pikiloom 0.4.14 → 0.4.16

package/dist/agent/drivers/hermes.js

@@ -16,7 +16,7 @@ import { join, extname } from 'node:path';
 import { resolve as resolvePath } from 'node:path';
 import { registerDriver } from '../driver.js';
 import { AcpClient, toAcpMcpServers } from '../acp-client.js';
-import { agentLog, agentWarn, emptyUsage, normalizeErrorMessage, listPikiloomSessions, findPikiloomSession, buildStreamPreviewMeta, applyTurnWindow, pushRecentActivity, IMAGE_EXTS, mimeForExt, } from '../index.js';
+import { agentLog, agentWarn, emptyUsage, normalizeErrorMessage, listPikiloomSessions, managedRecordToSessionInfo, findPikiloomSession, buildStreamPreviewMeta, applyTurnWindow, pushRecentActivity, IMAGE_EXTS, mimeForExt, } from '../index.js';
 // Build the ACP `prompt` content array from the user's text + staged
 // attachments. Images become ImageContentBlocks (base64 + mimeType — the
 // shape Hermes' acp_adapter accepts and converts to OpenAI multimodal
@@ -370,32 +370,10 @@ async function getHermesSessions(workdir, limit) {
     // for the `hermes sessions` CLI but irrelevant to pikiloom, which always
     // creates its own ACP session per turn and records it under .pikiloom.
     const resolvedWorkdir = resolvePath(workdir);
+    // Canonical record→SessionInfo mapper (single source of truth) — see claude.ts.
+    // Hand-rolling dropped thinkingEffort/workflowEnabled/profileId.
     const records = listPikiloomSessions(resolvedWorkdir, 'hermes');
-    const sessions = records.map(record => ({
-        sessionId: record.sessionId,
-        agent: 'hermes',
-        workdir: record.workdir,
-        workspacePath: record.workspacePath,
-        threadId: record.threadId,
-        model: record.model,
-        createdAt: record.createdAt,
-        title: record.title,
-        running: record.runState === 'running',
-        runState: record.runState,
-        runDetail: record.runDetail,
-        runUpdatedAt: record.runUpdatedAt,
-        runPid: record.runPid,
-        classification: record.classification,
-        userStatus: record.userStatus,
-        userNote: record.userNote,
-        lastQuestion: record.lastQuestion,
-        lastAnswer: record.lastAnswer,
-        lastMessageText: record.lastMessageText,
-        migratedFrom: record.migratedFrom,
-        migratedTo: record.migratedTo,
-        linkedSessions: record.linkedSessions,
-        numTurns: record.numTurns ?? null,
-    }));
+    const sessions = records.map(managedRecordToSessionInfo);
     sessions.sort((a, b) => Date.parse(b.createdAt || '') - Date.parse(a.createdAt || ''));
     const sliced = typeof limit === 'number' ? sessions.slice(0, limit) : sessions;
     agentLog(`[sessions:hermes] workdir=${resolvedWorkdir} pikiloom=${records.length} returned=${sliced.length}`);

package/dist/agent/index.js

@@ -23,7 +23,7 @@ export { attachAgentImage, attachInlineImage, materializeImage, rewriteImageBloc
 // ── Re-export: utilities ────────────────────────────────────────────────────
 export { Q, agentLog, agentWarn, agentError, dedupeStrings, numberOrNull, normalizeStreamPreviewPlan, parseTodoWriteAsPlan, normalizeActivityLine, pushRecentActivity, detectClaudeApiError, isRetryableClaudeApiError, detectClaudeModelError, claudeModelErrorMessage, firstNonEmptyLine, shortValue, normalizeErrorMessage, joinErrorMessages, appendSystemPrompt, mimeForExt, computeContext, buildStreamPreviewMeta, summarizeClaudeToolUse, summarizeClaudeToolResult, previewToolCallInput, previewToolCallResult, roundPercent, toIsoFromEpochSeconds, normalizeUsageStatus, labelFromWindowMinutes, usageWindowFromRateLimit, parseJsonTail, modelFamily, normalizeClaudeModelId, emptyUsage, readTailLines, stripInjectedPrompts, sanitizeSessionUserPreviewText, SESSION_PREVIEW_IMAGE_PLACEHOLDER_RE, CLAUDE_AT_MENTION_IMAGE_RE, extractClaudeAtMentionImagePaths, stripClaudeAtMentionImages, isPendingSessionId, emitSessionIdUpdate, sessionListDisplayTitle, } from './utils.js';
 // ── Re-export: session management ───────────────────────────────────────────
-export { updateSessionMeta, promoteSessionId, recordFork, listPikiloomSessions, findPikiloomSession, getSessionStoredConfig, ensureManagedSession, findManagedThreadSession, stageSessionFiles, mergeManagedAndNativeSessions, getSessions, getSessionTail, getSessionMessages, applyTurnWindow, applyTurnFilter, classifySession, deriveUserStatus, exportSession, importSession, deleteAgentSession, isProcessAlive, isRunningSessionStale, reconcileOrphanedRunningSessions, } from './session.js';
+export { updateSessionMeta, promoteSessionId, recordFork, listPikiloomSessions, findPikiloomSession, getSessionStoredConfig, ensureManagedSession, findManagedThreadSession, stageSessionFiles, mergeManagedAndNativeSessions, managedRecordToSessionInfo, getSessions, getSessionTail, getSessionMessages, applyTurnWindow, applyTurnFilter, classifySession, deriveUserStatus, exportSession, importSession, deleteAgentSession, isProcessAlive, isRunningSessionStale, reconcileOrphanedRunningSessions, } from './session.js';
 // ── Re-export: stream & detection ───────────────────────────────────────────
 export { detectAgentBin, listAgents, resolveDefaultAgent, run, doStream, listModels, resolveAgentModels, getUsage, getAgentBoundModelId, setAgentBoundModelId, } from './stream.js';
 // ── Re-export: driver registry ──────────────────────────────────────────────

