agentgui 1.0.933 → 1.0.935

package/AGENTS.md

@@ -25,7 +25,7 @@ Local server on PORT=3056 (default), `bun server.js`:
 
 ## Learning audit
 
-- 2026-05-02 session: 5 items audited (CI bun, stream imports, windows fallback, GM blocker, ACP history), 0 removed (rs-learn retrieval not yet confirmed; safety default kept all), 1 new fact ingested (acptoapi history integration)
+- 2026-05-02 session: 5 items audited (CI bun, stream imports, windows fallback, GM blocker, ACP history), 0 removed (rs-learn retrieval not yet confirmed; safety default kept all), 1 new fact ingested (in-process ccsniff history integration)
 
 ## CI / GitHub Actions
 
@@ -74,11 +74,11 @@ The actual hook content is generated/templated from c:/dev/gm, likely from `lib/
 
 Only after the real generator is patched will agentgui sessions run autonomously without per-tool ceremony.
 
-## ACP-to-API History Integration
+## History Integration via ccsniff (2026-05-21 — reverted from acptoapi)
 
-**acptoapi (c:\dev\acptoapi) merged Claude Code history routes as of 2026-05-02; ccsniff package is no longer needed.**
+**agentgui mounts `ccsniff`'s history router in-process — no external proxy.**
 
-History functionality (`GET /v1/history/*` endpoints) is now built into acptoapi. Routes: `snapshot` (event/session/project/tool/error counts + byte/date range), `sessions` (list with title/project/cwd/counts), `sessions/:sid/events` (flattened events), `search` (BM25 with snippets), `reindex` (rebuild index), `stream` (SSE). Implementation: `lib/history/` (bm25.js for tokenize/buildIndex/search/snippet, watcher.js for JsonlWatcher + JsonlReplayer, index.js for HistoryStore singleton + flattenEvent). Reads `~/.claude/projects` by default; override with `CLAUDE_PROJECTS_DIR` env var. The ccsniff package itself is no longer needed — acptoapi covers the functionality entirely.
+`server.js` imports `createHistoryRouter` from the `ccsniff` package and mounts it on the internal Express app at `/`, exposing `GET /v1/history/{snapshot,sessions,sessions/:sid/events,search,reindex,stream}`. Reads `~/.claude/projects` by default; override with `CLAUDE_PROJECTS_DIR` env var. acptoapi's previously-bundled history routes were removed in acptoapi 1.0.103; ccsniff is now the canonical source. Browser client (`site/app/js/backend.js`) calls these same-origin via the agentgui server.
 
 ## buildSystemPrompt System Prompt for claude-code
 
@@ -124,7 +124,7 @@ Surfaced 2026-05-04 while validating the chat surface in `site/app/`. Fix applie
 
 **`site/app/js/app.js` opens SSE EventSource on navTo('history'); first /v1/history/* request triggers 30-90s loadOnce() synchronous walk.**
 
-The live history feature wires acptoapi's /v1/history/stream (SSE endpoint) via `B.streamHistory(base, onEvent)` on tab entry and closes the EventSource on tab exit. State shape: `state.live = { es, connected, lastEventTs, error, eventCount }`.
+The live history feature wires the in-process ccsniff `/v1/history/stream` SSE endpoint via `B.streamHistory(base, onEvent)` on tab entry and closes the EventSource on tab exit. State shape: `state.live = { es, connected, lastEventTs, error, eventCount }`.
 
 Event dispatch loop:
 - `hello` event: set `connected=true`
@@ -132,8 +132,8 @@ Event dispatch loop:
 - `conversation` event: call `refreshHistory()` to reload session list
 - `error` event: set `live.error`
 
-Throttle renders via `requestAnimationFrame` to avoid event storm during burst loads from acptoapi.
+Throttle renders via `requestAnimationFrame` to avoid event storm during burst loads.
 
-**First request to acptoapi /v1/history/* triggers loadOnce() that walks all JSONL files under ~/.claude/projects** (env default; override with `CLAUDE_PROJECTS_DIR`). In our test env: 299 files, 80MB, 69k events → 30-90s startup latency. Health check timeouts during this window are normal and expected. Subsequent requests are fast (cached index).
+**First request to `/v1/history/*` triggers loadOnce() that walks all JSONL files under ~/.claude/projects** (env default; override with `CLAUDE_PROJECTS_DIR`). In our test env: 299 files, 80MB, 69k events → 30-90s startup latency. Health check timeouts during this window are normal and expected. Subsequent requests are fast (cached index).
 
-acptoapi binary: `c:/dev/acptoapi/bin/agentapi.js`, default port 4800, no args; CORS `Access-Control-Allow-Origin: *` is enabled.
+The endpoints are served by ccsniff's Express router mounted in-process from `server.js`. No external proxy.

package/README.md

@@ -10,22 +10,22 @@
 
 Multi-agent GUI client for AI coding agents with real-time streaming, WebSocket sync, and SQLite persistence.
 
