typeclaw 0.36.8 → 0.37.1

package/src/portbroker/container-server.ts

@@ -2,6 +2,7 @@ import { readFile } from 'node:fs/promises'
 
 import type { ServerWebSocket } from 'bun'
 
+import type { ForwardRequestEvent } from './forward-request-bus'
 import { parseProcNetTcp } from './proc-net-tcp'
 import { decodeBytes, encodeBytes, type ContainerToHostd, type HostdToContainer, type StreamId } from './protocol'
 
@@ -23,6 +24,7 @@ export type ContainerBrokerOptions = {
   // to the host side. Without it, code that picks an in-container port has no
   // way to detect host-side EADDRINUSE collisions across containers.
   onForwardResult?: (event: ForwardResultEvent) => void
+  onForwardRequestSubscribe?: (cb: (event: ForwardRequestEvent) => void) => () => void
 }
 
 export type ForwardResultEvent =
@@ -72,6 +74,8 @@ export function createContainerBroker(opts: ContainerBrokerOptions): ContainerBr
   }
 
   const sessions = new WeakMap<BrokerSocket, SessionState>()
+  const sockets = new Set<BrokerSocket>()
+  const reserved = new Map<number, ForwardRequestEvent>()
 
   const send = (ws: BrokerSocket, msg: ContainerToHostd): void => {
     try {
@@ -98,6 +102,22 @@ export function createContainerBroker(opts: ContainerBrokerOptions): ContainerBr
     }
   }
 
+  const sendReservedRequest = (ws: BrokerSocket, request: ForwardRequestEvent): void => {
+    send(ws, {
+      type: 'port-forward-request',
+      targetPort: request.targetPort,
+      hostCandidates: request.hostCandidates,
+      ...(request.reason !== undefined ? { reason: request.reason } : {}),
+    })
+  }
+
+  opts.onForwardRequestSubscribe?.((event) => {
+    reserved.set(event.targetPort, event)
+    for (const ws of sockets) {
+      if (ws.data.authed) sendReservedRequest(ws, event)
+    }
+  })
+
   const tickWatcher = async (ws: BrokerSocket, state: SessionState): Promise<void> => {
     const next = await snapshotPorts()
     for (const [port, bindAddr] of next) {
@@ -158,6 +178,7 @@ export function createContainerBroker(opts: ContainerBrokerOptions): ContainerBr
   return {
     open(ws) {
       sessions.set(ws, { pollTimer: null, lastSnapshot: new Map(), upstreams: new Map() })
+      sockets.add(ws)
     },
 
     async message(ws, raw) {
@@ -187,6 +208,7 @@ export function createContainerBroker(opts: ContainerBrokerOptions): ContainerBr
         ws.data.authed = true
         log({ kind: 'authed' })
         send(ws, { type: 'broker-hello-ack' })
+        for (const request of reserved.values()) sendReservedRequest(ws, request)
         return
       }
 
@@ -252,6 +274,7 @@ export function createContainerBroker(opts: ContainerBrokerOptions): ContainerBr
         } catch {}
       }
       state.upstreams.clear()
+      sockets.delete(ws)
       sessions.delete(ws)
     },
   }

package/src/portbroker/forward-request-bus.ts

@@ -0,0 +1,35 @@
+// In-process event bus for explicit container→host forward requests. The
+// agent-browser plugin runs in the same process as the container broker but
+// does not hold a broker handle, so it publishes here and run/index wires the
+// bus into createContainerBroker.
+
+export type ForwardRequestEvent = {
+  targetPort: number
+  hostCandidates: number[]
+  reason?: string
+}
+
+type Subscriber = (event: ForwardRequestEvent) => void
+
+const subscribers = new Set<Subscriber>()
+
+export function publishForwardRequest(event: ForwardRequestEvent): void {
+  for (const sub of subscribers) {
+    try {
+      sub(event)
+    } catch {
+      // Subscriber failures must not block peer subscribers.
+    }
+  }
+}
+
+export function subscribeForwardRequest(cb: Subscriber): () => void {
+  subscribers.add(cb)
+  return () => {
+    subscribers.delete(cb)
+  }
+}
+
+export function __resetForwardRequestBus(): void {
+  subscribers.clear()
+}

package/src/portbroker/forward-result-bus.ts

@@ -1,9 +1,8 @@
 // In-process event bus for `port-forward-result` events emitted by the
 // host-side broker over the WS to the container side. Lives as a module-level
 // singleton so the run-loop wiring (src/run/index.ts) can publish events from
-// the broker callback while consumers (e.g. the agent-browser plugin's
-// bind-with-forward retry loop) subscribe by importing this module without
-// needing a reference to the ContainerBroker itself.
+// the broker callback while consumers subscribe by importing this module
+// without needing a reference to the ContainerBroker itself.
 //
 // Tests should call `__resetForwardResultBus()` in afterEach so subscriptions
 // from a previous test don't leak.

