hovclaw 0.1.0 → 0.1.2

package/dist/hovclaw.js

@@ -7,7 +7,7 @@ import { Command } from "commander";
 import os from "node:os";
 import dotenv from "dotenv";
 import { z } from "zod";
-import crypto, { randomUUID } from "node:crypto";
+import crypto, { randomUUID, timingSafeEqual } from "node:crypto";
 import WebSocket from "ws";
 import fs$1 from "node:fs/promises";
 import { Agent } from "@mariozechner/pi-agent-core";
@@ -23,6 +23,23 @@ import { JSDOM } from "jsdom";
 import { Readability } from "@mozilla/readability";
 import Parser from "rss-parser";
 
+//#region \0rolldown/runtime.js
+var __defProp = Object.defineProperty;
+var __exportAll = (all, no_symbols) => {
+	let target = {};
+	for (var name in all) {
+		__defProp(target, name, {
+			get: all[name],
+			enumerable: true
+		});
+	}
+	if (!no_symbols) {
+		__defProp(target, Symbol.toStringTag, { value: "Module" });
+	}
+	return target;
+};
+
+//#endregion
 //#region src/compat/openclaw-mirror.ts
 function resolveOpenClawHome(env = process.env) {
 	const override = env.OPENCLAW_STATE_DIR?.trim();
@@ -153,6 +170,12 @@ function getOpenClawMirrorStatus(config) {
 dotenv.config();
 const PROJECT_ROOT = process.cwd();
 const DEFAULT_WORKSPACE_PATH = "~/.hovclaw/workspace";
+const DEFAULT_SHARED_SKILLS_PATH = "~/.agents/skills";
+const USER_CONTENT_DIRS = ["agents"];
+const USER_STATE_DIRS = ["store", "data"];
+const ensuredHomeContentDirs = /* @__PURE__ */ new Set();
+const ensuredHomeStateDirs = /* @__PURE__ */ new Set();
+const ensuredSharedSkillsDirs = /* @__PURE__ */ new Set();
 const DEFAULT_FILE_CONFIG = {
 	assistant: { name: "Andy" },
 	agents: {
@@ -183,6 +206,18 @@ const DEFAULT_FILE_CONFIG = {
 		aliases: {},
 		allowlist: []
 	},
+	commands: {
+		native: "auto",
+		nativeSkills: "auto",
+		defaultThinkingLevel: "medium",
+		text: true,
+		config: false,
+		debug: false,
+		bash: false,
+		restart: false,
+		useAccessGroups: true,
+		allowFrom: {}
+	},
 	runtime: {
 		mode: "local",
 		containerImage: "ghcr.io/mariozechner/pi-agent:latest",
@@ -206,7 +241,8 @@ const DEFAULT_FILE_CONFIG = {
 			"head",
 			"tail",
 			"wc"
-		]
+		],
+		tools: { bashEnabled: false }
 	},
 	channels: {
 		discord: {
@@ -260,7 +296,9 @@ const DEFAULT_FILE_CONFIG = {
 		},
 		auth: {
 			token: "",
-			password: ""
+			password: "",
+			allowUnauthenticated: false,
+			allowedOrigins: []
 		},
 		remote: {
 			url: "",
@@ -279,11 +317,36 @@ const telegramWebhookSchema = z.object({
 	path: z.string().min(1),
 	port: z.number().int().positive(),
 	secret: z.string()
+}).superRefine((value, ctx) => {
+	if (!value.enabled) return;
+	if (value.secret.trim().length > 0) return;
+	ctx.addIssue({
+		code: z.ZodIssueCode.custom,
+		message: "Webhook secret is required when webhook mode is enabled.",
+		path: ["secret"]
+	});
 });
 const telegramCustomCommandSchema = z.object({
 	command: z.string().min(1),
 	description: z.string().min(1)
 });
+const commandAllowFromSchema = z.record(z.string(), z.array(z.union([z.string(), z.number()])));
+const commandsConfigSchema = z.object({
+	native: z.union([z.boolean(), z.literal("auto")]),
+	nativeSkills: z.union([z.boolean(), z.literal("auto")]),
+	defaultThinkingLevel: z.enum([
+		"low",
+		"medium",
+		"high"
+	]),
+	text: z.boolean(),
+	config: z.boolean(),
+	debug: z.boolean(),
+	bash: z.boolean(),
+	restart: z.boolean(),
+	useAccessGroups: z.boolean(),
+	allowFrom: commandAllowFromSchema
+});
 const telegramTopicConfigSchema = z.object({
 	enabled: z.boolean().optional(),
 	requireMention: z.boolean().optional(),
@@ -343,6 +406,46 @@ const telegramAccountConfigSchema = z.object({
 	]).optional(),
 	textMode: z.enum(["plain", "markdown"]).optional()
 });
+const partialTelegramWebhookSchema = z.object({
+	enabled: z.boolean().optional(),
+	path: z.string().min(1).optional(),
+	port: z.number().int().positive().optional(),
+	secret: z.string().optional()
+});
+const partialTelegramAccountConfigSchema = z.object({
+	enabled: z.boolean().optional(),
+	name: z.string().optional(),
+	botToken: z.string().optional(),
+	webhook: partialTelegramWebhookSchema.optional(),
+	dmPolicy: z.enum([
+		"pairing",
+		"allowlist",
+		"open",
+		"disabled"
+	]).optional(),
+	groupPolicy: z.enum([
+		"open",
+		"allowlist",
+		"disabled"
+	]).optional(),
+	allowFrom: z.array(z.union([z.string(), z.number()])).optional(),
+	groupAllowFrom: z.array(z.union([z.string(), z.number()])).optional(),
+	groups: z.record(z.string(), telegramGroupConfigSchema).optional(),
+	commands: z.union([z.boolean(), z.literal("auto")]).optional(),
+	customCommands: z.array(telegramCustomCommandSchema).optional(),
+	reactionNotifications: z.enum([
+		"off",
+		"own",
+		"all"
+	]).optional(),
+	reactionLevel: z.enum([
+		"off",
+		"ack",
+		"minimal",
+		"extensive"
+	]).optional(),
+	textMode: z.enum(["plain", "markdown"]).optional()
+});
 const fileConfigSchema = z.object({
 	assistant: z.object({ name: z.string().min(1) }),
 	agents: z.object({
@@ -395,6 +498,7 @@ const fileConfigSchema = z.object({
 		aliases: z.record(z.string(), z.string()),
 		allowlist: z.array(z.string())
 	}),
+	commands: commandsConfigSchema,
 	runtime: z.object({
 		mode: z.enum(["local", "container"]),
 		containerImage: z.string().min(1),
@@ -404,7 +508,8 @@ const fileConfigSchema = z.object({
 		maxOutputBytes: z.number().int().positive(),
 		allowedReadRoots: z.array(z.string().min(1)),
 		allowedWriteRoots: z.array(z.string().min(1)),
-		allowedCommandPrefixes: z.array(z.string().min(1)).min(1)
+		allowedCommandPrefixes: z.array(z.string().min(1)).min(1),
+		tools: z.object({ bashEnabled: z.boolean() })
 	}),
 	channels: z.object({
 		discord: z.object({
@@ -433,7 +538,9 @@ const fileConfigSchema = z.object({
 		}),
 		auth: z.object({
 			token: z.string(),
-			password: z.string()
+			password: z.string(),
+			allowUnauthenticated: z.boolean(),
+			allowedOrigins: z.array(z.string().min(1))
 		}),
 		remote: z.object({
 			url: z.string(),
@@ -451,21 +558,37 @@ const partialTelegramConfigSchema = z.object({
 	enabled: z.boolean().optional(),
 	botToken: z.string().optional(),
 	defaultAccountId: z.string().optional(),
-	webhook: telegramWebhookSchema.partial().optional(),
-	accounts: z.record(z.string(), telegramAccountConfigSchema.partial()).optional()
+	webhook: partialTelegramWebhookSchema.optional(),
+	accounts: z.record(z.string(), partialTelegramAccountConfigSchema).optional()
 }).optional();
 const partialChannelsSchema = z.object({
 	discord: fileConfigSchema.shape.channels.shape.discord.partial().optional(),
 	telegram: partialTelegramConfigSchema
 }).optional();
+const partialGatewayConfigSchema = z.object({
+	enabled: z.boolean().optional(),
+	host: z.string().min(1).optional(),
+	port: z.number().int().positive().optional(),
+	mode: z.enum(["local", "remote"]).optional(),
+	tickIntervalMs: z.number().int().positive().optional(),
+	webUi: fileConfigSchema.shape.gateway.shape.webUi.partial().optional(),
+	auth: z.object({
+		token: z.string().optional(),
+		password: z.string().optional(),
+		allowUnauthenticated: z.boolean().optional(),
+		allowedOrigins: z.array(z.string().min(1)).optional()
+	}).optional(),
+	remote: fileConfigSchema.shape.gateway.shape.remote.partial().optional()
+}).optional();
 const partialFileConfigSchema = z.object({
 	assistant: fileConfigSchema.shape.assistant.partial().optional(),
 	agents: fileConfigSchema.shape.agents.partial().optional(),
 	bindings: fileConfigSchema.shape.bindings.optional(),
 	models: fileConfigSchema.shape.models.partial().optional(),
+	commands: commandsConfigSchema.partial().optional(),
 	runtime: fileConfigSchema.shape.runtime.partial().optional(),
 	channels: partialChannelsSchema,
-	gateway: fileConfigSchema.shape.gateway.partial().optional(),
+	gateway: partialGatewayConfigSchema,
 	scheduler: fileConfigSchema.shape.scheduler.partial().optional()
 });
 const apiKeyCredentialSchema = z.object({
@@ -526,12 +649,97 @@ function defaultHovclawHome() {
 function getHovclawHome(env = process.env) {
 	return path.resolve(expandPath(env.HOVCLAW_HOME || defaultHovclawHome()));
 }
+function defaultSharedSkillsDir(env = process.env) {
+	if ((env.NODE_ENV || "production") === "test") return path.join(getHovclawHome(env), ".agents", "skills");
+	return DEFAULT_SHARED_SKILLS_PATH;
+}
+function getSharedSkillsDir(env = process.env) {
+	const configured = env.HOVCLAW_SKILLS_DIR?.trim();
+	return path.resolve(expandPath(configured || defaultSharedSkillsDir(env)));
+}
 function getConfigPath(env = process.env) {
 	return path.join(getHovclawHome(env), "config.json");
 }
 function getCredentialsPath(env = process.env) {
 	return path.join(getHovclawHome(env), "credentials.json");
