fix: split telegram captions in bot delivery (#1063 ) (thanks @mukhtharcm)

fix(telegram): split long captions into follow-up messages
refactor: centralize outbound policy + target schema
2026-01-17 03:41:47 +00:00 · 2026-01-17 03:37:36 +00:00 · 2026-01-17 03:33:56 +00:00 · 2026-01-17 03:32:48 +00:00 · 2026-01-17 03:26:09 +00:00 · 2026-01-17 03:25:05 +00:00
961 changed files with 41796 additions and 12424 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -55,3 +55,6 @@ apps/ios/*.mobileprovision
 # Local untracked files
 .local/
 .vscode/
+IDENTITY.md
+USER.md
+.tgz
--- a/.oxlintrc.json
+++ b/.oxlintrc.json
@@ -0,0 +1,12 @@
+{
+  "$schema": "./node_modules/oxlint/configuration_schema.json",
+  "plugins": [
+    "unicorn",
+    "typescript",
+    "oxc"
+  ],
+  "categories": {
+    "correctness": "error"
+  },
+  "ignorePatterns": ["src/canvas-host/a2ui/a2ui.bundle.js"]
+}
--- a/.oxlintrc.jsonc
+++ b/.oxlintrc.jsonc
@@ -1,4 +0,0 @@
-{
-  "$schema": "https://json.schemastore.org/oxlintrc",
-  "extends": ["recommended"]
-}
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -54,12 +54,16 @@
 - PRs should summarize scope, note testing performed, and mention any user-facing changes or new flags.
 - PR review flow: when given a PR link, review via `gh pr view`/`gh pr diff` and do **not** change branches.
 - PR merge flow: create a temp branch from `main`, merge the PR branch into it (prefer squash unless commit history is important; use rebase/merge when it is). Always try to merge the PR unless it’s truly difficult, then use another approach. If we squash, add the PR author as a co-contributor. Apply fixes, add changelog entry (include PR # + thanks), run full gate before the final commit, commit, merge back to `main`, delete the temp branch, and end on `main`.
+- If you review a PR and later do work on it, land via merge/squash (no direct-main commits) and always add the PR author as a co-contributor.
 - When working on a PR: add a changelog entry with the PR number and thank the contributor.
 - When working on an issue: reference the issue in the changelog entry.
 - When merging a PR: leave a PR comment that explains exactly what we did and include the SHA hashes.
 - When merging a PR from a new contributor: add their avatar to the README “Thanks to all clawtributors” thumbnail list.
 - After merging a PR: run `bun scripts/update-clawtributors.ts` if the contributor is missing, then commit the regenerated README.

+## Shorthand Commands
+- `sync up`: if working tree is dirty, commit all changes (pick a sensible Conventional Commit message), then `git pull --rebase`; if rebase conflicts and cannot resolve, stop; otherwise `git push`.
+
 ### PR Workflow (Review vs Land)
 - **Review mode (PR link only):** read `gh pr view/diff`; **do not** switch branches; **do not** change code.
 - **Landing mode:** create an integration branch from `main`, bring in PR commits (**prefer rebase** for linear history; **merge allowed** when complexity/conflicts make it safer), apply fixes, add changelog (+ thanks + PR #), run full gate **locally before committing** (`pnpm lint && pnpm build && pnpm test`), commit, merge back to `main`, then `git switch main` (never stay on a topic branch after landing). Important: contributor needs to be in git graph after this!
@@ -104,6 +108,7 @@
 - Bug investigations: read source code of relevant npm dependencies and all related local code before concluding; aim for high-confidence root cause.
 - Code style: add brief comments for tricky logic; keep files under ~500 LOC when feasible (split/refactor as needed).
 - Tool schema guardrails (google-antigravity): avoid `Type.Union` in tool input schemas; no `anyOf`/`oneOf`/`allOf`. Use `stringEnum`/`optionalStringEnum` (Type.Unsafe enum) for string lists, and `Type.Optional(...)` instead of `... | null`. Keep top-level tool schema as `type: "object"` with `properties`.
+- Tool schema guardrails: avoid raw `format` property names in tool schemas; some validators treat `format` as a reserved keyword and reject the schema.
 - When asked to open a “session” file, open the Pi session logs under `~/.clawdbot/agents/main/sessions/*.jsonl` (newest unless a specific ID is given), not the default `sessions.json`. If logs are needed from another machine, SSH via Tailscale and read the same path there.
 - Menubar dimming + restart flow mirrors Trimmy: use `scripts/restart-mac.sh` (kills all Clawdbot variants, runs `swift build`, packages, relaunches). Icon dimming depends on MenuBarExtraAccess wiring in AppMain; keep `appearsDisabled` updates intact when touching the status item.
 - Do not rebuild the macOS app over SSH; rebuilds must be run directly on the Mac.
@@ -113,6 +118,14 @@
  - launchd PATH is minimal; ensure the app’s launch agent PATH includes standard system paths plus your pnpm bin (typically `$HOME/Library/pnpm`) so `pnpm`/`clawdbot` binaries resolve when invoked via `clawdbot-mac`.
 - For manual `clawdbot message send` messages that include `!`, use the heredoc pattern noted below to avoid the Bash tool’s escaping.

+## NPM + 1Password (publish/verify)
+- Use the 1password skill; all `op` commands must run inside a fresh tmux session.
+- Sign in: `eval "$(op signin --account my.1password.com)"` (app unlocked + integration on).
+- OTP: `op read 'op://Private/Npmjs/one-time password?attribute=otp'`.
+- Publish: `npm publish --access public --otp="<otp>"` (run from the package dir).
+- Verify without local npmrc side effects: `npm view <pkg> version --userconfig "$(mktemp)"`.
+- Kill the tmux session after publish.
+
 ## Exclamation Mark Escaping Workaround
 The Claude Code Bash tool escapes `!` to `\\!` in command arguments. When using `clawdbot message send` with messages containing exclamation marks, use heredoc syntax:

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,141 @@
 # Changelog

-## 2026.1.15 (unreleased)
+## 2026.1.16 (unreleased)

- Agents: add CLI quick reference to the system prompt to avoid invented commands. (#953) — thanks @roshanasingh4.
+### Highlights
+- Web search: add `country`/`language` parameters (schema + Brave API) and docs. (#1046) — thanks @YuriNachos.
+- Plugins: add Zalo Personal plugin (`@clawdbot/zalouser`) and unify channel directory for plugins. (#1032) — thanks @suminhthanh.
+- Models: add Vercel AI Gateway auth choice + onboarding updates. (#1016) — thanks @timolins.
+- Sessions: add `session.identityLinks` for cross-platform DM session linking. (#1033) — thanks @thewilloftheshadow.
+- Hooks: add internal hooks system with bundled hooks, CLI tooling, and docs. (#1028) — thanks @ThomsenDrake.
+
+### Breaking
+- **BREAKING:** Channel auth now prefers config over env for Discord/Telegram/Matrix (env is fallback only). (#1040) — thanks @thewilloftheshadow.
+
+### Changes
+- Tools: improve `web_fetch` extraction using Readability (with fallback).
+- Tools: add Firecrawl fallback for `web_fetch` when configured.
+- Tools: send Chrome-like headers by default for `web_fetch` to improve extraction on bot-sensitive sites.
+- Tools: Firecrawl fallback now uses bot-circumvention + cache by default; remove basic HTML fallback when extraction fails.
+- Directory: unify `clawdbot directory` across channels and plugin channels.
+- UI: allow deleting sessions from the Control UI.
+- Skills: add user-invocable skill commands and expanded skill command registration.
+- Telegram: default reaction level to minimal and enable reaction notifications by default.
+- Telegram: allow reply-chain messages to bypass mention gating in groups. (#1038) — thanks @adityashaw2.
+- Messages: mirror delivered outbound text/media into session transcripts. (#1031) — thanks @TSavo.
+- Cron: isolated cron jobs now start a fresh session id on every run to prevent context buildup.
+- Docs: add `/help` hub, Node/npm PATH guide, and expand directory CLI docs.
+- Config: support env var substitution in config values. (#1044) — thanks @sebslight.
+- Health: add per-agent session summaries and account-level health details, and allow selective probes. (#1047) — thanks @gumadeiras.
+
+### Fixes
+- Sub-agents: route announce delivery through the correct channel account IDs. (#1061, #1058) — thanks @adam91holt.
+- Telegram: split long media captions into follow-up text messages in bot delivery. (#1063) — thanks @mukhtharcm.
+- Repo: fix oxlint config filename and move ignore pattern into config. (#1064) — thanks @connorshea.
+- Messages: `/stop` now hard-aborts queued followups and sub-agent runs; suppress zero-count stop notes.
+- Sessions: reset `compactionCount` on `/new` and `/reset`, and preserve `sessions.json` file mode (0600).
+- Sessions: repair orphaned user turns before embedded prompts.
+- Channels: treat replies to the bot as implicit mentions across supported channels.
+- Browser: remote profile tab operations prefer persistent Playwright and avoid silent HTTP fallbacks. (#1057) — thanks @mukhtharcm.
+- Browser: remote profile tab ops follow-up: shared Playwright loader, Playwright-based focus, and more coverage (incl. opt-in live Browserless test). (follow-up to #1057) — thanks @mukhtharcm.
+- WhatsApp: scope self-chat response prefix; inject pending-only group history and clear after any processed message.
+- Agents: drop unsigned Gemini tool calls and avoid JSON Schema `format` keyword collisions.
+- Agents: avoid duplicate sends by replying with `NO_REPLY` after `message` tool sends.
+- Auth: inherit/merge sub-agent auth profiles from the main agent.
+- Gateway: resolve local auth for security probe and validate gateway token/password file modes. (#1011, #1022) — thanks @ivanrvpereira, @kkarimi.
+- Signal/iMessage: bound transport readiness waits to 30s with periodic logging. (#1014) — thanks @Szpadel.
+- OpenAI image-gen: remove deprecated `response_format` and use URL downloads.
+- CLI: auto-update global installs when installed via a package manager.
+- Routing: migrate legacy `accountID` bindings to `accountId` and remove legacy fallback lookups. (#1047) — thanks @gumadeiras.
+- Discord: truncate skill command descriptions to 100 chars for slash command limits. (#1018) — thanks @evalexpr.
+- Security: bump `tar` to 7.5.3.
+- Models: align ZAI thinking toggles.
+
+## 2026.1.15
+
+### Highlights
+- Plugins: add provider auth registry + `clawdbot models auth login` for plugin-driven OAuth/API key flows.
+- Browser: improve remote CDP/Browserless support (auth passthrough, `wss` upgrade, timeouts, clearer errors).
+- Heartbeat: per-agent configuration + 24h duplicate suppression. (#980) — thanks @voidserf.
+- Security: audit warns on weak model tiers; app nodes store auth tokens encrypted (Keychain/SecurePrefs).
+
+### Breaking
+- **BREAKING:** iOS minimum version is now 18.0 to support Textual markdown rendering in native chat. (#702)
+- **BREAKING:** Microsoft Teams is now a plugin; install `@clawdbot/msteams` via `clawdbot plugins install @clawdbot/msteams`.
+- **BREAKING:** Channel auth now prefers config over env for Discord/Telegram/Matrix (env is fallback only). (#1040) — thanks @thewilloftheshadow.
+
+### Changes
+- UI/Apps: move channel/config settings to schema-driven forms and rename Connections → Channels. (#1040) — thanks @thewilloftheshadow.
+- CLI: set process titles to `clawdbot-<command>` for clearer process listings.
+- CLI/macOS: sync remote SSH target/identity to config and let `gateway status` auto-infer SSH targets (ssh-config aware).
+- Telegram: scope inline buttons with allowlist default + callback gating in DMs/groups.
+- Telegram: default reaction notifications to own.
+- Tools: improve `web_fetch` extraction using Readability (with fallback).
+- Heartbeat: tighten prompt guidance + suppress duplicate alerts for 24h. (#980) — thanks @voidserf.
+- Repo: ignore local identity files to avoid accidental commits. (#1001) — thanks @gerardward2007.
+- Sessions/Security: add `session.dmScope` for multi-user DM isolation and audit warnings. (#948) — thanks @Alphonse-arianee.
+- Plugins: add provider auth registry + `clawdbot models auth login` for plugin-driven OAuth/API key flows.
+- Onboarding: switch channels setup to a single-select loop with per-channel actions and disabled hints in the picker.
+- TUI: show provider/model labels for the active session and default model.
+- Heartbeat: add per-agent heartbeat configuration and multi-agent docs example.
+- UI: show gateway auth guidance + doc link on unauthorized Control UI connections.
+- UI: add session deletion action in Control UI sessions list. (#1017) — thanks @Szpadel.
+- Security: warn on weak model tiers (Haiku, below GPT-5, below Claude 4.5) in `clawdbot security audit`.
+- Apps: store node auth tokens encrypted (Keychain/SecurePrefs).
+- Daemon: share profile/state-dir resolution across service helpers and honor `CLAWDBOT_STATE_DIR` for Windows task scripts.
+- Docs: clarify multi-gateway rescue bot guidance. (#969) — thanks @bjesuiter.
+- Agents: add Current Date & Time system prompt section with configurable time format (auto/12/24).
+- Tools: normalize Slack/Discord message timestamps with `timestampMs`/`timestampUtc` while keeping raw provider fields.
+- macOS: add `system.which` for prompt-free remote skill discovery (with gateway fallback to `system.run`).
+- Docs: add Date & Time guide and update prompt/timezone configuration docs.
+- Messages: debounce rapid inbound messages across channels with per-connector overrides. (#971) — thanks @juanpablodlc.
+- Messages: allow media-only sends (CLI/tool) and show Telegram voice recording status for voice notes. (#957) — thanks @rdev.
+- Auth/Status: keep auth profiles sticky per session (rotate on compaction/new), surface provider usage headers in `/status` and `clawdbot models status`, and update docs.
+- CLI: add `--json` output for `clawdbot daemon` lifecycle/install commands.
+- Memory: make `node-llama-cpp` an optional dependency (avoid Node 25 install failures) and improve local-embeddings fallback/errors.
+- Browser: add `snapshot refs=aria` (Playwright aria-ref ids) for self-resolving refs across `snapshot` → `act`.
+- Browser: `profile="chrome"` now defaults to host control and returns clearer “attach a tab” errors.
+- Browser: prefer stable Chrome for auto-detect, with Brave/Edge fallbacks and updated docs. (#983) — thanks @cpojer.
+- Browser: increase remote CDP reachability timeouts + add `remoteCdpTimeoutMs`/`remoteCdpHandshakeTimeoutMs`.
+- Browser: preserve auth/query tokens for remote CDP endpoints and pass Basic auth for CDP HTTP/WS. (#895) — thanks @mukhtharcm.
+- Telegram: add bidirectional reaction support with configurable notifications and agent guidance. (#964) — thanks @bohdanpodvirnyi.
+- Telegram: allow custom commands in the bot menu (merged with native; conflicts ignored). (#860) — thanks @nachoiacovino.
+- Discord: allow allowlisted guilds without channel lists to receive messages when `groupPolicy="allowlist"`. — thanks @thewilloftheshadow.
+- Discord: allow emoji/sticker uploads + channel actions in config defaults. (#870) — thanks @JDIVE.
+
+### Fixes
+- Messages: make `/stop` clear queued followups and pending session lane work for a hard abort.
+- Messages: make `/stop` abort active sub-agent runs spawned from the requester session and report how many were stopped.
+- WhatsApp: report linked status consistently in channel status. (#1050) — thanks @YuriNachos.
+- Sessions: keep per-session overrides when `/new` resets compaction counters. (#1050) — thanks @YuriNachos.
+- Skills: allow OpenAI image-gen helper to handle URL or base64 responses. (#1050) — thanks @YuriNachos.
+- WhatsApp: default response prefix only for self-chat, using identity name when set.
+- Signal/iMessage: bound transport readiness waits to 30s with periodic logging. (#1014) — thanks @Szpadel.
+- iMessage: treat missing `imsg rpc` support as fatal to avoid restart loops.
+- Auth: merge main auth profiles into per-agent stores for sub-agents and document inheritance. (#1013) — thanks @marcmarg.
+- Agents: avoid JSON Schema `format` collisions in tool params by renaming snapshot format fields. (#1013) — thanks @marcmarg.
+- Fix: make `clawdbot update` auto-update global installs when installed via a package manager.
+- Fix: list model picker entries as provider/model pairs for explicit selection. (#970) — thanks @mcinteerj.
+- Fix: align OpenAI image-gen defaults with DALL-E 3 standard quality and document output formats. (#880) — thanks @mkbehr.
+- Fix: persist `gateway.mode=local` after selecting Local run mode in `clawdbot configure`, even if no other sections are chosen.
+- Daemon: fix profile-aware service label resolution (env-driven) and add coverage for launchd/systemd/schtasks. (#969) — thanks @bjesuiter.
+- Agents: avoid false positives when logging unsupported Google tool schema keywords.
+- Agents: skip Gemini history downgrades for google-antigravity to preserve tool calls. (#894) — thanks @mukhtharcm.
+- Status: restore usage summary line for current provider when no OAuth profiles exist.
+- Fix: guard model fallback against undefined provider/model values. (#954) — thanks @roshanasingh4.
+- Fix: refactor session store updates, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.
+- Fix: clean up suspended CLI processes across backends. (#978) — thanks @Nachx639.
+- Fix: support MiniMax coding plan usage responses with `model_remains`/`current_interval_*` payloads.
+- Fix: honor message tool channel for duplicate suppression (prefer `NO_REPLY` after `message` tool sends). (#1053) — thanks @sashcatanzarite.
+- Fix: suppress WhatsApp pairing replies for historical catch-up DMs on initial link. (#904)
+- Browser: extension mode recovers when only one tab is attached (stale targetId fallback).
+- Browser: fix `tab not found` for extension relay snapshots/actions when Playwright blocks `newCDPSession` (use the single available Page).
+- Browser: upgrade `ws` → `wss` when remote CDP uses `https` (fixes Browserless handshake).
+- Telegram: skip `message_thread_id=1` for General topic sends while keeping typing indicators. (#848) — thanks @azade-c.
+- Fix: sanitize user-facing error text + strip `<final>` tags across reply pipelines. (#975) — thanks @ThomsenDrake.
+- Fix: normalize pairing CLI aliases, allow extension channels, and harden Zalo webhook payload parsing. (#991) — thanks @longmaba.
+- Fix: allow local Tailscale Serve hostnames without treating tailnet clients as direct. (#885) — thanks @oswalpalash.
+- Fix: reset sessions after role-ordering conflicts to recover from consecutive user turns. (#998)

 ## 2026.1.14-1

@@ -13,98 +146,56 @@
 - Security: expanded `clawdbot security audit` (+ `--fix`), detect-secrets CI scan, and a `SECURITY.md` reporting policy.

