agiagent-dev 2026.1.32 → 2026.1.33

package/dist/agents/bash-tools.exec.js

@@ -768,12 +768,16 @@ export function createExecTool(defaults) {
                         // Fall back to requiring approval if node approvals cannot be fetched.
                     }
                 }
-                const requiresAsk = requiresExecApproval({
-                    ask: hostAsk,
-                    security: hostSecurity,
-                    analysisOk,
-                    allowlistSatisfied,
-                });
+                // In hosted mode, skip approval entirely - commands are pre-authorized by the gateway
+                const hostedAutoApprove = process.env.AGIAGENT_HOSTED_MODE === "1";
+                const requiresAsk = hostedAutoApprove
+                    ? false
+                    : requiresExecApproval({
+                        ask: hostAsk,
+                        security: hostSecurity,
+                        analysisOk,
+                        allowlistSatisfied,
+                    });
                 const commandText = params.command;
                 const invokeTimeoutMs = Math.max(10_000, (typeof params.timeout === "number" ? params.timeout : defaultTimeoutSec) * 1000 + 5_000);
                 const buildInvokeParams = (approvedByAsk, approvalDecision, runId) => ({
@@ -782,7 +786,9 @@ export function createExecTool(defaults) {
                     params: {
                         command: argv,
                         rawCommand: params.command,
-                        cwd: workdir,
+                        // Don't pass gateway's cwd to remote nodes - use null to let node use its own cwd
+                        // The gateway's cwd (e.g., /app or /data on Fly.io) doesn't exist on user's machine
+                        cwd: params.workdir?.trim() || null,
                         env: nodeEnv,
                         timeoutMs: typeof params.timeout === "number" ? params.timeout * 1000 : undefined,
                         agentId,
@@ -790,6 +796,8 @@ export function createExecTool(defaults) {
                         approved: approvedByAsk,
                         approvalDecision: approvalDecision ?? undefined,
                         runId: runId ?? undefined,
+                        // Tell node to skip macOS app exec host and use direct spawn in hosted mode
+                        hostedMode: process.env.AGIAGENT_HOSTED_MODE === "1" ? true : undefined,
                     },
                     idempotencyKey: crypto.randomUUID(),
                 });
@@ -893,7 +901,8 @@ export function createExecTool(defaults) {
                     };
                 }
                 const startedAt = Date.now();
-                const raw = await callGatewayTool("node.invoke", { timeoutMs: invokeTimeoutMs }, buildInvokeParams(false, null));
+                // In hosted mode, hostedAutoApprove is true, so we send approved=true to the node
+                const raw = await callGatewayTool("node.invoke", { timeoutMs: invokeTimeoutMs }, buildInvokeParams(hostedAutoApprove, hostedAutoApprove ? "allow-once" : null));
                 const payload = raw && typeof raw === "object" ? raw.payload : undefined;
                 const payloadObj = payload && typeof payload === "object" ? payload : {};
                 const stdout = typeof payloadObj.stdout === "string" ? payloadObj.stdout : "";

package/dist/agents/system-prompt.js

@@ -314,6 +314,23 @@ export function buildAgentSystemPrompt(params) {
         "",
         ...skillsSection,
         ...memorySection,
+        // File type guidance for document handling
+        !isMinimal ? "## File Type Guidance" : "",
+        !isMinimal
+            ? [
+                "When working with specific file types, ALWAYS read the corresponding skill BEFORE any editing:",
+                "",
+                "### Word Documents (.docx)",
+                "1. Find the `docx` skill in <available_skills> above",
+                `2. Use \`${readToolName}\` to read the skill's SKILL.md at its <location>`,
+                "3. Follow ALL instructions in that skill - it contains CRITICAL rules",
+                "4. Use python-docx (NOT raw XML/zipfile manipulation)",
+                "5. Count paragraphs/bullets before AND after editing - counts must match unless user requested reduction",
+                "",
+                "NEVER skip reading the skill. NEVER use zipfile+ElementTree for .docx files.",
+            ].join("\n")
+            : "",
+        !isMinimal ? "" : "",
         // Skip self-update for subagent/none modes
         hasGateway && !isMinimal ? "## AGIAgent Self-Update" : "",
         hasGateway && !isMinimal

