kojee-mcp 0.5.0 → 0.5.3

package/README.md

@@ -91,14 +91,47 @@ To remove kojee from Claude:
 npx kojee-mcp init --uninstall
 ```
 
+## Runtime-aware setup wizard (`init` selects the runtime)
+
+`kojee-mcp init` is a runtime-aware wizard. The runtime selector is its core — one
+proxy adapts to four harnesses. Bare `init` with no flag and no TTY still defaults
+to `claude-code` (unchanged), so existing setups have zero regression.
+
+```bash
+npx kojee-mcp init                       # interactive (prompts when stdin is a TTY)
+npx kojee-mcp init --runtime claude-code # Claude Code (default): MCP entry + Stop/UserPromptSubmit hooks
+npx kojee-mcp init --runtime codex --webhook-url https://your-receiver/kojee
+                                         # Codex: writes ~/.codex/config.toml + a codex-stop hook
+npx kojee-mcp init --runtime hermes --webhook-url https://your-receiver/kojee
+npx kojee-mcp init --runtime openclaw --webhook-url https://your-receiver/kojee
+                                         # daemon runtimes: print/record the webhook-sink env to export
+```
+
+- **codex** — writes `[mcp_servers.kojee]` (with `env.KOJEE_RUNTIME="codex"` + the
+  webhook env) into `~/.codex/config.toml`, and a `codex-stop` Stop hook into
+  `~/.codex/hooks.json`. A `KOJEE_WEBHOOK_SECRET` is generated if you don't supply
+  one. Codex has no Claude-style channel injection, so its wake is the **webhook
+  sink + a stop-hook fast PEEK + a model-chosen bounded `tandem_listen` (cap 8s,
+  never a blanket long-poll)**. See `docs/RUNTIMES.md`.
+- **hermes / openclaw** — run the proxy as a daemon and consume the webhook sink;
+  the wizard writes no config/hooks of ours, validates the webhook env, and prints
+  + records the env to export (secret redacted).
+
+`kojee-mcp init --uninstall` is runtime-aware (uses the recorded runtime when
+`--runtime` is omitted). `kojee-mcp doctor` is runtime-aware too.
+
+> **Codex is build+PARK only:** there is no real Codex CLI on the build box, so the
+> adapter + wizard are unit/integration-tested only. Live-Codex end-to-end is
+> unverified — the wizard prints this note after a `--runtime codex` install.
+
 ## Claude Code Channels Support
 
 When this proxy detects it's running under Claude Code, it declares the `claude/channel` capability and pushes Tandem messages directly into the Claude session via `notifications/claude/channel`. Other MCP clients (Cursor, Codex, Openclaw, etc.) see no behavior change.
 
 **Runtime detection (3 tiers, first match wins):**
-1. `KOJEE_RUNTIME=claude-code` env var (set by `kojee-mcp init` in the MCP entry's `env` block — survives Claude.app's env strip)
-2. `CLAUDE_CODE_SESSION_ID` env var (set by the terminal `claude` CLI; **not** forwarded by Claude.app to MCP stdio servers)
-3. Process-ancestry walk for a parent process whose command line matches `\bclaude\b` (handles fresh installs where neither env var is present)
+1. `KOJEE_RUNTIME` env var — `claude-code` → CC, `codex` → Codex (set by `kojee-mcp init` in the MCP entry's `env` block — survives Claude.app's env strip). This is the **primary** path for Codex.
+2. `CLAUDE_CODE_SESSION_ID` env var (set by the terminal `claude` CLI; **not** forwarded by Claude.app to MCP stdio servers). CC only — Codex has no documented stable equivalent, so there is no Tier-2 Codex path.
+3. Process-ancestry walk for a parent process whose command line matches `\bclaude\b` (→ CC) or `\bcodex\b` (→ Codex) — low-confidence fallback for fresh installs where no env var is present.
 
 CC Channels are in research preview — you must launch CC with `claude --dangerously-load-development-channels server:kojee` until kojee is on the official allowlist.
 
@@ -174,6 +207,79 @@ The proxy normalizes incoming SSE events from `/api/v2/tandems/stream` so that t
 
 The normalizer also accepts canonical (spec-aligned) payloads unchanged, so the proxy works against either shape during any future backend migration.
 
+## Webhook Sink (daemonized wake)
+
+For runtimes that run the proxy as a daemon and inject Tandem events into a
+session via a **local HTTP receiver** (e.g. Hermes), the proxy can POST every
+Tandem event to a configured endpoint. It is a generic delivery sink — nothing
+in it is Hermes-specific — and it is **OFF by default**.
