create-walle 0.9.21 → 0.9.22

package/README.md

@@ -1,6 +1,6 @@
 # create-walle
 
-Set up **CTM + Wall-E** in one command — a browser-based command center for AI coding agents, remote phone access, review workflows, and a personal AI agent that builds a searchable second brain from your work life.
+Set up **CTM + Wall-E** in one command — a browser-based command center for AI coding agents, remote phone and tablet access, review workflows, and a personal AI agent that builds a searchable second brain from your work life.
 
 ## What You Get
 
@@ -12,7 +12,7 @@ A web dashboard for running and managing AI coding sessions across multiple prov
 - **Prompt Editor** — Save, version, and organize prompts with folders, tags, chains, templates, and AI search
 - **Task Queue** — Queue prompts for sequential execution with auto-advance when the agent finishes, or step through manually
 - **Approval Workflows** — Auto-approve tool-use requests based on learned rules; uncertain cases escalate to you
-- **Remote Phone Access** — Pair your phone with a QR code and use a mobile CTM UI over Microsoft Dev Tunnels, Tailscale, Cloudflare Tunnel, or Walle Remote, with live prompts and model controls
+- **Remote Phone & Tablet Access** — Pair your phone or tablet with a QR code and use a responsive CTM UI over Microsoft Dev Tunnels, Tailscale, Cloudflare Tunnel, or Walle Remote, with live prompts and model controls
 - **Code & Doc Review** — Review git diffs and Markdown docs side by side, add anchored comments, and send feedback into an agent session or queue
 - **Model Registry** — Manage providers (Anthropic, OpenAI, Google, DeepSeek, Ollama, LM Studio, MLX, and CLI subscription providers), compare pricing, switch models per session
 - **Session Insights** — Analyze patterns across sessions to optimize prompts and workflows
@@ -35,7 +35,7 @@ An always-on AI agent that learns from your Slack, email, calendar, and coding s
 npx create-walle install ./walle
 ```
 
-This copies the project, installs dependencies, auto-detects your name and timezone, and starts the server. Open **http://localhost:3456** to finish setup in the browser, then pair your phone from Setup if you want remote access.
+This copies the project, installs dependencies, auto-detects your name and timezone, and starts the server. Open **http://localhost:3456** to finish setup in the browser, then pair your phone or tablet from Setup if you want remote access.
 
 ## Commands
 
@@ -62,7 +62,7 @@ On first launch, the browser setup page guides you through:
 1. **Owner name** — auto-detected from `git config`
 2. **API key** — enter manually, or click "Auto-detect" to find it from your shell environment, Claude Code OAuth, or corporate devbox
 3. **Integrations** — connect Slack (OAuth), email and calendar auto-detected on macOS
-4. **Remote phone access** — optional QR pairing with Microsoft Dev Tunnels, Tailscale, Cloudflare Tunnel, or Walle Remote, including phone-friendly prompts and model controls
+4. **Remote phone and tablet access** — optional QR pairing with Microsoft Dev Tunnels, Tailscale, Cloudflare Tunnel, or Walle Remote, including touch-friendly prompts and model controls
 
 ## Custom Port
 
@@ -78,7 +78,7 @@ Everything runs locally. CTM serves the dashboard, Wall-E runs as a background a
 
 | Component | Default Port | What it does |
 |-----------|-------------|--------------|
-| CTM | 3456 | Dashboard, multi-agent terminal, prompt editor, queue, model registry, code/doc review, remote phone UI |
+| CTM | 3456 | Dashboard, multi-agent terminal, prompt editor, queue, model registry, code/doc review, remote phone/tablet UI |
 | Wall-E | 3457 | AI agent, brain database, skills engine, multi-model chat API |
 
 ## Links

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "create-walle",
-  "version": "0.9.21",
-  "description": "CTM + Wall-E \u2014 AI coding dashboard and personal digital twin agent. Multi-agent terminal for Claude Code, Codex, Gemini, Aider, OpenCode, and more, plus prompt editor, task queue, remote phone access, code/doc review, and an agent that learns from Slack, email & calendar.",