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "2026.1.32",
-  "commit": "63a5a6cdc28f72ec1bb0ec415ff148eba790b2d8",
-  "builtAt": "2026-02-02T03:31:57.234Z"
+  "version": "2026.1.33",
+  "commit": "d2d5c683d8c0716e612985048828ecd36b48de8c",
+  "builtAt": "2026-02-02T18:19:42.158Z"
 }

package/dist/canvas-host/a2ui/.bundle.hash

@@ -1 +1 @@
-0c8337264f78308ab09fce8a670fbfae17efd8cad8a60f1d46a50e9a48a5eec6
+48ae5a7be920c7ca3c20f3800f4b9c0a40fa52956e24f6fbf8ec668ac4b14679

package/dist/cli/connect-cli/register.js

@@ -44,7 +44,11 @@ ${theme.muted("Your WhatsApp messages will trigger AI that runs commands on this
                 if (gatewayUrl.includes("://")) {
                     const url = new URL(gatewayUrl);
                     host = url.hostname;
-                    port = url.port ? parseInt(url.port, 10) : (url.protocol === "wss:" || url.protocol === "https:" ? 443 : 80);
+                    port = url.port
+                        ? parseInt(url.port, 10)
+                        : url.protocol === "wss:" || url.protocol === "https:"
+                            ? 443
+                            : 80;
                     useTls = url.protocol === "wss:" || url.protocol === "https:";
                 }
                 else if (gatewayUrl.includes(":")) {

package/dist/config/plugin-auto-enable.js

@@ -1,11 +1,12 @@
 import { normalizeProviderId } from "../agents/model-selection.js";
 import { getChannelPluginCatalogEntry, listChannelPluginCatalogEntries, } from "../channels/plugins/catalog.js";
-import { getChatChannelMeta, listChatChannels, normalizeChatChannelId, } from "../channels/registry.js";
+import { CHAT_CHANNEL_ORDER, getChatChannelMeta, normalizeChatChannelId, } from "../channels/registry.js";
 import { hasAnyWhatsAppAuth } from "../web/accounts.js";
-const CHANNEL_PLUGIN_IDS = Array.from(new Set([
-    ...listChatChannels().map((meta) => meta.id),
-    ...listChannelPluginCatalogEntries().map((entry) => entry.id),
-]));
+// Core/built-in channels are part of the main codebase and don't need plugin entries.
+// Only extension channels (actual plugins) should be auto-enabled via plugins.entries.
+const CORE_CHANNEL_IDS = new Set(CHAT_CHANNEL_ORDER);
+// Extension channel plugins that can be auto-enabled
+const CHANNEL_PLUGIN_IDS = Array.from(new Set([...listChannelPluginCatalogEntries().map((entry) => entry.id)]));
 const PROVIDER_PLUGIN_IDS = [
     { pluginId: "google-antigravity-auth", providerId: "google-antigravity" },
     { pluginId: "google-gemini-cli-auth", providerId: "google-gemini-cli" },
@@ -245,13 +246,20 @@ function resolveConfiguredPlugins(cfg, env) {
             if (key === "defaults") {
                 continue;
             }
-            channelIds.add(key);
+            // Only add extension channels, not core channels
+            if (!CORE_CHANNEL_IDS.has(key)) {
+                channelIds.add(key);
+            }
         }
     }
     for (const channelId of channelIds) {
         if (!channelId) {
             continue;
         }
+        // Skip core channels - they're built-in and don't need plugin entries
+        if (CORE_CHANNEL_IDS.has(channelId)) {
+            continue;
+        }
         if (isChannelConfigured(cfg, channelId, env)) {
             changes.push({
                 pluginId: channelId,

package/dist/gateway/auth.d.ts

@@ -19,6 +19,7 @@ export type GatewayAuthResult = {
         userName: string;
         tokenId: string;
         whatsappAccountId: string | null;
+        telegramBotToken: string | null;
     };
 };
 type ConnectAuth = {

package/dist/gateway/auth.js

@@ -1,7 +1,7 @@
 import { timingSafeEqual } from "node:crypto";
 import { readTailscaleWhoisIdentity } from "../infra/tailscale.js";
-import { isTrustedProxyAddress, parseForwardedForClientIp, resolveGatewayClientIp } from "./net.js";
 import { isHostedMode, validateHostedToken } from "./hosted-db.js";
+import { isTrustedProxyAddress, parseForwardedForClientIp, resolveGatewayClientIp } from "./net.js";
 function safeEqual(a, b) {
     if (a.length !== b.length) {
         return false;

