kumo-cli 1.0.1 → 1.0.3

package/dist/index.js

@@ -1,88 +1,56 @@
 #!/usr/bin/env node
-import WebSocket from 'ws';
-import http from 'http';
-import https from 'https';
 import fs from 'node:fs';
-import path from 'node:path';
-import os from 'node:os';
-import { fileURLToPath } from 'node:url';
-import { startHookServer } from './hookServer.js';
-import { generateHookSettingsFile } from './generateHookSettings.js';
-import { spawnClaude, writeToProcess } from './spawn.js';
-import { SessionScanner } from './sessionScanner.js';
-import { PtyMenuParser } from './ptyMenuParser.js';
-import { PtySnapshotRenderer } from './ptySnapshotRenderer.js';
-import { loadDotEnv } from './loadDotEnv.js';
-import { TerminalManager } from './terminalManager.js';
-import { loadIgnoredNames } from './ignorePaths.js';
-import { loadCredentials, saveCredentials, clearCredentials, credentialsPath } from './credentialsStore.js';
-import readline from 'node:readline';
-import { randomUUID } from 'node:crypto';
-loadDotEnv();
-function normalizeServerHttpUrl(input) {
-    const u = new URL(input);
-    if (u.protocol === 'ws:')
-        u.protocol = 'http:';
-    if (u.protocol === 'wss:')
-        u.protocol = 'https:';
-    if (u.pathname === '/ws')
-        u.pathname = '/';
-    if (u.pathname.endsWith('/ws'))
-        u.pathname = u.pathname.slice(0, -3) || '/';
-    return u.toString().replace(/\/$/, '');
+import { startHookServer } from './claude/hookServer.js';
+import { generateHookSettingsFile } from './claude/generateHookSettings.js';
+import { SessionScanner } from './claude/sessionScanner.js';
+import { TerminalManager } from './pty/terminalManager.js';
+import { loadIgnoredNames } from './utils/ignorePaths.js';
+import { loadCredentials, saveCredentials, clearCredentials, credentialsPath } from './auth/credentialsStore.js';
+import { loadDotEnv } from './core/loadDotEnv.js';
+import { log } from './core/logger.js';
+import { SERVER_HTTP, FILE_WATCH_DEBOUNCE_MS } from './core/config.js';
+import { ModelService } from './services/modelService.js';
+import { EffortService } from './services/effortService.js';
+import { ClaudeService } from './services/claudeService.js';
+import * as sessionService from './services/sessionService.js';
+import { pairFlow, checkBackendReachable, verifyCredentials } from './services/pairingService.js';
+import { WsClient } from './transport/wsClient.js';
+import { createMessageRouter } from './handlers/messageRouter.js';
+function extractEnvFileArg(argv) {
+    const cliArgs = [];
+    let envFilePath = null;
+    for (let idx = 0; idx < argv.length; idx += 1) {
+        const arg = argv[idx];
+        if (arg === '--env-file') {
+            const nextArg = argv[idx + 1];
+            if (!nextArg) {
+                throw new Error('[kumo-cli] missing value for --env-file');
+            }
+            envFilePath = nextArg;
+            idx += 1;
+            continue;
+        }
+        if (arg.startsWith('--env-file=')) {
+            envFilePath = arg.slice('--env-file='.length);
+            continue;
+        }
+        cliArgs.push(arg);
+    }
+    return { envFilePath, cliArgs };
 }
-function normalizeServerWsUrl(input) {
-    const u = new URL(input);
-    if (u.protocol === 'http:')
-        u.protocol = 'ws:';
-    if (u.protocol === 'https:')
-        u.protocol = 'wss:';
-    if (u.pathname === '/' || u.pathname === '')
-        u.pathname = '/ws';
-    return u.toString().replace(/\/$/, '');
+const { envFilePath, cliArgs: bootArgs } = extractEnvFileArg(process.argv.slice(2));
+if (envFilePath) {
+    loadDotEnv(envFilePath);
 }
-const serverUrl = process.env.KUMO_SERVER_URL;
-const SERVER_HTTP = normalizeServerHttpUrl(process.env.KUMO_SERVER_HTTP_URL ?? serverUrl ?? 'https://kumocli.com');
-const SERVER_WS = normalizeServerWsUrl(process.env.KUMO_SERVER_WS_URL ?? serverUrl ?? 'wss://kumocli.com/ws');
-const SERVER_PORT = parseInt(process.env.KUMO_PORT ?? '443', 10);
-let ws = null;
-let claudeProcess = null;
-let spawnCleanup = null;
-let scanner = null;
-let reconnectTimer = null;
-let claudeSettingsPath = '';
-let claudeArgs = [];
+let activeCredentials = null;
 let currentSessionId = null;
-const SNAPSHOT_DIR = path.resolve(fileURLToPath(import.meta.url), '..', '..', '..', 'claude-data-snapshot');
-let snapshotScanner = null;
 let pendingPrompt = null;
-let lastWsSendAt = 0;
-let pendingSelectNudgeTimer = null;
-function safePath(requestedPath) {
-    const projectRoot = process.cwd();
-    const resolved = path.resolve(projectRoot, path.normalize(requestedPath || '.'));
-    if (!resolved.startsWith(projectRoot + path.sep) && resolved !== projectRoot) {
-        throw new Error('path traversal blocked');
-    }
-    return resolved;
-}
-function copyRecursive(src, dest) {
-    const stat = fs.statSync(src);
-    if (stat.isDirectory()) {
-        fs.mkdirSync(dest, { recursive: true });
-        for (const child of fs.readdirSync(src)) {
-            copyRecursive(path.join(src, child), path.join(dest, child));
-        }
-    }
-    else {
-        fs.copyFileSync(src, dest);
-    }
-}
+let startScannerAtEnd = false;
+let scanner = null;
 let fileWatcher = null;
-const IGNORED_PATHS = loadIgnoredNames(process.cwd());
-const fileWatchDebounceMap = new Map();
-const FILE_WATCH_DEBOUNCE_MS = 300;
-function startFileWatcher() {
+let pairedResolved = false;
+let pairedResolve = null;
+function startFileWatcher(send) {
     if (fileWatcher) {
         try {
             fileWatcher.close();
@@ -91,20 +59,22 @@ function startFileWatcher() {
         fileWatcher = null;
     }
     const projectRoot = process.cwd();
+    const ignored = loadIgnoredNames(projectRoot);
+    const debounceMap = new Map();
     try {
         fileWatcher = fs.watch(projectRoot, { recursive: true }, (event, filename) => {
             if (!filename)
                 return;
             const normalized = filename.replace(/\\/g, '/');
             const parts = normalized.split('/');
-            if (parts.some(p => IGNORED_PATHS.has(p) || p.startsWith('.')))
