hyperclaw 5.1.9 → 5.2.1

package/dist/run-main.js

@@ -1,24 +1,26 @@
 const require_chunk = require('./chunk-jS-bbMI5.js');
-require('./paths-AIyBxIzm.js');
-require('./paths-DPovhojT.js');
-require('./env-resolve-BlL4Ms_Y.js');
-const require_onboard = require('./onboard-ksEah5jB.js');
-require('./server-C9pnVfya.js');
-const require_daemon = require('./daemon-Dce6nj8w.js');
-require('./providers-Bp3UtxNo.js');
-require('./theme-DajRRZbA.js');
-const require_hub = require('./hub-w6lf1rzL.js');
-const require_update_check = require('./update-check-DUlpE6K7.js');
-const require_manager = require('./manager-BW8j3A-T.js');
-const require_manager$1 = require('./manager-CB6kN42s.js');
-const require_memory = require('./memory-BCah47GI.js');
-const require_loader = require('./loader-C50vgPxa.js');
-const require_agents_routing = require('./agents-routing-BDmct155.js');
-const require_pairing = require('./pairing-CDuvGL1C.js');
-const require_doctor = require('./doctor-BxIwrb3C.js');
-const require_health = require('./health-B4RokvcJ.js');
-const require_security = require('./security-Bry3rac5.js');
-const require_developer_keys = require('./developer-keys-BnV6ZoXG.js');
+const require_paths = require('./paths-AIyBxIzm.js');
+const require_paths$1 = require('./paths-DPovhojT.js');
+require('./env-resolve-DS92g2fk.js');
+const require_config = require('./config-Br73VMLb.js');
+require('./server-PCtHMXe2.js');
+const require_daemon = require('./daemon-rpJ-J0bv.js');
+const require_gateway = require('./gateway-CzI8dnlS.js');
+require('./providers-DP8T0QCR.js');
+const require_onboard = require('./onboard-CCuETEUr.js');
+require('./theme-CLXvI6Hr.js');
+const require_hub = require('./hub-CI4qcd1b.js');
+const require_update_check = require('./update-check-BeAPt4-f.js');
+const require_manager = require('./manager-Jd0qSzVe.js');
+const require_memory = require('./memory-D-Py-cz5.js');
+const require_loader = require('./loader-Ckvv7vHF.js');
+const require_agents_routing = require('./agents-routing-Bz3SstlK.js');
+const require_pairing = require('./pairing-BRPzVXzQ.js');
+const require_doctor = require('./doctor-BcfmNAGV.js');
+const require_health = require('./health-CBy1PfzC.js');
+const require_security = require('./security-BhhX8wJx.js');
+const require_device_auth_store = require('./device-auth-store-LKgpU74c.js');
+const require_developer_keys = require('./developer-keys-CSmzA-dl.js');
 const commander = require_chunk.__toESM(require("commander"));
 const chalk = require_chunk.__toESM(require("chalk"));
 const inquirer = require_chunk.__toESM(require("inquirer"));
@@ -36,17 +38,54 @@ const net = require_chunk.__toESM(require("net"));
 
 //#region src/cli/dashboard.ts
 var Dashboard = class {
+	liveInterval = null;
 	async launch(live) {
 		console.clear();
 		await this.drawDashboard();
 		if (live) {
-			console.log(chalk.default.hex("#06b6d4")("?? LIVE MODE � Ctrl+C to exit\n"));
+			console.log(chalk.default.hex("#06b6d4")("● LIVE MODE — Ctrl+C to exit\n"));
 			this.startLiveUpdates();
 		}
+		if (process.stdin.isTTY) {
+			process.stdin.setRawMode?.(true);
+			process.stdin.resume();
+			process.stdin.setEncoding("utf8");
+			process.stdin.on("data", (key) => this.handleKey(key));
+		}
+	}
+	handleKey(key) {
+		const k = key.toLowerCase();
+		if (k === "q" || k === "") {
+			this.cleanup();
+			process.exit(0);
+		}
+		if (k === "d") this.runCommand(["daemon", "status"]);
+		else if (k === "h") this.runCommand(["hub"]);
+		else if (k === "g") this.runCommand(["gateway", "status"]);
+		else if (k === "m") this.runCommand(["memory", "show"]);
+	}
+	runCommand(args) {
+		const entryDir = typeof require !== "undefined" && require.main?.filename ? path.default.dirname(require.main.filename) : __dirname;
+		const entry = path.default.join(entryDir, "run-main.js");
+		const child = (0, child_process.spawn)(process.execPath, [entry, ...args], {
+			stdio: "inherit",
+			env: process.env,
+			cwd: process.cwd()
+		});
+		child.on("exit", () => {
+			console.log(chalk.default.gray("\n  Press a key: [d] daemon  [h] hub  [g] gateway  [m] memory  [q] quit\n"));
+		});
+	}
+	cleanup() {
+		if (this.liveInterval) {
+			clearInterval(this.liveInterval);
+			this.liveInterval = null;
+		}
+		if (process.stdin.isTTY && process.stdin.setRawMode) process.stdin.setRawMode(false);
 	}
 	async drawDashboard() {
-		const cfg = await new require_onboard.ConfigStore().load();
-		const gm = new require_onboard.GatewayManager();
+		const cfg = await new require_config.ConfigStore().load();
+		const gm = new require_gateway.GatewayManager();
 		const hub = new require_hub.SkillHub();
 		const installed = await hub.getInstalled();
 		let updateNotice = null;
@@ -57,66 +96,64 @@ var Dashboard = class {
 			const upd = await Promise.race([require_update_check.checkForUpdates(current), new Promise((r) => setTimeout(() => r(null), 2500))]);
 			if (upd?.available) updateNotice = chalk.default.yellow(`⬆  Update available: ${upd.latest}`) + chalk.default.gray(`  →  npm i -g hyperclaw`);
 		} catch {}
-		const port = cfg?.gateway?.port || 1515;
+		const port = cfg?.gateway?.port ?? 18789;
 		const agent = cfg?.identity?.agentName || "Hyper";
 		const user = cfg?.identity?.userName || "Boss";
 		const model = cfg?.provider?.modelId || "openrouter/auto";
 		const channels = (cfg?.channels ?? cfg?.gateway?.enabledChannels ?? ["cli"]).join(", ");
 		const isRunning = await gm.isRunning(port);
-		const statusDot = isRunning ? chalk.default.hex("#06b6d4")("?") : chalk.default.gray("0");
-		const statusText = isRunning ? chalk.default.hex("#06b6d4")("ONLINE") : chalk.default.gray("OFFLINE");
+		const statusDot = isRunning ? chalk.default.hex("#06b6d4")("●") : chalk.default.gray("○");
+		const statusText = isRunning ? chalk.default.hex("#06b6d4")("Running") : chalk.default.gray("Stopped");
 		const w = 72;
 		const line = "=".repeat(w);
 		const c = chalk.default.hex("#06b6d4");
 		const row = (content) => {
 			const stripped = content.replace(/\x1b\[[0-9;]*m/g, "");
 			const pad = Math.max(0, w - stripped.length - 1);
-			return c(`� `) + content + " ".repeat(pad) + c(`�`);
+			return c("│ ") + content + " ".repeat(pad) + c("│");
 		};
-		console.log(c(`-${line}�`));
-		console.log(c(`�`) + chalk.default.bold.hex("#06b6d4")(`${"?? HYPERCLAW v5.1.0 � GATEWAY DASHBOARD".padStart(45).padEnd(w)}`) + c(`�`));
-		console.log(c(`�${line}�`));
-		console.log(row(`${statusDot} Gateway  ${statusText}   ${chalk.default.gray("�")}  ws://localhost:${port}   ${chalk.default.gray("�")}  Agent: ${c(agent)}`));
-		console.log(row(`${c("?")} Model     ${chalk.default.gray(model.slice(0, 30))}   ${chalk.default.gray("�")}  User: ${c(user)}`));
-		console.log(c(`�${"-".repeat(w)}�`));
-		console.log(row(chalk.default.bold("ACTIVE CHANNELS")));
+		const logRow = (content) => console.log(row(content));
+		console.log(c("├" + line + "┤"));
+		console.log(c("│") + chalk.default.bold.hex("#06b6d4")(`${"🦅 HYPERCLAW v5.2.1 — GATEWAY DASHBOARD".padStart(45).padEnd(w)}`) + c("│"));
+		console.log(c("├" + line + "┤"));
+		logRow(`${statusDot} Gateway  ${statusText}   ${chalk.default.gray("│")}  ws://localhost:${port}   ${chalk.default.gray("│")}  Agent: ${c(agent)}`);
+		logRow(`${c("●")} Model     ${chalk.default.gray(model.slice(0, 30))}   ${chalk.default.gray("│")}  User: ${c(user)}`);
+		console.log(c("├" + "-".repeat(w) + "┤"));
+		logRow(chalk.default.bold("ACTIVE CHANNELS"));
 		const chList = (channels || "cli").split(", ");
 		for (let i = 0; i < chList.length; i += 3) {
-			const group = chList.slice(i, i + 3).map((ch) => `  ${c("?")} ${ch.padEnd(12)}`).join("");
-			console.log(row(group));
+			const group = chList.slice(i, i + 3).map((ch) => `  ${c("●")} ${ch.padEnd(12)}`).join("");
+			logRow(group);
 		}
-		console.log(c(`�${"-".repeat(w)}�`));
-		console.log(row(chalk.default.bold("INSTALLED SKILLS")));
-		if (installed.length === 0) console.log(row(chalk.default.gray("  No skills installed. Run: hyperclaw hub")));
+		console.log(c("├" + "-".repeat(w) + "┤"));
+		logRow(chalk.default.bold("INSTALLED SKILLS"));
+		if (installed.length === 0) logRow(chalk.default.gray("  No skills installed. Run: hyperclaw hub"));
 		else for (let i = 0; i < installed.length; i += 3) {
-			const group = installed.slice(i, i + 3).map((s) => `  ${c("?")} ${s.name.slice(0, 14).padEnd(14)}`).join("");
-			console.log(row(group));
+			const group = installed.slice(i, i + 3).map((s) => `  ${c("●")} ${s.name.slice(0, 14).padEnd(14)}`).join("");
+			logRow(group);
 		}
-		console.log(c(`�${"-".repeat(w)}�`));
-		console.log(row(chalk.default.bold("RECENT ACTIVITY")));
+		console.log(c("├" + "-".repeat(w) + "┤"));
+		logRow(chalk.default.bold("STATUS"));
 		const now = (/* @__PURE__ */ new Date()).toLocaleTimeString();
-		console.log(row(`  [${now}] Gateway heartbeat: ${c("OK")}`));
-		console.log(row(`  [${now}] AGENTS.md loaded � rules active`));
-		console.log(row(`  [${now}] Channels monitoring...`));
-		console.log(c(`�${"-".repeat(w)}�`));
-		if (updateNotice) console.log(row(`  ${updateNotice}`));
-		console.log(row(chalk.default.gray("Commands: [d] ") + chalk.default.red("?? daemon") + chalk.default.gray("  [h] hub  [g] gateway  [m] memory  [q] quit")));
-		console.log(c(`L${line}-\n`));
+		logRow(`  [${now}] Gateway: ${isRunning ? c("online") : chalk.default.gray("offline")}  Port: ${port}`);
+		logRow(`  [${now}] Channels: ${channels || "cli"}`);
+		console.log(c("├" + "-".repeat(w) + "┤"));
+		if (updateNotice) logRow(`  ${updateNotice}`);
+		logRow(chalk.default.gray("Commands: [d] ") + chalk.default.red("daemon") + chalk.default.gray("  [h] hub  [g] gateway  [m] memory  [q] quit"));
+		console.log(c("└" + line + "┘\n"));
 	}
 	startLiveUpdates() {
+		const defaultPort = 18789;
 		let tick = 0;
-		setInterval(() => {
+		this.liveInterval = setInterval(async () => {
 			tick++;
-			readline.default.cursorTo(process.stdout, 0, 20);
 			const t = (/* @__PURE__ */ new Date()).toLocaleTimeString();
-			const states = [
-				"OK",
-				"Processing",
-				"OK",
-				"OK",
-				"Fetching"
-			];
-			console.log(chalk.default.gray(`  [${t}] Heartbeat #${tick}: ${chalk.default.hex("#06b6d4")(states[tick % states.length])}`));
+			const gm = new require_gateway.GatewayManager();
+			const cfg = await new require_config.ConfigStore().load().catch(() => null);
+			const p = cfg?.gateway?.port ?? defaultPort;
+			const isRunning = await gm.isRunning(p);
