svamp-cli 0.2.100 → 0.2.102

package/dist/{httpServer-wwHHk1EM.mjs → httpServer-D9qLS8ed.mjs}

@@ -52,6 +52,62 @@ function createChannelHttpServer(deps) {
         res.writeHead(200, { "content-type": "text/markdown" }).end(d.skill?.body || "");
         return;
       }
+      const keyOf = () => (req.headers.authorization || "").replace(/^Bearer\s+/i, "") || u.searchParams.get("key") || void 0;
+      m = u.pathname.match(/^\/channel\/([\w.-]+)\/receive$/);
+      if (m) {
+        const rpc2 = await findOwner(deps, m[1]);
+        if (!rpc2?.channelReceive) {
+          json(404, { error: "channel not found" });
+          return;
+        }
+        const out = await rpc2.channelReceive({
+          channel: m[1],
+          key: keyOf(),
+          from: u.searchParams.get("from") || void 0,
+          cursor: Number(u.searchParams.get("cursor") || 0),
+          correlationId: u.searchParams.get("correlationId") || void 0,
+          wait: u.searchParams.get("wait") != null ? Number(u.searchParams.get("wait")) : void 0
+        });
+        json(out?.error ? out.error === "channel not found" ? 404 : 401 : 200, out);
+        return;
+      }
+      m = u.pathname.match(/^\/channel\/([\w.-]+)\/events$/);
+      if (m) {
+        const rpc2 = await findOwner(deps, m[1]);
+        if (!rpc2?.channelReceive) {
+          res.writeHead(404).end("not found");
+          return;
+        }
+        const key = keyOf();
+        const from = u.searchParams.get("from") || void 0;
+        let cursor = Number(u.searchParams.get("cursor") || 0);
+        res.writeHead(200, { "content-type": "text/event-stream", "cache-control": "no-cache", connection: "keep-alive", "x-accel-buffering": "no" });
+        res.write(": connected\n\n");
+        let closed = false;
+        req.on("close", () => {
+          closed = true;
+        });
+        while (!closed) {
+          const out = await rpc2.channelReceive({ channel: m[1], key, from, cursor, wait: 25 });
+          if (out?.error) {
+            res.write(`event: error
+data: ${JSON.stringify({ error: out.error })}
+
+`);
+            break;
+          }
+          for (const reply of out.replies || []) res.write(`data: ${JSON.stringify(reply)}
+
+`);
+          cursor = out.cursor ?? cursor;
+          if (!(out.replies || []).length) res.write(": keepalive\n\n");
+        }
+        try {
+          res.end();
+        } catch {
+        }
+        return;
+      }
       m = u.pathname.match(/^\/channel\/([\w.-]+)$/);
       if (!m) {
         json(404, { error: "not found" });

package/dist/index.mjs

@@ -1,4 +1,4 @@
-export { c as connectToHypha, a as createSessionStore, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, s as startDaemon, b as stopDaemon } from './run-CdtYIBbd.mjs';
+export { c as connectToHypha, a as createSessionStore, d as daemonStatus, g as getHyphaServerUrl, r as registerMachineService, s as startDaemon, b as stopDaemon } from './run-B_FyvS11.mjs';
 import 'os';
 import 'fs/promises';
 import 'fs';
@@ -12,6 +12,7 @@ import 'util';
 import 'node:crypto';
 import 'node:path';
 import 'node:os';
+import 'node:events';
 import '@agentclientprotocol/sdk';
 import '@modelcontextprotocol/sdk/client/index.js';
 import '@modelcontextprotocol/sdk/client/stdio.js';

