droid-mode 0.1.4 → 0.2.0

package/README.md

@@ -74,13 +74,32 @@ flowchart LR
 
 | Component | Purpose |
 |-----------|---------|
-| **Unix Socket** | IPC channel at `/tmp/dm-daemon.sock` for low-latency communication |
+| **Per-Project Sockets** | Each project gets its own daemon at `~/.factory/run/dm-daemon-<hash>.sock` |
 | **Connection Pool** | Lazy-initialized clients with automatic lifecycle management |
 | **Auto-Warm** | Pre-connects frequently used servers on daemon start |
 | **Idle Pruning** | Closes unused connections after 10 minutes (configurable) |
 
 The daemon starts automatically on first `dm call`. Without it, each call spawns a fresh MCP process (~2.5s average). With the daemon, calls reuse pooled connections (~680ms average).
 
+#### Multi-Project Isolation
+
+When working across multiple projects, each project automatically gets its own daemon:
+
+```bash
+# Project A - starts daemon bound to Project A's config
+cd ~/projects/frontend && dm daemon start
+# Socket: ~/.factory/run/dm-daemon-a1b2c3d4.sock
+
+# Project B - starts separate daemon with Project B's config  
+cd ~/projects/backend && dm daemon start
+# Socket: ~/.factory/run/dm-daemon-e5f6g7h8.sock
+
+# List all running daemons
+dm daemon status --all
+```
+
+This prevents configuration bleed between projects and ensures governance compliance when projects have different MCP server access policies.
+
 ---
 
 ## Performance Benchmarks
@@ -209,9 +228,11 @@ dm daemon stop     # Stop daemon
 
 | Command | Description |
 |---------|-------------|
-| `dm daemon start` | Start background daemon |
-| `dm daemon stop` | Stop daemon |
-| `dm daemon status` | Show connection pool status |
+| `dm daemon start` | Start background daemon for current project |
+| `dm daemon stop` | Stop current project's daemon |
+| `dm daemon status` | Show current project's daemon status |
+| `dm daemon status --all` | List all running daemons across projects |
+| `dm daemon list` | Alias for `status --all` |
 | `dm daemon warm [server]` | Pre-warm server connection(s) |
 | `dm call ... --no-daemon` | Bypass daemon for single call |
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "droid-mode",
-  "version": "0.1.4",
+  "version": "0.2.0",
   "description": "Progressive Code-Mode MCP integration for Factory.ai Droid - access MCP tools without context bloat",
   "type": "module",
   "main": "dist/cli.js",

package/templates/skills/droid-mode/README.md

@@ -152,7 +152,31 @@ All artifacts written to `.factory/droid-mode/`:
 
 ## Daemon Mode (Performance)
 
-The daemon maintains persistent MCP connections, reducing call latency by ~5x.
+The daemon maintains persistent MCP connections, reducing call latency by ~5x. Each project gets its own isolated daemon instance.
+
+### Per-Project Isolation
+
+Droid Mode automatically creates separate daemons for each project, preventing configuration cross-contamination:
+
+```bash
+# Each project gets its own daemon
+cd ~/project-a && dm daemon start  # → dm-daemon-<hash-a>.sock
+cd ~/project-b && dm daemon start  # → dm-daemon-<hash-b>.sock
+
+# View all daemons across projects
+dm daemon status --all
+
+# Output:
+# project                    pid    status   started
+# -------------------------  -----  -------  ----------
+# /Users/me/project-a        12345  running  2026-01-04
+# /Users/me/project-b        12346  running  2026-01-04
+```
+
+This ensures:
+- **Configuration isolation**: Each daemon loads its project's `mcp.json`
+- **Connection separation**: MCP server connections don't leak between projects
+- **Governance compliance**: Projects with different access policies stay separated
 
 ### Benchmark Results
 
@@ -161,23 +185,15 @@ The daemon maintains persistent MCP connections, reducing call latency by ~5x.
 | Without Daemon | ~2,900ms | 29.9s |
 | **With Daemon** | **~620ms** | **10.2s** |
 
