dsclaw 0.1.3 → 0.1.5

package/dist/cli/index.js

@@ -1,24 +1,12 @@
 #!/usr/bin/env node
-
-// src/cli/index.ts
-import { Command } from "commander";
-
-// src/cli/init.ts
-import inquirer from "inquirer";
-
-// src/gateway/config.ts
-import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
-import { join } from "path";
-import { homedir } from "os";
-import { z } from "zod";
-
-// src/shared/logger.ts
-import pino from "pino";
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
 
 // src/shared/tracer.ts
 import { AsyncLocalStorage } from "async_hooks";
 import { nanoid } from "nanoid";
-var storage = new AsyncLocalStorage();
 function runWithTrace(ctx, fn) {
   const traceId = ctx.traceId ?? nanoid(12);
   return storage.run({ traceId, ...ctx }, fn);
@@ -29,26 +17,52 @@ function getTraceContext() {
 function getTraceId() {
   return getTraceContext().traceId;
 }
-
-// src/shared/logger.ts
-var rootLogger = pino({
-  level: process.env["LOG_LEVEL"] ?? "info",
-  transport: process.env["NODE_ENV"] !== "production" ? { target: "pino-pretty", options: { colorize: true } } : void 0,
-  mixin() {
-    const ctx = getTraceContext();
-    return {
-      traceId: ctx.traceId,
-      ...ctx.userId ? { userId: ctx.userId } : {},
-      ...ctx.channelId ? { channelId: ctx.channelId } : {},
-      ...ctx.agentId ? { agentId: ctx.agentId } : {}
-    };
+var storage;
+var init_tracer = __esm({
+  "src/shared/tracer.ts"() {
+    "use strict";
+    storage = new AsyncLocalStorage();
   }
 });
+
+// src/shared/logger.ts
+import pino from "pino";
 function createLogger(module) {
   return rootLogger.child({ module });
 }
+var rootLogger;
+var init_logger = __esm({
+  "src/shared/logger.ts"() {
+    "use strict";
+    init_tracer();
+    rootLogger = pino({
+      level: process.env["LOG_LEVEL"] ?? "info",
+      transport: process.env["NODE_ENV"] !== "production" ? { target: "pino-pretty", options: { colorize: true } } : void 0,
+      mixin() {
+        const ctx = getTraceContext();
+        return {
+          traceId: ctx.traceId,
+          ...ctx.userId ? { userId: ctx.userId } : {},
+          ...ctx.channelId ? { channelId: ctx.channelId } : {},
+          ...ctx.agentId ? { agentId: ctx.agentId } : {}
+        };
+      }
+    });
+  }
+});
+
+// src/cli/index.ts
+import { Command } from "commander";
+
+// src/cli/init.ts
+import inquirer from "inquirer";
 
 // src/gateway/config.ts
+init_logger();
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { z } from "zod";
 var log = createLogger("config");
 var CONFIG_DIR = join(homedir(), ".dsclaw");
 var CONFIG_PATH = join(CONFIG_DIR, "config.json");
@@ -150,20 +164,49 @@ import {
 } from "fs";
 import { join as join2 } from "path";
 import { hostname, userInfo } from "os";
+init_logger();
 var log2 = createLogger("user-session");
 var ALG = "aes-256-gcm";
 var IV_LEN = 12;
 var TAG_LEN = 16;
 var KEY_SEED = "dsclaw-v1";
 var SESSIONS_DIR = join2(CONFIG_DIR, "sessions");
-function deriveKey() {
+var SALT_FILE = join2(CONFIG_DIR, ".salt");
+function getOrCreateSalt() {
+  try {
+    if (existsSync2(SALT_FILE)) {
+      return readFileSync2(SALT_FILE, "utf-8").trim();
+    }
+  } catch {
+  }
+  const salt = randomBytes(32).toString("hex");
+  try {
+    mkdirSync2(CONFIG_DIR, { recursive: true });
+    writeFileSync2(SALT_FILE, salt, { mode: 384 });
+  } catch (err) {
+    log2.warn({ err }, "Failed to persist salt file");
+  }
+  return salt;
+}
+var cachedSalt = null;
+function getSalt() {
+  if (!cachedSalt) cachedSalt = getOrCreateSalt();
+  return cachedSalt;
+}
+function deriveKeyBase(extra) {
   let user = "";
   try {
     user = userInfo().username;
   } catch {
     user = process.env["USER"] ?? process.env["USERNAME"] ?? "default";
   }
-  return createHash("sha256").update(`${KEY_SEED}:${hostname()}:${user}`).digest();
+  return createHash("sha256").update(`${KEY_SEED}:${hostname()}:${user}${extra}`).digest();
+}
+function deriveKey() {
+  return deriveKeyBase(`:${getSalt()}`);
+}
+function deriveKeyLegacy() {
+  return deriveKeyBase("");
 }
 function encrypt(data) {
   const key = deriveKey();
@@ -173,9 +216,8 @@ function encrypt(data) {
   const tag = cipher.getAuthTag();
   return Buffer.concat([iv, tag, ct]).toString("base64");
 }
-function decrypt(encoded) {
+function decryptWithKey(encoded, key) {
   try {
-    const key = deriveKey();
     const buf = Buffer.from(encoded, "base64");
     if (buf.length < IV_LEN + TAG_LEN + 1) return null;
     const iv = buf.subarray(0, IV_LEN);
@@ -183,9 +225,7 @@ function decrypt(encoded) {
     const ct = buf.subarray(IV_LEN + TAG_LEN);
     const decipher = createDecipheriv(ALG, key, iv, { authTagLength: TAG_LEN });
     decipher.setAuthTag(tag);
-    return Buffer.concat([decipher.update(ct), decipher.final()]).toString(
-      "utf8"
-    );
+    return Buffer.concat([decipher.update(ct), decipher.final()]).toString("utf8");
   } catch {
     return null;
   }
@@ -206,12 +246,22 @@ function loadSession(userId) {
   }
   try {
     const encrypted = readFileSync2(p, "utf-8").trim();
-    const json = decrypt(encrypted);
+    let json = decryptWithKey(encrypted, deriveKey());
+    let needsMigration = false;
+    if (!json) {
+      json = decryptWithKey(encrypted, deriveKeyLegacy());
+      needsMigration = !!json;
+    }
     if (!json) {
       log2.warn({ userId }, "Failed to decrypt session \u2014 starting fresh");
       return { state: "new" };
     }
-    return JSON.parse(json);
+    const session = JSON.parse(json);
+    if (needsMigration) {
+      log2.info({ userId }, "Migrating session to salted key");
+      saveSession(userId, session);
+    }
+    return session;
   } catch {
     return { state: "new" };
   }
@@ -228,6 +278,7 @@ function isOnboarding(state) {
 }
 
 // src/dsers/auth.ts
+init_logger();
 import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync3, existsSync as existsSync3, chmodSync } from "fs";
 import { dirname } from "path";
 
@@ -353,6 +404,60 @@ var DSersAuth = class {
     this.fetchedAt = 0;
     log3.debug("Session invalidated");
   }
+  /** Fast session validity check — calls DSers account info endpoint. */
+  async checkHealth() {
+    if (!this.sessionId) {
+      return { valid: false, reason: "\u672A\u6388\u6743\uFF08\u65E0 session\uFF09" };
+    }
+    if (Date.now() - this.fetchedAt > SESSION_TTL) {
+      return { valid: false, reason: "session \u5DF2\u8FC7\u671F\uFF08\u8D85\u8FC7 6 \u5C0F\u65F6\uFF09" };
+    }
+    try {
+      const resp = await fetch(
+        `${this.config.baseUrl}/account-user-bff/v1/users/current`,
+        {
+          headers: {
+            Cookie: `sessionid=${this.sessionId}; djdt=hide; state=${this.state}`
+          }
+        }
+      );
+      if (resp.status === 401 || resp.status === 403) {
+        this.invalidate();
+        return { valid: false, reason: `DSers \u8FD4\u56DE ${resp.status}\uFF08token \u5931\u6548\uFF09\uFF0C\u8BF7\u91CD\u65B0\u6388\u6743` };
+      }
+      if (!resp.ok) {
+        return { valid: false, reason: `DSers \u670D\u52A1\u5F02\u5E38\uFF08HTTP ${resp.status}\uFF09` };
+      }
+      return { valid: true };
+    } catch (err) {
+      const reason = err instanceof Error ? err.message : "unknown";
+      return { valid: false, reason: `\u7F51\u7EDC\u9519\u8BEF\uFF08${reason}\uFF09\uFF0C\u8BF7\u68C0\u67E5\u7F51\u7EDC\u8FDE\u63A5` };
+    }
+  }
+  /**
+   * Attempt session renewal for session-only users (no email/password).
+   * Returns success if the session is still valid; fails with guidance otherwise.
+   */
+  async tryRenew() {
+    const health = await this.checkHealth();
+    if (health.valid) {
+      this.fetchedAt = Date.now();
+      return { renewed: true };
+    }
+    if (this.config.email && this.config.password) {
+      try {
+        await this.login();
+        return { renewed: true };
+      } catch (err) {
+        const reason = err instanceof Error ? err.message : "\u767B\u5F55\u5931\u8D25";
+        return { renewed: false, reason };
+      }
+    }
+    return {
+      renewed: false,
+      reason: `${health.reason}\u3002\u5F53\u524D\u4E3A session \u6A21\u5F0F\uFF0C\u9700\u8981\u901A\u8FC7\u6D4F\u89C8\u5668\u91CD\u65B0\u6388\u6743\u3002`
+    };
+  }
   readCache() {
     try {
       const p = this.config.sessionFile;
@@ -385,6 +490,10 @@ var DSersAuth = class {
   }
 };
 
+// src/dsers/client.ts
+init_logger();
+init_tracer();
+
 // src/shared/utils.ts
 import { createHash as createHash2 } from "crypto";
 function sleep(ms) {
@@ -400,6 +509,7 @@ function parseRetryAfter(value) {
 }
 
 // src/resilience/rate-limiter.ts
+init_logger();
 import pLimit from "p-limit";
 var log4 = createLogger("rate-limiter");
 var DEFAULT_OUTBOUND_LIMITS = {
@@ -417,20 +527,40 @@ function getOutboundLimiter(service, customLimits) {
   }
   return outboundLimiters.get(service);
 }
-var userQueues = /* @__PURE__ */ new Map();
+var userLocks = /* @__PURE__ */ new Map();
+var lockVersion = 0;
 var debounceTimers = /* @__PURE__ */ new Map();
-async function acquireUserLock(userId) {
-  while (userQueues.has(userId)) {
-    await userQueues.get(userId);
-  }
-  let release;
-  const lock = new Promise((resolve) => {
-    release = () => {
-      userQueues.delete(userId);
-      resolve();
-    };
+async function acquireUserLock(userId, timeoutMs = 18e4) {
+  const deadline = Date.now() + timeoutMs;
+  while (userLocks.has(userId)) {
+    const remaining = deadline - Date.now();
+    if (remaining <= 0) {
+      log4.warn({ userId }, "User lock wait timed out \u2014 forcing entry");
+      const stale = userLocks.get(userId);
+      if (stale) {
+        stale.resolve();
+      }
+      userLocks.delete(userId);
+      break;
+    }
+    await Promise.race([
+      userLocks.get(userId).promise,
+      new Promise((r) => setTimeout(r, remaining))
+    ]);
+  }
+  const myVersion = ++lockVersion;
+  let resolve;
+  const promise = new Promise((r) => {
+    resolve = r;
   });
-  userQueues.set(userId, lock);
+  userLocks.set(userId, { promise, resolve, version: myVersion });
+  const release = () => {
+    const current = userLocks.get(userId);
+    if (current && current.version === myVersion) {
+      userLocks.delete(userId);
+      resolve();
+    }
+  };
   return release;
 }
 function debounceUser(userId, delayMs = 500) {
@@ -450,7 +580,7 @@ var inboundWindows = /* @__PURE__ */ new Map();
 function checkInboundLimit(sourceId, maxRequests = 30, windowMs = 6e4) {
   const now = Date.now();
   const entry = inboundWindows.get(sourceId) ?? { timestamps: [] };
-  entry.timestamps = entry.timestamps.filter((t) => now - t < windowMs);
+  entry.timestamps = entry.timestamps.filter((t2) => now - t2 < windowMs);
   if (entry.timestamps.length >= maxRequests) {
     log4.warn({ sourceId, count: entry.timestamps.length }, "Inbound rate limit hit");
     return false;
@@ -566,7 +696,298 @@ function createDSersConfig(email, password, baseUrl) {
   };
 }
 
+// src/dsers/browser-auth.ts
+import { spawn } from "child_process";
+import { mkdtempSync, rmSync } from "fs";
+import { join as join4 } from "path";
+import { tmpdir } from "os";
+import { WebSocket } from "ws";
+
+// src/dsers/browser-finder.ts
+import { existsSync as existsSync4 } from "fs";
+var CANDIDATES = [
+  {
+    name: "Google Chrome",
+    paths: {
+      darwin: ["/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"],
+      win32: [
+        `${process.env["PROGRAMFILES"]}\\Google\\Chrome\\Application\\chrome.exe`,
+        `${process.env["PROGRAMFILES(X86)"]}\\Google\\Chrome\\Application\\chrome.exe`,
+        `${process.env["LOCALAPPDATA"]}\\Google\\Chrome\\Application\\chrome.exe`
+      ],
+      linux: ["/usr/bin/google-chrome", "/usr/bin/google-chrome-stable"]
+    }
+  },
+  {
+    name: "Microsoft Edge",
+    paths: {
+      darwin: ["/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge"],
+      win32: [
+        `${process.env["PROGRAMFILES(X86)"]}\\Microsoft\\Edge\\Application\\msedge.exe`,
+        `${process.env["PROGRAMFILES"]}\\Microsoft\\Edge\\Application\\msedge.exe`
+      ],
+      linux: ["/usr/bin/microsoft-edge", "/usr/bin/microsoft-edge-stable"]
+    }
+  },
+  {
+    name: "Brave",
+    paths: {
+      darwin: ["/Applications/Brave Browser.app/Contents/MacOS/Brave Browser"],
+      win32: [
+        `${process.env["PROGRAMFILES"]}\\BraveSoftware\\Brave-Browser\\Application\\brave.exe`,
+        `${process.env["LOCALAPPDATA"]}\\BraveSoftware\\Brave-Browser\\Application\\brave.exe`
+      ],
+      linux: ["/usr/bin/brave-browser"]
+    }
+  },
+  {
+    name: "Arc",
+    paths: {
+      darwin: ["/Applications/Arc.app/Contents/MacOS/Arc"]
+    }
+  },
+  {
+    name: "Chromium",
+    paths: {
+      darwin: ["/Applications/Chromium.app/Contents/MacOS/Chromium"],
+      linux: ["/usr/bin/chromium", "/usr/bin/chromium-browser"]
+    }
+  },
+  {
+    name: "Opera",
+    paths: {
+      darwin: ["/Applications/Opera.app/Contents/MacOS/Opera"],
+      win32: [
+        `${process.env["LOCALAPPDATA"]}\\Programs\\Opera\\opera.exe`
+      ],
+      linux: ["/usr/bin/opera"]
+    }
+  },
+  {
+    name: "Vivaldi",
+    paths: {
+      darwin: ["/Applications/Vivaldi.app/Contents/MacOS/Vivaldi"],
+      win32: [
+        `${process.env["LOCALAPPDATA"]}\\Vivaldi\\Application\\vivaldi.exe`
+      ],
+      linux: ["/usr/bin/vivaldi"]
+    }
+  }
+];
+function findChromium() {
+  const platform = process.platform;
+  for (const candidate of CANDIDATES) {
+    const platformPaths = candidate.paths[platform];
+    if (!platformPaths) continue;
+    for (const p of platformPaths) {
+      if (existsSync4(p)) {
+        return { name: candidate.name, executablePath: p };
+      }
+    }
+  }
+  return null;
+}
+
+// src/dsers/browser-auth.ts
+init_logger();
+var log6 = createLogger("dsers:browser-auth");
+var DSERS_LOGIN_URL = "https://accounts.dsers.com/accounts/login";
+var LOGIN_API_PATTERN = "/account-user-bff/v1/users/login";
+var TIMEOUT = 18e4;
+var activeProcess = null;
+var activeTmpDir = null;
+function isAuthInProgress() {
+  return activeProcess !== null && !activeProcess.killed;
+}
+function cancelAuth() {
+  cleanup();
+}
+function cleanup() {
+  if (activeProcess && !activeProcess.killed) {
+    try {
+      activeProcess.kill();
+    } catch {
+    }
+  }
+  activeProcess = null;
+  if (activeTmpDir) {
+    try {
+      rmSync(activeTmpDir, { recursive: true, force: true });
+    } catch {
+    }
+    activeTmpDir = null;
+  }
+}
+function parseWsUrl(stderrChunk) {
+  const match = stderrChunk.match(/DevTools listening on (ws:\/\/[^\s]+)/);
+  return match?.[1] ?? null;
+}
+function launchBrowser() {
+  const browser = findChromium();
+  if (!browser) {
+    throw new Error("No Chromium-based browser found. Please install Chrome, Edge, or Brave.");
+  }
+  const tmpDir = mkdtempSync(join4(tmpdir(), "dsclaw-auth-"));
+  activeTmpDir = tmpDir;
+  log6.info({ browser: browser.name }, "Launching browser for DSers auth");
+  const proc = spawn(browser.executablePath, [
+    `--app=${DSERS_LOGIN_URL}`,
+    "--remote-debugging-port=0",
+    `--user-data-dir=${tmpDir}`,
+    "--no-first-run",
+    "--no-default-browser-check",
+    "--disable-extensions",
+    "--mute-audio",
+    "--window-size=480,700"
+  ], {
+    stdio: ["ignore", "ignore", "pipe"],
+    detached: false
+  });
+  activeProcess = proc;
+  const wsUrlPromise = new Promise((resolve, reject) => {
+    let stderr = "";
+    const timer = setTimeout(() => {
+      reject(new Error("Timed out waiting for Chrome DevTools"));
+    }, 15e3);
+    proc.stderr.on("data", (chunk) => {
+      stderr += chunk.toString();
+      const url = parseWsUrl(stderr);
+      if (url) {
+        clearTimeout(timer);
+        resolve(url);
+      }
+    });
+    proc.on("error", (err) => {
+      clearTimeout(timer);
+      reject(err);
+    });
+    proc.on("exit", () => {
+      clearTimeout(timer);
+      reject(new Error("Browser exited before DevTools was ready"));
+    });
+  });
+  return { proc, wsUrlPromise };
+}
+function watchLoginResponse(wsUrl) {
+  return new Promise((resolve, reject) => {
+    const ws = new WebSocket(wsUrl);
+    let msgId = 1;
+    let timeoutTimer = null;
+    let settled = false;
+    const pending = /* @__PURE__ */ new Map();
+    const requestMap = /* @__PURE__ */ new Map();
+    function cdpSend(method, params = {}) {
+      return new Promise((res) => {
+        const id = msgId++;
+        pending.set(id, res);
+        ws.send(JSON.stringify({ id, method, params }));
+      });
+    }
+    function finish(result, err) {
+      if (settled) return;
+      settled = true;
+      if (timeoutTimer) clearTimeout(timeoutTimer);
+      try {
+        ws.close();
+      } catch {
+      }
+      if (result) resolve(result);
+      else reject(err ?? new Error("Unknown error"));
+    }
+    ws.on("open", async () => {
+      log6.info("CDP connected, intercepting login API responses");
+      await cdpSend("Network.enable");
+      timeoutTimer = setTimeout(() => {
+        finish(void 0, new Error("Login timed out (3 minutes). Please try again."));
+        cleanup();
+      }, TIMEOUT);
+    });
+    ws.on("message", async (raw) => {
+      try {
+        const msg = JSON.parse(raw.toString());
+        if (msg.id && pending.has(msg.id)) {
+          pending.get(msg.id)(msg.result);
+          pending.delete(msg.id);
+          return;
+        }
+        if (msg.method === "Network.requestWillBeSent") {
+          const p = msg.params;
+          if (p.request.url.includes(LOGIN_API_PATTERN) && p.request.method === "POST") {
+            requestMap.set(p.requestId, p.request.url);
+            log6.info("Detected DSers login request");
+          }
+          return;
+        }
+        if (msg.method === "Network.responseReceived") {
+          const p = msg.params;
+          if (!requestMap.has(p.requestId)) return;
+          log6.info({ status: p.response.status }, "DSers login response received");
+          if (p.response.status !== 200) {
+            log6.warn("Login response was not 200, waiting for retry...");
+            requestMap.delete(p.requestId);
+            return;
+          }
+          await new Promise((r) => setTimeout(r, 500));
+          try {
+            const bodyResp = await cdpSend("Network.getResponseBody", {
+              requestId: p.requestId
+            });
+            const body = bodyResp.base64Encoded ? Buffer.from(bodyResp.body, "base64").toString() : bodyResp.body;
+            const data = JSON.parse(body);
+            const sessionId = data?.data?.sessionId;
+            const state = data?.data?.state ?? "";
+            if (sessionId) {
+              log6.info("DSers session captured from login API response");
+              finish({ sessionId, state });
+            } else {
+              log6.warn({ responseData: body.slice(0, 300) }, "Login response missing sessionId");
+            }
+          } catch (e) {
+            log6.warn({ error: e instanceof Error ? e.message : String(e) }, "Failed to read login response body");
+          }
+          requestMap.delete(p.requestId);
+        }
+      } catch {
+      }
+    });
+    ws.on("error", () => {
+      finish(void 0, new Error("CDP connection lost"));
+    });
+    ws.on("close", () => {
+      finish(void 0, new Error("Browser was closed before login completed"));
+    });
+  });
+}
+async function loginViaCDP() {
+  if (isAuthInProgress()) {
+    throw new Error("Auth already in progress");
+  }
+  try {
+    const { proc, wsUrlPromise } = launchBrowser();
+    proc.on("exit", () => {
+      activeProcess = null;
+    });
+    const wsUrl = await wsUrlPromise;
+    log6.info({ wsUrl }, "DevTools endpoint acquired");
+    const httpUrl = wsUrl.replace("ws://", "http://").replace(/\/devtools\/browser\/.*/, "/json");
+    const resp = await fetch(httpUrl);
+    const tabs = await resp.json();
+    const dsersTab = tabs.find((t2) => t2.url.includes("dsers.com")) ?? tabs[0];
+    if (!dsersTab?.webSocketDebuggerUrl) {
+      throw new Error("Could not find browser tab");
+    }
+    log6.info({ tabUrl: dsersTab.url }, "Watching tab for login API response");
+    const result = await watchLoginResponse(dsersTab.webSocketDebuggerUrl);
+    cleanup();
+    return result;
+  } catch (error) {
+    cleanup();
+    throw error;
+  }
+}
+
 // src/agents/core-agent.ts
+init_logger();
 import { generateText, streamText, tool as aiTool, stepCountIs } from "ai";
 import { createOpenAI } from "@ai-sdk/openai";
 import { createAnthropic } from "@ai-sdk/anthropic";
@@ -574,11 +995,12 @@ import { createGoogleGenerativeAI } from "@ai-sdk/google";
 import { z as z2 } from "zod";
 