+
+| Env var | Meaning |
+|---|---|
+| `KOJEE_WEBHOOK_URL` | Receiver endpoint (http/https). **Unset ⇒ sink OFF** (zero behavior change). |
+| `KOJEE_WEBHOOK_SECRET` | HMAC-SHA256 key for the signature header. URL set but secret unset ⇒ sink **DISABLED with an error** (the proxy NEVER sends unsigned webhooks). |
+| `KOJEE_WEBHOOK_TIMEOUT_MS` | Per-attempt request timeout (default `5000`). |
+| `KOJEE_WEBHOOK_MAX_RETRIES` | Retries on a retryable failure — network / 5xx / 408 / 429 (default `4`). |
+| `KOJEE_WEBHOOK_SIGNATURE_HEADER` | Header name carrying the signature (default `X-Kojee-Signature`). |
+| `KOJEE_WEBHOOK_SIGNATURE_PREFIX` | Literal string prepended to the hex digest (default empty — bare hex). |
+| `KOJEE_WEBHOOK_SIGNATURE_FORMAT` | Optional preset. `github` ⇒ header `X-Hub-Signature-256`, prefix `sha256=` (the GitHub-webhook convention). Explicit `_HEADER`/`_PREFIX` vars override the preset's corresponding value. Unknown values are **warned about once and ignored** — never fatal. |
+
+**Signature emission is configurable (0.5.3)** — the HMAC *computation* never
+changes (hex SHA-256 HMAC of the raw body bytes, keyed by
+`KOJEE_WEBHOOK_SECRET`); only the header name and an optional digest prefix do.
+Defaults are byte-identical to 0.5.2. For a GitHub-convention receiver (Hermes
+and most off-the-shelf webhook verifiers):
+
+```bash
+export KOJEE_WEBHOOK_SIGNATURE_FORMAT=github
+# Each POST then carries:
+#   X-Hub-Signature-256: sha256=<hex HMAC-SHA256 of the raw body, keyed by KOJEE_WEBHOOK_SECRET>
+# which verifies with any GitHub-style check, e.g.:
+#   expected = "sha256=" + HMAC_SHA256_hex(secret, raw_body)
+#   timing_safe_equal(header, expected)
+```
+
+Or set the pieces individually (these override the preset):
+
+```bash
+export KOJEE_WEBHOOK_SIGNATURE_HEADER="X-Hub-Signature-256"
+export KOJEE_WEBHOOK_SIGNATURE_PREFIX="sha256="
+```
+
+The wizard can persist this non-interactively, e.g.
+`kojee-mcp init --runtime hermes --webhook-url https://… --webhook-signature-format github`
+(also `--webhook-signature-header` / `--webhook-signature-prefix`).
+
+**Receiver contract** (the single source of truth is `buildWebhookReceiverNote()`
+in `src/tandem/recipe.ts`, and the exact body shape is the `WEBHOOK_BODY_SHAPE`
+constant beside it):
+
+- **Body** — each POST carries the **canonical normalized `TandemEvent`** as JSON
+  (the real field names a receiver sees, *not* the backend wire shape):
+
+  ```
+  { type, id, tandem_id, cursor, time,
+    from{ member_id, principal, agent_id?, session_id?, displayname },
+    kind, content{ body, format? }, mentions?, reply_to?, severity? }
+  ```
+
+  `from.session_id` and `severity` are present only when the wire carried them.
+  There is no `sender` object — the body is fully normalized and carries
+  `from.principal`.
+- **Verify** the `X-Kojee-Signature` header: it is the hex-encoded SHA-256 HMAC
+  of the **raw request-body bytes**, keyed by `KOJEE_WEBHOOK_SECRET`. Recompute
+  over the received bytes (before any re-serialization) and timing-safe compare;
+  reject mismatches.
+- **Dedupe** by `message_id` (the body's `id`, also in the `X-Kojee-Delivery`
+  header). Delivery is **at-least-once** — the proxy replays backlog from the
+  cursor on restart, so the same event may arrive more than once. There is **no
+  exactly-once** promise; the receiver's dedupe is what makes redelivery safe.
+
+The sink is isolated and fire-and-forget: a slow, hanging, or failing webhook can
+never delay or break the Monitor (event-log) or Channel wake paths. The status
+log redacts the secret and strips any basic-auth credentials embedded in
+`KOJEE_WEBHOOK_URL`.
