typeclaw 0.19.0 → 0.21.0

package/src/dreams/render.ts

@@ -0,0 +1,155 @@
+import { styleText } from 'node:util'
+
+import type { DreamCategory, DreamEntry, DreamEntryDetail } from './types'
+
+export type RenderOptions = { color: boolean }
+
+type ColorName = 'dim' | 'cyan' | 'green' | 'yellow' | 'magenta' | 'gray'
+
+function tint(opts: RenderOptions, color: ColorName, text: string): string {
+  if (!opts.color) return text
+  return styleText(color, text)
+}
+
+const CATEGORY_LABELS: Record<DreamCategory, string> = {
+  fragments: 'frag',
+  skills: 'skill',
+  'watermarks-only': 'watermarks',
+  snapshot: 'snapshot',
+  other: 'other',
+}
+
+export function renderListRow(entry: DreamEntry, opts: RenderOptions): string {
+  const emoji = entry.emoji ?? '·'
+  const sha = tint(opts, 'cyan', entry.shortSha)
+  const date = tint(opts, 'dim', formatShortDate(entry.committedAt))
+  const when = tint(opts, 'dim', `(${formatRelative(entry.committedAt)})`)
+  const summary = entry.summary ?? entry.subject
+  const badges = renderCategoryBadges(entry.categories, opts)
+  const head = `${emoji}  ${sha}  ${date} ${when}  ${summary}`
+  return badges.length > 0 ? `${head}  ${badges}` : head
+}
+
+function renderCategoryBadges(categories: DreamCategory[], opts: RenderOptions): string {
+  if (categories.length === 0) return ''
+  const meaningful = categories.filter((c) => c !== 'other')
+  const shown = meaningful.length > 0 ? meaningful : categories
+  const labels = shown.map((c) => CATEGORY_LABELS[c])
+  return tint(opts, 'magenta', labels.map((l) => `[${l}]`).join(' '))
+}
+
+export function renderDetail(entry: DreamEntry, opts: RenderOptions): string {
+  const lines: string[] = []
+  const emoji = entry.emoji ?? '·'
+  lines.push(`${emoji}  ${entry.subject}`)
+  lines.push(
+    tint(
+      opts,
+      'dim',
+      `${entry.shortSha} · ${formatTimestamp(entry.committedAt)} · ${formatRelative(entry.committedAt)}`,
+    ),
+  )
+
+  const detail = entry.detail
+  if (detail === undefined) {
+    lines.push('', tint(opts, 'dim', '(no detail loaded)'))
+    return lines.join('\n')
+  }
+
+  renderFragments(lines, detail, opts)
+  renderTopics(lines, detail, opts)
+  renderSkills(lines, detail, opts)
+
+  if (detail.stateChanged) lines.push('', tint(opts, 'dim', 'state: .dreaming-state.json advanced'))
+  for (const warning of detail.parseWarnings) lines.push(tint(opts, 'yellow', `⚠ ${warning}`))
+
+  if (isQuietDream(detail)) {
+    lines.push('', tint(opts, 'dim', 'No fragments promoted, no shards changed this run.'))
+  }
+  return lines.join('\n')
+}
+
+function renderFragments(lines: string[], detail: DreamEntryDetail, opts: RenderOptions): void {
+  if (detail.addedFragments.length === 0) return
+  lines.push('', section(opts, `fragments folded in (${detail.addedFragments.length})`))
+  for (const f of detail.addedFragments) {
+    const id = tint(opts, 'dim', `${f.streamDate ?? '????'}#${f.id}`)
+    const topic = f.topic !== null ? tint(opts, 'magenta', ` [${f.topic}]`) : ''
+    lines.push(`• ${id}${topic}`)
