typeclaw 0.37.4 → 0.37.5

package/src/channels/adapters/github/index.ts

@@ -11,7 +11,7 @@ import { createDeliveryDedup } from './dedup'
 import { findPermissionGaps } from './event-permissions'
 import { createGithubFetchAttachmentCallback } from './fetch-attachment'
 import { createGithubHistoryCallback } from './history'
-import { createGithubWebhookHandler } from './inbound'
+import { createGithubWebhookHandler, processVerifiedGithubDelivery, type GithubWebhookHandlerOptions } from './inbound'
 import { applyManagedPath, buildManagedPath, resolveAgentId } from './managed-path'
 import { createGithubMembershipResolver } from './membership'
 import { createGithubOutboundCallback } from './outbound'
@@ -22,6 +22,7 @@ import {
 } from './permission-guidance'
 import { createGithubReactionCallback, createGithubRemoveReactionCallback } from './reactions'
 import { reconcileOpenPrs } from './reconcile-open-prs'
+import { createRecoveredGuidLog, recoverFailedGithubDeliveries } from './recover-failed-deliveries'
 import { createGithubReviewStateResolver } from './review-state'
 import { createGithubReviewThreadResolver } from './review-thread-resolver'
 import { createTeamMembershipChecker } from './team-membership'
@@ -67,6 +68,10 @@ export type GithubAdapterOptions = {
   // Test-only: replaces `setInterval` so tests can control when the
   // background refresh fires without waiting on real wall-clock time.
   setInterval?: (handler: () => void, ms: number) => { clear: () => void }
+  // How often to sweep each managed hook's GitHub delivery log for events whose
+  // inbound delivery failed (and that GitHub never redelivered), re-injecting
+  // them through the live event path. Zero disables the sweep. Default: 5 min.
+  deliveryRecoveryIntervalMs?: number
   // Write-side of the GithubTokenBridge. On App-auth start the adapter
   // registers a per-repo minter here so plugin hooks can resolve a token for
   // ad-hoc `gh` commands; it unregisters on stop and on start rollback. PAT
@@ -89,6 +94,12 @@ const consoleLogger: GithubAdapterLogger = {
 
 const DEFAULT_WEBHOOK_REGISTRATION_DELAY_MS = 2_000
 const DEFAULT_TOKEN_REFRESH_INTERVAL_MS = 30 * 60 * 1000
+const DEFAULT_DELIVERY_RECOVERY_INTERVAL_MS = 5 * 60 * 1000
+// GitHub retains the delivery log for 3 days; sweep a little under that so a
+// failed delivery is always still listable on the next interval.
+const DELIVERY_RECOVERY_LOOKBACK_MS = 70 * 60 * 60 * 1000
+// Bounds an LLM-session storm if a bad tunnel window drops a large burst.
+const MAX_RECOVERED_PER_SWEEP = 50
 
 export function createGithubAdapter(options: GithubAdapterOptions): GithubAdapter {
   const logger = options.logger ?? consoleLogger
@@ -105,8 +116,15 @@ export function createGithubAdapter(options: GithubAdapterOptions): GithubAdapte
   let started = false
   let managedHooks: ReadonlyArray<{ repo: string; hookId: number }> = []
   let tokenRefreshTimer: { clear: () => void } | null = null
+  let deliveryRecoveryTimer: { clear: () => void } | null = null
   let unregisterTokenBridge: (() => void) | null = null
   const workspaceByChat = new Map<string, string>()
+  const setIntervalFn =
+    options.setInterval ??
+    ((handler: () => void, ms: number) => {
+      const timer = setInterval(handler, ms)
+      return { clear: () => clearInterval(timer) }
+    })
 
   const rememberWorkspace = (workspace: string, chat: string): void => {
     workspaceByChat.set(chat, workspace)
@@ -174,7 +192,7 @@ export function createGithubAdapter(options: GithubAdapterOptions): GithubAdapte
         logger.error(`[github] route failed: ${err instanceof Error ? err.message : String(err)}`)
       })
   }
-  const handler = createGithubWebhookHandler({
+  const handlerOptions: GithubWebhookHandlerOptions = {
     webhookSecret,
     dedup,
     allowlist: () => options.configRef().eventAllowlist,
@@ -188,7 +206,8 @@ export function createGithubAdapter(options: GithubAdapterOptions): GithubAdapte
     fetchImpl,
     logger,
     route: routeInbound,
-  })
+  }
+  const handler = createGithubWebhookHandler(handlerOptions)
 