+			const status = isRunning ? chalk.default.hex("#06b6d4")("Running") : chalk.default.gray("Stopped");
+			process.stdout.write(chalk.default.gray(`  [${t}] Heartbeat #${tick}: Gateway ${status}\n`));
 		}, 3e3);
 	}
 };
@@ -156,7 +193,7 @@ async function recordAudio(outFile, seconds) {
 async function transcribeWhisper(filePath, lang) {
 	const apiKey = process.env.OPENAI_API_KEY || process.env.ANTHROPIC_API_KEY;
 	if (!apiKey) throw new Error("No OPENAI_API_KEY set");
-	const FormData = (await Promise.resolve().then(() => require_chunk.__toDynamicImportESM()(require("./form_data-B6YTzOmu.js"))).catch(() => null))?.default;
+	const FormData = (await Promise.resolve().then(() => require_chunk.__toDynamicImportESM()(require("./form_data-DgWnyuDn.js"))).catch(() => null))?.default;
 	if (!FormData) throw new Error("form-data not installed");
 	const form = new FormData();
 	form.append("file", fs.createReadStream(filePath), {
@@ -300,39 +337,132 @@ var VoiceEngine = class {
 	}
 };
 
+//#endregion
+//#region packages/gateway/src/manager.ts
+const execAsync$1 = (0, util.promisify)(child_process.exec);
+var GatewayManager$1 = class {
+	generateToken() {
+		return crypto.default.randomBytes(32).toString("hex");
+	}
+	async isRunning(port) {
+		return new Promise((resolve) => {
+			const socket = new net.default.Socket();
+			socket.setTimeout(500);
+			socket.on("connect", () => {
+				socket.destroy();
+				resolve(true);
+			});
+			socket.on("error", () => resolve(false));
+			socket.on("timeout", () => resolve(false));
+			try {
+				socket.connect(port, "127.0.0.1");
+			} catch {
+				resolve(false);
+			}
+		});
+	}
+	async detectTailscale() {
+		try {
+			const { stdout } = await execAsync$1("tailscale ip -4 2>/dev/null");
+			return stdout.trim() || null;
+		} catch {
+			return null;
+		}
+	}
+	async detectRuntime() {
+		for (const runtime of [
+			"bun",
+			"deno",
+			"node"
+		]) try {
+			await execAsync$1(`which ${runtime}`);
+			return runtime;
+		} catch {}
+		return "node";
+	}
+	bindLabel(bind, custom) {
+		const map = {
+			"127.0.0.1": "Loopback only (this machine)",
+			"0.0.0.0": "All interfaces (LAN accessible)",
+			"tailscale": "Tailscale IP (VPN peers only)",
+			"custom": `Custom: ${custom || "?"}`
+		};
+		return map[bind];
+	}
+	exposureLabel(e) {
+		const map = {
+			"off": "Off — no Tailscale exposure",
+			"serve": "Serve — accessible to your Tailscale devices",
+			"funnel": "Funnel — publicly accessible via Tailscale URL"
+		};
+		return map[e];
+	}
+	async applyTailscaleExposure(exposure, port) {
+		if (exposure === "off") return;
+		try {
+			if (exposure === "serve") await execAsync$1(`tailscale serve ${port}`);
+			else if (exposure === "funnel") await execAsync$1(`tailscale funnel ${port}`);
+		} catch {
+			console.log(chalk.default.yellow("⚠️  Tailscale exposure failed — check tailscale is running"));
+		}
+	}
+	getWsUrl(config) {
+		const host = config.bind === "127.0.0.1" ? "127.0.0.1" : config.bind === "custom" ? config.customBind || "localhost" : "localhost";
+		return `ws://${host}:${config.port}`;
+	}
+	getHttpUrl(config) {
+		return `http://localhost:${config.port}`;
+	}
+	async showStatus(config) {
+		const running = await this.isRunning(config.port);
+		const statusIcon = running ? chalk.default.green("● RUNNING") : chalk.default.red("○ STOPPED");
+		const ws = this.getWsUrl(config);
+		console.log(chalk.default.cyan("\n╔══════════════════════════════════════╗"));
+		console.log(chalk.default.cyan("║      🌐 GATEWAY STATUS               ║"));
+		console.log(chalk.default.cyan("╠══════════════════════════════════════╣"));
+		console.log(chalk.default.cyan(`║ Status:  ${statusIcon.padEnd(29)}║`));
+		console.log(chalk.default.cyan(`║ Address: ${chalk.default.white(ws).padEnd(29)}║`));
+		console.log(chalk.default.cyan(`║ Auth:    ${chalk.default.yellow("token (masked)").padEnd(29)}║`));
+		console.log(chalk.default.cyan(`║ Bind:    ${chalk.default.gray(config.bind).padEnd(29)}║`));
+		console.log(chalk.default.cyan(`║ Tailscale: ${chalk.default.gray(config.tailscaleExposure).padEnd(27)}║`));
+		console.log(chalk.default.cyan("╚══════════════════════════════════════╝\n"));
+	}
+};
+
 //#endregion
 //#region src/infra/device-pairing.ts
-const DEVICES_DIR = path.default.join(os.default.homedir(), ".hyperclaw", "devices");
-const PENDING_FILE = path.default.join(DEVICES_DIR, "pending.json");
-const PAIRED_FILE = path.default.join(DEVICES_DIR, "paired.json");
+require_paths$1.init_paths();
+const getDevicesDir = () => path.default.join(require_paths.getHyperClawDir(), "devices");
+const getPendingFile = () => path.default.join(getDevicesDir(), "pending.json");
+const getPairedFile = () => path.default.join(getDevicesDir(), "paired.json");
 const PENDING_EXPIRY_MS = 10 * 60 * 1e3;
 const TOKEN_BYTES = 16;
 async function readPending() {
 	try {
-		const data = await fs_extra.default.readJson(PENDING_FILE);
+		const data = await fs_extra.default.readJson(getPendingFile());
 		return Array.isArray(data) ? data : [];
 	} catch {
 		return [];
 	}
 }
 async function writePending(entries) {
-	await fs_extra.default.ensureDir(DEVICES_DIR);
-	await fs_extra.default.writeJson(PENDING_FILE, entries, {
+	await fs_extra.default.ensureDir(getDevicesDir());
+	await fs_extra.default.writeJson(getPendingFile(), entries, {
 		spaces: 2,
 		mode: 384
 	});
 }
 async function readPaired() {
 	try {
-		const data = await fs_extra.default.readJson(PAIRED_FILE);
+		const data = await fs_extra.default.readJson(getPairedFile());
 		return Array.isArray(data) ? data : [];
 	} catch {
 		return [];
 	}
 }
 async function writePaired(devices) {
-	await fs_extra.default.ensureDir(DEVICES_DIR);
-	await fs_extra.default.writeJson(PAIRED_FILE, devices, {
+	await fs_extra.default.ensureDir(getDevicesDir());
+	await fs_extra.default.writeJson(getPairedFile(), devices, {
 		spaces: 2,
 		mode: 384
 	});
@@ -481,8 +611,9 @@ var DevicePairingStore = class {
 
 //#endregion
 //#region src/commands/message-send.ts
+require_paths$1.init_paths();
 async function sendMessage(opts) {
-	const configFile = path.default.join(os.default.homedir(), ".hyperclaw", "config.json");
+	const configFile = require_paths.getConfigPath();
 	let cfg = null;
 	try {
 		cfg = fs_extra.default.readJsonSync(configFile);
@@ -490,7 +621,7 @@ async function sendMessage(opts) {
 		console.log(chalk.default.red("  ✖  No configuration found. Run: hyperclaw init"));
 		return;
 	}
-	const channels = cfg.channels || [];
+	const channels = cfg.gateway?.enabledChannels || cfg.channels || [];
 	const targetChannel = opts.channel || guessChannel(opts.target, channels);
 	if (!targetChannel) {
 		console.log(chalk.default.red(`  ✖  Could not determine channel for target: ${opts.target}`));
@@ -1826,6 +1957,7 @@ CHANNELS.push(ZALO_PERSONAL);
 
 //#endregion
 //#region src/commands/channels/add.ts
+require_paths$1.init_paths();
 async function channelsAdd(channelId) {
 	console.log(chalk.default.bold.cyan("\n  📱 Add Channel\n"));
 	let id = channelId;
@@ -1889,15 +2021,23 @@ async function channelsAdd(channelId) {
 		dmPolicy = dmResult.policy;
 		allowFrom = dmResult.allowFrom ?? [];
 	}
-	const spinner = (0, ora.default)(`Testing ${ch.name} connection...`).start();
-	await new Promise((r) => setTimeout(r, 1200));
-	spinner.succeed(`${ch.emoji} ${ch.name} connected`);
-	const configFile = path.default.join(os.default.homedir(), ".hyperclaw", "config.json");
+	const spinner = (0, ora.default)(`Saving ${ch.name} configuration...`).start();
+	const configFile = require_paths.getConfigPath();
 	let cfg = {};
 	try {
 		cfg = fs_extra.default.readJsonSync(configFile);
 	} catch {}
-	cfg.channels = [...new Set([...cfg.channels || [], id])];
+	cfg.gateway = cfg.gateway || {
+		port: 18789,
+		bind: "127.0.0.1",
+		authToken: "",
+		runtime: "node",
+		enabledChannels: [],
+		hooks: true
+	};
+	const channels = cfg.gateway.enabledChannels || [];
+	if (!channels.includes(id)) channels.push(id);
+	cfg.gateway.enabledChannels = channels;
 	cfg.channelConfigs = cfg.channelConfigs || {};
 	cfg.channelConfigs[id] = {
 		token,
@@ -1905,8 +2045,9 @@ async function channelsAdd(channelId) {
 		dmPolicy,
 		allowFrom
 	};
-	fs_extra.default.ensureDirSync(path.default.dirname(configFile));
+	fs_extra.default.ensureDirSync(require_paths.getHyperClawDir());
 	fs_extra.default.writeJsonSync(configFile, cfg, { spaces: 2 });
+	spinner.succeed(`${ch.emoji} ${ch.name} saved`);
 	console.log(chalk.default.green(`\n  ✔  ${ch.name} added successfully!`));
 	if (ch.requiresGateway) {
 		console.log(chalk.default.gray("  ℹ  This channel requires the gateway to be running"));
@@ -1916,7 +2057,7 @@ async function channelsAdd(channelId) {
 }
 async function channelsList() {
 	const configured = await getConfiguredChannels();
-	const configFile = path.default.join(os.default.homedir(), ".hyperclaw", "config.json");
+	const configFile = require_paths.getConfigPath();
 	let cfg = {};
 	try {
 		cfg = fs_extra.default.readJsonSync(configFile);
@@ -1934,20 +2075,28 @@ async function channelsList() {
 	console.log(chalk.default.gray("  Remove a channel: hyperclaw channels remove <id>\n"));
 }
 async function channelsRemove(channelId) {
-	const configFile = path.default.join(os.default.homedir(), ".hyperclaw", "config.json");
+	const configFile = require_paths.getConfigPath();
 	let cfg = {};
 	try {
 		cfg = fs_extra.default.readJsonSync(configFile);
 	} catch {}
-	cfg.channels = (cfg.channels || []).filter((c) => c !== channelId);
+	cfg.gateway = cfg.gateway || {
+		port: 18789,
+		bind: "127.0.0.1",
+		authToken: "",
+		runtime: "node",
+		enabledChannels: [],
+		hooks: true
+	};
+	cfg.gateway.enabledChannels = (cfg.gateway.enabledChannels || []).filter((c) => c !== channelId);
 	delete (cfg.channelConfigs || {})[channelId];
 	fs_extra.default.writeJsonSync(configFile, cfg, { spaces: 2 });
 	console.log(chalk.default.green(`\n  ✔  Channel removed: ${channelId}\n`));
 }
 async function getConfiguredChannels() {
 	try {
-		const cfg = fs_extra.default.readJsonSync(path.default.join(os.default.homedir(), ".hyperclaw", "config.json"));
-		return cfg.channels || [];
+		const cfg = fs_extra.default.readJsonSync(require_paths.getConfigPath());
+		return cfg.gateway?.enabledChannels || cfg.channels || [];
 	} catch {
 		return [];
 	}
@@ -2071,12 +2220,12 @@ async function probeChannel(channelId, channelCfg) {
 * --probe attempts a real connectivity check for each.
