instar 0.8.7 → 0.8.9

package/.vercel/README.txt

@@ -0,0 +1,11 @@
+> Why do I have a folder named ".vercel" in my project?
+The ".vercel" folder is created when you link a directory to a Vercel project.
+
+> What does the "project.json" file contain?
+The "project.json" file contains:
+- The ID of the Vercel project that you linked ("projectId")
+- The ID of the user or team your Vercel project is owned by ("orgId")
+
+> Should I commit the ".vercel" folder?
+No, you should not share the ".vercel" folder with anyone.
+Upon creation, it will be automatically added to your ".gitignore" file.

package/.vercel/project.json

@@ -0,0 +1 @@
+{"projectId":"prj_evM5LcItYL3IAmw8zNvEPGrHeaya","orgId":"team_dHctwIDcV3X9ydapQlCPHFGI","projectName":"claude-agent-kit"}

package/dashboard/index.html

@@ -401,11 +401,149 @@
       margin-top: 8px;
     }
 
+    /* Mobile back button */
+    .back-btn {
+      display: none;
+      padding: 6px 12px;
+      border-radius: 6px;
+      border: 1px solid var(--border);
+      background: var(--bg);
+      color: var(--text);
+      font-size: 13px;
+      cursor: pointer;
+      margin-right: 8px;
+    }
+
+    .back-btn:hover { background: var(--bg-hover); }
+
     /* Scrollbar */
     ::-webkit-scrollbar { width: 6px; }
     ::-webkit-scrollbar-track { background: transparent; }
     ::-webkit-scrollbar-thumb { background: #333; border-radius: 3px; }
     ::-webkit-scrollbar-thumb:hover { background: #444; }
+
+    /* ── Mobile responsive ─────────────────────────────────── */
+    @media (max-width: 768px) {
+      .app {
+        grid-template-columns: 1fr;
+      }
+
+      .sidebar {
+        border-right: none;
+        border-bottom: 1px solid var(--border);
+      }
+
+      /* In mobile, sidebar and main toggle visibility */
+      .app.terminal-active .sidebar {
+        display: none;
+      }
+
+      .app:not(.terminal-active) .main {
+        display: none;
+      }
+
+      .app.terminal-active .back-btn {
+        display: inline-block;
+      }
+
+      /* Larger tap targets */
+      .session-item {
+        padding: 14px 12px;
+        margin-bottom: 4px;
+      }
+
+      .session-name {
+        font-size: 15px;
+      }
+
+      .session-meta {
+        font-size: 12px;
+        margin-top: 4px;
+      }
+
+      .action-btn {
+        padding: 8px 14px;
+        font-size: 14px;
+      }
+
+      .terminal-actions {
+        gap: 4px;
+        flex-wrap: wrap;
+      }
+
+      .terminal-header {
+        padding: 8px 12px;
+        flex-wrap: wrap;
+        gap: 8px;
+      }
+
+      .terminal-header .session-info {
+        flex: 1;
+        min-width: 0;
+      }
+
+      .terminal-header .session-info h3 {
+        font-size: 13px;
+        white-space: nowrap;
+        overflow: hidden;
+        text-overflow: ellipsis;
+      }
+
+      /* Input bar — stack on very small screens */
+      .input-bar {
+        padding: 8px;
+        gap: 6px;
+      }
+
+      .input-bar input {
+        font-size: 16px; /* Prevents iOS zoom on focus */
+        padding: 10px 12px;
+      }
+
+      .input-bar button {
+        padding: 10px 14px;
+        font-size: 14px;
+      }
+
+      /* Terminal font smaller on mobile */
+      .terminal-container {
+        padding: 2px;
+      }
+
+      /* Auth box responsive */
+      .auth-box {
+        width: calc(100vw - 32px);
+        max-width: 360px;
+        padding: 24px;
+      }
+
+      .auth-box input {
+        font-size: 16px; /* Prevents iOS zoom */
+        padding: 12px 14px;
+      }
+
+      .auth-box button {
+        padding: 12px;
+        font-size: 15px;
+      }
+
+      /* Header compact */
+      .header {
+        padding: 10px 14px;
+      }
+
+      .header h1 {
+        font-size: 15px;
+      }
+
+      .header .logo {
+        font-size: 18px;
+      }
+
+      .sidebar-header {
+        padding: 12px 14px;
+      }
+    }
   </style>
 </head>
 <body>
@@ -413,8 +551,8 @@
   <div class="auth-overlay" id="authOverlay">
     <div class="auth-box">
       <h2>Instar Dashboard</h2>
-      <p>Enter your auth token to connect</p>
-      <input type="password" id="tokenInput" placeholder="Bearer token..." autofocus>
+      <p>Enter your PIN to connect</p>
+      <input type="password" id="pinInput" placeholder="PIN..." autofocus inputmode="numeric">
       <button onclick="authenticate()">Connect</button>
       <div class="auth-error" id="authError" style="display:none"></div>
     </div>
@@ -455,6 +593,7 @@
       <div id="terminalView" style="display:none">
         <div class="terminal-header">
           <div class="session-info">
+            <button class="back-btn" onclick="goBack()" title="Back to sessions">&larr;</button>
             <h3 id="termSessionName">—</h3>
             <span class="model-badge" id="termModelBadge" style="display:none"></span>
           </div>
@@ -488,17 +627,35 @@
 