   return {
     async start(): Promise<void> {
@@ -251,12 +270,6 @@ export function createGithubAdapter(options: GithubAdapterOptions): GithubAdapte
               )
             })
           }
-          const setIntervalFn =
-            options.setInterval ??
-            ((handler: () => void, ms: number) => {
-              const timer = setInterval(handler, ms)
-              return { clear: () => clearInterval(timer) }
-            })
           tokenRefreshTimer = setIntervalFn(refresh, tokenRefreshIntervalMs)
         }
       } else {
@@ -355,10 +368,45 @@ export function createGithubAdapter(options: GithubAdapterOptions): GithubAdapte
           logger.warn(`[github] reconcile pass failed: ${err instanceof Error ? err.message : String(err)}`)
         })
       }
+      // Periodically recover inbound deliveries that failed at the tunnel and
+      // were never redelivered (the cloudflare-quick 502 loss). Registered only
+      // when we manage hooks to query, and driven by the same injectable timer
+      // as the token refresh. The first sweep fires after one interval — NOT
+      // inside start() — so start() stays free of surprise API traffic; the
+      // reconcile pass above already covers the review-needed case immediately.
+      const deliveryRecoveryIntervalMs = options.deliveryRecoveryIntervalMs ?? DEFAULT_DELIVERY_RECOVERY_INTERVAL_MS
+      if (managedHooks.length > 0 && deliveryRecoveryIntervalMs > 0) {
+        // Created once and captured by `sweep`, so recovery idempotency persists
+        // across ticks even when the shared live dedup evicts the guid.
+        const recoveredLog = createRecoveredGuidLog(DELIVERY_RECOVERY_LOOKBACK_MS)
+        const sweep = () => {
+          recoverFailedGithubDeliveries({
+            hooks: managedHooks,
+            token: (repoSlug: string) => auth.token({ repoSlug }),
+            process: (input) => processVerifiedGithubDelivery(handlerOptions, input),
+            alreadySeen: (guid: string) => dedup.has(guid),
+            recoveredLog,
+            lookbackMs: DELIVERY_RECOVERY_LOOKBACK_MS,
+            maxPerSweep: MAX_RECOVERED_PER_SWEEP,
+            logger,
+            fetchImpl,
+          }).catch((err: unknown) => {
+            logger.warn(`[github] delivery recovery sweep failed: ${err instanceof Error ? err.message : String(err)}`)
+          })
+        }
+        deliveryRecoveryTimer = setIntervalFn(sweep, deliveryRecoveryIntervalMs)
+      }
     },
     async stop(): Promise<void> {
       if (!started) return
       started = false
+      // Stop the recovery sweep first: its async work outlives the synchronous
+      // unregister calls below, and a tick landing mid-teardown would query a
+      // hook we're about to deregister and could route during shutdown.
+      if (deliveryRecoveryTimer !== null) {
+        deliveryRecoveryTimer.clear()
+        deliveryRecoveryTimer = null
+      }
       options.router.unregisterOutbound('github', outbound)
       options.router.unregisterReaction('github', reaction)
       options.router.unregisterRemoveReaction('github', removeReaction)

