ticlawk 0.1.17-dev.2 → 0.1.17-dev.21

package/src/adapters/ticlawk/index.mjs

@@ -1,25 +1,21 @@
-import { parseOptionArgs } from '../../core/argv.mjs';
 import { createHash, randomBytes } from 'node:crypto';
 import { createRequire } from 'node:module';
-import { basename } from 'node:path';
 import { loadPersistentConfig, persistConfig, TICLAWK_CONNECTOR_API_KEY, TICLAWK_CONNECTOR_WS_URL } from '../../core/config.mjs';
 import { belongsToRuntimeHost, getBindingRuntimeHostId, getHostId, getHostLabel } from '../../core/host-id.mjs';
 import { debugError, debugLog } from '../../core/logger.mjs';
-import { getActiveProfile, ensureLegacyProfile, readProfileMeta, saveAndActivateProfile } from '../../core/profiles.mjs';
+import { getActiveProfile, saveAndActivateProfile } from '../../core/profiles.mjs';
 import { isTerminalRuntimeFailure } from '../../core/runtime-support.mjs';
 import { clearUpdateRequiredState, readUpdateState, setUpdateRequiredState } from '../../core/update-state.mjs';
 import { isManagedInstall, startDetachedSelfUpdate } from '../../core/update.mjs';
+import { buildIncomingMessagePrompt } from '../../runtimes/_shared/incoming-message-prompt.mjs';
 import * as api from './api.mjs';
-import { persistApiCredential, persistRuntimeCredentials } from './credentials.mjs';
+import { persistApiCredential } from './credentials.mjs';
 import { TiclawkWakeClient } from './wake-client.mjs';
-import { buildInboundWakePrompt } from '../../runtimes/_shared/wake-prompt.mjs';
-import { buildGoalStepPrompt } from '../../runtimes/_shared/goal-step-prompt.mjs';
 
 const require = createRequire(import.meta.url);
 const qrcode = require('qrcode-terminal');
 const JOBS_WAKE_DEBOUNCE_MS = 100;
 const BINDINGS_WAKE_DEBOUNCE_MS = 500;
-const CREDENTIALS_WAKE_DEBOUNCE_MS = 500;
 const RECOVERY_AUDIT_INTERVAL_MS = 5 * 60 * 1000;
 const BINDING_AUDIT_INTERVAL_MS = 5 * 60 * 1000;
 const UPDATE_RETRY_COOLDOWN_MS = 15 * 60 * 1000;
@@ -73,35 +69,28 @@ function normalizeInboundMediaAssets(msg) {
 }
 
 export function normalizeInboundMessage(msg) {
-  // Claimed delivery rows carry the recipient agent id; legacy messages
-  // (history sync, manual inserts) may still use plain agent_id. Prefer
-  // the new field but fall back so the same normalizer works for both.
   const recipientAgentId = msg.recipient_agent_id || '';
   const messageId = msg.id || msg.message_id || null;
   const deliveryId = msg.delivery_id || null;
   const media = normalizeInboundMediaAssets(msg);
-  const enriched = { ...msg, id: messageId };
-  const isTransition = msg.reason === 'transition';
-  // A transition delivery is a goal-lane FSM step, not a chat message: it has
-  // no backing message, so build a per-step goal prompt from its payload.
-  const wakePrompt = isTransition ? buildGoalStepPrompt(enriched) : buildInboundWakePrompt(enriched);
+  const prompt = buildIncomingMessagePrompt({ ...msg, id: messageId });
   return {
     bindingId: recipientAgentId,
     messageId,
     deliveryId,
     conversationId: msg.conversation_id || null,
-    lane: isTransition ? 'goal' : 'chat',
     seq: msg.seq != null ? Number(msg.seq) : null,
     senderType: msg.sender_type || 'human',
-    envelopeHeader: wakePrompt.header,
-    envelopeTarget: wakePrompt.target,
-    text: wakePrompt.text,
-    rawText: wakePrompt.rawText,
-    action: isTransition ? 'transition' : (msg.action || (media.length > 0 ? 'image' : 'task')),
+    envelopeHeader: prompt.header,
+    envelopeTarget: prompt.target,
+    text: prompt.text,
+    rawText: prompt.rawText,
+    action: msg.action || (media.length > 0 ? 'image' : 'task'),
     media,
     raw: {
       ...msg,
       id: messageId,
+      type: prompt.type,
     },
   };
 }
@@ -129,40 +118,18 @@ function getRuntimeHostLabelFromPayload(payload) {
 
 function getAgentIdFromPayload(payload) {
   // claim_pending_deliveries is the canonical source and returns
-  // `recipient_agent_id`. The historical fallbacks (`agent_id`,
-  // `agentId`) were left in by an earlier partial cleanup but they
-  // never fire against the current schema — dead branches.
+  // `recipient_agent_id`.
   return String(payload?.recipient_agent_id || '').trim();
 }
 