+    if (f.bodyPreview !== null) lines.push(`    ${tint(opts, 'gray', `"${f.bodyPreview}"`)}`)
+  }
+}
+
+function renderTopics(lines: string[], detail: DreamEntryDetail, opts: RenderOptions): void {
+  if (detail.changedTopics.length === 0) return
+  lines.push('', section(opts, `topic shards changed (${detail.changedTopics.length})`))
+  for (const t of detail.changedTopics) {
+    const counts =
+      t.additions !== null && t.deletions !== null ? tint(opts, 'dim', ` (+${t.additions} −${t.deletions})`) : ''
+    lines.push(`${statusGlyph(t.status, opts)} ${t.slug}${counts}`)
+  }
+}
+
+function renderSkills(lines: string[], detail: DreamEntryDetail, opts: RenderOptions): void {
+  if (detail.createdSkills.length === 0) return
+  lines.push('', section(opts, `skills distilled (${detail.createdSkills.length})`))
+  for (const s of detail.createdSkills)
+    lines.push(`${tint(opts, 'green', '✦')} ${s.name}  ${tint(opts, 'dim', s.path)}`)
+}
+
+export function toJsonShape(entry: DreamEntry): Record<string, unknown> {
+  const base: Record<string, unknown> = {
+    sha: entry.sha,
+    shortSha: entry.shortSha,
+    committedAt: entry.committedAt,
+    subject: entry.subject,
+    isDreamCommit: entry.isDreamCommit,
+    summary: entry.summary,
+    emoji: entry.emoji,
+    categories: entry.categories,
+  }
+  if (entry.detail !== undefined) base.detail = entry.detail
+  return base
+}
+
+function isQuietDream(detail: DreamEntryDetail): boolean {
+  return detail.addedFragments.length === 0 && detail.changedTopics.length === 0 && detail.createdSkills.length === 0
+}
+
+function section(opts: RenderOptions, label: string): string {
+  return tint(opts, 'dim', `── ${label} ──`)
+}
+
+function statusGlyph(status: string, opts: RenderOptions): string {
+  if (status === 'added') return tint(opts, 'green', '✚ added   ')
+  if (status === 'modified') return tint(opts, 'yellow', '✎ modified')
+  if (status === 'deleted') return tint(opts, 'dim', '✖ deleted ')
+  if (status === 'renamed') return tint(opts, 'cyan', '→ renamed ')
+  return '? unknown '
+}
+
+function formatRelative(iso: string): string {
+  const ms = Date.parse(iso)
+  if (Number.isNaN(ms)) return iso
+  const diff = Date.now() - ms
+  if (diff < 60_000) return 'just now'
+  if (diff < 3_600_000) return `${Math.floor(diff / 60_000)}m ago`
+  if (diff < 86_400_000) return `${Math.floor(diff / 3_600_000)}h ago`
+  return `${Math.floor(diff / 86_400_000)}d ago`
+}
+
+function formatTimestamp(iso: string): string {
+  const ms = Date.parse(iso)
+  if (Number.isNaN(ms)) return iso
+  const d = new Date(ms)
+  const pad = (n: number): string => String(n).padStart(2, '0')
+  return `${d.getFullYear()}-${pad(d.getMonth() + 1)}-${pad(d.getDate())} ${pad(d.getHours())}:${pad(d.getMinutes())}`
+}
+
+function formatShortDate(iso: string): string {
+  const ms = Date.parse(iso)
+  if (Number.isNaN(ms)) return iso
+  const d = new Date(ms)
+  const pad = (n: number): string => String(n).padStart(2, '0')
+  return `${pad(d.getMonth() + 1)}-${pad(d.getDate())} ${pad(d.getHours())}:${pad(d.getMinutes())}`
+}