package/src/channels/adapters/github/recover-failed-deliveries.ts

@@ -0,0 +1,270 @@
+import { GITHUB_API_BASE, githubJsonHeaders } from './auth-pat'
+
+// Recovers webhook events whose delivery to our ingress FAILED and that GitHub
+// never successfully redelivered. The production failure mode is inbound-only: a
+// cloudflare-quick tunnel drops ~half its deliveries with 502 "failed to connect
+// to host", and GitHub does not auto-redeliver issue_comment events — so a
+// `@bot review please` comment is lost with no log entry and no reply.
+//
+// This sweep is OUTBOUND-only, so it never touches the broken inbound leg: it
+// lists each managed hook's delivery log, finds events with no successful
+// delivery, fetches the original payload from GitHub's authenticated deliveries
+// API, and feeds it through the SAME processVerifiedGithubDelivery core a live
+// webhook uses (passed in as `process`). It is a floor, not the primary path —
+// webhooks remain low-latency when delivery works; reconcile-open-prs.ts is the
+// sibling floor for review-state drift.
+
+export type ManagedHook = { repo: string; hookId: number }
+
+// Recovery-owned idempotency keyed by delivery GUID, retained for the FULL
+// lookback window. The shared live dedup cannot serve this alone: it is a
+// fixed 1000-entry LRU, so during a 70h lookback across many repos it can evict
+// a GUID we already recovered, after which the still-listed failed delivery
+// would be re-fetched and re-routed. This TTL log holds only RECOVERED GUIDs
+// (failed-then-recovered deliveries, a small set), expiring each exactly when it
+// also falls out of the scan window — so a recovered delivery is routed once
+// regardless of live-dedup churn. (The shared dedup still guards the live-vs-
+// sweep concurrency race; this guards cross-sweep durability.)
+export type RecoveredGuidLog = { has: (guid: string) => boolean; record: (guid: string) => void }
+
+export function createRecoveredGuidLog(ttlMs: number, now: () => number = Date.now): RecoveredGuidLog {
+  const expiresAt = new Map<string, number>()
+  return {
+    has(guid: string): boolean {
+      const expiry = expiresAt.get(guid)
+      if (expiry === undefined) return false
+      if (expiry <= now()) {
+        expiresAt.delete(guid)
+        return false
+      }
+      return true
+    },
+    record(guid: string): void {
+      const t = now()
+      for (const [g, expiry] of expiresAt) if (expiry <= t) expiresAt.delete(g)
+      expiresAt.set(guid, t + ttlMs)
+    },
+  }
+}
+
+export type RecoverFailedDeliveriesOptions = {
+  hooks: readonly ManagedHook[]
+  token: (repoSlug: string) => Promise<string>
+  // The shared processVerifiedGithubDelivery, bound to the adapter's handler
+  // options. `delivery` is the GUID; the core dedups, filters by allowlist,
+  // drops self-authored, and routes exactly as the live path does.
+  process: (input: { event: string; delivery: string; payload: Record<string, unknown> }) => Promise<void>
+  // Fast-path skip backed by the LIVE delivery dedup (shared with the webhook
+  // handler): a guid here was just routed live (or reserved by `process` on
+  // entry), so skip it. Best-effort only — it is a 1000-entry LRU and may evict
+  // within the lookback window, which is exactly why `recoveredLog` exists.
+  alreadySeen: (guid: string) => boolean
+  // Durable recovery idempotency for the whole lookback window (see
+  // createRecoveredGuidLog). Caller-owned so it persists across sweeps.
+  recoveredLog: RecoveredGuidLog
+  lookbackMs: number
+  maxPerSweep: number
+  logger: { info: (m: string) => void; warn: (m: string) => void }
+  now?: () => number
+  fetchImpl?: typeof fetch
+}
+
+export type RecoverOutcome = { recovered: number; scanned: number }
+
+export async function recoverFailedGithubDeliveries(options: RecoverFailedDeliveriesOptions): Promise<RecoverOutcome> {
+  const fetchImpl = options.fetchImpl ?? fetch
+  const now = options.now ?? Date.now
+  const cutoff = now() - options.lookbackMs
+  let recovered = 0
+  let scanned = 0
+
+  for (const hook of options.hooks) {
+    // maxPerSweep is a GLOBAL budget across all hooks (an LLM-session storm
+    // guard), so pass the remaining budget into each hook rather than letting
+    // every hook recover up to the full cap independently.
+    const remaining = options.maxPerSweep - recovered
+    if (remaining <= 0) break
+    const target = parseRepo(hook.repo)
+    if (target === null) {
+      options.logger.warn(`[github] recovery skipped malformed repo slug "${hook.repo}"`)
+      continue
+    }
+    try {
+      const result = await recoverHook(hook, target, cutoff, options, remaining, fetchImpl)
+      scanned += result.scanned
+      recovered += result.recovered
+      if (result.recovered > 0) {
+        options.logger.info(`[github] recovered ${result.recovered} missed delivery(s) on ${hook.repo}`)
+      }
+    } catch (err) {
+      // Per-hook isolation: one repo's token/list/detail failure must not abort
+      // the others. The next interval retries this hook.
+      options.logger.warn(`[github] delivery recovery failed for ${hook.repo}: ${describe(err)}`)
+    }
+  }
+  return { recovered, scanned }
+}
+
+async function recoverHook(
+  hook: ManagedHook,
+  target: RepoTarget,
+  cutoff: number,
+  options: RecoverFailedDeliveriesOptions,
+  budget: number,
+  fetchImpl: typeof fetch,
+): Promise<RecoverOutcome> {
+  const token = await options.token(hook.repo)
+  const deliveries = await listRecentDeliveries(fetchImpl, token, target, hook.hookId, cutoff)
