metame-cli 1.5.4 → 1.5.5

package/scripts/daemon-claude-engine.js

@@ -2,7 +2,14 @@
 
 const { classifyChatUsage } = require('./usage-classifier');
 const { deriveProjectInfo } = require('./utils');
-const { createEngineRuntimeFactory, normalizeEngineName, resolveEngineModel, ENGINE_MODEL_CONFIG } = require('./daemon-engine-runtime');
+const {
+  createEngineRuntimeFactory,
+  normalizeEngineName,
+  resolveEngineModel,
+  ENGINE_MODEL_CONFIG,
+  _private: { resolveCodexPermissionProfile },
+} = require('./daemon-engine-runtime');
+const { buildIntentHintBlock } = require('./intent-registry');
 const { buildAgentContextForEngine, buildMemorySnapshotContent, refreshMemorySnapshot } = require('./agent-layer');
 
 /**
@@ -37,7 +44,6 @@ function createClaudeEngine(deps) {
     getActiveProviderEnv,
     activeProcesses,
     saveActivePids,
-    messageQueue,
     log,
     yaml,
     providerMod,
@@ -52,7 +58,6 @@ function createClaudeEngine(deps) {
     isContentFile,
     sendFileButtons,
     findSessionFile,
-    listRecentSessions,
     getSession,
     getSessionForEngine,
     createSession,
@@ -60,6 +65,9 @@ function createClaudeEngine(deps) {
     writeSessionName,
     markSessionStarted,
     isEngineSessionValid,
+    getCodexSessionSandboxProfile,
+    getCodexSessionPermissionMode,
+    getSessionRecentContext,
     gitCheckpoint,
     gitCheckpointAsync,
     recordTokens,
@@ -73,11 +81,42 @@ function createClaudeEngine(deps) {
   function getDefaultEngine() {
     return (typeof _getDefaultEngine === 'function') ? _getDefaultEngine() : 'claude';
   }
+  function resolveSessionForEngine(chatId, engineName) {
+    if (typeof getSessionForEngine === 'function') {
+      return getSessionForEngine(chatId, engineName);
+    }
+    const legacy = typeof getSession === 'function' ? getSession(chatId) : null;
+    if (!legacy) return null;
+    if (!legacy.engines) return legacy;
+    const slot = legacy.engines[engineName] || null;
+    if (!slot) return null;
+    return {
+      ...legacy,
+      ...slot,
+      cwd: legacy.cwd || HOME,
+      engine: engineName,
+    };
+  }
+  function validateEngineSession(engineName, sessionId, cwd) {
+    if (typeof isEngineSessionValid === 'function') {
+      return isEngineSessionValid(engineName, sessionId, cwd);
+    }
+    return true;
+  }
   let mentorEngine = null;
   try { mentorEngine = require('./mentor-engine'); } catch { /* optional */ }
   let sessionAnalytics = null;
   try { sessionAnalytics = require('./session-analytics'); } catch { /* optional */ }
 
+  function shouldAutoRouteSkill({ agentMatch, hasActiveSession, boundProjectKey, skillName }) {
+    if (agentMatch || hasActiveSession) return false;
+    if (
+      String(boundProjectKey || '').trim() === 'personal'
+      && String(skillName || '').trim() === 'macos-local-orchestrator'
+    ) return false;
+    return true;
+  }
+
   const getEngineRuntime = typeof injectedGetEngineRuntime === 'function'
     ? injectedGetEngineRuntime
     : createEngineRuntimeFactory({ fs, path, HOME, CLAUDE_BIN, getActiveProviderEnv });
@@ -147,7 +186,11 @@ function createClaudeEngine(deps) {
       if (!state.sessions) state.sessions = {};
       const cur = state.sessions[chatId] || {};
       const patched = typeof patchFn === 'function' ? patchFn(cur) : cur;
-      state.sessions[chatId] = patched && typeof patched === 'object' ? patched : cur;
+      if (patched && typeof patched === 'object') {
+        state.sessions[chatId] = { ...patched, last_active: Date.now() };
+      } else {
+        state.sessions[chatId] = cur;
+      }
       saveState(state);
     }).catch((e) => {
       log('WARN', `patchSessionSerialized failed for ${chatId}: ${e.message}`);
@@ -159,27 +202,35 @@ function createClaudeEngine(deps) {
   }
 
   const CODEX_RESUME_RETRY_WINDOW_MS = 10 * 60 * 1000;
-  const _codexResumeRetryTs = new Map(); // chatId -> last retry ts
+  const CODEX_PERMISSION_STABILIZE_MAX_RETRIES = 2;
+  const _codexResumeRetryTs = new Map(); // `${chatId}:${kind}` -> last retry ts
+
+  function getCodexResumeRetryKey(chatId, kind = 'default') {
+    const base = String(chatId || '').trim();
+    const mode = String(kind || 'default').trim();
+    return base && mode ? `${base}:${mode}` : '';
+  }
 
-  function canRetryCodexResume(chatId) {
-    const key = String(chatId || '');
+  function canRetryCodexResume(chatId, kind = 'default') {
+    const key = getCodexResumeRetryKey(chatId, kind);
     if (!key) return false;
     const last = Number(_codexResumeRetryTs.get(key) || 0);
     if (!last) return true;
     return (Date.now() - last) > CODEX_RESUME_RETRY_WINDOW_MS;
   }
 
-  function markCodexResumeRetried(chatId) {
-    const key = String(chatId || '');
+  function markCodexResumeRetried(chatId, kind = 'default') {
+    const key = getCodexResumeRetryKey(chatId, kind);
     if (!key) return;
     _codexResumeRetryTs.set(key, Date.now());
   }
 
-  function shouldRetryCodexResumeFallback({ runtimeName, wasResumeAttempt, output, error, errorCode, canRetry }) {
+  function shouldRetryCodexResumeFallback({ runtimeName, wasResumeAttempt, output, error, errorCode, canRetry, failureKind = '' }) {
     return runtimeName === 'codex'
       && !!wasResumeAttempt
       && !!error
       && (!output || !!errorCode)
+      && failureKind !== 'user-stop'
       && !!canRetry;
   }
 