 // src/shared/audit.ts
-import { appendFileSync, mkdirSync as mkdirSync4, existsSync as existsSync4 } from "fs";
-import { join as join4 } from "path";
-var AUDIT_DIR = join4(CONFIG_DIR, "audit");
+import { appendFileSync, mkdirSync as mkdirSync4, existsSync as existsSync5 } from "fs";
+import { join as join5 } from "path";
+init_tracer();
+var AUDIT_DIR = join5(CONFIG_DIR, "audit");
 function ensureAuditDir() {
-  if (!existsSync4(AUDIT_DIR)) {
+  if (!existsSync5(AUDIT_DIR)) {
     mkdirSync4(AUDIT_DIR, { recursive: true });
   }
 }
@@ -590,7 +1012,7 @@ function writeAuditLog(entry) {
     traceId: getTraceId()
   };
   const date = full.timestamp.slice(0, 10);
-  const file = join4(AUDIT_DIR, `${date}.jsonl`);
+  const file = join5(AUDIT_DIR, `${date}.jsonl`);
   try {
     appendFileSync(file, JSON.stringify(full) + "\n");
   } catch {
@@ -602,49 +1024,195 @@ async function getImportList(client, params) {
   const filtered = params ? Object.fromEntries(Object.entries(params).filter(([, v]) => v != null)) : {};
   return client.get("/dsers-product-bff/import-list", filtered);
 }
-async function importByProductId(client, body) {
-  return client.post("/dsers-product-bff/import-list/product-id", body);
-}
-async function pushToStore(client, payload) {
-  return client.post("/dsers-product-bff/import-list/push", {
-    data: payload
-  });
+async function getImportListItem(client, id) {
+  return client.get(`/dsers-product-bff/import-list/${id}`);
 }
 async function getMyProducts(client, params) {
   return client.get("/dsers-product-bff/my-product", params);
 }
 
-// src/dsers/account.ts
-async function listStores(client) {
-  return client.post("/account-user-bff/v1/stores/user/list");
+// src/agents/core-agent.ts
+import { configFromToken } from "@lofder/dsers-mcp-product/dist/dsers/config.js";
+import { buildProvider } from "@lofder/dsers-mcp-product/dist/provider.js";
+import { ImportFlowService } from "@lofder/dsers-mcp-product/dist/service.js";
+import { MemoryJobStore } from "@lofder/dsers-mcp-product/dist/job-store-memory.js";
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, mkdirSync as mkdirSync5, renameSync, existsSync as existsSync6 } from "fs";
+import { join as join6 } from "path";
+import { homedir as homedir2 } from "os";
+var log7 = createLogger("agent:core");
+var JOB_ID_MAP_DIR = join6(homedir2(), ".dsclaw");
+var JOB_ID_MAP_FILE = join6(JOB_ID_MAP_DIR, "job-id-map.json");
+var JOB_ID_TTL_MS = 7 * 24 * 60 * 60 * 1e3;
+function loadJobIdMap() {
+  const map = /* @__PURE__ */ new Map();
+  try {
+    if (!existsSync6(JOB_ID_MAP_FILE)) return map;
+    const raw = JSON.parse(readFileSync4(JOB_ID_MAP_FILE, "utf-8"));
+    const now = Date.now();
+    for (const [short, entry] of Object.entries(raw)) {
+      if (now - entry.ts < JOB_ID_TTL_MS) {
+        map.set(short, entry.full);
+      }
+    }
+  } catch (err) {
+    log7.warn({ err }, "Failed to load job ID map from disk");
+  }
+  return map;
 }
-async function getUserInfo(client) {
-  return client.get("/account-user-bff/v1/users/info");
+function persistJobIdMap(map) {
+  try {
+    mkdirSync5(JOB_ID_MAP_DIR, { recursive: true });
+    const obj = {};
+    const now = Date.now();
+    for (const [short, full] of map) {
+      obj[short] = { full, ts: now };
+    }
+    const tmp = JOB_ID_MAP_FILE + ".tmp";
+    writeFileSync4(tmp, JSON.stringify(obj));
+    renameSync(tmp, JOB_ID_MAP_FILE);
+  } catch (err) {
+    log7.warn({ err }, "Failed to persist job ID map");
+  }
 }
-
-// src/dsers/settings.ts
-async function getGlobalSettings(client) {
-  return client.get("/infra-setting-bff/setting/list");
+function normalizeBaseUrl(url) {
+  if (!url) return void 0;
+  let u = url.trim();
+  if (!/^https?:\/\//i.test(u)) u = `https://${u}`;
+  u = u.replace(/\/+$/, "");
+  if (!/\/v\d/.test(u)) u += "/v1";
+  return u;
 }
-async function getPricingRules(client, storeId) {
-  return client.get("/dsers-settings-bff/product/pricing-rule", { storeId });
+function withTimeout(promise, ms, label) {
+  return Promise.race([
+    promise,
+    new Promise((_, reject) => {
+      const id = setTimeout(() => reject(new Error(`${label} timed out after ${Math.round(ms / 1e3)}s`)), ms);
+      if (typeof id === "object" && "unref" in id) id.unref();
+    })
+  ]);
 }
-async function getCurrentPlan(client) {
-  return client.get("/dsers-plan-bff/plan");
+function withToolAwareTimeout(promise, baseMs, isToolActive, label) {
+  let timerId = null;
+  const cleanup2 = () => {
+    if (timerId !== null) {
+      clearTimeout(timerId);
+      timerId = null;
+    }
+  };
+  const timeoutPromise = new Promise((_, reject) => {
+    let deadline = Date.now() + baseMs;
+    const tick = () => {
+      if (isToolActive()) {
+        deadline = Date.now() + baseMs;
+        timerId = setTimeout(tick, 1e4);
+      } else if (Date.now() >= deadline) {
+        reject(new Error(`${label} timed out after ${Math.round(baseMs / 1e3)}s`));
+      } else {
+        timerId = setTimeout(tick, Math.min(deadline - Date.now(), 1e4));
+      }
+    };
+    timerId = setTimeout(tick, baseMs);
+  });
+  return Promise.race([promise.finally(cleanup2), timeoutPromise]);
+}
+var MCP_DROP_KEYS = /* @__PURE__ */ new Set([
+  "image_urls",
+  "description_html_snippet",
+  "effective_rules_snapshot",
+  "requested_rules",
+  "original_draft",
+  "resolved_source_url",
+  "resolver_mode",
+  "tags_before",
+  "tags_after"
+]);
+function compactToolResult(result, jobIdMap) {
+  if (!result || typeof result !== "object") return result;
+  const isMcpPreview = "job_id" in result && ("title_after" in result || "status" in result);
+  if (isMcpPreview) {
+    const out2 = {};
+    for (const [k, v] of Object.entries(result)) {
+      if (MCP_DROP_KEYS.has(k)) continue;
+      out2[k] = v;
+    }
+    if (out2.job_id && typeof out2.job_id === "string") {
+      const dotIdx = out2.job_id.indexOf(".");
+      if (dotIdx > 0) {
+        const short = out2.job_id.slice(0, dotIdx);
+        if (jobIdMap) jobIdMap.set(short, out2.job_id);
+        out2.job_id = short;
+      }
+    }
+    if (out2.skus && Array.isArray(out2.skus) && out2.skus.length > 1) {
+      const [header, ...rows] = out2.skus;
+      out2.variant_summary = rows.slice(0, 5).map((row) => {
+        const obj = {};
+        header.forEach((key, i) => {
+          obj[key] = row[i];
+        });
+        return obj;
+      });
+      if (rows.length > 5) {
+        out2.variant_summary_note = `Showing 5 of ${rows.length} variants`;
+      }
+      delete out2.skus;
+    }
+    if (out2.title_after) {
+      out2._title_modified = true;
+      out2._display_title = out2.title_after;
+    }
+    if (out2.desc_changed) {
+      out2._description_modified = true;
+    }
+    if (out2.warnings?.length > 5) out2.warnings = out2.warnings.slice(0, 5);
+    if (out2.stores) {
+      out2.stores = out2.stores.map((s) => ({
+        store_ref: s.store_ref,
+        display_name: s.display_name,
+        platform: s.platform
+      }));
+    }
+    if (out2.account_info) {
+      const ai = out2.account_info;
+      out2.account_info = { plan: ai.plan, limits: ai.limits, aliexpress_auth: ai.aliexpress_auth };
+    }
+    return out2;
+  }
+  const json = JSON.stringify(result);
+  if (json.length <= 4e3) return result;
+  const out = {};
+  for (const [k, v] of Object.entries(result)) {
+    if (MCP_DROP_KEYS.has(k)) continue;
+    if (Array.isArray(v) && v.length > 20) {
+      out[k] = v.slice(0, 20);
+      out[`_${k}_truncated`] = `${v.length} total, showing first 20`;
+    } else {
+      out[k] = v;
+    }
+  }
+  const outJson = JSON.stringify(out);
+  if (outJson.length > 8e3) {
+    return { _truncated: true, _original_size: json.length, summary: outJson.slice(0, 6e3) + "..." };
+  }
+  return out;
 }
-
-// src/agents/core-agent.ts
-var log6 = createLogger("agent:core");
 function buildModel(llm) {
+  const baseURL = normalizeBaseUrl(llm.baseUrl);
+  if (baseURL || llm.provider === "other") {
+    return createOpenAI({
+      apiKey: llm.apiKey,
+      baseURL: baseURL ?? "http://localhost:11434/v1"
+    }).chat(llm.model);
+  }
   switch (llm.provider) {
     case "openai":
-      return createOpenAI({ apiKey: llm.apiKey })(llm.model);
+      return createOpenAI({ apiKey: llm.apiKey }).chat(llm.model);
     case "anthropic":
       return createAnthropic({ apiKey: llm.apiKey })(llm.model);
     case "google":
       return createGoogleGenerativeAI({ apiKey: llm.apiKey })(llm.model);
     default:
-      return createOpenAI({ apiKey: llm.apiKey })(llm.model);
+      return createOpenAI({ apiKey: llm.apiKey }).chat(llm.model);
   }
 }
 function getDefaultModel(provider) {
@@ -655,36 +1223,86 @@ function getDefaultModel(provider) {
       return "claude-sonnet-4-20250514";
     case "google":
       return "gemini-2.0-flash";
+    case "other":
+      return "gpt-3.5-turbo";
     default:
       return "gpt-4o";
   }
 }
-var SYSTEM_PROMPT = `You are DSClaw, a friendly AI assistant that manages dropshipping stores through DSers.
-Your user has ZERO technical background \u2014 they are a small business owner or solo entrepreneur.
+var TOOL_LABELS = {
+  dsers_store_discover: "Discovering stores & capabilities...",
+  dsers_product_import: "Importing product...",
+  dsers_product_preview: "Loading preview...",
+  dsers_product_delete: "Deleting product...",
+  dsers_product_visibility: "Setting visibility...",
+  dsers_store_push: "Pushing to store...",
+  dsers_rules_validate: "Validating rules...",
+  dsers_job_status: "Checking job status...",
+  dsers_import_list_search: "Searching import list...",
+  dsers_my_products: "Loading your products..."
+};
+var SYSTEM_PROMPT = `You are DSClaw, a friendly dropshipping AI for DSers. User has zero technical background.
+{{LANGUAGE_RULE}}
+Be warm, clear. Confirm before push/delete/bulk ops.
 
-COMMUNICATION RULES:
-- Always respond in the SAME LANGUAGE the user writes in
-- Use simple, warm, conversational language \u2014 no jargon
-- When showing data (products, stores, orders), format it clearly with bullet points or numbered lists
-- Always confirm before executing write operations (push, delete, update pricing)
-- If something fails, explain what happened in plain language and suggest what to do next
-- Proactively offer helpful next steps after completing a task
+PRICES \u2014 always show separately:
+- cost (\u91C7\u8D2D\u4EF7): supplier price. Field: "cost"
+- sell_price (\u552E\u4EF7): store price. Field: "sell_price"
+- compare_at_price: strikethrough price
+- no_markup=true \u2192 warn user to set pricing rules
+- From dsers_import_list_search: use "cost_range" and "sell_price_range"
+When in Chinese: Format: \u91C7\u8D2D\u4EF7\uFF1A$2.51\u2013$4.00 | \u552E\u4EF7\uFF1A$5.02\u2013$8.00
+When in English: Format: Cost: $2.51\u2013$4.00 | Sell price: $5.02\u2013$8.00
 
-YOUR CAPABILITIES:
-- View connected stores and store details
-- Search and browse the import list (products from suppliers)
-- Import new products from AliExpress, Temu, or 1688
-- Push products to connected stores (Shopify, WooCommerce, etc.)
-- View products already in stores ("My Products")
-- Check and update pricing rules
-- View account plan and billing info
-- Check global settings and shipping configuration
+WORKFLOWS:
+Import: dsers_store_discover \u2192 dsers_product_import(url) \u2192 (rules) \u2192 dsers_store_push(confirm first)
+Batch: source_urls_json / job_ids_json / target_stores_json
+Delete: dsers_product_delete without confirm \u2192 show details \u2192 dsers_product_delete with confirm=true
 
-GUIDELINES:
-- When users describe products vaguely, search first and present options
-- For bulk operations, show a preview and ask for confirmation
-- Use simple summaries: "You have 15 products waiting to be pushed" instead of raw JSON
-- If the user seems confused, offer guided suggestions like "Would you like me to show your stores first?"`;
+TOOL SELECTION \u2014 ALL modifications go through dsers_product_import:
+- dsers_import_list_search returns each item's "source_url". Use it for re-import.
+- Title/description/price changes on existing items:
+  1. dsers_product_import(source_url from dsers_import_list_search, rules_json with changes)
+  2. This re-imports and applies rules in one call, persisting changes via MCP.
+- PRICING (pick mode by user intent):
+  | "set price $9.99" / "all $9.99" \u2192 fixed_price: {"pricing":{"mode":"fixed_price","fixed_price":9.99}}
+  | "double the price" / "3x" \u2192 multiplier: {"pricing":{"mode":"multiplier","multiplier":2.0}}
+  | "add $5 markup" \u2192 fixed_markup: {"pricing":{"mode":"fixed_markup","fixed_markup":5.00}}
+  | "Red $9.99, Blue $12.99" \u2192 variant_overrides: {"variant_overrides":[{"match":"Red","sell_price":9.99},{"match":"Blue","sell_price":12.99}]}
+  All modes accept optional round_digits (0-10).
+- CONTENT: title_override, title_prefix, title_suffix, description_override_html, description_append_html, tags_add (array)
+- IMAGES: drop_indexes, reorder, add_urls, keep_first_n. Only URLs, no base64.
+- VARIANT_OVERRIDES: array of {match, sell_price, compare_at_price, stock, title, image_url}. Applied AFTER global pricing.
+- OPTION_EDITS: array of {action, option_name, value_name?, new_name?}. Actions: rename_option, rename_value, remove_value (DESTRUCTIVE), remove_option.
+- Check response: title_after (changed title), _title_modified, sell_price, cost, desc_changed
+- Existing job_id: dsers_product_import(job_id + rules_json) to re-apply rules.
+
+PUSH CONFIRMATION: Before calling dsers_store_push, ALWAYS show a confirmation checklist and wait for user approval:
+- Product: title, variant count
+- Price: sell vs cost range
+- Store: name
+- Visibility: Draft or Published (warn if Published)
+- Shipping profile: selected profile name, or "NOT SELECTED" with available options listed
+- Pricing Rule: MCP pricing or store rule (warn if conflict)
+If required info is missing (e.g. no shipping profile selected), show warning with available options and ask user to choose.
+ONLY call dsers_store_push after explicit user confirmation (e.g. "push", "go", "confirmed", "\u63A8\u9001", "\u786E\u8BA4").
+Exception: if user's ORIGINAL message already contains explicit push instruction ("push it", "\u76F4\u63A5\u63A8\u9001", "\u63A8\u9001\u5230\u5E97\u94FA"), treat as pre-confirmed \u2014 show checklist as summary, not blocker.
+
+SHIPPING PROFILES: Shopify stores may have multiple shipping profiles.
+- Single profile \u2192 auto-selected, no action needed.
+- Multiple profiles + none specified \u2192 push BLOCKED with available_profiles list.
+- Use shipping_profile_name in push_options_json to select one.
+- Do NOT rely on "default" profiles \u2014 always show user available options when blocked.
+
+ERROR RECOVERY:
+- Expired job_id \u2192 re-import with source_url
+- blocked array \u2192 hard stop, fix before retry
+- warnings array \u2192 soft alert, push proceeds
+- push_blocked_by_missing_shipping_profile \u2192 show available profiles, ask user to pick, retry with shipping_profile_name
+- Auth/401/session errors \u2192 call dsers_authorize to open browser login
+- After dsers_authorize succeeds: tell user authorization succeeded and ask them to resend their request. Do NOT retry in the same turn (session will refresh on next message).
+- If DSers session expired: tell user to go to Settings \u2192 Disconnect DSers \u2192 Reconnect. NEVER mention terminal commands (npx, npm, node) or environment variables (DSERS_TOKEN).
+- NEVER ask user to run terminal commands or npx`;
 var DSClawCoreAgent = class {
   id = "dsclaw-core";
   name = "DSClaw Core Agent";
@@ -692,13 +1310,44 @@ var DSClawCoreAgent = class {
   memory;
   llm;
   customTools = /* @__PURE__ */ new Map();
-  constructor(dsers, memory, llm) {
+  importService = null;
+  jobIdMap = loadJobIdMap();
+  mcpAvailable = false;
+  authCallback;
+  constructor(dsers, memory, llm, dsersSession, authCallback, jobStore) {
     this.dsers = dsers;
     this.memory = memory;
     this.llm = llm;
+    this.authCallback = authCallback;
+    if (dsersSession?.sessionId) {
+      try {
+        const mcpConfig = configFromToken(dsersSession.sessionId, dsersSession.state);
+        const provider = buildProvider(mcpConfig);
+        this.importService = new ImportFlowService(provider, jobStore ?? new MemoryJobStore());
+        this.mcpAvailable = true;
+        log7.info("MCP ImportFlowService initialized");
+      } catch (err) {
+        log7.warn({ err }, "Failed to init MCP ImportFlowService \u2014 product tools unavailable");
+      }
+    }
+  }
+  getSystemPrompt() {
+    const rule = "ALWAYS respond in the same language as the user's most recent message. If they write Chinese, respond in Chinese. If English, respond in English. Never switch languages unless the user does.";
+    return SYSTEM_PROMPT.replace("{{LANGUAGE_RULE}}", `Language rule: ${rule}`);
+  }
+  shortenJobId(fullId) {
+    const dotIdx = fullId.indexOf(".");
+    if (dotIdx <= 0) return fullId;
+    const short = fullId.slice(0, dotIdx);
+    this.jobIdMap.set(short, fullId);
+    persistJobIdMap(this.jobIdMap);
+    return short;
   }
-  registerTool(t) {
-    this.customTools.set(t.name, t);
+  resolveJobId(maybeShort) {
+    return this.jobIdMap.get(maybeShort) ?? maybeShort;
+  }
+  registerTool(t2) {
+    this.customTools.set(t2.name, t2);
   }
   removeTool(name) {
     this.customTools.delete(name);
@@ -712,9 +1361,9 @@ var DSClawCoreAgent = class {
     const memoryContext = memories.length > 0 ? `
 
