svamp-cli 0.2.102 → 0.2.104

package/dist/{run-B_FyvS11.mjs → run-CoaYIdw1.mjs}

@@ -1,15 +1,15 @@
 import{createRequire as _pkgrollCR}from"node:module";const require=_pkgrollCR(import.meta.url);import os$1, { homedir as homedir$1 } from 'os';
 import fs, { mkdir as mkdir$1, readdir as readdir$1, readFile, writeFile as writeFile$1, rename, unlink } from 'fs/promises';
-import { readFileSync as readFileSync$1, mkdirSync, writeFileSync, renameSync, existsSync as existsSync$1, rmSync as rmSync$1, unlinkSync as unlinkSync$1, copyFileSync, watch, rmdirSync, readdirSync as readdirSync$1 } from 'fs';
-import path__default, { join, dirname, basename, resolve } from 'path';
+import { readFileSync as readFileSync$1, mkdirSync as mkdirSync$1, writeFileSync as writeFileSync$1, renameSync as renameSync$1, existsSync as existsSync$1, rmSync as rmSync$1, unlinkSync as unlinkSync$1, copyFileSync, watch, rmdirSync, readdirSync as readdirSync$1 } from 'fs';
+import path__default, { join as join$1, dirname, basename, resolve } from 'path';
 import { fileURLToPath } from 'url';
 import { execFile, spawn as spawn$1, execSync as execSync$1, spawnSync } from 'child_process';
 import { randomUUID as randomUUID$1 } from 'crypto';
-import { existsSync, readFileSync, mkdirSync as mkdirSync$1, readdirSync, writeFileSync as writeFileSync$1, renameSync as renameSync$1, rmSync, appendFileSync, unlinkSync } from 'node:fs';
+import { existsSync, readFileSync, mkdirSync, readdirSync, writeFileSync, renameSync, rmSync, appendFileSync, unlinkSync } from 'node:fs';
 import { exec, spawn, execSync, execFile as execFile$1, execFileSync } from 'node:child_process';
 import { promisify } from 'util';
+import { join } from 'node:path';
 import { randomBytes, randomUUID, createHash } from 'node:crypto';
-import { join as join$1 } from 'node:path';
 import os, { homedir, platform } from 'node:os';
 import { EventEmitter } from 'node:events';
 import { ndJsonStream, ClientSideConnection } from '@agentclientprotocol/sdk';
@@ -1121,6 +1121,362 @@ async function killDescendant(rootPid, targetPid, signal = "SIGTERM") {
   }
 }
 
+const FIELD_RANGES = [[0, 59], [0, 23], [1, 31], [1, 12], [0, 6]];
+function parseField(token, [min, max]) {
+  const set = /* @__PURE__ */ new Set();
+  for (const part of token.split(",")) {
+    let m;
+    if (part === "*") {
+      for (let i = min; i <= max; i++) set.add(i);
+    } else if (m = part.match(/^\*\/(\d+)$/)) {
+      const s = +m[1];
+      for (let i = min; i <= max; i += s) set.add(i);
+    } else if (m = part.match(/^(\d+)-(\d+)\/(\d+)$/)) {
+      for (let i = +m[1]; i <= +m[2]; i += +m[3]) set.add(i);
+    } else if (m = part.match(/^(\d+)-(\d+)$/)) {
+      for (let i = +m[1]; i <= +m[2]; i++) set.add(i);
+    } else if (m = part.match(/^(\d+)$/)) {
+      set.add(+m[1]);
+    } else throw new Error(`invalid cron field: "${token}"`);
+  }
+  for (const v of set) if (v < min || v > max) throw new Error(`cron value ${v} out of range [${min},${max}]`);
+  return set;
+}
+function parseCron(expr) {
+  const fields = String(expr).trim().split(/\s+/);
+  if (fields.length !== 5) throw new Error(`cron must have 5 fields, got ${fields.length}: "${expr}"`);
+  const [minute, hour, dom, month, dow] = fields.map((f, i) => parseField(f, FIELD_RANGES[i]));
+  return { minute, hour, dom, month, dow, domRestricted: fields[2] !== "*", dowRestricted: fields[4] !== "*" };
+}
+function cronMatches(expr, date) {
+  const c = typeof expr === "string" ? parseCron(expr) : expr;
+  if (!c.minute.has(date.getMinutes())) return false;
+  if (!c.hour.has(date.getHours())) return false;
+  if (!c.month.has(date.getMonth() + 1)) return false;
+  const domOk = c.dom.has(date.getDate());
+  const dowOk = c.dow.has(date.getDay());
+  if (c.domRestricted && c.dowRestricted) return domOk || dowOk;
+  return domOk && dowOk;
+}
+function inZone(date, tz) {
+  if (!tz) return date;
+  try {
+    const p = new Intl.DateTimeFormat("en-US", {
+      timeZone: tz,
+      hour12: false,
+      year: "numeric",
+      month: "2-digit",
+      day: "2-digit",
+      hour: "2-digit",
+      minute: "2-digit"
+    }).formatToParts(date).reduce((o, x) => {
+      o[x.type] = x.value;
+      return o;
+    }, {});
+    return new Date(+p.year, +p.month - 1, +p.day, +(p.hour === "24" ? 0 : p.hour), +p.minute);
+  } catch {
+    return date;
+  }
+}
+function nextFire(expr, from, tz) {
+  const c = parseCron(expr);
+  const d = new Date(from.getTime());
+  d.setSeconds(0, 0);
+  d.setMinutes(d.getMinutes() + 1);
+  for (let i = 0; i < 366 * 24 * 60; i++) {
+    if (cronMatches(c, tz ? inZone(d, tz) : d)) return new Date(d.getTime());
+    d.setMinutes(d.getMinutes() + 1);
+  }
+  return null;
+}
+function resolvePath(ctx, path) {
+  return path.split(".").reduce((o, k) => o == null ? void 0 : o[k], ctx);
+}
+function renderTemplate(template, ctx) {
+  return String(template).replace(/\$\{([\w.$]+)\}/g, (_m, p) => {
+    const v = resolvePath(ctx, p);
+    return v == null ? "" : typeof v === "object" ? JSON.stringify(v) : String(v);
+  });
+}
+const TRIGGER_TYPES = ["manual", "schedule", "webhook", "api"];
+const ACTION_KINDS = ["message", "loop"];
+const OVERLAP = ["queue", "skip", "replace"];
+function validateRoutine(r) {
+  const errs = [];
+  if (!r || typeof r !== "object") return ["routine must be an object"];
+  if (!r.session_id) errs.push("session_id required");
+  if (!r.name) errs.push("name required");
+  const t = r.trigger;
+  if (!t || !TRIGGER_TYPES.includes(t.type)) errs.push(`trigger.type must be one of ${TRIGGER_TYPES.join("|")}`);
+  if (t?.type === "schedule") {
+    try {
+      parseCron(t.cron);
+    } catch (e) {
+      errs.push(`trigger.cron: ${e.message}`);
+    }
+    if (t.missed && !["catchup", "skip"].includes(t.missed)) errs.push("trigger.missed must be catchup|skip");
+  }
+  const a = r.action;
+  if (!a || !ACTION_KINDS.includes(a.kind)) errs.push(`action.kind must be one of ${ACTION_KINDS.join("|")}`);
+  if (a?.kind === "message" && !a.template) errs.push("action.template required for message action");
+  if (a?.kind === "loop" && !a.loop && !a.task_template) errs.push("action.loop or action.task_template required for loop action");
+  if (r.overlap && !OVERLAP.includes(r.overlap)) errs.push(`overlap must be one of ${OVERLAP.join("|")}`);
+  if ((t?.type === "webhook" || t?.type === "api") && t.public && a?.kind === "loop")
+    errs.push("a public webhook/api may not use a loop action (unauthenticated task injection) \u2014 use a message action or require a key");
+  return errs;
+}
+
+const genId$1 = () => "c_" + randomBytes(5).toString("hex");
+const genKey$1 = () => "ck_" + randomBytes(18).toString("base64url");
+const DEFAULT_TEMPLATE = `<inbound-message from="\${sender.name}" sender-type="\${sender.kind}" verified="\${sender.verified}" channel="\${channel.name}" call-id="\${call.id}" at="\${now}">
+\${body.message}
+</inbound-message>`;
+function validateChannel(c) {
+  const errs = [];
+  if (!c || typeof c !== "object") return ["channel must be an object"];
+  if (!c.name) errs.push("name required");
+  const m = c.identity?.mode;
+  if (!["per-key", "caller-supplied", "fixed"].includes(m)) errs.push("identity.mode must be per-key|caller-supplied|fixed");
+  if (m === "fixed" && !c.identity.fixed?.name) errs.push("identity.fixed.name required for fixed mode");
+  if (!["message", "loop", "agent"].includes(c.action?.kind)) errs.push("action.kind must be message|loop|agent");
+  const b = c.bind;
+  const bindOk = b === "dynamic" || b === "stateless" || b && typeof b.session === "string" && !!b.session;
+  if (!bindOk) errs.push('bind must be "dynamic", "stateless", or { session }');
+  if (b === "stateless" && c.reply?.mode === "queue")
+    errs.push('a stateless channel cannot use reply.mode "queue" (no persistent session to answer later)');
+  if (b === "stateless" && (c.action?.kind === "loop" || c.action?.kind === "agent"))
+    errs.push(`a stateless channel cannot use a ${c.action?.kind} action (needs a live session); use dynamic or { session }`);
+  if (c.action?.kind === "loop" && m === "caller-supplied" && !c.identity?.shared_key)
+    errs.push("a caller-supplied channel without a shared_key may not use a loop action (unauthenticated task injection)");
+  if (c.action?.kind === "agent" && m === "caller-supplied" && !c.identity?.shared_key) {
+    const MUTATING = ["run_bash", "send_to_session"];
+    const ag = c.action.agent || {};
+    const grantsMutating = (ag.tools || []).some((t) => MUTATING.includes(t)) || Object.values(ag.per_caller || {}).some((p) => (p?.tools || []).some((t) => MUTATING.includes(t)));
+    if (grantsMutating) errs.push("a caller-supplied agent channel without a shared_key may not grant run_bash/send_to_session");
+  }
+  const unsafe = /[<>"'&\r\n]/;
+  if (unsafe.test(c.name || "")) errs.push(`name must be single-line and not contain < > " ' &`);
+  if (c.description && unsafe.test(c.description)) errs.push(`description must be single-line and not contain < > " ' &`);
+  if (c.skill?.name && unsafe.test(c.skill.name)) errs.push(`skill.name must be single-line and not contain < > " ' &`);
+  if (c.skill?.description && unsafe.test(c.skill.description)) errs.push(`skill.description must be single-line and not contain < > " ' &`);
+  if (m === "fixed" && c.identity.fixed?.name && unsafe.test(c.identity.fixed.name)) errs.push(`identity.fixed.name must not contain < > " ' & or newlines`);
+  for (const cl of c.identity?.callers || []) if (unsafe.test(cl.name || "")) errs.push(`caller name "${cl.name}" must not contain < > " ' & or newlines`);
+  return errs;
+}
+function normalizeBind(c) {
+  const b = c.bind;
+  if (b === "dynamic" || b === "stateless" || b && typeof b.session === "string" && b.session) return c;
+  c.bind = "dynamic";
+  return c;
+}
+function bindMode(c) {
+  const b = normalizeBind(c).bind;
+  if (b === "stateless") return "stateless";
+  if (b && typeof b.session === "string") return "fixed";
+  return "dynamic";
+}
+function fixedSessionId(c) {
+  const b = c.bind;
+  return b && typeof b.session === "string" ? b.session : void 0;
+}
+class ChannelStore {
+  dir;
+  constructor(projectDir) {
+    this.dir = join(projectDir, ".svamp", "channels");
+    try {
+      mkdirSync(this.dir, { recursive: true });
+    } catch {
+    }
+  }
+  _path(id) {
+    return join(this.dir, `${id}.json`);
+  }
+  list() {
+    if (!existsSync(this.dir)) return [];
+    return readdirSync(this.dir).filter((f) => f.endsWith(".json")).map((f) => {
+      try {
+        return normalizeBind(JSON.parse(readFileSync(join(this.dir, f), "utf8")));
+      } catch {
+        return null;
+      }
+    }).filter((c) => !!c);
+  }
+  get(id) {
+    try {
+      return normalizeBind(JSON.parse(readFileSync(this._path(id), "utf8")));
+    } catch {
+      return null;
+    }
+  }
+  save(channel) {
+    const c = { enabled: true, bind: "dynamic", template: DEFAULT_TEMPLATE, last_calls: [], ...channel };
+    if (!c.id) c.id = genId$1();
+    const errs = validateChannel(c);
+    if (errs.length) throw new Error("invalid channel: " + errs.join("; "));
+    mkdirSync(this.dir, { recursive: true });
+    const tmp = this._path(c.id) + ".tmp";
+    writeFileSync(tmp, JSON.stringify(c, null, 2));
+    renameSync(tmp, this._path(c.id));
+    return c;
+  }
+  remove(id) {
+    const p = this._path(id);
+    if (existsSync(p)) {
+      rmSync(p);
+      return true;
+    }
+    return false;
+  }
+  setEnabled(id, enabled) {
+    const c = this.get(id);
+    if (!c) return null;
+    c.enabled = enabled;
+    return this.save(c);
+  }
+  recordCall(id, entry) {
+    const c = this.get(id);
+    if (!c) return;
+    c.last_calls = c.last_calls || [];
+    c.last_calls.unshift({ at: (/* @__PURE__ */ new Date()).toISOString(), ...entry });
+    c.last_calls = c.last_calls.slice(0, 20);
+    this.save(c);
+  }
+  addCaller(id, name, kind = "agent") {
+    const c = this.get(id);
+    if (!c) return null;
+    c.identity.callers = c.identity.callers || [];
+    const caller = { name, kind, key: genKey$1() };
+    c.identity.callers.push(caller);
+    this.save(c);
+    return caller;
+  }
+}
+function routingSession(channel, ctx) {
+  const mode = bindMode(channel);
+  if (mode === "fixed") return fixedSessionId(channel);
+  if (mode === "dynamic") return ctx?.session;
+  return void 0;
+}
+function gatewayBase(channelsServiceId, baseUrl) {
+  const slash = channelsServiceId.indexOf("/");
+  if (slash < 0) return `${baseUrl.replace(/\/$/, "")}/services/${channelsServiceId}`;
+  const ws = channelsServiceId.slice(0, slash);
+  const clientSvc = channelsServiceId.slice(slash + 1);
+  return `${baseUrl.replace(/\/$/, "")}/${ws}/services/${clientSvc}`;
+}
+function generateSkillBody(channel, ctx) {
+  const svc = ctx?.channelsServiceId || "<workspace>/<machine>:channels";
+  const base = ctx?.baseUrl || "https://hypha.aicell.io";
+  const gw = ctx?.channelsServiceId ? gatewayBase(svc, base) : `${base}/<workspace>/services/<machine>:channels`;
+  const skillUrl = `${gw}/skill?channel=${channel.id}`;
+  const sendUrl = `${gw}/send`;
+  const key = ctx?.key || "<your-key>";
+  const isAgent = channel.action?.kind === "agent";
+  const isQueue = channel.reply?.mode === "queue";
+  const recvUrl = `${gw}/receive`;
+  const hyphaOpen = (channel.identity?.hypha_allow || []).length > 0;
+  const mode = bindMode(channel);
+  const rSession = routingSession(channel, ctx);
+  const sessionLineJs = rSession ? `
+  session: "${rSession}",` : "";
+  const sessionKv = rSession ? `, "session": "${rSession}"` : "";
+  const bindNote = mode === "stateless" ? `**Stateless channel** \u2014 each call spawns a fresh, isolated one-shot session (cold-start: a few seconds), runs, replies, and closes. No shared memory between calls.` : mode === "fixed" ? `Routes to a **fixed session** (\`${rSession}\`); reachable only while that session is live.` : rSession ? `Routes to **session \`${rSession}\`** (the one this instruction was copied from); reachable only while it is live, else a fresh stateless run answers.` : `**Dynamic channel** \u2014 pass \`session: "<id>"\` to target a specific live session, else a fresh stateless run answers.`;
+  const name = channel.skill?.name || channel.name;
+  const desc = channel.skill?.description || channel.description || `Send a message to the "${channel.name}" channel.`;
+  const replyNote = isAgent ? `This is a **WISE Agent** channel: \`send()\` runs a fast assistant against the session's tools/skills and returns its answer synchronously in the result \`reply\`.` : isQueue ? `This is an **async** channel: \`send()\` returns a \`correlationId\` and the agent replies later \u2014 poll \`receive()\` (or GET /receive \xB7 /events) for replies addressed to you.` : `Delivery is fire-and-forget \u2014 the message lands in the agent's inbox, tagged with your verified identity (\`from\`).`;
