@wipcomputer/wip-ldm-os 0.4.78 → 0.4.80

package/SKILL.md

@@ -9,7 +9,7 @@ license: MIT
 compatibility: Requires git, npm, node. Node.js 18+.
 metadata:
   display-name: "LDM OS"
-  version: "0.4.78"
+  version: "0.4.80"
   homepage: "https://github.com/wipcomputer/wip-ldm-os"
   author: "Parker Todd Brooks"
   category: infrastructure

package/bin/ldm.js

@@ -2892,6 +2892,63 @@ async function cmdDoctor() {
     cleanupStaleClaudeCodeEnv();
   }
 
+  // 3b. MCP health check (Phase 3c)
+  //
+  // Walk ~/.claude.json#mcpServers. For every entry whose command is node
+  // and whose first arg resolves under ~/.ldm/extensions/ or ~/.openclaw/
+  // extensions/, verify the file exists and parses. Report any that do not.
+  //
+  // This catches the failure mode where an extension renamed its MCP file,
+  // updated its deployed artifacts, but the old .claude.json entry still
+  // points at a path that was rotated into _trash. Surfacing these in
+  // doctor makes the class of failure loud instead of silent.
+  {
+    const ccUserPath = join(HOME, '.claude.json');
+    const ccUser = readJSON(ccUserPath);
+    const ldmExtRoot = LDM_EXTENSIONS;
+    const ocExtRoot = join(HOME, '.openclaw', 'extensions');
+    const broken = [];
+    if (ccUser?.mcpServers) {
+      for (const [name, cfg] of Object.entries(ccUser.mcpServers)) {
+        if (cfg?.command !== 'node') continue;
+        const args = Array.isArray(cfg.args) ? cfg.args : [];
+        const first = args[0];
+        if (!first || typeof first !== 'string') continue;
+        const underExt = first.startsWith(ldmExtRoot + '/') || first.startsWith(ocExtRoot + '/');
+        if (!underExt) continue;
+        if (!existsSync(first)) {
+          broken.push({ name, path: first, reason: 'missing' });
+          continue;
+        }
+        try {
+          execSync(`node --check "${first}"`, { stdio: 'pipe', timeout: 5000 });
+        } catch (e) {
+          const stderr = (e && e.stderr && e.stderr.toString && e.stderr.toString().trim()) || (e && e.message) || 'unparseable';
+          broken.push({ name, path: first, reason: 'unparseable', detail: stderr.split('\n')[0] });
+        }
+      }
+    }
+    if (broken.length > 0) {
+      for (const b of broken) {
+        const detail = b.detail ? ` (${b.detail})` : '';
+        console.log(`  ! MCP ${b.name}: ${b.reason} at ${b.path}${detail}`);
+      }
+      if (FIX_FLAG && ccUser?.mcpServers) {
+        for (const b of broken) {
+          delete ccUser.mcpServers[b.name];
+          console.log(`  + Removed dangling MCP: ${b.name}`);
+        }
+        writeFileSync(ccUserPath, JSON.stringify(ccUser, null, 2) + '\n');
+        // --fix resolved them, do not count as outstanding issues
+      } else {
+        console.log(`    Run: ldm doctor --fix to remove ${broken.length} dangling MCP entr${broken.length === 1 ? 'y' : 'ies'}`);
+        issues += broken.length;
+      }
+    } else if (ccUser?.mcpServers && Object.keys(ccUser.mcpServers).length > 0) {
+      console.log(`  + MCP entries under LDM/OC extensions: all paths exist and parse`);
+    }
+  }
+
   // 4. Check sacred locations
   const sacred = [
     { path: join(LDM_ROOT, 'memory'), label: 'memory/' },

