flockbay 0.10.15 → 0.10.16

package/dist/{types-C-jnUdn_.cjs → types-SUAKq-K0.cjs}

@@ -1,18 +1,16 @@
 'use strict';
 
 var axios = require('axios');
-var chalk = require('chalk');
-var fs$2 = require('fs');
 var fs = require('node:fs');
 var os = require('node:os');
 var path = require('node:path');
-var fs$1 = require('node:fs/promises');
-var z = require('zod');
-var node_crypto = require('node:crypto');
-var tweetnacl = require('tweetnacl');
 var node_events = require('node:events');
+var node_crypto = require('node:crypto');
 var socket_ioClient = require('socket.io-client');
-var node_child_process = require('node:child_process');
+var chalk = require('chalk');
+var fs$2 = require('fs');
+var fs$1 = require('node:fs/promises');
+var z = require('zod');
 var child_process = require('child_process');
 var fs$3 = require('fs/promises');
 var crypto = require('crypto');
@@ -21,7 +19,7 @@ var url = require('url');
 var process$1 = require('node:process');
 var os$1 = require('os');
 var net = require('node:net');
-var expoServerSdk = require('expo-server-sdk');
+var node_child_process = require('node:child_process');
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 function _interopNamespaceDefault(e) {
@@ -44,7 +42,7 @@ function _interopNamespaceDefault(e) {
 var z__namespace = /*#__PURE__*/_interopNamespaceDefault(z);
 
 var name = "flockbay";
-var version = "0.10.15";
+var version = "0.10.16";
 var description = "Flockbay CLI (local agent + daemon)";
 var author = "Eduardo Orellana";
 var license = "UNLICENSED";
@@ -195,6 +193,26 @@ var packageJson = {
 	packageManager: packageManager
 };
 
+function parseProfileFromProcessArgs() {
+  const args = process.argv.slice(2);
+  for (let i = 0; i < args.length; i++) {
+    const a = String(args[i] || "");
+    if (a === "--profile") {
+      const v = String(args[i + 1] || "").trim();
+      if (v && !v.startsWith("-")) return v;
+    }
+    if (a.startsWith("--profile=")) {
+      const v = a.slice("--profile=".length).trim();
+      if (v) return v;
+    }
+  }
+  return "";
+}
+function sanitizeProfileName(input) {
+  const raw = String(input).trim();
+  const cleaned = raw.replace(/[^a-zA-Z0-9._-]+/g, "-").replace(/^-+/, "").replace(/-+$/, "");
+  return cleaned || "default";
+}
 function normalizeServerUrlForNode(url) {
   try {
     const u = new URL(url);
@@ -208,6 +226,7 @@ class Configuration {
   serverUrl;
   webappUrl;
   isDaemonProcess;
+  profile;
   // Directories and paths (from persistence)
   flockbayHomeDir;
   logsDir;
@@ -221,12 +240,15 @@ class Configuration {
   constructor() {
     const args = process.argv.slice(2);
     this.isDaemonProcess = args.length >= 2 && args[0] === "daemon" && args[1] === "start-sync";
+    const profileFromArgs = parseProfileFromProcessArgs();
+    const profileFromEnv = process.env.FLOCKBAY_PROFILE;
+    this.profile = sanitizeProfileName(profileFromEnv || profileFromArgs || "default");
     const homeOverride = process.env.FLOCKBAY_HOME_DIR;
     if (homeOverride) {
       const expandedPath = homeOverride.replace(/^~/, os.homedir());
-      this.flockbayHomeDir = expandedPath;
+      this.flockbayHomeDir = path.join(expandedPath, "profiles", this.profile);
     } else {
-      this.flockbayHomeDir = path.join(os.homedir(), ".flockbay");
+      this.flockbayHomeDir = path.join(os.homedir(), ".flockbay", "profiles", this.profile);
     }
     this.logsDir = path.join(this.flockbayHomeDir, "logs");
     this.settingsFile = path.join(this.flockbayHomeDir, "settings.json");
@@ -260,83 +282,6 @@ class Configuration {
 }
 const configuration = new Configuration();
 
-function encodeBase64(buffer, variant = "base64") {
-  if (variant === "base64url") {
-    return encodeBase64Url(buffer);
-  }
-  return Buffer.from(buffer).toString("base64");
-}
-function encodeBase64Url(buffer) {
-  return Buffer.from(buffer).toString("base64").replaceAll("+", "-").replaceAll("/", "_").replaceAll("=", "");
-}
-function decodeBase64(base64, variant = "base64") {
-  if (variant === "base64url") {
-    const base64Standard = base64.replaceAll("-", "+").replaceAll("_", "/") + "=".repeat((4 - base64.length % 4) % 4);
-    return new Uint8Array(Buffer.from(base64Standard, "base64"));
-  }
-  return new Uint8Array(Buffer.from(base64, "base64"));
-}
-function getRandomBytes(size) {
-  return new Uint8Array(node_crypto.randomBytes(size));
-}
-function libsodiumEncryptForPublicKey(data, recipientPublicKey) {
-  const ephemeralKeyPair = tweetnacl.box.keyPair();
-  const nonce = getRandomBytes(tweetnacl.box.nonceLength);
-  const encrypted = tweetnacl.box(data, nonce, recipientPublicKey, ephemeralKeyPair.secretKey);
-  const result = new Uint8Array(ephemeralKeyPair.publicKey.length + nonce.length + encrypted.length);
-  result.set(ephemeralKeyPair.publicKey, 0);
-  result.set(nonce, ephemeralKeyPair.publicKey.length);
-  result.set(encrypted, ephemeralKeyPair.publicKey.length + nonce.length);
-  return result;
-}
-function encryptWithDataKey(data, dataKey) {
-  const nonce = getRandomBytes(12);
-  const cipher = node_crypto.createCipheriv("aes-256-gcm", dataKey, nonce);
-  const plaintext = new TextEncoder().encode(JSON.stringify(data));
-  const encrypted = Buffer.concat([
-    cipher.update(plaintext),
-    cipher.final()
-  ]);
-  const authTag = cipher.getAuthTag();
-  const bundle = new Uint8Array(12 + encrypted.length + 16 + 1);
-  bundle.set([0], 0);
-  bundle.set(nonce, 1);
-  bundle.set(new Uint8Array(encrypted), 13);
-  bundle.set(new Uint8Array(authTag), 13 + encrypted.length);
-  return bundle;
-}
-function decryptWithDataKey(bundle, dataKey) {
-  if (bundle.length < 1) {
-    return null;
-  }
-  if (bundle[0] !== 0) {
-    return null;
-  }
-  if (bundle.length < 12 + 16 + 1) {
-    return null;
-  }
-  const nonce = bundle.slice(1, 13);
-  const authTag = bundle.slice(bundle.length - 16);
-  const ciphertext = bundle.slice(13, bundle.length - 16);
-  try {
-    const decipher = node_crypto.createDecipheriv("aes-256-gcm", dataKey, nonce);
-    decipher.setAuthTag(authTag);
-    const decrypted = Buffer.concat([
-      decipher.update(ciphertext),
-      decipher.final()
-    ]);
-    return JSON.parse(new TextDecoder().decode(decrypted));
-  } catch (error) {
-    return null;
-  }
-}
-function encrypt(key, data) {
-  return encryptWithDataKey(data, key);
-}
-function decrypt(key, data) {
-  return decryptWithDataKey(data, key);
-}
-
 const defaultSettings = {
   onboardingCompleted: false
 };
@@ -402,40 +347,30 @@ async function updateSettings(updater) {
     });
   }
 }
-const credentialsSchema = z__namespace.object({
-  token: z__namespace.string(),
-  encryption: z__namespace.object({
-    publicKey: z__namespace.string().base64(),
-    machineKey: z__namespace.string().base64()
-  })
+const workspaceAuthSchema = z__namespace.object({
+  machineToken: z__namespace.string().min(1),
+  orgId: z__namespace.string().min(1),
+  createdAtMs: z__namespace.number().optional()
 });
 async function readCredentials() {
-  if (!fs.existsSync(configuration.privateKeyFile)) {
-    return null;
-  }
+  if (!fs.existsSync(configuration.privateKeyFile)) return null;
   try {
-    const keyBase64 = await fs$1.readFile(configuration.privateKeyFile, "utf8");
-    const credentials = credentialsSchema.parse(JSON.parse(keyBase64));
-    return {
-      token: credentials.token,
-      encryption: {
-        type: "dataKey",
-        publicKey: new Uint8Array(Buffer.from(credentials.encryption.publicKey, "base64")),
-        machineKey: new Uint8Array(Buffer.from(credentials.encryption.machineKey, "base64"))
-      }
-    };
+    const raw = await fs$1.readFile(configuration.privateKeyFile, "utf8");
+    const parsed = workspaceAuthSchema.parse(JSON.parse(raw));
+    return { machineToken: parsed.machineToken, orgId: parsed.orgId, createdAtMs: parsed.createdAtMs };
   } catch {
     return null;
   }
 }
-async function writeCredentialsDataKey(credentials) {
+async function writeCredentials(auth) {
   if (!fs.existsSync(configuration.flockbayHomeDir)) {
     await fs$1.mkdir(configuration.flockbayHomeDir, { recursive: true });
   }
-  await fs$1.writeFile(configuration.privateKeyFile, JSON.stringify({
-    encryption: { publicKey: encodeBase64(credentials.publicKey), machineKey: encodeBase64(credentials.machineKey) },
-    token: credentials.token
-  }, null, 2));
+  await fs$1.writeFile(
+    configuration.privateKeyFile,
+    JSON.stringify({ machineToken: auth.machineToken, orgId: auth.orgId, createdAtMs: auth.createdAtMs ?? Date.now() }, null, 2),
+    "utf8"
+  );
 }
 async function clearCredentials() {
   if (fs.existsSync(configuration.privateKeyFile)) {
@@ -741,222 +676,13 @@ async function getLatestDaemonLog() {
   return latest || null;
 }
 
-const SessionMessageContentSchema = z.z.object({
-  c: z.z.string(),
-  // Base64 encoded encrypted content
-  t: z.z.literal("encrypted")
-});
-const UpdateBodySchema = z.z.object({
-  message: z.z.object({
-    id: z.z.string(),
-    seq: z.z.number(),
-    content: SessionMessageContentSchema
-  }),
-  sid: z.z.string(),
-  // Session ID
-  t: z.z.literal("new-message")
-});
-const UpdateSessionBodySchema = z.z.object({
-  t: z.z.literal("update-session"),
-  sid: z.z.string(),
-  metadata: z.z.object({
-    version: z.z.number(),
-    value: z.z.string()
-  }).nullish(),
-  agentState: z.z.object({
-    version: z.z.number(),
-    value: z.z.string()
-  }).nullish()
-});
-const UpdateMachineBodySchema = z.z.object({
-  t: z.z.literal("update-machine"),
-  machineId: z.z.string(),
-  metadata: z.z.object({
-    version: z.z.number(),
-    value: z.z.string()
-  }).nullish(),
-  daemonState: z.z.object({
-    version: z.z.number(),
-    value: z.z.string()
-  }).nullish()
-});
-z.z.object({
-  id: z.z.string(),
-  seq: z.z.number(),
-  body: z.z.union([
-    UpdateBodySchema,
-    UpdateSessionBodySchema,
-    UpdateMachineBodySchema
-  ]),
-  createdAt: z.z.number()
-});
-z.z.object({
-  host: z.z.string(),
-  platform: z.z.string(),
-  flockbayCliVersion: z.z.string(),
-  homeDir: z.z.string(),
-  flockbayHomeDir: z.z.string(),
-  flockbayLibDir: z.z.string(),
-  // Dev-only: bypass Unreal project + SDK gating (so sessions can run in arbitrary folders).