-### Usage
+### Commands
 
 ```bash
-# Start daemon (runs in background)
-dm daemon start
-
-# All dm call commands automatically use daemon
-dm call list_collections --server context-repo
-
-# Check connection status
-dm daemon status
-
-# Stop daemon
-dm daemon stop
-
-# Bypass daemon for a single call
-dm call tool --server X --no-daemon
+dm daemon start          # Start daemon for current project
+dm daemon stop           # Stop current project's daemon
+dm daemon status         # Check current project's daemon
+dm daemon status --all   # List ALL daemons across projects
+dm daemon list           # Alias for status --all
+dm daemon warm [server]  # Pre-warm connections
 ```
 
 The daemon is optional—without it, everything works as before.

package/templates/skills/droid-mode/bin/dm

@@ -1,14 +1,14 @@
 #!/usr/bin/env node
 import fs from "node:fs";
 
-import { parseArgs, printTable } from "../lib/util.mjs";
+import { parseArgs, printTable, listAllDaemons } from "../lib/util.mjs";
 import { loadMcpConfigs, resolveServer, summarizeServerForDisplay, listAllServers } from "../lib/config.mjs";
 import { McpClient } from "../lib/mcp_client.mjs";
 import { getToolsCached, compactToolSummaries } from "../lib/tool_index.mjs";
 import { searchTools } from "../lib/search.mjs";
 import { hydrateTools } from "../lib/hydrate.mjs";
 import { createToolApi, executeWorkflow, writeRunArtifact } from "../lib/run.mjs";
-import { isDaemonRunning, callViaDaemon, getDaemonStatus, shutdownDaemon, startDaemon, ensureDaemonRunning, warmServers } from "../lib/daemon_client.mjs";
+import { isDaemonRunning, callViaDaemon, getDaemonStatus, shutdownDaemon, startDaemon, ensureDaemonRunning, warmServers, getCurrentDaemonPaths } from "../lib/daemon_client.mjs";
 import { setServerAutoWarm, getServerState } from "../lib/state.mjs";
 
 function usage() {
@@ -22,13 +22,15 @@ Usage:
   dm search  "<query>" --server <name> [--limit 8] [--refresh] [--json]
   dm hydrate <tool1> <tool2> ... --server <name> [--out <dir>] [--refresh] [--json]
   dm run     --workflow <file.js> --tools <a,b,...> --server <name> [--retries 3] [--timeout-ms 300000] [--json]
-  dm call    <tool> --server <name> [--args-json '{...}'] [--args-file path.json] [--json] [--no-daemon]
+  dm call    <tool> --server <name> [--args '{...}'] [--args-file path.json] [--json] [--no-daemon]
 
 Daemon (persistent connections for faster calls):
-  dm daemon start            → Start background daemon (auto-warms servers)
-  dm daemon stop             → Stop daemon
-  dm daemon status [--json]  → Show connection pool status
-  dm daemon warm [<server>]  → Pre-warm server(s)
+  dm daemon start               → Start background daemon for current project
+  dm daemon stop                → Stop current project's daemon
+  dm daemon status [--json]     → Show current project's daemon status
+  dm daemon status --all        → List all running daemons
+  dm daemon list                → Alias for status --all
+  dm daemon warm [<server>]     → Pre-warm server(s)
 
 Configuration:
   dm config <server> autoWarm true|false  → Enable/disable auto-warm for server
@@ -383,11 +385,11 @@ async function cmdCall(args) {
   }
 
   let argObj = {};
-  if (args.flags["args-json"]) {
+  if (args.flags["args"]) {
     try {
-      argObj = JSON.parse(String(args.flags["args-json"]));
+      argObj = JSON.parse(String(args.flags["args"]));
     } catch (err) {
-      fail(`Invalid --args-json: ${err.message || err}`);
+      fail(`Invalid --args JSON: ${err.message || err}`);
     }
   } else if (args.flags["args-file"]) {
     const p = String(args.flags["args-file"]);
@@ -431,16 +433,26 @@ async function cmdCall(args) {
 
 async function cmdDaemon(args) {
   const subcmd = args._[1];
+  const { socket, projectRoot } = getCurrentDaemonPaths();
 
