teleportation-cli 1.1.4 → 1.2.0

package/.claude/hooks/pre_tool_use.mjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env bun
 
 import { stdin, stdout, exit, env } from 'node:process';
-import { appendFileSync } from 'node:fs';
+import fs, { appendFileSync } from 'node:fs';
 import { fileURLToPath } from 'url';
 import { dirname, join } from 'path';
 import { homedir, tmpdir } from 'os';
@@ -55,6 +55,24 @@ const fetchJson = async (url, opts) => {
   return res.json();
 };
 
+const PRE_TOOL_NETWORK_TIMEOUT_MS = parseInt(env.TELEPORTATION_PRE_TOOL_NETWORK_TIMEOUT_MS || '1500', 10);
+const PRE_TOOL_TOTAL_BUDGET_MS = parseInt(env.TELEPORTATION_PRE_TOOL_TOTAL_BUDGET_MS || '3500', 10);
+
+const withTimeout = async (promiseFactory, timeoutMs, label) => {
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    return await promiseFactory(controller.signal);
+  } catch (error) {
+    if (error?.name === 'AbortError') {
+      throw new Error(`${label} timed out after ${timeoutMs}ms`);
+    }
+    throw error;
+  } finally {
+    clearTimeout(timeoutId);
+  }
+};
+
 (async () => {
   // Debug: Log hook invocation
   const hookLogFile = env.TELEPORTATION_HOOK_LOG || '/tmp/teleportation-hook.log';
@@ -68,19 +86,45 @@ const fetchJson = async (url, opts) => {
     }
   };
 
-  log('=== Hook invoked ===');
-  
-  const raw = await readStdin();
-  let input;
-  try { input = JSON.parse(raw || '{}'); }
-  catch (e) {
-    log(`ERROR: Invalid JSON: ${e.message}`);
-    return exit(0);
+  // Read and parse stdin to get hook input
+  let input = {};
+  try {
+    const raw = await readStdin();
+    input = JSON.parse(raw || '{}');
+  } catch (e) {
+    log(`[PreToolUse] Failed to parse stdin: ${e.message}`);
   }
 
   let { session_id, tool_name, tool_input } = input || {};
   tool_input = tool_input && typeof tool_input === 'object' ? tool_input : {};
   let claude_session_id = session_id; // Keep original ID
+  const hookStartMs = Date.now();
+  const remainingBudgetMs = () => PRE_TOOL_TOTAL_BUDGET_MS - (Date.now() - hookStartMs);
+  const hasBudget = (reserveMs = 150) => remainingBudgetMs() > reserveMs;
+  const getRequestTimeoutMs = () => {
+    const remaining = remainingBudgetMs();
+    if (remaining <= 200) return 0;
+    return Math.max(200, Math.min(PRE_TOOL_NETWORK_TIMEOUT_MS, remaining - 100));
+  };
+
+  // Detect message source
+  const isAutonomousTask = env.TELEPORTATION_TASK_MODE === 'true' || !!env.TELEPORTATION_PARENT_SESSION_ID;
+  const source = isAutonomousTask ? 'autonomous_task' : 'cli_interactive';
+
+  // 1. Recursion Guard (Critical Stability Fix)
+  // Prevent infinite hook-triggered tool loops
+  // Whitelist safe tools at higher depths to avoid breaking workflows
+  const SAFE_TOOLS = ['read', 'glob', 'grep', 'websearch', 'bashoutput', 'ls', 'pwd', 'git status'];
+  const RECURSION_DEPTH = parseInt(env.TELEPORTATION_HOOK_DEPTH || '0', 10) || 0;
+  
+  if (RECURSION_DEPTH > 5 && !SAFE_TOOLS.includes(tool_name?.toLowerCase())) {
+    log(`[RECURSION] Depth limit reached (${RECURSION_DEPTH}) for tool "${tool_name}", auto-allowing to prevent infinite loop.`);
+    process.stdout.write(JSON.stringify({ decision: 'allow', reason: 'Recursion guard depth limit' }));
+    return exit(0);
+  }
+
+  // Update environment for child processes
+  process.env.TELEPORTATION_HOOK_DEPTH = (RECURSION_DEPTH + 1).toString();
 
   log(`Session ID: ${session_id}, Tool: ${tool_name}, Input: ${JSON.stringify(tool_input).substring(0, 100)}`);
 
