clisbot 0.1.13 → 0.1.16

package/dist/main.js

@@ -47740,10 +47740,10 @@ var require_view2 = __commonJS((exports, module) => {
   var debug = require_src()("express:view");
   var path2 = __require("node:path");
   var fs2 = __require("node:fs");
-  var dirname12 = path2.dirname;
+  var dirname13 = path2.dirname;
   var basename = path2.basename;
   var extname = path2.extname;
-  var join8 = path2.join;
+  var join9 = path2.join;
   var resolve = path2.resolve;
   module.exports = View;
   function View(name, options) {
@@ -47779,7 +47779,7 @@ var require_view2 = __commonJS((exports, module) => {
     for (var i = 0;i < roots.length && !path3; i++) {
       var root = roots[i];
       var loc = resolve(root, name);
-      var dir = dirname12(loc);
+      var dir = dirname13(loc);
       var file = basename(loc);
       path3 = this.resolve(dir, file);
     }
@@ -47805,12 +47805,12 @@ var require_view2 = __commonJS((exports, module) => {
   };
   View.prototype.resolve = function resolve2(dir, file) {
     var ext = this.ext;
-    var path3 = join8(dir, file);
+    var path3 = join9(dir, file);
     var stat = tryStat(path3);
     if (stat && stat.isFile()) {
       return path3;
     }
-    path3 = join8(dir, basename(file, ext), "index" + ext);
+    path3 = join9(dir, basename(file, ext), "index" + ext);
     stat = tryStat(path3);
     if (stat && stat.isFile()) {
       return path3;
@@ -51153,7 +51153,7 @@ var require_send = __commonJS((exports, module) => {
   var Stream = __require("stream");
   var util3 = __require("util");
   var extname = path2.extname;
-  var join8 = path2.join;
+  var join9 = path2.join;
   var normalize = path2.normalize;
   var resolve = path2.resolve;
   var sep2 = path2.sep;
@@ -51325,7 +51325,7 @@ var require_send = __commonJS((exports, module) => {
         return res;
       }
       parts = path3.split(sep2);
-      path3 = normalize(join8(root, path3));
+      path3 = normalize(join9(root, path3));
     } else {
       if (UP_PATH_REGEXP.test(path3)) {
         debug('malicious path "%s"', path3);
@@ -51465,7 +51465,7 @@ var require_send = __commonJS((exports, module) => {
           return self2.onStatError(err);
         return self2.error(404);
       }
-      var p = join8(path3, self2._index[i]);
+      var p = join9(path3, self2._index[i]);
       debug('stat "%s"', p);
       fs2.stat(p, function(err2, stat) {
         if (err2)
@@ -54225,7 +54225,11 @@ function resolveSlackCredential(params) {
 function materializeRuntimeChannelCredentials(config, options = {}) {
   const env = options.env ?? process.env;
   const nextConfig = structuredClone(config);
-  if (nextConfig.channels.telegram.enabled) {
+  const materializeChannels = options.materializeChannels ?? [];
+  const materializeAll = materializeChannels.length === 0;
+  const shouldMaterializeTelegram = materializeAll || materializeChannels.includes("telegram");
+  const shouldMaterializeSlack = materializeAll || materializeChannels.includes("slack");
+  if (shouldMaterializeTelegram && nextConfig.channels.telegram.enabled) {
     const accountIds = Object.keys(getAccountsRecord(nextConfig.channels.telegram.accounts));
     const ids = accountIds.length > 0 ? accountIds : [getConfiguredDefaultAccountId({
       defaultAccount: nextConfig.channels.telegram.defaultAccount,
@@ -54263,7 +54267,7 @@ function materializeRuntimeChannelCredentials(config, options = {}) {
     const fallbackTelegramAccountId = preferredDefaultTelegramAccountId && resolvedAccounts[preferredDefaultTelegramAccountId] ? preferredDefaultTelegramAccountId : Object.keys(resolvedAccounts)[0];
     nextConfig.channels.telegram.botToken = fallbackTelegramAccountId ? resolvedAccounts[fallbackTelegramAccountId]?.botToken ?? "" : "";
   }
-  if (nextConfig.channels.slack.enabled) {
+  if (shouldMaterializeSlack && nextConfig.channels.slack.enabled) {
     const accountIds = Object.keys(getAccountsRecord(nextConfig.channels.slack.accounts));
     const ids = accountIds.length > 0 ? accountIds : [getConfiguredDefaultAccountId({
       defaultAccount: nextConfig.channels.slack.defaultAccount,
@@ -54361,53 +54365,6 @@ function getConfigReloadMtimeMs(configPath) {
   return statSync(expandHomePath(configPath)).mtimeMs;
 }
 
-// src/channels/privilege-help.ts
-function renderGenericPrivilegeCommandHelpLines(prefix = "") {
-  return [
-    `${prefix}Privilege command setup:`,
-    `${prefix}  - enable for a Slack route: \`clisbot channels privilege enable slack-channel <channelId>\` or \`clisbot channels privilege enable slack-group <groupId>\``,
-    `${prefix}  - allow a Slack user: \`clisbot channels privilege allow-user slack-channel <channelId> <userId>\``,
-    `${prefix}  - enable Slack DM privilege commands: \`clisbot channels privilege enable slack-dm\``,
-    `${prefix}  - allow a Slack DM user: \`clisbot channels privilege allow-user slack-dm <userId>\``,
-    `${prefix}  - enable for a Telegram route: \`clisbot channels privilege enable telegram-group <chatId> [--topic <topicId>]\``,
-    `${prefix}  - allow a Telegram user: \`clisbot channels privilege allow-user telegram-group <chatId> <userId> [--topic <topicId>]\``,
-    `${prefix}  - enable Telegram DM privilege commands: \`clisbot channels privilege enable telegram-dm\``,
-    `${prefix}  - allow a Telegram DM user: \`clisbot channels privilege allow-user telegram-dm <userId>\``
-  ];
-}
-function renderPrivilegeCommandHelpLines(identity, prefix = "") {
-  const target = buildPrivilegeCommandTarget(identity);
-  if (!target) {
-    return [];
-  }
-  const allowUserSuffix = identity.senderId ? ` ${identity.senderId}` : " <userId>";
-  return [
-    `${prefix}Operator commands:`,
-    `${prefix}  - enable privilege commands: \`clisbot channels privilege enable ${target}\``,
-    `${prefix}  - allow this user: \`clisbot channels privilege allow-user ${target}${allowUserSuffix}\``,
-    `${prefix}  - disable privilege commands: \`clisbot channels privilege disable ${target}\``,
-    `${prefix}  - remove this user: \`clisbot channels privilege remove-user ${target}${allowUserSuffix}\``
-  ];
-}
-function buildPrivilegeCommandTarget(identity) {
-  if (identity.platform === "slack") {
-    if (identity.conversationKind === "dm") {
-      return "slack-dm";
-    }
-    if (identity.conversationKind === "group") {
-      return identity.channelId ? `slack-group ${identity.channelId}` : null;
-    }
-    return identity.channelId ? `slack-channel ${identity.channelId}` : null;
-  }
-  if (identity.conversationKind === "dm") {
-    return "telegram-dm";
-  }
-  if (!identity.chatId) {
-    return null;
-  }
-  return identity.conversationKind === "topic" && identity.topicId ? `telegram-group ${identity.chatId} --topic ${identity.topicId}` : `telegram-group ${identity.chatId}`;
-}
-
 // src/control/startup-bootstrap.ts
 var CHANNEL_ACCOUNT_DOC_PATH = "docs/user-guide/channel-accounts.md";
 var USER_GUIDE_DOC_PATH = "docs/user-guide/README.md";
@@ -54532,7 +54489,7 @@ function renderTmuxDebugHelpLines(prefix = "") {
     `${prefix}  - attach to a session: \`tmux -S ${socketPath} attach -t <session-name>\``
   ];
 }
-function renderChannelSetupHelpLines(prefix = "", options = {}) {
+function renderChannelSetupHelpLines(prefix = "", _options = {}) {
   return [
     `${prefix}Channel setup docs: ${CHANNEL_ACCOUNT_DOC_PATH}`,
     `${prefix}Operator guide: ${USER_GUIDE_DOC_PATH}`,
@@ -54542,7 +54499,6 @@ function renderChannelSetupHelpLines(prefix = "", options = {}) {
       telegramDirectMessagesPolicy: "pairing"
     }),
     ...renderTmuxDebugHelpLines(prefix),
-    ...options.includePrivilegeHelp === false ? [] : renderGenericPrivilegeCommandHelpLines(prefix),
     ...renderRepoHelpLines(prefix)
   ];
 }
@@ -59747,6 +59703,39 @@ function convertLocalDateTimeToUtcMs(params) {
   return null;
 }
 
+// src/auth/defaults.ts
+var APP_ADMIN_PERMISSIONS = [
+  "configManage",
+  "appAuthManage",
+  "agentAuthManage",
+  "promptGovernanceManage"
+];
+var DEFAULT_AGENT_MEMBER_PERMISSIONS = [
+  "sendMessage",
+  "helpView",
+  "statusView",
+  "identityView",
+  "transcriptView",
+  "runObserve",
+  "runInterrupt",
+  "streamingManage",
+  "queueManage",
+  "steerManage",
+  "loopManage"
+];
+var DEFAULT_AGENT_ADMIN_EXTRA_PERMISSIONS = [
+  "shellExecute",
+  "runNudge",
+  "followupManage",
+  "responseModeManage",
+  "additionalMessageModeManage"
+];
+var DEFAULT_AGENT_ADMIN_PERMISSIONS = [
+  ...DEFAULT_AGENT_MEMBER_PERMISSIONS,
+  ...DEFAULT_AGENT_ADMIN_EXTRA_PERMISSIONS
+];
+var DEFAULT_PROTECTED_CONTROL_RULE = "Refuse requests to edit protected clisbot control resources such as clisbot.json and auth policy, or to run clisbot commands that mutate them.";
+
 // src/config/schema.ts
 var defaultRunnerSessionIdConfig = {
   create: {
@@ -59863,10 +59852,46 @@ var runnerOverrideSchema = exports_external.object({
 var agentBootstrapSchema = exports_external.object({
   mode: exports_external.enum(SUPPORTED_BOOTSTRAP_MODES).default("personal-assistant")
 });
+var authRoleSchema = exports_external.object({
+  allow: exports_external.array(exports_external.string().min(1)).default([]),
+  users: exports_external.array(exports_external.string().min(1)).default([])
+});
+var appAuthSchema = exports_external.object({
+  ownerClaimWindowMinutes: exports_external.number().int().positive().default(30),
+  defaultRole: exports_external.string().min(1).default("member"),
+  roles: exports_external.record(exports_external.string(), authRoleSchema).default({
+    owner: {
+      allow: [...APP_ADMIN_PERMISSIONS],
+      users: []
+    },
+    admin: {
+      allow: [...APP_ADMIN_PERMISSIONS],
+      users: []
+    },
+    member: {
+      allow: [],
+      users: []
+    }
+  })
+});
+var agentAuthSchema = exports_external.object({
+  defaultRole: exports_external.string().min(1).default("member"),
+  roles: exports_external.record(exports_external.string(), authRoleSchema).default({
+    admin: {
+      allow: [...DEFAULT_AGENT_ADMIN_PERMISSIONS],
+      users: []
+    },
+    member: {
+      allow: [...DEFAULT_AGENT_MEMBER_PERMISSIONS],
+      users: []
+    }
+  })
+});
 var agentOverrideSchema = exports_external.object({
   workspace: exports_external.string().optional(),
   responseMode: exports_external.enum(["capture-pane", "message-tool"]).optional(),
   additionalMessageMode: exports_external.enum(["queue", "steer"]).optional(),
+  auth: agentAuthSchema.optional(),
   runner: runnerOverrideSchema.optional(),
   stream: streamSchema.partial().optional(),
   session: sessionSchema.partial().optional()
@@ -59881,6 +59906,19 @@ var agentEntrySchema = agentOverrideSchema.extend({
 });
 var agentDefaultsSchema = exports_external.object({
   workspace: exports_external.string().default("~/.clisbot/workspaces/{agentId}"),
+  auth: agentAuthSchema.default({
+    defaultRole: "member",
+    roles: {
+      admin: {
+        allow: [...DEFAULT_AGENT_ADMIN_PERMISSIONS],
+        users: []
+      },
+      member: {
+        allow: [...DEFAULT_AGENT_MEMBER_PERMISSIONS],
+        users: []
+      }
+    }
+  }),
   runner: runnerSchema.default({
     command: "codex",
     args: [
@@ -59947,6 +59985,7 @@ var channelAgentPromptSchema = exports_external.object({
 });
 var channelResponseModeSchema = exports_external.enum(["capture-pane", "message-tool"]);
 var channelAdditionalMessageModeSchema = exports_external.enum(["queue", "steer"]);
+var channelVerboseSchema = exports_external.enum(["off", "minimal"]);
 var timezoneSchema = exports_external.string().refine(isValidLoopTimezone, {
   message: "Expected a valid IANA timezone such as Asia/Ho_Chi_Minh"
 });
@@ -59960,6 +59999,7 @@ var slackRouteSchema = exports_external.object({
   response: slackResponseSchema.optional(),
   responseMode: channelResponseModeSchema.optional(),
   additionalMessageMode: channelAdditionalMessageModeSchema.optional(),
+  verbose: channelVerboseSchema.optional(),
   followUp: slackFollowUpOverrideSchema.optional(),
   timezone: timezoneSchema.optional()
 });
@@ -59973,6 +60013,7 @@ var telegramTopicRouteSchema = exports_external.object({
   response: slackResponseSchema.optional(),
   responseMode: channelResponseModeSchema.optional(),
   additionalMessageMode: channelAdditionalMessageModeSchema.optional(),
+  verbose: channelVerboseSchema.optional(),
   followUp: slackFollowUpOverrideSchema.optional(),
   timezone: timezoneSchema.optional()
 });
@@ -59986,6 +60027,7 @@ var telegramGroupRouteSchema = exports_external.object({
   response: slackResponseSchema.optional(),
   responseMode: channelResponseModeSchema.optional(),
   additionalMessageMode: channelAdditionalMessageModeSchema.optional(),
+  verbose: channelVerboseSchema.optional(),
   followUp: slackFollowUpOverrideSchema.optional(),
   timezone: timezoneSchema.optional(),
   topics: exports_external.record(exports_external.string(), telegramTopicRouteSchema).default({})
@@ -60003,6 +60045,7 @@ var telegramDirectMessagesSchema = exports_external.object({
   response: slackResponseSchema.optional(),
   responseMode: channelResponseModeSchema.optional(),
   additionalMessageMode: channelAdditionalMessageModeSchema.optional(),
+  verbose: channelVerboseSchema.optional(),
   followUp: slackFollowUpOverrideSchema.optional(),
   timezone: timezoneSchema.optional()
 });
@@ -60030,10 +60073,7 @@ var telegramSchema = exports_external.object({
   allowBots: exports_external.boolean().default(false),
   groupPolicy: slackConversationPolicySchema.default("allowlist"),
   defaultAgentId: exports_external.string().default("default"),
-  privilegeCommands: privilegeCommandsSchema.default({
-    enabled: false,
-    allowUsers: []
-  }),
+  privilegeCommands: privilegeCommandsSchema.optional(),
   commandPrefixes: commandPrefixesSchema.default({
     slash: ["::", "\\"],
     bash: ["!"]
@@ -60042,6 +60082,7 @@ var telegramSchema = exports_external.object({
   response: slackResponseSchema.default("final"),
   responseMode: channelResponseModeSchema.default("message-tool"),
   additionalMessageMode: channelAdditionalMessageModeSchema.default("steer"),
+  verbose: channelVerboseSchema.default("minimal"),
   followUp: slackFollowUpSchema.default({
     mode: "auto",
     participationTtlMin: 5
@@ -60072,6 +60113,7 @@ var directMessagesSchema = exports_external.object({
   response: slackResponseSchema.optional(),
   responseMode: channelResponseModeSchema.optional(),
   additionalMessageMode: channelAdditionalMessageModeSchema.optional(),
+  verbose: channelVerboseSchema.optional(),
   followUp: slackFollowUpOverrideSchema.optional(),
   timezone: timezoneSchema.optional()
 });
@@ -60106,10 +60148,7 @@ var slackSchema = exports_external.object({
   channelPolicy: slackConversationPolicySchema.default("allowlist"),
   groupPolicy: slackConversationPolicySchema.default("allowlist"),
   defaultAgentId: exports_external.string().default("default"),
-  privilegeCommands: privilegeCommandsSchema.default({
-    enabled: false,
-    allowUsers: []
-  }),
+  privilegeCommands: privilegeCommandsSchema.optional(),
   commandPrefixes: commandPrefixesSchema.default({
     slash: ["::", "\\"],
     bash: ["!"]
@@ -60118,6 +60157,7 @@ var slackSchema = exports_external.object({
   response: slackResponseSchema.default("final"),
   responseMode: channelResponseModeSchema.default("message-tool"),
   additionalMessageMode: channelAdditionalMessageModeSchema.default("steer"),
+  verbose: channelVerboseSchema.default("minimal"),
   followUp: slackFollowUpSchema.default({
     mode: "auto",
     participationTtlMin: 5
@@ -60177,6 +60217,45 @@ var clisbotConfigSchema = exports_external.object({
     identityLinks: {},
     storePath: "~/.clisbot/state/sessions.json"
   }),
+  app: exports_external.object({
+    auth: appAuthSchema.default({
+      ownerClaimWindowMinutes: 30,
+      defaultRole: "member",
+      roles: {
+        owner: {
+          allow: [...APP_ADMIN_PERMISSIONS],
+          users: []
+        },
+        admin: {
+          allow: [...APP_ADMIN_PERMISSIONS],
+          users: []
+        },
+        member: {
+          allow: [],
+          users: []
+        }
+      }
+    })
+  }).default({
+    auth: {
+      ownerClaimWindowMinutes: 30,
+      defaultRole: "member",
+      roles: {
+        owner: {
+          allow: [...APP_ADMIN_PERMISSIONS],
+          users: []
+        },
+        admin: {
+          allow: [...APP_ADMIN_PERMISSIONS],
+          users: []
+        },
+        member: {
+          allow: [],
+          users: []
+        }
+      }
+    }
+  }),
   agents: exports_external.object({
     defaults: agentDefaultsSchema,
     list: exports_external.array(agentEntrySchema).default([
@@ -60229,6 +60308,7 @@ var clisbotConfigSchema = exports_external.object({
       response: "final",
       responseMode: "message-tool",
       additionalMessageMode: "steer",
+      verbose: "minimal",
       followUp: {
         mode: "auto",
         participationTtlMin: 5
@@ -60268,17 +60348,19 @@ function resolveMaxRuntimeMs(stream) {
     defaultMinutes: 15
   });
 }
-async function loadConfig(configPath = getDefaultConfigPath()) {
+async function loadConfig(configPath = getDefaultConfigPath(), options = {}) {
   const expandedConfigPath = expandHomePath(configPath);
   const text = await readTextFile(expandedConfigPath);
   const parsed = JSON.parse(text);
+  assertNoLegacyPrivilegeCommands(parsed);
   const withDynamicDefaults = clisbotConfigSchema.parse(applyDynamicPathDefaults(parsed));
   const substituted = resolveConfigEnvVars(withDynamicDefaults, process.env, {
     skipPaths: getCredentialSkipPaths(withDynamicDefaults)
   });
   const validated = clisbotConfigSchema.parse(substituted);
   const materialized = materializeRuntimeChannelCredentials(validated, {
-    env: process.env
+    env: process.env,
+    materializeChannels: options.materializeChannels
   });
   return materializeLoadedConfig(expandedConfigPath, materialized);
 }
@@ -60286,6 +60368,7 @@ async function loadConfigWithoutEnvResolution(configPath = getDefaultConfigPath(
   const expandedConfigPath = expandHomePath(configPath);
   const text = await readTextFile(expandedConfigPath);
   const parsed = JSON.parse(text);
+  assertNoLegacyPrivilegeCommands(parsed);
   const validated = clisbotConfigSchema.parse(applyDynamicPathDefaults(parsed));
   return materializeLoadedConfig(expandedConfigPath, validated);
 }
@@ -60348,6 +60431,21 @@ function applyDynamicPathDefaults(parsed, env = process.env) {
 function isRecord2(value) {
   return typeof value === "object" && value !== null && !Array.isArray(value);
 }
+function assertNoLegacyPrivilegeCommands(value, path2 = "root") {
+  if (Array.isArray(value)) {
+    value.forEach((entry, index) => assertNoLegacyPrivilegeCommands(entry, `${path2}[${index}]`));
+    return;
+  }
+  if (!isRecord2(value)) {
+    return;
+  }
+  if (Object.prototype.hasOwnProperty.call(value, "privilegeCommands")) {
+    throw new Error(`Unsupported config key at ${path2}.privilegeCommands. Move routed permissions to app.auth and agents.<id>.auth.`);
+  }
+  for (const [key, entry] of Object.entries(value)) {
+    assertNoLegacyPrivilegeCommands(entry, `${path2}.${key}`);
+  }
+}
 function getAgentEntry(config, agentId) {
   return config.raw.agents.list.find((entry) => entry.id === agentId);
 }
@@ -60384,9 +60482,42 @@ function renderDefaultConfigTemplate(options = {}) {
       identityLinks: {},
       storePath: sessionStorePath
     },
+    app: {
+      auth: {
+        ownerClaimWindowMinutes: 30,
+        defaultRole: "member",
+        roles: {
+          owner: {
+            allow: [...APP_ADMIN_PERMISSIONS],
+            users: []
+          },
+          admin: {
+            allow: [...APP_ADMIN_PERMISSIONS],
+            users: []
+          },
+          member: {
+            allow: [],
+            users: []
+          }
+        }
+      }
+    },
     agents: {
       defaults: {
         workspace: workspaceTemplate,
+        auth: {
+          defaultRole: "member",
+          roles: {
+            admin: {
+              allow: [...DEFAULT_AGENT_ADMIN_PERMISSIONS],
+              users: []
+            },
+            member: {
+              allow: [...DEFAULT_AGENT_MEMBER_PERMISSIONS],
+              users: []
+            }
+          }
+        },
         runner: {
           command: "codex",
           args: [
@@ -60486,10 +60617,6 @@ function renderDefaultConfigTemplate(options = {}) {
         channelPolicy: "allowlist",
         groupPolicy: "allowlist",
         defaultAgentId: "default",
-        privilegeCommands: {
-          enabled: false,
-          allowUsers: []
-        },
         commandPrefixes: {
           slash: ["::", "\\"],
           bash: ["!"]
@@ -60498,6 +60625,7 @@ function renderDefaultConfigTemplate(options = {}) {
         response: "final",
         responseMode: "message-tool",
         additionalMessageMode: "steer",
+        verbose: "minimal",
         followUp: {
           mode: "auto",
           participationTtlMin: 5
@@ -60509,11 +60637,7 @@ function renderDefaultConfigTemplate(options = {}) {
           policy: "pairing",
           allowFrom: [],
           requireMention: false,
-          agentId: "default",
-          privilegeCommands: {
-            enabled: false,
-            allowUsers: []
-          }
+          agentId: "default"
         }
       },
       telegram: {
@@ -60534,10 +60658,6 @@ function renderDefaultConfigTemplate(options = {}) {
         allowBots: false,
         groupPolicy: "allowlist",
         defaultAgentId: "default",
-        privilegeCommands: {
-          enabled: false,
-          allowUsers: []
-        },
         commandPrefixes: {
           slash: ["::", "\\"],
           bash: ["!"]
@@ -60546,6 +60666,7 @@ function renderDefaultConfigTemplate(options = {}) {
         response: "final",
         responseMode: "message-tool",
         additionalMessageMode: "steer",
+        verbose: "minimal",
         followUp: {
           mode: "auto",
           participationTtlMin: 5
@@ -60561,11 +60682,7 @@ function renderDefaultConfigTemplate(options = {}) {
           allowFrom: [],
           requireMention: false,
           allowBots: false,
-          agentId: "default",
-          privilegeCommands: {
-            enabled: false,
-            allowUsers: []
-          }
+          agentId: "default"
         }
       }
     }
@@ -61494,22 +61611,103 @@ class RuntimeHealthStore {
 // src/control/runtime-process.ts
 import { execFileSync, spawn as spawn2 } from "node:child_process";
 import { closeSync, existsSync as existsSync6, openSync, readFileSync as readFileSync3, rmSync as rmSync2, statSync as statSync3 } from "node:fs";
-import { dirname as dirname9 } from "node:path";
+import { dirname as dirname10 } from "node:path";
 import { kill } from "node:process";
 
