bosun 0.36.2 → 0.36.4

package/ui-server.mjs

@@ -1253,6 +1253,85 @@ async function applySharedStateToTasks(tasks) {
   });
 }
 
+function normalizeCandidatePath(input) {
+  if (!input) return "";
+  const raw = String(input).trim();
+  if (!raw) return "";
+  try {
+    return resolve(raw);
+  } catch {
+    return "";
+  }
+}
+
+function pickWorkspaceRepoDir(workspace) {
+  if (!workspace || typeof workspace !== "object") return "";
+  const repos = Array.isArray(workspace.repos) ? workspace.repos : [];
+  const activeRepoName = String(workspace.activeRepo || "").trim();
+  const selectedRepo =
+    (activeRepoName
+      ? repos.find((repo) => String(repo?.name || "").trim() === activeRepoName)
+      : null) ||
+    repos.find((repo) => repo?.primary) ||
+    repos[0] ||
+    null;
+
+  const candidates = [];
+  const selectedRepoPath = normalizeCandidatePath(selectedRepo?.path);
+  if (selectedRepoPath) candidates.push(selectedRepoPath);
+  const workspacePath = normalizeCandidatePath(workspace.path);
+  if (workspacePath && selectedRepo?.name) {
+    const joined = normalizeCandidatePath(resolve(workspacePath, String(selectedRepo.name)));
+    if (joined) candidates.push(joined);
+  }
+  if (workspacePath) candidates.push(workspacePath);
+
+  for (const candidate of candidates) {
+    if (!candidate || !existsSync(candidate)) continue;
+    if (existsSync(resolve(candidate, ".git"))) return candidate;
+  }
+  for (const candidate of candidates) {
+    if (candidate && existsSync(candidate)) return candidate;
+  }
+  return "";
+}
+
+function resolveActiveWorkspaceExecutionContext() {
+  const fallback = { workspaceId: "", workspaceDir: repoRoot };
+  const configDir = resolveUiConfigDir();
+  if (!configDir) return fallback;
+
+  const listed = listManagedWorkspaces(configDir, { repoRoot });
+  const active = getActiveManagedWorkspace(configDir);
+  const activeId = String(active?.id || "").trim();
+  const workspace =
+    (activeId
+      ? listed.find((entry) => String(entry?.id || "") === activeId)
+      : null) ||
+    active ||
+    listed[0] ||
+    null;
+  if (!workspace) return fallback;
+
+  const workspaceId = String(workspace.id || "").trim();
+  const workspaceDir = pickWorkspaceRepoDir(workspace) || fallback.workspaceDir;
+  return {
+    workspaceId,
+    workspaceDir,
+  };
+}
+
+function resolveSessionWorkspaceDir(session = null) {
+  const metadata =
+    session && typeof session.metadata === "object" && session.metadata
+      ? session.metadata
+      : null;
+  const explicit = normalizeCandidatePath(metadata?.workspaceDir);
+  if (explicit && existsSync(explicit)) return explicit;
+  const context = resolveActiveWorkspaceExecutionContext();
+  return context.workspaceDir || repoRoot;
+}
+
 function normalizeWorktreePath(input) {
   if (!input) return "";
   try {
@@ -2359,7 +2438,11 @@ const SETTINGS_SENSITIVE_KEYS = new Set([
   "CLOUDFLARE_TUNNEL_CREDENTIALS", "CLOUDFLARE_API_TOKEN",
 ]);
 
-const SETTINGS_KNOWN_SET = new Set(SETTINGS_KNOWN_KEYS);
+const SETTINGS_SCHEMA_KEYS = SETTINGS_SCHEMA
+  .map((def) => String(def?.key || "").trim())
+  .filter((key) => key && !key.startsWith("_"));
+const SETTINGS_KNOWN_SET = new Set([...SETTINGS_KNOWN_KEYS, ...SETTINGS_SCHEMA_KEYS]);
+const SETTINGS_EFFECTIVE_KEYS = Array.from(SETTINGS_KNOWN_SET);
 let _settingsLastUpdateTime = 0;
 const ASYNC_UI_COMMAND_BASES = new Set(["/plan"]);
 