+  const queueSection = isQueue ? `
+
+## Getting the reply (async)
+\`send()\` returns \`{ correlationId }\`. The agent answers later; retrieve replies addressed
+to you by **long-polling** \`receive\` with a cursor you advance each call:
+\`\`\`js
+const { correlationId } = await get_service("${svc}").send({ channel: "${channel.id}", message: "\u2026", from: "your-name" });
+let cursor = 0;
+while (true) {
+  const r = await get_service("${svc}").receive({ channel: "${channel.id}", key: "${key}", cursor, wait: 25 });
+  cursor = r.cursor;
+  for (const reply of r.replies) if (reply.correlationId === correlationId) return reply.body;
+}
+\`\`\`
+**HTTP:** \`POST ${recvUrl}\` with \`{"kwargs": {"channel": "${channel.id}", "key": "${key}", "cursor": 0, "wait": 25}}\` (long-poll), or stream \`GET <channel-http>/channel/${channel.id}/events?key=${key}\` (SSE).` : "";
+  const rpcLine = hyphaOpen ? `**Hypha RPC** \u2014 preferred. Your verified Hypha identity is accepted, no key needed:` : `**Hypha RPC** \u2014 verified identity:`;
+  return `---
+name: ${name}
+description: ${desc}
+---
+# ${name}
+${channel.description || ""}
+
+Self-contained guide for messaging the **${channel.name}** channel. ${replyNote}
+${bindNote}
+This skill (with every value below already filled in) is served at:
+${skillUrl}
+
+${rpcLine}
+\`\`\`js
+await get_service("${svc}").send({
+  channel: "${channel.id}",
+  message: "your message here",
+  from:    "your-name",${sessionLineJs}
+});
+\`\`\`
+
+**HTTP** \u2014 any client, no Hypha SDK needed (Hypha gateway wraps args under \`kwargs\`):
+\`\`\`
+POST ${sendUrl}
+Content-Type: application/json
+
+{"kwargs": {"channel": "${channel.id}", "message": "your message here", "from": "your-name", "key": "${key}"${sessionKv}}}
+\`\`\`${queueSection}`;
+}
+
+function resolveSender(channel, input = {}) {
+  const { key, from, hyphaUser, hyphaWorkspace, hyphaAnonymous } = input;
+  const id = channel.identity || {};
+  if (hyphaUser && !hyphaAnonymous && Array.isArray(id.hypha_allow) && id.hypha_allow.length) {
+    if (id.hypha_allow.includes("*") || id.hypha_allow.includes(hyphaUser) || hyphaWorkspace && id.hypha_allow.includes(hyphaWorkspace))
+      return { sender: { name: hyphaUser, kind: "agent", verified: true } };
+    return { error: "caller not in hypha_allow" };
+  }
+  if (id.mode === "fixed") {
+    if (!id.fixed?.name) return { error: "fixed identity not configured" };
+    return { sender: { name: id.fixed.name, kind: id.fixed.kind, verified: true } };
+  }
+  if (id.mode === "per-key") {
+    const caller = (id.callers || []).find((c) => c.key && c.key === key);
+    if (!caller) return { error: "invalid or missing key" };
+    return { sender: { name: caller.name, kind: caller.kind, verified: true } };
+  }
+  if (id.mode === "caller-supplied") {
+    if (id.shared_key && key !== id.shared_key) return { error: "invalid key" };
+    return { sender: { name: from || "anonymous", kind: "user", verified: false } };
+  }
+  return { error: "unsupported identity mode" };
+}
+const MAX_BODY = 16 * 1024;
+function xmlEscape(s) {
+  return String(s ?? "").replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+}
+const stripControl = (s) => String(s ?? "").replace(/[\x00-\x1f\x7f]/g, " ");
+function renderMessage(channel, { sender = {}, body = {}, query = {}, callId, now }) {
+  const obj = (v) => typeof v === "object" && v !== null ? JSON.stringify(v) : v;
+  const escVal = (v) => xmlEscape(obj(v));
+  const escAttr = (v) => xmlEscape(stripControl(obj(v)));
+  const bodyEsc = {};
+  for (const [k, v] of Object.entries(body)) bodyEsc[k] = k === "message" ? escVal(String(v ?? "").slice(0, MAX_BODY)) : escAttr(v);
+  const queryEsc = {};
+  for (const [k, v] of Object.entries(query)) if (k !== "key") queryEsc[k] = escAttr(v);
+  const ctx = {
+    sender: { name: escAttr(sender.name), kind: escAttr(sender.kind), verified: sender.verified === true },
+    body: bodyEsc,
+    query: queryEsc,
+    channel: { name: escAttr(channel.name), id: escAttr(channel.id) },
+    call: { id: escAttr(callId) },
+    now: escAttr(now || (/* @__PURE__ */ new Date()).toISOString())
+  };
+  return renderTemplate(channel.template || DEFAULT_TEMPLATE, ctx);
+}
+
 function getParamNames(fn) {
   const src = fn.toString();
   const match = src.match(/^(?:async\s+)?(?:function\s*\w*)?\s*\(([^)]*)\)/);
@@ -1151,7 +1507,7 @@ function filterTerminalResponses(data) {
   return filtered;
 }
 function getMachineMetadataPath(svampHomeDir) {
-  return join(svampHomeDir, "machine-metadata.json");
+  return join$1(svampHomeDir, "machine-metadata.json");
 }
 async function mintRealtimeEphemeralKey(baseUrl, apiKey, opts) {
   const realtimeBase = baseUrl || "https://api.openai.com";
@@ -1212,11 +1568,11 @@ function loadPersistedMachineMetadata(svampHomeDir) {
 }
 function savePersistedMachineMetadata(svampHomeDir, data) {
   try {
-    mkdirSync(svampHomeDir, { recursive: true });
+    mkdirSync$1(svampHomeDir, { recursive: true });
     const filePath = getMachineMetadataPath(svampHomeDir);
     const tmpPath = filePath + ".tmp";
-    writeFileSync(tmpPath, JSON.stringify(data, null, 2));
-    renameSync(tmpPath, filePath);
+    writeFileSync$1(tmpPath, JSON.stringify(data, null, 2));
+    renameSync$1(tmpPath, filePath);
   } catch (err) {
     console.error("[HYPHA MACHINE] Failed to persist machine metadata:", err);
   }
@@ -1663,11 +2019,11 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         if (newSharing.enabled && !newSharing.owner && context?.user?.email) {
           newSharing = { ...newSharing, owner: context.user.email };
         }
-        const ownerEmail = newSharing.owner || context?.user?.email || "";
+        const ownerEmail2 = newSharing.owner || context?.user?.email || "";
         newSharing = {
           ...newSharing,
           allowedUsers: (newSharing.allowedUsers || []).map(
-            (u) => normalizeAllowedUser(u, ownerEmail)
+            (u) => normalizeAllowedUser(u, ownerEmail2)
           ),
           publicAccess: null
         };
@@ -2166,7 +2522,7 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         const tunnels = handlers.tunnels;
         if (!tunnels) throw new Error("Tunnel management not available");
         if (tunnels.has(params.name)) throw new Error(`Tunnel '${params.name}' already running`);
-        const { FrpcTunnel } = await import('./frpc-cJUGFtWY.mjs');
+        const { FrpcTunnel } = await import('./frpc-B8ORdlOO.mjs');
         const tunnel = new FrpcTunnel({
           name: params.name,
           ports: params.ports,
@@ -2222,9 +2578,9 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         authorizeRequest(context, currentMetadata.sharing, "interact");
         const sm = handlers.serveManager;
         if (!sm) throw new Error("Serve manager not available");
-        const ownerEmail = params.ownerEmail || context?.user?.email || void 0;
+        const ownerEmail2 = params.ownerEmail || context?.user?.email || void 0;
         const access = params.access || "owner";
-        return sm.addMount(params.name, params.directory, params.sessionId, access, ownerEmail);
+        return sm.addMount(params.name, params.directory, params.sessionId, access, ownerEmail2);
       },
       /**
        * Apply a mount declaratively. Replaces existing mount with same name.
@@ -2235,7 +2591,7 @@ async function registerMachineService(server, machineId, metadata, daemonState,
         authorizeRequest(context, currentMetadata.sharing, "interact");
         const sm = handlers.serveManager;
         if (!sm) throw new Error("Serve manager not available");
-        const ownerEmail = params.ownerEmail || context?.user?.email || void 0;
+        const ownerEmail2 = params.ownerEmail || context?.user?.email || void 0;
         const access = params.access ?? "owner";
         return sm.applyMount({
           name: params.name,
@@ -2243,7 +2599,7 @@ async function registerMachineService(server, machineId, metadata, daemonState,
           process: params.process,
           sessionId: params.sessionId,
           access,
-          ownerEmail
+          ownerEmail: ownerEmail2
         });
       },
       /** Remove a mount from the shared static file server. */
@@ -2427,7 +2783,7 @@ QUESTION: ${params.question || "Summarize this concisely."}` }
           }
           const deps = buildSessionDeps(rpc, { cwd, ownerEmail: owner });
           const sender = { name: context?.user?.email || context?.user?.id || "user", kind: "user", verified: true };
-          const { toolsForRole } = await import('./sideband-DYhbiCEA.mjs');
+          const { toolsForRole } = await import('./sideband-CO0bdYO_.mjs');
           const r2 = await runWiseAgent({ message: params.message, sender, config: { tools: toolsForRole(role2) }, deps, transport, model: resolved.model });
           return fmt(r2);
         }
@@ -2462,6 +2818,89 @@ QUESTION: ${params.question || "Summarize this concisely."}` }
     }
     return void 0;
   };
+  const readChannelFromDisk = (channelId) => {
+    const seen = /* @__PURE__ */ new Set();
+    for (const t of handlers.getTrackedSessions?.() || []) {
+      const dir = t.directory;
+      if (!dir || seen.has(dir)) continue;
+      seen.add(dir);
+      try {
+        const c = new ChannelStore(dir).get(channelId);
+        if (c && c.enabled !== false) return { c, dir };
+      } catch {
+      }
+    }
+    return void 0;
+  };
+  const liveSessionsInDir = (dir) => (handlers.getTrackedSessions?.() || []).filter((t) => t.directory === dir && handlers.getSessionRPCHandlers?.(t.sessionId)).map((t) => t.sessionId);
+  const resolveChannel = (channelId, targetSession) => {
+    const found = readChannelFromDisk(channelId);
+    if (!found) return { error: "channel not found" };
+    const { c, dir } = found;
+    const mode = bindMode(c);
+    const kind = c.action?.kind;
+    if (kind === "agent" || kind === "loop") {
+      const prefer = mode === "fixed" ? fixedSessionId(c) : mode === "dynamic" ? targetSession : void 0;
+      const sid = prefer && handlers.getSessionRPCHandlers?.(prefer) ? prefer : liveSessionsInDir(dir)[0];
+      if (!sid) {
+        if (mode === "fixed") return { tier: "session", sessionId: fixedSessionId(c) || "?", stopped: true, c, dir };
+        return { error: `no live session to host this ${kind} channel \u2014 start a session in ${dir}` };
+      }
+      return { tier: "session", sessionId: sid, rpc: handlers.getSessionRPCHandlers(sid), c, dir };
+    }
+    const target = mode === "fixed" ? fixedSessionId(c) : mode === "dynamic" ? targetSession : void 0;
+    if (target) {
+      const rpc = handlers.getSessionRPCHandlers?.(target);
+      if (rpc) return { tier: "session", sessionId: target, rpc, c, dir };
+      if (mode === "fixed") return { tier: "session", sessionId: target, stopped: true, c, dir };
+    }
+    return { tier: "stateless", c, dir };
+  };
+  const ownerEmail = currentMetadata.sharing?.owner;
+  const ownerCtx = ownerEmail ? { user: { email: ownerEmail, id: ownerEmail } } : void 0;
+  const selfMachine = {
+    spawnSession: (opts) => handlers.spawnSession(opts),
+    sessionRPC: async (sessionId, method, kwargs) => {
+      const rpc = handlers.getSessionRPCHandlers?.(sessionId);
+      if (!rpc) throw new Error(`Session ${sessionId} not found on this machine`);
+      const handler = rpc[method];
+      if (typeof handler !== "function") throw new Error(`Unknown session method: ${method}`);
+      const paramNames = getParamNames(handler);
+      const callArgs = paramNames.map((n) => n === "context" ? ownerCtx : kwargs?.[n] ?? void 0);
+      return handler(...callArgs);
+    }
+  };
+  const dispatchStateless = async (c, dir, kwargs, context) => {
+    const u = context?.user;
+    const r = resolveSender(c, {
+      key: kwargs.key,
+      from: kwargs.from,
+      hyphaUser: u && u.is_anonymous !== true ? u.email || u.id : void 0,
+      hyphaAnonymous: u?.is_anonymous === true,
+      hyphaWorkspace: u?.scope?.current_workspace
+    });
+    if (r.error || !r.sender) return { error: r.error || "unauthorized" };
+    const callId = "call_" + Math.random().toString(16).slice(2, 12);
+    const rendered = renderMessage(c, { sender: r.sender, body: { message: kwargs.message }, callId });
+    const { queryCore } = await import('./commands-o0MBJocy.mjs');
+    const timeout = c.reply?.timeout_sec || 120;
+    let result;
+    try {
+      result = await queryCore(selfMachine, dir, rendered, { permissionMode: "bypassPermissions", tag: "svamp-channel", timeout });
+    } catch (e) {
+      return { ok: false, call_id: callId, status: "error", error: e?.message || String(e) };
+    } finally {
+      if (result?.sessionId) {
+        try {
+          handlers.deleteSession?.(result.sessionId);
+        } catch {
+        }
+      }
+    }
+    if (result.status === "error") return { ok: false, call_id: callId, status: "error", error: result.error };
+    if (result.status === "permission-pending") return { ok: false, call_id: callId, status: "permission-pending", error: result.error };
+    return { ok: true, call_id: callId, status: "completed", reply: result.response };
+  };
   const channelsServiceInfo = await server.registerService(
     {
       id: "channels",
@@ -2501,17 +2940,22 @@ ${d?.error || "not found"}`;
       },
       send: async (kwargs = {}, context) => {
         trackInbound();
-        const rpc = await findChannelOwner(kwargs.channel);
-        if (!rpc?.channelSend) return { error: "channel not found" };
-        return rpc.channelSend({ channel: kwargs.channel, message: kwargs.message, from: kwargs.from, key: kwargs.key, reply_to: kwargs.reply_to }, context);
+        const res = resolveChannel(kwargs.channel, kwargs.session);
+        if ("error" in res) return { error: res.error };
+        if (res.tier === "stateless") return dispatchStateless(res.c, res.dir, kwargs, context);
+        if ("stopped" in res) return { error: `session ${res.sessionId.slice(0, 8)} is stopped \u2014 resume it to reach this channel` };
+        return res.rpc.channelSend({ channel: kwargs.channel, message: kwargs.message, from: kwargs.from, key: kwargs.key, session: kwargs.session, reply_to: kwargs.reply_to }, context);
       },
       // Async reply retrieval for queue-mode channels — long-poll the channel outbox
-      // for replies addressed to the caller. Channel-identity auth (key/from).