package/dist/bridge/{chunk-7NH6JBIO.js → chunk-O65O6CCM.js}

@@ -156,18 +156,41 @@ function messageMatchesSession(msgTo, agentId, sessionName) {
   if (target.session === "*") return true;
   return target.session === sessionName;
 }
+function findMessageById(id) {
+  if (!id) return null;
+  for (const dir of [MESSAGES_DIR, PROCESSED_DIR]) {
+    const candidate = join(dir, `${id}.json`);
+    if (!existsSync(candidate)) continue;
+    try {
+      const data = JSON.parse(readFileSync(candidate, "utf-8"));
+      return data;
+    } catch {
+    }
+  }
+  return null;
+}
 function pushInbox(msg) {
   try {
     mkdirSync(MESSAGES_DIR, { recursive: true });
     const id = randomUUID();
+    let resolvedTo = msg.to;
+    const explicitBroadcast = resolvedTo === "*" || resolvedTo === "all" || resolvedTo && resolvedTo.endsWith(":*");
+    const agentOnly = resolvedTo && !resolvedTo.includes(":") && !explicitBroadcast;
+    if (msg.inReplyTo && (!resolvedTo || agentOnly)) {
+      const original = findMessageById(msg.inReplyTo);
+      if (original && original.from) {
+        resolvedTo = original.from;
+      }
+    }
     const data = {
       id,
       type: msg.type || "chat",
       from: msg.from || "unknown",
-      to: msg.to || `${_sessionAgentId}:${_sessionName}`,
+      to: resolvedTo || `${_sessionAgentId}:${_sessionName}`,
       body: msg.body || msg.message || "",
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-      read: false
+      read: false,
+      ...msg.inReplyTo ? { inReplyTo: msg.inReplyTo } : {}
     };
     writeFileSync(join(MESSAGES_DIR, `${id}.json`), JSON.stringify(data, null, 2) + "\n");
     return inboxCount();
@@ -245,14 +268,27 @@ function sendLdmMessage(opts) {
   try {
     mkdirSync(MESSAGES_DIR, { recursive: true });
     const id = randomUUID();
+    let resolvedTo = opts.to;
+    const explicitBroadcast = resolvedTo === "*" || resolvedTo === "all" || resolvedTo && resolvedTo.endsWith(":*");
+    const agentOnly = resolvedTo && !resolvedTo.includes(":") && !explicitBroadcast;
+    if (opts.inReplyTo && (!resolvedTo || agentOnly)) {
+      const original = findMessageById(opts.inReplyTo);
+      if (original && original.from) {
+        resolvedTo = original.from;
+      }
+    }
+    if (!resolvedTo) {
+      return null;
+    }
     const data = {
       id,
       type: opts.type || "chat",
       from: opts.from || `${_sessionAgentId}:${_sessionName}`,
-      to: opts.to,
+      to: resolvedTo,
       body: opts.body,
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-      read: false
+      read: false,
+      ...opts.inReplyTo ? { inReplyTo: opts.inReplyTo } : {}
     };
     writeFileSync(join(MESSAGES_DIR, `${id}.json`), JSON.stringify(data, null, 2) + "\n");
     return id;
@@ -652,6 +688,7 @@ export {
   setSessionIdentity,
   getSessionIdentity,
   refreshSessionIdentity,
+  findMessageById,
   pushInbox,
   drainInbox,
   inboxCount,

package/dist/bridge/cli.js

@@ -8,7 +8,7 @@ import {
   searchConversations,
   searchWorkspace,
   sendMessage
-} from "./chunk-7NH6JBIO.js";
+} from "./chunk-O65O6CCM.js";
 import "./chunk-3RG5ZIWI.js";
 