 ### Changes
-#### Web Tools
- Tools: add `web_search`/`web_fetch` (Brave API), including helpful setup hints when the key is missing.
- Tools: enable `web_fetch` by default (unless explicitly disabled in config).
- CLI/Docs: add `clawdbot configure --section web` for storing Brave API keys and update onboarding tips.
-
-#### Browser / Control UI
- Browser: add Chrome extension relay takeover mode (toolbar button) + `clawdbot browser serve` remote control + `browser.controlToken`.
- Browser: ship a built-in `chrome` profile for extension relay and start the relay automatically when running locally.
- Browser: default `browser.defaultProfile` to `chrome` (existing Chrome takeover mode).
- Browser: add `clawdbot browser extension install/path` and copy extension path to clipboard.
- Browser: add `snapshot refs=aria` (Playwright aria-ref ids) for self-resolving refs across `snapshot` → `act`.
- Browser: `profile="chrome"` now defaults to host control and returns clearer “attach a tab” errors.
- Browser: extension mode recovers when only one tab is attached (stale targetId fallback).
- Browser: fix `tab not found` for extension relay snapshots/actions when Playwright blocks `newCDPSession` (use the single available Page).
- Control UI: show raw any-map entries in config views; move Docs link into the left nav.
-
-#### Plugins
- Plugins: add plugin HTTP hooks + loader updates to support channel plugins. (#854) — thanks @longmaba.
- Plugins: add onboarding plugin install flow. (#854) — thanks @longmaba.
- Channels: add Matrix plugin (external) with docs + onboarding hooks.
- Voice Call: add Plivo provider (no SDK dependency). (#846) — thanks @vrknetha.
-
-#### Security
- Security: expand `clawdbot security audit` checks and publish a `SECURITY.md` reporting policy.
- Security: extend `clawdbot security audit --fix` to tighten more sensitive state paths.
- Security: add detect-secrets CI scan and baseline guidance. (#227) — thanks @Hyaxia.
-
-#### Onboarding / Daemon
- Onboarding: add a security checkpoint prompt (docs link + sandboxing hint); require `--accept-risk` for `--non-interactive`.
- Daemon: support profile-aware service names for multi-gateway setups. (#671) — thanks @bjesuiter.
-
-#### Auth / Usage / Config
- Usage: add MiniMax coding plan usage tracking.
- Auth: label Claude Code CLI auth options. (#915) — thanks @SeanZoR.
- Agents: add optional auth-profile copy prompt on `agents add` and improve auth error messaging.
- Auth: add dynamic template variables to `messages.responsePrefix`. (#928) — thanks @sebslight.
- Config: add `channels.<provider>.configWrites` gating for channel-initiated config writes; migrate Slack channel IDs.
-
-#### Channels
- Telegram: add message delete action in the message tool. (#903) — thanks @sleontenko.
- WhatsApp: add `channels.whatsapp.sendReadReceipts` to disable auto read receipts. (#882) — thanks @chrisrodz.
-
-#### Docs
 - Docs: clarify per-agent auth stores, sandboxed skill binaries, and elevated semantics.
 - Docs: add FAQ entries for missing provider auth after adding agents and Gemini thinking signature errors.
+- Agents: add optional auth-profile copy prompt on `agents add` and improve auth error messaging.
+- Security: expand `clawdbot security audit` checks (model hygiene, config includes, plugin allowlists, exposure matrix) and extend `--fix` to tighten more sensitive state paths.
+- Security: add `SECURITY.md` reporting policy.
+- Channels: add Matrix plugin (external) with docs + onboarding hooks.
+- Plugins: add Zalo channel plugin with gateway HTTP hooks and onboarding install prompt. (#854) — thanks @longmaba.
+- Onboarding: add a security checkpoint prompt (docs link + sandboxing hint); require `--accept-risk` for `--non-interactive`.
 - Docs: expand gateway security hardening guidance and incident response checklist.
 - Docs: document DM history limits for channel DMs. (#883) — thanks @pkrmf.
- Docs: standardize Claude Code CLI naming across docs and prompts. (follow-up to #915)
- Docs: add per-command CLI doc pages and link them from `clawdbot <command> --help`.
- Docs: add multi-gateway guide (sidebar + nav).
+- Security: add detect-secrets CI scan and baseline guidance. (#227) — thanks @Hyaxia.
+- Tools: add `web_search`/`web_fetch` (Brave API), auto-enable `web_fetch` for sandboxed sessions, and remove the `brave-search` skill.
+- CLI/Docs: add a web tools configure section for storing Brave API keys and update onboarding tips.
+- Browser: add Chrome extension relay takeover mode (toolbar button), plus `clawdbot browser extension install/path` and remote browser control via `clawdbot browser serve` + `browser.controlToken`.

 ### Fixes
-
-#### Gateway / Daemon / Sessions
- Gateway: forward termination signals to respawned CLI child processes to avoid orphaned systemd runs. (#933) — thanks @roshanasingh4.
- Gateway/UI: ship session defaults in the hello snapshot so the Control UI canonicalizes main session keys (no bare `main` alias).
- Agents: skip thinking/final tag stripping inside Markdown code spans. (#939) — thanks @ngutman.
+- Sessions: refactor session store updates to lock + mutate per-entry, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.
 - Browser: add tests for snapshot labels/efficient query params and labeled image responses.
- Browser: persist role snapshot refs per CDP target so `snapshot` → `act` clicks work even if Playwright returns a different Page instance.
- macOS: ensure launchd log directory exists with a test-only override. (#909) — thanks @roshanasingh4.
- macOS: format ConnectionsStore config to satisfy SwiftFormat lint. (#852) — thanks @mneves75.
- Packaging: run `pnpm build` on `prepack` so npm publishes include fresh `dist/` output.
- Telegram: register dock native commands with underscores to avoid `BOT_COMMAND_INVALID` (#929, fixes #901) — thanks @grp06.
 - Google: downgrade unsigned thinking blocks before send to avoid missing signature errors.
- Agents: make user time zone and 24-hour time explicit in the system prompt. (#859) — thanks @CashWilliams.
- Agents: strip downgraded tool call text without eating adjacent replies and filter thinking-tag leaks. (#905) — thanks @erikpr1994.
- Agents: cap tool call IDs for OpenAI/OpenRouter to avoid request rejections. (#875) — thanks @j1philli.
 - Doctor: avoid re-adding WhatsApp config when only legacy ack reactions are set. (#927, fixes #900) — thanks @grp06.
 - Agents: scrub tuple `items` schemas for Gemini tool calls. (#926, fixes #746) — thanks @grp06.
+- Agents: harden Antigravity Claude history/tool-call sanitization. (#968) — thanks @rdev.
 - Agents: stabilize sub-agent announce status from runtime outcomes and normalize Result/Notes. (#835) — thanks @roshanasingh4.
- Apps: use canonical main session keys from gateway defaults across macOS/iOS/Android to avoid creating bare `main` sessions.
 - Embedded runner: suppress raw API error payloads from replies. (#924) — thanks @grp06.
 - Auth: normalize Claude Code CLI profile mode to oauth and auto-migrate config. (#855) — thanks @sebslight.
 - Daemon: clear persisted launchd disabled state before bootstrap (fixes `daemon install` after uninstall). (#849) — thanks @ndraiman.
- Sessions: return deep clones (`structuredClone`) so cached session entries can't be mutated. (#934) — thanks @ronak-guliani.
- Heartbeat: keep `updatedAt` monotonic when restoring heartbeat sessions. (#934) — thanks @ronak-guliani.
- Agent: clear run context after CLI runs (`clearAgentRunContext`) to avoid runaway contexts. (#934) — thanks @ronak-guliani.
- Gateway/Dev: ensure `pnpm gateway:dev` always uses the dev profile config + state (`~/.clawdbot-dev`).
+- Logging: tolerate `EIO` from console writes to avoid gateway crashes. (#925, fixes #878) — thanks @grp06.
+- Sandbox: restore `docker.binds` config validation for custom bind mounts. (#873) — thanks @akonyer.
+- Sandbox: preserve configured PATH for `docker exec` so custom tools remain available. (#873) — thanks @akonyer.
+- Slack: respect `channels.slack.requireMention` default when resolving channel mention gating. (#850) — thanks @evalexpr.
+- Telegram: aggregate split inbound messages into one prompt (reduces “one reply per fragment”).
+- Auto-reply: treat trailing `NO_REPLY` tokens as silent replies.
+- Config: prevent partial config writes from clobbering unrelated settings (base hash guard + merge patch for connection saves).

-#### CLI / Onboarding
- Onboarding: show web search setup at the end (not the beginning).
- Onboarding: show daemon install/restart progress (avoid “blinking cursor”) and fix daemon install output formatting.
- Health: colorize “not configured” provider lines for easier scanning.
+## 2026.1.14

-#### Control UI / TUI
- Control UI: load cron run history on job selection and clarify empty-state messaging. (#866)
- UI: use application-defined WebSocket close code and fix dashboard auth query items. (#918) — thanks @rahthakor.
- UI: always apply `?token=` from URL (fixes unauthorized after re-onboard).
- Browser: add tests for snapshot labels/efficient query params and labeled image responses.
+### Changes
+- Usage: add MiniMax coding plan usage tracking.
+- Auth: label Claude Code CLI auth options. (#915) — thanks @SeanZoR.
+- Docs: standardize Claude Code CLI naming across docs and prompts. (follow-up to #915)
+- Telegram: add message delete action in the message tool. (#903) — thanks @sleontenko.
+- Config: add `channels.<provider>.configWrites` gating for channel-initiated config writes; migrate Slack channel IDs.
+
+### Fixes
+ - Mac: pass auth token/password to dashboard URL for authenticated access. (#918) — thanks @rahthakor.
+ - UI: use application-defined WebSocket close code (browser compatibility). (#918) — thanks @rahthakor.
 - TUI: render picker overlays via the overlay stack so /models and /settings display. (#921) — thanks @grizzdank.
 - TUI: add a bright spinner + elapsed time in the status line for send/stream/run states.
 - TUI: show LLM error messages (rate limits, auth, etc.) instead of `(no output)`.
+- Gateway/Dev: ensure `pnpm gateway:dev` always uses the dev profile config + state (`~/.clawdbot-dev`).

 #### Agents / Auth / Tools / Sandbox
 - Agents: make user time zone and 24-hour time explicit in the system prompt. (#859) — thanks @CashWilliams.
@@ -123,34 +214,17 @@
 - macOS: format ConnectionsStore config to satisfy SwiftFormat lint. (#852) — thanks @mneves75.
 - macOS: pass auth token/password to dashboard URL for authenticated access. (#918) — thanks @rahthakor.
 - macOS: reuse launchd gateway auth and skip wizard when gateway config already exists. (#917)
+- macOS: prefer the default bridge tunnel port in remote mode for node bridge connectivity; document macOS remote control + bridge tunnels. (#960, fixes #865) — thanks @kkarimi.
 - Apps: use canonical main session keys from gateway defaults across macOS/iOS/Android to avoid creating bare `main` sessions.
 - macOS: fix cron preview/testing payload to use `channel` key. (#867) — thanks @wes-davis.
- macOS: update cron testing channel arg. (#896) — thanks @ngutman.
-
-#### Channels / Messaging
- Slack: isolate thread history and avoid inheriting channel transcripts for new threads by default. (#758)
- Slack: respect `channels.slack.requireMention` default when resolving channel mention gating. (#850) — thanks @evalexpr.
- Slack: drop Socket Mode events with mismatched `api_app_id`/`team_id`. (#889) — thanks @roshanasingh4.
- Commands: add native command argument menus across Discord/Slack/Telegram. (#936) — thanks @thewilloftheshadow.
- Discord: isolate autoThread thread context. (#856) — thanks @davidguttman.
 - Telegram: honor `channels.telegram.timeoutSeconds` for grammY API requests. (#863) — thanks @Snaver.
- Telegram: aggregate split inbound messages into one prompt (reduces “one reply per fragment”).
- Telegram: let control commands bypass per-chat sequentialization; always allow abort triggers.
- Telegram: split long captions into media + follow-up text messages. (#907) — thanks @jalehman.
+- Telegram: split long captions into media + follow-up text messages. (#907) - thanks @jalehman.
 - Telegram: migrate group config when supergroups change chat IDs. (#906) — thanks @sleontenko.
- Telegram: register dock native commands with underscores to avoid `BOT_COMMAND_INVALID` (#929, fixes #901) — thanks @grp06.
 - Messaging: unify markdown formatting + format-first chunking for Slack/Telegram/Signal. (#920) — thanks @TheSethRose.
- iMessage: prefer handle routing for direct-message replies; include imsg RPC error details. (#935)
+- Slack: drop Socket Mode events with mismatched `api_app_id`/`team_id`. (#889) — thanks @roshanasingh4.
+- Discord: isolate autoThread thread context. (#856) — thanks @davidguttman.
 - WhatsApp: fix context isolation using wrong ID (was bot's number, now conversation ID). (#911) — thanks @tristanmanchester.
 - WhatsApp: normalize user JIDs with device suffix for allowlist checks in groups. (#838) — thanks @peschee.
- WhatsApp: harden owner command auth.
- Auto-reply: treat trailing `NO_REPLY` tokens as silent replies.
-
-#### Config / Doctor / Packaging
- Config: prevent partial config writes from clobbering unrelated settings (base hash guard + merge patch for connection saves).
- Config/Doctor: remove legacy Clawdis env fallbacks and config/service migrations (Clawdbot-only).
- Doctor: avoid re-adding WhatsApp config when only legacy ack reactions are set. (#927, fixes #900) — thanks @grp06.
- Packaging: run `pnpm build` on `prepack` so npm publishes include fresh `dist/` output.

 ## 2026.1.13

@@ -163,6 +237,7 @@
 ### Fixes
 - Packaging: include `dist/memory/**` in the npm tarball (fixes `ERR_MODULE_NOT_FOUND` for `dist/memory/index.js`).
 - Agents: persist sub-agent registry across gateway restarts and resume announce flow safely. (#831) — thanks @roshanasingh4.
+- Agents: strip invalid Gemini thought signatures from OpenRouter history to avoid 400s. (#841, #845) — thanks @MatthieuBizien.

