volute 0.4.0 → 0.5.0

package/dist/daemon.js

@@ -1,30 +1,36 @@
 #!/usr/bin/env node
 import {
-  CHANNELS
-} from "./chunk-5OCWMTVS.js";
-import {
+  RotatingLog,
   clearJsonMap,
   getAgentManager,
   initAgentManager,
   loadJsonMap,
   saveJsonMap
-} from "./chunk-I6OHXCMV.js";
+} from "./chunk-MW2KFO3B.js";
 import {
-  collectPart,
-  logBuffer,
-  logger_default,
-  readNdjson
-} from "./chunk-ZHCE4DPY.js";
+  checkForUpdate,
+  checkForUpdateCached,
+  getCurrentVersion
+} from "./chunk-5X7HGB6L.js";
+import {
+  CHANNELS
+} from "./chunk-SMISE4SV.js";
+import {
+  collectPart
+} from "./chunk-B3R6L2GW.js";
 import {
   readVoluteConfig,
   writeVoluteConfig
 } from "./chunk-NETNFBA5.js";
 import {
   loadMergedEnv
-} from "./chunk-DNOXHLE5.js";
+} from "./chunk-HE67X4T6.js";
 import {
   applyIsolation
-} from "./chunk-SOZA2TLP.js";
+} from "./chunk-UAVD2AHX.js";
+import {
+  resolveVoluteBin
+} from "./chunk-5SKQ6J7T.js";
 import {
   agentDir,
   checkHealth,
@@ -38,26 +44,21 @@ import {
   setAgentRunning,
   setVariantRunning,
   voluteHome
-} from "./chunk-3C2XR4IY.js";
+} from "./chunk-UX25Z2ND.js";
 import {
   __export
 } from "./chunk-K3NQKI34.js";
 
 // src/daemon.ts
 import { randomBytes } from "crypto";
-import { mkdirSync as mkdirSync2, readFileSync as readFileSync4, unlinkSync as unlinkSync2, writeFileSync as writeFileSync2 } from "fs";
-import { resolve as resolve9 } from "path";
+import { mkdirSync as mkdirSync2, readFileSync as readFileSync5, unlinkSync as unlinkSync2, writeFileSync as writeFileSync2 } from "fs";
+import { homedir } from "os";
+import { resolve as resolve10 } from "path";
+import { format } from "util";
 
 // src/lib/connector-manager.ts
 import { spawn } from "child_process";
-import {
-  createWriteStream,
-  existsSync as existsSync2,
-  mkdirSync,
-  readFileSync as readFileSync2,
-  unlinkSync,
-  writeFileSync
-} from "fs";
+import { existsSync as existsSync2, mkdirSync, readFileSync as readFileSync2, unlinkSync, writeFileSync } from "fs";
 import { dirname, resolve as resolve2 } from "path";
 
 // src/lib/connector-defs.ts
@@ -217,7 +218,7 @@ var ConnectorManager = class {
     }
     const logsDir = resolve2(agentDir2, ".volute", "logs");
     mkdirSync(logsDir, { recursive: true });
-    const logStream = createWriteStream(resolve2(logsDir, `${type}.log`), { flags: "a" });
+    const logStream = new RotatingLog(resolve2(logsDir, `${type}.log`));
     const agentEnv = loadMergedEnv(agentDir2);
     const prefix = `${type.toUpperCase()}_`;
     const connectorEnv = Object.fromEntries(
@@ -292,19 +293,19 @@ var ConnectorManager = class {
     const stopKey = `${agentName}:${type}`;
     this.stopping.add(stopKey);
     agentMap.delete(type);
-    await new Promise((resolve10) => {
-      tracked.child.on("exit", () => resolve10());
+    await new Promise((resolve11) => {
+      tracked.child.on("exit", () => resolve11());
       try {
         tracked.child.kill("SIGTERM");
       } catch {
-        resolve10();
+        resolve11();
       }
       setTimeout(() => {
         try {
           tracked.child.kill("SIGKILL");
         } catch {
         }
-        resolve10();
+        resolve11();
       }, 5e3);
     });
     this.stopping.delete(stopKey);
@@ -502,7 +503,15 @@ var Scheduler = class {
         console.error(`[scheduler] fired "${schedule.id}" for ${agentName}`);
       }
       try {
-        await res.body?.cancel();
+        const reader = res.body?.getReader();
+        if (reader) {
+          try {
+            while (!(await reader.read()).done) {
+            }
+          } finally {
+            reader.releaseLock();
+          }
+        }
       } catch {
       }
     } catch (err) {
@@ -539,18 +548,20 @@ import { migrate } from "drizzle-orm/libsql/migrator";
 var schema_exports = {};
 __export(schema_exports, {
   agentMessages: () => agentMessages,
+  conversationParticipants: () => conversationParticipants,
   conversations: () => conversations,
   messages: () => messages,
   sessions: () => sessions,
   users: () => users
 });
 import { sql } from "drizzle-orm";
-import { index, integer, sqliteTable, text } from "drizzle-orm/sqlite-core";
+import { index, integer, sqliteTable, text, uniqueIndex } from "drizzle-orm/sqlite-core";
 var users = sqliteTable("users", {
   id: integer("id").primaryKey({ autoIncrement: true }),
   username: text("username").unique().notNull(),
   password_hash: text("password_hash").notNull(),
   role: text("role").notNull().default("pending"),
+  user_type: text("user_type").notNull().default("human"),
   created_at: text("created_at").notNull().default(sql`(datetime('now'))`)
 });
 var conversations = sqliteTable(
@@ -586,6 +597,19 @@ var agentMessages = sqliteTable(
     index("idx_agent_messages_channel").on(table.agent, table.channel)
   ]
 );
+var conversationParticipants = sqliteTable(
+  "conversation_participants",
+  {
+    conversation_id: text("conversation_id").notNull().references(() => conversations.id, { onDelete: "cascade" }),
+    user_id: integer("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+    role: text("role").notNull().default("member"),
+    joined_at: text("joined_at").notNull().default(sql`(datetime('now'))`)
+  },
+  (table) => [
+    uniqueIndex("idx_cp_unique").on(table.conversation_id, table.user_id),
+    index("idx_cp_user_id").on(table.user_id)
+  ]
+);
 var sessions = sqliteTable("sessions", {
   id: text("id").primaryKey(),
   userId: integer("user_id").references(() => users.id, { onDelete: "cascade" }).notNull(),
@@ -628,12 +652,13 @@ async function getDb() {
 async function createUser(username, password) {
   const db2 = await getDb();
   const hash = hashSync(password, 10);
-  const [{ value }] = await db2.select({ value: count() }).from(users);
+  const [{ value }] = await db2.select({ value: count() }).from(users).where(eq(users.user_type, "human"));