-// Two lanes run concurrently per agent (see the lane-aware claim RPC):
-// the goal lane carries FSM transition deliveries (reason='transition'),
-// everything else is the user-facing chat lane. The claim unit and the
-// daemon's in-flight key are the (agent, lane) channel, so a running chat
-// turn and a running goal transition never block each other.
-function getDeliveryLaneFromPayload(payload) {
-  return payload?.reason === 'transition' ? 'goal' : 'chat';
-}
-
-function channelKeyFor(agentId, lane) {
-  return `${agentId}:${lane}`;
-}
-
 // Whitelist of meta keys runtimes actually consume. Anything else in
-// the source row's meta blob is dropped on the floor so stale fields
-// (like the post-Y2 workdir/cwd/projectDir leftovers) can't sneak
-// back into runtimeMeta and confuse downstream code.
+// the source row's meta blob is dropped before reaching runtimeMeta.
 const RUNTIME_META_KEYS = [
   'sessionId',
   'path',
   'runtimePath',
   'rotatePending',
   'lastRotatedAt',
-  // Per-lane scoped session maps (keyed by conversation): the chat lane and
-  // the goal-FSM lane keep separate runtime sessions so a transition turn
-  // never resumes a user-chat session or vice-versa.
-  'chatSessions',
-  'goalSessions',
   // claude_code
   'claudePath',
   'claudeVersion',
@@ -249,24 +216,6 @@ function maskIdentity(identity = {}) {
   };
 }
 
-function formatIdentityLines(identity = {}) {
-  const normalized = maskIdentity(identity);
-  return [
-    `  user: ${normalized.userId || 'unknown'}`,
-    normalized.emailMasked ? `  email: ${normalized.emailMasked}` : null,
-    normalized.phoneMasked ? `  phone: ${normalized.phoneMasked}` : null,
-  ].filter(Boolean);
-}
-
-function formatAffectedAgents(agents = []) {
-  if (!agents.length) return ['  - none found for this host'];
-  return agents.map((agent) => {
-    const display = agent.display_name || agent.name || agent.id;
-    const runtime = agent.service_type || 'unknown';
-    return `  - ${display} (${runtime}) ${agent.id}`;
-  });
-}
-
 function sha256Hex(value) {
   return createHash('sha256').update(String(value)).digest('hex');
 }
@@ -275,88 +224,6 @@ function makeClientSecret() {
   return randomBytes(32).toString('base64url');
 }
 
