fix: scrub tool schemas for Cloud Code Assist (#567 ) (thanks @erikpr1994)

fix(agents): remove unsupported JSON Schema keywords for Cloud Code Assist API
Cloud Code Assist API requires strict JSON Schema draft 2020-12 compliance and rejects keywords like patternProperties, additionalProperties, $schema, $id, $ref, $defs, and definitions. This extends cleanSchemaForGemini to: - Remove all unsupported keywords from tool schemas - Add oneOf literal flattening (matching existing anyOf behavior) - Add test to verify no unsupported keywords remain in tool schemas
2026-01-09 14:07:11 +01:00 · 2026-01-09 13:53:47 +01:00 · 2026-01-09 12:48:42 +00:00 · 2026-01-09 12:44:29 +00:00 · 2026-01-09 12:44:29 +00:00 · 2026-01-09 12:43:00 +00:00
5789 changed files with 335287 additions and 820369 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,48 @@
+.git
+.worktrees
+.bun-cache
+.bun
+.tmp
+**/.tmp
+.DS_Store
+**/.DS_Store
+*.png
+*.jpg
+*.jpeg
+*.webp
+*.gif
+*.mp4
+*.mov
+*.wav
+*.mp3
+node_modules
+**/node_modules
+.pnpm-store
+**/.pnpm-store
+.turbo
+**/.turbo
+.cache
+**/.cache
+.next
+**/.next
+coverage
+**/coverage
+*.log
+tmp
+**/tmp
+
+# build artifacts
+dist
+**/dist
+apps/macos/.build
+apps/ios/build
+**/*.trace
+
+# large app trees not needed for CLI build
+apps/
+assets/
+Peekaboo/
+Swabble/
+Core/
+Users/
+vendor/
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
+* text=auto eol=lf
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,28 @@
+---
+name: Bug report
+about: Report a problem or unexpected behavior in Clawdbot.
+title: "[Bug]: "
+labels: bug
+---
+
+## Summary
+What went wrong?
+
+## Steps to reproduce
+1.
+2.
+3.
+
+## Expected behavior
+What did you expect to happen?
+
+## Actual behavior
+What actually happened?
+
+## Environment
+- Clawdbot version:
+- OS:
+- Install method (pnpm/npx/docker/etc):
+
+## Logs or screenshots
+Paste relevant logs or add screenshots (redact secrets).
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Onboarding
+    url: https://discord.gg/clawd
+    about: New to Clawdbot? Join Discord for setup guidance from Krill in #help.
+  - name: Support
+    url: https://discord.gg/clawd
+    about: Get help from Krill and the community on Discord in #help.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,18 @@
+---
+name: Feature request
+about: Suggest an idea or improvement for Clawdbot.
+title: "[Feature]: "
+labels: enhancement
+---
+
+## Summary
+Describe the problem you are trying to solve or the opportunity you see.
+
+## Proposed solution
+What would you like Clawdbot to do?
+
+## Alternatives considered
+Any other approaches you have considered?
+
+## Additional context
+Links, screenshots, or related issues.
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,45 +5,68 @@ on:
  pull_request:

 jobs:
-  build:
+  checks:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
-        runtime: [node, bun]
+        include:
+          - runtime: node
+            task: lint
+            command: pnpm lint
+          - runtime: node
+            task: test
+            command: pnpm test
+          - runtime: node
+            task: build
+            command: pnpm build
+          - runtime: node
+            task: protocol
+            command: pnpm protocol:check
+          - runtime: bun
+            task: lint
+            command: bunx biome check src
+          - runtime: bun
+            task: test
+            command: bunx vitest run
+          - runtime: bun
+            task: build
+            command: bunx tsc -p tsconfig.json
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
-          submodules: recursive
+          submodules: false
+
+      - name: Checkout submodules (retry)
+        run: |
+          set -euo pipefail
+          git submodule sync --recursive
+          for attempt in 1 2 3 4 5; do
+            if git -c protocol.version=2 submodule update --init --force --depth=1 --recursive; then
+              exit 0
+            fi
+            echo "Submodule update failed (attempt $attempt/5). Retrying…"
+            sleep $((attempt * 10))
+          done
+          exit 1

      - name: Setup Node.js
-        if: matrix.runtime == 'node'
        uses: actions/setup-node@v4
        with:
-          node-version: 22
+          node-version: 24
          check-latest: true

      - name: Setup Bun
-        if: matrix.runtime == 'bun'
        uses: oven-sh/setup-bun@v2
        with:
-          # bun.sh downloads currently fail with:
-          # "Failed to list releases from GitHub: 401" -> "Unexpected HTTP response: 400"
-          bun-download-url: "https://github.com/oven-sh/bun/releases/latest/download/bun-linux-x64.zip"
-
-      - name: Setup Node.js (tooling for bun)
-        if: matrix.runtime == 'bun'
-        uses: actions/setup-node@v4
-        with:
-          node-version: 22
-          check-latest: true
+          bun-version: latest

      - name: Runtime versions
        run: |
          node -v
          npm -v
-          if [ "${{ matrix.runtime }}" = "bun" ]; then bun -v; fi
+          bun -v

      - name: Capture node path
        run: echo "NODE_BIN=$(dirname \"$(node -p \"process.execPath\")\")" >> "$GITHUB_ENV"
@@ -64,41 +87,139 @@ jobs:
          pnpm -v
          pnpm install --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true || pnpm install --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true

-      - name: Lint (node)
-        if: matrix.runtime == 'node'
-        run: pnpm lint
+      - name: Run ${{ matrix.task }} (${{ matrix.runtime }})
+        run: ${{ matrix.command }}

-      - name: Test (node)
-        if: matrix.runtime == 'node'
-        run: pnpm test
-
-      - name: Build (node)
-        if: matrix.runtime == 'node'
-        run: pnpm build
-
-      - name: Protocol check (node)
-        if: matrix.runtime == 'node'
-        run: pnpm protocol:check
-
-      - name: Lint (bun)
-        if: matrix.runtime == 'bun'
-        run: bunx biome check src
-
-      - name: Test (bun)
-        if: matrix.runtime == 'bun'
-        run: bunx vitest run
-
-      - name: Build (bun)
-        if: matrix.runtime == 'bun'
-        run: bunx tsc -p tsconfig.json
-
-  macos-app:
-    runs-on: macos-latest
+  checks-windows:
+    runs-on: windows-latest
+    defaults:
+      run:
+        shell: bash
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - runtime: node
+            task: lint
+            command: pnpm lint
+          - runtime: node
+            task: test
+            command: pnpm test
+          - runtime: node
+            task: build
+            command: pnpm build
+          - runtime: node
+            task: protocol
+            command: pnpm protocol:check
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
-          submodules: recursive
+          submodules: false
+
+      - name: Checkout submodules (retry)
+        run: |
+          set -euo pipefail
+          git submodule sync --recursive
+          for attempt in 1 2 3 4 5; do
+            if git -c protocol.version=2 submodule update --init --force --depth=1 --recursive; then
+              exit 0
+            fi
+            echo "Submodule update failed (attempt $attempt/5). Retrying…"
+            sleep $((attempt * 10))
+          done
+          exit 1
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          check-latest: true
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+
+      - name: Runtime versions
+        run: |
+          node -v
+          npm -v
+          bun -v
+
+      - name: Capture node path
+        run: echo "NODE_BIN=$(dirname \"$(node -p \"process.execPath\")\")" >> "$GITHUB_ENV"
+
+      - name: Enable corepack and pin pnpm
+        run: |
+          corepack enable
+          corepack prepare pnpm@10.23.0 --activate
+          pnpm -v
+
+      - name: Install dependencies
+        env:
+          CI: true
+        run: |
+          export PATH="$NODE_BIN:$PATH"
+          which node
+          node -v
+          pnpm -v
+          pnpm install --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true || pnpm install --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true
+
+      - name: Run ${{ matrix.task }} (${{ matrix.runtime }})
+        run: ${{ matrix.command }}
+
+  macos-app:
+    if: github.event_name == 'pull_request'
+    runs-on: macos-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - task: lint
+            command: |
+              swiftlint --config .swiftlint.yml
+              swiftformat --lint apps/macos/Sources --config .swiftformat
+          - task: build
+            command: |
+              set -euo pipefail
+              for attempt in 1 2 3; do
+                if swift build --package-path apps/macos --configuration release; then
+                  exit 0
+                fi
+                echo "swift build failed (attempt $attempt/3). Retrying…"
+                sleep $((attempt * 20))
+              done
+              exit 1
+          - task: test
+            command: |
+              set -euo pipefail
+              for attempt in 1 2 3; do
+                if swift test --package-path apps/macos --parallel --enable-code-coverage --show-codecov-path; then
+                  exit 0
+                fi
+                echo "swift test failed (attempt $attempt/3). Retrying…"
+                sleep $((attempt * 20))
+              done
+              exit 1
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: false
+
+      - name: Checkout submodules (retry)
+        run: |
+          set -euo pipefail
+          git submodule sync --recursive
+          for attempt in 1 2 3 4 5; do
+            if git -c protocol.version=2 submodule update --init --force --depth=1 --recursive; then
+              exit 0
+            fi
+            echo "Submodule update failed (attempt $attempt/5). Retrying…"
+            sleep $((attempt * 10))
+          done
+          exit 1

      - name: Select Xcode 26.1
        run: |
@@ -115,17 +236,46 @@ jobs:
          xcodebuild -version
          swift --version

-      - name: SwiftLint
-        run: swiftlint --config .swiftlint.yml
+      - name: Run ${{ matrix.task }}
+        run: ${{ matrix.command }}
+  ios:
+    if: false # ignore iOS in CI for now
+    runs-on: macos-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: false

-      - name: SwiftFormat (lint mode)
-        run: swiftformat --lint apps/macos/Sources --config .swiftformat
+      - name: Checkout submodules (retry)
+        run: |
+          set -euo pipefail
+          git submodule sync --recursive
+          for attempt in 1 2 3 4 5; do
+            if git -c protocol.version=2 submodule update --init --force --depth=1 --recursive; then
+              exit 0
+            fi
+            echo "Submodule update failed (attempt $attempt/5). Retrying…"
+            sleep $((attempt * 10))
+          done
+          exit 1

-      - name: Swift build (release)
-        run: swift build --package-path apps/macos --configuration release
+      - name: Select Xcode 26.1
+        run: |
+          sudo xcode-select -s /Applications/Xcode_26.1.app
+          xcodebuild -version

-      - name: Swift tests (coverage)
-        run: swift test --package-path apps/macos --parallel --enable-code-coverage --show-codecov-path
+      - name: Install XcodeGen
+        run: brew install xcodegen
+
+      - name: Install SwiftLint / SwiftFormat
+        run: brew install swiftlint swiftformat
+
+      - name: Show toolchain
+        run: |
+          sw_vers
+          xcodebuild -version
+          swift --version

      - name: Generate iOS project
        run: |
@@ -139,36 +289,77 @@ jobs:
          DEST_ID="$(
            python3 - <<'PY'
          import json
-          import re
          import subprocess
          import sys
+          import uuid

-          data = json.loads(
-            subprocess.check_output(["xcrun", "simctl", "list", "devices", "available", "-j"], text=True)
+          def sh(args: list[str]) -> str:
+            return subprocess.check_output(args, text=True).strip()
+
+          # Prefer an already-created iPhone simulator if it exists.
+          devices = json.loads(sh(["xcrun", "simctl", "list", "devices", "-j"]))
+          candidates: list[tuple[str, str]] = []
+          for runtime, devs in (devices.get("devices") or {}).items():
+            for dev in devs or []:
+              if not dev.get("isAvailable"):
+                continue
+              name = str(dev.get("name") or "")
+              udid = str(dev.get("udid") or "")
+              if not udid or not name.startswith("iPhone"):
+                continue
+              candidates.append((name, udid))
+
+          candidates.sort(key=lambda it: (0 if "iPhone 16" in it[0] else 1, it[0]))
+          if candidates:
+            print(candidates[0][1])
+            sys.exit(0)
+
+          # Otherwise, create one from the newest available iOS runtime.
+          runtimes = json.loads(sh(["xcrun", "simctl", "list", "runtimes", "-j"])).get("runtimes") or []
+          ios = [rt for rt in runtimes if rt.get("platform") == "iOS" and rt.get("isAvailable")]
+          if not ios:
+            print("No available iOS runtimes found.", file=sys.stderr)
+            sys.exit(1)
+
+          def version_key(rt: dict) -> tuple[int, ...]:
+            parts: list[int] = []
+            for p in str(rt.get("version") or "0").split("."):
+              try:
+                parts.append(int(p))
+              except ValueError:
+                parts.append(0)
+            return tuple(parts)
+
+          ios.sort(key=version_key, reverse=True)
+          runtime = ios[0]
+          runtime_id = str(runtime.get("identifier") or "")
+          if not runtime_id:
+            print("Missing iOS runtime identifier.", file=sys.stderr)
+            sys.exit(1)
+
+          supported = runtime.get("supportedDeviceTypes") or []
+          iphones = [dt for dt in supported if dt.get("productFamily") == "iPhone"]
+          if not iphones:
+            print("No iPhone device types for iOS runtime.", file=sys.stderr)
+            sys.exit(1)
+
+          iphones.sort(
+            key=lambda dt: (
+              0 if "iPhone 16" in str(dt.get("name") or "") else 1,
+              str(dt.get("name") or ""),
+            )
          )
-          runtimes = []
-          for runtime in data.get("devices", {}).keys():
-            m = re.search(r"\\.iOS-(\\d+)-(\\d+)$", runtime)
-            if m:
-              runtimes.append((int(m.group(1)), int(m.group(2)), runtime))
+          device_type_id = str(iphones[0].get("identifier") or "")
+          if not device_type_id:
+            print("Missing iPhone device type identifier.", file=sys.stderr)
+            sys.exit(1)

-          runtimes.sort(reverse=True)
-
-          def pick_device(devices):
-            iphones = [d for d in devices if d.get("isAvailable") and d.get("name", "").startswith("iPhone")]
-            if not iphones:
-              return None
-            prefer = [d for d in iphones if "iPhone 16" in d.get("name", "")]
-            return (prefer[0] if prefer else iphones[0]).get("udid")
-
-          for _, __, runtime in runtimes:
-            udid = pick_device(data["devices"].get(runtime, []))
-            if udid:
-              print(udid)
-              sys.exit(0)
-
-          print("No available iPhone simulators found.", file=sys.stderr)
-          sys.exit(1)
+          sim_name = f"CI iPhone {uuid.uuid4().hex[:8]}"
+          udid = sh(["xcrun", "simctl", "create", sim_name, device_type_id, runtime_id])
+          if not udid:
+            print("Failed to create iPhone simulator.", file=sys.stderr)
+            sys.exit(1)
+          print(udid)
          PY
          )"
          echo "Using iOS Simulator id: $DEST_ID"
@@ -185,7 +376,7 @@ jobs:
          RESULT_BUNDLE_PATH="$RUNNER_TEMP/Clawdis-iOS.xcresult"
          xcrun xccov view --report --only-targets "$RESULT_BUNDLE_PATH"

-      - name: iOS coverage gate (50%)
+      - name: iOS coverage gate (43%)
        run: |
          set -euo pipefail
          RESULT_BUNDLE_PATH="$RUNNER_TEMP/Clawdis-iOS.xcresult"
@@ -196,7 +387,7 @@ jobs:
          import sys

          target_name = "Clawdis.app"
-          minimum = 0.50
+          minimum = 0.43

          report = json.loads(
            subprocess.check_output(
@@ -222,11 +413,32 @@ jobs:

  android:
    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - task: test
+            command: ./gradlew --no-daemon :app:testDebugUnitTest
+          - task: build
+            command: ./gradlew --no-daemon :app:assembleDebug
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
-          submodules: recursive
+          submodules: false
+
+      - name: Checkout submodules (retry)
+        run: |
+          set -euo pipefail
+          git submodule sync --recursive
+          for attempt in 1 2 3 4 5; do
+            if git -c protocol.version=2 submodule update --init --force --depth=1 --recursive; then
+              exit 0
+            fi
+            echo "Submodule update failed (attempt $attempt/5). Retrying…"
+            sleep $((attempt * 10))
+          done
+          exit 1

      - name: Setup Java
        uses: actions/setup-java@v4
@@ -236,6 +448,8 @@ jobs:

      - name: Setup Android SDK
        uses: android-actions/setup-android@v3
+        with:
+          accept-android-sdk-licenses: false

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v4
@@ -248,6 +462,6 @@ jobs:
            "platforms;android-36" \
            "build-tools;36.0.0"

-      - name: Android unit tests + debug build
+      - name: Run Android ${{ matrix.task }}
        working-directory: apps/android
-        run: ./gradlew --no-daemon :app:testDebugUnitTest :app:assembleDebug
+        run: ${{ matrix.command }}
--- a/.gitignore
+++ b/.gitignore
@@ -1,20 +1,39 @@
 node_modules
 .env
 dist
+*.bun-build
 pnpm-lock.yaml
+bun.lock
+bun.lockb
 coverage
 .pnpm-store
+.worktrees/
 .DS_Store
 **/.DS_Store
+ui/src/ui/__screenshots__/
+ui/playwright-report/
+ui/test-results/
+
+# Bun build artifacts
+*.bun-build
 apps/macos/.build/
-apps/shared/ClawdisKit/.build/
-bin/clawdis-mac
+apps/shared/ClawdbotKit/.build/
+**/ModuleCache/
+bin/
+bin/clawdbot-mac
+bin/docs-list
 apps/macos/.build-local/
 apps/macos/.swiftpm/
+apps/shared/ClawdbotKit/.swiftpm/
 Core/
 apps/ios/*.xcodeproj/
 apps/ios/*.xcworkspace/
 apps/ios/.swiftpm/
+vendor/
+
+# Vendor build artifacts
+vendor/a2ui/renderers/lit/dist/
+.bundle.hash

 # fastlane (iOS)
 apps/ios/fastlane/README.md
@@ -30,3 +49,7 @@ apps/ios/*.dSYM.zip

 # provisioning profiles (local)
 apps/ios/*.mobileprovision
+.env
+
+# Local untracked files
+.local/
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,4 @@
 [submodule "Peekaboo"]
 	path = Peekaboo
 	url = https://github.com/steipete/Peekaboo.git
+	branch = main
--- a/.npmrc
+++ b/.npmrc
@@ -1 +1 @@
-allow-build-scripts=@whiskeysockets/baileys,sharp,esbuild,protobufjs,fs-ext
+allow-build-scripts=@whiskeysockets/baileys,sharp,esbuild,protobufjs,fs-ext,node-pty
--- a/.swiftformat
+++ b/.swiftformat
@@ -48,4 +48,4 @@
 --allman false

 # Exclusions
--exclude .build,.swiftpm,DerivedData,node_modules,dist,coverage,xcuserdata,apps/macos/Sources/ClawdisProtocol
+--exclude .build,.swiftpm,DerivedData,node_modules,dist,coverage,xcuserdata,apps/macos/Sources/ClawdisProtocol,apps/macos/Sources/ClawdbotProtocol
--- a/.swiftlint.yml
+++ b/.swiftlint.yml
@@ -108,6 +108,10 @@ function_body_length:
  warning: 150
  error: 300

+function_parameter_count:
+  warning: 7
+  error: 10
+
 file_length:
  warning: 1500
  error: 2500
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,5 +1,3 @@
-READ ~/Projects/agent-scripts/AGENTS.MD BEFORE ANYTHING (skip if missing).
-
 # Repository Guidelines

 ## Project Structure & Module Organization
@@ -7,9 +5,19 @@ READ ~/Projects/agent-scripts/AGENTS.MD BEFORE ANYTHING (skip if missing).
 - Tests: colocated `*.test.ts`.
 - Docs: `docs/` (images, queue, Pi config). Built output lives in `dist/`.

+## Docs Linking (Mintlify)
+- Docs are hosted on Mintlify (docs.clawd.bot).
+- Internal doc links in `docs/**/*.md`: root-relative, no `.md`/`.mdx` (example: `[Config](/configuration)`).
+- Section cross-references: use anchors on root-relative paths (example: `[Hooks](/configuration#hooks)`).
+- README (GitHub): keep absolute docs URLs (`https://docs.clawd.bot/...`) so links work on GitHub.
+
 ## Build, Test, and Development Commands
+- Runtime baseline: Node **22+** (keep Node + Bun paths working).
 - Install deps: `pnpm install`
- Run CLI in dev: `pnpm clawdis ...` (tsx entry) or `pnpm dev` for `src/index.ts`.
+- Also supported: `bun install` (keep `pnpm-lock.yaml` + Bun patching in sync when touching deps/patches).
+- Prefer Bun for TypeScript execution (scripts, dev, tests): `bun <file.ts>` / `bunx <tool>`.
+- Run CLI in dev: `pnpm clawdbot ...` (bun) or `pnpm dev`.
+- Node remains supported for running built output (`dist/*`) and production installs.
 - Type-check/build: `pnpm build` (tsc)
 - Lint/format: `pnpm lint` (biome check), `pnpm format` (biome format)
 - Tests: `pnpm test` (vitest); coverage: `pnpm test:coverage`
@@ -17,51 +25,89 @@ READ ~/Projects/agent-scripts/AGENTS.MD BEFORE ANYTHING (skip if missing).
 ## Coding Style & Naming Conventions
 - Language: TypeScript (ESM). Prefer strict typing; avoid `any`.
 - Formatting/linting via Biome; run `pnpm lint` before commits.
+- Add brief code comments for tricky or non-obvious logic.
 - Keep files concise; extract helpers instead of “V2” copies. Use existing patterns for CLI options and dependency injection via `createDefaultDeps`.
- Keep every file ≤ 500 LOC; refactor or split before exceeding and check frequently.
+- Aim to keep files under ~700 LOC; guideline only (not a hard guardrail). Split/refactor when it improves clarity or testability.
+- Naming: use **Clawdbot** for product/app/docs headings; use `clawdbot` for CLI command, package/binary, paths, and config keys.

 ## Testing Guidelines
 - Framework: Vitest with V8 coverage thresholds (70% lines/branches/functions/statements).
 - Naming: match source names with `*.test.ts`; e2e in `*.e2e.test.ts`.
 - Run `pnpm test` (or `pnpm test:coverage`) before pushing when you touch logic.
 - Pure test additions/fixes generally do **not** need a changelog entry unless they alter user-facing behavior or the user asks for one.
+- Mobile: before using a simulator, check for connected real devices (iOS + Android) and prefer them when available.

 ## Commit & Pull Request Guidelines
 - Create commits with `scripts/committer "<msg>" <file...>`; avoid manual `git add`/`git commit` so staging stays scoped.
 - Follow concise, action-oriented commit messages (e.g., `CLI: add verbose flag to send`).
 - Group related changes; avoid bundling unrelated refactors.
 - PRs should summarize scope, note testing performed, and mention any user-facing changes or new flags.
+- PR review flow: when given a PR link, review via `gh pr view`/`gh pr diff` and do **not** change branches.
+- PR merge flow: create a temp branch from `main`, merge the PR branch into it (prefer squash unless commit history is important; use rebase/merge when it is). Always try to merge the PR unless it’s truly difficult, then use another approach. If we squash, add the PR author as a co-contributor. Apply fixes, add changelog entry (include PR # + thanks), run full gate before the final commit, commit, merge back to `main`, delete the temp branch, and end on `main`.
+- When working on a PR: add a changelog entry with the PR number and thank the contributor.
+- When working on an issue: reference the issue in the changelog entry.
+- When merging a PR: leave a PR comment that explains exactly what we did and include the SHA hashes.
+- When merging a PR from a new contributor: add their avatar to the README “Thanks to all clawtributors” thumbnail list.
+- After merging a PR: run `bun scripts/update-clawtributors.ts` if the contributor is missing, then commit the regenerated README.
+
+### PR Workflow (Review vs Land)
+- **Review mode (PR link only):** read `gh pr view/diff`; **do not** switch branches; **do not** change code.
+- **Landing mode:** create an integration branch from `main`, bring in PR commits (**prefer rebase** for linear history; **merge allowed** when complexity/conflicts make it safer), apply fixes, add changelog (+ thanks + PR #), run full gate **locally before committing** (`pnpm lint && pnpm build && pnpm test`), commit, merge back to `main`, then `git switch main` (never stay on a topic branch after landing). Important: contributor needs to be in git graph after this!

 ## Security & Configuration Tips
- Web provider stores creds at `~/.clawdis/credentials/`; rerun `clawdis login` if logged out.
- Pi sessions live under `~/.clawdis/sessions/` by default; the base directory is not configurable.
+- Web provider stores creds at `~/.clawdbot/credentials/`; rerun `clawdbot login` if logged out.
+- Pi sessions live under `~/.clawdbot/sessions/` by default; the base directory is not configurable.
 - Never commit or publish real phone numbers, videos, or live configuration values. Use obviously fake placeholders in docs, tests, and examples.

+## Troubleshooting
+- Rebrand/migration issues (Clawdis → Clawdbot) or legacy config/service warnings: run `clawdbot doctor` (see `docs/gateway/doctor.md`).
+
 ## Agent-Specific Notes
- Gateway currently runs only as the menubar app (launchctl shows `application.com.steipete.clawdis.debug.*`), there is no separate LaunchAgent/helper label installed. Restart via the Clawdis Mac app or `scripts/restart-mac.sh`; to verify/kill use `launchctl print gui/$UID | grep clawdis` rather than expecting `com.steipete.clawdis`. **When debugging on macOS, start/stop the gateway via the app, not ad-hoc tmux sessions; kill any temporary tunnels before handoff.**
- macOS logs: use `./scripts/clawlog.sh` (aka `vtlog`) to query unified logs for subsystem `com.steipete.clawdis`; it supports follow/tail/category filters and expects passwordless sudo for `/usr/bin/log`.
- Also read the shared guardrails at `~/Projects/oracle/AGENTS.md` and `~/Projects/agent-scripts/AGENTS.MD` before making changes; align with any cross-repo rules noted there.
- **Multi-agent safety:** do **not** create/apply/drop `git stash` entries unless Peter explicitly asks. Assume other agents may be working; keep unrelated WIP untouched and avoid cross-cutting state changes.
- When asked to open a “session” file, open the Pi session logs under `~/.clawdis/sessions/*.jsonl` (newest unless a specific ID is given), not the default `sessions.json`.
- Menubar dimming + restart flow mirrors Trimmy: use `scripts/restart-mac.sh` (kills all Clawdis variants, runs `swift build`, packages, relaunches). Icon dimming depends on MenuBarExtraAccess wiring in AppMain; keep `appearsDisabled` updates intact when touching the status item.
+- Vocabulary: "makeup" = "mac app".
+- When answering questions, respond with high-confidence answers only: verify in code; do not guess.
+- Gateway currently runs only as the menubar app; there is no separate LaunchAgent/helper label installed. Restart via the Clawdbot Mac app or `scripts/restart-mac.sh`; to verify/kill use `launchctl print gui/$UID | grep clawdbot` rather than assuming a fixed label. **When debugging on macOS, start/stop the gateway via the app, not ad-hoc tmux sessions; kill any temporary tunnels before handoff.**
+- macOS logs: use `./scripts/clawlog.sh` (aka `vtlog`) to query unified logs for the Clawdbot subsystem; it supports follow/tail/category filters and expects passwordless sudo for `/usr/bin/log`.
+- If shared guardrails are available locally, review them; otherwise follow this repo's guidance.
+- SwiftUI state management (iOS/macOS): prefer the `Observation` framework (`@Observable`, `@Bindable`) over `ObservableObject`/`@StateObject`; don’t introduce new `ObservableObject` unless required for compatibility, and migrate existing usages when touching related code.
+- Connection providers: when adding a new connection, update every UI surface and docs (macOS app, web UI, mobile if applicable, onboarding/overview docs) and add matching status + configuration forms so provider lists and settings stay in sync.
+- Version locations: `package.json` (CLI), `apps/android/app/build.gradle.kts` (versionName/versionCode), `apps/ios/Sources/Info.plist` + `apps/ios/Tests/Info.plist` (CFBundleShortVersionString/CFBundleVersion), `apps/macos/Sources/Clawdbot/Resources/Info.plist` (CFBundleShortVersionString/CFBundleVersion), `docs/install/updating.md` (pinned npm version), `docs/platforms/mac/release.md` (APP_VERSION/APP_BUILD examples), Peekaboo Xcode projects/Info.plists (MARKETING_VERSION/CURRENT_PROJECT_VERSION).
+- **Restart apps:** “restart iOS/Android apps” means rebuild (recompile/install) and relaunch, not just kill/launch.
+- **Device checks:** before testing, verify connected real devices (iOS/Android) before reaching for simulators/emulators.
+- iOS Team ID lookup: `security find-identity -p codesigning -v` → use Apple Development (…) TEAMID. Fallback: `defaults read com.apple.dt.Xcode IDEProvisioningTeamIdentifiers`.
+- A2UI bundle hash: `src/canvas-host/a2ui/.bundle.hash` is auto-generated; ignore unexpected changes, and only regenerate via `pnpm canvas:a2ui:bundle` (or `scripts/bundle-a2ui.sh`) when needed. Commit the hash as a separate commit.
+- Release signing/notary keys are managed outside the repo; follow internal release docs.
+- Notary auth env vars (`APP_STORE_CONNECT_ISSUER_ID`, `APP_STORE_CONNECT_KEY_ID`, `APP_STORE_CONNECT_API_KEY_P8`) are expected in your environment (per internal release docs).
+- **Multi-agent safety:** do **not** create/apply/drop `git stash` entries unless explicitly requested (this includes `git pull --rebase --autostash`). Assume other agents may be working; keep unrelated WIP untouched and avoid cross-cutting state changes.
+- **Multi-agent safety:** when the user says "push", you may `git pull --rebase` to integrate latest changes (never discard other agents' work). When the user says "commit", scope to your changes only. When the user says "commit all", commit everything in grouped chunks.
+- **Multi-agent safety:** do **not** create/remove/modify `git worktree` checkouts (or edit `.worktrees/*`) unless explicitly requested.
+- **Multi-agent safety:** do **not** switch branches / check out a different branch unless explicitly requested.
+- **Multi-agent safety:** running multiple agents is OK as long as each agent has its own session.
+- **Multi-agent safety:** when you see unrecognized files, keep going; focus on your changes and commit only those.
+- Lobster seam: use the shared CLI palette in `src/terminal/palette.ts` (no hardcoded colors); apply palette to onboarding/config prompts and other TTY UI output as needed.
+- **Multi-agent safety:** focus reports on your edits; avoid guard-rail disclaimers unless truly blocked; when multiple agents touch the same file, continue if safe; end with a brief “other files present” note only if relevant.
+- Bug investigations: read source code of relevant npm dependencies and all related local code before concluding; aim for high-confidence root cause.
+- Code style: add brief comments for tricky logic; keep files under ~500 LOC when feasible (split/refactor as needed).
+- When asked to open a “session” file, open the Pi session logs under `~/.clawdbot/sessions/*.jsonl` (newest unless a specific ID is given), not the default `sessions.json`. If logs are needed from another machine, SSH via Tailscale and read the same path there.
+- Menubar dimming + restart flow mirrors Trimmy: use `scripts/restart-mac.sh` (kills all Clawdbot variants, runs `swift build`, packages, relaunches). Icon dimming depends on MenuBarExtraAccess wiring in AppMain; keep `appearsDisabled` updates intact when touching the status item.
+- Do not rebuild the macOS app over SSH; rebuilds must be run directly on the Mac.
 - Never send streaming/partial replies to external messaging surfaces (WhatsApp, Telegram); only final replies should be delivered there. Streaming/tool events may still go to internal UIs/control channel.
 - Voice wake forwarding tips:
-  - Command template should stay `clawdis-mac agent --message "${text}" --thinking low`; `VoiceWakeForwarder` already shell-escapes `${text}`. Don’t add extra quotes.
-  - launchd PATH is minimal; ensure the app’s launch agent sets PATH to include `/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Users/steipete/Library/pnpm` so `pnpm`/`clawdis` binaries resolve when invoked via `clawdis-mac`.
-  - For manual `clawdis send` messages that include `!`, use the heredoc pattern noted below to avoid the Bash tool’s escaping.
+  - Command template should stay `clawdbot-mac agent --message "${text}" --thinking low`; `VoiceWakeForwarder` already shell-escapes `${text}`. Don’t add extra quotes.
+  - launchd PATH is minimal; ensure the app’s launch agent PATH includes standard system paths plus your pnpm bin (typically `$HOME/Library/pnpm`) so `pnpm`/`clawdbot` binaries resolve when invoked via `clawdbot-mac`.
+- For manual `clawdbot message send` messages that include `!`, use the heredoc pattern noted below to avoid the Bash tool’s escaping.

 ## Exclamation Mark Escaping Workaround
-The Claude Code Bash tool escapes `!` to `\\!` in command arguments. When using `clawdis send` with messages containing exclamation marks, use heredoc syntax:
+The Claude Code Bash tool escapes `!` to `\\!` in command arguments. When using `clawdbot message send` with messages containing exclamation marks, use heredoc syntax:

 ```bash
 # WRONG - will send "Hello\\!" with backslash
-clawdis send --to "+1234" --message 'Hello!'
+clawdbot message send --to "+1234" --message 'Hello!'

 # CORRECT - use heredoc to avoid escaping
-clawdis send --to "+1234" --message "$(cat <<'EOF'
+clawdbot message send --to "+1234" --message "$(cat <<'EOF'
 Hello!
 EOF
 )"
 ```

-This is a Claude Code quirk, not a clawdis bug.
+This is a Claude Code quirk, not a clawdbot bug.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,197 +1,169 @@
 # Changelog

-## 2.0.0 — Unreleased
+## Unreleased

-_No changes since 2.0.0-beta1._
+- CLI: add `sandbox list` and `sandbox recreate` commands for managing Docker sandbox containers after image/config updates. (#563) — thanks @pasogott
+- Providers: add Microsoft Teams provider with polling, attachments, and CLI send support. (#404) — thanks @onutc
+- Commands: accept /models as an alias for /model.
+- Debugging: add raw model stream logging flags and document gateway watch mode.
+- Agent: add claude-cli/opus-4.5 runner via Claude CLI with resume support (tools disabled).
+- Auth: respect cooldown tracking even with explicit `auth.order` (avoid repeatedly trying known-bad keys). — thanks @steipete
+- CLI: move `clawdbot message` to subcommands (`message send|poll|…`), fold Discord/Slack/Telegram/WhatsApp tools into `message`, and require `--provider` unless only one provider is configured.
+- CLI: improve `logs` output (pretty/plain/JSONL), add gateway unreachable hint, and document logging.
+- WhatsApp: route queued replies to the original sender instead of the bot's own number. (#534) — thanks @mcinteerj
+- Models: add OAuth expiry checks in doctor, expanded `models status` auth output (missing auth + `--check` exit codes). (#538) — thanks @latitudeki5223
+- Deps: bump Pi to 0.40.0 and drop pi-ai patch (upstream 429 fix). (#543) — thanks @mcinteerj
+- Security: per-agent mention patterns and group elevated directives now require explicit mention to avoid cross-agent toggles.
+- Config: support inline env vars in config (`env.*` / `env.vars`) and document env precedence.
+- Config: migrate routing/agent config into agents.list/agents.defaults and messages/tools/audio with default agent selection and per-agent identity config.
+- Agent: enable adaptive context pruning by default for tool-result trimming.
+- Doctor: check config/state permissions and offer to tighten them. — thanks @steipete
+- Doctor/Daemon: audit supervisor configs, add --repair/--force flows, surface service config audits in daemon status, and document user vs system services. — thanks @steipete
+- Daemon: align generated systemd unit with docs for network-online + restart delay. (#479) — thanks @azade-c
+- Daemon: add KillMode=process to systemd units to avoid podman restart hangs. (#541) — thanks @ogulcancelik
+- Doctor: run legacy state migrations in non-interactive mode without prompts.
+- Cron: parse Telegram topic targets for isolated delivery. (#478) — thanks @nachoiacovino
+- Outbound: default Telegram account selection for config-only tokens; remove heartbeat-specific accountId handling. (follow-up #516) — thanks @YuriNachos
+- Cron: allow Telegram delivery targets with topic/thread IDs (e.g. `-100…:topic:123`). (#474) — thanks @mitschabaude-bot
+- Heartbeat: resolve Telegram account IDs from config-only tokens; cron tool accepts canonical `jobId` and legacy `id` for job actions. (#516) — thanks @YuriNachos
+- Discord: stop provider when gateway reconnects are exhausted and surface errors. (#514) — thanks @joshp123
+- Agents: strip empty assistant text blocks from session history to avoid Claude API 400s. (#210)
+- Agents: scrub unsupported JSON Schema keywords from tool schemas for Cloud Code Assist API compatibility. (#567) — thanks @erikpr1994
+- Auto-reply: preserve block reply ordering with timeout fallback for streaming. (#503) — thanks @joshp123
+- Auto-reply: block reply ordering fix (duplicate PR superseded by #503). (#483) — thanks @AbhisekBasu1
+- Auto-reply: avoid splitting outbound chunks inside parentheses. (#499) — thanks @philipp-spiess
+- Auto-reply: preserve spacing when stripping inline directives. (#539) — thanks @joshp123
+- Auto-reply: fix /status usage summary filtering for the active provider.
+- Status: show provider prefix in /status model display. (#506) — thanks @mcinteerj
+- Status: compact /status with session token usage + estimated cost, add `/cost` per-response usage lines (tokens-only for OAuth).
+- Status: show active auth profile and key snippet in /status.
+- Agent: promote `<think>`/`<thinking>` tag reasoning into structured thinking blocks so `/reasoning` works consistently for OpenAI-compat providers.
+- macOS: package ClawdbotKit resources and Swift 6.2 compatibility dylib to avoid launch/tool crashes. (#473) — thanks @gupsammy
+- WhatsApp: group `/model list` output by provider for scannability. (#456) - thanks @mcinteerj
+- Hooks: allow per-hook model overrides for webhook/Gmail runs (e.g. GPT 5 Mini).
+- Control UI: logs tab opens at the newest entries (bottom).
+- Control UI: add Docs link, remove chat composer divider, and add New session button.
+- Control UI: link sessions list to chat view. (#471) — thanks @HazAT
+- Control UI: show/patch per-session reasoning level and render extracted reasoning in chat.
+- Control UI: queue outgoing chat messages, add Enter-to-send, and show queued items. (#527) — thanks @YuriNachos
+- Control UI: drop explicit `ui:install` step; `ui:build` now auto-installs UI deps (docs + update flow).
+- Telegram: retry long-polling conflicts with backoff to avoid fatal exits.
+- Telegram: fix grammY fetch type mismatch when injecting `fetch`. (#512) — thanks @YuriNachos
+- WhatsApp: resolve @lid JIDs via Baileys mapping to unblock inbound messages. (#415)
+- Pairing: replies now include sender ids for Discord/Slack/Signal/iMessage/WhatsApp; pairing list labels them explicitly.
+- Signal: accept UUID-only senders for pairing/allowlists/routing when sourceNumber is missing. (#523) — thanks @neist
+- Agent system prompt: avoid automatic self-updates unless explicitly requested.
+- Onboarding: tighten QuickStart hint copy for configuring later.
+- Onboarding: set Gemini 3 Pro as the default model for Gemini API key auth. (#489) — thanks @jonasjancarik
+- Onboarding: avoid “token expired” for Codex CLI when expiry is heuristic.
+- Onboarding: QuickStart jumps straight into provider selection with Telegram preselected when unset.
+- Onboarding: QuickStart auto-installs the Gateway daemon with Node (no runtime picker).
+- Onboarding: clarify WhatsApp owner number prompt and label pairing phone number.
+- Onboarding: add hosted MiniMax M2.1 API key flow + config. (#495) — thanks @tobiasbischoff
+- Daemon runtime: remove Bun from selection options.
+- CLI: restore hidden `gateway-daemon` alias for legacy launchd configs.
+- Onboarding/Configure: add OpenAI API key flow that stores in shared `~/.clawdbot/.env` for launchd; simplify Anthropic token prompt order.
+- Configure/Onboarding: show Control UI docs with gateway reachability status and only offer to open when a gateway is detected; default model prompt now prefers Opus 4.5 for Anthropic auth.
+- Control UI: show skill install progress + per-skill results, hide install once binaries present. (#445) — thanks @pkrmf
+- Providers/Doctor: surface Discord privileged intent (Message Content) misconfiguration with actionable warnings.
+- Providers/Doctor: warn when Telegram config expects unmentioned group messages but Bot API privacy mode is likely enabled; surface WhatsApp login/disconnect hints.
+- Providers/Doctor: add last inbound/outbound activity timestamps in `providers status` and extend `--probe` with Discord channel permission + Telegram group membership audits.
+- Docs: add provider troubleshooting index (`/providers/troubleshooting`) and link it from the main troubleshooting guide.
+- Docs: clarify model allowlist errors and add safety notes for verbose/reasoning in groups.
+- Docs: add Ansible installation guide. (#545) — thanks @pasogott
+- Telegram: include the user id in DM pairing messages and label it clearly in `clawdbot pairing list --provider telegram`.
+- Apps: refresh iOS/Android/macOS app icons for Clawdbot branding. (#521) — thanks @fishfisher
+- Docs: expand parameter descriptions for agent/wake hooks. (#532) — thanks @mcinteerj
+- Docs: add community showcase entries from Discord. (#476) — thanks @gupsammy
+- TUI: refresh status bar after think/verbose/reasoning changes. (#519) — thanks @jdrhyne
+- Status: show Verbose/Elevated only when enabled.
+- Status: filter usage summary to the active model provider.
+- Status: map model providers to usage sources so unrelated usage doesn’t appear.
+- Commands: allow /elevated off in groups without a mention; keep /elevated on mention-gated.
+- Commands: keep multi-directive messages from clearing directive handling.
+- Commands: warn when /elevated runs in direct (unsandboxed) runtime.
+- Commands: treat mention-bypassed group command messages as mentioned so elevated directives respond.
+- Commands: return /status in directive-only multi-line messages.
+- Models: fall back to configured models when the provider catalog is unavailable.
+- Agent system prompt: add messaging guidance for reply routing and cross-session sends. (#526) — thanks @neist
+- Agent: bypass Anthropic OAuth tool-name blocks by capitalizing built-ins and keeping pruning tool matching case-insensitive. (#553) — thanks @andrewting19
+- Commands/Tools: disable /restart and gateway restart tool by default (enable with commands.restart=true).
+- Gateway/CLI: add `clawdbot gateway discover` (Bonjour scan on `local.` + `clawdbot.internal.`) with `--timeout` and `--json`. — thanks @steipete
+- Gateway/CLI: make `clawdbot gateway status` human-readable by default, add `--json`, and probe localhost + configured remote (warn on multiple gateways). — thanks @steipete
+- Gateway/CLI: support remote loopback gateways via SSH tunnel in `clawdbot gateway status` (`--ssh` / `--ssh-auto`). — thanks @steipete
+- CLI: add global `--no-color` (and respect `NO_COLOR=1`) to disable ANSI output. — thanks @steipete
+- CLI: centralize lobster palette + apply it to onboarding/config prompts. — thanks @steipete
+- Gateway/CLI: add `clawdbot gateway --dev/--reset` to auto-create a dev config/workspace with a robot identity (no BOOTSTRAP.md). — thanks @steipete

-## 2.0.0-beta1 — 2025-12-14
-
-First Clawdis release post rebrand. This is a semver-major because we dropped legacy providers/agents and moved defaults to new paths while adding a full macOS companion app, a WebSocket Gateway, and an iOS node (Iris).
-
-### Breaking
- Renamed to **Clawdis**: defaults now live under `~/.clawdis` (sessions in `~/.clawdis/sessions/`, IPC at `~/.clawdis/clawdis.sock`, logs in `/tmp/clawdis`). Launchd labels and config filenames follow the new name; legacy stores are copied forward on first run.
- Pi only: `inbound.reply.agent.kind` accepts only `"pi"`, and the agent CLI/CLI flags for Claude/Codex/Gemini were removed. The Pi CLI runs in RPC mode with a persistent worker.
- WhatsApp Web is the only transport; Twilio support and related CLI flags/tests were removed.
- Direct chats now collapse into a single `main` session by default (no config needed); groups stay isolated as `group:<jid>`.
- Gateway is now a loopback-only WebSocket daemon (`ws://127.0.0.1:18789`) that owns all providers/state; clients (CLI, WebChat, macOS app, nodes) connect to it. Start it explicitly (`clawdis gateway …`) or via Clawdis.app; helper subcommands no longer auto-spawn a gateway.
-
-### Gateway, nodes, and automation
- New typed Gateway WS protocol (JSON schema validated) with `clawdis gateway {health,status,send,agent,call}` helpers and structured presence/instance updates for all clients.
- Optional LAN-facing bridge (`tcp://0.0.0.0:18790`) keeps the Gateway loopback-only while enabling direct Bonjour-discovered connections for paired nodes.
- Node pairing + management via `clawdis nodes {pending,approve,reject,invoke}` (used by the iOS node “Iris” and future remote nodes).
- Cron jobs are Gateway-owned (`clawdis cron …`) with run history stored as JSONL and support for “isolated summary” posting into the main session.
-
-### macOS companion app
- **Clawdis.app menu bar companion**: packaged, signed bundle with gateway start/stop, launchd toggle, project-root and pnpm/node auto-resolution, live log shortcut, restart button, and status/recipient table plus badges/dimming for attention and paused states.
- **On-device Voice Wake**: Apple speech recognizer with wake-word table, language picker, live mic meter, “hold until silence,” animated ears/legs, and main-session routing that replies on the **last used surface** (WhatsApp/Telegram/WebChat). Delivery failures are logged, and the run remains visible via WebChat/session logs.
- **WebChat & Debugging**: bundled WebChat UI, Debug tab with heartbeat sliders, session-store picker, log opener (`clawlog`), gateway restart, health probes, and scrollable settings panes.
- **Browser control**: manage clawd’s dedicated Chrome/Chromium with tab listing/open/focus/close, screenshots, DOM query/dump, and “AI snapshots” (aria/domSnapshot/ai) via `clawdis browser …` and UI controls.
- **Remote gateway control**: Bonjour discovery for local masters plus SSH-tunnel fallback for remote control when multicast is unavailable.
-
-### iOS node (Iris)
- New iOS companion app that pairs to the Gateway bridge, reports presence as a node, and exposes a WKWebView “Canvas” for agent-driven UI.
- `clawdis nodes invoke` supports `screen.eval` and `screen.snapshot` to drive and verify the iOS Canvas (fails fast when Iris is backgrounded).
- Voice wake words are configurable in-app; Iris reconnects to the last bridge when credentials are still present in Keychain.
-
-### WhatsApp & agent experience
- Group chats fully supported: mention-gated triggers (including media-only captions), sender attribution, session primer with subject/member roster, allowlist bypass when you’re @‑mentioned, and safer handling of view-once/ephemeral media.
- Thinking/verbosity directives: `/think` and `/verbose` acknowledge and persist per session while allowing inline overrides; verbose mode streams tool metadata with emoji/args/previews and coalesces bursts to reduce WhatsApp noise.
- Heartbeats: configurable cadence with CLI/GUI toggles; directive acks suppressed during heartbeats; array/multi-payload replies normalized for Baileys.
- Reply quality: smarter chunking on words/newlines, fallback warnings when media fails to send, self-number mention detection, and primed group sessions send the roster on first turn.
- In-chat `/status`: prints agent readiness, session context usage %, current thinking/verbose options, and when the WhatsApp web creds were refreshed (helps decide when to re-scan QR); still available via `clawdis status` CLI for web session health.
-
-### CLI, RPC, and health
- New `clawdis agent` command plus a persistent Pi RPC worker (auto-started) enables direct agent chats; `clawdis status` renders a colored session/recipient table.
- `clawdis health` probes WhatsApp link status, connect latency, heartbeat interval, session-store recency, and IPC socket presence (JSON mode for monitors).
- Added `--help`/`--version` flags; login/logout accept `--provider` (WhatsApp default). Console output is mirrored into pino logs under `/tmp/clawdis`.
- RPC stability: stdin/stdout loop for Pi, auto-restart worker, raw error surfacing, and deliver-via-RPC when JSON agent output is returned.
-
-### Security & hardening
- Media server blocks symlink/path traversal, clears temporary downloads, and rotates logs daily (24h retention).
- Session store purged on logout; IPC socket directory permissions tightened (0700/0600).
- Launchd PATH and helper lookup hardened for packaged macOS builds; health probes surface missing binaries quickly.
-
-### Docs
- Added `docs/telegram.md` outlining the Telegram Bot API provider (grammY) and how it shares the `main` session. Default grammY throttler keeps Bot API calls under rate limits.
- Gateway can run WhatsApp + Telegram together when configured; `clawdis send --provider telegram …` sends via the Telegram bot (webhook/proxy options documented).
-
-## 1.5.0 — 2025-12-05
-
-### Breaking
- Dropped all non-Pi agents (Claude, Codex, Gemini, Opencode); `inbound.reply.agent.kind` now only accepts `"pi"` and related CLI helpers have been removed.
- Removed Twilio support and all related commands/options (webhook/up/provider flags/wait-poll); CLAWDIS is Baileys Web-only.
-
-### Changes
- Default agent handling now favors Pi RPC while falling back to plain command execution for non-Pi invocations, keeping heartbeat/session plumbing intact.
- Documentation updated to reflect Pi-only support and to mark legacy Claude paths as historical.
- Status command reports web session health + session recipients; config paths are locked to `~/.clawdis` with session metadata stored under `~/.clawdis/sessions/`.
- Simplified send/agent/gateway/heartbeat to web-only delivery; removed Twilio mocks/tests and dead code.
- Pi RPC timeout is now inactivity-based (5m without events) and error messages show seconds only.
- Pi sessions now write to `~/.clawdis/sessions/` by default (legacy session logs from older installs are copied over when present).
- Directive triggers (`/think`, `/verbose`, `/stop` et al.) now reply immediately using normalized bodies (timestamps/group prefixes stripped) without waiting for the agent.
- Directive/system acks carry a `⚙️` prefix and verbose parsing rejects typoed `/ver*` strings so unrelated text doesn’t flip verbosity.
- Batched history blocks no longer trip directive parsing; `/think` in prior messages won't emit stray acknowledgements.
- RPC fallbacks no longer echo the user's prompt (e.g., pasting a link) when the agent returns no assistant text.
- Heartbeat prompts with `/think` no longer send directive acks; heartbeat replies stay silent on settings.
- `clawdis sessions` now renders a colored table (a la oracle) with context usage shown in k tokens and percent of the context window.
-
-## 1.4.1 — 2025-12-04
-
-### Changes
- Added `clawdis agent` CLI command to talk directly to the configured agent using existing session handling (no WhatsApp send), with JSON output and delivery option.
- `/new` reset trigger now works even when inbound messages have timestamp prefixes (e.g., `[Dec 4 17:35]`).
- WhatsApp mention parsing accepts nullable arrays and flattens safely to avoid missed mentions.
-
-## 1.4.0 — 2025-12-03
+## 2026.1.8

 ### Highlights
- **Thinking directives & state:** `/t|/think|/thinking <level>` (aliases off|minimal|low|medium|high|max/highest). Inline applies to that message; directive-only message pins the level for the session; `/think:off` clears. Resolution: inline > session override > `inbound.reply.thinkingDefault` > off. Pi gets `--thinking <level>` (except off); other agents append cue words (`think` → `think hard` → `think harder` → `ultrathink`). Heartbeat probe uses `HEARTBEAT /think:high`.
- **Group chats (web provider):** Clawdis now fully supports WhatsApp groups: mention-gated triggers (including image-only @ mentions), recent group history injection, per-group sessions, sender attribution, and a first-turn primer with group subject/member roster; heartbeats are skipped for groups.
- **Group session primer:** The first turn of a group session now tells the agent it is in a WhatsApp group and lists known members/subject so it can address the right speaker.
- **Media failures are surfaced:** When a web auto-reply media fetch/send fails (e.g., HTTP 404), we now append a warning to the fallback text so you know the attachment was skipped.
- **Verbose directives + session hints:** `/v|/verbose on|full|off` mirrors thinking: inline > session > config default. Directive-only replies with an acknowledgement; invalid levels return a hint. When enabled, tool results from JSON-emitting agents (Pi, etc.) are forwarded as metadata-only `[🛠️ <tool-name> <arg>]` messages (now streamed as they happen), and new sessions surface a `🧭 New session: <id>` hint.
- **Verbose tool coalescing:** successive tool results of the same tool within ~1s are batched into one `[🛠️ tool] arg1, arg2` message to reduce WhatsApp noise.
- **Directive confirmations:** Directive-only messages now reply with an acknowledgement (`Thinking level set to high.` / `Thinking disabled.`) and reject unknown levels with a helpful hint (state is unchanged).
- **Pi stability:** RPC replies buffered until the assistant turn finishes; parsers return consistent `texts[]`; web auto-replies keep a warm Pi RPC process to avoid cold starts.
- **Claude prompt flow:** One-time `sessionIntro` with per-message `/think:high` bodyPrefix; system prompt always sent on first turn even with `sendSystemOnce`.
- **Heartbeat UX:** Backpressure skips reply heartbeats while other commands run; skips don’t refresh session `updatedAt`; web heartbeats normalize array payloads and optional `heartbeatCommand`.
- **Control via WhatsApp:** Send `/restart` to restart the launchd service (`com.steipete.clawdis`) from your allowed numbers.
- **Pi completion signal:** RPC now resolves on Pi’s `agent_end` (or process exit) so late assistant messages aren’t truncated; 5-minute hard cap only as a failsafe.
+- Security: DMs locked down by default across providers; pairing-first + allowlist guidance.
+- Sandbox: per-agent scope defaults + workspace access controls; tool/session isolation tuned.
+- Agent loop: compaction, pruning, streaming, and error handling hardened.
+- Providers: Telegram/WhatsApp/Discord/Slack reliability, threading, reactions, media, and retries improved.
+- Control UI: logs tab, streaming stability, focus mode, and large-output rendering fixes.
+- CLI/Gateway/Doctor: daemon/logs/status, auth migration, and diagnostics significantly expanded.

-### Reliability & UX
- Outbound chunking prefers newlines/word boundaries and enforces caps (~4000 chars for web/WhatsApp).
- Web auto-replies fall back to caption-only if media send fails; hosted media MIME-sniffed and cleaned up immediately.
- IPC gateway send shows typing indicator; batched inbound messages keep timestamps; watchdog restarts WhatsApp after long inactivity.
- Early `allowFrom` filtering prevents decryption errors; same-phone mode supported with echo suppression.
- All console output is now mirrored into pino logs (still printed to stdout/stderr), so verbose runs keep full traces.
- `--verbose` now forces log level `trace` (was `debug`) to capture every event.
- Verbose tool messages now include emoji + args + a short result preview for bash/read/edit/write/attach (derived from RPC tool start/end events).
+### Breaking
+- **SECURITY (update ASAP):** inbound DMs are now **locked down by default** on Telegram/WhatsApp/Signal/iMessage/Discord/Slack.
+  - Previously, if you didn’t configure an allowlist, your bot could be **open to anyone** (especially discoverable Telegram bots).
+  - New default: DM pairing (`dmPolicy="pairing"` / `discord.dm.policy="pairing"` / `slack.dm.policy="pairing"`).
+  - To keep old “open to everyone” behavior: set `dmPolicy="open"` and include `"*"` in the relevant `allowFrom` (Discord/Slack: `discord.dm.allowFrom` / `slack.dm.allowFrom`).
+  - Approve requests via `clawdbot pairing list --provider <provider>` + `clawdbot pairing approve --provider <provider> <code>`.
+- Sandbox: default `agents.defaults.sandbox.scope` to `"agent"` (one container/workspace per agent). Use `"session"` for per-session isolation; `"shared"` disables cross-session isolation.
+- Timestamps in agent envelopes are now UTC (compact `YYYY-MM-DDTHH:mmZ`); removed `messages.timestampPrefix`. Add `agents.defaults.userTimezone` to tell the model the user’s local time (system prompt only).
+- Model config schema changes (auth profiles + model lists); doctor auto-migrates and the gateway rewrites legacy configs on startup.
+- Commands: gate all slash commands to authorized senders; add `/compact` to manually compact session context.
+- Groups: `whatsapp.groups`, `telegram.groups`, and `imessage.groups` now act as allowlists when set. Add `"*"` to keep allow-all behavior.
+- Auto-reply: removed `autoReply` from Discord/Slack/Telegram channel configs; use `requireMention` instead (Telegram topics now support `requireMention` overrides).
+- CLI: remove `update`, `gateway-daemon`, `gateway {install|uninstall|start|stop|restart|daemon status|wake|send|agent}`, and `telegram` commands; move `login/logout` to `providers login/logout` (top-level aliases hidden); use `daemon` for service control, `send`/`agent`/`wake` for RPC, and `nodes canvas` for canvas ops.

-### Security / Hardening
- IPC socket hardened (0700 dir / 0600 socket, no symlinks/foreign owners); `clawdis logout` also prunes session store.
- Media server blocks symlinks and enforces path containment; logging rotates daily and prunes >24h.
+### Fixes
+- **CLI/Gateway/Doctor:** daemon runtime selection + improved logs/status/health/errors; auth/password handling for local CLI; richer close/timeout details; auto-migrate legacy config/sessions/state; integrity checks + repair prompts; `--yes`/`--non-interactive`; `--deep` gateway scans; better restart/service hints.
+- **Agent loop + compaction:** compaction/pruning tuning, overflow handling, safer bootstrap context, and per-provider threading/confirmations; opt-in tool-result pruning + compact tracking.
+- **Sandbox + tools:** per-agent sandbox overrides, workspaceAccess controls, session tool visibility, tool policy overrides, process isolation, and tool schema/timeout/reaction unification.
+- **Providers (Telegram/WhatsApp/Discord/Slack/Signal/iMessage):** retry/backoff, threading, reactions, media groups/attachments, mention gating, typing behavior, and error/log stability; long polling + forum topic isolation for Telegram.
+- **Gateway/CLI UX:** `clawdbot logs`, cron list colors/aliases, docs search, agents list/add/delete flows, status usage snapshots, runtime/auth source display, and `/status`/commands auth unification.
+- **Control UI/Web:** logs tab, focus mode polish, config form resilience, streaming stability, tool output caps, windowed chat history, and reconnect/password URL auth.
+- **macOS/Android/TUI/Build:** macOS gateway races, QR bundling, JSON5 config safety, Voice Wake hardening; Android EXIF rotation + APK naming/versioning; TUI key handling; tooling/bundling fixes.
+- **Packaging/compat:** npm dist folder coverage, Node 25 qrcode-terminal import fixes, Bun/Playwright/WebSocket patches, and Docker Bun install.
+- **Docs:** new FAQ/ClawdHub/config examples/showcase entries and clarified auth, sandbox, and systemd docs.

-### Bug Fixes
- Web group chats now bypass the second `allowFrom` check (we still enforce it on the group participant at inbox ingest), so mentioned group messages reply even when the group JID isn’t in your allowlist.
- `logVerbose` also writes to the configured Pino logger at debug level (without breaking stdout).
- Group auto-replies now append the triggering sender (`[from: Name (+E164)]`) to the batch body so agents can address the right person in group chats.
- Media-only pings now pick up mentions inside captions (image/video/etc.), so @-mentions on media-only messages trigger replies.
- MIME sniffing and redirect handling for downloads/hosted media.
- Response prefix applied to heartbeat alerts; heartbeat array payloads handled for both providers.
- Pi RPC typing exposes `signal`/`killed`; NDJSON parsers normalized across agents.
- Pi session resumes now append `--continue`, so existing history/think level are reloaded instead of starting empty.
+### Maintenance
+- Skills additions (Himalaya email, CodexBar, 1Password).
+- Dependency refreshes (pi-* stack, Slack SDK, discord-api-types, file-type, zod, Biome, Vite).
+- Refactors: centralized group allowlist/mention policy; lint/import cleanup; switch tsx → bun for TS execution.

-### Testing
- Fixtures isolate session stores; added coverage for thinking directives, stateful levels, heartbeat backpressure, and agent parsing.
-
-## 1.3.0 — 2025-12-02
+## 2026.1.5

 ### Highlights
- **Pluggable agents (Claude, Pi, Codex, Opencode):** `inbound.reply.agent` selects CLI/parser; per-agent argv builders and NDJSON parsers enable swapping without template changes.
- **Safety stop words:** `stop|esc|abort|wait|exit` immediately reply “Agent was aborted.” and mark the session so the next prompt is prefixed with an abort reminder.
- **Agent session reliability:** Only Claude returns a stable `session_id`; others may reset between runs.
+- Models: add image-specific model config (`agents.defaults.imageModel` + fallbacks) and scan support.
+- Agent tools: new `image` tool routed to the image model (when configured).
+- Config: default model shorthands (`opus`, `sonnet`, `gpt`, `gpt-mini`, `gemini`, `gemini-flash`).
+- Docs: document built-in model shorthands + precedence (user config wins).
+- Bun: optional local install/build workflow without maintaining a Bun lockfile (see `docs/bun.md`).