 Relevant memories:
-${memories.map((m) => `- ${m.content}`).join("\n")}` : "";
+${memories.map((m2) => `- ${m2.content}`).join("\n")}` : "";
     const messages = [
-      { role: "system", content: SYSTEM_PROMPT + memoryContext },
+      { role: "system", content: this.getSystemPrompt() + memoryContext },
       ...context.history.map(
         (h) => ({
           role: h.role,
@@ -724,17 +1373,21 @@ ${memories.map((m) => `- ${m.content}`).join("\n")}` : "";
       { role: "user", content: message }
     ];
     const tools = this.buildAITools(context);
-    log6.info(
+    log7.info(
       { userId: context.userId, messageLen: message.length, toolCount: Object.keys(tools).length },
       "Processing message"
     );
     try {
+      const abort = new AbortController();
+      const timer = setTimeout(() => abort.abort(), 12e4);
       const result = await generateText({
         model,
         messages,
         tools,
-        stopWhen: stepCountIs(5)
+        stopWhen: stepCountIs(10),
+        abortSignal: abort.signal
       });
+      clearTimeout(timer);
       const toolCalls = result.steps?.flatMap(
         (step) => step.toolCalls?.map((tc) => ({
           tool: tc.toolName,
@@ -747,20 +1400,12 @@ ${memories.map((m) => `- ${m.content}`).join("\n")}` : "";
           }
         }))
       ).filter(Boolean) ?? [];
-      if (result.text.length > 20) {
-        this.memory.add(`User: "${message.slice(0, 100)}" -> ${toolCalls.length} tools used`, {
-          userId: context.userId,
-          category: "pattern",
-          agentId: this.id
-        }).catch(() => {
-        });
-      }
       return {
         text: result.text,
         toolCalls
       };
     } catch (error) {
-      log6.error({ error, userId: context.userId }, "Agent processing failed");
+      log7.error({ error, userId: context.userId }, "Agent processing failed");
       writeAuditLog({
         userId: context.userId,
         agentId: this.id,
@@ -774,9 +1419,9 @@ ${memories.map((m) => `- ${m.content}`).join("\n")}` : "";
   }
   /**
    * Streaming version of process() — yields text chunks for real-time display.
-   * Returns textStream (async iterable) + response promise (resolves after completion).
+   * Calls onStatus when tool calls happen so the UI can show activity.
    */
-  processStream(message, context) {
+  processStream(message, context, onStatus, callbacks, attachments) {
     const model = buildModel(this.llm);
     const memories = this.memory.search(message, { userId: context.userId, limit: 5 }).catch(() => []);
     const tools = this.buildAITools(context);
@@ -785,38 +1430,112 @@ ${memories.map((m) => `- ${m.content}`).join("\n")}` : "";
       const memoryContext = mems.length > 0 ? `
 
 Relevant memories:
-${mems.map((m) => `- ${m.content}`).join("\n")}` : "";
+${mems.map((m2) => `- ${m2.content}`).join("\n")}` : "";
+      const userContent = attachments?.length ? [
+        ...attachments.map((a) => ({
+          type: "image",
+          image: a.data ?? a.url,
+          mimeType: a.mimeType
+        })),
+        { type: "text", text: message }
+      ] : message;
       const messages = [
-        { role: "system", content: SYSTEM_PROMPT + memoryContext },
+        { role: "system", content: this.getSystemPrompt() + memoryContext },
         ...context.history.map(
           (h) => ({
             role: h.role,
             content: h.content
           })
         ),
-        { role: "user", content: message }
+        { role: "user", content: userContent }
       ];
-      log6.info(
-        { userId: context.userId, messageLen: message.length, streaming: true },
+      const totalMsgChars = messages.reduce((sum, m2) => sum + (typeof m2.content === "string" ? m2.content.length : JSON.stringify(m2.content).length), 0);
+      const toolNames = Object.keys(tools);
+      const toolSchemaChars = JSON.stringify(Object.fromEntries(
+        Object.entries(tools).map(([k, v]) => [k, v.description ?? ""])
+      )).length;
+      log7.info(
+        {
+          userId: context.userId,
+          messageLen: message.length,
+          streaming: true,
+          llmProvider: self.llm.provider,
+          llmModel: self.llm.model,
+          llmBaseUrl: self.llm.baseUrl,
+          historyTurns: context.history.length,
+          totalMsgChars,
+          toolCount: toolNames.length,
+          toolSchemaChars,
+          approxTokens: Math.ceil(totalMsgChars / 3.5)
+        },
         "Processing message (stream)"
       );
       return streamText({
         model,
         messages,
         tools,
-        stopWhen: stepCountIs(5)
+        stopWhen: stepCountIs(10),
+        onChunk({ chunk }) {
+          if (chunk.type === "tool-call") {
+            toolActive = true;
+            const name = chunk.toolName ?? "";
+            const args = chunk.args ?? chunk.input ?? {};
+            log7.info({ tool: name, args: JSON.stringify(args).slice(0, 500) }, "Tool call");
+            if (onStatus) {
+              let label = TOOL_LABELS[name] ?? name;
+              if (name === "dsers_product_import") {
+                if (args.job_id && !args.source_url && !args.source_urls_json) {
+                  label = args.rules_json ? "Applying rules..." : "Refreshing preview...";
+                }
+              }
+              onStatus(label ?? "Working...");
+            }
+            if (callbacks?.onToolCall && chunk.toolCallId) {
+              toolStartTimes.set(chunk.toolCallId, Date.now());
+              callbacks.onToolCall(chunk.toolCallId, name, args);
+            }
+          }
+          if (chunk.type === "tool-result") {
+            toolActive = false;
+            const name = chunk.toolName ?? "";
+            const output = chunk.output ?? chunk.result;
+            const resultStr = JSON.stringify(output ?? "").slice(0, 500);
+            log7.info({ tool: name, resultSnippet: resultStr }, "Tool result");
+            if (callbacks?.onToolResult && chunk.toolCallId) {
+              const startTime = toolStartTimes.get(chunk.toolCallId) ?? Date.now();
+              const durationMs = Date.now() - startTime;
+              toolStartTimes.delete(chunk.toolCallId);
+              callbacks.onToolResult(chunk.toolCallId, name, chunk.result, void 0, durationMs);
+            }
+            if (onStatus) onStatus("Thinking...");
+          }
+        }
       });
     });
+    let toolActive = false;
+    const toolStartTimes = /* @__PURE__ */ new Map();
     const textStream = {
       [Symbol.asyncIterator]() {
         let innerIterator = null;
+        let gotFirstToken = false;
         return {
           async next() {
-            if (!innerIterator) {
-              const result = await streamPromise;
-              innerIterator = result.textStream[Symbol.asyncIterator]();
+            try {
+              if (!innerIterator) {
+                const result = await withTimeout(streamPromise, 6e4, "LLM init");
+                innerIterator = result.textStream[Symbol.asyncIterator]();
+              }
+              const timeout = gotFirstToken ? 6e4 : 12e4;
+              const res = await withToolAwareTimeout(innerIterator.next(), timeout, () => toolActive, "LLM response");
+              if (!res.done && res.value) {
+                gotFirstToken = true;
+                toolActive = false;
+              }
+              return res;
+            } catch (err) {
+              log7.error({ err, toolActive, gotFirstToken }, "Stream iterator error");
+              throw err;
             }
-            return innerIterator.next();
           }
         };
       }
@@ -836,14 +1555,6 @@ ${mems.map((m) => `- ${m.content}`).join("\n")}` : "";
           }
         }))
       ).filter(Boolean) ?? [];
-      if (text.length > 20) {
-        self.memory.add(`User: "${message.slice(0, 100)}" -> ${toolCalls.length} tools used`, {
-          userId: context.userId,
-          category: "pattern",
-          agentId: self.id
-        }).catch(() => {
-        });
-      }
       return {
         text,
         toolCalls
@@ -853,207 +1564,525 @@ ${mems.map((m) => `- ${m.content}`).join("\n")}` : "";
   }
   buildAITools(context) {
     const dsers = this.dsers;
+    const svc = this.importService;
+    const jmap = this.jobIdMap;
+    const resolveJid = (id) => this.resolveJobId(id);
     const audit = (action, target, params, result = "pending") => writeAuditLog({ userId: context.userId, agentId: this.id, action, target, params, result });
-    return {
-      listStores: aiTool({
-        description: "List all connected stores (Shopify, WooCommerce, etc.) with their IDs and status.",
-        inputSchema: z2.object({}),
-        execute: async () => {
-          audit("listStores", "dsers:account");
-          const result = await listStores(dsers);
-          audit("listStores", "dsers:account", void 0, "success");
-          return result;
-        }
-      }),
-      getUserInfo: aiTool({
-        description: "Get the user's DSers account info (email, name, plan).",
-        inputSchema: z2.object({}),
-        execute: async () => {
-          audit("getUserInfo", "dsers:account");
-          const result = await getUserInfo(dsers);
-          audit("getUserInfo", "dsers:account", void 0, "success");
-          return result;
-        }
-      }),
-      searchImportList: aiTool({
-        description: "Search the import list \u2014 products imported from suppliers but not yet pushed to stores.",
-        inputSchema: z2.object({
-          page: z2.number().optional().describe("Page number (default 1)"),
-          pageSize: z2.number().optional().describe("Items per page (default 20)"),
-          keyword: z2.string().optional().describe("Search keyword")
-        }),
-        execute: async (input) => {
-          audit("searchImportList", "dsers:product", input);
-          const result = await getImportList(dsers, input);
-          audit("searchImportList", "dsers:product", void 0, "success");
-          return result;
-        }
-      }),
-      importProduct: aiTool({
-        description: "Import a product from a supplier (AliExpress/Temu/1688) into the import list. Needs the supplier product ID and platform (1=AliExpress, 2=Temu, 3=1688).",
+    const tools = {};
+    if (svc) {
+      tools.dsers_store_discover = aiTool({
+        description: "Get connected stores, account info (plan/limits), and rule capabilities. Call first before import/push.",
         inputSchema: z2.object({
-          supplyProductId: z2.string().describe("Supplier product ID"),
-          supplyAppId: z2.number().describe("1=AliExpress, 2=Temu, 3=1688"),
-          country: z2.string().default("US").describe("Target country")
+          target_store: z2.string().optional().describe("Filter by store ID or name")
         }),
         execute: async (input) => {
-          audit("importProduct", "dsers:product", input);
-          const result = await importByProductId(dsers, input);
-          audit("importProduct", "dsers:product", void 0, "success");
-          return result;
+          audit("dsers_store_discover", "mcp");
+          const result = await withTimeout(svc.getRuleCapabilities(input), 6e4, "Store discovery");
+          audit("dsers_store_discover", "mcp", void 0, "success");
+          return compactToolResult(result, jmap);
         }
-      }),
-      pushToStore: aiTool({
-        description: "Push products from import list to a connected store. ALWAYS confirm with user first.",
+      });
+      tools.dsers_product_import = aiTool({
+        description: "Import product by URL or re-apply rules to existing job. Modes: (1) source_url for new import, (2) job_id+rules_json to update rules, (3) job_id alone to refresh. Expired job_id \u2192 re-import with source_url. Returns: job_id, title (or title_before+title_after), sell_price, cost, variants, blocked, warnings.",
         inputSchema: z2.object({
-          importListIds: z2.array(z2.string()).describe("Import list item IDs"),
-          storeIds: z2.array(z2.string()).describe("Target store IDs"),
-          pushStatus: z2.enum(["ACTIVE", "DRAFT"]).default("DRAFT")
+          source_url: z2.string().optional().describe("Supplier product URL"),
+          source_urls_json: z2.string().optional().describe("Batch: JSON array of URLs"),
+          job_id: z2.string().optional().describe("Existing job ID for rule updates"),
+          source_hint: z2.string().optional().describe("auto|aliexpress|alibaba|accio"),
+          country: z2.string().default("US").describe("Country code"),
+          target_store: z2.string().optional().describe("Store ID or name"),
+          visibility_mode: z2.string().optional().describe("backend_only|sell_immediately"),
+          rules_json: z2.string().optional().describe(
+            "JSON rules. Pricing: fixed_price({fixed_price:9.99}), multiplier({multiplier:2}), fixed_markup({fixed_markup:5}). Content: title_override, description_override_html. Images: keep_first_n, drop_indexes, add_urls. variant_overrides: [{match,sell_price,compare_at_price,stock}]. option_edits: [{action,option_name,value_name?,new_name?}]."
+          )
         }),
         execute: async (input) => {
-          audit("pushToStore", "dsers:product", input);
-          const result = await pushToStore(dsers, input);
-          audit("pushToStore", "dsers:product", void 0, "success");
-          return result;
+          audit("dsers_product_import", "mcp", input);
+          const payload = {};
+          if (input.job_id && !input.source_url && !input.source_urls_json) {
+            payload.job_id = resolveJid(input.job_id);
+            if (input.rules_json) {
+              try {
+                payload.rules = JSON.parse(input.rules_json);
+              } catch {
+                throw new Error(
+                  'Invalid JSON in rules_json. Expected: {"pricing":{"mode":"fixed_price","fixed_price":9.99}} or {"content":{"title_override":"New Title"}}'
+                );
+              }
+            } else {
+              payload._keep_existing_rules = true;
+            }
+            if (input.target_store) payload.target_store = input.target_store;
+            if (input.visibility_mode) payload.visibility_mode = input.visibility_mode;
+            const result2 = await withTimeout(svc.reapplyRules(payload), 12e4, "Rule reapply");
+            audit("dsers_product_import", "mcp", void 0, "success");
+            return compactToolResult(result2, jmap);
+          }
+          if (input.source_url) payload.source_url = input.source_url;
+          if (input.source_urls_json) {
+            try {
+              payload.source_urls = JSON.parse(input.source_urls_json);
+            } catch {
+              throw new Error("Invalid JSON in source_urls_json.");
+            }
+          }
+          if (input.source_hint) payload.source_hint = input.source_hint;
+          if (input.country) payload.country = input.country;
+          if (input.target_store) payload.target_store = input.target_store;
+          payload.visibility_mode = input.visibility_mode || "backend_only";
+          if (input.rules_json) {
+            try {
+              payload.rules = JSON.parse(input.rules_json);
+            } catch {
+              throw new Error("Invalid JSON in rules_json.");
+            }
+          }
+          const result = await withTimeout(svc.prepareImportCandidate(payload), 12e4, "Product import");
+          audit("dsers_product_import", "mcp", void 0, "success");
+          return compactToolResult(result, jmap);
         }
-      }),
-      getMyProducts: aiTool({
-        description: "Get products already pushed to stores. Check status, inventory, or find products to update.",
+      });
+      tools.dsers_product_preview = aiTool({
+        description: "Reload preview for an imported job. Returns prices, variants, images.",
         inputSchema: z2.object({
-          page: z2.number().optional(),
-          pageSize: z2.number().optional(),
-          keyword: z2.string().optional(),
-          storeId: z2.string().optional()
+          job_id: z2.string().describe("Job ID from dsers_product_import"),
+          variant_offset: z2.number().optional().describe("Start index for variant pagination"),
+          variant_limit: z2.number().optional().describe("Max variants to return")
         }),
         execute: async (input) => {
-          audit("getMyProducts", "dsers:product", input);
-          const result = await getMyProducts(dsers, input);
-          audit("getMyProducts", "dsers:product", void 0, "success");
-          return result;
+          audit("dsers_product_preview", "mcp", input);
+          const result = await withTimeout(svc.getImportPreview({ ...input, job_id: resolveJid(input.job_id) }), 3e4, "Preview");
+          audit("dsers_product_preview", "mcp", void 0, "success");
+          return compactToolResult(result, jmap);
         }
-      }),
-      getPricingRules: aiTool({
-        description: "Get pricing rules for a store (markup, rounding, etc.).",
+      });
+      tools.dsers_store_push = aiTool({
+        description: "Push product(s) to store(s). Show confirmation checklist and get user approval first. May return blocked (shipping_profile, pricing_rule) or warnings. Use push_options_json with shipping_profile_name when store has multiple shipping profiles.",
         inputSchema: z2.object({
-          storeId: z2.string().describe("Store ID to get pricing rules for")
+          job_id: z2.string().optional().describe("Job ID"),
+          job_ids_json: z2.string().optional().describe("Batch: JSON array of job IDs"),
+          target_store: z2.string().optional().describe("Store ID or name from dsers_store_discover"),
+          target_stores_json: z2.string().optional().describe("Multi-store: JSON array of store names"),
+          visibility_mode: z2.string().optional().describe("backend_only|sell_immediately"),
+          force_push: z2.boolean().optional().describe("Override safety checks"),
+          push_options_json: z2.string().optional().describe(
+            'Push config JSON. Include shipping_profile_name when multiple profiles exist. E.g. {"shipping_profile_name":"General Profile","pricing_rule_behavior":"apply_store_pricing_rule"}'
+          )
         }),
         execute: async (input) => {
-          audit("getPricingRules", "dsers:settings", input);
-          const result = await getPricingRules(dsers, input.storeId);
-          audit("getPricingRules", "dsers:settings", void 0, "success");
-          return result;
+          audit("dsers_store_push", "mcp", input);
+          const payload = {};
+          if (input.job_ids_json) {
+            try {
+              const ids = JSON.parse(input.job_ids_json);
+              payload.job_ids = ids.map(resolveJid);
+            } catch {
+              throw new Error("Invalid JSON in job_ids_json");
+            }
+          } else if (input.job_id) {
+            payload.job_id = resolveJid(input.job_id);
+          }
+          if (input.target_store) payload.target_store = input.target_store;
+          if (input.target_stores_json) {
+            try {
+              payload.target_stores = JSON.parse(input.target_stores_json);
+            } catch {
+              throw new Error("Invalid JSON in target_stores_json");
+            }
+          }
+          if (input.visibility_mode) payload.visibility_mode = input.visibility_mode;
+          if (input.force_push) payload.force_push = true;
+          if (input.push_options_json) {
+            try {
+              payload.push_options = JSON.parse(input.push_options_json);
+            } catch {
+              throw new Error("Invalid JSON in push_options_json");
+            }
+          }
+          const result = await withTimeout(svc.confirmPushToStore(payload), 18e4, "Push to store");
+          audit("dsers_store_push", "mcp", void 0, "success");
+          return compactToolResult(result, jmap);
         }
-      }),
-      getGlobalSettings: aiTool({
-        description: "Get global DSers settings (notifications, sync preferences, etc.).",
+      });
+      tools.dsers_rules_validate = aiTool({
+        description: "Validate pricing/content/image rules before importing.",
+        inputSchema: z2.object({
+          rules_json: z2.string().describe("Rules as JSON string"),
+          target_store: z2.string().optional().describe("Store ID or name")
+        }),
+        execute: async (input) => {
+          audit("dsers_rules_validate", "mcp");
+          let rules;
+          try {
+            rules = JSON.parse(input.rules_json);
+          } catch {
+            throw new Error("Invalid JSON in rules_json");
+          }
+          const result = await withTimeout(svc.validateRules({ rules, target_store: input.target_store ?? null }), 3e4, "Rule validation");
+          audit("dsers_rules_validate", "mcp", void 0, "success");
+          return compactToolResult(result, jmap);
+        }
+      });
+      tools.dsers_job_status = aiTool({
+        description: "Check job status: preview_ready \u2192 push_requested \u2192 completed/failed.",
+        inputSchema: z2.object({
+          job_id: z2.string().describe("Job ID")
+        }),
+        execute: async (input) => {
+          audit("dsers_job_status", "mcp", input);
+          const result = await withTimeout(svc.getJobStatus({ ...input, job_id: resolveJid(input.job_id) }), 3e4, "Job status");
+          audit("dsers_job_status", "mcp", void 0, "success");
+          return compactToolResult(result, jmap);
+        }
+      });
+      tools.dsers_product_visibility = aiTool({
+        description: "Set job visibility: backend_only (draft) or sell_immediately (live).",
+        inputSchema: z2.object({
+          job_id: z2.string().describe("Job ID"),
+          visibility_mode: z2.string().describe("backend_only|sell_immediately")
+        }),
+        execute: async (input) => {
+          audit("dsers_product_visibility", "mcp", input);
+          const result = await withTimeout(svc.setProductVisibility({ ...input, job_id: resolveJid(input.job_id) }), 3e4, "Set visibility");
+          audit("dsers_product_visibility", "mcp", void 0, "success");
+          return compactToolResult(result, jmap);
+        }
+      });
+      tools.dsers_product_delete = aiTool({
+        description: "Delete product from import list. Call without confirm first, then with confirm=true after user approves.",
+        inputSchema: z2.object({
+          import_item_id: z2.string().describe("Item ID from dsers_import_list_search"),
+          confirm: z2.boolean().optional().describe("true only after user approves")
+        }),
+        execute: async (input) => {
+          audit("dsers_product_delete", "mcp", input);
+          const result = await withTimeout(svc.deleteImportItem(input), 3e4, "Delete import item");
+          audit("dsers_product_delete", "mcp", void 0, "success");
+          return compactToolResult(result, jmap);
+        }
+      });
+    } else {
+      log7.warn("MCP ImportFlowService not available \u2014 no MCP tools registered");
+    }
+    if (this.authCallback) {
+      tools.dsers_authorize = aiTool({
+        description: "Open browser for DSers login. Call when DSers ops fail with auth/401/session errors.",
         inputSchema: z2.object({}),
         execute: async () => {
-          audit("getGlobalSettings", "dsers:settings");
-          const result = await getGlobalSettings(dsers);
-          audit("getGlobalSettings", "dsers:settings", void 0, "success");
+          const result = await withTimeout(this.authCallback(), 2e5, "DSers authorization");
           return result;
         }
+      });
+    }
+    tools.dsers_import_list_search = aiTool({
+      description: "Search import list. Returns items with id, source_url, cost_range, sell_price_range. Use source_url with dsers_product_import for modifications.",
+      inputSchema: z2.object({
+        page: z2.number().optional().describe("Page number (default 1)"),
+        pageSize: z2.number().optional().describe("Items per page (default 20)"),
+        keyword: z2.string().optional().describe("Search keyword")
       }),
-      getCurrentPlan: aiTool({
-        description: "Check the user's current DSers subscription plan and limits.",
-        inputSchema: z2.object({}),
-        execute: async () => {
-          audit("getCurrentPlan", "dsers:settings");
-          const result = await getCurrentPlan(dsers);
-          audit("getCurrentPlan", "dsers:settings", void 0, "success");
-          return result;
+      execute: async (input) => {
+        audit("dsers_import_list_search", "dsers:product", input);
+        const result = await withTimeout(getImportList(dsers, input), 3e4, "Search import list");
+        audit("dsers_import_list_search", "dsers:product", void 0, "success");
+        const items = result?.data?.list ?? result?.data ?? [];
+        if (Array.isArray(items) && items.length > 0) {
+          const enriched = await Promise.allSettled(
+            items.slice(0, 10).map(async (item) => {
+              const itemId = item.id ?? item.importListId;
+              if (!itemId) return item;
+              try {
+                const detail = await withTimeout(
+                  getImportListItem(dsers, String(itemId)),
+                  15e3,
+                  "Item detail"
+                );
+                const detailData = detail?.data ?? detail;
+                const variants = detailData?.variants ?? detailData?.skuList ?? detailData?.variantList ?? [];
+                if (!Array.isArray(variants) || !variants.length) return item;
+                const sellPrices = [];
+                const costPrices = [];
+                for (const v of variants) {
+                  const rawSell = Number(v.sellPrice ?? v.salePrice ?? v.price);
+                  const rawCost = Number(v.supplierPrice ?? v.buyPrice ?? v.cost);
+                  const sell = rawSell > 100 ? rawSell / 100 : rawSell;
+                  const cost = rawCost > 100 ? rawCost / 100 : rawCost;
+                  if (Number.isFinite(sell) && sell > 0) sellPrices.push(sell);
+                  if (Number.isFinite(cost) && cost > 0) costPrices.push(cost);
+                }
+                const enrichedItem = { ...item };
+                const supplyProductId = detailData?.supplyProductId ?? item?.supplyProductId;
+                const supplyAppId = Number(detailData?.supplyAppId ?? item?.supplyAppId ?? 1);
+                if (supplyProductId) {
+                  if (supplyAppId === 2) {
+                    enrichedItem.source_url = `https://www.temu.com/product/${supplyProductId}.html`;
+                  } else if (supplyAppId === 3) {
+                    enrichedItem.source_url = `https://detail.1688.com/offer/${supplyProductId}.html`;
+                  } else {
+                    enrichedItem.source_url = `https://www.aliexpress.com/item/${supplyProductId}.html`;
+                  }
+                }
+                if (costPrices.length) {
+                  enrichedItem.cost_range = `$${Math.min(...costPrices).toFixed(2)} \u2013 $${Math.max(...costPrices).toFixed(2)}`;
+                }
+                if (sellPrices.length) {
+                  enrichedItem.sell_price_range = `$${Math.min(...sellPrices).toFixed(2)} \u2013 $${Math.max(...sellPrices).toFixed(2)}`;
+                  enrichedItem.no_markup = sellPrices.every((s, i) => Math.abs(s - (costPrices[i] ?? s)) < 0.01);
+                }
+                enrichedItem.variant_count = variants.length;
+                let totalStock = 0;
+                const lowStockVariants = [];
+                for (const v of variants) {
+                  const stock = Number(v.stock ?? v.quantity ?? v.inventory ?? 0);
+                  const safeStock = Number.isFinite(stock) ? stock : 0;
+                  totalStock += safeStock;
+                  if (safeStock <= 5) {
+                    lowStockVariants.push({
+                      id: String(v.id ?? v.variantId ?? v.skuId ?? ""),
+                      sku: String(v.sku ?? v.skuAttr ?? v.optionName ?? v.title ?? ""),
+                      stock: safeStock
+                    });
+                  }
+                }
+                enrichedItem.total_stock = totalStock;
+                if (lowStockVariants.length > 0) {
+                  enrichedItem.low_stock_variants = lowStockVariants;
+                  enrichedItem.low_stock_warning = `${lowStockVariants.length} of ${variants.length} variants have stock \u2264 5`;
+                }
+                return enrichedItem;
+              } catch (err) {
+                log7.warn({ err, itemId }, "Failed to enrich import list item");
+                return item;
+              }
+            })
+          );
+          const enrichedItems = enriched.map((r) => r.status === "fulfilled" ? r.value : items[0]);
+          const cleanItems = enrichedItems.map((item) => ({
+            id: item.id ?? item.importListId,
+            title: item.title ?? "(untitled)",
+            source_url: item.source_url,
+            cost_range: item.cost_range,
+            sell_price_range: item.sell_price_range,
+            no_markup: item.no_markup,
+            variant_count: item.variant_count,
+            total_stock: item.total_stock,
+            low_stock_warning: item.low_stock_warning,
+            low_stock_variants: item.low_stock_variants
+          }));
+          return { items: cleanItems, total: result?.data?.total ?? cleanItems.length };
         }
-      })
-    };
+        const rawItems = result?.data ?? [];
+        if (Array.isArray(rawItems)) {
+          return { items: rawItems.map((item) => ({
+            id: item.id ?? item.importListId,
+            title: item.title ?? "(untitled)"
+          })), total: rawItems.length };
+        }
+        return compactToolResult(result);
+      }
+    });
+    tools.dsers_my_products = aiTool({
+      description: "Get products already pushed to stores.",
+      inputSchema: z2.object({
+        page: z2.number().optional(),
+        pageSize: z2.number().optional(),
+        keyword: z2.string().optional(),
+        storeId: z2.string().optional()
+      }),
+      execute: async (input) => {
+        audit("dsers_my_products", "dsers:product", input);
+        const result = await withTimeout(getMyProducts(dsers, input), 3e4, "My products");
+        audit("dsers_my_products", "dsers:product", void 0, "success");
+        return compactToolResult(result);
+      }
+    });
+    return tools;
   }
 };
 