+  "version": "0.9.22",
+  "description": "CTM + Wall-E \u2014 AI coding dashboard and personal digital twin agent. Multi-agent terminal for Claude Code, Codex, Gemini, Aider, OpenCode, and more, plus prompt editor, task queue, remote phone and tablet access, code/doc review, and an agent that learns from Slack, email & calendar.",
   "bin": {
     "create-walle": "bin/create-walle.js"
   },

package/template/claude-task-manager/api-prompts.js

@@ -143,6 +143,7 @@ function handlePromptApi(req, res, url) {
   // --- Images ---
   if (p === '/api/images/upload' && m === 'POST') return handleUploadImage(req, res, url);
   if (p === '/api/mobile/attachments/upload' && m === 'POST') return handleUploadMobileAttachment(req, res, url);
+  if (p === '/api/session/image-refs' && m === 'POST') return handleSessionImageRefs(req, res);
   if (p.match(/^\/api\/images\/\d+$/) && m === 'GET') return handleGetImage(req, res, url);
   if (p.match(/^\/api\/images\/\d+\/annotations$/) && m === 'PUT') return handleUpdateAnnotations(req, res, url);
   if (p.match(/^\/api\/images\/\d+$/) && m === 'DELETE') return handleDeleteImage(req, res, url);
@@ -677,6 +678,18 @@ async function handleUploadMobileAttachment(req, res, url) {
   }
 }
 
+async function handleSessionImageRefs(req, res) {
+  try {
+    const body = await readBody(req, 256 * 1024);
+    const result = await db.recordSessionImageRefs(body || {});
+    const safeResult = { ...(result || {}) };
+    delete safeResult.refDir;
+    jsonResponse(res, 200, { ok: true, ...safeResult });
+  } catch (e) {
+    jsonResponse(res, 400, { ok: false, error: e.message });
+  }
+}
+
 function handleGetImage(req, res, url) {
   const id = parseInt(url.pathname.split('/').pop());
   const img = db.getImage(id);

package/template/claude-task-manager/api-reviews.js

@@ -140,7 +140,7 @@ function handleReviewApi(req, res, url) {
     try {
       const filePath = url.searchParams.get('path');
       const line = url.searchParams.get('line') || 1;
-      const document = documentReview.readDocument(filePath, { line });
+      const document = documentReview.readDocument(filePath, { line, cwd: url.searchParams.get('cwd') || '' });
       return jsonResponse(res, 200, { document });
     } catch (e) {
       return jsonResponse(res, e.statusCode || 500, { error: e.message });
@@ -150,7 +150,10 @@ function handleReviewApi(req, res, url) {
   // POST /api/reviews/document-review - create/reuse a review record for one document
   if (p === '/api/reviews/document-review' && m === 'POST') {
     readBody(req).then(body => {
-      const document = documentReview.readDocument(body.path, { line: body.line || 1 });
+      const document = documentReview.readDocument(body.path, {
+        line: body.line || 1,
+        cwd: body.cwd || '',
+      });
       const review = db.listReviews({
         project_path: document.projectRoot,
         review_type: 'doc',

package/template/claude-task-manager/db.js

@@ -6,7 +6,7 @@ const zlib = require('zlib');
 
 const { execFileSync } = require('child_process');
 const { normalizeAgentType } = require('./lib/agent-capabilities');
-const { codexRolloutIdFromPath } = require('./lib/session-history');
+const { codexRolloutIdFromPath, readCodexRolloutMetadata } = require('./lib/session-history');
 const { ensureTranscriptTables } = require('./lib/transcript-store');
 const {
   classifySqliteError,
@@ -19,6 +19,7 @@ const {
 const DATA_DIR = process.env.CTM_DATA_DIR || path.join(process.env.HOME, '.walle', 'data');
 const DEFAULT_DB_PATH = path.join(DATA_DIR, 'task-manager.db');
 const DEFAULT_IMAGES_DIR = path.join(DATA_DIR, 'images');
+const SESSION_IMAGES_DIR = path.join(DATA_DIR, 'session-images');
 const BACKUP_DIR = path.join(DATA_DIR, 'backups');
 
 let db = null;
@@ -52,33 +53,57 @@ function resolveGitRoot(projectPath) {
 
 function _codexFileAgentSessionId(jsonlPath) {
   try {
-    return codexRolloutIdFromPath(jsonlPath || '') || '';
+    const filePath = String(jsonlPath || '').trim();
+    if (!filePath) return '';
+    const pathId = codexRolloutIdFromPath(filePath);