+
 ## Development
 
 Run tests:
@@ -199,7 +305,7 @@ Some tools are governed by approval policies configured in the Kojee dashboard.
 3. The proxy translates this into a clear MCP response telling the agent that the action is awaiting human approval.
 4. Once approved (via dashboard, Slack, or other configured channel), the agent can retry the call and it will succeed.
 
-Step-up re-authentication and nonce rotation are handled transparently -- the agent never needs to deal with auth mechanics.
+Nonce rotation is handled transparently -- the agent never needs to deal with auth mechanics. Step-up re-authentication is a **deprecated** feature (removed 2026-06-10): the proxy no longer polls for approval. Should a `step_up_required` response ever still occur, it surfaces immediately as a structured tool error carrying the reason, rather than a silent multi-minute wait.
 
 ## Troubleshooting
 

package/dist/{chunk-VLZADEFC.js → chunk-2TUAFAIW.js}

@@ -1,6 +1,9 @@
 import {
   sessionDiscoveryDir
-} from "./chunk-W6YRLSD4.js";
+} from "./chunk-DO42NPNR.js";
+import {
+  secureFile
+} from "./chunk-BLEGIR35.js";
 
 // src/tandem/event-log.ts
 import fs from "fs";
@@ -26,15 +29,9 @@ function startEventLog(opts) {
   const statusPath = statusLogPath(filePath);
   fs.mkdirSync(dir, { recursive: true });
   fs.writeFileSync(filePath, "", { mode: 384 });
-  try {
-    fs.chmodSync(filePath, 384);
-  } catch {
-  }
+  secureFile(filePath);
   fs.writeFileSync(statusPath, "", { mode: 384 });
-  try {
-    fs.chmodSync(statusPath, 384);
-  } catch {
-  }
+  secureFile(statusPath);
   let writtenIds = /* @__PURE__ */ new Set();
   let bytesWritten = 0;
   let linesWritten = 0;

package/dist/chunk-BLEGIR35.js

@@ -0,0 +1,43 @@
+// src/secure-file.ts
+import fs from "fs";
+import os from "os";
+import { execFileSync } from "child_process";
+function isWindows() {
+  return process.platform === "win32";
+}
+function secureFile(filePath) {
+  if (isWindows()) {
+    restrictAclToCurrentUser(filePath, "(F)");
+  } else {
+    try {
+      fs.chmodSync(filePath, 384);
+    } catch {
+    }
+  }
+}
+function secureDir(dirPath) {
+  if (isWindows()) {
+    restrictAclToCurrentUser(dirPath, "(OI)(CI)(F)");
+  } else {
+    try {
+      fs.chmodSync(dirPath, 448);
+    } catch {
+    }
+  }
+}
+function restrictAclToCurrentUser(target, permission) {
+  try {
+    const user = os.userInfo().username;
+    execFileSync(
+      "icacls",
+      [target, "/inheritance:r", "/grant:r", `${user}:${permission}`],
+      { stdio: "ignore" }
+    );
+  } catch {
+  }
+}
+
+export {
+  secureFile,
+  secureDir
+};

package/dist/chunk-C6GZ2L2W.js

@@ -0,0 +1,38 @@
+// src/tandem/recipe.ts
+var SEND_BODY_PARAM = "body";
+function buildMonitorCommand(logPath) {
+  return `npx kojee-mcp tail "${logPath}"`;
+}
+function buildMonitorSpawn(logPath) {
+  return `Monitor(command=\`${buildMonitorCommand(logPath)}\`, persistent=true, description="kojee Tandem events")`;
+}
+function buildReplyRecipe(event) {
+  if (event) {
+    return `reply directly with tandem_send(tandem_id="${event.tandem_id}", ${SEND_BODY_PARAM}="...", reply_to="${event.message_id}"); fetch context only if needed via tandem_messages(tandem_id, since=cursor-1)`;
+  }
+  return `reply directly with tandem_send(tandem_id, ${SEND_BODY_PARAM}, reply_to=<msg>); fetch context only if needed via tandem_messages(tandem_id, since=cursor-1)`;
+}
+function buildCatchUpNote() {
+  return "If the event line `cursor=<n>` ever jumps (a gap) or the log resets (the proxy caps and truncates the messages log in place on overflow \u2014 a `status=rotated` line is recorded in the status sibling), you may have missed messages: catch up with tandem_messages(tandem_id, since=<last cursor you saw>).";
