chainlesschain 0.45.64 → 0.45.65

package/src/lib/agent-core.js

@@ -18,6 +18,8 @@ import fs from "fs";
 import path from "path";
 import { execSync } from "child_process";
 import os from "os";
+import sharedCodingAgentPolicy from "../runtime/coding-agent-policy.cjs";
+import sharedShellPolicy from "../runtime/coding-agent-shell-policy.cjs";
 import { getPlanModeManager } from "./plan-mode.js";
 import { CLISkillLoader } from "./skill-loader.js";
 import { executeHooks, HookEvents } from "./hook-manager.js";
@@ -32,6 +34,9 @@ import { createToolContext } from "../tools/tool-context.js";
 import { createToolTelemetryRecord } from "../tools/tool-telemetry.js";
 import { DEFAULT_TOOL_DESCRIPTORS } from "../tools/registry.js";
 
+const { isReadOnlyGitCommand, normalizeGitCommand } = sharedCodingAgentPolicy;
+const { evaluateShellCommandPolicy } = sharedShellPolicy;
+
 // ─── Tool definitions ────────────────────────────────────────────────────
 
 export const AGENT_TOOLS = [
@@ -91,7 +96,7 @@ export const AGENT_TOOLS = [
     function: {
       name: "run_shell",
       description:
-        "Execute a shell command and return the output. Use for running tests, installing packages, git operations, etc.",
+        "Execute a shell command and return the output. Use for running tests, linting, builds, and other non-git workspace commands.",
       parameters: {
         type: "object",
         properties: {
@@ -105,6 +110,29 @@ export const AGENT_TOOLS = [
       },
     },
   },
+  {
+    type: "function",
+    function: {
+      name: "git",
+      description:
+        "Run a git command inside the workspace. Use this instead of run_shell for git status, diff, log, commit, branch, and related repository operations.",
+      parameters: {
+        type: "object",
+        properties: {
+          command: {
+            type: "string",
+            description:
+              'Git subcommand to execute, for example "status", "diff --stat", or "log --oneline -5"',
+          },
+          cwd: {
+            type: "string",
+            description: "Working directory (optional)",
+          },
+        },
+        required: ["command"],
+      },
+    },
+  },
   {
     type: "function",
     function: {
@@ -287,6 +315,11 @@ export function getAgentToolDefinitions({
   const disabledNames = new Set(
     Array.isArray(disabledTools) ? disabledTools : [],
   );
+  const extraToolNames = new Set(
+    (Array.isArray(extraTools) ? extraTools : [])
+      .map((tool) => tool?.function?.name)
+      .filter(Boolean),
+  );
   const allTools = mergeToolDefinitions(
     AGENT_TOOLS,
     Array.isArray(extraTools) ? extraTools : [],
@@ -295,7 +328,9 @@ export function getAgentToolDefinitions({
   return allTools.filter((tool) => {
     const name = tool?.function?.name;
     if (!name) return false;
-    if (allowedNames && !allowedNames.has(name)) return false;
+    if (allowedNames && !allowedNames.has(name) && !extraToolNames.has(name)) {
+      return false;
+    }
     if (disabledNames.has(name)) return false;
     return true;
   });
@@ -407,6 +442,7 @@ Key behaviors:
 - When asked to modify code, read the file first, then edit it
 - When asked to create something, use write_file to create it
 - When asked to run/test something, use run_shell to execute it
+- When asked about git status, diff, log, or other repository operations, use the git tool instead of run_shell
 - When asked about files or code, use read_file and search_files to find information
 - You have multi-layer skills (built-in, marketplace, global, project-level) — use list_skills to discover them and run_skill to execute them
 - Always explain what you're doing and show results
@@ -575,7 +611,14 @@ export async function executeTool(name, args, context = {}) {
   const hookDb = context.hookDb || null;
   const skillLoader = context.skillLoader || _defaultSkillLoader;
   const cwd = context.cwd || process.cwd();
-  const runtimeDescriptor = getRuntimeToolDescriptor(name);
+  const planManager = context.planManager || getPlanModeManager();
+  const localToolDescriptor =
+    context.externalToolDescriptors &&
+    typeof context.externalToolDescriptors === "object"
+      ? context.externalToolDescriptors[name] || null
+      : null;
+  const runtimeDescriptor =
+    getRuntimeToolDescriptor(name) || localToolDescriptor;
   const toolContext = createToolContext({
     toolName: runtimeDescriptor?.name || name,
     cwd,
@@ -600,7 +643,21 @@ export async function executeTool(name, args, context = {}) {
       : null;
   const isExternalHostTool =
     hostToolPolicy && !STATIC_AGENT_TOOL_NAMES.has(name);
-  if (hostToolPolicy && hostToolPolicy.allowed === false) {
+  const isExternalLocalTool =
+    localToolDescriptor && !STATIC_AGENT_TOOL_NAMES.has(name);
+  const hostPolicyAllowsReadOnlyGit =
+    name === "git" &&
+    hostToolPolicy?.planModeBehavior === "readonly-conditional" &&
+    isReadOnlyGitCommand(args.command);
+  const localReadOnlyAllowedInPlanMode =
+    isExternalLocalTool &&
+    planManager.isActive() &&
+    localToolDescriptor?.isReadOnly === true;
+  if (
+    hostToolPolicy &&
+    hostToolPolicy.allowed === false &&
+    !hostPolicyAllowsReadOnlyGit
+  ) {
     return {
       error: `[Host Policy] Tool "${name}" is blocked by desktop host policy. ${hostToolPolicy.reason || "Desktop approval has not been synchronized yet."}`,
       policy: {
@@ -613,20 +670,24 @@ export async function executeTool(name, args, context = {}) {
   }
 