+    if (!pathId && !String(path.basename(filePath || '')).startsWith('rollout-')) return '';
+    const meta = readCodexRolloutMetadata(filePath) || {};
+    return String(meta.id || pathId || '').trim();
   } catch {
     return '';
   }
 }
 
+function _looksLikeCodexRolloutBasename(value) {
+  return /^rollout-\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(String(value || '').trim());
+}
+
+function _codexRolloutBasenameAgentSessionId(value) {
+  const match = String(value || '').trim().match(/^rollout-\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}-([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})$/i);
+  return match ? match[1].toLowerCase() : '';
+}
+
+function _codexResumeAlias(value, canonicalId) {
+  const clean = String(value || '').trim();
+  if (!clean || clean === canonicalId || _looksLikeCodexRolloutBasename(clean)) return '';
+  return clean;
+}
+
 function _normalizeAgentSessionIdentity(data = {}) {
-  const provider = normalizeAgentType(data.provider || '') || String(data.provider || '').toLowerCase();
+  const jsonlPath = String(data.jsonlPath || '').trim();
+  const codexFileAgentSessionId = _codexFileAgentSessionId(jsonlPath);
+  const provider = (codexFileAgentSessionId || _codexRolloutBasenameAgentSessionId(data.agentSessionId))
+    ? 'codex'
+    : (normalizeAgentType(data.provider || '') || String(data.provider || '').toLowerCase());
   let agentSessionId = String(data.agentSessionId || '').trim();
   let providerResumeId = String(data.providerResumeId || data.resumeSessionId || '').trim();
-  const jsonlPath = String(data.jsonlPath || '').trim();
 
-  if (provider === 'codex' && jsonlPath) {
-    const fileAgentSessionId = _codexFileAgentSessionId(jsonlPath);
+  if (provider === 'codex') {
+    const fileAgentSessionId = codexFileAgentSessionId || _codexRolloutBasenameAgentSessionId(agentSessionId);
     if (fileAgentSessionId) {
       if (agentSessionId && agentSessionId !== fileAgentSessionId) {
-        if (!providerResumeId) providerResumeId = agentSessionId;
+        if (!providerResumeId) providerResumeId = _codexResumeAlias(agentSessionId, fileAgentSessionId);
+        const sourceLabel = jsonlPath ? path.basename(jsonlPath) : agentSessionId;
         console.error(
-          `[db] Codex agent_session_id/jsonl mismatch; using filename id ${fileAgentSessionId.slice(0, 8)} ` +
-          `instead of ${agentSessionId.slice(0, 8)} for ${path.basename(jsonlPath)}`
+          `[db] Codex agent_session_id/jsonl mismatch; using rollout metadata id ${fileAgentSessionId.slice(0, 8)} ` +
+          `instead of ${agentSessionId.slice(0, 8)} for ${sourceLabel}`
         );
       }
       agentSessionId = fileAgentSessionId;
     }
   }
 
-  return { agentSessionId, providerResumeId };
+  return { agentSessionId, providerResumeId, provider };
 }
 
 function getDb() {
@@ -110,6 +135,7 @@ function _ensureDataDirs(dbPath) {
   const dir = path.dirname(dbPath);
   if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
   if (!fs.existsSync(DEFAULT_IMAGES_DIR)) fs.mkdirSync(DEFAULT_IMAGES_DIR, { recursive: true });
+  if (!fs.existsSync(SESSION_IMAGES_DIR)) fs.mkdirSync(SESSION_IMAGES_DIR, { recursive: true });
   if (!fs.existsSync(BACKUP_DIR)) fs.mkdirSync(BACKUP_DIR, { recursive: true });
 }
 
@@ -2316,6 +2342,157 @@ function deleteImage(id) {
   }
 }
 
+function _sanitizeSessionImageSegment(value, fallback) {
+  const clean = String(value || '')
+    .trim()
+    .replace(/[^A-Za-z0-9._-]+/g, '-')
+    .replace(/-+/g, '-')
+    .replace(/^[.-]+|[.-]+$/g, '')
+    .slice(0, 120);
+  return clean || fallback;
+}
+
+function _sessionImageTimestampSlug(value) {
+  let date = null;
+  if (typeof value === 'number' && Number.isFinite(value)) date = new Date(value);
+  else if (typeof value === 'string' && value.trim()) {
+    const n = Number(value);
+    date = Number.isFinite(n) && /^\d+$/.test(value.trim()) ? new Date(n) : new Date(value);
+  }
+  if (!date || Number.isNaN(date.getTime())) date = new Date();
+  return date.toISOString().replace(/[-:.]/g, '').replace(/Z$/, 'Z');
+}
+
+function _sessionImagePromptHash(text, fallbackParts = []) {