+      // for replies addressed to the caller. Routed to the session the message landed
+      // in (the `session` target); stateless channels can't queue. Channel-identity auth.
       receive: async (kwargs = {}, context) => {
         trackInbound();
-        const rpc = await findChannelOwner(kwargs.channel);
-        if (!rpc?.channelReceive) return { error: "channel not found" };
-        return rpc.channelReceive({ channel: kwargs.channel, key: kwargs.key, from: kwargs.from, cursor: kwargs.cursor, correlationId: kwargs.correlationId, wait: kwargs.wait }, context);
+        const res = resolveChannel(kwargs.channel, kwargs.session);
+        if ("error" in res) return { error: res.error };
+        if (res.tier === "stateless") return { error: "stateless channels have no async replies (no persistent session)" };
+        if ("stopped" in res) return { error: `session ${res.sessionId.slice(0, 8)} is stopped` };
+        return res.rpc.channelReceive({ channel: kwargs.channel, key: kwargs.key, from: kwargs.from, cursor: kwargs.cursor, correlationId: kwargs.correlationId, wait: kwargs.wait }, context);
       }
     },
     { overwrite: true }
@@ -2522,158 +2966,53 @@ ${d?.error || "not found"}`;
     notifySessionEvent: notifyListeners,
     updateMetadata: (newMetadata) => {
       currentMetadata = newMetadata;
-      metadataVersion++;
-      notifyListeners({
-        type: "update-machine",
-        machineId,
-        metadata: { value: currentMetadata, version: metadataVersion }
-      });
-    },
-    updateDaemonState: (newState) => {
-      currentDaemonState = newState;
-      daemonStateVersion++;
-      notifyListeners({
-        type: "update-machine",
-        machineId,
-        daemonState: { value: currentDaemonState, version: daemonStateVersion }
-      });
-    },
-    getLastInboundRpcAt: () => lastInboundRpcAt,
-    disconnect: async () => {
-      const toRemove = [...listeners];
-      for (const listener of toRemove) {
-        removeListener(listener, "disconnect");
-      }
-      await server.unregisterService(serviceInfo.id);
-      await server.unregisterService(channelsServiceInfo.id).catch(() => {
-      });
-    }
-  };
-}
-
-const FIELD_RANGES = [[0, 59], [0, 23], [1, 31], [1, 12], [0, 6]];
-function parseField(token, [min, max]) {
-  const set = /* @__PURE__ */ new Set();
-  for (const part of token.split(",")) {
-    let m;
-    if (part === "*") {
-      for (let i = min; i <= max; i++) set.add(i);
-    } else if (m = part.match(/^\*\/(\d+)$/)) {
-      const s = +m[1];
-      for (let i = min; i <= max; i += s) set.add(i);
-    } else if (m = part.match(/^(\d+)-(\d+)\/(\d+)$/)) {
-      for (let i = +m[1]; i <= +m[2]; i += +m[3]) set.add(i);
-    } else if (m = part.match(/^(\d+)-(\d+)$/)) {
-      for (let i = +m[1]; i <= +m[2]; i++) set.add(i);
-    } else if (m = part.match(/^(\d+)$/)) {
-      set.add(+m[1]);
-    } else throw new Error(`invalid cron field: "${token}"`);
-  }
-  for (const v of set) if (v < min || v > max) throw new Error(`cron value ${v} out of range [${min},${max}]`);
-  return set;
-}
-function parseCron(expr) {
-  const fields = String(expr).trim().split(/\s+/);
-  if (fields.length !== 5) throw new Error(`cron must have 5 fields, got ${fields.length}: "${expr}"`);
-  const [minute, hour, dom, month, dow] = fields.map((f, i) => parseField(f, FIELD_RANGES[i]));
-  return { minute, hour, dom, month, dow, domRestricted: fields[2] !== "*", dowRestricted: fields[4] !== "*" };
-}
-function cronMatches(expr, date) {
-  const c = typeof expr === "string" ? parseCron(expr) : expr;
-  if (!c.minute.has(date.getMinutes())) return false;
-  if (!c.hour.has(date.getHours())) return false;
-  if (!c.month.has(date.getMonth() + 1)) return false;
-  const domOk = c.dom.has(date.getDate());
-  const dowOk = c.dow.has(date.getDay());
-  if (c.domRestricted && c.dowRestricted) return domOk || dowOk;
-  return domOk && dowOk;
-}
-function inZone(date, tz) {
-  if (!tz) return date;
-  try {
-    const p = new Intl.DateTimeFormat("en-US", {
-      timeZone: tz,
-      hour12: false,
-      year: "numeric",
-      month: "2-digit",
-      day: "2-digit",
-      hour: "2-digit",
-      minute: "2-digit"
-    }).formatToParts(date).reduce((o, x) => {
-      o[x.type] = x.value;
-      return o;
-    }, {});
-    return new Date(+p.year, +p.month - 1, +p.day, +(p.hour === "24" ? 0 : p.hour), +p.minute);
-  } catch {
-    return date;
-  }
-}
-function nextFire(expr, from, tz) {
-  const c = parseCron(expr);
-  const d = new Date(from.getTime());
-  d.setSeconds(0, 0);
-  d.setMinutes(d.getMinutes() + 1);
-  for (let i = 0; i < 366 * 24 * 60; i++) {
-    if (cronMatches(c, tz ? inZone(d, tz) : d)) return new Date(d.getTime());
-    d.setMinutes(d.getMinutes() + 1);
-  }
-  return null;
-}
-function resolvePath(ctx, path) {
-  return path.split(".").reduce((o, k) => o == null ? void 0 : o[k], ctx);
-}
-function renderTemplate(template, ctx) {
-  return String(template).replace(/\$\{([\w.$]+)\}/g, (_m, p) => {
-    const v = resolvePath(ctx, p);
-    return v == null ? "" : typeof v === "object" ? JSON.stringify(v) : String(v);
-  });
-}
-const TRIGGER_TYPES = ["manual", "schedule", "webhook", "api"];
-const ACTION_KINDS = ["message", "loop"];
-const OVERLAP = ["queue", "skip", "replace"];
-function validateRoutine(r) {
-  const errs = [];
-  if (!r || typeof r !== "object") return ["routine must be an object"];
-  if (!r.session_id) errs.push("session_id required");
-  if (!r.name) errs.push("name required");
-  const t = r.trigger;
-  if (!t || !TRIGGER_TYPES.includes(t.type)) errs.push(`trigger.type must be one of ${TRIGGER_TYPES.join("|")}`);
-  if (t?.type === "schedule") {
-    try {
-      parseCron(t.cron);
-    } catch (e) {
-      errs.push(`trigger.cron: ${e.message}`);
+      metadataVersion++;
+      notifyListeners({
+        type: "update-machine",
+        machineId,
+        metadata: { value: currentMetadata, version: metadataVersion }
+      });
+    },
+    updateDaemonState: (newState) => {
+      currentDaemonState = newState;
+      daemonStateVersion++;
+      notifyListeners({
+        type: "update-machine",
+        machineId,
+        daemonState: { value: currentDaemonState, version: daemonStateVersion }
+      });
+    },
+    getLastInboundRpcAt: () => lastInboundRpcAt,
+    disconnect: async () => {
+      const toRemove = [...listeners];
+      for (const listener of toRemove) {
+        removeListener(listener, "disconnect");
+      }
+      await server.unregisterService(serviceInfo.id);
+      await server.unregisterService(channelsServiceInfo.id).catch(() => {
+      });
     }
-    if (t.missed && !["catchup", "skip"].includes(t.missed)) errs.push("trigger.missed must be catchup|skip");
-  }
-  const a = r.action;
-  if (!a || !ACTION_KINDS.includes(a.kind)) errs.push(`action.kind must be one of ${ACTION_KINDS.join("|")}`);
-  if (a?.kind === "message" && !a.template) errs.push("action.template required for message action");
-  if (a?.kind === "loop" && !a.loop && !a.task_template) errs.push("action.loop or action.task_template required for loop action");
-  if (r.overlap && !OVERLAP.includes(r.overlap)) errs.push(`overlap must be one of ${OVERLAP.join("|")}`);
-  if ((t?.type === "webhook" || t?.type === "api") && t.public && a?.kind === "loop")
-    errs.push("a public webhook/api may not use a loop action (unauthenticated task injection) \u2014 use a message action or require a key");
-  return errs;
+  };
 }
 
 function defaultRoutinesDir() {
-  return process.env.SVAMP_ROUTINES_DIR || join$1(homedir(), ".svamp", "routines");
+  return process.env.SVAMP_ROUTINES_DIR || join(homedir(), ".svamp", "routines");
 }
-const genId$1 = () => "rt_" + randomBytes(5).toString("hex");
-const genKey$1 = () => randomBytes(18).toString("base64url");
+const genId = () => "rt_" + randomBytes(5).toString("hex");
+const genKey = () => randomBytes(18).toString("base64url");
 class RoutineStore {
   dir;
   constructor(dir = defaultRoutinesDir()) {
     this.dir = dir;
-    mkdirSync$1(dir, { recursive: true });
+    mkdirSync(dir, { recursive: true });
   }
   _path(id) {
-    return join$1(this.dir, `${id}.json`);
+    return join(this.dir, `${id}.json`);
   }
   list(sessionId) {
     const all = readdirSync(this.dir).filter((f) => f.endsWith(".json")).map((f) => {
       try {
-        return JSON.parse(readFileSync(join$1(this.dir, f), "utf8"));
+        return JSON.parse(readFileSync(join(this.dir, f), "utf8"));
       } catch {
         return null;
       }
@@ -2689,13 +3028,13 @@ class RoutineStore {
   }
   save(routine) {
     const r = { overlap: "queue", enabled: true, last_runs: [], ...routine };
-    if (!r.id) r.id = genId$1();
-    if ((r.trigger?.type === "webhook" || r.trigger?.type === "api") && !r.trigger.key) r.trigger.key = genKey$1();
+    if (!r.id) r.id = genId();
+    if ((r.trigger?.type === "webhook" || r.trigger?.type === "api") && !r.trigger.key) r.trigger.key = genKey();
     const errs = validateRoutine(r);
     if (errs.length) throw new Error("invalid routine: " + errs.join("; "));
     const tmp = this._path(r.id) + ".tmp";
-    writeFileSync$1(tmp, JSON.stringify(r, null, 2));
-    renameSync$1(tmp, this._path(r.id));
+    writeFileSync(tmp, JSON.stringify(r, null, 2));
+    renameSync(tmp, this._path(r.id));
     return r;
   }
   remove(id) {
@@ -2851,175 +3190,6 @@ class RoutineRunner {
   }
 }
 
-const genId = () => "c_" + randomBytes(5).toString("hex");
-const genKey = () => "ck_" + randomBytes(18).toString("base64url");
-const DEFAULT_TEMPLATE = `<inbound-message from="\${sender.name}" sender-type="\${sender.kind}" verified="\${sender.verified}" channel="\${channel.name}" call-id="\${call.id}" at="\${now}">
-\${body.message}
-</inbound-message>`;
-function validateChannel(c) {
-  const errs = [];
-  if (!c || typeof c !== "object") return ["channel must be an object"];
-  if (!c.name) errs.push("name required");
-  const m = c.identity?.mode;
-  if (!["per-key", "caller-supplied", "fixed"].includes(m)) errs.push("identity.mode must be per-key|caller-supplied|fixed");
-  if (m === "fixed" && !c.identity.fixed?.name) errs.push("identity.fixed.name required for fixed mode");
-  if (!["message", "loop", "agent"].includes(c.action?.kind)) errs.push("action.kind must be message|loop|agent");
-  if (c.bind !== "active" && !(c.bind && (c.bind.tag || c.bind.session))) errs.push('bind must be "active", {tag}, or {session}');
-  if (c.action?.kind === "loop" && m === "caller-supplied" && !c.identity?.shared_key)
-    errs.push("a caller-supplied channel without a shared_key may not use a loop action (unauthenticated task injection)");
-  if (c.action?.kind === "agent" && m === "caller-supplied" && !c.identity?.shared_key) {
-    const MUTATING = ["run_bash", "send_to_session"];
-    const ag = c.action.agent || {};
-    const grantsMutating = (ag.tools || []).some((t) => MUTATING.includes(t)) || Object.values(ag.per_caller || {}).some((p) => (p?.tools || []).some((t) => MUTATING.includes(t)));
-    if (grantsMutating) errs.push("a caller-supplied agent channel without a shared_key may not grant run_bash/send_to_session");
-  }
-  const unsafe = /[<>"'&\r\n]/;
-  if (unsafe.test(c.name || "")) errs.push(`name must be single-line and not contain < > " ' &`);
-  if (c.description && unsafe.test(c.description)) errs.push(`description must be single-line and not contain < > " ' &`);
-  if (c.skill?.name && unsafe.test(c.skill.name)) errs.push(`skill.name must be single-line and not contain < > " ' &`);
-  if (c.skill?.description && unsafe.test(c.skill.description)) errs.push(`skill.description must be single-line and not contain < > " ' &`);
-  if (m === "fixed" && c.identity.fixed?.name && unsafe.test(c.identity.fixed.name)) errs.push(`identity.fixed.name must not contain < > " ' & or newlines`);
-  for (const cl of c.identity?.callers || []) if (unsafe.test(cl.name || "")) errs.push(`caller name "${cl.name}" must not contain < > " ' & or newlines`);
-  return errs;
-}
-class ChannelStore {
-  dir;
-  constructor(projectDir) {
-    this.dir = join$1(projectDir, ".svamp", "channels");
-    try {