-  flockbayDevBypassUeGates: z.z.boolean().optional()
-});
-z.z.object({
-  status: z.z.union([
-    z.z.enum(["running", "shutting-down"]),
-    z.z.string()
-    // Forward compatibility
-  ]),
-  pid: z.z.number().optional(),
-  httpPort: z.z.number().optional(),
-  startedAt: z.z.number().optional(),
-  shutdownRequestedAt: z.z.number().optional(),
-  shutdownSource: z.z.union([
-    z.z.enum(["mobile-app", "cli", "os-signal", "unknown"]),
-    z.z.string()
-    // Forward compatibility
-  ]).optional()
-});
-z.z.object({
-  content: SessionMessageContentSchema,
-  createdAt: z.z.number(),
-  id: z.z.string(),
-  seq: z.z.number(),
-  updatedAt: z.z.number()
-});
-const MessageMetaSchema = z.z.object({
-  sentFrom: z.z.string().optional(),
-  // Source identifier
-  permissionMode: z.z.string().optional(),
-  // Permission mode for this message
-  model: z.z.string().nullable().optional(),
-  // Model name for this message (null = reset)
-  customSystemPrompt: z.z.string().nullable().optional(),
-  // Custom system prompt for this message (null = reset)
-  appendSystemPrompt: z.z.string().nullable().optional(),
-  // Append to system prompt for this message (null = reset)
-  allowedTools: z.z.array(z.z.string()).nullable().optional(),
-  // Allowed tools for this message (null = reset)
-  disallowedTools: z.z.array(z.z.string()).nullable().optional(),
-  // Disallowed tools for this message (null = reset)
-  // Optional text to show in UI instead of the raw prompt (mobile/web feature).
-  displayText: z.z.string().optional(),
-  // Optional multimodal attachments (base64-embedded; used for vision-capable agents).
-  attachments: z.z.object({
-    images: z.z.array(
-      z.z.object({
-        mimeType: z.z.string(),
-        base64: z.z.string(),
-        name: z.z.string().optional(),
-        width: z.z.number().optional(),
-        height: z.z.number().optional()
-      })
-    ).optional()
-  }).optional()
-});
-z.z.object({
-  session: z.z.object({
-    id: z.z.string(),
-    tag: z.z.string(),
-    seq: z.z.number(),
-    createdAt: z.z.number(),
-    updatedAt: z.z.number(),
-    metadata: z.z.string(),
-    metadataVersion: z.z.number(),
-    agentState: z.z.string().nullable(),
-    agentStateVersion: z.z.number()
-  })
-});
-const UserMessageSchema = z.z.object({
-  role: z.z.literal("user"),
-  content: z.z.object({
-    type: z.z.literal("text"),
-    text: z.z.string()
-  }),
-  localKey: z.z.string().optional(),
-  // Mobile messages include this
-  meta: MessageMetaSchema.optional()
-});
-const AgentMessageSchema = z.z.object({
-  role: z.z.literal("agent"),
-  content: z.z.object({
-    type: z.z.literal("output"),
-    data: z.z.any()
-  }),
-  meta: MessageMetaSchema.optional()
-});
-z.z.union([UserMessageSchema, AgentMessageSchema]);
-
-async function delay(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
-}
-function exponentialBackoffDelay(currentFailureCount, minDelay, maxDelay, maxFailureCount) {
-  let maxDelayRet = minDelay + (maxDelay - minDelay) / maxFailureCount * Math.min(currentFailureCount, maxFailureCount);
-  return Math.round(Math.random() * maxDelayRet);
-}
-function createBackoff(opts) {
-  return async (callback) => {
-    let currentFailureCount = 0;
-    const minDelay = 250;
-    const maxDelay = 1e3;
-    const maxFailureCount = 50;
-    while (true) {
-      try {
-        return await callback();
-      } catch (e) {
-        if (currentFailureCount < maxFailureCount) {
-          currentFailureCount++;
-        }
-        let waitForRequest = exponentialBackoffDelay(currentFailureCount, minDelay, maxDelay, maxFailureCount);
-        await delay(waitForRequest);
-      }
-    }
-  };
-}
-let backoff = createBackoff();
-
-class AsyncLock {
-  permits = 1;
-  promiseResolverQueue = [];
-  async inLock(func) {
-    try {
-      await this.lock();
-      return await func();
-    } finally {
-      this.unlock();
-    }
-  }
-  async lock() {
-    if (this.permits > 0) {
-      this.permits = this.permits - 1;
-      return;
-    }
-    await new Promise((resolve) => this.promiseResolverQueue.push(resolve));
-  }
-  unlock() {
-    this.permits += 1;
-    if (this.permits > 1 && this.promiseResolverQueue.length > 0) {
-      throw new Error("this.permits should never be > 0 when there is someone waiting.");
-    } else if (this.permits === 1 && this.promiseResolverQueue.length > 0) {
-      this.permits -= 1;
-      const nextResolver = this.promiseResolverQueue.shift();
-      if (nextResolver) {
-        setTimeout(() => {
-          nextResolver(true);
-        }, 0);
-      }
-    }
-  }
-}
-
 class RpcHandlerManager {
   handlers = /* @__PURE__ */ new Map();
   scopePrefix;
-  encryptionKey;
   logger;
   socket = null;
   constructor(config) {
     this.scopePrefix = config.scopePrefix;
-    this.encryptionKey = config.encryptionKey;
     this.logger = config.logger || ((msg, data) => logger.debug(msg, data));
   }
   /**
@@ -981,20 +707,24 @@ class RpcHandlerManager {
       const handler = this.handlers.get(request.method);
       if (!handler) {
         this.logger("[RPC] [ERROR] Method not found", { method: request.method });
-        const errorResponse = { error: "Method not found" };
-        const encryptedError = encodeBase64(encrypt(this.encryptionKey, errorResponse));
-        return encryptedError;
-      }
-      const decryptedParams = decrypt(this.encryptionKey, decodeBase64(request.params));
-      const result = await handler(decryptedParams);
-      const encryptedResponse = encodeBase64(encrypt(this.encryptionKey, result));
-      return encryptedResponse;
+        return { error: "Method not found" };
+      }
+      const rawParams = request.params;
+      const parsedParams = (() => {
+        if (typeof rawParams !== "string") return rawParams;
+        const s = rawParams.trim();
+        if (!s) return rawParams;
+        if (!(s.startsWith("{") || s.startsWith("["))) return rawParams;
+        try {
+          return JSON.parse(s);
+        } catch {
+          return rawParams;
+        }
+      })();
+      return await handler(parsedParams);
     } catch (error) {
       this.logger("[RPC] [ERROR] Error handling request", { error });
-      const errorResponse = {
-        error: error instanceof Error ? error.message : "Unknown error"
-      };
-      return encodeBase64(encrypt(this.encryptionKey, errorResponse));
+      return { error: error instanceof Error ? error.message : "Unknown error" };
     }
   }
   onSocketConnect(socket) {
@@ -1036,7 +766,7 @@ class RpcHandlerManager {
   }
 }
 
-const __dirname$1 = path$1.dirname(url.fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('types-C-jnUdn_.cjs', document.baseURI).href))));
+const __dirname$1 = path$1.dirname(url.fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('types-SUAKq-K0.cjs', document.baseURI).href))));
 function projectPath() {
   const path = path$1.resolve(__dirname$1, "..");
   return path;
@@ -1200,6 +930,19 @@ async function sendUnrealMcpTcpCommand(options) {
         const paramName = missingParamMatch[1];
         hints.push(`Tip: include the required parameter \`${paramName}\` in the request params (UnrealMCP does not infer defaults).`);
       }
+      const details = response?.details;
+      if (details && typeof details === "object") {
+        const kind = typeof details.kind === "string" ? details.kind : null;
+        const missing = Array.isArray(details.missing) ? details.missing.filter((x) => typeof x === "string") : [];
+        if (kind === "missing_params" && missing.length > 0) {
+          hints.push(`Missing params: ${missing.map((m) => `\`${m}\``).join(", ")}`);
+        }
+        const exampleCall = details.exampleCall;
+        if (exampleCall && typeof exampleCall === "object") {
+          hints.push(`Example call:
+${JSON.stringify(exampleCall, null, 2)}`);
+        }
+      }
       const hint = hints.length > 0 ? `
 
 ${hints.join("\n\n")}` : "";
@@ -1478,7 +1221,7 @@ async function apiJsonGet(params) {
   const res = await fetch(url, {
