create-walle 0.9.13 → 0.9.14

package/template/claude-task-manager/server.js

@@ -35,6 +35,7 @@ const {
   getCodexThreadById,
   getCodexThreadResumeCwd,
   getResumeSpec,
+  listCodexSessionsFromRollouts,
   parseSessionStartMs,
   parseCodexJsonlIntoMessages,
   parseCodexJsonlFileIntoMessages,
@@ -47,6 +48,13 @@ const { JsonlWatcher } = require('./lib/fs-watcher');
 const compactStitch = require('./lib/compact-stitch');
 const { registerSessionJobs, registerStreamJobs } = require('./lib/session-jobs');
 const { SessionStream } = require('./lib/session-stream');
+const { buildSessionStandupSnapshot } = require('./lib/session-standup');
+const {
+  buildStandupAttentionContext,
+  heuristicStandupAttention,
+  mergeStickyStandupAttention,
+  parseStandupAttentionResult,
+} = require('./lib/standup-attention');
 const { getAllSessionFilesAsync: getAllSessionFilesAsyncFromUtils } = require('./session-utils');
 const { SessionCapture } = require('./lib/session-capture');
 const { resolveFallback: resolveLaunchFallback, isEarlyExit } = require('./lib/launch-presets');
@@ -62,8 +70,14 @@ const claudeDesktopSessions = require('./lib/claude-desktop-sessions');
 const SessionSearchUtils = require('./public/js/session-search-utils.js');
 const agentHooksInstaller = require('./lib/agent-hooks-installer');
 const statusHooks = require('./lib/status-hooks');
+const { ensureWalleMcpForAgentSession } = require('./lib/walle-mcp-auto-config');
 const { getStateDetector } = require('./workers/state-detectors');
 const { canResumeAgent, getAgentCapabilities, normalizeAgentType } = require('./lib/agent-capabilities');
+const {
+  clientUpdateTelemetryEvent,
+  errorKind: updateTelemetryErrorKind,
+  trackUpdateTelemetry,
+} = require('./lib/update-telemetry');
 const { resolveWalleChatContext } = require('./lib/walle-session-context');
 const {
   applyWalleToolEvent,
@@ -89,6 +103,7 @@ const {
   loadConfig,
   ensureWalleToken,
 } = require('./lib/server-config');
+const { resolveWalleDefaultModelSelection } = require('./lib/walle-default-model');
 const { createWalleSupervisor } = require('./lib/walle-supervisor');
 const oauthProxySupervisor = require('./lib/oauth-proxy-supervisor');
 
@@ -163,7 +178,7 @@ function _storedProviderKey(brain, type) {
   }
 }
 
-async function generateSessionSummaryWithWalleProvider({ turnsText, sysPrompt }) {
+async function generateSessionSummaryWithWalleProvider({ turnsText, sysPrompt, maxTokens = 60 }) {
   const brain = getWalleBrain();
   const provider = sanitizeSetupProviderType(
     brain?.getKv?.('walle_provider') || process.env.WALLE_PROVIDER || 'anthropic'
@@ -209,7 +224,7 @@ async function generateSessionSummaryWithWalleProvider({ turnsText, sysPrompt })
       model: model || undefined,
       system: sysPrompt,
       messages: [{ role: 'user', content: turnsText }],
-      maxTokens: 60,
+      maxTokens,
       temperature: 0.2,
       thinking: 'disabled',
       reasoningEffort: 'low',
@@ -294,10 +309,36 @@ function _isBusyStatusPtyChunk(session, data) {
   return !!detector.isBusyStatusChunk(filtered);
 }
 
+const CTM_UI_REFRESH_ACTIVITY_SUPPRESS_MS = 2500;
+
+function _markCtmUiRefreshActivitySuppression(session, source) {
+  if (!session) return;
+  session._ctmUiRefreshActivitySuppressUntil = Date.now() + CTM_UI_REFRESH_ACTIVITY_SUPPRESS_MS;
+  session._ctmUiRefreshActivitySuppressSource = source || 'ui-refresh';
+}
+
+function _suppressCtmUiRefreshActivity(session, statusOnlyChunk) {
+  if (!session || !statusOnlyChunk) return false;
+  const until = session._ctmUiRefreshActivitySuppressUntil || 0;
+  return until && Date.now() < until;
+}
+
 function _isServerWaitingForInput(sessionId, session) {
   return !!(session?._waitingForInput || idleNotifyState.get(sessionId)?.notified);
 }
 
+function _inputMayResolveWaiting(data, session) {
+  const s = String(data || '');
+  if (!s) return false;
+  if (s.includes('\r') || s.includes('\n')) return true;
+  if (s.includes('\x03') || s.includes('\x04')) return true; // Ctrl-C / Ctrl-D
+  const reason = session?._waitingForInputReason || '';
+  if (reason === 'approval' || reason === 'choice') {
+    return /^[\s]*[12yYnN\u001b][\s]*$/.test(s);
+  }
+  return false;
+}
+
 function resolveAgentCliCommand(cmd) {
   return agentCliCache.resolveCliCommand(cmd, { cacheFile: AGENT_CLI_CACHE_FILE });
 }
@@ -2970,6 +3011,9 @@ async function handleApi(req, res, url) {
   if (url.pathname === '/api/recent-sessions' && req.method === 'GET') {
     return apiRecentSessions(req, res, url);
   }
+  if (url.pathname === '/api/sessions/standup' && req.method === 'GET') {
+    return apiSessionStandup(req, res, url);
+  }
   if (url.pathname === '/api/sessions/git-status' && req.method === 'GET') {
     return apiSessionsGitStatus(req, res, url);
   }
@@ -3165,13 +3209,19 @@ async function handleApi(req, res, url) {
     res.writeHead(200, { 'Content-Type': 'application/json' });
     return res.end(JSON.stringify({ sessions: statuses }));
   }
+  if (url.pathname === '/api/app/version' && req.method === 'GET') {
+    return apiAppVersion(req, res);
+  }
   // --- Update check endpoints ---
   if (url.pathname === '/api/updates/check' && req.method === 'GET') {
-    return apiUpdatesCheck(req, res);
+    return apiUpdatesCheck(req, res, url);
   }
   if (url.pathname === '/api/updates/apply' && req.method === 'POST') {
     return apiUpdatesApply(req, res);
   }
+  if (url.pathname === '/api/updates/telemetry' && req.method === 'POST') {
+    return apiUpdatesTelemetry(req, res);
+  }
 
   if (url.pathname === '/api/restart/ctm' && req.method === 'POST') {
     return apiRestartCtm(req, res);
@@ -3811,6 +3861,246 @@ async function apiSessionsGitStatus(req, res, url) {
   }
 }
 