@@ -2411,7 +2494,7 @@ function buildSettingsResponseData() {
   );
   const { configData } = readConfigDocument();
 
-  for (const key of SETTINGS_KNOWN_KEYS) {
+  for (const key of SETTINGS_EFFECTIVE_KEYS) {
     const def = defsByKey.get(key);
     let rawValue = process.env[key];
     let source = hasSettingValue(rawValue) ? "env" : "unset";
@@ -2447,7 +2530,7 @@ function buildSettingsResponseData() {
     }
 
     const displayValue = toSettingsDisplayValue(def, rawValue);
-    if (SETTINGS_SENSITIVE_KEYS.has(key)) {
+    if (SETTINGS_SENSITIVE_KEYS.has(key) || def?.sensitive) {
       data[key] = displayValue ? "••••••" : "";
     } else {
       data[key] = displayValue;
@@ -3611,7 +3694,9 @@ async function startNamedTunnel(cfBin, { tunnelName, credentialsPath }, localPor
       mode: TUNNEL_MODE_NAMED,
     });
     console.warn(
-      "[telegram-ui] named tunnel requires CLOUDFLARE_TUNNEL_NAME + CLOUDFLARE_TUNNEL_CREDENTIALS",
+      "[telegram-ui] named tunnel requires CLOUDFLARE_TUNNEL_NAME + CLOUDFLARE_TUNNEL_CREDENTIALS.\n" +
+      "[telegram-ui] Run \"bosun --setup\" and choose \"Named tunnel\" to configure Cloudflare credentials,\n" +
+      "[telegram-ui] or set TELEGRAM_UI_TUNNEL=quick for an ephemeral trycloudflare.com URL.",
     );
     return null;
   }
@@ -3623,7 +3708,11 @@ async function startNamedTunnel(cfBin, { tunnelName, credentialsPath }, localPor
       mode: TUNNEL_MODE_NAMED,
       tunnelName: normalizedTunnelName,
     });
-    console.warn(`[telegram-ui] named tunnel credentials not found or invalid: ${normalizedCredsPath}`);
+    console.warn(
+      `[telegram-ui] named tunnel credentials not found or invalid: ${normalizedCredsPath}\n` +
+      `[telegram-ui] Ensure the path is correct and the file exists.\n` +
+      `[telegram-ui] Re-run "bosun --setup" to reconfigure Cloudflare tunnel credentials.`,
+    );
     return null;
   }
 
@@ -4210,6 +4299,34 @@ function checkSessionToken(req) {
   return false;
 }
 
+/**
+ * Check whether the request carries a valid desktop API key.
+ *
+ * The Electron main process sets BOSUN_DESKTOP_API_KEY in process.env before
+ * starting (or connecting to) the UI server. When that env var is present any
+ * request bearing the matching Bearer token is treated as fully authenticated —
+ * no session cookie or Telegram initData required.
+ *
+ * This allows the desktop app to connect to a separately-running daemon server
+ * without needing to share the TTL-based session token.
+ */
+function checkDesktopApiKey(req) {
+  const expected = (process.env.BOSUN_DESKTOP_API_KEY || "").trim();
+  if (!expected) return false;
+  const authHeader = req.headers.authorization || "";
+  if (!authHeader.startsWith("Bearer ")) return false;
+  const provided = authHeader.slice(7).trim();
+  if (!provided) return false;
+  try {
+    const a = Buffer.from(provided);
+    const b = Buffer.from(expected);
+    if (a.length !== b.length) return false;
+    return timingSafeEqual(a, b);
+  } catch {
+    return false;
+  }
+}
+
 function getTelegramInitData(req, url = null) {
   return String(
     req.headers["x-telegram-initdata"] ||
@@ -4235,6 +4352,8 @@ function getHeaderString(value) {
 
 async function requireAuth(req) {
   if (isAllowUnsafe()) return { ok: true, source: "unsafe", issueSessionCookie: false };
+  // Desktop Electron API key — non-expiring, set via BOSUN_DESKTOP_API_KEY env
+  if (checkDesktopApiKey(req)) return { ok: true, source: "desktop-api-key", issueSessionCookie: false };
   // Session token (browser access)
   if (checkSessionToken(req)) return { ok: true, source: "session", issueSessionCookie: false };
   // Telegram initData HMAC
@@ -4258,6 +4377,22 @@ async function requireAuth(req) {
 
