sentinelayer-cli 0.8.12 → 0.9.2

package/src/commands/session.js

@@ -29,7 +29,7 @@ import {
   registerAgent,
   unregisterAgent,
 } from "../session/agent-registry.js";
-import { stopSenti } from "../session/daemon.js";
+import { startSenti, stopSenti } from "../session/daemon.js";
 import { listRuntimeRuns } from "../session/runtime-bridge.js";
 import {
   listFileLocks,
@@ -47,17 +47,27 @@ import {
   listActiveSessions,
   listAllSessions,
   recordSessionProvisionedIdentities,
+  updateSessionTitle,
 } from "../session/store.js";
 import { appendToStream, readStream, tailStream } from "../session/stream.js";
+import {
+  addSessionEventIdentityKeys,
+  dedupeSessionEvents,
+  sessionEventHasKnownIdentity,
+} from "../session/event-identity.js";
 import { readSessionPreview } from "../session/preview.js";
 import {
   listSessionsFromApi,
   probeSessionAccess,
+  pollSessionEventsBefore,
+  syncSessionEventToApi,
   syncSessionMetadataToApi,
 } from "../session/sync.js";
 import { hydrateSessionFromRemote } from "../session/remote-hydrate.js";
 import { mergeLiveSources } from "../session/live-source.js";
+import { listenSessionEvents } from "../session/listener.js";
 import { deriveSessionTitle } from "../session/senti-naming.js";
+import { pushSessionTitleToApi } from "../session/title-sync.js";
 import {
   buildDashboardUrl,
   buildTemplateLaunchPlan,
@@ -89,6 +99,369 @@ function parsePositiveInteger(rawValue, field, fallbackValue) {
   return Math.floor(normalized);
 }
 
+function normalizeComparablePath(value) {
+  return String(value || "")
+    .trim()
+    .replace(/\\/g, "/")
+    .replace(/\/+$/g, "")
+    .toLowerCase();
+}
+
+function latestSessionActivityMs(entry = {}) {
+  for (const key of ["lastInteractionAt", "lastActivityAt", "createdAt"]) {
+    const epoch = Date.parse(normalizeString(entry[key]));
+    if (Number.isFinite(epoch)) return epoch;
+  }
+  return 0;
+}
+
+function remoteSessionLookupDisabled() {
+  return String(process.env.SENTINELAYER_SKIP_REMOTE_SYNC || "").trim() === "1";
+}
+
+function sentiAutostartDisabled() {
+  return String(process.env.SENTINELAYER_SKIP_SENTI_AUTOSTART || "").trim() === "1";
+}
+
+function mergeResumeCandidate(existing, incoming) {
+  if (!existing) return incoming;
+  const existingActivity = Number(existing._activityMs || 0);
+  const incomingActivity = Number(incoming._activityMs || 0);
+  const preferIncomingPaths = existing._source !== "local" && incoming._source === "local";
+  const base = preferIncomingPaths ? incoming : existing;
+  const other = preferIncomingPaths ? existing : incoming;
+  return {
+    ...base,
+    title: normalizeString(base.title) || normalizeString(other.title) || null,
+    lastActivityAt:
+      normalizeString(incoming.lastActivityAt) || normalizeString(existing.lastActivityAt) || null,
+    lastInteractionAt:
+      normalizeString(incoming.lastInteractionAt) || normalizeString(existing.lastInteractionAt) || null,
+    _activityMs: Math.max(existingActivity, incomingActivity),
+  };
+}
+
+async function findReusableSessionCandidate({
+  targetPath,
+  reuseWindowSeconds = 3600,
+  resume = true,
+  forceNew = false,
+} = {}) {
+  if (forceNew || resume === false) return null;
+  const cutoffMs = Date.now() - reuseWindowSeconds * 1000;
+  const byId = new Map();
+
+  try {
+    const active = await listActiveSessions({ targetPath });
+    for (const entry of active) {
+      const activityMs = latestSessionActivityMs(entry);
+      if (!activityMs || activityMs < cutoffMs) continue;
+      const candidate = {
+        ...entry,
+        _source: "local",
+        _activityMs: activityMs,
+      };
+      byId.set(entry.sessionId, mergeResumeCandidate(byId.get(entry.sessionId), candidate));
+    }
+  } catch {
+    /* local lookup failure is non-fatal */
+  }
+
+  if (!remoteSessionLookupDisabled()) {
+    try {
+      const remote = await listSessionsFromApi({
+        targetPath,
+        includeArchived: false,
+        limit: 50,
+      });
+      if (remote && remote.ok) {
+        const normalizedTarget = normalizeComparablePath(targetPath);
+        for (const entry of remote.sessions || []) {
+          const codebase = normalizeComparablePath(entry.codebasePath || entry.targetPath);
+          if (!codebase || codebase !== normalizedTarget) continue;
+          if (entry.archiveStatus && entry.archiveStatus !== "active") continue;
+          const activityMs = latestSessionActivityMs(entry);
+          if (!activityMs || activityMs < cutoffMs) continue;
+          const candidate = {
+            sessionId: entry.sessionId,
+            createdAt: entry.createdAt,
+            lastActivityAt: entry.lastActivityAt,
+            expiresAt: entry.expiresAt,
+            status: entry.status || "active",
+            template: entry.templateName || null,
+            title: entry.title || null,
+            _source: "remote",
+            _activityMs: activityMs,
+          };
+          byId.set(entry.sessionId, mergeResumeCandidate(byId.get(entry.sessionId), candidate));
+        }
+      }
+    } catch {
+      /* remote lookup failure is non-fatal */
+    }
+  }
+
+  const candidates = [...byId.values()];
+  candidates.sort((left, right) => Number(right._activityMs || 0) - Number(left._activityMs || 0));
+  return candidates[0] || null;
+}
+
+// Verify that a session id is reachable for the active user via the API
+// singleton endpoint added in API PR #483 (`GET /api/v1/sessions/{id}`).
+//
+// Carter's complaint: "I can't create a session from the web and still have
+// it available for you guys in CLI" — the historical CLI flow assumed the
+// session was created locally first, so attaching to a web/peer-created
+// session left the agent guessing about access. Singleton GET resolves
+// that with one round-trip and gives us metadata for friendly output.
+//
+// Behaviour contract:
+//   - Returns `{ ok: true, source, session, status }` on success.
+//   - Returns `{ ok: false, reason: "not_found", status: 404 }` when the
+//     session genuinely isn't visible to the caller (404 + list fallback
+//     also empty). Callers should map this to a friendly "not found" exit.