   if (subcmd === "start") {
     const running = await isDaemonRunning();
     if (running) {
       process.stdout.write("Daemon is already running.\n");
+      if (projectRoot) {
+        process.stdout.write(`Project: ${projectRoot}\n`);
+      }
       return;
     }
     try {
-      const { pid } = await startDaemon();
-      process.stdout.write(`Daemon started (PID: ${pid})\n`);
+      const result = await startDaemon();
+      process.stdout.write(`Daemon started (PID: ${result.pid})\n`);
+      process.stdout.write(`Socket: ${result.socketPath}\n`);
+      if (result.projectRoot) {
+        process.stdout.write(`Project: ${result.projectRoot}\n`);
+      } else {
+        process.stdout.write(`Project: (global)\n`);
+      }
     } catch (err) {
       fail(`Failed to start daemon: ${err.message}`);
     }
@@ -455,28 +467,72 @@ async function cmdDaemon(args) {
     }
     await shutdownDaemon();
     process.stdout.write("Daemon stopped.\n");
+    if (projectRoot) {
+      process.stdout.write(`Project: ${projectRoot}\n`);
+    }
     return;
   }
 
-  if (subcmd === "status") {
+  if (subcmd === "status" || subcmd === "list") {
+    // --all flag shows all daemons across all projects
+    if (args.flags.all || subcmd === "list") {
+      const allDaemons = listAllDaemons();
+      
+      if (args.flags.json) {
+        process.stdout.write(JSON.stringify({ daemons: allDaemons }, null, 2) + "\n");
+        return;
+      }
+      
+      if (!allDaemons.length) {
+        process.stdout.write("No daemons found.\n");
+        return;
+      }
+      
+      printTable(
+        allDaemons.map((d) => ({
+          project: d.projectPath || "(global)",
+          pid: d.pid,
+          status: d.alive ? "running" : (d.stale ? "stale" : "unknown"),
+          started: d.startedAt?.split("T")[0] || "-",
+        })),
+        ["project", "pid", "status", "started"]
+      );
+      process.stdout.write(`\n${allDaemons.length} daemon(s) found.\n`);
+      return;
+    }
+    
+    // Default: show current project's daemon
     const running = await isDaemonRunning();
     if (!running) {
       if (args.flags.json) {
-        process.stdout.write(JSON.stringify({ running: false }, null, 2) + "\n");
+        process.stdout.write(JSON.stringify({ running: false, socket, projectRoot }, null, 2) + "\n");
       } else {
         process.stdout.write("Daemon is not running.\n");
+        process.stdout.write(`Socket: ${socket}\n`);
+        if (projectRoot) {
+          process.stdout.write(`Project: ${projectRoot}\n`);
+        } else {
+          process.stdout.write(`Project: (global)\n`);
+        }
       }
       return;
     }
 
     const status = await getDaemonStatus();
     if (args.flags.json) {
-      process.stdout.write(JSON.stringify({ running: true, ...status }, null, 2) + "\n");
+      process.stdout.write(JSON.stringify({ running: true, socket, projectRoot, ...status }, null, 2) + "\n");
       return;
     }
 
     const uptimeMin = Math.floor((status.uptime || 0) / 60000);
-    process.stdout.write(`Daemon running (uptime: ${uptimeMin}m)\n\n`);
+    process.stdout.write(`Daemon running (uptime: ${uptimeMin}m)\n`);
+    process.stdout.write(`Socket: ${socket}\n`);
+    if (projectRoot) {
+      process.stdout.write(`Project: ${projectRoot}\n`);
+    } else {
+      process.stdout.write(`Project: (global)\n`);
+    }
+    process.stdout.write("\n");
 
     if (status.connections?.length) {
       printTable(

package/templates/skills/droid-mode/lib/daemon.mjs

@@ -1,14 +1,40 @@
 import net from "node:net";
 import fs from "node:fs";
 import path from "node:path";
+import crypto from "node:crypto";
 import { McpClient } from "./mcp_client.mjs";
 import { resolveServer, listAllServers, loadMcpConfigs } from "./config.mjs";
 import { loadState, saveState, getServersToWarm, recordServerUsage } from "./state.mjs";
+import { getDaemonPaths, findProjectRoot, getRunDir } from "./util.mjs";
 
-const SOCKET_PATH = process.env.DM_DAEMON_SOCKET || "/tmp/dm-daemon.sock";
 const IDLE_TIMEOUT_MS = parseInt(process.env.DM_DAEMON_IDLE_MS || "600000", 10); // 10 minutes default
 const MAX_CONNECTIONS = 50;
 