 function requireWsAuth(req, url) {
   if (isAllowUnsafe()) return true;
+  // Desktop Electron API key (query param: desktopKey=...)
+  const desktopKey = (process.env.BOSUN_DESKTOP_API_KEY || "").trim();
+  if (desktopKey) {
+    const qDesktopKey = url.searchParams.get("desktopKey") || "";
+    if (qDesktopKey) {
+      try {
+        const a = Buffer.from(qDesktopKey);
+        const b = Buffer.from(desktopKey);
+        if (a.length === b.length && timingSafeEqual(a, b)) return true;
+      } catch {
+        /* ignore */
+      }
+    }
+    // Also accept via Authorization header (for WS upgrade requests that support it)
+    if (checkDesktopApiKey(req)) return true;
+  }
   // Session token (query param or cookie)
   if (checkSessionToken(req)) return true;
   if (sessionToken) {
@@ -8490,9 +8625,28 @@ async function handleApi(req, res, url) {
       }
       const args = (body?.args || "").trim();
       const adapter = (body?.adapter || "").trim() || undefined;
-      const result = await execSdkCommand(command, args, adapter);
+      const requestedSessionId = String(body?.sessionId || "").trim();
+      const tracker = getSessionTracker();
+      const commandSession = requestedSessionId
+        ? tracker.getSessionById(requestedSessionId)
+        : null;
+      const commandCwd = resolveSessionWorkspaceDir(commandSession);
+      const runSdkCommand =
+        typeof uiDeps.execSdkCommand === "function"
+          ? uiDeps.execSdkCommand
+          : execSdkCommand;
+      const result = await runSdkCommand(command, args, adapter, {
+        cwd: commandCwd,
+        sessionId: requestedSessionId || undefined,
+      });
       const parsed = typeof result === "string" ? result : JSON.stringify(result);
-      jsonResponse(res, 200, { ok: true, result: parsed, command, adapter: adapter || getPrimaryAgentName() });
+      jsonResponse(res, 200, {
+        ok: true,
+        result: parsed,
+        command,
+        adapter: adapter || getPrimaryAgentName(),
+        sessionId: requestedSessionId || null,
+      });
       broadcastUiEvent(["agents", "sessions"], "invalidate", {
         reason: "sdk-command-executed",
         command,
@@ -8659,6 +8813,13 @@ async function handleApi(req, res, url) {
       const body = await readJsonBody(req);
       const type = body?.type || "manual";
       const id = `${type}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+      const workspaceContext = resolveActiveWorkspaceExecutionContext();
+      const requestedWorkspaceId = String(body?.workspaceId || "").trim();
+      const requestedWorkspaceDir = normalizeCandidatePath(body?.workspaceDir);
+      const resolvedWorkspaceId =
+        requestedWorkspaceId || workspaceContext.workspaceId;
+      const resolvedWorkspaceDir =
+        requestedWorkspaceDir || workspaceContext.workspaceDir || repoRoot;
       const tracker = getSessionTracker();
       const session = tracker.createSession({
         id,
@@ -8668,6 +8829,8 @@ async function handleApi(req, res, url) {
           agent: body?.agent || getPrimaryAgentName(),
           mode: body?.mode || getAgentMode(),
           model: body?.model || undefined,
+          ...(resolvedWorkspaceId ? { workspaceId: resolvedWorkspaceId } : {}),
+          ...(resolvedWorkspaceDir ? { workspaceDir: resolvedWorkspaceDir } : {}),
         },
       });
       jsonResponse(res, 200, { ok: true, session: { id: session.id, type: session.type, status: session.status, metadata: session.metadata } });
@@ -8813,6 +8976,7 @@ async function handleApi(req, res, url) {
           exec = await resolveExecPrimaryPrompt();
         }
         if (exec) {
+          const sessionWorkspaceDir = resolveSessionWorkspaceDir(session);
           // Don't record user event here — execPrimaryPrompt records it
           // Respond immediately so the UI doesn't block on agent execution
           jsonResponse(res, 200, { ok: true, messageId });
@@ -8853,6 +9017,7 @@ async function handleApi(req, res, url) {
             sessionType: "primary",
             mode: messageMode,
             model: messageModel,
+            cwd: sessionWorkspaceDir,
             persistent: true,
             sendRawEvents: true,
             attachments,
@@ -8893,6 +9058,44 @@ async function handleApi(req, res, url) {
       return;
     }
 