+function _standupStreamSource() {
+  return _sessionCapture || _sessionStream || null;
+}
+
+function _standupSummaryFor(source, ctmSessionId, agentSessionId) {
+  if (!source || typeof source.getSummary !== 'function') return null;
+  const ids = [ctmSessionId, agentSessionId].filter(Boolean);
+  for (const id of ids) {
+    try {
+      const summary = source.getSummary(id);
+      if (summary) return summary;
+    } catch {}
+  }
+  return null;
+}
+
+const _standupAttentionCache = new Map();
+
+function _standupAttentionKey(session) {
+  return String(session?.id || session?.ctmSessionId || session?.agentSessionId || session?.sessionId || '');
+}
+
+function _pruneStandupAttentionCache(now = Date.now()) {
+  if (_standupAttentionCache.size <= 250) return;
+  for (const [key, value] of _standupAttentionCache) {
+    if (_standupAttentionCache.size <= 200) break;
+    if (!value?.updatedAt || now - value.updatedAt > 24 * 60 * 60 * 1000) {
+      _standupAttentionCache.delete(key);
+    }
+  }
+}
+
+function _standupAttentionSystemPrompt() {
+  return [
+    'Classify whether a CTM coding session has a current attention issue.',
+    'Return only compact JSON with keys: severity, recommendation, evidence, confidence.',
+    'severity must be one of: none, warning, failure.',
+    'Use failure only for an unresolved blocker/failure that currently prevents progress or needs operator action.',
+    'Use warning for a real non-blocking warning, risk, or caution that should remain visible.',
+    'Use none for historical warning/failure wording, resolved issues, normal progress, or generic status text.',
+    'evidence must be an array of at most 3 short phrases copied or paraphrased from the context.',
+    'confidence must be low, medium, or high.',
+  ].join(' ');
+}
+
+async function _classifyStandupAttentionWithAi(context) {
+  if (!context?.text) return null;
+  const result = await generateSessionSummaryWithWalleProvider({
+    turnsText: context.text,
+    sysPrompt: _standupAttentionSystemPrompt(),
+    maxTokens: 220,
+  });
+  return parseStandupAttentionResult(result?.text, {
+    source: 'ai',
+    model: result?.model || '',
+  });
+}
+
+async function _standupAttentionFor(session, summary, now = Date.now()) {
+  const key = _standupAttentionKey(session);
+  if (!key) return null;
+  const context = buildStandupAttentionContext({ session, summary });
+  const cached = _standupAttentionCache.get(key);
+  if (cached && cached.hash === context.hash && cached.attention) {
+    return cached.attention;
+  }
+
+  let next = null;
+  if (context.hasAttentionLanguage) {
+    try {
+      next = await _classifyStandupAttentionWithAi(context);
+    } catch (e) {
+      console.warn('[standup] attention classifier failed:', e.message || e);
+    }
+  }
+  if (!next) next = heuristicStandupAttention(context);
+
+  const attention = mergeStickyStandupAttention(cached?.attention || null, next, context.text, now);
+  _standupAttentionCache.set(key, {
+    hash: context.hash,
+    attention,
+    updatedAt: now,
+  });
+  _pruneStandupAttentionCache(now);
+  return attention;
+}
+
+async function _applyStandupAttention(pairs, now = Date.now()) {
+  for (const pair of pairs) {
+    const attention = await _standupAttentionFor(pair.session, pair.summary || {}, now);
+    if (!attention || attention.severity === 'none') continue;
+    pair.session.attention = attention;
+    if (pair.summary) pair.summary.attention = attention;
+  }
+}
+
+function _standupTimeMs(value) {
+  if (!value) return 0;
+  if (typeof value === 'number' && Number.isFinite(value)) return value;
+  const parsed = Date.parse(String(value));
+  return Number.isFinite(parsed) ? parsed : 0;
+}
+
+function _normalizeStandupLiveStatus(status) {
+  const text = String(status || '').toLowerCase();
+  if (!text) return '';
+  if (text === 'busy') return 'running';
+  if (text === 'waiting-for-input') return 'waiting_input';
+  if (['running', 'waiting', 'waiting_input', 'idle', 'exited'].includes(text)) return text;
+  return '';
+}
+
+const STANDUP_MIN_RUNNING_HOLD_MS = 5000;
+
+function _standupProviderIdForSession(session) {
+  if (!session) return '';
+  return session._providerId || _providerIdFromCmd(session.cmd || '');
+}
+
+function _standupRunningHoldMsForSession(session) {
+  const providerId = _standupProviderIdForSession(session);
+  let detectorMs = 0;
+  try {
+    const detector = getStateDetector(providerId);
+    detectorMs = Number(detector && detector.idleDebounceMs) || 0;
+  } catch {
+    // Unknown providers fall back to the conservative minimum running hold.
+  }
+  return Math.max(STANDUP_MIN_RUNNING_HOLD_MS, detectorMs);
+}
+
+function _standupWaitingReason(sessionId, session) {
+  return String(session?._waitingForInputReason || idleNotifyState.get(sessionId)?.reason || '').toLowerCase();
+}
+
+function _standupIsBlockingWaitingReason(reason) {
+  return reason === 'approval' || reason === 'choice';
+}
+
+function _standupHasRecentNonResolvingInput(session) {
+  return !!(session?._waitingForInput &&
+    session._lastNonResolvingWaitingInputAt &&
+    (!session._lastWaitingResolveInputAt ||
+      session._lastNonResolvingWaitingInputAt > session._lastWaitingResolveInputAt));
+}
+
+function _standupLiveStatusForSession(session, now = Date.now()) {
+  if (!session) return '';
+
+  // Wall-E chat tabs do not have PTYs. A non-generating chat is available for
+  // the next message, not blocked waiting for operator input.
+  if (session.type === 'walle') {
+    return session.abortController ? 'running' : 'idle';
+  }
+
+  const providerId = _standupProviderIdForSession(session);
+  const ptyActivity = _standupTimeMs(session.lastPtyActivity);
+  const runningHoldMs = _standupRunningHoldMsForSession(session);
+  const recentPtyActivity = !!(ptyActivity && (now - ptyActivity) < runningHoldMs);
+
+  if (_isServerWaitingForInput(session.id, session)) {
+    const reason = _standupWaitingReason(session.id, session);
+    if (providerId === 'codex' &&
+        recentPtyActivity &&
+        !_standupIsBlockingWaitingReason(reason) &&
+        !_standupHasRecentNonResolvingInput(session)) {
+      return 'running';
+    }
+    return 'waiting_input';
+  }
+
+  let busState = '';
+  try {
+    busState = statusHooks._bus && typeof statusHooks._bus.getState === 'function'
+      ? statusHooks._bus.getState(session.id)
+      : '';
+  } catch {}
+  const liveBusStatus = _normalizeStandupLiveStatus(busState);
+  if (liveBusStatus === 'running') return 'running';
+  if (liveBusStatus === 'waiting_input') return 'waiting_input';
+
+  if (recentPtyActivity) return 'running';
+  if (liveBusStatus) return liveBusStatus;
+
+  return '';
+}
+
+async function apiSessionStandup(req, res, url) {
+  try {
+    await _refreshSessionWorktreeStatusCache({ force: url.searchParams.get('force') === '1' });
+    const source = _standupStreamSource();
+    let statuses = [];
+    if (source && typeof source.getAllStatuses === 'function') {
+      try { statuses = source.getAllStatuses(); } catch (e) { console.error('[standup] status snapshot error:', e.message); }
+    }
+
+    const summaries = [];
+    const standupPairs = [];
+    const now = Date.now();
+    const activeSessions = [];
+    for (const session of sessions.values()) {
+      const payload = _sessionPayload(session);
+      const agentSessionId = payload.agentSessionId || session._claudeSessionId || null;
+      const rawSummary = _standupSummaryFor(source, payload.id, agentSessionId);
+      const summary = rawSummary ? {
+        ...rawSummary,
+        ctmSessionId: rawSummary.ctmSessionId || payload.id,
+        agentSessionId: rawSummary.agentSessionId || agentSessionId || null,
+        sessionId: rawSummary.sessionId || agentSessionId || payload.id,
+      } : null;
+      if (summary) summaries.push(summary);
+      const standupSession = {
+        ...payload,
+        serverState: statusHooks._bus && typeof statusHooks._bus.getState === 'function'
+          ? statusHooks._bus.getState(session.id)
+          : null,
+        standupStatus: _standupLiveStatusForSession(session, now),
+        waitingForInput: _isServerWaitingForInput(session.id, session),
+        waitingReason: session._waitingForInputReason || '',
+      };
+      activeSessions.push(standupSession);
+      standupPairs.push({ session: standupSession, summary });
+    }
+    await _applyStandupAttention(standupPairs, now);
+
+    const snapshot = buildSessionStandupSnapshot({
+      sessions: activeSessions,
+      summaries,
+      statuses,
+      now,
+    });
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(snapshot));
+  } catch (e) {
+    console.error('[standup] snapshot error:', e.stack || e.message || e);
+    res.writeHead(500, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: e.message || 'standup snapshot failed' }));
+  }
+}
+
 function apiRecentSessions(req, res, url) {
   const limit = parseInt(url.searchParams.get('limit') || '50', 10);
   const forceRescan = url.searchParams.get('rescan') === '1';
@@ -3827,45 +4117,52 @@ function apiRecentSessions(req, res, url) {
       } catch { /* skip */ }
     }
 