+// Daemon paths are set via env vars from client, or computed from cwd
+function resolveDaemonConfig() {
+  // Client passes these via env when spawning daemon
+  if (process.env.DM_SOCKET_PATH && process.env.DM_META_PATH) {
+    return {
+      socketPath: process.env.DM_SOCKET_PATH,
+      metaPath: process.env.DM_META_PATH,
+      projectRoot: process.env.DM_PROJECT_ROOT || null,
+    };
+  }
+  // Fallback: compute from current project root
+  const projectRoot = findProjectRoot();
+  const paths = getDaemonPaths(projectRoot);
+  return {
+    socketPath: paths.socket,
+    metaPath: paths.meta,
+    projectRoot,
+  };
+}
+
+// Generate a random 128-bit token for PID reuse protection
+function generateToken() {
+  return crypto.randomBytes(16).toString("hex");
+}
+
 /**
  * Connection pool managing lazy-initialized MCP clients.
  */
@@ -194,6 +220,8 @@ export class DaemonServer {
     this.pool = new ConnectionPool();
     this.server = null;
     this.startedAt = null;
+    this.config = resolveDaemonConfig();
+    this.token = generateToken();
   }
 
   /**
@@ -205,7 +233,13 @@ export class DaemonServer {
     const { action, server, tool, args } = req;
 
     if (action === "ping") {
-      return { ok: true, pong: true, uptime: Date.now() - this.startedAt };
+      return { 
+        ok: true, 
+        pong: true, 
+        uptime: Date.now() - this.startedAt,
+        token: this.token,
+        projectRoot: this.config.projectRoot,
+      };
     }
 
     if (action === "status") {
@@ -296,13 +330,81 @@ export class DaemonServer {
     }
   }
 
+  /**
+   * Write metadata file with daemon info for discovery and management.
+   */
+  writeMetadata() {
+    const { metaPath, socketPath, projectRoot } = this.config;
+    const metadata = {
+      projectPath: projectRoot,
+      pid: process.pid,
+      token: this.token,
+      socketPath,
+      startedAt: new Date(this.startedAt).toISOString(),
+      version: "0.2.0",
+    };
+    // Atomic write: temp file then rename
+    const tmpPath = metaPath + ".tmp";
+    fs.writeFileSync(tmpPath, JSON.stringify(metadata, null, 2) + "\n", "utf-8");
+    fs.chmodSync(tmpPath, 0o600);
+    fs.renameSync(tmpPath, metaPath);
+  }
+
+  /**
+   * Remove metadata file on shutdown.
+   */
+  removeMetadata() {
+    try {
+      fs.unlinkSync(this.config.metaPath);
+    } catch {}
+  }
+
+  /**
+   * Check if socket is stale (ECONNREFUSED) or alive.
+   * @returns {Promise<'stale'|'alive'|'missing'>}
+   */
+  async checkSocketState() {
+    const { socketPath } = this.config;
+    if (!fs.existsSync(socketPath)) {
+      return "missing";
+    }
+    return new Promise((resolve) => {
+      const socket = net.createConnection(socketPath);
+      socket.on("connect", () => {
+        socket.end();
+        resolve("alive");
+      });
+      socket.on("error", (err) => {
+        if (err.code === "ECONNREFUSED" || err.code === "ENOENT") {
+          resolve("stale");
+        } else {
+          resolve("stale"); // Treat other errors as stale
+        }
+      });
+      setTimeout(() => {
+        socket.destroy();
+        resolve("stale");
+      }, 2000);
+    });
+  }
+
   /**
    * Start the daemon server.
    */
   async start() {
-    // Remove stale socket
-    if (fs.existsSync(SOCKET_PATH)) {
-      fs.unlinkSync(SOCKET_PATH);
+    const { socketPath } = this.config;
+
+    // Check for existing daemon - don't blindly unlink
+    const socketState = await this.checkSocketState();
+    if (socketState === "alive") {
+      throw new Error(`Daemon already running on ${socketPath}`);
+    }
+    
+    // Socket is stale or missing - safe to unlink before binding
+    if (socketState === "stale") {
+      try {
+        fs.unlinkSync(socketPath);
+      } catch {}
     }
 
     this.startedAt = Date.now();
@@ -338,9 +440,12 @@ export class DaemonServer {
 
       this.server.on("error", reject);
 
