typeclaw 0.33.0 → 0.34.0

package/src/cron/list.ts

@@ -15,7 +15,10 @@ export type CronListEntry = {
   id: string
   source: CronListSource
   kind: 'prompt' | 'exec' | 'handler'
-  schedule: string
+  schedule: string | undefined
+  at: string | undefined
+  until: string | undefined
+  count: number | undefined
   timezone: string | undefined
   enabled: boolean
   scheduledByRole: string | undefined
@@ -35,15 +38,27 @@ export type AggregateCronListOptions = {
   // to its plugin + localId without re-parsing the global id.
   pluginJobs: readonly RegisteredCronJob[]
   now: number
+  // Durable fire progress for count-limited jobs. Without this, an exhausted
+  // count job would render with a future next-fire time and lie about being
+  // retired, so the listing threads the same firedCount the scheduler uses.
+  firedCount?: (job: CronJob) => number
 }
 
 export function aggregateCronList(opts: AggregateCronListOptions): CronListEntry[] {
+  const firedCount = opts.firedCount ?? (() => 0)
   const entries: CronListEntry[] = []
   for (const job of opts.userJobs) {
-    entries.push(toEntry(job, { kind: 'user' }, opts.now))
+    entries.push(toEntry(job, { kind: 'user' }, opts.now, firedCount(job)))
   }
   for (const reg of opts.pluginJobs) {
-    entries.push(toEntry(reg.job, { kind: 'plugin', pluginName: reg.pluginName, localId: reg.localId }, opts.now))
+    entries.push(
+      toEntry(
+        reg.job,
+        { kind: 'plugin', pluginName: reg.pluginName, localId: reg.localId },
+        opts.now,
+        firedCount(reg.job),
+      ),
+    )
   }
   // Sort by next-fire time ascending so the soonest-firing job is at the
   // top. Jobs with a null nextFireMs (parse errors) sort to the bottom
@@ -55,17 +70,20 @@ export function aggregateCronList(opts: AggregateCronListOptions): CronListEntry
   return entries
 }
 
-function toEntry(job: CronJob, source: CronListSource, now: number): CronListEntry {
-  const fire = computeNextFire(job, now)
+function toEntry(job: CronJob, source: CronListSource, now: number, firedCount: number): CronListEntry {
+  const fire = computeNextFire(job, now, { firedCount })
   const base = {
     id: job.id,
     source,
     schedule: job.schedule,
+    at: job.at,
+    until: job.until,
+    count: job.count,
     timezone: job.timezone,
     enabled: job.enabled,
     scheduledByRole: job.scheduledByRole,
     nextFireMs: fire.ok ? fire.nextFire : null,
-    scheduleError: fire.ok ? undefined : fire.reason,
+    scheduleError: fire.ok || fire.expired ? undefined : fire.reason,
   } as const
   if (job.kind === 'prompt') {
     return {

package/src/cron/scheduler.ts

@@ -14,11 +14,22 @@ export type SchedulerLogger = {
   error: (msg: string) => void
 }
 
+// The scheduler uses the count store only to stop arming once a job's durable
+// count is exhausted (an optimization) and to reconcile progress on reload.
+// The authoritative count gate lives in the consumer, which owns accepted-fire
+// accounting — the scheduler must not be the correctness boundary because it
+// can't know whether the downstream coalescer will accept or skip a fire.
+export type SchedulerCountStore = {
+  get: (id: string, job: CronJob) => number
+  reconcile: (jobs: CronJob[]) => Promise<void>
+}
+
 export type CreateSchedulerOptions = {
   jobs: CronJob[]
   onFire: (job: CronJob) => void
   clock?: SchedulerClock
   logger?: SchedulerLogger
+  countStore?: SchedulerCountStore
 }
 
 export type JobDiff = {
@@ -51,6 +62,7 @@ export function createScheduler({
   onFire,
   clock = realClock,
   logger = consoleLogger,
+  countStore,
 }: CreateSchedulerOptions): Scheduler {
   const registry = new Map<string, CronJob>()
   for (const job of jobs) registry.set(job.id, job)
@@ -69,9 +81,16 @@ export function createScheduler({
     const job = currentEnabled(id)
     if (!job) return
 