-  // Include Codex sessions from ~/.codex/state_5.sqlite
+  // Include Codex sessions. Primary: ~/.codex/state_5.sqlite. Fallback: scan ~/.codex/sessions/*.jsonl
+  // (used when state_5.sqlite is corrupt or missing — avoids silent loss of all Codex sessions)
+  let _codexThreadsFromDb = null;
   try {
     const codexDbPath = path.join(process.env.HOME, '.codex', 'state_5.sqlite');
     if (fs.existsSync(codexDbPath)) {
       const BetterSqlite3 = require('better-sqlite3');
       const codexDb = new BetterSqlite3(codexDbPath, { readonly: true });
-      const codexThreads = codexDb.prepare(
+      _codexThreadsFromDb = codexDb.prepare(
         'SELECT id, title, first_user_message, model, cwd, git_branch, created_at, updated_at FROM threads ORDER BY updated_at DESC LIMIT ?'
       ).all(limit);
       codexDb.close();
-      const existingIds = new Set(recentSessions.map(s => s.sessionId));
-      for (const t of codexThreads) {
-        if (existingIds.has(t.id)) continue;
-        const title = t.title || t.first_user_message || '';
-        const titleTrimmed = title.slice(0, 80);
-        const rolloutInfo = _codexRolloutInfo(t.id);
-        const modifiedAt = rolloutInfo.modifiedAt || new Date(t.updated_at * 1000).toISOString();
-        recentSessions.push({
-          sessionId: t.id,
-          project: t.cwd || '',
-          projectEntry: '',
-          cwd: t.cwd || '',
-          firstMessage: t.first_user_message || '',
-          title: titleTrimmed,
-          aiTitle: titleTrimmed || undefined, // prevent re-generation
-          isEmpty: !t.first_user_message,
-          userMsgCount: t.first_user_message ? 1 : 0,
-          modifiedAt,
-          fileModifiedAt: rolloutInfo.modifiedAt || '',
-          timestamp: new Date(t.created_at * 1000).toISOString(),
-          version: '',
-          gitBranch: t.git_branch || '',
-          fileSize: rolloutInfo.fileSize || 0,
-          agent: 'codex',
-          model: t.model || '',
-        });
-      }
     }
-  } catch { /* Codex DB not available — skip */ }
+  } catch { /* state_5.sqlite unreadable — fall through to JSONL scan */ }
+
+  const _codexThreads = _codexThreadsFromDb
+    || listCodexSessionsFromRollouts(process.env.HOME, limit);
+
+  const existingIds = new Set(recentSessions.map(s => s.sessionId));
+  for (const t of _codexThreads) {
+    if (existingIds.has(t.id)) continue;
+    const title = t.title || t.first_user_message || '';
+    const titleTrimmed = title.slice(0, 80);
+    const rolloutInfo = _codexRolloutInfo(t.id);
+    const modifiedAt = rolloutInfo.modifiedAt || new Date(t.updated_at * 1000).toISOString();
+    recentSessions.push({
+      sessionId: t.id,
+      project: t.cwd || '',
+      projectEntry: '',
+      cwd: t.cwd || '',
+      firstMessage: t.first_user_message || '',
+      title: titleTrimmed,
+      aiTitle: titleTrimmed || undefined, // prevent re-generation
+      isEmpty: !t.first_user_message,
+      userMsgCount: t.first_user_message ? 1 : 0,
+      modifiedAt,
+      fileModifiedAt: rolloutInfo.modifiedAt || '',
+      timestamp: new Date(t.created_at * 1000).toISOString(),
+      version: '',
+      gitBranch: t.git_branch || '',
+      fileSize: rolloutInfo.fileSize || 0,
+      agent: 'codex',
+      model: t.model || '',
+    });
+    existingIds.add(t.id);
+  }
 
     // Populate ctm_sessions + agent_sessions from scanned sessions (wrap in transaction for perf)
     // First, build a map of JSONL file IDs already claimed by CTM tab rows (where id != agent_session_id).
@@ -3879,6 +4176,20 @@ function apiRecentSessions(req, res, url) {
           claimedMap[r.agent_session_id] = r.ctm_session_id;
         }
       } catch (e) { console.error('[session-index] claimedMap build error:', e.message); }
+      try {
+        const cols = new Set(db.prepare('PRAGMA table_info(startup_tasks)').all().map(c => c.name));
+        const agentCols = [];
+        if (cols.has('agent_session_id')) agentCols.push('agent_session_id');
+        if (cols.has('claude_session_id')) agentCols.push('claude_session_id');
+        if (cols.has('ctm_session_id') && agentCols.length) {
+          const selectCols = ['ctm_session_id', ...agentCols].join(', ');
+          for (const r of db.prepare(`SELECT ${selectCols} FROM startup_tasks WHERE ctm_session_id IS NOT NULL`).all()) {
+            for (const col of agentCols) {
+              if (r[col] && !claimedMap[r[col]]) claimedMap[r[col]] = r.ctm_session_id;
+            }
+          }
+        }
+      } catch (e) { console.error('[session-index] startup claimedMap build error:', e.message); }
       // Also build a reverse map: CTM tab id → { agentId, fileSize, projectEntry, createdAt }
       // so we can detect stale links (tab claims a tiny file when a larger continuation exists)
       const tabClaimInfo = {}; // CTM tab id → { agentId, fileSize, projectEntry, createdAt }
@@ -3981,7 +4292,7 @@ function apiRecentSessions(req, res, url) {
       if (row.id) { sessionsMap[row.id] = row; idMapped.add(row.id); }
     }
     for (const row of allSessionRows) {
-      if (row.agent_session_id && !idMapped.has(row.agent_session_id)) {
+      if (row.agent_session_id && (!idMapped.has(row.agent_session_id) || _preferAgentOwnerRow(sessionsMap[row.agent_session_id], row, row.agent_session_id))) {
         sessionsMap[row.agent_session_id] = row;
       }
     }
@@ -4028,7 +4339,7 @@ function apiRecentSessions(req, res, url) {
     // columns so post-compact continuations inherit a useful title.
     const rowForTitle = {
       user_renamed: s.userRenamed ? 1 : 0,
-      title: s.title || '',
+      title: s.aiTitle || s.title || '',
       rename_name: dbRow ? dbRow.rename_name : '',
       first_message: s.firstMessage || '',
       last_user_content: dbRow ? dbRow.last_user_content : '',
@@ -4302,6 +4613,7 @@ function _cacheParsedCodexMessages(ctmSessionId, parsedFiles) {
     const agentSessionId = meta.id || _codexAgentIdFromRolloutPath(item.fp);
     const fileMessages = Array.isArray(item.messages) ? item.messages : [];
     if (!agentSessionId || fileMessages.length === 0) continue;
+    const ownerCtmSessionId = _resolveCodexOwnerCtmSessionId(ctmSessionId, agentSessionId);
 
     const users = fileMessages.filter(m => m.role === 'user' && m.text);
     const assistants = fileMessages.filter(m => m.role === 'assistant' && m.text);
@@ -4338,13 +4650,14 @@ function _cacheParsedCodexMessages(ctmSessionId, parsedFiles) {
       const st = fs.statSync(item.fp);
       const modifiedAt = st.mtime ? st.mtime.toISOString() : '';
       const projectDir = path.dirname(item.fp);
-      dbModule.updateStartupTaskAgentSession(ctmSessionId, agentSessionId, projectDir);
-      dbModule.upsertSession(ctmSessionId, {
+      const indexTitle = _codexIndexTitleForSession(ownerCtmSessionId, title);
+      dbModule.updateStartupTaskAgentSession(ownerCtmSessionId, agentSessionId, projectDir);
+      dbModule.upsertSession(ownerCtmSessionId, {
         agentSessionId,
         provider: 'codex',
         cwd: meta.cwd || '',
         projectPath: meta.cwd || '',
-        title,
+        title: indexTitle,
         jsonlPath: item.fp,
         fileSize: item.size || st.size || item.parsed?.bytesRead || 0,
         modifiedAt,
@@ -4352,7 +4665,7 @@ function _cacheParsedCodexMessages(ctmSessionId, parsedFiles) {
         gitBranch: meta.git_branch || '',
         hostname: os.hostname(),
         userMsgCount: users.length,
-      });
+      }, ownerCtmSessionId && ownerCtmSessionId !== agentSessionId ? { allowReclaim: true } : undefined);
     } catch (e) {
       console.error(`[session-messages] Codex index update failed for ${agentSessionId.slice(0, 8)}:`, e.message);
     }
@@ -4771,6 +5084,16 @@ function _codexThreadTitle(thread) {
   return title ? title.slice(0, 80) : '';
 }
 
+function _preferAgentOwnerRow(existing, row, agentSessionId) {
+  if (!row || !agentSessionId) return false;
+  if (!existing) return true;
+  const rowIsOwner = row.id && row.id !== agentSessionId;
+  const existingIsStandaloneAgent = existing.id === agentSessionId;
+  if (rowIsOwner && existingIsStandaloneAgent && (row.user_renamed || !existing.user_renamed)) return true;
+  if (row.user_renamed && !existing.user_renamed) return true;
+  return false;
+}
+
 function _isKnownCodexThreadId(agentSessionId) {
   if (!agentSessionId) return false;
   if (getCodexThreadById(agentSessionId)) return true;
@@ -4877,6 +5200,64 @@ function _existingAgentOwner(agentSessionId) {
   }
 }
 