-      this.server.listen(SOCKET_PATH, async () => {
+      this.server.listen(socketPath, async () => {
         // Set socket permissions (user only)
-        fs.chmodSync(SOCKET_PATH, 0o600);
+        fs.chmodSync(socketPath, 0o600);
+
+        // Write metadata file for discovery
+        this.writeMetadata();
 
         // Start mcp.json watcher
         this.startMcpWatcher();
@@ -367,9 +472,14 @@ export class DaemonServer {
       this.server = null;
     }
 
-    if (fs.existsSync(SOCKET_PATH)) {
-      fs.unlinkSync(SOCKET_PATH);
-    }
+    // Clean up socket and metadata files
+    const { socketPath } = this.config;
+    try {
+      if (fs.existsSync(socketPath)) {
+        fs.unlinkSync(socketPath);
+      }
+    } catch {}
+    this.removeMetadata();
   }
 }
 
@@ -391,8 +501,14 @@ export async function runDaemon() {
 
   try {
     await daemon.start();
-    process.stdout.write(`Daemon started on ${SOCKET_PATH}\n`);
+    const { socketPath, projectRoot } = daemon.config;
+    process.stdout.write(`Daemon started on ${socketPath}\n`);
     process.stdout.write(`PID: ${process.pid}\n`);
+    if (projectRoot) {
+      process.stdout.write(`Project: ${projectRoot}\n`);
+    } else {
+      process.stdout.write(`Project: (global)\n`);
+    }
   } catch (err) {
     process.stderr.write(`Failed to start daemon: ${err.message}\n`);
     process.exit(1);

package/templates/skills/droid-mode/lib/daemon_client.mjs

@@ -3,20 +3,31 @@ import fs from "node:fs";
 import { spawn } from "node:child_process";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
+import { getDaemonPaths, findProjectRoot } from "./util.mjs";
 
-const SOCKET_PATH = process.env.DM_DAEMON_SOCKET || "/tmp/dm-daemon.sock";
+/**
+ * Get the current project's daemon paths.
+ * @returns {{ socket: string, meta: string, isOverride: boolean, projectRoot: string|null }}
+ */
+function getCurrentDaemonPaths() {
+  const projectRoot = findProjectRoot();
+  const paths = getDaemonPaths(projectRoot);
+  return { ...paths, projectRoot };
+}
 
 /**
  * Check if daemon is running by pinging the socket.
+ * @param {string} [socketPath] - Optional socket path, defaults to current project's daemon
  * @returns {Promise<boolean>}
  */
-export async function isDaemonRunning() {
-  if (!fs.existsSync(SOCKET_PATH)) {
+export async function isDaemonRunning(socketPath) {
+  const effectiveSocket = socketPath || getCurrentDaemonPaths().socket;
+  if (!fs.existsSync(effectiveSocket)) {
     return false;
   }
 
   try {
-    const res = await sendRequest({ action: "ping" }, { timeoutMs: 2000 });
+    const res = await sendRequest({ action: "ping" }, { timeoutMs: 2000, socketPath: effectiveSocket });
     return res?.ok === true && res?.pong === true;
   } catch {
     return false;
@@ -26,14 +37,15 @@ export async function isDaemonRunning() {
 /**
  * Send a request to the daemon.
  * @param {object} req
- * @param {{ timeoutMs?: number }} opts
+ * @param {{ timeoutMs?: number, socketPath?: string }} opts
  * @returns {Promise<object>}
  */
 export async function sendRequest(req, opts = {}) {
   const timeoutMs = opts.timeoutMs || 65000; // Slightly longer than tool timeout
+  const effectiveSocket = opts.socketPath || getCurrentDaemonPaths().socket;
 
   return new Promise((resolve, reject) => {
-    const socket = net.createConnection(SOCKET_PATH);
+    const socket = net.createConnection(effectiveSocket);
     let buffer = "";
     let resolved = false;
 