 // cli.ts

package/dist/bridge/core.d.ts

@@ -20,6 +20,7 @@ interface InboxMessage {
     message?: string;
     timestamp: string;
     read: boolean;
+    inReplyTo?: string;
 }
 interface ConversationResult {
     text: string;
@@ -60,9 +61,23 @@ declare function getSessionIdentity(): {
  * Cheap: one file read per call. No network. No delay.
  */
 declare function refreshSessionIdentity(): void;
+/**
+ * Look up a message by id in the inbox or processed dir. Returns null if
+ * not found. Used by reply-to-sender routing.
+ */
+declare function findMessageById(id: string): InboxMessage | null;
 /**
  * Write a message to the file-based inbox.
  * Creates a JSON file at ~/.ldm/messages/{uuid}.json.
+ *
+ * Reply-to-sender routing (added 2026-04-20):
+ *   If `inReplyTo` is set AND `to` is missing or agent-only (no colon),
+ *   the bridge looks up the referenced message and copies its `from` into
+ *   this message's `to`. This makes replies land at the specific session
+ *   that sent the original, rather than broadcasting to every session of
+ *   the agent (which is what Apr 10's Option 1 shipped as a safety net).
+ *   Callers that explicitly want broadcast can still use
+ *   `to: "<agent>:*"` or `to: "*"`.
  */
 declare function pushInbox(msg: {
     from: string;
@@ -70,6 +85,7 @@ declare function pushInbox(msg: {
     body?: string;
     to?: string;
     type?: string;
+    inReplyTo?: string;
 }): number;
 /**
  * Read and drain all messages for this session from the inbox.
@@ -92,9 +108,10 @@ declare function inboxCountBySession(): Record<string, number>;
  */
 declare function sendLdmMessage(opts: {
     from?: string;
-    to: string;
+    to?: string;
     body: string;
     type?: string;
+    inReplyTo?: string;
 }): string | null;
 interface SessionInfo {
     name: string;
@@ -144,4 +161,4 @@ declare function discoverSkills(openclawDir: string): SkillInfo[];
 declare function executeSkillScript(skillDir: string, scripts: string[], scriptName: string | undefined, args: string): Promise<string>;
 declare function readWorkspaceFile(workspaceDir: string, filePath: string): WorkspaceFileResult;
 
-export { type BridgeConfig, type ConversationResult, type GatewayConfig, type InboxMessage, LDM_ROOT, type SessionInfo, type SkillInfo, type WorkspaceFileResult, type WorkspaceSearchResult, blobToEmbedding, cosineSimilarity, discoverSkills, drainInbox, executeSkillScript, findMarkdownFiles, getQueryEmbedding, getSessionIdentity, inboxCount, inboxCountBySession, listActiveSessions, pushInbox, readWorkspaceFile, refreshSessionIdentity, registerBridgeSession, resolveApiKey, resolveConfig, resolveConfigMulti, resolveGatewayConfig, searchConversations, searchWorkspace, sendLdmMessage, sendMessage, setSessionIdentity };
+export { type BridgeConfig, type ConversationResult, type GatewayConfig, type InboxMessage, LDM_ROOT, type SessionInfo, type SkillInfo, type WorkspaceFileResult, type WorkspaceSearchResult, blobToEmbedding, cosineSimilarity, discoverSkills, drainInbox, executeSkillScript, findMarkdownFiles, findMessageById, getQueryEmbedding, getSessionIdentity, inboxCount, inboxCountBySession, listActiveSessions, pushInbox, readWorkspaceFile, refreshSessionIdentity, registerBridgeSession, resolveApiKey, resolveConfig, resolveConfigMulti, resolveGatewayConfig, searchConversations, searchWorkspace, sendLdmMessage, sendMessage, setSessionIdentity };

package/dist/bridge/core.js

@@ -6,6 +6,7 @@ import {
   drainInbox,
   executeSkillScript,
   findMarkdownFiles,
+  findMessageById,
   getQueryEmbedding,
   getSessionIdentity,
   inboxCount,
@@ -24,7 +25,7 @@ import {
   sendLdmMessage,
   sendMessage,
   setSessionIdentity
-} from "./chunk-7NH6JBIO.js";
+} from "./chunk-O65O6CCM.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   LDM_ROOT,
@@ -34,6 +35,7 @@ export {
   drainInbox,
   executeSkillScript,
   findMarkdownFiles,
+  findMessageById,
   getQueryEmbedding,
   getSessionIdentity,
   inboxCount,

