happy-imou-cloud 2.1.44 → 2.1.47

package/dist/{index-DxF1W0nt.mjs → index-Cp1I5I3U.mjs}

@@ -1,28 +1,27 @@
 import{createRequire as _pkgrollCR}from"node:module";const require=_pkgrollCR(import.meta.url);import chalk from 'chalk';
-import { l as logger, q as encodeBase64, c as configuration, t as readCredentials, u as ensureSigningCredentials, r as readSettings, v as updateSettings, w as encodeBase64Url, m as delay, x as buildClientHeaders, y as decodeBase64, z as writeCredentialsLegacy, B as writeCredentialsDataKey, C as readDaemonState, D as HAPPY_CLOUD_DAEMON_PORT, E as clearDaemonState, F as packageJson, i as isAuthenticationRequiredError, G as acquireDaemonLock, I as writeDaemonState, A as ApiClient, J as releaseDaemonLock, K as validateProfileForAgent, L as getProfileEnvironmentVariables, M as clearCredentials, N as clearMachineId, O as readHappyOrgDispatchTruthSnapshot, P as processHappyOrgRepoRequests, Q as readHappyOrgRepoTaskBoard, R as HappyOrgTurnReportSchema, S as recordHappyOrgTurnReport, T as MessageContentSchema, U as buildSocketAuth, V as encrypt, H as HeadTailPreviewBuffer, W as getLatestDaemonLog } from './api-BhMVpzwg.mjs';
+import { l as logger, q as encodeBase64, c as configuration, t as readCredentials, u as ensureSigningCredentials, r as readSettings, v as updateSettings, w as encodeBase64Url, m as delay, x as buildClientHeaders, y as decodeBase64, z as writeCredentialsLegacy, B as writeCredentialsDataKey, C as readDaemonState, D as HAPPY_CLOUD_DAEMON_PORT, E as clearDaemonState, F as packageJson, i as isAuthenticationRequiredError, G as buildSessionRuntimeIndex, I as acquireDaemonLock, J as writeDaemonState, A as ApiClient, K as releaseDaemonLock, L as validateProfileForAgent, M as getProfileEnvironmentVariables, N as clearCredentials, O as clearMachineId, P as readHappyOrgDispatchTruthSnapshot, Q as processHappyOrgRepoRequests, R as readHappyOrgRepoTaskBoard, S as HappyOrgTurnReportSchema, T as recordHappyOrgTurnReport, U as MessageContentSchema, V as buildSocketAuth, W as encrypt, H as HeadTailPreviewBuffer, X as getLatestDaemonLog } from './api-D3vYIva3.mjs';
 import { z } from 'zod';
 import fs, { writeFile as writeFile$1, rename, unlink as unlink$1 } from 'fs/promises';
-import os$1, { homedir } from 'os';
-import * as tmp from 'tmp';
+import os$1, { homedir as homedir$1 } from 'os';
 import { randomUUID, randomBytes, createCipheriv } from 'node:crypto';
 import tweetnacl from 'tweetnacl';
 import axios from 'axios';
 import qrcode from 'qrcode-terminal';
 import { writeFile, unlink, readdir, readFile, mkdir } from 'node:fs/promises';
 import { createRequire } from 'node:module';
-import os, { tmpdir, homedir as homedir$1 } from 'node:os';
-import path, { join, resolve as resolve$1, dirname as dirname$1, normalize, isAbsolute, delimiter, basename } from 'node:path';
+import os, { tmpdir, homedir } from 'node:os';
+import path, { join, resolve as resolve$1, dirname as dirname$1, normalize, isAbsolute, delimiter, relative, basename } from 'node:path';
 import open from 'open';
 import React, { useState } from 'react';
 import { useInput, Box, Text, render } from 'ink';
 import { spawn, execSync, exec } from 'child_process';
 import { dirname, resolve, join as join$1 } from 'path';
 import { fileURLToPath } from 'url';
-import { readFileSync as readFileSync$1, existsSync as existsSync$1, writeFileSync, chmodSync, unlinkSync as unlinkSync$1, mkdirSync } from 'fs';
+import { readFileSync as readFileSync$1, existsSync as existsSync$1, writeFileSync as writeFileSync$1, chmodSync, unlinkSync as unlinkSync$1, mkdirSync as mkdirSync$1 } from 'fs';
 import { execFileSync, spawn as spawn$2, execSync as execSync$1 } from 'node:child_process';
 import psList from 'ps-list';
 import spawn$1 from 'cross-spawn';
-import fs$1, { existsSync, readFileSync, readdirSync, statSync, unlinkSync, rmSync, mkdirSync as mkdirSync$1, mkdtempSync, cpSync, realpathSync } from 'node:fs';
+import fs$1, { existsSync, readFileSync, readdirSync, statSync, unlinkSync, mkdirSync, writeFileSync, cpSync, rmSync, mkdtempSync, realpathSync } from 'node:fs';
 import fastify from 'fastify';
 import { validatorCompiler, serializerCompiler } from 'fastify-type-provider-zod';
 import { randomUUID as randomUUID$1, randomBytes as randomBytes$1, createHash } from 'crypto';
@@ -2830,16 +2829,27 @@ function createSessionMetadata(opts) {
   };
 }
 
+function archiveManagedSessionWithObserver(opts) {
+  if (!opts.userScopedObserver || !opts.sessionIndex) {
+    return false;
+  }
+  return opts.userScopedObserver.syncSessionRuntimeIndex(opts.sessionId, {
+    ...opts.sessionIndex,
+    lifecycleState: "archived"
+  }, {
+    markInactive: true
+  });
+}
 async function archiveManagedSessionById(opts) {
   try {
-    const sessionClient = opts.api.sessionSyncClient({ id: opts.sessionId });
+    const sessionClient = opts.api.sessionSyncClient(opts.session);
     await closeProviderSession(sessionClient, {
