hovclaw 0.1.0 → 0.1.2

package/dist/index.js

@@ -11,11 +11,11 @@ import pino from "pino";
 import { AsyncLocalStorage } from "node:async_hooks";
 import { parse } from "yaml";
 import { Client, GatewayIntentBits, Partials } from "discord.js";
-import Database from "better-sqlite3";
-import crypto, { randomUUID } from "node:crypto";
+import crypto, { randomUUID, timingSafeEqual } from "node:crypto";
+import { spawn, spawnSync } from "node:child_process";
 import { fileURLToPath } from "node:url";
+import Database from "better-sqlite3";
 import WebSocket, { WebSocketServer } from "ws";
-import { spawn, spawnSync } from "node:child_process";
 import { JSDOM } from "jsdom";
 import { Readability } from "@mozilla/readability";
 import { Cron } from "croner";
@@ -25,6 +25,12 @@ import Parser from "rss-parser";
 dotenv.config();
 const PROJECT_ROOT = process.cwd();
 const DEFAULT_WORKSPACE_PATH = "~/.hovclaw/workspace";
+const DEFAULT_SHARED_SKILLS_PATH = "~/.agents/skills";
+const USER_CONTENT_DIRS = ["agents"];
+const USER_STATE_DIRS = ["store", "data"];
+const ensuredHomeContentDirs = /* @__PURE__ */ new Set();
+const ensuredHomeStateDirs = /* @__PURE__ */ new Set();
+const ensuredSharedSkillsDirs = /* @__PURE__ */ new Set();
 const DEFAULT_FILE_CONFIG = {
 	assistant: { name: "Andy" },
 	agents: {
@@ -55,6 +61,18 @@ const DEFAULT_FILE_CONFIG = {
 		aliases: {},
 		allowlist: []
 	},
+	commands: {
+		native: "auto",
+		nativeSkills: "auto",
+		defaultThinkingLevel: "medium",
+		text: true,
+		config: false,
+		debug: false,
+		bash: false,
+		restart: false,
+		useAccessGroups: true,
+		allowFrom: {}
+	},
 	runtime: {
 		mode: "local",
 		containerImage: "ghcr.io/mariozechner/pi-agent:latest",
@@ -78,7 +96,8 @@ const DEFAULT_FILE_CONFIG = {
 			"head",
 			"tail",
 			"wc"
-		]
+		],
+		tools: { bashEnabled: false }
 	},
 	channels: {
 		discord: {
@@ -132,7 +151,9 @@ const DEFAULT_FILE_CONFIG = {
 		},
 		auth: {
 			token: "",
-			password: ""
+			password: "",
+			allowUnauthenticated: false,
+			allowedOrigins: []
 		},
 		remote: {
 			url: "",
@@ -151,11 +172,36 @@ const telegramWebhookSchema = z.object({
 	path: z.string().min(1),
 	port: z.number().int().positive(),
 	secret: z.string()
+}).superRefine((value, ctx) => {
+	if (!value.enabled) return;
+	if (value.secret.trim().length > 0) return;
+	ctx.addIssue({
+		code: z.ZodIssueCode.custom,
+		message: "Webhook secret is required when webhook mode is enabled.",
+		path: ["secret"]
+	});
 });
 const telegramCustomCommandSchema = z.object({
 	command: z.string().min(1),
 	description: z.string().min(1)
 });
+const commandAllowFromSchema = z.record(z.string(), z.array(z.union([z.string(), z.number()])));
+const commandsConfigSchema = z.object({
+	native: z.union([z.boolean(), z.literal("auto")]),
+	nativeSkills: z.union([z.boolean(), z.literal("auto")]),
+	defaultThinkingLevel: z.enum([
+		"low",
+		"medium",
+		"high"
+	]),
+	text: z.boolean(),
+	config: z.boolean(),
+	debug: z.boolean(),
+	bash: z.boolean(),
+	restart: z.boolean(),
+	useAccessGroups: z.boolean(),
+	allowFrom: commandAllowFromSchema
+});
 const telegramTopicConfigSchema = z.object({
 	enabled: z.boolean().optional(),
 	requireMention: z.boolean().optional(),
@@ -215,6 +261,46 @@ const telegramAccountConfigSchema = z.object({
 	]).optional(),
 	textMode: z.enum(["plain", "markdown"]).optional()
 });
+const partialTelegramWebhookSchema = z.object({
+	enabled: z.boolean().optional(),
+	path: z.string().min(1).optional(),
+	port: z.number().int().positive().optional(),
+	secret: z.string().optional()
+});
+const partialTelegramAccountConfigSchema = z.object({
+	enabled: z.boolean().optional(),
+	name: z.string().optional(),
+	botToken: z.string().optional(),
+	webhook: partialTelegramWebhookSchema.optional(),
+	dmPolicy: z.enum([
+		"pairing",
+		"allowlist",
+		"open",
+		"disabled"
+	]).optional(),
+	groupPolicy: z.enum([
+		"open",
+		"allowlist",
+		"disabled"
+	]).optional(),
+	allowFrom: z.array(z.union([z.string(), z.number()])).optional(),
+	groupAllowFrom: z.array(z.union([z.string(), z.number()])).optional(),
+	groups: z.record(z.string(), telegramGroupConfigSchema).optional(),
+	commands: z.union([z.boolean(), z.literal("auto")]).optional(),
+	customCommands: z.array(telegramCustomCommandSchema).optional(),
+	reactionNotifications: z.enum([
+		"off",
+		"own",
+		"all"
+	]).optional(),
+	reactionLevel: z.enum([
+		"off",
+		"ack",
+		"minimal",
+		"extensive"
+	]).optional(),
+	textMode: z.enum(["plain", "markdown"]).optional()
+});
 const fileConfigSchema = z.object({
 	assistant: z.object({ name: z.string().min(1) }),
 	agents: z.object({
@@ -267,6 +353,7 @@ const fileConfigSchema = z.object({
 		aliases: z.record(z.string(), z.string()),
 		allowlist: z.array(z.string())
 	}),
+	commands: commandsConfigSchema,
 	runtime: z.object({
 		mode: z.enum(["local", "container"]),
 		containerImage: z.string().min(1),
@@ -276,7 +363,8 @@ const fileConfigSchema = z.object({
 		maxOutputBytes: z.number().int().positive(),
 		allowedReadRoots: z.array(z.string().min(1)),
 		allowedWriteRoots: z.array(z.string().min(1)),
-		allowedCommandPrefixes: z.array(z.string().min(1)).min(1)
+		allowedCommandPrefixes: z.array(z.string().min(1)).min(1),
+		tools: z.object({ bashEnabled: z.boolean() })
 	}),
 	channels: z.object({
 		discord: z.object({
@@ -305,7 +393,9 @@ const fileConfigSchema = z.object({
 		}),
 		auth: z.object({
 			token: z.string(),
-			password: z.string()
+			password: z.string(),
+			allowUnauthenticated: z.boolean(),
+			allowedOrigins: z.array(z.string().min(1))
 		}),
 		remote: z.object({
 			url: z.string(),
@@ -323,21 +413,37 @@ const partialTelegramConfigSchema = z.object({
 	enabled: z.boolean().optional(),
 	botToken: z.string().optional(),
 	defaultAccountId: z.string().optional(),
-	webhook: telegramWebhookSchema.partial().optional(),
-	accounts: z.record(z.string(), telegramAccountConfigSchema.partial()).optional()
+	webhook: partialTelegramWebhookSchema.optional(),
+	accounts: z.record(z.string(), partialTelegramAccountConfigSchema).optional()
 }).optional();
 const partialChannelsSchema = z.object({
 	discord: fileConfigSchema.shape.channels.shape.discord.partial().optional(),
 	telegram: partialTelegramConfigSchema
 }).optional();
+const partialGatewayConfigSchema = z.object({
+	enabled: z.boolean().optional(),
+	host: z.string().min(1).optional(),
+	port: z.number().int().positive().optional(),
+	mode: z.enum(["local", "remote"]).optional(),
+	tickIntervalMs: z.number().int().positive().optional(),
+	webUi: fileConfigSchema.shape.gateway.shape.webUi.partial().optional(),
+	auth: z.object({
+		token: z.string().optional(),
+		password: z.string().optional(),
+		allowUnauthenticated: z.boolean().optional(),
+		allowedOrigins: z.array(z.string().min(1)).optional()
+	}).optional(),
+	remote: fileConfigSchema.shape.gateway.shape.remote.partial().optional()
+}).optional();
 const partialFileConfigSchema = z.object({
 	assistant: fileConfigSchema.shape.assistant.partial().optional(),
 	agents: fileConfigSchema.shape.agents.partial().optional(),
 	bindings: fileConfigSchema.shape.bindings.optional(),
 	models: fileConfigSchema.shape.models.partial().optional(),
+	commands: commandsConfigSchema.partial().optional(),
 	runtime: fileConfigSchema.shape.runtime.partial().optional(),
 	channels: partialChannelsSchema,
-	gateway: fileConfigSchema.shape.gateway.partial().optional(),
+	gateway: partialGatewayConfigSchema,
 	scheduler: fileConfigSchema.shape.scheduler.partial().optional()
 });
 const apiKeyCredentialSchema = z.object({
@@ -398,12 +504,97 @@ function defaultHovclawHome() {
 function getHovclawHome(env = process.env) {
 	return path.resolve(expandPath(env.HOVCLAW_HOME || defaultHovclawHome()));
 }
+function defaultSharedSkillsDir(env = process.env) {
+	if ((env.NODE_ENV || "production") === "test") return path.join(getHovclawHome(env), ".agents", "skills");
+	return DEFAULT_SHARED_SKILLS_PATH;
+}
+function getSharedSkillsDir(env = process.env) {
+	const configured = env.HOVCLAW_SKILLS_DIR?.trim();
+	return path.resolve(expandPath(configured || defaultSharedSkillsDir(env)));
+}
 function getConfigPath(env = process.env) {
 	return path.join(getHovclawHome(env), "config.json");
 }
 function getCredentialsPath(env = process.env) {
 	return path.join(getHovclawHome(env), "credentials.json");
 }
+function ensureHomeContentDirs(projectRoot, hovclawHome) {
+	for (const dirName of USER_CONTENT_DIRS) {
+		const destinationDir = path.join(hovclawHome, dirName);
+		if (fs.existsSync(destinationDir)) continue;
+		fs.mkdirSync(destinationDir, {
+			recursive: true,
+			mode: 448
+		});
+	}
+}
+function ensureMainAgentConfig(agentsDir) {
+	const mainAgentPath = path.join(agentsDir, "main", "agent.json");
+	if (fs.existsSync(mainAgentPath)) return;
+	writeJsonFile(mainAgentPath, {
+		name: "Main",
+		skills: []
+	});
+}
+function ensureHomeStateDirs(projectRoot, hovclawHome) {
+	for (const dirName of USER_STATE_DIRS) {
+		const destinationDir = path.join(hovclawHome, dirName);
+		if (fs.existsSync(destinationDir)) continue;
+		const sourceDir = path.join(projectRoot, dirName);
+		if (fs.existsSync(sourceDir)) {
+			fs.cpSync(sourceDir, destinationDir, { recursive: true });
+			continue;
+		}
+		fs.mkdirSync(destinationDir, {
+			recursive: true,
+			mode: 448
+		});
+	}
+}
+function ensureHomeContentDirsOnce(projectRoot, hovclawHome) {
+	if (ensuredHomeContentDirs.has(hovclawHome)) return;
+	ensureHomeContentDirs(projectRoot, hovclawHome);
+	ensuredHomeContentDirs.add(hovclawHome);
+}
+function ensureHomeStateDirsOnce(projectRoot, hovclawHome) {
+	if (ensuredHomeStateDirs.has(hovclawHome)) return;
+	ensureHomeStateDirs(projectRoot, hovclawHome);
+	ensuredHomeStateDirs.add(hovclawHome);
+}
+function directoryHasEntries(dirPath) {
+	if (!fs.existsSync(dirPath)) return false;
+	try {
+		return fs.readdirSync(dirPath).length > 0;
+	} catch {
+		return false;
+	}
+}
+function copyDirectoryEntries(sourceDir, destinationDir) {
+	for (const entry of fs.readdirSync(sourceDir, { withFileTypes: true })) {
+		const sourcePath = path.join(sourceDir, entry.name);
+		const destinationPath = path.join(destinationDir, entry.name);
+		fs.cpSync(sourcePath, destinationPath, {
+			recursive: true,
+			force: true
+		});
+	}
+}
+function ensureSharedSkillsDir(hovclawHome, env = process.env) {
+	const sharedSkillsDir = getSharedSkillsDir(env);
+	ensureSecureDir(sharedSkillsDir);
+	if (directoryHasEntries(sharedSkillsDir)) return sharedSkillsDir;
+	const legacySkillsDir = path.join(hovclawHome, "skills");
+	if (!directoryHasEntries(legacySkillsDir)) return sharedSkillsDir;
+	copyDirectoryEntries(legacySkillsDir, sharedSkillsDir);
+	return sharedSkillsDir;
+}
+function ensureSharedSkillsDirOnce(hovclawHome, env = process.env) {
+	const sharedSkillsDir = getSharedSkillsDir(env);
+	if (ensuredSharedSkillsDirs.has(sharedSkillsDir)) return sharedSkillsDir;
+	ensureSharedSkillsDir(hovclawHome, env);
+	ensuredSharedSkillsDirs.add(sharedSkillsDir);
+	return sharedSkillsDir;
+}
 function hasConfigFile(env = process.env) {
 	return fs.existsSync(getConfigPath(env));
 }
@@ -499,6 +690,18 @@ function mergeWithDefaults(partial) {
 			aliases: partial.models?.aliases ?? DEFAULT_FILE_CONFIG.models.aliases,
 			allowlist: partial.models?.allowlist ?? DEFAULT_FILE_CONFIG.models.allowlist
 		},
+		commands: {
+			native: partial.commands?.native ?? DEFAULT_FILE_CONFIG.commands.native,
+			nativeSkills: partial.commands?.nativeSkills ?? DEFAULT_FILE_CONFIG.commands.nativeSkills,
+			defaultThinkingLevel: partial.commands?.defaultThinkingLevel ?? DEFAULT_FILE_CONFIG.commands.defaultThinkingLevel,
+			text: partial.commands?.text ?? DEFAULT_FILE_CONFIG.commands.text,
+			config: partial.commands?.config ?? DEFAULT_FILE_CONFIG.commands.config,
+			debug: partial.commands?.debug ?? DEFAULT_FILE_CONFIG.commands.debug,
+			bash: partial.commands?.bash ?? DEFAULT_FILE_CONFIG.commands.bash,
+			restart: partial.commands?.restart ?? DEFAULT_FILE_CONFIG.commands.restart,
+			useAccessGroups: partial.commands?.useAccessGroups ?? DEFAULT_FILE_CONFIG.commands.useAccessGroups,
+			allowFrom: partial.commands?.allowFrom ?? DEFAULT_FILE_CONFIG.commands.allowFrom
+		},
 		runtime: {
 			mode: partial.runtime?.mode ?? DEFAULT_FILE_CONFIG.runtime.mode,
 			containerImage: partial.runtime?.containerImage ?? DEFAULT_FILE_CONFIG.runtime.containerImage,
@@ -508,7 +711,8 @@ function mergeWithDefaults(partial) {
 			maxOutputBytes: partial.runtime?.maxOutputBytes ?? DEFAULT_FILE_CONFIG.runtime.maxOutputBytes,
 			allowedReadRoots: partial.runtime?.allowedReadRoots ?? DEFAULT_FILE_CONFIG.runtime.allowedReadRoots,
 			allowedWriteRoots: partial.runtime?.allowedWriteRoots ?? DEFAULT_FILE_CONFIG.runtime.allowedWriteRoots,
-			allowedCommandPrefixes: partial.runtime?.allowedCommandPrefixes ?? DEFAULT_FILE_CONFIG.runtime.allowedCommandPrefixes
+			allowedCommandPrefixes: partial.runtime?.allowedCommandPrefixes ?? DEFAULT_FILE_CONFIG.runtime.allowedCommandPrefixes,
+			tools: { bashEnabled: partial.runtime?.tools?.bashEnabled ?? DEFAULT_FILE_CONFIG.runtime.tools.bashEnabled }
 		},
 		channels: {
 			discord: {
@@ -531,7 +735,9 @@ function mergeWithDefaults(partial) {
 			},
 			auth: {
 				token: partial.gateway?.auth?.token ?? DEFAULT_FILE_CONFIG.gateway.auth.token,
-				password: partial.gateway?.auth?.password ?? DEFAULT_FILE_CONFIG.gateway.auth.password
+				password: partial.gateway?.auth?.password ?? DEFAULT_FILE_CONFIG.gateway.auth.password,
+				allowUnauthenticated: partial.gateway?.auth?.allowUnauthenticated ?? DEFAULT_FILE_CONFIG.gateway.auth.allowUnauthenticated,
+				allowedOrigins: partial.gateway?.auth?.allowedOrigins ?? DEFAULT_FILE_CONFIG.gateway.auth.allowedOrigins
 			},
 			remote: {
 				url: partial.gateway?.remote?.url ?? DEFAULT_FILE_CONFIG.gateway.remote.url,
@@ -596,6 +802,18 @@ function applyEnvOverrides(base, env) {
 			aliases: base.models.aliases,
 			allowlist: base.models.allowlist
 		},
+		commands: {
+			native: base.commands.native,
+			nativeSkills: base.commands.nativeSkills,
+			defaultThinkingLevel: env.COMMANDS_DEFAULT_THINKING_LEVEL === "low" || env.COMMANDS_DEFAULT_THINKING_LEVEL === "medium" || env.COMMANDS_DEFAULT_THINKING_LEVEL === "high" ? env.COMMANDS_DEFAULT_THINKING_LEVEL : base.commands.defaultThinkingLevel,
+			text: toBool(env.COMMANDS_TEXT, base.commands.text),
+			config: toBool(env.COMMANDS_CONFIG, base.commands.config),
+			debug: toBool(env.COMMANDS_DEBUG, base.commands.debug),
+			bash: toBool(env.COMMANDS_BASH, base.commands.bash),
+			restart: toBool(env.COMMANDS_RESTART, base.commands.restart),
+			useAccessGroups: toBool(env.COMMANDS_USE_ACCESS_GROUPS, base.commands.useAccessGroups),
+			allowFrom: base.commands.allowFrom
+		},
 		runtime: {
 			mode: env.RUNTIME_MODE === "container" || env.RUNTIME_MODE === "local" ? env.RUNTIME_MODE : base.runtime.mode,
 			containerImage: env.RUNTIME_CONTAINER_IMAGE || base.runtime.containerImage,
@@ -605,7 +823,8 @@ function applyEnvOverrides(base, env) {
 			maxOutputBytes: toPositiveInt(env.TOOL_MAX_OUTPUT_BYTES, base.runtime.maxOutputBytes),
 			allowedReadRoots: splitCsv(env.ALLOWED_READ_ROOTS, base.runtime.allowedReadRoots),