+            if (parts.some((p) => ignored.has(p) || p.startsWith('.')))
                 return;
-            const prev = fileWatchDebounceMap.get(normalized);
+            const prev = debounceMap.get(normalized);
             if (prev)
                 clearTimeout(prev);
-            fileWatchDebounceMap.set(normalized, setTimeout(() => {
-                fileWatchDebounceMap.delete(normalized);
-                sendToServer({ type: 'file_changed', path: normalized, event });
+            debounceMap.set(normalized, setTimeout(() => {
+                debounceMap.delete(normalized);
+                send({ type: 'file_changed', path: normalized, event });
                 log(`[watcher] ${event}: ${normalized}`);
             }, FILE_WATCH_DEBOUNCE_MS));
         });
@@ -114,1304 +84,54 @@ function startFileWatcher() {
         log(`[watcher] failed to start: ${e}`);
     }
 }
-let autoAcceptedApiKeyDialog = false;
-let isRespawning = false;
-let startScannerAtEnd = false;
-let sessionSwitchCounter = 0;
-const terminalManager = new TerminalManager((terminalId, data) => {
-    sendToServer({ type: 'terminal_output', terminalId, data });
-}, (terminalId, exitCode) => {
-    log(`[terminal] ${terminalId} exited with code ${exitCode}`);
-    sendToServer({ type: 'terminal_closed', terminalId, exitCode });
-});
-let pairedResolve = null;
-const pairedPromise = new Promise((resolve) => { pairedResolve = resolve; });
-const PROJECT_TMP_DIR = path.resolve(fileURLToPath(import.meta.url), '..', '..', 'tmp');
-const LOGS_DIR = path.resolve(fileURLToPath(import.meta.url), '..', '..', 'logs');
-if (!fs.existsSync(PROJECT_TMP_DIR))
-    fs.mkdirSync(PROJECT_TMP_DIR, { recursive: true });
-if (!fs.existsSync(LOGS_DIR))
-    fs.mkdirSync(LOGS_DIR, { recursive: true });
-const sessionStart = new Date().toISOString().replace(/[:.]/g, '-');
-const debugLog = fs.createWriteStream(path.join(PROJECT_TMP_DIR, 'kumo-pty-debug.log'), { flags: 'w' });
-const eventLog = fs.createWriteStream(path.join(LOGS_DIR, `cli-${sessionStart}.log`), { flags: 'w' });
-function log(msg) {
-    const line = `[${new Date().toISOString()}] ${msg}`;
-    eventLog.write(line + '\n');
-}
-let ptyBuffer = '';
-let ptyFlushTimer = null;
-const PTY_FLUSH_MS = 120;
-const PTY_MAX_CHUNK = 8000;
-let ptySnapshotRenderer = new PtySnapshotRenderer(process.stdout.columns ?? 120, process.stdout.rows ?? 30);
-function sanitizePtyPreview(data) {
-    return data
-        .replace(/\x1B\][^\x07]*(?:\x07|\x1B\\)/g, '')
-        .replace(/\x1B\[[0-?]*[ -/]*[@-~]/g, '')
-        .replace(/\s+/g, ' ')
-        .slice(0, 100);
-}
-function flushPtyUpdates() {
-    if (!ptyBuffer)
-        return;
-    ptyBuffer = '';
-    ptySnapshotRenderer.flushSnapshot();
-}
-function queuePtyData(chunk) {
-    ptyBuffer += chunk;
-    ptySnapshotRenderer.feed(chunk);
-    if (ptyBuffer.length >= PTY_MAX_CHUNK) {
-        if (ptyFlushTimer) {
-            clearTimeout(ptyFlushTimer);
-            ptyFlushTimer = null;
-        }
-        flushPtyUpdates();
-        return;
-    }
-    if (!ptyFlushTimer) {
-        ptyFlushTimer = setTimeout(() => {
-            ptyFlushTimer = null;
-            flushPtyUpdates();
-        }, PTY_FLUSH_MS);
-    }
-}
-let pingInterval = null;
-let menuIdCounter = 0;
-const menuParser = new PtyMenuParser((element) => {
-    switch (element.type) {
-        case 'selection':
-            if (element.options.length === 0) {
-                log(`[parser] ignoring empty menu`);
-                break;
-            }
-            if (element.title.includes('Bypass Permissions')) {
-                const yesIndex = element.options.findIndex((o) => o.label.trim().toLowerCase().includes('yes'));
-                if (yesIndex >= 0 && claudeProcess) {
-                    const delta = yesIndex - element.selectedIndex;
-                    const key = delta < 0 ? '\x1b[A' : '\x1b[B';
-                    for (let i = 0; i < Math.abs(delta); i++) {
-                        claudeProcess.write(key);
-                    }
-                    claudeProcess.write('\r');
-                    log(`[parser] auto-accepted bypass permissions dialog`);
-                    break;
-                }
-            }
-            if (!autoAcceptedApiKeyDialog && (element.title.includes('Detected a custom API key') || element.title.includes('Do you want to use this API key'))) {
-                const yesIndex = element.options.findIndex((o) => o.label.trim().toLowerCase() === 'yes');
-                if (yesIndex >= 0 && claudeProcess) {
-                    autoAcceptedApiKeyDialog = true;
-                    const delta = yesIndex - element.selectedIndex;
-                    const key = delta < 0 ? '\x1b[A' : '\x1b[B';
-                    for (let i = 0; i < Math.abs(delta); i++) {
-                        claudeProcess.write(key);
-                    }
-                    claudeProcess.write('\r');
-                    log(`[parser] auto-accepted custom api key dialog`);
-                    break;
-                }
-            }
-            menuIdCounter++;
-            const id = `menu-${menuIdCounter}`;
-            log(`[parser] menu detected: "${element.title}" (${element.options.length} opts, selected: ${element.selectedIndex})`);
-            log(`[parser] options: ${JSON.stringify(element.options)}`);
-            sendToServer({
-                type: 'prompt_options',
-                id,
-                title: element.title,
-                description: element.description,
-                options: element.options,
-                selectedIndex: element.selectedIndex,
-                hint: element.hint,
-                footer: element.footer,
-            });
-            break;
-        case 'input':
-            log(`[parser] input: "${element.label}" = "${element.value}"`);
-            sendToServer({
-                type: 'text_input',
-                label: element.label,
-                value: element.value,
-                placeholder: element.placeholder,
-                cursorPosition: element.cursorPosition,
-            });
-            break;
-        case 'notification':
-            log(`[parser] notification: [${element.level}] ${element.message}`);
-            sendToServer({
-                type: 'notification',
-                level: element.level,
-                message: element.message,
-            });
-            break;
-        case 'status':
-            log(`[parser] status: model=${element.model}, effort=${element.effort}, logged=${element.loggedIn}`);
-            sendToServer({
-                type: 'cli_status',
-                loggedIn: element.loggedIn,
-                model: element.model,
-                effort: element.effort,
-                workingDir: element.workingDir,
-            });
-            break;
-        case 'session':
-            log(`[parser] session: ${element.sessionId}`);
-            sendToServer({
-                type: 'session_info',
-                sessionId: element.sessionId,
-                resumeCommand: element.resumeCommand,
-            });
-            break;
-        case 'prompt':
-            break;
-    }
-});
-function sendToServer(data) {
-    if (ws && ws.readyState === WebSocket.OPEN) {
-        lastWsSendAt = Date.now();
-        ws.send(JSON.stringify(data));
-    }
-}
-function dispatchPrompt(text) {
-    if (!claudeProcess)
-        return;
-    if (text.trim() === '/login') {
-        menuParser.reset();
-    }
-    writeToProcess(claudeProcess, text);
-}
-function handleSelectOption(value) {
-    if (!claudeProcess) {
-        log(`[select_option] no claude process!`);
-        return;
-    }
-    log(`[select_option] sending: "${value}" (without Enter)`);
-    menuParser.reset();
-    claudeProcess.write(value);
-    if (pendingSelectNudgeTimer)
-        clearTimeout(pendingSelectNudgeTimer);
-    const baseline = lastWsSendAt;
-    pendingSelectNudgeTimer = setTimeout(() => {
-        pendingSelectNudgeTimer = null;
-        if (!claudeProcess)
-            return;
-        if (lastWsSendAt === baseline)
-            nudgeResize();
-    }, 1000);
-}
-function nudgeResize() {
-    if (!claudeProcess)
-        return;
-    const cols = process.stdout.columns ?? 120;
-    const rows = process.stdout.rows ?? 30;
-    const deltaCols = 1;
-    const backDelayMs = 5;
-    try {
-        claudeProcess.resize(cols + deltaCols, rows);
-        setTimeout(() => {
-            try {
-                claudeProcess?.resize(cols, rows);
-            }
-            catch { }
-        }, backDelayMs);
-    }
-    catch { }
-}
-function removeResumeArgs(args) {
-    const result = [];
-    for (let i = 0; i < args.length; i++) {
-        if (args[i] === '--resume' || args[i] === '-r') {
-            i++;
-        }
-        else {
-            result.push(args[i]);
-        }
-    }
-    return result;
-}
-// strip any existing --model / --model=... / -m flag pairs
-function removeModelArgs(args) {
-    const result = [];
-    for (let i = 0; i < args.length; i++) {
-        const a = args[i];
-        if (a === '--model' || a === '-m') {
-            i++;
-            continue;
-        }
-        if (a.startsWith('--model='))
-            continue;
-        result.push(a);
-    }
-    return result;
-}
-let currentModel = null;
-// apply an incoming model payload to claudeArgs and the env used at spawn time
-function applyModel(payload) {
-    claudeArgs = removeModelArgs(claudeArgs);
-    if (payload && typeof payload === 'object') {
-        const p = payload;
-        const model = typeof p['model'] === 'string' ? p['model'] : '';
-        if (model) {
-            currentModel = {
-                model,
-                baseURL: typeof p['baseURL'] === 'string' ? p['baseURL'] : undefined,
-                apiKey: typeof p['apiKey'] === 'string' ? p['apiKey'] : undefined,
-            };
-            claudeArgs.push('--model', model);
-            return;
-        }
-    }
-    currentModel = null;
-}
-// build env overrides for claude pty based on currentModel
-function buildClaudeEnv() {
-    const env = {
-        ANTHROPIC_BASE_URL: undefined,
-        ANTHROPIC_API_KEY: undefined,
-    };
-    if (currentModel?.baseURL)
-        env.ANTHROPIC_BASE_URL = currentModel.baseURL;
-    if (currentModel?.apiKey)
-        env.ANTHROPIC_API_KEY = currentModel.apiKey;
-    return env;
-}
-// fetch the user's current default model from backend using deviceToken.