       archiveReason: opts.archiveReason,
       archivedBy: "daemon"
     });
   } catch (error) {
     logger.debug(
-      `[DAEMON RUN] Failed to archive managed session ${opts.sessionId}: ${opts.archiveReason}`,
+      `[DAEMON RUN] Failed to archive managed session ${opts.session.id}: ${opts.archiveReason}`,
       error
     );
   }
@@ -2868,7 +2878,7 @@ async function precreateDaemonManagedSession(opts) {
 async function archivePrecreatedManagedSession(opts) {
   await archiveManagedSessionById({
     api: opts.api,
-    sessionId: opts.session.id,
+    session: opts.session,
     archiveReason: opts.archiveReason
   });
 }
@@ -2877,11 +2887,15 @@ async function archiveDetachedManagedSessionIfNeeded(opts) {
   if (trackedSession.startedBy !== "daemon" || !trackedSession.happySessionId || trackedSession.happySessionMetadataFromLocalWebhook || trackedSession.skipDetachedManagedSessionArchive) {
     return false;
   }
-  await archiveManagedSessionById({
-    api: opts.api,
+  if (!archiveManagedSessionWithObserver({
+    userScopedObserver: opts.userScopedObserver,
     sessionId: trackedSession.happySessionId,
-    archiveReason: opts.archiveReason
-  });
+    sessionIndex: trackedSession.sessionIndex
+  })) {
+    logger.debug(
+      `[DAEMON RUN] Detached managed session ${trackedSession.happySessionId} cannot be archived because runtime index sync is unavailable`
+    );
+  }
   return true;
 }
 
@@ -2959,6 +2973,7 @@ function createTrackedSessionFromRemoteIndexEntry(entry) {
   return {
     startedBy,
     happySessionId: entry.id,
+    sessionIndex: entry.sessionIndex ?? null,
     pid: entry.sessionIndex?.hostPid ?? 0
   };
 }
@@ -2985,6 +3000,7 @@ async function recoverTrackedSessionsFromRemoteIndex({
   machineId,
   trackedSessionPids,
   trackSession,
+  removeTrackedSession,
   userScopedObserver,
   lookupHappyProcessByPid = findHappyProcessByPid,
   archiveStaleSessions = true,
@@ -2999,7 +3015,13 @@ async function recoverTrackedSessionsFromRemoteIndex({
   for (const session of sessions) {
     const sessionIndex = session.sessionIndex;
     const pid = sessionIndex?.hostPid;
-    if (!sessionIndex || sessionIndex.machineId !== machineId || typeof pid !== "number" || sessionIndex.lifecycleState === "archived") {
+    if (!sessionIndex || sessionIndex.machineId !== machineId || typeof pid !== "number") {
+      continue;
+    }
+    if (sessionIndex.lifecycleState === "archived" || session.active === false) {
+      if (alreadyTracked.has(pid)) {
+        removeTrackedSession?.(pid, session.id);
+      }
       continue;
     }
     if (alreadyTracked.has(pid)) {
@@ -3039,6 +3061,7 @@ async function recoverTrackedSessionsFromRemoteIndex({
       }
       const archived = await archiveStaleRemoteSession(userScopedObserver, session);
       if (archived) {
+        removeTrackedSession?.(pid, session.id);
         archivedStaleCount++;
       } else {
         skippedStaleCount++;
@@ -3107,6 +3130,7 @@ function createTrackedSessionFromRegistryEntry(entry) {
     startedBy: metadata.startedBy === "daemon" ? "daemon" : "happy directly - likely by user from terminal",
     happySessionId: entry.sessionId,
     happySessionMetadataFromLocalWebhook: metadata,
+    sessionIndex: buildSessionRuntimeIndex(metadata),
     pid: entry.pid
   };
 }
@@ -3384,6 +3408,50 @@ function resolveTrackedHappySessionId(opts) {
   return opts.precreatedSessionId ?? opts.requestedSessionId;
 }
 
+const CODEX_HOME_CONFIG_FILES = [
+  "config.toml",
+  "cap_sid",
+  "version.json",
+  "MEMORY.md"
+];
+const CODEX_HOME_CONFIG_DIRS = [
+  "rules",
+  "skills"
+];
+function copyCodexHomeEntry$1(sourcePath, destPath) {
+  if (!existsSync(sourcePath)) {
+    return;
+  }
+  mkdirSync(dirname$1(destPath), { recursive: true });
+  cpSync(sourcePath, destPath, {
+    recursive: true,
+    force: true,
+    dereference: false,
+    verbatimSymlinks: true
+  });
+}
+function createDaemonCodexAuthHome(options) {
+  const sourceHomeDir = options.sourceHomeDir ?? join(homedir(), ".codex");
+  const targetHomeDir = options.tempDir;
+  mkdirSync(targetHomeDir, { recursive: true });
+  for (const fileName of CODEX_HOME_CONFIG_FILES) {
+    try {
+      copyCodexHomeEntry$1(join(sourceHomeDir, fileName), join(targetHomeDir, fileName));
+    } catch (error) {
+      logger.debug(`[codex] Failed to copy source CODEX_HOME file ${fileName} into daemon auth home`, error);
+    }
+  }
+  for (const dirName of CODEX_HOME_CONFIG_DIRS) {
+    try {
+      copyCodexHomeEntry$1(join(sourceHomeDir, dirName), join(targetHomeDir, dirName));
+    } catch (error) {
+      logger.debug(`[codex] Failed to copy source CODEX_HOME directory ${dirName} into daemon auth home`, error);
+    }
+  }
+  writeFileSync(join(targetHomeDir, "auth.json"), options.authJson, "utf8");
+  return targetHomeDir;
+}
+
 const DEFAULT_SESSION_WEBHOOK_TIMEOUT_MS = 45e3;
 const DEFAULT_TRACKED_SESSION_SWEEP_INTERVAL_MS = 5e3;
 function resolveSessionWebhookTimeoutMs() {