 }
+function ensureHomeContentDirs(projectRoot, hovclawHome) {
+	for (const dirName of USER_CONTENT_DIRS) {
+		const destinationDir = path.join(hovclawHome, dirName);
+		if (fs.existsSync(destinationDir)) continue;
+		fs.mkdirSync(destinationDir, {
+			recursive: true,
+			mode: 448
+		});
+	}
+}
+function ensureMainAgentConfig(agentsDir) {
+	const mainAgentPath = path.join(agentsDir, "main", "agent.json");
+	if (fs.existsSync(mainAgentPath)) return;
+	writeJsonFile(mainAgentPath, {
+		name: "Main",
+		skills: []
+	});
+}
+function ensureHomeStateDirs(projectRoot, hovclawHome) {
+	for (const dirName of USER_STATE_DIRS) {
+		const destinationDir = path.join(hovclawHome, dirName);
+		if (fs.existsSync(destinationDir)) continue;
+		const sourceDir = path.join(projectRoot, dirName);
+		if (fs.existsSync(sourceDir)) {
+			fs.cpSync(sourceDir, destinationDir, { recursive: true });
+			continue;
+		}
+		fs.mkdirSync(destinationDir, {
+			recursive: true,
+			mode: 448
+		});
+	}
+}
+function ensureHomeContentDirsOnce(projectRoot, hovclawHome) {
+	if (ensuredHomeContentDirs.has(hovclawHome)) return;
+	ensureHomeContentDirs(projectRoot, hovclawHome);
+	ensuredHomeContentDirs.add(hovclawHome);
+}
+function ensureHomeStateDirsOnce(projectRoot, hovclawHome) {
+	if (ensuredHomeStateDirs.has(hovclawHome)) return;
+	ensureHomeStateDirs(projectRoot, hovclawHome);
+	ensuredHomeStateDirs.add(hovclawHome);
+}
+function directoryHasEntries(dirPath) {
+	if (!fs.existsSync(dirPath)) return false;
+	try {
+		return fs.readdirSync(dirPath).length > 0;
+	} catch {
+		return false;
+	}
+}
+function copyDirectoryEntries(sourceDir, destinationDir) {
+	for (const entry of fs.readdirSync(sourceDir, { withFileTypes: true })) {
+		const sourcePath = path.join(sourceDir, entry.name);
+		const destinationPath = path.join(destinationDir, entry.name);
+		fs.cpSync(sourcePath, destinationPath, {
+			recursive: true,
+			force: true
+		});
+	}
+}
+function ensureSharedSkillsDir(hovclawHome, env = process.env) {
+	const sharedSkillsDir = getSharedSkillsDir(env);
+	ensureSecureDir(sharedSkillsDir);
+	if (directoryHasEntries(sharedSkillsDir)) return sharedSkillsDir;
+	const legacySkillsDir = path.join(hovclawHome, "skills");
+	if (!directoryHasEntries(legacySkillsDir)) return sharedSkillsDir;
+	copyDirectoryEntries(legacySkillsDir, sharedSkillsDir);
+	return sharedSkillsDir;
+}
+function ensureSharedSkillsDirOnce(hovclawHome, env = process.env) {
+	const sharedSkillsDir = getSharedSkillsDir(env);
+	if (ensuredSharedSkillsDirs.has(sharedSkillsDir)) return sharedSkillsDir;
+	ensureSharedSkillsDir(hovclawHome, env);
+	ensuredSharedSkillsDirs.add(sharedSkillsDir);
+	return sharedSkillsDir;
+}
 function hasConfigFile(env = process.env) {
 	return fs.existsSync(getConfigPath(env));
 }
@@ -627,6 +835,18 @@ function mergeWithDefaults(partial) {
 			aliases: partial.models?.aliases ?? DEFAULT_FILE_CONFIG.models.aliases,
 			allowlist: partial.models?.allowlist ?? DEFAULT_FILE_CONFIG.models.allowlist
 		},
+		commands: {
+			native: partial.commands?.native ?? DEFAULT_FILE_CONFIG.commands.native,
+			nativeSkills: partial.commands?.nativeSkills ?? DEFAULT_FILE_CONFIG.commands.nativeSkills,
+			defaultThinkingLevel: partial.commands?.defaultThinkingLevel ?? DEFAULT_FILE_CONFIG.commands.defaultThinkingLevel,
+			text: partial.commands?.text ?? DEFAULT_FILE_CONFIG.commands.text,
+			config: partial.commands?.config ?? DEFAULT_FILE_CONFIG.commands.config,
+			debug: partial.commands?.debug ?? DEFAULT_FILE_CONFIG.commands.debug,
+			bash: partial.commands?.bash ?? DEFAULT_FILE_CONFIG.commands.bash,
+			restart: partial.commands?.restart ?? DEFAULT_FILE_CONFIG.commands.restart,
+			useAccessGroups: partial.commands?.useAccessGroups ?? DEFAULT_FILE_CONFIG.commands.useAccessGroups,
+			allowFrom: partial.commands?.allowFrom ?? DEFAULT_FILE_CONFIG.commands.allowFrom
+		},
 		runtime: {
 			mode: partial.runtime?.mode ?? DEFAULT_FILE_CONFIG.runtime.mode,
 			containerImage: partial.runtime?.containerImage ?? DEFAULT_FILE_CONFIG.runtime.containerImage,
@@ -636,7 +856,8 @@ function mergeWithDefaults(partial) {
 			maxOutputBytes: partial.runtime?.maxOutputBytes ?? DEFAULT_FILE_CONFIG.runtime.maxOutputBytes,
 			allowedReadRoots: partial.runtime?.allowedReadRoots ?? DEFAULT_FILE_CONFIG.runtime.allowedReadRoots,
 			allowedWriteRoots: partial.runtime?.allowedWriteRoots ?? DEFAULT_FILE_CONFIG.runtime.allowedWriteRoots,
-			allowedCommandPrefixes: partial.runtime?.allowedCommandPrefixes ?? DEFAULT_FILE_CONFIG.runtime.allowedCommandPrefixes
+			allowedCommandPrefixes: partial.runtime?.allowedCommandPrefixes ?? DEFAULT_FILE_CONFIG.runtime.allowedCommandPrefixes,
+			tools: { bashEnabled: partial.runtime?.tools?.bashEnabled ?? DEFAULT_FILE_CONFIG.runtime.tools.bashEnabled }
 		},
 		channels: {
 			discord: {
@@ -659,7 +880,9 @@ function mergeWithDefaults(partial) {
 			},
 			auth: {
 				token: partial.gateway?.auth?.token ?? DEFAULT_FILE_CONFIG.gateway.auth.token,
-				password: partial.gateway?.auth?.password ?? DEFAULT_FILE_CONFIG.gateway.auth.password
+				password: partial.gateway?.auth?.password ?? DEFAULT_FILE_CONFIG.gateway.auth.password,
+				allowUnauthenticated: partial.gateway?.auth?.allowUnauthenticated ?? DEFAULT_FILE_CONFIG.gateway.auth.allowUnauthenticated,
+				allowedOrigins: partial.gateway?.auth?.allowedOrigins ?? DEFAULT_FILE_CONFIG.gateway.auth.allowedOrigins
 			},
 			remote: {
 				url: partial.gateway?.remote?.url ?? DEFAULT_FILE_CONFIG.gateway.remote.url,
@@ -724,6 +947,18 @@ function applyEnvOverrides(base, env) {
 			aliases: base.models.aliases,
 			allowlist: base.models.allowlist
 		},
+		commands: {
+			native: base.commands.native,
+			nativeSkills: base.commands.nativeSkills,
+			defaultThinkingLevel: env.COMMANDS_DEFAULT_THINKING_LEVEL === "low" || env.COMMANDS_DEFAULT_THINKING_LEVEL === "medium" || env.COMMANDS_DEFAULT_THINKING_LEVEL === "high" ? env.COMMANDS_DEFAULT_THINKING_LEVEL : base.commands.defaultThinkingLevel,
+			text: toBool(env.COMMANDS_TEXT, base.commands.text),
+			config: toBool(env.COMMANDS_CONFIG, base.commands.config),
+			debug: toBool(env.COMMANDS_DEBUG, base.commands.debug),
+			bash: toBool(env.COMMANDS_BASH, base.commands.bash),
+			restart: toBool(env.COMMANDS_RESTART, base.commands.restart),
+			useAccessGroups: toBool(env.COMMANDS_USE_ACCESS_GROUPS, base.commands.useAccessGroups),
+			allowFrom: base.commands.allowFrom
+		},
 		runtime: {
 			mode: env.RUNTIME_MODE === "container" || env.RUNTIME_MODE === "local" ? env.RUNTIME_MODE : base.runtime.mode,
 			containerImage: env.RUNTIME_CONTAINER_IMAGE || base.runtime.containerImage,
@@ -733,7 +968,8 @@ function applyEnvOverrides(base, env) {
 			maxOutputBytes: toPositiveInt(env.TOOL_MAX_OUTPUT_BYTES, base.runtime.maxOutputBytes),
 			allowedReadRoots: splitCsv(env.ALLOWED_READ_ROOTS, base.runtime.allowedReadRoots),
 			allowedWriteRoots: splitCsv(env.ALLOWED_WRITE_ROOTS, base.runtime.allowedWriteRoots),
-			allowedCommandPrefixes: splitCsv(env.ALLOWED_COMMAND_PREFIXES, base.runtime.allowedCommandPrefixes)
+			allowedCommandPrefixes: splitCsv(env.ALLOWED_COMMAND_PREFIXES, base.runtime.allowedCommandPrefixes),
+			tools: { bashEnabled: toBool(env.RUNTIME_BASH_ENABLED, base.runtime.tools.bashEnabled) }
 		},
 		channels: {
 			discord: {
@@ -762,7 +998,9 @@ function applyEnvOverrides(base, env) {
 			},
 			auth: {
 				token: env.GATEWAY_AUTH_TOKEN || base.gateway.auth.token,
-				password: env.GATEWAY_AUTH_PASSWORD || base.gateway.auth.password
+				password: env.GATEWAY_AUTH_PASSWORD || base.gateway.auth.password,
+				allowUnauthenticated: toBool(env.GATEWAY_ALLOW_UNAUTHENTICATED, base.gateway.auth.allowUnauthenticated),
+				allowedOrigins: splitCsv(env.GATEWAY_ALLOWED_ORIGINS, base.gateway.auth.allowedOrigins)
 			},
 			remote: {
 				url: env.GATEWAY_REMOTE_URL || base.gateway.remote.url,
@@ -783,21 +1021,33 @@ function escapeRegex(value) {
 function normalizeRoots(paths) {
 	return paths.map((entry) => path.resolve(expandPath(entry)));
 }
+function isLegacyProjectRootWorkspace(workspacePath, projectRoot) {
+	if (!workspacePath) return false;
+	const trimmed = workspacePath.trim();
+	if (!trimmed) return false;
+	return path.resolve(expandPath(trimmed)) === path.resolve(projectRoot);
+}
 function loadConfig(env = process.env) {
 	const merged = applyEnvOverrides(loadConfigFile(env), env);
 	const hovclawHome = getHovclawHome(env);
+	const agentsDir = path.join(hovclawHome, "agents");
+	ensureHomeContentDirsOnce(PROJECT_ROOT, hovclawHome);
+	ensureHomeStateDirsOnce(PROJECT_ROOT, hovclawHome);
+	ensureMainAgentConfig(agentsDir);