+  const source = String(text || '').trim() || fallbackParts.map(v => String(v || '')).join('|') || String(Date.now());
+  return crypto.createHash('sha256').update(source).digest('hex').slice(0, 16);
+}
+
+function _pathInsideDir(filePath, dirPath) {
+  const resolvedFile = path.resolve(filePath || '');
+  const resolvedDir = path.resolve(dirPath || '');
+  return resolvedFile === resolvedDir || resolvedFile.startsWith(resolvedDir + path.sep);
+}
+
+function _imageRowForReference(ref) {
+  const imageId = Number(ref && ref.id || 0);
+  if (Number.isInteger(imageId) && imageId > 0) {
+    const row = getImage(imageId);
+    if (row) return row;
+  }
+
+  const candidate = String(ref && (ref.file_path || ref.path) || '').trim();
+  if (candidate && _pathInsideDir(candidate, DEFAULT_IMAGES_DIR)) {
+    const resolved = path.resolve(candidate);
+    const row = getDb().prepare(
+      'SELECT * FROM images WHERE file_path = ? OR file_path LIKE ? ORDER BY id DESC LIMIT 1'
+    ).get(resolved, '%/' + path.basename(resolved));
+    if (row) return row;
+    if (fs.existsSync(resolved)) {
+      return {
+        id: null,
+        filename: path.basename(resolved),
+        mime_type: ref && (ref.mimeType || ref.mime_type) || 'image/png',
+        file_path: resolved,
+      };
+    }
+  }
+
+  const filename = path.basename(String(ref && ref.filename || '').trim());
+  if (filename) {
+    const row = getDb().prepare(
+      'SELECT * FROM images WHERE filename = ? OR file_path LIKE ? ORDER BY id DESC LIMIT 1'
+    ).get(filename, '%/' + filename);
+    if (row) return row;
+  }
+
+  return null;
+}
+
+async function _ensureRelativeSymlink(linkPath, relativeTarget) {
+  try {
+    const stat = await fs.promises.lstat(linkPath);
+    if (stat.isSymbolicLink()) {
+      const current = await fs.promises.readlink(linkPath);
+      if (current === relativeTarget) return;
+    }
+    await fs.promises.unlink(linkPath);
+  } catch (err) {
+    if (!err || err.code !== 'ENOENT') throw err;
+  }
+  await fs.promises.symlink(relativeTarget, linkPath);
+}
+
+async function recordSessionImageRefs(data = {}) {
+  const sessionId = String(data.sessionId || data.session_id || '').trim();
+  if (!sessionId) throw new Error('sessionId required');
+  const refs = Array.isArray(data.images) ? data.images : Array.isArray(data.attachments) ? data.attachments : [];
+  const sessionSlug = _sanitizeSessionImageSegment(sessionId, 'session');
+  const timestampSlug = _sessionImageTimestampSlug(data.submittedAt || data.submitted_at || Date.now());
+  const promptHash = _sanitizeSessionImageSegment(
+    data.promptHash || data.prompt_hash || _sessionImagePromptHash(data.promptText || data.prompt_text || '', [sessionId, timestampSlug]),
+    'prompt'
+  ).slice(0, 32);
+  const refDir = path.join(SESSION_IMAGES_DIR, sessionSlug);
+  await fs.promises.mkdir(refDir, { recursive: true });
+
+  const links = [];
+  const skipped = [];
+  const seenTargets = new Set();
+  let index = 0;
+  for (const ref of refs) {
+    const row = _imageRowForReference(ref);
+    if (!row || !row.file_path) {
+      skipped.push({ label: ref && ref.label || '', reason: 'image_not_found' });
+      continue;
+    }
+    const targetPath = path.resolve(row.file_path);
+    if (!_pathInsideDir(targetPath, DEFAULT_IMAGES_DIR)) {
+      skipped.push({ label: ref && ref.label || '', reason: 'outside_image_store' });
+      continue;
+    }
+    if (!fs.existsSync(targetPath)) {
+      skipped.push({ label: ref && ref.label || '', reason: 'file_missing' });
+      continue;
+    }
+    if (seenTargets.has(targetPath)) continue;
+    seenTargets.add(targetPath);
+    index += 1;
+    const ext = path.extname(targetPath) || path.extname(row.filename || '') || '.png';
+    const linkName = `${timestampSlug}-${promptHash}-image-${String(index).padStart(2, '0')}${ext}`;
+    const linkPath = path.join(refDir, linkName);
+    const relativeTarget = path.relative(refDir, targetPath);
+    await _ensureRelativeSymlink(linkPath, relativeTarget);
+    links.push({
+      label: ref && ref.label || `[Image #${index}]`,
+      image_id: row.id || null,