-## Live client (new)
+## How it works
 
-AgentGUI now ships a static GH Pages client at **`/app/`** that talks to any [`acptoapi`](https://github.com/AnEntrypoint/acptoapi) backend over plain HTTP — no install, no bundler, no DB. Open `https://anentrypoint.github.io/agentgui/app/?backend=http://your-acptoapi-host:4800` and chat with any provider acptoapi proxies (Claude / Gemini / OpenAI-compat brands / kilo / opencode), plus browse local Claude Code JSONL history right in the page.
+AgentGUI is a single Node server (`server.js`) plus a same-origin browser client (`site/app/`). The server speaks ACP directly to local agent daemons (Claude Code, OpenCode, Kilo, Gemini CLI, etc.) via `@agentclientprotocol/sdk` and hosts `ccsniff`'s `/v1/history/*` Express router in-process for Claude Code JSONL session browsing — no external proxy required.
 
 - UI: [anentrypoint-design](https://www.npmjs.com/package/anentrypoint-design) (CDN, single-file ESM)
-- Backend: [acptoapi](https://www.npmjs.com/package/acptoapi) — `npx acptoapi` on the host with Claude Code / API keys; exposes `/v1/chat/completions`, `/v1/messages`, `/v1/history/*`
-- Source: `site/app/` (this repo)
+- Server: `server.js` — ACP daemon manager + WebSocket chat + ccsniff history mount
+- Source: `site/app/` (browser) + `lib/` (server)
 
-History endpoints in `acptoapi` (formerly `ccsniff`'s job):
+History endpoints served by [`ccsniff`](https://github.com/AnEntrypoint/ccsniff) directly:
 
 - `GET /v1/history/sessions` — list Claude Code sessions on the host
 - `GET /v1/history/sessions/:sid/events` — flattened events for one session
 - `GET /v1/history/search?q=…` — BM25-ranked search across all events
 - `GET /v1/history/stream` — Server-Sent Events for live tailing
 
-The legacy Node server in this repo (`server.js`, `lib/`, `static/`) still ships in the npm `agentgui` package and is the install-friendly path. It is being phased out as the static client + acptoapi pair reach feature parity.
+Chat streams over the `/sync` WebSocket using the `chat.sendMessage` method — see "WebSocket Chat Protocol" below.
 
 ### Supported Agents
 

package/lib/codec.js

@@ -1,4 +1,13 @@
-import { pack, unpack } from 'msgpackr';
-
-export function encode(obj) { return pack(obj); }
-export function decode(buf) { return unpack(buf instanceof Uint8Array ? buf : new Uint8Array(buf)); }
+// agentgui WS wire codec — plain JSON (UTF-8 text frames).
+// Browser-compatible (no msgpackr). encode() returns a string the ws library
+// sends as a text frame; decode() handles both Buffer/Uint8Array (Node) and
+// string (browser) inputs.
+
+export function encode(obj) { return JSON.stringify(obj); }
+
+export function decode(buf) {
+  if (typeof buf === 'string') return JSON.parse(buf);
+  if (buf instanceof Uint8Array) return JSON.parse(new TextDecoder().decode(buf));
+  if (buf && typeof buf.toString === 'function') return JSON.parse(buf.toString('utf8'));
+  return JSON.parse(String(buf));
+}

package/lib/http-handler.js

@@ -2,6 +2,7 @@ import fs from 'fs';
 import path from 'path';
 import os from 'os';
 import crypto from 'crypto';
+import * as term from './terminal.js';
 
 export function createHttpHandler({ BASE_URL, expressApp, queries, sendJSON, serveFile, staticDir, messageQueues, getWss, activeExecutions, getACPStatus, discoveredAgents, PKG_VERSION, RATE_LIMIT_MAX, rateLimitMap, routes, PORT }) {
   return async function httpHandler(req, res) {
@@ -49,6 +50,7 @@ export function createHttpHandler({ BASE_URL, expressApp, queries, sendJSON, ser
     else if (req.url.startsWith('/api/') || req.url.startsWith('/js/') || req.url.startsWith('/css/') ||
              req.url.startsWith('/vendor/') || req.url.startsWith('/sync') || req.url === '/' ||
              req.url === '/health' || req.url.startsWith('/v1/') ||
+             req.url.startsWith('/api/terminal/') ||
              req.url.startsWith('/conversations/')) { routePath = req.url; }
     else { res.writeHead(404); res.end('Not found'); return; }
 
@@ -66,6 +68,30 @@ export function createHttpHandler({ BASE_URL, expressApp, queries, sendJSON, ser
         return;
       }
 
