npm - remoteclaw - Versions diffs - 0.2.0 → 0.2.1 - Mend

remoteclaw 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (181) hide show

package/dist/{agent-O04J-JEw.js → agent-B2leLOo0.js} RENAMED Viewed

@@ -1,53 +1,53 @@
 import { t as __exportAll } from "./rolldown-runtime-Cbj13DAv.js";
-import { $ as createInternalHookEvent, E as isRecord$1, F as sleep$1, G as warn, K as theme, L as truncateUtf16Safe, M as resolveUserPath, Q as resolvePreferredRemoteClawTmpDir, S as CONFIG_DIR, T as escapeRegExp, U as shouldLogVerbose, V as logVerbose, Z as normalizeLogLevel, _ as clearPluginCommands, at as resolveGatewayPort, b as listPluginCommands, c as normalizeAnyChannelId, d as getActivePluginRegistry, f as getActivePluginRegistryKey, g as normalizePluginHttpPath, h as createPluginRegistry, k as normalizeE164, l as normalizeChannelId, lt as resolveRequiredHomeDir, m as setActivePluginRegistry, n as createNonExitingRuntime, nt as STATE_DIR, o as getChatChannelMeta, p as requireActivePluginRegistry, q as getChildLogger, r as defaultRuntime, s as listChatChannels, st as resolveStateDir, t as createSubsystemLogger, tt as triggerInternalHook, u as normalizeChatChannelId, v as executePluginCommand, x as matchPluginCommand, y as getPluginCommandSpecs, z as danger } from "./subsystem-DLQY6iY4.js";
+import { $ as createInternalHookEvent, E as isRecord$1, F as sleep$1, G as warn, K as theme, L as truncateUtf16Safe, M as resolveUserPath, Q as resolvePreferredRemoteClawTmpDir, S as CONFIG_DIR, T as escapeRegExp, U as shouldLogVerbose, V as logVerbose, Z as normalizeLogLevel, _ as clearPluginCommands, at as resolveGatewayPort, b as listPluginCommands, c as normalizeAnyChannelId, d as getActivePluginRegistry, f as getActivePluginRegistryKey, g as normalizePluginHttpPath, h as createPluginRegistry, k as normalizeE164, l as normalizeChannelId, lt as resolveRequiredHomeDir, m as setActivePluginRegistry, n as createNonExitingRuntime, nt as STATE_DIR, o as getChatChannelMeta, p as requireActivePluginRegistry, q as getChildLogger, r as defaultRuntime, s as listChatChannels, st as resolveStateDir, t as createSubsystemLogger, tt as triggerInternalHook, u as normalizeChatChannelId, v as executePluginCommand, x as matchPluginCommand, y as getPluginCommandSpecs, z as danger } from "./subsystem-9R2eOxp2.js";
 import { _ as parseAgentSessionKey, c as resolveAgentIdFromSessionKey, d as DEFAULT_ACCOUNT_ID, f as normalizeAccountId$2, h as deriveSessionChatType, l as resolveThreadSessionKeys, m as isBlockedObjectKey, o as normalizeAgentId, p as normalizeOptionalAccountId, s as normalizeMainKey } from "./session-key-X7pmdLBX.js";
-import { a as resolveAgentRuntimeArgs, c as resolveAgentWorkspaceDir, d as resolveSessionAgentId, i as resolveAgentDir, n as resolveAgentAuth, o as resolveAgentRuntimeEnv, r as resolveAgentConfig, s as resolveAgentRuntimeOrThrow, t as listAgentIds, u as resolveDefaultAgentId } from "./agent-scope-wbu0VZoq.js";
-import { n as formatCliCommand } from "./env-Bs-DOhs6.js";
-import { a as getWebAuthAgeMs, d as readWebSelfId, h as webAuthExists, n as resolveWhatsAppAccount, o as logWebSelfId, s as logoutWeb, t as hasAnyWhatsAppAuth } from "./accounts-PoAEsvXo.js";
-import { i as isSilentReplyText, n as SILENT_REPLY_TOKEN, r as isSilentReplyPrefixText } from "./tokens-CgIfCmK3.js";
+import { a as resolveAgentRuntimeArgs, c as resolveAgentWorkspaceDir, d as resolveSessionAgentId, i as resolveAgentDir, n as resolveAgentAuth, o as resolveAgentRuntimeEnv, r as resolveAgentConfig, s as resolveAgentRuntimeOrThrow, t as listAgentIds, u as resolveDefaultAgentId } from "./agent-scope-CYJrXxD6.js";
+import { n as formatCliCommand } from "./env-D3fELH5B.js";
+import { a as getWebAuthAgeMs, d as readWebSelfId, h as webAuthExists, n as resolveWhatsAppAccount, o as logWebSelfId, s as logoutWeb, t as hasAnyWhatsAppAuth } from "./accounts-DObM4hAF.js";
+import { i as isSilentReplyText, n as SILENT_REPLY_TOKEN, r as isSilentReplyPrefixText } from "./tokens-CFajuiSx.js";
 import { t as resolveAccountEntry } from "./account-lookup-BU0Ibuj-.js";
-import { a as normalizeStringEntries, c as resolveChannelGroupRequireMention, i as normalizeHyphenSlug, n as listChannelDocks, o as normalizeStringEntriesLower, r as normalizeSignalMessagingTarget, s as resolveChannelGroupPolicy, t as getChannelDock } from "./dock-C0qWBS5h.js";
-import { _ as resolveDiscordAccount, c as listTelegramAccountIds, d as resolveSlackAccount, g as listEnabledDiscordAccounts, h as createDiscordActionGate, l as resolveTelegramAccount, m as resolveSlackBotToken, n as listChannelPlugins, o as createTelegramActionGate, p as resolveSlackAppToken, r as normalizeChannelId$1, s as listEnabledTelegramAccounts, t as getChannelPlugin, u as resolveTelegramToken, v as normalizeDiscordToken } from "./plugins-ODda1fNU.js";
-import { t as resolveIMessageAccount } from "./accounts-C_7Xc5wa.js";
-import { n as resolveSignalAccount, t as listEnabledSignalAccounts } from "./accounts-Qulj3jS8.js";
+import { a as normalizeStringEntries, c as resolveChannelGroupRequireMention, i as normalizeHyphenSlug, n as listChannelDocks, o as normalizeStringEntriesLower, r as normalizeSignalMessagingTarget, s as resolveChannelGroupPolicy, t as getChannelDock } from "./dock-BQ3iSblF.js";
+import { _ as resolveDiscordAccount, c as listTelegramAccountIds, d as resolveSlackAccount, g as listEnabledDiscordAccounts, h as createDiscordActionGate, l as resolveTelegramAccount, m as resolveSlackBotToken, n as listChannelPlugins, o as createTelegramActionGate, p as resolveSlackAppToken, r as normalizeChannelId$1, s as listEnabledTelegramAccounts, t as getChannelPlugin, u as resolveTelegramToken, v as normalizeDiscordToken } from "./plugins-sjrWIkqk.js";
+import { t as resolveIMessageAccount } from "./accounts-DZ4c6f7x.js";
+import { n as resolveSignalAccount, t as listEnabledSignalAccounts } from "./accounts-B0V43QEN.js";
 import { t as normalizeChatType } from "./chat-type-Coeec2xt.js";
-import { a as resolveSlackWebClientOptions, c as buildSlackBlocksFallbackText, i as createSlackWebClient, l as parseSlackTarget, o as parseSlackBlocksInput, s as validateSlackBlocksArray, t as sendMessageSlack, u as resolveSlackChannelId } from "./send-D3Uuw_MA.js";
-import { $ as hasAnyGuildPermissionDiscord, A as unpinMessageDiscord, B as listScheduledEventsDiscord, C as editMessageDiscord, Ct as applyChannelMatchMeta, D as pinMessageDiscord, E as listThreadsDiscord, Et as resolveChannelEntryMatchWithFallback, F as fetchMemberInfoDiscord, G as uploadStickerDiscord, H as timeoutMemberDiscord, I as fetchRoleInfoDiscord, J as editChannelDiscord, K as createChannelDiscord, L as fetchVoiceStatusDiscord, M as banMemberDiscord, N as createScheduledEventDiscord, O as readMessagesDiscord, P as fetchChannelInfoDiscord, Q as fetchChannelPermissionsDiscord, R as kickMemberDiscord, S as deleteMessageDiscord, St as fetchDiscord, T as listPinsDiscord, Tt as normalizeChannelSlug, U as listGuildEmojisDiscord, V as removeRoleDiscord, W as uploadEmojiDiscord, X as removeChannelPermissionDiscord, Y as moveChannelDiscord, Z as setChannelPermissionDiscord, _ as sendPollDiscord, _t as shouldEmitDiscordReactionNotification, a as removeReactionDiscord, at as listDiscordDirectoryPeersLive, b as sendWebhookMessageDiscord, bt as resolveDiscordSystemLocation, c as formatDiscordComponentEventText, ct as normalizeDiscordAllowList, d as parseDiscordModalCustomId, dt as resolveDiscordChannelConfigWithFallback, et as chunkDiscordTextWithMode, f as parseDiscordModalCustomIdForCarbon, ft as resolveDiscordGuildEntry, g as sendMessageDiscord, gt as resolveGroupDmAllow, h as resolveDiscordModalEntry, ht as resolveDiscordShouldRequireMention, i as removeOwnReactionsDiscord, it as listDiscordDirectoryGroupsLive, j as addRoleDiscord, k as searchMessagesDiscord, l as parseDiscordComponentCustomId, lt as normalizeDiscordSlug, m as resolveDiscordComponentEntry, mt as resolveDiscordOwnerAllowFrom, n as fetchReactionsDiscord, nt as parseDiscordTarget, o as sendDiscordComponentMessage, ot as allowListMatches$1, p as readDiscordComponentSpec, pt as resolveDiscordMemberAccessState, q as deleteChannelDiscord, r as reactMessageDiscord, rt as resolveDiscordChannelId, s as createDiscordFormModal, st as isDiscordGroupAllowedByPolicy, tt as createDiscordRestClient, u as parseDiscordComponentCustomIdForCarbon, ut as resolveDiscordAllowListMatch, v as sendStickerDiscord, vt as formatDiscordReactionEmoji, w as fetchMessageDiscord, wt as buildChannelKeyCandidates, x as createThreadDiscord, xt as resolveTimestampMs, y as sendVoiceMessageDiscord, yt as formatDiscordUserTag, z as listGuildChannelsDiscord } from "./send-Cibl-r-E.js";