+//   - Returns `{ ok: false, reason: "forbidden", status: 403 }` for explicit
+//     deny (caller is authenticated but not a member).
+//   - On 5xx: retries ONCE, then surfaces `{ ok: false, reason: "api_5xx" }`.
+//   - On 404 from the singleton: falls back to filtering the list endpoint
+//     so users on stale prod servers (pre-#483) aren't blocked. If the list
+//     contains the session id we treat it as success and return that row.
+//   - When `SENTINELAYER_SKIP_REMOTE_SYNC=1` (test bootstrap), short-circuits
+//     to `{ ok: true, source: "skipped", session: null }` so unit tests
+//     can exercise the local materialization path without a real API.
+async function verifyRemoteSession(sessionId, { targetPath } = {}) {
+  const normalizedSessionId = normalizeString(sessionId);
+  if (!normalizedSessionId) {
+    return { ok: false, reason: "invalid_session_id" };
+  }
+  if (remoteSessionLookupDisabled()) {
+    return { ok: true, source: "skipped", session: null };
+  }
+  let auth;
+  try {
+    auth = await resolveActiveAuthSession({
+      cwd: targetPath || process.cwd(),
+      env: process.env,
+      autoRotate: false,
+    });
+  } catch {
+    return { ok: false, reason: "no_session" };
+  }
+  if (!auth || !auth.token) {
+    return { ok: false, reason: "not_authenticated", status: 401 };
+  }
+  const apiUrl = String(auth.apiUrl || "").replace(/\/+$/, "");
+  if (!apiUrl) {
+    return { ok: false, reason: "no_api_url" };
+  }
+  const endpoint = `${apiUrl}/api/v1/sessions/${encodeURIComponent(normalizedSessionId)}`;
+  const headers = { Authorization: `Bearer ${auth.token}` };
+  let lastReason = "unknown";
+  for (let attempt = 0; attempt < 2; attempt += 1) {
+    let response;
+    try {
+      response = await fetch(endpoint, { method: "GET", headers });
+    } catch (err) {
+      lastReason = normalizeString(err?.message) || "fetch_failed";
+      continue;
+    }
+    if (response && response.ok) {
+      const body = await response.json().catch(() => ({}));
+      const sessionPayload = body && body.session && typeof body.session === "object"
+        ? body.session
+        : body && typeof body === "object"
+          ? body
+          : null;
+      return {
+        ok: true,
+        source: "singleton",
+        session: sessionPayload,
+        status: response.status,
+      };
+    }
+    if (!response) {
+      lastReason = "no_response";
+      continue;
+    }
+    if (response.status === 404) {
+      // Pre-#483 fallback: scan the list endpoint once for the same id.
+      const listResult = await listSessionsFromApi({
+        targetPath,
+        includeArchived: false,
+        limit: 50,
+      }).catch(() => null);
+      if (listResult && listResult.ok) {
+        const found = (listResult.sessions || []).find(
+          (entry) => normalizeString(entry?.sessionId) === normalizedSessionId,
+        );
+        if (found) {
+          return { ok: true, source: "list_fallback", session: found, status: 200 };
+        }
+      }
+      return { ok: false, reason: "not_found", status: 404 };
+    }
+    if (response.status === 403) {
+      return { ok: false, reason: "forbidden", status: 403 };
+    }
+    if (response.status >= 500 && response.status < 600) {
+      lastReason = `api_${response.status}`;
+      continue; // retry once on 5xx
+    }
+    return { ok: false, reason: `api_${response.status}`, status: response.status };
+  }
+  return { ok: false, reason: lastReason };
+}
+
+// Render an absolute ISO timestamp as a coarse "Nm ago" / "Nh ago" / "Nd ago"
+// label for human-readable join output. Returns `"never"` for missing input
+// and `"just now"` for sub-minute deltas.
+function formatRelativeAge(isoTimestamp) {
+  const epoch = Date.parse(normalizeString(isoTimestamp));
+  if (!Number.isFinite(epoch)) return "never";
+  const deltaMs = Date.now() - epoch;
+  if (deltaMs < 60_000) return "just now";
+  const minutes = Math.floor(deltaMs / 60_000);
+  if (minutes < 60) return `${minutes}m ago`;
+  const hours = Math.floor(minutes / 60);
+  if (hours < 24) return `${hours}h ago`;
+  const days = Math.floor(hours / 24);
+  return `${days}d ago`;
+}
+
+async function ensureLocalSessionForRemoteCommand(
+  sessionId,
+  { targetPath, title = "", skipRemoteProbe = false } = {},
+) {
+  const existing = await getSession(sessionId, { targetPath });
+  if (existing) {
+    return { materialized: false, session: existing };
+  }
+  // `skipRemoteProbe` is set by callers that have already verified the session
+  // via `verifyRemoteSession` (the singleton GET) — re-probing the legacy
+  // `/events?limit=1` endpoint here would be a redundant round-trip and, for
+  // tests that mock only the singleton, would spuriously 404.
