@wipcomputer/wip-ldm-os 0.4.85-alpha.1 → 0.4.85-alpha.10

package/bin/ldm.js

@@ -738,6 +738,24 @@ function deployDocs() {
     console.log(`  + ${agentDocsCount} personalized doc(s) deployed to ${agentLibraryDest.replace(HOME, '~')}/`);
   }
 
+  // Migration-window compatibility write (added 2026-04-30).
+  // dev-guide-wipcomputerinc.md was migrated from ~/.ldm/shared/ to
+  // ~/.ldm/library/documentation/ on 2026-04-19, but agent boot files,
+  // ~/.claude/rules/, and other consumers still reference the old shared
+  // path. Without this write, the old path serves stale content and
+  // agents reading by the old path get pre-migration policy.
+  // Forward-migration (grep-update consumers, then remove this compat
+  // write) is tracked separately. See bugs/installer/ ticket
+  // 2026-04-30--cc-mini--dev-guide-split-path-migration.md.
+  const devGuideName = 'dev-guide-wipcomputerinc.md';
+  const devGuideNew = join(agentLibraryDest, devGuideName);
+  const devGuideOld = join(LDM_ROOT, 'shared', devGuideName);
+  if (existsSync(devGuideNew)) {
+    mkdirSync(dirname(devGuideOld), { recursive: true });
+    cpSync(devGuideNew, devGuideOld);
+    console.log(`  + Compat write: ${devGuideName} also deployed to ${devGuideOld.replace(HOME, '~')} (migration window)`);
+  }
+
   return docsCount + agentDocsCount;
 }
 
@@ -3987,7 +4005,7 @@ async function main() {
     console.log('    Module     ... ESM main/exports -> importable');
     console.log('    MCP Server ... mcp-server.mjs -> claude mcp add --scope user');
     console.log('    OpenClaw   ... openclaw.plugin.json -> ~/.ldm/extensions/ + ~/.openclaw/extensions/');
-    console.log('    Skill      ... SKILL.md -> ~/.openclaw/skills/<tool>/');
+    console.log('    Skill      ... SKILL.md or skills/<name>/SKILL.md -> agent skill paths');
     console.log('    CC Hook    ... guard.mjs or claudeCode.hook -> ~/.claude/settings.json');
     console.log('');
     console.log(`  v${PKG_VERSION}`);

package/docs/universal-installer/SPEC.md

@@ -144,13 +144,15 @@ A plugin for OpenClaw agents. Lifecycle hooks, tool registration, settings.
 
 A markdown file that teaches agents when and how to use the tool. The instruction interface. Follows the [Agent Skills Spec](https://agentskills.io/specification).
 
-**Convention:** `SKILL.md` at the repo root. YAML frontmatter with name, description. Optional `references/` directory for context files.
+**Convention:** either `SKILL.md` at the repo root, or one or more skill folders at `skills/<skill-name>/SKILL.md`. YAML frontmatter includes name and description. Optional `references/`, `agents/`, `scripts/`, and `assets/` directories live beside `SKILL.md`.
 
 **Platform variants:** Codex CLI reads `AGENTS.md` instead of `SKILL.md`, with the same role and the same content shape. Treat `AGENTS.md` as the Codex-flavored filename for this same interface, not a separate interface. A repo may ship both (or symlink one to the other) so it works in Codex and SKILL.md-aware agents.
 
-**Detection:** `SKILL.md` exists.
+**Detection:** `SKILL.md` exists, or at least one `skills/<skill-name>/SKILL.md` exists.
 