-import { f as normalizeModelRef, l as isCliProvider, m as parseModelRef, p as normalizeProviderId, u as modelKey } from "./shell-env-DPAvieDD.js";
-import { A as safeStatSync, B as setConfigValueAtPath, C as isAvatarHttpUrl, D as loadPluginManifestRegistry, E as validateJsonSchemaValue, F as resetConfigOverrides, H as openBoundaryFileSync, I as setConfigOverride, J as VERSION, K as DEFAULT_SUBAGENT_MAX_SPAWN_DEPTH, L as unsetConfigOverride, M as normalizePluginsConfig, N as resolveEffectiveEnableState, O as discoverRemoteClawPlugins, P as getConfigOverrides, R as getConfigValueAtPath, S as isAvatarDataUrl, T as isSupportedLocalAvatarExtension, V as unsetConfigValueAtPath, _ as normalizeScpRemoteHost, a as validateConfigObjectWithPlugins, c as resolveTelegramCustomCommands, d as resolveSlackNativeStreaming, f as resolveSlackStreamingMode, g as resolveIMessageRemoteAttachmentRoots, h as resolveIMessageAttachmentRoots, i as writeConfigFile, j as applyTestPluginDefaults, k as isPathInside, l as mapStreamingModeToSlackLegacyDraftStreamMode, m as isInboundPathAllowed, n as readConfigFileSnapshot, o as TELEGRAM_COMMAND_NAME_PATTERN, q as resolveAgentMaxConcurrent, s as normalizeTelegramCommandName, t as loadConfig, u as resolveDiscordPreviewStreamMode, v as isSafeExecutableValue, w as isPathWithinRoot, x as AVATAR_MAX_BYTES, y as parseDurationMs, z as parseConfigPath } from "./config-Ca5Dfk8O.js";
-import { a as listDeliverableMessageChannels, i as isInternalMessageChannel, n as isDeliverableMessageChannel, o as normalizeMessageChannel, r as isGatewayMessageChannel, s as resolveMessageChannel, t as INTERNAL_MESSAGE_CHANNEL } from "./message-channel-BuWy8hEk.js";
-import { A as resolveDefaultSessionStorePath, B as resolveGroupSessionKey, C as resolveSessionKey, D as resolveSessionResetType, E as resolveSessionResetPolicy, F as resolveStorePath, L as resolveExplicitAgentSessionKey, M as resolveSessionFilePathOptions, N as resolveSessionTranscriptPath, O as resolveThreadFlag, P as resolveSessionTranscriptsDirForAgent, T as resolveChannelResetConfig, _ as normalizeAccountId$3, a as resolveAndPersistSessionFile, b as extractToolCallNames, c as readSessionUpdatedAt, d as updateSessionStore, f as updateSessionStoreEntry, g as normalizeSessionDeliveryFields, h as normalizeDeliveryContext, j as resolveSessionFilePath, k as DEFAULT_RESET_TRIGGERS, l as recordSessionMetaFromInbound, n as parseSessionThreadInfo, o as CURRENT_SESSION_VERSION, p as deliveryContextFromSession, s as loadSessionStore, u as updateLastRoute, v as archiveSessionTranscripts, w as evaluateSessionFreshness, y as countToolResults, z as deriveSessionMetaPatch } from "./sessions-BePPqEtN.js";
+import { a as resolveSlackWebClientOptions, c as buildSlackBlocksFallbackText, i as createSlackWebClient, l as parseSlackTarget, o as parseSlackBlocksInput, s as validateSlackBlocksArray, t as sendMessageSlack, u as resolveSlackChannelId } from "./send-4gX7wep2.js";
+import { $ as hasAnyGuildPermissionDiscord, A as unpinMessageDiscord, B as listScheduledEventsDiscord, C as editMessageDiscord, Ct as applyChannelMatchMeta, D as pinMessageDiscord, E as listThreadsDiscord, Et as resolveChannelEntryMatchWithFallback, F as fetchMemberInfoDiscord, G as uploadStickerDiscord, H as timeoutMemberDiscord, I as fetchRoleInfoDiscord, J as editChannelDiscord, K as createChannelDiscord, L as fetchVoiceStatusDiscord, M as banMemberDiscord, N as createScheduledEventDiscord, O as readMessagesDiscord, P as fetchChannelInfoDiscord, Q as fetchChannelPermissionsDiscord, R as kickMemberDiscord, S as deleteMessageDiscord, St as fetchDiscord, T as listPinsDiscord, Tt as normalizeChannelSlug, U as listGuildEmojisDiscord, V as removeRoleDiscord, W as uploadEmojiDiscord, X as removeChannelPermissionDiscord, Y as moveChannelDiscord, Z as setChannelPermissionDiscord, _ as sendPollDiscord, _t as shouldEmitDiscordReactionNotification, a as removeReactionDiscord, at as listDiscordDirectoryPeersLive, b as sendWebhookMessageDiscord, bt as resolveDiscordSystemLocation, c as formatDiscordComponentEventText, ct as normalizeDiscordAllowList, d as parseDiscordModalCustomId, dt as resolveDiscordChannelConfigWithFallback, et as chunkDiscordTextWithMode, f as parseDiscordModalCustomIdForCarbon, ft as resolveDiscordGuildEntry, g as sendMessageDiscord, gt as resolveGroupDmAllow, h as resolveDiscordModalEntry, ht as resolveDiscordShouldRequireMention, i as removeOwnReactionsDiscord, it as listDiscordDirectoryGroupsLive, j as addRoleDiscord, k as searchMessagesDiscord, l as parseDiscordComponentCustomId, lt as normalizeDiscordSlug, m as resolveDiscordComponentEntry, mt as resolveDiscordOwnerAllowFrom, n as fetchReactionsDiscord, nt as parseDiscordTarget, o as sendDiscordComponentMessage, ot as allowListMatches$1, p as readDiscordComponentSpec, pt as resolveDiscordMemberAccessState, q as deleteChannelDiscord, r as reactMessageDiscord, rt as resolveDiscordChannelId, s as createDiscordFormModal, st as isDiscordGroupAllowedByPolicy, tt as createDiscordRestClient, u as parseDiscordComponentCustomIdForCarbon, ut as resolveDiscordAllowListMatch, v as sendStickerDiscord, vt as formatDiscordReactionEmoji, w as fetchMessageDiscord, wt as buildChannelKeyCandidates, x as createThreadDiscord, xt as resolveTimestampMs, y as sendVoiceMessageDiscord, yt as formatDiscordUserTag, z as listGuildChannelsDiscord } from "./send-fdOUhBcN.js";
+import { f as normalizeModelRef, l as isCliProvider, m as parseModelRef, p as normalizeProviderId, u as modelKey } from "./shell-env-CKQ7fvtT.js";
+import { A as safeStatSync, B as setConfigValueAtPath, C as isAvatarHttpUrl, D as loadPluginManifestRegistry, E as validateJsonSchemaValue, F as resetConfigOverrides, H as openBoundaryFileSync, I as setConfigOverride, J as VERSION, K as DEFAULT_SUBAGENT_MAX_SPAWN_DEPTH, L as unsetConfigOverride, M as normalizePluginsConfig, N as resolveEffectiveEnableState, O as discoverRemoteClawPlugins, P as getConfigOverrides, R as getConfigValueAtPath, S as isAvatarDataUrl, T as isSupportedLocalAvatarExtension, V as unsetConfigValueAtPath, _ as normalizeScpRemoteHost, a as validateConfigObjectWithPlugins, c as resolveTelegramCustomCommands, d as resolveSlackNativeStreaming, f as resolveSlackStreamingMode, g as resolveIMessageRemoteAttachmentRoots, h as resolveIMessageAttachmentRoots, i as writeConfigFile, j as applyTestPluginDefaults, k as isPathInside, l as mapStreamingModeToSlackLegacyDraftStreamMode, m as isInboundPathAllowed, n as readConfigFileSnapshot, o as TELEGRAM_COMMAND_NAME_PATTERN, q as resolveAgentMaxConcurrent, s as normalizeTelegramCommandName, t as loadConfig, u as resolveDiscordPreviewStreamMode, v as isSafeExecutableValue, w as isPathWithinRoot, x as AVATAR_MAX_BYTES, y as parseDurationMs, z as parseConfigPath } from "./config-BIrnJuXL.js";
+import { a as listDeliverableMessageChannels, i as isInternalMessageChannel, n as isDeliverableMessageChannel, o as normalizeMessageChannel, r as isGatewayMessageChannel, s as resolveMessageChannel, t as INTERNAL_MESSAGE_CHANNEL } from "./message-channel-tSSi5C96.js";
+import { A as DEFAULT_RESET_TRIGGERS, B as deriveSessionMetaPatch, D as resolveSessionResetPolicy, E as resolveChannelResetConfig, F as resolveSessionTranscriptsDirForAgent, I as resolveStorePath, M as resolveSessionFilePath, N as resolveSessionFilePathOptions, O as resolveSessionResetType, P as resolveSessionTranscriptPath, R as resolveExplicitAgentSessionKey, T as evaluateSessionFreshness, V as resolveGroupSessionKey, _ as normalizeSessionDeliveryFields, a as resolveAndPersistSessionFile, b as countToolResults, c as readSessionUpdatedAt, d as updateSessionStore, f as updateSessionStoreEntry, g as normalizeDeliveryContext, j as resolveDefaultSessionStorePath, k as resolveThreadFlag, l as recordSessionMetaFromInbound, n as parseSessionThreadInfo, o as CURRENT_SESSION_VERSION, p as deliveryContextFromSession, s as loadSessionStore, u as updateLastRoute, v as normalizeAccountId$3, w as resolveSessionKey, x as extractToolCallNames, y as archiveSessionTranscripts } from "./sessions-D5CiijxL.js";
 import { n as resolveConversationLabel } from "./conversation-label-Dg3yLt9j.js";