package/dist/bridge/mcp-server.js

@@ -15,7 +15,7 @@ import {
   sendLdmMessage,
   sendMessage,
   setSessionIdentity
-} from "./chunk-7NH6JBIO.js";
+} from "./chunk-O65O6CCM.js";
 import {
   __require
 } from "./chunk-3RG5ZIWI.js";
@@ -225,7 +225,7 @@ Message delivered to the gateway (fire-and-forget). L\u0113sa will process it th
 server.registerTool(
   "lesa_check_inbox",
   {
-    description: "Check for pending messages in the file-based inbox (~/.ldm/messages/). Messages can come from OpenClaw agents, other Claude Code sessions, or CLI. Returns all pending messages for this session and marks them as read.",
+    description: "Check for pending messages in the file-based inbox (~/.ldm/messages/). Messages can come from OpenClaw agents, other Claude Code sessions, or CLI. Returns all pending messages for this session and marks them as read. Each entry includes [id: <uuid>] so you can pass it to lesa_reply_to_sender when replying to a specific message.",
     inputSchema: {}
   },
   async () => {
@@ -233,13 +233,43 @@ server.registerTool(
     if (messages.length === 0) {
       return { content: [{ type: "text", text: "No pending messages." }] };
     }
-    const text = messages.map((m) => `**${m.from}** [${m.type}] (${m.timestamp}):
+    const text = messages.map((m) => `**${m.from}** [${m.type}] (${m.timestamp}) [id: ${m.id}]:
 ${m.body || m.message}`).join("\n\n---\n\n");
     return { content: [{ type: "text", text: `${messages.length} message(s):
 
 ${text}` }] };
   }
 );
+server.registerTool(
+  "lesa_reply_to_sender",
+  {
+    description: "Reply to a specific inbox message, routing back to the exact session that sent it (not broadcast). Use this instead of ldm_send_message when responding to something you saw in lesa_check_inbox. The message id is printed as [id: <uuid>] in the inbox output.\n\nIf the message id can't be found (already deleted, typo, etc.) the reply is still written with a best-effort target derived from the message sender field you pass in as fallback.",
+    inputSchema: {
+      messageId: z.string().describe("The inbox message id you are replying to (from the [id: ...] field in lesa_check_inbox output)"),
+      body: z.string().describe("Reply body"),
+      type: z.string().optional().default("chat").describe("Message type: chat, system, task (default: chat)")
+    }
+  },
+  async ({ messageId, body, type }) => {
+    try {
+      const { agentId, sessionName } = getSessionIdentity();
+      sendLdmMessage({
+        from: `${agentId}:${sessionName}`,
+        body,
+        type: type || "chat",
+        inReplyTo: messageId
+      });
+      return {
+        content: [{
+          type: "text",
+          text: `Replied to message ${messageId}. Routed back to the original sender (not broadcast).`
+        }]
+      };
+    } catch (err) {
+      return { content: [{ type: "text", text: `Error replying: ${err.message}` }], isError: true };
+    }
+  }
+);
 server.registerTool(
   "ldm_send_message",
   {

package/lib/deploy.mjs

@@ -245,9 +245,17 @@ function buildSourceInfo(repoPath, pkg) {
     hasInfo = true;
   }
 
-  // If the repo path is inside ~/.ldm/tmp/, it was cloned from somewhere.
-  // Try to get the remote URL from git.
-  if (!source.repo) {
+  // If the repo path is itself a git working tree, trust its origin URL.
+  // Previously this ran git remote unconditionally, which walks up the
+  // directory tree. For npm-sourced installs extracted under ~/.ldm/tmp/
+  // (inside the tracked ~/.ldm repo), git happily returned the parent
+  // tracking repo's remote (wipcomputer/...-system-private) as the
+  // source for every extension. Registry source.repo was therefore
+  // unreliable. Now we only consult git if repoPath itself has a .git
+  // entry (directory for normal clones, file for worktrees). If it
+  // does not, we leave source.repo unset rather than capturing an
+  // ancestor's remote.
+  if (!source.repo && existsSync(join(repoPath, '.git'))) {
     try {
       const remote = execSync('git remote get-url origin 2>/dev/null', {
         cwd: repoPath,
@@ -882,6 +890,60 @@ function verifyOcConfig(pluginDirName) {
   }
 }
 