   // Plan mode: check if tool is allowed
-  const planManager = getPlanModeManager();
   if (
     planManager.isActive() &&
+    !(name === "git" && isReadOnlyGitCommand(args.command)) &&
     !planManager.isToolAllowed(name) &&
-    !(isExternalHostTool && hostToolPolicy?.allowed === true)
+    !(isExternalHostTool && hostToolPolicy?.allowed === true) &&
+    !localReadOnlyAllowedInPlanMode
   ) {
     planManager.addPlanItem({
       title: `${name}: ${formatToolArgs(name, args)}`,
       tool: name,
       params: args,
       estimatedImpact:
-        name === "run_shell" || name === "run_code"
+        name === "run_shell" ||
+        name === "run_code" ||
+        name === "git" ||
+        localToolDescriptor?.riskLevel === "high"
           ? "high"
-          : name === "write_file"
+          : name === "write_file" || localToolDescriptor?.riskLevel === "medium"
             ? "medium"
             : "low",
     });
@@ -659,6 +720,9 @@ export async function executeTool(name, args, context = {}) {
       parentMessages: context.parentMessages,
       interaction: context.interaction,
       hostManagedToolPolicy: context.hostManagedToolPolicy || null,
+      externalToolDescriptors: context.externalToolDescriptors || null,
+      externalToolExecutors: context.externalToolExecutors || null,
+      mcpClient: context.mcpClient || null,
     });
   } catch (err) {
     if (hookDb) {
@@ -715,9 +779,23 @@ export async function executeTool(name, args, context = {}) {
 async function executeToolInner(
   name,
   args,
-  { skillLoader, cwd, parentMessages, interaction, hostManagedToolPolicy },
+  {
+    skillLoader,
+    cwd,
+    parentMessages,
+    interaction,
+    hostManagedToolPolicy,
+    externalToolDescriptors,
+    externalToolExecutors,
+    mcpClient,
+  },
 ) {
-  const runtimeDescriptor = getRuntimeToolDescriptor(name);
+  const localToolDescriptor =
+    externalToolDescriptors && typeof externalToolDescriptors === "object"
+      ? externalToolDescriptors[name] || null
+      : null;
+  const runtimeDescriptor =
+    getRuntimeToolDescriptor(name) || localToolDescriptor;
   const hostToolPolicies =
     hostManagedToolPolicy?.tools || hostManagedToolPolicy?.toolPolicies || null;
   const hostToolPolicy =
@@ -754,6 +832,10 @@ async function executeToolInner(
     }
     return DEFAULT_TOOL_DESCRIPTOR_MAP.get("shell");
   };
+  const localToolExecutor =
+    externalToolExecutors && typeof externalToolExecutors === "object"
+      ? externalToolExecutors[name] || null
+      : null;
   switch (name) {
     case "read_file": {
       const filePath = path.resolve(cwd, args.path);
@@ -799,6 +881,18 @@ async function executeToolInner(
     }
 