-function getRuntimeWorkdir(runtimeMeta = {}) {
-  return String(runtimeMeta.workdir || runtimeMeta.cwd || runtimeMeta.projectDir || '').trim();
-}
-
-function compareStrings(a, b) {
-  const av = String(a || '');
-  const bv = String(b || '');
-  if (av < bv) return -1;
-  if (av > bv) return 1;
-  return 0;
-}
-
-function compareNumbers(a, b) {
-  const av = Number(a);
-  const bv = Number(b);
-  const aFinite = Number.isFinite(av);
-  const bFinite = Number.isFinite(bv);
-  if (aFinite && bFinite && av !== bv) return av - bv;
-  if (aFinite !== bFinite) return aFinite ? -1 : 1;
-  return 0;
-}
-
-function compareClaimedDeliveries(a, b) {
-  return compareStrings(a?.created_at, b?.created_at)
-    || compareStrings(a?.conversation_id, b?.conversation_id)
-    || compareNumbers(a?.seq, b?.seq)
-    || compareStrings(a?.delivery_id, b?.delivery_id);
-}
-
-function runtimeLabel(runtime) {
-  if (runtime === 'claude_code') return 'Claude Code';
-  if (runtime === 'opencode') return 'OpenCode';
-  if (runtime === 'openclaw') return 'OpenClaw';
-  if (runtime === 'codex') return 'Codex';
-  if (runtime === 'pi') return 'Pi';
-  return runtime || 'Agent';
-}
-
-function printDetectedRuntimeOptions(runtimeOptions = []) {
-  console.log('Detected agent harness:');
-  if (!runtimeOptions.length) {
-    console.log('  none');
-    return;
-  }
-  for (const option of runtimeOptions) {
-    const label = option.runtime_label || runtimeLabel(option.runtime);
-    const workdir = option.workdir ? ` (${option.workdir})` : '';
-    console.log(`  - ${label}${workdir}`);
-  }
-}
-
-async function buildAutoRuntimeOptions(ctx, payload = {}) {
-  const workdir = getRuntimeWorkdir(payload) || process.cwd();
-  const candidates = ['codex', 'claude_code', 'opencode', 'pi'];
-  const options = [];
-  for (const serviceType of candidates) {
-    try {
-      const resolved = await ctx.resolveRuntimeBinding({
-        ...payload,
-        serviceType,
-        workdir,
-      });
-      const runtimeMeta = resolved.runtimeMeta || {};
-      const optionWorkdir = getRuntimeWorkdir(runtimeMeta) || workdir;
-      options.push({
-        runtime: resolved.runtime,
-        runtime_label: runtimeLabel(resolved.runtime),
-        display_name: resolved.displayName || basename(optionWorkdir) || runtimeLabel(resolved.runtime),
-        workdir: optionWorkdir,
-        binding_key: optionWorkdir,
-        runtime_meta: runtimeMeta,
-      });
-    } catch (err) {
-      debugLog('ticlawk-pairing', 'auto-runtime.skip', {
-        runtime: serviceType,
-        reason: err?.message || String(err),
-      });
-    }
-  }
-  return options;
-}
-
 function printPairingChallenge(session) {
   console.log();
   console.log('Open Ticlawk and scan the QR code below, or enter the pairing code.');
@@ -417,12 +284,11 @@ export function createTiclawkAdapter(ctx) {
   let bindingAuditTimer = null;
   let jobsWakeTimer = null;
   let bindingsWakeTimer = null;
-  let credentialsWakeTimer = null;
   let lastJobsWakeAt = 0;
   let lastBindingsWakeAt = 0;
-  let lastCredentialsWakeAt = 0;
   let updateRequired = null;
   let lastUpdateRequiredLogAt = 0;
+  let startupSyncing = false;
 
   function clearDebounce(timer) {
     if (timer) clearTimeout(timer);
@@ -596,7 +462,7 @@ export function createTiclawkAdapter(ctx) {
 
         const binding = await ctx.persistBinding(buildBindingFromSource(msg));
         if (!binding?.runtime) {
-          throw new Error('claimed delivery missing runtime binding');
+          throw new Error('claimed message missing runtime binding');
         }
         if (!belongsToRuntimeHost(binding, hostId)) {
           await api.releaseDelivery(deliveryId, hostId, 'binding-host-mismatch');
@@ -664,91 +530,6 @@ export function createTiclawkAdapter(ctx) {
     }
   }
 