+
+  // Any 2xx/3xx delivery for a guid means the event got through (e.g. GitHub
+  // auto-redelivered, or a manual redeliver succeeded). Never recover those.
+  const succeededGuids = new Set<string>()
+  for (const d of deliveries) {
+    if (isSuccess(d.statusCode)) succeededGuids.add(d.guid)
+  }
+
+  let recovered = 0
+  let scanned = 0
+  const handledThisSweep = new Set<string>()
+  for (const delivery of deliveries) {
+    if (recovered >= budget) break
+    if (isSuccess(delivery.statusCode)) continue
+    scanned += 1
+    const guid = delivery.guid
+    if (guid === '') continue
+    if (
+      succeededGuids.has(guid) ||
+      handledThisSweep.has(guid) ||
+      options.alreadySeen(guid) ||
+      options.recoveredLog.has(guid)
+    ) {
+      continue
+    }
+    handledThisSweep.add(guid)
+
+    const payload = await fetchDeliveryPayload(fetchImpl, token, target, hook.hookId, delivery.id)
+    if (payload === null) continue
+    await options.process({ event: delivery.event, delivery: guid, payload })
+    // Record AFTER process resolves: an unexpected throw leaves the guid
+    // unrecorded so the next sweep retries it. A no-op classify still records
+    // (process returned), so a non-routable failed delivery is not refetched.
+    options.recoveredLog.record(guid)
+    recovered += 1
+  }
+  return { recovered, scanned }
+}
+
+type RepoTarget = { owner: string; repo: string }
+
+type DeliverySummary = { id: number; guid: string; event: string; statusCode: number }
+
+async function listRecentDeliveries(
+  fetchImpl: typeof fetch,
+  token: string,
+  target: RepoTarget,
+  hookId: number,
+  cutoff: number,
+): Promise<DeliverySummary[]> {
+  const summaries: DeliverySummary[] = []
+  let url: string | null =
+    `${GITHUB_API_BASE}/repos/${target.owner}/${target.repo}/hooks/${hookId}/deliveries?per_page=100`
+  while (url !== null) {
+    const response = await fetchImpl(url, { headers: githubJsonHeaders(token) })
+    if (!response.ok) {
+      const body = await response.text().catch(() => '')
+      throw new Error(`GitHub deliveries ${response.status}${body !== '' ? `: ${body}` : ''}`)
+    }
+    const page = (await response.json().catch(() => null)) as DeliveryRow[] | null
+    if (page === null) throw new Error('GitHub deliveries returned non-JSON')
+    // Deliveries are newest-first; once a page's oldest entry predates the
+    // lookback cutoff we can stop paginating instead of walking the full log.
+    let reachedCutoff = false
+    for (const row of page) {
+      const parsed = parseDeliveryRow(row)
+      if (parsed === null) continue
+      if (parsed.deliveredAt !== null && parsed.deliveredAt < cutoff) {
+        reachedCutoff = true
+        continue
+      }
+      summaries.push(parsed.summary)
+    }
+    if (reachedCutoff) break
+    url = nextLink(response.headers.get('link'))
+  }
+  return summaries
+}
+
+async function fetchDeliveryPayload(
+  fetchImpl: typeof fetch,
+  token: string,
+  target: RepoTarget,
+  hookId: number,
+  deliveryId: number,
+): Promise<Record<string, unknown> | null> {
+  const response = await fetchImpl(
+    `${GITHUB_API_BASE}/repos/${target.owner}/${target.repo}/hooks/${hookId}/deliveries/${deliveryId}`,
+    { headers: githubJsonHeaders(token) },
+  )
+  if (!response.ok) return null
+  const raw = (await response.json().catch(() => null)) as { request?: { payload?: unknown } } | null
+  return coercePayload(raw?.request?.payload)
+}
+
+function coercePayload(value: unknown): Record<string, unknown> | null {
+  if (typeof value === 'string') {
+    try {
+      const parsed = JSON.parse(value) as unknown
+      return isRecord(parsed) ? parsed : null
+    } catch {
+      return null
+    }
+  }
+  return isRecord(value) ? value : null
+}
+
+// GitHub records a non-delivery (connection refused / DNS / tunnel down) as
+// status_code 0, and HTTP failures as 4xx/5xx. Treat 2xx and 3xx as success.
+function isSuccess(statusCode: number): boolean {
+  return statusCode >= 200 && statusCode < 400
+}
+
+type DeliveryRow = {
+  id?: unknown
+  guid?: unknown
+  event?: unknown
+  status_code?: unknown
+  delivered_at?: unknown
+}
+
+function parseDeliveryRow(row: DeliveryRow): { summary: DeliverySummary; deliveredAt: number | null } | null {
+  const id = typeof row.id === 'number' ? row.id : null
+  const guid = typeof row.guid === 'string' ? row.guid : null
+  const event = typeof row.event === 'string' ? row.event : null
+  const statusCode = typeof row.status_code === 'number' ? row.status_code : null
+  if (id === null || guid === null || event === null || statusCode === null) return null
+  const deliveredAt = typeof row.delivered_at === 'string' ? Date.parse(row.delivered_at) || null : null
+  return { summary: { id, guid, event, statusCode }, deliveredAt }
+}
+
+function parseRepo(slug: string): RepoTarget | null {
+  const [owner, repo, ...rest] = slug.trim().split('/')
+  if (owner === undefined || owner === '' || repo === undefined || repo === '' || rest.length > 0) return null
+  return { owner, repo }
+}
+
+function nextLink(linkHeader: string | null): string | null {
+  if (linkHeader === null) return null
+  for (const part of linkHeader.split(',')) {
+    const m = /<([^>]+)>;\s*rel="next"/.exec(part)
+    if (m !== null) return m[1] ?? null
+  }
+  return null
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === 'object' && value !== null && !Array.isArray(value)
+}
+
+function describe(err: unknown): string {
+  return err instanceof Error ? err.message : String(err)
+}