 ## 2026.1.12-1

--- a/2
+++ b/2
@@ -25,6 +25,8 @@ RUN pnpm install --frozen-lockfile

 COPY . .
 RUN pnpm build
+# Force pnpm for UI build (Bun may fail on ARM/Synology architectures)
+ENV CLAWDBOT_PREFER_PNPM=1
 RUN pnpm ui:install
 RUN pnpm ui:build

--- a/2
+++ b/2
--- a/README.md
+++ b/README.md
@@ -474,22 +474,24 @@ Core contributors:
 Thanks to all clawtributors:

 <p align="left">
-  <a href="https://github.com/steipete"><img src="https://avatars.githubusercontent.com/u/58493?v=4&s=48" width="48" height="48" alt="steipete" title="steipete"/></a> <a href="https://github.com/joaohlisboa"><img src="https://avatars.githubusercontent.com/u/8200873?v=4&s=48" width="48" height="48" alt="joaohlisboa" title="joaohlisboa"/></a> <a href="https://github.com/mneves75"><img src="https://avatars.githubusercontent.com/u/2423436?v=4&s=48" width="48" height="48" alt="mneves75" title="mneves75"/></a> <a href="https://github.com/rahthakor"><img src="https://avatars.githubusercontent.com/u/8470553?v=4&s=48" width="48" height="48" alt="rahthakor" title="rahthakor"/></a> <a href="https://github.com/joshp123"><img src="https://avatars.githubusercontent.com/u/1497361?v=4&s=48" width="48" height="48" alt="joshp123" title="joshp123"/></a> <a href="https://github.com/mukhtharcm"><img src="https://avatars.githubusercontent.com/u/56378562?v=4&s=48" width="48" height="48" alt="mukhtharcm" title="mukhtharcm"/></a> <a href="https://github.com/maxsumrall"><img src="https://avatars.githubusercontent.com/u/628843?v=4&s=48" width="48" height="48" alt="maxsumrall" title="maxsumrall"/></a> <a href="https://github.com/xadenryan"><img src="https://avatars.githubusercontent.com/u/165437834?v=4&s=48" width="48" height="48" alt="xadenryan" title="xadenryan"/></a> <a href="https://github.com/tobiasbischoff"><img src="https://avatars.githubusercontent.com/u/711564?v=4&s=48" width="48" height="48" alt="Tobias Bischoff" title="Tobias Bischoff"/></a> <a href="https://github.com/hsrvc"><img src="https://avatars.githubusercontent.com/u/129702169?v=4&s=48" width="48" height="48" alt="hsrvc" title="hsrvc"/></a>
-  <a href="https://github.com/magimetal"><img src="https://avatars.githubusercontent.com/u/36491250?v=4&s=48" width="48" height="48" alt="magimetal" title="magimetal"/></a> <a href="https://github.com/meaningfool"><img src="https://avatars.githubusercontent.com/u/2862331?v=4&s=48" width="48" height="48" alt="meaningfool" title="meaningfool"/></a> <a href="https://github.com/NicholasSpisak"><img src="https://avatars.githubusercontent.com/u/129075147?v=4&s=48" width="48" height="48" alt="NicholasSpisak" title="NicholasSpisak"/></a> <a href="https://github.com/AbhisekBasu1"><img src="https://avatars.githubusercontent.com/u/40645221?v=4&s=48" width="48" height="48" alt="abhisekbasu1" title="abhisekbasu1"/></a> <a href="https://github.com/claude"><img src="https://avatars.githubusercontent.com/u/81847?v=4&s=48" width="48" height="48" alt="claude" title="claude"/></a> <a href="https://github.com/jamesgroat"><img src="https://avatars.githubusercontent.com/u/2634024?v=4&s=48" width="48" height="48" alt="jamesgroat" title="jamesgroat"/></a> <a href="https://github.com/Hyaxia"><img src="https://avatars.githubusercontent.com/u/36747317?v=4&s=48" width="48" height="48" alt="Hyaxia" title="Hyaxia"/></a> <a href="https://github.com/dantelex"><img src="https://avatars.githubusercontent.com/u/631543?v=4&s=48" width="48" height="48" alt="dantelex" title="dantelex"/></a> <a href="https://github.com/daveonkels"><img src="https://avatars.githubusercontent.com/u/533642?v=4&s=48" width="48" height="48" alt="daveonkels" title="daveonkels"/></a> <a href="https://github.com/vrknetha"><img src="https://avatars.githubusercontent.com/u/20596261?v=4&s=48" width="48" height="48" alt="vrknetha" title="vrknetha"/></a>
-  <a href="https://github.com/radek-paclt"><img src="https://avatars.githubusercontent.com/u/50451445?v=4&s=48" width="48" height="48" alt="radek-paclt" title="radek-paclt"/></a> <a href="https://github.com/mteam88"><img src="https://avatars.githubusercontent.com/u/84196639?v=4&s=48" width="48" height="48" alt="mteam88" title="mteam88"/></a> <a href="https://github.com/omniwired"><img src="https://avatars.githubusercontent.com/u/322761?v=4&s=48" width="48" height="48" alt="Eng. Juan Combetto" title="Eng. Juan Combetto"/></a> <a href="https://github.com/dbhurley"><img src="https://avatars.githubusercontent.com/u/5251425?v=4&s=48" width="48" height="48" alt="dbhurley" title="dbhurley"/></a> <a href="https://github.com/mbelinky"><img src="https://avatars.githubusercontent.com/u/132747814?v=4&s=48" width="48" height="48" alt="Mariano Belinky" title="Mariano Belinky"/></a> <a href="https://github.com/julianengel"><img src="https://avatars.githubusercontent.com/u/10634231?v=4&s=48" width="48" height="48" alt="julianengel" title="julianengel"/></a> <a href="https://github.com/benithors"><img src="https://avatars.githubusercontent.com/u/20652882?v=4&s=48" width="48" height="48" alt="benithors" title="benithors"/></a> <a href="https://github.com/sreekaransrinath"><img src="https://avatars.githubusercontent.com/u/50989977?v=4&s=48" width="48" height="48" alt="sreekaransrinath" title="sreekaransrinath"/></a> <a href="https://github.com/gupsammy"><img src="https://avatars.githubusercontent.com/u/20296019?v=4&s=48" width="48" height="48" alt="gupsammy" title="gupsammy"/></a> <a href="https://github.com/cristip73"><img src="https://avatars.githubusercontent.com/u/24499421?v=4&s=48" width="48" height="48" alt="cristip73" title="cristip73"/></a>
-  <a href="https://github.com/nachoiacovino"><img src="https://avatars.githubusercontent.com/u/50103937?v=4&s=48" width="48" height="48" alt="nachoiacovino" title="nachoiacovino"/></a> <a href="https://github.com/vsabavat"><img src="https://avatars.githubusercontent.com/u/50385532?v=4&s=48" width="48" height="48" alt="Vasanth Rao Naik Sabavat" title="Vasanth Rao Naik Sabavat"/></a> <a href="https://github.com/lc0rp"><img src="https://avatars.githubusercontent.com/u/2609441?v=4&s=48" width="48" height="48" alt="lc0rp" title="lc0rp"/></a> <a href="https://github.com/scald"><img src="https://avatars.githubusercontent.com/u/1215913?v=4&s=48" width="48" height="48" alt="scald" title="scald"/></a> <a href="https://github.com/andranik-sahakyan"><img src="https://avatars.githubusercontent.com/u/8908029?v=4&s=48" width="48" height="48" alt="andranik-sahakyan" title="andranik-sahakyan"/></a> <a href="https://github.com/Nachx639"><img src="https://avatars.githubusercontent.com/u/71144023?v=4&s=48" width="48" height="48" alt="nachx639" title="nachx639"/></a> <a href="https://github.com/davidguttman"><img src="https://avatars.githubusercontent.com/u/431696?v=4&s=48" width="48" height="48" alt="davidguttman" title="davidguttman"/></a> <a href="https://github.com/sleontenko"><img src="https://avatars.githubusercontent.com/u/7135949?v=4&s=48" width="48" height="48" alt="sleontenko" title="sleontenko"/></a> <a href="https://github.com/sircrumpet"><img src="https://avatars.githubusercontent.com/u/4436535?v=4&s=48" width="48" height="48" alt="sircrumpet" title="sircrumpet"/></a> <a href="https://github.com/peschee"><img src="https://avatars.githubusercontent.com/u/63866?v=4&s=48" width="48" height="48" alt="peschee" title="peschee"/></a>
-  <a href="https://github.com/rafaelreis-r"><img src="https://avatars.githubusercontent.com/u/57492577?v=4&s=48" width="48" height="48" alt="rafaelreis-r" title="rafaelreis-r"/></a> <a href="https://github.com/ratulsarna"><img src="https://avatars.githubusercontent.com/u/105903728?v=4&s=48" width="48" height="48" alt="ratulsarna" title="ratulsarna"/></a> <a href="https://github.com/lutr0"><img src="https://avatars.githubusercontent.com/u/76906369?v=4&s=48" width="48" height="48" alt="lutr0" title="lutr0"/></a> <a href="https://github.com/thewilloftheshadow"><img src="https://avatars.githubusercontent.com/u/35580099?v=4&s=48" width="48" height="48" alt="thewilloftheshadow" title="thewilloftheshadow"/></a> <a href="https://github.com/emanuelst"><img src="https://avatars.githubusercontent.com/u/9994339?v=4&s=48" width="48" height="48" alt="emanuelst" title="emanuelst"/></a> <a href="https://github.com/KristijanJovanovski"><img src="https://avatars.githubusercontent.com/u/8942284?v=4&s=48" width="48" height="48" alt="KristijanJovanovski" title="KristijanJovanovski"/></a> <a href="https://github.com/CashWilliams"><img src="https://avatars.githubusercontent.com/u/613573?v=4&s=48" width="48" height="48" alt="CashWilliams" title="CashWilliams"/></a> <a href="https://github.com/osolmaz"><img src="https://avatars.githubusercontent.com/u/2453968?v=4&s=48" width="48" height="48" alt="osolmaz" title="osolmaz"/></a> <a href="https://github.com/kiranjd"><img src="https://avatars.githubusercontent.com/u/25822851?v=4&s=48" width="48" height="48" alt="kiranjd" title="kiranjd"/></a> <a href="https://github.com/sebslight"><img src="https://avatars.githubusercontent.com/u/19554889?v=4&s=48" width="48" height="48" alt="sebslight" title="sebslight"/></a>
-  <a href="https://github.com/search?q=sheeek"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="sheeek" title="sheeek"/></a> <a href="https://github.com/onutc"><img src="https://avatars.githubusercontent.com/u/152018508?v=4&s=48" width="48" height="48" alt="onutc" title="onutc"/></a> <a href="https://github.com/ManuelHettich"><img src="https://avatars.githubusercontent.com/u/17690367?v=4&s=48" width="48" height="48" alt="manuelhettich" title="manuelhettich"/></a> <a href="https://github.com/minghinmatthewlam"><img src="https://avatars.githubusercontent.com/u/14224566?v=4&s=48" width="48" height="48" alt="minghinmatthewlam" title="minghinmatthewlam"/></a> <a href="https://github.com/myfunc"><img src="https://avatars.githubusercontent.com/u/19294627?v=4&s=48" width="48" height="48" alt="myfunc" title="myfunc"/></a> <a href="https://github.com/buddyh"><img src="https://avatars.githubusercontent.com/u/31752869?v=4&s=48" width="48" height="48" alt="buddyh" title="buddyh"/></a> <a href="https://github.com/mcinteerj"><img src="https://avatars.githubusercontent.com/u/3613653?v=4&s=48" width="48" height="48" alt="mcinteerj" title="mcinteerj"/></a> <a href="https://github.com/timkrase"><img src="https://avatars.githubusercontent.com/u/38947626?v=4&s=48" width="48" height="48" alt="timkrase" title="timkrase"/></a> <a href="https://github.com/obviyus"><img src="https://avatars.githubusercontent.com/u/22031114?v=4&s=48" width="48" height="48" alt="obviyus" title="obviyus"/></a> <a href="https://github.com/azade-c"><img src="https://avatars.githubusercontent.com/u/252790079?v=4&s=48" width="48" height="48" alt="azade-c" title="azade-c"/></a>
-  <a href="https://github.com/danielz1z"><img src="https://avatars.githubusercontent.com/u/235270390?v=4&s=48" width="48" height="48" alt="danielz1z" title="danielz1z"/></a> <a href="https://github.com/j1philli"><img src="https://avatars.githubusercontent.com/u/3744255?v=4&s=48" width="48" height="48" alt="Josh Phillips" title="Josh Phillips"/></a> <a href="https://github.com/bjesuiter"><img src="https://avatars.githubusercontent.com/u/2365676?v=4&s=48" width="48" height="48" alt="bjesuiter" title="bjesuiter"/></a> <a href="https://github.com/roshanasingh4"><img src="https://avatars.githubusercontent.com/u/88576930?v=4&s=48" width="48" height="48" alt="roshanasingh4" title="roshanasingh4"/></a> <a href="https://github.com/superman32432432"><img src="https://avatars.githubusercontent.com/u/7228420?v=4&s=48" width="48" height="48" alt="superman32432432" title="superman32432432"/></a> <a href="https://github.com/search?q=Yurii%20Chukhlib"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Yurii Chukhlib" title="Yurii Chukhlib"/></a> <a href="https://github.com/antons"><img src="https://avatars.githubusercontent.com/u/129705?v=4&s=48" width="48" height="48" alt="antons" title="antons"/></a> <a href="https://github.com/austinm911"><img src="https://avatars.githubusercontent.com/u/31991302?v=4&s=48" width="48" height="48" alt="austinm911" title="austinm911"/></a> <a href="https://github.com/apps/blacksmith-sh"><img src="https://avatars.githubusercontent.com/in/807020?v=4&s=48" width="48" height="48" alt="blacksmith-sh[bot]" title="blacksmith-sh[bot]"/></a> <a href="https://github.com/grp06"><img src="https://avatars.githubusercontent.com/u/1573959?v=4&s=48" width="48" height="48" alt="grp06" title="grp06"/></a>
-  <a href="https://github.com/HeimdallStrategy"><img src="https://avatars.githubusercontent.com/u/223014405?v=4&s=48" width="48" height="48" alt="HeimdallStrategy" title="HeimdallStrategy"/></a> <a href="https://github.com/imfing"><img src="https://avatars.githubusercontent.com/u/5097752?v=4&s=48" width="48" height="48" alt="imfing" title="imfing"/></a> <a href="https://github.com/jarvis-medmatic"><img src="https://avatars.githubusercontent.com/u/252428873?v=4&s=48" width="48" height="48" alt="jarvis-medmatic" title="jarvis-medmatic"/></a> <a href="https://github.com/mahmoudashraf93"><img src="https://avatars.githubusercontent.com/u/9130129?v=4&s=48" width="48" height="48" alt="mahmoudashraf93" title="mahmoudashraf93"/></a> <a href="https://github.com/petter-b"><img src="https://avatars.githubusercontent.com/u/62076402?v=4&s=48" width="48" height="48" alt="petter-b" title="petter-b"/></a> <a href="https://github.com/pkrmf"><img src="https://avatars.githubusercontent.com/u/1714267?v=4&s=48" width="48" height="48" alt="pkrmf" title="pkrmf"/></a> <a href="https://github.com/RandyVentures"><img src="https://avatars.githubusercontent.com/u/149904821?v=4&s=48" width="48" height="48" alt="RandyVentures" title="RandyVentures"/></a> <a href="https://github.com/dan-dr"><img src="https://avatars.githubusercontent.com/u/6669808?v=4&s=48" width="48" height="48" alt="dan-dr" title="dan-dr"/></a> <a href="https://github.com/erikpr1994"><img src="https://avatars.githubusercontent.com/u/6299331?v=4&s=48" width="48" height="48" alt="erikpr1994" title="erikpr1994"/></a> <a href="https://github.com/jalehman"><img src="https://avatars.githubusercontent.com/u/550978?v=4&s=48" width="48" height="48" alt="jalehman" title="jalehman"/></a>
-  <a href="https://github.com/jonasjancarik"><img src="https://avatars.githubusercontent.com/u/2459191?v=4&s=48" width="48" height="48" alt="jonasjancarik" title="jonasjancarik"/></a> <a href="https://github.com/search?q=Keith%20the%20Silly%20Goose"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Keith the Silly Goose" title="Keith the Silly Goose"/></a> <a href="https://github.com/search?q=L36%20Server"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="L36 Server" title="L36 Server"/></a> <a href="https://github.com/mitschabaude-bot"><img src="https://avatars.githubusercontent.com/u/247582884?v=4&s=48" width="48" height="48" alt="mitschabaude-bot" title="mitschabaude-bot"/></a> <a href="https://github.com/neist"><img src="https://avatars.githubusercontent.com/u/1029724?v=4&s=48" width="48" height="48" alt="neist" title="neist"/></a> <a href="https://github.com/chrisrodz"><img src="https://avatars.githubusercontent.com/u/2967620?v=4&s=48" width="48" height="48" alt="chrisrodz" title="chrisrodz"/></a> <a href="https://github.com/search?q=Friederike%20Seiler"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Friederike Seiler" title="Friederike Seiler"/></a> <a href="https://github.com/gabriel-trigo"><img src="https://avatars.githubusercontent.com/u/38991125?v=4&s=48" width="48" height="48" alt="gabriel-trigo" title="gabriel-trigo"/></a> <a href="https://github.com/Iamadig"><img src="https://avatars.githubusercontent.com/u/102129234?v=4&s=48" width="48" height="48" alt="iamadig" title="iamadig"/></a> <a href="https://github.com/search?q=Kit"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Kit" title="Kit"/></a>
-  <a href="https://github.com/koala73"><img src="https://avatars.githubusercontent.com/u/996596?v=4&s=48" width="48" height="48" alt="koala73" title="koala73"/></a> <a href="https://github.com/manmal"><img src="https://avatars.githubusercontent.com/u/142797?v=4&s=48" width="48" height="48" alt="manmal" title="manmal"/></a> <a href="https://github.com/ngutman"><img src="https://avatars.githubusercontent.com/u/1540134?v=4&s=48" width="48" height="48" alt="ngutman" title="ngutman"/></a> <a href="https://github.com/ogulcancelik"><img src="https://avatars.githubusercontent.com/u/7064011?v=4&s=48" width="48" height="48" alt="ogulcancelik" title="ogulcancelik"/></a> <a href="https://github.com/pasogott"><img src="https://avatars.githubusercontent.com/u/23458152?v=4&s=48" width="48" height="48" alt="pasogott" title="pasogott"/></a> <a href="https://github.com/petradonka"><img src="https://avatars.githubusercontent.com/u/7353770?v=4&s=48" width="48" height="48" alt="petradonka" title="petradonka"/></a> <a href="https://github.com/VACInc"><img src="https://avatars.githubusercontent.com/u/3279061?v=4&s=48" width="48" height="48" alt="VACInc" title="VACInc"/></a> <a href="https://github.com/zats"><img src="https://avatars.githubusercontent.com/u/2688806?v=4&s=48" width="48" height="48" alt="zats" title="zats"/></a> <a href="https://github.com/search?q=Chris%20Taylor"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Chris Taylor" title="Chris Taylor"/></a> <a href="https://github.com/djangonavarro220"><img src="https://avatars.githubusercontent.com/u/251162586?v=4&s=48" width="48" height="48" alt="Django Navarro" title="Django Navarro"/></a>
-  <a href="https://github.com/pcty-nextgen-service-account"><img src="https://avatars.githubusercontent.com/u/112553441?v=4&s=48" width="48" height="48" alt="pcty-nextgen-service-account" title="pcty-nextgen-service-account"/></a> <a href="https://github.com/rubyrunsstuff"><img src="https://avatars.githubusercontent.com/u/246602379?v=4&s=48" width="48" height="48" alt="rubyrunsstuff" title="rubyrunsstuff"/></a> <a href="https://github.com/Syhids"><img src="https://avatars.githubusercontent.com/u/671202?v=4&s=48" width="48" height="48" alt="Syhids" title="Syhids"/></a> <a href="https://github.com/search?q=Aaron%20Konyer"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Aaron Konyer" title="Aaron Konyer"/></a> <a href="https://github.com/erik-agens"><img src="https://avatars.githubusercontent.com/u/80908960?v=4&s=48" width="48" height="48" alt="erik-agens" title="erik-agens"/></a> <a href="https://github.com/evalexpr"><img src="https://avatars.githubusercontent.com/u/23485511?v=4&s=48" width="48" height="48" alt="evalexpr" title="evalexpr"/></a> <a href="https://github.com/fcatuhe"><img src="https://avatars.githubusercontent.com/u/17382215?v=4&s=48" width="48" height="48" alt="fcatuhe" title="fcatuhe"/></a> <a href="https://github.com/gumadeiras"><img src="https://avatars.githubusercontent.com/u/5599352?v=4&s=48" width="48" height="48" alt="gumadeiras" title="gumadeiras"/></a> <a href="https://github.com/henrino3"><img src="https://avatars.githubusercontent.com/u/4260288?v=4&s=48" width="48" height="48" alt="henrino3" title="henrino3"/></a> <a href="https://github.com/jayhickey"><img src="https://avatars.githubusercontent.com/u/1676460?v=4&s=48" width="48" height="48" alt="jayhickey" title="jayhickey"/></a>
-  <a href="https://github.com/jeffersonwarrior"><img src="https://avatars.githubusercontent.com/u/89030989?v=4&s=48" width="48" height="48" alt="jeffersonwarrior" title="jeffersonwarrior"/></a> <a href="https://github.com/search?q=jeffersonwarrior"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="jeffersonwarrior" title="jeffersonwarrior"/></a> <a href="https://github.com/jdrhyne"><img src="https://avatars.githubusercontent.com/u/7828464?v=4&s=48" width="48" height="48" alt="Jonathan D. Rhyne (DJ-D)" title="Jonathan D. Rhyne (DJ-D)"/></a> <a href="https://github.com/juanpablodlc"><img src="https://avatars.githubusercontent.com/u/92012363?v=4&s=48" width="48" height="48" alt="juanpablodlc" title="juanpablodlc"/></a> <a href="https://github.com/jverdi"><img src="https://avatars.githubusercontent.com/u/345050?v=4&s=48" width="48" height="48" alt="jverdi" title="jverdi"/></a> <a href="https://github.com/mickahouan"><img src="https://avatars.githubusercontent.com/u/31423109?v=4&s=48" width="48" height="48" alt="mickahouan" title="mickahouan"/></a> <a href="https://github.com/mjrussell"><img src="https://avatars.githubusercontent.com/u/1641895?v=4&s=48" width="48" height="48" alt="mjrussell" title="mjrussell"/></a> <a href="https://github.com/oswalpalash"><img src="https://avatars.githubusercontent.com/u/6431196?v=4&s=48" width="48" height="48" alt="oswalpalash" title="oswalpalash"/></a> <a href="https://github.com/p6l-richard"><img src="https://avatars.githubusercontent.com/u/18185649?v=4&s=48" width="48" height="48" alt="p6l-richard" title="p6l-richard"/></a> <a href="https://github.com/philipp-spiess"><img src="https://avatars.githubusercontent.com/u/458591?v=4&s=48" width="48" height="48" alt="philipp-spiess" title="philipp-spiess"/></a>
-  <a href="https://github.com/robaxelsen"><img src="https://avatars.githubusercontent.com/u/13132899?v=4&s=48" width="48" height="48" alt="robaxelsen" title="robaxelsen"/></a> <a href="https://github.com/search?q=Sash%20Catanzarite"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Sash Catanzarite" title="Sash Catanzarite"/></a> <a href="https://github.com/search?q=VAC"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="VAC" title="VAC"/></a> <a href="https://github.com/zknicker"><img src="https://avatars.githubusercontent.com/u/1164085?v=4&s=48" width="48" height="48" alt="zknicker" title="zknicker"/></a> <a href="https://github.com/adam91holt"><img src="https://avatars.githubusercontent.com/u/9592417?v=4&s=48" width="48" height="48" alt="adam91holt" title="adam91holt"/></a> <a href="https://github.com/search?q=alejandro%20maza"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="alejandro maza" title="alejandro maza"/></a> <a href="https://github.com/andrewting19"><img src="https://avatars.githubusercontent.com/u/10536704?v=4&s=48" width="48" height="48" alt="andrewting19" title="andrewting19"/></a> <a href="https://github.com/Asleep123"><img src="https://avatars.githubusercontent.com/u/122379135?v=4&s=48" width="48" height="48" alt="Asleep123" title="Asleep123"/></a> <a href="https://github.com/bolismauro"><img src="https://avatars.githubusercontent.com/u/771999?v=4&s=48" width="48" height="48" alt="bolismauro" title="bolismauro"/></a> <a href="https://github.com/cash-echo-bot"><img src="https://avatars.githubusercontent.com/u/252747386?v=4&s=48" width="48" height="48" alt="cash-echo-bot" title="cash-echo-bot"/></a>
-  <a href="https://github.com/search?q=Clawd"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Clawd" title="Clawd"/></a> <a href="https://github.com/conhecendocontato"><img src="https://avatars.githubusercontent.com/u/82890727?v=4&s=48" width="48" height="48" alt="conhecendocontato" title="conhecendocontato"/></a> <a href="https://github.com/search?q=Drake%20Thomsen"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Drake Thomsen" title="Drake Thomsen"/></a> <a href="https://github.com/gtsifrikas"><img src="https://avatars.githubusercontent.com/u/8904378?v=4&s=48" width="48" height="48" alt="gtsifrikas" title="gtsifrikas"/></a> <a href="https://github.com/HazAT"><img src="https://avatars.githubusercontent.com/u/363802?v=4&s=48" width="48" height="48" alt="HazAT" title="HazAT"/></a> <a href="https://github.com/hrdwdmrbl"><img src="https://avatars.githubusercontent.com/u/554881?v=4&s=48" width="48" height="48" alt="hrdwdmrbl" title="hrdwdmrbl"/></a> <a href="https://github.com/hugobarauna"><img src="https://avatars.githubusercontent.com/u/2719?v=4&s=48" width="48" height="48" alt="hugobarauna" title="hugobarauna"/></a> <a href="https://github.com/search?q=Jarvis"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jarvis" title="Jarvis"/></a> <a href="https://github.com/search?q=Jefferson%20Nunn"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jefferson Nunn" title="Jefferson Nunn"/></a> <a href="https://github.com/kitze"><img src="https://avatars.githubusercontent.com/u/1160594?v=4&s=48" width="48" height="48" alt="kitze" title="kitze"/></a>
