doer-agent 0.2.4 → 0.2.5

package/dist/agent.js

@@ -1,6 +1,6 @@
 import { spawn, spawnSync } from "node:child_process";
-import { createWriteStream, existsSync, statSync } from "node:fs";
-import { chmod, mkdir, open, readFile, readdir, stat, writeFile } from "node:fs/promises";
+import { existsSync, statSync, watch } from "node:fs";
+import { chmod, mkdir, open, readFile, readdir, rm, rmdir, stat, unlink, writeFile } from "node:fs/promises";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
 import { AckPolicy, connect, DeliverPolicy, JSONCodec, RetentionPolicy, StorageType, StringCodec } from "nats";
@@ -14,8 +14,17 @@ let workspaceRootOverride = null;
 const fsRpcCodec = StringCodec();
 const shellRpcCodec = StringCodec();
 const runRpcCodec = StringCodec();
+const sessionRpcCodec = StringCodec();
+const codexRpcCodec = StringCodec();
+const codexAuthRpcCodec = StringCodec();
+const settingsRpcCodec = StringCodec();
+const gitRpcCodec = StringCodec();
 const activeRuns = new Map();
 const retainedRuns = new Map();
+const activeSessionWatchers = new Map();
+const sessionLineIndexCache = new Map();
+const ANSI_RE = /\u001b\[[0-9;]*m/g;
+let pendingCodexDeviceAuth = null;
 function sanitizeUserId(userId) {
     const normalized = userId.trim().replace(/[^a-zA-Z0-9_-]/g, "_");
     return normalized.length > 0 ? normalized : "anonymous";
@@ -23,6 +32,21 @@ function sanitizeUserId(userId) {
 function buildAgentRunRpcSubject(userId, agentId) {
     return `doer.agent.run.rpc.${sanitizeUserId(userId)}.${agentId.trim()}`;
 }
+function buildAgentSessionRpcSubject(userId, agentId) {
+    return `doer.agent.session.rpc.${sanitizeUserId(userId)}.${agentId.trim()}`;
+}
+function buildAgentCodexRpcSubject(userId, agentId) {
+    return `doer.agent.codex.rpc.${sanitizeUserId(userId)}.${agentId.trim()}`;
+}
+function buildAgentCodexAuthRpcSubject(userId, agentId) {
+    return `doer.agent.codex.auth.rpc.${sanitizeUserId(userId)}.${agentId.trim()}`;
+}
+function buildAgentSettingsRpcSubject(userId, agentId) {
+    return `doer.agent.settings.rpc.${sanitizeUserId(userId)}.${agentId.trim()}`;
+}
+function buildAgentGitRpcSubject(userId, agentId) {
+    return `doer.agent.git.rpc.${sanitizeUserId(userId)}.${agentId.trim()}`;
+}
 function normalizeNatsServers(value) {
     if (!Array.isArray(value)) {
         return [];
@@ -405,7 +429,6 @@ function normalizeRunRpcRequest(args) {
         throw new Error("missing runId");
     }
     const cwd = typeof args.request.cwd === "string" && args.request.cwd.trim() ? args.request.cwd.trim() : null;
-    const chatId = typeof args.request.chatId === "string" && args.request.chatId.trim() ? args.request.chatId.trim() : null;
     const sinceSeqRaw = Number(args.request.sinceSeq);
     const sinceSeq = Number.isInteger(sinceSeqRaw) && sinceSeqRaw >= 0 ? sinceSeqRaw : null;
     const limitRaw = Number(args.request.limit);
@@ -416,7 +439,6 @@ function normalizeRunRpcRequest(args) {
         runId,
         command,
         cwd,
-        chatId,
         responseSubject,
         sinceSeq,
         limit,
@@ -427,26 +449,472 @@ function normalizeRunRpcRequest(args) {
 function publishRunRpcResponse(args) {
     args.nc.publish(args.responseSubject, runRpcCodec.encode(JSON.stringify(args.payload)));
 }
-async function resolveRunLogsDir() {
+async function resolveRunsDir() {
     const workspaceRoot = workspaceRootOverride ?? (process.env.WORKSPACE?.trim() || process.cwd());
     const dir = path.join(workspaceRoot, ".doer-agent", "runs");
     await mkdir(dir, { recursive: true });
     return dir;
 }
-function cloneRunTask(task, sinceSeq) {
+async function resetRunsDir() {
+    const dir = await resolveRunsDir();
+    await rm(dir, { recursive: true, force: true }).catch(() => undefined);
+    await mkdir(dir, { recursive: true });
+}
+async function persistRunTask(task) {
+    const dir = await resolveRunsDir();
+    const payload = {
+        runId: task.id,
+        agentId: task.agentId,
+        userId: task.userId,
+        sessionId: task.sessionId,
+        sessionFilePath: task.sessionFilePath,
+        status: task.status,
+        cancelRequested: task.cancelRequested,
+        createdAt: task.createdAt,
+        updatedAt: task.updatedAt,
+        startedAt: task.startedAt,
+        finishedAt: task.finishedAt,
+        error: task.error,
+    };
+    await writeFile(path.join(dir, `${task.id}.json`), `${JSON.stringify(payload, null, 2)}\n`, "utf8");
+}
+async function removeRunTask(runId) {
+    const dir = await resolveRunsDir();
+    await unlink(path.join(dir, `${runId}.json`)).catch(() => undefined);
+}
+function resolveAgentSettingsDir() {
+    const workspaceRoot = workspaceRootOverride ?? (process.env.WORKSPACE?.trim() || process.cwd());
+    return path.join(workspaceRoot, ".doer-agent");
+}
+function resolveAgentSettingsFilePath() {
+    return path.join(resolveAgentSettingsDir(), "config.json");
+}
+function createDefaultAgentSettingsConfig() {
+    return {
+        general: {
+            firstTurnPrompt: null,
+        },
+        codex: {
+            model: "gpt-5.4",
+            authMode: "api_key",
+            apiKey: null,
+        },
+        realtime: {
+            model: process.env.OPENAI_REALTIME_MODEL?.trim() || "gpt-realtime",
+            voice: process.env.OPENAI_REALTIME_VOICE?.trim() || "alloy",
+            wakeName: null,
+            requireWakeName: true,
+            apiKey: null,
+        },
+        git: {
+            enabled: true,
+            name: null,
+            email: null,
+            authMode: "none",
+            oauthToken: null,
+            oauthLogin: null,
+            oauthScope: null,
+        },
+        aws: {
+            enabled: true,
+            accessKeyId: null,
+            defaultRegion: null,
+            secretAccessKey: null,
+            sessionToken: null,
+        },
+        jira: {
+            baseUrl: null,
+            email: null,
+            enabled: false,
+            apiToken: null,
+        },
+        notion: {
+            baseUrl: "https://api.notion.com",
+            version: "2022-06-28",
+            enabled: false,
+            apiToken: null,
+        },
+        slack: {
+            baseUrl: "https://slack.com/api",
+            enabled: false,
+            botToken: null,
+        },
+        figma: {
+            baseUrl: "https://api.figma.com",
+            enabled: false,
+            apiToken: null,
+        },
+    };
+}
+function normalizeNullableString(value) {
+    if (value === null) {
+        return null;
+    }
+    if (typeof value !== "string") {
+        return null;
+    }
+    const trimmed = value.trim();
+    return trimmed ? trimmed : null;
+}
+function normalizeAgentSettingsConfig(value, fallback) {
+    const base = fallback ?? createDefaultAgentSettingsConfig();
+    const raw = value && typeof value === "object" && !Array.isArray(value) ? value : {};
+    const general = raw.general && typeof raw.general === "object" ? raw.general : {};
+    const codex = raw.codex && typeof raw.codex === "object" ? raw.codex : {};
+    const realtime = raw.realtime && typeof raw.realtime === "object" ? raw.realtime : {};
+    const git = raw.git && typeof raw.git === "object" ? raw.git : {};
+    const aws = raw.aws && typeof raw.aws === "object" ? raw.aws : {};
+    const jira = raw.jira && typeof raw.jira === "object" ? raw.jira : {};
+    const notion = raw.notion && typeof raw.notion === "object" ? raw.notion : {};
+    const slack = raw.slack && typeof raw.slack === "object" ? raw.slack : {};
+    const figma = raw.figma && typeof raw.figma === "object" ? raw.figma : {};
+    return {
+        general: {
+            firstTurnPrompt: normalizeNullableString(general.firstTurnPrompt) ?? base.general.firstTurnPrompt,
+        },
+        codex: {
+            model: typeof codex.model === "string" && codex.model.trim() ? codex.model.trim() : base.codex.model,
+            authMode: codex.authMode === "oauth" ? "oauth" : codex.authMode === "api_key" ? "api_key" : base.codex.authMode,
+            apiKey: codex.apiKey === null ? null : normalizeNullableString(codex.apiKey) ?? base.codex.apiKey,
+        },
+        realtime: {
+            model: typeof realtime.model === "string" && realtime.model.trim() ? realtime.model.trim() : base.realtime.model,
+            voice: typeof realtime.voice === "string" && realtime.voice.trim() ? realtime.voice.trim() : base.realtime.voice,
+            wakeName: realtime.wakeName === null ? null : normalizeNullableString(realtime.wakeName) ?? base.realtime.wakeName,
+            requireWakeName: typeof realtime.requireWakeName === "boolean" ? realtime.requireWakeName : base.realtime.requireWakeName,
+            apiKey: realtime.apiKey === null ? null : normalizeNullableString(realtime.apiKey) ?? base.realtime.apiKey,
+        },
+        git: {
+            enabled: typeof git.enabled === "boolean" ? git.enabled : base.git.enabled,
+            name: git.name === null ? null : normalizeNullableString(git.name) ?? base.git.name,
+            email: git.email === null ? null : normalizeNullableString(git.email) ?? base.git.email,
+            authMode: git.authMode === "oauth_app" ? "oauth_app" : git.authMode === "none" ? "none" : base.git.authMode,
+            oauthToken: git.oauthToken === null ? null : normalizeNullableString(git.oauthToken) ?? base.git.oauthToken,
+            oauthLogin: git.oauthLogin === null ? null : normalizeNullableString(git.oauthLogin) ?? base.git.oauthLogin,
+            oauthScope: git.oauthScope === null ? null : normalizeNullableString(git.oauthScope) ?? base.git.oauthScope,
+        },
+        aws: {
+            enabled: typeof aws.enabled === "boolean" ? aws.enabled : base.aws.enabled,
+            accessKeyId: aws.accessKeyId === null ? null : normalizeNullableString(aws.accessKeyId) ?? base.aws.accessKeyId,
+            defaultRegion: aws.defaultRegion === null ? null : normalizeNullableString(aws.defaultRegion) ?? base.aws.defaultRegion,
+            secretAccessKey: aws.secretAccessKey === null ? null : normalizeNullableString(aws.secretAccessKey) ?? base.aws.secretAccessKey,
+            sessionToken: aws.sessionToken === null ? null : normalizeNullableString(aws.sessionToken) ?? base.aws.sessionToken,
+        },
+        jira: {
+            baseUrl: jira.baseUrl === null ? null : normalizeNullableString(jira.baseUrl) ?? base.jira.baseUrl,
+            email: jira.email === null ? null : normalizeNullableString(jira.email) ?? base.jira.email,
+            enabled: typeof jira.enabled === "boolean" ? jira.enabled : base.jira.enabled,
+            apiToken: jira.apiToken === null ? null : normalizeNullableString(jira.apiToken) ?? base.jira.apiToken,
+        },
+        notion: {
+            baseUrl: notion.baseUrl === null ? null : normalizeNullableString(notion.baseUrl) ?? base.notion.baseUrl,
+            version: notion.version === null ? null : normalizeNullableString(notion.version) ?? base.notion.version,
+            enabled: typeof notion.enabled === "boolean" ? notion.enabled : base.notion.enabled,
+            apiToken: notion.apiToken === null ? null : normalizeNullableString(notion.apiToken) ?? base.notion.apiToken,
+        },
+        slack: {
+            baseUrl: slack.baseUrl === null ? null : normalizeNullableString(slack.baseUrl) ?? base.slack.baseUrl,
+            enabled: typeof slack.enabled === "boolean" ? slack.enabled : base.slack.enabled,
+            botToken: slack.botToken === null ? null : normalizeNullableString(slack.botToken) ?? base.slack.botToken,
+        },
+        figma: {
+            baseUrl: figma.baseUrl === null ? null : normalizeNullableString(figma.baseUrl) ?? base.figma.baseUrl,
+            enabled: typeof figma.enabled === "boolean" ? figma.enabled : base.figma.enabled,
+            apiToken: figma.apiToken === null ? null : normalizeNullableString(figma.apiToken) ?? base.figma.apiToken,
+        },
+    };
+}
+async function readAgentSettingsConfig(defaults) {
+    const fallback = normalizeAgentSettingsConfig(defaults ?? null);
+    const filePath = resolveAgentSettingsFilePath();
+    const raw = await readFile(filePath, "utf8").catch(() => "");
+    if (!raw.trim()) {
+        return fallback;
+    }
+    try {
+        return normalizeAgentSettingsConfig(JSON.parse(raw), fallback);
+    }
+    catch {
+        return fallback;
+    }
+}
+async function writeAgentSettingsConfig(config) {
+    const dir = resolveAgentSettingsDir();
+    await mkdir(dir, { recursive: true });
+    await writeFile(resolveAgentSettingsFilePath(), `${JSON.stringify(config, null, 2)}\n`, "utf8");
+}
+function maskSecretPreview(secret) {
+    if (secret.length <= 6) {
+        return `${secret.slice(0, 1)}***${secret.slice(-1)}`;
+    }
+    return `${secret.slice(0, 4)}...${secret.slice(-4)}`;
+}
+function toMaskedSecret(value) {
+    if (!value) {
+        return { has: false, masked: null, length: null };
+    }
+    return { has: true, masked: maskSecretPreview(value), length: value.length };
+}
+function toAgentSettingsPublic(config) {
+    const codexKey = toMaskedSecret(config.codex.apiKey);
+    const realtimeKey = toMaskedSecret(config.realtime.apiKey);
+    const gitOauth = toMaskedSecret(config.git.oauthToken);
+    const awsSecret = toMaskedSecret(config.aws.secretAccessKey);
+    const awsSession = toMaskedSecret(config.aws.sessionToken);
+    const jiraToken = toMaskedSecret(config.jira.apiToken);
+    const notionToken = toMaskedSecret(config.notion.apiToken);
+    const slackToken = toMaskedSecret(config.slack.botToken);
+    const figmaToken = toMaskedSecret(config.figma.apiToken);
+    return {
+        general: {
+            firstTurnPrompt: config.general.firstTurnPrompt,
+        },
+        codex: {
+            model: config.codex.model,
+            authMode: config.codex.authMode,
+            hasApiKey: codexKey.has,
+            apiKeyMasked: codexKey.masked,
+            apiKeyLength: codexKey.length,
+        },
+        realtime: {
+            model: config.realtime.model,
+            voice: config.realtime.voice,
+            wakeName: config.realtime.wakeName,
+            requireWakeName: config.realtime.requireWakeName,
+            hasApiKey: realtimeKey.has,
+            apiKeyMasked: realtimeKey.masked,
+            apiKeyLength: realtimeKey.length,
+        },
+        git: {
+            enabled: config.git.enabled,
+            name: config.git.name,
+            email: config.git.email,
+            authMode: config.git.authMode,
+            hasOauthToken: gitOauth.has,
+            oauthTokenMasked: gitOauth.masked,
+            oauthTokenLength: gitOauth.length,
+            oauthLogin: config.git.oauthLogin,
+            oauthScope: config.git.oauthScope,
+        },
+        aws: {
+            enabled: config.aws.enabled,
+            accessKeyId: config.aws.accessKeyId,
+            defaultRegion: config.aws.defaultRegion,