-      mkdirSync$1(this.dir, { recursive: true });
-    } catch {
-    }
-  }
-  _path(id) {
-    return join$1(this.dir, `${id}.json`);
-  }
-  list() {
-    if (!existsSync(this.dir)) return [];
-    return readdirSync(this.dir).filter((f) => f.endsWith(".json")).map((f) => {
-      try {
-        return JSON.parse(readFileSync(join$1(this.dir, f), "utf8"));
-      } catch {
-        return null;
-      }
-    }).filter((c) => !!c);
-  }
-  get(id) {
-    try {
-      return JSON.parse(readFileSync(this._path(id), "utf8"));
-    } catch {
-      return null;
-    }
-  }
-  save(channel) {
-    const c = { enabled: true, bind: "active", template: DEFAULT_TEMPLATE, last_calls: [], ...channel };
-    if (!c.id) c.id = genId();
-    const errs = validateChannel(c);
-    if (errs.length) throw new Error("invalid channel: " + errs.join("; "));
-    mkdirSync$1(this.dir, { recursive: true });
-    const tmp = this._path(c.id) + ".tmp";
-    writeFileSync$1(tmp, JSON.stringify(c, null, 2));
-    renameSync$1(tmp, this._path(c.id));
-    return c;
-  }
-  remove(id) {
-    const p = this._path(id);
-    if (existsSync(p)) {
-      rmSync(p);
-      return true;
-    }
-    return false;
-  }
-  setEnabled(id, enabled) {
-    const c = this.get(id);
-    if (!c) return null;
-    c.enabled = enabled;
-    return this.save(c);
-  }
-  recordCall(id, entry) {
-    const c = this.get(id);
-    if (!c) return;
-    c.last_calls = c.last_calls || [];
-    c.last_calls.unshift({ at: (/* @__PURE__ */ new Date()).toISOString(), ...entry });
-    c.last_calls = c.last_calls.slice(0, 20);
-    this.save(c);
-  }
-  addCaller(id, name, kind = "agent") {
-    const c = this.get(id);
-    if (!c) return null;
-    c.identity.callers = c.identity.callers || [];
-    const caller = { name, kind, key: genKey() };
-    c.identity.callers.push(caller);
-    this.save(c);
-    return caller;
-  }
-}
-function gatewayBase(channelsServiceId, baseUrl) {
-  const slash = channelsServiceId.indexOf("/");
-  if (slash < 0) return `${baseUrl.replace(/\/$/, "")}/services/${channelsServiceId}`;
-  const ws = channelsServiceId.slice(0, slash);
-  const clientSvc = channelsServiceId.slice(slash + 1);
-  return `${baseUrl.replace(/\/$/, "")}/${ws}/services/${clientSvc}`;
-}
-function generateSkillBody(channel, ctx) {
-  const svc = ctx?.channelsServiceId || "<workspace>/<machine>:channels";
-  const base = ctx?.baseUrl || "https://hypha.aicell.io";
-  const gw = ctx?.channelsServiceId ? gatewayBase(svc, base) : `${base}/<workspace>/services/<machine>:channels`;
-  const skillUrl = `${gw}/skill?channel=${channel.id}`;
-  const sendUrl = `${gw}/send`;
-  const key = ctx?.key || "<your-key>";
-  const isAgent = channel.action?.kind === "agent";
-  const isQueue = channel.reply?.mode === "queue";
-  const recvUrl = `${gw}/receive`;
-  const hyphaOpen = (channel.identity?.hypha_allow || []).length > 0;
-  const name = channel.skill?.name || channel.name;
-  const desc = channel.skill?.description || channel.description || `Send a message to the "${channel.name}" channel.`;
-  const replyNote = isAgent ? `This is a **WISE Agent** channel: \`send()\` runs a fast assistant against the session's tools/skills and returns its answer synchronously in the result \`reply\`.` : isQueue ? `This is an **async** channel: \`send()\` returns a \`correlationId\` and the agent replies later \u2014 poll \`receive()\` (or GET /receive \xB7 /events) for replies addressed to you.` : `Delivery is fire-and-forget \u2014 the message lands in the agent's inbox, tagged with your verified identity (\`from\`).`;
-  const queueSection = isQueue ? `
-
-## Getting the reply (async)
-\`send()\` returns \`{ correlationId }\`. The agent answers later; retrieve replies addressed
-to you by **long-polling** \`receive\` with a cursor you advance each call:
-\`\`\`js
-const { correlationId } = await get_service("${svc}").send({ channel: "${channel.id}", message: "\u2026", from: "your-name" });
-let cursor = 0;
-while (true) {
-  const r = await get_service("${svc}").receive({ channel: "${channel.id}", key: "${key}", cursor, wait: 25 });
-  cursor = r.cursor;
-  for (const reply of r.replies) if (reply.correlationId === correlationId) return reply.body;
-}
-\`\`\`
-**HTTP:** \`POST ${recvUrl}\` with \`{"kwargs": {"channel": "${channel.id}", "key": "${key}", "cursor": 0, "wait": 25}}\` (long-poll), or stream \`GET <channel-http>/channel/${channel.id}/events?key=${key}\` (SSE).` : "";
-  const rpcLine = hyphaOpen ? `**Hypha RPC** \u2014 preferred. Your verified Hypha identity is accepted, no key needed:` : `**Hypha RPC** \u2014 verified identity:`;
-  return `---
-name: ${name}
-description: ${desc}
----
-# ${name}
-${channel.description || ""}
-
-Self-contained guide for messaging the **${channel.name}** channel. ${replyNote}
-This skill (with every value below already filled in) is served at:
-${skillUrl}
-
-${rpcLine}
-\`\`\`js
-await get_service("${svc}").send({
-  channel: "${channel.id}",
-  message: "your message here",
-  from:    "your-name",
-});
-\`\`\`
-
-**HTTP** \u2014 any client, no Hypha SDK needed (Hypha gateway wraps args under \`kwargs\`):
-\`\`\`
-POST ${sendUrl}
-Content-Type: application/json
-
-{"kwargs": {"channel": "${channel.id}", "message": "your message here", "from": "your-name", "key": "${key}"}}
-\`\`\`${queueSection}`;
-}
-
 const MAX_PER_CHANNEL = 200;
 const TTL_MS = 60 * 60 * 1e3;
 class ChannelOutbox {
@@ -3028,11 +3198,11 @@ class ChannelOutbox {
   seqByChannel = /* @__PURE__ */ new Map();
   emitter = new EventEmitter();
   constructor(projectDir) {
-    const dir = join$1(projectDir, ".svamp", "channels");
-    this.file = join$1(dir, "_outbox.jsonl");
+    const dir = join(projectDir, ".svamp", "channels");
+    this.file = join(dir, "_outbox.jsonl");
     this.emitter.setMaxListeners(0);
     try {
-      mkdirSync$1(dir, { recursive: true });
+      mkdirSync(dir, { recursive: true });
     } catch {
     }
     this._load();
@@ -3081,7 +3251,7 @@ class ChannelOutbox {
       appendFileSync(this.file, JSON.stringify({ channelId, ...reply }) + "\n");
     } catch {
       try {
-        mkdirSync$1(join$1(this.file, ".."), { recursive: true });
+        mkdirSync(join(this.file, ".."), { recursive: true });
         appendFileSync(this.file, JSON.stringify({ channelId, ...reply }) + "\n");
       } catch {
       }
@@ -3145,62 +3315,15 @@ class ChannelOutbox {
         }
       });
       const tmp = this.file + ".tmp";
-      writeFileSync$1(tmp, kept.join("\n") + (kept.length ? "\n" : ""));
-      renameSync$1(tmp, this.file);
+      writeFileSync(tmp, kept.join("\n") + (kept.length ? "\n" : ""));
+      renameSync(tmp, this.file);
     } catch {
     }
   }
 }
 
-function resolveSender(channel, input = {}) {
-  const { key, from, hyphaUser, hyphaWorkspace, hyphaAnonymous } = input;
-  const id = channel.identity || {};
-  if (hyphaUser && !hyphaAnonymous && Array.isArray(id.hypha_allow) && id.hypha_allow.length) {
-    if (id.hypha_allow.includes("*") || id.hypha_allow.includes(hyphaUser) || hyphaWorkspace && id.hypha_allow.includes(hyphaWorkspace))
-      return { sender: { name: hyphaUser, kind: "agent", verified: true } };
-    return { error: "caller not in hypha_allow" };
-  }
-  if (id.mode === "fixed") {
-    if (!id.fixed?.name) return { error: "fixed identity not configured" };
-    return { sender: { name: id.fixed.name, kind: id.fixed.kind, verified: true } };
-  }
-  if (id.mode === "per-key") {
-    const caller = (id.callers || []).find((c) => c.key && c.key === key);
-    if (!caller) return { error: "invalid or missing key" };
-    return { sender: { name: caller.name, kind: caller.kind, verified: true } };
-  }
-  if (id.mode === "caller-supplied") {
-    if (id.shared_key && key !== id.shared_key) return { error: "invalid key" };
-    return { sender: { name: from || "anonymous", kind: "user", verified: false } };
-  }
-  return { error: "unsupported identity mode" };
-}
-const MAX_BODY = 16 * 1024;
-function xmlEscape(s) {
-  return String(s ?? "").replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
-}
-const stripControl = (s) => String(s ?? "").replace(/[\x00-\x1f\x7f]/g, " ");
-function renderMessage(channel, { sender = {}, body = {}, query = {}, callId, now }) {
-  const obj = (v) => typeof v === "object" && v !== null ? JSON.stringify(v) : v;
-  const escVal = (v) => xmlEscape(obj(v));
-  const escAttr = (v) => xmlEscape(stripControl(obj(v)));
-  const bodyEsc = {};
-  for (const [k, v] of Object.entries(body)) bodyEsc[k] = k === "message" ? escVal(String(v ?? "").slice(0, MAX_BODY)) : escAttr(v);
-  const queryEsc = {};
-  for (const [k, v] of Object.entries(query)) if (k !== "key") queryEsc[k] = escAttr(v);
-  const ctx = {
-    sender: { name: escAttr(sender.name), kind: escAttr(sender.kind), verified: sender.verified === true },
-    body: bodyEsc,
-    query: queryEsc,
-    channel: { name: escAttr(channel.name), id: escAttr(channel.id) },
-    call: { id: escAttr(callId) },
-    now: escAttr(now || (/* @__PURE__ */ new Date()).toISOString())
-  };
-  return renderTemplate(channel.template || DEFAULT_TEMPLATE, ctx);
-}
-
 function channelPublicView(c) {
-  return { id: c.id, name: c.name, description: c.description, identity: { mode: c.identity?.mode }, action: c.action?.kind };
+  return { id: c.id, name: c.name, description: c.description, identity: { mode: c.identity?.mode }, action: c.action?.kind, bind: c.bind };
 }
 function isStructuredMessage(msg) {
   return !!(msg.from || msg.fromSession || msg.subject || msg.replyTo || msg.threadId || msg.channel);
@@ -3227,7 +3350,7 @@ ${msg.body}
 </svamp-message>`;
 }
 function loadMessages(messagesDir, sessionId) {
-  const filePath = join$1(messagesDir, "messages.jsonl");
+  const filePath = join(messagesDir, "messages.jsonl");
   if (!existsSync(filePath)) return [];
   try {
     const lines = readFileSync(filePath, "utf-8").split("\n").filter((l) => l.trim());
@@ -3244,7 +3367,7 @@ function loadMessages(messagesDir, sessionId) {
   }
 }
 function loadMessagesFromDisk(messagesDir, afterSeq, limit) {
-  const filePath = join$1(messagesDir, "messages.jsonl");
+  const filePath = join(messagesDir, "messages.jsonl");
   if (!existsSync(filePath)) return { messages: [], hasMore: false };
   try {
     const lines = readFileSync(filePath, "utf-8").split("\n").filter((l) => l.trim());
@@ -3263,7 +3386,7 @@ function loadMessagesFromDisk(messagesDir, afterSeq, limit) {
   }
 }
 function loadMessagesFromDiskReverse(messagesDir, beforeSeq, limit) {
-  const filePath = join$1(messagesDir, "messages.jsonl");
+  const filePath = join(messagesDir, "messages.jsonl");
   if (!existsSync(filePath)) return { messages: [], hasMore: false };
   try {
     const lines = readFileSync(filePath, "utf-8").split("\n").filter((l) => l.trim());
@@ -3282,7 +3405,7 @@ function loadMessagesFromDiskReverse(messagesDir, beforeSeq, limit) {
   }
 }
 function countMessagesOnDisk(messagesDir, fallbackInMemory) {
-  const filePath = join$1(messagesDir, "messages.jsonl");
+  const filePath = join(messagesDir, "messages.jsonl");
   if (!existsSync(filePath)) return fallbackInMemory;
   try {
     const data = readFileSync(filePath, "utf-8");
@@ -3296,9 +3419,9 @@ function countMessagesOnDisk(messagesDir, fallbackInMemory) {
 }
 function appendMessage(messagesDir, sessionId, msg) {
   try {
-    const filePath = join$1(messagesDir, "messages.jsonl");
+    const filePath = join(messagesDir, "messages.jsonl");
     if (!existsSync(messagesDir)) {
-      mkdirSync$1(messagesDir, { recursive: true });
+      mkdirSync(messagesDir, { recursive: true });
     }
     appendFileSync(filePath, JSON.stringify(msg) + "\n");
   } catch (err) {
@@ -3434,7 +3557,10 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
   const skillCtxFor = (c) => ({
     channelsServiceId,
     baseUrl: channelsBaseUrl,
-    key: c.identity?.shared_key || c.identity?.callers?.[0]?.key
+    key: c.identity?.shared_key || c.identity?.callers?.[0]?.key,
+    // The session this skill is being copied FROM — baked into `dynamic` channel
+    // instructions as the routing target so the copied link lands in THIS session.
