dorkos 0.17.2 → 0.19.0

package/dist/server/index.js

@@ -17494,12 +17494,18 @@ var init_scenario_store = __esm({
     "use strict";
     BUILT_IN_SCENARIOS = {
       "simple-text": async function* (content3) {
-        yield { type: "session_status", data: { sessionId: "test-mode", model: "claude-haiku-4-5" } };
+        yield {
+          type: "session_status",
+          data: { sessionId: "test-mode", model: "claude-haiku-4-5" }
+        };
         yield { type: "text_delta", data: { text: `Echo: ${content3}` } };
         yield { type: "done", data: { sessionId: "test-mode" } };
       },
       "tool-call": async function* (_content) {
-        yield { type: "session_status", data: { sessionId: "test-mode", model: "claude-haiku-4-5" } };
+        yield {
+          type: "session_status",
+          data: { sessionId: "test-mode", model: "claude-haiku-4-5" }
+        };
         yield {
           type: "tool_call_start",
           data: { toolCallId: "tc-1", toolName: "Bash", status: "running" }
@@ -17507,7 +17513,12 @@ var init_scenario_store = __esm({
         yield {
           type: "tool_call_delta",
           // tool_call_delta uses ToolCallEventSchema: toolCallId, toolName, status are required
-          data: { toolCallId: "tc-1", toolName: "Bash", input: '{"command":"echo hi"}', status: "running" }
+          data: {
+            toolCallId: "tc-1",
+            toolName: "Bash",
+            input: '{"command":"echo hi"}',
+            status: "running"
+          }
         };
         yield {
           type: "tool_call_end",
@@ -17517,7 +17528,10 @@ var init_scenario_store = __esm({
         yield { type: "done", data: { sessionId: "test-mode" } };
       },
       "todo-write": async function* (_content) {
-        yield { type: "session_status", data: { sessionId: "test-mode", model: "claude-haiku-4-5" } };
+        yield {
+          type: "session_status",
+          data: { sessionId: "test-mode", model: "claude-haiku-4-5" }
+        };
         yield {
           type: "task_update",
           data: { action: "create", task: { id: "1", subject: "Task one", status: "pending" } }
@@ -17533,9 +17547,15 @@ var init_scenario_store = __esm({
         yield { type: "text_delta", data: { text: "Created 3 tasks." } };
         yield { type: "done", data: { sessionId: "test-mode" } };
       },
-      "error": async function* (_content) {
-        yield { type: "session_status", data: { sessionId: "test-mode", model: "claude-haiku-4-5" } };
-        yield { type: "error", data: { message: "Simulated error from TestModeRuntime" } };
+      error: async function* (_content) {
+        yield {
+          type: "session_status",
+          data: { sessionId: "test-mode", model: "claude-haiku-4-5" }
+        };
+        yield {
+          type: "error",
+          data: { message: "Simulated error from TestModeRuntime" }
+        };
         yield { type: "done", data: { sessionId: "test-mode" } };
       }
     };
@@ -55755,7 +55775,7 @@ var require_websocket = __commonJS({
     var http = __require("http");
     var net = __require("net");
     var tls = __require("tls");
-    var { randomBytes: randomBytes2, createHash: createHash3 } = __require("crypto");
+    var { randomBytes: randomBytes2, createHash: createHash2 } = __require("crypto");
     var { Duplex, Readable: Readable3 } = __require("stream");
     var { URL: URL2 } = __require("url");
     var PerMessageDeflate = require_permessage_deflate();
@@ -56415,7 +56435,7 @@ var require_websocket = __commonJS({
           abortHandshake(websocket, socket, "Invalid Upgrade header");
           return;
         }
-        const digest = createHash3("sha1").update(key + GUID).digest("base64");
+        const digest = createHash2("sha1").update(key + GUID).digest("base64");
         if (res.headers["sec-websocket-accept"] !== digest) {
           abortHandshake(websocket, socket, "Invalid Sec-WebSocket-Accept header");
           return;
@@ -56782,7 +56802,7 @@ var require_websocket_server = __commonJS({
     var EventEmitter4 = __require("events");
     var http = __require("http");
     var { Duplex } = __require("stream");
-    var { createHash: createHash3 } = __require("crypto");
+    var { createHash: createHash2 } = __require("crypto");
     var extension2 = require_extension();
     var PerMessageDeflate = require_permessage_deflate();
     var subprotocol = require_subprotocol();
@@ -57083,7 +57103,7 @@ var require_websocket_server = __commonJS({
           );
         }
         if (this._state > RUNNING) return abortHandshake(socket, 503);
-        const digest = createHash3("sha1").update(key + GUID).digest("base64");
+        const digest = createHash2("sha1").update(key + GUID).digest("base64");
         const headers = [
           "HTTP/1.1 101 Switching Protocols",
           "Upgrade: websocket",
@@ -68952,7 +68972,8 @@ var RateLimitEventSchema = z.object({
   retryAfter: z.number().optional()
 }).openapi("RateLimitEvent");
 var DoneEventSchema = z.object({
-  sessionId: z.string()
+  sessionId: z.string(),
+  messageIds: z.object({ user: z.string(), assistant: z.string() }).optional()
 }).openapi("DoneEvent");
 var SessionStatusEventSchema = z.object({
   sessionId: z.string(),
@@ -69220,7 +69241,9 @@ var HealthResponseSchema = z.object({
 }).openapi("HealthResponse");
 var ServerConfigSchema = z.object({
   version: z.string().openapi({ description: "Current server version" }),
-  latestVersion: z.string().nullable().openapi({ description: "Latest available version from npm, or null if dev mode or unknown" }),
+  latestVersion: z.string().nullable().openapi({
+    description: "Latest available version from npm, or null if dev mode or unknown"
+  }),
   isDevMode: z.boolean().openapi({ description: "Whether the server is running a development build" }),
   dismissedUpgradeVersions: z.array(z.string()).openapi({ description: "Versions the user has dismissed upgrade notifications for" }),
   port: z.number().int(),
@@ -70918,7 +70941,12 @@ router.post("/:id/approve", async (req, res) => {
   const { toolCallId } = parsed.data;
   const runtime = runtimeRegistry.getDefault();
   const approved = runtime.approveTool(sessionId, toolCallId, true);
-  if (!approved) return sendError(res, 404, "No pending approval", "NO_PENDING_APPROVAL");
+  if (!approved) {
+    if (runtime.hasSession(sessionId)) {
+      return sendError(res, 409, "Interaction already resolved", "INTERACTION_ALREADY_RESOLVED");
+    }
+    return sendError(res, 404, "No pending approval", "NO_PENDING_APPROVAL");
+  }
   res.json({ ok: true });
 });
 router.post("/:id/deny", async (req, res) => {
@@ -70931,7 +70959,12 @@ router.post("/:id/deny", async (req, res) => {
   const { toolCallId } = parsed.data;
   const runtime = runtimeRegistry.getDefault();
   const denied = runtime.approveTool(sessionId, toolCallId, false);
-  if (!denied) return sendError(res, 404, "No pending approval", "NO_PENDING_APPROVAL");
+  if (!denied) {
+    if (runtime.hasSession(sessionId)) {
+      return sendError(res, 409, "Interaction already resolved", "INTERACTION_ALREADY_RESOLVED");
+    }
+    return sendError(res, 404, "No pending approval", "NO_PENDING_APPROVAL");
+  }
   res.json({ ok: true });
 });
 router.post("/:id/submit-answers", async (req, res) => {
@@ -70944,7 +70977,12 @@ router.post("/:id/submit-answers", async (req, res) => {
   const { toolCallId, answers } = parsed.data;
   const runtime = runtimeRegistry.getDefault();
   const ok3 = runtime.submitAnswers(sessionId, toolCallId, answers);
-  if (!ok3) return sendError(res, 404, "No pending question", "NO_PENDING_QUESTION");
+  if (!ok3) {
+    if (runtime.hasSession(sessionId)) {
+      return sendError(res, 409, "Interaction already resolved", "INTERACTION_ALREADY_RESOLVED");
+    }
+    return sendError(res, 404, "No pending question", "NO_PENDING_QUESTION");
+  }
   res.json({ ok: true });
 });
 router.get("/:id/stream", async (req, res) => {
@@ -71071,7 +71109,7 @@ var SERVER_VERSION = resolveVersion();
 var IS_DEV_BUILD = checkDevBuild(SERVER_VERSION);
 function resolveVersion() {
   if (env.DORKOS_VERSION_OVERRIDE) return env.DORKOS_VERSION_OVERRIDE;
-  if (true) return "0.17.2";
+  if (true) return "0.19.0";
   const pkgPath = path4.join(path4.dirname(fileURLToPath2(import.meta.url)), "../../package.json");
   return JSON.parse(readFileSync(pkgPath, "utf-8")).version;
 }
@@ -71115,7 +71153,8 @@ router4.get("/", async (req, res) => {
     resolved = await validateBoundary(targetPath);
   } catch (err) {
     if (err instanceof BoundaryError) {
-      if (err.code === "NULL_BYTE") return res.status(400).json({ error: err.message, code: err.code });
+      if (err.code === "NULL_BYTE")
+        return res.status(400).json({ error: err.message, code: err.code });
       return res.status(403).json({ error: err.message, code: err.code });
     }
     const code3 = err.code;
@@ -71186,10 +71225,7 @@ import path6 from "path";
 
 // ../shared/dist/config-schema.js
 import { z as z5 } from "zod";
-var SENSITIVE_CONFIG_KEYS = [
-  "tunnel.authtoken",
-  "tunnel.auth"
-];
+var SENSITIVE_CONFIG_KEYS = ["tunnel.authtoken", "tunnel.auth"];
 var ONBOARDING_STEPS = ["discovery", "pulse", "adapters"];
 var OnboardingStepSchema = z5.enum(ONBOARDING_STEPS);
 var OnboardingStateSchema = z5.object({
@@ -71220,7 +71256,11 @@ var UserConfigSchema = z5.object({
     theme: z5.enum(["light", "dark", "system"]).default("system"),
     dismissedUpgradeVersions: z5.array(z5.string()).default(() => []).describe("Version strings the user has dismissed upgrade notifications for")
   }).default(() => ({ theme: "system", dismissedUpgradeVersions: [] })),
-  logging: LoggingConfigSchema.default(() => ({ level: "info", maxLogSizeKb: 500, maxLogFiles: 14 })),
+  logging: LoggingConfigSchema.default(() => ({
+    level: "info",
+    maxLogSizeKb: 500,
+    maxLogFiles: 14
+  })),
   relay: z5.object({
     enabled: z5.boolean().default(true),
     dataDir: z5.string().nullable().default(null)
@@ -71360,9 +71400,7 @@ var ConfigManager = class {
       if (error instanceof z6.ZodError) {
         return {
           valid: false,
-          errors: error.issues.map(
-            (i2) => `${i2.path.join(".")}: ${i2.message}`
-          )
+          errors: error.issues.map((i2) => `${i2.path.join(".")}: ${i2.message}`)
         };
       }
       throw error;
@@ -71858,12 +71896,12 @@ var SDK_TOOL_NAMES = {
 };
 