package/dist/agent/mcp/bridge.js

@@ -110,6 +110,58 @@ export const PEEKABOO_MCP_ARGV = ['-y', '-p', PEEKABOO_NPX_PACKAGE, 'peekaboo-mc
  */
 export const PEEKABOO_WARM_ARGV = ['-y', '-p', PEEKABOO_NPX_PACKAGE, 'peekaboo', '--version'];
 let peekabooWarmStarted = false;
+const PEEKABOO_ENV_ALLOWLIST = [
+    'HOME',
+    'PATH',
+    'USER',
+    'LOGNAME',
+    'SHELL',
+    'TMPDIR',
+    'TEMP',
+    'TMP',
+    'LANG',
+    'LC_ALL',
+    'LC_CTYPE',
+];
+const PEEKABOO_DEFAULT_PATH = '/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin';
+function cleanEnvString(value) {
+    if (typeof value !== 'string')
+        return null;
+    const trimmed = value.trim();
+    if (!trimmed || trimmed.includes('\0'))
+        return null;
+    return trimmed;
+}
+/**
+ * Peekaboo only needs a normal user shell environment so npx can resolve/cache
+ * the package. Do not inherit the full pikiloom/agent environment here: it may
+ * contain provider API keys, channel tokens, OAuth bearer values, or database
+ * URLs that a GUI MCP server has no reason to see.
+ */
+export function buildPeekabooChildEnv(env = process.env) {
+    const safe = {};
+    for (const key of PEEKABOO_ENV_ALLOWLIST) {
+        const value = cleanEnvString(env[key]);
+        if (value)
+            safe[key] = value;
+    }
+    safe.PATH ||= PEEKABOO_DEFAULT_PATH;
+    safe.HOME ||= os.homedir();
+    safe.PIKILOOM_MCP_SERVER = 'peekaboo';
+    safe.npm_config_yes = 'true';
+    return safe;
+}
+function peekabooEnvArgs(env) {
+    return Object.entries(env).map(([key, value]) => `${key}=${value}`);
+}
+function buildPeekabooMcpServer() {
+    const safeEnv = buildPeekabooChildEnv();
+    return {
+        name: 'peekaboo',
+        command: '/usr/bin/env',
+        args: ['-i', ...peekabooEnvArgs(safeEnv), 'npx', ...PEEKABOO_MCP_ARGV],
+    };
+}
 /**
  * Pre-warm the Peekaboo npx package so the agent's MCP server connects instantly.
  *
@@ -132,7 +184,11 @@ export function ensurePeekabooWarm() {
         return;
     peekabooWarmStarted = true;
     try {
-        const child = spawn('npx', PEEKABOO_WARM_ARGV, { stdio: 'ignore', detached: true });
+        const child = spawn('npx', PEEKABOO_WARM_ARGV, {
+            stdio: 'ignore',
+            detached: true,
+            env: buildPeekabooChildEnv(),
+        });
         // npx missing / spawn failure: clear the latch so a later call can retry.
         child.on('error', () => { peekabooWarmStarted = false; });
         child.unref();
@@ -159,11 +215,7 @@ export function buildSupplementalMcpServers(gui = resolveGuiIntegrationConfig(),
     if (gui.peekabooEnabled && process.platform === 'darwin') {
         // Peekaboo — native macOS GUI automation via Accessibility + ScreenCaptureKit.
         // Run the dedicated MCP bin from the multi-bin @steipete/peekaboo package.
-        servers.push({
-            name: 'peekaboo',
-            command: 'npx',
-            args: [...PEEKABOO_MCP_ARGV],
-        });
+        servers.push(buildPeekabooMcpServer());
     }
     return servers;
 }
@@ -235,6 +287,33 @@ function codexBearerEnvName(serverName) {
     const safe = serverName.toUpperCase().replace(/[^A-Z0-9]+/g, '_').replace(/^_+|_+$/g, '');
     return `PIKILOOM_MCP_BEARER_${safe || 'UNNAMED'}`;
 }
+const REDACTED = '[REDACTED]';
+const SENSITIVE_CONFIG_KEY_RE = /(authorization|bearer|token|secret|password|passwd|api[_-]?key|credential|cookie|session|connection[_-]?string|dsn)/i;