+            hasSecretAccessKey: awsSecret.has,
+            secretAccessKeyMasked: awsSecret.masked,
+            secretAccessKeyLength: awsSecret.length,
+            hasSessionToken: awsSession.has,
+            sessionTokenMasked: awsSession.masked,
+            sessionTokenLength: awsSession.length,
+        },
+        jira: {
+            baseUrl: config.jira.baseUrl,
+            email: config.jira.email,
+            enabled: config.jira.enabled,
+            hasApiToken: jiraToken.has,
+            apiTokenMasked: jiraToken.masked,
+            apiTokenLength: jiraToken.length,
+        },
+        notion: {
+            baseUrl: config.notion.baseUrl,
+            version: config.notion.version,
+            enabled: config.notion.enabled,
+            hasApiToken: notionToken.has,
+            apiTokenMasked: notionToken.masked,
+            apiTokenLength: notionToken.length,
+        },
+        slack: {
+            baseUrl: config.slack.baseUrl,
+            enabled: config.slack.enabled,
+            hasBotToken: slackToken.has,
+            botTokenMasked: slackToken.masked,
+            botTokenLength: slackToken.length,
+        },
+        figma: {
+            baseUrl: config.figma.baseUrl,
+            enabled: config.figma.enabled,
+            hasApiToken: figmaToken.has,
+            apiTokenMasked: figmaToken.masked,
+            apiTokenLength: figmaToken.length,
+        },
+    };
+}
+function normalizeAgentSettingsPatch(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return {};
+    }
+    const raw = value;
+    const patch = { ...raw };
+    const assignNested = (section, key, value) => {
+        const current = patch[section] && typeof patch[section] === "object" && !Array.isArray(patch[section])
+            ? ({ ...patch[section] })
+            : {};
+        current[key] = value;
+        patch[section] = current;
+    };
+    const move = (flatKey, section, key) => {
+        if (!(flatKey in raw)) {
+            return;
+        }
+        assignNested(section, key, raw[flatKey]);
+        delete patch[flatKey];
+    };
+    move("firstTurnPrompt", "general", "firstTurnPrompt");
+    move("codexModel", "codex", "model");
+    move("codexAuthMode", "codex", "authMode");
+    move("codexApiKey", "codex", "apiKey");
+    move("realtimeModel", "realtime", "model");
+    move("realtimeVoice", "realtime", "voice");
+    move("realtimeWakeName", "realtime", "wakeName");
+    move("realtimeRequireWakeName", "realtime", "requireWakeName");
+    move("realtimeApiKey", "realtime", "apiKey");
+    move("gitEnabled", "git", "enabled");
+    move("gitName", "git", "name");
+    move("gitEmail", "git", "email");
+    move("gitAuthMode", "git", "authMode");
+    move("gitOauthToken", "git", "oauthToken");
+    move("gitOauthLogin", "git", "oauthLogin");
+    move("gitOauthScope", "git", "oauthScope");
+    move("awsEnabled", "aws", "enabled");
+    move("awsAccessKeyId", "aws", "accessKeyId");
+    move("awsDefaultRegion", "aws", "defaultRegion");
+    move("awsSecretAccessKey", "aws", "secretAccessKey");
+    move("awsSessionToken", "aws", "sessionToken");
+    move("jiraBaseUrl", "jira", "baseUrl");
+    move("jiraEmail", "jira", "email");
+    move("jiraEnabled", "jira", "enabled");
+    move("jiraApiToken", "jira", "apiToken");
+    move("notionBaseUrl", "notion", "baseUrl");
+    move("notionVersion", "notion", "version");
+    move("notionEnabled", "notion", "enabled");
+    move("notionApiToken", "notion", "apiToken");
+    move("slackBaseUrl", "slack", "baseUrl");
+    move("slackEnabled", "slack", "enabled");
+    move("slackBotToken", "slack", "botToken");
+    move("figmaBaseUrl", "figma", "baseUrl");
+    move("figmaEnabled", "figma", "enabled");
+    move("figmaApiToken", "figma", "apiToken");
+    return patch;
+}
+async function resolveAgentSettingsConfig(args) {
+    const existing = await readAgentSettingsConfig(args.defaults ?? null);
+    const next = normalizeAgentSettingsConfig(args.patch ?? null, existing);
+    return next;
+}
+function buildAgentSettingsEnvPatch(config) {
+    const envPatch = {};
+    if (config.codex.authMode === "api_key" && config.codex.apiKey) {
+        envPatch.OPENAI_API_KEY = config.codex.apiKey;
+    }
+    if (config.git.enabled) {
+        if (config.git.name)
+            envPatch.GIT_AUTHOR_NAME = config.git.name;
+        if (config.git.name)
+            envPatch.GIT_COMMITTER_NAME = config.git.name;
+        if (config.git.email)
+            envPatch.GIT_AUTHOR_EMAIL = config.git.email;
+        if (config.git.email)
+            envPatch.GIT_COMMITTER_EMAIL = config.git.email;
+        if (config.git.oauthToken)
+            envPatch.GITHUB_TOKEN = config.git.oauthToken;
+        if (config.git.oauthToken)
+            envPatch.GH_TOKEN = config.git.oauthToken;
+        if (config.git.oauthLogin)
+            envPatch.DOER_GIT_OAUTH_LOGIN = config.git.oauthLogin;
+        if (config.git.oauthScope)
+            envPatch.DOER_GIT_OAUTH_SCOPE = config.git.oauthScope;
+    }
+    if (config.aws.enabled) {
+        if (config.aws.accessKeyId)
+            envPatch.AWS_ACCESS_KEY_ID = config.aws.accessKeyId;
+        if (config.aws.defaultRegion)
+            envPatch.AWS_DEFAULT_REGION = config.aws.defaultRegion;
+        if (config.aws.defaultRegion)
+            envPatch.AWS_REGION = config.aws.defaultRegion;
+        if (config.aws.secretAccessKey)
+            envPatch.AWS_SECRET_ACCESS_KEY = config.aws.secretAccessKey;
+        if (config.aws.sessionToken)
+            envPatch.AWS_SESSION_TOKEN = config.aws.sessionToken;
+    }
+    if (config.jira.enabled) {
+        if (config.jira.baseUrl)
+            envPatch.JIRA_BASE_URL = config.jira.baseUrl;
+        if (config.jira.email)
+            envPatch.JIRA_EMAIL = config.jira.email;
+        if (config.jira.apiToken)
+            envPatch.JIRA_API_TOKEN = config.jira.apiToken;
+    }
+    if (config.notion.enabled) {
+        if (config.notion.baseUrl)
+            envPatch.NOTION_BASE_URL = config.notion.baseUrl;
+        if (config.notion.version)
+            envPatch.NOTION_VERSION = config.notion.version;
+        if (config.notion.apiToken)
+            envPatch.NOTION_API_TOKEN = config.notion.apiToken;
+    }
+    if (config.slack.enabled) {
+        if (config.slack.baseUrl)
+            envPatch.SLACK_BASE_URL = config.slack.baseUrl;
+        if (config.slack.botToken)
+            envPatch.SLACK_BOT_TOKEN = config.slack.botToken;
+    }
+    if (config.figma.enabled) {
+        if (config.figma.baseUrl)
+            envPatch.FIGMA_BASE_URL = config.figma.baseUrl;
+        if (config.figma.apiToken)
+            envPatch.FIGMA_API_TOKEN = config.figma.apiToken;
+    }
+    return envPatch;
+}
+function cloneRunTask(task, _sinceSeq) {
     return {
         ...task,
-        events: task.events
-            .filter((event) => typeof sinceSeq === "number" ? event.seq > sinceSeq : true)
-            .map((event) => ({ ...event, payload: { ...event.payload } })),
     };
 }
-function appendRunEvent(task, type, payload) {
-    const timestamp = formatLocalTimestamp();
-    const seq = task.agentEventAckSeq + 1;
-    task.agentEventAckSeq = seq;
-    task.updatedAt = timestamp;
-    task.events.push({ seq, type, timestamp, payload });
+function extractCodexSessionMetadata(value) {
+    try {
+        const parsed = JSON.parse(value);
+        const lineType = typeof parsed.type === "string" ? parsed.type : "";
+        if (!parsed.payload || typeof parsed.payload !== "object" || Array.isArray(parsed.payload)) {
+            return { sessionId: null, sessionFilePath: null };
+        }
+        const payload = parsed.payload;
+        const sessionIdCandidate = typeof payload.sessionId === "string" && payload.sessionId.trim()
+            ? payload.sessionId.trim()
+            : typeof payload.session_id === "string" && payload.session_id.trim()
+                ? payload.session_id.trim()
+                : typeof payload.id === "string" && payload.id.trim() && (lineType === "session_meta" || lineType === "session.started")
+                    ? payload.id.trim()
+                    : null;
+        const filePathCandidate = typeof payload.rollout_path === "string" && payload.rollout_path.trim()
+            ? payload.rollout_path.trim()
+            : typeof payload.filePath === "string" && payload.filePath.trim()
+                ? payload.filePath.trim()
+                : null;
+        return {
+            sessionId: sessionIdCandidate,
+            sessionFilePath: filePathCandidate,
+        };
+    }
+    catch {
+        return { sessionId: null, sessionFilePath: null };
+    }
+}
+async function updateRunSessionMetadata(task, metadata) {
+    let changed = false;
+    if (!task.sessionId && typeof metadata.sessionId === "string" && metadata.sessionId.trim()) {
+        task.sessionId = metadata.sessionId.trim();
+        changed = true;
+    }
+    if (!task.sessionFilePath && typeof metadata.sessionFilePath === "string" && metadata.sessionFilePath.trim()) {
+        task.sessionFilePath = metadata.sessionFilePath.trim();
+        changed = true;
+    }
+    if (!changed) {
+        return;
+    }
+    task.updatedAt = formatLocalTimestamp();
+    await persistRunTask(task).catch(() => undefined);
 }
 function persistRetainedRun(task) {
     retainedRuns.set(task.id, cloneRunTask(task));
@@ -461,7 +929,8 @@ function getStoredRun(runId) {
 async function startManagedRun(args) {
     const prepared = await prepareCommandExecution({
         cwd: args.cwd,
-        runtimeEnvPatch: args.runtimeEnvPatch,
+        userId: args.userId,
+        taskId: args.runId,
         codexAuthBundle: args.codexAuthBundle,
     });
     const child = spawnPreparedCommand({
@@ -473,17 +942,13 @@ async function startManagedRun(args) {
         env: prepared.env,
         agentToken: args.agentToken,
     });
-    const logsDir = await resolveRunLogsDir();
-    const logPath = path.join(logsDir, `${args.runId}.log`);
-    const logStream = createWriteStream(logPath, { flags: "a", encoding: "utf8" });
     const now = formatLocalTimestamp();
     const task = {
         id: args.runId,
         userId: args.userId,
         agentId: args.agentId,
-        command: args.command,
-        cwd: args.cwd,
-        chatId: args.chatId,
+        sessionId: typeof args.sessionId === "string" && args.sessionId.trim() ? args.sessionId.trim() : null,
+        sessionFilePath: null,
         status: "running",
         cancelRequested: false,
         resultExitCode: null,
@@ -493,22 +958,7 @@ async function startManagedRun(args) {
         updatedAt: now,
         startedAt: now,
         finishedAt: null,
-        agentEventAckSeq: 0,
-        events: [],
     };
-    appendRunEvent(task, "meta", {
-        host: process.platform,
-        pid: child.pid ?? null,
-        startedAt: now,
-        command: args.command,
-        cwd: prepared.taskWorkspace,
-        requestedCwd: args.cwd,
-        shell: prepared.shellPath,
-        logPath,
-        ...prepared.taskGitMeta,
-        ...prepared.codexAuthMeta,
-    });
-    appendRunEvent(task, "status", { status: "running" });
     const cancellation = createManagedCancellation(child);
     const requestCancel = () => {
         if (task.status === "completed" || task.status === "failed" || task.status === "canceled") {
@@ -516,13 +966,29 @@ async function startManagedRun(args) {
         }
         task.cancelRequested = true;
         task.updatedAt = formatLocalTimestamp();
+        void persistRunTask(task).catch(() => undefined);
         writeRunStatus(task.id, "cancel requested");
         cancellation.requestCancel();
     };
+    let stdoutBuffer = "";
     const recordChunk = (stream, chunk) => {
-        appendRunEvent(task, stream, { chunk, at: formatLocalTimestamp() });
-        logStream.write(JSON.stringify({ at: formatLocalTimestamp(), stream, chunk }) + "\n");
         writeRunStream(task.id, stream, chunk);
+        if (stream !== "stdout" || (task.sessionId && task.sessionFilePath)) {
+            return;
+        }
+        stdoutBuffer += chunk;
+        const lines = stdoutBuffer.split(/\r?\n/);
+        stdoutBuffer = lines.pop() ?? "";
+        for (const line of lines) {
+            const trimmed = line.trim();
+            if (!trimmed) {
+                continue;
+            }
+            const metadata = extractCodexSessionMetadata(trimmed);
+            if (metadata.sessionId || metadata.sessionFilePath) {
+                void updateRunSessionMetadata(task, metadata);
+            }
+        }
     };
     child.stdout.on("data", (chunk) => recordChunk("stdout", chunk));
     child.stderr.on("data", (chunk) => recordChunk("stderr", chunk));
@@ -531,488 +997,2017 @@ async function startManagedRun(args) {
         task.status = "failed";
         task.error = message;
         task.finishedAt = formatLocalTimestamp();
-        appendRunEvent(task, "status", { status: "failed", error: message, finishedAt: task.finishedAt });
         persistRetainedRun(task);
         activeRuns.delete(task.id);
-        logStream.end();
+        void removeRunTask(task.id).catch(() => undefined);
         void prepared.codexAuthCleanup().catch(() => undefined);
         writeRunStatus(task.id, `failed error=${message}`);
     });
     child.once("close", (code, signal) => {
         cancellation.clear();
+        if (stdoutBuffer.trim() && (!task.sessionId || !task.sessionFilePath)) {
+            const metadata = extractCodexSessionMetadata(stdoutBuffer.trim());
+            if (metadata.sessionId || metadata.sessionFilePath) {
+                void updateRunSessionMetadata(task, metadata);
+            }
+        }
         task.resultExitCode = typeof code === "number" ? code : null;
         task.resultSignal = signal;
         task.finishedAt = formatLocalTimestamp();
         task.status = task.cancelRequested ? "canceled" : (task.resultExitCode ?? 1) === 0 ? "completed" : "failed";
         task.error = task.status === "failed" ? `Command exited with code ${task.resultExitCode ?? "null"}` : null;
-        appendRunEvent(task, "status", {
-            status: task.status,
-            exitCode: task.resultExitCode,
-            signal: task.resultSignal,
-            error: task.error,
-            finishedAt: task.finishedAt,
-        });
         persistRetainedRun(task);
         activeRuns.delete(task.id);
-        logStream.end();
+        void removeRunTask(task.id).catch(() => undefined);
         void prepared.codexAuthCleanup().catch(() => undefined);
-        if ((task.status === "completed" || task.status === "failed") && task.chatId) {
-            void notifyServerRunFinished({
-                serverBaseUrl: args.serverBaseUrl,
-                userId: args.userId,
-                agentToken: args.agentToken,
-                task,
-            }).catch((error) => {