package/dist/gateway/hosted-agent.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Hosted mode AI agent processing.
+ *
+ * Handles running the AI agent for hosted users using the existing
+ * auto-reply infrastructure with full tool support.
+ */
+export type HostedAgentReplyParams = {
+    userId: string;
+    userName: string;
+    nodeId: string;
+    messageText: string;
+    senderJid: string;
+    chatJid: string;
+    isGroup: boolean;
+    sendNodeEvent: (event: string, payload: unknown) => void;
+};
+/**
+ * Process a message through the AI agent for a hosted user.
+ * Uses the full agent infrastructure with tool support.
+ */
+export declare function runHostedAgentReply(params: HostedAgentReplyParams): Promise<string>;

package/dist/gateway/hosted-agent.js

@@ -0,0 +1,96 @@
+/**
+ * Hosted mode AI agent processing.
+ *
+ * Handles running the AI agent for hosted users using the existing
+ * auto-reply infrastructure with full tool support.
+ */
+import { getReplyFromConfig } from "../auto-reply/reply.js";
+import { finalizeInboundContext } from "../auto-reply/reply/inbound-context.js";
+import { loadConfig } from "../config/config.js";
+import { createSubsystemLogger } from "../logging/subsystem.js";
+import { jidToE164 } from "../utils.js";
+const log = createSubsystemLogger("hosted-agent");
+/**
+ * Process a message through the AI agent for a hosted user.
+ * Uses the full agent infrastructure with tool support.
+ */
+export async function runHostedAgentReply(params) {
+    const { userId, userName, nodeId, messageText, senderJid, chatJid, isGroup, sendNodeEvent } = params;
+    log.info(`Processing message for user ${userName}: "${messageText.slice(0, 50)}..."`);
+    try {
+        const cfg = loadConfig();
+        // Create a per-user session key to isolate conversations between hosted users
+        // Format: hosted:<userId>:<chatJid> for full isolation
+        const userSessionKey = `hosted:${userId}:${chatJid}`;
+        const senderE164 = jidToE164(senderJid) ?? senderJid;
+        log.info(`Routing to session ${userSessionKey} for user ${userName}`);
+        // Build the message context using the existing infrastructure
+        const ctx = finalizeInboundContext({
+            Body: messageText,
+            RawBody: messageText,
+            CommandBody: messageText,
+            BodyForAgent: messageText,
+            BodyForCommands: messageText,
+            From: senderJid,
+            To: userId,
+            SessionKey: userSessionKey,
+            AccountId: userId,
+            MessageSid: `hosted-${Date.now()}`,
+            ChatType: isGroup ? "group" : "dm",
+            ConversationLabel: chatJid,
+            SenderName: userName,
+            SenderId: senderJid,
+            SenderE164: senderE164,
+            // Allow commands for hosted users
+            CommandAuthorized: true,
+            Provider: "telegram",
+            Surface: "telegram",
+            OriginatingChannel: "telegram",
+            OriginatingTo: chatJid,
+        });
+        // Create config override to bind exec to the user's connected node
+        // This ensures commands run on the user's device, not on the gateway
+        const configOverride = {
+            ...cfg,
+            tools: {
+                ...cfg.tools,
+                exec: {
+                    ...cfg.tools?.exec,
+                    host: "node",
+                    node: nodeId,
+                },
+            },
+        };
+        // Get the AI reply using the full agent infrastructure
+        // Pass the config override so exec is bound to the user's node
+        const result = await getReplyFromConfig(ctx, undefined, configOverride);
+        if (!result) {
+            log.warn(`No reply generated for user ${userName}`);
+            return "";
+        }
+        // Extract text from reply payload(s)
+        const replyText = extractReplyText(result);
+        log.info(`Generated reply for user ${userName}: "${replyText.slice(0, 50)}..."`);
+        return replyText;
+    }
+    catch (err) {
+        log.error(`Failed to generate reply for user ${userName}`, { error: String(err) });
+        sendNodeEvent("agent.error", {
+            userId,
+            error: String(err),
+        });
+        return `Sorry, I encountered an error: ${String(err).slice(0, 100)}`;
+    }
+}
+/**
+ * Extract text from reply payload(s).
+ */
+function extractReplyText(result) {
+    if (Array.isArray(result)) {
+        return result
+            .map((r) => r.text ?? "")
+            .filter(Boolean)
+            .join("\n");
+    }
+    return result.text ?? "";
+}

package/dist/gateway/hosted-db.d.ts

@@ -12,6 +12,7 @@ export type ConnectionToken = {
     userId: string;
     token: string;
     whatsappAccountId: string | null;
+    telegramBotToken: string | null;
     createdAt: Date;
     lastConnectedAt: Date | null;
 };
@@ -52,6 +53,7 @@ export declare function validateHostedToken(token: string): Promise<{
     userName: string;
     tokenId: string;
     whatsappAccountId: string | null;
+    telegramBotToken: string | null;
 } | null>;
 /**
  * Register a node for a hosted user.