-**Install:** `SKILL.md` deployed to `~/.openclaw/skills/<name>/`. If `references/` exists, deployed alongside SKILL.md and to `settings/docs/skills/<name>/` in the workspace.
+**Install:** the skill folder is deployed to every supported local agent skill surface, including OpenClaw, Codex, Claude Code, and WIP agent compatibility paths when present. If `references/` exists, it is deployed alongside SKILL.md and to `settings/docs/skills/<name>/` in the workspace.
+
+**Npm package shape:** a public skill package can expose `SKILL.md` at package root. For example, `@wipcomputer/wip-ai-chat-ui` is sourced from a private repo folder at `design/skills/wip-ai-chat-ui/`, but publishes a tarball with `SKILL.md`, `agents/`, and `references/` at package root so `ldm install @wipcomputer/wip-ai-chat-ui` installs the skill directly.
 
 **Structure:**
 ```
@@ -162,6 +164,17 @@ repo/
     └── ...
 ```
 
+Multiple skills can also live in one repo:
+
+```text
+repo/
+└── skills/
+    └── wip-ai-chat-ui/
+        ├── SKILL.md
+        ├── agents/
+        └── references/
+```
+
 **Key rules (from Agent Skills Spec):**
 - SKILL.md body < 5000 tokens. Process goes in SKILL.md, context goes in references/.
 - Imperative language: "Run this command" not "This product enables..."

package/docs/universal-installer/TECHNICAL.md

@@ -148,13 +148,13 @@ A plugin for OpenClaw agents. Lifecycle hooks, tool registration, settings.
 
 A markdown file that teaches agents when and how to use the tool. The instruction interface. Follows the [Agent Skills Spec](https://agentskills.io/specification).
 
-**Convention:** `SKILL.md` at the repo root. Optional `references/` directory for context files.
+**Convention:** either `SKILL.md` at the repo root, or one or more skill folders at `skills/<skill-name>/SKILL.md`. Optional `references/`, `agents/`, `scripts/`, and `assets/` directories live beside `SKILL.md`.
 
 **Platform variants:** Codex CLI reads `AGENTS.md` with the same role and content shape. Treat as the Codex-flavored filename for this same interface, not a separate one.
 
-**Detection:** `SKILL.md` exists.
+**Detection:** `SKILL.md` exists, or at least one `skills/<skill-name>/SKILL.md` exists.
 
-**Install:** `ldm install` deploys `SKILL.md` to `~/.openclaw/skills/<name>/`. If `references/` exists, it is deployed alongside and also to `settings/docs/skills/<name>/` in the workspace (so all agents can read them).
+**Install:** `ldm install` deploys the skill folder to every supported local agent skill surface, including OpenClaw, Codex, Claude Code, and WIP agent compatibility paths when present. If `references/` exists, it is deployed alongside and also to `settings/docs/skills/<name>/` in the workspace so all agents can read them.
 
 **Key rules:**
 - SKILL.md body < 5000 tokens. Process in SKILL.md, context in references/.
@@ -364,7 +364,7 @@ ldm install                            # update all
 | `mcp-server.mjs` | MCP (local stdio) | Adds `command` + `args` entry to `.mcp.json` |
 | `mcp.remote.url` in `package.json` | Remote MCP | Adds `url` + `transport` entry to `.mcp.json`; prints Claude Desktop hint. **Implementation in flight ([ticket](../../ai/product/bugs/installer/2026-04-28--cc-mini--installer-remote-mcp-detection.md)).** |
 | `openclaw.plugin.json` | OpenClaw | Copies to `~/.openclaw/extensions/` |
-| `SKILL.md` | Skill | Reports path |
+| `SKILL.md` or `skills/<name>/SKILL.md` | Skill | Deploys skill folder to supported agent skill paths |
 | `guard.mjs` or `claudeCode.hook` | CC Hook | Adds to `~/.claude/settings.json` |
 | `.claude-plugin/plugin.json` | CC Plugin | Registers with Claude Code marketplace |
 

package/lib/deploy.mjs

@@ -177,6 +177,14 @@ export function detectHarnesses() {
     skills: join(codexHome, 'skills'),
   };
 