@@ -89,11 +133,18 @@ const fetchJson = async (url, opts) => {
   const command = tool_input?.command || tool_input?.text || '';
   if (typeof command === 'string') {
     const trimmedCmd = command.trim().toLowerCase();
-    if (trimmedCmd === '/away' || trimmedCmd === 'teleportation away') {
+    // Support multiple command formats: /away, teleportation away, teleport away, teleporation away (typo)
+    if (trimmedCmd === '/away' ||
+        trimmedCmd === 'teleportation away' ||
+        trimmedCmd === 'teleport away' ||
+        trimmedCmd === 'teleporation away') {
       log('Detected /away command - setting away mode');
       // Will set away mode after loading config
       tool_input.__teleportation_away = true;
-    } else if (trimmedCmd === '/back' || trimmedCmd === 'teleportation back') {
+    } else if (trimmedCmd === '/back' ||
+               trimmedCmd === 'teleportation back' ||
+               trimmedCmd === 'teleport back' ||
+               trimmedCmd === 'teleporation back') {
       log('Detected /back command - clearing away mode');
       tool_input.__teleportation_back = true;
     }
@@ -119,7 +170,6 @@ const fetchJson = async (url, opts) => {
   const RELAY_API_KEY = env.RELAY_API_KEY || config.relayApiKey || '';
   const DAEMON_PORT = config.daemonPort || env.TELEPORTATION_DAEMON_PORT || '3050';
   const DAEMON_ENABLED = config.daemonEnabled !== false && env.TELEPORTATION_DAEMON_ENABLED !== 'false';
-  const CONTEXT_DELIVERY_ENABLED = config.contextDeliveryEnabled !== false && env.TELEPORTATION_CONTEXT_DELIVERY_ENABLED !== 'false';
 
   // Fast polling timeout - how long to wait before handing off to daemon
   // Default: 60 seconds - provides seamless experience before daemon handoff
@@ -143,171 +193,24 @@ const fetchJson = async (url, opts) => {
   // All tool requests are sent to the remote approval system so the user
   // can approve/deny from their mobile device. This enables true remote control.
 