-  // The goal lane's canonical completion is `ticlawk goal report`, which
-  // completes the transition delivery inside report_goal_transition (before
-  // emitting the next step) so the live-transition slot frees up. By the time
-  // the turn returns the row is usually already 'completed', so this
-  // best-effort complete then 409s — that is the expected healthy path, not an
-  // error. A turn that finished without reporting leaves the row 'claimed' for
-  // stale-claimed recovery.
-  async function completeGoalDelivery(deliveryId) {
-    try {
-      await api.completeDelivery(deliveryId, hostId);
-    } catch (err) {
-      if (err?.status === 409) return;
-      throw err;
-    }
-  }
-
-  async function processGoalTransitionsForAgent(agentId, messages) {
-    for (const msg of messages) {
-      const deliveryId = msg.delivery_id;
-      const step = msg?.payload?.step || null;
-      try {
-        const messageHostId = getRuntimeHostIdFromPayload(msg);
-        if (messageHostId && messageHostId !== hostId) {
-          await api.releaseDelivery(deliveryId, hostId, 'host-mismatch');
-          continue;
-        }
-
-        const binding = await ctx.persistBinding(buildBindingFromSource(msg));
-        if (!binding?.runtime) {
-          throw new Error('claimed transition missing runtime binding');
-        }
-        if (!belongsToRuntimeHost(binding, hostId)) {
-          await api.releaseDelivery(deliveryId, hostId, 'binding-host-mismatch');
-          continue;
-        }
-
-        const completed = await ctx.bus.dispatchToAgent(binding.runtime, binding.id, normalizeInboundMessage(msg));
-        if (completed !== true) {
-          if (isTerminalRuntimeFailure(completed)) {
-            await completeGoalDelivery(deliveryId);
-            void requestDrain('transition.terminal-completed');
-            debugError('ticlawk', 'transition.terminal-failed', {
-              agentId,
-              deliveryId,
-              step,
-              runtime: binding.runtime,
-              reason: completed.reason || 'runtime terminal failure',
-            });
-            continue;
-          }
-          throw new Error('runtime did not complete transition turn');
-        }
-        await completeGoalDelivery(deliveryId);
-        void requestDrain('transition.completed');
-        debugLog('ticlawk', 'transition.completed', {
-          agentId,
-          deliveryId,
-          step,
-          runtime: binding.runtime,
-        });
-      } catch (err) {
-        if (api.isUpdateRequiredError(err)) {
-          recordUpdateRequired(err, 'transition.dispatch');
-        }
-        try {
-          await api.releaseDelivery(deliveryId, hostId, 'transition-dispatch-error');
-        } catch (releaseErr) {
-          debugError('ticlawk', 'transition.release-failed', {
-            agentId,
-            deliveryId,
-            hostId,
-            error: releaseErr?.message || 'unknown error',
-          });
-        }
-        debugError('ticlawk', 'transition.dispatch-failed', {
-          agentId,
-          deliveryId,
-          step,
-          hostId,
-          error: err?.message || 'unknown error',
-        });
-      }
-    }
-  }
-
   async function refreshBindings(reason = 'manual') {
     let channels = [];
     const startedAt = Date.now();
@@ -787,27 +568,6 @@ export function createTiclawkAdapter(ctx) {
           error: err?.message || 'unknown error',
         });
       }
-
-      // Agents created from the App via POST /me/agents land here in
-      // status='unpaired'. Once we've successfully registered the
-      // binding locally, flip them to 'connected' — same end state the
-      // legacy QR pairing flow leaves agents in. spawn itself stays
-      // lazy (happens on first delivery via deliverTurn).
-      if (agent.status === 'unpaired' && agentHostId === hostId) {
-        try {
-          await api.updateAgent(agent.id, {
-            status: 'connected',
-            runtime_host_id: hostId,
-            runtime_host_label: getHostLabel(),
-          });
-          debugLog('ticlawk', 'binding.unpaired-claimed', { agentId: agent.id });
-        } catch (err) {
-          debugError('ticlawk', 'binding.unpaired-claim-failed', {
-            agentId: agent.id,
-            error: err?.message || 'unknown error',
-          });
-        }
-      }
     }
     const pruned = await pruneDeletedBindings(channels, reason);
     debugLog('ticlawk', 'binding.refresh-ok', {
@@ -822,33 +582,6 @@ export function createTiclawkAdapter(ctx) {
     return hydrated;
   }
 
-  const syncCredentials = coalesce(async (reason = 'manual') => {
-    const startedAt = Date.now();
-    try {
-      const payload = await api.fetchCredentials();
-      const credentials = Array.isArray(payload?.credentials) ? payload.credentials : [];
-      const result = persistRuntimeCredentials(credentials);
-      debugLog('ticlawk-credentials', 'sync-ok', {
-        reason,
-        saved: result.saved,
-        removed: result.removed,
-        durationMs: Date.now() - startedAt,
-        wakeToSyncMs: String(reason || '').startsWith('wake') && lastCredentialsWakeAt
-          ? Date.now() - lastCredentialsWakeAt
-          : null,
-      });
-    } catch (err) {
-      if (api.isUpdateRequiredError(err)) {
-        recordUpdateRequired(err, 'credentials.sync');
-      }
-      debugError('ticlawk-credentials', 'sync-failed', {
-        reason,
-        durationMs: Date.now() - startedAt,
-        error: err?.message || 'unknown error',
-      });
-    }
-  });
-
   async function releaseBlockedRows(agentId, messages, reason) {
     for (const msg of messages) {
       if (!msg?.delivery_id) continue;
@@ -897,8 +630,7 @@ export function createTiclawkAdapter(ctx) {
       return { failed: true, claimed: 0, launched: 0 };
     }
 