+  // WIP agent skill compatibility directory
+  const agentsHome = join(HOME, '.agents');
+  harnesses['wip-agents'] = {
+    detected: existsSync(agentsHome),
+    home: agentsHome,
+    skills: join(agentsHome, 'skills'),
+  };
+
   // Cursor
   const cursorHome = join(HOME, '.cursor');
   harnesses['cursor'] = {
@@ -207,7 +215,7 @@ export function detectHarnesses() {
 function getHarnesses() {
   try {
     const config = readJSON(LDM_CONFIG_PATH) || {};
-    if (config.harnesses) {
+    if (config.harnesses && config.harnesses['wip-agents']) {
       const workspace = (config.workspace || '').replace('~', HOME);
       return { harnesses: config.harnesses, workspace };
     }
@@ -1097,18 +1105,18 @@ function registerMCP(repoPath, door, toolName) {
  *
  * Returns true if at least one door installed successfully.
  */
-function installClaudeCodeHook(repoPath, doorOrDoors) {
+function installClaudeCodeHook(repoPath, doorOrDoors, toolName = basename(repoPath)) {
   const doors = Array.isArray(doorOrDoors) ? doorOrDoors : [doorOrDoors];
   let anyOk = false;
   for (const door of doors) {
-    if (installClaudeCodeHookEvent(repoPath, door)) {
+    if (installClaudeCodeHookEvent(repoPath, door, toolName)) {
       anyOk = true;
     }
   }
   return anyOk;
 }
 
-function installClaudeCodeHookEvent(repoPath, door) {
+function installClaudeCodeHookEvent(repoPath, door, toolName = basename(repoPath)) {
   const settingsPath = join(HOME, '.claude', 'settings.json');
   let settings = readJSON(settingsPath);
 
@@ -1117,7 +1125,6 @@ function installClaudeCodeHookEvent(repoPath, door) {
     return false;
   }
 
-  const toolName = basename(repoPath);
   const extDir = join(LDM_EXTENSIONS, toolName);
   const installedGuard = join(extDir, 'guard.mjs');
 
@@ -1237,11 +1244,77 @@ function installClaudeCodeHookEvent(repoPath, door) {
   }
 }
 
-function installSkill(repoPath, toolName) {
+function copySkillTree(skillDir, dest, copyFullFolder = false) {
+  mkdirSync(dest, { recursive: true });
+  if (copyFullFolder) {
+    cpSync(skillDir, dest, { recursive: true });
+    return;
+  }
+
+  cpSync(join(skillDir, 'SKILL.md'), join(dest, 'SKILL.md'));
+  for (const child of ['references', 'agents', 'scripts', 'assets']) {
+    const src = join(skillDir, child);
+    if (existsSync(src)) cpSync(src, join(dest, child), { recursive: true });
+  }
+}
+
+const SKILL_COMPANION_DIRS = ['references', 'agents', 'scripts', 'assets'];
+
+function listSkillCopyEntries(skillDir, copyFullFolder = false) {
+  if (copyFullFolder) {
+    try {
+      return readdirSync(skillDir)
+        .filter((entry) => entry !== '.DS_Store')
+        .sort();
+    } catch {
+      return ['SKILL.md'];
+    }
+  }
+
+  const entries = ['SKILL.md'];
+  for (const child of SKILL_COMPANION_DIRS) {
+    if (existsSync(join(skillDir, child))) entries.push(`${child}/`);
+  }
+  return entries;
+}
+
+function printSkillDryRunPlan({ sourceSkillDir, refsSrc, toolName, harnesses, workspace, entries }) {
+  const formatTargetEntries = (base) => entries.map((entry) => join(base, entry));
+  const harnessTargets = Object.entries(harnesses)
+    .filter(([, h]) => h.detected && h.skills)
+    .map(([name, h]) => ({ name, base: join(h.skills, toolName) }));
+
+  ok(`Skill: ${toolName}`);
+  log(`Source: ${sourceSkillDir}`);
+  log('Would copy:');
+  for (const entry of entries) log(`- ${entry}`);
+
+  const permanentBase = join(LDM_EXTENSIONS, toolName);
+  log('Permanent copy:');
+  for (const target of formatTargetEntries(permanentBase)) log(`- ${target}`);
+
+  if (harnessTargets.length > 0) {
+    log('Agent skill targets:');
+    for (const target of harnessTargets) {
+      log(`- ${target.name}: ${target.base}`);
+      for (const entryTarget of formatTargetEntries(target.base)) log(`  - ${entryTarget}`);
+    }
+  } else {
+    log('Agent skill targets: no detected skill harnesses');
+  }
+
+  if (existsSync(refsSrc) && workspace && existsSync(workspace)) {
+    const homeRefsDest = join(workspace, 'settings', 'docs', 'skills', toolName);
+    log('Workspace docs target:');
+    log(`- ${homeRefsDest} (references/ only)`);
+  }
+}
+
+function installSkillFolder(skillDir, toolName, opts = {}) {
   const { harnesses, workspace } = getHarnesses();
 