@@ -205,6 +256,218 @@ function createClaudeEngine(deps) {
     return out;
   }
 
+  function getCodexPermissionProfile(readOnly, daemonCfg = {}, session = {}) {
+    return resolveCodexPermissionProfile({ readOnly, daemonCfg, session });
+  }
+
+  function getSessionChatId(chatId, boundProjectKey) {
+    const rawChatId = String(chatId || '');
+    if (rawChatId.startsWith('_agent_') || rawChatId.startsWith('_scope_')) return rawChatId;
+    if (boundProjectKey) return `_bound_${boundProjectKey}`;
+    return rawChatId || chatId;
+  }
+
+  function normalizeCodexSandboxMode(value, fallback = null) {
+    const text = String(value || '').trim().toLowerCase();
+    if (!text) return fallback;
+    if (text === 'read-only' || text === 'readonly') return 'read-only';
+    if (text === 'workspace-write' || text === 'workspace') return 'workspace-write';
+    if (
+      text === 'danger-full-access'
+      || text === 'dangerous'
+      || text === 'full-access'
+      || text === 'full'
+      || text === 'bypass'
+      || text === 'writable'
+    ) return 'danger-full-access';
+    return fallback;
+  }
+
+  function normalizeCodexApprovalPolicy(value, fallback = null) {
+    const text = String(value || '').trim().toLowerCase();
+    if (!text) return fallback;
+    if (text === 'never' || text === 'no' || text === 'none') return 'never';
+    if (text === 'on-failure' || text === 'on_failure' || text === 'failure') return 'on-failure';
+    if (text === 'on-request' || text === 'on_request' || text === 'request') return 'on-request';
+    if (text === 'untrusted') return 'untrusted';
+    return fallback;
+  }
+
+  function normalizeComparableCodexPermissionProfile(profile) {
+    if (!profile) return null;
+    const sandboxMode = normalizeCodexSandboxMode(
+      profile.sandboxMode || profile.permissionMode,
+      null
+    );
+    const approvalPolicy = normalizeCodexApprovalPolicy(
+      profile.approvalPolicy,
+      null
+    );
+    if (!sandboxMode && !approvalPolicy) return null;
+    return {
+      sandboxMode,
+      approvalPolicy,
+      permissionMode: sandboxMode,
+    };
+  }
+
+  function normalizeSenderId(senderId) {
+    const text = String(senderId || '').trim();
+    return text || '';
+  }
+
+  function sameCodexPermissionProfile(left, right) {
+    const normalizedLeft = normalizeComparableCodexPermissionProfile(left);
+    const normalizedRight = normalizeComparableCodexPermissionProfile(right);
+    if (!normalizedLeft || !normalizedRight) return false;
+    const sameSandbox = normalizedLeft.sandboxMode === normalizedRight.sandboxMode;
+    const leftApproval = String(normalizedLeft.approvalPolicy || '').trim();
+    const rightApproval = String(normalizedRight.approvalPolicy || '').trim();
+    if (!leftApproval || !rightApproval) return sameSandbox;
+    return sameSandbox && leftApproval === rightApproval;
+  }
+
+  function codexSandboxPrivilegeRank(value) {
+    const normalized = normalizeCodexSandboxMode(value, null);
+    if (normalized === 'read-only') return 0;
+    if (normalized === 'workspace-write') return 1;
+    if (normalized === 'danger-full-access') return 2;
+    return -1;
+  }
+
+  function codexApprovalPrivilegeRank(value) {
+    const normalized = normalizeCodexApprovalPolicy(value, null);
+    if (normalized === 'untrusted') return 0;
+    if (normalized === 'on-request') return 1;
+    if (normalized === 'on-failure') return 2;
+    if (normalized === 'never') return 3;
+    return -1;
+  }
+
+  function codexNeedsFallbackForRequestedPermissions(actualProfile, requestedProfile) {
+    const normalizedActual = normalizeComparableCodexPermissionProfile(actualProfile);
+    const normalizedRequested = normalizeComparableCodexPermissionProfile(requestedProfile);
+    if (!normalizedActual || !normalizedRequested) return false;
+    return (
+      codexSandboxPrivilegeRank(normalizedActual.sandboxMode) < codexSandboxPrivilegeRank(normalizedRequested.sandboxMode)
+      || codexApprovalPrivilegeRank(normalizedActual.approvalPolicy) < codexApprovalPrivilegeRank(normalizedRequested.approvalPolicy)
+    );
+  }
+
+  function buildCodexFallbackBridgePrompt({ fullPrompt, previousSessionId, previousProfile, requestedProfile, recentContext }) {
+    const bridge = [];
+    bridge.push('[Note: continuing the same MetaMe persona conversation on a fresh Codex execution thread because the previous thread could not satisfy the newly requested permission profile.]');
+    if (previousSessionId) {
+      bridge.push(`Previous Codex thread: ${String(previousSessionId).slice(0, 8)}`);
+    }
+    if (previousProfile || requestedProfile) {
+      const previousSummary = previousProfile
+        ? `${previousProfile.sandboxMode || previousProfile.permissionMode || 'unknown'}/${previousProfile.approvalPolicy || 'unknown'}`
+        : 'unknown/unknown';
+      const requestedSummary = requestedProfile
+        ? `${requestedProfile.sandboxMode || requestedProfile.permissionMode || 'unknown'}/${requestedProfile.approvalPolicy || 'unknown'}`
+        : 'unknown/unknown';
+      bridge.push(`Permission migration: ${previousSummary} -> ${requestedSummary}`);
+    }
+    if (recentContext && (recentContext.lastUser || recentContext.lastAssistant)) {
+      bridge.push('Recent conversation context:');
+      if (recentContext.lastUser) bridge.push(`Last user message: ${String(recentContext.lastUser).trim()}`);
+      if (recentContext.lastAssistant) bridge.push(`Last assistant reply: ${String(recentContext.lastAssistant).trim()}`);
+    }
+    bridge.push('Continue as the same conversation. Do not mention any internal thread migration unless the user explicitly asks.');
+    return `${bridge.join('\n')}\n\n[Current user message follows:]\n\n${fullPrompt}`;
+  }
+
+  function getActualCodexPermissionProfile(session) {
+    if (!session || !session.id) return null;
+    if (typeof getCodexSessionSandboxProfile === 'function') {
+      return getCodexSessionSandboxProfile(session.id);
+    }
+    if (typeof getCodexSessionPermissionMode === 'function') {
+      const permissionMode = getCodexSessionPermissionMode(session.id);
+      return permissionMode ? { sandboxMode: permissionMode, approvalPolicy: null, permissionMode } : null;
+    }
+    return null;
+  }
+
+  function inspectClaudeResumeSession(session) {
+    const result = {
+      shouldResume: true,
+      modelPin: null,
+      reason: '',
+    };
+    if (!session || !session.started || !session.id) return result;
+    try {
+      const sessionFile = findSessionFile && findSessionFile(session.id);
+      if (!sessionFile) return result;
+      const lines = fs.readFileSync(sessionFile, 'utf8').split('\n').filter(Boolean);
+      for (const line of lines.slice(0, 30)) {
+        const entry = JSON.parse(line);
+        const sessionModel = entry && entry.message && entry.message.model;
+        if (!sessionModel || sessionModel === '<synthetic>') continue;
+        if (!sessionModel.startsWith('claude-')) {
+          return {
+            shouldResume: false,
+            modelPin: null,
+            reason: 'non-claude-session',
+          };
+        }
+        return {
+          shouldResume: true,
+          modelPin: sessionModel,
+          reason: '',
+        };
+      }
+    } catch {
+      return result;
+    }
+    return result;
+  }
+
+  function isClaudeThinkingSignatureError(errMsg) {
+    const msg = String(errMsg || '');
+    return msg.includes('Invalid signature') || msg.includes('thinking block');
+  }
+
+  function formatClaudeResumeFallbackUserMessage(retryError) {
+    if (retryError) {
+      return '⚠️ 旧 session 无法继续，已自动切换到新 session，但本次请求仍失败。';
+    }
+    return '';
+  }
+
+  function classifyCodexResumeFailure(error, errorCode) {
+    const message = String(error || '').trim();
+    const code = String(errorCode || '').trim();
+    const lowered = message.toLowerCase();
+    if (code === 'INTERRUPTED_USER') {
+      return {
+        kind: 'user-stop',
+        userMessage: '⚠️ 当前执行已按你的停止动作中断，本轮不会自动续跑。',
+        retryPromptPrefix: '',
+      };
+    }
+    const interrupted = (
+      lowered.includes('stopped by user')
+      || lowered.includes('interrupted')
+      || lowered.includes('signal')
+      || code === 'INTERRUPTED'
+      || code === 'INTERRUPTED_RESTART'
+    );
+    if (interrupted) {
+      return {
+        kind: 'interrupted',
+        userMessage: '⚠️ 后台刚刚重启或本轮执行被中断。系统正在自动恢复到同一条会话，请稍等。',
+        retryPromptPrefix: '[Note: the previous Codex execution was interrupted by a daemon restart or user stop signal. Continue the same conversation if possible. User message follows:]',
+      };
+    }
+    return {
+      kind: 'expired',
+      userMessage: '⚠️ Codex session 已过期，上下文可能丢失。正在以全新 session 重试，请在回复后补充必要背景。',
+      retryPromptPrefix: '[Note: previous Codex session expired and could not be resumed. Treating this as a new session. User message follows:]',
+    };
+  }
+
 