 */
 async function channelsStatus(opts = {}) {
-	const configFile = path.default.join(os.default.homedir(), ".hyperclaw", "config.json");
+	const configFile = require_paths.getConfigPath();
 	let cfg = {};
 	try {
 		cfg = fs_extra.default.readJsonSync(configFile);
 	} catch {}
-	const configured = cfg.channels || [];
+	const configured = cfg.gateway?.enabledChannels || cfg.channels || [];
 	console.log(chalk.default.bold.cyan("\n  📡 CHANNEL STATUS\n"));
 	if (configured.length === 0) {
 		console.log(chalk.default.gray("  No channels configured.\n"));
@@ -2208,13 +2357,15 @@ async function performUpdate(channel, installKind) {
 		console.log(chalk.default.gray(`  npm install -g hyperclaw${tag}`));
 		console.log(chalk.default.yellow("\n  ⚠  Run the above command to update"));
 	}
-	const storedPath = path.default.join(os.default.homedir(), ".hyperclaw", "update-channel");
+	const { getHyperClawDir: getHyperClawDir$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+	const storedPath = path.default.join(getHyperClawDir$1(), "update-channel");
 	await fs_extra.default.ensureDir(path.default.dirname(storedPath));
 	await fs_extra.default.writeFile(storedPath, channel);
 	console.log(chalk.default.green(`\n  ✔  Preferred channel saved: ${channel}`));
 }
 async function getStoredChannel() {
-	const storedPath = path.default.join(os.default.homedir(), ".hyperclaw", "update-channel");
+	const { getHyperClawDir: getHyperClawDir$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+	const storedPath = path.default.join(getHyperClawDir$1(), "update-channel");
 	try {
 		const ch = (await fs_extra.default.readFile(storedPath, "utf8")).trim();
 		if ([
@@ -2226,71 +2377,6 @@ async function getStoredChannel() {
 	return void 0;
 }
 
-//#endregion
-//#region src/infra/device-auth-store.ts
-var AuthStore = class {
-	storePath;
-	constructor(storeDir) {
-		const dir = storeDir || path.default.join(os.default.homedir(), ".hyperclaw");
-		this.storePath = path.default.join(dir, "auth.json");
-	}
-	readStore() {
-		try {
-			const stat = fs_extra.default.statSync(this.storePath);
-			if ((stat.mode & 63) !== 0) {
-				console.log(chalk.default.yellow("  ⚠  Auth store has unsafe permissions — fixing..."));
-				fs_extra.default.chmodSync(this.storePath, 384);
-			}
-			return fs_extra.default.readJsonSync(this.storePath);
-		} catch {
-			return null;
-		}
-	}
-	writeStore(store) {
-		fs_extra.default.ensureDirSync(path.default.dirname(this.storePath));
-		fs_extra.default.writeFileSync(this.storePath, `${JSON.stringify(store, null, 2)}\n`, { mode: 384 });
-	}
-	getGatewayToken() {
-		return this.readStore()?.gatewayToken;
-	}
-	setGatewayToken(token) {
-		const store = this.readStore() || this.emptyStore();
-		store.gatewayToken = token;
-		store.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
-		this.writeStore(store);
-	}
-	setProviderKey(providerId, apiKey) {
-		const store = this.readStore() || this.emptyStore();
-		store.providers[providerId] = { apiKey };
-		store.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
-		this.writeStore(store);
-	}
-	getProviderKey(providerId) {
-		return this.readStore()?.providers[providerId]?.apiKey;
-	}
-	listProviders() {
-		return Object.keys(this.readStore()?.providers || {});
-	}
-	scrubSensitive() {
-		const store = this.readStore();
-		if (!store) return null;
-		const scrubbed = JSON.parse(JSON.stringify(store));
-		if (scrubbed.gatewayToken) scrubbed.gatewayToken = "***";
-		for (const p of Object.keys(scrubbed.providers || {})) {
-			if (scrubbed.providers[p].apiKey) scrubbed.providers[p].apiKey = "***";
-			if (scrubbed.providers[p].refreshToken) scrubbed.providers[p].refreshToken = "***";
-		}
-		return scrubbed;
-	}
-	emptyStore() {
-		return {
-			providers: {},
-			createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-			updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-		};
-	}
-};
-
 //#endregion
 //#region src/delivery/queue.ts
 var queue_exports = {};
@@ -2304,6 +2390,7 @@ function randomId() {
 }
 var BACKOFF_SECONDS, DeliveryQueue;
 var init_queue = require_chunk.__esm({ "src/delivery/queue.ts"() {
+	require_paths$1.init_paths();
 	BACKOFF_SECONDS = [
 		5,
 		30,
@@ -2316,7 +2403,7 @@ var init_queue = require_chunk.__esm({ "src/delivery/queue.ts"() {
 		items = [];
 		processing = false;
 		constructor() {
-			this.queueFile = path.default.join(os.default.homedir(), ".hyperclaw", "delivery-queue.json");
+			this.queueFile = path.default.join(require_paths.getHyperClawDir(), "delivery-queue.json");
 			this.load();
 		}
 		load() {
@@ -2436,15 +2523,24 @@ var init_queue = require_chunk.__esm({ "src/delivery/queue.ts"() {
 
 //#endregion
 //#region src/cli/run-main.ts
+require_device_auth_store.init_device_auth_store();
+process.on("unhandledRejection", (reason) => {
+	console.error("[hyperclaw] Unhandled rejection:", reason);
+	process.exit(1);
+});
+process.on("uncaughtException", (err) => {
+	console.error("[hyperclaw] Uncaught exception:", err?.message ?? String(err));
+	process.exit(1);
+});
 const program = new commander.Command();
-program.name("hyperclaw").description("⚡ HyperClaw — AI Gateway Platform. The Lobster Evolution 🦅").version("5.1.0").option("--profile <name>", "Use an isolated gateway profile. Auto-scopes HYPERCLAW_STATE_DIR and HYPERCLAW_CONFIG_PATH. Required for multi-gateway setups (rescue bot, staging, etc.). Example: hyperclaw --profile rescue gateway --port 19001").hook("preAction", (thisCommand) => {
+program.name("hyperclaw").description("⚡ HyperClaw — AI Gateway Platform. The Lobster Evolution 🦅").version("5.2.1").option("--profile <name>", "Use an isolated gateway profile. Auto-scopes HYPERCLAW_STATE_DIR and HYPERCLAW_CONFIG_PATH. Required for multi-gateway setups (rescue bot, staging, etc.). Example: hyperclaw --profile rescue gateway --port 19001").hook("preAction", (thisCommand) => {
 	const profile = thisCommand.opts().profile;
 	if (profile) {
-		const os$8 = require("os");
-		const path$8 = require("path");
-		const home = os$8.homedir();
-		if (!process.env.HYPERCLAW_STATE_DIR) process.env.HYPERCLAW_STATE_DIR = path$8.join(home, `.hyperclaw-${profile}`);
-		if (!process.env.HYPERCLAW_CONFIG_PATH) process.env.HYPERCLAW_CONFIG_PATH = path$8.join(process.env.HYPERCLAW_STATE_DIR, "hyperclaw.json");
+		const os$2 = require("os");
+		const path$5 = require("path");
+		const home = os$2.homedir();
+		if (!process.env.HYPERCLAW_STATE_DIR) process.env.HYPERCLAW_STATE_DIR = path$5.join(home, `.hyperclaw-${profile}`);
+		if (!process.env.HYPERCLAW_CONFIG_PATH) process.env.HYPERCLAW_CONFIG_PATH = path$5.join(process.env.HYPERCLAW_STATE_DIR, "hyperclaw.json");
 	}
 });
 program.command("init").description("Initialize HyperClaw with interactive wizard").option("-a, --auto-config", "Auto-configure with defaults").option("-d, --daemon", "Install as system daemon").option("-s, --start-now", "Start gateway after setup").action(async (opts) => {
@@ -2455,17 +2551,17 @@ program.command("init").description("Initialize HyperClaw with interactive wizar
 program.command("onboard").description("Full onboarding wizard — preferred setup path").option("--install-daemon", "Auto-install system daemon (starts on boot, grants full PC access)").option("--quick", "Use QuickStart mode (skip advanced options)").option("--reset", "Reset config before running wizard (sends to trash, not deleted)").option("--reset-scope <scope>", "What to reset: config | config+creds | full", "config").option("--non-interactive", "Run in non-interactive mode (use flags for all options)").option("--json", "Output result as JSON (use with --non-interactive)").option("--anthropic-api-key <key>", "Anthropic API key (non-interactive)").option("--openai-api-key <key>", "OpenAI API key (non-interactive)").option("--gateway-port <port>", "Gateway port (non-interactive)", "18789").option("--gateway-bind <bind>", "Gateway bind: loopback | all (non-interactive)", "loopback").option("--daemon-runtime <runtime>", "Daemon runtime: node | bun (non-interactive)", "node").option("--skip-skills", "Skip skills setup (non-interactive)").option("--skip-search", "Skip web search setup (non-interactive)").action(async (opts) => {
 	await new require_onboard.Banner().showNeonBanner(false);
 	if (opts.reset) {
-		const fs$8 = require("fs-extra");
-		const path$8 = require("path");
-		const os$8 = require("os");
-		const hcDir = path$8.join(os$8.homedir(), ".hyperclaw");
+		const fs$7 = require("fs-extra");
+		const path$5 = require("path");
 		const scope = opts.resetScope ?? "config";
-		const filesToRemove = [path$8.join(hcDir, "hyperclaw.json")];
+		const { getHyperClawDir: getHyperClawDir$1, getConfigPath: getConfigPath$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+		const hcDirResolved = getHyperClawDir$1();
+		const filesToRemove = [getConfigPath$1()];
 		if (scope === "config+creds" || scope === "full") {
-			filesToRemove.push(path$8.join(hcDir, "credentials"));
-			filesToRemove.push(path$8.join(hcDir, "sessions"));
+			filesToRemove.push(path$5.join(hcDirResolved, "credentials"));
+			filesToRemove.push(path$5.join(hcDirResolved, "sessions"));
 		}
-		if (scope === "full") filesToRemove.push(path$8.join(hcDir, "workspace"));
+		if (scope === "full") filesToRemove.push(path$5.join(hcDirResolved, "workspace"));
 		const chalk$11 = require("chalk");
 		console.log(chalk$11.yellow(`\n  ⚠  Reset scope: ${chalk$11.bold(scope)}\n`));
 		console.log(chalk$11.gray("  Files to remove:"));
@@ -2478,12 +2574,12 @@ program.command("onboard").description("Full onboarding wizard — preferred set
 			default: false
 		}]);
 		if (confirmReset) {
-			const backupDir = path$8.join(hcDir, `backup-${Date.now()}`);
-			await fs$8.ensureDir(backupDir);
-			for (const f of filesToRemove) if (await fs$8.pathExists(f)) {
-				const dest = path$8.join(backupDir, path$8.basename(f));
-				await fs$8.move(f, dest);
-				console.log(chalk$11.gray(`  ✓ Moved ${path$8.basename(f)} → backup/`));
+			const backupDir = path$5.join(hcDirResolved, `backup-${Date.now()}`);
+			await fs$7.ensureDir(backupDir);
+			for (const f of filesToRemove) if (await fs$7.pathExists(f)) {
+				const dest = path$5.join(backupDir, path$5.basename(f));
+				await fs$7.move(f, dest);
+				console.log(chalk$11.gray(`  ✓ Moved ${path$5.basename(f)} → backup/`));
 			}
 			console.log(chalk$11.green("\n  ✔  Reset complete. Starting fresh...\n"));
 		} else {
@@ -2532,9 +2628,9 @@ program.command("quickstart").description("Zero-config quick start").option("-c,
 	await new require_onboard.HyperClawWizard().quickstart(opts);
 	process.exit(0);
 });
-const gatewayCmd = program.command("gateway").description("Gateway control plane");
+const gatewayCmd = program.command("gateway").description("Gateway control (start/stop = runs in this terminal; use daemon for background)");
 gatewayCmd.command("status").description("Show gateway status").action(async () => {