-  // Find SKILL.md source: repo path first, then permanent copy at ~/.ldm/extensions/
-  let skillSrc = join(repoPath, 'SKILL.md');
+  // Find SKILL.md source: skill dir first, then permanent copy at ~/.ldm/extensions/
+  let skillSrc = join(skillDir, 'SKILL.md');
   const permanentSkill = join(LDM_EXTENSIONS, toolName, 'SKILL.md');
   if (!existsSync(skillSrc) && existsSync(permanentSkill)) skillSrc = permanentSkill;
   if (!existsSync(skillSrc)) return false;
@@ -1252,14 +1325,16 @@ function installSkill(repoPath, toolName) {
     return false;
   }
 
-  // Find references/ source: repo path first, then permanent copy
-  let refsSrc = join(repoPath, 'references');
+  const sourceSkillDir = dirname(skillSrc);
+
+  // Find references/ source: skill dir first, then permanent copy
+  let refsSrc = join(skillDir, 'references');
   const permanentRefs = join(LDM_EXTENSIONS, toolName, 'references');
   if (!existsSync(refsSrc) && existsSync(permanentRefs)) refsSrc = permanentRefs;
 
   if (DRY_RUN) {
-    const targets = Object.entries(harnesses).filter(([,h]) => h.detected && h.skills).map(([name]) => name);
-    ok(`Skill: would deploy ${toolName} to ${targets.join(', ')} (dry run)`);
+    const entries = listSkillCopyEntries(sourceSkillDir, opts.copyFullFolder);
+    printSkillDryRunPlan({ sourceSkillDir, refsSrc, toolName, harnesses, workspace, entries });
     return true;
   }
 
@@ -1268,21 +1343,13 @@ function installSkill(repoPath, toolName) {
 
     // 1. Save permanent copy to ~/.ldm/extensions/<name>/ (survives tmp cleanup)
     const ldmSkillDir = join(LDM_EXTENSIONS, toolName);
-    mkdirSync(ldmSkillDir, { recursive: true });
-    cpSync(skillSrc, join(ldmSkillDir, 'SKILL.md'));
-    if (existsSync(refsSrc) && refsSrc !== permanentRefs) {
-      cpSync(refsSrc, join(ldmSkillDir, 'references'), { recursive: true });
-    }
+    copySkillTree(sourceSkillDir, ldmSkillDir, opts.copyFullFolder);
 
     // 2. Deploy to every detected harness that has a skills path
     for (const [name, harness] of Object.entries(harnesses)) {
       if (!harness.detected || !harness.skills) continue;
       const dest = join(harness.skills, toolName);
-      mkdirSync(dest, { recursive: true });
-      cpSync(skillSrc, join(dest, 'SKILL.md'));
-      if (existsSync(refsSrc)) {
-        cpSync(refsSrc, join(dest, 'references'), { recursive: true });
-      }
+      copySkillTree(sourceSkillDir, dest, opts.copyFullFolder);
       deployed.push(name);
     }
 