 // ../../apps/server/src/routes/tunnel.ts
-var DEV_CLIENT_PORT = Number(process.env.VITE_PORT) || 4241;
 var router8 = Router8();
 function resolveTunnelPort() {
   if (process.env.TUNNEL_PORT) return Number(process.env.TUNNEL_PORT);
   const isDev = process.env.NODE_ENV !== "production";
-  return isDev ? DEV_CLIENT_PORT : Number(process.env.DORKOS_PORT) || DEFAULT_PORT;
+  const devClientPort = Number(process.env.VITE_PORT) || 4241;
+  return isDev ? devClientPort : Number(process.env.DORKOS_PORT) || DEFAULT_PORT;
 }
 router8.get("/status", (_req, res) => {
   res.json(tunnelManager.status);
@@ -72276,7 +72314,9 @@ var PluginSourceSchema = z11.object({
   package: z11.string().optional(),
   /** Local file path (absolute or relative to config dir) */
   path: z11.string().optional()
-}).refine((data) => data.package || data.path, { message: "Plugin source must specify either package or path" }).openapi("PluginSource");
+}).refine((data) => data.package || data.path, {
+  message: "Plugin source must specify either package or path"
+}).openapi("PluginSource");
 var TelegramAdapterConfigSchema = z11.object({
   token: z11.string().min(1),
   mode: z11.enum(["polling", "webhook"]).default("polling"),
@@ -72594,7 +72634,6 @@ var DiscoveryCandidateSchema = z13.object({
 }).openapi("DiscoveryCandidate");
 var DenialRecordSchema = z13.object({
   path: z13.string().min(1),
-  strategy: z13.string().min(1),
   reason: z13.string().optional(),
   deniedBy: z13.string().min(1),
   deniedAt: z13.string().datetime()
@@ -73284,9 +73323,7 @@ registry.registerPath({
       description: "Array of endpoints",
       content: {
         "application/json": {
-          schema: z14.array(
-            z14.object({ subject: z14.string(), description: z14.string().optional() })
-          )
+          schema: z14.array(z14.object({ subject: z14.string(), description: z14.string().optional() }))
         }
       }
     }
@@ -73651,12 +73688,15 @@ function errorHandler(err, _req, res, _next) {
 function requestLogger(req, res, next) {
   const start2 = Date.now();
   res.on("finish", () => {
-    logger.debug({
-      method: req.method,
-      path: req.path,
-      status: res.statusCode,
-      ms: Date.now() - start2
-    }, "request");
+    logger.debug(
+      {
+        method: req.method,
+        path: req.path,
+        status: res.statusCode,
+        ms: Date.now() - start2
+      },
+      "request"
+    );
   });
   next();
 }
@@ -76812,10 +76852,7 @@ data: ${JSON.stringify(event)}
               data: { sessionId, timestamp: (/* @__PURE__ */ new Date()).toISOString() }
             });
           } catch (err) {
-            logger.error(
-              `[SessionBroadcaster] Callback error for session ${sessionId}:`,
-              err
-            );
+            logger.error(`[SessionBroadcaster] Callback error for session ${sessionId}:`, err);
           }
         }
       }
@@ -77129,17 +77166,25 @@ function createCanUseTool(session, logFn) {
       "mcp__dorkos__mesh_register",
       "mcp__dorkos__mesh_status",
       "mcp__dorkos__mesh_query_topology",
-      "mcp__dorkos__get_current_agent"
+      "mcp__dorkos__get_agent"
     ]);
     if (READ_ONLY_TOOLS.has(toolName) || DORKOS_AGENT_TOOLS.has(toolName)) {
       logFn("[canUseTool] auto-allow safe tool", { toolName, toolUseID: context.toolUseID });
       return { behavior: "allow", updatedInput: input };
     }
     if (session.permissionMode === "default") {
-      logFn("[canUseTool] requesting approval", { toolName, permissionMode: "default", toolUseID: context.toolUseID });
+      logFn("[canUseTool] requesting approval", {
+        toolName,
+        permissionMode: "default",
+        toolUseID: context.toolUseID
+      });
       return handleToolApproval(session, context.toolUseID, toolName, input);
     }
-    logFn("[canUseTool] auto-allow", { toolName, permissionMode: session.permissionMode, toolUseID: context.toolUseID });
+    logFn("[canUseTool] auto-allow", {
+      toolName,
+      permissionMode: session.permissionMode,
+      toolUseID: context.toolUseID
+    });
     return { behavior: "allow", updatedInput: input };
   };
 }
@@ -77213,11 +77258,7 @@ function buildTaskEvent(toolName, input) {
 }
 
 // ../../apps/server/src/services/runtimes/claude-code/sdk-event-mapper.ts
-var TOOL_CONTEXTUAL_HOOK_EVENTS = /* @__PURE__ */ new Set([
-  "PreToolUse",
-  "PostToolUse",
-  "PostToolUseFailure"
-]);
+var TOOL_CONTEXTUAL_HOOK_EVENTS = /* @__PURE__ */ new Set(["PreToolUse", "PostToolUse", "PostToolUseFailure"]);
 function mapErrorCategory(subtype) {
   switch (subtype) {
     case "error_max_turns":
@@ -77555,8 +77596,8 @@ DorkOS Relay is a pub/sub message bus for inter-agent communication.
 
 Subject hierarchy:
   relay.agent.{agentId}                \u2014 activate a specific agent session
-  relay.inbox.query.{UUID}             \u2014 ephemeral inbox for relay_query (auto-managed)
-  relay.inbox.dispatch.{UUID}          \u2014 ephemeral inbox for relay_dispatch (auto-expires after ~35 min)
+  relay.inbox.query.{UUID}             \u2014 ephemeral inbox for relay_send_and_wait (auto-managed)
+  relay.inbox.dispatch.{UUID}          \u2014 ephemeral inbox for relay_send_async (auto-expires after ~35 min)
   relay.inbox.{agentId}                \u2014 persistent agent reply inbox
   relay.human.console.{clientId}       \u2014 reach a human in the DorkOS UI
   relay.system.console                 \u2014 system broadcast channel
@@ -77564,13 +77605,13 @@ Subject hierarchy:
 
 Workflow: Query another agent \u2014 SHORT tasks (\u226410 min, PREFERRED)
 1. mesh_list() to find available agents and their agent IDs
-2. relay_query(to_subject="relay.agent.{theirAgentId}", payload={task}, from={myAgentId}, timeout_ms=600000)
+2. relay_send_and_wait(to_subject="relay.agent.{theirAgentId}", payload={task}, from={myAgentId}, timeout_ms=600000)
    \u2192 Blocks until reply (max 10 min / 600 000 ms)
    \u2192 Returns: { reply, from, replyMessageId, sentMessageId, progress: ProgressEvent[] }
    \u2192 progress[] contains intermediate steps: { type: "progress", step, step_type, text, done: false }
 
 Workflow: Dispatch to another agent \u2014 LONG tasks (>10 min)
-1. relay_dispatch(to_subject="relay.agent.{theirAgentId}", payload={task}, from={myAgentId})
+1. relay_send_async(to_subject="relay.agent.{theirAgentId}", payload={task}, from={myAgentId})
    \u2192 Returns IMMEDIATELY: { messageId, inboxSubject: "relay.inbox.dispatch.{UUID}" }
 2. Poll: relay_inbox(endpoint_subject=inboxSubject, status="unread")
    \u2192 Returns progress events: { type: "progress", step, step_type: "message"|"tool_result", text, done: false }
@@ -77589,13 +77630,13 @@ CONSTRAINT \u2014 Subagent MCP tools: DorkOS MCP tools (relay_*, mesh_*, pulse_*
 inside Claude Code Task() subagents. This is an SDK architectural limitation (subprocesses do not
 inherit the parent MCP server). The orchestrator pattern workaround:
   WRONG:  Task("use relay_send to message agent B")   \u2190 tools unavailable, silent failure
-  RIGHT:  1. Call relay_dispatch() in this (parent) session
+  RIGHT:  1. Call relay_send_async() in this (parent) session
           2. Pass the inboxSubject into the Task() prompt if needed
           3. Poll relay_inbox() in this session after Task() returns
 
 IMPORTANT: When YOU receive a relay message, respond naturally \u2014 do NOT call relay_send.
 Your response is automatically forwarded by the relay system.
-Only call relay_send/relay_query/relay_dispatch to INITIATE a new message.
+Only call relay_send/relay_send_and_wait/relay_send_async to INITIATE a new message.
 
 relay_list_endpoints returns type ("dispatch"|"query"|"persistent"|"agent"|"unknown") and expiresAt
 (ISO string or null) for each endpoint. Use these to identify active inboxes and their expiry.
@@ -77810,7 +77851,7 @@ var CORE_TOOLS = [
   "mcp__dorkos__ping",
   "mcp__dorkos__get_server_info",
   "mcp__dorkos__get_session_count",
-  "mcp__dorkos__get_current_agent"
+  "mcp__dorkos__get_agent"
 ];
 var PULSE_TOOLS = [
   "mcp__dorkos__pulse_list_schedules",
@@ -77824,8 +77865,8 @@ var RELAY_TOOLS = [
   "mcp__dorkos__relay_inbox",
   "mcp__dorkos__relay_list_endpoints",
   "mcp__dorkos__relay_register_endpoint",
-  "mcp__dorkos__relay_query",
-  "mcp__dorkos__relay_dispatch",
+  "mcp__dorkos__relay_send_and_wait",
+  "mcp__dorkos__relay_send_async",
   // NEW
   "mcp__dorkos__relay_unregister_endpoint"
   // NEW
@@ -77851,10 +77892,7 @@ var BINDING_TOOLS = [
   "mcp__dorkos__binding_create",
   "mcp__dorkos__binding_delete"
 ];
-var TRACE_TOOLS = [
-  "mcp__dorkos__relay_get_trace",
-  "mcp__dorkos__relay_get_metrics"
-];
+var TRACE_TOOLS = ["mcp__dorkos__relay_get_trace", "mcp__dorkos__relay_get_metrics"];
 function resolveToolConfig(agentConfig, deps) {
   const agent = agentConfig ?? {};
   return {
@@ -77932,7 +77970,11 @@ async function* executeSdkQuery(sessionId, content3, session, opts, messageOpts,
     pulseEnabled: isPulseEnabled(),
     globalConfig
   });
-  const baseAppend = await buildSystemPromptAppend(effectiveCwd, opts.meshCore ?? void 0, toolConfig);
+  const baseAppend = await buildSystemPromptAppend(
+    effectiveCwd,
+    opts.meshCore ?? void 0,
+    toolConfig
+  );
   const systemPromptAppend = messageOpts?.systemPromptAppend ? `${baseAppend}
 