-  <a href="https://github.com/kkarimi"><img src="https://avatars.githubusercontent.com/u/875218?v=4&s=48" width="48" height="48" alt="kkarimi" title="kkarimi"/></a> <a href="https://github.com/levifig"><img src="https://avatars.githubusercontent.com/u/1605?v=4&s=48" width="48" height="48" alt="levifig" title="levifig"/></a> <a href="https://github.com/search?q=Lloyd"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Lloyd" title="Lloyd"/></a> <a href="https://github.com/loukotal"><img src="https://avatars.githubusercontent.com/u/18210858?v=4&s=48" width="48" height="48" alt="loukotal" title="loukotal"/></a> <a href="https://github.com/search?q=Marc"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Marc" title="Marc"/></a> <a href="https://github.com/martinpucik"><img src="https://avatars.githubusercontent.com/u/5503097?v=4&s=48" width="48" height="48" alt="martinpucik" title="martinpucik"/></a> <a href="https://github.com/search?q=Miles"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Miles" title="Miles"/></a> <a href="https://github.com/mrdbstn"><img src="https://avatars.githubusercontent.com/u/58957632?v=4&s=48" width="48" height="48" alt="mrdbstn" title="mrdbstn"/></a> <a href="https://github.com/MSch"><img src="https://avatars.githubusercontent.com/u/7475?v=4&s=48" width="48" height="48" alt="MSch" title="MSch"/></a> <a href="https://github.com/search?q=Mustafa%20Tag%20Eldeen"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Mustafa Tag Eldeen" title="Mustafa Tag Eldeen"/></a>
-  <a href="https://github.com/ndraiman"><img src="https://avatars.githubusercontent.com/u/12609607?v=4&s=48" width="48" height="48" alt="ndraiman" title="ndraiman"/></a> <a href="https://github.com/nexty5870"><img src="https://avatars.githubusercontent.com/u/3869659?v=4&s=48" width="48" height="48" alt="nexty5870" title="nexty5870"/></a> <a href="https://github.com/prathamdby"><img src="https://avatars.githubusercontent.com/u/134331217?v=4&s=48" width="48" height="48" alt="prathamdby" title="prathamdby"/></a> <a href="https://github.com/reeltimeapps"><img src="https://avatars.githubusercontent.com/u/637338?v=4&s=48" width="48" height="48" alt="reeltimeapps" title="reeltimeapps"/></a> <a href="https://github.com/RLTCmpe"><img src="https://avatars.githubusercontent.com/u/10762242?v=4&s=48" width="48" height="48" alt="RLTCmpe" title="RLTCmpe"/></a> <a href="https://github.com/search?q=Rolf%20Fredheim"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Rolf Fredheim" title="Rolf Fredheim"/></a> <a href="https://github.com/search?q=Rony%20Kelner"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Rony Kelner" title="Rony Kelner"/></a> <a href="https://github.com/search?q=Samrat%20Jha"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Samrat Jha" title="Samrat Jha"/></a> <a href="https://github.com/siraht"><img src="https://avatars.githubusercontent.com/u/73152895?v=4&s=48" width="48" height="48" alt="siraht" title="siraht"/></a> <a href="https://github.com/snopoke"><img src="https://avatars.githubusercontent.com/u/249606?v=4&s=48" width="48" height="48" alt="snopoke" title="snopoke"/></a>
-  <a href="https://github.com/search?q=The%20Admiral"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="The Admiral" title="The Admiral"/></a> <a href="https://github.com/wes-davis"><img src="https://avatars.githubusercontent.com/u/16506720?v=4&s=48" width="48" height="48" alt="wes-davis" title="wes-davis"/></a> <a href="https://github.com/wstock"><img src="https://avatars.githubusercontent.com/u/1394687?v=4&s=48" width="48" height="48" alt="wstock" title="wstock"/></a> <a href="https://github.com/YuriNachos"><img src="https://avatars.githubusercontent.com/u/19365375?v=4&s=48" width="48" height="48" alt="YuriNachos" title="YuriNachos"/></a> <a href="https://github.com/search?q=Zach%20Knickerbocker"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Zach Knickerbocker" title="Zach Knickerbocker"/></a> <a href="https://github.com/search?q=Azade"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Azade" title="Azade"/></a> <a href="https://github.com/carlulsoe"><img src="https://avatars.githubusercontent.com/u/34673973?v=4&s=48" width="48" height="48" alt="carlulsoe" title="carlulsoe"/></a> <a href="https://github.com/cpojer"><img src="https://avatars.githubusercontent.com/u/13352?v=4&s=48" width="48" height="48" alt="cpojer" title="cpojer"/></a> <a href="https://github.com/search?q=ddyo"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="ddyo" title="ddyo"/></a> <a href="https://github.com/search?q=Erik"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Erik" title="Erik"/></a>
-  <a href="https://github.com/latitudeki5223"><img src="https://avatars.githubusercontent.com/u/119656367?v=4&s=48" width="48" height="48" alt="latitudeki5223" title="latitudeki5223"/></a> <a href="https://github.com/longmaba"><img src="https://avatars.githubusercontent.com/u/9361500?v=4&s=48" width="48" height="48" alt="longmaba" title="longmaba"/></a> <a href="https://github.com/search?q=Manuel%20Maly"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Manuel Maly" title="Manuel Maly"/></a> <a href="https://github.com/search?q=Mourad%20Boustani"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Mourad Boustani" title="Mourad Boustani"/></a> <a href="https://github.com/pcty-nextgen-ios-builder"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="pcty-nextgen-ios-builder" title="pcty-nextgen-ios-builder"/></a> <a href="https://github.com/search?q=Quentin"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Quentin" title="Quentin"/></a> <a href="https://github.com/search?q=Randy%20Torres"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Randy Torres" title="Randy Torres"/></a> <a href="https://github.com/ronak-guliani"><img src="https://avatars.githubusercontent.com/u/23518228?v=4&s=48" width="48" height="48" alt="ronak-guliani" title="ronak-guliani"/></a> <a href="https://github.com/thesash"><img src="https://avatars.githubusercontent.com/u/1166151?v=4&s=48" width="48" height="48" alt="thesash" title="thesash"/></a> <a href="https://github.com/search?q=William%20Stock"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="William Stock" title="William Stock"/></a>
+  <a href="https://github.com/steipete"><img src="https://avatars.githubusercontent.com/u/58493?v=4&s=48" width="48" height="48" alt="steipete" title="steipete"/></a> <a href="https://github.com/bohdanpodvirnyi"><img src="https://avatars.githubusercontent.com/u/31819391?v=4&s=48" width="48" height="48" alt="bohdanpodvirnyi" title="bohdanpodvirnyi"/></a> <a href="https://github.com/joaohlisboa"><img src="https://avatars.githubusercontent.com/u/8200873?v=4&s=48" width="48" height="48" alt="joaohlisboa" title="joaohlisboa"/></a> <a href="https://github.com/mneves75"><img src="https://avatars.githubusercontent.com/u/2423436?v=4&s=48" width="48" height="48" alt="mneves75" title="mneves75"/></a> <a href="https://github.com/MatthieuBizien"><img src="https://avatars.githubusercontent.com/u/173090?v=4&s=48" width="48" height="48" alt="MatthieuBizien" title="MatthieuBizien"/></a> <a href="https://github.com/rahthakor"><img src="https://avatars.githubusercontent.com/u/8470553?v=4&s=48" width="48" height="48" alt="rahthakor" title="rahthakor"/></a> <a href="https://github.com/vrknetha"><img src="https://avatars.githubusercontent.com/u/20596261?v=4&s=48" width="48" height="48" alt="vrknetha" title="vrknetha"/></a> <a href="https://github.com/joshp123"><img src="https://avatars.githubusercontent.com/u/1497361?v=4&s=48" width="48" height="48" alt="joshp123" title="joshp123"/></a> <a href="https://github.com/mukhtharcm"><img src="https://avatars.githubusercontent.com/u/56378562?v=4&s=48" width="48" height="48" alt="mukhtharcm" title="mukhtharcm"/></a> <a href="https://github.com/maxsumrall"><img src="https://avatars.githubusercontent.com/u/628843?v=4&s=48" width="48" height="48" alt="maxsumrall" title="maxsumrall"/></a>
+  <a href="https://github.com/xadenryan"><img src="https://avatars.githubusercontent.com/u/165437834?v=4&s=48" width="48" height="48" alt="xadenryan" title="xadenryan"/></a> <a href="https://github.com/tobiasbischoff"><img src="https://avatars.githubusercontent.com/u/711564?v=4&s=48" width="48" height="48" alt="Tobias Bischoff" title="Tobias Bischoff"/></a> <a href="https://github.com/juanpablodlc"><img src="https://avatars.githubusercontent.com/u/92012363?v=4&s=48" width="48" height="48" alt="juanpablodlc" title="juanpablodlc"/></a> <a href="https://github.com/hsrvc"><img src="https://avatars.githubusercontent.com/u/129702169?v=4&s=48" width="48" height="48" alt="hsrvc" title="hsrvc"/></a> <a href="https://github.com/magimetal"><img src="https://avatars.githubusercontent.com/u/36491250?v=4&s=48" width="48" height="48" alt="magimetal" title="magimetal"/></a> <a href="https://github.com/meaningfool"><img src="https://avatars.githubusercontent.com/u/2862331?v=4&s=48" width="48" height="48" alt="meaningfool" title="meaningfool"/></a> <a href="https://github.com/NicholasSpisak"><img src="https://avatars.githubusercontent.com/u/129075147?v=4&s=48" width="48" height="48" alt="NicholasSpisak" title="NicholasSpisak"/></a> <a href="https://github.com/AbhisekBasu1"><img src="https://avatars.githubusercontent.com/u/40645221?v=4&s=48" width="48" height="48" alt="abhisekbasu1" title="abhisekbasu1"/></a> <a href="https://github.com/claude"><img src="https://avatars.githubusercontent.com/u/81847?v=4&s=48" width="48" height="48" alt="claude" title="claude"/></a> <a href="https://github.com/jamesgroat"><img src="https://avatars.githubusercontent.com/u/2634024?v=4&s=48" width="48" height="48" alt="jamesgroat" title="jamesgroat"/></a>
+  <a href="https://github.com/Hyaxia"><img src="https://avatars.githubusercontent.com/u/36747317?v=4&s=48" width="48" height="48" alt="Hyaxia" title="Hyaxia"/></a> <a href="https://github.com/dantelex"><img src="https://avatars.githubusercontent.com/u/631543?v=4&s=48" width="48" height="48" alt="dantelex" title="dantelex"/></a> <a href="https://github.com/daveonkels"><img src="https://avatars.githubusercontent.com/u/533642?v=4&s=48" width="48" height="48" alt="daveonkels" title="daveonkels"/></a> <a href="https://github.com/radek-paclt"><img src="https://avatars.githubusercontent.com/u/50451445?v=4&s=48" width="48" height="48" alt="radek-paclt" title="radek-paclt"/></a> <a href="https://github.com/mteam88"><img src="https://avatars.githubusercontent.com/u/84196639?v=4&s=48" width="48" height="48" alt="mteam88" title="mteam88"/></a> <a href="https://github.com/omniwired"><img src="https://avatars.githubusercontent.com/u/322761?v=4&s=48" width="48" height="48" alt="Eng. Juan Combetto" title="Eng. Juan Combetto"/></a> <a href="https://github.com/dbhurley"><img src="https://avatars.githubusercontent.com/u/5251425?v=4&s=48" width="48" height="48" alt="dbhurley" title="dbhurley"/></a> <a href="https://github.com/mbelinky"><img src="https://avatars.githubusercontent.com/u/132747814?v=4&s=48" width="48" height="48" alt="Mariano Belinky" title="Mariano Belinky"/></a> <a href="https://github.com/julianengel"><img src="https://avatars.githubusercontent.com/u/10634231?v=4&s=48" width="48" height="48" alt="julianengel" title="julianengel"/></a> <a href="https://github.com/benithors"><img src="https://avatars.githubusercontent.com/u/20652882?v=4&s=48" width="48" height="48" alt="benithors" title="benithors"/></a>
+  <a href="https://github.com/timolins"><img src="https://avatars.githubusercontent.com/u/1440854?v=4&s=48" width="48" height="48" alt="timolins" title="timolins"/></a> <a href="https://github.com/Nachx639"><img src="https://avatars.githubusercontent.com/u/71144023?v=4&s=48" width="48" height="48" alt="nachx639" title="nachx639"/></a> <a href="https://github.com/sreekaransrinath"><img src="https://avatars.githubusercontent.com/u/50989977?v=4&s=48" width="48" height="48" alt="sreekaransrinath" title="sreekaransrinath"/></a> <a href="https://github.com/gupsammy"><img src="https://avatars.githubusercontent.com/u/20296019?v=4&s=48" width="48" height="48" alt="gupsammy" title="gupsammy"/></a> <a href="https://github.com/cristip73"><img src="https://avatars.githubusercontent.com/u/24499421?v=4&s=48" width="48" height="48" alt="cristip73" title="cristip73"/></a> <a href="https://github.com/nachoiacovino"><img src="https://avatars.githubusercontent.com/u/50103937?v=4&s=48" width="48" height="48" alt="nachoiacovino" title="nachoiacovino"/></a> <a href="https://github.com/vsabavat"><img src="https://avatars.githubusercontent.com/u/50385532?v=4&s=48" width="48" height="48" alt="Vasanth Rao Naik Sabavat" title="Vasanth Rao Naik Sabavat"/></a> <a href="https://github.com/cpojer"><img src="https://avatars.githubusercontent.com/u/13352?v=4&s=48" width="48" height="48" alt="cpojer" title="cpojer"/></a> <a href="https://github.com/lc0rp"><img src="https://avatars.githubusercontent.com/u/2609441?v=4&s=48" width="48" height="48" alt="lc0rp" title="lc0rp"/></a> <a href="https://github.com/scald"><img src="https://avatars.githubusercontent.com/u/1215913?v=4&s=48" width="48" height="48" alt="scald" title="scald"/></a>
+  <a href="https://github.com/andranik-sahakyan"><img src="https://avatars.githubusercontent.com/u/8908029?v=4&s=48" width="48" height="48" alt="andranik-sahakyan" title="andranik-sahakyan"/></a> <a href="https://github.com/davidguttman"><img src="https://avatars.githubusercontent.com/u/431696?v=4&s=48" width="48" height="48" alt="davidguttman" title="davidguttman"/></a> <a href="https://github.com/sleontenko"><img src="https://avatars.githubusercontent.com/u/7135949?v=4&s=48" width="48" height="48" alt="sleontenko" title="sleontenko"/></a> <a href="https://github.com/sircrumpet"><img src="https://avatars.githubusercontent.com/u/4436535?v=4&s=48" width="48" height="48" alt="sircrumpet" title="sircrumpet"/></a> <a href="https://github.com/peschee"><img src="https://avatars.githubusercontent.com/u/63866?v=4&s=48" width="48" height="48" alt="peschee" title="peschee"/></a> <a href="https://github.com/rafaelreis-r"><img src="https://avatars.githubusercontent.com/u/57492577?v=4&s=48" width="48" height="48" alt="rafaelreis-r" title="rafaelreis-r"/></a> <a href="https://github.com/ratulsarna"><img src="https://avatars.githubusercontent.com/u/105903728?v=4&s=48" width="48" height="48" alt="ratulsarna" title="ratulsarna"/></a> <a href="https://github.com/thewilloftheshadow"><img src="https://avatars.githubusercontent.com/u/35580099?v=4&s=48" width="48" height="48" alt="thewilloftheshadow" title="thewilloftheshadow"/></a> <a href="https://github.com/lutr0"><img src="https://avatars.githubusercontent.com/u/76906369?v=4&s=48" width="48" height="48" alt="lutr0" title="lutr0"/></a> <a href="https://github.com/gumadeiras"><img src="https://avatars.githubusercontent.com/u/5599352?v=4&s=48" width="48" height="48" alt="gumadeiras" title="gumadeiras"/></a>
+  <a href="https://github.com/emanuelst"><img src="https://avatars.githubusercontent.com/u/9994339?v=4&s=48" width="48" height="48" alt="emanuelst" title="emanuelst"/></a> <a href="https://github.com/KristijanJovanovski"><img src="https://avatars.githubusercontent.com/u/8942284?v=4&s=48" width="48" height="48" alt="KristijanJovanovski" title="KristijanJovanovski"/></a> <a href="https://github.com/CashWilliams"><img src="https://avatars.githubusercontent.com/u/613573?v=4&s=48" width="48" height="48" alt="CashWilliams" title="CashWilliams"/></a> <a href="https://github.com/rdev"><img src="https://avatars.githubusercontent.com/u/8418866?v=4&s=48" width="48" height="48" alt="rdev" title="rdev"/></a> <a href="https://github.com/osolmaz"><img src="https://avatars.githubusercontent.com/u/2453968?v=4&s=48" width="48" height="48" alt="osolmaz" title="osolmaz"/></a> <a href="https://github.com/kiranjd"><img src="https://avatars.githubusercontent.com/u/25822851?v=4&s=48" width="48" height="48" alt="kiranjd" title="kiranjd"/></a> <a href="https://github.com/adityashaw2"><img src="https://avatars.githubusercontent.com/u/41204444?v=4&s=48" width="48" height="48" alt="adityashaw2" title="adityashaw2"/></a> <a href="https://github.com/sebslight"><img src="https://avatars.githubusercontent.com/u/19554889?v=4&s=48" width="48" height="48" alt="sebslight" title="sebslight"/></a> <a href="https://github.com/search?q=sheeek"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="sheeek" title="sheeek"/></a> <a href="https://github.com/onutc"><img src="https://avatars.githubusercontent.com/u/152018508?v=4&s=48" width="48" height="48" alt="onutc" title="onutc"/></a>
+  <a href="https://github.com/ManuelHettich"><img src="https://avatars.githubusercontent.com/u/17690367?v=4&s=48" width="48" height="48" alt="manuelhettich" title="manuelhettich"/></a> <a href="https://github.com/minghinmatthewlam"><img src="https://avatars.githubusercontent.com/u/14224566?v=4&s=48" width="48" height="48" alt="minghinmatthewlam" title="minghinmatthewlam"/></a> <a href="https://github.com/myfunc"><img src="https://avatars.githubusercontent.com/u/19294627?v=4&s=48" width="48" height="48" alt="myfunc" title="myfunc"/></a> <a href="https://github.com/buddyh"><img src="https://avatars.githubusercontent.com/u/31752869?v=4&s=48" width="48" height="48" alt="buddyh" title="buddyh"/></a> <a href="https://github.com/mcinteerj"><img src="https://avatars.githubusercontent.com/u/3613653?v=4&s=48" width="48" height="48" alt="mcinteerj" title="mcinteerj"/></a> <a href="https://github.com/timkrase"><img src="https://avatars.githubusercontent.com/u/38947626?v=4&s=48" width="48" height="48" alt="timkrase" title="timkrase"/></a> <a href="https://github.com/gerardward2007"><img src="https://avatars.githubusercontent.com/u/3002155?v=4&s=48" width="48" height="48" alt="gerardward2007" title="gerardward2007"/></a> <a href="https://github.com/obviyus"><img src="https://avatars.githubusercontent.com/u/22031114?v=4&s=48" width="48" height="48" alt="obviyus" title="obviyus"/></a> <a href="https://github.com/tosh-hamburg"><img src="https://avatars.githubusercontent.com/u/58424326?v=4&s=48" width="48" height="48" alt="tosh-hamburg" title="tosh-hamburg"/></a> <a href="https://github.com/azade-c"><img src="https://avatars.githubusercontent.com/u/252790079?v=4&s=48" width="48" height="48" alt="azade-c" title="azade-c"/></a>
+  <a href="https://github.com/bjesuiter"><img src="https://avatars.githubusercontent.com/u/2365676?v=4&s=48" width="48" height="48" alt="bjesuiter" title="bjesuiter"/></a> <a href="https://github.com/danielz1z"><img src="https://avatars.githubusercontent.com/u/235270390?v=4&s=48" width="48" height="48" alt="danielz1z" title="danielz1z"/></a> <a href="https://github.com/j1philli"><img src="https://avatars.githubusercontent.com/u/3744255?v=4&s=48" width="48" height="48" alt="Josh Phillips" title="Josh Phillips"/></a> <a href="https://github.com/roshanasingh4"><img src="https://avatars.githubusercontent.com/u/88576930?v=4&s=48" width="48" height="48" alt="roshanasingh4" title="roshanasingh4"/></a> <a href="https://github.com/YuriNachos"><img src="https://avatars.githubusercontent.com/u/19365375?v=4&s=48" width="48" height="48" alt="YuriNachos" title="YuriNachos"/></a> <a href="https://github.com/superman32432432"><img src="https://avatars.githubusercontent.com/u/7228420?v=4&s=48" width="48" height="48" alt="superman32432432" title="superman32432432"/></a> <a href="https://github.com/search?q=Yurii%20Chukhlib"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Yurii Chukhlib" title="Yurii Chukhlib"/></a> <a href="https://github.com/antons"><img src="https://avatars.githubusercontent.com/u/129705?v=4&s=48" width="48" height="48" alt="antons" title="antons"/></a> <a href="https://github.com/austinm911"><img src="https://avatars.githubusercontent.com/u/31991302?v=4&s=48" width="48" height="48" alt="austinm911" title="austinm911"/></a> <a href="https://github.com/apps/blacksmith-sh"><img src="https://avatars.githubusercontent.com/in/807020?v=4&s=48" width="48" height="48" alt="blacksmith-sh[bot]" title="blacksmith-sh[bot]"/></a>
+  <a href="https://github.com/grp06"><img src="https://avatars.githubusercontent.com/u/1573959?v=4&s=48" width="48" height="48" alt="grp06" title="grp06"/></a> <a href="https://github.com/HeimdallStrategy"><img src="https://avatars.githubusercontent.com/u/223014405?v=4&s=48" width="48" height="48" alt="HeimdallStrategy" title="HeimdallStrategy"/></a> <a href="https://github.com/imfing"><img src="https://avatars.githubusercontent.com/u/5097752?v=4&s=48" width="48" height="48" alt="imfing" title="imfing"/></a> <a href="https://github.com/jalehman"><img src="https://avatars.githubusercontent.com/u/550978?v=4&s=48" width="48" height="48" alt="jalehman" title="jalehman"/></a> <a href="https://github.com/jarvis-medmatic"><img src="https://avatars.githubusercontent.com/u/252428873?v=4&s=48" width="48" height="48" alt="jarvis-medmatic" title="jarvis-medmatic"/></a> <a href="https://github.com/kkarimi"><img src="https://avatars.githubusercontent.com/u/875218?v=4&s=48" width="48" height="48" alt="kkarimi" title="kkarimi"/></a> <a href="https://github.com/mahmoudashraf93"><img src="https://avatars.githubusercontent.com/u/9130129?v=4&s=48" width="48" height="48" alt="mahmoudashraf93" title="mahmoudashraf93"/></a> <a href="https://github.com/petter-b"><img src="https://avatars.githubusercontent.com/u/62076402?v=4&s=48" width="48" height="48" alt="petter-b" title="petter-b"/></a> <a href="https://github.com/pkrmf"><img src="https://avatars.githubusercontent.com/u/1714267?v=4&s=48" width="48" height="48" alt="pkrmf" title="pkrmf"/></a> <a href="https://github.com/RandyVentures"><img src="https://avatars.githubusercontent.com/u/149904821?v=4&s=48" width="48" height="48" alt="RandyVentures" title="RandyVentures"/></a>
+  <a href="https://github.com/dan-dr"><img src="https://avatars.githubusercontent.com/u/6669808?v=4&s=48" width="48" height="48" alt="dan-dr" title="dan-dr"/></a> <a href="https://github.com/erikpr1994"><img src="https://avatars.githubusercontent.com/u/6299331?v=4&s=48" width="48" height="48" alt="erikpr1994" title="erikpr1994"/></a> <a href="https://github.com/jonasjancarik"><img src="https://avatars.githubusercontent.com/u/2459191?v=4&s=48" width="48" height="48" alt="jonasjancarik" title="jonasjancarik"/></a> <a href="https://github.com/search?q=Keith%20the%20Silly%20Goose"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Keith the Silly Goose" title="Keith the Silly Goose"/></a> <a href="https://github.com/search?q=L36%20Server"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="L36 Server" title="L36 Server"/></a> <a href="https://github.com/search?q=Marc"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Marc" title="Marc"/></a> <a href="https://github.com/mitschabaude-bot"><img src="https://avatars.githubusercontent.com/u/247582884?v=4&s=48" width="48" height="48" alt="mitschabaude-bot" title="mitschabaude-bot"/></a> <a href="https://github.com/neist"><img src="https://avatars.githubusercontent.com/u/1029724?v=4&s=48" width="48" height="48" alt="neist" title="neist"/></a> <a href="https://github.com/chrisrodz"><img src="https://avatars.githubusercontent.com/u/2967620?v=4&s=48" width="48" height="48" alt="chrisrodz" title="chrisrodz"/></a> <a href="https://github.com/search?q=Friederike%20Seiler"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Friederike Seiler" title="Friederike Seiler"/></a>
+  <a href="https://github.com/gabriel-trigo"><img src="https://avatars.githubusercontent.com/u/38991125?v=4&s=48" width="48" height="48" alt="gabriel-trigo" title="gabriel-trigo"/></a> <a href="https://github.com/Iamadig"><img src="https://avatars.githubusercontent.com/u/102129234?v=4&s=48" width="48" height="48" alt="iamadig" title="iamadig"/></a> <a href="https://github.com/search?q=Kit"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Kit" title="Kit"/></a> <a href="https://github.com/koala73"><img src="https://avatars.githubusercontent.com/u/996596?v=4&s=48" width="48" height="48" alt="koala73" title="koala73"/></a> <a href="https://github.com/manmal"><img src="https://avatars.githubusercontent.com/u/142797?v=4&s=48" width="48" height="48" alt="manmal" title="manmal"/></a> <a href="https://github.com/ngutman"><img src="https://avatars.githubusercontent.com/u/1540134?v=4&s=48" width="48" height="48" alt="ngutman" title="ngutman"/></a> <a href="https://github.com/ogulcancelik"><img src="https://avatars.githubusercontent.com/u/7064011?v=4&s=48" width="48" height="48" alt="ogulcancelik" title="ogulcancelik"/></a> <a href="https://github.com/pasogott"><img src="https://avatars.githubusercontent.com/u/23458152?v=4&s=48" width="48" height="48" alt="pasogott" title="pasogott"/></a> <a href="https://github.com/petradonka"><img src="https://avatars.githubusercontent.com/u/7353770?v=4&s=48" width="48" height="48" alt="petradonka" title="petradonka"/></a> <a href="https://github.com/rubyrunsstuff"><img src="https://avatars.githubusercontent.com/u/246602379?v=4&s=48" width="48" height="48" alt="rubyrunsstuff" title="rubyrunsstuff"/></a>