+const URL_PASSWORD_RE = /([a-z][a-z0-9+.-]*:\/\/)([^/\s:@]+):([^@\s/]+)@/gi;
+const QUERY_SECRET_RE = /([?&](?:access_token|api[_-]?key|key|token|secret|password|passwd)=)[^&\s]+/gi;
+function redactStringForLog(key, value) {
+    if (SENSITIVE_CONFIG_KEY_RE.test(key)) {
+        const bearer = /^\s*Bearer\s+/i.test(value);
+        return bearer ? `Bearer ${REDACTED}` : REDACTED;
+    }
+    return value
+        .replace(URL_PASSWORD_RE, `$1$2:${REDACTED}@`)
+        .replace(QUERY_SECRET_RE, `$1${REDACTED}`);
+}
+function redactForLog(value, key = '') {
+    if (typeof value === 'string')
+        return redactStringForLog(key, value);
+    if (Array.isArray(value))
+        return value.map(item => redactForLog(item, key));
+    if (!value || typeof value !== 'object')
+        return value;
+    return Object.fromEntries(Object.entries(value)
+        .map(([childKey, childValue]) => [childKey, redactForLog(childValue, childKey)]));
+}
+export function redactMcpConfigForLog(configPath) {
+    const parsed = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+    return JSON.stringify(redactForLog(parsed), null, 2);
+}
 export function buildGeminiMcpConfig(servers) {
     return {
         // Session attachments live under .pikiloom/... and should remain readable to
@@ -383,6 +462,116 @@ function reapStalePlaywrightMcpProcesses(cdpEndpoint) {
     }
     return { reaped, spared };
 }
+// ---------------------------------------------------------------------------
+// Stale peekaboo-mcp reaper
+// ---------------------------------------------------------------------------
+function commandTokenBase(token) {
+    return path.basename(token.replace(/^"+|"+$/g, '')).replace(/\.(?:cmd|exe)$/i, '').toLowerCase();
+}
+/**
+ * Pure matcher for stale-process hygiene. It intentionally targets the
+ * long-running MCP server only, not the quick cache warm (`peekaboo --version`).
+ */
+export function _matchPeekabooMcpProcessCommand(command) {
+    if (!command || !command.includes('peekaboo-mcp'))
+        return false;
+    const tokens = command.split(/\s+/).filter(Boolean);
+    if (!tokens.length)
+        return false;
+    if (commandTokenBase(tokens[0]) === 'node' && (tokens[1] === '-e' || tokens[1] === '--eval'))
+        return false;
+    const hasMcpBin = tokens.some(token => token === 'peekaboo-mcp'
+        || /(?:^|[\\/])peekaboo-mcp(?:$|\s)/.test(token)
+        || /(?:^|[\\/])peekaboo-mcp$/.test(token));
+    if (!hasMcpBin)
+        return false;
+    const hasPackage = command.includes('@steipete/peekaboo')
+        || command.includes('@steipete\\peekaboo')
+        || command.includes('/@steipete/peekaboo/');
+    const launcher = commandTokenBase(tokens[0]);
+    const knownLauncher = launcher === 'env' || launcher === 'npx' || launcher === 'npm' || launcher === 'node' || launcher === 'peekaboo-mcp';
+    return hasPackage || knownLauncher;
+}
+function commandLooksLikeLiveMcpController(command) {
+    if (!command)
+        return false;
+    const text = command.toLowerCase();
+    if (/\bpikiloom\b/.test(text) || text.includes('pikiloom@'))
+        return true;
+    const first = commandTokenBase(command.split(/\s+/)[0] || '');
+    return first === 'claude' || first === 'codex' || first === 'gemini' || first === 'hermes';
+}
+const PEEKABOO_REAP_THROTTLE_MS = 30_000;
+const PEEKABOO_REAP_FORCE_AFTER_MS = 2_000;
+let lastPeekabooReapAt = 0;