package/dist/{package-B7S5w1VE.mjs → package-BsbKsOb_.mjs}

@@ -1,5 +1,5 @@
 var name = "svamp-cli";
-var version = "0.2.100";
+var version = "0.2.102";
 var description = "Svamp CLI — AI workspace daemon on Hypha Cloud";
 var author = "Amun AI AB";
 var license = "SEE LICENSE IN LICENSE";
@@ -19,7 +19,7 @@ var exports$1 = {
 var scripts = {
 	build: "rm -rf dist bin/skills && mkdir -p bin/skills && cp -r ../../skills/artifact bin/skills/artifact && cp -r ../../skills/loop bin/skills/loop && tsc --noEmit && pkgroll",
 	typecheck: "tsc --noEmit",
-	test: "npx tsx test/test-context-window.mjs && npx tsx test/test-instance-config.mjs && npx tsx test/test-authorize.mjs && npx tsx test/test-normalize-allowed-user.mjs && npx tsx test/test-share-url.mjs && npx tsx test/test-update-sharing-normalization.mjs && npx tsx test/test-staged-homes-sweep.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-isolation-decision.mjs && npx tsx test/test-loop-activation.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-claude-auth.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-inbox-guard.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-session-send-query.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-supervisor-lock.mjs && node test/test-supervisor-restart.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only && node test/pinnedClaudeCode.test.mjs && node test/fleet.test.mjs && npx tsx test/test-routine.mjs && npx tsx test/test-routine-rpc.mjs && npx tsx test/test-session-file.mjs && npx tsx test/test-channel-rpc.mjs && npx tsx test/test-wise-agent.mjs && npx tsx test/test-channel-agent.mjs && npx tsx test/test-channels-service.mjs && npx tsx test/test-wise-agent-auth.mjs && npx tsx test/test-channel-http.mjs && npx tsx test/test-wise-voice.mjs && npx tsx test/test-wise-headless.mjs && npx tsx test/test-wise-machine.mjs",
+	test: "npx tsx test/test-context-window.mjs && npx tsx test/test-instance-config.mjs && npx tsx test/test-authorize.mjs && npx tsx test/test-normalize-allowed-user.mjs && npx tsx test/test-share-url.mjs && npx tsx test/test-update-sharing-normalization.mjs && npx tsx test/test-staged-homes-sweep.mjs && npx tsx test/test-session-helpers.mjs && npx tsx test/test-cli-routing.mjs && npx tsx test/test-security-context.mjs && npx tsx test/test-isolation-decision.mjs && npx tsx test/test-loop-activation.mjs && npx tsx test/test-message-helpers.mjs && npx tsx test/test-agent-config.mjs && npx tsx test/test-wrap-command.mjs && npx tsx test/test-credential-staging.mjs && npx tsx test/test-claude-auth.mjs && npx tsx test/test-output-formatters.mjs && npx tsx test/test-inbox-guard.mjs && npx tsx test/test-agent-types.mjs && npx tsx test/test-transport.mjs && npx tsx test/test-session-update-handlers.mjs && npx tsx test/test-session-scanner.mjs && npx tsx test/test-hypha-client.mjs && npx tsx test/test-hook-settings.mjs && npx tsx test/test-session-service-logic.mjs && npx tsx test/test-daemon-persistence.mjs && npx tsx test/test-detect-isolation.mjs && npx tsx test/test-machine-service-logic.mjs && npx tsx test/test-interactive-helpers.mjs && npx tsx test/test-codex-backend.mjs && npx tsx test/test-acp-backend.mjs && npx tsx test/test-acp-bridge.mjs && npx tsx test/test-hook-server.mjs && npx tsx test/test-session-commands.mjs && npx tsx test/test-interactive-console.mjs && npx tsx test/test-session-messages.mjs && npx tsx test/test-session-send-query.mjs && npx tsx test/test-skills.mjs && npx tsx test/test-agent-grouping.mjs && npx tsx test/test-machine-list-directory.mjs && npx tsx test/test-service-commands.mjs && npx tsx test/test-supervisor.mjs && npx tsx test/test-supervisor-lock.mjs && node test/test-supervisor-restart.mjs && npx tsx test/test-clear-detection.mjs && npx tsx test/test-session-consolidation.mjs && npx tsx test/test-inbox.mjs && npx tsx test/test-session-rpc-dispatch.mjs && npx tsx test/test-sandbox-cli.mjs && npx tsx test/test-serve-manager.mjs && npx tsx test/test-serve-stability.mjs && npx tsx test/test-frpc-e2e.mjs --unit-only && node test/pinnedClaudeCode.test.mjs && node test/fleet.test.mjs && npx tsx test/test-routine.mjs && npx tsx test/test-routine-rpc.mjs && npx tsx test/test-session-file.mjs && npx tsx test/test-channel-rpc.mjs && npx tsx test/test-wise-agent.mjs && npx tsx test/test-channel-agent.mjs && npx tsx test/test-channels-service.mjs && npx tsx test/test-channel-async-reply.mjs && npx tsx test/test-wise-agent-auth.mjs && npx tsx test/test-channel-http.mjs && npx tsx test/test-wise-voice.mjs && npx tsx test/test-wise-headless.mjs && npx tsx test/test-wise-machine.mjs",
 	"test:hypha": "node --no-warnings test/test-hypha-service.mjs",
 	dev: "tsx src/cli.ts",
 	"dev:daemon": "tsx src/cli.ts daemon start-sync",