-	const gm = new require_manager$1.GatewayManager();
+	const gm = new GatewayManager$1();
 	const cfg = await new require_manager.ConfigManager().load();
 	await gm.showStatus(cfg?.gateway || {
 		port: 18789,
@@ -2558,7 +2654,7 @@ gatewayCmd.command("restart").description("Restart the gateway service").action(
 	const dm = new require_daemon.DaemonManager();
 	await dm.restart();
 });
-program.command("daemon").description("Manage HyperClaw system service (alias: gateway)").argument("<action>", "start|stop|restart|status|logs|install|uninstall").action(async (action) => {
+program.command("daemon").description("Manage gateway: start/stop (foreground) or install (auto-start on boot). Same process as gateway start.").argument("<action>", "start|stop|restart|status|logs|install|uninstall").action(async (action) => {
 	const dm = new require_daemon.DaemonManager();
 	if (action === "start") await new require_onboard.Banner().showNeonBanner(true);
 	await dm.handle(action);
@@ -2568,19 +2664,21 @@ program.command("daemon").description("Manage HyperClaw system service (alias: g
 const sandboxCmd = program.command("sandbox").description("Debug sandbox and tool policy");
 sandboxCmd.command("explain").description("Show effective sandbox mode, tool policy, and allowed tools").option("--json", "Output as JSON").action(async (opts) => {
 	const chalk$11 = require("chalk");
-	const fs$8 = require("fs-extra");
-	const path$8 = require("path");
-	const os$8 = require("os");
-	const { getConfigPath } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
-	const cfgPath = getConfigPath();
+	const fs$7 = require("fs-extra");
+	const path$5 = require("path");
+	const os$2 = require("os");
+	const { getConfigPath: getConfigPath$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+	const cfgPath = getConfigPath$1();
 	let cfg = {};
 	try {
-		cfg = await fs$8.readJson(cfgPath);
-	} catch {}
+		cfg = await fs$7.readJson(cfgPath);
+	} catch (e) {
+		if (process.env.DEBUG) console.error("[run-main] sandbox config read:", e?.message);
+	}
 	const sandboxMode = cfg?.agents?.defaults?.sandbox?.mode ?? "non-main";
 	const toolsCfg = cfg?.tools ?? {};
-	const { describeToolPolicy, applyToolPolicy } = await Promise.resolve().then(() => require("./tool-policy-DeMsATEC.js"));
-	const { getBuiltinTools, getSessionsTools, getPCAccessTools, getBrowserTools, getExtractionTools, getWebsiteWatchTools, getVisionTools } = await Promise.resolve().then(() => require("./src-CbNutLsJ.js"));
+	const { describeToolPolicy, applyToolPolicy } = await Promise.resolve().then(() => require("./tool-policy-TmXx_fpp.js"));
+	const { getBuiltinTools, getSessionsTools, getPCAccessTools, getBrowserTools, getExtractionTools, getWebsiteWatchTools, getVisionTools } = await Promise.resolve().then(() => require("./src-DZtpIvWJ.js"));
 	const allTools = [
 		...getBuiltinTools(),
 		...getSessionsTools(() => null),
@@ -2800,18 +2898,18 @@ skillCmd.command("install <id>").description("Install skill from ClawHub (or bun
 	process.exit(0);
 });
 program.command("menu-bar").description("Launch macOS menu bar companion (Electron tray app)").action(async () => {
-	const path$8 = await import("path");
-	const { spawn } = await import("child_process");
-	const fs$8 = await import("fs-extra");
-	const root = path$8.join(process.cwd(), "apps", "macos");
-	const altRoot = path$8.join(__dirname, "..", "..", "apps", "macos");
-	const macosDir = await fs$8.pathExists(root) ? root : await fs$8.pathExists(altRoot) ? altRoot : null;
-	if (!macosDir || !await fs$8.pathExists(path$8.join(macosDir, "package.json"))) {
+	const path$5 = await import("path");
+	const { spawn: spawn$1 } = await import("child_process");
+	const fs$7 = await import("fs-extra");
+	const root = path$5.join(process.cwd(), "apps", "macos");
+	const altRoot = path$5.join(__dirname, "..", "..", "apps", "macos");
+	const macosDir = await fs$7.pathExists(root) ? root : await fs$7.pathExists(altRoot) ? altRoot : null;
+	if (!macosDir || !await fs$7.pathExists(path$5.join(macosDir, "package.json"))) {
 		console.log(chalk.default.gray("\n  macOS menu bar app not found."));
 		console.log(chalk.default.gray("  Run from HyperClaw repo root, or: cd apps/macos && npm start\n"));
 		process.exit(1);
 	}
-	const child = spawn("npm", ["start"], {
+	const child = spawn$1("npm", ["start"], {
 		cwd: macosDir,
 		stdio: "inherit",
 		shell: true
@@ -2906,6 +3004,26 @@ cfgCmd.command("set-key <KEY=value>").description("Set provider API key or confi
 	const config = new require_manager.ConfigManager();
 	const cfg = await config.load();
 	if (PROVIDER_KEY_NAMES.has(key) || key === cfg?.provider?.providerId) {
+		const keyToProvider = {
+			GOOGLE_AI_API_KEY: "google",
+			ANTHROPIC_API_KEY: "anthropic",
+			OPENROUTER_API_KEY: "openrouter",
+			OPENAI_API_KEY: "openai",
+			XAI_API_KEY: "xai",
+			google: "google",
+			anthropic: "anthropic",
+			openrouter: "openrouter",
+			openai: "openai",
+			xai: "xai"
+		};
+		const pid = keyToProvider[key] ?? keyToProvider[key.toLowerCase()] ?? cfg?.provider?.providerId ?? key.toLowerCase();
+		const { validateApiKeyFormat } = await Promise.resolve().then(() => require("./api-key-validation-BeQ2MZAT.js"));
+		const formatErr = validateApiKeyFormat(pid, value);
+		if (formatErr) {
+			console.log(chalk.default.yellow(`\n  ⚠  ${formatErr}\n`));
+			console.log(chalk.default.gray("  For custom providers use: hyperclaw auth add <service_id>\n"));
+			process.exit(1);
+		}
 		const next = {
 			...cfg,
 			provider: {
@@ -2917,8 +3035,9 @@ cfgCmd.command("set-key <KEY=value>").description("Set provider API key or confi
 		console.log(chalk.default.hex("#06b6d4")(`\n  ✔  Provider API key saved to config.\n`));
 		console.log(chalk.default.gray("  Run: hyperclaw chat  — to use the updated key.\n"));
 	} else {
-		const store = new AuthStore();
-		store.setProviderKey(key, value);
+		const { getHyperClawDir: getHyperClawDir$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+		const store = new require_device_auth_store.AuthStore(getHyperClawDir$1());
+		await store.setProviderKey(key, value);
 		console.log(chalk.default.hex("#06b6d4")(`\n  ✔  Set ${key}\n`));
 	}
 	process.exit(0);
@@ -2958,9 +3077,9 @@ cfgCmd.command("set-service-key <serviceId> [apiKey]").description("Set API key
 	process.exit(0);
 });
 cfgCmd.command("schema").description("Show configuration schema").action(() => {
-	console.log(chalk.default.bold.hex("#06b6d4")("\n  Config schema: ~/.hyperclaw/config.json\n"));
+	console.log(chalk.default.bold.hex("#06b6d4")("\n  Config schema: ~/.hyperclaw/hyperclaw.json\n"));
 	const schema = {
-		version: "string (e.g. \"5.1.0\")",
+		version: "string (e.g. \"5.2.1\")",
 		workspaceName: "string",
 		provider: {
 			providerId: "string",
@@ -3052,13 +3171,13 @@ program.command("deploy").description("Deploy gateway to cloud (Fly.io or Render
 });
 program.command("voice-call").description("Start voice call session — terminal mode, talks to gateway").option("-u, --gateway-url <url>", "Gateway URL", "http://localhost:18789").action(async (opts) => {
 	const axios = (await import("axios")).default;
-	const readline$2 = await import("readline");
+	const readline$1 = await import("readline");
 	const chalk$11 = require("chalk");
 	const url = opts.gatewayUrl || "http://localhost:18789";
 	console.log(chalk$11.bold.cyan("\n  🎙️  HYPERCLAW VOICE CALL\n"));
 	console.log(chalk$11.gray(`  Gateway: ${url}`));
 	console.log(chalk$11.gray("  Type a message and press Enter. Ctrl+C to exit.\n"));
-	const rl = readline$2.createInterface({
+	const rl = readline$1.createInterface({
 		input: process.stdin,
 		output: process.stdout
 	});
@@ -3105,13 +3224,13 @@ program.command("dashboard").description("Launch live terminal dashboard").optio
 program.command("status").description("System overview").option("--all", "Full local diagnosis (read-only)").option("--deep", "Also probe the running gateway").action(async (opts) => {
 	await new require_onboard.Banner().showStatus();
 	if (opts.all || opts.deep) {
-		const fs$8 = await import("fs-extra");
-		const { getConfigPath } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
-		const t = (await Promise.resolve().then(() => require("./theme-D0smfC_l.js"))).getTheme(false);
-		const configPath = getConfigPath();
+		const fs$7 = await import("fs-extra");
+		const { getConfigPath: getConfigPath$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+		const t = (await Promise.resolve().then(() => require("./theme-DdZT-Bq4.js"))).getTheme(false);
+		const configPath = getConfigPath$1();
 		console.log(t.bold("\n  ─── Deep status ───\n"));
 		try {
-			const cfg = await fs$8.readJson(configPath);
+			const cfg = await fs$7.readJson(configPath);
 			console.log(t.muted("  Config: ") + (cfg ? t.success("loaded") : t.error("missing")));
 			console.log(t.muted("  Channels: ") + JSON.stringify(cfg?.gateway?.enabledChannels || cfg?.channels || []));
 		} catch {
@@ -3119,7 +3238,7 @@ program.command("status").description("System overview").option("--all", "Full l
 		}
 		if (opts.deep) {
 			const http$2 = await import("http");
-			const { resolveGatewayUrl } = await Promise.resolve().then(() => require("./health-DPoG-f_Q.js"));
+			const { resolveGatewayUrl } = await Promise.resolve().then(() => require("./health-Cq_yE5Ln.js"));
 			const cfg = await new require_manager.ConfigManager().load();
 			const { gatewayUrl } = resolveGatewayUrl(cfg);
 			const u = new URL(gatewayUrl);
@@ -3197,7 +3316,7 @@ program.command("health").description("Quick gateway health probe (Runtime, RPC
 });
 const themeCmd = program.command("theme").description("Switch CLI color theme");
 themeCmd.command("list").description("List available themes").action(async () => {
-	const { allThemes, getThemeName } = await Promise.resolve().then(() => require("./theme-D0smfC_l.js"));
+	const { allThemes, getThemeName } = await Promise.resolve().then(() => require("./theme-DdZT-Bq4.js"));
 	const current = getThemeName();
 	console.log(chalk.default.bold.hex("#06b6d4")("\n  🎨 AVAILABLE THEMES\n"));
 	for (const { name, label } of allThemes()) {
@@ -3209,7 +3328,7 @@ themeCmd.command("list").description("List available themes").action(async () =>
 	process.exit(0);
 });
 themeCmd.command("set <theme>").description("Set theme: dark | grey | white").action(async (name) => {
-	const { setThemeName, allThemes } = await Promise.resolve().then(() => require("./theme-D0smfC_l.js"));
+	const { setThemeName, allThemes } = await Promise.resolve().then(() => require("./theme-DdZT-Bq4.js"));
 	const valid = allThemes().map((t) => t.name);
 	if (!valid.includes(name)) {
 		console.log(chalk.default.red(`\n  ✖  Unknown theme: "${name}". Use: ${valid.join(" | ")}\n`));
@@ -3221,7 +3340,7 @@ themeCmd.command("set <theme>").description("Set theme: dark | grey | white").ac
 	process.exit(0);
 });