     // ── Auth ─────────────────────────────────────────────────
     function authenticate() {
-      token = document.getElementById('tokenInput').value.trim();
-      if (!token) {
-        showAuthError('Please enter a token');
+      const pin = document.getElementById('pinInput').value.trim();
+      if (!pin) {
+        showAuthError('Please enter a PIN');
         return;
       }
 
-      // Test token by hitting /health with auth
-      const port = window.location.port || location.port;
-      fetch(`/health`, {
-        headers: { 'Authorization': `Bearer ${token}` }
+      // Try PIN-based unlock first, fall back to direct token auth
+      fetch('/dashboard/unlock', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ pin }),
       })
+        .then(r => {
+          if (r.ok) return r.json();
+          if (r.status === 429) throw new Error('Too many attempts. Try again later.');
+          if (r.status === 403) return r.json().then(d => { throw new Error(d.error || 'Incorrect PIN'); });
+          // No PIN endpoint (404) — try as raw token
+          return null;
+        })
+        .then(data => {
+          if (data && data.token) {
+            token = data.token;
+          } else {
+            // Fall back: treat input as raw Bearer token
+            token = pin;
+          }
+          // Verify the token works
+          return fetch('/health', { headers: { 'Authorization': `Bearer ${token}` } });
+        })
         .then(r => {
           if (r.ok) {
             localStorage.setItem('instar_token', token);
@@ -506,10 +663,10 @@
             document.getElementById('app').style.display = 'grid';
             connectWebSocket();
           } else {
-            showAuthError('Invalid token');
+            showAuthError('Incorrect PIN');
           }
         })
-        .catch(() => showAuthError('Cannot connect to server'));
+        .catch(err => showAuthError(err.message || 'Cannot connect to server'));
     }
 
     function showAuthError(msg) {
@@ -522,7 +679,7 @@
     const stored = localStorage.getItem('instar_token');
     if (stored) {
       token = stored;
-      fetch(`/health`, { headers: { 'Authorization': `Bearer ${token}` } })
+      fetch('/health', { headers: { 'Authorization': `Bearer ${token}` } })
         .then(r => {
           if (r.ok) {
             document.getElementById('authOverlay').style.display = 'none';
@@ -533,8 +690,8 @@
         .catch(() => {});
     }
 
-    // Enter on token input
-    document.getElementById('tokenInput').addEventListener('keydown', e => {
+    // Enter on PIN input
+    document.getElementById('pinInput').addEventListener('keydown', e => {
       if (e.key === 'Enter') authenticate();
     });
 