+/**
+ * Phase 3b: remove a stale MCP registration for an extension whose current
+ * source no longer exposes an MCP interface. Keyed on path, not source
+ * metadata (buildSourceInfo is known to capture the parent repo's remote
+ * when extraction lands inside another git working tree).
+ *
+ * Removes the entry from ~/.claude.json#mcpServers if the args path
+ * resolves under LDM_EXTENSIONS/<toolName> or OC_EXTENSIONS/<toolName>.
+ * No-op if no entry exists or the path points elsewhere.
+ */
+function unregisterStaleMCP(toolName) {
+  const ccUserPath = join(HOME, '.claude.json');
+  const ccUser = readJSON(ccUserPath);
+  const entry = ccUser?.mcpServers?.[toolName];
+  if (!entry) return;
+
+  const firstArg = Array.isArray(entry.args) ? entry.args[0] : null;
+  if (!firstArg || typeof firstArg !== 'string') return;
+
+  const ldmExt = join(LDM_EXTENSIONS, toolName);
+  const ocExt = join(OC_EXTENSIONS, toolName);
+  const pointsHere = firstArg.startsWith(ldmExt + '/') || firstArg.startsWith(ocExt + '/');
+  if (!pointsHere) return;
+
+  if (DRY_RUN) {
+    ok(`MCP: would unregister stale ${toolName} entry pointing at ${firstArg} (dry run)`);
+    return;
+  }
+
+  try {
+    execSync(`claude mcp remove ${toolName} --scope user`, { stdio: 'pipe' });
+    ok(`MCP: unregistered stale ${toolName} entry (source no longer exposes MCP)`);
+  } catch {
+    // Fallback: direct edit to ~/.claude.json
+    try {
+      const cfg = readJSON(ccUserPath) || {};
+      if (cfg.mcpServers && cfg.mcpServers[toolName]) {
+        delete cfg.mcpServers[toolName];
+        writeJSON(ccUserPath, cfg);
+        ok(`MCP: unregistered stale ${toolName} entry via direct .claude.json edit`);
+      }
+    } catch (e) {
+      log(`Warning: could not unregister stale MCP ${toolName}: ${e.message}`);
+    }
+  }
+
+  // Also clean OpenClaw side if installed.
+  try {
+    execSync(`openclaw mcp unset ${toolName}`, { stdio: 'pipe' });
+  } catch {
+    // Non-fatal. OpenClaw may not be installed, or may not have had this mcp.
+  }
+}
+
 function registerMCP(repoPath, door, toolName) {
   let rawName = toolName || door.name || basename(repoPath);
   // Strip /tmp/ clone prefixes (ldm-install-, wip-install-)
@@ -894,6 +956,27 @@ function registerMCP(repoPath, door, toolName) {
     : existsSync(ldmFallbackPath) ? ldmFallbackPath
     : repoServerPath;
 