+// src/gateway/gateway.ts
+import { MemoryJobStore as MemoryJobStore2 } from "@lofder/dsers-mcp-product/dist/job-store-memory.js";
+
 // src/web/server.ts
+init_logger();
 import { createServer } from "http";
-import { readFileSync as readFileSync4, existsSync as existsSync5 } from "fs";
-import { join as join5, dirname as dirname2 } from "path";
+import { readFileSync as readFileSync5, writeFileSync as writeFileSync5, mkdirSync as mkdirSync6, existsSync as existsSync7, statSync, readdirSync } from "fs";
+import { join as join7, dirname as dirname2, extname } from "path";
 import { fileURLToPath } from "url";
-import { WebSocketServer, WebSocket } from "ws";
-import { v4 as uuid } from "uuid";
-var log7 = createLogger("channel:web");
-function findChatHtml() {
+import { homedir as homedir3 } from "os";
+import { WebSocketServer, WebSocket as WebSocket2 } from "ws";
+import { nanoid as nanoid2 } from "nanoid";
+var log8 = createLogger("channel:web");
+var DEFAULT_WEB_USER = "web-default";
+var MIME_TYPES = {
+  ".html": "text/html; charset=utf-8",
+  ".js": "application/javascript; charset=utf-8",
+  ".css": "text/css; charset=utf-8",
+  ".json": "application/json",
+  ".svg": "image/svg+xml",
+  ".png": "image/png",
+  ".ico": "image/x-icon",
+  ".woff2": "font/woff2",
+  ".woff": "font/woff"
+};
+function findWebDir() {
   const thisDir = dirname2(fileURLToPath(import.meta.url));
   const candidates = [
-    join5(thisDir, "chat.html"),
-    join5(thisDir, "web", "chat.html"),
-    join5(thisDir, "..", "web", "chat.html"),
-    join5(thisDir, "..", "src", "web", "chat.html"),
-    join5(thisDir, "..", "..", "src", "web", "chat.html")
+    join7(thisDir, "web"),
+    join7(thisDir),
+    join7(thisDir, "..", "web"),
+    join7(thisDir, "..", "dist", "web"),
+    join7(thisDir, "..", "..", "dist", "web")
   ];
-  for (const p of candidates) {
-    if (existsSync5(p)) {
-      return readFileSync4(p, "utf-8");
-    }
+  for (const d of candidates) {
+    if (existsSync7(join7(d, "index.html"))) return d;
   }
   throw new Error(
-    "chat.html not found. Looked in:\n" + candidates.join("\n")
+    `Web build not found (index.html). Looked in:
+` + candidates.join("\n")
   );
 }
-var WebChatServer = class {
+var WebChatServer = class _WebChatServer {
   name = "web";
   server = null;
   wss = null;
   handler = null;
   connectHandler = null;
+  settingsHandler = null;
   connections = /* @__PURE__ */ new Map();
   _connected = false;
   port = 3e3;
   get connected() {
     return this._connected;
   }
+  get actualPort() {
+    return this.port;
+  }
   async connect(config) {
-    this.port = config["port"] ?? 3e3;
-    const chatHtml = findChatHtml();
-    this.server = createServer((req, res) => {
-      if (req.url === "/" || req.url === "/index.html") {
-        res.writeHead(200, {
-          "Content-Type": "text/html; charset=utf-8",
-          "Cache-Control": "no-cache"
-        });
-        res.end(chatHtml);
-        return;
+    const basePort = config["port"] ?? 3e3;
+    const webDir = findWebDir();
+    const maxAttempts = 10;
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+      const tryPort = basePort + attempt;
+      const ok = await this.tryListen(tryPort, webDir);
+      if (ok) return;
+      if (attempt < maxAttempts - 1) {
+        log8.warn({ port: tryPort }, "Port in use, trying next");
       }
-      if (req.url === "/health") {
-        res.writeHead(200, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ ok: true, clients: this.connections.size }));
-        return;
-      }
-      res.writeHead(404);
-      res.end("Not Found");
+    }
+    throw new Error(`No available port found (tried ${basePort}-${basePort + maxAttempts - 1})`);
+  }
+  tryListen(tryPort, webDir) {
+    return new Promise((resolve) => {
+      const indexHtml = readFileSync5(join7(webDir, "index.html"), "utf-8");
+      const srv = createServer((req, res) => {
+        if (req.url === "/health") {
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ ok: true, clients: this.connections.size }));
+          return;
+        }
+        const urlPath = req.url?.split("?")[0] ?? "/";
+        if (urlPath.startsWith("/uploads/")) {
+          const uploadsDir = join7(homedir3(), ".dsclaw", "uploads");
+          const fileName = urlPath.slice("/uploads/".length);
+          if (/^[a-zA-Z0-9._-]+$/.test(fileName)) {
+            const filePath2 = join7(uploadsDir, fileName);
+            if (existsSync7(filePath2) && statSync(filePath2).isFile()) {
+              const ext = extname(filePath2);
+              const mime = MIME_TYPES[ext] ?? "application/octet-stream";
+              res.writeHead(200, { "Content-Type": mime, "Cache-Control": "public, max-age=86400" });
+              res.end(readFileSync5(filePath2));
+              return;
+            }
+          }
+          res.writeHead(404);
+          res.end("Not found");
+          return;
+        }
+        if (urlPath !== "/" && urlPath !== "/index.html") {
+          const filePath2 = join7(webDir, urlPath);
+          if (existsSync7(filePath2) && statSync(filePath2).isFile()) {
+            const ext = extname(filePath2);
+            const contentType = MIME_TYPES[ext] ?? "application/octet-stream";
+            const cacheHeader = urlPath.includes("/assets/") ? "public, max-age=31536000, immutable" : "no-cache";
+            res.writeHead(200, { "Content-Type": contentType, "Cache-Control": cacheHeader });
+            res.end(readFileSync5(filePath2));
+            return;
+          }
+        }
+        res.writeHead(200, { "Content-Type": "text/html; charset=utf-8", "Cache-Control": "no-cache" });
+        res.end(indexHtml);
+      });
+      srv.once("error", (err) => {
+        if (err.code === "EADDRINUSE") {
+          resolve(false);
+        } else {
+          throw err;
+        }
+      });
+      srv.listen(tryPort, () => {
+        this.server = srv;
+        this.port = tryPort;
+        this._connected = true;
+        this.setupWebSocket();
+        log8.info({ port: tryPort }, "Web chat server started");
+        resolve(true);
+      });
     });
+  }
+  setupWebSocket() {
     this.wss = new WebSocketServer({ server: this.server, path: "/ws" });
-    this.wss.on("connection", (ws, req) => {
-      const url = new URL(req.url ?? "/", `http://localhost:${this.port}`);
-      let clientId = url.searchParams.get("userId") || uuid();
+    this.wss.on("connection", (ws, _req) => {
+      let clientId = DEFAULT_WEB_USER;
       this.wsSend(ws, { type: "session", userId: clientId });
       this.connections.set(clientId, ws);
-      log7.info({ userId: clientId }, "Web client connected");
+      log8.info({ userId: clientId }, "Web client connected");
       if (this.connectHandler) {
         try {
           this.connectHandler(clientId);
         } catch (err) {
-          log7.error({ error: err, userId: clientId }, "Connect handler failed");
+          log8.error({ error: err, userId: clientId }, "Connect handler failed");
         }
       }
+      try {
+        const files = this.buildFileTree();
+        this.wsSend(ws, { type: "file_list", files });
+      } catch (err) {
+        log8.warn({ error: err }, "Failed to push initial file_list");
+      }
       ws.on("message", async (raw) => {
         try {
           const msg = JSON.parse(raw.toString());
-          if (msg["userId"]) clientId = msg["userId"];
           this.connections.set(clientId, ws);
-          if (!this.handler) return;
           const msgType = msg["type"];
+          if (msgType === "get_settings" || msgType === "start_dsers_auth" || msgType === "cancel_dsers_auth" || msgType === "save_dsers_session" || msgType === "save_llm" || msgType === "disconnect_dsers" || msgType === "set_language") {
+            log8.info({ userId: clientId, action: msgType }, "Settings message received");
+            if (this.settingsHandler) {
+              await this.settingsHandler(clientId, msgType, msg);
+            }
+            return;
+          }
+          if (msgType === "list_files") {
+            const files = this.buildFileTree();
+            this.wsSend(ws, { type: "file_list", files });
+            return;
+          }
+          if (msgType === "read_file") {
+            const filePath2 = msg["path"];
+            this.handleReadFile(ws, filePath2);
+            return;
+          }
+          if (!this.handler) return;
           if (msgType === "message" || msgType === "callback") {
+            const rawAttachments = msg["attachments"];
+            const attachments = rawAttachments?.length ? this.saveAttachments(rawAttachments) : void 0;
             const normalized = {
-              traceId: uuid(),
+              traceId: nanoid2(),
               channelId: "web",
               channelName: "Web Chat",
               userId: clientId,
               text: msgType === "callback" ? msg["data"] : msg["text"],
+              attachments,
               timestamp: /* @__PURE__ */ new Date(),
               metadata: {
                 isCallback: msgType === "callback"
@@ -1062,24 +2091,16 @@ var WebChatServer = class {
             await this.handler(normalized);
           }
         } catch (error) {
-          log7.error({ error }, "WS message handler failed");
+          log8.error({ error }, "WS message handler failed");
         }
       });
       ws.on("close", () => {
         this.connections.delete(clientId);
-        log7.debug({ userId: clientId }, "Web client disconnected");
+        log8.debug({ userId: clientId }, "Web client disconnected");
       });
       ws.on("error", (err) => {
-        log7.warn({ error: err.message, userId: clientId }, "WS error");
-      });
-    });
-    return new Promise((resolve, reject) => {
-      this.server.listen(this.port, () => {
-        this._connected = true;
-        log7.info({ port: this.port }, "Web chat server started");
-        resolve();
+        log8.warn({ error: err.message, userId: clientId }, "WS error");
       });
-      this.server.on("error", reject);
     });
   }
   async disconnect() {
@@ -1093,7 +2114,7 @@ var WebChatServer = class {
       else resolve();
     });
     this._connected = false;
-    log7.info("Web chat server stopped");
+    log8.info("Web chat server stopped");
   }
   async reconnect() {
     await this.disconnect();
@@ -1105,6 +2126,9 @@ var WebChatServer = class {
   onConnect(handler) {
     this.connectHandler = handler;
   }
+  onSettings(handler) {
+    this.settingsHandler = handler;
+  }
   async send(targetUserId, message) {
     if (message.card) {
       await this.sendCard(targetUserId, message.card);
@@ -1114,6 +2138,9 @@ var WebChatServer = class {
       this.wsSendTo(targetUserId, { type: "message", text: message.text });
     }
   }
+  sendToast(targetUserId, text, level = "info", id) {
+    this.wsSendTo(targetUserId, { type: "toast", text, level, ...id && { id } });
+  }
   async sendCard(targetUserId, card) {
     this.wsSendTo(targetUserId, {
       type: "card",
@@ -1138,28 +2165,154 @@ var WebChatServer = class {
   sendTyping(userId, active) {
     this.wsSendTo(userId, { type: "typing", active });
   }
+  sendStatus(userId, status) {
+    this.wsSendTo(userId, { type: "status", status });
+  }
+  sendReset(userId) {
+    this.wsSendTo(userId, { type: "reset" });
+  }
   sendClearInput(userId) {
     this.wsSendTo(userId, { type: "clear_input" });
   }
   sendSetInputType(userId, inputType) {
     this.wsSendTo(userId, { type: "set_input_type", inputType });
   }
+  sendSettingsState(userId, state) {
+    this.wsSendTo(userId, { type: "settings_state", ...state });
+  }
+  sendSettingsResult(userId, result) {
+    this.wsSendTo(userId, { type: "settings_result", ...result });
+  }
+  // ─── Tool Call Events ────────────────────────────────────────
+  sendToolCallStart(userId, id, name, args) {
+    this.wsSendTo(userId, { type: "tool_call_start", id, name, args });
+  }
+  sendToolCallEnd(userId, id, name, result, error, durationMs) {
+    this.wsSendTo(userId, { type: "tool_call_end", id, name, result, error, durationMs });
+  }
+  // ─── Log & Init Progress ────────────────────────────────────
+  sendLog(userId, entry) {
+    this.wsSendTo(userId, { type: "log", ...entry });
+  }
+  sendInitProgress(userId, step) {
+    this.wsSendTo(userId, { type: "init_progress", ...step });
+  }
+  // ─── Attachment Storage ────────────────────────────────────────
+  saveAttachments(rawAttachments) {
+    const uploadsDir = join7(homedir3(), ".dsclaw", "uploads");
+    mkdirSync6(uploadsDir, { recursive: true });
+    return rawAttachments.map((a) => {
+      const ext = a.mimeType.split("/")[1]?.replace("jpeg", "jpg") ?? "png";
+      const fileName = `${nanoid2()}.${ext}`;
+      const filePath2 = join7(uploadsDir, fileName);
+      const buffer = Buffer.from(a.data, "base64");
+      writeFileSync5(filePath2, buffer);
+      log8.info({ fileName, size: buffer.length }, "Saved attachment");
+      return {
+        type: "image",
+        url: `/uploads/${fileName}`,
+        data: buffer,
+        mimeType: a.mimeType,
+        fileName: a.name
+      };
+    });
+  }
+  // ─── File Browsing ───────────────────────────────────────────
+  buildFileTree() {
+    const configDir = join7(homedir3(), ".dsclaw");
+    if (!existsSync7(configDir)) return [];
+    const scanDir = (dirPath, depth = 0) => {
+      if (depth > 5) return [];
+      try {
+        const entries = readdirSync(dirPath, { withFileTypes: true });
+        return entries.filter((e) => !e.name.startsWith(".")).sort((a, b) => {
+          if (a.isDirectory() && !b.isDirectory()) return -1;
+          if (!a.isDirectory() && b.isDirectory()) return 1;
+          return a.name.localeCompare(b.name);
+        }).map((entry) => {
+          const fullPath = join7(dirPath, entry.name);
+          if (entry.isDirectory()) {
+            return {
+              name: entry.name,
+              path: fullPath,
+              type: "dir",
+              children: scanDir(fullPath, depth + 1)
+            };
+          }
+          let size;
+          try {
+            size = statSync(fullPath).size;
+          } catch {
+          }
+          return { name: entry.name, path: fullPath, type: "file", size };
+        });
+      } catch {
+        return [];
+      }
+    };
+    return scanDir(configDir);
+  }
+  static IMAGE_EXTS = /* @__PURE__ */ new Set([".png", ".jpg", ".jpeg", ".gif", ".webp", ".svg"]);
+  static IMAGE_MIME = {
+    ".png": "image/png",
+    ".jpg": "image/jpeg",
+    ".jpeg": "image/jpeg",
+    ".gif": "image/gif",
+    ".webp": "image/webp",
+    ".svg": "image/svg+xml"
+  };
+  handleReadFile(ws, filePath2) {
+    const configDir = join7(homedir3(), ".dsclaw");
+    if (!filePath2.startsWith(configDir)) {
+      this.wsSend(ws, { type: "file_content", path: filePath2, content: "[\u8BBF\u95EE\u88AB\u62D2\u7EDD\uFF1A\u53EA\u80FD\u8BFB\u53D6 ~/.dsclaw/ \u4E0B\u7684\u6587\u4EF6]" });
+      return;
+    }
+    try {
+      if (!existsSync7(filePath2) || !statSync(filePath2).isFile()) {
+        this.wsSend(ws, { type: "file_content", path: filePath2, content: "[\u6587\u4EF6\u4E0D\u5B58\u5728]" });
+        return;
+      }
+      const size = statSync(filePath2).size;
+      if (size > 2 * 1024 * 1024) {
+        this.wsSend(ws, { type: "file_content", path: filePath2, content: `[\u6587\u4EF6\u8FC7\u5927\uFF1A${(size / 1024).toFixed(0)}KB\uFF0C\u6700\u5927 2MB]` });
+        return;
+      }
+      const ext = extname(filePath2).toLowerCase();
+      if (_WebChatServer.IMAGE_EXTS.has(ext)) {
+        const buf = readFileSync5(filePath2);
+        const mime = _WebChatServer.IMAGE_MIME[ext] ?? "application/octet-stream";
+        const dataUrl = `data:${mime};base64,${buf.toString("base64")}`;
+        this.wsSend(ws, { type: "file_content", path: filePath2, content: dataUrl, isImage: true });
+        return;
+      }
+      const content = readFileSync5(filePath2, "utf-8");
+      this.wsSend(ws, { type: "file_content", path: filePath2, content });
+    } catch (err) {
+      const reason = err instanceof Error ? err.message : "unknown";
+      this.wsSend(ws, { type: "file_content", path: filePath2, content: `[\u8BFB\u53D6\u5931\u8D25\uFF1A${reason}]` });
+    }
+  }
   // ─── Internal ──────────────────────────────────────────────
   wsSendTo(userId, data) {
     const ws = this.connections.get(userId);
-    if (ws && ws.readyState === WebSocket.OPEN) {
+    if (ws && ws.readyState === WebSocket2.OPEN) {
       this.wsSend(ws, data);
     }
   }
   wsSend(ws, data) {
-    ws.send(JSON.stringify(data));
+    try {
+      ws.send(JSON.stringify(data));
+    } catch (err) {
+      log8.warn({ error: err instanceof Error ? err.message : String(err) }, "wsSend failed");
+    }
   }
 };
 
