clawmini 0.0.8 → 0.0.9

package/dist/daemon/index.mjs

@@ -1,20 +1,21 @@
-import { C as writeAgentSessionSettings, D as pathIsInsideDir, O as CronJobSchema, S as updateChatSettings, T as writeChatSettings, _ as readEnvironment, b as resolveAgentWorkDir, c as getClawminiDir, d as getSocketPath, f as getWorkspaceRoot, g as readChatSettings, h as readAgentSessionSettings, k as SettingsSchema, l as getEnvironmentPath, m as listAgents, o as getActiveEnvironmentInfo, s as getAgent, u as getSettingsPath, v as readPolicies, y as readSettings } from "../workspace-BJmJBfKi.mjs";
-import { c as createChat, f as getDefaultChatId, h as listChats, n as exportLiteToEnvironment, p as getMessages$1, s as appendMessage$1, u as findLastMessage } from "../lite-CBxOT1y5.mjs";
+import { A as updateChatSettings, C as readSettings, E as resolveAgentWorkDir, F as pathIsInsideDir, I as CronJobSchema, L as SettingsSchema, N as writeChatSettings, O as substituteLayeredEnvDir, S as readPoliciesForPath, b as readChatSettings, c as getAgent, d as getEnvironmentPath, f as getEnvironmentSearchDirs, g as getWorkspaceRoot, h as getSocketPath, j as writeAgentSessionSettings, k as updateAgentOverlay, l as getAgentOverlay, m as getSettingsPath, s as getActiveEnvironmentInfo, u as getClawminiDir, v as listAgents, x as readEnvironment, y as readAgentSessionSettings } from "../workspace-oWmVh5mi.mjs";
+import { A as getMessages$1, D as findLastMessage, M as listChats, T as createChat, a as DAEMON_EVENT_CHAT_STREAM, b as exportLiteToEnvironment, c as daemonEvents, d as emitTyping, i as appendMessage, k as getDefaultChatId, l as emitTurnEnded, m as detectInstall, o as DAEMON_EVENT_MESSAGE_APPENDED, p as sendControlRequest, r as drainPendingReplies, s as DAEMON_EVENT_TYPING, t as isAcceptableVersion, u as emitTurnStarted } from "../supervisor-actions-CiW56eLi.mjs";
 import fs, { constants } from "node:fs";
 import path from "node:path";
+import { fileURLToPath } from "node:url";
 import { execSync, spawn } from "node:child_process";
-import fs$1 from "node:fs/promises";
+import crypto$1, { randomBytes, randomUUID } from "node:crypto";
+import fsPromises from "node:fs/promises";
 import { z } from "zod";
 import http from "node:http";
 import net from "node:net";
+import { on } from "node:events";
 import { createHTTPHandler } from "@trpc/server/adapters/standalone";
 import { TRPCError, initTRPC } from "@trpc/server";
 import schedule from "node-schedule";
-import crypto$1, { randomBytes, randomUUID } from "node:crypto";
-import fs$2 from "fs/promises";
+import fs$1 from "fs/promises";
 import path$1 from "path";
 import { randomInt } from "crypto";
-import { EventEmitter, on } from "node:events";
 
 //#region src/daemon/api/trpc.ts
 const t = initTRPC.context().create();
@@ -67,10 +68,10 @@ async function slashCommand(state) {
 		if (!pathIsInsideDir(path.resolve(commandsDir, commandName), commandsDir)) continue;
 		let content;
 		try {
-			content = await fs$1.readFile(targetPathMd, "utf8");
+			content = await fsPromises.readFile(targetPathMd, "utf8");
 		} catch {
 			try {
-				content = await fs$1.readFile(targetPathTxt, "utf8");
+				content = await fsPromises.readFile(targetPathTxt, "utf8");
 			} catch {
 				continue;
 			}
@@ -124,7 +125,9 @@ const PolicyRequestSchema = z.object({
 	createdAt: z.number(),
 	rejectionReason: z.string().optional(),
 	chatId: z.string(),
-	agentId: z.string()
+	agentId: z.string(),
+	subagentId: z.string().optional(),
+	cwd: z.string().optional()
 });
 function isENOENT(err) {
 	return Boolean(err && typeof err === "object" && "code" in err && err.code === "ENOENT");
@@ -135,7 +138,7 @@ var RequestStore = class {
 		this.baseDir = path$1.join(getClawminiDir(startDir), "tmp", "requests");
 	}
 	async init() {
-		await fs$2.mkdir(this.baseDir, { recursive: true });
+		await fs$1.mkdir(this.baseDir, { recursive: true });
 	}
 	getFilePath(id) {
 		return path$1.join(this.baseDir, `${id}.json`);
@@ -145,13 +148,40 @@ var RequestStore = class {
 		const normalizedId = normalizePolicyId(request.id);
 		request.id = normalizedId;
 		const filePath = this.getFilePath(normalizedId);
-		await fs$2.writeFile(filePath, JSON.stringify(request, null, 2), "utf8");
+		await fs$1.writeFile(filePath, JSON.stringify(request, null, 2), "utf8");
+	}
+	async delete(id) {
+		const normalizedId = normalizePolicyId(id);
+		const filePath = this.getFilePath(normalizedId);
+		try {
+			await fs$1.unlink(filePath);
+		} catch (err) {
+			if (!isENOENT(err)) throw err;
+		}
+	}
+	async cleanupCompleted() {
+		let removed = 0;
+		try {
+			const files = await fs$1.readdir(this.baseDir);
+			for (const file of files) {
+				if (!file.endsWith(".json")) continue;
+				const id = path$1.basename(file, ".json");
+				const req = await this.load(id);
+				if (req && req.state !== "Pending") {
+					await this.delete(id);
+					removed++;
+				}
+			}
+		} catch (err) {
+			if (!isENOENT(err)) throw err;
+		}
+		return removed;
 	}
 	async load(id) {
 		const normalizedId = normalizePolicyId(id);
 		const filePath = this.getFilePath(normalizedId);
 		try {
-			const data = await fs$2.readFile(filePath, "utf8");
+			const data = await fs$1.readFile(filePath, "utf8");
 			return PolicyRequestSchema.parse(JSON.parse(data));
 		} catch (err) {
 			if (isENOENT(err)) return null;
@@ -164,7 +194,7 @@ var RequestStore = class {
 		await this.init();
 		const requests = [];
 		try {
-			const files = await fs$2.readdir(this.baseDir);
+			const files = await fs$1.readdir(this.baseDir);
 			for (const file of files) {
 				if (!file.endsWith(".json")) continue;
 				const id = path$1.basename(file, ".json");
@@ -190,10 +220,56 @@ function normalizePolicyId(id) {
 //#endregion
 //#region src/daemon/policy-utils.ts
 const MAX_SNAPSHOT_SIZE = 5 * 1024 * 1024;
+const MAX_INLINE_OUTPUT_LENGTH = 500;
+/**
+* Strips the sandbox `baseDir` from `sandboxCwd` and resolves the remainder
+* against `hostTargetDir` (the host dir that mirrors baseDir inside the
+* sandbox). Pure translation — no security validation; callers must validate
+* the result with `assertPathInsideDir`.
+*/
+function translateSandboxPath(sandboxCwd, baseDir, hostTargetDir) {
+	let relativePath = sandboxCwd;
+	if (sandboxCwd.startsWith(baseDir)) relativePath = sandboxCwd.slice(baseDir.length);
+	if (relativePath.startsWith("/") || relativePath.startsWith("\\")) relativePath = relativePath.slice(1);
+	return path.resolve(hostTargetDir, relativePath);
+}
+/**
+* Throws if `cwd` (after symlink resolution) is not inside `boundaryDir`.
+*
+* Security note (TOCTOU): There is an inherent race between validating the
+* resolved path here and the moment `spawn` uses it as cwd. A symlink created
+* on the host filesystem in that window could redirect execution outside
+* boundaryDir. We accept this because the sandboxed agent cannot modify the
+* host filesystem — only a local user or process with host-level access could
+* exploit the gap, and that is outside our threat model.
+*/
+function assertPathInsideDir(cwd, boundaryDir) {
+	if (!pathIsInsideDir(tryRealpath(cwd), tryRealpath(boundaryDir), { allowSameDir: true })) throw new Error(`Security Error: Path resolves outside the allowed directory: ${cwd}`);
+}
+function tryRealpath(p) {
+	const resolved = path.resolve(p);
+	try {
+		return fs.realpathSync(resolved);
+	} catch (err) {
+		if (!(err instanceof Error && "code" in err && err.code === "ENOENT")) throw err;
+	}
+	const parent = path.dirname(resolved);
+	if (parent === resolved) return resolved;
+	return path.join(tryRealpath(parent), path.basename(resolved));
+}
+async function resolveRequestCwd(requestCwd, agentId, workspaceRoot) {
+	if (!requestCwd) return workspaceRoot;
+	const agentDir = await resolveAgentDir(agentId, workspaceRoot);
+	const envInfo = await getActiveEnvironmentInfo(agentDir, workspaceRoot);
+	const envConfig = envInfo ? await readEnvironment(envInfo.name, workspaceRoot) : null;
+	const hostCwd = envInfo && envConfig?.baseDir ? translateSandboxPath(requestCwd, envConfig.baseDir, envInfo.targetPath) : path.resolve(agentDir, requestCwd);
+	assertPathInsideDir(hostCwd, agentDir);
+	return hostCwd;
+}
 async function createSnapshot(requestedPath, agentDir, snapshotDir) {
 	let realAgentDir;
 	try {
-		realAgentDir = await fs$1.realpath(agentDir);
+		realAgentDir = await fsPromises.realpath(agentDir);
 	} catch (err) {
 		throw new Error(`Agent directory not found or cannot be resolved: ${agentDir}`, { cause: err });
 	}
@@ -201,7 +277,7 @@ async function createSnapshot(requestedPath, agentDir, snapshotDir) {
 	if (!pathIsInsideDir(resolvedRequestedPath, realAgentDir, { allowSameDir: true })) throw new Error(`Security Error: Path resolves outside the allowed agent directory: ${resolvedRequestedPath}`);
 	let stat;
 	try {
-		stat = await fs$1.lstat(resolvedRequestedPath);
+		stat = await fsPromises.lstat(resolvedRequestedPath);
 	} catch (err) {
 		throw new Error(`File not found or cannot be accessed: ${requestedPath}`, { cause: err });
 	}
@@ -210,13 +286,13 @@ async function createSnapshot(requestedPath, agentDir, snapshotDir) {
 	if (stat.size > MAX_SNAPSHOT_SIZE) throw new Error(`File exceeds maximum snapshot size of 5MB: ${requestedPath}`);
 	const ext = path.extname(resolvedRequestedPath);
 	const base = path.basename(resolvedRequestedPath, ext);
-	await fs$1.mkdir(snapshotDir, { recursive: true });
+	await fsPromises.mkdir(snapshotDir, { recursive: true });
 	let snapshotPath;
 	while (true) {
 		const snapshotFileName = `${base}_${randomBytes(8).toString("hex")}${ext}`;
 		snapshotPath = path.join(snapshotDir, snapshotFileName);
 		try {
-			await fs$1.copyFile(resolvedRequestedPath, snapshotPath, constants.COPYFILE_EXCL);
+			await fsPromises.copyFile(resolvedRequestedPath, snapshotPath, constants.COPYFILE_EXCL);
 			break;
 		} catch (err) {
 			if (err instanceof Error && "code" in err && err.code === "EEXIST") continue;
@@ -276,6 +352,27 @@ async function executeRequest(request, policy, cwd) {
 		commandStr: `${policy.command} ${interpolatedArgs.join(" ")}`
 	};
 }
+/**
+* Saves large stdout/stderr to files in the agent's tmp/ directory and returns
+* placeholder strings pointing to those files. Small outputs are returned as-is.