@@ -122,11 +134,13 @@ export async function shutdownDaemon() {
 
 /**
  * Start the daemon as a background process.
- * @returns {Promise<{ pid: number }>}
+ * @returns {Promise<{ pid: number, socketPath: string, projectRoot: string|null }>}
  */
 export async function startDaemon() {
+  const { socket, meta, projectRoot } = getCurrentDaemonPaths();
+  
   // Check if already running
-  if (await isDaemonRunning()) {
+  if (await isDaemonRunning(socket)) {
     throw new Error("Daemon is already running");
   }
 
@@ -135,11 +149,16 @@ export async function startDaemon() {
   const daemonPath = path.join(__dirname, "daemon.mjs");
 
   // Spawn fully detached process with no stdio connection
-  // This prevents the daemon from exiting when the parent exits
+  // Pass socket/meta paths via env so daemon knows where to bind
   const child = spawn(process.execPath, [daemonPath, "run"], {
     detached: true,
     stdio: "ignore", // Fully detach stdio
-    env: { ...process.env },
+    env: {
+      ...process.env,
+      DM_SOCKET_PATH: socket,
+      DM_META_PATH: meta,
+      DM_PROJECT_ROOT: projectRoot || "",
+    },
   });
 
   // Immediately unref so parent can exit
@@ -152,8 +171,8 @@ export async function startDaemon() {
 
   while (Date.now() - start < maxWait) {
     await new Promise((r) => setTimeout(r, pollInterval));
-    if (await isDaemonRunning()) {
-      return { pid: child.pid };
+    if (await isDaemonRunning(socket)) {
+      return { pid: child.pid, socketPath: socket, projectRoot };
     }
   }
 
@@ -195,3 +214,6 @@ export async function warmServers(serverName) {
     server: serverName,
   });
 }
+
+// Re-export for CLI use
+export { getCurrentDaemonPaths };

package/templates/skills/droid-mode/lib/util.mjs

@@ -3,6 +3,8 @@ import path from "node:path";
 import os from "node:os";
 import crypto from "node:crypto";
 