 ${messageOpts.systemPromptAppend}` : baseAppend;
@@ -77951,9 +77993,12 @@ ${messageOpts.systemPromptAppend}` : baseAppend;
   if (session.hasStarted) {
     sdkOptions.resume = session.sdkSessionId;
     if (session.sdkSessionId === sessionId) {
-      logger.debug("[sendMessage] resuming with sdkSessionId === sessionId (expected after server restart)", {
-        session: sessionId
-      });
+      logger.debug(
+        "[sendMessage] resuming with sdkSessionId === sessionId (expected after server restart)",
+        {
+          session: sessionId
+        }
+      );
     }
   }
   const cwdSource = messageOpts?.cwd ? "opts.cwd" : opts.sessionCwd ? "session.cwd" : "default";
@@ -78340,32 +78385,41 @@ var ClaudeCodeRuntime = class _ClaudeCodeRuntime {
       }
     }
     const session = this.sessions.get(sessionId);
-    yield* executeSdkQuery(sessionId, content3, session, {
-      cwd: this.cwd,
-      sessionCwd: session.cwd,
-      claudeCliPath: this.claudeCliPath,
-      meshCore: this.meshCore,
-      mcpServerFactory: this.mcpServerFactory,
-      onModelsReceived: !this.cachedModels ? (models) => {
-        this.cachedModels = models;
-        logger.debug("[sendMessage] cached supported models", {
-          count: models.length
-        });
-      } : void 0,
-      onMcpStatusReceived: (servers) => {
-        const key = opts?.cwd || session.cwd || this.cwd;
-        this.cachedMcpStatus.set(key, servers);
-        logger.debug("[sendMessage] cached MCP server status", { cwd: key, count: servers.length });
-      },
-      onCommandsReceived: !this.cachedSdkCommands ? (commands) => {
-        this.cachedSdkCommands = commands;
-        logger.debug("[sendMessage] cached supported commands", {
-          count: commands.length
-        });
-      } : void 0,
-      sdkSessionIndex: this.sdkSessionIndex,
-      sessionMapKey: sessionId
-    }, opts);
+    yield* executeSdkQuery(
+      sessionId,
+      content3,
+      session,
+      {
+        cwd: this.cwd,
+        sessionCwd: session.cwd,
+        claudeCliPath: this.claudeCliPath,
+        meshCore: this.meshCore,
+        mcpServerFactory: this.mcpServerFactory,
+        onModelsReceived: !this.cachedModels ? (models) => {
+          this.cachedModels = models;
+          logger.debug("[sendMessage] cached supported models", {
+            count: models.length
+          });
+        } : void 0,
+        onMcpStatusReceived: (servers) => {
+          const key = opts?.cwd || session.cwd || this.cwd;
+          this.cachedMcpStatus.set(key, servers);
+          logger.debug("[sendMessage] cached MCP server status", {
+            cwd: key,
+            count: servers.length
+          });
+        },
+        onCommandsReceived: !this.cachedSdkCommands ? (commands) => {
+          this.cachedSdkCommands = commands;
+          logger.debug("[sendMessage] cached supported commands", {
+            count: commands.length
+          });
+        } : void 0,
+        sdkSessionIndex: this.sdkSessionIndex,
+        sessionMapKey: sessionId
+      },
+      opts
+    );
   }
   // ---------------------------------------------------------------------------
   // Interactive flows
@@ -78616,6 +78670,25 @@ function jsonContent(data, isError2 = false) {
 }
 