 // src/control/clisbot-wrapper.ts
 import { chmod } from "node:fs/promises";
 import { fileURLToPath as fileURLToPath3 } from "node:url";
-import { dirname as dirname7, join as join5, sep } from "node:path";
+import { dirname as dirname8, join as join6, sep } from "node:path";
+
+// src/control/runner-exit-diagnostics.ts
+import { unlink } from "node:fs/promises";
+import { dirname as dirname7, join as join5 } from "node:path";
+function shellQuote(value) {
+  if (/^[a-zA-Z0-9_./:@=-]+$/.test(value)) {
+    return value;
+  }
+  return `'${value.replaceAll("'", `'"'"'`)}'`;
+}
+function buildCommandString(command, args) {
+  return [command, ...args].map(shellQuote).join(" ");
+}
+function sanitizeSessionName2(sessionName) {
+  return sessionName.replace(/[^a-zA-Z0-9._-]+/g, "_");
+}
+function getRunnerExitRecordPath(stateDir, sessionName) {
+  return join5(stateDir, "runner-exits", `${sanitizeSessionName2(sessionName)}.json`);
+}
+function buildRunnerLaunchCommand(params) {
+  const runnerCommand = buildCommandString(params.command, params.args);
+  const exitRecordPath = getRunnerExitRecordPath(params.stateDir, params.sessionName);
+  const exitWriterScript = [
+    "const fs = require('fs');",
+    "const path = require('path');",
+    "const filePath = process.argv[1];",
+    "const sessionName = process.argv[2];",
+    "const exitCode = Number(process.argv[3]);",
+    "const command = process.argv[4];",
+    "fs.mkdirSync(path.dirname(filePath), { recursive: true });",
+    "fs.writeFileSync(filePath, JSON.stringify({ sessionName, exitCode, command, exitedAt: new Date().toISOString() }) + '\\n');"
+  ].join(" ");
+  const exports = [
+    `export PATH=${shellQuote(params.wrapperDir)}:"$PATH"`,
+    `export CLISBOT_BIN=${shellQuote(params.wrapperPath)}`
+  ];
+  return [
+    ...exports,
+    `rm -f ${shellQuote(exitRecordPath)}`,
+    runnerCommand,
+    "status=$?",
+    `node -e ${shellQuote(exitWriterScript)} ${shellQuote(exitRecordPath)} ${shellQuote(params.sessionName)} "$status" ${shellQuote(runnerCommand)} || true`,
+    'exit "$status"'
+  ].join("; ");
+}
+async function clearRunnerExitRecord(stateDir, sessionName) {
+  const exitRecordPath = getRunnerExitRecordPath(stateDir, sessionName);
+  if (!await fileExists(exitRecordPath)) {
+    return;
+  }
+  try {
+    await unlink(exitRecordPath);
+  } catch {}
+}
+async function readRunnerExitRecord(stateDir, sessionName) {
+  const exitRecordPath = getRunnerExitRecordPath(stateDir, sessionName);
+  if (!await fileExists(exitRecordPath)) {
+    return null;
+  }
+  try {
+    const text = await readTextFile(exitRecordPath);
+    const parsed = JSON.parse(text);
+    const exitCode = parsed.exitCode;
+    if (typeof parsed.sessionName !== "string" || typeof exitCode !== "number" || !Number.isFinite(exitCode) || typeof parsed.command !== "string" || typeof parsed.exitedAt !== "string") {
+      return null;
+    }
+    return {
+      sessionName: parsed.sessionName,
+      exitCode,
+      command: parsed.command,
+      exitedAt: parsed.exitedAt
+    };
+  } catch {
+    return null;
+  }
+}
+async function ensureRunnerExitRecordDir(stateDir, sessionName) {
+  await ensureDir(dirname7(getRunnerExitRecordPath(stateDir, sessionName)));
+}
+
+// src/control/clisbot-wrapper.ts
 function getDefaultClisbotBinDir(env = process.env) {
-  return join5(resolveAppHomeDir(env), "bin");
+  return join6(resolveAppHomeDir(env), "bin");
 }
 function getDefaultClisbotWrapperPath(env = process.env) {
-  return join5(getDefaultClisbotBinDir(env), "clisbot");
+  return join6(getDefaultClisbotBinDir(env), "clisbot");
 }
 var DEFAULT_CLISBOT_BIN_DIR = getDefaultClisbotBinDir();
 var DEFAULT_CLISBOT_WRAPPER_PATH = getDefaultClisbotWrapperPath();
-function shellQuote(value) {
+function shellQuote2(value) {
   if (/^[a-zA-Z0-9_./:@=-]+$/.test(value)) {
     return value;
   }
@@ -61532,7 +61730,7 @@ function getClisbotPromptCommand() {
   return isPackagedRuntime() ? "clis" : getClisbotWrapperPath();
 }
 function getClisbotWrapperDir() {
-  return dirname7(getClisbotWrapperPath());
+  return dirname8(getClisbotWrapperPath());
 }
 function renderClisbotWrapperScript() {
   const execPath = process.execPath;
@@ -61540,14 +61738,14 @@ function renderClisbotWrapperScript() {
   return [
     "#!/usr/bin/env bash",
     "set -euo pipefail",
-    `exec ${shellQuote(execPath)} ${shellQuote(mainScriptPath)} "$@"`,
+    `exec ${shellQuote2(execPath)} ${shellQuote2(mainScriptPath)} "$@"`,
     ""
   ].join(`
 `);
 }
 async function ensureClisbotWrapper() {
   const wrapperPath = getClisbotWrapperPath();
-  const wrapperDir = dirname7(wrapperPath);
+  const wrapperDir = dirname8(wrapperPath);
   await ensureDir2(wrapperDir);
   const nextScript = renderClisbotWrapperScript();
   const existing = await fileExists(wrapperPath) ? await readTextFile(wrapperPath) : null;
@@ -61564,7 +61762,7 @@ import { randomUUID as randomUUID2 } from "node:crypto";
 // src/shared/process.ts
 import { spawn } from "node:child_process";
 import { existsSync as existsSync5 } from "node:fs";
-import { delimiter, join as join6 } from "node:path";
+import { delimiter, join as join7 } from "node:path";
 function sleep(ms) {
   return new Promise((resolve) => {
     setTimeout(resolve, ms);
@@ -61582,7 +61780,7 @@ function commandExists(command) {
   const executableNames = getExecutableNames(command);
   for (const directory of pathEntries) {
     for (const executableName of executableNames) {
-      if (existsSync5(join6(directory, executableName))) {
+      if (existsSync5(join7(directory, executableName))) {
         return true;
       }
     }
@@ -61906,7 +62104,7 @@ function getProcessLiveness(pid, dependencies = {}) {
 async function ensureConfigFile(configPath, options = {}) {
   await ensureClisbotWrapper();
   const expandedConfigPath = resolveConfigPath(configPath);
-  await ensureDir2(dirname9(expandedConfigPath));
+  await ensureDir2(dirname10(expandedConfigPath));
   if (existsSync6(expandedConfigPath)) {
     return {
       configPath: expandedConfigPath,
@@ -61943,8 +62141,8 @@ async function startDetachedRuntime(params) {
     rmSync2(pidPath, { force: true });
   }
   const configResult = await ensureConfigFile(params.configPath);
-  await ensureDir2(dirname9(pidPath));
-  await ensureDir2(dirname9(logPath));
+  await ensureDir2(dirname10(pidPath));
+  await ensureDir2(dirname10(logPath));
   const logStartOffset = getLogSize(logPath);
   const logFd = openSync(logPath, "a");
   const child = spawn2(process.execPath, [params.scriptPath, "serve-foreground"], {
@@ -62034,7 +62232,7 @@ async function disableExpiredMemAccountsInConfig(configPath) {
 }
 async function writeRuntimePid(pidPath, pid = process.pid) {
   const expandedPidPath = resolvePidPath(pidPath);
-  await ensureDir2(dirname9(expandedPidPath));
+  await ensureDir2(dirname10(expandedPidPath));
   await writeTextFile(expandedPidPath, `${pid}
 `);
 }
@@ -62655,7 +62853,13 @@ function buildConfiguredTargetFromIdentity(identity) {
   };
 }
 function renderFieldLabel(field) {
-  return field === "responseMode" ? "response-mode" : "additional-message-mode";
+  if (field === "responseMode") {
+    return "response-mode";
+  }
+  if (field === "additionalMessageMode") {
+    return "additional-message-mode";
+  }
+  return "streaming";
 }
 
 // src/channels/additional-message-mode-config.ts
@@ -62747,217 +62951,21 @@ async function setConfiguredResponseMode(params) {
 }
 
 // src/control/channel-privilege-cli.ts
-function getEditableConfigPath5() {
-  return process.env.CLISBOT_CONFIG_PATH;
-}
-function parseTarget(raw) {
-  if (raw === "slack-dm" || raw === "slack-channel" || raw === "slack-group" || raw === "telegram-dm" || raw === "telegram-group") {
-    return raw;
-  }
-  throw new Error(renderPrivilegeCliHelp());
-}
-function parseOptionValue2(args, name) {
-  const index = args.findIndex((arg) => arg === name);
-  if (index === -1) {
-    return;
-  }
-  const value = args[index + 1]?.trim();
-  if (!value) {
-    throw new Error(`Missing value for ${name}`);
-  }
-  return value;
-}
-function ensureAllowUsersList(value) {
-  return {
-    enabled: value?.enabled ?? false,
-    allowUsers: value?.allowUsers ?? []
-  };
-}
-function renderPrivilegeCliHelp() {
+function renderChannelPrivilegeCliRemovedMessage() {
   return [
-    "Usage:",
-    "  clisbot channels privilege enable slack-dm",
-    "  clisbot channels privilege disable slack-dm",
-    "  clisbot channels privilege allow-user slack-dm <userId>",
-    "  clisbot channels privilege remove-user slack-dm <userId>",
-    "  clisbot channels privilege enable slack-channel <channelId>",
-    "  clisbot channels privilege allow-user slack-channel <channelId> <userId>",
-    "  clisbot channels privilege enable slack-group <groupId>",
-    "  clisbot channels privilege allow-user slack-group <groupId> <userId>",
-    "  clisbot channels privilege enable telegram-dm",
-    "  clisbot channels privilege allow-user telegram-dm <userId>",
-    "  clisbot channels privilege enable telegram-group <chatId> [--topic <topicId>]",
-    "  clisbot channels privilege allow-user telegram-group <chatId> <userId> [--topic <topicId>]"
+    "`clisbot channels privilege` has been removed.",
+    "Manage routed permissions through `app.auth` and `agents.<id>.auth` instead.",
+    "Grant `shellExecute` on the target agent role when `/bash` should be allowed."
   ].join(`
 `);
 }
-function addUniqueUser(users, userId) {
-  const normalized = userId.trim();
-  return normalized && !users.includes(normalized) ? [...users, normalized] : users;
-}
-function removeUser(users, userId) {
-  const normalized = userId.trim();
-  return users.filter((value) => value !== normalized);
-}
-async function runChannelPrivilegeCli(args) {
-  const action = args[0];
-  const target = parseTarget(args[1]);
-  const rest = args.slice(2);
-  const { config, configPath } = await readEditableConfig(getEditableConfigPath5());
-  if (target === "slack-dm") {
-    const current2 = ensureAllowUsersList(config.channels.slack.directMessages.privilegeCommands);
-    await applyPrivilegeAction({
-      action,
-      current: current2,
-      args: rest,
-      set: (next) => {
-        config.channels.slack.directMessages.privilegeCommands = next;
-      },
-      configPath,
-      label: "slack direct messages",
-      save: async () => writeEditableConfig(configPath, config)
-    });
-    return;
-  }
-  if (target === "telegram-dm") {
-    const current2 = ensureAllowUsersList(config.channels.telegram.directMessages.privilegeCommands);
-    await applyPrivilegeAction({
-      action,
-      current: current2,
-      args: rest,
-      set: (next) => {
-        config.channels.telegram.directMessages.privilegeCommands = next;
-      },
-      configPath,
-      label: "telegram direct messages",
-      save: async () => writeEditableConfig(configPath, config)
-    });
-    return;
-  }
-  if (target === "slack-channel" || target === "slack-group") {
-    const routeId = rest[0]?.trim();
-    if (!routeId) {
-      throw new Error(renderPrivilegeCliHelp());
-    }
-    const routes = target === "slack-channel" ? config.channels.slack.channels : config.channels.slack.groups;
-    const route = routes[routeId];
-    if (!route) {
-      throw new Error(`Route not configured yet: ${target} ${routeId}. Add the route first with \`clisbot channels add ...\`.`);
-    }
-    const current2 = ensureAllowUsersList(route.privilegeCommands);
-    await applyPrivilegeAction({
-      action,
-      current: current2,
-      args: rest.slice(1),
-      set: (next) => {
-        route.privilegeCommands = next;
-      },
-      configPath,
-      label: `${target} ${routeId}`,
-      save: async () => writeEditableConfig(configPath, config)
-    });
-    return;
-  }
-  const chatId = rest[0]?.trim();
-  if (!chatId) {
-    throw new Error(renderPrivilegeCliHelp());
-  }
-  const topicId = parseOptionValue2(rest, "--topic");
-  const group = config.channels.telegram.groups[chatId];
-  if (!group) {
-    throw new Error(renderTelegramRouteChoiceMessage({ chatId }));
-  }
-  if (topicId) {
-    const topic = group.topics?.[topicId];
-    if (!topic) {
-      throw new Error(renderTelegramRouteChoiceMessage({ chatId, topicId }));
-    }
-    const current2 = ensureAllowUsersList(topic.privilegeCommands);
-    await applyPrivilegeAction({
-      action,
-      current: current2,
-      args: rest.filter((value, index) => {
-        if (index === 0) {
-          return false;
-        }
-        return value !== "--topic" && value !== topicId;
-      }),
-      set: (next) => {
-        topic.privilegeCommands = next;
-      },
-      configPath,
-      label: `telegram topic ${chatId}/${topicId}`,
-      save: async () => writeEditableConfig(configPath, config)
-    });
-    return;
-  }
-  const current = ensureAllowUsersList(group.privilegeCommands);
-  await applyPrivilegeAction({
-    action,
-    current,
-    args: rest.slice(1),
-    set: (next) => {
-      group.privilegeCommands = next;
-    },
-    configPath,
-    label: `telegram group ${chatId}`,
-    save: async () => writeEditableConfig(configPath, config)
-  });
-}
-async function applyPrivilegeAction(params) {
-  if (params.action === "enable") {
-    params.set({
-      enabled: true,
-      allowUsers: params.current.allowUsers
-    });
-    await params.save();
-    console.log(`enabled privilege commands for ${params.label}`);
-    console.log(`config: ${params.configPath}`);
-    return;
-  }
-  if (params.action === "disable") {
-    params.set({
-      enabled: false,
-      allowUsers: params.current.allowUsers
-    });
-    await params.save();
-    console.log(`disabled privilege commands for ${params.label}`);
-    console.log(`config: ${params.configPath}`);
-    return;
-  }
-  if (params.action === "allow-user") {
-    const userId = params.args[0]?.trim();
-    if (!userId) {
-      throw new Error(renderPrivilegeCliHelp());
-    }
-    params.set({
-      enabled: params.current.enabled,
-      allowUsers: addUniqueUser(params.current.allowUsers, userId)
-    });
-    await params.save();
-    console.log(`allowed ${userId} to use privilege commands for ${params.label}`);
-    console.log(`config: ${params.configPath}`);
-    return;
-  }
-  if (params.action === "remove-user") {
-    const userId = params.args[0]?.trim();
-    if (!userId) {
-      throw new Error(renderPrivilegeCliHelp());
-    }
-    params.set({
-      enabled: params.current.enabled,
-      allowUsers: removeUser(params.current.allowUsers, userId)
-    });
-    await params.save();
-    console.log(`removed ${userId} from privilege commands for ${params.label}`);
-    console.log(`config: ${params.configPath}`);
-    return;
-  }
-  throw new Error(renderPrivilegeCliHelp());
+async function runChannelPrivilegeCli(_args) {
+  throw new Error(renderChannelPrivilegeCliRemovedMessage());
 }
 