 			allowedWriteRoots: splitCsv(env.ALLOWED_WRITE_ROOTS, base.runtime.allowedWriteRoots),
-			allowedCommandPrefixes: splitCsv(env.ALLOWED_COMMAND_PREFIXES, base.runtime.allowedCommandPrefixes)
+			allowedCommandPrefixes: splitCsv(env.ALLOWED_COMMAND_PREFIXES, base.runtime.allowedCommandPrefixes),
+			tools: { bashEnabled: toBool(env.RUNTIME_BASH_ENABLED, base.runtime.tools.bashEnabled) }
 		},
 		channels: {
 			discord: {
@@ -634,7 +853,9 @@ function applyEnvOverrides(base, env) {
 			},
 			auth: {
 				token: env.GATEWAY_AUTH_TOKEN || base.gateway.auth.token,
-				password: env.GATEWAY_AUTH_PASSWORD || base.gateway.auth.password
+				password: env.GATEWAY_AUTH_PASSWORD || base.gateway.auth.password,
+				allowUnauthenticated: toBool(env.GATEWAY_ALLOW_UNAUTHENTICATED, base.gateway.auth.allowUnauthenticated),
+				allowedOrigins: splitCsv(env.GATEWAY_ALLOWED_ORIGINS, base.gateway.auth.allowedOrigins)
 			},
 			remote: {
 				url: env.GATEWAY_REMOTE_URL || base.gateway.remote.url,
@@ -655,21 +876,33 @@ function escapeRegex(value) {
 function normalizeRoots(paths) {
 	return paths.map((entry) => path.resolve(expandPath(entry)));
 }
+function isLegacyProjectRootWorkspace(workspacePath, projectRoot) {
+	if (!workspacePath) return false;
+	const trimmed = workspacePath.trim();
+	if (!trimmed) return false;
+	return path.resolve(expandPath(trimmed)) === path.resolve(projectRoot);
+}
 function loadConfig(env = process.env) {
 	const merged = applyEnvOverrides(loadConfigFile(env), env);
 	const hovclawHome = getHovclawHome(env);
+	const agentsDir = path.join(hovclawHome, "agents");
+	ensureHomeContentDirsOnce(PROJECT_ROOT, hovclawHome);
+	ensureHomeStateDirsOnce(PROJECT_ROOT, hovclawHome);
+	ensureMainAgentConfig(agentsDir);
+	const sharedSkillsDir = ensureSharedSkillsDirOnce(hovclawHome, env);
 	const defaultWorkspace = path.join(hovclawHome, "workspace");
-	const effectiveWorkspace = merged.agents.defaults.workspace.trim() || defaultWorkspace;
+	const configuredWorkspace = merged.agents.defaults.workspace.trim();
+	const effectiveWorkspace = !configuredWorkspace || isLegacyProjectRootWorkspace(configuredWorkspace, PROJECT_ROOT) ? defaultWorkspace : configuredWorkspace;
 	const assistantName = merged.assistant.name;
 	return {
 		projectRoot: PROJECT_ROOT,
 		hovclawHome,
 		configPath: getConfigPath(env),
 		credentialsPath: getCredentialsPath(env),
-		agentsDir: path.join(PROJECT_ROOT, "agents"),
-		skillsDir: path.join(PROJECT_ROOT, "skills"),
-		storeDir: path.join(PROJECT_ROOT, "store"),
-		dataDir: path.join(PROJECT_ROOT, "data"),
+		agentsDir,
+		skillsDir: sharedSkillsDir,
+		storeDir: path.join(hovclawHome, "store"),
+		dataDir: path.join(hovclawHome, "data"),
 		environment: env.NODE_ENV || "development",
 		logLevel: env.LOG_LEVEL || "info",
 		assistantName,
@@ -679,12 +912,13 @@ function loadConfig(env = process.env) {
 			list: merged.agents.list.map((entry) => ({
 				id: entry.id,
 				name: entry.name,
-				workspace: entry.workspace ? path.resolve(expandPath(entry.workspace)) : void 0,
+				workspace: entry.workspace ? isLegacyProjectRootWorkspace(entry.workspace, PROJECT_ROOT) ? path.resolve(expandPath(defaultWorkspace)) : path.resolve(expandPath(entry.workspace)) : void 0,
 				default: entry.default
 			}))
 		},
 		bindings: merged.bindings,
 		models: { ...merged.models },
+		commands: { ...merged.commands },
 		runtime: {
 			mode: merged.runtime.mode,
 			containerImage: merged.runtime.containerImage,
@@ -694,7 +928,8 @@ function loadConfig(env = process.env) {
 			maxOutputBytes: merged.runtime.maxOutputBytes,
 			allowedReadRoots: normalizeRoots(merged.runtime.allowedReadRoots),
 			allowedWriteRoots: normalizeRoots(merged.runtime.allowedWriteRoots),
-			allowedCommandPrefixes: merged.runtime.allowedCommandPrefixes
+			allowedCommandPrefixes: merged.runtime.allowedCommandPrefixes,
+			tools: { bashEnabled: merged.runtime.tools.bashEnabled }
 		},
 		channels: {
 			discord: {
@@ -731,7 +966,9 @@ function loadConfig(env = process.env) {
 			},
 			auth: {
 				token: merged.gateway.auth.token,
-				password: merged.gateway.auth.password
+				password: merged.gateway.auth.password,
+				allowUnauthenticated: merged.gateway.auth.allowUnauthenticated,
+				allowedOrigins: merged.gateway.auth.allowedOrigins
 			},
 			remote: {
 				url: merged.gateway.remote.url,
@@ -789,6 +1026,7 @@ function legacyEnvKeys() {
 		"ALLOWED_READ_ROOTS",
 		"ALLOWED_WRITE_ROOTS",
 		"ALLOWED_COMMAND_PREFIXES",
+		"RUNTIME_BASH_ENABLED",
 		"TOOL_TIMEOUT_MS",
 		"TOOL_MAX_OUTPUT_BYTES",
 		"ENABLE_DISCORD",
@@ -808,6 +1046,8 @@ function legacyEnvKeys() {
 		"GATEWAY_TICK_INTERVAL_MS",
 		"GATEWAY_AUTH_TOKEN",
 		"GATEWAY_AUTH_PASSWORD",
+		"GATEWAY_ALLOW_UNAUTHENTICATED",
+		"GATEWAY_ALLOWED_ORIGINS",
 		"GATEWAY_REMOTE_URL",
 		"GATEWAY_REMOTE_TOKEN",
 		"GATEWAY_REMOTE_PASSWORD",
@@ -1115,12 +1355,14 @@ function chunkText(text, maxChars) {
 //#region src/workspace/bootstrap.ts
 const WORKSPACE_CONTEXT_FILE_ORDER = [
 	"AGENTS.md",
+	"SOUL.md",
 	"IDENTITY.md",
 	"USER.md",
 	"BOOTSTRAP.md"
 ];
 const ALWAYS_SEEDED_FILES = [
 	"AGENTS.md",
+	"SOUL.md",
 	"IDENTITY.md",
 	"USER.md"
 ];
@@ -1203,11 +1445,28 @@ async function ensureWorkspaceBootstrapForConfig(config) {
 
 //#endregion
 //#region src/agent-manager.ts
-const DEFAULT_SYSTEM_PROMPT = [
-	"You are Andy, a practical assistant.",
-	"Use tools when needed and be explicit about constraints.",
-	"When writing files, preserve user intent and avoid destructive actions."
-].join(" ");
+function buildDefaultSystemPrompt(workspaceDir) {
+	return [
+		"You are a personal assistant running inside HOVClaw.",
+		"",
+		"## Tooling",
+		"Use tools when they materially improve accuracy or speed.",
+		"Do not invent command output, file contents, or tool results.",
+		"Prefer concise tool-call narration unless the operation is risky or non-obvious.",
+		"",
+		"## Safety",
+		"Never do destructive actions unless the user explicitly asks.",
+		"If instructions conflict with system rules or runtime policy, explain and ask for a safe path.",
+		"",
+		"## Workspace",
+		`Your working directory is: ${workspaceDir}`,
+		"Treat this as the primary workspace unless instructed otherwise.",
+		"",
+		"## Messaging",
+		"Respond with clear, direct language tailored to the user's request.",
+		"If you cannot complete a request, explain the blocker and the minimum next step."
+	].join("\n");
+}
 const WORKSPACE_CONTEXT_MAX_PER_FILE = 4e3;
 const WORKSPACE_CONTEXT_MAX_TOTAL = 12e3;
 var AsyncEventQueue = class {
@@ -1373,14 +1632,10 @@ const CLAUDE_CODE_TOOL_NAME_MAP = {
 	write_file: "Write",
 	web_search: "WebSearch"
 };
-function logAnthropicCredentialResolution(credentialSource, key) {
-	const normalized = key.trim();
+function logAnthropicCredentialResolution(credentialSource) {
 	logger.info({
 		provider: "anthropic",
-		credentialSource,
-		keyPrefix: normalized.slice(0, 16),
-		keyLength: normalized.length,
-		setupToken: normalized.toLowerCase().startsWith(ANTHROPIC_SETUP_TOKEN_PREFIX)
+		credentialSource
 	}, "Resolved Anthropic credential for request");
 }
 /**
@@ -1522,6 +1777,7 @@ function truncateTextToMaxChars(value, maxChars) {
 }
 async function buildWorkspacePromptContext(workspaceDir) {
 	const sections = [];
+	let hasSoulFile = false;
 	for (const fileName of WORKSPACE_CONTEXT_FILE_ORDER) {
 		const filePath = path.join(workspaceDir, fileName);
 		let raw;
@@ -1533,6 +1789,7 @@ async function buildWorkspacePromptContext(workspaceDir) {
 		const trimmed = raw.trim();
 		if (!trimmed) continue;
 		const clipped = truncateTextToMaxChars(trimmed, WORKSPACE_CONTEXT_MAX_PER_FILE);
+		if (fileName.toLowerCase() === "soul.md") hasSoulFile = true;
 		sections.push([
 			`## ${fileName}`,
 			clipped.text,
@@ -1540,7 +1797,14 @@ async function buildWorkspacePromptContext(workspaceDir) {
 		].filter(Boolean).join("\n\n"));
 	}
 	if (sections.length === 0) return "";
-	const rendered = ["# Workspace Context", ...sections].join("\n\n");
+	const rendered = [
+		"# Project Context",
+		"",
+		"The following project context files have been loaded:",
+		hasSoulFile ? "If SOUL.md is present, embody its persona and tone unless higher-priority rules override it." : "",
+		"",
+		...sections
+	].filter(Boolean).join("\n\n");
 	if (rendered.length <= WORKSPACE_CONTEXT_MAX_TOTAL) return rendered;
 	const footer = `\n\n[Workspace context truncated at ${WORKSPACE_CONTEXT_MAX_TOTAL} total characters.]`;
 	if (footer.length >= WORKSPACE_CONTEXT_MAX_TOTAL) return rendered.slice(0, WORKSPACE_CONTEXT_MAX_TOTAL);
@@ -1549,7 +1813,7 @@ async function buildWorkspacePromptContext(workspaceDir) {
 }
 async function loadAgentPrompt(agentName, workspaceDir) {
 	const promptPath = path.join(config.agentsDir, agentName, "CLAUDE.md");
-	let basePrompt = DEFAULT_SYSTEM_PROMPT;
+	let basePrompt = buildDefaultSystemPrompt(workspaceDir);
 	try {
 		const prompt = await fs$1.readFile(promptPath, "utf8");
 		if (prompt.trim().length > 0) basePrompt = prompt;
@@ -1576,14 +1840,14 @@ async function resolveProviderApiKey(provider, env = process.env) {
 	const isAnthropicProvider = provider.toLowerCase() === "anthropic";
 	const fromEnv = getProviderApiKeyFromEnv(provider, env);
 	if (fromEnv) {
-		if (isAnthropicProvider) logAnthropicCredentialResolution("env", fromEnv);
+		if (isAnthropicProvider) logAnthropicCredentialResolution("env");
 		return fromEnv;
 	}
 	const credentials = loadCredentials(env);
 	const entry = credentials[provider];
 	if (!entry) return void 0;
 	if (entry.type === "api-key") {
-		if (isAnthropicProvider) logAnthropicCredentialResolution("credentials-api-key", entry.key);
+		if (isAnthropicProvider) logAnthropicCredentialResolution("credentials-api-key");
 		return entry.key;
 	}
 	if (isAnthropicProvider && isAnthropicOAuthCredentialUnsupported(credentials.anthropic)) {
@@ -1591,7 +1855,7 @@ async function resolveProviderApiKey(provider, env = process.env) {
 		return;
 	}
 	if (isAnthropicProvider && credentials.anthropic?.type === "oauth" && isAnthropicSetupToken(credentials.anthropic)) {
-		logAnthropicCredentialResolution("credentials-oauth-setup-token", credentials.anthropic.access);
+		logAnthropicCredentialResolution("credentials-oauth-setup-token");
 		return credentials.anthropic.access;
 	}
 	const result = await getOAuthApiKey(provider, toOAuthCredentialMap(credentials));
@@ -1607,7 +1871,7 @@ async function resolveProviderApiKey(provider, env = process.env) {
 		...result.newCredentials
 	};
 	saveCredentials(credentials, env);
-	if (isAnthropicProvider) logAnthropicCredentialResolution("oauth-refresh", result.apiKey);
+	if (isAnthropicProvider) logAnthropicCredentialResolution("oauth-refresh");
 	return result.apiKey;
 }
 var PiAgentManager = class {
@@ -1777,6 +2041,10 @@ var PiAgentManager = class {
 		if (!handle) return;
 		this.db.saveAgentState(sessionKey, JSON.stringify({ messages: handle.agent.state.messages }));
 	}
+	async resetSession(sessionKey) {
+		this.sessions.delete(sessionKey);
+		this.db.clearSession(sessionKey);
+	}
 	async persistAllSessions() {
 		await Promise.all(Array.from(this.sessions.keys()).map((sessionKey) => this.persistSession(sessionKey)));
 	}
@@ -1891,6 +2159,7 @@ const DEFAULT_MAX_RETRY_DELAY_MS = 8e3;
 const DEFAULT_POLL_SUCCESS_DELAY_MS = 250;
 const DEFAULT_POLL_FAILURE_DELAY_MS = 1e3;
 const DEFAULT_MAX_POLL_FAILURE_DELAY_MS = 15e3;
+const TELEGRAM_MAX_WEBHOOK_BODY_BYTES = 1048576;
 function sleep(ms) {
 	return new Promise((resolve) => {
 		setTimeout(resolve, ms);
@@ -2058,14 +2327,38 @@ function toInboundMessage(update, accountId = "default") {
 		raw: update
 	};
 }
-async function readBody(req) {
+function compareWebhookSecrets(expected, provided) {
+	const expectedBuffer = Buffer.from(expected, "utf8");
+	const providedBuffer = Buffer.from(provided, "utf8");
+	if (expectedBuffer.length !== providedBuffer.length) return false;
+	return timingSafeEqual(expectedBuffer, providedBuffer);
+}
+async function readBody(req, maxBytes) {
 	return new Promise((resolve, reject) => {
 		let body = "";
+		let totalBytes = 0;
+		let done = false;
 		req.on("data", (chunk) => {
+			if (done) return;
+			totalBytes += chunk.length;
+			if (totalBytes > maxBytes) {
+				done = true;
+				req.destroy();
+				reject(/* @__PURE__ */ new Error("payload_too_large"));
+				return;
+			}
 			body += chunk.toString("utf8");
 		});
-		req.on("end", () => resolve(body));
-		req.on("error", (error) => reject(error));
+		req.on("end", () => {
+			if (done) return;
+			done = true;
+			resolve(body);
+		});
+		req.on("error", (error) => {
+			if (done) return;
+			done = true;
+			reject(error);
+		});
 	});
 }
 var TelegramChannel = class {
@@ -2261,14 +2554,25 @@ var TelegramChannel = class {
 		}
 		const expectedSecret = account.webhook.secret.trim();
 		if (expectedSecret) {
-			if (String(req.headers["x-telegram-bot-api-secret-token"] || "") !== expectedSecret) {
+			if (!compareWebhookSecrets(expectedSecret, String(req.headers["x-telegram-bot-api-secret-token"] || ""))) {
 				res.statusCode = 403;
 				this.lastWebhookStatus = 403;
 				res.end("forbidden");
 				return;
 			}
 		}
-		const body = await readBody(req);
+		let body = "";
+		try {
+			body = await readBody(req, TELEGRAM_MAX_WEBHOOK_BODY_BYTES);
+		} catch (error) {
+			if (error instanceof Error && error.message === "payload_too_large") {
+				res.statusCode = 413;
+				this.lastWebhookStatus = 413;
+				res.end("payload too large");
+				return;
+			}
+			throw error;
+		}
 		if (!body) {
 			res.statusCode = 204;
 			this.lastWebhookStatus = 204;
@@ -2323,6 +2627,9 @@ var TelegramChannel = class {
 		this.schedulePoll(10);
 		logger.info({ accountId: this.accountId }, "Telegram polling channel started");
 	}
+	getAccountId() {
+		return this.accountId;
+	}
 	onMessage(handler) {
 		this.handler = handler;
 	}
@@ -2360,6 +2667,21 @@ var TelegramChannel = class {
 			text: text?.trim() || void 0
 		});
 	}
+	async setMyCommands(commands) {
+		const normalized = commands.map((entry) => ({
+			command: entry.command,
+			description: entry.description
+		}));
+		for (const scope of [
+			{ type: "default" },
+			{ type: "all_private_chats" },
+			{ type: "all_group_chats" },
+			{ type: "all_chat_administrators" }
+		]) await this.callApi("setMyCommands", {
+			commands: normalized,
+			scope
+		});
+	}
 	async sendMedia(target, media) {
 		const parsedTarget = parseTargetChatId(target.chatId);
 		const { method, mediaField } = mediaMethod(media);
@@ -2548,6 +2870,313 @@ var ChannelPluginManager = class {
 	}
 };
 
+//#endregion
+//#region src/cli/daemon.ts
+const DAEMON_STATE_FILE = "daemon-state.json";
+const DAEMON_LOG_FILE = "daemon.log";
+const LAUNCHD_LABEL = "ai.hovclaw.daemon";
+function ensureHomeDir(env = process.env) {
+	const home = getHovclawHome(env);
+	fs.mkdirSync(home, {
+		recursive: true,
+		mode: 448
+	});
+	return home;
+}
+function getStatePath(env = process.env) {
+	return path.join(ensureHomeDir(env), DAEMON_STATE_FILE);
+}
+function getLogPath(env = process.env) {
+	return path.join(ensureHomeDir(env), DAEMON_LOG_FILE);
+}
+function getUserHomeDir(env = process.env) {
+	return env.HOME || os.homedir();
+}
+function getLaunchAgentsDir(env = process.env) {