+*/
+async function truncateLargeOutput(stdout, stderr, requestId, agentId) {
+	const agentDir = await resolveAgentDir(agentId, getWorkspaceRoot());
+	const tmpDir = path.join(agentDir, "tmp");
+	if (stdout.length >= MAX_INLINE_OUTPUT_LENGTH || stderr.length >= MAX_INLINE_OUTPUT_LENGTH) await fsPromises.mkdir(tmpDir, { recursive: true });
+	if (stdout.length >= MAX_INLINE_OUTPUT_LENGTH) {
+		await fsPromises.writeFile(path.join(tmpDir, `stdout-${requestId}.txt`), stdout, "utf-8");
+		stdout = `stdout is ${stdout.length} characters, saved to ./tmp/stdout-${requestId}.txt\n`;
+	}
+	if (stderr.length >= MAX_INLINE_OUTPUT_LENGTH) {
+		await fsPromises.writeFile(path.join(tmpDir, `stderr-${requestId}.txt`), stderr, "utf-8");
+		stderr = `stderr is ${stderr.length} characters, saved to ./tmp/stderr-${requestId}.txt\n`;
+	}
+	return {
+		stdout,
+		stderr
+	};
+}
 async function generateRequestPreview(request) {
 	let previewContent = `Sandbox Policy Request: ${request.commandName}\n`;
 	previewContent += `ID: ${request.id}\n`;
@@ -283,7 +380,7 @@ async function generateRequestPreview(request) {
 	for (const [name, snapPath] of Object.entries(request.fileMappings)) {
 		previewContent += `File [${name}]:\n`;
 		try {
-			let content = await fs$1.readFile(snapPath, "utf8");
+			let content = await fsPromises.readFile(snapPath, "utf8");
 			if (content.length > 500) content = content.substring(0, 500) + "\n... (truncated)\n";
 			previewContent += content;
 		} catch (e) {
@@ -294,30 +391,13 @@ async function generateRequestPreview(request) {
 	return previewContent;
 }
 
-//#endregion
-//#region src/daemon/events.ts
-const daemonEvents = new EventEmitter();
-const DAEMON_EVENT_MESSAGE_APPENDED = "message-appended";
-const DAEMON_EVENT_TYPING = "typing";
-function emitMessageAppended(chatId, message) {
-	daemonEvents.emit(DAEMON_EVENT_MESSAGE_APPENDED, {
-		chatId,
-		message
-	});
-}
-function emitTyping(chatId) {
-	daemonEvents.emit(DAEMON_EVENT_TYPING, { chatId });
-}
-
-//#endregion
-//#region src/daemon/chats.ts
-async function appendMessage(id, message, startDir = process.cwd()) {
-	await appendMessage$1(id, message, startDir);
-	emitMessageAppended(id, message);
-}
-
 //#endregion
 //#region src/daemon/routers/slash-policies.ts
+async function resolveTargetSessionId(chatId, req) {
+	const chatSettings = await readChatSettings(chatId);
+	if (req.subagentId) return chatSettings?.subagents?.[req.subagentId]?.sessionId ?? "default";
+	return chatSettings?.sessions?.[req.agentId] ?? "default";
+}
 async function loadAndValidateRequest(id, state) {
 	const store = new RequestStore(getWorkspaceRoot());
 	const req = await store.load(id);
@@ -360,37 +440,42 @@ async function slashPolicies(state) {
 		const { req, store, error } = await loadAndValidateRequest(id, state);
 		if (error) return error;
 		if (!req || !store) return state;
-		const policy = (await readPolicies())?.policies?.[req.commandName];
+		const workspaceRoot = getWorkspaceRoot();
+		const policy = (await readPoliciesForPath(await resolveAgentDir(req.agentId, workspaceRoot), workspaceRoot))?.policies?.[req.commandName];
 		if (!policy) return {
 			...state,
 			message: "",
 			reply: `Policy not found: ${req.commandName}`
 		};
-		req.state = "Approved";
-		const { stdout, stderr, exitCode } = await executeRequest(req, policy, getWorkspaceRoot());
-		req.executionResult = {
-			stdout,
-			stderr,
-			exitCode
-		};
-		await store.save(req);
+		const result = await executeRequest(req, policy, await resolveRequestCwd(req.cwd, state.agentId, workspaceRoot));
+		const { exitCode } = result;
+		const { stdout, stderr } = await truncateLargeOutput(result.stdout, result.stderr, req.id, state.agentId);
+		await store.delete(req.id);
 		const agentMessage = `Request ${id} approved.\n\n${wrapInHtml("stdout", stdout)}\n\n${wrapInHtml("stderr", stderr)}\n\nExit Code: ${exitCode}`;
-		const logMsg = {
+		const targetSessionId = await resolveTargetSessionId(state.chatId, req);
+		const userNotificationMsg = {
 			id: randomUUID(),
 			messageId: state.messageId,
 			role: "system",
 			event: "policy_approved",
-			displayRole: "user",
-			content: agentMessage,
+			displayRole: "agent",
+			content: `Request ${id} (\`${req.commandName}\`) approved.`,
 			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-			...req.subagentId ? { subagentId: req.subagentId } : {}
+			sessionId: state.sessionId
 		};
-		await appendMessage(state.chatId, logMsg);
+		await appendMessage(state.chatId, userNotificationMsg);
+		await executeDirectMessage(state.chatId, {
+			messageId: randomUUID(),
+			message: agentMessage,
+			chatId: state.chatId,
+			agentId: req.agentId,
+			sessionId: targetSessionId,
+			...req.subagentId ? { subagentId: req.subagentId } : {},
+			env: state.env || {}
+		}, void 0, getWorkspaceRoot(), true, agentMessage, req.subagentId, "policy_approved", "user");
 		return {
 			...state,
-			message: agentMessage,
-			reply: `Approved request, running ${req.commandName}`,
-			...req.subagentId ? { subagentId: req.subagentId } : {}
+			message: ""
 		};
 	}
 	const rejectMatch = message.match(/^\/reject\s+([^\s]+)(?:\s+(.*))?/);
@@ -401,36 +486,32 @@ async function slashPolicies(state) {
 		const { req, store, error } = await loadAndValidateRequest(id, state);
 		if (error) return error;
 		if (!req || !store) return state;
-		req.state = "Rejected";
-		req.rejectionReason = reason;
-		await store.save(req);
+		await store.delete(req.id);
 		const agentMessage = `Request ${id} rejected. Reason: ${reason}`;
-		const logMsg = {
-			id: randomUUID(),
-			messageId: state.messageId,
-			role: "system",
-			event: "policy_rejected",
-			displayRole: "user",
-			content: agentMessage,
-			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-			...req.subagentId ? { subagentId: req.subagentId } : {}
-		};
+		const targetSessionId = await resolveTargetSessionId(state.chatId, req);
 		const userNotificationMsg = {
 			id: randomUUID(),
 			messageId: state.messageId,
 			role: "system",
 			event: "policy_rejected",
 			displayRole: "agent",
-			content: agentMessage,
+			content: `Request ${id} (\`${req.commandName}\`) rejected. Reason: ${reason}`,
 			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-			...req.subagentId ? { subagentId: req.subagentId } : {}
+			sessionId: state.sessionId
 		};
-		await appendMessage(state.chatId, logMsg);
 		await appendMessage(state.chatId, userNotificationMsg);
+		await executeDirectMessage(state.chatId, {
+			messageId: randomUUID(),
+			message: agentMessage,
+			chatId: state.chatId,
+			agentId: req.agentId,
+			sessionId: targetSessionId,
+			...req.subagentId ? { subagentId: req.subagentId } : {},
+			env: state.env || {}
+		}, void 0, getWorkspaceRoot(), true, agentMessage, req.subagentId, "policy_rejected", "user");
 		return {
 			...state,
-			message: agentMessage,
-			...req.subagentId ? { subagentId: req.subagentId } : {}
+			message: ""
 		};
 	}
 	return state;
@@ -440,6 +521,247 @@ function wrapInHtml(tag, text) {
 	return `<${tag}>\n${text.trim()}\n</${tag}>`;
 }
 
+//#endregion
+//#region src/daemon/routers/slash-model.ts
+const RESERVED_SHORTHANDS = new Set([
+	"help",
+	"add",
+	"remove",
+	"rm"
+]);
+function stop$3(state, reply) {
+	return {
+		...state,
+		message: "",
+		reply,
+		action: "stop"
+	};
+}
+function formatHelp() {
+	return [
+		"Usage:",
+		"- /model — List current model and shorthands.",
+		"- /model <name> — Set MODEL (resolves shorthand if defined).",
+		"- /model add <shorthand> <full-name> — Add or replace a shorthand.",
+		"- /model remove <shorthand> — Remove a shorthand (alias: rm).",
+		"- /model help — Show this help."