 // src/channels/telegram.ts
+init_logger();
 import { Bot, InlineKeyboard } from "grammy";
-import { v4 as uuid2 } from "uuid";
-var log8 = createLogger("channel:telegram");
+import { nanoid as nanoid3 } from "nanoid";
+var log9 = createLogger("channel:telegram");
 var TelegramAdapter = class {
   name = "telegram";
   bot = null;
@@ -1176,7 +2329,7 @@ var TelegramAdapter = class {
     this.bot.on("message:text", async (ctx) => {
       if (!this.handler) return;
       const normalized = {
-        traceId: uuid2(),
+        traceId: nanoid3(),
         channelId: "telegram",
         channelName: "Telegram",
         userId: String(ctx.from.id),
@@ -1191,7 +2344,7 @@ var TelegramAdapter = class {
       try {
         await this.handler(normalized);
       } catch (error) {
-        log8.error({ error, userId: normalized.userId }, "Message handler error");
+        log9.error({ error, userId: normalized.userId }, "Message handler error");
         await ctx.reply("Sorry, something went wrong. Please try again.");
       }
     });
@@ -1199,7 +2352,7 @@ var TelegramAdapter = class {
       if (!this.handler) return;
       await ctx.answerCallbackQuery();
       const normalized = {
-        traceId: uuid2(),
+        traceId: nanoid3(),
         channelId: "telegram",
         channelName: "Telegram",
         userId: String(ctx.from.id),
@@ -1214,30 +2367,30 @@ var TelegramAdapter = class {
       try {
         await this.handler(normalized);
       } catch (error) {
-        log8.error({ error }, "Callback handler error");
+        log9.error({ error }, "Callback handler error");
       }
     });
     this.bot.catch((err) => {
-      log8.error({ error: err.message }, "Bot error \u2014 reconnecting...");
+      log9.error({ error: err.message }, "Bot error \u2014 reconnecting...");
       this._connected = false;
       setTimeout(() => this.reconnect(), 5e3);
     });
     await this.bot.init();
-    log8.info({ botName: this.bot.botInfo.username }, "Telegram bot initialized");
+    log9.info({ botName: this.bot.botInfo.username }, "Telegram bot initialized");
     this.bot.start({
       onStart: () => {
         this._connected = true;
-        log8.info("Telegram bot polling started");
+        log9.info("Telegram bot polling started");
       }
     });
   }
   async disconnect() {
     this.bot?.stop();
     this._connected = false;
-    log8.info("Telegram bot disconnected");
+    log9.info("Telegram bot disconnected");
   }
   async reconnect() {
-    log8.info("Reconnecting Telegram bot...");
+    log9.info("Reconnecting Telegram bot...");
     await this.disconnect();
     await this.connect({ botToken: this.botToken });
   }
@@ -1275,30 +2428,31 @@ ${card.summary}`;
     try {
       await this.bot.api.deleteMessage(chatId, messageId);
     } catch (error) {
-      log8.warn({ chatId, messageId, error }, "Failed to delete message");
+      log9.warn({ chatId, messageId, error }, "Failed to delete message");
     }
   }
 };
 
 // src/memory/file-provider.ts
 import {
-  readFileSync as readFileSync5,
-  writeFileSync as writeFileSync4,
+  readFileSync as readFileSync6,
+  writeFileSync as writeFileSync6,
   appendFileSync as appendFileSync2,
-  existsSync as existsSync6,
-  mkdirSync as mkdirSync5,
-  readdirSync
+  existsSync as existsSync8,
+  mkdirSync as mkdirSync7,
+  readdirSync as readdirSync2
 } from "fs";
-import { join as join6 } from "path";
+import { join as join8 } from "path";
 import { randomUUID } from "crypto";
-var log9 = createLogger("memory:file");
-var MEMORY_DIR = join6(CONFIG_DIR, "memories");
+init_logger();
+var log10 = createLogger("memory:file");
+var MEMORY_DIR = join8(CONFIG_DIR, "memories");
 var FileMemoryProvider = class {
   name = "file";
   degraded = false;
   constructor() {
-    if (!existsSync6(MEMORY_DIR)) {
-      mkdirSync5(MEMORY_DIR, { recursive: true });
+    if (!existsSync8(MEMORY_DIR)) {
+      mkdirSync7(MEMORY_DIR, { recursive: true });
     }
   }
   async add(content, metadata) {
@@ -1313,7 +2467,7 @@ var FileMemoryProvider = class {
     };
     const file = this.userFile(metadata.userId);
     appendFileSync2(file, JSON.stringify(entry) + "\n");
-    log9.debug({ id, userId: metadata.userId }, "Memory added");
+    log10.debug({ id, userId: metadata.userId }, "Memory added");
     return id;
   }
   async search(query, filters) {
@@ -1322,25 +2476,25 @@ var FileMemoryProvider = class {
     if (keywords.length === 0) {
       return all.slice(0, filters.limit ?? 10);
     }
-    const scored = all.map((m) => {
-      const text = m.content.toLowerCase();
+    const scored = all.map((m2) => {
+      const text = m2.content.toLowerCase();
       const matchCount = keywords.filter((k) => text.includes(k)).length;
-      return { memory: m, score: matchCount / keywords.length };
+      return { memory: m2, score: matchCount / keywords.length };
     }).filter((s) => s.score > 0).sort((a, b) => b.score - a.score).slice(0, filters.limit ?? 10);
     return scored.map((s) => ({ ...s.memory, score: s.score }));
   }
   async getAll(filters) {
-    const files = filters.userId ? [this.userFile(filters.userId)] : readdirSync(MEMORY_DIR).filter((f) => f.endsWith(".jsonl")).map((f) => join6(MEMORY_DIR, f));
+    const files = filters.userId ? [this.userFile(filters.userId)] : readdirSync2(MEMORY_DIR).filter((f) => f.endsWith(".jsonl")).map((f) => join8(MEMORY_DIR, f));
     const results = [];
     for (const file of files) {
-      if (!existsSync6(file)) continue;
-      const lines = readFileSync5(file, "utf-8").split("\n").filter((l) => l.trim());
+      if (!existsSync8(file)) continue;
+      const lines = readFileSync6(file, "utf-8").split("\n").filter((l) => l.trim());
       for (const line of lines) {
         try {
           const stored = JSON.parse(line);
           if (filters.category && stored.metadata.category !== filters.category) continue;
           if (filters.sessionId && stored.metadata.sessionId !== filters.sessionId) continue;
-          if (filters.tags && filters.tags.length > 0 && !filters.tags.some((t) => stored.metadata.tags?.includes(t))) continue;
+          if (filters.tags && filters.tags.length > 0 && !filters.tags.some((t2) => stored.metadata.tags?.includes(t2))) continue;
           results.push({
             id: stored.id,
             content: stored.content,
@@ -1355,10 +2509,10 @@ var FileMemoryProvider = class {
     return results.slice(0, filters.limit ?? 100);
   }
   async update(id, content) {
-    const files = readdirSync(MEMORY_DIR).filter((f) => f.endsWith(".jsonl")).map((f) => join6(MEMORY_DIR, f));
+    const files = readdirSync2(MEMORY_DIR).filter((f) => f.endsWith(".jsonl")).map((f) => join8(MEMORY_DIR, f));
     for (const file of files) {
-      if (!existsSync6(file)) continue;
-      const lines = readFileSync5(file, "utf-8").split("\n").filter((l) => l.trim());
+      if (!existsSync8(file)) continue;
+      const lines = readFileSync6(file, "utf-8").split("\n").filter((l) => l.trim());
       const updated = lines.map((line) => {
         try {
           const stored = JSON.parse(line);
@@ -1371,14 +2525,14 @@ var FileMemoryProvider = class {
           return line;
         }
       });
-      writeFileSync4(file, updated.join("\n") + "\n");
+      writeFileSync6(file, updated.join("\n") + "\n");
     }
   }
   async delete(id) {
-    const files = readdirSync(MEMORY_DIR).filter((f) => f.endsWith(".jsonl")).map((f) => join6(MEMORY_DIR, f));
+    const files = readdirSync2(MEMORY_DIR).filter((f) => f.endsWith(".jsonl")).map((f) => join8(MEMORY_DIR, f));
     for (const file of files) {
-      if (!existsSync6(file)) continue;
-      const lines = readFileSync5(file, "utf-8").split("\n").filter((l) => l.trim());
+      if (!existsSync8(file)) continue;
+      const lines = readFileSync6(file, "utf-8").split("\n").filter((l) => l.trim());
       const filtered = lines.filter((line) => {
         try {
           const stored = JSON.parse(line);
@@ -1387,17 +2541,22 @@ var FileMemoryProvider = class {
           return true;
         }
       });
-      writeFileSync4(file, filtered.join("\n") + (filtered.length > 0 ? "\n" : ""));
+      writeFileSync6(file, filtered.join("\n") + (filtered.length > 0 ? "\n" : ""));
     }
   }
   userFile(userId) {
     const safe = userId.replace(/[^a-zA-Z0-9_-]/g, "_");
-    return join6(MEMORY_DIR, `${safe}.jsonl`);
+    return join8(MEMORY_DIR, `${safe}.jsonl`);
   }
 };
 
+// src/gateway/gateway.ts
+init_logger();
+init_tracer();
+
 // src/resilience/degradation.ts
-var log10 = createLogger("degradation");
+init_logger();
+var log11 = createLogger("degradation");
 var states = /* @__PURE__ */ new Map();
 function isDegraded(service) {
   return states.get(service)?.degraded ?? false;
@@ -1413,10 +2572,468 @@ function degradationMessage(service) {
   }
 }
 
