npm - codeharbor - Versions diffs - 0.1.13 → 0.1.15 - Mend

codeharbor 0.1.13 → 0.1.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/cli.js CHANGED Viewed

@@ -24,30 +24,78 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 ));
 // src/cli.ts
-var import_node_child_process6 = require("child_process");
+var import_node_child_process7 = require("child_process");
 var import_node_fs11 = __toESM(require("fs"));
-var import_node_path12 = __toESM(require("path"));
+var import_node_path14 = __toESM(require("path"));
 var import_commander = require("commander");
 // src/app.ts
-var import_node_child_process4 = require("child_process");
-var import_node_util2 = require("util");
+var import_node_child_process5 = require("child_process");
+var import_node_util3 = require("util");
 // src/admin-server.ts
-var import_node_child_process2 = require("child_process");
+var import_node_child_process3 = require("child_process");
 var import_node_fs4 = __toESM(require("fs"));
 var import_node_http = __toESM(require("http"));
-var import_node_path4 = __toESM(require("path"));
-var import_node_util = require("util");
+var import_node_path5 = __toESM(require("path"));
+var import_node_util2 = require("util");
 // src/init.ts
 var import_node_fs = __toESM(require("fs"));
-var import_node_path = __toESM(require("path"));
+var import_node_path2 = __toESM(require("path"));
 var import_promises = require("readline/promises");
 var import_dotenv = __toESM(require("dotenv"));
+// src/codex-bin.ts
+var import_node_child_process = require("child_process");
+var import_node_os = __toESM(require("os"));
+var import_node_path = __toESM(require("path"));
+var import_node_util = require("util");
+var execFileAsync = (0, import_node_util.promisify)(import_node_child_process.execFile);
+function buildCodexBinCandidates(configuredBin, env = process.env) {
+  const normalized = configuredBin.trim() || "codex";
+  const home = env.HOME?.trim() || import_node_os.default.homedir();
+  const npmGlobalBin = home ? import_node_path.default.resolve(home, ".npm-global/bin/codex") : "";
+  const candidates = [
+    normalized,
+    "codex",
+    npmGlobalBin,
+    "/usr/bin/codex",
+    "/usr/local/bin/codex",
+    "/opt/homebrew/bin/codex"
+  ];
+  const seen = /* @__PURE__ */ new Set();
+  const output = [];
+  for (const candidate of candidates) {
+    const trimmed = candidate.trim();
+    if (!trimmed || seen.has(trimmed)) {
+      continue;
+    }
+    seen.add(trimmed);
+    output.push(trimmed);
+  }
+  return output;
+}
+async function findWorkingCodexBin(configuredBin, options = {}) {
+  const checkBinary = options.checkBinary ?? defaultCheckBinary;
+  const candidates = buildCodexBinCandidates(configuredBin, options.env);
+  for (const candidate of candidates) {
+    try {
+      await checkBinary(candidate);
+      return candidate;
+    } catch {
+    }
+  }
+  return null;
+}
+async function defaultCheckBinary(bin) {
+  await execFileAsync(bin, ["--version"]);
+}
+// src/init.ts
 async function runInitCommand(options = {}) {
   const cwd = options.cwd ?? process.cwd();
-  const envPath = import_node_path.default.resolve(cwd, ".env");
+  const envPath = import_node_path2.default.resolve(cwd, ".env");
   const templatePath = resolveInitTemplatePath(cwd);
   const input = options.input ?? process.stdin;
   const output = options.output ?? process.stdout;
@@ -70,6 +118,7 @@ async function runInitCommand(options = {}) {
     output.write("CodeHarbor setup wizard\n");
     output.write(`Target file: ${envPath}
 `);
+    const detectedCodexBin = await findWorkingCodexBin(existingValues.CODEX_BIN ?? "codex");
     const questions = [
       {
         key: "MATRIX_HOMESERVER",
@@ -109,14 +158,14 @@ async function runInitCommand(options = {}) {
       {
         key: "CODEX_BIN",
         label: "Codex binary",
-        fallbackValue: "codex"
+        fallbackValue: detectedCodexBin ?? "codex"
       },
       {
         key: "CODEX_WORKDIR",
         label: "Codex working directory",
         fallbackValue: cwd,
         validate: (value) => {
-          const resolved = import_node_path.default.resolve(cwd, value);
+          const resolved = import_node_path2.default.resolve(cwd, value);
           if (!import_node_fs.default.existsSync(resolved) || !import_node_fs.default.statSync(resolved).isDirectory()) {
             return `Directory does not exist: ${resolved}`;
           }
@@ -144,8 +193,8 @@ async function runInitCommand(options = {}) {
 }
 function resolveInitTemplatePath(cwd) {
   const candidates = [
-    import_node_path.default.resolve(cwd, ".env.example"),
-    import_node_path.default.resolve(__dirname, "..", ".env.example")
+    import_node_path2.default.resolve(cwd, ".env.example"),
+    import_node_path2.default.resolve(__dirname, "..", ".env.example")
   ];
   for (const candidate of candidates) {
     if (import_node_fs.default.existsSync(candidate)) {
@@ -221,33 +270,33 @@ async function askYesNo(rl, question, defaultValue) {
 }
 // src/service-manager.ts
-var import_node_child_process = require("child_process");
+var import_node_child_process2 = require("child_process");
 var import_node_fs3 = __toESM(require("fs"));
-var import_node_os2 = __toESM(require("os"));
-var import_node_path3 = __toESM(require("path"));
+var import_node_os3 = __toESM(require("os"));
+var import_node_path4 = __toESM(require("path"));
 // src/runtime-home.ts
 var import_node_fs2 = __toESM(require("fs"));
-var import_node_os = __toESM(require("os"));
-var import_node_path2 = __toESM(require("path"));
+var import_node_os2 = __toESM(require("os"));
+var import_node_path3 = __toESM(require("path"));
 var LEGACY_RUNTIME_HOME = "/opt/codeharbor";
 var USER_RUNTIME_HOME_DIR = ".codeharbor";
-var DEFAULT_RUNTIME_HOME = import_node_path2.default.resolve(import_node_os.default.homedir(), USER_RUNTIME_HOME_DIR);
+var DEFAULT_RUNTIME_HOME = import_node_path3.default.resolve(import_node_os2.default.homedir(), USER_RUNTIME_HOME_DIR);
 var RUNTIME_HOME_ENV_KEY = "CODEHARBOR_HOME";
 function resolveRuntimeHome(env = process.env) {
   const configured = env[RUNTIME_HOME_ENV_KEY]?.trim();
   if (configured) {
-    return import_node_path2.default.resolve(configured);
+    return import_node_path3.default.resolve(configured);
   }
-  const legacyEnvPath = import_node_path2.default.resolve(LEGACY_RUNTIME_HOME, ".env");
+  const legacyEnvPath = import_node_path3.default.resolve(LEGACY_RUNTIME_HOME, ".env");
   if (import_node_fs2.default.existsSync(legacyEnvPath)) {
     return LEGACY_RUNTIME_HOME;
   }
   return resolveUserRuntimeHome(env);
 }
 function resolveUserRuntimeHome(env = process.env) {
-  const home = env.HOME?.trim() || import_node_os.default.homedir();
-  return import_node_path2.default.resolve(home, USER_RUNTIME_HOME_DIR);
+  const home = env.HOME?.trim() || import_node_os2.default.homedir();
+  return import_node_path3.default.resolve(home, USER_RUNTIME_HOME_DIR);
 }
 // src/service-manager.ts
@@ -266,7 +315,7 @@ function resolveDefaultRunUser(env = process.env) {
     return user;
   }
   try {
-    return import_node_os2.default.userInfo().username;
+    return import_node_os3.default.userInfo().username;
   } catch {
     return "root";
   }
@@ -274,17 +323,17 @@ function resolveDefaultRunUser(env = process.env) {
 function resolveRuntimeHomeForUser(runUser, env = process.env, explicitRuntimeHome) {
   const configuredRuntimeHome = explicitRuntimeHome?.trim() || env[RUNTIME_HOME_ENV_KEY]?.trim();
   if (configuredRuntimeHome) {
-    return import_node_path3.default.resolve(configuredRuntimeHome);
+    return import_node_path4.default.resolve(configuredRuntimeHome);
   }
   const userHome = resolveUserHome(runUser);
   if (userHome) {
-    return import_node_path3.default.resolve(userHome, USER_RUNTIME_HOME_DIR);
+    return import_node_path4.default.resolve(userHome, USER_RUNTIME_HOME_DIR);
   }
-  return import_node_path3.default.resolve(import_node_os2.default.homedir(), USER_RUNTIME_HOME_DIR);