     method: "GET",
     headers: {
-      Authorization: `Bearer ${params.token}`,
+      Authorization: `Machine ${params.token}`,
       Accept: "application/json"
     }
   });
@@ -1494,7 +1237,7 @@ async function apiJsonPost(params) {
   const res = await fetch(url, {
     method: "POST",
     headers: {
-      Authorization: `Bearer ${params.token}`,
+      Authorization: `Machine ${params.token}`,
       "Content-Type": "application/json",
       Accept: "application/json"
     },
@@ -1859,8 +1602,20 @@ function registerCommonHandlers(rpcHandlerManager, workingDirectory, coordinatio
         "play_in_editor_windowed",
         "stop_play_in_editor",
         "take_screenshot",
+        "map_check",
+        "compile_blueprints_all",
+        "get_editor_context",
+        "get_player_context",
+        "raycast_from_camera",
+        "raycast_down",
+        "get_actor_transform",
+        "get_actor_bounds",
         "spawn_actor",
-        "set_actor_transform"
+        "set_actor_transform",
+        "search_assets",
+        "get_asset_info",
+        "list_asset_packs",
+        "place_asset"
       ];
       const expected = await readExpectedUnrealMcpUplugin().catch((err) => {
         const message = err instanceof Error ? err.message : String(err);
@@ -3122,48 +2877,38 @@ class ApiSessionClient extends node_events.EventEmitter {
   agentState;
   agentStateVersion;
   socket;
-  pendingMessages = [];
-  pendingMessageCallback = null;
-  pendingOutboundMessages = [];
   rpcHandlerManager;
-  agentStateLock = new AsyncLock();
-  metadataLock = new AsyncLock();
-  encryptionKey;
-  coordinationLeaseGuard;
-  coordinationLedgerReadAt = 0;
-  docsIndexReadAt = 0;
+  coordinationLeaseGuard = new CoordinationLeaseGuard();
+  coordinationLedgerLastReadAtMs = null;
+  outboundQueue = [];
   constructor(token, session) {
     super();
     this.token = token;
     this.sessionId = session.id;
-    this.metadata = session.metadata;
-    this.metadataVersion = session.metadataVersion;
-    this.agentState = session.agentState;
-    this.agentStateVersion = session.agentStateVersion;
-    this.encryptionKey = session.encryptionKey;
-    this.coordinationLeaseGuard = new CoordinationLeaseGuard();
+    this.metadata = session.metadata ?? null;
+    this.metadataVersion = Number(session.metadataVersion || 0);
+    this.agentState = session.agentState ?? null;
+    this.agentStateVersion = Number(session.agentStateVersion || 0);
     this.rpcHandlerManager = new RpcHandlerManager({
       scopePrefix: this.sessionId,
-      encryptionKey: this.encryptionKey,
       logger: (msg, data) => logger.debug(msg, data)
     });
-    registerCommonHandlers(this.rpcHandlerManager, this.metadata.path, {
-      serverUrl: configuration.serverUrl,
-      token: this.token,
-      sessionId: this.sessionId,
-      machineId: this.metadata.machineId || "",
-      projectRootPath: this.metadata?.projectRootPath ? String(this.metadata.projectRootPath) : this.metadata.path,
-      workItemId: this.metadata?.workItemId ? String(this.metadata.workItemId) : null,
-      workspaceProjectId: this.metadata?.workspaceProjectId ? String(this.metadata.workspaceProjectId) : null,
-      leaseGuard: this.coordinationLeaseGuard
-    }, { bashEnabled: false });
-    this.startCoordinationAutopilot();
-    this.socket = socket_ioClient.io(configuration.serverUrl, {
-      auth: {
+    const cwd = String(this.metadata?.path || process.cwd()).trim() || process.cwd();
+    const machineId = String(this.metadata?.machineId || "").trim();
+    registerCommonHandlers(
+      this.rpcHandlerManager,
+      cwd,
+      {
+        serverUrl: configuration.serverUrl,
         token: this.token,
-        clientType: "session-scoped",
-        sessionId: this.sessionId
+        sessionId: this.sessionId,
+        machineId,
+        projectRootPath: String(this.metadata?.projectRootPath || cwd)
       },
+      { bashEnabled: false }
+    );
+    this.socket = socket_ioClient.io(configuration.serverUrl, {
+      auth: { token: this.token, clientType: "session-scoped", sessionId: this.sessionId, machineId },
       path: "/v1/updates",
       reconnection: true,
       reconnectionAttempts: Infinity,
@@ -3174,386 +2919,196 @@ class ApiSessionClient extends node_events.EventEmitter {
       autoConnect: false
     });
     this.socket.on("connect", () => {
-      logger.debug("Socket connected successfully");
+      logger.debug("[session] socket connected");
       this.rpcHandlerManager.onSocketConnect(this.socket);
-      this.flushOutboundQueue();
+      this.flush();
+      this.emit("connect");
     });
-    this.socket.on("rpc-request", async (data, callback) => {
-      callback(await this.rpcHandlerManager.handleRequest(data));
+    this.socket.on("connect_error", (error) => {
+      const message = error instanceof Error ? error.message : String(error?.message || error || "connect_error");
+      logger.debug("[session] socket connect_error", { message });
     });
     this.socket.on("disconnect", (reason) => {
-      logger.debug("[API] Socket disconnected:", reason);
+      logger.debug("[session] socket disconnected", reason);
       this.rpcHandlerManager.onSocketDisconnect();
+      this.emit("disconnect", reason);
     });
-    this.socket.on("connect_error", (error) => {
-      logger.debug("[API] Socket connection error:", error);
-      this.rpcHandlerManager.onSocketDisconnect();
+    this.socket.on("rpc-request", async (data, callback) => {
+      callback(await this.rpcHandlerManager.handleRequest(data));
     });
     this.socket.on("update", (data) => {
-      try {
-        logger.debugLargeJson("[SOCKET] [UPDATE] Received update:", data);
-        if (!data.body) {
-          logger.debug("[SOCKET] [UPDATE] [ERROR] No body in update!");
-          return;
-        }
-        if (data.body.t === "new-message" && data.body.message.content.t === "encrypted") {
-          const body = decrypt(this.encryptionKey, decodeBase64(data.body.message.content.c));
-          logger.debugLargeJson("[SOCKET] [UPDATE] Received update:", body);
-          const userResult = UserMessageSchema.safeParse(body);
-          if (userResult.success) {
-            if (this.pendingMessageCallback) {
-              this.pendingMessageCallback(userResult.data);
-            } else {
-              this.pendingMessages.push(userResult.data);
-            }
-          } else {
-            this.emit("message", body);
-          }
-        } else if (data.body.t === "update-session") {
-          if (data.body.metadata && data.body.metadata.version > this.metadataVersion) {
-            this.metadata = decrypt(this.encryptionKey, decodeBase64(data.body.metadata.value));
-            this.metadataVersion = data.body.metadata.version;
-          }
-          if (data.body.agentState && data.body.agentState.version > this.agentStateVersion) {
-            this.agentState = data.body.agentState.value ? decrypt(this.encryptionKey, decodeBase64(data.body.agentState.value)) : null;
-            this.agentStateVersion = data.body.agentState.version;
-          }
-        } else if (data.body.t === "update-machine") {
-          logger.debug(`[SOCKET] WARNING: Session client received unexpected machine update - ignoring`);
-        } else {
-          this.emit("message", data.body);
-        }
-      } catch (error) {
-        logger.debug("[SOCKET] [UPDATE] [ERROR] Error handling update", { error });
-      }
-    });
-    this.socket.on("error", (error) => {
-      logger.debug("[API] Socket error:", error);
+      this.emit("update", data);
     });
-    this.socket.connect();
-  }
-  /**
-   * Returns the session client's bearer token for calling authenticated HTTP endpoints.
-   * Intended for internal integrations (e.g. uploading artifacts for this session).
-   */
-  getAuthToken() {
-    return this.token;
   }
-  /**
-   * True when this session has workspaceProjectId/workItemId metadata
-   * (i.e. ledger tools are available and claim enforcement makes sense).