-  // Helper: Format daemon work results into a human-readable message
-  // Enhanced for PRD-0013 Phase 1: Context Preservation
-  const formatDaemonUpdate = (results) => {
-    if (!results || results.length === 0) return '';
-
-    // Check if any browser tasks were completed
-    const hasBrowserTasks = results.some(r => {
-      const toolName = (r.tool_name || '').toLowerCase();
-      const command = (r.command || '').toLowerCase();
-      return toolName.includes('browser') || toolName.includes('mcp') ||
-             command.includes('browser') || command.includes('mcp');
-    });
-
-    const taskType = hasBrowserTasks ? 'browser/interactive task' : 'task';
-    let header = `🤖 **Daemon Work Update** (${results.length} ${taskType}${results.length > 1 ? 's' : ''} completed while you were away)\n\n`;
-
-    // PRD-0013 Phase 1: Show original context if available
-    // This helps Claude remember what the user originally requested
-    const firstResult = results[0];
-    if (firstResult?.original_context?.user_last_message) {
-      const context = firstResult.original_context;
-      const timeElapsed = context.timestamp
-        ? Date.now() - context.timestamp
-        : null;
-
-      // Format time elapsed
-      let timeAgo = '';
-      if (timeElapsed) {
-        const seconds = Math.floor(timeElapsed / 1000);
-        const minutes = Math.floor(seconds / 60);
-        const hours = Math.floor(minutes / 60);
-
-        if (hours > 0) {
-          timeAgo = `${hours} hour${hours > 1 ? 's' : ''} ago`;
-        } else if (minutes > 0) {
-          timeAgo = `${minutes} minute${minutes > 1 ? 's' : ''} ago`;
-        } else {
-          timeAgo = `${seconds} second${seconds > 1 ? 's' : ''} ago`;
-        }
-      }
-
-      header += `**Original Request**${timeAgo ? ` (${timeAgo})` : ''}:\n`;
-      header += `> ${context.user_last_message}\n\n`;
-
-      // Show original tool_use_id if available (helps with debugging/tracing)
-      if (firstResult.original_tool_use_id) {
-        header += `_Results for tool ID: ${firstResult.original_tool_use_id}_\n\n`;
-      }
-
-      // PRD-0013 Phase 2: Show task description and next step suggestion if available
-      // For Phase 1, task_description will be null, so this won't appear yet
-      if (context.task_description) {
-        header += `**Next Step:**\n`;
-        header += `${context.task_description}\n\n`;
-      }
-    }
-    
-    const formatOutput = (output, toolName) => {
-      if (!output || output.trim() === '') return '(No output)';
-      
-      // Try to detect and format JSON output
-      try {
-        const parsed = JSON.parse(output);
-        // For browser snapshots or large JSON, provide a summary
-        if (parsed.type === 'snapshot' || parsed.type === 'accessibility') {
-          const url = parsed.url || parsed.page?.url || '';
-          const title = parsed.title || parsed.page?.title || '';
-          const elements = parsed.elements?.length || parsed.children?.length || 0;
-          return `Browser snapshot captured:\n  • URL: ${url}\n  • Title: ${title}\n  • Elements: ${elements}\n  • Full snapshot available in output`;
-        }
-        // For other JSON, format nicely
-        return JSON.stringify(parsed, null, 2);
-      } catch {
-        // Not JSON, return as-is but format better
-        return output;
-      }
-    };
-
-    const formatToolName = (toolName, command) => {
-      if (toolName && toolName.toLowerCase().includes('browser')) return '🌐 Browser';
-      if (toolName && toolName.toLowerCase().includes('mcp')) return '🔌 MCP Tool';
-      if (command && command.toLowerCase().includes('browser')) return '🌐 Browser';
-      if (command && command.toLowerCase().includes('mcp')) return '🔌 MCP Tool';
-      return toolName || 'Command';
-    };
-
-    const details = results.map(r => {
-      // Determine success: exit_code 0 OR if there's meaningful output (browser tasks may not use exit codes)
-      const hasOutput = (r.stdout && r.stdout.trim()) || (r.stderr && r.stderr.trim());
-      const isSuccess = r.exit_code === 0 || r.exit_code === null || (hasOutput && !r.stderr);
-      const status = isSuccess ? '✅ Success' : `❌ Failed${r.exit_code !== null ? ` (Exit: ${r.exit_code})` : ''}`;
-      const time = new Date(r.executed_at).toLocaleTimeString();
-      
-      const toolName = formatToolName(r.tool_name, r.command);
-      const output = r.stdout || r.stderr || '';
-      const formattedOutput = formatOutput(output, r.tool_name);
-      
-      // For browser tasks or large outputs, provide a summary first
-      const isBrowserTask = toolName.includes('Browser') || toolName.includes('MCP');
-      const outputPreview = isBrowserTask && output.length > 1000
-        ? formattedOutput.split('\n').slice(0, 20).join('\n') + '\n...(see full output below)...'
-        : formattedOutput.length > 2000
-        ? formattedOutput.substring(0, 2000) + '\n...(truncated, see full output for details)...'
-        : formattedOutput;
-      
-      let resultText = `**${toolName}:** ${r.command || '(task completed)'}\n`;
-      resultText += `**Status:** ${status} at ${time}\n`;
-      
-      if (output.trim()) {
-        resultText += `\n**Result:**\n`;
-        // Use code blocks only for structured data, plain text otherwise
-        if (formattedOutput.includes('\n') || formattedOutput.length > 100) {
-          resultText += `\`\`\`\n${outputPreview}\n\`\`\`\n`;
-        } else {
-          resultText += `${outputPreview}\n`;
-        }
-      }
-      
-      return resultText;
-    }).join('\n---\n\n');
-
-    const successCount = results.filter(r => {
-      const hasOutput = (r.stdout && r.stdout.trim()) || (r.stderr && r.stderr.trim());
-      return r.exit_code === 0 || r.exit_code === null || (hasOutput && !r.stderr);
-    }).length;
-    const failCount = results.length - successCount;
-    const summary = `\n**Summary:** ${successCount} successful, ${failCount} failed.`;
-    
-    // Add a prompt to ensure results are acknowledged
-    const browserTaskCount = results.filter(r => {
-      const toolName = (r.tool_name || '').toLowerCase();
-      const command = (r.command || '').toLowerCase();
-      return toolName.includes('browser') || toolName.includes('mcp') || 
-             command.includes('browser') || command.includes('mcp');
-    }).length;
-    
-    const footer = browserTaskCount > 0 
-      ? `\n\n💡 **Note:** Browser task results are included above. Please review and summarize what was accomplished.`
-      : '';
-
-    let message = header + details + summary + footer;
-    
-    // Increase limit for browser tasks (they need more space)
-    const maxLength = 10000; // Increased from 5000
-    if (message.length > maxLength) {
-      message = message.substring(0, maxLength) + '\n\n...(output truncated, check full results for complete details)...';
-    }
-    
-    return message;
-  };
-
   // Register session: relay first (source of truth), then daemon
   const cwd = process.cwd();
   const meta = await getSessionMetadata(cwd);
   log(`Session metadata: project=${meta.project_name}, hostname=${meta.hostname}, branch=${meta.current_branch}, model=${meta.current_model || 'default'}`);
 