@@ -1302,6 +1369,18 @@ function installSkill(repoPath, toolName) {
   }
 }
 
+function installSkill(repoPath, toolName, skillInfo = null) {
+  if (Array.isArray(skillInfo?.skills) && skillInfo.skills.length > 0) {
+    let installed = 0;
+    for (const skill of skillInfo.skills) {
+      if (installSkillFolder(skill.path, skill.name, { copyFullFolder: true })) installed++;
+    }
+    return installed > 0;
+  }
+
+  return installSkillFolder(repoPath, toolName);
+}
+
 // ── Single tool install ──
 
 export function installSingleTool(toolPath) {
@@ -1362,6 +1441,10 @@ export function installSingleTool(toolPath) {
       }
     }
 
+    if (interfaces.skill) {
+      installSkill(toolPath, toolName, interfaces.skill);
+    }
+
     return ifaceNames.length;
   }
 
@@ -1422,7 +1505,7 @@ export function installSingleTool(toolPath) {
 
   if (interfaces.claudeCodeHook) {
     if (isEnabled || isAlreadyDeployed) {
-      if (installClaudeCodeHook(toolPath, interfaces.claudeCodeHook)) installed++;
+      if (installClaudeCodeHook(toolPath, interfaces.claudeCodeHook, toolName)) installed++;
     } else {
       skip(`Hook: ${toolName} not enabled`);
     }
@@ -1430,7 +1513,7 @@ export function installSingleTool(toolPath) {
 
   if (interfaces.skill) {
     // Skills always deploy. They're instruction files, not running code.
-    if (installSkill(toolPath, toolName)) installed++;
+    if (installSkill(toolPath, toolName, interfaces.skill)) installed++;
   }
 
   if (interfaces.module) {
@@ -1591,7 +1674,7 @@ export async function enableExtension(name) {
 
   if (interfaces.mcp) registerMCP(extPath, interfaces.mcp, name);
   if (interfaces.claudeCodeHook) installClaudeCodeHook(extPath, interfaces.claudeCodeHook);
-  if (interfaces.skill) installSkill(extPath, name);
+  if (interfaces.skill) installSkill(extPath, name, interfaces.skill);
 
   entry.enabled = true;
   entry.updatedAt = new Date().toISOString();

package/lib/detect.mjs

@@ -15,6 +15,23 @@ function readJSON(path) {
   }
 }
 
+function detectSkillDirectories(repoPath) {
+  const skillsDir = join(repoPath, 'skills');
+  if (!existsSync(skillsDir)) return [];
+
+  try {
+    return readdirSync(skillsDir, { withFileTypes: true })
+      .filter(e => e.isDirectory() && existsSync(join(skillsDir, e.name, 'SKILL.md')))
+      .map(e => ({
+        name: e.name,
+        path: join(skillsDir, e.name),
+        skillPath: join(skillsDir, e.name, 'SKILL.md'),
+      }));
+  } catch {
+    return [];
+  }
+}
+
 /**
  * Detect all interfaces in a repo.
  * Returns { interfaces, pkg } where interfaces is an object keyed by interface type.
@@ -48,9 +65,18 @@ export function detectInterfaces(repoPath) {
     interfaces.openclaw = { config: readJSON(ocPlugin), path: ocPlugin };
   }
 
-  // 5. Skill: SKILL.md exists
-  if (existsSync(join(repoPath, 'SKILL.md'))) {
-    interfaces.skill = { path: join(repoPath, 'SKILL.md') };
+  // 5. Skill: root SKILL.md, or a skills/<name>/SKILL.md collection.
+  const rootSkillPath = join(repoPath, 'SKILL.md');
+  if (existsSync(rootSkillPath)) {
+    interfaces.skill = { path: rootSkillPath };
+  }
+
+  const skillDirs = detectSkillDirectories(repoPath);
+  if (skillDirs.length > 0) {
+    interfaces.skill = {
+      path: join(repoPath, 'skills'),
+      skills: skillDirs,
+    };
   }
 