+	].join("\n");
+}
+function formatList(agent) {
+	const current = agent?.env?.MODEL ?? "(unset)";
+	const shorthands = agent?.modelShorthands ?? {};
+	const entries = Object.entries(shorthands);
+	const lines = [`Current model: ${current}`];
+	if (entries.length === 0) lines.push("No shorthands defined. Add one with /model add <shorthand> <full-name>.");
+	else {
+		lines.push("Shorthands:");
+		for (const [short, full] of entries.sort(([a], [b]) => a.localeCompare(b))) lines.push(`- ${short} -> ${full}`);
+	}
+	return lines.join("\n");
+}
+function looksLikeShorthand(name) {
+	return name.length <= 16 && !/[-./:]/.test(name);
+}
+async function setModel(agentId, fullModel, workspaceRoot) {
+	await updateAgentOverlay(agentId, (overlay) => {
+		const nextEnv = {
+			...overlay.env ?? {},
+			MODEL: fullModel
+		};
+		return {
+			...overlay,
+			env: nextEnv
+		};
+	}, workspaceRoot);
+}
+async function addShorthand(agentId, shorthand, fullModel, workspaceRoot) {
+	await updateAgentOverlay(agentId, (overlay) => {
+		const nextShorthands = {
+			...overlay.modelShorthands ?? {},
+			[shorthand]: fullModel
+		};
+		return {
+			...overlay,
+			modelShorthands: nextShorthands
+		};
+	}, workspaceRoot);
+}
+async function removeOverlayShorthand(agentId, shorthand, workspaceRoot) {
+	return await updateAgentOverlay(agentId, (overlay) => {
+		const overlayShorthands = overlay.modelShorthands ?? {};
+		if (!(shorthand in overlayShorthands)) return null;
+		const next = { ...overlayShorthands };
+		delete next[shorthand];
+		const updated = { ...overlay };
+		if (Object.keys(next).length === 0) delete updated.modelShorthands;
+		else updated.modelShorthands = next;
+		return updated;
+	}, workspaceRoot);
+}
+async function ensureOverlay(state, agentId, workspaceRoot) {
+	if (await getAgentOverlay(agentId, workspaceRoot) !== null) return null;
+	return stop$3(state, `Agent '${agentId}' has no settings overlay; cannot configure model.`);
+}
+async function slashModel(state) {
+	const message = state.message.trim();
+	if (!/^\/model(\s|$)/.test(message)) return state;
+	const agentId = state.agentId;
+	if (!agentId) return stop$3(state, "/model requires an agent. Set a defaultAgent for this chat.");
+	const workspaceRoot = getWorkspaceRoot();
+	const rest = message.slice(6).trim();
+	if (rest === "") return stop$3(state, formatList(await getAgent(agentId, workspaceRoot)));
+	const firstSpace = rest.search(/\s/);
+	const subcommand = firstSpace === -1 ? rest : rest.slice(0, firstSpace);
+	const remainder = firstSpace === -1 ? "" : rest.slice(firstSpace + 1).trim();
+	if (subcommand === "help") return stop$3(state, formatHelp());
+	if (subcommand === "add") {
+		const addMatch = remainder.match(/^(\S+)\s+(\S+)\s*$/);
+		if (!addMatch) return stop$3(state, "Usage: /model add <shorthand> <full-name>");
+		const shorthand = addMatch[1];
+		const fullModel = addMatch[2];
+		if (RESERVED_SHORTHANDS.has(shorthand)) return stop$3(state, `Invalid shorthand: '${shorthand}' is reserved.`);
+		const guard = await ensureOverlay(state, agentId, workspaceRoot);
+		if (guard) return guard;
+		await addShorthand(agentId, shorthand, fullModel, workspaceRoot);
+		return stop$3(state, `Added shorthand: ${shorthand} -> ${fullModel}`);
+	}
+	if (subcommand === "remove" || subcommand === "rm") {
+		if (!/^\S+$/.test(remainder)) return stop$3(state, "Usage: /model remove <shorthand>");
+		const guard = await ensureOverlay(state, agentId, workspaceRoot);
+		if (guard) return guard;
+		if (!await removeOverlayShorthand(agentId, remainder, workspaceRoot)) {
+			if ((await getAgent(agentId, workspaceRoot))?.modelShorthands?.[remainder] !== void 0) return stop$3(state, `Shorthand '${remainder}' is defined in the template, not the overlay. Edit the template to remove it.`);
+			return stop$3(state, `Shorthand '${remainder}' not found.`);
+		}
+		const fallback = (await getAgent(agentId, workspaceRoot))?.modelShorthands?.[remainder];
+		return stop$3(state, `Removed shorthand: ${remainder}${fallback !== void 0 ? ` (still resolves to '${fallback}' from template)` : ""}.`);
+	}
+	if (subcommand.startsWith("-")) return stop$3(state, `Unknown option: ${subcommand}\n${formatHelp()}`);
+	if (remainder !== "") return stop$3(state, `Unknown subcommand: ${subcommand}\n${formatHelp()}`);
+	const guard = await ensureOverlay(state, agentId, workspaceRoot);
+	if (guard) return guard;
+	const shorthands = (await getAgent(agentId, workspaceRoot))?.modelShorthands ?? {};
+	const matched = Object.prototype.hasOwnProperty.call(shorthands, subcommand);
+	const fullModel = matched ? shorthands[subcommand] : subcommand;
+	await setModel(agentId, fullModel, workspaceRoot);
+	if (matched) return stop$3(state, `Set MODEL to ${fullModel} (shorthand '${subcommand}').`);
+	if (looksLikeShorthand(subcommand)) return stop$3(state, `Set MODEL to ${fullModel}. (No shorthand matched — was that the literal model name? Run /model add ${subcommand} <full-name> if not.)`);
+	return stop$3(state, `Set MODEL to ${fullModel}.`);
+}
+
+//#endregion
+//#region src/daemon/routers/slash-restart.ts
+async function slashRestart(state) {
+	if (!/^\/restart(\s|$)/.test(state.message)) return state;
+	let res;
+	try {
+		res = await sendControlRequest({
+			action: "restart",
+			chatId: state.chatId,
+			messageId: state.messageId
+		});
+	} catch (err) {
+		return stop$2(state, `Could not reach supervisor: ${err instanceof Error ? err.message : String(err)}.`);
+	}
+	if (!res.ok) return stop$2(state, `Restart aborted: ${res.error ?? "unknown error"}.`);
+	return stop$2(state, "Restarting clawmini...");
+}
+function stop$2(state, reply) {
+	return {
+		...state,
+		message: "",
+		action: "stop",
+		reply
+	};
+}
+
+//#endregion
+//#region src/daemon/routers/slash-shutdown.ts
+async function slashShutdown(state) {
+	if (!/^\/shutdown(\s|$)/.test(state.message)) return state;
+	let res;
+	try {
+		res = await sendControlRequest({ action: "shutdown" });
+	} catch (err) {
+		return stop$1(state, `Could not reach supervisor: ${err instanceof Error ? err.message : String(err)}.`);
+	}
+	if (!res.ok) return stop$1(state, `Shutdown aborted: ${res.error ?? "unknown error"}.`);
+	return stop$1(state, "Shutting down clawmini supervisor...");
+}
+function stop$1(state, reply) {
+	return {
+		...state,
+		message: "",
+		action: "stop",
+		reply
+	};
+}
+
+//#endregion
+//#region src/shared/version.ts
+let cached = null;
+/**
+* Read the version from the clawmini package.json. Walks up from the current
+* module's location until a package.json named "clawmini" is found.
+*/
+function getClawminiVersion() {
+	if (cached !== null) return cached;
+	let dir = path.dirname(fileURLToPath(import.meta.url));
+	while (dir !== path.parse(dir).root) {
+		const pkgPath = path.join(dir, "package.json");
+		if (fs.existsSync(pkgPath)) try {
+			const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+			if (pkg.name === "clawmini" && typeof pkg.version === "string") {
+				cached = pkg.version;
+				return cached;
+			}
+		} catch {}
+		dir = path.dirname(dir);
+	}
+	cached = "unknown";
+	return cached;
+}
+
+//#endregion
+//#region src/daemon/routers/slash-upgrade.ts
+async function slashUpgrade(state) {
+	const trimmed = state.message.trim();
+	if (!/^\/upgrade(\s|$)/.test(trimmed)) return state;
+	const info = detectInstall();
+	if (!info.isNpmGlobal) return stop(state, `Cannot upgrade: clawmini is not installed via \`npm install -g\` (running from ${info.entryRealPath}). Skipping.`);
+	const rest = trimmed.slice(8).trim();
+	if (rest === "") return stop(state, [
+		`Currently running clawmini v${getClawminiVersion()}.`,
+		"/upgrade requires an explicit target:",
+		"  /upgrade latest      — install whatever npm reports as the latest tag",
+		"  /upgrade <version>   — install a specific version (e.g. /upgrade 0.0.7)"
+	].join("\n"));
+	if (!/^\S+$/.test(rest)) return stop(state, "Usage: /upgrade <version>");
+	const version = rest;
+	if (!isAcceptableVersion(version)) return stop(state, `Invalid version: ${version}`);
+	let res;
+	try {
+		res = await sendControlRequest({
+			action: "upgrade",
+			version,
+			chatId: state.chatId,
+			messageId: state.messageId
+		});
+	} catch (err) {
+		return stop(state, `Could not reach supervisor: ${err instanceof Error ? err.message : String(err)}.`);
+	}
+	if (!res.ok) return stop(state, `Upgrade aborted: ${res.error ?? "unknown error"}.`);
+	return stop(state, `Upgrading clawmini to ${version}... services will restart shortly.`);
+}
+function stop(state, reply) {
+	return {
+		...state,
+		message: "",
+		action: "stop",
+		reply
+	};
+}
+
 //#endregion
 //#region src/daemon/routers/session-timeout.ts
 /**
@@ -465,6 +787,7 @@ function createSessionTimeoutRouter(config = {}) {
 	const prompt = config.prompt ?? "This chat session has ended. Save any important details from it to your memory. When finished, reply with NO_REPLY_NECESSARY.";
 	return function(state) {
 		if (state.env?.__SESSION_TIMEOUT__ === "true") return state;
+		if (state.subagentId) return state;
 		const sessionId = state.sessionId || crypto.randomUUID();
 		const jobId = `__session_timeout__${sessionId}`;
 		const jobs = {
@@ -506,7 +829,11 @@ const USER_ROUTERS = [
 	"@clawmini/slash-command",
 	"@clawmini/slash-stop",
 	"@clawmini/slash-interrupt",
-	"@clawmini/slash-policies"
+	"@clawmini/slash-policies",
+	"@clawmini/slash-model",
+	"@clawmini/slash-restart",
+	"@clawmini/slash-shutdown",
+	"@clawmini/slash-upgrade"
 ];
 function resolveRouters(userRouters, isUserMessage) {
 	const resolvedGlobals = [];
@@ -563,6 +890,10 @@ async function executeRouterPipeline(initialState, routers) {
 		else if (router === "@clawmini/slash-stop") state = slashStop(state);
 		else if (router === "@clawmini/slash-interrupt") state = slashInterrupt(state);
 		else if (router === "@clawmini/slash-policies") state = await slashPolicies(state);