package/src/dreams/types.ts

@@ -0,0 +1,50 @@
+// Mirrored from the bundled memory plugin's dreaming subagent rather than
+// imported: this host-stage viewer must stay decoupled from runtime plugin
+// internals, and only needs to RECOGNIZE the emoji set, not own it. The
+// grammar test asserts this list stays in sync with the runtime's pool.
+export const DREAM_EMOJI_POOL = ['💤', '🌙', '⭐', '🛌', '😴', '🧠', '💭', '🔮'] as const
+export type DreamEmoji = (typeof DREAM_EMOJI_POOL)[number]
+
+export type DreamCategory = 'fragments' | 'skills' | 'watermarks-only' | 'snapshot' | 'other'
+
+export type DreamEntry = {
+  sha: string
+  shortSha: string
+  subject: string
+  committedAt: string
+  isDreamCommit: boolean
+  summary: string | null
+  emoji: DreamEmoji | null
+  categories: DreamCategory[]
+  detail?: DreamEntryDetail
+}
+
+export type DreamEntryDetail = {
+  addedFragments: FragmentEventSummary[]
+  changedTopics: TopicShardChange[]
+  createdSkills: SkillCreation[]
+  stateChanged: boolean
+  parseWarnings: string[]
+}
+
+export type FragmentEventSummary = {
+  id: string
+  streamDate: string | null
+  topic: string | null
+  bodyPreview: string | null
+}
+
+export type ShardChangeStatus = 'added' | 'modified' | 'deleted' | 'renamed' | 'unknown'
+
+export type TopicShardChange = {
+  path: string
+  slug: string
+  status: ShardChangeStatus
+  additions: number | null
+  deletions: number | null
+}
+
+export type SkillCreation = {
+  name: string
+  path: string
+}

package/src/inspect/loop.ts

@@ -2,6 +2,12 @@ import { runInspect, type RunInspectOptions, type RunInspectResult } from './ind
 
 export type RunInspectLoopOptions = Omit<RunInspectOptions, 'escSignal'> & {
   newEscSignal: () => AbortSignal
+  // Runs after every runInspect attempt settles. The caller disarms the raw-mode
+  // ESC listener here so the live tail releases stdin before clack re-opens the
+  // picker: an ESC-aborted tail leaves the listener armed (raw mode on, 'data'
+  // handler attached), and handing clack that flowing stream freezes the picker
+  // on SSH/Bun pseudo-TTYs.
+  afterEscStream?: () => void
 }
 
 export async function runInspectLoop(opts: RunInspectLoopOptions): Promise<RunInspectResult> {
@@ -23,7 +29,12 @@ export async function runInspectLoop(opts: RunInspectLoopOptions): Promise<RunIn
     if (sessionArg !== undefined) callOpts.sessionIdOrPrefix = sessionArg
     else delete (callOpts as { sessionIdOrPrefix?: string }).sessionIdOrPrefix
 
-    const result = await runInspect(callOpts)
+    let result: RunInspectResult
+    try {
+      result = await runInspect(callOpts)
+    } finally {
+      opts.afterEscStream?.()
+    }
     if (!result.ok) return result
     if (result.escToPicker !== true) return result
     sessionArg = undefined

package/src/permissions/permissions.ts

@@ -9,6 +9,12 @@ export type PermissionService = {
   has(origin: SessionOrigin | undefined, permission: string): boolean
   resolveRole(origin: SessionOrigin | undefined): string
   describe(origin: SessionOrigin | undefined): { role: string; permissions: readonly string[] }
+  // Orders two role names on the severity tower so callers can cap an
+  // action to the requester's role (a guest turn must not read the output
+  // of a member-spawned subagent). `undefined` means an unknown role on
+  // either side and MUST be treated as deny, never allow — mistreating it
+  // as allow reopens the privilege-escalation hole this gate closes.
+  compareRoleSeverity(a: string, b: string): -1 | 0 | 1 | undefined
   // Rebuilds the resolved role table from the given roles config, preserving
   // the same plugin-permission set captured at construction time. Used by
   // the config reloadable so role match-rule edits (typeclaw role claim,
@@ -25,6 +31,7 @@ export type UnknownPermissionWarning = {
 export const noopPermissionService: PermissionService = {
   has: () => false,
   resolveRole: () => 'guest',
+  compareRoleSeverity: () => undefined,
   describe: () => ({ role: 'guest', permissions: [] }),
   replaceRoles: () => {},
 }
@@ -139,6 +146,15 @@ export function createPermissionService(opts: CreatePermissionServiceOptions = {
     return 'guest'
   }
 