-    const result = computeNextFire(job, clock.now())
+    const firedCount = job.count !== undefined ? (countStore?.get(id, job) ?? 0) : 0
+    const result = computeNextFire(job, clock.now(), { firedCount })
     if (!result.ok) {
-      logger.warn(`[cron] ${id} not scheduled: invalid schedule "${job.schedule}"${tzSuffix(job)}: ${result.reason}`)
+      if (result.expired) {
+        logger.info(`[cron] ${id} retired: ${result.reason}`)
+      } else {
+        logger.warn(
+          `[cron] ${id} not scheduled: invalid schedule "${job.schedule ?? job.at}"${tzSuffix(job)}: ${result.reason}`,
+        )
+      }
       return
     }
 
@@ -94,8 +113,7 @@ export function createScheduler({
     try {
       onFire(job)
     } catch (err) {
-      const message = err instanceof Error ? err.message : String(err)
-      logger.error(`[cron] ${job.id} onFire threw synchronously: ${message}`)
+      logger.error(`[cron] ${job.id} onFire threw synchronously: ${describe(err)}`)
     }
   }
 
@@ -153,6 +171,14 @@ export function createScheduler({
       registry.clear()
       for (const [id, job] of newRegistry) registry.set(id, job)
 
+      // Reconcile counts before arming so re-added/changed jobs don't inherit
+      // stale progress. `reconcile` settles the authoritative in-memory map
+      // synchronously; only the persist is async, so a failure there just means
+      // disk lags the (correct) in-memory state — log it, don't fail the reload.
+      countStore?.reconcile(next).catch((err) => {
+        logger.error(`[cron] failed to persist count reconciliation: ${describe(err)}`)
+      })
+
       for (const job of result.removed) cancel(job.id)
       for (const job of result.updated) {
         cancel(job.id)
@@ -167,7 +193,10 @@ export function createScheduler({
 
 function jobFingerprint(job: CronJob): string {
   return JSON.stringify({
-    schedule: job.schedule,
+    schedule: job.schedule ?? null,
+    at: job.at ?? null,
+    until: job.until ?? null,
+    count: job.count ?? null,
     enabled: job.enabled,
     timezone: job.timezone ?? null,
     kind: job.kind,
@@ -189,21 +218,67 @@ function jobPayload(job: CronJob): unknown {
   return { handler: String(job.handler) }
 }
 
-export type ComputeNextFireResult = { ok: true; nextFire: number } | { ok: false; reason: string }
+export type ComputeNextFireResult =
+  | { ok: true; nextFire: number }
+  // `expired` distinguishes a reached end-boundary (count/until/past `at`) from
+  // a malformed schedule: the former is silent and final, the latter warns.
+  | { ok: false; expired: true; reason: string }
+  | { ok: false; expired: false; reason: string }
 
-export function computeNextFire(job: CronJob, now: number): ComputeNextFireResult {
+export type ComputeNextFireOptions = {
+  // Accepted fires so far, sourced from the count store. Defaults to 0 so
+  // callers that don't track counts (cron list rendering, pure schedule
+  // preview) compute the raw next occurrence.
+  firedCount?: number
+}
+
+export function computeNextFire(
+  job: CronJob,
+  now: number,
+  options: ComputeNextFireOptions = {},
+): ComputeNextFireResult {
+  const firedCount = options.firedCount ?? 0
+  if (job.count !== undefined && firedCount >= job.count) {
+    return { ok: false, expired: true, reason: `count limit reached (${firedCount}/${job.count})` }
+  }
+
+  if (job.at !== undefined) {
+    const at = Date.parse(job.at)
+    if (Number.isNaN(at)) return { ok: false, expired: false, reason: `invalid "at": ${job.at}` }
+    if (at <= now) return { ok: false, expired: true, reason: `one-shot "at" already elapsed` }
+    return { ok: true, nextFire: at }
+  }
+
+  if (job.schedule === undefined) {
+    return { ok: false, expired: false, reason: `job has neither "schedule" nor "at"` }
+  }
+
+  let nextFire: number
   try {
     const expr = CronExpressionParser.parse(job.schedule, {
       currentDate: new Date(now),
       ...(job.timezone ? { tz: job.timezone } : {}),
     })
-    return { ok: true, nextFire: expr.next().getTime() }
+    nextFire = expr.next().getTime()
   } catch (err) {
     const reason = err instanceof Error ? err.message : String(err)
-    return { ok: false, reason }
+    return { ok: false, expired: false, reason }
   }
+
+  if (job.until !== undefined) {
+    const until = Date.parse(job.until)
+    if (!Number.isNaN(until) && nextFire > until) {
+      return { ok: false, expired: true, reason: `next occurrence is after "until" (${job.until})` }
+    }
+  }
+
+  return { ok: true, nextFire }
 }
 