   const role = value === 0 ? "admin" : "pending";
   const [result] = await db2.insert(users).values({ username, password_hash: hash, role }).returning({
     id: users.id,
     username: users.username,
     role: users.role,
+    user_type: users.user_type,
     created_at: users.created_at
   });
   return result;
@@ -642,6 +667,7 @@ async function verifyUser(username, password) {
   const db2 = await getDb();
   const row = await db2.select().from(users).where(eq(users.username, username)).get();
   if (!row) return null;
+  if (row.user_type === "agent") return null;
   if (!compareSync(password, row.password_hash)) return null;
   const { password_hash: _, ...user } = row;
   return user;
@@ -652,6 +678,7 @@ async function getUser(id) {
     id: users.id,
     username: users.username,
     role: users.role,
+    user_type: users.user_type,
     created_at: users.created_at
   }).from(users).where(eq(users.id, id)).get();
   return row ?? null;
@@ -662,6 +689,7 @@ async function getUserByUsername(username) {
     id: users.id,
     username: users.username,
     role: users.role,
+    user_type: users.user_type,
     created_at: users.created_at
   }).from(users).where(eq(users.username, username)).get();
   return row ?? null;
@@ -672,6 +700,7 @@ async function listUsers() {
     id: users.id,
     username: users.username,
     role: users.role,
+    user_type: users.user_type,
     created_at: users.created_at
   }).from(users).orderBy(users.created_at).all();
 }
@@ -681,9 +710,58 @@ async function listPendingUsers() {
     id: users.id,
     username: users.username,
     role: users.role,
+    user_type: users.user_type,
     created_at: users.created_at
   }).from(users).where(eq(users.role, "pending")).orderBy(users.created_at).all();
 }
+async function listUsersByType(userType) {
+  const db2 = await getDb();
+  return db2.select({
+    id: users.id,
+    username: users.username,
+    role: users.role,
+    user_type: users.user_type,
+    created_at: users.created_at
+  }).from(users).where(eq(users.user_type, userType)).orderBy(users.created_at).all();
+}
+async function getOrCreateAgentUser(agentName) {
+  const db2 = await getDb();
+  const existing = await db2.select({
+    id: users.id,
+    username: users.username,
+    role: users.role,
+    user_type: users.user_type,
+    created_at: users.created_at
+  }).from(users).where(and(eq(users.username, agentName), eq(users.user_type, "agent"))).get();
+  if (existing) return existing;
+  try {
+    const [result] = await db2.insert(users).values({
+      username: agentName,
+      password_hash: "!agent",
+      role: "agent",
+      user_type: "agent"
+    }).returning({
+      id: users.id,
+      username: users.username,
+      role: users.role,
+      user_type: users.user_type,
+      created_at: users.created_at
+    });
+    return result;
+  } catch (err) {
+    if (err instanceof Error && err.message.includes("UNIQUE constraint")) {
+      const retried = await db2.select({
+        id: users.id,
+        username: users.username,
+        role: users.role,
+        user_type: users.user_type,
+        created_at: users.created_at
+      }).from(users).where(and(eq(users.username, agentName), eq(users.user_type, "agent"))).get();
+      if (retried) return retried;
+    }
+    throw err;
+  }
+}
 async function approveUser(id) {
   const db2 = await getDb();
   await db2.update(users).set({ role: "user" }).where(and(eq(users.id, id), eq(users.role, "pending")));
@@ -733,7 +811,7 @@ var authMiddleware = createMiddleware(async (c, next) => {
   if (authHeader?.startsWith("Bearer ")) {
     const token = authHeader.slice(7);
     if (token && isValidDaemonToken(token)) {
-      c.set("user", { id: 0, username: "cli", role: "admin" });
+      c.set("user", { id: 0, username: "cli", role: "admin", user_type: "human" });
       await next();
       return;
     }
@@ -752,11 +830,55 @@ var authMiddleware = createMiddleware(async (c, next) => {
 // src/web/server.ts
 import { existsSync as existsSync7 } from "fs";
 import { readFile as readFile2, stat } from "fs/promises";
-import { dirname as dirname3, extname, resolve as resolve8 } from "path";
+import { dirname as dirname3, extname, resolve as resolve9 } from "path";
 import { serve } from "@hono/node-server";
 
+// src/lib/log-buffer.ts
+var LogBuffer = class {
+  entries = [];
+  maxSize = 1e3;
+  subscribers = /* @__PURE__ */ new Set();
+  append(entry) {
+    this.entries.push(entry);
+    if (this.entries.length > this.maxSize) {
+      this.entries.shift();
+    }
+    for (const sub of this.subscribers) {
+      sub(entry);
+    }
+  }
+  getEntries() {
+    return [...this.entries];
+  }
+  subscribe(fn) {
+    this.subscribers.add(fn);
+    return () => this.subscribers.delete(fn);
+  }
+};
+var logBuffer = new LogBuffer();
+
+// src/lib/logger.ts
+function write(level, msg, data) {
+  const entry = {
+    level,
+    msg,
+    ts: (/* @__PURE__ */ new Date()).toISOString(),
+    ...data ? { data } : {}
+  };
+  const line = JSON.stringify(entry);
+  process.stderr.write(`${line}
+`);
+  logBuffer.append(entry);
+}
+var log = {
+  info: (msg, data) => write("info", msg, data),
+  warn: (msg, data) => write("warn", msg, data),
+  error: (msg, data) => write("error", msg, data)
+};
+var logger_default = log;
+
 // src/web/app.ts
-import { Hono as Hono11 } from "hono";
+import { Hono as Hono13 } from "hono";
 import { bodyLimit } from "hono/body-limit";
 import { csrf } from "hono/csrf";
 import { HTTPException } from "hono/http-exception";
@@ -767,6 +889,47 @@ import { resolve as resolve5 } from "path";
 import { and as and2, desc, eq as eq3 } from "drizzle-orm";
 import { Hono } from "hono";
 import { stream } from "hono/streaming";
+
+// src/lib/ndjson.ts
+var MAX_BUFFER_SIZE = 1e6;
+async function* readNdjson(body) {