-                const message = error instanceof Error ? error.message : String(error);
-                writeAgentInfraError(`run completion notify failed runId=${task.id}: ${message}`);
-            });
-        }
         writeRunStatus(task.id, `completed status=${task.status} exitCode=${task.resultExitCode ?? "null"} signal=${task.resultSignal ?? "null"}`);
     });
-    activeRuns.set(task.id, { task, child, logPath, logStream, requestCancel });
+    activeRuns.set(task.id, { task, child, requestCancel });
     persistRetainedRun(task);
+    void persistRunTask(task).catch(() => undefined);
     writeRunStatus(task.id, `started requestId=${args.requestId} cwd=${prepared.taskWorkspace}`);
     return cloneRunTask(task);
 }
-async function notifyServerRunFinished(args) {
-    if (!args.task.chatId || (args.task.status !== "completed" && args.task.status !== "failed")) {
-        return;
+function shellSingleQuote(value) {
+    return `'${value.replace(/'/g, `'"'"'`)}'`;
+}
+function stripAnsi(value) {
+    return value.replace(ANSI_RE, "");
+}
+function normalizeCodexModel(value) {
+    const normalized = typeof value === "string" ? value.trim() : "";
+    return normalized || "gpt-5.4";
+}
+function normalizeCodexRpcRequest(args) {
+    const requestId = typeof args.request.requestId === "string" ? args.request.requestId.trim() : "";
+    const responseSubject = typeof args.request.responseSubject === "string" ? args.request.responseSubject.trim() : "";
+    const requestAgentId = typeof args.request.agentId === "string" ? args.request.agentId.trim() : "";
+    const runId = typeof args.request.runId === "string" ? args.request.runId.trim() : "";
+    const prompt = typeof args.request.prompt === "string" ? args.request.prompt.trim() : "";
+    if (!requestId || !responseSubject || !requestAgentId || requestAgentId !== args.agentId || !runId || !prompt) {
+        throw new Error("invalid codex rpc request");
     }
-    await postJson(`${args.serverBaseUrl}/api/agent/run-finished`, {
-        userId: args.userId,
-        agentToken: args.agentToken,
-        chatId: args.task.chatId,
-        runId: args.task.id,
-        command: args.task.command,
-        status: args.task.status,
-        exitCode: args.task.resultExitCode,
-        signal: args.task.resultSignal,
-        finishedAt: args.task.finishedAt,
-        error: args.task.error,
+    return {
+        requestId,
+        responseSubject,
+        runId,
+        prompt,
+        sessionId: typeof args.request.sessionId === "string" && args.request.sessionId.trim() ? args.request.sessionId.trim() : null,
+        cwd: typeof args.request.cwd === "string" && args.request.cwd.trim() ? args.request.cwd.trim() : null,
+        model: normalizeCodexModel(args.request.model),
+        runtimeEnvPatch: normalizeEnvPatch(args.request.runtimeEnvPatch),
+        codexAuthBundle: normalizeShellRpcCodexAuthBundle(args.request.codexAuth),
+    };
+}
+function buildManagedCodexCommand(args) {
+    const fixedArgs = ["--dangerously-bypass-approvals-and-sandbox"];
+    const codexArgs = args.sessionId
+        ? ["exec", "resume", "--json", args.sessionId, args.prompt]
+        : ["exec", "--json", args.prompt];
+    const commandArgs = [...fixedArgs, "--model", args.model, ...codexArgs].map(shellSingleQuote).join(" ");
+    const direct = `exec codex ${commandArgs}`;
+    const fallback = `exec npm exec --yes --package doer-agent -- codex ${commandArgs}`;
+    const script = [
+        "if command -v codex >/dev/null 2>&1; then",
+        `  ${direct}`,
+        "fi",
+        fallback,
+    ].join("\n");
+    return `bash -lc ${shellSingleQuote(script)}`;
+}
+function publishCodexRpcResponse(args) {
+    args.nc.publish(args.responseSubject, codexRpcCodec.encode(JSON.stringify(args.payload)));
+}
+function buildLocalCodexCliCommand(args) {
+    const quotedArgs = args.map(shellSingleQuote).join(" ");
+    const direct = `exec codex ${quotedArgs}`;
+    const fallback = `exec npm exec --yes --package doer-agent -- codex ${quotedArgs}`;
+    const script = [
+        "if command -v codex >/dev/null 2>&1; then",
+        `  ${direct}`,
+        "fi",
+        fallback,
+    ].join("\n");
+    return `bash -lc ${shellSingleQuote(script)}`;
+}
+async function runLocalCodexCli(args, timeoutMs) {
+    const command = buildLocalCodexCliCommand(args);
+    const workspaceRoot = workspaceRootOverride ?? (process.env.WORKSPACE?.trim() || process.cwd());
+    const env = {
+        ...process.env,
+        WORKSPACE: workspaceRoot,
+        CODEX_HOME: resolveCodexHomePath(),
+    };
+    return await new Promise((resolve, reject) => {
+        const child = spawn(command, {
+            cwd: workspaceRoot,
+            shell: resolveShellPath(),
+            env,
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        let stdout = "";
+        let stderr = "";
+        let done = false;
+        let timedOut = false;
+        child.stdout.setEncoding("utf8");
+        child.stderr.setEncoding("utf8");
+        child.stdout.on("data", (chunk) => {
+            stdout += chunk;
+        });
+        child.stderr.on("data", (chunk) => {
+            stderr += chunk;
+        });
+        const timer = setTimeout(() => {
+            timedOut = true;
+            sendSignalToTaskProcess(child, "SIGTERM");
+            setTimeout(() => sendSignalToTaskProcess(child, "SIGKILL"), 1000);
+        }, Math.max(500, timeoutMs));
+        child.once("error", (error) => {
+            if (done) {
+                return;
+            }
+            done = true;
+            clearTimeout(timer);
+            reject(error);
+        });
+        child.once("exit", (code) => {
+            if (done) {
+                return;
+            }
+            done = true;
+            clearTimeout(timer);
+            resolve({ code, stdout, stderr, timedOut });
+        });
     });
 }
-async function handleRunRpcMessage(args) {
+function parseCodexDeviceAuthOutput(raw) {
+    const text = stripAnsi(raw);
+    const urlMatch = text.match(/https?:\/\/[^\s]+/i);
+    const codeMatch = text.match(/\b[A-Z0-9]{4,}(?:-[A-Z0-9]{4,})+\b/);
+    return {
+        verificationUri: urlMatch?.[0] ?? null,
+        userCode: codeMatch?.[0] ?? null,
+    };
+}
+function pendingCodexDeviceAuthMessage(state) {
+    const parsed = parseCodexDeviceAuthOutput(state.output);
+    if (parsed.verificationUri && parsed.userCode) {
+        return `Waiting for approval. Enter code ${parsed.userCode} at ${parsed.verificationUri}`;
+    }
+    return stripAnsi(state.output).trim() || "Waiting for approval";
+}
+async function getLocalCodexLoginStatus() {
+    const result = await runLocalCodexCli(["login", "status"], 5000);
+    const merged = stripAnsi([result.stdout, result.stderr].filter(Boolean).join("\n")).trim();
+    return {
+        loggedIn: (result.code ?? 1) === 0,
+        output: merged || ((result.code ?? 1) === 0 ? "Logged in" : "Not logged in"),
+    };
+}
+async function waitForCodexDeviceCode(state, timeoutMs) {
+    const startedAt = Date.now();
+    while (Date.now() - startedAt < timeoutMs) {
+        const parsed = parseCodexDeviceAuthOutput(state.output);
+        if (parsed.verificationUri && parsed.userCode) {
+            return;
+        }
+        if (state.child.exitCode !== null) {
+            return;
+        }
+        await new Promise((resolve) => setTimeout(resolve, 100));
+    }
+}
+function normalizeSettingsRpcRequest(args) {
+    const requestId = typeof args.request.requestId === "string" ? args.request.requestId.trim() : "";
+    const responseSubject = typeof args.request.responseSubject === "string" ? args.request.responseSubject.trim() : "";
+    const requestAgentId = typeof args.request.agentId === "string" ? args.request.agentId.trim() : "";
+    const action = args.request.action === "update" ? "update" : "get";
+    if (!requestId || !responseSubject || !requestAgentId || requestAgentId !== args.agentId) {
+        throw new Error("invalid settings rpc request");
+    }
+    return {
+        requestId,
+        responseSubject,
+        action,
+        patch: normalizeAgentSettingsPatch(args.request.patch),
+        defaults: args.request.defaults && typeof args.request.defaults === "object" && !Array.isArray(args.request.defaults)
+            ? normalizeAgentSettingsConfig(args.request.defaults)
+            : null,
+    };
+}
+function publishSettingsRpcResponse(args) {
+    args.nc.publish(args.responseSubject, settingsRpcCodec.encode(JSON.stringify(args.payload)));
+}
+async function handleSettingsRpcMessage(args) {
     let requestId = "unknown";
     let responseSubject = "";
     try {
-        const payload = JSON.parse(runRpcCodec.decode(args.msg.data));
-        const request = normalizeRunRpcRequest({ request: payload, agentId: args.agentId });
+        const payload = JSON.parse(settingsRpcCodec.decode(args.msg.data));
+        const request = normalizeSettingsRpcRequest({ request: payload, agentId: args.agentId });
         requestId = request.requestId;
         responseSubject = request.responseSubject;
-        if (request.action === "start") {
-            const task = await startManagedRun({
-                requestId,
-                runId: request.runId ?? requestId,
-                serverBaseUrl: args.serverBaseUrl,
-                userId: args.userId,
-                agentId: args.agentId,
-                command: request.command ?? "",
-                cwd: request.cwd,
-                chatId: request.chatId,
-                runtimeEnvPatch: request.runtimeEnvPatch,
-                codexAuthBundle: request.codexAuthBundle,
-                agentToken: args.agentToken,
-            });
-            publishRunRpcResponse({ nc: args.jetstream.nc, responseSubject, payload: { requestId, ok: true, task } });
-            return;
-        }
-        if (request.action === "list") {
-            const tasks = [...activeRuns.values()].map((entry) => cloneRunTask(entry.task));
-            const retained = [...retainedRuns.values()].filter((task) => !activeRuns.has(task.id)).map((task) => cloneRunTask(task));
-            const merged = [...tasks, ...retained]
-                .sort((a, b) => Date.parse(b.updatedAt) - Date.parse(a.updatedAt))
-                .slice(0, request.limit);
-            publishRunRpcResponse({ nc: args.jetstream.nc, responseSubject, payload: { requestId, ok: true, tasks: merged } });
-            return;
-        }
-        const stored = request.runId ? getStoredRun(request.runId) : null;
-        if (!stored || stored.agentId !== args.agentId || stored.userId !== args.userId) {
-            throw new Error("Run not found");
+        const existing = await readAgentSettingsConfig(request.defaults);
+        const next = request.action === "update" ? normalizeAgentSettingsConfig(request.patch, existing) : existing;
+        if (request.action === "update") {
+            await writeAgentSettingsConfig(next);
         }
-        if (request.action === "cancel") {
-            const active = activeRuns.get(stored.id);
-            active?.requestCancel();
-            const task = cloneRunTask(active?.task ?? stored);
-            publishRunRpcResponse({ nc: args.jetstream.nc, responseSubject, payload: { requestId, ok: true, task } });
-            return;
+        else if (request.defaults) {
+            const filePath = resolveAgentSettingsFilePath();
+            const raw = await readFile(filePath, "utf8").catch(() => "");
+            if (!raw.trim()) {
+                await writeAgentSettingsConfig(next);
+            }
         }
-        const task = cloneRunTask(stored, request.sinceSeq);
-        publishRunRpcResponse({ nc: args.jetstream.nc, responseSubject, payload: { requestId, ok: true, task } });
+        publishSettingsRpcResponse({
+            nc: args.jetstream.nc,
+            responseSubject,
+            payload: {
+                requestId,
+                ok: true,
+                settings: toAgentSettingsPublic(next),
+            },
+        });
     }
     catch (error) {
         const message = error instanceof Error ? error.message : String(error);
         if (responseSubject) {
-            publishRunRpcResponse({
+            publishSettingsRpcResponse({
                 nc: args.jetstream.nc,
                 responseSubject,
                 payload: { requestId, ok: false, error: message },
             });
         }
-        writeAgentError(`run rpc failed requestId=${requestId} error=${message}`);
+        writeAgentError(`settings rpc failed requestId=${requestId} error=${message}`);
     }
 }
-function subscribeToRunRpc(args) {
-    const subject = buildAgentRunRpcSubject(args.userId, args.agentId);
+function subscribeToSettingsRpc(args) {
+    const subject = buildAgentSettingsRpcSubject(args.userId, args.agentId);
     args.jetstream.nc.subscribe(subject, {
         callback: (error, msg) => {
             if (error) {
                 const message = error instanceof Error ? error.message : String(error);
-                writeAgentError(`run rpc subscription error: ${message}`);
+                writeAgentError(`settings rpc subscription error: ${message}`);
                 return;
             }
-            void handleRunRpcMessage({
+            void handleSettingsRpcMessage({
                 msg,
                 jetstream: args.jetstream,
-                serverBaseUrl: args.serverBaseUrl,
-                userId: args.userId,
                 agentId: args.agentId,
-                agentToken: args.agentToken,
             });
         },
     });
-    writeAgentInfo(`run rpc subscribed subject=${subject}`);
-}
-function isLikelyNatsAuthError(error) {
-    const message = (error instanceof Error ? error.message : String(error)).toLowerCase();
-    return (message.includes("auth")
-        || message.includes("authorization")
-        || message.includes("authentication")
-        || message.includes("permission")
-        || message.includes("jwt")
-        || message.includes("token"));
-}
-function isLikelyNatsReconnectError(error) {
-    const message = (error instanceof Error ? error.message : String(error)).toLowerCase();
-    return (message.includes("connection_closed")
-        || message.includes("connection closed")
-        || message.includes("closed connection")
-        || message.includes("disconnected")
-        || message.includes("timeout")
-        || message.includes("no responders"));
+    writeAgentInfo(`settings rpc subscribed subject=${subject}`);
 }
-function sendSignalToTaskProcess(child, signal) {
-    if (process.platform !== "win32" && typeof child.pid === "number") {
-        try {
-            // Detached child owns a process group; signal the whole group first.
-            process.kill(-child.pid, signal);
-            return;
-        }
-        catch {
-            // Fall back to direct child signaling.