 function tzSuffix(job: CronJob): string {
   return job.timezone ? ` (timezone "${job.timezone}")` : ''
 }
+
+function describe(err: unknown): string {
+  return err instanceof Error ? err.message : String(err)
+}

package/src/cron/schema.ts

@@ -9,7 +9,18 @@ const idPattern = /^[a-zA-Z0-9_-]+$/
 
 const baseJob = z.object({
   id: z.string().min(1).regex(idPattern, 'id must contain only letters, digits, hyphens, or underscores'),
-  schedule: z.string().min(1),
+  // `schedule` (recurring cron expression) and `at` (one-shot ISO instant) are
+  // mutually exclusive: exactly one must be present. Zod marks both optional so
+  // the discriminated union still parses; the XOR is enforced in parseCronFile
+  // where we can emit a job-id-scoped error message.
+  schedule: z.string().min(1).optional(),
+  at: z.string().min(1).optional(),
+  // End boundaries. `until` is an absolute ISO instant (last allowed fire,
+  // inclusive); `count` stops after N accepted fires. Both may coexist on one
+  // job — the scheduler stops at whichever limit is reached first. `count`
+  // progress is tracked out-of-band in cron-state.json, never written back here.
+  until: z.string().min(1).optional(),
+  count: z.number().int().positive().optional(),
   enabled: z.boolean().default(true),
   timezone: z.string().optional(),
   scheduledByRole: z.string().optional(),
@@ -57,11 +68,25 @@ export type CronFile = z.infer<typeof cronFileSchema>
 
 export type ParseCronResult = { ok: true; file: CronFile } | { ok: false; reason: string }
 
+// `edit` is the strict path for an agent writing/editing cron.json: a past
+// enabled `at` is rejected so a reminder scheduled in the past surfaces as an
+// error instead of silently becoming a never-firing no-op. `load` is the
+// tolerant path the scheduler uses on boot/reload: a fired or missed one-shot
+// lingers on disk with a now-past `at`, and rejecting it would brick the whole
+// file — so `load` accepts it and lets the scheduler retire it passively.
+export type ParseCronMode = 'edit' | 'load'
+
 export type ParseCronOptions = {
   // When provided, prompt jobs with a `subagent` field are validated against
   // the registry: the name must exist, and the optional `payload` must match
   // the registered subagent's payloadSchema (or be absent if no schema).
   subagents?: SubagentRegistry
+  // Injected by tests so past/future boundary checks on `at`/`until` are
+  // deterministic. Production omits it and validation reads the wall clock.
+  now?: number
+  // Defaults to `load` (reload-safe). Callers validating an agent edit pass
+  // `edit` to reject newly-scheduled past `at` reminders.
+  mode?: ParseCronMode
 }
 
 export type ParseCronJsonOptions = ParseCronOptions
@@ -74,7 +99,11 @@ export function parseCronJson(raw: string, options: ParseCronJsonOptions = {}):
     return { ok: false, reason: `cron.json is not valid JSON: ${err instanceof Error ? err.message : String(err)}` }
   }
 