+function _startupTaskOwnerForAgent(agentSessionId) {
+  if (!agentSessionId) return '';
+  try {
+    const db = dbModule.getDb();
+    const cols = new Set(db.prepare('PRAGMA table_info(startup_tasks)').all().map(c => c.name));
+    const clauses = [];
+    const params = [];
+    if (cols.has('agent_session_id')) {
+      clauses.push('agent_session_id = ?');
+      params.push(agentSessionId);
+    }
+    if (cols.has('claude_session_id')) {
+      clauses.push('claude_session_id = ?');
+      params.push(agentSessionId);
+    }
+    if (clauses.length === 0) return '';
+    const row = db.prepare(`SELECT ctm_session_id FROM startup_tasks WHERE ${clauses.join(' OR ')} ORDER BY created_at DESC LIMIT 1`).get(...params);
+    return row?.ctm_session_id || '';
+  } catch {
+    return '';
+  }
+}
+
+function _resolveCodexOwnerCtmSessionId(requestedSessionId, agentSessionId) {
+  if (agentSessionId) {
+    const owner = _existingAgentOwner(agentSessionId)?.ctm_session_id || _startupTaskOwnerForAgent(agentSessionId);
+    if (owner && owner !== agentSessionId) return owner;
+  }
+  if (requestedSessionId && sessions.has(requestedSessionId)) return requestedSessionId;
+  try {
+    const task = dbModule.getStartupTask ? dbModule.getStartupTask(requestedSessionId) : null;
+    if (task?.ctm_session_id || task?.session_id) return task.ctm_session_id || task.session_id;
+  } catch {}
+  try {
+    const resolved = dbModule.resolveSession(requestedSessionId);
+    if (resolved?.id) return resolved.id;
+  } catch {}
+  return requestedSessionId || agentSessionId || '';
+}
+
+function _codexIndexTitleForSession(ctmSessionId, candidateTitle) {
+  let existingTitle = null;
+  try { existingTitle = dbModule.getSessionTitleNew(ctmSessionId); } catch {}
+  const liveSession = sessions.get(ctmSessionId) || null;
+  const candidate = (candidateTitle || '').trim();
+  if (candidate && shouldApplyCodexAutoTitle({ session: liveSession || { label: existingTitle?.title || '' }, existingTitle })) {
+    return candidate;
+  }
+  return existingTitle?.title || liveSession?.label || candidate;
+}
+
+function _shouldReclaimStandaloneAgentOwner(agentSessionId, ctmSessionId) {
+  if (!agentSessionId || !ctmSessionId || agentSessionId === ctmSessionId) return false;
+  if (sessions.has(agentSessionId)) return false;
+  const owner = _existingAgentOwner(agentSessionId);
+  return owner?.ctm_session_id === agentSessionId;
+}
+
 function _ensureCodexThreadLink(ctmSessionId, source) {
   if (!ctmSessionId) return null;
 
@@ -5003,7 +5384,7 @@ function _linkCodexThreadToSession(ctmSessionId, liveSession, thread, source) {
       model: thread.model || liveSession.model_id || '',
       gitBranch: thread.git_branch || liveSession.branch || '',
       hostname: os.hostname(),
-    });
+    }, _shouldReclaimStandaloneAgentOwner(agentSessionId, ctmSessionId) ? { allowReclaim: true } : undefined);
   } catch (e) {
     console.error('[codex-link] upsertSession error:', e.message);
   }
@@ -5461,7 +5842,7 @@ function apiSessionSearch(req, res, url) {
         if (row.id) { _searchSessionsMap[row.id] = row; _searchIdMapped.add(row.id); }
       }
       for (const row of _searchRows) {
-        if (row.agent_session_id && !_searchIdMapped.has(row.agent_session_id)) {
+        if (row.agent_session_id && (!_searchIdMapped.has(row.agent_session_id) || _preferAgentOwnerRow(_searchSessionsMap[row.agent_session_id], row, row.agent_session_id))) {
           _searchSessionsMap[row.agent_session_id] = row;
         }
       }
@@ -5891,7 +6272,7 @@ ${summaryText}`;
       delete env.CLAUDE_CODE;
       delete env.CLAUDE_CODE_ENTRYPOINT;
       delete env.CLAUDE_CODE_ENABLE_TELEMETRY;
-      sanitizeAnthropicAuth(env);
+      sanitizeAnthropicAuth(env, 'claude');
       let result;
       result = require('child_process').spawnSync('claude', ['-p', prompt], {
         encoding: 'utf8',
@@ -5969,7 +6350,7 @@ function callClaude(prompt) {
   delete env.CLAUDE_CODE;
   delete env.CLAUDE_CODE_ENTRYPOINT;
   delete env.CLAUDE_CODE_ENABLE_TELEMETRY;
-  sanitizeAnthropicAuth(env);
+  sanitizeAnthropicAuth(env, 'claude');
   const result = spawnSync('claude', ['-p', prompt], {
     encoding: 'utf8', timeout: 60000, env, maxBuffer: 1024 * 1024,
   });
@@ -6042,13 +6423,16 @@ function apiRenameSession(req, res) {
       const trimmed = title.trim().slice(0, 120);
       dbModule.setSessionTitleNew(sessionId, trimmed, true);
 
+      const liveSession = findLiveSessionByAnyId(sessionId);
+      const liveSessionId = liveSession ? liveSession.id : sessionId;
+
       // Update startup_tasks so the label survives CTM restart
-      try { dbModule.updateStartupTaskLabel(sessionId, trimmed); } catch (e) { console.error('[ctm] updateStartupTaskLabel error:', e.message); }
+      try { dbModule.updateStartupTaskLabel(liveSessionId, trimmed); } catch (e) { console.error('[ctm] updateStartupTaskLabel error:', e.message); }
 
       // Update in-memory session if active
-      const session = sessions.get(sessionId);
-      if (session) {
-        session.label = trimmed;
+      if (liveSession) {
+        liveSession.label = trimmed;
+        liveSession.userRenamed = true;
         broadcastSessionList();
       }
 
@@ -6061,6 +6445,15 @@ function apiRenameSession(req, res) {
   });
 }
 
+function findLiveSessionByAnyId(id) {
+  const direct = sessions.get(id);
+  if (direct) return direct;
+  for (const session of sessions.values()) {
+    if (session && session._claudeSessionId === id) return session;
+  }
+  return null;
+}
+
 function apiGenerateTitles(req, res) {
   let body = '';
   req.on('data', chunk => { body += chunk; if (body.length > 1024 * 1024) { req.destroy(); return; } });
@@ -7006,7 +7399,12 @@ function _markServerSessionResumedFromPty(sessionId, session, source) {
   }
   if (session) {
     session._waitingForInput = false;
+    session._waitingForInputReason = '';
+    session._waitingForInputAt = 0;
+    session._lastNonResolvingWaitingInputAt = 0;
+    session._lastWaitingResolveInputAt = now;
     session.lastActivity = now;
+    session.lastPtyActivity = now;
   }
   broadcastToAll({ type: 'session-resumed', id: sessionId, source, timestamp: now });
   if (telemetryReceiver.hasAuthoritativeSource(sessionId)) {
@@ -7045,14 +7443,24 @@ function checkIdleNotify(sessionId, session, data) {
     /\w/.test(freshStripped) &&
     freshStripped.length > 5;
   if (hasWords && st.notified) {
-    st.notified = false;
-    if (session) session._waitingForInput = false;
-    // Tell clients this session is no longer idle — clears _waitingForInput
-    broadcastToAll({ type: 'session-resumed', id: sessionId });
-    // If a provider hook missed the next start transition, real terminal
-    // output is enough to unstick the sidebar until the hook catches up.
-    if (hasAuthoritativeSource) {
-      broadcastToAll({ type: 'session.status', id: sessionId, working: true, source: 'terminal-output', timestamp: Date.now() });
+    const hasUnsubmittedWaitingInput = !!(session?._waitingForInput &&
+      session._lastNonResolvingWaitingInputAt &&
+      (!session._lastWaitingResolveInputAt ||
+        session._lastNonResolvingWaitingInputAt > session._lastWaitingResolveInputAt));
+    if (!hasUnsubmittedWaitingInput) {
+      st.notified = false;
+      if (session) {
+        session._waitingForInput = false;
+        session._waitingForInputReason = '';
+        session._waitingForInputAt = 0;
+      }
+      // Tell clients this session is no longer idle — clears _waitingForInput
+      broadcastToAll({ type: 'session-resumed', id: sessionId });
+      // If a provider hook missed the next start transition, real terminal
+      // output is enough to unstick the sidebar until the hook catches up.
+      if (hasAuthoritativeSource) {
+        broadcastToAll({ type: 'session.status', id: sessionId, working: true, source: 'terminal-output', timestamp: Date.now() });
+      }
     }
   }
 
@@ -7086,7 +7494,13 @@ function checkIdleNotify(sessionId, session, data) {
         }
         if (!st.notified) {
           st.notified = true;
-          if (session) session._waitingForInput = true;
+          if (session) {
+            session._waitingForInput = true;
+            session._waitingForInputReason = reason;
+            session._waitingForInputAt = Date.now();
+            session._lastNonResolvingWaitingInputAt = 0;
+            session._lastWaitingResolveInputAt = 0;
+          }
           // Provider hooks are useful, but a visible prompt is stronger evidence
           // than a stale "working" hook that never received its stop event.
           if (hasAuthoritativeSource) {
@@ -7334,7 +7748,8 @@ function handleCreate(ws, msg) {
 
   const cols = msg.cols || 120;
   const rows = msg.rows || 30;
-  const env = { ...process.env, ...(msg._projectEnv || {}), ...msg.env };
+  // Keep PWD aligned with the PTY cwd; some agent CLIs trust env.PWD over getcwd().
+  const env = { ...process.env, ...(msg._projectEnv || {}), ...msg.env, PWD: cwd };
   // Remove Claude Code env vars so spawned sessions don't think they're nested
   delete env.CLAUDECODE;
   delete env.CLAUDE_CODE;
@@ -7345,6 +7760,12 @@ function handleCreate(ws, msg) {
   // This adds OTEL_EXPORTER_OTLP_ENDPOINT → http://localhost:<PORT> for agents
   // that emit OTLP logs, plus CTM_SESSION_ID for our hook scripts to read.
   Object.assign(env, buildTelemetryEnv(id, cmd, PORT));
+  ensureWalleMcpForAgentSession({
+    cmd,
+    wallePort: WALLE_PORT,
+    homeDir: env.HOME || process.env.HOME,
+    env,
+  });
 