-### Bug Fixes
- Empty `result` fields no longer leak raw JSON to users.
- Heartbeat alerts now honor `responsePrefix`.
- Command failures return user-friendly messages.
- Test session isolation to avoid touching real `sessions.json`.
- (Removed in 2.0.0) IPC reuse for `clawdis send/heartbeat` prevents Signal/WhatsApp session corruption.
- Web send respects media kind (image/audio/video/document) with correct limits.
-
-### Changes
- (Removed in 2.0.0) IPC gateway socket at `~/.clawdis/ipc/gateway.sock` with automatic CLI fallback.
- Batched inbound messages with timestamps; typing indicator after sends.
- Watchdog restarts WhatsApp after long inactivity; heartbeat logging includes minutes since last message.
- Early `allowFrom` filtering before decryption.
- Same-phone mode with echo detection and optional `inbound.samePhoneMarker`.
-
-## 1.2.2 — 2025-11-28
-
-### Changes
- Manual heartbeat sends: `clawdis heartbeat --message/--body` (web provider only); `--dry-run` previews payloads.
-
-## 1.2.1 — 2025-11-28
-
-### Changes
- Media MIME-first handling; hosted media extensions derived from detected MIME with tests.
-
-### Planned / in progress (from prior notes)
- Heartbeat targeting quality: clearer recipient resolution and verbose logs.
- Heartbeat delivery preview (Claude path) dry-run.
- Simulated inbound hook for local testing.
-
-## 1.2.0 — 2025-11-27
-
-### Changes
- Heartbeat interval default 10m for command mode; prompt `HEARTBEAT /think:high`; skips don’t refresh session; session `heartbeatIdleMinutes` support.
- Heartbeat tooling: `--session-id`, `--heartbeat-now` (inline flag on `gateway`) for immediate startup probes.
- Prompt structure: `sessionIntro` plus per-message `/think:high`; session idle up to 7 days.
- Thinking directives: `/think:<level>`; Pi uses `--thinking`; others append cue; `/think:off` no-op.
- Robustness: Baileys/WebSocket guards; global unhandled error handlers; WhatsApp LID mapping; hosted media MIME-sniffing and cleanup.
- Docs: README Clawd setup; `docs/claude-config.md` for live config.
-
-## 1.1.0 — 2025-11-26
-
-### Changes
- Web auto-replies resize/recompress media and honor `inbound.reply.mediaMaxMb`.
- Detect media kind, enforce provider caps (images ≤6MB, audio/video ≤16MB, docs ≤100MB).
- `session.sendSystemOnce` and optional `sessionIntro`.
- Typing indicator refresh during commands; configurable via `inbound.reply.typingIntervalSeconds`.
- Optional audio transcription via external CLI.
- Command replies return structured payload/meta; respect `mediaMaxMb`; log Claude metadata; include `cwd` in timeout messages.
- Web provider refactor; logout command; web-only gateway start helper.
- Structured reconnect/heartbeat logging; bounded backoff with CLI/config knobs; troubleshooting guide.
- Relay help prints effective heartbeat/backoff when in web mode.
-
-## 1.0.4 — 2025-11-25
-
-### Changes
- Timeout fallbacks send partial stdout (≤800 chars) to the user instead of silence; tests added.
- Web gateway auto-reconnects after Baileys/WebSocket drops; close propagation tests.
-
-## 0.1.3 — 2025-11-25
-
-### Changes
- Auto-replies send a WhatsApp fallback message on command/Claude timeout with truncated stdout.
- Added tests for timeout fallback and partial-output truncation.
+### Fixes
+- Control UI: render Markdown in tool result cards.
+- Control UI: prevent overlapping action buttons in Discord guild rules on narrow layouts.
+- Android: tapping the foreground service notification brings the app to the front. (#179) — thanks @Syhids
+- Cron tool uses `id` for update/remove/run/runs (aligns with gateway params). (#180) — thanks @adamgall
+- Control UI: chat view uses page scroll with sticky header/sidebar and fixed composer (no inner scroll frame).
+- macOS: treat location permission as always-only to avoid iOS-only enums. (#165) — thanks @Nachx639
+- macOS: make generated gateway protocol models `Sendable` for Swift 6 strict concurrency. (#195) — thanks @andranik-sahakyan
+- macOS: bundle QR code renderer modules so DMG gateway boot doesn't crash on missing qrcode-terminal vendor files.
+- macOS: parse JSON5 config safely to avoid wiping user settings when comments are present.
+- WhatsApp: suppress typing indicator during heartbeat background tasks. (#190) — thanks @mcinteerj
+- WhatsApp: mark offline history sync messages as read without auto-reply. (#193) — thanks @mcinteerj
+- Discord: avoid duplicate replies when a provider emits late streaming `text_end` events (OpenAI/GPT).
+- CLI: use tailnet IP for local gateway calls when bind is tailnet/auto (fixes #176).
+- Env: load global `$CLAWDBOT_STATE_DIR/.env` (`~/.clawdbot/.env`) as a fallback after CWD `.env`.
+- Env: optional login-shell env fallback (opt-in; imports expected keys without overriding existing env).
+- Agent tools: OpenAI-compatible tool JSON Schemas (fix `browser`, normalize union schemas).
+- Onboarding: when running from source, auto-build missing Control UI assets (`bun run ui:build`).
+- Discord/Slack: route reaction + system notifications to the correct session (no main-session bleed).
+- Agent tools: honor `tools.allow` / `tools.deny` policy even when sandbox is off.
+- Discord: avoid duplicate replies when OpenAI emits repeated `message_end` events.
+- Commands: unify /status (inline) and command auth across providers; group bypass for authorized control commands; remove Discord /clawd slash handler.
+- CLI: run `clawdbot agent` via the Gateway by default; use `--local` to force embedded mode.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,42 @@
+# Contributing to Clawdbot
+
+Welcome to the lobster tank! 🦞
+
+## Quick Links
+- **GitHub:** https://github.com/clawdbot/clawdbot
+- **Discord:** https://discord.gg/qkhbAGHRBT
+- **X/Twitter:** [@steipete](https://x.com/steipete) / [@clawdbot](https://x.com/clawdbot)
+
+## Maintainers
+
+- **Peter Steinberger** - Benevolent Dictator
+  - GitHub: [@steipete](https://github.com/steipete) · X: [@steipete](https://x.com/steipete)
+
+- **Shadow** - Discord + Slack subsystem
+  - GitHub: [@4shadowed](https://github.com/4shadowed) · X: [@4shad0wed](https://x.com/4shad0wed)
+
+- **Jos** - Telegram, API, Nix mode
+  - GitHub: [@joshp123](https://github.com/joshp123) · X: [@jjpcodes](https://x.com/jjpcodes)
+
+## How to Contribute
+1. **Bugs & small fixes** → Open a PR!
+2. **New features / architecture** → Start a [GitHub Discussion](https://github.com/clawdbot/clawdbot/discussions) or ask in Discord first
+3. **Questions** → Discord #setup-help
+
+## Before You PR
+- Test locally with your Clawdbot instance
+- Run linter: `npm run lint`
+- Keep PRs focused (one thing per PR)
+- Describe what & why
+
+## AI/Vibe-Coded PRs Welcome! 🤖
+
+Built with Codex, Claude, or other AI tools? **Awesome - just mark it!**
+
+Please include in your PR:
+- [ ] Mark as AI-assisted in the PR title or description
+- [ ] Note the degree of testing (untested / lightly tested / fully tested)
+- [ ] Include prompts or session logs if possible (super helpful!)
+- [ ] Confirm you understand what the code does
+
+AI PRs are first-class citizens here. We just want transparency so reviewers know what to look for.
--- a/20
+++ b/20
@@ -0,0 +1,20 @@
+FROM node:22-bookworm
+
+# Install Bun (required for build scripts)
+RUN curl -fsSL https://bun.sh/install | bash
+ENV PATH="/root/.bun/bin:${PATH}"
+
+RUN corepack enable
+
+WORKDIR /app
+
+COPY . .
+
+RUN pnpm install --frozen-lockfile
+RUN pnpm build
+RUN pnpm ui:install
+RUN pnpm ui:build
+
+ENV NODE_ENV=production
+
+CMD ["node", "dist/index.js"]
--- a/Dockerfile.sandbox
+++ b/Dockerfile.sandbox
@@ -0,0 +1,16 @@
+FROM debian:bookworm-slim
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends \
+    bash \
+    ca-certificates \
+    curl \
+    git \
+    jq \
+    python3 \
+    ripgrep \
+  && rm -rf /var/lib/apt/lists/*
+
+CMD ["sleep", "infinity"]
--- a/Dockerfile.sandbox-browser
+++ b/Dockerfile.sandbox-browser
@@ -0,0 +1,27 @@
+FROM debian:bookworm-slim
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends \
+    bash \
+    ca-certificates \
+    chromium \
+    curl \
+    fonts-liberation \
+    fonts-noto-color-emoji \
+    git \
+    jq \
+    novnc \
+    python3 \
+    websockify \
+    x11vnc \
+    xvfb \
+  && rm -rf /var/lib/apt/lists/*
+
+COPY scripts/sandbox-browser-entrypoint.sh /usr/local/bin/clawdbot-sandbox-browser
+RUN chmod +x /usr/local/bin/clawdbot-sandbox-browser
+
+EXPOSE 9222 5900 6080
+
+CMD ["clawdbot-sandbox-browser"]
--- a/2
+++ b/2
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
-# 🦞 CLAWDIS — WhatsApp & Telegram Gateway for AI Agents
+# 🦞 CLAWDBOT — Personal AI Assistant

 <p align="center">
-  <img src="docs/whatsapp-clawd.jpg" alt="CLAWDIS" width="400">
+  <img src="https://raw.githubusercontent.com/clawdbot/clawdbot/main/docs/whatsapp-clawd.jpg" alt="CLAWDBOT" width="400">
 </p>

 <p align="center">
@@ -9,136 +9,357 @@
 </p>

 <p align="center">
-  <a href="https://github.com/steipete/clawdis/actions/workflows/ci.yml?branch=main"><img src="https://img.shields.io/github/actions/workflow/status/steipete/clawdis/ci.yml?branch=main&style=for-the-badge" alt="CI status"></a>
-  <a href="https://github.com/steipete/clawdis/releases"><img src="https://img.shields.io/github/v/release/steipete/clawdis?include_prereleases&style=for-the-badge" alt="GitHub release"></a>
+  <a href="https://github.com/clawdbot/clawdbot/actions/workflows/ci.yml?branch=main"><img src="https://img.shields.io/github/actions/workflow/status/clawdbot/clawdbot/ci.yml?branch=main&style=for-the-badge" alt="CI status"></a>
+  <a href="https://github.com/clawdbot/clawdbot/releases"><img src="https://img.shields.io/github/v/release/clawdbot/clawdbot?include_prereleases&style=for-the-badge" alt="GitHub release"></a>
+  <a href="https://discord.gg/clawd"><img src="https://img.shields.io/discord/1456350064065904867?label=Discord&logo=discord&logoColor=white&color=5865F2&style=for-the-badge" alt="Discord"></a>
  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-blue.svg?style=for-the-badge" alt="MIT License"></a>
 </p>

-**CLAWDIS** is a TypeScript/Node gateway that bridges WhatsApp (Web/Baileys) and Telegram (Bot API/grammY) to a local coding agent (**Pi**).
-It’s like having a genius lobster in your pocket 24/7 — but with a real control plane, companion apps, and a network model that won’t corrupt sessions.
+**Clawdbot** is a *personal AI assistant* you run on your own devices.
+It answers you on the providers you already use (WhatsApp, Telegram, Slack, Discord, Signal, iMessage, WebChat), can speak and listen on macOS/iOS/Android, and can render a live Canvas you control. The Gateway is just the control plane — the product is the assistant.

-```
-WhatsApp / Telegram
-        │
-        ▼
-  ┌──────────────────────────┐
-  │          Gateway          │  ws://127.0.0.1:18789 (loopback-only)
-  │     (single source)       │  tcp://0.0.0.0:18790 (optional Bridge)
-  └───────────┬───────────────┘
-              │
-              ├─ Pi agent (RPC)
-              ├─ CLI (clawdis …)
-              ├─ WebChat (loopback UI)
-              ├─ macOS app (Clawdis.app)
-              └─ iOS node (Iris) via Bridge + pairing
-```
+If you want a personal, single-user assistant that feels local, fast, and always-on, this is it.

-## Why "CLAWDIS"?
+[Website](https://clawdbot.com) · [Docs](https://docs.clawd.bot) · [Getting Started](https://docs.clawd.bot/getting-started) · [Updating](https://docs.clawd.bot/updating) · [Showcase](https://docs.clawd.bot/showcase) · [FAQ](https://docs.clawd.bot/faq) · [Wizard](https://docs.clawd.bot/wizard) · [Nix](https://github.com/clawdbot/nix-clawdbot) · [Docker](https://docs.clawd.bot/docker) · [Discord](https://discord.gg/clawd)

-**CLAWDIS** = CLAW + TARDIS
+Preferred setup: run the onboarding wizard (`clawdbot onboard`). It walks through gateway, workspace, providers, and skills. The CLI wizard is the recommended path and works on **macOS, Linux, and Windows (via WSL2; strongly recommended)**.
+Works with npm, pnpm, or bun.
+New install? Start here: [Getting started](https://docs.clawd.bot/getting-started)

-Because every space lobster needs a time-and-space machine. The Doctor has a TARDIS. [Clawd](https://clawd.me) has a CLAWDIS. Both are blue. Both are chaotic. Both are loved.
+**Subscriptions (OAuth):**
+- **[Anthropic](https://www.anthropic.com/)** (Claude Pro/Max)
+- **[OpenAI](https://openai.com/)** (ChatGPT/Codex)

-## Features
+Model note: while any model is supported, I strongly recommend **Anthropic Pro/Max (100/200) + Opus 4.5** for long‑context strength and better prompt‑injection resistance. See [Onboarding](https://docs.clawd.bot/onboarding).

- 📱 **WhatsApp Integration** — Personal WhatsApp Web (Baileys)
- ✈️ **Telegram (Bot API)** — DMs and groups via grammY
- 🛰️ **Gateway control plane** — One long-lived gateway owns provider state; clients connect over WebSocket
- 🤖 **Agent runtime** — Pi only (Pi CLI in RPC mode), with tool streaming
- 💬 **Sessions** — Direct chats collapse into `main` by default; groups are isolated
- 🔔 **Heartbeats** — Periodic check-ins for proactive AI
- 🧭 **Clawd Browser** — Dedicated Chrome/Chromium profile with tabs + screenshot control (no interference with your daily browser)
- 👥 **Group Chat Support** — Mention-based triggering
- 📎 **Media Support** — Images, audio, documents, voice notes
- 🎤 **Voice & transcription hooks** — Voice Wake (macOS/iOS) + optional transcription pipeline
- 🔧 **Tool Streaming** — Real-time display (💻📄✍️📝)
- 🖥️ **macOS Companion (Clawdis.app)** — Menu bar controls, Voice Wake, WebChat, onboarding, remote gateway control
- 📱 **iOS Node (Iris)** — Pairs as a node, exposes a Canvas surface, forwards voice wake transcripts
+## Models (selection + auth)

-Only the Pi CLI is supported now; legacy Claude/Codex/Gemini paths have been removed.
+- Models config + CLI: [Models](https://docs.clawd.bot/models)
+- Auth profile rotation (OAuth vs API keys) + fallbacks: [Model failover](https://docs.clawd.bot/model-failover)

-## Network model (the “new reality”)
+## Install (recommended)

- **One Gateway per host**. The Gateway is the only process allowed to own the WhatsApp Web session.
- **Loopback-first**: the Gateway WebSocket listens on `ws://127.0.0.1:18789` and is not exposed on the LAN.
- **Bridge for nodes**: when enabled, the Gateway also exposes a LAN/tailnet-facing bridge on `tcp://0.0.0.0:18790` for paired nodes (Bonjour-discoverable).
- **Remote control**: use a VPN/tailnet or an SSH tunnel (`ssh -N -L 18789:127.0.0.1:18789 user@host`). The macOS app can drive this flow.
-
-## Codebase
-
- **TypeScript (ESM)**: CLI + Gateway live in `src/` and run on Node ≥ 22.
- **macOS app (Swift)**: menu bar companion lives in `apps/macos/`.
- **iOS app (Swift)**: Iris node prototype lives in `apps/ios/`.
-
-## Quick Start
-
-Runtime requirement: **Node ≥22.0.0** (not bundled). The macOS app and CLI both use the host runtime; install via Homebrew or official installers before running `clawdis`.
+Runtime: **Node ≥22**.

 ```bash
-# From source (recommended while the npm package is still settling)
-pnpm install
-pnpm build
+npm install -g clawdbot@latest
+# or: pnpm add -g clawdbot@latest

-# Link your WhatsApp (stores creds under ~/.clawdis/credentials)
-pnpm clawdis login
-
-# Start the gateway (WebSocket control plane)
-pnpm clawdis gateway --port 18789 --verbose
-
-# Send a WhatsApp message (WhatsApp sends go through the Gateway)
-pnpm clawdis send --to +1234567890 --message "Hello from the CLAWDIS!"
-
-# Talk to the agent (optionally deliver back to WhatsApp/Telegram)
-pnpm clawdis agent --message "Ship checklist" --thinking high
-
-# If the port is busy, force-kill listeners then start
-pnpm clawdis gateway --force
+clawdbot onboard --install-daemon
 ```

-## Companion Apps
+The wizard installs the Gateway daemon (launchd/systemd user service) so it stays running.

-### macOS Companion (Clawdis.app)
+## Quick start (TL;DR)

- A menu bar app that can start/stop the Gateway, show health/presence, and provide a local ops UI.
- **Voice Wake** (on-device speech recognition) and Push-to-talk overlay.
- **WebChat** embed + debug tooling (logs, status, heartbeats, sessions).
- Hosts **PeekabooBridge** for UI automation brokering (for clawd workflows).
+Runtime: **Node ≥22**.

-### Voice Wake reply routing
+Full beginner guide (auth, pairing, providers): [Getting started](https://docs.clawd.bot/getting-started)

-Voice Wake sends messages into the `main` session and replies on the **last used surface**:
+```bash
+clawdbot onboard --install-daemon

- WhatsApp: last direct message you sent/received.
- Telegram: last DM chat id (bot mode).
- WebChat: last WebChat thread you used.
+clawdbot gateway --port 18789 --verbose

-If delivery fails (e.g. WhatsApp disconnected / Telegram token missing), Clawdis logs the error and you can still inspect the run via WebChat/session logs.
+# Send a message
+clawdbot message send --to +1234567890 --message "Hello from Clawdbot"

-Build/run the mac app with `./scripts/restart-mac.sh` (packages, installs, and launches), or `swift build --package-path apps/macos && open dist/Clawdis.app`.
+# Talk to the assistant (optionally deliver back to WhatsApp/Telegram/Slack/Discord)
+clawdbot agent --message "Ship checklist" --thinking high
+```

-### iOS Node (Iris) (internal)
+Upgrading? [Updating guide](https://docs.clawd.bot/updating) (and run `clawdbot doctor`).

-Iris is an internal/prototype iOS app that connects as a **remote node**:
+## From source (development)

- **Voice trigger:** forwards transcripts into the Gateway (agent runs + wakeups).
- **Canvas screen:** a WKWebView + `<canvas>` surface the agent can control (via `screen.eval` / `screen.snapshot` over `node.invoke`).
- **Discovery + pairing:** finds the bridge via Bonjour (`_clawdis-bridge._tcp`) and uses Gateway-owned pairing (`clawdis nodes pending|approve`).
+Prefer `pnpm` for builds from source. Bun is optional for running TypeScript directly.

-Runbook: `docs/ios/connect.md`
+```bash
+git clone https://github.com/clawdbot/clawdbot.git
+cd clawdbot
+
+pnpm install
+pnpm ui:build # auto-installs UI deps on first run
+pnpm build
+
+pnpm clawdbot onboard --install-daemon
+
+# Dev loop (auto-reload on TS changes)
+pnpm gateway:watch
+```
+
+Note: `pnpm clawdbot ...` runs TypeScript directly (via `tsx`). `pnpm build` produces `dist/` for running via Node / the packaged `clawdbot` binary.
+
+## Security defaults (DM access)
+
+Clawdbot connects to real messaging surfaces. Treat inbound DMs as **untrusted input**.
+
+Full security guide: [Security](https://docs.clawd.bot/security)
+
+Default behavior on Telegram/WhatsApp/Signal/iMessage/Discord/Slack:
+- **DM pairing** (`dmPolicy="pairing"` / `discord.dm.policy="pairing"` / `slack.dm.policy="pairing"`): unknown senders receive a short pairing code and the bot does not process their message.
+- Approve with: `clawdbot pairing approve --provider <provider> <code>` (then the sender is added to a local allowlist store).
+- Public inbound DMs require an explicit opt-in: set `dmPolicy="open"` and include `"*"` in the provider allowlist (`allowFrom` / `discord.dm.allowFrom` / `slack.dm.allowFrom`).
+
+Run `clawdbot doctor` to surface risky/misconfigured DM policies.
+
+## Highlights
+
+- **[Local-first Gateway](https://docs.clawd.bot/gateway)** — single control plane for sessions, providers, tools, and events.
+- **[Multi-provider inbox](https://docs.clawd.bot/surface)** — WhatsApp, Telegram, Slack, Discord, Signal, iMessage, WebChat, macOS, iOS/Android.
+- **[Multi-agent routing](https://docs.clawd.bot/configuration)** — route inbound providers/accounts/peers to isolated agents (workspaces + per-agent sessions).
+- **[Voice Wake](https://docs.clawd.bot/voicewake) + [Talk Mode](https://docs.clawd.bot/talk)** — always-on speech for macOS/iOS/Android with ElevenLabs.
+- **[Live Canvas](https://docs.clawd.bot/mac/canvas)** — agent-driven visual workspace with [A2UI](https://docs.clawd.bot/mac/canvas#canvas-a2ui).
+- **[First-class tools](https://docs.clawd.bot/tools)** — browser, canvas, nodes, cron, sessions, and Discord/Slack actions.
+- **[Companion apps](https://docs.clawd.bot/macos)** — macOS menu bar app + iOS/Android [nodes](https://docs.clawd.bot/nodes).
+- **[Onboarding](https://docs.clawd.bot/wizard) + [skills](https://docs.clawd.bot/skills)** — wizard-driven setup with bundled/managed/workspace skills.
+
+## Everything we built so far
+
+### Core platform
+- [Gateway WS control plane](https://docs.clawd.bot/gateway) with sessions, presence, config, cron, webhooks, [Control UI](https://docs.clawd.bot/web), and [Canvas host](https://docs.clawd.bot/mac/canvas#canvas-a2ui).
+- [CLI surface](https://docs.clawd.bot/agent-send): gateway, agent, send, [wizard](https://docs.clawd.bot/wizard), and [doctor](https://docs.clawd.bot/doctor).
+- [Pi agent runtime](https://docs.clawd.bot/agent) in RPC mode with tool streaming and block streaming.
+- [Session model](https://docs.clawd.bot/session): `main` for direct chats, group isolation, activation modes, queue modes, reply-back. Group rules: [Groups](https://docs.clawd.bot/groups).
+- [Media pipeline](https://docs.clawd.bot/images): images/audio/video, transcription hooks, size caps, temp file lifecycle. Audio details: [Audio](https://docs.clawd.bot/audio).
+
+### Providers
+- [Providers](https://docs.clawd.bot/surface): [WhatsApp](https://docs.clawd.bot/whatsapp) (Baileys), [Telegram](https://docs.clawd.bot/telegram) (grammY), [Slack](https://docs.clawd.bot/slack) (Bolt), [Discord](https://docs.clawd.bot/discord) (discord.js), [Signal](https://docs.clawd.bot/signal) (signal-cli), [iMessage](https://docs.clawd.bot/imessage) (imsg), [WebChat](https://docs.clawd.bot/webchat).
+- [Group routing](https://docs.clawd.bot/group-messages): mention gating, reply tags, per-provider chunking and routing. Provider rules: [Providers](https://docs.clawd.bot/surface).
+
+### Apps + nodes
+- [macOS app](https://docs.clawd.bot/macos): menu bar control plane, [Voice Wake](https://docs.clawd.bot/voicewake)/PTT, [Talk Mode](https://docs.clawd.bot/talk) overlay, [WebChat](https://docs.clawd.bot/webchat), debug tools, [remote gateway](https://docs.clawd.bot/remote) control.
+- [iOS node](https://docs.clawd.bot/ios): [Canvas](https://docs.clawd.bot/mac/canvas), [Voice Wake](https://docs.clawd.bot/voicewake), [Talk Mode](https://docs.clawd.bot/talk), camera, screen recording, Bonjour pairing.
+- [Android node](https://docs.clawd.bot/android): [Canvas](https://docs.clawd.bot/mac/canvas), [Talk Mode](https://docs.clawd.bot/talk), camera, screen recording, optional SMS.
+- [macOS node mode](https://docs.clawd.bot/nodes): system.run/notify + canvas/camera exposure.
+
+### Tools + automation
+- [Browser control](https://docs.clawd.bot/browser): dedicated clawd Chrome/Chromium, snapshots, actions, uploads, profiles.
+- [Canvas](https://docs.clawd.bot/mac/canvas): [A2UI](https://docs.clawd.bot/mac/canvas#canvas-a2ui) push/reset, eval, snapshot.
+- [Nodes](https://docs.clawd.bot/nodes): camera snap/clip, screen record, [location.get](https://docs.clawd.bot/location-command), notifications.
+- [Cron + wakeups](https://docs.clawd.bot/cron); [webhooks](https://docs.clawd.bot/webhook); [Gmail Pub/Sub](https://docs.clawd.bot/gmail-pubsub).
+- [Skills platform](https://docs.clawd.bot/skills): bundled, managed, and workspace skills with install gating + UI.
+
+### Runtime + safety
+- [Provider routing](https://docs.clawd.bot/provider-routing), [retry policy](https://docs.clawd.bot/retry), and [streaming/chunking](https://docs.clawd.bot/streaming).
+- [Presence](https://docs.clawd.bot/presence), [typing indicators](https://docs.clawd.bot/typing-indicators), and [usage tracking](https://docs.clawd.bot/usage-tracking).
+- [Models](https://docs.clawd.bot/models), [model failover](https://docs.clawd.bot/model-failover), and [session pruning](https://docs.clawd.bot/session-pruning).
+- [Security](https://docs.clawd.bot/security) and [troubleshooting](https://docs.clawd.bot/troubleshooting).
+
+### Ops + packaging
+- [Control UI](https://docs.clawd.bot/web) + [WebChat](https://docs.clawd.bot/webchat) served directly from the Gateway.
+- [Tailscale Serve/Funnel](https://docs.clawd.bot/tailscale) or [SSH tunnels](https://docs.clawd.bot/remote) with token/password auth.
+- [Nix mode](https://docs.clawd.bot/nix) for declarative config; [Docker](https://docs.clawd.bot/docker)-based installs.
+- [Doctor](https://docs.clawd.bot/doctor) migrations, [logging](https://docs.clawd.bot/logging).
+
+## How it works (short)
+
+```
+WhatsApp / Telegram / Slack / Discord / Signal / iMessage / WebChat
+               │
+               ▼
+┌───────────────────────────────┐
+│            Gateway            │  ws://127.0.0.1:18789
+│       (control plane)         │  bridge: tcp://0.0.0.0:18790
+└──────────────┬────────────────┘
+               │
+               ├─ Pi agent (RPC)
+               ├─ CLI (clawdbot …)
+               ├─ WebChat UI
+               ├─ macOS app
+               └─ iOS/Android nodes
+```
+
+## Key subsystems
+
+- **[Gateway WebSocket network](https://docs.clawd.bot/architecture)** — single WS control plane for clients, tools, and events (plus ops: [Gateway runbook](https://docs.clawd.bot/gateway)).
+- **[Tailscale exposure](https://docs.clawd.bot/tailscale)** — Serve/Funnel for the Gateway dashboard + WS (remote access: [Remote](https://docs.clawd.bot/remote)).
+- **[Browser control](https://docs.clawd.bot/browser)** — clawd‑managed Chrome/Chromium with CDP control.
+- **[Canvas + A2UI](https://docs.clawd.bot/mac/canvas)** — agent‑driven visual workspace (A2UI host: [Canvas/A2UI](https://docs.clawd.bot/mac/canvas#canvas-a2ui)).
+- **[Voice Wake](https://docs.clawd.bot/voicewake) + [Talk Mode](https://docs.clawd.bot/talk)** — always‑on speech and continuous conversation.
+- **[Nodes](https://docs.clawd.bot/nodes)** — Canvas, camera snap/clip, screen record, `location.get`, notifications, plus macOS‑only `system.run`/`system.notify`.
+
+## Tailscale access (Gateway dashboard)
+
+Clawdbot can auto-configure Tailscale **Serve** (tailnet-only) or **Funnel** (public) while the Gateway stays bound to loopback. Configure `gateway.tailscale.mode`:
+
+- `off`: no Tailscale automation (default).
+- `serve`: tailnet-only HTTPS via `tailscale serve` (uses Tailscale identity headers by default).
+- `funnel`: public HTTPS via `tailscale funnel` (requires shared password auth).
+
+Notes:
+- `gateway.bind` must stay `loopback` when Serve/Funnel is enabled (Clawdbot enforces this).
+- Serve can be forced to require a password by setting `gateway.auth.mode: "password"` or `gateway.auth.allowTailscale: false`.
+- Funnel refuses to start unless `gateway.auth.mode: "password"` is set.
+- Optional: `gateway.tailscale.resetOnExit` to undo Serve/Funnel on shutdown.
+
+Details: [Tailscale guide](https://docs.clawd.bot/tailscale) · [Web surfaces](https://docs.clawd.bot/web)
+
+## Remote Gateway (Linux is great)
+
+It’s perfectly fine to run the Gateway on a small Linux instance. Clients (macOS app, CLI, WebChat) can connect over **Tailscale Serve/Funnel** or **SSH tunnels**, and you can still pair device nodes (macOS/iOS/Android) to execute device‑local actions when needed.
+
+- **Gateway host** runs the bash tool and provider connections by default.
+- **Device nodes** run device‑local actions (`system.run`, camera, screen recording, notifications) via `node.invoke`.
+In short: bash runs where the Gateway lives; device actions run where the device lives.
+
+Details: [Remote access](https://docs.clawd.bot/remote) · [Nodes](https://docs.clawd.bot/nodes) · [Security](https://docs.clawd.bot/security)
+
+## macOS permissions via the Gateway protocol
+
+The macOS app can run in **node mode** and advertises its capabilities + permission map over the Gateway WebSocket (`node.list` / `node.describe`). Clients can then execute local actions via `node.invoke`:
+
+- `system.run` runs a local command and returns stdout/stderr/exit code; set `needsScreenRecording: true` to require screen-recording permission (otherwise you’ll get `PERMISSION_MISSING`).
+- `system.notify` posts a user notification and fails if notifications are denied.
+- `canvas.*`, `camera.*`, `screen.record`, and `location.get` are also routed via `node.invoke` and follow TCC permission status.
+
+Elevated bash (host permissions) is separate from macOS TCC:
+
+- Use `/elevated on|off` to toggle per‑session elevated access when enabled + allowlisted.
+- Gateway persists the per‑session toggle via `sessions.patch` (WS method) alongside `thinkingLevel`, `verboseLevel`, `model`, `sendPolicy`, and `groupActivation`.
+
+Details: [Nodes](https://docs.clawd.bot/nodes) · [macOS app](https://docs.clawd.bot/macos) · [Gateway protocol](https://docs.clawd.bot/architecture)
+
+## Agent to Agent (sessions_* tools)
+
+- Use these to coordinate work across sessions without jumping between chat surfaces.
+- `sessions_list` — discover active sessions (agents) and their metadata.
+- `sessions_history` — fetch transcript logs for a session.
+- `sessions_send` — message another session; optional reply‑back ping‑pong + announce step (`REPLY_SKIP`, `ANNOUNCE_SKIP`).
+
+Details: [Session tools](https://docs.clawd.bot/session-tool)
+
+## Skills registry (ClawdHub)
+
+ClawdHub is a minimal skill registry. With ClawdHub enabled, the agent can search for skills automatically and pull in new ones as needed.
+
+[ClawdHub](https://ClawdHub.com)
+
+## Chat commands
+
+Send these in WhatsApp/Telegram/Slack/WebChat (group commands are owner-only):
+
+- `/status` — compact session status (model + tokens, cost when available)
+- `/new` or `/reset` — reset the session
+- `/compact` — compact session context (summary)
+- `/think <level>` — off|minimal|low|medium|high
+- `/verbose on|off`
+- `/cost on|off` — append per-response token/cost usage lines
+- `/restart` — restart the gateway (owner-only in groups)
+- `/activation mention|always` — group activation toggle (groups only)
+
+## macOS app (optional)
+
+The Gateway alone delivers a great experience. All apps are optional and add extra features.
+
+If you plan to build/run companion apps, initialize submodules first:
+
+```bash
+git submodule update --init --recursive
+./scripts/restart-mac.sh
+```
+
+### macOS (Clawdbot.app) (optional)
+
+- Menu bar control for the Gateway and health.
+- Voice Wake + push-to-talk overlay.
+- WebChat + debug tools.
+- Remote gateway control over SSH.
+
+Note: signed builds required for macOS permissions to stick across rebuilds (see `docs/mac/permissions.md`).
+
+### iOS node (optional)
+
+- Pairs as a node via the Bridge.
+- Voice trigger forwarding + Canvas surface.
+- Controlled via `clawdbot nodes …`.
+
+Runbook: [iOS connect](https://docs.clawd.bot/ios).
+
+### Android node (optional)
+
+- Pairs via the same Bridge + pairing flow as iOS.
+- Exposes Canvas, Camera, and Screen capture commands.
+- Runbook: [Android connect](https://docs.clawd.bot/android).
+
+## Agent workspace + skills
+
+- Workspace root: `~/clawd` (configurable via `agents.defaults.workspace`).
+- Injected prompt files: `AGENTS.md`, `SOUL.md`, `TOOLS.md`.
+- Skills: `~/clawd/skills/<skill>/SKILL.md`.

 ## Configuration

-Create `~/.clawdis/clawdis.json`:
+Minimal `~/.clawdbot/clawdbot.json` (model + defaults):

 ```json5
 {
-  inbound: {
-    allowFrom: ["+1234567890"]
+  agent: {
+    model: "anthropic/claude-opus-4-5"
  }
 }
 ```

-Optional: enable/configure clawd’s dedicated browser control (defaults are already on):
+[Full configuration reference (all keys + examples).](https://docs.clawd.bot/configuration)
+
+## Security model (important)
+
+- **Default:** tools run on the host for the **main** session, so the agent has full access when it’s just you.
+- **Group/channel safety:** set `agents.defaults.sandbox.mode: "non-main"` to run **non‑main sessions** (groups/channels) inside per‑session Docker sandboxes; bash then runs in Docker for those sessions.
+- **Sandbox defaults:** allowlist `bash`, `process`, `read`, `write`, `edit`, `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`; denylist `browser`, `canvas`, `nodes`, `cron`, `discord`, `gateway`.
+
+Details: [Security guide](https://docs.clawd.bot/security) · [Docker + sandboxing](https://docs.clawd.bot/docker) · [Sandbox config](https://docs.clawd.bot/configuration)
+
+### [WhatsApp](https://docs.clawd.bot/whatsapp)
+
+- Link the device: `pnpm clawdbot login` (stores creds in `~/.clawdbot/credentials`).
+- Allowlist who can talk to the assistant via `whatsapp.allowFrom`.
+- If `whatsapp.groups` is set, it becomes a group allowlist; include `"*"` to allow all.
+
+### [Telegram](https://docs.clawd.bot/telegram)
+
+- Set `TELEGRAM_BOT_TOKEN` or `telegram.botToken` (env wins).
+- Optional: set `telegram.groups` (with `telegram.groups."*".requireMention`); when set, it is a group allowlist (include `"*"` to allow all). Also `telegram.allowFrom` or `telegram.webhookUrl` as needed.
+
+```json5
+{
+  telegram: {
+    botToken: "123456:ABCDEF"
+  }
+}
+```
+
+### [Slack](https://docs.clawd.bot/slack)
+
+- Set `SLACK_BOT_TOKEN` + `SLACK_APP_TOKEN` (or `slack.botToken` + `slack.appToken`).
+
+### [Discord](https://docs.clawd.bot/discord)
+
+- Set `DISCORD_BOT_TOKEN` or `discord.token` (env wins).
+- Optional: set `commands.native`, `commands.text`, or `commands.useAccessGroups`, plus `discord.dm.allowFrom`, `discord.guilds`, or `discord.mediaMaxMb` as needed.
+
+```json5
+{
+  discord: {
+    token: "1234abcd"
+  }
+}
+```
+
+### [Signal](https://docs.clawd.bot/signal)
+
+- Requires `signal-cli` and a `signal` config section.
+
+### [iMessage](https://docs.clawd.bot/imessage)
+
+- macOS only; Messages must be signed in.
+- If `imessage.groups` is set, it becomes a group allowlist; include `"*"` to allow all.
+
+### [WebChat](https://docs.clawd.bot/webchat)
+
+- Uses the Gateway WebSocket; no separate WebChat port/config.
+
+Browser control (optional):

 ```json5
 {
@@ -150,98 +371,102 @@ Optional: enable/configure clawd’s dedicated browser control (defaults are alr
 }
 ```

-## Documentation
+## Docs

- [Configuration Guide](./docs/configuration.md)
- [Gateway runbook](./docs/gateway.md)
- [Discovery + transports](./docs/discovery.md)
- [Agent Integration](./docs/agents.md)
- [Group Chats](./docs/group-messages.md)
- [Security](./docs/security.md)
- [Troubleshooting](./docs/troubleshooting.md)
- [The Lore](./docs/lore.md) 🦞
- [Telegram (Bot API)](./docs/telegram.md)
- [iOS node runbook (Iris)](./docs/ios/connect.md)
- [macOS app spec](./docs/clawdis-mac.md)
+Use these when you’re past the onboarding flow and want the deeper reference.
+- [Start with the docs index for navigation and “what’s where.”](https://docs.clawd.bot)
+- [Read the architecture overview for the gateway + protocol model.](https://docs.clawd.bot/architecture)
+- [Use the full configuration reference when you need every key and example.](https://docs.clawd.bot/configuration)
+- [Run the Gateway by the book with the operational runbook.](https://docs.clawd.bot/gateway)
+- [Learn how the Control UI/Web surfaces work and how to expose them safely.](https://docs.clawd.bot/web)
+- [Understand remote access over SSH tunnels or tailnets.](https://docs.clawd.bot/remote)
+- [Follow the onboarding wizard flow for a guided setup.](https://docs.clawd.bot/wizard)
+- [Wire external triggers via the webhook surface.](https://docs.clawd.bot/webhook)
+- [Set up Gmail Pub/Sub triggers.](https://docs.clawd.bot/gmail-pubsub)
+- [Learn the macOS menu bar companion details.](https://docs.clawd.bot/mac/menu-bar)
+- [Platform guides: Windows (WSL2)](https://docs.clawd.bot/windows), [Linux](https://docs.clawd.bot/linux), [macOS](https://docs.clawd.bot/macos), [iOS](https://docs.clawd.bot/ios), [Android](https://docs.clawd.bot/android)
+- [Debug common failures with the troubleshooting guide.](https://docs.clawd.bot/troubleshooting)
+- [Review security guidance before exposing anything.](https://docs.clawd.bot/security)
+
+## Advanced docs (discovery + control)
+
+- [Discovery + transports](https://docs.clawd.bot/discovery)
+- [Bonjour/mDNS](https://docs.clawd.bot/bonjour)
+- [Gateway pairing](https://docs.clawd.bot/gateway/pairing)
+- [Remote gateway README](https://docs.clawd.bot/remote-gateway-readme)
+- [Control UI](https://docs.clawd.bot/control-ui)
+- [Dashboard](https://docs.clawd.bot/dashboard)
+
+## Operations & troubleshooting
+
+- [Health checks](https://docs.clawd.bot/health)
+- [Gateway lock](https://docs.clawd.bot/gateway-lock)
+- [Background process](https://docs.clawd.bot/background-process)
+- [Browser troubleshooting (Linux)](https://docs.clawd.bot/browser-linux-troubleshooting)
+- [Logging](https://docs.clawd.bot/logging)
+
+## Deep dives
+
+- [Agent loop](https://docs.clawd.bot/agent-loop)
+- [Presence](https://docs.clawd.bot/presence)
+- [TypeBox schemas](https://docs.clawd.bot/typebox)
+- [RPC adapters](https://docs.clawd.bot/rpc)
+- [Queue](https://docs.clawd.bot/queue)
+
+## Workspace & skills
+
+- [Skills config](https://docs.clawd.bot/skills-config)
+- [Default AGENTS](https://docs.clawd.bot/AGENTS.default)
+- [Templates: AGENTS](https://docs.clawd.bot/templates/AGENTS)
+- [Templates: BOOTSTRAP](https://docs.clawd.bot/templates/BOOTSTRAP)
+- [Templates: IDENTITY](https://docs.clawd.bot/templates/IDENTITY)
+- [Templates: SOUL](https://docs.clawd.bot/templates/SOUL)
+- [Templates: TOOLS](https://docs.clawd.bot/templates/TOOLS)
+- [Templates: USER](https://docs.clawd.bot/templates/USER)
+
+## Platform internals
+
+- [macOS dev setup](https://docs.clawd.bot/mac/dev-setup)
+- [macOS menu bar](https://docs.clawd.bot/mac/menu-bar)
+- [macOS voice wake](https://docs.clawd.bot/mac/voicewake)
+- [iOS node](https://docs.clawd.bot/ios)
+- [Android node](https://docs.clawd.bot/android)
+- [Windows (WSL2)](https://docs.clawd.bot/windows)
+- [Linux app](https://docs.clawd.bot/linux)
+
+## Email hooks (Gmail)
+
+- [docs.clawd.bot/gmail-pubsub](https://docs.clawd.bot/gmail-pubsub)

 ## Clawd

-CLAWDIS was built for **Clawd**, a space lobster AI assistant. See the full setup in [`docs/clawd.md`](./docs/clawd.md).
+Clawdbot was built for **Clawd**, a space lobster AI assistant. 🦞  
+by Peter Steinberger and the community.

- 🦞 **Clawd's Home:** [clawd.me](https://clawd.me)
- 📜 **Clawd's Soul:** [soul.md](https://soul.md)
- 👨‍💻 **Peter's Blog:** [steipete.me](https://steipete.me)
- 🐦 **Twitter:** [@steipete](https://twitter.com/steipete)
+- [clawd.me](https://clawd.me)
+- [soul.md](https://soul.md)
+- [steipete.me](https://steipete.me)

-## Provider
+## Community

-If you’re running from source, use `pnpm clawdis …` instead of `clawdis …`.
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines, maintainers, and how to submit PRs.  
+AI/vibe-coded PRs welcome! 🤖

-### WhatsApp Web
-```bash
-clawdis login      # scan QR, store creds
-clawdis gateway    # run Gateway (WS on 127.0.0.1:18789)
-```
+Special thanks to @andrewting19 for the Anthropic OAuth tool-name fix.

-### Telegram (Bot API)
-Bot-mode support (grammY only) shares the same `main` session as WhatsApp/WebChat, with groups kept isolated. Text/media sends work via `clawdis send --provider telegram` (reads `TELEGRAM_BOT_TOKEN` or `telegram.botToken`). Webhook mode is supported; see `docs/telegram.md` for setup and limits.
+Thanks to all clawtributors:

-## Commands
-
-| Command | Description |
-|---------|-------------|
-| `clawdis login` | Link WhatsApp Web via QR |
-| `clawdis send` | Send a message (WhatsApp default; `--provider telegram` for bot mode). WhatsApp sends go via the Gateway WS; Telegram sends are direct. |
-| `clawdis agent` | Talk directly to the agent (no WhatsApp send) |
-| `clawdis browser ...` | Manage clawd’s dedicated browser (status/tabs/open/screenshot). |
-| `clawdis gateway` | Start the Gateway server (WS control plane). Params: `--port`, `--token`, `--force`, `--verbose`. |
-| `clawdis gateway health|status|send|agent|call` | Gateway WS clients; assume a running gateway. |
-| `clawdis wake` | Enqueue a system event and optionally trigger a heartbeat via the Gateway. |
-| `clawdis cron ...` | Manage scheduled jobs (via Gateway). |
-| `clawdis nodes ...` | Manage Gateway-owned node pairing. |
-| `clawdis status` | Web session health + session store summary |
-| `clawdis health` | Reports cached provider state from the running gateway. |
-| `clawdis webchat` | Start the loopback-only WebChat HTTP server |
-
-#### Gateway client params (WS only)
- `--url` (default `ws://127.0.0.1:18789`)
- `--token` (shared secret if set on the gateway)
- `--timeout <ms>` (WS call timeout)
-
-#### Send
- `--provider whatsapp|telegram` (default whatsapp)
- `--media <path-or-url>`
- `--json` for machine-readable output
-
-#### Health
- Reads gateway/provider state (no direct Baileys socket from the CLI).
-
-In chat, send `/status` to see if the agent is reachable, how much context the session has used, and the current thinking/verbose toggles—no agent call required.
-`/status` also shows whether your WhatsApp web session is linked and how long ago the creds were refreshed so you know when to re-scan the QR.
-
-### Sessions, surfaces, and WebChat
-
- Direct chats now share a canonical session key `main` by default (configurable via `inbound.reply.session.mainKey`). Groups stay isolated as `group:<jid>`.
- WebChat attaches to `main` and hydrates history from `~/.clawdis/sessions/<SessionId>.jsonl`, so desktop view mirrors WhatsApp/Telegram turns.
- Inbound contexts carry a `Surface` hint (e.g., `whatsapp`, `webchat`, `telegram`) for logging; replies still go back to the originating surface deterministically.
- Every inbound message is wrapped for the agent as `[Surface FROM HOST/IP TIMESTAMP] body`:
-  - WhatsApp: `[WhatsApp +15551234567 2025-12-09 12:34] …`
- Telegram: `[Telegram Ada Lovelace (@ada_bot) id:123456789 2025-12-09 12:34] …`
-  - WebChat: `[WebChat my-mac.local 10.0.0.5 2025-12-09 12:34] …`
-  This keeps the model aware of the transport, sender, host, and time without relying on implicit context.
-
-## Credits
-
- **Peter Steinberger** ([@steipete](https://twitter.com/steipete)) — Creator
- **Mario Zechner** ([@badlogicgames](https://twitter.com/badlogicgames)) — Pi, security testing
- **Clawd** 🦞 — The space lobster who demanded a better name
-
-## License
-
-MIT — Free as a lobster in the ocean.
-
---
-
-*"We're all just playing with our own prompts."*
-
-🦞💙
+<p align="left">
+  <a href="https://github.com/steipete"><img src="https://avatars.githubusercontent.com/u/58493?v=4&s=48" width="48" height="48" alt="steipete" title="steipete"/></a> <a href="https://github.com/joaohlisboa"><img src="https://avatars.githubusercontent.com/u/8200873?v=4&s=48" width="48" height="48" alt="joaohlisboa" title="joaohlisboa"/></a> <a href="https://github.com/mneves75"><img src="https://avatars.githubusercontent.com/u/2423436?v=4&s=48" width="48" height="48" alt="mneves75" title="mneves75"/></a> <a href="https://github.com/joshp123"><img src="https://avatars.githubusercontent.com/u/1497361?v=4&s=48" width="48" height="48" alt="joshp123" title="joshp123"/></a> <a href="https://github.com/mukhtharcm"><img src="https://avatars.githubusercontent.com/u/56378562?v=4&s=48" width="48" height="48" alt="mukhtharcm" title="mukhtharcm"/></a> <a href="https://github.com/maxsumrall"><img src="https://avatars.githubusercontent.com/u/628843?v=4&s=48" width="48" height="48" alt="maxsumrall" title="maxsumrall"/></a> <a href="https://github.com/xadenryan"><img src="https://avatars.githubusercontent.com/u/165437834?v=4&s=48" width="48" height="48" alt="xadenryan" title="xadenryan"/></a> <a href="https://github.com/hsrvc"><img src="https://avatars.githubusercontent.com/u/129702169?v=4&s=48" width="48" height="48" alt="hsrvc" title="hsrvc"/></a> <a href="https://github.com/jamesgroat"><img src="https://avatars.githubusercontent.com/u/2634024?v=4&s=48" width="48" height="48" alt="jamesgroat" title="jamesgroat"/></a> <a href="https://github.com/dantelex"><img src="https://avatars.githubusercontent.com/u/631543?v=4&s=48" width="48" height="48" alt="dantelex" title="dantelex"/></a>
+  <a href="https://github.com/daveonkels"><img src="https://avatars.githubusercontent.com/u/533642?v=4&s=48" width="48" height="48" alt="daveonkels" title="daveonkels"/></a> <a href="https://github.com/omniwired"><img src="https://avatars.githubusercontent.com/u/322761?v=4&s=48" width="48" height="48" alt="Eng. Juan Combetto" title="Eng. Juan Combetto"/></a> <a href="https://github.com/mbelinky"><img src="https://avatars.githubusercontent.com/u/132747814?v=4&s=48" width="48" height="48" alt="Mariano Belinky" title="Mariano Belinky"/></a> <a href="https://github.com/julianengel"><img src="https://avatars.githubusercontent.com/u/10634231?v=4&s=48" width="48" height="48" alt="julianengel" title="julianengel"/></a> <a href="https://github.com/claude"><img src="https://avatars.githubusercontent.com/u/81847?v=4&s=48" width="48" height="48" alt="claude" title="claude"/></a> <a href="https://github.com/sreekaransrinath"><img src="https://avatars.githubusercontent.com/u/50989977?v=4&s=48" width="48" height="48" alt="sreekaransrinath" title="sreekaransrinath"/></a> <a href="https://github.com/dbhurley"><img src="https://avatars.githubusercontent.com/u/5251425?v=4&s=48" width="48" height="48" alt="dbhurley" title="dbhurley"/></a> <a href="https://github.com/gupsammy"><img src="https://avatars.githubusercontent.com/u/20296019?v=4&s=48" width="48" height="48" alt="gupsammy" title="gupsammy"/></a> <a href="https://github.com/nachoiacovino"><img src="https://avatars.githubusercontent.com/u/50103937?v=4&s=48" width="48" height="48" alt="nachoiacovino" title="nachoiacovino"/></a> <a href="https://github.com/vsabavat"><img src="https://avatars.githubusercontent.com/u/50385532?v=4&s=48" width="48" height="48" alt="Vasanth Rao Naik Sabavat" title="Vasanth Rao Naik Sabavat"/></a>
+  <a href="https://github.com/jeffersonwarrior"><img src="https://avatars.githubusercontent.com/u/89030989?v=4&s=48" width="48" height="48" alt="jeffersonwarrior" title="jeffersonwarrior"/></a> <a href="https://github.com/scald"><img src="https://avatars.githubusercontent.com/u/1215913?v=4&s=48" width="48" height="48" alt="scald" title="scald"/></a> <a href="https://github.com/andranik-sahakyan"><img src="https://avatars.githubusercontent.com/u/8908029?v=4&s=48" width="48" height="48" alt="andranik-sahakyan" title="andranik-sahakyan"/></a> <a href="https://github.com/Nachx639"><img src="https://avatars.githubusercontent.com/u/71144023?v=4&s=48" width="48" height="48" alt="nachx639" title="nachx639"/></a> <a href="https://github.com/sircrumpet"><img src="https://avatars.githubusercontent.com/u/4436535?v=4&s=48" width="48" height="48" alt="sircrumpet" title="sircrumpet"/></a> <a href="https://github.com/rafaelreis-r"><img src="https://avatars.githubusercontent.com/u/57492577?v=4&s=48" width="48" height="48" alt="rafaelreis-r" title="rafaelreis-r"/></a> <a href="https://github.com/meaningfool"><img src="https://avatars.githubusercontent.com/u/2862331?v=4&s=48" width="48" height="48" alt="meaningfool" title="meaningfool"/></a> <a href="https://github.com/ratulsarna"><img src="https://avatars.githubusercontent.com/u/105903728?v=4&s=48" width="48" height="48" alt="ratulsarna" title="ratulsarna"/></a> <a href="https://github.com/lutr0"><img src="https://avatars.githubusercontent.com/u/76906369?v=4&s=48" width="48" height="48" alt="lutr0" title="lutr0"/></a> <a href="https://github.com/AbhisekBasu1"><img src="https://avatars.githubusercontent.com/u/40645221?v=4&s=48" width="48" height="48" alt="abhisekbasu1" title="abhisekbasu1"/></a>
+  <a href="https://github.com/emanuelst"><img src="https://avatars.githubusercontent.com/u/9994339?v=4&s=48" width="48" height="48" alt="emanuelst" title="emanuelst"/></a> <a href="https://github.com/osolmaz"><img src="https://avatars.githubusercontent.com/u/2453968?v=4&s=48" width="48" height="48" alt="osolmaz" title="osolmaz"/></a> <a href="https://github.com/kiranjd"><img src="https://avatars.githubusercontent.com/u/25822851?v=4&s=48" width="48" height="48" alt="kiranjd" title="kiranjd"/></a> <a href="https://github.com/thewilloftheshadow"><img src="https://avatars.githubusercontent.com/u/35580099?v=4&s=48" width="48" height="48" alt="thewilloftheshadow" title="thewilloftheshadow"/></a> <a href="https://github.com/CashWilliams"><img src="https://avatars.githubusercontent.com/u/613573?v=4&s=48" width="48" height="48" alt="CashWilliams" title="CashWilliams"/></a> <a href="https://github.com/ManuelHettich"><img src="https://avatars.githubusercontent.com/u/17690367?v=4&s=48" width="48" height="48" alt="manuelhettich" title="manuelhettich"/></a> <a href="https://github.com/minghinmatthewlam"><img src="https://avatars.githubusercontent.com/u/14224566?v=4&s=48" width="48" height="48" alt="minghinmatthewlam" title="minghinmatthewlam"/></a> <a href="https://github.com/buddyh"><img src="https://avatars.githubusercontent.com/u/31752869?v=4&s=48" width="48" height="48" alt="buddyh" title="buddyh"/></a> <a href="https://github.com/search?q=sheeek"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="sheeek" title="sheeek"/></a> <a href="https://github.com/timkrase"><img src="https://avatars.githubusercontent.com/u/38947626?v=4&s=48" width="48" height="48" alt="timkrase" title="timkrase"/></a>
+  <a href="https://github.com/mcinteerj"><img src="https://avatars.githubusercontent.com/u/3613653?v=4&s=48" width="48" height="48" alt="mcinteerj" title="mcinteerj"/></a> <a href="https://github.com/azade-c"><img src="https://avatars.githubusercontent.com/u/252790079?v=4&s=48" width="48" height="48" alt="azade-c" title="azade-c"/></a> <a href="https://github.com/imfing"><img src="https://avatars.githubusercontent.com/u/5097752?v=4&s=48" width="48" height="48" alt="imfing" title="imfing"/></a> <a href="https://github.com/petter-b"><img src="https://avatars.githubusercontent.com/u/62076402?v=4&s=48" width="48" height="48" alt="petter-b" title="petter-b"/></a> <a href="https://github.com/RandyVentures"><img src="https://avatars.githubusercontent.com/u/149904821?v=4&s=48" width="48" height="48" alt="RandyVentures" title="RandyVentures"/></a> <a href="https://github.com/search?q=Yurii%20Chukhlib"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Yurii Chukhlib" title="Yurii Chukhlib"/></a> <a href="https://github.com/jalehman"><img src="https://avatars.githubusercontent.com/u/550978?v=4&s=48" width="48" height="48" alt="jalehman" title="jalehman"/></a> <a href="https://github.com/obviyus"><img src="https://avatars.githubusercontent.com/u/22031114?v=4&s=48" width="48" height="48" alt="obviyus" title="obviyus"/></a> <a href="https://github.com/dan-dr"><img src="https://avatars.githubusercontent.com/u/6669808?v=4&s=48" width="48" height="48" alt="dan-dr" title="dan-dr"/></a> <a href="https://github.com/Iamadig"><img src="https://avatars.githubusercontent.com/u/102129234?v=4&s=48" width="48" height="48" alt="iamadig" title="iamadig"/></a>
+  <a href="https://github.com/manmal"><img src="https://avatars.githubusercontent.com/u/142797?v=4&s=48" width="48" height="48" alt="manmal" title="manmal"/></a> <a href="https://github.com/ogulcancelik"><img src="https://avatars.githubusercontent.com/u/7064011?v=4&s=48" width="48" height="48" alt="ogulcancelik" title="ogulcancelik"/></a> <a href="https://github.com/VACInc"><img src="https://avatars.githubusercontent.com/u/3279061?v=4&s=48" width="48" height="48" alt="VACInc" title="VACInc"/></a> <a href="https://github.com/zats"><img src="https://avatars.githubusercontent.com/u/2688806?v=4&s=48" width="48" height="48" alt="zats" title="zats"/></a> <a href="https://github.com/djangonavarro220"><img src="https://avatars.githubusercontent.com/u/251162586?v=4&s=48" width="48" height="48" alt="Django Navarro" title="Django Navarro"/></a> <a href="https://github.com/search?q=L36%20Server"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="L36 Server" title="L36 Server"/></a> <a href="https://github.com/neist"><img src="https://avatars.githubusercontent.com/u/1029724?v=4&s=48" width="48" height="48" alt="neist" title="neist"/></a> <a href="https://github.com/pcty-nextgen-service-account"><img src="https://avatars.githubusercontent.com/u/112553441?v=4&s=48" width="48" height="48" alt="pcty-nextgen-service-account" title="pcty-nextgen-service-account"/></a> <a href="https://github.com/Syhids"><img src="https://avatars.githubusercontent.com/u/671202?v=4&s=48" width="48" height="48" alt="Syhids" title="Syhids"/></a> <a href="https://github.com/erik-agens"><img src="https://avatars.githubusercontent.com/u/80908960?v=4&s=48" width="48" height="48" alt="erik-agens" title="erik-agens"/></a>
+  <a href="https://github.com/fcatuhe"><img src="https://avatars.githubusercontent.com/u/17382215?v=4&s=48" width="48" height="48" alt="fcatuhe" title="fcatuhe"/></a> <a href="https://github.com/jayhickey"><img src="https://avatars.githubusercontent.com/u/1676460?v=4&s=48" width="48" height="48" alt="jayhickey" title="jayhickey"/></a> <a href="https://github.com/jonasjancarik"><img src="https://avatars.githubusercontent.com/u/2459191?v=4&s=48" width="48" height="48" alt="jonasjancarik" title="jonasjancarik"/></a> <a href="https://github.com/jdrhyne"><img src="https://avatars.githubusercontent.com/u/7828464?v=4&s=48" width="48" height="48" alt="Jonathan D. Rhyne (DJ-D)" title="Jonathan D. Rhyne (DJ-D)"/></a> <a href="https://github.com/jverdi"><img src="https://avatars.githubusercontent.com/u/345050?v=4&s=48" width="48" height="48" alt="jverdi" title="jverdi"/></a> <a href="https://github.com/mitschabaude-bot"><img src="https://avatars.githubusercontent.com/u/247582884?v=4&s=48" width="48" height="48" alt="mitschabaude-bot" title="mitschabaude-bot"/></a> <a href="https://github.com/oswalpalash"><img src="https://avatars.githubusercontent.com/u/6431196?v=4&s=48" width="48" height="48" alt="oswalpalash" title="oswalpalash"/></a> <a href="https://github.com/philipp-spiess"><img src="https://avatars.githubusercontent.com/u/458591?v=4&s=48" width="48" height="48" alt="philipp-spiess" title="philipp-spiess"/></a> <a href="https://github.com/pkrmf"><img src="https://avatars.githubusercontent.com/u/1714267?v=4&s=48" width="48" height="48" alt="pkrmf" title="pkrmf"/></a> <a href="https://github.com/search?q=Sash%20Catanzarite"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Sash Catanzarite" title="Sash Catanzarite"/></a>
+  <a href="https://github.com/search?q=VAC"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="VAC" title="VAC"/></a> <a href="https://github.com/search?q=alejandro%20maza"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="alejandro maza" title="alejandro maza"/></a> <a href="https://github.com/antons"><img src="https://avatars.githubusercontent.com/u/129705?v=4&s=48" width="48" height="48" alt="antons" title="antons"/></a> <a href="https://github.com/Asleep123"><img src="https://avatars.githubusercontent.com/u/122379135?v=4&s=48" width="48" height="48" alt="Asleep123" title="Asleep123"/></a> <a href="https://github.com/cash-echo-bot"><img src="https://avatars.githubusercontent.com/u/252747386?v=4&s=48" width="48" height="48" alt="cash-echo-bot" title="cash-echo-bot"/></a> <a href="https://github.com/search?q=Clawd"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Clawd" title="Clawd"/></a> <a href="https://github.com/conhecendocontato"><img src="https://avatars.githubusercontent.com/u/82890727?v=4&s=48" width="48" height="48" alt="conhecendocontato" title="conhecendocontato"/></a> <a href="https://github.com/erikpr1994"><img src="https://avatars.githubusercontent.com/u/6299331?v=4&s=48" width="48" height="48" alt="erikpr1994" title="erikpr1994"/></a> <a href="https://github.com/gtsifrikas"><img src="https://avatars.githubusercontent.com/u/8904378?v=4&s=48" width="48" height="48" alt="gtsifrikas" title="gtsifrikas"/></a> <a href="https://github.com/HazAT"><img src="https://avatars.githubusercontent.com/u/363802?v=4&s=48" width="48" height="48" alt="HazAT" title="HazAT"/></a>
+  <a href="https://github.com/hrdwdmrbl"><img src="https://avatars.githubusercontent.com/u/554881?v=4&s=48" width="48" height="48" alt="hrdwdmrbl" title="hrdwdmrbl"/></a> <a href="https://github.com/hugobarauna"><img src="https://avatars.githubusercontent.com/u/2719?v=4&s=48" width="48" height="48" alt="hugobarauna" title="hugobarauna"/></a> <a href="https://github.com/search?q=Jarvis"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jarvis" title="Jarvis"/></a> <a href="https://github.com/search?q=Keith%20the%20Silly%20Goose"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Keith the Silly Goose" title="Keith the Silly Goose"/></a> <a href="https://github.com/search?q=Kit"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Kit" title="Kit"/></a> <a href="https://github.com/kitze"><img src="https://avatars.githubusercontent.com/u/1160594?v=4&s=48" width="48" height="48" alt="kitze" title="kitze"/></a> <a href="https://github.com/kkarimi"><img src="https://avatars.githubusercontent.com/u/875218?v=4&s=48" width="48" height="48" alt="kkarimi" title="kkarimi"/></a> <a href="https://github.com/loukotal"><img src="https://avatars.githubusercontent.com/u/18210858?v=4&s=48" width="48" height="48" alt="loukotal" title="loukotal"/></a> <a href="https://github.com/mrdbstn"><img src="https://avatars.githubusercontent.com/u/58957632?v=4&s=48" width="48" height="48" alt="mrdbstn" title="mrdbstn"/></a> <a href="https://github.com/MSch"><img src="https://avatars.githubusercontent.com/u/7475?v=4&s=48" width="48" height="48" alt="MSch" title="MSch"/></a>
+  <a href="https://github.com/nexty5870"><img src="https://avatars.githubusercontent.com/u/3869659?v=4&s=48" width="48" height="48" alt="nexty5870" title="nexty5870"/></a> <a href="https://github.com/ngutman"><img src="https://avatars.githubusercontent.com/u/1540134?v=4&s=48" width="48" height="48" alt="ngutman" title="ngutman"/></a> <a href="https://github.com/onutc"><img src="https://avatars.githubusercontent.com/u/152018508?v=4&s=48" width="48" height="48" alt="onutc" title="onutc"/></a> <a href="https://github.com/prathamdby"><img src="https://avatars.githubusercontent.com/u/134331217?v=4&s=48" width="48" height="48" alt="prathamdby" title="prathamdby"/></a> <a href="https://github.com/reeltimeapps"><img src="https://avatars.githubusercontent.com/u/637338?v=4&s=48" width="48" height="48" alt="reeltimeapps" title="reeltimeapps"/></a> <a href="https://github.com/RLTCmpe"><img src="https://avatars.githubusercontent.com/u/10762242?v=4&s=48" width="48" height="48" alt="RLTCmpe" title="RLTCmpe"/></a> <a href="https://github.com/search?q=Rolf%20Fredheim"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Rolf Fredheim" title="Rolf Fredheim"/></a> <a href="https://github.com/snopoke"><img src="https://avatars.githubusercontent.com/u/249606?v=4&s=48" width="48" height="48" alt="snopoke" title="snopoke"/></a> <a href="https://github.com/wstock"><img src="https://avatars.githubusercontent.com/u/1394687?v=4&s=48" width="48" height="48" alt="wstock" title="wstock"/></a> <a href="https://github.com/YuriNachos"><img src="https://avatars.githubusercontent.com/u/19365375?v=4&s=48" width="48" height="48" alt="YuriNachos" title="YuriNachos"/></a>
+  <a href="https://github.com/search?q=Azade"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Azade" title="Azade"/></a> <a href="https://github.com/search?q=ddyo"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="ddyo" title="ddyo"/></a> <a href="https://github.com/search?q=Erik"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Erik" title="Erik"/></a> <a href="https://github.com/latitudeki5223"><img src="https://avatars.githubusercontent.com/u/119656367?v=4&s=48" width="48" height="48" alt="latitudeki5223" title="latitudeki5223"/></a> <a href="https://github.com/search?q=Manuel%20Maly"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Manuel Maly" title="Manuel Maly"/></a> <a href="https://github.com/search?q=Mourad%20Boustani"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Mourad Boustani" title="Mourad Boustani"/></a> <a href="https://github.com/pcty-nextgen-ios-builder"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="pcty-nextgen-ios-builder" title="pcty-nextgen-ios-builder"/></a> <a href="https://github.com/search?q=Quentin"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Quentin" title="Quentin"/></a> <a href="https://github.com/search?q=Randy%20Torres"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Randy Torres" title="Randy Torres"/></a> <a href="https://github.com/search?q=Tobias%20Bischoff"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Tobias Bischoff" title="Tobias Bischoff"/></a>
+  <a href="https://github.com/search?q=William%20Stock"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="William Stock" title="William Stock"/></a> <a href="https://github.com/andrewting19"><img src="https://avatars.githubusercontent.com/u/10536704?v=4&s=48" width="48" height="48" alt="andrewting19" title="andrewting19"/></a>
+</p>
--- a/Swabble/CHANGELOG.md
+++ b/Swabble/CHANGELOG.md
@@ -0,0 +1,11 @@
+# Changelog
+
+## 0.2.0 — 2025-12-23
+
+### Highlights
+- Added `SwabbleKit` (multi-platform wake-word gate utilities with segment-aware gap detection).
+- Swabble package now supports iOS + macOS consumers; CLI remains macOS 26-only.
+
+### Changes
+- CLI wake-word matching/stripping routed through `SwabbleKit` helpers.
+- Speech pipeline types now explicitly gated to macOS 26 / iOS 26 availability.
--- a/Swabble/Package.resolved
+++ b/Swabble/Package.resolved
@@ -1,13 +1,13 @@
 {
-  "originHash" : "3018b2c8c183d55b57ad0c4526b2380ac3b957d13a3a86e1b2845e81323c443a",
+  "originHash" : "5d29ee82825e0764775562242cfa1ff4dc79584797dd638f76c9876545454748",
  "pins" : [
    {
-      "identity" : "commander",
+      "identity" : "elevenlabskit",
      "kind" : "remoteSourceControl",
-      "location" : "https://github.com/steipete/Commander.git",
+      "location" : "https://github.com/steipete/ElevenLabsKit",
      "state" : {
-        "revision" : "8b8cb4f34315ce9e5307b3a2bcd77ff73f586a02",
-        "version" : "0.2.0"
+        "revision" : "c8679fbd37416a8780fe43be88a497ff16209e2d",
+        "version" : "0.1.0"
      }
    },
    {
--- a/Swabble/Package.swift
+++ b/Swabble/Package.swift
@@ -4,14 +4,16 @@ import PackageDescription
 let package = Package(
    name: "swabble",
    platforms: [
-        .macOS(.v26),
+        .macOS(.v15),
+        .iOS(.v17),
    ],
    products: [
        .library(name: "Swabble", targets: ["Swabble"]),
+        .library(name: "SwabbleKit", targets: ["SwabbleKit"]),
        .executable(name: "swabble", targets: ["SwabbleCLI"]),
    ],
    dependencies: [
-        .package(url: "https://github.com/steipete/Commander.git", from: "0.2.0"),
+        .package(path: "../Peekaboo/Commander"),
        .package(url: "https://github.com/apple/swift-testing", from: "0.99.0"),
    ],
    targets: [
@@ -19,13 +21,30 @@ let package = Package(
            name: "Swabble",
            path: "Sources/SwabbleCore",
            swiftSettings: []),
+        .target(
+            name: "SwabbleKit",
+            path: "Sources/SwabbleKit",
+            swiftSettings: [
+                .enableUpcomingFeature("StrictConcurrency"),
+            ]),
        .executableTarget(
            name: "SwabbleCLI",
            dependencies: [
                "Swabble",
+                "SwabbleKit",
                .product(name: "Commander", package: "Commander"),
            ],
            path: "Sources/swabble"),
+        .testTarget(
+            name: "SwabbleKitTests",
+            dependencies: [
+                "SwabbleKit",
+                .product(name: "Testing", package: "swift-testing"),
+            ],
+            swiftSettings: [
+                .enableUpcomingFeature("StrictConcurrency"),
+                .enableExperimentalFeature("SwiftTesting"),
+            ]),
        .testTarget(
            name: "swabbleTests",
            dependencies: [
--- a/Swabble/README.md
+++ b/Swabble/README.md
@@ -1,9 +1,10 @@
 # 🎙️ swabble — Speech.framework wake-word hook daemon (macOS 26)