+	const sharedSkillsDir = ensureSharedSkillsDirOnce(hovclawHome, env);
 	const defaultWorkspace = path.join(hovclawHome, "workspace");
-	const effectiveWorkspace = merged.agents.defaults.workspace.trim() || defaultWorkspace;
+	const configuredWorkspace = merged.agents.defaults.workspace.trim();
+	const effectiveWorkspace = !configuredWorkspace || isLegacyProjectRootWorkspace(configuredWorkspace, PROJECT_ROOT) ? defaultWorkspace : configuredWorkspace;
 	const assistantName = merged.assistant.name;
 	return {
 		projectRoot: PROJECT_ROOT,
 		hovclawHome,
 		configPath: getConfigPath(env),
 		credentialsPath: getCredentialsPath(env),
-		agentsDir: path.join(PROJECT_ROOT, "agents"),
-		skillsDir: path.join(PROJECT_ROOT, "skills"),
-		storeDir: path.join(PROJECT_ROOT, "store"),
-		dataDir: path.join(PROJECT_ROOT, "data"),
+		agentsDir,
+		skillsDir: sharedSkillsDir,
+		storeDir: path.join(hovclawHome, "store"),
+		dataDir: path.join(hovclawHome, "data"),
 		environment: env.NODE_ENV || "development",
 		logLevel: env.LOG_LEVEL || "info",
 		assistantName,
@@ -807,12 +1057,13 @@ function loadConfig(env = process.env) {
 			list: merged.agents.list.map((entry) => ({
 				id: entry.id,
 				name: entry.name,
-				workspace: entry.workspace ? path.resolve(expandPath(entry.workspace)) : void 0,
+				workspace: entry.workspace ? isLegacyProjectRootWorkspace(entry.workspace, PROJECT_ROOT) ? path.resolve(expandPath(defaultWorkspace)) : path.resolve(expandPath(entry.workspace)) : void 0,
 				default: entry.default
 			}))
 		},
 		bindings: merged.bindings,
 		models: { ...merged.models },
+		commands: { ...merged.commands },
 		runtime: {
 			mode: merged.runtime.mode,
 			containerImage: merged.runtime.containerImage,
@@ -822,7 +1073,8 @@ function loadConfig(env = process.env) {
 			maxOutputBytes: merged.runtime.maxOutputBytes,
 			allowedReadRoots: normalizeRoots(merged.runtime.allowedReadRoots),
 			allowedWriteRoots: normalizeRoots(merged.runtime.allowedWriteRoots),
-			allowedCommandPrefixes: merged.runtime.allowedCommandPrefixes
+			allowedCommandPrefixes: merged.runtime.allowedCommandPrefixes,
+			tools: { bashEnabled: merged.runtime.tools.bashEnabled }
 		},
 		channels: {
 			discord: {
@@ -859,7 +1111,9 @@ function loadConfig(env = process.env) {
 			},
 			auth: {
 				token: merged.gateway.auth.token,
-				password: merged.gateway.auth.password
+				password: merged.gateway.auth.password,
+				allowUnauthenticated: merged.gateway.auth.allowUnauthenticated,
+				allowedOrigins: merged.gateway.auth.allowedOrigins
 			},
 			remote: {
 				url: merged.gateway.remote.url,
@@ -917,6 +1171,7 @@ function legacyEnvKeys() {
 		"ALLOWED_READ_ROOTS",
 		"ALLOWED_WRITE_ROOTS",
 		"ALLOWED_COMMAND_PREFIXES",
+		"RUNTIME_BASH_ENABLED",
 		"TOOL_TIMEOUT_MS",
 		"TOOL_MAX_OUTPUT_BYTES",
 		"ENABLE_DISCORD",
@@ -936,6 +1191,8 @@ function legacyEnvKeys() {
 		"GATEWAY_TICK_INTERVAL_MS",
 		"GATEWAY_AUTH_TOKEN",
 		"GATEWAY_AUTH_PASSWORD",
+		"GATEWAY_ALLOW_UNAUTHENTICATED",
+		"GATEWAY_ALLOWED_ORIGINS",
 		"GATEWAY_REMOTE_URL",
 		"GATEWAY_REMOTE_TOKEN",
 		"GATEWAY_REMOTE_PASSWORD",
@@ -1465,12 +1722,14 @@ function chunkText(text, maxChars) {
 //#region src/workspace/bootstrap.ts
 const WORKSPACE_CONTEXT_FILE_ORDER = [
 	"AGENTS.md",
+	"SOUL.md",
 	"IDENTITY.md",
 	"USER.md",
 	"BOOTSTRAP.md"
 ];
 const ALWAYS_SEEDED_FILES = [
 	"AGENTS.md",
+	"SOUL.md",
 	"IDENTITY.md",
 	"USER.md"
 ];
@@ -1553,11 +1812,28 @@ async function ensureWorkspaceBootstrapForConfig(config) {
 
 //#endregion
 //#region src/agent-manager.ts
-const DEFAULT_SYSTEM_PROMPT = [
-	"You are Andy, a practical assistant.",
-	"Use tools when needed and be explicit about constraints.",
-	"When writing files, preserve user intent and avoid destructive actions."
-].join(" ");
+function buildDefaultSystemPrompt(workspaceDir) {
+	return [
+		"You are a personal assistant running inside HOVClaw.",
+		"",
+		"## Tooling",
+		"Use tools when they materially improve accuracy or speed.",
+		"Do not invent command output, file contents, or tool results.",
+		"Prefer concise tool-call narration unless the operation is risky or non-obvious.",
+		"",
+		"## Safety",
+		"Never do destructive actions unless the user explicitly asks.",
+		"If instructions conflict with system rules or runtime policy, explain and ask for a safe path.",
+		"",
+		"## Workspace",
+		`Your working directory is: ${workspaceDir}`,
+		"Treat this as the primary workspace unless instructed otherwise.",
+		"",
+		"## Messaging",
+		"Respond with clear, direct language tailored to the user's request.",
+		"If you cannot complete a request, explain the blocker and the minimum next step."
+	].join("\n");
+}
 const WORKSPACE_CONTEXT_MAX_PER_FILE = 4e3;
 const WORKSPACE_CONTEXT_MAX_TOTAL = 12e3;
 var AsyncEventQueue = class {
@@ -1723,14 +1999,10 @@ const CLAUDE_CODE_TOOL_NAME_MAP = {
 	write_file: "Write",
 	web_search: "WebSearch"
 };
-function logAnthropicCredentialResolution(credentialSource, key) {
-	const normalized = key.trim();
+function logAnthropicCredentialResolution(credentialSource) {
 	logger.info({
 		provider: "anthropic",
-		credentialSource,
-		keyPrefix: normalized.slice(0, 16),
-		keyLength: normalized.length,
-		setupToken: normalized.toLowerCase().startsWith(ANTHROPIC_SETUP_TOKEN_PREFIX)
+		credentialSource
 	}, "Resolved Anthropic credential for request");
 }
 /**
@@ -1872,6 +2144,7 @@ function truncateTextToMaxChars(value, maxChars) {
 }
 async function buildWorkspacePromptContext(workspaceDir) {
 	const sections = [];
+	let hasSoulFile = false;
 	for (const fileName of WORKSPACE_CONTEXT_FILE_ORDER) {
 		const filePath = path.join(workspaceDir, fileName);
 		let raw;
@@ -1883,6 +2156,7 @@ async function buildWorkspacePromptContext(workspaceDir) {
 		const trimmed = raw.trim();
 		if (!trimmed) continue;
 		const clipped = truncateTextToMaxChars(trimmed, WORKSPACE_CONTEXT_MAX_PER_FILE);
+		if (fileName.toLowerCase() === "soul.md") hasSoulFile = true;
 		sections.push([
 			`## ${fileName}`,
 			clipped.text,
@@ -1890,7 +2164,14 @@ async function buildWorkspacePromptContext(workspaceDir) {
 		].filter(Boolean).join("\n\n"));
 	}
 	if (sections.length === 0) return "";
-	const rendered = ["# Workspace Context", ...sections].join("\n\n");
+	const rendered = [
+		"# Project Context",
+		"",
+		"The following project context files have been loaded:",
+		hasSoulFile ? "If SOUL.md is present, embody its persona and tone unless higher-priority rules override it." : "",
+		"",
+		...sections
+	].filter(Boolean).join("\n\n");
 	if (rendered.length <= WORKSPACE_CONTEXT_MAX_TOTAL) return rendered;
 	const footer = `\n\n[Workspace context truncated at ${WORKSPACE_CONTEXT_MAX_TOTAL} total characters.]`;
 	if (footer.length >= WORKSPACE_CONTEXT_MAX_TOTAL) return rendered.slice(0, WORKSPACE_CONTEXT_MAX_TOTAL);
@@ -1899,7 +2180,7 @@ async function buildWorkspacePromptContext(workspaceDir) {
 }
 async function loadAgentPrompt(agentName, workspaceDir) {
 	const promptPath = path.join(config.agentsDir, agentName, "CLAUDE.md");
-	let basePrompt = DEFAULT_SYSTEM_PROMPT;
+	let basePrompt = buildDefaultSystemPrompt(workspaceDir);
 	try {
 		const prompt = await fs$1.readFile(promptPath, "utf8");
 		if (prompt.trim().length > 0) basePrompt = prompt;
@@ -1926,14 +2207,14 @@ async function resolveProviderApiKey(provider, env = process.env) {
 	const isAnthropicProvider = provider.toLowerCase() === "anthropic";
 	const fromEnv = getProviderApiKeyFromEnv(provider, env);
 	if (fromEnv) {
-		if (isAnthropicProvider) logAnthropicCredentialResolution("env", fromEnv);
+		if (isAnthropicProvider) logAnthropicCredentialResolution("env");
 		return fromEnv;
 	}
 	const credentials = loadCredentials(env);
 	const entry = credentials[provider];
 	if (!entry) return void 0;
 	if (entry.type === "api-key") {
-		if (isAnthropicProvider) logAnthropicCredentialResolution("credentials-api-key", entry.key);
+		if (isAnthropicProvider) logAnthropicCredentialResolution("credentials-api-key");
 		return entry.key;
 	}
 	if (isAnthropicProvider && isAnthropicOAuthCredentialUnsupported(credentials.anthropic)) {
@@ -1941,7 +2222,7 @@ async function resolveProviderApiKey(provider, env = process.env) {
 		return;
 	}
 	if (isAnthropicProvider && credentials.anthropic?.type === "oauth" && isAnthropicSetupToken(credentials.anthropic)) {
-		logAnthropicCredentialResolution("credentials-oauth-setup-token", credentials.anthropic.access);
+		logAnthropicCredentialResolution("credentials-oauth-setup-token");
 		return credentials.anthropic.access;
 	}
 	const result = await getOAuthApiKey(provider, toOAuthCredentialMap(credentials));
@@ -1957,7 +2238,7 @@ async function resolveProviderApiKey(provider, env = process.env) {