 themeCmd.command("preview").description("Preview all themes side-by-side").action(async () => {
-	const { allThemes, getTheme, setThemeName, getThemeName } = await Promise.resolve().then(() => require("./theme-D0smfC_l.js"));
+	const { allThemes, getTheme, setThemeName, getThemeName } = await Promise.resolve().then(() => require("./theme-DdZT-Bq4.js"));
 	const current = getThemeName();
 	console.log(chalk.default.bold("\n  🎨 THEME PREVIEW\n"));
 	for (const { name, label } of allThemes()) {
@@ -3238,39 +3357,40 @@ themeCmd.command("preview").description("Preview all themes side-by-side").actio
 });
 const secretsCmd = program.command("secrets").description("External secrets management");
 secretsCmd.command("audit").description("Audit all required secrets").option("--required-by <ids>", "Filter by skill/provider IDs (comma-separated)").action(async (opts) => {
-	const { SecretsManager } = await Promise.resolve().then(() => require("./manager-TLk8tgyV.js"));
+	const { SecretsManager } = await Promise.resolve().then(() => require("./manager-Yo6ZAofG.js"));
 	const filter = opts.requiredBy?.split(",");
 	await new SecretsManager().audit(filter);
 	process.exit(0);
 });
 secretsCmd.command("set <KEY=value>").description("Set a secret in .env file").action(async (kv) => {
-	const { SecretsManager } = await Promise.resolve().then(() => require("./manager-TLk8tgyV.js"));
+	const { SecretsManager } = await Promise.resolve().then(() => require("./manager-Yo6ZAofG.js"));
 	await new SecretsManager().set(kv);
 	process.exit(0);
 });
 secretsCmd.command("apply").description("Write secrets from .env to shell config (~/.bashrc, ~/.zshrc)").action(async () => {
-	const { SecretsManager } = await Promise.resolve().then(() => require("./manager-TLk8tgyV.js"));
+	const { SecretsManager } = await Promise.resolve().then(() => require("./manager-Yo6ZAofG.js"));
 	await new SecretsManager().apply();
 	process.exit(0);
 });
 secretsCmd.command("reload").description("Reload secrets into running gateway").action(async () => {
-	const { SecretsManager } = await Promise.resolve().then(() => require("./manager-TLk8tgyV.js"));
+	const { SecretsManager } = await Promise.resolve().then(() => require("./manager-Yo6ZAofG.js"));
 	await new SecretsManager().reload();
 	process.exit(0);
 });
 secretsCmd.command("remove <key>").description("Remove a secret from .env").action(async (key) => {
-	const { SecretsManager } = await Promise.resolve().then(() => require("./manager-TLk8tgyV.js"));
+	const { SecretsManager } = await Promise.resolve().then(() => require("./manager-Yo6ZAofG.js"));
 	await new SecretsManager().remove(key);
 	process.exit(0);
 });
 secretsCmd.command("credentials").description("List provider credential files (credentials/*.json)").action(async () => {
-	const { CredentialsStore } = await Promise.resolve().then(() => require("./credentials-store-DT53GLWN.js"));
-	await new CredentialsStore().showList();
+	const { CredentialsStore } = await Promise.resolve().then(() => require("./credentials-store-DU2cVTiY.js"));
+	const { getHyperClawDir: getHyperClawDir$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+	await new CredentialsStore(getHyperClawDir$1()).showList();
 	process.exit(0);
 });
 const securityCmd = program.command("security").description("Security tools");
 securityCmd.command("audit").description("Security audit — file permissions, DM policies, embedded secrets").option("--deep", "Full deep scan including token entropy and installed skill risks").option("--fix", "Auto-fix safe findings (file permissions etc.)").option("--json", "Machine-readable JSON output").action(async (opts) => {
-	const { runSecurityAudit } = await Promise.resolve().then(() => require("./audit-4VKpxUg9.js"));
+	const { runSecurityAudit } = await Promise.resolve().then(() => require("./audit-CV0gLGaL.js"));
 	await runSecurityAudit({
 		deep: opts.deep,
 		fix: opts.fix,
@@ -3279,7 +3399,7 @@ securityCmd.command("audit").description("Security audit — file permissions, D
 	process.exit(0);
 });
 program.command("osint").description("OSINT / Ethical Hacking mode — configure HyperClaw for security research").argument("[workflow]", "Workflow preset: recon | bugbounty | pentest | footprint | custom").option("--show", "Show current OSINT profile").option("--reset", "Clear OSINT profile and disable OSINT mode").action(async (workflow, opts) => {
-	const { osintSetup, osintQuickStart } = await Promise.resolve().then(() => require("./osint-DBDMKOVf.js"));
+	const { osintSetup, osintQuickStart } = await Promise.resolve().then(() => require("./osint-Cg3-CYHx.js"));
 	if (opts.show || opts.reset) await osintSetup({
 		show: opts.show,
 		reset: opts.reset
@@ -3289,7 +3409,7 @@ program.command("osint").description("OSINT / Ethical Hacking mode — configure
 	process.exit(0);
 });
 program.command("chat").description("Interactive terminal chat with the agent").option("--session <id>", "Resume a named session").option("--model <model>", "Override model").option("--thinking <level>", "Thinking level: high|medium|low|none", "none").option("--workspace <dir>", "Override workspace directory").action(async (opts) => {
-	const { runChat } = await Promise.resolve().then(() => require("./chat-B85Qnmv1.js"));
+	const { runChat } = await Promise.resolve().then(() => require("./chat-CKBxDWAQ.js"));
 	await runChat({
 		sessionId: opts.session,
 		model: opts.model,
@@ -3299,7 +3419,7 @@ program.command("chat").description("Interactive terminal chat with the agent").
 });
 const agentRunCmd = program.command("agent").description("Run agent with thinking control");
 agentRunCmd.requiredOption("-m, --message <text>", "Message to send to the agent").option("--thinking <level>", "Thinking level: high|medium|low|none", "none").option("--model <model>", "Override model").option("--session <id>", "Session/thread ID").option("--multi-step", "Decompose into steps and run each (sequential)").option("--parallel", "Run sub-agents in parallel for independent subtasks").option("--verbose", "Show thinking blocks and request details").option("--workspace <dir>", "Override workspace directory").action(async (opts) => {
-	const { runAgent } = await Promise.resolve().then(() => require("./src-CbNutLsJ.js"));
+	const { runAgent } = await Promise.resolve().then(() => require("./src-DZtpIvWJ.js"));
 	await runAgent({
 		message: opts.message,
 		thinking: opts.thinking,
@@ -3315,7 +3435,7 @@ agentRunCmd.requiredOption("-m, --message <text>", "Message to send to the agent
 });
 const threadsCmd = program.command("threads").description("ACP thread-bound agent sessions");
 threadsCmd.command("list").description("List agent threads").option("--channel <id>", "Filter by channel").option("--active", "Show only active threads").action(async (opts) => {
-	const { ACPThreadManager } = await Promise.resolve().then(() => require("./src-CbNutLsJ.js"));
+	const { ACPThreadManager } = await Promise.resolve().then(() => require("./src-DZtpIvWJ.js"));
 	const mgr = new ACPThreadManager();
 	const threads = await mgr.list({
 		channelId: opts.channel,
@@ -3325,33 +3445,34 @@ threadsCmd.command("list").description("List agent threads").option("--channel <
 	process.exit(0);
 });
 threadsCmd.command("terminate <id>").description("Terminate a thread").action(async (id) => {
-	const { ACPThreadManager } = await Promise.resolve().then(() => require("./src-CbNutLsJ.js"));
+	const { ACPThreadManager } = await Promise.resolve().then(() => require("./src-DZtpIvWJ.js"));
 	await new ACPThreadManager().terminate(id);
 	console.log(require("chalk").green(`\n  ✔  Thread terminated: ${id}\n`));
 	process.exit(0);
 });
 const canvasCmd = program.command("canvas").description("Live AI-driven UI canvas");
 canvasCmd.command("show").description("Show current canvas components").action(async () => {
-	const { CanvasRenderer } = await Promise.resolve().then(() => require("./renderer-D_yO05wK.js"));
+	const { CanvasRenderer } = await Promise.resolve().then(() => require("./renderer-h3ar94cf.js"));
 	await new CanvasRenderer().show();
 	process.exit(0);
 });
 canvasCmd.command("add <type> <title>").description("Add a canvas component (type: chart|table|form|markdown|image|custom)").action(async (type, title) => {
-	const { CanvasRenderer } = await Promise.resolve().then(() => require("./renderer-D_yO05wK.js"));
+	const { CanvasRenderer } = await Promise.resolve().then(() => require("./renderer-h3ar94cf.js"));
 	await new CanvasRenderer().addComponent(type, title);
 	process.exit(0);
 });
 canvasCmd.command("clear").description("Clear all canvas components").action(async () => {
-	const { CanvasRenderer } = await Promise.resolve().then(() => require("./renderer-D_yO05wK.js"));
+	const { CanvasRenderer } = await Promise.resolve().then(() => require("./renderer-h3ar94cf.js"));
 	await new CanvasRenderer().clear();
 	process.exit(0);
 });
 canvasCmd.command("export").description("Export canvas as HTML file").action(async () => {
-	const { CanvasRenderer } = await Promise.resolve().then(() => require("./renderer-D_yO05wK.js"));
-	const fs$8 = require("fs-extra");
+	const { CanvasRenderer } = await Promise.resolve().then(() => require("./renderer-h3ar94cf.js"));
+	const fs$7 = require("fs-extra");
 	const html = await new CanvasRenderer().exportHtml();
-	const outFile = require("path").join(require("os").homedir(), ".hyperclaw", "canvas", "export.html");
-	await fs$8.writeFile(outFile, html);
+	const { getHyperClawDir: getHyperClawDir$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+	const outFile = require("path").join(getHyperClawDir$1(), "canvas", "export.html");
+	await fs$7.writeFile(outFile, html);
 	console.log(require("chalk").green(`\n  ✔  Canvas exported to ${outFile}\n`));
 	process.exit(0);
 });
@@ -3367,63 +3488,63 @@ deliveryCmd.command("retry <id>").description("Retry a dead-lettered delivery it
 	process.exit(0);
 });
 const mcpCmd = program.command("mcp").description("MCP (Model Context Protocol) server management");
-mcpCmd.command("list").action(async () => {
-	const { mcpList } = await Promise.resolve().then(() => require("./mcp-BYa3p8wQ.js"));
+mcpCmd.command("list").description("List configured MCP servers").action(async () => {
+	const { mcpList } = await Promise.resolve().then(() => require("./mcp-GWnLTVi-.js"));
 	await mcpList();
 	process.exit(0);
 });
-mcpCmd.command("add").action(async () => {
-	const { mcpAdd } = await Promise.resolve().then(() => require("./mcp-BYa3p8wQ.js"));
+mcpCmd.command("add").description("Add MCP server").action(async () => {
+	const { mcpAdd } = await Promise.resolve().then(() => require("./mcp-GWnLTVi-.js"));
 	await mcpAdd();
 	process.exit(0);
 });
-mcpCmd.command("remove <id>").action(async (id) => {
-	const { mcpRemove } = await Promise.resolve().then(() => require("./mcp-BYa3p8wQ.js"));
+mcpCmd.command("remove <id>").description("Remove MCP server").action(async (id) => {