-        }
-    }
-    try {
-        child.kill(signal);
+async function startLocalCodexDeviceAuth() {
+    if (pendingCodexDeviceAuth && pendingCodexDeviceAuth.child.exitCode === null) {
+        const parsed = parseCodexDeviceAuthOutput(pendingCodexDeviceAuth.output);
+        return {
+            loggedIn: false,
+            output: pendingCodexDeviceAuthMessage(pendingCodexDeviceAuth),
+            verificationUri: parsed.verificationUri,
+            userCode: parsed.userCode,
+        };
+    }
+    const workspaceRoot = workspaceRootOverride ?? (process.env.WORKSPACE?.trim() || process.cwd());
+    const child = spawn(buildLocalCodexCliCommand(["login", "--device-auth"]), {
+        cwd: workspaceRoot,
+        shell: resolveShellPath(),
+        detached: process.platform !== "win32",
+        env: {
+            ...process.env,
+            WORKSPACE: workspaceRoot,
+            CODEX_HOME: resolveCodexHomePath(),
+        },
+        stdio: ["ignore", "pipe", "pipe"],
+    });
+    child.stdout.setEncoding("utf8");
+    child.stderr.setEncoding("utf8");
+    const state = { child, output: "" };
+    pendingCodexDeviceAuth = state;
+    const appendOutput = (chunk) => {
+        state.output += chunk;
+    };
+    child.stdout.on("data", appendOutput);
+    child.stderr.on("data", appendOutput);
+    child.once("exit", () => {
+        if (pendingCodexDeviceAuth === state) {
+            pendingCodexDeviceAuth = null;
+        }
+    });
+    await waitForCodexDeviceCode(state, 8000);
+    const parsed = parseCodexDeviceAuthOutput(state.output);
+    if ((!parsed.verificationUri || !parsed.userCode) && state.child.exitCode !== null) {
+        throw new Error("Failed to read device code from Codex CLI");
+    }
+    return {
+        loggedIn: false,
+        output: pendingCodexDeviceAuthMessage(state),
+        verificationUri: parsed.verificationUri,
+        userCode: parsed.userCode,
+    };
+}
+async function startLocalCodexLogin() {
+    const workspaceRoot = workspaceRootOverride ?? (process.env.WORKSPACE?.trim() || process.cwd());
+    const child = spawn(buildLocalCodexCliCommand(["login"]), {
+        cwd: workspaceRoot,
+        shell: resolveShellPath(),
+        detached: process.platform !== "win32",
+        env: {
+            ...process.env,
+            WORKSPACE: workspaceRoot,
+            CODEX_HOME: resolveCodexHomePath(),
+        },
+        stdio: ["ignore", "pipe", "pipe"],
+    });
+    let output = "";
+    child.stdout.setEncoding("utf8");
+    child.stderr.setEncoding("utf8");
+    child.stdout.on("data", (chunk) => {
+        output += chunk;
+    });
+    child.stderr.on("data", (chunk) => {
+        output += chunk;
+    });
+    const result = await new Promise((resolve, reject) => {
+        child.once("error", reject);
+        child.once("exit", (code) => resolve({ code, output }));
+    });
+    const normalized = stripAnsi(result.output).trim();
+    const parsed = parseCodexDeviceAuthOutput(result.output);
+    if ((result.code ?? 1) === 0) {
+        const status = await getLocalCodexLoginStatus().catch(() => null);
+        return {
+            loggedIn: status?.loggedIn === true,
+            output: status?.output || normalized || "Login started",
+            verificationUri: parsed.verificationUri,
+            userCode: parsed.userCode,
+        };
+    }
+    throw new Error(normalized || `Codex login failed with code ${result.code ?? "null"}`);
+}
+async function logoutLocalCodexAuth() {
+    if (pendingCodexDeviceAuth && pendingCodexDeviceAuth.child.exitCode === null) {
+        sendSignalToTaskProcess(pendingCodexDeviceAuth.child, "SIGTERM");
+        setTimeout(() => {
+            if (pendingCodexDeviceAuth?.child.exitCode === null) {
+                sendSignalToTaskProcess(pendingCodexDeviceAuth.child, "SIGKILL");
+            }
+        }, 1000);
+        pendingCodexDeviceAuth = null;
+    }
+    const result = await runLocalCodexCli(["logout"], 5000);
+    let merged = stripAnsi([result.stdout, result.stderr].filter(Boolean).join("\n")).trim();
+    const statusAfterLogout = await getLocalCodexLoginStatus().catch(() => null);
+    if (statusAfterLogout?.loggedIn) {
+        const authFile = path.join(resolveCodexHomePath(), "auth.json");
+        await unlink(authFile).catch(() => undefined);
+        const statusAfterDelete = await getLocalCodexLoginStatus().catch(() => null);
+        if (statusAfterDelete?.output) {
+            merged = [merged, statusAfterDelete.output].filter(Boolean).join("\n");
+        }
+    }
+    return {
+        loggedIn: false,
+        output: merged || "Logged out",
+    };
+}
+function normalizeCodexAuthRpcRequest(args) {
+    const requestId = typeof args.request.requestId === "string" ? args.request.requestId.trim() : "";
+    const responseSubject = typeof args.request.responseSubject === "string" ? args.request.responseSubject.trim() : "";
+    const requestAgentId = typeof args.request.agentId === "string" ? args.request.agentId.trim() : "";
+    const actionRaw = typeof args.request.action === "string" ? args.request.action.trim() : "";
+    const action = actionRaw === "start" || actionRaw === "logout" ? actionRaw : "status";
+    if (!requestId || !responseSubject || !requestAgentId || requestAgentId !== args.agentId) {
+        throw new Error("invalid codex auth rpc request");
+    }
+    return { requestId, responseSubject, action };
+}
+function publishCodexAuthRpcResponse(args) {
+    args.nc.publish(args.responseSubject, codexAuthRpcCodec.encode(JSON.stringify(args.payload)));
+}
+async function handleCodexAuthRpcMessage(args) {
+    let requestId = "unknown";
+    let responseSubject = "";
+    try {
+        const payload = JSON.parse(codexAuthRpcCodec.decode(args.msg.data));
+        const request = normalizeCodexAuthRpcRequest({ request: payload, agentId: args.agentId });
+        requestId = request.requestId;
+        responseSubject = request.responseSubject;
+        let result = null;
+        if (request.action === "start") {
+            const status = await getLocalCodexLoginStatus();
+            if (status.loggedIn) {
+                result = { loggedIn: true, output: status.output };
+            }
+            else {
+                try {
+                    result = await startLocalCodexDeviceAuth();
+                }
+                catch (error) {
+                    const message = error instanceof Error ? error.message : String(error);
+                    const normalized = message.toLowerCase();
+                    if (normalized.includes("operation not permitted") ||
+                        normalized.includes("failed to read device code") ||
+                        normalized.includes("panic") ||
+                        normalized.includes("null object")) {
+                        result = await startLocalCodexLogin();
+                    }
+                    else {
+                        throw error;
+                    }
+                }
+            }
+        }
+        else if (request.action === "logout") {
+            result = await logoutLocalCodexAuth();
+        }
+        else {
+            const status = await getLocalCodexLoginStatus();
+            if (status.loggedIn) {
+                result = { loggedIn: true, output: status.output };
+            }
+            else if (pendingCodexDeviceAuth && pendingCodexDeviceAuth.child.exitCode === null) {
+                const parsed = parseCodexDeviceAuthOutput(pendingCodexDeviceAuth.output);
+                result = {
+                    loggedIn: false,
+                    output: pendingCodexDeviceAuthMessage(pendingCodexDeviceAuth),
+                    verificationUri: parsed.verificationUri,
+                    userCode: parsed.userCode,
+                };
+            }
+            else {
+                result = { loggedIn: false, output: status.output || "Not logged in" };
+            }
+        }
+        publishCodexAuthRpcResponse({
+            nc: args.jetstream.nc,
+            responseSubject,
+            payload: {
+                requestId,
+                ok: true,
+                loggedIn: result.loggedIn,
+                output: result.output,
+                verificationUri: result.verificationUri ?? null,
+                userCode: result.userCode ?? null,
+            },
+        });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (responseSubject) {
+            publishCodexAuthRpcResponse({
+                nc: args.jetstream.nc,
+                responseSubject,
+                payload: { requestId, ok: false, error: message },
+            });
+        }
+        writeAgentError(`codex auth rpc failed requestId=${requestId} error=${message}`);
+    }
+}
+function subscribeToCodexAuthRpc(args) {
+    const subject = buildAgentCodexAuthRpcSubject(args.userId, args.agentId);
+    args.jetstream.nc.subscribe(subject, {
+        callback: (error, msg) => {
+            if (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                writeAgentError(`codex auth rpc subscription error: ${message}`);
+                return;
+            }
+            void handleCodexAuthRpcMessage({
+                msg,
+                jetstream: args.jetstream,
+                agentId: args.agentId,
+            });
+        },
+    });
+    writeAgentInfo(`codex auth rpc subscribed subject=${subject}`);
+}
+async function handleCodexRpcMessage(args) {
+    let requestId = "unknown";
+    let responseSubject = "";
+    try {
+        const payload = JSON.parse(codexRpcCodec.decode(args.msg.data));
+        const request = normalizeCodexRpcRequest({ request: payload, agentId: args.agentId });
+        requestId = request.requestId;
+        responseSubject = request.responseSubject;
+        const task = await startManagedRun({
+            requestId,
+            runId: request.runId,
+            serverBaseUrl: args.serverBaseUrl,
+            userId: args.userId,
+            agentId: args.agentId,
+            sessionId: request.sessionId,
+            command: buildManagedCodexCommand({
+                prompt: request.prompt,
+                sessionId: request.sessionId,
+                model: request.model,
+            }),
+            cwd: request.cwd,
+            runtimeEnvPatch: request.runtimeEnvPatch,
+            codexAuthBundle: request.codexAuthBundle,
+            agentToken: args.agentToken,
+        });
+        publishCodexRpcResponse({
+            nc: args.jetstream.nc,
+            responseSubject,
+            payload: { requestId, ok: true, task },
+        });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (responseSubject) {
+            publishCodexRpcResponse({
+                nc: args.jetstream.nc,
+                responseSubject,
+                payload: { requestId, ok: false, error: message },
+            });
+        }
+        writeAgentError(`codex rpc failed requestId=${requestId} error=${message}`);
+    }
+}
+function subscribeToCodexRpc(args) {
+    const subject = buildAgentCodexRpcSubject(args.userId, args.agentId);
+    args.jetstream.nc.subscribe(subject, {
+        callback: (error, msg) => {
+            if (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                writeAgentError(`codex rpc subscription error: ${message}`);
+                return;
+            }
+            void handleCodexRpcMessage({
+                msg,
+                jetstream: args.jetstream,
+                serverBaseUrl: args.serverBaseUrl,
+                userId: args.userId,
+                agentId: args.agentId,
+                agentToken: args.agentToken,
+            });
+        },
+    });
+    writeAgentInfo(`codex rpc subscribed subject=${subject}`);
+}
+function runLocalCommand(command, args, cwd) {
+    return new Promise((resolve, reject) => {
+        const child = spawn(command, args, {
+            cwd,
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        let stdout = "";
+        let stderr = "";
+        child.stdout.setEncoding("utf8");
+        child.stderr.setEncoding("utf8");
+        child.stdout.on("data", (chunk) => {
+            stdout += chunk;
+        });
+        child.stderr.on("data", (chunk) => {
+            stderr += chunk;
+        });
+        child.once("error", reject);
+        child.once("close", (code) => {
+            resolve({ code: code ?? 1, stdout, stderr });
+        });
+    });
+}
+function sanitizeGitRef(value) {
+    if (typeof value !== "string" || !value.trim()) {
+        return null;
+    }
+    const trimmed = value.trim();
+    if (trimmed.startsWith("-") || /\s/.test(trimmed) || trimmed.includes("..") || trimmed.includes(":")) {
+        throw new Error(`Invalid git ref: ${trimmed}`);
+    }
+    return trimmed;
+}
+function sanitizeGitPathspec(value) {
+    if (typeof value !== "string") {
+        throw new Error("Invalid pathspec");
+    }
+    const trimmed = value.trim().replace(/\\/g, "/");
+    if (!trimmed || trimmed.startsWith("-") || trimmed.includes("\0")) {
+        throw new Error(`Invalid pathspec: ${trimmed}`);
+    }
+    return trimmed;
+}
+function normalizeGitRpcRequest(args) {
+    const requestId = typeof args.request.requestId === "string" ? args.request.requestId.trim() : "";
+    const responseSubject = typeof args.request.responseSubject === "string" ? args.request.responseSubject.trim() : "";
+    const requestAgentId = typeof args.request.agentId === "string" ? args.request.agentId.trim() : "";
+    const targetPath = typeof args.request.targetPath === "string" ? args.request.targetPath.trim() : "";
+    if (!requestId || !responseSubject || !requestAgentId || requestAgentId !== args.agentId || !targetPath) {
+        throw new Error("invalid git rpc request");
+    }
+    const format = args.request.format === "name-only" ||
+        args.request.format === "name-status" ||
+        args.request.format === "stat" ||
+        args.request.format === "numstat" ||
+        args.request.format === "raw"
+        ? args.request.format
+        : "patch";
+    const ignoreWhitespace = args.request.ignoreWhitespace === "at-eol" ||
+        args.request.ignoreWhitespace === "change" ||
+        args.request.ignoreWhitespace === "all"
+        ? args.request.ignoreWhitespace
+        : "none";
+    const diffAlgorithm = args.request.diffAlgorithm === "minimal" ||
+        args.request.diffAlgorithm === "patience" ||
+        args.request.diffAlgorithm === "histogram"
+        ? args.request.diffAlgorithm
+        : "default";
+    const contextRaw = Number(args.request.contextLines);
+    const contextLines = Number.isFinite(contextRaw) ? Math.max(0, Math.min(200, Math.trunc(contextRaw))) : null;
+    const pathspecs = Array.isArray(args.request.pathspecs) ? args.request.pathspecs.map((item) => sanitizeGitPathspec(item)) : [];
+    return {
+        requestId,
+        responseSubject,
+        targetPath,
+        base: sanitizeGitRef(args.request.base),
+        target: sanitizeGitRef(args.request.target),
+        mergeBase: args.request.mergeBase === true,
+        staged: args.request.staged === true,
+        format,
+        contextLines,
+        ignoreWhitespace,
+        diffAlgorithm,
+        findRenames: args.request.findRenames === true,
+        pathspecs,
+    };
+}
+function buildAgentGitDiffArgs(repoRootAbs, request) {
+    const args = ["-C", repoRootAbs, "diff", "--no-color"];
+    const displayParts = ["git", "diff", "--no-color"];
+    if (request.staged) {
+        args.push("--cached");
+        displayParts.push("--cached");
+    }
+    if (typeof request.contextLines === "number") {
+        args.push(`-U${request.contextLines}`);
+        displayParts.push(`-U${request.contextLines}`);
+    }
+    if (request.ignoreWhitespace === "at-eol") {
+        args.push("--ignore-space-at-eol");
+        displayParts.push("--ignore-space-at-eol");
+    }
+    else if (request.ignoreWhitespace === "change") {
+        args.push("--ignore-space-change");
+        displayParts.push("--ignore-space-change");
+    }
+    else if (request.ignoreWhitespace === "all") {
+        args.push("--ignore-all-space");
+        displayParts.push("--ignore-all-space");
+    }
+    if (request.diffAlgorithm !== "default") {
+        args.push(`--diff-algorithm=${request.diffAlgorithm}`);
+        displayParts.push(`--diff-algorithm=${request.diffAlgorithm}`);
+    }
+    if (request.findRenames) {
+        args.push("--find-renames");
+        displayParts.push("--find-renames");
+    }
+    if (request.format === "name-only") {
+        args.push("--name-only");
+        displayParts.push("--name-only");
+    }
+    else if (request.format === "name-status") {
+        args.push("--name-status");
+        displayParts.push("--name-status");
+    }
+    else if (request.format === "stat") {
+        args.push("--stat");
+        displayParts.push("--stat");
+    }
+    else if (request.format === "numstat") {
+        args.push("--numstat");
+        displayParts.push("--numstat");
+    }
+    else if (request.format === "raw") {