+function reapStalePeekabooMcpProcesses() {
+    const reaped = [];
+    const spared = [];
+    if (process.platform !== 'darwin')
+        return { reaped, spared };
+    if (Date.now() - lastPeekabooReapAt < PEEKABOO_REAP_THROTTLE_MS)
+        return { reaped, spared };
+    lastPeekabooReapAt = Date.now();
+    const result = spawnSync('ps', ['-axo', 'pid=,ppid=,command='], { encoding: 'utf8' });
+    if (result.status !== 0)
+        return { reaped, spared };
+    const ppidByPid = new Map();
+    const commandByPid = new Map();
+    const candidates = [];
+    const lines = String(result.stdout || '').split(/\r?\n/).map(l => l.trim()).filter(Boolean);
+    for (const line of lines) {
+        const m = line.match(/^(\d+)\s+(\d+)\s+(.*)$/);
+        if (!m)
+            continue;
+        const pid = Number(m[1]);
+        const ppid = Number(m[2]);
+        if (!Number.isFinite(pid) || !Number.isFinite(ppid))
+            continue;
+        const command = m[3] || '';
+        ppidByPid.set(pid, ppid);
+        commandByPid.set(pid, command);
+        if (pid === process.pid)
+            continue;
+        if (_matchPeekabooMcpProcessCommand(command))
+            candidates.push(pid);
+    }
+    const hasProtectedAncestor = (pid) => {
+        let cur = pid;
+        for (let depth = 0; depth < 40 && cur != null && cur > 1; depth++) {
+            if (cur === process.pid)
+                return true;
+            const command = commandByPid.get(cur) || '';
+            if (cur !== pid && commandLooksLikeLiveMcpController(command))
+                return true;
+            cur = ppidByPid.get(cur);
+        }
+        return false;
+    };
+    for (const pid of candidates) {
+        if (hasProtectedAncestor(pid)) {
+            spared.push(pid);
+            continue;
+        }
+        try {
+            process.kill(pid, 'SIGTERM');
+            const forceTimer = setTimeout(() => {
+                try {
+                    process.kill(pid, 0);
+                    process.kill(pid, 'SIGKILL');
+                }
+                catch {
+                    // Process already exited or cannot be signalled — no-op.
+                }
+            }, PEEKABOO_REAP_FORCE_AFTER_MS);
+            forceTimer.unref?.();
+            reaped.push(pid);
+        }
+        catch {
+            // Already dead — no-op.
+        }
+    }
+    return { reaped, spared };
+}
 /**
  * Decide which CDP endpoint the per-session playwright/mcp should attach to.
  *
@@ -514,8 +703,13 @@ export async function startMcpBridge(opts) {
     // Peekaboo ships a native binary behind npx; warm its cache out-of-band so the
     // agent's MCP server connects instantly instead of hanging at "Still
     // connecting" on a cold first-run download (see ensurePeekabooWarm).
-    if (gui.peekabooEnabled)
+    if (gui.peekabooEnabled) {
         ensurePeekabooWarm();
+        const { reaped, spared } = reapStalePeekabooMcpProcesses();
+        if (reaped.length) {
+            opts.onLog?.(`reaped ${reaped.length} stale peekaboo-mcp process(es): pid=${reaped.join(',')}${spared.length ? ` (spared active: ${spared.join(',')})` : ''}`);
+        }
+    }
     // Lazy browser lifecycle: probe an already-running managed Chrome via
     // <profileDir>/DevToolsActivePort and attach if reachable; otherwise leave
     // Chrome unlaunched and let playwright/mcp launch it with `--user-data-dir`