+  <a href="https://github.com/VACInc"><img src="https://avatars.githubusercontent.com/u/3279061?v=4&s=48" width="48" height="48" alt="VACInc" title="VACInc"/></a> <a href="https://github.com/wes-davis"><img src="https://avatars.githubusercontent.com/u/16506720?v=4&s=48" width="48" height="48" alt="wes-davis" title="wes-davis"/></a> <a href="https://github.com/zats"><img src="https://avatars.githubusercontent.com/u/2688806?v=4&s=48" width="48" height="48" alt="zats" title="zats"/></a> <a href="https://github.com/search?q=Chris%20Taylor"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Chris Taylor" title="Chris Taylor"/></a> <a href="https://github.com/djangonavarro220"><img src="https://avatars.githubusercontent.com/u/251162586?v=4&s=48" width="48" height="48" alt="Django Navarro" title="Django Navarro"/></a> <a href="https://github.com/evalexpr"><img src="https://avatars.githubusercontent.com/u/23485511?v=4&s=48" width="48" height="48" alt="evalexpr" title="evalexpr"/></a> <a href="https://github.com/henrino3"><img src="https://avatars.githubusercontent.com/u/4260288?v=4&s=48" width="48" height="48" alt="henrino3" title="henrino3"/></a> <a href="https://github.com/oswalpalash"><img src="https://avatars.githubusercontent.com/u/6431196?v=4&s=48" width="48" height="48" alt="oswalpalash" title="oswalpalash"/></a> <a href="https://github.com/pcty-nextgen-service-account"><img src="https://avatars.githubusercontent.com/u/112553441?v=4&s=48" width="48" height="48" alt="pcty-nextgen-service-account" title="pcty-nextgen-service-account"/></a> <a href="https://github.com/Syhids"><img src="https://avatars.githubusercontent.com/u/671202?v=4&s=48" width="48" height="48" alt="Syhids" title="Syhids"/></a>
+  <a href="https://github.com/tyler6204"><img src="https://avatars.githubusercontent.com/u/64381258?v=4&s=48" width="48" height="48" alt="tyler6204" title="tyler6204"/></a> <a href="https://github.com/search?q=Aaron%20Konyer"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Aaron Konyer" title="Aaron Konyer"/></a> <a href="https://github.com/adam91holt"><img src="https://avatars.githubusercontent.com/u/9592417?v=4&s=48" width="48" height="48" alt="adam91holt" title="adam91holt"/></a> <a href="https://github.com/erik-agens"><img src="https://avatars.githubusercontent.com/u/80908960?v=4&s=48" width="48" height="48" alt="erik-agens" title="erik-agens"/></a> <a href="https://github.com/fcatuhe"><img src="https://avatars.githubusercontent.com/u/17382215?v=4&s=48" width="48" height="48" alt="fcatuhe" title="fcatuhe"/></a> <a href="https://github.com/ivanrvpereira"><img src="https://avatars.githubusercontent.com/u/183991?v=4&s=48" width="48" height="48" alt="ivanrvpereira" title="ivanrvpereira"/></a> <a href="https://github.com/jayhickey"><img src="https://avatars.githubusercontent.com/u/1676460?v=4&s=48" width="48" height="48" alt="jayhickey" title="jayhickey"/></a> <a href="https://github.com/jeffersonwarrior"><img src="https://avatars.githubusercontent.com/u/89030989?v=4&s=48" width="48" height="48" alt="jeffersonwarrior" title="jeffersonwarrior"/></a> <a href="https://github.com/search?q=jeffersonwarrior"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="jeffersonwarrior" title="jeffersonwarrior"/></a> <a href="https://github.com/jdrhyne"><img src="https://avatars.githubusercontent.com/u/7828464?v=4&s=48" width="48" height="48" alt="Jonathan D. Rhyne (DJ-D)" title="Jonathan D. Rhyne (DJ-D)"/></a>
+  <a href="https://github.com/jverdi"><img src="https://avatars.githubusercontent.com/u/345050?v=4&s=48" width="48" height="48" alt="jverdi" title="jverdi"/></a> <a href="https://github.com/mickahouan"><img src="https://avatars.githubusercontent.com/u/31423109?v=4&s=48" width="48" height="48" alt="mickahouan" title="mickahouan"/></a> <a href="https://github.com/mjrussell"><img src="https://avatars.githubusercontent.com/u/1641895?v=4&s=48" width="48" height="48" alt="mjrussell" title="mjrussell"/></a> <a href="https://github.com/mkbehr"><img src="https://avatars.githubusercontent.com/u/1285?v=4&s=48" width="48" height="48" alt="mkbehr" title="mkbehr"/></a> <a href="https://github.com/p6l-richard"><img src="https://avatars.githubusercontent.com/u/18185649?v=4&s=48" width="48" height="48" alt="p6l-richard" title="p6l-richard"/></a> <a href="https://github.com/philipp-spiess"><img src="https://avatars.githubusercontent.com/u/458591?v=4&s=48" width="48" height="48" alt="philipp-spiess" title="philipp-spiess"/></a> <a href="https://github.com/robaxelsen"><img src="https://avatars.githubusercontent.com/u/13132899?v=4&s=48" width="48" height="48" alt="robaxelsen" title="robaxelsen"/></a> <a href="https://github.com/search?q=Sash%20Catanzarite"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Sash Catanzarite" title="Sash Catanzarite"/></a> <a href="https://github.com/search?q=VAC"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="VAC" title="VAC"/></a> <a href="https://github.com/zknicker"><img src="https://avatars.githubusercontent.com/u/1164085?v=4&s=48" width="48" height="48" alt="zknicker" title="zknicker"/></a>
+  <a href="https://github.com/search?q=alejandro%20maza"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="alejandro maza" title="alejandro maza"/></a> <a href="https://github.com/andrewting19"><img src="https://avatars.githubusercontent.com/u/10536704?v=4&s=48" width="48" height="48" alt="andrewting19" title="andrewting19"/></a> <a href="https://github.com/Asleep123"><img src="https://avatars.githubusercontent.com/u/122379135?v=4&s=48" width="48" height="48" alt="Asleep123" title="Asleep123"/></a> <a href="https://github.com/bolismauro"><img src="https://avatars.githubusercontent.com/u/771999?v=4&s=48" width="48" height="48" alt="bolismauro" title="bolismauro"/></a> <a href="https://github.com/cash-echo-bot"><img src="https://avatars.githubusercontent.com/u/252747386?v=4&s=48" width="48" height="48" alt="cash-echo-bot" title="cash-echo-bot"/></a> <a href="https://github.com/search?q=Clawd"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Clawd" title="Clawd"/></a> <a href="https://github.com/conhecendocontato"><img src="https://avatars.githubusercontent.com/u/82890727?v=4&s=48" width="48" height="48" alt="conhecendocontato" title="conhecendocontato"/></a> <a href="https://github.com/search?q=Drake%20Thomsen"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Drake Thomsen" title="Drake Thomsen"/></a> <a href="https://github.com/gtsifrikas"><img src="https://avatars.githubusercontent.com/u/8904378?v=4&s=48" width="48" height="48" alt="gtsifrikas" title="gtsifrikas"/></a> <a href="https://github.com/HazAT"><img src="https://avatars.githubusercontent.com/u/363802?v=4&s=48" width="48" height="48" alt="HazAT" title="HazAT"/></a>
+  <a href="https://github.com/hrdwdmrbl"><img src="https://avatars.githubusercontent.com/u/554881?v=4&s=48" width="48" height="48" alt="hrdwdmrbl" title="hrdwdmrbl"/></a> <a href="https://github.com/hugobarauna"><img src="https://avatars.githubusercontent.com/u/2719?v=4&s=48" width="48" height="48" alt="hugobarauna" title="hugobarauna"/></a> <a href="https://github.com/search?q=Jamie%20Openshaw"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jamie Openshaw" title="Jamie Openshaw"/></a> <a href="https://github.com/search?q=Jarvis"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jarvis" title="Jarvis"/></a> <a href="https://github.com/search?q=Jefferson%20Nunn"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jefferson Nunn" title="Jefferson Nunn"/></a> <a href="https://github.com/kitze"><img src="https://avatars.githubusercontent.com/u/1160594?v=4&s=48" width="48" height="48" alt="kitze" title="kitze"/></a> <a href="https://github.com/levifig"><img src="https://avatars.githubusercontent.com/u/1605?v=4&s=48" width="48" height="48" alt="levifig" title="levifig"/></a> <a href="https://github.com/search?q=Lloyd"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Lloyd" title="Lloyd"/></a> <a href="https://github.com/longmaba"><img src="https://avatars.githubusercontent.com/u/9361500?v=4&s=48" width="48" height="48" alt="longmaba" title="longmaba"/></a> <a href="https://github.com/loukotal"><img src="https://avatars.githubusercontent.com/u/18210858?v=4&s=48" width="48" height="48" alt="loukotal" title="loukotal"/></a>
+  <a href="https://github.com/martinpucik"><img src="https://avatars.githubusercontent.com/u/5503097?v=4&s=48" width="48" height="48" alt="martinpucik" title="martinpucik"/></a> <a href="https://github.com/search?q=Miles"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Miles" title="Miles"/></a> <a href="https://github.com/mrdbstn"><img src="https://avatars.githubusercontent.com/u/58957632?v=4&s=48" width="48" height="48" alt="mrdbstn" title="mrdbstn"/></a> <a href="https://github.com/MSch"><img src="https://avatars.githubusercontent.com/u/7475?v=4&s=48" width="48" height="48" alt="MSch" title="MSch"/></a> <a href="https://github.com/search?q=Mustafa%20Tag%20Eldeen"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Mustafa Tag Eldeen" title="Mustafa Tag Eldeen"/></a> <a href="https://github.com/ndraiman"><img src="https://avatars.githubusercontent.com/u/12609607?v=4&s=48" width="48" height="48" alt="ndraiman" title="ndraiman"/></a> <a href="https://github.com/nexty5870"><img src="https://avatars.githubusercontent.com/u/3869659?v=4&s=48" width="48" height="48" alt="nexty5870" title="nexty5870"/></a> <a href="https://github.com/prathamdby"><img src="https://avatars.githubusercontent.com/u/134331217?v=4&s=48" width="48" height="48" alt="prathamdby" title="prathamdby"/></a> <a href="https://github.com/reeltimeapps"><img src="https://avatars.githubusercontent.com/u/637338?v=4&s=48" width="48" height="48" alt="reeltimeapps" title="reeltimeapps"/></a> <a href="https://github.com/RLTCmpe"><img src="https://avatars.githubusercontent.com/u/10762242?v=4&s=48" width="48" height="48" alt="RLTCmpe" title="RLTCmpe"/></a>
+  <a href="https://github.com/search?q=Rolf%20Fredheim"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Rolf Fredheim" title="Rolf Fredheim"/></a> <a href="https://github.com/search?q=Rony%20Kelner"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Rony Kelner" title="Rony Kelner"/></a> <a href="https://github.com/search?q=Samrat%20Jha"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Samrat Jha" title="Samrat Jha"/></a> <a href="https://github.com/siraht"><img src="https://avatars.githubusercontent.com/u/73152895?v=4&s=48" width="48" height="48" alt="siraht" title="siraht"/></a> <a href="https://github.com/snopoke"><img src="https://avatars.githubusercontent.com/u/249606?v=4&s=48" width="48" height="48" alt="snopoke" title="snopoke"/></a> <a href="https://github.com/suminhthanh"><img src="https://avatars.githubusercontent.com/u/2907636?v=4&s=48" width="48" height="48" alt="suminhthanh" title="suminhthanh"/></a> <a href="https://github.com/search?q=The%20Admiral"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="The Admiral" title="The Admiral"/></a> <a href="https://github.com/thesash"><img src="https://avatars.githubusercontent.com/u/1166151?v=4&s=48" width="48" height="48" alt="thesash" title="thesash"/></a> <a href="https://github.com/search?q=Ubuntu"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Ubuntu" title="Ubuntu"/></a> <a href="https://github.com/voidserf"><img src="https://avatars.githubusercontent.com/u/477673?v=4&s=48" width="48" height="48" alt="voidserf" title="voidserf"/></a>
+  <a href="https://github.com/wstock"><img src="https://avatars.githubusercontent.com/u/1394687?v=4&s=48" width="48" height="48" alt="wstock" title="wstock"/></a> <a href="https://github.com/search?q=Zach%20Knickerbocker"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Zach Knickerbocker" title="Zach Knickerbocker"/></a> <a href="https://github.com/Alphonse-arianee"><img src="https://avatars.githubusercontent.com/u/254457365?v=4&s=48" width="48" height="48" alt="Alphonse-arianee" title="Alphonse-arianee"/></a> <a href="https://github.com/search?q=Azade"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Azade" title="Azade"/></a> <a href="https://github.com/carlulsoe"><img src="https://avatars.githubusercontent.com/u/34673973?v=4&s=48" width="48" height="48" alt="carlulsoe" title="carlulsoe"/></a> <a href="https://github.com/search?q=ddyo"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="ddyo" title="ddyo"/></a> <a href="https://github.com/search?q=Erik"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Erik" title="Erik"/></a> <a href="https://github.com/latitudeki5223"><img src="https://avatars.githubusercontent.com/u/119656367?v=4&s=48" width="48" height="48" alt="latitudeki5223" title="latitudeki5223"/></a> <a href="https://github.com/search?q=Manuel%20Maly"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Manuel Maly" title="Manuel Maly"/></a> <a href="https://github.com/search?q=Mourad%20Boustani"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Mourad Boustani" title="Mourad Boustani"/></a>
+  <a href="https://github.com/pcty-nextgen-ios-builder"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="pcty-nextgen-ios-builder" title="pcty-nextgen-ios-builder"/></a> <a href="https://github.com/search?q=Quentin"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Quentin" title="Quentin"/></a> <a href="https://github.com/search?q=Randy%20Torres"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Randy Torres" title="Randy Torres"/></a> <a href="https://github.com/ronak-guliani"><img src="https://avatars.githubusercontent.com/u/23518228?v=4&s=48" width="48" height="48" alt="ronak-guliani" title="ronak-guliani"/></a> <a href="https://github.com/search?q=William%20Stock"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="William Stock" title="William Stock"/></a>
 </p>
--- a/appcast.xml
+++ b/appcast.xml
@@ -2,6 +2,87 @@
 <rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
    <channel>
        <title>Clawdbot</title>
+        <item>
+            <title>2026.1.15</title>
+            <pubDate>Fri, 16 Jan 2026 10:31:53 +0000</pubDate>
+            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
+            <sparkle:version>5998</sparkle:version>
+            <sparkle:shortVersionString>2026.1.15</sparkle:shortVersionString>
+            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
+            <description><![CDATA[<h2>Clawdbot 2026.1.15</h2>
+<h3>Highlights</h3>
+<ul>
+<li>Plugins: add provider auth registry + <code>clawdbot models auth login</code> for plugin-driven OAuth/API key flows.</li>
+<li>Browser: improve remote CDP/Browserless support (auth passthrough, <code>wss</code> upgrade, timeouts, clearer errors).</li>
+<li>Heartbeat: per-agent configuration + 24h duplicate suppression. (#980) — thanks @voidserf.</li>
+<li>Security: audit warns on weak model tiers; app nodes store auth tokens encrypted (Keychain/SecurePrefs).</li>
+</ul>
+<h3>Breaking</h3>
+<ul>
+<li><strong>BREAKING:</strong> iOS minimum version is now 18.0 to support Textual markdown rendering in native chat. (#702)</li>
+<li><strong>BREAKING:</strong> Microsoft Teams is now a plugin; install <code>@clawdbot/msteams</code> via <code>clawdbot plugins install @clawdbot/msteams</code>.</li>
+</ul>
+<h3>Changes</h3>
+<ul>
+<li>CLI: set process titles to <code>clawdbot-<command></code> for clearer process listings.</li>
+<li>CLI/macOS: sync remote SSH target/identity to config and let <code>gateway status</code> auto-infer SSH targets (ssh-config aware).</li>
+<li>Heartbeat: tighten prompt guidance + suppress duplicate alerts for 24h. (#980) — thanks @voidserf.</li>
+<li>Sessions/Security: add <code>session.dmScope</code> for multi-user DM isolation and audit warnings. (#948) — thanks @Alphonse-arianee.</li>
+<li>Plugins: add provider auth registry + <code>clawdbot models auth login</code> for plugin-driven OAuth/API key flows.</li>
+<li>Onboarding: switch channels setup to a single-select loop with per-channel actions and disabled hints in the picker.</li>
+<li>TUI: show provider/model labels for the active session and default model.</li>
+<li>Heartbeat: add per-agent heartbeat configuration and multi-agent docs example.</li>
+<li>UI: show gateway auth guidance + doc link on unauthorized Control UI connections.</li>
+<li>Security: warn on weak model tiers (Haiku, below GPT-5, below Claude 4.5) in <code>clawdbot security audit</code>.</li>
+<li>Apps: store node auth tokens encrypted (Keychain/SecurePrefs).</li>
+<li>Daemon: share profile/state-dir resolution across service helpers and honor <code>CLAWDBOT_STATE_DIR</code> for Windows task scripts.</li>
+<li>Docs: clarify multi-gateway rescue bot guidance. (#969) — thanks @bjesuiter.</li>
+<li>Agents: add Current Date & Time system prompt section with configurable time format (auto/12/24).</li>
+<li>Tools: normalize Slack/Discord message timestamps with <code>timestampMs</code>/<code>timestampUtc</code> while keeping raw provider fields.</li>
+<li>macOS: add <code>system.which</code> for prompt-free remote skill discovery (with gateway fallback to <code>system.run</code>).</li>
+<li>Docs: add Date & Time guide and update prompt/timezone configuration docs.</li>
+<li>Messages: debounce rapid inbound messages across channels with per-connector overrides. (#971) — thanks @juanpablodlc.</li>
+<li>Messages: allow media-only sends (CLI/tool) and show Telegram voice recording status for voice notes. (#957) — thanks @rdev.</li>
+<li>Auth/Status: keep auth profiles sticky per session (rotate on compaction/new), surface provider usage headers in <code>/status</code> and <code>clawdbot models status</code>, and update docs.</li>
+<li>CLI: add <code>--json</code> output for <code>clawdbot daemon</code> lifecycle/install commands.</li>
+<li>Memory: make <code>node-llama-cpp</code> an optional dependency (avoid Node 25 install failures) and improve local-embeddings fallback/errors.</li>
+<li>Browser: add <code>snapshot refs=aria</code> (Playwright aria-ref ids) for self-resolving refs across <code>snapshot</code> → <code>act</code>.</li>
+<li>Browser: <code>profile="chrome"</code> now defaults to host control and returns clearer “attach a tab” errors.</li>
+<li>Browser: prefer stable Chrome for auto-detect, with Brave/Edge fallbacks and updated docs. (#983) — thanks @cpojer.</li>
+<li>Browser: increase remote CDP reachability timeouts + add <code>remoteCdpTimeoutMs</code>/<code>remoteCdpHandshakeTimeoutMs</code>.</li>
+<li>Browser: preserve auth/query tokens for remote CDP endpoints and pass Basic auth for CDP HTTP/WS. (#895) — thanks @mukhtharcm.</li>
+<li>Telegram: add bidirectional reaction support with configurable notifications and agent guidance. (#964) — thanks @bohdanpodvirnyi.</li>
+<li>Telegram: allow custom commands in the bot menu (merged with native; conflicts ignored). (#860) — thanks @nachoiacovino.</li>
+<li>Discord: allow allowlisted guilds without channel lists to receive messages when <code>groupPolicy="allowlist"</code>. — thanks @thewilloftheshadow.</li>
+<li>Discord: allow emoji/sticker uploads + channel actions in config defaults. (#870) — thanks @JDIVE.</li>
+</ul>
+<h3>Fixes</h3>
+<ul>
+<li>Fix: list model picker entries as provider/model pairs for explicit selection. (#970) — thanks @mcinteerj.</li>
+<li>Fix: align OpenAI image-gen defaults with DALL-E 3 standard quality and document output formats. (#880) — thanks @mkbehr.</li>
+<li>Fix: persist <code>gateway.mode=local</code> after selecting Local run mode in <code>clawdbot configure</code>, even if no other sections are chosen.</li>
+<li>Daemon: fix profile-aware service label resolution (env-driven) and add coverage for launchd/systemd/schtasks. (#969) — thanks @bjesuiter.</li>
+<li>Agents: avoid false positives when logging unsupported Google tool schema keywords.</li>
+<li>Agents: skip Gemini history downgrades for google-antigravity to preserve tool calls. (#894) — thanks @mukhtharcm.</li>
+<li>Status: restore usage summary line for current provider when no OAuth profiles exist.</li>
+<li>Fix: guard model fallback against undefined provider/model values. (#954) — thanks @roshanasingh4.</li>
+<li>Fix: refactor session store updates, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.</li>
+<li>Fix: clean up suspended CLI processes across backends. (#978) — thanks @Nachx639.</li>
+<li>Fix: support MiniMax coding plan usage responses with <code>model_remains</code>/<code>current_interval_*</code> payloads.</li>
+<li>Fix: suppress WhatsApp pairing replies for historical catch-up DMs on initial link. (#904)</li>
+<li>Browser: extension mode recovers when only one tab is attached (stale targetId fallback).</li>
+<li>Browser: fix <code>tab not found</code> for extension relay snapshots/actions when Playwright blocks <code>newCDPSession</code> (use the single available Page).</li>
+<li>Browser: upgrade <code>ws</code> → <code>wss</code> when remote CDP uses <code>https</code> (fixes Browserless handshake).</li>
+<li>Telegram: skip <code>message_thread_id=1</code> for General topic sends while keeping typing indicators. (#848) — thanks @azade-c.</li>
+<li>Fix: sanitize user-facing error text + strip <code><final></code> tags across reply pipelines. (#975) — thanks @ThomsenDrake.</li>
+<li>Fix: normalize pairing CLI aliases, allow extension channels, and harden Zalo webhook payload parsing. (#991) — thanks @longmaba.</li>
+<li>Fix: allow local Tailscale Serve hostnames without treating tailnet clients as direct. (#885) — thanks @oswalpalash.</li>
+<li>Fix: reset sessions after role-ordering conflicts to recover from consecutive user turns. (#998)</li>
+</ul>
+<p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
+]]></description>
+            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.15/Clawdbot-2026.1.15.zip" length="12127276" type="application/octet-stream" sparkle:edSignature="o79vwTbtW/d91NQFRVfUDhsv6D4zIw7IkhY0N1iLImMu94BURgLcecA6z7Smy3bMobPwOyzN8yfm6mA/Rt8FCA=="/>
+        </item>
        <item>
            <title>2026.1.14-1</title>
            <pubDate>Thu, 15 Jan 2026 11:14:40 +0000</pubDate>
@@ -190,22 +271,5 @@
 ]]></description>
            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.12-2/Clawdbot-2026.1.12-2.zip" length="19854203" type="application/octet-stream" sparkle:edSignature="CVpUofNS+pl6Smk/K0Q8q35saRuuFx90s4sePABORFvGcAF1biajC8zpiImKuXpqD0ENb+VTwDJ1ul1Oxh3wDA=="/>
        </item>
-        <item>
-            <title>2026.1.11-3</title>
-            <pubDate>Mon, 12 Jan 2026 10:40:23 +0000</pubDate>
-            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
-            <sparkle:version>5212</sparkle:version>
-            <sparkle:shortVersionString>2026.1.11-3</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>Clawdbot 2026.1.11-3</h2>
-<h3>Fixes</h3>
-<ul>
-<li>CLI: avoid top-level await warnings in the entrypoint on fresh installs.</li>
-<li>CLI: show a commit hash in the banner for npm installs (package.json gitHead fallback).</li>
-</ul>
-<p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
-]]></description>
-            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.11-3/Clawdbot-2026.1.11-3.zip" length="19860758" type="application/octet-stream" sparkle:edSignature="LbvGUSjc3jGO7aVo2UVA0nEkaJbb3O4iwRBo1TBqoapdTtxnDlS3s6N+Z4vOSLRAoAm22EoZOwbpK9085c7HAQ=="/>
-        </item>
    </channel>
 </rss>
--- a/apps/android/app/build.gradle.kts
+++ b/apps/android/app/build.gradle.kts
@@ -119,7 +119,7 @@ dependencies {
  testImplementation("io.kotest:kotest-runner-junit5-jvm:6.0.7")
  testImplementation("io.kotest:kotest-assertions-core-jvm:6.0.7")
  testImplementation("org.robolectric:robolectric:4.16")
-  testRuntimeOnly("org.junit.vintage:junit-vintage-engine:6.0.1")
+  testRuntimeOnly("org.junit.vintage:junit-vintage-engine:6.0.2")
 }