@@ -3499,11 +3567,13 @@ async function startDaemon() {
     const pidToTrackedSession = /* @__PURE__ */ new Map();
     const pidToAwaiter = /* @__PURE__ */ new Map();
     const getCurrentChildren = () => Array.from(pidToTrackedSession.values());
+    let userScopedObserver = null;
     const removeTrackedSession = (pid, archiveReason) => {
       const trackedSession = pidToTrackedSession.get(pid);
       if (trackedSession && api) {
         void archiveDetachedManagedSessionIfNeeded({
           api,
+          userScopedObserver,
           trackedSession,
           archiveReason
         });
@@ -3523,6 +3593,7 @@ async function startDaemon() {
       if (existingSession && existingSession.startedBy === "daemon") {
         existingSession.happySessionId = sessionId;
         existingSession.happySessionMetadataFromLocalWebhook = sessionMetadata;
+        existingSession.sessionIndex = buildSessionRuntimeIndex(sessionMetadata);
         logger.debug(`[DAEMON RUN] Updated daemon-spawned session ${sessionId} with metadata`);
         const awaiter = pidToAwaiter.get(pid);
         if (awaiter) {
@@ -3538,6 +3609,7 @@ async function startDaemon() {
           startedBy: "happy directly - likely by user from terminal",
           happySessionId: sessionId,
           happySessionMetadataFromLocalWebhook: sessionMetadata,
+          sessionIndex: buildSessionRuntimeIndex(sessionMetadata),
           pid
         };
         pidToTrackedSession.set(pid, trackedSession);
@@ -3590,9 +3662,11 @@ async function startDaemon() {
         const authEnv = {};
         if (options.token) {
           if (options.agent === "codex") {
-            const codexHomeDir = tmp.dirSync();
-            fs.writeFile(join$1(codexHomeDir.name, "auth.json"), options.token);
-            authEnv.CODEX_HOME = codexHomeDir.name;
+            const codexHomeDir = await fs.mkdtemp(join$1(os$1.tmpdir(), "happy-codex-daemon-home-"));
+            authEnv.CODEX_HOME = createDaemonCodexAuthHome({
+              authJson: options.token,
+              tempDir: codexHomeDir
+            });
           } else {
             authEnv.CLAUDE_CODE_OAUTH_TOKEN = options.token;
           }
@@ -3696,6 +3770,7 @@ async function startDaemon() {
                 requestedSessionId: options.sessionId,
                 precreatedSessionId: precreatedCodexSession?.id
               }),
+              sessionIndex: buildSessionRuntimeIndex(precreatedCodexSession?.metadata),
               skipDetachedManagedSessionArchive: reuseExistingManagedSession,
               pid: tmuxResult.pid,
               // Real PID from tmux -P flag
@@ -3840,6 +3915,7 @@ ${stderrSnapshot}`);
               requestedSessionId: options.sessionId,
               precreatedSessionId: precreatedCodexSession?.id
             }),
+            sessionIndex: buildSessionRuntimeIndex(precreatedCodexSession?.metadata),
             skipDetachedManagedSessionArchive: reuseExistingManagedSession,
             pid: happyProcess.pid,
             childProcess: happyProcess,
@@ -4028,7 +4104,6 @@ ${stderrSnapshot}`);
     };
     api = await ApiClient.create(credentials);
     const activeApi = api;
-    let userScopedObserver = null;
     if (credentials.signing) {
       try {
         userScopedObserver = activeApi.userScopedObserverClient?.() ?? null;
@@ -4063,6 +4138,13 @@ ${stderrSnapshot}`);
         trackSession: (pid, trackedSession) => {
           pidToTrackedSession.set(pid, trackedSession);
         },
+        removeTrackedSession: (pid, sessionId) => {
+          const trackedSession = pidToTrackedSession.get(pid);
+          if (trackedSession?.happySessionId === sessionId) {
+            pidToTrackedSession.delete(pid);
+            logger.debug(`[DAEMON RUN] Removed archived remote session ${sessionId} from tracking`);
+          }
+        },
         userScopedObserver,
         archiveStaleSessions: opts.archiveStaleSessions,
         skipArchivalSessionIds: pendingManagedRespawnSessionIds
@@ -4300,7 +4382,7 @@ async function install$1() {
             </dict>
             </plist>
         `);
-    writeFileSync(PLIST_FILE$1, plistContent);
+    writeFileSync$1(PLIST_FILE$1, plistContent);
     chmodSync(PLIST_FILE$1, 420);
     logger.info(`Created daemon plist at ${PLIST_FILE$1}`);
     execSync(`launchctl load ${PLIST_FILE$1}`, { stdio: "inherit" });
@@ -5153,10 +5235,10 @@ async function handleConnectStatus() {
 }
 function updateLocalGeminiCredentials(tokens) {
   try {
-    const geminiDir = join$1(homedir(), ".gemini");
+    const geminiDir = join$1(homedir$1(), ".gemini");
     const credentialsPath = join$1(geminiDir, "oauth_creds.json");
     if (!existsSync$1(geminiDir)) {
-      mkdirSync(geminiDir, { recursive: true });
+      mkdirSync$1(geminiDir, { recursive: true });
     }
     const credentials = {
       access_token: tokens.access_token,
@@ -5166,7 +5248,7 @@ function updateLocalGeminiCredentials(tokens) {