package/dist/agent/mcp/extensions.js

@@ -17,6 +17,7 @@ import os from 'node:os';
 import path from 'node:path';
 import { spawn } from 'node:child_process';
 import { loadUserConfig, saveUserConfig } from '../../core/config/user-config.js';
+import { terminateProcessTree } from '../../core/process-control.js';
 import { getRecommendedMcpServers, } from './registry.js';
 import { hasValidMcpToken, injectOAuthHeaders } from './oauth.js';
 // ---------------------------------------------------------------------------
@@ -548,6 +549,7 @@ export async function checkMcpHealth(config, timeoutMs = 10_000) {
     return new Promise((resolve) => {
         const start = Date.now();
         let checkInterval = null;
+        let settled = false;
         const cleanup = () => {
             if (checkInterval) {
                 clearInterval(checkInterval);
@@ -555,20 +557,29 @@ export async function checkMcpHealth(config, timeoutMs = 10_000) {
             }
             clearTimeout(timer);
         };
+        const stopChildTree = () => {
+            terminateProcessTree(child, { signal: 'SIGTERM', forceSignal: 'SIGKILL', forceAfterMs: 1500 });
+        };
+        const finish = (result) => {
+            if (settled)
+                return;
+            settled = true;
+            cleanup();
+            resolve(result);
+        };
         const child = spawn(config.command, config.args || [], {
             stdio: ['pipe', 'pipe', 'pipe'],
             env: { ...process.env, ...config.env },
+            detached: process.platform !== 'win32',
         });
         const timer = setTimeout(() => {
-            cleanup();
-            child.kill();
-            resolve({ ok: false, error: `timeout after ${timeoutMs}ms`, elapsedMs: Date.now() - start });
+            stopChildTree();
+            finish({ ok: false, error: `timeout after ${timeoutMs}ms`, elapsedMs: Date.now() - start });
         }, timeoutMs);
         let stdout = '';
         child.stdout?.on('data', (data) => { stdout += data.toString(); });
         child.on('error', (err) => {
-            cleanup();
-            resolve({ ok: false, error: err.message, elapsedMs: Date.now() - start });
+            finish({ ok: false, error: err.message, elapsedMs: Date.now() - start });
         });
         const initRequest = JSON.stringify({
             jsonrpc: '2.0',
@@ -585,8 +596,8 @@ export async function checkMcpHealth(config, timeoutMs = 10_000) {
             child.stdin?.write(header + initRequest);
         }
         catch {
-            cleanup();
-            resolve({ ok: false, error: 'failed to write to stdin', elapsedMs: Date.now() - start });
+            stopChildTree();
+            finish({ ok: false, error: 'failed to write to stdin', elapsedMs: Date.now() - start });
             return;
         }
         checkInterval = setInterval(() => {
@@ -606,7 +617,7 @@ export async function checkMcpHealth(config, timeoutMs = 10_000) {
             }
             catch { /* best-effort */ }
             setTimeout(() => {
-                child.kill();
+                stopChildTree();
                 const tools = [];
                 try {
                     const jsonMatches = stdout.match(/\{[^{}]*"tools"\s*:\s*\[[\s\S]*?\]\s*[^{}]*\}/g);
@@ -630,7 +641,7 @@ export async function checkMcpHealth(config, timeoutMs = 10_000) {
                     }
                 }
                 catch { /* best effort */ }
-                resolve({ ok: true, tools: tools.length ? tools : undefined, elapsedMs: Date.now() - start });
+                finish({ ok: true, tools: tools.length ? tools : undefined, elapsedMs: Date.now() - start });
             }, 1500);
         }, 100);
     });