@@ -674,7 +831,7 @@
         }
 
         const elapsed = formatElapsed(session.startedAt);
-        const model = session.model || 'sonnet';
+        const model = session.model || 'opus';
         const isActive = session.tmuxSession === activeSession;
 
         el.className = `session-item${isActive ? ' active' : ''}`;
@@ -698,6 +855,9 @@
 
       activeSession = tmuxSession;
 
+      // Mobile: show terminal, hide sidebar
+      document.getElementById('app').classList.add('terminal-active');
+
       // Update UI
       document.getElementById('noSession').style.display = 'none';
       document.getElementById('terminalView').style.display = 'flex';
@@ -757,7 +917,7 @@
           brightCyan: '#99f6e4',
           brightWhite: '#eee',
         },
-        fontSize: 13,
+        fontSize: window.innerWidth <= 768 ? 11 : 13,
         fontFamily: "'SF Mono', 'Fira Code', 'JetBrains Mono', 'Cascadia Code', monospace",
         cursorBlink: false,
         cursorStyle: 'underline',
@@ -790,6 +950,18 @@
       term.scrollToBottom();
     }
 
+    function goBack() {
+      // Mobile: go back to session list
+      if (activeSession) {
+        wsSend({ type: 'unsubscribe', session: activeSession });
+      }
+      activeSession = null;
+      document.getElementById('app').classList.remove('terminal-active');
+      document.getElementById('terminalView').style.display = 'none';
+      document.getElementById('noSession').style.display = 'flex';
+      renderSessionList();
+    }
+
     // ── Input ────────────────────────────────────────────────
     function sendInput() {
       const input = document.getElementById('termInput');

package/dist/cli.js

@@ -443,7 +443,7 @@ jobCmd
     .requiredOption('--schedule <cron>', 'Cron expression')
     .option('--description <desc>', 'Job description')
     .option('--priority <priority>', 'Priority (critical|high|medium|low)', 'medium')
-    .option('--model <model>', 'Model tier (opus|sonnet|haiku)', 'sonnet')
+    .option('--model <model>', 'Model tier (opus|sonnet|haiku)', 'opus')
     .option('--type <type>', 'Execution type (skill|prompt|script)', 'prompt')
     .option('--execute <value>', 'Execution value (skill name, prompt text, or script path)')
     .action(addJob);

package/dist/commands/init.js

@@ -970,7 +970,7 @@ function getDefaultJobs(port) {
             schedule: '0 */4 * * *',
             priority: 'medium',
             expectedDurationMinutes: 5,
-            model: 'sonnet',
+            model: 'opus',
             enabled: true,
             execute: {
                 type: 'prompt',
@@ -985,7 +985,7 @@ function getDefaultJobs(port) {
             schedule: '0 9 * * *',
             priority: 'low',
             expectedDurationMinutes: 3,
-            model: 'sonnet',
+            model: 'opus',
             enabled: true,
             execute: {
                 type: 'prompt',
@@ -1048,7 +1048,7 @@ function getDefaultJobs(port) {
             schedule: '0 */2 * * *',
             priority: 'medium',
             expectedDurationMinutes: 3,
-            model: 'sonnet',
+            model: 'opus',
             enabled: true,
             gate: `curl -sf http://localhost:${port}/health >/dev/null 2>&1`,
             execute: {
@@ -1088,7 +1088,7 @@ If everything looks healthy, exit silently. Only report issues.`,
             schedule: '0 */6 * * *',
             priority: 'medium',
             expectedDurationMinutes: 5,
-            model: 'sonnet',
+            model: 'opus',
             enabled: true,
             gate: `curl -sf http://localhost:${port}/evolution/proposals?status=proposed 2>/dev/null | python3 -c "import sys,json; d=json.load(sys.stdin); exit(0 if len(d.get('proposals',[])) > 0 else 1)"`,
             execute: {
@@ -1117,7 +1117,7 @@ If no proposals need attention, exit silently.`,
             schedule: '0 */8 * * *',
             priority: 'low',
             expectedDurationMinutes: 3,
-            model: 'sonnet',
+            model: 'opus',
             enabled: true,
             gate: `curl -sf http://localhost:${port}/evolution/learnings?applied=false 2>/dev/null | python3 -c "import sys,json; d=json.load(sys.stdin); exit(0 if len(d.get('learnings',[])) > 0 else 1)"`,
             execute: {