-// returns null on any failure or when no default is set.
-async function fetchDefaultModel() {
-    if (!activeCredentials?.deviceToken)
-        return null;
-    try {
-        const res = await httpGetWithAuth(`${SERVER_HTTP}/api/cli/default-model`, activeCredentials.deviceToken);
-        if (res.status !== 200 || !res.data || typeof res.data !== 'object')
-            return null;
-        const d = res.data;
-        const model = typeof d['model'] === 'string' ? d['model'] : '';
-        if (!model)
-            return null;
-        return {
-            model,
-            baseURL: typeof d['baseURL'] === 'string' ? d['baseURL'] : undefined,
-            apiKey: typeof d['apiKey'] === 'string' ? d['apiKey'] : undefined,
-        };
-    }
-    catch {
-        return null;
-    }
-}
-function httpGetWithAuth(url, token) {
-    return new Promise((resolve, reject) => {
-        const urlObj = new URL(url);
-        const isHttps = urlObj.protocol === 'https:';
-        const transport = isHttps ? https : http;
-        const options = {
-            hostname: urlObj.hostname,
-            port: urlObj.port || (isHttps ? 443 : 80),
-            path: urlObj.pathname + urlObj.search,
-            method: 'GET',
-            headers: { Authorization: `Bearer ${token}` },
-        };
-        const req = transport.request(options, (res) => {
-            let raw = '';
-            res.on('data', (chunk) => { raw += chunk; });
-            res.on('end', () => {
-                try {
-                    resolve({ status: res.statusCode ?? 0, data: JSON.parse(raw) });
-                }
-                catch {
-                    resolve({ status: res.statusCode ?? 0, data: raw });
-                }
-            });
-        });
-        req.on('error', reject);
-        req.end();
-    });
-}
-// before each spawn, refresh the active model from backend so that
-// changes to the user's default (or freshly-set defaults) take effect
-// even without an explicit ws message.
-async function ensureModelBeforeSpawn() {
-    if (currentModel)
-        return;
-    const def = await fetchDefaultModel();
-    if (def) {
-        applyModel({ model: def.model, baseURL: def.baseURL, apiKey: def.apiKey });
-    }
-}
-function spawnClaudeNow() {
-    log(`[spawn] spawning claude, args=${JSON.stringify(claudeArgs)}, cwd=${process.cwd()}`);
-    if (claudeProcess) {
-        isRespawning = true;
-        try {
-            claudeProcess.kill();
-        }
-        catch { }
-        claudeProcess = null;
-    }
-    spawnCleanup?.();
-    spawnCleanup = null;
-    scanner?.stop();
-    scanner = null;
-    snapshotScanner?.stop();
-    snapshotScanner = null;
-    autoAcceptedApiKeyDialog = false;
-    ptySnapshotRenderer.reset(process.stdout.columns ?? 120, process.stdout.rows ?? 30);
-    const { pty: child, cleanup } = spawnClaude([...claudeArgs, '--settings', claudeSettingsPath], (active) => sendToServer({ type: 'thinking', active }), (data) => {
-        debugLog.write(data);
-        menuParser.feed(data);
-        queuePtyData(data);
-    }, (cols, rows) => menuParser.resize(cols, rows), (pty) => { claudeProcess = pty; }, undefined, buildClaudeEnv());
-    spawnCleanup = cleanup;
-    child.onExit(({ exitCode }) => {
-        log(`[spawn] claude exited, exitCode=${exitCode}, isRespawning=${isRespawning}`);
-        flushPtyUpdates();
-        scanner?.stop();
-        if (isRespawning) {
-            isRespawning = false;
-            return;
-        }
-        if (reconnectTimer)
-            clearTimeout(reconnectTimer);
-        ws?.close();
-        process.exit(exitCode);
-    });
-    process.on('SIGINT', () => {
-        child.kill();
-    });
-}
-let activeCredentials = null;
-function connectToServer(onPaired, onOpen) {
-    ws = new WebSocket(SERVER_WS);
-    ws.on('open', () => {
-        log(`[ws] connected to ${SERVER_WS}`);
-        sendToServer({
-            type: 'register',
-            clientType: 'cli',
-            deviceToken: activeCredentials?.deviceToken,
-            deviceUuid: activeCredentials?.deviceUuid,
-            cwd: process.cwd(),
-        });
-        menuParser.reset();
-        if (pingInterval)
-            clearInterval(pingInterval);
-        pingInterval = setInterval(() => {
-            if (ws && ws.readyState === WebSocket.OPEN) {
-                ws.ping();
-            }
-        }, 20000);
-        if (onOpen) {
-            Promise.resolve(onOpen()).catch((e) => log(`[onOpen] error: ${e}`));
-        }
-    });
-    ws.on('ping', () => {
-        ws?.pong();
-    });
-    ws.on('message', (raw) => {
-        let msg;
-        try {
-            msg = JSON.parse(raw.toString());
-        }
-        catch {
-            return;
-        }
-        if (msg['type'] === 'paired') {
-            log(`[pairing] paired with app`);
-            console.log('\n\x1b[32m✓ App paired! Launching Claude...\x1b[0m\n');
-            pairedResolve?.();
-            pairedResolve = null;
-            startFileWatcher();
-            onPaired?.();
-            return;
-        }
-        if (msg['type'] === 'auth_error') {
-            const reason = msg['error'] ?? 'unknown';
-            log(`[ws] auth_error: ${reason}`);
-            console.error(`\n\x1b[31m✗ device authentication failed: ${reason}\x1b[0m`);
-            console.error('\x1b[33mthe device was likely removed from the Kumo app. clearing credentials...\x1b[0m');
-            clearCredentials();
-            if (reconnectTimer) {
-                clearTimeout(reconnectTimer);
-                reconnectTimer = null;
-            }
-            if (pingInterval) {
-                clearInterval(pingInterval);
-                pingInterval = null;
-            }
-            try {
-                ws?.close();
-            }
-            catch { }
-            ws = null;
-            console.error('\x1b[33mrun `kumo` again to pair with a new device.\x1b[0m');
-            process.exit(1);
-        }
-        if (msg['type'] === 'send_prompt') {
-            const text = msg['text'];
-            if (!text)
-                return;
-            if (claudeProcess) {
-                dispatchPrompt(text);
-            }
-            else {
-                pendingPrompt = text;
-            }
-        }
-        if (msg['type'] === 'select_option') {
-            const value = msg['value'];
-            log(`[ws recv] select_option: value="${value}"`);
-            if (value)
-                handleSelectOption(value);
-        }
-        if (msg['type'] === 'submit_input') {
-            const value = msg['value'];
-            log(`[ws recv] submit_input: value="${value}"`);
-            if (claudeProcess) {
-                menuParser.reset();
-                claudeProcess.write('\x15');
-                claudeProcess.write(value);
-                claudeProcess.write('\r');
-            }
-        }
-        if (msg['type'] === 'send_key') {
-            const key = msg['key'];