package/dist/{run-CdtYIBbd.mjs → run-B_FyvS11.mjs}

@@ -11,6 +11,7 @@ import { promisify } from 'util';
 import { randomBytes, randomUUID, createHash } from 'node:crypto';
 import { join as join$1 } from 'node:path';
 import os, { homedir, platform } from 'node:os';
+import { EventEmitter } from 'node:events';
 import { ndJsonStream, ClientSideConnection } from '@agentclientprotocol/sdk';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
@@ -433,6 +434,75 @@ function buildTools(deps, skills) {
         }
         return "(sent to the coding agent)";
       }
+    },
+    // Create routine / loop / channel. ONLY call after the caller confirmed the
+    // proposed config (see the propose-then-confirm instruction in context.ts).
+    {
+      name: "create_routine",
+      readOnly: false,
+      description: "Create a session-scoped routine (cron schedule or webhook \u2192 message or loop). ONLY after the caller confirmed the proposal.",
+      parameters: { type: "object", properties: {
+        name: { type: "string", description: "Short human name." },
+        cron: { type: "string", description: 'Cron for a schedule trigger, e.g. "0 9 * * 1-5". Omit for a webhook.' },
+        tz: { type: "string", description: "IANA timezone for the schedule." },
+        action_kind: { type: "string", enum: ["message", "loop"], description: '"message" sends text to this session; "loop" starts a self-verifying loop.' },
+        message: { type: "string", description: "For message action: the text/template to deliver." },
+        task: { type: "string", description: "For loop action: the loop task." },
+        oracle: { type: "string", description: "For loop action: optional pass/fail command." }
+      }, required: ["name", "action_kind"], additionalProperties: false },
+      run: async (a) => {
+        const cron = a?.cron ? str$1(a.cron) : "";
+        const routine = {
+          name: str$1(a?.name),
+          enabled: true,
+          trigger: cron ? { type: "schedule", cron, ...a?.tz ? { tz: str$1(a.tz) } : {} } : { type: "webhook" },
+          action: str$1(a?.action_kind) === "loop" ? { kind: "loop", task_template: str$1(a?.task), loop: { task: str$1(a?.task), ...a?.oracle ? { oracle: str$1(a.oracle) } : {} } } : { kind: "message", template: str$1(a?.message) }
+        };
+        const r = await deps.saveRoutine(routine);
+        return r.success ? `Created routine "${str$1(a?.name)}" (${r.routine?.id || "saved"}).` : `Could not create routine: ${r.error || "unknown error"}.`;
+      }
+    },
+    {
+      name: "create_loop",
+      readOnly: false,
+      description: "Start a self-verifying loop in the bound session (iterates until an evaluator + optional oracle confirm done). ONLY after the caller confirmed the proposal.",
+      parameters: { type: "object", properties: {
+        task: { type: "string", description: "What the loop should accomplish." },
+        criteria: { type: "string", description: "How we know it is genuinely done." },
+        oracle: { type: "string", description: 'Optional pass/fail command (e.g. "npm test").' },
+        max_iterations: { type: "number", description: "Iteration ceiling (default 20)." }
+      }, required: ["task"], additionalProperties: false },
+      run: async (a) => {
+        await deps.startLoop({
+          task: str$1(a?.task),
+          criteria: a?.criteria ? str$1(a.criteria) : void 0,
+          oracle: a?.oracle ? str$1(a.oracle) : void 0,
+          maxIterations: typeof a?.max_iterations === "number" ? a.max_iterations : void 0
+        });
+        return `Started a loop: "${str$1(a?.task).slice(0, 80)}".`;
+      }
+    },
+    {
+      name: "create_channel",
+      readOnly: false,
+      description: "Create an inbound channel so other users/agents can message this session (identity-tagged). ONLY after the caller confirmed the proposal.",
+      parameters: { type: "object", properties: {
+        name: { type: "string", description: "Short channel name." },
+        description: { type: "string", description: "What this channel is for." },
+        identity_mode: { type: "string", enum: ["per-key", "caller-supplied", "fixed"], description: 'How callers are identified (default "per-key").' }
+      }, required: ["name"], additionalProperties: false },
+      run: async (a) => {
+        const mode = a?.identity_mode ? str$1(a.identity_mode) : "per-key";
+        const channel = {
+          name: str$1(a?.name),
+          ...a?.description ? { description: str$1(a.description) } : {},
+          enabled: true,
+          identity: mode === "fixed" ? { mode, fixed: { name: "caller", kind: "agent" } } : { mode },
+          action: { kind: "message" }
+        };
+        const r = await deps.saveChannel(channel);
+        return r.success ? `Created channel "${str$1(a?.name)}" (${r.channel?.id || "saved"}).` : `Could not create channel: ${r.error || "unknown error"}.`;
+      }
     }
   ];
 }
@@ -560,10 +630,12 @@ You are WISE Agent, a fast, text-mode companion to the deep coding agent (Claude
 - use_skill \u2014 load a project skill's full steps by name, then carry them out with run_bash.
 - run_bash \u2014 run a shell command on the session's machine (when granted).
 - send_to_session \u2014 hand a clear, reformulated instruction to the deep coding agent (when granted); pass wait=true to block for its reply.
+- create_routine / create_loop / create_channel \u2014 set up a scheduled/triggered routine, a self-verifying loop, or an inbound channel for this session (when granted). ALWAYS propose first and confirm before calling these (see below).
 