-  // Check if model has changed since last tool use
-  // This detects when user runs /model to switch models mid-session
-  const LAST_MODEL_FILE = join(tmpdir(), `teleportation-last-model-${session_id}.txt`);
+  // Detect model change (PRD-0014)
+  // Store model in ~/.teleportation/sessions/ to persist across reboots
+  const sessionDir = join(homedir(), '.teleportation', 'sessions');
+  if (!fs.existsSync(sessionDir)) {
+    fs.mkdirSync(sessionDir, { recursive: true, mode: 0o700 });
+  }
+  const modelFile = join(sessionDir, `model_${session_id}.txt`);
   let modelChanged = false;
   try {
     const { readFile, writeFile } = await import('fs/promises');
     let lastModel = null;
     try {
-      lastModel = (await readFile(LAST_MODEL_FILE, 'utf8')).trim();
+      lastModel = (await readFile(modelFile, 'utf8')).trim();
     } catch (e) {
       // File doesn't exist yet - first tool use
     }
@@ -317,24 +220,33 @@ const fetchJson = async (url, opts) => {
       log(`Model changed detected: ${lastModel} -> ${meta.current_model}`);
 
       // Log model change to timeline
-      if (RELAY_API_URL && RELAY_API_KEY) {
+      if (RELAY_API_URL && RELAY_API_KEY && hasBudget()) {
         try {
-          await fetch(`${RELAY_API_URL}/api/timeline`, {
-            method: 'POST',
-            headers: {
-              'Content-Type': 'application/json',
-              'Authorization': `Bearer ${RELAY_API_KEY}`
-            },
-            body: JSON.stringify({
-              session_id,
-              type: 'model_changed',
-              data: {
-                previous_model: lastModel,
-                new_model: meta.current_model,
-                timestamp: Date.now()
-              }
-            })
-          });
+          const timeoutMs = getRequestTimeoutMs();
+          if (timeoutMs > 0) {
+            await withTimeout(
+              (signal) => fetch(`${RELAY_API_URL}/api/timeline`, {
+                method: 'POST',
+                headers: {
+                  'Content-Type': 'application/json',
+                  'Authorization': `Bearer ${RELAY_API_KEY}`
+                },
+                body: JSON.stringify({
+                  session_id,
+                  type: 'model_changed',
+                  source,
+                  data: {
+                    previous_model: lastModel,
+                    new_model: meta.current_model,
+                    timestamp: Date.now()
+                  }
+                }),
+                signal
+              }),
+              timeoutMs,
+              'model change timeline post'
+            );
+          }
           log(`Model change logged to timeline`);
         } catch (e) {
           log(`Failed to log model change: ${e.message}`);
@@ -344,24 +256,47 @@ const fetchJson = async (url, opts) => {
 