+  return import_node_path4.default.resolve(import_node_os3.default.homedir(), USER_RUNTIME_HOME_DIR);
 }
 function buildMainServiceUnit(options) {
   validateUnitOptions(options);
-  const runtimeHome2 = import_node_path3.default.resolve(options.runtimeHome);
+  const runtimeHome2 = import_node_path4.default.resolve(options.runtimeHome);
   return [
     "[Unit]",
     "Description=CodeHarbor main service",
@@ -296,7 +345,7 @@ function buildMainServiceUnit(options) {
     `User=${options.runUser}`,
     `WorkingDirectory=${runtimeHome2}`,
     `Environment=CODEHARBOR_HOME=${runtimeHome2}`,
-    `ExecStart=${import_node_path3.default.resolve(options.nodeBinPath)} ${import_node_path3.default.resolve(options.cliScriptPath)} start`,
+    `ExecStart=${import_node_path4.default.resolve(options.nodeBinPath)} ${import_node_path4.default.resolve(options.cliScriptPath)} start`,
     "Restart=always",
     "RestartSec=3",
     "NoNewPrivileges=true",
@@ -312,7 +361,7 @@ function buildMainServiceUnit(options) {
 }
 function buildAdminServiceUnit(options) {
   validateUnitOptions(options);
-  const runtimeHome2 = import_node_path3.default.resolve(options.runtimeHome);
+  const runtimeHome2 = import_node_path4.default.resolve(options.runtimeHome);
   return [
     "[Unit]",
     "Description=CodeHarbor admin service",
@@ -324,7 +373,7 @@ function buildAdminServiceUnit(options) {
     `User=${options.runUser}`,
     `WorkingDirectory=${runtimeHome2}`,
     `Environment=CODEHARBOR_HOME=${runtimeHome2}`,
-    `ExecStart=${import_node_path3.default.resolve(options.nodeBinPath)} ${import_node_path3.default.resolve(options.cliScriptPath)} admin serve`,
+    `ExecStart=${import_node_path4.default.resolve(options.nodeBinPath)} ${import_node_path4.default.resolve(options.cliScriptPath)} admin serve`,
     "Restart=always",
     "RestartSec=3",
     "NoNewPrivileges=true",
@@ -343,7 +392,7 @@ function buildRestartSudoersPolicy(options) {
   const systemctlPath = options.systemctlPath.trim();
   validateSimpleValue(runUser, "runUser");
   validateSimpleValue(systemctlPath, "systemctlPath");
-  if (!import_node_path3.default.isAbsolute(systemctlPath)) {
+  if (!import_node_path4.default.isAbsolute(systemctlPath)) {
     throw new Error("systemctlPath must be an absolute path.");
   }
   return [
@@ -358,7 +407,7 @@ function installSystemdServices(options) {
   assertRootPrivileges();
   const output = options.output ?? process.stdout;
   const runUser = options.runUser.trim();
-  const runtimeHome2 = import_node_path3.default.resolve(options.runtimeHome);
+  const runtimeHome2 = import_node_path4.default.resolve(options.runtimeHome);
   validateSimpleValue(runUser, "runUser");
   validateSimpleValue(runtimeHome2, "runtimeHome");
   validateSimpleValue(options.nodeBinPath, "nodeBinPath");
@@ -367,9 +416,9 @@ function installSystemdServices(options) {
   const runGroup = resolveUserGroup(runUser);
   import_node_fs3.default.mkdirSync(runtimeHome2, { recursive: true });
   runCommand("chown", ["-R", `${runUser}:${runGroup}`, runtimeHome2]);
-  const mainPath = import_node_path3.default.join(SYSTEMD_DIR, MAIN_SERVICE_NAME);
-  const adminPath = import_node_path3.default.join(SYSTEMD_DIR, ADMIN_SERVICE_NAME);
-  const restartSudoersPath = import_node_path3.default.join(SUDOERS_DIR, RESTART_SUDOERS_FILE);
+  const mainPath = import_node_path4.default.join(SYSTEMD_DIR, MAIN_SERVICE_NAME);
+  const adminPath = import_node_path4.default.join(SYSTEMD_DIR, ADMIN_SERVICE_NAME);
+  const restartSudoersPath = import_node_path4.default.join(SUDOERS_DIR, RESTART_SUDOERS_FILE);
   const unitOptions = {
     runUser,
     runtimeHome: runtimeHome2,
@@ -417,9 +466,9 @@ function uninstallSystemdServices(options) {
   assertLinuxWithSystemd();
   assertRootPrivileges();
   const output = options.output ?? process.stdout;
-  const mainPath = import_node_path3.default.join(SYSTEMD_DIR, MAIN_SERVICE_NAME);
-  const adminPath = import_node_path3.default.join(SYSTEMD_DIR, ADMIN_SERVICE_NAME);
-  const restartSudoersPath = import_node_path3.default.join(SUDOERS_DIR, RESTART_SUDOERS_FILE);
+  const mainPath = import_node_path4.default.join(SYSTEMD_DIR, MAIN_SERVICE_NAME);
+  const adminPath = import_node_path4.default.join(SYSTEMD_DIR, ADMIN_SERVICE_NAME);
+  const restartSudoersPath = import_node_path4.default.join(SUDOERS_DIR, RESTART_SUDOERS_FILE);
   stopAndDisableIfPresent(MAIN_SERVICE_NAME);
   if (import_node_fs3.default.existsSync(mainPath)) {
     import_node_fs3.default.unlinkSync(mainPath);
@@ -492,7 +541,7 @@ function assertLinuxWithSystemd() {
     throw new Error("Systemd service install only supports Linux.");
   }
   try {
-    (0, import_node_child_process.execFileSync)("systemctl", ["--version"], { stdio: "ignore" });
+    (0, import_node_child_process2.execFileSync)("systemctl", ["--version"], { stdio: "ignore" });
   } catch {
     throw new Error("systemctl is required but not found.");
   }
@@ -539,13 +588,13 @@ function runSystemctlIgnoreFailure(args) {
 }
 function resolveSystemctlPath() {
   const candidates = [];
-  const pathEntries = (process.env.PATH ?? "").split(import_node_path3.default.delimiter).filter(Boolean);
+  const pathEntries = (process.env.PATH ?? "").split(import_node_path4.default.delimiter).filter(Boolean);
   for (const entry of pathEntries) {
-    candidates.push(import_node_path3.default.join(entry, "systemctl"));
+    candidates.push(import_node_path4.default.join(entry, "systemctl"));
   }
   candidates.push("/usr/bin/systemctl", "/bin/systemctl", "/usr/local/bin/systemctl");
   for (const candidate of candidates) {
-    if (import_node_path3.default.isAbsolute(candidate) && import_node_fs3.default.existsSync(candidate)) {
+    if (import_node_path4.default.isAbsolute(candidate) && import_node_fs3.default.existsSync(candidate)) {
       return candidate;
     }
   }
@@ -553,7 +602,7 @@ function resolveSystemctlPath() {
 }
 function runCommand(file, args) {
   try {
-    return (0, import_node_child_process.execFileSync)(file, args, {
+    return (0, import_node_child_process2.execFileSync)(file, args, {
       encoding: "utf8",
       stdio: ["ignore", "pipe", "pipe"]
     });
@@ -581,7 +630,7 @@ function bufferToTrimmedString(value) {
 }
 // src/admin-server.ts
-var execFileAsync = (0, import_node_util.promisify)(import_node_child_process2.execFile);
+var execFileAsync2 = (0, import_node_util2.promisify)(import_node_child_process3.execFile);
 var HttpError = class extends Error {
   statusCode;
   constructor(statusCode, message) {
@@ -597,6 +646,7 @@ var AdminServer = class {
   host;
   port;
   adminToken;
+  adminTokens;
   adminIpAllowlist;
   adminAllowedOrigins;
   cwd;
@@ -613,6 +663,7 @@ var AdminServer = class {
     this.host = options.host;
     this.port = options.port;
     this.adminToken = options.adminToken;
+    this.adminTokens = buildAdminTokenMap(options.adminTokens ?? []);
     this.adminIpAllowlist = normalizeAllowlist(options.adminIpAllowlist ?? []);
     this.adminAllowedOrigins = normalizeOriginAllowlist(options.adminAllowedOrigins ?? []);
     this.cwd = options.cwd ?? process.cwd();
@@ -704,10 +755,19 @@ var AdminServer = class {
         this.sendHtml(res, renderAdminConsoleHtml());
         return;
       }
-      if (url.pathname.startsWith("/api/admin/") && !this.isAuthorized(req)) {
+      const requiredRole = requiredAdminRoleForRequest(req.method, url.pathname);
+      const authIdentity = requiredRole ? this.resolveAdminIdentity(req) : null;
+      if (requiredRole && !authIdentity) {
         this.sendJson(res, 401, {
           ok: false,
-          error: "Unauthorized. Provide Authorization: Bearer <ADMIN_TOKEN>."
+          error: "Unauthorized. Provide Authorization: Bearer <ADMIN_TOKEN> (or token from ADMIN_TOKENS_JSON)."
+        });
+        return;
+      }
+      if (requiredRole && authIdentity && !hasRequiredAdminRole(authIdentity.role, requiredRole)) {
+        this.sendJson(res, 403, {
+          ok: false,
+          error: "Forbidden. This endpoint requires admin write permission."