-import { A as createReceiptCard, B as logWebhookReceived, C as resolveQueueSettings, D as isRoutableChannel, E as scheduleFollowupDrain, F as logMessageProcessed, G as extractQueueDirective, H as stopDiagnosticHeartbeat, I as logMessageQueued, J as AGENT_LANE_SUBAGENT, K as callGateway, L as logSessionStateChange, M as clearSessionQueues, N as clearCommandLane, O as routeReply, P as getQueueSize, Q as resolveGatewayCredentialsFromConfig, R as logWebhookError, S as unregisterSessionBindingAdapter, T as getFollowupQueueDepth, U as emitDiagnosticEvent, V as startDiagnosticHeartbeat, W as isDiagnosticsEnabled, X as emitAgentEvent, Y as clearAgentRunContext, Z as registerAgentRunContext, _ as resolveMainSessionAlias, a as markSubagentRunTerminated, b as getSessionBindingService, d as extractAssistantText, f as sanitizeTextContent, g as resolveInternalSessionKey, h as resolveDisplaySessionKey, i as markSubagentRunForSteerRestart, j as buildOutboundSessionContext, k as normalizeReplyPayload, l as resolveAgentTimeoutMs, m as stripReasoningTagsFromText, n as countActiveRunsForSession, o as registerSubagentRun, p as stripToolMessages, q as AGENT_LANE_NESTED, r as listSubagentRunsForRequester, s as replaceSubagentRunAfterSteer, t as clearSubagentRunSteerRestart, u as buildSubagentSystemPrompt, v as getSubagentDepthFromSessionStore, w as enqueueFollowupRun, x as registerSessionBindingAdapter, y as extractTextFromChatContent, z as logWebhookProcessed } from "./subagent-registry-DvnyYXMs.js";
-import { n as logError, t as logDebug } from "./logger-Bp0X6yHd.js";
-import { a as isRenderablePayload, c as createReplyToModeFilterForChannel, d as isContextOverflowError, f as isLikelyContextOverflowError, g as initializeGlobalHookRunner, h as getGlobalHookRunner, i as filterMessagingToolMediaDuplicates, l as resolveReplyToMode, m as sanitizeUserFacingText, n as applyReplyThreading, o as shouldSuppressMessagingToolReplies, p as isTransientHttpError, r as filterMessagingToolDuplicates, s as shouldSuppressReasoningPayload, t as applyReplyTagsToPayload, u as isCompactionFailureError } from "./reply-payloads-DbQW7c5s.js";
-import { n as fetchWithTimeout } from "./fetch-timeout-DTIN7CGM.js";
-import { f as normalizeHostname, i as extensionForMime$1, n as fetchRemoteMedia, o as isAudioFileName, r as detectMime, s as isGifMedia, t as MediaFetchError, u as mediaKindFromMime } from "./fetch-C-q-x9xS.js";
-import { n as wrapFetchWithAbortSignal, t as resolveFetch } from "./fetch-B_D1a6ac.js";
-import { n as recordChannelActivity, o as retryAsync, r as createDiscordRetryRunner, t as getChannelActivity } from "./channel-activity-D47P56pj.js";
-import { $ as getPairingAdapter, A as hasBotMention, B as normalizeDmAllowFromWithStore, C as buildTelegramGroupPeerId, D as describeReplyTarget, E as buildTypingThreadParams, F as resolveTelegramReplyId, G as resolveGroupAllowFromSources, H as firstDefined$1, I as resolveTelegramStreamMode, J as withTelegramApiErrorLogging, K as formatLocationText, L as resolveTelegramThreadSpec, M as resolveTelegramForumThreadId, N as resolveTelegramGroupAllowFromContext, O as expandTextLinks, P as resolveTelegramMediaPlaceholder, Q as upsertChannelPairingRequest, R as isSenderAllowed$1, S as buildTelegramGroupFrom, T as buildTelegramThreadParams, U as isSenderIdAllowed, V as resolveSenderAllowMatch, W as mergeDmAllowFromSources, X as readChannelAllowFromStore, Y as addChannelAllowFromStoreEntry, Z as removeChannelAllowFromStoreEntry, _ as resolveTelegramFetch, a as reactMessageTelegram, b as buildSenderLabel, c as sendStickerTelegram, d as wasSentByBot, et as listPairingChannels, f as isRecoverableTelegramNetworkError, g as wrapFileReferencesInHtml, h as renderTelegramHtmlText, i as editMessageTelegram, j as normalizeForwardedContext, k as extractTelegramLocation, m as markdownToTelegramHtml, n as createForumTopicTelegram, nt as parseTelegramTarget, o as sendMessageTelegram, p as markdownToTelegramChunks, q as toLocationContext, r as deleteMessageTelegram, rt as resolveTelegramTargetChatType, s as sendPollTelegram, t as buildInlineKeyboard, tt as isVoiceCompatibleAudio, u as resolveTelegramVoiceSend, v as splitTelegramCaption, w as buildTelegramParentPeer, x as buildSenderName, y as buildGroupLabel, z as normalizeAllowFrom$2 } from "./send-CeBdN3Dp.js";
-import { a as resolveEffectiveMessagesConfig, i as resolveAgentIdentity, o as resolveHumanDelayConfig, r as resolveAckReaction } from "./response-prefix-template-BgDMziqu.js";
-import { a as chunkText, c as resolveChunkMode, d as isSafeFenceBreak, f as parseFenceSpans, i as chunkMarkdownTextWithMode, l as resolveTextChunkLimit, o as chunkTextWithMode, r as chunkMarkdownText, t as chunkByNewline, u as findFenceSpanAt } from "./chunk-C5Oai9vm.js";
-import { n as resolveMarkdownTableMode } from "./markdown-tables-Bm7xJUcn.js";
-import { i as loadWebMedia, o as getAgentScopedMediaLocalRoots } from "./ir-CDjoXuIW.js";
-import { a as resizeToJpeg, n as getImageMetadata, o as runCommandWithTimeout } from "./image-ops-CAVojpnw.js";
-import { a as parseAvailableTags, c as readStringArrayParam, i as jsonResult, l as readStringOrNumberParam, o as readNumberParam, r as createActionGate, s as readReactionParams, t as missingTargetError, u as readStringParam } from "./target-errors-owiG6LWY.js";
-import { _ as resolveNativeCommandsEnabled, a as listChatCommandsForConfig, c as normalizeCommandBody, d as resolveCommandArgMenu, f as serializeCommandArgs, g as isRestartEnabled, h as isNativeCommandsExplicitlyDisabled, i as listChatCommands, l as parseCommandArgs, m as isCommandFlagEnabled, o as listNativeCommandSpecs, p as shouldHandleTextCommands, r as findCommandByNativeName, s as listNativeCommandSpecsForConfig, t as buildCommandTextFromArgs, u as resolveCommandArgChoices } from "./commands-registry-CB3qR3Ui.js";
-import { n as saveJsonFile, t as loadJsonFile } from "./json-file-CRyYLqpu.js";
-import { a as clearExpiredCooldowns, c as resolveProfileUnusableUntil, d as ensureAuthProfileStore, f as normalizeSecretInput, i as resolveModelAuthMode, l as resolveApiKeyForProfile, n as transcribeFirstAudio, o as isProfileInCooldown, r as resolveApiKeyForProvider, s as markAuthProfileUsed, u as listProfilesForProvider } from "./preflight-B9B3VBaW.js";
-import { n as formatErrorMessage, r as formatUncaughtError } from "./errors-bgTXk4n7.js";
-import { t as convertMarkdownTables } from "./tables-Bk8AXTIS.js";
+import { $ as clearAgentRunContext, A as createReceiptCard, B as logWebhookReceived, C as resolveQueueSettings, D as isRoutableChannel, E as scheduleFollowupDrain, F as logMessageProcessed, G as extractQueueDirective, H as stopDiagnosticHeartbeat, I as logMessageQueued, J as AGENT_LANE_SUBAGENT, K as callGateway, L as logSessionStateChange, M as clearSessionQueues, N as clearCommandLane, O as routeReply, P as getQueueSize, Q as unregisterSessionRun, R as logWebhookError, S as unregisterSessionBindingAdapter, T as getFollowupQueueDepth, U as emitDiagnosticEvent, V as startDiagnosticHeartbeat, W as isDiagnosticsEnabled, X as killSessionRun, Y as isSessionRunActive, Z as registerSessionRun, _ as resolveMainSessionAlias, a as markSubagentRunTerminated, b as getSessionBindingService, d as extractAssistantText, et as emitAgentEvent, f as sanitizeTextContent, g as resolveInternalSessionKey, h as resolveDisplaySessionKey, i as markSubagentRunForSteerRestart, j as buildOutboundSessionContext, k as normalizeReplyPayload, l as resolveAgentTimeoutMs, m as stripReasoningTagsFromText, n as countActiveRunsForSession, nt as resolveGatewayCredentialsFromConfig, o as registerSubagentRun, p as stripToolMessages, q as AGENT_LANE_NESTED, r as listSubagentRunsForRequester, s as replaceSubagentRunAfterSteer, t as clearSubagentRunSteerRestart, tt as registerAgentRunContext, u as buildSubagentSystemPrompt, v as getSubagentDepthFromSessionStore, w as enqueueFollowupRun, x as registerSessionBindingAdapter, y as extractTextFromChatContent, z as logWebhookProcessed } from "./subagent-registry-D2yHvOBr.js";
+import { a as listProfilesForProvider, c as isProfileInCooldown, d as ensureAuthProfileStore, f as resolveApiKeyForProfile, i as resolveModelAuthMode, l as markAuthProfileUsed, n as transcribeFirstAudio, o as normalizeSecretInput, r as resolveApiKeyForProvider, s as clearExpiredCooldowns, u as resolveProfileUnusableUntil } from "./preflight-a80t-iPi.js";
+import { n as saveJsonFile, t as loadJsonFile } from "./json-file-DYQIVLc1.js";
+import { n as logError, t as logDebug } from "./logger-BKFID___.js";
+import { a as isRenderablePayload, c as createReplyToModeFilterForChannel, d as isContextOverflowError, f as isLikelyContextOverflowError, g as initializeGlobalHookRunner, h as getGlobalHookRunner, i as filterMessagingToolMediaDuplicates, l as resolveReplyToMode, m as sanitizeUserFacingText, n as applyReplyThreading, o as shouldSuppressMessagingToolReplies, p as isTransientHttpError, r as filterMessagingToolDuplicates, s as shouldSuppressReasoningPayload, t as applyReplyTagsToPayload, u as isCompactionFailureError } from "./reply-payloads-DwEnDy7C.js";
+import { n as fetchWithTimeout } from "./fetch-timeout-jOIu9Xud.js";
+import { f as normalizeHostname, i as extensionForMime$1, n as fetchRemoteMedia, o as isAudioFileName, r as detectMime, s as isGifMedia, t as MediaFetchError, u as mediaKindFromMime } from "./fetch--eFpeNac.js";