   /**
    * Parse [[FILE:...]] markers from Claude output.
@@ -497,6 +760,7 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
     timeoutMs = 600000,
     chatId = null,
     metameProject = '',
+    metameSenderId = '',
     runtime = null,
     onSession = null,
   ) {
@@ -516,7 +780,7 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
         cwd,
         stdio: ['pipe', 'pipe', 'pipe'],
         detached: process.platform !== 'win32',
-        env: rt.buildEnv({ metameProject }),
+        env: rt.buildEnv({ metameProject, metameSenderId }),
       });
       log('INFO', `[TIMING:${chatId}] spawned ${rt.name} pid=${child.pid}`);
 
@@ -524,6 +788,7 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
         activeProcesses.set(chatId, {
           child,
           aborted: false,
+          abortReason: null,
           startedAt: _spawnAt,
           engine: rt.name,
           killSignal: rt.killSignal || 'SIGTERM',
@@ -556,6 +821,7 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
       const writtenFiles = [];
       const toolUsageLog = [];
 
+      void timeoutMs;
       const engineTimeouts = rt.timeouts || {};
       const IDLE_TIMEOUT_MS = engineTimeouts.idleMs || (5 * 60 * 1000);
       const TOOL_EXEC_TIMEOUT_MS = engineTimeouts.toolMs || (25 * 60 * 1000);
@@ -776,10 +1042,21 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
 
         const proc = chatId ? activeProcesses.get(chatId) : null;
         const wasAborted = proc && proc.aborted;
+        const abortReason = proc && proc.abortReason ? String(proc.abortReason) : '';
         if (chatId) { activeProcesses.delete(chatId); saveActivePids(); }
 
         if (wasAborted) {
-          finalize({ output: finalResult || null, error: 'Stopped by user', files: writtenFiles, toolUsageLog, usage: finalUsage, sessionId: observedSessionId || '' });
+          finalize({
+            output: finalResult || null,
+            error: 'Stopped by user',
+            errorCode: (abortReason === 'daemon-restart' || abortReason === 'shutdown')
+              ? 'INTERRUPTED_RESTART'
+              : 'INTERRUPTED_USER',
+            files: writtenFiles,
+            toolUsageLog,
+            usage: finalUsage,
+            sessionId: observedSessionId || '',
+          });
           return;
         }
         if (killed) {
@@ -833,11 +1110,22 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
 
   // Track outbound message_id → session for reply-based session restoration.
   // Keeps last 200 entries to avoid unbounded growth.
-  function trackMsgSession(messageId, session, agentKey) {
-    if (!messageId || !session || !session.id) return;
+  function trackMsgSession(messageId, session, agentKey, options = {}) {
+    if (!messageId || !session) return;
+    const forceRouteOnly = !!(options && options.routeOnly);
+    if (!forceRouteOnly && !session.id) return;
     const st = loadState();
     if (!st.msg_sessions) st.msg_sessions = {};
-    st.msg_sessions[messageId] = { id: session.id, cwd: session.cwd, engine: session.engine || getDefaultEngine(), agentKey: agentKey || null };
+    st.msg_sessions[messageId] = {
+      ...(session.id && !forceRouteOnly ? { id: session.id } : {}),
+      ...(session.cwd ? { cwd: session.cwd } : {}),
+      engine: session.engine || getDefaultEngine(),
+      logicalChatId: session.logicalChatId || null,
+      agentKey: agentKey || null,
+      ...(session.sandboxMode ? { sandboxMode: session.sandboxMode } : {}),
+      ...(session.approvalPolicy ? { approvalPolicy: session.approvalPolicy } : {}),
+      ...(session.permissionMode ? { permissionMode: session.permissionMode } : {}),
+    };
     const keys = Object.keys(st.msg_sessions);
     if (keys.length > 200) {
       for (const k of keys.slice(0, keys.length - 200)) delete st.msg_sessions[k];
@@ -866,7 +1154,7 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
     return loadConfig();
   }
 
-  async function askClaude(bot, chatId, prompt, config, readOnly = false) {
+  async function askClaude(bot, chatId, prompt, config, readOnly = false, senderId = null) {
     const _t0 = Date.now();
     log('INFO', `askClaude for ${chatId}: ${prompt.slice(0, 50)}`);
     // Track interaction time for idle/sleep detection
@@ -885,7 +1173,11 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
     let _lastStatusCardContent = null; // tracks last clean text written to card (for final-reply dedup)
     // Early detect bound project for branded ack card (team members / dispatch agents)
     const _ackChatIdStr = String(chatId);
-    const _ackAgentMap = { ...(config.telegram ? config.telegram.chat_agent_map || {} : {}), ...(config.feishu ? config.feishu.chat_agent_map || {} : {}) };
+    const _ackAgentMap = {
+      ...(config.telegram ? config.telegram.chat_agent_map || {} : {}),
+      ...(config.feishu ? config.feishu.chat_agent_map || {} : {}),
+      ...(config.imessage ? config.imessage.chat_agent_map || {} : {}),
+    };
     const _ackBoundKey = _ackAgentMap[_ackChatIdStr] || projectKeyFromVirtualChatId(_ackChatIdStr);
     const _ackBoundProj = _ackBoundKey && config.projects ? config.projects[_ackBoundKey] : null;
     // _ackCardHeader: non-null for agents with icon/name (team members, dispatch); passed to editMessage to preserve header on streaming edits
@@ -895,12 +1187,14 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
     // Fire-and-forget: don't await Telegram RTT before spawning the engine process.
     // statusMsgId will be populated well before the first model output (~5s for codex).
     // For branded agents: send a card with header so streaming edits preserve the agent identity.
-    const _ackFn = (_ackCardHeader && bot.sendCard)
-      ? () => bot.sendCard(chatId, { title: _ackCardHeader.title, body: '🤔', color: _ackCardHeader.color })
-      : () => (bot.sendMarkdown ? bot.sendMarkdown(chatId, '🤔') : bot.sendMessage(chatId, '🤔'));
-    _ackFn()
-      .then(msg => { if (msg && msg.message_id) statusMsgId = msg.message_id; })
-      .catch(e => log('ERROR', `Failed to send ack to ${chatId}: ${e.message}`));
+    if (!bot.suppressAck) {
+      const _ackFn = (_ackCardHeader && bot.sendCard)
+        ? () => bot.sendCard(chatId, { title: _ackCardHeader.title, body: '🤔', color: _ackCardHeader.color })
+        : () => (bot.sendMarkdown ? bot.sendMarkdown(chatId, '🤔') : bot.sendMessage(chatId, '🤔'));
+      _ackFn()
+        .then(msg => { if (msg && msg.message_id) statusMsgId = msg.message_id; })
+        .catch(e => log('ERROR', `Failed to send ack to ${chatId}: ${e.message}`));
+    }
     bot.sendTyping(chatId).catch(() => { });
     const typingTimer = setInterval(() => {
       bot.sendTyping(chatId).catch(() => { });
@@ -913,7 +1207,11 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
 