 # Instructions
 - Answer general questions and questions about yourself directly. Use tools only to act on the machine/session.
 - Take the cheap path: read state directly; delegate anything LONG to summarize_session \u2014 keep your own context small.
+- To create a routine, loop, or channel: first restate the resolved config in one line and ask the caller to reply "confirm" to proceed. Only call create_routine / create_loop / create_channel after they confirm in a follow-up message. Never create without confirmation.
 - For destructive actions (deleting, stopping, killing), require a verified caller and confirm intent; for safe reads, just do it.
 - If a tool fails or returns nothing useful, say so plainly \u2014 never fabricate a result.
 - Report the outcome in one line.`;
@@ -936,6 +1008,23 @@ function buildSessionDeps(rpc, opts = {}) {
         recentMessageCount: messages.length,
         latestMessage: latestText
       };
+    },
+    async saveRoutine(routine) {
+      return await rpc.saveRoutine(routine, ctx);
+    },
+    async startLoop(cfg) {
+      await rpc.updateConfig({
+        loop: {
+          task: cfg.task,
+          ...cfg.criteria ? { criteria: cfg.criteria } : {},
+          ...cfg.oracle ? { oracle: cfg.oracle } : {},
+          max_iterations: cfg.maxIterations ?? 20,
+          evaluator: true
+        }
+      }, ctx);
+    },
+    async saveChannel(channel) {
+      return await rpc.saveChannel(channel, ctx);
     }
   };
 }
@@ -2077,7 +2166,7 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         const tunnels = handlers.tunnels;
         if (!tunnels) throw new Error("Tunnel management not available");
         if (tunnels.has(params.name)) throw new Error(`Tunnel '${params.name}' already running`);
-        const { FrpcTunnel } = await import('./frpc-CIkmTNdJ.mjs');
+        const { FrpcTunnel } = await import('./frpc-cJUGFtWY.mjs');
         const tunnel = new FrpcTunnel({
           name: params.name,
           ports: params.ports,
@@ -2338,7 +2427,7 @@ QUESTION: ${params.question || "Summarize this concisely."}` }
           }
           const deps = buildSessionDeps(rpc, { cwd, ownerEmail: owner });
           const sender = { name: context?.user?.email || context?.user?.id || "user", kind: "user", verified: true };
-          const { toolsForRole } = await import('./sideband-JeID_jF-.mjs');
+          const { toolsForRole } = await import('./sideband-DYhbiCEA.mjs');
           const r2 = await runWiseAgent({ message: params.message, sender, config: { tools: toolsForRole(role2) }, deps, transport, model: resolved.model });
           return fmt(r2);
         }
@@ -2414,7 +2503,15 @@ ${d?.error || "not found"}`;
         trackInbound();
         const rpc = await findChannelOwner(kwargs.channel);
         if (!rpc?.channelSend) return { error: "channel not found" };
-        return rpc.channelSend({ channel: kwargs.channel, message: kwargs.message, from: kwargs.from, key: kwargs.key }, context);
+        return rpc.channelSend({ channel: kwargs.channel, message: kwargs.message, from: kwargs.from, key: kwargs.key, reply_to: kwargs.reply_to }, context);
+      },
+      // Async reply retrieval for queue-mode channels — long-poll the channel outbox
+      // for replies addressed to the caller. Channel-identity auth (key/from).
+      receive: async (kwargs = {}, context) => {
+        trackInbound();
+        const rpc = await findChannelOwner(kwargs.channel);
+        if (!rpc?.channelReceive) return { error: "channel not found" };
+        return rpc.channelReceive({ channel: kwargs.channel, key: kwargs.key, from: kwargs.from, cursor: kwargs.cursor, correlationId: kwargs.correlationId, wait: kwargs.wait }, context);
       }
     },
     { overwrite: true }
@@ -2872,10 +2969,27 @@ function generateSkillBody(channel, ctx) {
   const sendUrl = `${gw}/send`;
   const key = ctx?.key || "<your-key>";
   const isAgent = channel.action?.kind === "agent";
+  const isQueue = channel.reply?.mode === "queue";
+  const recvUrl = `${gw}/receive`;
   const hyphaOpen = (channel.identity?.hypha_allow || []).length > 0;
   const name = channel.skill?.name || channel.name;
   const desc = channel.skill?.description || channel.description || `Send a message to the "${channel.name}" channel.`;
-  const replyNote = isAgent ? `This is a **WISE Agent** channel: \`send()\` runs a fast assistant against the session's tools/skills and returns its answer synchronously in the result \`reply\`.` : `Delivery is fire-and-forget \u2014 the message lands in the agent's inbox, tagged with your verified identity (\`from\`).`;
+  const replyNote = isAgent ? `This is a **WISE Agent** channel: \`send()\` runs a fast assistant against the session's tools/skills and returns its answer synchronously in the result \`reply\`.` : isQueue ? `This is an **async** channel: \`send()\` returns a \`correlationId\` and the agent replies later \u2014 poll \`receive()\` (or GET /receive \xB7 /events) for replies addressed to you.` : `Delivery is fire-and-forget \u2014 the message lands in the agent's inbox, tagged with your verified identity (\`from\`).`;
+  const queueSection = isQueue ? `
+
+## Getting the reply (async)
+\`send()\` returns \`{ correlationId }\`. The agent answers later; retrieve replies addressed
+to you by **long-polling** \`receive\` with a cursor you advance each call:
+\`\`\`js
+const { correlationId } = await get_service("${svc}").send({ channel: "${channel.id}", message: "\u2026", from: "your-name" });
+let cursor = 0;
+while (true) {
+  const r = await get_service("${svc}").receive({ channel: "${channel.id}", key: "${key}", cursor, wait: 25 });
+  cursor = r.cursor;
+  for (const reply of r.replies) if (reply.correlationId === correlationId) return reply.body;
+}
+\`\`\`
+**HTTP:** \`POST ${recvUrl}\` with \`{"kwargs": {"channel": "${channel.id}", "key": "${key}", "cursor": 0, "wait": 25}}\` (long-poll), or stream \`GET <channel-http>/channel/${channel.id}/events?key=${key}\` (SSE).` : "";
   const rpcLine = hyphaOpen ? `**Hypha RPC** \u2014 preferred. Your verified Hypha identity is accepted, no key needed:` : `**Hypha RPC** \u2014 verified identity:`;
   return `---
 name: ${name}
@@ -2903,7 +3017,139 @@ POST ${sendUrl}
 Content-Type: application/json
 