+  if (!skipRemoteProbe) {
+    const access = await probeSessionAccess(sessionId, { targetPath }).catch((error) => ({
+      accessible: false,
+      reason: normalizeString(error?.message) || "probe_failed",
+    }));
+    if (!access?.accessible) {
+      throw new Error(
+        `Session '${sessionId}' was not found locally and remote access failed (${access?.reason || "unknown"}).`,
+      );
+    }
+  }
+  const created = await createSession({
+    targetPath,
+    sessionId,
+    title: normalizeString(title) || `remote-${String(sessionId).slice(0, 8)}`,
+  });
+  return { materialized: true, session: created };
+}
+
+async function ensureWorkspaceSession({
+  targetPath,
+  ttlSeconds = DEFAULT_TTL_SECONDS,
+  template = null,
+  title = "",
+  resume = true,
+  forceNew = false,
+  reuseWindowSeconds = 3600,
+} = {}) {
+  const titleArg = normalizeString(title);
+  const fallbackTitle = deriveSessionTitle(targetPath);
+  const startedAt = Date.now();
+  const resumedCandidate = await findReusableSessionCandidate({
+    targetPath,
+    reuseWindowSeconds,
+    resume,
+    forceNew,
+  });
+  let created;
+  const resumeTitle =
+    titleArg || normalizeString(resumedCandidate?.title) || fallbackTitle;
+
+  if (resumedCandidate) {
+    if (resumedCandidate._source === "remote" && !resumedCandidate.sessionDir) {
+      created = await createSession({
+        targetPath,
+        ttlSeconds,
+        sessionId: resumedCandidate.sessionId,
+        title: resumeTitle,
+        createdAt: resumedCandidate.createdAt,
+        expiresAt: resumedCandidate.expiresAt,
+        lastInteractionAt:
+          resumedCandidate.lastInteractionAt ||
+          resumedCandidate.lastActivityAt ||
+          resumedCandidate.createdAt,
+      });
+    } else {
+      created = {
+        sessionId: resumedCandidate.sessionId,
+        sessionDir: resumedCandidate.sessionDir || null,
+        metadataPath: resumedCandidate.metadataPath || null,
+        streamPath: resumedCandidate.streamPath || null,
+        createdAt: resumedCandidate.createdAt,
+        updatedAt: resumedCandidate.updatedAt || null,
+        lastInteractionAt: resumedCandidate.lastInteractionAt || null,
+        expiresAt: resumedCandidate.expiresAt,
+        elapsedTimer: resumedCandidate.elapsedTimer || 0,
+        renewalCount: resumedCandidate.renewalCount || 0,
+        status: resumedCandidate.status || "active",
+        template: resumedCandidate.template || null,
+        title: normalizeString(resumedCandidate.title) || null,
+        codebaseContext: resumedCandidate.codebaseContext || null,
+      };
+      if (resumeTitle && resumeTitle !== created.title) {
+        const updated = await updateSessionTitle(created.sessionId, {
+          targetPath,
+          title: resumeTitle,
+        }).catch(() => null);
+        if (updated) {
+          created = {
+            ...created,
+            ...updated,
+          };
+        }
+      }
+    }
+  } else {
+    created = await createSession({
+      targetPath,
+      ttlSeconds,
+      template,
+      title: titleArg || fallbackTitle,
+    });
+  }
+
+  const effectiveTitle = titleArg || normalizeString(created.title) || fallbackTitle;
+  const titleAuto = !titleArg && !resumedCandidate;
+  const pendingTitleSync = Boolean(created.remoteTitleSync?.pending && effectiveTitle);
+  const shouldPushTitle = Boolean(
+    titleArg ||
+      titleAuto ||
+      pendingTitleSync ||
+      (resumedCandidate && effectiveTitle && !normalizeString(resumedCandidate.title))
+  );
+  let titleSync = null;
+  if (shouldPushTitle) {
+    titleSync = await pushSessionTitleToApi(created.sessionId, effectiveTitle, { targetPath });
+  }
+
+  return {
+    created: {
+      ...created,
+      title: effectiveTitle || null,
+      resumed: Boolean(resumedCandidate),
+    },
+    resumedCandidate,
+    durationMs: Date.now() - startedAt,
+    title: effectiveTitle || null,
+    titleAuto,
+    titleSync,
+  };
+}
+
 function normalizeAgentId(value, fallbackValue = "cli-user") {
   const normalized = normalizeString(value)
     .toLowerCase()
@@ -97,6 +470,58 @@ function normalizeAgentId(value, fallbackValue = "cli-user") {
   return normalized || fallbackValue;
 }
 
+// Derive a stable, human-friendly fallback agent id from the active auth
+// session — `human-<github_username>` if logged in via GitHub, else
+// `human-<email-localpart>` as a last resort. We resolve this lazily and
+// cache per process so repeated `sl session say` calls don't churn auth.
+//
+// Carter's complaint: "we aren't auto naming these agents per joining,
+// we need to figure out a fingerprint for them somehow.. maybe at joining
+// we ask for name?" — auth-derived names are the cleanest deterministic
+// fingerprint we already have. Fall through to "cli-user" only if the
+// CLI is genuinely unauthenticated (CI fixture, fresh checkout).
+let _cachedAuthAgentId = undefined; // undefined = not yet resolved
+async function _resolveAuthAgentId(targetPath) {
+  if (_cachedAuthAgentId !== undefined) return _cachedAuthAgentId;
+  try {
+    const auth = await resolveActiveAuthSession({
+      cwd: targetPath || process.cwd(),
+      env: process.env,
+      autoRotate: false,
+    });
+    const username = normalizeString(auth?.user?.githubUsername).toLowerCase();
+    if (username) {
+      _cachedAuthAgentId = `human-${username.replace(/[^a-z0-9._-]+/g, "-")}`;
+      return _cachedAuthAgentId;
+    }
+    const email = normalizeString(auth?.user?.email).toLowerCase();
+    if (email) {
+      const local = email.split("@")[0].replace(/[^a-z0-9._-]+/g, "-");
+      if (local) {
+        _cachedAuthAgentId = `human-${local}`;
+        return _cachedAuthAgentId;
+      }
+    }
+  } catch {
+    /* unauthenticated → fall through */
+  }
+  _cachedAuthAgentId = "";
+  return "";
+}
+
+// Wrapper that prefers the auth-derived id over the literal `cli-user`
+// placeholder when the caller didn't pass --name/--agent. Callers that
+// supplied a name keep round-tripping verbatim.
+async function defaultAgentId(value, targetPath) {
+  const explicit = normalizeString(value);
+  if (explicit && explicit.toLowerCase() !== "cli-user") {
+    return normalizeAgentId(value, "cli-user");
+  }
+  const authId = await _resolveAuthAgentId(targetPath);
+  if (authId) return authId;
+  return normalizeAgentId(value, "cli-user");
+}
+
 async function runWithConcurrency(items = [], concurrency = 1, worker = async () => null) {
   const normalizedItems = Array.isArray(items) ? items : [];
   const normalizedConcurrency = Math.max(
@@ -279,6 +704,15 @@ export function registerSessionCommand(program) {
       "--force-new",
       "Always create a new session even if a recent active one exists for this workspace",
     )
+    .option(
+      "--resume",
+      "Reuse the most recent active session for this workspace when one is inside the reuse window",
+      true,
+    )
+    .option(
+      "--no-resume",
+      "Disable automatic resume and mint a new session unless --force-new is also present",
+    )
     .option(
       "--reuse-window-seconds <seconds>",
       "Window in which an existing active session for this workspace will be reused (default 3600 = 1h)",
@@ -302,149 +736,22 @@ export function registerSessionCommand(program) {
         "reuse-window-seconds",
         3600,
       );
-
-      // Auto-resume: prefer an existing active session for this codebase
-      // over minting a new one. We check both local filesystem state and the
-      // remote registry — local-only resume meant a fresh checkout / second
-      // machine would orphan the room each time, exactly the mess Carter
-      // surfaced ("all of them look like one chat re-created").
-      //
-      // Order:
-      //   1. Local session for the same targetPath inside the reuse window.