     case "run_shell": {
+      const shellPolicy = evaluateShellCommandPolicy(args.command);
+      const override = resolveShellDescriptor(args.command);
+      if (!shellPolicy.allowed) {
+        return attachDescriptor(
+          {
+            error: `[Shell Policy] ${shellPolicy.reason}`,
+            shellCommandPolicy: shellPolicy,
+          },
+          override || runtimeDescriptor,
+        );
+      }
+
       try {
         const output = execSync(args.command, {
           cwd: args.cwd || cwd,
@@ -806,26 +900,57 @@ async function executeToolInner(
           timeout: 60000,
           maxBuffer: 1024 * 1024,
         });
-        const override = resolveShellDescriptor(args.command);
         return attachDescriptor(
           {
             stdout: output.substring(0, 30000),
+            shellCommandPolicy: shellPolicy,
           },
           override || runtimeDescriptor,
         );
       } catch (err) {
-        const override = resolveShellDescriptor(args.command);
         return attachDescriptor(
           {
             error: err.message.substring(0, 2000),
             stderr: (err.stderr || "").substring(0, 2000),
             exitCode: err.status,
+            shellCommandPolicy: shellPolicy,
           },
           override || runtimeDescriptor,
         );
       }
     }
 
+    case "git": {
+      const normalizedCommand = normalizeGitCommand(args.command);
+      if (!normalizedCommand) {
+        return attachDescriptor({
+          error: "Git command is required.",
+        });
+      }
+
+      try {
+        const output = execSync(`git ${normalizedCommand}`, {
+          cwd: args.cwd || cwd,
+          encoding: "utf8",
+          timeout: 60000,
+          maxBuffer: 1024 * 1024,
+        });
+        return attachDescriptor({
+          stdout: output.substring(0, 30000),
+          command: normalizedCommand,
+          readOnly: isReadOnlyGitCommand(normalizedCommand),
+        });
+      } catch (err) {
+        return attachDescriptor({
+          error: err.message.substring(0, 2000),
+          stderr: (err.stderr || "").substring(0, 2000),
+          exitCode: err.status,
+          command: normalizedCommand,
+          readOnly: isReadOnlyGitCommand(normalizedCommand),
+        });
+      }
+    }
+
     case "run_code": {
       return attachDescriptor(await _executeRunCode(args, cwd));
     }
@@ -988,6 +1113,30 @@ async function executeToolInner(
     }
 
     default:
+      if (localToolExecutor?.kind === "mcp") {
+        if (!mcpClient || typeof mcpClient.callTool !== "function") {
+          return attachDescriptor({
+            error: `MCP client is unavailable for tool: ${name}`,
+          });
+        }
+
+        try {
+          const result = await mcpClient.callTool(
+            localToolExecutor.serverName,
+            localToolExecutor.toolName,
+            args || {},
+          );
+          if (result && typeof result === "object") {
+            return attachDescriptor(result);
+          }
+          return attachDescriptor({ result });
+        } catch (err) {
+          return attachDescriptor({
+            error: `MCP tool execution failed: ${err.message}`,
+          });
+        }
+      }
+
       if (
         hostToolDefinition &&
         interaction &&
@@ -1332,8 +1481,12 @@ export async function chatWithTools(rawMessages, options) {
 