+	return path.join(getUserHomeDir(env), "Library", "LaunchAgents");
+}
+function getLaunchdPlistPath(env = process.env) {
+	return path.join(getLaunchAgentsDir(env), `${LAUNCHD_LABEL}.plist`);
+}
+function getLaunchdDomain() {
+	return `gui/${typeof process.getuid === "function" ? process.getuid() : 0}`;
+}
+function runLaunchctl(args, allowFailure = false) {
+	const result = spawnSync("launchctl", args, { encoding: "utf8" });
+	if (result.error) {
+		if (!allowFailure) throw new Error(`launchctl ${args.join(" ")} failed: ${result.error.message}`);
+		return {
+			status: 1,
+			stdout: result.stdout || "",
+			stderr: result.stderr || result.error.message
+		};
+	}
+	const status = result.status ?? 1;
+	if (status !== 0 && !allowFailure) {
+		const detail = (result.stderr || result.stdout || "unknown launchctl error").trim();
+		throw new Error(`launchctl ${args.join(" ")} failed: ${detail}`);
+	}
+	return {
+		status,
+		stdout: result.stdout || "",
+		stderr: result.stderr || ""
+	};
+}
+function parseLaunchdRuntimeStatus(raw) {
+	const stateMatch = raw.match(/^\s*state = (.+)$/m);
+	const pidMatch = raw.match(/^\s*pid = (\d+)$/m);
+	const lastExitCodeMatch = raw.match(/^\s*last exit code = (-?\d+)$/m);
+	const stateRaw = stateMatch?.[1];
+	const pidRaw = pidMatch?.[1];
+	const lastExitCodeRaw = lastExitCodeMatch?.[1];
+	const state = typeof stateRaw === "string" ? stateRaw.trim() : null;
+	const pid = typeof pidRaw === "string" ? Number.parseInt(pidRaw, 10) : null;
+	const lastExitCode = typeof lastExitCodeRaw === "string" ? Number.parseInt(lastExitCodeRaw, 10) : null;
+	return {
+		running: typeof pid === "number" && Number.isFinite(pid) && pid > 0 || state === "running",
+		pid: typeof pid === "number" && Number.isFinite(pid) && pid > 0 ? pid : null,
+		state,
+		lastExitCode: typeof lastExitCode === "number" && Number.isFinite(lastExitCode) ? lastExitCode : null
+	};
+}
+function getLaunchdRuntimeStatus(domain) {
+	const output = runLaunchctl(["print", `${domain}/${LAUNCHD_LABEL}`], true);
+	if (output.status !== 0) return {
+		loaded: false,
+		running: false,
+		pid: null,
+		state: null,
+		lastExitCode: null
+	};
+	return {
+		loaded: true,
+		...parseLaunchdRuntimeStatus(output.stdout)
+	};
+}
+function getLaunchdStatus(env = process.env) {
+	const domain = getLaunchdDomain();
+	const plistPath = getLaunchdPlistPath(env);
+	if (process.platform !== "darwin") return {
+		supported: false,
+		installed: false,
+		loaded: false,
+		running: false,
+		pid: null,
+		state: null,
+		lastExitCode: null,
+		plistPath,
+		label: LAUNCHD_LABEL,
+		domain
+	};
+	const installed = fs.existsSync(plistPath);
+	const runtime = installed ? getLaunchdRuntimeStatus(domain) : {
+		loaded: false,
+		running: false,
+		pid: null,
+		state: null,
+		lastExitCode: null
+	};
+	return {
+		supported: true,
+		installed,
+		loaded: runtime.loaded,
+		running: runtime.running,
+		pid: runtime.pid,
+		state: runtime.state,
+		lastExitCode: runtime.lastExitCode,
+		plistPath,
+		label: LAUNCHD_LABEL,
+		domain
+	};
+}
+function saveState(state, env = process.env) {
+	const statePath = getStatePath(env);
+	fs.writeFileSync(statePath, `${JSON.stringify(state, null, 2)}\n`, {
+		encoding: "utf8",
+		mode: 384
+	});
+}
+function clearState(env = process.env) {
+	const statePath = getStatePath(env);
+	if (fs.existsSync(statePath)) fs.rmSync(statePath, { force: true });
+}
+function resolveLaunchSpec() {
+	const cliDir = path.dirname(fileURLToPath(import.meta.url));
+	const jsEntryPath = path.resolve(cliDir, "../index.js");
+	if (fs.existsSync(jsEntryPath)) return {
+		command: process.execPath,
+		args: [jsEntryPath],
+		cwd: process.cwd()
+	};
+	const tsEntryPath = path.resolve(cliDir, "../index.ts");
+	if (fs.existsSync(tsEntryPath)) return {
+		command: process.execPath,
+		args: [
+			"--import",
+			"tsx",
+			tsEntryPath
+		],
+		cwd: process.cwd()
+	};
+	throw new Error("Could not resolve daemon entrypoint (expected src/index.ts or dist/src/index.js).");
+}
+function shellEscape$1(value) {
+	return `'${value.replace(/'/g, "'\\''")}'`;
+}
+function spawnDetachedDaemonWithDelay(launch, logPath, env, delayMs) {
+	const outFd = fs.openSync(logPath, "a");
+	const errFd = fs.openSync(logPath, "a");
+	try {
+		const delaySeconds = Math.max(0, delayMs) / 1e3;
+		const command = [launch.command, ...launch.args].map((entry) => shellEscape$1(entry)).join(" ");
+		const child = spawn("/bin/sh", ["-lc", `sleep ${delaySeconds.toFixed(3)}; exec ${command}`], {
+			cwd: launch.cwd,
+			env,
+			detached: true,
+			stdio: [
+				"ignore",
+				outFd,
+				errFd
+			]
+		});
+		child.unref();
+		if (child.pid === void 0) throw new Error("Failed to spawn replacement daemon process.");
+		return child.pid;
+	} finally {
+		fs.closeSync(outFd);
+		fs.closeSync(errFd);
+	}
+}
+async function requestDaemonRestartFromCurrentProcess(env = process.env) {
+	const launchd = getLaunchdStatus(env);
+	if (launchd.supported && launchd.installed) {
+		if (!launchd.loaded) runLaunchctl([
+			"bootstrap",
+			launchd.domain,
+			launchd.plistPath
+		], false);
+		runLaunchctl(["enable", `${launchd.domain}/${launchd.label}`], true);
+		runLaunchctl([
+			"kickstart",
+			"-k",
+			`${launchd.domain}/${launchd.label}`
+		], false);
+		clearState(env);
+		return {
+			mode: "launchd-kickstart",
+			pid: launchd.pid
+		};
+	}
+	const launch = resolveLaunchSpec();
+	const logPath = getLogPath(env);
+	const pid = spawnDetachedDaemonWithDelay(launch, logPath, env, 350);
+	saveState({
+		pid,
+		startedAt: (/* @__PURE__ */ new Date()).toISOString(),
+		command: launch.command,
+		args: launch.args,
+		cwd: launch.cwd,
+		logPath
+	}, env);
+	return {
+		mode: "spawn-reexec",
+		pid
+	};
+}
+
+//#endregion
+//#region src/compat/openclaw-mirror.ts
+function resolveOpenClawHome(env = process.env) {
+	const override = env.OPENCLAW_STATE_DIR?.trim();
+	if (override) return path.resolve(override.startsWith("~") ? path.join(os.homedir(), override.slice(1)) : override);
+	return path.join(os.homedir(), ".openclaw");
+}
+function resolveOpenClawConfigPath(openclawHome) {
+	return path.join(openclawHome, "openclaw.json");
+}
+function resolveOpenClawSharedSkillsPath(openclawHome) {
+	return path.join(openclawHome, "skills");
+}
+function buildMirrorConfig(config) {
+	const fallbackWorkspace = config.agents.defaults.workspace || path.join(config.hovclawHome, "workspace");
+	const agentList = config.agents.list.length > 0 ? config.agents.list : [{
+		id: "main",
+		name: "Main",
+		workspace: fallbackWorkspace,
+		default: true
+	}];
+	const extraDirs = /* @__PURE__ */ new Set();
+	extraDirs.add(config.skillsDir);
+	for (const agent of agentList) {
+		const workspace = (agent.workspace || fallbackWorkspace).trim();
+		if (!workspace) continue;
+		extraDirs.add(path.join(workspace, "skills"));
+	}
+	return {
+		agent: { workspace: fallbackWorkspace },
+		agents: {
+			defaults: { workspace: fallbackWorkspace },
+			list: agentList
+		},
+		skills: { load: { extraDirs: Array.from(extraDirs) } }
+	};
+}
+function ensureDir(dirPath) {
+	fs.mkdirSync(dirPath, {
+		recursive: true,
+		mode: 448
+	});
+}
+function syncSkillsDir(sharedSkillsPath, sourceSkillsPath) {
+	if (!fs.existsSync(sourceSkillsPath)) {
+		ensureDir(sharedSkillsPath);
+		return false;
+	}
+	try {
+		if (fs.lstatSync(sharedSkillsPath).isSymbolicLink()) {
+			const linkTarget = fs.readlinkSync(sharedSkillsPath);
+			if (path.resolve(path.dirname(sharedSkillsPath), linkTarget) === sourceSkillsPath) return true;
+			fs.unlinkSync(sharedSkillsPath);
+		}
+	} catch {}
+	if (!fs.existsSync(sharedSkillsPath)) try {
+		fs.symlinkSync(sourceSkillsPath, sharedSkillsPath, "dir");
+		return true;
+	} catch {}
+	ensureDir(sharedSkillsPath);
+	for (const entry of fs.readdirSync(sourceSkillsPath, { withFileTypes: true })) {
+		const src = path.join(sourceSkillsPath, entry.name);
+		const dst = path.join(sharedSkillsPath, entry.name);
+		if (entry.isDirectory()) {
+			fs.cpSync(src, dst, {
+				recursive: true,
+				force: true
+			});
+			continue;
+		}
+		if (entry.isFile()) fs.copyFileSync(src, dst);
+	}
+	return false;
+}
+function writeOpenClawMirror(config) {
+	const openclawHome = resolveOpenClawHome();
+	const configPath = resolveOpenClawConfigPath(openclawHome);
+	const sharedSkillsPath = resolveOpenClawSharedSkillsPath(openclawHome);
+	ensureDir(openclawHome);
+	const mirrorConfig = buildMirrorConfig(config);
+	fs.writeFileSync(configPath, `${JSON.stringify(mirrorConfig, null, 2)}\n`, {
+		encoding: "utf8",
+		mode: 384
+	});
+	fs.chmodSync(configPath, 384);
+	return {
+		openclawHome,
+		configPath,
+		sharedSkillsPath,
+		linkedSharedSkills: syncSkillsDir(sharedSkillsPath, config.skillsDir)
+	};
+}
+
 //#endregion
 //#region src/models/catalog.ts
 function buildModelCatalog(aliases) {
@@ -2569,98 +3198,240 @@ function buildModelCatalog(aliases) {
 }
 
 //#endregion
-//#region src/channels/telegram-policy.ts
-function toIdSet(values) {
-	return new Set((values ?? []).map((value) => String(value).trim().toLowerCase()).filter(Boolean));
-}
-function splitThread(chatId) {
-	const [baseChatIdRaw, threadIdRaw] = chatId.split("#");
-	return {
-		baseChatId: baseChatIdRaw ?? chatId,
-		...threadIdRaw ? { threadId: threadIdRaw } : {}
-	};
-}
-function isDirectMessage(msg) {
-	return msg.peer?.kind === "direct" || !msg.chatId.startsWith("-") && !msg.chatId.includes("#");
+//#region src/channels/command-auth.ts
+function normalizeAllowFromEntry(value) {
+	return String(value).trim().toLowerCase();
+}
+function senderCandidates(msg) {
+	const candidates = /* @__PURE__ */ new Set();
+	const userId = msg.userId.trim();
+	if (userId) candidates.add(userId.toLowerCase());
+	const displayName = msg.displayName.trim();
+	if (displayName.startsWith("@")) candidates.add(displayName.toLowerCase());
+	return Array.from(candidates);
+}
+function resolveCommandsAllowFrom(config, channel) {
+	const entries = config.commands.allowFrom;
+	if (Object.keys(entries).length === 0) return null;
+	const providerSpecific = entries[channel];
+	if (Array.isArray(providerSpecific)) return providerSpecific;
+	const global = entries["*"];
+	if (Array.isArray(global)) return global;
+	return [];
+}
+function isCommandAuthorized(config, msg) {
+	const allowFrom = resolveCommandsAllowFrom(config, msg.channel);
+	if (allowFrom === null) return true;
+	const normalizedAllow = new Set(allowFrom.map((entry) => normalizeAllowFromEntry(entry)));
+	if (normalizedAllow.has("*")) return true;
+	for (const candidate of senderCandidates(msg)) if (normalizedAllow.has(candidate)) return true;
+	return false;
 }
-function containsMention(text, assistantName) {
-	const normalized = assistantName.trim().toLowerCase();
-	if (!normalized) return false;
-	return text.toLowerCase().includes(`@${normalized}`);
+
+//#endregion
+//#region src/channels/commands-registry.ts
+const TELEGRAM_COMMAND_NAME_RE = /^[a-z0-9_]{1,32}$/;
+const TELEGRAM_COMMAND_LIMIT = 100;
+const BASE_COMMANDS = [
+	{
+		key: "help",
+		nativeName: "help",
+		description: "Show available commands"
+	},
+	{
+		key: "commands",
+		nativeName: "commands",
+		description: "List all slash commands"
+	},
+	{
+		key: "status",
+		nativeName: "status",
+		description: "Show runtime status"
+	},
+	{
+		key: "whoami",
+		nativeName: "whoami",
+		description: "Show your sender id"
+	},
+	{
+		key: "context",
+		nativeName: "context",
+		description: "Show prompt/workspace context info"
+	},
+	{
+		key: "model",
+		nativeName: "model",
+		description: "Show or set interactive model"
+	},
+	{
+		key: "models",
+		nativeName: "models",
+		description: "List available models"
+	},
+	{
+		key: "skill",
+		nativeName: "skill",
+		description: "Run a skill by name"
+	},
+	{
+		key: "skills",
+		nativeName: "skills",
+		description: "List installed skills"
+	},
+	{
+		key: "identity",
+		nativeName: "identity",
+		description: "View or update IDENTITY.md"
+	},
+	{
+		key: "soul",
+		nativeName: "soul",
+		description: "View or update SOUL.md"
+	},
+	{
+		key: "pair",
+		nativeName: "pair",
+		description: "Show pairing approval hint"
+	},
+	{
+		key: "new",
+		nativeName: "new",
+		description: "Start a fresh conversation session"
+	},
+	{
+		key: "reset",
+		nativeName: "reset",
+		description: "Reset current conversation session"
+	},
+	{
+		key: "think",
+		nativeName: "think",
+		description: "Set per-task or default thinking level"
+	},
+	{
+		key: "verbose",
+		nativeName: "verbose",
+		description: "Toggle verbose mode (hint)"
+	},
+	{
+		key: "reasoning",
+		nativeName: "reasoning",
+		description: "Toggle reasoning visibility (hint)"
+	},
+	{
+		key: "stop",
+		nativeName: "stop",
+		description: "Stop current run (not yet supported)"
+	},
+	{
+		key: "config",
+		nativeName: "config",
+		description: "View or edit runtime config (if enabled)"
+	},
+	{
+		key: "debug",
+		nativeName: "debug",
+		description: "Inspect or change debug state (if enabled)"
+	},
+	{
+		key: "bash",
+		nativeName: "bash",
+		description: "Run a shell command through the assistant (if enabled)"
+	},
+	{
+		key: "restart",
+		nativeName: "restart",
+		description: "Restart daemon (if enabled)"
+	}
+];
+function sanitizeCommandName(raw) {
+	return raw.toLowerCase().replace(/[^a-z0-9_]+/g, "_").replace(/_+/g, "_").replace(/^_+|_+$/g, "").slice(0, 32);
+}
+function coerceDescription(input, fallback) {
+	const trimmed = input.trim();
+	if (!trimmed) return fallback;
+	if (trimmed.length <= 256) return trimmed;
+	return `${trimmed.slice(0, 255)}…`;
+}
+function resolveSkillCommandName(skillName, used) {
+	const base = sanitizeCommandName(skillName) || "skill";
+	if (!used.has(base)) return base;
+	for (let i = 2; i < 500; i += 1) {
+		const suffix = `_${i}`;
+		const maxBaseLen = Math.max(1, 32 - suffix.length);
+		const candidate = `${base.slice(0, maxBaseLen)}${suffix}`;
+		if (!used.has(candidate)) return candidate;
+	}
+	return `skill_${used.size}`;
+}
+function resolveNativeEnabled(config, accountId) {
+	const accountMode = config.channels.telegram.accounts[accountId]?.commands;
+	if (typeof accountMode === "boolean") return accountMode;
+	if (typeof config.commands.native === "boolean") return config.commands.native;
+	return true;
 }
-function isAllowListed(msg, allowSet) {
-	if (allowSet.has("*")) return true;
-	const userId = msg.userId.trim().toLowerCase();
-	if (userId && allowSet.has(userId)) return true;
-	const displayName = msg.displayName.trim().replace(/^@/, "").toLowerCase();
-	if (displayName && allowSet.has(displayName)) return true;
-	return false;
+function resolveNativeSkillsEnabled(config) {
+	if (typeof config.commands.nativeSkills === "boolean") return config.commands.nativeSkills;
+	return true;
 }
-function evaluateTelegramPolicy(params) {
-	const { config, msg, pairingStore } = params;
-	const accountId = (msg.accountId ?? config.channels.telegram.defaultAccountId).trim() || "default";
-	const account = config.channels.telegram.accounts[accountId] ?? config.channels.telegram.accounts[config.channels.telegram.defaultAccountId] ?? config.channels.telegram.accounts.default;
-	if (!account || account.enabled === false) return {
-		allowed: false,
-		reason: "account-disabled"
-	};
-	const direct = isDirectMessage(msg);