-swabble is a Swift 6.2, macOS 26-only rewrite of the brabble voice daemon. It listens on your mic, gates on a wake word, transcribes locally using Apple's new SpeechAnalyzer + SpeechTranscriber, then fires a shell hook with the transcript. No cloud calls, no Whisper binaries.
+swabble is a Swift 6.2 wake-word hook daemon. The CLI targets macOS 26 (SpeechAnalyzer + SpeechTranscriber). The shared `SwabbleKit` target is multi-platform and exposes wake-word gating utilities for iOS/macOS apps.

 - **Local-only**: Speech.framework on-device models; zero network usage.
 - **Wake word**: Default `clawd` (aliases `claude`), optional `--no-wake` bypass.
+- **SwabbleKit**: Shared wake gate utilities (gap-based gating when you provide speech segments).
 - **Hooks**: Run any command with prefix/env, cooldown, min_chars, timeout.
 - **Services**: launchd helper stubs for start/stop/install.
 - **File transcribe**: TXT or SRT with time ranges (using AttributedString splits).
@@ -30,7 +31,7 @@ swift run swabble transcribe /path/to/audio.m4a --format srt --output out.srt
 ```

 ## Use as a library
-Add swabble as a SwiftPM dependency and import the `Swabble` product to reuse the Speech pipeline, config loader, hook executor, and transcript store in your own app:
+Add swabble as a SwiftPM dependency and import the `Swabble` or `SwabbleKit` product:

 ```swift
 // Package.swift
@@ -38,7 +39,10 @@ dependencies: [
    .package(url: "https://github.com/steipete/swabble.git", branch: "main"),
 ],
 targets: [
-    .target(name: "MyApp", dependencies: [.product(name: "Swabble", package: "swabble")]),
+    .target(name: "MyApp", dependencies: [
+        .product(name: "Swabble", package: "swabble"),     // Speech pipeline (macOS 26+ / iOS 26+)
+        .product(name: "SwabbleKit", package: "swabble"),  // Wake-word gate utilities (iOS 17+ / macOS 15+)
+    ]),
 ]
 ```

@@ -93,7 +97,7 @@ Environment variables:

 ## Speech pipeline
 - `AVAudioEngine` tap → `BufferConverter` → `AnalyzerInput` → `SpeechAnalyzer` with a `SpeechTranscriber` module.
- Requests volatile + final results; wake gating is string match on partial/final.
+- Requests volatile + final results; the CLI uses text-only wake gating today.
 - Authorization requested at first start; requires macOS 26 + new Speech.framework APIs.

 ## Development
--- a/Swabble/Sources/SwabbleCore/Speech/SpeechPipeline.swift
+++ b/Swabble/Sources/SwabbleCore/Speech/SpeechPipeline.swift
@@ -2,11 +2,13 @@ import AVFoundation
 import Foundation
 import Speech

+@available(macOS 26.0, iOS 26.0, *)
 public struct SpeechSegment: Sendable {
    public let text: String
    public let isFinal: Bool
 }

+@available(macOS 26.0, iOS 26.0, *)
 public enum SpeechPipelineError: Error {
    case authorizationDenied
    case analyzerFormatUnavailable
@@ -14,6 +16,7 @@ public enum SpeechPipelineError: Error {
 }

 /// Live microphone → SpeechAnalyzer → SpeechTranscriber pipeline.
+@available(macOS 26.0, iOS 26.0, *)
 public actor SpeechPipeline {
    private struct UnsafeBuffer: @unchecked Sendable { let buffer: AVAudioPCMBuffer }

--- a/Swabble/Sources/SwabbleKit/WakeWordGate.swift
+++ b/Swabble/Sources/SwabbleKit/WakeWordGate.swift
@@ -0,0 +1,192 @@
+import Foundation
+
+public struct WakeWordSegment: Sendable, Equatable {
+    public let text: String
+    public let start: TimeInterval
+    public let duration: TimeInterval
+    public let range: Range<String.Index>?
+
+    public init(text: String, start: TimeInterval, duration: TimeInterval, range: Range<String.Index>? = nil) {
+        self.text = text
+        self.start = start
+        self.duration = duration
+        self.range = range
+    }
+
+    public var end: TimeInterval { start + duration }
+}
+
+public struct WakeWordGateConfig: Sendable, Equatable {
+    public var triggers: [String]
+    public var minPostTriggerGap: TimeInterval
+    public var minCommandLength: Int
+
+    public init(
+        triggers: [String],
+        minPostTriggerGap: TimeInterval = 0.45,
+        minCommandLength: Int = 1)
+    {
+        self.triggers = triggers
+        self.minPostTriggerGap = minPostTriggerGap
+        self.minCommandLength = minCommandLength
+    }
+}
+
+public struct WakeWordGateMatch: Sendable, Equatable {
+    public let triggerEndTime: TimeInterval
+    public let postGap: TimeInterval
+    public let command: String
+
+    public init(triggerEndTime: TimeInterval, postGap: TimeInterval, command: String) {
+        self.triggerEndTime = triggerEndTime
+        self.postGap = postGap
+        self.command = command
+    }
+}
+
+public enum WakeWordGate {
+    private struct Token {
+        let normalized: String
+        let start: TimeInterval
+        let end: TimeInterval
+        let range: Range<String.Index>?
+        let text: String
+    }
+
+    private struct TriggerTokens {
+        let tokens: [String]
+    }
+
+    public static func match(
+        transcript: String,
+        segments: [WakeWordSegment],
+        config: WakeWordGateConfig)
+    -> WakeWordGateMatch? {
+        let triggerTokens = normalizeTriggers(config.triggers)
+        guard !triggerTokens.isEmpty else { return nil }
+
+        let tokens = normalizeSegments(segments)
+        guard !tokens.isEmpty else { return nil }
+
+        var best: (index: Int, triggerEnd: TimeInterval, gap: TimeInterval)?
+
+        for trigger in triggerTokens {
+            let count = trigger.tokens.count
+            guard count > 0, tokens.count > count else { continue }
+            for i in 0...(tokens.count - count - 1) {
+                let matched = (0..<count).allSatisfy { tokens[i + $0].normalized == trigger.tokens[$0] }
+                if !matched { continue }
+
+                let triggerEnd = tokens[i + count - 1].end
+                let nextToken = tokens[i + count]
+                let gap = nextToken.start - triggerEnd
+                if gap < config.minPostTriggerGap { continue }
+
+                if let best, i <= best.index { continue }
+
+                best = (i, triggerEnd, gap)
+            }
+        }
+
+        guard let best else { return nil }
+        let command = commandText(transcript: transcript, segments: segments, triggerEndTime: best.triggerEnd)
+            .trimmingCharacters(in: Self.whitespaceAndPunctuation)
+        guard command.count >= config.minCommandLength else { return nil }
+        return WakeWordGateMatch(triggerEndTime: best.triggerEnd, postGap: best.gap, command: command)
+    }
+
+    public static func commandText(
+        transcript: String,
+        segments: [WakeWordSegment],
+        triggerEndTime: TimeInterval)
+    -> String {
+        let threshold = triggerEndTime + 0.001
+        for segment in segments where segment.start >= threshold {
+            if normalizeToken(segment.text).isEmpty { continue }
+            if let range = segment.range {
+                let slice = transcript[range.lowerBound...]
+                return String(slice).trimmingCharacters(in: Self.whitespaceAndPunctuation)
+            }
+            break
+        }
+
+        let text = segments
+            .filter { $0.start >= threshold && !normalizeToken($0.text).isEmpty }
+            .map(\.text)
+            .joined(separator: " ")
+        return text.trimmingCharacters(in: Self.whitespaceAndPunctuation)
+    }
+
+    public static func matchesTextOnly(text: String, triggers: [String]) -> Bool {
+        guard !text.isEmpty else { return false }
+        let normalized = text.lowercased()
+        for trigger in triggers {
+            let token = trigger.trimmingCharacters(in: whitespaceAndPunctuation).lowercased()
+            if token.isEmpty { continue }
+            if normalized.contains(token) { return true }
+        }
+        return false
+    }
+
+    public static func stripWake(text: String, triggers: [String]) -> String {
+        var out = text
+        for trigger in triggers {
+            let token = trigger.trimmingCharacters(in: whitespaceAndPunctuation)
+            guard !token.isEmpty else { continue }
+            out = out.replacingOccurrences(of: token, with: "", options: [.caseInsensitive])
+        }
+        return out.trimmingCharacters(in: whitespaceAndPunctuation)
+    }
+
+    private static func normalizeTriggers(_ triggers: [String]) -> [TriggerTokens] {
+        var output: [TriggerTokens] = []
+        for trigger in triggers {
+            let tokens = trigger
+                .split(whereSeparator: { $0.isWhitespace })
+                .map { normalizeToken(String($0)) }
+                .filter { !$0.isEmpty }
+            if tokens.isEmpty { continue }
+            output.append(TriggerTokens(tokens: tokens))
+        }
+        return output
+    }
+
+    private static func normalizeSegments(_ segments: [WakeWordSegment]) -> [Token] {
+        segments.compactMap { segment in
+            let normalized = normalizeToken(segment.text)
+            guard !normalized.isEmpty else { return nil }
+            return Token(
+                normalized: normalized,
+                start: segment.start,
+                end: segment.end,
+                range: segment.range,
+                text: segment.text)
+        }
+    }
+
+    private static func normalizeToken(_ token: String) -> String {
+        token
+            .trimmingCharacters(in: whitespaceAndPunctuation)
+            .lowercased()
+    }
+
+    private static let whitespaceAndPunctuation = CharacterSet.whitespacesAndNewlines
+        .union(.punctuationCharacters)
+}
+
+#if canImport(Speech)
+import Speech
+
+public enum WakeWordSpeechSegments {
+    public static func from(transcription: SFTranscription, transcript: String) -> [WakeWordSegment] {
+        transcription.segments.map { segment in
+            let range = Range(segment.substringRange, in: transcript)
+            return WakeWordSegment(
+                text: segment.substring,
+                start: segment.timestamp,
+                duration: segment.duration,
+                range: range)
+        }
+    }
+}
+#endif
--- a/Swabble/Sources/swabble/CLI/CLIRegistry.swift
+++ b/Swabble/Sources/swabble/CLI/CLIRegistry.swift
@@ -1,6 +1,7 @@
 import Commander
 import Foundation

+@available(macOS 26.0, *)
@MainActor
 enum CLIRegistry {
    static var descriptors: [CommandDescriptor] {
--- a/Swabble/Sources/swabble/Commands/ServeCommand.swift
+++ b/Swabble/Sources/swabble/Commands/ServeCommand.swift
@@ -1,7 +1,9 @@
 import Commander
 import Foundation
 import Swabble
+import SwabbleKit

+@available(macOS 26.0, *)
@MainActor
 struct ServeCommand: ParsableCommand {
    @Option(name: .long("config"), help: "Path to config JSON") var configPath: String?
@@ -68,17 +70,12 @@ struct ServeCommand: ParsableCommand {
    }

    private static func matchesWake(text: String, cfg: SwabbleConfig) -> Bool {
-        let lowered = text.lowercased()
-        if lowered.contains(cfg.wake.word.lowercased()) { return true }
-        return cfg.wake.aliases.contains(where: { lowered.contains($0.lowercased()) })
+        let triggers = [cfg.wake.word] + cfg.wake.aliases
+        return WakeWordGate.matchesTextOnly(text: text, triggers: triggers)
    }

    private static func stripWake(text: String, cfg: SwabbleConfig) -> String {
-        var out = text
-        out = out.replacingOccurrences(of: cfg.wake.word, with: "", options: [.caseInsensitive])
-        for alias in cfg.wake.aliases {
-            out = out.replacingOccurrences(of: alias, with: "", options: [.caseInsensitive])
-        }
-        return out.trimmingCharacters(in: .whitespacesAndNewlines)
+        let triggers = [cfg.wake.word] + cfg.wake.aliases
+        return WakeWordGate.stripWake(text: text, triggers: triggers)
    }
 }
--- a/Swabble/Sources/swabble/main.swift
+++ b/Swabble/Sources/swabble/main.swift
@@ -1,6 +1,7 @@
 import Commander
 import Foundation

+@available(macOS 26.0, *)
@MainActor
 private func runCLI() async -> Int32 {
    do {
@@ -15,6 +16,7 @@ private func runCLI() async -> Int32 {
    }
 }

+@available(macOS 26.0, *)
@MainActor
 private func dispatch(invocation: CommandInvocation) async throws {
    let parsed = invocation.parsedValues
@@ -95,5 +97,10 @@ private func dispatch(invocation: CommandInvocation) async throws {
    }
 }

-let exitCode = await runCLI()
-exit(exitCode)
+if #available(macOS 26.0, *) {
+    let exitCode = await runCLI()
+    exit(exitCode)
+} else {
+    fputs("error: swabble requires macOS 26 or newer\n", stderr)
+    exit(1)
+}
--- a/Swabble/Tests/SwabbleKitTests/WakeWordGateTests.swift
+++ b/Swabble/Tests/SwabbleKitTests/WakeWordGateTests.swift
@@ -0,0 +1,63 @@
+import Foundation
+import SwabbleKit
+import Testing
+
+@Suite struct WakeWordGateTests {
+    @Test func matchRequiresGapAfterTrigger() {
+        let transcript = "hey clawd do thing"
+        let segments = makeSegments(
+            transcript: transcript,
+            words: [
+                ("hey", 0.0, 0.1),
+                ("clawd", 0.2, 0.1),
+                ("do", 0.35, 0.1),
+                ("thing", 0.5, 0.1),
+            ])
+        let config = WakeWordGateConfig(triggers: ["clawd"], minPostTriggerGap: 0.3)
+        #expect(WakeWordGate.match(transcript: transcript, segments: segments, config: config) == nil)
+    }
+
+    @Test func matchAllowsGapAndExtractsCommand() {
+        let transcript = "hey clawd do thing"
+        let segments = makeSegments(
+            transcript: transcript,
+            words: [
+                ("hey", 0.0, 0.1),
+                ("clawd", 0.2, 0.1),
+                ("do", 0.9, 0.1),
+                ("thing", 1.1, 0.1),
+            ])
+        let config = WakeWordGateConfig(triggers: ["clawd"], minPostTriggerGap: 0.3)
+        let match = WakeWordGate.match(transcript: transcript, segments: segments, config: config)
+        #expect(match?.command == "do thing")
+    }
+
+    @Test func matchHandlesMultiWordTriggers() {
+        let transcript = "hey clawd do it"
+        let segments = makeSegments(
+            transcript: transcript,
+            words: [
+                ("hey", 0.0, 0.1),
+                ("clawd", 0.2, 0.1),
+                ("do", 0.8, 0.1),
+                ("it", 1.0, 0.1),
+            ])
+        let config = WakeWordGateConfig(triggers: ["hey clawd"], minPostTriggerGap: 0.3)
+        let match = WakeWordGate.match(transcript: transcript, segments: segments, config: config)
+        #expect(match?.command == "do it")
+    }
+}
+
+private func makeSegments(
+    transcript: String,
+    words: [(String, TimeInterval, TimeInterval)])
+-> [WakeWordSegment] {
+    var searchStart = transcript.startIndex
+    var output: [WakeWordSegment] = []
+    for (word, start, duration) in words {
+        let range = transcript.range(of: word, range: searchStart..<transcript.endIndex)
+        output.append(WakeWordSegment(text: word, start: start, duration: duration, range: range))
+        if let range { searchStart = range.upperBound }
+    }
+    return output
+}
--- a/Swabble/docs/spec.md
+++ b/Swabble/docs/spec.md
@@ -1,11 +1,12 @@
 # swabble — macOS 26 speech hook daemon (Swift 6.2)

-Goal: brabble-style always-on voice hook for macOS 26 using Apple Speech.framework (SpeechAnalyzer + SpeechTranscriber) instead of whisper.cpp. Local-only, wake word gated, dispatches a shell hook with the transcript.
+Goal: brabble-style always-on voice hook for macOS 26 using Apple Speech.framework (SpeechAnalyzer + SpeechTranscriber) instead of whisper.cpp. Local-only, wake word gated, dispatches a shell hook with the transcript. Shared wake-gate utilities live in `SwabbleKit` for reuse by other apps (iOS/macOS).

 ## Requirements
 - macOS 26+, Swift 6.2, Speech.framework with on-device assets.
 - Local only; no network calls during transcription.
 - Wake word gating (default "clawd" plus aliases) with bypass flag `--no-wake`.
+- `SwabbleKit` target (multi-platform) providing wake-word gating helpers that can use speech segment timing to require a post-trigger gap.
 - Hook execution with cooldown, min_chars, timeout, prefix, env vars.
 - Simple config at `~/.config/swabble/config.json` (JSON, Codable) — no TOML.
 - CLI implemented with Commander (SwiftPM package `steipete/Commander`); core types are available via the SwiftPM library product `Swabble` for embedding.
@@ -17,7 +18,7 @@ Goal: brabble-style always-on voice hook for macOS 26 using Apple Speech.framewo
 - **CLI layer (Commander)**: Root command `swabble` with subcommands `serve`, `transcribe`, `test-hook`, `mic list|set`, `doctor`, `health`, `tail-log`. Runtime flags from Commander (`-v/--verbose`, `--json-output`, `--log-level`). Custom `--config` path applies everywhere.
 - **Config**: `SwabbleConfig` Codable. Fields: audio device name/index, wake (enabled/word/aliases/sensitivity placeholder), hook (command/args/prefix/cooldown/min_chars/timeout/env), logging (level, format), transcripts (enabled, max kept), speech (locale, enableEtiquetteReplacements flag). Stored JSON; default written by `setup`.
 - **Audio + Speech pipeline**: `SpeechPipeline` wraps `AVAudioEngine` input → `SpeechAnalyzer` with `SpeechTranscriber` module. Emits partial/final transcripts via async stream. Requests `.audioTimeRange` when transcripts enabled. Handles Speech permission and asset download prompts ahead of capture.
- **Wake gate**: text-based keyword match against latest partial/final; strips wake term before hook dispatch. `--no-wake` disables.
+- **Wake gate**: CLI currently uses text-only keyword match; shared `SwabbleKit` gate can enforce a minimum pause between the wake word and the next token when speech segments are available. `--no-wake` disables gating.
 - **Hook executor**: async `HookExecutor` spawns `Process` with configured args, prefix substitution `${hostname}`. Enforces cooldown + timeout; injects env `SWABBLE_TEXT`, `SWABBLE_PREFIX` plus user env map.
 - **Transcripts store**: in-memory ring buffer; optional persisted JSON lines under `~/Library/Application Support/swabble/transcripts.log`.
 - **Logging**: simple structured logger to stderr; respects log level.
@@ -25,7 +26,7 @@ Goal: brabble-style always-on voice hook for macOS 26 using Apple Speech.framewo
 ## Out of scope (initial cut)
 - Model management (Speech handles assets).
 - Launchd helper (planned follow-up).
- Advanced wake-word detector (text match only for now).
+- Advanced wake-word detector (segment-aware gate now lives in `SwabbleKit`; CLI still text-only until segment timing is plumbed through).

 ## Open decisions
 - Whether to expose a UNIX control socket for `status`/`health` (currently planned as stdin/out direct calls).
--- a/appcast.xml
+++ b/appcast.xml
@@ -1,10 +1,55 @@
-<?xml version="1.0" encoding="utf-8"?>
-<rss version="2.0"
-     xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle"
-     xmlns:dc="http://purl.org/dc/elements/1.1/">
-  <channel>
-    <title>Clawdis Updates</title>
-    <link>https://raw.githubusercontent.com/steipete/clawdis/main/appcast.xml</link>
-    <description>Signed update feed for the Clawdis macOS companion app.</description>
-  </channel>
-</rss>
+<?xml version="1.0" standalone="yes"?>
+<rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
+    <channel>
+        <title>Clawdis</title>
+        <item>
+            <title>2026.1.5-3</title>
+            <pubDate>Mon, 05 Jan 2026 04:30:46 +0100</pubDate>
+            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
+            <sparkle:version>3095</sparkle:version>
+            <sparkle:shortVersionString>2026.1.5-3</sparkle:shortVersionString>
+            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
+            <description><![CDATA[<h2>Clawdbot 2026.1.5-3</h2>
+<h3>Fixes</h3>
+<ul>
+<li>NPM package: include missing runtime dist folders (slack/signal/imessage/tui/wizard/control-ui/daemon) to avoid <code>ERR_MODULE_NOT_FOUND</code> in Node 25 npx installs.</li>
+</ul>
+<p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
+]]></description>
+            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.5-3/Clawdbot-2026.1.5-3.zip" length="160800596" type="application/octet-stream" sparkle:edSignature="P8U3nvIFpbGmRItT/NGPmJ/i370OMVvDHYQL/znYsLI0MrbGfXgMGEvR5A0uwW+cJevlX/hrJLiY51zo4rAMBg=="/>
+        </item>
+        <item>
+            <title>2026.1.5-3</title>
+            <pubDate>Mon, 05 Jan 2026 03:57:59 +0100</pubDate>
+            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
+            <sparkle:version>3091</sparkle:version>
+            <sparkle:shortVersionString>2026.1.5-3</sparkle:shortVersionString>
+            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
+            <description><![CDATA[<h2>Clawdbot 2026.1.5-3</h2>
+<h3>Fixes</h3>
+<ul>
+<li>NPM package: include missing runtime dist folders (slack/signal/imessage/tui/wizard/control-ui/daemon) to avoid <code>ERR_MODULE_NOT_FOUND</code> in Node 25 npx installs.</li>
+</ul>
+<p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
+]]></description>
+            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.5-3/Clawdbot-2026.1.5-3.zip" length="160797048" type="application/octet-stream" sparkle:edSignature="5KYFg0SW7liwLxLJbfzd2KsAxbX06gMH0rH/W3a4V0p4N48hjz4AsSrfFLdGZSnW+6XaJjC3MN6Ynh+l7kffDQ=="/>
+        </item>
+        <item>
+            <title>2026.1.5-2</title>
+            <pubDate>Mon, 05 Jan 2026 03:51:30 +0100</pubDate>
+            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
+            <sparkle:version>3089</sparkle:version>
+            <sparkle:shortVersionString>2026.1.5-2</sparkle:shortVersionString>
+            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
+            <description><![CDATA[<h2>Clawdbot 2026.1.5-2</h2>
+<h3>Fixes</h3>
+<ul>
+<li>NPM package: include <code>dist/sessions</code> so <code>clawdbot agent</code> resolves session helpers in npx installs.</li>
+<li>Node 25: avoid unsupported directory import by targeting <code>qrcode-terminal/vendor/QRCode/*.js</code> modules.</li>
+</ul>
+<p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
+]]></description>
+            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.5-2/Clawdbot-2026.1.5-2.zip" length="150250417" type="application/octet-stream" sparkle:edSignature="ntHNmwyHrv6cPk6NAKOT3AUkwdt5ZadrGU6mJK4GmVxi44uIMT3ZXluvnqK9SxXQwA0H0dXjiGMS/cg8NbgqDA=="/>
+        </item>
+    </channel>
+</rss>
--- a/apps/android/README.md
+++ b/apps/android/README.md
@@ -1,6 +1,6 @@
-## Clawdis Node (Android) (internal)
+## Clawdbot Node (Android) (internal)

-Modern Android “node” app (Iris parity): connects to the **Gateway-owned bridge** (`_clawdis-bridge._tcp`) over TCP and exposes **Canvas + Chat + Camera**.
+Modern Android node app: connects to the **Gateway-owned bridge** (`_clawdbot-bridge._tcp`) over TCP and exposes **Canvas + Chat + Camera**.

 Notes:
 - The node keeps the connection alive via a **foreground service** (persistent notification with a Disconnect action).
@@ -25,7 +25,7 @@ cd apps/android

 1) Start the gateway (on your “master” machine):
 ```bash
-pnpm clawdis gateway --port 18789 --verbose
+pnpm clawdbot gateway --port 18789 --verbose
 ```

 2) In the Android app:
@@ -34,8 +34,8 @@ pnpm clawdis gateway --port 18789 --verbose

 3) Approve pairing (on the gateway machine):
 ```bash
-clawdis nodes pending
-clawdis nodes approve <requestId>
+clawdbot nodes pending
+clawdbot nodes approve <requestId>
 ```

 More details: `docs/android/connect.md`.
--- a/apps/android/app/build.gradle.kts
+++ b/apps/android/app/build.gradle.kts
@@ -1,3 +1,5 @@
+import com.android.build.api.variant.impl.VariantOutputImpl
+
 plugins {
  id("com.android.application")
  id("org.jetbrains.kotlin.android")
@@ -6,15 +8,21 @@ plugins {
 }

 android {
-  namespace = "com.steipete.clawdis.node"
+  namespace = "com.clawdbot.android"
  compileSdk = 36

+  sourceSets {
+    getByName("main") {
+      assets.srcDir(file("../../shared/ClawdbotKit/Sources/ClawdbotKit/Resources"))
+    }
+  }
+
  defaultConfig {
-    applicationId = "com.steipete.clawdis.node"
+    applicationId = "com.clawdbot.android"
    minSdk = 31
    targetSdk = 36
-    versionCode = 1
-    versionName = "0.1"
+    versionCode = 20260109
+    versionName = "2026.1.9"
  }

  buildTypes {
@@ -25,6 +33,7 @@ android {

  buildFeatures {
    compose = true
+    buildConfig = true
  }

  compileOptions {
@@ -32,15 +41,38 @@ android {
    targetCompatibility = JavaVersion.VERSION_17
  }

-  kotlinOptions {
-    jvmTarget = "17"
-  }
-
  packaging {
    resources {
      excludes += "/META-INF/{AL2.0,LGPL2.1}"
    }
  }
+
+  lint {
+    disable += setOf("IconLauncherShape")
+  }
+
+  testOptions {
+    unitTests.isIncludeAndroidResources = true
+  }
+}
+
+androidComponents {
+  onVariants { variant ->
+    variant.outputs
+      .filterIsInstance<VariantOutputImpl>()
+      .forEach { output ->
+        val versionName = output.versionName.orNull ?: "0"
+        val buildType = variant.buildType
+
+        val outputFileName = "clawdbot-${versionName}-${buildType}.apk"
+        output.outputFileName = outputFileName
+      }
+  }
+}
+kotlin {
+  compilerOptions {
+    jvmTarget.set(org.jetbrains.kotlin.gradle.dsl.JvmTarget.JVM_17)
+  }
 }

 dependencies {
@@ -50,11 +82,13 @@ dependencies {

  implementation("androidx.core:core-ktx:1.17.0")
  implementation("androidx.lifecycle:lifecycle-runtime-ktx:2.10.0")
-  implementation("androidx.activity:activity-compose:1.12.1")
+  implementation("androidx.activity:activity-compose:1.12.2")
+  implementation("androidx.webkit:webkit:1.15.0")

  implementation("androidx.compose.ui:ui")
  implementation("androidx.compose.ui:ui-tooling-preview")
  implementation("androidx.compose.material3:material3")
+  implementation("androidx.compose.material:material-icons-extended")
  implementation("androidx.navigation:navigation-compose:2.9.6")

  debugImplementation("androidx.compose.ui:ui-tooling")
@@ -74,6 +108,17 @@ dependencies {
  implementation("androidx.camera:camera-video:1.5.2")
  implementation("androidx.camera:camera-view:1.5.2")

+  // Unicast DNS-SD (Wide-Area Bonjour) for tailnet discovery domains.
+  implementation("dnsjava:dnsjava:3.6.3")
+
  testImplementation("junit:junit:4.13.2")
  testImplementation("org.jetbrains.kotlinx:kotlinx-coroutines-test:1.10.2")
+  testImplementation("io.kotest:kotest-runner-junit5-jvm:6.0.7")
+  testImplementation("io.kotest:kotest-assertions-core-jvm:6.0.7")
+  testImplementation("org.robolectric:robolectric:4.16")
+  testRuntimeOnly("org.junit.vintage:junit-vintage-engine:6.0.1")
+}
+
+tasks.withType<Test>().configureEach {
+  useJUnitPlatform()
 }
--- a/apps/android/app/src/main/AndroidManifest.xml
+++ b/apps/android/app/src/main/AndroidManifest.xml
@@ -3,26 +3,40 @@
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_DATA_SYNC" />
+    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_MICROPHONE" />
+    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_MEDIA_PROJECTION" />
    <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
    <uses-permission
        android:name="android.permission.NEARBY_WIFI_DEVICES"
        android:usesPermissionFlags="neverForLocation" />
-    <uses-permission
-        android:name="android.permission.ACCESS_FINE_LOCATION"
-        android:maxSdkVersion="32" />
+    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
+    <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
+    <uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />
    <uses-permission android:name="android.permission.CAMERA" />
    <uses-permission android:name="android.permission.RECORD_AUDIO" />
+    <uses-permission android:name="android.permission.SEND_SMS" />
+    <uses-feature
+        android:name="android.hardware.camera"
+        android:required="false" />
+    <uses-feature
+        android:name="android.hardware.telephony"
+        android:required="false" />

    <application
        android:name=".NodeApp"
        android:allowBackup="true"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:roundIcon="@mipmap/ic_launcher_round"
        android:label="@string/app_name"
        android:supportsRtl="true"
-        android:theme="@style/Theme.ClawdisNode">
+        android:networkSecurityConfig="@xml/network_security_config"
+        android:theme="@style/Theme.ClawdbotNode">
        <service
            android:name=".NodeForegroundService"
            android:exported="false"
-            android:foregroundServiceType="dataSync" />
+            android:foregroundServiceType="dataSync|microphone|mediaProjection" />
        <activity
            android:name=".MainActivity"
            android:exported="true">
--- a/apps/android/app/src/main/java/com/clawdbot/android/CameraHudState.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/CameraHudState.kt
@@ -0,0 +1,15 @@
+package com.clawdbot.android
+
+enum class CameraHudKind {
+  Photo,
+  Recording,
+  Success,
+  Error,
+}
+
+data class CameraHudState(
+  val token: Long,
+  val kind: CameraHudKind,
+  val message: String,
+)
+
--- a/apps/android/app/src/main/java/com/clawdbot/android/DeviceNames.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/DeviceNames.kt
@@ -0,0 +1,26 @@
+package com.clawdbot.android
+
+import android.content.Context
+import android.os.Build
+import android.provider.Settings
+
+object DeviceNames {
+  fun bestDefaultNodeName(context: Context): String {
+    val deviceName =
+      runCatching {
+          Settings.Global.getString(context.contentResolver, "device_name")
+        }
+        .getOrNull()
+        ?.trim()
+        .orEmpty()
+
+    if (deviceName.isNotEmpty()) return deviceName
+
+    val model =
+      listOfNotNull(Build.MANUFACTURER?.takeIf { it.isNotBlank() }, Build.MODEL?.takeIf { it.isNotBlank() })
+        .joinToString(" ")
+        .trim()
+
+    return model.ifEmpty { "Android Node" }
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/LocationMode.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/LocationMode.kt
@@ -0,0 +1,15 @@
+package com.clawdbot.android
+
+enum class LocationMode(val rawValue: String) {
+  Off("off"),
+  WhileUsing("whileUsing"),
+  Always("always"),
+  ;
+
+  companion object {
+    fun fromRawValue(raw: String?): LocationMode {
+      val normalized = raw?.trim()?.lowercase()
+      return entries.firstOrNull { it.rawValue.lowercase() == normalized } ?: Off
+    }
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/MainActivity.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/MainActivity.kt
@@ -0,0 +1,130 @@
+package com.clawdbot.android
+
+import android.Manifest
+import android.content.pm.ApplicationInfo
+import android.os.Bundle
+import android.os.Build
+import android.view.WindowManager
+import android.webkit.WebView
+import androidx.activity.ComponentActivity
+import androidx.activity.compose.setContent
+import androidx.activity.viewModels
+import androidx.compose.material3.Surface
+import androidx.compose.ui.Modifier
+import androidx.core.content.ContextCompat
+import androidx.core.view.WindowCompat
+import androidx.core.view.WindowInsetsCompat
+import androidx.core.view.WindowInsetsControllerCompat
+import androidx.lifecycle.Lifecycle
+import androidx.lifecycle.lifecycleScope
+import androidx.lifecycle.repeatOnLifecycle
+import com.clawdbot.android.ui.RootScreen
+import com.clawdbot.android.ui.ClawdbotTheme
+import kotlinx.coroutines.launch
+
+class MainActivity : ComponentActivity() {
+  private val viewModel: MainViewModel by viewModels()
+  private lateinit var permissionRequester: PermissionRequester
+  private lateinit var screenCaptureRequester: ScreenCaptureRequester
+
+  override fun onCreate(savedInstanceState: Bundle?) {
+    super.onCreate(savedInstanceState)
+    val isDebuggable = (applicationInfo.flags and ApplicationInfo.FLAG_DEBUGGABLE) != 0
+    WebView.setWebContentsDebuggingEnabled(isDebuggable)
+    applyImmersiveMode()
+    requestDiscoveryPermissionsIfNeeded()
+    requestNotificationPermissionIfNeeded()
+    NodeForegroundService.start(this)
+    permissionRequester = PermissionRequester(this)
+    screenCaptureRequester = ScreenCaptureRequester(this)
+    viewModel.camera.attachLifecycleOwner(this)
+    viewModel.camera.attachPermissionRequester(permissionRequester)
+    viewModel.sms.attachPermissionRequester(permissionRequester)
+    viewModel.screenRecorder.attachScreenCaptureRequester(screenCaptureRequester)
+    viewModel.screenRecorder.attachPermissionRequester(permissionRequester)
+
+    lifecycleScope.launch {
+      repeatOnLifecycle(Lifecycle.State.STARTED) {
+        viewModel.preventSleep.collect { enabled ->
+          if (enabled) {
+            window.addFlags(WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON)
+          } else {
+            window.clearFlags(WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON)
+          }
+        }
+      }
+    }
+
+    setContent {
+      ClawdbotTheme {
+        Surface(modifier = Modifier) {
+          RootScreen(viewModel = viewModel)
+        }
+      }
+    }
+  }
+
+  override fun onResume() {
+    super.onResume()
+    applyImmersiveMode()
+  }
+
+  override fun onWindowFocusChanged(hasFocus: Boolean) {
+    super.onWindowFocusChanged(hasFocus)
+    if (hasFocus) {
+      applyImmersiveMode()
+    }
+  }
+
+  override fun onStart() {
+    super.onStart()
+    viewModel.setForeground(true)
+  }
+
+  override fun onStop() {
+    viewModel.setForeground(false)
+    super.onStop()
+  }
+
+  private fun applyImmersiveMode() {
+    WindowCompat.setDecorFitsSystemWindows(window, false)
+    val controller = WindowInsetsControllerCompat(window, window.decorView)
+    controller.systemBarsBehavior =
+      WindowInsetsControllerCompat.BEHAVIOR_SHOW_TRANSIENT_BARS_BY_SWIPE
+    controller.hide(WindowInsetsCompat.Type.systemBars())
+  }
+
+  private fun requestDiscoveryPermissionsIfNeeded() {
+    if (Build.VERSION.SDK_INT >= 33) {
+      val ok =
+        ContextCompat.checkSelfPermission(
+          this,
+          Manifest.permission.NEARBY_WIFI_DEVICES,
+        ) == android.content.pm.PackageManager.PERMISSION_GRANTED
+      if (!ok) {
+        requestPermissions(arrayOf(Manifest.permission.NEARBY_WIFI_DEVICES), 100)
+      }
+    } else {
+      val ok =
+        ContextCompat.checkSelfPermission(
+          this,
+          Manifest.permission.ACCESS_FINE_LOCATION,
+        ) == android.content.pm.PackageManager.PERMISSION_GRANTED
+      if (!ok) {
+        requestPermissions(arrayOf(Manifest.permission.ACCESS_FINE_LOCATION), 101)
+      }
+    }
+  }
+
+  private fun requestNotificationPermissionIfNeeded() {
+    if (Build.VERSION.SDK_INT < 33) return
+    val ok =
+      ContextCompat.checkSelfPermission(
+        this,
+        Manifest.permission.POST_NOTIFICATIONS,
+      ) == android.content.pm.PackageManager.PERMISSION_GRANTED
+    if (!ok) {
+      requestPermissions(arrayOf(Manifest.permission.POST_NOTIFICATIONS), 102)
+    }
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/MainViewModel.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/MainViewModel.kt
@@ -0,0 +1,168 @@
+package com.clawdbot.android
+
+import android.app.Application
+import androidx.lifecycle.AndroidViewModel
+import com.clawdbot.android.bridge.BridgeEndpoint
+import com.clawdbot.android.chat.OutgoingAttachment
+import com.clawdbot.android.node.CameraCaptureManager
+import com.clawdbot.android.node.CanvasController
+import com.clawdbot.android.node.ScreenRecordManager
+import com.clawdbot.android.node.SmsManager
+import kotlinx.coroutines.flow.StateFlow
+
+class MainViewModel(app: Application) : AndroidViewModel(app) {
+  private val runtime: NodeRuntime = (app as NodeApp).runtime
+
+  val canvas: CanvasController = runtime.canvas
+  val camera: CameraCaptureManager = runtime.camera
+  val screenRecorder: ScreenRecordManager = runtime.screenRecorder
+  val sms: SmsManager = runtime.sms
+
+  val bridges: StateFlow<List<BridgeEndpoint>> = runtime.bridges
+  val discoveryStatusText: StateFlow<String> = runtime.discoveryStatusText
+
+  val isConnected: StateFlow<Boolean> = runtime.isConnected
+  val statusText: StateFlow<String> = runtime.statusText
+  val serverName: StateFlow<String?> = runtime.serverName
+  val remoteAddress: StateFlow<String?> = runtime.remoteAddress
+  val isForeground: StateFlow<Boolean> = runtime.isForeground
+  val seamColorArgb: StateFlow<Long> = runtime.seamColorArgb
+
+  val cameraHud: StateFlow<CameraHudState?> = runtime.cameraHud
+  val cameraFlashToken: StateFlow<Long> = runtime.cameraFlashToken
+  val screenRecordActive: StateFlow<Boolean> = runtime.screenRecordActive
+
+  val instanceId: StateFlow<String> = runtime.instanceId
+  val displayName: StateFlow<String> = runtime.displayName
+  val cameraEnabled: StateFlow<Boolean> = runtime.cameraEnabled
+  val locationMode: StateFlow<LocationMode> = runtime.locationMode
+  val locationPreciseEnabled: StateFlow<Boolean> = runtime.locationPreciseEnabled
+  val preventSleep: StateFlow<Boolean> = runtime.preventSleep
+  val wakeWords: StateFlow<List<String>> = runtime.wakeWords
+  val voiceWakeMode: StateFlow<VoiceWakeMode> = runtime.voiceWakeMode
+  val voiceWakeStatusText: StateFlow<String> = runtime.voiceWakeStatusText
+  val voiceWakeIsListening: StateFlow<Boolean> = runtime.voiceWakeIsListening
+  val talkEnabled: StateFlow<Boolean> = runtime.talkEnabled
+  val talkStatusText: StateFlow<String> = runtime.talkStatusText
+  val talkIsListening: StateFlow<Boolean> = runtime.talkIsListening
+  val talkIsSpeaking: StateFlow<Boolean> = runtime.talkIsSpeaking
+  val manualEnabled: StateFlow<Boolean> = runtime.manualEnabled
+  val manualHost: StateFlow<String> = runtime.manualHost
+  val manualPort: StateFlow<Int> = runtime.manualPort
+  val canvasDebugStatusEnabled: StateFlow<Boolean> = runtime.canvasDebugStatusEnabled
+
+  val chatSessionKey: StateFlow<String> = runtime.chatSessionKey
+  val chatSessionId: StateFlow<String?> = runtime.chatSessionId
+  val chatMessages = runtime.chatMessages
+  val chatError: StateFlow<String?> = runtime.chatError
+  val chatHealthOk: StateFlow<Boolean> = runtime.chatHealthOk
+  val chatThinkingLevel: StateFlow<String> = runtime.chatThinkingLevel
+  val chatStreamingAssistantText: StateFlow<String?> = runtime.chatStreamingAssistantText
+  val chatPendingToolCalls = runtime.chatPendingToolCalls
+  val chatSessions = runtime.chatSessions
+  val pendingRunCount: StateFlow<Int> = runtime.pendingRunCount
+
+  fun setForeground(value: Boolean) {
+    runtime.setForeground(value)
+  }
+
+  fun setDisplayName(value: String) {
+    runtime.setDisplayName(value)
+  }
+
+  fun setCameraEnabled(value: Boolean) {
+    runtime.setCameraEnabled(value)
+  }
+
+  fun setLocationMode(mode: LocationMode) {
+    runtime.setLocationMode(mode)
+  }
+
+  fun setLocationPreciseEnabled(value: Boolean) {
+    runtime.setLocationPreciseEnabled(value)
+  }
+
+  fun setPreventSleep(value: Boolean) {
+    runtime.setPreventSleep(value)
+  }
+
+  fun setManualEnabled(value: Boolean) {
+    runtime.setManualEnabled(value)
+  }
+
+  fun setManualHost(value: String) {
+    runtime.setManualHost(value)
+  }
+
+  fun setManualPort(value: Int) {
+    runtime.setManualPort(value)
+  }
+
+  fun setCanvasDebugStatusEnabled(value: Boolean) {
+    runtime.setCanvasDebugStatusEnabled(value)
+  }
+
+  fun setWakeWords(words: List<String>) {
+    runtime.setWakeWords(words)
+  }
+
+  fun resetWakeWordsDefaults() {
+    runtime.resetWakeWordsDefaults()
+  }
+
+  fun setVoiceWakeMode(mode: VoiceWakeMode) {
+    runtime.setVoiceWakeMode(mode)
+  }
+
+  fun setTalkEnabled(enabled: Boolean) {
+    runtime.setTalkEnabled(enabled)
+  }
+
+  fun refreshBridgeHello() {
+    runtime.refreshBridgeHello()
+  }
+
+  fun connect(endpoint: BridgeEndpoint) {
+    runtime.connect(endpoint)
+  }
+
+  fun connectManual() {
+    runtime.connectManual()
+  }
+
+  fun disconnect() {
+    runtime.disconnect()
+  }
+
+  fun handleCanvasA2UIActionFromWebView(payloadJson: String) {
+    runtime.handleCanvasA2UIActionFromWebView(payloadJson)
+  }
+
+  fun loadChat(sessionKey: String = "main") {
+    runtime.loadChat(sessionKey)
+  }
+
+  fun refreshChat() {
+    runtime.refreshChat()
+  }
+
+  fun refreshChatSessions(limit: Int? = null) {
+    runtime.refreshChatSessions(limit = limit)
+  }
+
+  fun setChatThinkingLevel(level: String) {
+    runtime.setChatThinkingLevel(level)
+  }
+
+  fun switchChatSession(sessionKey: String) {
+    runtime.switchChatSession(sessionKey)
+  }
+
+  fun abortChat() {
+    runtime.abortChat()
+  }
+
+  fun sendChat(message: String, thinking: String, attachments: List<OutgoingAttachment>) {
+    runtime.sendChat(message = message, thinking = thinking, attachments = attachments)
+  }
+}
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/NodeApp.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/NodeApp.kt
@@ -1,4 +1,4 @@
-package com.steipete.clawdis.node
+package com.clawdbot.android

 import android.app.Application

--- a/apps/android/app/src/main/java/com/clawdbot/android/NodeForegroundService.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/NodeForegroundService.kt
@@ -0,0 +1,180 @@
+package com.clawdbot.android
+
+import android.app.Notification
+import android.app.NotificationChannel
+import android.app.NotificationManager
+import android.app.Service
+import android.app.PendingIntent
+import android.Manifest
+import android.content.Context
+import android.content.Intent
+import android.content.pm.PackageManager
+import android.content.pm.ServiceInfo
+import androidx.core.app.NotificationCompat
+import androidx.core.content.ContextCompat
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.Job
+import kotlinx.coroutines.SupervisorJob
+import kotlinx.coroutines.cancel
+import kotlinx.coroutines.flow.combine
+import kotlinx.coroutines.launch
+
+class NodeForegroundService : Service() {
+  private val scope: CoroutineScope = CoroutineScope(SupervisorJob() + Dispatchers.Main)
+  private var notificationJob: Job? = null
+  private var lastRequiresMic = false
+  private var didStartForeground = false
+
+  override fun onCreate() {
+    super.onCreate()
+    ensureChannel()
+    val initial = buildNotification(title = "Clawdbot Node", text = "Starting…")
+    startForegroundWithTypes(notification = initial, requiresMic = false)
+
+    val runtime = (application as NodeApp).runtime
+    notificationJob =
+      scope.launch {
+        combine(
+          runtime.statusText,
+          runtime.serverName,
+          runtime.isConnected,
+          runtime.voiceWakeMode,
+          runtime.voiceWakeIsListening,
+        ) { status, server, connected, voiceMode, voiceListening ->
+          Quint(status, server, connected, voiceMode, voiceListening)
+        }.collect { (status, server, connected, voiceMode, voiceListening) ->
+          val title = if (connected) "Clawdbot Node · Connected" else "Clawdbot Node"
+          val voiceSuffix =
+            if (voiceMode == VoiceWakeMode.Always) {
+              if (voiceListening) " · Voice Wake: Listening" else " · Voice Wake: Paused"
+            } else {
+              ""
+            }
+          val text = (server?.let { "$status · $it" } ?: status) + voiceSuffix
+
+          val requiresMic =
+            voiceMode == VoiceWakeMode.Always && hasRecordAudioPermission()
+          startForegroundWithTypes(
+            notification = buildNotification(title = title, text = text),
+            requiresMic = requiresMic,
+          )
+        }
+      }
+  }
+
+  override fun onStartCommand(intent: Intent?, flags: Int, startId: Int): Int {
+    when (intent?.action) {
+      ACTION_STOP -> {
+        (application as NodeApp).runtime.disconnect()
+        stopSelf()
+        return START_NOT_STICKY
+      }
+    }
+    // Keep running; connection is managed by NodeRuntime (auto-reconnect + manual).
+    return START_STICKY
+  }
+
+  override fun onDestroy() {
+    notificationJob?.cancel()
+    scope.cancel()
+    super.onDestroy()
+  }
+
+  override fun onBind(intent: Intent?) = null
+
+  private fun ensureChannel() {
+    val mgr = getSystemService(NotificationManager::class.java)
+    val channel =
+      NotificationChannel(
+        CHANNEL_ID,
+        "Connection",
+        NotificationManager.IMPORTANCE_LOW,
+      ).apply {
+        description = "Clawdbot node connection status"
+        setShowBadge(false)
+      }
+    mgr.createNotificationChannel(channel)
+  }
+
+  private fun buildNotification(title: String, text: String): Notification {
+    val launchIntent = Intent(this, MainActivity::class.java).apply {
+      flags = Intent.FLAG_ACTIVITY_SINGLE_TOP or Intent.FLAG_ACTIVITY_CLEAR_TOP
+    }
+    val launchPending =
+      PendingIntent.getActivity(
+        this,
+        1,
+        launchIntent,
+        PendingIntent.FLAG_UPDATE_CURRENT or PendingIntent.FLAG_IMMUTABLE,
+      )
+
+    val stopIntent = Intent(this, NodeForegroundService::class.java).setAction(ACTION_STOP)
+    val stopPending =
+      PendingIntent.getService(
+        this,
+        2,
+        stopIntent,
+        PendingIntent.FLAG_UPDATE_CURRENT or PendingIntent.FLAG_IMMUTABLE,
+      )
+
+    return NotificationCompat.Builder(this, CHANNEL_ID)
+      .setSmallIcon(R.mipmap.ic_launcher)
+      .setContentTitle(title)
+      .setContentText(text)
+      .setContentIntent(launchPending)
+      .setOngoing(true)
+      .setOnlyAlertOnce(true)
+      .setForegroundServiceBehavior(NotificationCompat.FOREGROUND_SERVICE_IMMEDIATE)
+      .addAction(0, "Disconnect", stopPending)
+      .build()
+  }
+
+  private fun updateNotification(notification: Notification) {
+    val mgr = getSystemService(Context.NOTIFICATION_SERVICE) as NotificationManager
+    mgr.notify(NOTIFICATION_ID, notification)
+  }
+
+  private fun startForegroundWithTypes(notification: Notification, requiresMic: Boolean) {
+    if (didStartForeground && requiresMic == lastRequiresMic) {
+      updateNotification(notification)
+      return
+    }
+
+    lastRequiresMic = requiresMic
+    val types =
+      if (requiresMic) {
+        ServiceInfo.FOREGROUND_SERVICE_TYPE_DATA_SYNC or ServiceInfo.FOREGROUND_SERVICE_TYPE_MICROPHONE
+      } else {
+        ServiceInfo.FOREGROUND_SERVICE_TYPE_DATA_SYNC
+      }
+    startForeground(NOTIFICATION_ID, notification, types)
+    didStartForeground = true
+  }
+
+  private fun hasRecordAudioPermission(): Boolean {
+    return (
+      ContextCompat.checkSelfPermission(this, Manifest.permission.RECORD_AUDIO) ==
+        PackageManager.PERMISSION_GRANTED
+      )
+  }
+
+  companion object {
+    private const val CHANNEL_ID = "connection"
+    private const val NOTIFICATION_ID = 1
+
+    private const val ACTION_STOP = "com.clawdbot.android.action.STOP"
+
+    fun start(context: Context) {
+      val intent = Intent(context, NodeForegroundService::class.java)
+      context.startForegroundService(intent)
+    }
+
+    fun stop(context: Context) {
+      val intent = Intent(context, NodeForegroundService::class.java).setAction(ACTION_STOP)
+      context.startService(intent)
+    }
+  }
+}
+
+private data class Quint<A, B, C, D, E>(val first: A, val second: B, val third: C, val fourth: D, val fifth: E)
--- a/apps/android/app/src/main/java/com/clawdbot/android/NodeRuntime.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/NodeRuntime.kt
--- a/apps/android/app/src/main/java/com/clawdbot/android/PermissionRequester.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/PermissionRequester.kt
@@ -0,0 +1,133 @@
+package com.clawdbot.android
+
+import android.content.pm.PackageManager
+import android.content.Intent
+import android.Manifest
+import android.net.Uri
+import android.provider.Settings
+import androidx.appcompat.app.AlertDialog
+import androidx.activity.ComponentActivity
+import androidx.activity.result.ActivityResultLauncher
+import androidx.activity.result.contract.ActivityResultContracts
+import androidx.core.content.ContextCompat
+import androidx.core.app.ActivityCompat
+import kotlinx.coroutines.CompletableDeferred
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.sync.Mutex
+import kotlinx.coroutines.sync.withLock
+import kotlinx.coroutines.withContext
+import kotlinx.coroutines.suspendCancellableCoroutine
+import kotlin.coroutines.resume
+
+class PermissionRequester(private val activity: ComponentActivity) {
+  private val mutex = Mutex()
+  private var pending: CompletableDeferred<Map<String, Boolean>>? = null
+
+  private val launcher: ActivityResultLauncher<Array<String>> =
+    activity.registerForActivityResult(ActivityResultContracts.RequestMultiplePermissions()) { result ->
+      val p = pending
+      pending = null
+      p?.complete(result)
+    }
+
+  suspend fun requestIfMissing(
+    permissions: List<String>,
+    timeoutMs: Long = 20_000,
+  ): Map<String, Boolean> =
+    mutex.withLock {
+      val missing =
+        permissions.filter { perm ->
+          ContextCompat.checkSelfPermission(activity, perm) != PackageManager.PERMISSION_GRANTED
+        }
+      if (missing.isEmpty()) {
+        return permissions.associateWith { true }
+      }
+
+      val needsRationale =
+        missing.any { ActivityCompat.shouldShowRequestPermissionRationale(activity, it) }
+      if (needsRationale) {
+        val proceed = showRationaleDialog(missing)
+        if (!proceed) {
+          return permissions.associateWith { perm ->
+            ContextCompat.checkSelfPermission(activity, perm) == PackageManager.PERMISSION_GRANTED
+          }
+        }
+      }
+
+      val deferred = CompletableDeferred<Map<String, Boolean>>()
+      pending = deferred
+      withContext(Dispatchers.Main) {
+        launcher.launch(missing.toTypedArray())
+      }
+
+      val result =
+        withContext(Dispatchers.Default) {
+          kotlinx.coroutines.withTimeout(timeoutMs) { deferred.await() }
+        }
+
+      // Merge: if something was already granted, treat it as granted even if launcher omitted it.
+      val merged =
+        permissions.associateWith { perm ->
+        val nowGranted =
+          ContextCompat.checkSelfPermission(activity, perm) == PackageManager.PERMISSION_GRANTED
+        result[perm] == true || nowGranted
+      }
+
+      val denied =
+        merged.filterValues { !it }.keys.filter {
+          !ActivityCompat.shouldShowRequestPermissionRationale(activity, it)
+        }
+      if (denied.isNotEmpty()) {
+        showSettingsDialog(denied)
+      }
+
+      return merged
+    }
+
+  private suspend fun showRationaleDialog(permissions: List<String>): Boolean =
+    withContext(Dispatchers.Main) {
+      suspendCancellableCoroutine { cont ->
+        AlertDialog.Builder(activity)
+          .setTitle("Permission required")
+          .setMessage(buildRationaleMessage(permissions))
+          .setPositiveButton("Continue") { _, _ -> cont.resume(true) }
+          .setNegativeButton("Not now") { _, _ -> cont.resume(false) }
+          .setOnCancelListener { cont.resume(false) }
+          .show()
+      }
+    }
+
+  private fun showSettingsDialog(permissions: List<String>) {
+    AlertDialog.Builder(activity)
+      .setTitle("Enable permission in Settings")
+      .setMessage(buildSettingsMessage(permissions))
+      .setPositiveButton("Open Settings") { _, _ ->
+        val intent =
+          Intent(
+            Settings.ACTION_APPLICATION_DETAILS_SETTINGS,
+            Uri.fromParts("package", activity.packageName, null),
+          )
+        activity.startActivity(intent)
+      }
+      .setNegativeButton("Cancel", null)
+      .show()
+  }
+
+  private fun buildRationaleMessage(permissions: List<String>): String {
+    val labels = permissions.map { permissionLabel(it) }
+    return "Clawdbot needs ${labels.joinToString(", ")} permissions to continue."
+  }
+
+  private fun buildSettingsMessage(permissions: List<String>): String {
+    val labels = permissions.map { permissionLabel(it) }
+    return "Please enable ${labels.joinToString(", ")} in Android Settings to continue."
+  }
+
+  private fun permissionLabel(permission: String): String =
+    when (permission) {
+      Manifest.permission.CAMERA -> "Camera"
+      Manifest.permission.RECORD_AUDIO -> "Microphone"
+      Manifest.permission.SEND_SMS -> "SMS"
+      else -> permission
+    }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ScreenCaptureRequester.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ScreenCaptureRequester.kt
@@ -0,0 +1,65 @@
+package com.clawdbot.android
+
+import android.app.Activity
+import android.content.Context
+import android.content.Intent
+import android.media.projection.MediaProjectionManager
+import androidx.activity.ComponentActivity
+import androidx.activity.result.ActivityResultLauncher
+import androidx.activity.result.contract.ActivityResultContracts
+import androidx.appcompat.app.AlertDialog
+import kotlinx.coroutines.CompletableDeferred
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.sync.Mutex
+import kotlinx.coroutines.sync.withLock
+import kotlinx.coroutines.withContext
+import kotlinx.coroutines.withTimeout
+import kotlinx.coroutines.suspendCancellableCoroutine
+import kotlin.coroutines.resume
+
+class ScreenCaptureRequester(private val activity: ComponentActivity) {
+  data class CaptureResult(val resultCode: Int, val data: Intent)
+
+  private val mutex = Mutex()
+  private var pending: CompletableDeferred<CaptureResult?>? = null
+
+  private val launcher: ActivityResultLauncher<Intent> =
+    activity.registerForActivityResult(ActivityResultContracts.StartActivityForResult()) { result ->
+      val p = pending
+      pending = null
+      val data = result.data
+      if (result.resultCode == Activity.RESULT_OK && data != null) {
+        p?.complete(CaptureResult(result.resultCode, data))
+      } else {
+        p?.complete(null)
+      }
+    }
+
+  suspend fun requestCapture(timeoutMs: Long = 20_000): CaptureResult? =
+    mutex.withLock {
+      val proceed = showRationaleDialog()
+      if (!proceed) return null
+
+      val mgr = activity.getSystemService(Context.MEDIA_PROJECTION_SERVICE) as MediaProjectionManager
+      val intent = mgr.createScreenCaptureIntent()
+
+      val deferred = CompletableDeferred<CaptureResult?>()
+      pending = deferred
+      withContext(Dispatchers.Main) { launcher.launch(intent) }
+
+      withContext(Dispatchers.Default) { withTimeout(timeoutMs) { deferred.await() } }
+    }
+
+  private suspend fun showRationaleDialog(): Boolean =
+    withContext(Dispatchers.Main) {
+      suspendCancellableCoroutine { cont ->
+        AlertDialog.Builder(activity)
+          .setTitle("Screen recording required")
+          .setMessage("Clawdbot needs to record the screen for this command.")
+          .setPositiveButton("Continue") { _, _ -> cont.resume(true) }
+          .setNegativeButton("Not now") { _, _ -> cont.resume(false) }
+          .setOnCancelListener { cont.resume(false) }
+          .show()
+      }
+    }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/SecurePrefs.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/SecurePrefs.kt
@@ -0,0 +1,218 @@
+@file:Suppress("DEPRECATION")
+
+package com.clawdbot.android
+
+import android.content.Context
+import androidx.core.content.edit
+import androidx.security.crypto.EncryptedSharedPreferences
+import androidx.security.crypto.MasterKey
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.StateFlow
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonArray
+import kotlinx.serialization.json.JsonNull
+import kotlinx.serialization.json.JsonPrimitive
+import java.util.UUID
+
+class SecurePrefs(context: Context) {
+  companion object {
+    val defaultWakeWords: List<String> = listOf("clawd", "claude")
+    private const val displayNameKey = "node.displayName"
+    private const val voiceWakeModeKey = "voiceWake.mode"
+  }
+
+  private val json = Json { ignoreUnknownKeys = true }
+
+  private val masterKey =
+    MasterKey.Builder(context)
+      .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
+      .build()
+
+  private val prefs =
+    EncryptedSharedPreferences.create(
+      context,
+      "clawdbot.node.secure",
+      masterKey,
+      EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
+      EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM,
+    )
+
+  private val _instanceId = MutableStateFlow(loadOrCreateInstanceId())
+  val instanceId: StateFlow<String> = _instanceId
+
+  private val _displayName =
+    MutableStateFlow(loadOrMigrateDisplayName(context = context))
+  val displayName: StateFlow<String> = _displayName
+
+  private val _cameraEnabled = MutableStateFlow(prefs.getBoolean("camera.enabled", true))
+  val cameraEnabled: StateFlow<Boolean> = _cameraEnabled
+
+  private val _locationMode =
+    MutableStateFlow(LocationMode.fromRawValue(prefs.getString("location.enabledMode", "off")))
+  val locationMode: StateFlow<LocationMode> = _locationMode
+
+  private val _locationPreciseEnabled =
+    MutableStateFlow(prefs.getBoolean("location.preciseEnabled", true))
+  val locationPreciseEnabled: StateFlow<Boolean> = _locationPreciseEnabled
+
+  private val _preventSleep = MutableStateFlow(prefs.getBoolean("screen.preventSleep", true))
+  val preventSleep: StateFlow<Boolean> = _preventSleep
+
+  private val _manualEnabled = MutableStateFlow(prefs.getBoolean("bridge.manual.enabled", false))
+  val manualEnabled: StateFlow<Boolean> = _manualEnabled
+
+  private val _manualHost = MutableStateFlow(prefs.getString("bridge.manual.host", "")!!)
+  val manualHost: StateFlow<String> = _manualHost
+
+  private val _manualPort = MutableStateFlow(prefs.getInt("bridge.manual.port", 18790))
+  val manualPort: StateFlow<Int> = _manualPort
+
+  private val _lastDiscoveredStableId =
+    MutableStateFlow(prefs.getString("bridge.lastDiscoveredStableId", "")!!)
+  val lastDiscoveredStableId: StateFlow<String> = _lastDiscoveredStableId
+
+  private val _canvasDebugStatusEnabled =
+    MutableStateFlow(prefs.getBoolean("canvas.debugStatusEnabled", false))
+  val canvasDebugStatusEnabled: StateFlow<Boolean> = _canvasDebugStatusEnabled
+
+  private val _wakeWords = MutableStateFlow(loadWakeWords())
+  val wakeWords: StateFlow<List<String>> = _wakeWords
+
+  private val _voiceWakeMode = MutableStateFlow(loadVoiceWakeMode())
+  val voiceWakeMode: StateFlow<VoiceWakeMode> = _voiceWakeMode
+
+  private val _talkEnabled = MutableStateFlow(prefs.getBoolean("talk.enabled", false))
+  val talkEnabled: StateFlow<Boolean> = _talkEnabled
+
+  fun setLastDiscoveredStableId(value: String) {
+    val trimmed = value.trim()
+    prefs.edit { putString("bridge.lastDiscoveredStableId", trimmed) }
+    _lastDiscoveredStableId.value = trimmed
+  }
+
+  fun setDisplayName(value: String) {
+    val trimmed = value.trim()
+    prefs.edit { putString(displayNameKey, trimmed) }
+    _displayName.value = trimmed
+  }
+
+  fun setCameraEnabled(value: Boolean) {
+    prefs.edit { putBoolean("camera.enabled", value) }
+    _cameraEnabled.value = value
+  }
+
+  fun setLocationMode(mode: LocationMode) {
+    prefs.edit { putString("location.enabledMode", mode.rawValue) }
+    _locationMode.value = mode
+  }
+
+  fun setLocationPreciseEnabled(value: Boolean) {
+    prefs.edit { putBoolean("location.preciseEnabled", value) }
+    _locationPreciseEnabled.value = value
+  }
+
+  fun setPreventSleep(value: Boolean) {
+    prefs.edit { putBoolean("screen.preventSleep", value) }
+    _preventSleep.value = value
+  }
+
+  fun setManualEnabled(value: Boolean) {
+    prefs.edit { putBoolean("bridge.manual.enabled", value) }
+    _manualEnabled.value = value
+  }
+
+  fun setManualHost(value: String) {
+    val trimmed = value.trim()
+    prefs.edit { putString("bridge.manual.host", trimmed) }
+    _manualHost.value = trimmed
+  }
+
+  fun setManualPort(value: Int) {
+    prefs.edit { putInt("bridge.manual.port", value) }
+    _manualPort.value = value
+  }
+
+  fun setCanvasDebugStatusEnabled(value: Boolean) {
+    prefs.edit { putBoolean("canvas.debugStatusEnabled", value) }
+    _canvasDebugStatusEnabled.value = value
+  }
+
+  fun loadBridgeToken(): String? {
+    val key = "bridge.token.${_instanceId.value}"
+    return prefs.getString(key, null)
+  }
+
+  fun saveBridgeToken(token: String) {
+    val key = "bridge.token.${_instanceId.value}"
+    prefs.edit { putString(key, token.trim()) }
+  }
+
+  private fun loadOrCreateInstanceId(): String {
+    val existing = prefs.getString("node.instanceId", null)?.trim()
+    if (!existing.isNullOrBlank()) return existing
+    val fresh = UUID.randomUUID().toString()
+    prefs.edit { putString("node.instanceId", fresh) }
+    return fresh
+  }
+
+  private fun loadOrMigrateDisplayName(context: Context): String {
+    val existing = prefs.getString(displayNameKey, null)?.trim().orEmpty()
+    if (existing.isNotEmpty() && existing != "Android Node") return existing
+
+    val candidate = DeviceNames.bestDefaultNodeName(context).trim()
+    val resolved = candidate.ifEmpty { "Android Node" }
+
+    prefs.edit { putString(displayNameKey, resolved) }
+    return resolved
+  }
+
+  fun setWakeWords(words: List<String>) {
+    val sanitized = WakeWords.sanitize(words, defaultWakeWords)
+    val encoded =
+      JsonArray(sanitized.map { JsonPrimitive(it) }).toString()
+    prefs.edit { putString("voiceWake.triggerWords", encoded) }
+    _wakeWords.value = sanitized
+  }
+
+  fun setVoiceWakeMode(mode: VoiceWakeMode) {
+    prefs.edit { putString(voiceWakeModeKey, mode.rawValue) }
+    _voiceWakeMode.value = mode
+  }
+
+  fun setTalkEnabled(value: Boolean) {
+    prefs.edit { putBoolean("talk.enabled", value) }
+    _talkEnabled.value = value
+  }
+
+  private fun loadVoiceWakeMode(): VoiceWakeMode {
+    val raw = prefs.getString(voiceWakeModeKey, null)
+    val resolved = VoiceWakeMode.fromRawValue(raw)
+
+    // Default ON (foreground) when unset.
+    if (raw.isNullOrBlank()) {
+      prefs.edit { putString(voiceWakeModeKey, resolved.rawValue) }
+    }
+
+    return resolved
+  }
+
+  private fun loadWakeWords(): List<String> {
+    val raw = prefs.getString("voiceWake.triggerWords", null)?.trim()
+    if (raw.isNullOrEmpty()) return defaultWakeWords
+    return try {
+      val element = json.parseToJsonElement(raw)
+      val array = element as? JsonArray ?: return defaultWakeWords
+      val decoded =
+        array.mapNotNull { item ->
+          when (item) {
+            is JsonNull -> null
+            is JsonPrimitive -> item.content.trim().takeIf { it.isNotEmpty() }
+            else -> null
+          }
+        }
+      WakeWords.sanitize(decoded, defaultWakeWords)
+    } catch (_: Throwable) {
+      defaultWakeWords
+    }
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/VoiceWakeMode.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/VoiceWakeMode.kt
@@ -0,0 +1,15 @@
+package com.clawdbot.android
+
+enum class VoiceWakeMode(val rawValue: String) {
+  Off("off"),
+  Foreground("foreground"),
+  Always("always"),
+  ;
+
+  companion object {
+    fun fromRawValue(raw: String?): VoiceWakeMode {
+      return entries.firstOrNull { it.rawValue == raw?.trim()?.lowercase() } ?: Foreground
+    }
+  }
+}
+
--- a/apps/android/app/src/main/java/com/clawdbot/android/WakeWords.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/WakeWords.kt
@@ -0,0 +1,17 @@
+package com.clawdbot.android
+
+object WakeWords {
+  const val maxWords: Int = 32
+  const val maxWordLength: Int = 64
+
+  fun parseCommaSeparated(input: String): List<String> {
+    return input.split(",").map { it.trim() }.filter { it.isNotEmpty() }
+  }
+
+  fun sanitize(words: List<String>, defaults: List<String>): List<String> {
+    val cleaned =
+      words.map { it.trim() }.filter { it.isNotEmpty() }.take(maxWords).map { it.take(maxWordLength) }
+    return cleaned.ifEmpty { defaults }
+  }
+}
+
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BonjourEscapes.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BonjourEscapes.kt
@@ -0,0 +1,35 @@
+package com.clawdbot.android.bridge
+
+object BonjourEscapes {
+  fun decode(input: String): String {
+    if (input.isEmpty()) return input
+
+    val bytes = mutableListOf<Byte>()
+    var i = 0
+    while (i < input.length) {
+      if (input[i] == '\\' && i + 3 < input.length) {
+        val d0 = input[i + 1]
+        val d1 = input[i + 2]
+        val d2 = input[i + 3]
+        if (d0.isDigit() && d1.isDigit() && d2.isDigit()) {
+          val value =
+            ((d0.code - '0'.code) * 100) + ((d1.code - '0'.code) * 10) + (d2.code - '0'.code)
+          if (value in 0..255) {
+            bytes.add(value.toByte())
+            i += 4
+            continue
+          }
+        }
+      }
+
+      val codePoint = Character.codePointAt(input, i)
+      val charBytes = String(Character.toChars(codePoint)).toByteArray(Charsets.UTF_8)
+      for (b in charBytes) {
+        bytes.add(b)
+      }
+      i += Character.charCount(codePoint)
+    }
+
+    return String(bytes.toByteArray(), Charsets.UTF_8)
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeDiscovery.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeDiscovery.kt
@@ -0,0 +1,505 @@
+package com.clawdbot.android.bridge
+
+import android.content.Context
+import android.net.ConnectivityManager
+import android.net.DnsResolver
+import android.net.NetworkCapabilities
+import android.net.nsd.NsdManager
+import android.net.nsd.NsdServiceInfo
+import android.os.CancellationSignal
+import android.util.Log
+import java.io.IOException
+import java.net.InetSocketAddress
+import java.nio.ByteBuffer
+import java.nio.charset.CodingErrorAction
+import java.util.concurrent.ConcurrentHashMap
+import java.util.concurrent.Executor
+import java.util.concurrent.Executors
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.Job
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.StateFlow
+import kotlinx.coroutines.flow.asStateFlow
+import kotlinx.coroutines.launch
+import kotlinx.coroutines.suspendCancellableCoroutine
+import org.xbill.DNS.AAAARecord
+import org.xbill.DNS.ARecord
+import org.xbill.DNS.DClass
+import org.xbill.DNS.ExtendedResolver
+import org.xbill.DNS.Message
+import org.xbill.DNS.Name
+import org.xbill.DNS.PTRRecord
+import org.xbill.DNS.Record
+import org.xbill.DNS.Rcode
+import org.xbill.DNS.Resolver
+import org.xbill.DNS.SRVRecord
+import org.xbill.DNS.Section
+import org.xbill.DNS.SimpleResolver
+import org.xbill.DNS.TextParseException
+import org.xbill.DNS.TXTRecord
+import org.xbill.DNS.Type
+import kotlin.coroutines.resume
+import kotlin.coroutines.resumeWithException
+
+@Suppress("DEPRECATION")
+class BridgeDiscovery(
+  context: Context,
+  private val scope: CoroutineScope,
+) {
+  private val nsd = context.getSystemService(NsdManager::class.java)
+  private val connectivity = context.getSystemService(ConnectivityManager::class.java)
+  private val dns = DnsResolver.getInstance()
+  private val serviceType = "_clawdbot-bridge._tcp."
+  private val wideAreaDomain = "clawdbot.internal."
+  private val logTag = "Clawdbot/BridgeDiscovery"
+
+  private val localById = ConcurrentHashMap<String, BridgeEndpoint>()
+  private val unicastById = ConcurrentHashMap<String, BridgeEndpoint>()
+  private val _bridges = MutableStateFlow<List<BridgeEndpoint>>(emptyList())
+  val bridges: StateFlow<List<BridgeEndpoint>> = _bridges.asStateFlow()
+
+  private val _statusText = MutableStateFlow("Searching…")
+  val statusText: StateFlow<String> = _statusText.asStateFlow()
+
+  private var unicastJob: Job? = null
+  private val dnsExecutor: Executor = Executors.newCachedThreadPool()
+
+  @Volatile private var lastWideAreaRcode: Int? = null
+  @Volatile private var lastWideAreaCount: Int = 0
+
+  private val discoveryListener =
+    object : NsdManager.DiscoveryListener {
+      override fun onStartDiscoveryFailed(serviceType: String, errorCode: Int) {}
+      override fun onStopDiscoveryFailed(serviceType: String, errorCode: Int) {}
+      override fun onDiscoveryStarted(serviceType: String) {}
+      override fun onDiscoveryStopped(serviceType: String) {}
+
+      override fun onServiceFound(serviceInfo: NsdServiceInfo) {
+        if (serviceInfo.serviceType != this@BridgeDiscovery.serviceType) return
+        resolve(serviceInfo)
+      }
+
+      override fun onServiceLost(serviceInfo: NsdServiceInfo) {
+        val serviceName = BonjourEscapes.decode(serviceInfo.serviceName)
+        val id = stableId(serviceName, "local.")
+        localById.remove(id)
+        publish()
+      }
+    }
+
+  init {
+    startLocalDiscovery()
+    startUnicastDiscovery(wideAreaDomain)
+  }
+
+  private fun startLocalDiscovery() {
+    try {
+      nsd.discoverServices(serviceType, NsdManager.PROTOCOL_DNS_SD, discoveryListener)
+    } catch (_: Throwable) {
+      // ignore (best-effort)
+    }
+  }
+
+  private fun stopLocalDiscovery() {
+    try {
+      nsd.stopServiceDiscovery(discoveryListener)
+    } catch (_: Throwable) {
+      // ignore (best-effort)
+    }
+  }
+
+  private fun startUnicastDiscovery(domain: String) {
+    unicastJob =
+      scope.launch(Dispatchers.IO) {
+        while (true) {
+          try {
+            refreshUnicast(domain)
+          } catch (_: Throwable) {
+            // ignore (best-effort)
+          }
+          delay(5000)
+        }
+      }
+  }
+
+  private fun resolve(serviceInfo: NsdServiceInfo) {
+    nsd.resolveService(
+      serviceInfo,
+      object : NsdManager.ResolveListener {
+        override fun onResolveFailed(serviceInfo: NsdServiceInfo, errorCode: Int) {}
+
+      override fun onServiceResolved(resolved: NsdServiceInfo) {
+        val host = resolved.host?.hostAddress ?: return
+        val port = resolved.port
+        if (port <= 0) return
+
+        val rawServiceName = resolved.serviceName
+        val serviceName = BonjourEscapes.decode(rawServiceName)
+        val displayName = BonjourEscapes.decode(txt(resolved, "displayName") ?: serviceName)