   const persona = _loadProjectPersona(options.cwd);
   const tools = getAgentToolDefinitions({
+    names: options.enabledToolNames,
     disabledTools: persona?.toolsDisabled,
-    extraTools: options.hostManagedToolPolicy?.toolDefinitions || [],
+    extraTools: [
+      ...(options.hostManagedToolPolicy?.toolDefinitions || []),
+      ...(options.extraToolDefinitions || []),
+    ],
   });
 
   const lastUserMsg = [...rawMessages].reverse().find((m) => m.role === "user");
@@ -1518,7 +1671,12 @@ export async function* agentLoop(messages, options) {
     hookDb: options.hookDb || null,
     skillLoader: options.skillLoader || _defaultSkillLoader,
     cwd: options.cwd || process.cwd(),
+    planManager: options.planManager || null,
+    sessionId: options.sessionId || null,
     hostManagedToolPolicy: options.hostManagedToolPolicy || null,
+    externalToolDescriptors: options.externalToolDescriptors || null,
+    externalToolExecutors: options.externalToolExecutors || null,
+    mcpClient: options.mcpClient || null,
     parentMessages: messages, // pass parent messages for sub-agent auto-condensation
     interaction: options.interaction || null,
   };
@@ -1646,6 +1804,8 @@ export function formatToolArgs(name, args) {
       return args.path;
     case "run_shell":
       return args.command;
+    case "git":
+      return args.command;
     case "search_files":
       return args.pattern;
     case "list_dir":

package/src/lib/interaction-adapter.js

@@ -7,6 +7,25 @@
  */
 
 import { createHash } from "crypto";
+import {
+  createCodingAgentEvent,
+  CodingAgentSequenceTracker,
+  CODING_AGENT_EVENT_TYPES,
+  LEGACY_TO_UNIFIED_TYPE,
+} from "../runtime/runtime-events.js";
+
+// Whitelist of event types the CLI runtime should emit as unified envelopes
+// (with source: "cli-runtime"). Anything not in this set keeps the legacy
+// raw shape so non-coding-agent transports (host-tool callbacks, generic
+// progress events, etc.) are unaffected.
+const CODING_AGENT_EVENT_TYPE_SET = new Set([
+  ...Object.values(CODING_AGENT_EVENT_TYPES),
+  ...Object.keys(LEGACY_TO_UNIFIED_TYPE),
+]);
+
+function isCodingAgentEventType(type) {
+  return typeof type === "string" && CODING_AGENT_EVENT_TYPE_SET.has(type);
+}
 
 /**
  * Base class — subclasses must implement askInput, askSelect, askConfirm, emit.
@@ -87,6 +106,10 @@ export class WebSocketInteractionAdapter extends InteractionAdapter {
     this.sessionId = sessionId;
     /** @type {Map<string, {resolve: Function, reject: Function}>} */
     this._pending = new Map();
+    // Per-instance sequence tracker so monotonic sequences are scoped to
+    // this WS session instead of leaking across sessions via the process-
+    // global default tracker.
+    this._sequenceTracker = new CodingAgentSequenceTracker();
   }
 