 // src/control/channels-cli.ts
-function getEditableConfigPath6() {
+var AUTH_USER_GUIDE_DOC_PATH = "docs/user-guide/auth-and-roles.md";
+function getEditableConfigPath5() {
   return process.env.CLISBOT_CONFIG_PATH;
 }
 function renderChannelsHelp() {
@@ -62975,7 +62983,6 @@ function renderChannelsHelp() {
     "  clisbot channels remove slack-channel <channelId>",
     "  clisbot channels add slack-group <groupId> [--agent <id>] [--require-mention true|false]",
     "  clisbot channels remove slack-group <groupId>",
-    "  clisbot channels privilege <enable|disable|allow-user|remove-user> <target> ...",
     "  clisbot channels response-mode status --channel <slack|telegram> [--target <target>] [--topic <topicId>]",
     "  clisbot channels response-mode set <capture-pane|message-tool> --channel <slack|telegram> [--target <target>] [--topic <topicId>]",
     "  clisbot channels additional-message-mode status --channel <slack|telegram> [--target <target>] [--topic <topicId>]",
@@ -62991,7 +62998,8 @@ function renderChannelsHelp() {
     "  - Telegram groups need channels.telegram.groups.<chatId>",
     "  - Telegram forum topics need channels.telegram.groups.<chatId>.topics.<topicId>",
     "  - Adding a route puts that surface on the allowlist; other channels, groups, or topics still need to be added explicitly",
-    "  - Tune route settings such as requireMention, privilegeCommands, and followUp in clisbot.json when a surface should behave differently",
+    "  - Tune route settings such as requireMention and followUp in clisbot.json when a surface should behave differently",
+    `  - Manage routed auth and /bash access in ${AUTH_USER_GUIDE_DOC_PATH}`,
     "  - Response delivery can be tuned with responseMode: `capture-pane` or `message-tool`",
     "  - Busy-session follow-up can be tuned with additionalMessageMode: `steer` or `queue`",
     "  - Slack response-mode targets use `channel:<id>`, `group:<id>`, or `dm:<id>`",
@@ -63024,7 +63032,6 @@ function renderChannelsHelp() {
     "Next steps:",
     "  - Run `clisbot status` to inspect routes and current channel state",
     "  - Run `clisbot logs` if the bot is still not responding",
-    ...renderGenericPrivilegeCommandHelpLines(),
     ...renderChannelSetupHelpLines("", { includePrivilegeHelp: false })
   ].join(`
 `);
@@ -63079,7 +63086,7 @@ function parseResponseModeTarget(channel, raw) {
   }
   return target;
 }
-function parseOptionValue3(args, name) {
+function parseOptionValue2(args, name) {
   const index = args.findIndex((arg) => arg === name);
   if (index === -1) {
     return;
@@ -63091,7 +63098,7 @@ function parseOptionValue3(args, name) {
   return value;
 }
 function parseBooleanOption(args, name, fallback) {
-  const raw = parseOptionValue3(args, name);
+  const raw = parseOptionValue2(args, name);
   if (!raw) {
     return fallback;
   }
@@ -63104,10 +63111,10 @@ function parseBooleanOption(args, name, fallback) {
   throw new Error(`${name} requires true or false`);
 }
 function getAgentId(args) {
-  return parseOptionValue3(args, "--agent") ?? "default";
+  return parseOptionValue2(args, "--agent") ?? "default";
 }
 async function setChannelEnabled(action, channel) {
-  const { config, configPath } = await readEditableConfig(getEditableConfigPath6());
+  const { config, configPath } = await readEditableConfig(getEditableConfigPath5());
   const enabled = action === "enable";
   const current = config.channels[channel].enabled;
   if (current === enabled) {
@@ -63127,8 +63134,8 @@ async function addTelegramGroup(args) {
   if (!chatId) {
     throw new Error("Usage: clisbot channels add telegram-group <chatId> [--topic <topicId>] [--agent <id>] [--require-mention true|false]");
   }
-  const { config, configPath } = await readEditableConfig(getEditableConfigPath6());
-  const topicId = parseOptionValue3(args, "--topic");
+  const { config, configPath } = await readEditableConfig(getEditableConfigPath5());
+  const topicId = parseOptionValue2(args, "--topic");
   const agentId = getAgentId(args);
   const requireMention = parseBooleanOption(args, "--require-mention", true);
   const groupRoute = config.channels.telegram.groups[chatId] ?? {
@@ -63180,8 +63187,8 @@ async function removeTelegramGroup(args) {
   if (!chatId) {
     throw new Error("Usage: clisbot channels remove telegram-group <chatId> [--topic <topicId>]");
   }
-  const { config, configPath } = await readEditableConfig(getEditableConfigPath6());
-  const topicId = parseOptionValue3(args, "--topic");
+  const { config, configPath } = await readEditableConfig(getEditableConfigPath5());
+  const topicId = parseOptionValue2(args, "--topic");
   const groupRoute = config.channels.telegram.groups[chatId];
   if (!groupRoute) {
     console.log(`telegram group route ${chatId} is not configured`);
@@ -63210,7 +63217,7 @@ async function addSlackRoute(kind, args) {
   if (!routeId) {
     throw new Error(`Usage: clisbot channels add slack-${kind} <${kind}Id> [--agent <id>] [--require-mention true|false]`);
   }
-  const { config, configPath } = await readEditableConfig(getEditableConfigPath6());
+  const { config, configPath } = await readEditableConfig(getEditableConfigPath5());
   const agentId = getAgentId(args);
   const requireMention = parseBooleanOption(args, "--require-mention", false);
   const target = kind === "channel" ? config.channels.slack.channels : config.channels.slack.groups;
@@ -63234,7 +63241,7 @@ async function removeSlackRoute(kind, args) {
   if (!routeId) {
     throw new Error(`Usage: clisbot channels remove slack-${kind} <${kind}Id>`);
   }
-  const { config, configPath } = await readEditableConfig(getEditableConfigPath6());
+  const { config, configPath } = await readEditableConfig(getEditableConfigPath5());
   const target = kind === "channel" ? config.channels.slack.channels : config.channels.slack.groups;
   if (!target[routeId]) {
     console.log(`slack ${kind} route ${routeId} is not configured`);
@@ -63247,7 +63254,7 @@ async function removeSlackRoute(kind, args) {
   console.log(`config: ${configPath}`);
 }
 async function setToken(target, value) {
-  const { config, configPath } = await readEditableConfig(getEditableConfigPath6());
+  const { config, configPath } = await readEditableConfig(getEditableConfigPath5());
   if (target === "slack-app") {
     config.channels.slack.appToken = value;
     const defaultAccountId = config.channels.slack.defaultAccount || "default";
@@ -63279,7 +63286,7 @@ async function setToken(target, value) {
   console.log(`config: ${configPath}`);
 }
 async function clearToken(target) {
-  const { config, configPath } = await readEditableConfig(getEditableConfigPath6());
+  const { config, configPath } = await readEditableConfig(getEditableConfigPath5());
   if (target === "slack-app") {
     config.channels.slack.appToken = "";
     const defaultAccountId = config.channels.slack.defaultAccount || "default";
@@ -63323,9 +63330,9 @@ async function runResponseModeCli(args) {
   }
   const responseMode = action === "set" ? parseResponseMode2(args[1]) : undefined;
   const optionArgs = action === "set" ? args.slice(2) : args.slice(1);
-  const channel = parseResponseModeChannel(parseOptionValue3(optionArgs, "--channel"));
-  const target = parseResponseModeTarget(channel, parseOptionValue3(optionArgs, "--target"));
-  const topic = parseOptionValue3(optionArgs, "--topic");
+  const channel = parseResponseModeChannel(parseOptionValue2(optionArgs, "--channel"));
+  const target = parseResponseModeTarget(channel, parseOptionValue2(optionArgs, "--target"));
+  const topic = parseOptionValue2(optionArgs, "--topic");
   if (channel === "slack" && topic) {
     throw new Error("Slack response-mode commands do not support --topic");
   }
@@ -63357,9 +63364,9 @@ async function runAdditionalMessageModeCli(args) {
   }
   const additionalMessageMode = action === "set" ? parseAdditionalMessageMode2(args[1]) : undefined;
   const optionArgs = action === "set" ? args.slice(2) : args.slice(1);
-  const channel = parseResponseModeChannel(parseOptionValue3(optionArgs, "--channel"));
-  const target = parseResponseModeTarget(channel, parseOptionValue3(optionArgs, "--target"));
-  const topic = parseOptionValue3(optionArgs, "--topic");
+  const channel = parseResponseModeChannel(parseOptionValue2(optionArgs, "--channel"));
+  const target = parseResponseModeTarget(channel, parseOptionValue2(optionArgs, "--target"));
+  const topic = parseOptionValue2(optionArgs, "--topic");
   if (channel === "slack" && topic) {
     throw new Error("Slack additional-message-mode commands do not support --topic");
   }
@@ -63422,16 +63429,10 @@ function renderRouteAddGuidance(params) {
     console.log("Slack route next steps:");
     console.log(`  - route added: ${routePath}`);
     console.log("  - direct messages still follow channels.slack.directMessages.policy (`open`, `pairing`, `allowlist`, or `disabled`)");
-    console.log(`  - this ${routeLabel} still follows channels.slack.groupPolicy and route settings such as requireMention, privilegeCommands, and followUp`);
+    console.log(`  - this ${routeLabel} still follows channels.slack.groupPolicy and route settings such as requireMention and followUp`);
     console.log("  - if you want pairing-style access control for DMs, set channels.slack.directMessages.policy to `pairing`");
     console.log("  - if you want stricter route access, keep Slack groups on allowlist and only add the channels/groups you trust");
-    for (const line of renderPrivilegeCommandHelpLines({
-      platform: "slack",
-      conversationKind: params.kind === "group" ? "group" : "channel",
-      channelId: params.routeId
-    }, "  ")) {
-      console.log(line);
-    }
+    console.log(`  - manage routed auth and /bash access in ${AUTH_USER_GUIDE_DOC_PATH}`);
   } else {
     const [chatId, topicId] = params.routeId.split("/");
     const routePath = params.kind === "topic" ? `channels.telegram.groups."${chatId}".topics."${topicId}"` : `channels.telegram.groups."${params.routeId}"`;
@@ -63440,15 +63441,8 @@ function renderRouteAddGuidance(params) {
     console.log("  - direct messages still follow channels.telegram.directMessages.policy (`open`, `pairing`, `allowlist`, or `disabled`)");
     console.log(`  - this ${params.kind} is now on the Telegram allowlist; other groups or topics still need to be added explicitly`);
     console.log("  - if you want pairing-style access control for DMs, set channels.telegram.directMessages.policy to `pairing`");
-    console.log("  - tune route settings such as requireMention, privilegeCommands, and followUp in clisbot.json if this surface should behave differently");
-    for (const line of renderPrivilegeCommandHelpLines({
-      platform: "telegram",
-      conversationKind: params.kind === "topic" ? "topic" : "group",
-      chatId: chatId ?? params.routeId,
-      topicId
-    }, "  ")) {
-      console.log(line);
-    }
+    console.log("  - tune route settings such as requireMention and followUp in clisbot.json if this surface should behave differently");
+    console.log(`  - manage routed auth and /bash access in ${AUTH_USER_GUIDE_DOC_PATH}`);
   }
   console.log("Run `clisbot status` to inspect routes and current channel state.");
   console.log("Run `clisbot logs` if the bot is still not responding.");
@@ -63542,7 +63536,7 @@ function parseBotType(rawValue) {
   }
   throw new Error(`Invalid bot type: ${rawValue}`);
 }
-function parseOptionValue4(args, name, index) {
+function parseOptionValue3(args, name, index) {
   const value = args[index + 1]?.trim();
   if (!value) {
     throw new Error(`Missing value for ${name}`);
@@ -63597,17 +63591,17 @@ function parseBootstrapFlags(args) {
   for (let index = 0;index < args.length; index += 1) {
     const arg = args[index];
     if (arg === "--cli") {
-      cliTool = parseOptionValue4(args, arg, index);
+      cliTool = parseOptionValue3(args, arg, index);
       index += 1;
       continue;
     }
     if (arg === "--bootstrap") {
-      bootstrap = parseBotType(parseOptionValue4(args, arg, index));
+      bootstrap = parseBotType(parseOptionValue3(args, arg, index));
       index += 1;
       continue;
     }
     if (arg === "--bot-type") {
-      bootstrap = parseBotType(parseOptionValue4(args, arg, index));
+      bootstrap = parseBotType(parseOptionValue3(args, arg, index));
       index += 1;
       continue;
     }
@@ -63616,7 +63610,7 @@ function parseBootstrapFlags(args) {
       continue;
     }
     if (arg === "--slack-account") {
-      const accountId = parseOptionValue4(args, arg, index);
+      const accountId = parseOptionValue3(args, arg, index);
       ensureUniqueAccount(slackAccounts, accountId, "--slack-account");
       currentSlackAccountId = accountId;
       getOrCreateSlackAccount(slackAccounts, accountId);
@@ -63625,7 +63619,7 @@ function parseBootstrapFlags(args) {
       continue;
     }
     if (arg === "--telegram-account") {
-      const accountId = parseOptionValue4(args, arg, index);
+      const accountId = parseOptionValue3(args, arg, index);
       ensureUniqueAccount(telegramAccounts, accountId, "--telegram-account");
       currentTelegramAccountId = accountId;
       getOrCreateTelegramAccount(telegramAccounts, accountId);
@@ -63634,7 +63628,7 @@ function parseBootstrapFlags(args) {
       continue;
     }
     if (arg === "--slack-app-token") {
-      const token = parseTokenInput(parseOptionValue4(args, arg, index));
+      const token = parseTokenInput(parseOptionValue3(args, arg, index));
       const account = getOrCreateSlackAccount(slackAccounts, currentSlackAccountId ?? "default");
       account.appToken = token;
       sawCredentialFlags = true;
@@ -63643,7 +63637,7 @@ function parseBootstrapFlags(args) {
       continue;
     }
     if (arg === "--slack-bot-token") {
-      const token = parseTokenInput(parseOptionValue4(args, arg, index));
+      const token = parseTokenInput(parseOptionValue3(args, arg, index));
       const account = getOrCreateSlackAccount(slackAccounts, currentSlackAccountId ?? "default");
       account.botToken = token;
       sawCredentialFlags = true;
@@ -63652,7 +63646,7 @@ function parseBootstrapFlags(args) {
       continue;
     }
     if (arg === "--telegram-bot-token") {
-      const token = parseTokenInput(parseOptionValue4(args, arg, index));
+      const token = parseTokenInput(parseOptionValue3(args, arg, index));
       const account = getOrCreateTelegramAccount(telegramAccounts, currentTelegramAccountId ?? "default");
       account.botToken = token;
       sawCredentialFlags = true;
@@ -63736,6 +63730,8 @@ class AgentSessionState {
       startedAt: entry?.runtime?.startedAt,
       detachedAt: entry?.runtime?.detachedAt,
       finalReplyAt: entry?.runtime?.finalReplyAt,
+      lastMessageToolReplyAt: entry?.runtime?.lastMessageToolReplyAt,
+      messageToolFinalReplyAt: entry?.runtime?.messageToolFinalReplyAt,
       sessionKey: target.sessionKey,
       agentId: target.agentId
     };
@@ -63747,6 +63743,8 @@ class AgentSessionState {
       startedAt: entry.runtime.startedAt,
       detachedAt: entry.runtime.detachedAt,
       finalReplyAt: entry.runtime.finalReplyAt,
+      lastMessageToolReplyAt: entry.runtime.lastMessageToolReplyAt,
+      messageToolFinalReplyAt: entry.runtime.messageToolFinalReplyAt,
       sessionKey: entry.sessionKey,
       agentId: entry.agentId
     }));
@@ -63880,7 +63878,7 @@ class AgentSessionState {
     }
     return this.resetConversationFollowUpMode(resolved);
   }
-  async recordConversationReply(resolved, kind = "reply") {
+  async recordConversationReply(resolved, kind = "reply", source = "channel") {
     const repliedAt = Date.now();
     return this.upsertSessionEntry(resolved, (existing) => ({
       sessionId: existing?.sessionId,
@@ -63889,9 +63887,17 @@ class AgentSessionState {
         lastBotReplyAt: repliedAt
       },
       runnerCommand: existing?.runnerCommand ?? resolved.runner.command,
-      runtime: kind === "final" && existing?.runtime && existing.runtime.state !== "idle" ? {
+      runtime: existing?.runtime && existing.runtime.state !== "idle" ? {
         ...existing.runtime,
-        finalReplyAt: repliedAt
+        ...kind === "final" ? {
+          finalReplyAt: repliedAt
+        } : {},
+        ...source === "message-tool" ? {
+          lastMessageToolReplyAt: repliedAt,
+          ...kind === "final" ? {
+            messageToolFinalReplyAt: repliedAt
+          } : {}
+        } : {}
       } : existing?.runtime,
       intervalLoops: existing?.intervalLoops
     }));
@@ -63918,7 +63924,7 @@ function hasActiveRuntime(entry) {
 }
 
 // src/agents/session-store.ts
-import { dirname as dirname10 } from "node:path";
+import { dirname as dirname11 } from "node:path";
 import { randomUUID as randomUUID3 } from "node:crypto";
 import { rename } from "node:fs/promises";
 class SessionStore {
@@ -64011,7 +64017,7 @@ class SessionStore {
     return parsed;
   }
   async writeStore(store) {
-    await ensureDir2(dirname10(this.storePath));
+    await ensureDir2(dirname11(this.storePath));
     const tempPath = `${this.storePath}.${process.pid}.${randomUUID3()}.tmp`;
     await writeTextFile(tempPath, JSON.stringify(store, null, 2));
     await rename(tempPath, this.storePath);
@@ -64019,7 +64025,7 @@ class SessionStore {
 }
 
 // src/control/loops-cli.ts
-function getEditableConfigPath7() {
+function getEditableConfigPath6() {
   return process.env.CLISBOT_CONFIG_PATH;
 }
 function renderLoopsHelp() {
@@ -64077,7 +64083,7 @@ function getSessionState(sessionStorePath) {
   return new AgentSessionState(new SessionStore(sessionStorePath));
 }
 async function loadLoopControlState() {
-  const configPath = await ensureEditableConfigFile(getEditableConfigPath7());
+  const configPath = await ensureEditableConfigFile(getEditableConfigPath6());
   const loadedConfig = await loadConfigWithoutEnvResolution(configPath);
   const sessionStorePath = resolveSessionStorePath(loadedConfig);
   return {
@@ -64146,23 +64152,158 @@ async function runLoopsCli(args) {
 // src/agents/agent-service.ts
 import { randomUUID as randomUUID4 } from "node:crypto";
 