package/src/portbroker/hostd-client.ts

@@ -85,13 +85,21 @@ export function createBroker(opts: BrokerOptions): Broker {
   const listenHost = opts.listenHost ?? defaultListenHost
 
   type ForwarderState = {
-    port: number
+    targetPort: number
+    hostPort: number
     bindAddr: BindAddr
+    reserved: boolean
     listener: HostListener
     streams: Map<StreamId, { sock: HostSocket; opened: boolean; pending: Uint8Array[] }>
   }
 
   const forwarders = new Map<number, ForwarderState>()
+  const reservedTargets = new Map<number, number>()
+  // Targets claimed by a reserved forward whose host bind is still in flight.
+  // Marked synchronously BEFORE awaiting listenHost() so a concurrent
+  // port-listen snapshot/opened for the same target cannot slip past the
+  // reserved guard and install a competing auto-forward during the await.
+  const pendingReservedTargets = new Set<number>()
   let ws: WsClient | null = null
   let nextStreamId: StreamId = 1
   let stopped = false
@@ -112,8 +120,8 @@ export function createBroker(opts: BrokerOptions): Broker {
     }
   }
 
-  const closeStream = (port: number, streamId: StreamId, sendClose: boolean): void => {
-    const fwd = forwarders.get(port)
+  const closeStream = (hostPort: number, streamId: StreamId, sendClose: boolean): void => {
+    const fwd = forwarders.get(hostPort)
     if (!fwd) return
     const stream = fwd.streams.get(streamId)
     if (!stream) return
@@ -124,7 +132,7 @@ export function createBroker(opts: BrokerOptions): Broker {
     if (sendClose && ws) ws.send({ type: 'relay-close', streamId, side: 'downstream' })
   }
 
-  const handleHostConnection = (port: number, sock: HostSocket): void => {
+  const handleHostConnection = (hostPort: number, sock: HostSocket): void => {
     if (!ws) {
       try {
         sock.end()
@@ -132,7 +140,7 @@ export function createBroker(opts: BrokerOptions): Broker {
       return
     }
     const streamId = allocStreamId()
-    const fwd = forwarders.get(port)
+    const fwd = forwarders.get(hostPort)
     if (!fwd) {
       try {
         sock.end()
@@ -153,53 +161,174 @@ export function createBroker(opts: BrokerOptions): Broker {
       }
     })
     sock.onClose(() => {
-      closeStream(port, streamId, true)
+      closeStream(hostPort, streamId, true)
     })
 
-    if (ws) ws.send({ type: 'relay-open', streamId, port })
+    if (ws) ws.send({ type: 'relay-open', streamId, port: fwd.targetPort })
   }
 