package/src/channels/adapters/kakaotalk.ts

@@ -1,3 +1,5 @@
+import { basename } from 'node:path'
+
 import {
   KakaoCredentialManager,
   KakaoTalkClient as RealKakaoTalkClient,
@@ -203,7 +205,9 @@ export function createOutboundCallback(deps: {
       try {
         items = await Promise.all(
           attachments.map(async (a) => {
-            const filename = a.filename ?? a.path.split('/').pop() ?? 'file'
+            // basename (not split('/')) so a native-Windows host's backslash
+            // attachment paths still yield just the filename (issue #899).
+            const filename = a.filename ?? (basename(a.path) || 'file')
             const data = await readFile(a.path)
             return { data, filename }
           }),

package/src/channels/adapters/mention-hints.ts

@@ -1,3 +1,5 @@
+import type { AdapterId } from '../schema'
+
 export type DiscordMentionUser = { id: string; username?: string; global_name?: string | null }
 
 export type MentionHintOptions = { botUserId?: string | null }
@@ -12,6 +14,21 @@ const SLACK_MENTION_PATTERN = /<@([UW][A-Z0-9]+)(?:\|[^>]*)?>/g
 // irrelevant to the target user, so it is captured but discarded on rewrite.
 const DISCORD_MENTION_PATTERN = /<@!?(\d+)>/g
 