+}
+function buildMonitorNudge(logPath) {
+  return `[kojee] Tandem events are being logged but no Monitor is reading them \u2014 you may be missing wake notifications. Spawn the watcher once: ${buildMonitorSpawn(logPath)}. Then ${buildReplyRecipe()}.`;
+}
+var WEBHOOK_BODY_SHAPE = "{ type, id, tandem_id, cursor, time, from{ member_id, principal, agent_id?, session_id?, displayname }, kind, content{ body, format? }, mentions?, reply_to?, severity? }";
+function buildWebhookReceiverNote() {
+  return "Webhook sink (optional, OFF unless KOJEE_WEBHOOK_URL + KOJEE_WEBHOOK_SECRET are set): the proxy POSTs every Tandem event as JSON to your endpoint. The body is the canonical normalized TandemEvent \u2014 " + WEBHOOK_BODY_SHAPE + " \u2014 where from.session_id and severity are present only when the wire carried them (the body is fully normalized: it carries from.principal, never the raw backend sender envelope). To build a receiver: (1) verify the X-Kojee-Signature header \u2014 it is the hex-encoded SHA-256 HMAC of the RAW request body bytes keyed by your KOJEE_WEBHOOK_SECRET; recompute over the received bytes and timing-safe compare, reject mismatches. (2) Dedupe by message_id \u2014 the body's `id`, also in the X-Kojee-Delivery header: delivery is AT-LEAST-ONCE (the proxy replays backlog from the cursor on restart), so the same event may arrive more than once \u2014 there is no exactly-once promise.";
+}
+var CODEX_LISTEN_CAP_MS = 8e3;
+function buildCodexWakeReason(cursor) {
+  return `[kojee] new Tandem event(s) pending (cursor=${cursor}). If relevant to your task, drain them now: call tandem_messages(tandem_id, since=${cursor - 1}) to read, then ` + buildReplyRecipe() + `. If you expect an imminent reply and want to wait for exactly one, call tandem_listen(tandem_id, since=${cursor}, timeout_ms<=${CODEX_LISTEN_CAP_MS}) \u2014 a BOUNDED wait, cap 8s, NEVER an unconditional long-poll. If not relevant, ignore.`;
+}
+
+export {
+  buildMonitorSpawn,
+  buildReplyRecipe,
+  buildCatchUpNote,
+  buildMonitorNudge,
+  buildWebhookReceiverNote,
+  CODEX_LISTEN_CAP_MS,
+  buildCodexWakeReason
+};

package/dist/{chunk-W6YRLSD4.js → chunk-DO42NPNR.js}

@@ -1,3 +1,8 @@
+import {
+  secureDir,
+  secureFile
+} from "./chunk-BLEGIR35.js";
+
 // src/tandem/session-discovery.ts
 import fs from "fs";
 import os from "os";
@@ -14,16 +19,10 @@ function discoveryFileName(key) {
 function writeSessionDiscovery(sessionId, entry) {
   const dir = sessionDiscoveryDir();
   fs.mkdirSync(dir, { recursive: true, mode: 448 });
-  try {
-    fs.chmodSync(dir, 448);
-  } catch {
-  }
+  secureDir(dir);
   const filePath = sessionDiscoveryPath(sessionId);
   fs.writeFileSync(filePath, JSON.stringify(entry, null, 2), { mode: 384 });
-  try {
-    fs.chmodSync(filePath, 384);
-  } catch {
-  }
+  secureFile(filePath);
 }
 function readSessionDiscovery(sessionId) {
   try {
@@ -45,16 +44,10 @@ function discoveryPathForKey(key) {
 function writeDiscoveryByKey(key, entry) {
   const dir = sessionDiscoveryDir();
   fs.mkdirSync(dir, { recursive: true, mode: 448 });
-  try {
-    fs.chmodSync(dir, 448);
-  } catch {
-  }
+  secureDir(dir);
   const filePath = discoveryPathForKey(key);
   fs.writeFileSync(filePath, JSON.stringify(entry, null, 2), { mode: 384 });
-  try {
-    fs.chmodSync(filePath, 384);
-  } catch {
-  }
+  secureFile(filePath);
 }
 function cleanupDiscoveryByKey(key) {
   try {

package/dist/chunk-EW72ZNQL.js

@@ -0,0 +1,39 @@
+import {
+  kojeeHomeDir
+} from "./chunk-SQL56SEB.js";
+import {
+  secureFile
+} from "./chunk-BLEGIR35.js";
+
+// src/wizard/runtime-record.ts