 		...result.newCredentials
 	};
 	saveCredentials(credentials, env);
-	if (isAnthropicProvider) logAnthropicCredentialResolution("oauth-refresh", result.apiKey);
+	if (isAnthropicProvider) logAnthropicCredentialResolution("oauth-refresh");
 	return result.apiKey;
 }
 var PiAgentManager = class {
@@ -2127,6 +2408,10 @@ var PiAgentManager = class {
 		if (!handle) return;
 		this.db.saveAgentState(sessionKey, JSON.stringify({ messages: handle.agent.state.messages }));
 	}
+	async resetSession(sessionKey) {
+		this.sessions.delete(sessionKey);
+		this.db.clearSession(sessionKey);
+	}
 	async persistAllSessions() {
 		await Promise.all(Array.from(this.sessions.keys()).map((sessionKey) => this.persistSession(sessionKey)));
 	}
@@ -2205,6 +2490,11 @@ var DiscordChannel = class {
 
 //#endregion
 //#region src/channels/telegram.ts
+var telegram_exports = /* @__PURE__ */ __exportAll({
+	TelegramChannel: () => TelegramChannel,
+	parseTargetChatId: () => parseTargetChatId,
+	toInboundMessage: () => toInboundMessage
+});
 const TELEGRAM_CHUNK_LIMIT = 3900;
 const TELEGRAM_ALLOWED_UPDATES = [
 	"message",
@@ -2220,6 +2510,7 @@ const DEFAULT_MAX_RETRY_DELAY_MS = 8e3;
 const DEFAULT_POLL_SUCCESS_DELAY_MS = 250;
 const DEFAULT_POLL_FAILURE_DELAY_MS = 1e3;
 const DEFAULT_MAX_POLL_FAILURE_DELAY_MS = 15e3;
+const TELEGRAM_MAX_WEBHOOK_BODY_BYTES = 1048576;
 function sleep$1(ms) {
 	return new Promise((resolve) => {
 		setTimeout(resolve, ms);
@@ -2387,14 +2678,38 @@ function toInboundMessage(update, accountId = "default") {
 		raw: update
 	};
 }
-async function readBody(req) {
+function compareWebhookSecrets(expected, provided) {
+	const expectedBuffer = Buffer.from(expected, "utf8");
+	const providedBuffer = Buffer.from(provided, "utf8");
+	if (expectedBuffer.length !== providedBuffer.length) return false;
+	return timingSafeEqual(expectedBuffer, providedBuffer);
+}
+async function readBody(req, maxBytes) {
 	return new Promise((resolve, reject) => {
 		let body = "";
+		let totalBytes = 0;
+		let done = false;
 		req.on("data", (chunk) => {
+			if (done) return;
+			totalBytes += chunk.length;
+			if (totalBytes > maxBytes) {
+				done = true;
+				req.destroy();
+				reject(/* @__PURE__ */ new Error("payload_too_large"));
+				return;
+			}
 			body += chunk.toString("utf8");
 		});
-		req.on("end", () => resolve(body));
-		req.on("error", (error) => reject(error));
+		req.on("end", () => {
+			if (done) return;
+			done = true;
+			resolve(body);
+		});
+		req.on("error", (error) => {
+			if (done) return;
+			done = true;
+			reject(error);
+		});
 	});
 }
 var TelegramChannel = class {
@@ -2590,14 +2905,25 @@ var TelegramChannel = class {
 		}
 		const expectedSecret = account.webhook.secret.trim();
 		if (expectedSecret) {
-			if (String(req.headers["x-telegram-bot-api-secret-token"] || "") !== expectedSecret) {
+			if (!compareWebhookSecrets(expectedSecret, String(req.headers["x-telegram-bot-api-secret-token"] || ""))) {
 				res.statusCode = 403;
 				this.lastWebhookStatus = 403;
 				res.end("forbidden");
 				return;
 			}
 		}
-		const body = await readBody(req);
+		let body = "";
+		try {
+			body = await readBody(req, TELEGRAM_MAX_WEBHOOK_BODY_BYTES);
+		} catch (error) {
+			if (error instanceof Error && error.message === "payload_too_large") {
+				res.statusCode = 413;
+				this.lastWebhookStatus = 413;
+				res.end("payload too large");
+				return;
+			}
+			throw error;
+		}
 		if (!body) {
 			res.statusCode = 204;
 			this.lastWebhookStatus = 204;
@@ -2652,6 +2978,9 @@ var TelegramChannel = class {
 		this.schedulePoll(10);
 		logger.info({ accountId: this.accountId }, "Telegram polling channel started");
 	}
+	getAccountId() {
+		return this.accountId;
+	}
 	onMessage(handler) {
 		this.handler = handler;
 	}
@@ -2689,6 +3018,21 @@ var TelegramChannel = class {
 			text: text?.trim() || void 0
 		});
 	}
+	async setMyCommands(commands) {
+		const normalized = commands.map((entry) => ({
+			command: entry.command,
+			description: entry.description
+		}));
+		for (const scope of [
+			{ type: "default" },
+			{ type: "all_private_chats" },
+			{ type: "all_group_chats" },
+			{ type: "all_chat_administrators" }
+		]) await this.callApi("setMyCommands", {
+			commands: normalized,
+			scope
+		});
+	}
 	async sendMedia(target, media) {
 		const parsedTarget = parseTargetChatId(target.chatId);
 		const { method, mediaField } = mediaMethod(media);
@@ -2770,9 +3114,46 @@ var TelegramChannel = class {
 	}
 };
 
+//#endregion
+//#region src/redaction.ts
+const REDACTED_VALUE = "[REDACTED]";
+const SENSITIVE_KEY_PATTERNS = [
+	/token/i,
+	/password/i,
+	/secret/i,
+	/api[_-]?key/i,
+	/^key$/i,
+	/authorization/i,
+	/cookie/i,
+	/refresh/i,
+	/access/i
+];
+function isSensitiveKey(key) {
+	return SENSITIVE_KEY_PATTERNS.some((pattern) => pattern.test(key));
+}
+function redactValue(value, seen) {
+	if (Array.isArray(value)) return value.map((entry) => redactValue(entry, seen));
+	if (!value || typeof value !== "object") return value;
+	if (seen.has(value)) return "[Circular]";
+	seen.add(value);
+	const record = value;
+	const result = {};
+	for (const [key, entry] of Object.entries(record)) {
+		if (isSensitiveKey(key)) {
+			result[key] = REDACTED_VALUE;
+			continue;
+		}
+		result[key] = redactValue(entry, seen);
+	}
+	return result;
+}
+function redactSensitiveData(value) {
+	return redactValue(value, /* @__PURE__ */ new WeakSet());
+}
+
 //#endregion
 //#region src/db.ts
-function nowIso() {
+function nowIso$1() {
 	return (/* @__PURE__ */ new Date()).toISOString();
 }
 var HovClawDb = class {
@@ -2900,7 +3281,7 @@ var HovClawDb = class {
 		return Boolean(row?.name);
 	}
 	upsertSession(parts, sessionKey, model, options) {
-		const createdAt = nowIso();
+		const createdAt = nowIso$1();
 		this.db.prepare(`
         INSERT INTO sessions (
           session_key,
@@ -2995,7 +3376,7 @@ var HovClawDb = class {
         ON CONFLICT(account_id) DO UPDATE SET
           last_update_id = excluded.last_update_id,
           updated_at = excluded.updated_at
-      `).run(accountId, updateId, nowIso());
+      `).run(accountId, updateId, nowIso$1());
 	}
 	hasTelegramDedupe(accountId, updateId) {
 		return typeof this.db.prepare(`
@@ -3008,7 +3389,7 @@ var HovClawDb = class {
 		this.db.prepare(`
         INSERT OR IGNORE INTO telegram_dedupe (account_id, update_id, updated_at)
         VALUES (?, ?, ?)
-      `).run(accountId, updateId, nowIso());
+      `).run(accountId, updateId, nowIso$1());
 	}
 	pruneTelegramDedupe(olderThanIso) {
 		return this.db.prepare(`
@@ -3017,7 +3398,7 @@ var HovClawDb = class {
       `).run(olderThanIso).changes;
 	}
 	appendMessage(sessionKey, role, content) {
-		this.db.prepare(`INSERT INTO messages (session_key, role, content, created_at) VALUES (?, ?, ?, ?)`).run(sessionKey, role, content, nowIso());
+		this.db.prepare(`INSERT INTO messages (session_key, role, content, created_at) VALUES (?, ?, ?, ?)`).run(sessionKey, role, content, nowIso$1());
 	}
 	getMessages(sessionKey) {
 		return this.db.prepare(`
@@ -3038,11 +3419,16 @@ var HovClawDb = class {
         ON CONFLICT(session_key) DO UPDATE SET
           state_json = excluded.state_json,
           updated_at = excluded.updated_at
-      `).run(sessionKey, stateJson, nowIso());
+      `).run(sessionKey, stateJson, nowIso$1());
 	}
 	getAgentState(sessionKey) {
 		return this.db.prepare(`SELECT state_json FROM agent_state WHERE session_key = ?`).get(sessionKey)?.state_json ?? null;
 	}
+	clearSession(sessionKey) {
+		this.db.prepare(`DELETE FROM agent_state WHERE session_key = ?`).run(sessionKey);
+		this.db.prepare(`DELETE FROM messages WHERE session_key = ?`).run(sessionKey);
+		this.db.prepare(`DELETE FROM sessions WHERE session_key = ?`).run(sessionKey);
+	}
 	recordUsageCost(record) {
 		this.db.prepare(`
         INSERT INTO usage_costs (
@@ -3054,7 +3440,7 @@ var HovClawDb = class {
           cost_usd,
           created_at
         ) VALUES (?, ?, ?, ?, ?, ?, ?)
-      `).run(record.sessionKey, record.provider, record.model, record.inputTokens, record.outputTokens, record.costUsd, record.createdAt ?? nowIso());
+      `).run(record.sessionKey, record.provider, record.model, record.inputTokens, record.outputTokens, record.costUsd, record.createdAt ?? nowIso$1());
 	}
 	upsertScheduledJob(job) {
 		this.db.prepare(`
@@ -3184,10 +3570,11 @@ var HovClawDb = class {
 		}));
 	}
 	appendAuditEvent(record) {
+		const sanitizedPayload = redactSensitiveData(record.payload);
 		this.db.prepare(`
         INSERT INTO audit_log (ts, session_key, actor, event_type, payload_json)
         VALUES (?, ?, ?, ?, ?)