+// User ids the agent addressed by @-mention in an outbound message, so the
+// router can grant them sticky credit (their reply answers us without a
+// re-mention). Only Slack (`<@U…>`) and Discord (`<@id>`) encode mentions as
+// raw id tokens that map 1:1 to an inbound `authorId`; Telegram (`@username`),
+// GitHub (`@login`), LINE and KakaoTalk have no token→authorId mapping here, so
+// they return [] by design and the caller falls back to existing rules.
+export function extractMentionedUserIds(adapter: AdapterId, text: string): string[] {
+  const pattern =
+    adapter === 'slack-bot' ? SLACK_MENTION_PATTERN : adapter === 'discord-bot' ? DISCORD_MENTION_PATTERN : null
+  if (pattern === null) return []
+  const ids = new Set<string>()
+  for (const match of text.matchAll(pattern)) ids.add(match[1]!)
+  return Array.from(ids)
+}
+
 export async function addSlackMentionHints(
   text: string,
   resolveUserName: (id: string) => Promise<string>,

package/src/channels/router.ts

@@ -24,6 +24,7 @@ import type { HookBus } from '@/plugin'
 import { extractClaimCode } from '@/role-claim'
 import type { Stream } from '@/stream'
 
+import { extractMentionedUserIds } from './adapters/mention-hints'
 import { formatChannelCommandHelp } from './commands'
 import { detectContinuationWillingness } from './continuation-willingness'
 import {
@@ -111,13 +112,18 @@ export const TYPING_HEARTBEAT_MS = 8000
 // turns a temporary status into a permanent-looking artifact.
 //
 // The cap is measured from `live.typingStartedAt`, which is refreshed by
-// two signals of life (see `bumpTypingActivity`):
+// these signals of life (see `bumpTypingActivity`):
 //   1. Each new `drain()` iteration (a new turn is starting).
 //   2. Each `tool_execution_end` from the agent session (a tool just
 //      completed — the prompt is progressing, not stuck).
-// A 2-minute bash command that emits no intermediate events still trips
-// the cap, but a chatty agent running long tools stays under it
-// indefinitely. The cap exists to catch *silence*, not duration.
+//   3. Each streaming token (`message_update` carrying a `text_delta` or
+//      `thinking_delta`) — the model is actively generating, even on a
+//      pure-text reply that calls no tools.
+// Signal 3 is what keeps a long conversational reply (no tool calls, just
+// minutes of streamed text or extended thinking) under the cap: without it,
+// such a turn emits no `tool_execution_end` and the indicator was paused
+// mid-generation. A genuinely stuck model call — no tokens, no tools — still
+// trips the cap. The cap exists to catch *silence*, not duration.
 export const MAX_TYPING_HEARTBEAT_MS = 2 * 60 * 1000
 