-	const allowFromSet = toIdSet(account.allowFrom);
-	if (direct) {
-		const dmPolicy = account.dmPolicy ?? "pairing";
-		if (dmPolicy === "disabled") return {
-			allowed: false,
-			reason: "dm-disabled"
-		};
-		if (dmPolicy === "open") return { allowed: true };
-		if (dmPolicy === "allowlist") {
-			if (isAllowListed(msg, allowFromSet) || pairingStore.isApproved(accountId, msg.userId)) return { allowed: true };
-			return {
-				allowed: false,
-				reason: "dm-not-allowlisted"
-			};
-		}
-		if (isAllowListed(msg, allowFromSet) || pairingStore.isApproved(accountId, msg.userId)) return { allowed: true };
-		return {
-			allowed: false,
-			reason: "pairing-required",
-			pairingCode: pairingStore.ensurePendingCode(accountId, msg.userId)
-		};
+function listSkillCommandSpecs(config) {
+	const installed = listAvailableSkills();
+	const used = /* @__PURE__ */ new Set();
+	for (const command of BASE_COMMANDS) used.add(command.nativeName);
+	const specs = [];
+	for (const skillName of installed) {
+		const loaded = loadSkill(skillName);
+		if (!loaded) continue;
+		const commandName = resolveSkillCommandName(skillName, used);
+		if (!TELEGRAM_COMMAND_NAME_RE.test(commandName)) continue;
+		used.add(commandName);
+		specs.push({
+			name: commandName,
+			skillName,
+			description: coerceDescription(loaded.frontmatter.description ?? `Run ${skillName} skill`, `Run ${skillName} skill`)
+		});
 	}
-	const { baseChatId, threadId } = splitThread(msg.chatId);
-	const groupConfig = account.groups?.[baseChatId];
-	const topicConfig = threadId ? groupConfig?.topics?.[threadId] : void 0;
-	if (groupConfig?.enabled === false) return {
-		allowed: false,
-		reason: "group-disabled"
-	};
-	if (topicConfig?.enabled === false) return {
-		allowed: false,
-		reason: "topic-disabled"
-	};
-	const groupPolicy = topicConfig?.groupPolicy ?? groupConfig?.groupPolicy ?? account.groupPolicy ?? "open";
-	if (groupPolicy === "disabled") return {
-		allowed: false,
-		reason: "group-disabled"
-	};
-	if (groupPolicy === "allowlist") {
-		if (!isAllowListed(msg, toIdSet(topicConfig?.allowFrom ?? groupConfig?.allowFrom ?? account.groupAllowFrom))) return {
-			allowed: false,
-			reason: "group-not-allowlisted"
-		};
+	return specs;
+}
+function listCustomCommandSpecs(config, accountId) {
+	const account = config.channels.telegram.accounts[accountId];
+	if (!account) return [];
+	const commands = Array.isArray(account.customCommands) ? account.customCommands : [];
+	const out = [];
+	for (const entry of commands) {
+		const normalized = sanitizeCommandName(entry.command);
+		if (!TELEGRAM_COMMAND_NAME_RE.test(normalized)) continue;
+		out.push({
+			command: normalized,
+			description: coerceDescription(entry.description, `Run /${normalized}`)
+		});
 	}
-	if ((topicConfig?.requireMention ?? groupConfig?.requireMention ?? false) && !containsMention(msg.text, config.assistantName)) return {
-		allowed: false,
-		reason: "mention-required"
-	};
-	return { allowed: true };
+	return out;
 }
-function canApproveTelegramPairing(params) {
-	const { config, msg } = params;
-	const accountId = (msg.accountId ?? config.channels.telegram.defaultAccountId).trim() || "default";
-	const account = config.channels.telegram.accounts[accountId] ?? config.channels.telegram.accounts[config.channels.telegram.defaultAccountId] ?? config.channels.telegram.accounts.default;
-	if (!account) return false;
-	return isAllowListed(msg, toIdSet(account.allowFrom));
+function listTelegramNativeCommandSpecs(config, accountId) {
+	if (!resolveNativeEnabled(config, accountId)) return [];
+	const out = BASE_COMMANDS.map((command) => ({
+		command: command.nativeName,
+		description: command.description
+	}));
+	if (resolveNativeSkillsEnabled(config)) out.push(...listSkillCommandSpecs(config).map((skill) => ({
+		command: skill.name,
+		description: skill.description
+	})));
+	out.push(...listCustomCommandSpecs(config, accountId));
+	const deduped = [];
+	const seen = /* @__PURE__ */ new Set();
+	for (const entry of out) {
+		if (!TELEGRAM_COMMAND_NAME_RE.test(entry.command)) continue;
+		if (seen.has(entry.command)) continue;
+		seen.add(entry.command);
+		deduped.push(entry);
+		if (deduped.length >= TELEGRAM_COMMAND_LIMIT) break;
+	}
+	return deduped;
+}
+function listBaseCommands() {
+	return [...BASE_COMMANDS];
 }
 
 //#endregion
@@ -2751,11 +3522,28 @@ function buildModelsKeyboard(params) {
 
 //#endregion
 //#region src/channels/telegram-commands.ts
+const SKILL_NAME_RE = /^[a-zA-Z0-9][a-zA-Z0-9._-]{0,63}$/;
+const DEBUG_LOG_LEVELS = new Set([
+	"trace",
+	"debug",
+	"info",
+	"warn",
+	"error",
+	"fatal",
+	"silent"
+]);
+const BLOCKED_CONFIG_PATH_SEGMENTS = new Set([
+	"__proto__",
+	"prototype",
+	"constructor"
+]);
 function extractCommand(text) {
 	const trimmed = text.trim();
 	if (!trimmed.startsWith("/")) return null;
 	const segments = trimmed.split(/\s+/);
-	const command = segments[0]?.slice(1).toLowerCase();
+	const raw = segments[0]?.slice(1).toLowerCase();
+	if (!raw) return null;
+	const command = raw.split("@")[0]?.trim();
 	if (!command) return null;
 	return {
 		command,
@@ -2770,8 +3558,125 @@ function callbackDataFromMessage(msg) {
 function setInteractiveModel(modelRef) {
 	const next = loadFileConfig();
 	next.models.interactive = modelRef;
+	persistFileConfig(next);
+}
+function isRecord$1(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function deepMerge$1(base, patch) {
+	const result = { ...base };
+	for (const [key, value] of Object.entries(patch)) {
+		const existing = result[key];
+		if (isRecord$1(existing) && isRecord$1(value)) {
+			result[key] = deepMerge$1(existing, value);
+			continue;
+		}
+		result[key] = value;
+	}
+	return result;
+}
+function reloadRuntimeConfig() {
+	const reloaded = loadConfig();
+	Object.assign(config, reloaded);
+	logger.level = reloaded.logLevel;
+}
+function persistFileConfig(next) {
 	saveConfigFile(next);
-	config.models.interactive = modelRef;
+	reloadRuntimeConfig();
+	writeOpenClawMirror(config);
+}
+function parseConfigPath(raw) {
+	const pathValue = raw?.trim();
+	if (!pathValue) return null;
+	const segments = pathValue.split(".").map((segment) => segment.trim()).filter(Boolean);
+	if (segments.length === 0) return null;
+	if (segments.some((segment) => BLOCKED_CONFIG_PATH_SEGMENTS.has(segment))) return null;
+	return segments;
+}
+function readPathValue(root, segments) {
+	let current = root;
+	for (const segment of segments) {
+		if (Array.isArray(current)) {
+			const index = Number.parseInt(segment, 10);
+			if (!Number.isInteger(index) || index < 0 || index >= current.length) return { found: false };
+			current = current[index];
+			continue;
+		}
+		if (!isRecord$1(current) || !(segment in current)) return { found: false };
+		current = current[segment];
+	}
+	return {
+		found: true,
+		value: current
+	};
+}
+function writePathValue(root, segments, value) {
+	if (segments.length === 0) return false;
+	let current = root;
+	for (let i = 0; i < segments.length - 1; i += 1) {
+		const segment = segments[i];
+		const nextSegment = segments[i + 1];
+		if (!segment || !nextSegment) return false;
+		if (Array.isArray(current)) {
+			const index = Number.parseInt(segment, 10);
+			if (!Number.isInteger(index) || index < 0) return false;
+			if (current[index] === void 0) current[index] = /^[0-9]+$/.test(nextSegment) ? [] : {};
+			current = current[index];
+			continue;
+		}
+		if (!isRecord$1(current)) return false;
+		const existing = current[segment];
+		if (existing === void 0 || !isRecord$1(existing) && !Array.isArray(existing)) current[segment] = /^[0-9]+$/.test(nextSegment) ? [] : {};
+		current = current[segment];
+	}
+	const lastSegment = segments[segments.length - 1];
+	if (!lastSegment) return false;
+	if (Array.isArray(current)) {
+		const index = Number.parseInt(lastSegment, 10);
+		if (!Number.isInteger(index) || index < 0) return false;
+		current[index] = value;
+		return true;
+	}
+	if (!isRecord$1(current)) return false;
+	current[lastSegment] = value;
+	return true;
+}
+function parseConfigValue(raw) {
+	const trimmed = raw.trim();
+	if (!trimmed) return "";
+	try {
+		return JSON.parse(trimmed);
+	} catch {
+		return raw;
+	}
+}
+function formatValue(value) {
+	if (typeof value === "string") return value;
+	return JSON.stringify(value, null, 2);
+}
+function configSummaryText(current) {
+	return [
+		"Config summary",
+		`assistant.name=${current.assistant.name}`,
+		`models.interactive=${current.models.interactive}`,
+		`models.discord=${current.models.discord}`,
+		`models.cron=${current.models.cron}`,
+		`runtime.mode=${current.runtime.mode}`,
+		`commands.text=${current.commands.text}`,
+		`commands.defaultThinkingLevel=${current.commands.defaultThinkingLevel}`,
+		`commands.config=${current.commands.config}`,
+		`commands.debug=${current.commands.debug}`,
+		`commands.bash=${current.commands.bash}`,
+		`commands.restart=${current.commands.restart}`,
+		`channels.telegram.enabled=${current.channels.telegram.enabled}`,
+		`channels.discord.enabled=${current.channels.discord.enabled}`,
+		"",
+		"Usage:",
+		"/config get <path>",
+		"/config set <path> <json-or-text>",
+		"/config patch <json-object>",
+		"/config reload"
+	].join("\n");
 }
 function groupedModels() {
 	return buildModelCatalog(config.models.aliases).reduce((acc, entry) => {
@@ -2781,9 +3686,57 @@ function groupedModels() {
 		return acc;
 	}, {});
 }
+function workspaceFilePath(agentId, fileName) {
+	return path.join(resolveAgentWorkspaceDir(config, agentId), fileName);
+}
+async function readWorkspaceFileOrEmpty(agentId, fileName) {
+	const filePath = workspaceFilePath(agentId, fileName);
+	try {
+		return await fs$1.readFile(filePath, "utf8");
+	} catch {
+		return "";
+	}
+}
+async function writeWorkspaceFile(agentId, fileName, content) {
+	const filePath = workspaceFilePath(agentId, fileName);
+	await fs$1.mkdir(path.dirname(filePath), { recursive: true });
+	await fs$1.writeFile(filePath, `${content.trimEnd()}\n`, "utf8");
+}
+function trimForTelegram(text, limit = 3600) {
+	if (text.length <= limit) return text;
+	return `${text.slice(0, limit)}\n\n[...truncated]`;
+}
+async function addSkillToAgent(agentId, skillName) {
+	const agentDir = path.join(config.agentsDir, agentId);
+	const agentPath = path.join(agentDir, "agent.json");
+	let parsed = {};
+	try {
+		const raw = await fs$1.readFile(agentPath, "utf8");
+		parsed = JSON.parse(raw);
+	} catch {
+		parsed = {};
+	}
+	const existingSkills = Array.isArray(parsed.skills) ? parsed.skills.filter((value) => typeof value === "string") : [];
+	if (existingSkills.includes(skillName)) return {
+		added: false,
+		path: agentPath
+	};
+	const nextSkills = [...existingSkills, skillName];
+	const next = {
+		...parsed,
+		skills: nextSkills
+	};
+	await fs$1.mkdir(agentDir, { recursive: true });
+	await fs$1.writeFile(agentPath, `${JSON.stringify(next, null, 2)}\n`, "utf8");
+	return {
+		added: true,
+		path: agentPath
+	};
+}
 async function handleModelCallback(context, callbackData) {
 	const parsed = parseModelCallbackData(callbackData);
 	if (!parsed) return false;
+	const authorized = isCommandAuthorized(config, context.msg);
 	const grouped = groupedModels();
 	const target = {
 		channel: "telegram",
@@ -2815,6 +3768,12 @@ async function handleModelCallback(context, callbackData) {
 		if (callbackId) await context.channel.answerCallbackQuery(callbackId);
 		return true;
 	}
+	if (!authorized) {
+		await context.channel.sendMessage(target, "You are not authorized to use this command.");
+		const callbackId = context.msg.raw?.callback_query?.id;
+		if (callbackId) await context.channel.answerCallbackQuery(callbackId, "Not authorized");
+		return true;
+	}
 	const selectedRef = `${parsed.provider}:${parsed.model}`;
 	setInteractiveModel(selectedRef);
 	await context.channel.sendMessage(target, `Interactive model set to ${selectedRef}.`);
@@ -2822,111 +3781,496 @@ async function handleModelCallback(context, callbackData) {
 	if (callbackId) await context.channel.answerCallbackQuery(callbackId, "Model updated");
 	return true;
 }
+function buildCommandsHelpText(accountId) {
+	const nativeCommands = listTelegramNativeCommandSpecs(config, accountId);
+	const fallbackCommands = [...listBaseCommands().map((command) => ({
+		command: command.nativeName,
+		description: command.description
+	})), ...listSkillCommandSpecs(config).map((command) => ({
+		command: command.name,
+		description: command.description
+	}))];
+	return ["Commands:", ...(nativeCommands.length > 0 ? nativeCommands : fallbackCommands).map((command) => `/${command.command} - ${command.description}`)].join("\n");
+}
+function resolveSkillPrompt(skillName, args) {
+	const input = args.join(" ").trim();
+	if (!input) return `Use the ${skillName} skill to help with the user's request.`;
+	return `Use the ${skillName} skill for this request: ${input}`;
+}
+function normalizeSkillName(raw) {
+	const name = raw?.trim();
+	if (!name) return null;
+	if (!SKILL_NAME_RE.test(name)) return null;
+	return name;
+}
+function parseThinkingLevel(raw) {
+	const value = raw?.trim().toLowerCase();
+	if (value === "low" || value === "medium" || value === "high") return value;
+	return null;
+}
 async function handleTelegramCommand(context) {
 	const callbackData = callbackDataFromMessage(context.msg);
-	if (callbackData) return await handleModelCallback(context, callbackData);
+	if (callbackData) return { handled: await handleModelCallback(context, callbackData) };
 	const parsed = extractCommand(context.msg.text);
-	if (!parsed) return false;
+	if (!parsed) return { handled: false };
+	if (!config.commands.text) return { handled: false };
 	const target = {
 		channel: "telegram",
 		chatId: context.msg.chatId,
 		accountId: context.msg.accountId
 	};
-	if (parsed.command === "help") {
-		await context.channel.sendMessage(target, [
-			"Commands:",
-			"/help",
-			"/status",
-			"/models",
-			"/model [provider:model]",
-			"/pair approve <code>",
-			"/pair reject <code>"
-		].join("\n"));
-		return true;
+	const authorized = isCommandAuthorized(config, context.msg);
+	const allowWithoutAuth = parsed.command === "help" || parsed.command === "commands";
+	if (!authorized && !allowWithoutAuth) {
+		await context.channel.sendMessage(target, "You are not authorized to use this command.");
+		return { handled: true };
+	}
+	if (parsed.command === "help" || parsed.command === "commands") {
+		const accountId = (context.msg.accountId ?? config.channels.telegram.defaultAccountId).trim() || "default";
+		await context.channel.sendMessage(target, buildCommandsHelpText(accountId));
+		return { handled: true };
 	}
 	if (parsed.command === "status") {
 		const diagnostics = context.channel.getDiagnostics?.() ?? {};
 		await context.channel.sendMessage(target, `Status\nactiveSessions=${context.db.listSessions().length}\n${JSON.stringify(diagnostics)}`);
-		return true;
+		return { handled: true };
+	}
+	if (parsed.command === "whoami") {
+		const lines = [
+			"Identity",
+			`channel=${context.msg.channel}`,
+			`chatId=${context.msg.chatId}`,
+			`userId=${context.msg.userId}`,
+			`displayName=${context.msg.displayName}`,
+			`agent=${context.agentId}`
+		];
+		await context.channel.sendMessage(target, lines.join("\n"));