+    if (action === "message/edit" && req.method === "POST") {
+      try {
+        const tracker = getSessionTracker();
+        const session = tracker.getSessionById(sessionId);
+        if (!session) {
+          jsonResponse(res, 404, { ok: false, error: "Session not found" });
+          return;
+        }
+        const body = await readJsonBody(req);
+        const content = String(body?.content || "").trim();
+        if (!content) {
+          jsonResponse(res, 400, { ok: false, error: "content is required" });
+          return;
+        }
+
+        const edited = tracker.editUserMessage(sessionId, {
+          messageId: body?.messageId,
+          timestamp: body?.timestamp,
+          previousContent: body?.previousContent,
+          content,
+        });
+        if (!edited?.ok) {
+          const status = edited?.error === "Message not found" ? 404 : 400;
+          jsonResponse(res, status, { ok: false, error: edited?.error || "edit failed" });
+          return;
+        }
+
+        jsonResponse(res, 200, { ok: true, message: edited.message });
+        broadcastUiEvent(["sessions"], "invalidate", {
+          reason: "session-message-edited",
+          sessionId,
+        });
+      } catch (err) {
+        jsonResponse(res, 500, { ok: false, error: err.message });
+      }
+      return;
+    }
+
     if (action === "archive" && req.method === "POST") {
       try {
         const tracker = getSessionTracker();
@@ -9010,6 +9213,25 @@ async function handleApi(req, res, url) {
 
   // ── Voice API Routes ──────────────────────────────────────────────────────
 
+  // GET /api/voice/sdk-config — SDK-first configuration for client
+  if (path === "/api/voice/sdk-config" && req.method === "GET") {
+    try {
+      const { getVoiceConfig } = await import("./voice-relay.mjs");
+      const { getClientSdkConfig } = await import("./voice-agents-sdk.mjs");
+      const voiceConfig = getVoiceConfig();
+      const sdkConfig = await getClientSdkConfig(voiceConfig);
+      jsonResponse(res, 200, sdkConfig);
+    } catch (err) {
+      jsonResponse(res, 200, {
+        useSdk: false,
+        provider: "fallback",
+        fallbackReason: err.message,
+        tier: 2,
+      });
+    }
+    return;
+  }
+
   // GET /api/voice/config
   if (path === "/api/voice/config" && req.method === "GET") {
     try {
@@ -9022,6 +9244,7 @@ async function handleApi(req, res, url) {
         available: availability.available,
         tier: availability.tier,
         provider: availability.provider,
+        providerChain: config.providerChainWithFallbacks || [config.provider],
         reason: availability.reason || "",
         voiceId: config.voiceId,
         turnDetection: config.turnDetection,
@@ -9033,6 +9256,8 @@ async function handleApi(req, res, url) {
           defaultIntervalMs: DEFAULT_VISION_ANALYSIS_INTERVAL_MS,
         },
         fallbackMode: config.fallbackMode,
+        failover: config.failover || null,
+        diagnostics: Array.isArray(config.diagnostics) ? config.diagnostics : [],
         connectionInfo,
       });
     } catch (err) {
@@ -9051,13 +9276,24 @@ async function handleApi(req, res, url) {
         mode: String(body?.mode || "").trim() || undefined,
         model: String(body?.model || "").trim() || undefined,
       };
-      const { createEphemeralToken, getVoiceToolDefinitions } = await import("./voice-relay.mjs");
+      const { createEphemeralToken, getVoiceToolDefinitions, getVoiceConfig } = await import("./voice-relay.mjs");
       const delegateOnly =
         body?.delegateOnly === true ||
         (body?.delegateOnly !== false && Boolean(callContext.sessionId));
       const tools = await getVoiceToolDefinitions({ delegateOnly });
       const tokenData = await createEphemeralToken(tools, callContext);
 