       ...tokens.id_token && { id_token: tokens.id_token },
       ...tokens.expires_in && { expires_in: tokens.expires_in }
     };
-    writeFileSync(credentialsPath, JSON.stringify(credentials, null, 2), "utf-8");
+    writeFileSync$1(credentialsPath, JSON.stringify(credentials, null, 2), "utf-8");
     console.log(chalk.gray(`  Updated local credentials: ${credentialsPath}`));
   } catch (error) {
     console.log(chalk.yellow(`  \u26A0\uFE0F Could not update local credentials: ${error}`));
@@ -6074,7 +6156,7 @@ function getProjectPath(workingDirectory, claudeConfigDirOverride) {
   const projectId = resolve$1(workingDirectory).replace(/[^a-zA-Z0-9-]/g, "-");
   const claudeConfigDirRaw = process.env.CLAUDE_CONFIG_DIR ?? "";
   const claudeConfigDirTrimmed = claudeConfigDirRaw.trim();
-  const claudeConfigDir = claudeConfigDirTrimmed ? claudeConfigDirTrimmed : join(homedir$1(), ".claude");
+  const claudeConfigDir = claudeConfigDirTrimmed ? claudeConfigDirTrimmed : join(homedir(), ".claude");
   return join(claudeConfigDir, "projects", projectId);
 }
 
@@ -6139,7 +6221,7 @@ class ExitCodeError extends Error {
 const claudeCliPath = resolve$1(join(projectPath(), "scripts", "claude_local_launcher.cjs"));
 async function claudeLocal(opts) {
   const projectDir = getProjectPath(opts.path);
-  mkdirSync$1(projectDir, { recursive: true });
+  mkdirSync(projectDir, { recursive: true });
   const hasContinueFlag = opts.claudeArgs?.includes("--continue");
   const hasResumeFlag = opts.claudeArgs?.includes("--resume");
   const hasUserSessionControl = hasContinueFlag || hasResumeFlag;
@@ -8609,11 +8691,15 @@ class AcpBackend {
   transport;
   sessionPreferences;
   sessionConfigOptions = null;
+  agentCapabilities = null;
   /** Keep a short rolling stderr buffer so startup failures can surface the real cause. */
   recentStderrLines = [];
   acpMaxMultilineStdoutBytes;
   oversizedStdoutNoticeEmittedForCurrentTurn = false;
   resourceCleanupDone = false;
+  getProviderSessionId() {
+    return this.acpSessionId;
+  }
   recordRecentStderr(text) {
     const normalized = text.split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
     if (normalized.length === 0) {
@@ -8650,6 +8736,14 @@ class AcpBackend {
   updateSessionConfigOptions(configOptions) {
     this.sessionConfigOptions = Array.isArray(configOptions) ? configOptions : null;
   }
+  supportsLoadSession() {
+    const capabilities = this.agentCapabilities;
+    return capabilities?.loadSession === true;
+  }
+  supportsResumeSession() {
+    const capabilities = this.agentCapabilities;
+    return capabilities?.sessionCapabilities?.resume != null;
+  }
   syncSessionConfigOptionsFromUpdate(update) {
     const configOptions = update.configOptions;
     if (!Array.isArray(configOptions)) {
@@ -9231,7 +9325,7 @@ Recent stderr: ${recentStderrSummaryLine}` : `Signal: ${signal}`;
         await delay(initDelayMs);
       }
       logger.debug(`[AcpBackend] Initializing connection (timeout: ${initTimeout}ms)...`);
-      await withRetry(
+      const initializeResponse = await withRetry(
         async () => {
           let timeoutHandle = null;
           try {
@@ -9272,6 +9366,7 @@ Recent stderr: ${recentStderrSummaryLine}` : `Signal: ${signal}`;
           shouldRetry: (error) => !(error instanceof AcpProcessStartupError)
         }
       );
+      this.agentCapabilities = initializeResponse.agentCapabilities ?? null;
       logger.debug(`[AcpBackend] Initialize completed`);
       const mcpServers = this.options.mcpServers ? Object.entries(this.options.mcpServers).map(([name, config]) => ({
         name,
@@ -9283,7 +9378,21 @@ Recent stderr: ${recentStderrSummaryLine}` : `Signal: ${signal}`;
         cwd: this.options.cwd,
         mcpServers
       };
-      logger.debug(`[AcpBackend] Creating new session...`);
+      const requestedResumeSessionId = typeof this.options.resumeSessionId === "string" && this.options.resumeSessionId.trim() ? this.options.resumeSessionId.trim() : null;
+      const sessionOperation = requestedResumeSessionId && this.supportsResumeSession() ? "resume" : requestedResumeSessionId && this.supportsLoadSession() ? "load" : "new";
+      const sessionRequest = sessionOperation === "resume" ? {
+        cwd: this.options.cwd,
+        mcpServers,
+        sessionId: requestedResumeSessionId
+      } : sessionOperation === "load" ? {
+        cwd: this.options.cwd,
+        mcpServers,
+        sessionId: requestedResumeSessionId
+      } : newSessionRequest;
+      if (requestedResumeSessionId && sessionOperation === "new") {
+        throw new Error("ACP agent does not support session resume/load; refusing to fork the Codex conversation");
+      }
+      logger.debug(`[AcpBackend] ${sessionOperation === "new" ? "Creating new" : `${sessionOperation === "resume" ? "Resuming" : "Loading"} existing`} session...`);
       const sessionResponse = await withRetry(
         async () => {
           let timeoutHandle = null;