+const GLOBAL_ROOT_FALLBACK = path.join(os.homedir(), ".factory");
+
 /** @returns {string} */
 export function nowIsoCompact() {
   const d = new Date();
@@ -226,3 +228,311 @@ export function redactEnvForDisplay(envObj) {
   }
   return out;
 }
+
+/**
+ * Check if a directory is secure (owned by current user, not world/group writable).
+ * @param {string} dir
+ * @returns {boolean}
+ */
+function isSecureDir(dir) {
+  try {
+    const stat = fs.statSync(dir);
+    if (!stat.isDirectory()) return false;
+    
+    const uid = process.getuid?.();
+    if (uid !== undefined) {
+      // POSIX: check ownership and permissions
+      return stat.uid === uid && (stat.mode & 0o077) === 0;
+    }
+    // Non-POSIX: just check writable
+    fs.accessSync(dir, fs.constants.W_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Ensure a directory exists with secure permissions (0700).
+ * @param {string} dir
+ * @returns {boolean} true if dir is now usable
+ */
+function ensureSecureDir(dir) {
+  try {
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+      // Explicit chmod to override umask (mkdir mode is affected by umask)
+      fs.chmodSync(dir, 0o700);
+    }
+    // Verify or fix permissions
+    const stat = fs.statSync(dir);
+    if (!stat.isDirectory()) return false;
+    
+    const uid = process.getuid?.();
+    if (uid !== undefined && stat.uid === uid) {
+      // We own it, ensure perms are tight
+      if ((stat.mode & 0o077) !== 0) {
+        fs.chmodSync(dir, 0o700);
+      }
+      return true;
+    }
+    return isSecureDir(dir);
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Get the fallback runtime directory (~/.factory/run).
+ * @returns {string}
+ */
+function getFallbackRunDir() {
+  return path.join(os.homedir(), ".factory", "run");
+}
+
+/**
+ * Get all potential runtime directories to check for daemons.
+ * Returns fallback dir, XDG dir, and standard POSIX locations.
+ * @returns {string[]}
+ */
+export function getAllRunDirs() {
+  const dirs = new Set();
+  const fallback = getFallbackRunDir();
+  
+  // Always include fallback if it exists
+  if (fs.existsSync(fallback)) {
+    dirs.add(fallback);
+  }
+  
+  // Include XDG if set and different from fallback
+  const xdgDir = process.env.XDG_RUNTIME_DIR;
+  if (xdgDir && xdgDir !== fallback && fs.existsSync(xdgDir)) {
+    dirs.add(xdgDir);
+  }
+  
+  // Probe standard POSIX locations for daemons started in other sessions
+  const uid = process.getuid?.();
+  if (uid !== undefined) {
+    const posixDirs = [
+      `/run/user/${uid}`,
+      `/var/run/user/${uid}`,
+    ];
+    for (const dir of posixDirs) {
+      if (dir !== fallback && dir !== xdgDir && fs.existsSync(dir)) {
+        dirs.add(dir);
+      }
+    }
+  }
+  
+  return Array.from(dirs);
+}
+
+/**
+ * Get the runtime directory for daemon sockets and metadata.
+ * Prefers ~/.factory/run for consistency, falls back to XDG_RUNTIME_DIR if needed.
+ * @returns {string}
+ * @throws {Error} if no secure directory can be found
+ */
+export function getRunDir() {
+  // Prefer fallback dir for consistency across shell sessions
+  const fallback = getFallbackRunDir();
+  if (ensureSecureDir(fallback)) {
+    return fallback;
+  }
+  
+  // Fallback failed (read-only HOME, wrong owner, etc.) - try XDG
+  const xdgDir = process.env.XDG_RUNTIME_DIR;
+  if (xdgDir && ensureSecureDir(xdgDir)) {
+    return xdgDir;
+  }
+  
+  // Try standard POSIX locations
+  const uid = process.getuid?.();
+  if (uid !== undefined) {
+    for (const dir of [`/run/user/${uid}`, `/var/run/user/${uid}`]) {
+      if (ensureSecureDir(dir)) {
+        return dir;
+      }
+    }
+  }
+  
+  throw new Error(
+    `Cannot find secure daemon directory. Tried:\n` +
+    `  - ${fallback} (primary)\n` +
+    `  - ${xdgDir || '(XDG_RUNTIME_DIR not set)'}\n` +
+    `Ensure one of these directories exists with mode 0700 and is owned by you.`
+  );
+}
+
+/**
+ * List all daemon metadata files across all potential run directories.
+ * Scans: ~/.factory/run, XDG_RUNTIME_DIR (if exists), and DM_DAEMON_SOCKET override.
+ * 
+ * Note: The 'alive' check uses PID existence + socket file presence. This is a fast
+ * heuristic that covers 99% of cases. For absolute certainty, callers should ping
+ * the socket via daemon_client.isDaemonRunning(). We don't do socket ping here to
+ * avoid circular dependencies and keep the listing fast.
+ * 
+ * @returns {Array<{ metaPath: string, socketPath: string, projectPath: string|null, pid: number, token: string, startedAt: string, version: string, alive: boolean, stale: boolean, isOverride?: boolean }>}
+ */
+export function listAllDaemons() {
+  const results = [];
+  const seenMeta = new Set();
+  
+  // Helper to add a daemon from metadata
+  function addDaemonFromMeta(metaPath, isOverride = false) {
+    if (seenMeta.has(metaPath)) return;
+    seenMeta.add(metaPath);
+    
+    try {
+      const content = fs.readFileSync(metaPath, "utf-8");