+  // Postcondition: the resolved entrypoint must exist and parse before we
+  // touch ~/.claude.json. Previously, if the published tarball did not
+  // contain the declared mcp-server file (see wip-1password 0.2.3-alpha.2
+  // bug writeup), we still wrote the registration and left a dangling
+  // "Failed to connect" entry that was invisible until the user ran
+  // `claude mcp list`. Fail loudly instead.
+  if (!existsSync(mcpPath)) {
+    fail(`MCP: ${name} registration aborted. Resolved path does not exist: ${mcpPath}`);
+    fail(`MCP: candidates checked: ${ldmServerPath}, ${ldmFallbackPath}, ${repoServerPath}`);
+    fail(`MCP: verify the published package includes "${door.file}" (check files array).`);
+    return false;
+  }
+  try {
+    execSync(`node --check "${mcpPath}"`, { stdio: 'pipe', timeout: 5000 });
+  } catch (e) {
+    const stderr = (e && e.stderr && e.stderr.toString && e.stderr.toString().trim()) || (e && e.message) || 'unknown error';
+    fail(`MCP: ${name} registration aborted. Entrypoint failed node --check: ${mcpPath}`);
+    fail(`MCP: ${stderr}`);
+    return false;
+  }
+
   // Check ~/.claude.json (user-level MCP)
   const ccUserPath = join(HOME, '.claude.json');
   const ccUser = readJSON(ccUserPath);
@@ -1272,6 +1355,12 @@ export function installSingleTool(toolPath) {
     } else {
       skip(`MCP: ${toolName} not enabled. Run: ldm enable ${toolName}`);
     }
+  } else {
+    // Phase 3b: source no longer exposes an MCP interface (file renamed,
+    // moved to src/, removed, etc). If a prior install registered an MCP
+    // whose args point into this extension's directory, un-register it so
+    // claude mcp list does not keep a dangling "Failed to connect" entry.
+    unregisterStaleMCP(toolName);
   }
 
   if (interfaces.claudeCodeHook) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ldm-os",
-  "version": "0.4.78",
+  "version": "0.4.80",
   "type": "module",
   "description": "LDM OS: identity, memory, and sovereignty infrastructure for AI agents",
   "engines": {