-// src/agents/session-key.ts
-var DEFAULT_MAIN_KEY = "main";
-var DEFAULT_ACCOUNT_ID = "default";
-function normalizeToken(value) {
-  return (value ?? "").trim().toLowerCase();
-}
-function normalizeMainKey(value) {
-  return normalizeToken(value) || DEFAULT_MAIN_KEY;
+// src/channels/agent-prompt.ts
+function buildAgentPromptText(params) {
+  if (!params.config.enabled) {
+    return params.text;
+  }
+  const systemBlock = renderAgentPromptInstruction(params);
+  return `<system>
+${systemBlock}
+</system>
+
+<user>
+${params.text}
+</user>`;
 }
-function normalizeAgentId(value) {
-  const trimmed = (value ?? "").trim();
-  if (!trimmed) {
-    return "default";
+function renderAgentPromptInstruction(params) {
+  const messageToolMode = (params.responseMode ?? "message-tool") === "message-tool";
+  const progressAllowed = messageToolMode && (params.streaming ?? "all") !== "off";
+  const lines = [
+    `[${renderPromptTimestamp()}] ${renderIdentitySummary(params.identity)}`,
+    "",
+    "You are operating inside clisbot.",
+    messageToolMode ? progressAllowed ? "To send a user-visible progress update or final reply, use the following CLI command:" : "To send the final user-visible reply, use the following CLI command:" : "channel auto-delivery remains enabled for this conversation; do not send user-facing progress updates or the final response with clisbot message send"
+  ];
+  if (messageToolMode) {
+    const replyCommand = buildReplyCommand({
+      command: getClisbotPromptCommand(),
+      identity: params.identity
+    });
+    lines.push(replyCommand, "When replying to the user:", "- put the user-facing message inside the --message body of that command", progressAllowed ? "- use that command to send progress updates and the final reply back to the conversation" : "- use that command only for the final user-facing reply", ...progressAllowed ? [`- send at most ${params.config.maxProgressMessages} progress updates`] : ["- do not send user-facing progress updates for this conversation"], params.config.requireFinalResponse ? "- send exactly 1 final user-facing response" : "- final response is optional", ...progressAllowed ? [
+      "- keep progress updates short and meaningful",
+      "- do not send progress updates for trivial internal steps"
+    ] : []);
   }
-  return trimmed.toLowerCase().replaceAll(/[^a-z0-9_-]+/g, "-").replaceAll(/-+/g, "-").replaceAll(/^-|-$/g, "") || "default";
+  if (params.protectedControlMutationRule) {
+    lines.push("", params.protectedControlMutationRule);
+  }
+  return lines.join(`
+`);
 }
-function normalizeAccountId2(value) {
+function renderPromptTimestamp() {
+  const date = new Date;
+  const formatter = new Intl.DateTimeFormat("en-CA", {
+    year: "numeric",
+    month: "2-digit",
+    day: "2-digit",
+    hour: "2-digit",
+    minute: "2-digit",
+    second: "2-digit",
+    hour12: false,
+    timeZoneName: "shortOffset"
+  });
+  return formatter.format(date).replace(",", "");
+}
+function renderIdentitySummary(identity) {
+  const segments = [renderConversationSummary(identity)];
+  const sender = renderSenderSummary(identity);
+  if (sender) {
+    segments.push(sender);
+  }
+  return segments.join(" | ");
+}
+function renderConversationSummary(identity) {
+  if (identity.platform === "slack") {
+    const scopeLabel = identity.conversationKind === "dm" ? "Slack direct message" : identity.conversationKind === "group" ? "Slack group" : "Slack channel";
+    const segments = [scopeLabel];
+    const channel = renderLabeledTarget(identity.channelName, identity.channelId, "#");
+    if (channel) {
+      segments.push(channel);
+    }
+    if (identity.threadTs) {
+      segments.push(`thread ${identity.threadTs}`);
+    }
+    return segments.join(" ");
+  }
+  if (identity.conversationKind === "dm") {
+    return ["Telegram direct message", renderLabeledTarget(identity.chatName, identity.chatId)].filter(Boolean).join(" ");
+  }
+  if (identity.conversationKind === "topic") {
+    const topic = renderNamedValue("topic", identity.topicName, identity.topicId);
+    const group = renderNamedValue("in group", identity.chatName, identity.chatId);
+    return [topic, group].filter(Boolean).join(" ");
+  }
+  return ["Telegram group", renderLabeledTarget(identity.chatName, identity.chatId)].filter(Boolean).join(" ");
+}
+function renderSenderSummary(identity) {
+  const sender = renderLabeledTarget(identity.senderName, identity.senderId);
+  return sender ? `sender ${sender}` : "";
+}
+function renderLabeledTarget(name, id, namePrefix = "") {
+  const normalizedName = name?.trim();
+  const normalizedId = id?.trim();
+  if (normalizedName && normalizedId) {
+    return `${namePrefix}${normalizedName} (${normalizedId})`;
+  }
+  if (normalizedName) {
+    return `${namePrefix}${normalizedName}`;
+  }
+  return normalizedId ?? "";
+}
+function renderNamedValue(label, name, id) {
+  const value = renderLabeledTarget(name, id);
+  return value ? `${label} ${value}` : "";
+}
+function buildReplyCommand(params) {
+  const lines = [`${params.command} message send \\`];
+  if (params.identity.platform === "slack") {
+    lines.push("  --channel slack \\");
+    lines.push(`  --target channel:${params.identity.channelId ?? ""} \\`);
+    if (params.identity.threadTs) {
+      lines.push(`  --thread-id ${params.identity.threadTs} \\`);
+    }
+    lines.push("  --final \\");
+    lines.push('  --message "$(cat <<\\__CLISBOT_MESSAGE__');
+    lines.push("<short progress update>");
+    lines.push("__CLISBOT_MESSAGE__");
+    lines.push(')" \\');
+    lines.push("  [--media /absolute/path/to/file]");
+    return lines.join(`
+`);
+  }
+  lines.push("  --channel telegram \\");
+  lines.push(`  --target ${params.identity.chatId ?? ""} \\`);
+  if (params.identity.topicId) {
+    lines.push(`  --thread-id ${params.identity.topicId} \\`);
+  }
+  lines.push("  --final \\");
+  lines.push('  --message "$(cat <<\\__CLISBOT_MESSAGE__');
+  lines.push("<short progress update>");
+  lines.push("__CLISBOT_MESSAGE__");
+  lines.push(')" \\');
+  lines.push("  [--media /absolute/path/to/file]");
+  return lines.join(`
+`);
+}
+
+// src/agents/session-key.ts
+var DEFAULT_MAIN_KEY = "main";
+var DEFAULT_ACCOUNT_ID = "default";
+function normalizeToken(value) {
+  return (value ?? "").trim().toLowerCase();
+}
+function normalizeMainKey(value) {
+  return normalizeToken(value) || DEFAULT_MAIN_KEY;
+}
+function normalizeAgentId(value) {
+  const trimmed = (value ?? "").trim();
+  if (!trimmed) {
+    return "default";
+  }
+  return trimmed.toLowerCase().replaceAll(/[^a-z0-9_-]+/g, "-").replaceAll(/-+/g, "-").replaceAll(/^-|-$/g, "") || "default";
+}
+function normalizeAccountId2(value) {
   return normalizeToken(value) || DEFAULT_ACCOUNT_ID;
 }
 function buildAgentMainSessionKey(params) {
@@ -64417,7 +64558,7 @@ class AgentJobQueue {
 }
 
 // src/agents/runner-session.ts
-import { dirname as dirname11 } from "node:path";
+import { dirname as dirname12 } from "node:path";
 
 // src/shared/transcript-normalization.ts
 import { stripVTControlCharacters } from "node:util";
@@ -64981,7 +65122,11 @@ ${body}` : queueNote;
 _Timed out waiting for more output._` : "_Timed out waiting for visible output._";
   }
   if (params.status === "detached") {
-    const note = params.note ?? "This session is still running. Use `/transcript` anytime to check it.";
+    const note = resolveDetachedInteractionNote({
+      baseNote: params.note,
+      allowTranscriptInspection: params.allowTranscriptInspection,
+      transcriptCommand: "`/transcript`"
+    });
     return body ? `${body}
 
 _${note}_` : `_${note}_`;
@@ -65010,7 +65155,11 @@ ${body}` : queueNote;
 Timed out waiting for more output.` : "Timed out waiting for visible output.";
   }
   if (params.status === "detached") {
-    const note = params.note ?? "This session is still running. Use /transcript anytime to check it.";
+    const note = resolveDetachedInteractionNote({
+      baseNote: params.note,
+      allowTranscriptInspection: params.allowTranscriptInspection,
+      transcriptCommand: "/transcript"
+    });
     return body ? `${body}
 
 ${note}` : note;
@@ -65046,6 +65195,16 @@ ${body}
 }
 var renderSlackSnapshot = renderSlackTranscript;
 var renderChannelSnapshot = renderSlackSnapshot;
+function resolveDetachedInteractionNote(params) {
+  const note = params.baseNote ?? "This session is still running. Use `/attach`, `/watch every 30s`, or `/stop` to manage it.";
+  if (!params.allowTranscriptInspection) {
+    return note;
+  }
+  if (note.includes("/transcript")) {
+    return note;
+  }
+  return `${note} You can also use ${params.transcriptCommand} to inspect the current session snapshot.`;
+}
 // src/control/latency-debug.ts
 function isLatencyDebugEnabled() {
   return process.env.CLISBOT_DEBUG_LATENCY === "1";
@@ -65396,24 +65555,6 @@ function escapeRegExp(raw) {
 // src/agents/runner-session.ts
 var TMUX_MISSING_SESSION_PATTERN = /(?:can't find session:|no server running on )/i;
 var TMUX_DUPLICATE_SESSION_PATTERN = /duplicate session:/i;
-function shellQuote2(value) {
-  if (/^[a-zA-Z0-9_./:@=-]+$/.test(value)) {
-    return value;
-  }
-  return `'${value.replaceAll("'", `'"'"'`)}'`;
-}
-function buildCommandString(command, args) {
-  return [command, ...args].map(shellQuote2).join(" ");
-}
-function buildRunnerLaunchCommand(command, args) {
-  const wrapperDir = getClisbotWrapperDir();
-  const wrapperPath = getClisbotWrapperPath();
-  const exports = [
-    `export PATH=${shellQuote2(wrapperDir)}:"$PATH"`,
-    `export CLISBOT_BIN=${shellQuote2(wrapperPath)}`
-  ];
-  return `${exports.join("; ")}; exec ${buildCommandString(command, args)}`;
-}
 function summarizeSnapshot(snapshot) {
   const compact = snapshot.split(`
 `).map((line) => line.trim()).filter(Boolean).join(" ").slice(0, 220);
@@ -65439,8 +65580,17 @@ class RunnerSessionService {
     this.sessionState = sessionState;
     this.resolveTarget = resolveTarget;
   }
-  mapSessionError(error, sessionName, action) {
+  async mapSessionError(error, sessionName, action, lastSnapshot = "") {
     if (isMissingTmuxSessionError(error)) {
+      const exitRecord = await readRunnerExitRecord(this.loadedConfig.stateDir, sessionName);
+      console.error("runner session disappeared", {
+        sessionName,
+        action,
+        exitCode: exitRecord?.exitCode,
+        exitedAt: exitRecord?.exitedAt,
+        runnerCommand: exitRecord?.command,
+        lastVisiblePane: lastSnapshot ? summarizeSnapshot(lastSnapshot).trim() : undefined
+      });
       return new Error(`Runner session "${sessionName}" disappeared ${action}.`);
     }
     return error instanceof Error ? error : new Error(String(error));
@@ -65559,7 +65709,8 @@ class RunnerSessionService {
     };
     logLatencyDebug("ensure-session-ready-start", timingContext);
     await ensureDir2(resolved.workspacePath);
-    await ensureDir2(dirname11(this.loadedConfig.raw.tmux.socketPath));
+    await ensureDir2(dirname12(this.loadedConfig.raw.tmux.socketPath));
+    await ensureRunnerExitRecordDir(this.loadedConfig.stateDir, resolved.sessionName);
     const existing = await this.sessionState.getEntry(resolved.sessionKey);
     const serverRunning = await this.tmux.isServerRunning();
     if (serverRunning && await this.tmux.hasSession(resolved.sessionName)) {
@@ -65567,9 +65718,10 @@ class RunnerSessionService {
         hasStoredSessionId: Boolean(existing?.sessionId)
       });
       try {
+        await clearRunnerExitRecord(this.loadedConfig.stateDir, resolved.sessionName);
         await this.syncSessionIdentity(resolved);
       } catch (error) {
-        throw this.mapSessionError(error, resolved.sessionName, "during startup");
+        throw await this.mapSessionError(error, resolved.sessionName, "during startup");
       }
       logLatencyDebug("ensure-session-ready-complete", timingContext, {
         startupDelayMs: 0,
@@ -65586,7 +65738,15 @@ class RunnerSessionService {
       sessionId: startupSessionId || undefined,
       resume: resumingExistingSession
     });
-    const command = buildRunnerLaunchCommand(runnerLaunch.command, runnerLaunch.args);
+    await clearRunnerExitRecord(this.loadedConfig.stateDir, resolved.sessionName);
+    const command = buildRunnerLaunchCommand({
+      command: runnerLaunch.command,
+      args: runnerLaunch.args,
+      wrapperDir: getClisbotWrapperDir(),
+      wrapperPath: getClisbotWrapperPath(),
+      sessionName: resolved.sessionName,
+      stateDir: this.loadedConfig.stateDir
+    });
     try {
       await this.tmux.newSession({
         sessionName: resolved.sessionName,
@@ -65640,7 +65800,7 @@ class RunnerSessionService {
         allowFreshRetry: options.allowFreshRetry
       });
     } catch (error) {
-      throw this.mapSessionError(error, resolved.sessionName, "during startup");
+      throw await this.mapSessionError(error, resolved.sessionName, "during startup");
     }
     logLatencyDebug("ensure-session-ready-complete", timingContext, {
       startupDelayMs: resolved.runner.startupDelayMs,
@@ -65709,14 +65869,14 @@ class RunnerSessionService {
     } catch (error) {
       const existing = await this.sessionState.getEntry(resolved.sessionKey);
       if (options.allowFreshRetryBeforePrompt === false || !existing?.sessionId || !isMissingTmuxSessionError(error)) {
-        throw this.mapSessionError(error, resolved.sessionName, "before prompt submission");
+        throw await this.mapSessionError(error, resolved.sessionName, "before prompt submission", resolved.sessionName ? await this.captureSessionSnapshot(resolved).catch(() => "") : "");
       }
       const retried = await this.retryFreshStartWithClearedSessionId(target, resolved, {
         allowRetry: true,
         nextAllowFreshRetry: false
       });
       if (!retried) {
-        throw this.mapSessionError(error, resolved.sessionName, "before prompt submission");
+        throw await this.mapSessionError(error, resolved.sessionName, "before prompt submission", resolved.sessionName ? await this.captureSessionSnapshot(resolved).catch(() => "") : "");
       }
       resolved = retried;
       return {
@@ -65835,8 +65995,8 @@ class RunnerSessionService {
       workspacePath: resolved.workspacePath
     };
   }
-  mapRunError(error, sessionName) {
-    return this.mapSessionError(error, sessionName, "while the prompt was running");
+  async mapRunError(error, sessionName, lastSnapshot = "") {
+    return await this.mapSessionError(error, sessionName, "while the prompt was running", lastSnapshot);
   }
 }
 
@@ -66348,7 +66508,7 @@ class ActiveRunManager {
           }
         });
       } catch (error) {
-        await this.failActiveRun(sessionKey, this.runnerSessions.mapRunError(error, run.resolved.sessionName));
+        await this.failActiveRun(sessionKey, await this.runnerSessions.mapRunError(error, run.resolved.sessionName, run.latestUpdate.fullSnapshot));
       }
     })();
   }
@@ -66454,8 +66614,8 @@ class AgentService {
       sessionKey: this.loadedConfig.raw.session.mainKey
     });
   }
-  async recordConversationReply(target, kind = "reply") {
-    return this.sessionState.recordConversationReply(this.resolveTarget(target), kind);
+  async recordConversationReply(target, kind = "reply", source = "channel") {
+    return this.sessionState.recordConversationReply(this.resolveTarget(target), kind, source);
   }
   async runShellCommand(target, command) {
     return this.queue.enqueue(`${target.sessionKey}:bash`, async () => this.runnerSessions.runShellCommand(target, command)).result;
@@ -66512,10 +66672,13 @@ class AgentService {
       updatedAt: Date.now(),
       nextRunAt: Date.now(),
       promptText: params.promptText,
+      canonicalPromptText: params.canonicalPromptText,
+      protectedControlMutationRule: params.protectedControlMutationRule,
       promptSummary: params.promptSummary,
       promptSource: params.promptSource,
       createdBy: params.createdBy,
-      force: params.force
+      force: params.force,
+      surfaceBinding: params.surfaceBinding
     };
     const resolved = this.resolveTarget(params.target);
     await this.sessionState.setIntervalLoop(resolved, loop);
@@ -66553,6 +66716,8 @@ class AgentService {
       updatedAt: Date.now(),
       nextRunAt,
       promptText: params.promptText,
+      canonicalPromptText: params.canonicalPromptText,
+      protectedControlMutationRule: params.protectedControlMutationRule,
       promptSummary: params.promptSummary,
       promptSource: params.promptSource,
       createdBy: params.createdBy,
@@ -66562,7 +66727,8 @@ class AgentService {
       hour: params.hour,
       minute: params.minute,
       timezone: params.timezone,
-      force: false
+      force: false,
+      surfaceBinding: params.surfaceBinding
     };
     const resolved = this.resolveTarget(params.target);
     await this.sessionState.setIntervalLoop(resolved, loop);
@@ -66718,7 +66884,8 @@ class AgentService {
       this.dropManagedIntervalLoop(loopId);
       return;
     }
-    const { result } = this.enqueuePrompt(managed.target, nextLoopState.promptText, {
+    const promptText = this.buildManagedLoopPrompt(managed.target.agentId, nextLoopState);
+    const { result } = this.enqueuePrompt(managed.target, promptText, {
       observerId: `loop:${loopId}:${attemptedRuns}`,
       onUpdate: async () => {
         return;
@@ -66790,6 +66957,52 @@ class AgentService {
     }
     return nowMs + loop.intervalMs;
   }
+  buildManagedLoopPrompt(agentId, loop) {
+    if (!loop.canonicalPromptText || !loop.surfaceBinding) {
+      return loop.promptText;
+    }
+    const identity = this.buildLoopChannelIdentity(loop.surfaceBinding);
+    const channelConfig = identity.platform === "slack" ? this.loadedConfig.raw.channels.slack : this.loadedConfig.raw.channels.telegram;
+    const { responseMode, streaming } = this.resolveLoopSurfaceModes(identity);
+    return buildAgentPromptText({
+      text: loop.canonicalPromptText,
+      identity,
+      config: channelConfig.agentPrompt,
+      cliTool: getAgentEntry(this.loadedConfig, agentId)?.cliTool,
+      responseMode,
+      streaming,
+      protectedControlMutationRule: loop.protectedControlMutationRule
+    });
+  }
+  buildLoopChannelIdentity(binding) {
+    return {
+      platform: binding.platform,
+      conversationKind: binding.conversationKind,
+      channelId: binding.channelId,
+      chatId: binding.chatId,
+      threadTs: binding.threadTs,
+      topicId: binding.topicId
+    };
+  }
+  resolveLoopSurfaceModes(identity) {
+    const channelConfig = identity.platform === "slack" ? this.loadedConfig.raw.channels.slack : this.loadedConfig.raw.channels.telegram;
+    let responseMode = channelConfig.responseMode;
+    let streaming = channelConfig.streaming;
+    if (identity.conversationKind === "dm") {
+      responseMode = channelConfig.directMessages.responseMode ?? responseMode;
+      streaming = channelConfig.directMessages.streaming ?? streaming;
+    }
+    try {
+      responseMode = resolveConfiguredSurfaceModeTarget(this.loadedConfig.raw, "responseMode", buildConfiguredTargetFromIdentity(identity)).get() ?? responseMode;
+    } catch {}
+    try {
+      streaming = resolveConfiguredSurfaceModeTarget(this.loadedConfig.raw, "streaming", buildConfiguredTargetFromIdentity(identity)).get() ?? streaming;
+    } catch {}
+    return {
+      responseMode,
+      streaming
+    };
+  }
 }
 