       // Agent nickname routing: "贾维斯" / "小美，帮我..." → switch project session
       // Strict chats (chat_agent_map bound groups) must NOT switch agents via nickname
-      const _strictAgentMap = { ...(config.telegram ? config.telegram.chat_agent_map : {}), ...(config.feishu ? config.feishu.chat_agent_map : {}) };
+      const _strictAgentMap = {
+        ...(config.telegram ? config.telegram.chat_agent_map : {}),
+        ...(config.feishu ? config.feishu.chat_agent_map : {}),
+        ...(config.imessage ? config.imessage.chat_agent_map : {}),
+      };
       const _isStrictChatSession = !!(_strictAgentMap[String(chatId)] || projectKeyFromVirtualChatId(String(chatId)));
       const agentMatch = _isStrictChatSession ? null : routeAgent(prompt, config);
       if (agentMatch) {
@@ -935,12 +1233,17 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
       // BUT: skip skill routing if agent addressed by nickname OR chat already has an active session
       // (active conversation should never be hijacked by keyword-based skill matching)
       const chatIdStr = String(chatId);
-      const chatAgentMap = { ...(config.telegram ? config.telegram.chat_agent_map : {}), ...(config.feishu ? config.feishu.chat_agent_map : {}) };
+      const chatAgentMap = {
+        ...(config.telegram ? config.telegram.chat_agent_map : {}),
+        ...(config.feishu ? config.feishu.chat_agent_map : {}),
+        ...(config.imessage ? config.imessage.chat_agent_map : {}),
+      };
       const boundProjectKey = chatAgentMap[chatIdStr] || projectKeyFromVirtualChatId(chatIdStr);
       const boundProject = boundProjectKey && config.projects ? config.projects[boundProjectKey] : null;
-      // Each virtual chatId (including clones) keeps its own isolated session.
-      // Parallel tasks must not share JSONL files — concurrent writes cause corruption.
-      const sessionChatId = boundProjectKey ? `_agent_${boundProjectKey}` : chatId;
+      const daemonCfg = (config && config.daemon) || {};
+      // Keep real group chats on their own session key.
+      // Only true virtual agents (_agent_*) should use the virtual namespace.
+      const sessionChatId = getSessionChatId(chatId, boundProjectKey);
       const sessionRaw = getSession(sessionChatId);
       const boundCwd = (boundProject && boundProject.cwd) ? normalizeCwd(boundProject.cwd) : null;
       const boundEngineName = (boundProject && boundProject.engine) ? normalizeEngineName(boundProject.engine) : getDefaultEngine();
@@ -950,40 +1253,85 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
         (boundProject && boundProject.engine) || getDefaultEngine()
       );
       const runtime = getEngineRuntime(engineName);
+      const requestedCodexPermissionProfile = engineName === 'codex'
+        ? getCodexPermissionProfile(readOnly, daemonCfg)
+        : null;
 
       // hasActiveSession: does the current engine have an ongoing conversation?
       const hasActiveSession = sessionRaw && (
         sessionRaw.engines ? !!(sessionRaw.engines[engineName]?.started) : !!sessionRaw.started
       );
-      const skill = (agentMatch || hasActiveSession) ? null : routeSkill(prompt);
+      const detectedSkill = routeSkill(prompt);
+      const skill = shouldAutoRouteSkill({
+        agentMatch,
+        hasActiveSession,
+        boundProjectKey,
+        skillName: detectedSkill,
+      })
+        ? detectedSkill
+        : null;
 
       if (!sessionRaw) {
         // No saved state for this chatId: start a fresh session.
         // Note: daemon_state.json persists across restarts, so this only happens on truly first use
         // or after an explicit /new command.
-        createSession(sessionChatId, boundCwd || undefined, boundProject && boundProject.name ? boundProject.name : '', boundEngineName);
+        createSession(
+          sessionChatId,
+          boundCwd || undefined,
+          boundProject && boundProject.name ? boundProject.name : '',
+          boundEngineName,
+          boundEngineName === 'codex' ? requestedCodexPermissionProfile : undefined
+        );
       }
 
       // Resolve flat view for current engine (id + started are engine-specific; cwd is shared)
-      let session = getSessionForEngine(sessionChatId, engineName) || { cwd: boundCwd || HOME, engine: engineName, id: null, started: false };
+      let session = resolveSessionForEngine(sessionChatId, engineName) || { cwd: boundCwd || HOME, engine: engineName, id: null, started: false };
       session.engine = engineName; // keep local copy for Codex resume detection below
+      session.logicalChatId = sessionChatId;
 
       // Pre-spawn session validation: unified for all engines.
       // Claude checks JSONL file existence; Codex checks SQLite. Same interface, different backend.
       // Skip warning for virtual agents (team members) - they may use worktrees with fresh sessions
       const isVirtualAgent = String(sessionChatId).startsWith('_agent_');
       if (session.started && session.id && session.id !== '__continue__' && session.cwd) {
-        const valid = isEngineSessionValid(engineName, session.id, session.cwd);
+        const valid = validateEngineSession(engineName, session.id, session.cwd);
         if (!valid) {
           log('WARN', `${engineName} session ${session.id.slice(0, 8)} invalid for ${sessionChatId}; starting fresh ${engineName} session`);
           if (!isVirtualAgent) {
             await bot.sendMessage(chatId, '⚠️ 上次 session 已失效，已自动开启新 session。').catch(() => { });
           }
-          session = createSession(sessionChatId, session.cwd, boundProject && boundProject.name ? boundProject.name : '', engineName);
+          session = createSession(
+            sessionChatId,
+            session.cwd,
+            boundProject && boundProject.name ? boundProject.name : '',
+            engineName,
+            engineName === 'codex' ? requestedCodexPermissionProfile : undefined
+          );
         }
       }
 