package/dist/gateway/hosted-db.js

@@ -44,6 +44,7 @@ export async function initHostedDb() {
             t.user_id,
             t.token,
             t.whatsapp_account_id,
+            t.telegram_bot_token,
             t.created_at as token_created_at,
             t.last_connected_at,
             u.id as user_id,
@@ -69,6 +70,7 @@ export async function initHostedDb() {
                         userId: row.user_id,
                         token: row.token,
                         whatsappAccountId: row.whatsapp_account_id,
+                        telegramBotToken: row.telegram_bot_token,
                         createdAt: row.token_created_at,
                         lastConnectedAt: row.last_connected_at,
                     },
@@ -128,6 +130,7 @@ export async function validateHostedToken(token) {
         userName: result.user.name,
         tokenId: result.tokenRecord.id,
         whatsappAccountId: result.tokenRecord.whatsappAccountId,
+        telegramBotToken: result.tokenRecord.telegramBotToken,
     };
 }
 // In-memory mapping of userId -> nodeId for WhatsApp event routing

package/dist/gateway/hosted-telegram.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Hosted mode Telegram handling.
+ *
+ * Manages Telegram bots for hosted users:
+ * 1. Starts Telegram bot with user's token
+ * 2. Handles incoming messages
+ * 3. Routes to AI agent
+ * 4. Sends responses
+ */
+/**
+ * Start a Telegram bot for a hosted user.
+ */
+export declare function startHostedTelegramBot(params: {
+    userId: string;
+    userName: string;
+    nodeId: string;
+    botToken: string;
+    sendEvent: (event: string, payload: unknown) => void;
+}): Promise<void>;
+/**
+ * Stop a Telegram bot for a hosted user.
+ */
+export declare function stopHostedTelegramBot(userId: string): Promise<void>;
+/**
+ * Check if a hosted user has an active Telegram bot.
+ */
+export declare function isHostedTelegramBotRunning(userId: string): boolean;