package/dist/agent/session.js

@@ -222,6 +222,7 @@ function normalizeSessionRecord(raw, workdir) {
         title: typeof raw?.title === 'string' && raw.title.trim() ? raw.title.trim() : null,
         model: typeof raw?.model === 'string' && raw.model.trim() ? raw.model.trim() : null,
         thinkingEffort: typeof raw?.thinkingEffort === 'string' && raw.thinkingEffort.trim() ? raw.thinkingEffort.trim() : null,
+        workflowEnabled: typeof raw?.workflowEnabled === 'boolean' ? raw.workflowEnabled : null,
         profileId: typeof raw?.profileId === 'string' && raw.profileId.trim() ? raw.profileId.trim() : null,
         stagedFiles: Array.isArray(raw?.stagedFiles) ? dedupeStrings(raw.stagedFiles.filter((v) => typeof v === 'string')) : [],
         lastUserAttachments: Array.isArray(raw?.lastUserAttachments)
@@ -299,7 +300,7 @@ function writeSessionMeta(record) {
         workspacePath: record.workspacePath,
         threadId: record.threadId,
         createdAt: record.createdAt, updatedAt: record.updatedAt,
-        title: record.title, model: record.model, thinkingEffort: record.thinkingEffort, stagedFiles: record.stagedFiles,
+        title: record.title, model: record.model, thinkingEffort: record.thinkingEffort, workflowEnabled: record.workflowEnabled, stagedFiles: record.stagedFiles,
         runState: record.runState, runDetail: record.runDetail, runUpdatedAt: record.runUpdatedAt,
         runPid: record.runPid,
         classification: record.classification,
@@ -583,7 +584,7 @@ export function ensureSessionWorkspace(opts) {
             workspacePath: sessionWorkspacePath(workdir, opts.agent, sessionId),
             threadId,
             createdAt: new Date().toISOString(), updatedAt: new Date().toISOString(),
-            title: summarizePromptTitle(opts.title) || null, model: null, thinkingEffort: null, profileId: null, stagedFiles: [], lastUserAttachments: [],
+            title: summarizePromptTitle(opts.title) || null, model: null, thinkingEffort: null, workflowEnabled: null, profileId: null, stagedFiles: [], lastUserAttachments: [],
             runState: 'completed', runDetail: null, runUpdatedAt: new Date().toISOString(),
             runPid: null,
             classification: null, userStatus: null, userNote: null,
@@ -607,7 +608,7 @@ export function ensureSessionWorkspace(opts) {
 // ---------------------------------------------------------------------------
 // Record to SessionInfo
 // ---------------------------------------------------------------------------
-function managedRecordToSessionInfo(record) {
+export function managedRecordToSessionInfo(record) {
     // Collapse pre-fix records that stored the canonical skill expansion as the
     // title / lastQuestion / lastMessageText. New records get collapsed at write
     // time in `prepareStreamOpts`; this read-time pass keeps existing sessions
@@ -623,6 +624,7 @@ function managedRecordToSessionInfo(record) {
         threadId: record.threadId,
         model: record.model,
         thinkingEffort: record.thinkingEffort,
+        workflowEnabled: record.workflowEnabled ?? null,
         profileId: record.profileId ?? null,
         createdAt: record.createdAt,
         title,
@@ -729,6 +731,7 @@ export function getSessionStoredConfig(workdir, agent, sessionId) {
     return {
         model: record?.model ?? null,
         thinkingEffort: record?.thinkingEffort ?? null,
+        workflowEnabled: record?.workflowEnabled ?? null,
         profileId: record?.profileId ?? null,
     };
 }
@@ -825,6 +828,16 @@ export function mergeManagedAndNativeSessions(managedSessions, nativeSessions) {
             runUpdatedAt: useNativeTimeline ? (native.runUpdatedAt ?? managed.runUpdatedAt) : (managed.runUpdatedAt ?? native.runUpdatedAt),
             title: native.title || managed.title,
             model: native.model || managed.model,
+            // Pikiloom-owned metadata: the native session file (Claude JSONL etc.)
+            // carries none of these, so the `...native` spread would clobber them with
+            // `undefined`/`null`. The managed record (our centralized index) is the
+            // source of truth — recover each like `model` above. Without this the list
+            // silently drops the user's per-session choices: effort/Workflow fold back
+            // to the global default (per-send `ultra` → `max` after the turn) and the
+            // BYOK Profile binding is lost on resume.
+            thinkingEffort: managed.thinkingEffort ?? native.thinkingEffort ?? null,
+            workflowEnabled: managed.workflowEnabled ?? native.workflowEnabled ?? null,
+            profileId: managed.profileId ?? native.profileId ?? null,
             createdAt: native.createdAt || managed.createdAt,
             classification: managed.classification ?? native.classification ?? null,
             userStatus: managed.userStatus ?? native.userStatus ?? null,