-      //   2. Remote active session whose codebasePath matches the absolute
-      //      targetPath, sorted by last activity. We fold these into the
-      //      candidate pool so a session minted on another machine can be
-      //      rejoined rather than duplicated.
-      // `--force-new` opts back into the old "always mint" behavior.
-      let resumed = null;
-      if (!options.forceNew) {
-        const cutoffMs = Date.now() - reuseWindowSeconds * 1000;
-        const candidates = [];
-        try {
-          const active = await listActiveSessions({ targetPath });
-          for (const entry of active) {
-            const createdMs = Date.parse(entry.createdAt || "");
-            if (Number.isFinite(createdMs) && createdMs >= cutoffMs) {
-              candidates.push({ ...entry, _source: "local" });
-            }
-          }
-        } catch {
-          /* local lookup failure is non-fatal */
-        }
-        try {
-          const remote = await listSessionsFromApi({
-            targetPath,
-            includeArchived: false,
-            limit: 50,
-          });
-          if (remote && remote.ok) {
-            const normalizedTarget = String(targetPath).toLowerCase();
-            for (const entry of remote.sessions || []) {
-              const codebase = String(entry.codebasePath || "").toLowerCase();
-              if (!codebase || codebase !== normalizedTarget) continue;
-              if (entry.archiveStatus && entry.archiveStatus !== "active") continue;
-              const lastMs = Date.parse(entry.lastActivityAt || entry.createdAt || "");
-              if (Number.isFinite(lastMs) && lastMs >= cutoffMs) {
-                candidates.push({
-                  sessionId: entry.sessionId,
-                  createdAt: entry.createdAt,
-                  lastActivityAt: entry.lastActivityAt,
-                  expiresAt: entry.expiresAt,
-                  status: entry.status || "active",
-                  template: entry.templateName || null,
-                  title: entry.title || null,
-                  _source: "remote",
-                });
-              }
-            }
-          }
-        } catch {
-          /* remote lookup failure is non-fatal */
-        }
-        if (candidates.length > 0) {
-          // Prefer the most recent activity. Local + remote may name the
-          // same session; dedupe on sessionId before picking.
-          const seen = new Set();
-          const deduped = [];
-          for (const entry of candidates) {
-            if (seen.has(entry.sessionId)) continue;
-            seen.add(entry.sessionId);
-            deduped.push(entry);
-          }
-          deduped.sort((a, b) =>
-            String(b.lastActivityAt || b.createdAt || "").localeCompare(
-              String(a.lastActivityAt || a.createdAt || ""),
-            ),
-          );
-          resumed = deduped[0];
-        }
-      }
-
-      const startedAt = Date.now();
-      let created;
-      if (resumed) {
-        // Surface the resumed session's metadata in the same shape
-        // createSession returns so downstream code stays unchanged.
-        created = {
-          sessionId: resumed.sessionId,
-          sessionDir: resumed.sessionDir || null,
-          metadataPath: resumed.metadataPath || null,
-          streamPath: resumed.streamPath || null,
-          createdAt: resumed.createdAt,
-          expiresAt: resumed.expiresAt,
-          elapsedTimer: 0,
-          renewalCount: resumed.renewalCount || 0,
-          status: resumed.status || "active",
-          template: resumed.template || null,
-          codebaseContext: resumed.codebaseContext || null,
-          resumed: true,
-        };
-      } else {
-        created = await createSession({
-          targetPath,
-          ttlSeconds,
-          template,
-        });
-      }
-      const durationMs = Date.now() - startedAt;
+      const titleArg = normalizeString(options.title);
+      const ensured = await ensureWorkspaceSession({
+        targetPath,
+        ttlSeconds,
+        template,
+        title: titleArg,
+        resume: options.resume !== false,
+        forceNew: Boolean(options.forceNew),
+        reuseWindowSeconds,
+      });
+      const created = ensured.created;
+      const resumed = Boolean(ensured.resumedCandidate);
+      const durationMs = ensured.durationMs;
       const launchPlan = template ? buildTemplateLaunchPlan(created.sessionId, template) : [];
       const dashboardUrl = buildDashboardUrl(created.sessionId);
-      // Default the title to a stable codebase+date slug so the web sidebar
-      // never fills with anonymous "<null>" rows. The caller can still
-      // override with --title. We skip the auto-title for resumed sessions
-      // because the room already has a name we don't want to clobber.
-      const titleArg = normalizeString(options.title);
-      const autoTitle = !resumed && !titleArg ? deriveSessionTitle(targetPath) : "";
-      const effectiveTitle = titleArg || autoTitle;
-
-      // If a title needs to land on the dashboard, push it. We always push
-      // when the caller passed --title, AND we push the auto-derived title
-      // for fresh (non-resumed) sessions so the room is never anonymous on
-      // the web. Best-effort, non-blocking.
-      if (effectiveTitle) {
-        void (async () => {
-          try {
-            const session = await resolveActiveAuthSession({
-              cwd: targetPath,
-              env: process.env,
-              autoRotate: false,
-            });
-            if (!session?.token || !session?.apiUrl) return;
-            const apiUrl = String(session.apiUrl).replace(/\/+$/, "");
-            await requestJsonMutation(
-              `${apiUrl}/api/v1/sessions/${encodeURIComponent(created.sessionId)}/title`,
-              {
-                method: "POST",
-                operationName: "session.set_title",
-                headers: { Authorization: `Bearer ${session.token}` },
-                body: { title: effectiveTitle },
-              },
-            );
-          } catch (_error) {
-            /* best-effort */
-          }
-        })();
-      }
+      const effectiveTitle = ensured.title;
 
       const payload = {
         command: "session start",
@@ -455,7 +762,9 @@ export function registerSessionCommand(program) {
         metadataPath: created.metadataPath,
         streamPath: created.streamPath,
         createdAt: created.createdAt,
+        updatedAt: created.updatedAt,
         expiresAt: created.expiresAt,
+        lastInteractionAt: created.lastInteractionAt,
         ttlSeconds,
         elapsedTimer: created.elapsedTimer,
         renewalCount: created.renewalCount,
@@ -463,9 +772,10 @@ export function registerSessionCommand(program) {
         template: created.template,
         launchPlan,
         dashboardUrl,
-        resumed: Boolean(resumed),
+        resumed,
         title: effectiveTitle || null,
-        titleAuto: Boolean(autoTitle && !titleArg),
+        titleAuto: Boolean(ensured.titleAuto),
+        titleSync: ensured.titleSync || undefined,
       };
 
       // Best-effort admin visibility sync. Session creation remains local-first.