+      // Terminal sessions — gated by the Basic-auth check at the top of this handler.
+      // Never expose these routes without PASSWORD set.
+      if (pathOnly === '/api/terminal/sessions' && req.method === 'GET') {
+        sendJSON(req, res, 200, term.listSessions()); return;
+      }
+      if (pathOnly === '/api/terminal/sessions' && req.method === 'POST') {
+        let body = ''; for await (const c of req) body += c;
+        let p = {}; try { p = body ? JSON.parse(body) : {}; } catch {}
+        const s = term.createSession({ shell: p.shell, cwd: p.cwd, cols: p.cols, rows: p.rows, env: p.env });
+        sendJSON(req, res, 200, { sid: s.sid, kind: s.kind, shell: s.shell, cwd: s.cwd, cols: s.cols, rows: s.rows, pid: s.proc.pid });
+        return;
+      }
+      const termMatch = pathOnly.match(/^\/api\/terminal\/sessions\/([0-9a-f]+)$/);
+      if (termMatch && req.method === 'GET') {
+        const s = term.getSession(termMatch[1]);
+        if (!s) { sendJSON(req, res, 404, { error: 'session not found' }); return; }
+        sendJSON(req, res, 200, { sid: s.sid, kind: s.kind, shell: s.shell, cwd: s.cwd, cols: s.cols, rows: s.rows, pid: s.proc.pid, clients: s.clients.size });
+        return;
+      }
+      if (termMatch && req.method === 'DELETE') {
+        const ok = term.closeSession(termMatch[1]);
+        sendJSON(req, res, ok ? 200 : 404, { ok }); return;
+      }
+
       // Legacy REST handlers removed. History served by ccsniff at /v1/history/*.
       for (const key of Object.keys(routes)) {
         try {

package/lib/terminal.js

@@ -0,0 +1,112 @@
+// WebSocket terminal sessions. Ported from acptoapi 2026-05-21.
+// Auth: callers MUST gate /api/terminal/* + the WS upgrade behind agentgui's
+// PASSWORD Basic-auth check. This module does no auth on its own — never
+// expose without the gate.
+
+import os from 'os';
+import { spawn } from 'child_process';
+import crypto from 'crypto';
+import { createRequire } from 'module';
+const require_ = createRequire(import.meta.url);
+
+let _pty = null;
+function getPty() {
+  if (_pty !== null) return _pty;
+  try { _pty = require_('node-pty'); } catch { _pty = false; }
+  return _pty;
+}
+
+const sessions = new Map();
+
+function newSid() { return crypto.randomBytes(8).toString('hex'); }
+
+function defaultShell() {
+  if (os.platform() === 'win32') return process.env.COMSPEC || 'cmd.exe';
+  return process.env.SHELL || '/bin/bash';
+}
+
+export function createSession({ shell, cwd, cols = 80, rows = 24, env } = {}) {
+  const sid = newSid();
+  const pty = getPty();
+  const _shell = shell || defaultShell();
+  const _cwd = cwd || process.env.HOME || os.homedir();
+  const _env = { ...process.env, ...(env || {}), TERM: 'xterm-256color', COLORTERM: 'truecolor' };
+  let proc, kind;
+  if (pty) {
+    proc = pty.spawn(_shell, [], { name: 'xterm-256color', cols, rows, cwd: _cwd, env: _env });
+    kind = 'pty';
+  } else {
+    proc = spawn(_shell, os.platform() === 'win32' ? [] : ['-i'], { cwd: _cwd, env: _env, stdio: ['pipe', 'pipe', 'pipe'], windowsHide: true });
+    kind = 'pipe';
+  }
+  const session = { sid, kind, proc, shell: _shell, cwd: _cwd, cols, rows, createdAt: Date.now(), clients: new Set(), exitCode: null };
+  sessions.set(sid, session);
+  const onData = (chunk) => {
+    const buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk, 'utf8');
+    for (const ws of session.clients) { if (ws.readyState === 1) try { ws.send(buf); } catch {} }
+  };
+  if (kind === 'pty') {
+    proc.on('data', onData);
+    proc.on('exit', (code) => { session.exitCode = code; for (const ws of session.clients) { try { ws.close(1000, 'exit:' + code); } catch {} } sessions.delete(sid); });
+  } else {
+    proc.stdout.on('data', onData);
+    proc.stderr.on('data', onData);
+    proc.stdout.on('error', () => {});
+    proc.stderr.on('error', () => {});
+    proc.stdin.on('error', () => {});
+    proc.on('exit', (code) => { session.exitCode = code; for (const ws of session.clients) { try { ws.close(1000, 'exit:' + code); } catch {} } sessions.delete(sid); });
+    proc.on('error', (err) => { session.exitCode = -1; for (const ws of session.clients) { try { ws.close(1011, 'error:' + err.message); } catch {} } sessions.delete(sid); });
+  }
+  return session;
+}
+
+export function getSession(sid) { return sessions.get(sid); }
+
+export function listSessions() {
+  return [...sessions.values()].map(s => ({ sid: s.sid, kind: s.kind, shell: s.shell, cwd: s.cwd, cols: s.cols, rows: s.rows, createdAt: s.createdAt, clients: s.clients.size }));
+}
+
+export function closeSession(sid) {
+  const s = sessions.get(sid);
+  if (!s) return false;
+  try { s.proc.kill(); } catch {}
+  sessions.delete(sid);
+  return true;
+}
+
+export function writeToSession(sid, data) {
+  const s = sessions.get(sid);
+  if (!s) return false;
+  const buf = typeof data === 'string' ? data : Buffer.isBuffer(data) ? data : Buffer.from(data);
+  if (s.kind === 'pty') {
+    try { s.proc.write(buf); } catch { return false; }
+  } else {
+    if (!s.proc.stdin || !s.proc.stdin.writable) return false;
+    try { s.proc.stdin.write(buf); } catch { return false; }
+  }
+  return true;
+}
+
+export function resizeSession(sid, cols, rows) {
+  const s = sessions.get(sid);
+  if (!s || s.kind !== 'pty' || typeof s.proc.resize !== 'function') return false;
+  s.cols = cols; s.rows = rows;
+  try { s.proc.resize(cols, rows); return true; } catch { return false; }
+}
+
+export function attachWs(sid, ws) {
+  const s = sessions.get(sid);
+  if (!s) { try { ws.close(4404, 'session-not-found'); } catch {} return false; }
+  s.clients.add(ws);
+  ws.on('close', () => { s.clients.delete(ws); });
+  ws.on('message', (msg, isBinary) => {
+    if (isBinary || Buffer.isBuffer(msg)) { writeToSession(sid, msg); return; }
+    const text = msg.toString();
+    if (text && text.length > 0 && text[0] === '{') {
+      try { const j = JSON.parse(text); if (j.type === 'resize' && j.cols && j.rows) { resizeSession(sid, j.cols, j.rows); return; } } catch {}
+    }
+    writeToSession(sid, text);
+  });
+  ws.on('error', () => { s.clients.delete(ws); });
+  return true;
+}