+    session: sessionId
   });
   const skillUrlsFor = (c) => {
     if (!channelsServiceId) return { skillUrl: void 0, sendUrl: void 0 };
@@ -3625,6 +3751,10 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
     saveChannel: async (channel, context) => {
       authorizeRequest(context, metadata.sharing, "admin");
       try {
+        const b = channel.bind;
+        if (b && typeof b === "object" && (b.session === "current" || b.session === "" || b.session == null)) {
+          channel = { ...channel, bind: { session: sessionId } };
+        }
         const saved = channelStore.save(channel);
         syncChannelsToMetadata();
         return { success: true, channel: saved };
@@ -3656,6 +3786,8 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
       const c = channelStore.get(id);
       if (!c) return { error: "not found" };
       const { skillUrl, sendUrl } = skillUrlsFor(c);
+      const mode = bindMode(c);
+      const routeSession = mode === "fixed" ? fixedSessionId(c) : mode === "dynamic" ? sessionId : void 0;
       return {
         skill: generateSkillBody(c, skillCtxFor(c)),
         channelsServiceId,
@@ -3664,7 +3796,10 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
         skillUrl,
         sendUrl,
         key: c.identity?.shared_key || c.identity?.callers?.[0]?.key,
-        hyphaKeyless: (c.identity?.hypha_allow || []).length > 0
+        hyphaKeyless: (c.identity?.hypha_allow || []).length > 0,
+        bind: c.bind,
+        bindMode: mode,
+        session: routeSession
       };
     },
     // Public channel discovery (no session authz — channels are deliberately
@@ -4186,9 +4321,9 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
       messages.length = 0;
       nextSeq = 1;
       if (options?.messagesDir) {
-        const filePath = join$1(options.messagesDir, "messages.jsonl");
+        const filePath = join(options.messagesDir, "messages.jsonl");
         try {
-          writeFileSync$1(filePath, "");
+          writeFileSync(filePath, "");
         } catch {
         }
       }
@@ -4216,7 +4351,7 @@ function createSessionStore(server, sessionId, initialMetadata, initialAgentStat
   return { store, rpcHandlers };
 }
 
-const SVAMP_HOME$2 = process.env.SVAMP_HOME || join$1(os.homedir(), ".svamp");
+const SVAMP_HOME$2 = process.env.SVAMP_HOME || join(os.homedir(), ".svamp");
 const num = (key, def) => {
   const v = Number(process.env[key]);
   return Number.isFinite(v) && v > 0 ? v : def;
@@ -4229,19 +4364,19 @@ const BREAKER_MAX_WAKES = num("SVAMP_INBOX_BREAKER_MAX_WAKES", 30);
 const BREAKER_COOLDOWN_MS = num("SVAMP_INBOX_BREAKER_COOLDOWN_MS", 12e4);
 const CTX_STALE_MS = num("SVAMP_INBOX_CTX_STALE_MS", 30 * 6e4);
 function ctxPath(sessionId) {
-  return join$1(SVAMP_HOME$2, "inbound", `${sessionId}.json`);
+  return join(SVAMP_HOME$2, "inbound", `${sessionId}.json`);
 }
 function writeInboundContext(sessionId, ctx) {
   try {
     const p = ctxPath(sessionId);
-    mkdirSync$1(join$1(SVAMP_HOME$2, "inbound"), { recursive: true });
+    mkdirSync(join(SVAMP_HOME$2, "inbound"), { recursive: true });
     const tmp = p + ".tmp";
-    writeFileSync$1(tmp, JSON.stringify({ ...ctx, deliveredAt: Date.now() }));
+    writeFileSync(tmp, JSON.stringify({ ...ctx, deliveredAt: Date.now() }));
     try {
       rmSync(p, { force: true });
     } catch {
     }
-    writeFileSync$1(p, readFileSync(tmp));
+    writeFileSync(p, readFileSync(tmp));
     try {
       rmSync(tmp, { force: true });
     } catch {
@@ -4528,8 +4663,8 @@ class SessionArtifactSync {
     this.syncing = true;
     try {
       const artifactAlias = `session-${sessionId}`;
-      const sessionJsonPath = join$1(sessionsDir, "session.json");
-      const messagesPath = join$1(sessionsDir, "messages.jsonl");
+      const sessionJsonPath = join(sessionsDir, "session.json");
+      const messagesPath = join(sessionsDir, "messages.jsonl");
       let sessionData = null;
       if (existsSync(sessionJsonPath)) {
         try {
@@ -4639,18 +4774,18 @@ class SessionArtifactSync {
         artifact_id: artifactAlias,
         _rkwargs: true
       });
-      if (!existsSync(targetDir)) mkdirSync$1(targetDir, { recursive: true });
+      if (!existsSync(targetDir)) mkdirSync(targetDir, { recursive: true });
       try {
         const data = await this.downloadFile(artifact.id, "session.json");
         if (data) {
-          writeFileSync$1(join$1(targetDir, "session.json"), data);
+          writeFileSync(join(targetDir, "session.json"), data);
         }
       } catch {
       }
       try {
         const data = await this.downloadFile(artifact.id, "messages.jsonl");
         if (data) {
-          writeFileSync$1(join$1(targetDir, "messages.jsonl"), data);
+          writeFileSync(join(targetDir, "messages.jsonl"), data);
         }
       } catch {
       }
@@ -4703,13 +4838,13 @@ class SessionArtifactSync {
    */
   async syncAll(svampHome, machineId) {
     if (!this.initialized) return;
-    const indexFile = join$1(svampHome, "sessions-index.json");
+    const indexFile = join(svampHome, "sessions-index.json");
     if (!existsSync(indexFile)) return;
     try {
       const index = JSON.parse(readFileSync(indexFile, "utf-8"));
       for (const [sessionId, entry] of Object.entries(index)) {
-        const sessionDir = join$1(entry.directory, ".svamp", sessionId);
-        if (existsSync(join$1(sessionDir, "session.json"))) {
+        const sessionDir = join(entry.directory, ".svamp", sessionId);
+        if (existsSync(join(sessionDir, "session.json"))) {
           await this.syncSession(sessionId, sessionDir, void 0, machineId);
         }
       }
@@ -5025,7 +5160,7 @@ var DefaultTransport$1 = /*#__PURE__*/Object.freeze({
 
 function expandHome(p) {
   if (p === "~") return homedir();
-  if (p.startsWith("~/")) return join$1(homedir(), p.slice(2));
+  if (p.startsWith("~/")) return join(homedir(), p.slice(2));
   return p;
 }
 function wrapWithIsolation(originalCommand, originalArgs, config) {
@@ -5052,11 +5187,11 @@ function wrapWithNono(command, args, config) {
   nonoArgs.push("--allow-cwd");
   if (config.credentialStagingPath) {
     env.HOME = config.credentialStagingPath;
-    const realLocalDir = join$1(homedir(), ".local");
+    const realLocalDir = join(homedir(), ".local");
     if (existsSync(realLocalDir)) {
       nonoArgs.push("--read", realLocalDir);
     }
-    const realKeychainDir = join$1(homedir(), "Library", "Keychains");
+    const realKeychainDir = join(homedir(), "Library", "Keychains");
     if (existsSync(realKeychainDir)) {
       nonoArgs.push("--read", realKeychainDir);
     }
@@ -5117,9 +5252,9 @@ function wrapWithContainer(runtime, command, args, config) {
     config.workspacePath
   ];
   if (config.credentialStagingPath) {
-    const stagedClaudeDir = join$1(config.credentialStagingPath, ".claude");
+    const stagedClaudeDir = join(config.credentialStagingPath, ".claude");
     containerArgs.push("-v", `${stagedClaudeDir}:/root/.claude:ro`);
-    const stagedGitconfig = join$1(config.credentialStagingPath, ".gitconfig");
+    const stagedGitconfig = join(config.credentialStagingPath, ".gitconfig");
     containerArgs.push("-v", `${stagedGitconfig}:/root/.gitconfig:ro`);
     containerArgs.push("-e", "HOME=/root");
   }
@@ -6868,8 +7003,8 @@ var GeminiTransport$1 = /*#__PURE__*/Object.freeze({
 });
 
 const execFileAsync = promisify$1(execFile$1);
-const SVAMP_TOOLS_DIR = join$1(homedir(), ".svamp", "tools");
-const SVAMP_BIN_DIR = join$1(SVAMP_TOOLS_DIR, "bin");
+const SVAMP_TOOLS_DIR = join(homedir(), ".svamp", "tools");
+const SVAMP_BIN_DIR = join(SVAMP_TOOLS_DIR, "bin");
 async function checkCommand(command, versionArgs) {
   try {
     const { stdout } = await execFileAsync(command, versionArgs, {
@@ -6879,7 +7014,7 @@ async function checkCommand(command, versionArgs) {
     return { found: true, version, path: command };
   } catch {
   }
-  const localPath = join$1(SVAMP_BIN_DIR, command);
+  const localPath = join(SVAMP_BIN_DIR, command);
   try {
     const { stdout } = await execFileAsync(localPath, versionArgs, {
       timeout: 5e3
@@ -6946,7 +7081,7 @@ async function installNono() {
     const downloadUrl = asset.browser_download_url;
     console.log(`[isolation] Downloading nono ${version} from ${downloadUrl}...`);
     await mkdir(SVAMP_BIN_DIR, { recursive: true });
-    const tarball = join$1(SVAMP_BIN_DIR, assetName);
+    const tarball = join(SVAMP_BIN_DIR, assetName);
     await execFileAsync("curl", [
       "-fsSL",
       "-o",
@@ -6963,7 +7098,7 @@ async function installNono() {
     ], { timeout: 15e3 });
     await rm(tarball, { force: true }).catch(() => {
     });
-    const nonoPath = join$1(SVAMP_BIN_DIR, "nono");
+    const nonoPath = join(SVAMP_BIN_DIR, "nono");
     await chmod(nonoPath, 493);
     try {
       await access(nonoPath);
@@ -7005,8 +7140,8 @@ async function parseIsolationTestOutput(stdout, probeFile) {
 }
 async function verifyNonoIsolation(binaryPath) {
   const testBase = "/tmp";
-  const workDir = await mkdtemp(join$1(testBase, "svamp-iso-work-"));
-  const probeFile = join$1(homedir(), `.svamp-iso-probe-${process.pid}`);
+  const workDir = await mkdtemp(join(testBase, "svamp-iso-work-"));
+  const probeFile = join(homedir(), `.svamp-iso-probe-${process.pid}`);
   try {
     const testScript = [
       `echo ok > "${workDir}/test" 2>/dev/null; W=$?`,
@@ -7132,7 +7267,7 @@ async function detectIsolationCapabilities() {
   return { available, preferred, details };
 }
 
-const STAGED_HOMES_DIR = join$1(homedir(), ".svamp", "staged-homes");
+const STAGED_HOMES_DIR = join(homedir(), ".svamp", "staged-homes");
 const SENSITIVE_ENV_VARS = [
   "HYPHA_TOKEN",
   "HYPHA_CLIENT_ID",
@@ -7148,23 +7283,23 @@ const SENSITIVE_ENV_VARS = [
 ];
 async function stageCredentialsForSharing(sessionId) {
   const realHome = homedir();
-  const realClaudeDir = join$1(realHome, ".claude");
+  const realClaudeDir = join(realHome, ".claude");
   await mkdir(STAGED_HOMES_DIR, { recursive: true });
-  const tmpHome = join$1(STAGED_HOMES_DIR, sessionId);
+  const tmpHome = join(STAGED_HOMES_DIR, sessionId);
   await mkdir(tmpHome, { recursive: true });
-  const stagedClaudeDir = join$1(tmpHome, ".claude");
+  const stagedClaudeDir = join(tmpHome, ".claude");
   await mkdir(stagedClaudeDir, { recursive: true });
   const credentialFiles = ["credentials.json", ".credentials.json"];
   let credentialsCopied = false;
   for (const file of credentialFiles) {
     try {
-      await copyFile(join$1(realClaudeDir, file), join$1(stagedClaudeDir, file));
+      await copyFile(join(realClaudeDir, file), join(stagedClaudeDir, file));
       credentialsCopied = true;
     } catch {
     }
   }
   if (!credentialsCopied && platform() === "darwin") {
-    const stagedCredFile = join$1(stagedClaudeDir, ".credentials.json");
+    const stagedCredFile = join(stagedClaudeDir, ".credentials.json");
     const hasExistingCredentials = existsSync(stagedCredFile);
     if (!hasExistingCredentials) {
       try {
@@ -7182,25 +7317,25 @@ async function stageCredentialsForSharing(sessionId) {
     }
   }
   try {
-    await copyFile(join$1(realHome, ".gitconfig"), join$1(tmpHome, ".gitconfig"));
+    await copyFile(join(realHome, ".gitconfig"), join(tmpHome, ".gitconfig"));
   } catch {
   }
   try {
     await copyFile(
-      join$1(realHome, ".gitignore_global"),
-      join$1(tmpHome, ".gitignore_global")
+      join(realHome, ".gitignore_global"),
+      join(tmpHome, ".gitignore_global")
     );
   } catch {
   }
-  const claudeJsonPath = join$1(tmpHome, ".claude.json");
+  const claudeJsonPath = join(tmpHome, ".claude.json");
   if (!existsSync(claudeJsonPath)) {
     try {
       await writeFile(claudeJsonPath, "{}");
     } catch {
     }
   }
-  const realSkillsDir = join$1(realClaudeDir, "skills");
-  const stagedSkillsDir = join$1(stagedClaudeDir, "skills");
+  const realSkillsDir = join(realClaudeDir, "skills");
+  const stagedSkillsDir = join(stagedClaudeDir, "skills");
   try {
     await copyDirRecursive(realSkillsDir, stagedSkillsDir);
   } catch {
@@ -7234,7 +7369,7 @@ async function sweepOrphanedStagedHomes(activeSessionIds) {
   for (const entry of entries) {
     if (!entry.isDirectory()) continue;