+	const { mcpRemove } = await Promise.resolve().then(() => require("./mcp-GWnLTVi-.js"));
 	await mcpRemove(id);
 	process.exit(0);
 });
-mcpCmd.command("probe [id]").action(async (id) => {
-	const { mcpProbe } = await Promise.resolve().then(() => require("./mcp-BYa3p8wQ.js"));
+mcpCmd.command("probe [id]").description("Test MCP server connection").action(async (id) => {
+	const { mcpProbe } = await Promise.resolve().then(() => require("./mcp-GWnLTVi-.js"));
 	await mcpProbe(id);
 	process.exit(0);
 });
 const nodeCmd = program.command("node").description("HyperClaw node management (local, remote, android)");
-nodeCmd.command("list").action(async () => {
-	const { nodeList } = await Promise.resolve().then(() => require("./node-D6tw7AVZ.js"));
+nodeCmd.command("list").description("List paired nodes").action(async () => {
+	const { nodeList } = await Promise.resolve().then(() => require("./node-CRaZw_av.js"));
 	await nodeList();
 	process.exit(0);
 });
-nodeCmd.command("add").action(async () => {
-	const { nodeAdd } = await Promise.resolve().then(() => require("./node-D6tw7AVZ.js"));
+nodeCmd.command("add").description("Add or pair a node").action(async () => {
+	const { nodeAdd } = await Promise.resolve().then(() => require("./node-CRaZw_av.js"));
 	await nodeAdd();
 	process.exit(0);
 });
-nodeCmd.command("probe [id]").action(async (id) => {
-	const { nodeProbe } = await Promise.resolve().then(() => require("./node-D6tw7AVZ.js"));
+nodeCmd.command("probe [id]").description("Probe node connection").action(async (id) => {
+	const { nodeProbe } = await Promise.resolve().then(() => require("./node-CRaZw_av.js"));
 	await nodeProbe(id);
 	process.exit(0);
 });
-nodeCmd.command("remove <id>").action(async (id) => {
-	const { nodeRemove } = await Promise.resolve().then(() => require("./node-D6tw7AVZ.js"));
+nodeCmd.command("remove <id>").description("Remove paired node").action(async (id) => {
+	const { nodeRemove } = await Promise.resolve().then(() => require("./node-CRaZw_av.js"));
 	await nodeRemove(id);
 	process.exit(0);
 });
 const arCmd = program.command("auto-reply").description("Auto-reply rule engine");
 arCmd.command("list").action(async () => {
-	const { AutoReplyEngine } = await Promise.resolve().then(() => require("./rules-5KxGRmry.js"));
+	const { AutoReplyEngine } = await Promise.resolve().then(() => require("./rules-eJw9i4RF.js"));
 	const e = new AutoReplyEngine();
 	await e.load();
 	e.showList();
 	process.exit(0);
 });
 arCmd.command("toggle <id>").action(async (id) => {
-	const { AutoReplyEngine } = await Promise.resolve().then(() => require("./rules-5KxGRmry.js"));
+	const { AutoReplyEngine } = await Promise.resolve().then(() => require("./rules-eJw9i4RF.js"));
 	const e = new AutoReplyEngine();
 	await e.toggle(id);
 	process.exit(0);
 });
 arCmd.command("remove <id>").action(async (id) => {
-	const { AutoReplyEngine } = await Promise.resolve().then(() => require("./rules-5KxGRmry.js"));
+	const { AutoReplyEngine } = await Promise.resolve().then(() => require("./rules-eJw9i4RF.js"));
 	const e = new AutoReplyEngine();
 	await e.remove(id);
 	process.exit(0);
@@ -3432,7 +3553,7 @@ const gmailCmd = program.command("gmail").description("Gmail Pub/Sub real-time n
 gmailCmd.command("watch-setup").description("Register Gmail watch for push notifications. Requires: hyperclaw auth oauth google-gmail").requiredOption("-t, --topic <name>", "Pub/Sub topic (e.g. projects/myproject/topics/gmail-push)").option("-l, --labels <ids>", "Label IDs to watch (comma-separated)", "INBOX").action(async (opts) => {
 	const chalk$11 = require("chalk");
 	try {
-		const { setupGmailWatch } = await Promise.resolve().then(() => require("./gmail-watch-setup-DR7YR_NT.js"));
+		const { setupGmailWatch } = await Promise.resolve().then(() => require("./gmail-watch-setup-xG9GkPwr.js"));
 		const labelIds = opts.labels.split(",").map((s) => s.trim()).filter(Boolean);
 		const result = await setupGmailWatch({
 			topicName: opts.topic,
@@ -3452,7 +3573,7 @@ gmailCmd.command("watch-setup").description("Register Gmail watch for push notif
 const cronCmd = program.command("cron").description("Scheduled tasks (cron → agent prompt)");
 cronCmd.command("list").action(async () => {
 	const chalk$11 = require("chalk");
-	const { loadCronTasks } = await Promise.resolve().then(() => require("./cron-tasks-Dq-jkNOz.js"));
+	const { loadCronTasks } = await Promise.resolve().then(() => require("./cron-tasks-4my0PJce.js"));
 	const tasks = await loadCronTasks();
 	console.log(chalk$11.bold.cyan("\n  ⏰ CRON TASKS\n"));
 	if (tasks.length === 0) {
@@ -3472,7 +3593,7 @@ cronCmd.command("list").action(async () => {
 });
 cronCmd.command("add").arguments("<schedule> <prompt>").option("-n, --name <name>", "Task name").action(async (schedule, prompt, opts) => {
 	const chalk$11 = require("chalk");
-	const { loadCronTasks, addCronTask, saveCronTasks } = await Promise.resolve().then(() => require("./cron-tasks-Dq-jkNOz.js"));
+	const { loadCronTasks, addCronTask, saveCronTasks } = await Promise.resolve().then(() => require("./cron-tasks-4my0PJce.js"));
 	await loadCronTasks();
 	addCronTask(schedule, prompt, opts.name);
 	await saveCronTasks();
@@ -3482,7 +3603,7 @@ cronCmd.command("add").arguments("<schedule> <prompt>").option("-n, --name <name
 });
 cronCmd.command("remove <id>").action(async (id) => {
 	const chalk$11 = require("chalk");
-	const { loadCronTasks, removeCronTask, saveCronTasks } = await Promise.resolve().then(() => require("./cron-tasks-Dq-jkNOz.js"));
+	const { loadCronTasks, removeCronTask, saveCronTasks } = await Promise.resolve().then(() => require("./cron-tasks-4my0PJce.js"));
 	await loadCronTasks();
 	if (removeCronTask(id)) {
 		await saveCronTasks();
@@ -3493,14 +3614,14 @@ cronCmd.command("remove <id>").action(async (id) => {
 program.command("nodes").description("List connected mobile nodes (iOS/Android Connect tab)").action(async () => {
 	const chalk$11 = require("chalk");
 	const http$2 = await import("http");
-	const fs$8 = await import("fs-extra");
-	const path$8 = await import("path");
-	const os$8 = await import("os");
+	const fs$7 = await import("fs-extra");
+	const { getConfigPath: getConfigPath$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
 	let port = 18789;
 	try {
-		const cfg = await fs$8.readJson(path$8.join(os$8.homedir(), ".hyperclaw", "hyperclaw.json"));
+		const cfg = await fs$7.readJson(getConfigPath$1());
 		port = cfg?.gateway?.port ?? 18789;
 	} catch {}
+	let exitCode = 0;
 	return new Promise((resolve, reject) => {
 		const req = http$2.get(`http://127.0.0.1:${port}/api/nodes`, (res) => {
 			let data = "";
@@ -3523,36 +3644,39 @@ program.command("nodes").description("List connected mobile nodes (iOS/Android C
 					}
 				} catch {
 					console.log(chalk$11.red("  Could not reach gateway. Start with: hyperclaw daemon start\n"));
+					exitCode = 1;
 				}
 				resolve();
 			});
 		});
 		req.on("error", () => {
 			console.log(chalk$11.red("  Gateway offline. Start with: hyperclaw daemon start\n"));
+			exitCode = 1;
 			resolve();
 		});
 		req.setTimeout(3e3, () => {
 			req.destroy();
+			exitCode = 1;
 			resolve();
 		});
-	}).then(() => process.exit(0));
+	}).then(() => process.exit(exitCode));
 });
 const whCmd = program.command("webhooks").description("Webhook endpoint management");
 whCmd.command("list").action(async () => {
-	const { WebhookManager } = await Promise.resolve().then(() => require("./manager-SfouqcxX.js"));
+	const { WebhookManager } = await Promise.resolve().then(() => require("./manager-BQf9drst.js"));
 	const m = new WebhookManager();
 	await m.load();
 	m.showList();
 	process.exit(0);
 });
 whCmd.command("remove <id>").action(async (id) => {
-	const { WebhookManager } = await Promise.resolve().then(() => require("./manager-SfouqcxX.js"));
+	const { WebhookManager } = await Promise.resolve().then(() => require("./manager-BQf9drst.js"));
 	const m = new WebhookManager();
 	await m.remove(id);
 	process.exit(0);
 });
 whCmd.command("toggle <id>").action(async (id) => {
-	const { WebhookManager } = await Promise.resolve().then(() => require("./manager-SfouqcxX.js"));
+	const { WebhookManager } = await Promise.resolve().then(() => require("./manager-BQf9drst.js"));
 	const m = new WebhookManager();
 	await m.toggle(id);
 	process.exit(0);
@@ -3561,7 +3685,7 @@ const logsCmd = program.command("logs").description("View gateway logs");
 logsCmd.option("-n, --lines <n>", "Number of lines to show", "50");
 logsCmd.option("-f, --follow", "Stream logs in real time");
 logsCmd.action(async (opts) => {
-	const { tailLog, streamLog } = await Promise.resolve().then(() => require("./logger-D2nl9nkX.js"));
+	const { tailLog, streamLog } = await Promise.resolve().then(() => require("./logger-ry2oCfdf.js"));
 	if (opts.follow) await streamLog();
 	else {
 		await tailLog(parseInt(opts.lines));
@@ -3569,7 +3693,7 @@ logsCmd.action(async (opts) => {
 	}
 });
 program.command("gateway:serve").description("Start the gateway server in the foreground (used by daemon)").action(async () => {
-	const { startGateway } = await Promise.resolve().then(() => require("./server-o0BLRkXZ.js"));
+	const { startGateway } = await Promise.resolve().then(() => require("./server-Bav63Eqx.js"));
 	await startGateway();
 	process.on("SIGINT", () => process.exit(0));
 	process.on("SIGTERM", () => process.exit(0));
@@ -3578,15 +3702,17 @@ program.command("gateway:serve").description("Start the gateway server in the fo
 const gatewayCfgCmd = gatewayCmd.command("config").description("Configure gateway settings");
 gatewayCfgCmd.option("--set-token <token>", "Set gateway auth token").option("--regenerate-token", "Generate a new random token").option("--set-port <port>", "Set gateway port").option("--set-bind <addr>", "Set gateway bind address").action(async (opts) => {
 	const chalk$11 = require("chalk");
-	const fs$8 = require("fs-extra");
-	const path$8 = require("path");
-	const os$8 = require("os");
-	const crypto$2 = require("crypto");
-	const cfgFile = path$8.join(os$8.homedir(), ".hyperclaw", "hyperclaw.json");
+	const fs$7 = require("fs-extra");
+	const path$5 = require("path");
+	const { getConfigPath: getConfigPath$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+	const crypto$3 = require("crypto");
+	const cfgFile = getConfigPath$1();
 	let cfg = {};
 	try {
-		cfg = await fs$8.readJson(cfgFile);
-	} catch {}
+		cfg = await fs$7.readJson(cfgFile);
+	} catch (e) {
+		if (process.env.DEBUG) console.error("[run-main] gateway config read:", e?.message);
+	}
 	if (!cfg.gateway) cfg.gateway = {
 		port: 18789,
 		bind: "127.0.0.1",
@@ -3596,7 +3722,7 @@ gatewayCfgCmd.option("--set-token <token>", "Set gateway auth token").option("--
 		hooks: true
 	};
 	if (opts.regenerateToken) {
-		cfg.gateway.authToken = crypto$2.randomBytes(32).toString("hex");
+		cfg.gateway.authToken = crypto$3.randomBytes(32).toString("hex");