+		return { handled: true };
+	}
+	if (parsed.command === "context") {
+		const workspaceDir = resolveAgentWorkspaceDir(config, context.agentId);
+		const lines = [
+			`Agent: ${context.agentId}`,
+			`Workspace: ${workspaceDir}`,
+			"Context files:",
+			...WORKSPACE_CONTEXT_FILE_ORDER.map((file) => `- ${file}`)
+		];
+		await context.channel.sendMessage(target, lines.join("\n"));
+		return { handled: true };
 	}
 	if (parsed.command === "models") {
-		const lines = buildModelCatalog(config.models.aliases).slice(0, 80).map((entry) => `- ${entry.ref}${entry.alias ? ` (alias: ${entry.alias})` : ""}`);
+		const lines = buildModelCatalog(config.models.aliases).slice(0, 100).map((entry) => `- ${entry.ref}${entry.alias ? ` (alias: ${entry.alias})` : ""}`);
 		await context.channel.sendMessage(target, lines.length > 0 ? lines.join("\n") : "No models found.");
-		return true;
+		return { handled: true };
 	}
 	if (parsed.command === "model") {
-		const modelArg = parsed.args[0]?.trim();
+		const modelArg = parsed.args.join(" ").trim();
 		if (modelArg) {
 			setInteractiveModel(modelArg);
 			await context.channel.sendMessage(target, `Interactive model set to ${modelArg}.`);
-			return true;
+			return { handled: true };
 		}
 		const providerEntries = Object.entries(groupedModels()).map(([id, models]) => ({
 			id,
 			count: models.length
 		}));
 		await context.channel.sendRichMessage(target, `Current interactive model: ${config.models.interactive}`, { inlineKeyboard: providerEntries.length > 0 ? buildProviderKeyboard(providerEntries) : buildBrowseProvidersButton() });
-		return true;
+		return { handled: true };
 	}
 	if (parsed.command === "pair") {
-		if (!canApproveTelegramPairing({
-			config,
-			msg: context.msg
-		})) {
-			await context.channel.sendMessage(target, "Not authorized to approve pairing requests.");
-			return true;
-		}
-		const action = parsed.args[0]?.toLowerCase();
-		const code = parsed.args[1]?.trim().toUpperCase();
 		const accountId = (context.msg.accountId ?? config.channels.telegram.defaultAccountId).trim() || "default";
-		if (!action || !code) {
-			await context.channel.sendMessage(target, "Usage: /pair approve <code> or /pair reject <code>");
-			return true;
+		const code = (parsed.args[1] ?? parsed.args[0])?.trim().toUpperCase() || "<code>";
+		await context.channel.sendMessage(target, `Pair approvals are CLI-only. Run: hovclaw pairing approve --channel telegram --account ${accountId} ${code}`);
+		return { handled: true };
+	}
+	if (parsed.command === "skills") {
+		const skills = listAvailableSkills();
+		if (skills.length === 0) {
+			await context.channel.sendMessage(target, "No installed skills found.");
+			return { handled: true };
 		}
-		if (action === "approve") {
-			const result = context.pairingStore.approveByCode(accountId, code);
-			if (!result.ok) await context.channel.sendMessage(target, `Pairing code not found: ${code}`);
-			else {
-				context.db.appendAuditEvent({
-					actor: "channel",
-					eventType: "telegram.pair.approve",
-					payload: {
-						accountId,
-						code,
-						userId: result.userId,
-						approver: context.msg.userId
-					}
-				});
-				await context.channel.sendMessage(target, `Approved pairing for user ${result.userId}.`);
+		const lines = skills.slice(0, 40).map((name) => {
+			return `- ${name}: ${loadSkill(name)?.frontmatter.description?.trim() || "No description"}`;
+		});
+		await context.channel.sendMessage(target, trimForTelegram(lines.join("\n")));
+		return { handled: true };
+	}
+	if (parsed.command === "identity" || parsed.command === "soul") {
+		const fileName = parsed.command === "identity" ? "IDENTITY.md" : "SOUL.md";
+		const subcommand = parsed.args[0]?.toLowerCase();
+		const body = parsed.args.slice(1).join(" ").trim();
+		if (!subcommand || subcommand === "view") {
+			const current = await readWorkspaceFileOrEmpty(context.agentId, fileName);
+			if (!current.trim()) {
+				await context.channel.sendMessage(target, `${fileName} is empty.`);
+				return { handled: true };
 			}
-			return true;
+			await context.channel.sendMessage(target, trimForTelegram(current));
+			return { handled: true };
 		}
-		if (action === "reject") {
-			const result = context.pairingStore.rejectByCode(accountId, code);
-			if (!result.ok) await context.channel.sendMessage(target, `Pairing code not found: ${code}`);
-			else {
-				context.db.appendAuditEvent({
-					actor: "channel",
-					eventType: "telegram.pair.reject",
-					payload: {
-						accountId,
-						code,
-						userId: result.userId,
-						approver: context.msg.userId
-					}
-				});
-				await context.channel.sendMessage(target, `Rejected pairing for user ${result.userId}.`);
+		if (subcommand === "set") {
+			if (!body) {
+				await context.channel.sendMessage(target, `Usage: /${parsed.command} set <content>`);
+				return { handled: true };
 			}
-			return true;
+			await writeWorkspaceFile(context.agentId, fileName, body);
+			await context.channel.sendMessage(target, `${fileName} updated.`);
+			return { handled: true };
 		}
-		await context.channel.sendMessage(target, "Unknown /pair action. Use approve or reject.");
-		return true;
+		if (subcommand === "append") {
+			if (!body) {
+				await context.channel.sendMessage(target, `Usage: /${parsed.command} append <content>`);
+				return { handled: true };
+			}
+			const current = await readWorkspaceFileOrEmpty(context.agentId, fileName);
+			const next = current.trim().length > 0 ? `${current.trimEnd()}\n${body}` : body;
+			await writeWorkspaceFile(context.agentId, fileName, next);
+			await context.channel.sendMessage(target, `${fileName} appended.`);
+			return { handled: true };
+		}
+		await context.channel.sendMessage(target, `Usage: /${parsed.command} [view]\n/${parsed.command} set <content>\n/${parsed.command} append <content>`);
+		return { handled: true };
+	}
+	if (parsed.command === "reset" || parsed.command === "new") {
+		const remainder = parsed.args.join(" ").trim();
+		if (!remainder) return {
+			handled: true,
+			resetSession: true
+		};
+		return {
+			handled: false,
+			resetSession: true,
+			promptOverride: remainder
+		};
 	}
-	return false;
+	if (parsed.command === "skill") {
+		const sub = parsed.args[0]?.toLowerCase();
+		if (!sub) {
+			await context.channel.sendMessage(target, "Usage: /skill <name> [input] | /skill create <name> [description] | /skill add <name>");
+			return { handled: true };
+		}
+		if (sub === "create") {
+			const name = normalizeSkillName(parsed.args[1]);
+			if (!name) {
+				await context.channel.sendMessage(target, "Usage: /skill create <name> [description]");
+				return { handled: true };
+			}
+			const description = parsed.args.slice(2).join(" ").trim() || `Skill ${name}`;
+			const skillDir = path.join(config.skillsDir, name);
+			const skillPath = path.join(skillDir, "SKILL.md");
+			const scaffold = [
+				"---",
+				`name: ${name}`,
+				`description: ${description}`,
+				"---",
+				"",
+				`# ${name}`,
+				"",
+				"Describe how this skill should solve the task."
+			].join("\n");
+			try {
+				await fs$1.mkdir(skillDir, { recursive: false });
+			} catch {
+				await context.channel.sendMessage(target, `Skill already exists: ${name}`);
+				return { handled: true };
+			}
+			await fs$1.writeFile(skillPath, `${scaffold}\n`, "utf8");
+			await context.channel.sendMessage(target, `Created ${skillPath}`);
+			return { handled: true };
+		}
+		if (sub === "add") {
+			const skillName = normalizeSkillName(parsed.args[1]);
+			if (!skillName) {
+				await context.channel.sendMessage(target, "Usage: /skill add <name>");
+				return { handled: true };
+			}
+			const { added, path: agentPath } = await addSkillToAgent(context.agentId, skillName);
+			await context.channel.sendMessage(target, added ? `Added ${skillName} to ${agentPath}` : `${skillName} is already enabled for ${context.agentId}.`);
+			return { handled: true };
+		}
+		const targetSkill = normalizeSkillName(sub);
+		if (!targetSkill) {
+			await context.channel.sendMessage(target, "Invalid skill name.");
+			return { handled: true };
+		}
+		if (!new Set(listAvailableSkills()).has(targetSkill)) {
+			await context.channel.sendMessage(target, `Skill not found: ${targetSkill}. Run /skills to list installed skills or /skill create ${targetSkill}.`);
+			return { handled: true };
+		}
+		return {
+			handled: false,
+			promptOverride: resolveSkillPrompt(targetSkill, parsed.args.slice(1))
+		};
+	}
+	const skillCommand = listSkillCommandSpecs(config).find((entry) => entry.name === parsed.command);
+	if (skillCommand) return {
+		handled: false,
+		promptOverride: resolveSkillPrompt(skillCommand.skillName, parsed.args)
+	};
+	if (parsed.command === "think") {
+		if (parsed.args.length === 0) {
+			await context.channel.sendMessage(target, [
+				`Default thinking level: ${config.commands.defaultThinkingLevel}`,
+				"Usage:",
+				"/think <low|medium|high> <task>",
+				"/think default <low|medium|high>"
+			].join("\n"));
+			return { handled: true };
+		}
+		if (parsed.args[0]?.trim().toLowerCase() === "default") {
+			const requested = parseThinkingLevel(parsed.args[1]);
+			if (!requested) {
+				await context.channel.sendMessage(target, `Current default thinking level: ${config.commands.defaultThinkingLevel}\nUsage: /think default <low|medium|high>`);
+				return { handled: true };
+			}
+			const next = loadFileConfig();
+			next.commands.defaultThinkingLevel = requested;
+			try {
+				persistFileConfig(next);
+			} catch (error) {
+				const message = error instanceof Error ? error.message : String(error);
+				await context.channel.sendMessage(target, `Failed to update default thinking level: ${message}`);
+				return { handled: true };
+			}
+			await context.channel.sendMessage(target, `Default thinking level set to ${requested}.`);
+			return { handled: true };
+		}
+		const level = parseThinkingLevel(parsed.args[0]);
+		if (!level || parsed.args.length < 2) {
+			await context.channel.sendMessage(target, "Usage: /think <low|medium|high> <task>\nOr set default: /think default <low|medium|high>");
+			return { handled: true };
+		}
+		return {
+			handled: false,
+			promptOverride: parsed.args.slice(1).join(" ").trim(),
+			thinkingLevelOverride: level
+		};
+	}
+	if (parsed.command === "reasoning") {
+		if (parsed.args.length < 2) {
+			await context.channel.sendMessage(target, "Usage: /reasoning <on|off> <task>\nThis command is per-message and not persisted.");
+			return { handled: true };
+		}
+		const mode = (parsed.args[0] ?? "on").trim().toLowerCase() === "off" ? "off" : "on";
+		const task = parsed.args.slice(1).join(" ").trim();
+		return {
+			handled: false,
+			promptOverride: mode === "on" ? `Solve this task and include concise reasoning in your response: ${task}` : `Solve this task and return only final output without exposing internal reasoning: ${task}`
+		};
+	}
+	if (parsed.command === "verbose") {
+		if (parsed.args.length < 2) {
+			await context.channel.sendMessage(target, "Usage: /verbose <on|off> <task>\nThis command is per-message and not persisted.");
+			return { handled: true };
+		}
+		const mode = (parsed.args[0] ?? "on").trim().toLowerCase() === "off" ? "off" : "on";
+		const task = parsed.args.slice(1).join(" ").trim();
+		return {
+			handled: false,
+			promptOverride: mode === "on" ? `Answer in a detailed, explicit style for this request: ${task}` : `Answer briefly and directly for this request: ${task}`
+		};
+	}
+	if (parsed.command === "stop") {
+		await context.channel.sendMessage(target, "Stopping an in-flight run is not supported yet. Use /new to start a fresh session.");
+		return { handled: true };
+	}
+	if (parsed.command === "restart") {
+		if (!config.commands.restart) {
+			await context.channel.sendMessage(target, "Restart command is disabled. Set commands.restart=true to enable.");
+			return { handled: true };
+		}
+		await context.channel.sendMessage(target, "Restart requested. Applying restart now.");
+		try {
+			if ((await requestDaemonRestartFromCurrentProcess()).mode === "spawn-reexec") setTimeout(() => {
+				try {
+					process.kill(process.pid, "SIGTERM");
+				} catch {}
+			}, 250);
+		} catch (error) {
+			const message = error instanceof Error ? error.message : String(error);
+			await context.channel.sendMessage(target, `Restart failed: ${message}`);
+		}
+		return { handled: true };
+	}
+	if (parsed.command === "config") {
+		if (!config.commands.config) {
+			await context.channel.sendMessage(target, "/config is disabled. Set commands.config=true to enable.");
+			return { handled: true };
+		}
+		const sub = parsed.args[0]?.toLowerCase() ?? "show";
+		if (sub === "show" || sub === "status") {
+			const current = loadFileConfig();
+			await context.channel.sendMessage(target, trimForTelegram(configSummaryText(current)));
+			return { handled: true };
+		}
+		if (sub === "reload") {
+			try {
+				reloadRuntimeConfig();
+			} catch (error) {
+				const message = error instanceof Error ? error.message : String(error);
+				await context.channel.sendMessage(target, `Failed to reload config: ${message}`);
+				return { handled: true };
+			}
+			await context.channel.sendMessage(target, "Reloaded runtime config from disk.");
+			return { handled: true };
+		}
+		if (sub === "get") {
+			const pathSegments = parseConfigPath(parsed.args[1]);
+			if (!pathSegments) {
+				await context.channel.sendMessage(target, "Usage: /config get <path>");
+				return { handled: true };
+			}
+			const found = readPathValue(loadFileConfig(), pathSegments);
+			if (!found.found) {
+				await context.channel.sendMessage(target, `Path not found: ${parsed.args[1]}`);
+				return { handled: true };
+			}
+			const pretty = formatValue(found.value);
+			await context.channel.sendMessage(target, trimForTelegram(`${parsed.args[1]} = ${pretty}`));
+			return { handled: true };
+		}
+		if (sub === "set") {
+			const pathSegments = parseConfigPath(parsed.args[1]);
+			const valueRaw = parsed.args.slice(2).join(" ");
+			if (!pathSegments || !valueRaw.trim()) {
+				await context.channel.sendMessage(target, "Usage: /config set <path> <json-or-text>");
+				return { handled: true };
+			}
+			const next = loadFileConfig();
+			if (!writePathValue(next, pathSegments, parseConfigValue(valueRaw))) {
+				await context.channel.sendMessage(target, `Could not update path: ${parsed.args[1]}`);
+				return { handled: true };
+			}
+			try {
+				persistFileConfig(next);
+			} catch (error) {
+				const message = error instanceof Error ? error.message : String(error);
+				await context.channel.sendMessage(target, `Config update failed: ${message}`);
+				return { handled: true };
+			}
+			await context.channel.sendMessage(target, `Updated ${parsed.args[1]}.`);
+			return { handled: true };
+		}
+		if (sub === "patch") {
+			const patchRaw = parsed.args.slice(1).join(" ").trim();
+			if (!patchRaw) {
+				await context.channel.sendMessage(target, "Usage: /config patch <json-object>");
+				return { handled: true };
+			}
+			let patch;
+			try {
+				patch = JSON.parse(patchRaw);
+			} catch (error) {
+				const message = error instanceof Error ? error.message : String(error);
+				await context.channel.sendMessage(target, `Invalid JSON patch: ${message}`);