package/dist/commands/job.js

@@ -26,7 +26,7 @@ export async function addJob(options) {
         schedule: options.schedule,
         priority: (options.priority || 'medium'),
         expectedDurationMinutes: 5,
-        model: (options.model || 'sonnet'),
+        model: (options.model || 'opus'),
         enabled: options.enabled !== false,
         execute: {
             type: (options.type || 'prompt'),

package/dist/core/Config.js

@@ -163,6 +163,7 @@ export function loadConfig(projectDir) {
             healthCheckIntervalMs: 30000,
         },
         authToken: fileConfig.authToken,
+        dashboardPin: fileConfig.dashboardPin,
         relationships: fileConfig.relationships || {
             relationshipsDir: path.join(stateDir, 'relationships'),
             maxRecentInteractions: 20,

package/dist/core/PostUpdateMigrator.js

@@ -135,11 +135,6 @@ When user input starts with \`[telegram:N]\` (e.g., \`[telegram:26] hello\`), th
 
 **IMMEDIATE ACKNOWLEDGMENT (MANDATORY):** When you receive a Telegram message, your FIRST action — before reading files, searching code, or doing any work — must be sending a brief acknowledgment back. This confirms the message was received and you haven't stalled. Examples: "Got it, looking into this now." / "On it — checking the scheduler." / "Received, working on the sync." Then do the work, then send the full response.
 
-**Message types:**
-- **Text**: \`[telegram:26] hello there\` — standard text message
-- **Voice**: \`[telegram:26] [voice] transcribed text here\` — voice message, already transcribed
-- **Photo**: \`[telegram:26] [image:/path/to/file.jpg]\` or \`[telegram:26] [image:/path/to/file.jpg] caption text\` — use the Read tool to view the image at the given path
-
 **Response relay:** After completing your work, relay your response back:
 
 \`\`\`bash
@@ -168,17 +163,6 @@ Strip the \`[telegram:N]\` prefix before interpreting the message. Respond natur
                 }
             }
         }
-        // Upgrade existing Telegram Relay sections to document image message format
-        if (this.config.hasTelegram && content.includes('Telegram Relay') && !content.includes('[image:')) {
-            const imageBlock = `\n**Message types:**\n- **Text**: \`[telegram:N] hello there\` — standard text message\n- **Voice**: \`[telegram:N] [voice] transcribed text here\` — voice message, already transcribed\n- **Photo**: \`[telegram:N] [image:/path/to/file.jpg]\` or with caption — use the Read tool to view the image at the given path\n`;
-            // Insert before the Response relay section
-            const relayIdx = content.indexOf('**Response relay:**');
-            if (relayIdx >= 0) {
-                content = content.slice(0, relayIdx) + imageBlock + '\n' + content.slice(relayIdx);
-                patched = true;
-                result.upgraded.push('CLAUDE.md: added image/photo message format to Telegram Relay');
-            }
-        }
         // Private Viewer + Tunnel section
         if (!content.includes('Private Viewing') && !content.includes('POST /view')) {
             const section = `

package/dist/core/types.d.ts

@@ -615,6 +615,8 @@ export interface InstarConfig {
     monitoring: MonitoringConfig;
     /** Auth token for API access (generated during setup) */
     authToken?: string;
+    /** PIN for dashboard web access (simpler than authToken, used for mobile/remote login) */
+    dashboardPin?: string;
     /** Relationship tracking config */
     relationships?: RelationshipManagerConfig;
     /** Feedback loop config */