         });
         return;
       }
@@ -721,7 +781,7 @@ var AdminServer = class {
       }
       if (req.method === "PUT" && url.pathname === "/api/admin/config/global") {
         const body = await readJsonBody(req);
-        const actor = readActor(req);
+        const actor = resolveAuditActor(req, authIdentity);
         const result = this.updateGlobalConfig(body, actor);
         this.sendJson(res, 200, {
           ok: true,
@@ -749,13 +809,13 @@ var AdminServer = class {
         }
         if (req.method === "PUT") {
           const body = await readJsonBody(req);
-          const actor = readActor(req);
+          const actor = resolveAuditActor(req, authIdentity);
           const room = this.updateRoomConfig(roomId, body, actor);
           this.sendJson(res, 200, { ok: true, data: room });
           return;
         }
         if (req.method === "DELETE") {
-          const actor = readActor(req);
+          const actor = resolveAuditActor(req, authIdentity);
           this.configService.deleteRoomSettings(roomId, actor);
           this.sendJson(res, 200, { ok: true, roomId });
           return;
@@ -785,7 +845,7 @@ var AdminServer = class {
       if (req.method === "POST" && url.pathname === "/api/admin/service/restart") {
         const body = asObject(await readJsonBody(req), "service restart payload");
         const restartAdmin = normalizeBoolean(body.withAdmin, false);
-        const actor = readActor(req);
+        const actor = resolveAuditActor(req, authIdentity);
         try {
           const result = await this.restartServices(restartAdmin);
           this.stateStore.appendConfigRevision(
@@ -839,7 +899,7 @@ var AdminServer = class {
       updatedKeys.push("matrixCommandPrefix");
     }
     if ("codexWorkdir" in body) {
-      const workdir = import_node_path4.default.resolve(String(body.codexWorkdir ?? "").trim());
+      const workdir = import_node_path5.default.resolve(String(body.codexWorkdir ?? "").trim());
       ensureDirectory(workdir, "codexWorkdir");
       this.config.codexWorkdir = workdir;
       envUpdates.CODEX_WORKDIR = workdir;
@@ -1043,14 +1103,34 @@ var AdminServer = class {
       summary: normalizeOptionalString(body.summary)
     });
   }
-  isAuthorized(req) {
-    if (!this.adminToken) {
-      return true;
+  resolveAdminIdentity(req) {
+    if (!this.adminToken && this.adminTokens.size === 0) {
+      return {
+        role: "admin",
+        actor: null,
+        source: "open"
+      };
+    }
+    const token = readAdminToken(req);
+    if (!token) {
+      return null;
     }
-    const authorization = req.headers.authorization ?? "";
-    const bearer = authorization.startsWith("Bearer ") ? authorization.slice("Bearer ".length).trim() : "";
-    const fromHeader = normalizeHeaderValue(req.headers["x-admin-token"]);
-    return bearer === this.adminToken || fromHeader === this.adminToken;
+    if (this.adminToken && token === this.adminToken) {
+      return {
+        role: "admin",
+        actor: null,
+        source: "legacy"
+      };
+    }
+    const mappedIdentity = this.adminTokens.get(token);
+    if (!mappedIdentity) {
+      return null;
+    }
+    return {
+      role: mappedIdentity.role,
+      actor: mappedIdentity.actor,
+      source: "scoped"
+    };
   }
   isClientAllowed(req) {
     if (this.adminIpAllowlist.length === 0) {
@@ -1063,8 +1143,8 @@ var AdminServer = class {
     return this.adminIpAllowlist.includes(normalizedRemote);
   }
   persistEnvUpdates(updates) {
-    const envPath = import_node_path4.default.resolve(this.cwd, ".env");
-    const examplePath = import_node_path4.default.resolve(this.cwd, ".env.example");
+    const envPath = import_node_path5.default.resolve(this.cwd, ".env");
+    const examplePath = import_node_path5.default.resolve(this.cwd, ".env.example");
     const template = import_node_fs4.default.existsSync(envPath) ? import_node_fs4.default.readFileSync(envPath, "utf8") : import_node_fs4.default.existsSync(examplePath) ? import_node_fs4.default.readFileSync(examplePath, "utf8") : "";
     const next = applyEnvOverrides(template, updates);
     import_node_fs4.default.writeFileSync(envPath, next, "utf8");
@@ -1342,10 +1422,54 @@ function normalizeHeaderValue(value) {
   }
   return value.trim();
 }
-function readActor(req) {
+function readAdminToken(req) {
+  const authorization = normalizeHeaderValue(req.headers.authorization);
+  if (authorization) {
+    const match = /^bearer\s+(.+)$/i.exec(authorization);
+    const token = match?.[1]?.trim() ?? "";
+    if (token) {
+      return token;
+    }
+  }
+  const fromHeader = normalizeHeaderValue(req.headers["x-admin-token"]);
+  return fromHeader || null;
+}
+function resolveAuditActor(req, identity) {
+  if (identity?.source === "scoped") {
+    if (identity.actor) {
+      return identity.actor;
+    }
+    return identity.role === "admin" ? "admin-token" : "viewer-token";
+  }
   const actor = normalizeHeaderValue(req.headers["x-admin-actor"]);
   return actor || null;
 }
+function requiredAdminRoleForRequest(method, pathname) {
+  if (!pathname.startsWith("/api/admin/")) {
+    return null;
+  }
+  const normalizedMethod = (method ?? "GET").toUpperCase();
+  if (normalizedMethod === "GET" || normalizedMethod === "HEAD") {
+    return "viewer";
+  }
+  return "admin";
+}
+function hasRequiredAdminRole(role, requiredRole) {
+  if (requiredRole === "viewer") {
+    return role === "viewer" || role === "admin";
+  }
+  return role === "admin";
+}
+function buildAdminTokenMap(tokens) {
+  const mapped = /* @__PURE__ */ new Map();
+  for (const token of tokens) {
+    mapped.set(token.token, {
+      role: token.role,
+      actor: token.actor
+    });
+  }
+  return mapped;
+}
 function formatError(error) {
   if (error instanceof Error) {
     return error.message;
@@ -2219,7 +2343,7 @@ var ADMIN_CONSOLE_HTML = `<!doctype html>
 `;
 async function defaultCheckCodex(bin) {
   try {
-    const { stdout } = await execFileAsync(bin, ["--version"]);
+    const { stdout } = await execFileAsync2(bin, ["--version"]);
     return {
       ok: true,
       version: stdout.trim() || null,
@@ -2262,8 +2386,8 @@ async function defaultCheckMatrix(homeserver, timeoutMs) {
 // src/channels/matrix-channel.ts
 var import_promises2 = __toESM(require("fs/promises"));
-var import_node_os3 = __toESM(require("os"));
-var import_node_path5 = __toESM(require("path"));
+var import_node_os4 = __toESM(require("os"));
+var import_node_path6 = __toESM(require("path"));
 var import_matrix_js_sdk = require("matrix-js-sdk");
 // src/utils/message.ts
@@ -2686,10 +2810,10 @@ var MatrixChannel = class {
     }
     const bytes = Buffer.from(await response.arrayBuffer());
     const extension = resolveFileExtension(fileName, mimeType);
-    const directory = import_node_path5.default.join(import_node_os3.default.tmpdir(), "codeharbor-media");
+    const directory = import_node_path6.default.join(import_node_os4.default.tmpdir(), "codeharbor-media");
     await import_promises2.default.mkdir(directory, { recursive: true });
     const safeEventId = sanitizeFilename(eventId);
-    const targetPath = import_node_path5.default.join(directory, `${safeEventId}-${index}${extension}`);
+    const targetPath = import_node_path6.default.join(directory, `${safeEventId}-${index}${extension}`);
     await import_promises2.default.writeFile(targetPath, bytes);
     return targetPath;
   }
@@ -2774,7 +2898,7 @@ function sanitizeFilename(value) {
   return value.replace(/[^a-zA-Z0-9_-]/g, "_").slice(0, 80);
 }
 function resolveFileExtension(fileName, mimeType) {
-  const ext = import_node_path5.default.extname(fileName).trim();
+  const ext = import_node_path6.default.extname(fileName).trim();
   if (ext) {
     return ext;
   }
@@ -2792,13 +2916,13 @@ function resolveFileExtension(fileName, mimeType) {
 // src/config-service.ts
 var import_node_fs5 = __toESM(require("fs"));
-var import_node_path6 = __toESM(require("path"));
+var import_node_path7 = __toESM(require("path"));
 var ConfigService = class {
   stateStore;
   defaultWorkdir;
   constructor(stateStore, defaultWorkdir) {
     this.stateStore = stateStore;
-    this.defaultWorkdir = import_node_path6.default.resolve(defaultWorkdir);
+    this.defaultWorkdir = import_node_path7.default.resolve(defaultWorkdir);
   }
   resolveRoomConfig(roomId, fallbackPolicy) {
     const room = this.stateStore.getRoomSettings(roomId);
@@ -2869,7 +2993,7 @@ function normalizeRoomSettingsInput(input) {
   if (!roomId) {
     throw new Error("roomId is required.");
   }
-  const workdir = import_node_path6.default.resolve(input.workdir);
+  const workdir = import_node_path7.default.resolve(input.workdir);
   if (!import_node_fs5.default.existsSync(workdir) || !import_node_fs5.default.statSync(workdir).isDirectory()) {
     throw new Error(`workdir does not exist or is not a directory: ${workdir}`);
   }
@@ -2885,7 +3009,7 @@ function normalizeRoomSettingsInput(input) {
 }
 // src/executor/codex-executor.ts
-var import_node_child_process3 = require("child_process");
+var import_node_child_process4 = require("child_process");
 var import_node_readline = __toESM(require("readline"));
 var CodexExecutionCancelledError = class extends Error {
   constructor(message = "codex execution cancelled") {
@@ -2903,7 +3027,7 @@ var CodexExecutor = class {