@@ -9291,7 +9400,7 @@ Recent stderr: ${recentStderrSummaryLine}` : `Signal: ${signal}`;
             const result = await raceWithProcessExit(
               this.process,
               () => Promise.race([
-                this.connection.newSession(newSessionRequest).then((res) => {
+                (sessionOperation === "resume" ? this.connection.resumeSession(sessionRequest) : sessionOperation === "load" ? this.connection.loadSession(sessionRequest) : this.connection.newSession(sessionRequest)).then((res) => {
                   if (timeoutHandle) {
                     clearTimeout(timeoutHandle);
                     timeoutHandle = null;
@@ -9318,14 +9427,14 @@ Recent stderr: ${recentStderrSummaryLine}` : `Signal: ${signal}`;
           }
         },
         {
-          operationName: "NewSession",
+          operationName: sessionOperation === "resume" ? "ResumeSession" : sessionOperation === "load" ? "LoadSession" : "NewSession",
           maxAttempts: RETRY_CONFIG.maxAttempts,
           baseDelayMs: RETRY_CONFIG.baseDelayMs,
           maxDelayMs: RETRY_CONFIG.maxDelayMs,
           shouldRetry: (error) => !(error instanceof AcpProcessStartupError)
         }
       );
-      this.acpSessionId = sessionResponse.sessionId;
+      this.acpSessionId = requestedResumeSessionId ?? sessionResponse.sessionId;
       this.updateSessionConfigOptions(sessionResponse.configOptions);
       logger.debug(`[AcpBackend] Session created: ${this.acpSessionId}`);
       await this.applySessionConfigPresets();
@@ -9718,12 +9827,12 @@ function readGeminiLocalConfig() {
   let googleCloudProject = null;
   let googleCloudProjectEmail = null;
   const possiblePaths = [
-    join$1(homedir(), ".gemini", "oauth_creds.json"),
+    join$1(homedir$1(), ".gemini", "oauth_creds.json"),
     // Main OAuth credentials file
-    join$1(homedir(), ".gemini", "config.json"),
-    join$1(homedir(), ".config", "gemini", "config.json"),
-    join$1(homedir(), ".gemini", "auth.json"),
-    join$1(homedir(), ".config", "gemini", "auth.json")
+    join$1(homedir$1(), ".gemini", "config.json"),
+    join$1(homedir$1(), ".config", "gemini", "config.json"),
+    join$1(homedir$1(), ".gemini", "auth.json"),
+    join$1(homedir$1(), ".config", "gemini", "auth.json")
   ];
   for (const configPath of possiblePaths) {
     if (existsSync$1(configPath)) {
@@ -9801,10 +9910,10 @@ function determineGeminiModel(explicitModel, localConfig) {
 }
 function saveGeminiModelToConfig(model) {
   try {
-    const configDir = join$1(homedir(), ".gemini");
+    const configDir = join$1(homedir$1(), ".gemini");
     const configPath = join$1(configDir, "config.json");
     if (!existsSync$1(configDir)) {
-      mkdirSync(configDir, { recursive: true });
+      mkdirSync$1(configDir, { recursive: true });
     }
     let config = {};
     if (existsSync$1(configPath)) {
@@ -9816,7 +9925,7 @@ function saveGeminiModelToConfig(model) {
       }
     }
     config.model = model;
-    writeFileSync(configPath, JSON.stringify(config, null, 2), "utf-8");
+    writeFileSync$1(configPath, JSON.stringify(config, null, 2), "utf-8");
     logger.debug(`[Gemini] Saved model "${model}" to ${configPath}`);
   } catch (error) {
     logger.debug(`[Gemini] Failed to save model to config:`, error);
@@ -9824,10 +9933,10 @@ function saveGeminiModelToConfig(model) {
 }
 function saveGoogleCloudProjectToConfig(projectId, email) {
   try {
-    const configDir = join$1(homedir(), ".gemini");
+    const configDir = join$1(homedir$1(), ".gemini");
     const configPath = join$1(configDir, "config.json");
     if (!existsSync$1(configDir)) {
-      mkdirSync(configDir, { recursive: true });
+      mkdirSync$1(configDir, { recursive: true });
     }
     let config = {};
     if (existsSync$1(configPath)) {
@@ -9841,7 +9950,7 @@ function saveGoogleCloudProjectToConfig(projectId, email) {
     if (email) {
       config.googleCloudProjectEmail = email;
     }
-    writeFileSync(configPath, JSON.stringify(config, null, 2), "utf-8");
+    writeFileSync$1(configPath, JSON.stringify(config, null, 2), "utf-8");
     logger.debug(`[Gemini] Saved Google Cloud Project "${projectId}"${email ? ` for ${email}` : ""} to ${configPath}`);
   } catch (error) {
     logger.debug(`[Gemini] Failed to save Google Cloud Project to config:`, error);
@@ -10004,8 +10113,23 @@ function readCodexAcpConfigOverrides() {
   const raw = readFirstEnv("HAPPY_CODEX_ACP_CONFIG_OVERRIDES", "HAPPIER_CODEX_ACP_CONFIG_OVERRIDES");
   return raw.split("\n").map((line) => line.trim()).filter(Boolean);
 }
+function sanitizeCodexAcpBaseArgs(baseArgs = []) {
+  const sanitized = [];
+  for (let index = 0; index < baseArgs.length; index += 1) {
+    const arg = baseArgs[index];
+    if (arg === "--dangerously-bypass-approvals-and-sandbox" || arg === "--yolo" || arg.startsWith("--ask-for-approval=") || arg.startsWith("--approval-policy=") || arg.startsWith("--sandbox=")) {
+      continue;
+    }