 tasks.withType<Test>().configureEach {
--- a/apps/android/app/src/main/java/com/clawdbot/android/NodeRuntime.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/NodeRuntime.kt
@@ -16,6 +16,7 @@ import com.clawdbot.android.bridge.BridgeDiscovery
 import com.clawdbot.android.bridge.BridgeEndpoint
 import com.clawdbot.android.bridge.BridgePairingClient
 import com.clawdbot.android.bridge.BridgeSession
+import com.clawdbot.android.bridge.BridgeTlsParams
 import com.clawdbot.android.node.CameraCaptureManager
 import com.clawdbot.android.node.LocationCaptureManager
 import com.clawdbot.android.BuildConfig
@@ -160,6 +161,9 @@ class NodeRuntime(context: Context) {
      onInvoke = { req ->
        handleInvoke(req.command, req.paramsJson)
      },
+      onTlsFingerprint = { stableId, fingerprint ->
+        prefs.saveBridgeTlsFingerprint(stableId, fingerprint)
+      },
    )

  private val chat = ChatController(scope = scope, session = session, json = json)
@@ -488,12 +492,17 @@ class NodeRuntime(context: Context) {
    scope.launch {
      _statusText.value = "Connecting…"
      val storedToken = prefs.loadBridgeToken()
+      val tls = resolveTlsParams(endpoint)
      val resolved =
        if (storedToken.isNullOrBlank()) {
          _statusText.value = "Pairing…"
          BridgePairingClient().pairAndHello(
            endpoint = endpoint,
            hello = buildPairingHello(token = null),
+            tls = tls,
+            onTlsFingerprint = { fingerprint ->
+              prefs.saveBridgeTlsFingerprint(endpoint.stableId, fingerprint)
+            },
          )
        } else {
          BridgePairingClient.PairResult(ok = true, token = storedToken.trim())
@@ -510,6 +519,7 @@ class NodeRuntime(context: Context) {
      session.connect(
        endpoint = endpoint,
        hello = buildSessionHello(token = authToken),
+        tls = tls,
      )
    }
  }
@@ -556,6 +566,41 @@ class NodeRuntime(context: Context) {
    session.disconnect()
  }