package/lib/ws-handlers-util.js

@@ -1,7 +1,10 @@
 import fs from 'fs';
 import os from 'os';
 import path from 'path';
+import crypto from 'crypto';
 import { execSync, spawnSync } from 'child_process';
+import { runClaudeWithStreaming } from './claude-runner-run.js';
+import { registry } from './claude-runner-agents.js';
 
 function err(code, message) { const e = new Error(message); e.code = code; throw e; }
 
@@ -13,7 +16,106 @@ const SUB_AGENT_MAP = {
 };
 
 export function register(router, deps) {
-  const { queries, wsOptimizer, broadcastSync, getProviderConfigs, saveProviderConfig, STARTUP_CWD, discoveredAgents } = deps;
+  const { queries, wsOptimizer, broadcastSync, getProviderConfigs, saveProviderConfig, STARTUP_CWD, discoveredAgents, subscriptionIndex, activeChats } = deps;
+
+  // --- agents.list: enumerate registered ACP agents + claude-code ---
+  router.handle('agents.list', () => {
+    const agents = registry.list().map(a => ({
+      id: a.id,
+      name: a.name,
+      protocol: a.protocol,
+      supportsStdin: !!a.supportsStdin,
+      features: a.supportedFeatures || [],
+    }));
+    return { agents };
+  });
+
+  // --- conversation.subscribe: register this ws for sessionId broadcasts ---
+  router.handle('conversation.subscribe', (p, ws) => {
+    const sid = p?.sessionId;
+    if (!sid || typeof sid !== 'string') err(400, 'sessionId required');
+    if (!subscriptionIndex.has(sid)) subscriptionIndex.set(sid, new Set());
+    subscriptionIndex.get(sid).add(ws);
+    ws.subscriptions = ws.subscriptions || new Set();
+    ws.subscriptions.add(sid);
+    return { subscribed: true, sessionId: sid };
+  });
+
+  // --- chat.sendMessage: start a one-shot streaming chat with an agent.
+  // Bypasses the gutted db-queries layer entirely; calls runClaudeWithStreaming
+  // directly and broadcasts streaming_* events scoped to an ephemeral sessionId.
+  router.handle('chat.sendMessage', async (p, ws) => {
+    const content = (p?.content || '').toString();
+    if (!content) err(400, 'content required');
+    const agentId = p?.agentId || 'claude-code';
+    const model = p?.model || undefined;
+    const subAgent = p?.subAgent || undefined;
+    const cwd = p?.cwd || STARTUP_CWD;
+    if (!registry.has(agentId)) err(404, `Unknown agentId: ${agentId}`);
+
+    const sessionId = 'chat-' + crypto.randomBytes(8).toString('hex');
+    // Auto-subscribe the originating ws so it receives its own broadcasts.
+    if (!subscriptionIndex.has(sessionId)) subscriptionIndex.set(sessionId, new Set());
+    subscriptionIndex.get(sessionId).add(ws);
+    ws.subscriptions = ws.subscriptions || new Set();
+    ws.subscriptions.add(sessionId);
+
+    const ctrl = { aborted: false, proc: null };
+    activeChats.set(sessionId, ctrl);
+
+    // Fire-and-forget. Errors broadcast as streaming_error.
+    (async () => {
+      let eventCount = 0;
+      broadcastSync({ type: 'streaming_start', sessionId, agentId, timestamp: Date.now() });
+      const onEvent = (parsed) => {
+        eventCount++;
+        if (parsed?.type === 'assistant' && parsed.message?.content) {
+          for (const block of parsed.message.content) {
+            broadcastSync({ type: 'streaming_progress', sessionId, block, blockRole: 'assistant', seq: eventCount, timestamp: Date.now() });
+          }
+        } else if (parsed?.type === 'user' && parsed.message?.content) {
+          const blocks = Array.isArray(parsed.message.content) ? parsed.message.content : [];
+          for (const block of blocks) {
+            if (block?.type === 'tool_result') {
+              broadcastSync({ type: 'streaming_progress', sessionId, block, blockRole: 'tool_result', seq: eventCount, timestamp: Date.now() });
+            }
+          }
+        } else if (parsed?.type === 'result') {
+          const block = { type: 'result', result: parsed.result, subtype: parsed.subtype, duration_ms: parsed.duration_ms, total_cost_usd: parsed.total_cost_usd, is_error: !!parsed.is_error };
+          broadcastSync({ type: 'streaming_progress', sessionId, block, blockRole: 'result', seq: eventCount, isResult: true, timestamp: Date.now() });
+        }
+      };
+      try {
+        const config = {
+          verbose: true, outputFormat: 'stream-json', timeout: 1800000, print: true,
+          model, subAgent, onEvent,
+          onPid: () => {}, onProcess: (proc) => { ctrl.proc = proc; },
+        };
+        await runClaudeWithStreaming(content, cwd, agentId, config);
+        broadcastSync({ type: 'streaming_complete', sessionId, agentId, eventCount, timestamp: Date.now() });
+      } catch (e) {
+        broadcastSync({ type: 'streaming_error', sessionId, agentId, error: e.message || String(e), recoverable: false, timestamp: Date.now() });
+      } finally {
+        activeChats.delete(sessionId);
+      }
+    })();
+
+    return { sessionId, started: true };
+  });
+
+  // --- chat.cancel: abort an in-flight chat ---
+  router.handle('chat.cancel', (p) => {
+    const sid = p?.sessionId;
+    if (!sid) err(400, 'sessionId required');
+    const ctrl = activeChats.get(sid);
+    if (!ctrl) return { cancelled: false, reason: 'not-found' };
+    ctrl.aborted = true;
+    try { ctrl.proc?.kill?.(); } catch {}
+    activeChats.delete(sid);
+    return { cancelled: true };
+  });
+
+
 