-  return parseCronFile(json, options.subagents !== undefined ? { subagents: options.subagents } : {})
+  return parseCronFile(json, {
+    ...(options.subagents !== undefined ? { subagents: options.subagents } : {}),
+    ...(options.now !== undefined ? { now: options.now } : {}),
+    ...(options.mode !== undefined ? { mode: options.mode } : {}),
+  })
 }
 
 export function parseCronFile(raw: unknown, options: ParseCronOptions = {}): ParseCronResult {
@@ -91,17 +120,9 @@ export function parseCronFile(raw: unknown, options: ParseCronOptions = {}): Par
     }
     seen.add(job.id)
 
-    try {
-      const expr = CronExpressionParser.parse(job.schedule, job.timezone ? { tz: job.timezone } : undefined)
-      // cron-parser validates the timezone lazily on first next() call, not at
-      // parse time, so we must force evaluation here to catch bogus zones.
-      expr.next()
-    } catch (err) {
-      const message = err instanceof Error ? err.message : String(err)
-      if (job.timezone && /invalid|unhandled timestamp|unrecognized/i.test(message)) {
-        return { ok: false, reason: `job ${job.id}: invalid timezone "${job.timezone}": ${message}` }
-      }
-      return { ok: false, reason: `job ${job.id}: invalid schedule "${job.schedule}": ${message}` }
+    const timingError = validateTiming(job, options.now ?? Date.now(), options.mode ?? 'load')
+    if (timingError !== null) {
+      return { ok: false, reason: `job ${job.id}: ${timingError}` }
     }
 
     if (job.scheduledByRole === undefined) {
@@ -128,6 +149,72 @@ export function parseCronFile(raw: unknown, options: ParseCronOptions = {}): Par
   return { ok: true, file }
 }
 
+type TimingJob = {
+  schedule?: string | undefined
+  at?: string | undefined
+  until?: string | undefined
+  count?: number | undefined
+  timezone?: string | undefined
+  enabled: boolean
+}
+
+function validateTiming(job: TimingJob, now: number = Date.now(), mode: ParseCronMode = 'load'): string | null {
+  const hasSchedule = job.schedule !== undefined
+  const hasAt = job.at !== undefined
+  if (hasSchedule === hasAt) {
+    return `must set exactly one of "schedule" (recurring) or "at" (one-shot)`
+  }
+
+  if (hasAt) {
+    if (job.timezone !== undefined) return `"timezone" is only valid with "schedule", not "at"`
+    if (job.until !== undefined) return `"until" is only valid with "schedule", not "at"`
+    if (job.count !== undefined && job.count !== 1) return `one-shot "at" jobs may only set "count": 1`
+    const at = parseInstant(job.at!)
+    if (at === null) return `invalid "at": "${job.at}" is not an ISO datetime with an explicit zone/offset`
+    // Reject a past reminder only on `edit`; `load` tolerates fired tombstones.
+    // See ParseCronMode for the full rationale.
+    if (mode === 'edit' && job.enabled && at <= now) return `"at" is in the past: "${job.at}"`
+    return null
+  }
+
+  let until: number | null = null
+  if (job.until !== undefined) {
+    until = parseInstant(job.until)
+    if (until === null) return `invalid "until": "${job.until}" is not an ISO datetime with an explicit zone/offset`
+    if (job.enabled && until <= now) return `"until" is in the past: "${job.until}"`
+  }
+
+  let firstFire: number
+  try {
+    const expr = CronExpressionParser.parse(job.schedule!, {
+      currentDate: new Date(now),
+      ...(job.timezone ? { tz: job.timezone } : {}),
+    })
+    firstFire = expr.next().getTime()
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err)
+    if (job.timezone && /invalid|unhandled timestamp|unrecognized/i.test(message)) {
+      return `invalid timezone "${job.timezone}": ${message}`
+    }
+    return `invalid schedule "${job.schedule}": ${message}`
+  }
+
+  if (job.enabled && until !== null && firstFire > until) {
+    return `schedule has no occurrence at or before "until" ("${job.until}")`
+  }
+
+  return null
+}
+
+// Accepts only absolute instants: an explicit `Z` or numeric offset is
+// required so "remind me at 9am" can never silently resolve to the host's
+// local zone. A bare `2026-06-09T09:00:00` (no zone) is rejected.
+function parseInstant(value: string): number | null {
+  if (!/[zZ]$|[+-]\d{2}:?\d{2}$/.test(value)) return null
+  const ms = Date.parse(value)
+  return Number.isNaN(ms) ? null : ms
+}
+
 function formatIssue(issue: { path: PropertyKey[]; message: string }): string {
   const path = issue.path.length > 0 ? issue.path.map(String).join('.') : '<root>'
   return `${path}: ${issue.message}`