+    if (arg === "--ask-for-approval" || arg === "--approval-policy" || arg === "--sandbox") {
+      index += 1;
+      continue;
+    }
+    sanitized.push(arg);
+  }
+  return sanitized;
+}
 function buildCodexAcpConfigArgs(options) {
-  const args = [...options.baseArgs ?? []];
+  const args = sanitizeCodexAcpBaseArgs(options.baseArgs);
   const overrides = [...readCodexAcpConfigOverrides()];
   if (options.model) {
     overrides.push(`model=${JSON.stringify(options.model)}`);
@@ -10134,6 +10258,9 @@ function resolveCodexExecutable() {
   }
   return "codex";
 }
+function shouldUseShellForCodex(executable) {
+  return process.platform === "win32" && /\.(cmd|bat|ps1)$/i.test(executable);
+}
 
 const CODEX_HOME_SEED_FILES = [
   "auth.json",
@@ -10147,6 +10274,24 @@ const CODEX_HOME_SEED_DIRS = [
 ];
 const MAX_CODEX_SKILL_DESCRIPTION_LENGTH = 1024;
 const MANAGED_CODEX_HOME_PREFIX = "happy-codex-home-";
+function isPlainObject(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isApiKeyOnlyCodexAuth(value) {
+  if (!isPlainObject(value)) {
+    return false;
+  }
+  const entries = Object.entries(value).filter(([, entryValue]) => entryValue !== void 0 && entryValue !== null);
+  return entries.length === 1 && typeof value.OPENAI_API_KEY === "string" && value.OPENAI_API_KEY.trim().length > 0;
+}
+function shouldUseSourceCodexHomeForMutableAuth(sourceHomeDir) {
+  try {
+    const auth = JSON.parse(readFileSync(join(sourceHomeDir, "auth.json"), "utf8"));
+    return !isApiKeyOnlyCodexAuth(auth);
+  } catch {
+    return false;
+  }
+}
 function getCodexPlatformTarget(platform, arch) {
   if (platform === "win32" && arch === "x64") {
     return {
@@ -10310,7 +10455,7 @@ function copyCodexHomeEntry(sourcePath, destPath) {
   if (!existsSync(sourcePath)) {
     return;
   }
-  mkdirSync$1(dirname$1(destPath), { recursive: true });
+  mkdirSync(dirname$1(destPath), { recursive: true });
   cpSync(sourcePath, destPath, {
     recursive: true,
     force: true,
@@ -10394,7 +10539,7 @@ function seedCodexSkillEntries(sourceSkillsDir, isolatedHomeDir, sourceLabel) {
     return;
   }
   const destSkillsDir = join(isolatedHomeDir, "skills");
-  mkdirSync$1(destSkillsDir, { recursive: true });
+  mkdirSync(destSkillsDir, { recursive: true });
   for (const entryName of readdirSync(sourceSkillsDir)) {
     const sourceEntryPath = join(sourceSkillsDir, entryName);
     if (!shouldSeedCodexSkillEntry(sourceEntryPath)) {
@@ -10410,7 +10555,135 @@ function seedCodexSkillEntries(sourceSkillsDir, isolatedHomeDir, sourceLabel) {
     }
   }
 }
-function seedIsolatedCodexHome(sourceHomeDir, isolatedHomeDir, bundledSkillsDir) {
+function isWithinDirectory(parentDir, childPath, platform) {
+  const normalizedParent = normalizePathForComparison(parentDir, platform);
+  const normalizedChild = normalizePathForComparison(childPath, platform);
+  return normalizedChild === normalizedParent || normalizedChild.startsWith(`${normalizedParent}/`);
+}
+function extractCodexSessionIdFromFilePath(filePath) {
+  const match = filePath.match(/-([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\.jsonl$/);
+  return match?.[1] ?? null;
+}
+function findCodexSessionFile(sourceHomeDir, resumeSessionId, platform) {
+  const sessionsRoot = join(sourceHomeDir, "sessions");
+  const stack = [sessionsRoot];
+  let bestMatch = null;
+  while (stack.length > 0) {
+    const currentDir = stack.pop();
+    let entries;
+    try {
+      entries = readdirSync(currentDir, { withFileTypes: true });
+    } catch {
+      continue;
+    }
+    for (const entry of entries) {
+      const fullPath = join(currentDir, entry.name);
+      if (!isWithinDirectory(sessionsRoot, fullPath, platform)) {
+        continue;
+      }
+      if (entry.isDirectory()) {
+        stack.push(fullPath);
+        continue;
+      }
+      if (!entry.isFile() || extractCodexSessionIdFromFilePath(fullPath) !== resumeSessionId) {
+        continue;
+      }
+      try {
+        const mtimeMs = statSync(fullPath).mtimeMs;
+        if (!bestMatch || mtimeMs > bestMatch.mtimeMs) {
+          bestMatch = { path: fullPath, mtimeMs };
+        }
+      } catch {
+      }
+    }
+  }
+  return bestMatch?.path ?? null;
+}
+function seedCodexResumeSessionFile(sourceHomeDir, isolatedHomeDir, resumeSessionId, platform) {
+  const normalizedResumeSessionId = typeof resumeSessionId === "string" && resumeSessionId.trim() ? resumeSessionId.trim() : null;
+  if (!normalizedResumeSessionId) {
+    return;
+  }
+  const sourceSessionFile = findCodexSessionFile(sourceHomeDir, normalizedResumeSessionId, platform);
+  if (!sourceSessionFile) {
+    logger.debug(`[codex] No source CODEX_HOME session file found for resume id ${normalizedResumeSessionId}`);
+    return;
+  }
+  const sourceSessionsRoot = join(sourceHomeDir, "sessions");
+  const relativeSessionPath = relative(sourceSessionsRoot, sourceSessionFile);
+  if (!relativeSessionPath || relativeSessionPath.startsWith("..") || isAbsolute(relativeSessionPath)) {