   router.handle('home', () => ({ home: os.homedir(), cwd: STARTUP_CWD }));
 

package/lib/ws-setup.js

@@ -1,6 +1,7 @@
 import fs from 'fs';
 import path from 'path';
 import { WebSocketServer } from 'ws';
+import * as term from './terminal.js';
 // Legacy WS handlers removed; no-op shim kept for callsite compatibility.
 const registerLegacyHandler = () => {};
 
@@ -22,6 +23,12 @@ export function createWsSetup(server, { BASE_URL, watch, staticDir, _assetCache,
     if (wsRoute === '/hot-reload') {
       hotReloadClients.push(ws);
       ws.on('close', () => { const i = hotReloadClients.indexOf(ws); if (i > -1) hotReloadClients.splice(i, 1); });
+    } else if (wsRoute.startsWith('/api/terminal/sessions/')) {
+      // Terminal session WS — auth was already enforced by wss-level PASSWORD
+      // check at the top of this connection callback. attach to existing session.
+      const m = wsRoute.match(/^\/api\/terminal\/sessions\/([0-9a-f]+)$/);
+      if (!m) { ws.close(4400, 'bad-terminal-path'); return; }
+      term.attachWs(m[1], ws);
     } else if (wsRoute === '/sync') {
       syncClients.add(ws);
       ws.isAlive = true;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentgui",
-  "version": "1.0.933",
+  "version": "1.0.935",
   "description": "Multi-agent ACP client with real-time communication",
   "type": "module",
   "main": "electron/main.js",
@@ -37,7 +37,6 @@
     "form-data": "^4.0.5",
     "fsbrowse": "latest",
     "lru-cache": "^11.2.7",
-    "msgpackr": "^1.11.8",
     "opencode-ai": "^1.2.15",
     "p-retry": "^7.1.1",
     "puppeteer-core": "^24.37.5",