-  const installForwarder = async (port: number, bindAddr: BindAddr): Promise<void> => {
-    if (forwarders.has(port)) return
-    if (!shouldForward({ policy: opts.policy, port })) {
-      // Policy excluded the port. Tell the container so it can stop waiting
-      // (e.g. the agent-browser plugin's bind-with-forward retry loop). Without
-      // this, the container would block on the forward-result timeout for
-      // every policy-denied port.
-      if (ws) ws.send({ type: 'port-forward-result', port, ok: false, reason: 'policy excluded' })
+  const isReservedTarget = (targetPort: number): boolean =>
+    reservedTargets.has(targetPort) || pendingReservedTargets.has(targetPort)
+
+  const hasAutoForwarderForTarget = (targetPort: number): boolean => {
+    for (const fwd of forwarders.values()) {
+      if (!fwd.reserved && fwd.targetPort === targetPort) return true
+    }
+    return false
+  }
+
+  const installForwarder = async (targetPort: number, bindAddr: BindAddr): Promise<void> => {
+    if (isReservedTarget(targetPort)) return
+    // Dedup by targetPort, not the map key: the map is keyed by the bound host
+    // port, which diverges from targetPort on an ephemeral bind, so a
+    // `forwarders.has(targetPort)` guard would miss an existing forward and bind
+    // a second host listener for the same container port.
+    if (hasAutoForwarderForTarget(targetPort)) return
+    if (!shouldForward({ policy: opts.policy, port: targetPort })) {
+      // Policy excluded the port. Tell the container so consumers waiting on
+      // port-forward-result can surface a diagnostic instead of hanging.
+      if (ws) ws.send({ type: 'port-forward-result', port: targetPort, ok: false, reason: 'policy excluded' })
       return
     }
     try {
-      const listener = await listenHost(hostBind, port, {
-        onConnection: (sock) => handleHostConnection(port, sock),
+      // The host listen port — not targetPort — is the forwarders map key, so
+      // the connection callback must look up by it. They coincide for ordinary
+      // 1:1 auto-forwards but diverge whenever the OS reassigns the bind (e.g. a
+      // port-0 ephemeral bind), at which point routing by targetPort misses the
+      // map and silently drops the connection. Captured after the await; a
+      // connection can only arrive once the listener is bound.
+      let boundHostPort: number | undefined
+      const listener = await listenHost(hostBind, targetPort, {
+        onConnection: (sock) => {
+          if (boundHostPort === undefined) {
+            try {
+              sock.end()
+            } catch {}
+            return
+          }
+          handleHostConnection(boundHostPort, sock)
+        },
+      })
+      boundHostPort = listener.port
+      forwarders.set(boundHostPort, {
+        targetPort,
+        hostPort: boundHostPort,
+        bindAddr,
+        reserved: false,
+        listener,
+        streams: new Map(),
       })
-      forwarders.set(port, { port, bindAddr, listener, streams: new Map() })
-      emit({ kind: 'port-forward-opened', containerName: opts.containerName, port, bindAddr })
-      if (ws) ws.send({ type: 'port-forward-result', port, ok: true, hostPort: listener.port })
+      emit({
+        kind: 'port-forward-opened',
+        containerName: opts.containerName,
+        port: targetPort,
+        hostPort: boundHostPort,
+        bindAddr,
+      })
+      if (ws) ws.send({ type: 'port-forward-result', port: targetPort, ok: true, hostPort: boundHostPort })
     } catch (err) {
       const reason = err instanceof Error ? err.message : String(err)
-      log(`forward bind ${port}: ${reason}`)
-      emit({ kind: 'port-forward-failed', containerName: opts.containerName, port, reason })
-      if (ws) ws.send({ type: 'port-forward-result', port, ok: false, reason })
+      log(`forward bind ${targetPort}: ${reason}`)
+      emit({ kind: 'port-forward-failed', containerName: opts.containerName, port: targetPort, reason })
+      if (ws) ws.send({ type: 'port-forward-result', port: targetPort, ok: false, reason })
+    }
+  }
+
+  const installReservedForwarder = async (targetPort: number, hostCandidates: number[]): Promise<void> => {
+    const existingHostPort = reservedTargets.get(targetPort)
+    if (existingHostPort !== undefined) {
+      if (ws) ws.send({ type: 'port-forward-result', port: targetPort, ok: true, hostPort: existingHostPort })
+      return
+    }
+    if (!shouldForward({ policy: opts.policy, port: targetPort })) {
+      if (ws) ws.send({ type: 'port-forward-result', port: targetPort, ok: false, reason: 'policy excluded' })
+      return
+    }
+
+    // Claim the target and evict any auto-forward that already won the race
+    // before the reserved bind below yields control to the event loop.
+    pendingReservedTargets.add(targetPort)
+    removeAutoForwarderForTarget(targetPort, 'container-released')
+
+    let lastReason = 'no host candidates'
+    for (const hostPort of hostCandidates) {
+      try {
+        // `port` stays the in-container target; the host listen port is the
+        // forwarders map key the connection callback must route by. Reserved
+        // forwards deliberately allow the two to differ, so route by the actual
+        // bound port, captured after the await.
+        let boundHostPort: number | undefined
+        const listener = await listenHost(hostBind, hostPort, {
+          onConnection: (sock) => {
+            if (boundHostPort === undefined) {
+              try {
+                sock.end()
+              } catch {}
+              return
+            }
+            handleHostConnection(boundHostPort, sock)
+          },
+        })
+        boundHostPort = listener.port
+        forwarders.set(boundHostPort, {
+          targetPort,
+          hostPort: boundHostPort,
+          bindAddr: '127.0.0.1',
+          reserved: true,
+          listener,
+          streams: new Map(),
+        })
+        reservedTargets.set(targetPort, boundHostPort)
+        pendingReservedTargets.delete(targetPort)
+        emit({
+          kind: 'port-forward-opened',
+          containerName: opts.containerName,
+          port: targetPort,
+          hostPort: boundHostPort,
+          bindAddr: '127.0.0.1',
+        })
+        if (ws) ws.send({ type: 'port-forward-result', port: targetPort, ok: true, hostPort: boundHostPort })
+        return
+      } catch (err) {
+        lastReason = err instanceof Error ? err.message : String(err)
+        log(`reserved forward bind ${hostPort} for ${targetPort}: ${lastReason}`)
+      }
     }
+    pendingReservedTargets.delete(targetPort)
+    emit({ kind: 'port-forward-failed', containerName: opts.containerName, port: targetPort, reason: lastReason })
+    if (ws) ws.send({ type: 'port-forward-result', port: targetPort, ok: false, reason: lastReason })
   }
 