   // Model: explicit selection, or auto-detected from coding agent config
   let model_id = msg.model_id || null;
@@ -7389,6 +7810,11 @@ function handleCreate(ws, msg) {
   if (agentType === 'walle') {
     // Override auto-generated shell label if user didn't provide one
     if (!msg.label) label = 'Wall-E session';
+    if (!model_id) {
+      const defaults = resolveWalleDefaultModelSelection({ brain: getWalleBrain(), env: process.env });
+      model_id = defaults.model_id || null;
+      model_provider = defaults.model_provider || null;
+    }
     const chatSessionId = msg.chatSessionId || `walle-${id}`;
     const jsonlPath = walleTranscript.sessionPath(WALLE_SESSIONS_DIR, id);
     const createResult = walleTranscript.createSession(jsonlPath, {
@@ -7437,7 +7863,15 @@ function handleCreate(ws, msg) {
     }
 
     if (ws) {
-      ws.send(JSON.stringify({ type: 'created', id, label: session.label, cwd, sessionType: 'walle' }));
+      ws.send(JSON.stringify({
+        type: 'created',
+        id,
+        label: session.label,
+        cwd,
+        sessionType: 'walle',
+        model_id: session.model_id || null,
+        model_provider: session.model_provider || null,
+      }));
     }
     broadcastSessionList(true);
     return;
@@ -7500,8 +7934,10 @@ function handleCreate(ws, msg) {
     createdAt: sessionSpawnedAt,
     _ctmOriginalCreatedAt: sessionOriginalCreatedAt,
     lastActivity: sessionSpawnedAt,
+    lastPtyActivity: 0,
     model_id,
     model_provider,
+    userRenamed: !!(existingTitle && existingTitle.userRenamed),
     _claudeSessionId: claudeResumeId || _injectedSessionId || null,
     // When we injected --session-id, the JSONL path is deterministic. Setting
     // _claudeProjectDir now lets the post-spawn detection timers short-circuit
@@ -7791,9 +8227,14 @@ function handleCreate(ws, msg) {
     const statusOnlyChunk = _isStatusOnlyPtyChunk(session, data);
     const busyStatusChunk = _isBusyStatusPtyChunk(session, data);
     const waitingForInput = _isServerWaitingForInput(id, session);
-    const activityChunk = activeChunk && !(statusOnlyChunk && waitingForInput && !busyStatusChunk);
-    if (busyStatusChunk && waitingForInput) _markServerSessionResumedFromPty(id, session, 'codex-working-status');
-    if (activityChunk) session.lastActivity = Date.now();
+    const suppressedUiRefreshChunk = _suppressCtmUiRefreshActivity(session, statusOnlyChunk);
+    const activityChunk = activeChunk && !suppressedUiRefreshChunk && !(statusOnlyChunk && waitingForInput && !busyStatusChunk);
+    if (busyStatusChunk && waitingForInput && !suppressedUiRefreshChunk) _markServerSessionResumedFromPty(id, session, 'codex-working-status');
+    if (activityChunk) {
+      const now = Date.now();
+      session.lastActivity = now;
+      session.lastPtyActivity = now;
+    }
     // Monotonic output byte counter — read by approval-agent's Phase 3
     // post-keystroke verification (sendApprovalKeystroke in approval-agent.js).
     session._outputBytesCounter = (session._outputBytesCounter || 0) + data.length;
@@ -8234,6 +8675,7 @@ function handleCreate(ws, msg) {
       model_id: session.model_id || model_id,
       model_provider: session.model_provider || model_provider,
       branch,
+      userRenamed: !!session.userRenamed,
       claudeSessionId: session._claudeSessionId || null,
       agentSessionId: session._claudeSessionId || null,
       claudeProjectDir: session._claudeProjectDir ? path.basename(session._claudeProjectDir) : null,
@@ -8268,6 +8710,12 @@ function apiAttachSession(req, res) {
       sanitizeAnthropicAuth(env, claudeCmd);
       // Resume path: inject CTM telemetry env the same way as the create path.
       Object.assign(env, buildTelemetryEnv(tabId, claudeCmd, PORT));
+      ensureWalleMcpForAgentSession({
+        cmd: claudeCmd,
+        wallePort: WALLE_PORT,
+        homeDir: env.HOME || process.env.HOME,
+        env,
+      });
 
       // Restore .jsonl from .bak if needed (Claude Code migrates sessions to directory format)
       const claudeProjectsDir = path.join(process.env.HOME, '.claude', 'projects');
@@ -8345,6 +8793,7 @@ function apiAttachSession(req, res) {
         // scrollback removed — headless terminal is source of truth (Phase 3D)
         createdAt: Date.now(),
         lastActivity: Date.now(),
+        lastPtyActivity: 0,
         model_id: null,
         model_provider: null,
         _autoRestartCount: 0,
@@ -8384,9 +8833,14 @@ function apiAttachSession(req, res) {
         const statusOnlyChunk = _isStatusOnlyPtyChunk(session, data);
         const busyStatusChunk = _isBusyStatusPtyChunk(session, data);
         const waitingForInput = _isServerWaitingForInput(tabId, session);
-        const activityChunk = activeChunk && !(statusOnlyChunk && waitingForInput && !busyStatusChunk);
-        if (busyStatusChunk && waitingForInput) _markServerSessionResumedFromPty(tabId, session, 'codex-working-status');
-        if (activityChunk) session.lastActivity = Date.now();
+        const suppressedUiRefreshChunk = _suppressCtmUiRefreshActivity(session, statusOnlyChunk);
+        const activityChunk = activeChunk && !suppressedUiRefreshChunk && !(statusOnlyChunk && waitingForInput && !busyStatusChunk);
+        if (busyStatusChunk && waitingForInput && !suppressedUiRefreshChunk) _markServerSessionResumedFromPty(tabId, session, 'codex-working-status');
+        if (activityChunk) {
+          const now = Date.now();
+          session.lastActivity = now;
+          session.lastPtyActivity = now;
+        }
         const cleanData = data.indexOf('\x1b[') >= 0
           ? data.replace(/\x1b\[3J|\x1b\[\?100[0236]h|\x1b\[\?1015h/g, '')
           : data;
@@ -8597,10 +9051,20 @@ function handleInput(ws, msg) {
     const prevInputTs = session._lastInputTs || 0;
     session._lastInputData = msg.data;
     session._lastInputTs = now;
-    session.lastActivity = now;
-    session._waitingForInput = false;
+    session.lastUserInputAt = now;
+    const resolvesWaiting = _inputMayResolveWaiting(msg.data, session);
+    if (resolvesWaiting) {
+      session.lastActivity = now;
+      session._waitingForInput = false;
+      session._waitingForInputReason = '';
+      session._waitingForInputAt = 0;
+      session._lastWaitingResolveInputAt = now;
+      session._lastNonResolvingWaitingInputAt = 0;
+    } else if (_isServerWaitingForInput(msg.id, session)) {
+      session._lastNonResolvingWaitingInputAt = now;
+    }
     const idleState = idleNotifyState.get(msg.id);
-    if (idleState) idleState.notified = false;
+    if (idleState && resolvesWaiting) idleState.notified = false;
     session._inputFrame = (session._inputFrame || 0) + 1;
 
     // Miss detection: if user manually types "1" or "2" while the approver is in
@@ -8630,11 +9094,12 @@ function handleResize(ws, msg) {
   const session = sessions.get(msg.id);
   if (session && msg.cols && msg.rows) {
     if (!session.ptyProcess) return;
+    _markCtmUiRefreshActivitySuppression(session, 'resize');
     try {
       session.ptyProcess.resize(msg.cols, msg.rows);
     } catch (e) {
-      // EBADF: PTY fd already closed (process exited between check and resize)
-      if (e.message && e.message.includes('EBADF')) return;
+      // EBADF / ENOTTY: PTY fd already closed or not a terminal (process exited between check and resize)
+      if (e.message && (e.message.includes('EBADF') || e.message.includes('ENOTTY'))) return;
       throw e;
     }
     // Keep headless terminal in sync so snapshots have correct dimensions
@@ -8673,6 +9138,7 @@ function handleReflow(ws, msg) {
   headlessWorker.postMessage({ type: 'serialize', sessionId: msg.id, requestId: reqId });
   // Also sync PTY dimensions (in case they drifted)
   if (session.ptyProcess) {
+    _markCtmUiRefreshActivitySuppression(session, 'reflow');
     try { session.ptyProcess.resize(cols, rows); } catch {}
   }
 }
@@ -8875,26 +9341,51 @@ async function handleWalleMessage(ws, msg) {
   if (!session || session.type !== 'walle') return;
 