-   */
-  hasCoordinationContext() {
-    const meta = this.metadata;
-    if (!meta) return false;
-    const projectId = String(meta.workspaceProjectId || "").trim();
-    const workItemId = String(meta.workItemId || "").trim();
-    return Boolean(projectId && workItemId);
+  connect() {
+    this.socket.connect();
   }
-  markCoordinationLedgerRead(atMs = Date.now()) {
-    this.coordinationLedgerReadAt = Number.isFinite(atMs) ? atMs : Date.now();
+  async connectAndWait(timeoutMs = 15e3) {
+    if (this.socket.connected) return;
+    await new Promise((resolve, reject) => {
+      let timeoutHandle = null;
+      const cleanup = () => {
+        if (timeoutHandle) clearTimeout(timeoutHandle);
+        this.socket.off("connect", onConnect);
+        this.socket.off("connect_error", onError);
+        this.socket.off("disconnect", onDisconnect);
+      };
+      const onConnect = () => {
+        cleanup();
+        resolve();
+      };
+      const onError = (err) => {
+        cleanup();
+        const message = err instanceof Error ? err.message : String(err?.message || err || "connect_error");
+        reject(new Error(message));
+      };
+      const onDisconnect = (reason) => {
+        cleanup();
+        reject(new Error(`disconnected:${String(reason || "unknown")}`));
+      };
+      timeoutHandle = setTimeout(() => {
+        cleanup();
+        reject(new Error("connect_timeout"));
+      }, timeoutMs);
+      this.socket.once("connect", onConnect);
+      this.socket.once("connect_error", onError);
+      this.socket.once("disconnect", onDisconnect);
+      this.connect();
+    });
   }
-  getCoordinationLedgerReadAt() {
-    return Number(this.coordinationLedgerReadAt || 0);
+  disconnect() {
+    this.socket.disconnect();
   }
-  didReadCoordinationLedgerWithin(ms) {
-    const last = Number(this.coordinationLedgerReadAt || 0);
-    if (!Number.isFinite(last) || last <= 0) return false;
-    return Date.now() - last <= ms;
+  close() {
+    this.disconnect();
   }
-  markDocsIndexRead(atMs = Date.now()) {
-    this.docsIndexReadAt = Number.isFinite(atMs) ? atMs : Date.now();
+  getAuthToken() {
+    return this.token;
   }
-  getDocsIndexReadAt() {
-    return Number(this.docsIndexReadAt || 0);
+  async listMessages() {
+    const baseUrl = configuration.serverUrl.replace(/\/+$/, "");
+    const url = `${baseUrl}/v1/sessions/${encodeURIComponent(this.sessionId)}/messages`;
+    const res = await axios.get(url, {
+      headers: { Authorization: `Machine ${this.token}`, "Content-Type": "application/json" },
+      timeout: 6e4
+    });
+    return Array.isArray(res.data?.messages) ? res.data.messages : [];
   }
-  didReadDocsIndexWithin(ms) {
-    const last = Number(this.docsIndexReadAt || 0);
-    if (!Number.isFinite(last) || last <= 0) return false;
-    return Date.now() - last <= ms;
+  markCoordinationLedgerRead(timeMs = Date.now()) {
+    this.coordinationLedgerLastReadAtMs = timeMs;
   }
-  startCoordinationAutopilot() {
-    const meta = this.metadata;
-    if (!meta) return;
-    const projectId = String(meta.workspaceProjectId || "").trim();
-    const workItemId = String(meta.workItemId || "").trim();
-    const machineId = String(meta.machineId || "").trim();
-    const projectRootPath = String(meta.projectRootPath || meta.path || "").trim();
-    const cwd = String(meta.path || "").trim();
-    if (!projectId || !workItemId || !machineId || !projectRootPath || !cwd) return;
-    String(process.env.FLOCKBAY_COORDINATION_AUTO_SHIP_ON_COMMIT || "").trim() === "1";
-    const serverUrl = configuration.serverUrl.replace(/\/+$/, "");
-    const token = this.token;
-    const sessionId = this.sessionId;
-    const postJson = async (path, body) => {
-      const res = await fetch(`${serverUrl}${path}`, {
-        method: "POST",
-        headers: {
-          Authorization: `Bearer ${token}`,
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify(body ?? {})
-      });
-      const data = await res.json().catch(() => null);
-      if (!res.ok) {
-        const msg = typeof data?.error === "string" ? data.error : `Request failed (${res.status})`;
-        throw new Error(msg);
-      }
-      return data;
-    };
-    void postJson(
-      "/v1/coordination/work-items/update",
-      { projectId, workItemId, sessionId }
-    ).catch((err) => logger.debug("[coordination-autopilot] Failed to attach session to work item:", err));
-    logger.debug("[coordination] Enabled", { projectId, workItemId, cwd });
-    return;
+  getCoordinationLedgerLastReadAtMs() {
+    return this.coordinationLedgerLastReadAtMs;
   }
-  flushOutboundQueue() {
+  keepAlive(thinking, mode) {
     if (!this.socket.connected) return;
-    if (this.pendingOutboundMessages.length === 0) return;
-    const batch = this.pendingOutboundMessages;
-    this.pendingOutboundMessages = [];
-    logger.debug("[API] Flushing queued outbound messages", { count: batch.length });
-    for (const item of batch) {
-      this.socket.emit("message", { sid: item.sid, message: item.message });
-    }
-  }
-  emitMessageOrQueue(args) {
-    if (this.socket.connected) {
-      this.socket.emit("message", { sid: args.sid, message: args.message });
-      return;
-    }
-    const MAX_QUEUED = 200;
-    if (this.pendingOutboundMessages.length >= MAX_QUEUED) {
-      const head = this.pendingOutboundMessages[0];
-      throw new Error(
-        `Socket not connected; outbound queue full (${MAX_QUEUED}). Oldest=${head?.kind ?? "unknown"} queuedAt=${head?.queuedAt ?? "unknown"}`
-      );
-    }
-    this.pendingOutboundMessages.push({ ...args, queuedAt: Date.now() });
-    logger.debug("[API] Socket not connected; queued outbound message", {
-      kind: args.kind,
-      queued: this.pendingOutboundMessages.length
-    });
+    this.socket.emit("session-alive", { sid: this.sessionId, time: Date.now(), thinking, mode });
   }
-  onUserMessage(callback) {
-    this.pendingMessageCallback = callback;
-    while (this.pendingMessages.length > 0) {
-      callback(this.pendingMessages.shift());
-    }
+  sendSessionDeath() {
+    this.socket.emit("session-end", { sid: this.sessionId, time: Date.now() });
   }
-  /**
-   * Send message to session
-   * @param body - Message body (can be MessageContent or raw content for agent messages)
-   */
-  sendClaudeSessionMessage(body) {
-    let content;
-    if (body.type === "user" && typeof body.message.content === "string" && body.isSidechain !== true && body.isMeta !== true) {
-      content = {
-        role: "user",
-        content: {
-          type: "text",
-          text: body.message.content
-        },
-        meta: {
-          sentFrom: "cli"
-        }
-      };
-    } else {
-      content = {
-        role: "agent",
-        content: {
-          type: "output",
-          data: body
-          // This wraps the entire Claude message
-        },
-        meta: {
-          sentFrom: "cli"
-        }
-      };
-    }
-    logger.debugLargeJson("[SOCKET] Sending message through socket:", content);
-    const encrypted = encodeBase64(encrypt(this.encryptionKey, content));
-    this.emitMessageOrQueue({ sid: this.sessionId, message: encrypted, kind: "claude" });
-    if (body.type === "assistant" && body.message?.usage) {
-      try {
-        this.sendUsageData(body.message.usage);
-      } catch (error) {
-        logger.debug("[SOCKET] Failed to send usage data:", error);
-      }
-    }
-    if (body.type === "summary" && "summary" in body && "leafUuid" in body) {
-      this.updateMetadata((metadata) => ({
-        ...metadata,
-        summary: {
-          text: body.summary,
-          updatedAt: Date.now()
-        }
-      }));
-    }
+  sendSessionEvent(event) {
+    this.emitMessageOrQueue({
+      role: "agent",
+      content: { type: "event", id: node_crypto.randomUUID(), data: event },
+      meta: { sentFrom: "cli" }
+    });
   }
   sendCodexMessage(body) {
-    let content = {
-      role: "agent",
-      content: {
-        type: "codex",
-        data: body
-        // This wraps the entire Claude message
-      },
-      meta: {
-        sentFrom: "cli"
-      }
-    };
-    const encrypted = encodeBase64(encrypt(this.encryptionKey, content));
-    this.emitMessageOrQueue({ sid: this.sessionId, message: encrypted, kind: `codex:${String(body?.type ?? "unknown")}` });
+    this.emitMessageOrQueue({ role: "agent", content: { type: "codex", data: body }, meta: { sentFrom: "cli" } });
   }
-  /**
-   * Send a generic agent message to the session.
-   * Works for any agent type (Gemini, Codex, Claude, etc.)