   }
   startExecution(prompt, sessionId, onProgress, startOptions) {
     const args = buildCodexArgs(prompt, sessionId, this.options, startOptions);
-    const child = (0, import_node_child_process3.spawn)(this.options.bin, args, {
+    const child = (0, import_node_child_process4.spawn)(this.options.bin, args, {
       cwd: startOptions?.workdir ?? this.options.workdir,
       env: {
         ...process.env,
@@ -3136,17 +3260,17 @@ function stringify(value) {
 // src/orchestrator.ts
 var import_async_mutex = require("async-mutex");
-var import_promises3 = __toESM(require("fs/promises"));
+var import_promises4 = __toESM(require("fs/promises"));
 // src/compat/cli-compat-recorder.ts
 var import_node_fs6 = __toESM(require("fs"));
-var import_node_path7 = __toESM(require("path"));
+var import_node_path8 = __toESM(require("path"));
 var CliCompatRecorder = class {
   filePath;
   chain = Promise.resolve();
   constructor(filePath) {
-    this.filePath = import_node_path7.default.resolve(filePath);
-    import_node_fs6.default.mkdirSync(import_node_path7.default.dirname(this.filePath), { recursive: true });
+    this.filePath = import_node_path8.default.resolve(filePath);
+    import_node_fs6.default.mkdirSync(import_node_path8.default.dirname(this.filePath), { recursive: true });
   }
   append(entry) {
     const payload = `${JSON.stringify(entry)}
@@ -3623,6 +3747,296 @@ function createIdleWorkflowSnapshot() {
   };
 }
+// src/workflow/autodev.ts
+var import_promises3 = __toESM(require("fs/promises"));
+var import_node_path9 = __toESM(require("path"));
+function parseAutoDevCommand(text) {
+  const normalized = text.trim();
+  if (!/^\/autodev(?:\s|$)/i.test(normalized)) {
+    return null;
+  }
+  const parts = normalized.split(/\s+/);
+  if (parts.length === 1 || parts[1]?.toLowerCase() === "status") {
+    return { kind: "status" };
+  }
+  if (parts[1]?.toLowerCase() !== "run") {
+    return null;
+  }
+  const taskId = normalized.replace(/^\/autodev\s+run\s*/i, "").trim();
+  return {
+    kind: "run",
+    taskId: taskId || null
+  };
+}
+async function loadAutoDevContext(workdir) {
+  const requirementsPath = import_node_path9.default.join(workdir, "REQUIREMENTS.md");
+  const taskListPath = import_node_path9.default.join(workdir, "TASK_LIST.md");
+  const requirementsContent = await readOptionalFile(requirementsPath);
+  const taskListContent = await readOptionalFile(taskListPath);
+  return {
+    workdir,
+    requirementsPath,
+    taskListPath,
+    requirementsContent,
+    taskListContent,
+    tasks: taskListContent ? parseTasks(taskListContent) : []
+  };
+}
+function summarizeAutoDevTasks(tasks) {
+  const summary = {
+    total: tasks.length,
+    pending: 0,
+    inProgress: 0,
+    completed: 0,
+    cancelled: 0,
+    blocked: 0
+  };
+  for (const task of tasks) {
+    if (task.status === "pending") {
+      summary.pending += 1;
+      continue;
+    }
+    if (task.status === "in_progress") {
+      summary.inProgress += 1;
+      continue;
+    }
+    if (task.status === "completed") {
+      summary.completed += 1;
+      continue;
+    }
+    if (task.status === "cancelled") {
+      summary.cancelled += 1;
+      continue;
+    }
+    summary.blocked += 1;
+  }
+  return summary;
+}
+function selectAutoDevTask(tasks, taskId) {
+  if (taskId) {
+    const normalizedTarget = taskId.trim().toLowerCase();
+    return tasks.find((task) => task.id.toLowerCase() === normalizedTarget) ?? null;
+  }
+  const inProgressTask = tasks.find((task) => task.status === "in_progress");
+  if (inProgressTask) {
+    return inProgressTask;
+  }
+  return tasks.find((task) => task.status === "pending") ?? null;
+}
+function buildAutoDevObjective(task) {
+  return [
+    "\u4F60\u6B63\u5728\u6267\u884C CodeHarbor AutoDev \u4EFB\u52A1\uFF0C\u8BF7\u5728\u5F53\u524D\u5DE5\u4F5C\u76EE\u5F55\u5B8C\u6210\u6307\u5B9A\u5F00\u53D1\u76EE\u6807\u3002",
+    "",
+    `\u4EFB\u52A1ID: ${task.id}`,
+    `\u4EFB\u52A1\u63CF\u8FF0: ${task.description}`,
+    "",
+    "\u4E0A\u4E0B\u6587\u6587\u4EF6\uFF1A",
+    "- REQUIREMENTS.md\uFF08\u9700\u6C42\u57FA\u7EBF\uFF09",
+    "- TASK_LIST.md\uFF08\u4EFB\u52A1\u72B6\u6001\uFF09",
+    "",
+    "\u6267\u884C\u8981\u6C42\uFF1A",
+    "1. \u5148\u8BFB\u53D6 REQUIREMENTS.md \u548C TASK_LIST.md\uFF0C\u786E\u8BA4\u8FB9\u754C\u4E0E\u7EA6\u675F\u3002",
+    "2. \u5728\u5F53\u524D\u4ED3\u5E93\u76F4\u63A5\u5B8C\u6210\u4EE3\u7801\u4E0E\u6D4B\u8BD5\u6539\u52A8\u3002",
+    "3. \u8FD0\u884C\u53D7\u5F71\u54CD\u9A8C\u8BC1\u547D\u4EE4\u5E76\u6C47\u603B\u7ED3\u679C\u3002",
+    "4. \u8F93\u51FA\u6539\u52A8\u6587\u4EF6\u548C\u98CE\u9669\u8BF4\u660E\u3002"
+  ].join("\n");
+}
+function formatTaskForDisplay(task) {
+  return `${task.id} ${task.description} (${statusToSymbol(task.status)})`;
+}
+function statusToSymbol(status) {
+  if (status === "pending") {
+    return "\u2B1C";
+  }
+  if (status === "in_progress") {
+    return "\u{1F504}";
+  }
+  if (status === "completed") {
+    return "\u2705";
+  }
+  if (status === "cancelled") {
+    return "\u274C";
+  }
+  return "\u{1F6AB}";
+}
+async function updateAutoDevTaskStatus(taskListPath, task, nextStatus) {
+  const content = await import_promises3.default.readFile(taskListPath, "utf8");
+  const lines = splitLines(content);
+  if (task.lineIndex < 0 || task.lineIndex >= lines.length) {
+    throw new Error(`task ${task.id} line index out of range`);
+  }
+  const updatedLine = replaceLineStatus(lines[task.lineIndex] ?? "", task.id, nextStatus);
+  if (!updatedLine) {
+    throw new Error(`failed to update task status for ${task.id}`);
+  }
+  lines[task.lineIndex] = updatedLine;
+  await import_promises3.default.writeFile(taskListPath, lines.join("\n"), "utf8");
+  return {
+    ...task,
+    status: nextStatus
+  };
+}
+async function readOptionalFile(filePath) {
+  try {
+    return await import_promises3.default.readFile(filePath, "utf8");
+  } catch (error) {
+    if (error.code === "ENOENT") {
+      return null;
+    }
+    throw error;
+  }
+}
+function parseTasks(content) {
+  const lines = splitLines(content);
+  const tasks = [];
+  for (let index = 0; index < lines.length; index += 1) {
+    const line = lines[index] ?? "";
+    const tableTask = parseTableTaskLine(line, index);
+    if (tableTask) {
+      tasks.push(tableTask);
+      continue;
+    }
+    const listTask = parseListTaskLine(line, index);
+    if (listTask) {
+      tasks.push(listTask);
+    }
+  }
+  return tasks;
+}
+function parseTableTaskLine(line, lineIndex) {
+  const trimmed = line.trim();
+  if (!trimmed.startsWith("|")) {
+    return null;
+  }
+  const cells = trimmed.split("|").slice(1, -1).map((cell) => cell.trim());
+  if (cells.length < 3) {
+    return null;
+  }
+  const taskId = cells[0] ?? "";
+  if (!isLikelyTaskId(taskId)) {
+    return null;
+  }
+  const statusCell = cells[cells.length - 1] ?? "";
+  const status = parseStatusToken(statusCell);
+  if (!status) {
+    return null;
+  }
+  return {
+    id: taskId,
+    description: cells[1] ?? taskId,
+    status,
+    lineIndex
+  };
+}
+function parseListTaskLine(line, lineIndex) {
+  const checkboxMatch = line.match(/^\s*[-*]\s+\[( |x|X)\]\s+(.+)$/);
+  if (checkboxMatch) {
+    const rawText2 = checkboxMatch[2]?.trim() ?? "";
+    const taskId2 = extractTaskId(rawText2);
+    if (!taskId2) {
+      return null;
+    }
+    return {
+      id: taskId2,
+      description: stripTaskIdPrefix(rawText2, taskId2),
+      status: checkboxMatch[1]?.toLowerCase() === "x" ? "completed" : "pending",
+      lineIndex
+    };
+  }
+  const symbolMatch = line.match(/^\s*[-*]\s*(⬜|🔄|✅|❌|🚫)\s+(.+)$/);
+  if (!symbolMatch) {
+    return null;
+  }
+  const rawText = symbolMatch[2]?.trim() ?? "";
+  const taskId = extractTaskId(rawText);
+  if (!taskId) {
+    return null;
+  }
+  const status = parseStatusToken(symbolMatch[1] ?? "");
+  if (!status) {
+    return null;
+  }
+  return {
+    id: taskId,
+    description: stripTaskIdPrefix(rawText, taskId),
+    status,
+    lineIndex
+  };
+}
+function stripTaskIdPrefix(text, taskId) {
+  const normalized = text.trim();
+  const escapedId = escapeRegex(taskId);
+  return normalized.replace(new RegExp(`^${escapedId}[\\s:\uFF1A\\-]+`, "i"), "").trim() || normalized;
+}
+function extractTaskId(text) {
+  const normalized = text.trim();
+  const bracketMatch = normalized.match(/\(([A-Za-z][A-Za-z0-9._-]*)\)/);
+  if (bracketMatch?.[1] && isLikelyTaskId(bracketMatch[1])) {
+    return bracketMatch[1];
+  }
+  const token = normalized.split(/\s+/)[0]?.replace(/[,:：|]+$/, "") ?? "";
+  if (!isLikelyTaskId(token)) {
+    return null;
+  }
+  return token;
+}
+function isLikelyTaskId(taskId) {
+  if (!/^[A-Za-z][A-Za-z0-9._-]*$/.test(taskId)) {
+    return false;
+  }
+  return /\d/.test(taskId);
+}
+function parseStatusToken(text) {
+  const normalized = text.trim().toLowerCase();
+  if (!normalized) {
+    return null;
+  }
+  if (normalized.includes("\u2705") || normalized.includes("[x]") || normalized.includes("done")) {
+    return "completed";
+  }
+  if (normalized.includes("\u2B1C") || normalized.includes("\u2610") || normalized.includes("[ ]") || normalized === "todo") {
+    return "pending";
+  }
+  if (normalized.includes("\u{1F504}") || normalized.includes("\u8FDB\u884C\u4E2D") || normalized.includes("in progress")) {