-      `).run(record.ts ?? nowIso(), record.sessionKey ?? null, record.actor, record.eventType, JSON.stringify(record.payload));
+      `).run(record.ts ?? nowIso$1(), record.sessionKey ?? null, record.actor, record.eventType, JSON.stringify(sanitizedPayload));
 	}
 	getAuditEvents(eventType) {
 		const query = eventType ? `SELECT ts, session_key, actor, event_type, payload_json FROM audit_log WHERE event_type = ? ORDER BY id DESC` : `SELECT ts, session_key, actor, event_type, payload_json FROM audit_log ORDER BY id DESC`;
@@ -3238,19 +3625,67 @@ function extractCommandPrefix$1(command) {
 	if (!trimmed) return "";
 	return trimmed.split(/\s+/)[0] ?? "";
 }
-function splitCommandSegments$1(command) {
-	return command.split(/(?:&&|\|\||[;|\n])/).map((segment) => segment.trim()).filter(Boolean);
+function nonOptionArgs$1(args) {
+	const out = [];
+	let skipNext = false;
+	for (const arg of args) {
+		if (skipNext) {
+			skipNext = false;
+			continue;
+		}
+		if (arg === "--") break;
+		if (arg === "-n" || arg === "-c" || arg === "--max-depth" || arg === "--glob" || arg === "--iglob" || arg === "--type" || arg === "--type-not" || arg === "-e" || arg === "-f") {
+			skipNext = true;
+			continue;
+		}
+		if (arg.startsWith("-")) continue;
+		out.push(arg);
+	}
+	return out;
+}
+function isLikelyPathOperand$1(value) {
+	const trimmed = value.trim();
+	if (!trimmed) return false;
+	if (/^\d+$/.test(trimmed)) return false;
+	if (trimmed.startsWith("http://") || trimmed.startsWith("https://")) return false;
+	if (trimmed === "." || trimmed === ".." || trimmed.startsWith("/") || trimmed.startsWith("./") || trimmed.startsWith("../") || trimmed.startsWith("~/") || trimmed.includes("/")) return true;
+	return /^[A-Za-z0-9._-]+$/.test(trimmed);
 }
-function validateCommand$1(command, allowedCommandPrefixes) {
+function collectReadPathOperands$1(prefix, args) {
+	if (prefix === "rg") {
+		const plain = nonOptionArgs$1(args);
+		if (plain.length <= 1) return [];
+		return plain.slice(1);
+	}
+	if (prefix === "find") {
+		const plain = nonOptionArgs$1(args);
+		return plain.length > 0 ? [plain[0]] : [];
+	}
+	return nonOptionArgs$1(args);
+}
+function validateCommand$1(command, allowedCommandPrefixes, allowedReadRoots, workspaceDir) {
 	const trimmed = command.trim();
 	if (!trimmed) throw new Error("Command prefix not allowed: <empty>");
-	if (/[`]|[$][(]|[<][(]|[>][(]/.test(trimmed)) throw new Error("Command contains disallowed shell syntax");
-	if (/[<>]/.test(trimmed)) throw new Error("Command redirection is not allowed");
-	const segments = splitCommandSegments$1(trimmed);
-	if (segments.length === 0) throw new Error("Command prefix not allowed: <empty>");
-	for (const segment of segments) {
-		const prefix = extractCommandPrefix$1(segment);
-		if (!prefix || !allowedCommandPrefixes.includes(prefix)) throw new Error(`Command prefix not allowed: ${prefix || "<empty>"}`);
+	if (/[;&|`$()<>]/.test(trimmed) || /[\r\n]/.test(trimmed)) throw new Error("Command contains disallowed shell syntax");
+	if (/["'\\]/.test(trimmed)) throw new Error("Quoted/escaped shell syntax is not allowed");
+	const tokens = trimmed.split(/\s+/).filter(Boolean);
+	if (tokens.length === 0) throw new Error("Command prefix not allowed: <empty>");
+	const prefix = extractCommandPrefix$1(trimmed);
+	if (!prefix || !allowedCommandPrefixes.includes(prefix)) throw new Error(`Command prefix not allowed: ${prefix || "<empty>"}`);
+	if (![
+		"cat",
+		"head",
+		"tail",
+		"wc",
+		"rg",
+		"ls",
+		"find"
+	].includes(prefix)) return;
+	const readRoots = buildEffectiveRoots$1(allowedReadRoots, workspaceDir);
+	const operands = collectReadPathOperands$1(prefix, tokens.slice(1)).filter(isLikelyPathOperand$1);
+	for (const operand of operands) {
+		const resolved = resolveToolPath$1(operand, workspaceDir);
+		if (!startsWithAnyRoot$1(resolved, readRoots)) throw new Error(`Command path is outside allowed read roots: ${resolved}. Allowed roots: ${readRoots.join(", ") || "<none>"}`);
 	}
 }
 function maybeTruncate$1(value, maxOutputBytes) {
@@ -3268,7 +3703,7 @@ function toContainerName(agentName, sessionKey) {
 	const hash = crypto.createHash("sha256").update(sessionKey).digest("hex").slice(0, 12);
 	return `hovclaw-${agentName.toLowerCase().replace(/[^a-z0-9-]/g, "-")}-${hash}`;
 }
-function shellEscape(input) {
+function shellEscape$1(input) {
 	return `'${input.replace(/'/g, `'"'"'`)}'`;
 }
 var ContainerRuntime = class {
@@ -3471,7 +3906,8 @@ var ContainerRuntime = class {
 	}
 	async exec(command, limits) {
 		const effective = this.mergeLimits(limits);
-		validateCommand$1(command, effective.allowedCommandPrefixes);
+		const workspaceDir = getRuntimeSessionContext()?.workspaceDir;
+		validateCommand$1(command, effective.allowedCommandPrefixes, effective.allowedReadRoots, workspaceDir);
 		return this.withContainer(effective, async (container) => {
 			return this.runDocker([
 				"exec",
@@ -3512,8 +3948,8 @@ var ContainerRuntime = class {
 		const effective = this.mergeLimits(limits);
 		const workspaceDir = getRuntimeSessionContext()?.workspaceDir;
 		const resolved = enforceAllowedPath$1(filePath, effective.allowedWriteRoots, workspaceDir, "write");
-		const escapedPath = shellEscape(resolved);
-		const escapedDir = shellEscape(path.dirname(resolved));
+		const escapedPath = shellEscape$1(resolved);
+		const escapedDir = shellEscape$1(path.dirname(resolved));
 		return this.withContainer(effective, async (container) => {
 			const result = await this.runDocker([
 				"exec",
@@ -3540,7 +3976,7 @@ var ContainerRuntime = class {
 				container.name,
 				"sh",
 				"-lc",
-				`curl -L --max-time ${Math.max(5, Math.floor(effective.timeoutMs / 1e3))} -sS ${shellEscape(url)}`
+				`curl -L --max-time ${Math.max(5, Math.floor(effective.timeoutMs / 1e3))} -sS ${shellEscape$1(url)}`
 			], {
 				timeoutMs: effective.timeoutMs,
 				maxOutputBytes: effective.maxOutputBytes,
@@ -3611,19 +4047,67 @@ function extractCommandPrefix(command) {
 	if (!trimmed) return "";
 	return trimmed.split(/\s+/)[0] ?? "";
 }
-function splitCommandSegments(command) {
-	return command.split(/(?:&&|\|\||[;|\n])/).map((segment) => segment.trim()).filter(Boolean);
+function nonOptionArgs(args) {
+	const out = [];
+	let skipNext = false;
+	for (const arg of args) {
+		if (skipNext) {
+			skipNext = false;
+			continue;
+		}
+		if (arg === "--") break;
+		if (arg === "-n" || arg === "-c" || arg === "--max-depth" || arg === "--glob" || arg === "--iglob" || arg === "--type" || arg === "--type-not" || arg === "-e" || arg === "-f") {
+			skipNext = true;
+			continue;
+		}
+		if (arg.startsWith("-")) continue;
+		out.push(arg);
+	}
+	return out;
+}
+function isLikelyPathOperand(value) {
+	const trimmed = value.trim();
+	if (!trimmed) return false;
+	if (/^\d+$/.test(trimmed)) return false;
+	if (trimmed.startsWith("http://") || trimmed.startsWith("https://")) return false;
+	if (trimmed === "." || trimmed === ".." || trimmed.startsWith("/") || trimmed.startsWith("./") || trimmed.startsWith("../") || trimmed.startsWith("~/") || trimmed.includes("/")) return true;
+	return /^[A-Za-z0-9._-]+$/.test(trimmed);
 }
-function validateCommand(command, allowedCommandPrefixes) {
+function collectReadPathOperands(prefix, args) {
+	if (prefix === "rg") {
+		const plain = nonOptionArgs(args);
+		if (plain.length <= 1) return [];
+		return plain.slice(1);
+	}
+	if (prefix === "find") {
+		const plain = nonOptionArgs(args);
+		return plain.length > 0 ? [plain[0]] : [];
+	}
+	return nonOptionArgs(args);
+}
+function validateCommand(command, allowedCommandPrefixes, allowedReadRoots, workspaceDir) {
 	const trimmed = command.trim();
 	if (!trimmed) throw new Error("Command prefix not allowed: <empty>");
-	if (/[`]|[$][(]|[<][(]|[>][(]/.test(trimmed)) throw new Error("Command contains disallowed shell syntax");
-	if (/[<>]/.test(trimmed)) throw new Error("Command redirection is not allowed");
-	const segments = splitCommandSegments(trimmed);
-	if (segments.length === 0) throw new Error("Command prefix not allowed: <empty>");
-	for (const segment of segments) {
-		const prefix = extractCommandPrefix(segment);
-		if (!prefix || !allowedCommandPrefixes.includes(prefix)) throw new Error(`Command prefix not allowed: ${prefix || "<empty>"}`);
+	if (/[;&|`$()<>]/.test(trimmed) || /[\r\n]/.test(trimmed)) throw new Error("Command contains disallowed shell syntax");
+	if (/["'\\]/.test(trimmed)) throw new Error("Quoted/escaped shell syntax is not allowed");
+	const tokens = trimmed.split(/\s+/).filter(Boolean);
+	if (tokens.length === 0) throw new Error("Command prefix not allowed: <empty>");
+	const prefix = extractCommandPrefix(trimmed);
+	if (!prefix || !allowedCommandPrefixes.includes(prefix)) throw new Error(`Command prefix not allowed: ${prefix || "<empty>"}`);
+	if (![
+		"cat",
+		"head",
+		"tail",
+		"wc",
+		"rg",
+		"ls",
+		"find"
+	].includes(prefix)) return;
+	const readRoots = buildEffectiveRoots(allowedReadRoots, workspaceDir);
+	const operands = collectReadPathOperands(prefix, tokens.slice(1)).filter(isLikelyPathOperand);
+	for (const operand of operands) {
+		const resolved = resolveToolPath(operand, workspaceDir);
+		if (!startsWithAnyRoot(resolved, readRoots)) throw new Error(`Command path is outside allowed read roots: ${resolved}. Allowed roots: ${readRoots.join(", ") || "<none>"}`);
 	}
 }
 function maybeTruncate(value, maxOutputBytes) {
@@ -3649,13 +4133,18 @@ var LocalHostRuntime = class {
 	}
 	async exec(command, limits) {
 		const effective = this.mergeLimits(limits);
-		validateCommand(command, effective.allowedCommandPrefixes);
+		const workspaceDir = getRuntimeSessionContext()?.workspaceDir;
+		validateCommand(command, effective.allowedCommandPrefixes, effective.allowedReadRoots, workspaceDir);
+		const cwd = workspaceDir ? path.resolve(expandUserPath(workspaceDir)) : process.cwd();
 		return await new Promise((resolve, reject) => {
-			const child = spawn("bash", ["-lc", command], { stdio: [
-				"ignore",
-				"pipe",
-				"pipe"
-			] });
+			const child = spawn("bash", ["-lc", command], {
+				stdio: [
+					"ignore",
+					"pipe",
+					"pipe"
+				],
+				cwd
+			});
 			let stdout = "";
 			let stderr = "";
 			let timedOut = false;
@@ -3748,149 +4237,151 @@ function normalizeErrorMessage(error) {
 	if (error instanceof Error) return error.message;
 	return String(error);
 }
-function createTools({ runtime, audit }) {
+function createTools({ runtime, audit, bashEnabled }) {
 	const parser = new Parser();
-	return [
-		{
-			name: "bash",
-			label: "Bash",
-			description: "Run a shell command on allowed command prefixes only.",
-			parameters: Type.Object({
-				command: Type.String(),
-				timeoutMs: Type.Optional(Type.Number({
-					minimum: 1e3,
-					maximum: 12e4
-				}))
-			}),
-			execute: async (_toolCallId, params) => {
-				audit({
-					actor: "tool",