 		console.log(chalk$11.hex("#06b6d4")("\n  ✔  New gateway token generated"));
 		console.log(chalk$11.gray(`  Token: ${cfg.gateway.authToken}`));
 	}
@@ -3612,9 +3738,11 @@ gatewayCfgCmd.option("--set-token <token>", "Set gateway auth token").option("--
 		cfg.gateway.bind = opts.setBind;
 		console.log(chalk$11.hex("#06b6d4")(`\n  ✔  Bind set to ${cfg.gateway.bind}`));
 	}
-	await fs$8.ensureDir(path$8.dirname(cfgFile));
-	await fs$8.writeJson(cfgFile, cfg, { spaces: 2 });
-	await fs$8.chmod(cfgFile, 384);
+	await fs$7.ensureDir(path$5.dirname(cfgFile));
+	const tmp = cfgFile + ".tmp";
+	await fs$7.writeJson(tmp, cfg, { spaces: 2 });
+	await fs$7.chmod(tmp, 384);
+	await fs$7.rename(tmp, cfgFile);
 	console.log(chalk$11.gray(`  Saved to ${cfgFile}\n`));
 	process.exit(0);
 });
@@ -3622,11 +3750,11 @@ const authCmd = program.command("auth").description("OAuth and provider credenti
 authCmd.command("add <service_id>").description("Add API key for a service (any provider we do not ship). Stored in credentials/ and .env.").option("--key <api_key>", "API key (prompts if omitted)").option("--base-url <url>", "Base URL (optional, e.g. https://api.example.com)").option("--env-var <name>", "Env var name (default: <SERVICE_ID>_API_KEY)").action(async (serviceId, opts) => {
 	const chalk$11 = require("chalk");
 	const inquirer$2 = require("inquirer");
-	const { CredentialsStore } = await Promise.resolve().then(() => require("./credentials-store-DT53GLWN.js"));
-	const { getHyperClawDir, getEnvFilePath } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
-	const { getApiKeyGuide, GENERIC_API_KEY_STEPS } = await Promise.resolve().then(() => require("./api-keys-guide-CMncOxUR.js"));
-	const fs$8 = await import("fs-extra");
-	const path$8 = await import("path");
+	const { CredentialsStore } = await Promise.resolve().then(() => require("./credentials-store-DU2cVTiY.js"));
+	const { getHyperClawDir: getHyperClawDir$1, getEnvFilePath } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+	const { getApiKeyGuide, GENERIC_API_KEY_STEPS } = await Promise.resolve().then(() => require("./api-keys-guide-BdT2lfX6.js"));
+	const fs$7 = await import("fs-extra");
+	const path$5 = await import("path");
 	const guide = getApiKeyGuide(serviceId);
 	const steps = guide?.setupSteps ?? GENERIC_API_KEY_STEPS;
 	console.log(chalk$11.bold.hex("#06b6d4")(`\n  🔑 Add API key: ${guide?.name ?? serviceId}\n`));
@@ -3651,7 +3779,7 @@ authCmd.command("add <service_id>").description("Add API key for a service (any
 		}]);
 		apiKey = key.trim();
 	}
-	const creds = new CredentialsStore(getHyperClawDir());
+	const creds = new CredentialsStore(getHyperClawDir$1());
 	await creds.set(safeId, {
 		apiKey,
 		...opts.baseUrl ? { baseUrl: opts.baseUrl } : {},
@@ -3659,14 +3787,14 @@ authCmd.command("add <service_id>").description("Add API key for a service (any
 	});
 	const envVar = opts.envVar || `${safeId.toUpperCase().replace(/-/g, "_")}_API_KEY`;
 	const envPath = getEnvFilePath();
-	await fs$8.ensureDir(path$8.dirname(envPath));
+	await fs$7.ensureDir(path$5.dirname(envPath));
 	let envContent = "";
-	if (await fs$8.pathExists(envPath)) envContent = await fs$8.readFile(envPath, "utf8");
+	if (await fs$7.pathExists(envPath)) envContent = await fs$7.readFile(envPath, "utf8");
 	const envLine = `${envVar}=${apiKey}`;
 	const re = new RegExp(`^${envVar}=.*$`, "m");
 	if (re.test(envContent)) envContent = envContent.replace(re, envLine);
 	else envContent = envContent.trimEnd() + (envContent ? "\n" : "") + envLine + "\n";
-	await fs$8.writeFile(envPath, envContent, { mode: 384 });
+	await fs$7.writeFile(envPath, envContent, { mode: 384 });
 	console.log(chalk$11.hex("#06b6d4")(`\n  ✔  Added: ${safeId}`));
 	console.log(chalk$11.gray(`     Credentials: ~/.hyperclaw/credentials/${safeId}.json`));
 	console.log(chalk$11.gray(`     Env: ${envVar} (in .env — use in skills via process.env.${envVar.replace(/-/g, "_")})`));
@@ -3676,18 +3804,18 @@ authCmd.command("add <service_id>").description("Add API key for a service (any
 });
 authCmd.command("remove <service_id>").description("Remove API key for a service from credentials and .env").action(async (serviceId) => {
 	const chalk$11 = require("chalk");
-	const { CredentialsStore } = await Promise.resolve().then(() => require("./credentials-store-DT53GLWN.js"));
-	const { getHyperClawDir, getEnvFilePath } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
-	const fs$8 = await import("fs-extra");
+	const { CredentialsStore } = await Promise.resolve().then(() => require("./credentials-store-DU2cVTiY.js"));
+	const { getHyperClawDir: getHyperClawDir$1, getEnvFilePath } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+	const fs$7 = await import("fs-extra");
 	const safeId = serviceId.replace(/[^a-zA-Z0-9_-]/g, "_").toLowerCase();
-	const creds = new CredentialsStore(getHyperClawDir());
+	const creds = new CredentialsStore(getHyperClawDir$1());
 	await creds.remove(safeId);
 	const envVar = `${safeId.toUpperCase().replace(/-/g, "_")}_API_KEY`;
 	const envPath = getEnvFilePath();
-	if (await fs$8.pathExists(envPath)) {
-		let c = await fs$8.readFile(envPath, "utf8");
+	if (await fs$7.pathExists(envPath)) {
+		let c = await fs$7.readFile(envPath, "utf8");
 		c = c.replace(new RegExp(`^${envVar}=.*\n?`, "gm"), "");
-		await fs$8.writeFile(envPath, c);
+		await fs$7.writeFile(envPath, c);
 	}
 	console.log(chalk$11.hex("#06b6d4")(`\n  ✔  Removed: ${safeId}\n`));
 	process.exit(0);
@@ -3696,7 +3824,7 @@ authCmd.command("oauth <provider>").description("Run full OAuth flow. Providers:
 	const chalk$11 = require("chalk");
 	const ora$4 = (await import("ora")).default;
 	try {
-		const { runOAuthFlow } = await Promise.resolve().then(() => require("./oauth-flow-Bsv_lnIc.js"));
+		const { runOAuthFlow } = await Promise.resolve().then(() => require("./oauth-flow-B3S4T_SJ.js"));
 		const spinner = ora$4("Starting OAuth flow...").start();
 		spinner.text = "Opening browser — complete the consent and return here.";
 		const tokens = await runOAuthFlow(provider, {
@@ -3704,7 +3832,7 @@ authCmd.command("oauth <provider>").description("Run full OAuth flow. Providers:
 			clientSecret: opts.clientSecret
 		});
 		spinner.stop();
-		const { writeOAuthToken } = await Promise.resolve().then(() => require("./oauth-provider-C99w78bS.js"));
+		const { writeOAuthToken } = await Promise.resolve().then(() => require("./oauth-provider-B2RBpiXg.js"));
 		const now = Math.floor(Date.now() / 1e3);
 		const expires_at = tokens.expires_in ? now + tokens.expires_in : void 0;
 		const tokenUrl = provider === "google" || provider === "google-gmail" ? "https://oauth2.googleapis.com/token" : provider === "microsoft" ? "https://login.microsoftonline.com/common/oauth2/v2.0/token" : void 0;
@@ -3739,7 +3867,7 @@ authCmd.command("setup-token <provider>").description("Save setup token (Anthrop
 		console.log(chalk$11.red("\n  ✖  No token provided.\n"));
 		process.exit(1);
 	}
-	const { writeOAuthToken } = await Promise.resolve().then(() => require("./oauth-provider-C99w78bS.js"));
+	const { writeOAuthToken } = await Promise.resolve().then(() => require("./oauth-provider-B2RBpiXg.js"));
 	await writeOAuthToken("anthropic-setup", {
 		access_token: token.trim(),
 		token_url: "https://api.anthropic.com"
@@ -3750,7 +3878,7 @@ authCmd.command("setup-token <provider>").description("Save setup token (Anthrop
 });
 authCmd.command("oauth-set <provider>").description("Save OAuth tokens manually (access_token, refresh_token, etc.) to ~/.hyperclaw/oauth-<provider>.json").option("--token <access_token>", "Access token").option("--refresh <refresh_token>", "Refresh token (optional)").option("--expires-in <seconds>", "Token lifetime in seconds (optional)").option("--token-url <url>", "Refresh endpoint URL (optional)").action(async (provider, opts) => {
 	const chalk$11 = require("chalk");
-	const { writeOAuthToken } = await Promise.resolve().then(() => require("./oauth-provider-C99w78bS.js"));
+	const { writeOAuthToken } = await Promise.resolve().then(() => require("./oauth-provider-B2RBpiXg.js"));
 	const access_token = opts.token || process.env.OAUTH_ACCESS_TOKEN;
 	if (!access_token) {
 		console.log(chalk$11.red("\n  ✖  Provide --token <access_token> or set OAUTH_ACCESS_TOKEN\n"));
@@ -3770,15 +3898,15 @@ authCmd.command("oauth-set <provider>").description("Save OAuth tokens manually
 const workspaceCmd = program.command("workspace").description("Manage agent workspace files");
 workspaceCmd.command("init [dir]").description("Initialize workspace files (SOUL.md, USER.md, TOOLS.md, HEARTBEAT.md, BOOTSTRAP.md) in a directory").action(async (dir) => {
 	const chalk$11 = require("chalk");
-	const fs$8 = require("fs-extra");
-	const path$8 = require("path");
-	const os$8 = require("os");
-	const targetDir = dir || path$8.join(os$8.homedir(), ".hyperclaw");
+	const fs$7 = require("fs-extra");
+	const path$5 = require("path");
+	const { getHyperClawDir: getHyperClawDir$1, getConfigPath: getConfigPath$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+	const targetDir = dir || getHyperClawDir$1();
 	let cfg = {};
 	try {
-		cfg = await fs$8.readJson(path$8.join(os$8.homedir(), ".hyperclaw", "hyperclaw.json"));
+		cfg = await fs$7.readJson(getConfigPath$1());
 	} catch {}
-	const { initWorkspaceFiles } = await Promise.resolve().then(() => require("./memory-Bv_eg-tQ.js"));
+	const { initWorkspaceFiles } = await Promise.resolve().then(() => require("./memory-D991eoj7.js"));
 	await initWorkspaceFiles({
 		agentName: cfg.identity?.agentName || "Hyper",
 		personality: cfg.identity?.personality || "helpful and concise",
@@ -3792,10 +3920,10 @@ workspaceCmd.command("init [dir]").description("Initialize workspace files (SOUL
 });
 workspaceCmd.command("show [dir]").description("Show workspace files summary").action(async (dir) => {
 	const chalk$11 = require("chalk");
-	const fs$8 = require("fs-extra");
-	const path$8 = require("path");
-	const os$8 = require("os");
-	const targetDir = dir || path$8.join(os$8.homedir(), ".hyperclaw");
+	const fs$7 = require("fs-extra");
+	const path$5 = require("path");
+	const { getHyperClawDir: getHyperClawDir$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+	const targetDir = dir || getHyperClawDir$1();
 	console.log(chalk$11.bold.hex("#06b6d4")("\n  📁 WORKSPACE\n"));
 	for (const fname of [
 		"SOUL.md",
@@ -3806,9 +3934,9 @@ workspaceCmd.command("show [dir]").description("Show workspace files summary").a
 		"AGENTS.md",
 		"MEMORY.md"
 	]) {
-		const fpath = path$8.join(targetDir, fname);
-		const exists = await fs$8.pathExists(fpath);
-		const size = exists ? (await fs$8.stat(fpath)).size : 0;
+		const fpath = path$5.join(targetDir, fname);
+		const exists = await fs$7.pathExists(fpath);
+		const size = exists ? (await fs$7.stat(fpath)).size : 0;
 		const dot = exists ? chalk$11.hex("#06b6d4")("✔") : chalk$11.gray("○");