 // ../../apps/server/src/services/runtimes/claude-code/mcp-tools/core-tools.ts
+function resolveAgentCwd(deps, args) {
+  if (!args.agent_id && !args.cwd) {
+    throw new Error("Either agent_id or cwd must be provided to identify the agent.");
+  }
+  if (args.agent_id && args.cwd) {
+    throw new Error("Provide either agent_id or cwd, not both.");
+  }
+  if (args.cwd) {
+    return args.cwd;
+  }
+  if (!deps.meshCore) {
+    throw new Error("Mesh is not enabled. Cannot resolve agent_id without Mesh.");
+  }
+  const projectPath = deps.meshCore.getProjectPath(args.agent_id);
+  if (!projectPath) {
+    throw new Error(`Agent not found: ${args.agent_id}`);
+  }
+  return projectPath;
+}
 async function handlePing() {
   return {
     content: [
@@ -78649,16 +78722,18 @@ async function handleGetServerInfo(args) {
   };
 }
 function createGetSessionCountHandler(deps) {
-  return async function handleGetSessionCount() {
+  return async function handleGetSessionCount(args) {
     try {
-      const sessions = await deps.transcriptReader.listSessions(deps.defaultCwd);
+      const resolvedCwd = resolveAgentCwd(deps, args);
+      const sessions = await deps.transcriptReader.listSessions(resolvedCwd);
       return {
         content: [
           {
             type: "text",
             text: JSON.stringify({
               count: sessions.length,
-              cwd: deps.defaultCwd
+              cwd: resolvedCwd,
+              ...args.agent_id && { agent_id: args.agent_id }
             })
           }
         ]
@@ -78678,12 +78753,16 @@ function createGetSessionCountHandler(deps) {
     }
   };
 }
-function createGetCurrentAgentHandler(deps) {
-  return async () => {
+function createGetAgentHandler(deps) {
+  return async (args) => {
     try {
-      const manifest = await readManifest(deps.defaultCwd);
+      const resolvedCwd = resolveAgentCwd(deps, args);
+      const manifest = await readManifest(resolvedCwd);
       if (!manifest) {
-        return jsonContent({ agent: null, message: "No agent registered for current directory" });
+        return jsonContent({
+          agent: null,
+          message: "No agent registered for the specified directory"
+        });
       }
       return jsonContent({ agent: manifest });
     } catch (err) {
@@ -78694,9 +78773,13 @@ function createGetCurrentAgentHandler(deps) {
     }
   };
 }
+var agentScopeSchema = {
+  agent_id: z16.string().optional().describe("Agent ULID to scope the query to"),
+  cwd: z16.string().optional().describe("Working directory path to scope the query to")
+};
 function getCoreTools(deps) {
   const handleGetSessionCount = createGetSessionCountHandler(deps);
-  const handleGetCurrentAgent = createGetCurrentAgentHandler(deps);
+  const handleGetAgent = createGetAgentHandler(deps);
   return [
     tool(
       "ping",
@@ -78712,15 +78795,15 @@ function getCoreTools(deps) {
     ),
     tool(
       "get_session_count",
-      "Returns the number of sessions visible in the SDK transcript directory.",
-      {},
+      "Returns the number of sessions for a specific agent. Provide either agent_id (ULID) or cwd (working directory path).",
+      agentScopeSchema,
       handleGetSessionCount
     ),
     tool(
-      "get_current_agent",
-      "Get the agent identity for the current working directory. Returns the agent manifest from .dork/agent.json if one exists, or null if no agent is registered.",
-      {},
-      handleGetCurrentAgent
+      "get_agent",
+      "Get the agent manifest for a specific agent. Provide either agent_id (ULID) or cwd (working directory path). Returns the agent manifest from .dork/agent.json if one exists, or null if no agent is registered.",
+      agentScopeSchema,
+      handleGetAgent
     )
   ];
 }
@@ -78759,7 +78842,10 @@ function createCreateScheduleHandler(deps) {
     });
     deps.pulseStore.updateSchedule(schedule.id, { status: "pending_approval" });
     const updated = deps.pulseStore.getSchedule(schedule.id);
-    return jsonContent({ schedule: updated, note: "Schedule created with pending_approval status. User must approve before it runs." });
+    return jsonContent({
+      schedule: updated,
+      note: "Schedule created with pending_approval status. User must approve before it runs."
+    });
   };
 }
 function createUpdateScheduleHandler(deps) {
@@ -78879,7 +78965,11 @@ function createRelaySendHandler(deps) {
         replyTo: args.replyTo,
         budget: args.budget
       });
-      return jsonContent({ messageId: result2.messageId, deliveredTo: result2.deliveredTo, queued: result2.deliveredTo === 0 });
+      return jsonContent({
+        messageId: result2.messageId,
+        deliveredTo: result2.deliveredTo,
+        queued: result2.deliveredTo === 0
+      });
     } catch (e2) {
       const message = e2 instanceof Error ? e2.message : "Publish failed";
       const code3 = message.includes("Access denied") ? "ACCESS_DENIED" : message.includes("Invalid subject") ? "INVALID_SUBJECT" : "PUBLISH_FAILED";
@@ -78963,7 +79053,10 @@ function createRelayQueryHandler(deps) {
         });
         if (result2.deliveredTo === 0 && result2.rejected && result2.rejected.length > 0) {
           const reason = result2.rejected[0]?.reason ?? "unknown";
-          return jsonContent({ error: `Message rejected: ${reason}`, code: "REJECTED", reason }, true);
+          return jsonContent(
+            { error: `Message rejected: ${reason}`, code: "REJECTED", reason },
+            true
+          );
         }
         sentMessageId = result2.messageId;
       } catch (e2) {
@@ -78978,7 +79071,9 @@ function createRelayQueryHandler(deps) {
         };
         const timer = setTimeout(() => {
           cleanup();
-          reject(new Error(`relay_query timed out after ${timeoutMs}ms (sent ${sentMessageId})`));
+          reject(
+            new Error(`relay_send_and_wait timed out after ${timeoutMs}ms (sent ${sentMessageId})`)
+          );
         }, timeoutMs);
         const unsub = relay.subscribe(inboxSubject, (envelope) => {
           const payload = envelope.payload;
@@ -79056,7 +79151,10 @@ function createRelayUnregisterEndpointHandler(deps) {
     try {
       const removed = await deps.relayCore.unregisterEndpoint(args.subject);
       if (!removed) {
-        return jsonContent({ error: `Endpoint not found: ${args.subject}`, code: "ENDPOINT_NOT_FOUND" }, true);
+        return jsonContent(
+          { error: `Endpoint not found: ${args.subject}`, code: "ENDPOINT_NOT_FOUND" },
+          true
+        );
       }
       return jsonContent({ success: true, subject: args.subject });
     } catch (e2) {
@@ -79111,13 +79209,15 @@ function getRelayTools(deps) {
       createRelayRegisterEndpointHandler(deps)
     ),
     tool3(
-      "relay_query",
+      "relay_send_and_wait",
       'Send a message to an agent and WAIT for the reply in a single call. Preferred over relay_send + relay_inbox polling for request/reply patterns. Internally registers an ephemeral inbox, sends the message with replyTo set, and blocks until the target agent replies or the timeout elapses. Response shape: { reply, progress, from, replyMessageId, sentMessageId }. progress: array of intermediate steps emitted before the final reply (empty [] for quick replies; populated for multi-step CCA tasks). Each progress step: { type: "progress", step: number, step_type: "message"|"tool_result", text: string, done: false }. Callers that only use { reply, from, replyMessageId } are unaffected \u2014 progress is additive.',
       {
         to_subject: z18.string().describe('Target subject for the message (e.g., "relay.agent.{agentId}")'),
         payload: z18.unknown().describe("Message payload (any JSON-serializable value)"),
         from: z18.string().describe("Sender subject identifier"),
-        timeout_ms: z18.number().int().min(1e3).max(6e5).optional().describe("Max milliseconds to wait for a reply (default: 60000, max: 600000). For tasks longer than 10 min, use relay_dispatch instead."),
+        timeout_ms: z18.number().int().min(1e3).max(6e5).optional().describe(
+          "Max milliseconds to wait for a reply (default: 60000, max: 600000). For tasks longer than 10 min, use relay_send_async instead."
+        ),
         budget: z18.object({
           maxHops: z18.number().int().min(1).optional().describe("Max hop count"),
           ttl: z18.number().int().optional().describe("Unix timestamp (ms) expiry"),
@@ -79127,8 +79227,8 @@ function getRelayTools(deps) {
       createRelayQueryHandler(deps)
     ),
     tool3(
-      "relay_dispatch",
-      "Dispatch a message to an agent and return IMMEDIATELY with a dispatch inbox subject. Unlike relay_query (which blocks), relay_dispatch returns { messageId, inboxSubject } at once. Agent B runs asynchronously; CCA publishes incremental progress events and a final agent_result to the inbox. Poll relay_inbox(endpoint_subject=inboxSubject) for updates. When you receive a message with done:true, call relay_unregister_endpoint(inboxSubject) to clean up.",
+      "relay_send_async",
+      "Dispatch a message to an agent and return IMMEDIATELY with a dispatch inbox subject. Unlike relay_send_and_wait (which blocks), relay_send_async returns { messageId, inboxSubject } at once. Agent B runs asynchronously; CCA publishes incremental progress events and a final agent_result to the inbox. Poll relay_inbox(endpoint_subject=inboxSubject) for updates. When you receive a message with done:true, call relay_unregister_endpoint(inboxSubject) to clean up.",
       {
         to_subject: z18.string().describe('Target subject (e.g., "relay.agent.{agentId}")'),
         payload: z18.unknown().describe("Message payload"),
@@ -79143,7 +79243,7 @@ function getRelayTools(deps) {
     ),
     tool3(
       "relay_unregister_endpoint",
-      "Unregister a Relay endpoint. Use to clean up dispatch inboxes after relay_dispatch completes (when done:true received).",
+      "Unregister a Relay endpoint. Use to clean up dispatch inboxes after relay_send_async completes (when done:true received).",
       {
         subject: z18.string().describe("Subject of the endpoint to unregister")
       },
@@ -79157,7 +79257,10 @@ import { tool as tool4 } from "@anthropic-ai/claude-agent-sdk";
 import { z as z19 } from "zod";
 function requireAdapterManager(deps) {
   if (!deps.adapterManager) {
-    return jsonContent({ error: "Relay adapters are not enabled", code: "ADAPTERS_DISABLED" }, true);
+    return jsonContent(
+      { error: "Relay adapters are not enabled", code: "ADAPTERS_DISABLED" },
+      true
+    );
   }
   return null;
 }
@@ -79244,7 +79347,10 @@ import { tool as tool5 } from "@anthropic-ai/claude-agent-sdk";
 import { z as z20 } from "zod";
 function requireBindingStore(deps) {
   if (!deps.bindingStore) {
-    return jsonContent({ error: "Relay bindings are not enabled", code: "BINDINGS_DISABLED" }, true);
+    return jsonContent(
+      { error: "Relay bindings are not enabled", code: "BINDINGS_DISABLED" },
+      true
+    );
   }
   return null;
 }
@@ -79289,12 +79395,7 @@ function createBindingDeleteHandler(deps) {
 function getBindingTools(deps) {
   if (!deps.bindingStore) return [];
   return [
-    tool5(
-      "binding_list",
-      "List all adapter-to-agent bindings.",
-      {},
-      createBindingListHandler(deps)
-    ),
+    tool5("binding_list", "List all adapter-to-agent bindings.", {}, createBindingListHandler(deps)),
     tool5(
       "binding_create",
       "Create a new adapter-to-agent binding. Maps an external adapter to a specific agent directory.",
@@ -79379,14 +79480,24 @@ function createMeshDiscoverHandler(deps) {
     if (err) return err;
     try {
       const candidates = [];
+      const autoImported = [];
       for await (const event of deps.meshCore.discover(args.roots, {
         maxDepth: args.maxDepth
       })) {
         if (event.type === "candidate") {
           candidates.push(event.data);
+        } else if (event.type === "auto-import" && args.includeRegistered) {
+          autoImported.push(event.data);
         }
       }
-      return jsonContent({ candidates, count: candidates.length });
+      return jsonContent({
+        candidates,
+        count: candidates.length,
+        ...args.includeRegistered && {
+          registered: autoImported,
+          registeredCount: autoImported.length
+        }
+      });
     } catch (e2) {
       const message = e2 instanceof Error ? e2.message : "Discovery failed";
       return jsonContent({ error: message, code: "DISCOVER_FAILED" }, true);
@@ -79398,11 +79509,6 @@ function createMeshRegisterHandler(deps) {
     const err = requireMesh(deps);
     if (err) return err;
     try {
-      const overrides = {};
-      if (args.name) overrides.name = args.name;
-      if (args.description) overrides.description = args.description;
-      if (args.runtime) overrides.runtime = args.runtime;
-      if (args.capabilities) overrides.capabilities = args.capabilities;
       const agent = await deps.meshCore.registerByPath(
         args.path,
         {
@@ -79479,7 +79585,10 @@ function createMeshInspectHandler(deps) {
     if (err) return err;
     const result2 = deps.meshCore.inspect(args.agentId);
     if (!result2) {
-      return { content: [{ type: "text", text: `Agent ${args.agentId} not found` }], isError: true };
+      return {
+        content: [{ type: "text", text: `Agent ${args.agentId} not found` }],
+        isError: true
+      };
     }
     return jsonContent(result2);
   };
@@ -79497,10 +79606,13 @@ function getMeshTools(deps) {
   return [
     tool7(
       "mesh_discover",
-      "Scan directories for agent candidates. Returns paths with detected runtime, capabilities, and suggested names.",
+      "Scan directories for agent candidates. By default returns only unregistered agents (candidates). Set includeRegistered to also see already-registered agents found during the scan.",
       {
         roots: z22.array(z22.string()).describe("Root directories to scan for agents"),
-        maxDepth: z22.number().int().min(1).optional().describe("Maximum directory depth (default 3)")
+        maxDepth: z22.number().int().min(1).optional().describe("Maximum directory depth (default: 5)"),
+        includeRegistered: z22.boolean().optional().describe(
+          "Include already-registered agents in results (default: false \u2014 unregistered candidates only)"
+        )
       },
       createMeshDiscoverHandler(deps)
     ),
@@ -84981,7 +85093,9 @@ var PulseStore = class {
       conditions.push(eq(pulseRuns.scheduleId, opts.scheduleId));
     }
     if (opts.status) {
-      conditions.push(eq(pulseRuns.status, opts.status));
+      conditions.push(
+        eq(pulseRuns.status, opts.status)
+      );
     }
     const query2 = this.db.select().from(pulseRuns).orderBy(desc(pulseRuns.createdAt)).limit(limit).offset(offset);
     if (conditions.length > 0) {
@@ -85953,7 +86067,9 @@ var SchedulerService = class {
       this.store.updateRun(run.id, {
         status: "running"
       });
-      logger2.info(`relay dispatch for run ${run.id} delivered to ${result2.deliveredTo} endpoint(s)`);
+      logger2.info(
+        `relay dispatch for run ${run.id} delivered to ${result2.deliveredTo} endpoint(s)`
+      );
     }
   }
   /** Execute a run directly via AgentManager — manages AbortController, streams output, updates status. */
@@ -86110,13 +86226,9 @@ async function loadPresets(dorkHome) {
 }
 
 // ../../apps/server/src/routes/pulse.ts
-function createPulseRouter(store, scheduler, meshCore2) {
+function createPulseRouter(store, scheduler, dorkHome, meshCore2) {
   const router13 = Router14();
   router13.get("/presets", async (_req, res) => {
-    const dorkHome = env.DORK_HOME;
-    if (!dorkHome) {
-      return res.status(500).json({ error: "DORK_HOME not configured" });
-    }
     const presets = await loadPresets(dorkHome);
     return res.json(presets);
   });
@@ -86224,7 +86336,6 @@ import * as os5 from "node:os";
 import fs14 from "node:fs";
 
 // ../relay/dist/endpoint-registry.js
-import { createHash } from "node:crypto";
 import { mkdir as mkdir2, rm } from "node:fs/promises";
 import { join as join4 } from "node:path";
 
@@ -86316,10 +86427,6 @@ function matchTokens(subject, pattern, si, pi) {
 
 // ../relay/dist/endpoint-registry.js
 var MAILDIR_DIRS = ["tmp", "new", "cur", "failed"];
-var HASH_LENGTH = 12;
-function hashSubject(subject) {
-  return createHash("sha256").update(subject).digest("hex").slice(0, HASH_LENGTH);
-}
 var EndpointRegistry = class {
   /** Base directory for all endpoint mailboxes (e.g. `~/.dork/relay/mailboxes`). */
   mailboxesDir;
@@ -86337,8 +86444,8 @@ var EndpointRegistry = class {
   /**
    * Register a new message endpoint.
    *
-   * Validates the subject, computes a deterministic hash, creates the
-   * Maildir directory structure, and stores the endpoint info in memory.
+   * Validates the subject, creates the Maildir directory structure using
+   * the subject string as the directory name, and stores the endpoint info in memory.
    *
    * @param subject - The hierarchical subject for this endpoint (e.g. `relay.agent.myproject.backend`).
    *                  Must not contain wildcards (`*` or `>`).
@@ -86356,14 +86463,13 @@ var EndpointRegistry = class {
     if (this.endpoints.has(subject)) {
       throw new Error(`Endpoint already registered: ${subject}`);
     }
-    const hash = hashSubject(subject);
-    const maildirPath = join4(this.mailboxesDir, hash);
+    const maildirPath = join4(this.mailboxesDir, subject);
     for (const dir of MAILDIR_DIRS) {
       await mkdir2(join4(maildirPath, dir), { recursive: true });
     }
     const info = {
       subject,
-      hash,
+      hash: subject,
       maildirPath,
       registeredAt: (/* @__PURE__ */ new Date()).toISOString()
     };
@@ -88151,11 +88257,10 @@ var AdapterDelivery = class _AdapterDelivery {
         })
       ]);
       if (result2 && result2.success) {
-        const subjectHash = hashSubject(subject);
         this.sqliteIndex.insertMessage({
           id: envelope.id,
           subject,
-          endpointHash: `adapter:${subjectHash}`,
+          endpointHash: `adapter:${subject}`,
           status: "delivered",
           createdAt: envelope.createdAt,
           expiresAt: null
@@ -88466,10 +88571,9 @@ var RelayPublishPipeline = class {
   }
   /** Dead-letter a message that had no delivery targets. */
   async deadLetter(subject, envelope, adapterResult) {
-    const subjectHash = hashSubject(subject);
-    await this.deps.maildirStore.ensureMaildir(subjectHash);
+    await this.deps.maildirStore.ensureMaildir(subject);
     const reason = adapterResult?.error ? `adapter delivery failed: ${adapterResult.error}` : "no matching endpoints or adapters";
-    await this.deps.deadLetterQueue.reject(subjectHash, envelope, reason);
+    await this.deps.deadLetterQueue.reject(subject, envelope, reason);
   }
   /** Record a trace span for delivery tracking (best-effort). */
   recordTrace(messageId, subject, deliveredTo, rejected, adapterResult, envelope) {
@@ -89046,6 +89150,7 @@ var BaseRelayAdapter = class {
 };
 