+        val lanHost = txt(resolved, "lanHost")
+        val tailnetDns = txt(resolved, "tailnetDns")
+        val gatewayPort = txtInt(resolved, "gatewayPort")
+        val bridgePort = txtInt(resolved, "bridgePort")
+        val canvasPort = txtInt(resolved, "canvasPort")
+        val id = stableId(serviceName, "local.")
+        localById[id] =
+          BridgeEndpoint(
+            stableId = id,
+            name = displayName,
+            host = host,
+            port = port,
+            lanHost = lanHost,
+            tailnetDns = tailnetDns,
+            gatewayPort = gatewayPort,
+            bridgePort = bridgePort,
+            canvasPort = canvasPort,
+          )
+        publish()
+      }
+    },
+  )
+  }
+
+  private fun publish() {
+    _bridges.value =
+      (localById.values + unicastById.values).sortedBy { it.name.lowercase() }
+    _statusText.value = buildStatusText()
+  }
+
+  private fun buildStatusText(): String {
+    val localCount = localById.size
+    val wideRcode = lastWideAreaRcode
+    val wideCount = lastWideAreaCount
+
+    val wide =
+      when (wideRcode) {
+        null -> "Wide: ?"
+        Rcode.NOERROR -> "Wide: $wideCount"
+        Rcode.NXDOMAIN -> "Wide: NXDOMAIN"
+        else -> "Wide: ${Rcode.string(wideRcode)}"
+      }
+
+    return when {
+      localCount == 0 && wideRcode == null -> "Searching for bridges…"
+      localCount == 0 -> "$wide"
+      else -> "Local: $localCount • $wide"
+    }
+  }
+
+  private fun stableId(serviceName: String, domain: String): String {
+    return "${serviceType}|${domain}|${normalizeName(serviceName)}"
+  }
+
+  private fun normalizeName(raw: String): String {
+    return raw.trim().split(Regex("\\s+")).joinToString(" ")
+  }
+
+  private fun txt(info: NsdServiceInfo, key: String): String? {
+    val bytes = info.attributes[key] ?: return null
+    return try {
+      String(bytes, Charsets.UTF_8).trim().ifEmpty { null }
+    } catch (_: Throwable) {
+      null
+    }
+  }
+
+  private fun txtInt(info: NsdServiceInfo, key: String): Int? {
+    return txt(info, key)?.toIntOrNull()
+  }
+
+  private suspend fun refreshUnicast(domain: String) {
+    val ptrName = "${serviceType}${domain}"
+    val ptrMsg = lookupUnicastMessage(ptrName, Type.PTR) ?: return
+    val ptrRecords = records(ptrMsg, Section.ANSWER).mapNotNull { it as? PTRRecord }
+
+    val next = LinkedHashMap<String, BridgeEndpoint>()
+    for (ptr in ptrRecords) {
+      val instanceFqdn = ptr.target.toString()
+      val srv =
+        recordByName(ptrMsg, instanceFqdn, Type.SRV) as? SRVRecord
+          ?: run {
+            val msg = lookupUnicastMessage(instanceFqdn, Type.SRV) ?: return@run null
+            recordByName(msg, instanceFqdn, Type.SRV) as? SRVRecord
+          }
+          ?: continue
+      val port = srv.port
+      if (port <= 0) continue
+
+      val targetFqdn = srv.target.toString()
+      val host =
+        resolveHostFromMessage(ptrMsg, targetFqdn)
+          ?: resolveHostFromMessage(lookupUnicastMessage(instanceFqdn, Type.SRV), targetFqdn)
+          ?: resolveHostUnicast(targetFqdn)
+          ?: continue
+
+      val txtFromPtr =
+        recordsByName(ptrMsg, Section.ADDITIONAL)[keyName(instanceFqdn)]
+          .orEmpty()
+          .mapNotNull { it as? TXTRecord }
+      val txt =
+        if (txtFromPtr.isNotEmpty()) {
+          txtFromPtr
+        } else {
+          val msg = lookupUnicastMessage(instanceFqdn, Type.TXT)
+          records(msg, Section.ANSWER).mapNotNull { it as? TXTRecord }
+        }
+      val instanceName = BonjourEscapes.decode(decodeInstanceName(instanceFqdn, domain))
+      val displayName = BonjourEscapes.decode(txtValue(txt, "displayName") ?: instanceName)
+      val lanHost = txtValue(txt, "lanHost")
+      val tailnetDns = txtValue(txt, "tailnetDns")
+      val gatewayPort = txtIntValue(txt, "gatewayPort")
+      val bridgePort = txtIntValue(txt, "bridgePort")
+      val canvasPort = txtIntValue(txt, "canvasPort")
+      val id = stableId(instanceName, domain)
+      next[id] =
+        BridgeEndpoint(
+          stableId = id,
+          name = displayName,
+          host = host,
+          port = port,
+          lanHost = lanHost,
+          tailnetDns = tailnetDns,
+          gatewayPort = gatewayPort,
+          bridgePort = bridgePort,
+          canvasPort = canvasPort,
+        )
+    }
+
+    unicastById.clear()
+    unicastById.putAll(next)
+    lastWideAreaRcode = ptrMsg.header.rcode
+    lastWideAreaCount = next.size
+    publish()
+
+    if (next.isEmpty()) {
+      Log.d(
+        logTag,
+        "wide-area discovery: 0 results for $ptrName (rcode=${Rcode.string(ptrMsg.header.rcode)})",
+      )
+    }
+  }
+
+  private fun decodeInstanceName(instanceFqdn: String, domain: String): String {
+    val suffix = "${serviceType}${domain}"
+    val withoutSuffix =
+      if (instanceFqdn.endsWith(suffix)) {
+        instanceFqdn.removeSuffix(suffix)
+      } else {
+        instanceFqdn.substringBefore(serviceType)
+      }
+    return normalizeName(stripTrailingDot(withoutSuffix))
+  }
+
+  private fun stripTrailingDot(raw: String): String {
+    return raw.removeSuffix(".")
+  }
+
+  private suspend fun lookupUnicastMessage(name: String, type: Int): Message? {
+    val query =
+      try {
+        Message.newQuery(
+          org.xbill.DNS.Record.newRecord(
+            Name.fromString(name),
+            type,
+            DClass.IN,
+          ),
+        )
+      } catch (_: TextParseException) {
+        return null
+      }
+
+    val system = queryViaSystemDns(query)
+    if (records(system, Section.ANSWER).any { it.type == type }) return system
+
+    val direct = createDirectResolver() ?: return system
+    return try {
+      val msg = direct.send(query)
+      if (records(msg, Section.ANSWER).any { it.type == type }) msg else system
+    } catch (_: Throwable) {
+      system
+    }
+  }
+
+  private suspend fun queryViaSystemDns(query: Message): Message? {
+    val network = preferredDnsNetwork()
+    val bytes =
+      try {
+        rawQuery(network, query.toWire())
+      } catch (_: Throwable) {
+        return null
+      }
+
+    return try {
+      Message(bytes)
+    } catch (_: IOException) {
+      null
+    }
+  }
+
+  private fun records(msg: Message?, section: Int): List<Record> {
+    return msg?.getSectionArray(section)?.toList() ?: emptyList()
+  }
+
+  private fun keyName(raw: String): String {
+    return raw.trim().lowercase()
+  }
+
+  private fun recordsByName(msg: Message, section: Int): Map<String, List<Record>> {
+    val next = LinkedHashMap<String, MutableList<Record>>()
+    for (r in records(msg, section)) {
+      val name = r.name?.toString() ?: continue
+      next.getOrPut(keyName(name)) { mutableListOf() }.add(r)
+    }
+    return next
+  }
+
+  private fun recordByName(msg: Message, fqdn: String, type: Int): Record? {
+    val key = keyName(fqdn)
+    val byNameAnswer = recordsByName(msg, Section.ANSWER)
+    val fromAnswer = byNameAnswer[key].orEmpty().firstOrNull { it.type == type }
+    if (fromAnswer != null) return fromAnswer
+
+    val byNameAdditional = recordsByName(msg, Section.ADDITIONAL)
+    return byNameAdditional[key].orEmpty().firstOrNull { it.type == type }
+  }
+
+  private fun resolveHostFromMessage(msg: Message?, hostname: String): String? {
+    val m = msg ?: return null
+    val key = keyName(hostname)
+    val additional = recordsByName(m, Section.ADDITIONAL)[key].orEmpty()
+    val a = additional.mapNotNull { it as? ARecord }.mapNotNull { it.address?.hostAddress }
+    val aaaa = additional.mapNotNull { it as? AAAARecord }.mapNotNull { it.address?.hostAddress }
+    return a.firstOrNull() ?: aaaa.firstOrNull()
+  }
+
+  private fun preferredDnsNetwork(): android.net.Network? {
+    val cm = connectivity ?: return null
+
+    // Prefer VPN (Tailscale) when present; otherwise use the active network.
+    cm.allNetworks.firstOrNull { n ->
+      val caps = cm.getNetworkCapabilities(n) ?: return@firstOrNull false
+      caps.hasTransport(NetworkCapabilities.TRANSPORT_VPN)
+    }?.let { return it }
+
+    return cm.activeNetwork
+  }
+
+  private fun createDirectResolver(): Resolver? {
+    val cm = connectivity ?: return null
+
+    val candidateNetworks =
+      buildList {
+        cm.allNetworks
+          .firstOrNull { n ->
+            val caps = cm.getNetworkCapabilities(n) ?: return@firstOrNull false
+            caps.hasTransport(NetworkCapabilities.TRANSPORT_VPN)
+          }?.let(::add)
+        cm.activeNetwork?.let(::add)
+      }.distinct()
+
+    val servers =
+      candidateNetworks
+        .asSequence()
+        .flatMap { n ->
+          cm.getLinkProperties(n)?.dnsServers?.asSequence() ?: emptySequence()
+        }
+        .distinctBy { it.hostAddress ?: it.toString() }
+        .toList()
+    if (servers.isEmpty()) return null
+
+    return try {
+      val resolvers =
+        servers.mapNotNull { addr ->
+          try {
+            SimpleResolver().apply {
+              setAddress(InetSocketAddress(addr, 53))
+              setTimeout(3)
+            }
+          } catch (_: Throwable) {
+            null
+          }
+        }
+      if (resolvers.isEmpty()) return null
+      ExtendedResolver(resolvers.toTypedArray()).apply { setTimeout(3) }
+    } catch (_: Throwable) {
+      null
+    }
+  }
+
+  private suspend fun rawQuery(network: android.net.Network?, wireQuery: ByteArray): ByteArray =
+    suspendCancellableCoroutine { cont ->
+      val signal = CancellationSignal()
+      cont.invokeOnCancellation { signal.cancel() }
+
+      dns.rawQuery(
+        network,
+        wireQuery,
+        DnsResolver.FLAG_EMPTY,
+        dnsExecutor,
+        signal,
+        object : DnsResolver.Callback<ByteArray> {
+          override fun onAnswer(answer: ByteArray, rcode: Int) {
+            cont.resume(answer)
+          }
+
+          override fun onError(error: DnsResolver.DnsException) {
+            cont.resumeWithException(error)
+          }
+        },
+      )
+    }
+
+  private fun txtValue(records: List<TXTRecord>, key: String): String? {
+    val prefix = "$key="
+    for (r in records) {
+      val strings: List<String> =
+        try {
+          r.strings.mapNotNull { it as? String }
+        } catch (_: Throwable) {
+          emptyList()
+        }
+      for (s in strings) {
+        val trimmed = decodeDnsTxtString(s).trim()
+        if (trimmed.startsWith(prefix)) {
+          return trimmed.removePrefix(prefix).trim().ifEmpty { null }
+        }
+      }
+    }
+    return null
+  }
+
+  private fun txtIntValue(records: List<TXTRecord>, key: String): Int? {
+    return txtValue(records, key)?.toIntOrNull()
+  }
+
+  private fun decodeDnsTxtString(raw: String): String {
+    // dnsjava treats TXT as opaque bytes and decodes as ISO-8859-1 to preserve bytes.
+    // Our TXT payload is UTF-8 (written by the gateway), so re-decode when possible.
+    val bytes = raw.toByteArray(Charsets.ISO_8859_1)
+    val decoder =
+      Charsets.UTF_8
+        .newDecoder()
+        .onMalformedInput(CodingErrorAction.REPORT)
+        .onUnmappableCharacter(CodingErrorAction.REPORT)
+    return try {
+      decoder.decode(ByteBuffer.wrap(bytes)).toString()
+    } catch (_: Throwable) {
+      raw
+    }
+  }
+
+  private suspend fun resolveHostUnicast(hostname: String): String? {
+    val a =
+      records(lookupUnicastMessage(hostname, Type.A), Section.ANSWER)
+        .mapNotNull { it as? ARecord }
+        .mapNotNull { it.address?.hostAddress }
+    val aaaa =
+      records(lookupUnicastMessage(hostname, Type.AAAA), Section.ANSWER)
+        .mapNotNull { it as? AAAARecord }
+        .mapNotNull { it.address?.hostAddress }
+
+    return a.firstOrNull() ?: aaaa.firstOrNull()
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeEndpoint.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeEndpoint.kt
@@ -0,0 +1,23 @@
+package com.clawdbot.android.bridge
+
+data class BridgeEndpoint(
+  val stableId: String,
+  val name: String,
+  val host: String,
+  val port: Int,
+  val lanHost: String? = null,
+  val tailnetDns: String? = null,
+  val gatewayPort: Int? = null,
+  val bridgePort: Int? = null,
+  val canvasPort: Int? = null,
+) {
+  companion object {
+    fun manual(host: String, port: Int): BridgeEndpoint =
+      BridgeEndpoint(
+        stableId = "manual|$host|$port",
+        name = "$host:$port",
+        host = host,
+        port = port,
+      )
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgePairingClient.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgePairingClient.kt
@@ -0,0 +1,134 @@
+package com.clawdbot.android.bridge
+
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.withContext
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonArray
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonPrimitive
+import kotlinx.serialization.json.JsonNull
+import kotlinx.serialization.json.JsonElement
+import kotlinx.serialization.json.buildJsonObject
+import java.io.BufferedReader
+import java.io.BufferedWriter
+import java.io.InputStreamReader
+import java.io.OutputStreamWriter
+import java.net.InetSocketAddress
+import java.net.Socket
+
+class BridgePairingClient {
+  private val json = Json { ignoreUnknownKeys = true }
+
+  data class Hello(
+    val nodeId: String,
+    val displayName: String?,
+    val token: String?,
+    val platform: String?,
+    val version: String?,
+    val deviceFamily: String?,
+    val modelIdentifier: String?,
+    val caps: List<String>?,
+    val commands: List<String>?,
+  )
+
+  data class PairResult(val ok: Boolean, val token: String?, val error: String? = null)
+
+  suspend fun pairAndHello(endpoint: BridgeEndpoint, hello: Hello): PairResult =
+    withContext(Dispatchers.IO) {
+      val socket = Socket()
+      socket.tcpNoDelay = true
+      try {
+        socket.connect(InetSocketAddress(endpoint.host, endpoint.port), 8_000)
+        socket.soTimeout = 60_000
+
+        val reader = BufferedReader(InputStreamReader(socket.getInputStream(), Charsets.UTF_8))
+        val writer = BufferedWriter(OutputStreamWriter(socket.getOutputStream(), Charsets.UTF_8))
+
+        fun send(line: String) {
+          writer.write(line)
+          writer.write("\n")
+          writer.flush()
+        }
+
+        fun sendJson(obj: JsonObject) = send(obj.toString())
+
+        sendJson(
+          buildJsonObject {
+            put("type", JsonPrimitive("hello"))
+            put("nodeId", JsonPrimitive(hello.nodeId))
+            hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
+            hello.token?.let { put("token", JsonPrimitive(it)) }
+            hello.platform?.let { put("platform", JsonPrimitive(it)) }
+            hello.version?.let { put("version", JsonPrimitive(it)) }
+            hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
+            hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
+            hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
+            hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
+          },
+        )
+
+        val firstObj = json.parseToJsonElement(reader.readLine()).asObjectOrNull()
+          ?: return@withContext PairResult(ok = false, token = null, error = "unexpected bridge response")
+        when (firstObj["type"].asStringOrNull()) {
+          "hello-ok" -> PairResult(ok = true, token = hello.token)
+          "error" -> {
+            val code = firstObj["code"].asStringOrNull() ?: "UNAVAILABLE"
+            val message = firstObj["message"].asStringOrNull() ?: "pairing required"
+            if (code != "NOT_PAIRED" && code != "UNAUTHORIZED") {
+              return@withContext PairResult(ok = false, token = null, error = "$code: $message")
+            }
+
+            sendJson(
+              buildJsonObject {
+                put("type", JsonPrimitive("pair-request"))
+                put("nodeId", JsonPrimitive(hello.nodeId))
+                hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
+                hello.platform?.let { put("platform", JsonPrimitive(it)) }
+                hello.version?.let { put("version", JsonPrimitive(it)) }
+                hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
+                hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
+                hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
+                hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
+              },
+            )
+
+            while (true) {
+              val nextLine = reader.readLine() ?: break
+              val next = json.parseToJsonElement(nextLine).asObjectOrNull() ?: continue
+              when (next["type"].asStringOrNull()) {
+                "pair-ok" -> {
+                  val token = next["token"].asStringOrNull()
+                  return@withContext PairResult(ok = !token.isNullOrBlank(), token = token)
+                }
+                "error" -> {
+                  val c = next["code"].asStringOrNull() ?: "UNAVAILABLE"
+                  val m = next["message"].asStringOrNull() ?: "pairing failed"
+                  return@withContext PairResult(ok = false, token = null, error = "$c: $m")
+                }
+              }
+            }
+            PairResult(ok = false, token = null, error = "pairing failed")
+          }
+          else -> PairResult(ok = false, token = null, error = "unexpected bridge response")
+        }
+      } catch (e: Exception) {
+        val message = e.message?.trim().orEmpty().ifEmpty { "gateway unreachable" }
+        PairResult(ok = false, token = null, error = message)
+      } finally {
+        try {
+          socket.close()
+        } catch (_: Throwable) {
+          // ignore
+        }
+      }
+    }
+}
+
+private fun JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
+
+private fun JsonElement?.asStringOrNull(): String? =
+  when (this) {
+    is JsonNull -> null
+    is JsonPrimitive -> content
+    else -> null
+  }
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgeSession.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgeSession.kt
@@ -1,4 +1,4 @@
-package com.steipete.clawdis.node.bridge
+package com.clawdbot.android.bridge

 import kotlinx.coroutines.CompletableDeferred
 import kotlinx.coroutines.CoroutineScope
@@ -11,7 +11,9 @@ import kotlinx.coroutines.launch
 import kotlinx.coroutines.sync.Mutex
 import kotlinx.coroutines.sync.withLock
 import kotlinx.coroutines.withContext
+import com.clawdbot.android.BuildConfig
 import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonArray
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonNull
 import kotlinx.serialization.json.JsonElement
@@ -22,6 +24,7 @@ import java.io.BufferedWriter
 import java.io.InputStreamReader
 import java.io.OutputStreamWriter
 import java.net.InetSocketAddress
+import java.net.URI
 import java.net.Socket
 import java.util.UUID
 import java.util.concurrent.ConcurrentHashMap
@@ -39,6 +42,10 @@ class BridgeSession(
    val token: String?,
    val platform: String?,
    val version: String?,
+    val deviceFamily: String?,
+    val modelIdentifier: String?,
+    val caps: List<String>?,
+    val commands: List<String>?,
  )

  data class InvokeRequest(val id: String, val command: String, val paramsJson: String?)
@@ -56,6 +63,7 @@ class BridgeSession(
  private val json = Json { ignoreUnknownKeys = true }
  private val writeLock = Mutex()
  private val pending = ConcurrentHashMap<String, CompletableDeferred<RpcResponse>>()
+  @Volatile private var canvasHostUrl: String? = null

  private var desired: Pair<BridgeEndpoint, Hello>? = null
  private var job: Job? = null
@@ -67,15 +75,27 @@ class BridgeSession(
    }
  }

+  suspend fun updateHello(hello: Hello) {
+    val target = desired ?: return
+    desired = target.first to hello
+    val conn = currentConnection ?: return
+    conn.sendJson(buildHelloJson(hello))
+  }
+
  fun disconnect() {
    desired = null
+    // Unblock connectOnce() read loop. Coroutine cancellation alone won't interrupt BufferedReader.readLine().
+    currentConnection?.closeQuietly()
    scope.launch(Dispatchers.IO) {
      job?.cancelAndJoin()
      job = null
-      onDisconnected("Disconnected")
+      canvasHostUrl = null
+      onDisconnected("Offline")
    }
  }

+  fun currentCanvasHostUrl(): String? = canvasHostUrl
+
  suspend fun sendEvent(event: String, payloadJson: String?) {
    val conn = currentConnection ?: return
    conn.sendJson(
@@ -183,16 +203,7 @@ class BridgeSession(
      currentConnection = conn

      try {
-        conn.sendJson(
-          buildJsonObject {
-            put("type", JsonPrimitive("hello"))
-            put("nodeId", JsonPrimitive(hello.nodeId))
-            hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
-            hello.token?.let { put("token", JsonPrimitive(it)) }
-            hello.platform?.let { put("platform", JsonPrimitive(it)) }
-            hello.version?.let { put("version", JsonPrimitive(it)) }
-          },
-        )
+        conn.sendJson(buildHelloJson(hello))

        val firstLine = reader.readLine() ?: throw IllegalStateException("bridge closed connection")
        val first = json.parseToJsonElement(firstLine).asObjectOrNull()
@@ -200,6 +211,17 @@ class BridgeSession(
        when (first["type"].asStringOrNull()) {
          "hello-ok" -> {
            val name = first["serverName"].asStringOrNull() ?: "Bridge"
+            val rawCanvasUrl = first["canvasHostUrl"].asStringOrNull()?.trim()?.ifEmpty { null }
+            canvasHostUrl = normalizeCanvasHostUrl(rawCanvasUrl, endpoint)
+            if (BuildConfig.DEBUG) {
+              // Local JVM unit tests use android.jar stubs; Log.d can throw "not mocked".
+              runCatching {
+                android.util.Log.d(
+                  "ClawdbotBridge",
+                  "canvasHostUrl resolved=${canvasHostUrl ?: "none"} (raw=${rawCanvasUrl ?: "none"})",
+                )
+              }
+            }
            onConnected(name, conn.remoteAddress)
          }
          "error" -> {
@@ -278,6 +300,51 @@ class BridgeSession(
        conn.closeQuietly()
      }
    }
+
+  private fun buildHelloJson(hello: Hello): JsonObject =
+    buildJsonObject {
+      put("type", JsonPrimitive("hello"))
+      put("nodeId", JsonPrimitive(hello.nodeId))
+      hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
+      hello.token?.let { put("token", JsonPrimitive(it)) }
+      hello.platform?.let { put("platform", JsonPrimitive(it)) }
+      hello.version?.let { put("version", JsonPrimitive(it)) }
+      hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
+      hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
+      hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
+      hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
+    }
+
+  private fun normalizeCanvasHostUrl(raw: String?, endpoint: BridgeEndpoint): String? {
+    val trimmed = raw?.trim().orEmpty()
+    val parsed = trimmed.takeIf { it.isNotBlank() }?.let { runCatching { URI(it) }.getOrNull() }
+    val host = parsed?.host?.trim().orEmpty()
+    val port = parsed?.port ?: -1
+    val scheme = parsed?.scheme?.trim().orEmpty().ifBlank { "http" }
+
+    if (trimmed.isNotBlank() && !isLoopbackHost(host)) {
+      return trimmed
+    }
+
+    val fallbackHost =
+      endpoint.tailnetDns?.trim().takeIf { !it.isNullOrEmpty() }
+        ?: endpoint.lanHost?.trim().takeIf { !it.isNullOrEmpty() }
+        ?: endpoint.host.trim()
+    if (fallbackHost.isEmpty()) return trimmed.ifBlank { null }
+
+    val fallbackPort = endpoint.canvasPort ?: if (port > 0) port else 18793
+    val formattedHost = if (fallbackHost.contains(":")) "[${fallbackHost}]" else fallbackHost
+    return "$scheme://$formattedHost:$fallbackPort"
+  }
+
+  private fun isLoopbackHost(raw: String?): Boolean {
+    val host = raw?.trim()?.lowercase().orEmpty()
+    if (host.isEmpty()) return false
+    if (host == "localhost") return true
+    if (host == "::1") return true
+    if (host == "0.0.0.0" || host == "::") return true
+    return host.startsWith("127.")
+  }
 }

 private fun JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
--- a/apps/android/app/src/main/java/com/clawdbot/android/chat/ChatController.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/chat/ChatController.kt
@@ -0,0 +1,512 @@
+package com.clawdbot.android.chat
+
+import com.clawdbot.android.bridge.BridgeSession
+import java.util.UUID
+import java.util.concurrent.ConcurrentHashMap
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Job
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.StateFlow
+import kotlinx.coroutines.flow.asStateFlow
+import kotlinx.coroutines.launch
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonArray
+import kotlinx.serialization.json.JsonElement
+import kotlinx.serialization.json.JsonNull
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonPrimitive
+import kotlinx.serialization.json.buildJsonObject
+
+class ChatController(
+  private val scope: CoroutineScope,
+  private val session: BridgeSession,
+  private val json: Json,
+) {
+  private val _sessionKey = MutableStateFlow("main")
+  val sessionKey: StateFlow<String> = _sessionKey.asStateFlow()
+
+  private val _sessionId = MutableStateFlow<String?>(null)
+  val sessionId: StateFlow<String?> = _sessionId.asStateFlow()
+
+  private val _messages = MutableStateFlow<List<ChatMessage>>(emptyList())
+  val messages: StateFlow<List<ChatMessage>> = _messages.asStateFlow()
+
+  private val _errorText = MutableStateFlow<String?>(null)
+  val errorText: StateFlow<String?> = _errorText.asStateFlow()
+
+  private val _healthOk = MutableStateFlow(false)
+  val healthOk: StateFlow<Boolean> = _healthOk.asStateFlow()
+
+  private val _thinkingLevel = MutableStateFlow("off")
+  val thinkingLevel: StateFlow<String> = _thinkingLevel.asStateFlow()
+
+  private val _pendingRunCount = MutableStateFlow(0)
+  val pendingRunCount: StateFlow<Int> = _pendingRunCount.asStateFlow()
+
+  private val _streamingAssistantText = MutableStateFlow<String?>(null)
+  val streamingAssistantText: StateFlow<String?> = _streamingAssistantText.asStateFlow()
+
+  private val pendingToolCallsById = ConcurrentHashMap<String, ChatPendingToolCall>()
+  private val _pendingToolCalls = MutableStateFlow<List<ChatPendingToolCall>>(emptyList())
+  val pendingToolCalls: StateFlow<List<ChatPendingToolCall>> = _pendingToolCalls.asStateFlow()
+
+  private val _sessions = MutableStateFlow<List<ChatSessionEntry>>(emptyList())
+  val sessions: StateFlow<List<ChatSessionEntry>> = _sessions.asStateFlow()
+
+  private val pendingRuns = mutableSetOf<String>()
+  private val pendingRunTimeoutJobs = ConcurrentHashMap<String, Job>()
+  private val pendingRunTimeoutMs = 120_000L
+
+  private var lastHealthPollAtMs: Long? = null
+
+  fun onDisconnected(message: String) {
+    _healthOk.value = false
+    // Not an error; keep connection status in the UI pill.
+    _errorText.value = null
+    clearPendingRuns()
+    pendingToolCallsById.clear()
+    publishPendingToolCalls()
+    _streamingAssistantText.value = null
+    _sessionId.value = null
+  }
+
+  fun load(sessionKey: String = "main") {
+    val key = sessionKey.trim().ifEmpty { "main" }
+    _sessionKey.value = key
+    scope.launch { bootstrap(forceHealth = true) }
+  }
+
+  fun refresh() {
+    scope.launch { bootstrap(forceHealth = true) }
+  }
+
+  fun refreshSessions(limit: Int? = null) {
+    scope.launch { fetchSessions(limit = limit) }
+  }
+
+  fun setThinkingLevel(thinkingLevel: String) {
+    val normalized = normalizeThinking(thinkingLevel)
+    if (normalized == _thinkingLevel.value) return
+    _thinkingLevel.value = normalized
+  }
+
+  fun switchSession(sessionKey: String) {
+    val key = sessionKey.trim()
+    if (key.isEmpty()) return
+    if (key == _sessionKey.value) return
+    _sessionKey.value = key
+    scope.launch { bootstrap(forceHealth = true) }
+  }
+
+  fun sendMessage(
+    message: String,
+    thinkingLevel: String,
+    attachments: List<OutgoingAttachment>,
+  ) {
+    val trimmed = message.trim()
+    if (trimmed.isEmpty() && attachments.isEmpty()) return
+    if (!_healthOk.value) {
+      _errorText.value = "Gateway health not OK; cannot send"
+      return
+    }
+
+    val runId = UUID.randomUUID().toString()
+    val text = if (trimmed.isEmpty() && attachments.isNotEmpty()) "See attached." else trimmed
+    val sessionKey = _sessionKey.value
+    val thinking = normalizeThinking(thinkingLevel)
+
+    // Optimistic user message.
+    val userContent =
+      buildList {
+        add(ChatMessageContent(type = "text", text = text))
+        for (att in attachments) {
+          add(
+            ChatMessageContent(
+              type = att.type,
+              mimeType = att.mimeType,
+              fileName = att.fileName,
+              base64 = att.base64,
+            ),
+          )
+        }
+      }
+    _messages.value =
+      _messages.value +
+        ChatMessage(
+          id = UUID.randomUUID().toString(),
+          role = "user",
+          content = userContent,
+          timestampMs = System.currentTimeMillis(),
+        )
+
+    armPendingRunTimeout(runId)
+    synchronized(pendingRuns) {
+      pendingRuns.add(runId)
+      _pendingRunCount.value = pendingRuns.size
+    }
+
+    _errorText.value = null
+    _streamingAssistantText.value = null
+    pendingToolCallsById.clear()
+    publishPendingToolCalls()
+
+    scope.launch {
+      try {
+        val params =
+          buildJsonObject {
+            put("sessionKey", JsonPrimitive(sessionKey))
+            put("message", JsonPrimitive(text))
+            put("thinking", JsonPrimitive(thinking))
+            put("timeoutMs", JsonPrimitive(30_000))
+            put("idempotencyKey", JsonPrimitive(runId))
+            if (attachments.isNotEmpty()) {
+              put(
+                "attachments",
+                JsonArray(
+                  attachments.map { att ->
+                    buildJsonObject {
+                      put("type", JsonPrimitive(att.type))
+                      put("mimeType", JsonPrimitive(att.mimeType))
+                      put("fileName", JsonPrimitive(att.fileName))
+                      put("content", JsonPrimitive(att.base64))
+                    }
+                  },
+                ),
+              )
+            }
+          }
+        val res = session.request("chat.send", params.toString())
+        val actualRunId = parseRunId(res) ?: runId
+        if (actualRunId != runId) {
+          clearPendingRun(runId)
+          armPendingRunTimeout(actualRunId)
+          synchronized(pendingRuns) {
+            pendingRuns.add(actualRunId)
+            _pendingRunCount.value = pendingRuns.size
+          }
+        }
+      } catch (err: Throwable) {
+        clearPendingRun(runId)
+        _errorText.value = err.message
+      }
+    }
+  }
+
+  fun abort() {
+    val runIds =
+      synchronized(pendingRuns) {
+        pendingRuns.toList()
+      }
+    if (runIds.isEmpty()) return
+    scope.launch {
+      for (runId in runIds) {
+        try {
+          val params =
+            buildJsonObject {
+              put("sessionKey", JsonPrimitive(_sessionKey.value))
+              put("runId", JsonPrimitive(runId))
+            }
+          session.request("chat.abort", params.toString())
+        } catch (_: Throwable) {
+          // best-effort
+        }
+      }
+    }
+  }
+
+  fun handleBridgeEvent(event: String, payloadJson: String?) {
+    when (event) {
+      "tick" -> {
+        scope.launch { pollHealthIfNeeded(force = false) }
+      }
+      "health" -> {
+        // If we receive a health snapshot, the gateway is reachable.
+        _healthOk.value = true
+      }
+      "seqGap" -> {
+        _errorText.value = "Event stream interrupted; try refreshing."
+        clearPendingRuns()
+      }
+      "chat" -> {
+        if (payloadJson.isNullOrBlank()) return
+        handleChatEvent(payloadJson)
+      }
+      "agent" -> {
+        if (payloadJson.isNullOrBlank()) return
+        handleAgentEvent(payloadJson)
+      }
+    }
+  }
+
+  private suspend fun bootstrap(forceHealth: Boolean) {
+    _errorText.value = null
+    _healthOk.value = false
+    clearPendingRuns()
+    pendingToolCallsById.clear()
+    publishPendingToolCalls()
+    _streamingAssistantText.value = null
+    _sessionId.value = null
+
+    val key = _sessionKey.value
+    try {
+      try {
+        session.sendEvent("chat.subscribe", """{"sessionKey":"$key"}""")
+      } catch (_: Throwable) {
+        // best-effort
+      }
+
+      val historyJson = session.request("chat.history", """{"sessionKey":"$key"}""")
+      val history = parseHistory(historyJson, sessionKey = key)
+      _messages.value = history.messages
+      _sessionId.value = history.sessionId
+      history.thinkingLevel?.trim()?.takeIf { it.isNotEmpty() }?.let { _thinkingLevel.value = it }
+
+      pollHealthIfNeeded(force = forceHealth)
+      fetchSessions(limit = 50)
+    } catch (err: Throwable) {
+      _errorText.value = err.message
+    }
+  }
+
+  private suspend fun fetchSessions(limit: Int?) {
+    try {
+      val params =
+        buildJsonObject {
+          put("includeGlobal", JsonPrimitive(true))
+          put("includeUnknown", JsonPrimitive(false))
+          if (limit != null && limit > 0) put("limit", JsonPrimitive(limit))
+        }
+      val res = session.request("sessions.list", params.toString())
+      _sessions.value = parseSessions(res)
+    } catch (_: Throwable) {
+      // best-effort
+    }
+  }
+
+  private suspend fun pollHealthIfNeeded(force: Boolean) {
+    val now = System.currentTimeMillis()
+    val last = lastHealthPollAtMs
+    if (!force && last != null && now - last < 10_000) return
+    lastHealthPollAtMs = now
+    try {
+      session.request("health", null)
+      _healthOk.value = true
+    } catch (_: Throwable) {
+      _healthOk.value = false
+    }
+  }
+
+  private fun handleChatEvent(payloadJson: String) {
+    val payload = json.parseToJsonElement(payloadJson).asObjectOrNull() ?: return
+    val sessionKey = payload["sessionKey"].asStringOrNull()?.trim()
+    if (!sessionKey.isNullOrEmpty() && sessionKey != _sessionKey.value) return
+
+    val runId = payload["runId"].asStringOrNull()
+    if (runId != null) {
+      val isPending =
+        synchronized(pendingRuns) {
+          pendingRuns.contains(runId)
+        }
+      if (!isPending) return
+    }
+
+    val state = payload["state"].asStringOrNull()
+    when (state) {
+      "final", "aborted", "error" -> {
+        if (state == "error") {
+          _errorText.value = payload["errorMessage"].asStringOrNull() ?: "Chat failed"
+        }
+        if (runId != null) clearPendingRun(runId) else clearPendingRuns()
+        pendingToolCallsById.clear()
+        publishPendingToolCalls()
+        _streamingAssistantText.value = null
+        scope.launch {
+          try {
+            val historyJson =
+              session.request("chat.history", """{"sessionKey":"${_sessionKey.value}"}""")
+            val history = parseHistory(historyJson, sessionKey = _sessionKey.value)
+            _messages.value = history.messages
+            _sessionId.value = history.sessionId
+            history.thinkingLevel?.trim()?.takeIf { it.isNotEmpty() }?.let { _thinkingLevel.value = it }
+          } catch (_: Throwable) {
+            // best-effort
+          }
+        }
+      }
+    }
+  }
+
+  private fun handleAgentEvent(payloadJson: String) {
+    val payload = json.parseToJsonElement(payloadJson).asObjectOrNull() ?: return
+    val runId = payload["runId"].asStringOrNull()
+    val sessionId = _sessionId.value
+    if (sessionId != null && runId != sessionId) return
+
+    val stream = payload["stream"].asStringOrNull()
+    val data = payload["data"].asObjectOrNull()
+
+    when (stream) {
+      "assistant" -> {
+        val text = data?.get("text")?.asStringOrNull()
+        if (!text.isNullOrEmpty()) {
+          _streamingAssistantText.value = text
+        }
+      }
+      "tool" -> {
+        val phase = data?.get("phase")?.asStringOrNull()
+        val name = data?.get("name")?.asStringOrNull()
+        val toolCallId = data?.get("toolCallId")?.asStringOrNull()
+        if (phase.isNullOrEmpty() || name.isNullOrEmpty() || toolCallId.isNullOrEmpty()) return
+
+        val ts = payload["ts"].asLongOrNull() ?: System.currentTimeMillis()
+        if (phase == "start") {
+          val args = data?.get("args").asObjectOrNull()
+          pendingToolCallsById[toolCallId] =
+            ChatPendingToolCall(
+              toolCallId = toolCallId,
+              name = name,
+              args = args,
+              startedAtMs = ts,
+              isError = null,
+            )
+          publishPendingToolCalls()
+        } else if (phase == "result") {
+          pendingToolCallsById.remove(toolCallId)
+          publishPendingToolCalls()
+        }
+      }
+      "error" -> {
+        _errorText.value = "Event stream interrupted; try refreshing."
+        clearPendingRuns()
+        pendingToolCallsById.clear()
+        publishPendingToolCalls()
+        _streamingAssistantText.value = null
+      }
+    }
+  }
+
+  private fun publishPendingToolCalls() {
+    _pendingToolCalls.value =
+      pendingToolCallsById.values.sortedBy { it.startedAtMs }
+  }
+
+  private fun armPendingRunTimeout(runId: String) {
+    pendingRunTimeoutJobs[runId]?.cancel()
+    pendingRunTimeoutJobs[runId] =
+      scope.launch {
+        delay(pendingRunTimeoutMs)
+        val stillPending =
+          synchronized(pendingRuns) {
+            pendingRuns.contains(runId)
+          }
+        if (!stillPending) return@launch
+        clearPendingRun(runId)
+        _errorText.value = "Timed out waiting for a reply; try again or refresh."
+      }
+  }
+
+  private fun clearPendingRun(runId: String) {
+    pendingRunTimeoutJobs.remove(runId)?.cancel()
+    synchronized(pendingRuns) {
+      pendingRuns.remove(runId)
+      _pendingRunCount.value = pendingRuns.size
+    }
+  }
+
+  private fun clearPendingRuns() {
+    for ((_, job) in pendingRunTimeoutJobs) {
+      job.cancel()
+    }
+    pendingRunTimeoutJobs.clear()
+    synchronized(pendingRuns) {
+      pendingRuns.clear()
+      _pendingRunCount.value = 0
+    }
+  }
+
+  private fun parseHistory(historyJson: String, sessionKey: String): ChatHistory {
+    val root = json.parseToJsonElement(historyJson).asObjectOrNull() ?: return ChatHistory(sessionKey, null, null, emptyList())
+    val sid = root["sessionId"].asStringOrNull()
+    val thinkingLevel = root["thinkingLevel"].asStringOrNull()
+    val array = root["messages"].asArrayOrNull() ?: JsonArray(emptyList())
+
+    val messages =
+      array.mapNotNull { item ->
+        val obj = item.asObjectOrNull() ?: return@mapNotNull null
+        val role = obj["role"].asStringOrNull() ?: return@mapNotNull null
+        val content = obj["content"].asArrayOrNull()?.mapNotNull(::parseMessageContent) ?: emptyList()
+        val ts = obj["timestamp"].asLongOrNull()
+        ChatMessage(
+          id = UUID.randomUUID().toString(),
+          role = role,
+          content = content,
+          timestampMs = ts,
+        )
+      }
+
+    return ChatHistory(sessionKey = sessionKey, sessionId = sid, thinkingLevel = thinkingLevel, messages = messages)
+  }
+
+  private fun parseMessageContent(el: JsonElement): ChatMessageContent? {
+    val obj = el.asObjectOrNull() ?: return null
+    val type = obj["type"].asStringOrNull() ?: "text"
+    return if (type == "text") {
+      ChatMessageContent(type = "text", text = obj["text"].asStringOrNull())
+    } else {
+      ChatMessageContent(
+        type = type,
+        mimeType = obj["mimeType"].asStringOrNull(),
+        fileName = obj["fileName"].asStringOrNull(),
+        base64 = obj["content"].asStringOrNull(),
+      )
+    }
+  }
+
+  private fun parseSessions(jsonString: String): List<ChatSessionEntry> {
+    val root = json.parseToJsonElement(jsonString).asObjectOrNull() ?: return emptyList()
+    val sessions = root["sessions"].asArrayOrNull() ?: return emptyList()
+    return sessions.mapNotNull { item ->
+      val obj = item.asObjectOrNull() ?: return@mapNotNull null
+      val key = obj["key"].asStringOrNull()?.trim().orEmpty()
+      if (key.isEmpty()) return@mapNotNull null
+      val updatedAt = obj["updatedAt"].asLongOrNull()
+      val displayName = obj["displayName"].asStringOrNull()?.trim()
+      ChatSessionEntry(key = key, updatedAtMs = updatedAt, displayName = displayName)
+    }
+  }
+
+  private fun parseRunId(resJson: String): String? {
+    return try {
+      json.parseToJsonElement(resJson).asObjectOrNull()?.get("runId").asStringOrNull()
+    } catch (_: Throwable) {
+      null
+    }
+  }
+
+  private fun normalizeThinking(raw: String): String {
+    return when (raw.trim().lowercase()) {
+      "low" -> "low"
+      "medium" -> "medium"
+      "high" -> "high"
+      else -> "off"
+    }
+  }
+}
+
+private fun JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
+
+private fun JsonElement?.asArrayOrNull(): JsonArray? = this as? JsonArray
+
+private fun JsonElement?.asStringOrNull(): String? =
+  when (this) {
+    is JsonNull -> null
+    is JsonPrimitive -> content
+    else -> null
+  }
+
+private fun JsonElement?.asLongOrNull(): Long? =
+  when (this) {
+    is JsonPrimitive -> content.toLongOrNull()
+    else -> null
+  }
--- a/apps/android/app/src/main/java/com/clawdbot/android/chat/ChatModels.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/chat/ChatModels.kt
@@ -0,0 +1,44 @@
+package com.clawdbot.android.chat
+
+data class ChatMessage(
+  val id: String,
+  val role: String,
+  val content: List<ChatMessageContent>,
+  val timestampMs: Long?,
+)
+
+data class ChatMessageContent(
+  val type: String = "text",
+  val text: String? = null,
+  val mimeType: String? = null,
+  val fileName: String? = null,
+  val base64: String? = null,
+)
+
+data class ChatPendingToolCall(
+  val toolCallId: String,
+  val name: String,
+  val args: kotlinx.serialization.json.JsonObject? = null,
+  val startedAtMs: Long,
+  val isError: Boolean? = null,
+)
+
+data class ChatSessionEntry(
+  val key: String,
+  val updatedAtMs: Long?,
+  val displayName: String? = null,
+)
+
+data class ChatHistory(
+  val sessionKey: String,
+  val sessionId: String?,
+  val thinkingLevel: String?,
+  val messages: List<ChatMessage>,
+)
+
+data class OutgoingAttachment(
+  val type: String,
+  val mimeType: String,
+  val fileName: String,
+  val base64: String,
+)
--- a/apps/android/app/src/main/java/com/clawdbot/android/node/CameraCaptureManager.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/node/CameraCaptureManager.kt
@@ -0,0 +1,316 @@
+package com.clawdbot.android.node
+
+import android.Manifest
+import android.content.Context
+import android.annotation.SuppressLint
+import android.graphics.Bitmap
+import android.graphics.BitmapFactory
+import android.graphics.Matrix
+import android.util.Base64
+import android.content.pm.PackageManager
+import android.media.ExifInterface
+import androidx.lifecycle.LifecycleOwner
+import androidx.camera.core.CameraSelector
+import androidx.camera.core.ImageCapture
+import androidx.camera.core.ImageCaptureException
+import androidx.camera.lifecycle.ProcessCameraProvider
+import androidx.camera.video.FileOutputOptions
+import androidx.camera.video.Recorder
+import androidx.camera.video.Recording
+import androidx.camera.video.VideoCapture
+import androidx.camera.video.VideoRecordEvent
+import androidx.core.content.ContextCompat
+import androidx.core.content.ContextCompat.checkSelfPermission
+import androidx.core.graphics.scale
+import com.clawdbot.android.PermissionRequester
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.suspendCancellableCoroutine
+import kotlinx.coroutines.withTimeout
+import kotlinx.coroutines.withContext
+import java.io.ByteArrayOutputStream
+import java.io.File
+import java.util.concurrent.Executor
+import kotlin.math.roundToInt
+import kotlin.coroutines.resume
+import kotlin.coroutines.resumeWithException
+
+class CameraCaptureManager(private val context: Context) {
+  data class Payload(val payloadJson: String)
+
+  @Volatile private var lifecycleOwner: LifecycleOwner? = null
+  @Volatile private var permissionRequester: PermissionRequester? = null
+
+  fun attachLifecycleOwner(owner: LifecycleOwner) {
+    lifecycleOwner = owner
+  }
+
+  fun attachPermissionRequester(requester: PermissionRequester) {
+    permissionRequester = requester
+  }
+
+  private suspend fun ensureCameraPermission() {
+    val granted = checkSelfPermission(context, Manifest.permission.CAMERA) == PackageManager.PERMISSION_GRANTED
+    if (granted) return
+
+    val requester = permissionRequester
+      ?: throw IllegalStateException("CAMERA_PERMISSION_REQUIRED: grant Camera permission")
+    val results = requester.requestIfMissing(listOf(Manifest.permission.CAMERA))
+    if (results[Manifest.permission.CAMERA] != true) {
+      throw IllegalStateException("CAMERA_PERMISSION_REQUIRED: grant Camera permission")
+    }
+  }
+
+  private suspend fun ensureMicPermission() {
+    val granted = checkSelfPermission(context, Manifest.permission.RECORD_AUDIO) == PackageManager.PERMISSION_GRANTED
+    if (granted) return
+
+    val requester = permissionRequester
+      ?: throw IllegalStateException("MIC_PERMISSION_REQUIRED: grant Microphone permission")
+    val results = requester.requestIfMissing(listOf(Manifest.permission.RECORD_AUDIO))
+    if (results[Manifest.permission.RECORD_AUDIO] != true) {
+      throw IllegalStateException("MIC_PERMISSION_REQUIRED: grant Microphone permission")
+    }
+  }
+
+  suspend fun snap(paramsJson: String?): Payload =
+    withContext(Dispatchers.Main) {
+      ensureCameraPermission()
+      val owner = lifecycleOwner ?: throw IllegalStateException("UNAVAILABLE: camera not ready")
+      val facing = parseFacing(paramsJson) ?: "front"
+      val quality = (parseQuality(paramsJson) ?: 0.9).coerceIn(0.1, 1.0)
+      val maxWidth = parseMaxWidth(paramsJson)
+
+      val provider = context.cameraProvider()
+      val capture = ImageCapture.Builder().build()
+      val selector =
+        if (facing == "front") CameraSelector.DEFAULT_FRONT_CAMERA else CameraSelector.DEFAULT_BACK_CAMERA
+
+      provider.unbindAll()
+      provider.bindToLifecycle(owner, selector, capture)
+
+      val (bytes, orientation) = capture.takeJpegWithExif(context.mainExecutor())
+      val decoded = BitmapFactory.decodeByteArray(bytes, 0, bytes.size)
+        ?: throw IllegalStateException("UNAVAILABLE: failed to decode captured image")
+      val rotated = rotateBitmapByExif(decoded, orientation)
+      val scaled =
+        if (maxWidth != null && maxWidth > 0 && rotated.width > maxWidth) {
+          val h =
+            (rotated.height.toDouble() * (maxWidth.toDouble() / rotated.width.toDouble()))
+              .toInt()
+              .coerceAtLeast(1)
+          rotated.scale(maxWidth, h)
+        } else {
+          rotated
+        }
+
+      val maxPayloadBytes = 5 * 1024 * 1024
+      // Base64 inflates payloads by ~4/3; cap encoded bytes so the payload stays under 5MB (API limit).
+      val maxEncodedBytes = (maxPayloadBytes / 4) * 3
+      val result =
+        JpegSizeLimiter.compressToLimit(
+          initialWidth = scaled.width,
+          initialHeight = scaled.height,
+          startQuality = (quality * 100.0).roundToInt().coerceIn(10, 100),
+          maxBytes = maxEncodedBytes,
+          encode = { width, height, q ->
+            val bitmap =
+              if (width == scaled.width && height == scaled.height) {
+                scaled
+              } else {
+                scaled.scale(width, height)
+              }
+            val out = ByteArrayOutputStream()
+            if (!bitmap.compress(Bitmap.CompressFormat.JPEG, q, out)) {
+              if (bitmap !== scaled) bitmap.recycle()
+              throw IllegalStateException("UNAVAILABLE: failed to encode JPEG")
+            }
+            if (bitmap !== scaled) {
+              bitmap.recycle()
+            }
+            out.toByteArray()
+          },
+        )
+      val base64 = Base64.encodeToString(result.bytes, Base64.NO_WRAP)
+      Payload(
+        """{"format":"jpg","base64":"$base64","width":${result.width},"height":${result.height}}""",
+      )
+    }
+
+  @SuppressLint("MissingPermission")
+  suspend fun clip(paramsJson: String?): Payload =
+    withContext(Dispatchers.Main) {
+      ensureCameraPermission()
+      val owner = lifecycleOwner ?: throw IllegalStateException("UNAVAILABLE: camera not ready")
+      val facing = parseFacing(paramsJson) ?: "front"
+      val durationMs = (parseDurationMs(paramsJson) ?: 3_000).coerceIn(200, 60_000)
+      val includeAudio = parseIncludeAudio(paramsJson) ?: true
+      if (includeAudio) ensureMicPermission()
+
+      val provider = context.cameraProvider()
+      val recorder = Recorder.Builder().build()
+      val videoCapture = VideoCapture.withOutput(recorder)
+      val selector =
+        if (facing == "front") CameraSelector.DEFAULT_FRONT_CAMERA else CameraSelector.DEFAULT_BACK_CAMERA
+
+      provider.unbindAll()
+      provider.bindToLifecycle(owner, selector, videoCapture)
+
+      val file = File.createTempFile("clawdbot-clip-", ".mp4")
+      val outputOptions = FileOutputOptions.Builder(file).build()
+
+      val finalized = kotlinx.coroutines.CompletableDeferred<VideoRecordEvent.Finalize>()
+      val recording: Recording =
+        videoCapture.output
+          .prepareRecording(context, outputOptions)
+          .apply {
+            if (includeAudio) withAudioEnabled()
+          }
+          .start(context.mainExecutor()) { event ->
+            if (event is VideoRecordEvent.Finalize) {
+              finalized.complete(event)
+            }
+          }
+
+      try {
+        kotlinx.coroutines.delay(durationMs.toLong())
+      } finally {
+        recording.stop()
+      }
+
+      val finalizeEvent =
+        try {
+          withTimeout(10_000) { finalized.await() }
+        } catch (err: Throwable) {
+          file.delete()
+          throw IllegalStateException("UNAVAILABLE: camera clip finalize timed out")
+        }
+      if (finalizeEvent.hasError()) {
+        file.delete()
+        throw IllegalStateException("UNAVAILABLE: camera clip failed")
+      }
+
+      val bytes = file.readBytes()
+      file.delete()
+      val base64 = Base64.encodeToString(bytes, Base64.NO_WRAP)
+      Payload(
+        """{"format":"mp4","base64":"$base64","durationMs":$durationMs,"hasAudio":${includeAudio}}""",
+      )
+    }
+
+  private fun rotateBitmapByExif(bitmap: Bitmap, orientation: Int): Bitmap {
+    val matrix = Matrix()
+    when (orientation) {
+      ExifInterface.ORIENTATION_ROTATE_90 -> matrix.postRotate(90f)
+      ExifInterface.ORIENTATION_ROTATE_180 -> matrix.postRotate(180f)
+      ExifInterface.ORIENTATION_ROTATE_270 -> matrix.postRotate(270f)
+      ExifInterface.ORIENTATION_FLIP_HORIZONTAL -> matrix.postScale(-1f, 1f)
+      ExifInterface.ORIENTATION_FLIP_VERTICAL -> matrix.postScale(1f, -1f)
+      ExifInterface.ORIENTATION_TRANSPOSE -> {
+        matrix.postRotate(90f)
+        matrix.postScale(-1f, 1f)
+      }
+      ExifInterface.ORIENTATION_TRANSVERSE -> {
+        matrix.postRotate(-90f)
+        matrix.postScale(-1f, 1f)
+      }
+      else -> return bitmap
+    }
+    val rotated = Bitmap.createBitmap(bitmap, 0, 0, bitmap.width, bitmap.height, matrix, true)
+    if (rotated !== bitmap) {
+      bitmap.recycle()
+    }
+    return rotated
+  }
+
+  private fun parseFacing(paramsJson: String?): String? =
+    when {
+      paramsJson?.contains("\"front\"") == true -> "front"
+      paramsJson?.contains("\"back\"") == true -> "back"
+      else -> null
+    }
+
+  private fun parseQuality(paramsJson: String?): Double? =
+    parseNumber(paramsJson, key = "quality")?.toDoubleOrNull()
+
+  private fun parseMaxWidth(paramsJson: String?): Int? =
+    parseNumber(paramsJson, key = "maxWidth")?.toIntOrNull()
+
+  private fun parseDurationMs(paramsJson: String?): Int? =
+    parseNumber(paramsJson, key = "durationMs")?.toIntOrNull()
+
+  private fun parseIncludeAudio(paramsJson: String?): Boolean? {
+    val raw = paramsJson ?: return null
+    val key = "\"includeAudio\""
+    val idx = raw.indexOf(key)
+    if (idx < 0) return null
+    val colon = raw.indexOf(':', idx + key.length)
+    if (colon < 0) return null
+    val tail = raw.substring(colon + 1).trimStart()
+    return when {
+      tail.startsWith("true") -> true
+      tail.startsWith("false") -> false
+      else -> null
+    }
+  }
+
+  private fun parseNumber(paramsJson: String?, key: String): String? {
+    val raw = paramsJson ?: return null
+    val needle = "\"$key\""
+    val idx = raw.indexOf(needle)
+    if (idx < 0) return null
+    val colon = raw.indexOf(':', idx + needle.length)
+    if (colon < 0) return null
+    val tail = raw.substring(colon + 1).trimStart()
+    return tail.takeWhile { it.isDigit() || it == '.' }
+  }
+
+  private fun Context.mainExecutor(): Executor = ContextCompat.getMainExecutor(this)
+}
+
+private suspend fun Context.cameraProvider(): ProcessCameraProvider =
+  suspendCancellableCoroutine { cont ->
+    val future = ProcessCameraProvider.getInstance(this)
+    future.addListener(
+      {
+        try {
+          cont.resume(future.get())
+        } catch (e: Exception) {
+          cont.resumeWithException(e)
+        }
+      },
+      ContextCompat.getMainExecutor(this),
+    )
+  }
+
+/** Returns (jpegBytes, exifOrientation) so caller can rotate the decoded bitmap. */
+private suspend fun ImageCapture.takeJpegWithExif(executor: Executor): Pair<ByteArray, Int> =
+  suspendCancellableCoroutine { cont ->
+    val file = File.createTempFile("clawdbot-snap-", ".jpg")
+    val options = ImageCapture.OutputFileOptions.Builder(file).build()
+    takePicture(
+      options,
+      executor,
+      object : ImageCapture.OnImageSavedCallback {
+        override fun onError(exception: ImageCaptureException) {
+          file.delete()
+          cont.resumeWithException(exception)
+        }
+
+        override fun onImageSaved(outputFileResults: ImageCapture.OutputFileResults) {
+          try {
+            val exif = ExifInterface(file.absolutePath)
+            val orientation = exif.getAttributeInt(
+              ExifInterface.TAG_ORIENTATION,
+              ExifInterface.ORIENTATION_NORMAL,
+            )
+            val bytes = file.readBytes()
+            cont.resume(Pair(bytes, orientation))
+          } catch (e: Exception) {
+            cont.resumeWithException(e)
+          } finally {
+            file.delete()
+          }
+        }
+      },
+    )
+  }
--- a/apps/android/app/src/main/java/com/clawdbot/android/node/CanvasController.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/node/CanvasController.kt
@@ -0,0 +1,264 @@
+package com.clawdbot.android.node
+
+import android.graphics.Bitmap
+import android.graphics.Canvas
+import android.os.Looper
+import android.util.Log
+import android.webkit.WebView
+import androidx.core.graphics.createBitmap
+import androidx.core.graphics.scale
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.suspendCancellableCoroutine
+import kotlinx.coroutines.withContext
+import java.io.ByteArrayOutputStream
+import android.util.Base64
+import org.json.JSONObject
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonElement
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonPrimitive
+import com.clawdbot.android.BuildConfig
+import kotlin.coroutines.resume
+
+class CanvasController {
+  enum class SnapshotFormat(val rawValue: String) {
+    Png("png"),
+    Jpeg("jpeg"),
+  }
+
+  @Volatile private var webView: WebView? = null
+  @Volatile private var url: String? = null
+  @Volatile private var debugStatusEnabled: Boolean = false
+  @Volatile private var debugStatusTitle: String? = null
+  @Volatile private var debugStatusSubtitle: String? = null
+
+  private val scaffoldAssetUrl = "file:///android_asset/CanvasScaffold/scaffold.html"
+
+  private fun clampJpegQuality(quality: Double?): Int {
+    val q = (quality ?: 0.82).coerceIn(0.1, 1.0)
+    return (q * 100.0).toInt().coerceIn(1, 100)
+  }
+
+  fun attach(webView: WebView) {
+    this.webView = webView
+    reload()
+    applyDebugStatus()
+  }
+
+  fun navigate(url: String) {
+    val trimmed = url.trim()
+    this.url = if (trimmed.isBlank() || trimmed == "/") null else trimmed
+    reload()
+  }
+
+  fun currentUrl(): String? = url
+
+  fun isDefaultCanvas(): Boolean = url == null
+
+  fun setDebugStatusEnabled(enabled: Boolean) {
+    debugStatusEnabled = enabled
+    applyDebugStatus()
+  }
+
+  fun setDebugStatus(title: String?, subtitle: String?) {
+    debugStatusTitle = title
+    debugStatusSubtitle = subtitle
+    applyDebugStatus()
+  }
+
+  fun onPageFinished() {
+    applyDebugStatus()
+  }
+
+  private inline fun withWebViewOnMain(crossinline block: (WebView) -> Unit) {
+    val wv = webView ?: return
+    if (Looper.myLooper() == Looper.getMainLooper()) {
+      block(wv)
+    } else {
+      wv.post { block(wv) }
+    }
+  }
+
+  private fun reload() {
+    val currentUrl = url
+    withWebViewOnMain { wv ->
+      if (currentUrl == null) {
+        if (BuildConfig.DEBUG) {
+          Log.d("ClawdbotCanvas", "load scaffold: $scaffoldAssetUrl")
+        }
+        wv.loadUrl(scaffoldAssetUrl)
+      } else {
+        if (BuildConfig.DEBUG) {
+          Log.d("ClawdbotCanvas", "load url: $currentUrl")
+        }
+        wv.loadUrl(currentUrl)
+      }
+    }
+  }
+
+  private fun applyDebugStatus() {
+    val enabled = debugStatusEnabled
+    val title = debugStatusTitle
+    val subtitle = debugStatusSubtitle
+    withWebViewOnMain { wv ->
+      val titleJs = title?.let { JSONObject.quote(it) } ?: "null"
+      val subtitleJs = subtitle?.let { JSONObject.quote(it) } ?: "null"
+      val js = """
+        (() => {
+          try {
+            const api = globalThis.__clawdbot;
+            if (!api) return;
+            if (typeof api.setDebugStatusEnabled === 'function') {
+              api.setDebugStatusEnabled(${if (enabled) "true" else "false"});
+            }
+            if (!${if (enabled) "true" else "false"}) return;
+            if (typeof api.setStatus === 'function') {
+              api.setStatus($titleJs, $subtitleJs);
+            }
+          } catch (_) {}
+        })();
+      """.trimIndent()
+      wv.evaluateJavascript(js, null)
+    }
+  }
+
+  suspend fun eval(javaScript: String): String =
+    withContext(Dispatchers.Main) {
+      val wv = webView ?: throw IllegalStateException("no webview")
+      suspendCancellableCoroutine { cont ->
+        wv.evaluateJavascript(javaScript) { result ->
+          cont.resume(result ?: "")
+        }
+      }
+    }
+
+  suspend fun snapshotPngBase64(maxWidth: Int?): String =
+    withContext(Dispatchers.Main) {
+      val wv = webView ?: throw IllegalStateException("no webview")
+      val bmp = wv.captureBitmap()
+      val scaled =
+        if (maxWidth != null && maxWidth > 0 && bmp.width > maxWidth) {
+          val h = (bmp.height.toDouble() * (maxWidth.toDouble() / bmp.width.toDouble())).toInt().coerceAtLeast(1)
+          bmp.scale(maxWidth, h)
+        } else {
+          bmp
+        }
+
+      val out = ByteArrayOutputStream()
+      scaled.compress(Bitmap.CompressFormat.PNG, 100, out)
+      Base64.encodeToString(out.toByteArray(), Base64.NO_WRAP)
+    }
+
+  suspend fun snapshotBase64(format: SnapshotFormat, quality: Double?, maxWidth: Int?): String =
+    withContext(Dispatchers.Main) {
+      val wv = webView ?: throw IllegalStateException("no webview")
+      val bmp = wv.captureBitmap()
+      val scaled =
+        if (maxWidth != null && maxWidth > 0 && bmp.width > maxWidth) {
+          val h = (bmp.height.toDouble() * (maxWidth.toDouble() / bmp.width.toDouble())).toInt().coerceAtLeast(1)
+          bmp.scale(maxWidth, h)
+        } else {
+          bmp
+        }
+
+      val out = ByteArrayOutputStream()
+      val (compressFormat, compressQuality) =
+        when (format) {
+          SnapshotFormat.Png -> Bitmap.CompressFormat.PNG to 100
+          SnapshotFormat.Jpeg -> Bitmap.CompressFormat.JPEG to clampJpegQuality(quality)
+        }
+      scaled.compress(compressFormat, compressQuality, out)
+      Base64.encodeToString(out.toByteArray(), Base64.NO_WRAP)
+    }
+
+  private suspend fun WebView.captureBitmap(): Bitmap =
+    suspendCancellableCoroutine { cont ->
+      val width = width.coerceAtLeast(1)
+      val height = height.coerceAtLeast(1)
+      val bitmap = createBitmap(width, height, Bitmap.Config.ARGB_8888)
+
+      // WebView isn't supported by PixelCopy.request(...) directly; draw() is the most reliable
+      // cross-version snapshot for this lightweight "canvas" use-case.
+      draw(Canvas(bitmap))
+      cont.resume(bitmap)
+    }
+
+  companion object {
+    data class SnapshotParams(val format: SnapshotFormat, val quality: Double?, val maxWidth: Int?)
+
+    fun parseNavigateUrl(paramsJson: String?): String {
+      val obj = parseParamsObject(paramsJson) ?: return ""
+      return obj.string("url").trim()
+    }
+
+    fun parseEvalJs(paramsJson: String?): String? {
+      val obj = parseParamsObject(paramsJson) ?: return null
+      val js = obj.string("javaScript").trim()
+      return js.takeIf { it.isNotBlank() }
+    }
+
+    fun parseSnapshotMaxWidth(paramsJson: String?): Int? {
+      val obj = parseParamsObject(paramsJson) ?: return null
+      if (!obj.containsKey("maxWidth")) return null
+      val width = obj.int("maxWidth") ?: 0
+      return width.takeIf { it > 0 }
+    }
+
+    fun parseSnapshotFormat(paramsJson: String?): SnapshotFormat {
+      val obj = parseParamsObject(paramsJson) ?: return SnapshotFormat.Jpeg
+      val raw = obj.string("format").trim().lowercase()
+      return when (raw) {
+        "png" -> SnapshotFormat.Png
+        "jpeg", "jpg" -> SnapshotFormat.Jpeg
+        "" -> SnapshotFormat.Jpeg
+        else -> SnapshotFormat.Jpeg
+      }
+    }
+
+    fun parseSnapshotQuality(paramsJson: String?): Double? {
+      val obj = parseParamsObject(paramsJson) ?: return null
+      if (!obj.containsKey("quality")) return null
+      val q = obj.double("quality") ?: Double.NaN
+      if (!q.isFinite()) return null
+      return q.coerceIn(0.1, 1.0)
+    }
+
+    fun parseSnapshotParams(paramsJson: String?): SnapshotParams {
+      return SnapshotParams(
+        format = parseSnapshotFormat(paramsJson),
+        quality = parseSnapshotQuality(paramsJson),
+        maxWidth = parseSnapshotMaxWidth(paramsJson),
+      )
+    }
+
+    private val json = Json { ignoreUnknownKeys = true }
+
+    private fun parseParamsObject(paramsJson: String?): JsonObject? {
+      val raw = paramsJson?.trim().orEmpty()
+      if (raw.isEmpty()) return null
+      return try {
+        json.parseToJsonElement(raw).asObjectOrNull()
+      } catch (_: Throwable) {
+        null
+      }
+    }
+
+    private fun JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
+
+    private fun JsonObject.string(key: String): String {
+      val prim = this[key] as? JsonPrimitive ?: return ""
+      val raw = prim.content
+      return raw.takeIf { it != "null" }.orEmpty()
+    }
+
+    private fun JsonObject.int(key: String): Int? {
+      val prim = this[key] as? JsonPrimitive ?: return null
+      return prim.content.toIntOrNull()
+    }
+
+    private fun JsonObject.double(key: String): Double? {
+      val prim = this[key] as? JsonPrimitive ?: return null
+      return prim.content.toDoubleOrNull()
+    }
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/node/JpegSizeLimiter.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/node/JpegSizeLimiter.kt
@@ -0,0 +1,61 @@
+package com.clawdbot.android.node
+
+import kotlin.math.max
+import kotlin.math.min
+import kotlin.math.roundToInt
+
+internal data class JpegSizeLimiterResult(
+  val bytes: ByteArray,
+  val width: Int,
+  val height: Int,
+  val quality: Int,
+)
+
+internal object JpegSizeLimiter {
+  fun compressToLimit(
+    initialWidth: Int,
+    initialHeight: Int,
+    startQuality: Int,
+    maxBytes: Int,
+    minQuality: Int = 20,
+    minSize: Int = 256,
+    scaleStep: Double = 0.85,
+    maxScaleAttempts: Int = 6,
+    maxQualityAttempts: Int = 6,
+    encode: (width: Int, height: Int, quality: Int) -> ByteArray,
+  ): JpegSizeLimiterResult {
+    require(initialWidth > 0 && initialHeight > 0) { "Invalid image size" }
+    require(maxBytes > 0) { "Invalid maxBytes" }
+
+    var width = initialWidth
+    var height = initialHeight
+    val clampedStartQuality = startQuality.coerceIn(minQuality, 100)
+    var best = JpegSizeLimiterResult(bytes = encode(width, height, clampedStartQuality), width = width, height = height, quality = clampedStartQuality)
+    if (best.bytes.size <= maxBytes) return best
+
+    repeat(maxScaleAttempts) {
+      var quality = clampedStartQuality
+      repeat(maxQualityAttempts) {
+        val bytes = encode(width, height, quality)
+        best = JpegSizeLimiterResult(bytes = bytes, width = width, height = height, quality = quality)
+        if (bytes.size <= maxBytes) return best
+        if (quality <= minQuality) return@repeat
+        quality = max(minQuality, (quality * 0.75).roundToInt())
+      }
+
+      val minScale = (minSize.toDouble() / min(width, height).toDouble()).coerceAtMost(1.0)
+      val nextScale = max(scaleStep, minScale)
+      val nextWidth = max(minSize, (width * nextScale).roundToInt())
+      val nextHeight = max(minSize, (height * nextScale).roundToInt())
+      if (nextWidth == width && nextHeight == height) return@repeat
+      width = min(nextWidth, width)
+      height = min(nextHeight, height)
+    }
+
+    if (best.bytes.size > maxBytes) {
+      throw IllegalStateException("CAMERA_TOO_LARGE: ${best.bytes.size} bytes > $maxBytes bytes")
+    }
+
+    return best
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/node/LocationCaptureManager.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/node/LocationCaptureManager.kt
@@ -0,0 +1,117 @@
+package com.clawdbot.android.node
+
+import android.Manifest
+import android.content.Context
+import android.content.pm.PackageManager
+import android.location.Location
+import android.location.LocationManager
+import android.os.CancellationSignal
+import androidx.core.content.ContextCompat
+import java.time.Instant
+import java.time.format.DateTimeFormatter
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.withContext
+import kotlinx.coroutines.withTimeout
+import kotlin.coroutines.resume
+import kotlin.coroutines.resumeWithException
+import kotlinx.coroutines.suspendCancellableCoroutine
+
+class LocationCaptureManager(private val context: Context) {
+  data class Payload(val payloadJson: String)
+
+  suspend fun getLocation(
+    desiredProviders: List<String>,
+    maxAgeMs: Long?,
+    timeoutMs: Long,
+    isPrecise: Boolean,
+  ): Payload =
+    withContext(Dispatchers.Main) {
+      val manager = context.getSystemService(Context.LOCATION_SERVICE) as LocationManager
+      if (!manager.isProviderEnabled(LocationManager.GPS_PROVIDER) &&
+        !manager.isProviderEnabled(LocationManager.NETWORK_PROVIDER)
+      ) {
+        throw IllegalStateException("LOCATION_UNAVAILABLE: no location providers enabled")
+      }
+
+      val cached = bestLastKnown(manager, desiredProviders, maxAgeMs)
+      val location =
+        cached ?: requestCurrent(manager, desiredProviders, timeoutMs)
+
+      val timestamp = DateTimeFormatter.ISO_INSTANT.format(Instant.ofEpochMilli(location.time))
+      val source = location.provider
+      val altitudeMeters = if (location.hasAltitude()) location.altitude else null
+      val speedMps = if (location.hasSpeed()) location.speed.toDouble() else null
+      val headingDeg = if (location.hasBearing()) location.bearing.toDouble() else null
+      Payload(
+        buildString {
+          append("{\"lat\":")
+          append(location.latitude)
+          append(",\"lon\":")
+          append(location.longitude)
+          append(",\"accuracyMeters\":")
+          append(location.accuracy.toDouble())
+          if (altitudeMeters != null) append(",\"altitudeMeters\":").append(altitudeMeters)
+          if (speedMps != null) append(",\"speedMps\":").append(speedMps)