-      const daemonCfg = (config && config.daemon) || {};
+      if (runtime.name === 'codex' && session.started && session.id) {
+        const actualPermissionProfile = getActualCodexPermissionProfile(session);
+        if (actualPermissionProfile) {
+          const storedPermissionProfile = normalizeComparableCodexPermissionProfile(session);
+          if (!sameCodexPermissionProfile(storedPermissionProfile, actualPermissionProfile)) {
+            session = { ...session, ...actualPermissionProfile };
+            await patchSessionSerialized(sessionChatId, (cur) => {
+              const engines = { ...(cur.engines || {}) };
+              engines.codex = {
+                ...(engines.codex || {}),
+                ...(actualPermissionProfile || {}),
+              };
+              return { ...cur, engines };
+            });
+          }
+          if (!sameCodexPermissionProfile(actualPermissionProfile, requestedCodexPermissionProfile)) {
+            const actualSummary = `${actualPermissionProfile.sandboxMode || actualPermissionProfile.permissionMode || 'unknown'}/${actualPermissionProfile.approvalPolicy || 'unknown'}`;
+            const requestedSummary = `${requestedCodexPermissionProfile.sandboxMode}/${requestedCodexPermissionProfile.approvalPolicy}`;
+            log('INFO', `Codex session ${session.id.slice(0, 8)} permission differs for ${sessionChatId}: ${actualSummary} vs requested ${requestedSummary}; preserving existing session continuity`);
+          }
+        }
+      }
       const mentorCfg = (daemonCfg.mentor && typeof daemonCfg.mentor === 'object') ? daemonCfg.mentor : {};
       const mentorEnabled = !!(mentorEngine && mentorCfg.enabled);
       const excludeAgents = new Set(
@@ -1011,35 +1359,21 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
       }
 
       // Build engine command — prefer per-engine model, fall back to legacy daemon.model
-      const model = resolveEngineModel(runtime.name, daemonCfg, boundProject && boundProject.model);
-      const args = runtime.buildArgs({
-        model,
-        readOnly,
-        daemonCfg,
-        session,
-        cwd: session.cwd,
-      });
-
-      // Codex: write/refresh AGENTS.md = CLAUDE.md + SOUL.md on every new session.
-      // Written as a real file (not a symlink) for Windows compatibility.
-      // Refreshed each session so edits to CLAUDE.md or SOUL.md are always picked up.
-      // Codex auto-loads AGENTS.md from cwd and all parent dirs up to ~.
-      if (engineName === 'codex' && session.cwd && !session.started) {
-        try {
-          const parts = [];
-          const claudeMd = path.join(session.cwd, 'CLAUDE.md');
-          const soulMd = path.join(session.cwd, 'SOUL.md');
-          if (fs.existsSync(claudeMd)) parts.push(fs.readFileSync(claudeMd, 'utf8').trim());
-          if (fs.existsSync(soulMd)) {
-            const soulContent = fs.readFileSync(soulMd, 'utf8').trim();
-            if (soulContent) parts.push(soulContent);
+      let model = resolveEngineModel(runtime.name, daemonCfg, boundProject && boundProject.model);
+
+      // When resuming a Claude session, inspect the original model first.
+      // Thinking block signatures are model-specific; non-Claude JSONL sessions
+      // must not be resumed as Claude.
+      if (runtime.name === 'claude' && session.started && session.id) {
+        const resumeInspection = inspectClaudeResumeSession(session);
+        if (resumeInspection.shouldResume === false) {
+          log('INFO', `[ModelPin] session ${session.id.slice(0, 8)} flagged as ${resumeInspection.reason}; starting fresh Claude session`);
+          session = createSession(sessionChatId, session.cwd, boundProject && boundProject.name ? boundProject.name : '', runtime.name);
+        } else if (resumeInspection.modelPin) {
+          if (resumeInspection.modelPin !== model) {
+            log('INFO', `[ModelPin] resuming ${session.id.slice(0, 8)} with original model ${resumeInspection.modelPin} (configured: ${model})`);
           }
-          if (parts.length > 0) {
-            fs.writeFileSync(path.join(session.cwd, 'AGENTS.md'), parts.join('\n\n'), 'utf8');
-            log('INFO', `Refreshed AGENTS.md (${parts.length} section(s)) in ${session.cwd}`);
-          }
-        } catch (e) {
-          log('WARN', `AGENTS.md refresh failed: ${e.message}`);
+          model = resumeInspection.modelPin;
         }
       }
 
@@ -1060,9 +1394,29 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
 
       // Memory & Knowledge Injection (RAG)
       let memoryHint = '';
+
+      // Compact context injection: injected once on first message after /compact, then cleared
+      if (!session.started && session.compactContext) {
+        const _compactCtx = String(session.compactContext).trim();
+        if (_compactCtx) {
+          memoryHint += `\n\n[Context from previous session (compacted):\n${_compactCtx}]`;
+          try {
+            const _stC = loadState();
+            const _engSlot = _stC.sessions && _stC.sessions[sessionChatId] && _stC.sessions[sessionChatId].engines
+              ? _stC.sessions[sessionChatId].engines[engineName]
+              : null;
+            if (_engSlot) { delete _engSlot.compactContext; saveState(_stC); }
+          } catch { /* non-critical */ }
+        }
+      }
+
       // projectKey must be declared outside the try block so the daemonHint template below can reference it.
       const _cid0 = String(chatId);
-      const _agentMap0 = { ...(config.telegram ? config.telegram.chat_agent_map : {}), ...(config.feishu ? config.feishu.chat_agent_map : {}) };
+      const _agentMap0 = {
+        ...(config.telegram ? config.telegram.chat_agent_map : {}),
+        ...(config.feishu ? config.feishu.chat_agent_map : {}),
+        ...(config.imessage ? config.imessage.chat_agent_map : {}),
+      };
       const projectKey = _agentMap0[_cid0] || projectKeyFromVirtualChatId(_cid0);
       try {
         const memory = require('./memory');
@@ -1159,30 +1513,24 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
       }
 