-            log(`[ws recv] send_key: key="${key}"`);
-            if (claudeProcess && key === 'esc') {
-                menuParser.reset();
-                claudeProcess.write('\x1b');
-            }
-        }
-        if (msg['type'] === 'nudge_resize') {
-            nudgeResize();
-        }
-        if (msg['type'] === 'request_session_list') {
-            const cwdArg = typeof msg['cwd'] === 'string' ? msg['cwd'] : undefined;
-            sendSessionList(cwdArg).catch((e) => log(`[request_session_list] error: ${e}`));
-            return;
-        }
-        if (msg['type'] === 'delete_session') {
-            const sessionId = typeof msg['sessionId'] === 'string' ? msg['sessionId'] : undefined;
-            const cwdArg = typeof msg['cwd'] === 'string' ? msg['cwd'] : undefined;
-            if (!sessionId)
-                return;
-            deleteSessionFile(sessionId, cwdArg)
-                .then(() => sendSessionList(cwdArg))
-                .catch((e) => log(`[delete_session] error: ${e}`));
-            return;
-        }
-        if (msg['type'] === 'request_session_history') {
-            applyModel(msg['model']);
-            handleSessionHistoryRequest(msg['sessionId']).catch((e) => log(`[session_history] error: ${e}`));
-            return;
-        }
-        if (msg['type'] === 'request_new_session') {
-            log(`[ws recv] request_new_session`);
-            applyModel(msg['model']);
-            claudeArgs = removeResumeArgs(claudeArgs);
-            startScannerAtEnd = false;
-            // if backend didn't include a model (e.g. app simply pressed "new"),
-            // fall back to user's default model resolved just-in-time.
-            ensureModelBeforeSpawn()
-                .catch(() => { })
-                .finally(() => spawnClaudeNow());
-            return;
-        }
-        if (msg['type'] === 'terminal_create') {
-            const cols = msg['cols'] || 120;
-            const rows = msg['rows'] || 30;
-            const cwd = msg['cwd'];
-            const terminalId = terminalManager.create(cols, rows, cwd);
-            log(`[terminal] created: ${terminalId}`);
-            sendToServer({ type: 'terminal_created', terminalId });
-            return;
-        }
-        if (msg['type'] === 'terminal_input') {
-            const terminalId = msg['terminalId'];
-            const data = msg['data'];
-            if (terminalId && data) {
-                terminalManager.write(terminalId, data);
-            }
-            return;
-        }
-        if (msg['type'] === 'terminal_resize') {
-            const terminalId = msg['terminalId'];
-            const cols = msg['cols'];
-            const rows = msg['rows'];
-            if (terminalId && cols && rows) {
-                terminalManager.resize(terminalId, cols, rows);
-                log(`[terminal] resize ${terminalId} -> ${cols}x${rows}`);
-            }
-            return;
-        }
-        if (msg['type'] === 'terminal_close') {
-            const terminalId = msg['terminalId'];
-            if (terminalId) {
-                terminalManager.close(terminalId);
-                log(`[terminal] closed: ${terminalId}`);
-            }
-            return;
-        }
-        if (msg['type'] === 'terminal_list') {
-            const terminals = terminalManager.list();
-            sendToServer({ type: 'terminal_list', terminals });
-            return;
-        }
-        if (msg['type'] === 'file_search') {
-            // recursively search files/folders by name (case-insensitive substring)
-            const query = (msg['query'] || '').trim().toLowerCase();
-            const basePath = msg['path'] || '';
-            const limit = Math.min(Math.max(msg['limit'] || 200, 1), 1000);
-            try {
-                const projectRoot = process.cwd();
-                const baseResolved = safePath(basePath || '.');
-                const ignored = loadIgnoredNames(projectRoot);
-                const results = [];
-                if (query.length === 0) {
-                    sendToServer({ type: 'file_search_result', query, entries: [] });
-                    return;
-                }
-                const stack = [baseResolved];
-                while (stack.length > 0 && results.length < limit) {
-                    const dir = stack.pop();
-                    let dirEntries;
-                    try {
-                        dirEntries = fs.readdirSync(dir, { withFileTypes: true });
-                    }
-                    catch {
-                        continue;
-                    }
-                    for (const e of dirEntries) {
-                        if (e.name.startsWith('.'))
-                            continue;
-                        if (ignored.has(e.name))
-                            continue;
-                        const full = path.resolve(dir, e.name);
-                        if (e.name.toLowerCase().includes(query)) {
-                            let size = 0;
-                            if (!e.isDirectory()) {
-                                try {
-                                    size = fs.statSync(full).size;
-                                }
-                                catch { }
-                            }
-                            results.push({
-                                name: e.name,
-                                path: path.relative(projectRoot, full).replace(/\\/g, '/'),
-                                isDirectory: e.isDirectory(),
-                                size,
-                            });
-                            if (results.length >= limit)
-                                break;
-                        }
-                        if (e.isDirectory())
-                            stack.push(full);
-                    }
-                }
-                results.sort((a, b) => {
-                    if (a.isDirectory !== b.isDirectory)
-                        return a.isDirectory ? -1 : 1;
-                    return a.name.localeCompare(b.name);
-                });
-                sendToServer({ type: 'file_search_result', query, entries: results });
-            }
-            catch (e) {
-                sendToServer({ type: 'file_search_result', query, entries: [], error: e instanceof Error ? e.message : String(e) });
-            }
-            return;
-        }
-        if (msg['type'] === 'file_list') {
-            const requestedPath = msg['path'] || '';
-            try {
-                const projectRoot = process.cwd();
-                const resolved = safePath(requestedPath || '.');
-                if (!resolved.startsWith(projectRoot)) {
-                    sendToServer({ type: 'file_list_result', path: requestedPath, entries: [], error: 'path traversal blocked' });
-                    return;
-                }
-                const entries = fs.readdirSync(resolved, { withFileTypes: true })
-                    .filter(e => !e.name.startsWith('.'))