-  const removeForwarder = (port: number, reason: 'container-released' | 'host-error'): void => {
-    const fwd = forwarders.get(port)
+  const removeForwarder = (hostPort: number, reason: 'container-released' | 'host-error'): void => {
+    const fwd = forwarders.get(hostPort)
     if (!fwd) return
-    forwarders.delete(port)
+    forwarders.delete(hostPort)
+    if (fwd.reserved) reservedTargets.delete(fwd.targetPort)
     try {
       fwd.listener.stop()
     } catch {}
-    for (const [streamId] of fwd.streams) closeStream(port, streamId, false)
-    emit({ kind: 'port-forward-closed', containerName: opts.containerName, port, reason })
+    for (const [streamId] of fwd.streams) closeStream(hostPort, streamId, false)
+    emit({
+      kind: 'port-forward-closed',
+      containerName: opts.containerName,
+      port: fwd.targetPort,
+      hostPort: fwd.hostPort,
+      reason,
+    })
+  }
+
+  const removeAutoForwarderForTarget = (targetPort: number, reason: 'container-released' | 'host-error'): void => {
+    for (const [hostPort, fwd] of Array.from(forwarders)) {
+      if (!fwd.reserved && fwd.targetPort === targetPort) removeForwarder(hostPort, reason)
+    }
   }
 
   const teardownAllForwarders = (reason: 'broker-stopped' | 'deregistered' | 'host-error'): void => {
-    for (const port of Array.from(forwarders.keys())) {
-      const fwd = forwarders.get(port)
+    for (const hostPort of Array.from(forwarders.keys())) {
+      const fwd = forwarders.get(hostPort)
       if (!fwd) continue
-      forwarders.delete(port)
+      forwarders.delete(hostPort)
+      if (fwd.reserved) reservedTargets.delete(fwd.targetPort)
       try {
         fwd.listener.stop()
       } catch {}
@@ -209,7 +338,19 @@ export function createBroker(opts: BrokerOptions): Broker {
           stream?.sock.end()
         } catch {}
       }
-      emit({ kind: 'port-forward-closed', containerName: opts.containerName, port, reason })
+      emit({
+        kind: 'port-forward-closed',
+        containerName: opts.containerName,
+        port: fwd.targetPort,
+        hostPort: fwd.hostPort,
+        reason,
+      })
+    }
+  }
+
+  const teardownAutoForwarders = (reason: 'host-error'): void => {
+    for (const [hostPort, fwd] of Array.from(forwarders)) {
+      if (!fwd.reserved) removeForwarder(hostPort, reason)
     }
   }
 
@@ -228,14 +369,19 @@ export function createBroker(opts: BrokerOptions): Broker {
         return
       case 'port-listen-snapshot':
         for (const { port, bindAddr } of msg.ports) {
-          void installForwarder(port, bindAddr)
+          if (!isReservedTarget(port)) void installForwarder(port, bindAddr)
         }
         return
       case 'port-listen-opened':
+        if (isReservedTarget(msg.port)) return
         void installForwarder(msg.port, msg.bindAddr)
         return
       case 'port-listen-closed':
-        removeForwarder(msg.port, 'container-released')
+        if (isReservedTarget(msg.port)) return
+        removeAutoForwarderForTarget(msg.port, 'container-released')
+        return
+      case 'port-forward-request':
+        void installReservedForwarder(msg.targetPort, msg.hostCandidates)
         return
       case 'relay-open-ack': {
         const port = findStreamPort(msg.streamId)
@@ -303,7 +449,7 @@ export function createBroker(opts: BrokerOptions): Broker {
     client.onMessage(handleContainerMessage)
     client.onClose(() => {
       ws = null
-      teardownAllForwarders('host-error')
+      teardownAutoForwarders('host-error')
       scheduleReconnect()
     })
 