 {"kwargs": {"channel": "${channel.id}", "message": "your message here", "from": "your-name", "key": "${key}"}}
-\`\`\``;
+\`\`\`${queueSection}`;
+}
+
+const MAX_PER_CHANNEL = 200;
+const TTL_MS = 60 * 60 * 1e3;
+class ChannelOutbox {
+  file;
+  byChannel = /* @__PURE__ */ new Map();
+  seqByChannel = /* @__PURE__ */ new Map();
+  emitter = new EventEmitter();
+  constructor(projectDir) {
+    const dir = join$1(projectDir, ".svamp", "channels");
+    this.file = join$1(dir, "_outbox.jsonl");
+    this.emitter.setMaxListeners(0);
+    try {
+      mkdirSync$1(dir, { recursive: true });
+    } catch {
+    }
+    this._load();
+  }
+  _load() {
+    if (!existsSync(this.file)) return;
+    const cutoff = Date.now() - TTL_MS;
+    try {
+      for (const line of readFileSync(this.file, "utf8").split("\n")) {
+        if (!line.trim()) continue;
+        let rec = null;
+        try {
+          rec = JSON.parse(line);
+        } catch {
+          continue;
+        }
+        if (!rec || rec.ts < cutoff) continue;
+        const { channelId, ...reply } = rec;
+        const arr = this.byChannel.get(channelId) || [];
+        arr.push(reply);
+        this.byChannel.set(channelId, arr);
+        this.seqByChannel.set(channelId, Math.max(this.seqByChannel.get(channelId) || 0, reply.seq));
+      }
+      for (const [ch, arr] of this.byChannel) if (arr.length > MAX_PER_CHANNEL) this.byChannel.set(ch, arr.slice(-MAX_PER_CHANNEL));
+    } catch {
+    }
+  }
+  _evict(channelId) {
+    const cutoff = Date.now() - TTL_MS;
+    let arr = this.byChannel.get(channelId);
+    if (!arr) return;
+    if (arr.some((r) => r.ts < cutoff)) arr = arr.filter((r) => r.ts >= cutoff);
+    if (arr.length > MAX_PER_CHANNEL) arr = arr.slice(-MAX_PER_CHANNEL);
+    this.byChannel.set(channelId, arr);
+  }
+  /** Append a reply addressed to `to`. Assigns seq + ts, persists, and wakes waiters. */
+  append(channelId, r) {
+    const seq = (this.seqByChannel.get(channelId) || 0) + 1;
+    this.seqByChannel.set(channelId, seq);
+    const reply = { seq, ts: Date.now(), to: r.to, body: r.body, ...r.correlationId ? { correlationId: r.correlationId } : {} };
+    const arr = this.byChannel.get(channelId) || [];
+    arr.push(reply);
+    this.byChannel.set(channelId, arr);
+    this._evict(channelId);
+    try {
+      appendFileSync(this.file, JSON.stringify({ channelId, ...reply }) + "\n");
+    } catch {
+      try {
+        mkdirSync$1(join$1(this.file, ".."), { recursive: true });
+        appendFileSync(this.file, JSON.stringify({ channelId, ...reply }) + "\n");
+      } catch {
+      }
+    }
+    this.emitter.emit(channelId, reply);
+    return reply;
+  }
+  /** Replies for `to` on `channelId` with seq > cursor (optionally one correlationId). */
+  since(channelId, cursor, to, correlationId) {
+    this._evict(channelId);
+    return (this.byChannel.get(channelId) || []).filter((r) => r.seq > cursor && r.to === to && (!correlationId || r.correlationId === correlationId));
+  }
+  /** Highest seq on a channel (the cursor a caller gets back). */
+  cursor(channelId) {
+    return this.seqByChannel.get(channelId) || 0;
+  }
+  /**
+   * Long-poll: resolve immediately if there are replies after `cursor`, else wait for
+   * the next append (filtered to this channel + `to`) or `timeoutMs`, then return.
+   */
+  wait(channelId, cursor, to, timeoutMs, correlationId) {
+    const ready = this.since(channelId, cursor, to, correlationId);
+    if (ready.length) return Promise.resolve({ replies: ready, cursor: this.cursor(channelId) });
+    return new Promise((resolve) => {
+      const onReply = (r) => {
+        if (r.to !== to || correlationId && r.correlationId !== correlationId) return;
+        cleanup();
+        resolve({ replies: this.since(channelId, cursor, to, correlationId), cursor: this.cursor(channelId) });
+      };
+      const timer = setTimeout(() => {
+        cleanup();
+        resolve({ replies: [], cursor: this.cursor(channelId) });
+      }, Math.max(0, timeoutMs));
+      const cleanup = () => {
+        clearTimeout(timer);
+        this.emitter.off(channelId, onReply);
+      };
+      this.emitter.on(channelId, onReply);
+    });
+  }
+  /** Push subscription for SSE: calls onReply for each new reply addressed to `to`. */
+  subscribe(channelId, to, onReply) {
+    const handler = (r) => {
+      if (r.to === to) onReply(r);
+    };
+    this.emitter.on(channelId, handler);
+    return () => this.emitter.off(channelId, handler);
+  }
+  /** Drop a channel's outbox (on channel delete) — best-effort rewrite of the log. */
+  purge(channelId) {
+    this.byChannel.delete(channelId);
+    this.seqByChannel.delete(channelId);
+    if (!existsSync(this.file)) return;
+    try {
+      const kept = readFileSync(this.file, "utf8").split("\n").filter((l) => {
+        if (!l.trim()) return false;
+        try {
+          return JSON.parse(l).channelId !== channelId;
+        } catch {
+          return false;
+        }
+      });
+      const tmp = this.file + ".tmp";
+      writeFileSync$1(tmp, kept.join("\n") + (kept.length ? "\n" : ""));
+      renameSync$1(tmp, this.file);
+    } catch {
+    }
+  }
 }
 