+  const reader = body.getReader();
+  const decoder = new TextDecoder();
+  let buffer = "";
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      buffer += decoder.decode(value, { stream: true });
+      if (buffer.length > MAX_BUFFER_SIZE) {
+        logger_default.warn("ndjson: buffer exceeded 1MB, resetting");
+        buffer = "";
+        continue;
+      }
+      const lines = buffer.split("\n");
+      buffer = lines.pop() || "";
+      for (const line of lines) {
+        if (!line.trim()) continue;
+        try {
+          yield JSON.parse(line);
+        } catch {
+          logger_default.warn("ndjson: skipping invalid line", { line: line.slice(0, 100) });
+        }
+      }
+    }
+    if (buffer.trim()) {
+      try {
+        yield JSON.parse(buffer);
+      } catch {
+        logger_default.warn("ndjson: skipping invalid line", { line: buffer.slice(0, 100) });
+      }
+    }
+  } finally {
+    reader.releaseLock();
+  }
+}
+
+// src/web/routes/agents.ts
 function getDaemonPort() {
   try {
     const data = JSON.parse(readFileSync3(resolve5(voluteHome(), "daemon.json"), "utf-8"));
@@ -784,10 +947,10 @@ async function getAgentStatus(name, port) {
   }
   const channels = [];
   channels.push({
-    name: CHANNELS.web.name,
-    displayName: CHANNELS.web.displayName,
+    name: CHANNELS.volute.name,
+    displayName: CHANNELS.volute.displayName,
     status: status === "running" ? "connected" : "disconnected",
-    showToolCalls: CHANNELS.web.showToolCalls
+    showToolCalls: CHANNELS.volute.showToolCalls
   });
   const connectorStatuses = getConnectorManager().getConnectorStatus(name);
   for (const cs of connectorStatuses) {
@@ -1049,6 +1212,14 @@ var credentialsSchema = z.object({
 var admin = new Hono2().use(authMiddleware).get("/users", async (c) => {
   const user = c.get("user");
   if (user.role !== "admin") return c.json({ error: "Forbidden" }, 403);
+  const agents = readRegistry();
+  for (const agent of agents) {
+    await getOrCreateAgentUser(agent.name);
+  }
+  const type = c.req.query("type");
+  if (type === "human" || type === "agent") {
+    return c.json(await listUsersByType(type));
+  }
   return c.json(await listUsers());
 }).get("/users/pending", async (c) => {
   const user = c.get("user");
@@ -1101,6 +1272,8 @@ var app2 = new Hono2().post("/register", zValidator("json", credentialsSchema),
 var auth_default = app2;
 
 // src/web/routes/chat.ts
+import { readFileSync as readFileSync4 } from "fs";
+import { resolve as resolve6 } from "path";
 import { zValidator as zValidator2 } from "@hono/zod-validator";
 import { Hono as Hono3 } from "hono";
 import { streamSSE } from "hono/streaming";
@@ -1108,7 +1281,7 @@ import { z as z2 } from "zod";
 
 // src/lib/conversations.ts
 import { randomUUID } from "crypto";
-import { and as and3, desc as desc2, eq as eq4, isNull, sql as sql2 } from "drizzle-orm";
+import { and as and3, desc as desc2, eq as eq4, inArray, isNull, sql as sql2 } from "drizzle-orm";
 async function createConversation(agentName, channel, opts) {
   const db2 = await getDb();
   const id = randomUUID();
@@ -1119,6 +1292,15 @@ async function createConversation(agentName, channel, opts) {
     user_id: opts?.userId ?? null,
     title: opts?.title ?? null
   });
+  if (opts?.participantIds && opts.participantIds.length > 0) {
+    await db2.insert(conversationParticipants).values(
+      opts.participantIds.map((uid, i) => ({
+        conversation_id: id,
+        user_id: uid,
+        role: i === 0 ? "owner" : "member"
+      }))
+    );
+  }
   return {
     id,
     agent_name: agentName,
@@ -1129,24 +1311,44 @@ async function createConversation(agentName, channel, opts) {
     updated_at: (/* @__PURE__ */ new Date()).toISOString()
   };
 }
-async function getConversationForUser(id, userId) {
+async function getParticipants(conversationId) {
   const db2 = await getDb();
-  const row = await db2.select().from(conversations).where(and3(eq4(conversations.id, id), eq4(conversations.user_id, userId))).get();
-  return row ?? null;
+  const rows = await db2.select({
+    userId: conversationParticipants.user_id,
+    username: users.username,
+    userType: users.user_type,
+    role: conversationParticipants.role
+  }).from(conversationParticipants).innerJoin(users, eq4(conversationParticipants.user_id, users.id)).where(eq4(conversationParticipants.conversation_id, conversationId)).all();
+  return rows;
+}
+async function isParticipant(conversationId, userId) {
+  const db2 = await getDb();
+  const row = await db2.select({ user_id: conversationParticipants.user_id }).from(conversationParticipants).where(
+    and3(
+      eq4(conversationParticipants.conversation_id, conversationId),
+      eq4(conversationParticipants.user_id, userId)
+    )
+  ).get();
+  return row != null;
+}
+async function listConversationsForUser(userId) {
+  const db2 = await getDb();
+  const participantRows = await db2.select({ conversation_id: conversationParticipants.conversation_id }).from(conversationParticipants).where(eq4(conversationParticipants.user_id, userId)).all();
+  if (participantRows.length === 0) return [];
+  const convIds = participantRows.map((r) => r.conversation_id);
+  return db2.select().from(conversations).where(inArray(conversations.id, convIds)).orderBy(desc2(conversations.updated_at)).all();
+}
+async function isParticipantOrOwner(conversationId, userId) {
+  if (await isParticipant(conversationId, userId)) return true;
+  const db2 = await getDb();
+  const row = await db2.select().from(conversations).where(and3(eq4(conversations.id, conversationId), eq4(conversations.user_id, userId))).get();
+  return row != null;
 }
 async function deleteConversationForUser(id, userId) {
-  const conv = await getConversationForUser(id, userId);
-  if (!conv) return false;
+  if (!await isParticipantOrOwner(id, userId)) return false;
   await deleteConversation(id);