-   * 
-   * @param agentType - The type of agent sending the message (e.g., 'gemini', 'codex', 'claude')
-   * @param body - The message payload
-   */
   sendAgentMessage(agentType, body) {
-    let content = {
-      role: "agent",
-      content: {
-        type: agentType,
-        data: body
-      },
-      meta: {
-        sentFrom: "cli"
-      }
-    };
-    logger.debug(`[SOCKET] Sending ${agentType} message:`, { type: body.type, hasMessage: !!body.message });
-    const encrypted = encodeBase64(encrypt(this.encryptionKey, content));
-    this.emitMessageOrQueue({ sid: this.sessionId, message: encrypted, kind: `${agentType}:${String(body?.type ?? "unknown")}` });
+    this.emitMessageOrQueue({ role: "agent", content: { type: agentType, data: body }, meta: { sentFrom: "cli" } });
   }
-  sendSessionEvent(event, id) {
-    let content = {
+  sendClaudeSessionMessage(body) {
+    this.emitMessageOrQueue({
       role: "agent",
-      content: {
-        id: id ?? node_crypto.randomUUID(),
-        type: "event",
-        data: event
-      }
-    };
-    const encrypted = encodeBase64(encrypt(this.encryptionKey, content));
-    this.emitMessageOrQueue({ sid: this.sessionId, message: encrypted, kind: `event:${event.type}` });
-  }
-  /**
-   * Send a ping message to keep the connection alive
-   */
-  keepAlive(thinking, mode) {
-    if (process.env.DEBUG) {
-      logger.debug(`[API] Sending keep alive message: ${thinking}`);
-    }
-    this.socket.volatile.emit("session-alive", {
-      sid: this.sessionId,
-      time: Date.now(),
-      thinking,
-      mode
+      content: { type: "output", data: body },
+      meta: { sentFrom: "cli" }
     });
   }
-  /**
-   * Send session death message
-   */
-  sendSessionDeath() {
-    this.socket.emit("session-end", { sid: this.sessionId, time: Date.now() });
+  emitMessageOrQueue(content) {
+    const payload = { sid: this.sessionId, content };
+    if (this.socket.connected) {
+      this.socket.emit("message", payload);
+      return;
+    }
+    this.outboundQueue.push(payload);
   }
-  /**
-   * Send usage data to the server
-   */
-  sendUsageData(usage) {
-    const totalTokens = usage.input_tokens + usage.output_tokens + (usage.cache_creation_input_tokens || 0) + (usage.cache_read_input_tokens || 0);
-    const usageReport = {
-      key: "claude-session",
-      sessionId: this.sessionId,
-      tokens: {
-        total: totalTokens,
-        input: usage.input_tokens,
-        output: usage.output_tokens,
-        cache_creation: usage.cache_creation_input_tokens || 0,
-        cache_read: usage.cache_read_input_tokens || 0
-      },
-      cost: {
-        // TODO: Calculate actual costs based on pricing
-        // For now, using placeholder values
-        total: 0,
-        input: 0,
-        output: 0
-      }
+  flush() {
+    if (!this.socket.connected) return;
+    while (this.outboundQueue.length > 0) {
+      const next = this.outboundQueue.shift();
+      if (!next) continue;
+      this.socket.emit("message", next);
+    }
+  }
+  onUserMessage(handler) {
+    const listener = (u) => {
+      if (u?.body?.t !== "new-message") return;
+      const body = u.body;
+      const raw = body?.message ?? null;
+      if (!raw || typeof raw !== "object") return;
+      const record = raw?.content;
+      if (!record || typeof record !== "object") return;
+      if (record.role !== "user") return;
+      handler(record);
     };
-    logger.debugLargeJson("[SOCKET] Sending usage data:", usageReport);
-    this.socket.emit("usage-report", usageReport);
+    this.on("update", listener);
+    return () => this.off("update", listener);
   }
-  /**
-   * Update session metadata
-   * @param handler - Handler function that returns the updated metadata
-   */
   updateMetadata(handler) {
-    this.metadataLock.inLock(async () => {
-      await backoff(async () => {
-        let updated = handler(this.metadata);
-        const answer = await this.socket.emitWithAck("update-metadata", { sid: this.sessionId, expectedVersion: this.metadataVersion, metadata: encodeBase64(encrypt(this.encryptionKey, updated)) });
-        if (answer.result === "success") {
-          this.metadata = decrypt(this.encryptionKey, decodeBase64(answer.metadata));
-          this.metadataVersion = answer.version;
-        } else if (answer.result === "version-mismatch") {
-          if (answer.version > this.metadataVersion) {
-            this.metadataVersion = answer.version;
-            this.metadata = decrypt(this.encryptionKey, decodeBase64(answer.metadata));
-          }
-          throw new Error("Metadata version mismatch");
-        } else if (answer.result === "error") ;
-      });
-    });
+    const current = this.metadata || {};
+    const next = handler(current);
+    void this.socket.emitWithAck("update-metadata", { sid: this.sessionId, expectedVersion: this.metadataVersion, metadata: next }).then((answer) => {
+      if (answer?.result === "success") {
+        this.metadata = next;
+        this.metadataVersion += 1;
+      }
+    }).catch(() => null);
   }
-  /**
-   * Update session agent state
-   * @param handler - Handler function that returns the updated agent state
-   */
   updateAgentState(handler) {
-    logger.debugLargeJson("Updating agent state", this.agentState);
-    this.agentStateLock.inLock(async () => {
-      await backoff(async () => {
-        let updated = handler(this.agentState || {});
-        const answer = await this.socket.emitWithAck("update-state", { sid: this.sessionId, expectedVersion: this.agentStateVersion, agentState: updated ? encodeBase64(encrypt(this.encryptionKey, updated)) : null });
-        if (answer.result === "success") {
-          this.agentState = answer.agentState ? decrypt(this.encryptionKey, decodeBase64(answer.agentState)) : null;
-          this.agentStateVersion = answer.version;
-          logger.debug("Agent state updated", this.agentState);
-        } else if (answer.result === "version-mismatch") {
-          if (answer.version > this.agentStateVersion) {
-            this.agentStateVersion = answer.version;
-            this.agentState = answer.agentState ? decrypt(this.encryptionKey, decodeBase64(answer.agentState)) : null;
-          }
-          throw new Error("Agent state version mismatch");
-        } else if (answer.result === "error") ;
-      });
-    });
+    const current = this.agentState || {};
+    const next = handler(current);
+    void this.socket.emitWithAck("update-state", { sid: this.sessionId, expectedVersion: this.agentStateVersion, agentState: next }).then((answer) => {
+      if (answer?.result === "success") {
+        this.agentState = next;
+        this.agentStateVersion += 1;
+      }
+    }).catch(() => null);
   }
-  /**
-   * Wait for socket buffer to flush
-   */
-  async flush() {
-    if (!this.socket.connected) {
-      return;
+}
+
+async function delay(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function exponentialBackoffDelay(currentFailureCount, minDelay, maxDelay, maxFailureCount) {
+  let maxDelayRet = minDelay + (maxDelay - minDelay) / maxFailureCount * Math.min(currentFailureCount, maxFailureCount);
+  return Math.round(Math.random() * maxDelayRet);
+}
+function createBackoff(opts) {
+  return async (callback) => {
+    let currentFailureCount = 0;
+    const minDelay = opts && opts.minDelay !== void 0 ? opts.minDelay : 250;
+    const maxDelay = opts && opts.maxDelay !== void 0 ? opts.maxDelay : 1e3;
+    const maxFailureCount = opts && opts.maxFailureCount !== void 0 ? opts.maxFailureCount : 50;
+    while (true) {
+      try {
+        return await callback();
+      } catch (e) {
+        if (currentFailureCount < maxFailureCount) {
+          currentFailureCount++;
+        }
+        if (opts && opts.onError) {
+          opts.onError(e, currentFailureCount);
+        }
+        let waitForRequest = exponentialBackoffDelay(currentFailureCount, minDelay, maxDelay, maxFailureCount);
+        await delay(waitForRequest);
+      }
     }
-    return new Promise((resolve) => {
-      this.socket.emit("ping", () => {
-        resolve();
-      });
-      setTimeout(() => {
-        resolve();
-      }, 1e4);
-    });
-  }
-  async close() {
-    logger.debug("[API] socket.close() called");
-    this.socket.close();
-  }
+  };
 }
+let backoff = createBackoff();
 
 function looksLikeEngineRoot(engineRoot) {
   if (!engineRoot) return false;
@@ -3726,6 +3281,11 @@ async function buildAndInstallUnrealMcpPlugin(options) {
     `-Plugin=${pluginUpluginPath}`,
     `-Package=${packageDir}`,
     "-Rocket",
+    // UAT enforces a global single-instance mutex. On macOS/Linux, the named mutex can
+    // appear "already created" even when no process is actually holding it, which makes
+    // repeated installs fail with: "A conflicting instance of AutomationTool is already running."
+    // `-WaitForUATMutex` makes UAT acquire the mutex if it's free (or wait if another build is in flight).
+    "-WaitForUATMutex",
     `-TargetPlatforms=${targetPlatform()}`
   ];
   const logStream = fs.createWriteStream(buildLogPath, { flags: "a" });
@@ -3798,7 +3358,6 @@ class ApiMachineClient {
     this.machine = machine;
     this.rpcHandlerManager = new RpcHandlerManager({
       scopePrefix: this.machine.id,
-      encryptionKey: this.machine.encryptionKey,
       logger: (msg, data) => logger.debug(msg, data)
     });
     const rootDir = this.machine?.metadata?.homeDir || os.homedir() || process.cwd();
@@ -3839,6 +3398,24 @@ class ApiMachineClient {
   socket;
   keepAliveInterval = null;
   rpcHandlerManager;
+  connected = false;
+  lastConnectError = null;
+  lastDisconnectReason = null;
+  lastHttpUpsertError = null;
+  lastHttpUpsertStatus = null;
+  lastHttpUpsertAt = null;
+  upsertBackoff = createBackoff({
+    minDelay: 1e3,
+    maxDelay: 3e4,
+    maxFailureCount: 200,
+    onError: (e, failures) => {
+      const msg = e instanceof Error ? e.message : String(e);
+      this.lastHttpUpsertError = msg;
+      if (process.env.DEBUG) {
+        logger.debug(`[API MACHINE] Machine upsert retry (${failures}): ${msg}`);
+      }
+    }
+  });
   setRPCHandlers({
     spawnSession,
     stopSession,
@@ -3885,74 +3462,86 @@ class ApiMachineClient {
     });
   }
   /**
-   * Update machine metadata
-   * Currently unused, changes from the mobile client are more likely
-   * for example to set a custom name.
+   * Upsert machine record (metadata + daemon state) via HTTP (workspace-native V1).