   /** Generate a unique request id */
@@ -184,6 +207,28 @@ export class WebSocketInteractionAdapter extends InteractionAdapter {
   }
 
   emit(eventType, data) {
+    // Coding-agent events flow as the unified envelope so the Desktop bridge
+    // (and any other consumer) sees a single canonical shape with
+    // source: "cli-runtime" baked in — no Bridge-layer translation needed.
+    if (isCodingAgentEventType(eventType)) {
+      const payload = data && typeof data === "object" ? { ...data } : {};
+      const requestId = payload.requestId || null;
+      const sessionId = payload.sessionId || this.sessionId || null;
+      delete payload.requestId;
+      delete payload.sessionId;
+
+      const envelope = createCodingAgentEvent(eventType, payload, {
+        sessionId,
+        requestId,
+        source: "cli-runtime",
+        tracker: this._sequenceTracker,
+      });
+      this._sendWs(envelope);
+      return;
+    }
+
+    // Non-coding-agent events (host-tool callbacks, generic progress, etc.)
+    // keep the legacy raw shape — they are not part of the v1.0 protocol.
     this._sendWs({
       type: eventType,
       sessionId: this.sessionId,

package/src/lib/plan-mode.js

@@ -2,7 +2,7 @@
  * Plan Mode for CLI Agent REPL
  *
  * During plan mode, the AI can only use read-only tools (read_file, search_files, list_dir, list_skills).
- * Write/execute tools (write_file, edit_file, run_shell, run_skill) are blocked until the plan is approved.
+ * Write/execute tools (write_file, edit_file, run_shell, git, run_skill) are blocked until the plan is approved.
  *
  * Lightweight port of desktop-app-vue/src/main/ai-engine/plan-mode/index.js
  */
@@ -48,6 +48,7 @@ const WRITE_TOOLS = new Set([
   "write_file",
   "edit_file",
   "run_shell",
+  "git",
   "run_skill",
 ]);
 
@@ -66,6 +67,7 @@ const TOOL_RISK_WEIGHTS = {
   edit_file: 2,
   run_skill: 2,
   run_shell: 3,
+  git: 3,
 };
 
 const IMPACT_MULTIPLIERS = {

package/src/lib/session-manager.js

@@ -16,11 +16,18 @@ function ensureSessionsTable(db) {
       model TEXT DEFAULT '',
       message_count INTEGER DEFAULT 0,
       messages TEXT DEFAULT '[]',
+      metadata TEXT DEFAULT '{}',
       summary TEXT DEFAULT '',
       created_at TEXT DEFAULT (datetime('now')),
       updated_at TEXT DEFAULT (datetime('now'))
     )
   `);
+
+  try {
+    db.exec("ALTER TABLE llm_sessions ADD COLUMN metadata TEXT DEFAULT '{}'");
+  } catch (_error) {
+    // Column already exists or ALTER TABLE is unsupported by the mock DB.
+  }
 }
 
 /**
@@ -34,13 +41,14 @@ export function createSession(db, options = {}) {
     `session-${Date.now()}-${createHash("sha256").update(Math.random().toString()).digest("hex").slice(0, 6)}`;
 
   db.prepare(
-    `INSERT INTO llm_sessions (id, title, provider, model, messages) VALUES (?, ?, ?, ?, ?)`,
+    `INSERT INTO llm_sessions (id, title, provider, model, messages, metadata) VALUES (?, ?, ?, ?, ?, ?)`,
   ).run(
     id,
     options.title || "Untitled",
     options.provider || "",
     options.model || "",
     JSON.stringify(options.messages || []),
+    JSON.stringify(options.metadata || {}),
   );
 
   return { id, title: options.title || "Untitled" };
@@ -71,14 +79,26 @@ export function addMessage(db, sessionId, role, content) {
 /**
  * Save all messages at once (batch update)
  */
-export function saveMessages(db, sessionId, messages) {
+export function saveMessages(db, sessionId, messages, metadata) {
   ensureSessionsTable(db);
 