 // ../relay/dist/adapter-registry.js
+var ADAPTER_START_TIMEOUT_MS = 3e4;
 var AdapterRegistry = class {
   adapters = /* @__PURE__ */ new Map();
   relay = null;
@@ -89082,7 +89187,19 @@ var AdapterRegistry = class {
       throw new Error("AdapterRegistry: relay not set \u2014 call setRelay() before registering adapters");
     }
     const existing = this.adapters.get(adapter.id);
-    await adapter.start(this.relay);
+    this.logger.info(`AdapterRegistry: starting adapter '${adapter.id}'`);
+    let timer;
+    try {
+      await Promise.race([
+        adapter.start(this.relay),
+        new Promise((_4, reject) => {
+          timer = setTimeout(() => reject(new Error(`Adapter '${adapter.id}' start timed out after ${ADAPTER_START_TIMEOUT_MS / 1e3}s`)), ADAPTER_START_TIMEOUT_MS);
+        })
+      ]);
+    } finally {
+      clearTimeout(timer);
+    }
+    this.logger.info(`AdapterRegistry: adapter '${adapter.id}' started`);
     this.adapters.set(adapter.id, adapter);
     if (existing) {
       try {
@@ -101978,12 +102095,18 @@ var import_grammy = __toESM(require_mod2(), 1);
 import crypto4 from "node:crypto";
 import { createServer } from "node:http";
 var DEFAULT_WEBHOOK_PORT = 8443;
-async function startWebhookMode(bot, adapterId, webhookUrl, webhookPort, webhookSecret) {
+async function startWebhookMode(bot, adapterId, webhookUrl, webhookPort, webhookSecret, timeoutMs = 15e3) {
   if (!webhookUrl) {
     throw new Error(`TelegramAdapter(${adapterId}): webhookUrl is required when mode is 'webhook'`);
   }
   const secret = webhookSecret ?? crypto4.randomUUID();
-  await bot.api.setWebhook(webhookUrl, { secret_token: secret });
+  let timer;
+  await Promise.race([
+    bot.api.setWebhook(webhookUrl, { secret_token: secret }),
+    new Promise((_4, reject) => {
+      timer = setTimeout(() => reject(new Error("Telegram bot token validation timed out \u2014 check your token and network connectivity")), timeoutMs);
+    })
+  ]).finally(() => clearTimeout(timer));
   const port = webhookPort ?? DEFAULT_WEBHOOK_PORT;
   const handler = (0, import_grammy.webhookCallback)(bot, "http", { secretToken: secret });
   const server = createServer(handler);
@@ -102116,6 +102239,8 @@ For local development, use a tunnel service (e.g., ngrok, Cloudflare Tunnel).`
   setupInstructions: "Open Telegram and search for @BotFather. Send /newbot, choose a name and username. Copy the token provided."
 };
 var TelegramAdapter = class _TelegramAdapter extends BaseRelayAdapter {
+  /** Timeout for bot.init() and setWebhook() calls (ms). */
+  static INIT_TIMEOUT_MS = 15e3;
   /** Reconnection delay schedule (ms) -- exponential backoff. */
   static RECONNECT_DELAYS = [5e3, 1e4, 3e4, 6e4, 6e4];
   config;
@@ -102135,7 +102260,7 @@ var TelegramAdapter = class _TelegramAdapter extends BaseRelayAdapter {
   async testConnection() {
     try {
       const bot = new import_grammy2.Bot(this.config.token);
-      await bot.init();
+      await this.initBotWithTimeout(bot);
       return { ok: true, botUsername: bot.botInfo.username };
     } catch (err) {
       return { ok: false, error: err instanceof Error ? err.message : String(err) };
@@ -102185,7 +102310,11 @@ var TelegramAdapter = class _TelegramAdapter extends BaseRelayAdapter {
         void handleTypingSignal(this.bot, subject, this.outboundState, signal.state);
     });
     if (this.config.mode === "webhook") {
-      this.webhookServer = await startWebhookMode(bot, this.id, this.config.webhookUrl, this.config.webhookPort, this.config.webhookSecret);
+      this.logger.info("starting webhook mode", {
+        url: this.config.webhookUrl,
+        port: this.config.webhookPort
+      });
+      this.webhookServer = await startWebhookMode(bot, this.id, this.config.webhookUrl, this.config.webhookPort, this.config.webhookSecret, _TelegramAdapter.INIT_TIMEOUT_MS);
     } else {
       await this.startPollingMode(bot);
     }
@@ -102240,9 +102369,26 @@ var TelegramAdapter = class _TelegramAdapter extends BaseRelayAdapter {
     });
   }
   // --- Private helpers ---
+  /**
+   * Call bot.init() with a timeout guard.
+   *
+   * Prevents indefinite hangs when the Telegram API is unreachable or the
+   * token is invalid but the connection never closes.
+   */
+  async initBotWithTimeout(bot) {
+    let timer;
+    await Promise.race([
+      bot.init(),
+      new Promise((_4, reject) => {
+        timer = setTimeout(() => reject(new Error("Telegram bot token validation timed out \u2014 check your token and network connectivity")), _TelegramAdapter.INIT_TIMEOUT_MS);
+      })
+    ]).finally(() => clearTimeout(timer));
+  }
   /** Start grammy bot in long-polling mode with eager token validation. */
   async startPollingMode(bot) {
-    await bot.init();
+    await this.initBotWithTimeout(bot);
+    this.logger.info("bot validated", { username: bot.botInfo.username, mode: "polling" });
+    this.logger.info("starting polling mode");
     bot.start({
       drop_pending_updates: true,
       onStart: () => {
@@ -102385,6 +102531,7 @@ var WebhookAdapter = class extends BaseRelayAdapter {
    * @param _relay - The RelayPublisher (stored by base class; unused here)
    */
   async _start(_relay) {
+    this.logger.info("webhook adapter ready", { subject: this.config.inbound.subject });
     this.nonceInterval = setInterval(() => {
       this.pruneExpiredNonces();
     }, NONCE_PRUNE_INTERVAL_MS);
@@ -102904,7 +103051,11 @@ async function handleTextDelta(textChunk, streaming, nativeStreaming, ctx) {
     return { success: true, durationMs: now - startTime };
   } catch (err) {
     callbacks.recordError(err);
-    return { success: false, error: err instanceof Error ? err.message : String(err), durationMs: Date.now() - startTime };
+    return {
+      success: false,
+      error: err instanceof Error ? err.message : String(err),
+      durationMs: Date.now() - startTime
+    };
   }
 }
 async function flushStreamBuffer(ctx) {
@@ -103100,7 +103251,10 @@ ${inputPreview}
           blocks: [
             {
               type: "section",
-              text: { type: "mrkdwn", text: ":hourglass: *Tool Approval Timed Out*\n~`" + data.toolName + "`~" }
+              text: {
+                type: "mrkdwn",
+                text: ":hourglass: *Tool Approval Timed Out*\n~`" + data.toolName + "`~"
+              }
             }
           ]
         });
@@ -103149,7 +103303,11 @@ async function deliverMessage2(opts) {
     return { success: true, durationMs: Date.now() - startTime };
   }
   if (!client) {
-    return { success: false, error: `SlackAdapter(${adapterId}): not started`, durationMs: Date.now() - startTime };
+    return {
+      success: false,
+      error: `SlackAdapter(${adapterId}): not started`,
+      durationMs: Date.now() - startTime
+    };
   }
   const channelId = extractChannelId(subject);
   if (!channelId) {
@@ -103203,7 +103361,11 @@ async function deliverMessage2(opts) {
   }
   const text6 = truncateText(formatForPlatform(extractPayloadContent(envelope.payload), "slack"), MAX_MESSAGE_LENGTH2);
   logger3.debug(`deliver: standard payload to ${channelId} (${text6.length} chars)`);
-  return wrapSlackCall(() => client.chat.postMessage({ channel: channelId, text: text6, ...threadTs ? { thread_ts: threadTs } : {} }), callbacks, startTime, true);
+  return wrapSlackCall(() => client.chat.postMessage({
+    channel: channelId,
+    text: text6,
+    ...threadTs ? { thread_ts: threadTs } : {}
+  }), callbacks, startTime, true);
 }
 