+  function roleSeverity(name: string): number | undefined {
+    if (name === 'owner') return 4
+    if (name === 'trusted') return 3
+    if (name === 'member') return 1
+    if (name === 'guest') return 0
+    if (byName.has(name)) return 2
+    return undefined
+  }
+
   return {
     has(origin, permission) {
       // Fail-safe floor: an undefined origin holds nothing, regardless of
@@ -156,6 +172,14 @@ export function createPermissionService(opts: CreatePermissionServiceOptions = {
       return role.permissions.includes(permission)
     },
     resolveRole,
+    compareRoleSeverity(a, b) {
+      const aRank = roleSeverity(a)
+      const bRank = roleSeverity(b)
+      if (aRank === undefined || bRank === undefined) return undefined
+      if (aRank < bRank) return -1
+      if (aRank > bRank) return 1
+      return 0
+    },
     describe(origin) {
       const name = resolveRole(origin)
       const role = byName.get(name)

package/src/server/index.ts

@@ -12,6 +12,7 @@ import { runPluginDoctorChecks, runPluginDoctorFix } from '@/agent/doctor'
 import type { LiveSessionRegistry } from '@/agent/live-sessions'
 import type { LiveSubagentRegistry } from '@/agent/live-subagents'
 import { detectProviderError } from '@/agent/provider-error'
+import { requestContainerRestart } from '@/agent/restart'
 import { consumeRestartHandoff, type RestartHandoff } from '@/agent/restart-handoff'
 import type { SessionOrigin } from '@/agent/session-origin'
 import { parseSubagentCompletedPayload, renderSubagentCompletionReminder } from '@/agent/subagent-completion-reminder'
@@ -652,6 +653,11 @@ export function createServer({
             return
           }
 
+          if (msg.type === 'restart') {
+            await handleRestart(ws, state, containerName, agentDir, stream)
+            return
+          }
+
           if (msg.type === 'doctor') {
             await handleDoctor(ws, msg.requestId, pluginRuntime, agentDir)
             return
@@ -1437,3 +1443,46 @@ async function handleReload(
     })
   }
 }
+
+async function handleRestart(
+  ws: Ws,
+  state: SessionState | undefined,
+  containerName: string | undefined,
+  agentDir: string | undefined,
+  stream: Stream | undefined,
+): Promise<void> {
+  if (containerName === undefined) {
+    send(ws, {
+      type: 'restart_result',
+      status: 'failed',
+      error: 'restart unavailable: no container name configured',
+    })
+    return
+  }
+
+  // Pass stream so requestContainerRestart fans out the container-restarting
+  // notice — the originating session's subscribeRestartNotice appends the
+  // typeclaw.restart-self entry to its JSONL before the handoff is written, so
+  // the rebooted container resumes with the "I'm back" instruction (same path
+  // the agent restart tool uses).
+  const originatingSessionFile = state?.sessionManager?.getSessionFile()
+  const result = await requestContainerRestart({
+    containerName,
+    ...(agentDir !== undefined ? { agentDir } : {}),
+    ...(state?.sessionFileId !== undefined ? { originatingSessionId: state.sessionFileId } : {}),
+    ...(originatingSessionFile !== undefined ? { originatingSessionFile } : {}),
+    ...(stream !== undefined ? { stream } : {}),
+  })
+  if (!result.ok) {
+    send(ws, { type: 'restart_result', status: 'failed', error: result.reason })
+    return
+  }
+
+  // hostd's supervisor ACKs first, then runs stop+start in the background;
+  // this process should not self-exit or it could race the daemon-owned stop.
+  send(ws, {
+    type: 'restart_result',
+    status: 'accepted',
+    message: 'restart scheduled; reconnecting when the new container is up',
+  })
+}