 // src/config/channel-accounts.ts
@@ -67112,6 +67325,37 @@ function parseAgentCommand(text, options = {}) {
       action: "status"
     };
   }
+  if (lowered === "streaming") {
+    const action = withoutSlash.slice(command.length).trim().toLowerCase();
+    if (!action || action === "status") {
+      return {
+        type: "control",
+        name: "streaming",
+        action: "status"
+      };
+    }
+    if (action === "on") {
+      return {
+        type: "control",
+        name: "streaming",
+        action: "on",
+        streaming: "all"
+      };
+    }
+    if (action === "off" || action === "latest" || action === "all") {
+      return {
+        type: "control",
+        name: "streaming",
+        action,
+        streaming: action
+      };
+    }
+    return {
+      type: "control",
+      name: "streaming",
+      action: "status"
+    };
+  }
   if (lowered === "additionalmessagemode") {
     const action = withoutSlash.slice(command.length).trim().toLowerCase();
     if (!action || action === "status") {
@@ -67240,7 +67484,7 @@ function renderAgentControlSlashHelp() {
     "- `/status`: show the current route status and operator setup commands",
     "- `/help`: show available control slash commands",
     "- `/whoami`: show the current platform, route, and sender identity details",
-    "- `/transcript`: show the current conversation session transcript when the route enables sensitive commands",
+    "- `/transcript`: show the current conversation session transcript when the route verbose policy allows it",
     "- `/attach`: attach this thread to the active run and resume live updates when it is still processing",
     "- `/detach`: stop live updates for this thread while still allowing final settlement here",
     "- `/watch every 30s [for 10m]`: post the latest state on an interval until the run settles or the watch window ends",
@@ -67251,6 +67495,11 @@ function renderAgentControlSlashHelp() {
     "- `/followup mention-only`: require explicit mention for each later turn",
     "- `/followup pause`: stop passive follow-up until the next explicit mention",
     "- `/followup resume`: clear the runtime override and restore config defaults",
+    "- `/streaming status`: show the configured streaming mode for this surface",
+    "- `/streaming on`: enable streaming for this surface using the current `all` preview behavior",
+    "- `/streaming off`: disable surface streaming previews for this surface",
+    "- `/streaming latest`: prefer the latest preview shape for this surface",
+    "- `/streaming all`: retain the full current preview shape for this surface",
     "- `/responsemode status`: show the configured response mode for this surface",
     "- `/responsemode capture-pane`: settle replies from captured pane output for this surface",
     "- `/responsemode message-tool`: expect the agent to reply through `clisbot message send` for this surface",
@@ -67262,8 +67511,8 @@ function renderAgentControlSlashHelp() {
     "- `/queue-list`: show queued messages that have not started yet",
     "- `/queue-clear`: clear queued messages that have not started yet",
     ...renderLoopHelpLines(),
-    "- `/bash` followed by a shell command: requires `privilegeCommands.enabled: true` on the current route",
-    "- shortcut prefixes such as `!` run bash when the route allows privilege commands",
+    "- `/bash` followed by a shell command: requires `shellExecute` on the resolved agent role",
+    "- shortcut prefixes such as `!` run bash only when the resolved agent role allows `shellExecute`",
     "",
     "Other slash commands are forwarded to the agent unchanged."
   ].join(`
@@ -67300,6 +67549,7 @@ function buildRenderedMessageState(params) {
       queuePosition: params.queuePosition,
       maxChars: params.maxChars,
       note: params.note,
+      allowTranscriptInspection: params.allowTranscriptInspection,
       responsePolicy: params.responsePolicy
     }),
     body
@@ -67329,35 +67579,45 @@ function formatChannelFollowUpStatus(params) {
 `);
 }
 
-// src/channels/privilege-commands.ts
-function resolvePrivilegeCommands(rootConfig, override) {
+// src/channels/streaming-config.ts
+function getEditableConfigPath7() {
+  return process.env.CLISBOT_CONFIG_PATH;
+}
+async function getConversationStreaming(params) {
+  const { config } = await readEditableConfig(getEditableConfigPath7());
+  const target = resolveConfiguredSurfaceModeTarget(config, "streaming", buildConfiguredTargetFromIdentity(params.identity));
   return {
-    enabled: override?.enabled ?? rootConfig.enabled,
-    allowUsers: override?.allowUsers ?? rootConfig.allowUsers
+    label: target.label,
+    streaming: target.get()
   };
 }
-function canUsePrivilegeCommands(params) {
-  if (!params.config.enabled) {
-    return false;
-  }
-  if (!params.config.allowUsers.length) {
-    return true;
-  }
-  const normalizedUserId = params.userId?.trim() ?? "";
-  if (!normalizedUserId) {
-    return false;
-  }
-  return params.config.allowUsers.includes(normalizedUserId);
+async function setConversationStreaming(params) {
+  const { config, configPath } = await readEditableConfig(getEditableConfigPath7());
+  const target = resolveConfiguredSurfaceModeTarget(config, "streaming", buildConfiguredTargetFromIdentity(params.identity));
+  target.set(params.streaming);
+  await writeEditableConfig(configPath, config);
+  return {
+    configPath,
+    label: target.label,
+    streaming: params.streaming
+  };
 }
 