   // 6. Claude Code Hook: guard.mjs or claudeCode.hook(s) in package.json
@@ -103,7 +129,12 @@ export function describeInterfaces(interfaces) {
   if (interfaces.module) lines.push(`Module: ${JSON.stringify(interfaces.module.main)}`);
   if (interfaces.mcp) lines.push(`MCP Server: ${interfaces.mcp.file}`);
   if (interfaces.openclaw) lines.push(`OpenClaw Plugin: ${interfaces.openclaw.config?.name || 'detected'}`);
-  if (interfaces.skill) lines.push(`Skill: SKILL.md`);
+  if (interfaces.skill?.skills?.length) {
+    const skills = interfaces.skill.skills.map(s => `${s.name} (${s.skillPath})`);
+    lines.push(`Skill: ${skills.join(', ')}`);
+  } else if (interfaces.skill) {
+    lines.push(`Skill: SKILL.md`);
+  }
   if (interfaces.claudeCodeHook) {
     const events = interfaces.claudeCodeHook.map(h => h.event || 'PreToolUse');
     lines.push(`Claude Code Hook: ${events.join(', ')}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ldm-os",
-  "version": "0.4.85-alpha.1",
+  "version": "0.4.85-alpha.10",
   "type": "module",
   "description": "LDM OS: identity, memory, and sovereignty infrastructure for AI agents",
   "engines": {
@@ -22,9 +22,17 @@
     "validate:bin-manifest": "node scripts/validate-bin-manifest.mjs",
     "test:skill-frontmatter": "node scripts/test-skill-frontmatter.mjs",
     "test:installer-update-tracks": "node scripts/test-installer-update-tracks.mjs",
+    "test:installer-hook-toolname": "node scripts/test-installer-hook-toolname.mjs",
+    "test:installer-skill-directory": "node scripts/test-installer-skill-directory.mjs",
+    "test:installer-skill-dry-run-destinations": "node scripts/test-installer-skill-dry-run-destinations.mjs",
     "test:ldm-install-bin-shim": "node scripts/test-ldm-install-preserves-foreign-bin.mjs",
     "test:doctor-cron-target": "node scripts/test-doctor-cron-target.mjs",
     "test:bin-manifest": "node scripts/test-bin-manifest.mjs",
+    "test:crc-agentid-tenant-boundary": "node scripts/test-crc-agentid-tenant-boundary.mjs",
+    "test:crc-pair-login-flow": "node scripts/test-crc-pair-login-flow.mjs",
+    "test:crc-pair-status-poll-token": "node scripts/test-crc-pair-status-poll-token.mjs",
+    "test:crc-e2ee-key-persistence": "node scripts/test-crc-e2ee-key-persistence.mjs",
+    "test:crc-e2ee-session-route": "node scripts/test-crc-e2ee-session-route.mjs",
     "fmt": "npx prettier --write 'src/**/*.{ts,mjs}' 'lib/**/*.mjs' 'bin/**/*.js'",
     "fmt:check": "npx prettier --check 'src/**/*.{ts,mjs}' 'lib/**/*.mjs' 'bin/**/*.js'"
   },