package/src/doctor/channel-checks.ts

@@ -28,6 +28,7 @@ export function buildChannelChecks(): DoctorCheck[] {
     slackBotCredentials(),
     discordBotCredentials(),
     telegramBotCredentials(),
+    lineCredentials(),
     kakaotalkCredentials(),
     githubCredentials(),
     githubWebhookDelivery(),
@@ -64,6 +65,33 @@ function telegramBotCredentials(): DoctorCheck {
   }
 }
 
+function lineCredentials(): DoctorCheck {
+  return {
+    name: 'channel.line.credentials',
+    category: 'channels',
+    description: 'line adapter has at least one account in secrets.json',
+    applies: (ctx) => ctx.hasAgentFolder,
+    async run(ctx) {
+      const channels = readDeclaredChannels(ctx)
+      if (channels === null) return configInvalidResult()
+      if (!isAdapterActive(channels, 'line')) {
+        return { status: 'skipped', message: 'line not configured' }
+      }
+      const block = readChannelsSecrets(ctx)?.line
+      const accountCount = block?.accounts ? Object.keys(block.accounts).length : 0
+      if (accountCount === 0) {
+        return {
+          status: 'warning',
+          message: 'line has no accounts in secrets.json',
+          details: ['Adapter will start but fail authentication and stay disconnected.'],
+          fix: { description: 'Run `typeclaw channel add line` to log in an account.' },
+        }
+      }
+      return { status: 'ok', message: `line has ${accountCount} account(s)` }
+    },
+  }
+}
+
 function kakaotalkCredentials(): DoctorCheck {
   return {
     name: 'channel.kakaotalk.credentials',

package/src/hostd/daemon.ts

@@ -7,7 +7,7 @@ import type { Socket, UnixSocketListener } from 'bun'
 import type { PortForward } from '@/config'
 import { defaultDockerExec, type DockerExec } from '@/container'
 import type { PortForwardEvent } from '@/portbroker'
-import { kakaoChannelBlockSchema } from '@/secrets/schema'
+import { kakaoChannelBlockSchema, lineChannelBlockSchema } from '@/secrets/schema'
 import { SecretsBackend } from '@/secrets/storage'
 
 import { isDaemonReachable } from './client'
@@ -410,19 +410,27 @@ export async function startDaemon(opts: DaemonOptions = {}): Promise<Daemon> {
 
   const handleSecretsPatch = async (req: {
     containerName: string
-    patch: { channels: { kakaotalk: unknown } }
+    patch: { channels: { kakaotalk: unknown } | { line: unknown } }
   }): Promise<RpcResponse> =>
     runSerially(req.containerName, async () => {
       const cwd = cwds.get(req.containerName)
       if (!cwd) return { ok: false, reason: `not registered: ${req.containerName}` }
-      const parsed = kakaoChannelBlockSchema.safeParse(req.patch?.channels?.kakaotalk)
-      if (!parsed.success) {
-        return { ok: false, reason: parsed.error.issues.map((issue) => issue.message).join('; ') }
+      const channelsPatch = req.patch?.channels
+      // Exactly one personal-account channel block per patch. KakaoTalk and
+      // LINE both write their structured account block through this RPC; the
+      // key present in the patch selects which block to validate and merge.
+      const patch =
+        'line' in channelsPatch
+          ? { key: 'line' as const, parsed: lineChannelBlockSchema.safeParse(channelsPatch.line) }
+          : { key: 'kakaotalk' as const, parsed: kakaoChannelBlockSchema.safeParse(channelsPatch.kakaotalk) }
+      if (!patch.parsed.success) {
+        return { ok: false, reason: patch.parsed.error.issues.map((issue) => issue.message).join('; ') }
       }
+      const data = patch.parsed.data
       const backend = new SecretsBackend(join(cwd, 'secrets.json'))
       await backend.updateChannelsAsync(async (channels) => ({
         result: undefined,
-        next: { ...channels, kakaotalk: parsed.data },
+        next: { ...channels, [patch.key]: data },
       }))
       const result: SecretsPatchResult = { containerName: req.containerName, patched: true }
       return { ok: true, result }