+    logger.debug(`[codex] Refusing to seed CODEX_HOME session outside sessions root: ${sourceSessionFile}`);
+    return;
+  }
+  try {
+    copyCodexHomeEntry(
+      sourceSessionFile,
+      join(isolatedHomeDir, "sessions", relativeSessionPath)
+    );
+  } catch (error) {
+    logger.debug(`[codex] Failed to seed CODEX_HOME session file for ${normalizedResumeSessionId}`, error);
+  }
+}
+function shouldSyncCodexSessionFileBack(sourcePath, destPath) {
+  let sourceStat;
+  try {
+    sourceStat = statSync(sourcePath);
+  } catch {
+    return false;
+  }
+  if (!sourceStat.isFile()) {
+    return false;
+  }
+  let destStat;
+  try {
+    destStat = statSync(destPath);
+  } catch {
+    return true;
+  }
+  return sourceStat.mtimeMs >= destStat.mtimeMs || sourceStat.size !== destStat.size;
+}
+function syncCodexSessionFilesBackToSource(isolatedHomeDir, sourceHomeDir, platform) {
+  const isolatedSessionsRoot = join(isolatedHomeDir, "sessions");
+  const sourceSessionsRoot = join(sourceHomeDir, "sessions");
+  const stack = [isolatedSessionsRoot];
+  while (stack.length > 0) {
+    const currentDir = stack.pop();
+    let entries;
+    try {
+      entries = readdirSync(currentDir, { withFileTypes: true });
+    } catch {
+      continue;
+    }
+    for (const entry of entries) {
+      const fullPath = join(currentDir, entry.name);
+      if (!isWithinDirectory(isolatedSessionsRoot, fullPath, platform)) {
+        continue;
+      }
+      if (entry.isDirectory()) {
+        stack.push(fullPath);
+        continue;
+      }
+      if (!entry.isFile() || extractCodexSessionIdFromFilePath(fullPath) === null) {
+        continue;
+      }
+      const relativeSessionPath = relative(isolatedSessionsRoot, fullPath);
+      if (!relativeSessionPath || relativeSessionPath.startsWith("..") || isAbsolute(relativeSessionPath)) {
+        logger.debug(`[codex] Refusing to sync CODEX_HOME session outside sessions root: ${fullPath}`);
+        continue;
+      }
+      const destPath = join(sourceSessionsRoot, relativeSessionPath);
+      if (!shouldSyncCodexSessionFileBack(fullPath, destPath)) {
+        continue;
+      }
+      try {
+        copyCodexHomeEntry(fullPath, destPath);
+      } catch (error) {
+        logger.debug(`[codex] Failed to sync CODEX_HOME session file back to source: ${fullPath}`, error);
+      }
+    }
+  }
+}
+function seedIsolatedCodexHome(sourceHomeDir, isolatedHomeDir, bundledSkillsDir, resumeSessionId, platform) {
   if (existsSync(sourceHomeDir)) {
     for (const fileName of CODEX_HOME_SEED_FILES) {
       try {
@@ -10431,6 +10704,7 @@ function seedIsolatedCodexHome(sourceHomeDir, isolatedHomeDir, bundledSkillsDir)
     seedCodexSkillEntries(bundledSkillsDir, isolatedHomeDir, "bundled skills");
   }
   seedCodexSkillEntries(join(sourceHomeDir, "skills"), isolatedHomeDir, "source CODEX_HOME");
+  seedCodexResumeSessionFile(sourceHomeDir, isolatedHomeDir, resumeSessionId, platform);
 }
 function prepareCodexAcpEnvironment(overrides = {}, options = {}) {
   const env = buildCodexAcpEnv(overrides, options);
@@ -10448,17 +10722,26 @@ function prepareCodexAcpEnvironment(overrides = {}, options = {}) {
       return { env };
     }
   }
+  const sourceHomeDir = options.sourceHomeDir ?? join(homedir(), ".codex");
+  const bundledSkillsDir = options.bundledSkillsDir ?? join(projectPath(), "skills");
+  if (shouldUseSourceCodexHomeForMutableAuth(sourceHomeDir)) {
+    logger.debug("[codex] Using source CODEX_HOME for mutable Codex auth credentials");
+    env.CODEX_HOME = sourceHomeDir;
+    return {
+      env,
+      codexHomePath: sourceHomeDir
+    };
+  }
   const tempDirFactory = options.tempDirFactory ?? mkdtempSync;
   const isolatedHomeDir = tempDirFactory(join(tmpdir(), "happy-codex-home-"));
-  mkdirSync$1(isolatedHomeDir, { recursive: true });
-  const sourceHomeDir = options.sourceHomeDir ?? join(homedir$1(), ".codex");
-  const bundledSkillsDir = options.bundledSkillsDir ?? join(projectPath(), "skills");
-  seedIsolatedCodexHome(sourceHomeDir, isolatedHomeDir, bundledSkillsDir);
+  mkdirSync(isolatedHomeDir, { recursive: true });
+  seedIsolatedCodexHome(sourceHomeDir, isolatedHomeDir, bundledSkillsDir, options.resumeSessionId, platform);
   env.CODEX_HOME = isolatedHomeDir;
   return {
     env,
     codexHomePath: isolatedHomeDir,
     cleanup: () => {
+      syncCodexSessionFilesBackToSource(isolatedHomeDir, sourceHomeDir, platform);
       rmSync(isolatedHomeDir, { recursive: true, force: true });
     }
   };
@@ -10491,6 +10774,8 @@ function createCodexBackend(options) {
   const preparedEnv = prepareCodexAcpEnvironment({
     ...options.env,
     NODE_ENV: "production"
+  }, {
+    resumeSessionId: options.resumeSessionId
   });
   const backendOptions = {
     agentName: "codex",
@@ -10501,7 +10786,8 @@ function createCodexBackend(options) {
     permissionHandler: options.permissionHandler,