+				return { handled: true };
+			}
+			if (!isRecord$1(patch)) {
+				await context.channel.sendMessage(target, "Patch must be a JSON object.");
+				return { handled: true };
+			}
+			const merged = deepMerge$1(loadFileConfig(), patch);
+			try {
+				persistFileConfig(merged);
+			} catch (error) {
+				const message = error instanceof Error ? error.message : String(error);
+				await context.channel.sendMessage(target, `Config patch failed: ${message}`);
+				return { handled: true };
+			}
+			await context.channel.sendMessage(target, "Config patch applied.");
+			return { handled: true };
+		}
+		await context.channel.sendMessage(target, "Usage: /config show | get <path> | set <path> <value> | patch <json-object> | reload");
+		return { handled: true };
+	}
+	if (parsed.command === "debug") {
+		const sub = parsed.args[0]?.toLowerCase() ?? "status";
+		const canSelfEnable = sub === "on";
+		if (!config.commands.debug && !canSelfEnable) {
+			await context.channel.sendMessage(target, "/debug is disabled. Set commands.debug=true to enable.");
+			return { handled: true };
+		}
+		if (sub === "on" || sub === "off") {
+			const next = loadFileConfig();
+			next.commands.debug = sub === "on";
+			try {
+				persistFileConfig(next);
+			} catch (error) {
+				const message = error instanceof Error ? error.message : String(error);
+				await context.channel.sendMessage(target, `Failed to update debug mode: ${message}`);
+				return { handled: true };
+			}
+			await context.channel.sendMessage(target, `commands.debug=${next.commands.debug}`);
+			return { handled: true };
+		}
+		if (sub === "level") {
+			const requested = parsed.args[1]?.trim().toLowerCase();
+			if (!requested || !DEBUG_LOG_LEVELS.has(requested)) {
+				await context.channel.sendMessage(target, "Usage: /debug level <trace|debug|info|warn|error|fatal|silent>");
+				return { handled: true };
+			}
+			logger.level = requested;
+			process.env.LOG_LEVEL = requested;
+			await context.channel.sendMessage(target, `Logger level set to ${requested} (runtime only).`);
+			return { handled: true };
+		}
+		if (sub === "dump") {
+			const payload = {
+				pid: process.pid,
+				uptimeSec: Math.floor(process.uptime()),
+				loggerLevel: logger.level,
+				commands: config.commands,
+				activeSessions: context.db.listSessions().length,
+				channelDiagnostics: context.channel.getDiagnostics?.() ?? {}
+			};
+			await context.channel.sendMessage(target, trimForTelegram(JSON.stringify(payload, null, 2)));
+			return { handled: true };
+		}
+		if (sub === "status") {
+			const lines = [
+				"Debug status",
+				`pid=${process.pid}`,
+				`uptimeSec=${Math.floor(process.uptime())}`,
+				`logger.level=${logger.level}`,
+				`commands.debug=${config.commands.debug}`,
+				`commands.config=${config.commands.config}`,
+				`commands.bash=${config.commands.bash}`,
+				`commands.restart=${config.commands.restart}`,
+				`activeSessions=${context.db.listSessions().length}`,
+				"",
+				"Usage:",
+				"/debug status",
+				"/debug level <trace|debug|info|warn|error|fatal|silent>",
+				"/debug dump",
+				"/debug on|off"
+			];
+			await context.channel.sendMessage(target, lines.join("\n"));
+			return { handled: true };
+		}
+		await context.channel.sendMessage(target, "Usage: /debug status | level <...> | dump | on | off");
+		return { handled: true };
+	}
+	if (parsed.command === "bash") {
+		if (!config.commands.bash) {
+			await context.channel.sendMessage(target, "/bash is disabled. Set commands.bash=true to enable.");
+			return { handled: true };
+		}
+		return {
+			handled: false,
+			promptOverride: `Run this shell command safely: ${parsed.args.join(" ").trim()}`
+		};
+	}
+	return { handled: false };
 }
 
 //#endregion
 //#region src/channels/telegram-pairing-store.ts
+function emptyState() {
+	return {
+		approved: {},
+		pending: {}
+	};
+}
 function nowIso$1() {
 	return (/* @__PURE__ */ new Date()).toISOString();
 }
@@ -2935,44 +4279,31 @@ function randomCode() {
 }
 var TelegramPairingStore = class {
 	filePath;
-	state = null;
 	constructor(storeDir) {
 		this.filePath = path.join(storeDir, "telegram-pairing.json");
 	}
-	load() {
-		if (this.state) return this.state;
-		if (!fs.existsSync(this.filePath)) {
-			this.state = {
-				approved: {},
-				pending: {}
-			};
-			return this.state;
-		}
+	readState() {
+		if (!fs.existsSync(this.filePath)) return emptyState();
 		try {
 			const parsed = JSON.parse(fs.readFileSync(this.filePath, "utf8"));
-			this.state = {
+			if (!parsed || typeof parsed !== "object") return emptyState();
+			return {
 				approved: parsed.approved ?? {},
 				pending: parsed.pending ?? {}
 			};
-			return this.state;
 		} catch {
-			this.state = {
-				approved: {},
-				pending: {}
-			};
-			return this.state;
+			return emptyState();
 		}
 	}
-	save() {
-		if (!this.state) return;
+	writeState(state) {
 		fs.mkdirSync(path.dirname(this.filePath), { recursive: true });
-		fs.writeFileSync(this.filePath, `${JSON.stringify(this.state, null, 2)}\n`, "utf8");
+		fs.writeFileSync(this.filePath, `${JSON.stringify(state, null, 2)}\n`, "utf8");
 	}
 	isApproved(accountId, userId) {
-		return (this.load().approved[accountId] ?? []).includes(userId);
+		return (this.readState().approved[accountId] ?? []).includes(userId);
 	}
 	ensurePendingCode(accountId, userId) {
-		const state = this.load();
+		const state = this.readState();
 		const pendingByAccount = state.pending[accountId] ?? {};
 		const existing = Object.entries(pendingByAccount).find(([, entry]) => entry.userId === userId);
 		if (existing) return existing[0];
@@ -2984,11 +4315,11 @@ var TelegramPairingStore = class {
 				createdAt: nowIso$1()
 			}
 		};
-		this.save();
+		this.writeState(state);
 		return code;
 	}
 	approveByCode(accountId, code) {
-		const state = this.load();
+		const state = this.readState();
 		const pendingByAccount = state.pending[accountId] ?? {};
 		const entry = pendingByAccount[code];
 		if (!entry) return { ok: false };
@@ -2997,118 +4328,150 @@ var TelegramPairingStore = class {
 		state.approved[accountId] = Array.from(approved).sort((a, b) => a.localeCompare(b));
 		delete pendingByAccount[code];
 		state.pending[accountId] = pendingByAccount;
-		this.save();
+		this.writeState(state);
+		return {
+			ok: true,
+			userId: entry.userId
+		};
+	}
+	rejectByCode(accountId, code) {
+		const state = this.readState();
+		const pendingByAccount = state.pending[accountId] ?? {};
+		const entry = pendingByAccount[code];
+		if (!entry) return { ok: false };
+		delete pendingByAccount[code];
+		state.pending[accountId] = pendingByAccount;
+		this.writeState(state);
 		return {
 			ok: true,
 			userId: entry.userId
 		};
-	}
-	rejectByCode(accountId, code) {
-		const state = this.load();
-		const pendingByAccount = state.pending[accountId] ?? {};
-		const entry = pendingByAccount[code];
-		if (!entry) return { ok: false };
-		delete pendingByAccount[code];
-		state.pending[accountId] = pendingByAccount;
-		this.save();
+	}
+};
+
+//#endregion
+//#region src/channels/telegram-policy.ts
+function toIdSet(values) {
+	return new Set((values ?? []).map((value) => String(value).trim().toLowerCase()).filter(Boolean));
+}
+function splitThread(chatId) {
+	const [baseChatIdRaw, threadIdRaw] = chatId.split("#");
+	return {
+		baseChatId: baseChatIdRaw ?? chatId,
+		...threadIdRaw ? { threadId: threadIdRaw } : {}
+	};
+}
+function isDirectMessage(msg) {
+	return msg.peer?.kind === "direct" || !msg.chatId.startsWith("-") && !msg.chatId.includes("#");
+}
+function containsMention(text, assistantName) {
+	const normalized = assistantName.trim().toLowerCase();
+	if (!normalized) return false;
+	return text.toLowerCase().includes(`@${normalized}`);
+}
+function isAllowListed(msg, allowSet) {
+	if (allowSet.has("*")) return true;
+	const userId = msg.userId.trim().toLowerCase();
+	if (userId && allowSet.has(userId)) return true;
+	const displayName = msg.displayName.trim().replace(/^@/, "").toLowerCase();
+	if (displayName && allowSet.has(displayName)) return true;
+	return false;
+}
+function evaluateTelegramPolicy(params) {
+	const { config, msg, pairingStore } = params;
+	const accountId = (msg.accountId ?? config.channels.telegram.defaultAccountId).trim() || "default";
+	const account = config.channels.telegram.accounts[accountId] ?? config.channels.telegram.accounts[config.channels.telegram.defaultAccountId] ?? config.channels.telegram.accounts.default;
+	if (!account || account.enabled === false) return {
+		allowed: false,
+		reason: "account-disabled"
+	};
+	const direct = isDirectMessage(msg);
+	const allowFromSet = toIdSet(account.allowFrom);
+	if (direct) {
+		const dmPolicy = account.dmPolicy ?? "pairing";
+		if (dmPolicy === "disabled") return {
+			allowed: false,
+			reason: "dm-disabled"
+		};
+		if (dmPolicy === "open") return { allowed: true };
+		if (dmPolicy === "allowlist") {
+			if (isAllowListed(msg, allowFromSet) || pairingStore.isApproved(accountId, msg.userId)) return { allowed: true };
+			return {
+				allowed: false,
+				reason: "dm-not-allowlisted"
+			};
+		}
+		if (isAllowListed(msg, allowFromSet) || pairingStore.isApproved(accountId, msg.userId)) return { allowed: true };
 		return {
-			ok: true,
-			userId: entry.userId
+			allowed: false,
+			reason: "pairing-required",
+			pairingCode: pairingStore.ensurePendingCode(accountId, msg.userId)
 		};
 	}
-};
-
-//#endregion
-//#region src/compat/openclaw-mirror.ts
-function resolveOpenClawHome(env = process.env) {
-	const override = env.OPENCLAW_STATE_DIR?.trim();
-	if (override) return path.resolve(override.startsWith("~") ? path.join(os.homedir(), override.slice(1)) : override);
-	return path.join(os.homedir(), ".openclaw");
-}
-function resolveOpenClawConfigPath(openclawHome) {
-	return path.join(openclawHome, "openclaw.json");
-}
-function resolveOpenClawSharedSkillsPath(openclawHome) {
-	return path.join(openclawHome, "skills");
-}
-function buildMirrorConfig(config) {
-	const fallbackWorkspace = config.agents.defaults.workspace || path.join(config.hovclawHome, "workspace");
-	const agentList = config.agents.list.length > 0 ? config.agents.list : [{
-		id: "main",
-		name: "Main",
-		workspace: fallbackWorkspace,
-		default: true
-	}];
-	const extraDirs = /* @__PURE__ */ new Set();
-	extraDirs.add(config.skillsDir);
-	for (const agent of agentList) {
-		const workspace = (agent.workspace || fallbackWorkspace).trim();
-		if (!workspace) continue;
-		extraDirs.add(path.join(workspace, "skills"));
+	const { baseChatId, threadId } = splitThread(msg.chatId);
+	const groupConfig = account.groups?.[baseChatId];
+	const topicConfig = threadId ? groupConfig?.topics?.[threadId] : void 0;
+	if (groupConfig?.enabled === false) return {
+		allowed: false,
+		reason: "group-disabled"
+	};
+	if (topicConfig?.enabled === false) return {
+		allowed: false,
+		reason: "topic-disabled"
+	};
+	const groupPolicy = topicConfig?.groupPolicy ?? groupConfig?.groupPolicy ?? account.groupPolicy ?? "open";
+	if (groupPolicy === "disabled") return {
+		allowed: false,
+		reason: "group-disabled"
+	};
+	if (groupPolicy === "allowlist") {
+		if (!isAllowListed(msg, toIdSet(topicConfig?.allowFrom ?? groupConfig?.allowFrom ?? account.groupAllowFrom))) return {
+			allowed: false,
+			reason: "group-not-allowlisted"
+		};
 	}
-	return {
-		agent: { workspace: fallbackWorkspace },
-		agents: {
-			defaults: { workspace: fallbackWorkspace },
-			list: agentList
-		},
-		skills: { load: { extraDirs: Array.from(extraDirs) } }
+	if ((topicConfig?.requireMention ?? groupConfig?.requireMention ?? false) && !containsMention(msg.text, config.assistantName)) return {
+		allowed: false,
+		reason: "mention-required"
 	};
+	return { allowed: true };
 }
-function ensureDir(dirPath) {
-	fs.mkdirSync(dirPath, {
-		recursive: true,
-		mode: 448
-	});
-}
-function syncSkillsDir(sharedSkillsPath, sourceSkillsPath) {
-	if (!fs.existsSync(sourceSkillsPath)) {
-		ensureDir(sharedSkillsPath);
-		return false;
-	}
-	try {
-		if (fs.lstatSync(sharedSkillsPath).isSymbolicLink()) {
-			const linkTarget = fs.readlinkSync(sharedSkillsPath);
-			if (path.resolve(path.dirname(sharedSkillsPath), linkTarget) === sourceSkillsPath) return true;
-			fs.unlinkSync(sharedSkillsPath);
-		}
-	} catch {}
-	if (!fs.existsSync(sharedSkillsPath)) try {
-		fs.symlinkSync(sourceSkillsPath, sharedSkillsPath, "dir");
-		return true;
-	} catch {}
-	ensureDir(sharedSkillsPath);
-	for (const entry of fs.readdirSync(sourceSkillsPath, { withFileTypes: true })) {
-		const src = path.join(sourceSkillsPath, entry.name);
-		const dst = path.join(sharedSkillsPath, entry.name);
-		if (entry.isDirectory()) {
-			fs.cpSync(src, dst, {
-				recursive: true,
-				force: true
-			});
+
+//#endregion
+//#region src/redaction.ts
+const REDACTED_VALUE = "[REDACTED]";
+const SENSITIVE_KEY_PATTERNS = [
+	/token/i,
+	/password/i,
+	/secret/i,
+	/api[_-]?key/i,
+	/^key$/i,
+	/authorization/i,
+	/cookie/i,
+	/refresh/i,
+	/access/i
+];
+function isSensitiveKey(key) {
+	return SENSITIVE_KEY_PATTERNS.some((pattern) => pattern.test(key));
+}
+function redactValue(value, seen) {
+	if (Array.isArray(value)) return value.map((entry) => redactValue(entry, seen));
+	if (!value || typeof value !== "object") return value;
+	if (seen.has(value)) return "[Circular]";
+	seen.add(value);
+	const record = value;
+	const result = {};
+	for (const [key, entry] of Object.entries(record)) {
+		if (isSensitiveKey(key)) {
+			result[key] = REDACTED_VALUE;
 			continue;
 		}
-		if (entry.isFile()) fs.copyFileSync(src, dst);
+		result[key] = redactValue(entry, seen);
 	}
-	return false;
+	return result;
 }
-function writeOpenClawMirror(config) {
-	const openclawHome = resolveOpenClawHome();
-	const configPath = resolveOpenClawConfigPath(openclawHome);
-	const sharedSkillsPath = resolveOpenClawSharedSkillsPath(openclawHome);
-	ensureDir(openclawHome);
-	const mirrorConfig = buildMirrorConfig(config);
-	fs.writeFileSync(configPath, `${JSON.stringify(mirrorConfig, null, 2)}\n`, {
-		encoding: "utf8",
-		mode: 384
-	});
-	fs.chmodSync(configPath, 384);
-	return {
-		openclawHome,
-		configPath,
-		sharedSkillsPath,
-		linkedSharedSkills: syncSkillsDir(sharedSkillsPath, config.skillsDir)
-	};
+function redactSensitiveData(value) {
+	return redactValue(value, /* @__PURE__ */ new WeakSet());
 }
 
 //#endregion
@@ -3384,6 +4747,11 @@ var HovClawDb = class {
 	getAgentState(sessionKey) {
 		return this.db.prepare(`SELECT state_json FROM agent_state WHERE session_key = ?`).get(sessionKey)?.state_json ?? null;
 	}
+	clearSession(sessionKey) {
+		this.db.prepare(`DELETE FROM agent_state WHERE session_key = ?`).run(sessionKey);
+		this.db.prepare(`DELETE FROM messages WHERE session_key = ?`).run(sessionKey);
+		this.db.prepare(`DELETE FROM sessions WHERE session_key = ?`).run(sessionKey);
+	}
 	recordUsageCost(record) {
 		this.db.prepare(`
         INSERT INTO usage_costs (
@@ -3525,10 +4893,11 @@ var HovClawDb = class {
 		}));
 	}
 	appendAuditEvent(record) {
+		const sanitizedPayload = redactSensitiveData(record.payload);
 		this.db.prepare(`
         INSERT INTO audit_log (ts, session_key, actor, event_type, payload_json)
         VALUES (?, ?, ?, ?, ?)