+      const meta = JSON.parse(content);
+      
+      // Check if daemon is alive: both PID must exist AND socket file must exist
+      // PID-only check is unreliable due to PID reuse after daemon exit
+      let alive = false;
+      let stale = false;
+      const socketExists = meta.socketPath && fs.existsSync(meta.socketPath);
+      
+      if (meta.pid && socketExists) {
+        try {
+          process.kill(meta.pid, 0); // Signal 0 = existence check
+          alive = true;
+        } catch {
+          // PID doesn't exist but socket file does = stale
+          stale = true;
+        }
+      } else if (meta.pid && !socketExists) {
+        // PID may exist but socket is gone = stale metadata
+        stale = true;
+      }
+      
+      results.push({
+        metaPath,
+        socketPath: meta.socketPath,
+        projectPath: meta.projectPath,
+        pid: meta.pid,
+        token: meta.token,
+        startedAt: meta.startedAt,
+        version: meta.version,
+        alive,
+        stale,
+        isOverride,
+      });
+    } catch {
+      // Skip malformed metadata files
+    }
+  }
+  
+  // Scan a directory for daemon metadata files
+  function scanDir(dir) {
+    try {
+      const files = fs.readdirSync(dir);
+      for (const file of files) {
+        if (!file.startsWith("dm-daemon-") || !file.endsWith(".json")) continue;
+        addDaemonFromMeta(path.join(dir, file), false);
+      }
+    } catch {
+      // Dir doesn't exist or not readable
+    }
+  }
+  
+  // Scan all potential run directories
+  const allDirs = getAllRunDirs();
+  for (const dir of allDirs) {
+    scanDir(dir);
+  }
+  
+  // Also scan the current run dir (in case it's new and not in allDirs yet)
+  scanDir(getRunDir());
+  
+  // Also check for override daemon if DM_DAEMON_SOCKET is set
+  if (process.env.DM_DAEMON_SOCKET) {
+    // Resolve to absolute path (same logic as getDaemonPaths)
+    const socket = path.resolve(process.env.DM_DAEMON_SOCKET);
+    let metaPath = process.env.DM_META_PATH 
+      ? path.resolve(process.env.DM_META_PATH)
+      : null;
+    if (!metaPath) {
+      metaPath = socket.endsWith(".sock") 
+        ? socket.replace(/\.sock$/, ".json")
+        : socket + ".meta.json";
+    }
+    if (fs.existsSync(metaPath)) {
+      addDaemonFromMeta(metaPath, true);
+    }
+  }
+  
+  return results;
+}
+
+/**
+ * Get daemon socket and metadata file paths for a project.
+ * Uses hash of UID + canonical project path for multi-user isolation.
+ * 
+ * @param {string|null} projectRoot - Project root path, or null for global daemon
+ * @returns {{ socket: string, meta: string, isOverride: boolean }}
+ */
+export function getDaemonPaths(projectRoot) {
+  // Backwards compat: respect explicit socket/meta override
+  if (process.env.DM_DAEMON_SOCKET) {
+    // Always resolve to absolute path to avoid cwd-dependent behavior
+    const socket = path.resolve(process.env.DM_DAEMON_SOCKET);
+    // Derive meta path: use DM_META_PATH if set, otherwise append .meta.json
+    let meta = process.env.DM_META_PATH 
+      ? path.resolve(process.env.DM_META_PATH)
+      : null;
+    if (!meta) {
+      if (socket.endsWith(".sock")) {
+        meta = socket.replace(/\.sock$/, ".json");
+      } else {
+        meta = socket + ".meta.json";
+      }
+    }
+    // Sanity check: meta path must differ from socket path
+    if (meta === socket) {
+      meta = socket + ".meta.json";
+    }
+    return { socket, meta, isOverride: true };
+  }
+  
+  // Use global fallback when no project root
+  const root = projectRoot || GLOBAL_ROOT_FALLBACK;
+  
+  // Canonicalize to resolve symlinks - ensures same physical project = same hash
+  // Handle ENOENT gracefully (common for global fallback on fresh install)
+  let canonical;
+  try {
+    // First ensure parent dirs exist for global fallback case
+    if (root === GLOBAL_ROOT_FALLBACK) {
+      fs.mkdirSync(root, { recursive: true, mode: 0o700 });
+    }
+    canonical = fs.realpathSync.native(root);
+  } catch (err) {
+    // Fallback: canonicalize existing ancestor + resolve remaining path
+    if (err.code === "ENOENT") {
+      const parent = path.dirname(root);
+      const base = path.basename(root);
+      try {
+        canonical = path.join(fs.realpathSync.native(parent), base);
+      } catch {
+        canonical = path.resolve(root);
+      }
+    } else {
+      canonical = path.resolve(root);
+    }
+  }
+  
+  // Include UID for multi-user isolation on shared systems
+  // On Windows (no getuid), use homedir hash for stable per-user isolation
+  const uid = process.getuid?.() ?? sha256Hex(os.homedir()).slice(0, 8);
+  const hashInput = `${uid}:${canonical}`;
+  const hash = sha256Hex(hashInput).slice(0, 16);
+  
+  const dir = getRunDir();
+  return {
+    socket: path.join(dir, `dm-daemon-${hash}.sock`),
+    meta: path.join(dir, `dm-daemon-${hash}.json`),
+    isOverride: false,
+  };
+}