   return true;
 }
-async function listConversations(agentName, opts) {
-  const db2 = await getDb();
-  if (opts?.userId != null) {
-    return db2.select().from(conversations).where(and3(eq4(conversations.agent_name, agentName), eq4(conversations.user_id, opts.userId))).orderBy(desc2(conversations.updated_at)).all();
-  }
-  return db2.select().from(conversations).where(eq4(conversations.agent_name, agentName)).orderBy(desc2(conversations.updated_at)).all();
-}
 async function addMessage(conversationId, role, senderName, content) {
   const db2 = await getDb();
   const serialized = JSON.stringify(content);
@@ -1182,6 +1384,34 @@ async function getMessages(conversationId) {
     return { ...row, content };
   });
 }
+async function listConversationsWithParticipants(userId) {
+  const convs = await listConversationsForUser(userId);
+  if (convs.length === 0) return [];
+  const db2 = await getDb();
+  const convIds = convs.map((c) => c.id);
+  const rows = await db2.select({
+    conversationId: conversationParticipants.conversation_id,
+    userId: users.id,
+    username: users.username,
+    userType: users.user_type,
+    role: conversationParticipants.role
+  }).from(conversationParticipants).innerJoin(users, eq4(conversationParticipants.user_id, users.id)).where(inArray(conversationParticipants.conversation_id, convIds));
+  const byConv = /* @__PURE__ */ new Map();
+  for (const r of rows) {
+    let arr = byConv.get(r.conversationId);
+    if (!arr) {
+      arr = [];
+      byConv.set(r.conversationId, arr);
+    }
+    arr.push({
+      userId: r.userId,
+      username: r.username,
+      userType: r.userType,
+      role: r.role
+    });
+  }
+  return convs.map((c) => ({ ...c, participants: byConv.get(c.id) ?? [] }));
+}
 async function deleteConversation(id) {
   const db2 = await getDb();
   await db2.delete(conversations).where(eq4(conversations.id, id));
@@ -1191,6 +1421,7 @@ async function deleteConversation(id) {
 var chatSchema = z2.object({
   message: z2.string().optional(),
   conversationId: z2.string().optional(),
+  sender: z2.string().optional(),
   images: z2.array(
     z2.object({
       media_type: z2.string(),
@@ -1198,18 +1429,59 @@ var chatSchema = z2.object({
     })
   ).optional()
 });
+function getDaemonUrl() {
+  const data = JSON.parse(readFileSync4(resolve6(voluteHome(), "daemon.json"), "utf-8"));
+  return `http://127.0.0.1:${data.port}`;
+}
+function daemonFetchInternal(path, body) {
+  const daemonUrl = getDaemonUrl();
+  const token = process.env.VOLUTE_DAEMON_TOKEN;
+  const headers = {
+    "Content-Type": "application/json",
+    Origin: daemonUrl
+  };
+  if (token) headers.Authorization = `Bearer ${token}`;
+  return fetch(`${daemonUrl}${path}`, { method: "POST", headers, body });
+}
+function accumulateEvent(content, event) {
+  if (event.type === "text") {
+    const last = content[content.length - 1];
+    if (last && last.type === "text") last.text += event.content;
+    else content.push({ type: "text", text: event.content });
+  } else if (event.type === "tool_use") {
+    content.push({ type: "tool_use", name: event.name, input: event.input });
+  } else if (event.type === "tool_result") {
+    content.push({
+      type: "tool_result",
+      output: event.output,
+      ...event.is_error ? { is_error: true } : {}
+    });
+  }
+}
+async function consumeAndPersist(res, conversationId, agentName) {
+  if (!res.body) {
+    console.warn(`[chat] no response body from ${agentName}`);
+    return [];
+  }
+  const assistantContent = [];
+  for await (const event of readNdjson(res.body)) {
+    accumulateEvent(assistantContent, event);
+    if (event.type === "done") break;
+  }
+  if (assistantContent.length === 0) return [];
+  try {
+    await addMessage(conversationId, "assistant", agentName, assistantContent);
+  } catch (err) {
+    console.error(`[chat] failed to persist conversation message from ${agentName}:`, err);
+  }
+  return assistantContent;
+}
 var app3 = new Hono3().post("/:name/chat", zValidator2("json", chatSchema), async (c) => {
   const name = c.req.param("name");
-  const [baseName, variantName] = name.split("@", 2);
+  const [baseName] = name.split("@", 2);
   const entry = findAgent(baseName);
   if (!entry) return c.json({ error: "Agent not found" }, 404);
-  let port = entry.port;
-  if (variantName) {
-    const variant = findVariant(baseName, variantName);
-    if (!variant) return c.json({ error: `Unknown variant: ${variantName}` }, 404);
-    port = variant.port;
-  }
-  const { getAgentManager: getAgentManager2 } = await import("./agent-manager-AUCKMGPR.js");
+  const { getAgentManager: getAgentManager2 } = await import("./agent-manager-PXBKA2GK.js");
   if (!getAgentManager2().isRunning(name)) {
     return c.json({ error: "Agent is not running" }, 409);
   }
@@ -1218,18 +1490,34 @@ var app3 = new Hono3().post("/:name/chat", zValidator2("json", chatSchema), asyn
     return c.json({ error: "message or images required" }, 400);
   }
   const user = c.get("user");
+  const agentUser = await getOrCreateAgentUser(baseName);
+  const senderName = user.id === 0 && body.sender ? body.sender : user.username;
   let conversationId = body.conversationId;
   if (conversationId) {
-    const conv = await getConversationForUser(conversationId, user.id);
-    if (!conv) return c.json({ error: "Conversation not found" }, 404);
+    if (user.id !== 0 && !await isParticipantOrOwner(conversationId, user.id)) {
+      return c.json({ error: "Conversation not found" }, 404);
+    }
   } else {
     const title = body.message ? body.message.slice(0, 80) : "Image message";
-    const conv = await createConversation(baseName, "web", {
-      userId: user.id,
-      title
+    const participantIds = [];
+    if (user.id !== 0) {
+      participantIds.push(user.id);
+    } else if (body.sender) {