+          if (headingDeg != null) append(",\"headingDeg\":").append(headingDeg)
+          append(",\"timestamp\":\"").append(timestamp).append('"')
+          append(",\"isPrecise\":").append(isPrecise)
+          append(",\"source\":\"").append(source).append('"')
+          append('}')
+        },
+      )
+    }
+
+  private fun bestLastKnown(
+    manager: LocationManager,
+    providers: List<String>,
+    maxAgeMs: Long?,
+  ): Location? {
+    val fineOk =
+      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_FINE_LOCATION) ==
+        PackageManager.PERMISSION_GRANTED
+    val coarseOk =
+      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_COARSE_LOCATION) ==
+        PackageManager.PERMISSION_GRANTED
+    if (!fineOk && !coarseOk) {
+      throw IllegalStateException("LOCATION_PERMISSION_REQUIRED: grant Location permission")
+    }
+    val now = System.currentTimeMillis()
+    val candidates =
+      providers.mapNotNull { provider -> manager.getLastKnownLocation(provider) }
+    val freshest = candidates.maxByOrNull { it.time } ?: return null
+    if (maxAgeMs != null && now - freshest.time > maxAgeMs) return null
+    return freshest
+  }
+
+  private suspend fun requestCurrent(
+    manager: LocationManager,
+    providers: List<String>,
+    timeoutMs: Long,
+  ): Location {
+    val fineOk =
+      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_FINE_LOCATION) ==
+        PackageManager.PERMISSION_GRANTED
+    val coarseOk =
+      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_COARSE_LOCATION) ==
+        PackageManager.PERMISSION_GRANTED
+    if (!fineOk && !coarseOk) {
+      throw IllegalStateException("LOCATION_PERMISSION_REQUIRED: grant Location permission")
+    }
+    val resolved =
+      providers.firstOrNull { manager.isProviderEnabled(it) }
+        ?: throw IllegalStateException("LOCATION_UNAVAILABLE: no providers available")
+    return withTimeout(timeoutMs.coerceAtLeast(1)) {
+      suspendCancellableCoroutine { cont ->
+        val signal = CancellationSignal()
+        cont.invokeOnCancellation { signal.cancel() }
+        manager.getCurrentLocation(resolved, signal, context.mainExecutor) { location ->
+          if (location != null) {
+            cont.resume(location)
+          } else {
+            cont.resumeWithException(IllegalStateException("LOCATION_UNAVAILABLE: no fix"))
+          }
+        }
+      }
+    }
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/node/ScreenRecordManager.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/node/ScreenRecordManager.kt
@@ -0,0 +1,205 @@
+package com.clawdbot.android.node
+
+import android.content.Context
+import android.hardware.display.DisplayManager
+import android.media.MediaRecorder
+import android.media.projection.MediaProjectionManager
+import android.os.Build
+import android.util.Base64
+import com.clawdbot.android.ScreenCaptureRequester
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.withContext
+import java.io.File
+import kotlin.math.roundToInt
+
+class ScreenRecordManager(private val context: Context) {
+  data class Payload(val payloadJson: String)
+
+  @Volatile private var screenCaptureRequester: ScreenCaptureRequester? = null
+  @Volatile private var permissionRequester: com.clawdbot.android.PermissionRequester? = null
+
+  fun attachScreenCaptureRequester(requester: ScreenCaptureRequester) {
+    screenCaptureRequester = requester
+  }
+
+  fun attachPermissionRequester(requester: com.clawdbot.android.PermissionRequester) {
+    permissionRequester = requester
+  }
+
+  suspend fun record(paramsJson: String?): Payload =
+    withContext(Dispatchers.Default) {
+      val requester =
+        screenCaptureRequester
+          ?: throw IllegalStateException(
+            "SCREEN_PERMISSION_REQUIRED: grant Screen Recording permission",
+          )
+
+      val durationMs = (parseDurationMs(paramsJson) ?: 10_000).coerceIn(250, 60_000)
+      val fps = (parseFps(paramsJson) ?: 10.0).coerceIn(1.0, 60.0)
+      val fpsInt = fps.roundToInt().coerceIn(1, 60)
+      val screenIndex = parseScreenIndex(paramsJson)
+      val includeAudio = parseIncludeAudio(paramsJson) ?: true
+      val format = parseString(paramsJson, key = "format")
+      if (format != null && format.lowercase() != "mp4") {
+        throw IllegalArgumentException("INVALID_REQUEST: screen format must be mp4")
+      }
+      if (screenIndex != null && screenIndex != 0) {
+        throw IllegalArgumentException("INVALID_REQUEST: screenIndex must be 0 on Android")
+      }
+
+      val capture = requester.requestCapture()
+        ?: throw IllegalStateException(
+          "SCREEN_PERMISSION_REQUIRED: grant Screen Recording permission",
+        )
+
+      val mgr =
+        context.getSystemService(Context.MEDIA_PROJECTION_SERVICE) as MediaProjectionManager
+      val projection = mgr.getMediaProjection(capture.resultCode, capture.data)
+        ?: throw IllegalStateException("UNAVAILABLE: screen capture unavailable")
+
+      val metrics = context.resources.displayMetrics
+      val width = metrics.widthPixels
+      val height = metrics.heightPixels
+      val densityDpi = metrics.densityDpi
+
+      val file = File.createTempFile("clawdbot-screen-", ".mp4")
+      if (includeAudio) ensureMicPermission()
+
+      val recorder = createMediaRecorder()
+      var virtualDisplay: android.hardware.display.VirtualDisplay? = null
+      try {
+        if (includeAudio) {
+          recorder.setAudioSource(MediaRecorder.AudioSource.MIC)
+        }
+        recorder.setVideoSource(MediaRecorder.VideoSource.SURFACE)
+        recorder.setOutputFormat(MediaRecorder.OutputFormat.MPEG_4)
+        recorder.setVideoEncoder(MediaRecorder.VideoEncoder.H264)
+        if (includeAudio) {
+          recorder.setAudioEncoder(MediaRecorder.AudioEncoder.AAC)
+          recorder.setAudioChannels(1)
+          recorder.setAudioSamplingRate(44_100)
+          recorder.setAudioEncodingBitRate(96_000)
+        }
+        recorder.setVideoSize(width, height)
+        recorder.setVideoFrameRate(fpsInt)
+        recorder.setVideoEncodingBitRate(estimateBitrate(width, height, fpsInt))
+        recorder.setOutputFile(file.absolutePath)
+        recorder.prepare()
+
+        val surface = recorder.surface
+        virtualDisplay =
+          projection.createVirtualDisplay(
+            "clawdbot-screen",
+            width,
+            height,
+            densityDpi,
+            DisplayManager.VIRTUAL_DISPLAY_FLAG_AUTO_MIRROR,
+            surface,
+            null,
+            null,
+          )
+
+        recorder.start()
+        delay(durationMs.toLong())
+      } finally {
+        try {
+          recorder.stop()
+        } catch (_: Throwable) {
+          // ignore
+        }
+        recorder.reset()
+        recorder.release()
+        virtualDisplay?.release()
+        projection.stop()
+      }
+
+      val bytes = withContext(Dispatchers.IO) { file.readBytes() }
+      file.delete()
+      val base64 = Base64.encodeToString(bytes, Base64.NO_WRAP)
+      Payload(
+        """{"format":"mp4","base64":"$base64","durationMs":$durationMs,"fps":$fpsInt,"screenIndex":0,"hasAudio":$includeAudio}""",
+      )
+    }
+
+  private fun createMediaRecorder(): MediaRecorder =
+    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
+      MediaRecorder(context)
+    } else {
+      @Suppress("DEPRECATION")
+      MediaRecorder()
+    }
+
+  private suspend fun ensureMicPermission() {
+    val granted =
+      androidx.core.content.ContextCompat.checkSelfPermission(
+        context,
+        android.Manifest.permission.RECORD_AUDIO,
+      ) == android.content.pm.PackageManager.PERMISSION_GRANTED
+    if (granted) return
+
+    val requester =
+      permissionRequester
+        ?: throw IllegalStateException("MIC_PERMISSION_REQUIRED: grant Microphone permission")
+    val results = requester.requestIfMissing(listOf(android.Manifest.permission.RECORD_AUDIO))
+    if (results[android.Manifest.permission.RECORD_AUDIO] != true) {
+      throw IllegalStateException("MIC_PERMISSION_REQUIRED: grant Microphone permission")
+    }
+  }
+
+  private fun parseDurationMs(paramsJson: String?): Int? =
+    parseNumber(paramsJson, key = "durationMs")?.toIntOrNull()
+
+  private fun parseFps(paramsJson: String?): Double? =
+    parseNumber(paramsJson, key = "fps")?.toDoubleOrNull()
+
+  private fun parseScreenIndex(paramsJson: String?): Int? =
+    parseNumber(paramsJson, key = "screenIndex")?.toIntOrNull()
+
+  private fun parseIncludeAudio(paramsJson: String?): Boolean? {
+    val raw = paramsJson ?: return null
+    val key = "\"includeAudio\""
+    val idx = raw.indexOf(key)
+    if (idx < 0) return null
+    val colon = raw.indexOf(':', idx + key.length)
+    if (colon < 0) return null
+    val tail = raw.substring(colon + 1).trimStart()
+    return when {
+      tail.startsWith("true") -> true
+      tail.startsWith("false") -> false
+      else -> null
+    }
+  }
+
+  private fun parseNumber(paramsJson: String?, key: String): String? {
+    val raw = paramsJson ?: return null
+    val needle = "\"$key\""
+    val idx = raw.indexOf(needle)
+    if (idx < 0) return null
+    val colon = raw.indexOf(':', idx + needle.length)
+    if (colon < 0) return null
+    val tail = raw.substring(colon + 1).trimStart()
+    return tail.takeWhile { it.isDigit() || it == '.' || it == '-' }
+  }
+
+  private fun parseString(paramsJson: String?, key: String): String? {
+    val raw = paramsJson ?: return null
+    val needle = "\"$key\""
+    val idx = raw.indexOf(needle)
+    if (idx < 0) return null
+    val colon = raw.indexOf(':', idx + needle.length)
+    if (colon < 0) return null
+    val tail = raw.substring(colon + 1).trimStart()
+    if (!tail.startsWith('\"')) return null
+    val rest = tail.drop(1)
+    val end = rest.indexOf('\"')
+    if (end < 0) return null
+    return rest.substring(0, end)
+  }
+
+  private fun estimateBitrate(width: Int, height: Int, fps: Int): Int {
+    val pixels = width.toLong() * height.toLong()
+    val raw = (pixels * fps.toLong() * 2L).toInt()
+    return raw.coerceIn(1_000_000, 12_000_000)
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/node/SmsManager.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/node/SmsManager.kt
@@ -0,0 +1,230 @@
+package com.clawdbot.android.node
+
+import android.Manifest
+import android.content.Context
+import android.content.pm.PackageManager
+import android.telephony.SmsManager as AndroidSmsManager
+import androidx.core.content.ContextCompat
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonElement
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonPrimitive
+import kotlinx.serialization.json.jsonObject
+import kotlinx.serialization.encodeToString
+import com.clawdbot.android.PermissionRequester
+
+/**
+ * Sends SMS messages via the Android SMS API.
+ * Requires SEND_SMS permission to be granted.
+ */
+class SmsManager(private val context: Context) {
+
+    private val json = JsonConfig
+    @Volatile private var permissionRequester: PermissionRequester? = null
+
+    data class SendResult(
+        val ok: Boolean,
+        val to: String,
+        val message: String?,
+        val error: String? = null,
+        val payloadJson: String,
+    )
+
+    internal data class ParsedParams(
+        val to: String,
+        val message: String,
+    )
+
+    internal sealed class ParseResult {
+        data class Ok(val params: ParsedParams) : ParseResult()
+        data class Error(
+            val error: String,
+            val to: String = "",
+            val message: String? = null,
+        ) : ParseResult()
+    }
+
+    internal data class SendPlan(
+        val parts: List<String>,
+        val useMultipart: Boolean,
+    )
+
+    companion object {
+        internal val JsonConfig = Json { ignoreUnknownKeys = true }
+
+        internal fun parseParams(paramsJson: String?, json: Json = JsonConfig): ParseResult {
+            val params = paramsJson?.trim().orEmpty()
+            if (params.isEmpty()) {
+                return ParseResult.Error(error = "INVALID_REQUEST: paramsJSON required")
+            }
+
+            val obj = try {
+                json.parseToJsonElement(params).jsonObject
+            } catch (_: Throwable) {
+                null
+            }
+
+            if (obj == null) {
+                return ParseResult.Error(error = "INVALID_REQUEST: expected JSON object")
+            }
+
+            val to = (obj["to"] as? JsonPrimitive)?.content?.trim().orEmpty()
+            val message = (obj["message"] as? JsonPrimitive)?.content.orEmpty()
+
+            if (to.isEmpty()) {
+                return ParseResult.Error(
+                    error = "INVALID_REQUEST: 'to' phone number required",
+                    message = message,
+                )
+            }
+
+            if (message.isEmpty()) {
+                return ParseResult.Error(
+                    error = "INVALID_REQUEST: 'message' text required",
+                    to = to,
+                )
+            }
+
+            return ParseResult.Ok(ParsedParams(to = to, message = message))
+        }
+
+        internal fun buildSendPlan(
+            message: String,
+            divider: (String) -> List<String>,
+        ): SendPlan {
+            val parts = divider(message).ifEmpty { listOf(message) }
+            return SendPlan(parts = parts, useMultipart = parts.size > 1)
+        }
+
+        internal fun buildPayloadJson(
+            json: Json = JsonConfig,
+            ok: Boolean,
+            to: String,
+            error: String?,
+        ): String {
+            val payload =
+                mutableMapOf<String, JsonElement>(
+                    "ok" to JsonPrimitive(ok),
+                    "to" to JsonPrimitive(to),
+                )
+            if (!ok) {
+                payload["error"] = JsonPrimitive(error ?: "SMS_SEND_FAILED")
+            }
+            return json.encodeToString(JsonObject.serializer(), JsonObject(payload))
+        }
+    }
+
+    fun hasSmsPermission(): Boolean {
+        return ContextCompat.checkSelfPermission(
+            context,
+            Manifest.permission.SEND_SMS
+        ) == PackageManager.PERMISSION_GRANTED
+    }
+
+    fun canSendSms(): Boolean {
+        return hasSmsPermission() && hasTelephonyFeature()
+    }
+
+    fun hasTelephonyFeature(): Boolean {
+        return context.packageManager?.hasSystemFeature(PackageManager.FEATURE_TELEPHONY) == true
+    }
+
+    fun attachPermissionRequester(requester: PermissionRequester) {
+        permissionRequester = requester
+    }
+
+    /**
+     * Send an SMS message.
+     * 
+     * @param paramsJson JSON with "to" (phone number) and "message" (text) fields
+     * @return SendResult indicating success or failure
+     */
+    suspend fun send(paramsJson: String?): SendResult {
+        if (!hasTelephonyFeature()) {
+            return errorResult(
+                error = "SMS_UNAVAILABLE: telephony not available",
+            )
+        }
+
+        if (!ensureSmsPermission()) {
+            return errorResult(
+                error = "SMS_PERMISSION_REQUIRED: grant SMS permission",
+            )
+        }
+
+        val parseResult = parseParams(paramsJson, json)
+        if (parseResult is ParseResult.Error) {
+            return errorResult(
+                error = parseResult.error,
+                to = parseResult.to,
+                message = parseResult.message,
+            )
+        }
+        val params = (parseResult as ParseResult.Ok).params
+
+        return try {
+            val smsManager = context.getSystemService(AndroidSmsManager::class.java)
+                ?: throw IllegalStateException("SMS_UNAVAILABLE: SmsManager not available")
+
+            val plan = buildSendPlan(params.message) { smsManager.divideMessage(it) }
+            if (plan.useMultipart) {
+                smsManager.sendMultipartTextMessage(
+                    params.to,     // destination
+                    null,          // service center (null = default)
+                    ArrayList(plan.parts),    // message parts
+                    null,          // sent intents
+                    null,          // delivery intents
+                )
+            } else {
+                smsManager.sendTextMessage(
+                    params.to,     // destination
+                    null,          // service center (null = default)
+                    params.message,// message
+                    null,          // sent intent
+                    null,          // delivery intent
+                )
+            }
+
+            okResult(to = params.to, message = params.message)
+        } catch (e: SecurityException) {
+            errorResult(
+                error = "SMS_PERMISSION_REQUIRED: ${e.message}",
+                to = params.to,
+                message = params.message,
+            )
+        } catch (e: Throwable) {
+            errorResult(
+                error = "SMS_SEND_FAILED: ${e.message ?: "unknown error"}",
+                to = params.to,
+                message = params.message,
+            )
+        }
+    }
+
+    private suspend fun ensureSmsPermission(): Boolean {
+        if (hasSmsPermission()) return true
+        val requester = permissionRequester ?: return false
+        val results = requester.requestIfMissing(listOf(Manifest.permission.SEND_SMS))
+        return results[Manifest.permission.SEND_SMS] == true
+    }
+
+    private fun okResult(to: String, message: String): SendResult {
+        return SendResult(
+            ok = true,
+            to = to,
+            message = message,
+            error = null,
+            payloadJson = buildPayloadJson(json = json, ok = true, to = to, error = null),
+        )
+    }
+
+    private fun errorResult(error: String, to: String = "", message: String? = null): SendResult {
+        return SendResult(
+            ok = false,
+            to = to,
+            message = message,
+            error = error,
+            payloadJson = buildPayloadJson(json = json, ok = false, to = to, error = error),
+        )
+    }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/protocol/ClawdbotCanvasA2UIAction.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/protocol/ClawdbotCanvasA2UIAction.kt
@@ -0,0 +1,66 @@
+package com.clawdbot.android.protocol
+
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonPrimitive
+
+object ClawdbotCanvasA2UIAction {
+  fun extractActionName(userAction: JsonObject): String? {
+    val name =
+      (userAction["name"] as? JsonPrimitive)
+        ?.content
+        ?.trim()
+        .orEmpty()
+    if (name.isNotEmpty()) return name
+    val action =
+      (userAction["action"] as? JsonPrimitive)
+        ?.content
+        ?.trim()
+        .orEmpty()
+    return action.ifEmpty { null }
+  }
+
+  fun sanitizeTagValue(value: String): String {
+    val trimmed = value.trim().ifEmpty { "-" }
+    val normalized = trimmed.replace(" ", "_")
+    val out = StringBuilder(normalized.length)
+    for (c in normalized) {
+      val ok =
+        c.isLetterOrDigit() ||
+          c == '_' ||
+          c == '-' ||
+          c == '.' ||
+          c == ':'
+      out.append(if (ok) c else '_')
+    }
+    return out.toString()
+  }
+
+  fun formatAgentMessage(
+    actionName: String,
+    sessionKey: String,
+    surfaceId: String,
+    sourceComponentId: String,
+    host: String,
+    instanceId: String,
+    contextJson: String?,
+  ): String {
+    val ctxSuffix = contextJson?.takeIf { it.isNotBlank() }?.let { " ctx=$it" }.orEmpty()
+    return listOf(
+      "CANVAS_A2UI",
+      "action=${sanitizeTagValue(actionName)}",
+      "session=${sanitizeTagValue(sessionKey)}",
+      "surface=${sanitizeTagValue(surfaceId)}",
+      "component=${sanitizeTagValue(sourceComponentId)}",
+      "host=${sanitizeTagValue(host)}",
+      "instance=${sanitizeTagValue(instanceId)}$ctxSuffix",
+      "default=update_canvas",
+    ).joinToString(separator = " ")
+  }
+
+  fun jsDispatchA2UIActionStatus(actionId: String, ok: Boolean, error: String?): String {
+    val err = (error ?: "").replace("\\", "\\\\").replace("\"", "\\\"")
+    val okLiteral = if (ok) "true" else "false"
+    val idEscaped = actionId.replace("\\", "\\\\").replace("\"", "\\\"")
+    return "window.dispatchEvent(new CustomEvent('clawdbot:a2ui-action-status', { detail: { id: \"${idEscaped}\", ok: ${okLiteral}, error: \"${err}\" } }));"
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/protocol/ClawdbotProtocolConstants.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/protocol/ClawdbotProtocolConstants.kt
@@ -0,0 +1,71 @@
+package com.clawdbot.android.protocol
+
+enum class ClawdbotCapability(val rawValue: String) {
+  Canvas("canvas"),
+  Camera("camera"),
+  Screen("screen"),
+  Sms("sms"),
+  VoiceWake("voiceWake"),
+  Location("location"),
+}
+
+enum class ClawdbotCanvasCommand(val rawValue: String) {
+  Present("canvas.present"),
+  Hide("canvas.hide"),
+  Navigate("canvas.navigate"),
+  Eval("canvas.eval"),
+  Snapshot("canvas.snapshot"),
+  ;
+
+  companion object {
+    const val NamespacePrefix: String = "canvas."
+  }
+}
+
+enum class ClawdbotCanvasA2UICommand(val rawValue: String) {
+  Push("canvas.a2ui.push"),
+  PushJSONL("canvas.a2ui.pushJSONL"),
+  Reset("canvas.a2ui.reset"),
+  ;
+
+  companion object {
+    const val NamespacePrefix: String = "canvas.a2ui."
+  }
+}
+
+enum class ClawdbotCameraCommand(val rawValue: String) {
+  Snap("camera.snap"),
+  Clip("camera.clip"),
+  ;
+
+  companion object {
+    const val NamespacePrefix: String = "camera."
+  }
+}
+
+enum class ClawdbotScreenCommand(val rawValue: String) {
+  Record("screen.record"),
+  ;
+
+  companion object {
+    const val NamespacePrefix: String = "screen."
+  }
+}
+
+enum class ClawdbotSmsCommand(val rawValue: String) {
+  Send("sms.send"),
+  ;
+
+  companion object {
+    const val NamespacePrefix: String = "sms."
+  }
+}
+
+enum class ClawdbotLocationCommand(val rawValue: String) {
+  Get("location.get"),
+  ;
+
+  companion object {
+    const val NamespacePrefix: String = "location."
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/tools/ToolDisplay.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/tools/ToolDisplay.kt
@@ -0,0 +1,222 @@
+package com.clawdbot.android.tools
+
+import android.content.Context
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonArray
+import kotlinx.serialization.json.JsonElement
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonPrimitive
+import kotlinx.serialization.json.contentOrNull
+
+@Serializable
+private data class ToolDisplayActionSpec(
+  val label: String? = null,
+  val detailKeys: List<String>? = null,
+)
+
+@Serializable
+private data class ToolDisplaySpec(
+  val emoji: String? = null,
+  val title: String? = null,
+  val label: String? = null,
+  val detailKeys: List<String>? = null,
+  val actions: Map<String, ToolDisplayActionSpec>? = null,
+)
+
+@Serializable
+private data class ToolDisplayConfig(
+  val version: Int? = null,
+  val fallback: ToolDisplaySpec? = null,
+  val tools: Map<String, ToolDisplaySpec>? = null,
+)
+
+data class ToolDisplaySummary(
+  val name: String,
+  val emoji: String,
+  val title: String,
+  val label: String,
+  val verb: String?,
+  val detail: String?,
+) {
+  val detailLine: String?
+    get() {
+      val parts = mutableListOf<String>()
+      if (!verb.isNullOrBlank()) parts.add(verb)
+      if (!detail.isNullOrBlank()) parts.add(detail)
+      return if (parts.isEmpty()) null else parts.joinToString(" · ")
+    }
+
+  val summaryLine: String
+    get() = if (detailLine != null) "${emoji} ${label}: ${detailLine}" else "${emoji} ${label}"
+}
+
+object ToolDisplayRegistry {
+  private const val CONFIG_ASSET = "tool-display.json"
+
+  private val json = Json { ignoreUnknownKeys = true }
+  @Volatile private var cachedConfig: ToolDisplayConfig? = null
+
+  fun resolve(
+    context: Context,
+    name: String?,
+    args: JsonObject?,
+    meta: String? = null,
+  ): ToolDisplaySummary {
+    val trimmedName = name?.trim().orEmpty().ifEmpty { "tool" }
+    val key = trimmedName.lowercase()
+    val config = loadConfig(context)
+    val spec = config.tools?.get(key)
+    val fallback = config.fallback
+
+    val emoji = spec?.emoji ?: fallback?.emoji ?: "🧩"
+    val title = spec?.title ?: titleFromName(trimmedName)
+    val label = spec?.label ?: trimmedName
+
+    val actionRaw = args?.get("action")?.asStringOrNull()?.trim()
+    val action = actionRaw?.takeIf { it.isNotEmpty() }
+    val actionSpec = action?.let { spec?.actions?.get(it) }
+    val verb = normalizeVerb(actionSpec?.label ?: action)
+
+    var detail: String? = null
+    if (key == "read") {
+      detail = readDetail(args)
+    } else if (key == "write" || key == "edit" || key == "attach") {
+      detail = pathDetail(args)
+    }
+
+    val detailKeys = actionSpec?.detailKeys ?: spec?.detailKeys ?: fallback?.detailKeys ?: emptyList()
+    if (detail == null) {
+      detail = firstValue(args, detailKeys)
+    }
+
+    if (detail == null) {
+      detail = meta
+    }
+
+    if (detail != null) {
+      detail = shortenHomeInString(detail)
+    }
+
+    return ToolDisplaySummary(
+      name = trimmedName,
+      emoji = emoji,
+      title = title,
+      label = label,
+      verb = verb,
+      detail = detail,
+    )
+  }
+
+  private fun loadConfig(context: Context): ToolDisplayConfig {
+    val existing = cachedConfig
+    if (existing != null) return existing
+    return try {
+      val jsonString = context.assets.open(CONFIG_ASSET).bufferedReader().use { it.readText() }
+      val decoded = json.decodeFromString(ToolDisplayConfig.serializer(), jsonString)
+      cachedConfig = decoded
+      decoded
+    } catch (_: Throwable) {
+      val fallback = ToolDisplayConfig()
+      cachedConfig = fallback
+      fallback
+    }
+  }
+
+  private fun titleFromName(name: String): String {
+    val cleaned = name.replace("_", " ").trim()
+    if (cleaned.isEmpty()) return "Tool"
+    return cleaned
+      .split(Regex("\\s+"))
+      .joinToString(" ") { part ->
+        val upper = part.uppercase()
+        if (part.length <= 2 && part == upper) part
+        else upper.firstOrNull()?.toString().orEmpty() + part.lowercase().drop(1)
+      }
+  }
+
+  private fun normalizeVerb(value: String?): String? {
+    val trimmed = value?.trim().orEmpty()
+    if (trimmed.isEmpty()) return null
+    return trimmed.replace("_", " ")
+  }
+
+  private fun readDetail(args: JsonObject?): String? {
+    val path = args?.get("path")?.asStringOrNull() ?: return null
+    val offset = args["offset"].asNumberOrNull()
+    val limit = args["limit"].asNumberOrNull()
+    return if (offset != null && limit != null) {
+      val end = offset + limit
+      "${path}:${offset.toInt()}-${end.toInt()}"
+    } else {
+      path
+    }
+  }
+
+  private fun pathDetail(args: JsonObject?): String? {
+    return args?.get("path")?.asStringOrNull()
+  }
+
+  private fun firstValue(args: JsonObject?, keys: List<String>): String? {
+    for (key in keys) {
+      val value = valueForPath(args, key)
+      val rendered = renderValue(value)
+      if (!rendered.isNullOrBlank()) return rendered
+    }
+    return null
+  }
+
+  private fun valueForPath(args: JsonObject?, path: String): JsonElement? {
+    var current: JsonElement? = args
+    for (segment in path.split(".")) {
+      if (segment.isBlank()) return null
+      val obj = current as? JsonObject ?: return null
+      current = obj[segment]
+    }
+    return current
+  }
+
+  private fun renderValue(value: JsonElement?): String? {
+    if (value == null) return null
+    if (value is JsonPrimitive) {
+      if (value.isString) {
+        val trimmed = value.contentOrNull?.trim().orEmpty()
+        if (trimmed.isEmpty()) return null
+        val firstLine = trimmed.lineSequence().firstOrNull()?.trim().orEmpty()
+        if (firstLine.isEmpty()) return null
+        return if (firstLine.length > 160) "${firstLine.take(157)}…" else firstLine
+      }
+      val raw = value.contentOrNull?.trim().orEmpty()
+      raw.toBooleanStrictOrNull()?.let { return it.toString() }
+      raw.toLongOrNull()?.let { return it.toString() }
+      raw.toDoubleOrNull()?.let { return it.toString() }
+    }
+    if (value is JsonArray) {
+      val items = value.mapNotNull { renderValue(it) }
+      if (items.isEmpty()) return null
+      val preview = items.take(3).joinToString(", ")
+      return if (items.size > 3) "${preview}…" else preview
+    }
+    return null
+  }
+
+  private fun shortenHomeInString(value: String): String {
+    val home = System.getProperty("user.home")?.takeIf { it.isNotBlank() }
+      ?: System.getenv("HOME")?.takeIf { it.isNotBlank() }
+    if (home.isNullOrEmpty()) return value
+    return value.replace(home, "~")
+      .replace(Regex("/Users/[^/]+"), "~")
+      .replace(Regex("/home/[^/]+"), "~")
+  }
+
+  private fun JsonElement?.asStringOrNull(): String? {
+    val primitive = this as? JsonPrimitive ?: return null
+    return if (primitive.isString) primitive.contentOrNull else primitive.toString()
+  }
+
+  private fun JsonElement?.asNumberOrNull(): Double? {
+    val primitive = this as? JsonPrimitive ?: return null
+    val raw = primitive.contentOrNull ?: return null
+    return raw.toDoubleOrNull()
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/CameraHudOverlay.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/CameraHudOverlay.kt
@@ -0,0 +1,44 @@
+package com.clawdbot.android.ui
+
+import androidx.compose.foundation.background
+import androidx.compose.foundation.layout.Box
+import androidx.compose.foundation.layout.fillMaxSize
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.LaunchedEffect
+import androidx.compose.runtime.getValue
+import androidx.compose.runtime.mutableFloatStateOf
+import androidx.compose.runtime.remember
+import androidx.compose.runtime.setValue
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.draw.alpha
+import androidx.compose.ui.graphics.Color
+import kotlinx.coroutines.delay
+
+@Composable
+fun CameraFlashOverlay(
+  token: Long,
+  modifier: Modifier = Modifier,
+) {
+  Box(modifier = modifier.fillMaxSize()) {
+    CameraFlash(token = token)
+  }
+}
+
+@Composable
+private fun CameraFlash(token: Long) {
+  var alpha by remember { mutableFloatStateOf(0f) }
+  LaunchedEffect(token) {
+    if (token == 0L) return@LaunchedEffect
+    alpha = 0.85f
+    delay(110)
+    alpha = 0f
+  }
+
+  Box(
+    modifier =
+      Modifier
+        .fillMaxSize()
+        .alpha(alpha)
+        .background(Color.White),
+  )
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/ChatSheet.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/ChatSheet.kt
@@ -0,0 +1,10 @@
+package com.clawdbot.android.ui
+
+import androidx.compose.runtime.Composable
+import com.clawdbot.android.MainViewModel
+import com.clawdbot.android.ui.chat.ChatSheetContent
+
+@Composable
+fun ChatSheet(viewModel: MainViewModel) {
+  ChatSheetContent(viewModel = viewModel)
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/ClawdbotTheme.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/ClawdbotTheme.kt
@@ -0,0 +1,32 @@
+package com.clawdbot.android.ui
+
+import androidx.compose.foundation.isSystemInDarkTheme
+import androidx.compose.material3.MaterialTheme
+import androidx.compose.material3.dynamicDarkColorScheme
+import androidx.compose.material3.dynamicLightColorScheme
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.graphics.Color
+import androidx.compose.ui.platform.LocalContext
+
+@Composable
+fun ClawdbotTheme(content: @Composable () -> Unit) {
+  val context = LocalContext.current
+  val isDark = isSystemInDarkTheme()
+  val colorScheme = if (isDark) dynamicDarkColorScheme(context) else dynamicLightColorScheme(context)
+
+  MaterialTheme(colorScheme = colorScheme, content = content)
+}
+
+@Composable
+fun overlayContainerColor(): Color {
+  val scheme = MaterialTheme.colorScheme
+  val isDark = isSystemInDarkTheme()
+  val base = if (isDark) scheme.surfaceContainerLow else scheme.surfaceContainerHigh
+  // Light mode: background stays dark (canvas), so clamp overlays away from pure-white glare.
+  return if (isDark) base else base.copy(alpha = 0.88f)
+}
+
+@Composable
+fun overlayIconColor(): Color {
+  return MaterialTheme.colorScheme.onSurfaceVariant
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/RootScreen.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/RootScreen.kt
@@ -0,0 +1,449 @@
+package com.clawdbot.android.ui
+
+import android.annotation.SuppressLint
+import android.Manifest
+import android.content.pm.PackageManager
+import android.graphics.Color
+import android.util.Log
+import android.view.View
+import android.webkit.JavascriptInterface
+import android.webkit.ConsoleMessage
+import android.webkit.WebChromeClient
+import android.webkit.WebView
+import android.webkit.WebSettings
+import android.webkit.WebResourceError
+import android.webkit.WebResourceRequest
+import android.webkit.WebResourceResponse
+import android.webkit.WebViewClient
+import androidx.activity.compose.rememberLauncherForActivityResult
+import androidx.activity.result.contract.ActivityResultContracts
+import androidx.webkit.WebSettingsCompat
+import androidx.webkit.WebViewFeature
+import androidx.compose.foundation.layout.Arrangement
+import androidx.compose.foundation.layout.Box
+import androidx.compose.foundation.layout.Column
+import androidx.compose.foundation.layout.WindowInsets
+import androidx.compose.foundation.layout.WindowInsetsSides
+import androidx.compose.foundation.layout.only
+import androidx.compose.foundation.layout.fillMaxSize
+import androidx.compose.foundation.layout.padding
+import androidx.compose.foundation.layout.safeDrawing
+import androidx.compose.foundation.layout.size
+import androidx.compose.foundation.layout.windowInsetsPadding
+import androidx.compose.material3.ExperimentalMaterial3Api
+import androidx.compose.material3.FilledTonalIconButton
+import androidx.compose.material3.Icon
+import androidx.compose.material3.IconButtonDefaults
+import androidx.compose.material3.LocalContentColor
+import androidx.compose.material3.MaterialTheme
+import androidx.compose.material3.ModalBottomSheet
+import androidx.compose.material3.rememberModalBottomSheetState
+import androidx.compose.material.icons.Icons
+import androidx.compose.material.icons.automirrored.filled.ScreenShare
+import androidx.compose.material.icons.filled.ChatBubble
+import androidx.compose.material.icons.filled.CheckCircle
+import androidx.compose.material.icons.filled.Error
+import androidx.compose.material.icons.filled.FiberManualRecord
+import androidx.compose.material.icons.filled.PhotoCamera
+import androidx.compose.material.icons.filled.RecordVoiceOver
+import androidx.compose.material.icons.filled.Refresh
+import androidx.compose.material.icons.filled.Report
+import androidx.compose.material.icons.filled.Settings
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.collectAsState
+import androidx.compose.runtime.getValue
+import androidx.compose.runtime.mutableStateOf
+import androidx.compose.runtime.remember
+import androidx.compose.runtime.setValue
+import androidx.compose.ui.Alignment
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.graphics.Color as ComposeColor
+import androidx.compose.ui.graphics.lerp
+import androidx.compose.ui.platform.LocalContext
+import androidx.compose.ui.unit.dp
+import androidx.compose.ui.viewinterop.AndroidView
+import androidx.compose.ui.window.Popup
+import androidx.compose.ui.window.PopupProperties
+import androidx.core.content.ContextCompat
+import com.clawdbot.android.CameraHudKind
+import com.clawdbot.android.MainViewModel
+
+@OptIn(ExperimentalMaterial3Api::class)
+@Composable
+fun RootScreen(viewModel: MainViewModel) {
+  var sheet by remember { mutableStateOf<Sheet?>(null) }
+  val sheetState = rememberModalBottomSheetState(skipPartiallyExpanded = true)
+  val safeOverlayInsets = WindowInsets.safeDrawing.only(WindowInsetsSides.Top + WindowInsetsSides.Horizontal)
+  val context = LocalContext.current
+  val serverName by viewModel.serverName.collectAsState()
+  val statusText by viewModel.statusText.collectAsState()
+  val cameraHud by viewModel.cameraHud.collectAsState()
+  val cameraFlashToken by viewModel.cameraFlashToken.collectAsState()
+  val screenRecordActive by viewModel.screenRecordActive.collectAsState()
+  val isForeground by viewModel.isForeground.collectAsState()
+  val voiceWakeStatusText by viewModel.voiceWakeStatusText.collectAsState()
+  val talkEnabled by viewModel.talkEnabled.collectAsState()
+  val talkStatusText by viewModel.talkStatusText.collectAsState()
+  val talkIsListening by viewModel.talkIsListening.collectAsState()
+  val talkIsSpeaking by viewModel.talkIsSpeaking.collectAsState()
+  val seamColorArgb by viewModel.seamColorArgb.collectAsState()
+  val seamColor = remember(seamColorArgb) { ComposeColor(seamColorArgb) }
+  val audioPermissionLauncher =
+    rememberLauncherForActivityResult(ActivityResultContracts.RequestPermission()) { granted ->
+      if (granted) viewModel.setTalkEnabled(true)
+    }
+  val activity =
+    remember(cameraHud, screenRecordActive, isForeground, statusText, voiceWakeStatusText) {
+      // Status pill owns transient activity state so it doesn't overlap the connection indicator.
+      if (!isForeground) {
+        return@remember StatusActivity(
+          title = "Foreground required",
+          icon = Icons.Default.Report,
+          contentDescription = "Foreground required",
+        )
+      }
+
+      val lowerStatus = statusText.lowercase()
+      if (lowerStatus.contains("repair")) {
+        return@remember StatusActivity(
+          title = "Repairing…",
+          icon = Icons.Default.Refresh,
+          contentDescription = "Repairing",
+        )
+      }
+      if (lowerStatus.contains("pairing") || lowerStatus.contains("approval")) {
+        return@remember StatusActivity(
+          title = "Approval pending",
+          icon = Icons.Default.RecordVoiceOver,
+          contentDescription = "Approval pending",
+        )
+      }
+      // Avoid duplicating the primary bridge status ("Connecting…") in the activity slot.
+
+      if (screenRecordActive) {
+        return@remember StatusActivity(
+          title = "Recording screen…",
+          icon = Icons.AutoMirrored.Filled.ScreenShare,
+          contentDescription = "Recording screen",
+          tint = androidx.compose.ui.graphics.Color.Red,
+        )
+      }
+
+      cameraHud?.let { hud ->
+        return@remember when (hud.kind) {
+          CameraHudKind.Photo ->
+            StatusActivity(
+              title = hud.message,
+              icon = Icons.Default.PhotoCamera,
+              contentDescription = "Taking photo",
+            )
+          CameraHudKind.Recording ->
+            StatusActivity(
+              title = hud.message,
+              icon = Icons.Default.FiberManualRecord,
+              contentDescription = "Recording",
+              tint = androidx.compose.ui.graphics.Color.Red,
+            )
+          CameraHudKind.Success ->
+            StatusActivity(
+              title = hud.message,
+              icon = Icons.Default.CheckCircle,
+              contentDescription = "Capture finished",
+            )
+          CameraHudKind.Error ->
+            StatusActivity(
+              title = hud.message,
+              icon = Icons.Default.Error,
+              contentDescription = "Capture failed",
+              tint = androidx.compose.ui.graphics.Color.Red,
+            )
+        }
+      }
+
+      if (voiceWakeStatusText.contains("Microphone permission", ignoreCase = true)) {
+        return@remember StatusActivity(
+          title = "Mic permission",
+          icon = Icons.Default.Error,
+          contentDescription = "Mic permission required",
+        )
+      }
+      if (voiceWakeStatusText == "Paused") {
+        val suffix = if (!isForeground) " (background)" else ""
+        return@remember StatusActivity(
+          title = "Voice Wake paused$suffix",
+          icon = Icons.Default.RecordVoiceOver,
+          contentDescription = "Voice Wake paused",
+        )
+      }
+
+      null
+    }
+
+  val bridgeState =
+    remember(serverName, statusText) {
+      when {
+        serverName != null -> BridgeState.Connected
+        statusText.contains("connecting", ignoreCase = true) ||
+          statusText.contains("reconnecting", ignoreCase = true) -> BridgeState.Connecting
+        statusText.contains("error", ignoreCase = true) -> BridgeState.Error
+        else -> BridgeState.Disconnected
+      }
+    }
+
+  val voiceEnabled =
+    ContextCompat.checkSelfPermission(context, Manifest.permission.RECORD_AUDIO) ==
+      PackageManager.PERMISSION_GRANTED
+
+  Box(modifier = Modifier.fillMaxSize()) {
+    CanvasView(viewModel = viewModel, modifier = Modifier.fillMaxSize())
+  }
+
+  // Camera flash must be in a Popup to render above the WebView.
+  Popup(alignment = Alignment.Center, properties = PopupProperties(focusable = false)) {
+    CameraFlashOverlay(token = cameraFlashToken, modifier = Modifier.fillMaxSize())
+  }
+
+  // Keep the overlay buttons above the WebView canvas (AndroidView), otherwise they may not receive touches.
+  Popup(alignment = Alignment.TopStart, properties = PopupProperties(focusable = false)) {
+    StatusPill(
+      bridge = bridgeState,
+      voiceEnabled = voiceEnabled,
+      activity = activity,
+      onClick = { sheet = Sheet.Settings },
+      modifier = Modifier.windowInsetsPadding(safeOverlayInsets).padding(start = 12.dp, top = 12.dp),
+    )
+  }
+
+  Popup(alignment = Alignment.TopEnd, properties = PopupProperties(focusable = false)) {
+    Column(
+      modifier = Modifier.windowInsetsPadding(safeOverlayInsets).padding(end = 12.dp, top = 12.dp),
+      verticalArrangement = Arrangement.spacedBy(10.dp),
+      horizontalAlignment = Alignment.End,
+    ) {
+      OverlayIconButton(
+        onClick = { sheet = Sheet.Chat },
+        icon = { Icon(Icons.Default.ChatBubble, contentDescription = "Chat") },
+      )
+
+      // Talk mode gets a dedicated side bubble instead of burying it in settings.
+      val baseOverlay = overlayContainerColor()
+      val talkContainer =
+        lerp(
+          baseOverlay,
+          seamColor.copy(alpha = baseOverlay.alpha),
+          if (talkEnabled) 0.35f else 0.22f,
+        )
+      val talkContent = if (talkEnabled) seamColor else overlayIconColor()
+      OverlayIconButton(
+        onClick = {
+          val next = !talkEnabled
+          if (next) {
+            val micOk =
+              ContextCompat.checkSelfPermission(context, Manifest.permission.RECORD_AUDIO) ==
+                PackageManager.PERMISSION_GRANTED
+            if (!micOk) audioPermissionLauncher.launch(Manifest.permission.RECORD_AUDIO)
+            viewModel.setTalkEnabled(true)
+          } else {
+            viewModel.setTalkEnabled(false)
+          }
+        },
+        containerColor = talkContainer,
+        contentColor = talkContent,
+        icon = {
+          Icon(
+            Icons.Default.RecordVoiceOver,
+            contentDescription = "Talk Mode",
+          )
+        },
+      )
+
+      OverlayIconButton(
+        onClick = { sheet = Sheet.Settings },
+        icon = { Icon(Icons.Default.Settings, contentDescription = "Settings") },
+      )
+    }
+  }
+
+  if (talkEnabled) {
+    Popup(alignment = Alignment.Center, properties = PopupProperties(focusable = false)) {
+      TalkOrbOverlay(
+        seamColor = seamColor,
+        statusText = talkStatusText,
+        isListening = talkIsListening,
+        isSpeaking = talkIsSpeaking,
+      )
+    }
+  }
+
+  val currentSheet = sheet
+  if (currentSheet != null) {
+    ModalBottomSheet(
+      onDismissRequest = { sheet = null },
+      sheetState = sheetState,
+    ) {
+      when (currentSheet) {
+        Sheet.Chat -> ChatSheet(viewModel = viewModel)
+        Sheet.Settings -> SettingsSheet(viewModel = viewModel)
+      }
+    }
+  }
+}
+
+private enum class Sheet {
+  Chat,
+  Settings,
+}
+
+@Composable
+private fun OverlayIconButton(
+  onClick: () -> Unit,
+  icon: @Composable () -> Unit,
+  containerColor: ComposeColor? = null,
+  contentColor: ComposeColor? = null,
+) {
+  FilledTonalIconButton(
+    onClick = onClick,
+    modifier = Modifier.size(44.dp),
+    colors =
+      IconButtonDefaults.filledTonalIconButtonColors(
+        containerColor = containerColor ?: overlayContainerColor(),
+        contentColor = contentColor ?: overlayIconColor(),
+      ),
+  ) {
+    icon()
+  }
+}
+
+@SuppressLint("SetJavaScriptEnabled")
+@Composable
+private fun CanvasView(viewModel: MainViewModel, modifier: Modifier = Modifier) {
+  val context = LocalContext.current
+  val isDebuggable = (context.applicationInfo.flags and android.content.pm.ApplicationInfo.FLAG_DEBUGGABLE) != 0
+  AndroidView(
+    modifier = modifier,
+    factory = {
+      WebView(context).apply {
+        settings.javaScriptEnabled = true
+        // Some embedded web UIs (incl. the "background website") use localStorage/sessionStorage.
+        settings.domStorageEnabled = true
+        settings.mixedContentMode = WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE
+        if (WebViewFeature.isFeatureSupported(WebViewFeature.ALGORITHMIC_DARKENING)) {
+          WebSettingsCompat.setAlgorithmicDarkeningAllowed(settings, false)
+        } else {
+          disableForceDarkIfSupported(settings)
+        }
+        if (isDebuggable) {
+          Log.d("ClawdbotWebView", "userAgent: ${settings.userAgentString}")
+        }
+        isScrollContainer = true
+        overScrollMode = View.OVER_SCROLL_IF_CONTENT_SCROLLS
+        isVerticalScrollBarEnabled = true
+        isHorizontalScrollBarEnabled = true
+        webViewClient =
+          object : WebViewClient() {
+            override fun onReceivedError(
+              view: WebView,
+              request: WebResourceRequest,
+              error: WebResourceError,
+            ) {
+              if (!isDebuggable) return
+              if (!request.isForMainFrame) return
+              Log.e("ClawdbotWebView", "onReceivedError: ${error.errorCode} ${error.description} ${request.url}")
+            }
+
+            override fun onReceivedHttpError(
+              view: WebView,
+              request: WebResourceRequest,
+              errorResponse: WebResourceResponse,
+            ) {
+              if (!isDebuggable) return
+              if (!request.isForMainFrame) return
+              Log.e(
+                "ClawdbotWebView",
+                "onReceivedHttpError: ${errorResponse.statusCode} ${errorResponse.reasonPhrase} ${request.url}",
+              )
+            }
+
+            override fun onPageFinished(view: WebView, url: String?) {
+              if (isDebuggable) {
+                Log.d("ClawdbotWebView", "onPageFinished: $url")
+              }
+              viewModel.canvas.onPageFinished()
+            }
+
+            override fun onRenderProcessGone(
+              view: WebView,
+              detail: android.webkit.RenderProcessGoneDetail,
+            ): Boolean {
+              if (isDebuggable) {
+                Log.e(
+                  "ClawdbotWebView",
+                  "onRenderProcessGone didCrash=${detail.didCrash()} priorityAtExit=${detail.rendererPriorityAtExit()}",
+                )
+              }
+              return true
+            }
+          }
+        webChromeClient =
+          object : WebChromeClient() {
+            override fun onConsoleMessage(consoleMessage: ConsoleMessage?): Boolean {
+              if (!isDebuggable) return false
+              val msg = consoleMessage ?: return false
+              Log.d(
+                "ClawdbotWebView",
+                "console ${msg.messageLevel()} @ ${msg.sourceId()}:${msg.lineNumber()} ${msg.message()}",
+              )
+              return false
+            }
+          }
+        // Use default layer/background; avoid forcing a black fill over WebView content.
+
+        val a2uiBridge =
+          CanvasA2UIActionBridge { payload ->
+            viewModel.handleCanvasA2UIActionFromWebView(payload)
+          }
+        addJavascriptInterface(a2uiBridge, CanvasA2UIActionBridge.interfaceName)
+        addJavascriptInterface(
+          CanvasA2UIActionLegacyBridge(a2uiBridge),
+          CanvasA2UIActionLegacyBridge.interfaceName,
+        )
+        viewModel.canvas.attach(this)
+      }
+    },
+  )
+}
+
+private fun disableForceDarkIfSupported(settings: WebSettings) {
+  if (!WebViewFeature.isFeatureSupported(WebViewFeature.FORCE_DARK)) return
+  @Suppress("DEPRECATION")
+  WebSettingsCompat.setForceDark(settings, WebSettingsCompat.FORCE_DARK_OFF)
+}
+
+private class CanvasA2UIActionBridge(private val onMessage: (String) -> Unit) {
+  @JavascriptInterface
+  fun postMessage(payload: String?) {
+    val msg = payload?.trim().orEmpty()
+    if (msg.isEmpty()) return
+    onMessage(msg)
+  }
+
+  companion object {
+    const val interfaceName: String = "clawdbotCanvasA2UIAction"
+  }
+}
+
+private class CanvasA2UIActionLegacyBridge(private val bridge: CanvasA2UIActionBridge) {
+  @JavascriptInterface
+  fun canvasAction(payload: String?) {
+    bridge.postMessage(payload)
+  }
+
+  @JavascriptInterface
+  fun postMessage(payload: String?) {
+    bridge.postMessage(payload)
+  }
+
+  companion object {
+    const val interfaceName: String = "Android"
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/SettingsSheet.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/SettingsSheet.kt
@@ -0,0 +1,663 @@
+package com.clawdbot.android.ui
+
+import android.Manifest
+import android.content.Context
+import android.content.Intent
+import android.content.pm.PackageManager
+import android.net.Uri
+import android.os.Build
+import android.provider.Settings
+import androidx.activity.compose.rememberLauncherForActivityResult
+import androidx.activity.result.contract.ActivityResultContracts
+import androidx.compose.animation.AnimatedVisibility
+import androidx.compose.foundation.clickable
+import androidx.compose.foundation.layout.Arrangement
+import androidx.compose.foundation.layout.Column
+import androidx.compose.foundation.layout.PaddingValues
+import androidx.compose.foundation.layout.Row
+import androidx.compose.foundation.layout.Spacer
+import androidx.compose.foundation.layout.WindowInsets
+import androidx.compose.foundation.layout.WindowInsetsSides
+import androidx.compose.foundation.layout.fillMaxHeight
+import androidx.compose.foundation.layout.fillMaxWidth
+import androidx.compose.foundation.layout.height
+import androidx.compose.foundation.layout.imePadding
+import androidx.compose.foundation.layout.only
+import androidx.compose.foundation.layout.safeDrawing
+import androidx.compose.foundation.layout.windowInsetsPadding
+import androidx.compose.foundation.lazy.LazyColumn
+import androidx.compose.foundation.lazy.items
+import androidx.compose.foundation.lazy.rememberLazyListState
+import androidx.compose.material.icons.Icons
+import androidx.compose.material.icons.filled.ExpandLess
+import androidx.compose.material.icons.filled.ExpandMore
+import androidx.compose.material3.Button
+import androidx.compose.material3.HorizontalDivider
+import androidx.compose.material3.Icon
+import androidx.compose.material3.ListItem
+import androidx.compose.material3.MaterialTheme
+import androidx.compose.material3.OutlinedTextField
+import androidx.compose.material3.RadioButton
+import androidx.compose.material3.Switch
+import androidx.compose.material3.Text
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.LaunchedEffect
+import androidx.compose.runtime.collectAsState
+import androidx.compose.runtime.getValue
+import androidx.compose.runtime.mutableStateOf
+import androidx.compose.runtime.remember
+import androidx.compose.runtime.setValue
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.platform.LocalContext
+import androidx.compose.ui.text.style.TextAlign
+import androidx.compose.ui.unit.dp
+import androidx.core.content.ContextCompat
+import com.clawdbot.android.BuildConfig
+import com.clawdbot.android.LocationMode
+import com.clawdbot.android.MainViewModel
+import com.clawdbot.android.NodeForegroundService
+import com.clawdbot.android.VoiceWakeMode
+
+@Composable
+fun SettingsSheet(viewModel: MainViewModel) {
+  val context = LocalContext.current
+  val instanceId by viewModel.instanceId.collectAsState()
+  val displayName by viewModel.displayName.collectAsState()
+  val cameraEnabled by viewModel.cameraEnabled.collectAsState()
+  val locationMode by viewModel.locationMode.collectAsState()
+  val locationPreciseEnabled by viewModel.locationPreciseEnabled.collectAsState()
+  val preventSleep by viewModel.preventSleep.collectAsState()
+  val wakeWords by viewModel.wakeWords.collectAsState()
+  val voiceWakeMode by viewModel.voiceWakeMode.collectAsState()
+  val voiceWakeStatusText by viewModel.voiceWakeStatusText.collectAsState()
+  val isConnected by viewModel.isConnected.collectAsState()
+  val manualEnabled by viewModel.manualEnabled.collectAsState()
+  val manualHost by viewModel.manualHost.collectAsState()
+  val manualPort by viewModel.manualPort.collectAsState()
+  val canvasDebugStatusEnabled by viewModel.canvasDebugStatusEnabled.collectAsState()
+  val statusText by viewModel.statusText.collectAsState()
+  val serverName by viewModel.serverName.collectAsState()
+  val remoteAddress by viewModel.remoteAddress.collectAsState()
+  val bridges by viewModel.bridges.collectAsState()
+  val discoveryStatusText by viewModel.discoveryStatusText.collectAsState()
+
+  val listState = rememberLazyListState()
+  val (wakeWordsText, setWakeWordsText) = remember { mutableStateOf("") }
+  val (advancedExpanded, setAdvancedExpanded) = remember { mutableStateOf(false) }
+  val deviceModel =
+    remember {
+      listOfNotNull(Build.MANUFACTURER, Build.MODEL)
+        .joinToString(" ")
+        .trim()
+        .ifEmpty { "Android" }
+    }
+  val appVersion =
+    remember {
+      val versionName = BuildConfig.VERSION_NAME.trim().ifEmpty { "dev" }
+      if (BuildConfig.DEBUG && !versionName.contains("dev", ignoreCase = true)) {
+        "$versionName-dev"
+      } else {
+        versionName
+      }
+    }
+
+  LaunchedEffect(wakeWords) { setWakeWordsText(wakeWords.joinToString(", ")) }
+
+  val permissionLauncher =
+    rememberLauncherForActivityResult(ActivityResultContracts.RequestMultiplePermissions()) { perms ->
+      val cameraOk = perms[Manifest.permission.CAMERA] == true
+      viewModel.setCameraEnabled(cameraOk)
+    }
+
+  var pendingLocationMode by remember { mutableStateOf<LocationMode?>(null) }
+  var pendingPreciseToggle by remember { mutableStateOf(false) }
+
+  val locationPermissionLauncher =
+    rememberLauncherForActivityResult(ActivityResultContracts.RequestMultiplePermissions()) { perms ->
+      val fineOk = perms[Manifest.permission.ACCESS_FINE_LOCATION] == true
+      val coarseOk = perms[Manifest.permission.ACCESS_COARSE_LOCATION] == true
+      val granted = fineOk || coarseOk
+      val requestedMode = pendingLocationMode
+      pendingLocationMode = null
+
+      if (pendingPreciseToggle) {
+        pendingPreciseToggle = false
+        viewModel.setLocationPreciseEnabled(fineOk)
+        return@rememberLauncherForActivityResult
+      }
+
+      if (!granted) {
+        viewModel.setLocationMode(LocationMode.Off)
+        return@rememberLauncherForActivityResult
+      }
+
+      if (requestedMode != null) {
+        viewModel.setLocationMode(requestedMode)
+        if (requestedMode == LocationMode.Always) {
+          val backgroundOk =
+            ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_BACKGROUND_LOCATION) ==
+              PackageManager.PERMISSION_GRANTED
+          if (!backgroundOk) {
+            openAppSettings(context)
+          }
+        }
+      }
+    }
+
+  val audioPermissionLauncher =
+    rememberLauncherForActivityResult(ActivityResultContracts.RequestPermission()) { _ ->
+      // Status text is handled by NodeRuntime.
+    }
+
+  val smsPermissionAvailable =
+    remember {
+      context.packageManager?.hasSystemFeature(PackageManager.FEATURE_TELEPHONY) == true
+    }
+  var smsPermissionGranted by
+    remember {
+      mutableStateOf(
+        ContextCompat.checkSelfPermission(context, Manifest.permission.SEND_SMS) ==
+          PackageManager.PERMISSION_GRANTED,
+      )
+    }
+  val smsPermissionLauncher =
+    rememberLauncherForActivityResult(ActivityResultContracts.RequestPermission()) { granted ->
+      smsPermissionGranted = granted
+      viewModel.refreshBridgeHello()
+    }
+
+  fun setCameraEnabledChecked(checked: Boolean) {
+    if (!checked) {
+      viewModel.setCameraEnabled(false)
+      return
+    }
+
+    val cameraOk =
+      ContextCompat.checkSelfPermission(context, Manifest.permission.CAMERA) ==
+        PackageManager.PERMISSION_GRANTED
+    if (cameraOk) {
+      viewModel.setCameraEnabled(true)
+    } else {
+      permissionLauncher.launch(arrayOf(Manifest.permission.CAMERA, Manifest.permission.RECORD_AUDIO))
+    }
+  }
+
+  fun requestLocationPermissions(targetMode: LocationMode) {
+    val fineOk =
+      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_FINE_LOCATION) ==
+        PackageManager.PERMISSION_GRANTED
+    val coarseOk =
+      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_COARSE_LOCATION) ==
+        PackageManager.PERMISSION_GRANTED
+    if (fineOk || coarseOk) {
+      viewModel.setLocationMode(targetMode)
+      if (targetMode == LocationMode.Always) {
+        val backgroundOk =
+          ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_BACKGROUND_LOCATION) ==
+            PackageManager.PERMISSION_GRANTED
+        if (!backgroundOk) {
+          openAppSettings(context)
+        }
+      }
+    } else {
+      pendingLocationMode = targetMode
+      locationPermissionLauncher.launch(
+        arrayOf(Manifest.permission.ACCESS_FINE_LOCATION, Manifest.permission.ACCESS_COARSE_LOCATION),
+      )
+    }
+  }
+
+  fun setPreciseLocationChecked(checked: Boolean) {
+    if (!checked) {
+      viewModel.setLocationPreciseEnabled(false)
+      return
+    }
+    val fineOk =
+      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_FINE_LOCATION) ==
+        PackageManager.PERMISSION_GRANTED
+    if (fineOk) {
+      viewModel.setLocationPreciseEnabled(true)
+    } else {
+      pendingPreciseToggle = true
+      locationPermissionLauncher.launch(arrayOf(Manifest.permission.ACCESS_FINE_LOCATION))
+    }
+  }
+
+  val visibleBridges =
+    if (isConnected && remoteAddress != null) {
+      bridges.filterNot { "${it.host}:${it.port}" == remoteAddress }
+    } else {
+      bridges
+    }
+
+  val bridgeDiscoveryFooterText =
+    if (visibleBridges.isEmpty()) {
+      discoveryStatusText
+    } else if (isConnected) {
+      "Discovery active • ${visibleBridges.size} other bridge${if (visibleBridges.size == 1) "" else "s"} found"
+    } else {
+      "Discovery active • ${visibleBridges.size} bridge${if (visibleBridges.size == 1) "" else "s"} found"
+    }
+
+  LazyColumn(
+    state = listState,
+    modifier =
+      Modifier
+        .fillMaxWidth()
+        .fillMaxHeight()
+        .imePadding()
+        .windowInsetsPadding(WindowInsets.safeDrawing.only(WindowInsetsSides.Bottom)),
+    contentPadding = PaddingValues(16.dp),
+    verticalArrangement = Arrangement.spacedBy(6.dp),
+  ) {
+    // Order parity: Node → Bridge → Voice → Camera → Messaging → Location → Screen.
+    item { Text("Node", style = MaterialTheme.typography.titleSmall) }
+    item {
+      OutlinedTextField(
+        value = displayName,
+        onValueChange = viewModel::setDisplayName,
+        label = { Text("Name") },
+        modifier = Modifier.fillMaxWidth(),
+      )
+    }
+    item { Text("Instance ID: $instanceId", color = MaterialTheme.colorScheme.onSurfaceVariant) }
+    item { Text("Device: $deviceModel", color = MaterialTheme.colorScheme.onSurfaceVariant) }
+    item { Text("Version: $appVersion", color = MaterialTheme.colorScheme.onSurfaceVariant) }
+
+    item { HorizontalDivider() }
+
+    // Bridge
+    item { Text("Bridge", style = MaterialTheme.typography.titleSmall) }
+    item { ListItem(headlineContent = { Text("Status") }, supportingContent = { Text(statusText) }) }
+    if (serverName != null) {
+      item { ListItem(headlineContent = { Text("Server") }, supportingContent = { Text(serverName!!) }) }
+    }
+    if (remoteAddress != null) {
+      item { ListItem(headlineContent = { Text("Address") }, supportingContent = { Text(remoteAddress!!) }) }
+    }
+    item {
+      // UI sanity: "Disconnect" only when we have an active remote.
+      if (isConnected && remoteAddress != null) {
+        Button(
+          onClick = {
+            viewModel.disconnect()
+            NodeForegroundService.stop(context)
+          },
+        ) {
+          Text("Disconnect")
+        }
+      }
+    }
+
+    item { HorizontalDivider() }
+
+    if (!isConnected || visibleBridges.isNotEmpty()) {
+      item {
+        Text(
+          if (isConnected) "Other Bridges" else "Discovered Bridges",
+          style = MaterialTheme.typography.titleSmall,
+        )
+      }
+      if (!isConnected && visibleBridges.isEmpty()) {
+        item { Text("No bridges found yet.", color = MaterialTheme.colorScheme.onSurfaceVariant) }
+      } else {
+        items(items = visibleBridges, key = { it.stableId }) { bridge ->
+          val detailLines =
+            buildList {
+              add("IP: ${bridge.host}:${bridge.port}")
+              bridge.lanHost?.let { add("LAN: $it") }
+              bridge.tailnetDns?.let { add("Tailnet: $it") }
+              if (bridge.gatewayPort != null || bridge.bridgePort != null || bridge.canvasPort != null) {
+                val gw = bridge.gatewayPort?.toString() ?: "—"
+                val br = (bridge.bridgePort ?: bridge.port).toString()
+                val canvas = bridge.canvasPort?.toString() ?: "—"
+                add("Ports: gw $gw · bridge $br · canvas $canvas")
+              }
+            }
+          ListItem(
+            headlineContent = { Text(bridge.name) },
+            supportingContent = {
+              Column(verticalArrangement = Arrangement.spacedBy(2.dp)) {
+                detailLines.forEach { line ->
+                  Text(line, color = MaterialTheme.colorScheme.onSurfaceVariant)
+                }
+              }
+            },
+            trailingContent = {
+              Button(
+                onClick = {
+                  NodeForegroundService.start(context)
+                  viewModel.connect(bridge)
+                },
+              ) {
+                Text("Connect")
+              }
+            },
+          )
+        }
+      }
+      item {
+        Text(
+          bridgeDiscoveryFooterText,
+          modifier = Modifier.fillMaxWidth(),
+          textAlign = TextAlign.Center,
+          style = MaterialTheme.typography.labelMedium,
+          color = MaterialTheme.colorScheme.onSurfaceVariant,
+        )
+      }
+    }
+
+    item { HorizontalDivider() }
+
+    item {
+      ListItem(
+        headlineContent = { Text("Advanced") },
+        supportingContent = { Text("Manual bridge connection") },
+        trailingContent = {
+          Icon(
+            imageVector = if (advancedExpanded) Icons.Filled.ExpandLess else Icons.Filled.ExpandMore,
+            contentDescription = if (advancedExpanded) "Collapse" else "Expand",
+          )
+        },
+        modifier =
+          Modifier.clickable {
+            setAdvancedExpanded(!advancedExpanded)
+          },
+      )
+    }
+    item {
+      AnimatedVisibility(visible = advancedExpanded) {
+        Column(verticalArrangement = Arrangement.spacedBy(10.dp), modifier = Modifier.fillMaxWidth()) {
+          ListItem(
+            headlineContent = { Text("Use Manual Bridge") },
+            supportingContent = { Text("Use this when discovery is blocked.") },
+            trailingContent = { Switch(checked = manualEnabled, onCheckedChange = viewModel::setManualEnabled) },
+          )
+
+          OutlinedTextField(
+            value = manualHost,
+            onValueChange = viewModel::setManualHost,
+            label = { Text("Host") },
+            modifier = Modifier.fillMaxWidth(),
+            enabled = manualEnabled,
+          )
+          OutlinedTextField(
+            value = manualPort.toString(),
+            onValueChange = { v -> viewModel.setManualPort(v.toIntOrNull() ?: 0) },
+            label = { Text("Port") },
+            modifier = Modifier.fillMaxWidth(),
+            enabled = manualEnabled,
+          )
+
+          val hostOk = manualHost.trim().isNotEmpty()
+          val portOk = manualPort in 1..65535
+          Button(
+            onClick = {
+              NodeForegroundService.start(context)
+              viewModel.connectManual()
+            },
+            enabled = manualEnabled && hostOk && portOk,
+          ) {
+            Text("Connect (Manual)")
+          }
+        }
+      }
+    }
+
+    item { HorizontalDivider() }
+
+    // Voice
+    item { Text("Voice", style = MaterialTheme.typography.titleSmall) }
+    item {
+      val enabled = voiceWakeMode != VoiceWakeMode.Off
+      ListItem(
+        headlineContent = { Text("Voice Wake") },
+        supportingContent = { Text(voiceWakeStatusText) },
+        trailingContent = {
+          Switch(
+            checked = enabled,
+            onCheckedChange = { on ->
+              if (on) {
+                val micOk =
+                  ContextCompat.checkSelfPermission(context, Manifest.permission.RECORD_AUDIO) ==
+                    PackageManager.PERMISSION_GRANTED
+                if (!micOk) audioPermissionLauncher.launch(Manifest.permission.RECORD_AUDIO)
+                viewModel.setVoiceWakeMode(VoiceWakeMode.Foreground)
+              } else {
+                viewModel.setVoiceWakeMode(VoiceWakeMode.Off)
+              }
+            },
+          )
+        },
+      )
+    }
+    item {
+      AnimatedVisibility(visible = voiceWakeMode != VoiceWakeMode.Off) {
+        Column(verticalArrangement = Arrangement.spacedBy(6.dp), modifier = Modifier.fillMaxWidth()) {
+          ListItem(
+            headlineContent = { Text("Foreground Only") },
+            supportingContent = { Text("Listens only while Clawdbot is open.") },
+            trailingContent = {
+              RadioButton(
+                selected = voiceWakeMode == VoiceWakeMode.Foreground,
+                onClick = {
+                  val micOk =
+                    ContextCompat.checkSelfPermission(context, Manifest.permission.RECORD_AUDIO) ==
+                      PackageManager.PERMISSION_GRANTED
+                  if (!micOk) audioPermissionLauncher.launch(Manifest.permission.RECORD_AUDIO)
+                  viewModel.setVoiceWakeMode(VoiceWakeMode.Foreground)
+                },
+              )
+            },
+          )
+          ListItem(
+            headlineContent = { Text("Always") },
+            supportingContent = { Text("Keeps listening in the background (shows a persistent notification).") },
+            trailingContent = {
+              RadioButton(
+                selected = voiceWakeMode == VoiceWakeMode.Always,
+                onClick = {
+                  val micOk =
+                    ContextCompat.checkSelfPermission(context, Manifest.permission.RECORD_AUDIO) ==
+                      PackageManager.PERMISSION_GRANTED
+                  if (!micOk) audioPermissionLauncher.launch(Manifest.permission.RECORD_AUDIO)
+                  viewModel.setVoiceWakeMode(VoiceWakeMode.Always)
+                },
+              )
+            },
+          )
+        }
+      }
+    }
+    item {
+      OutlinedTextField(
+        value = wakeWordsText,
+        onValueChange = setWakeWordsText,
+        label = { Text("Wake Words (comma-separated)") },
+        modifier = Modifier.fillMaxWidth(),
+        singleLine = true,
+      )
+    }
+    item {
+      Row(horizontalArrangement = Arrangement.spacedBy(12.dp)) {
+        Button(
+          onClick = {
+            val parsed = com.clawdbot.android.WakeWords.parseCommaSeparated(wakeWordsText)
+            viewModel.setWakeWords(parsed)
+          },
+          enabled = isConnected,