+import fs from "fs";
+import path from "path";
+function runtimeRecordPath() {
+  return path.join(kojeeHomeDir(), ".kojee", "runtime");
+}
+function recordRuntime(runtime, recordPath = runtimeRecordPath()) {
+  fs.mkdirSync(path.dirname(recordPath), { recursive: true, mode: 448 });
+  fs.writeFileSync(recordPath, runtime + "\n", { mode: 384 });
+  secureFile(recordPath);
+}
+function readRecordedRuntime(recordPath = runtimeRecordPath()) {
+  try {
+    const raw = fs.readFileSync(recordPath, "utf8").trim();
+    return raw.length > 0 ? raw : null;
+  } catch {
+    return null;
+  }
+}
+function clearRuntimeRecord(recordPath = runtimeRecordPath()) {
+  try {
+    fs.unlinkSync(recordPath);
+  } catch {
+  }
+}
+
+export {
+  runtimeRecordPath,
+  recordRuntime,
+  readRecordedRuntime,
+  clearRuntimeRecord
+};

package/dist/chunk-F7L25L2J.js

@@ -0,0 +1,60 @@
+// src/tandem/webhook-config.ts
+var WEBHOOK_DEFAULT_TIMEOUT_MS = 5e3;
+var WEBHOOK_DEFAULT_MAX_RETRIES = 4;
+function redactUrlUserinfo(rawUrl, parsed) {
+  if (!parsed.username && !parsed.password) return rawUrl;
+  parsed.username = "";
+  parsed.password = "";
+  return parsed.toString();
+}
+function parsePositiveInt(raw, fallback) {
+  if (raw === void 0) return fallback;
+  const n = Number(raw);
+  if (!Number.isFinite(n) || !Number.isInteger(n) || n <= 0) return fallback;
+  return n;
+}
+function resolveWebhookConfig(env = process.env) {
+  const url = (env["KOJEE_WEBHOOK_URL"] ?? "").trim();
+  if (!url) {
+    return { enabled: false, config: null };
+  }
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    return {
+      enabled: false,
+      config: null,
+      error: `KOJEE_WEBHOOK_URL is not a valid URL \u2014 webhook sink DISABLED`
+    };
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    return {
+      enabled: false,
+      config: null,
+      error: `KOJEE_WEBHOOK_URL must be http(s) (got ${parsed.protocol}) \u2014 webhook sink DISABLED`
+    };
+  }
+  const secret = (env["KOJEE_WEBHOOK_SECRET"] ?? "").trim();
+  if (!secret) {
+    return {
+      enabled: false,
+      config: null,
+      error: "KOJEE_WEBHOOK_URL is set but KOJEE_WEBHOOK_SECRET is missing \u2014 webhook sink DISABLED (the proxy NEVER sends unsigned webhooks)"
+    };
+  }
+  const timeoutMs = parsePositiveInt(env["KOJEE_WEBHOOK_TIMEOUT_MS"], WEBHOOK_DEFAULT_TIMEOUT_MS);
+  const maxRetries = parsePositiveInt(env["KOJEE_WEBHOOK_MAX_RETRIES"], WEBHOOK_DEFAULT_MAX_RETRIES);
+  const safeUrl = redactUrlUserinfo(url, parsed);
+  const redactedSummary = `url=${safeUrl} secret=<redacted> timeoutMs=${timeoutMs} maxRetries=${maxRetries}`;
+  return {
+    enabled: true,
+    config: { url, secret, timeoutMs, maxRetries, redactedSummary }
+  };
+}
+
+export {
+  WEBHOOK_DEFAULT_TIMEOUT_MS,
+  WEBHOOK_DEFAULT_MAX_RETRIES,
+  resolveWebhookConfig
+};

package/dist/chunk-LVL25VLO.js

@@ -0,0 +1,22 @@
+// src/wizard/runtimes.ts
+var WIZARD_RUNTIMES = ["claude-code", "hermes", "openclaw", "codex"];
+var WEBHOOK_RUNTIMES = /* @__PURE__ */ new Set([
+  "hermes",
+  "openclaw"
+]);
+function isWizardRuntime(value) {
+  return WIZARD_RUNTIMES.includes(value);
+}
+var RUNTIME_MENU = [
+  { index: 1, runtime: "claude-code" },
+  { index: 2, runtime: "hermes" },
+  { index: 3, runtime: "openclaw" },
+  { index: 4, runtime: "codex" }
+];
+
+export {
+  WIZARD_RUNTIMES,
+  WEBHOOK_RUNTIMES,
+  isWizardRuntime,
+  RUNTIME_MENU
+};

package/dist/chunk-SQL56SEB.js

@@ -0,0 +1,14 @@
+// src/wizard/home.ts
+import os from "os";
+function kojeeHomeDir() {
+  const env = process.env;
+  const homeKey = "HOME";
+  const profileKey = "USERPROFILE";
+  const fromEnv = env[homeKey] ?? env[profileKey];