+		else if (router === "@clawmini/slash-model") state = await slashModel(state);
+		else if (router === "@clawmini/slash-restart") state = await slashRestart(state);
+		else if (router === "@clawmini/slash-shutdown") state = await slashShutdown(state);
+		else if (router === "@clawmini/slash-upgrade") state = await slashUpgrade(state);
 		else if (router === "@clawmini/session-timeout") state = createSessionTimeoutRouter(config)(state);
 		else try {
 			state = await executeCustomRouter(router, state);
@@ -631,15 +962,16 @@ async function executeCustomRouter(command, state) {
 
 //#endregion
 //#region src/daemon/agent/agent-context.ts
-function formatEnvironmentPrefix(prefix, replacements) {
+function formatEnvironmentPrefix(prefix, searchDirs, replacements) {
+	let out = substituteLayeredEnvDir(prefix, searchDirs);
 	const map = {
 		"{WORKSPACE_DIR}": replacements.targetPath,
 		"{AGENT_DIR}": replacements.executionCwd,
-		"{ENV_DIR}": replacements.envDir,
 		"{HOME_DIR}": process.env.HOME || "",
 		"{ENV_ARGS}": replacements.envArgs
 	};
-	return prefix.replace(/{(WORKSPACE_DIR|AGENT_DIR|ENV_DIR|HOME_DIR|ENV_ARGS)}/g, (match) => map[match] || match);
+	out = out.replace(/{(WORKSPACE_DIR|AGENT_DIR|HOME_DIR|ENV_ARGS)}/g, (match) => map[match] || match);
+	return out;
 }
 async function sandboxExecutionContext(initialCommand, env, agentSpecificEnvKeys, executionCwd, cwd) {
 	let command = initialCommand;
@@ -647,13 +979,14 @@ async function sandboxExecutionContext(initialCommand, env, agentSpecificEnvKeys
 	if (!activeEnvInfo) return command;
 	const activeEnvName = activeEnvInfo.name;
 	const activeEnv = await readEnvironment(activeEnvName, cwd);
+	const searchDirs = await getEnvironmentSearchDirs(activeEnvName, cwd);
 	if (activeEnv?.env) for (const [key, value] of Object.entries(activeEnv.env)) if (value === false) {
 		delete env[key];
 		agentSpecificEnvKeys.delete(key);
 	} else {
 		let interpolatedValue = String(value);
 		interpolatedValue = interpolatedValue.replace(/\{PATH\}/g, process.env.PATH || "");
-		interpolatedValue = interpolatedValue.replace(/\{ENV_DIR\}/g, getEnvironmentPath(activeEnvName, cwd));
+		interpolatedValue = substituteLayeredEnvDir(interpolatedValue, searchDirs);
 		interpolatedValue = interpolatedValue.replace(/\{WORKSPACE_DIR\}/g, activeEnvInfo.targetPath);
 		env[key] = interpolatedValue;
 		agentSpecificEnvKeys.add(key);
@@ -663,10 +996,9 @@ async function sandboxExecutionContext(initialCommand, env, agentSpecificEnvKeys
 			if (activeEnv.envFormat) return activeEnv.envFormat.replace("{key}", key);
 			return key;
 		}).join(" ");
-		const prefixReplaced = formatEnvironmentPrefix(activeEnv.prefix, {
+		const prefixReplaced = formatEnvironmentPrefix(activeEnv.prefix, searchDirs, {
 			targetPath: activeEnvInfo.targetPath,
 			executionCwd,
-			envDir: getEnvironmentPath(activeEnvName, cwd),
 			envArgs
 		});
 		if (prefixReplaced.includes("{COMMAND}")) command = prefixReplaced.replace("{COMMAND}", command);
@@ -859,12 +1191,17 @@ const runCommand = async ({ command, cwd, env, stdin, signal }) => {
 
 //#endregion
 //#region src/daemon/agent/chat-logger.ts
-function createChatLogger(chatId, subagentId) {
+function createChatLogger(chatId, subagentId, sessionId, turnId) {
 	async function append(msg) {
-		const finalMsg = subagentId ? {
-			...msg,
+		let finalMsg = msg;
+		if (subagentId) finalMsg = {
+			...finalMsg,
 			subagentId
-		} : msg;
+		};
+		if (turnId) finalMsg = {
+			...finalMsg,
+			turnId
+		};
 		await appendMessage(chatId, finalMsg);
 		return finalMsg;
 	}
@@ -885,13 +1222,15 @@ function createChatLogger(chatId, subagentId) {
 			id: crypto.randomUUID(),
 			role: "user",
 			content: msg,
-			timestamp: (/* @__PURE__ */ new Date()).toISOString()
+			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			sessionId
 		}),
 		logCommandResult: async ({ messageId, content, command, cwd, result }) => append({
 			id: crypto.randomUUID(),
 			role: "command",
 			content,
 			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			sessionId,
 			messageId,
 			command,
 			cwd,
@@ -904,6 +1243,7 @@ function createChatLogger(chatId, subagentId) {
 			role: "command",
 			content,
 			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			sessionId,
 			messageId: crypto.randomUUID(),
 			stderr: "",
 			command: "",
@@ -916,6 +1256,7 @@ function createChatLogger(chatId, subagentId) {
 			role: "system",
 			content,
 			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			sessionId,
 			messageId,
 			event: "router",
 			displayRole: "agent"
@@ -925,6 +1266,7 @@ function createChatLogger(chatId, subagentId) {
 			role: "command",
 			content,
 			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			sessionId,
 			messageId,
 			command: "retry-delay",
 			stderr: "",
@@ -932,16 +1274,18 @@ function createChatLogger(chatId, subagentId) {
 			cwd,
 			exitCode: 0
 		}),
-		logSystemMessage: async ({ content, event, messageId, displayRole }) => {
+		logSystemMessage: async ({ content, event, messageId, displayRole, jobId }) => {
 			const msg = {
 				id: crypto.randomUUID(),
 				role: "system",
 				content,
 				event,
-				timestamp: (/* @__PURE__ */ new Date()).toISOString()
+				timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+				sessionId
 			};
 			if (messageId !== void 0) msg.messageId = messageId;
 			if (displayRole !== void 0) msg.displayRole = displayRole;
+			if (jobId !== void 0) msg.jobId = jobId;
 			return append(msg);
 		},
 		logSubagentStatus: async ({ subagentId: targetSubagentId, status }) => {
@@ -951,7 +1295,8 @@ function createChatLogger(chatId, subagentId) {
 				content: `Subagent ${status}`,
 				subagentId: targetSubagentId,
 				status,
-				timestamp: (/* @__PURE__ */ new Date()).toISOString()
+				timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+				sessionId
 			});
 		},
 		logAgentReply: async ({ content, files }) => {
@@ -959,7 +1304,8 @@ function createChatLogger(chatId, subagentId) {
 				id: crypto.randomUUID(),
 				role: "agent",
 				content,
-				timestamp: (/* @__PURE__ */ new Date()).toISOString()
+				timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+				sessionId
 			};
 			if (files !== void 0) msg.files = files;
 			return append(msg);
@@ -972,7 +1318,8 @@ function createChatLogger(chatId, subagentId) {
 				messageId,
 				name,
 				payload,
-				timestamp: (/* @__PURE__ */ new Date()).toISOString()
+				timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+				sessionId
 			});
 		},
 		logPolicyRequestMessage: async ({ content, messageId, requestId, commandName, args, status }) => {
@@ -985,7 +1332,8 @@ function createChatLogger(chatId, subagentId) {
 				commandName,
 				args,
 				status,
-				timestamp: (/* @__PURE__ */ new Date()).toISOString()
+				timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+				sessionId
 			});
 		}
 	};
@@ -1247,6 +1595,7 @@ var AgentSession = class {
 	sessionId;
 	chatId;
 	subagentId;
+	turnId;
 	settings;
 	workspaceRoot;
 	globalSettings;
@@ -1256,10 +1605,11 @@ var AgentSession = class {
 		this.sessionId = config.sessionId;
 		this.chatId = config.chatId;
 		this.subagentId = config.subagentId;
+		this.turnId = config.turnId;
 		this.settings = config.settings;
 		this.workspaceRoot = config.workspaceRoot;
 		this.globalSettings = config.globalSettings;
-		this.logger = config.logger ?? createChatLogger(this.chatId, this.subagentId);
+		this.logger = config.logger ?? createChatLogger(this.chatId, this.subagentId, this.sessionId, this.turnId);
 	}
 	async buildExecutionContext(messageContent, routerEnv, fallback) {
 		const currentAgent = {
@@ -1303,6 +1653,7 @@ var AgentSession = class {
 				agentId: this.agentId,
 				sessionId: this.sessionId,
 				...this.subagentId ? { subagentId: this.subagentId } : {},
+				...this.turnId ? { turnId: this.turnId } : {},
 				timestamp: Date.now()
 			});
 			if (currentAgent.apiTokenEnvVar) {
@@ -1372,6 +1723,7 @@ async function createAgentSession(options) {
 		sessionId: options.sessionId,
 		chatId: options.chatId,
 		...options.subagentId ? { subagentId: options.subagentId } : {},
+		...options.turnId ? { turnId: options.turnId } : {},
 		settings: mergedAgent,
 		workspaceRoot,
 		globalSettings: settings,
@@ -1398,16 +1750,89 @@ async function resolveMergedAgent(agentId, settings, cwd) {
 	return mergedAgent;
 }
 
+//#endregion
+//#region src/daemon/agent/turn-registry.ts
+const turns = /* @__PURE__ */ new Map();
+/**
+* Watchdog for turns whose subagent count never drains. Pathological cases
+* (crashed subagent, bug leaving the counter > 0) would otherwise pin the
+* turn's activity log open indefinitely. Default is a guess — instrument
+* before tuning.
+*/
+const DEFAULT_TURN_MAX_DURATION_MS = 1800 * 1e3;
+function registerTurn(chatId, turnId, maxDurationMs = DEFAULT_TURN_MAX_DURATION_MS) {
+	if (turns.has(turnId)) return;
+	const state = {
+		chatId,
+		outstanding: 0,
+		parentExited: false,
+		outcome: "ok",
+		timeoutHandle: setTimeout(() => {
+			const s = turns.get(turnId);
+			if (!s) return;
+			console.warn(`Turn ${turnId} force-ended after ${maxDurationMs}ms (outstanding=${s.outstanding}).`);
+			turns.delete(turnId);
+			emitTurnEnded({
+				chatId: s.chatId,
+				turnId,
+				outcome: "error"
+			});
+		}, maxDurationMs)
+	};
+	state.timeoutHandle.unref();
+	turns.set(turnId, state);
+}
+function incrementSubagent(turnId) {
+	if (!turnId) return;
+	const state = turns.get(turnId);
+	if (!state) return;
+	state.outstanding++;
+}
+function decrementSubagent(turnId) {
+	if (!turnId) return;
+	const state = turns.get(turnId);
+	if (!state) return;
+	state.outstanding = Math.max(0, state.outstanding - 1);
+	maybeFinalize(turnId, state);
+}
+/**
+* Called once, when the parent agent's initial `handleMessage` promise
+* settles. Records the outcome; the turn actually ends (emits `turnEnded`)
+* only once the outstanding subagent count also reaches zero.