+    return "in_progress";
+  }
+  if (normalized.includes("\u274C") || normalized.includes("\u53D6\u6D88") || normalized.includes("cancel")) {
+    return "cancelled";
+  }
+  if (normalized.includes("\u{1F6AB}") || normalized.includes("\u963B\u585E") || normalized.includes("block")) {
+    return "blocked";
+  }
+  return null;
+}
+function replaceLineStatus(line, taskId, status) {
+  const trimmed = line.trim();
+  const symbol = statusToSymbol(status);
+  if (trimmed.startsWith("|")) {
+    const cells = trimmed.split("|").slice(1, -1).map((cell) => cell.trim());
+    if (cells.length >= 3 && cells[0]?.toLowerCase() === taskId.toLowerCase()) {
+      const rawParts = line.split("|");
+      if (rawParts.length >= 3) {
+        rawParts[rawParts.length - 2] = ` ${symbol} `;
+        return rawParts.join("|");
+      }
+    }
+  }
+  if (/\[( |x|X)\]/.test(line)) {
+    const checkbox = status === "completed" ? "[x]" : "[ ]";
+    return line.replace(/\[( |x|X)\]/, checkbox);
+  }
+  if (/(⬜|🔄|✅|❌|🚫)/.test(line)) {
+    return line.replace(/(⬜|🔄|✅|❌|🚫)/, symbol);
+  }
+  return null;
+}
+function splitLines(content) {
+  return content.replace(/\r\n/g, "\n").split("\n");
+}
+function escapeRegex(value) {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
 // src/orchestrator.ts
 var RequestMetrics = class {
   total = 0;
@@ -3710,6 +4124,7 @@ var Orchestrator = class {
   cliCompatRecorder;
   workflowRunner;
   workflowSnapshots = /* @__PURE__ */ new Map();
+  autoDevSnapshots = /* @__PURE__ */ new Map();
   metrics = new RequestMetrics();
   lastLockPruneAt = 0;
   constructor(channel, executor, stateStore, logger, options) {
@@ -3804,11 +4219,17 @@ var Orchestrator = class {
         return;
       }
       const workflowCommand = this.workflowRunner.isEnabled() ? parseWorkflowCommand(route.prompt) : null;
+      const autoDevCommand = this.workflowRunner.isEnabled() ? parseAutoDevCommand(route.prompt) : null;
       if (workflowCommand?.kind === "status") {
         await this.handleWorkflowStatusCommand(sessionKey, message);
         this.stateStore.markEventProcessed(sessionKey, message.eventId);
         return;
       }
+      if (autoDevCommand?.kind === "status") {
+        await this.handleAutoDevStatusCommand(sessionKey, message, roomConfig.workdir);
+        this.stateStore.markEventProcessed(sessionKey, message.eventId);
+        return;
+      }
       const rateDecision = this.rateLimiter.tryAcquire({
         userId: message.senderId,
         roomId: message.conversationId
@@ -3857,6 +4278,37 @@ var Orchestrator = class {
         }
         return;
       }
+      if (autoDevCommand?.kind === "run") {
+        const executionStartedAt = Date.now();
+        let sendDurationMs2 = 0;
+        this.stateStore.activateSession(sessionKey, this.sessionActiveWindowMs);
+        try {
+          const sendStartedAt = Date.now();
+          await this.handleAutoDevRunCommand(
+            autoDevCommand.taskId,
+            sessionKey,
+            message,
+            requestId,
+            roomConfig.workdir
+          );
+          sendDurationMs2 += Date.now() - sendStartedAt;
+          this.stateStore.markEventProcessed(sessionKey, message.eventId);
+          this.metrics.record("success", queueWaitMs, Date.now() - executionStartedAt, sendDurationMs2);
+        } catch (error) {
+          sendDurationMs2 += await this.sendAutoDevFailure(message.conversationId, error);
+          this.stateStore.commitExecutionHandled(sessionKey, message.eventId);
+          const status = classifyExecutionOutcome(error);
+          this.metrics.record(status, queueWaitMs, Date.now() - executionStartedAt, sendDurationMs2);
+          this.logger.error("AutoDev request failed", {
+            requestId,
+            sessionKey,
+            error: formatError2(error)
+          });
+        } finally {
+          rateDecision.release?.();
+        }
+        return;
+      }
       this.stateStore.activateSession(sessionKey, this.sessionActiveWindowMs);
       const previousCodexSessionId = this.stateStore.getCodexSessionId(sessionKey);
       const executionPrompt = this.buildExecutionPrompt(route.prompt, message);
@@ -4078,6 +4530,7 @@ var Orchestrator = class {
     const limiter = this.rateLimiter.snapshot();
     const runtime = this.sessionRuntime.getRuntimeStats();
     const workflow = this.workflowSnapshots.get(sessionKey) ?? createIdleWorkflowSnapshot();
+    const autoDev = this.autoDevSnapshots.get(sessionKey) ?? createIdleAutoDevSnapshot();
     await this.channel.sendNotice(
       message.conversationId,
       `[CodeHarbor] \u5F53\u524D\u72B6\u6001
@@ -4091,7 +4544,8 @@ var Orchestrator = class {
 - \u5E73\u5747\u8017\u65F6: queue=${metrics.avgQueueMs}ms, exec=${metrics.avgExecMs}ms, send=${metrics.avgSendMs}ms
 - \u9650\u6D41\u5E76\u53D1: global=${limiter.activeGlobal}, users=${limiter.activeUsers}, rooms=${limiter.activeRooms}
 - CLI runtime: workers=${runtime.workerCount}, running=${runtime.runningCount}, compat_mode=${this.cliCompat.enabled ? "on" : "off"}
-- Multi-Agent workflow: enabled=${this.workflowRunner.isEnabled() ? "on" : "off"}, state=${workflow.state}`
+- Multi-Agent workflow: enabled=${this.workflowRunner.isEnabled() ? "on" : "off"}, state=${workflow.state}
+- AutoDev: enabled=${this.workflowRunner.isEnabled() ? "on" : "off"}, state=${autoDev.state}, task=${autoDev.taskId ?? "N/A"}`
     );
   }
   async handleWorkflowStatusCommand(sessionKey, message) {
@@ -4108,11 +4562,158 @@ var Orchestrator = class {
 - error: ${snapshot.error ?? "N/A"}`
     );
   }
+  async handleAutoDevStatusCommand(sessionKey, message, workdir) {
+    const snapshot = this.autoDevSnapshots.get(sessionKey) ?? createIdleAutoDevSnapshot();
+    try {
+      const context = await loadAutoDevContext(workdir);
+      const summary = summarizeAutoDevTasks(context.tasks);
+      const nextTask = selectAutoDevTask(context.tasks);
+      await this.channel.sendNotice(
+        message.conversationId,
+        `[CodeHarbor] AutoDev \u72B6\u6001
+- workdir: ${workdir}
+- REQUIREMENTS.md: ${context.requirementsContent ? "found" : "missing"}
+- TASK_LIST.md: ${context.taskListContent ? "found" : "missing"}
+- tasks: total=${summary.total}, pending=${summary.pending}, in_progress=${summary.inProgress}, completed=${summary.completed}, blocked=${summary.blocked}, cancelled=${summary.cancelled}
+- nextTask: ${nextTask ? formatTaskForDisplay(nextTask) : "N/A"}
+- runState: ${snapshot.state}
+- runTask: ${snapshot.taskId ? `${snapshot.taskId} ${snapshot.taskDescription ?? ""}`.trim() : "N/A"}
+- runApproved: ${snapshot.approved === null ? "N/A" : snapshot.approved ? "yes" : "no"}
+- runError: ${snapshot.error ?? "N/A"}`
+      );
+    } catch (error) {
+      await this.channel.sendNotice(message.conversationId, `[CodeHarbor] AutoDev \u72B6\u6001\u8BFB\u53D6\u5931\u8D25: ${formatError2(error)}`);
+    }
+  }
+  async handleAutoDevRunCommand(taskId, sessionKey, message, requestId, workdir) {
+    const requestedTaskId = taskId?.trim() || null;
+    const context = await loadAutoDevContext(workdir);
+    if (!context.requirementsContent) {
+      await this.channel.sendNotice(
+        message.conversationId,
+        `[CodeHarbor] AutoDev \u9700\u8981 ${context.requirementsPath}\uFF0C\u8BF7\u5148\u51C6\u5907\u9700\u6C42\u6587\u6863\u3002`
+      );
+      return;
+    }
+    if (!context.taskListContent) {
+      await this.channel.sendNotice(
+        message.conversationId,
+        `[CodeHarbor] AutoDev \u9700\u8981 ${context.taskListPath}\uFF0C\u8BF7\u5148\u51C6\u5907\u4EFB\u52A1\u6E05\u5355\u3002`
+      );
+      return;
+    }
+    if (context.tasks.length === 0) {
+      await this.channel.sendNotice(
+        message.conversationId,
+        "[CodeHarbor] \u672A\u5728 TASK_LIST.md \u8BC6\u522B\u5230\u4EFB\u52A1\uFF08\u9700\u5305\u542B\u4EFB\u52A1 ID \u4E0E\u72B6\u6001\u5217\uFF09\u3002"
+      );
+      return;
+    }
+    const selectedTask = selectAutoDevTask(context.tasks, requestedTaskId);
+    if (!selectedTask) {
+      if (requestedTaskId) {
+        await this.channel.sendNotice(message.conversationId, `[CodeHarbor] \u672A\u627E\u5230\u4EFB\u52A1 ${requestedTaskId}\u3002`);
+        return;
+      }
+      await this.channel.sendNotice(message.conversationId, "[CodeHarbor] \u5F53\u524D\u6CA1\u6709\u53EF\u6267\u884C\u4EFB\u52A1\uFF08pending/in_progress\uFF09\u3002");
+      return;
+    }
+    if (selectedTask.status === "completed") {
+      await this.channel.sendNotice(message.conversationId, `[CodeHarbor] \u4EFB\u52A1 ${selectedTask.id} \u5DF2\u5B8C\u6210\uFF08\u2705\uFF09\u3002`);
+      return;
+    }
+    if (selectedTask.status === "cancelled") {
+      await this.channel.sendNotice(message.conversationId, `[CodeHarbor] \u4EFB\u52A1 ${selectedTask.id} \u5DF2\u53D6\u6D88\uFF08\u274C\uFF09\u3002`);
+      return;
+    }
+    let activeTask = selectedTask;
+    let promotedToInProgress = false;
+    if (selectedTask.status === "pending") {
+      activeTask = await updateAutoDevTaskStatus(context.taskListPath, selectedTask, "in_progress");
+      promotedToInProgress = true;
+    }
+    const startedAtIso = (/* @__PURE__ */ new Date()).toISOString();
+    this.autoDevSnapshots.set(sessionKey, {
+      state: "running",
+      startedAt: startedAtIso,
+      endedAt: null,
+      taskId: activeTask.id,