-                    .map(e => ({
-                    name: e.name,
-                    path: path.relative(projectRoot, path.resolve(resolved, e.name)).replace(/\\/g, '/'),
-                    isDirectory: e.isDirectory(),
-                    size: e.isDirectory() ? 0 : fs.statSync(path.resolve(resolved, e.name)).size,
-                }))
-                    .sort((a, b) => {
-                    if (a.isDirectory !== b.isDirectory)
-                        return a.isDirectory ? -1 : 1;
-                    return a.name.localeCompare(b.name);
-                });
-                sendToServer({ type: 'file_list_result', path: requestedPath, entries, projectName: path.basename(process.cwd()) });
-            }
-            catch (e) {
-                sendToServer({ type: 'file_list_result', path: requestedPath, entries: [], error: e instanceof Error ? e.message : String(e) });
-            }
-            return;
-        }
-        if (msg['type'] === 'file_read') {
-            const filePath = msg['path'];
-            try {
-                const projectRoot = process.cwd();
-                const resolved = path.resolve(projectRoot, path.normalize(filePath || '.'));
-                if (!resolved.startsWith(projectRoot)) {
-                    sendToServer({ type: 'file_read_result', path: filePath, error: 'path traversal blocked' });
-                    return;
-                }
-                const content = fs.readFileSync(resolved, 'utf-8');
-                sendToServer({ type: 'file_read_result', path: filePath, content });
-            }
-            catch (e) {
-                sendToServer({ type: 'file_read_result', path: filePath, error: e instanceof Error ? e.message : String(e) });
-            }
-            return;
-        }
-        if (msg['type'] === 'file_write') {
-            const filePath = msg['path'];
-            const content = msg['content'];
-            try {
-                const projectRoot = process.cwd();
-                const resolved = path.resolve(projectRoot, path.normalize(filePath || '.'));
-                if (!resolved.startsWith(projectRoot)) {
-                    sendToServer({ type: 'file_write_result', path: filePath, ok: false, error: 'path traversal blocked' });
-                    return;
-                }
-                fs.writeFileSync(resolved, content, 'utf-8');
-                sendToServer({ type: 'file_write_result', path: filePath, ok: true });
-            }
-            catch (e) {
-                sendToServer({ type: 'file_write_result', path: filePath, ok: false, error: e instanceof Error ? e.message : String(e) });
-            }
-            return;
-        }
-        if (msg['type'] === 'file_create') {
-            const targetPath = msg['path'];
-            const isDir = msg['isDirectory'] ?? false;
-            try {
-                const resolved = safePath(targetPath);
-                if (isDir) {
-                    fs.mkdirSync(resolved, { recursive: true });
-                }
-                else {
-                    fs.mkdirSync(path.dirname(resolved), { recursive: true });
-                    fs.writeFileSync(resolved, '', 'utf-8');
-                }
-                sendToServer({ type: 'file_op_result', op: 'create', path: targetPath, ok: true });
-            }
-            catch (e) {
-                sendToServer({ type: 'file_op_result', op: 'create', path: targetPath, ok: false, error: e instanceof Error ? e.message : String(e) });
-            }
-            return;
-        }
-        if (msg['type'] === 'file_delete') {
-            const targetPath = msg['path'];
-            try {
-                const resolved = safePath(targetPath);
-                fs.rmSync(resolved, { recursive: true, force: true });
-                sendToServer({ type: 'file_op_result', op: 'delete', path: targetPath, ok: true });
-            }
-            catch (e) {
-                sendToServer({ type: 'file_op_result', op: 'delete', path: targetPath, ok: false, error: e instanceof Error ? e.message : String(e) });
-            }
-            return;
-        }
-        if (msg['type'] === 'file_rename') {
-            const oldPath = msg['oldPath'];
-            const newName = msg['newName'];
-            try {
-                const resolvedOld = safePath(oldPath);
-                const resolvedNew = path.join(path.dirname(resolvedOld), newName);
-                safePath(path.relative(process.cwd(), resolvedNew));
-                fs.renameSync(resolvedOld, resolvedNew);
-                sendToServer({ type: 'file_op_result', op: 'rename', path: oldPath, newPath: path.relative(process.cwd(), resolvedNew).replace(/\\/g, '/'), ok: true });
-            }
-            catch (e) {
-                sendToServer({ type: 'file_op_result', op: 'rename', path: oldPath, ok: false, error: e instanceof Error ? e.message : String(e) });
-            }
-            return;
-        }
-        if (msg['type'] === 'file_copy') {
-            const srcPath = msg['src'];
-            const destPath = msg['dest'];
-            try {
-                const resolvedSrc = safePath(srcPath);
-                const resolvedDest = safePath(destPath);
-                copyRecursive(resolvedSrc, resolvedDest);
-                sendToServer({ type: 'file_op_result', op: 'copy', path: srcPath, dest: destPath, ok: true });
-            }
-            catch (e) {
-                sendToServer({ type: 'file_op_result', op: 'copy', path: srcPath, ok: false, error: e instanceof Error ? e.message : String(e) });
-            }
-            return;
-        }
-        if (msg['type'] === 'file_move') {
-            const srcPath = msg['src'];
-            const destPath = msg['dest'];
-            try {
-                const resolvedSrc = safePath(srcPath);
-                const resolvedDest = safePath(destPath);
-                fs.renameSync(resolvedSrc, resolvedDest);
-                sendToServer({ type: 'file_op_result', op: 'move', path: srcPath, dest: destPath, ok: true });
-            }
-            catch (e) {
-                sendToServer({ type: 'file_op_result', op: 'move', path: srcPath, ok: false, error: e instanceof Error ? e.message : String(e) });
-            }
-            return;
-        }
-        if (msg['type'] === 'tunnel_request') {
-            const { requestId, method, path: urlPath, headers: reqHeaders, body: reqBody, port, host: remoteHost } = msg;
-            const targetHost = remoteHost || 'localhost';
-            const url = `http://${targetHost}:${port}${urlPath}`;
-            const filteredHeaders = Object.fromEntries(Object.entries(reqHeaders).filter(([k]) => {
-                const lower = k.toLowerCase();
-                return !lower.startsWith('sec-') && !['host', 'connection', 'accept-encoding', 'upgrade-insecure-requests'].includes(lower);
-            }).map(([k, v]) => {
-                const lower = k.toLowerCase();
-                if (lower === 'origin' || lower === 'referer') {
-                    return [k, v.replace(/http:\/\/localhost:\d+/g, `http://${targetHost}:${port}`)];
-                }
-                return [k, v];
-            }));
-            log(`[tunnel] ${method} ${url}`);
-            fetch(url, {
-                method,
-                headers: filteredHeaders,
-                body: reqBody && method !== 'GET' && method !== 'HEAD' ? Buffer.from(reqBody, 'base64') : undefined,
-                redirect: 'manual',
-            })
-                .then(async (res) => {
-                const buf = Buffer.from(await res.arrayBuffer());
-                log(`[tunnel] response ${res.status} ${url} (${buf.length} bytes)`);
-                const respHeaders = Object.fromEntries([...res.headers.entries()].filter(([k]) => !['content-encoding', 'transfer-encoding', 'content-length'].includes(k.toLowerCase())));
-                const remoteOrigin = `http://${targetHost}:${port}`;
-                if (respHeaders['location']) {
-                    respHeaders['location'] = respHeaders['location']
-                        .replace(remoteOrigin, '');
-                }
-                if (respHeaders['set-cookie']) {
-                    respHeaders['set-cookie'] = respHeaders['set-cookie']
-                        .replace(/;\s*domain=[^;]*/gi, '')