+      const senderAgent = findAgent(body.sender);
+      if (senderAgent) {
+        const senderAgentUser = await getOrCreateAgentUser(body.sender);
+        participantIds.push(senderAgentUser.id);
+      }
+    }
+    participantIds.push(agentUser.id);
+    const conv = await createConversation(baseName, "volute", {
+      userId: user.id !== 0 ? user.id : void 0,
+      title,
+      participantIds
     });
     conversationId = conv.id;
   }
+  const channel = `volute:${conversationId}`;
   const contentBlocks = [];
   if (body.message) {
     contentBlocks.push({ type: "text", text: body.message });
@@ -1239,89 +1527,87 @@ var app3 = new Hono3().post("/:name/chat", zValidator2("json", chatSchema), asyn
       contentBlocks.push({ type: "image", media_type: img.media_type, data: img.data });
     }
   }
-  await addMessage(conversationId, "user", user.username, contentBlocks);
-  const db2 = await getDb();
-  await db2.insert(agentMessages).values({
-    agent: baseName,
-    channel: "web",
-    role: "user",
-    sender: user.username,
-    content: body.message ?? "[image]"
+  await addMessage(conversationId, "user", senderName, contentBlocks);
+  const participants = await getParticipants(conversationId);
+  const agentParticipants = participants.filter((p) => p.userType === "agent");
+  const participantNames = participants.map((p) => p.username);
+  const manager = getAgentManager2();
+  const runningAgents = agentParticipants.map((ap) => {
+    const agentKey = ap.username === baseName ? name : ap.username;
+    return manager.isRunning(agentKey) ? ap.username : null;
+  }).filter((n) => n !== null && n !== senderName);
+  if (runningAgents.length === 0) {
+    return c.json({ error: "No running agents in this conversation" }, 409);
+  }
+  const isDM = participants.length === 2;
+  const payload = JSON.stringify({
+    content: contentBlocks,
+    channel,
+    sender: senderName,
+    participants: participantNames,
+    participantCount: participants.length,
+    isDM
   });
-  let res;
-  try {
-    res = await fetch(`http://127.0.0.1:${port}/message`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        content: contentBlocks,
-        channel: "web",
-        sender: user.username
-      })
-    });
-  } catch (err) {
-    console.error(`[chat] agent ${name} unreachable on port ${port}:`, err);
-    return c.json({ error: "Agent is not reachable" }, 502);
-  }
-  if (!res.ok) {
-    return c.json({ error: `Agent responded with ${res.status}` }, res.status);
+  const responses = [];
+  for (const agentName of runningAgents) {
+    const targetName = agentName === baseName ? name : agentName;
+    try {
+      const res = await daemonFetchInternal(
+        `/api/agents/${encodeURIComponent(targetName)}/message`,
+        payload
+      );
+      if (res.ok && res.body) {
+        responses.push({ name: agentName, res });
+      } else {
+        const errorBody = await res.text().catch(() => "");
+        console.error(
+          `[chat] agent ${agentName} responded with ${res.status}: ${errorBody.slice(0, 500)}`
+        );
+      }
+    } catch (err) {
+      console.error(`[chat] agent ${agentName} unreachable via daemon:`, err);
+    }
   }
-  if (!res.body) {
-    return c.json({ error: "No response body from agent" }, 502);
+  if (responses.length === 0) {
+    return c.json({ error: "No agents reachable" }, 502);
   }
+  const primary = responses[0];
+  const secondary = responses.slice(1);
+  const secondaryPromises = secondary.map((s) => consumeAndPersist(s.res, conversationId, s.name));
   return streamSSE(c, async (stream2) => {
     await stream2.writeSSE({
-      data: JSON.stringify({ type: "meta", conversationId })
+      data: JSON.stringify({ type: "meta", conversationId, senderName: primary.name })
     });
     const assistantContent = [];
-    for await (const event of readNdjson(res.body)) {
-      await stream2.writeSSE({ data: JSON.stringify(event) });
-      if (event.type === "text") {
-        const last = assistantContent[assistantContent.length - 1];
-        if (last && last.type === "text") {
-          last.text += event.content;
-        } else {
-          assistantContent.push({ type: "text", text: event.content });
-        }
-      } else if (event.type === "tool_use") {
-        assistantContent.push({
-          type: "tool_use",
-          name: event.name,
-          input: event.input
-        });
-      } else if (event.type === "tool_result") {
-        assistantContent.push({
-          type: "tool_result",
-          output: event.output,
-          ...event.is_error ? { is_error: true } : {}
-        });
+    try {
+      for await (const event of readNdjson(primary.res.body)) {
+        await stream2.writeSSE({ data: JSON.stringify(event) });
+        accumulateEvent(assistantContent, event);
+        if (event.type === "done") break;
       }
-      if (event.type === "done") {
-        if (assistantContent.length > 0) {
-          await addMessage(conversationId, "assistant", baseName, assistantContent);
-          const textParts = [];
-          const toolParts = [];
-          for (const b of assistantContent) {
-            const part = collectPart(b);
-            if (part != null) {
-              if (b.type === "tool_use") toolParts.push(part);
-              else textParts.push(part);
-            }
-          }
-          const summary = [textParts.join(""), ...toolParts].filter(Boolean).join("\n");
-          if (summary) {
-            await db2.insert(agentMessages).values({
-              agent: baseName,
-              channel: "web",
-              role: "assistant",
-              sender: baseName,
-              content: summary
-            });
-          }
-        }
-        break;
+    } catch (err) {
+      console.error(`[chat] error streaming response from ${primary.name}:`, err);
+      await stream2.writeSSE({