+      taskDescription: activeTask.description,
+      approved: null,
+      repairRounds: 0,
+      error: null
+    });
+    await this.channel.sendNotice(
+      message.conversationId,
+      `[CodeHarbor] AutoDev \u542F\u52A8\u4EFB\u52A1 ${activeTask.id}: ${activeTask.description}`
+    );
+    try {
+      const result = await this.handleWorkflowRunCommand(
+        buildAutoDevObjective(activeTask),
+        sessionKey,
+        message,
+        requestId,
+        workdir
+      );
+      if (!result) {
+        return;
+      }
+      let finalTask = activeTask;
+      if (result.approved) {
+        finalTask = await updateAutoDevTaskStatus(context.taskListPath, activeTask, "completed");
+      }
+      const endedAtIso = (/* @__PURE__ */ new Date()).toISOString();
+      this.autoDevSnapshots.set(sessionKey, {
+        state: "succeeded",
+        startedAt: startedAtIso,
+        endedAt: endedAtIso,
+        taskId: finalTask.id,
+        taskDescription: finalTask.description,
+        approved: result.approved,
+        repairRounds: result.repairRounds,
+        error: null
+      });
+      const refreshed = await loadAutoDevContext(workdir);
+      const nextTask = selectAutoDevTask(refreshed.tasks);
+      await this.channel.sendNotice(
+        message.conversationId,
+        `[CodeHarbor] AutoDev \u4EFB\u52A1\u7ED3\u679C
+- task: ${finalTask.id}
+- reviewer approved: ${result.approved ? "yes" : "no"}
+- task status: ${statusToSymbol(finalTask.status)}
+- nextTask: ${nextTask ? formatTaskForDisplay(nextTask) : "N/A"}`
+      );
+    } catch (error) {
+      if (promotedToInProgress) {
+        try {
+          await updateAutoDevTaskStatus(context.taskListPath, activeTask, "pending");
+        } catch (restoreError) {
+          this.logger.warn("Failed to restore AutoDev task status after failure", {
+            taskId: activeTask.id,
+            error: formatError2(restoreError)
+          });
+        }
+      }
+      const status = classifyExecutionOutcome(error);
+      const endedAtIso = (/* @__PURE__ */ new Date()).toISOString();
+      this.autoDevSnapshots.set(sessionKey, {
+        state: status === "cancelled" ? "idle" : "failed",
+        startedAt: startedAtIso,
+        endedAt: endedAtIso,
+        taskId: activeTask.id,
+        taskDescription: activeTask.description,
+        approved: null,
+        repairRounds: 0,
+        error: formatError2(error)
+      });
+      throw error;
+    }
+  }
   async handleWorkflowRunCommand(objective, sessionKey, message, requestId, workdir) {
     const normalizedObjective = objective.trim();
     if (!normalizedObjective) {
       await this.channel.sendNotice(message.conversationId, "[CodeHarbor] /agents run \u9700\u8981\u63D0\u4F9B\u4EFB\u52A1\u76EE\u6807\u3002");
-      return;
+      return null;
     }
     const requestStartedAt = Date.now();
     let progressNoticeEventId = null;
@@ -4174,6 +4775,7 @@ var Orchestrator = class {
       });
       await this.channel.sendMessage(message.conversationId, buildWorkflowResultReply(result));
       await this.finishProgress(progressCtx, `\u591A\u667A\u80FD\u4F53\u6D41\u7A0B\u5B8C\u6210\uFF08\u8017\u65F6 ${formatDurationMs(Date.now() - requestStartedAt)}\uFF09`);
+      return result;
     } catch (error) {
       const status = classifyExecutionOutcome(error);
       const endedAtIso = (/* @__PURE__ */ new Date()).toISOString();
@@ -4206,6 +4808,16 @@ var Orchestrator = class {
     await this.channel.sendMessage(conversationId, `[CodeHarbor] Multi-Agent workflow \u5931\u8D25: ${formatError2(error)}`);
     return Date.now() - startedAt;
   }
+  async sendAutoDevFailure(conversationId, error) {
+    const startedAt = Date.now();
+    const status = classifyExecutionOutcome(error);
+    if (status === "cancelled") {
+      await this.channel.sendNotice(conversationId, "[CodeHarbor] AutoDev \u5DF2\u53D6\u6D88\u3002");
+      return Date.now() - startedAt;
+    }
+    await this.channel.sendMessage(conversationId, `[CodeHarbor] AutoDev \u5931\u8D25: ${formatError2(error)}`);
+    return Date.now() - startedAt;
+  }
   async handleStopCommand(sessionKey, message, requestId) {
     this.stateStore.deactivateSession(sessionKey);
     this.stateStore.clearCodexSessionId(sessionKey);
@@ -4401,6 +5013,18 @@ ${attachmentSummary}
     }
   }
 };
+function createIdleAutoDevSnapshot() {
+  return {
+    state: "idle",
+    startedAt: null,
+    endedAt: null,
+    taskId: null,
+    taskDescription: null,
+    approved: null,
+    repairRounds: 0,
+    error: null
+  };
+}
 function buildSessionKey(message) {
   return `${message.channel}:${message.conversationId}:${message.senderId}`;
 }
@@ -4424,7 +5048,7 @@ async function cleanupAttachmentFiles(imagePaths) {
   await Promise.all(
     imagePaths.map(async (imagePath) => {
       try {
-        await import_promises3.default.unlink(imagePath);
+        await import_promises4.default.unlink(imagePath);
       } catch {
       }
     })
@@ -4474,11 +5098,11 @@ function stripLeadingBotMention(text, matrixUserId) {
   if (!matrixUserId) {
     return text;
   }
-  const escapedUserId = escapeRegex(matrixUserId);
+  const escapedUserId = escapeRegex2(matrixUserId);
   const mentionPattern = new RegExp(`^\\s*(?:<)?${escapedUserId}(?:>)?[\\s,:\uFF0C\uFF1A-]*`, "i");
   return text.replace(mentionPattern, "").trim();
 }
-function escapeRegex(value) {
+function escapeRegex2(value) {
   return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
 }
 function formatDurationMs(durationMs) {
@@ -4541,7 +5165,7 @@ ${result.review}
 // src/store/state-store.ts
 var import_node_fs7 = __toESM(require("fs"));
-var import_node_path8 = __toESM(require("path"));
+var import_node_path10 = __toESM(require("path"));
 var ONE_DAY_MS = 24 * 60 * 60 * 1e3;
 var PRUNE_INTERVAL_MS = 5 * 60 * 1e3;
 var SQLITE_MODULE_ID = `node:${"sqlite"}`;
@@ -4567,7 +5191,7 @@ var StateStore = class {
     this.maxProcessedEventsPerSession = maxProcessedEventsPerSession;
     this.maxSessionAgeMs = maxSessionAgeDays * ONE_DAY_MS;
     this.maxSessions = maxSessions;
-    import_node_fs7.default.mkdirSync(import_node_path8.default.dirname(this.dbPath), { recursive: true });
+    import_node_fs7.default.mkdirSync(import_node_path10.default.dirname(this.dbPath), { recursive: true });
     this.db = new DatabaseSync(this.dbPath);
     this.initializeSchema();
     this.importLegacyStateIfNeeded();
@@ -4938,7 +5562,7 @@ function boolToInt(value) {
 }
 // src/app.ts
-var execFileAsync2 = (0, import_node_util2.promisify)(import_node_child_process4.execFile);
+var execFileAsync3 = (0, import_node_util3.promisify)(import_node_child_process5.execFile);
 var CodeHarborApp = class {
   config;
   logger;
@@ -5024,6 +5648,7 @@ var CodeHarborAdminApp = class {
       host: options?.host ?? config.adminBindHost,
       port: options?.port ?? config.adminPort,
       adminToken: config.adminToken,
+      adminTokens: config.adminTokens,
       adminIpAllowlist: config.adminIpAllowlist,
       adminAllowedOrigins: config.adminAllowedOrigins
     });
@@ -5034,7 +5659,7 @@ var CodeHarborAdminApp = class {
     this.logger.info("CodeHarbor admin server started", {
       host: address?.host ?? this.config.adminBindHost,
       port: address?.port ?? this.config.adminPort,
-      tokenProtected: Boolean(this.config.adminToken)
+      tokenProtected: Boolean(this.config.adminToken) || this.config.adminTokens.length > 0
     });
   }
   async stop() {
@@ -5050,7 +5675,7 @@ async function runDoctor(config) {
   const logger = new Logger(config.logLevel);
   logger.info("Doctor check started");
   try {
-    const { stdout } = await execFileAsync2(config.codexBin, ["--version"]);
+    const { stdout } = await execFileAsync3(config.codexBin, ["--version"]);
     logger.info("codex available", { version: stdout.trim() });
   } catch (error) {
     logger.error("codex unavailable", error);
@@ -5088,7 +5713,7 @@ function isNonLoopbackHost(host) {
 // src/config.ts
 var import_node_fs8 = __toESM(require("fs"));
-var import_node_path9 = __toESM(require("path"));
+var import_node_path11 = __toESM(require("path"));
 var import_dotenv2 = __toESM(require("dotenv"));
 var import_zod = require("zod");
 var configSchema = import_zod.z.object({
@@ -5139,6 +5764,7 @@ var configSchema = import_zod.z.object({
   ADMIN_BIND_HOST: import_zod.z.string().default("127.0.0.1"),
   ADMIN_PORT: import_zod.z.string().default("8787").transform((v) => Number.parseInt(v, 10)).pipe(import_zod.z.number().int().min(1).max(65535)),
   ADMIN_TOKEN: import_zod.z.string().default(""),
+  ADMIN_TOKENS_JSON: import_zod.z.string().default(""),
   ADMIN_IP_ALLOWLIST: import_zod.z.string().default(""),
   ADMIN_ALLOWED_ORIGINS: import_zod.z.string().default(""),
   LOG_LEVEL: import_zod.z.enum(["debug", "info", "warn", "error"]).default("info")
@@ -5149,7 +5775,7 @@ var configSchema = import_zod.z.object({
   matrixCommandPrefix: v.MATRIX_COMMAND_PREFIX,
   codexBin: v.CODEX_BIN,
   codexModel: v.CODEX_MODEL?.trim() || null,
-  codexWorkdir: import_node_path9.default.resolve(v.CODEX_WORKDIR),
+  codexWorkdir: import_node_path11.default.resolve(v.CODEX_WORKDIR),
   codexDangerousBypass: v.CODEX_DANGEROUS_BYPASS,
   codexExecTimeoutMs: v.CODEX_EXEC_TIMEOUT_MS,
   codexSandboxMode: v.CODEX_SANDBOX_MODE?.trim() || null,