package/src/hostd/protocol.ts

@@ -1,5 +1,5 @@
 import type { PortForward } from '@/config'
-import type { KakaoChannelBlock } from '@/secrets/schema'
+import type { KakaoChannelBlock, LineChannelBlock } from '@/secrets/schema'
 
 export type Request =
   | {
@@ -15,7 +15,11 @@ export type Request =
   | { kind: 'list' }
   | { kind: 'status'; containerName: string }
   | { kind: 'restart'; containerName: string; build?: boolean }
-  | { kind: 'secrets-patch'; containerName: string; patch: { channels: { kakaotalk: KakaoChannelBlock } } }
+  | {
+      kind: 'secrets-patch'
+      containerName: string
+      patch: { channels: { kakaotalk: KakaoChannelBlock } | { line: LineChannelBlock } }
+    }
   | { kind: 'http-info' }
   | { kind: 'version' }
   | { kind: 'shutdown' }

package/src/init/gitignore.ts

@@ -23,7 +23,7 @@ export const TRULY_IGNORED_PATTERNS = [
 // The reconciler MUST fail-closed and never untrack these, even if a custom
 // git.ignore.append pattern (e.g. `**`) matches them — doing so would drop
 // runtime-owned state out of git.
-export const SYSTEM_MANAGED_ROOTS = ['sessions/', 'memory/', 'channels/', 'todo/'] as const
+export const SYSTEM_MANAGED_ROOTS = ['sessions/', 'memory/', 'channels/', 'todo/', 'cron/'] as const
 
 export function buildGitignore(config: GitignoreConfig = { append: [] }): string {
   const customEntries = renderCustomGitignoreEntries(config.append)

package/src/init/index.ts

@@ -139,6 +139,9 @@ export type HatchRunner = (options: {
 
 export type KakaotalkAuthRunner = (options: { cwd: string }) => Promise<KakaotalkAuthResult>
 
+export type LineAuthResult = { ok: true } | { ok: false; reason: string }
+export type LineAuthRunner = (options: { cwd: string }) => Promise<LineAuthResult>
+
 // Discriminated by `kind` so the type system enforces "you can't pass an
 // API key to an OAuth provider, and you can't pass an OAuth runner to an
 // API-key provider". Optional model defaults to DEFAULT_MODEL_REF, which is
@@ -834,7 +837,7 @@ export async function hasExistingOAuthCredentials(root: string, providerId: Know
 // kakaotalk` anyway — better to re-auth now during init.
 export async function hasExistingChannelSecrets(
   root: string,
-  channel: 'discord' | 'slack' | 'telegram' | 'kakaotalk' | 'github',
+  channel: 'discord' | 'slack' | 'telegram' | 'line' | 'kakaotalk' | 'github',
 ): Promise<boolean> {
   const channels = new SecretsBackend(join(root, 'secrets.json')).tryReadChannelsSync()
   if (channels === null) return false
@@ -854,6 +857,21 @@ export async function hasExistingChannelSecrets(
       // surfaced as a hard error inside `runAddChannel` to prevent silent
       // overwrites.
       return false
+    case 'line': {
+      // A usable LINE block needs a current account whose record carries an
+      // auth_token. Unlike KakaoTalk there are no renewal fields (email +
+      // encrypted password) to require — LINE has no unattended renewal cron.
+      const block = channels.line
+      if (!isObjectRecord(block)) return false
+      const current = (block as { currentAccount?: unknown }).currentAccount
+      if (typeof current !== 'string' || current.length === 0) return false
+      const accounts = (block as { accounts?: unknown }).accounts
+      if (!isObjectRecord(accounts)) return false
+      const account = accounts[current]
+      if (!isObjectRecord(account)) return false
+      const authToken = (account as { auth_token?: unknown }).auth_token
+      return typeof authToken === 'string' && authToken.length > 0
+    }
     case 'kakaotalk': {
       const block = channels.kakaotalk
       if (!isObjectRecord(block)) return false
@@ -924,7 +942,7 @@ function ignoreExists(error: NodeJS.ErrnoException): void {
 // scaffold-test cases above demonstrates how easy it is to lose a single
 // behavior under a mode flag.
 