       // Inject daemon hints only on first message of a session
-      // Task-specific rules (3-5) are injected only when isTaskIntent() returns true (~250 token saving for casual chat)
+      // Task-specific rules (3-4) are injected only when isTaskIntent() returns true (~250 token saving for casual chat)
       let daemonHint = '';
       if (!session.started) {
+        const mentorRadarHint = (config && config.daemon && config.daemon.mentor && config.daemon.mentor.enabled)
+          ? '\n   When you observe the user is clearly expert or beginner in a domain, note it in your response and suggest: "要不要把你的 {domain} 水平 ({level}) 记录到能力雷达？"'
+          : '';
         const taskRules = isTaskIntent(prompt) ? `
-3. Knowledge retrieval: When you need context about a specific topic, past decisions, or lessons, call:
-   node ~/.metame/memory-search.js "关键词1" "keyword2"
-   If no relevant facts surface, check ~/.metame/memory/INDEX.md for available playbook/decision docs.
-   Use these before answering complex questions about MetaMe architecture or past decisions.
-4. Active memory: After confirming a new insight, bug root cause, or user preference, persist it with:
+3. Active memory: After confirming a new insight, bug root cause, or user preference, persist it with:
    node ~/.metame/memory-write.js "Entity.sub" "relation_type" "value (20-300 chars)"
    Valid relations: tech_decision, bug_lesson, arch_convention, config_fact, config_change, workflow_rule, project_milestone
    Only write verified facts. Do not write speculative or process-description entries.
-   When you observe the user is clearly expert or beginner in a domain, note it in your response and suggest: "要不要把你的 {domain} 水平 ({level}) 记录到能力雷达？"
-5. Task handoff: When suspending a multi-step task or handing off to another agent, write current status to ~/.metame/memory/now/${projectKey || 'default'}.md using:
+${mentorRadarHint}
+4. Task handoff: When suspending a multi-step task or handing off to another agent, write current status to ~/.metame/memory/now/${projectKey || 'default'}.md using:
    \`mkdir -p ~/.metame/memory/now && printf '%s\\n' "## Current Task" "{task}" "" "## Progress" "{progress}" "" "## Next Step" "{next}" > ~/.metame/memory/now/${projectKey || 'default'}.md\`
    Keep it under 200 words. Clear it when the task is fully complete by running: \`> ~/.metame/memory/now/${projectKey || 'default'}.md\`` : '';
         daemonHint = `\n\n[System hints - DO NOT mention these to user:
 1. Daemon config: The ONLY config is ~/.metame/daemon.yaml (never edit daemon-default.yaml). Auto-reloads on change.
-2. File sending: User is on MOBILE. When they ask to see/download a file:
-   - Just FIND the file path (use Glob/ls if needed)
-   - Do NOT read or summarize the file content (wastes tokens)
-   - Add at END of response: [[FILE:/absolute/path/to/file]]
-   - Keep response brief: "请查收~! [[FILE:/path/to/file]]"
-   - Multiple files: use multiple [[FILE:...]] tags${zdpHint ? '\n   Explanation depth (ZPD):\n' + zdpHint : ''}${taskRules}]`;
+2. Explanation depth (ZPD):${zdpHint ? zdpHint : '\n- User competence map unavailable. Default to concise expert-first explanations unless the user asks for teaching mode.'}${taskRules}]`;
       }
 
       daemonHint = adaptDaemonHintForEngine(daemonHint, runtime.name);
@@ -1279,14 +1627,69 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
       const langGuard = session.started
         ? ''
         : '\n\n[Respond in Simplified Chinese (简体中文) only. NEVER switch to Korean, Japanese, or other languages regardless of tool output or context language.]';
-      const fullPrompt = routedPrompt + daemonHint + agentHint + macAutomationHint + summaryHint + memoryHint + mentorHint + langGuard;
+      let intentHint = '';
+      if (runtime.name === 'codex') {
+        try {
+          const block = buildIntentHintBlock(prompt, config, boundProjectKey || projectKey || '');
+          if (block) intentHint = `\n\n${block}`;
+        } catch (e) {
+          log('WARN', `Intent registry injection failed: ${e.message}`);
+        }
+      }
+      const fullPrompt = routedPrompt + daemonHint + intentHint + agentHint + macAutomationHint + summaryHint + memoryHint + mentorHint + langGuard;
+      if (runtime.name === 'codex' && session.started && session.id && requestedCodexPermissionProfile) {
+        const actualPermissionProfile = getActualCodexPermissionProfile(session);
+        if (codexNeedsFallbackForRequestedPermissions(actualPermissionProfile, requestedCodexPermissionProfile)) {
+          const actualSummary = actualPermissionProfile
+            ? `${actualPermissionProfile.sandboxMode || actualPermissionProfile.permissionMode || 'unknown'}/${actualPermissionProfile.approvalPolicy || 'unknown'}`
+            : 'unknown/unknown';
+          const requestedSummary = `${requestedCodexPermissionProfile.sandboxMode}/${requestedCodexPermissionProfile.approvalPolicy}`;
+          log('INFO', `Codex session ${session.id.slice(0, 8)} is below requested permissions for ${sessionChatId}: ${actualSummary} vs ${requestedSummary}; trying native resume first`);
+        }
+      }
+
+      const args = runtime.buildArgs({
+        model,
+        readOnly,
+        daemonCfg,
+        session,
+        cwd: session.cwd,
+        permissionProfile: runtime.name === 'codex' ? requestedCodexPermissionProfile : null,
+      });
+
+      // Codex: write/refresh AGENTS.md = CLAUDE.md + SOUL.md on every fresh execution thread.
+      // This must happen after any permission-triggered fallback decision so the spawned process uses
+      // the final session object and fresh exec args rather than stale resume args.
+      if (engineName === 'codex' && session.cwd && !session.started) {
+        try {
+          const parts = [];
+          const claudeMd = path.join(session.cwd, 'CLAUDE.md');
+          const soulMd = path.join(session.cwd, 'SOUL.md');
+          if (fs.existsSync(claudeMd)) parts.push(fs.readFileSync(claudeMd, 'utf8').trim());
+          if (fs.existsSync(soulMd)) {
+            const soulContent = fs.readFileSync(soulMd, 'utf8').trim();
+            if (soulContent) parts.push(soulContent);
+          }
+          if (parts.length > 0) {
+            fs.writeFileSync(path.join(session.cwd, 'AGENTS.md'), parts.join('\n\n'), 'utf8');
+            log('INFO', `Refreshed AGENTS.md (${parts.length} section(s)) in ${session.cwd}`);
+          }
+        } catch (e) {
+          log('WARN', `AGENTS.md refresh failed: ${e.message}`);
+        }
+      }
 
       // Git checkpoint before Claude modifies files (for /undo).
       // Skip for virtual agents (team clones like _agent_yi) — each has its own worktree,
       // but checkpoint uses `git add -A` which could interfere with parallel work.
       const _isVirtualAgent = String(chatId).startsWith('_agent_') || String(chatId).startsWith('_scope_');
       if (!_isVirtualAgent) {
-        (gitCheckpointAsync || gitCheckpoint)(session.cwd, prompt).catch?.(() => { });
+        try {
+          const checkpointResult = (gitCheckpointAsync || gitCheckpoint)(session.cwd, prompt);
+          if (checkpointResult && typeof checkpointResult.catch === 'function') {
+            checkpointResult.catch(() => { });
+          }
+        } catch { /* non-critical */ }
       }
       log('INFO', `[TIMING:${chatId}] pre-spawn +${Date.now() - _t0}ms (engine:${runtime.name} started:${session.started})`);
 
@@ -1352,11 +1755,21 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
           ...session,
           id: safeNextId,
           engine: runtime.name,
+          logicalChatId: sessionChatId,
           started: true,
         };
         await patchSessionSerialized(sessionChatId, (cur) => {
           const engines = { ...(cur.engines || {}) };
-          engines[runtime.name] = { ...(engines[runtime.name] || {}), id: safeNextId, started: true };
+          const actualPermissionProfile = runtime.name === 'codex'
+            ? (getActualCodexPermissionProfile({ id: safeNextId }) || requestedCodexPermissionProfile)
+            : null;
+          engines[runtime.name] = {
+            ...(engines[runtime.name] || {}),
+            id: safeNextId,
+            started: true,
+            ...(runtime.name === 'codex' ? { runtimeSessionObserved: true } : {}),
+            ...(runtime.name === 'codex' ? actualPermissionProfile : {}),
+          };
           return { ...cur, cwd: session.cwd || cur.cwd || HOME, engines };
         });
         if (runtime.name === 'codex' && wasStarted && prevSessionId && prevSessionId !== safeNextId && prevSessionId !== '__continue__') {
@@ -1364,7 +1777,7 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
         }
       };
 