+        data: JSON.stringify({ type: "error", message: "Stream interrupted" })
+      });
+    }
+    if (assistantContent.length > 0) {
+      try {
+        await addMessage(conversationId, "assistant", primary.name, assistantContent);
+      } catch (err) {
+        console.error(`[chat] failed to persist response from ${primary.name}:`, err);
       }
     }
+    const results = await Promise.allSettled(secondaryPromises);
+    for (let i = 0; i < results.length; i++) {
+      if (results[i].status === "rejected") {
+        console.error(
+          `[chat] secondary agent ${secondary[i].name} response failed:`,
+          results[i].reason
+        );
+      }
+    }
+    await stream2.writeSSE({ data: JSON.stringify({ type: "sync" }) });
   });
 });
 var chat_default = app3;
@@ -1398,19 +1684,79 @@ var app4 = new Hono4().get("/:name/connectors", (c) => {
 var connectors_default = app4;
 
 // src/web/routes/conversations.ts
+import { zValidator as zValidator3 } from "@hono/zod-validator";
 import { Hono as Hono5 } from "hono";
+import { z as z3 } from "zod";
+var createConvSchema = z3.object({
+  title: z3.string().optional(),
+  participantIds: z3.array(z3.number()).optional(),
+  participantNames: z3.array(z3.string()).optional()
+});
 var app5 = new Hono5().get("/:name/conversations", async (c) => {
   const name = c.req.param("name");
   const user = c.get("user");
-  const convs = await listConversations(name, { userId: user.id });
+  let lookupId = user.id;
+  if (user.id === 0) {
+    const agentUser = await getOrCreateAgentUser(name);
+    lookupId = agentUser.id;
+  }
+  const all = await listConversationsForUser(lookupId);
+  const convs = all.filter((c2) => c2.agent_name === name);
   return c.json(convs);
+}).post("/:name/conversations", zValidator3("json", createConvSchema), async (c) => {
+  const name = c.req.param("name");
+  const user = c.get("user");
+  const body = c.req.valid("json");
+  if (!body.participantIds?.length && !body.participantNames?.length) {
+    return c.json({ error: "participantIds or participantNames required" }, 400);
+  }
+  const agentUser = await getOrCreateAgentUser(name);
+  const participantSet = /* @__PURE__ */ new Set();
+  if (user.id !== 0) participantSet.add(user.id);
+  participantSet.add(agentUser.id);
+  for (const id of body.participantIds ?? []) participantSet.add(id);
+  if (body.participantNames) {
+    for (const pname of body.participantNames) {
+      const existing = await getUserByUsername(pname);
+      if (existing) {
+        participantSet.add(existing.id);
+        continue;
+      }
+      if (findAgent(pname)) {
+        const au = await getOrCreateAgentUser(pname);
+        participantSet.add(au.id);
+        continue;
+      }
+      return c.json({ error: `User not found: ${pname}` }, 400);
+    }
+  }
+  for (const id of participantSet) {
+    if (id === user.id || id === agentUser.id) continue;
+    const u = await getUser(id);
+    if (!u) return c.json({ error: `User ${id} not found` }, 400);
+  }
+  const conv = await createConversation(name, "volute", {
+    userId: user.id !== 0 ? user.id : void 0,
+    title: body.title,
+    participantIds: [...participantSet]
+  });
+  return c.json(conv, 201);
 }).get("/:name/conversations/:id/messages", async (c) => {
   const id = c.req.param("id");
   const user = c.get("user");
-  const conv = await getConversationForUser(id, user.id);
-  if (!conv) return c.json({ error: "Conversation not found" }, 404);
+  if (user.id !== 0 && !await isParticipantOrOwner(id, user.id)) {
+    return c.json({ error: "Conversation not found" }, 404);
+  }
   const msgs = await getMessages(id);
   return c.json(msgs);
+}).get("/:name/conversations/:id/participants", async (c) => {
+  const id = c.req.param("id");
+  const user = c.get("user");
+  if (!await isParticipantOrOwner(id, user.id)) {
+    return c.json({ error: "Conversation not found" }, 404);
+  }
+  const participants = await getParticipants(id);
+  return c.json(participants);
 }).delete("/:name/conversations/:id", async (c) => {
   const id = c.req.param("id");
   const user = c.get("user");
@@ -1423,18 +1769,18 @@ var conversations_default = app5;
 // src/web/routes/files.ts
 import { existsSync as existsSync5 } from "fs";
 import { readdir, readFile, writeFile } from "fs/promises";
-import { resolve as resolve6 } from "path";
-import { zValidator as zValidator3 } from "@hono/zod-validator";
+import { resolve as resolve7 } from "path";
+import { zValidator as zValidator4 } from "@hono/zod-validator";
 import { Hono as Hono6 } from "hono";
-import { z as z3 } from "zod";
+import { z as z4 } from "zod";
 var ALLOWED_FILES = /* @__PURE__ */ new Set(["SOUL.md", "MEMORY.md", "CLAUDE.md", "VOLUTE.md"]);
-var saveFileSchema = z3.object({ content: z3.string() });
+var saveFileSchema = z4.object({ content: z4.string() });
 var app6 = new Hono6().get("/:name/files", async (c) => {
   const name = c.req.param("name");
   const entry = findAgent(name);
   if (!entry) return c.json({ error: "Agent not found" }, 404);
   const dir = agentDir(name);
-  const homeDir = resolve6(dir, "home");
+  const homeDir = resolve7(dir, "home");
   if (!existsSync5(homeDir)) return c.json({ error: "Home directory missing" }, 404);
   const allFiles = await readdir(homeDir);
   const files = allFiles.filter((f) => f.endsWith(".md") && ALLOWED_FILES.has(f));
@@ -1448,13 +1794,13 @@ var app6 = new Hono6().get("/:name/files", async (c) => {
   const entry = findAgent(name);
   if (!entry) return c.json({ error: "Agent not found" }, 404);
   const dir = agentDir(name);
-  const filePath = resolve6(dir, "home", filename);
+  const filePath = resolve7(dir, "home", filename);
   if (!existsSync5(filePath)) {
     return c.json({ error: "File not found" }, 404);
   }
   const content = await readFile(filePath, "utf-8");
   return c.json({ filename, content });