package/shared/docs/dev-guide-wipcomputerinc.md.tmpl

@@ -261,6 +261,23 @@ cd ~/.ldm/extensions/{name} && npm install --omit=dev
 openclaw gateway restart
 ```
 
+## Bridge: Reply Routing (lesa-bridge 0.4.1+)
+
+The bridge's file inbox (`~/.ldm/messages/`) supports three routing modes:
+
+| `to` field | Delivered to |
+|---|---|
+| `agent:session` | Exactly one session (unicast) |
+| `agent:*` | All sessions of that agent (explicit broadcast) |
+| `agent` (no colon) | All sessions of that agent (legacy broadcast, kept for compat) |
+| `*` or `all` | All agents, all sessions |
+
+**Reply-to-sender pattern (use this for replies).** When responding to a message you read via `lesa_check_inbox`, call `lesa_reply_to_sender({ messageId, body })` with the id from `[id: <uuid>]` in the inbox output. The bridge auto-resolves `to` to the original sender's fully-qualified identity (`agent:session`), so replies land at exactly one session instead of waking every cc-mini session on the machine.
+
+For non-reply sends (initiating a thread), use `ldm_send_message` with an explicit `agent:session` target, or `lesa_send_message` for OpenClaw (Lēsa) which goes through the gateway pipeline.
+
+Avoid agent-only targets (`to: "cc-mini"`) for replies. They still work (broadcast) but burn a turn in every idle cc-mini session that happens to be open. Reply-to-sender is the cheap, obvious, correct path.
+
 ## Branch Protection Audit
 
 Enforced on all 64 repos on 2026-02-20, re-audited 2026-02-27 (18 repos had drifted or were new). No force pushes to main. No direct pushes. No exceptions. The `lesaai` account is not exempt.

package/src/bridge/core.ts

@@ -65,6 +65,12 @@ export interface InboxMessage {
   message?: string; // legacy compat: alias for body
   timestamp: string;
   read: boolean;
+  // Optional: id of the message this is a reply to. When present on a
+  // pushInbox call and `to` is missing or agent-only, the bridge looks up
+  // the referenced message and copies its `from` into this message's `to`
+  // so replies land at the specific session that sent the original, not
+  // broadcast to every session of the agent.
+  inReplyTo?: string;
 }
 
 export interface ConversationResult {
@@ -287,22 +293,61 @@ function messageMatchesSession(msgTo: string, agentId: string, sessionName: stri
   return target.session === sessionName;
 }
 
+/**
+ * Look up a message by id in the inbox or processed dir. Returns null if
+ * not found. Used by reply-to-sender routing.
+ */
+export function findMessageById(id: string): InboxMessage | null {
+  if (!id) return null;
+  for (const dir of [MESSAGES_DIR, PROCESSED_DIR]) {
+    const candidate = join(dir, `${id}.json`);
+    if (!existsSync(candidate)) continue;
+    try {
+      const data = JSON.parse(readFileSync(candidate, "utf-8")) as InboxMessage;
+      return data;
+    } catch {}
+  }
+  return null;
+}
+
 /**
  * Write a message to the file-based inbox.
  * Creates a JSON file at ~/.ldm/messages/{uuid}.json.
+ *
+ * Reply-to-sender routing (added 2026-04-20):
+ *   If `inReplyTo` is set AND `to` is missing or agent-only (no colon),
+ *   the bridge looks up the referenced message and copies its `from` into
+ *   this message's `to`. This makes replies land at the specific session
+ *   that sent the original, rather than broadcasting to every session of
+ *   the agent (which is what Apr 10's Option 1 shipped as a safety net).
+ *   Callers that explicitly want broadcast can still use
+ *   `to: "<agent>:*"` or `to: "*"`.
  */
-export function pushInbox(msg: { from: string; message?: string; body?: string; to?: string; type?: string }): number {
+export function pushInbox(msg: { from: string; message?: string; body?: string; to?: string; type?: string; inReplyTo?: string }): number {
   try {
     mkdirSync(MESSAGES_DIR, { recursive: true });
     const id = randomUUID();
+
+    // Resolve reply target from inReplyTo if applicable.
+    let resolvedTo = msg.to;
+    const explicitBroadcast = resolvedTo === "*" || resolvedTo === "all" || (resolvedTo && resolvedTo.endsWith(":*"));
+    const agentOnly = resolvedTo && !resolvedTo.includes(":") && !explicitBroadcast;
+    if (msg.inReplyTo && (!resolvedTo || agentOnly)) {
+      const original = findMessageById(msg.inReplyTo);
+      if (original && original.from) {
+        resolvedTo = original.from;
+      }
+    }
+
     const data: InboxMessage = {
       id,
       type: msg.type || "chat",
       from: msg.from || "unknown",
-      to: msg.to || `${_sessionAgentId}:${_sessionName}`,
+      to: resolvedTo || `${_sessionAgentId}:${_sessionName}`,
       body: msg.body || msg.message || "",
       timestamp: new Date().toISOString(),
       read: false,
+      ...(msg.inReplyTo ? { inReplyTo: msg.inReplyTo } : {}),
     };
     writeFileSync(join(MESSAGES_DIR, `${id}.json`), JSON.stringify(data, null, 2) + "\n");
 
@@ -416,21 +461,45 @@ export function inboxCountBySession(): Record<string, number> {
  */
 export function sendLdmMessage(opts: {
   from?: string;
-  to: string;
+  to?: string;
   body: string;
   type?: string;