    */
-  async updateMachineMetadata(handler) {
-    await backoff(async () => {
-      const updated = handler(this.machine.metadata);
-      const answer = await this.socket.emitWithAck("machine-update-metadata", {
-        machineId: this.machine.id,
-        metadata: encodeBase64(encrypt(this.machine.encryptionKey, updated)),
-        expectedVersion: this.machine.metadataVersion
-      });
-      if (answer.result === "success") {
-        this.machine.metadata = decrypt(this.machine.encryptionKey, decodeBase64(answer.metadata));
-        this.machine.metadataVersion = answer.version;
-        logger.debug("[API MACHINE] Metadata updated successfully");
-      } else if (answer.result === "version-mismatch") {
-        if (answer.version > this.machine.metadataVersion) {
-          this.machine.metadataVersion = answer.version;
-          this.machine.metadata = decrypt(this.machine.encryptionKey, decodeBase64(answer.metadata));
-        }
-        throw new Error("Metadata version mismatch");
-      }
+  async upsertMachineHttp(params) {
+    const attemptAt = Date.now();
+    const endpoint = configuration.serverUrl.replace(/\/+$/, "");
+    const timeoutMs = Math.max(1e3, Math.min(12e4, Number.parseInt(process.env.FLOCKBAY_MACHINE_UPSERT_TIMEOUT_MS || "30000", 10) || 3e4));
+    const res = await fetch(`${endpoint}/v1/machines`, {
+      method: "POST",
+      headers: {
+        Authorization: `Machine ${this.token}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        id: this.machine.id,
+        ...params.metadata !== void 0 ? { metadata: params.metadata } : {},
+        ...params.daemonState !== void 0 ? { daemonState: params.daemonState } : {}
+      }),
+      signal: AbortSignal.timeout(timeoutMs)
     });
+    if (!res.ok) {
+      const detail = await res.text().catch(() => "");
+      const msg = `machine_upsert_failed:${res.status}${detail ? `:${detail.slice(0, 2e3)}` : ""}`;
+      this.lastHttpUpsertStatus = res.status;
+      this.lastHttpUpsertError = msg;
+      throw new Error(msg);
+    }
+    const data = await res.json().catch(() => null);
+    const machine = data?.machine && typeof data.machine === "object" ? data.machine : null;
+    if (machine) {
+      this.machine.metadata = machine.metadata ?? null;
+      this.machine.daemonState = machine.daemonState ?? null;
+      this.machine.seq = Number(machine.seq || this.machine.seq || 0);
+    }
+    this.lastHttpUpsertStatus = res.status;
+    this.lastHttpUpsertError = null;
+    this.lastHttpUpsertAt = attemptAt;
   }
   /**
-   * Update daemon state (runtime info) - similar to session updateAgentState
-   * Simplified without lock - relies on backoff for retry
+   * Update daemon state (runtime info) via HTTP upsert.
    */
   async updateDaemonState(handler) {
-    await backoff(async () => {
+    await this.upsertBackoff(async () => {
       const updated = handler(this.machine.daemonState);
-      const answer = await this.socket.emitWithAck("machine-update-state", {
-        machineId: this.machine.id,
-        daemonState: encodeBase64(encrypt(this.machine.encryptionKey, updated)),
-        expectedVersion: this.machine.daemonStateVersion
-      });
-      if (answer.result === "success") {
-        this.machine.daemonState = decrypt(this.machine.encryptionKey, decodeBase64(answer.daemonState));
-        this.machine.daemonStateVersion = answer.version;
-        logger.debug("[API MACHINE] Daemon state updated successfully");
-      } else if (answer.result === "version-mismatch") {
-        if (answer.version > this.machine.daemonStateVersion) {
-          this.machine.daemonStateVersion = answer.version;
-          this.machine.daemonState = decrypt(this.machine.encryptionKey, decodeBase64(answer.daemonState));
-        }
-        throw new Error("Daemon state version mismatch");
-      }
+      await this.upsertMachineHttp({ daemonState: updated, metadata: this.machine.metadata });
+      logger.debug("[API MACHINE] Daemon state updated successfully");
     });
   }
+  /**
+   * Best-effort single attempt (no retries). Useful during shutdown.
+   */
+  async updateDaemonStateOnce(handler) {
+    try {
+      const updated = handler(this.machine.daemonState);
+      await this.upsertMachineHttp({ daemonState: updated, metadata: this.machine.metadata });
+      return true;
+    } catch (e) {
+      const msg = e instanceof Error ? e.message : String(e);
+      logger.debug("[API MACHINE] Daemon state update failed (best-effort):", msg);
+      return false;
+    }
+  }
+  getStatusSnapshot() {
+    return {
+      connected: this.connected,
+      lastConnectError: this.lastConnectError,
+      lastDisconnectReason: this.lastDisconnectReason,
+      lastHttpUpsertError: this.lastHttpUpsertError,
+      lastHttpUpsertStatus: this.lastHttpUpsertStatus,
+      lastHttpUpsertAt: this.lastHttpUpsertAt
+    };
+  }
   connect() {
     const serverUrl = configuration.serverUrl.replace(/^http/, "ws");
     logger.debug(`[API MACHINE] Connecting to ${serverUrl}`);
-    const machineMetadataEncrypted = encodeBase64(encrypt(this.machine.encryptionKey, this.machine.metadata));
-    const daemonStateEncrypted = this.machine.daemonState ? encodeBase64(encrypt(this.machine.encryptionKey, this.machine.daemonState)) : "";
-    const dataEncryptionKey = String(this.machine.dataEncryptionKey || "").trim();
-    if (!dataEncryptionKey) {
-      throw new Error("Missing machine dataEncryptionKey (DEK)");
-    }
     this.socket = socket_ioClient.io(serverUrl, {
       transports: ["websocket"],
       auth: {
         token: this.token,
         clientType: "machine-scoped",
-        machineId: this.machine.id,
-        dataEncryptionKey,
-        machineMetadata: machineMetadataEncrypted,
-        daemonState: daemonStateEncrypted
+        machineId: this.machine.id
       },
       path: "/v1/updates",
       reconnection: true,
@@ -3961,6 +3550,9 @@ class ApiMachineClient {
     });
     this.socket.on("connect", () => {
       logger.debug("[API MACHINE] Connected to server");
+      this.connected = true;
+      this.lastConnectError = null;
+      this.lastDisconnectReason = null;
       this.updateDaemonState((state) => ({
         ...state,
         status: "running",
@@ -3971,8 +3563,10 @@ class ApiMachineClient {
       this.rpcHandlerManager.onSocketConnect(this.socket);
       this.startKeepAlive();
     });
-    this.socket.on("disconnect", () => {
-      logger.debug("[API MACHINE] Disconnected from server");
+    this.socket.on("disconnect", (reason) => {
+      logger.debug("[API MACHINE] Disconnected from server", reason);
+      this.connected = false;
+      this.lastDisconnectReason = typeof reason === "string" ? reason : "disconnected";
       this.rpcHandlerManager.onSocketDisconnect();
       this.stopKeepAlive();
     });
@@ -3981,24 +3575,19 @@ class ApiMachineClient {
       callback(await this.rpcHandlerManager.handleRequest(data));
     });
     this.socket.on("update", (data) => {
-      if (data.body.t === "update-machine" && data.body.machineId === this.machine.id) {
+      if (data?.body?.t === "update-machine" && data.body.machineId === this.machine.id) {
         const update = data.body;
-        if (update.metadata) {
-          logger.debug("[API MACHINE] Received external metadata update");
-          this.machine.metadata = decrypt(this.machine.encryptionKey, decodeBase64(update.metadata.value));
-          this.machine.metadataVersion = update.metadata.version;
+        if (update.machine) {
+          this.machine.metadata = update.machine.metadata ?? null;
+          this.machine.daemonState = update.machine.daemonState ?? null;
+          this.machine.seq = Number(update.machine.seq || this.machine.seq || 0);
         }
-        if (update.daemonState) {
-          logger.debug("[API MACHINE] Received external daemon state update");
-          this.machine.daemonState = decrypt(this.machine.encryptionKey, decodeBase64(update.daemonState.value));
-          this.machine.daemonStateVersion = update.daemonState.version;
-        }
-      } else {
-        logger.debug(`[API MACHINE] Received unknown update type: ${data.body.t}`);
       }
     });
     this.socket.on("connect_error", (error) => {
       logger.debug(`[API MACHINE] Connection error: ${error.message}`);
+      this.connected = false;
+      this.lastConnectError = String(error?.message || "connect_error");
     });
     this.socket.io.on("error", (error) => {
       logger.debug("[API MACHINE] Socket error:", error);
@@ -4035,389 +3624,123 @@ class ApiMachineClient {
   }
 }
 
-class PushNotificationClient {
-  token;
-  baseUrl;
-  expo;
-  constructor(token, baseUrl = "https://api-internal.flockbay.com") {
-    this.token = token;
-    this.baseUrl = baseUrl;
-    this.expo = new expoServerSdk.Expo();
-  }
-  /**
-   * Fetch all push tokens for the authenticated user
-   */
-  async fetchPushTokens() {
-    try {
-      const response = await axios.get(
-        `${this.baseUrl}/v1/push-tokens`,
-        {
-          headers: {
-            "Authorization": `Bearer ${this.token}`,
-            "Content-Type": "application/json"
-          }
-        }
-      );
-      logger.debug(`Fetched ${response.data.tokens.length} push tokens`);
-      response.data.tokens.forEach((token, index) => {
-        logger.debug(`[PUSH] Token ${index + 1}: id=${token.id}, created=${new Date(token.createdAt).toISOString()}, updated=${new Date(token.updatedAt).toISOString()}`);
-      });
-      return response.data.tokens;
-    } catch (error) {
-      logger.debug("[PUSH] [ERROR] Failed to fetch push tokens:", error);
-      throw new Error(`Failed to fetch push tokens: ${error instanceof Error ? error.message : "Unknown error"}`);
-    }
-  }
-  /**
-   * Send push notification via Expo Push API with retry
-   * @param messages - Array of push messages to send
-   */
-  async sendPushNotifications(messages) {
-    logger.debug(`Sending ${messages.length} push notifications`);
-    const validMessages = messages.filter((message) => {
-      if (Array.isArray(message.to)) {
-        return message.to.every((token) => expoServerSdk.Expo.isExpoPushToken(token));
-      }
-      return expoServerSdk.Expo.isExpoPushToken(message.to);
-    });
-    if (validMessages.length === 0) {
-      logger.debug("No valid Expo push tokens found");
-      return;
-    }
-    const chunks = this.expo.chunkPushNotifications(validMessages);
-    for (const chunk of chunks) {