package/scripts/smoke-ws-chat.mjs

@@ -0,0 +1,62 @@
+// Smoke-test the WS chat protocol added in this session.
+// Boots no server — assumes one is already running at ws://localhost:$PORT/sync.
+//
+// Usage: PORT=3990 node scripts/smoke-ws-chat.mjs
+//
+// Checks:
+//  1. WS connects, receives sync_connected.
+//  2. agents.list returns a non-empty array.
+//  3. (optional) conversation.subscribe returns subscribed:true.
+
+import WebSocket from 'ws';
+
+const PORT = process.env.PORT || 3000;
+const URL = `ws://localhost:${PORT}/sync`;
+
+const ws = new WebSocket(URL);
+let reqId = 0;
+const pending = new Map();
+
+const call = (method, params) => new Promise((resolve, reject) => {
+  const r = ++reqId;
+  pending.set(r, { resolve, reject });
+  ws.send(JSON.stringify({ m: method, r, p: params || {} }));
+  setTimeout(() => { if (pending.has(r)) { pending.delete(r); reject(new Error('timeout: ' + method)); } }, 5000);
+});
+
+ws.on('open', async () => {
+  console.log('WS open:', URL);
+});
+
+ws.on('message', async (data) => {
+  let msg;
+  try { msg = JSON.parse(data.toString('utf8')); } catch { console.log('decode fail:', data); return; }
+  const items = Array.isArray(msg) ? msg : [msg];
+  for (const m of items) {
+    if (m && m.r !== undefined && (m.d !== undefined || m.e !== undefined)) {
+      const p = pending.get(m.r);
+      if (!p) continue;
+      pending.delete(m.r);
+      if (m.e) p.reject(new Error(m.e.m));
+      else p.resolve(m.d);
+    } else if (m?.type === 'sync_connected') {
+      console.log('sync_connected, clientId =', m.clientId);
+      try {
+        const r1 = await call('agents.list');
+        console.log('agents.list OK, count =', r1.agents.length, '— first =', r1.agents[0]?.id);
+        const r2 = await call('conversation.subscribe', { sessionId: 'smoke-test-sid' });
+        console.log('conversation.subscribe OK =', r2);
+        console.log('PASS');
+        process.exit(0);
+      } catch (e) {
+        console.error('FAIL:', e.message);
+        process.exit(1);
+      }
+    }
+  }
+});
+
+ws.on('error', (e) => { console.error('ws error:', e.message); process.exit(1); });
+ws.on('close', (code, reason) => { console.log('ws close:', code, reason?.toString()); });
+
+setTimeout(() => { console.error('overall timeout'); process.exit(1); }, 15000);

package/server.js

@@ -11,6 +11,7 @@ import { runClaudeWithStreaming } from './lib/claude-runner-run.js';
 import { initializeDescriptors, getAgentDescriptor } from './lib/agent-descriptors.js';
 import { discoverExternalACPServers, initializeAgentDiscovery } from './lib/agent-discovery.js';
 import { createRegistry } from './lib/routes-registry.js';
+import { register as registerWsHandlers } from './lib/ws-handlers-util.js';
 import { BROADCAST_TYPES } from './lib/broadcast.js';
 import { WSOptimizer } from './lib/ws-optimizer.js';
 import { WsRouter } from './lib/ws-protocol.js';
@@ -123,8 +124,10 @@ const { processMessageWithStreaming } = createProcessMessage({
   scheduleRetry, drainMessageQueue, createEventHandler
 });
 
+const activeChats = new Map();
 const wsRouter = new WsRouter();
 createRegistry(wsRouter, { queries, sendJSON, parseBody, broadcastSync, debugLog, PORT, BASE_URL, rootDir, STARTUP_CWD, PKG_VERSION, processMessageWithStreaming, activeExecutions, activeProcessesByRunId, activeScripts, messageQueues, rateLimitState, cleanupExecution, discoveredAgents, getACPStatus, modelCache, getModelsForAgent, logError, syncClients, wsOptimizer, errLogPath, getJsonlWatcher: () => getJsonlWatcher(), routes: _routes });
+registerWsHandlers(wsRouter, { queries, wsOptimizer, broadcastSync, getProviderConfigs, saveProviderConfig, STARTUP_CWD, discoveredAgents, subscriptionIndex, activeChats });
 
 
 const { wss, hotReloadClients } = createWsSetup(server, {

package/site/app/index.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8">
   <meta name="viewport" content="width=device-width,initial-scale=1">
   <title>agentgui</title>
-  <meta name="description" content="agentgui — live client for any acptoapi backend.">
+  <meta name="description" content="agentgui — multi-agent client with same-origin server, in-process ccsniff history, and ACP chat.">
   <link rel="stylesheet" href="https://unpkg.com/anentrypoint-design@0.0.127/dist/247420.css">
   <script type="importmap">
     { "imports": { "anentrypoint-design": "https://unpkg.com/anentrypoint-design@0.0.127/dist/247420.js" } }

package/site/app/js/backend.js

@@ -1,4 +1,11 @@
-// acptoapi backend client. Resolves base URL from ?backend= or localStorage or default.
+// agentgui backend client. Same-origin by default. Talks to:
+//  - HTTP: /health, /v1/history/* (served by ccsniff)
+//  - WS  : /sync   (JSON envelope: requests {m, r, p}; replies {r, d|e};
+//          broadcasts {type, sessionId, ...})
+// No external acptoapi dependency. Chat + agent listing flow over the WS.
+
+import { encode, decode } from './codec.js';
+
 const KEY = 'agentgui.backend';
 const DEFAULT_BACKEND = '';
 
@@ -9,27 +16,19 @@ export function getBackend() {
   return localStorage.getItem(KEY) || DEFAULT_BACKEND;
 }
 