-                        .replace(/;\s*secure/gi, '');
-                }
-                sendToServer({
-                    type: 'tunnel_response',
-                    requestId,
-                    status: res.status,
-                    headers: respHeaders,
-                    body: buf.toString('base64'),
-                });
-            })
-                .catch((err) => {
-                sendToServer({
-                    type: 'tunnel_response',
-                    requestId,
-                    status: 502,
-                    headers: {},
-                    body: Buffer.from('Bad Gateway: ' + err.message).toString('base64'),
-                });
-            });
-            return;
-        }
-    });
-    ws.on('close', () => {
-        log(`[ws] disconnected, reconnecting in 3s`);
-        if (pingInterval) {
-            clearInterval(pingInterval);
-            pingInterval = null;
-        }
-        if (fileWatcher) {
-            try {
-                fileWatcher.close();
-            }
-            catch { }
-            fileWatcher = null;
-        }
-        reconnectTimer = setTimeout(() => connectToServer(), 3000);
-    });
-    ws.on('error', () => { });
-}
-function generateCode() {
-    return String(Math.floor(100000 + Math.random() * 900000));
-}
-function httpPost(url, body) {
-    return new Promise((resolve, reject) => {
-        const payload = JSON.stringify(body);
-        const urlObj = new URL(url);
-        const isHttps = urlObj.protocol === 'https:';
-        const transport = isHttps ? https : http;
-        const options = {
-            hostname: urlObj.hostname,
-            port: urlObj.port || (isHttps ? 443 : 80),
-            path: urlObj.pathname,
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                'Content-Length': Buffer.byteLength(payload),
-            },
-        };
-        const req = transport.request(options, (res) => {
-            let raw = '';
-            res.on('data', (chunk) => { raw += chunk; });
-            res.on('end', () => {
-                try {
-                    resolve({ status: res.statusCode ?? 0, data: JSON.parse(raw) });
-                }
-                catch {
-                    resolve({ status: res.statusCode ?? 0, data: raw });
-                }
-            });
-        });
-        req.on('error', reject);
-        req.write(payload);
-        req.end();
-    });
-}
-function httpGet(url) {
-    return new Promise((resolve, reject) => {
-        const urlObj = new URL(url);
-        const isHttps = urlObj.protocol === 'https:';
-        const transport = isHttps ? https : http;
-        const options = {
-            hostname: urlObj.hostname,
-            port: urlObj.port || (isHttps ? 443 : 80),
-            path: urlObj.pathname + urlObj.search,
-            method: 'GET',
-        };
-        const req = transport.request(options, (res) => {
-            let raw = '';
-            res.on('data', (chunk) => { raw += chunk; });
-            res.on('end', () => {
-                try {
-                    resolve({ status: res.statusCode ?? 0, data: JSON.parse(raw) });
-                }
-                catch {
-                    resolve({ status: res.statusCode ?? 0, data: raw });
-                }
-            });
-        });
-        req.on('error', reject);
-        req.end();
-    });
-}
-// poll pair status until approved/rejected or timeout (5 min)
-async function pollPairStatus(requestId) {
-    const deadline = Date.now() + 5 * 60 * 1000;
-    while (Date.now() < deadline) {
-        await new Promise((r) => setTimeout(r, 2000));
-        try {
-            const res = await httpGet(`${SERVER_HTTP}/api/cli/pair/${requestId}`);
-            if (res.status !== 200)
-                continue;
-            const data = res.data;
-            if (data.status === 'approved' && data.deviceToken && data.device) {
-                return data;
-            }
-            if (data.status === 'rejected') {
-                console.warn('[kumo-cli] pairing rejected by app');
-                return null;
-            }
-        }
-        catch {
-            // transient, retry
-        }
-    }
-    console.warn('[kumo-cli] pairing timed out');
-    return null;
-}
-function displayCode(code) {
-    const line = '═'.repeat(40);
-    console.log('\n\x1b[36m' + line + '\x1b[0m');
-    console.log('\x1b[36m║\x1b[0m  \x1b[1mKumo Pairing Code (valid 5 min)\x1b[0m');
-    console.log('\x1b[36m║\x1b[0m');
-    console.log(`\x1b[36m║\x1b[0m      \x1b[1;33m${code.slice(0, 3)} ${code.slice(3)}\x1b[0m`);
-    console.log('\x1b[36m║\x1b[0m');
-    console.log('\x1b[36m║\x1b[0m  Enter this code in the Kumo app');
-    console.log('\x1b[36m' + line + '\x1b[0m\n');
-}
-async function registerCode(code) {
-    try {
-        const result = await httpPost(`${SERVER_HTTP}/api/pair/register`, {
-            code,
-            port: SERVER_PORT,
-        });
-        return result.status === 200;
-    }
-    catch {
-        return false;
-    }
-}
-async function checkCliStatus() {
-    return new Promise((resolve) => {
-        const urlObj = new URL(`${SERVER_HTTP}/api/cli/status`);
-        const options = {
-            hostname: urlObj.hostname,
-            port: urlObj.port || 80,
-            path: urlObj.pathname,
-            method: 'GET',
-        };
-        const req = http.request(options, (res) => {
-            let raw = '';
-            res.on('data', (chunk) => { raw += chunk; });
-            res.on('end', () => {
-                try {
-                    resolve(JSON.parse(raw));
-                }
-                catch {
-                    resolve({ paired: false, alive: false });
-                }
-            });
-        });
-        req.on('error', () => resolve({ paired: false, alive: false }));
-        req.end();
-    });
-}
-function getCurrentProjectFolder() {
-    return cwdToProjectFolder(process.cwd());
-}
-// claude-cli encodes a cwd into a folder name by replacing separators,
-// colons and underscores with dashes (observed on both unix and windows).
-function cwdToProjectFolder(cwd) {
-    if (os.platform() === 'win32') {
-        return cwd.replace(/:/g, '-').replace(/[\\/]/g, '-').replace(/_/g, '-');
-    }
-    return cwd.replace(/\//g, '-').replace(/_/g, '-');
-}
-async function getActiveSessionIds() {
-    const sessionsDir = path.join(os.homedir(), '.claude', 'sessions');
-    const active = new Set();
-    try {
-        const files = fs.readdirSync(sessionsDir).filter((f) => f.endsWith('.json'));
-        for (const file of files) {
-            try {
-                const data = JSON.parse(fs.readFileSync(path.join(sessionsDir, file), 'utf-8'));
-                if (data.sessionId)
-                    active.add(data.sessionId);
-            }
-            catch { }
-        }
-    }
-    catch { }
-    return active;
-}
-async function getSessionListForCwd(cwdOverride) {
-    const cwd = cwdOverride && cwdOverride.length > 0 ? cwdOverride : process.cwd();
-    const folderName = cwdToProjectFolder(cwd);
-    const projectDir = path.join(os.homedir(), '.claude', 'projects', folderName);
-    log(`[session_list] cwd=${cwd}, folder=${folderName}, dir=${projectDir}`);
-    const sessions = [];
-    try {
-        if (!fs.existsSync(projectDir))
-            return sessions;
-        const files = fs.readdirSync(projectDir).filter((f) => f.endsWith('.jsonl'));
-        for (const file of files) {
-            const sessionId = path.basename(file, '.jsonl');
-            const filePath = path.join(projectDir, file);
-            try {
-                const raw = fs.readFileSync(filePath, 'utf-8');
-                const lines = raw.split('\n').filter((l) => l.trim());
-                let firstMessage = '';
-                let lastTimestamp = '';
-                let hasMessages = false;
-                for (const line of lines) {
-                    try {
-                        const entry = JSON.parse(line);
-                        if (entry['type'] !== 'user' && entry['type'] !== 'assistant')
-                            continue;
-                        const msgObj = entry['message'];
-                        if (!msgObj || !msgObj['role'] || msgObj['role'] === 'system')
-                            continue;
-                        hasMessages = true;