+import { n as wrapFetchWithAbortSignal, t as resolveFetch } from "./fetch-C3R1kkzO.js";
+import { n as recordChannelActivity, o as retryAsync, r as createDiscordRetryRunner, t as getChannelActivity } from "./channel-activity-Bydtz0cv.js";
+import { $ as getPairingAdapter, A as hasBotMention, B as normalizeDmAllowFromWithStore, C as buildTelegramGroupPeerId, D as describeReplyTarget, E as buildTypingThreadParams, F as resolveTelegramReplyId, G as resolveGroupAllowFromSources, H as firstDefined$1, I as resolveTelegramStreamMode, J as withTelegramApiErrorLogging, K as formatLocationText, L as resolveTelegramThreadSpec, M as resolveTelegramForumThreadId, N as resolveTelegramGroupAllowFromContext, O as expandTextLinks, P as resolveTelegramMediaPlaceholder, Q as upsertChannelPairingRequest, R as isSenderAllowed$1, S as buildTelegramGroupFrom, T as buildTelegramThreadParams, U as isSenderIdAllowed, V as resolveSenderAllowMatch, W as mergeDmAllowFromSources, X as readChannelAllowFromStore, Y as addChannelAllowFromStoreEntry, Z as removeChannelAllowFromStoreEntry, _ as resolveTelegramFetch, a as reactMessageTelegram, b as buildSenderLabel, c as sendStickerTelegram, d as wasSentByBot, et as listPairingChannels, f as isRecoverableTelegramNetworkError, g as wrapFileReferencesInHtml, h as renderTelegramHtmlText, i as editMessageTelegram, j as normalizeForwardedContext, k as extractTelegramLocation, m as markdownToTelegramHtml, n as createForumTopicTelegram, nt as parseTelegramTarget, o as sendMessageTelegram, p as markdownToTelegramChunks, q as toLocationContext, r as deleteMessageTelegram, rt as resolveTelegramTargetChatType, s as sendPollTelegram, t as buildInlineKeyboard, tt as isVoiceCompatibleAudio, u as resolveTelegramVoiceSend, v as splitTelegramCaption, w as buildTelegramParentPeer, x as buildSenderName, y as buildGroupLabel, z as normalizeAllowFrom$2 } from "./send-CgAV9I1-.js";
+import { a as resolveEffectiveMessagesConfig, i as resolveAgentIdentity, o as resolveHumanDelayConfig, r as resolveAckReaction } from "./response-prefix-template-DDQsoC2g.js";
+import { a as chunkText, c as resolveChunkMode, d as isSafeFenceBreak, f as parseFenceSpans, i as chunkMarkdownTextWithMode, l as resolveTextChunkLimit, o as chunkTextWithMode, r as chunkMarkdownText, t as chunkByNewline, u as findFenceSpanAt } from "./chunk-0ZB8yVlw.js";
+import { n as resolveMarkdownTableMode } from "./markdown-tables-CfM1ner1.js";
+import { i as loadWebMedia, o as getAgentScopedMediaLocalRoots } from "./ir-BK7K3Bbu.js";
+import { a as resizeToJpeg, n as getImageMetadata, o as runCommandWithTimeout } from "./image-ops-CD4YRYFY.js";
+import { a as parseAvailableTags, c as readStringArrayParam, i as jsonResult, l as readStringOrNumberParam, o as readNumberParam, r as createActionGate, s as readReactionParams, t as missingTargetError, u as readStringParam } from "./target-errors-D7fLx8zG.js";
+import { _ as resolveNativeCommandsEnabled, a as listChatCommandsForConfig, c as normalizeCommandBody, d as resolveCommandArgMenu, f as serializeCommandArgs, g as isRestartEnabled, h as isNativeCommandsExplicitlyDisabled, i as listChatCommands, l as parseCommandArgs, m as isCommandFlagEnabled, o as listNativeCommandSpecs, p as shouldHandleTextCommands, r as findCommandByNativeName, s as listNativeCommandSpecsForConfig, t as buildCommandTextFromArgs, u as resolveCommandArgChoices } from "./commands-registry-BQrQnwzJ.js";
+import { n as formatErrorMessage, r as formatUncaughtError } from "./errors-Bg7BK273.js";
+import { t as convertMarkdownTables } from "./tables-CDsRjvfB.js";
 import { n as generateSecureUuid, t as generateSecureToken } from "./secure-random-B_UuvbNQ.js";
-import { a as normalizeOutboundPayloadsForJson, i as normalizeOutboundPayloads, o as parseReplyDirectives, r as formatOutboundPayloadLog, t as deliverOutboundPayloads } from "./deliver-BTjGqSGN.js";
+import { a as normalizeOutboundPayloadsForJson, i as normalizeOutboundPayloads, o as parseReplyDirectives, r as formatOutboundPayloadLog, t as deliverOutboundPayloads } from "./deliver-z04wZfnQ.js";
 import { r as normalizeInboundTextNewlines, t as finalizeInboundContext } from "./inbound-context-DbddR753.js";
-import { c as signalRpcRequest, l as streamSignalEvents, n as sendReadReceiptSignal, o as resolveSignalRpcContext, r as sendTypingSignal, s as signalCheck, t as sendMessageSignal } from "./send-DgVCmydL.js";
+import { c as signalRpcRequest, l as streamSignalEvents, n as sendReadReceiptSignal, o as resolveSignalRpcContext, r as sendTypingSignal, s as signalCheck, t as sendMessageSignal } from "./send-CkPRLaz-.js";
 import { t as makeProxyFetch } from "./proxy-HXV2llPX.js";
-import { n as resolveAgentRoute, t as buildAgentSessionKey } from "./resolve-route-BBztqaX0.js";
-import { n as saveMediaBuffer } from "./outbound-attachment-BXwueqll.js";
-import { a as createReplyReferencePlanner, i as resolveSlackThreadTs, n as deliverReplies$3, t as createSlackReplyDeliveryPlan } from "./replies-Cu8SG6CK.js";
-import { t as createReplyPrefixOptions } from "./reply-prefix-DwJ8gxoz.js";
-import { a as normalizeIMessageHandle, i as isAllowedIMessageSender, o as createIMessageRpcClient, r as formatIMessageChatTarget, s as DEFAULT_IMESSAGE_PROBE_TIMEOUT_MS, t as sendMessageIMessage } from "./send-C2J41ICD.js";
-import { t as getActiveWebListener } from "./active-listener-nMUQ-dVt.js";
+import { n as resolveAgentRoute, t as buildAgentSessionKey } from "./resolve-route-DFUMTbRD.js";
+import { n as saveMediaBuffer } from "./outbound-attachment-6NNNORlp.js";
+import { a as createReplyReferencePlanner, i as resolveSlackThreadTs, n as deliverReplies$3, t as createSlackReplyDeliveryPlan } from "./replies-Dsu1hdd7.js";
+import { t as createReplyPrefixOptions } from "./reply-prefix-DtQ_7Eac.js";
+import { a as normalizeIMessageHandle, i as isAllowedIMessageSender, o as createIMessageRpcClient, r as formatIMessageChatTarget, s as DEFAULT_IMESSAGE_PROBE_TIMEOUT_MS, t as sendMessageIMessage } from "./send-DBeVQI-J.js";
+import { t as getActiveWebListener } from "./active-listener-DVLYzYd3.js";
 import { createRequire } from "node:module";
 import path, { join } from "node:path";
 import fs, { existsSync, mkdirSync, mkdtempSync, readFileSync, renameSync, rmSync, unlinkSync, writeFileSync } from "node:fs";
@@ -60,7 +60,7 @@ import { fileURLToPath } from "node:url";
 import { ProxyAgent, fetch as fetch$1 } from "undici";
 import readline, { createInterface } from "node:readline";
 import { createJiti } from "jiti";
-import WebSocket$1 from "ws";
+import WebSocket from "ws";
 import { Type } from "@sinclair/typebox";
 import { EdgeTTS } from "node-edge-tts";
 import { ApplicationCommandOptionType, ButtonStyle, ChannelType, PermissionFlagsBits, Routes, StickerFormatType } from "discord-api-types/v10";
@@ -96,27 +96,27 @@ function createOutboundSendDepsFromCliSource(deps) {
 function createDefaultDeps() {
 	return {
 		sendMessageWhatsApp: async (...args) => {
-			const { sendMessageWhatsApp } = await import("./web-CKces-ap.js");
+			const { sendMessageWhatsApp } = await import("./web-DHXIgMOC.js");
 			return await sendMessageWhatsApp(...args);
 		},
 		sendMessageTelegram: async (...args) => {
-			const { sendMessageTelegram } = await import("./send-CeBdN3Dp.js").then((n) => n.l);
+			const { sendMessageTelegram } = await import("./send-CgAV9I1-.js").then((n) => n.l);
 			return await sendMessageTelegram(...args);
 		},
 		sendMessageDiscord: async (...args) => {
-			const { sendMessageDiscord } = await import("./send-Cibl-r-E.js").then((n) => n.t);
+			const { sendMessageDiscord } = await import("./send-fdOUhBcN.js").then((n) => n.t);
 			return await sendMessageDiscord(...args);
 		},
 		sendMessageSlack: async (...args) => {
-			const { sendMessageSlack } = await import("./send-D3Uuw_MA.js").then((n) => n.n);
+			const { sendMessageSlack } = await import("./send-4gX7wep2.js").then((n) => n.n);
 			return await sendMessageSlack(...args);
 		},
 		sendMessageSignal: async (...args) => {
-			const { sendMessageSignal } = await import("./send-DgVCmydL.js").then((n) => n.i);
+			const { sendMessageSignal } = await import("./send-CkPRLaz-.js").then((n) => n.i);
 			return await sendMessageSignal(...args);
 		},
 		sendMessageIMessage: async (...args) => {
-			const { sendMessageIMessage } = await import("./send-C2J41ICD.js").then((n) => n.n);
+			const { sendMessageIMessage } = await import("./send-DBeVQI-J.js").then((n) => n.n);
 			return await sendMessageIMessage(...args);
 		}
 	};
@@ -228,6 +228,280 @@ function resolveResponseUsageMode(raw) {
 	return normalizeUsageDisplay(raw) ?? "off";
 }
+//#endregion
+//#region src/auth/env-injection.ts
+/**
+* Auth profile -> CLI subprocess env var injection.