     if (active.has(entry.name)) continue;
-    const path = join$1(STAGED_HOMES_DIR, entry.name);
+    const path = join(STAGED_HOMES_DIR, entry.name);
     try {
       await rm(path, { recursive: true, force: true });
       removed.push(entry.name);
@@ -7249,8 +7384,8 @@ async function copyDirRecursive(src, dest) {
   await mkdir(dest, { recursive: true });
   const entries = await readdir(src, { withFileTypes: true });
   for (const entry of entries) {
-    const srcPath = join$1(src, entry.name);
-    const destPath = join$1(dest, entry.name);
+    const srcPath = join(src, entry.name);
+    const destPath = join(dest, entry.name);
     if (entry.isDirectory()) {
       await copyDirRecursive(srcPath, destPath);
     } else if (entry.isFile()) {
@@ -7302,8 +7437,8 @@ function resolveHyphaProxyUrl() {
   }
 }
 function envFilePath() {
-  const svampHome = process.env.SVAMP_HOME || join$1(homedir(), ".svamp");
-  return join$1(svampHome, ".env");
+  const svampHome = process.env.SVAMP_HOME || join(homedir(), ".svamp");
+  return join(svampHome, ".env");
 }
 function readEnvLines() {
   const file = envFilePath();
@@ -7312,12 +7447,12 @@ function readEnvLines() {
 }
 function writeEnvLines(lines) {
   const file = envFilePath();
-  const dir = join$1(file, "..");
-  if (!existsSync(dir)) mkdirSync$1(dir, { recursive: true });
+  const dir = join(file, "..");
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
   while (lines.length > 0 && lines[lines.length - 1].trim() === "") {
     lines.pop();
   }
-  writeFileSync$1(file, lines.join("\n") + "\n", "utf-8");
+  writeFileSync(file, lines.join("\n") + "\n", "utf-8");
 }
 function updateEnvFile(updates) {
   const lines = readEnvLines();
@@ -7468,10 +7603,10 @@ var claudeAuth = /*#__PURE__*/Object.freeze({
 });
 
 function svampHome() {
-  return process.env.SVAMP_HOME || join(homedir$1(), ".svamp");
+  return process.env.SVAMP_HOME || join$1(homedir$1(), ".svamp");
 }
 function cacheFile() {
-  return join(svampHome(), "instance-config.json");
+  return join$1(svampHome(), "instance-config.json");
 }
 const CONFIG_FILENAME = "svamp.json";
 let _config = null;
@@ -7514,8 +7649,8 @@ function readCache() {
 }
 function writeCache(cfg) {
   try {
-    mkdirSync(svampHome(), { recursive: true });
-    writeFileSync(cacheFile(), JSON.stringify(cfg, null, 2) + "\n", "utf-8");
+    mkdirSync$1(svampHome(), { recursive: true });
+    writeFileSync$1(cacheFile(), JSON.stringify(cfg, null, 2) + "\n", "utf-8");
   } catch {
   }
 }
@@ -8033,7 +8168,7 @@ function escapeHtml(s) {
   return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
 }
 
-const SKILLS_DIR = join(os$1.homedir(), ".claude", "skills");
+const SKILLS_DIR = join$1(os$1.homedir(), ".claude", "skills");
 function getSkillsWorkspaceName() {
   return getSkillsWorkspace();
 }
@@ -8764,7 +8899,7 @@ const REFRESH_BUFFER_MS = 60 * 60 * 1e3;
 const OAUTH_CHECK_INTERVAL_MS = 5 * 60 * 1e3;
 const REFRESH_TIMEOUT_MS = 15e3;
 function getCredentialsPath() {
-  return join$1(homedir(), ".claude", ".credentials.json");
+  return join(homedir(), ".claude", ".credentials.json");
 }
 async function readCredentials() {
   const path = getCredentialsPath();
@@ -8925,14 +9060,14 @@ function resolveContextWindow(opts) {
   return candidate;
 }
 
-const SVAMP_HOME$1 = process.env.SVAMP_HOME || join$1(os.homedir(), ".svamp");
+const SVAMP_HOME$1 = process.env.SVAMP_HOME || join(os.homedir(), ".svamp");
 function generateHookSettings(portOrOptions = {}) {
   const opts = typeof portOrOptions === "number" ? { sessionStartPort: portOrOptions } : portOrOptions;
-  const hooksDir = join$1(SVAMP_HOME$1, "tmp", "hooks");
-  mkdirSync$1(hooksDir, { recursive: true });
+  const hooksDir = join(SVAMP_HOME$1, "tmp", "hooks");
+  mkdirSync(hooksDir, { recursive: true });
   const id = opts.id || String(process.pid);
-  const validatorPath = join$1(hooksDir, `image-validator-${id}.cjs`);
-  writeFileSync$1(validatorPath, IMAGE_VALIDATOR_SCRIPT, { mode: 493 });
+  const validatorPath = join(hooksDir, `image-validator-${id}.cjs`);
+  writeFileSync(validatorPath, IMAGE_VALIDATOR_SCRIPT, { mode: 493 });
   const cleanupPaths = [validatorPath];
   const hooks = {
     PreToolUse: [
@@ -8949,7 +9084,7 @@ function generateHookSettings(portOrOptions = {}) {
     ]
   };
   if (typeof opts.sessionStartPort === "number" && opts.sessionStartPort > 0) {
-    const forwarderPath = join$1(hooksDir, `forwarder-${id}.cjs`);
+    const forwarderPath = join(hooksDir, `forwarder-${id}.cjs`);
     const forwarderCode = `#!/usr/bin/env node
 const http = require('http');
 const port = parseInt(process.argv[2], 10);
@@ -8968,7 +9103,7 @@ process.stdin.on('end', () => {
 });
 process.stdin.resume();
 `;
-    writeFileSync$1(forwarderPath, forwarderCode, { mode: 493 });
+    writeFileSync(forwarderPath, forwarderCode, { mode: 493 });
     cleanupPaths.push(forwarderPath);
     hooks.SessionStart = [
       {
@@ -8982,8 +9117,8 @@ process.stdin.resume();
       }
     ];
   }
-  const settingsPath = join$1(hooksDir, `session-hook-${id}.json`);
-  writeFileSync$1(settingsPath, JSON.stringify({ hooks }, null, 2));
+  const settingsPath = join(hooksDir, `session-hook-${id}.json`);
+  writeFileSync(settingsPath, JSON.stringify({ hooks }, null, 2));
   cleanupPaths.push(settingsPath);
   const cleanup = () => {
     for (const p of cleanupPaths) {
@@ -9145,7 +9280,7 @@ async function readSessionFileBase64(resolvedPath) {
 
 const __filename$1 = fileURLToPath(import.meta.url);
 const __dirname$1 = dirname(__filename$1);
-const CLAUDE_SKILLS_DIR = join(os$1.homedir(), ".claude", "skills");
+const CLAUDE_SKILLS_DIR = join$1(os$1.homedir(), ".claude", "skills");
 function looksLikeClaudeError(line) {
   const l = line.toLowerCase();
   return l.includes("api error") || l.includes("request rejected") || l.includes("error:") || l.includes("overloaded") || l.includes("rate limit") || l.includes("unauthorized") || l.includes("forbidden") || /\b(4\d\d|5\d\d)\b/.test(l) && (l.includes("status") || l.includes("error") || l.includes("rejected"));
@@ -9185,7 +9320,7 @@ function buildClaudeErrorHint(text, apiErrorStatus) {
 }
 function readSkillVersion(skillDir) {
   try {
-    const md = readFileSync$1(join(skillDir, "SKILL.md"), "utf-8");
+    const md = readFileSync$1(join$1(skillDir, "SKILL.md"), "utf-8");
     const m = md.match(/^---\s*\n([\s\S]*?)\n---/);
     if (!m) return null;
     const versionLine = m[1].split("\n").find((l) => /^\s*version\s*:/.test(l));
@@ -9211,18 +9346,18 @@ async function installSkillFromEndpoint(name, baseUrl) {
   const index = await resp.json();
   const files = index.files || [];
   if (files.length === 0) throw new Error(`Skill index at ${baseUrl} has no files`);
-  const targetDir = join(CLAUDE_SKILLS_DIR, name);
-  mkdirSync(targetDir, { recursive: true });
+  const targetDir = join$1(CLAUDE_SKILLS_DIR, name);
+  mkdirSync$1(targetDir, { recursive: true });
   for (const filePath of files) {
     if (!filePath) continue;
     const url = `${baseUrl}${filePath}`;
     const fileResp = await fetch(url, { signal: AbortSignal.timeout(3e4) });
     if (!fileResp.ok) throw new Error(`Failed to download ${filePath}: HTTP ${fileResp.status}`);
     const content = await fileResp.text();
-    const localPath = join(targetDir, filePath);
+    const localPath = join$1(targetDir, filePath);
     if (!localPath.startsWith(targetDir + "/")) continue;
-    mkdirSync(dirname(localPath), { recursive: true });
-    writeFileSync(localPath, content, "utf-8");
+    mkdirSync$1(dirname(localPath), { recursive: true });
+    writeFileSync$1(localPath, content, "utf-8");
   }
 }
 async function installSkillFromMarketplace(name) {
@@ -9246,26 +9381,26 @@ async function installSkillFromMarketplace(name) {
   }
   const files = await collectFiles();
   if (files.length === 0) throw new Error(`Skill ${name} has no files in marketplace`);
-  const targetDir = join(CLAUDE_SKILLS_DIR, name);
-  mkdirSync(targetDir, { recursive: true });
+  const targetDir = join$1(CLAUDE_SKILLS_DIR, name);
+  mkdirSync$1(targetDir, { recursive: true });
   for (const filePath of files) {
     const url = `${BASE}/files/${filePath}`;
     const resp = await fetch(url, { signal: AbortSignal.timeout(3e4) });
     if (!resp.ok) throw new Error(`Failed to download ${filePath}: HTTP ${resp.status}`);
     const content = await resp.text();
-    const localPath = join(targetDir, filePath);
+    const localPath = join$1(targetDir, filePath);
     if (!localPath.startsWith(targetDir + "/")) continue;
-    mkdirSync(dirname(localPath), { recursive: true });
-    writeFileSync(localPath, content, "utf-8");
+    mkdirSync$1(dirname(localPath), { recursive: true });
+    writeFileSync$1(localPath, content, "utf-8");
   }
 }
 function getBundledSkillsDir() {
   try {
     const here = fileURLToPath(import.meta.url);
     const candidates = [
-      join(dirname(here), "..", "bin", "skills"),
+      join$1(dirname(here), "..", "bin", "skills"),
       // built dist/ layout
-      join(dirname(here), "..", "..", "bin", "skills")
+      join$1(dirname(here), "..", "..", "bin", "skills")
       // src/daemon → bin layout via tsx
     ];
     for (const c of candidates) {
@@ -9278,17 +9413,17 @@ function getBundledSkillsDir() {
 function installBundledSkill(name) {
   const bundledDir = getBundledSkillsDir();
   if (!bundledDir) throw new Error(`Bundled skills directory not found`);
-  const src = join(bundledDir, name);
+  const src = join$1(bundledDir, name);
   if (!existsSync$1(src)) throw new Error(`Bundled skill not found: ${src}`);
-  const dst = join(CLAUDE_SKILLS_DIR, name);
-  mkdirSync(dst, { recursive: true });
+  const dst = join$1(CLAUDE_SKILLS_DIR, name);
+  mkdirSync$1(dst, { recursive: true });
   function copyDir(s, d) {
-    mkdirSync(d, { recursive: true });
+    mkdirSync$1(d, { recursive: true });
     for (const entry of readdirSync$1(s, { withFileTypes: true })) {
-      const sp = join(s, entry.name);
-      const dp = join(d, entry.name);
+      const sp = join$1(s, entry.name);
+      const dp = join$1(d, entry.name);
       if (entry.isDirectory()) copyDir(sp, dp);
-      else if (entry.isFile()) writeFileSync(dp, readFileSync$1(sp));
+      else if (entry.isFile()) writeFileSync$1(dp, readFileSync$1(sp));
     }
   }
   copyDir(src, dst);
@@ -9296,7 +9431,7 @@ function installBundledSkill(name) {
 function readBundledSkillVersion(name) {
   const bundledDir = getBundledSkillsDir();
   if (!bundledDir) return null;
-  return readSkillVersion(join(bundledDir, name));
+  return readSkillVersion(join$1(bundledDir, name));
 }
 function preventMachineSleep(logger) {
   if (process.platform === "darwin") {
@@ -9404,7 +9539,7 @@ async function ensureAutoInstalledSkills(logger) {
     }
   ];
   for (const task of tasks) {
-    const targetDir = join(CLAUDE_SKILLS_DIR, task.name);
+    const targetDir = join$1(CLAUDE_SKILLS_DIR, task.name);
     const installed = existsSync$1(targetDir);
     if (!installed) {
       try {
@@ -9445,20 +9580,20 @@ function loadEnvFile(path) {
   return true;
 }
 function loadDotEnv() {
-  const svampEnv = join(process.env.SVAMP_HOME || os$1.homedir() + "/.svamp", ".env");
+  const svampEnv = join$1(process.env.SVAMP_HOME || os$1.homedir() + "/.svamp", ".env");
   if (!loadEnvFile(svampEnv)) {
-    const hyphaEnv = join(process.env.HYPHA_HOME || os$1.homedir() + "/.hypha", ".env");
+    const hyphaEnv = join$1(process.env.HYPHA_HOME || os$1.homedir() + "/.hypha", ".env");
     loadEnvFile(hyphaEnv);
   }
 }
 loadDotEnv();
-const SVAMP_HOME = process.env.SVAMP_HOME || join(os$1.homedir(), ".svamp");
-const DAEMON_STATE_FILE = join(SVAMP_HOME, "daemon.state.json");
-const DAEMON_LOCK_FILE = join(SVAMP_HOME, "daemon.lock");
-const DAEMON_STOP_MARKER_FILE = join(SVAMP_HOME, "daemon.stop");
+const SVAMP_HOME = process.env.SVAMP_HOME || join$1(os$1.homedir(), ".svamp");
+const DAEMON_STATE_FILE = join$1(SVAMP_HOME, "daemon.state.json");
+const DAEMON_LOCK_FILE = join$1(SVAMP_HOME, "daemon.lock");
+const DAEMON_STOP_MARKER_FILE = join$1(SVAMP_HOME, "daemon.stop");
 function writeStopMarker(reason) {
   try {
-    writeFileSync(DAEMON_STOP_MARKER_FILE, `${(/* @__PURE__ */ new Date()).toISOString()} ${reason}