-export function setBackend(url) {
-  localStorage.setItem(KEY, url);
-}
+export function setBackend(url) { localStorage.setItem(KEY, url); }
 
 export async function probeBackend(base) {
   try {
     const r = await fetch(base + '/health', { method: 'GET' });
     if (!r.ok) return { ok: false, status: r.status };
-    const j = await r.json();
-    return { ok: true, info: j };
+    return { ok: true, info: await r.json() };
   } catch (e) {
     return { ok: false, error: e.message };
   }
 }
 
-export async function listModels(base) {
-  const r = await fetch(base + '/v1/models');
-  if (!r.ok) throw new Error('models: ' + r.status);
-  const j = await r.json();
-  return j.data || [];
-}
+// ---------- History (HTTP, served by ccsniff) ----------
 
 export async function listSessions(base) {
   const r = await fetch(base + '/v1/history/sessions');
@@ -61,39 +60,184 @@ export function streamHistory(base, onEvent) {
   return es;
 }
 
-// Streaming chat completions using OpenAI-style SSE.
-export async function* streamChat(base, { model, messages, signal }) {
-  const r = await fetch(base + '/v1/chat/completions', {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ model, messages, stream: true }),
-    signal,
-  });
-  if (!r.ok) {
-    const t = await r.text();
-    throw new Error('chat: ' + r.status + ' ' + t.slice(0, 300));
+// ---------- WebSocket client (/sync) ----------
+
+const SYNC_PATH = '/sync';
+let _ws = null;
+let _wsReady = null;       // Promise that resolves when ws is OPEN
+let _nextReqId = 1;
+const _pending = new Map();          // requestId → { resolve, reject }
+const _sessionListeners = new Map(); // sessionId → Set<(event)=>void>
+
+function wsUrl(base) {
+  if (base) {
+    // Absolute base like http://host:port → ws(s)://host:port/sync
+    try {
+      const u = new URL(base);
+      const proto = u.protocol === 'https:' ? 'wss:' : 'ws:';
+      return proto + '//' + u.host + SYNC_PATH;
+    } catch {}
   }
-  const reader = r.body.getReader();
-  const dec = new TextDecoder();
-  let buf = '';
-  while (true) {
-    const { done, value } = await reader.read();
-    if (done) break;
-    buf += dec.decode(value, { stream: true });
-    let idx;
-    while ((idx = buf.indexOf('\n\n')) !== -1) {
-      const block = buf.slice(0, idx);
-      buf = buf.slice(idx + 2);
-      const line = block.split('\n').find(l => l.startsWith('data:'));
-      if (!line) continue;
-      const payload = line.slice(5).trim();
-      if (payload === '[DONE]') return;
+  // Same-origin
+  const proto = location.protocol === 'https:' ? 'wss:' : 'ws:';
+  return proto + '//' + location.host + SYNC_PATH;
+}
+
+function ensureWs(base) {
+  if (_ws && _ws.readyState === 1) return _wsReady;
+  if (_ws && _ws.readyState === 0) return _wsReady;
+  _ws = new WebSocket(wsUrl(base));
+  _wsReady = new Promise((resolve, reject) => {
+    _ws.addEventListener('open', () => resolve(_ws));
+    _ws.addEventListener('error', (e) => reject(e));
+    _ws.addEventListener('close', () => {
+      // Reject all pending requests on close so callers can recover.
+      for (const [, p] of _pending) p.reject(new Error('ws closed'));
+      _pending.clear();
+      _ws = null;
+      _wsReady = null;
+    });
+    _ws.addEventListener('message', (ev) => {
+      let msg;
       try {
-        const j = JSON.parse(payload);
-        const delta = j.choices?.[0]?.delta?.content;
-        if (delta) yield { type: 'text', text: delta };
-        if (j.error) yield { type: 'error', error: j.error };
-      } catch (_) {}
+        // Server sends text frames (JSON via codec). ev.data is string.
+        msg = typeof ev.data === 'string' ? JSON.parse(ev.data) : decode(ev.data);
+      } catch { return; }
+      // Reply to a prior request?
+      if (msg && msg.r !== undefined && (msg.d !== undefined || msg.e !== undefined)) {
+        const p = _pending.get(msg.r);
+        if (!p) return;
+        _pending.delete(msg.r);
+        if (msg.e) p.reject(new Error(msg.e.m || ('ws error ' + msg.e.c)));
+        else p.resolve(msg.d);
+        return;
+      }
+      // Unsolicited broadcast — route by sessionId to subscribers.
+      // Server may send a single event or a batch (array) per ws-optimizer.
+      const items = Array.isArray(msg) ? msg : [msg];
+      for (const item of items) {
+        const sid = item?.sessionId;
+        if (!sid) continue;
+        const subs = _sessionListeners.get(sid);
+        if (!subs) continue;
+        for (const fn of subs) { try { fn(item); } catch {} }
+      }
+    });
+  });
+  return _wsReady;
+}
+
+function wsCall(base, method, params) {
+  return ensureWs(base).then(() => new Promise((resolve, reject) => {