+        args.push("--raw");
+        displayParts.push("--raw");
+    }
+    if (request.mergeBase) {
+        if (!request.base || !request.target) {
+            throw new Error("mergeBase mode requires both base and target");
+        }
+        const merged = `${request.base}...${request.target}`;
+        args.push(merged);
+        displayParts.push(merged);
+    }
+    else {
+        if (request.base) {
+            args.push(request.base);
+            displayParts.push(request.base);
+        }
+        if (request.target) {
+            args.push(request.target);
+            displayParts.push(request.target);
+        }
+    }
+    if (request.pathspecs.length > 0) {
+        args.push("--", ...request.pathspecs);
+        displayParts.push("--", ...request.pathspecs);
+    }
+    return { args, display: displayParts.join(" ") };
+}
+function buildUntrackedText(format, untrackedPaths) {
+    if (untrackedPaths.length === 0) {
+        return "";
+    }
+    if (format === "name-status" || format === "raw") {
+        return `${untrackedPaths.map((item) => `??\t${item}`).join("\n")}\n`;
+    }
+    if (format === "name-only") {
+        return `${untrackedPaths.join("\n")}\n`;
+    }
+    return `\n# Untracked files\n${untrackedPaths.join("\n")}\n`;
+}
+async function appendAgentLocalUntrackedDiff(repoRootAbs, request, baseOutput) {
+    const listArgs = ["-C", repoRootAbs, "ls-files", "--others", "--exclude-standard"];
+    if (request.pathspecs.length > 0) {
+        listArgs.push("--", ...request.pathspecs);
+    }
+    const listResult = await runLocalCommand("git", listArgs, repoRootAbs);
+    if (listResult.code !== 0) {
+        return { output: baseOutput, hasUntracked: false };
+    }
+    const untrackedPaths = listResult.stdout.split(/\r?\n/).map((item) => item.trim()).filter(Boolean);
+    if (untrackedPaths.length === 0) {
+        return { output: baseOutput, hasUntracked: false };
+    }
+    if (request.format !== "patch") {
+        return { output: `${baseOutput}${buildUntrackedText(request.format, untrackedPaths)}`, hasUntracked: true };
+    }
+    let output = baseOutput;
+    for (const relPath of untrackedPaths) {
+        const diffResult = await runLocalCommand("git", ["-C", repoRootAbs, "diff", "--no-color", "--no-index", "--", "/dev/null", relPath], repoRootAbs);
+        if (diffResult.code !== 0 && diffResult.code !== 1) {
+            throw new Error(diffResult.stderr.trim() || `Failed to render agent untracked diff: ${relPath}`);
+        }
+        if (diffResult.stdout) {
+            output += diffResult.stdout;
+            if (!output.endsWith("\n")) {
+                output += "\n";
+            }
+        }
+    }
+    return { output, hasUntracked: true };
+}
+function publishGitRpcResponse(args) {
+    args.nc.publish(args.responseSubject, gitRpcCodec.encode(JSON.stringify(args.payload)));
+}
+async function handleGitRpcMessage(args) {
+    let requestId = "unknown";
+    let responseSubject = "";
+    try {
+        const payload = JSON.parse(gitRpcCodec.decode(args.msg.data));
+        const request = normalizeGitRpcRequest({ request: payload, agentId: args.agentId });
+        requestId = request.requestId;
+        responseSubject = request.responseSubject;
+        if (!request.targetPath.startsWith("/")) {
+            throw new Error("agent source requires an absolute directory path");
+        }
+        const topLevelResult = await runLocalCommand("git", ["-C", request.targetPath, "rev-parse", "--show-toplevel"], request.targetPath);
+        if (topLevelResult.code !== 0) {
+            publishGitRpcResponse({
+                nc: args.jetstream.nc,
+                responseSubject,
+                payload: {
+                    requestId,
+                    ok: true,
+                    payload: {
+                        isGitRepo: false,
+                        mode: "git_diff",
+                        source: "agent",
+                        agent: { id: args.agentId, name: null },
+                        currentPath: request.targetPath,
+                        repoRoot: null,
+                        repoRelativePath: null,
+                        branch: null,
+                        gitDiff: {
+                            command: "git diff --no-color",
+                            format: "patch",
+                            output: "",
+                            outputTruncated: false,
+                        },
+                        message: "현재 경로가 Git 저장소가 아닙니다.",
+                    },
+                },
+            });
+            return;
+        }
+        const repoRootAbs = topLevelResult.stdout.trim();
+        const prefixResult = await runLocalCommand("git", ["-C", request.targetPath, "rev-parse", "--show-prefix"], request.targetPath);
+        const repoRelativePath = prefixResult.code === 0 ? (prefixResult.stdout.trim().replace(/\/$/, "") || ".") : ".";
+        const branchResult = await runLocalCommand("git", ["-C", repoRootAbs, "symbolic-ref", "--quiet", "--short", "HEAD"], repoRootAbs);
+        const detachedResult = branchResult.code === 0 ? null : await runLocalCommand("git", ["-C", repoRootAbs, "rev-parse", "--short", "HEAD"], repoRootAbs);
+        const branch = branchResult.code === 0 ? branchResult.stdout.trim() || null : detachedResult && detachedResult.code === 0 ? detachedResult.stdout.trim() || null : null;
+        const gitDiffArgs = buildAgentGitDiffArgs(repoRootAbs, request);
+        const gitDiffResult = await runLocalCommand("git", gitDiffArgs.args, repoRootAbs);
+        if (gitDiffResult.code !== 0) {
+            throw new Error(gitDiffResult.stderr.trim() || "Failed to run agent git diff");
+        }
+        const withUntracked = await appendAgentLocalUntrackedDiff(repoRootAbs, request, gitDiffResult.stdout);
+        publishGitRpcResponse({
+            nc: args.jetstream.nc,
+            responseSubject,
+            payload: {
+                requestId,
+                ok: true,
+                payload: {
+                    isGitRepo: true,
+                    mode: "git_diff",
+                    source: "agent",
+                    agent: { id: args.agentId, name: null },
+                    currentPath: request.targetPath,
+                    repoRoot: repoRootAbs,
+                    repoRelativePath,
+                    branch,
+                    gitDiff: {
+                        command: withUntracked.hasUntracked ? `${gitDiffArgs.display} (+ untracked)` : gitDiffArgs.display,
+                        format: request.format,
+                        output: withUntracked.output,
+                        outputTruncated: false,
+                    },
+                },
+            },
+        });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (responseSubject) {
+            publishGitRpcResponse({
+                nc: args.jetstream.nc,
+                responseSubject,
+                payload: { requestId, ok: false, error: message },
+            });
+        }
+        writeAgentError(`git rpc failed requestId=${requestId} error=${message}`);
+    }
+}
+function subscribeToGitRpc(args) {
+    const subject = buildAgentGitRpcSubject(args.userId, args.agentId);
+    args.jetstream.nc.subscribe(subject, {
+        callback: (error, msg) => {
+            if (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                writeAgentError(`git rpc subscription error: ${message}`);
+                return;
+            }
+            void handleGitRpcMessage({
+                msg,
+                jetstream: args.jetstream,
+                userId: args.userId,
+                agentId: args.agentId,
+            });
+        },
+    });
+    writeAgentInfo(`git rpc subscribed subject=${subject}`);
+}
+async function handleRunRpcMessage(args) {
+    let requestId = "unknown";
+    let responseSubject = "";
+    try {
+        const payload = JSON.parse(runRpcCodec.decode(args.msg.data));
+        const request = normalizeRunRpcRequest({ request: payload, agentId: args.agentId });
+        requestId = request.requestId;
+        responseSubject = request.responseSubject;
+        if (request.action === "start") {
+            const task = await startManagedRun({
+                requestId,
+                runId: request.runId ?? requestId,
+                serverBaseUrl: args.serverBaseUrl,
+                userId: args.userId,
+                agentId: args.agentId,
+                sessionId: null,
+                command: request.command ?? "",
+                cwd: request.cwd,
+                runtimeEnvPatch: request.runtimeEnvPatch,
+                codexAuthBundle: request.codexAuthBundle,
+                agentToken: args.agentToken,
+            });
+            publishRunRpcResponse({ nc: args.jetstream.nc, responseSubject, payload: { requestId, ok: true, task } });
+            return;
+        }
+        if (request.action === "list") {
+            const tasks = [...activeRuns.values()].map((entry) => cloneRunTask(entry.task));
+            const retained = [...retainedRuns.values()].filter((task) => !activeRuns.has(task.id)).map((task) => cloneRunTask(task));
+            const merged = [...tasks, ...retained]
+                .sort((a, b) => Date.parse(b.updatedAt) - Date.parse(a.updatedAt))
+                .slice(0, request.limit);
+            publishRunRpcResponse({ nc: args.jetstream.nc, responseSubject, payload: { requestId, ok: true, tasks: merged } });
+            return;
+        }
+        const stored = request.runId ? getStoredRun(request.runId) : null;
+        if (!stored || stored.agentId !== args.agentId || stored.userId !== args.userId) {
+            throw new Error("Run not found");
+        }
+        if (request.action === "cancel") {
+            const active = activeRuns.get(stored.id);
+            active?.requestCancel();
+            const task = cloneRunTask(active?.task ?? stored);
+            publishRunRpcResponse({ nc: args.jetstream.nc, responseSubject, payload: { requestId, ok: true, task } });
+            return;
+        }
+        const task = cloneRunTask(stored, request.sinceSeq);
+        publishRunRpcResponse({ nc: args.jetstream.nc, responseSubject, payload: { requestId, ok: true, task } });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (responseSubject) {
+            publishRunRpcResponse({
+                nc: args.jetstream.nc,
+                responseSubject,
+                payload: { requestId, ok: false, error: message },
+            });
+        }
+        writeAgentError(`run rpc failed requestId=${requestId} error=${message}`);
+    }
+}
+function subscribeToRunRpc(args) {
+    const subject = buildAgentRunRpcSubject(args.userId, args.agentId);
+    args.jetstream.nc.subscribe(subject, {
+        callback: (error, msg) => {
+            if (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                writeAgentError(`run rpc subscription error: ${message}`);
+                return;
+            }
+            void handleRunRpcMessage({
+                msg,
+                jetstream: args.jetstream,
+                serverBaseUrl: args.serverBaseUrl,
+                userId: args.userId,
+                agentId: args.agentId,
+                agentToken: args.agentToken,
+            });
+        },
+    });
+    writeAgentInfo(`run rpc subscribed subject=${subject}`);
+}
+function isLikelyNatsAuthError(error) {
+    const message = (error instanceof Error ? error.message : String(error)).toLowerCase();
+    return (message.includes("auth")
+        || message.includes("authorization")
+        || message.includes("authentication")
+        || message.includes("permission")
+        || message.includes("jwt")
+        || message.includes("token"));
+}
+function isLikelyNatsReconnectError(error) {
+    const message = (error instanceof Error ? error.message : String(error)).toLowerCase();
+    return (message.includes("connection_closed")
+        || message.includes("connection closed")
+        || message.includes("closed connection")
+        || message.includes("disconnected")
+        || message.includes("timeout")
+        || message.includes("no responders"));
+}
+function sendSignalToTaskProcess(child, signal) {
+    if (process.platform !== "win32" && typeof child.pid === "number") {
+        try {
+            // Detached child owns a process group; signal the whole group first.
+            process.kill(-child.pid, signal);
+            return;
+        }
+        catch {
+            // Fall back to direct child signaling.
+        }
+    }
+    try {
+        child.kill(signal);
+    }
+    catch {
+        // noop
+    }
+}
+function requestTaskCancellation(taskId, reason) {
+    const requestCancel = activeTaskCancelRequests.get(taskId);
+    if (!requestCancel) {
+        return false;
+    }
+    try {
+        requestCancel();
+        writeAgentInfo(`task cancel requested taskId=${taskId} via=${reason}`);
+        return true;
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        writeAgentError(`task cancel request failed taskId=${taskId} via=${reason}: ${message}`);
+        return false;
+    }
+}
+function resolveLogTimeZone() {
+    const configured = process.env.DOER_AGENT_LOG_TIMEZONE?.trim() || process.env.TZ?.trim();
+    return configured && configured.length > 0 ? configured : "Asia/Seoul";
+}
+function resolveTimeZoneOffsetString(date, timeZone) {
+    try {
+        const parts = new Intl.DateTimeFormat("en-US", {
+            timeZone,
+            timeZoneName: "shortOffset",
+            hour: "2-digit",
+            minute: "2-digit",
+            hour12: false,
+        }).formatToParts(date);
+        const token = parts.find((part) => part.type === "timeZoneName")?.value || "GMT+0";
+        const matched = token.match(/GMT([+-]\d{1,2})(?::?(\d{2}))?/i);
+        if (!matched) {
+            return "+00:00";
+        }
+        const hourRaw = matched[1] || "+0";
+        const minuteRaw = matched[2] || "00";
+        const sign = hourRaw.startsWith("-") ? "-" : "+";
+        const absHour = String(Math.abs(Number.parseInt(hourRaw, 10))).padStart(2, "0");
+        const absMinute = String(Math.abs(Number.parseInt(minuteRaw, 10))).padStart(2, "0");
+        return `${sign}${absHour}:${absMinute}`;
+    }
+    catch {
+        return "+00:00";
+    }
+}
+function formatLocalTimestamp(date = new Date()) {
+    const timeZone = resolveLogTimeZone();
+    try {
+        const parts = new Intl.DateTimeFormat("en-CA", {
+            timeZone,
+            year: "numeric",
+            month: "2-digit",
+            day: "2-digit",
+            hour: "2-digit",
+            minute: "2-digit",
+            second: "2-digit",
+            hour12: false,
+        }).formatToParts(date);
+        const pick = (type) => {
+            return parts.find((part) => part.type === type)?.value || "00";
+        };
+        const year = pick("year");
+        const month = pick("month");
+        const day = pick("day");
+        const hours = pick("hour");
+        const minutes = pick("minute");
+        const seconds = pick("second");
+        const ms = String(date.getMilliseconds()).padStart(3, "0");
+        const offset = resolveTimeZoneOffsetString(date, timeZone);
+        return `${year}-${month}-${day}T${hours}:${minutes}:${seconds}.${ms}${offset}`;
     }
     catch {
-        // noop
+        return date.toISOString();
+    }
+}
+function parseArgs(argv) {
+    const out = {};
+    for (let i = 0; i < argv.length; i += 1) {
+        const key = argv[i];
+        if (!key.startsWith("--")) {
+            continue;
+        }
+        const value = argv[i + 1];
+        if (typeof value === "string" && !value.startsWith("--")) {
+            out[key.slice(2)] = value;
+            i += 1;
+            continue;
+        }
+        out[key.slice(2)] = "true";
+    }
+    return out;
+}
+function resolveArgOrEnv(args, argKeys, envKeys, fallback = "") {
+    for (const key of argKeys) {
+        const value = args[key]?.trim();
+        if (value) {
+            return value;
+        }
+    }
+    for (const key of envKeys) {
+        const value = process.env[key]?.trim();
+        if (value) {
+            return value;
+        }
+    }
+    return fallback;
+}
+function resolveShellPath() {
+    if (process.platform === "win32") {
+        return process.env.ComSpec || "cmd.exe";
+    }
+    const candidates = [process.env.SHELL, "/bin/bash", "/usr/bin/bash", "/bin/sh", "/usr/bin/sh"].filter((value) => typeof value === "string" && value.trim().length > 0);
+    for (const candidate of candidates) {
+        if (existsSync(candidate)) {
+            return candidate;
+        }
+    }
+    throw new Error("No shell executable found. Set SHELL env or install /bin/sh (or bash).");
+}
+function resolveTaskWorkspace(rawCwd) {
+    const workspaceRoot = workspaceRootOverride ?? (process.env.WORKSPACE?.trim() || process.cwd());
+    const requestedCwd = rawCwd?.trim() || "";
+    const resolvedCwd = requestedCwd
+        ? path.isAbsolute(requestedCwd)