@@ -475,11 +785,26 @@ export function registerSessionCommand(program) {
         status: created.status,
         createdAt: created.createdAt,
         expiresAt: created.expiresAt,
+        title: effectiveTitle || null,
         ttlSeconds,
         template: created.template,
         codebaseContext: created.codebaseContext,
       }).catch(() => {});
 
+      // Auto-start the Senti orchestrator daemon. Without this, every
+      // session ran with `Senti actions: 1` (just the welcome alert)
+      // because nothing kicked the daemon ticking — agents joining
+      // never got greeted, mentions never routed, recaps never fired.
+      // Best-effort + non-blocking: the daemon registers itself in an
+      // in-memory map keyed by (sessionId, targetPath) and tolerates
+      // being started for an already-active session (returns the
+      // existing handle). If the daemon fails to start (unauth env,
+      // missing model proxy), the session keeps working — Senti just
+      // stays quiet, same as before this change.
+      if (!sentiAutostartDisabled()) {
+        void startSenti(created.sessionId, { targetPath }).catch(() => {});
+      }
+
       if (shouldEmitJson(options, command)) {
         console.log(JSON.stringify(payload, null, 2));
         return;
@@ -535,6 +860,115 @@ export function registerSessionCommand(program) {
       await program.parseAsync(args, { from: "user" });
     });
 
+  session
+    .command("ensure")
+    .description("Join or create the canonical session for this workspace and emit JSON")
+    .option("--path <path>", "Workspace path for the session", ".")
+    .option(
+      "--session <id>",
+      "Attach to an explicit remote-created session id (verifies + materializes local state, like `session join`).",
+    )
+    .option("--title <title>", "Title applied if a new or unnamed resumed session needs one")
+    .option(
+      "--ttl-seconds <seconds>",
+      `Session time-to-live in seconds when a new session is minted (default ${DEFAULT_TTL_SECONDS})`
+    )
+    .option(
+      "--force-new",
+      "Always create a new session even if a recent active one exists for this workspace",
+    )
+    .option(
+      "--resume",
+      "Reuse the most recent active session for this workspace when one is inside the reuse window",
+      true,
+    )
+    .option("--no-resume", "Disable automatic resume and mint a new session")
+    .option(
+      "--reuse-window-seconds <seconds>",
+      "Window in which an existing active session for this workspace will be reused (default 3600 = 1h)",
+      "3600",
+    )
+    .option("--json", "Emit machine-readable output (default for this command)")
+    .action(async (options) => {
+      const targetPath = path.resolve(process.cwd(), String(options.path || "."));
+      const ttlSeconds = parsePositiveInteger(
+        options.ttlSeconds,
+        "ttl-seconds",
+        DEFAULT_TTL_SECONDS,
+      );
+      const reuseWindowSeconds = parsePositiveInteger(
+        options.reuseWindowSeconds,
+        "reuse-window-seconds",
+        3600,
+      );
+
+      // --session <id> short-circuit: behave like `session join`. This is the
+      // path Carter cared about — "create on web, share id, attach in CLI".
+      // We verify the session is reachable, materialize a minimal local
+      // NDJSON if missing, and emit the same `{sessionId, title, resumed}`
+      // contract callers already consume from `ensure`.
+      const explicitSessionId = normalizeString(options.session);
+      if (explicitSessionId) {
+        const verification = await verifyRemoteSession(explicitSessionId, { targetPath });
+        if (!verification.ok) {
+          if (verification.status === 404 || verification.reason === "not_found") {
+            throw new Error(
+              `Session not found, archived, or not accessible to your account. (id=${explicitSessionId})`,
+            );
+          }
+          if (verification.status === 403 || verification.reason === "forbidden") {
+            throw new Error(
+              `Session '${explicitSessionId}' exists but your account is not a member.`,
+            );
+          }
+          if (verification.reason === "not_authenticated") {
+            throw new Error(`Not authenticated. Run \`${authLoginHint()}\` first.`);
+          }
+          throw new Error(
+            `Failed to verify session '${explicitSessionId}' (${verification.reason || "unknown"}). Try again in a moment.`,
+          );
+        }
+        const remoteSession = verification.session || {};
+        const localSession = await ensureLocalSessionForRemoteCommand(explicitSessionId, {
+          targetPath,
+          title: normalizeString(remoteSession.title),
+          skipRemoteProbe: true,
+        });
+        const payload = {
+          command: "session ensure",
+          targetPath,
+          sessionId: explicitSessionId,
+          title: normalizeString(remoteSession.title) || localSession?.session?.title || null,
+          resumed: true,
+          attached: true,
+          materializedLocalSession: localSession.materialized,
+          verificationSource: verification.source,
+          dashboardUrl: buildDashboardUrl(explicitSessionId),
+        };
+        console.log(JSON.stringify(payload, null, 2));
+        return;
+      }
+
+      const ensured = await ensureWorkspaceSession({
+        targetPath,
+        ttlSeconds,
+        title: normalizeString(options.title),
+        resume: options.resume !== false,
+        forceNew: Boolean(options.forceNew),
+        reuseWindowSeconds,
+      });
+      const payload = {
+        command: "session ensure",
+        targetPath,
+        sessionId: ensured.created.sessionId,
+        title: ensured.title || null,
+        resumed: Boolean(ensured.resumedCandidate),
+        dashboardUrl: buildDashboardUrl(ensured.created.sessionId),
+        titleSync: ensured.titleSync || undefined,
+      };
+      console.log(JSON.stringify(payload, null, 2));
+    });
+
   session
     .command("set-title <sessionId> <title>")
     .description("Set the human-readable title on a session (visible in web sidebar + transcript).")
@@ -564,10 +998,15 @@ export function registerSessionCommand(program) {
           body: { title: normalizedTitle },
         },
       );
+      const localUpdated = await updateSessionTitle(normalizedSessionId, {
+        targetPath,
+        title: normalizedTitle,
+      }).catch(() => null);
       const payload = {
         command: "session set-title",
         sessionId: normalizedSessionId,
         title: normalizedTitle,
+        localUpdated: Boolean(localUpdated),
         result,
       };
       if (shouldEmitJson(options, command)) {
@@ -657,8 +1096,14 @@ export function registerSessionCommand(program) {
 
   session
     .command("join <sessionId>")
-    .description("Join an active session")
-    .option("--name <name>", "Agent display name")
+    .description(
+      "Attach to a remote-created session for posting and listening, materializing minimal local state on demand.",
+    )
+    .option("--name <name>", "Agent display name (legacy alias for --agent)")
+    .option(
+      "--agent <id>",
+      "Granted agent id to emit an agent_join event as. Behaves like post-agent for human/placeholder ids — those are recorded in the local registry only.",
+    )
     .option("--role <role>", "Agent role: coder, reviewer, tester, observer", "coder")
     .option("--model <model>", "Agent model hint", "cli")
     .option("--path <path>", "Workspace path for the session", ".")