+        ) {
+          Text("Save + Sync")
+        }
+
+        Button(onClick = viewModel::resetWakeWordsDefaults) { Text("Reset defaults") }
+      }
+    }
+    item {
+      Text(
+        if (isConnected) {
+          "Any node can edit wake words. Changes sync via the gateway bridge."
+        } else {
+          "Connect to a gateway to sync wake words globally."
+        },
+        color = MaterialTheme.colorScheme.onSurfaceVariant,
+      )
+    }
+
+    item { HorizontalDivider() }
+
+    // Camera
+    item { Text("Camera", style = MaterialTheme.typography.titleSmall) }
+    item {
+      ListItem(
+        headlineContent = { Text("Allow Camera") },
+        supportingContent = { Text("Allows the bridge to request photos or short video clips (foreground only).") },
+        trailingContent = { Switch(checked = cameraEnabled, onCheckedChange = ::setCameraEnabledChecked) },
+      )
+    }
+    item {
+      Text(
+        "Tip: grant Microphone permission for video clips with audio.",
+        color = MaterialTheme.colorScheme.onSurfaceVariant,
+      )
+    }
+
+    item { HorizontalDivider() }
+
+    // Messaging
+    item { Text("Messaging", style = MaterialTheme.typography.titleSmall) }
+    item {
+      val buttonLabel =
+        when {
+          !smsPermissionAvailable -> "Unavailable"
+          smsPermissionGranted -> "Manage"
+          else -> "Grant"
+        }
+      ListItem(
+        headlineContent = { Text("SMS Permission") },
+        supportingContent = {
+          Text(
+            if (smsPermissionAvailable) {
+              "Allow the bridge to send SMS from this device."
+            } else {
+              "SMS requires a device with telephony hardware."
+            },
+          )
+        },
+        trailingContent = {
+          Button(
+            onClick = {
+              if (!smsPermissionAvailable) return@Button
+              if (smsPermissionGranted) {
+                openAppSettings(context)
+              } else {
+                smsPermissionLauncher.launch(Manifest.permission.SEND_SMS)
+              }
+            },
+            enabled = smsPermissionAvailable,
+          ) {
+            Text(buttonLabel)
+          }
+        },
+      )
+    }
+
+    item { HorizontalDivider() }
+
+    // Location
+    item { Text("Location", style = MaterialTheme.typography.titleSmall) }
+    item {
+      Column(verticalArrangement = Arrangement.spacedBy(6.dp), modifier = Modifier.fillMaxWidth()) {
+        ListItem(
+          headlineContent = { Text("Off") },
+          supportingContent = { Text("Disable location sharing.") },
+          trailingContent = {
+            RadioButton(
+              selected = locationMode == LocationMode.Off,
+              onClick = { viewModel.setLocationMode(LocationMode.Off) },
+            )
+          },
+        )
+        ListItem(
+          headlineContent = { Text("While Using") },
+          supportingContent = { Text("Only while Clawdbot is open.") },
+          trailingContent = {
+            RadioButton(
+              selected = locationMode == LocationMode.WhileUsing,
+              onClick = { requestLocationPermissions(LocationMode.WhileUsing) },
+            )
+          },
+        )
+        ListItem(
+          headlineContent = { Text("Always") },
+          supportingContent = { Text("Allow background location (requires system permission).") },
+          trailingContent = {
+            RadioButton(
+              selected = locationMode == LocationMode.Always,
+              onClick = { requestLocationPermissions(LocationMode.Always) },
+            )
+          },
+        )
+      }
+    }
+    item {
+      ListItem(
+        headlineContent = { Text("Precise Location") },
+        supportingContent = { Text("Use precise GPS when available.") },
+        trailingContent = {
+          Switch(
+            checked = locationPreciseEnabled,
+            onCheckedChange = ::setPreciseLocationChecked,
+            enabled = locationMode != LocationMode.Off,
+          )
+        },
+      )
+    }
+    item {
+      Text(
+        "Always may require Android Settings to allow background location.",
+        color = MaterialTheme.colorScheme.onSurfaceVariant,
+      )
+    }
+
+    item { HorizontalDivider() }
+
+    // Screen
+    item { Text("Screen", style = MaterialTheme.typography.titleSmall) }
+    item {
+      ListItem(
+        headlineContent = { Text("Prevent Sleep") },
+        supportingContent = { Text("Keeps the screen awake while Clawdbot is open.") },
+        trailingContent = { Switch(checked = preventSleep, onCheckedChange = viewModel::setPreventSleep) },
+      )
+    }
+
+    item { HorizontalDivider() }
+
+    // Debug
+    item { Text("Debug", style = MaterialTheme.typography.titleSmall) }
+    item {
+      ListItem(
+        headlineContent = { Text("Debug Canvas Status") },
+        supportingContent = { Text("Show status text in the canvas when debug is enabled.") },
+        trailingContent = {
+          Switch(
+            checked = canvasDebugStatusEnabled,
+            onCheckedChange = viewModel::setCanvasDebugStatusEnabled,
+          )
+        },
+      )
+    }
+
+    item { Spacer(modifier = Modifier.height(20.dp)) }
+  }
+}
+
+private fun openAppSettings(context: Context) {
+  val intent =
+    Intent(
+      Settings.ACTION_APPLICATION_DETAILS_SETTINGS,
+      Uri.fromParts("package", context.packageName, null),
+    )
+  context.startActivity(intent)
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/StatusPill.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/StatusPill.kt
@@ -0,0 +1,114 @@
+package com.clawdbot.android.ui
+
+import androidx.compose.foundation.layout.Arrangement
+import androidx.compose.foundation.layout.Row
+import androidx.compose.foundation.layout.Spacer
+import androidx.compose.foundation.layout.height
+import androidx.compose.foundation.layout.padding
+import androidx.compose.foundation.layout.size
+import androidx.compose.foundation.layout.width
+import androidx.compose.foundation.shape.CircleShape
+import androidx.compose.foundation.shape.RoundedCornerShape
+import androidx.compose.material.icons.Icons
+import androidx.compose.material.icons.filled.Mic
+import androidx.compose.material.icons.filled.MicOff
+import androidx.compose.material3.Icon
+import androidx.compose.material3.MaterialTheme
+import androidx.compose.material3.Surface
+import androidx.compose.material3.Text
+import androidx.compose.material3.VerticalDivider
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.Alignment
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.draw.alpha
+import androidx.compose.ui.graphics.Color
+import androidx.compose.ui.unit.dp
+
+@Composable
+fun StatusPill(
+  bridge: BridgeState,
+  voiceEnabled: Boolean,
+  onClick: () -> Unit,
+  modifier: Modifier = Modifier,
+  activity: StatusActivity? = null,
+) {
+  Surface(
+    onClick = onClick,
+    modifier = modifier,
+    shape = RoundedCornerShape(14.dp),
+    color = overlayContainerColor(),
+    tonalElevation = 3.dp,
+    shadowElevation = 0.dp,
+  ) {
+    Row(
+      modifier = Modifier.padding(horizontal = 12.dp, vertical = 8.dp),
+      horizontalArrangement = Arrangement.spacedBy(10.dp),
+      verticalAlignment = Alignment.CenterVertically,
+    ) {
+      Row(horizontalArrangement = Arrangement.spacedBy(8.dp), verticalAlignment = Alignment.CenterVertically) {
+        Surface(
+          modifier = Modifier.size(9.dp),
+          shape = CircleShape,
+          color = bridge.color,
+        ) {}
+
+        Text(
+          text = bridge.title,
+          style = MaterialTheme.typography.labelLarge,
+        )
+      }
+
+      VerticalDivider(
+        modifier = Modifier.height(14.dp).alpha(0.35f),
+        color = MaterialTheme.colorScheme.onSurfaceVariant,
+      )
+
+      if (activity != null) {
+        Row(
+          horizontalArrangement = Arrangement.spacedBy(6.dp),
+          verticalAlignment = Alignment.CenterVertically,
+        ) {
+          Icon(
+            imageVector = activity.icon,
+            contentDescription = activity.contentDescription,
+            tint = activity.tint ?: overlayIconColor(),
+            modifier = Modifier.size(18.dp),
+          )
+          Text(
+            text = activity.title,
+            style = MaterialTheme.typography.labelLarge,
+            maxLines = 1,
+          )
+        }
+      } else {
+        Icon(
+          imageVector = if (voiceEnabled) Icons.Default.Mic else Icons.Default.MicOff,
+          contentDescription = if (voiceEnabled) "Voice enabled" else "Voice disabled",
+          tint =
+            if (voiceEnabled) {
+              overlayIconColor()
+            } else {
+              MaterialTheme.colorScheme.onSurfaceVariant
+            },
+          modifier = Modifier.size(18.dp),
+        )
+      }
+
+      Spacer(modifier = Modifier.width(2.dp))
+    }
+  }
+}
+
+data class StatusActivity(
+  val title: String,
+  val icon: androidx.compose.ui.graphics.vector.ImageVector,
+  val contentDescription: String,
+  val tint: Color? = null,
+)
+
+enum class BridgeState(val title: String, val color: Color) {
+  Connected("Connected", Color(0xFF2ECC71)),
+  Connecting("Connecting…", Color(0xFFF1C40F)),
+  Error("Error", Color(0xFFE74C3C)),
+  Disconnected("Offline", Color(0xFF9E9E9E)),
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/TalkOrbOverlay.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/TalkOrbOverlay.kt
@@ -0,0 +1,134 @@
+package com.clawdbot.android.ui
+
+import androidx.compose.animation.core.LinearEasing
+import androidx.compose.animation.core.RepeatMode
+import androidx.compose.animation.core.animateFloat
+import androidx.compose.animation.core.infiniteRepeatable
+import androidx.compose.animation.core.rememberInfiniteTransition
+import androidx.compose.animation.core.tween
+import androidx.compose.foundation.Canvas
+import androidx.compose.foundation.layout.Arrangement
+import androidx.compose.foundation.layout.Box
+import androidx.compose.foundation.layout.Column
+import androidx.compose.foundation.layout.padding
+import androidx.compose.foundation.layout.size
+import androidx.compose.foundation.shape.CircleShape
+import androidx.compose.material3.MaterialTheme
+import androidx.compose.material3.Surface
+import androidx.compose.material3.Text
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.getValue
+import androidx.compose.ui.Alignment
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.graphics.Brush
+import androidx.compose.ui.graphics.Color
+import androidx.compose.ui.graphics.drawscope.Stroke
+import androidx.compose.ui.text.font.FontWeight
+import androidx.compose.ui.unit.dp
+
+@Composable
+fun TalkOrbOverlay(
+  seamColor: Color,
+  statusText: String,
+  isListening: Boolean,
+  isSpeaking: Boolean,
+  modifier: Modifier = Modifier,
+) {
+  val transition = rememberInfiniteTransition(label = "talk-orb")
+  val t by
+    transition.animateFloat(
+      initialValue = 0f,
+      targetValue = 1f,
+      animationSpec =
+        infiniteRepeatable(
+          animation = tween(durationMillis = 1500, easing = LinearEasing),
+          repeatMode = RepeatMode.Restart,
+        ),
+      label = "pulse",
+    )
+
+  val trimmed = statusText.trim()
+  val showStatus = trimmed.isNotEmpty() && trimmed != "Off"
+  val phase =
+    when {
+      isSpeaking -> "Speaking"
+      isListening -> "Listening"
+      else -> "Thinking"
+    }
+
+  Column(
+    modifier = modifier.padding(24.dp),
+    horizontalAlignment = Alignment.CenterHorizontally,
+    verticalArrangement = Arrangement.spacedBy(12.dp),
+  ) {
+    Box(contentAlignment = Alignment.Center) {
+      Canvas(modifier = Modifier.size(360.dp)) {
+        val center = this.center
+        val baseRadius = size.minDimension * 0.30f
+
+        val ring1 = 1.05f + (t * 0.25f)
+        val ring2 = 1.20f + (t * 0.55f)
+        val ringAlpha1 = (1f - t) * 0.34f
+        val ringAlpha2 = (1f - t) * 0.22f
+
+        drawCircle(
+          color = seamColor.copy(alpha = ringAlpha1),
+          radius = baseRadius * ring1,
+          center = center,
+          style = Stroke(width = 3.dp.toPx()),
+        )
+        drawCircle(
+          color = seamColor.copy(alpha = ringAlpha2),
+          radius = baseRadius * ring2,
+          center = center,
+          style = Stroke(width = 3.dp.toPx()),
+        )
+
+        drawCircle(
+          brush =
+            Brush.radialGradient(
+              colors =
+                listOf(
+                  seamColor.copy(alpha = 0.92f),
+                  seamColor.copy(alpha = 0.40f),
+                  Color.Black.copy(alpha = 0.56f),
+                ),
+              center = center,
+              radius = baseRadius * 1.35f,
+            ),
+          radius = baseRadius,
+          center = center,
+        )
+
+        drawCircle(
+          color = seamColor.copy(alpha = 0.34f),
+          radius = baseRadius,
+          center = center,
+          style = Stroke(width = 1.dp.toPx()),
+        )
+      }
+    }
+
+    if (showStatus) {
+      Surface(
+        color = Color.Black.copy(alpha = 0.40f),
+        shape = CircleShape,
+      ) {
+        Text(
+          text = trimmed,
+          modifier = Modifier.padding(horizontal = 14.dp, vertical = 8.dp),
+          color = Color.White.copy(alpha = 0.92f),
+          style = MaterialTheme.typography.labelLarge,
+          fontWeight = FontWeight.SemiBold,
+        )
+      }
+    } else {
+      Text(
+        text = phase,
+        color = Color.White.copy(alpha = 0.80f),
+        style = MaterialTheme.typography.labelLarge,
+        fontWeight = FontWeight.SemiBold,
+      )
+    }
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatComposer.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatComposer.kt
@@ -0,0 +1,284 @@
+package com.clawdbot.android.ui.chat
+
+import androidx.compose.foundation.layout.Arrangement
+import androidx.compose.foundation.layout.Box
+import androidx.compose.foundation.layout.Column
+import androidx.compose.foundation.layout.Row
+import androidx.compose.foundation.layout.Spacer
+import androidx.compose.foundation.layout.fillMaxWidth
+import androidx.compose.foundation.layout.padding
+import androidx.compose.foundation.layout.size
+import androidx.compose.foundation.layout.width
+import androidx.compose.foundation.rememberScrollState
+import androidx.compose.foundation.shape.RoundedCornerShape
+import androidx.compose.foundation.horizontalScroll
+import androidx.compose.material.icons.Icons
+import androidx.compose.material.icons.filled.ArrowUpward
+import androidx.compose.material.icons.filled.AttachFile
+import androidx.compose.material.icons.filled.Refresh
+import androidx.compose.material.icons.filled.Stop
+import androidx.compose.material3.ButtonDefaults
+import androidx.compose.material3.DropdownMenu
+import androidx.compose.material3.DropdownMenuItem
+import androidx.compose.material3.FilledTonalButton
+import androidx.compose.material3.FilledTonalIconButton
+import androidx.compose.material3.Icon
+import androidx.compose.material3.IconButtonDefaults
+import androidx.compose.material3.MaterialTheme
+import androidx.compose.material3.OutlinedTextField
+import androidx.compose.material3.Surface
+import androidx.compose.material3.Text
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.getValue
+import androidx.compose.runtime.mutableStateOf
+import androidx.compose.runtime.remember
+import androidx.compose.runtime.saveable.rememberSaveable
+import androidx.compose.runtime.setValue
+import androidx.compose.ui.Alignment
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.graphics.Color
+import androidx.compose.ui.unit.dp
+import com.clawdbot.android.chat.ChatSessionEntry
+
+@Composable
+fun ChatComposer(
+  sessionKey: String,
+  sessions: List<ChatSessionEntry>,
+  healthOk: Boolean,
+  thinkingLevel: String,
+  pendingRunCount: Int,
+  errorText: String?,
+  attachments: List<PendingImageAttachment>,
+  onPickImages: () -> Unit,
+  onRemoveAttachment: (id: String) -> Unit,
+  onSetThinkingLevel: (level: String) -> Unit,
+  onSelectSession: (sessionKey: String) -> Unit,
+  onRefresh: () -> Unit,
+  onAbort: () -> Unit,
+  onSend: (text: String) -> Unit,
+) {
+  var input by rememberSaveable { mutableStateOf("") }
+  var showThinkingMenu by remember { mutableStateOf(false) }
+  var showSessionMenu by remember { mutableStateOf(false) }
+
+  val sessionOptions = resolveSessionChoices(sessionKey, sessions)
+  val currentSessionLabel =
+    sessionOptions.firstOrNull { it.key == sessionKey }?.displayName ?: sessionKey
+
+  val canSend = pendingRunCount == 0 && (input.trim().isNotEmpty() || attachments.isNotEmpty()) && healthOk
+
+  Surface(
+    shape = MaterialTheme.shapes.large,
+    color = MaterialTheme.colorScheme.surfaceContainer,
+    tonalElevation = 0.dp,
+    shadowElevation = 0.dp,
+  ) {
+    Column(modifier = Modifier.padding(10.dp), verticalArrangement = Arrangement.spacedBy(8.dp)) {
+      Row(
+        modifier = Modifier.fillMaxWidth(),
+        horizontalArrangement = Arrangement.spacedBy(8.dp),
+        verticalAlignment = Alignment.CenterVertically,
+      ) {
+        Box {
+          FilledTonalButton(
+            onClick = { showSessionMenu = true },
+            contentPadding = ButtonDefaults.ContentPadding,
+          ) {
+            Text("Session: $currentSessionLabel")
+          }
+
+          DropdownMenu(expanded = showSessionMenu, onDismissRequest = { showSessionMenu = false }) {
+            for (entry in sessionOptions) {
+              DropdownMenuItem(
+                text = { Text(entry.displayName ?: entry.key) },
+                onClick = {
+                  onSelectSession(entry.key)
+                  showSessionMenu = false
+                },
+                trailingIcon = {
+                  if (entry.key == sessionKey) {
+                    Text("✓")
+                  } else {
+                    Spacer(modifier = Modifier.width(10.dp))
+                  }
+                },
+              )
+            }
+          }
+        }
+
+        Box {
+          FilledTonalButton(
+            onClick = { showThinkingMenu = true },
+            contentPadding = ButtonDefaults.ContentPadding,
+          ) {
+            Text("Thinking: ${thinkingLabel(thinkingLevel)}")
+          }
+
+          DropdownMenu(expanded = showThinkingMenu, onDismissRequest = { showThinkingMenu = false }) {
+            ThinkingMenuItem("off", thinkingLevel, onSetThinkingLevel) { showThinkingMenu = false }
+            ThinkingMenuItem("low", thinkingLevel, onSetThinkingLevel) { showThinkingMenu = false }
+            ThinkingMenuItem("medium", thinkingLevel, onSetThinkingLevel) { showThinkingMenu = false }
+            ThinkingMenuItem("high", thinkingLevel, onSetThinkingLevel) { showThinkingMenu = false }
+          }
+        }
+
+        Spacer(modifier = Modifier.weight(1f))
+
+        FilledTonalIconButton(onClick = onRefresh, modifier = Modifier.size(42.dp)) {
+          Icon(Icons.Default.Refresh, contentDescription = "Refresh")
+        }
+
+        FilledTonalIconButton(onClick = onPickImages, modifier = Modifier.size(42.dp)) {
+          Icon(Icons.Default.AttachFile, contentDescription = "Add image")
+        }
+      }
+
+      if (attachments.isNotEmpty()) {
+        AttachmentsStrip(attachments = attachments, onRemoveAttachment = onRemoveAttachment)
+      }
+
+      OutlinedTextField(
+        value = input,
+        onValueChange = { input = it },
+        modifier = Modifier.fillMaxWidth(),
+        placeholder = { Text("Message Clawd…") },
+        minLines = 2,
+        maxLines = 6,
+      )
+
+      Row(modifier = Modifier.fillMaxWidth(), verticalAlignment = Alignment.CenterVertically) {
+        ConnectionPill(sessionLabel = currentSessionLabel, healthOk = healthOk)
+        Spacer(modifier = Modifier.weight(1f))
+
+        if (pendingRunCount > 0) {
+          FilledTonalIconButton(
+            onClick = onAbort,
+            colors =
+              IconButtonDefaults.filledTonalIconButtonColors(
+                containerColor = Color(0x33E74C3C),
+                contentColor = Color(0xFFE74C3C),
+              ),
+          ) {
+            Icon(Icons.Default.Stop, contentDescription = "Abort")
+          }
+        } else {
+          FilledTonalIconButton(onClick = {
+            val text = input
+            input = ""
+            onSend(text)
+          }, enabled = canSend) {
+            Icon(Icons.Default.ArrowUpward, contentDescription = "Send")
+          }
+        }
+      }
+
+      if (!errorText.isNullOrBlank()) {
+        Text(
+          text = errorText,
+          style = MaterialTheme.typography.bodySmall,
+          color = MaterialTheme.colorScheme.error,
+          maxLines = 2,
+        )
+      }
+    }
+  }
+}
+
+@Composable
+private fun ConnectionPill(sessionLabel: String, healthOk: Boolean) {
+  Surface(
+    shape = RoundedCornerShape(999.dp),
+    color = MaterialTheme.colorScheme.surfaceContainerHighest,
+  ) {
+    Row(
+      modifier = Modifier.padding(horizontal = 10.dp, vertical = 6.dp),
+      horizontalArrangement = Arrangement.spacedBy(8.dp),
+      verticalAlignment = Alignment.CenterVertically,
+    ) {
+      Surface(
+        modifier = Modifier.size(7.dp),
+        shape = androidx.compose.foundation.shape.CircleShape,
+        color = if (healthOk) Color(0xFF2ECC71) else Color(0xFFF39C12),
+      ) {}
+      Text(sessionLabel, style = MaterialTheme.typography.labelSmall)
+      Text(
+        if (healthOk) "Connected" else "Connecting…",
+        style = MaterialTheme.typography.labelSmall,
+        color = MaterialTheme.colorScheme.onSurfaceVariant,
+      )
+    }
+  }
+}
+
+@Composable
+private fun ThinkingMenuItem(
+  value: String,
+  current: String,
+  onSet: (String) -> Unit,
+  onDismiss: () -> Unit,
+) {
+  DropdownMenuItem(
+    text = { Text(thinkingLabel(value)) },
+    onClick = {
+      onSet(value)
+      onDismiss()
+    },
+    trailingIcon = {
+      if (value == current.trim().lowercase()) {
+        Text("✓")
+      } else {
+        Spacer(modifier = Modifier.width(10.dp))
+      }
+    },
+  )
+}
+
+private fun thinkingLabel(raw: String): String {
+  return when (raw.trim().lowercase()) {
+    "low" -> "Low"
+    "medium" -> "Medium"
+    "high" -> "High"
+    else -> "Off"
+  }
+}
+
+@Composable
+private fun AttachmentsStrip(
+  attachments: List<PendingImageAttachment>,
+  onRemoveAttachment: (id: String) -> Unit,
+) {
+  Row(
+    modifier = Modifier.fillMaxWidth().horizontalScroll(rememberScrollState()),
+    horizontalArrangement = Arrangement.spacedBy(8.dp),
+  ) {
+    for (att in attachments) {
+      AttachmentChip(
+        fileName = att.fileName,
+        onRemove = { onRemoveAttachment(att.id) },
+      )
+    }
+  }
+}
+
+@Composable
+private fun AttachmentChip(fileName: String, onRemove: () -> Unit) {
+  Surface(
+    shape = RoundedCornerShape(999.dp),
+    color = MaterialTheme.colorScheme.primary.copy(alpha = 0.10f),
+  ) {
+    Row(
+      modifier = Modifier.padding(horizontal = 10.dp, vertical = 6.dp),
+      verticalAlignment = Alignment.CenterVertically,
+      horizontalArrangement = Arrangement.spacedBy(8.dp),
+    ) {
+      Text(text = fileName, style = MaterialTheme.typography.bodySmall, maxLines = 1)
+      FilledTonalIconButton(
+        onClick = onRemove,
+        modifier = Modifier.size(30.dp),
+      ) {
+        Text("×")
+      }
+    }
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatMarkdown.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatMarkdown.kt
@@ -0,0 +1,215 @@
+package com.clawdbot.android.ui.chat
+
+import android.graphics.BitmapFactory
+import android.util.Base64
+import androidx.compose.foundation.Image
+import androidx.compose.foundation.layout.Arrangement
+import androidx.compose.foundation.layout.Column
+import androidx.compose.foundation.layout.fillMaxWidth
+import androidx.compose.foundation.layout.padding
+import androidx.compose.foundation.text.selection.SelectionContainer
+import androidx.compose.material3.MaterialTheme
+import androidx.compose.material3.Text
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.LaunchedEffect
+import androidx.compose.runtime.getValue
+import androidx.compose.runtime.mutableStateOf
+import androidx.compose.runtime.remember
+import androidx.compose.runtime.setValue
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.graphics.Color
+import androidx.compose.ui.graphics.asImageBitmap
+import androidx.compose.ui.layout.ContentScale
+import androidx.compose.ui.text.AnnotatedString
+import androidx.compose.ui.text.SpanStyle
+import androidx.compose.ui.text.buildAnnotatedString
+import androidx.compose.ui.text.font.FontFamily
+import androidx.compose.ui.text.font.FontStyle
+import androidx.compose.ui.text.font.FontWeight
+import androidx.compose.ui.text.withStyle
+import androidx.compose.ui.unit.dp
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.withContext
+
+@Composable
+fun ChatMarkdown(text: String, textColor: Color) {
+  val blocks = remember(text) { splitMarkdown(text) }
+  val inlineCodeBg = MaterialTheme.colorScheme.surfaceContainerLow
+
+  Column(verticalArrangement = Arrangement.spacedBy(10.dp)) {
+    for (b in blocks) {
+      when (b) {
+        is ChatMarkdownBlock.Text -> {
+          val trimmed = b.text.trimEnd()
+          if (trimmed.isEmpty()) continue
+          Text(
+            text = parseInlineMarkdown(trimmed, inlineCodeBg = inlineCodeBg),
+            style = MaterialTheme.typography.bodyMedium,
+            color = textColor,
+          )
+        }
+        is ChatMarkdownBlock.Code -> {
+          SelectionContainer(modifier = Modifier.fillMaxWidth()) {
+            ChatCodeBlock(code = b.code, language = b.language)
+          }
+        }
+        is ChatMarkdownBlock.InlineImage -> {
+          InlineBase64Image(base64 = b.base64, mimeType = b.mimeType)
+        }
+      }
+    }
+  }
+}
+
+private sealed interface ChatMarkdownBlock {
+  data class Text(val text: String) : ChatMarkdownBlock
+  data class Code(val code: String, val language: String?) : ChatMarkdownBlock
+  data class InlineImage(val mimeType: String?, val base64: String) : ChatMarkdownBlock
+}
+
+private fun splitMarkdown(raw: String): List<ChatMarkdownBlock> {
+  if (raw.isEmpty()) return emptyList()
+
+  val out = ArrayList<ChatMarkdownBlock>()
+  var idx = 0
+  while (idx < raw.length) {
+    val fenceStart = raw.indexOf("```", startIndex = idx)
+    if (fenceStart < 0) {
+      out.addAll(splitInlineImages(raw.substring(idx)))
+      break
+    }
+
+    if (fenceStart > idx) {
+      out.addAll(splitInlineImages(raw.substring(idx, fenceStart)))
+    }
+
+    val langLineStart = fenceStart + 3
+    val langLineEnd = raw.indexOf('\n', startIndex = langLineStart).let { if (it < 0) raw.length else it }
+    val language = raw.substring(langLineStart, langLineEnd).trim().ifEmpty { null }
+
+    val codeStart = if (langLineEnd < raw.length && raw[langLineEnd] == '\n') langLineEnd + 1 else langLineEnd
+    val fenceEnd = raw.indexOf("```", startIndex = codeStart)
+    if (fenceEnd < 0) {
+      out.addAll(splitInlineImages(raw.substring(fenceStart)))
+      break
+    }
+    val code = raw.substring(codeStart, fenceEnd)
+    out.add(ChatMarkdownBlock.Code(code = code, language = language))
+
+    idx = fenceEnd + 3
+  }
+
+  return out
+}
+
+private fun splitInlineImages(text: String): List<ChatMarkdownBlock> {
+  if (text.isEmpty()) return emptyList()
+  val regex = Regex("data:image/([a-zA-Z0-9+.-]+);base64,([A-Za-z0-9+/=\\n\\r]+)")
+  val out = ArrayList<ChatMarkdownBlock>()
+
+  var idx = 0
+  while (idx < text.length) {
+    val m = regex.find(text, startIndex = idx) ?: break
+    val start = m.range.first
+    val end = m.range.last + 1
+    if (start > idx) out.add(ChatMarkdownBlock.Text(text.substring(idx, start)))
+
+    val mime = "image/" + (m.groupValues.getOrNull(1)?.trim()?.ifEmpty { "png" } ?: "png")
+    val b64 = m.groupValues.getOrNull(2)?.replace("\n", "")?.replace("\r", "")?.trim().orEmpty()
+    if (b64.isNotEmpty()) {
+      out.add(ChatMarkdownBlock.InlineImage(mimeType = mime, base64 = b64))
+    }
+    idx = end
+  }
+
+  if (idx < text.length) out.add(ChatMarkdownBlock.Text(text.substring(idx)))
+  return out
+}
+
+private fun parseInlineMarkdown(text: String, inlineCodeBg: androidx.compose.ui.graphics.Color): AnnotatedString {
+  if (text.isEmpty()) return AnnotatedString("")
+
+  val out = buildAnnotatedString {
+    var i = 0
+    while (i < text.length) {
+      if (text.startsWith("**", startIndex = i)) {
+        val end = text.indexOf("**", startIndex = i + 2)
+        if (end > i + 2) {
+          withStyle(SpanStyle(fontWeight = FontWeight.SemiBold)) {
+            append(text.substring(i + 2, end))
+          }
+          i = end + 2
+          continue
+        }
+      }
+
+      if (text[i] == '`') {
+        val end = text.indexOf('`', startIndex = i + 1)
+        if (end > i + 1) {
+          withStyle(
+            SpanStyle(
+              fontFamily = FontFamily.Monospace,
+              background = inlineCodeBg,
+            ),
+          ) {
+            append(text.substring(i + 1, end))
+          }
+          i = end + 1
+          continue
+        }
+      }
+
+      if (text[i] == '*' && (i + 1 < text.length && text[i + 1] != '*')) {
+        val end = text.indexOf('*', startIndex = i + 1)
+        if (end > i + 1) {
+          withStyle(SpanStyle(fontStyle = FontStyle.Italic)) {
+            append(text.substring(i + 1, end))
+          }
+          i = end + 1
+          continue
+        }
+      }
+
+      append(text[i])
+      i += 1
+    }
+  }
+  return out
+}
+
+@Composable
+private fun InlineBase64Image(base64: String, mimeType: String?) {
+  var image by remember(base64) { mutableStateOf<androidx.compose.ui.graphics.ImageBitmap?>(null) }
+  var failed by remember(base64) { mutableStateOf(false) }
+
+  LaunchedEffect(base64) {
+    failed = false
+    image =
+      withContext(Dispatchers.Default) {
+        try {
+          val bytes = Base64.decode(base64, Base64.DEFAULT)
+          val bitmap = BitmapFactory.decodeByteArray(bytes, 0, bytes.size) ?: return@withContext null
+          bitmap.asImageBitmap()
+        } catch (_: Throwable) {
+          null
+        }
+      }
+    if (image == null) failed = true
+  }
+
+  if (image != null) {
+    Image(
+      bitmap = image!!,
+      contentDescription = mimeType ?: "image",
+      contentScale = ContentScale.Fit,
+      modifier = Modifier.fillMaxWidth(),
+    )
+  } else if (failed) {
+    Text(
+      text = "Image unavailable",
+      modifier = Modifier.padding(vertical = 2.dp),
+      style = MaterialTheme.typography.bodySmall,
+      color = MaterialTheme.colorScheme.onSurfaceVariant,
+    )
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatMessageListCard.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatMessageListCard.kt
@@ -0,0 +1,111 @@
+package com.clawdbot.android.ui.chat
+
+import androidx.compose.foundation.layout.Arrangement
+import androidx.compose.foundation.layout.Box
+import androidx.compose.foundation.layout.Row
+import androidx.compose.foundation.layout.fillMaxSize
+import androidx.compose.foundation.layout.fillMaxWidth
+import androidx.compose.foundation.lazy.LazyColumn
+import androidx.compose.foundation.lazy.rememberLazyListState
+import androidx.compose.material.icons.Icons
+import androidx.compose.material.icons.filled.ArrowCircleDown
+import androidx.compose.material3.Card
+import androidx.compose.material3.CardDefaults
+import androidx.compose.material3.Icon
+import androidx.compose.material3.MaterialTheme
+import androidx.compose.material3.Text
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.LaunchedEffect
+import androidx.compose.ui.Alignment
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.draw.alpha
+import androidx.compose.ui.unit.dp
+import com.clawdbot.android.chat.ChatMessage
+import com.clawdbot.android.chat.ChatPendingToolCall
+
+@Composable
+fun ChatMessageListCard(
+  messages: List<ChatMessage>,
+  pendingRunCount: Int,
+  pendingToolCalls: List<ChatPendingToolCall>,
+  streamingAssistantText: String?,
+  modifier: Modifier = Modifier,
+) {
+  val listState = rememberLazyListState()
+
+  LaunchedEffect(messages.size, pendingRunCount, pendingToolCalls.size, streamingAssistantText) {
+    val total =
+      messages.size +
+        (if (pendingRunCount > 0) 1 else 0) +
+        (if (pendingToolCalls.isNotEmpty()) 1 else 0) +
+        (if (!streamingAssistantText.isNullOrBlank()) 1 else 0)
+    if (total <= 0) return@LaunchedEffect
+    listState.animateScrollToItem(index = total - 1)
+  }
+
+  Card(
+    modifier = modifier.fillMaxWidth(),
+    shape = MaterialTheme.shapes.large,
+    colors =
+      CardDefaults.cardColors(
+        containerColor = MaterialTheme.colorScheme.surfaceContainer,
+      ),
+    elevation = CardDefaults.cardElevation(defaultElevation = 0.dp),
+  ) {
+    Box(modifier = Modifier.fillMaxSize()) {
+      LazyColumn(
+        modifier = Modifier.fillMaxSize(),
+        state = listState,
+        verticalArrangement = Arrangement.spacedBy(14.dp),
+        contentPadding = androidx.compose.foundation.layout.PaddingValues(top = 12.dp, bottom = 12.dp, start = 12.dp, end = 12.dp),
+      ) {
+        items(count = messages.size, key = { idx -> messages[idx].id }) { idx ->
+          ChatMessageBubble(message = messages[idx])
+        }
+
+        if (pendingRunCount > 0) {
+          item(key = "typing") {
+            ChatTypingIndicatorBubble()
+          }
+        }
+
+        if (pendingToolCalls.isNotEmpty()) {
+          item(key = "tools") {
+            ChatPendingToolsBubble(toolCalls = pendingToolCalls)
+          }
+        }
+
+        val stream = streamingAssistantText?.trim()
+        if (!stream.isNullOrEmpty()) {
+          item(key = "stream") {
+            ChatStreamingAssistantBubble(text = stream)
+          }
+        }
+      }
+
+      if (messages.isEmpty() && pendingRunCount == 0 && pendingToolCalls.isEmpty() && streamingAssistantText.isNullOrBlank()) {
+        EmptyChatHint(modifier = Modifier.align(Alignment.Center))
+      }
+    }
+  }
+}
+
+@Composable
+private fun EmptyChatHint(modifier: Modifier = Modifier) {
+  Row(
+    modifier = modifier.alpha(0.7f),
+    verticalAlignment = Alignment.CenterVertically,
+    horizontalArrangement = Arrangement.spacedBy(8.dp),
+  ) {
+    Icon(
+      imageVector = Icons.Default.ArrowCircleDown,
+      contentDescription = null,
+      tint = MaterialTheme.colorScheme.onSurfaceVariant,
+    )
+    Text(
+      text = "Message Clawd…",
+      style = MaterialTheme.typography.bodyMedium,
+      color = MaterialTheme.colorScheme.onSurfaceVariant,
+    )
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatMessageViews.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatMessageViews.kt
@@ -0,0 +1,252 @@
+package com.clawdbot.android.ui.chat
+
+import android.graphics.BitmapFactory
+import android.util.Base64
+import androidx.compose.foundation.background
+import androidx.compose.foundation.layout.Arrangement
+import androidx.compose.foundation.layout.Box
+import androidx.compose.foundation.layout.Column
+import androidx.compose.foundation.layout.Row
+import androidx.compose.foundation.layout.fillMaxWidth
+import androidx.compose.foundation.layout.padding
+import androidx.compose.foundation.layout.size
+import androidx.compose.foundation.shape.CircleShape
+import androidx.compose.foundation.shape.RoundedCornerShape
+import androidx.compose.material3.MaterialTheme
+import androidx.compose.material3.Surface
+import androidx.compose.material3.Text
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.LaunchedEffect
+import androidx.compose.runtime.getValue
+import androidx.compose.runtime.mutableStateOf
+import androidx.compose.runtime.remember
+import androidx.compose.runtime.setValue
+import androidx.compose.ui.Alignment
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.draw.alpha
+import androidx.compose.ui.graphics.Brush
+import androidx.compose.ui.graphics.Color
+import androidx.compose.ui.graphics.asImageBitmap
+import androidx.compose.ui.layout.ContentScale
+import androidx.compose.ui.text.font.FontFamily
+import androidx.compose.ui.unit.dp
+import androidx.compose.foundation.Image
+import com.clawdbot.android.chat.ChatMessage
+import com.clawdbot.android.chat.ChatMessageContent
+import com.clawdbot.android.chat.ChatPendingToolCall
+import com.clawdbot.android.tools.ToolDisplayRegistry
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.withContext
+import androidx.compose.ui.platform.LocalContext
+
+@Composable
+fun ChatMessageBubble(message: ChatMessage) {
+  val isUser = message.role.lowercase() == "user"
+
+  Row(
+    modifier = Modifier.fillMaxWidth(),
+    horizontalArrangement = if (isUser) Arrangement.End else Arrangement.Start,
+  ) {
+    Surface(
+      shape = RoundedCornerShape(16.dp),
+      tonalElevation = 0.dp,
+      shadowElevation = 0.dp,
+      color = Color.Transparent,
+      modifier = Modifier.fillMaxWidth(0.92f),
+    ) {
+      Box(
+        modifier =
+          Modifier
+            .background(bubbleBackground(isUser))
+            .padding(horizontal = 12.dp, vertical = 10.dp),
+      ) {
+        val textColor = textColorOverBubble(isUser)
+        ChatMessageBody(content = message.content, textColor = textColor)
+      }
+    }
+  }
+}
+
+@Composable
+private fun ChatMessageBody(content: List<ChatMessageContent>, textColor: Color) {
+  Column(verticalArrangement = Arrangement.spacedBy(10.dp)) {
+    for (part in content) {
+      when (part.type) {
+        "text" -> {
+          val text = part.text ?: continue
+          ChatMarkdown(text = text, textColor = textColor)
+        }
+        else -> {
+          val b64 = part.base64 ?: continue
+          ChatBase64Image(base64 = b64, mimeType = part.mimeType)
+        }
+      }
+    }
+  }
+}
+
+@Composable
+fun ChatTypingIndicatorBubble() {
+  Row(modifier = Modifier.fillMaxWidth(), horizontalArrangement = Arrangement.Start) {
+    Surface(
+      shape = RoundedCornerShape(16.dp),
+      color = MaterialTheme.colorScheme.surfaceContainer,
+    ) {
+      Row(
+        modifier = Modifier.padding(horizontal = 12.dp, vertical = 10.dp),
+        verticalAlignment = Alignment.CenterVertically,
+        horizontalArrangement = Arrangement.spacedBy(8.dp),
+      ) {
+        DotPulse()
+        Text("Thinking…", style = MaterialTheme.typography.bodyMedium, color = MaterialTheme.colorScheme.onSurfaceVariant)
+      }
+    }
+  }
+}
+
+@Composable
+fun ChatPendingToolsBubble(toolCalls: List<ChatPendingToolCall>) {
+  val context = LocalContext.current
+  val displays =
+    remember(toolCalls, context) {
+      toolCalls.map { ToolDisplayRegistry.resolve(context, it.name, it.args) }
+    }
+  Row(modifier = Modifier.fillMaxWidth(), horizontalArrangement = Arrangement.Start) {
+    Surface(
+      shape = RoundedCornerShape(16.dp),
+      color = MaterialTheme.colorScheme.surfaceContainer,
+    ) {
+      Column(modifier = Modifier.padding(horizontal = 12.dp, vertical = 10.dp), verticalArrangement = Arrangement.spacedBy(6.dp)) {
+        Text("Running tools…", style = MaterialTheme.typography.labelLarge, color = MaterialTheme.colorScheme.onSurface)
+        for (display in displays.take(6)) {
+          Column(verticalArrangement = Arrangement.spacedBy(2.dp)) {
+            Text(
+              "${display.emoji} ${display.label}",
+              style = MaterialTheme.typography.bodyMedium,
+              color = MaterialTheme.colorScheme.onSurfaceVariant,
+              fontFamily = FontFamily.Monospace,
+            )
+            display.detailLine?.let { detail ->
+              Text(
+                detail,
+                style = MaterialTheme.typography.bodySmall,
+                color = MaterialTheme.colorScheme.onSurfaceVariant,
+                fontFamily = FontFamily.Monospace,
+              )
+            }
+          }
+        }
+        if (toolCalls.size > 6) {
+          Text(
+            "… +${toolCalls.size - 6} more",
+            style = MaterialTheme.typography.bodySmall,
+            color = MaterialTheme.colorScheme.onSurfaceVariant,
+          )
+        }
+      }
+    }
+  }
+}
+
+@Composable
+fun ChatStreamingAssistantBubble(text: String) {
+  Row(modifier = Modifier.fillMaxWidth(), horizontalArrangement = Arrangement.Start) {
+    Surface(
+      shape = RoundedCornerShape(16.dp),
+      color = MaterialTheme.colorScheme.surfaceContainer,
+    ) {
+      Box(modifier = Modifier.padding(horizontal = 12.dp, vertical = 10.dp)) {
+        ChatMarkdown(text = text, textColor = MaterialTheme.colorScheme.onSurface)
+      }
+    }
+  }
+}
+
+@Composable
+private fun bubbleBackground(isUser: Boolean): Brush {
+  return if (isUser) {
+    Brush.linearGradient(
+      colors = listOf(MaterialTheme.colorScheme.primary, MaterialTheme.colorScheme.primary.copy(alpha = 0.78f)),
+    )
+  } else {
+    Brush.linearGradient(
+      colors = listOf(MaterialTheme.colorScheme.surfaceContainer, MaterialTheme.colorScheme.surfaceContainerHigh),
+    )
+  }
+}
+
+@Composable
+private fun textColorOverBubble(isUser: Boolean): Color {
+  return if (isUser) {
+    MaterialTheme.colorScheme.onPrimary
+  } else {
+    MaterialTheme.colorScheme.onSurface
+  }
+}
+
+@Composable
+private fun ChatBase64Image(base64: String, mimeType: String?) {
+  var image by remember(base64) { mutableStateOf<androidx.compose.ui.graphics.ImageBitmap?>(null) }
+  var failed by remember(base64) { mutableStateOf(false) }
+
+  LaunchedEffect(base64) {
+    failed = false
+    image =
+      withContext(Dispatchers.Default) {
+        try {
+          val bytes = Base64.decode(base64, Base64.DEFAULT)
+          val bitmap = BitmapFactory.decodeByteArray(bytes, 0, bytes.size) ?: return@withContext null
+          bitmap.asImageBitmap()
+        } catch (_: Throwable) {
+          null
+        }
+      }
+    if (image == null) failed = true
+  }
+
+  if (image != null) {
+    Image(
+      bitmap = image!!,
+      contentDescription = mimeType ?: "attachment",
+      contentScale = ContentScale.Fit,
+      modifier = Modifier.fillMaxWidth(),
+    )
+  } else if (failed) {
+    Text("Unsupported attachment", style = MaterialTheme.typography.bodySmall, color = MaterialTheme.colorScheme.onSurfaceVariant)
+  }
+}
+
+@Composable
+private fun DotPulse() {
+  Row(horizontalArrangement = Arrangement.spacedBy(5.dp), verticalAlignment = Alignment.CenterVertically) {
+    PulseDot(alpha = 0.38f)
+    PulseDot(alpha = 0.62f)
+    PulseDot(alpha = 0.90f)
+  }
+}
+
+@Composable
+private fun PulseDot(alpha: Float) {
+  Surface(
+    modifier = Modifier.size(6.dp).alpha(alpha),
+    shape = CircleShape,
+    color = MaterialTheme.colorScheme.onSurfaceVariant,
+  ) {}
+}
+
+@Composable
+fun ChatCodeBlock(code: String, language: String?) {
+  Surface(
+    shape = RoundedCornerShape(12.dp),
+    color = MaterialTheme.colorScheme.surfaceContainerLowest,
+    modifier = Modifier.fillMaxWidth(),
+  ) {
+    Text(
+      text = code.trimEnd(),
+      modifier = Modifier.padding(10.dp),
+      fontFamily = FontFamily.Monospace,
+      style = MaterialTheme.typography.bodySmall,
+      color = MaterialTheme.colorScheme.onSurface,
+    )
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatSessionsDialog.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatSessionsDialog.kt
@@ -0,0 +1,92 @@
+package com.clawdbot.android.ui.chat
+
+import androidx.compose.foundation.layout.Arrangement
+import androidx.compose.foundation.layout.Column
+import androidx.compose.foundation.layout.Row
+import androidx.compose.foundation.layout.Spacer
+import androidx.compose.foundation.layout.fillMaxWidth
+import androidx.compose.foundation.layout.padding
+import androidx.compose.foundation.lazy.LazyColumn
+import androidx.compose.foundation.lazy.items
+import androidx.compose.material.icons.Icons
+import androidx.compose.material.icons.filled.Refresh
+import androidx.compose.material3.AlertDialog
+import androidx.compose.material3.FilledTonalIconButton
+import androidx.compose.material3.Icon
+import androidx.compose.material3.MaterialTheme
+import androidx.compose.material3.Surface
+import androidx.compose.material3.Text
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.Alignment
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.unit.dp
+import com.clawdbot.android.chat.ChatSessionEntry
+
+@Composable
+fun ChatSessionsDialog(
+  currentSessionKey: String,
+  sessions: List<ChatSessionEntry>,
+  onDismiss: () -> Unit,
+  onRefresh: () -> Unit,
+  onSelect: (sessionKey: String) -> Unit,
+) {
+  AlertDialog(
+    onDismissRequest = onDismiss,
+    confirmButton = {},
+    title = {
+      Row(verticalAlignment = Alignment.CenterVertically, modifier = Modifier.fillMaxWidth()) {
+        Text("Sessions", style = MaterialTheme.typography.titleMedium)
+        Spacer(modifier = Modifier.weight(1f))
+        FilledTonalIconButton(onClick = onRefresh) {
+          Icon(Icons.Default.Refresh, contentDescription = "Refresh")
+        }
+      }
+    },
+    text = {
+      if (sessions.isEmpty()) {
+        Text("No sessions", style = MaterialTheme.typography.bodyMedium, color = MaterialTheme.colorScheme.onSurfaceVariant)
+      } else {
+        LazyColumn(verticalArrangement = Arrangement.spacedBy(8.dp)) {
+          items(sessions, key = { it.key }) { entry ->
+            SessionRow(
+              entry = entry,
+              isCurrent = entry.key == currentSessionKey,
+              onClick = { onSelect(entry.key) },
+            )
+          }
+        }
+      }
+    },
+  )
+}
+
+@Composable
+private fun SessionRow(
+  entry: ChatSessionEntry,
+  isCurrent: Boolean,
+  onClick: () -> Unit,
+) {
+  Surface(
+    onClick = onClick,
+    shape = MaterialTheme.shapes.medium,
+    color =
+      if (isCurrent) {
+        MaterialTheme.colorScheme.primary.copy(alpha = 0.14f)
+      } else {
+        MaterialTheme.colorScheme.surfaceContainer
+      },
+    modifier = Modifier.fillMaxWidth(),
+  ) {
+    Row(
+      modifier = Modifier.padding(horizontal = 12.dp, vertical = 10.dp),
+      verticalAlignment = Alignment.CenterVertically,
+      horizontalArrangement = Arrangement.spacedBy(10.dp),
+    ) {
+      Text(entry.displayName ?: entry.key, style = MaterialTheme.typography.bodyMedium)
+      Spacer(modifier = Modifier.weight(1f))
+      if (isCurrent) {
+        Text("Current", style = MaterialTheme.typography.labelSmall, color = MaterialTheme.colorScheme.onSurfaceVariant)
+      }
+    }
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatSheetContent.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatSheetContent.kt
@@ -0,0 +1,145 @@
+package com.clawdbot.android.ui.chat
+
+import android.content.ContentResolver
+import android.net.Uri
+import android.util.Base64
+import androidx.activity.compose.rememberLauncherForActivityResult
+import androidx.activity.result.contract.ActivityResultContracts
+import androidx.compose.foundation.layout.Arrangement
+import androidx.compose.foundation.layout.Column
+import androidx.compose.foundation.layout.fillMaxSize
+import androidx.compose.foundation.layout.padding
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.LaunchedEffect
+import androidx.compose.runtime.collectAsState
+import androidx.compose.runtime.getValue
+import androidx.compose.runtime.mutableStateListOf
+import androidx.compose.runtime.remember
+import androidx.compose.runtime.rememberCoroutineScope
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.platform.LocalContext
+import androidx.compose.ui.unit.dp
+import com.clawdbot.android.MainViewModel
+import com.clawdbot.android.chat.OutgoingAttachment
+import java.io.ByteArrayOutputStream
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.launch
+import kotlinx.coroutines.withContext
+
+@Composable
+fun ChatSheetContent(viewModel: MainViewModel) {
+  val messages by viewModel.chatMessages.collectAsState()
+  val errorText by viewModel.chatError.collectAsState()
+  val pendingRunCount by viewModel.pendingRunCount.collectAsState()
+  val healthOk by viewModel.chatHealthOk.collectAsState()
+  val sessionKey by viewModel.chatSessionKey.collectAsState()
+  val thinkingLevel by viewModel.chatThinkingLevel.collectAsState()
+  val streamingAssistantText by viewModel.chatStreamingAssistantText.collectAsState()
+  val pendingToolCalls by viewModel.chatPendingToolCalls.collectAsState()
+  val sessions by viewModel.chatSessions.collectAsState()
+
+  LaunchedEffect(Unit) {
+    viewModel.loadChat("main")
+    viewModel.refreshChatSessions(limit = 200)
+  }
+
+  val context = LocalContext.current
+  val resolver = context.contentResolver
+  val scope = rememberCoroutineScope()
+
+  val attachments = remember { mutableStateListOf<PendingImageAttachment>() }
+
+  val pickImages =
+    rememberLauncherForActivityResult(ActivityResultContracts.GetMultipleContents()) { uris ->
+      if (uris.isNullOrEmpty()) return@rememberLauncherForActivityResult
+      scope.launch(Dispatchers.IO) {
+        val next =
+          uris.take(8).mapNotNull { uri ->
+            try {
+              loadImageAttachment(resolver, uri)
+            } catch (_: Throwable) {
+              null
+            }
+          }
+        withContext(Dispatchers.Main) {
+          attachments.addAll(next)
+        }
+      }
+    }
+
+  Column(
+    modifier =
+      Modifier
+        .fillMaxSize()
+        .padding(horizontal = 12.dp, vertical = 12.dp),
+    verticalArrangement = Arrangement.spacedBy(10.dp),
+  ) {
+    ChatMessageListCard(
+      messages = messages,
+      pendingRunCount = pendingRunCount,
+      pendingToolCalls = pendingToolCalls,
+      streamingAssistantText = streamingAssistantText,
+      modifier = Modifier.weight(1f, fill = true),
+    )
+
+    ChatComposer(
+      sessionKey = sessionKey,
+      sessions = sessions,
+      healthOk = healthOk,
+      thinkingLevel = thinkingLevel,
+      pendingRunCount = pendingRunCount,
+      errorText = errorText,
+      attachments = attachments,
+      onPickImages = { pickImages.launch("image/*") },
+      onRemoveAttachment = { id -> attachments.removeAll { it.id == id } },
+      onSetThinkingLevel = { level -> viewModel.setChatThinkingLevel(level) },
+      onSelectSession = { key -> viewModel.switchChatSession(key) },
+      onRefresh = {
+        viewModel.refreshChat()
+        viewModel.refreshChatSessions(limit = 200)
+      },
+      onAbort = { viewModel.abortChat() },
+      onSend = { text ->
+        val outgoing =
+          attachments.map { att ->
+            OutgoingAttachment(
+              type = "image",
+              mimeType = att.mimeType,
+              fileName = att.fileName,
+              base64 = att.base64,
+            )
+          }
+        viewModel.sendChat(message = text, thinking = thinkingLevel, attachments = outgoing)
+        attachments.clear()
+      },
+    )
+  }
+}
+
+data class PendingImageAttachment(
+  val id: String,
+  val fileName: String,
+  val mimeType: String,
+  val base64: String,
+)
+
+private suspend fun loadImageAttachment(resolver: ContentResolver, uri: Uri): PendingImageAttachment {
+  val mimeType = resolver.getType(uri) ?: "image/*"
+  val fileName = (uri.lastPathSegment ?: "image").substringAfterLast('/')
+  val bytes =
+    withContext(Dispatchers.IO) {
+      resolver.openInputStream(uri)?.use { input ->
+        val out = ByteArrayOutputStream()
+        input.copyTo(out)
+        out.toByteArray()
+      } ?: ByteArray(0)
+    }
+  if (bytes.isEmpty()) throw IllegalStateException("empty attachment")
+  val base64 = Base64.encodeToString(bytes, Base64.NO_WRAP)
+  return PendingImageAttachment(
+    id = uri.toString() + "#" + System.currentTimeMillis().toString(),
+    fileName = fileName,
+    mimeType = mimeType,
+    base64 = base64,
+  )
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/SessionFilters.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/SessionFilters.kt
@@ -0,0 +1,46 @@
+package com.clawdbot.android.ui.chat
+
+import com.clawdbot.android.chat.ChatSessionEntry
+
+private const val MAIN_SESSION_KEY = "main"
+private const val RECENT_WINDOW_MS = 24 * 60 * 60 * 1000L
+
+fun resolveSessionChoices(
+  currentSessionKey: String,
+  sessions: List<ChatSessionEntry>,
+  nowMs: Long = System.currentTimeMillis(),
+): List<ChatSessionEntry> {
+  val current = currentSessionKey.trim()
+  val cutoff = nowMs - RECENT_WINDOW_MS
+  val sorted = sessions.sortedByDescending { it.updatedAtMs ?: 0L }
+  val recent = mutableListOf<ChatSessionEntry>()
+  val seen = mutableSetOf<String>()
+  for (entry in sorted) {
+    if (!seen.add(entry.key)) continue
+    if ((entry.updatedAtMs ?: 0L) < cutoff) continue
+    recent.add(entry)
+  }
+
+  val result = mutableListOf<ChatSessionEntry>()
+  val included = mutableSetOf<String>()
+  val mainEntry = sorted.firstOrNull { it.key == MAIN_SESSION_KEY }
+  if (mainEntry != null) {
+    result.add(mainEntry)
+    included.add(MAIN_SESSION_KEY)
+  } else if (current == MAIN_SESSION_KEY) {
+    result.add(ChatSessionEntry(key = MAIN_SESSION_KEY, updatedAtMs = null))
+    included.add(MAIN_SESSION_KEY)
+  }
+
+  for (entry in recent) {
+    if (included.add(entry.key)) {
+      result.add(entry)
+    }
+  }
+
+  if (current.isNotEmpty() && !included.contains(current)) {
+    result.add(ChatSessionEntry(key = current, updatedAtMs = null))
+  }
+
+  return result
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/voice/StreamingMediaDataSource.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/voice/StreamingMediaDataSource.kt
@@ -0,0 +1,98 @@
+package com.clawdbot.android.voice
+
+import android.media.MediaDataSource
+import kotlin.math.min
+
+internal class StreamingMediaDataSource : MediaDataSource() {
+  private data class Chunk(val start: Long, val data: ByteArray)
+
+  private val lock = Object()
+  private val chunks = ArrayList<Chunk>()
+  private var totalSize: Long = 0
+  private var closed = false
+  private var finished = false
+  private var lastReadIndex = 0
+
+  fun append(data: ByteArray) {
+    if (data.isEmpty()) return
+    synchronized(lock) {
+      if (closed || finished) return
+      val chunk = Chunk(totalSize, data)
+      chunks.add(chunk)
+      totalSize += data.size.toLong()
+      lock.notifyAll()
+    }
+  }
+
+  fun finish() {
+    synchronized(lock) {
+      if (closed) return
+      finished = true
+      lock.notifyAll()
+    }
+  }
+
+  fun fail() {
+    synchronized(lock) {
+      closed = true
+      lock.notifyAll()
+    }
+  }
+
+  override fun readAt(position: Long, buffer: ByteArray, offset: Int, size: Int): Int {
+    if (position < 0) return -1
+    synchronized(lock) {
+      while (!closed && !finished && position >= totalSize) {
+        lock.wait()
+      }
+      if (closed) return -1
+      if (position >= totalSize && finished) return -1
+
+      val available = (totalSize - position).toInt()
+      val toRead = min(size, available)
+      var remaining = toRead
+      var destOffset = offset
+      var pos = position
+
+      var index = findChunkIndex(pos)
+      while (remaining > 0 && index < chunks.size) {
+        val chunk = chunks[index]
+        val inChunkOffset = (pos - chunk.start).toInt()
+        if (inChunkOffset >= chunk.data.size) {
+          index++
+          continue
+        }
+        val copyLen = min(remaining, chunk.data.size - inChunkOffset)
+        System.arraycopy(chunk.data, inChunkOffset, buffer, destOffset, copyLen)
+        remaining -= copyLen
+        destOffset += copyLen
+        pos += copyLen
+        if (inChunkOffset + copyLen >= chunk.data.size) {
+          index++
+        }
+      }
+
+      return toRead - remaining
+    }
+  }
+
+  override fun getSize(): Long = -1
+
+  override fun close() {
+    synchronized(lock) {
+      closed = true
+      lock.notifyAll()
+    }
+  }
+
+  private fun findChunkIndex(position: Long): Int {
+    var index = lastReadIndex
+    while (index < chunks.size) {
+      val chunk = chunks[index]
+      if (position < chunk.start + chunk.data.size) break
+      index++
+    }
+    lastReadIndex = index
+    return index
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/voice/TalkDirectiveParser.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/voice/TalkDirectiveParser.kt
@@ -0,0 +1,191 @@
+package com.clawdbot.android.voice
+
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonElement
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonPrimitive
+
+private val directiveJson = Json { ignoreUnknownKeys = true }
+
+data class TalkDirective(
+  val voiceId: String? = null,
+  val modelId: String? = null,
+  val speed: Double? = null,
+  val rateWpm: Int? = null,
+  val stability: Double? = null,
+  val similarity: Double? = null,
+  val style: Double? = null,
+  val speakerBoost: Boolean? = null,
+  val seed: Long? = null,
+  val normalize: String? = null,
+  val language: String? = null,
+  val outputFormat: String? = null,
+  val latencyTier: Int? = null,
+  val once: Boolean? = null,
+)
+
+data class TalkDirectiveParseResult(
+  val directive: TalkDirective?,
+  val stripped: String,
+  val unknownKeys: List<String>,
+)
+
+object TalkDirectiveParser {
+  fun parse(text: String): TalkDirectiveParseResult {
+    val normalized = text.replace("\r\n", "\n")
+    val lines = normalized.split("\n").toMutableList()
+    if (lines.isEmpty()) return TalkDirectiveParseResult(null, text, emptyList())
+
+    val firstNonEmpty = lines.indexOfFirst { it.trim().isNotEmpty() }
+    if (firstNonEmpty == -1) return TalkDirectiveParseResult(null, text, emptyList())
+
+    val head = lines[firstNonEmpty].trim()
+    if (!head.startsWith("{") || !head.endsWith("}")) {
+      return TalkDirectiveParseResult(null, text, emptyList())
+    }
+
+    val obj = parseJsonObject(head) ?: return TalkDirectiveParseResult(null, text, emptyList())
+
+    val speakerBoost =
+      boolValue(obj, listOf("speaker_boost", "speakerBoost"))
+        ?: boolValue(obj, listOf("no_speaker_boost", "noSpeakerBoost"))?.not()
+
+    val directive = TalkDirective(
+      voiceId = stringValue(obj, listOf("voice", "voice_id", "voiceId")),
+      modelId = stringValue(obj, listOf("model", "model_id", "modelId")),
+      speed = doubleValue(obj, listOf("speed")),
+      rateWpm = intValue(obj, listOf("rate", "wpm")),
+      stability = doubleValue(obj, listOf("stability")),
+      similarity = doubleValue(obj, listOf("similarity", "similarity_boost", "similarityBoost")),
+      style = doubleValue(obj, listOf("style")),
+      speakerBoost = speakerBoost,
+      seed = longValue(obj, listOf("seed")),
+      normalize = stringValue(obj, listOf("normalize", "apply_text_normalization")),
+      language = stringValue(obj, listOf("lang", "language_code", "language")),
+      outputFormat = stringValue(obj, listOf("output_format", "format")),
+      latencyTier = intValue(obj, listOf("latency", "latency_tier", "latencyTier")),
+      once = boolValue(obj, listOf("once")),
+    )
+
+    val hasDirective = listOf(
+      directive.voiceId,
+      directive.modelId,
+      directive.speed,
+      directive.rateWpm,
+      directive.stability,
+      directive.similarity,
+      directive.style,
+      directive.speakerBoost,
+      directive.seed,
+      directive.normalize,
+      directive.language,
+      directive.outputFormat,
+      directive.latencyTier,
+      directive.once,
+    ).any { it != null }
+
+    if (!hasDirective) return TalkDirectiveParseResult(null, text, emptyList())
+
+    val knownKeys = setOf(
+      "voice", "voice_id", "voiceid",
+      "model", "model_id", "modelid",
+      "speed", "rate", "wpm",
+      "stability", "similarity", "similarity_boost", "similarityboost",
+      "style",
+      "speaker_boost", "speakerboost",
+      "no_speaker_boost", "nospeakerboost",
+      "seed",
+      "normalize", "apply_text_normalization",
+      "lang", "language_code", "language",
+      "output_format", "format",
+      "latency", "latency_tier", "latencytier",
+      "once",
+    )
+    val unknownKeys = obj.keys.filter { !knownKeys.contains(it.lowercase()) }.sorted()
+
+    lines.removeAt(firstNonEmpty)
+    if (firstNonEmpty < lines.size) {
+      if (lines[firstNonEmpty].trim().isEmpty()) {
+        lines.removeAt(firstNonEmpty)
+      }
+    }
+
+    return TalkDirectiveParseResult(directive, lines.joinToString("\n"), unknownKeys)
+  }
+
+  private fun parseJsonObject(line: String): JsonObject? {
+    return try {
+      directiveJson.parseToJsonElement(line) as? JsonObject
+    } catch (_: Throwable) {
+      null
+    }
+  }
+
+  private fun stringValue(obj: JsonObject, keys: List<String>): String? {
+    for (key in keys) {
+      val value = obj[key].asStringOrNull()?.trim()
+      if (!value.isNullOrEmpty()) return value
+    }
+    return null
+  }
+
+  private fun doubleValue(obj: JsonObject, keys: List<String>): Double? {
+    for (key in keys) {
+      val value = obj[key].asDoubleOrNull()
+      if (value != null) return value
+    }
+    return null
+  }
+
+  private fun intValue(obj: JsonObject, keys: List<String>): Int? {
+    for (key in keys) {
+      val value = obj[key].asIntOrNull()
+      if (value != null) return value
+    }
+    return null
+  }
+
+  private fun longValue(obj: JsonObject, keys: List<String>): Long? {
+    for (key in keys) {
+      val value = obj[key].asLongOrNull()
+      if (value != null) return value
+    }
+    return null
+  }
+
+  private fun boolValue(obj: JsonObject, keys: List<String>): Boolean? {
+    for (key in keys) {
+      val value = obj[key].asBooleanOrNull()
+      if (value != null) return value
+    }
+    return null
+  }
+}
+
+private fun JsonElement?.asStringOrNull(): String? =
+  (this as? JsonPrimitive)?.takeIf { it.isString }?.content
+
+private fun JsonElement?.asDoubleOrNull(): Double? {
+  val primitive = this as? JsonPrimitive ?: return null
+  return primitive.content.toDoubleOrNull()
+}
+
+private fun JsonElement?.asIntOrNull(): Int? {
+  val primitive = this as? JsonPrimitive ?: return null
+  return primitive.content.toIntOrNull()
+}
+
+private fun JsonElement?.asLongOrNull(): Long? {
+  val primitive = this as? JsonPrimitive ?: return null
+  return primitive.content.toLongOrNull()
+}
+
+private fun JsonElement?.asBooleanOrNull(): Boolean? {
+  val primitive = this as? JsonPrimitive ?: return null
+  val content = primitive.content.trim().lowercase()
+  return when (content) {
+    "true", "yes", "1" -> true
+    "false", "no", "0" -> false
+    else -> null
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/voice/TalkModeManager.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/voice/TalkModeManager.kt
--- a/apps/android/app/src/main/java/com/clawdbot/android/voice/VoiceWakeCommandExtractor.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/voice/VoiceWakeCommandExtractor.kt
@@ -0,0 +1,40 @@
+package com.clawdbot.android.voice
+
+object VoiceWakeCommandExtractor {
+  fun extractCommand(text: String, triggerWords: List<String>): String? {
+    val raw = text.trim()
+    if (raw.isEmpty()) return null
+
+    val triggers =
+      triggerWords
+        .map { it.trim().lowercase() }
+        .filter { it.isNotEmpty() }
+        .distinct()
+    if (triggers.isEmpty()) return null
+
+    val alternation = triggers.joinToString("|") { Regex.escape(it) }
+    // Match: "<anything> <trigger><punct/space> <command>"
+    val regex = Regex("(?i)(?:^|\\s)($alternation)\\b[\\s\\p{Punct}]*([\\s\\S]+)$")
+    val match = regex.find(raw) ?: return null
+    val extracted = match.groupValues.getOrNull(2)?.trim().orEmpty()
+    if (extracted.isEmpty()) return null
+
+    val cleaned = extracted.trimStart { it.isWhitespace() || it.isPunctuation() }.trim()
+    if (cleaned.isEmpty()) return null
+    return cleaned
+  }
+}
+
+private fun Char.isPunctuation(): Boolean {
+  return when (Character.getType(this)) {
+    Character.CONNECTOR_PUNCTUATION.toInt(),
+    Character.DASH_PUNCTUATION.toInt(),
+    Character.START_PUNCTUATION.toInt(),
+    Character.END_PUNCTUATION.toInt(),
+    Character.INITIAL_QUOTE_PUNCTUATION.toInt(),
+    Character.FINAL_QUOTE_PUNCTUATION.toInt(),
+    Character.OTHER_PUNCTUATION.toInt(),
+    -> true
+    else -> false
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/voice/VoiceWakeManager.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/voice/VoiceWakeManager.kt
@@ -0,0 +1,173 @@
+package com.clawdbot.android.voice
+
+import android.content.Context
+import android.content.Intent
+import android.os.Bundle
+import android.os.Handler
+import android.os.Looper
+import android.speech.RecognitionListener
+import android.speech.RecognizerIntent
+import android.speech.SpeechRecognizer
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Job
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.StateFlow
+import kotlinx.coroutines.launch
+
+class VoiceWakeManager(
+  private val context: Context,
+  private val scope: CoroutineScope,
+  private val onCommand: suspend (String) -> Unit,
+) {
+  private val mainHandler = Handler(Looper.getMainLooper())
+
+  private val _isListening = MutableStateFlow(false)
+  val isListening: StateFlow<Boolean> = _isListening
+
+  private val _statusText = MutableStateFlow("Off")
+  val statusText: StateFlow<String> = _statusText
+
+  var triggerWords: List<String> = emptyList()
+    private set
+
+  private var recognizer: SpeechRecognizer? = null
+  private var restartJob: Job? = null
+  private var lastDispatched: String? = null
+  private var stopRequested = false
+
+  fun setTriggerWords(words: List<String>) {
+    triggerWords = words
+  }
+
+  fun start() {
+    mainHandler.post {
+      if (_isListening.value) return@post
+      stopRequested = false
+
+      if (!SpeechRecognizer.isRecognitionAvailable(context)) {
+        _isListening.value = false
+        _statusText.value = "Speech recognizer unavailable"
+        return@post
+      }
+
+      try {
+        recognizer?.destroy()
+        recognizer = SpeechRecognizer.createSpeechRecognizer(context).also { it.setRecognitionListener(listener) }
+        startListeningInternal()
+      } catch (err: Throwable) {
+        _isListening.value = false
+        _statusText.value = "Start failed: ${err.message ?: err::class.simpleName}"
+      }
+    }
+  }
+
+  fun stop(statusText: String = "Off") {
+    stopRequested = true
+    restartJob?.cancel()
+    restartJob = null
+    mainHandler.post {
+      _isListening.value = false
+      _statusText.value = statusText
+      recognizer?.cancel()
+      recognizer?.destroy()
+      recognizer = null
+    }
+  }
+
+  private fun startListeningInternal() {
+    val r = recognizer ?: return
+    val intent =
+      Intent(RecognizerIntent.ACTION_RECOGNIZE_SPEECH).apply {
+        putExtra(RecognizerIntent.EXTRA_LANGUAGE_MODEL, RecognizerIntent.LANGUAGE_MODEL_FREE_FORM)
+        putExtra(RecognizerIntent.EXTRA_PARTIAL_RESULTS, true)
+        putExtra(RecognizerIntent.EXTRA_MAX_RESULTS, 3)
+        putExtra(RecognizerIntent.EXTRA_CALLING_PACKAGE, context.packageName)
+      }
+
+    _statusText.value = "Listening"
+    _isListening.value = true
+    r.startListening(intent)
+  }
+
+  private fun scheduleRestart(delayMs: Long = 350) {
+    if (stopRequested) return
+    restartJob?.cancel()
+    restartJob =
+      scope.launch {
+        delay(delayMs)
+        mainHandler.post {
+          if (stopRequested) return@post
+          try {
+            recognizer?.cancel()
+            startListeningInternal()
+          } catch (_: Throwable) {
+            // Will be picked up by onError and retry again.
+          }
+        }
+      }
+  }
+
+  private fun handleTranscription(text: String) {
+    val command = VoiceWakeCommandExtractor.extractCommand(text, triggerWords) ?: return
+    if (command == lastDispatched) return
+    lastDispatched = command
+
+    scope.launch { onCommand(command) }
+    _statusText.value = "Triggered"
+    scheduleRestart(delayMs = 650)
+  }
+
+  private val listener =
+    object : RecognitionListener {
+      override fun onReadyForSpeech(params: Bundle?) {
+        _statusText.value = "Listening"
+      }
+
+      override fun onBeginningOfSpeech() {}
+
+      override fun onRmsChanged(rmsdB: Float) {}
+
+      override fun onBufferReceived(buffer: ByteArray?) {}