 // src/channels/interaction-processing.ts
-import { join as join7 } from "node:path";
-function renderSensitiveCommandDisabledMessage(identity) {
+import { join as join8 } from "node:path";
+var MESSAGE_TOOL_FINAL_GRACE_WINDOW_MS = 3000;
+var MESSAGE_TOOL_FINAL_GRACE_POLL_MS = 100;
+function renderSensitiveCommandDisabledMessage() {
   return [
-    "Privilege commands are not allowed for this route or user.",
-    "Enable `privilegeCommands.enabled` on the route to allow transcript and bash commands. Use `privilegeCommands.allowUsers` to restrict access to specific user ids.",
-    "",
-    ...renderPrivilegeCommandHelpLines(identity)
+    "Shell execution is not allowed for your current role on this agent.",
+    "Ask an app or agent admin to grant `shellExecute` if this surface should allow `/bash`."
+  ].join(`
+`);
+}
+function renderTranscriptDisabledMessage() {
+  return [
+    "Transcript inspection is disabled for this route.",
+    'Set `verbose: "minimal"` on the route or channel to allow `/transcript`.'
   ].join(`
 `);
 }
@@ -67385,7 +67645,7 @@ function renderWhoAmIMessage(params) {
   if (params.identity.topicId) {
     lines.push(`topicId: \`${params.identity.topicId}\``);
   }
-  lines.push(`privilegeCommands.enabled: \`${params.route.privilegeCommands.enabled}\``, `privilegeCommands.allowUsers: \`${params.route.privilegeCommands.allowUsers.join(", ") || "(all users on route)"}\``);
+  lines.push(`principal: \`${params.auth.principal ?? "(none)"}\``, `appRole: \`${params.auth.appRole}\``, `agentRole: \`${params.auth.agentRole}\``, `mayBypassPairing: \`${params.auth.mayBypassPairing}\``, `mayManageProtectedResources: \`${params.auth.mayManageProtectedResources}\``, `canUseShell: \`${params.auth.canUseShell}\``, `verbose: \`${params.route.verbose}\``);
   return lines.join(`
 `);
 }
@@ -67413,7 +67673,7 @@ function renderRouteStatusMessage(params) {
   if (params.identity.topicId) {
     lines.push(`topicId: \`${params.identity.topicId}\``);
   }
-  lines.push(`streaming: \`${params.route.streaming}\``, `response: \`${params.route.response}\``, `responseMode: \`${params.route.responseMode}\``, `additionalMessageMode: \`${params.route.additionalMessageMode}\``, `timezone: \`${params.route.timezone ?? "(inherit host/app)"}\``, `followUp.mode: \`${params.followUpState.overrideMode ?? params.route.followUp.mode}\``, `followUp.windowMinutes: \`${formatFollowUpTtlMinutes(params.route.followUp.participationTtlMs)}\``, `run.state: \`${params.runtimeState.state}\``, `privilegeCommands.enabled: \`${params.route.privilegeCommands.enabled}\``, `privilegeCommands.allowUsers: \`${params.route.privilegeCommands.allowUsers.join(", ") || "(all users on route)"}\``);
+  lines.push(`streaming: \`${params.route.streaming}\``, `response: \`${params.route.response}\``, `responseMode: \`${params.route.responseMode}\``, `additionalMessageMode: \`${params.route.additionalMessageMode}\``, `verbose: \`${params.route.verbose}\``, `principal: \`${params.auth.principal ?? "(none)"}\``, `appRole: \`${params.auth.appRole}\``, `agentRole: \`${params.auth.agentRole}\``, `mayManageProtectedResources: \`${params.auth.mayManageProtectedResources}\``, `canUseShell: \`${params.auth.canUseShell}\``, `timezone: \`${params.route.timezone ?? "(inherit host/app)"}\``, `followUp.mode: \`${params.followUpState.overrideMode ?? params.route.followUp.mode}\``, `followUp.windowMinutes: \`${formatFollowUpTtlMinutes(params.route.followUp.participationTtlMs)}\``, `run.state: \`${params.runtimeState.state}\``);
   if (params.runtimeState.startedAt) {
     lines.push(`run.startedAt: \`${new Date(params.runtimeState.startedAt).toISOString()}\``);
   }
@@ -67427,11 +67687,13 @@ function renderRouteStatusMessage(params) {
       lines.push(`- \`${loop.id}\` ${renderLoopStatusSchedule(loop)} remaining \`${loop.remainingRuns}\` nextRunAt \`${new Date(loop.nextRunAt).toISOString()}\``);
     }
   }
-  lines.push("", "Useful commands:", "- `/help`", "- `/whoami`", "- `/status`", "- `/attach`, `/detach`, `/watch every 30s`", "- `/followup status`", "- `/responsemode status`", "- `/additionalmessagemode status`", "- `/loop status`, `/loop cancel`, `/loop cancel <id>`", "- `/queue <message>`, `/steer <message>`", "- `/queue-list`, `/queue-clear`", "- `/transcript` and `/bash` require privilege commands");
-  lines.push("", ...renderPrivilegeCommandHelpLines(params.identity));
+  lines.push("", "Useful commands:", "- `/help`", "- `/whoami`", "- `/status`", "- `/attach`, `/detach`, `/watch every 30s`", "- `/followup status`", "- `/streaming status`", "- `/responsemode status`", "- `/additionalmessagemode status`", "- `/loop status`, `/loop cancel`, `/loop cancel <id>`", "- `/queue <message>`, `/steer <message>`", "- `/queue-list`, `/queue-clear`", params.route.verbose === "off" ? "- `/transcript` disabled on this route (`verbose: off`)" : "- `/transcript` enabled on this route (`verbose: minimal`)", "- `/bash` requires `shellExecute`");
   return lines.join(`
 `);
 }
+function allowTranscriptInspectionForRoute(route) {
+  return route.verbose === "minimal";
+}
 function renderResponseModeStatusMessage(params) {
   const lines = [
     "clisbot response mode",
@@ -67446,6 +67708,18 @@ function renderResponseModeStatusMessage(params) {
   return lines.join(`
 `);
 }
+function renderStreamingStatusMessage(params) {
+  const lines = [
+    `clisbot streaming mode: \`${params.route.streaming}\``
+  ];
+  if (params.persisted) {
+    lines.push("");
+    lines.push(`config.target: \`${params.persisted.label}\``);
+  }
+  lines.push("", "Available values:", "- `off`: do not show live surface preview updates", "- `on`: slash-command shorthand that persists as `all`", "- `all`: keep streaming enabled with the current full preview behavior", "- `latest`: keep streaming enabled; current runtime behavior still matches `all` until preview shaping is refined");
+  return lines.join(`
+`);
+}
 function renderAdditionalMessageModeStatusMessage(params) {
   const lines = [
     "clisbot additional message mode",
@@ -67471,11 +67745,17 @@ function buildChannelObserverId(identity) {
     identity.topicId ?? ""
   ].join(":");
 }
-function buildSteeringMessage(text) {
+function buildSteeringMessage(text, protectedControlMutationRule) {
+  const systemLines = [
+    "A new user message arrived while you were still working.",
+    "Adjust your current work if needed and continue."
+  ];
+  if (protectedControlMutationRule) {
+    systemLines.push("", protectedControlMutationRule);
+  }
   return [
     "<system>",
-    "A new user message arrived while you were still working.",
-    "Adjust your current work if needed and continue.",
+    ...systemLines,
     "</system>",
     "",
     "<user>",
@@ -67614,7 +67894,7 @@ async function resolveLoopPromptText(params) {
     };
   }
   const workspacePath = params.agentService.getWorkspacePath(params.sessionTarget);
-  const loopPromptPath = join7(workspacePath, "LOOP.md");
+  const loopPromptPath = join8(workspacePath, "LOOP.md");
   if (!await fileExists(loopPromptPath)) {
     throw new Error(`No loop prompt was provided and LOOP.md was not found in \`${workspacePath}\`. Create LOOP.md there if you want maintenance loops.`);
   }
@@ -67627,29 +67907,93 @@ async function resolveLoopPromptText(params) {
     maintenancePrompt: true
   };
 }
+function buildLoopSurfaceBinding(identity) {
+  return {
+    platform: identity.platform,
+    conversationKind: identity.conversationKind,
+    channelId: identity.channelId,
+    chatId: identity.chatId,
+    threadTs: identity.threadTs,
+    topicId: identity.topicId
+  };
+}
 async function executePromptDelivery(params) {
   let responseChunks = [];
   let renderedState;
   let renderChain = Promise.resolve();
   let replyRecorded = false;
+  let finalReplyRecorded = false;
   let loggedFirstRunningUpdate = false;
-  const channelManagedDelivery = params.route.responseMode === "capture-pane" || params.forceQueuedDelivery === true;
-  async function recordReplyIfNeeded() {
+  let activePreviewStartedAt;
+  let lastFrozenPreviewText;
+  const paneManagedDelivery = params.route.responseMode === "capture-pane" || params.forceQueuedDelivery === true;
+  const messageToolPreview = params.route.responseMode === "message-tool" && params.forceQueuedDelivery !== true && params.route.streaming !== "off";
+  const previewEnabled = params.route.streaming !== "off" && (paneManagedDelivery || messageToolPreview);
+  async function recordVisibleReply(kind = "reply", source = "channel") {
+    if (kind === "final") {
+      if (finalReplyRecorded) {
+        return;
+      }
+      await params.agentService.recordConversationReply(params.sessionTarget, "final", source);
+      finalReplyRecorded = true;
+      replyRecorded = true;
+      return;
+    }
     if (replyRecorded) {
       return;
     }
-    await params.agentService.recordConversationReply(params.sessionTarget);
+    await params.agentService.recordConversationReply(params.sessionTarget, "reply", source);
     replyRecorded = true;
   }
   async function renderResponseText(nextText) {
     if (!responseChunks.length) {
       responseChunks = await params.postText(nextText);
-      if (responseChunks.length > 0) {
-        await recordReplyIfNeeded();
-      }
-      return;
+      return responseChunks.length > 0;
     }
     responseChunks = await params.reconcileText(responseChunks, nextText);
+    return false;
+  }
+  async function clearResponseText() {
+    if (!responseChunks.length) {
+      return;
+    }
+    responseChunks = await params.reconcileText(responseChunks, "");
+    renderedState = undefined;
+    activePreviewStartedAt = undefined;
+  }
+  function resetPreviewBoundary() {
+    lastFrozenPreviewText = renderedState?.text ?? lastFrozenPreviewText;
+    responseChunks = [];
+    renderedState = undefined;
+    activePreviewStartedAt = undefined;
+  }
+  async function getMessageToolRuntimeSignals() {
+    if (params.route.responseMode !== "message-tool" || params.forceQueuedDelivery === true) {
+      return {
+        lastMessageToolReplyAt: undefined,
+        messageToolFinalReplyAt: undefined
+      };
+    }
+    const runtime = await params.agentService.getSessionRuntime?.(params.sessionTarget);
+    return {
+      lastMessageToolReplyAt: runtime?.lastMessageToolReplyAt,
+      messageToolFinalReplyAt: runtime?.messageToolFinalReplyAt
+    };
+  }
+  async function waitForMessageToolFinalReply() {
+    const deadline = Date.now() + MESSAGE_TOOL_FINAL_GRACE_WINDOW_MS;
+    while (true) {
+      const signals = await getMessageToolRuntimeSignals();
+      const toolFinalSeen = typeof signals.messageToolFinalReplyAt === "number" && Number.isFinite(signals.messageToolFinalReplyAt);
+      if (toolFinalSeen) {
+        return true;
+      }
+      const remainingMs = deadline - Date.now();
+      if (remainingMs <= 0) {
+        return false;
+      }
+      await sleep(Math.min(MESSAGE_TOOL_FINAL_GRACE_POLL_MS, remainingMs));
+    }
   }
   logLatencyDebug("channel-enqueue-start", params.timingContext, {
     agentId: params.route.agentId,
@@ -67660,7 +68004,7 @@ async function executePromptDelivery(params) {
       observerId: params.observerId,
       timingContext: params.timingContext,
       onUpdate: async (update) => {
-        if (!channelManagedDelivery) {
+        if (!paneManagedDelivery && !messageToolPreview) {
           return;
         }
         if (params.route.streaming === "off" && update.status === "running") {
@@ -67674,6 +68018,15 @@ async function executePromptDelivery(params) {
           });
         }
         await (renderChain = renderChain.then(async () => {
+          const signals = await getMessageToolRuntimeSignals();
+          if (messageToolPreview && typeof activePreviewStartedAt === "number" && typeof signals.messageToolFinalReplyAt === "number" && signals.messageToolFinalReplyAt >= activePreviewStartedAt) {
+            lastFrozenPreviewText = renderedState?.text ?? lastFrozenPreviewText;
+            activePreviewStartedAt = undefined;
+            return;
+          }
+          if (messageToolPreview && typeof activePreviewStartedAt === "number" && typeof signals.lastMessageToolReplyAt === "number" && signals.lastMessageToolReplyAt >= activePreviewStartedAt) {
+            resetPreviewBoundary();
+          }
           const nextState2 = buildRenderedMessageState({
             platform: params.identity.platform,
             status: update.status,
@@ -67681,21 +68034,26 @@ async function executePromptDelivery(params) {
             queuePosition: positionAhead,
             maxChars: Number.POSITIVE_INFINITY,
             note: update.note,
+            allowTranscriptInspection: allowTranscriptInspectionForRoute(params.route),
             previousState: renderedState,
             responsePolicy: params.route.response
           });
           if (renderedState?.text === nextState2.text) {
             return;
           }
-          if (!responseChunks.length) {
+          if (!renderedState && lastFrozenPreviewText === nextState2.text) {
             return;
           }
-          await renderResponseText(nextState2.text);
+          const postedNew2 = await renderResponseText(nextState2.text);
+          if (postedNew2) {
+            await recordVisibleReply("reply", "channel");
+            activePreviewStartedAt = Date.now();
+          }
           renderedState = nextState2;
         }));
       }
     });
-    if (channelManagedDelivery && params.route.streaming !== "off") {
+    if (previewEnabled) {
       const placeholderText = renderPlatformInteraction({
         platform: params.identity.platform,
         status: positionAhead > 0 ? "queued" : "running",
@@ -67704,13 +68062,16 @@ async function executePromptDelivery(params) {
         maxChars: Number.POSITIVE_INFINITY,
         note: positionAhead > 0 ? "Waiting for the agent queue to clear." : "Working..."
       });
-      responseChunks = await params.postText(placeholderText);
-      await recordReplyIfNeeded();
+      const postedNew2 = await renderResponseText(placeholderText);
+      if (postedNew2) {
+        await recordVisibleReply("reply", "channel");
+        activePreviewStartedAt = Date.now();
+      }
       renderedState = {
         text: placeholderText,
         body: ""
       };
-    } else if (channelManagedDelivery && positionAhead > 0) {
+    } else if (paneManagedDelivery && positionAhead > 0 && params.route.streaming !== "off") {
       const queuedText = renderPlatformInteraction({
         platform: params.identity.platform,
         status: "queued",
@@ -67719,8 +68080,10 @@ async function executePromptDelivery(params) {
         maxChars: Number.POSITIVE_INFINITY,
         note: "Waiting for the agent queue to clear."
       });
-      responseChunks = await params.postText(queuedText);
-      await recordReplyIfNeeded();
+      const postedNew2 = await renderResponseText(queuedText);
+      if (postedNew2) {
+        await recordVisibleReply("reply", "channel");
+      }
       renderedState = {
         text: queuedText,
         body: ""
@@ -67728,55 +68091,86 @@ async function executePromptDelivery(params) {
     }
     const finalResult = await result;
     await renderChain;
-    if (!channelManagedDelivery) {
-      if (finalResult.status !== "error") {
-        return;
-      }
-      await params.postText(renderPlatformInteraction({
-        platform: params.identity.platform,
-        status: finalResult.status,
-        content: finalResult.note ?? finalResult.snapshot,
-        maxChars: Number.POSITIVE_INFINITY,
-        note: finalResult.note,
-        responsePolicy: "final"
-      }));
-      await recordReplyIfNeeded();
-      return;
-    }
     const nextState = buildRenderedMessageState({
       platform: params.identity.platform,
       status: finalResult.status,
       snapshot: finalResult.snapshot,
       maxChars: Number.POSITIVE_INFINITY,
       note: finalResult.note,
+      allowTranscriptInspection: allowTranscriptInspectionForRoute(params.route),
       previousState: renderedState,
       responsePolicy: params.route.response
     });
-    if (params.route.streaming === "off") {
-      await params.postText(renderPlatformInteraction({
+    if (paneManagedDelivery) {
+      if (params.route.streaming === "off") {
+        const postedNew3 = await renderResponseText(renderPlatformInteraction({
+          platform: params.identity.platform,
+          status: finalResult.status,
+          content: nextState.body,
+          maxChars: Number.POSITIVE_INFINITY,
+          note: finalResult.note,
+          allowTranscriptInspection: allowTranscriptInspectionForRoute(params.route),
+          responsePolicy: params.route.response
+        }));
+        if (postedNew3 || finalResult.status === "completed") {
+          await recordVisibleReply(finalResult.status === "completed" ? "final" : "reply", "channel");
+        }
+        return;
+      }
+      const postedNew2 = await renderResponseText(nextState.text);
+      if (postedNew2) {
+        await recordVisibleReply("reply", "channel");
+      }
+      if (finalResult.status === "completed") {
+        await recordVisibleReply("final", "channel");
+      }
+      return;
+    }
+    const toolFinalSeen = finalResult.status === "completed" ? await waitForMessageToolFinalReply() : false;
+    if (finalResult.status === "completed" && toolFinalSeen) {
+      if (params.route.response === "final") {
+        await clearResponseText();
+      }
+      return;
+    }
+    if (finalResult.status === "completed") {
+      return;
+    }
+    if (params.route.streaming === "off" || responseChunks.length === 0) {
+      const postedNew2 = await renderResponseText(renderPlatformInteraction({
         platform: params.identity.platform,
         status: finalResult.status,
         content: nextState.body,
         maxChars: Number.POSITIVE_INFINITY,
         note: finalResult.note,
-        responsePolicy: "final"
+        allowTranscriptInspection: allowTranscriptInspectionForRoute(params.route),
+        responsePolicy: params.route.response
       }));
-      await recordReplyIfNeeded();
+      if (postedNew2) {
+        await recordVisibleReply("reply", "channel");
+      }
       return;
     }
-    await renderResponseText(nextState.text);
+    const postedNew = await renderResponseText(nextState.text);
+    if (postedNew) {
+      await recordVisibleReply("reply", "channel");
+    }
   } catch (error) {
     if (error instanceof ClearedQueuedTaskError) {
       return;
     }
     if (error instanceof ActiveRunInProgressError) {
-      const activeText = error.update.note ?? String(error);
+      const activeText = error.update.status === "detached" ? resolveDetachedInteractionNote({
+        baseNote: error.update.note ?? String(error),
+        allowTranscriptInspection: allowTranscriptInspectionForRoute(params.route),
+        transcriptCommand: params.identity.platform === "telegram" ? "/transcript" : "`/transcript`"
+      }) : error.update.note ?? String(error);
       if (params.route.streaming !== "off" && responseChunks.length > 0) {
         await params.reconcileText(responseChunks, activeText);
       } else {
         await params.postText(activeText);
       }
-      await params.agentService.recordConversationReply(params.sessionTarget);
+      await recordVisibleReply("reply", "channel");
       return;
     }
     const errorText = renderPlatformInteraction({
@@ -67790,12 +68184,24 @@ async function executePromptDelivery(params) {
     } else {
       await params.postText(errorText);
     }
+    await recordVisibleReply("reply", "channel");
   }
 }
 async function processChannelInteraction(params) {
+  const interactionResult = {
+    processingIndicatorLifecycle: "handler"
+  };
   let responseChunks = [];
   let renderedState;
   const observerId = buildChannelObserverId(params.identity);
+  const auth = params.auth ?? {
+    principal: params.senderId ? `${params.identity.platform}:${params.senderId}` : undefined,
+    appRole: "member",
+    agentRole: "member",
+    mayBypassPairing: false,
+    mayManageProtectedResources: false,
+    canUseShell: false
+  };
   let replyRecorded = false;
   let renderChain = Promise.resolve();
   async function recordReplyIfNeeded() {
@@ -67852,14 +68258,12 @@ async function processChannelInteraction(params) {
   const sessionBusy = await (params.agentService.isAwaitingFollowUpRouting?.(params.sessionTarget) ?? params.agentService.isSessionBusy?.(params.sessionTarget) ?? false);
   const queueByMode = !explicitQueueMessage && params.route.additionalMessageMode === "queue" && sessionBusy;
   const forceQueuedDelivery = typeof explicitQueueMessage === "string" || queueByMode;
-  const isSensitiveCommand = slashCommand?.type === "bash" || slashCommand?.type === "control" && slashCommand.name === "transcript";
-  if (isSensitiveCommand && !canUsePrivilegeCommands({
-    config: params.route.privilegeCommands,
-    userId: params.senderId
-  })) {
-    await params.postText(renderSensitiveCommandDisabledMessage(params.identity));
+  const delayedPromptText = explicitQueueMessage ? params.agentPromptBuilder ? params.agentPromptBuilder(explicitQueueMessage) : explicitQueueMessage : params.agentPromptText ?? params.text;
+  const isSensitiveCommand = slashCommand?.type === "bash";
+  if (isSensitiveCommand && !auth.canUseShell) {
+    await params.postText(renderSensitiveCommandDisabledMessage());
     await params.agentService.recordConversationReply(params.sessionTarget);
-    return;
+    return interactionResult;
   }
   if (slashCommand?.type === "control") {
     if (slashCommand.name === "start" || slashCommand.name === "status") {
@@ -67871,6 +68275,7 @@ async function processChannelInteraction(params) {
       await params.postText(renderRouteStatusMessage({
         identity: params.identity,
         route: params.route,
+        auth,
         sessionTarget: params.sessionTarget,
         followUpState,
         runtimeState,
@@ -67880,23 +68285,29 @@ async function processChannelInteraction(params) {
         }
       }));
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     if (slashCommand.name === "help") {
       await params.postText(renderAgentControlSlashHelp());
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     if (slashCommand.name === "whoami") {
       await params.postText(renderWhoAmIMessage({
         identity: params.identity,
         route: params.route,
+        auth,
         sessionTarget: params.sessionTarget
       }));
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     if (slashCommand.name === "transcript") {
+      if (params.route.verbose === "off") {
+        await params.postText(renderTranscriptDisabledMessage());
+        await params.agentService.recordConversationReply(params.sessionTarget);
+        return interactionResult;
+      }
       const transcript = await params.agentService.captureTranscript(params.sessionTarget);
       await params.postText(renderChannelSnapshot({
         agentId: transcript.agentId,
@@ -67907,20 +68318,20 @@ async function processChannelInteraction(params) {
         maxChars: params.maxChars,
         note: "transcript command"
       }));
-      return;
+      return interactionResult;
     }
     if (slashCommand.name === "attach") {
       const observation = await params.agentService.observeRun(params.sessionTarget, buildRunObserver({
         mode: "live"
       }));
       await applyRunUpdate(observation.update);
-      return;
+      return interactionResult;
     }
     if (slashCommand.name === "detach") {
       const detached = await params.agentService.detachRunObserver(params.sessionTarget, observerId);
       await params.postText(detached.detached ? "Detached this thread from live updates. clisbot will still post the final settlement here when the run completes." : "This thread was not attached to an active run.");
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     if (slashCommand.name === "watch") {
       const observation = await params.agentService.observeRun(params.sessionTarget, buildRunObserver({
@@ -67929,19 +68340,19 @@ async function processChannelInteraction(params) {
         durationMs: slashCommand.durationMs
       }));
       await applyRunUpdate(observation.update);
-      return;
+      return interactionResult;
     }
     if (slashCommand.name === "stop") {
       const stopped = await params.agentService.interruptSession(params.sessionTarget);
       await params.postText(stopped.interrupted ? `Interrupted agent \`${stopped.agentId}\` session \`${stopped.sessionName}\`.` : `Agent \`${stopped.agentId}\` session \`${stopped.sessionName}\` was not running.`);
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     if (slashCommand.name === "nudge") {
       const nudged = await params.agentService.nudgeSession(params.sessionTarget);
       await params.postText(nudged.nudged ? `Sent one extra Enter to agent \`${nudged.agentId}\` session \`${nudged.sessionName}\`.` : `No active or resumable session to nudge for agent \`${nudged.agentId}\`.`);
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     if (slashCommand.name === "followup") {
       if (slashCommand.action === "status") {
@@ -67960,7 +68371,32 @@ async function processChannelInteraction(params) {
         await params.postText(slashCommand.mode === "paused" ? "Follow-up paused for this conversation until the next explicit mention." : `Follow-up mode set to \`${slashCommand.mode}\` for this conversation.`);
       }
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
+    }
+    if (slashCommand.name === "streaming") {
+      if (slashCommand.action === "status") {
+        const persisted = await getConversationStreaming({
+          identity: params.identity
+        });
+        await params.postText(renderStreamingStatusMessage({
+          route: params.route,
+          persisted
+        }));
+      } else if (slashCommand.streaming) {
+        const persisted = await setConversationStreaming({
+          identity: params.identity,
+          streaming: slashCommand.streaming
+        });
+        await params.postText([
+          `Updated streaming mode for \`${persisted.label}\`.`,
+          `config.streaming: \`${persisted.streaming}\``,
+          `config: \`${persisted.configPath}\``,
+          slashCommand.action === "on" ? "`/streaming on` persists as `all` until `latest` and `all` diverge in runtime behavior." : "If config reload is enabled, the new mode should apply automatically shortly."
+        ].join(`
+`));
+      }
+      await params.agentService.recordConversationReply(params.sessionTarget);
+      return interactionResult;
     }
     if (slashCommand.name === "responsemode") {
       if (slashCommand.action === "status") {
@@ -67985,7 +68421,7 @@ async function processChannelInteraction(params) {
 `));
       }
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     if (slashCommand.name === "additionalmessagemode") {
       if (slashCommand.action === "status") {
@@ -68010,19 +68446,19 @@ async function processChannelInteraction(params) {
 `));
       }
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     if (slashCommand.name === "queue-list") {
       const queuedItems = params.agentService.listQueuedPrompts?.(params.sessionTarget) ?? [];
       await params.postText(renderQueuedMessagesList(queuedItems));
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     if (slashCommand.name === "queue-clear") {
       const clearedCount = params.agentService.clearQueuedPrompts?.(params.sessionTarget) ?? 0;
       await params.postText(clearedCount > 0 ? `Cleared ${clearedCount} queued message${clearedCount === 1 ? "" : "s"}.` : "Queue was already empty.");
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
   }
   if (slashCommand?.type === "loop-control") {
@@ -68034,7 +68470,7 @@ async function processChannelInteraction(params) {
         globalLoopCount: params.agentService.getActiveIntervalLoopCount?.() ?? 0
       }));
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     const sessionLoops = params.agentService.listIntervalLoops?.({
       sessionKey: params.sessionTarget.sessionKey
@@ -68043,31 +68479,31 @@ async function processChannelInteraction(params) {
       const cancelled2 = await params.agentService.cancelAllIntervalLoops();
       await params.postText(cancelled2 > 0 ? `Cancelled ${cancelled2} active loop${cancelled2 === 1 ? "" : "s"} across the whole app.` : "No active loops to cancel across the whole app.");
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     if (slashCommand.all) {
       const cancelled2 = await params.agentService.cancelIntervalLoopsForSession(params.sessionTarget);
       await params.postText(cancelled2 > 0 ? `Cancelled ${cancelled2} active loop${cancelled2 === 1 ? "" : "s"} for this session.` : "No active loops to cancel for this session.");
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     const targetLoopId = slashCommand.loopId || (sessionLoops.length === 1 ? sessionLoops[0]?.id : undefined);
     if (!targetLoopId) {
       await params.postText(sessionLoops.length === 0 ? "No active loops to cancel for this session." : "Multiple active loops exist for this session. Use `/loop cancel <id>` or `/loop cancel --all`.");
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     const cancelled = await params.agentService.cancelIntervalLoop(targetLoopId);
     await params.postText(cancelled ? `Cancelled loop \`${targetLoopId}\`.` : `No active loop found with id \`${targetLoopId}\`.`);
     await params.agentService.recordConversationReply(params.sessionTarget);
-    return;
+    return interactionResult;
   }
   if (slashCommand?.type === "loop-error") {
     await params.postText(`${slashCommand.message}
 
 ${renderLoopUsage()}`);
     await params.agentService.recordConversationReply(params.sessionTarget);
-    return;
+    return interactionResult;
   }
   if (slashCommand?.type === "loop") {
     const loopConfig = params.agentService.getLoopConfig();
@@ -68078,7 +68514,7 @@ ${renderLoopUsage()}`);
 
 ${renderLoopUsage()}`);
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     if (slashCommand.params.mode === "interval") {
       const intervalValidation = validateLoopInterval({
@@ -68090,7 +68526,7 @@ ${renderLoopUsage()}`);
 
 ${renderLoopUsage()}`);
         await params.agentService.recordConversationReply(params.sessionTarget);
-        return;
+        return interactionResult;
       }
     }
     let resolvedLoopPrompt;
@@ -68103,7 +68539,7 @@ ${renderLoopUsage()}`);
     } catch (error) {
       await params.postText(String(error));
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     const buildLoopPromptText = (text) => params.agentPromptBuilder ? params.agentPromptBuilder(text) : text;
     if (slashCommand.params.mode === "times") {
@@ -68126,7 +68562,7 @@ ${renderLoopUsage()}`);
           observerId: `${observerId}:loop:${index + 1}`
         });
       }
-      return;
+      return interactionResult;
     }
     if (slashCommand.params.mode === "calendar") {
       const effectiveTimezone = resolveEffectiveLoopTimezone({
@@ -68136,8 +68572,10 @@ ${renderLoopUsage()}`);
       const createdLoop2 = await params.agentService.createCalendarLoop({
         target: params.sessionTarget,
         promptText: buildLoopPromptText(resolvedLoopPrompt.text),
+        canonicalPromptText: resolvedLoopPrompt.text,
         promptSummary: summarizeLoopPrompt(resolvedLoopPrompt.text, resolvedLoopPrompt.maintenancePrompt),
         promptSource: resolvedLoopPrompt.maintenancePrompt ? "LOOP.md" : "custom",
+        surfaceBinding: buildLoopSurfaceBinding(params.identity),
         cadence: slashCommand.params.cadence,
         dayOfWeek: slashCommand.params.dayOfWeek,
         localTime: slashCommand.params.localTime,
@@ -68145,7 +68583,8 @@ ${renderLoopUsage()}`);
         minute: slashCommand.params.minute,
         timezone: effectiveTimezone,
         maxRuns: maxRunsPerLoop,
-        createdBy: params.senderId
+        createdBy: params.senderId,
+        protectedControlMutationRule: params.protectedControlMutationRule
       });
       await params.postText(renderLoopStartedMessage({
         mode: "calendar",
@@ -68165,17 +68604,20 @@ ${renderLoopUsage()}`);
         globalLoopCount: params.agentService.getActiveIntervalLoopCount()
       }));
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
     const createdLoop = await params.agentService.createIntervalLoop({
       target: params.sessionTarget,
       promptText: buildLoopPromptText(resolvedLoopPrompt.text),
+      canonicalPromptText: resolvedLoopPrompt.text,
       promptSummary: summarizeLoopPrompt(resolvedLoopPrompt.text, resolvedLoopPrompt.maintenancePrompt),
       promptSource: resolvedLoopPrompt.maintenancePrompt ? "LOOP.md" : "custom",
+      surfaceBinding: buildLoopSurfaceBinding(params.identity),
       intervalMs: effectiveIntervalMs,
       maxRuns: maxRunsPerLoop,
       createdBy: params.senderId,
-      force: slashCommand.params.force
+      force: slashCommand.params.force,
+      protectedControlMutationRule: params.protectedControlMutationRule
     });
     await params.postText(renderLoopStartedMessage({
       mode: "interval",
@@ -68193,55 +68635,59 @@ ${renderLoopUsage()}`);
       }).warning
     }));
     await params.agentService.recordConversationReply(params.sessionTarget);
-    return;
+    return interactionResult;
   }
   if (slashCommand?.type === "bash") {
     if (!slashCommand.command.trim()) {
       await params.postText("Usage: `/bash <command>` or a configured bash shortcut such as `!<command>`");
-      return;
+      return interactionResult;
     }
-    const result = await params.agentService.runShellCommand(params.sessionTarget, slashCommand.command);
+    const shellResult = await params.agentService.runShellCommand(params.sessionTarget, slashCommand.command);
     const header = [
-      `Bash in \`${result.workspacePath}\``,
-      `command: \`${result.command}\``,
-      result.timedOut ? "exit: `124` timed out" : `exit: \`${result.exitCode}\``
+      `Bash in \`${shellResult.workspacePath}\``,
+      `command: \`${shellResult.command}\``,
+      shellResult.timedOut ? "exit: `124` timed out" : `exit: \`${shellResult.exitCode}\``
     ].join(`
 `);
-    const body = result.output ? `
+    const body = shellResult.output ? `
 