package/dist/lifeline/TelegramLifeline.d.ts

@@ -38,14 +38,6 @@ export declare class TelegramLifeline {
     start(): Promise<void>;
     private poll;
     private processUpdate;
-    /**
-     * Handle an incoming photo message: download it and forward/queue with [image:path] content.
-     */
-    private handlePhotoMessage;
-    /**
-     * Download a photo from Telegram and save it to the state directory.
-     */
-    private downloadPhoto;
     /**
      * Forward a message to the Instar server's Telegram webhook.
      */

package/dist/lifeline/TelegramLifeline.js

@@ -233,14 +233,7 @@ export class TelegramLifeline {
     }
     async processUpdate(update) {
         const msg = update.message;
-        if (!msg)
-            return;
-        // Handle photo messages
-        if (msg.photo && msg.photo.length > 0 && !msg.text) {
-            await this.handlePhotoMessage(msg);
-            return;
-        }
-        if (!msg.text)
+        if (!msg || !msg.text)
             return;
         const topicId = msg.message_thread_id ?? 1;
         const text = msg.text;
@@ -283,73 +276,6 @@ export class TelegramLifeline {
         // Notify user that message is queued
         await this.sendToTopic(topicId, `Server is temporarily down. Your message has been queued (${this.queue.length} in queue). It will be delivered when the server recovers.`);
     }
-    /**
-     * Handle an incoming photo message: download it and forward/queue with [image:path] content.
-     */
-    async handlePhotoMessage(msg) {
-        const topicId = msg.message_thread_id ?? 1;
-        const photos = msg.photo;
-        const photo = photos[photos.length - 1]; // highest resolution
-        const caption = msg.caption ?? '';
-        let content;
-        let photoPath;
-        try {
-            photoPath = await this.downloadPhoto(photo.file_id, msg.message_id);
-            content = caption ? `[image:${photoPath}] ${caption}` : `[image:${photoPath}]`;
-        }
-        catch (err) {
-            // Download failed — forward caption or placeholder so message isn't silently dropped
-            content = caption ? `[image:download-failed] ${caption}` : '[image:download-failed]';
-            console.error(`[lifeline] Failed to download photo: ${err}`);
-        }
-        if (this.supervisor.healthy) {
-            const forwarded = await this.forwardToServer(topicId, content, msg);
-            if (forwarded) {
-                await this.sendToTopic(topicId, '✓ Delivered');
-                return;
-            }
-        }
-        // Queue the photo message (server down or forward failed)
-        this.queue.enqueue({
-            id: `tg-${msg.message_id}`,
-            topicId,
-            text: content,
-            fromUserId: msg.from.id,
-            fromUsername: msg.from.username,
-            fromFirstName: msg.from.first_name,
-            timestamp: new Date(msg.date * 1000).toISOString(),
-            photoPath,
-        });
-        if (this.supervisor.healthy) {
-            await this.sendToTopic(topicId, `Server is restarting. Your photo has been queued (${this.queue.length} in queue). It will be delivered when the server recovers.`);
-        }
-        else {
-            await this.sendToTopic(topicId, `Server is temporarily down. Your photo has been queued (${this.queue.length} in queue). It will be delivered when the server recovers.`);
-        }
-    }
-    /**
-     * Download a photo from Telegram and save it to the state directory.
-     */
-    async downloadPhoto(fileId, messageId) {
-        // Get file path from Telegram
-        const infoRes = await fetch(`https://api.telegram.org/bot${this.config.token}/getFile?file_id=${encodeURIComponent(fileId)}`);
-        if (!infoRes.ok)
-            throw new Error(`getFile failed: ${infoRes.status}`);
-        const infoData = await infoRes.json();
-        if (!infoData.ok || !infoData.result?.file_path)
-            throw new Error('getFile returned no path');
-        const filePath = infoData.result.file_path;
-        const photoDir = path.join(this.projectConfig.stateDir, 'telegram-images');
-        fs.mkdirSync(photoDir, { recursive: true });
-        const filename = `photo-${Date.now()}-${messageId}.jpg`;
-        const localPath = path.join(photoDir, filename);
-        const fileRes = await fetch(`https://api.telegram.org/file/bot${this.config.token}/${filePath}`);
-        if (!fileRes.ok)
-            throw new Error(`File download failed: ${fileRes.status}`);
-        const buf = Buffer.from(await fileRes.arrayBuffer());
-        fs.writeFileSync(localPath, buf);
-        return localPath;
-    }
     /**
      * Forward a message to the Instar server's Telegram webhook.
      */