 function resolveSender(channel, input = {}) {
@@ -3181,6 +3427,7 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
     callbacks.onMetadataUpdate?.(metadata);
   };
   const channelStore = new ChannelStore(initialMetadata.path);
+  const channelOutbox = new ChannelOutbox(initialMetadata.path);
   const cfg = server?.config || {};
   const channelsServiceId = cfg.workspace && cfg.client_id ? `${cfg.workspace}/${cfg.client_id}:channels` : void 0;
   const channelsBaseUrl = cfg.public_base_url || process.env.HYPHA_SERVER_URL || "https://hypha.aicell.io";
@@ -3388,6 +3635,7 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
     removeChannel: async (id, context) => {
       authorizeRequest(context, metadata.sharing, "admin");
       const ok = channelStore.remove(id);
+      channelOutbox.purge(id);
       syncChannelsToMetadata();
       return { success: ok };
     },
@@ -3458,6 +3706,8 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
           return { ok: result.status === "completed", call_id: callId, status: result.status, reply: result.reply, tool_calls: result.toolCalls, error: result.error };
         }
         if (c.action?.kind === "loop") return { error: "loop channels are served by the channel server, not channelSend" };
+        const queue = c.reply?.mode === "queue";
+        const replySession = queue ? params.reply_to?.session : void 0;
         const inboxMsg = {
           messageId: callId,
           body: xmlEscape(String(params.message ?? "").slice(0, 16 * 1024)),
@@ -3466,17 +3716,56 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
           from: r.sender.name,
           verified: r.sender.verified,
           channel: c.name,
-          subject: c.name
+          subject: c.name,
+          ...replySession ? { fromSession: replySession, threadId: callId } : {},
+          ...queue && !replySession ? { channelId: c.id, correlationId: callId } : {}
         };
         await rpcHandlers.sendInboxMessage(inboxMsg, ownerCtx);
         channelStore.recordCall(c.id, { sender: r.sender.name, verified: r.sender.verified, callId, outcome: "delivered" });
         syncChannelsToMetadata();
-        return { ok: true, call_id: callId, status: "accepted" };
+        return { ok: true, call_id: callId, status: queue ? "queued" : "accepted", ...queue ? { correlationId: callId } : {} };
       } catch (e) {
         channelStore.recordCall(c.id, { sender: r.sender.name, verified: r.sender.verified, callId, outcome: "error" });
         return { ok: false, call_id: callId, status: "error", error: e?.message || String(e) };
       }
     },
+    // Agent/owner answers a queued (async) channel message → channel outbox, addressed
+    // to the original external caller. Routed here by `inbox reply` for channel-origin
+    // inbox messages (which carry channelId + correlationId + from). Owner-gated since
+    // it's the session speaking on its own behalf.
+    channelReply: async (params, context) => {
+      authorizeRequest(context, metadata.sharing, "interact");
+      const c = channelStore.get(params.channel);
+      if (!c) return { ok: false, error: "channel not found" };
+      if (!params.to || !params.body) return { ok: false, error: "to and body are required" };
+      const reply = channelOutbox.append(c.id, {
+        correlationId: params.correlationId,
+        to: String(params.to),
+        body: String(params.body).slice(0, 16 * 1024)
+      });
+      channelStore.recordCall(c.id, { sender: String(params.to), verified: true, callId: params.correlationId || `seq_${reply.seq}`, outcome: "replied" });
+      return { ok: true, seq: reply.seq };
+    },
+    // External caller retrieves async replies addressed to it. Channel-identity auth