@@ -404,7 +550,7 @@ async function defaultConnectWs(url: string): Promise<WsClient> {
   })
 }
 
-function defaultListenHost(
+export function defaultListenHost(
   host: string,
   port: number,
   handlers: { onConnection: (sock: HostSocket) => void },

package/src/portbroker/index.ts

@@ -20,8 +20,13 @@ export {
   type UpstreamConnection,
   type UpstreamHandlers,
 } from './container-server'
+export {
+  __resetForwardRequestBus,
+  publishForwardRequest,
+  subscribeForwardRequest,
+  type ForwardRequestEvent,
+} from './forward-request-bus'
 export { __resetForwardResultBus, publishForwardResult, subscribeForwardResult } from './forward-result-bus'
-export { bindWithForward, type BindFactory, type BindResult, type BindWithForwardOptions } from './bind-with-forward'
 export {
   createBroker,
   type Broker,

package/src/portbroker/protocol.ts

@@ -15,6 +15,7 @@ export type HostdToContainer =
 export type ContainerToHostd =
   | { type: 'broker-hello-ack' }
   | { type: 'broker-hello-nack'; reason: string }
+  | { type: 'port-forward-request'; targetPort: number; hostCandidates: number[]; reason?: string }
   | { type: 'port-listen-snapshot'; ports: Array<{ port: number; bindAddr: BindAddr }> }
   | { type: 'port-listen-opened'; port: number; bindAddr: BindAddr }
   | { type: 'port-listen-closed'; port: number }
@@ -24,8 +25,14 @@ export type ContainerToHostd =
   | { type: 'relay-close'; streamId: StreamId; side: 'upstream' | 'downstream' }
 
 export type PortForwardEvent =
-  | { kind: 'port-forward-opened'; containerName: string; port: number; bindAddr: BindAddr }
-  | { kind: 'port-forward-closed'; containerName: string; port: number; reason: PortForwardCloseReason }
+  | { kind: 'port-forward-opened'; containerName: string; port: number; hostPort: number; bindAddr: BindAddr }
+  | {
+      kind: 'port-forward-closed'
+      containerName: string
+      port: number
+      hostPort: number
+      reason: PortForwardCloseReason
+    }
   | { kind: 'port-forward-failed'; containerName: string; port: number; reason: string }
 
 export type PortForwardCloseReason = 'container-released' | 'host-error' | 'deregistered' | 'broker-stopped'

package/src/run/channel-session-factory.ts

@@ -3,6 +3,7 @@ import { SessionManager } from '@mariozechner/pi-coding-agent'
 import { createSession as defaultCreateSession } from '@/agent'
 import type { LiveSessionRegistry } from '@/agent/live-sessions'
 import type { LiveSubagentRegistry } from '@/agent/live-subagents'
+import { sessionMetaPayload } from '@/agent/session-meta'
 import type { CreateSessionForSubagent, SubagentRegistry } from '@/agent/subagents'
 import { capJsonlFileInPlace } from '@/bundled-plugins/tool-result-cap/cap-jsonl'
 import type { CapOptions } from '@/bundled-plugins/tool-result-cap/cap-result'
@@ -70,6 +71,9 @@ export type BuildChannelSessionFactoryDeps = {
   subagentRegistry?: SubagentRegistry
   getCreateSessionForSubagent?: () => CreateSessionForSubagent
   liveSessionRegistry?: LiveSessionRegistry
+  // Forwarded to createSession: when true the `# Memory` section is omitted
+  // from the system prompt (vector agents inject memory per-turn instead).
+  suppressSystemMemory?: boolean
 }
 