+      // When client requests sdkMode, include extra fields for @openai/agents SDK
+      if (body?.sdkMode === true) {
+        const voiceCfg = getVoiceConfig();
+        tokenData.instructions = voiceCfg.instructions || undefined;
+        tokenData.tools = tools;
+        if (tokenData.provider === "azure") {
+          tokenData.azureEndpoint = voiceCfg.azureEndpoint || undefined;
+          tokenData.azureDeployment = voiceCfg.azureDeployment || undefined;
+        }
+      }
+
       jsonResponse(res, 200, tokenData);
     } catch (err) {
       jsonResponse(res, 500, { error: err.message });
@@ -9328,6 +9564,94 @@ async function handleApi(req, res, url) {
     return;
   }
 
+  // POST /api/voice/dispatch — Execute a voice action intent (direct JavaScript, no MCP)
+  if (path === "/api/voice/dispatch" && req.method === "POST") {
+    try {
+      const body = await readJsonBody(req);
+      const action = String(body?.action || "").trim();
+      if (!action) {
+        jsonResponse(res, 400, { ok: false, error: "action is required" });
+        return;
+      }
+      const context = {
+        sessionId: String(body?.sessionId || "").trim() || undefined,
+        executor: String(body?.executor || "").trim() || undefined,
+        mode: String(body?.mode || "").trim() || undefined,
+        model: String(body?.model || "").trim() || undefined,
+      };
+      const { dispatchVoiceActionIntent } = await import("./voice-relay.mjs");
+      const result = await dispatchVoiceActionIntent(
+        { action, params: body?.params || {}, id: body?.id || undefined },
+        context,
+      );
+      jsonResponse(res, 200, result);
+    } catch (err) {
+      jsonResponse(res, 500, { ok: false, error: err.message });
+    }
+    return;
+  }
+
+  // POST /api/voice/dispatch-batch — Execute multiple voice action intents
+  if (path === "/api/voice/dispatch-batch" && req.method === "POST") {
+    try {
+      const body = await readJsonBody(req);
+      const intents = Array.isArray(body?.actions) ? body.actions : [];
+      if (!intents.length) {
+        jsonResponse(res, 400, { ok: false, error: "actions array is required" });
+        return;
+      }
+      const context = {
+        sessionId: String(body?.sessionId || "").trim() || undefined,
+        executor: String(body?.executor || "").trim() || undefined,
+        mode: String(body?.mode || "").trim() || undefined,
+        model: String(body?.model || "").trim() || undefined,
+      };
+      const { dispatchVoiceActionIntents } = await import("./voice-relay.mjs");
+      const results = await dispatchVoiceActionIntents(intents, context);
+      jsonResponse(res, 200, { ok: true, results });
+    } catch (err) {
+      jsonResponse(res, 500, { ok: false, error: err.message });
+    }
+    return;
+  }
+
+  // GET /api/voice/actions — List all available voice actions
+  if (path === "/api/voice/actions" && req.method === "GET") {
+    try {
+      const { listVoiceActions } = await import("./voice-relay.mjs");
+      const actions = await listVoiceActions();
+      jsonResponse(res, 200, { ok: true, actions });
+    } catch (err) {
+      jsonResponse(res, 500, { ok: false, error: err.message });
+    }
+    return;
+  }
+
+  // GET /api/voice/prompt — Get the full voice agent prompt with action manifest
+  if (path === "/api/voice/prompt" && req.method === "GET") {
+    try {
+      const compact = url.searchParams?.get("compact") === "true";
+      const { buildVoiceAgentPrompt } = await import("./voice-relay.mjs");
+      const prompt = await buildVoiceAgentPrompt({ compact });
+      jsonResponse(res, 200, { ok: true, prompt });
+    } catch (err) {
+      jsonResponse(res, 500, { ok: false, error: err.message });
+    }
+    return;
+  }
+
+  // GET /api/voice/action-manifest — Get the action manifest for prompt injection
+  if (path === "/api/voice/action-manifest" && req.method === "GET") {
+    try {
+      const { getVoiceActionManifest } = await import("./voice-relay.mjs");
+      const manifest = await getVoiceActionManifest();
+      jsonResponse(res, 200, { ok: true, manifest });
+    } catch (err) {
+      jsonResponse(res, 500, { ok: false, error: err.message });
+    }
+    return;
+  }
+
   jsonResponse(res, 404, { ok: false, error: "Unknown API endpoint" });
 }
 