+    const r = _nextReqId++;
+    _pending.set(r, { resolve, reject });
+    _ws.send(encode({ m: method, r, p: params || {} }));
+  }));
+}
+
+function addSessionListener(sessionId, fn) {
+  if (!_sessionListeners.has(sessionId)) _sessionListeners.set(sessionId, new Set());
+  _sessionListeners.get(sessionId).add(fn);
+  return () => {
+    const s = _sessionListeners.get(sessionId);
+    if (s) { s.delete(fn); if (s.size === 0) _sessionListeners.delete(sessionId); }
+  };
+}
+
+// ---------- Agents / models (WS) ----------
+
+export async function listModels(base) {
+  const { agents } = await wsCall(base, 'agents.list', {});
+  // Compatibility shape: app.js expects an array of {id, name?, ...}
+  return agents || [];
+}
+
+// ---------- Streaming chat (WS) ----------
+//
+// Yields events of shape:
+//   { type: 'text',  text: '...' }    — assistant text deltas
+//   { type: 'tool',  block: {...} }   — tool_use blocks
+//   { type: 'result', block: {...} }  — terminal result block
+//   { type: 'error', error: '...' }
+//
+// Caller signature kept compatible with the previous HTTP/SSE impl.
+export async function* streamChat(base, { model, messages, signal, agentId }) {
+  // The last user message is the prompt; agentgui's claude-runner doesn't
+  // accept a full message list — it spawns the agent for a single prompt.
+  // For multi-turn, the agent's own session/resume handles continuity.
+  const last = messages[messages.length - 1];
+  const content = last?.content || '';
+  if (!content) return;
+
+  // app.js treats the "model" picker as the agent picker (selects from
+  // agents.list ids). If no explicit agentId is given, model IS the agent.
+  // If `model` looks like a real model id (has a slash), keep it as model
+  // and default agent to claude-code.
+  let resolvedAgentId = agentId;
+  let resolvedModel = model;
+  if (!resolvedAgentId) {
+    if (!model || /^[a-z][a-z0-9-]*$/.test(model)) {
+      // Bare slug — treat as agentId.
+      resolvedAgentId = model || 'claude-code';
+      resolvedModel = undefined;
+    } else {
+      resolvedAgentId = 'claude-code';
+    }
+  }
+
+  // Queue events here; the async iterator pulls from it.
+  const queue = [];
+  let resolveWait = null;
+  let done = false;
+  let errored = null;
+  const push = (ev) => { queue.push(ev); if (resolveWait) { resolveWait(); resolveWait = null; } };
+
+  // Kick off the chat on the server.
+  let started;
+  try {
+    started = await wsCall(base, 'chat.sendMessage', { content, agentId: resolvedAgentId, model: resolvedModel });
+  } catch (e) {
+    yield { type: 'error', error: e.message };
+    return;
+  }
+  const sessionId = started?.sessionId;
+  if (!sessionId) { yield { type: 'error', error: 'no sessionId from server' }; return; }
+
+  const unsub = addSessionListener(sessionId, (ev) => {
+    if (ev.type === 'streaming_progress') {
+      const block = ev.block;
+      if (block?.type === 'text' && block.text) push({ type: 'text', text: block.text });
+      else if (block?.type === 'tool_use') push({ type: 'tool', block });
+      else if (block?.type === 'tool_result') push({ type: 'tool', block });
+      else if (block?.type === 'result') push({ type: 'result', block });
+    } else if (ev.type === 'streaming_complete') {
+      done = true;
+      if (resolveWait) { resolveWait(); resolveWait = null; }
+    } else if (ev.type === 'streaming_error') {
+      errored = ev.error || 'streaming error';
+      done = true;
+      if (resolveWait) { resolveWait(); resolveWait = null; }
+    }
+  });
+
+  // Wire AbortSignal to chat.cancel.
+  const onAbort = () => { wsCall(base, 'chat.cancel', { sessionId }).catch(() => {}); };
+  if (signal) {
+    if (signal.aborted) onAbort();
+    else signal.addEventListener('abort', onAbort, { once: true });
+  }
+
+  try {
+    while (!done || queue.length > 0) {
+      if (queue.length === 0) {
+        await new Promise(r => { resolveWait = r; });
+        continue;
+      }
+      yield queue.shift();
     }
+    if (errored) yield { type: 'error', error: errored };
+  } finally {
+    unsub();
+    if (signal) signal.removeEventListener?.('abort', onAbort);
   }
 }

package/site/app/js/codec.js

@@ -0,0 +1,8 @@
+// Browser mirror of lib/codec.js. JSON over WS text frames.
+export function encode(obj) { return JSON.stringify(obj); }
+export function decode(buf) {
+  if (typeof buf === 'string') return JSON.parse(buf);
+  if (buf instanceof ArrayBuffer) return JSON.parse(new TextDecoder().decode(new Uint8Array(buf)));
+  if (buf instanceof Uint8Array) return JSON.parse(new TextDecoder().decode(buf));
+  return JSON.parse(String(buf));
+}