 // Tight basename validation so a tampered or corrupt channels/sessions.json
@@ -137,10 +141,16 @@ export function buildChannelSessionFactory(deps: BuildChannelSessionFactoryDeps)
       ...(deps.getCreateSessionForSubagent !== undefined
         ? { createSessionForSubagent: deps.getCreateSessionForSubagent() }
         : {}),
+      ...(deps.suppressSystemMemory !== undefined ? { suppressSystemMemory: deps.suppressSystemMemory } : {}),
     })
 
     const sessionId = sessionManager.getSessionId()
-    deps.liveSessionRegistry?.register({ sessionId, session })
+    deps.liveSessionRegistry?.register({
+      sessionId,
+      session,
+      origin: sessionMetaPayload(origin).origin,
+      registeredAtMs: Date.now(),
+    })
 
     return {
       session,

package/src/run/index.ts

@@ -5,6 +5,7 @@ import { LiveSessionRegistry } from '@/agent/live-sessions'
 import { LiveSubagentRegistry } from '@/agent/live-subagents'
 import { requestContainerRestart } from '@/agent/restart'
 import { consumeRestartHandoff } from '@/agent/restart-handoff'
+import { sessionMetaPayload } from '@/agent/session-meta'
 import type { SessionOrigin } from '@/agent/session-origin'
 import {
   awaitWithSubagentTimeout,
@@ -18,6 +19,9 @@ import {
   type SubagentShared,
 } from '@/agent/subagents'
 import { clearTodosForOrigin } from '@/agent/todo/continuation-wiring'
+import { vectorEnabledFromMemoryConfig } from '@/bundled-plugins/memory/vector/config'
+import { embed, warmEmbedder } from '@/bundled-plugins/memory/vector/embedder'
+import { buildStartupVectorIndex } from '@/bundled-plugins/memory/vector/startup'
 import { resolveCapOptionsFromConfig } from '@/bundled-plugins/tool-result-cap'
 import {
   createChannelManager,
@@ -55,7 +59,7 @@ import { runStartupMigrations } from '@/migrations'
 import { loadPlugins, type LoadPluginsResult, pluginCronJobs, type PluginRegistry, summarizeLoaded } from '@/plugin'
 import { createPluginLogger } from '@/plugin/context'
 import type { CronHandlerContext } from '@/plugin/types'
-import { createContainerBroker, publishForwardResult } from '@/portbroker'
+import { createContainerBroker, publishForwardResult, subscribeForwardRequest } from '@/portbroker'
 import { formatChannelReloadSummary, ReloadRegistry } from '@/reload'
 import { createClaimController } from '@/role-claim'
 import {
@@ -157,6 +161,10 @@ export async function startAgent({
   const tuiTokenOpt = tuiToken !== undefined && tuiToken !== '' ? { tuiToken } : {}
 
   const pluginConfigsByName = loadPluginConfigsSync(cwd)
+  // Vector agents omit the system-prompt `# Memory` section and inject memory
+  // per-turn instead. Derived once here: `memory.vector.enabled` is
+  // restart-required, so a single boot read is coherent for the process.
+  const suppressSystemMemory = vectorEnabledFromMemoryConfig(pluginConfigsByName.memory)
   const cwdConfig = loadConfigSync(cwd)
   const githubTokenBridge = createGithubTokenBridge()
   const mcpManager =
@@ -215,6 +223,19 @@ export async function startAgent({
   // v2-only parser rejects the file and hydrate below sees no channels. Runs
   // exactly once per folder; a folder already at v2 is a no-op.
   runStartupMigrations(cwd)
+  if (suppressSystemMemory) {
+    await buildStartupVectorIndex(cwd, embed).catch((err) => {
+      console.warn(`[vector] startup index build failed: ${err instanceof Error ? err.message : String(err)}`)
+    })
+
+    // Warm the embedder now (even when the index needed no rebuild above, which
+    // skips embed() entirely) so the first channel turn's query embed doesn't
+    // pay the one-time ONNX init on its critical path. Non-fatal: a failure here
+    // degrades to the per-turn lazy load, same as before this step existed.
+    await warmEmbedder().catch((err) => {
+      console.warn(`[vector] embedder warm-up failed: ${err instanceof Error ? err.message : String(err)}`)
+    })
+  }
 