@@ -669,27 +1114,104 @@ export function registerSessionCommand(program) {
         throw new Error("session id is required.");
       }
       const targetPath = path.resolve(process.cwd(), String(options.path || "."));
+
+      // PR #483 contract: verify the session exists and the caller has access
+      // BEFORE materializing local cache state. Without this we'd silently
+      // create a phantom local NDJSON for a session that's archived or owned
+      // by another tenant — which is the bug Carter reported when asking for
+      // a clean "share an id from web → join in CLI" flow.
+      const verification = await verifyRemoteSession(normalizedSessionId, { targetPath });
+      if (!verification.ok) {
+        if (verification.status === 404 || verification.reason === "not_found") {
+          throw new Error(
+            `Session not found, archived, or not accessible to your account. (id=${normalizedSessionId})`,
+          );
+        }
+        if (verification.status === 403 || verification.reason === "forbidden") {
+          throw new Error(
+            `Session '${normalizedSessionId}' exists but your account is not a member.`,
+          );
+        }
+        if (verification.reason === "not_authenticated") {
+          throw new Error(`Not authenticated. Run \`${authLoginHint()}\` first.`);
+        }
+        throw new Error(
+          `Failed to verify session '${normalizedSessionId}' (${verification.reason || "unknown"}). Try again in a moment.`,
+        );
+      }
+
+      const remoteSession = verification.session || {};
+      const localSession = await ensureLocalSessionForRemoteCommand(normalizedSessionId, {
+        targetPath,
+        title: normalizeString(remoteSession.title),
+        skipRemoteProbe: true,
+      });
+
+      const explicitAgent = normalizeString(options.agent);
+      const agentSeed = explicitAgent || normalizeString(options.name);
+      const resolvedAgentId = await defaultAgentId(agentSeed, targetPath);
+      const role = normalizeString(options.role) || "coder";
+      const model = normalizeString(options.model) || "cli";
+
+      // `registerAgent` already writes the canonical `agent_join` event to the
+      // local NDJSON and best-effort relays it to /events via appendToStream
+      // → syncSessionEventToApi. That gives us the exact `post-agent` parity
+      // the spec calls for when `--agent <granted>` is provided. We don't
+      // double-emit; we just record whether the explicit agent path was used
+      // so the JSON output can advertise it to callers (and tests).
       const joined = await registerAgent(normalizedSessionId, {
         targetPath,
-        agentId: normalizeAgentId(options.name, "cli-user"),
-        model: normalizeString(options.model) || "cli",
-        role: options.role || "coder",
+        agentId: resolvedAgentId,
+        model,
+        role,
       });
+      const agentJoinRelayed =
+        Boolean(explicitAgent) &&
+        Boolean(resolvedAgentId) &&
+        resolvedAgentId !== "cli-user" &&
+        resolvedAgentId !== "unknown" &&
+        !resolvedAgentId.startsWith("human-");
+
+      const eventCount = Number(remoteSession.eventCount ?? remoteSession.events ?? 0);
+      const agents = Array.isArray(remoteSession.agents) ? remoteSession.agents : [];
+      const agentCount = Number(remoteSession.agentCount ?? agents.length ?? 0);
+      const lastActivityIso =
+        normalizeString(remoteSession.lastInteractionAt) ||
+        normalizeString(remoteSession.lastActivityAt) ||
+        normalizeString(remoteSession.updatedAt) ||
+        normalizeString(remoteSession.createdAt) ||
+        "";
+      const remoteTitle = normalizeString(remoteSession.title);
+
       const payload = {
         command: "session join",
+        joined: true,
         targetPath,
         sessionId: normalizedSessionId,
+        title: remoteTitle || null,
         agentId: joined.agentId,
         role: joined.role,
         model: joined.model,
         status: joined.status,
         joinedAt: joined.joinedAt,
+        materializedLocalSession: localSession.materialized,
+        verificationSource: verification.source,
+        eventCount: Number.isFinite(eventCount) ? eventCount : 0,
+        agentCount: Number.isFinite(agentCount) ? agentCount : 0,
+        lastActivityAt: lastActivityIso || null,
+        agentJoinRelayed,
       };
       if (shouldEmitJson(options, command)) {
         console.log(JSON.stringify(payload, null, 2));
         return;
       }
-      console.log(pc.bold(`Joined session ${normalizedSessionId}`));
+      const titleLabel = remoteTitle ? `"${remoteTitle}"` : "(untitled)";
+      const ageLabel = lastActivityIso ? formatRelativeAge(lastActivityIso) : "never";
+      console.log(
+        pc.bold(
+          `Joined session ${titleLabel} (${normalizedSessionId}) — ${payload.eventCount} events, ${payload.agentCount} agents, last activity ${ageLabel}`,
+        ),
+      );
       console.log(pc.gray(`agent=${joined.agentId} role=${joined.role} model=${joined.model}`));
     });
 
@@ -697,6 +1219,7 @@ export function registerSessionCommand(program) {
     .command("say <sessionId> <message>")
     .description("Send a message to the session")
     .option("--agent <id>", "Agent id to emit from", "cli-user")
+    .option("--to <agent>", "Direct the message to a specific agent id")
     .option("--path <path>", "Workspace path for the session", ".")