     selectionHandler: options.selectionHandler,
     transportHandler: resolveCodexTransport(spawn.command),
-    resourceCleanup: preparedEnv.cleanup
+    resourceCleanup: preparedEnv.cleanup,
+    resumeSessionId: options.resumeSessionId
   };
   return {
     backend: new AcpBackend(backendOptions),
@@ -10618,7 +10904,7 @@ function getGlobalClaudeVersion() {
     const output = execSync$1("claude --version", {
       encoding: "utf8",
       stdio: ["pipe", "pipe", "pipe"],
-      cwd: homedir$1(),
+      cwd: homedir(),
       env: cleanEnv,
       windowsHide: true
     }).trim();
@@ -10655,7 +10941,7 @@ function getCleanEnv() {
   return env;
 }
 function findGlobalClaudePath() {
-  const homeDir = homedir$1();
+  const homeDir = homedir();
   const cleanEnv = getCleanEnv();
   try {
     execSync$1("claude --version", {
@@ -11935,14 +12221,14 @@ var launch = /*#__PURE__*/Object.freeze({
 const unifiedProviderExecutors = {
   claude: async (opts) => {
     const claudeOptions = opts.claudeOptions ?? {};
-    const { runClaude } = await import('./runClaude-BpwlCyVT.mjs');
+    const { runClaude } = await import('./runClaude-BviM1Wl5.mjs');
     await runClaude(opts.credentials, {
       ...claudeOptions,
       startingMode: claudeOptions.startingMode ?? (claudeOptions.startedBy === "daemon" ? "remote" : void 0)
     });
   },
   codex: async (opts) => {
-    const { runCodex } = await import('./runCodex-BMNR2hNp.mjs');
+    const { runCodex } = await import('./runCodex-Dx3osc7U.mjs');
     await runCodex({
       credentials: opts.credentials,
       startedBy: opts.startedBy,
@@ -11951,7 +12237,7 @@ const unifiedProviderExecutors = {
     });
   },
   gemini: async (opts) => {
-    const { runGemini } = await import('./runGemini-D4Af8oH1.mjs');
+    const { runGemini } = await import('./runGemini-CnJ75Q--.mjs');
     await runGemini({
       credentials: opts.credentials,
       startedBy: opts.startedBy
@@ -12034,7 +12320,7 @@ function shouldRunMainClaudeFlow(opts) {
     return;
   } else if (subcommand === "runtime") {
     if (args[1] === "providers") {
-      const { renderRuntimeProviders } = await import('./command-h3Rr4Abu.mjs');
+      const { renderRuntimeProviders } = await import('./command-fcJ-4Yq3.mjs');
       console.log(renderRuntimeProviders());
       return;
     }
@@ -12240,8 +12526,8 @@ function shouldRunMainClaudeFlow(opts) {
       const projectId = args[3];
       try {
         const { saveGoogleCloudProjectToConfig } = await Promise.resolve().then(function () { return config; });
-        const { readCredentials: readCredentials2 } = await import('./api-BhMVpzwg.mjs').then(function (n) { return n.X; });
-        const { ApiClient: ApiClient2 } = await import('./api-BhMVpzwg.mjs').then(function (n) { return n.Y; });
+        const { readCredentials: readCredentials2 } = await import('./api-D3vYIva3.mjs').then(function (n) { return n.Y; });
+        const { ApiClient: ApiClient2 } = await import('./api-D3vYIva3.mjs').then(function (n) { return n.Z; });
         let userEmail = void 0;
         try {
           const credentials = await readCredentials2();
@@ -12659,4 +12945,4 @@ ${chalk.bold("Examples:")}
   }
 }
 
-export { AbortError as A, getEnvironmentInfo as B, startCaffeinate as C, ExitCodeError as E, Future as F, GEMINI_MODEL_ENV as G, PushableAsyncIterable as P, RuntimeShell as R, createSessionMetadata as a, closeProviderSession as b, createDefaultRuntimeShell as c, createGeminiBackend as d, stopCaffeinate as e, formatDisplayMessage as f, getInitialGeminiModel as g, createCodexBackend as h, readManagedSessionTag as i, resolveManagedSessionTag as j, initialMachineMetadata as k, resolveCanonicalToolNameV2 as l, isTerminalReferenceOnlyPayload as m, getProjectPath as n, claudeLocal as o, publishSessionRegistration as p, trimIdent as q, readGeminiLocalConfig as r, saveGeminiModelToConfig as s, truncateDisplayMessage as t, createClaudeBackend as u, validateCodexAcpSpawn as v, claudeCheckSession as w, projectPath as x, mapToClaudeMode as y, query as z };
+export { AcpBackend as A, mapToClaudeMode as B, query as C, AbortError as D, ExitCodeError as E, Future as F, GEMINI_MODEL_ENV as G, getEnvironmentInfo as H, startCaffeinate as I, PushableAsyncIterable as P, RuntimeShell as R, createSessionMetadata as a, closeProviderSession as b, createDefaultRuntimeShell as c, createGeminiBackend as d, stopCaffeinate as e, formatDisplayMessage as f, getInitialGeminiModel as g, createCodexBackend as h, resolveCodexExecutable as i, shouldUseShellForCodex as j, readManagedSessionTag as k, resolveManagedSessionTag as l, initialMachineMetadata as m, resolveCanonicalToolNameV2 as n, isTerminalReferenceOnlyPayload as o, publishSessionRegistration as p, getProjectPath as q, readGeminiLocalConfig as r, saveGeminiModelToConfig as s, truncateDisplayMessage as t, claudeLocal as u, validateCodexAcpSpawn as v, trimIdent as w, createClaudeBackend as x, claudeCheckSession as y, projectPath as z };