-      let output, error, errorCode, files, toolUsageLog, timedOut, usage, sessionId;
+      let output, error, errorCode, files, toolUsageLog, timedOut, sessionId;
       try {
         ({
           output,
@@ -1373,7 +1786,6 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
           timedOut,
           files,
           toolUsageLog,
-          usage,
           sessionId,
         } = await spawnClaudeStreaming(
           args,
@@ -1383,39 +1795,122 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
           600000,
           chatId,
           boundProjectKey || '',
+          normalizeSenderId(senderId),
           runtime,
           onSession,
         ));
 
         if (sessionId) await onSession(sessionId);
 
+        if (runtime.name === 'codex' && requestedCodexPermissionProfile) {
+          let observedRuntimeProfile = getActualCodexPermissionProfile(sessionId ? { id: sessionId } : session);
+          let stabilizationRetryCount = 0;
+          while (codexNeedsFallbackForRequestedPermissions(observedRuntimeProfile, requestedCodexPermissionProfile)
+            && stabilizationRetryCount < CODEX_PERMISSION_STABILIZE_MAX_RETRIES) {
+            stabilizationRetryCount += 1;
+            const previousSessionId = String(sessionId || session.id || '').trim();
+            const observedSummary = observedRuntimeProfile
+              ? `${observedRuntimeProfile.sandboxMode || observedRuntimeProfile.permissionMode || 'unknown'}/${observedRuntimeProfile.approvalPolicy || 'unknown'}`
+              : 'unknown/unknown';
+            const requestedSummary = `${requestedCodexPermissionProfile.sandboxMode}/${requestedCodexPermissionProfile.approvalPolicy}`;
+            log(
+              'WARN',
+              `Codex thread ${String(sessionId || session.id || '').slice(0, 8)} ended below requested permissions for ${sessionChatId}: ${observedSummary} vs ${requestedSummary}; retrying with a new execution thread (${stabilizationRetryCount}/${CODEX_PERMISSION_STABILIZE_MAX_RETRIES})`
+            );
+            session = createSession(
+              sessionChatId,
+              session.cwd,
+              boundProject && boundProject.name ? boundProject.name : '',
+              'codex',
+              requestedCodexPermissionProfile
+            );
+            const retryRecentContext = previousSessionId && typeof getSessionRecentContext === 'function'
+              ? getSessionRecentContext(previousSessionId)
+              : null;
+            const freshRetryPrompt = buildCodexFallbackBridgePrompt({
+              fullPrompt,
+              previousSessionId,
+              previousProfile: normalizeComparableCodexPermissionProfile(observedRuntimeProfile),
+              requestedProfile: requestedCodexPermissionProfile,
+              recentContext: retryRecentContext,
+            });
+            const freshRetryArgs = runtime.buildArgs({
+              model,
+              readOnly,
+              daemonCfg,
+              session,
+              cwd: session.cwd,
+              permissionProfile: requestedCodexPermissionProfile,
+            });
+            ({
+              output,
+              error,
+              errorCode,
+              timedOut,
+              files,
+              toolUsageLog,
+              sessionId,
+            } = await spawnClaudeStreaming(
+              freshRetryArgs,
+              freshRetryPrompt,
+              session.cwd,
+              onStatus,
+              600000,
+              chatId,
+              boundProjectKey || '',
+              normalizeSenderId(senderId),
+              runtime,
+              onSession,
+            ));
+            if (sessionId) await onSession(sessionId);
+            observedRuntimeProfile = getActualCodexPermissionProfile(sessionId ? { id: sessionId } : session);
+          }
+          if (codexNeedsFallbackForRequestedPermissions(observedRuntimeProfile, requestedCodexPermissionProfile)) {
+            const observedSummary = observedRuntimeProfile
+              ? `${observedRuntimeProfile.sandboxMode || observedRuntimeProfile.permissionMode || 'unknown'}/${observedRuntimeProfile.approvalPolicy || 'unknown'}`
+              : 'unknown/unknown';
+            const requestedSummary = `${requestedCodexPermissionProfile.sandboxMode}/${requestedCodexPermissionProfile.approvalPolicy}`;
+            log(
+              'WARN',
+              `Codex thread ${String(sessionId || session.id || '').slice(0, 8)} still below requested permissions for ${sessionChatId} after ${CODEX_PERMISSION_STABILIZE_MAX_RETRIES} stabilization retries: ${observedSummary} vs ${requestedSummary}`
+            );
+          }
+        }
+
+        const resumeFailure = classifyCodexResumeFailure(error, errorCode);
         if (shouldRetryCodexResumeFallback({
           runtimeName: runtime.name,
           wasResumeAttempt: wasCodexResumeAttempt,
           output,
           error,
           errorCode,
-          canRetry: canRetryCodexResume(chatId),
+          failureKind: resumeFailure.kind,
+          canRetry: canRetryCodexResume(chatId, resumeFailure.kind),
         })) {
-          markCodexResumeRetried(chatId);
-          log('WARN', `Codex resume failed for ${chatId}, retrying once with fresh exec: ${String(error).slice(0, 120)}`);
-          // Notify user explicitly — silent context loss is worse than a visible warning.
-          await bot.sendMessage(chatId, '⚠️ Codex session 已过期，上下文丢失。正在以全新 session 重试，请在回复后补充必要背景。').catch(() => { });
-          session = createSession(
-            sessionChatId,
-            session.cwd,
-            boundProject && boundProject.name ? boundProject.name : '',
-            'codex'
+          markCodexResumeRetried(chatId, resumeFailure.kind);
+          log(
+            'WARN',
+            `Codex resume failed for ${chatId}, retrying once with ${resumeFailure.kind === 'interrupted' ? 'native resume recovery' : 'fresh exec'}: ${String(error).slice(0, 120)}`
           );
+          await bot.sendMessage(chatId, resumeFailure.userMessage).catch(() => { });
+          if (resumeFailure.kind !== 'interrupted') {
+            session = createSession(
+              sessionChatId,
+              session.cwd,
+              boundProject && boundProject.name ? boundProject.name : '',
+              'codex',
+              requestedCodexPermissionProfile
+            );
+          }
           const retryArgs = runtime.buildArgs({
             model,
             readOnly,
             daemonCfg,
             session,
             cwd: session.cwd,
+            permissionProfile: requestedCodexPermissionProfile,
           });
-          // Prepend a context-loss marker so Codex knows this is a fresh session mid-conversation.
-          const retryPrompt = `[Note: previous Codex session expired and could not be resumed. Treating this as a new session. User message follows:]\n\n${fullPrompt}`;
+          const retryPrompt = `${resumeFailure.retryPromptPrefix}\n\n${fullPrompt}`;
           ({
             output,
             error,
@@ -1423,7 +1918,6 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
             timedOut,
             files,
             toolUsageLog,
-            usage,
             sessionId,
           } = await spawnClaudeStreaming(
             retryArgs,
@@ -1433,6 +1927,7 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
             600000,
             chatId,
             boundProjectKey || '',
+            normalizeSenderId(senderId),
             runtime,
             onSession,
           ));
@@ -1507,7 +2002,11 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
       }
 
       if (output) {
-        if (runtime.name === 'codex') _codexResumeRetryTs.delete(String(chatId));
+        if (runtime.name === 'codex') {
+          _codexResumeRetryTs.delete(getCodexResumeRetryKey(chatId, 'interrupted'));
+          _codexResumeRetryTs.delete(getCodexResumeRetryKey(chatId, 'expired'));
+          _codexResumeRetryTs.delete(getCodexResumeRetryKey(chatId, 'default'));
+        }
         // Detect provider/model errors disguised as output (e.g., "model not found", API errors)
         if (runtime.name === 'claude') {
           const activeProvCheck = providerMod ? providerMod.getActiveName() : 'anthropic';
@@ -1527,7 +2026,12 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
 