-  const result = db
-    .prepare(
-      `UPDATE llm_sessions SET messages = ?, message_count = ?, updated_at = datetime('now') WHERE id = ?`,
-    )
-    .run(JSON.stringify(messages), messages.length, sessionId);
+  const hasMetadata = metadata !== undefined;
+  const result = hasMetadata
+    ? db
+        .prepare(
+          `UPDATE llm_sessions SET messages = ?, metadata = ?, message_count = ?, updated_at = datetime('now') WHERE id = ?`,
+        )
+        .run(
+          JSON.stringify(messages),
+          JSON.stringify(metadata || {}),
+          messages.length,
+          sessionId,
+        )
+    : db
+        .prepare(
+          `UPDATE llm_sessions SET messages = ?, message_count = ?, updated_at = datetime('now') WHERE id = ?`,
+        )
+        .run(JSON.stringify(messages), messages.length, sessionId);
 
   return { messageCount: messages.length, updated: result.changes > 0 };
 }
@@ -105,6 +125,10 @@ export function getSession(db, sessionId) {
   return {
     ...session,
     messages: JSON.parse(session.messages || "[]"),
+    metadata:
+      typeof session.metadata === "string"
+        ? JSON.parse(session.metadata || "{}")
+        : session.metadata || {},
   };
 }
 
@@ -119,11 +143,19 @@ export function listSessions(db, options = {}) {
   return db
     .prepare(
       `SELECT id, title, provider, model, message_count, summary, created_at, updated_at
+      , metadata
        FROM llm_sessions
        ORDER BY updated_at DESC
        LIMIT ?`,
     )
-    .all(limit);
+    .all(limit)
+    .map((session) => ({
+      ...session,
+      metadata:
+        typeof session.metadata === "string"
+          ? JSON.parse(session.metadata || "{}")
+          : session.metadata || {},
+    }));
 }
 
 /**
@@ -142,6 +174,11 @@ export function updateSession(db, sessionId, updates) {
       "UPDATE llm_sessions SET summary = ?, updated_at = datetime('now') WHERE id = ?",
     ).run(updates.summary, sessionId);
   }
+  if (updates.metadata !== undefined) {
+    db.prepare(
+      "UPDATE llm_sessions SET metadata = ?, updated_at = datetime('now') WHERE id = ?",
+    ).run(JSON.stringify(updates.metadata || {}), sessionId);
+  }
 }
 