 // Idle GC: a LiveSession whose `lastInboundAt` is older than
@@ -260,6 +266,28 @@ export const EMPTY_TURN_RETRY_NUDGE = [
 // drop so the human is never left staring at dead air after a degenerate turn.
 export const EMPTY_TURN_FALLBACK_TEXT =
   "⚠️ I got stuck putting together a reply and couldn't finish. Could you rephrase or try again?"
+// Distinct from EMPTY_TURN_RETRY_NUDGE: that one diagnoses budget exhaustion
+// ("ran out of output budget"), which is FALSE for a clean `stop` with empty
+// text. This nudge names the real failure — a turn that ended sending nothing
+// to a message addressed to the agent in a one-on-one conversation — and steers
+// the model to either answer or record the silence explicitly (skip_response /
+// NO_REPLY) rather than ending empty again.
+export const COLD_START_REPLY_NUDGE = [
+  '---',
+  '**[SYSTEM MESSAGE — not from a human]**',
+  '',
+  'Your previous turn ended without sending anything, but the last message was',
+  'addressed to you in a direct, one-on-one conversation — ending silent there',
+  'reads as ignoring the person. This is an automated signal from the channel',
+  'router, not a message from anyone in the chat. **Do not acknowledge or reply',
+  'to this notice itself.**',
+  '',
+  'Answer the last user message now via your channel reply tool. If you truly',
+  'have nothing to add, call `skip_response({ reason })` (preferred) or end with',
+  'exactly `NO_REPLY` so the silence is recorded — do not just end empty.',
+  '',
+  '---',
+].join('\n')
 // At most one continuation nudge per logical turn. Stricter than the empty-turn
 // retry budget (2) because the turn ALREADY delivered a user-facing reply — this
 // is a one-shot correction offer, not recovery from no output.
@@ -772,6 +800,20 @@ type LiveSession = {
   // decision used, so the prompt nudge and sticky suppression agree on
   // "is this a multi-human group". Read by composeTurnPrompt().
   multiHumanGroup: boolean
+  // True when this live session was born from a cold-start (no persisted
+  // session existed — first contact or a stale-rollover after long idle), as
+  // opposed to rehydrating an existing session. Combined with `turnSeq === 0`
+  // it pinpoints the very first prompt of a freshly woken session.
+  createdFromColdStart: boolean
+  // Set in route() when the FIRST turn of a cold-start session engages via the
+  // solo-human "answer everything" fallback (not an explicit mention/reply/DM,
+  // not a multi-human group). Read by validateChannelTurn: a BARE-EMPTY stop on
+  // such a turn is a model whiff on a direct one-on-one question, not deliberate
+  // silence, so it earns an empty-turn retry instead of a silent no_reply.
+  // Recomputed on every engage, so it self-clears once turnSeq leaves the first
+  // turn; explicit NO_REPLY / skip_response and any turn that already sent stay
+  // on the historical silent path.
+  coldStartSoloFallbackTurnActive: boolean
   membershipFetch: Promise<MembershipCount | null> | null
   // Provider soft-error (`stopReason: 'error'`) captured during the current
   // turn, deferred to turn-end. Upstream surfaces transient errors (e.g.
@@ -1673,6 +1715,8 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
         consecutiveEngagedPeerBotTurns: 0,
         loopGuardActive: false,
         multiHumanGroup: false,
+        createdFromColdStart: isColdStart,
+        coldStartSoloFallbackTurnActive: false,
         membershipFetch,
         pendingProviderError: null,
         destroyed: false,
@@ -1888,8 +1932,15 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
 
   const subscribeTypingActivity = (session: AgentSession, live: LiveSession): (() => void) => {
     return session.subscribe((event) => {
-      if (event.type !== 'tool_execution_end') return
-      bumpTypingActivity(live)
+      if (event.type === 'tool_execution_end') {
+        bumpTypingActivity(live)
+        return
+      }
+      if (event.type !== 'message_update') return
+      const streamed = event.assistantMessageEvent.type
+      if (streamed === 'text_delta' || streamed === 'thinking_delta') {
+        bumpTypingActivity(live)
+      }
     })
   }
 
@@ -2557,7 +2608,8 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
 
     const membership = await membershipForEngagement(live)
 
-    live.multiHumanGroup = isMultiHumanGroup(event.isDm, countEffectiveHumans(live.participants, membership, now()))
+    const effectiveHumans = countEffectiveHumans(live.participants, membership, now())
+    live.multiHumanGroup = isMultiHumanGroup(event.isDm, effectiveHumans)
 
     const decision: EngagementDecision = decideEngagement({
       message: event,
@@ -2583,6 +2635,22 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
 
     publishInbound(event, 'engage', live.sessionId)
 
+    // Arm cold-start bare-empty recovery only for the exact incident shape: the
+    // FIRST prompt (`turnSeq === 0`) of a freshly cold-started session that
+    // engaged via the solo-human answer-everything fallback — a lone human, no
+    // explicit mention/reply/DM, not a multi-human group. Recomputed on every
+    // engage so it self-clears once the first turn advances `turnSeq`; explicit
+    // address (mention/reply/DM) keeps the historical silent-on-empty path.
+    live.coldStartSoloFallbackTurnActive =
+      live.createdFromColdStart &&
+      live.turnSeq === 0 &&
+      effectiveHumans <= 1 &&
+      !event.authorIsBot &&
+      !event.isDm &&
+      !event.isBotMention &&
+      event.replyToBotMessageId === null &&
+      !live.multiHumanGroup
+
     const engageReaction = autoReactOnEngage(event)
 