+*
+* Resolves per-agent auth profile references to environment variables
+* suitable for injecting into CLI subprocess environments.
+*/
+const log$4 = createSubsystemLogger("auth-env");
+/**
+* Map a provider ID to the primary environment variable name used by CLI agents.
+*
+* Returns `undefined` for providers with no known env var mapping.
+*/
+function resolveProviderEnvVarName(provider) {
+	const normalized = normalizeProviderId(provider);
+	switch (normalized) {
+		case "anthropic": return "ANTHROPIC_API_KEY";
+		case "google": return "GEMINI_API_KEY";
+		case "openai":
+		case "openai-codex": return "OPENAI_API_KEY";
+		case "opencode": return "OPENCODE_API_KEY";
+		case "github-copilot": return "GITHUB_TOKEN";
+		default: break;
+	}
+	return {
+		voyage: "VOYAGE_API_KEY",
+		groq: "GROQ_API_KEY",
+		deepgram: "DEEPGRAM_API_KEY",
+		cerebras: "CEREBRAS_API_KEY",
+		xai: "XAI_API_KEY",
+		openrouter: "OPENROUTER_API_KEY",
+		litellm: "LITELLM_API_KEY",
+		mistral: "MISTRAL_API_KEY",
+		together: "TOGETHER_API_KEY",
+		moonshot: "MOONSHOT_API_KEY",
+		minimax: "MINIMAX_API_KEY",
+		nvidia: "NVIDIA_API_KEY",
+		xiaomi: "XIAOMI_API_KEY",
+		venice: "VENICE_API_KEY",
+		qianfan: "QIANFAN_API_KEY",
+		kilocode: "KILOCODE_API_KEY",
+		elevenlabs: "ELEVENLABS_API_KEY"
+	}[normalized];
+}
+/**
+* Pick the next profile ID from an array using persistent, cooldown-aware
+* round-robin. Profiles are ordered by lastUsed (oldest first) with
+* cooldown profiles pushed to the end. The selected profile is marked as
+* used so subsequent calls rotate to the next one.
+*/
+async function pickNextProfile(store, profiles) {
+	if (profiles.length === 0) return;
+	clearExpiredCooldowns(store);
+	const available = [];
+	const inCooldown = [];
+	const now = Date.now();
+	for (const profileId of profiles) {
+		if (!store.profiles[profileId]) continue;
+		if (isProfileInCooldown(store, profileId)) {
+			const cooldownUntil = resolveProfileUnusableUntil(store.usageStats?.[profileId] ?? {}) ?? now;
+			inCooldown.push({
+				profileId,
+				cooldownUntil
+			});
+		} else available.push(profileId);
+	}
+	const sorted = available.toSorted((a, b) => {
+		return (store.usageStats?.[a]?.lastUsed ?? 0) - (store.usageStats?.[b]?.lastUsed ?? 0);
+	});
+	const cooldownSorted = inCooldown.toSorted((a, b) => a.cooldownUntil - b.cooldownUntil).map((entry) => entry.profileId);
+	const selected = [...sorted, ...cooldownSorted][0];
+	if (!selected) return;
+	await markAuthProfileUsed({
+		store,
+		profileId: selected
+	});
+	return selected;
+}
+/**
+* Return the number of auth profiles configured for an agent.
+*
+* - `auth: false` or `undefined` -> 0
+* - `auth: "profile-id"` -> 1
+* - `auth: ["id1", "id2"]` -> N
+*/
+function resolveAuthProfileCount(cfg, agentId) {
+	const auth = resolveAgentAuth(cfg, agentId);
+	if (auth === false || auth === void 0) return 0;
+	if (typeof auth === "string") return 1;
+	return auth.length;
+}
+/**
+* Resolve per-agent auth profile(s) to env vars for CLI subprocess injection.
+*
+* - `auth: false` -> no injection (returns `undefined`)
+* - `auth: "profile-id"` -> resolve single profile, inject as env var
+* - `auth: ["id1", "id2"]` -> persistent cooldown-aware round-robin, inject selected profile
+* - `auth: undefined` -> no injection (returns `undefined`)
+*
+* Missing or invalid profiles log a warning and return `undefined`
+* (fall-through to next credential precedence level).
+*/
+async function resolveAuthEnv(params) {
+	const auth = resolveAgentAuth(params.cfg, params.agentId);
+	if (auth === false || auth === void 0) return;
+	const store = params.store ?? ensureAuthProfileStore();
+	const profileId = Array.isArray(auth) ? await pickNextProfile(store, auth) : auth;
+	if (!profileId) return;
+	let resolved;
+	try {
+		resolved = await resolveApiKeyForProfile({
+			cfg: params.cfg,
+			store,
+			profileId
+		});
+	} catch {
+		log$4.warn(`Failed to resolve auth profile "${profileId}" — skipping env injection`);
+		return;
+	}
+	if (!resolved) {
+		log$4.warn(`Auth profile "${profileId}" not found or has no key — skipping env injection`);
+		return;
+	}
+	const envVarName = resolveProviderEnvVarName(resolved.provider);
+	if (!envVarName) {
+		log$4.warn(`No env var mapping for provider "${resolved.provider}" (profile "${profileId}") — skipping env injection`);
+		return;
+	}
+	const credType = store.profiles[profileId]?.type;
+	return { [envVarName === "ANTHROPIC_API_KEY" && credType === "token" ? "CLAUDE_CODE_OAUTH_TOKEN" : envVarName]: resolved.apiKey };
+}
+//#endregion
+//#region src/middleware/error-classifier.ts
+const retryablePatterns = [
+	/rate.?limit/i,
+	/429/i,
+	/503/i,
+	/overloaded/i,
+	/ETIMEDOUT/i,
+	/ECONNRESET/i,
+	/ECONNREFUSED/i,
+	/network/i
+];
+const contextOverflowPatterns = [
+	/context.?length/i,
+	/context.?window/i,
+	/context.?overflow/i,
+	/too many tokens/i,
+	/maximum context/i,
+	/token.?limit/i
+];
+const fatalAuthPatterns = [
+	/401/i,
+	/403/i,
+	/unauthorized/i,
+	/forbidden/i,
+	/invalid.?key/i,
+	/authentication/i
+];
+/**
+* Rate-limit and auth failure patterns that may benefit from key rotation.
+*
+* Includes rate-limit indicators (429, quota) and auth failures
+* (401, invalid key) — a different API key might succeed in either case.
+*/
+const authRotatablePatterns = [
+	/rate.?limit/i,
+	/\b429\b/,
+	/quota.?exceeded/i,
+	/resource.?exhausted/i,
+	/too many requests/i,
+	/\b401\b/,
+	/unauthorized/i,
+	/invalid.?key/i
+];
+/**
+* Test whether an error message indicates a rate-limit or auth failure
+* that could be resolved by rotating to a different API key.