+  if (fromEnv && fromEnv.length > 0) return fromEnv;
+  return os.homedir();
+}
+
+export {
+  kojeeHomeDir
+};

package/dist/{chunk-QB22PD6T.js → chunk-WBMX4CHB.js}

@@ -259,15 +259,22 @@ async function consumeSse(body, opts, controller, state, onCursor) {
                 console.error("[event-stream] event-log append failed:", err);
               }
             }
+            if (opts.adapter.supportsChannels) {
+              try {
+                const channel = opts.adapter.formatTandemEvent(parsed);
+                await opts.server.notification({
+                  method: "notifications/claude/channel",
+                  params: channel
+                });
+                opts.queue?.markChannelDelivered(parsed.id);
+              } catch (err) {
+                console.error("[event-stream] channel notification failed:", err);
+              }
+            }
             try {
-              const channel = opts.adapter.formatTandemEvent(parsed);
-              await opts.server.notification({
-                method: "notifications/claude/channel",
-                params: channel
-              });
-              opts.queue?.markChannelDelivered(parsed.id);
+              opts.webhookSink?.enqueue(parsed);
             } catch (err) {
-              console.error("[event-stream] channel notification failed:", err);
+              console.error("[event-stream] webhook enqueue failed:", err);
             }
           } catch (err) {
             console.error("[event-stream] failed to handle event:", err);
@@ -316,6 +323,10 @@ function drainSseEvents(input) {
 function sleep(ms) {
   return new Promise((r) => setTimeout(r, ms));
 }
+var MAX_DISPLAYNAME_CHARS = 64;
+function sanitizeDisplayname(name) {
+  return name.replace(/[\x00-\x1f\x7f]+/g, " ").replace(/\s+/g, " ").trim().slice(0, MAX_DISPLAYNAME_CHARS);
+}
 function normalizeBackendEvent(raw, sseEventType) {
   const obj = raw ?? {};
   const maybeFrom = obj["from"];
@@ -325,7 +336,14 @@ function normalizeBackendEvent(raw, sseEventType) {
   const sender = obj["sender"] ?? {};
   const principal = sender["principal_id"] ?? "";
   const agentId = sender["agent_id"];
-  const displayname = principal ? `principal:${principal.slice(0, 8)}` : "unknown";
+  const rawSessionId = sender["session_id"];
+  const sessionId = typeof rawSessionId === "string" && rawSessionId.trim() ? rawSessionId : void 0;
+  const rawSeverity = obj["severity"];
+  const severity = typeof rawSeverity === "string" && rawSeverity.trim() ? rawSeverity : void 0;
+  const rawDisplay = sender["display"];
+  const trimmedDisplay = typeof rawDisplay === "string" ? rawDisplay.trim() : "";
+  const safeDisplay = trimmedDisplay ? sanitizeDisplayname(trimmedDisplay) : "";
+  const displayname = safeDisplay ? safeDisplay : principal ? `principal:${principal.slice(0, 8)}` : "unknown";
   const type = sseEventType === "state_change" ? "state_change" : "message";
   const kind = obj["kind"] ?? "message";
   return {
@@ -338,6 +356,7 @@ function normalizeBackendEvent(raw, sseEventType) {
       member_id: "",
       principal,
       ...agentId ? { agent_id: agentId } : {},
+      ...sessionId ? { session_id: sessionId } : {},
       displayname
     },
     kind,
@@ -346,7 +365,8 @@ function normalizeBackendEvent(raw, sseEventType) {
       ...typeof obj["format"] === "string" ? { format: obj["format"] } : {}
     },
     ...Array.isArray(obj["mentions"]) ? { mentions: obj["mentions"] } : {},
-    ...obj["reply_to"] !== void 0 ? { reply_to: obj["reply_to"] } : {}
+    ...obj["reply_to"] !== void 0 ? { reply_to: obj["reply_to"] } : {},
+    ...severity ? { severity } : {}
   };
 }