package/src/shared/protocol.ts

@@ -130,6 +130,7 @@ export type InspectServerMessage =
 export type ClientMessage =
   | { type: 'prompt'; text: string; delivery?: PromptDelivery }
   | { type: 'reload'; scope?: string }
+  | { type: 'restart' }
   | { type: 'abort' }
   | { type: 'queue_cancel'; messageId: string }
   | { type: 'doctor'; requestId: DoctorRequestId }
@@ -213,6 +214,7 @@ export type ServerMessage =
   | { type: 'done' }
   | { type: 'error'; message: string }
   | { type: 'reload_result'; results: ReloadResultPayload[] }
+  | { type: 'restart_result'; status: 'accepted' | 'failed'; message?: string; error?: string }
   | { type: 'notification'; payload: unknown; replyTo?: string; meta?: Record<string, string> }
   | { type: 'queue_state'; pending: QueueStateItem[] }
   | { type: 'prompt_started'; messageId: string; text: string }

package/src/skills/typeclaw-channel-github/SKILL.md

@@ -50,7 +50,7 @@ The `reviewer` subagent is the analyst; you are the integration layer between it
 
 2. **Spawn the `reviewer` subagent with the PR target.** Use `run_in_background: true` so you stay responsive while the deep model works. Pass the PR URL (or `owner/repo#N`) plus any context the requester gave you (focus areas, specific files, etc.). The reviewer fetches the diff itself (`gh pr diff`, `gh api /repos/.../pulls/<n>`), loads the `code-review` skill, and returns a `<review>` block whose code findings carry `location="path:line"`.
 
-   If you post an "on it" acknowledgement before spawning the reviewer, it **must** be `channel_reply({ text: "…", continue: true })` — a bare reply ends the turn and the review never starts (see "Mid-turn status replies need `continue: true`" above).
+   Do **not** post an "on it" acknowledgement comment before spawning the reviewer — the runtime already adds an :eyes: reaction to the PR the moment it engages, so a "looking into this" comment is redundant noise. Just spawn the reviewer with `run_in_background: true` and keep working; the formal review is your reply. If you want to acknowledge explicitly, use `channel_react({ emoji: "eyes" })`, which reacts without posting a comment.
 
 3. **Wait for the completion `<system-reminder>`,** then call `subagent_output({ task_id })` to read the reviewer's final assistant message. The structured payload looks like:
 
@@ -118,7 +118,9 @@ The `reviewer` subagent is the analyst; you are the integration layer between it
 
    The returned `id`/`state` is your proof the formal review posted. If the call errored or the review is absent, do **not** fall back to a top-level `channel_reply` that _claims_ a review was posted — fix the payload (most often a `line` that isn't part of the diff; re-anchor it or move that finding to the top-level `body`) and resubmit. A trace reply that says "Posted review" when no review exists is worse than silence.
 