package/dist/agent/stream.js

@@ -7,7 +7,8 @@ import fs from 'node:fs';
 import path from 'node:path';
 import { restartManagedBrowser } from '../browser-supervisor.js';
 import { terminateProcessTree } from '../core/process-control.js';
-import { AGENT_DETECT_TIMEOUTS, AGENT_STREAM_HARD_KILL_GRACE_MS } from '../core/constants.js';
+import { AGENT_DETECT_TIMEOUTS, AGENT_STREAM_HARD_KILL_GRACE_MS, AGENT_UPDATE_TIMEOUTS } from '../core/constants.js';
+import { awaitAgentUpdateIdle } from './auto-update.js';
 import { getDriver, allDrivers, getAcceptedProviderKinds, hasDriver } from './driver.js';
 import { resolveAgentInjection, getActiveProfile, getActiveProfileId, getProvider, updateProfile, listProfiles, } from '../model/index.js';
 import { Q, agentLog, agentWarn, agentError, joinErrorMessages, normalizeErrorMessage, buildStreamPreviewMeta, computeContext, shortValue, isPendingSessionId, dedupeStrings, normalizeStreamPreviewPlan, } from './utils.js';
@@ -417,12 +418,18 @@ function prepareStreamOpts(opts) {
         },
     };
 }
-function finalizeStreamResult(result, workdir, prompt, session) {
+function finalizeStreamResult(result, workdir, prompt, session, workflowEnabled) {
     if (result.sessionId)
         syncManagedSessionIdentity(session, workdir, result.sessionId);
     session.record.model = result.model || session.record.model;
     if (result.thinkingEffort)
         session.record.thinkingEffort = result.thinkingEffort;
+    // Remember whether this turn ran with Workflow on so the synthetic `ultra`
+    // rung re-folds for display after the live stream ends and on resume — the
+    // stored `thinkingEffort` stays the concrete rung (e.g. `max`). `undefined`
+    // (driver invoked outside the bot) leaves the prior value untouched.
+    if (workflowEnabled !== undefined)
+        session.record.workflowEnabled = workflowEnabled;
     // Capture the BYOK Profile that was in effect for this run so a future
     // `session.switch` can re-bind it (null = native CLI auth).
     try {
@@ -466,7 +473,7 @@ export async function doStream(opts) {
     // Start MCP bridge for IM tools (when sendFile is available) and/or supplemental servers (browser, etc.)
     let bridge = null;
     try {
-        const { startMcpBridge } = await import('./mcp/bridge.js');
+        const { startMcpBridge, redactMcpConfigForLog } = await import('./mcp/bridge.js');
         const sessionDir = path.dirname(session.workspacePath);
         bridge = await startMcpBridge({
             sessionDir,
@@ -491,7 +498,8 @@ export async function doStream(opts) {
             else
                 agentLog('[mcp] bridge registered with codex');
             try {
-                agentLog(`[mcp] config content:\n${fs.readFileSync(bridge.configPath, 'utf-8')}`);
+                if (bridge.configPath)
+                    agentLog(`[mcp] config content:\n${redactMcpConfigForLog(bridge.configPath)}`);
             }
             catch { }
             ;
@@ -544,13 +552,40 @@ export async function doStream(opts) {
     catch (e) {
         agentWarn(`[byok] failed to apply Profile injection: ${e?.message || e}`);
     }
+    // In-memory-first: stamp the turn's resolved reasoning rung + Workflow opt-in
+    // onto the centralized index NOW — before the agent CLI has flushed its own
+    // session file — so the session list/composer reflect the user's pick during
+    // the very first turn instead of only after finalizeStreamResult. The managed
+    // record is the single source of truth for this metadata and links to the
+    // native agent-session by id on promotion; finalize re-stamps it (plus the
+    // actual model) authoritatively at turn end.
+    try {
+        if (prepared.thinkingEffort) {
+            session.record.thinkingEffort = prepared.thinkingEffort.trim().toLowerCase() || session.record.thinkingEffort;
+        }
+        if (opts.claudeWorkflowEnabled !== undefined) {
+            session.record.workflowEnabled = opts.claudeWorkflowEnabled;
+        }
+        saveSessionRecord(opts.workdir, session.record);
+    }
+    catch (e) {
+        agentWarn(`[session] turn-start metadata stamp failed: ${e?.message || e}`);
+    }
     try {
         const driver = getDriver(prepared.agent);
         if (opts.forkOf && !driver.capabilities?.fork) {
             throw new Error(`Agent ${prepared.agent} does not support fork`);
         }
+        // A background agent-CLI auto-update (`npm install -g` / `brew upgrade`, by
+        // this process OR the `npx pikiloom@latest` self-bootstrap) briefly removes
+        // the bin while it relinks; exec'ing into that window fails with exit 127
+        // "command not found". Wait out any in-flight reinstall of THIS agent before
+        // dispatching to the driver — this is the one chokepoint every agent turn
+        // (claude -p, claude TUI, codex app-server, gemini) passes through. No-op
+        // when nothing is updating.
+        await awaitAgentUpdateIdle(prepared.agent, AGENT_UPDATE_TIMEOUTS.spawnWait);
         const result = await driver.doStream(prepared);
-        const finalized = finalizeStreamResult(result, opts.workdir, opts.prompt, session);
+        const finalized = finalizeStreamResult(result, opts.workdir, opts.prompt, session, opts.claudeWorkflowEnabled);
         // Once the child has its real session ID, link the lineage. We do this
         // after finalize so the child record is persisted with its native ID.
         if (opts.forkOf && finalized.sessionId) {

