @@ export class WorkspaceSupervisor {
     autoUpdate = env.WILD_WORKSPACE_NO_AUTOUPDATE !== '1',
     updatePollMs = 60 * 60 * 1000, // wake hourly; AutoUpdater gates real checks
     autoUpdaterFactory = null, //     test seam: (supervisor) => AutoUpdater-like
+    // Phase 3 (Pillar A prerequisite): the always-on supervisor keeps the bmo-sync
+    // DAEMON alive too, independent of the workspace server. The daemon hosts the
+    // out-of-band support channel (reachable when :5173 is down), so it must not
+    // depend on the server being up. The server still ensureRunning()s the daemon
+    // at boot (idempotent); this is the keep-alive owner. On by default; kill switch
+    // WILD_WORKSPACE_NO_DAEMON_SUPERVISION=1. Only wired in start() (not the unit
+    // -test path, which calls daemonTick() directly with an injected factory).
+    superviseDaemon = env.WILD_WORKSPACE_NO_DAEMON_SUPERVISION !== '1',
+    daemonPollMs = 10000, //          probe the daemon every 10s
+    daemonSupervisorFactory = null, // test seam: (supervisor) => DaemonSupervisor-like
   } = {}) {
     Object.assign(this, {
       serverEntry, workspaceDir, port, globalDir, node, pollMs,
@@ -122,12 +132,21 @@ export class WorkspaceSupervisor {
       crashLoopThreshold, diagnosticsImpl,
       autoRestartOnVersionDrift, versionImpl, installedVersionImpl,
       autoUpdate, updatePollMs, autoUpdaterFactory,
+      superviseDaemon, daemonPollMs, daemonSupervisorFactory,
     });
     this.autoUpdater = null;
     this.updateTimer = null;
+    this.daemonSupervisor = null;
+    this.daemonTimer = null;
+    this._daemonTicking = false;
     this.logFile = path.join(globalDir, 'supervisor.log');
     this.serverLogFile = path.join(globalDir, 'server.out.log');
     this.lockFile = path.join(globalDir, 'supervisor.lock');
+    // Phase 3.2: the bmo-sync daemon drops this file (a consented support
+    // `restart-server` action) for us to action — so a restart can be triggered
+    // out-of-band even when :5173 is wedged. We kill the child; the next tick
+    // respawns it from disk (new code loads). Safe: absent file = no-op.
+    this.restartRequestFile = path.join(globalDir, 'restart-request.json');
     this.child = null;
     this.backoff = backoffStartMs;
     this.lastSpawn = 0;
@@ -190,8 +209,30 @@ export class WorkspaceSupervisor {
     return this.child;
   }
 
+  /**
+   * Consume a pending support `restart-server` request (Phase 3.2). Returns true
+   * iff a request file was present (and removes it). Reading-then-deleting makes
+   * "present" mean "unhandled" — idempotent across ticks.
+   */
+  consumeRestartRequest() {
+    try {
+      fs.readFileSync(this.restartRequestFile); // throws if absent
+    } catch {
+      return false;
+    }
+    try { fs.unlinkSync(this.restartRequestFile); } catch { /* best-effort */ }
+    return true;
+  }
+
   /** One supervision step. Returns its decision (exposed for tests). */
   async tick() {
+    // Phase 3.2: a consented support restart request takes priority — kill the
+    // child so the next tick respawns it from disk (picks up any new code).
+    if (this.consumeRestartRequest()) {
+      this.log('restart-server requested (support channel) — restarting');
+      this.restartChild();
+      return 'restart-requested';
+    }
     if (await this.probeImpl(this.port, this.probeTimeoutMs)) {
       this.backoff = this.backoffStartMs; // healthy → reset backoff
       this.spawnCount = 0; //              healthy → not a crash loop
@@ -322,6 +363,52 @@ export class WorkspaceSupervisor {
       .catch((e) => this.log(`auto-update error: ${e?.message || e}`));
   }
 
+  /**
+   * Build the DaemonSupervisor the always-on layer owns. Reads a FRESH config
+   * (not the stale module constant) so the account token / relay in effect when
+   * always-on starts are used. Lazy import keeps the unit-test path (which never
+   * calls start()) free of config + daemon-supervisor. Test seam: factory.
+   */
+  async buildDaemonSupervisor() {
+    if (this.daemonSupervisorFactory) return this.daemonSupervisorFactory(this);
+    const [{ buildConfig }, { DaemonSupervisor }] = await Promise.all([
+      import('./config.mjs'),
+      import('./daemon-supervisor.mjs'),
+    ]);
+    const config = buildConfig({ workspaceDir: this.workspaceDir, port: this.port });
+    return new DaemonSupervisor({
+      httpBase: config.daemonHttpUrl,
+      globalDir: this.globalDir,
+      accountToken: config.accountToken,
+      serverUrl: config.bmoSyncServerUrl,
+    });
+  }
+
+  /**
+   * One daemon-supervision step: if the daemon isn't answering /health, (re)start
+   * it. Deliberately INDEPENDENT of server health — the daemon (and its support
+   * channel) must stay up even when the server is crashed/mid-upgrade. Re-entrancy
+   * guarded so a slow spawn can't overlap the next tick. Never throws.
+   */
+  async daemonTick() {
+    if (!this.daemonSupervisor || this._daemonTicking) return 'skip';
+    this._daemonTicking = true;
+    try {
+      const h = await this.daemonSupervisor.health();
+      if (h && h.running) return 'healthy';
+      const r = await this.daemonSupervisor.ensureRunning();
+      if (r && r.started) { this.log(`daemon respawned (pid=${r.pid})`); return 'respawned'; }
+      if (r && r.alreadyRunning) return 'healthy';
+      this.log(`daemon down, respawn not started: ${r?.error || 'unknown'}`);
+      return 'failed';
+    } catch (e) {
+      this.log(`daemon-tick error: ${e?.message || e}`);
+      return 'error';
+    } finally {
+      this._daemonTicking = false;
+    }
+  }
+
   /** Acquire the lock and start the supervision loop. Idempotent across processes. */
   start() {
     if (!this.acquireLock()) return { started: false, reason: 'already-running' };
@@ -343,12 +430,24 @@ export class WorkspaceSupervisor {
         if (kick.unref) kick.unref();
       }).catch((e) => this.log(`auto-update init error: ${e?.message || e}`));
     }
+
+    // Phase 3: keep the bmo-sync daemon alive independent of the server, so the
+    // out-of-band support channel survives the server being down.
+    if (this.superviseDaemon && this.env.VITEST !== 'true' && this.env.NODE_ENV !== 'test') {
+      this.buildDaemonSupervisor().then((d) => {
+        this.daemonSupervisor = d;
+        this.daemonTimer = setInterval(() => { this.daemonTick().catch((e) => this.log(`daemon-tick error: ${e?.message || e}`)); }, this.daemonPollMs);
+        if (this.daemonTimer.unref) this.daemonTimer.unref();
+        this.daemonTick().catch(() => {}); // first probe now
+      }).catch((e) => this.log(`daemon supervision init error: ${e?.message || e}`));
+    }
     return { started: true };
   }
 
   stop() {
     if (this.timer) { clearInterval(this.timer); this.timer = null; }
     if (this.updateTimer) { clearInterval(this.updateTimer); this.updateTimer = null; }
+    if (this.daemonTimer) { clearInterval(this.daemonTimer); this.daemonTimer = null; }
     this.releaseLock();
   }
 }