   // Channel adapters read `process.env[TOKEN_ENV]` (see channels/manager.ts).
   // Hydrate fills any unset env var from secrets.json#channels via env-wins:
@@ -280,6 +301,7 @@ export async function startAgent({
       stream,
       reloadRegistry,
       pluginRuntime,
+      suppressSystemMemory,
       getChannelRouter: () => channelManager.router,
       rehydrateCapOptions: resolveCapOptionsFromConfig(pluginConfigsByName['tool-result-cap']),
       permissions: pluginsLoaded.permissions,
@@ -394,7 +416,12 @@ export async function startAgent({
         ...(entry.pluginSubagent.bashPolicy !== undefined ? { bashPolicy: entry.pluginSubagent.bashPolicy } : {}),
         ...runtimeVersionOpt,
       })
-      liveSessionRegistry.register({ sessionId, session: created.session })
+      liveSessionRegistry.register({
+        sessionId,
+        session: created.session,
+        origin: sessionMetaPayload(origin).origin,
+        registeredAtMs: Date.now(),
+      })
       const originalDispose = created.dispose
       return {
         ...created,
@@ -412,7 +439,30 @@ export async function startAgent({
           : {}),
       }
     }
-    return defaultCreateSessionForSubagent(subagent, subagentOptions)
+    // Non-plugin (built-in) subagents — general/explore/scout/memory-logger/
+    // dreaming and anything spawned through the generic task path. They used to
+    // run with NO plugin tool.before/tool.after coverage, so their bash skipped
+    // the security guards AND the github-cli-auth GitHub-token injection — a
+    // generic subagent's `git push` got no minted token and died with "could
+    // not read Username" even when a GitHub App was configured. Thread the same
+    // hook bus the plugin-subagent branch uses, against a freshly allocated
+    // subagent session id (never the parent's, so hooks/audit/permission
+    // attribution stay per-session).
+    const sessionManager = SessionManager.create(cwd, sessionFactory.sessionDir())
+    return defaultCreateSessionForSubagent(subagent, {
+      ...subagentOptions,
+      plugins: {
+        registry: snap.registry,
+        hooks: snap.hooks,
+        sessionId: sessionManager.getSessionId(),
+        agentDir: cwd,
+      },
+      // Pass permissions alongside plugins (same as the plugin-subagent branch
+      // at line 384): without it the builtin-bash sandbox (applyBashSandbox /
+      // applyTmpPathRedirect) stays off and the subagent would get the injected
+      // token but no role-derived sandboxing.
+      permissions: pluginsLoaded.permissions,
+    })
   }
 
   const subagentConsumer = createSubagentConsumer({
@@ -485,6 +535,7 @@ export async function startAgent({
             containerName: containerNameOpt.containerName,
             sessionFactory,
             channelRouter: channelManager.router,
+            suppressSystemMemory,
             ...mcpManagerOpt,
           }),
         subagent: (subName: string, payload?: unknown) =>
@@ -525,6 +576,7 @@ export async function startAgent({
         channelRouter: channelManager.router,
         origin: cronOrigin,
         permissions: pluginsLoaded.permissions,
+        suppressSystemMemory,
         ...(refOverride !== undefined ? { refOverride } : {}),
         ...(snap.hasAnyPluginContent
           ? {
@@ -543,7 +595,12 @@ export async function startAgent({
         ...runtimeVersionOpt,
         ...mcpManagerOpt,
       })
-      liveSessionRegistry.register({ sessionId, session })
+      liveSessionRegistry.register({
+        sessionId,
+        session,
+        origin: sessionMetaPayload(cronOrigin).origin,
+        registeredAtMs: Date.now(),
+      })
       return {
         prompt: (text) => session.prompt(text),
         dispose: () => {
@@ -729,11 +786,10 @@ export async function startAgent({
               payload: { kind: 'portbroker-log', event },
             })
           },
-          // Re-publish to the in-process bus so consumers (today: the
-          // agent-browser plugin's bind-with-forward retry loop) can subscribe
-          // without holding a reference to the broker. See src/portbroker/
-          // forward-result-bus.ts for the contract.
+          // Re-publish to in-process buses so plugin code can talk to the
+          // broker without holding a ContainerBroker reference.
           onForwardResult: (event) => publishForwardResult(event),
+          onForwardRequestSubscribe: (cb) => subscribeForwardRequest(cb),
         })
       : undefined
   const containerBrokerOpt = containerBroker ? { containerBroker } : {}
@@ -749,6 +805,7 @@ export async function startAgent({
       outbound,
       sessionFactory,
       channelRouter: channelManager.router,
+      suppressSystemMemory,
       ...mcpManagerOpt,
     })