+*/
+function markParentExited(turnId, outcome) {
+	const state = turns.get(turnId);
+	if (!state) return;
+	if (state.parentExited) return;
+	state.parentExited = true;
+	state.outcome = outcome;
+	maybeFinalize(turnId, state);
+}
+function maybeFinalize(turnId, state) {
+	if (!state.parentExited) return;
+	if (state.outstanding > 0) return;
+	clearTimeout(state.timeoutHandle);
+	turns.delete(turnId);
+	emitTurnEnded({
+		chatId: state.chatId,
+		turnId,
+		outcome: state.outcome
+	});
+}
+
 //#endregion
 //#region src/daemon/message.ts
-async function executeDirectMessage(chatId, state, settings, cwd, noWait = false, userMessageContent, subagentId, systemEvent, displayRole) {
-	const logger = createChatLogger(chatId, subagentId);
+async function executeDirectMessage(chatId, state, settings, cwd, noWait = false, userMessageContent, subagentId, systemEvent, displayRole, parentTurnId) {
+	const turnId = parentTurnId ?? randomUUID();
+	const emitLifecycle = !parentTurnId;
+	const logger = createChatLogger(chatId, subagentId, state.sessionId, turnId);
 	let msgId;
 	if (systemEvent) msgId = (await logger.logSystemMessage({
 		content: userMessageContent ?? state.message,
 		event: systemEvent,
 		messageId: state.messageId,
-		...displayRole ? { displayRole } : {}
+		...displayRole ? { displayRole } : {},
+		...state.jobId ? { jobId: state.jobId } : {}
 	})).id;
 	else msgId = (await logger.logUserMessage(userMessageContent ?? state.message)).id;
 	if (state.reply) await logger.logAutomaticReply({
@@ -1422,29 +1847,46 @@ async function executeDirectMessage(chatId, state, settings, cwd, noWait = false
 		...subagentId ? { subagentId } : {},
 		cwd,
 		settings,
-		logger
+		logger,
+		turnId
 	});
 	let finalMessage = {
 		id: state.messageId,
 		content: state.message,
-		env: state.env ?? {}
+		env: state.env ?? {},
+		turnId
 	};
 	if (state.action === "stop") {
 		agentSession.stop();
+		if (!subagentId) await stopActiveSubagents(chatId, cwd);
 		return;
 	}
 	if (state.action === "interrupt") finalMessage = agentSession.interrupt(finalMessage);
-	const taskPromise = agentSession.handleMessage(finalMessage);
-	if (!noWait) try {
-		await taskPromise;
-	} catch (err) {
-		if (!(err instanceof Error && err.name === "AbortError")) throw err;
+	if (emitLifecycle) {
+		registerTurn(chatId, turnId);
+		emitTurnStarted({
+			chatId,
+			turnId,
+			rootMessageId: msgId,
+			...state.externalRef ? { externalRef: state.externalRef } : {}
+		});
 	}
-	else taskPromise.catch((err) => {
-		if (err.name !== "AbortError") console.error("Task execution error:", err);
+	const taskPromise = agentSession.handleMessage(finalMessage);
+	const settleTurn = async () => {
+		try {
+			await taskPromise;
+			if (emitLifecycle) markParentExited(turnId, "ok");
+		} catch (err) {
+			if (emitLifecycle) markParentExited(turnId, "error");
+			if (!(err instanceof Error && err.name === "AbortError")) throw err;
+		}
+	};
+	if (!noWait) await settleTurn();
+	else settleTurn().catch((err) => {
+		if (err?.name !== "AbortError") console.error("Task execution error:", err);
 	});
 }
-async function getInitialRouterState(chatId, message, chatSettings, overrideAgentId, overrideSessionId) {
+async function getInitialRouterState(chatId, message, chatSettings, overrideAgentId, overrideSessionId, externalRef) {
 	const agentId = overrideAgentId ?? chatSettings.defaultAgent ?? "default";
 	const sessionId = overrideSessionId ?? chatSettings.sessions?.[agentId] ?? "default";
 	return {
@@ -1453,19 +1895,20 @@ async function getInitialRouterState(chatId, message, chatSettings, overrideAgen
 		chatId,
 		agentId,
 		sessionId,
-		env: {}
+		env: {},
+		...externalRef ? { externalRef } : {}
 	};
 }
-async function handleUserMessage(chatId, message, settings, cwd = process.cwd(), noWait = false, sessionId, overrideAgentId) {
+async function handleUserMessage(chatId, message, settings, cwd = process.cwd(), noWait = false, sessionId, overrideAgentId, externalRef) {
 	const chatSettings = await readChatSettings(chatId, cwd) ?? {};
 	if (overrideAgentId && chatSettings.defaultAgent !== overrideAgentId) {
 		chatSettings.defaultAgent = overrideAgentId;
 		await writeChatSettings(chatId, chatSettings, cwd);
 	}
-	const initialState = await getInitialRouterState(chatId, message, chatSettings, overrideAgentId, sessionId);
+	const initialState = await getInitialRouterState(chatId, message, chatSettings, overrideAgentId, sessionId, externalRef);
 	const finalState = await executeRouterPipeline(initialState, resolveRouters(chatSettings.routers ?? settings?.routers ?? [], true));
 	await applyRouterStateUpdates(chatId, cwd, finalState, chatSettings, initialState.agentId);
-	await executeDirectMessage(chatId, finalState, settings, cwd, noWait, message);
+	await executeDirectMessage(chatId, finalState, settings, cwd, noWait, message, finalState.subagentId);
 }
 async function applyRouterStateUpdates(chatId, cwd, finalState, chatSettings, initialAgent) {
 	const finalAgentId = finalState.agentId;
@@ -1490,10 +1933,11 @@ async function applyRouterStateUpdates(chatId, cwd, finalState, chatSettings, in
 			settingsChanged = true;
 		}
 		if (finalState.jobs.add?.length) {
-			const addMap = new Map(finalState.jobs.add.map((job) => [job.id, job]));
-			for (const job of finalState.jobs.add) cronManager.scheduleJob(chatId, job);
+			const normalized = finalState.jobs.add.map(normalizeJob);
+			const addMap = new Map(normalized.map((job) => [job.id, job]));
+			for (const job of normalized) cronManager.scheduleJob(chatId, job);
 			chatSettings.jobs = chatSettings.jobs.filter((job) => !addMap.has(job.id));
-			chatSettings.jobs.push(...finalState.jobs.add);
+			chatSettings.jobs.push(...normalized);
 			settingsChanged = true;
 		}
 	}
@@ -1501,9 +1945,45 @@ async function applyRouterStateUpdates(chatId, cwd, finalState, chatSettings, in
 	if (finalState.sessionId === void 0) finalState.sessionId = finalSessionId;
 	if (finalState.agentId === void 0) finalState.agentId = currentAgentId;
 }
+async function stopActiveSubagents(chatId, cwd) {
+	const sessionsToAbort = [];
+	await updateChatSettings(chatId, (settings) => {
+		if (settings.subagents) {
+			for (const sub of Object.values(settings.subagents)) if (sub.status === "active") {
+				if (sub.sessionId) sessionsToAbort.push(sub.sessionId);
+				sub.status = "failed";
+			}
+		}
+		return settings;
+	}, cwd);
+	for (const sessionId of sessionsToAbort) taskScheduler.abortTasks(sessionId);
+}
 
 //#endregion
 //#region src/daemon/cron.ts
+function normalizeJob(job) {
+	if (!("at" in job.schedule)) return job;
+	const atStr = job.schedule.at;
+	const match = atStr.match(/^(\d+)\s*(m|min|minutes?|h|hours?|d|days?|s|sec|seconds?)$/i);
+	let absolute;
+	if (match) {
+		const val = parseInt(match[1], 10);
+		const unit = match[2].toLowerCase();
+		let ms = 0;
+		if (unit.startsWith("s")) ms = val * 1e3;
+		else if (unit.startsWith("m")) ms = val * 60 * 1e3;
+		else if (unit.startsWith("h")) ms = val * 60 * 60 * 1e3;
+		else if (unit.startsWith("d")) ms = val * 24 * 60 * 60 * 1e3;
+		absolute = new Date(Date.now() + ms);
+	} else {
+		absolute = new Date(atStr);
+		if (isNaN(absolute.getTime())) throw new Error(`Invalid date format for 'at' schedule: ${atStr}`);
+	}
+	return {
+		...job,
+		schedule: { at: absolute.toISOString() }
+	};
+}
 var CronManager = class {
 	jobs = /* @__PURE__ */ new Map();
 	getJobKey(chatId, jobId) {
@@ -1538,19 +2018,11 @@ var CronManager = class {
 			} else rule = everyStr;
 		} else if ("at" in job.schedule) {
 			const atStr = job.schedule.at;
-			const match = atStr.match(/^(\d+)\s*(m|min|minutes?|h|hours?|d|days?|s|sec|seconds?)$/i);
-			if (match) {
-				const val = parseInt(match[1], 10);
-				const unit = match[2].toLowerCase();
-				let ms = 0;
-				if (unit.startsWith("s")) ms = val * 1e3;
-				else if (unit.startsWith("m")) ms = val * 60 * 1e3;
-				else if (unit.startsWith("h")) ms = val * 60 * 60 * 1e3;
-				else if (unit.startsWith("d")) ms = val * 24 * 60 * 60 * 1e3;
-				rule = new Date(Date.now() + ms);
-			} else {
-				rule = new Date(atStr);
-				if (isNaN(rule.getTime())) throw new Error(`Invalid date format for 'at' schedule: ${atStr}`);
+			rule = new Date(atStr);
+			if (isNaN(rule.getTime())) throw new Error(`Invalid date format for 'at' schedule: ${atStr}`);
+			if (rule.getTime() <= Date.now()) {
+				console.warn(`One-off job ${job.id} for chat ${chatId} is overdue (target ${atStr}); firing immediately.`);
+				rule = new Date(Date.now() + 100);
 			}
 			isOneOff = true;
 		} else {
@@ -1579,7 +2051,7 @@ var CronManager = class {
 			const settingsPath = getSettingsPath();
 			let globalSettings;
 			try {
-				const settingsStr = await fs$1.readFile(settingsPath, "utf8");
+				const settingsStr = await fsPromises.readFile(settingsPath, "utf8");
 				globalSettings = JSON.parse(settingsStr);
 			} catch {
 				globalSettings = void 0;
@@ -1598,6 +2070,7 @@ var CronManager = class {
 			if (job.nextSessionId !== void 0 && !isOutdatedSession) routerState.nextSessionId = job.nextSessionId;
 			if (job.action !== void 0) routerState.action = job.action;
 			if (job.jobs !== void 0) routerState.jobs = job.jobs;
+			routerState.jobId = job.id;
 			const resolvedRouters = resolveRouters(chatSettings.routers ?? globalSettings?.routers ?? [], false);
 			const initialState = { ...routerState };
 			routerState = await executeRouterPipeline(routerState, resolvedRouters);
@@ -1624,7 +2097,7 @@ async function getUniquePath(p) {
 	let currentPath = p;
 	let counter = 1;
 	while (true) try {
-		await fs$1.stat(currentPath);
+		await fsPromises.stat(currentPath);
 		const ext = path.extname(p);
 		const base = path.basename(p, ext);
 		currentPath = path.join(path.dirname(p), `${base}-${counter}${ext}`);
@@ -1667,7 +2140,7 @@ async function validateAttachments(files) {
 			message: "File must be inside the temporary directory."
 		});
 		try {
-			await fs$1.access(absoluteFile);
+			await fsPromises.access(absoluteFile);
 		} catch {
 			throw new TRPCError({
 				code: "BAD_REQUEST",
@@ -1683,7 +2156,7 @@ async function validateLogFile(file, agentDir, workspaceRoot) {
 		message: "File must be within the agent workspace."
 	});
 	try {
-		await fs$1.access(resolvedPath);
+		await fsPromises.access(resolvedPath);
 	} catch {
 		throw new TRPCError({
 			code: "BAD_REQUEST",
@@ -1696,14 +2169,15 @@ async function listCronJobsShared(chatId) {
 	return (await readChatSettings(chatId))?.jobs ?? [];
 }
 async function addCronJobShared(chatId, job) {
+	const normalized = normalizeJob(job);
 	const settings = await readChatSettings(chatId) || {};
 	const cronJobs = settings.jobs ?? [];
-	const existingIndex = cronJobs.findIndex((j) => j.id === job.id);
-	if (existingIndex >= 0) cronJobs[existingIndex] = job;
-	else cronJobs.push(job);
+	const existingIndex = cronJobs.findIndex((j) => j.id === normalized.id);
+	if (existingIndex >= 0) cronJobs[existingIndex] = normalized;
+	else cronJobs.push(normalized);
 	settings.jobs = cronJobs;
 	await writeChatSettings(chatId, settings);
-	cronManager.scheduleJob(chatId, job);
+	cronManager.scheduleJob(chatId, normalized);
 	return { success: true };
 }
 async function deleteCronJobShared(chatId, id) {
@@ -1740,7 +2214,8 @@ const sendMessage = apiProcedure.input(z.object({
 		agentId: z.string().optional(),
 		noWait: z.boolean().optional(),
 		files: z.array(z.string()).optional(),
-		adapter: z.string().optional()
+		adapter: z.string().optional(),
+		externalRef: z.string().optional()
 	})
 })).mutation(async ({ input }) => {
 	let message = input.data.message;
@@ -1751,7 +2226,7 @@ const sendMessage = apiProcedure.input(z.object({
 	const settingsPath = getSettingsPath();
 	let settings;
 	try {
-		const settingsStr = await fs$1.readFile(settingsPath, "utf8");
+		const settingsStr = await fsPromises.readFile(settingsPath, "utf8");
 		settings = JSON.parse(settingsStr);
 	} catch (err) {
 		throw new Error(`Failed to read settings from ${settingsPath}: ${err}`, { cause: err });
@@ -1769,23 +2244,23 @@ const sendMessage = apiProcedure.input(z.object({
 			message: "Target directory must be within the workspace."