-      const startTime = Date.now();
-      const timeout = 3e5;
-      let attempt = 0;
-      while (true) {
-        try {
-          const ticketChunk = await this.expo.sendPushNotificationsAsync(chunk);
-          const errors = ticketChunk.filter((ticket) => ticket.status === "error");
-          if (errors.length > 0) {
-            const errorDetails = errors.map((e) => ({ message: e.message, details: e.details }));
-            logger.debug("[PUSH] Some notifications failed:", errorDetails);
-          }
-          if (errors.length === ticketChunk.length) {
-            throw new Error("All push notifications in chunk failed");
-          }
-          break;
-        } catch (error) {
-          const elapsed = Date.now() - startTime;
-          if (elapsed >= timeout) {
-            logger.debug("[PUSH] Timeout reached after 5 minutes, giving up on chunk");
-            break;
-          }
-          attempt++;
-          const delay = Math.min(1e3 * Math.pow(2, attempt), 3e4);
-          const remainingTime = timeout - elapsed;
-          const waitTime = Math.min(delay, remainingTime);
-          if (waitTime > 0) {
-            logger.debug(`[PUSH] Retrying in ${waitTime}ms (attempt ${attempt})`);
-            await new Promise((resolve) => setTimeout(resolve, waitTime));
-          }
-        }
-      }
-    }
-    logger.debug(`Push notifications sent successfully`);
-  }
-  /**
-   * Send a push notification to all registered devices for the user
-   * @param title - Notification title
-   * @param body - Notification body
-   * @param data - Additional data to send with the notification
-   */
-  sendToAllDevices(title, body, data) {
-    logger.debug(`[PUSH] sendToAllDevices called with title: "${title}", body: "${body}"`);
-    (async () => {
-      try {
-        logger.debug("[PUSH] Fetching push tokens...");
-        const tokens = await this.fetchPushTokens();
-        logger.debug(`[PUSH] Fetched ${tokens.length} push tokens`);
-        tokens.forEach((token, index) => {
-          logger.debug(`[PUSH] Using token ${index + 1}: id=${token.id}`);
-        });
-        if (tokens.length === 0) {
-          logger.debug("No push tokens found for user");
-          return;
-        }
-        const messages = tokens.map((token, index) => {
-          logger.debug(`[PUSH] Creating message ${index + 1} for token`);
-          return {
-            to: token.token,
-            title,
-            body,
-            data,
-            sound: "default",
-            priority: "high"
-          };
-        });
-        logger.debug(`[PUSH] Sending ${messages.length} push notifications...`);
-        await this.sendPushNotifications(messages);
-        logger.debug("[PUSH] Push notifications sent successfully");
-      } catch (error) {
-        logger.debug("[PUSH] Error sending to all devices:", error);
-      }
-    })();
-  }
+function machineAuthHeaders(machineToken) {
+  return { Authorization: `Machine ${machineToken}`, "Content-Type": "application/json" };
+}
+function normalizeSession(raw) {
+  return {
+    id: String(raw?.id || ""),
+    seq: Number(raw?.seq || 0),
+    active: Boolean(raw?.active),
+    activeAt: typeof raw?.activeAt === "number" ? raw.activeAt : null,
+    createdAt: typeof raw?.createdAt === "number" ? raw.createdAt : null,
+    updatedAt: typeof raw?.updatedAt === "number" ? raw.updatedAt : null,
+    metadata: raw?.metadata && typeof raw.metadata === "object" ? raw.metadata : null,
+    metadataVersion: Number(raw?.metadataVersion || 0),
+    agentState: raw?.agentState && typeof raw.agentState === "object" ? raw.agentState : null,
+    agentStateVersion: Number(raw?.agentStateVersion || 0)
+  };
+}
+function normalizeMachine(raw) {
+  return {
+    id: String(raw?.id || ""),
+    seq: Number(raw?.seq || 0),
+    active: Boolean(raw?.active),
+    activeAt: typeof raw?.activeAt === "number" ? raw.activeAt : null,
+    createdAt: typeof raw?.createdAt === "number" ? raw.createdAt : null,
+    updatedAt: typeof raw?.updatedAt === "number" ? raw.updatedAt : null,
+    metadata: raw?.metadata && typeof raw.metadata === "object" ? raw.metadata : null,
+    daemonState: raw?.daemonState && typeof raw.daemonState === "object" ? raw.daemonState : null
+  };
 }
-
 class ApiClient {
-  static async create(credential) {
-    return new ApiClient(credential);
+  constructor(auth) {
+    this.auth = auth;
   }
-  credential;
-  pushClient;
-  constructor(credential) {
-    this.credential = credential;
-    this.pushClient = new PushNotificationClient(credential.token, configuration.serverUrl);
+  static async create(auth) {
+    return new ApiClient(auth);
+  }
+  baseUrl() {
+    return configuration.serverUrl.replace(/\/+$/, "");
+  }
+  async createSession(opts) {
+    const response = await axios.post(
+      `${this.baseUrl()}/v1/sessions`,
+      { metadata: opts.metadata ?? {}, agentState: opts.state ?? null },
+      { headers: machineAuthHeaders(this.auth.machineToken), timeout: 6e4 }
+    );
+    return normalizeSession(response.data?.session);
   }
-  /**
-   * Create a new session or load existing one with the given tag
-   */
   async getOrCreateSession(opts) {
-    const encryptionKey = getRandomBytes(32);
-    const encryptedDataKey = libsodiumEncryptForPublicKey(encryptionKey, this.credential.encryption.publicKey);
-    const dataEncryptionKey = new Uint8Array(encryptedDataKey.length + 1);
-    dataEncryptionKey.set([0], 0);
-    dataEncryptionKey.set(encryptedDataKey, 1);
-    try {
-      const response = await axios.post(
-        `${configuration.serverUrl}/v1/sessions`,
-        {
-          tag: opts.tag,
-          metadata: encodeBase64(encrypt(encryptionKey, opts.metadata)),
-          agentState: opts.state ? encodeBase64(encrypt(encryptionKey, opts.state)) : null,
-          dataEncryptionKey: encodeBase64(dataEncryptionKey)
-        },
-        {
-          headers: {
-            "Authorization": `Bearer ${this.credential.token}`,
-            "Content-Type": "application/json"
-          },
-          timeout: 6e4
-          // 1 minute timeout for very bad network connections
-        }
-      );
-      logger.debug(`Session created/loaded: ${response.data.session.id} (tag: ${opts.tag})`);
-      let raw = response.data.session;
-      let session = {
-        id: raw.id,
-        seq: raw.seq,
-        metadata: decrypt(encryptionKey, decodeBase64(raw.metadata)),
-        metadataVersion: raw.metadataVersion,
-        agentState: raw.agentState ? decrypt(encryptionKey, decodeBase64(raw.agentState)) : null,
-        agentStateVersion: raw.agentStateVersion,
-        encryptionKey
-      };
-      return session;
-    } catch (error) {
-      logger.debug("[API] [ERROR] Failed to get or create session:", error);
-      throw new Error(`Failed to get or create session: ${error instanceof Error ? error.message : "Unknown error"}`);
-    }
+    const tag = String(opts?.tag || "").trim();
+    const metadata = opts?.metadata && typeof opts.metadata === "object" ? opts.metadata : {};
+    const merged = tag ? { ...metadata, tag } : metadata;
+    return this.createSession({ metadata: merged, state: opts.state ?? null });
+  }
+  async getSessionById(sessionId) {
+    const id = String(sessionId || "").trim();
+    if (!id) throw new Error("Session id is required");
+    const response = await axios.get(
+      `${this.baseUrl()}/v1/sessions/${encodeURIComponent(id)}`,
+      { headers: machineAuthHeaders(this.auth.machineToken), timeout: 6e4 }
+    );
+    return normalizeSession(response.data?.session);
   }
-  /**
-   * Register or update machine with the server
-   * Returns the current machine state from the server with decrypted metadata and daemonState
-   */
-  async getOrCreateMachine(opts) {
-    const encryptionKey = this.credential.encryption.machineKey;
-    const encryptedDataKey = libsodiumEncryptForPublicKey(encryptionKey, this.credential.encryption.publicKey);
-    const dataEncryptionKey = new Uint8Array(encryptedDataKey.length + 1);
-    dataEncryptionKey.set([0], 0);
-    dataEncryptionKey.set(encryptedDataKey, 1);
+  async upsertMachine(opts) {
+    const machineId = String(opts.machineId || "").trim();
+    if (!machineId) throw new Error("Machine id is required");
     const response = await axios.post(
-      `${configuration.serverUrl}/v1/machines`,
-      {
-        id: opts.machineId,
-        metadata: encodeBase64(encrypt(encryptionKey, opts.metadata)),
-        daemonState: opts.daemonState ? encodeBase64(encrypt(encryptionKey, opts.daemonState)) : void 0,
-        dataEncryptionKey: encodeBase64(dataEncryptionKey)
-      },
-      {
-        headers: {
-          "Authorization": `Bearer ${this.credential.token}`,
-          "Content-Type": "application/json"
-        },
-        timeout: 6e4
-        // 1 minute timeout for very bad network connections
-      }
+      `${this.baseUrl()}/v1/machines`,
+      { id: machineId, metadata: opts.metadata ?? {}, daemonState: opts.daemonState ?? null },
+      { headers: machineAuthHeaders(this.auth.machineToken), timeout: 6e4 }
     );
-    if (response.status !== 200) {
-      console.error(chalk.red(`[API] Failed to create machine: ${response.statusText}`));
-      console.log(chalk.yellow(`[API] Failed to create machine: ${response.statusText}, most likely you have re-authenticated, but you still have a machine associated with the old account. Now we are trying to re-associate the machine with the new account. That is not allowed. Please run 'flockbay doctor clean' to clean up your local state, and try your original command again. Please create an issue on GitHub if this is causing you problems. We apologize for the inconvenience.`));
-      process.exit(1);
-    }
-    const raw = response.data.machine;
-    logger.debug(`[API] Machine ${opts.machineId} registered/updated with server`);
-    const machine = {
-      id: raw.id,
-      dataEncryptionKey: String(raw.dataEncryptionKey || ""),
-      encryptionKey,
-      metadata: raw.metadata ? decrypt(encryptionKey, decodeBase64(raw.metadata)) : null,
-      metadataVersion: raw.metadataVersion || 0,
-      daemonState: raw.daemonState ? decrypt(encryptionKey, decodeBase64(raw.daemonState)) : null,
-      daemonStateVersion: raw.daemonStateVersion || 0
-    };
-    return machine;
+    return normalizeMachine(response.data?.machine);
+  }
+  async getOrCreateMachine(opts) {
+    return this.upsertMachine(opts);
   }
-  /**
-   * Fetch an existing machine by id.