+*/
+function isAuthRotatableError(message) {
+	return authRotatablePatterns.some((pattern) => pattern.test(message));
+}
+/**
+* Classify an error message string into an actionable category.
+*
+* Uses first-match-wins semantics across ordered pattern arrays:
+* 1. Retryable patterns checked first
+* 2. Context overflow patterns checked second
+* 3. Fatal auth patterns checked third
+* 4. Default: "fatal" for unmatched messages
+*
+* Case-insensitive matching throughout.
+*/
+function classifyError(message) {
+	for (const pattern of retryablePatterns) if (pattern.test(message)) {
+		logDebug(`[error-classifier] classified as retryable: ${message.slice(0, 200)}`);
+		return "retryable";
+	}
+	for (const pattern of contextOverflowPatterns) if (pattern.test(message)) {
+		logDebug(`[error-classifier] classified as context_overflow: ${message.slice(0, 200)}`);
+		return "context_overflow";
+	}
+	for (const pattern of fatalAuthPatterns) if (pattern.test(message)) {
+		logDebug(`[error-classifier] classified as fatal (auth): ${message.slice(0, 200)}`);
+		return "fatal";
+	}
+	logDebug(`[error-classifier] classified as fatal (unmatched): ${message.slice(0, 200)}`);
+	return "fatal";
+}
+//#endregion
+//#region src/middleware/auth-key-retry.ts
+/**
+* Auth key retry — rotates to the next auth profile on rate-limit / auth errors.
+*
+* When an agent has multiple auth profiles configured (`auth: ["k1", "k2"]`),
+* a rate-limit or auth failure triggers a retry with the next key in the
+* rotation. Each key is tried at most once per invocation.
+*/
+const log$3 = createSubsystemLogger("auth-retry");
+/**
+* Execute a callback with automatic auth key retry on rate-limit / auth errors.
+*
+* - `auth: false` / `undefined` / single key → one attempt, no retry.
+* - `auth: ["k1", "k2", ...]` → up to `N` attempts (one per key).
+*
+* The `execute` callback receives a merged env (base + auth). On a rate-limit
+* or auth error (thrown or returned in the result), the next profile is
+* selected via round-robin and the callback is retried.
+*
+* @param options  Auth config and base env.
+* @param execute  Callback that runs the agent with the given env.
+* @param getErrorMessage  Extracts an error string from a non-thrown result
+*                         (e.g. `result.error`). Return `undefined` if no error.
+*/
+async function withAuthKeyRetry(options, execute, getErrorMessage) {
+	const profileCount = resolveAuthProfileCount(options.cfg, options.agentId);
+	const maxAttempts = Math.max(1, profileCount);
+	let lastResult;
+	let lastError;
+	for (let attempt = 0; attempt < maxAttempts; attempt++) {
+		const authEnv = await resolveAuthEnv({
+			cfg: options.cfg,
+			agentId: options.agentId,
+			store: options.store
+		});
+		const env = authEnv ? {
+			...options.baseEnv,
+			...authEnv
+		} : options.baseEnv ? { ...options.baseEnv } : {};
+		try {
+			const result = await execute(env);
+			const errorMsg = getErrorMessage(result);
+			if (errorMsg && isAuthRotatableError(errorMsg) && attempt + 1 < maxAttempts) {
+				log$3.info(`Auth key rate-limited (attempt ${attempt + 1}/${maxAttempts}), rotating to next profile`);
+				lastResult = result;
+				continue;
+			}
+			return result;
+		} catch (err) {
+			lastError = err;
+			if (isAuthRotatableError(err instanceof Error ? err.message : String(err)) && attempt + 1 < maxAttempts) {
+				log$3.info(`Auth key rate-limited (attempt ${attempt + 1}/${maxAttempts}), rotating to next profile`);
+				continue;
+			}
+			throw err;
+		}
+	}
+	if (lastResult !== void 0) return lastResult;
+	throw lastError;
+}
 //#endregion
 //#region src/middleware/delivery-adapter.ts
 const DEFAULT_CHUNK_LIMIT = 4e3;
@@ -404,85 +678,6 @@ function findOpenCodeFence(text, limit) {
 	return openFence;
 }
-//#endregion
-//#region src/middleware/error-classifier.ts
-const retryablePatterns = [
-	/rate.?limit/i,
-	/429/i,
-	/503/i,
-	/overloaded/i,
-	/ETIMEDOUT/i,
-	/ECONNRESET/i,
-	/ECONNREFUSED/i,
-	/network/i
-];
-const contextOverflowPatterns = [
-	/context.?length/i,
-	/context.?window/i,
-	/context.?overflow/i,
-	/too many tokens/i,
-	/maximum context/i,
-	/token.?limit/i
-];
-const fatalAuthPatterns = [
-	/401/i,
-	/403/i,
-	/unauthorized/i,
-	/forbidden/i,
-	/invalid.?key/i,
-	/authentication/i
-];
-/**
-* Rate-limit and auth failure patterns that may benefit from key rotation.
-*
-* Includes rate-limit indicators (429, quota) and auth failures
-* (401, invalid key) — a different API key might succeed in either case.
-*/
-const authRotatablePatterns = [
-	/rate.?limit/i,
-	/\b429\b/,
-	/quota.?exceeded/i,
-	/resource.?exhausted/i,
-	/too many requests/i,
-	/\b401\b/,
-	/unauthorized/i,
-	/invalid.?key/i
-];
-/**
-* Test whether an error message indicates a rate-limit or auth failure
-* that could be resolved by rotating to a different API key.
-*/
-function isAuthRotatableError(message) {
-	return authRotatablePatterns.some((pattern) => pattern.test(message));
-}
-/**
-* Classify an error message string into an actionable category.
-*
-* Uses first-match-wins semantics across ordered pattern arrays:
-* 1. Retryable patterns checked first
-* 2. Context overflow patterns checked second
-* 3. Fatal auth patterns checked third
-* 4. Default: "fatal" for unmatched messages
-*
-* Case-insensitive matching throughout.
-*/
-function classifyError(message) {
-	for (const pattern of retryablePatterns) if (pattern.test(message)) {
-		logDebug(`[error-classifier] classified as retryable: ${message.slice(0, 200)}`);
-		return "retryable";
-	}
-	for (const pattern of contextOverflowPatterns) if (pattern.test(message)) {
-		logDebug(`[error-classifier] classified as context_overflow: ${message.slice(0, 200)}`);
-		return "context_overflow";
-	}
-	for (const pattern of fatalAuthPatterns) if (pattern.test(message)) {
-		logDebug(`[error-classifier] classified as fatal (auth): ${message.slice(0, 200)}`);
-		return "fatal";
-	}
-	logDebug(`[error-classifier] classified as fatal (unmatched): ${message.slice(0, 200)}`);
-	return "fatal";
-}
 //#endregion
 //#region src/middleware/mcp-side-effects.ts
 async function readMcpSideEffects(filePath) {
@@ -2146,6 +2341,15 @@ var ChannelBridge = class {
 			let workspaceDir = this.#workspaceDir;
 			let hookEnv;
 			const runId = randomUUID();
+			const sessionKeyStr = formatSessionKeyString(sessionKey);
+			const internalAbortCtrl = new AbortController();
+			registerSessionRun(sessionKeyStr, {
+				startedAt: Date.now(),
+				sessionKey: sessionKeyStr,
+				agentId: message.agentId ?? "default",
+				abortController: internalAbortCtrl
+			});
+			const combinedSignal = abortSignal ? AbortSignal.any([abortSignal, internalAbortCtrl.signal]) : internalAbortCtrl.signal;
 			if (hookRunner?.hasHooks("before_runtime_spawn")) {
 				const spawnResult = await hookRunner.runBeforeRuntimeSpawn({
 					runtimeName: this.#provider,
@@ -2190,7 +2394,7 @@ var ChannelBridge = class {
 					media: supportedMedia?.length ? supportedMedia : void 0,
 					sessionId: existingSessionId,
 					mcpServers,
-					abortSignal,
+					abortSignal: combinedSignal,
 					workingDirectory: workspaceDir,
 					env: this.#runtimeEnv || hookEnv ? {
 						...this.#runtimeEnv,
@@ -2259,6 +2463,7 @@ var ChannelBridge = class {
 				error: lastError
 			};
 		} finally {
+			unregisterSessionRun(formatSessionKeyString(sessionKey));
 			await rm(invocationDir, {
 				recursive: true,
 				force: true
@@ -3775,11 +3980,13 @@ function stopSubagentsForRequester(params) {
 				store = loadSessionStore(storePath);
 				storeCache.set(storePath, store);
 			}
-			if (markSubagentRunTerminated({
+			const markedTerminated = markSubagentRunTerminated({
 				runId: run.runId,
 				childSessionKey: childKey,
 				reason: "killed"
-			}) > 0 || cleared.followupCleared > 0 || cleared.laneCleared > 0) stopped += 1;
+			}) > 0;
+			killSessionRun(childKey);
+			if (markedTerminated || cleared.followupCleared > 0 || cleared.laneCleared > 0) stopped += 1;
 		}
 		const cascadeResult = stopSubagentsForRequester({
 			cfg: params.cfg,
@@ -3839,6 +4046,7 @@ async function tryFastAbortFromMessage(params) {
 				nextStore[key] = nextEntry;
 			});
 		} else if (abortKey) setAbortMemory(abortKey, true);
+		if (requesterSessionKey) killSessionRun(requesterSessionKey);
 		const { stopped } = stopSubagentsForRequester({
 			cfg,
 			requesterSessionKey
@@ -3850,6 +4058,7 @@ async function tryFastAbortFromMessage(params) {
 		};
 	}
 	if (abortKey) setAbortMemory(abortKey, true);
+	if (requesterSessionKey) killSessionRun(requesterSessionKey);
 	const { stopped } = stopSubagentsForRequester({
 		cfg,
 		requesterSessionKey
@@ -13093,201 +13302,6 @@ function resolveFallbackTransition(params) {
 	};
 }
-//#endregion
-//#region src/auth/env-injection.ts
-/**
-* Auth profile -> CLI subprocess env var injection.