         // Mark session as started after first successful call
         const wasNew = !session.started;
-        if (wasNew) markSessionStarted(sessionChatId, engineName);
+        if (wasNew) {
+          markSessionStarted(sessionChatId, engineName);
+          if (runtime.name === 'codex' && session.runtimeSessionObserved === false) {
+            log('WARN', `Codex completed without emitting thread id for ${chatId}; keeping session non-resumable until a real thread id is observed`);
+          }
+        }
 
         const estimated = Math.ceil((prompt.length + output.length) / 4);
         const chatCategory = classifyChatUsage(chatId, {
@@ -1562,6 +2066,11 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
         try {
           log('DEBUG', `[REPLY:${chatId}] statusMsgId=${statusMsgId} editFailed=${editFailed} activeProject=${activeProject && activeProject.name} lastCard=${_lastStatusCardContent ? _lastStatusCardContent.slice(0, 40) : 'null'}`);
 
+          // siri_ask: write full response to temp file for any dispatch-triggered reply
+          if (chatId && chatId.startsWith('_agent_') && cleanOutput) {
+            try { require('fs').writeFileSync('/tmp/siri_response.txt', cleanOutput); } catch {}
+          }
+
           // Strategy: always try to update the status card first (avoids sending a new card
           // while the old 🤔 card lingers, which would produce two messages).
           // If edit fails: try to delete the status card (awaited, not fire-and-forget).
@@ -1613,9 +2122,26 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
             log('ERROR', `sendMessage fallback also failed: ${e2.message}`);
           }
         }
-        if (replyMsg && replyMsg.message_id && session) trackMsgSession(replyMsg.message_id, session, String(chatId).startsWith('_agent_') ? String(chatId).slice(7) : null);
+        const trackedAgentKey = String(chatId).startsWith('_agent_') ? String(chatId).slice(7) : null;
+        if (replyMsg && replyMsg.message_id && session) {
+          if (runtime.name === 'codex' && session.runtimeSessionObserved === false) {
+            trackMsgSession(replyMsg.message_id, session, trackedAgentKey, { routeOnly: true });
+          } else {
+            trackMsgSession(replyMsg.message_id, session, trackedAgentKey);
+          }
+        }
 
-        await sendFileButtons(bot, chatId, mergeFileCollections(markedFiles, files));
+        const fileMsgs = await sendFileButtons(bot, chatId, mergeFileCollections(markedFiles, files));
+        if (session && Array.isArray(fileMsgs)) {
+          for (const msg of fileMsgs) {
+            if (!msg || !msg.message_id) continue;
+            if (runtime.name === 'codex' && session.runtimeSessionObserved === false) {
+              trackMsgSession(msg.message_id, session, trackedAgentKey, { routeOnly: true });
+            } else {
+              trackMsgSession(msg.message_id, session, trackedAgentKey);
+            }
+          }
+        }
 
         // Timeout: also send the reason after the partial result
         if (timedOut && error) {
@@ -1653,9 +2179,12 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
           : `Error: ${errMsg.slice(0, 200)}`;
         log('ERROR', `ask${runtime.name === 'codex' ? 'Codex' : 'Claude'} failed for ${chatId}: ${errMsg.slice(0, 300)} (${errorCode || 'NO_CODE'})`);
 
-        // If session not found (expired/deleted), create new and retry once (Claude path)
-        if (runtime.name === 'claude' && (errMsg.includes('not found') || errMsg.includes('No session') || errMsg.includes('already in use'))) {
-          log('WARN', `Session ${session.id} unusable (${errMsg.includes('already in use') ? 'locked' : 'not found'}), creating new`);
+        // If session not found / locked / thinking signature invalid — create new and retry once (Claude path)
+        const _isThinkingSignatureError = isClaudeThinkingSignatureError(errMsg);
+        const _isSessionResumeFail = errMsg.includes('not found') || errMsg.includes('No session') || errMsg.includes('already in use') || _isThinkingSignatureError;
+        if (runtime.name === 'claude' && _isSessionResumeFail) {
+          const _reason = errMsg.includes('already in use') ? 'locked' : _isThinkingSignatureError ? 'thinking-signature-invalid' : 'not found';
+          log('WARN', `Session ${session.id} unusable (${_reason}), creating new`);
           session = createSession(sessionChatId, session.cwd, '', runtime.name);
 
           const retryArgs = runtime.buildArgs({
@@ -1674,6 +2203,7 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
             600000,
             chatId,
             boundProjectKey || '',
+            normalizeSenderId(senderId),
             runtime,
             onSession,
           );
@@ -1686,7 +2216,10 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
             return { ok: true };
           } else {
             log('ERROR', `askClaude retry failed: ${(retry.error || '').slice(0, 200)}`);
-            try { await bot.sendMessage(chatId, userErrMsg); } catch { /* */ }
+            const retryUserMsg = _isThinkingSignatureError
+              ? formatClaudeResumeFallbackUserMessage(retry.error || errMsg)
+              : userErrMsg;
+            try { await bot.sendMessage(chatId, retryUserMsg); } catch { /* */ }
             return { ok: false, error: retry.error || errMsg };
           }
         } else {
@@ -1733,9 +2266,23 @@ Reply with ONLY the name, nothing else. Examples: 插件开发, API重构, Bug
       shouldRetryCodexResumeFallback,
       formatEngineSpawnError,
       adaptDaemonHintForEngine,
+      getSessionChatId,
+      getCodexPermissionProfile,
+      getActualCodexPermissionProfile,
+      sameCodexPermissionProfile,
+      inspectClaudeResumeSession,
+      isClaudeThinkingSignatureError,
+      formatClaudeResumeFallbackUserMessage,
+      classifyCodexResumeFailure,
       canRetryCodexResume,
       markCodexResumeRetried,
+      getCodexResumeRetryKey,
       CODEX_RESUME_RETRY_WINDOW_MS,
+      shouldAutoRouteSkill,
+      codexSandboxPrivilegeRank,
+      codexApprovalPrivilegeRank,
+      codexNeedsFallbackForRequestedPermissions,
+      buildCodexFallbackBridgePrompt,
     },
   };
 }