+    writeFileSync$1(DAEMON_STOP_MARKER_FILE, `${(/* @__PURE__ */ new Date()).toISOString()} ${reason}
 `, "utf-8");
   } catch {
   }
@@ -9476,11 +9611,11 @@ function stopMarkerExists() {
     return false;
   }
 }
-const LOGS_DIR = join(SVAMP_HOME, "logs");
-const SESSION_INDEX_FILE = join(SVAMP_HOME, "sessions-index.json");
+const LOGS_DIR = join$1(SVAMP_HOME, "logs");
+const SESSION_INDEX_FILE = join$1(SVAMP_HOME, "sessions-index.json");
 function readPackageVersion() {
   try {
-    const pkgPath = join(__dirname$1, "../package.json");
+    const pkgPath = join$1(__dirname$1, "../package.json");
     if (existsSync$1(pkgPath)) {
       return JSON.parse(readFileSync$1(pkgPath, "utf-8")).version || "unknown";
     }
@@ -9490,7 +9625,7 @@ function readPackageVersion() {
 }
 const DAEMON_VERSION = readPackageVersion();
 function loadAgentConfig() {
-  const configPath = join(SVAMP_HOME, "agent-config.json");
+  const configPath = join$1(SVAMP_HOME, "agent-config.json");
   if (existsSync$1(configPath)) {
     try {
       return JSON.parse(readFileSync$1(configPath, "utf-8"));
@@ -9501,19 +9636,19 @@ function loadAgentConfig() {
   return {};
 }
 function getSessionSvampDir(directory) {
-  return join(directory, ".svamp");
+  return join$1(directory, ".svamp");
 }
 function getSessionDir(directory, sessionId) {
-  return join(getSessionSvampDir(directory), sessionId);
+  return join$1(getSessionSvampDir(directory), sessionId);
 }
 function getSessionFilePath(directory, sessionId) {
-  return join(getSessionDir(directory, sessionId), "session.json");
+  return join$1(getSessionDir(directory, sessionId), "session.json");
 }
 function getSessionMessagesPath(directory, sessionId) {
-  return join(getSessionDir(directory, sessionId), "messages.jsonl");
+  return join$1(getSessionDir(directory, sessionId), "messages.jsonl");
 }
 function getSvampConfigPath(directory, sessionId) {
-  return join(getSessionDir(directory, sessionId), "config.json");
+  return join$1(getSessionDir(directory, sessionId), "config.json");
 }
 function readSvampConfig(configPath) {
   try {
@@ -9523,19 +9658,19 @@ function readSvampConfig(configPath) {
   return {};
 }
 function writeSvampConfig(configPath, config) {
-  mkdirSync(dirname(configPath), { recursive: true });
+  mkdirSync$1(dirname(configPath), { recursive: true });
   const content = JSON.stringify(config, null, 2);
   const tmpPath = configPath + ".tmp";
-  writeFileSync(tmpPath, content);
-  renameSync(tmpPath, configPath);
+  writeFileSync$1(tmpPath, content);
+  renameSync$1(tmpPath, configPath);
   return content;
 }
 function getLoopDir(directory) {
-  return join(directory, ".claude", "loop");
+  return join$1(directory, ".claude", "loop");
 }
 function readLoopState(directory) {
   try {
-    const p = join(getLoopDir(directory), "loop-state.json");
+    const p = join$1(getLoopDir(directory), "loop-state.json");
     if (!existsSync$1(p)) return null;
     return JSON.parse(readFileSync$1(p, "utf-8"));
   } catch {
@@ -9546,10 +9681,21 @@ function isLoopActive(directory) {
   const s = readLoopState(directory);
   return !!s && s.active !== false && s.phase !== "done" && s.phase !== "gave_up" && s.phase !== "cancelled";
 }
+function loopOwnerSession(directory) {
+  const s = readLoopState(directory);
+  if (!s || s.active === false || s.phase === "done" || s.phase === "gave_up" || s.phase === "cancelled") return null;
+  return typeof s.session_id === "string" ? s.session_id : null;
+}
+function isLoopActiveForSession(directory, sessionId) {
+  const s = readLoopState(directory);
+  if (!s || s.active === false || s.phase === "done" || s.phase === "gave_up" || s.phase === "cancelled") return false;
+  if (typeof s.session_id !== "string") return true;
+  return s.session_id === sessionId;
+}
 function resolveLoopInit() {
   const candidates = [
-    join(CLAUDE_SKILLS_DIR, "loop", "bin", "loop-init.mjs"),
-    ...getBundledSkillsDir() ? [join(getBundledSkillsDir(), "loop", "bin", "loop-init.mjs")] : []
+    join$1(CLAUDE_SKILLS_DIR, "loop", "bin", "loop-init.mjs"),
+    ...getBundledSkillsDir() ? [join$1(getBundledSkillsDir(), "loop", "bin", "loop-init.mjs")] : []
   ];
   for (const c of candidates) if (existsSync$1(c)) return c;
   return null;
@@ -9563,19 +9709,20 @@ function initLoop(directory, cfg) {
   if (typeof cfg.maxIterations === "number") args.push("--max", String(cfg.maxIterations));
   args.push("--evaluator", cfg.evaluator === false ? "off" : "on");
   if (cfg.model) args.push("--model", cfg.model);
+  if (cfg.sessionId) args.push("--session", cfg.sessionId);
   const res = spawnSync(process.execPath, args, { encoding: "utf-8", timeout: 3e4 });
   return res.status === 0;
 }
 function deactivateLoop(directory) {
   try {
-    const p = join(getLoopDir(directory), "loop-state.json");
+    const p = join$1(getLoopDir(directory), "loop-state.json");
     if (!existsSync$1(p)) return;
     const s = JSON.parse(readFileSync$1(p, "utf-8"));
     s.active = false;
     s.phase = "cancelled";
     const tmp = p + ".tmp";
-    writeFileSync(tmp, JSON.stringify(s, null, 2));
-    renameSync(tmp, p);
+    writeFileSync$1(tmp, JSON.stringify(s, null, 2));
+    renameSync$1(tmp, p);
   } catch {
   }
 }
@@ -9664,7 +9811,8 @@ function createSvampConfigChecker(directory, sessionId, getMetadata, setMetadata
           criteria: typeof lp.criteria === "string" && lp.criteria.trim() ? lp.criteria.trim() : void 0,
           oracle,
           maxIterations,
-          evaluator
+          evaluator,
+          sessionId
         });
         if (ok) {
           const existingQueue = getMetadata().messageQueue || [];
@@ -9712,7 +9860,7 @@ function createSvampConfigChecker(directory, sessionId, getMetadata, setMetadata
   let watcher = null;
   try {
     const configDir = dirname(configPath);
-    mkdirSync(configDir, { recursive: true });
+    mkdirSync$1(configDir, { recursive: true });
     watcher = watch(configDir, (eventType, filename) => {
       if (filename === "config.json") configChecker();
     });
@@ -9738,18 +9886,18 @@ function loadSessionIndex() {
 }
 function saveSessionIndex(index) {
   const tmp = SESSION_INDEX_FILE + ".tmp";
-  writeFileSync(tmp, JSON.stringify(index, null, 2), "utf-8");
-  renameSync(tmp, SESSION_INDEX_FILE);
+  writeFileSync$1(tmp, JSON.stringify(index, null, 2), "utf-8");
+  renameSync$1(tmp, SESSION_INDEX_FILE);
 }
 function saveSession(session) {
   const sessionDir = getSessionDir(session.directory, session.sessionId);
   if (!existsSync$1(sessionDir)) {
-    mkdirSync(sessionDir, { recursive: true });
+    mkdirSync$1(sessionDir, { recursive: true });
   }
   const filePath = getSessionFilePath(session.directory, session.sessionId);
   const tmpPath = filePath + ".tmp";
-  writeFileSync(tmpPath, JSON.stringify(session, null, 2), "utf-8");
-  renameSync(tmpPath, filePath);
+  writeFileSync$1(tmpPath, JSON.stringify(session, null, 2), "utf-8");
+  renameSync$1(tmpPath, filePath);
   const index = loadSessionIndex();
   index[session.sessionId] = { directory: session.directory, createdAt: session.createdAt };
   saveSessionIndex(index);
@@ -9793,8 +9941,8 @@ function markSessionAsArchived(sessionId) {
     if (data.stopped === true) return true;
     data.stopped = true;
     const tmpPath = filePath + ".tmp";
-    writeFileSync(tmpPath, JSON.stringify(data, null, 2), "utf-8");
-    renameSync(tmpPath, filePath);
+    writeFileSync$1(tmpPath, JSON.stringify(data, null, 2), "utf-8");
+    renameSync$1(tmpPath, filePath);
     return true;
   } catch {
     return false;
@@ -9811,8 +9959,8 @@ function clearSessionArchivedFlag(sessionId) {
     if (data.stopped) {
       delete data.stopped;
       const tmpPath = filePath + ".tmp";
-      writeFileSync(tmpPath, JSON.stringify(data, null, 2), "utf-8");
-      renameSync(tmpPath, filePath);
+      writeFileSync$1(tmpPath, JSON.stringify(data, null, 2), "utf-8");
+      renameSync$1(tmpPath, filePath);
     }
     return data;
   } catch {
@@ -9844,15 +9992,15 @@ function loadPersistedSessions() {
 }
 function ensureHomeDir() {
   if (!existsSync$1(SVAMP_HOME)) {
-    mkdirSync(SVAMP_HOME, { recursive: true });
+    mkdirSync$1(SVAMP_HOME, { recursive: true });
   }
   if (!existsSync$1(LOGS_DIR)) {
-    mkdirSync(LOGS_DIR, { recursive: true });
+    mkdirSync$1(LOGS_DIR, { recursive: true });
   }
 }
 function createLogger() {
   ensureHomeDir();
-  const logFile = join(LOGS_DIR, `daemon-${(/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-")}.log`);
+  const logFile = join$1(LOGS_DIR, `daemon-${(/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-")}.log`);
   return {
     logFilePath: logFile,
     log: (...args) => {
@@ -9876,8 +10024,8 @@ function createLogger() {
 function writeDaemonStateFile(state) {
   ensureHomeDir();
   const tmpPath = DAEMON_STATE_FILE + ".tmp";
-  writeFileSync(tmpPath, JSON.stringify(state, null, 2), "utf-8");
-  renameSync(tmpPath, DAEMON_STATE_FILE);
+  writeFileSync$1(tmpPath, JSON.stringify(state, null, 2), "utf-8");
+  renameSync$1(tmpPath, DAEMON_STATE_FILE);
 }
 function readDaemonStateFile() {
   try {
@@ -10076,7 +10224,7 @@ async function startDaemon(options) {
     logger.log('Warning: No HYPHA_TOKEN set. Run "svamp login" to authenticate.');
     logger.log("Connecting anonymously...");
   }
-  const machineIdFile = join(SVAMP_HOME, "machine-id");
+  const machineIdFile = join$1(SVAMP_HOME, "machine-id");
   let machineId = process.env.SVAMP_MACHINE_ID;
   if (!machineId) {
     if (existsSync$1(machineIdFile)) {
@@ -10085,7 +10233,7 @@ async function startDaemon(options) {
     if (!machineId) {
       machineId = `machine-${os$1.hostname()}-${randomUUID$1().slice(0, 8)}`;
       try {
-        writeFileSync(machineIdFile, machineId, "utf-8");
+        writeFileSync$1(machineIdFile, machineId, "utf-8");
       } catch {
       }
     }
@@ -10095,10 +10243,10 @@ async function startDaemon(options) {
   logger.log(`  Workspace: ${hyphaWorkspace || "(default)"}`);
   logger.log(`  Machine ID: ${machineId}`);
   let server = null;
-  const supervisor = new ProcessSupervisor(join(SVAMP_HOME, "processes"));
+  const supervisor = new ProcessSupervisor(join$1(SVAMP_HOME, "processes"));
   await supervisor.init();
   const tunnels = /* @__PURE__ */ new Map();
-  const EXPOSED_TUNNELS_FILE = join(SVAMP_HOME, "exposed-tunnels.json");
+  const EXPOSED_TUNNELS_FILE = join$1(SVAMP_HOME, "exposed-tunnels.json");
   function loadExposedTunnels() {
     try {
       if (!existsSync$1(EXPOSED_TUNNELS_FILE)) return [];
@@ -10111,8 +10259,8 @@ async function startDaemon(options) {
   }
   function saveExposedTunnels(specs) {
     try {
-      mkdirSync(SVAMP_HOME, { recursive: true });
-      writeFileSync(EXPOSED_TUNNELS_FILE, JSON.stringify({ tunnels: specs }, null, 2));
+      mkdirSync$1(SVAMP_HOME, { recursive: true });
+      writeFileSync$1(EXPOSED_TUNNELS_FILE, JSON.stringify({ tunnels: specs }, null, 2));
     } catch (err) {
       logger.log(`[exposed-tunnels] Persist failed: ${err.message}`);
     }
@@ -10126,7 +10274,7 @@ async function startDaemon(options) {
     const list = loadExposedTunnels().filter((t) => t.name !== name);
     saveExposedTunnels(list);
   }
-  const { ServeManager } = await import('./serveManager-B757hHGd.mjs');
+  const { ServeManager } = await import('./serveManager-Bq33kB5r.mjs');
   const serveManager = new ServeManager(SVAMP_HOME, (msg) => logger.log(`[SERVE] ${msg}`), hyphaServerUrl);
   ensureAutoInstalledSkills(logger).catch(() => {
   });
@@ -10238,7 +10386,7 @@ async function startDaemon(options) {
           }
         }, shouldAutoAllow2 = function(toolName, toolInput) {
           if (toolName === "AskUserQuestion") {
-            return isLoopActive(directory);
+            return isLoopActiveForSession(directory, sessionId);
           }
           if (toolName === "Bash") {
             const inputObj = toolInput;
@@ -10251,7 +10399,7 @@ async function startDaemon(options) {
           } else if (allowedTools.has(toolName)) {
             return true;
           }
-          if (isLoopActive(directory)) return true;
+          if (isLoopActiveForSession(directory, sessionId)) return true;
           if (currentPermissionMode === "bypassPermissions" || currentPermissionMode === "yolo") return true;