package/dist/bot/bot.js

@@ -228,6 +228,12 @@ export class Bot {
      */
     enrichSnapshot(snap) {
         let next = snap;
+        // Attach the running turn's prompt so a watching terminal can render the
+        // user message for a follow-up it didn't originate (no local optimistic
+        // bubble). The RunningTask record is the source of truth while it's live.
+        const runningPrompt = next.taskId ? this.activeTasks.get(next.taskId)?.prompt : '';
+        if (runningPrompt)
+            next = { ...next, question: collapseSkillPrompt(runningPrompt) ?? runningPrompt };
         if (next.queuedTaskIds?.length) {
             const queuedTasks = next.queuedTaskIds.map(taskId => {
                 const raw = this.activeTasks.get(taskId)?.prompt || '';
@@ -446,8 +452,8 @@ export class Bot {
     emitStreamQueued(sessionKey, taskId) {
         this.emitStream(sessionKey, { type: 'queued', taskId, position: this.getQueuePosition(sessionKey, taskId) });
     }
-    emitStreamStart(taskId, session) {
-        const cfg = this.resolveSessionStreamConfig(session);
+    emitStreamStart(taskId, session, opts) {
+        const cfg = this.resolveSessionStreamConfig(session, opts);
         const key = this.liveSessionKey(taskId, session.key);
         this.debug(`[stream-lifecycle] start task=${taskId} key=${key} sessionId=${session.sessionId || '(pending)'} model=${cfg.model || '-'}`);
         this.emitStream(key, {
@@ -1422,7 +1428,10 @@ export class Bot {
                 this.finishTask(taskId);
                 return;
             }
-            this.emitStreamStart(taskId, session);
+            // Thread the per-send Workflow choice so the live divider folds to `ultra`
+            // immediately (the dashboard composer picks ultra per-send without flipping
+            // the agent-global flag resolveSessionStreamConfig would otherwise read).
+            this.emitStreamStart(taskId, session, { workflowEnabled: opts.workflowEnabled });
             // Wire up IM rendering for non-dashboard chats so /goal-driven tasks stream
             // to the same channel that submitted them, matching handleMessage's UX.
             const presenter = chatId !== 'dashboard'
@@ -1985,7 +1994,7 @@ export class Bot {
      * Mirrors the fallback chain used inside runStream() so callers (e.g. submitSessionTask
      * emitting a 'start' event) can label the active turn before runStream resolves it.
      */
-    resolveSessionStreamConfig(cs) {
+    resolveSessionStreamConfig(cs, opts) {
         const agentConfig = this.agentConfigs[cs.agent] || {};
         const sessionWorkdir = cs.workdir || this.workdir;
         const storedConfig = cs.sessionId && !isPendingSessionId(cs.sessionId)
@@ -2003,7 +2012,11 @@ export class Bot {
         // Fold to the synthetic 'ultra' rung for display when Workflow is on (mirrors
         // effortSelectionForAgent / the dashboard's foldUltraEffort), so the live reply
         // badge and IM running footer label the turn 'ultra' instead of a bare 'max'.
-        const displayEffort = effort && getDriverCapabilities(cs.agent).workflow && this.workflowEnabledForAgent(cs.agent)
+        // Prefer the per-turn workflow choice when the caller threads one (dashboard
+        // composer sends ultra per-send without flipping the agent-global flag);
+        // fall back to the agent-global flag (IM /mode, agent card).
+        const workflowOn = opts?.workflowEnabled ?? this.workflowEnabledForAgent(cs.agent);
+        const displayEffort = effort && getDriverCapabilities(cs.agent).workflow && workflowOn
             ? 'ultra'
             : effort;
         return { model: model || null, effort: displayEffort };

package/dist/channels/telegram/bot.js

@@ -19,7 +19,7 @@ import { buildAgentsCommandView, buildModelsCommandView, buildModeCommandView, b
 import { buildSwitchWorkdirView, buildWorkspacesView, resolveRegisteredPath } from './directory.js';
 import { LivePreview } from './live-preview.js';
 import { registerProcessRuntime, buildRestartCommand, requestProcessRestart, } from '../../core/process-control.js';
-import { buildInitialPreviewHtml, buildHumanLoopPromptHtml, buildAnsweredHumanLoopPromptHtml, buildStreamPreviewHtml, buildFinalReplyRender, dispatchImageBlocks, escapeHtml, formatMenuLines, formatProviderUsageLines, renderCommandNoticeHtml, renderCommandSelectionHtml, renderCommandSelectionKeyboard, renderSessionTurnHtml, truncateMiddle, } from './render.js';
+import { buildInitialPreviewHtml, buildHumanLoopPromptHtml, buildAnsweredHumanLoopPromptHtml, buildStreamPreviewHtml, buildFinalReplyRender, dispatchImageBlocks, escapeHtml, formatMenuLines, formatProviderUsageLines, renderCommandNoticeHtml, renderCommandSelectionHtml, renderCommandSelectionKeyboard, renderSessionTurnHtml, truncateMiddle, unpackCallbackData, } from './render.js';
 import { currentHumanLoopQuestion, humanLoopOptionSelected } from '../../bot/human-loop.js';
 import { TelegramChannel } from './channel.js';
 import { splitText, supportsChannelCapability } from '../base.js';
@@ -1016,7 +1016,7 @@ export class TelegramBot extends Bot {
         return false;
     }
     async handleSessionsPageCallback(data, ctx) {
-        const action = decodeCommandAction(data);
+        const action = decodeCommandAction(unpackCallbackData(data));
         if (!action)
             return false;
         const result = await executeCommandAction(this, ctx.chatId, action, {