@@ -9421,14 +9745,18 @@ export async function startTelegramUiServer(options = {}) {
     shouldReusePersistedPort
       ? persistedPort
       : configuredPort;
+  const hasExplicitEnvPort =
+    Number.isFinite(Number(process.env.TELEGRAM_UI_PORT || "")) &&
+    Number(process.env.TELEGRAM_UI_PORT || "") > 0;
   const portSource =
     shouldReusePersistedPort
       ? "cache.ui-last-port"
       : options.port != null
       ? "options.port"
-      : process.env.TELEGRAM_UI_PORT
+      : hasExplicitEnvPort
         ? "env.TELEGRAM_UI_PORT"
         : `default(${DEFAULT_TELEGRAM_UI_PORT})`;
+  const usingFallbackDefaultPort = portSource.startsWith("default(");
 
   if (!Number.isFinite(port) || port < 0) {
     console.warn(
@@ -9500,6 +9828,37 @@ export async function startTelegramUiServer(options = {}) {
       }
     }
 
+    // Desktop API key exchange: ?desktopKey=<key> → set session cookie and redirect to clean URL
+    // Used by the Electron desktop app to bootstrap authenticated WebView sessions
+    // without depending on the TTL-based session token.
+    const qDesktopKey = url.searchParams.get("desktopKey");
+    if (qDesktopKey) {
+      const expectedDesktopKey = (process.env.BOSUN_DESKTOP_API_KEY || "").trim();
+      if (expectedDesktopKey) {
+        try {
+          const a = Buffer.from(qDesktopKey);
+          const b = Buffer.from(expectedDesktopKey);
+          if (a.length === b.length && timingSafeEqual(a, b)) {
+            const cleanUrl = new URL(url.toString());
+            cleanUrl.searchParams.delete("desktopKey");
+            const redirectPath =
+              cleanUrl.pathname +
+              (cleanUrl.searchParams.toString()
+                ? `?${cleanUrl.searchParams.toString()}`
+                : "");
+            res.writeHead(302, {
+              "Set-Cookie": buildSessionCookieHeader(),
+              Location: redirectPath || "/",
+            });
+            res.end();
+            return;
+          }
+        } catch {
+          /* malformed key — fall through to normal auth */
+        }
+      }
+    }
+
     if (url.pathname === webhookPath) {
       await handleGitHubProjectWebhook(req, res);
       return;
@@ -9745,7 +10104,8 @@ export async function startTelegramUiServer(options = {}) {
     // Reuse a recent session token when possible so browser sessions survive restarts.
     ensureSessionToken();
 
-    const listenHost = options.host || DEFAULT_HOST;
+    const host = options.host || DEFAULT_HOST;
+    const maxPortFallbackAttempts = usingFallbackDefaultPort ? 20 : 0;
     const listenOnce = (targetPort) =>
       new Promise((resolveReady, rejectReady) => {
         const onError = (err) => {
@@ -9758,20 +10118,38 @@ export async function startTelegramUiServer(options = {}) {
         };
         uiServer.once("error", onError);
         uiServer.once("listening", onListening);
-        uiServer.listen(targetPort, listenHost);
+        uiServer.listen(targetPort, host);
       });
+    let listenPort = port;
+    for (let attempt = 0; ; attempt += 1) {
+      try {
+        await listenOnce(listenPort);
+        break;
+      } catch (err) {
+        const isAddrInUse = err?.code === "EADDRINUSE";
+        const canRetryPortIncrement =
+          isAddrInUse &&
+          attempt < maxPortFallbackAttempts &&
+          listenPort > 0;
+        if (canRetryPortIncrement) {
+          const nextPort = listenPort + 1;
+          console.warn(
+            `[telegram-ui] port ${listenPort} in use; retrying on ${nextPort} (attempt ${attempt + 1}/${maxPortFallbackAttempts})`,
+          );
+          listenPort = nextPort;
+          continue;
+        }
 