-					eventType: "tool.exec",
-					payload: { command: params.command }
-				});
-				const result = await runtime.exec(params.command, { timeoutMs: params.timeoutMs });
-				return textResult([
-					`exitCode: ${result.exitCode}`,
-					result.timedOut ? "timedOut: true" : "timedOut: false",
-					result.truncated ? "truncated: true" : "truncated: false",
-					"",
-					result.stdout ? `stdout:\n${result.stdout}` : "stdout: <empty>",
-					"",
-					result.stderr ? `stderr:\n${result.stderr}` : "stderr: <empty>"
-				].join("\n"), result);
-			}
-		},
-		{
-			name: "read_file",
-			label: "Read File",
-			description: "Read a text file from an allowlisted path.",
-			parameters: Type.Object({
-				path: Type.String(),
-				maxBytes: Type.Optional(Type.Number({
-					minimum: 128,
-					maximum: 1e6
-				}))
-			}),
-			execute: async (_toolCallId, params) => {
-				audit({
-					actor: "tool",
-					eventType: "tool.read_file",
-					payload: { path: params.path }
-				});
-				const result = await runtime.readFile(params.path, { maxOutputBytes: params.maxBytes });
-				return textResult(result.content, result);
-			}
-		},
-		{
-			name: "write_file",
-			label: "Write File",
-			description: "Write UTF-8 text content to an allowlisted path.",
-			parameters: Type.Object({
-				path: Type.String(),
-				content: Type.String()
+	const bashTool = {
+		name: "bash",
+		label: "Bash",
+		description: "Run a shell command on allowed command prefixes only.",
+		parameters: Type.Object({
+			command: Type.String(),
+			timeoutMs: Type.Optional(Type.Number({
+				minimum: 1e3,
+				maximum: 12e4
+			}))
+		}),
+		execute: async (_toolCallId, params) => {
+			audit({
+				actor: "tool",
+				eventType: "tool.exec",
+				payload: { command: params.command }
+			});
+			const result = await runtime.exec(params.command, { timeoutMs: params.timeoutMs });
+			return textResult([
+				`exitCode: ${result.exitCode}`,
+				result.timedOut ? "timedOut: true" : "timedOut: false",
+				result.truncated ? "truncated: true" : "truncated: false",
+				"",
+				result.stdout ? `stdout:\n${result.stdout}` : "stdout: <empty>",
+				"",
+				result.stderr ? `stderr:\n${result.stderr}` : "stderr: <empty>"
+			].join("\n"), result);
+		}
+	};
+	const readFileTool = {
+		name: "read_file",
+		label: "Read File",
+		description: "Read a text file from an allowlisted path.",
+		parameters: Type.Object({
+			path: Type.String(),
+			maxBytes: Type.Optional(Type.Number({
+				minimum: 128,
+				maximum: 1e6
+			}))
+		}),
+		execute: async (_toolCallId, params) => {
+			audit({
+				actor: "tool",
+				eventType: "tool.read_file",
+				payload: { path: params.path }
+			});
+			const result = await runtime.readFile(params.path, { maxOutputBytes: params.maxBytes });
+			return textResult(result.content, result);
+		}
+	};
+	const writeFileTool = {
+		name: "write_file",
+		label: "Write File",
+		description: "Write UTF-8 text content to an allowlisted path.",
+		parameters: Type.Object({
+			path: Type.String(),
+			content: Type.String()
+		}),
+		execute: async (_toolCallId, params) => {
+			audit({
+				actor: "tool",
+				eventType: "tool.write_file",
+				payload: {
+					path: params.path,
+					bytes: Buffer.byteLength(params.content, "utf8")
+				}
+			});
+			const result = await runtime.writeFile(params.path, params.content);
+			return textResult(`Wrote ${result.bytesWritten} bytes to ${params.path}.`, result);
+		}
+	};
+	const webSearchTool = {
+		name: "web_search",
+		label: "Web Search",
+		description: "Fetch a URL and return readable article text.",
+		parameters: Type.Object({ url: Type.String({ format: "uri" }) }),
+		execute: async (_toolCallId, params) => {
+			audit({
+				actor: "tool",
+				eventType: "tool.fetch_web",
+				payload: { url: params.url }
+			});
+			const result = await runtime.fetchWeb(params.url);
+			return textResult(`${result.title ? `# ${result.title}\n\n` : ""}${result.markdown}`.trim(), result);
+		}
+	};
+	const fetchPodcastFeedTool = {
+		name: "fetch_podcast_feed",
+		label: "Fetch Podcast Feed",
+		description: "Fetch one or more RSS podcast feeds and return recent episodes.",
+		parameters: Type.Object({
+			urls: Type.Array(Type.String({ format: "uri" }), {
+				minItems: 1,
+				maxItems: 20
 			}),
-			execute: async (_toolCallId, params) => {
-				audit({
-					actor: "tool",
-					eventType: "tool.write_file",
-					payload: {
-						path: params.path,
-						bytes: Buffer.byteLength(params.content, "utf8")
-					}
+			limitPerFeed: Type.Optional(Type.Number({
+				minimum: 1,
+				maximum: 50
+			}))
+		}),
+		execute: async (_toolCallId, params) => {
+			const limit = params.limitPerFeed ?? 5;
+			const output = [];
+			for (const url of params.urls) try {
+				const feed = await parser.parseURL(url);
+				const episodes = (feed.items ?? []).slice(0, limit).map((item) => ({
+					title: item.title ?? "Untitled episode",
+					publishedAt: item.pubDate || item.isoDate || null,
+					link: item.link ?? "",
+					summary: (item.contentSnippet || item.content || item.summary || "").replace(/\s+/g, " ").trim().slice(0, 400) || "No summary available."
+				}));
+				output.push({
+					url,
+					title: feed.title ?? "Untitled feed",
+					episodes
 				});
-				const result = await runtime.writeFile(params.path, params.content);
-				return textResult(`Wrote ${result.bytesWritten} bytes to ${params.path}.`, result);
-			}
-		},
-		{
-			name: "web_search",
-			label: "Web Search",
-			description: "Fetch a URL and return readable article text.",
-			parameters: Type.Object({ url: Type.String({ format: "uri" }) }),
-			execute: async (_toolCallId, params) => {
-				audit({
-					actor: "tool",
-					eventType: "tool.fetch_web",
-					payload: { url: params.url }
+			} catch (error) {
+				output.push({
+					url,
+					title: "Unknown feed",
+					episodes: [],
+					error: normalizeErrorMessage(error)
 				});
-				const result = await runtime.fetchWeb(params.url);
-				return textResult(`${result.title ? `# ${result.title}\n\n` : ""}${result.markdown}`.trim(), result);
 			}
-		},
-		{
-			name: "fetch_podcast_feed",
-			label: "Fetch Podcast Feed",
-			description: "Fetch one or more RSS podcast feeds and return recent episodes.",
-			parameters: Type.Object({
-				urls: Type.Array(Type.String({ format: "uri" }), {
-					minItems: 1,
-					maxItems: 20
-				}),
-				limitPerFeed: Type.Optional(Type.Number({
-					minimum: 1,
-					maximum: 50
-				}))
-			}),
-			execute: async (_toolCallId, params) => {
-				const limit = params.limitPerFeed ?? 5;
-				const output = [];
-				for (const url of params.urls) try {
-					const feed = await parser.parseURL(url);
-					const episodes = (feed.items ?? []).slice(0, limit).map((item) => ({
-						title: item.title ?? "Untitled episode",
-						publishedAt: item.pubDate || item.isoDate || null,
-						link: item.link ?? "",
-						summary: (item.contentSnippet || item.content || item.summary || "").replace(/\s+/g, " ").trim().slice(0, 400) || "No summary available."
-					}));
-					output.push({
-						url,
-						title: feed.title ?? "Untitled feed",
-						episodes
-					});
-				} catch (error) {
-					output.push({
-						url,
-						title: "Unknown feed",
-						episodes: [],
-						error: normalizeErrorMessage(error)
-					});
+			audit({
+				actor: "tool",
+				eventType: "tool.fetch_podcast_feed",
+				payload: {
+					urls: params.urls,
+					limitPerFeed: limit
 				}
-				audit({
-					actor: "tool",
-					eventType: "tool.fetch_podcast_feed",
-					payload: {
-						urls: params.urls,
-						limitPerFeed: limit
-					}
-				});
-				return textResult(output.map((feed) => {
-					if (feed.error) return `Feed: ${feed.url}\nError: ${feed.error}`;
-					const episodesText = feed.episodes.map((episode, index) => `${index + 1}. ${episode.title}${episode.publishedAt ? ` (${episode.publishedAt})` : ""}\n${episode.link}\n${episode.summary}`).join("\n\n");
-					return `Feed: ${feed.title}\nSource: ${feed.url}\n\n${episodesText}`;
-				}).join("\n\n---\n\n"), output);
-			}
+			});
+			return textResult(output.map((feed) => {
+				if (feed.error) return `Feed: ${feed.url}\nError: ${feed.error}`;
+				const episodesText = feed.episodes.map((episode, index) => `${index + 1}. ${episode.title}${episode.publishedAt ? ` (${episode.publishedAt})` : ""}\n${episode.link}\n${episode.summary}`).join("\n\n");
+				return `Feed: ${feed.title}\nSource: ${feed.url}\n\n${episodesText}`;
+			}).join("\n\n---\n\n"), output);
 		}
-	];
+	};
+	const tools = [];
+	if (bashEnabled) tools.push(bashTool);
+	tools.push(readFileTool, writeFileTool, webSearchTool, fetchPodcastFeedTool);
+	return tools;
 }
 
 //#endregion
@@ -4140,7 +4631,7 @@ function renderSnapshots(snapshots) {
 	}
 	return lines.join("\n");
 }
-function printJson$1(value) {
+function printJson$2(value) {
 	process.stdout.write(`${JSON.stringify(value, null, 2)}\n`);
 }
 function parseCompatChannel(raw) {
@@ -4186,7 +4677,7 @@ function registerChannelsCommands(program, deps = defaultChannelsCommandDeps) {
 		const snapshots = buildChannelCompatSnapshots(deps.readFileConfig());
 		const payload = { channels: snapshots };
 		if (options.json) {
-			printJson$1(payload);
+			printJson$2(payload);
 			return;
 		}
 		process.stdout.write(`${renderSnapshots(snapshots)}\n`);
@@ -4194,7 +4685,7 @@ function registerChannelsCommands(program, deps = defaultChannelsCommandDeps) {
 	addChannelConnectionOptions(channels.command("status").description("Show channel status via gateway with config fallback").action(async (options) => {
 		const report = await resolveChannelsStatusWithFallback(deps.readFileConfig(), toRpcOptions$2(options), deps.rpcCall);
 		if (options.json) {
-			printJson$1(report);
+			printJson$2(report);
 			return;
 		}
 		process.stdout.write(`Source: ${report.source}\n`);
@@ -4218,7 +4709,7 @@ function registerChannelsCommands(program, deps = defaultChannelsCommandDeps) {
 			tokenSource: channel === "telegram" ? normalizeTokenSource(next.channels.telegram.accounts[accountId]?.botToken ?? "") : normalizeTokenSource(next.channels.discord.botToken)
 		};
 		if (options.json) {
-			printJson$1(payload);
+			printJson$2(payload);
 			return;
 		}
 		process.stdout.write(`Updated ${channel}/${accountId}: enabled=true, token=${payload.tokenSource}.\n`);
@@ -4241,7 +4732,7 @@ function registerChannelsCommands(program, deps = defaultChannelsCommandDeps) {
 			deleted: Boolean(options.delete)
 		};
 		if (options.json) {
-			printJson$1(payload);
+			printJson$2(payload);
 			return;
 		}
 		process.stdout.write(`Updated ${channel}/${accountId}: enabled=false, token=${payload.tokenSource}.\n`);
@@ -4264,7 +4755,7 @@ function registerChannelsCommands(program, deps = defaultChannelsCommandDeps) {
 			note: "HOVClaw uses token-based setup for Telegram/Discord. No interactive OAuth/pairing flow is required."