+            ? path.resolve(requestedCwd)
+            : path.resolve(workspaceRoot, requestedCwd)
+        : workspaceRoot;
+    if (!existsSync(resolvedCwd)) {
+        throw new Error(`Invalid cwd: ${requestedCwd || "(empty)"} resolved to ${resolvedCwd} (path does not exist)`);
+    }
+    let stats;
+    try {
+        stats = statSync(resolvedCwd);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`Invalid cwd: ${requestedCwd || "(empty)"} resolved to ${resolvedCwd} (${message})`);
+    }
+    if (!stats.isDirectory()) {
+        throw new Error(`Invalid cwd: ${requestedCwd || "(empty)"} resolved to ${resolvedCwd} (not a directory)`);
+    }
+    return resolvedCwd;
+}
+function buildAgentFsRpcSubject(userId, agentId) {
+    return `doer.agent.fs.rpc.${sanitizeUserId(userId)}.${agentId.trim()}`;
+}
+function buildAgentShellRpcSubject(userId, agentId) {
+    return `doer.agent.shell.rpc.${sanitizeUserId(userId)}.${agentId.trim()}`;
+}
+function normalizeFsRpcPath(rawPath) {
+    const root = workspaceRootOverride ?? (process.env.WORKSPACE?.trim() || process.cwd());
+    const raw = typeof rawPath === "string" && rawPath.trim() ? rawPath.trim() : ".";
+    const normalizedRaw = raw.replace(/\\/g, "/");
+    const useAbsolute = path.isAbsolute(normalizedRaw);
+    const rel = normalizedRaw.replace(/^\/+/, "") || ".";
+    const abs = useAbsolute ? path.resolve(normalizedRaw) : path.resolve(root, rel);
+    if (!useAbsolute && abs !== root && !abs.startsWith(root + path.sep)) {
+        throw new Error("path escapes workspace root");
+    }
+    const formatPath = (target) => {
+        if (useAbsolute) {
+            return target.split(path.sep).join("/") || "/";
+        }
+        return path.relative(root, target).split(path.sep).join("/") || ".";
+    };
+    return { abs, formatPath };
+}
+function parseFsRpcAction(value) {
+    if (value === "list" ||
+        value === "stat" ||
+        value === "fetch_file" ||
+        value === "read_text" ||
+        value === "read_file" ||
+        value === "write_file" ||
+        value === "download_file") {
+        return value;
+    }
+    throw new Error("unsupported action");
+}
+function normalizeFsRpcNumber(value, fallback) {
+    const n = Number(value);
+    if (!Number.isFinite(n)) {
+        return fallback;
+    }
+    return Math.floor(n);
+}
+function inferMimeType(filePath) {
+    const ext = path.extname(filePath).toLowerCase();
+    if (ext === ".txt" || ext === ".md" || ext === ".log") {
+        return "text/plain";
+    }
+    if (ext === ".json") {
+        return "application/json";
+    }
+    if (ext === ".js" || ext === ".mjs" || ext === ".cjs") {
+        return "text/javascript";
+    }
+    if (ext === ".ts" || ext === ".tsx") {
+        return "text/typescript";
+    }
+    if (ext === ".jsx") {
+        return "text/jsx";
+    }
+    if (ext === ".css") {
+        return "text/css";
+    }
+    if (ext === ".html" || ext === ".htm") {
+        return "text/html";
+    }
+    if (ext === ".xml") {
+        return "application/xml";
+    }
+    if (ext === ".svg") {
+        return "image/svg+xml";
+    }
+    if (ext === ".png") {
+        return "image/png";
+    }
+    if (ext === ".jpg" || ext === ".jpeg") {
+        return "image/jpeg";
+    }
+    if (ext === ".gif") {
+        return "image/gif";
+    }
+    if (ext === ".webp") {
+        return "image/webp";
+    }
+    if (ext === ".pdf") {
+        return "application/pdf";
+    }
+    return "application/octet-stream";
+}
+async function executeFsRpc(args) {
+    const action = parseFsRpcAction(args.request.action);
+    const { abs, formatPath } = normalizeFsRpcPath(args.request.path);
+    if (action === "stat") {
+        const entry = await stat(abs);
+        return {
+            ok: true,
+            action,
+            path: formatPath(abs),
+            kind: entry.isDirectory() ? "dir" : "file",
+            size: entry.size,
+            mtimeMs: entry.mtimeMs,
+        };
+    }
+    if (action === "list") {
+        const entry = await stat(abs);
+        if (!entry.isDirectory()) {
+            throw new Error("path is not a directory");
+        }
+        const limit = Math.max(1, Math.min(normalizeFsRpcNumber(args.request.limit, 200), 1000));
+        const rows = await readdir(abs, { withFileTypes: true });
+        const items = await Promise.all(rows.map(async (row) => {
+            const child = path.join(abs, row.name);
+            const childStat = await stat(child);
+            return {
+                name: row.name,
+                path: formatPath(child),
+                kind: row.isDirectory() ? "dir" : "file",
+                size: childStat.size,
+                mtimeMs: childStat.mtimeMs,
+            };
+        }));
+        items.sort((a, b) => (a.kind === b.kind ? a.name.localeCompare(b.name) : a.kind === "dir" ? -1 : 1));
+        return {
+            ok: true,
+            action,
+            path: formatPath(abs),
+            items: items.slice(0, limit),
+            truncated: items.length > limit,
+            total: items.length,
+        };
+    }
+    if (action === "fetch_file") {
+        const entry = await stat(abs);
+        if (!entry.isFile()) {
+            throw new Error("path is not a file");
+        }
+        const uploadUrl = typeof args.request.uploadUrl === "string" ? args.request.uploadUrl : "";
+        const agentId = typeof args.request.agentId === "string" ? args.request.agentId : "";
+        if (!uploadUrl || !agentId) {
+            throw new Error("missing upload parameters");
+        }
+        const data = await readFile(abs);
+        const fileName = path.basename(abs) || "file";
+        const form = new FormData();
+        form.append("file", new File([data], fileName));
+        form.append("agentId", agentId);
+        const response = await fetch(uploadUrl, {
+            method: "POST",
+            headers: { Authorization: `Bearer ${args.agentToken}` },
+            body: form,
+        });
+        const text = await response.text();
+        let upload = {};
+        try {
+            upload = JSON.parse(text || "{}");
+        }
+        catch {
+            upload = {};
+        }
+        if (!response.ok) {
+            const message = typeof upload.error === "string" ? upload.error : `upload failed: ${response.status}`;
+            throw new Error(message);
+        }
+        return {
+            ok: true,
+            action,
+            path: formatPath(abs),
+            size: entry.size,
+            upload,
+        };
+    }
+    if (action === "write_file") {
+        const contentBase64 = typeof args.request.contentBase64 === "string" ? args.request.contentBase64 : "";
+        if (!contentBase64) {
+            throw new Error("contentBase64 is required");
+        }
+        const parentDir = path.dirname(abs);
+        await mkdir(parentDir, { recursive: true });
+        const bytes = Buffer.from(contentBase64, "base64");
+        await writeFile(abs, bytes);
+        const entry = await stat(abs);
+        return {
+            ok: true,
+            action,
+            path: formatPath(abs),
+            absolutePath: abs.split(path.sep).join("/"),
+            size: entry.size,
+            mimeType: inferMimeType(abs),
+            mtimeMs: entry.mtimeMs,
+        };
+    }
+    if (action === "download_file") {
+        const downloadPath = typeof args.request.downloadPath === "string" ? args.request.downloadPath.trim() : "";
+        if (!downloadPath) {
+            throw new Error("downloadPath is required");
+        }
+        const downloadUrl = new URL(downloadPath, `${args.serverBaseUrl}/`).toString();
+        const response = await fetch(downloadUrl, {
+            method: "GET",
+            headers: {
+                Authorization: `Bearer ${args.agentToken}`,
+            },
+        });
+        if (!response.ok) {
+            const text = await response.text().catch(() => "");
+            throw new Error(text || `download failed: ${response.status}`);
+        }
+        const bytes = Buffer.from(await response.arrayBuffer());
+        const parentDir = path.dirname(abs);
+        await mkdir(parentDir, { recursive: true });
+        await writeFile(abs, bytes);
+        const entry = await stat(abs);
+        return {
+            ok: true,
+            action,
+            path: formatPath(abs),
+            absolutePath: abs.split(path.sep).join("/"),
+            size: entry.size,
+            mimeType: inferMimeType(abs),
+            mtimeMs: entry.mtimeMs,
+        };
+    }
+    const entry = await stat(abs);
+    if (!entry.isFile()) {
+        throw new Error("path is not a file");
     }
-}
-function requestTaskCancellation(taskId, reason) {
-    const requestCancel = activeTaskCancelRequests.get(taskId);
-    if (!requestCancel) {
-        return false;
+    if (action === "read_file") {
+        const maxBytes = Math.max(1, Math.min(normalizeFsRpcNumber(args.request.maxBytes, 2_000_000), 5_000_000));
+        const data = await readFile(abs);
+        const truncated = data.byteLength > maxBytes;
+        const bytes = truncated ? data.subarray(0, maxBytes) : data;
+        return {
+            ok: true,
+            action,
+            path: formatPath(abs),
+            mimeType: inferMimeType(abs),
+            size: entry.size,
+            truncated,
+            contentBase64: bytes.toString("base64"),
+        };
     }
+    const offset = Math.max(0, normalizeFsRpcNumber(args.request.offset, 0));
+    const length = Math.max(1, Math.min(normalizeFsRpcNumber(args.request.length, 65536), 262144));
+    const encoding = typeof args.request.encoding === "string" && args.request.encoding ? args.request.encoding : "utf8";
+    const fd = await open(abs, "r");
     try {
-        requestCancel();
-        writeAgentInfo(`task cancel requested taskId=${taskId} via=${reason}`);
-        return true;
+        const buffer = Buffer.alloc(length);
+        const readResult = await fd.read(buffer, 0, length, offset);
+        const slice = buffer.subarray(0, readResult.bytesRead);
+        try {
+            const text = slice.toString(encoding);
+            return {
+                ok: true,
+                action,
+                path: formatPath(abs),
+                offset,
+                length: readResult.bytesRead,
+                totalSize: entry.size,
+                eof: offset + readResult.bytesRead >= entry.size,
+                encoding,
+                text,
+                bytesRead: readResult.bytesRead,
+            };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : "failed to decode text";
+            return {
+                ok: false,
+                action,
+                path: formatPath(abs),
+                error: message,
+            };
+        }
     }
-    catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
-        writeAgentError(`task cancel request failed taskId=${taskId} via=${reason}: ${message}`);
-        return false;
+    finally {
+        await fd.close();
     }
 }
-function resolveLogTimeZone() {
-    const configured = process.env.DOER_AGENT_LOG_TIMEZONE?.trim() || process.env.TZ?.trim();
-    return configured && configured.length > 0 ? configured : "Asia/Seoul";
-}
-function resolveTimeZoneOffsetString(date, timeZone) {
-    try {
-        const parts = new Intl.DateTimeFormat("en-US", {
-            timeZone,
-            timeZoneName: "shortOffset",
-            hour: "2-digit",
-            minute: "2-digit",
-            hour12: false,
-        }).formatToParts(date);
-        const token = parts.find((part) => part.type === "timeZoneName")?.value || "GMT+0";
-        const matched = token.match(/GMT([+-]\d{1,2})(?::?(\d{2}))?/i);
-        if (!matched) {
-            return "+00:00";
-        }
-        const hourRaw = matched[1] || "+0";
-        const minuteRaw = matched[2] || "00";
-        const sign = hourRaw.startsWith("-") ? "-" : "+";
-        const absHour = String(Math.abs(Number.parseInt(hourRaw, 10))).padStart(2, "0");
-        const absMinute = String(Math.abs(Number.parseInt(minuteRaw, 10))).padStart(2, "0");
-        return `${sign}${absHour}:${absMinute}`;
+function normalizeSessionRpcRequest(args) {
+    const requestId = typeof args.request.requestId === "string" ? args.request.requestId.trim() : "";
+    if (!requestId) {
+        throw new Error("missing requestId");
     }
-    catch {
-        return "+00:00";
+    const requestAgentId = typeof args.request.agentId === "string" ? args.request.agentId.trim() : "";
+    if (!requestAgentId || requestAgentId !== args.agentId) {
+        throw new Error("agent id mismatch");
+    }
+    const actionRaw = typeof args.request.action === "string" ? args.request.action.trim() : "";
+    const action = actionRaw === "messages" || actionRaw === "delete" || actionRaw === "watch" || actionRaw === "stop_watch"
+        ? actionRaw
+        : "list";
+    const responseSubject = typeof args.request.responseSubject === "string" ? args.request.responseSubject.trim() : "";
+    if (!responseSubject) {
+        throw new Error("missing responseSubject");
+    }
+    const filePath = typeof args.request.filePath === "string" && args.request.filePath.trim() ? args.request.filePath.trim() : null;
+    if ((action === "messages" || action === "delete" || action === "watch") && !filePath) {
+        throw new Error("missing filePath");
     }
+    const sinceLineRaw = Number(args.request.sinceLine);
+    const sinceLine = Number.isInteger(sinceLineRaw) && sinceLineRaw > 0 ? sinceLineRaw : 0;
+    const beforeRowIdRaw = Number(args.request.beforeRowId);
+    const beforeRowId = Number.isInteger(beforeRowIdRaw) && beforeRowIdRaw > 0 ? beforeRowIdRaw : null;
+    const pageSizeRaw = Number(args.request.pageSize);
+    const pageSize = Number.isFinite(pageSizeRaw) ? Math.max(1, Math.min(Math.floor(pageSizeRaw), 100)) : 100;
+    const watchId = typeof args.request.watchId === "string" && args.request.watchId.trim() ? args.request.watchId.trim() : null;
+    if (action === "stop_watch" && !watchId) {
+        throw new Error("missing watchId");
+    }
+    return {
+        requestId,
+        action,
+        agentId: requestAgentId,
+        filePath,
+        sessionId: typeof args.request.sessionId === "string" && args.request.sessionId.trim() ? args.request.sessionId.trim() : null,
+        sinceLine,
+        beforeRowId,
+        pageSize,
+        responseSubject,
+        watchId,
+    };
 }
-function formatLocalTimestamp(date = new Date()) {
-    const timeZone = resolveLogTimeZone();
-    try {
-        const parts = new Intl.DateTimeFormat("en-CA", {
-            timeZone,
-            year: "numeric",
-            month: "2-digit",
-            day: "2-digit",
-            hour: "2-digit",
-            minute: "2-digit",
-            second: "2-digit",
-            hour12: false,
-        }).formatToParts(date);
-        const pick = (type) => {
-            return parts.find((part) => part.type === type)?.value || "00";
-        };
-        const year = pick("year");
-        const month = pick("month");
-        const day = pick("day");
-        const hours = pick("hour");
-        const minutes = pick("minute");
-        const seconds = pick("second");
-        const ms = String(date.getMilliseconds()).padStart(3, "0");
-        const offset = resolveTimeZoneOffsetString(date, timeZone);
-        return `${year}-${month}-${day}T${hours}:${minutes}:${seconds}.${ms}${offset}`;
+function getSessionsRootPath() {
+    const workspaceRoot = workspaceRootOverride ?? (process.env.WORKSPACE?.trim() || process.cwd());
+    return path.join(workspaceRoot, ".codex", "sessions");
+}
+function resolveSessionFilePath(filePath) {
+    const root = path.resolve(getSessionsRootPath());
+    const resolved = path.resolve(filePath);
+    if (!(resolved === root || resolved.startsWith(root + path.sep))) {
+        throw new Error("filePath is outside sessions root");
     }
-    catch {
-        return date.toISOString();
+    return resolved;
+}
+function isObjectRecord(value) {
+    return !!value && typeof value === "object" && !Array.isArray(value);
+}
+function toTrimmedStringOrNull(value) {
+    if (typeof value !== "string") {
+        return null;
     }
+    const trimmed = value.trim();
+    return trimmed || null;
 }
-function parseArgs(argv) {
-    const out = {};
-    for (let i = 0; i < argv.length; i += 1) {
-        const key = argv[i];
-        if (!key.startsWith("--")) {
+function pickSessionString(...values) {
+    for (const value of values) {
+        const picked = toTrimmedStringOrNull(value);
+        if (picked) {
+            return picked;
+        }
+    }
+    return null;
+}
+async function collectSessionJsonlFiles(rootDir) {
+    const out = [];
+    const stack = [rootDir];
+    while (stack.length > 0) {
+        const current = stack.pop();
+        if (!current) {
             continue;
         }
-        const value = argv[i + 1];
-        if (typeof value === "string" && !value.startsWith("--")) {