-      `).run(record.ts ?? nowIso(), record.sessionKey ?? null, record.actor, record.eventType, JSON.stringify(record.payload));
+      `).run(record.ts ?? nowIso(), record.sessionKey ?? null, record.actor, record.eventType, JSON.stringify(sanitizedPayload));
 	}
 	getAuditEvents(eventType) {
 		const query = eventType ? `SELECT ts, session_key, actor, event_type, payload_json FROM audit_log WHERE event_type = ? ORDER BY id DESC` : `SELECT ts, session_key, actor, event_type, payload_json FROM audit_log ORDER BY id DESC`;
@@ -3709,7 +5078,7 @@ function deepMerge(base, patch) {
 	return result;
 }
 const configGetMethod = async (_params, context) => {
-	return context.readFileConfig();
+	return redactSensitiveData(context.readFileConfig());
 };
 const configSetMethod = async (params, context) => {
 	const parsed = configSetParamsSchema.parse(params);
@@ -3791,7 +5160,7 @@ const logsTailMethod = async (params, context) => {
 		message: event.eventType,
 		sessionKey: event.sessionKey,
 		actor: event.actor,
-		payload: event.payload
+		payload: redactSensitiveData(event.payload)
 	})) };
 };
 
@@ -4120,7 +5489,46 @@ function sendResponse(socket, id, ok, payload, error) {
 function setUiSecurityHeaders(res) {
 	res.setHeader("X-Frame-Options", "DENY");
 	res.setHeader("X-Content-Type-Options", "nosniff");
-	res.setHeader("Content-Security-Policy", "frame-ancestors 'none'");
+	res.setHeader("Content-Security-Policy", [
+		"default-src 'self'",
+		"script-src 'self'",
+		"style-src 'self'",
+		"img-src 'self' data:",
+		"font-src 'self'",
+		"connect-src 'self'",
+		"object-src 'none'",
+		"base-uri 'none'",
+		"frame-ancestors 'none'",
+		"form-action 'none'"
+	].join("; "));
+}
+function normalizeOrigin(value) {
+	try {
+		const parsed = new URL(value);
+		if (parsed.protocol !== "http:" && parsed.protocol !== "https:") return null;
+		return `${parsed.protocol}//${parsed.host}`.toLowerCase();
+	} catch {
+		return null;
+	}
+}
+function isOriginAllowed(request, config) {
+	const rawOrigin = request.headers.origin;
+	if (typeof rawOrigin !== "string" || rawOrigin.trim().length === 0) return true;
+	const normalizedOrigin = normalizeOrigin(rawOrigin.trim());
+	if (!normalizedOrigin) return false;
+	const rawHost = request.headers.host;
+	if (typeof rawHost === "string" && rawHost.trim().length > 0) {
+		const normalizedHost = rawHost.trim().toLowerCase();
+		if (normalizedOrigin === `http://${normalizedHost}` || normalizedOrigin === `https://${normalizedHost}`) return true;
+	}
+	const allowedOrigins = config.gateway.auth.allowedOrigins;
+	if (allowedOrigins.includes("*")) return true;
+	for (const allowed of allowedOrigins) {
+		const normalizedAllowed = normalizeOrigin(allowed);
+		if (!normalizedAllowed) continue;
+		if (normalizedAllowed === normalizedOrigin) return true;
+	}
+	return false;
 }
 function contentTypeForFile(filePath) {
 	const ext = path.extname(filePath).toLowerCase();
@@ -4221,6 +5629,15 @@ var HovClawGatewayServer = class {
 				socket.destroy();
 				return;
 			}
+			if (!isOriginAllowed(request, this.runtimeConfig)) {
+				socket.write("HTTP/1.1 403 Forbidden\r\nConnection: close\r\n\r\n");
+				socket.destroy();
+				logger.warn({
+					origin: request.headers.origin,
+					host: request.headers.host
+				}, "Rejected websocket upgrade due to origin policy");
+				return;
+			}
 			this.wss.handleUpgrade(request, socket, head, (wsSocket) => {
 				this.wss?.emit("connection", wsSocket, request);
 			});
@@ -4335,7 +5752,14 @@ var HovClawGatewayServer = class {
 		const connectParams = parseConnectParams(request.params);
 		const expectedToken = this.runtimeConfig.gateway.auth.token.trim();
 		const expectedPassword = this.runtimeConfig.gateway.auth.password.trim();
-		if (!expectedToken && !expectedPassword) return { ok: true };
+		const allowUnauthenticated = this.runtimeConfig.gateway.auth.allowUnauthenticated;
+		if (!expectedToken && !expectedPassword) {
+			if (allowUnauthenticated) return { ok: true };
+			return {
+				ok: false,
+				reason: "gateway auth required"
+			};
+		}
 		if (expectedToken && connectParams.auth?.token === expectedToken) return { ok: true };
 		if (expectedPassword && connectParams.auth?.password === expectedPassword) return { ok: true };
 		return {
@@ -4612,19 +6036,67 @@ function extractCommandPrefix$1(command) {
 	if (!trimmed) return "";
 	return trimmed.split(/\s+/)[0] ?? "";
 }
-function splitCommandSegments$1(command) {
-	return command.split(/(?:&&|\|\||[;|\n])/).map((segment) => segment.trim()).filter(Boolean);
+function nonOptionArgs$1(args) {
+	const out = [];
+	let skipNext = false;
+	for (const arg of args) {
+		if (skipNext) {
+			skipNext = false;
+			continue;
+		}
+		if (arg === "--") break;
+		if (arg === "-n" || arg === "-c" || arg === "--max-depth" || arg === "--glob" || arg === "--iglob" || arg === "--type" || arg === "--type-not" || arg === "-e" || arg === "-f") {
+			skipNext = true;
+			continue;
+		}
+		if (arg.startsWith("-")) continue;
+		out.push(arg);
+	}
+	return out;
+}
+function isLikelyPathOperand$1(value) {
+	const trimmed = value.trim();
+	if (!trimmed) return false;
+	if (/^\d+$/.test(trimmed)) return false;
+	if (trimmed.startsWith("http://") || trimmed.startsWith("https://")) return false;
+	if (trimmed === "." || trimmed === ".." || trimmed.startsWith("/") || trimmed.startsWith("./") || trimmed.startsWith("../") || trimmed.startsWith("~/") || trimmed.includes("/")) return true;
+	return /^[A-Za-z0-9._-]+$/.test(trimmed);
 }
-function validateCommand$1(command, allowedCommandPrefixes) {
+function collectReadPathOperands$1(prefix, args) {
+	if (prefix === "rg") {
+		const plain = nonOptionArgs$1(args);
+		if (plain.length <= 1) return [];
+		return plain.slice(1);
+	}
+	if (prefix === "find") {
+		const plain = nonOptionArgs$1(args);
+		return plain.length > 0 ? [plain[0]] : [];
+	}
+	return nonOptionArgs$1(args);
+}
+function validateCommand$1(command, allowedCommandPrefixes, allowedReadRoots, workspaceDir) {
 	const trimmed = command.trim();
 	if (!trimmed) throw new Error("Command prefix not allowed: <empty>");
-	if (/[`]|[$][(]|[<][(]|[>][(]/.test(trimmed)) throw new Error("Command contains disallowed shell syntax");
-	if (/[<>]/.test(trimmed)) throw new Error("Command redirection is not allowed");
-	const segments = splitCommandSegments$1(trimmed);
-	if (segments.length === 0) throw new Error("Command prefix not allowed: <empty>");
-	for (const segment of segments) {
-		const prefix = extractCommandPrefix$1(segment);
-		if (!prefix || !allowedCommandPrefixes.includes(prefix)) throw new Error(`Command prefix not allowed: ${prefix || "<empty>"}`);
+	if (/[;&|`$()<>]/.test(trimmed) || /[\r\n]/.test(trimmed)) throw new Error("Command contains disallowed shell syntax");
+	if (/["'\\]/.test(trimmed)) throw new Error("Quoted/escaped shell syntax is not allowed");
+	const tokens = trimmed.split(/\s+/).filter(Boolean);
+	if (tokens.length === 0) throw new Error("Command prefix not allowed: <empty>");
+	const prefix = extractCommandPrefix$1(trimmed);
+	if (!prefix || !allowedCommandPrefixes.includes(prefix)) throw new Error(`Command prefix not allowed: ${prefix || "<empty>"}`);
+	if (![
+		"cat",
+		"head",
+		"tail",
+		"wc",
+		"rg",
+		"ls",
+		"find"
+	].includes(prefix)) return;
+	const readRoots = buildEffectiveRoots$1(allowedReadRoots, workspaceDir);
+	const operands = collectReadPathOperands$1(prefix, tokens.slice(1)).filter(isLikelyPathOperand$1);
+	for (const operand of operands) {
+		const resolved = resolveToolPath$1(operand, workspaceDir);
+		if (!startsWithAnyRoot$1(resolved, readRoots)) throw new Error(`Command path is outside allowed read roots: ${resolved}. Allowed roots: ${readRoots.join(", ") || "<none>"}`);
 	}
 }
 function maybeTruncate$1(value, maxOutputBytes) {
@@ -4845,7 +6317,8 @@ var ContainerRuntime = class {
 	}
 	async exec(command, limits) {
 		const effective = this.mergeLimits(limits);
-		validateCommand$1(command, effective.allowedCommandPrefixes);
+		const workspaceDir = getRuntimeSessionContext()?.workspaceDir;
+		validateCommand$1(command, effective.allowedCommandPrefixes, effective.allowedReadRoots, workspaceDir);
 		return this.withContainer(effective, async (container) => {
 			return this.runDocker([
 				"exec",
@@ -4985,19 +6458,67 @@ function extractCommandPrefix(command) {
 	if (!trimmed) return "";
 	return trimmed.split(/\s+/)[0] ?? "";
 }
-function splitCommandSegments(command) {
-	return command.split(/(?:&&|\|\||[;|\n])/).map((segment) => segment.trim()).filter(Boolean);
+function nonOptionArgs(args) {
+	const out = [];
+	let skipNext = false;
+	for (const arg of args) {
+		if (skipNext) {
+			skipNext = false;
+			continue;
+		}
+		if (arg === "--") break;
+		if (arg === "-n" || arg === "-c" || arg === "--max-depth" || arg === "--glob" || arg === "--iglob" || arg === "--type" || arg === "--type-not" || arg === "-e" || arg === "-f") {
+			skipNext = true;
+			continue;
+		}
+		if (arg.startsWith("-")) continue;
+		out.push(arg);
+	}
+	return out;
+}
+function isLikelyPathOperand(value) {
+	const trimmed = value.trim();
+	if (!trimmed) return false;
+	if (/^\d+$/.test(trimmed)) return false;
+	if (trimmed.startsWith("http://") || trimmed.startsWith("https://")) return false;
+	if (trimmed === "." || trimmed === ".." || trimmed.startsWith("/") || trimmed.startsWith("./") || trimmed.startsWith("../") || trimmed.startsWith("~/") || trimmed.includes("/")) return true;
+	return /^[A-Za-z0-9._-]+$/.test(trimmed);
+}
+function collectReadPathOperands(prefix, args) {
+	if (prefix === "rg") {
+		const plain = nonOptionArgs(args);
+		if (plain.length <= 1) return [];
+		return plain.slice(1);
+	}
+	if (prefix === "find") {
+		const plain = nonOptionArgs(args);
+		return plain.length > 0 ? [plain[0]] : [];
+	}
+	return nonOptionArgs(args);
 }
-function validateCommand(command, allowedCommandPrefixes) {
+function validateCommand(command, allowedCommandPrefixes, allowedReadRoots, workspaceDir) {
 	const trimmed = command.trim();
 	if (!trimmed) throw new Error("Command prefix not allowed: <empty>");
-	if (/[`]|[$][(]|[<][(]|[>][(]/.test(trimmed)) throw new Error("Command contains disallowed shell syntax");
-	if (/[<>]/.test(trimmed)) throw new Error("Command redirection is not allowed");
-	const segments = splitCommandSegments(trimmed);
-	if (segments.length === 0) throw new Error("Command prefix not allowed: <empty>");
-	for (const segment of segments) {
-		const prefix = extractCommandPrefix(segment);
-		if (!prefix || !allowedCommandPrefixes.includes(prefix)) throw new Error(`Command prefix not allowed: ${prefix || "<empty>"}`);
+	if (/[;&|`$()<>]/.test(trimmed) || /[\r\n]/.test(trimmed)) throw new Error("Command contains disallowed shell syntax");
+	if (/["'\\]/.test(trimmed)) throw new Error("Quoted/escaped shell syntax is not allowed");
+	const tokens = trimmed.split(/\s+/).filter(Boolean);
+	if (tokens.length === 0) throw new Error("Command prefix not allowed: <empty>");
+	const prefix = extractCommandPrefix(trimmed);
+	if (!prefix || !allowedCommandPrefixes.includes(prefix)) throw new Error(`Command prefix not allowed: ${prefix || "<empty>"}`);
+	if (![
+		"cat",
+		"head",
+		"tail",
+		"wc",
+		"rg",
+		"ls",
+		"find"
+	].includes(prefix)) return;
+	const readRoots = buildEffectiveRoots(allowedReadRoots, workspaceDir);
+	const operands = collectReadPathOperands(prefix, tokens.slice(1)).filter(isLikelyPathOperand);
+	for (const operand of operands) {
+		const resolved = resolveToolPath(operand, workspaceDir);
+		if (!startsWithAnyRoot(resolved, readRoots)) throw new Error(`Command path is outside allowed read roots: ${resolved}. Allowed roots: ${readRoots.join(", ") || "<none>"}`);
 	}
 }
 function maybeTruncate(value, maxOutputBytes) {
@@ -5023,13 +6544,18 @@ var LocalHostRuntime = class {
 	}
 	async exec(command, limits) {
 		const effective = this.mergeLimits(limits);
-		validateCommand(command, effective.allowedCommandPrefixes);
+		const workspaceDir = getRuntimeSessionContext()?.workspaceDir;
+		validateCommand(command, effective.allowedCommandPrefixes, effective.allowedReadRoots, workspaceDir);
+		const cwd = workspaceDir ? path.resolve(expandUserPath(workspaceDir)) : process.cwd();
 		return await new Promise((resolve, reject) => {
-			const child = spawn("bash", ["-lc", command], { stdio: [
-				"ignore",
-				"pipe",
-				"pipe"
-			] });
+			const child = spawn("bash", ["-lc", command], {
+				stdio: [
+					"ignore",
+					"pipe",
+					"pipe"
+				],
+				cwd
+			});
 			let stdout = "";
 			let stderr = "";
 			let timedOut = false;
@@ -5325,149 +6851,151 @@ function normalizeErrorMessage(error) {
 	if (error instanceof Error) return error.message;
 	return String(error);
 }
-function createTools({ runtime, audit }) {
+function createTools({ runtime, audit, bashEnabled }) {
 	const parser = new Parser();
-	return [
-		{
-			name: "bash",
-			label: "Bash",
-			description: "Run a shell command on allowed command prefixes only.",
-			parameters: Type.Object({
-				command: Type.String(),
-				timeoutMs: Type.Optional(Type.Number({
-					minimum: 1e3,
-					maximum: 12e4
-				}))
-			}),
-			execute: async (_toolCallId, params) => {
-				audit({
-					actor: "tool",
-					eventType: "tool.exec",
-					payload: { command: params.command }
-				});
-				const result = await runtime.exec(params.command, { timeoutMs: params.timeoutMs });
-				return textResult([
-					`exitCode: ${result.exitCode}`,
-					result.timedOut ? "timedOut: true" : "timedOut: false",
-					result.truncated ? "truncated: true" : "truncated: false",
-					"",
-					result.stdout ? `stdout:\n${result.stdout}` : "stdout: <empty>",
-					"",
-					result.stderr ? `stderr:\n${result.stderr}` : "stderr: <empty>"
-				].join("\n"), result);
-			}
-		},
-		{
-			name: "read_file",
-			label: "Read File",
-			description: "Read a text file from an allowlisted path.",
-			parameters: Type.Object({
-				path: Type.String(),
-				maxBytes: Type.Optional(Type.Number({
-					minimum: 128,
-					maximum: 1e6
-				}))
-			}),
-			execute: async (_toolCallId, params) => {
-				audit({
-					actor: "tool",
-					eventType: "tool.read_file",
-					payload: { path: params.path }
-				});
-				const result = await runtime.readFile(params.path, { maxOutputBytes: params.maxBytes });
-				return textResult(result.content, result);
-			}