     .option("--json", "Emit machine-readable output")
     .action(async (sessionId, message, options, command) => {
@@ -709,16 +1232,41 @@ export function registerSessionCommand(program) {
         throw new Error("message is required.");
       }
       const targetPath = path.resolve(process.cwd(), String(options.path || "."));
-      const agentId = normalizeAgentId(options.agent, "cli-user");
+      const agentId = await defaultAgentId(options.agent, targetPath);
+      const localSession = await ensureLocalSessionForRemoteCommand(normalizedSessionId, {
+        targetPath,
+      });
+      const to = normalizeString(options.to);
+      const eventPayload = {
+        message: normalizedMessage,
+        channel: "session",
+      };
+      if (to) {
+        eventPayload.to = to;
+      }
+      const clientMessageId = `cli-${randomUUID()}`;
       const event = createAgentEvent({
         event: "session_message",
         agentId,
         sessionId: normalizedSessionId,
-        payload: {
-          message: normalizedMessage,
-          channel: "session",
-        },
+        payload: eventPayload,
       });
+      event.eventId = clientMessageId;
+      event.idempotencyToken = clientMessageId;
+      let remoteSync = null;
+      if (localSession.materialized) {
+        for (let attempt = 0; attempt < 2; attempt += 1) {
+          remoteSync = await syncSessionEventToApi(normalizedSessionId, event, {
+            targetPath,
+          });
+          if (remoteSync?.synced) break;
+        }
+        if (!remoteSync?.synced) {
+          throw new Error(
+            `Remote send failed (${remoteSync?.reason || "unknown"}); local cache was not updated.`,
+          );
+        }
+      }
       const persisted = await appendToStream(normalizedSessionId, event, {
         targetPath,
       });
@@ -728,6 +1276,8 @@ export function registerSessionCommand(program) {
         sessionId: normalizedSessionId,
         agentId,
         event: persisted,
+        materializedLocalSession: localSession.materialized,
+        remoteSync: remoteSync || undefined,
       };
       if (shouldEmitJson(options, command)) {
         console.log(JSON.stringify(payload, null, 2));
@@ -736,6 +1286,198 @@ export function registerSessionCommand(program) {
       console.log(formatEventLine(persisted));
     });
 
+  session
+    .command("post-agent <sessionId> <message>")
+    .description("Post an authenticated agent message through the canonical session event API")
+    .requiredOption("--agent <id>", "Granted agent id to post as")
+    .option("--model <model>", "Agent model/provider hint", "cli")
+    .option("--display-name <name>", "Human-readable agent display name")
+    .option("--role <role>", "Agent role metadata: coder, reviewer, tester, observer", "coder")
+    .option("--to <agent>", "Direct the message to a specific agent id")
+    .option("--path <path>", "Workspace path for the session", ".")
+    .option("--json", "Emit machine-readable output")
+    .action(async (sessionId, message, options, command) => {
+      const normalizedSessionId = normalizeString(sessionId);
+      if (!normalizedSessionId) {
+        throw new Error("session id is required.");
+      }
+      const normalizedMessage = normalizeString(message);
+      if (!normalizedMessage) {
+        throw new Error("message is required.");
+      }
+      const targetPath = path.resolve(process.cwd(), String(options.path || "."));
+      const agentId = normalizeAgentId(options.agent, "");
+      if (!agentId || agentId === "cli-user" || agentId === "unknown" || agentId.startsWith("human-")) {
+        throw new Error("post-agent requires a granted non-human agent id.");
+      }
+      const localSession = await ensureLocalSessionForRemoteCommand(normalizedSessionId, {
+        targetPath,
+      });
+      const to = normalizeString(options.to);
+      const eventPayload = {
+        message: normalizedMessage,
+        channel: "session",
+        source: "agent",
+        clientKind: "cli",
+      };
+      if (to) {
+        eventPayload.to = to;
+      }
+      const agent = {
+        id: agentId,
+        model: normalizeString(options.model) || "cli",
+        displayName: normalizeString(options.displayName) || undefined,
+        role: normalizeString(options.role) || "coder",
+        clientKind: "cli",
+      };
+      const clientMessageId = `cli-agent-${randomUUID()}`;
+      const event = createAgentEvent({
+        event: "session_message",
+        agent,
+        sessionId: normalizedSessionId,
+        payload: eventPayload,
+      });
+      event.eventId = clientMessageId;
+      event.idempotencyToken = clientMessageId;
+
+      let remoteSync = null;
+      for (let attempt = 0; attempt < 2; attempt += 1) {
+        remoteSync = await syncSessionEventToApi(normalizedSessionId, event, {
+          targetPath,
+        });
+        if (remoteSync?.synced) break;
+      }
+      if (!remoteSync?.synced) {
+        throw new Error(
+          `Agent post failed (${remoteSync?.reason || "unknown"}). Ensure this user has an active grant for '${agentId}'.`,
+        );
+      }
+
+      const persisted = await appendToStream(normalizedSessionId, event, {
+        targetPath,
+        syncRemote: false,
+      });
+      const payload = {
+        command: "session post-agent",
+        targetPath,
+        sessionId: normalizedSessionId,
+        agentId,
+        event: persisted,
+        materializedLocalSession: localSession.materialized,
+        remoteSync,
+      };
+      if (shouldEmitJson(options, command)) {
+        console.log(JSON.stringify(payload, null, 2));
+        return;
+      }
+      console.log(formatEventLine(persisted));
+    });
+
+  session
+    .command("listen")
+    .description("Background-poll a session for events addressed to this agent or broadcast")
+    .requiredOption("--session <id>", "Session id to listen to")
+    .option(
+      "--agent <id>",
+      "Agent id to receive messages for",
+      process.env.SENTINELAYER_AGENT_ID || "cli-user",
+    )
+    .option("--interval <seconds>", "Idle polling interval in seconds (default 60)", "60")
+    .option(
+      "--active-interval <seconds>",
+      "Polling interval after recent human activity (default 5)",
+      "5",
+    )
+    .option(
+      "--active-window <seconds>",
+      "Seconds after a human message to keep the active interval (default 300)",
+      "300",
+    )
+    .option("--emit <format>", "Output format: ndjson or text", "ndjson")
+    .option("--limit <n>", "Maximum events to request per poll (default 200)", "200")
+    .option("--path <path>", "Workspace path for the session", ".")