-}).put("/:name/files/:filename", zValidator3("json", saveFileSchema), async (c) => {
+}).put("/:name/files/:filename", zValidator4("json", saveFileSchema), async (c) => {
   const name = c.req.param("name");
   const filename = c.req.param("filename");
   if (!ALLOWED_FILES.has(filename)) {
@@ -1463,7 +1809,7 @@ var app6 = new Hono6().get("/:name/files", async (c) => {
   const entry = findAgent(name);
   if (!entry) return c.json({ error: "Agent not found" }, 404);
   const dir = agentDir(name);
-  const filePath = resolve6(dir, "home", filename);
+  const filePath = resolve7(dir, "home", filename);
   const { content } = c.req.valid("json");
   await writeFile(filePath, content);
   return c.json({ ok: true });
@@ -1473,7 +1819,7 @@ var files_default = app6;
 // src/web/routes/logs.ts
 import { spawn as spawn2 } from "child_process";
 import { existsSync as existsSync6 } from "fs";
-import { resolve as resolve7 } from "path";
+import { resolve as resolve8 } from "path";
 import { Hono as Hono7 } from "hono";
 import { streamSSE as streamSSE2 } from "hono/streaming";
 var app7 = new Hono7().get("/:name/logs", async (c) => {
@@ -1481,7 +1827,7 @@ var app7 = new Hono7().get("/:name/logs", async (c) => {
   const entry = findAgent(name);
   if (!entry) return c.json({ error: "Agent not found" }, 404);
   const dir = agentDir(name);
-  const logFile = resolve7(dir, ".volute", "logs", "agent.log");
+  const logFile = resolve8(dir, ".volute", "logs", "agent.log");
   if (!existsSync6(logFile)) {
     return c.json({ error: "No log file found" }, 404);
   }
@@ -1500,9 +1846,9 @@ var app7 = new Hono7().get("/:name/logs", async (c) => {
     stream2.onAbort(() => {
       tail.kill();
     });
-    await new Promise((resolve10) => {
-      tail.on("exit", resolve10);
-      stream2.onAbort(resolve10);
+    await new Promise((resolve11) => {
+      tail.on("exit", resolve11);
+      stream2.onAbort(resolve11);
     });
   });
 });
@@ -1604,19 +1950,99 @@ var app9 = new Hono9().get("/logs", async (c) => {
       stream2.writeSSE({ data: JSON.stringify(entry) }).catch(() => {
       });
     });
-    await new Promise((resolve10) => {
+    await new Promise((resolve11) => {
       stream2.onAbort(() => {
         unsubscribe();
-        resolve10();
+        resolve11();
       });
     });
   });
 });
 var system_default = app9;
 
-// src/web/routes/variants.ts
+// src/web/routes/update.ts
+import { spawn as spawn3 } from "child_process";
 import { Hono as Hono10 } from "hono";
-var app10 = new Hono10().get("/:name/variants", async (c) => {
+var bin;
+var app10 = new Hono10().get("/update", async (c) => {
+  const result = await checkForUpdate();
+  return c.json(result);
+}).post("/update", requireAdmin, async (c) => {
+  bin ??= resolveVoluteBin();
+  const child = spawn3(bin, ["update"], {
+    stdio: "ignore",
+    detached: true
+  });
+  child.on("error", (err) => {
+    logger_default.error("Update process error", { error: err.message });
+  });
+  child.unref();
+  return c.json({ ok: true, message: "Updating..." });
+});
+var update_default = app10;
+
+// src/web/routes/user-conversations.ts
+import { zValidator as zValidator5 } from "@hono/zod-validator";
+import { Hono as Hono11 } from "hono";
+import { z as z5 } from "zod";
+var createSchema = z5.object({
+  title: z5.string().optional(),
+  participantNames: z5.array(z5.string()).min(1)
+});
+var app11 = new Hono11().use("*", authMiddleware).get("/", async (c) => {
+  const user = c.get("user");
+  const convs = await listConversationsWithParticipants(user.id);
+  return c.json(convs);
+}).get("/:id/messages", async (c) => {
+  const id = c.req.param("id");
+  const user = c.get("user");
+  if (user.id !== 0 && !await isParticipantOrOwner(id, user.id)) {
+    return c.json({ error: "Conversation not found" }, 404);
+  }
+  const msgs = await getMessages(id);
+  return c.json(msgs);
+}).post("/", zValidator5("json", createSchema), async (c) => {
+  const user = c.get("user");
+  const body = c.req.valid("json");
+  const participantIds = /* @__PURE__ */ new Set();
+  if (user.id !== 0) participantIds.add(user.id);
+  let firstAgentName;
+  for (const name of body.participantNames) {
+    const existing = await getUserByUsername(name);
+    if (existing) {
+      participantIds.add(existing.id);
+      if (!firstAgentName && existing.user_type === "agent") firstAgentName = name;
+      continue;
+    }
+    if (findAgent(name)) {
+      const au = await getOrCreateAgentUser(name);
+      participantIds.add(au.id);
+      if (!firstAgentName) firstAgentName = name;
+      continue;
+    }
+    return c.json({ error: `User not found: ${name}` }, 400);
+  }
+  if (!firstAgentName) {
+    return c.json({ error: "At least one agent participant is required" }, 400);
+  }
+  const conv = await createConversation(firstAgentName, "volute", {
+    userId: user.id !== 0 ? user.id : void 0,
+    title: body.title,
+    participantIds: [...participantIds]
+  });
+  return c.json(conv, 201);
+}).delete("/:id", async (c) => {
+  const id = c.req.param("id");
+  const user = c.get("user");
+  const deleted = await deleteConversationForUser(id, user.id);
+  if (!deleted) return c.json({ error: "Conversation not found" }, 404);
+  return c.json({ ok: true });
+});
+var user_conversations_default = app11;
+
+// src/web/routes/variants.ts
+import { Hono as Hono12 } from "hono";
+var app12 = new Hono12().get("/:name/variants", async (c) => {
   const name = c.req.param("name");
   const entry = findAgent(name);
   if (!entry) return c.json({ error: "Agent not found" }, 404);
@@ -1630,11 +2056,11 @@ var app10 = new Hono10().get("/:name/variants", async (c) => {
   );
   return c.json(results);
 });
-var variants_default = app10;
+var variants_default = app12;
 
 // src/web/app.ts
-var app11 = new Hono11();
-app11.onError((err, c) => {