 // ../relay/dist/adapters/slack/slack-adapter.js
@@ -103265,7 +103427,14 @@ var SLACK_MANIFEST = {
       stepId: "create-app",
       title: "Create & Configure a Slack App",
       description: 'Go to api.slack.com/apps \u2192 Create New App \u2192 From Scratch.\n\n1. **Socket Mode** \u2014 Enable it (Settings \u2192 Socket Mode).\n2. **Event Subscriptions** \u2014 Turn on Enable Events, then subscribe to bot events: app_mention, message.channels, message.groups, message.im, message.mpim.\n3. **OAuth & Permissions** \u2014 Add bot token scopes: app_mentions:read, channels:history, channels:read, chat:write, groups:history, groups:read, im:history, im:read, im:write, mpim:history, reactions:read, reactions:write, users:read. Then install the app to your workspace.\n4. **App-Level Token** \u2014 In Basic Information \u2192 App-Level Tokens, generate a token with the connections:write scope.\n\n\u26A0\uFE0F Do NOT enable "Agents & AI Apps" \u2014 it adds user scopes that cause install failures on most workspaces.',
-      fields: ["botToken", "appToken", "signingSecret", "streaming", "nativeStreaming", "typingIndicator"]
+      fields: [
+        "botToken",
+        "appToken",
+        "signingSecret",
+        "streaming",
+        "nativeStreaming",
+        "typingIndicator"
+      ]
     }
   ],
   configFields: [
@@ -103349,7 +103518,9 @@ var SLACK_MANIFEST = {
   ],
   setupInstructions: '1. Create a Slack app at api.slack.com/apps (From Scratch, not From Manifest).\n2. Enable Socket Mode (Settings \u2192 Socket Mode).\n3. Enable Event Subscriptions and subscribe to bot events: app_mention, message.channels, message.groups, message.im, message.mpim.\n4. Add bot token scopes under OAuth & Permissions: app_mentions:read, channels:history, channels:read, chat:write, groups:history, groups:read, im:history, im:read, im:write, mpim:history, reactions:read, reactions:write, users:read.\n5. Install the app to your workspace (OAuth & Permissions \u2192 Install).\n6. Copy the Bot User OAuth Token (starts with xoxb-).\n7. Generate an App-Level Token with connections:write scope (Basic Information \u2192 App-Level Tokens).\n8. Copy the Signing Secret from Basic Information.\n\n\u26A0\uFE0F Do NOT enable "Agents & AI Apps" \u2014 it adds user-level scopes that cause invalid_scope errors on most workspace plans.'
 };
-var SlackAdapter = class extends BaseRelayAdapter {
+var SlackAdapter = class _SlackAdapter extends BaseRelayAdapter {
+  /** Timeout for auth.test() calls (ms). */
+  static INIT_TIMEOUT_MS = 15e3;
   config;
   app = null;
   /** Bot's own user ID — cached after auth.test for echo prevention. */
@@ -103372,7 +103543,7 @@ var SlackAdapter = class extends BaseRelayAdapter {
     try {
       const { WebClient } = await Promise.resolve().then(() => __toESM(require_dist4(), 1));
       const tempClient = new WebClient(this.config.botToken);
-      const result2 = await tempClient.auth.test();
+      const result2 = await _SlackAdapter.withInitTimeout(tempClient.auth.test());
       return { ok: true, botUsername: result2.user };
     } catch (err) {
       return { ok: false, error: err instanceof Error ? err.message : String(err) };
@@ -103387,8 +103558,12 @@ var SlackAdapter = class extends BaseRelayAdapter {
       socketMode: true,
       logLevel: import_bolt.LogLevel.WARN
     });
-    const authResult = await app.client.auth.test();
+    const authResult = await _SlackAdapter.withInitTimeout(app.client.auth.test());
     this.botUserId = authResult.user_id ?? "";
+    this.logger.info("authenticated", {
+      botUserId: this.botUserId,
+      workspace: authResult.team
+    });
     app.message(async ({ event, client }) => {
       await handleInboundMessage2(event, client, relay, this.botUserId, this.makeInboundCallbacks(), this.logger, this.config.typingIndicator ?? "none", this.pendingReactions);
     });
@@ -103406,6 +103581,7 @@ var SlackAdapter = class extends BaseRelayAdapter {
     app.error(async (error) => {
       this.recordError(error);
     });
+    this.logger.info("connecting via Socket Mode");
     await app.start();
     this.app = app;
   }
@@ -103450,6 +103626,21 @@ var SlackAdapter = class extends BaseRelayAdapter {
       logger: this.logger
     });
   }
+  /**
+   * Wrap a promise with a timeout guard.
+   *
+   * Used for auth.test() calls in both `_start()` and `testConnection()` to
+   * prevent indefinite hangs when the Slack API is unreachable.
+   */
+  static async withInitTimeout(promise) {
+    let timer;
+    return Promise.race([
+      promise,
+      new Promise((_4, reject) => {
+        timer = setTimeout(() => reject(new Error("Slack auth.test() timed out \u2014 check your bot token and network connectivity")), _SlackAdapter.INIT_TIMEOUT_MS);
+      })
+    ]).finally(() => clearTimeout(timer));
+  }
   /**
    * Handle a tool approval or denial action from Slack interactive buttons.
    *
@@ -103582,7 +103773,11 @@ var STREAM_EVENT_TYPES = /* @__PURE__ */ new Set([
 async function handleAgentMessage(subject, envelope, context, startTime, config, deps, relay) {
   const agentId = extractAgentId(subject);
   if (!agentId) {
-    return { success: false, error: `Could not extract agentId from subject: ${subject}`, durationMs: Date.now() - startTime };
+    return {
+      success: false,
+      error: `Could not extract agentId from subject: ${subject}`,
+      durationMs: Date.now() - startTime
+    };
   }
   const log = deps.logger ?? console;
   if (!deps.agentSessionStore) {
@@ -103674,7 +103869,11 @@ async function handleAgentMessage(subject, envelope, context, startTime, config,
   } catch (err) {
     streamError = err instanceof Error ? err.message : String(err);
     log.error("[CCA] Streaming error:", err);
-    deps.traceStore.updateSpan(envelope.id, { status: "failed", processedAt: Date.now(), error: streamError });
+    deps.traceStore.updateSpan(envelope.id, {
+      status: "failed",
+      processedAt: Date.now(),
+      error: streamError
+    });
   } finally {
     clearTimeout(timeout);
     if (!streamedDone && envelope.replyTo && relay) {
@@ -104343,11 +104542,7 @@ async function loadAdapterConfig(configPath) {
 async function saveAdapterConfig(configPath, configs) {
   await mkdir4(dirname3(configPath), { recursive: true });
   const tmpPath = `${configPath}.tmp`;
-  await writeFile2(
-    tmpPath,
-    JSON.stringify({ adapters: configs }, null, 2),
-    "utf-8"
-  );
+  await writeFile2(tmpPath, JSON.stringify({ adapters: configs }, null, 2), "utf-8");
   await rename2(tmpPath, configPath);
 }
 async function ensureDefaultAdapterConfig(configPath) {
@@ -104371,11 +104566,7 @@ async function ensureDefaultAdapterConfig(configPath) {
       };
       try {
         await mkdir4(dirname3(configPath), { recursive: true });
-        await writeFile2(
-          configPath,
-          JSON.stringify(defaultConfig, null, 2),
-          "utf-8"
-        );
+        await writeFile2(configPath, JSON.stringify(defaultConfig, null, 2), "utf-8");
         logger.info("[AdapterConfig] Generated default adapters.json with claude-code adapter");
       } catch (writeErr) {
         logger.warn("[AdapterConfig] Failed to write default config:", writeErr);
@@ -104465,38 +104656,25 @@ function defaultAdapterStatus() {
 async function createAdapter(config, deps, configPath, onPluginManifest) {
   switch (config.type) {
     case "telegram": {
-      const adapter = new TelegramAdapter(
-        config.id,
-        config.config
-      );
+      const adapter = new TelegramAdapter(config.id, config.config);
       adapter.setLogger(createTaggedLogger(`telegram:${config.id}`));
       return adapter;
     }
     case "webhook":
-      return new WebhookAdapter(
-        config.id,
-        config.config
-      );
+      return new WebhookAdapter(config.id, config.config);
     case "slack": {
-      const adapter = new SlackAdapter(
-        config.id,
-        config.config
-      );
+      const adapter = new SlackAdapter(config.id, config.config);
       adapter.setLogger(createTaggedLogger(`slack:${config.id}`));
       return adapter;
     }
     case "claude-code":
-      return new ClaudeCodeAdapter(
-        config.id,
-        config.config,
-        {
-          agentManager: deps.agentManager,
-          traceStore: deps.traceStore,
-          pulseStore: deps.pulseStore,
-          agentSessionStore: deps.agentSessionStore,
-          logger
-        }
-      );
+      return new ClaudeCodeAdapter(config.id, config.config, {
+        agentManager: deps.agentManager,
+        traceStore: deps.traceStore,
+        pulseStore: deps.pulseStore,
+        agentSessionStore: deps.agentSessionStore,
+        logger
+      });
     case "plugin":
       return loadPluginAdapter(config, configPath, onPluginManifest);
     default:
@@ -104862,7 +105040,10 @@ var AgentSessionStore = class {
   }
   /** Enqueue an atomic persist, serialized to prevent concurrent tmp+rename races. */
   persist() {
-    this.writeLock = this.writeLock.then(() => this.doPersist(), () => this.doPersist());
+    this.writeLock = this.writeLock.then(
+      () => this.doPersist(),
+      () => this.doPersist()
+    );
     return this.writeLock;
   }
   /** Atomic tmp+rename write. Must be serialized via writeLock. */
@@ -104928,7 +105109,10 @@ var BindingRouter = class _BindingRouter {
       try {
         await this.saveSessionMap();
       } catch (err) {
-        logger.warn("BindingRouter: failed to persist session map after cleanup, will retry on next write", err);
+        logger.warn(
+          "BindingRouter: failed to persist session map after cleanup, will retry on next write",
+          err
+        );
       }
       logger.info(`Cleaned up ${removed} orphaned session mapping(s)`);
     }
@@ -104946,9 +105130,7 @@ var BindingRouter = class _BindingRouter {
       }
       const binding = this.deps.bindingStore.resolve(adapterId, chatId, channelType);
       if (!binding) {
-        logger.info(
-          `BindingRouter: no binding for adapter=${adapterId} chat=${chatId}, skipping`
-        );
+        logger.info(`BindingRouter: no binding for adapter=${adapterId} chat=${chatId}, skipping`);
         return;
       }
       if (binding.canReceive === false) {
@@ -105024,7 +105206,10 @@ var BindingRouter = class _BindingRouter {
         try {
           await this.saveSessionMap();
         } catch (err) {
-          logger.warn("BindingRouter: failed to persist session map, will retry on next write", err);
+          logger.warn(
+            "BindingRouter: failed to persist session map, will retry on next write",
+            err
+          );
         }
         return sessionId;
       } finally {
@@ -105060,10 +105245,7 @@ var BindingRouter = class _BindingRouter {
       agentId: binding.agentId,
       projectPath
     });
-    const session = await this.deps.agentManager.createSession(
-      projectPath,
-      binding.permissionMode
-    );
+    const session = await this.deps.agentManager.createSession(projectPath, binding.permissionMode);
     return session.id;
   }
   /**
@@ -105123,7 +105305,10 @@ var BindingRouter = class _BindingRouter {
     }
   }
   saveSessionMap() {
-    this.writeLock = this.writeLock.then(() => this.doSaveSessionMap(), () => this.doSaveSessionMap());
+    this.writeLock = this.writeLock.then(
+      () => this.doSaveSessionMap(),
+      () => this.doSaveSessionMap()
+    );
     return this.writeLock;
   }
   /** Atomic tmp+rename write of the session map. Must be serialized via writeLock. */
@@ -105256,7 +105441,9 @@ var AdapterManager = class {
   /** Initialize the binding subsystem. Non-fatal on failure — logs and continues. */
   async initBindingSubsystem() {
     if (!this.deps.relayCore || !this.deps.meshCore) {
-      logger.info("[AdapterManager] relayCore or meshCore not provided, skipping binding subsystem");
+      logger.info(
+        "[AdapterManager] relayCore or meshCore not provided, skipping binding subsystem"
+      );
       return;
     }
     this.bindingSubsystem = await BindingSubsystem.init({
@@ -105316,7 +105503,11 @@ var AdapterManager = class {
     config.enabled = false;
     await saveAdapterConfig(this.configPath, this.configs);
     await this.registry.unregister(id);
-    this.deps.eventRecorder?.insertAdapterEvent(id, "adapter.disconnected", "Disconnected from relay");
+    this.deps.eventRecorder?.insertAdapterEvent(
+      id,
+      "adapter.disconnected",
+      "Disconnected from relay"
+    );
   }
   /**
    * List all adapter configs paired with their current runtime status.
@@ -105342,10 +105533,7 @@ var AdapterManager = class {
     };
     const maskedConfig = {
       ...config,
-      config: maskSensitiveFields(
-        config.config,
-        manifest
-      )
+      config: maskSensitiveFields(config.config, manifest)
     };
     return { config: maskedConfig, status };
   }
@@ -105401,6 +105589,7 @@ var AdapterManager = class {
   }
   /** Add a new adapter instance, persist config, and start it if enabled. */
   async addAdapter(type, id, config, enabled = true, label) {
+    logger.info("[AdapterManager] adding adapter", { type, id, enabled });
     if (this.configs.some((c3) => c3.id === id)) {
       throw new AdapterError(`Adapter with ID '${id}' already exists`, "DUPLICATE_ID");
     }
@@ -105427,10 +105616,25 @@ var AdapterManager = class {
     };
     this.configs.push(adapterConfig);
     await saveAdapterConfig(this.configPath, this.configs);
+    logger.debug("[AdapterManager] config saved", { id });
     if (enabled) {
       const adapter = await this.buildAdapter(adapterConfig);
       if (adapter) {
-        await this.registry.register(adapter);
+        logger.info("[AdapterManager] starting adapter", { id });
+        try {
+          await this.registry.register(adapter);
+          this.deps.eventRecorder?.insertAdapterEvent(
+            id,
+            "adapter.connected",
+            "Connected to relay"
+          );
+          logger.info("[AdapterManager] adapter registered", { id });
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          this.deps.eventRecorder?.insertAdapterEvent(id, "adapter.error", message);
+          logger.error("[AdapterManager] adapter start failed", { id, error: message });
+          throw err;
+        }
       }
     }
   }
@@ -105603,10 +105807,7 @@ var AdapterManager = class {
       if (manifest.setupGuide) continue;
       try {
         const docsPath = this.resolveAdapterDocsPath(type);
-        const setupGuide = await readFile8(
-          join12(docsPath, "setup.md"),
-          "utf-8"
-        );
+        const setupGuide = await readFile8(join12(docsPath, "setup.md"), "utf-8");
         this.manifests.set(type, { ...manifest, setupGuide });
       } catch {
       }
@@ -105923,7 +106124,10 @@ function createRelayRouter(relayCore2, adapterManager2, traceStore2) {
       return res.json(publishResult);
     } catch (err) {
       const message = err instanceof Error ? err.message : "Publish failed";
-      return res.status(422).json({ error: message, code: err?.code ?? "PUBLISH_FAILED" });
+      return res.status(422).json({
+        error: message,
+        code: err?.code ?? "PUBLISH_FAILED"
+      });
     }
   });
   router13.get("/messages", (_req, res) => {
@@ -105998,9 +106202,7 @@ function createRelayRouter(relayCore2, adapterManager2, traceStore2) {
   });
   router13.get("/dead-letters", async (_req, res) => {
     const endpointHash = _req.query.endpointHash;
-    const deadLetters = await relayCore2.getDeadLetters(
-      endpointHash ? { endpointHash } : void 0
-    );
+    const deadLetters = await relayCore2.getDeadLetters(endpointHash ? { endpointHash } : void 0);
     return res.json(deadLetters);
   });
   router13.get("/dead-letters/aggregated", async (_req, res) => {
@@ -106297,9 +106499,7 @@ var TraceStore = class {
     const rows = this.db.select({
       metadata: relayTraces.metadata,
       sentAt: relayTraces.sentAt
-    }).from(relayTraces).where(
-      sql`json_extract(${relayTraces.metadata}, '$.adapterId') = ${adapterId}`
-    ).all();
+    }).from(relayTraces).where(sql`json_extract(${relayTraces.metadata}, '$.adapterId') = ${adapterId}`).all();
     const VALID_CHANNEL_TYPES = /* @__PURE__ */ new Set(["dm", "group", "channel", "thread"]);
     const chatMap = /* @__PURE__ */ new Map();
     for (const row of rows) {
@@ -106694,11 +106894,10 @@ var DenialList = class {
    * onConflictDoUpdate on the unique `path` column.
    *
    * @param filePath - Absolute path to the project directory
-   * @param strategy - Strategy name that detected the directory
    * @param reason - Human-readable reason for denial (optional)
    * @param denier - Identifier of the entity performing the denial (e.g., "user", "system")
    */
-  deny(filePath, strategy, reason, denier) {
+  deny(filePath, reason, denier) {
     const canonicalPath = this.canonicalize(filePath);
     this.db.insert(agentDenials).values({
       id: generateUlid4(),
@@ -106757,9 +106956,6 @@ var DenialList = class {
   rowToRecord(row) {
     return {
       path: row.path,
-      // DenialRecord requires strategy but agentDenials schema doesn't have it;
-      // use 'manual' as default since strategy was dropped in the schema migration.
-      strategy: "manual",
       reason: row.reason ?? void 0,
       deniedBy: row.denier ?? "unknown",
       deniedAt: row.createdAt
@@ -107156,7 +107352,10 @@ function validateNamespace(ns) {
     return { valid: false, reason: "Namespace must not be empty" };
   }
   if (ns.length > MAX_NAMESPACE_LENGTH) {
-    return { valid: false, reason: `Namespace must be at most ${MAX_NAMESPACE_LENGTH} characters (got ${ns.length})` };
+    return {
+      valid: false,
+      reason: `Namespace must be at most ${MAX_NAMESPACE_LENGTH} characters (got ${ns.length})`
+    };
   }
   return { valid: true };
 }
@@ -107247,7 +107446,6 @@ function manifestDiffersFromEntry(manifest, entry) {
 