+    .option("--since <cursor>", "Override the persisted listen cursor")
+    .option("--replay", "Emit matching historical events on the first poll")
+    .option("--max-polls <n>", "Stop after N poll cycles (useful for tests and smoke checks)")
+    .action(async (options) => {
+      const normalizedSessionId = resolveSessionIdOption(options);
+      const targetPath = path.resolve(process.cwd(), String(options.path || "."));
+      const agentId = normalizeAgentId(options.agent, "cli-user");
+      const intervalSeconds = parsePositiveInteger(options.interval, "interval", 60);
+      const activeIntervalSeconds = parsePositiveInteger(
+        options.activeInterval,
+        "active-interval",
+        5,
+      );
+      const activeWindowSeconds = parsePositiveInteger(options.activeWindow, "active-window", 300);
+      const limit = parsePositiveInteger(options.limit, "limit", 200);
+      const emitFormat = normalizeString(options.emit).toLowerCase() || "ndjson";
+      if (!["ndjson", "text"].includes(emitFormat)) {
+        throw new Error("--emit must be one of: ndjson, text.");
+      }
+      const maxPolls =
+        options.maxPolls === undefined
+          ? null
+          : parsePositiveInteger(options.maxPolls, "max-polls", 1);
+      const since = options.since === undefined ? undefined : String(options.since);
+      const ac = new AbortController();
+      const onSigint = () => ac.abort();
+      process.on("SIGINT", onSigint);
+
+      if (emitFormat === "text") {
+        console.log(
+          pc.gray(
+            `Listening to session ${normalizedSessionId} as ${agentId}; idle=${intervalSeconds}s active=${activeIntervalSeconds}s/${activeWindowSeconds}s. Press Ctrl+C to stop.`,
+          ),
+        );
+      }
+
+      try {
+        await listenSessionEvents({
+          sessionId: normalizedSessionId,
+          targetPath,
+          agentId,
+          intervalSeconds,
+          activeIntervalSeconds,
+          activeWindowSeconds,
+          limit,
+          since,
+          replay: Boolean(options.replay),
+          maxPolls,
+          signal: ac.signal,
+          onEvent: async (event) => {
+            if (emitFormat === "ndjson") {
+              console.log(JSON.stringify(event));
+            } else {
+              console.log(formatEventLine(event));
+            }
+          },
+          onError: async (result) => {
+            const reason = normalizeString(result?.reason) || "poll_failed";
+            if (emitFormat === "ndjson") {
+              console.log(
+                JSON.stringify(
+                  createAgentEvent({
+                    event: "session_listen_error",
+                    agentId,
+                    sessionId: normalizedSessionId,
+                    payload: {
+                      reason,
+                      cursor: result?.cursor || null,
+                    },
+                  }),
+                ),
+              );
+            } else {
+              console.log(pc.yellow(`Listen poll skipped (${reason}).`));
+            }
+          },
+        });
+      } finally {
+        process.removeListener("SIGINT", onSigint);
+      }
+    });
+
   session
     .command("read <sessionId>")
     .description("Read recent session messages")
@@ -761,11 +1503,17 @@ export function registerSessionCommand(program) {
       const emitJson = shouldEmitJson(options, command);
 
       let hydration = null;
+      let remoteTail = null;
       if (options.remote) {
         hydration = await hydrateSessionFromRemote({
           sessionId: normalizedSessionId,
           targetPath,
         });
+        remoteTail = await pollSessionEventsBefore(normalizedSessionId, {
+          targetPath,
+          limit: tail,
+          timeoutMs: 15_000,
+        });
         if (!emitJson) {
           if (hydration.ok) {
             console.log(
@@ -773,6 +1521,13 @@ export function registerSessionCommand(program) {
                 `Hydrated from remote: relayed=${hydration.relayed} dropped=${hydration.dropped}.`,
               ),
             );
+            if (hydration.eventsBackfillComplete === false) {
+              console.log(
+                pc.yellow(
+                  `Remote backfill still has more pages (${hydration.eventsBackfillReason || "incomplete"}); latest tail was fetched directly.`,
+                ),
+              );
+            }
           } else {
             console.log(
               pc.yellow(
@@ -784,10 +1539,34 @@ export function registerSessionCommand(program) {
       }
 
       if (!options.follow) {
-        const events = await readStream(normalizedSessionId, {
+        const allEvents = await readStream(normalizedSessionId, {
           targetPath,
-          tail,
+          tail: 0,
         });
+        const displayEvents = [...allEvents];
+        if (remoteTail?.ok && Array.isArray(remoteTail.events) && remoteTail.events.length > 0) {
+          const knownKeys = new Set();
+          for (const event of allEvents) {
+            addSessionEventIdentityKeys(knownKeys, event);
+          }
+          for (const event of remoteTail.events) {
+            if (sessionEventHasKnownIdentity(event, knownKeys)) {
+              continue;
+            }
+            try {
+              const appended = await appendToStream(normalizedSessionId, event, {
+                targetPath,
+                syncRemote: false,
+              });
+              displayEvents.push(appended);
+              addSessionEventIdentityKeys(knownKeys, appended);
+            } catch {
+              displayEvents.push(event);
+              addSessionEventIdentityKeys(knownKeys, event);
+            }
+          }
+        }
+        const events = dedupeSessionEvents(displayEvents).slice(-tail);
         const payload = {
           command: "session read",
           targetPath,
@@ -795,7 +1574,19 @@ export function registerSessionCommand(program) {
           tail,
           count: events.length,
           events,
-          remote: hydration,
+          remote: hydration
+            ? {
+                ...hydration,
+                tailProbe: remoteTail
+                  ? {
+                      ok: Boolean(remoteTail.ok),
+                      reason: remoteTail.reason || "",
+                      count: Array.isArray(remoteTail.events) ? remoteTail.events.length : 0,
+                      cursor: remoteTail.cursor || null,
+                    }
+                  : null,
+              }
+            : hydration,
         };
         if (emitJson) {
           console.log(JSON.stringify(payload, null, 2));
@@ -853,10 +1644,15 @@ export function registerSessionCommand(program) {
       if (!emitJson) {
         console.log(pc.gray(`Following session ${normalizedSessionId}... Press Ctrl+C to stop.`));
       }
+      const seenFollowEvents = new Set();
       for await (const event of tailStream(normalizedSessionId, {
         targetPath,
         replayTail: tail,
       })) {
+        if (sessionEventHasKnownIdentity(event, seenFollowEvents)) {
+          continue;
+        }
+        addSessionEventIdentityKeys(seenFollowEvents, event);
         if (emitJson) {
           console.log(JSON.stringify(event));
         } else {
@@ -910,6 +1706,11 @@ export function registerSessionCommand(program) {
         dropped: result.dropped,
         cursor: result.cursor,
         persistedCursor: result.persistedCursor,
+        humanRelayed: result.humanRelayed,
+        eventsRelayed: result.eventsRelayed,
+        eventsCursor: result.eventsCursor,
+        materializedLocalSession: result.materializedLocalSession,
+        localAppendComplete: result.localAppendComplete,
         access: access || undefined,
       };
       if (shouldEmitJson(options, command)) {
@@ -1249,7 +2050,7 @@ export function registerSessionCommand(program) {
         throw new Error("session id is required.");
       }
       const targetPath = path.resolve(process.cwd(), String(options.path || "."));
-      const agentId = normalizeAgentId(options.agent, "cli-user");
+      const agentId = await defaultAgentId(options.agent, targetPath);
       const left = await unregisterAgent(normalizedSessionId, agentId, {
         reason: options.reason || "manual",
         targetPath,