-            out[key.slice(2)] = value;
-            i += 1;
+        let entries = [];
+        try {
+            entries = await readdir(current, { withFileTypes: true });
+        }
+        catch {
             continue;
         }
-        out[key.slice(2)] = "true";
+        for (const entry of entries) {
+            const fullPath = path.join(current, entry.name);
+            if (entry.isDirectory()) {
+                stack.push(fullPath);
+                continue;
+            }
+            if (!entry.isFile() || !entry.name.toLowerCase().endsWith(".jsonl")) {
+                continue;
+            }
+            try {
+                const entryStat = await stat(fullPath);
+                out.push({ filePath: fullPath, mtimeMs: entryStat.mtimeMs });
+            }
+            catch {
+                // ignore removed files
+            }
+        }
     }
     return out;
 }
-function resolveArgOrEnv(args, argKeys, envKeys, fallback = "") {
-    for (const key of argKeys) {
-        const value = args[key]?.trim();
-        if (value) {
-            return value;
+async function readFirstLine(fileHandle, fileSize) {
+    const chunkBytes = 16_384;
+    const maxScanBytes = 262_144;
+    let position = 0;
+    let scanned = 0;
+    let raw = "";
+    while (position < fileSize && scanned < maxScanBytes) {
+        const readSize = Math.min(chunkBytes, fileSize - position, maxScanBytes - scanned);
+        const buffer = Buffer.alloc(readSize);
+        const { bytesRead } = await fileHandle.read(buffer, 0, readSize, position);
+        if (bytesRead <= 0) {
+            break;
+        }
+        raw += buffer.toString("utf8", 0, bytesRead);
+        scanned += bytesRead;
+        position += bytesRead;
+        const newlineIndex = raw.search(/\r?\n/);
+        if (newlineIndex >= 0) {
+            return raw.slice(0, newlineIndex).trim();
         }
     }
-    for (const key of envKeys) {
-        const value = process.env[key]?.trim();
-        if (value) {
-            return value;
+    return raw.trim();
+}
+function extractLastAgentMessage(candidateLines) {
+    let fallback = null;
+    for (const line of candidateLines) {
+        const trimmed = line.trim();
+        if (!trimmed) {
+            continue;
+        }
+        try {
+            const parsed = JSON.parse(trimmed);
+            if (parsed.type !== "event_msg" || !isObjectRecord(parsed.payload)) {
+                continue;
+            }
+            if (parsed.payload.type === "agent_message" && typeof parsed.payload.message === "string" && parsed.payload.message.trim()) {
+                return {
+                    message: parsed.payload.message.trim(),
+                    updatedAt: toTrimmedStringOrNull(parsed.timestamp),
+                };
+            }
+            if (!fallback &&
+                parsed.payload.type === "task_complete" &&
+                typeof parsed.payload.last_agent_message === "string" &&
+                parsed.payload.last_agent_message.trim()) {
+                fallback = {
+                    message: parsed.payload.last_agent_message.trim(),
+                    updatedAt: toTrimmedStringOrNull(parsed.timestamp),
+                };
+            }
+        }
+        catch {
+            // ignore malformed lines
         }
     }
     return fallback;
 }
-function resolveShellPath() {
-    if (process.platform === "win32") {
-        return process.env.ComSpec || "cmd.exe";
+async function readLastAgentMessage(fileHandle, fileSize) {
+    const chunkBytes = 16_384;
+    const maxScanBytes = 131_072;
+    if (fileSize <= 0) {
+        return null;
     }
-    const candidates = [process.env.SHELL, "/bin/bash", "/usr/bin/bash", "/bin/sh", "/usr/bin/sh"].filter((value) => typeof value === "string" && value.trim().length > 0);
-    for (const candidate of candidates) {
-        if (existsSync(candidate)) {
-            return candidate;
+    let position = fileSize;
+    let scanned = 0;
+    let carry = "";
+    while (position > 0 && scanned < maxScanBytes) {
+        const readSize = Math.min(chunkBytes, position, maxScanBytes - scanned);
+        position -= readSize;
+        scanned += readSize;
+        const buffer = Buffer.alloc(readSize);
+        const { bytesRead } = await fileHandle.read(buffer, 0, readSize, position);
+        if (bytesRead <= 0) {
+            break;
+        }
+        const merged = buffer.toString("utf8", 0, bytesRead) + carry;
+        const lines = merged.split(/\r?\n/);
+        carry = lines.shift() || "";
+        const found = extractLastAgentMessage(lines.reverse());
+        if (found) {
+            return found;
         }
     }
-    throw new Error("No shell executable found. Set SHELL env or install /bin/sh (or bash).");
+    return extractLastAgentMessage([carry]);
 }
-function resolveTaskWorkspace(rawCwd) {
-    const workspaceRoot = workspaceRootOverride ?? (process.env.WORKSPACE?.trim() || process.cwd());
-    const requestedCwd = rawCwd?.trim() || "";
-    const resolvedCwd = requestedCwd
-        ? path.isAbsolute(requestedCwd)
-            ? path.resolve(requestedCwd)
-            : path.resolve(workspaceRoot, requestedCwd)
-        : workspaceRoot;
-    if (!existsSync(resolvedCwd)) {
-        throw new Error(`Invalid cwd: ${requestedCwd || "(empty)"} resolved to ${resolvedCwd} (path does not exist)`);
-    }
-    let stats;
+function normalizeSessionMeta(rawMeta, filePath, mtimeMs) {
+    const baseName = path.basename(filePath, path.extname(filePath));
+    const meta = isObjectRecord(rawMeta) ? rawMeta : {};
+    const updatedAtCandidate = pickSessionString(meta.updatedAt, meta.updated_at, meta.timestamp);
+    return {
+        id: pickSessionString(meta.sessionId, meta.session_id, meta.id) || baseName,
+        label: pickSessionString(meta.label, meta.title, meta.name, meta.sessionLabel, meta.session_label) || baseName,
+        updatedAt: updatedAtCandidate || new Date(mtimeMs).toISOString(),
+        cwd: pickSessionString(meta.cwd, meta.workingDirectory, meta.working_directory),
+        source: pickSessionString(meta.source, meta.sessionSource, meta.session_source) || "codex",
+        originator: pickSessionString(meta.originator, meta.author, meta.user, meta.username) || "unknown",
+        filePath,
+    };
+}
+async function readSessionSummary(filePath, mtimeMs) {
+    let fileHandle = null;
     try {
-        stats = statSync(resolvedCwd);
+        fileHandle = await open(filePath, "r");
+        const entryStat = await fileHandle.stat();
+        const firstLine = await readFirstLine(fileHandle, entryStat.size);
+        const tailSummary = await readLastAgentMessage(fileHandle, entryStat.size);
+        let normalized = normalizeSessionMeta({}, filePath, mtimeMs);
+        if (firstLine) {
+            try {
+                const parsed = JSON.parse(firstLine);
+                const candidateMeta = parsed && parsed.type === "session_meta" && isObjectRecord(parsed.payload)
+                    ? parsed.payload
+                    : isObjectRecord(parsed.session_meta)
+                        ? parsed.session_meta
+                        : isObjectRecord(parsed.sessionMeta)
+                            ? parsed.sessionMeta
+                            : isObjectRecord(parsed.meta)
+                                ? parsed.meta
+                                : isObjectRecord(parsed.payload)
+                                    ? parsed.payload
+                                    : parsed;
+                normalized = normalizeSessionMeta(candidateMeta, filePath, mtimeMs);
+            }
+            catch {
+                normalized = normalizeSessionMeta({}, filePath, mtimeMs);
+            }
+        }
+        return {
+            ...normalized,
+            label: tailSummary?.message || "(no agent message)",
+            updatedAt: tailSummary?.updatedAt || normalized.updatedAt,
+        };
     }
-    catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
-        throw new Error(`Invalid cwd: ${requestedCwd || "(empty)"} resolved to ${resolvedCwd} (${message})`);
+    catch {
+        return normalizeSessionMeta({}, filePath, mtimeMs);
     }
-    if (!stats.isDirectory()) {
-        throw new Error(`Invalid cwd: ${requestedCwd || "(empty)"} resolved to ${resolvedCwd} (not a directory)`);
+    finally {
+        await fileHandle?.close().catch(() => undefined);
     }
-    return resolvedCwd;
-}
-function buildAgentFsRpcSubject(userId, agentId) {
-    return `doer.agent.fs.rpc.${sanitizeUserId(userId)}.${agentId.trim()}`;
 }
-function buildAgentShellRpcSubject(userId, agentId) {
-    return `doer.agent.shell.rpc.${sanitizeUserId(userId)}.${agentId.trim()}`;
+async function listAgentSessions() {
+    const sessionsRoot = getSessionsRootPath();
+    let sessionsRootStat;
+    try {
+        sessionsRootStat = await stat(sessionsRoot);
+    }
+    catch {
+        return [];
+    }
+    if (!sessionsRootStat.isDirectory()) {
+        return [];
+    }
+    const files = await collectSessionJsonlFiles(sessionsRoot);
+    files.sort((a, b) => b.mtimeMs - a.mtimeMs || a.filePath.localeCompare(b.filePath));
+    const sessions = await Promise.all(files.slice(0, 10).map((file) => readSessionSummary(file.filePath, file.mtimeMs)));
+    return sessions.sort((a, b) => Date.parse(b.updatedAt) - Date.parse(a.updatedAt) || b.filePath.localeCompare(a.filePath));
 }
-function normalizeFsRpcPath(rawPath) {
-    const root = workspaceRootOverride ?? (process.env.WORKSPACE?.trim() || process.cwd());
-    const raw = typeof rawPath === "string" && rawPath.trim() ? rawPath.trim() : ".";
-    const normalizedRaw = raw.replace(/\\/g, "/");
-    const useAbsolute = path.isAbsolute(normalizedRaw);
-    const rel = normalizedRaw.replace(/^\/+/, "") || ".";
-    const abs = useAbsolute ? path.resolve(normalizedRaw) : path.resolve(root, rel);
-    if (!useAbsolute && abs !== root && !abs.startsWith(root + path.sep)) {
-        throw new Error("path escapes workspace root");
+async function readSessionLineIndex(filePath) {
+    const resolvedFile = resolveSessionFilePath(filePath);
+    const entryStat = await stat(resolvedFile);
+    const nextSize = entryStat.size;
+    const cached = sessionLineIndexCache.get(resolvedFile) ?? null;
+    if (cached && cached.size === nextSize) {
+        return cached;
     }
-    const formatPath = (target) => {
-        if (useAbsolute) {
-            return target.split(path.sep).join("/") || "/";
+    const fileHandle = await open(resolvedFile, "r");
+    try {
+        let lineStartOffsets = cached?.lineStartOffsets.slice() ?? [];
+        let scanStart = cached?.size ?? 0;
+        let endsWithNewline = cached?.endsWithNewline ?? false;
+        if (!cached || nextSize < cached.size) {
+            lineStartOffsets = nextSize > 0 ? [0] : [];
+            scanStart = 0;
+            endsWithNewline = false;
+        }
+        else if (cached.endsWithNewline && nextSize > cached.size) {
+            lineStartOffsets.push(cached.size);
+        }
+        let position = scanStart;
+        const chunkBytes = 65_536;
+        while (position < nextSize) {
+            const readSize = Math.min(chunkBytes, nextSize - position);
+            const buffer = Buffer.alloc(readSize);
+            const { bytesRead } = await fileHandle.read(buffer, 0, readSize, position);
+            if (bytesRead <= 0) {
+                break;
+            }
+            for (let index = 0; index < bytesRead; index += 1) {
+                if (buffer[index] !== 0x0a) {
+                    continue;
+                }
+                const nextLineStart = position + index + 1;
+                if (nextLineStart < nextSize) {
+                    lineStartOffsets.push(nextLineStart);
+                }
+            }
+            position += bytesRead;
+        }
+        if (nextSize > 0) {
+            const tail = Buffer.alloc(1);
+            const { bytesRead } = await fileHandle.read(tail, 0, 1, nextSize - 1);
+            endsWithNewline = bytesRead > 0 && tail[0] === 0x0a;
+        }
+        else {
+            endsWithNewline = false;
+        }
+        const nextEntry = {
+            size: nextSize,
+            lineStartOffsets,
+            endsWithNewline,
+        };
+        sessionLineIndexCache.set(resolvedFile, nextEntry);
+        return nextEntry;
+    }
+    finally {
+        await fileHandle.close().catch(() => undefined);
+    }
+}
+async function getAgentSessionRawRows(args) {
+    const resolvedFile = resolveSessionFilePath(args.filePath);
+    const index = await readSessionLineIndex(resolvedFile);
+    const totalLines = index.lineStartOffsets.length;
+    const sinceLine = Math.max(0, Math.floor(args.sinceLine));
+    const beforeRowId = args.beforeRowId && args.beforeRowId > 0 ? Math.floor(args.beforeRowId) : null;
+    const maxRawRows = 200;
+    const maxRawBytes = 120_000;
+    if (totalLines === 0) {
+        return {
+            rawRows: [],
+            nextCursor: 0,
+        };
+    }
+    let startLineIndex = 0;
+    let endLineIndex = totalLines;
+    const getLineSpanBytes = (lineIndex) => {
+        const start = index.lineStartOffsets[lineIndex] ?? index.size;
+        const end = lineIndex + 1 < totalLines ? (index.lineStartOffsets[lineIndex + 1] ?? index.size) : index.size;
+        return Math.max(0, end - start);
+    };
+    if (beforeRowId !== null) {
+        endLineIndex = Math.max(0, Math.min(totalLines, beforeRowId - 1));
+        startLineIndex = endLineIndex;
+        let collectedRows = 0;
+        let collectedBytes = 0;
+        while (startLineIndex > 0 && collectedRows < maxRawRows) {
+            const nextIndex = startLineIndex - 1;
+            const nextBytes = getLineSpanBytes(nextIndex);
+            if (collectedRows > 0 && collectedBytes + nextBytes > maxRawBytes) {
+                break;
+            }
+            startLineIndex = nextIndex;
+            collectedRows += 1;
+            collectedBytes += nextBytes;
+        }
+    }
+    else if (sinceLine > 0) {
+        startLineIndex = Math.min(totalLines, sinceLine);
+        endLineIndex = startLineIndex;
+        let collectedRows = 0;
+        let collectedBytes = 0;
+        while (endLineIndex < totalLines && collectedRows < maxRawRows) {
+            const nextBytes = getLineSpanBytes(endLineIndex);
+            if (collectedRows > 0 && collectedBytes + nextBytes > maxRawBytes) {
+                break;
+            }
+            endLineIndex += 1;
+            collectedRows += 1;
+            collectedBytes += nextBytes;
         }
-        return path.relative(root, target).split(path.sep).join("/") || ".";
-    };
-    return { abs, formatPath };
-}
-function parseFsRpcAction(value) {
-    if (value === "list" || value === "stat" || value === "fetch_file" || value === "read_text") {
-        return value;
     }
-    throw new Error("unsupported action");
-}
-function normalizeFsRpcNumber(value, fallback) {
-    const n = Number(value);
-    if (!Number.isFinite(n)) {
-        return fallback;
+    else {
+        startLineIndex = totalLines;
+        let collectedRows = 0;
+        let collectedBytes = 0;
+        while (startLineIndex > 0 && collectedRows < maxRawRows) {
+            const nextIndex = startLineIndex - 1;
+            const nextBytes = getLineSpanBytes(nextIndex);
+            if (collectedRows > 0 && collectedBytes + nextBytes > maxRawBytes) {
+                break;
+            }
+            startLineIndex = nextIndex;
+            collectedRows += 1;
+            collectedBytes += nextBytes;
+        }
     }
-    return Math.floor(n);
-}
-async function executeFsRpc(args) {
-    const action = parseFsRpcAction(args.request.action);
-    const { abs, formatPath } = normalizeFsRpcPath(args.request.path);
-    if (action === "stat") {
-        const entry = await stat(abs);
+    if (startLineIndex >= endLineIndex) {
         return {
-            ok: true,
-            action,
-            path: formatPath(abs),
-            kind: entry.isDirectory() ? "dir" : "file",
-            size: entry.size,
-            mtimeMs: entry.mtimeMs,
+            rawRows: [],
+            nextCursor: endLineIndex,
         };
     }
-    if (action === "list") {
-        const entry = await stat(abs);
-        if (!entry.isDirectory()) {
-            throw new Error("path is not a directory");
-        }
-        const limit = Math.max(1, Math.min(normalizeFsRpcNumber(args.request.limit, 200), 1000));
-        const rows = await readdir(abs, { withFileTypes: true });
-        const items = await Promise.all(rows.map(async (row) => {
-            const child = path.join(abs, row.name);
-            const childStat = await stat(child);
-            return {
-                name: row.name,
-                path: formatPath(child),
-                kind: row.isDirectory() ? "dir" : "file",
-                size: childStat.size,
-                mtimeMs: childStat.mtimeMs,
-            };
-        }));
-        items.sort((a, b) => (a.kind === b.kind ? a.name.localeCompare(b.name) : a.kind === "dir" ? -1 : 1));