   session.lastActivity = Date.now();
+  const broadcastToSession = (data) => {
+    const payload = JSON.stringify(data);
+    for (const client of session.clients) {
+      if (client.readyState === 1) client.send(payload);
+    }
+  };
+  if (session.abortController) {
+    console.warn('[walle-session] ignored message while busy:', session.id);
+    return;
+  }
+  if (!session.model_id) {
+    const defaults = resolveWalleDefaultModelSelection({ brain: getWalleBrain(), env: process.env });
+    if (defaults.model_id) {
+      session.model_id = defaults.model_id;
+      session.model_provider = defaults.model_provider || session.model_provider || null;
+      try {
+        dbModule.addStartupTask(session.id, session.label, '', [], session.cwd, session.model_id, 'walle', session.chatSessionId);
+      } catch (e) {
+        console.error('[ctm] addStartupTask (walle default model) error:', e.message);
+      }
+      broadcastToSession({
+        type: 'walle-model',
+        id: session.id,
+        model_id: session.model_id,
+        model_provider: session.model_provider,
+      });
+      broadcastSessionList(true);
+    }
+  }
+  const selectedModel = msg.model || session.model_id || '';
+  const selectedProvider = msg.provider
+    || (!msg.model || msg.model === session.model_id ? (session.model_provider || '') : '');
   const userAppend = walleTranscript.appendUserMessage(session.jsonlPath, {
     sessionId: session.id,
     chatSessionId: session.chatSessionId,
     parentUuid: session._walleLastTranscriptUuid || null,
     cwd: session.cwd,
     text: msg.text,
-    modelId: msg.model || session.model_id || '',
-    modelProvider: session.model_provider || '',
+    modelId: selectedModel,
+    modelProvider: selectedProvider || session.model_provider || '',
   });
   _recordWalleTranscriptAppend(session, userAppend);
 
   session.abortController = new AbortController();
 
-  const broadcastToSession = (data) => {
-    const payload = JSON.stringify(data);
-    for (const client of session.clients) {
-      if (client.readyState === 1) client.send(payload);
-    }
-  };
-
   const thinkingEvent = { type: 'thinking' };
   broadcastToSession({ type: 'walle-progress', id: session.id, event: thinkingEvent });
   _appendWallePart(session, 'thinking', { turn: null });
@@ -8916,7 +9407,8 @@ async function handleWalleMessage(ws, msg) {
         message: msg.text,
         session_id: session.chatSessionId,
         channel: 'ctm-session',
-        model: msg.model || undefined,
+        model: selectedModel || undefined,
+        provider: selectedProvider || undefined,
         cwd: effectiveCwd,
         context: {
           cwd: effectiveCwd,
@@ -8990,7 +9482,7 @@ async function handleWalleMessage(ws, msg) {
         jsonlPath: session.jsonlPath,
         fileSize: st.size || 0,
         modifiedAt: st.mtime ? st.mtime.toISOString() : '',
-        model: result.model || msg.model || session.model_id || '',
+        model: result.model || selectedModel,
         userMsgCount: 1,
         hostname: HOSTNAME,
       });
@@ -9055,16 +9547,18 @@ function handleRename(ws, msg) {
   if (!trimmed) return;
 
   // Update in-memory session if active
-  const session = sessions.get(id);
+  const session = findLiveSessionByAnyId(id);
+  const liveSessionId = session ? session.id : id;
   if (session) {
     session.label = trimmed;
+    session.userRenamed = true;
   }
 
   // Persist to sessions table (single source of truth)
   dbModule.setSessionTitleNew(id, trimmed, true);
 
   // Update startup_tasks so the label survives CTM restart
-  try { dbModule.updateStartupTaskLabel(id, trimmed); } catch (e) { console.error('[ctm] updateStartupTaskLabel (ws) error:', e.message); }
+  try { dbModule.updateStartupTaskLabel(liveSessionId, trimmed); } catch (e) { console.error('[ctm] updateStartupTaskLabel (ws) error:', e.message); }
 
   ws.send(JSON.stringify({ type: 'renamed', id, label: trimmed }));
   sessionEvents.emit('session:renamed', { id, label: trimmed });
@@ -9158,6 +9652,7 @@ function _sessionPayload(s) {
   const caps = getAgentCapabilities(agentType);
   const fileInfo = _activeSessionFileInfo(s, agentType);
   const modifiedAt = fileInfo.modifiedAt || _sessionActivityIso(s.lastActivity) || _sessionActivityIso(s.createdAt);
+  const liveStatus = _standupLiveStatusForSession(s);
   return {
     id: s.id,
     type: s.type || 'pty',
@@ -9167,11 +9662,15 @@ function _sessionPayload(s) {
     pid: s.pid,
     createdAt: s.createdAt,
     lastActivity: s.lastActivity,
+    lastPtyActivity: s.lastPtyActivity || 0,
+    liveStatus,
+    liveStatusAt: liveStatus ? Date.now() : null,
     modifiedAt,
     fileModifiedAt: fileInfo.modifiedAt || null,
     fileSize: fileInfo.fileSize || 0,
     model_id: s.model_id,
     model_provider: s.model_provider,
+    userRenamed: !!s.userRenamed,
     branch: s.branch || null,
     worktree_path: s.worktree_path || null,
     worktreeStatus: _sessionWorktreeStatusPayload(s),
@@ -9228,33 +9727,25 @@ function broadcastSessionList(immediate) {
   }
 }
 
-// --- Activity heartbeat (3s) ---
-// Sends lightweight activity timestamps so clients can detect Running status
-// for background (unsubscribed) sessions without a full session list broadcast.
-// Timestamps always reflect observed session output, never the heartbeat time,
-// so this path cannot corrupt "last touched" sorting.
-// Two cases are included:
-// 1. Sessions with recent PTY output (< 5s) — actively producing output
-// 2. Sessions in "thinking" state — no recent output but idle detection found
-//    no prompt pattern (st.notified === false), meaning the agent is still
-//    working (e.g., compacting, reasoning).
+// --- Live-status heartbeat (3s) ---
+// Sends the server's current live status projection so background tabs, the
+// sidebar, and Command Center converge without waiting for a full session-list
+// broadcast. Timestamps still reflect observed session output/activity, never
+// the heartbeat time, so this path cannot corrupt "last touched" sorting.
 setInterval(() => {
   if (wss.clients.size === 0) return;
   const now = Date.now();
   const active = [];
   for (const [id, s] of sessions) {
-    if (s.lastActivity && (now - s.lastActivity) < 5000) {
-      // Recent PTY output — definitely running
-      active.push({ id, ts: s.lastActivity, state: 'active' });
-    } else {
-      // No recent output — check if session is in a "thinking" state:
-      // PTY alive, idle detection did NOT find a prompt (not notified),
-      // and had output within the last 60s.
-      const st = idleNotifyState.get(id);
-      if (st && !st.notified && s.lastActivity && (now - s.lastActivity) < 60000) {
-        active.push({ id, ts: s.lastActivity, state: 'thinking' });
-      }
-    }
+    const liveStatus = _standupLiveStatusForSession(s, now);
+    if (!liveStatus) continue;
+    const ptyActivity = s.lastPtyActivity || 0;
+    active.push({
+      id,
+      ts: ptyActivity || s.lastActivity || s.createdAt || now,
+      state: liveStatus === 'running' ? 'active' : liveStatus,
+      status: liveStatus,
+    });
   }
   if (active.length === 0) return;
   const payload = JSON.stringify({ type: 'session-activity', sessions: active });
@@ -9506,26 +9997,34 @@ function _executeHook(hook, data) {
   }
 }
 
-function apiServicesStatus(req, res) {
+async function apiServicesStatus(req, res) {
   const ctmUptime = Math.floor((Date.now() - _ctmStartTime) / 1000);
-  const walleStatus = walleSupervisor.getStatus();
+  let walleStatus;
+  try {
+    walleStatus = await walleSupervisor.getStatus();
+  } catch (err) {
+    walleStatus = { running: false, pid: null, error: err.message };
+  }
   res.writeHead(200, { 'Content-Type': 'application/json' });
   res.end(JSON.stringify({
     ctm: { running: true, pid: process.pid, uptime: ctmUptime },
-    walle: { running: walleStatus.running, pid: walleStatus.pid }
+    walle: {
+      running: walleStatus.running,
+      pid: walleStatus.pid,
+      pid_source: walleStatus.pidSource || null,
+      stale_pid: walleStatus.stalePid || null,
+      repaired_pid_file: !!walleStatus.repairedPidFile,
+      removed_stale_pid_file: !!walleStatus.removedStalePidFile,
+      error: walleStatus.error || null,
+    }
   }));
 }
 
 // --- Worktree API Handlers ---
 const gitUtilsWorktree = require('./git-utils');
+const { resolveWorktreeRepoRoot } = require('./lib/worktree-cwd');
 const _projectRoot = path.resolve(__dirname, '..');
 