package/scripts/test-crc-agentid-tenant-boundary.mjs

@@ -0,0 +1,80 @@
+import { createHash } from "node:crypto";
+import { readFileSync } from "node:fs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+
+function assertContains(needle, label) {
+  if (!server.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertNotContains(needle, label) {
+  if (server.includes(needle)) {
+    throw new Error(`${label} still contains forbidden text: ${needle}`);
+  }
+}
+
+assertContains('const ACCOUNT_TENANT_PREFIX = "acct:";', "account tenant prefix");
+assertContains('const LEGACY_API_KEY_TENANT_PREFIX = "key:";', "legacy key tenant prefix");
+assertContains('function accountTenantIdForUserId(userId)', "account tenant helper");
+assertContains('function identityForApiKey(key)', "api key identity helper");
+assertContains('return identityForApiKey(key);', "http auth uses identity helper");
+assertContains("const agentId = accountTenantIdForUserId(stored.userId);", "registration uses immutable account tenant");
+assertContains("function sanitizeDisplayLabel(raw)", "display label sanitizer");
+assertContains('replace(/[\\u0000-\\u001f\\u007f]/g, "").replace(/\\s+/g, " ").trim().slice(0, 64)', "display label sanitizer preserves label semantics");
+assertContains("const displayLabel = sanitizeDisplayLabel(body?.displayName || body?.username);", "registration treats entered name as display label");
+assertContains("displayLabel,", "registration challenge stores display label");
+assertContains("await saveApiKey(apiKey, agentId, { handle: credentialLabel });", "registration stores handle separately");
+assertContains("p.handle = identity.handle;", "pair stores display handle separately");
+assertContains("handle: identity.handle,", "relay metadata returns display handle");
+assertContains("codexDaemons.has(identity.agentId)", "daemon presence uses tenant id");
+assertContains("codexDaemonPubkeys.get(identity.agentId)", "daemon pubkey uses tenant id");
+assertContains("agentId: identity.agentId,", "relay tickets bind tenant id");
+assertContains("handle: identity.handle,", "relay tickets preserve display handle");
+assertContains("codexDaemons.set(identity.agentId, ws);", "daemon ws keyed by tenant id");
+assertContains("const key = codexRelayKey(identity.agentId, threadId);", "web ws keyed by tenant id");
+assertContains("const daemonWs = codexDaemons.get(identity.agentId);", "web sends to tenant daemon");
+assertNotContains("const agentId = stored.username || (\"passkey-\"", "registration must not use chosen handle as tenant");
+assertNotContains("const existingKey = Object.entries(API_KEYS).find(([k, v]) => v === agentId);", "oauth must not reuse chosen handle as tenant");
+assertNotContains("function isUsernameTaken", "display labels must not be globally unique usernames");
+assertNotContains("function sanitizeUsername", "display labels must not be modeled as usernames");
+assertNotContains('json(res, 409, { error: "reserved_handle"', "display labels must not be blocked as reserved security handles");
+assertNotContains('json(res, 409, { error: "handle_taken"', "duplicate display labels must be allowed");
+
+function legacyTenantIdForApiKey(key) {
+  return "key:" + createHash("sha256").update(key).digest("base64url").slice(0, 32);
+}
+
+function accountTenantIdForUserId(userId) {
+  return "acct:" + userId;
+}
+
+const chosenHandle = "parker-smoke-test";
+const sharedDisplayLabel = "Parker";
+const accountA = accountTenantIdForUserId("user-a");
+const accountB = accountTenantIdForUserId("user-b");
+const threadId = "thread-019dfa";
+if (accountA === accountB) {
+  throw new Error("different user ids collapsed to one account tenant");
+}
+if (`${sharedDisplayLabel}:${threadId}` === `${accountA}:${threadId}` || `${sharedDisplayLabel}:${threadId}` === `${accountB}:${threadId}`) {
+  throw new Error("display label was used as a relay route key");
+}
+
+const legacyA = legacyTenantIdForApiKey("ck-a");
+const legacyB = legacyTenantIdForApiKey("ck-b");
+if (legacyA === legacyB) {
+  throw new Error("legacy API-key tenants collided");
+}
+
+const webKeyA = `${accountA}:${threadId}`;
+const webKeyB = `${accountB}:${threadId}`;
+if (webKeyA === webKeyB) {
+  throw new Error("same display handle can still collide across account tenants");
+}
+if (`${chosenHandle}:${threadId}` === webKeyA || `${chosenHandle}:${threadId}` === webKeyB) {
+  throw new Error("model still keys relay routes by display handle");
+}
+
+console.log("crc agentId tenant boundary checks passed");