 		});
 		await validateAttachments(files);
-		await fs$1.mkdir(targetDir, { recursive: true });
+		await fsPromises.mkdir(targetDir, { recursive: true });
 		const finalPaths = [];
 		for (const file of files) {
 			const fileName = path.basename(file);
 			const targetPath = await getUniquePath(path.join(targetDir, fileName));
 			try {
-				await fs$1.rename(file, targetPath);
+				await fsPromises.rename(file, targetPath);
 			} catch {
-				await fs$1.copyFile(file, targetPath);
-				await fs$1.unlink(file);
+				await fsPromises.copyFile(file, targetPath);
+				await fsPromises.unlink(file);
 			}
 			finalPaths.push(path.relative(agentDir, targetPath));
 		}
 		const fileList = `Attached files:\n${finalPaths.map((p) => `- ${p}`).join("\n")}`;
 		message = message ? `${message}\n\n${fileList}` : fileList;
 	}
-	await handleUserMessage(chatId, message, settings, void 0, noWait, sessionId, agentId);
+	await handleUserMessage(chatId, message, settings, void 0, noWait, sessionId, agentId, input.data.externalRef);
 	return { success: true };
 });
 const getMessages = apiProcedure.input(z.object({
@@ -1794,6 +2269,11 @@ const getMessages = apiProcedure.input(z.object({
 })).query(async ({ input }) => {
 	return getMessages$1(input.chatId ?? await getDefaultChatId(), input.limit);
 });
+/**
+* Interleaved chat stream: `ChatMessage` appends and turn lifecycle events
+* arrive on a single subscription in emission order. Consumers that only
+* care about messages can ignore items with `kind: 'turn'`.
+*/
 const waitForMessages = apiProcedure.input(z.object({
 	chatId: z.string().optional(),
 	lastMessageId: z.string().optional()
@@ -1802,10 +2282,16 @@ const waitForMessages = apiProcedure.input(z.object({
 	if (input.lastMessageId) {
 		const messages = await getMessages$1(chatId);
 		const lastIndex = messages.findIndex((m) => m.id === input.lastMessageId);
-		if (lastIndex !== -1 && lastIndex < messages.length - 1) yield messages.slice(lastIndex + 1);
+		if (lastIndex !== -1 && lastIndex < messages.length - 1) yield messages.slice(lastIndex + 1).map((message) => ({
+			kind: "message",
+			message
+		}));
 	}
 	try {
-		for await (const [event] of on(daemonEvents, DAEMON_EVENT_MESSAGE_APPENDED, { signal })) if (event.chatId === chatId) yield [event.message];
+		for await (const [envelope] of on(daemonEvents, DAEMON_EVENT_CHAT_STREAM, { signal })) {
+			const e = envelope;
+			if (e.chatId === chatId) yield [e.item];
+		}
 	} catch (err) {
 		if (err instanceof Error && err.name === "AbortError") return;
 		throw err;
@@ -1890,7 +2376,7 @@ var PolicyRequestService = class {
 		this.snapshotDir = snapshotDir;
 		this.maxPending = maxPending;
 	}
-	async createRequest(commandName, args, fileMappings, chatId, agentId, skipSave = false, subagentId) {
+	async createRequest(commandName, args, fileMappings, chatId, agentId, skipSave = false, subagentId, cwd) {
 		const allRequests = await this.store.list();
 		if (allRequests.filter((r) => r.state === "Pending").length >= this.maxPending) throw new Error(`Maximum number of pending requests (${this.maxPending}) reached.`);
 		const snapshotMappings = {};
@@ -1904,6 +2390,7 @@ var PolicyRequestService = class {
 			commandName,
 			args,
 			fileMappings: snapshotMappings,
+			...cwd ? { cwd } : {},
 			state: skipSave ? "Approved" : "Pending",
 			createdAt: Date.now(),
 			chatId,
@@ -1918,6 +2405,174 @@ var PolicyRequestService = class {
 	}
 };
 
+//#endregion
+//#region src/daemon/api/agent-policy-endpoints.ts
+const MAX_POLICY_SCRIPT_BYTES = 1 * 1024 * 1024;
+const MAX_INLINE_SCRIPT_LENGTH = 4e3;
+const listPolicies = apiProcedure.query(async ({ ctx }) => {
+	const workspaceRoot = getWorkspaceRoot();
+	return { policies: (await readPoliciesForPath(await resolveAgentDir(ctx.tokenPayload?.agentId, workspaceRoot), workspaceRoot))?.policies || {} };
+});
+const readPolicyScript = apiProcedure.input(z.object({ commandName: z.string() })).query(async ({ input, ctx }) => {
+	const workspaceRoot = getWorkspaceRoot();
+	const agentDir = await resolveAgentDir(ctx.tokenPayload?.agentId, workspaceRoot);
+	const policy = (await readPoliciesForPath(agentDir, workspaceRoot))?.policies?.[input.commandName];
+	if (!policy) throw new TRPCError({
+		code: "NOT_FOUND",
+		message: `Policy not found: ${input.commandName}`
+	});
+	const scriptsDir = path.join(getClawminiDir(), "policy-scripts");
+	const resolvedCommand = path.resolve(policy.command);
+	if (!pathIsInsideDir(resolvedCommand, scriptsDir, { allowSameDir: false })) throw new TRPCError({
+		code: "BAD_REQUEST",
+		message: `Policy '${input.commandName}' does not point at a script in policy-scripts/.`
+	});
+	let realCommand;
+	let realScriptsDir;
+	try {
+		realCommand = await fsPromises.realpath(resolvedCommand);
+	} catch (err) {
+		throw new TRPCError({
+			code: "NOT_FOUND",
+			message: `Script file not found for policy '${input.commandName}': ${err instanceof Error ? err.message : String(err)}`
+		});
+	}
+	try {
+		realScriptsDir = await fsPromises.realpath(scriptsDir);
+	} catch {
+		throw new TRPCError({
+			code: "BAD_REQUEST",
+			message: `Policy '${input.commandName}' does not point at a script in policy-scripts/.`
+		});
+	}
+	if (!pathIsInsideDir(realCommand, realScriptsDir, { allowSameDir: false })) throw new TRPCError({
+		code: "BAD_REQUEST",
+		message: `Policy '${input.commandName}' does not point at a script in policy-scripts/.`
+	});
+	let stat;
+	try {
+		stat = await fsPromises.stat(realCommand);
+	} catch (err) {
+		throw new TRPCError({
+			code: "NOT_FOUND",
+			message: `Script file not found for policy '${input.commandName}': ${err instanceof Error ? err.message : String(err)}`
+		});
+	}
+	if (!stat.isFile()) throw new TRPCError({
+		code: "BAD_REQUEST",
+		message: `Script path for policy '${input.commandName}' is not a regular file.`
+	});
+	if (stat.size > MAX_POLICY_SCRIPT_BYTES) throw new TRPCError({
+		code: "BAD_REQUEST",
+		message: `Script file exceeds the ${MAX_POLICY_SCRIPT_BYTES}-byte limit.`
+	});
+	if (stat.size > MAX_INLINE_SCRIPT_LENGTH) {
+		const tmpDir = path.join(agentDir, "tmp");
+		await fsPromises.mkdir(tmpDir, { recursive: true });
+		const ext = path.extname(realCommand);
+		const safeName = input.commandName.replace(/[^a-zA-Z0-9._-]/g, "_");
+		const destPath = path.join(tmpDir, `policy-script-${safeName}${ext}`);
+		await fsPromises.copyFile(realCommand, destPath);
+		return {
+			path: realCommand,
+			size: stat.size,
+			spilledTo: `./tmp/policy-script-${safeName}${ext}`
+		};
+	}
+	const content = await fsPromises.readFile(realCommand, "utf8");
+	return {
+		path: realCommand,
+		size: stat.size,
+		content
+	};
+});
+const executePolicyHelp = apiProcedure.input(z.object({ commandName: z.string() })).query(async ({ input, ctx }) => {
+	const workspaceRoot = getWorkspaceRoot();
+	const policy = (await readPoliciesForPath(await resolveAgentDir(ctx.tokenPayload?.agentId, workspaceRoot), workspaceRoot))?.policies?.[input.commandName];
+	if (!policy) throw new TRPCError({
+		code: "NOT_FOUND",
+		message: `Policy not found: ${input.commandName}`
+	});
+	if (!policy.allowHelp) return {
+		stdout: "",
+		stderr: "This command does not support --help\n",
+		exitCode: 1
+	};
+	const fullArgs = [...policy.args || [], "--help"];
+	const { stdout, stderr, exitCode } = await executeSafe(policy.command, fullArgs, { cwd: getWorkspaceRoot() });
+	return {
+		stdout,
+		stderr,
+		exitCode
+	};
+});
+const createPolicyRequest = apiProcedure.input(z.object({
+	commandName: z.string(),
+	args: z.array(z.string()),
+	fileMappings: z.record(z.string(), z.string()),
+	cwd: z.string().optional()
+})).mutation(async ({ input, ctx }) => {
+	if (!ctx.tokenPayload) throw new TRPCError({
+		code: "UNAUTHORIZED",
+		message: "Missing token"
+	});
+	const workspaceRoot = getWorkspaceRoot(process.cwd());
+	const snapshotDir = path.join(getClawminiDir(process.cwd()), "tmp", "snapshots");
+	const store = new RequestStore(process.cwd());
+	const agentDir = await resolveAgentDir(ctx.tokenPayload?.agentId, workspaceRoot);
+	const service = new PolicyRequestService(store, agentDir, snapshotDir);
+	const chatId = ctx.tokenPayload.chatId;
+	const agentId = ctx.tokenPayload.agentId;
+	const policy = (await readPoliciesForPath(agentDir, workspaceRoot))?.policies?.[input.commandName];
+	if (!policy) throw new TRPCError({
+		code: "NOT_FOUND",
+		message: `Policy not found: ${input.commandName}`
+	});
+	const isAutoApprove = !!policy.autoApprove;
+	const request = await service.createRequest(input.commandName, input.args, input.fileMappings, chatId, agentId, isAutoApprove, ctx.tokenPayload.subagentId, input.cwd);
+	if (isAutoApprove) {
+		const result = await executeRequest(request, policy, await resolveRequestCwd(request.cwd, agentId, workspaceRoot));
+		const { exitCode, commandStr } = result;
+		const { stdout, stderr } = await truncateLargeOutput(result.stdout, result.stderr, request.id, agentId);
+		request.executionResult = {
+			stdout,
+			stderr,
+			exitCode
+		};
+		await appendMessage(chatId, {
+			id: randomUUID(),
+			messageId: randomUUID(),
+			role: "policy",
+			requestId: request.id,
+			commandName: input.commandName,
+			args: input.args,
+			status: "approved",
+			content: `[Auto-approved] Policy ${input.commandName} was executed.\n\nCommand: ${commandStr}\nExit Code: ${exitCode}\n\nStdout:\n${stdout}\n\nStderr:\n${stderr}`,
+			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			sessionId: ctx.tokenPayload.sessionId,
+			...ctx.tokenPayload.subagentId ? { subagentId: ctx.tokenPayload.subagentId } : {},
+			...ctx.tokenPayload.turnId ? { turnId: ctx.tokenPayload.turnId } : {}
+		});
+		return request;
+	}
+	const previewContent = await generateRequestPreview(request);
+	await appendMessage(chatId, {
+		id: randomUUID(),
+		messageId: randomUUID(),
+		role: "policy",
+		requestId: request.id,
+		commandName: input.commandName,
+		args: input.args,
+		status: "pending",
+		content: previewContent,
+		timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+		displayRole: "agent",
+		sessionId: ctx.tokenPayload.sessionId,
+		...ctx.tokenPayload.turnId ? { turnId: ctx.tokenPayload.turnId } : {}
+	});
+	return request;
+});
+
 //#endregion
 //#region src/daemon/api/subagent-utils.ts
 function getSubagentDepth(settings, parentId) {
@@ -1929,62 +2584,87 @@ function getSubagentDepth(settings, parentId) {
 	}
 	return depth;
 }
+/**
+* Executes a subagent. Callers MUST have already called `incrementSubagent`
+* for the parent's turn synchronously before any `await` — this function's
+* `finally` block decrements, and we need the caller to increment earlier
+* so that a sibling's completing task cannot decrement the parent's counter
+* to zero (firing `turnEnded`) before this call's task is enqueued.