-*
-* Resolves per-agent auth profile references to environment variables
-* suitable for injecting into CLI subprocess environments.
-*/
-const log$4 = createSubsystemLogger("auth-env");
-/**
-* Map a provider ID to the primary environment variable name used by CLI agents.
-*
-* Returns `undefined` for providers with no known env var mapping.
-*/
-function resolveProviderEnvVarName(provider) {
-	const normalized = normalizeProviderId(provider);
-	switch (normalized) {
-		case "anthropic": return "ANTHROPIC_API_KEY";
-		case "google": return "GEMINI_API_KEY";
-		case "openai":
-		case "openai-codex": return "OPENAI_API_KEY";
-		case "opencode": return "OPENCODE_API_KEY";
-		case "github-copilot": return "GITHUB_TOKEN";
-		default: break;
-	}
-	return {
-		voyage: "VOYAGE_API_KEY",
-		groq: "GROQ_API_KEY",
-		deepgram: "DEEPGRAM_API_KEY",
-		cerebras: "CEREBRAS_API_KEY",
-		xai: "XAI_API_KEY",
-		openrouter: "OPENROUTER_API_KEY",
-		litellm: "LITELLM_API_KEY",
-		mistral: "MISTRAL_API_KEY",
-		together: "TOGETHER_API_KEY",
-		moonshot: "MOONSHOT_API_KEY",
-		minimax: "MINIMAX_API_KEY",
-		nvidia: "NVIDIA_API_KEY",
-		xiaomi: "XIAOMI_API_KEY",
-		venice: "VENICE_API_KEY",
-		qianfan: "QIANFAN_API_KEY",
-		kilocode: "KILOCODE_API_KEY",
-		elevenlabs: "ELEVENLABS_API_KEY"
-	}[normalized];
-}
-/**
-* Pick the next profile ID from an array using persistent, cooldown-aware
-* round-robin. Profiles are ordered by lastUsed (oldest first) with
-* cooldown profiles pushed to the end. The selected profile is marked as
-* used so subsequent calls rotate to the next one.
-*/
-async function pickNextProfile(store, profiles) {
-	if (profiles.length === 0) return;
-	clearExpiredCooldowns(store);
-	const available = [];
-	const inCooldown = [];
-	const now = Date.now();
-	for (const profileId of profiles) {
-		if (!store.profiles[profileId]) continue;
-		if (isProfileInCooldown(store, profileId)) {
-			const cooldownUntil = resolveProfileUnusableUntil(store.usageStats?.[profileId] ?? {}) ?? now;
-			inCooldown.push({
-				profileId,
-				cooldownUntil
-			});
-		} else available.push(profileId);
-	}
-	const sorted = available.toSorted((a, b) => {
-		return (store.usageStats?.[a]?.lastUsed ?? 0) - (store.usageStats?.[b]?.lastUsed ?? 0);
-	});
-	const cooldownSorted = inCooldown.toSorted((a, b) => a.cooldownUntil - b.cooldownUntil).map((entry) => entry.profileId);
-	const selected = [...sorted, ...cooldownSorted][0];
-	if (!selected) return;
-	await markAuthProfileUsed({
-		store,
-		profileId: selected
-	});
-	return selected;
-}
-/**
-* Return the number of auth profiles configured for an agent.
-*
-* - `auth: false` or `undefined` -> 0
-* - `auth: "profile-id"` -> 1
-* - `auth: ["id1", "id2"]` -> N
-*/
-function resolveAuthProfileCount(cfg, agentId) {
-	const auth = resolveAgentAuth(cfg, agentId);
-	if (auth === false || auth === void 0) return 0;
-	if (typeof auth === "string") return 1;
-	return auth.length;
-}
-/**
-* Resolve per-agent auth profile(s) to env vars for CLI subprocess injection.
-*
-* - `auth: false` -> no injection (returns `undefined`)
-* - `auth: "profile-id"` -> resolve single profile, inject as env var
-* - `auth: ["id1", "id2"]` -> persistent cooldown-aware round-robin, inject selected profile
-* - `auth: undefined` -> no injection (returns `undefined`)
-*
-* Missing or invalid profiles log a warning and return `undefined`
-* (fall-through to next credential precedence level).
-*/
-async function resolveAuthEnv(params) {
-	const auth = resolveAgentAuth(params.cfg, params.agentId);
-	if (auth === false || auth === void 0) return;
-	const store = params.store ?? ensureAuthProfileStore();
-	const profileId = Array.isArray(auth) ? await pickNextProfile(store, auth) : auth;
-	if (!profileId) return;
-	let resolved;
-	try {
-		resolved = await resolveApiKeyForProfile({
-			cfg: params.cfg,
-			store,
-			profileId
-		});
-	} catch {
-		log$4.warn(`Failed to resolve auth profile "${profileId}" — skipping env injection`);
-		return;
-	}
-	if (!resolved) {
-		log$4.warn(`Auth profile "${profileId}" not found or has no key — skipping env injection`);
-		return;
-	}
-	const envVarName = resolveProviderEnvVarName(resolved.provider);
-	if (!envVarName) {
-		log$4.warn(`No env var mapping for provider "${resolved.provider}" (profile "${profileId}") — skipping env injection`);
-		return;
-	}
-	const credType = store.profiles[profileId]?.type;
-	return { [envVarName === "ANTHROPIC_API_KEY" && credType === "token" ? "CLAUDE_CODE_OAUTH_TOKEN" : envVarName]: resolved.apiKey };
-}
-//#endregion
-//#region src/middleware/auth-key-retry.ts
-/**
-* Auth key retry — rotates to the next auth profile on rate-limit / auth errors.
-*
-* When an agent has multiple auth profiles configured (`auth: ["k1", "k2"]`),
-* a rate-limit or auth failure triggers a retry with the next key in the
-* rotation. Each key is tried at most once per invocation.
-*/
-const log$3 = createSubsystemLogger("auth-retry");
-/**
-* Execute a callback with automatic auth key retry on rate-limit / auth errors.
-*
-* - `auth: false` / `undefined` / single key → one attempt, no retry.
-* - `auth: ["k1", "k2", ...]` → up to `N` attempts (one per key).
-*
-* The `execute` callback receives a merged env (base + auth). On a rate-limit
-* or auth error (thrown or returned in the result), the next profile is
-* selected via round-robin and the callback is retried.
-*
-* @param options  Auth config and base env.
-* @param execute  Callback that runs the agent with the given env.
-* @param getErrorMessage  Extracts an error string from a non-thrown result
-*                         (e.g. `result.error`). Return `undefined` if no error.