     // Update last known model
     if (meta.current_model) {
-      await writeFile(LAST_MODEL_FILE, meta.current_model, { mode: 0o600 });
+      await writeFile(modelFile, meta.current_model, { mode: 0o600 });
     }
   } catch (e) {
     log(`Model change detection error: ${e.message}`);
   }
 
   // 1. Register with relay first - makes session visible in mobile UI
-  if (session_id && RELAY_API_URL && RELAY_API_KEY) {
+  if (session_id && RELAY_API_URL && RELAY_API_KEY && hasBudget()) {
     try {
       log(`Registering session with relay: ${session_id}`);
       const { ensureSessionRegistered } = await import('./session-register.mjs');
-      await ensureSessionRegistered(session_id, cwd, config);
-      log(`Session registered with relay successfully`);
+      const timeoutMs = getRequestTimeoutMs();
+      if (timeoutMs <= 0) {
+        log('Skipping relay registration due to exhausted hook budget');
+      }
+      const regResult = timeoutMs > 0
+        ? await withTimeout(
+          () => ensureSessionRegistered(session_id, cwd, config),
+          timeoutMs,
+          'relay session registration'
+        )
+        : false;
+      
+      if (typeof regResult === 'object' && regResult.error === 'orphan_api_key') {
+        console.error(`\n⚠️  Teleportation: ${regResult.message || 'API key not linked to user.'}`);
+        console.error('   Visit https://app.teleportation.dev/api-keys to claim your key.\n');
+      } else {
+        log(`Session registered with relay successfully`);
+      }
 
       // If model changed, update session metadata immediately
-      if (modelChanged) {
+      if (modelChanged && hasBudget() && (regResult === true || (typeof regResult === 'object' && regResult.success))) {
         const { updateSessionMetadata } = await import('./session-register.mjs');
-        await updateSessionMetadata(session_id, cwd, config);
+        const timeoutMs = getRequestTimeoutMs();
+        if (timeoutMs > 0) {
+          await withTimeout(
+            () => updateSessionMetadata(session_id, cwd, config),
+            timeoutMs,
+            'session metadata update'
+          );
+        }
         log(`Session metadata updated with new model`);
       }
     } catch (e) {
@@ -370,23 +305,33 @@ const fetchJson = async (url, opts) => {
   }
 
   // 2. Then register with daemon (local infrastructure for this session)
-  if (session_id && DAEMON_ENABLED) {
+  if (session_id && DAEMON_ENABLED && hasBudget()) {
     try {
       const daemonUrl = `http://127.0.0.1:${DAEMON_PORT}`;
       log(`Registering session with daemon: ${session_id}`);
       
-      const res = await fetch(`${daemonUrl}/sessions/register`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ session_id, claude_session_id, cwd, meta })
-      }).catch(e => {
-        log(`Daemon registration fetch error: ${e.message}`);
-        return null;
-      });
+      const timeoutMs = getRequestTimeoutMs();
+      const res = timeoutMs > 0
+        ? await withTimeout(
+          (signal) => fetch(`${daemonUrl}/sessions/register`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ session_id, claude_session_id, cwd, meta }),
+            signal
+          }),
+          timeoutMs,
+          'daemon session registration'
+        ).catch(e => {
+          log(`Daemon registration fetch error: ${e.message}`);
+          return null;
+        })
+        : null;
       if (res && res.ok) {
         log(`Session registered with daemon successfully`);
       } else if (res) {
         log(`Daemon registration returned status ${res.status}`);
+      } else if (timeoutMs <= 0) {
+        log('Skipping daemon registration due to exhausted hook budget');
       }
     } catch (e) {
       log(`Warning: Failed to register session with daemon: ${e.message}`);
@@ -395,93 +340,72 @@ const fetchJson = async (url, opts) => {
 