package/dist/gateway/hosted-telegram.js

@@ -0,0 +1,163 @@
+/**
+ * Hosted mode Telegram handling.
+ *
+ * Manages Telegram bots for hosted users:
+ * 1. Starts Telegram bot with user's token
+ * 2. Handles incoming messages
+ * 3. Routes to AI agent
+ * 4. Sends responses
+ */
+import { Bot } from "grammy";
+import { createSubsystemLogger } from "../logging/subsystem.js";
+import { runHostedAgentReply } from "./hosted-agent.js";
+import { isHostedMode } from "./hosted-db.js";
+const log = createSubsystemLogger("hosted-telegram");
+const activeHostedBots = new Map();
+/**
+ * Start a Telegram bot for a hosted user.
+ */
+export async function startHostedTelegramBot(params) {
+    if (!isHostedMode()) {
+        return;
+    }
+    const { userId, userName, nodeId, botToken, sendEvent } = params;
+    log.info(`Starting Telegram bot for hosted user ${userName} (${userId})`);
+    // Check if already has an active bot
+    const existing = activeHostedBots.get(userId);
+    if (existing?.running) {
+        log.info(`User ${userName} already has an active Telegram bot`);
+        // Update node reference
+        existing.nodeId = nodeId;
+        existing.sendNodeEvent = sendEvent;
+        sendEvent("telegram.connected", {
+            userId,
+            message: "Telegram bot already running",
+        });
+        return;
+    }
+    try {
+        // Create the bot
+        const bot = new Bot(botToken);
+        const session = {
+            bot,
+            running: false,
+            startedAt: Date.now(),
+            userId,
+            userName,
+            nodeId,
+            sendNodeEvent: sendEvent,
+        };
+        // Set up message handler
+        bot.on("message:text", async (ctx) => {
+            const text = ctx.message.text;
+            const chatId = ctx.chat.id;
+            const isGroup = ctx.chat.type === "group" || ctx.chat.type === "supergroup";
+            const senderId = ctx.from?.id?.toString() ?? "unknown";
+            const senderName = ctx.from?.first_name ?? ctx.from?.username ?? "User";
+            log.info(`Telegram message from ${senderName} for user ${userName}: ${text.slice(0, 50)}...`);
+            // Notify node
+            session.sendNodeEvent("telegram.message.received", {
+                userId,
+                from: senderId,
+                text: text.slice(0, 100),
+                isGroup,
+            });
+            try {
+                // Send typing indicator
+                await ctx.api.sendChatAction(chatId, "typing");
+                // Process through AI agent
+                const reply = await runHostedAgentReply({
+                    userId,
+                    userName,
+                    nodeId: session.nodeId,
+                    messageText: text,
+                    senderJid: senderId,
+                    chatJid: chatId.toString(),
+                    isGroup,
+                    sendNodeEvent: session.sendNodeEvent,
+                });
+                if (reply && reply.trim()) {
+                    // Send reply
+                    await ctx.reply(reply, { parse_mode: "HTML" }).catch(async () => {
+                        // Fallback to plain text if HTML fails
+                        await ctx.reply(reply);
+                    });
+                    log.info(`Telegram reply sent to ${chatId} for user ${userName}`);
+                    session.sendNodeEvent("telegram.message.sent", {
+                        userId,
+                        to: chatId,
+                        text: reply.slice(0, 100),
+                    });
+                }
+            }
+            catch (err) {
+                log.error(`Failed to process Telegram message for user ${userName}`, {
+                    error: String(err),
+                });
+                session.sendNodeEvent("telegram.message.error", {
+                    userId,
+                    error: String(err),
+                });
+                // Send error message to user
+                try {
+                    await ctx.reply(`Sorry, I encountered an error: ${String(err).slice(0, 100)}`);
+                }
+                catch {
+                    // Ignore send errors
+                }
+            }
+        });
+        // Handle errors
+        bot.catch((err) => {
+            log.error(`Telegram bot error for user ${userName}`, { error: String(err.message) });
+        });
+        // Store session
+        activeHostedBots.set(userId, session);
+        // Start the bot (polling mode)
+        log.info(`Starting Telegram polling for user ${userName}`);
+        // Get bot info first
+        const me = await bot.api.getMe();
+        log.info(`Telegram bot @${me.username} started for user ${userName}`);
+        // Start polling in background
+        bot.start({
+            onStart: () => {
+                session.running = true;
+                log.info(`Telegram bot polling started for user ${userName}`);
+                sendEvent("telegram.connected", {
+                    userId,
+                    botUsername: me.username,
+                    message: `Telegram bot @${me.username} is ready! Send a message to the bot.`,
+                });
+            },
+        });
+    }
+    catch (err) {
+        log.error(`Failed to start Telegram bot for user ${userName}`, { error: String(err) });
+        sendEvent("telegram.error", {
+            userId,
+            error: `Failed to start Telegram bot: ${String(err)}`,
+        });
+    }
+}
+/**
+ * Stop a Telegram bot for a hosted user.
+ */
+export async function stopHostedTelegramBot(userId) {
+    const session = activeHostedBots.get(userId);
+    if (session?.bot) {
+        try {
+            await session.bot.stop();
+        }
+        catch {
+            // Ignore stop errors
+        }
+    }
+    activeHostedBots.delete(userId);
+}
+/**
+ * Check if a hosted user has an active Telegram bot.
+ */
+export function isHostedTelegramBotRunning(userId) {
+    const session = activeHostedBots.get(userId);
+    return session?.running ?? false;
+}

package/dist/gateway/hosted-whatsapp.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Hosted mode WhatsApp handling.
+ *
+ * When a hosted user's node connects, this module handles:
+ * 1. Starting a WhatsApp session for the user
+ * 2. Sending QR code events to their connected node
+ * 3. Monitoring incoming messages
+ * 4. Processing messages through the AI agent
+ * 5. Sending responses back via WhatsApp
+ */
+import { createWaSocket } from "../web/session.js";
+type HostedSession = {
+    sock: Awaited<ReturnType<typeof createWaSocket>> | null;
+    connected: boolean;
+    startedAt: number;
+    monitoring: boolean;
+    nodeId: string;
+    userId: string;
+    userName: string;
+    sendNodeEvent: (event: string, payload: unknown) => void;
+};
+/**
+ * Start WhatsApp for a hosted user - handles pairing and message monitoring.
+ * Called when a hosted user's node connects to the gateway.
+ */
+export declare function startHostedWhatsAppPairing(params: {
+    userId: string;
+    userName: string;
+    nodeId: string;
+    sendEvent: (event: string, payload: unknown) => void;
+}): Promise<void>;
+/**
+ * Check if a hosted user has WhatsApp connected.
+ */
+export declare function isHostedUserWhatsAppConnected(userId: string): Promise<boolean>;
+/**
+ * Get an active session for a hosted user.
+ */
+export declare function getHostedSession(userId: string): HostedSession | undefined;
+/**
+ * Clean up WhatsApp session for a hosted user.
+ */
+export declare function cleanupHostedWhatsAppSession(userId: string): void;
+export {};