 // ../mesh/dist/discovery/unified-scanner.js
 import fs18 from "fs/promises";
-import { realpathSync as realpathSync2 } from "fs";
 import path29 from "path";
 
 // ../mesh/dist/discovery/types.js
@@ -107313,7 +107511,7 @@ async function* unifiedScan(options, strategies, registry2, denialList) {
       if (followSymlinks) {
         let realDir;
         try {
-          realDir = realpathSync2(dir);
+          realDir = await fs18.realpath(dir);
         } catch {
           continue;
         }
@@ -107330,7 +107528,9 @@ async function* unifiedScan(options, strategies, registry2, denialList) {
       }
       let entries;
       try {
-        entries = await fs18.readdir(dir, { withFileTypes: true });
+        entries = await fs18.readdir(dir, {
+          withFileTypes: true
+        });
       } catch (err) {
         const code3 = err.code;
         if (code3 === "EACCES" || code3 === "EPERM") {
@@ -107368,7 +107568,7 @@ async function* unifiedScan(options, strategies, registry2, denialList) {
         for (const entry of entries) {
           const isDir = entry.isDirectory();
           const isSymlink = entry.isSymbolicLink();
-          if (!isDir && !(followSymlinks && isSymlink))
+          if (!isDir && !isSymlink)
             continue;
           if (isSymlink && !followSymlinks)
             continue;
@@ -107653,9 +107853,8 @@ function listCrossNamespaceRules(deps) {
 }
 