   // 3. Log tool_use event to timeline (before execution)
   // This shows what Claude is attempting to do
-  if (session_id && RELAY_API_URL && RELAY_API_KEY && tool_name) {
+  if (session_id && RELAY_API_URL && RELAY_API_KEY && tool_name && hasBudget()) {
     try {
-      await fetch(`${RELAY_API_URL}/api/timeline`, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          'Authorization': `Bearer ${RELAY_API_KEY}`
-        },
-        body: JSON.stringify({
-          session_id,
-          type: 'tool_use',
-          data: {
-            tool_name,
-            tool_input: tool_input || {},
-            timestamp: Date.now()
-          }
-        })
-      });
+      const timeoutMs = getRequestTimeoutMs();
+      if (timeoutMs > 0) {
+        await withTimeout(
+          (signal) => fetch(`${RELAY_API_URL}/api/timeline`, {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/json',
+              'Authorization': `Bearer ${RELAY_API_KEY}`
+            },
+            body: JSON.stringify({
+              session_id,
+              type: 'tool_use',
+              source,
+              data: {
+                tool_name,
+                tool_input: tool_input || {},
+                timestamp: Date.now()
+              }
+            }),
+            signal
+          }),
+          timeoutMs,
+          'tool_use timeline post'
+        );
+      }
       log(`Logged tool_use event for ${tool_name}`);
     } catch (e) {
       log(`Failed to log tool_use: ${e.message}`);
     }
   }
 
-  // Check for pending results from daemon execution
-  if (session_id && RELAY_API_URL && RELAY_API_KEY && CONTEXT_DELIVERY_ENABLED) {
-    try {
-      log(`Checking for pending results for session: ${session_id}`);
-      const results = await fetchJson(`${RELAY_API_URL}/api/sessions/${session_id}/results/pending`, {
-        headers: { 'Authorization': `Bearer ${RELAY_API_KEY}` }
-      });
-      
-      if (results && results.length > 0) {
-        log(`Found ${results.length} pending results. Formatting update and denying current request to deliver context.`);
-
-        // Mark results as delivered in parallel (best-effort, but wait before exiting)
-        try {
-          await Promise.allSettled(
-            results.map(r =>
-              fetch(`${RELAY_API_URL}/api/sessions/${session_id}/results/${r.result_id}/delivered`, {
-                method: 'POST',
-                headers: { 'Authorization': `Bearer ${RELAY_API_KEY}` }
-              }).catch(e => {
-                log(`Failed to mark result ${r.result_id} delivered: ${e.message}`);
-              })
-            )
-          );
-        } catch (markErr) {
-          log(`Warning: Error while marking results delivered: ${markErr.message}`);
-        }
-
-        const updateMessage = formatDaemonUpdate(results);
-        // Log the daemon update but allow the current tool to proceed
-        // This prevents blocking errors while still informing Claude of daemon work
-        log(`Daemon update delivered: ${updateMessage.substring(0, 200)}...`);
-        
-        // Output the update message to Claude by denying the current request
-        // This forces Claude to read the update before retrying the tool
-        const out = {
-          hookSpecificOutput: {
-            hookEventName: 'PreToolUse',
-            permissionDecision: 'deny', // Deny to force reading the update
-            permissionDecisionReason: updateMessage
-          },
-          suppressOutput: true
-        };
-        stdout.write(JSON.stringify(out));
-        return exit(0);
-      }
-    } catch (e) {
-      log(`Warning: Failed to check pending results: ${e.message}`);
-    }
-  }
+  // NOTE: Context delivery via notification has been removed.
+  // With parent session context resumption (PR #123), autonomous tasks now
+  // automatically resume the parent session's conversation context on turn 1.
+  // This eliminates the need for blocking notifications to deliver daemon work updates.
 