package/dist/server/AgentServer.js

@@ -10,6 +10,7 @@
 import express from 'express';
 import fs from 'node:fs';
 import path from 'node:path';
+import { createHash, timingSafeEqual } from 'node:crypto';
 import { fileURLToPath } from 'node:url';
 import { createRoutes } from './routes.js';
 import { corsMiddleware, authMiddleware, requestTimeout, errorHandler } from './middleware.js';
@@ -38,6 +39,50 @@ export class AgentServer {
             res.sendFile(path.join(dashboardDir, 'index.html'));
         });
         this.app.use('/dashboard', express.static(dashboardDir));
+        // PIN-based dashboard unlock — exchanges a short PIN for the auth token.
+        // Placed before auth middleware so the dashboard can call it without a token.
+        if (options.config.dashboardPin && options.config.authToken) {
+            const pinAttempts = new Map();
+            const MAX_ATTEMPTS = 5;
+            const WINDOW_MS = 5 * 60 * 1000; // 5-minute window
+            this.app.post('/dashboard/unlock', (req, res) => {
+                const ip = req.ip || req.socket.remoteAddress || 'unknown';
+                // Rate limit by IP
+                const now = Date.now();
+                let entry = pinAttempts.get(ip);
+                if (entry && now > entry.resetAt) {
+                    pinAttempts.delete(ip);
+                    entry = undefined;
+                }
+                if (entry && entry.count >= MAX_ATTEMPTS) {
+                    res.status(429).json({ error: 'Too many attempts. Try again later.' });
+                    return;
+                }
+                const { pin } = req.body;
+                if (!pin || typeof pin !== 'string') {
+                    res.status(400).json({ error: 'Missing PIN' });
+                    return;
+                }
+                const ha = createHash('sha256').update(pin).digest();
+                const hb = createHash('sha256').update(options.config.dashboardPin).digest();
+                if (!timingSafeEqual(ha, hb)) {
+                    // Track failed attempt
+                    if (!entry) {
+                        entry = { count: 0, resetAt: now + WINDOW_MS };
+                        pinAttempts.set(ip, entry);
+                    }
+                    entry.count++;
+                    const remaining = MAX_ATTEMPTS - entry.count;
+                    res.status(403).json({
+                        error: 'Incorrect PIN',
+                        attemptsRemaining: remaining,
+                    });
+                    return;
+                }
+                // PIN correct — return the auth token
+                res.json({ token: options.config.authToken });
+            });
+        }
         this.app.use(authMiddleware(options.config.authToken));
         this.app.use(requestTimeout(options.config.requestTimeoutMs));
         // Routes
@@ -97,6 +142,7 @@ export class AgentServer {
                     sessionManager: this.sessionManager,
                     state: this.state,
                     authToken: this.config.authToken,
+                    instarDir: this.config.stateDir,
                 });
                 resolve();
             });