-// Validate cwd is within the project root (prevents path traversal)
-function isValidWorktreeCwd(cwd) {
-  const resolved = path.resolve(cwd);
-  return resolved === _projectRoot || resolved.startsWith(_projectRoot + path.sep);
-}
-
 // Validate git ref names (branch names, tags) — reject values starting with - and special chars
 const VALID_GIT_REF = /^[a-zA-Z0-9][a-zA-Z0-9._\/-]*$/;
 const WORKTREE_JSON_HEADERS = {
@@ -9533,12 +10032,18 @@ const WORKTREE_JSON_HEADERS = {
   'Cache-Control': 'no-store, max-age=0',
 };
 
+function _resolveWorktreeApiCwd(res, reqCwd, headers) {
+  const result = resolveWorktreeRepoRoot(reqCwd || _projectRoot);
+  if (result.ok) return result.cwd;
+  res.writeHead(result.status || 400, headers || WORKTREE_JSON_HEADERS);
+  res.end(JSON.stringify({ error: result.error }));
+  return null;
+}
+
 function apiListWorktrees(req, res) {
-  const cwd = new URL(req.url, 'http://localhost').searchParams.get('cwd') || _projectRoot;
-  if (!isValidWorktreeCwd(cwd)) {
-    res.writeHead(403, WORKTREE_JSON_HEADERS);
-    return res.end(JSON.stringify({ error: 'cwd must be within project root' }));
-  }
+  const reqCwd = new URL(req.url, 'http://localhost').searchParams.get('cwd') || _projectRoot;
+  const cwd = _resolveWorktreeApiCwd(res, reqCwd, WORKTREE_JSON_HEADERS);
+  if (!cwd) return;
   gitUtilsWorktree.listRichWorktrees(cwd).then(worktrees => {
     // Match worktree paths to active sessions
     for (const wt of worktrees) {
@@ -9600,19 +10105,8 @@ function apiCreateWorktree(req, res) {
         res.writeHead(400, { 'Content-Type': 'application/json' });
         return res.end(JSON.stringify({ error: 'Invalid base branch name' }));
       }
-      // Reject ~ in cwd — that's the corruption source for ghost worktrees
-      // (literal `~/ws/tools/...` shows up when shell expansion didn't run).
-      if (reqCwd && reqCwd.includes('~')) {
-        res.writeHead(400, { 'Content-Type': 'application/json' });
-        return res.end(JSON.stringify({ error: 'cwd must be an absolute path with no `~` (the literal-tilde is the source of ghost worktrees).' }));
-      }
-      let cwd = reqCwd || _projectRoot;
-      // Resolve symlinks so we always pass git an absolute, canonical path.
-      try { cwd = require('fs').realpathSync(cwd); } catch (_) { /* fall through to validation */ }
-      if (!isValidWorktreeCwd(cwd)) {
-        res.writeHead(403, { 'Content-Type': 'application/json' });
-        return res.end(JSON.stringify({ error: 'cwd must be within project root' }));
-      }
+      const cwd = _resolveWorktreeApiCwd(res, reqCwd, WORKTREE_JSON_HEADERS);
+      if (!cwd) return;
       gitUtilsWorktree.createWorktree(cwd, name, base_branch).then(result => {
         res.writeHead(200, { 'Content-Type': 'application/json' });
         res.end(JSON.stringify({ ok: true, ...result }));
@@ -9641,11 +10135,8 @@ function apiMergeWorktree(req, res) {
         res.writeHead(400, { 'Content-Type': 'application/json' });
         return res.end(JSON.stringify({ error: 'Invalid merge strategy. Use: squash, no-ff, or ff' }));
       }
-      const cwd = reqCwd || _projectRoot;
-      if (!isValidWorktreeCwd(cwd)) {
-        res.writeHead(403, { 'Content-Type': 'application/json' });
-        return res.end(JSON.stringify({ error: 'cwd must be within project root' }));
-      }
+      const cwd = _resolveWorktreeApiCwd(res, reqCwd, WORKTREE_JSON_HEADERS);
+      if (!cwd) return;
 
       // Pre-check for conflicts
       gitUtilsWorktree.mergeWorktreePreCheck(cwd, name).then(check => {
@@ -9680,7 +10171,7 @@ function apiRemoveWorktree(req, res) {
     res.writeHead(400, { 'Content-Type': 'application/json' });
     return res.end(JSON.stringify({ error: 'Invalid worktree name' }));
   }
-  const cwd = reqUrl.searchParams.get('cwd') || _projectRoot;
+  const reqCwd = reqUrl.searchParams.get('cwd') || _projectRoot;
   const deleteBranchRaw = String(reqUrl.searchParams.get('delete_branch') || 'true').toLowerCase();
   const deleteBranch = !['false', '0', 'no'].includes(deleteBranchRaw);
   const force = reqUrl.searchParams.get('force') === 'true';
@@ -9689,10 +10180,8 @@ function apiRemoveWorktree(req, res) {
     res.writeHead(400, { 'Content-Type': 'application/json' });
     return res.end(JSON.stringify({ error: 'Invalid worktree name' }));
   }
-  if (!isValidWorktreeCwd(cwd)) {
-    res.writeHead(403, { 'Content-Type': 'application/json' });
-    return res.end(JSON.stringify({ error: 'cwd must be within project root' }));
-  }
+  const cwd = _resolveWorktreeApiCwd(res, reqCwd, WORKTREE_JSON_HEADERS);
+  if (!cwd) return;
 
   // Check if any active session is using this worktree
   const worktreePath = path.join(cwd, '.claude', 'worktrees', name);
@@ -9759,11 +10248,8 @@ function apiSyncWorktree(req, res) {
         res.writeHead(400, WORKTREE_JSON_HEADERS);
         return res.end(JSON.stringify({ error: 'Invalid sync strategy. Use: merge or rebase' }));
       }
-      const cwd = reqCwd || _projectRoot;
-      if (!isValidWorktreeCwd(cwd)) {
-        res.writeHead(403, WORKTREE_JSON_HEADERS);
-        return res.end(JSON.stringify({ error: 'cwd must be within project root' }));
-      }
+      const cwd = _resolveWorktreeApiCwd(res, reqCwd, WORKTREE_JSON_HEADERS);
+      if (!cwd) return;
       gitUtilsWorktree.syncWorktree(cwd, name, strategy || 'merge').then(result => {
         if (result.conflicts) {
           res.writeHead(409, WORKTREE_JSON_HEADERS);
@@ -9793,11 +10279,8 @@ function apiSyncAllWorktrees(req, res) {
         res.writeHead(400, WORKTREE_JSON_HEADERS);
         return res.end(JSON.stringify({ error: 'Invalid sync strategy. Use: merge or rebase' }));
       }
-      const cwd = reqCwd || _projectRoot;
-      if (!isValidWorktreeCwd(cwd)) {
-        res.writeHead(403, WORKTREE_JSON_HEADERS);
-        return res.end(JSON.stringify({ error: 'cwd must be within project root' }));
-      }
+      const cwd = _resolveWorktreeApiCwd(res, reqCwd, WORKTREE_JSON_HEADERS);
+      if (!cwd) return;
       const activeWorktreePaths = [...sessions.values()]
         .map(s => s.worktree_path || s.cwd)
         .filter(Boolean)
@@ -9820,11 +10303,8 @@ function apiSyncAllWorktrees(req, res) {
 
 function apiPruneWorktrees(req, res) {
   const reqUrl = new URL(req.url, 'http://localhost');
-  const cwd = reqUrl.searchParams.get('cwd') || _projectRoot;
-  if (!isValidWorktreeCwd(cwd)) {
-    res.writeHead(403, { 'Content-Type': 'application/json' });
-    return res.end(JSON.stringify({ error: 'cwd must be within project root' }));
-  }
+  const cwd = _resolveWorktreeApiCwd(res, reqUrl.searchParams.get('cwd') || _projectRoot, WORKTREE_JSON_HEADERS);
+  if (!cwd) return;
   gitUtilsWorktree.pruneGhosts(cwd).then(result => {
     res.writeHead(200, { 'Content-Type': 'application/json' });
     res.end(JSON.stringify({ ok: true, ...result }));
@@ -9857,11 +10337,8 @@ function apiRecoverDetached(req, res) {
         res.writeHead(400, { 'Content-Type': 'application/json' });
         return res.end(JSON.stringify({ error: 'Invalid worktree path' }));
       }
-      const cwd = reqCwd || _projectRoot;
-      if (!isValidWorktreeCwd(cwd)) {
-        res.writeHead(403, { 'Content-Type': 'application/json' });
-        return res.end(JSON.stringify({ error: 'cwd must be within project root' }));
-      }
+      const cwd = _resolveWorktreeApiCwd(res, reqCwd, WORKTREE_JSON_HEADERS);
+      if (!cwd) return;
       gitUtilsWorktree.recoverWorktree(cwd, { name, path: requestedPath }).then(result => {
         res.writeHead(200, { 'Content-Type': 'application/json' });
         res.end(JSON.stringify(result));
@@ -9890,11 +10367,8 @@ function apiCreatePR(req, res) {
         res.writeHead(400, { 'Content-Type': 'application/json' });
         return res.end(JSON.stringify({ error: 'Invalid base branch' }));
       }
-      const cwd = reqCwd || _projectRoot;
-      if (!isValidWorktreeCwd(cwd)) {
-        res.writeHead(403, { 'Content-Type': 'application/json' });
-        return res.end(JSON.stringify({ error: 'cwd must be within project root' }));
-      }
+      const cwd = _resolveWorktreeApiCwd(res, reqCwd, WORKTREE_JSON_HEADERS);
+      if (!cwd) return;
       gitUtilsWorktree.pushAndCreatePR(cwd, name, { base: base || 'main', title, body: prBody }).then(result => {
         res.writeHead(200, { 'Content-Type': 'application/json' });
         res.end(JSON.stringify(result));
@@ -10208,14 +10682,36 @@ function _restoreSessionsAsync() {
 