package/dist/gateway/hosted-whatsapp.js

@@ -0,0 +1,247 @@
+/**
+ * Hosted mode WhatsApp handling.
+ *
+ * When a hosted user's node connects, this module handles:
+ * 1. Starting a WhatsApp session for the user
+ * 2. Sending QR code events to their connected node
+ * 3. Monitoring incoming messages
+ * 4. Processing messages through the AI agent
+ * 5. Sending responses back via WhatsApp
+ */
+import { createSubsystemLogger } from "../logging/subsystem.js";
+import { resolveHostedWhatsAppAuthDir } from "../web/accounts.js";
+import { extractText } from "../web/inbound/extract.js";
+import { sendMessageWhatsApp } from "../web/outbound.js";
+import { createWaSocket, webAuthExists, readWebSelfId } from "../web/session.js";
+import { runHostedAgentReply } from "./hosted-agent.js";
+import { isHostedMode } from "./hosted-db.js";
+const log = createSubsystemLogger("hosted-whatsapp");
+const activeHostedSessions = new Map();
+/**
+ * Start WhatsApp for a hosted user - handles pairing and message monitoring.
+ * Called when a hosted user's node connects to the gateway.
+ */
+export async function startHostedWhatsAppPairing(params) {
+    if (!isHostedMode()) {
+        return;
+    }
+    const { userId, userName, nodeId, sendEvent } = params;
+    const authDir = resolveHostedWhatsAppAuthDir(userId);
+    log.info(`Starting WhatsApp for hosted user ${userName} (${userId})`);
+    // Check if already has an active session
+    const existing = activeHostedSessions.get(userId);
+    if (existing?.sock && existing.connected) {
+        log.info(`User ${userName} already has an active WhatsApp session`);
+        sendEvent("whatsapp.connected", {
+            userId,
+            message: "WhatsApp session already active",
+        });
+        // Update node reference in case of reconnection
+        existing.nodeId = nodeId;
+        existing.sendNodeEvent = sendEvent;
+        return;
+    }
+    // Check if has stored auth (already linked)
+    const hasAuth = await webAuthExists(authDir);
+    const selfId = hasAuth ? readWebSelfId(authDir) : { jid: null, e164: null };
+    // Start or resume WhatsApp connection
+    try {
+        log.info(`Creating WhatsApp socket for user ${userName}`);
+        const sock = await createWaSocket(false, false, {
+            authDir,
+            onQr: (qr) => {
+                log.info(`QR code received for user ${userName}, sending to node ${nodeId}`);
+                sendEvent("whatsapp.qr", { qr, userId });
+            },
+        });
+        const session = {
+            sock,
+            connected: false,
+            startedAt: Date.now(),
+            monitoring: false,
+            nodeId,
+            userId,
+            userName,
+            sendNodeEvent: sendEvent,
+        };
+        activeHostedSessions.set(userId, session);
+        // Handle connection updates
+        sock.ev.on("connection.update", (update) => {
+            if (update.connection === "open") {
+                log.info(`WhatsApp connected for user ${userName}`);
+                session.connected = true;
+                // Read the linked phone number
+                const currentSelfId = readWebSelfId(authDir);
+                sendEvent("whatsapp.connected", {
+                    userId,
+                    phone: currentSelfId.e164 ?? currentSelfId.jid,
+                    message: "WhatsApp connected successfully!",
+                });
+                // Start message monitoring if not already
+                if (!session.monitoring) {
+                    session.monitoring = true;
+                    startMessageMonitoring(session, authDir);
+                }
+            }
+            else if (update.connection === "close") {
+                log.info(`WhatsApp connection closed for user ${userName}`);
+                session.connected = false;
+                session.monitoring = false;
+                // Don't delete session - allow reconnection
+            }
+        });
+        // If already authenticated, connection should open automatically
+        if (selfId.jid) {
+            log.info(`User ${userName} already has WhatsApp linked: ${selfId.e164 ?? selfId.jid}`);
+        }
+    }
+    catch (err) {
+        log.error(`Failed to start WhatsApp for user ${userName}`, { error: String(err) });
+        sendEvent("whatsapp.error", {
+            userId,
+            error: `Failed to start WhatsApp: ${String(err)}`,
+        });
+    }
+}
+/**
+ * Start monitoring WhatsApp messages for a hosted user.