+    const startOffset = index.lineStartOffsets[startLineIndex] ?? index.size;
+    const endOffset = endLineIndex < totalLines ? (index.lineStartOffsets[endLineIndex] ?? index.size) : index.size;
+    if (startOffset >= endOffset) {
         return {
-            ok: true,
-            action,
-            path: formatPath(abs),
-            items: items.slice(0, limit),
-            truncated: items.length > limit,
-            total: items.length,
+            rawRows: [],
+            nextCursor: endLineIndex,
         };
     }
-    if (action === "fetch_file") {
-        const entry = await stat(abs);
-        if (!entry.isFile()) {
-            throw new Error("path is not a file");
-        }
-        const uploadUrl = typeof args.request.uploadUrl === "string" ? args.request.uploadUrl : "";
-        const chatId = typeof args.request.chatId === "string" ? args.request.chatId : "";
-        const agentId = typeof args.request.agentId === "string" ? args.request.agentId : "";
-        if (!uploadUrl || !chatId || !agentId) {
-            throw new Error("missing upload parameters");
-        }
-        const data = await readFile(abs);
-        const fileName = path.basename(abs) || "file";
-        const form = new FormData();
-        form.append("file", new File([data], fileName));
-        form.append("chatId", chatId);
-        form.append("agentId", agentId);
-        const response = await fetch(uploadUrl, {
-            method: "POST",
-            headers: { Authorization: `Bearer ${args.agentToken}` },
-            body: form,
-        });
-        const text = await response.text();
-        let upload = {};
-        try {
-            upload = JSON.parse(text || "{}");
-        }
-        catch {
-            upload = {};
+    const fileHandle = await open(resolvedFile, "r");
+    try {
+        const readSize = endOffset - startOffset;
+        const buffer = Buffer.alloc(readSize);
+        const { bytesRead } = await fileHandle.read(buffer, 0, readSize, startOffset);
+        const raw = buffer.toString("utf8", 0, bytesRead);
+        const lines = raw.split(/\r?\n/);
+        if (lines.length > 0 && lines[lines.length - 1] === "") {
+            lines.pop();
         }
-        if (!response.ok) {
-            const message = typeof upload.error === "string" ? upload.error : `upload failed: ${response.status}`;
-            throw new Error(message);
+        const rawRows = [];
+        let lineNumber = startLineIndex + 1;
+        for (const line of lines) {
+            if (line.trim()) {
+                rawRows.push({
+                    id: lineNumber,
+                    raw: line,
+                });
+            }
+            lineNumber += 1;
         }
         return {
-            ok: true,
-            action,
-            path: formatPath(abs),
-            size: entry.size,
-            upload,
+            rawRows,
+            nextCursor: endLineIndex,
         };
     }
-    const entry = await stat(abs);
-    if (!entry.isFile()) {
-        throw new Error("path is not a file");
+    finally {
+        await fileHandle.close().catch(() => undefined);
     }
-    const offset = Math.max(0, normalizeFsRpcNumber(args.request.offset, 0));
-    const length = Math.max(1, Math.min(normalizeFsRpcNumber(args.request.length, 65536), 262144));
-    const encoding = typeof args.request.encoding === "string" && args.request.encoding ? args.request.encoding : "utf8";
-    const fd = await open(abs, "r");
-    try {
-        const buffer = Buffer.alloc(length);
-        const readResult = await fd.read(buffer, 0, length, offset);
-        const slice = buffer.subarray(0, readResult.bytesRead);
+}
+function resolveSessionUploadsDir(sessionId) {
+    const workspaceRoot = workspaceRootOverride ?? (process.env.WORKSPACE?.trim() || process.cwd());
+    const safeSessionId = sessionId.trim().replace(/[^a-zA-Z0-9._-]/g, "_").slice(0, 160) || "session";
+    return path.join(workspaceRoot, ".doer-agent", "sessions", safeSessionId);
+}
+async function deleteAgentSession(filePath, sessionId) {
+    const resolvedFile = resolveSessionFilePath(filePath);
+    sessionLineIndexCache.delete(resolvedFile);
+    await unlink(resolvedFile);
+    if (sessionId) {
+        await rm(resolveSessionUploadsDir(sessionId), { recursive: true, force: true }).catch(() => undefined);
+    }
+    const sessionsRoot = path.resolve(getSessionsRootPath());
+    let currentDir = path.dirname(resolvedFile);
+    while (currentDir.startsWith(sessionsRoot + path.sep)) {
         try {
-            const text = slice.toString(encoding);
-            return {
+            const entries = await readdir(currentDir);
+            if (entries.length > 0) {
+                break;
+            }
+            await rmdir(currentDir);
+        }
+        catch {
+            break;
+        }
+        currentDir = path.dirname(currentDir);
+    }
+}
+function publishSessionRpcResponse(args) {
+    args.nc.publish(args.responseSubject, sessionRpcCodec.encode(JSON.stringify(args.payload)));
+}
+async function startSessionWatch(args) {
+    const resolvedFile = resolveSessionFilePath(args.filePath);
+    const watchId = `watch_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 10)}`;
+    let watcher = null;
+    let active = true;
+    const emitEvent = (event) => {
+        if (!active) {
+            return;
+        }
+        publishSessionRpcResponse({
+            nc: args.nc,
+            responseSubject: args.responseSubject,
+            payload: {
+                requestId: args.requestId,
                 ok: true,
-                action,
-                path: formatPath(abs),
-                offset,
-                length: readResult.bytesRead,
-                totalSize: entry.size,
-                eof: offset + readResult.bytesRead >= entry.size,
-                encoding,
-                text,
-                bytesRead: readResult.bytesRead,
-            };
+                action: "watch",
+                watchId,
+                event,
+            },
+        });
+    };
+    const cleanup = () => {
+        if (!active) {
+            return;
         }
-        catch (error) {
-            const message = error instanceof Error ? error.message : "failed to decode text";
-            return {
-                ok: false,
-                action,
-                path: formatPath(abs),
-                error: message,
-            };
+        active = false;
+        watcher?.close();
+        watcher = null;
+        activeSessionWatchers.delete(watchId);
+    };
+    const notifyFromContent = () => {
+        emitEvent({
+            type: "messages.changed",
+            at: formatLocalTimestamp(),
+        });
+    };
+    watcher = watch(resolvedFile, () => {
+        notifyFromContent();
+    });
+    activeSessionWatchers.set(watchId, cleanup);
+    emitEvent({ type: "stream.started", watchId, at: formatLocalTimestamp() });
+    return watchId;
+}
+async function handleSessionRpcMessage(args) {
+    let requestId = "unknown";
+    let responseSubject = "";
+    try {
+        const payload = JSON.parse(sessionRpcCodec.decode(args.msg.data));
+        const request = normalizeSessionRpcRequest({ request: payload, agentId: args.agentId });
+        requestId = request.requestId;
+        responseSubject = request.responseSubject;
+        if (request.action === "list") {
+            const sessions = await listAgentSessions();
+            publishSessionRpcResponse({
+                nc: args.jetstream.nc,
+                responseSubject,
+                payload: { requestId, ok: true, action: "list", sessions },
+            });
+            return;
+        }
+        if (request.action === "messages") {
+            const result = await getAgentSessionRawRows({
+                filePath: request.filePath ?? "",
+                sinceLine: request.sinceLine,
+                beforeRowId: request.beforeRowId,
+                pageSize: request.pageSize,
+            });
+            publishSessionRpcResponse({
+                nc: args.jetstream.nc,
+                responseSubject,
+                payload: { requestId, ok: true, action: "messages", rawRows: result.rawRows, nextCursor: result.nextCursor },
+            });
+            return;
+        }
+        if (request.action === "delete") {
+            await deleteAgentSession(request.filePath ?? "", request.sessionId);
+            publishSessionRpcResponse({
+                nc: args.jetstream.nc,
+                responseSubject,
+                payload: { requestId, ok: true, action: "delete" },
+            });
+            return;
+        }
+        if (request.action === "watch") {
+            const watchId = await startSessionWatch({
+                nc: args.jetstream.nc,
+                requestId,
+                responseSubject,
+                filePath: request.filePath ?? "",
+            });
+            publishSessionRpcResponse({
+                nc: args.jetstream.nc,
+                responseSubject,
+                payload: { requestId, ok: true, action: "watch", watchId },
+            });
+            return;
         }
+        const stop = request.watchId ? activeSessionWatchers.get(request.watchId) : null;
+        stop?.();
+        publishSessionRpcResponse({
+            nc: args.jetstream.nc,
+            responseSubject,
+            payload: { requestId, ok: true, action: "stop_watch", watchId: request.watchId },
+        });
     }
-    finally {
-        await fd.close();
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (responseSubject) {
+            publishSessionRpcResponse({
+                nc: args.jetstream.nc,
+                responseSubject,
+                payload: {
+                    requestId,
+                    ok: false,
+                    error: message,
+                },
+            });
+        }
+        writeAgentError(`session rpc failed requestId=${requestId} error=${message}`);
     }
 }
+function subscribeToSessionRpc(args) {
+    const subject = buildAgentSessionRpcSubject(args.userId, args.agentId);
+    args.jetstream.nc.subscribe(subject, {
+        callback: (error, msg) => {
+            if (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                writeAgentError(`session rpc subscription error: ${message}`);
+                return;
+            }
+            void handleSessionRpcMessage({
+                msg,
+                jetstream: args.jetstream,
+                agentId: args.agentId,
+            });
+        },
+    });
+    writeAgentInfo(`session rpc subscribed subject=${subject}`);
+}
 async function handleFsRpcMessage(args) {
     let payload = {};
     try {
@@ -1020,7 +3015,11 @@ async function handleFsRpcMessage(args) {
         if (typeof payload.agentId === "string" && payload.agentId.trim() && payload.agentId !== args.agentId) {
             throw new Error("agent id mismatch");
         }
-        const result = await executeFsRpc({ request: payload, agentToken: args.agentToken });
+        const result = await executeFsRpc({
+            request: payload,
+            serverBaseUrl: args.serverBaseUrl,
+            agentToken: args.agentToken,
+        });
         args.msg.respond(fsRpcCodec.encode(JSON.stringify(result)));
     }
     catch (error) {
@@ -1130,7 +3129,8 @@ async function handleShellRpcMessage(args) {
         const startedAtMs = Date.now();
         const prepared = await prepareCommandExecution({
             cwd: request.cwd,
-            runtimeEnvPatch: request.runtimeEnvPatch,
+            userId: args.userId,
+            taskId: request.requestId,
             codexAuthBundle: request.codexAuthBundle,
         });
         const child = spawnPreparedCommand({
@@ -1217,6 +3217,7 @@ function subscribeToShellRpc(args) {
             void handleShellRpcMessage({
                 msg,
                 jetstream: args.jetstream,
+                userId: args.userId,
                 agentId: args.agentId,
                 agentToken: args.agentToken,
             });
@@ -1387,49 +3388,39 @@ async function checkCancelRequested(args) {
     return Boolean(response.task?.cancelRequested);
 }
 async function prepareTaskCodexAuth(args) {
-    const bundle = await postJson(`${args.serverBaseUrl}/api/agent/tasks/${encodeURIComponent(args.taskId)}/codex-auth`, {
-        userId: args.userId,
-        agentToken: args.agentToken,
-    }).catch((error) => {
-        const message = error instanceof Error ? error.message : String(error);
-        writeAgentError(`task=${args.taskId} codex auth sync skipped: ${message}`);
-        return null;
-    });
-    return await prepareCodexAuthBundle(bundle);
+    void args;
+    return {
+        envPatch: {},
+        cleanup: async () => { },
+        meta: {
+            codexAuthSource: "agent_local",
+            codexAuthSynced: false,
+        },
+    };
 }
 async function prepareCodexAuthBundle(bundle) {
-    if (!bundle || typeof bundle.authJson !== "string") {
-        return null;
-    }
-    const codexHome = resolveCodexHomePath();
-    await mkdir(codexHome, { recursive: true });
-    const authFile = path.join(codexHome, "auth.json");
-    await writeFile(authFile, bundle.authJson, "utf8");
-    await chmod(authFile, 0o600).catch(() => undefined);
-    const envPatch = {
-        CODEX_HOME: codexHome,
-    };
-    if (typeof bundle.apiKey === "string" && bundle.apiKey.trim()) {
-        envPatch.OPENAI_API_KEY = bundle.apiKey.trim();
-    }
-    const cleanup = async () => { };
+    void bundle;
     return {
-        envPatch,
-        cleanup,
+        envPatch: {},
+        cleanup: async () => { },
         meta: {
-            codexAuthMode: bundle.authMode ?? null,
-            codexAuthIssuedAt: bundle.issuedAt ?? null,
-            codexAuthExpiresAt: bundle.expiresAt ?? null,
-            codexAuthSynced: true,
+            codexAuthSource: "agent_local",
+            codexAuthSynced: false,
         },
     };
 }
 async function prepareCommandExecution(args) {
     const shellPath = resolveShellPath();
     const taskWorkspace = resolveTaskWorkspace(args.cwd);
+    const codexHome = resolveCodexHomePath();
+    await mkdir(codexHome, { recursive: true });
     const codexAuth = await prepareCodexAuthBundle(args.codexAuthBundle);
+    const localAgentSettings = await readAgentSettingsConfig(null);
     const baseTaskEnvPatch = {
-        ...args.runtimeEnvPatch,
+        CODEX_HOME: codexHome,
+        DOER_USER_ID: args.userId,
+        DOER_AGENT_TASK_ID: args.taskId,
+        ...buildAgentSettingsEnvPatch(localAgentSettings),
         ...(codexAuth?.envPatch ?? {}),
         WORKSPACE: taskWorkspace,
     };
@@ -1520,6 +3511,8 @@ async function runTask(args) {
     };
     const shellPath = resolveShellPath();
     const taskWorkspace = resolveTaskWorkspace(args.cwd);
+    const codexHome = resolveCodexHomePath();
+    await mkdir(codexHome, { recursive: true });
     const runtimeConfig = await prepareTaskRuntimeConfig({
         serverBaseUrl: args.serverBaseUrl,
         taskId: args.taskId,
@@ -1532,7 +3525,10 @@ async function runTask(args) {
         userId: args.userId,
         agentToken: args.agentToken,
     });
+    const localAgentSettings = await readAgentSettingsConfig(null);
     const baseTaskEnvPatch = {
+        CODEX_HOME: codexHome,
+        ...buildAgentSettingsEnvPatch(localAgentSettings),
         ...(runtimeConfig?.envPatch ?? {}),
         ...(codexAuth?.envPatch ?? {}),
         WORKSPACE: taskWorkspace,
@@ -1735,6 +3731,10 @@ async function main() {
     const startupWorkspaceRoot = path.resolve(workspaceDir || process.cwd());
     workspaceRootOverride = startupWorkspaceRoot;
     process.chdir(startupWorkspaceRoot);
+    process.env.WORKSPACE = startupWorkspaceRoot;
+    process.env.CODEX_HOME = path.join(startupWorkspaceRoot, ".codex");
+    await mkdir(process.env.CODEX_HOME, { recursive: true }).catch(() => undefined);
+    await resetRunsDir();
     const serverBaseUrlRaw = resolveArgOrEnv(args, ["server", "url"], ["DOER_AGENT_SERVER"], DEFAULT_SERVER_BASE_URL);
     const requestedServerBaseUrl = serverBaseUrlRaw.replace(/\/$/, "");
     const serverBaseUrl = resolveContainerReachableServerBaseUrl(requestedServerBaseUrl);
@@ -1800,6 +3800,33 @@ async function main() {
         agentId: initialAgentId,
         agentToken,
     });
+    subscribeToSessionRpc({
+        jetstream,
+        userId,
+        agentId: initialAgentId,
+    });
+    subscribeToCodexRpc({
+        jetstream,
+        serverBaseUrl,
+        userId,
+        agentId: initialAgentId,
+        agentToken,
+    });
+    subscribeToCodexAuthRpc({
+        jetstream,
+        userId,
+        agentId: initialAgentId,
+    });
+    subscribeToSettingsRpc({
+        jetstream,
+        userId,
+        agentId: initialAgentId,
+    });
+    subscribeToGitRpc({
+        jetstream,
+        userId,
+        agentId: initialAgentId,
+    });
     subscribeToRunRpc({
         jetstream,
         serverBaseUrl,