+*/
 async function executeSubagent(chatId, subagentId, agentId, sessionId, prompt, isAsync, parentTokenPayload, workspaceRoot) {
+	const parentTurnId = parentTokenPayload?.turnId;
 	try {
-		const settings = await readChatSettings(chatId) || {};
-		const resolvedRouters = resolveRouters(settings.routers ?? [], false);
-		let routerState = {
-			messageId: randomUUID(),
-			message: prompt,
-			chatId,
-			agentId,
-			sessionId,
-			env: {}
-		};
-		const initialState = { ...routerState };
-		routerState = await executeRouterPipeline(routerState, resolvedRouters);
-		await applyRouterStateUpdates(chatId, workspaceRoot, routerState, settings, initialState.agentId);
-		await executeDirectMessage(chatId, routerState, void 0, workspaceRoot, false, void 0, subagentId);
-		if (taskScheduler.hasTasks(sessionId)) return;
-		await updateChatSettings(chatId, (finalSettings) => {
-			if (finalSettings.subagents?.[subagentId]) finalSettings.subagents[subagentId].status = "completed";
-			return finalSettings;
-		});
-		const logger = createChatLogger(chatId, subagentId);
-		await logger.logSubagentStatus({
-			subagentId,
-			status: "completed"
-		});
-		if (isAsync) {
-			const lastLogMessage = await logger.findLastMessage((m) => m.role === "agent" || m.displayRole === "agent");
-			let outputContent = "";
-			if (lastLogMessage && "content" in lastLogMessage) outputContent = `\n\n<subagent_output>\n${lastLogMessage.content}\n</subagent_output>`;
-			console.log("Notifying parent", chatId, parentTokenPayload?.agentId, parentTokenPayload?.subagentId);
-			await executeDirectMessage(chatId, {
+		try {
+			const settings = await readChatSettings(chatId) || {};
+			const resolvedRouters = resolveRouters(settings.routers ?? [], false);
+			let routerState = {
 				messageId: randomUUID(),
-				message: `<notification>Subagent ${subagentId} completed.</notification>${outputContent}`,
+				message: prompt,
 				chatId,
-				agentId: parentTokenPayload?.agentId || "default",
-				...parentTokenPayload?.subagentId ? { subagentId: parentTokenPayload.subagentId } : {},
-				sessionId: parentTokenPayload?.sessionId || "default",
+				agentId,
+				sessionId,
+				subagentId,
 				env: {}
-			}, void 0, workspaceRoot, true, void 0, parentTokenPayload?.subagentId, "subagent_update");
+			};
+			const initialState = { ...routerState };
+			routerState = await executeRouterPipeline(routerState, resolvedRouters);
+			await applyRouterStateUpdates(chatId, workspaceRoot, routerState, settings, initialState.agentId);
+			await executeDirectMessage(chatId, routerState, void 0, workspaceRoot, false, void 0, subagentId, void 0, void 0, parentTurnId);
+			if (taskScheduler.hasTasks(sessionId)) return;
+			await updateChatSettings(chatId, (finalSettings) => {
+				if (finalSettings.subagents?.[subagentId]) finalSettings.subagents[subagentId].status = "completed";
+				return finalSettings;
+			});
+			const logger = createChatLogger(chatId, subagentId, sessionId, parentTurnId);
+			await logger.logSubagentStatus({
+				subagentId,
+				status: "completed"
+			});
+			if (isAsync) {
+				const lastLogMessage = await logger.findLastMessage((m) => m.role === "agent" || m.displayRole === "agent");
+				let outputContent = "";
+				if (lastLogMessage && "content" in lastLogMessage) outputContent = `\n\n<subagent_output>\n${lastLogMessage.content}\n</subagent_output>`;
+				console.log("Notifying parent", chatId, parentTokenPayload?.agentId, parentTokenPayload?.subagentId);
+				await executeDirectMessage(chatId, {
+					messageId: randomUUID(),
+					message: `<notification>Subagent ${subagentId} completed.</notification>${outputContent}`,
+					chatId,
+					agentId: parentTokenPayload?.agentId || "default",
+					...parentTokenPayload?.subagentId ? { subagentId: parentTokenPayload.subagentId } : {},
+					sessionId: parentTokenPayload?.sessionId || "default",
+					env: {}
+				}, void 0, workspaceRoot, true, void 0, parentTokenPayload?.subagentId, "subagent_update", void 0, parentTurnId);
+			}
+		} catch {
+			await updateChatSettings(chatId, (errSettings) => {
+				if (errSettings.subagents?.[subagentId]) errSettings.subagents[subagentId].status = "failed";
+				return errSettings;
+			});
+			await createChatLogger(chatId, subagentId, sessionId, parentTurnId).logSubagentStatus({
+				subagentId,
+				status: "failed"
+			});
 		}
-	} catch {
-		await updateChatSettings(chatId, (errSettings) => {
-			if (errSettings.subagents?.[subagentId]) errSettings.subagents[subagentId].status = "failed";
-			return errSettings;
-		});
-		await createChatLogger(chatId, subagentId).logSubagentStatus({
-			subagentId,
-			status: "failed"
-		});
+	} finally {
+		decrementSubagent(parentTurnId);
 	}
 }
 
 //#endregion
 //#region src/daemon/api/subagent-router.ts
 const MAX_SUBAGENT_DEPTH = 2;
+function assertSubagentAccess(settings, subagentId, callerSubagentId) {
+	const sub = settings?.subagents?.[subagentId];
+	if (!sub) throw new TRPCError({
+		code: "NOT_FOUND",
+		message: "Subagent not found"
+	});
+	if (sub.parentId !== callerSubagentId) throw new TRPCError({
+		code: "FORBIDDEN",
+		message: "Subagent is not a child of the caller"
+	});
+	return sub;
+}
 const subagentSpawn = apiProcedure.input(z.object({
 	subagentId: z.string().optional(),
 	targetAgentId: z.string().optional(),
@@ -1998,39 +2678,47 @@ const subagentSpawn = apiProcedure.input(z.object({
 	const chatId = ctx.tokenPayload.chatId;
 	const parentAgentId = ctx.tokenPayload.agentId;
 	const parentId = ctx.tokenPayload.subagentId;
+	const parentTurnId = ctx.tokenPayload.turnId;
 	const id = input.subagentId || randomUUID();
 	const sessionId = randomUUID();
 	const agentId = input.targetAgentId || parentAgentId;
 	let depth = 0;
-	await updateChatSettings(chatId, (settings) => {
-		settings.subagents = settings.subagents || {};
-		depth = getSubagentDepth(settings, parentId);
-		if (depth >= MAX_SUBAGENT_DEPTH) throw new TRPCError({
-			code: "BAD_REQUEST",
-			message: "Max subagent depth reached"
-		});
-		if (settings.subagents[id]) throw new TRPCError({
-			code: "BAD_REQUEST",
-			message: "Subagent ID already exists"
+	incrementSubagent(parentTurnId);
+	let handedOff = false;
+	try {
+		await updateChatSettings(chatId, (settings) => {
+			settings.subagents = settings.subagents || {};
+			depth = getSubagentDepth(settings, parentId);
+			if (depth >= MAX_SUBAGENT_DEPTH) throw new TRPCError({
+				code: "BAD_REQUEST",
+				message: "Max subagent depth reached"
+			});
+			if (settings.subagents[id]) throw new TRPCError({
+				code: "BAD_REQUEST",
+				message: "Subagent ID already exists"
+			});
+			settings.subagents[id] = {
+				id,
+				agentId,
+				sessionId,
+				createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+				status: "active",
+				parentId
+			};
+			return settings;
 		});
-		settings.subagents[id] = {
+		const workspaceRoot = getWorkspaceRoot(process.cwd());
+		const isAsync = input.async ?? depth === 0;
+		handedOff = true;
+		executeSubagent(chatId, id, agentId, sessionId, input.prompt, isAsync, ctx.tokenPayload, workspaceRoot);
+		return {
 			id,
-			agentId,
-			sessionId,
-			createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-			status: "active",
-			parentId
+			depth,
+			isAsync
 		};
-		return settings;
-	});
-	const workspaceRoot = getWorkspaceRoot(process.cwd());
-	const isAsync = input.async ?? depth === 0;
-	executeSubagent(chatId, id, agentId, sessionId, input.prompt, isAsync, ctx.tokenPayload, workspaceRoot);
-	return {
-		id,
-		depth,
-		isAsync
-	};
+	} finally {
+		if (!handedOff) decrementSubagent(parentTurnId);
+	}
 });
 const subagentSend = apiProcedure.input(z.object({
 	subagentId: z.string(),
@@ -2042,26 +2730,26 @@ const subagentSend = apiProcedure.input(z.object({
 		message: "Missing token"
 	});
 	const chatId = ctx.tokenPayload.chatId;
+	const parentTurnId = ctx.tokenPayload.turnId;
 	let sub;
-	await updateChatSettings(chatId, (settings) => {
-		if (!settings.subagents?.[input.subagentId]) throw new TRPCError({
-			code: "NOT_FOUND",
-			message: "Subagent not found"
+	incrementSubagent(parentTurnId);
+	let handedOff = false;
+	try {
+		await updateChatSettings(chatId, (settings) => {
+			sub = assertSubagentAccess(settings, input.subagentId, ctx.tokenPayload.subagentId);
+			sub.status = "active";
+			return settings;
 		});
-		sub = settings.subagents[input.subagentId];
-		sub.status = "active";
-		return settings;
-	});
-	const workspaceRoot = getWorkspaceRoot(process.cwd());
-	executeSubagent(chatId, sub.id, sub.agentId || "default", sub.sessionId || "default", input.prompt, input.async, ctx.tokenPayload, workspaceRoot);
-	return { success: true };
+		const workspaceRoot = getWorkspaceRoot(process.cwd());
+		handedOff = true;
+		executeSubagent(chatId, sub.id, sub.agentId || "default", sub.sessionId || "default", input.prompt, input.async, ctx.tokenPayload, workspaceRoot);
+		return { success: true };
+	} finally {
+		if (!handedOff) decrementSubagent(parentTurnId);
+	}
 });
-async function checkSubagentStatus(chatId, subagentId) {
-	const sub = (await readChatSettings(chatId))?.subagents?.[subagentId];
-	if (!sub) throw new TRPCError({
-		code: "NOT_FOUND",
-		message: "Subagent not found"
-	});
+async function checkSubagentStatus(chatId, subagentId, callerSubagentId) {
+	const sub = assertSubagentAccess(await readChatSettings(chatId), subagentId, callerSubagentId);
 	if (sub.status === "completed" || sub.status === "failed") {
 		let outputContent;
 		if (sub.status === "completed") {
@@ -2090,7 +2778,7 @@ const subagentWait = apiProcedure.input(z.object({ subagentId: z.string() })).mu
 	if (signal) signal.addEventListener("abort", onAbort);
 	const eventIterator = on(daemonEvents, DAEMON_EVENT_MESSAGE_APPENDED, { signal: ac.signal });
 	try {
-		const initialStatus = await checkSubagentStatus(chatId, input.subagentId);
+		const initialStatus = await checkSubagentStatus(chatId, input.subagentId, ctx.tokenPayload.subagentId);
 		if (initialStatus) {
 			clearTimeout(timeout);
 			if (signal) signal.removeEventListener("abort", onAbort);
@@ -2098,7 +2786,7 @@ const subagentWait = apiProcedure.input(z.object({ subagentId: z.string() })).mu
 		}
 		for await (const [event] of eventIterator) if (event.chatId === chatId && event.message?.subagentId === input.subagentId) {
 			if (event.message.role === "subagent_status") {
-				const status = await checkSubagentStatus(chatId, input.subagentId);
+				const status = await checkSubagentStatus(chatId, input.subagentId, ctx.tokenPayload.subagentId);
 				if (status) {
 					clearTimeout(timeout);
 					if (signal) signal.removeEventListener("abort", onAbort);
@@ -2130,13 +2818,9 @@ const subagentStop = apiProcedure.input(z.object({ subagentId: z.string() })).mu
 	const chatId = ctx.tokenPayload.chatId;
 	let subToStop;
 	await updateChatSettings(chatId, (settings) => {
-		if (settings.subagents) {
-			const sub = settings.subagents[input.subagentId];
-			if (sub) {
-				sub.status = "failed";
-				subToStop = sub;
-			}
-		}
+		const sub = assertSubagentAccess(settings, input.subagentId, ctx.tokenPayload.subagentId);
+		sub.status = "failed";
+		subToStop = sub;
 		return settings;
 	});
 	if (subToStop) (await createAgentSession({
@@ -2156,10 +2840,8 @@ const subagentDelete = apiProcedure.input(z.object({ subagentId: z.string() })).