+// src/context/token-counter.ts
+init_logger();
+var log12 = createLogger("context:token");
+var encode = null;
+function countTokens(text) {
+  try {
+    if (encode) return encode(text).length;
+  } catch {
+  }
+  return Math.ceil(text.length / 4);
+}
+
+// src/context/context-budget.ts
+init_logger();
+var log13 = createLogger("context:budget");
+var FALLBACK_MAX_MESSAGES = 20;
+var DEFAULT_BUDGET = {
+  contextWindow: 128e3,
+  systemPromptReserve: 8e3,
+  memoriesMax: 1e3,
+  toolResultsMax: 6e3,
+  compactionThreshold: 0.75
+};
+function allocateBudget(systemPrompt, memories, history, config = {}) {
+  const cfg = { ...DEFAULT_BUDGET, ...config };
+  try {
+    const systemTokens = systemPrompt ? countTokens(systemPrompt) : cfg.systemPromptReserve;
+    const memoriesTokens = memories ? Math.min(countTokens(memories), cfg.memoriesMax) : 0;
+    const historyBudget = cfg.contextWindow - systemTokens - memoriesTokens - cfg.toolResultsMax;
+    if (historyBudget <= 0) {
+      log13.warn({ systemTokens, memoriesTokens }, "No budget left for history");
+      return {
+        messages: [],
+        historyTokens: 0,
+        totalTokens: systemTokens + memoriesTokens,
+        remainingTokens: 0,
+        shouldCompact: true,
+        fallbackMode: false
+      };
+    }
+    const included = [];
+    let historyTokens = 0;
+    for (let i = history.length - 1; i >= 0; i--) {
+      const msgTokens = countTokens(history[i].content) + 4;
+      if (historyTokens + msgTokens > historyBudget) break;
+      included.unshift(history[i]);
+      historyTokens += msgTokens;
+    }
+    const totalTokens = systemTokens + memoriesTokens + historyTokens;
+    const threshold = cfg.contextWindow * cfg.compactionThreshold;
+    return {
+      messages: included,
+      historyTokens,
+      totalTokens,
+      remainingTokens: cfg.contextWindow - totalTokens,
+      shouldCompact: totalTokens >= threshold,
+      fallbackMode: false
+    };
+  } catch (err) {
+    log13.warn({ err }, "Budget allocation failed, using message-count fallback");
+    return {
+      messages: history.slice(-FALLBACK_MAX_MESSAGES),
+      historyTokens: 0,
+      totalTokens: 0,
+      remainingTokens: 0,
+      shouldCompact: false,
+      fallbackMode: true
+    };
+  }
+}
+
+// src/context/compaction.ts
+init_logger();
+var log14 = createLogger("context:compact");
+async function compactWithFlush(allMessages, keepCount, memory, userId) {
+  if (allMessages.length <= keepCount) {
+    return { messages: allMessages, removedCount: 0, factsExtracted: [] };
+  }
+  const evicted = allMessages.slice(0, allMessages.length - keepCount);
+  const kept = allMessages.slice(-keepCount);
+  const factsExtracted = [];
+  const facts = extractKeyFacts(evicted);
+  for (const fact of facts) {
+    try {
+      await memory.add(fact, {
+        userId,
+        category: "fact"
+      });
+      factsExtracted.push(fact);
+    } catch (err) {
+      log14.warn({ err, fact }, "Failed to save fact to memory");
+    }
+  }
+  log14.info(
+    {
+      userId,
+      evictedMessages: evicted.length,
+      keptMessages: kept.length,
+      factsExtracted: factsExtracted.length
+    },
+    "Pre-compaction flush complete"
+  );
+  return {
+    messages: kept,
+    removedCount: evicted.length,
+    factsExtracted
+  };
+}
+function extractKeyFacts(messages) {
+  const facts = [];
+  const fullText = messages.map((m2) => m2.content).join("\n");
+  const hasChinese = /[\u4e00-\u9fff]/.test(fullText);
+  const urlMatches = fullText.match(
+    /(?:aliexpress|alibaba|1688|accio|temu)\.com\S*/gi
+  );
+  if (urlMatches) {
+    const unique = [...new Set(urlMatches)].slice(0, 5);
+    facts.push(
+      hasChinese ? `\u7528\u6237\u66FE\u5BFC\u5165\u5546\u54C1\u94FE\u63A5\uFF1A${unique.join(", ")}` : `Product URLs imported: ${unique.join(", ")}`
+    );
+  }
+  const pricePatterns = fullText.match(
+    /(?:售价|定价|sell.*?price|pricing|set.*?price|markup|fixed.*?price).*?(?:\$[\d.]+|¥[\d.]+|[\d.]+\s*(?:元|美元|dollars?))/gi
+  );
+  if (pricePatterns) {
+    const unique = [...new Set(pricePatterns)].slice(0, 3);
+    facts.push(
+      hasChinese ? `\u5B9A\u4EF7\u76F8\u5173\uFF1A${unique.join("; ")}` : `Pricing decisions: ${unique.join("; ")}`
+    );
+  }
+  const storeMatches = fullText.match(
+    /(?:店铺|store|shop)\s*[:：]?\s*[\w\s-]{3,30}/gi
+  );
+  if (storeMatches) {
+    const unique = [...new Set(storeMatches)].slice(0, 3);
+    facts.push(
+      hasChinese ? `\u6D89\u53CA\u5E97\u94FA\uFF1A${unique.join(", ")}` : `Stores referenced: ${unique.join(", ")}`
+    );
+  }
+  const decisions = messages.filter((m2) => m2.role === "user").map((m2) => m2.content.trim()).filter(
+    (t2) => /^(好|确认|执行|推送|是|yes|ok|confirm|push|no|不|取消|算了|cancel|skip)/i.test(t2) && t2.length < 50
+  );
+  if (decisions.length > 0) {
+    facts.push(
+      hasChinese ? `\u7528\u6237\u51B3\u7B56\u8BB0\u5F55\uFF1A${decisions.slice(0, 5).join("; ")}` : `User decisions: ${decisions.slice(0, 5).join("; ")}`
+    );
+  }
+  for (const m2 of messages) {
+    if (m2.role !== "assistant") continue;
+    const summary = m2.content.match(
+      /(?:已导入|已推送|已修改|已更新|已删除|Imported|Pushed|Updated|Modified|Deleted|Set price|Changed title)\s*.{10,80}/
+    );
+    if (summary) {
+      facts.push(summary[0]);
+    }
+  }
+  return [...new Set(facts)].slice(0, 8);
+}
+
+// src/context/history-store.ts
+import {
+  readFileSync as readFileSync7,
+  writeFileSync as writeFileSync7,
+  existsSync as existsSync9,
+  mkdirSync as mkdirSync8,
+  renameSync as renameSync2
+} from "fs";
+import { join as join9 } from "path";
+import {
+  randomBytes as randomBytes2,
+  createCipheriv as createCipheriv2,
+  createDecipheriv as createDecipheriv2,
+  createHash as createHash3
+} from "crypto";
+import { hostname as hostname2, userInfo as userInfo2 } from "os";
+init_logger();
+var log15 = createLogger("context:history");
+var HISTORY_DIR = join9(CONFIG_DIR, "history");
+var MAX_LINES = 200;
+var KEEP_AFTER_ROTATE = 100;
+var ALG2 = "aes-256-gcm";
+var IV_LEN2 = 12;
+var TAG_LEN2 = 16;
+var KEY_SEED2 = "dsclaw-history-v1";
+function deriveKey2() {
+  let user = "";
+  try {
+    user = userInfo2().username;
+  } catch {
+    user = process.env["USER"] ?? process.env["USERNAME"] ?? "default";
+  }
+  return createHash3("sha256").update(`${KEY_SEED2}:${hostname2()}:${user}`).digest();
+}
+function encryptStr(data) {
+  const key = deriveKey2();
+  const iv = randomBytes2(IV_LEN2);
+  const cipher = createCipheriv2(ALG2, key, iv, { authTagLength: TAG_LEN2 });
+  const ct = Buffer.concat([cipher.update(data, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return Buffer.concat([iv, tag, ct]).toString("base64");
+}
+var cache = /* @__PURE__ */ new Map();
+function ensureDir() {
+  if (!existsSync9(HISTORY_DIR)) {
+    mkdirSync8(HISTORY_DIR, { recursive: true });
+  }
+}
+function filePath(sessionKey) {
+  const safe = sessionKey.replace(/[^a-zA-Z0-9_:-]/g, "_");
+  return join9(HISTORY_DIR, `${safe}.enc`);
+}
+function writeEncryptedFile(fp, messages) {
+  const json = JSON.stringify(messages);
+  const encrypted = encryptStr(json);
+  const tmp = fp + ".tmp";
+  writeFileSync7(tmp, encrypted);
+  renameSync2(tmp, fp);
+}
+function appendHistory(sessionKey, ...messages) {
+  const history = cache.get(sessionKey) ?? [];
+  for (const m2 of messages) {
+    history.push({ ...m2, ts: m2.ts ?? (/* @__PURE__ */ new Date()).toISOString() });
+  }
+  cache.set(sessionKey, history);
+  Promise.resolve().then(() => {
+    try {
+      ensureDir();
+      writeEncryptedFile(filePath(sessionKey), history);
+      if (history.length > MAX_LINES) {
+        rotateHistory(sessionKey);
+      }
+    } catch (err) {
+      log15.warn({ sessionKey, err }, "Failed to write history to disk");
+    }
+  });
+}
+function clearHistory(sessionKeyOrUserId) {
+  for (const key of cache.keys()) {
+    if (key === sessionKeyOrUserId || key.endsWith(`:${sessionKeyOrUserId}`)) {
+      cache.delete(key);
+    }
+  }
+}
+function rotateHistory(sessionKey) {
+  const history = cache.get(sessionKey);
+  if (!history || history.length <= MAX_LINES) return;
+  const trimmed = history.slice(-KEEP_AFTER_ROTATE);
+  cache.set(sessionKey, trimmed);
+  try {
+    writeEncryptedFile(filePath(sessionKey), trimmed);
+    log15.info(
+      { sessionKey, before: history.length, after: trimmed.length },
+      "History rotated"
+    );
+  } catch (err) {
+    log15.warn({ sessionKey, err }, "Failed to rotate history file");
+  }
+}
+
+// src/gateway/i18n.ts
+var m = {
+  // Rate limit
+  "gateway.rateLimit": {
+    en: "Too many messages. Please wait a moment.",
+    zh: "\u6D88\u606F\u8FC7\u4E8E\u9891\u7E41\uFF0C\u8BF7\u7A0D\u7B49\u7247\u523B\u3002"
+  },
+  // No API key (BUG-009)
+  "gateway.noApiKey.web": {
+    en: "Please configure your AI model API Key in \u2699\uFE0F Settings (top-right) before chatting.",
+    zh: "\u8BF7\u5148\u5728\u53F3\u4E0A\u89D2 \u2699\uFE0F \u8BBE\u7F6E\u4E2D\u914D\u7F6E AI \u6A21\u578B\u7684 API Key\uFF0C\u624D\u80FD\u5F00\u59CB\u5BF9\u8BDD\u3002"
+  },
+  "gateway.noApiKey.telegram": {
+    en: "Please configure your AI API key first. Send /reset to restart setup.",
+    zh: "\u8BF7\u5148\u914D\u7F6E AI API Key\u3002\u53D1\u9001 /reset \u91CD\u65B0\u8BBE\u7F6E\u3002"
+  },
+  // Welcome (Web)
+  "gateway.welcome.web": {
+    en: "Welcome to **DSClaw**! I'm your AI dropshipping assistant.\n\nClick the \u2699\uFE0F **Settings** button (top-right) to connect your **DSers account** and **AI provider**.\n\nOnce set up, I can help you:\n- Import products from AliExpress, Temu, 1688\n- Push to your Shopify / WooCommerce store\n- Manage orders, inventory, and pricing rules\n- ...all through this chat!",
+    zh: "\u6B22\u8FCE\u4F7F\u7528 **DSClaw**\uFF01\u6211\u662F\u4F60\u7684 AI \u4EE3\u53D1\u52A9\u624B\u3002\n\n\u70B9\u51FB\u53F3\u4E0A\u89D2 \u2699\uFE0F **\u8BBE\u7F6E** \u6309\u94AE\uFF0C\u8FDE\u63A5\u4F60\u7684 **DSers \u8D26\u53F7**\u548C **AI \u6A21\u578B**\u3002\n\n\u8BBE\u7F6E\u5B8C\u6210\u540E\uFF0C\u6211\u53EF\u4EE5\u5E2E\u4F60\uFF1A\n- \u4ECE AliExpress\u3001Temu\u30011688 \u5BFC\u5165\u5546\u54C1\n- \u63A8\u9001\u5230\u4F60\u7684 Shopify / WooCommerce \u5E97\u94FA\n- \u7BA1\u7406\u8BA2\u5355\u3001\u5E93\u5B58\u548C\u5B9A\u4EF7\u89C4\u5219\n- ...\u5168\u90E8\u901A\u8FC7\u5BF9\u8BDD\u5B8C\u6210\uFF01"
+  },
+  // Welcome (Telegram)
+  "gateway.welcome.telegram": {
+    en: "Welcome to *DSClaw*! I'm your AI assistant for dropshipping.\n\nI can help you:\n- Import products from AliExpress, Temu, 1688\n- Push products to your Shopify/WooCommerce store\n- Check inventory, pricing rules, and orders\n\nLet's get you set up. It takes about 1 minute.\n\n*Step 1/3:* What is your DSers account email?",
+    zh: "\u6B22\u8FCE\u4F7F\u7528 *DSClaw*\uFF01\u6211\u662F\u4F60\u7684 AI \u4EE3\u53D1\u52A9\u624B\u3002\n\n\u6211\u53EF\u4EE5\u5E2E\u4F60\uFF1A\n- \u4ECE AliExpress\u3001Temu\u30011688 \u5BFC\u5165\u5546\u54C1\n- \u63A8\u9001\u5230\u4F60\u7684 Shopify/WooCommerce \u5E97\u94FA\n- \u67E5\u8BE2\u5E93\u5B58\u3001\u5B9A\u4EF7\u89C4\u5219\u548C\u8BA2\u5355\n\n\u5F00\u59CB\u8BBE\u7F6E\u5427\uFF0C\u5927\u7EA6 1 \u5206\u949F\u3002\n\n*\u6B65\u9AA4 1/3\uFF1A* \u8BF7\u8F93\u5165\u4F60\u7684 DSers \u8D26\u53F7\u90AE\u7BB1\uFF1A"
+  },
+  // Ready — short toast version
+  "gateway.ready.toast": {
+    en: "All set! DSClaw is ready.",
+    zh: "\u8BBE\u7F6E\u5B8C\u6210\uFF01DSClaw \u5DF2\u51C6\u5907\u5C31\u7EEA\u3002"
+  },
+  // Ready (BUG-010)
+  "gateway.ready.web": {
+    en: `All set! DSClaw is ready.
+
+Try asking me:
+- "Show me my stores"
+- "What's in my import list?"
+- "Search for phone cases on AliExpress"
+
+Just type naturally!`,
+    zh: '\u8BBE\u7F6E\u5B8C\u6210\uFF01DSClaw \u5DF2\u51C6\u5907\u5C31\u7EEA\u3002\n\n\u8BD5\u8BD5\u5BF9\u6211\u8BF4\uFF1A\n- "\u5E2E\u6211\u770B\u770B\u6211\u7684\u5E97\u94FA"\n- "\u6211\u7684\u5BFC\u5165\u5217\u8868\u91CC\u6709\u4EC0\u4E48"\n- "\u4ECE\u901F\u5356\u901A\u641C\u7D22\u624B\u673A\u58F3"\n\n\u76F4\u63A5\u8F93\u5165\u5C31\u597D\uFF01'
+  },
+  "gateway.ready.telegram": {
+    en: `All set! DSClaw is ready.
+
+Try these:
+- "Show me my stores"
+- "What's in my import list?"
+- "Search for phone cases on AliExpress"
+- "Check my pricing rules"
+
+Just type naturally \u2014 I understand everyday language!`,
+    zh: '\u8BBE\u7F6E\u5B8C\u6210\uFF01DSClaw \u5DF2\u51C6\u5907\u5C31\u7EEA\u3002\n\n\u8BD5\u8BD5\u8FD9\u4E9B\uFF1A\n- "\u5E2E\u6211\u770B\u770B\u6211\u7684\u5E97\u94FA"\n- "\u6211\u7684\u5BFC\u5165\u5217\u8868\u91CC\u6709\u4EC0\u4E48"\n- "\u4ECE\u901F\u5356\u901A\u641C\u7D22\u624B\u673A\u58F3"\n- "\u67E5\u770B\u5B9A\u4EF7\u89C4\u5219"\n\n\u76F4\u63A5\u7528\u81EA\u7136\u8BED\u8A00\u8F93\u5165\u5C31\u597D\uFF01'
+  },
+  // Commands
+  "gateway.cmd.reset": {
+    en: "Conversation reset. DSers connection and AI config preserved.",
+    zh: "\u5BF9\u8BDD\u5DF2\u91CD\u7F6E\uFF0CDSers \u8FDE\u63A5\u548C AI \u914D\u7F6E\u5DF2\u4FDD\u7559\u3002"
+  },
+  "gateway.cmd.logout": {
+    en: "Logged out. All configuration cleared. Send any message to start over.",
+    zh: "\u5DF2\u5B8C\u5168\u767B\u51FA\uFF0C\u6240\u6709\u914D\u7F6E\u5DF2\u6E05\u9664\u3002\u53D1\u9001\u4EFB\u610F\u6D88\u606F\u91CD\u65B0\u5F00\u59CB\u3002"
+  },
+  "gateway.cmd.retryEmpty": {
+    en: "No message to retry.",
+    zh: "\u6CA1\u6709\u53EF\u91CD\u8BD5\u7684\u6D88\u606F\u3002"
+  },
+  // Errors
+  "gateway.error.generic": {
+    en: "Something went wrong, please try again.",
+    zh: "\u51FA\u4E86\u70B9\u95EE\u9898\uFF0C\u8BF7\u91CD\u8BD5\u3002"
+  },
+  "gateway.error.timeout": {
+    en: "Model response timed out, please try again later.",
+    zh: "\u6A21\u578B\u54CD\u5E94\u8D85\u65F6\uFF0C\u8BF7\u7A0D\u540E\u91CD\u8BD5\u3002"
+  },
+  "gateway.error.apiKey": {
+    en: "API key invalid or expired. Send /reset to reconfigure.",
+    zh: "API \u5BC6\u94A5\u65E0\u6548\u6216\u8FC7\u671F\uFF0C\u8BF7\u53D1\u9001 /reset \u91CD\u65B0\u914D\u7F6E\u3002"
+  },
+  "gateway.error.rateLimitLlm": {
+    en: "Too many requests, please wait a moment and try again.",
+    zh: "\u8BF7\u6C42\u8FC7\u4E8E\u9891\u7E41\uFF0C\u8BF7\u7A0D\u7B49\u7247\u523B\u518D\u8BD5\u3002"
+  },
+  "gateway.error.dsers": {
+    en: "DSers connection error, please send /reset to reconnect.",
+    zh: "DSers \u8FDE\u63A5\u5F02\u5E38\uFF0C\u8BF7\u53D1\u9001 /reset \u91CD\u65B0\u767B\u5F55\u3002"
+  },
+  // Stream errors
+  "gateway.stream.stageTimeout": {
+    en: "{{stage}} timed out \u2014 LLM may be slow or unreachable. Type /retry to retry.",
+    zh: "{{stage}}\u8D85\u65F6 \u2014 LLM \u670D\u52A1\u53EF\u80FD\u8F83\u6162\u6216\u4E0D\u53EF\u8FBE\u3002\u8F93\u5165 /retry \u91CD\u8BD5\u4E0A\u4E00\u6761\u6D88\u606F\u3002"
+  },
+  "gateway.stream.badApiKey": {
+    en: "API key may be invalid or expired. Send /reset to reconfigure.",
+    zh: "API key \u53EF\u80FD\u65E0\u6548\u6216\u5DF2\u8FC7\u671F\uFF0C\u8F93\u5165 /reset \u91CD\u65B0\u914D\u7F6E\u3002"
+  },
+  "gateway.stream.processFailed": {
+    en: "Processing error, please try again. Type /retry to retry.",
+    zh: "\u5904\u7406\u51FA\u9519\uFF0C\u8BF7\u7A0D\u540E\u91CD\u8BD5\u3002\u8F93\u5165 /retry \u91CD\u8BD5\u4E0A\u4E00\u6761\u6D88\u606F\u3002"
+  },
+  "gateway.stream.incomplete": {
+    en: "\u26A0\uFE0F Response incomplete, please retry.",
+    zh: "\u26A0\uFE0F \u54CD\u5E94\u672A\u5B8C\u6210\uFF0C\u8BF7\u91CD\u8BD5\u3002"
+  },
+  "gateway.stream.noReply": {
+    en: "\u26A0\uFE0F No model reply received, please retry.",
+    zh: "\u26A0\uFE0F \u672A\u6536\u5230\u6A21\u578B\u56DE\u590D\uFF0C\u8BF7\u91CD\u8BD5\u3002"
+  },
+  "gateway.stream.toolsNoText": {
+    en: "Completed {{count}} operations ({{names}}), but the model did not generate a summary. Let me know if you'd like to see the results.",
+    zh: "\u5DF2\u5B8C\u6210 {{count}} \u9879\u64CD\u4F5C\uFF08{{names}}\uFF09\uFF0C\u4F46\u6A21\u578B\u672A\u751F\u6210\u6587\u5B57\u603B\u7ED3\u3002\u5982\u9700\u67E5\u770B\u7ED3\u679C\u8BF7\u544A\u8BC9\u6211\u3002"
+  },
+  // Timeout stage names
+  "gateway.stage.llmConnection": { en: "LLM connection", zh: "LLM \u8FDE\u63A5" },
+  "gateway.stage.llmResponse": { en: "LLM response", zh: "LLM \u54CD\u5E94" },
+  "gateway.stage.rulesApply": { en: "Rules application", zh: "\u89C4\u5219\u5E94\u7528" },
+  "gateway.stage.productImport": { en: "Product import", zh: "\u5546\u54C1\u5BFC\u5165" },
+  "gateway.stage.processing": { en: "Processing", zh: "\u5904\u7406" },
+  // MCP
+  "gateway.mcp.unavailable": {
+    en: "\u26A0\uFE0F DSers connection issue: only basic search is available. Import/push/delete operations are unavailable. Try sending /reset to reconnect.",
+    zh: "\u26A0\uFE0F DSers \u8FDE\u63A5\u5F02\u5E38\uFF1A\u4EC5\u57FA\u7840\u641C\u7D22\u53EF\u7528\uFF0C\u5BFC\u5165/\u63A8\u9001/\u5220\u9664\u7B49\u64CD\u4F5C\u6682\u4E0D\u53EF\u7528\u3002\u8BF7\u5C1D\u8BD5\u53D1\u9001 /reset \u91CD\u65B0\u8FDE\u63A5\u3002"
+  },
+  // Onboarding
+  "gateway.onboard.invalidEmail": {
+    en: "That doesn't look like an email address. Please enter your DSers login email:",
+    zh: "\u8FD9\u4E0D\u50CF\u4E00\u4E2A\u90AE\u7BB1\u5730\u5740\u3002\u8BF7\u8F93\u5165\u4F60\u7684 DSers \u767B\u5F55\u90AE\u7BB1\uFF1A"
+  },
+  "gateway.onboard.passwordPrompt": {
+    en: "Got it!\n\n*Step 2/3:* Now enter your DSers password.",
+    zh: "\u6536\u5230\uFF01\n\n*\u6B65\u9AA4 2/3\uFF1A* \u8BF7\u8F93\u5165\u4F60\u7684 DSers \u5BC6\u7801\u3002"
+  },
+  "gateway.onboard.passwordPromptNote": {
+    en: "\n_(Your password is encrypted locally and never sent to any third party.)_",
+    zh: "\n_\uFF08\u5BC6\u7801\u52A0\u5BC6\u5B58\u50A8\u5728\u672C\u5730\uFF0C\u4E0D\u4F1A\u53D1\u9001\u7ED9\u7B2C\u4E09\u65B9\u3002\uFF09_"
+  },
+  "gateway.onboard.emptyPassword": {
+    en: "Password cannot be empty. Please try again:",
+    zh: "\u5BC6\u7801\u4E0D\u80FD\u4E3A\u7A7A\uFF0C\u8BF7\u91CD\u8BD5\uFF1A"
+  },
+  "gateway.onboard.verifying": {
+    en: "Verifying with DSers...",
+    zh: "\u6B63\u5728\u9A8C\u8BC1 DSers \u8D26\u53F7..."
+  },
+  "gateway.onboard.loginFailed": {
+    en: "Wrong email or password. Please re-enter your password:",
+    zh: "\u90AE\u7BB1\u6216\u5BC6\u7801\u9519\u8BEF\u3002\u8BF7\u91CD\u65B0\u8F93\u5165\u5BC6\u7801\uFF1A"
+  },
+  "gateway.onboard.loginFailedGeneric": {
+    en: "Login failed: {{error}}. Try again:",
+    zh: "\u767B\u5F55\u5931\u8D25\uFF1A{{error}}\u3002\u8BF7\u91CD\u8BD5\uFF1A"
+  },
+  "gateway.onboard.chooseProvider": {
+    en: "You chose *{{provider}}*. Now paste your API key below.",
+    zh: "\u4F60\u9009\u62E9\u4E86 *{{provider}}*\u3002\u8BF7\u5728\u4E0B\u65B9\u7C98\u8D34 API Key\u3002"
+  },
+  "gateway.onboard.invalidApiKey": {
+    en: "That doesn't look like a valid API key. Please paste your key:",
+    zh: "\u8FD9\u4E0D\u50CF\u4E00\u4E2A\u6709\u6548\u7684 API Key\u3002\u8BF7\u7C98\u8D34\u4F60\u7684 Key\uFF1A"
+  }
+};
+function t(key, lang, vars) {
+  const l = lang === "zh" ? "zh" : "en";
+  const tpl = m[key]?.[l] ?? m[key]?.en ?? key;
+  if (!vars) return tpl;
+  return tpl.replace(/\{\{(\w+)\}\}/g, (_, k) => String(vars[k] ?? ""));
+}
+
 // src/gateway/gateway.ts
-var log11 = createLogger("gateway");
+var log16 = createLogger("gateway");
+var SESSION_MAX_SIZE = 500;
+var SESSION_TTL_MS = 2 * 60 * 60 * 1e3;
 var sessionHistories = /* @__PURE__ */ new Map();
+var sessionLastAccess = /* @__PURE__ */ new Map();
 var MAX_HISTORY = 20;
+function touchSession(key) {
+  sessionLastAccess.set(key, Date.now());
+  if (sessionHistories.size > SESSION_MAX_SIZE) {
+    let oldest = "";
+    let oldestTs = Infinity;
+    for (const [k, ts] of sessionLastAccess) {
+      if (ts < oldestTs) {
+        oldest = k;
+        oldestTs = ts;
+      }
+    }
+    if (oldest) {
+      sessionHistories.delete(oldest);
+      sessionLastAccess.delete(oldest);
+    }
+  }
+}
+setInterval(() => {
+  const now = Date.now();
+  for (const [key, ts] of sessionLastAccess) {
+    if (now - ts > SESSION_TTL_MS) {
+      sessionHistories.delete(key);
+      sessionLastAccess.delete(key);
+    }
+  }
+}, 10 * 60 * 1e3).unref();
 function detectProviderFromKey(key) {
   if (key.startsWith("sk-ant-")) return "anthropic";
   if (key.startsWith("sk-")) return "openai";
@@ -1429,34 +3046,41 @@ var DSClawGateway = class {
   webChannel = null;
   memory;
   agents = /* @__PURE__ */ new Map();
+  jobStores = /* @__PURE__ */ new Map();
   dsersClients = /* @__PURE__ */ new Map();
+  lastUserMessages = /* @__PURE__ */ new Map();
   running = false;
   constructor(config) {
     this.config = config;
     this.memory = new FileMemoryProvider();
   }
+  getLang(session, channel) {
+    if (session.language === "zh" || session.language === "en") return session.language;
+    return channel instanceof WebChatServer ? "en" : "en";
+  }
   async start() {
-    log11.info("Starting DSClaw Gateway...");
+    log16.info("Starting DSClaw Gateway...");
     const web = new WebChatServer();
     web.onMessage((msg) => this.handleMessage(web, msg));
     web.onConnect((userId) => this.handleWebConnect(web, userId));
+    web.onSettings((userId, action, data) => this.handleSettingsMessage(web, userId, action, data));
     await web.connect({ port: this.config.port });
     this.webChannel = web;
     this.channels.push(web);
-    log11.info({ port: this.config.port }, "Web chat channel connected");
+    log16.info({ port: this.config.port }, "Web chat channel connected");
     if (this.config.telegramBotToken) {
       try {
         const tg = new TelegramAdapter();
         tg.onMessage((msg) => this.handleMessage(tg, msg));
         await tg.connect({ botToken: this.config.telegramBotToken });
         this.channels.push(tg);
-        log11.info("Telegram channel connected");
+        log16.info("Telegram channel connected");
       } catch (error) {
-        log11.warn({ error }, "Telegram failed to connect \u2014 web chat still available");
+        log16.warn({ error }, "Telegram failed to connect \u2014 web chat still available");
       }
     }
     this.running = true;
-    log11.info("DSClaw Gateway started");
+    log16.info("DSClaw Gateway started");
   }
   async handleMessage(channel, message) {
     await runWithTrace(
@@ -1468,14 +3092,14 @@ var DSClawGateway = class {
       async () => {
         const userId = message.userId;
         if (!checkInboundLimit(userId)) {
-          log11.warn({ userId }, "Rate limit exceeded");
-          await channel.send(userId, { text: "Too many messages. Please wait a moment." });
+          log16.warn({ userId }, "Rate limit exceeded");
+          await channel.send(userId, { text: t("gateway.rateLimit", loadSession(userId).language) });
           return;
         }
         await debounceUser(userId);
         const release = await acquireUserLock(userId);
+        const session = loadSession(userId);
         try {
-          const session = loadSession(userId);
           if (isOnboarding(session.state)) {
             await this.handleOnboarding(channel, message, session);
           } else {
@@ -1486,10 +3110,21 @@ var DSClawGateway = class {
             await this.handleReady(channel, message, session);
           }
         } catch (error) {
-          log11.error({ error, userId }, "Failed to handle message");
-          await channel.send(userId, {
-            text: "Something went wrong. Please try again."
-          });
+          log16.error({ error, userId }, "Failed to handle message");
+          let userMsg = t("gateway.error.generic", session.language);
+          if (error instanceof Error) {
+            const msg = error.message.toLowerCase();
+            if (msg.includes("timeout") || msg.includes("timed out")) {
+              userMsg = t("gateway.error.timeout", session.language);
+            } else if (msg.includes("401") || msg.includes("unauthorized") || msg.includes("api key")) {
+              userMsg = t("gateway.error.apiKey", session.language);
+            } else if (msg.includes("429") || msg.includes("rate limit")) {
+              userMsg = t("gateway.error.rateLimitLlm", session.language);
+            } else if (msg.includes("session") || msg.includes("dsers")) {
+              userMsg = t("gateway.error.dsers", session.language);
+            }
+          }
+          await channel.send(userId, { text: userMsg });
         } finally {
           release();
         }
@@ -1499,12 +3134,207 @@ var DSClawGateway = class {
   // ─── Auto-welcome on WebSocket connect ──────────────────────────
   handleWebConnect(channel, userId) {
     const session = loadSession(userId);
+    this.pushSettingsState(channel, userId, session);
     if (session.state === "new") {
       this.onboardWelcome(channel, userId, session).catch((err) => {
-        log11.error({ error: err, userId }, "Auto-welcome failed");
+        log16.error({ error: err, userId }, "Auto-welcome failed");
       });
     }
   }
+  // ─── Settings Panel (Web Only) ─────────────────────────────────
+  isDsersConnected(session) {
+    return !!session.dspiSessionId;
+  }
+  pushSettingsState(channel, userId, session) {
+    const dsersOk = this.isDsersConnected(session);
+    channel.sendSettingsState(userId, {
+      dsers: { configured: dsersOk, email: dsersOk ? session.dspiEmail : void 0 },
+      llm: { configured: !!session.llmApiKey, provider: session.llmProvider, baseUrl: session.llmBaseUrl },
+      ready: session.state === "ready"
+    });
+  }
+  async applyDSersSession(channel, userId, session, sessionId, sessionState) {
+    const dsersConfig = createDSersConfig(session.dspiEmail ?? "browser");
+    dsersConfig.sessionId = sessionId;
+    dsersConfig.sessionState = sessionState;
+    const client = new DSersClient(dsersConfig);
+    const info = await client.get("/account-user-bff/v1/users/info");
+    const data = info["data"];
+    const email = data?.["email"] ?? session.dspiEmail ?? "connected";
+    session.dspiEmail = email;
+    session.dspiSessionId = sessionId;
+    session.dspiSessionState = sessionState;
+    session.dspiPassword = void 0;
+    this.dsersClients.set(userId, client);
+    if (session.llmApiKey) {
+      session.state = "ready";
+    } else if (!["onboard_llm", "ready"].includes(session.state)) {
+      session.state = "onboard_llm";
+    }
+    saveSession(userId, session);
+    channel.sendSettingsResult(userId, { section: "dsers", success: true });
+    this.pushSettingsState(channel, userId, session);
+    if (session.state === "ready") {
+      await this.sendReadyMessage(channel, userId);
+    }
+    return true;
+  }
+  async triggerAuth(userId) {
+    if (isAuthInProgress()) {
+      return { success: false, reason: "in_progress" };
+    }
+    try {
+      const result = await loginViaCDP();
+      const session = loadSession(userId);
+      const dsersConfig = createDSersConfig(session.dspiEmail ?? "browser");
+      dsersConfig.sessionId = result.sessionId;
+      dsersConfig.sessionState = result.state;
+      const client = new DSersClient(dsersConfig);
+      const info = await client.get("/account-user-bff/v1/users/info");
+      const data = info?.["data"];
+      const email = data?.["email"] ?? "connected";
+      session.dspiEmail = email;
+      session.dspiSessionId = result.sessionId;
+      session.dspiSessionState = result.state;
+      session.dspiPassword = void 0;
+      if (session.llmApiKey) session.state = "ready";
+      saveSession(userId, session);
+      this.dsersClients.set(userId, client);
+      this.agents.delete(userId);
+      log16.info({ userId, email }, "triggerAuth succeeded \u2014 agent will be recreated on next message");
+      return { success: true, email };
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      log16.warn({ error: msg, userId }, "triggerAuth failed");
+      if (msg.includes("cancelled") || msg.includes("closed")) {
+        return { success: false, reason: "cancelled" };
+      }
+      if (msg.includes("timed out") || msg.includes("Timed out")) {
+        return { success: false, reason: "timeout" };
+      }
+      if (msg.includes("No Chromium") || msg.includes("browser found")) {
+        return { success: false, reason: "no_browser" };
+      }
+      return { success: false, reason: msg };
+    }
+  }
+  async handleSettingsMessage(channel, userId, action, data) {
+    const session = loadSession(userId);
+    switch (action) {
+      case "set_language": {
+        const lang = data["lang"];
+        if (lang === "en" || lang === "zh") {
+          session.language = lang;
+          saveSession(userId, session);
+        }
+        break;
+      }
+      case "get_settings":
+        this.pushSettingsState(channel, userId, session);
+        break;
+      case "start_dsers_auth": {
+        if (isAuthInProgress()) {
+          channel.sendSettingsResult(userId, { section: "dsers", success: false, error: "Auth already in progress." });
+          return;
+        }
+        channel.sendSettingsResult(userId, { section: "dsers_auth_started", success: true });
+        loginViaCDP().then(async (result) => {
+          const freshSession = loadSession(userId);
+          await this.applyDSersSession(channel, userId, freshSession, result.sessionId, result.state);
+        }).catch((error) => {
+          const msg = error instanceof Error ? error.message : "unknown error";
+          log16.warn({ error: msg, userId }, "Browser auth failed");
+          channel.sendSettingsResult(userId, { section: "dsers", success: false, error: msg });
+        });
+        break;
+      }
+      case "cancel_dsers_auth": {
+        cancelAuth();
+        channel.sendSettingsResult(userId, { section: "dsers_cancelled", success: true });
+        break;
+      }
+      case "save_dsers_session": {
+        const sessionId = data["sessionId"]?.trim();
+        const sessionState = data["state"]?.trim() ?? "";
+        if (!sessionId || sessionId.length < 10) {
+          channel.sendSettingsResult(userId, { section: "dsers", success: false, error: "Invalid session token." });
+          return;
+        }
+        try {
+          await this.applyDSersSession(channel, userId, session, sessionId, sessionState);
+        } catch {
+          channel.sendSettingsResult(userId, { section: "dsers", success: false, error: "Session token invalid or expired." });
+        }
+        break;
+      }
+      case "disconnect_dsers": {
+        session.dspiEmail = void 0;
+        session.dspiSessionId = void 0;
+        session.dspiSessionState = void 0;
+        session.state = "new";
+        saveSession(userId, session);
+        this.agents.delete(userId);
+        this.pushSettingsState(channel, userId, session);
+        break;
+      }
+      case "save_llm": {
+        let provider = data["provider"]?.trim();
+        const apiKey = data["apiKey"]?.trim();
+        let baseUrl = data["baseUrl"]?.trim() || void 0;
+        const model = data["model"]?.trim() || void 0;
+        if (baseUrl) {
+          if (!/^https?:\/\//i.test(baseUrl)) baseUrl = `https://${baseUrl}`;
+          baseUrl = baseUrl.replace(/\/+$/, "");
+          if (!/\/v\d/.test(baseUrl)) baseUrl += "/v1";
+        }
+        if (!apiKey || apiKey.length < 3) {
+          channel.sendSettingsResult(userId, { section: "llm", success: false, error: "Please enter a valid API key." });
+          return;
+        }
+        if (provider === "other" && !baseUrl) {
+          channel.sendSettingsResult(userId, { section: "llm", success: false, error: "Please enter the API base URL." });
+          return;
+        }
+        if (!provider) {
+          provider = detectProviderFromKey(apiKey) ?? "";
+        }
+        if (!provider) {
+          channel.sendSettingsResult(userId, { section: "llm", success: false, error: "Cannot detect provider. Please select one." });
+          return;
+        }
+        session.llmProvider = provider;
+        session.llmApiKey = apiKey;
+        session.llmBaseUrl = baseUrl;
+        session.llmModel = model || getDefaultModel(provider);
+        if (this.isDsersConnected(session)) {
+          session.state = "ready";
+        }
+        saveSession(userId, session);
+        this.agents.delete(userId);
+        channel.sendSettingsResult(userId, { section: "llm", success: true });
+        this.pushSettingsState(channel, userId, session);
+        if (session.state === "ready") {
+          await this.sendReadyMessage(channel, userId);
+        }
+        break;
+      }
+    }
+  }
+  async sendReadyMessage(channel, userId) {
+    const session = loadSession(userId);
+    if (channel instanceof WebChatServer) {
+      channel.sendToast(userId, t("gateway.ready.toast", session.language), "info", "sys-ready");
+    } else {
+      await channel.send(userId, { text: t("gateway.ready.telegram", session.language) });
+    }
+    writeAuditLog({
+      userId,
+      agentId: "gateway",
+      action: "onboarding_complete",
+      target: "user-session",
+      result: "success"
+    });
+  }
   // ─── Onboarding State Machine ─────────────────────────────────────
   async handleOnboarding(channel, message, session) {
     const userId = message.userId;
@@ -1528,15 +3358,16 @@ var DSClawGateway = class {
     }
   }
   async onboardWelcome(channel, userId, session) {
-    const welcome = "Welcome to *DSClaw*! I'm your AI assistant for dropshipping.\n\nI can help you:\n- Import products from AliExpress, Temu, 1688\n- Push products to your Shopify/WooCommerce store\n- Check inventory, pricing rules, and orders\n- ...all through this chat!\n\nLet's get you set up. It takes about 1 minute.\n\n*Step 1/3:* What is your DSers account email?";
+    const isWeb = channel instanceof WebChatServer;
+    const welcome = t(isWeb ? "gateway.welcome.web" : "gateway.welcome.telegram", session.language);
     await channel.send(userId, { text: welcome });
-    session.state = "onboard_dsers_email";
+    session.state = isWeb ? "ready" : "onboard_dsers_email";
     saveSession(userId, session);
   }
   async onboardEmail(channel, userId, text, session) {
     if (!text.includes("@") || !text.includes(".")) {
       await channel.send(userId, {
-        text: "That doesn't look like an email address. Please enter your DSers login email:"
+        text: t("gateway.onboard.invalidEmail", session.language)
       });
       return;
     }
@@ -1547,7 +3378,7 @@ var DSClawGateway = class {
       channel.sendSetInputType(userId, "password");
     }
     await channel.send(userId, {
-      text: "Got it!\n\n*Step 2/3:* Now enter your DSers password." + (channel instanceof WebChatServer ? "" : "\n_I will delete your message immediately for security._")
+      text: t("gateway.onboard.passwordPrompt", session.language) + (channel instanceof WebChatServer ? "" : t("gateway.onboard.passwordPromptNote", session.language))
     });
   }
   async onboardPassword(channel, message, session, isWeb) {
@@ -1563,19 +3394,20 @@ var DSClawGateway = class {
       );
     }
     if (password.length < 1) {
-      await channel.send(userId, { text: "Password cannot be empty. Please try again:" });
+      await channel.send(userId, { text: t("gateway.onboard.emptyPassword", session.language) });
       if (isWeb) channel.sendSetInputType(userId, "password");
       return;
     }
     session.dspiPassword = password;
     saveSession(userId, session);
-    await channel.send(userId, { text: "Verifying with DSers..." });
+    await channel.send(userId, { text: t("gateway.onboard.verifying", session.language) });
     try {
       const dsersConfig = createDSersConfig(session.dspiEmail, password);
       const client = new DSersClient(dsersConfig);
       await client.get("/account-user-bff/v1/users/info");
       this.dsersClients.set(userId, client);
       session.state = "onboard_llm";
+      session.dspiPassword = void 0;
       saveSession(userId, session);
       await channel.send(userId, {
         card: {
@@ -1593,7 +3425,7 @@ var DSClawGateway = class {
       session.state = "onboard_dsers_password";
       saveSession(userId, session);
       if (isWeb) channel.sendSetInputType(userId, "password");
-      const msg = error instanceof Error && error.message.includes("401") ? "Wrong email or password. Please re-enter your password:" : `Login failed: ${error instanceof Error ? error.message : "unknown error"}. Please try again:`;
+      const msg = error instanceof Error && error.message.includes("401") ? t("gateway.onboard.loginFailed", session.language) : t("gateway.onboard.loginFailedGeneric", session.language, { error: error instanceof Error ? error.message : "unknown error" });
       await channel.send(userId, { text: msg });
     }
   }
@@ -1607,7 +3439,7 @@ var DSClawGateway = class {
       const providerName = provider === "openai" ? "OpenAI" : provider === "anthropic" ? "Anthropic" : "Google";
       if (isWeb) channel.sendSetInputType(userId, "password");
       await channel.send(userId, {
-        text: `You chose *${providerName}*. Now paste your API key below.` + (isWeb ? "" : "\n_I will delete your message immediately._")
+        text: t("gateway.onboard.chooseProvider", session.language, { provider: providerName }) + (isWeb ? "" : "\n_I will delete your message immediately._")
       });
       return;
     }
@@ -1641,7 +3473,7 @@ var DSClawGateway = class {
       );
     }
     if (text.length < 10) {
-      await channel.send(userId, { text: "That doesn't look like a valid API key. Please paste your key:" });
+      await channel.send(userId, { text: t("gateway.onboard.invalidApiKey", session.language) });
       if (isWeb) channel.sendSetInputType(userId, "password");
       return;
     }
@@ -1650,15 +3482,7 @@ var DSClawGateway = class {
     session.state = "ready";
     saveSession(userId, session);
     await channel.send(userId, {
-      text: `All set! DSClaw is ready.
-
-Try these:
-- "Show me my stores"
-- "What's in my import list?"
-- "Search for phone cases on AliExpress"
-- "Check my pricing rules"
-
-Just type naturally \u2014 I understand everyday language!`
+      text: t("gateway.ready.telegram", session.language)
     });
     writeAuditLog({
       userId,
@@ -1671,22 +3495,94 @@ Just type naturally \u2014 I understand everyday language!`
   // ─── Ready State: Route to AI Agent ───────────────────────────────
   async handleReady(channel, message, session) {
     const userId = message.userId;
-    if (message.text.trim().toLowerCase() === "/reset") {
+    const cmd = message.text.trim().toLowerCase();
+    if (cmd === "/reset") {
+      this.agents.delete(userId);
+      this.lastUserMessages.delete(userId);
+      for (const key of sessionHistories.keys()) {
+        if (key.endsWith(`:${userId}`)) sessionHistories.delete(key);
+      }
+      clearHistory(userId);
+      const preserved = {
+        state: "ready",
+        dspiEmail: session.dspiEmail,
+        dspiSessionId: session.dspiSessionId,
+        dspiSessionState: session.dspiSessionState,
+        llmProvider: session.llmProvider,
+        llmApiKey: session.llmApiKey,
+        llmModel: session.llmModel,
+        llmBaseUrl: session.llmBaseUrl,
+        language: session.language
+      };
+      saveSession(userId, preserved);
+      if (channel instanceof WebChatServer) {
+        channel.sendReset(userId);
+        this.pushSettingsState(channel, userId, preserved);
+        channel.sendToast(userId, t("gateway.cmd.reset", session.language), "info", "sys-reset");
+      } else {
+        await channel.send(userId, { text: t("gateway.cmd.reset", session.language) });
+      }
+      return;
+    }
+    if (cmd === "/logout") {
       this.agents.delete(userId);
+      this.jobStores.delete(userId);
       this.dsersClients.delete(userId);
-      sessionHistories.delete(userId);
+      this.lastUserMessages.delete(userId);
+      for (const key of sessionHistories.keys()) {
+        if (key.endsWith(`:${userId}`)) sessionHistories.delete(key);
+      }
+      clearHistory(userId);
       saveSession(userId, { state: "new" });
-      await channel.send(userId, { text: "Account reset. Send any message to start over." });
+      if (channel instanceof WebChatServer) {
+        channel.sendReset(userId);
+        this.pushSettingsState(channel, userId, { state: "new" });
+        channel.sendToast(userId, t("gateway.cmd.logout", session.language), "info", "sys-logout");
+      } else {
+        await channel.send(userId, { text: t("gateway.cmd.logout", session.language) });
+      }
+      return;
+    }
+    if (cmd === "/retry") {
+      const lastMsg = this.lastUserMessages.get(userId);
+      if (!lastMsg) {
+        if (channel instanceof WebChatServer) {
+          channel.sendToast(userId, t("gateway.cmd.retryEmpty", session.language), "warn", "sys-retry-empty");
+        } else {
+          await channel.send(userId, { text: t("gateway.cmd.retryEmpty", session.language) });
+        }
+        return;
+      }
+      log16.info({ userId, retryText: lastMsg.slice(0, 80) }, "Retrying last message");
+      message = { ...message, text: lastMsg };
+    } else {
+      this.lastUserMessages.set(userId, message.text);
+    }
+    if (!session.llmApiKey) {
+      if (channel instanceof WebChatServer) {
+        channel.sendToast(userId, t("gateway.noApiKey.web", session.language), "warn", "sys-no-apikey");
+      } else {
+        await channel.send(userId, { text: t("gateway.noApiKey.telegram", session.language) });
+      }
       return;
     }
     const agent = this.getOrCreateAgent(userId, session);
     const sessionKey = `${channel.name}:${userId}`;
+    touchSession(sessionKey);
     const history = sessionHistories.get(sessionKey) ?? [];
+    const budget = allocateBudget("", "", history, {});
+    const budgetedHistory = budget.fallbackMode ? history.slice(-MAX_HISTORY) : budget.messages;
+    if (budget.shouldCompact && !budget.fallbackMode) {
+      log16.info(
+        { sessionKey, totalTokens: budget.totalTokens, remaining: budget.remainingTokens },
+        "Context nearing limit \u2014 consider compaction"
+      );
+    }
     const context = {
       userId,
       sessionId: sessionKey,
       channelId: channel.name,
-      history: history.slice(-MAX_HISTORY)
+      history: budgetedHistory
     };
     writeAuditLog({
       userId,
@@ -1698,12 +3594,12 @@ Just type naturally \u2014 I understand everyday language!`
     });
     try {
       if (channel instanceof WebChatServer) {
-        await this.handleReadyStreaming(channel, userId, message.text, agent, context, history, sessionKey);
+        await this.handleReadyStreaming(channel, userId, message.text, agent, context, history, sessionKey, session, message.attachments);
       } else {
         await this.handleReadyBatch(channel, userId, message.text, agent, context, history, sessionKey);
       }
     } catch (error) {
-      log11.error({ error, userId }, "Agent processing failed");
+      log16.error({ error, userId }, "Agent processing failed");
       writeAuditLog({
         userId,
         agentId: agent.id,
@@ -1712,31 +3608,164 @@ Just type naturally \u2014 I understand everyday language!`
         result: "failed",
         error: error instanceof Error ? error.message : String(error)
       });
+      if (channel instanceof WebChatServer) {
+        channel.sendTyping(userId, false);
+        channel.sendStatus(userId, "");
+        channel.sendLog(userId, {
+          level: "error",
+          module: "gateway",
+          msg: `Error: ${error instanceof Error ? error.message : String(error)}`,
+          ts: (/* @__PURE__ */ new Date()).toISOString()
+        });
+      }
       const errMsg = error instanceof Error ? error.message : "";
-      if (errMsg.includes("401") || errMsg.includes("API key")) {
+      if (errMsg.includes("timed out")) {
+        const stage = errMsg.includes("LLM init") ? t("gateway.stage.llmConnection", session.language) : errMsg.includes("LLM response") ? t("gateway.stage.llmResponse", session.language) : errMsg.includes("Rule reapply") ? t("gateway.stage.rulesApply", session.language) : errMsg.includes("Product import") ? t("gateway.stage.productImport", session.language) : t("gateway.stage.processing", session.language);
+        await channel.send(userId, {
+          text: t("gateway.stream.stageTimeout", session.language, { stage })
+        });
+      } else if (errMsg.includes("401") || errMsg.includes("API key")) {
         await channel.send(userId, {
-          text: "Your API key may be invalid or expired. Send /reset to reconfigure."
+          text: t("gateway.stream.badApiKey", session.language)
         });
       } else {
         await channel.send(userId, {
-          text: "I'm having trouble right now. Please try again in a moment."
+          text: t("gateway.stream.processFailed", session.language)
         });
       }
     }
   }
-  async handleReadyStreaming(channel, userId, text, agent, context, history, sessionKey) {
+  async handleReadyStreaming(channel, userId, text, agent, context, history, sessionKey, session, attachments) {
     channel.sendTyping(userId, true);
-    const { textStream, response } = agent.processStream(text, context);
-    channel.sendTyping(userId, false);
-    channel.sendStreamStart(userId);
-    for await (const delta of textStream) {
-      channel.sendStreamDelta(userId, delta);
-    }
-    channel.sendStreamEnd(userId);
-    const result = await response;
+    channel.sendStatus(userId, "Thinking...");
+    const ts = () => (/* @__PURE__ */ new Date()).toISOString();
+    channel.sendLog(userId, { level: "info", module: "gateway", msg: `Processing: "${text.slice(0, 80)}"`, ts: ts() });
+    const imageAttachments = attachments?.filter((a) => a.type === "image").map((a) => ({ url: a.url ?? "", data: a.data, mimeType: a.mimeType ?? "image/png" }));
+    const runningTools = /* @__PURE__ */ new Map();
+    let resolveToolsSettled = null;
+    const toolsSettled = new Promise((r) => {
+      resolveToolsSettled = r;
+    });
+    const { textStream, response } = agent.processStream(
+      text,
+      context,
+      (status) => {
+        channel.sendStatus(userId, status);
+      },
+      {
+        onToolCall: (id, name, args) => {
+          runningTools.set(id, { name, startedAt: Date.now() });
+          channel.sendToolCallStart(userId, id, name, args);
+          channel.sendLog(userId, { level: "info", module: "agent", msg: `Tool call: ${name}`, ts: ts() });
+        },
+        onToolResult: (id, name, result2, error, durationMs) => {
+          runningTools.delete(id);
+          channel.sendToolCallEnd(userId, id, name, result2, error, durationMs);
+          channel.sendLog(userId, {
+            level: error ? "error" : "info",
+            module: "agent",
+            msg: `Tool ${name} ${error ? "failed" : "done"} (${durationMs}ms)`,
+            ts: ts()
+          });
+          if (runningTools.size === 0 && resolveToolsSettled) resolveToolsSettled();
+        }
+      },
+      imageAttachments?.length ? imageAttachments : void 0
+    );
+    let streamStarted = false;
+    try {
+      for await (const chunk of textStream) {
+        if (!streamStarted) {
+          channel.sendTyping(userId, false);
+          channel.sendStatus(userId, "");
+          channel.sendStreamStart(userId);
+          streamStarted = true;
+        }
+        channel.sendStreamDelta(userId, chunk);
+      }
+    } catch (streamErr) {
+      log16.error({ error: streamErr, userId }, "Stream iteration failed");
+      if (streamStarted) {
+        const errMsg = streamErr instanceof Error ? streamErr.message : "Unknown error";
+        channel.sendStreamDelta(userId, `
+
+\u26A0\uFE0F ${errMsg}`);
+      } else {
+        response.catch(() => {
+        });
+        throw streamErr;
+      }
+    } finally {
+      if (runningTools.size > 0) {
+        try {
+          await Promise.race([toolsSettled, new Promise((r) => setTimeout(r, 15e3))]);
+        } catch {
+        }
+      }
+      for (const [id, info] of runningTools) {
+        const elapsed = Date.now() - info.startedAt;
+        channel.sendToolCallEnd(userId, id, info.name, void 0, "Aborted (stream terminated)", elapsed);
+      }
+      runningTools.clear();
+      if (!streamStarted) {
+        channel.sendTyping(userId, false);
+        channel.sendStatus(userId, "");
+      }
+      channel.sendStreamEnd(userId);
+    }
+    log16.info({ userId, streamStarted }, "Stream loop finished, awaiting response finalization");
+    let result;
+    try {
+      result = await Promise.race([
+        response,
+        new Promise(
+          (_, reject) => setTimeout(() => reject(new Error("Response finalization timed out")), 6e4)
+        )
+      ]);
+    } catch (finalErr) {
+      log16.warn({ error: finalErr, userId }, "Response finalization failed \u2014 saving partial history");
+      history.push({ role: "user", content: text });
+      history.push({ role: "assistant", content: "(response incomplete)" });
+      sessionHistories.set(sessionKey, history.slice(-MAX_HISTORY * 2));
+      if (!streamStarted && channel instanceof WebChatServer) {
+        await channel.send(userId, { text: t("gateway.stream.incomplete", session.language) });
+      }
+      return;
+    }
+    const textLen = result.text?.length ?? 0;
+    const toolCallCount = result.toolCalls?.length ?? 0;
+    log16.info({ userId, textLen, toolCallCount }, "Response finalized");
+    if (!streamStarted && channel instanceof WebChatServer) {
+      if (result.text) {
+        await channel.send(userId, { text: result.text });
+      } else if (toolCallCount > 0) {
+        const names = result.toolCalls.map((tc) => tc.tool).join(", ");
+        await channel.send(userId, {
+          text: t("gateway.stream.toolsNoText", session.language, { count: toolCallCount, names })
+        });
+      } else {
+        await channel.send(userId, { text: t("gateway.stream.noReply", session.language) });
+      }
+    }
     history.push({ role: "user", content: text });
-    history.push({ role: "assistant", content: result.text });
-    sessionHistories.set(sessionKey, history.slice(-MAX_HISTORY * 2));
+    history.push({ role: "assistant", content: result.text || "(tool calls completed)" });
+    const postBudget = allocateBudget("", "", history, {});
+    if (postBudget.shouldCompact && !postBudget.fallbackMode) {
+      const compacted = await compactWithFlush(
+        history,
+        MAX_HISTORY * 2,
+        this.memory,
+        userId
+      );
+      sessionHistories.set(sessionKey, compacted.messages);
+    } else {
+      sessionHistories.set(sessionKey, history.slice(-MAX_HISTORY * 2));
+    }
+    appendHistory(
+      sessionKey,
+      { role: "user", content: text },
+      { role: "assistant", content: result.text }
+    );
     writeAuditLog({
       userId,
       agentId: agent.id,
@@ -1754,7 +3783,23 @@ Just type naturally \u2014 I understand everyday language!`
     const result = await agent.process(text, context);
     history.push({ role: "user", content: text });
     history.push({ role: "assistant", content: result.text });
-    sessionHistories.set(sessionKey, history.slice(-MAX_HISTORY * 2));
+    const postBudget = allocateBudget("", "", history, {});
+    if (postBudget.shouldCompact && !postBudget.fallbackMode) {
+      const compacted = await compactWithFlush(
+        history,
+        MAX_HISTORY * 2,
+        this.memory,
+        userId
+      );
+      sessionHistories.set(sessionKey, compacted.messages);
+    } else {
+      sessionHistories.set(sessionKey, history.slice(-MAX_HISTORY * 2));
+    }
+    appendHistory(
+      sessionKey,
+      { role: "user", content: text },
+      { role: "assistant", content: result.text }
+    );
     if (result.text) {
       await channel.send(userId, { text: result.text });
     }
@@ -1773,68 +3818,196 @@ Just type naturally \u2014 I understand everyday language!`
   getOrCreateAgent(userId, session) {
     let agent = this.agents.get(userId);
     if (agent) return agent;
-    const dsersConfig = createDSersConfig(
-      session.dspiEmail,
-      session.dspiPassword
-    );
+    const dsersConfig = createDSersConfig(session.dspiEmail ?? "unknown");
+    if (session.dspiSessionId) {
+      dsersConfig.sessionId = session.dspiSessionId;
+      dsersConfig.sessionState = session.dspiSessionState ?? "";
+    }
     const dsersClient = new DSersClient(dsersConfig);
     this.dsersClients.set(userId, dsersClient);
     const llm = {
       provider: session.llmProvider,
       apiKey: session.llmApiKey,
-      model: session.llmModel ?? getDefaultModel(session.llmProvider)
+      model: session.llmModel ?? getDefaultModel(session.llmProvider),
+      baseUrl: session.llmBaseUrl
     };
-    agent = new DSClawCoreAgent(dsersClient, this.memory, llm);
+    const dsersSession = session.dspiSessionId ? { sessionId: session.dspiSessionId, state: session.dspiSessionState ?? "" } : void 0;
+    const authCb = () => this.triggerAuth(userId);
+    let jobStore = this.jobStores.get(userId);
+    if (!jobStore) {
+      jobStore = new MemoryJobStore2();
+      this.jobStores.set(userId, jobStore);
+    }
+    agent = new DSClawCoreAgent(dsersClient, this.memory, llm, dsersSession, authCb, jobStore);
     this.agents.set(userId, agent);
+    if (!agent.mcpAvailable) {
+      log16.warn({ userId }, "MCP unavailable for agent \u2014 notifying user");
+      for (const ch of this.channels) {
+        ch.send(userId, {
+          text: t("gateway.mcp.unavailable", session.language)
+        }).catch(() => {
+        });
+      }
+    }
     return agent;
   }
   async stop() {
-    log11.info("Stopping DSClaw Gateway...");
+    log16.info("Stopping DSClaw Gateway...");
     for (const ch of this.channels) {
       await ch.disconnect();
     }
     this.running = false;
-    log11.info("DSClaw Gateway stopped");
+    log16.info("DSClaw Gateway stopped");
   }
   isRunning() {
     return this.running;
   }
+  get actualPort() {
+    return this.webChannel?.actualPort ?? this.config.port;
+  }
 };
 