 /**

package/src/lib/web-ui-envelope.js

@@ -0,0 +1,94 @@
+/**
+ * Web UI envelope unwrap helper.
+ *
+ * Single source of truth for the unified Coding Agent envelope → legacy
+ * kebab-case adapter consumed by the browser bundle in `web-ui-server.js`.
+ *
+ * The same code runs in two contexts:
+ *   1. Node.js unit tests — imported as ESM/CJS and executed directly.
+ *   2. Browser — inlined into the HTML payload as a `<script>` block via
+ *      `getInlineSource()`. The function body must therefore stay
+ *      ES5-friendly (no spread, no const) so it parses in older runtimes.
+ */
+
+export const UNIFIED_TO_LEGACY = Object.freeze({
+  "session.started": "session-created",
+  "session.resumed": "session-resumed",
+  "session.list": "session-list-result",
+  "session.closed": "session-closed",
+  "assistant.delta": "response-token",
+  "assistant.final": "response-complete",
+  "assistant.message": "response-message",
+  "assistant.thought-summary": "thought-summary",
+  "tool.call.started": "tool-executing",
+  "tool.call.completed": "tool-result",
+  "tool.call.failed": "tool-error",
+  "tool.call.skipped": "tool-skipped",
+  "plan.started": "plan-started",
+  "plan.updated": "plan-updated",
+  "plan.approval_required": "plan-ready",
+  "plan.approved": "plan-approved",
+  "plan.rejected": "plan-rejected",
+  "request.accepted": "request-accepted",
+  "request.rejected": "request-rejected",
+  "approval.requested": "approval-requested",
+  "approval.granted": "approval-granted",
+  "approval.denied": "approval-denied",
+  "model.switch": "model-switch",
+  "command.response": "command-response",
+  "slot.filling": "slot-filling",
+  "context.compaction.completed": "compression-applied",
+  "worktree.list": "worktree-list",
+  "worktree.diff": "worktree-diff",
+  "worktree.merged": "worktree-merged",
+  "worktree.merge-preview": "worktree-merge-preview",
+  "worktree.automation-applied": "worktree-automation-applied",
+});
+
+/**
+ * Detect a unified envelope and unwrap its payload into a flat shape that
+ * matches the legacy kebab-case message structure.
+ *
+ * Returns the message unchanged if it is not a recognised envelope so that
+ * non-envelope traffic (auth-result, server pings, etc.) keeps working.
+ */
+export function unwrapEnvelope(msg) {
+  if (!msg || typeof msg !== "object") return msg;
+  if (msg.version !== "1.0") return msg;
+  if (typeof msg.eventId !== "string") return msg;
+  if (!msg.payload || typeof msg.payload !== "object") return msg;
+  const legacyType = UNIFIED_TO_LEGACY[msg.type] || msg.type;
+  const flat = Object.assign({}, msg.payload);
+  flat.type = legacyType;
+  if (msg.sessionId != null) flat.sessionId = msg.sessionId;
+  if (msg.requestId != null) flat.requestId = msg.requestId;
+  return flat;
+}
+
+/**
+ * Render the helper as a `var` + `function` declaration string suitable
+ * for inlining inside the browser bundle returned by `buildHtml`.
+ *
+ * The output is intentionally ES5-compatible: it uses `var` rather than
+ * `const`, and inlines the map literal so the browser does not need to
+ * import any module.
+ */
+export function getInlineSource() {
+  return (
+    "var UNIFIED_TO_LEGACY = " +
+    JSON.stringify(UNIFIED_TO_LEGACY, null, 2) +
+    ";\n" +
+    "function unwrapEnvelope(msg) {\n" +
+    "    if (!msg || typeof msg !== 'object') return msg;\n" +
+    "    if (msg.version !== '1.0') return msg;\n" +
+    "    if (typeof msg.eventId !== 'string') return msg;\n" +
+    "    if (!msg.payload || typeof msg.payload !== 'object') return msg;\n" +
+    "    var legacyType = UNIFIED_TO_LEGACY[msg.type] || msg.type;\n" +
+    "    var flat = Object.assign({}, msg.payload);\n" +
+    "    flat.type = legacyType;\n" +
+    "    if (msg.sessionId != null) flat.sessionId = msg.sessionId;\n" +
+    "    if (msg.requestId != null) flat.requestId = msg.requestId;\n" +
+    "    return flat;\n" +
+    "  }"
+  );
+}

package/src/lib/web-ui-server.js

@@ -12,6 +12,7 @@ import http from "http";
 import fs from "fs";
 import path from "path";
 import { fileURLToPath } from "url";
+import { getInlineSource as getEnvelopeInlineSource } from "./web-ui-envelope.js";
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 
@@ -654,7 +655,16 @@ function buildHtml({
     send({ type: 'session-list' });
   }
 
-  function handleMessage(msg) {
+  // Map unified envelope dot-case types back to legacy kebab-case so the
+  // existing switch table below keeps working without per-case rewrites.
+  // The CLI runtime wraps every coding-agent event in a v1.0 envelope.
+  // Source of truth lives in lib/web-ui-envelope.js — inlined here at
+  // build time so the browser bundle stays self-contained and the same
+  // unwrap logic is unit-testable in Node.
+  ${getEnvelopeInlineSource()}
+
+  function handleMessage(rawMsg) {
+    var msg = unwrapEnvelope(rawMsg);
     switch (msg.type) {
       case 'auth-result':
         if (msg.success) {
@@ -798,6 +808,8 @@ function buildHtml({
     ws.onmessage = ev => {
       let msg;
       try { msg = JSON.parse(ev.data); } catch { return; }
+      // Unwrap unified envelopes so the type compare below still matches.
+      msg = unwrapEnvelope(msg);
       if (msg.type === 'session-created' && msg.sessionId) {
         // Replace temp id
         sessions.delete(tempId);