 	const chatId = ctx.tokenPayload.chatId;
 	let subToDelete;
 	await updateChatSettings(chatId, (settings) => {
-		if (settings.subagents && settings.subagents[input.subagentId]) {
-			subToDelete = settings.subagents[input.subagentId];
-			delete settings.subagents[input.subagentId];
-		}
+		subToDelete = assertSubagentAccess(settings, input.subagentId, ctx.tokenPayload.subagentId);
+		delete settings.subagents[input.subagentId];
 		return settings;
 	});
 	if (subToDelete) {
@@ -2204,6 +2886,7 @@ const subagentTail = apiProcedure.input(z.object({
 		message: "Missing token"
 	});
 	const chatId = ctx.tokenPayload.chatId;
+	assertSubagentAccess(await readChatSettings(chatId), input.subagentId, ctx.tokenPayload.subagentId);
 	return { messages: await createChatLogger(chatId, input.subagentId).getMessages(input.limit) };
 });
 
@@ -2241,7 +2924,9 @@ const logMessage = apiProcedure.input(z.object({
 		command: `clawmini-lite log${filesArgStr}`,
 		cwd: process.cwd(),
 		exitCode: 0,
+		sessionId: ctx.tokenPayload.sessionId,
 		...ctx.tokenPayload.subagentId ? { subagentId: ctx.tokenPayload.subagentId } : {},
+		...ctx.tokenPayload.turnId ? { turnId: ctx.tokenPayload.turnId } : {},
 		...filePaths.length > 0 ? { files: filePaths } : {}
 	});
 	return { success: true };
@@ -2271,7 +2956,9 @@ const logReplyMessage = apiProcedure.input(z.object({
 		role: "agent",
 		content: input.message,
 		timestamp,
+		sessionId: ctx.tokenPayload.sessionId,
 		...ctx.tokenPayload.subagentId ? { subagentId: ctx.tokenPayload.subagentId } : {},
+		...ctx.tokenPayload.turnId ? { turnId: ctx.tokenPayload.turnId } : {},
 		...filePaths.length > 0 ? { files: filePaths } : {}
 	});
 	return { success: true };
@@ -2304,7 +2991,9 @@ const logToolMessage = apiProcedure.input(z.object({
 		payload: payloadObj,
 		content: contentStr,
 		timestamp,
-		...ctx.tokenPayload.subagentId ? { subagentId: ctx.tokenPayload.subagentId } : {}
+		sessionId: ctx.tokenPayload.sessionId,
+		...ctx.tokenPayload.subagentId ? { subagentId: ctx.tokenPayload.subagentId } : {},
+		...ctx.tokenPayload.turnId ? { turnId: ctx.tokenPayload.turnId } : {}
 	});
 	return { success: true };
 });
@@ -2316,15 +3005,34 @@ const agentListCronJobs = apiProcedure.query(async ({ ctx }) => {
 	const chatId = ctx.tokenPayload.chatId;
 	return listCronJobsShared(chatId);
 });
-const agentAddCronJob = apiProcedure.input(z.object({ job: CronJobSchema })).mutation(async ({ input, ctx }) => {
+const AgentCronJobInputSchema = z.strictObject({
+	id: z.string().min(1),
+	message: z.string().default(""),
+	reply: z.string().optional(),
+	session: z.union([z.strictObject({ type: z.literal("new") }), z.strictObject({
+		type: z.literal("existing"),
+		id: z.string()
+	})]).optional(),
+	schedule: z.union([
+		z.strictObject({ cron: z.string() }),
+		z.strictObject({ every: z.string() }),
+		z.strictObject({ at: z.string() })
+	])
+});
+const agentAddCronJob = apiProcedure.input(z.object({ job: AgentCronJobInputSchema })).mutation(async ({ input, ctx }) => {
 	if (!ctx.tokenPayload) throw new TRPCError({
 		code: "UNAUTHORIZED",
 		message: "Missing token"
 	});
 	const chatId = ctx.tokenPayload.chatId;
 	return addCronJobShared(chatId, {
-		...input.job,
-		agentId: ctx.tokenPayload.agentId
+		id: input.job.id,
+		message: input.job.message,
+		schedule: input.job.schedule,
+		createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+		agentId: ctx.tokenPayload.agentId,
+		...input.job.reply !== void 0 ? { reply: input.job.reply } : {},
+		...input.job.session !== void 0 ? { session: input.job.session } : {}
 	});
 });
 const agentDeleteCronJob = apiProcedure.input(z.object({ id: z.string() })).mutation(async ({ input, ctx }) => {
@@ -2335,87 +3043,6 @@ const agentDeleteCronJob = apiProcedure.input(z.object({ id: z.string() })).muta
 	const chatId = ctx.tokenPayload.chatId;
 	return deleteCronJobShared(chatId, input.id);
 });
-const listPolicies = apiProcedure.query(async () => {
-	return await readPolicies();
-});
-const executePolicyHelp = apiProcedure.input(z.object({ commandName: z.string() })).query(async ({ input }) => {
-	const policy = (await readPolicies())?.policies?.[input.commandName];
-	if (!policy) throw new TRPCError({
-		code: "NOT_FOUND",
-		message: `Policy not found: ${input.commandName}`
-	});
-	if (!policy.allowHelp) return {
-		stdout: "",
-		stderr: "This command does not support --help\n",
-		exitCode: 1
-	};
-	const fullArgs = [...policy.args || [], "--help"];
-	const { stdout, stderr, exitCode } = await executeSafe(policy.command, fullArgs, { cwd: getWorkspaceRoot() });
-	return {
-		stdout,
-		stderr,
-		exitCode
-	};
-});
-const createPolicyRequest = apiProcedure.input(z.object({
-	commandName: z.string(),
-	args: z.array(z.string()),
-	fileMappings: z.record(z.string(), z.string())
-})).mutation(async ({ input, ctx }) => {
-	if (!ctx.tokenPayload) throw new TRPCError({
-		code: "UNAUTHORIZED",
-		message: "Missing token"
-	});
-	const workspaceRoot = getWorkspaceRoot(process.cwd());
-	const snapshotDir = path.join(getClawminiDir(process.cwd()), "tmp", "snapshots");
-	const store = new RequestStore(process.cwd());
-	const service = new PolicyRequestService(store, await resolveAgentDir(ctx.tokenPayload?.agentId, workspaceRoot), snapshotDir);
-	const chatId = ctx.tokenPayload.chatId;
-	const agentId = ctx.tokenPayload.agentId;
-	const policy = (await readPolicies())?.policies?.[input.commandName];
-	if (!policy) throw new TRPCError({
-		code: "NOT_FOUND",
-		message: `Policy not found: ${input.commandName}`
-	});
-	const isAutoApprove = !!policy.autoApprove;
-	const request = await service.createRequest(input.commandName, input.args, input.fileMappings, chatId, agentId, isAutoApprove, ctx.tokenPayload.subagentId);
-	if (isAutoApprove) {
-		const { stdout, stderr, exitCode, commandStr } = await executeRequest(request, policy, getWorkspaceRoot());
-		request.executionResult = {
-			stdout,
-			stderr,
-			exitCode
-		};
-		await store.save(request);
-		await appendMessage(chatId, {
-			id: randomUUID(),
-			messageId: randomUUID(),
-			role: "policy",
-			requestId: request.id,
-			commandName: input.commandName,
-			args: input.args,
-			status: "approved",
-			content: `[Auto-approved] Policy ${input.commandName} was executed.\n\nCommand: ${commandStr}\nExit Code: ${exitCode}\n\nStdout:\n${stdout}\n\nStderr:\n${stderr}`,
-			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-			...ctx.tokenPayload.subagentId ? { subagentId: ctx.tokenPayload.subagentId } : {}
-		});
-		return request;
-	}
-	const previewContent = await generateRequestPreview(request);
-	await appendMessage(chatId, {
-		id: randomUUID(),
-		messageId: randomUUID(),
-		role: "policy",
-		requestId: request.id,
-		commandName: input.commandName,
-		args: input.args,
-		status: "pending",
-		content: previewContent,
-		timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-		displayRole: "agent"
-	});
-	return request;
-});
 const fetchPendingMessages = apiProcedure.mutation(async ({ ctx }) => {
 	if (!ctx.tokenPayload?.agentId) throw new TRPCError({
 		code: "UNAUTHORIZED",
@@ -2436,6 +3063,7 @@ const agentRouter = router({
 	listPolicies,
 	executePolicyHelp,
 	createPolicyRequest,
+	readPolicyScript,
 	fetchPendingMessages,
 	ping,
 	subagentSpawn,
@@ -2482,8 +3110,7 @@ async function initDaemon() {
 						env: {
 							...process.env,
 							ENV_DIR: envDir
-						},
-						timeout: hookType === "down" ? 1e4 : void 0
+						}
 					});
 				}
 			} catch (err) {
@@ -2557,9 +3184,20 @@ async function initDaemon() {
 		}
 	};
 	await cleanOrphanedSubagents();
+	try {
+		const removed = await new RequestStore(getWorkspaceRoot()).cleanupCompleted();
+		if (removed > 0) console.log(`Cleaned up ${removed} completed policy request file(s).`);
+	} catch (err) {
+		console.warn("Failed to clean completed policy requests:", err);
+	}
 	await runHooks("up");
 	isReady = true;
 	readyPromiseResolve();
+	try {
+		await drainPendingReplies(getClawminiVersion());
+	} catch (err) {
+		console.warn("Failed to drain pending replies:", err);
+	}
 	cronManager.init().catch((err) => {
 		console.error("Failed to initialize cron manager:", err);
 	});