@@ -5160,8 +5786,8 @@ var configSchema = import_zod.z.object({
     enabled: v.AGENT_WORKFLOW_ENABLED,
     autoRepairMaxRounds: v.AGENT_WORKFLOW_AUTO_REPAIR_MAX_ROUNDS
   },
-  stateDbPath: import_node_path9.default.resolve(v.STATE_DB_PATH),
-  legacyStateJsonPath: v.STATE_PATH.trim() ? import_node_path9.default.resolve(v.STATE_PATH) : null,
+  stateDbPath: import_node_path11.default.resolve(v.STATE_DB_PATH),
+  legacyStateJsonPath: v.STATE_PATH.trim() ? import_node_path11.default.resolve(v.STATE_PATH) : null,
   maxProcessedEventsPerSession: v.MAX_PROCESSED_EVENTS_PER_SESSION,
   maxSessionAgeDays: v.MAX_SESSION_AGE_DAYS,
   maxSessions: v.MAX_SESSIONS,
@@ -5192,17 +5818,18 @@ var configSchema = import_zod.z.object({
     disableReplyChunkSplit: v.CLI_COMPAT_DISABLE_REPLY_CHUNK_SPLIT,
     progressThrottleMs: v.CLI_COMPAT_PROGRESS_THROTTLE_MS,
     fetchMedia: v.CLI_COMPAT_FETCH_MEDIA,
-    recordPath: v.CLI_COMPAT_RECORD_PATH.trim() ? import_node_path9.default.resolve(v.CLI_COMPAT_RECORD_PATH) : null
+    recordPath: v.CLI_COMPAT_RECORD_PATH.trim() ? import_node_path11.default.resolve(v.CLI_COMPAT_RECORD_PATH) : null
   },
   doctorHttpTimeoutMs: v.DOCTOR_HTTP_TIMEOUT_MS,
   adminBindHost: v.ADMIN_BIND_HOST.trim() || "127.0.0.1",
   adminPort: v.ADMIN_PORT,
   adminToken: v.ADMIN_TOKEN.trim() || null,
+  adminTokens: parseAdminTokens(v.ADMIN_TOKENS_JSON),
   adminIpAllowlist: parseCsvList(v.ADMIN_IP_ALLOWLIST),
   adminAllowedOrigins: parseCsvList(v.ADMIN_ALLOWED_ORIGINS),
   logLevel: v.LOG_LEVEL
 }));
-function loadEnvFromFile(filePath = import_node_path9.default.resolve(process.cwd(), ".env"), env = process.env) {
+function loadEnvFromFile(filePath = import_node_path11.default.resolve(process.cwd(), ".env"), env = process.env) {
   import_dotenv2.default.config({
     path: filePath,
     processEnv: env,
@@ -5215,9 +5842,9 @@ function loadConfig(env = process.env) {
     const message = parsed.error.issues.map((issue) => `${issue.path.join(".") || "config"}: ${issue.message}`).join("; ");
     throw new Error(`Invalid configuration: ${message}`);
   }
-  import_node_fs8.default.mkdirSync(import_node_path9.default.dirname(parsed.data.stateDbPath), { recursive: true });
+  import_node_fs8.default.mkdirSync(import_node_path11.default.dirname(parsed.data.stateDbPath), { recursive: true });
   if (parsed.data.legacyStateJsonPath) {
-    import_node_fs8.default.mkdirSync(import_node_path9.default.dirname(parsed.data.legacyStateJsonPath), { recursive: true });
+    import_node_fs8.default.mkdirSync(import_node_path11.default.dirname(parsed.data.legacyStateJsonPath), { recursive: true });
   }
   return parsed.data;
 }
@@ -5288,10 +5915,57 @@ function parseExtraEnv(raw) {
 function parseCsvList(raw) {
   return raw.split(",").map((entry) => entry.trim()).filter((entry) => entry.length > 0);
 }
+function parseAdminTokens(raw) {
+  const trimmed = raw.trim();
+  if (!trimmed) {
+    return [];
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(trimmed);
+  } catch {
+    throw new Error("ADMIN_TOKENS_JSON must be valid JSON.");
+  }
+  if (!Array.isArray(parsed)) {
+    throw new Error("ADMIN_TOKENS_JSON must be a JSON array.");
+  }
+  const seenTokens = /* @__PURE__ */ new Set();
+  return parsed.map((entry, index) => {
+    if (!entry || typeof entry !== "object" || Array.isArray(entry)) {
+      throw new Error(`ADMIN_TOKENS_JSON[${index}] must be an object.`);
+    }
+    const payload = entry;
+    const tokenValue = payload.token;
+    if (typeof tokenValue !== "string" || !tokenValue.trim()) {
+      throw new Error(`ADMIN_TOKENS_JSON[${index}].token must be a non-empty string.`);
+    }
+    const token = tokenValue.trim();
+    if (seenTokens.has(token)) {
+      throw new Error(`ADMIN_TOKENS_JSON contains duplicated token at index ${index}.`);
+    }
+    seenTokens.add(token);
+    let role = "admin";
+    if (payload.role !== void 0) {
+      if (payload.role !== "admin" && payload.role !== "viewer") {
+        throw new Error(`ADMIN_TOKENS_JSON[${index}].role must be "admin" or "viewer".`);
+      }
+      role = payload.role;
+    }
+    if (payload.actor !== void 0 && payload.actor !== null && typeof payload.actor !== "string") {
+      throw new Error(`ADMIN_TOKENS_JSON[${index}].actor must be a string when provided.`);
+    }
+    const actor = typeof payload.actor === "string" ? payload.actor.trim() || null : null;
+    return {
+      token,
+      role,
+      actor
+    };
+  });
+}
 // src/config-snapshot.ts
 var import_node_fs9 = __toESM(require("fs"));
-var import_node_path10 = __toESM(require("path"));
+var import_node_path12 = __toESM(require("path"));
 var import_zod2 = require("zod");
 var CONFIG_SNAPSHOT_SCHEMA_VERSION = 1;
 var CONFIG_SNAPSHOT_ENV_KEYS = [
@@ -5342,6 +6016,7 @@ var CONFIG_SNAPSHOT_ENV_KEYS = [
   "ADMIN_BIND_HOST",
   "ADMIN_PORT",
   "ADMIN_TOKEN",
+  "ADMIN_TOKENS_JSON",
   "ADMIN_IP_ALLOWLIST",
   "ADMIN_ALLOWED_ORIGINS",
   "LOG_LEVEL"
@@ -5406,6 +6081,7 @@ var envSnapshotSchema = import_zod2.z.object({
   ADMIN_BIND_HOST: import_zod2.z.string(),
   ADMIN_PORT: integerStringSchema("ADMIN_PORT", 1, 65535),
   ADMIN_TOKEN: import_zod2.z.string(),
+  ADMIN_TOKENS_JSON: jsonArrayStringSchema("ADMIN_TOKENS_JSON", true).default(""),
   ADMIN_IP_ALLOWLIST: import_zod2.z.string(),
   ADMIN_ALLOWED_ORIGINS: import_zod2.z.string().default(""),
   LOG_LEVEL: import_zod2.z.enum(LOG_LEVELS)
@@ -5478,8 +6154,8 @@ async function runConfigExportCommand(options = {}) {
     const snapshot = buildConfigSnapshot(config, stateStore.listRoomSettings(), options.now ?? /* @__PURE__ */ new Date());
     const serialized = serializeConfigSnapshot(snapshot);
     if (options.outputPath) {
-      const targetPath = import_node_path10.default.resolve(cwd, options.outputPath);
-      import_node_fs9.default.mkdirSync(import_node_path10.default.dirname(targetPath), { recursive: true });
+      const targetPath = import_node_path12.default.resolve(cwd, options.outputPath);
+      import_node_fs9.default.mkdirSync(import_node_path12.default.dirname(targetPath), { recursive: true });
       import_node_fs9.default.writeFileSync(targetPath, serialized, "utf8");
       output.write(`Exported config snapshot to ${targetPath}
 `);
@@ -5494,7 +6170,7 @@ async function runConfigImportCommand(options) {
   const cwd = options.cwd ?? process.cwd();
   const output = options.output ?? process.stdout;
   const actor = options.actor?.trim() || "cli:config-import";
-  const sourcePath = import_node_path10.default.resolve(cwd, options.filePath);
+  const sourcePath = import_node_path12.default.resolve(cwd, options.filePath);
   if (!import_node_fs9.default.existsSync(sourcePath)) {
     throw new Error(`Config snapshot file not found: ${sourcePath}`);
   }
@@ -5525,7 +6201,7 @@ async function runConfigImportCommand(options) {
     synchronizeRoomSettings(stateStore, normalizedRooms);
     stateStore.appendConfigRevision(
       actor,
-      `import config snapshot from ${import_node_path10.default.basename(sourcePath)}`,
+      `import config snapshot from ${import_node_path12.default.basename(sourcePath)}`,
       JSON.stringify({
         type: "config_snapshot_import",
         sourcePath,
@@ -5539,7 +6215,7 @@ async function runConfigImportCommand(options) {
   output.write(
     [
       `Imported config snapshot from ${sourcePath}`,
-      `- updated .env in ${import_node_path10.default.resolve(cwd, ".env")}`,
+      `- updated .env in ${import_node_path12.default.resolve(cwd, ".env")}`,
       `- synchronized room settings: ${normalizedRooms.length}`,
       "- restart required: yes (global env settings are restart-scoped)"
     ].join("\n") + "\n"
@@ -5594,6 +6270,7 @@ function buildSnapshotEnv(config) {
     ADMIN_BIND_HOST: config.adminBindHost,
     ADMIN_PORT: String(config.adminPort),
     ADMIN_TOKEN: config.adminToken ?? "",
+    ADMIN_TOKENS_JSON: serializeAdminTokens(config.adminTokens),
     ADMIN_IP_ALLOWLIST: config.adminIpAllowlist.join(","),
     ADMIN_ALLOWED_ORIGINS: config.adminAllowedOrigins.join(","),
     LOG_LEVEL: config.logLevel
@@ -5613,10 +6290,10 @@ function parseJsonFile(filePath) {
 function normalizeSnapshotEnv(env, cwd) {
   return {
     ...env,
-    CODEX_WORKDIR: import_node_path10.default.resolve(cwd, env.CODEX_WORKDIR),
-    STATE_DB_PATH: import_node_path10.default.resolve(cwd, env.STATE_DB_PATH),
-    STATE_PATH: env.STATE_PATH.trim() ? import_node_path10.default.resolve(cwd, env.STATE_PATH) : "",
-    CLI_COMPAT_RECORD_PATH: env.CLI_COMPAT_RECORD_PATH.trim() ? import_node_path10.default.resolve(cwd, env.CLI_COMPAT_RECORD_PATH) : ""
+    CODEX_WORKDIR: import_node_path12.default.resolve(cwd, env.CODEX_WORKDIR),
+    STATE_DB_PATH: import_node_path12.default.resolve(cwd, env.STATE_DB_PATH),
+    STATE_PATH: env.STATE_PATH.trim() ? import_node_path12.default.resolve(cwd, env.STATE_PATH) : "",
+    CLI_COMPAT_RECORD_PATH: env.CLI_COMPAT_RECORD_PATH.trim() ? import_node_path12.default.resolve(cwd, env.CLI_COMPAT_RECORD_PATH) : ""
   };
 }
 function normalizeSnapshotRooms(rooms, cwd) {
@@ -5631,7 +6308,7 @@ function normalizeSnapshotRooms(rooms, cwd) {
       throw new Error(`Duplicate roomId in snapshot: ${roomId}`);
     }
     seen.add(roomId);
-    const workdir = import_node_path10.default.resolve(cwd, room.workdir);
+    const workdir = import_node_path12.default.resolve(cwd, room.workdir);