+    // (key/from) — NOT session sharing. Long-polls up to `wait` seconds for new replies
+    // after `cursor`; the caller advances `cursor` each call (ack-by-cursor).
+    channelReceive: async (params, context) => {
+      const c = channelStore.get(params.channel);
+      if (!c || c.enabled === false) return { error: "channel not found" };
+      const u = context?.user;
+      const r = resolveSender(c, {
+        key: params.key,
+        from: params.from,
+        hyphaUser: u && u.is_anonymous !== true ? u.email || u.id : void 0,
+        hyphaAnonymous: u?.is_anonymous === true,
+        hyphaWorkspace: u?.scope?.current_workspace
+      });
+      if (r.error || !r.sender) return { error: r.error || "unauthorized" };
+      const cursor = Math.max(0, Number(params.cursor) || 0);
+      const waitMs = Math.min(Math.max(0, Number(params.wait ?? 25) * 1e3), 6e4);
+      const out = await channelOutbox.wait(c.id, cursor, r.sender.name, waitMs, params.correlationId);
+      return { ok: true, replies: out.replies, cursor: out.cursor };
+    },
     // ── Agent State ──
     getAgentState: async (context) => {
       authorizeRequest(context, metadata.sharing, "view");
@@ -3821,6 +4110,9 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
         const child = spawn("claude", args, {
           cwd,
           timeout: 6e4,
+          // Ignore stdin: --print otherwise waits ~3s for piped input ("no stdin
+          // data received in 3s, proceeding without it") — pure latency per /btw.
+          stdio: ["ignore", "pipe", "pipe"],
           env: { ...process.env, CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: "1" }
         });
         let stdout = "";
@@ -9834,7 +10126,7 @@ async function startDaemon(options) {
     const list = loadExposedTunnels().filter((t) => t.name !== name);
     saveExposedTunnels(list);
   }
-  const { ServeManager } = await import('./serveManager-lmPtmRnR.mjs');
+  const { ServeManager } = await import('./serveManager-B757hHGd.mjs');
   const serveManager = new ServeManager(SVAMP_HOME, (msg) => logger.log(`[SERVE] ${msg}`), hyphaServerUrl);
   ensureAutoInstalledSkills(logger).catch(() => {
   });
@@ -10494,6 +10786,10 @@ async function startDaemon(options) {
                     }
                     if (msg.session_id) {
                       claudeResumeId = msg.session_id;
+                      if (sessionMetadata.claudeSessionId !== msg.session_id) {
+                        sessionMetadata = { ...sessionMetadata, claudeSessionId: msg.session_id };
+                        sessionService.updateMetadata(sessionMetadata);
+                      }
                     }
                     signalProcessing(false);
                     sessionWasProcessing = false;
@@ -12124,7 +12420,7 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
     const channelHttpPort = Number(process.env.SVAMP_CHANNEL_HTTP_PORT) || 0;
     if (channelHttpPort > 0) {
       try {
-        const { createChannelHttpServer } = await import('./httpServer-wwHHk1EM.mjs');
+        const { createChannelHttpServer } = await import('./httpServer-D9qLS8ed.mjs');
         const channelHttpServer = createChannelHttpServer({
           getSessionIds: () => {
             const ids = [];
@@ -12145,7 +12441,7 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
       const specs = loadExposedTunnels();
       if (specs.length === 0) return;
       logger.log(`[exposed-tunnels] Restoring ${specs.length} tunnel(s) from ${EXPOSED_TUNNELS_FILE}`);
-      const { FrpcTunnel } = await import('./frpc-CIkmTNdJ.mjs');
+      const { FrpcTunnel } = await import('./frpc-cJUGFtWY.mjs');
       for (const spec of specs) {
         if (tunnels.has(spec.name)) continue;
         try {