 		console.log(`  ${dot} ${fname.padEnd(14)} ${exists ? chalk$11.gray(`${size} bytes`) : chalk$11.gray("(missing)")}`);
 	}
@@ -3817,13 +3945,13 @@ workspaceCmd.command("show [dir]").description("Show workspace files summary").a
 });
 const botCmd = program.command("bot").description("HyperClaw Bot — companion bot for remote gateway control");
 botCmd.command("status").action(async () => {
-	const { showBotStatus } = await Promise.resolve().then(() => require("./hyperclawbot-FGyzdLtO.js"));
+	const { showBotStatus } = await Promise.resolve().then(() => require("./hyperclawbot-DnPIyjox.js"));
 	await showBotStatus();
 	process.exit(0);
 });
 botCmd.command("setup").description("Configure HyperClaw Bot (Telegram token, allowed users)").action(async () => {
 	const inquirer$2 = require("inquirer");
-	const { saveBotConfig } = await Promise.resolve().then(() => require("./hyperclawbot-FGyzdLtO.js"));
+	const { saveBotConfig } = await Promise.resolve().then(() => require("./hyperclawbot-DnPIyjox.js"));
 	const chalk$11 = require("chalk");
 	console.log(chalk$11.bold.hex("#06b6d4")("\n  🦅 HYPERCLAW BOT SETUP\n"));
 	console.log(chalk$11.gray("  Create a bot at t.me/BotFather, then paste the token below.\n"));
@@ -3870,11 +3998,11 @@ botCmd.command("setup").description("Configure HyperClaw Bot (Telegram token, al
 	process.exit(0);
 });
 botCmd.command("start").description("Start HyperClaw Bot (foreground or background)").option("--background", "Run bot in background (use hyperclaw bot stop to stop)").action(async (opts) => {
-	const { spawn } = await import("child_process");
-	const path$8 = await import("path");
+	const { spawn: spawn$1 } = await import("child_process");
+	const path$5 = await import("path");
 	if (opts?.background) {
-		const entry = process.argv[1] || path$8.join(__dirname, "run-main.js");
-		const child = spawn(process.execPath, [
+		const entry = process.argv[1] || path$5.join(__dirname, "run-main.js");
+		const child = spawn$1(process.execPath, [
 			entry,
 			"bot",
 			"start"
@@ -3885,14 +4013,14 @@ botCmd.command("start").description("Start HyperClaw Bot (foreground or backgrou
 			cwd: process.cwd()
 		});
 		child.unref();
-		const { writeBotPid } = await Promise.resolve().then(() => require("./hyperclawbot-FGyzdLtO.js"));
+		const { writeBotPid } = await Promise.resolve().then(() => require("./hyperclawbot-DnPIyjox.js"));
 		await writeBotPid(child.pid);
 		console.log(require("chalk").green(`\n  ✔  HyperClaw Bot started in background (PID ${child.pid})`));
 		console.log(require("chalk").gray("  Stop with: hyperclaw bot stop\n"));
 		process.exit(0);
 		return;
 	}
-	const { loadBotConfig, TelegramHyperClawBot, DiscordHyperClawBot } = await Promise.resolve().then(() => require("./hyperclawbot-FGyzdLtO.js"));
+	const { loadBotConfig, TelegramHyperClawBot, DiscordHyperClawBot } = await Promise.resolve().then(() => require("./hyperclawbot-DnPIyjox.js"));
 	const cfg = await loadBotConfig();
 	if (!cfg) {
 		console.log(require("chalk").red("\n  ✖  HyperClaw Bot not configured. Run: hyperclaw bot setup\n"));
@@ -3919,41 +4047,41 @@ botCmd.command("start").description("Start HyperClaw Bot (foreground or backgrou
 });
 botCmd.command("stop").description("Stop HyperClaw Bot (when running in background)").action(async () => {
 	const chalk$11 = require("chalk");
-	const { stopBotProcess } = await Promise.resolve().then(() => require("./hyperclawbot-FGyzdLtO.js"));
+	const { stopBotProcess } = await Promise.resolve().then(() => require("./hyperclawbot-DnPIyjox.js"));
 	const stopped = await stopBotProcess();
 	if (stopped) console.log(chalk$11.green("\n  ✔  HyperClaw Bot stopped\n"));
 	else console.log(chalk$11.gray("\n  Bot not running in background (no PID file). Use Ctrl+C to stop foreground bot.\n"));
 	process.exit(stopped ? 0 : 1);
 });
 memCmd.command("search <query>").description("Search MEMORY.md").action(async (query) => {
-	const { searchMemory } = await Promise.resolve().then(() => require("./src-CbNutLsJ.js"));
+	const { searchMemory } = await Promise.resolve().then(() => require("./src-DZtpIvWJ.js"));
 	await searchMemory(query);
 	process.exit(0);
 });
 memCmd.command("auto-show").description("Show auto-extracted memories from MEMORY.md").action(async () => {
-	const { showMemory } = await Promise.resolve().then(() => require("./src-CbNutLsJ.js"));
+	const { showMemory } = await Promise.resolve().then(() => require("./src-DZtpIvWJ.js"));
 	await showMemory();
 	process.exit(0);
 });
 memCmd.command("clear").description("Clear all auto-extracted memories").action(async () => {
-	const { clearMemory } = await Promise.resolve().then(() => require("./src-CbNutLsJ.js"));
+	const { clearMemory } = await Promise.resolve().then(() => require("./src-DZtpIvWJ.js"));
 	await clearMemory();
 	process.exit(0);
 });
 memCmd.command("save <text>").description("Manually save a fact to MEMORY.md").action(async (text) => {
-	const { saveMemoryDirect } = await Promise.resolve().then(() => require("./src-CbNutLsJ.js"));
+	const { saveMemoryDirect } = await Promise.resolve().then(() => require("./src-DZtpIvWJ.js"));
 	await saveMemoryDirect(text);
 	console.log(chalk.default.hex("#06b6d4")(`  ✅ Saved: ${text}\n`));
 	process.exit(0);
 });
 const pcCmd = program.command("pc").description("PC access — give the AI access to your computer");
 pcCmd.command("status").description("Show PC access status and config").action(async () => {
-	const { showPCAccessStatus } = await Promise.resolve().then(() => require("./src-CbNutLsJ.js"));
+	const { showPCAccessStatus } = await Promise.resolve().then(() => require("./src-DZtpIvWJ.js"));
 	await showPCAccessStatus();
 	process.exit(0);
 });
 pcCmd.command("enable").description("Enable PC access for the AI").option("--level <level>", "Access level: read-only | sandboxed | full", "full").option("--paths <paths>", "Comma-separated allowed paths (sandboxed mode)").action(async (opts) => {
-	const { savePCAccessConfig } = await Promise.resolve().then(() => require("./src-CbNutLsJ.js"));
+	const { savePCAccessConfig } = await Promise.resolve().then(() => require("./src-DZtpIvWJ.js"));
 	const level = opts.level;
 	const allowed = [
 		"read-only",
@@ -3980,13 +4108,14 @@ pcCmd.command("enable").description("Enable PC access for the AI").option("--lev
 	process.exit(0);
 });
 pcCmd.command("disable").description("Disable PC access").action(async () => {
-	const { savePCAccessConfig } = await Promise.resolve().then(() => require("./src-CbNutLsJ.js"));
+	const { savePCAccessConfig } = await Promise.resolve().then(() => require("./src-DZtpIvWJ.js"));
 	await savePCAccessConfig({ enabled: false });
 	console.log(chalk.default.hex("#06b6d4")("\n  ✅ PC access disabled\n"));
 	process.exit(0);
 });
 pcCmd.command("log").description("Show PC access audit log").option("-n, --lines <n>", "Number of lines", "50").action(async (opts) => {
-	const logFile = require("path").join(require("os").homedir(), ".hyperclaw", "pc-access.log");
+	const { getHyperClawDir: getHyperClawDir$1 } = await Promise.resolve().then(() => require("./paths-D-QecARF.js"));
+	const logFile = require("path").join(getHyperClawDir$1(), "pc-access.log");
 	const fs2 = require("fs-extra");
 	if (!await fs2.pathExists(logFile)) {
 		console.log(chalk.default.gray("\n  No PC access log yet\n"));
@@ -4004,7 +4133,7 @@ pcCmd.command("log").description("Show PC access audit log").option("-n, --lines
 	process.exit(0);
 });
 pcCmd.command("run <command>").description("Run a shell command via PC access (must be enabled)").action(async (command) => {
-	const { loadPCAccessConfig, getPCAccessTools } = await Promise.resolve().then(() => require("./src-CbNutLsJ.js"));
+	const { loadPCAccessConfig, getPCAccessTools } = await Promise.resolve().then(() => require("./src-DZtpIvWJ.js"));
 	const cfg = await loadPCAccessConfig();
 	if (!cfg.enabled) {
 		console.log(chalk.default.red("\n  ✖  PC access disabled. Run: hyperclaw pc enable\n"));
@@ -4035,35 +4164,34 @@ program.command("setup").description("Setup wizard — alias for `hyperclaw onbo
 });
 async function runUpdateCheck() {
 	try {
-		const { checkForUpdates: checkForUpdates$1, notifyUpdateAvailable } = await Promise.resolve().then(() => require("./update-check-DSazWOCY.js"));
-		const path$8 = require("path");
+		const { checkForUpdates: checkForUpdates$1, notifyUpdateAvailable } = await Promise.resolve().then(() => require("./update-check-CaHNCDqe.js"));
+		const path$5 = require("path");
 		const { readFileSync } = require("fs");
-		const pkgPath = path$8.resolve(__dirname, "../package.json");
+		const pkgPath = path$5.resolve(__dirname, "../package.json");
 		const current = JSON.parse(readFileSync(pkgPath, "utf8")).version;
 		const result = await checkForUpdates$1(current);
 		if (result?.available) notifyUpdateAvailable(current, result.latest);
 	} catch {}
 }
 if (process.argv.length === 2) (async () => {
-	const { ConfigManager: ConfigManager$1 } = await Promise.resolve().then(() => require("./manager-e1-NZQbZ.js"));
+	const { ConfigManager: ConfigManager$1 } = await Promise.resolve().then(() => require("./manager-B90HEHxe.js"));
 	const cfg = await new ConfigManager$1().load().catch(() => null);
 	if (cfg?.provider?.apiKey || cfg?.provider?.providerId) {
 		await new require_onboard.Banner().showNeonBanner(false);
-		const { getTheme } = await Promise.resolve().then(() => require("./theme-D0smfC_l.js"));
+		const { getTheme } = await Promise.resolve().then(() => require("./theme-DdZT-Bq4.js"));
 		const t = getTheme(false);
 		const chalk$11 = require("chalk");
 		console.log(t.bold("  Quick actions:\n"));
+		console.log(`  ${t.c("hyperclaw chat")}                      — chat with agent (terminal)`);
 		console.log(`  ${t.c("hyperclaw onboard")}                    — re-run setup wizard`);
-		console.log(`  ${t.c("hyperclaw onboard --install-daemon")}   — wizard + daemon (full PC access)`);
 		console.log(`  ${t.c("hyperclaw daemon start")}               — start background service`);
-		console.log(`  ${t.c("hyperclaw daemon stop")}                — stop background service`);
 		console.log(`  ${t.c("hyperclaw daemon status")}              — service status`);
-		console.log(`  ${t.c("hyperclaw gateway start")}              — start gateway (foreground)`);
 		console.log(`  ${t.c("hyperclaw status")}                     — system overview`);
+		console.log(`  ${t.c("hyperclaw doctor")}                     — health check & fix issues`);
 		console.log(`  ${t.c("hyperclaw --help")}                     — all commands\n`);
 	} else {
 		await new require_onboard.Banner().showNeonBanner(false);
-		const { HyperClawWizard: HyperClawWizard$1 } = await Promise.resolve().then(() => require("./onboard-UOJHCkZj.js"));
+		const { HyperClawWizard: HyperClawWizard$1 } = await Promise.resolve().then(() => require("./onboard-BHKBzytX.js"));
 		await new HyperClawWizard$1().run({ wizard: true });
 	}
 	await runUpdateCheck();