-export type ChannelKind = 'discord-bot' | 'slack-bot' | 'telegram-bot' | 'kakaotalk' | 'github'
+export type ChannelKind = 'discord-bot' | 'slack-bot' | 'telegram-bot' | 'line' | 'kakaotalk' | 'github'
 
 // Public adapter names match the typeclaw.json `channels.*` keys exactly.
 // The CLI takes these as the optional positional arg, the picker shows
@@ -934,15 +952,18 @@ export const CHANNEL_KINDS: ReadonlyArray<ChannelKind> = [
   'slack-bot',
   'discord-bot',
   'telegram-bot',
+  'line',
   'kakaotalk',
   'github',
 ]
 
-export type AddChannelStep = 'kakaotalk-auth' | 'config' | 'secrets' | 'github-webhooks'
+export type AddChannelStep = 'line-auth' | 'kakaotalk-auth' | 'config' | 'secrets' | 'github-webhooks'
 
 export type AddChannelStepEvent =
   | { step: 'config'; phase: 'start' }
   | { step: 'config'; phase: 'done' }
+  | { step: 'line-auth'; phase: 'start' }
+  | { step: 'line-auth'; phase: 'done'; result: LineAuthResult }
   | { step: 'kakaotalk-auth'; phase: 'start' }
   | { step: 'kakaotalk-auth'; phase: 'done'; result: KakaotalkAuthResult }
   | { step: 'secrets'; phase: 'start' }
@@ -960,6 +981,7 @@ export type AddChannelOptions = {
   | { channel: 'discord-bot'; discordBotToken: string }
   | { channel: 'slack-bot'; slackBotToken: string; slackAppToken: string }
   | { channel: 'telegram-bot'; telegramBotToken: string }
+  | { channel: 'line'; runLineAuth: LineAuthRunner }
   | { channel: 'kakaotalk'; runKakaotalkAuth: KakaotalkAuthRunner }
   | {
       channel: 'github'
@@ -986,6 +1008,13 @@ export async function runAddChannel(options: AddChannelOptions): Promise<void> {
   // drops messages — the same trap `runInit` already guards against. Aborting
   // before any file write means the user's next `typeclaw channel add
   // kakaotalk` retry has no half-applied state to clean up.
+  if (options.channel === 'line') {
+    emit({ step: 'line-auth', phase: 'start' })
+    const result = await options.runLineAuth({ cwd: options.cwd })
+    emit({ step: 'line-auth', phase: 'done', result })
+    if (!result.ok) throw new Error(`LINE authentication failed: ${result.reason}`)
+  }
+
   if (options.channel === 'kakaotalk') {
     emit({ step: 'kakaotalk-auth', phase: 'start' })
     const result = await options.runKakaotalkAuth({ cwd: options.cwd })
@@ -1065,6 +1094,10 @@ function channelSecretsFromOptions(options: AddChannelOptions): ChannelSecrets {
       return { botToken: options.slackBotToken, appToken: options.slackAppToken }
     case 'telegram-bot':
       return { token: options.telegramBotToken }
+    case 'line':
+      // LINE auth writes its structured account block directly to
+      // secrets.json#channels.line before config mutation.
+      return {}
     case 'kakaotalk':
       // KakaoTalk auth writes its structured multi-account block directly to
       // secrets.json#channels.kakaotalk before config mutation.