package/dist/{run-zXRdkYtk.mjs → run-CW6bkzDX.mjs}

@@ -2,7 +2,7 @@ import{createRequire as _pkgrollCR}from"node:module";const require=_pkgrollCR(im
 import os from 'node:os';
 import { resolve, join } from 'node:path';
 import { existsSync, readFileSync, watch } from 'node:fs';
-import { c as connectToHypha, a as createSessionStore, r as registerMachineService, P as generateHookSettings } from './run-CdtYIBbd.mjs';
+import { c as connectToHypha, a as createSessionStore, r as registerMachineService, P as generateHookSettings } from './run-B_FyvS11.mjs';
 import { createServer } from 'node:http';
 import { spawn } from 'node:child_process';
 import { createInterface } from 'node:readline';
@@ -14,6 +14,7 @@ import 'url';
 import 'child_process';
 import 'crypto';
 import 'util';
+import 'node:events';
 import '@agentclientprotocol/sdk';
 import '@modelcontextprotocol/sdk/client/index.js';
 import '@modelcontextprotocol/sdk/client/stdio.js';

package/dist/{serveCommands-BZd0reEj.mjs → serveCommands-O2px1za0.mjs}

@@ -54,7 +54,7 @@ async function handleServeCommand() {
   }
 }
 async function serveAdd(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-rSREfaQg.mjs');
+  const { connectAndGetMachine } = await import('./commands-DpRXzSr9.mjs');
   const pos = positionalArgs(args);
   const name = pos[0];
   if (!name) {
@@ -93,7 +93,7 @@ async function serveAdd(args, machineId) {
   }
 }
 async function serveApply(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-rSREfaQg.mjs');
+  const { connectAndGetMachine } = await import('./commands-DpRXzSr9.mjs');
   const fs = await import('fs');
   const yaml = await import('yaml');
   const file = positionalArgs(args)[0];
@@ -182,7 +182,7 @@ async function serveApply(args, machineId) {
   }
 }
 async function serveRemove(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-rSREfaQg.mjs');
+  const { connectAndGetMachine } = await import('./commands-DpRXzSr9.mjs');
   const pos = positionalArgs(args);
   const name = pos[0];
   if (!name) {
@@ -202,7 +202,7 @@ async function serveRemove(args, machineId) {
   }
 }
 async function serveList(args, machineId) {
-  const { connectAndGetMachine } = await import('./commands-rSREfaQg.mjs');
+  const { connectAndGetMachine } = await import('./commands-DpRXzSr9.mjs');
   const all = hasFlag(args, "--all", "-a");
   const json = hasFlag(args, "--json");
   const sessionId = getFlag(args, "--session");
@@ -235,7 +235,7 @@ async function serveList(args, machineId) {
   }
 }
 async function serveInfo(machineId) {
-  const { connectAndGetMachine } = await import('./commands-rSREfaQg.mjs');
+  const { connectAndGetMachine } = await import('./commands-DpRXzSr9.mjs');
   const { machine, server } = await connectAndGetMachine(machineId);
   try {
     const info = await machine.serveInfo();

package/dist/{serveManager-lmPtmRnR.mjs → serveManager-B757hHGd.mjs}

@@ -4,7 +4,7 @@ import * as fs from 'fs';
 import * as http from 'http';
 import * as net from 'net';
 import * as path from 'path';
-import { k as getHyphaServerUrl, S as ServeAuth, l as hasCookieToken } from './run-CdtYIBbd.mjs';
+import { k as getHyphaServerUrl, S as ServeAuth, l as hasCookieToken } from './run-B_FyvS11.mjs';
 import 'os';
 import 'fs/promises';
 import 'url';
@@ -14,6 +14,7 @@ import 'util';
 import 'node:crypto';
 import 'node:path';
 import 'node:os';
+import 'node:events';
 import '@agentclientprotocol/sdk';
 import '@modelcontextprotocol/sdk/client/index.js';
 import '@modelcontextprotocol/sdk/client/stdio.js';
@@ -712,7 +713,7 @@ class ServeManager {
     const mount = this.mounts.get(mountName);
     const subdomainOverride = mount?.access === "link" && mount.linkToken ? /* @__PURE__ */ new Map([[this.port, `static-${subdomainSafe}-${mount.linkToken}`]]) : void 0;
     try {
-      const { FrpcTunnel } = await import('./frpc-CIkmTNdJ.mjs');
+      const { FrpcTunnel } = await import('./frpc-cJUGFtWY.mjs');
       let tunnel;
       tunnel = new FrpcTunnel({
         name: tunnelName,