+      filename: row.filename || path.basename(targetPath),
+      mime_type: row.mime_type || ref && ref.mimeType || 'image/png',
+      link: linkName,
+      target: relativeTarget,
+    });
+  }
+
+  const manifestName = `${timestampSlug}-${promptHash}.json`;
+  const manifest = {
+    session_id: sessionId,
+    submitted_at: timestampSlug,
+    prompt_hash: promptHash,
+    prompt_text_hash: _sessionImagePromptHash(data.promptText || data.prompt_text || '', [sessionId, timestampSlug]),
+    created_at: new Date().toISOString(),
+    links,
+    skipped,
+  };
+  await fs.promises.writeFile(path.join(refDir, manifestName), JSON.stringify(manifest, null, 2) + '\n');
+  return {
+    sessionId,
+    refDir,
+    manifest: manifestName,
+    links,
+    skipped,
+  };
+}
+
 // --- Chains ---
 function createChain({ name, description }) {
   const result = getDb().prepare('INSERT INTO chains (name, description) VALUES (?, ?)').run(name, description || '');
@@ -4566,6 +4743,7 @@ function upsertSession(id, data, opts) {
   const normalizedIdentity = _normalizeAgentSessionIdentity(data);
   const agentId = normalizedIdentity.agentSessionId;
   const providerResumeId = normalizedIdentity.providerResumeId;
+  const provider = normalizedIdentity.provider || data.provider || '';
   function throwCrossTabClaim(existingCtmSessionId) {
     const err = new Error(
       `agent_session_id ${agentId} is already claimed by ctm_session ${existingCtmSessionId} (refusing cross-tab claim for ${id})`
@@ -4578,7 +4756,7 @@ function upsertSession(id, data, opts) {
   }
   const ctmParams = {
     id,
-    provider: data.provider || '',
+    provider,
     project_path: data.projectPath || '',
     cwd: data.cwd || '',
     title: data.title || '',
@@ -4593,7 +4771,7 @@ function upsertSession(id, data, opts) {
   const agentParams = (agentId && agentId !== '__CLEAR__') ? {
     agent_session_id: agentId,
     ctm_session_id: id,
-    provider: data.provider || '',
+    provider,
     provider_resume_id: providerResumeId || '',
     project_path: data.projectPath || '',
     jsonl_path: data.jsonlPath || '',
@@ -4939,6 +5117,161 @@ function repairCodexSessionMetadataFromConversations({ dryRun = false, limit = 5
   };
 }
 
+function _newerTimestamp(a, b) {
+  const aMs = Date.parse(String(a || ''));
+  const bMs = Date.parse(String(b || ''));
+  if (!Number.isFinite(aMs)) return b || '';
+  if (!Number.isFinite(bMs)) return a || '';
+  return aMs >= bMs ? a : b;
+}
+
+function _mergeCodexAgentRow(existing, stale, canonicalId) {
+  const resumeAlias = _codexResumeAlias(existing?.provider_resume_id, canonicalId)
+    || _codexResumeAlias(stale?.provider_resume_id, canonicalId)
+    || _codexResumeAlias(stale?.agent_session_id, canonicalId);
+  return {
+    ctm_session_id: existing?.ctm_session_id || stale?.ctm_session_id || '',
+    provider_resume_id: resumeAlias,
+    project_path: existing?.project_path || stale?.project_path || '',
+    jsonl_path: existing?.jsonl_path || stale?.jsonl_path || '',
+    first_message: existing?.first_message || stale?.first_message || '',
+    file_size: Math.max(Number(existing?.file_size || 0), Number(stale?.file_size || 0)),
+    modified_at: _newerTimestamp(existing?.modified_at, stale?.modified_at),
+    hostname: existing?.hostname || stale?.hostname || '',
+    model: existing?.model || stale?.model || '',
+    git_branch: existing?.git_branch || stale?.git_branch || '',
+    user_msg_count: Math.max(Number(existing?.user_msg_count || 0), Number(stale?.user_msg_count || 0)),
+    slug: existing?.slug || stale?.slug || '',
+  };
+}
+
+function repairCodexRolloutAgentIdentities({ dryRun = false, limit = 1000 } = {}) {
+  const d = getDb();
+  const candidates = d.prepare(`
+    SELECT *
+    FROM agent_sessions
+    WHERE jsonl_path LIKE '%rollout-%.jsonl%'
+    ORDER BY
+      CASE
+        WHEN COALESCE(provider, '') != 'codex' THEN 0
+        WHEN agent_session_id LIKE 'rollout-%' THEN 0
+        WHEN provider_resume_id LIKE 'rollout-%' THEN 0
+        ELSE 1
+      END,
+      updated_at DESC,
+      modified_at DESC
+    LIMIT ?