-    const orderedData = Array.isArray(data) ? [...data].sort(compareClaimedDeliveries) : [];
-    const claimed = orderedData.length;
+    const claimed = Array.isArray(data) ? data.length : 0;
     debugLog('ticlawk', 'claim.result', {
       reason,
       hostId,
@@ -917,12 +649,12 @@ export function createTiclawkAdapter(ctx) {
       });
     }
 
-    if (orderedData.length === 0) {
+    if (!Array.isArray(data) || data.length === 0) {
       return { failed: false, claimed: 0, launched: 0 };
     }
 
     const grouped = new Map();
-    for (const msg of orderedData) {
+    for (const msg of data) {
       const agentId = getAgentIdFromPayload(msg);
       if (!agentId) {
         // Claim rows must carry the recipient agent id; a missing value
@@ -935,39 +667,33 @@ export function createTiclawkAdapter(ctx) {
         });
         continue;
       }
-      const lane = getDeliveryLaneFromPayload(msg);
-      const channelKey = channelKeyFor(agentId, lane);
-      const bucket = grouped.get(channelKey) || { agentId, lane, messages: [] };
-      bucket.messages.push(msg);
-      grouped.set(channelKey, bucket);
+      const bucket = grouped.get(agentId) || [];
+      bucket.push(msg);
+      grouped.set(agentId, bucket);
     }
 
     let launched = 0;
-    for (const [channelKey, { agentId, lane, messages }] of grouped.entries()) {
-      if (processingChannels.has(channelKey)) {
+    for (const [agentId, messages] of grouped.entries()) {
+      if (processingChannels.has(agentId)) {
         debugError('ticlawk', 'claim.blocked-claimed-rows', {
           reason,
-          channelKey,
           agentId,
-          lane,
           blockedRows: messages.length,
         });
         await releaseBlockedRows(agentId, messages, reason);
         continue;
       }
-      const run = (lane === 'goal'
-        ? processGoalTransitionsForAgent(agentId, messages)
-        : processPendingMessagesForAgent(agentId, messages))
+      const run = processPendingMessagesForAgent(agentId, messages)
         .catch(() => {})
         .finally(() => {
-          processingChannels.delete(channelKey);
+          processingChannels.delete(agentId);
           void requestDrain('channel.completed');
         });
-      processingChannels.set(channelKey, run);
+      processingChannels.set(agentId, run);
       launched += messages.length;
     }
 
-    return { failed: false, claimed: orderedData.length, launched };
+    return { failed: false, claimed: data.length, launched };
   }
 
   async function runDrain(reason) {
@@ -1006,15 +732,6 @@ export function createTiclawkAdapter(ctx) {
     bindingsWakeTimer.unref?.();
   }
 
-  function scheduleCredentialSync(reason) {
-    credentialsWakeTimer = clearDebounce(credentialsWakeTimer);
-    credentialsWakeTimer = setTimeout(() => {
-      credentialsWakeTimer = null;
-      void syncCredentials(reason);
-    }, CREDENTIALS_WAKE_DEBOUNCE_MS);
-    credentialsWakeTimer.unref?.();
-  }
-
   async function reportHostCapabilitiesNow() {
     const entries = await Promise.all(Object.entries(ctx.runtimes || {})
       .filter(([, runtime]) => typeof runtime?.health === 'function')
@@ -1051,11 +768,11 @@ export function createTiclawkAdapter(ctx) {
   function handleWakeEvent(event) {
     wakeState.lastEventAt = new Date().toISOString();
     if (event?.type === 'hello') {
+      void reportHostCapabilitiesNow();
+      if (startupSyncing) return;
       void refreshBindings('wake.hello')
         .then(() => requestDrain('wake.hello'))
         .catch(() => {});
-      void syncCredentials('wake.hello');
-      void reportHostCapabilitiesNow();
       return;
     }
     if (event?.type === 'jobs.available') {
@@ -1076,17 +793,6 @@ export function createTiclawkAdapter(ctx) {
       scheduleRefreshAndDrain('wake.bindings.changed');
       return;
     }
-    if (event?.type === 'credentials.changed') {
-      lastCredentialsWakeAt = Date.now();
-      debugLog('ticlawk-wake', 'credentials.changed', {
-        credentialId: event.credential_id || null,
-        name: event.name || null,
-        status: event.status || null,
-        reason: event.reason || null,
-      });
-      scheduleCredentialSync('wake.credentials.changed');
-      return;
-    }
     if (event?.type === 'auth.revoked') {
       wakeState.lastError = 'auth revoked';
       debugError('ticlawk-wake', 'auth.revoked', {});
@@ -1119,19 +825,21 @@ export function createTiclawkAdapter(ctx) {
     });
   }
 