-    try {
-      await listenOnce(port);
-    } catch (err) {
-      const code = String(err?.code || "").toUpperCase();
-      const canRetryWithEphemeral =
-        allowEphemeralPort && port > 0 && (code === "EADDRINUSE" || code === "EACCES");
-      if (!canRetryWithEphemeral) throw err;
-      console.warn(
-        `[telegram-ui] failed to bind ${listenHost}:${port} (${code || "unknown"}); retrying with ephemeral port`,
-      );
-      await listenOnce(0);
+        const code = String(err?.code || "").toUpperCase();
+        const canRetryWithEphemeral =
+          allowEphemeralPort && listenPort > 0 && (code === "EADDRINUSE" || code === "EACCES");
+        if (!canRetryWithEphemeral) throw err;
+        console.warn(
+          `[telegram-ui] failed to bind ${host}:${listenPort} (${code || "unknown"}); retrying with ephemeral port`,
+        );
+        await listenOnce(0);
+        break;
+      }
     }
   } catch (err) {
     releaseUiInstanceLock();

package/update-check.mjs

@@ -529,6 +529,12 @@ let parentPid = null;
 let parentCheckInterval = null;
 let cleanupHandlersRegistered = false;
 
+function isSuppressedStreamNoiseError(err) {
+  const msg = String(err?.message || err || "");
+  if (!msg) return false;
+  return msg.includes("setRawMode EIO") || msg.includes("read EIO");
+}
+
 /**
  * Start a background polling loop that checks for updates every `intervalMs`
  * (default 10 min). When a newer version is found, it:
@@ -800,17 +806,17 @@ function registerCleanupHandlers() {
     stopAutoUpdateLoop();
   });
 
-  // Handle uncaught exceptions (last resort)
-  const originalUncaughtException = process.listeners("uncaughtException");
+  // Handle uncaught exceptions (last resort). Do not manually re-emit previous
+  // listeners: Node invokes all uncaughtException handlers automatically.
   process.on("uncaughtException", (err) => {
+    if (isSuppressedStreamNoiseError(err)) {
+      console.log(
+        `[auto-update] suppressed stream noise (uncaughtException): ${err?.message || err}`,
+      );
+      return;
+    }
     console.error(`[auto-update] Uncaught exception, cleaning up:`, err);
     stopAutoUpdateLoop();
-    // Re-emit for other handlers
-    if (originalUncaughtException.length > 0) {
-      for (const handler of originalUncaughtException) {
-        handler(err);
-      }
-    }
   });
 }
 
@@ -829,22 +835,44 @@ function printUpdateNotice(current, latest) {
 
 function promptConfirm(question) {
   return new Promise((res) => {
+    let settled = false;
+    const settle = (value) => {
+      if (settled) return;
+      settled = true;
+      res(Boolean(value));
+    };
     const rl = createInterface({
       input: process.stdin,
       output: process.stdout,
-      terminal: process.stdin.isTTY && process.stdout.isTTY,
+      // Keep readline out of raw-mode transitions; they can throw EIO during
+      // terminal teardown in daemonized/non-interactive contexts.
+      terminal: false,
+    });
+    rl.on("error", (err) => {
+      if (isSuppressedStreamNoiseError(err)) {
+        console.log(
+          `[auto-update] suppressed stream noise (readline): ${err?.message || err}`,
+        );
+        settle(false);
+        return;
+      }
+      console.warn(`[auto-update] prompt failed: ${err?.message || err}`);
+      settle(false);
     });
     rl.question(question, (answer) => {
       try {
         rl.close();
       } catch (err) {
-        const msg = err?.message || String(err || "");
-        if (!msg.includes("setRawMode EIO")) {
-          throw err;
+        if (isSuppressedStreamNoiseError(err)) {
+          console.log(
+            `[auto-update] suppressed stream noise (readline close): ${err?.message || err}`,
+          );
+        } else {
+          console.warn(`[auto-update] prompt close failed: ${err?.message || err}`);
         }
       }
       const a = answer.trim().toLowerCase();
-      res(!a || a === "y" || a === "yes");
+      settle(!a || a === "y" || a === "yes");
     });
   });
 }