-   * Useful when the daemon needs the latest server-side machine metadata (e.g. dev toggles).
-   */
   async getMachine(machineId) {
     const id = String(machineId || "").trim();
-    if (!id) {
-      throw new Error("Machine id is required");
-    }
-    const encryptionKey = this.credential.encryption.machineKey;
+    if (!id) throw new Error("Machine id is required");
     const response = await axios.get(
-      `${configuration.serverUrl}/v1/machines/${encodeURIComponent(id)}`,
-      {
-        headers: {
-          "Authorization": `Bearer ${this.credential.token}`,
-          "Content-Type": "application/json"
-        },
-        timeout: 6e4
-      }
+      `${this.baseUrl()}/v1/machines/${encodeURIComponent(id)}`,
+      { headers: machineAuthHeaders(this.auth.machineToken), timeout: 6e4 }
     );
-    if (response.status !== 200) {
-      throw new Error(`Failed to fetch machine: ${response.statusText}`);
-    }
-    const raw = response.data?.machine;
-    if (!raw?.id) {
-      throw new Error("Invalid machine response");
-    }
-    const machine = {
-      id: raw.id,
-      dataEncryptionKey: String(raw.dataEncryptionKey || ""),
-      encryptionKey,
-      metadata: raw.metadata ? decrypt(encryptionKey, decodeBase64(raw.metadata)) : null,
-      metadataVersion: raw.metadataVersion || 0,
-      daemonState: raw.daemonState ? decrypt(encryptionKey, decodeBase64(raw.daemonState)) : null,
-      daemonStateVersion: raw.daemonStateVersion || 0
-    };
-    return machine;
-  }
-  sessionSyncClient(session) {
-    return new ApiSessionClient(this.credential.token, session);
+    return normalizeMachine(response.data?.machine);
+  }
+  async registerVendorToken(vendor, token) {
+    const v = String(vendor || "").trim().toLowerCase();
+    if (!v) throw new Error("Vendor is required");
+    await axios.post(
+      `${this.baseUrl()}/v1/vendor-tokens/${encodeURIComponent(v)}`,
+      { token },
+      { headers: machineAuthHeaders(this.auth.machineToken), timeout: 6e4 }
+    );
+    return { ok: true };
   }
-  machineSyncClient(machine) {
-    return new ApiMachineClient(this.credential.token, machine);
+  async getVendorToken(vendor) {
+    const v = String(vendor || "").trim().toLowerCase();
+    if (!v) throw new Error("Vendor is required");
+    const response = await axios.get(`${this.baseUrl()}/v1/vendor-tokens/${encodeURIComponent(v)}`, {
+      headers: machineAuthHeaders(this.auth.machineToken),
+      timeout: 6e4,
+      validateStatus: (s) => s >= 200 && s < 300 || s === 404
+    });
+    if (response.status === 404) return null;
+    return response.data?.token ?? null;
   }
   push() {
-    return this.pushClient;
-  }
-  /**
-   * Register a vendor API token with the server
-   * The token is sent as a JSON string - server handles encryption
-   */
-  async registerVendorToken(vendor, apiKey) {
-    try {
-      const response = await axios.post(
-        `${configuration.serverUrl}/v1/connect/${vendor}/register`,
-        {
-          token: JSON.stringify(apiKey)
-        },
-        {
-          headers: {
-            "Authorization": `Bearer ${this.credential.token}`,
-            "Content-Type": "application/json"
-          },
-          timeout: 5e3
-        }
-      );
-      if (response.status !== 200 && response.status !== 201) {
-        throw new Error(`Server returned status ${response.status}`);
+    return {
+      sendToAllDevices: async () => {
+        return;
       }
-      logger.debug(`[API] Vendor token for ${vendor} registered successfully`);
-    } catch (error) {
-      logger.debug(`[API] [ERROR] Failed to register vendor token:`, error);
-      throw new Error(`Failed to register vendor token: ${error instanceof Error ? error.message : "Unknown error"}`);
-    }
+    };
   }
-  /**
-   * Get vendor API token from the server
-   * Returns the token if it exists, null otherwise
-   */
-  async getVendorToken(vendor) {
-    try {
-      const response = await axios.get(
-        `${configuration.serverUrl}/v1/connect/${vendor}/token`,
-        {
-          headers: {
-            "Authorization": `Bearer ${this.credential.token}`,
-            "Content-Type": "application/json"
-          },
-          timeout: 5e3
-        }
-      );
-      if (response.status === 404) {
-        logger.debug(`[API] No vendor token found for ${vendor}`);
-        return null;
-      }
-      if (response.status !== 200) {
-        throw new Error(`Server returned status ${response.status}`);
-      }
-      logger.debug(`[API] Raw vendor token response:`, {
-        status: response.status,
-        dataKeys: Object.keys(response.data || {}),
-        hasToken: "token" in (response.data || {}),
-        tokenType: typeof response.data?.token,
-        present: response.data?.present
-      });
-      const present = typeof response.data?.present === "boolean" ? response.data.present : null;
-      const tokenField = response.data?.token;
-      if (present === true && (tokenField === null || tokenField === void 0 || tokenField === "")) {
-        logger.debug(`[API] Vendor token for ${vendor} is present but redacted by the server (FLOCKBAY_REDACT_CONNECTED_TOKENS=1).`);
-        return null;
-      }
-      let tokenData = null;
-      if (response.data?.token) {
-        if (typeof response.data.token === "string") {
-          try {
-            tokenData = JSON.parse(response.data.token);
-          } catch (parseError) {
-            logger.debug(`[API] Failed to parse token as JSON, using as string:`, parseError);
-            tokenData = response.data.token;
-          }
-        } else if (response.data.token !== null) {
-          tokenData = response.data.token;
-        } else {
-          logger.debug(`[API] Token is null for ${vendor}, treating as not found`);
-          return null;
-        }
-      } else if (response.data && typeof response.data === "object") {
-        if (response.data.token === null && response.data.present === false) {
-          logger.debug(`[API] Response contains present=false and null token for ${vendor}, treating as not found`);
-          return null;
-        }
-        if (response.data.token === null && Object.keys(response.data).length === 1) {
-          logger.debug(`[API] Response contains only null token for ${vendor}, treating as not found`);
-          return null;
-        }
-        tokenData = response.data;
-      }
-      if (tokenData === null || tokenData && typeof tokenData === "object" && tokenData.token === null && Object.keys(tokenData).length === 1) {
-        logger.debug(`[API] Token data is null for ${vendor}`);
-        return null;
-      }
-      if (tokenData && typeof tokenData === "object" && "token" in tokenData && "present" in tokenData) {
-        logger.debug(`[API] Received token metadata object for ${vendor}; returning parsed token field only.`);
-        return tokenData.token ? tokenData.token : null;
-      }
-      logger.debug(`[API] Vendor token for ${vendor} retrieved successfully`, {
-        tokenDataType: typeof tokenData,
-        tokenDataKeys: tokenData && typeof tokenData === "object" ? Object.keys(tokenData) : "not an object"
-      });
-      return tokenData;
-    } catch (error) {
-      if (error.response?.status === 404) {
-        logger.debug(`[API] No vendor token found for ${vendor}`);
-        return null;
-      }
-      logger.debug(`[API] [ERROR] Failed to get vendor token:`, error);
-      return null;
-    }
+  sessionSyncClient(session) {
+    return new ApiSessionClient(this.auth.machineToken, session);
+  }
+  machineSyncClient(machine) {
+    return new ApiMachineClient(this.auth.machineToken, machine);
   }
 }
 
@@ -4469,8 +3792,8 @@ const RawJSONLinesSchema = z.z.discriminatedUnion("type", [
 ]);
 
 exports.ApiClient = ApiClient;
+exports.ApiMachineClient = ApiMachineClient;
 exports.ApiSessionClient = ApiSessionClient;
-exports.AsyncLock = AsyncLock;
 exports.RawJSONLinesSchema = RawJSONLinesSchema;
 exports.acquireDaemonLock = acquireDaemonLock;
 exports.backoff = backoff;
@@ -4478,10 +3801,7 @@ exports.clearCredentials = clearCredentials;
 exports.clearDaemonState = clearDaemonState;
 exports.clearMachineId = clearMachineId;
 exports.configuration = configuration;
-exports.decodeBase64 = decodeBase64;
 exports.delay = delay;
-exports.encodeBase64 = encodeBase64;
-exports.encodeBase64Url = encodeBase64Url;
 exports.getLatestDaemonLog = getLatestDaemonLog;
 exports.installUnrealMcpPluginToEngine = installUnrealMcpPluginToEngine;
 exports.logger = logger;
@@ -4494,5 +3814,5 @@ exports.releaseDaemonLock = releaseDaemonLock;
 exports.sendUnrealMcpTcpCommand = sendUnrealMcpTcpCommand;
 exports.unrealMcpPythonDir = unrealMcpPythonDir;
 exports.updateSettings = updateSettings;
-exports.writeCredentialsDataKey = writeCredentialsDataKey;
+exports.writeCredentials = writeCredentials;
 exports.writeDaemonState = writeDaemonState;