+  private fun resolveTlsParams(endpoint: BridgeEndpoint): BridgeTlsParams? {
+    val stored = prefs.loadBridgeTlsFingerprint(endpoint.stableId)
+    val hinted = endpoint.tlsEnabled || !endpoint.tlsFingerprintSha256.isNullOrBlank()
+    val manual = endpoint.stableId.startsWith("manual|")
+
+    if (hinted) {
+      return BridgeTlsParams(
+        required = true,
+        expectedFingerprint = endpoint.tlsFingerprintSha256 ?: stored,
+        allowTOFU = stored == null,
+        stableId = endpoint.stableId,
+      )
+    }
+
+    if (!stored.isNullOrBlank()) {
+      return BridgeTlsParams(
+        required = true,
+        expectedFingerprint = stored,
+        allowTOFU = false,
+        stableId = endpoint.stableId,
+      )
+    }
+
+    if (manual) {
+      return BridgeTlsParams(
+        required = false,
+        expectedFingerprint = null,
+        allowTOFU = true,
+        stableId = endpoint.stableId,
+      )
+    }
+
+    return null
+  }
+
  fun handleCanvasA2UIActionFromWebView(payloadJson: String) {
    scope.launch {
      val trimmed = payloadJson.trim()
--- a/apps/android/app/src/main/java/com/clawdbot/android/SecurePrefs.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/SecurePrefs.kt
@@ -147,6 +147,16 @@ class SecurePrefs(context: Context) {
    prefs.edit { putString(key, token.trim()) }
  }

+  fun loadBridgeTlsFingerprint(stableId: String): String? {
+    val key = "bridge.tls.$stableId"
+    return prefs.getString(key, null)?.trim()?.takeIf { it.isNotEmpty() }
+  }
+
+  fun saveBridgeTlsFingerprint(stableId: String, fingerprint: String) {
+    val key = "bridge.tls.$stableId"
+    prefs.edit { putString(key, fingerprint.trim()) }
+  }
+
  private fun loadOrCreateInstanceId(): String {
    val existing = prefs.getString("node.instanceId", null)?.trim()
    if (!existing.isNullOrBlank()) return existing
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeDiscovery.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeDiscovery.kt
@@ -143,6 +143,8 @@ class BridgeDiscovery(
        val gatewayPort = txtInt(resolved, "gatewayPort")
        val bridgePort = txtInt(resolved, "bridgePort")
        val canvasPort = txtInt(resolved, "canvasPort")
+        val tlsEnabled = txtBool(resolved, "bridgeTls")
+        val tlsFingerprint = txt(resolved, "bridgeTlsSha256")
        val id = stableId(serviceName, "local.")
        localById[id] =
          BridgeEndpoint(
@@ -155,6 +157,8 @@ class BridgeDiscovery(
            gatewayPort = gatewayPort,
            bridgePort = bridgePort,
            canvasPort = canvasPort,
+            tlsEnabled = tlsEnabled,
+            tlsFingerprintSha256 = tlsFingerprint,
          )
        publish()
      }
@@ -209,6 +213,11 @@ class BridgeDiscovery(
    return txt(info, key)?.toIntOrNull()
  }

+  private fun txtBool(info: NsdServiceInfo, key: String): Boolean {
+    val raw = txt(info, key)?.trim()?.lowercase() ?: return false
+    return raw == "1" || raw == "true" || raw == "yes"
+  }
+
  private suspend fun refreshUnicast(domain: String) {
    val ptrName = "${serviceType}${domain}"
    val ptrMsg = lookupUnicastMessage(ptrName, Type.PTR) ?: return
@@ -252,6 +261,8 @@ class BridgeDiscovery(
      val gatewayPort = txtIntValue(txt, "gatewayPort")
      val bridgePort = txtIntValue(txt, "bridgePort")
      val canvasPort = txtIntValue(txt, "canvasPort")
+      val tlsEnabled = txtBoolValue(txt, "bridgeTls")
+      val tlsFingerprint = txtValue(txt, "bridgeTlsSha256")
      val id = stableId(instanceName, domain)
      next[id] =
        BridgeEndpoint(
@@ -264,6 +275,8 @@ class BridgeDiscovery(
          gatewayPort = gatewayPort,
          bridgePort = bridgePort,
          canvasPort = canvasPort,
+          tlsEnabled = tlsEnabled,
+          tlsFingerprintSha256 = tlsFingerprint,
        )
    }

@@ -474,6 +487,11 @@ class BridgeDiscovery(
    return txtValue(records, key)?.toIntOrNull()
  }

+  private fun txtBoolValue(records: List<TXTRecord>, key: String): Boolean {
+    val raw = txtValue(records, key)?.trim()?.lowercase() ?: return false
+    return raw == "1" || raw == "true" || raw == "yes"
+  }
+
  private fun decodeDnsTxtString(raw: String): String {
    // dnsjava treats TXT as opaque bytes and decodes as ISO-8859-1 to preserve bytes.
    // Our TXT payload is UTF-8 (written by the gateway), so re-decode when possible.
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeEndpoint.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeEndpoint.kt
@@ -10,6 +10,8 @@ data class BridgeEndpoint(
  val gatewayPort: Int? = null,
  val bridgePort: Int? = null,
  val canvasPort: Int? = null,
+  val tlsEnabled: Boolean = false,
+  val tlsFingerprintSha256: String? = null,
 ) {
  companion object {
    fun manual(host: String, port: Int): BridgeEndpoint =
@@ -18,6 +20,8 @@ data class BridgeEndpoint(
        name = "$host:$port",
        host = host,
        port = port,
+        tlsEnabled = false,
+        tlsFingerprintSha256 = null,
      )
  }
 }
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgePairingClient.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgePairingClient.kt
@@ -14,7 +14,6 @@ import java.io.BufferedWriter
 import java.io.InputStreamReader
 import java.io.OutputStreamWriter
 import java.net.InetSocketAddress
-import java.net.Socket

 class BridgePairingClient {
  private val json = Json { ignoreUnknownKeys = true }
@@ -33,95 +32,120 @@ class BridgePairingClient {

  data class PairResult(val ok: Boolean, val token: String?, val error: String? = null)