+  function getConnectorWakeUrlForHost() {
+    const raw = api.getConnectorWsUrl();
+    try {
+      const url = new URL(raw);
+      url.searchParams.set('runtime_host_id', hostId);
+      return url.toString();
+    } catch {
+      const separator = raw.includes('?') ? '&' : '?';
+      return `${raw}${separator}runtime_host_id=${encodeURIComponent(hostId)}`;
+    }
+  }
+
   function connectWakeSocket() {
     connectorSocket = new TiclawkWakeClient({
-      // host_id rides on the WS query string so connector-wake can flip
-      // runtime_hosts.online for the right row. Empty host_id is
-      // tolerated by the server (it just skips the state write).
-      getUrl: () => {
-        const base = String(api.getConnectorWsUrl() || '').trim();
-        if (!base) return '';
-        const hostId = String(getHostId() || '').trim();
-        if (!hostId) return base;
-        const sep = base.includes('?') ? '&' : '?';
-        return `${base}${sep}host_id=${encodeURIComponent(hostId)}`;
-      },
+      getUrl: getConnectorWakeUrlForHost,
       getApiKey: api.getApiKey,
       onEvent: handleWakeEvent,
       onStatus: handleWakeStatus,
@@ -1159,7 +867,7 @@ export function createTiclawkAdapter(ctx) {
     bindingAuditTimer.unref?.();
   }
 
-  async function finishPairing(resolved, pairData) {
+  async function finishHostPairing(pairData) {
     const apiKey = pairData.connector_api_key || pairData.apiKey || pairData.api_key;
     persistApiCredential(apiKey);
     if (pairData.connector_ws_url) {
@@ -1178,61 +886,26 @@ export function createTiclawkAdapter(ctx) {
       restartWakeSocket('connect.paired');
     }
 
-    const bindingId = pairData.agent_id || pairData.agentId;
-    if (!bindingId) {
-      throw new Error('pairing did not return agent_id');
-    }
-    const runtimeMeta = pairData.runtime_meta || resolved.runtimeMeta;
-    const binding = await ctx.upsertBinding({
-      id: bindingId,
-      adapter: 'ticlawk',
-      targetKey: bindingId,
-      targetMeta: {
-        agentId: bindingId,
-        runtime_host_id: hostId,
-        binding_key: pairData.binding_key || null,
-      },
-      runtime_host_id: hostId,
-      runtime_host_label: hostLabel,
-      runtime: resolved.runtime,
-      runtimeMeta,
-      displayName: resolved.displayName,
-      status: 'connected',
-    });
+    await reportHostCapabilitiesNow();
     return {
       statusCode: 200,
       body: {
         ok: true,
-        agentId: binding.id,
-        serviceType: resolved.runtime,
-        name: binding.displayName,
-        bindingKey: pairData.binding_key || null,
+        hostId,
+        hostLabel,
         user: pairedIdentity,
       },
     };
   }
 