 // --- Update checker ---
 const _updateState = { latestVersion: null, currentVersion: null, checkedAt: null, updateAvailable: false, error: null };
+const UPDATE_CHECK_TTL_MS = 60 * 60 * 1000;
+let _updateCheckInFlight = null;
 
-function getCurrentVersion() {
+function readPackageVersion(pkgPath) {
   try {
-    const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, '..', 'package.json'), 'utf8'));
+    const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
     return pkg.version;
   } catch { return null; }
 }
 
+function getCurrentVersion() {
+  return readPackageVersion(path.join(__dirname, '..', 'package.json'));
+}
+
+function getAppVersionInfo() {
+  return {
+    version: getCurrentVersion(),
+    product: 'create-walle',
+    components: {
+      ctm: readPackageVersion(path.join(__dirname, 'package.json')),
+      wallE: readPackageVersion(path.join(__dirname, '..', 'wall-e', 'package.json')),
+    },
+  };
+}
+
+function apiAppVersion(req, res) {
+  res.writeHead(200, { 'Content-Type': 'application/json' });
+  res.end(JSON.stringify(getAppVersionInfo()));
+}
+
 // Simple semver comparison: returns 1 if a > b, -1 if a < b, 0 if equal
 function semverCompare(a, b) {
   const pa = a.split('.').map(Number);
@@ -10227,8 +10723,12 @@ function semverCompare(a, b) {
   return 0;
 }
 
-async function checkForUpdates() {
+async function checkForUpdates(source = 'scheduled') {
   _updateState.currentVersion = getCurrentVersion();
+  trackUpdateTelemetry(telemetry, 'check_started', {
+    source,
+    currentVersion: _updateState.currentVersion,
+  });
   try {
     const resp = await fetch('https://registry.npmjs.org/create-walle/latest', {
       headers: { 'Accept': 'application/json' },
@@ -10245,8 +10745,21 @@ async function checkForUpdates() {
       _updateState.latestVersion && _updateState.currentVersion &&
       semverCompare(_updateState.latestVersion, _updateState.currentVersion) > 0
     );
+    trackUpdateTelemetry(telemetry, 'check_completed', {
+      source,
+      currentVersion: _updateState.currentVersion,
+      latestVersion: _updateState.latestVersion,
+      updateAvailable: _updateState.updateAvailable,
+      result: _updateState.updateAvailable ? 'available' : 'up_to_date',
+    });
 
     if (_updateState.updateAvailable) {
+      trackUpdateTelemetry(telemetry, 'update_available', {
+        source,
+        currentVersion: _updateState.currentVersion,
+        latestVersion: _updateState.latestVersion,
+        updateAvailable: true,
+      });
       broadcastToAll({
         type: 'update-available',
         currentVersion: _updateState.currentVersion,
@@ -10256,11 +10769,42 @@ async function checkForUpdates() {
     }
   } catch (e) {
     _updateState.error = e.message;
+    trackUpdateTelemetry(telemetry, 'check_failed', {
+      source,
+      currentVersion: _updateState.currentVersion,
+      errorKind: updateTelemetryErrorKind(e),
+      result: 'error',
+    });
   }
   return _updateState;
 }
 
-function apiUpdatesCheck(req, res) {
+function updateStateIsStale() {
+  const checkedAt = Date.parse(_updateState.checkedAt || '');
+  return !checkedAt || (Date.now() - checkedAt) > UPDATE_CHECK_TTL_MS;
+}
+
+async function refreshUpdateState(source) {
+  if (_updateCheckInFlight) return _updateCheckInFlight;
+  _updateCheckInFlight = checkForUpdates(source).finally(() => {
+    _updateCheckInFlight = null;
+  });
+  return _updateCheckInFlight;
+}
+
+async function apiUpdatesCheck(req, res, url) {
+  _updateState.currentVersion = getCurrentVersion();
+  const refresh = url?.searchParams?.get('refresh') === '1';
+  if (refresh || updateStateIsStale()) {
+    await refreshUpdateState(refresh ? 'api_refresh' : 'api_stale');
+  }
+  trackUpdateTelemetry(telemetry, 'api_check', {
+    source: 'api',
+    currentVersion: _updateState.currentVersion,
+    latestVersion: _updateState.latestVersion,
+    updateAvailable: _updateState.updateAvailable,
+    result: _updateState.updateAvailable ? 'available' : 'up_to_date',
+  });
   res.writeHead(200, { 'Content-Type': 'application/json' });
   res.end(JSON.stringify(_updateState));
 }
@@ -10268,7 +10812,20 @@ function apiUpdatesCheck(req, res) {
 function apiUpdatesApply(req, res) {
   const current = _updateState.currentVersion;
   const latest = _updateState.latestVersion;
+  trackUpdateTelemetry(telemetry, 'apply_requested', {
+    source: 'api',
+    currentVersion: current,
+    latestVersion: latest,
+    updateAvailable: _updateState.updateAvailable,
+  });
   if (!_updateState.updateAvailable) {
+    trackUpdateTelemetry(telemetry, 'apply_ignored', {
+      source: 'api',
+      currentVersion: current,
+      latestVersion: latest,
+      updateAvailable: false,
+      result: 'ignored',
+    });
     res.writeHead(200, { 'Content-Type': 'application/json' });
     res.end(JSON.stringify({ status: 'up-to-date', version: current }));
     return;
@@ -10279,12 +10836,58 @@ function apiUpdatesApply(req, res) {
 
   // Run update in background — npx create-walle@latest update handles stop/update/restart
   const { spawn } = require('child_process');
-  const child = spawn('npx', ['create-walle@latest', 'update'], {
-    cwd: path.join(__dirname, '..'),
-    detached: true,
-    stdio: 'ignore',
+  try {
+    const child = spawn('npx', ['create-walle@latest', 'update'], {
+      cwd: path.join(__dirname, '..'),
+      detached: true,
+      stdio: 'ignore',
+    });
+    trackUpdateTelemetry(telemetry, 'apply_started', {
+      source: 'api',
+      currentVersion: current,
+      latestVersion: latest,
+      updateAvailable: true,
+      result: 'started',
+    });
+    child.on('error', (e) => {
+      trackUpdateTelemetry(telemetry, 'apply_spawn_error', {
+        source: 'api',
+        currentVersion: current,
+        latestVersion: latest,
+        errorKind: updateTelemetryErrorKind(e),
+        result: 'error',
+      });
+    });
+    child.unref();
+  } catch (e) {
+    trackUpdateTelemetry(telemetry, 'apply_spawn_error', {
+      source: 'api',
+      currentVersion: current,
+      latestVersion: latest,
+      errorKind: updateTelemetryErrorKind(e),
+      result: 'error',
+    });
+  }
+}
+
+function apiUpdatesTelemetry(req, res) {
+  let body = '';
+  req.on('data', (chunk) => {
+    body += chunk;
+    if (body.length > 4096) req.destroy();
+  });
+  req.on('end', () => {
+    try {
+      const parsed = body ? JSON.parse(body) : {};
+      const item = clientUpdateTelemetryEvent(parsed);
+      if (item) trackUpdateTelemetry(telemetry, item.event, item.details);
+      res.writeHead(item ? 200 : 400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(item ? { ok: true } : { ok: false, error: 'invalid telemetry event' }));
+    } catch {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'invalid JSON' }));
+    }
   });
-  child.unref();
 }
 
 // --- Auto Title Generation ---
@@ -10556,8 +11159,8 @@ server.on('listening', () => {
   _restoreSessionsAsync();
 
   // Check for updates on startup (after 10s delay) and every 24h
-  setTimeout(() => checkForUpdates().catch(() => {}), 10000);
-  setInterval(() => checkForUpdates().catch(() => {}), 24 * 60 * 60 * 1000);
+  setTimeout(() => checkForUpdates('startup').catch(() => {}), 10000);
+  setInterval(() => checkForUpdates('scheduled').catch(() => {}), 24 * 60 * 60 * 1000);
 
   // --- Scheduler: replaces ad-hoc setInterval timers for session management ---
   const ctmScheduler = _ctmScheduler = new Scheduler({ tickMs: 5000, pools: { io: 3, llm: 1 } });