-// src/cli/start.ts
-var log12 = createLogger("cli:start");
+// src/cli/pid.ts
+import { readFileSync as readFileSync8, writeFileSync as writeFileSync8, unlinkSync as unlinkSync2, existsSync as existsSync10 } from "fs";
+import { join as join10 } from "path";
+var PID_PATH = join10(CONFIG_DIR, "dsclaw.pid");
+function writePid(port) {
+  ensureConfigDir();
+  const info = {
+    pid: process.pid,
+    port,
+    startedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  writeFileSync8(PID_PATH, JSON.stringify(info, null, 2), { mode: 384 });
+}
+function readPid() {
+  if (!existsSync10(PID_PATH)) return null;
+  try {
+    const raw = readFileSync8(PID_PATH, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+function removePid() {
+  try {
+    if (existsSync10(PID_PATH)) unlinkSync2(PID_PATH);
+  } catch {
+  }
+}
+function isProcessAlive(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function getRunningInstance() {
+  const info = readPid();
+  if (!info) return null;
+  if (isProcessAlive(info.pid)) return info;
+  removePid();
+  return null;
+}
+
+// src/shared/open-browser.ts
+var BROWSERS_PRIORITY = [
+  "Google Chrome",
+  "Arc",
+  "Firefox",
+  "Brave Browser",
+  "Microsoft Edge",
+  "Opera",
+  "Vivaldi",
+  "Safari"
+];
 async function openBrowser(url) {
   const { exec } = await import("child_process");
-  const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
-  exec(`${cmd} ${url}`, () => {
-  });
+  if (process.platform === "darwin") {
+    exec(
+      `osascript -e 'tell application "System Events" to get name of every application process whose visible is true'`,
+      (err, stdout) => {
+        if (err || !stdout) {
+          exec(`open "${url}"`, () => {
+          });
+          return;
+        }
+        const apps = stdout.trim();
+        const found = BROWSERS_PRIORITY.find((b) => apps.includes(b));
+        if (found) {
+          const script = `tell application "${found}"
+  open location "${url}"
+  activate
+end tell`;
+          exec(`osascript -e '${script}'`, () => {
+          });
+        } else {
+          exec(`open "${url}"`, () => {
+          });
+        }
+      }
+    );
+  } else if (process.platform === "win32") {
+    exec(`start "" "${url}"`, () => {
+    });
+  } else {
+    exec(`xdg-open "${url}"`, () => {
+    });
+  }
 }
+
+// src/cli/start.ts
+init_logger();
+var log17 = createLogger("cli:start");
 async function startCommand(opts) {
   try {
+    const existing = getRunningInstance();
+    if (existing) {
+      const url2 = `http://localhost:${existing.port}`;
+      console.log(`
+  DSClaw is already running (PID ${existing.pid}, port ${existing.port})`);
+      console.log(`  Opening: ${url2}
+`);
+      if (opts.open !== false) await openBrowser(url2);
+      return;
+    }
     const config = loadConfig(opts.config);
-    const url = `http://localhost:${config.port}`;
-    console.log("\n  DSClaw");
-    console.log(`  Web Chat:  ${url}`);
+    console.log("\n  DSClaw starting...\n");
+    const gateway = new DSClawGateway(config);
+    await gateway.start();
+    const port = gateway.actualPort;
+    const url = `http://localhost:${port}`;
+    writePid(port);
     if (config.telegramBotToken) {
       console.log("  Telegram:  enabled");
     }
-    console.log();
-    const gateway = new DSClawGateway(config);
-    await gateway.start();
+    console.log(`
+  DSClaw is running!
+`);
+    console.log(`  \u279C  ${url}
+`);
+    console.log(`  Stop with: dsclaw stop
+`);
     if (opts.open !== false) {
       await openBrowser(url);
     }
-    console.log(`  DSClaw is running \u2014 chat at ${url}
-`);
+    let shuttingDown = false;
     const shutdown = async () => {
-      log12.info("Shutting down gracefully...");
+      if (shuttingDown) return;
+      shuttingDown = true;
+      console.log("\n  Shutting down...");
+      log17.info("Shutting down gracefully...");
+      removePid();
       await gateway.stop();
       process.exit(0);
     };
     process.on("SIGINT", shutdown);
     process.on("SIGTERM", shutdown);
+    process.on("exit", () => removePid());
   } catch (error) {
-    log12.fatal({ error }, "Failed to start");
+    removePid();
+    log17.fatal({ error }, "Failed to start");
     console.error(
       `
   Failed to start: ${error instanceof Error ? error.message : error}`
@@ -1843,6 +4016,108 @@ async function startCommand(opts) {
   }
 }
 