 // ../mesh/dist/mesh-denial.js
-var DEFAULT_REGISTRAR2 = "mesh";
-async function deny(deps, filePath, reason, denier = DEFAULT_REGISTRAR2) {
-  deps.denialList.deny(filePath, "manual", reason, denier);
+async function deny(deps, filePath, reason, denier = DEFAULT_REGISTRAR) {
+  deps.denialList.deny(filePath, reason, denier);
 }
 async function undeny(deps, filePath) {
   deps.denialList.clear(filePath);
@@ -107694,8 +107893,23 @@ var MeshCore = class {
     this.relayBridge = relayBridge;
     this.defaultScanRoot = defaultScanRoot;
     this.logger = logger3;
-    this.discoveryDeps = { registry: registry2, denialList, relayBridge, strategies, defaultScanRoot, logger: logger3, generateUlid: monotonicFactory() };
-    this.agentDeps = { registry: registry2, relayBridge, topology, signalEmitter: options.signalEmitter, logger: logger3, onUnregisterCallbacks: this.onUnregisterCallbacks };
+    this.discoveryDeps = {
+      registry: registry2,
+      denialList,
+      relayBridge,
+      strategies,
+      defaultScanRoot,
+      logger: logger3,
+      generateUlid: monotonicFactory()
+    };
+    this.agentDeps = {
+      registry: registry2,
+      relayBridge,
+      topology,
+      signalEmitter: options.signalEmitter,
+      logger: logger3,
+      onUnregisterCallbacks: this.onUnregisterCallbacks
+    };
     this.denialDeps = { denialList };
   }
   // --- Discovery & Registration ---
@@ -107897,9 +108111,7 @@ function enrichAgent(agent, namespace, deps, scheduleCounts, relayEndpoints) {
   if (relaySubject && relayEndpoints.length > 0) {
     try {
       const nsPrefix = `relay.agent.${namespace}.`;
-      const matchingEndpoints = relayEndpoints.filter(
-        (ep) => ep.subject.startsWith(nsPrefix)
-      );
+      const matchingEndpoints = relayEndpoints.filter((ep) => ep.subject.startsWith(nsPrefix));
       relayAdapters = matchingEndpoints.map((ep) => ep.subject.slice(nsPrefix.length)).filter(Boolean);
     } catch {
     }
@@ -107973,7 +108185,9 @@ function createMeshRouter(deps) {
     const name = overrides?.name;
     const runtime = overrides?.runtime;
     if (!name || !runtime) {
-      return res.status(400).json({ error: "overrides.name and overrides.runtime are required for manual registration" });
+      return res.status(400).json({
+        error: "overrides.name and overrides.runtime are required for manual registration"
+      });
     }
     try {
       const manifest = await meshCore2.registerByPath(
@@ -108296,7 +108510,7 @@ var import_ip_address = __toESM(require_ip_address(), 1);
 import { isIPv6 } from "node:net";
 import { isIPv6 as isIPv62 } from "node:net";
 import { Buffer as Buffer2 } from "node:buffer";
-import { createHash as createHash2 } from "node:crypto";
+import { createHash } from "node:crypto";
 import { isIP } from "node:net";
 function ipKeyGenerator(ip, ipv6Subnet = 56) {
   if (ipv6Subnet && isIPv6(ip)) {
@@ -108460,7 +108674,7 @@ var getResetSeconds = (windowMs, resetTime) => {
   return resetSeconds;
 };
 var getPartitionKey = (key) => {
-  const hash = createHash2("sha256");
+  const hash = createHash("sha256");
   hash.update(key);
   const partitionKey = hash.digest("hex").slice(0, 12);
   return Buffer2.from(partitionKey).toString("base64");
@@ -114790,17 +115004,21 @@ function createExternalMcpServer(deps) {
     },
     handleGetServerInfo
   );
+  const agentScopeSchema2 = {
+    agent_id: z27.string().optional().describe("Agent ULID to scope the query to"),
+    cwd: z27.string().optional().describe("Working directory path to scope the query to")
+  };
   server.tool(
     "get_session_count",
-    "Returns the number of sessions visible in the SDK transcript directory.",
-    {},
+    "Returns the number of sessions for a specific agent. Provide either agent_id (ULID) or cwd (working directory path).",
+    agentScopeSchema2,
     createGetSessionCountHandler(deps)
   );
   server.tool(
-    "get_current_agent",
-    "Get the agent identity for the current working directory. Returns the agent manifest from .dork/agent.json if one exists, or null if no agent is registered.",
-    {},
-    createGetCurrentAgentHandler(deps)
+    "get_agent",
+    "Get the agent manifest for a specific agent. Provide either agent_id (ULID) or cwd (working directory path). Returns the agent manifest from .dork/agent.json if one exists, or null if no agent is registered.",
+    agentScopeSchema2,
+    createGetAgentHandler(deps)
   );
   server.tool(
     "pulse_list_schedules",
@@ -114900,14 +115118,14 @@ function createExternalMcpServer(deps) {
     createRelayRegisterEndpointHandler(deps)
   );
   server.tool(
-    "relay_query",
+    "relay_send_and_wait",
     'Send a message to an agent and WAIT for the reply in a single call. Preferred over relay_send + relay_inbox polling for request/reply patterns. Internally registers an ephemeral inbox, sends the message with replyTo set, and blocks until the target agent replies or the timeout elapses. Response shape: { reply, progress, from, replyMessageId, sentMessageId }. progress: array of intermediate steps emitted before the final reply (empty [] for quick replies; populated for multi-step CCA tasks). Each progress step: { type: "progress", step: number, step_type: "message"|"tool_result", text: string, done: false }. Callers that only use { reply, from, replyMessageId } are unaffected \u2014 progress is additive.',
     {
       to_subject: z27.string().describe('Target subject for the message (e.g., "relay.agent.{agentId}")'),
       payload: z27.unknown().describe("Message payload (any JSON-serializable value)"),
       from: z27.string().describe("Sender subject identifier"),
       timeout_ms: z27.number().int().min(1e3).max(6e5).optional().describe(
-        "Max milliseconds to wait for a reply (default: 60000, max: 600000). For tasks longer than 10 min, use relay_dispatch instead."
+        "Max milliseconds to wait for a reply (default: 60000, max: 600000). For tasks longer than 10 min, use relay_send_async instead."
       ),
       budget: z27.object({
         maxHops: z27.number().int().min(1).optional().describe("Max hop count"),
@@ -114918,8 +115136,8 @@ function createExternalMcpServer(deps) {
     createRelayQueryHandler(deps)
   );
   server.tool(
-    "relay_dispatch",
-    "Dispatch a message to an agent and return IMMEDIATELY with a dispatch inbox subject. Unlike relay_query (which blocks), relay_dispatch returns { messageId, inboxSubject } at once. Agent B runs asynchronously; CCA publishes incremental progress events and a final agent_result to the inbox. Poll relay_inbox(endpoint_subject=inboxSubject) for updates. When you receive a message with done:true, call relay_unregister_endpoint(inboxSubject) to clean up.",
+    "relay_send_async",
+    "Dispatch a message to an agent and return IMMEDIATELY with a dispatch inbox subject. Unlike relay_send_and_wait (which blocks), relay_send_async returns { messageId, inboxSubject } at once. Agent B runs asynchronously; CCA publishes incremental progress events and a final agent_result to the inbox. Poll relay_inbox(endpoint_subject=inboxSubject) for updates. When you receive a message with done:true, call relay_unregister_endpoint(inboxSubject) to clean up.",
     {
       to_subject: z27.string().describe('Target subject (e.g., "relay.agent.{agentId}")'),
       payload: z27.unknown().describe("Message payload"),
@@ -114934,7 +115152,7 @@ function createExternalMcpServer(deps) {
   );
   server.tool(
     "relay_unregister_endpoint",
-    "Unregister a Relay endpoint. Use to clean up dispatch inboxes after relay_dispatch completes (when done:true received).",
+    "Unregister a Relay endpoint. Use to clean up dispatch inboxes after relay_send_async completes (when done:true received).",
     {
       subject: z27.string().describe("Subject of the endpoint to unregister")
     },
@@ -116372,14 +116590,20 @@ function createMcpRouter(serverFactory) {
   router13.get("/", (_req, res) => {
     res.status(405).json({
       jsonrpc: "2.0",
-      error: { code: -32e3, message: "Method not allowed. This server operates in stateless mode." },
+      error: {
+        code: -32e3,
+        message: "Method not allowed. This server operates in stateless mode."
+      },
       id: null
     });
   });
   router13.delete("/", (_req, res) => {
     res.status(405).json({
       jsonrpc: "2.0",
-      error: { code: -32e3, message: "Method not allowed. This server operates in stateless mode." },
+      error: {
+        code: -32e3,
+        message: "Method not allowed. This server operates in stateless mode."
+      },
       id: null
     });
   });
@@ -116414,10 +116638,7 @@ function validateMcpOrigin(req, res, next) {
     return;
   }
   const port = env.DORKOS_PORT;
-  const allowed = [
-    `http://localhost:${port}`,
-    `http://127.0.0.1:${port}`
-  ];
+  const allowed = [`http://localhost:${port}`, `http://127.0.0.1:${port}`];
   const tunnelUrl = tunnelManager.status.url;
   if (tunnelUrl) {
     allowed.push(new URL(tunnelUrl).origin);
@@ -116488,7 +116709,10 @@ async function start() {
     logger.info("[Runtime] ClaudeCodeRuntime registered as default");
   }
   const schedulerConfig = configManager.get("scheduler");
-  const pulseEnabled = env.DORKOS_PULSE_ENABLED || schedulerConfig.enabled;
+  const pulseEnabled = (
+    // eslint-disable-next-line no-restricted-syntax -- Checking presence, not value: env.ts can't distinguish "unset" from "set to false"
+    "DORKOS_PULSE_ENABLED" in process.env ? env.DORKOS_PULSE_ENABLED : schedulerConfig.enabled
+  );
   let pulseStore;
   if (pulseEnabled) {
     try {
@@ -116501,8 +116725,11 @@ async function start() {
     }
   }
   const relayConfig = configManager.get("relay");
-  const relayEnabled = "DORKOS_RELAY_ENABLED" in process.env ? env.DORKOS_RELAY_ENABLED : relayConfig?.enabled ?? false;
-  const relayDataDir = relayConfig?.dataDir ?? path33.join(dorkHome, "relay");
+  const relayEnabled = (
+    // eslint-disable-next-line no-restricted-syntax -- Checking presence, not value: env.ts can't distinguish "unset" from "set to false"
+    "DORKOS_RELAY_ENABLED" in process.env ? env.DORKOS_RELAY_ENABLED : relayConfig.enabled
+  );
+  const relayDataDir = relayConfig.dataDir ?? path33.join(dorkHome, "relay");
   if (relayEnabled) {
     try {
       adapterRegistry = new AdapterRegistry();
@@ -116584,23 +116811,36 @@ async function start() {
     };
     claudeRuntime.setMcpServerFactory(() => ({ dorkos: createDorkOsToolServer(mcpToolDeps) }));
     const mcpAuthMode = env.MCP_API_KEY ? "auth: API key" : "auth: none";
-    app.use("/mcp", validateMcpOrigin, mcpApiKeyAuth, createMcpRouter(() => createExternalMcpServer(mcpToolDeps)));
+    app.use(
+      "/mcp",
+      validateMcpOrigin,
+      mcpApiKeyAuth,
+      createMcpRouter(() => createExternalMcpServer(mcpToolDeps))
+    );
     logger.info(`[MCP] External MCP server mounted at /mcp (stateless, ${mcpAuthMode})`);
   }
   if (pulseEnabled && pulseStore && claudeRuntime) {
-    schedulerService = new SchedulerService(pulseStore, claudeRuntime, {
-      maxConcurrentRuns: schedulerConfig.maxConcurrentRuns,
-      retentionCount: schedulerConfig.retentionCount,
-      timezone: schedulerConfig.timezone
-    }, relayCore, meshCore);
-    app.use("/api/pulse", createPulseRouter(pulseStore, schedulerService, meshCore));
+    schedulerService = new SchedulerService(
+      pulseStore,
+      claudeRuntime,
+      {
+        maxConcurrentRuns: schedulerConfig.maxConcurrentRuns,
+        retentionCount: schedulerConfig.retentionCount,
+        timezone: schedulerConfig.timezone
+      },
+      relayCore,
+      meshCore
+    );
+    app.use("/api/pulse", createPulseRouter(pulseStore, schedulerService, dorkHome, meshCore));
     setPulseEnabled(true);
     logger.info("[Pulse] Routes mounted and scheduler configured");
     if (meshCore) {
       meshCore.onUnregister((agentId) => {
         const disabledCount = pulseStore.disableSchedulesByAgentId(agentId);
         if (disabledCount > 0) {
-          logger.info(`[Pulse] Disabled ${disabledCount} schedule(s) for unregistered agent ${agentId}`);
+          logger.info(
+            `[Pulse] Disabled ${disabledCount} schedule(s) for unregistered agent ${agentId}`
+          );
         }
       });
     }
@@ -116621,11 +116861,14 @@ async function start() {
     app.use("/api/discovery", createDiscoveryRouter(meshCore));
     logger.info("[Discovery] Routes mounted");
   }
-  app.use("/api/admin", createAdminRouter({
-    dorkHome,
-    shutdownServices,
-    closeDb: () => db.$client.close()
-  }));
+  app.use(
+    "/api/admin",
+    createAdminRouter({
+      dorkHome,
+      shutdownServices,
+      closeDb: () => db.$client.close()
+    })
+  );
   logger.info("[Admin] Routes mounted");
   finalizeApp(app);
   if (relayCore) {
@@ -116640,12 +116883,9 @@ async function start() {
     logger.info("[Pulse] Scheduler started");
   }
   if (claudeRuntime) {
-    healthCheckInterval = setInterval(
-      () => {
-        claudeRuntime.checkSessionHealth();
-      },
-      INTERVALS.HEALTH_CHECK_MS
-    );
+    healthCheckInterval = setInterval(() => {
+      claudeRuntime.checkSessionHealth();
+    }, INTERVALS.HEALTH_CHECK_MS);
   }
   if (env.TUNNEL_ENABLED) {
     const tunnelPort = env.TUNNEL_PORT ?? PORT;
@@ -116665,7 +116905,10 @@ async function start() {
         ...isDevPort && { mode: `dev (Vite on :${tunnelPort})` }
       });
     } catch (err) {
-      logger.warn("[Tunnel] Failed to start ngrok tunnel \u2014 server continues without tunnel.", logError(err));
+      logger.warn(
+        "[Tunnel] Failed to start ngrok tunnel \u2014 server continues without tunnel.",
+        logError(err)
+      );
     }
   }
 }