 \`\`\`text
-${escapeCodeFence(result.output)}
+${escapeCodeFence(shellResult.output)}
 \`\`\`` : "\n\n`(no output)`";
     await params.postText(`${header}${body}`);
     await params.agentService.recordConversationReply(params.sessionTarget);
-    return;
+    return interactionResult;
   }
   if (slashCommand?.type === "queue" && !explicitQueueMessage) {
     await params.postText("Usage: `/queue <message>` or `\\q <message>`");
     await params.agentService.recordConversationReply(params.sessionTarget);
-    return;
+    return interactionResult;
   }
   if (slashCommand?.type === "steer" && !explicitSteerMessage) {
     await params.postText("Usage: `/steer <message>` or `\\s <message>`");
     await params.agentService.recordConversationReply(params.sessionTarget);
-    return;
+    return interactionResult;
   }
   if (explicitSteerMessage) {
     const hasActiveRun = params.agentService.hasActiveRun?.(params.sessionTarget) ?? false;
     if (!hasActiveRun) {
       await params.postText("No active run to steer.");
       await params.agentService.recordConversationReply(params.sessionTarget);
-      return;
+      return interactionResult;
     }
-    await params.agentService.submitSessionInput(params.sessionTarget, buildSteeringMessage(explicitSteerMessage));
+    await params.agentService.submitSessionInput(params.sessionTarget, buildSteeringMessage(explicitSteerMessage, params.protectedControlMutationRule));
     await params.postText("Steered.");
     await params.agentService.recordConversationReply(params.sessionTarget);
-    return;
+    return {
+      processingIndicatorLifecycle: "active-run"
+    };
   }
   if (!forceQueuedDelivery && params.route.additionalMessageMode === "steer") {
     if (sessionBusy) {
-      await params.agentService.submitSessionInput(params.sessionTarget, buildSteeringMessage(params.text));
-      return;
+      await params.agentService.submitSessionInput(params.sessionTarget, buildSteeringMessage(params.text, params.protectedControlMutationRule));
+      return {
+        processingIndicatorLifecycle: "active-run"
+      };
     }
   }
   await executePromptDelivery({
@@ -68250,13 +68696,14 @@ ${escapeCodeFence(result.output)}
     identity: params.identity,
     route: params.route,
     maxChars: params.maxChars,
-    promptText: forceQueuedDelivery ? explicitQueueMessage : params.agentPromptText ?? params.text,
+    promptText: delayedPromptText,
     postText: params.postText,
     reconcileText: params.reconcileText,
     observerId,
     timingContext: params.timingContext,
     forceQueuedDelivery
   });
+  return interactionResult;
 }
 
 // src/channels/pairing/access.ts
@@ -68309,132 +68756,88 @@ function isTelegramSenderAllowed(params) {
   return false;
 }
 
-// src/channels/agent-prompt.ts
-function buildAgentPromptText(params) {
-  if (!params.config.enabled) {
-    return params.text;
+// src/auth/resolve.ts
+function normalizePrincipal(principal) {
+  const trimmed = principal.trim();
+  if (!trimmed) {
+    return "";
   }
-  const systemBlock = renderAgentPromptInstruction(params);
-  return `<system>
-${systemBlock}
-</system>
-
-<user>
-${params.text}
-</user>`;
-}
-function renderAgentPromptInstruction(params) {
-  const messageToolMode = (params.responseMode ?? "message-tool") === "message-tool";
-  const lines = [
-    `[${renderPromptTimestamp()}] ${renderIdentitySummary(params.identity)}`,
-    "",
-    "You are operating inside clisbot.",
-    messageToolMode ? "To send a user-visible progress update or final reply, use the following CLI command:" : "channel auto-delivery remains enabled for this conversation; do not send user-facing progress updates or the final response with clisbot message send"
-  ];
-  if (messageToolMode) {
-    const replyCommand = buildReplyCommand({
-      command: getClisbotPromptCommand(),
-      identity: params.identity
-    });
-    lines.push(replyCommand, "When replying to the user:", "- put the user-facing message inside the --message body of that command", "- use that command to send progress updates and the final reply back to the conversation", `- send at most ${params.config.maxProgressMessages} progress updates`, params.config.requireFinalResponse ? "- send exactly 1 final user-facing response" : "- final response is optional", "- keep progress updates short and meaningful", "- do not send progress updates for trivial internal steps");
+  const [platform, userId] = trimmed.split(":", 2);
+  if (!platform || !userId) {
+    return trimmed;
   }
-  return lines.join(`
-`);
+  if (platform === "slack") {
+    return `slack:${userId.trim().toUpperCase()}`;
+  }
+  if (platform === "telegram") {
+    return `telegram:${userId.trim()}`;
+  }
+  return `${platform}:${userId.trim()}`;
 }
-function renderPromptTimestamp() {
-  const date = new Date;
-  const formatter = new Intl.DateTimeFormat("en-CA", {
-    year: "numeric",
-    month: "2-digit",
-    day: "2-digit",
-    hour: "2-digit",
-    minute: "2-digit",
-    second: "2-digit",
-    hour12: false,
-    timeZoneName: "shortOffset"
-  });
-  return formatter.format(date).replace(",", "");
+function normalizeRoleUsers(users) {
+  return (users ?? []).map(normalizePrincipal).filter(Boolean);
 }
-function renderIdentitySummary(identity) {
-  const segments = [renderConversationSummary(identity)];
-  const sender = renderSenderSummary(identity);
-  if (sender) {
-    segments.push(sender);
+function resolvePrincipal(identity) {
+  const senderId = identity.senderId?.trim();
+  if (!senderId) {
+    return;
   }
-  return segments.join(" | ");
-}
-function renderConversationSummary(identity) {
   if (identity.platform === "slack") {
-    const scopeLabel = identity.conversationKind === "dm" ? "Slack direct message" : identity.conversationKind === "group" ? "Slack group" : "Slack channel";
-    const segments = [scopeLabel];
-    const channel = renderLabeledTarget(identity.channelName, identity.channelId, "#");
-    if (channel) {
-      segments.push(channel);
-    }
-    if (identity.threadTs) {
-      segments.push(`thread ${identity.threadTs}`);
-    }
-    return segments.join(" ");
-  }
-  if (identity.conversationKind === "dm") {
-    return ["Telegram direct message", renderLabeledTarget(identity.chatName, identity.chatId)].filter(Boolean).join(" ");
-  }
-  if (identity.conversationKind === "topic") {
-    const topic = renderNamedValue("topic", identity.topicName, identity.topicId);
-    const group = renderNamedValue("in group", identity.chatName, identity.chatId);
-    return [topic, group].filter(Boolean).join(" ");
+    return normalizePrincipal(`slack:${senderId}`);
   }
-  return ["Telegram group", renderLabeledTarget(identity.chatName, identity.chatId)].filter(Boolean).join(" ");
-}
-function renderSenderSummary(identity) {
-  const sender = renderLabeledTarget(identity.senderName, identity.senderId);
-  return sender ? `sender ${sender}` : "";
+  return normalizePrincipal(`telegram:${senderId}`);
 }
-function renderLabeledTarget(name, id, namePrefix = "") {
-  const normalizedName = name?.trim();
-  const normalizedId = id?.trim();
-  if (normalizedName && normalizedId) {
-    return `${namePrefix}${normalizedName} (${normalizedId})`;
+function findExplicitRole(roles, principal) {
+  if (!principal || !roles) {
+    return;
   }
-  if (normalizedName) {
-    return `${namePrefix}${normalizedName}`;
+  for (const [roleName, roleDefinition] of Object.entries(roles)) {
+    if (normalizeRoleUsers(roleDefinition.users).includes(principal)) {
+      return roleName;
+    }
   }
-  return normalizedId ?? "";
-}
-function renderNamedValue(label, name, id) {
-  const value = renderLabeledTarget(name, id);
-  return value ? `${label} ${value}` : "";
+  return;
 }
-function buildReplyCommand(params) {
-  const lines = [`${params.command} message send \\`];
-  if (params.identity.platform === "slack") {
-    lines.push("  --channel slack \\");
-    lines.push(`  --target channel:${params.identity.channelId ?? ""} \\`);
-    if (params.identity.threadTs) {
-      lines.push(`  --thread-id ${params.identity.threadTs} \\`);
+function getAgentAuth(config, agentId) {
+  const defaults = config.agents.defaults.auth;
+  const entry = config.agents.list.find((item) => item.id === agentId);
+  const override = entry?.auth;
+  return {
+    defaultRole: override?.defaultRole ?? defaults.defaultRole,
+    roles: {
+      ...defaults.roles,
+      ...override?.roles ?? {}
     }
-    lines.push("  --final \\");
-    lines.push('  --message "$(cat <<\\__CLISBOT_MESSAGE__');
-    lines.push("<short progress update>");
-    lines.push("__CLISBOT_MESSAGE__");
-    lines.push(')" \\');
-    lines.push("  [--media /absolute/path/to/file]");
-    return lines.join(`
-`);
-  }
-  lines.push("  --channel telegram \\");
-  lines.push(`  --target ${params.identity.chatId ?? ""} \\`);
-  if (params.identity.topicId) {
-    lines.push(`  --thread-id ${params.identity.topicId} \\`);
+  };
+}
+function getAllowedPermissions(roles, role) {
+  return new Set(roles?.[role]?.allow ?? []);
+}
+function hasAppPermission(config, appRole, permission) {
+  if (appRole === "owner") {
+    return true;
   }
-  lines.push("  --final \\");
-  lines.push('  --message "$(cat <<\\__CLISBOT_MESSAGE__');
-  lines.push("<short progress update>");
-  lines.push("__CLISBOT_MESSAGE__");
-  lines.push(')" \\');
-  lines.push("  [--media /absolute/path/to/file]");
-  return lines.join(`
-`);
+  return getAllowedPermissions(config.app.auth.roles, appRole).has(permission);
+}
+function resolveChannelAuth(params) {
+  const principal = resolvePrincipal(params.identity);
+  const appAuth = params.config.app.auth;
+  const explicitAppRole = findExplicitRole(appAuth.roles, principal);
+  const appRole = explicitAppRole ?? appAuth.defaultRole;
+  const appAdminLike = appRole === "owner" || appRole === "admin";
+  const agentAuth = getAgentAuth(params.config, params.agentId);
+  const explicitAgentRole = findExplicitRole(agentAuth.roles, principal);
+  const agentRole = explicitAgentRole ?? agentAuth.defaultRole;
+  const agentPermissions = getAllowedPermissions(agentAuth.roles, agentRole);
+  const mayManageProtectedResources = appAdminLike || hasAppPermission(params.config, appRole, "configManage") || hasAppPermission(params.config, appRole, "appAuthManage") || hasAppPermission(params.config, appRole, "agentAuthManage") || hasAppPermission(params.config, appRole, "promptGovernanceManage");
+  return {
+    principal,
+    appRole,
+    agentRole,
+    mayBypassPairing: appAdminLike,
+    mayManageProtectedResources,
+    canUseShell: appAdminLike || agentPermissions.has("shellExecute")
+  };
 }
 
 // src/channels/slack/session-routing.ts
@@ -68492,9 +68895,20 @@ function resolveSlackConversationTarget(params) {
   };
 }
 
+// src/channels/privilege-commands.ts
+function resolvePrivilegeCommands(rootConfig, override) {
+  return {
+    enabled: override?.enabled ?? rootConfig.enabled,
+    allowUsers: override?.allowUsers ?? rootConfig.allowUsers
+  };
+}
+
 // src/channels/route-policy.ts
 function buildSharedChannelRoute(params) {
-  const privilegeCommands = resolvePrivilegeCommands(params.channelConfig.privilegeCommands, params.route?.privilegeCommands);
+  const privilegeCommands = resolvePrivilegeCommands(params.channelConfig.privilegeCommands ?? {
+    enabled: false,
+    allowUsers: []
+  }, params.route?.privilegeCommands);
   const agentId = params.route?.agentId ?? resolveTopLevelBoundAgentId(params.loadedConfig, {
     channel: params.channel,
     accountId: params.accountId
@@ -68516,6 +68930,7 @@ function buildSharedChannelRoute(params) {
     response: params.route?.response ?? params.channelConfig.response,
     responseMode: params.route?.responseMode ?? agentEntry?.responseMode ?? params.channelConfig.responseMode,
     additionalMessageMode: params.route?.additionalMessageMode ?? agentEntry?.additionalMessageMode ?? params.channelConfig.additionalMessageMode,
+    verbose: params.route?.verbose ?? params.channelConfig.verbose,
     followUp: {
       mode: params.route?.followUp?.mode ?? params.channelConfig.followUp.mode,
       participationTtlMs: resolveConfigDurationMs({
@@ -68696,6 +69111,178 @@ async function clearSlackAssistantThreadStatus(client, target) {
   }
 }
 
+// src/channels/processing-indicator.ts
+function shouldResolveIndicatorWait(update) {
+  return isTerminalRunStatus(update.status) || update.status === "detached";
+}
+async function waitForProcessingIndicatorLifecycle(params) {
+  if (params.lifecycle !== "active-run") {
+    return;
+  }
+  if (!params.agentService.hasActiveRun(params.sessionTarget)) {
+    return;
+  }
+  let settled = false;
+  const settle = () => {
+    if (settled) {
+      return;
+    }
+    settled = true;
+  };
+  try {
+    await new Promise(async (resolve, reject) => {
+      const resolveOnce = () => {
+        if (settled) {
+          return;
+        }
+        settled = true;
+        resolve();
+      };
+      try {
+        const observation = await params.agentService.observeRun(params.sessionTarget, {
+          id: params.observerId,
+          mode: "live",
+          onUpdate: async (update) => {
+            if (shouldResolveIndicatorWait(update)) {
+              resolveOnce();
+            }
+          }
+        });
+        if (!observation.active || shouldResolveIndicatorWait(observation.update)) {
+          resolveOnce();
+        }
+      } catch (error) {
+        reject(error);
+      }
+    });
+  } finally {
+    settle();
+    await params.agentService.detachRunObserver(params.sessionTarget, params.observerId).catch(() => {
+      return;
+    });
+  }
+}
+
+class ConversationProcessingIndicatorCoordinator {
+  entries = new Map;
+  async acquire(params) {
+    let entry = this.entries.get(params.key);
+    if (!entry) {
+      entry = {
+        activeRunHold: false,
+        indicatorActive: false,
+        key: params.key,
+        operationChain: Promise.resolve(),
+        refCount: 0
+      };
+      this.entries.set(params.key, entry);
+    }
+    entry.refCount += 1;
+    await this.ensureIndicatorActive(entry, params.activate, params.onError);
+    let released = false;
+    return {
+      setLifecycle: async (lifecycleParams) => {
+        if (released || lifecycleParams.lifecycle !== "active-run" || entry.activeRunHold) {
+          return;
+        }
+        entry.activeRunHold = true;
+        entry.activeRunWait = waitForProcessingIndicatorLifecycle(lifecycleParams).catch((error) => {
+          params.onError?.("active-run", error);
+        }).finally(() => {
+          entry.activeRunHold = false;
+          entry.activeRunWait = undefined;
+          this.maybeDeactivate(entry, params.onError);
+        });
+      },
+      release: async () => {
+        if (released) {
+          return;
+        }
+        released = true;
+        entry.refCount = Math.max(0, entry.refCount - 1);
+        await this.maybeDeactivate(entry, params.onError);
+      }
+    };
+  }
+  async ensureIndicatorActive(entry, activate, onError) {
+    entry.operationChain = entry.operationChain.then(async () => {
+      if (entry.indicatorActive) {
+        return;
+      }
+      try {
+        const cleanup = await activate();
+        entry.cleanup = typeof cleanup === "function" ? cleanup : undefined;
+        entry.indicatorActive = true;
+      } catch (error) {
+        onError?.("activate", error);
+      }
+    });
+    await entry.operationChain;
+  }
+  async maybeDeactivate(entry, onError) {
+    if (entry.refCount > 0 || entry.activeRunHold) {
+      return;
+    }
+    entry.operationChain = entry.operationChain.then(async () => {
+      if (entry.refCount > 0 || entry.activeRunHold || !entry.indicatorActive) {
+        return;
+      }
+      try {
+        await entry.cleanup?.();
+      } catch (error) {
+        onError?.("deactivate", error);
+      } finally {
+        entry.cleanup = undefined;
+        entry.indicatorActive = false;
+        if (entry.refCount === 0 && !entry.activeRunHold) {
+          this.entries.delete(entry.key);
+        }
+      }
+    });
+    await entry.operationChain;
+  }
+}
+
+// src/channels/slack/processing-decoration.ts
+async function activateSlackProcessingDecoration(params) {
+  const [reactionResult, statusResult] = await Promise.allSettled([
+    params.addReaction(),
+    params.setStatus()
+  ]);
+  const reactionApplied = reactionResult.status === "fulfilled" ? reactionResult.value === true : false;
+  const statusApplied = statusResult.status === "fulfilled" ? statusResult.value === true : false;
+  if (reactionResult.status === "rejected") {
+    params.onUnexpectedError?.("add-reaction", reactionResult.reason);
+  }
+  if (statusResult.status === "rejected") {
+    params.onUnexpectedError?.("set-status", statusResult.reason);
+  }
+  if (!reactionApplied && !statusApplied) {
+    if (reactionResult.status === "rejected") {
+      throw reactionResult.reason;
+    }
+    if (statusResult.status === "rejected") {
+      throw statusResult.reason;
+    }
+  }
+  return async () => {
+    if (reactionApplied) {
+      try {
+        await params.removeReaction();
+      } catch (error) {
+        params.onUnexpectedError?.("remove-reaction", error);
+      }
+    }
+    if (statusApplied) {
+      try {
+        await params.clearStatus();
+      } catch (error) {
+        params.onUnexpectedError?.("clear-status", error);
+      }
+    }
+  };
+}
+
 // src/channels/slack/bolt-compat.ts
 var SlackBolt = __toESM(require_dist7(), 1);
 var { App } = SlackBolt;
@@ -68863,7 +69450,7 @@ async function downloadRemoteBuffer(params) {
 