+  `).all(Math.max(1, Number(limit) || 1000));
+
+  const repairs = [];
+  for (const row of candidates) {
+    const canonicalId = _codexFileAgentSessionId(row.jsonl_path);
+    if (!canonicalId) continue;
+    const provider = normalizeAgentType(row.provider || '') || String(row.provider || '').toLowerCase();
+    if (row.agent_session_id === canonicalId && provider === 'codex') continue;
+    repairs.push({ ...row, canonicalId, provider });
+  }
+
+  if (!dryRun && repairs.length > 0) {
+    const selectAgent = d.prepare('SELECT * FROM agent_sessions WHERE agent_session_id = ?');
+    const updateCanonical = d.prepare(`
+      UPDATE agent_sessions SET
+        ctm_session_id = COALESCE(NULLIF(?, ''), ctm_session_id),
+        provider = 'codex',
+        provider_resume_id = ?,
+        project_path = COALESCE(NULLIF(?, ''), project_path),
+        jsonl_path = COALESCE(NULLIF(?, ''), jsonl_path),
+        first_message = COALESCE(NULLIF(?, ''), first_message),
+        file_size = CASE WHEN ? > COALESCE(file_size, 0) THEN ? ELSE COALESCE(file_size, 0) END,
+        modified_at = COALESCE(NULLIF(?, ''), modified_at),
+        hostname = COALESCE(NULLIF(?, ''), hostname),
+        model = COALESCE(NULLIF(?, ''), model),
+        git_branch = COALESCE(NULLIF(?, ''), git_branch),
+        user_msg_count = CASE WHEN ? > COALESCE(user_msg_count, 0) THEN ? ELSE COALESCE(user_msg_count, 0) END,
+        slug = COALESCE(NULLIF(?, ''), slug),
+        updated_at = datetime('now')
+      WHERE agent_session_id = ?
+    `);
+    const updateInPlace = d.prepare(`
+      UPDATE agent_sessions SET
+        agent_session_id = ?,
+        provider = 'codex',
+        provider_resume_id = ?,
+        updated_at = datetime('now')
+      WHERE agent_session_id = ?
+    `);
+    const deleteStale = d.prepare('DELETE FROM agent_sessions WHERE agent_session_id = ?');
+    const updateCtmProvider = d.prepare(`
+      UPDATE ctm_sessions
+      SET provider = 'codex', updated_at = datetime('now')
+      WHERE id = ? AND COALESCE(provider, '') != 'codex'
+    `);
+
+    const txn = d.transaction(() => {
+      for (const row of repairs) {
+        const canonical = selectAgent.get(row.canonicalId);
+        if (canonical && canonical.agent_session_id !== row.agent_session_id) {
+          const merged = _mergeCodexAgentRow(canonical, row, row.canonicalId);
+          updateCanonical.run(
+            merged.ctm_session_id,
+            merged.provider_resume_id,
+            merged.project_path,
+            merged.jsonl_path,
+            merged.first_message,
+            merged.file_size,
+            merged.file_size,
+            merged.modified_at,
+            merged.hostname,
+            merged.model,
+            merged.git_branch,
+            merged.user_msg_count,
+            merged.user_msg_count,
+            merged.slug,
+            row.canonicalId
+          );
+          deleteStale.run(row.agent_session_id);
+        } else if (row.agent_session_id !== row.canonicalId) {
+          const resumeAlias = _codexResumeAlias(row.provider_resume_id, row.canonicalId)
+            || _codexResumeAlias(row.agent_session_id, row.canonicalId);
+          updateInPlace.run(row.canonicalId, resumeAlias, row.agent_session_id);
+        } else {
+          updateCanonical.run(
+            row.ctm_session_id || '',
+            _codexResumeAlias(row.provider_resume_id, row.canonicalId),
+            row.project_path || '',
+            row.jsonl_path || '',
+            row.first_message || '',
+            Number(row.file_size || 0),
+            Number(row.file_size || 0),
+            row.modified_at || '',
+            row.hostname || '',
+            row.model || '',
+            row.git_branch || '',
+            Number(row.user_msg_count || 0),
+            Number(row.user_msg_count || 0),
+            row.slug || '',
+            row.canonicalId
+          );
+        }
+        if (row.ctm_session_id) updateCtmProvider.run(row.ctm_session_id);
+      }
+    });
+    txn();
+    flushWal();
+  }
+
+  return {
+    checked: candidates.length,
+    repaired: repairs.length,
+    rows: repairs.map(row => ({
+      ctm_session_id: row.ctm_session_id,
+      from_agent_session_id: row.agent_session_id,
+      to_agent_session_id: row.canonicalId,
+      provider: row.provider,
+    })),
+  };
+}
+
 /**
  * Get all session data in old-compatible format (for apiRecentSessions).