+var app13 = new Hono13();
+app13.onError((err, c) => {
   if (err instanceof HTTPException) {
     return err.getResponse();
   }
@@ -1645,10 +2071,10 @@ app11.onError((err, c) => {
   });
   return c.json({ error: "Internal server error" }, 500);
 });
-app11.notFound((c) => {
+app13.notFound((c) => {
   return c.json({ error: "Not found" }, 404);
 });
-app11.use("*", async (c, next) => {
+app13.use("*", async (c, next) => {
   const start = Date.now();
   await next();
   const duration = Date.now() - start;
@@ -1659,15 +2085,28 @@ app11.use("*", async (c, next) => {
     duration
   });
 });
-app11.get("/api/health", (c) => {
-  return c.json({ ok: true, version: "0.1.0" });
+app13.get("/api/health", (c) => {
+  let version = "unknown";
+  let cached = null;
+  try {
+    version = getCurrentVersion();
+    cached = checkForUpdateCached();
+  } catch (err) {
+    logger_default.error("Health check error", { error: err.message });
+  }
+  return c.json({
+    ok: true,
+    version,
+    ...cached?.updateAvailable ? { updateAvailable: true, latest: cached.latest } : {}
+  });
 });
-app11.use("/api/*", bodyLimit({ maxSize: 10 * 1024 * 1024 }));
-app11.use("/api/*", csrf());
-app11.use("/api/agents/*", authMiddleware);
-app11.use("/api/system/*", authMiddleware);
-var routes = app11.route("/api/auth", auth_default).route("/api/system", system_default).route("/api/agents", agents_default).route("/api/agents", chat_default).route("/api/agents", connectors_default).route("/api/agents", schedules_default).route("/api/agents", logs_default).route("/api/agents", variants_default).route("/api/agents", files_default).route("/api/agents", conversations_default);
-var app_default = app11;
+app13.use("/api/*", bodyLimit({ maxSize: 10 * 1024 * 1024 }));
+app13.use("/api/*", csrf());
+app13.use("/api/agents/*", authMiddleware);
+app13.use("/api/conversations/*", authMiddleware);
+app13.use("/api/system/*", authMiddleware);
+var routes = app13.route("/api/auth", auth_default).route("/api/system", system_default).route("/api/system", update_default).route("/api/agents", agents_default).route("/api/agents", chat_default).route("/api/agents", connectors_default).route("/api/agents", schedules_default).route("/api/agents", logs_default).route("/api/agents", variants_default).route("/api/agents", files_default).route("/api/agents", conversations_default).route("/api/conversations", user_conversations_default);
+var app_default = app13;
 
 // src/web/server.ts
 var MIME_TYPES = {
@@ -1686,7 +2125,7 @@ async function startServer({
   let assetsDir = "";
   let searchDir = dirname3(new URL(import.meta.url).pathname);
   for (let i = 0; i < 5; i++) {
-    const candidate = resolve8(searchDir, "dist", "web-assets");
+    const candidate = resolve9(searchDir, "dist", "web-assets");
     if (existsSync7(candidate)) {
       assetsDir = candidate;
       break;
@@ -1696,7 +2135,8 @@ async function startServer({
   if (assetsDir) {
     app_default.get("*", async (c) => {
       const urlPath = new URL(c.req.url).pathname;
-      const filePath = resolve8(assetsDir, urlPath.slice(1));
+      if (urlPath.startsWith("/api/")) return c.notFound();
+      const filePath = resolve9(assetsDir, urlPath.slice(1));
       if (!filePath.startsWith(assetsDir)) return c.text("Forbidden", 403);
       const s = await stat(filePath).catch(() => null);
       if (s?.isFile()) {
@@ -1705,7 +2145,7 @@ async function startServer({
         const body = await readFile2(filePath);
         return c.body(body, 200, { "Content-Type": mime });
       }
-      const indexPath = resolve8(assetsDir, "index.html");
+      const indexPath = resolve9(assetsDir, "index.html");
       const indexStat = await stat(indexPath).catch(() => null);
       if (indexStat?.isFile()) {
         const body = await readFile2(indexPath, "utf-8");
@@ -1715,10 +2155,10 @@ async function startServer({
     });
   }
   const server = serve({ fetch: app_default.fetch, port, hostname });
-  await new Promise((resolve10, reject) => {
+  await new Promise((resolve11, reject) => {
     server.on("listening", () => {
       logger_default.info("Volute UI running", { hostname, port });
-      resolve10();
+      resolve11();
     });
     server.on("error", (err) => {
       reject(err);
@@ -1728,12 +2168,24 @@ async function startServer({
 }
 
 // src/daemon.ts
+if (!process.env.VOLUTE_HOME) {
+  process.env.VOLUTE_HOME = resolve10(homedir(), ".volute");
+}
 async function startDaemon(opts) {
   const { port, hostname } = opts;
   const myPid = String(process.pid);
   const home = voluteHome();
-  const DAEMON_PID_PATH = resolve9(home, "daemon.pid");
-  const DAEMON_JSON_PATH = resolve9(home, "daemon.json");
+  if (!opts.foreground) {
+    const log2 = new RotatingLog(resolve10(home, "daemon.log"));
+    const write2 = (...args) => log2.write(`${format(...args)}
+`);
+    console.log = write2;
+    console.error = write2;
+    console.warn = write2;
+    console.info = write2;
+  }
+  const DAEMON_PID_PATH = resolve10(home, "daemon.pid");
+  const DAEMON_JSON_PATH = resolve10(home, "daemon.json");
   mkdirSync2(home, { recursive: true });
   const token = process.env.VOLUTE_DAEMON_TOKEN || randomBytes(32).toString("hex");
   process.env.VOLUTE_DAEMON_TOKEN = token;
@@ -1786,13 +2238,13 @@ async function startDaemon(opts) {
   console.error(`[daemon] running on ${hostname}:${port}, pid ${myPid}`);
   function cleanup() {
     try {
-      if (readFileSync4(DAEMON_PID_PATH, "utf-8").trim() === myPid) {
+      if (readFileSync5(DAEMON_PID_PATH, "utf-8").trim() === myPid) {
         unlinkSync2(DAEMON_PID_PATH);
       }
     } catch {
     }
     try {
-      const data = JSON.parse(readFileSync4(DAEMON_JSON_PATH, "utf-8"));
+      const data = JSON.parse(readFileSync5(DAEMON_JSON_PATH, "utf-8"));
       if (data.token === token) {
         unlinkSync2(DAEMON_JSON_PATH);
       }