-  async function connectWithQrPairing(payload) {
-    const autoRuntime = Boolean(payload?.autoRuntime);
-    const runtimeOptions = autoRuntime ? await buildAutoRuntimeOptions(ctx, payload) : [];
-    if (autoRuntime) {
-      printDetectedRuntimeOptions(runtimeOptions);
-      if (runtimeOptions.length === 0) {
-        return connectError(400, 'No supported local agent harness detected in this terminal. Install or sign in to Codex, Claude Code, OpenCode, or pi, then run `ticlawk connect` again.');
-      }
-    }
-    const resolved = autoRuntime ? null : await ctx.resolveRuntimeBinding(payload);
-    const runtimeMeta = resolved?.runtimeMeta || {};
-    const workdir = getRuntimeWorkdir(runtimeMeta) || getRuntimeWorkdir(payload) || process.cwd();
+  async function connectWithQrPairing() {
     const clientSecret = makeClientSecret();
     const created = await api.createPairingSession({
       client: 'ticlawk',
       client_version: api.getTiclawkVersion(),
       host_id: hostId,
       host_label: hostLabel,
-      ...(autoRuntime ? { runtime_options: runtimeOptions } : { runtime: resolved.runtime }),
-      workdir,
-      display_name: resolved?.displayName || basename(workdir) || 'Agent',
+      scope: 'host',
       challenge_hash: sha256Hex(clientSecret),
     });
     if (!created?.ok) {
@@ -1253,20 +926,9 @@ export function createTiclawkAdapter(ctx) {
         pollAfterMs: Number(created.poll_after_ms || 1500),
         expiresAt: created.expires_at,
       });
-      const approvedRuntime = approved.runtime || approved.selected_runtime;
-      const approvedOption = runtimeOptions.find((option) => option.runtime === approvedRuntime) || null;
-      const finalResolved = resolved || {
-        runtime: approvedRuntime || approvedOption?.runtime,
-        displayName: approved.display_name || approvedOption?.display_name || runtimeLabel(approvedRuntime),
-        runtimeMeta: approved.runtime_meta || approvedOption?.runtime_meta || {},
-      };
-      if (!finalResolved.runtime) {
-        throw new Error('ticlawk pairing did not return a selected runtime');
-      }
-      return await finishPairing.call(this, finalResolved, {
+      return await finishHostPairing({
         ...created,
         ...approved,
-        binding_key: approved.binding_key || created.binding_key || null,
       });
     } catch (err) {
       await api.cancelPairingSession({
@@ -1281,13 +943,18 @@ export function createTiclawkAdapter(ctx) {
     id: 'ticlawk',
 
     async start() {
-      // Stale claimed deliveries are recovered conservatively by the
-      // claim RPC; this startup path only refreshes local bindings and
-      // asks for the next drain.
-      await refreshBindings('startup');
-      await syncCredentials('startup');
-      await requestDrain('startup');
+      // No stale-delivery recovery anywhere — if the daemon is killed
+      // mid-claim, the row stays `claimed` forever. lease_expires_at
+      // was dropped in X1; no cron has replaced it. Rare in practice;
+      // when it happens the fix is a one-row UPDATE in supabase.
+      startupSyncing = true;
       connectWakeSocket();
+      try {
+        await refreshBindings('startup');
+        await requestDrain('startup');
+      } finally {
+        startupSyncing = false;
+      }
       startAuditTimers();
     },
 