-                        const ts = entry['timestamp'];
-                        if (ts)
-                            lastTimestamp = ts;
-                        if (!firstMessage && msgObj['role'] === 'user') {
-                            if (typeof msgObj['content'] === 'string') {
-                                firstMessage = msgObj['content'].slice(0, 200);
-                            }
-                            else if (Array.isArray(msgObj['content'])) {
-                                firstMessage = msgObj['content']
-                                    .filter((b) => b['type'] === 'text' && b['text'])
-                                    .map((b) => b['text'])
-                                    .join('')
-                                    .slice(0, 200);
-                            }
-                        }
-                    }
-                    catch { }
-                }
-                if (hasMessages) {
-                    sessions.push({ sessionId, firstMessage, lastTimestamp });
-                }
-            }
-            catch { }
-        }
-    }
-    catch { }
-    sessions.sort((a, b) => (b.lastTimestamp || '').localeCompare(a.lastTimestamp || ''));
-    return sessions;
-}
-async function deleteSessionFile(sessionId, cwdOverride) {
-    const cwd = cwdOverride && cwdOverride.length > 0 ? cwdOverride : process.cwd();
-    const folderName = cwdToProjectFolder(cwd);
-    const projectDir = path.join(os.homedir(), '.claude', 'projects', folderName);
-    const sessionFile = path.join(projectDir, `${sessionId}.jsonl`);
-    try {
-        if (fs.existsSync(sessionFile)) {
-            fs.unlinkSync(sessionFile);
-            log(`[delete_session] deleted ${sessionFile}`);
-        }
-        else {
-            log(`[delete_session] file not found: ${sessionFile}`);
-        }
-    }
-    catch (err) {
-        log(`[delete_session] error: ${err}`);
-        throw err;
-    }
-}
-async function sendSessionList(cwdOverride) {
-    try {
-        const sessions = await getSessionListForCwd(cwdOverride);
-        const activeIds = await getActiveSessionIds();
-        const sessionsWithActive = sessions.map((s) => ({
-            ...s,
-            isActive: activeIds.has(s.sessionId),
-        }));
-        sendToServer({ type: 'session_list', sessions: sessionsWithActive });
-        log(`[session_list] sent ${sessionsWithActive.length} sessions, ${activeIds.size} active`);
-    }
-    catch (err) {
-        log(`[session_list] error: ${err}`);
-        sendToServer({ type: 'session_list', sessions: [] });
-    }
-}
-async function handleSessionHistoryRequest(sessionId) {
-    if (!sessionId)
-        return;
-    log(`[ws recv] request_session_history: ${sessionId}`);
-    const switchId = ++sessionSwitchCounter;
-    log(`[session_history] switchId=${switchId}`);
-    try {
-        const folderName = getCurrentProjectFolder();
-        const claudeProjectsDir = path.join(os.homedir(), '.claude', 'projects');
-        const sessionFile = path.join(claudeProjectsDir, folderName, `${sessionId}.jsonl`);
-        log(`[session_history] folder=${folderName}, file=${sessionFile}`);
-        if (!fs.existsSync(sessionFile)) {
-            log(`[session_history] file not found, returning empty`);
-            sendToServer({ type: 'session_history', sessionId, messages: [] });
-            return;
-        }
-        const raw = fs.readFileSync(sessionFile, 'utf-8');
-        const messages = [];
-        const seenUuids = new Set();
-        for (const line of raw.split('\n')) {
-            if (!line.trim())
-                continue;
-            try {
-                const entry = JSON.parse(line);
-                if (entry['type'] !== 'user' && entry['type'] !== 'assistant')
-                    continue;
-                const msgObj = entry['message'];
-                if (!msgObj)
-                    continue;
-                const role = msgObj['role'];
-                if (!role || role === 'system')
-                    continue;
-                if (entry['isMeta'] || entry['sourceToolUseID'])
-                    continue;
-                const uuid = entry['uuid'];
-                if (uuid && seenUuids.has(uuid))
-                    continue;
-                if (uuid)
-                    seenUuids.add(uuid);
-                const timestamp = entry['timestamp'];
-                let content = '';
-                const toolUses = [];
-                if (typeof msgObj['content'] === 'string') {
-                    content = msgObj['content'];
-                }
-                else if (Array.isArray(msgObj['content'])) {
-                    content = msgObj['content']
-                        .filter((b) => b['type'] === 'text' && b['text'] && b['text'].trim() !== 'No response requested.')
-                        .map((b) => b['text'])
-                        .join('');
-                    for (const b of msgObj['content']) {
-                        if (b['type'] === 'tool_use' && b['name']) {
-                            toolUses.push({ toolName: b['name'], input: b['input'] ?? {} });
-                        }
-                    }
-                }
-                if (!content && toolUses.length === 0)
-                    continue;
-                messages.push({ role, content, id: uuid, timestamp, toolUses: toolUses.length > 0 ? toolUses : undefined });
-            }
-            catch { }
-        }
-        sendToServer({ type: 'session_history', sessionId, messages });
-        log(`[session_history] sent ${messages.length} messages for ${sessionId}`);
-        if (switchId !== sessionSwitchCounter) {
-            log(`[session_history] cancelled switch to ${sessionId} (superseded)`);
-            return;
-        }
-        startScannerAtEnd = true;
-        claudeArgs = [...removeResumeArgs(claudeArgs), '--resume', sessionId];
-        await ensureModelBeforeSpawn();
-        spawnClaudeNow();
-    }
-    catch (err) {
-        log(`[request_session_history] error: ${err}`);
-        sendToServer({ type: 'session_history', sessionId, messages: [] });
-    }
-}
-async function pairFlow() {
-    // prompt user for the 9-digit pairing code shown in the kumo app
-    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-    const ask = (q) => new Promise((resolve) => rl.question(q, (a) => resolve(a)));
-    // ascii art of the kumo text
-    const cloud = [
-        "  \x1b[1;36m_  __ _   _  __  __   ____ \x1b[0m",
-        " \x1b[1;36m| |/ /| | | ||  \\/  | / __ \\\x1b[0m",
-        " \x1b[1;36m| ' / | | | || \\  / || |  | |\x1b[0m",
-        " \x1b[1;36m| . \\ | |_| || |\\/| || |__| |\x1b[0m",
-        " \x1b[1;36m|_|\\_\\ \\___/ |_|  |_| \\____/\x1b[0m"
-    ];
-    console.log('');
-    for (const line of cloud)
-        console.log(line);
-    console.log('');
-    console.log('   \x1b[2mwhere your code drifts between devices, softly.\x1b[0m');
-    console.log('');
-    console.log('   \x1b[36m›\x1b[0m open the \x1b[1mKumo app\x1b[0m, sign in, and tap \x1b[1m"generate"\x1b[0m on the pairing tab.');
-    console.log('   \x1b[36m›\x1b[0m whisper the 9 digits back to me below — spaces are fine.');
-    console.log('');
-    try {
-        // loop until paired successfully; any failure prompts re-entry
-        while (true) {
-            const raw = (await ask('\x1b[1;33m✦ pairing code ›\x1b[0m ')).trim();
-            if (!raw) {
-                console.warn('[kumo-cli] pairing code is required, please try again');
-                continue;
-            }
-            const code = raw.replace(/\D+/g, '');
-            if (!/^\d{9}$/.test(code)) {
-                console.warn('[kumo-cli] pairing code must be exactly 9 digits, please try again');
-                continue;
-            }
-            const deviceUuid = randomUUID();
-            const deviceName = `${os.userInfo().username}@${os.hostname()}`;
-            let result;
-            try {
-                result = await httpPost(`${SERVER_HTTP}/api/cli/pair`, {
-                    pairingCode: code,
-                    deviceUuid,
-                    deviceName,
-                });
-            }
-            catch (err) {
-                console.warn(`[kumo-cli] pair error: ${err.message}, please try again`);
-                continue;