  * Returns merged ctm_sessions + agent_sessions rows.
@@ -5118,7 +5451,7 @@ module.exports = {
   createPrompt, updatePrompt, getPrompt, listPrompts, listChildPrompts, setPromptParent, createGroupFromPrompts, deletePrompt, duplicatePrompt, reorderPrompts,
   getPromptVersions, restorePromptVersion,
   createFolder, listFolders, updateFolder, deleteFolder, reorderFolders,
-  saveImage, getImage, updateImageAnnotations, listImages, deleteImage,
+  saveImage, getImage, updateImageAnnotations, listImages, deleteImage, recordSessionImageRefs,
   createChain, getChain, listChains, updateChain, deleteChain,
   listPermissionRules, upsertPermissionRule, deletePermissionRule,
   listPermissionLog, addPermissionLog,
@@ -5151,7 +5484,7 @@ module.exports = {
   listHooks, getEnabledHooks, createHook, deleteHook, toggleHook,
   upsertAnalysisFts, backfillFts, ftsSearchAnalyses, invalidateFtsRowidMap,
   extractSessionMessages, extractSessionMessagesAsync, replaceSessionMessages, backfillSessionMessages, backfillSessionMessagesAsync, ftsSearchMessages,
-  DEFAULT_IMAGES_DIR, BACKUP_DIR,
+  DEFAULT_IMAGES_DIR, SESSION_IMAGES_DIR, BACKUP_DIR,
   // Workspaces (Phase 13)
   listWorkspaces, createWorkspace, updateWorkspace, deleteWorkspace,
   addSessionToWorkspace, removeSessionFromWorkspace, getWorkspaceSessions, getSessionWorkspace,
@@ -5165,7 +5498,7 @@ module.exports = {
   // CTM Sessions + Agent Sessions (v1 schema)
   getSessionIdentity, getLatestAgentSessionForCtm, getSessionConversationSourceIds, resolveSession, upsertSession, setSessionStar, getStarredSessionIds,
   setSessionTitleNew, setSessionTitleStatusNew, getSessionTitleNew, getAllSessionsData,
-  repairCodexSessionMetadataFromConversations,
+  repairCodexSessionMetadataFromConversations, repairCodexRolloutAgentIdentities,
   getAgentSessions, getAgentSession, deleteCtmSession,
   // Schema version
   getSchemaVersion,

package/template/claude-task-manager/docs/app-update-refresh-protocol.md

@@ -0,0 +1,69 @@
+# CTM App Update Refresh Protocol
+
+## Problem
+
+CTM is a long-lived browser app. A user can keep several CTM tabs open while
+`create-walle update` replaces CTM and Wall-E code, restarts the server, and
+serves newer HTML, CSS, and JavaScript. Existing browser tabs may reconnect to
+the new server while still executing the old client bundle.
+
+That is unsafe in both directions:
+
+- silently keeping old code leaves users on stale UX after an update;
+- blindly reloading every tab can destroy active terminal input, queue drafts,
+  screenshot edits, or mobile composer text.
+
+## Design
+
+The server is the source of truth for the installed application identity. Each
+WebSocket `hello` includes an app identity:
+
+- `version`: the installed create-walle version;
+- `components`: CTM and Wall-E package versions;
+- `buildId`: a stable hash of key shipped files and package versions.