-6. **End the turn with `skip_response`, not a trace reply.** The formal review from step 4 already landed _in this PR_ — it carries the summary, the verdict, and the inline comments. A `channel_reply` here does **not** go to a separate operator channel; on GitHub it posts another public comment on the same PR. A one-line "Posted review on PR #N: …" narrated into the PR thread is meta-commentary addressed to a phantom operator, and it reads absurdly next to the review it claims to point at. So once step 5 confirms the review exists, call `skip_response({ reason: "review posted via gh api" })` to close the turn silently. Only fall back to `channel_reply` when there was **no** formal review to post — the zero-actionable-findings branch below uses `channel_reply`/issue comments _as_ the substantive reply.
+6. **The decoy reviewer is dropped for you — no action needed.** Under **GitHub App** auth, the adapter automatically removes the decoy reviewer from the PR's requested-reviewers list the moment your formal review lands (it reacts to your own `pull_request_review.submitted` webhook). Why this matters: GitHub auto-adds **you** (the App account) to the PR's reviewers when your review posts, but the **decoy** account would otherwise stay pinned as a perpetual "review requested", as if the review never happened. You do **not** need to issue a `DELETE /requested_reviewers` yourself — and you should not, since it would race the adapter's own cleanup. The removal is self-loop-safe: the adapter's `DELETE` is authenticated as the App, so the `review_request_removed` webhook carries your bot actor (`slug[bot]`) as `sender`, which the classifier drops (see "Self-loop safety" below). This is a no-op under **PAT** auth (no decoy) and for **plain-language**/**team** requests (no decoy user was placed). See [GitHub decoy reviewer](/docs/internals/github-decoy-reviewer).
+
+7. **End the turn with `skip_response`, not a trace reply.** The formal review from step 4 already landed _in this PR_ — it carries the summary, the verdict, and the inline comments. A `channel_reply` here does **not** go to a separate operator channel; on GitHub it posts another public comment on the same PR. A one-line "Posted review on PR #N: …" narrated into the PR thread is meta-commentary addressed to a phantom operator, and it reads absurdly next to the review it claims to point at. So once step 5 confirms the review exists, call `skip_response({ reason: "review posted via gh api" })` to close the turn silently. Only fall back to `channel_reply` when there was **no** formal review to post — the zero-actionable-findings branch below uses `channel_reply`/issue comments _as_ the substantive reply.
 
 ### Zero actionable findings
 
@@ -147,3 +149,5 @@ For App auth, `GH_TOKEN` is an installation access token that refreshes automati
 ## Self-loop safety
 
 The adapter will **not** wake you when you assign yourself as a reviewer (e.g., via `gh pr edit --add-reviewer`). It will only wake you when someone else requests your review.
+
+The same guard covers **removing** a reviewer: when the adapter drops the decoy after your review lands (step 6 of the PR review flow), the `DELETE` is authenticated as the App, so the `review_request_removed` webhook GitHub emits carries your bot actor (`slug[bot]`) as its `sender`, which the classifier drops. So the cleanup never echoes back as a fresh wake. Both directions — add and remove — are matched on `sender.login` (against either the bot actor or its decoy), so any reviewer-list mutation made under your identity stays silent.

package/src/tui/index.ts

@@ -11,19 +11,25 @@ export type TerminalFactory = () => Terminal
 
 const DEFAULT_HANDSHAKE_TIMEOUT_MS = 30_000
 
-// Bare slash-command names (no leading `/`) the TUI intercepts client-side and
-// turns into a clean process exit. The hatching ritual tells the agent to point
-// users at `/quit` (see src/init/hatching.ts); without an intercept the literal
-// text would be shipped to the LLM as a chat message. Grammar (case-insensitive,
-// whitespace-tolerant, `//foo` escapes to a literal prompt) comes from
-// `parseCommand` in src/commands so channel and TUI slash commands stay
-// consistent. Arguments after the name disqualify the match: `/quit me a story`
-// is a real prompt, not a command.
+// Bare slash-command names (no leading `/`) the TUI intercepts client-side.
+// The hatching ritual tells the agent to point users at `/quit` (see
+// src/init/hatching.ts); without an intercept the literal text would be shipped
+// to the LLM as a chat message. Grammar (case-insensitive, whitespace-tolerant,
+// `//foo` escapes to a literal prompt) comes from `parseCommand` in
+// src/commands so channel and TUI slash commands stay consistent. Arguments
+// after the name disqualify the match: `/quit me a story` is a real prompt, not
+// a command.
 const QUIT_COMMAND_NAMES: ReadonlySet<string> = new Set(['quit', 'exit'])
+const TUI_COMMAND_NAMES: ReadonlySet<TuiCommandName> = new Set(['quit', 'reload', 'restart'])
 