@@ -1324,131 +991,9 @@ export function createTiclawkAdapter(ctx) {
     },
 
     async connect(payload) {
-      const config = loadPersistentConfig();
-      if (!payload?.__legacyConnect) {
-        try {
-          return await connectWithQrPairing.call(this, {
-            ...payload,
-            autoRuntime: true,
-          });
-        } catch (err) {
-          return connectError(err?.status || 500, err.message);
-        }
-      }
-
-      // Archived setup-code connect path. It is intentionally not reachable
-      // from the public CLI; keep it here only until the old flow is deleted.
-      const connectCode = String(payload?.code || config.TICLAWK_SETUP_CODE || '').trim();
-      if (!connectCode) {
-        return connectError(400, 'legacy ticlawk setup-code connect requires code');
-      }
-
       try {
-        const resolved = await ctx.resolveRuntimeBinding(payload);
-        const runtimeMeta = resolved.runtimeMeta;
-        let currentIdentity = null;
-        const activeProfile = getActiveProfile();
-        if (activeProfile?.adapter === 'ticlawk') {
-          currentIdentity = readProfileMeta(activeProfile.adapter, activeProfile.userId) || {
-            userId: activeProfile.userId,
-          };
-        } else if (config[TICLAWK_CONNECTOR_API_KEY]) {
-          try {
-            const me = await api.getMe();
-            if (me?.userId || me?.user_id) {
-              currentIdentity = maskIdentity(me);
-              ensureLegacyProfile({
-                adapter: 'ticlawk',
-                userId: currentIdentity.userId,
-                meta: currentIdentity,
-              });
-            }
-          } catch {}
-        }
-
-        let previewIdentity = null;
-        try {
-          const preview = await api.pairPreview({ code: connectCode });
-          if (preview?.ok) {
-            previewIdentity = maskIdentity(preview);
-          } else if (preview?.userId || preview?.user_id) {
-            previewIdentity = maskIdentity(preview);
-          }
-        } catch {}
-
-        if (currentIdentity?.userId && !previewIdentity?.userId && !payload.switchUser) {
-          return {
-            statusCode: 409,
-            body: {
-              ok: false,
-              code: 'ticlawk_pairing_user_unverified',
-              currentUser: currentIdentity,
-              error: [
-                'This ticlawk home is already paired to ticlawk user:',
-                ...formatIdentityLines(currentIdentity),
-                '',
-                'Could not verify which ticlawk user owns the new pairing code.',
-                'Refusing to switch users because existing agents may stop processing messages.',
-                '',
-                'If you want to switch user, please rerun this command with --switch-user.',
-              ].join('\n'),
-            },
-          };
-        }
-
-        if (
-          currentIdentity?.userId
-          && previewIdentity?.userId
-          && currentIdentity.userId !== previewIdentity.userId
-          && !payload.switchUser
-        ) {
-          let affectedAgents = [];
-          try {
-            affectedAgents = await api.getAgents({ hostId });
-          } catch {}
-          const message = [
-            'This ticlawk home is already paired to ticlawk user:',
-            ...formatIdentityLines(currentIdentity),
-            '',
-            'The pairing code belongs to a different ticlawk user:',
-            ...formatIdentityLines(previewIdentity),
-            '',
-            'Refusing to switch users because these agents are currently bound to this host:',
-            ...formatAffectedAgents(affectedAgents),
-            '',
-            'Switching would stop this daemon from processing messages for those agents.',
-            '',
-            'If you want to switch user, please rerun this command with --switch-user.',
-          ].join('\n');
-          return {
-            statusCode: 409,
-            body: {
-              ok: false,
-              error: message,
-              code: 'ticlawk_user_mismatch',
-              currentUser: currentIdentity,
-              pairingUser: previewIdentity,
-              affectedAgents,
-            },
-          };
-        }
-
-        const pairData = await api.pair({
-          code: connectCode,
-          name: resolved.displayName,
-          serviceType: resolved.runtime,
-          runtimeMeta,
-          runtime_host_id: hostId,
-          runtime_host_label: hostLabel,
-        });
-        if (!pairData?.ok) {
-          return { statusCode: pairData?.statusCode || 401, body: pairData };
-        }
-        return finishPairing.call(this, resolved, {
-          ...pairData,
-          agent_id: pairData.agentId,
-          connector_api_key: pairData.apiKey,
-        });
+        void payload;
+        return await connectWithQrPairing();
       } catch (err) {
         return connectError(err?.status || 500, err.message);
       }
@@ -1512,52 +1057,3 @@ export function createTiclawkAdapter(ctx) {
     },
   };
 }
-
-export function getTiclawkAuthHelp() {
-  return `ticlawk auth ticlawk --code <6-digit-code> [--api-url <url>]
-
-Options:
-  --code <code>       6-digit setup code from the ticlawk app
-  --api-url <url>     optional ticlawk API base URL override
-`;
-}
-
-export async function runTiclawkAuth(rawArgs) {
-  const args = parseOptionArgs(rawArgs);
-  if (args.help || args.h) {
-    return {
-      statusCode: 200,
-      body: {
-        ok: true,
-        help: getTiclawkAuthHelp(),
-      },
-    };
-  }
-  const code = String(args.code || '').trim();
-  if (!code) {
-    return {
-      statusCode: 400,
-      body: {
-        ok: false,
-        error: 'ticlawk auth requires --code',
-      },
-    };
-  }
-  const updates = {
-    TICLAWK_SETUP_CODE: code,
-  };
-  const apiUrl = String(args['api-url'] || '').trim();
-  if (apiUrl) {
-    updates.TICLAWK_API_URL = apiUrl;
-  }
-  persistConfig(updates);
-  return {
-    statusCode: 200,
-    body: {
-      ok: true,
-      adapter: 'ticlawk',
-      setupCode: 'set',
-      apiUrl: apiUrl || undefined,
-    },
-  };
-}