           if ((currentPermissionMode === "acceptEdits" || currentPermissionMode === "safe-yolo") && EDIT_TOOLS.has(toolName)) return true;
           return false;
@@ -10317,8 +10465,8 @@ async function startDaemon(options) {
           machineId,
           homeDir: os$1.homedir(),
           svampHomeDir: SVAMP_HOME,
-          svampLibDir: join(__dirname$1, ".."),
-          svampToolsDir: join(__dirname$1, "..", "tools"),
+          svampLibDir: join$1(__dirname$1, ".."),
+          svampToolsDir: join$1(__dirname$1, "..", "tools"),
           startedFromDaemon: true,
           startedBy: "daemon",
           lifecycleState: resumeSessionId ? "idle" : "starting",
@@ -10425,7 +10573,7 @@ async function startDaemon(options) {
         if (persisted && persisted.sessionId !== sessionId) {
           const oldDir = persisted.directory || directory;
           const newSessionDir = getSessionDir(directory, sessionId);
-          if (!existsSync$1(newSessionDir)) mkdirSync(newSessionDir, { recursive: true });
+          if (!existsSync$1(newSessionDir)) mkdirSync$1(newSessionDir, { recursive: true });
           const oldMsgFile = getSessionMessagesPath(oldDir, persisted.sessionId);
           const newMsgFile = getSessionMessagesPath(directory, sessionId);
           try {
@@ -10616,6 +10764,12 @@ async function startDaemon(options) {
                   logger.log(`[Session ${sessionId}] Permission request: ${requestId} (corr=${correlationId}) tool=${toolName}`);
                   if (shouldAutoAllow2(toolName, toolInput)) {
                     logger.log(`[Session ${sessionId}] Auto-allowing ${toolName} (mode=${currentPermissionMode})`);
+                    if (toolName === "AskUserQuestion") {
+                      sessionService.pushMessage(
+                        { type: "message", message: "\u{1F501} Question auto-dismissed \u2014 a loop is running, so there is no human to prompt. The agent will proceed as if the questions were skipped.", level: "warning" },
+                        "event"
+                      );
+                    }
                     if (claudeProcess && !claudeProcess.killed && claudeProcess.stdin) {
                       const controlResponse = JSON.stringify({
                         type: "control_response",
@@ -11543,7 +11697,7 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
                     const children = [];
                     await Promise.all(entries.map(async (entry) => {
                       if (entry.isSymbolicLink()) return;
-                      const childPath = join(p, entry.name);
+                      const childPath = join$1(p, entry.name);
                       const childNode = await buildTree(childPath, entry.name, depth + 1);
                       if (childNode) children.push(childNode);
                     }));
@@ -11693,7 +11847,7 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
           } else if (allowedTools.has(toolName)) {
             return true;
           }
-          if (isLoopActive(directory)) return true;
+          if (isLoopActiveForSession(directory, sessionId)) return true;
           if (currentPermissionMode === "bypassPermissions" || currentPermissionMode === "yolo") return true;
           if ((currentPermissionMode === "acceptEdits" || currentPermissionMode === "safe-yolo") && EDIT_TOOLS.has(toolName)) return true;
           return false;
@@ -11706,8 +11860,8 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
           machineId,
           homeDir: os$1.homedir(),
           svampHomeDir: SVAMP_HOME,
-          svampLibDir: join(__dirname$1, ".."),
-          svampToolsDir: join(__dirname$1, "..", "tools"),
+          svampLibDir: join$1(__dirname$1, ".."),
+          svampToolsDir: join$1(__dirname$1, "..", "tools"),
           startedFromDaemon: true,
           startedBy: "daemon",
           lifecycleState: "starting",
@@ -12012,7 +12166,7 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
                     const children = [];
                     await Promise.all(entries.map(async (entry) => {
                       if (entry.isSymbolicLink()) return;
-                      const childPath = join(p, entry.name);
+                      const childPath = join$1(p, entry.name);
                       const childNode = await buildTree(childPath, entry.name, depth + 1);
                       if (childNode) children.push(childNode);
                     }));
@@ -12248,8 +12402,20 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
     };
     const archiveSession = (sessionId) => {
       logger.log(`Archiving session: ${sessionId}`);
+      let loopDir;
+      for (const s of pidToTrackedSession.values()) {
+        if (s.svampSessionId === sessionId) {
+          loopDir = s.directory;
+          break;
+        }
+      }
+      if (!loopDir) loopDir = loadSessionIndex()[sessionId]?.directory;
       const wasInMemory = teardownTrackedSession(sessionId);
       const markedArchived = markSessionAsArchived(sessionId);
+      if (loopDir && isLoopActiveForSession(loopDir, sessionId)) {
+        deactivateLoop(loopDir);
+        logger.log(`Deactivated loop for archived session ${sessionId}`);
+      }
       if (wasInMemory || markedArchived) {
         logger.log(`Session ${sessionId} archived (inMemory=${wasInMemory}, persisted=${markedArchived})`);
         return true;
@@ -12293,8 +12459,19 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
     };
     const deleteSession = (sessionId) => {
       logger.log(`Deleting session: ${sessionId}`);
+      let loopDir;
+      for (const s of pidToTrackedSession.values()) {
+        if (s.svampSessionId === sessionId) {
+          loopDir = s.directory;
+          break;
+        }
+      }
+      if (!loopDir) loopDir = loadSessionIndex()[sessionId]?.directory;
       teardownTrackedSession(sessionId);
       deletePersistedSession(sessionId);
+      if (loopDir && isLoopActiveForSession(loopDir, sessionId)) {
+        deactivateLoop(loopDir);
+      }
       logger.log(`Session ${sessionId} deleted`);
       return true;
     };
@@ -12351,7 +12528,7 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
       svampVersion: "0.1.0 (hypha)",
       homeDir: defaultHomeDir,
       svampHomeDir: SVAMP_HOME,
-      svampLibDir: join(__dirname$1, ".."),
+      svampLibDir: join$1(__dirname$1, ".."),
       displayName: process.env.SVAMP_DISPLAY_NAME || void 0,
       isolationCapabilities,
       // Restore persisted sharing (possibly augmented with --share seed above),
@@ -12420,7 +12597,7 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
     const channelHttpPort = Number(process.env.SVAMP_CHANNEL_HTTP_PORT) || 0;
     if (channelHttpPort > 0) {
       try {
-        const { createChannelHttpServer } = await import('./httpServer-D9qLS8ed.mjs');
+        const { createChannelHttpServer } = await import('./httpServer-CWn3F-0t.mjs');
         const channelHttpServer = createChannelHttpServer({
           getSessionIds: () => {
             const ids = [];
@@ -12441,7 +12618,7 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
       const specs = loadExposedTunnels();
       if (specs.length === 0) return;
       logger.log(`[exposed-tunnels] Restoring ${specs.length} tunnel(s) from ${EXPOSED_TUNNELS_FILE}`);
-      const { FrpcTunnel } = await import('./frpc-cJUGFtWY.mjs');
+      const { FrpcTunnel } = await import('./frpc-B8ORdlOO.mjs');
       for (const spec of specs) {
         if (tunnels.has(spec.name)) continue;
         try {
@@ -12523,6 +12700,19 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
     }
     const sessionsToAutoContinue = [];
     const sessionsToLoopResume = [];
+    {
+      const knownSessionIds = new Set(persistedSessions.map((p) => p.sessionId));
+      const sweptDirs = /* @__PURE__ */ new Set();
+      for (const p of persistedSessions) {
+        if (sweptDirs.has(p.directory)) continue;
+        sweptDirs.add(p.directory);
+        const owner = loopOwnerSession(p.directory);
+        if (owner && !knownSessionIds.has(owner)) {
+          deactivateLoop(p.directory);
+          logger.log(`[loop] Deactivated stale loop-state in ${p.directory} (owner session ${owner} no longer known)`);
+        }
+      }
+    }
     if (persistedSessions.length > 0) {
       logger.log(`Restoring ${persistedSessions.length} persisted session(s)...`);
       for (const persisted of persistedSessions) {
@@ -12567,7 +12757,7 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
             if (persisted.wasProcessing && persisted.claudeResumeId && !isOrphaned) {
               sessionsToAutoContinue.push(persisted.sessionId);
             }
-            if (!isOrphaned && !persisted.wasProcessing && isLoopActive(persisted.directory)) {
+            if (!isOrphaned && !persisted.wasProcessing && isLoopActiveForSession(persisted.directory, persisted.sessionId)) {
               sessionsToLoopResume.push({ sessionId: persisted.sessionId, directory: persisted.directory });
             }
           } else {
@@ -12614,7 +12804,7 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
           }
           setTimeout(async () => {
             try {
-              if (!isLoopActive(sessDir)) return;
+              if (!isLoopActiveForSession(sessDir, sessionId)) return;
               const prompt = "Continue the loop. Read LOOP.md and keep working toward the exit conditions until the Stop gate confirms completion.";
               await rpc.sendMessage(
                 JSON.stringify({
@@ -12892,8 +13082,8 @@ ${capturedError}${buildClaudeErrorHint(capturedError)}`;
               if (existsSync$1(filePath)) {
                 const data = JSON.parse(readFileSync$1(filePath, "utf-8"));
                 const tmpPath = filePath + ".tmp";
-                writeFileSync(tmpPath, JSON.stringify({ ...data, stopped: true }, null, 2), "utf-8");
-                renameSync(tmpPath, filePath);
+                writeFileSync$1(tmpPath, JSON.stringify({ ...data, stopped: true }, null, 2), "utf-8");
+                renameSync$1(tmpPath, filePath);
                 markedCount++;
               }
             } catch {
@@ -12956,7 +13146,7 @@ async function stopDaemon(options) {
   const mode = options?.cleanup ? "cleanup (sessions will be stopped)" : "quick (sessions preserved for auto-restore)";
   writeStopMarker(`stopDaemon (${options?.cleanup ? "cleanup" : "quick"})`);
   const pidsToSignal = [];
-  const supervisorPidFile = join(SVAMP_HOME, "supervisor.pid");
+  const supervisorPidFile = join$1(SVAMP_HOME, "supervisor.pid");
   try {
     if (existsSync$1(supervisorPidFile)) {
       const supervisorPid = parseInt(readFileSync$1(supervisorPidFile, "utf-8").trim(), 10);
@@ -13061,7 +13251,7 @@ async function stopDaemon(options) {
   }
 }
 async function restartDaemon() {
-  const supervisorPidFile = join(SVAMP_HOME, "supervisor.pid");
+  const supervisorPidFile = join$1(SVAMP_HOME, "supervisor.pid");
   let supervisorPid = null;
   try {
     if (existsSync$1(supervisorPidFile)) {
@@ -13098,7 +13288,7 @@ async function restartDaemon() {
       });
       child.unref();
     }
-    const stateFile2 = join(SVAMP_HOME, "daemon.state.json");
+    const stateFile2 = join$1(SVAMP_HOME, "daemon.state.json");
     for (let i = 0; i < 100; i++) {
       await new Promise((r) => setTimeout(r, 100));
       if (existsSync$1(stateFile2)) {
@@ -13122,7 +13312,7 @@ async function restartDaemon() {
     await doFullRestart("Failed to signal supervisor");
     return;
   }
-  const stateFile = join(SVAMP_HOME, "daemon.state.json");
+  const stateFile = join$1(SVAMP_HOME, "daemon.state.json");
   for (let i = 0; i < 300; i++) {
     await new Promise((r) => setTimeout(r, 100));
     try {
@@ -13147,7 +13337,7 @@ async function restartDaemon() {
 function daemonStatus() {
   const state = readDaemonStateFile();
   if (!state) {
-    const plistPath = join(os$1.homedir(), "Library", "LaunchAgents", "io.hypha.svamp.daemon.plist");
+    const plistPath = join$1(os$1.homedir(), "Library", "LaunchAgents", "io.hypha.svamp.daemon.plist");
     if (existsSync$1(plistPath)) {
       console.log("Status: Not running (launchd service installed \u2014 may be starting)");
     } else {