-            }
-            if (result.status !== 200 && result.status !== 201) {
-                const data = result.data;
-                const msg = data?.error ?? data?.message ?? `HTTP ${result.status}`;
-                console.warn(`[kumo-cli] pair failed: ${msg}, please try again`);
-                continue;
-            }
-            const initial = result.data;
-            if (!initial.requestId) {
-                console.warn('[kumo-cli] pair failed: missing requestId, please try again');
-                continue;
-            }
-            console.log('[kumo-cli] waiting for approval in the Kumo app...');
-            const approved = await pollPairStatus(initial.requestId);
-            if (!approved) {
-                console.warn('[kumo-cli] please try again with a fresh code');
-                continue;
-            }
-            const creds = {
-                deviceUuid: approved.device.deviceUuid,
-                deviceToken: approved.deviceToken,
-                serverUrl: SERVER_HTTP,
-                user: approved.user ?? undefined,
-            };
-            saveCredentials(creds);
-            console.log(`[kumo-cli] paired and saved to ${credentialsPath()}`);
-            return creds;
-        }
-    }
-    finally {
-        rl.close();
-    }
-}
-// quick reachability check against backend health endpoint
-async function checkBackendReachable() {
-    try {
-        const res = await httpGet(`${SERVER_HTTP}/api/health`);
-        return res.status === 200;
-    }
-    catch {
-        return false;
-    }
-}
-// verify cached deviceToken against backend; returns refreshed user info or null when revoked/deleted
-async function verifyCredentials(creds) {
-    try {
-        const res = await httpPost(`${SERVER_HTTP}/api/cli/connect`, { deviceToken: creds.deviceToken });
-        if (res.status !== 200)
-            return null;
-        const data = res.data;
-        return {
-            ...creds,
-            user: data.user ?? creds.user,
-            deviceUuid: data.device?.deviceUuid ?? creds.deviceUuid,
-        };
-    }
-    catch {
-        return null;
-    }
-}
 async function main() {
-    claudeArgs = process.argv.slice(2);
+    let claudeArgs = [...bootArgs];
     if (claudeArgs[0] === 'reset') {
         const removed = clearCredentials();
-        if (removed)
-            console.log(`[kumo-cli] credentials cleared at ${credentialsPath()}`);
-        else
-            console.log(`[kumo-cli] no credentials to clear`);
+        console.log(removed ? `[kumo-cli] credentials cleared at ${credentialsPath()}` : `[kumo-cli] no credentials to clear`);
         return;
     }
-    if (!claudeArgs.includes('--dangerously-skip-permissions')) {
+    if (!claudeArgs.includes('--dangerously-skip-permissions'))
         claudeArgs.push('--dangerously-skip-permissions');
-    }
-    // model is resolved dynamically by backend via ws messages; no env fallback here
+    let ws;
+    const send = (data) => ws.send(data);
+    const model = new ModelService();
+    const effort = new EffortService();
+    effort.load();
+    const terminals = new TerminalManager((terminalId, data) => send({ type: 'terminal_output', terminalId, data }), (terminalId, exitCode) => {
+        log(`[terminal] ${terminalId} exited with code ${exitCode}`);
+        send({ type: 'terminal_closed', terminalId, exitCode });
+    });
+    const claude = new ClaudeService(send, model, effort, () => activeCredentials?.deviceToken);
+    claude.args = claudeArgs;
+    claude.onExit = (code) => { ws.close(); process.exit(code); };
     const hookServer = await startHookServer((sessionId) => {
         currentSessionId = sessionId;
-        ptySnapshotRenderer.reset(process.stdout.columns ?? 120, process.stdout.rows ?? 30);
-        sendToServer({ type: 'session_start', sessionId });
+        claude.resetSnapshot();
+        send({ type: 'session_start', sessionId });
         scanner?.stop();
         scanner = new SessionScanner(sessionId, startScannerAtEnd);
         startScannerAtEnd = false;
         scanner.on('message', (msg) => {
-            sendToServer({ type: 'transcript', message: msg });
+            send({ type: 'transcript', message: msg });
             if (msg.role === 'assistant' && msg.stopReason === 'end_turn') {
                 log(`[scanner] assistant_done detected, stopReason=${msg.stopReason}`);
-                sendToServer({ type: 'assistant_done' });
+                send({ type: 'assistant_done' });
             }
         });
         scanner.start();
         if (pendingPrompt) {
             const queued = pendingPrompt;
             pendingPrompt = null;
-            dispatchPrompt(queued);
+            claude.dispatchPrompt(queued);
         }
     });
-    process.stdout.on('resize', () => {
-        ptySnapshotRenderer.resize(process.stdout.columns ?? 120, process.stdout.rows ?? 30);
-    });
-    claudeSettingsPath = generateHookSettingsFile(hookServer.port);
+    process.stdout.on('resize', () => claude.resizeSnapshot());
+    claude.settingsPath = generateHookSettingsFile(hookServer.port);
     activeCredentials = loadCredentials();
     if (activeCredentials) {
-        // verify cached credentials against backend; if device was deleted/revoked, force re-pair
-        const reachable = await checkBackendReachable();
-        if (!reachable) {
-            console.error(`[kumo-cli] cannot reach backend at ${SERVER_HTTP}. check KUMO_SERVER_URL and that the server is running.`);
+        if (!await checkBackendReachable()) {
+            console.error(`[kumo-cli] cannot reach backend at ${SERVER_HTTP()}. check KUMO_SERVER_URL and that the server is running.`);
             hookServer.close();
             process.exit(1);
         }
@@ -1427,10 +147,8 @@ async function main() {
         }
     }
     if (!activeCredentials) {
-        // require backend to be reachable before asking the user to pair
-        const reachable = await checkBackendReachable();
-        if (!reachable) {
-            console.error(`[kumo-cli] cannot reach backend at ${SERVER_HTTP}. check KUMO_SERVER_URL and that the server is running.`);
+        if (!await checkBackendReachable()) {
+            console.error(`[kumo-cli] cannot reach backend at ${SERVER_HTTP()}. check KUMO_SERVER_URL and that the server is running.`);
             hookServer.close();
             process.exit(1);
         }
@@ -1442,10 +160,48 @@ async function main() {
         }
     }
     console.log(`\x1b[32m✓ Connected as ${activeCredentials.user?.email ?? activeCredentials.user?.id ?? 'device'}\x1b[0m\n`);
-    connectToServer(undefined, async () => {
-        startFileWatcher();
-        await sendSessionList();
+    const router = createMessageRouter({
+        send,
+        claude, model, effort, terminals,
+        onPaired: () => {
+            if (pairedResolved)
+                return;
+            pairedResolved = true;
+            pairedResolve?.();
+            startFileWatcher(send);
+        },
+        onAuthError: () => { ws.close(); },
+        scheduleScannerAtEnd: () => { startScannerAtEnd = true; },
+        setCurrentSessionId: (id) => { currentSessionId = id; },
+        getCurrentSessionId: () => currentSessionId,
+        setPendingPrompt: (text) => { pendingPrompt = text; },
+    });
+    ws = new WsClient(async () => {
+        send({
+            type: 'register',
+            clientType: 'cli',
+            deviceToken: activeCredentials?.deviceToken,
+            deviceUuid: activeCredentials?.deviceUuid,
+            cwd: process.cwd(),
+        });
+        claude.resetMenu();
+        startFileWatcher(send);
+        const sessions = await sessionService.getSessionListForCwd();
+        const activeIds = await sessionService.getActiveSessionIds();
+        if (currentSessionId)
+            activeIds.add(currentSessionId);
+        send({ type: 'session_list', sessions: sessions.map((s) => ({ ...s, isActive: activeIds.has(s.sessionId) })) });
+    }, router, () => {
+        if (fileWatcher) {
+            try {
+                fileWatcher.close();
+            }
+            catch { }
+            fileWatcher = null;
+        }
     });
+    ws.onSent(() => claude.notifySent());
+    ws.connect();
 }
 main().catch((err) => {
     console.error('[kumo-cli] fatal error:', err);