 		};
 		if (options.json) {
-			printJson$1(payload);
+			printJson$2(payload);
 			return;
 		}
 		process.stdout.write(`${payload.note}\n`);
@@ -4286,7 +4777,7 @@ function registerChannelsCommands(program, deps = defaultChannelsCommandDeps) {
 				payload
 			};
 			if (options.json) {
-				printJson$1(result);
+				printJson$2(result);
 				return;
 			}
 			process.stdout.write("Channel logout request sent via gateway.\n");
@@ -4300,7 +4791,7 @@ function registerChannelsCommands(program, deps = defaultChannelsCommandDeps) {
 				gatewayError
 			};
 			if (options.json) {
-				printJson$1(result);
+				printJson$2(result);
 				return;
 			}
 			process.stdout.write(`Gateway logout failed (${gatewayError}). Used local fallback: ${fallback.ok ? "ok" : "failed"}.\n`);
@@ -4325,7 +4816,7 @@ function toRpcOptions$1(options) {
 		timeoutMs: parseTimeoutMs$1(options.timeout)
 	};
 }
-function printJson(value) {
+function printJson$1(value) {
 	process.stdout.write(`${JSON.stringify(value, null, 2)}\n`);
 }
 function registerModelsCommands(program) {
@@ -4333,29 +4824,187 @@ function registerModelsCommands(program) {
 	models.command("list").description("List configured/known models").option("--url <url>", "Gateway URL").option("--token <token>", "Gateway auth token").option("--password <password>", "Gateway auth password").option("--timeout <ms>", "Gateway timeout in ms").option("--json", "Print JSON output").action(async (options) => {
 		const payload = await callGatewayRpc("models.list", void 0, toRpcOptions$1(options));
 		if (options.json) {
-			printJson(payload);
+			printJson$1(payload);
 			return;
 		}
-		printJson(payload);
+		printJson$1(payload);
 	});
 	models.command("status").description("Show effective model policy and defaults").option("--url <url>", "Gateway URL").option("--token <token>", "Gateway auth token").option("--password <password>", "Gateway auth password").option("--timeout <ms>", "Gateway timeout in ms").option("--json", "Print JSON output").action(async (options) => {
 		const payload = await callGatewayRpc("models.status", void 0, toRpcOptions$1(options));
 		if (options.json) {
-			printJson(payload);
+			printJson$1(payload);
 			return;
 		}
-		printJson(payload);
+		printJson$1(payload);
 	});
 	models.command("set").description("Set model for a target route").requiredOption("--model <model>", "Model reference provider:model").option("--target <target>", "interactive|interactiveFallback|discord|cron").option("--url <url>", "Gateway URL").option("--token <token>", "Gateway auth token").option("--password <password>", "Gateway auth password").option("--timeout <ms>", "Gateway timeout in ms").option("--json", "Print JSON output").action(async (options) => {
 		const payload = await callGatewayRpc("models.set", {
 			model: options.model,
 			target: options.target
 		}, toRpcOptions$1(options));
+		if (options.json) {
+			printJson$1(payload);
+			return;
+		}
+		printJson$1(payload);
+	});
+}
+
+//#endregion
+//#region src/channels/telegram-pairing-store.ts
+function emptyState() {
+	return {
+		approved: {},
+		pending: {}
+	};
+}
+function nowIso() {
+	return (/* @__PURE__ */ new Date()).toISOString();
+}
+function randomCode() {
+	return Math.random().toString(36).slice(2, 8).toUpperCase();
+}
+var TelegramPairingStore = class {
+	filePath;
+	constructor(storeDir) {
+		this.filePath = path.join(storeDir, "telegram-pairing.json");
+	}
+	readState() {
+		if (!fs.existsSync(this.filePath)) return emptyState();
+		try {
+			const parsed = JSON.parse(fs.readFileSync(this.filePath, "utf8"));
+			if (!parsed || typeof parsed !== "object") return emptyState();
+			return {
+				approved: parsed.approved ?? {},
+				pending: parsed.pending ?? {}
+			};
+		} catch {
+			return emptyState();
+		}
+	}
+	writeState(state) {
+		fs.mkdirSync(path.dirname(this.filePath), { recursive: true });
+		fs.writeFileSync(this.filePath, `${JSON.stringify(state, null, 2)}\n`, "utf8");
+	}
+	isApproved(accountId, userId) {
+		return (this.readState().approved[accountId] ?? []).includes(userId);
+	}
+	ensurePendingCode(accountId, userId) {
+		const state = this.readState();
+		const pendingByAccount = state.pending[accountId] ?? {};
+		const existing = Object.entries(pendingByAccount).find(([, entry]) => entry.userId === userId);
+		if (existing) return existing[0];
+		const code = randomCode();
+		state.pending[accountId] = {
+			...pendingByAccount,
+			[code]: {
+				userId,
+				createdAt: nowIso()
+			}
+		};
+		this.writeState(state);
+		return code;
+	}
+	approveByCode(accountId, code) {
+		const state = this.readState();
+		const pendingByAccount = state.pending[accountId] ?? {};
+		const entry = pendingByAccount[code];
+		if (!entry) return { ok: false };
+		const approved = new Set(state.approved[accountId] ?? []);
+		approved.add(entry.userId);
+		state.approved[accountId] = Array.from(approved).sort((a, b) => a.localeCompare(b));
+		delete pendingByAccount[code];
+		state.pending[accountId] = pendingByAccount;
+		this.writeState(state);
+		return {
+			ok: true,
+			userId: entry.userId
+		};
+	}
+	rejectByCode(accountId, code) {
+		const state = this.readState();
+		const pendingByAccount = state.pending[accountId] ?? {};
+		const entry = pendingByAccount[code];
+		if (!entry) return { ok: false };
+		delete pendingByAccount[code];
+		state.pending[accountId] = pendingByAccount;
+		this.writeState(state);
+		return {
+			ok: true,
+			userId: entry.userId
+		};
+	}
+};
+
+//#endregion
+//#region src/cli/pairing.ts
+const APPROVE_USAGE = "Usage: hovclaw pairing approve <channel> <code> (or: hovclaw pairing approve --channel <channel> <code>)";
+const APPROVE_FLAG_USAGE = "Too many arguments. Use: hovclaw pairing approve --channel <channel> <code>";
+const defaultPairingCommandDeps = {
+	loadAppConfig: loadConfig,
+	createTelegramPairingStore: (storeDir) => new TelegramPairingStore(storeDir),
+	notifyTelegramPairingApproved: async (params) => {
+		const { TelegramChannel } = await Promise.resolve().then(() => telegram_exports);
+		await new TelegramChannel({ accountId: params.accountId }).sendMessage({
+			channel: "telegram",
+			chatId: params.userId,
+			accountId: params.accountId
+		}, "Your pairing request was approved. You can now send messages to the assistant.");
+	}
+};
+function printJson(value) {
+	process.stdout.write(`${JSON.stringify(value, null, 2)}\n`);
+}
+function resolvePairingApproveInput(params) {
+	const channelOption = params.channelOption?.trim();
+	if (channelOption) {
+		if (params.code !== void 0) throw new Error(APPROVE_FLAG_USAGE);
+		const code = params.codeOrChannel.trim().toUpperCase();
+		if (!code) throw new Error(APPROVE_USAGE);
+		return {
+			channel: channelOption.toLowerCase(),
+			code
+		};
+	}
+	if (params.code === void 0) throw new Error(APPROVE_USAGE);
+	const channel = params.codeOrChannel.trim().toLowerCase();
+	const code = params.code.trim().toUpperCase();
+	if (!channel || !code) throw new Error(APPROVE_USAGE);
+	return {
+		channel,
+		code
+	};
+}
+function registerPairingCommands(program, deps = defaultPairingCommandDeps) {
+	program.command("pairing").description("Pairing helpers").command("approve").description("Approve a pairing code and allow that sender").option("--channel <channel>", "Channel (telegram)").option("--account <id>", "Telegram account id").option("--json", "Print JSON output").argument("<codeOrChannel>", "Pairing code (or channel when using 2 args)").argument("[code]", "Pairing code (when channel is passed as the 1st arg)").action(async (codeOrChannel, code, options) => {
+		const parsed = resolvePairingApproveInput({
+			codeOrChannel,
+			code,
+			channelOption: options.channel
+		});
+		if (parsed.channel !== "telegram") throw new Error(`Channel ${parsed.channel} does not support pairing`);
+		const loadedConfig = deps.loadAppConfig();
+		const defaultAccountId = loadedConfig.channels.telegram.defaultAccountId.trim() || "default";
+		const accountId = options.account?.trim() || defaultAccountId || "default";
+		const result = deps.createTelegramPairingStore(loadedConfig.storeDir).approveByCode(accountId, parsed.code);
+		if (!result.ok) throw new Error(`No pending pairing request found for code: ${parsed.code}`);
+		if (result.userId) await deps.notifyTelegramPairingApproved({
+			accountId,
+			userId: result.userId,
+			code: parsed.code
+		}).catch(() => void 0);
+		const payload = {
+			ok: true,
+			channel: "telegram",
+			accountId,
+			code: parsed.code,
+			...result.userId ? { userId: result.userId } : {}
+		};
 		if (options.json) {
 			printJson(payload);
 			return;
 		}
-		printJson(payload);
+		process.stdout.write(`Approved pairing: channel=telegram account=${accountId}${result.userId ? ` user=${result.userId}` : ""}\n`);
 	});
 }
 
@@ -4590,6 +5239,33 @@ function sleep(ms) {
 		setTimeout(resolve, ms);
 	});
 }
+function shellEscape(value) {
+	return `'${value.replace(/'/g, "'\\''")}'`;
+}
+function spawnDetachedDaemonWithDelay(launch, logPath, env, delayMs) {
+	const outFd = fs.openSync(logPath, "a");
+	const errFd = fs.openSync(logPath, "a");
+	try {
+		const delaySeconds = Math.max(0, delayMs) / 1e3;
+		const command = [launch.command, ...launch.args].map((entry) => shellEscape(entry)).join(" ");
+		const child = spawn("/bin/sh", ["-lc", `sleep ${delaySeconds.toFixed(3)}; exec ${command}`], {
+			cwd: launch.cwd,
+			env,
+			detached: true,
+			stdio: [
+				"ignore",
+				outFd,
+				errFd
+			]
+		});
+		child.unref();
+		if (child.pid === void 0) throw new Error("Failed to spawn replacement daemon process.");
+		return child.pid;
+	} finally {
+		fs.closeSync(outFd);
+		fs.closeSync(errFd);
+	}
+}
 function parseLogLinesOption(raw) {
 	const parsed = Number(raw);
 	if (!Number.isFinite(parsed) || parsed <= 0) throw new Error(`Invalid line count: ${raw}`);
@@ -4778,6 +5454,42 @@ async function restartDaemon(env = process.env) {
 	await stopDaemon(env);
 	return startDaemon(env);
 }
+async function requestDaemonRestartFromCurrentProcess(env = process.env) {
+	const launchd = getLaunchdStatus(env);
+	if (launchd.supported && launchd.installed) {
+		if (!launchd.loaded) runLaunchctl([