-function isQuitCommand(text: string): boolean {
+type TuiCommandName = 'quit' | 'reload' | 'restart'
+
+function parseBareTuiCommand(text: string): TuiCommandName | null {
   const parsed = parseCommand(text)
-  return parsed !== null && parsed.args.length === 0 && QUIT_COMMAND_NAMES.has(parsed.name)
+  if (parsed === null || parsed.args.length > 0) return null
+  if (QUIT_COMMAND_NAMES.has(parsed.name)) return 'quit'
+  if (TUI_COMMAND_NAMES.has(parsed.name as TuiCommandName)) return parsed.name as TuiCommandName
+  return null
 }
 
 export type VersionMismatch = { expected: string; actual: string }
@@ -203,6 +209,25 @@ export function createTui({
           updateQueuePanel(msg.pending)
           break
         }
+        case 'reload_result': {
+          for (const result of msg.results) {
+            const text = result.ok
+              ? `${colors.green('●')} ${colors.bold(`[${result.scope}]`)} ${result.summary}`
+              : `${colors.red('●')} ${colors.bold(`[${result.scope}]`)} ${result.reason}`
+            appendHistory(new Text(text, 0, 0))
+          }
+          tui.requestRender()
+          break
+        }
+        case 'restart_result': {
+          const text =
+            msg.status === 'accepted'
+              ? colors.green(colors.dim(msg.message ?? 'restart scheduled; reconnecting when the new container is up'))
+              : colors.red(`restart failed: ${msg.error ?? 'unknown error'}`)
+          appendHistory(new Text(text, 0, 0))
+          tui.requestRender()
+          break
+        }
       }
     })
 
@@ -222,6 +247,25 @@ export function createTui({
       })
     }
 
+    function runTuiCommand(command: TuiCommandName): boolean {
+      if (command === 'quit') {
+        shutdown(0)
+        return true
+      }
+      if (command === 'reload') {
+        client.send({ type: 'reload' })
+        appendHistory(new Text(colors.dim('reloading...'), 0, 0))
+        tui.requestRender()
+        return true
+      }
+      client.send({ type: 'restart' })
+      appendHistory(
+        new Text(colors.yellow(colors.dim('restart requested... reconnecting when the new container is up')), 0, 0),
+      )
+      tui.requestRender()
+      return true
+    }
+
     // Esc aborts an in-flight reply. The Editor does not bind Esc, so a
     // top-level input listener can intercept it without fighting the editor.
     tui.addInputListener((data) => {
@@ -252,8 +296,13 @@ export function createTui({
 
     editor.onSubmit = (text) => {
       if (text.trim().length === 0) return
-      if (isQuitCommand(text)) {
-        shutdown(0)
+      const command = parseBareTuiCommand(text)
+      if (command !== null) {
+        if (command !== 'quit') {
+          editor.setText('')
+          editor.addToHistory(text)
+        }
+        runTuiCommand(command)
         return
       }
       editor.setText('')
@@ -275,13 +324,16 @@ export function createTui({
 
     if (initialPrompt) {
       // initialPrompt bypasses editor.onSubmit, so the quit intercept above
-      // would never run. Guard the same way so `typeclaw tui /quit` exits
-      // instead of leaking the command into the agent's chat context.
-      if (isQuitCommand(initialPrompt)) {
-        shutdown(0)
-        return { lostConnection: false }
+      // would never run. Guard the same way so `typeclaw tui /quit` exits —
+      // and `/reload` / `/restart` stay websocket control frames — instead of
+      // leaking the command into the agent's chat context.
+      const command = parseBareTuiCommand(initialPrompt)
+      if (command !== null) {
+        runTuiCommand(command)
+        if (command === 'quit') return { lostConnection: false }
+      } else {
+        await send(initialPrompt)
       }
-      await send(initialPrompt)
     }
 
     const lostConnection = await closed