     ensureDirectory2(workdir, `room workdir (${roomId})`);
     normalized.push({
       roomId,
@@ -5658,8 +6335,8 @@ function synchronizeRoomSettings(stateStore, rooms) {
   }
 }
 function persistEnvSnapshot(cwd, env) {
-  const envPath = import_node_path10.default.resolve(cwd, ".env");
-  const examplePath = import_node_path10.default.resolve(cwd, ".env.example");
+  const envPath = import_node_path12.default.resolve(cwd, ".env");
+  const examplePath = import_node_path12.default.resolve(cwd, ".env.example");
   const template = import_node_fs9.default.existsSync(envPath) ? import_node_fs9.default.readFileSync(envPath, "utf8") : import_node_fs9.default.existsSync(examplePath) ? import_node_fs9.default.readFileSync(examplePath, "utf8") : "";
   const overrides = {};
   for (const key of CONFIG_SNAPSHOT_ENV_KEYS) {
@@ -5683,6 +6360,9 @@ function parseIntStrict(raw) {
 function serializeJsonObject(value) {
   return Object.keys(value).length > 0 ? JSON.stringify(value) : "";
 }
+function serializeAdminTokens(tokens) {
+  return tokens.length > 0 ? JSON.stringify(tokens) : "";
+}
 function booleanStringSchema(key) {
   return import_zod2.z.string().refine((value) => BOOLEAN_STRING.test(value), {
     message: `${key} must be a boolean string (true/false).`
@@ -5720,13 +6400,30 @@ function jsonObjectStringSchema(key, allowEmpty) {
     message: `${key} must be an empty string or a JSON object string.`
   });
 }
+function jsonArrayStringSchema(key, allowEmpty) {
+  return import_zod2.z.string().refine((value) => {
+    const trimmed = value.trim();
+    if (!trimmed) {
+      return allowEmpty;
+    }
+    let parsed;
+    try {
+      parsed = JSON.parse(trimmed);
+    } catch {
+      return false;
+    }
+    return Array.isArray(parsed);
+  }, {
+    message: `${key} must be an empty string or a JSON array string.`
+  });
+}
 // src/preflight.ts
-var import_node_child_process5 = require("child_process");
+var import_node_child_process6 = require("child_process");
 var import_node_fs10 = __toESM(require("fs"));
-var import_node_path11 = __toESM(require("path"));
-var import_node_util3 = require("util");
-var execFileAsync3 = (0, import_node_util3.promisify)(import_node_child_process5.execFile);
+var import_node_path13 = __toESM(require("path"));
+var import_node_util4 = require("util");
+var execFileAsync4 = (0, import_node_util4.promisify)(import_node_child_process6.execFile);
 var REQUIRED_ENV_KEYS = ["MATRIX_HOMESERVER", "MATRIX_USER_ID", "MATRIX_ACCESS_TOKEN"];
 async function runStartupPreflight(options = {}) {
   const env = options.env ?? process.env;
@@ -5735,7 +6432,9 @@ async function runStartupPreflight(options = {}) {
   const fileExists = options.fileExists ?? import_node_fs10.default.existsSync;
   const isDirectory = options.isDirectory ?? defaultIsDirectory;
   const issues = [];
-  const envPath = import_node_path11.default.resolve(cwd, ".env");
+  const envPath = import_node_path13.default.resolve(cwd, ".env");
+  let resolvedCodexBin = null;
+  let usedCodexFallback = false;
   if (!fileExists(envPath)) {
     issues.push({
       level: "warn",
@@ -5783,18 +6482,34 @@ async function runStartupPreflight(options = {}) {
   const codexBin = readEnv(env, "CODEX_BIN") || "codex";
   try {
     await checkCodexBinary(codexBin);
+    resolvedCodexBin = codexBin;
   } catch (error) {
-    const reason = error instanceof Error && error.message ? ` (${error.message})` : "";
-    issues.push({
-      level: "error",
-      code: "missing_codex_bin",
-      check: "CODEX_BIN",
-      message: `Unable to execute "${codexBin}"${reason}.`,
-      fix: `Install Codex CLI and ensure "${codexBin}" is in PATH, or set CODEX_BIN=/absolute/path/to/codex.`
-    });
+    const fallbackBin = await findWorkingCodexBin(codexBin, { env, checkBinary: checkCodexBinary });
+    if (fallbackBin && fallbackBin !== codexBin) {
+      resolvedCodexBin = fallbackBin;
+      usedCodexFallback = true;
+      issues.push({
+        level: "warn",
+        code: "codex_bin_fallback",
+        check: "CODEX_BIN",
+        message: `Configured CODEX_BIN "${codexBin}" is unavailable; fallback to "${fallbackBin}".`,
+        fix: `Update CODEX_BIN=${fallbackBin} in .env to avoid fallback probing on startup.`
+      });
+    } else if (fallbackBin) {
+      resolvedCodexBin = fallbackBin;
+    } else {
+      const reason = error instanceof Error && error.message ? ` (${error.message})` : "";
+      issues.push({
+        level: "error",
+        code: "missing_codex_bin",
+        check: "CODEX_BIN",
+        message: `Unable to execute "${codexBin}"${reason}.`,
+        fix: `Install Codex CLI and ensure "${codexBin}" is in PATH, or set CODEX_BIN=/absolute/path/to/codex.`
+      });
+    }
   }
   const configuredWorkdir = readEnv(env, "CODEX_WORKDIR");
-  const workdir = import_node_path11.default.resolve(cwd, configuredWorkdir || cwd);
+  const workdir = import_node_path13.default.resolve(cwd, configuredWorkdir || cwd);
   if (!fileExists(workdir) || !isDirectory(workdir)) {
     issues.push({
       level: "error",
@@ -5806,7 +6521,9 @@ async function runStartupPreflight(options = {}) {
   }
   return {
     ok: issues.every((issue) => issue.level !== "error"),
-    issues
+    issues,
+    resolvedCodexBin,
+    usedCodexFallback
   };
 }
 function formatPreflightReport(result, commandName) {
@@ -5829,7 +6546,7 @@ function formatPreflightReport(result, commandName) {
 `;
 }
 async function defaultCheckCodexBinary(bin) {
-  await execFileAsync3(bin, ["--version"]);
+  await execFileAsync4(bin, ["--version"]);
 }
 function defaultIsDirectory(targetPath) {
   try {
@@ -5892,11 +6609,12 @@ admin.command("serve").description("Start admin config API server").option("--ho
   const host = options.host?.trim() || config.adminBindHost;
   const port = options.port ? parsePortOption(options.port, config.adminPort) : config.adminPort;
   const allowInsecureNoToken = options.allowInsecureNoToken ?? false;
-  if (!config.adminToken && !allowInsecureNoToken && isNonLoopbackHost(host)) {
+  const hasAdminAuth = Boolean(config.adminToken) || config.adminTokens.length > 0;
+  if (!hasAdminAuth && !allowInsecureNoToken && isNonLoopbackHost(host)) {
     process.stderr.write(
       [
-        "Refusing to start admin server on non-loopback host without ADMIN_TOKEN.",
-        "Fix: set ADMIN_TOKEN in .env, or explicitly pass --allow-insecure-no-token.",
+        "Refusing to start admin server on non-loopback host without admin auth token.",
+        "Fix: set ADMIN_TOKEN or ADMIN_TOKENS_JSON in .env, or explicitly pass --allow-insecure-no-token.",
         ""
       ].join("\n")
     );
@@ -6015,7 +6733,11 @@ if (process.argv.length <= 2) {
 }
 void program.parseAsync(process.argv);
 async function loadConfigWithPreflight(commandName, runtimeHomePath) {
-  const preflight = await runStartupPreflight({ cwd: runtimeHomePath });
+  const env = { ...process.env };
+  const preflight = await runStartupPreflight({ cwd: runtimeHomePath, env });
+  if (preflight.resolvedCodexBin) {
+    env.CODEX_BIN = preflight.resolvedCodexBin;
+  }
   if (preflight.issues.length > 0) {
     const report = formatPreflightReport(preflight, commandName);
     if (preflight.ok) {
@@ -6026,7 +6748,7 @@ async function loadConfigWithPreflight(commandName, runtimeHomePath) {
     }
   }
   try {
-    return loadConfig();
+    return loadConfig(env);
   } catch (error) {
     const message = error instanceof Error ? error.message : String(error);
     process.stderr.write(`Configuration error: ${message}
@@ -6056,7 +6778,7 @@ function ensureRuntimeHomeOrExit() {
 `);
     process.exit(1);
   }
-  loadEnvFromFile(import_node_path12.default.resolve(home, ".env"));
+  loadEnvFromFile(import_node_path14.default.resolve(home, ".env"));
   runtimeHome = home;
   return runtimeHome;
 }
@@ -6071,7 +6793,7 @@ function parsePortOption(raw, fallback) {
 }
 function resolveCliVersion() {
   try {
-    const packagePath = import_node_path12.default.resolve(__dirname, "..", "package.json");
+    const packagePath = import_node_path14.default.resolve(__dirname, "..", "package.json");
     const content = import_node_fs11.default.readFileSync(packagePath, "utf8");
     const parsed = JSON.parse(content);
     return typeof parsed.version === "string" && parsed.version.trim() ? parsed.version : "0.0.0";
@@ -6082,9 +6804,9 @@ function resolveCliVersion() {
 function resolveCliScriptPath() {
   const argvPath = process.argv[1];
   if (argvPath && argvPath.trim()) {
-    return import_node_path12.default.resolve(argvPath);
+    return import_node_path14.default.resolve(argvPath);
   }
-  return import_node_path12.default.resolve(__dirname, "cli.js");
+  return import_node_path14.default.resolve(__dirname, "cli.js");
 }
 function maybeReexecServiceCommandWithSudo() {
   if (typeof process.getuid !== "function" || process.getuid() === 0) {
@@ -6095,7 +6817,7 @@ function maybeReexecServiceCommandWithSudo() {
     return;
   }
   const cliScriptPath = resolveCliScriptPath();
-  const child = (0, import_node_child_process6.spawnSync)("sudo", [process.execPath, cliScriptPath, ...serviceArgs], {
+  const child = (0, import_node_child_process7.spawnSync)("sudo", [process.execPath, cliScriptPath, ...serviceArgs], {
     stdio: "inherit"
   });
   if (child.error) {