   // Helper: Update session daemon state
   const updateSessionState = async (updates) => {
     if (!session_id || !RELAY_API_URL || !RELAY_API_KEY) return;
+    if (!hasBudget()) {
+      log('Skipping session state update due to exhausted hook budget');
+      return;
+    }
     try {
       log(`Updating session state: ${JSON.stringify(updates)}`);
-      await fetchJson(`${RELAY_API_URL}/api/sessions/${session_id}/daemon-state`, {
-        method: 'PATCH',
-        headers: {
-          'Content-Type': 'application/json',
-          'Authorization': `Bearer ${RELAY_API_KEY}`
-        },
-        body: JSON.stringify(updates)
-      });
+      const timeoutMs = getRequestTimeoutMs();
+      if (timeoutMs <= 0) {
+        log('Skipping daemon-state PATCH due to exhausted hook budget');
+        return;
+      }
+      const res = await withTimeout(
+        (signal) => fetch(`${RELAY_API_URL}/api/sessions/${session_id}/daemon-state`, {
+          method: 'PATCH',
+          headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${RELAY_API_KEY}`
+          },
+          body: JSON.stringify(updates),
+          signal
+        }),
+        timeoutMs,
+        'daemon-state patch'
+      );
+      if (!res.ok) throw new Error(`HTTP ${res.status}`);
     } catch (e) {
       log(`Warning: Failed to update session state: ${e.message}`);
     }
@@ -490,23 +414,32 @@ const fetchJson = async (url, opts) => {
   if (tool_input.__teleportation_away) {
     await updateSessionState({ is_away: true });
     // Log away_mode_changed event to timeline
-    if (RELAY_API_URL && RELAY_API_KEY) {
+    if (RELAY_API_URL && RELAY_API_KEY && hasBudget()) {
       try {
-        await fetch(`${RELAY_API_URL}/api/timeline`, {
-          method: 'POST',
-          headers: {
-            'Content-Type': 'application/json',
-            'Authorization': `Bearer ${RELAY_API_KEY}`
-          },
-          body: JSON.stringify({
-            session_id,
-            type: 'away_mode_changed',
-            data: {
-              is_away: true,
-              timestamp: Date.now()
-            }
-          })
-        });
+        const timeoutMs = getRequestTimeoutMs();
+        if (timeoutMs > 0) {
+          await withTimeout(
+            (signal) => fetch(`${RELAY_API_URL}/api/timeline`, {
+              method: 'POST',
+              headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${RELAY_API_KEY}`
+              },
+              body: JSON.stringify({
+                session_id,
+                type: 'away_mode_changed',
+                source,
+                data: {
+                  is_away: true,
+                  timestamp: Date.now()
+                }
+              }),
+              signal
+            }),
+            timeoutMs,
+            'away-mode timeline post'
+          );
+        }
         log(`Logged away_mode_changed (away=true) to timeline`);
       } catch (e) {
         log(`Failed to log away_mode_changed: ${e.message}`);
@@ -527,23 +460,32 @@ const fetchJson = async (url, opts) => {
   if (tool_input.__teleportation_back) {
     await updateSessionState({ is_away: false });
     // Log away_mode_changed event to timeline
-    if (RELAY_API_URL && RELAY_API_KEY) {
+    if (RELAY_API_URL && RELAY_API_KEY && hasBudget()) {
       try {
-        await fetch(`${RELAY_API_URL}/api/timeline`, {
-          method: 'POST',
-          headers: {
-            'Content-Type': 'application/json',
-            'Authorization': `Bearer ${RELAY_API_KEY}`
-          },
-          body: JSON.stringify({
-            session_id,
-            type: 'away_mode_changed',
-            data: {
-              is_away: false,
-              timestamp: Date.now()
-            }
-          })
-        });
+        const timeoutMs = getRequestTimeoutMs();
+        if (timeoutMs > 0) {
+          await withTimeout(
+            (signal) => fetch(`${RELAY_API_URL}/api/timeline`, {
+              method: 'POST',
+              headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${RELAY_API_KEY}`
+              },
+              body: JSON.stringify({
+                session_id,
+                type: 'away_mode_changed',
+                source,
+                data: {
+                  is_away: false,
+                  timestamp: Date.now()
+                }
+              }),
+              signal
+            }),
+            timeoutMs,
+            'away-mode timeline post'
+          );
+        }
         log(`Logged away_mode_changed (away=false) to timeline`);
       } catch (e) {
         log(`Failed to log away_mode_changed: ${e.message}`);