+ */
+function startMessageMonitoring(session, authDir) {
+    const { sock, userId, userName, nodeId, sendNodeEvent } = session;
+    if (!sock) {
+        return;
+    }
+    log.info(`Starting message monitoring for user ${userName}`);
+    // Get the user's own JID to filter out own messages
+    const selfId = readWebSelfId(authDir);
+    const ownJid = selfId.jid;
+    sock.ev.on("messages.upsert", async (upsert) => {
+        if (upsert.type !== "notify") {
+            return;
+        }
+        for (const msg of upsert.messages) {
+            try {
+                await handleIncomingMessage(session, msg, ownJid);
+            }
+            catch (err) {
+                log.error(`Error handling message for user ${userName}`, { error: String(err) });
+            }
+        }
+    });
+    log.info(`Message monitoring started for user ${userName}`);
+}
+/**
+ * Handle an incoming WhatsApp message for a hosted user.
+ */
+async function handleIncomingMessage(session, msg, ownJid) {
+    const { sock, userId, userName, nodeId, sendNodeEvent } = session;
+    if (!sock) {
+        return;
+    }
+    // Skip if no message content or key
+    if (!msg.message || !msg.key) {
+        return;
+    }
+    // Skip own messages (echo)
+    const fromMe = msg.key.fromMe;
+    if (fromMe) {
+        return;
+    }
+    // Extract message text
+    const text = extractText(msg.message);
+    if (!text || !text.trim()) {
+        return;
+    }
+    // Get sender info
+    const remoteJid = msg.key.remoteJid;
+    if (!remoteJid) {
+        return;
+    }
+    // Determine if it's a group or DM
+    const isGroup = remoteJid.endsWith("@g.us");
+    const senderJid = isGroup ? (msg.key.participant ?? remoteJid) : remoteJid;
+    log.info(`Message from ${senderJid} for user ${userName}: ${text.slice(0, 50)}...`);
+    // Notify the node that a message is being processed
+    sendNodeEvent("whatsapp.message.received", {
+        userId,
+        from: senderJid,
+        text: text.slice(0, 100),
+        isGroup,
+    });
+    try {
+        // Send typing indicator
+        await sock.presenceSubscribe(remoteJid);
+        await sock.sendPresenceUpdate("composing", remoteJid);
+        // Process through AI agent
+        const reply = await runHostedAgentReply({
+            userId,
+            userName,
+            nodeId,
+            messageText: text,
+            senderJid: senderJid ?? remoteJid,
+            chatJid: remoteJid,
+            isGroup,
+            sendNodeEvent,
+        });
+        // Stop typing indicator
+        await sock.sendPresenceUpdate("paused", remoteJid);
+        if (reply && reply.trim()) {
+            // Send reply via WhatsApp
+            const authDir = resolveHostedWhatsAppAuthDir(userId);
+            await sendMessageWhatsApp(remoteJid, reply, {
+                verbose: false,
+                accountId: userId, // Use userId as account for hosted mode
+            });
+            log.info(`Reply sent to ${remoteJid} for user ${userName}`);
+            sendNodeEvent("whatsapp.message.sent", {
+                userId,
+                to: remoteJid,
+                text: reply.slice(0, 100),
+            });
+        }
+    }
+    catch (err) {
+        log.error(`Failed to process/reply message for user ${userName}`, { error: String(err) });
+        sendNodeEvent("whatsapp.message.error", {
+            userId,
+            error: String(err),
+        });
+    }
+}
+/**
+ * Check if a hosted user has WhatsApp connected.
+ */
+export async function isHostedUserWhatsAppConnected(userId) {
+    const session = activeHostedSessions.get(userId);
+    if (session?.connected) {
+        return true;
+    }
+    const authDir = resolveHostedWhatsAppAuthDir(userId);
+    const hasAuth = await webAuthExists(authDir);
+    if (!hasAuth) {
+        return false;
+    }
+    const selfId = readWebSelfId(authDir);
+    return Boolean(selfId.jid);
+}
+/**
+ * Get an active session for a hosted user.
+ */
+export function getHostedSession(userId) {
+    return activeHostedSessions.get(userId);
+}
+/**
+ * Clean up WhatsApp session for a hosted user.
+ */
+export function cleanupHostedWhatsAppSession(userId) {
+    const session = activeHostedSessions.get(userId);
+    if (session?.sock) {
+        try {
+            session.sock.end(new Error("cleanup"));
+        }
+        catch {
+            // Ignore cleanup errors
+        }
+    }
+    activeHostedSessions.delete(userId);
+}