+
+`buildId` is recomputed from file stats when version info is requested. It must
+not be process-cached because update installers can replace static assets before
+or during a server restart.
+
+The client records the first app identity it sees for the current document. On
+later WebSocket reconnects, if the server identity changes, the page is running
+old code and must refresh before continuing normal operation.
+
+## UX Contract
+
+When a changed app identity is detected:
+
+1. Broadcast `reload-required` to same-origin CTM tabs using `BroadcastChannel`.
+2. If the current tab is idle, reload immediately.
+3. If the current tab has active user work, show a sticky reload-required banner
+   and do not steal focus.
+4. The banner remains until the user clicks **Reload now** or the page is
+   refreshed.
+
+Active user work includes focused xterm.js terminals, editable inputs,
+contenteditable composers, open modals, open queue panel, and screenshot editor
+state.
+
+## Mobile/PWA
+
+The mobile service worker already uses a network-first shell strategy and
+activates new workers. That only updates future navigations; a currently open
+mobile document still needs the same runtime identity handshake. Mobile uses the
+same `hello` comparison and shows a compact refresh banner when a composer or
+detail view is active.
+
+## Non-Goals
+
+- No hard reload while a user is typing.
+- No reload prompt for ordinary CTM restarts when the app identity is unchanged.
+- No dependency on service workers for desktop refresh behavior.
+
+## Verification
+
+Focused render tests should cover:
+
+- an idle desktop tab auto-refreshes on server identity change;
+- a focused terminal desktop tab shows the reload banner without losing focus;
+- another open tab receives the reload-required event through `BroadcastChannel`;
+- mobile shows the refresh banner instead of silently keeping stale code.

package/template/claude-task-manager/docs/image-paste-ux.md

@@ -12,6 +12,7 @@ CTM treats pasted screenshots as first-class attachments and shows compact promp
 
 - Terminal sessions: paste events and the macOS `Ctrl+V` compatibility path upload images and insert the compact token, for example `[Image #1]`. The token is what the user sees and edits in both Claude and Codex sessions. `Cmd+Shift+V` on macOS and `Ctrl+Shift+V` elsewhere intentionally paste the raw local path reference. The terminal context menu can copy all pasted image paths or URLs for the active session.
 - Terminal sessions backed by Claude Code or Codex use provider-native image handoff. CTM uploads and normalizes the browser clipboard image, then sends the normalized local image path as a bracketed paste to the PTY. The provider creates the real image attachment and renders its own compact `[Image #n]` chip, so the model receives image context while the terminal does not show raw paths.
+- Terminal sessions backed by Claude Code or Codex also append durable image metadata when the prompt is submitted. CTM does not change the paste behavior: paste still inserts the compact token and keeps provider-native path handoff intact. At Enter/submit time, any unsent image attachments from the active input are appended once as `[Attached image: "..."]` or `[Attached images: "...", "..."]` before the newline reaches the PTY. This makes future Conversation/Review import able to resolve the image path even if the provider transcript only preserves terminal text.
 - Terminal text paste also normalizes CTM image references. If the clipboard contains `[Image #1: "/path/to/file.png"]`, a raw local image path, or an `/api/images/file/...` URL, default paste deduplicates repeated references and hands each local image path to provider-native attachment paste when possible.
 - Terminal image paste accepts browser clipboard files by `image/*` MIME type or by common image filename extension when the OS leaves the MIME type empty.
 - Wall-E sessions: pasted images become structured message attachments. The composer inserts `[Image #n]`; sending preserves the compact token in the message text and sends image data separately.
@@ -20,3 +21,5 @@ CTM treats pasted screenshots as first-class attachments and shows compact promp
 ## Provider Contract
 
 Compact tokens are UI references, not raw file paths. CTM keeps attachment metadata, normalized uploads, and copyable path/URL references beside the visible token. Provider adapters must not send only `[Image #n]` to a raw PTY. They should either send structured attachments, or, for Claude Code and Codex terminal sessions, trigger native image attachment by bracket-pasting the normalized local image path. Explicit path paste remains available for CLIs that require a visible local filesystem reference in the prompt text.
+
+Submit-time metadata is a transcript durability layer, not a replacement for native provider image attachment. It must not run during paste, path-copy, or path-paste handling, and it must mark attachments as submitted or discarded so later prompts do not inherit stale image references.