+// src/cli/stop.ts
+function sleep2(ms) {
+  return new Promise((r) => setTimeout(r, ms));
+}
+async function stopCommand() {
+  const info = getRunningInstance();
+  if (!info) {
+    console.log("\n  DSClaw is not running.\n");
+    return;
+  }
+  console.log(`
+  Stopping DSClaw (PID ${info.pid}, port ${info.port})...`);
+  try {
+    process.kill(info.pid, "SIGTERM");
+  } catch {
+    console.log("  Process already gone \u2014 cleaning up PID file.");
+    removePid();
+    return;
+  }
+  for (let i = 0; i < 10; i++) {
+    await sleep2(500);
+    if (!isProcessAlive(info.pid)) {
+      removePid();
+      console.log("  Stopped.\n");
+      return;
+    }
+  }
+  try {
+    process.kill(info.pid, "SIGKILL");
+  } catch {
+  }
+  removePid();
+  console.log("  Force-killed.\n");
+}
+
+// src/cli/status.ts
+function statusCommand() {
+  const info = getRunningInstance();
+  if (!info) {
+    console.log("\n  DSClaw is not running.");
+    console.log("  Start with: dsclaw start\n");
+    return;
+  }
+  const uptime = Date.now() - new Date(info.startedAt).getTime();
+  const mins = Math.floor(uptime / 6e4);
+  const hrs = Math.floor(mins / 60);
+  const uptimeStr = hrs > 0 ? `${hrs}h ${mins % 60}m` : mins > 0 ? `${mins}m` : "<1m";
+  console.log("\n  DSClaw is running");
+  console.log(`  PID:     ${info.pid}`);
+  console.log(`  Port:    ${info.port}`);
+  console.log(`  Uptime:  ${uptimeStr}`);
+  console.log(`  Chat:    http://localhost:${info.port}`);
+  console.log(`
+  Stop with: dsclaw stop
+`);
+}
+
+// src/cli/reset.ts
+import { existsSync as existsSync11, readdirSync as readdirSync3, unlinkSync as unlinkSync3 } from "fs";
+import { join as join11 } from "path";
+function resetCommand(opts) {
+  const running = getRunningInstance();
+  if (running) {
+    console.log(`
+  DSClaw is still running (PID ${running.pid}).`);
+    console.log("  Please run `dsclaw stop` first.\n");
+    return;
+  }
+  const sessionsDir = join11(CONFIG_DIR, "sessions");
+  let cleared = 0;
+  if (existsSync11(sessionsDir)) {
+    const files = readdirSync3(sessionsDir);
+    for (const f of files) {
+      try {
+        unlinkSync3(join11(sessionsDir, f));
+        cleared++;
+      } catch {
+      }
+    }
+  }
+  console.log(`
+  Cleared ${cleared} session(s).`);
+  if (opts.hard) {
+    if (existsSync11(CONFIG_PATH)) {
+      try {
+        unlinkSync3(CONFIG_PATH);
+        console.log("  Deleted config file.");
+      } catch {
+        console.log("  Failed to delete config file.");
+      }
+    }
+    const pidPath = join11(CONFIG_DIR, "dsclaw.pid");
+    if (existsSync11(pidPath)) {
+      try {
+        unlinkSync3(pidPath);
+      } catch {
+      }
+    }
+  }
+  console.log("  Next run will start fresh onboarding.\n");
+}
+
 // src/cli/doctor.ts
 async function doctorCommand() {
   console.log("\n  DSClaw Doctor\n");
@@ -1909,26 +4184,13 @@ async function doctorCommand() {
 
 // src/cli/index.ts
 var program = new Command();
-program.name("dsclaw").description("AI-powered dropshipping agent \u2014 chat with your DSers store.").version("0.1.3");
+program.name("dsclaw").description("AI-powered dropshipping agent \u2014 chat with your DSers store.").version("0.1.4");
 program.action(() => startCommand({}));
 program.command("init").description("Setup wizard \u2014 configure Telegram (optional)").action(initCommand);
 program.command("start").description("Start the DSClaw bot").option("-c, --config <path>", "Path to config file").option("--no-open", "Don't auto-open browser").action(startCommand);
-program.command("stop").description("Stop the DSClaw bot (PM2)").action(async () => {
-  const { execSync } = await import("child_process");
-  try {
-    execSync("pm2 stop dsclaw", { stdio: "inherit" });
-  } catch {
-    console.log("  Bot is not running or PM2 is not installed.");
-  }
-});
-program.command("status").description("Show bot status").action(async () => {
-  const { execSync } = await import("child_process");
-  try {
-    execSync("pm2 describe dsclaw", { stdio: "inherit" });
-  } catch {
-    console.log("  Bot is not running. Start with: dsclaw start");
-  }
-});
+program.command("stop").description("Stop the running DSClaw instance").action(stopCommand);
+program.command("status").description("Show whether DSClaw is running").action(statusCommand);
+program.command("reset").description("Clear all session data (re-do onboarding)").option("--hard", "Also delete config file").action(resetCommand);
 program.command("doctor").description("Verify configuration").action(doctorCommand);
 program.parse();
 //# sourceMappingURL=index.js.map