 // src/agents/attachments/storage.ts
 import { access as access2 } from "node:fs/promises";
-import { extname, join as join8 } from "node:path";
+import { extname, join as join9 } from "node:path";
 var CONTENT_TYPE_EXTENSION_MAP = {
   "application/json": ".json",
   "application/pdf": ".pdf",
@@ -68896,12 +69483,12 @@ function buildAttachmentFilename(params) {
 async function resolveUniquePath(directoryPath, fileName) {
   const extension = extname(fileName);
   const baseName = extension ? fileName.slice(0, -extension.length) : fileName;
-  let candidatePath = join8(directoryPath, fileName);
+  let candidatePath = join9(directoryPath, fileName);
   let index = 2;
   while (true) {
     try {
       await access2(candidatePath);
-      candidatePath = join8(directoryPath, `${baseName}-${index}${extension}`);
+      candidatePath = join9(directoryPath, `${baseName}-${index}${extension}`);
       index += 1;
     } catch {
       return candidatePath;
@@ -68909,7 +69496,7 @@ async function resolveUniquePath(directoryPath, fileName) {
   }
 }
 async function saveWorkspaceAttachment(params) {
-  const attachmentDir = join8(params.workspacePath, ".attachments", sanitizeSessionName(params.sessionKey), sanitizeSessionName(params.messageId));
+  const attachmentDir = join9(params.workspacePath, ".attachments", sanitizeSessionName(params.sessionKey), sanitizeSessionName(params.messageId));
   await ensureDir2(attachmentDir);
   const fileName = buildAttachmentFilename({
     originalFilename: params.originalFilename,
@@ -69299,6 +69886,7 @@ class SlackSocketService {
   accountId;
   accountConfig;
   app;
+  processingIndicators = new ConversationProcessingIndicatorCoordinator;
   botUserId = "";
   botLabel = "";
   teamId = "";
@@ -69442,12 +70030,22 @@ class SlackSocketService {
     if (params.conversationKind === "dm") {
       const directUserId = typeof event.user === "string" ? event.user.trim() : "";
       const dmConfig = this.loadedConfig.raw.channels.slack.directMessages;
+      const auth2 = resolveChannelAuth({
+        config: this.loadedConfig.raw,
+        agentId: params.route.agentId,
+        identity: {
+          platform: "slack",
+          conversationKind: params.conversationKind,
+          senderId: directUserId || undefined,
+          channelId
+        }
+      });
       if (!directUserId || dmConfig.policy === "disabled") {
         debugSlackEvent("drop-dm-disabled", { eventId, directUserId });
         await this.processedEventsStore.markCompleted(eventId);
         return;
       }
-      if (dmConfig.policy !== "open") {
+      if (dmConfig.policy !== "open" && !auth2.mayBypassPairing) {
         const storedAllowFrom = await readChannelAllowFromStore("slack");
         const allowed = isSlackSenderAllowed({
           allowFrom: [...dmConfig.allowFrom, ...storedAllowFrom],
@@ -69559,18 +70157,27 @@ class SlackSocketService {
     };
     let responseChunks = [];
     const cliTool = getAgentEntry(this.loadedConfig, params.route.agentId)?.cliTool;
+    const identity = {
+      platform: "slack",
+      conversationKind: params.conversationKind,
+      senderId: typeof event.user === "string" ? event.user.trim().toUpperCase() : undefined,
+      channelId,
+      threadTs
+    };
+    const auth = resolveChannelAuth({
+      config: this.loadedConfig.raw,
+      agentId: params.route.agentId,
+      identity
+    });
+    const protectedControlMutationRule = auth.mayManageProtectedResources ? undefined : DEFAULT_PROTECTED_CONTROL_RULE;
     const agentPromptText = buildAgentPromptText({
       text,
-      identity: {
-        platform: "slack",
-        conversationKind: params.conversationKind,
-        senderId: typeof event.user === "string" ? event.user.trim().toUpperCase() : undefined,
-        channelId,
-        threadTs
-      },
+      identity,
       config: this.loadedConfig.raw.channels.slack.agentPrompt,
       cliTool,
-      responseMode: params.route.responseMode
+      responseMode: params.route.responseMode,
+      streaming: params.route.streaming,
+      protectedControlMutationRule
     });
     const timingContext = {
       platform: "slack",
@@ -69586,40 +70193,46 @@ class SlackSocketService {
       accountId: this.accountId
     });
     const ackReactionTask = waitForBackgroundSlackTask(addConfiguredReaction(this.app.client, this.loadedConfig.raw.channels.slack.ackReaction, reactionTarget));
-    const processingDecorationTask = waitForBackgroundSlackTask(Promise.all([
-      addConfiguredReaction(this.app.client, this.loadedConfig.raw.channels.slack.typingReaction, reactionTarget),
-      setSlackAssistantThreadStatus(this.app.client, this.loadedConfig.raw.channels.slack.processingStatus, {
-        channel: channelId,
-        threadTs
-      })
-    ]));
+    const processingLease = await this.processingIndicators.acquire({
+      key: `slack:${this.accountId}:${channelId}:${threadTs}`,
+      activate: async () => activateSlackProcessingDecoration({
+        addReaction: () => addConfiguredReaction(this.app.client, this.loadedConfig.raw.channels.slack.typingReaction, reactionTarget),
+        removeReaction: () => removeConfiguredReaction(this.app.client, this.loadedConfig.raw.channels.slack.typingReaction, reactionTarget),
+        setStatus: () => setSlackAssistantThreadStatus(this.app.client, this.loadedConfig.raw.channels.slack.processingStatus, {
+          channel: channelId,
+          threadTs
+        }),
+        clearStatus: () => clearSlackAssistantThreadStatus(this.app.client, {
+          channel: channelId,
+          threadTs
+        }),
+        onUnexpectedError: (phase, error) => {
+          console.error(`slack processing indicator ${phase} failed`, error);
+        }
+      }),
+      onError: (phase, error) => {
+        console.error(`slack processing indicator ${phase} failed`, error);
+      }
+    });
     try {
-      await processChannelInteraction({
+      const interaction = await processChannelInteraction({
         agentService: this.agentService,
         sessionTarget,
-        identity: {
-          platform: "slack",
-          conversationKind: params.conversationKind,
-          senderId: typeof event.user === "string" ? event.user.trim().toUpperCase() : undefined,
-          channelId,
-          threadTs
-        },
+        identity,
+        auth,
         senderId: typeof event.user === "string" ? event.user.trim().toUpperCase() : undefined,
         text,
         agentPromptText,
         agentPromptBuilder: (nextText) => buildAgentPromptText({
           text: nextText,
-          identity: {
-            platform: "slack",
-            conversationKind: params.conversationKind,
-            senderId: typeof event.user === "string" ? event.user.trim().toUpperCase() : undefined,
-            channelId,
-            threadTs
-          },
+          identity,
           config: this.loadedConfig.raw.channels.slack.agentPrompt,
           cliTool,
-          responseMode: params.route.responseMode
+          responseMode: params.route.responseMode,
+          streaming: params.route.streaming,
+          protectedControlMutationRule
         }),
+        protectedControlMutationRule,
         route: params.route,
         maxChars: this.getSlackMaxChars(params.route.agentId),
         timingContext,
@@ -69641,6 +70254,12 @@ class SlackSocketService {
           return responseChunks;
         }
       });
+      await processingLease.setLifecycle({
+        agentService: this.agentService,
+        sessionTarget,
+        observerId: `slack-processing:${channelId}:${threadTs}`,
+        lifecycle: interaction.processingIndicatorLifecycle
+      });
       await this.processedEventsStore.markCompleted(eventId);
     } catch (error) {
       console.error("slack handler error", error);
@@ -69648,12 +70267,7 @@ class SlackSocketService {
       return;
     } finally {
       await ackReactionTask;
-      await processingDecorationTask;
-      await removeConfiguredReaction(this.app.client, this.loadedConfig.raw.channels.slack.typingReaction, reactionTarget);
-      await clearSlackAssistantThreadStatus(this.app.client, {
-        channel: channelId,
-        threadTs
-      });
+      await processingLease.release();
     }
   }
   registerEvents() {
@@ -70613,22 +71227,17 @@ function startTelegramTypingHeartbeat(params) {
     }
   };
 }
-async function runWithTelegramTypingHeartbeat(params) {
+async function beginTelegramTypingHeartbeat(params) {
   try {
     await params.sendTyping();
   } catch (error) {
     logTelegramTypingError(params.onError, error);
   }
-  const stopHeartbeat = startTelegramTypingHeartbeat({
+  return startTelegramTypingHeartbeat({
     sendTyping: params.sendTyping,
     intervalMs: params.intervalMs ?? TELEGRAM_TYPING_HEARTBEAT_MS,
     onError: params.onError
   });
-  try {
-    return await params.run();
-  } finally {
-    stopHeartbeat();
-  }
 }
 
 // src/channels/telegram/service.ts
@@ -70647,6 +71256,7 @@ var TELEGRAM_FULL_COMMANDS = [
   { command: "stop", description: "Interrupt current run" },
   { command: "nudge", description: "Send one extra Enter to the session" },
   { command: "followup", description: "Show or change follow-up mode" },
+  { command: "streaming", description: "Show or change streaming mode" },
   { command: "responsemode", description: "Show or change response mode" },
   { command: "queue", description: "Queue a later message behind the active run" },
   { command: "steer", description: "Steer the active run immediately" },
@@ -70734,6 +71344,7 @@ class TelegramPollingService {
   loopPromise;
   activePollController;
   inFlightUpdates = new Set;
+  processingIndicators = new ConversationProcessingIndicatorCoordinator;
   constructor(loadedConfig, agentService, processedEventsStore, activityStore, accountId = "default", accountConfig) {
     this.loadedConfig = loadedConfig;
     this.agentService = agentService;
@@ -70874,11 +71485,21 @@ class TelegramPollingService {
       const directMessages = this.loadedConfig.raw.channels.telegram.directMessages;
       const senderId = message.from?.id != null ? String(message.from.id) : "";
       const senderUsername = message.from?.username;
+      const auth = resolveChannelAuth({
+        config: this.loadedConfig.raw,
+        agentId: routeInfo.route.agentId,
+        identity: {
+          platform: "telegram",
+          conversationKind: routeInfo.conversationKind,
+          senderId: senderId || undefined,
+          chatId: String(message.chat.id)
+        }
+      });
       if (!senderId || directMessages.policy === "disabled") {
         await this.processedEventsStore.markCompleted(eventId);
         return;
       }
-      if (directMessages.policy !== "open") {
+      if (directMessages.policy !== "open" && !auth.mayBypassPairing) {
         const storedAllowFrom = await readChannelAllowFromStore("telegram");
         const allowed = isTelegramSenderAllowed({
           allowFrom: [...directMessages.allowFrom, ...storedAllowFrom],
@@ -70968,12 +71589,20 @@ class TelegramPollingService {
         topicId: routeInfo.topicId != null ? String(routeInfo.topicId) : undefined
       };
       const cliTool = getAgentEntry(this.loadedConfig, routeInfo.route.agentId)?.cliTool;
+      const auth = resolveChannelAuth({
+        config: this.loadedConfig.raw,
+        agentId: routeInfo.route.agentId,
+        identity
+      });
+      const protectedControlMutationRule = auth.mayManageProtectedResources ? undefined : DEFAULT_PROTECTED_CONTROL_RULE;
       const agentPromptText = buildAgentPromptText({
         text,
         identity,
         config: this.loadedConfig.raw.channels.telegram.agentPrompt,
         cliTool,
-        responseMode: routeInfo.route.responseMode
+        responseMode: routeInfo.route.responseMode,
+        streaming: routeInfo.route.streaming,
+        protectedControlMutationRule
       });
       const timingContext = {
         platform: "telegram",
@@ -70988,53 +71617,71 @@ class TelegramPollingService {
         responseMode: routeInfo.route.responseMode,
         accountId: this.accountId
       });
-      await runWithTelegramTypingHeartbeat({
-        sendTyping: () => this.sendTyping(message.chat.id, routeInfo.topicId),
-        onError: (error) => {
-          console.error("telegram typing failed", error);
-        },
-        run: async () => {
-          await processChannelInteraction({
-            agentService: this.agentService,
-            sessionTarget: routeInfo.sessionTarget,
-            identity,
-            senderId: message.from?.id != null ? String(message.from.id).trim() : undefined,
-            text,
-            agentPromptText,
-            agentPromptBuilder: (nextText) => buildAgentPromptText({
-              text: nextText,
-              identity,
-              config: this.loadedConfig.raw.channels.telegram.agentPrompt,
-              cliTool,
-              responseMode: routeInfo.route.responseMode
-            }),
-            route: routeInfo.route,
-            maxChars: this.getTelegramMaxChars(routeInfo.route.agentId),
-            timingContext,
-            postText: async (nextText) => {
-              responseChunks = await postTelegramText({
-                token: this.accountConfig.botToken,
-                chatId: message.chat.id,
-                text: nextText,
-                topicId: routeInfo.topicId,
-                omitThreadId: shouldOmitTelegramThreadId(routeInfo.topicId)
-              });
-              return responseChunks;
-            },
-            reconcileText: async (chunks, nextText) => {
-              responseChunks = await reconcileTelegramText({
-                token: this.accountConfig.botToken,
-                chatId: message.chat.id,
-                chunks,
-                text: nextText,
-                topicId: routeInfo.topicId,
-                omitThreadId: shouldOmitTelegramThreadId(routeInfo.topicId)
-              });
-              return responseChunks;
-            }
-          });
+      const processingLease = await this.processingIndicators.acquire({
+        key: `telegram:${this.accountId}:${message.chat.id}:${routeInfo.topicId ?? "root"}`,
+        activate: async () => beginTelegramTypingHeartbeat({
+          sendTyping: () => this.sendTyping(message.chat.id, routeInfo.topicId),
+          onError: (error) => {
+            console.error("telegram typing failed", error);
+          }
+        }),
+        onError: (_phase, error) => {
+          console.error("telegram processing indicator failed", error);
         }
       });
+      try {
+        const interaction = await processChannelInteraction({
+          agentService: this.agentService,
+          sessionTarget: routeInfo.sessionTarget,
+          identity,
+          auth,
+          senderId: message.from?.id != null ? String(message.from.id).trim() : undefined,
+          text,
+          agentPromptText,
+          agentPromptBuilder: (nextText) => buildAgentPromptText({
+            text: nextText,
+            identity,
+            config: this.loadedConfig.raw.channels.telegram.agentPrompt,
+            cliTool,
+            responseMode: routeInfo.route.responseMode,
+            streaming: routeInfo.route.streaming,
+            protectedControlMutationRule
+          }),
+          protectedControlMutationRule,
+          route: routeInfo.route,
+          maxChars: this.getTelegramMaxChars(routeInfo.route.agentId),
+          timingContext,
+          postText: async (nextText) => {
+            responseChunks = await postTelegramText({
+              token: this.accountConfig.botToken,
+              chatId: message.chat.id,
+              text: nextText,
+              topicId: routeInfo.topicId,
+              omitThreadId: shouldOmitTelegramThreadId(routeInfo.topicId)
+            });
+            return responseChunks;
+          },
+          reconcileText: async (chunks, nextText) => {
+            responseChunks = await reconcileTelegramText({
+              token: this.accountConfig.botToken,
+              chatId: message.chat.id,
+              chunks,
+              text: nextText,
+              topicId: routeInfo.topicId,
+              omitThreadId: shouldOmitTelegramThreadId(routeInfo.topicId)
+            });
+            return responseChunks;
+          }
+        });
+        await processingLease.setLifecycle({
+          agentService: this.agentService,
+          sessionTarget: routeInfo.sessionTarget,
+          observerId: `telegram-processing:${message.chat.id}:${routeInfo.topicId ?? "root"}`,
+          lifecycle: interaction.processingIndicatorLifecycle
+        });
+      } finally {
+        await processingLease.release();
+      }
       await this.processedEventsStore.markCompleted(eventId);
     } catch (error) {
       console.error("telegram handler error", error);
@@ -71435,9 +72082,9 @@ var defaultMessageCliDependencies = {
   loadConfig,
   plugins: listChannelPlugins(),
   print: (text) => console.log(text),
-  recordConversationReply: async ({ loadedConfig, target, kind }) => {
+  recordConversationReply: async ({ loadedConfig, target, kind, source }) => {
     const agentService = new AgentService(loadedConfig);
-    await agentService.recordConversationReply(target, kind);
+    await agentService.recordConversationReply(target, kind, source);
   }
 };
 function parseRepeatedOption2(args, name) {
@@ -71454,12 +72101,12 @@ function parseRepeatedOption2(args, name) {
   }
   return values;
 }
-function parseOptionValue5(args, name) {
+function parseOptionValue4(args, name) {
   const values = parseRepeatedOption2(args, name);
   return values.length > 0 ? values.at(-1) : undefined;
 }
 function parseIntegerOption(args, name) {
-  const raw = parseOptionValue5(args, name);
+  const raw = parseOptionValue4(args, name);
   if (!raw) {
     return;
   }
@@ -71488,25 +72135,25 @@ function parseMessageCommand(args) {
   }
   const action = rawAction;
   const rest = args.slice(1);
-  const channel = parseOptionValue5(rest, "--channel");
+  const channel = parseOptionValue4(rest, "--channel");
   if (channel !== "slack" && channel !== "telegram") {
     throw new Error("--channel <slack|telegram> is required");
   }
   return {
     action,
     channel,
-    account: parseOptionValue5(rest, "--account"),
-    target: parseOptionValue5(rest, "--target"),
-    message: parseOptionValue5(rest, "--message") ?? parseOptionValue5(rest, "-m"),
-    media: parseOptionValue5(rest, "--media"),
-    messageId: parseOptionValue5(rest, "--message-id"),
-    emoji: parseOptionValue5(rest, "--emoji"),
+    account: parseOptionValue4(rest, "--account"),
+    target: parseOptionValue4(rest, "--target"),
+    message: parseOptionValue4(rest, "--message") ?? parseOptionValue4(rest, "-m"),
+    media: parseOptionValue4(rest, "--media"),
+    messageId: parseOptionValue4(rest, "--message-id"),
+    emoji: parseOptionValue4(rest, "--emoji"),
     remove: hasFlag3(rest, "--remove"),
-    threadId: parseOptionValue5(rest, "--thread-id"),
-    replyTo: parseOptionValue5(rest, "--reply-to"),
+    threadId: parseOptionValue4(rest, "--thread-id"),
+    replyTo: parseOptionValue4(rest, "--reply-to"),
     limit: parseIntegerOption(rest, "--limit"),
-    query: parseOptionValue5(rest, "--query"),
-    pollQuestion: parseOptionValue5(rest, "--poll-question"),
+    query: parseOptionValue4(rest, "--query"),
+    pollQuestion: parseOptionValue4(rest, "--poll-question"),
     pollOptions: parseRepeatedOption2(rest, "--poll-option"),
     forceDocument: hasFlag3(rest, "--force-document"),
     silent: hasFlag3(rest, "--silent"),
@@ -71549,7 +72196,9 @@ async function runMessageCli(args, dependencies = defaultMessageCliDependencies)
     throw new Error("--progress and --final cannot be used together");
   }
   assertTarget(command);
-  const loadedConfig = await dependencies.loadConfig(getConfigPath());
+  const loadedConfig = await dependencies.loadConfig(getConfigPath(), {
+    materializeChannels: [command.channel]
+  });
   const plugin = dependencies.plugins.find((entry) => entry.id === command.channel);
   if (!plugin) {
     throw new Error(`Unsupported message channel: ${command.channel}`);
@@ -71564,7 +72213,8 @@ async function runMessageCli(args, dependencies = defaultMessageCliDependencies)
     await dependencies.recordConversationReply({
       loadedConfig,
       target: replyTarget,
-      kind: resolveReplyKind(command)
+      kind: resolveReplyKind(command),
+      source: "message-tool"
     });
   }
   if (command.json) {
@@ -71576,7 +72226,7 @@ async function runMessageCli(args, dependencies = defaultMessageCliDependencies)
 
 // src/control/runtime-supervisor.ts
 import { statSync as statSync4, watch } from "node:fs";
-import { basename as basename4, dirname as dirname13 } from "node:path";
+import { basename as basename4, dirname as dirname14 } from "node:path";
 
 // src/channels/processed-events-store.ts
 import { mkdir as mkdir2, readFile as readFile4, writeFile as writeFile2 } from "node:fs/promises";
@@ -71654,7 +72304,7 @@ class ProcessedEventsStore {
 }
 
 // src/control/activity-store.ts
-import { dirname as dirname12 } from "node:path";
+import { dirname as dirname13 } from "node:path";
 class ActivityStore {
   filePath;
   constructor(filePath = getDefaultActivityStorePath()) {
@@ -71693,7 +72343,7 @@ class ActivityStore {
     };
   }
   async write(document2) {
-    await ensureDir2(dirname12(this.filePath));
+    await ensureDir2(dirname13(this.filePath));
     await writeTextFile(this.filePath, `${JSON.stringify(document2, null, 2)}
 `);
   }
@@ -71935,7 +72585,7 @@ class RuntimeSupervisor {
     if (this.configWatcher) {
       return;
     }
-    const watchedDir = dirname13(loadedConfig.configPath);
+    const watchedDir = dirname14(loadedConfig.configPath);
     const watchedFile = basename4(loadedConfig.configPath);
     this.configWatcher = watch(watchedDir, (_eventType, filename) => {
       if (filename && filename.toString() !== watchedFile) {