package/scripts/test-crc-e2ee-key-persistence.mjs

@@ -0,0 +1,80 @@
+import { readFileSync } from "node:fs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+
+function assertContains(needle, label) {
+  if (!server.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertBefore(first, second, label) {
+  const firstIndex = server.indexOf(first);
+  const secondIndex = server.indexOf(second);
+  if (firstIndex === -1 || secondIndex === -1 || firstIndex >= secondIndex) {
+    throw new Error(`${label} expected "${first}" before "${second}"`);
+  }
+}
+
+assertContains("CREATE TABLE IF NOT EXISTS codex_daemon_e2ee_keys", "persistent key table");
+assertContains("async function loadCodexDaemonPubkeysFromDb()", "boot load helper");
+assertContains("await loadCodexDaemonPubkeysFromDb();", "boot load call");
+assertContains("async function persistCodexDaemonPubkey(agentId, pubkey, cryptoVersions)", "persist helper");
+assertContains("function registerCodexDaemonPubkey(agentId, pubkey, cryptoVersions, source)", "registration helper");
+assertContains("codexDaemonPubkeys.set(agentId, {", "registration updates in-memory bootstrap cache");
+assertContains("return persistCodexDaemonPubkey(agentId, pubkey, normalizedVersions)", "registration persists after cache update");
+assertContains("await registerCodexDaemonPubkey(identity.agentId, p.daemon_public_key, p.crypto_versions, \"pair-complete\");", "pair-complete persists key");
+assertContains("if (envelope?.type === \"daemon.identity\") {", "daemon reconnect identity frame");
+assertContains("envelope.daemon_public_key", "daemon identity carries public key");
+assertContains("envelope.crypto_versions", "daemon identity carries crypto versions");
+assertContains("\"daemon-reconnect\"", "daemon reconnect source marker");
+assertContains("const daemonKey = codexDaemonPubkeys.get(identity.agentId) || null;", "bootstrap uses loaded or registered key");
+assertBefore(
+  "await loadCodexDaemonPubkeysFromDb();",
+  "function handleCodexBootstrap(req, res, threadId)",
+  "persisted keys load before bootstrap handler",
+);
+
+const modelPubkeys = new Map();
+const persistedRows = new Map();
+
+function normalizeVersions(versions) {
+  const out = Array.isArray(versions)
+    ? versions.filter((v) => typeof v === "string" && v.length > 0 && v.length <= 32).slice(0, 8)
+    : [];
+  return out.length ? out : ["e2ee-v1"];
+}
+
+function modelRegister(agentId, pubkey, versions) {
+  const normalized = normalizeVersions(versions);
+  modelPubkeys.set(agentId, { pubkey, crypto_versions: normalized });
+  persistedRows.set(agentId, { pubkey, crypto_versions_json: JSON.stringify(normalized) });
+}
+
+function modelBootLoad() {
+  const restored = new Map();
+  for (const [agentId, row] of persistedRows) {
+    restored.set(agentId, {
+      pubkey: row.pubkey,
+      crypto_versions: normalizeVersions(JSON.parse(row.crypto_versions_json)),
+    });
+  }
+  return restored;
+}
+
+modelRegister("acct:user-a", "spki-key-a", ["e2ee-v1"]);
+const afterRestart = modelBootLoad();
+if (afterRestart.get("acct:user-a")?.pubkey !== "spki-key-a") {
+  throw new Error("boot load did not restore persisted daemon pubkey");
+}
+
+modelRegister("acct:user-a", "spki-key-b", []);
+const afterReconnect = modelBootLoad();
+if (afterReconnect.get("acct:user-a")?.pubkey !== "spki-key-b") {
+  throw new Error("daemon reconnect did not replace persisted daemon pubkey");
+}
+if (afterReconnect.get("acct:user-a")?.crypto_versions?.[0] !== "e2ee-v1") {
+  throw new Error("daemon reconnect did not default crypto version");
+}
+
+console.log("crc e2ee key persistence checks passed");