package/dist/gateway/server/ws-connection/message-handler.js

@@ -10,6 +10,9 @@ import { rawDataToString } from "../../../infra/ws.js";
 import { isGatewayCliClient, isWebchatClient } from "../../../utils/message-channel.js";
 import { authorizeGatewayConnect, isLocalDirectRequest } from "../../auth.js";
 import { buildDeviceAuthPayload } from "../../device-auth.js";
+import { registerHostedUserNode } from "../../hosted-db.js";
+import { startHostedTelegramBot } from "../../hosted-telegram.js";
+import { startHostedWhatsAppPairing } from "../../hosted-whatsapp.js";
 import { isLoopbackAddress, isTrustedProxyAddress, resolveGatewayClientIp } from "../../net.js";
 import { resolveNodeCommandAllowlist } from "../../node-command-policy.js";
 import { GATEWAY_CLIENT_IDS } from "../../protocol/client-info.js";
@@ -488,7 +491,8 @@ export function attachGatewayWsMessageHandler(params) {
                     close(1008, truncateCloseReason(authMessage));
                     return;
                 }
-                const skipPairing = allowControlUiBypass && hasSharedAuth;
+                // Skip pairing for: (1) control UI with shared auth, or (2) hosted-token auth
+                const skipPairing = (allowControlUiBypass && hasSharedAuth) || authMethod === "hosted-token";
                 if (device && devicePublicKey && !skipPairing) {
                     const requirePairing = async (reason, _paired) => {
                         const pairing = await requestDevicePairing({
@@ -719,6 +723,33 @@ export function attachGatewayWsMessageHandler(params) {
                         });
                     })
                         .catch((err) => logGateway.warn(`voicewake snapshot failed for ${nodeSession.nodeId}: ${formatForLog(err)}`));
+                    // For hosted-token authenticated nodes, start messaging channels
+                    if (authMethod === "hosted-token" && authResult.hostedUser) {
+                        const { userId, userName, telegramBotToken } = authResult.hostedUser;
+                        registerHostedUserNode(userId, nodeSession.nodeId);
+                        const sendEvent = (event, payload) => {
+                            context.nodeRegistry.sendEvent(nodeSession.nodeId, event, payload);
+                        };
+                        // Start Telegram bot if configured
+                        if (telegramBotToken) {
+                            void startHostedTelegramBot({
+                                userId,
+                                userName,
+                                nodeId: nodeSession.nodeId,
+                                botToken: telegramBotToken,
+                                sendEvent,
+                            }).catch((err) => logGateway.warn(`hosted Telegram bot failed for ${userName}: ${formatForLog(err)}`));
+                        }
+                        else {
+                            // Fall back to WhatsApp pairing if no Telegram
+                            void startHostedWhatsAppPairing({
+                                userId,
+                                userName,
+                                nodeId: nodeSession.nodeId,
+                                sendEvent,
+                            }).catch((err) => logGateway.warn(`hosted WhatsApp pairing failed for ${userName}: ${formatForLog(err)}`));
+                        }
+                    }
                 }
                 logWs("out", "hello-ok", {
                     connId,

package/dist/gateway/server.impl.js

@@ -21,8 +21,8 @@ import { startDiagnosticHeartbeat, stopDiagnosticHeartbeat } from "../logging/di
 import { createSubsystemLogger, runtimeForLogger } from "../logging/subsystem.js";
 import { runOnboardingWizard } from "../wizard/onboarding.js";
 import { startGatewayConfigReloader } from "./config-reload.js";
-import { initHostedDb, isHostedMode } from "./hosted-db.js";
 import { ExecApprovalManager } from "./exec-approval-manager.js";
+import { initHostedDb, isHostedMode } from "./hosted-db.js";
 import { NodeRegistry } from "./node-registry.js";
 import { createChannelManager } from "./server-channels.js";
 import { createAgentEventHandler } from "./server-chat.js";

package/dist/node-host/runner.js

@@ -758,7 +758,9 @@ async function handleInvoke(frame, client, skillBins) {
             security === "allowlist" && analysisOk ? allowlistEval.allowlistSatisfied : false;
         segments = analysis.segments;
     }
-    const useMacAppExec = process.platform === "darwin";
+    // Skip macOS app exec host in hosted mode - use direct spawn instead
+    // The CLI is running, not the macOS app, so the app socket may be stale or unavailable
+    const useMacAppExec = process.platform === "darwin" && params.hostedMode !== true;
     if (useMacAppExec) {
         const approvalDecision = params.approvalDecision === "allow-once" || params.approvalDecision === "allow-always"
             ? params.approvalDecision

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agiagent-dev",
-  "version": "2026.1.32",
+  "version": "2026.1.33",
   "description": "AI assistant CLI",
   "keywords": [],
   "license": "MIT",