+
+      override fun onEndOfSpeech() {
+        scheduleRestart()
+      }
+
+      override fun onError(error: Int) {
+        if (stopRequested) return
+        _isListening.value = false
+        if (error == SpeechRecognizer.ERROR_INSUFFICIENT_PERMISSIONS) {
+          _statusText.value = "Microphone permission required"
+          return
+        }
+
+        _statusText.value =
+          when (error) {
+            SpeechRecognizer.ERROR_AUDIO -> "Audio error"
+            SpeechRecognizer.ERROR_CLIENT -> "Client error"
+            SpeechRecognizer.ERROR_NETWORK -> "Network error"
+            SpeechRecognizer.ERROR_NETWORK_TIMEOUT -> "Network timeout"
+            SpeechRecognizer.ERROR_NO_MATCH -> "Listening"
+            SpeechRecognizer.ERROR_RECOGNIZER_BUSY -> "Recognizer busy"
+            SpeechRecognizer.ERROR_SERVER -> "Server error"
+            SpeechRecognizer.ERROR_SPEECH_TIMEOUT -> "Listening"
+            else -> "Speech error ($error)"
+          }
+        scheduleRestart(delayMs = 600)
+      }
+
+      override fun onResults(results: Bundle?) {
+        val list = results?.getStringArrayList(SpeechRecognizer.RESULTS_RECOGNITION).orEmpty()
+        list.firstOrNull()?.let(::handleTranscription)
+        scheduleRestart()
+      }
+
+      override fun onPartialResults(partialResults: Bundle?) {
+        val list = partialResults?.getStringArrayList(SpeechRecognizer.RESULTS_RECOGNITION).orEmpty()
+        list.firstOrNull()?.let(::handleTranscription)
+      }
+
+      override fun onEvent(eventType: Int, params: Bundle?) {}
+    }
+}
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/MainActivity.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/MainActivity.kt
@@ -1,76 +0,0 @@
-package com.steipete.clawdis.node
-
-import android.Manifest
-import android.os.Bundle
-import android.os.Build
-import androidx.activity.ComponentActivity
-import androidx.activity.compose.setContent
-import androidx.activity.viewModels
-import androidx.compose.material3.MaterialTheme
-import androidx.compose.material3.Surface
-import androidx.compose.ui.Modifier
-import androidx.core.content.ContextCompat
-import com.steipete.clawdis.node.ui.RootScreen
-
-class MainActivity : ComponentActivity() {
-  private val viewModel: MainViewModel by viewModels()
-
-  override fun onCreate(savedInstanceState: Bundle?) {
-    super.onCreate(savedInstanceState)
-    requestDiscoveryPermissionsIfNeeded()
-    requestNotificationPermissionIfNeeded()
-    NodeForegroundService.start(this)
-    viewModel.camera.attachLifecycleOwner(this)
-    setContent {
-      MaterialTheme {
-        Surface(modifier = Modifier) {
-          RootScreen(viewModel = viewModel)
-        }
-      }
-    }
-  }
-
-  override fun onStart() {
-    super.onStart()
-    viewModel.setForeground(true)
-  }
-
-  override fun onStop() {
-    viewModel.setForeground(false)
-    super.onStop()
-  }
-
-  private fun requestDiscoveryPermissionsIfNeeded() {
-    if (Build.VERSION.SDK_INT >= 33) {
-      val ok =
-        ContextCompat.checkSelfPermission(
-          this,
-          Manifest.permission.NEARBY_WIFI_DEVICES,
-        ) == android.content.pm.PackageManager.PERMISSION_GRANTED
-      if (!ok) {
-        requestPermissions(arrayOf(Manifest.permission.NEARBY_WIFI_DEVICES), 100)
-      }
-    } else {
-      val ok =
-        ContextCompat.checkSelfPermission(
-          this,
-          Manifest.permission.ACCESS_FINE_LOCATION,
-        ) == android.content.pm.PackageManager.PERMISSION_GRANTED
-      if (!ok) {
-        requestPermissions(arrayOf(Manifest.permission.ACCESS_FINE_LOCATION), 101)
-      }
-    }
-  }
-
-  private fun requestNotificationPermissionIfNeeded() {
-    if (Build.VERSION.SDK_INT < 33) return
-    val ok =
-      ContextCompat.checkSelfPermission(
-        this,
-        Manifest.permission.POST_NOTIFICATIONS,
-      ) == android.content.pm.PackageManager.PERMISSION_GRANTED
-    if (!ok) {
-      requestPermissions(arrayOf(Manifest.permission.POST_NOTIFICATIONS), 102)
-    }
-  }
-}
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/MainViewModel.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/MainViewModel.kt
@@ -1,78 +0,0 @@
-package com.steipete.clawdis.node
-
-import android.app.Application
-import androidx.lifecycle.AndroidViewModel
-import com.steipete.clawdis.node.bridge.BridgeEndpoint
-import com.steipete.clawdis.node.node.CameraCaptureManager
-import com.steipete.clawdis.node.node.CanvasController
-import kotlinx.coroutines.flow.StateFlow
-
-class MainViewModel(app: Application) : AndroidViewModel(app) {
-  private val runtime: NodeRuntime = (app as NodeApp).runtime
-
-  val canvas: CanvasController = runtime.canvas
-  val camera: CameraCaptureManager = runtime.camera
-
-  val bridges: StateFlow<List<BridgeEndpoint>> = runtime.bridges
-
-  val isConnected: StateFlow<Boolean> = runtime.isConnected
-  val statusText: StateFlow<String> = runtime.statusText
-  val serverName: StateFlow<String?> = runtime.serverName
-  val remoteAddress: StateFlow<String?> = runtime.remoteAddress
-
-  val instanceId: StateFlow<String> = runtime.instanceId
-  val displayName: StateFlow<String> = runtime.displayName
-  val cameraEnabled: StateFlow<Boolean> = runtime.cameraEnabled
-  val manualEnabled: StateFlow<Boolean> = runtime.manualEnabled
-  val manualHost: StateFlow<String> = runtime.manualHost
-  val manualPort: StateFlow<Int> = runtime.manualPort
-
-  val chatMessages: StateFlow<List<NodeRuntime.ChatMessage>> = runtime.chatMessages
-  val chatError: StateFlow<String?> = runtime.chatError
-  val pendingRunCount: StateFlow<Int> = runtime.pendingRunCount
-
-  fun setForeground(value: Boolean) {
-    runtime.setForeground(value)
-  }
-
-  fun setDisplayName(value: String) {
-    runtime.setDisplayName(value)
-  }
-
-  fun setCameraEnabled(value: Boolean) {
-    runtime.setCameraEnabled(value)
-  }
-
-  fun setManualEnabled(value: Boolean) {
-    runtime.setManualEnabled(value)
-  }
-
-  fun setManualHost(value: String) {
-    runtime.setManualHost(value)
-  }
-
-  fun setManualPort(value: Int) {
-    runtime.setManualPort(value)
-  }
-
-  fun connect(endpoint: BridgeEndpoint) {
-    runtime.connect(endpoint)
-  }
-
-  fun connectManual() {
-    runtime.connectManual()
-  }
-
-  fun disconnect() {
-    runtime.disconnect()
-  }
-
-  fun loadChat(sessionKey: String = "main") {
-    runtime.loadChat(sessionKey)
-  }
-
-  fun sendChat(sessionKey: String = "main", message: String) {
-    runtime.sendChat(sessionKey, message)
-  }
-}
-
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/NodeForegroundService.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/NodeForegroundService.kt
@@ -1,129 +0,0 @@
-package com.steipete.clawdis.node
-
-import android.app.Notification
-import android.app.NotificationChannel
-import android.app.NotificationManager
-import android.app.Service
-import android.app.PendingIntent
-import android.content.Context
-import android.content.Intent
-import android.content.pm.ServiceInfo
-import android.os.Build
-import androidx.core.app.NotificationCompat
-import kotlinx.coroutines.CoroutineScope
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.Job
-import kotlinx.coroutines.SupervisorJob
-import kotlinx.coroutines.cancel
-import kotlinx.coroutines.flow.combine
-import kotlinx.coroutines.launch
-
-class NodeForegroundService : Service() {
-  private val scope: CoroutineScope = CoroutineScope(SupervisorJob() + Dispatchers.Main)
-  private var notificationJob: Job? = null
-
-  override fun onCreate() {
-    super.onCreate()
-    ensureChannel()
-    val initial = buildNotification(title = "Clawdis Node", text = "Starting…")
-    if (Build.VERSION.SDK_INT >= 29) {
-      startForeground(NOTIFICATION_ID, initial, ServiceInfo.FOREGROUND_SERVICE_TYPE_DATA_SYNC)
-    } else {
-      startForeground(NOTIFICATION_ID, initial)
-    }
-
-    val runtime = (application as NodeApp).runtime
-    notificationJob =
-      scope.launch {
-        combine(runtime.statusText, runtime.serverName, runtime.isConnected) { status, server, connected ->
-          Triple(status, server, connected)
-        }.collect { (status, server, connected) ->
-          val title = if (connected) "Clawdis Node · Connected" else "Clawdis Node"
-          val text = server?.let { "$status · $it" } ?: status
-          updateNotification(buildNotification(title = title, text = text))
-        }
-      }
-  }
-
-  override fun onStartCommand(intent: Intent?, flags: Int, startId: Int): Int {
-    when (intent?.action) {
-      ACTION_STOP -> {
-        (application as NodeApp).runtime.disconnect()
-        stopSelf()
-        return START_NOT_STICKY
-      }
-    }
-    // Keep running; connection is managed by NodeRuntime (auto-reconnect + manual).
-    return START_STICKY
-  }
-
-  override fun onDestroy() {
-    notificationJob?.cancel()
-    scope.cancel()
-    super.onDestroy()
-  }
-
-  override fun onBind(intent: Intent?) = null
-
-  private fun ensureChannel() {
-    if (Build.VERSION.SDK_INT < Build.VERSION_CODES.O) return
-    val mgr = getSystemService(NotificationManager::class.java)
-    val channel =
-      NotificationChannel(
-        CHANNEL_ID,
-        "Connection",
-        NotificationManager.IMPORTANCE_LOW,
-      ).apply {
-        description = "Clawdis node connection status"
-        setShowBadge(false)
-      }
-    mgr.createNotificationChannel(channel)
-  }
-
-  private fun buildNotification(title: String, text: String): Notification {
-    val stopIntent = Intent(this, NodeForegroundService::class.java).setAction(ACTION_STOP)
-    val flags =
-      if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-        PendingIntent.FLAG_UPDATE_CURRENT or PendingIntent.FLAG_IMMUTABLE
-      } else {
-        PendingIntent.FLAG_UPDATE_CURRENT
-      }
-    val stopPending = PendingIntent.getService(this, 2, stopIntent, flags)
-
-    return NotificationCompat.Builder(this, CHANNEL_ID)
-      .setSmallIcon(android.R.drawable.stat_sys_upload)
-      .setContentTitle(title)
-      .setContentText(text)
-      .setOngoing(true)
-      .setOnlyAlertOnce(true)
-      .setForegroundServiceBehavior(NotificationCompat.FOREGROUND_SERVICE_IMMEDIATE)
-      .addAction(0, "Disconnect", stopPending)
-      .build()
-  }
-
-  private fun updateNotification(notification: Notification) {
-    val mgr = getSystemService(Context.NOTIFICATION_SERVICE) as NotificationManager
-    mgr.notify(NOTIFICATION_ID, notification)
-  }
-
-  companion object {
-    private const val CHANNEL_ID = "connection"
-    private const val NOTIFICATION_ID = 1
-
-    private const val ACTION_STOP = "com.steipete.clawdis.node.action.STOP"
-
-    fun start(context: Context) {
-      val intent = Intent(context, NodeForegroundService::class.java)
-      if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
-        context.startForegroundService(intent)
-      } else {
-        context.startService(intent)
-      }
-    }
-
-    fun stop(context: Context) {
-      val intent = Intent(context, NodeForegroundService::class.java).setAction(ACTION_STOP)
-      context.startService(intent)
-    }
-  }
-}
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/NodeRuntime.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/NodeRuntime.kt
@@ -1,428 +0,0 @@
-package com.steipete.clawdis.node
-
-import android.content.Context
-import com.steipete.clawdis.node.bridge.BridgeDiscovery
-import com.steipete.clawdis.node.bridge.BridgeEndpoint
-import com.steipete.clawdis.node.bridge.BridgePairingClient
-import com.steipete.clawdis.node.bridge.BridgeSession
-import com.steipete.clawdis.node.node.CameraCaptureManager
-import com.steipete.clawdis.node.node.CanvasController
-import kotlinx.coroutines.CoroutineScope
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.SupervisorJob
-import kotlinx.coroutines.flow.MutableStateFlow
-import kotlinx.coroutines.flow.StateFlow
-import kotlinx.coroutines.flow.asStateFlow
-import kotlinx.coroutines.flow.collect
-import kotlinx.coroutines.launch
-import kotlinx.serialization.json.Json
-import kotlinx.serialization.json.JsonArray
-import kotlinx.serialization.json.JsonElement
-import kotlinx.serialization.json.JsonNull
-import kotlinx.serialization.json.JsonObject
-import kotlinx.serialization.json.JsonPrimitive
-
-class NodeRuntime(context: Context) {
-  private val appContext = context.applicationContext
-  private val scope = CoroutineScope(SupervisorJob() + Dispatchers.IO)
-
-  val prefs = SecurePrefs(appContext)
-  val canvas = CanvasController()
-  val camera = CameraCaptureManager(appContext)
-  private val json = Json { ignoreUnknownKeys = true }
-
-  private val discovery = BridgeDiscovery(appContext)
-  val bridges: StateFlow<List<BridgeEndpoint>> = discovery.bridges
-
-  private val _isConnected = MutableStateFlow(false)
-  val isConnected: StateFlow<Boolean> = _isConnected.asStateFlow()
-
-  private val _statusText = MutableStateFlow("Not connected")
-  val statusText: StateFlow<String> = _statusText.asStateFlow()
-
-  private val _serverName = MutableStateFlow<String?>(null)
-  val serverName: StateFlow<String?> = _serverName.asStateFlow()
-
-  private val _remoteAddress = MutableStateFlow<String?>(null)
-  val remoteAddress: StateFlow<String?> = _remoteAddress.asStateFlow()
-
-  private val _isForeground = MutableStateFlow(true)
-  val isForeground: StateFlow<Boolean> = _isForeground.asStateFlow()
-
-  private val session =
-    BridgeSession(
-      scope = scope,
-      onConnected = { name, remote ->
-        _statusText.value = "Connected"
-        _serverName.value = name
-        _remoteAddress.value = remote
-        _isConnected.value = true
-      },
-      onDisconnected = { message ->
-        _statusText.value = message
-        _serverName.value = null
-        _remoteAddress.value = null
-        _isConnected.value = false
-      },
-      onEvent = { event, payloadJson ->
-        handleBridgeEvent(event, payloadJson)
-      },
-      onInvoke = { req ->
-        handleInvoke(req.command, req.paramsJson)
-      },
-    )
-
-  val instanceId: StateFlow<String> = prefs.instanceId
-  val displayName: StateFlow<String> = prefs.displayName
-  val cameraEnabled: StateFlow<Boolean> = prefs.cameraEnabled
-  val manualEnabled: StateFlow<Boolean> = prefs.manualEnabled
-  val manualHost: StateFlow<String> = prefs.manualHost
-  val manualPort: StateFlow<Int> = prefs.manualPort
-  val lastDiscoveredStableId: StateFlow<String> = prefs.lastDiscoveredStableId
-
-  private var didAutoConnect = false
-
-  data class ChatMessage(val id: String, val role: String, val text: String, val timestampMs: Long?)
-
-  private val _chatMessages = MutableStateFlow<List<ChatMessage>>(emptyList())
-  val chatMessages: StateFlow<List<ChatMessage>> = _chatMessages.asStateFlow()
-
-  private val _chatError = MutableStateFlow<String?>(null)
-  val chatError: StateFlow<String?> = _chatError.asStateFlow()
-
-  private val pendingRuns = mutableSetOf<String>()
-  private val _pendingRunCount = MutableStateFlow(0)
-  val pendingRunCount: StateFlow<Int> = _pendingRunCount.asStateFlow()
-
-  init {
-    scope.launch(Dispatchers.Default) {
-      bridges.collect { list ->
-        if (list.isNotEmpty()) {
-          // Persist the last discovered bridge (best-effort UX parity with iOS).
-          prefs.setLastDiscoveredStableId(list.last().stableId)
-        }
-
-        if (didAutoConnect) return@collect
-        if (_isConnected.value) return@collect
-
-        val token = prefs.loadBridgeToken()
-        if (token.isNullOrBlank()) return@collect
-
-        if (manualEnabled.value) {
-          val host = manualHost.value.trim()
-          val port = manualPort.value
-          if (host.isNotEmpty() && port in 1..65535) {
-            didAutoConnect = true
-            connect(BridgeEndpoint.manual(host = host, port = port))
-          }
-          return@collect
-        }
-
-        val targetStableId = lastDiscoveredStableId.value.trim()
-        if (targetStableId.isEmpty()) return@collect
-        val target = list.firstOrNull { it.stableId == targetStableId } ?: return@collect
-        didAutoConnect = true
-        connect(target)
-      }
-    }
-  }
-
-  fun setForeground(value: Boolean) {
-    _isForeground.value = value
-  }
-
-  fun setDisplayName(value: String) {
-    prefs.setDisplayName(value)
-  }
-
-  fun setCameraEnabled(value: Boolean) {
-    prefs.setCameraEnabled(value)
-  }
-
-  fun setManualEnabled(value: Boolean) {
-    prefs.setManualEnabled(value)
-  }
-
-  fun setManualHost(value: String) {
-    prefs.setManualHost(value)
-  }
-
-  fun setManualPort(value: Int) {
-    prefs.setManualPort(value)
-  }
-
-  fun connect(endpoint: BridgeEndpoint) {
-    scope.launch {
-      _statusText.value = "Connecting…"
-      val storedToken = prefs.loadBridgeToken()
-      val resolved =
-        if (storedToken.isNullOrBlank()) {
-          _statusText.value = "Pairing…"
-          BridgePairingClient().pairAndHello(
-            endpoint = endpoint,
-            hello =
-              BridgePairingClient.Hello(
-                nodeId = instanceId.value,
-                displayName = displayName.value,
-                token = null,
-                platform = "Android",
-                version = "dev",
-              ),
-          )
-        } else {
-          BridgePairingClient.PairResult(ok = true, token = storedToken.trim())
-        }
-
-      if (!resolved.ok || resolved.token.isNullOrBlank()) {
-        _statusText.value = "Failed: pairing required"
-        return@launch
-      }
-
-      val authToken = requireNotNull(resolved.token).trim()
-      prefs.saveBridgeToken(authToken)
-      session.connect(
-        endpoint = endpoint,
-        hello =
-          BridgeSession.Hello(
-            nodeId = instanceId.value,
-            displayName = displayName.value,
-            token = authToken,
-            platform = "Android",
-            version = "dev",
-          ),
-      )
-    }
-  }
-
-  fun connectManual() {
-    val host = manualHost.value.trim()
-    val port = manualPort.value
-    if (host.isEmpty() || port <= 0 || port > 65535) {
-      _statusText.value = "Failed: invalid manual host/port"
-      return
-    }
-    connect(BridgeEndpoint.manual(host = host, port = port))
-  }
-
-  fun disconnect() {
-    session.disconnect()
-  }
-
-  fun loadChat(sessionKey: String = "main") {
-    scope.launch {
-      _chatError.value = null
-      try {
-        // Best-effort; push events are optional, but improve latency.
-        session.sendEvent("chat.subscribe", """{"sessionKey":"$sessionKey"}""")
-      } catch (_: Throwable) {
-        // ignore
-      }
-
-      try {
-        val res = session.request("chat.history", """{"sessionKey":"$sessionKey"}""")
-        _chatMessages.value = parseHistory(res)
-      } catch (e: Exception) {
-        _chatError.value = e.message
-      }
-    }
-  }
-
-  fun sendChat(sessionKey: String = "main", message: String, thinking: String = "off") {
-    val trimmed = message.trim()
-    if (trimmed.isEmpty()) return
-    scope.launch {
-      _chatError.value = null
-      val idem = java.util.UUID.randomUUID().toString()
-
-      _chatMessages.value =
-        _chatMessages.value +
-          ChatMessage(
-            id = java.util.UUID.randomUUID().toString(),
-            role = "user",
-            text = trimmed,
-            timestampMs = System.currentTimeMillis(),
-          )
-
-      try {
-        val params =
-          """{"sessionKey":"$sessionKey","message":${trimmed.toJsonString()},"thinking":"$thinking","timeoutMs":30000,"idempotencyKey":"$idem"}"""
-        val res = session.request("chat.send", params)
-        val runId = parseRunId(res) ?: idem
-        pendingRuns.add(runId)
-        _pendingRunCount.value = pendingRuns.size
-      } catch (e: Exception) {
-        _chatError.value = e.message
-      }
-    }
-  }
-
-  private fun handleBridgeEvent(event: String, payloadJson: String?) {
-    if (event != "chat" || payloadJson.isNullOrBlank()) return
-    try {
-      val payload = json.parseToJsonElement(payloadJson).asObjectOrNull() ?: return
-      val state = payload["state"].asStringOrNull()
-      val runId = payload["runId"].asStringOrNull()
-      if (!runId.isNullOrBlank()) {
-        pendingRuns.remove(runId)
-        _pendingRunCount.value = pendingRuns.size
-      }
-
-      when (state) {
-        "final" -> {
-          val msgObj = payload["message"].asObjectOrNull()
-          val role = msgObj?.get("role").asStringOrNull() ?: "assistant"
-          val text = extractTextFromMessage(msgObj)
-          if (!text.isNullOrBlank()) {
-            _chatMessages.value =
-              _chatMessages.value +
-                ChatMessage(
-                  id = java.util.UUID.randomUUID().toString(),
-                  role = role,
-                  text = text,
-                  timestampMs = System.currentTimeMillis(),
-                )
-          }
-        }
-        "error" -> {
-          _chatError.value = payload["errorMessage"].asStringOrNull() ?: "Chat failed"
-        }
-      }
-    } catch (_: Throwable) {
-      // ignore
-    }
-  }
-
-  private fun parseHistory(historyJson: String): List<ChatMessage> {
-    val root = json.parseToJsonElement(historyJson).asObjectOrNull() ?: return emptyList()
-    val raw = root["messages"] ?: return emptyList()
-    val array = raw as? JsonArray ?: return emptyList()
-    return array.mapNotNull { item ->
-      val obj = item as? JsonObject ?: return@mapNotNull null
-      val role = obj["role"].asStringOrNull() ?: return@mapNotNull null
-      val text = extractTextFromMessage(obj) ?: return@mapNotNull null
-      ChatMessage(
-        id = java.util.UUID.randomUUID().toString(),
-        role = role,
-        text = text,
-        timestampMs = null,
-      )
-    }
-  }
-
-  private fun extractTextFromMessage(msgObj: JsonObject?): String? {
-    if (msgObj == null) return null
-    val content = msgObj["content"] ?: return null
-    return when (content) {
-      is JsonPrimitive -> content.asStringOrNull()
-      else -> {
-        val arr = (content as? JsonArray) ?: return null
-        arr.mapNotNull { part ->
-          val p = part as? JsonObject ?: return@mapNotNull null
-          p["text"].asStringOrNull()
-        }.joinToString("\n").trim().ifBlank { null }
-      }
-    }
-  }
-
-  private fun parseRunId(resJson: String): String? {
-    return try {
-      json.parseToJsonElement(resJson).asObjectOrNull()?.get("runId").asStringOrNull()
-    } catch (_: Throwable) {
-      null
-    }
-  }
-
-  private suspend fun handleInvoke(command: String, paramsJson: String?): BridgeSession.InvokeResult {
-    if (command.startsWith("screen.") || command.startsWith("camera.")) {
-      if (!isForeground.value) {
-        return BridgeSession.InvokeResult.error(
-          code = "NODE_BACKGROUND_UNAVAILABLE",
-          message = "NODE_BACKGROUND_UNAVAILABLE: screen/camera commands require foreground",
-        )
-      }
-    }
-    if (command.startsWith("camera.") && !cameraEnabled.value) {
-      return BridgeSession.InvokeResult.error(
-        code = "CAMERA_DISABLED",
-        message = "CAMERA_DISABLED: enable Camera in Settings",
-      )
-    }
-
-    return when (command) {
-      "screen.show" -> BridgeSession.InvokeResult.ok(null)
-      "screen.hide" -> BridgeSession.InvokeResult.ok(null)
-      "screen.setMode" -> {
-        val mode = CanvasController.parseMode(paramsJson)
-        canvas.setMode(mode)
-        BridgeSession.InvokeResult.ok(null)
-      }
-      "screen.navigate" -> {
-        val url = CanvasController.parseNavigateUrl(paramsJson)
-        if (url != null) canvas.navigate(url)
-        BridgeSession.InvokeResult.ok(null)
-      }
-      "screen.eval" -> {
-        val js =
-          CanvasController.parseEvalJs(paramsJson)
-            ?: return BridgeSession.InvokeResult.error(
-              code = "INVALID_REQUEST",
-              message = "INVALID_REQUEST: javaScript required",
-            )
-        val result =
-          try {
-            canvas.eval(js)
-          } catch (err: Throwable) {
-            return BridgeSession.InvokeResult.error(
-              code = "NODE_BACKGROUND_UNAVAILABLE",
-              message = "NODE_BACKGROUND_UNAVAILABLE: canvas unavailable",
-            )
-          }
-        BridgeSession.InvokeResult.ok("""{"result":${result.toJsonString()}}""")
-      }
-      "screen.snapshot" -> {
-        val maxWidth = CanvasController.parseSnapshotMaxWidth(paramsJson)
-        val base64 =
-          try {
-            canvas.snapshotPngBase64(maxWidth = maxWidth)
-          } catch (err: Throwable) {
-            return BridgeSession.InvokeResult.error(
-              code = "NODE_BACKGROUND_UNAVAILABLE",
-              message = "NODE_BACKGROUND_UNAVAILABLE: canvas unavailable",
-            )
-          }
-        BridgeSession.InvokeResult.ok("""{"format":"png","base64":"$base64"}""")
-      }
-      "camera.snap" -> {
-        val res = camera.snap(paramsJson)
-        BridgeSession.InvokeResult.ok(res.payloadJson)
-      }
-      "camera.clip" -> {
-        val res = camera.clip(paramsJson)
-        BridgeSession.InvokeResult.ok(res.payloadJson)
-      }
-      else ->
-        BridgeSession.InvokeResult.error(
-          code = "INVALID_REQUEST",
-          message = "INVALID_REQUEST: unknown command",
-        )
-    }
-  }
-}
-
-private fun String.toJsonString(): String {
-  val escaped =
-    this.replace("\\", "\\\\")
-      .replace("\"", "\\\"")
-      .replace("\n", "\\n")
-      .replace("\r", "\\r")
-  return "\"$escaped\""
-}
-
-private fun JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
-
-private fun JsonElement?.asStringOrNull(): String? =
-  when (this) {
-    is JsonNull -> null
-    is JsonPrimitive -> content
-    else -> null
-  }
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/SecurePrefs.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/SecurePrefs.kt
@@ -1,97 +0,0 @@
-package com.steipete.clawdis.node
-
-import android.content.Context
-import androidx.security.crypto.EncryptedSharedPreferences
-import androidx.security.crypto.MasterKey
-import kotlinx.coroutines.flow.MutableStateFlow
-import kotlinx.coroutines.flow.StateFlow
-import java.util.UUID
-
-class SecurePrefs(context: Context) {
-  private val masterKey =
-    MasterKey.Builder(context)
-      .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
-      .build()
-
-  private val prefs =
-    EncryptedSharedPreferences.create(
-      context,
-      "clawdis.node.secure",
-      masterKey,
-      EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
-      EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM,
-    )
-
-  private val _instanceId = MutableStateFlow(loadOrCreateInstanceId())
-  val instanceId: StateFlow<String> = _instanceId
-
-  private val _displayName = MutableStateFlow(prefs.getString("node.displayName", "Android Node")!!)
-  val displayName: StateFlow<String> = _displayName
-
-  private val _cameraEnabled = MutableStateFlow(prefs.getBoolean("camera.enabled", true))
-  val cameraEnabled: StateFlow<Boolean> = _cameraEnabled
-
-  private val _manualEnabled = MutableStateFlow(prefs.getBoolean("bridge.manual.enabled", false))
-  val manualEnabled: StateFlow<Boolean> = _manualEnabled
-
-  private val _manualHost = MutableStateFlow(prefs.getString("bridge.manual.host", "")!!)
-  val manualHost: StateFlow<String> = _manualHost
-
-  private val _manualPort = MutableStateFlow(prefs.getInt("bridge.manual.port", 18790))
-  val manualPort: StateFlow<Int> = _manualPort
-
-  private val _lastDiscoveredStableId =
-    MutableStateFlow(prefs.getString("bridge.lastDiscoveredStableId", "")!!)
-  val lastDiscoveredStableId: StateFlow<String> = _lastDiscoveredStableId
-
-  fun setLastDiscoveredStableId(value: String) {
-    val trimmed = value.trim()
-    prefs.edit().putString("bridge.lastDiscoveredStableId", trimmed).apply()
-    _lastDiscoveredStableId.value = trimmed
-  }
-
-  fun setDisplayName(value: String) {
-    val trimmed = value.trim()
-    prefs.edit().putString("node.displayName", trimmed).apply()
-    _displayName.value = trimmed
-  }
-
-  fun setCameraEnabled(value: Boolean) {
-    prefs.edit().putBoolean("camera.enabled", value).apply()
-    _cameraEnabled.value = value
-  }
-
-  fun setManualEnabled(value: Boolean) {
-    prefs.edit().putBoolean("bridge.manual.enabled", value).apply()
-    _manualEnabled.value = value
-  }
-
-  fun setManualHost(value: String) {
-    val trimmed = value.trim()
-    prefs.edit().putString("bridge.manual.host", trimmed).apply()
-    _manualHost.value = trimmed
-  }
-
-  fun setManualPort(value: Int) {
-    prefs.edit().putInt("bridge.manual.port", value).apply()
-    _manualPort.value = value
-  }
-
-  fun loadBridgeToken(): String? {
-    val key = "bridge.token.${_instanceId.value}"
-    return prefs.getString(key, null)
-  }
-
-  fun saveBridgeToken(token: String) {
-    val key = "bridge.token.${_instanceId.value}"
-    prefs.edit().putString(key, token.trim()).apply()
-  }
-
-  private fun loadOrCreateInstanceId(): String {
-    val existing = prefs.getString("node.instanceId", null)?.trim()
-    if (!existing.isNullOrBlank()) return existing
-    val fresh = UUID.randomUUID().toString()
-    prefs.edit().putString("node.instanceId", fresh).apply()
-    return fresh
-  }
-}
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgeDiscovery.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgeDiscovery.kt
@@ -1,88 +0,0 @@
-package com.steipete.clawdis.node.bridge
-
-import android.content.Context
-import android.net.nsd.NsdManager
-import android.net.nsd.NsdServiceInfo
-import android.os.Build
-import kotlinx.coroutines.flow.MutableStateFlow
-import kotlinx.coroutines.flow.StateFlow
-import kotlinx.coroutines.flow.asStateFlow
-import java.util.concurrent.ConcurrentHashMap
-
-class BridgeDiscovery(context: Context) {
-  private val nsd = context.getSystemService(NsdManager::class.java)
-  private val serviceType = "_clawdis-bridge._tcp."
-
-  private val byId = ConcurrentHashMap<String, BridgeEndpoint>()
-  private val _bridges = MutableStateFlow<List<BridgeEndpoint>>(emptyList())
-  val bridges: StateFlow<List<BridgeEndpoint>> = _bridges.asStateFlow()
-
-  private val discoveryListener =
-    object : NsdManager.DiscoveryListener {
-      override fun onStartDiscoveryFailed(serviceType: String, errorCode: Int) {}
-      override fun onStopDiscoveryFailed(serviceType: String, errorCode: Int) {}
-      override fun onDiscoveryStarted(serviceType: String) {}
-      override fun onDiscoveryStopped(serviceType: String) {}
-
-      override fun onServiceFound(serviceInfo: NsdServiceInfo) {
-        if (serviceInfo.serviceType != this@BridgeDiscovery.serviceType) return
-        resolve(serviceInfo)
-      }
-
-      override fun onServiceLost(serviceInfo: NsdServiceInfo) {
-        val id = stableId(serviceInfo)
-        byId.remove(id)
-        publish()
-      }
-    }
-
-  init {
-    try {
-      nsd.discoverServices(serviceType, NsdManager.PROTOCOL_DNS_SD, discoveryListener)
-    } catch (_: Throwable) {
-      // ignore (best-effort)
-    }
-  }
-
-  private fun resolve(serviceInfo: NsdServiceInfo) {
-    nsd.resolveService(
-      serviceInfo,
-      object : NsdManager.ResolveListener {
-        override fun onResolveFailed(serviceInfo: NsdServiceInfo, errorCode: Int) {}
-
-        override fun onServiceResolved(resolved: NsdServiceInfo) {
-          val host = resolved.host?.hostAddress ?: return
-          val port = resolved.port
-          if (port <= 0) return
-
-          val displayName = txt(resolved, "displayName") ?: resolved.serviceName
-          val id = stableId(resolved)
-          byId[id] = BridgeEndpoint(stableId = id, name = displayName, host = host, port = port)
-          publish()
-        }
-      },
-    )
-  }
-
-  private fun publish() {
-    _bridges.value = byId.values.sortedBy { it.name.lowercase() }
-  }
-
-  private fun stableId(info: NsdServiceInfo): String {
-    return "${info.serviceType}|local.|${normalizeName(info.serviceName)}"
-  }
-
-  private fun normalizeName(raw: String): String {
-    return raw.trim().split(Regex("\\s+")).joinToString(" ")
-  }
-
-  private fun txt(info: NsdServiceInfo, key: String): String? {
-    if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) return null
-    val bytes = info.attributes[key] ?: return null
-    return try {
-      String(bytes, Charsets.UTF_8).trim().ifEmpty { null }
-    } catch (_: Throwable) {
-      null
-    }
-  }
-}
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgeEndpoint.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgeEndpoint.kt
@@ -1,19 +0,0 @@
-package com.steipete.clawdis.node.bridge
-
-data class BridgeEndpoint(
-  val stableId: String,
-  val name: String,
-  val host: String,
-  val port: Int,
-) {
-  companion object {
-    fun manual(host: String, port: Int): BridgeEndpoint =
-      BridgeEndpoint(
-        stableId = "manual|$host|$port",
-        name = "$host:$port",
-        host = host,
-        port = port,
-      )
-  }
-}
-
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgePairingClient.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgePairingClient.kt
@@ -1,118 +0,0 @@
-package com.steipete.clawdis.node.bridge
-
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.withContext
-import kotlinx.serialization.json.Json
-import kotlinx.serialization.json.JsonObject
-import kotlinx.serialization.json.JsonPrimitive
-import kotlinx.serialization.json.JsonNull
-import kotlinx.serialization.json.JsonElement
-import kotlinx.serialization.json.buildJsonObject
-import java.io.BufferedReader
-import java.io.BufferedWriter
-import java.io.InputStreamReader
-import java.io.OutputStreamWriter
-import java.net.InetSocketAddress
-import java.net.Socket
-
-class BridgePairingClient {
-  private val json = Json { ignoreUnknownKeys = true }
-
-  data class Hello(
-    val nodeId: String,
-    val displayName: String?,
-    val token: String?,
-    val platform: String?,
-    val version: String?,
-  )
-
-  data class PairResult(val ok: Boolean, val token: String?, val error: String? = null)
-
-  suspend fun pairAndHello(endpoint: BridgeEndpoint, hello: Hello): PairResult =
-    withContext(Dispatchers.IO) {
-      val socket = Socket()
-      socket.tcpNoDelay = true
-      socket.connect(InetSocketAddress(endpoint.host, endpoint.port), 8_000)
-      socket.soTimeout = 60_000
-
-      val reader = BufferedReader(InputStreamReader(socket.getInputStream(), Charsets.UTF_8))
-      val writer = BufferedWriter(OutputStreamWriter(socket.getOutputStream(), Charsets.UTF_8))
-
-      fun send(line: String) {
-        writer.write(line)
-        writer.write("\n")
-        writer.flush()
-      }
-
-      fun sendJson(obj: JsonObject) = send(obj.toString())
-
-      try {
-        sendJson(
-          buildJsonObject {
-            put("type", JsonPrimitive("hello"))
-            put("nodeId", JsonPrimitive(hello.nodeId))
-            hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
-            hello.token?.let { put("token", JsonPrimitive(it)) }
-            hello.platform?.let { put("platform", JsonPrimitive(it)) }
-            hello.version?.let { put("version", JsonPrimitive(it)) }
-          },
-        )
-
-        val firstObj = json.parseToJsonElement(reader.readLine()).asObjectOrNull()
-          ?: return@withContext PairResult(ok = false, token = null, error = "unexpected bridge response")
-        when (firstObj["type"].asStringOrNull()) {
-          "hello-ok" -> PairResult(ok = true, token = hello.token)
-          "error" -> {
-            val code = firstObj["code"].asStringOrNull() ?: "UNAVAILABLE"
-            val message = firstObj["message"].asStringOrNull() ?: "pairing required"
-            if (code != "NOT_PAIRED" && code != "UNAUTHORIZED") {
-              return@withContext PairResult(ok = false, token = null, error = "$code: $message")
-            }
-
-            sendJson(
-              buildJsonObject {
-                put("type", JsonPrimitive("pair-request"))
-                put("nodeId", JsonPrimitive(hello.nodeId))
-                hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
-                hello.platform?.let { put("platform", JsonPrimitive(it)) }
-                hello.version?.let { put("version", JsonPrimitive(it)) }
-              },
-            )
-
-            while (true) {
-              val nextLine = reader.readLine() ?: break
-              val next = json.parseToJsonElement(nextLine).asObjectOrNull() ?: continue
-              when (next["type"].asStringOrNull()) {
-                "pair-ok" -> {
-                  val token = next["token"].asStringOrNull()
-                  return@withContext PairResult(ok = !token.isNullOrBlank(), token = token)
-                }
-                "error" -> {
-                  val c = next["code"].asStringOrNull() ?: "UNAVAILABLE"
-                  val m = next["message"].asStringOrNull() ?: "pairing failed"
-                  return@withContext PairResult(ok = false, token = null, error = "$c: $m")
-                }
-              }
-            }
-            PairResult(ok = false, token = null, error = "pairing failed")
-          }
-          else -> PairResult(ok = false, token = null, error = "unexpected bridge response")
-        }
-      } finally {
-        try {
-          socket.close()
-        } catch (_: Throwable) {
-          // ignore
-        }
-      }
-    }
-}
-
-private fun JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
-
-private fun JsonElement?.asStringOrNull(): String? =
-  when (this) {
-    is JsonNull -> null
-    is JsonPrimitive -> content
-    else -> null
-  }
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/node/CameraCaptureManager.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/node/CameraCaptureManager.kt
@@ -1,235 +0,0 @@
-package com.steipete.clawdis.node.node
-
-import android.Manifest
-import android.content.Context
-import android.graphics.Bitmap
-import android.graphics.BitmapFactory
-import android.util.Base64
-import android.content.pm.PackageManager
-import androidx.lifecycle.LifecycleOwner
-import androidx.camera.core.CameraSelector
-import androidx.camera.core.ImageCapture
-import androidx.camera.core.ImageCaptureException
-import androidx.camera.lifecycle.ProcessCameraProvider
-import androidx.camera.video.FileOutputOptions
-import androidx.camera.video.Recorder
-import androidx.camera.video.Recording
-import androidx.camera.video.VideoCapture
-import androidx.camera.video.VideoRecordEvent
-import androidx.core.content.ContextCompat
-import androidx.core.content.ContextCompat.checkSelfPermission
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.suspendCancellableCoroutine
-import kotlinx.coroutines.withTimeout
-import kotlinx.coroutines.withContext
-import java.io.ByteArrayOutputStream
-import java.io.File
-import java.util.concurrent.Executor
-import kotlin.coroutines.resume
-import kotlin.coroutines.resumeWithException
-
-class CameraCaptureManager(private val context: Context) {
-  data class Payload(val payloadJson: String)
-
-  @Volatile private var lifecycleOwner: LifecycleOwner? = null
-
-  fun attachLifecycleOwner(owner: LifecycleOwner) {
-    lifecycleOwner = owner
-  }
-
-  private fun requireCameraPermission() {
-    val granted = checkSelfPermission(context, Manifest.permission.CAMERA) == PackageManager.PERMISSION_GRANTED
-    if (!granted) throw IllegalStateException("CAMERA_PERMISSION_REQUIRED: grant Camera permission")
-  }
-
-  private fun requireMicPermission() {
-    val granted = checkSelfPermission(context, Manifest.permission.RECORD_AUDIO) == PackageManager.PERMISSION_GRANTED
-    if (!granted) throw IllegalStateException("MIC_PERMISSION_REQUIRED: grant Microphone permission")
-  }
-
-  suspend fun snap(paramsJson: String?): Payload =
-    withContext(Dispatchers.Main) {
-      requireCameraPermission()
-      val owner = lifecycleOwner ?: throw IllegalStateException("UNAVAILABLE: camera not ready")
-      val facing = parseFacing(paramsJson) ?: "front"
-      val quality = (parseQuality(paramsJson) ?: 0.9).coerceIn(0.1, 1.0)
-      val maxWidth = parseMaxWidth(paramsJson)
-
-      val provider = context.cameraProvider()
-      val capture = ImageCapture.Builder().build()
-      val selector =
-        if (facing == "front") CameraSelector.DEFAULT_FRONT_CAMERA else CameraSelector.DEFAULT_BACK_CAMERA
-
-      provider.unbindAll()
-      provider.bindToLifecycle(owner, selector, capture)
-
-      val bytes = capture.takeJpegBytes(context.mainExecutor())
-      val decoded = BitmapFactory.decodeByteArray(bytes, 0, bytes.size)
-        ?: throw IllegalStateException("UNAVAILABLE: failed to decode captured image")
-      val scaled =
-        if (maxWidth != null && maxWidth > 0 && decoded.width > maxWidth) {
-          val h =
-            (decoded.height.toDouble() * (maxWidth.toDouble() / decoded.width.toDouble()))
-              .toInt()
-              .coerceAtLeast(1)
-          Bitmap.createScaledBitmap(decoded, maxWidth, h, true)
-        } else {
-          decoded
-        }
-
-      val out = ByteArrayOutputStream()
-      val jpegQuality = (quality * 100.0).toInt().coerceIn(10, 100)
-      if (!scaled.compress(Bitmap.CompressFormat.JPEG, jpegQuality, out)) {
-        throw IllegalStateException("UNAVAILABLE: failed to encode JPEG")
-      }
-      val base64 = Base64.encodeToString(out.toByteArray(), Base64.NO_WRAP)
-      Payload(
-        """{"format":"jpg","base64":"$base64","width":${scaled.width},"height":${scaled.height}}""",
-      )
-    }
-
-  suspend fun clip(paramsJson: String?): Payload =
-    withContext(Dispatchers.Main) {
-      requireCameraPermission()
-      val owner = lifecycleOwner ?: throw IllegalStateException("UNAVAILABLE: camera not ready")
-      val facing = parseFacing(paramsJson) ?: "front"
-      val durationMs = (parseDurationMs(paramsJson) ?: 3_000).coerceIn(200, 45_000)
-      val includeAudio = parseIncludeAudio(paramsJson) ?: true
-      if (includeAudio) requireMicPermission()
-
-      val provider = context.cameraProvider()
-      val recorder = Recorder.Builder().build()
-      val videoCapture = VideoCapture.withOutput(recorder)
-      val selector =
-        if (facing == "front") CameraSelector.DEFAULT_FRONT_CAMERA else CameraSelector.DEFAULT_BACK_CAMERA
-
-      provider.unbindAll()
-      provider.bindToLifecycle(owner, selector, videoCapture)
-
-      val file = File.createTempFile("clawdis-clip-", ".mp4")
-      val outputOptions = FileOutputOptions.Builder(file).build()
-
-      val finalized = kotlinx.coroutines.CompletableDeferred<VideoRecordEvent.Finalize>()
-      val recording: Recording =
-        videoCapture.output
-          .prepareRecording(context, outputOptions)
-          .apply {
-            if (includeAudio) withAudioEnabled()
-          }
-          .start(context.mainExecutor()) { event ->
-            if (event is VideoRecordEvent.Finalize) {
-              finalized.complete(event)
-            }
-          }
-
-      try {
-        kotlinx.coroutines.delay(durationMs.toLong())
-      } finally {
-        recording.stop()
-      }
-
-      val finalizeEvent =
-        try {
-          withTimeout(10_000) { finalized.await() }
-        } catch (err: Throwable) {
-          file.delete()
-          throw IllegalStateException("UNAVAILABLE: camera clip finalize timed out")
-        }
-      if (finalizeEvent.hasError()) {
-        file.delete()
-        throw IllegalStateException("UNAVAILABLE: camera clip failed")
-      }
-
-      val bytes = file.readBytes()
-      file.delete()
-      val base64 = Base64.encodeToString(bytes, Base64.NO_WRAP)
-      Payload(
-        """{"format":"mp4","base64":"$base64","durationMs":$durationMs,"hasAudio":${includeAudio}}""",
-      )
-    }
-
-  private fun parseFacing(paramsJson: String?): String? =
-    when {
-      paramsJson?.contains("\"front\"") == true -> "front"
-      paramsJson?.contains("\"back\"") == true -> "back"
-      else -> null
-    }
-
-  private fun parseQuality(paramsJson: String?): Double? =
-    parseNumber(paramsJson, key = "quality")?.toDoubleOrNull()
-
-  private fun parseMaxWidth(paramsJson: String?): Int? =
-    parseNumber(paramsJson, key = "maxWidth")?.toIntOrNull()
-
-  private fun parseDurationMs(paramsJson: String?): Int? =
-    parseNumber(paramsJson, key = "durationMs")?.toIntOrNull()
-
-  private fun parseIncludeAudio(paramsJson: String?): Boolean? {
-    val raw = paramsJson ?: return null
-    val key = "\"includeAudio\""
-    val idx = raw.indexOf(key)
-    if (idx < 0) return null
-    val colon = raw.indexOf(':', idx + key.length)
-    if (colon < 0) return null
-    val tail = raw.substring(colon + 1).trimStart()
-    return when {
-      tail.startsWith("true") -> true
-      tail.startsWith("false") -> false
-      else -> null
-    }
-  }
-
-  private fun parseNumber(paramsJson: String?, key: String): String? {
-    val raw = paramsJson ?: return null
-    val needle = "\"$key\""
-    val idx = raw.indexOf(needle)
-    if (idx < 0) return null
-    val colon = raw.indexOf(':', idx + needle.length)
-    if (colon < 0) return null
-    val tail = raw.substring(colon + 1).trimStart()
-    return tail.takeWhile { it.isDigit() || it == '.' }
-  }
-
-  private fun Context.mainExecutor(): Executor = ContextCompat.getMainExecutor(this)
-}
-
-private suspend fun Context.cameraProvider(): ProcessCameraProvider =
-  suspendCancellableCoroutine { cont ->
-    val future = ProcessCameraProvider.getInstance(this)
-    future.addListener(
-      {
-        try {
-          cont.resume(future.get())
-        } catch (e: Exception) {
-          cont.resumeWithException(e)
-        }
-      },
-      ContextCompat.getMainExecutor(this),
-    )
-  }
-
-private suspend fun ImageCapture.takeJpegBytes(executor: Executor): ByteArray =
-  suspendCancellableCoroutine { cont ->
-    val file = File.createTempFile("clawdis-snap-", ".jpg")
-    val options = ImageCapture.OutputFileOptions.Builder(file).build()
-    takePicture(
-      options,
-      executor,
-      object : ImageCapture.OnImageSavedCallback {
-        override fun onError(exception: ImageCaptureException) {
-          cont.resumeWithException(exception)
-        }
-
-        override fun onImageSaved(outputFileResults: ImageCapture.OutputFileResults) {
-          try {
-            val bytes = file.readBytes()
-            cont.resume(bytes)
-          } catch (e: Exception) {
-            cont.resumeWithException(e)
-          } finally {
-            file.delete()
-          }
-        }
-      },
-    )
-  }
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/node/CanvasController.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/node/CanvasController.kt
@@ -1,242 +0,0 @@
-package com.steipete.clawdis.node.node
-
-import android.graphics.Bitmap
-import android.os.Build
-import android.graphics.Canvas
-import android.webkit.WebView
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.suspendCancellableCoroutine
-import kotlinx.coroutines.withContext
-import java.io.ByteArrayOutputStream
-import android.util.Base64
-import kotlin.coroutines.resume
-
-class CanvasController {
-  enum class Mode { CANVAS, WEB }
-
-  @Volatile private var webView: WebView? = null
-  @Volatile private var mode: Mode = Mode.CANVAS
-  @Volatile private var url: String = ""
-
-  fun attach(webView: WebView) {
-    this.webView = webView
-    reload()
-  }
-
-  fun setMode(mode: Mode) {
-    this.mode = mode
-    reload()
-  }
-
-  fun navigate(url: String) {
-    this.url = url
-    reload()
-  }
-
-  private fun reload() {
-    val wv = webView ?: return
-    when (mode) {
-      Mode.WEB -> wv.loadUrl(url.trim())
-      Mode.CANVAS -> wv.loadDataWithBaseURL(null, canvasHtml, "text/html", "utf-8", null)
-    }
-  }
-
-  suspend fun eval(javaScript: String): String =
-    withContext(Dispatchers.Main) {
-      val wv = webView ?: throw IllegalStateException("no webview")
-      suspendCancellableCoroutine { cont ->
-        wv.evaluateJavascript(javaScript) { result ->
-          cont.resume(result ?: "")
-        }
-      }
-    }
-
-  suspend fun snapshotPngBase64(maxWidth: Int?): String =
-    withContext(Dispatchers.Main) {
-      val wv = webView ?: throw IllegalStateException("no webview")
-      val bmp = wv.captureBitmap()
-      val scaled =
-        if (maxWidth != null && maxWidth > 0 && bmp.width > maxWidth) {
-          val h = (bmp.height.toDouble() * (maxWidth.toDouble() / bmp.width.toDouble())).toInt().coerceAtLeast(1)
-          Bitmap.createScaledBitmap(bmp, maxWidth, h, true)
-        } else {
-          bmp
-        }
-
-      val out = ByteArrayOutputStream()
-      scaled.compress(Bitmap.CompressFormat.PNG, 100, out)
-      Base64.encodeToString(out.toByteArray(), Base64.NO_WRAP)
-    }
-
-  private suspend fun WebView.captureBitmap(): Bitmap =
-    suspendCancellableCoroutine { cont ->
-      val width = width.coerceAtLeast(1)
-      val height = height.coerceAtLeast(1)
-      val bitmap = Bitmap.createBitmap(width, height, Bitmap.Config.ARGB_8888)
-
-      // WebView isn't supported by PixelCopy.request(...) directly; draw() is the most reliable
-      // cross-version snapshot for this lightweight "canvas" use-case.
-      draw(Canvas(bitmap))
-      cont.resume(bitmap)
-    }
-
-  companion object {
-    fun parseMode(paramsJson: String?): Mode {
-      val raw = paramsJson ?: return Mode.CANVAS
-      return if (raw.contains("\"web\"")) Mode.WEB else Mode.CANVAS
-    }
-
-    fun parseNavigateUrl(paramsJson: String?): String? {
-      val raw = paramsJson ?: return null
-      val key = "\"url\""
-      val idx = raw.indexOf(key)
-      if (idx < 0) return null
-      val start = raw.indexOf('"', idx + key.length)
-      if (start < 0) return null
-      val end = raw.indexOf('"', start + 1)
-      if (end < 0) return null
-      return raw.substring(start + 1, end)
-    }
-
-    fun parseEvalJs(paramsJson: String?): String? {
-      val raw = paramsJson ?: return null
-      val key = "\"javaScript\""
-      val idx = raw.indexOf(key)
-      if (idx < 0) return null
-      val start = raw.indexOf('"', idx + key.length)
-      if (start < 0) return null
-      val end = raw.lastIndexOf('"')
-      if (end <= start) return null
-      return raw.substring(start + 1, end)
-        .replace("\\n", "\n")
-        .replace("\\\"", "\"")
-        .replace("\\\\", "\\")
-    }
-
-    fun parseSnapshotMaxWidth(paramsJson: String?): Int? {
-      val raw = paramsJson ?: return null
-      val key = "\"maxWidth\""
-      val idx = raw.indexOf(key)
-      if (idx < 0) return null
-      val colon = raw.indexOf(':', idx + key.length)
-      if (colon < 0) return null
-      val tail = raw.substring(colon + 1).trimStart()
-      val num = tail.takeWhile { it.isDigit() }
-      return num.toIntOrNull()
-    }
-  }
-}
-
-private val canvasHtml =
-  """
-  <!doctype html>
-  <html>
-    <head>
-      <meta charset="utf-8" />
-      <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" />
-      <title>Canvas</title>
-      <style>
-        :root { color-scheme: dark; }
-        html,body { height:100%; margin:0; }
-        body {
-          background: radial-gradient(1200px 900px at 15% 20%, rgba(42, 113, 255, 0.18), rgba(0,0,0,0) 55%),
-                      radial-gradient(900px 700px at 85% 30%, rgba(255, 0, 138, 0.14), rgba(0,0,0,0) 60%),
-                      radial-gradient(1000px 900px at 60% 90%, rgba(0, 209, 255, 0.10), rgba(0,0,0,0) 60%),
-                      #000;
-          overflow: hidden;
-        }
-        body::before {
-          content:"";
-          position: fixed;
-          inset: -20%;
-          background:
-            repeating-linear-gradient(0deg, rgba(255,255,255,0.02) 0, rgba(255,255,255,0.02) 1px,
-                                     transparent 1px, transparent 48px),
-            repeating-linear-gradient(90deg, rgba(255,255,255,0.02) 0, rgba(255,255,255,0.02) 1px,
-                                     transparent 1px, transparent 48px);
-          transform: rotate(-7deg);
-          opacity: 0.55;
-          pointer-events: none;
-        }
-        canvas {
-          display:block;
-          width:100vw;
-          height:100vh;
-          touch-action: none;
-        }
-        #clawdis-status {
-          position: fixed;
-          inset: 0;
-          display: grid;
-          place-items: center;
-          pointer-events: none;
-        }
-        #clawdis-status .card {
-          text-align: center;
-          padding: 16px 18px;
-          border-radius: 14px;
-          background: rgba(18, 18, 22, 0.42);
-          border: 1px solid rgba(255,255,255,0.08);
-          box-shadow: 0 18px 60px rgba(0,0,0,0.55);
-          backdrop-filter: blur(14px);
-        }
-        #clawdis-status .title {
-          font: 600 20px system-ui, sans-serif;
-          letter-spacing: 0.2px;
-          color: rgba(255,255,255,0.92);
-          text-shadow: 0 0 22px rgba(42, 113, 255, 0.35);
-        }
-        #clawdis-status .subtitle {
-          margin-top: 6px;
-          font: 500 12px system-ui, sans-serif;
-          color: rgba(255,255,255,0.58);
-        }
-      </style>
-    </head>
-    <body>
-      <canvas id="clawdis-canvas"></canvas>
-      <div id="clawdis-status">
-        <div class="card">
-          <div class="title" id="clawdis-status-title">Ready</div>
-          <div class="subtitle" id="clawdis-status-subtitle">Waiting for agent</div>
-        </div>
-      </div>
-      <script>
-        (() => {
-          const canvas = document.getElementById('clawdis-canvas');
-          const ctx = canvas.getContext('2d');
-          const statusEl = document.getElementById('clawdis-status');
-          const titleEl = document.getElementById('clawdis-status-title');
-          const subtitleEl = document.getElementById('clawdis-status-subtitle');
-
-          function resize() {
-            const dpr = window.devicePixelRatio || 1;
-            const w = Math.max(1, Math.floor(window.innerWidth * dpr));
-            const h = Math.max(1, Math.floor(window.innerHeight * dpr));
-            canvas.width = w;
-            canvas.height = h;
-            ctx.setTransform(dpr, 0, 0, dpr, 0, 0);
-          }
-
-          window.addEventListener('resize', resize);
-          resize();
-
-          window.__clawdis = {
-            canvas,
-            ctx,
-            setStatus: (title, subtitle) => {
-              if (!statusEl) return;
-              if (!title && !subtitle) {
-                statusEl.style.display = 'none';
-                return;
-              }
-              statusEl.style.display = 'grid';
-              if (titleEl && typeof title === 'string') titleEl.textContent = title;
-              if (subtitleEl && typeof subtitle === 'string') subtitleEl.textContent = subtitle;
-            }
-          };
-        })();
-      </script>
-    </body>
-  </html>
-  """.trimIndent()
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/ChatSheet.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/ChatSheet.kt
@@ -1,73 +0,0 @@
-package com.steipete.clawdis.node.ui
-
-import androidx.compose.foundation.layout.Arrangement
-import androidx.compose.foundation.layout.Column
-import androidx.compose.foundation.layout.Row
-import androidx.compose.foundation.layout.Spacer
-import androidx.compose.foundation.layout.fillMaxSize
-import androidx.compose.foundation.layout.fillMaxWidth
-import androidx.compose.foundation.layout.height
-import androidx.compose.foundation.layout.padding
-import androidx.compose.foundation.lazy.LazyColumn
-import androidx.compose.foundation.lazy.items
-import androidx.compose.material3.Button
-import androidx.compose.material3.OutlinedTextField
-import androidx.compose.material3.Text
-import androidx.compose.runtime.Composable
-import androidx.compose.runtime.LaunchedEffect
-import androidx.compose.runtime.collectAsState
-import androidx.compose.runtime.getValue
-import androidx.compose.runtime.mutableStateOf
-import androidx.compose.runtime.remember
-import androidx.compose.runtime.setValue
-import androidx.compose.ui.Modifier
-import androidx.compose.ui.unit.dp
-import com.steipete.clawdis.node.MainViewModel
-
-@Composable
-fun ChatSheet(viewModel: MainViewModel) {
-  val messages by viewModel.chatMessages.collectAsState()
-  val error by viewModel.chatError.collectAsState()
-  val pendingRunCount by viewModel.pendingRunCount.collectAsState()
-  var input by remember { mutableStateOf("") }
-
-  LaunchedEffect(Unit) {
-    viewModel.loadChat("main")
-  }
-
-  Column(modifier = Modifier.fillMaxSize().padding(16.dp), verticalArrangement = Arrangement.spacedBy(12.dp)) {
-    Text("Clawd Chat · session main")
-
-    if (!error.isNullOrBlank()) {
-      Text("Error: $error")
-    }
-
-    LazyColumn(modifier = Modifier.fillMaxWidth().weight(1f, fill = true)) {
-      items(messages) { msg ->
-        Text("${msg.role}: ${msg.text}")
-      }
-      if (pendingRunCount > 0) {
-        item { Text("assistant: …") }
-      }
-    }
-
-    Row(horizontalArrangement = Arrangement.spacedBy(12.dp), modifier = Modifier.fillMaxWidth()) {
-      OutlinedTextField(
-        value = input,
-        onValueChange = { input = it },
-        modifier = Modifier.weight(1f),
-        label = { Text("Message") },
-      )
-      Button(
-        onClick = {
-          val text = input
-          input = ""
-          viewModel.sendChat("main", text)
-        },
-        enabled = input.trim().isNotEmpty(),
-      ) {
-        Text("Send")
-      }
-    }
-  }
-}
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/RootScreen.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/RootScreen.kt
@@ -1,86 +0,0 @@
-package com.steipete.clawdis.node.ui
-
-import android.annotation.SuppressLint
-import android.webkit.WebView
-import android.webkit.WebViewClient
-import androidx.compose.foundation.layout.Box
-import androidx.compose.foundation.layout.WindowInsets
-import androidx.compose.foundation.layout.WindowInsetsSides
-import androidx.compose.foundation.layout.only
-import androidx.compose.foundation.layout.statusBars
-import androidx.compose.foundation.layout.fillMaxSize
-import androidx.compose.foundation.layout.padding
-import androidx.compose.foundation.layout.windowInsetsPadding
-import androidx.compose.material3.Button
-import androidx.compose.material3.ExperimentalMaterial3Api
-import androidx.compose.material3.ModalBottomSheet
-import androidx.compose.material3.Text
-import androidx.compose.material3.rememberModalBottomSheetState
-import androidx.compose.runtime.Composable
-import androidx.compose.runtime.getValue
-import androidx.compose.runtime.mutableStateOf
-import androidx.compose.runtime.remember
-import androidx.compose.runtime.setValue
-import androidx.compose.ui.Alignment
-import androidx.compose.ui.Modifier
-import androidx.compose.ui.platform.LocalContext
-import androidx.compose.ui.unit.dp
-import androidx.compose.ui.viewinterop.AndroidView
-import androidx.compose.ui.zIndex
-import com.steipete.clawdis.node.MainViewModel
-
-@OptIn(ExperimentalMaterial3Api::class)
-@Composable
-fun RootScreen(viewModel: MainViewModel) {
-  var sheet by remember { mutableStateOf<Sheet?>(null) }
-  val sheetState = rememberModalBottomSheetState(skipPartiallyExpanded = true)
-  val safeButtonInsets = WindowInsets.statusBars.only(WindowInsetsSides.Top)
-
-  Box(modifier = Modifier.fillMaxSize()) {
-    CanvasView(viewModel = viewModel, modifier = Modifier.fillMaxSize().zIndex(0f))
-
-    Box(modifier = Modifier.align(Alignment.TopEnd).zIndex(1f).windowInsetsPadding(safeButtonInsets).padding(12.dp)) {
-      Button(onClick = { sheet = Sheet.Settings }) { Text("Settings") }
-    }
-
-    Box(modifier = Modifier.align(Alignment.TopStart).zIndex(1f).windowInsetsPadding(safeButtonInsets).padding(12.dp)) {
-      Button(onClick = { sheet = Sheet.Chat }) { Text("Chat") }
-    }
-  }
-
-  if (sheet != null) {
-    ModalBottomSheet(
-      onDismissRequest = { sheet = null },
-      sheetState = sheetState,
-    ) {
-      when (sheet) {
-        Sheet.Chat -> ChatSheet(viewModel = viewModel)
-        Sheet.Settings -> SettingsSheet(viewModel = viewModel)
-        null -> {}
-      }
-    }
-  }
-}
-
-private enum class Sheet {
-  Chat,
-  Settings,
-}
-
-@SuppressLint("SetJavaScriptEnabled")
-@Composable
-private fun CanvasView(viewModel: MainViewModel, modifier: Modifier = Modifier) {
-  val context = LocalContext.current
-  AndroidView(
-    modifier = modifier,
-    factory = {
-      WebView(context).apply {
-        settings.javaScriptEnabled = true
-        settings.domStorageEnabled = false
-        webViewClient = WebViewClient()
-        setBackgroundColor(0x00000000)
-        viewModel.canvas.attach(this)
-      }
-    },
-  )
-}
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/SettingsSheet.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/SettingsSheet.kt
@@ -1,175 +0,0 @@
-package com.steipete.clawdis.node.ui
-
-import android.Manifest
-import android.content.pm.PackageManager
-import androidx.activity.compose.rememberLauncherForActivityResult
-import androidx.activity.result.contract.ActivityResultContracts
-import androidx.compose.foundation.rememberScrollState
-import androidx.compose.foundation.layout.Arrangement
-import androidx.compose.foundation.layout.Column
-import androidx.compose.foundation.layout.Row
-import androidx.compose.foundation.layout.Spacer
-import androidx.compose.foundation.layout.fillMaxWidth
-import androidx.compose.foundation.layout.height
-import androidx.compose.foundation.layout.padding
-import androidx.compose.foundation.lazy.LazyColumn
-import androidx.compose.foundation.lazy.items
-import androidx.compose.foundation.verticalScroll
-import androidx.compose.material3.Button
-import androidx.compose.material3.HorizontalDivider
-import androidx.compose.material3.OutlinedTextField
-import androidx.compose.material3.Switch
-import androidx.compose.material3.Text
-import androidx.compose.runtime.Composable
-import androidx.compose.runtime.collectAsState
-import androidx.compose.runtime.getValue
-import androidx.compose.ui.Modifier
-import androidx.compose.ui.platform.LocalContext
-import androidx.compose.ui.unit.dp
-import androidx.core.content.ContextCompat
-import com.steipete.clawdis.node.MainViewModel
-import com.steipete.clawdis.node.NodeForegroundService
-
-@Composable
-fun SettingsSheet(viewModel: MainViewModel) {
-  val context = LocalContext.current
-  val instanceId by viewModel.instanceId.collectAsState()
-  val displayName by viewModel.displayName.collectAsState()
-  val cameraEnabled by viewModel.cameraEnabled.collectAsState()
-  val manualEnabled by viewModel.manualEnabled.collectAsState()
-  val manualHost by viewModel.manualHost.collectAsState()
-  val manualPort by viewModel.manualPort.collectAsState()
-  val statusText by viewModel.statusText.collectAsState()
-  val serverName by viewModel.serverName.collectAsState()
-  val remoteAddress by viewModel.remoteAddress.collectAsState()
-  val bridges by viewModel.bridges.collectAsState()
-  val scrollState = rememberScrollState()
-
-  val permissionLauncher =
-    rememberLauncherForActivityResult(ActivityResultContracts.RequestMultiplePermissions()) { perms ->
-      val cameraOk = perms[Manifest.permission.CAMERA] == true
-      viewModel.setCameraEnabled(cameraOk)
-    }
-
-  Column(
-    modifier = Modifier.fillMaxWidth().verticalScroll(scrollState).padding(16.dp),
-    verticalArrangement = Arrangement.spacedBy(14.dp),
-  ) {
-    Text("Node")
-    OutlinedTextField(
-      value = displayName,
-      onValueChange = viewModel::setDisplayName,
-      label = { Text("Name") },
-      modifier = Modifier.fillMaxWidth(),
-    )
-    Text("Instance ID: $instanceId")
-
-    HorizontalDivider()
-
-    Text("Camera")
-    Row(horizontalArrangement = Arrangement.spacedBy(12.dp), modifier = Modifier.fillMaxWidth()) {
-      Switch(
-        checked = cameraEnabled,
-        onCheckedChange = { enabled ->
-          if (!enabled) {
-            viewModel.setCameraEnabled(false)
-            return@Switch
-          }
-
-          val cameraOk =
-            ContextCompat.checkSelfPermission(context, Manifest.permission.CAMERA) ==
-              PackageManager.PERMISSION_GRANTED
-          if (cameraOk) {
-            viewModel.setCameraEnabled(true)
-          } else {
-            permissionLauncher.launch(arrayOf(Manifest.permission.CAMERA, Manifest.permission.RECORD_AUDIO))
-          }
-        },
-      )
-      Text(if (cameraEnabled) "Allow Camera" else "Camera Disabled")
-    }
-    Text("Tip: grant Microphone permission for video clips with audio.")
-
-    HorizontalDivider()
-
-    Text("Bridge")
-    Text("Status: $statusText")
-    if (serverName != null) Text("Server: $serverName")
-    if (remoteAddress != null) Text("Address: $remoteAddress")
-
-    Row(horizontalArrangement = Arrangement.spacedBy(12.dp)) {
-      Button(
-        onClick = {
-          viewModel.disconnect()
-          NodeForegroundService.stop(context)
-        },
-      ) {
-        Text("Disconnect")
-      }
-    }
-
-    HorizontalDivider()
-
-    Text("Advanced")
-    Row(horizontalArrangement = Arrangement.spacedBy(12.dp), modifier = Modifier.fillMaxWidth()) {
-      Switch(checked = manualEnabled, onCheckedChange = viewModel::setManualEnabled)
-      Text(if (manualEnabled) "Manual Bridge Enabled" else "Manual Bridge Disabled")
-    }
-    OutlinedTextField(
-      value = manualHost,
-      onValueChange = viewModel::setManualHost,
-      label = { Text("Host") },
-      modifier = Modifier.fillMaxWidth(),
-      enabled = manualEnabled,
-    )
-    OutlinedTextField(
-      value = manualPort.toString(),
-      onValueChange = { v -> viewModel.setManualPort(v.toIntOrNull() ?: 0) },
-      label = { Text("Port") },
-      modifier = Modifier.fillMaxWidth(),
-      enabled = manualEnabled,
-    )
-    Button(
-      onClick = {
-        NodeForegroundService.start(context)
-        viewModel.connectManual()
-      },
-      enabled = manualEnabled,
-    ) {
-      Text("Connect (Manual)")
-    }
-
-    HorizontalDivider()
-
-    Text("Discovered Bridges")
-    if (bridges.isEmpty()) {
-      Text("No bridges found yet.")
-    } else {
-      LazyColumn(modifier = Modifier.fillMaxWidth().height(240.dp)) {
-        items(bridges) { bridge ->
-          Row(
-            modifier = Modifier.fillMaxWidth().padding(vertical = 8.dp),
-            horizontalArrangement = Arrangement.SpaceBetween,
-          ) {
-            Column(modifier = Modifier.weight(1f)) {
-              Text(bridge.name)
-              Text("${bridge.host}:${bridge.port}")
-            }
-            Spacer(modifier = Modifier.padding(4.dp))
-            Button(
-              onClick = {
-                NodeForegroundService.start(context)
-                viewModel.connect(bridge)
-              },
-            ) {
-              Text("Connect")
-            }
-          }
-          HorizontalDivider()
-        }
-      }
-    }
-
-    Spacer(modifier = Modifier.height(20.dp))
-  }
-}
--- a/apps/android/app/src/main/res/mipmap-anydpi/ic_launcher.xml
+++ b/apps/android/app/src/main/res/mipmap-anydpi/ic_launcher.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
+    <background android:drawable="@color/ic_launcher_background" />
+    <foreground android:drawable="@mipmap/ic_launcher_foreground" />
+    <monochrome android:drawable="@mipmap/ic_launcher_foreground" />
+</adaptive-icon>
--- a/apps/android/app/src/main/res/mipmap-anydpi/ic_launcher_round.xml
+++ b/apps/android/app/src/main/res/mipmap-anydpi/ic_launcher_round.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
+    <background android:drawable="@color/ic_launcher_background" />
+    <foreground android:drawable="@mipmap/ic_launcher_foreground" />
+    <monochrome android:drawable="@mipmap/ic_launcher_foreground" />
+</adaptive-icon>
--- a/apps/android/app/src/main/res/mipmap-hdpi/ic_launcher.png
+++ b/apps/android/app/src/main/res/mipmap-hdpi/ic_launcher.png
--- a/apps/android/app/src/main/res/mipmap-hdpi/ic_launcher_foreground.png
+++ b/apps/android/app/src/main/res/mipmap-hdpi/ic_launcher_foreground.png
--- a/apps/android/app/src/main/res/mipmap-mdpi/ic_launcher.png
+++ b/apps/android/app/src/main/res/mipmap-mdpi/ic_launcher.png
--- a/Show More
+++ b/Show More