+			"bootstrap",
+			launchd.domain,
+			launchd.plistPath
+		], false);
+		runLaunchctl(["enable", `${launchd.domain}/${launchd.label}`], true);
+		runLaunchctl([
+			"kickstart",
+			"-k",
+			`${launchd.domain}/${launchd.label}`
+		], false);
+		clearState(env);
+		return {
+			mode: "launchd-kickstart",
+			pid: launchd.pid
+		};
+	}
+	const launch = resolveLaunchSpec();
+	const logPath = getLogPath(env);
+	const pid = spawnDetachedDaemonWithDelay(launch, logPath, env, 350);
+	saveState({
+		pid,
+		startedAt: (/* @__PURE__ */ new Date()).toISOString(),
+		command: launch.command,
+		args: launch.args,
+		cwd: launch.cwd,
+		logPath
+	}, env);
+	return {
+		mode: "spawn-reexec",
+		pid
+	};
+}
 function readDaemonLogTail(lineCount = 100, env = process.env) {
 	const logPath = getLogPath(env);
 	if (!fs.existsSync(logPath)) return "";
@@ -4919,7 +5631,7 @@ function registerGatewayCommands(program, deps = defaultGatewayCommandDeps) {
 	gateway.command("run").description("Run HOVClaw daemon with gateway in foreground").action(async () => {
 		if (!config.gateway.enabled) throw new Error("Gateway is disabled in config. Enable gateway.enabled first.");
 		process.stdout.write(`Starting HOVClaw gateway on ${config.gateway.host}:${config.gateway.port}...\n`);
-		await import("./src-D_mIwpeq.js");
+		await import("./src-Y6AqidKn.js");
 	});
 	gateway.command("open-ui").description("Open the minimal gateway web UI in your default browser").option("--no-open", "Print URL but do not open browser").option("--json", "Print JSON output").action(async (options) => {
 		const url = resolveGatewayWebUiUrl();
@@ -4984,6 +5696,86 @@ function registerGatewayCommands(program, deps = defaultGatewayCommandDeps) {
 	}));
 }
 
+//#endregion
+//#region src/cli/skills.ts
+const SKILL_NAME_RE = /^[a-zA-Z0-9][a-zA-Z0-9._-]{0,63}$/;
+async function createSkillScaffold(name, description) {
+	const normalizedName = name.trim();
+	if (!normalizedName) throw new Error("Skill name is required.");
+	if (!SKILL_NAME_RE.test(normalizedName)) throw new Error("Invalid skill name. Use 1-64 chars: letters, numbers, dot, underscore, or hyphen.");
+	const skillDir = path.join(config.skillsDir, normalizedName);
+	const skillPath = path.join(skillDir, "SKILL.md");
+	await fs$1.mkdir(skillDir, { recursive: false });
+	const content = [
+		"---",
+		`name: ${normalizedName}`,
+		`description: ${description?.trim() || `Skill ${normalizedName}`}`,
+		"---",
+		"",
+		`# ${normalizedName}`,
+		"",
+		"Describe what this skill does and how it should be used."
+	].join("\n");
+	await fs$1.writeFile(skillPath, `${content}\n`, "utf8");
+	return skillPath;
+}
+function registerSkillsCommands(program) {
+	const skills = program.command("skills").description("Inspect and create local skills");
+	skills.command("list").description("List installed skills").option("--json", "Print JSON output").action((options) => {
+		const names = listAvailableSkills();
+		if (options.json) {
+			const payload = names.map((name) => {
+				return {
+					name,
+					description: loadSkill(name)?.frontmatter.description ?? null
+				};
+			});
+			process.stdout.write(`${JSON.stringify(payload, null, 2)}\n`);
+			return;
+		}
+		if (names.length === 0) {
+			process.stdout.write("No skills found.\n");
+			return;
+		}
+		for (const name of names) {
+			const description = loadSkill(name)?.frontmatter.description?.trim();
+			process.stdout.write(`- ${name}${description ? `: ${description}` : ""}\n`);
+		}
+	});
+	skills.command("info <name>").description("Show details for one skill").option("--json", "Print JSON output").action((name, options) => {
+		const skill = loadSkill(name);
+		if (!skill) throw new Error(`Skill not found: ${name}`);
+		if (options.json) {
+			process.stdout.write(`${JSON.stringify(skill, null, 2)}\n`);
+			return;
+		}
+		process.stdout.write(`name: ${skill.name}\n`);
+		if (skill.frontmatter.description) process.stdout.write(`description: ${skill.frontmatter.description}\n`);
+		process.stdout.write(`instructions_chars: ${skill.instructions.length}\n`);
+	});
+	skills.command("check").description("Validate installed skill metadata").option("--json", "Print JSON output").action((options) => {
+		const report = listAvailableSkills().map((name) => {
+			const skill = loadSkill(name);
+			const hasName = Boolean(skill?.frontmatter.name && skill.frontmatter.name !== "unknown");
+			const hasDescription = Boolean(skill?.frontmatter.description?.trim());
+			return {
+				name,
+				ok: Boolean(skill && hasName),
+				hasDescription
+			};
+		});
+		if (options.json) {
+			process.stdout.write(`${JSON.stringify(report, null, 2)}\n`);
+			return;
+		}
+		for (const entry of report) process.stdout.write(`${entry.ok ? "ok" : "invalid"} ${entry.name}${entry.hasDescription ? "" : " (missing description)"}\n`);
+	});
+	skills.command("init <name>").description("Create a new local skill scaffold").option("-d, --description <text>", "Skill description").action(async (name, options) => {
+		const skillPath = await createSkillScaffold(name, options.description);
+		process.stdout.write(`Created ${skillPath}\n`);
+	});
+}
+
 //#endregion
 //#region src/cli/status.ts
 function statusForDiscord(loadedConfig) {
@@ -5137,19 +5929,38 @@ function loadCliVersion() {
 }
 function registerCoreCommands(program) {
 	program.command("onboard").description("Run interactive onboarding wizard").action(async () => {
-		await (await import("./onboard-Cgbgh2Jn.js")).main();
+		await (await import("./onboard-DL6VDf50.js")).main();
 	});
 	program.command("login [provider]").description("Run OAuth login for a provider").action(async (provider) => {
-		await (await import("./login-Ca1_XRup.js")).main(provider ? [provider] : []);
+		await (await import("./login-BwvBMKdz.js")).main(provider ? [provider] : []);
 	});
 	program.command("doctor").description("Run installation and config health checks").option("--fix", "Attempt auto-repair").option("--repair", "Attempt auto-repair").option("--deep", "Run deep checks").option("--json", "Print JSON output").action(async (options) => {
-		const module = await import("./doctor-I8YVuapp.js");
+		const module = await import("./doctor-D52M80De.js");
 		const args = [];
 		if (options.fix || options.repair) args.push("--fix");
 		if (options.deep) args.push("--deep");
 		if (options.json) args.push("--json");
 		await module.main(args);
 	});
+	program.command("reset").description("Reset local config/state while keeping HovClaw installed").option("--scope <scope>", "config|config+creds+sessions|full").option("--yes", "Skip confirmation prompts").option("--non-interactive", "Disable prompts (requires --scope + --yes)").option("--dry-run", "Print reset plan without deleting files").option("--json", "Print JSON output").action(async (options) => {
+		const module = await import("./reset-BJUhrojJ.js");
+		try {
+			const result = await module.runResetCommand({
+				scope: options.scope,
+				yes: options.yes,
+				nonInteractive: options.nonInteractive,
+				dryRun: options.dryRun
+			});
+			if (options.json) {
+				process.stdout.write(`${JSON.stringify(result, null, 2)}\n`);
+				return;
+			}
+			process.stdout.write(`${module.renderResetResult(result)}\n`);
+		} catch (error) {
+			if ((error instanceof Error ? error.message : String(error)) === "reset_cancelled") return;
+			throw error;
+		}
+	});
 }
 function registerMessageCommands(program) {
 	program.command("message").description("Send direct channel messages").command("send").description("Send a message to a channel target").requiredOption("-c, --channel <channel>", "telegram|discord").requiredOption("-t, --to <target>", "Target chat id").requiredOption("-m, --message <text>", "Message text").option("--json", "Print JSON output").action(async (options) => {
@@ -5237,7 +6048,9 @@ async function main() {
 	registerDaemonCommands(program);
 	registerChannelsCommands(program);
 	registerModelsCommands(program);
+	registerPairingCommands(program);
 	registerGatewayCommands(program);
+	registerSkillsCommands(program);
 	registerCompatCommands(program);
 	await program.parseAsync(process.argv);
 }
@@ -5247,4 +6060,4 @@ main().catch((error) => {
 });
 
 //#endregion
-export { hasCredentialsFile as A, detectLegacyEnvConfig as C, getDefaultFileConfig as D, getCredentialsPath as E, saveConfigFile as F, saveCredentials as I, writeOpenClawMirror as L, loadCredentials as M, loadFileConfig as N, getHovclawHome as O, resolveTelegramAccountConfig as P, config as S, getConfigPath as T, resolveModelAlias as _, TelegramChannel as a, parseConnectParams as b, composeSessionKey as c, extractAssistantText as d, toUserFacingAssistantError as f, parseModelRef as g, listConfiguredModelRefs as h, HovClawDb as i, loadConfig as j, hasConfigFile as k, ensureWorkspaceBootstrapForConfig as l, loadSkill as m, LocalHostRuntime as n, DiscordChannel as o, listAvailableSkills as p, ContainerRuntime as r, PiAgentManager as s, createTools as t, extractAssistantError as u, logger as v, ensureConfigFromLegacyEnv as w, parseGatewayFrame as x, PROTOCOL_VERSION as y };
+export { ensureConfigFromLegacyEnv as A, resolveTelegramAccountConfig as B, resolveModelAlias as C, parseGatewayFrame as D, parseConnectParams as E, hasConfigFile as F, saveCredentials as H, hasCredentialsFile as I, loadConfig as L, getCredentialsPath as M, getDefaultFileConfig as N, config as O, getHovclawHome as P, loadCredentials as R, parseModelRef as S, PROTOCOL_VERSION as T, writeOpenClawMirror as U, saveConfigFile as V, extractAssistantText as _, LocalHostRuntime as a, loadSkill as b, redactSensitiveData as c, PiAgentManager as d, composeSessionKey as f, extractAssistantError as g, resolveAgentWorkspaceDir as h, createTools as i, getConfigPath as j, detectLegacyEnvConfig as k, TelegramChannel as l, ensureWorkspaceBootstrapForConfig as m, stopDaemon as n, ContainerRuntime as o, WORKSPACE_CONTEXT_FILE_ORDER as p, TelegramPairingStore as r, HovClawDb as s, requestDaemonRestartFromCurrentProcess as t, DiscordChannel as u, toUserFacingAssistantError as v, logger as w, listConfiguredModelRefs as x, listAvailableSkills as y, loadFileConfig as z };