-		},
-		{
-			name: "write_file",
-			label: "Write File",
-			description: "Write UTF-8 text content to an allowlisted path.",
-			parameters: Type.Object({
-				path: Type.String(),
-				content: Type.String()
+	const bashTool = {
+		name: "bash",
+		label: "Bash",
+		description: "Run a shell command on allowed command prefixes only.",
+		parameters: Type.Object({
+			command: Type.String(),
+			timeoutMs: Type.Optional(Type.Number({
+				minimum: 1e3,
+				maximum: 12e4
+			}))
+		}),
+		execute: async (_toolCallId, params) => {
+			audit({
+				actor: "tool",
+				eventType: "tool.exec",
+				payload: { command: params.command }
+			});
+			const result = await runtime.exec(params.command, { timeoutMs: params.timeoutMs });
+			return textResult([
+				`exitCode: ${result.exitCode}`,
+				result.timedOut ? "timedOut: true" : "timedOut: false",
+				result.truncated ? "truncated: true" : "truncated: false",
+				"",
+				result.stdout ? `stdout:\n${result.stdout}` : "stdout: <empty>",
+				"",
+				result.stderr ? `stderr:\n${result.stderr}` : "stderr: <empty>"
+			].join("\n"), result);
+		}
+	};
+	const readFileTool = {
+		name: "read_file",
+		label: "Read File",
+		description: "Read a text file from an allowlisted path.",
+		parameters: Type.Object({
+			path: Type.String(),
+			maxBytes: Type.Optional(Type.Number({
+				minimum: 128,
+				maximum: 1e6
+			}))
+		}),
+		execute: async (_toolCallId, params) => {
+			audit({
+				actor: "tool",
+				eventType: "tool.read_file",
+				payload: { path: params.path }
+			});
+			const result = await runtime.readFile(params.path, { maxOutputBytes: params.maxBytes });
+			return textResult(result.content, result);
+		}
+	};
+	const writeFileTool = {
+		name: "write_file",
+		label: "Write File",
+		description: "Write UTF-8 text content to an allowlisted path.",
+		parameters: Type.Object({
+			path: Type.String(),
+			content: Type.String()
+		}),
+		execute: async (_toolCallId, params) => {
+			audit({
+				actor: "tool",
+				eventType: "tool.write_file",
+				payload: {
+					path: params.path,
+					bytes: Buffer.byteLength(params.content, "utf8")
+				}
+			});
+			const result = await runtime.writeFile(params.path, params.content);
+			return textResult(`Wrote ${result.bytesWritten} bytes to ${params.path}.`, result);
+		}
+	};
+	const webSearchTool = {
+		name: "web_search",
+		label: "Web Search",
+		description: "Fetch a URL and return readable article text.",
+		parameters: Type.Object({ url: Type.String({ format: "uri" }) }),
+		execute: async (_toolCallId, params) => {
+			audit({
+				actor: "tool",
+				eventType: "tool.fetch_web",
+				payload: { url: params.url }
+			});
+			const result = await runtime.fetchWeb(params.url);
+			return textResult(`${result.title ? `# ${result.title}\n\n` : ""}${result.markdown}`.trim(), result);
+		}
+	};
+	const fetchPodcastFeedTool = {
+		name: "fetch_podcast_feed",
+		label: "Fetch Podcast Feed",
+		description: "Fetch one or more RSS podcast feeds and return recent episodes.",
+		parameters: Type.Object({
+			urls: Type.Array(Type.String({ format: "uri" }), {
+				minItems: 1,
+				maxItems: 20
 			}),
-			execute: async (_toolCallId, params) => {
-				audit({
-					actor: "tool",
-					eventType: "tool.write_file",
-					payload: {
-						path: params.path,
-						bytes: Buffer.byteLength(params.content, "utf8")
-					}
+			limitPerFeed: Type.Optional(Type.Number({
+				minimum: 1,
+				maximum: 50
+			}))
+		}),
+		execute: async (_toolCallId, params) => {
+			const limit = params.limitPerFeed ?? 5;
+			const output = [];
+			for (const url of params.urls) try {
+				const feed = await parser.parseURL(url);
+				const episodes = (feed.items ?? []).slice(0, limit).map((item) => ({
+					title: item.title ?? "Untitled episode",
+					publishedAt: item.pubDate || item.isoDate || null,
+					link: item.link ?? "",
+					summary: (item.contentSnippet || item.content || item.summary || "").replace(/\s+/g, " ").trim().slice(0, 400) || "No summary available."
+				}));
+				output.push({
+					url,
+					title: feed.title ?? "Untitled feed",
+					episodes
 				});
-				const result = await runtime.writeFile(params.path, params.content);
-				return textResult(`Wrote ${result.bytesWritten} bytes to ${params.path}.`, result);
-			}
-		},
-		{
-			name: "web_search",
-			label: "Web Search",
-			description: "Fetch a URL and return readable article text.",
-			parameters: Type.Object({ url: Type.String({ format: "uri" }) }),
-			execute: async (_toolCallId, params) => {
-				audit({
-					actor: "tool",
-					eventType: "tool.fetch_web",
-					payload: { url: params.url }
+			} catch (error) {
+				output.push({
+					url,
+					title: "Unknown feed",
+					episodes: [],
+					error: normalizeErrorMessage(error)
 				});
-				const result = await runtime.fetchWeb(params.url);
-				return textResult(`${result.title ? `# ${result.title}\n\n` : ""}${result.markdown}`.trim(), result);
 			}
-		},
-		{
-			name: "fetch_podcast_feed",
-			label: "Fetch Podcast Feed",
-			description: "Fetch one or more RSS podcast feeds and return recent episodes.",
-			parameters: Type.Object({
-				urls: Type.Array(Type.String({ format: "uri" }), {
-					minItems: 1,
-					maxItems: 20
-				}),
-				limitPerFeed: Type.Optional(Type.Number({
-					minimum: 1,
-					maximum: 50
-				}))
-			}),
-			execute: async (_toolCallId, params) => {
-				const limit = params.limitPerFeed ?? 5;
-				const output = [];
-				for (const url of params.urls) try {
-					const feed = await parser.parseURL(url);
-					const episodes = (feed.items ?? []).slice(0, limit).map((item) => ({
-						title: item.title ?? "Untitled episode",
-						publishedAt: item.pubDate || item.isoDate || null,
-						link: item.link ?? "",
-						summary: (item.contentSnippet || item.content || item.summary || "").replace(/\s+/g, " ").trim().slice(0, 400) || "No summary available."
-					}));
-					output.push({
-						url,
-						title: feed.title ?? "Untitled feed",
-						episodes
-					});
-				} catch (error) {
-					output.push({
-						url,
-						title: "Unknown feed",
-						episodes: [],
-						error: normalizeErrorMessage(error)
-					});
+			audit({
+				actor: "tool",
+				eventType: "tool.fetch_podcast_feed",
+				payload: {
+					urls: params.urls,
+					limitPerFeed: limit
 				}
-				audit({
-					actor: "tool",
-					eventType: "tool.fetch_podcast_feed",
-					payload: {
-						urls: params.urls,
-						limitPerFeed: limit
-					}
-				});
-				return textResult(output.map((feed) => {
-					if (feed.error) return `Feed: ${feed.url}\nError: ${feed.error}`;
-					const episodesText = feed.episodes.map((episode, index) => `${index + 1}. ${episode.title}${episode.publishedAt ? ` (${episode.publishedAt})` : ""}\n${episode.link}\n${episode.summary}`).join("\n\n");
-					return `Feed: ${feed.title}\nSource: ${feed.url}\n\n${episodesText}`;
-				}).join("\n\n---\n\n"), output);
-			}
+			});
+			return textResult(output.map((feed) => {
+				if (feed.error) return `Feed: ${feed.url}\nError: ${feed.error}`;
+				const episodesText = feed.episodes.map((episode, index) => `${index + 1}. ${episode.title}${episode.publishedAt ? ` (${episode.publishedAt})` : ""}\n${episode.link}\n${episode.summary}`).join("\n\n");
+				return `Feed: ${feed.title}\nSource: ${feed.url}\n\n${episodesText}`;
+			}).join("\n\n---\n\n"), output);
 		}
-	];
+	};
+	const tools = [];
+	if (bashEnabled) tools.push(bashTool);
+	tools.push(readFileTool, writeFileTool, webSearchTool, fetchPodcastFeedTool);
+	return tools;
 }
 
 //#endregion
@@ -5475,6 +7003,19 @@ function createTools({ runtime, audit }) {
 function normalizePrompt(msg) {
 	return msg.text.trim();
 }
+function formatModelForSessionNotice(modelRef) {
+	const match = modelRef.match(/^([^:\/]+)[:\/](.+)$/);
+	if (!match) return modelRef;
+	const provider = match[1];
+	const model = match[2];
+	if (!provider || !model) return modelRef;
+	return `${provider}/${model}`;
+}
+function applyThinkingLevel(prompt, level, force = false) {
+	if (/^Use (low|medium|high) reasoning effort for this task:/i.test(prompt)) return prompt;
+	if (level === "medium" && !force) return prompt;
+	return `Use ${level} reasoning effort for this task: ${prompt}`;
+}
 function buildChannelTarget(msg) {
 	return {
 		channel: msg.channel,
@@ -5510,6 +7051,17 @@ var MultiNotifier = class {
 		}, text);
 	}
 };
+function validateGatewaySecurityConfig() {
+	if (!config.gateway.enabled) return;
+	const auth = config.gateway.auth;
+	if (auth.allowUnauthenticated) return;
+	if (auth.token.trim() || auth.password.trim()) return;
+	throw new Error([
+		"Gateway auth is required when gateway is enabled.",
+		"Set gateway.auth.token or gateway.auth.password in ~/.hovclaw/config.json,",
+		"or explicitly set gateway.auth.allowUnauthenticated=true for insecure compatibility mode."
+	].join(" "));
+}
 async function main() {
 	const importedLegacyEnv = ensureConfigFromLegacyEnv();
 	if (!hasConfigFile()) {
@@ -5520,6 +7072,7 @@ async function main() {
 		configPath: config.configPath,
 		credentialsPath: config.credentialsPath
 	}, "Imported legacy env configuration into ~/.hovclaw");
+	validateGatewaySecurityConfig();
 	try {
 		const bootstrap = await ensureWorkspaceBootstrapForConfig(config);
 		if (bootstrap.createdFileCount > 0) logger.info({
@@ -5550,7 +7103,8 @@ async function main() {
 	});
 	const agentManager = new PiAgentManager(db, createTools({
 		runtime,
-		audit: (record) => db.appendAuditEvent(record)
+		audit: (record) => db.appendAuditEvent(record),
+		bashEnabled: config.runtime.tools.bashEnabled
 	}));
 	let lastMessageAt = null;
 	const telegramPairingStore = new TelegramPairingStore(config.storeDir);
@@ -5561,10 +7115,19 @@ async function main() {
 	const channels = channelPluginManager.initializeAdapters();
 	const handleMessage = async (msg) => {
 		lastMessageAt = (/* @__PURE__ */ new Date()).toISOString();
-		const normalizedPrompt = normalizePrompt(msg);
-		if (!normalizedPrompt) return;
 		const channel = channels.get(msg.channel);
 		if (!channel) return;
+		const agentId = resolveAgentIdForInbound(config, msg);
+		const sessionKey = composeSessionKey({
+			agent: agentId,
+			channel: msg.channel,
+			identity: canonicalizeSessionIdentity(msg)
+		});
+		const target = buildChannelTarget(msg);
+		let normalizedPrompt = normalizePrompt(msg);
+		if (!normalizedPrompt) return;
+		let thinkingLevel = config.commands.defaultThinkingLevel;
+		let thinkingLevelForced = false;
 		if (msg.channel === "telegram") {
 			const policy = evaluateTelegramPolicy({
 				config,
@@ -5573,12 +7136,13 @@ async function main() {
 			});
 			if (!policy.allowed) {
 				if (policy.pairingCode && channel instanceof TelegramChannel) {
-					await channel.sendMessage(buildChannelTarget(msg), `Pairing required. Ask an approver to run: /pair approve ${policy.pairingCode}`);
+					const accountId = (msg.accountId ?? config.channels.telegram.defaultAccountId).trim() || "default";
+					await channel.sendMessage(target, `Pairing required. Ask an approver to run: hovclaw pairing approve --channel telegram --account ${accountId} ${policy.pairingCode}`);
 					db.appendAuditEvent({
 						actor: "channel",
 						eventType: "telegram.pair.pending",
 						payload: {
-							accountId: msg.accountId ?? config.channels.telegram.defaultAccountId,
+							accountId,
 							userId: msg.userId,
 							code: policy.pairingCode
 						}
@@ -5587,20 +7151,36 @@ async function main() {
 				return;
 			}
 			if (channel instanceof TelegramChannel) {
-				if (await handleTelegramCommand({
+				const result = await handleTelegramCommand({
 					msg,
 					channel,
 					db,
-					pairingStore: telegramPairingStore
-				})) return;
+					agentId,
+					sessionKey
+				});
+				if (result.resetSession) {
+					try {
+						await agentManager.resetSession(sessionKey);
+					} catch (error) {
+						logger.error({
+							error,
+							sessionKey
+						}, "Failed to reset session");
+						await channel.sendMessage(target, "Failed to reset session. Check logs and try again.");
+						return;
+					}
+					const modelLabel = formatModelForSessionNotice(config.models.interactive);
+					await channel.sendMessage(target, `New session started. Model: ${modelLabel}`);
+				}
+				if (result.promptOverride?.trim()) normalizedPrompt = result.promptOverride.trim();
+				if (result.thinkingLevelOverride) {
+					thinkingLevel = result.thinkingLevelOverride;
+					thinkingLevelForced = true;
+				}
+				if (result.handled) return;
 			}
 		}
-		const sessionKey = composeSessionKey({
-			agent: resolveAgentIdForInbound(config, msg),
-			channel: msg.channel,
-			identity: canonicalizeSessionIdentity(msg)
-		});
-		const target = buildChannelTarget(msg);
+		normalizedPrompt = applyThinkingLevel(normalizedPrompt, thinkingLevel, thinkingLevelForced);
 		try {
 			await channel.setTyping?.(target, true);
 			let finalText = null;
@@ -5650,6 +7230,18 @@ async function main() {
 		channel.onMessage(handleMessage);
 		try {
 			await channel.start();
+			if (channel instanceof TelegramChannel) {
+				const commands = listTelegramNativeCommandSpecs(config, channel.getAccountId());
+				try {
+					await channel.setMyCommands(commands);
+				} catch (commandError) {
+					logger.warn({
+						error: commandError,
+						channel: channelName,
+						commandCount: commands.length
+					}, "Telegram command registration failed; continuing without native command menu sync");
+				}
+			}
 		} catch (error) {
 			logger.error({
 				error,
@@ -5689,6 +7281,7 @@ async function main() {
 	gatewayServer?.start();
 	const healthPortRaw = process.env.HEALTH_PORT || "8787";
 	const healthPort = Number(healthPortRaw);
+	const healthHost = (process.env.HEALTH_HOST || "127.0.0.1").trim() || "127.0.0.1";
 	const healthServer = Number.isFinite(healthPort) && healthPort > 0 ? createServer((req, res) => {
 		if (req.url !== "/health") {
 			res.statusCode = 404;
@@ -5709,8 +7302,11 @@ async function main() {
 				port: config.gateway.port
 			}
 		}));
-	}).listen(healthPort, () => {
-		logger.info({ healthPort }, "Health endpoint started");
+	}).listen(healthPort, healthHost, () => {
+		logger.info({
+			healthHost,
+			healthPort
+		}, "Health endpoint started");
 	}) : null;
 	const shutdown = async () => {
 		logger.info("Shutting down...");