-*/
-async function withAuthKeyRetry(options, execute, getErrorMessage) {
-	const profileCount = resolveAuthProfileCount(options.cfg, options.agentId);
-	const maxAttempts = Math.max(1, profileCount);
-	let lastResult;
-	let lastError;
-	for (let attempt = 0; attempt < maxAttempts; attempt++) {
-		const authEnv = await resolveAuthEnv({
-			cfg: options.cfg,
-			agentId: options.agentId,
-			store: options.store
-		});
-		const env = authEnv ? {
-			...options.baseEnv,
-			...authEnv
-		} : options.baseEnv ? { ...options.baseEnv } : {};
-		try {
-			const result = await execute(env);
-			const errorMsg = getErrorMessage(result);
-			if (errorMsg && isAuthRotatableError(errorMsg) && attempt + 1 < maxAttempts) {
-				log$3.info(`Auth key rate-limited (attempt ${attempt + 1}/${maxAttempts}), rotating to next profile`);
-				lastResult = result;
-				continue;
-			}
-			return result;
-		} catch (err) {
-			lastError = err;
-			if (isAuthRotatableError(err instanceof Error ? err.message : String(err)) && attempt + 1 < maxAttempts) {
-				log$3.info(`Auth key rate-limited (attempt ${attempt + 1}/${maxAttempts}), rotating to next profile`);
-				continue;
-			}
-			throw err;
-		}
-	}
-	if (lastResult !== void 0) return lastResult;
-	throw lastError;
-}
 //#endregion
 //#region src/auto-reply/reply/block-reply-coalescer.ts
 function createBlockReplyCoalescer(params) {
@@ -15415,7 +15429,7 @@ async function runPreparedReply(params) {
 	const laneSize = getQueueSize(sessionLaneKey);
 	if (resolvedQueue.mode === "interrupt" && laneSize > 0) logVerbose(`Interrupting ${sessionLaneKey} (cleared ${clearCommandLane(sessionLaneKey)})`);
 	const queueKey = sessionKey ?? sessionIdFinal;
-	const isActive = false;
+	const isActive = isSessionRunActive(queueKey);
 	const shouldFollowup = resolvedQueue.mode === "followup" || resolvedQueue.mode === "collect" || resolvedQueue.mode === "steer-backlog";
 	return runReplyAgent({
 		commandBody: prefixedCommandBody,
@@ -15543,7 +15557,7 @@ async function deliverSessionMaintenanceWarning(params) {
 		return;
 	}
 	try {
-		const { deliverOutboundPayloads } = await import("./deliver-BTjGqSGN.js").then((n) => n.n);
+		const { deliverOutboundPayloads } = await import("./deliver-z04wZfnQ.js").then((n) => n.n);
 		const outboundSession = buildOutboundSessionContext({
 			cfg: params.cfg,
 			sessionKey: params.sessionKey
@@ -19639,7 +19653,7 @@ function createWhatsAppLoginTool() {
 			force: Type.Optional(Type.Boolean())
 		}),
 		execute: async (_toolCallId, args) => {
-			const { startWebLoginWithQr, waitForWebLogin } = await import("./login-qr-C7zaGKxz.js");
+			const { startWebLoginWithQr, waitForWebLogin } = await import("./login-qr-ZRBRz2BA.js");
 			if ((args?.action ?? "start") === "wait") {
 				const result = await waitForWebLogin({ timeoutMs: typeof args.timeoutMs === "number" ? args.timeoutMs : void 0 });
 				return {
@@ -21464,7 +21478,7 @@ async function preflightDiscordMessage(params) {
 	let preflightTranscript;
 	const hasAudioAttachment = message.attachments?.some((att) => att.contentType?.startsWith("audio/"));
 	if (!isDirectMessage && shouldRequireMention && hasAudioAttachment && !baseText && mentionRegexes.length > 0) try {
-		const { transcribeFirstAudio } = await import("./preflight-B9B3VBaW.js").then((n) => n.t);
+		const { transcribeFirstAudio } = await import("./preflight-a80t-iPi.js").then((n) => n.t);
 		const audioPaths = message.attachments?.filter((att) => att.contentType?.startsWith("audio/")).map((att) => att.url) ?? [];
 		if (audioPaths.length > 0) preflightTranscript = await transcribeFirstAudio({
 			ctx: {
@@ -26389,7 +26403,7 @@ function createDiscordGatewayPlugin(params) {
 				return super.registerClient(client);
 			}
 			createWebSocket(url) {
-				return new WebSocket$1(url, { agent: wsAgent });
+				return new WebSocket(url, { agent: wsAgent });
 			}
 		}
 		return new ProxyGatewayPlugin();
@@ -34598,7 +34612,7 @@ function readSlackExternalArgMenuToken(raw) {
 }
 let commandsRegistry;
 async function getCommandsRegistry() {
-	if (!commandsRegistry) commandsRegistry = await import("./commands-registry-CB3qR3Ui.js").then((n) => n.n);
+	if (!commandsRegistry) commandsRegistry = await import("./commands-registry-BQrQnwzJ.js").then((n) => n.n);
 	return commandsRegistry;
 }
 function encodeSlackCommandArgValue(parts) {
@@ -34922,14 +34936,14 @@ async function registerSlackMonitorSlashCommands(params) {
 			const channelName = channelInfo?.name;
 			const roomLabel = channelName ? `#${channelName}` : `#${command.channel_id}`;
 			const [{ resolveAgentRoute }, { finalizeInboundContext }, { dispatchReplyWithDispatcher }] = await Promise.all([
-				import("./resolve-route-BBztqaX0.js").then((n) => n.r),
+				import("./resolve-route-DFUMTbRD.js").then((n) => n.r),
 				import("./inbound-context-DbddR753.js").then((n) => n.n),
 				Promise.resolve().then(() => provider_dispatcher_exports)
 			]);
 			const [{ resolveConversationLabel }, { createReplyPrefixOptions }, { recordSessionMetaFromInbound, resolveStorePath }] = await Promise.all([
 				import("./conversation-label-Dg3yLt9j.js").then((n) => n.t),
-				import("./reply-prefix-DwJ8gxoz.js").then((n) => n.n),
-				import("./sessions-BePPqEtN.js").then((n) => n.t)
+				import("./reply-prefix-DtQ_7Eac.js").then((n) => n.n),
+				import("./sessions-D5CiijxL.js").then((n) => n.t)
 			]);
 			const route = resolveAgentRoute({
 				cfg,
@@ -34997,9 +35011,9 @@ async function registerSlackMonitorSlashCommands(params) {
 			});
 			const deliverSlashPayloads = async (replies) => {
 				const [{ deliverSlackSlashReplies }, { resolveChunkMode }, { resolveMarkdownTableMode }] = await Promise.all([
-					import("./replies-Cu8SG6CK.js").then((n) => n.r),
-					import("./chunk-C5Oai9vm.js").then((n) => n.s),
-					import("./markdown-tables-Bm7xJUcn.js").then((n) => n.t)
+					import("./replies-Dsu1hdd7.js").then((n) => n.r),
+					import("./chunk-0ZB8yVlw.js").then((n) => n.s),
+					import("./markdown-tables-CfM1ner1.js").then((n) => n.t)
 				]);
 				await deliverSlackSlashReplies({
 					replies,
@@ -35485,7 +35499,7 @@ async function auditTelegramGroupMembership(params) {
 		elapsedMs: Date.now() - started
 	};
 	const fetcher = params.proxyUrl ? (await import("./proxy-HXV2llPX.js").then((n) => n.n)).makeProxyFetch(params.proxyUrl) : fetch;
-	const { fetchWithTimeout } = await import("./fetch-timeout-DTIN7CGM.js").then((n) => n.r);
+	const { fetchWithTimeout } = await import("./fetch-timeout-jOIu9Xud.js").then((n) => n.r);
 	const base = `${TELEGRAM_API_BASE$1}/bot${token}`;
 	const groups = [];
 	for (const chatId of params.groupIds) try {
@@ -37307,7 +37321,7 @@ const buildTelegramMessageContext = async ({ primaryCtx, allMedia, storeAllowFro
 	const hasAudio = allMedia.some((media) => media.contentType?.startsWith("audio/"));
 	let preflightTranscript;
 	if (isGroup && requireMention && hasAudio && !hasUserText && mentionRegexes.length > 0) try {
-		const { transcribeFirstAudio } = await import("./preflight-B9B3VBaW.js").then((n) => n.t);
+		const { transcribeFirstAudio } = await import("./preflight-a80t-iPi.js").then((n) => n.t);
 		preflightTranscript = await transcribeFirstAudio({
 			ctx: {
 				MediaPaths: allMedia.length > 0 ? allMedia.map((m) => m.path) : void 0,
@@ -39625,23 +39639,23 @@ let webLoginQrPromise = null;
 let webChannelPromise = null;
 let whatsappActionsPromise = null;
 function loadWebOutbound() {
-	webOutboundPromise ??= import("./outbound-CCvRhb_6.js").then((n) => n.t);
+	webOutboundPromise ??= import("./outbound-BCY7cG5r.js").then((n) => n.t);
 	return webOutboundPromise;
 }
 function loadWebLogin() {
-	webLoginPromise ??= import("./login-DWKSrC5K.js").then((n) => n.n);
+	webLoginPromise ??= import("./login-BYHOjw55.js").then((n) => n.n);
 	return webLoginPromise;
 }
 function loadWebLoginQr() {
-	webLoginQrPromise ??= import("./login-qr-C7zaGKxz.js");
+	webLoginQrPromise ??= import("./login-qr-ZRBRz2BA.js");
 	return webLoginQrPromise;
 }
 function loadWebChannel() {
-	webChannelPromise ??= import("./web-CKces-ap.js");
+	webChannelPromise ??= import("./web-DHXIgMOC.js");
 	return webChannelPromise;
 }
 function loadWhatsAppActions() {
-	whatsappActionsPromise ??= import("./whatsapp-actions-BzyFEHw4.js");
+	whatsappActionsPromise ??= import("./whatsapp-actions-sR-u0T6U.js");
 	return whatsappActionsPromise;
 }
 function createPluginRuntime() {
@@ -41035,15 +41049,7 @@ async function agentCommand(opts, runtime = defaultRuntime, deps = createDefault
 			const runContext = resolveAgentRunContext(opts);
 			const messageChannel = resolveMessageChannel(runContext.messageChannel, opts.replyChannel ?? opts.channel);
 			const sessionMap = createSessionMapAdapter({ getSessionId: () => getCliSessionId(sessionEntry, provider) });
-			const bridge = new ChannelBridge({
-				provider: resolveAgentRuntimeOrThrow(cfg, sessionAgentId),
-				sessionMap,
-				gatewayUrl: resolveGatewayUrlFromConfig(cfg),
-				gatewayToken: resolveGatewayTokenFromConfig(cfg),
-				workspaceDir,
-				runtimeArgs: resolveAgentRuntimeArgs(cfg, sessionAgentId),
-				runtimeEnv: resolveAgentRuntimeEnv(cfg, sessionAgentId)
-			});
+			const baseRuntimeEnv = resolveAgentRuntimeEnv(cfg, sessionAgentId);
 			const messageToolHints = resolveChannelMessageToolHints({
 				cfg,
 				channel: messageChannel,
@@ -41059,7 +41065,23 @@ async function agentCommand(opts, runtime = defaultRuntime, deps = createDefault
 				timestamp: Date.now(),
 				messageToolHints
 			});
-			result = await bridge.handle(message, void 0, opts.abortSignal);
+			result = await withAuthKeyRetry({
+				cfg,
+				agentId: sessionAgentId,
+				baseEnv: baseRuntimeEnv
+			}, async (runtimeEnv) => {
+				const bridgeResult = await new ChannelBridge({
+					provider: resolveAgentRuntimeOrThrow(cfg, sessionAgentId),
+					sessionMap,
+					gatewayUrl: resolveGatewayUrlFromConfig(cfg),
+					gatewayToken: resolveGatewayTokenFromConfig(cfg),
+					workspaceDir,
+					runtimeArgs: resolveAgentRuntimeArgs(cfg, sessionAgentId),
+					runtimeEnv
+				}).handle(message, void 0, opts.abortSignal);
+				if (bridgeResult.error && bridgeResult.payloads.length === 0) throw new Error(bridgeResult.error);
+				return bridgeResult;
+			}, (bridgeResult) => bridgeResult.error);
 			emitAgentEvent({
 				runId,
 				stream: "lifecycle",