+  // Reply-to-sender routing (added 2026-04-20). If provided and `to` is
+  // missing or agent-only (no session suffix), `to` is auto-resolved from
+  // the referenced message's `from`, so the reply lands at exactly the
+  // session that sent the original. See
+  // ai/product/bugs/bridge/2026-04-20--cc-mini--bridge-reply-to-sender-routing.md
+  inReplyTo?: string;
 }): string | null {
   try {
     mkdirSync(MESSAGES_DIR, { recursive: true });
     const id = randomUUID();
+
+    // Resolve reply target from inReplyTo when applicable.
+    let resolvedTo = opts.to;
+    const explicitBroadcast = resolvedTo === "*" || resolvedTo === "all" || (resolvedTo && resolvedTo.endsWith(":*"));
+    const agentOnly = resolvedTo && !resolvedTo.includes(":") && !explicitBroadcast;
+    if (opts.inReplyTo && (!resolvedTo || agentOnly)) {
+      const original = findMessageById(opts.inReplyTo);
+      if (original && original.from) {
+        resolvedTo = original.from;
+      }
+    }
+    if (!resolvedTo) {
+      // No target and no inReplyTo to resolve from. Nothing safe to do
+      // except a no-op. Caller is at fault; return null to signal.
+      return null;
+    }
+
     const data: InboxMessage = {
       id,
       type: opts.type || "chat",
       from: opts.from || `${_sessionAgentId}:${_sessionName}`,
-      to: opts.to,
+      to: resolvedTo,
       body: opts.body,
       timestamp: new Date().toISOString(),
       read: false,
+      ...(opts.inReplyTo ? { inReplyTo: opts.inReplyTo } : {}),
     };
     writeFileSync(join(MESSAGES_DIR, `${id}.json`), JSON.stringify(data, null, 2) + "\n");
     return id;

package/src/bridge/mcp-server.ts

@@ -303,7 +303,9 @@ server.registerTool(
     description:
       "Check for pending messages in the file-based inbox (~/.ldm/messages/). " +
       "Messages can come from OpenClaw agents, other Claude Code sessions, or CLI. " +
-      "Returns all pending messages for this session and marks them as read.",
+      "Returns all pending messages for this session and marks them as read. " +
+      "Each entry includes [id: <uuid>] so you can pass it to lesa_reply_to_sender " +
+      "when replying to a specific message.",
     inputSchema: {},
   },
   async () => {
@@ -314,13 +316,57 @@ server.registerTool(
     }
 
     const text = messages
-      .map((m) => `**${m.from}** [${m.type}] (${m.timestamp}):\n${m.body || m.message}`)
+      .map((m) => `**${m.from}** [${m.type}] (${m.timestamp}) [id: ${m.id}]:\n${m.body || m.message}`)
       .join("\n\n---\n\n");
 
     return { content: [{ type: "text" as const, text: `${messages.length} message(s):\n\n${text}` }] };
   }
 );
 
+// Tool 5b: Reply to a specific message, routing back to the original sender.
+// Added 2026-04-20 to fix the "agent-only reply broadcasts to every session"
+// footgun. Caller passes the message id from lesa_check_inbox output; the
+// bridge resolves `to` to the original sender's fully-qualified identity,
+// so replies land at exactly one session instead of every session of the
+// agent. See ai/product/bugs/bridge/2026-04-20--cc-mini--bridge-reply-to-sender-routing.md
+server.registerTool(
+  "lesa_reply_to_sender",
+  {
+    description:
+      "Reply to a specific inbox message, routing back to the exact session " +
+      "that sent it (not broadcast). Use this instead of ldm_send_message when " +
+      "responding to something you saw in lesa_check_inbox. The message id is " +
+      "printed as [id: <uuid>] in the inbox output.\n\n" +
+      "If the message id can't be found (already deleted, typo, etc.) the reply " +
+      "is still written with a best-effort target derived from the message sender " +
+      "field you pass in as fallback.",
+    inputSchema: {
+      messageId: z.string().describe("The inbox message id you are replying to (from the [id: ...] field in lesa_check_inbox output)"),
+      body: z.string().describe("Reply body"),
+      type: z.string().optional().default("chat").describe("Message type: chat, system, task (default: chat)"),
+    },
+  },
+  async ({ messageId, body, type }) => {
+    try {
+      const { agentId, sessionName } = getSessionIdentity();
+      sendLdmMessage({
+        from: `${agentId}:${sessionName}`,
+        body,
+        type: type || "chat",
+        inReplyTo: messageId,
+      });
+      return {
+        content: [{
+          type: "text" as const,
+          text: `Replied to message ${messageId}. Routed back to the original sender (not broadcast).`,
+        }],
+      };
+    } catch (err: any) {
+      return { content: [{ type: "text" as const, text: `Error replying: ${err.message}` }], isError: true };
+    }
+  }
+);
+
 // Tool 6: Send message to any agent via file-based inbox (Phase 4)
 server.registerTool(
   "ldm_send_message",

package/src/bridge/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/ldm-bridge",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "private": true,
   "type": "module",
   "description": "WIP Bridge ... agent-to-agent communication, memory search, skill bridging. Core module of LDM OS.",