     updateLoopGuard(live, event)
@@ -3320,11 +3388,21 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
       const disengagedThisTurn = live.disengagedTurn !== null && live.disengagedTurn === live.turnSeq
       const adapterConfig = options.configForAdapter(msg.adapter)
       if (adapterConfig && !disengagedThisTurn) {
-        const targetIds = Array.from(
-          live.currentTurnAuthorIds.size > 0 ? live.currentTurnAuthorIds : live.lastTurnAuthorIds,
-        )
-        if (targetIds.length > 0) {
-          grantStickyForReplyTargets(stickyLedger, keyId, targetIds, adapterConfig.engagement, now())
+        const targets = new Set(live.currentTurnAuthorIds.size > 0 ? live.currentTurnAuthorIds : live.lastTurnAuthorIds)
+        // A user the agent addresses by @-mention is a reply target too: their
+        // next message answers us without re-mentioning the bot. Granting them
+        // sticky closes the gap where the agent asks "<@U123> can you confirm?"
+        // and that user's plain reply was observed until they re-pinged.
+        // Self-mentions (e.g. a quoted inbound) are excluded — we credit the
+        // OTHERS we addressed, not ourselves.
+        if (text !== undefined) {
+          const selfId = resolveSelfIdentity(live.key)?.id
+          for (const id of extractMentionedUserIds(msg.adapter, text)) {
+            if (id !== selfId) targets.add(id)
+          }
+        }
+        if (targets.size > 0) {
+          grantStickyForReplyTargets(stickyLedger, keyId, Array.from(targets), adapterConfig.engagement, now())
         }
       }
       const turnCount = live.consecutiveSends.get(sendKey) ?? 0
@@ -3597,6 +3675,36 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
     let assistantText = candidateText
 
     if (endsWithNoReplySignal(assistantText)) {
+      // A BARE-EMPTY stop (no visible text, not an explicit NO_REPLY token) on
+      // the armed cold-start solo-human fallback turn is the production "dropped
+      // the owner's first question" shape — a model whiff on a direct one-on-one
+      // question, not a deliberate decline. Give it the bounded empty-turn retry
+      // with a dedicated nudge; on exhaustion post the visible fallback so the
+      // human is never stranded on silence. Gated hard so deliberate silence
+      // still stays silent: explicit NO_REPLY (non-empty trim), any turn that
+      // already sent (successfulChannelSends moved), a queued fresh inbound (the
+      // next drain answers it), and every turn outside the armed cold-start solo
+      // path all fall through to the historical no_reply below.
+      if (
+        assistantText.trim() === '' &&
+        source === 'leaf' &&
+        live.coldStartSoloFallbackTurnActive &&
+        live.currentTurnAuthorId !== null &&
+        live.successfulChannelSends === successfulSendsBeforePrompt &&
+        live.promptQueue.length === 0
+      ) {
+        if (live.emptyTurnRetries < MAX_EMPTY_TURN_RETRIES) {
+          live.emptyTurnRetries++
+          logger.warn(
+            `[channels] ${live.keyId} empty_turn_retry attempt=${live.emptyTurnRetries}/${MAX_EMPTY_TURN_RETRIES} ` +
+              `cause=cold_start_solo_bare_empty`,
+          )
+          live.pendingSystemReminders.push(COLD_START_REPLY_NUDGE)
+          return
+        }
+        await postEmptyTurnFallback('cold_start_solo_bare_empty_retries_exhausted')
+        return
+      }
       const leakedReasoning = !isNoReplySignal(assistantText)
       logger.info(`[channels] ${live.keyId} no_reply${leakedReasoning ? ' (with_leaked_reasoning)' : ''}`)
       return

package/src/cli/dreams.ts

@@ -1,9 +1,9 @@
 import { defineCommand } from 'citty'
 
 import { type DreamEntry, renderListRow, runDreams, type ViewAction } from '@/dreams'
-import { findAgentDir } from '@/init'
 
 import { createEscController } from './inspect-controller'
+import { requireAgentDir } from './require-agent-dir'
 import { c, cancel, errorLine, isCancel, prepareStdinForClack } from './ui'
 
 const ESC_DEBOUNCE_MS = 50
@@ -31,7 +31,7 @@ export const dreamsCommand = defineCommand({
     },
   },
   async run({ args }) {
-    const cwd = findAgentDir(process.cwd()) ?? process.cwd()
+    const cwd = requireAgentDir()
     const color = useColor()
     const limit = parseLimit(args.limit)
     const interactive = isInteractive() && args.json !== true