package/dist/server/WebSocketManager.d.ts

@@ -36,11 +36,13 @@ export declare class WebSocketManager {
     private sessionManager;
     private state;
     private authToken?;
+    private registryPath?;
     constructor(options: {
         server: HttpServer;
         sessionManager: SessionManager;
         state: StateManager;
         authToken?: string;
+        instarDir?: string;
     });
     private authenticate;
     private verifyToken;
@@ -50,6 +52,12 @@ export declare class WebSocketManager {
      * Uses diff-based approach: only sends new content since last capture.
      */
     private startStreaming;
+    /**
+     * Resolve display names by cross-referencing the topic-session registry.
+     * Maps tmux session names to their Telegram topic names.
+     */
+    private getTopicDisplayNames;
+    private buildSessionList;
     private sendSessionList;
     private broadcastSessionList;
     private clientId;

package/dist/server/WebSocketManager.js

@@ -25,6 +25,8 @@
  */
 import { WebSocketServer, WebSocket } from 'ws';
 import { createHash, timingSafeEqual } from 'node:crypto';
+import fs from 'node:fs';
+import path from 'node:path';
 export class WebSocketManager {
     wss;
     clients = new Map();
@@ -35,10 +37,14 @@ export class WebSocketManager {
     sessionManager;
     state;
     authToken;
+    registryPath;
     constructor(options) {
         this.sessionManager = options.sessionManager;
         this.state = options.state;
         this.authToken = options.authToken;
+        if (options.instarDir) {
+            this.registryPath = path.join(options.instarDir, 'topic-session-registry.json');
+        }
         this.wss = new WebSocketServer({
             noServer: true,
         });
@@ -226,32 +232,52 @@ export class WebSocketManager {
         }, 500);
         this.streamInterval.unref();
     }
-    sendSessionList(ws) {
+    /**
+     * Resolve display names by cross-referencing the topic-session registry.
+     * Maps tmux session names to their Telegram topic names.
+     */
+    getTopicDisplayNames() {
+        const map = new Map();
+        if (!this.registryPath)
+            return map;
+        try {
+            const data = JSON.parse(fs.readFileSync(this.registryPath, 'utf-8'));
+            const topicToSession = data.topicToSession || {};
+            const topicToName = data.topicToName || {};
+            // Build reverse map: tmux session name → topic display name
+            for (const [topicId, tmuxSession] of Object.entries(topicToSession)) {
+                const name = topicToName[topicId];
+                if (name) {
+                    map.set(tmuxSession, name);
+                }
+            }
+        }
+        catch {
+            // Registry missing or corrupt — skip
+        }
+        return map;
+    }
+    buildSessionList() {
         const running = this.sessionManager.listRunningSessions();
-        const sessions = running.map(s => ({
+        const displayNames = this.getTopicDisplayNames();
+        return running.map(s => ({
             id: s.id,
-            name: s.name,
+            name: displayNames.get(s.tmuxSession) || s.name,
             tmuxSession: s.tmuxSession,
             status: s.status,
             startedAt: s.startedAt,
             jobSlug: s.jobSlug,
             model: s.model,
         }));
+    }
+    sendSessionList(ws) {
+        const sessions = this.buildSessionList();
         this.send(ws, { type: 'sessions', sessions });
     }
     broadcastSessionList() {
         if (this.clients.size === 0)
             return;
-        const running = this.sessionManager.listRunningSessions();
-        const sessions = running.map(s => ({
-            id: s.id,
-            name: s.name,
-            tmuxSession: s.tmuxSession,
-            status: s.status,
-            startedAt: s.startedAt,
-            jobSlug: s.jobSlug,
-            model: s.model,
-        }));
+        const sessions = this.buildSessionList();
         const msg = JSON.stringify({ type: 'sessions', sessions });
         for (const client of this.clients.values()) {
             if (client.ws.readyState === WebSocket.OPEN) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "instar",
-  "version": "0.8.7",
+  "version": "0.8.9",
   "description": "Persistent autonomy infrastructure for AI agents",
   "type": "module",
   "main": "dist/index.js",