-  suspend fun pairAndHello(endpoint: BridgeEndpoint, hello: Hello): PairResult =
+  suspend fun pairAndHello(
+    endpoint: BridgeEndpoint,
+    hello: Hello,
+    tls: BridgeTlsParams? = null,
+    onTlsFingerprint: ((String) -> Unit)? = null,
+  ): PairResult =
    withContext(Dispatchers.IO) {
-      val socket = Socket()
-      socket.tcpNoDelay = true
-      try {
-        socket.connect(InetSocketAddress(endpoint.host, endpoint.port), 8_000)
-        socket.soTimeout = 60_000
-
-        val reader = BufferedReader(InputStreamReader(socket.getInputStream(), Charsets.UTF_8))
-        val writer = BufferedWriter(OutputStreamWriter(socket.getOutputStream(), Charsets.UTF_8))
-
-        fun send(line: String) {
-          writer.write(line)
-          writer.write("\n")
-          writer.flush()
-        }
-
-        fun sendJson(obj: JsonObject) = send(obj.toString())
-
-        sendJson(
-          buildJsonObject {
-            put("type", JsonPrimitive("hello"))
-            put("nodeId", JsonPrimitive(hello.nodeId))
-            hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
-            hello.token?.let { put("token", JsonPrimitive(it)) }
-            hello.platform?.let { put("platform", JsonPrimitive(it)) }
-            hello.version?.let { put("version", JsonPrimitive(it)) }
-            hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
-            hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
-            hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
-            hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
-          },
-        )
-
-        val firstObj = json.parseToJsonElement(reader.readLine()).asObjectOrNull()
-          ?: return@withContext PairResult(ok = false, token = null, error = "unexpected bridge response")
-        when (firstObj["type"].asStringOrNull()) {
-          "hello-ok" -> PairResult(ok = true, token = hello.token)
-          "error" -> {
-            val code = firstObj["code"].asStringOrNull() ?: "UNAVAILABLE"
-            val message = firstObj["message"].asStringOrNull() ?: "pairing required"
-            if (code != "NOT_PAIRED" && code != "UNAUTHORIZED") {
-              return@withContext PairResult(ok = false, token = null, error = "$code: $message")
-            }
-
-            sendJson(
-              buildJsonObject {
-                put("type", JsonPrimitive("pair-request"))
-                put("nodeId", JsonPrimitive(hello.nodeId))
-                hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
-                hello.platform?.let { put("platform", JsonPrimitive(it)) }
-                hello.version?.let { put("version", JsonPrimitive(it)) }
-                hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
-                hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
-                hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
-                hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
-              },
-            )
-
-            while (true) {
-              val nextLine = reader.readLine() ?: break
-              val next = json.parseToJsonElement(nextLine).asObjectOrNull() ?: continue
-              when (next["type"].asStringOrNull()) {
-                "pair-ok" -> {
-                  val token = next["token"].asStringOrNull()
-                  return@withContext PairResult(ok = !token.isNullOrBlank(), token = token)
-                }
-                "error" -> {
-                  val c = next["code"].asStringOrNull() ?: "UNAVAILABLE"
-                  val m = next["message"].asStringOrNull() ?: "pairing failed"
-                  return@withContext PairResult(ok = false, token = null, error = "$c: $m")
-                }
-              }
-            }
-            PairResult(ok = false, token = null, error = "pairing failed")
-          }
-          else -> PairResult(ok = false, token = null, error = "unexpected bridge response")
-        }
-      } catch (e: Exception) {
-        val message = e.message?.trim().orEmpty().ifEmpty { "gateway unreachable" }
-        PairResult(ok = false, token = null, error = message)
-      } finally {
+      if (tls != null) {
        try {
-          socket.close()
-        } catch (_: Throwable) {
-          // ignore
+          return@withContext pairAndHelloWithTls(endpoint, hello, tls, onTlsFingerprint)
+        } catch (e: Exception) {
+          if (tls.required) throw e
        }
      }
+      pairAndHelloWithTls(endpoint, hello, null, null)
    }
+
+  private fun pairAndHelloWithTls(
+    endpoint: BridgeEndpoint,
+    hello: Hello,
+    tls: BridgeTlsParams?,
+    onTlsFingerprint: ((String) -> Unit)?,
+  ): PairResult {
+    val socket =
+      createBridgeSocket(tls) { fingerprint ->
+        onTlsFingerprint?.invoke(fingerprint)
+      }
+    socket.tcpNoDelay = true
+    try {
+      socket.connect(InetSocketAddress(endpoint.host, endpoint.port), 8_000)
+      socket.soTimeout = 60_000
+      startTlsHandshakeIfNeeded(socket)
+
+      val reader = BufferedReader(InputStreamReader(socket.getInputStream(), Charsets.UTF_8))
+      val writer = BufferedWriter(OutputStreamWriter(socket.getOutputStream(), Charsets.UTF_8))
+
+      fun send(line: String) {
+        writer.write(line)
+        writer.write("\n")
+        writer.flush()
+      }
+
+      fun sendJson(obj: JsonObject) = send(obj.toString())
+
+      sendJson(
+        buildJsonObject {
+          put("type", JsonPrimitive("hello"))
+          put("nodeId", JsonPrimitive(hello.nodeId))
+          hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
+          hello.token?.let { put("token", JsonPrimitive(it)) }
+          hello.platform?.let { put("platform", JsonPrimitive(it)) }
+          hello.version?.let { put("version", JsonPrimitive(it)) }
+          hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
+          hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
+          hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
+          hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
+        },
+      )
+
+      val firstObj = json.parseToJsonElement(reader.readLine()).asObjectOrNull()
+        ?: return PairResult(ok = false, token = null, error = "unexpected bridge response")
+      return when (firstObj["type"].asStringOrNull()) {
+        "hello-ok" -> PairResult(ok = true, token = hello.token)
+        "error" -> {
+          val code = firstObj["code"].asStringOrNull() ?: "UNAVAILABLE"
+          val message = firstObj["message"].asStringOrNull() ?: "pairing required"
+          if (code != "NOT_PAIRED" && code != "UNAUTHORIZED") {
+            return PairResult(ok = false, token = null, error = "$code: $message")
+          }
+
+          sendJson(
+            buildJsonObject {
+              put("type", JsonPrimitive("pair-request"))
+              put("nodeId", JsonPrimitive(hello.nodeId))
+              hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
+              hello.platform?.let { put("platform", JsonPrimitive(it)) }
+              hello.version?.let { put("version", JsonPrimitive(it)) }
+              hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
+              hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
+              hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
+              hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
+            },
+          )
+
+          while (true) {
+            val nextLine = reader.readLine() ?: break
+            val next = json.parseToJsonElement(nextLine).asObjectOrNull() ?: continue
+            when (next["type"].asStringOrNull()) {
+              "pair-ok" -> {
+                val token = next["token"].asStringOrNull()
+                return PairResult(ok = !token.isNullOrBlank(), token = token)
+              }
+              "error" -> {
+                val c = next["code"].asStringOrNull() ?: "UNAVAILABLE"
+                val m = next["message"].asStringOrNull() ?: "pairing failed"
+                return PairResult(ok = false, token = null, error = "$c: $m")
+              }
+            }
+          }
+          PairResult(ok = false, token = null, error = "pairing failed")
+        }
+        else -> PairResult(ok = false, token = null, error = "unexpected bridge response")
+      }
+    } catch (e: Exception) {
+      val message = e.message?.trim().orEmpty().ifEmpty { "gateway unreachable" }
+      return PairResult(ok = false, token = null, error = message)
+    } finally {
+      try {
+        socket.close()
+      } catch (_: Throwable) {
+        // ignore
+      }
+    }
+  }
 }

 private fun JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeSession.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeSession.kt
@@ -35,6 +35,7 @@ class BridgeSession(
  private val onDisconnected: (message: String) -> Unit,
  private val onEvent: (event: String, payloadJson: String?) -> Unit,
  private val onInvoke: suspend (InvokeRequest) -> InvokeResult,
+  private val onTlsFingerprint: ((stableId: String, fingerprint: String) -> Unit)? = null,
 ) {
  data class Hello(
    val nodeId: String,
@@ -66,11 +67,17 @@ class BridgeSession(
  @Volatile private var canvasHostUrl: String? = null
  @Volatile private var mainSessionKey: String? = null

-  private var desired: Pair<BridgeEndpoint, Hello>? = null
+  private data class DesiredConnection(
+    val endpoint: BridgeEndpoint,
+    val hello: Hello,
+    val tls: BridgeTlsParams?,
+  )
+
+  private var desired: DesiredConnection? = null
  private var job: Job? = null

-  fun connect(endpoint: BridgeEndpoint, hello: Hello) {
-    desired = endpoint to hello
+  fun connect(endpoint: BridgeEndpoint, hello: Hello, tls: BridgeTlsParams? = null) {
+    desired = DesiredConnection(endpoint, hello, tls)
    if (job == null) {
      job = scope.launch(Dispatchers.IO) { runLoop() }
    }
@@ -78,7 +85,7 @@ class BridgeSession(

  suspend fun updateHello(hello: Hello) {
    val target = desired ?: return
-    desired = target.first to hello
+    desired = target.copy(hello = hello)
    val conn = currentConnection ?: return
    conn.sendJson(buildHelloJson(hello))
  }
@@ -165,10 +172,10 @@ class BridgeSession(
        continue
      }

-      val (endpoint, hello) = target
+      val (endpoint, hello, tls) = target
      try {
        onDisconnected(if (attempt == 0) "Connecting…" else "Reconnecting…")
-        connectOnce(endpoint, hello)
+        connectOnce(endpoint, hello, tls)
        attempt = 0
      } catch (err: Throwable) {
        attempt += 1
@@ -192,60 +199,76 @@ class BridgeSession(
    return InvokeResult.error(code = "UNAVAILABLE", message = msg)
  }

-  private suspend fun connectOnce(endpoint: BridgeEndpoint, hello: Hello) =
+  private suspend fun connectOnce(endpoint: BridgeEndpoint, hello: Hello, tls: BridgeTlsParams?) =
    withContext(Dispatchers.IO) {
-      val socket = Socket()
-      socket.tcpNoDelay = true
-      socket.connect(InetSocketAddress(endpoint.host, endpoint.port), 8_000)
-      socket.soTimeout = 0
-
-      val reader = BufferedReader(InputStreamReader(socket.getInputStream(), Charsets.UTF_8))
-      val writer = BufferedWriter(OutputStreamWriter(socket.getOutputStream(), Charsets.UTF_8))
-
-      val conn = Connection(socket, reader, writer, writeLock)
-      currentConnection = conn
-
-      try {
-        conn.sendJson(buildHelloJson(hello))
-
-        val firstLine = reader.readLine() ?: throw IllegalStateException("bridge closed connection")
-        val first = json.parseToJsonElement(firstLine).asObjectOrNull()
-          ?: throw IllegalStateException("unexpected bridge response")
-        when (first["type"].asStringOrNull()) {
-          "hello-ok" -> {
-            val name = first["serverName"].asStringOrNull() ?: "Bridge"
-            val rawCanvasUrl = first["canvasHostUrl"].asStringOrNull()?.trim()?.ifEmpty { null }
-            val rawMainSessionKey = first["mainSessionKey"].asStringOrNull()?.trim()?.ifEmpty { null }
-            canvasHostUrl = normalizeCanvasHostUrl(rawCanvasUrl, endpoint)
-            mainSessionKey = rawMainSessionKey
-            if (BuildConfig.DEBUG) {
-              // Local JVM unit tests use android.jar stubs; Log.d can throw "not mocked".
-              runCatching {
-                android.util.Log.d(
-                  "ClawdbotBridge",
-                  "canvasHostUrl resolved=${canvasHostUrl ?: "none"} (raw=${rawCanvasUrl ?: "none"})",
-                )
-              }
-            }
-            onConnected(name, conn.remoteAddress, rawMainSessionKey)
-          }
-          "error" -> {
-            val code = first["code"].asStringOrNull() ?: "UNAVAILABLE"
-            val msg = first["message"].asStringOrNull() ?: "connect failed"
-            throw IllegalStateException("$code: $msg")
-          }
-          else -> throw IllegalStateException("unexpected bridge response")
+      if (tls != null) {
+        try {
+          connectWithSocket(endpoint, hello, tls)
+          return@withContext
+        } catch (err: Throwable) {
+          if (tls.required) throw err
        }
+      }
+      connectWithSocket(endpoint, hello, null)
+    }

-        while (scope.isActive) {
-          val line = reader.readLine() ?: break
-          val frame = json.parseToJsonElement(line).asObjectOrNull() ?: continue
-          when (frame["type"].asStringOrNull()) {
-            "event" -> {
-              val event = frame["event"].asStringOrNull() ?: return@withContext
-              val payload = frame["payloadJSON"].asStringOrNull()
-              onEvent(event, payload)
+  private suspend fun connectWithSocket(endpoint: BridgeEndpoint, hello: Hello, tls: BridgeTlsParams?) {
+    val socket =
+      createBridgeSocket(tls) { fingerprint ->
+        onTlsFingerprint?.invoke(tls?.stableId ?: endpoint.stableId, fingerprint)
+      }
+    socket.tcpNoDelay = true
+    socket.connect(InetSocketAddress(endpoint.host, endpoint.port), 8_000)
+    socket.soTimeout = 0
+    startTlsHandshakeIfNeeded(socket)
+
+    val reader = BufferedReader(InputStreamReader(socket.getInputStream(), Charsets.UTF_8))
+    val writer = BufferedWriter(OutputStreamWriter(socket.getOutputStream(), Charsets.UTF_8))
+
+    val conn = Connection(socket, reader, writer, writeLock)
+    currentConnection = conn
+
+    try {
+      conn.sendJson(buildHelloJson(hello))
+
+      val firstLine = reader.readLine() ?: throw IllegalStateException("bridge closed connection")
+      val first = json.parseToJsonElement(firstLine).asObjectOrNull()
+        ?: throw IllegalStateException("unexpected bridge response")
+      when (first["type"].asStringOrNull()) {
+        "hello-ok" -> {
+          val name = first["serverName"].asStringOrNull() ?: "Bridge"
+          val rawCanvasUrl = first["canvasHostUrl"].asStringOrNull()?.trim()?.ifEmpty { null }
+          val rawMainSessionKey = first["mainSessionKey"].asStringOrNull()?.trim()?.ifEmpty { null }
+          canvasHostUrl = normalizeCanvasHostUrl(rawCanvasUrl, endpoint)
+          mainSessionKey = rawMainSessionKey
+          if (BuildConfig.DEBUG) {
+            // Local JVM unit tests use android.jar stubs; Log.d can throw "not mocked".
+            runCatching {
+              android.util.Log.d(
+                "ClawdbotBridge",
+                "canvasHostUrl resolved=${canvasHostUrl ?: "none"} (raw=${rawCanvasUrl ?: "none"})",
+              )
            }
+          }
+          onConnected(name, conn.remoteAddress, rawMainSessionKey)
+        }
+        "error" -> {
+          val code = first["code"].asStringOrNull() ?: "UNAVAILABLE"
+          val msg = first["message"].asStringOrNull() ?: "connect failed"
+          throw IllegalStateException("$code: $msg")
+        }
+        else -> throw IllegalStateException("unexpected bridge response")
+      }
+
+      while (scope.isActive) {
+        val line = reader.readLine() ?: break
+        val frame = json.parseToJsonElement(line).asObjectOrNull() ?: continue
+        when (frame["type"].asStringOrNull()) {
+          "event" -> {
+            val event = frame["event"].asStringOrNull() ?: continue
+            val payload = frame["payloadJSON"].asStringOrNull()
+            onEvent(event, payload)
+          }
            "ping" -> {
              val id = frame["id"].asStringOrNull() ?: ""
              conn.sendJson(buildJsonObject { put("type", JsonPrimitive("pong")); put("id", JsonPrimitive(id)) })
@@ -291,20 +314,20 @@ class BridgeSession(
                },
              )
            }
-            "invoke-res" -> {
-              // gateway->node only (ignore)
-            }
+          "invoke-res" -> {
+            // gateway->node only (ignore)
          }
        }
-      } finally {
-        currentConnection = null
-        for ((_, waiter) in pending) {
-          waiter.cancel()
-        }
-        pending.clear()
-        conn.closeQuietly()
      }
+    } finally {
+      currentConnection = null
+      for ((_, waiter) in pending) {
+        waiter.cancel()
+      }
+      pending.clear()
+      conn.closeQuietly()
    }
+  }

  private fun buildHelloJson(hello: Hello): JsonObject =
    buildJsonObject {
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeTls.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeTls.kt
@@ -0,0 +1,81 @@
+package com.clawdbot.android.bridge
+
+import android.annotation.SuppressLint
+import java.net.Socket
+import java.security.MessageDigest
+import java.security.SecureRandom
+import java.security.cert.CertificateException
+import java.security.cert.X509Certificate
+import javax.net.ssl.SSLContext
+import javax.net.ssl.SSLSocket
+import javax.net.ssl.TrustManagerFactory
+import javax.net.ssl.X509TrustManager
+
+data class BridgeTlsParams(
+  val required: Boolean,
+  val expectedFingerprint: String?,
+  val allowTOFU: Boolean,
+  val stableId: String,
+)
+
+fun createBridgeSocket(params: BridgeTlsParams?, onStore: ((String) -> Unit)? = null): Socket {
+  if (params == null) return Socket()
+  val expected = params.expectedFingerprint?.let(::normalizeFingerprint)
+  val defaultTrust = defaultTrustManager()
+  @SuppressLint("CustomX509TrustManager")
+  val trustManager =
+    object : X509TrustManager {
+      override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) {
+        defaultTrust.checkClientTrusted(chain, authType)
+      }
+
+      override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) {
+        if (chain.isEmpty()) throw CertificateException("empty certificate chain")
+        val fingerprint = sha256Hex(chain[0].encoded)
+        if (expected != null) {
+          if (fingerprint != expected) {
+            throw CertificateException("bridge TLS fingerprint mismatch")
+          }
+          return
+        }
+        if (params.allowTOFU) {
+          onStore?.invoke(fingerprint)
+          return
+        }
+        defaultTrust.checkServerTrusted(chain, authType)
+      }
+
+      override fun getAcceptedIssuers(): Array<X509Certificate> = defaultTrust.acceptedIssuers
+    }
+
+  val context = SSLContext.getInstance("TLS")
+  context.init(null, arrayOf(trustManager), SecureRandom())
+  return context.socketFactory.createSocket()
+}
+
+fun startTlsHandshakeIfNeeded(socket: Socket) {
+  if (socket is SSLSocket) {
+    socket.startHandshake()
+  }
+}
+
+private fun defaultTrustManager(): X509TrustManager {
+  val factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
+  factory.init(null as java.security.KeyStore?)
+  val trust =
+    factory.trustManagers.firstOrNull { it is X509TrustManager } as? X509TrustManager
+  return trust ?: throw IllegalStateException("No default X509TrustManager found")
+}
+
+private fun sha256Hex(data: ByteArray): String {
+  val digest = MessageDigest.getInstance("SHA-256").digest(data)
+  val out = StringBuilder(digest.size * 2)
+  for (byte in digest) {
+    out.append(String.format("%02x", byte))
+  }
+  return out.toString()
+}
+
+private fun normalizeFingerprint(raw: String): String {
+  return raw.lowercase().filter { it in '0'..'9' || it in 'a'..'f' }
+}
--- a/apps/ios/Sources/Bridge/BridgeClient.swift
+++ b/apps/ios/Sources/Bridge/BridgeClient.swift
@@ -10,10 +10,36 @@ actor BridgeClient {
    func pairAndHello(
        endpoint: NWEndpoint,
        hello: BridgeHello,
+        tls: BridgeTLSParams? = nil,
+        onStatus: (@Sendable (String) -> Void)? = nil) async throws -> String
+    {
+        do {
+            return try await self.pairAndHelloOnce(
+                endpoint: endpoint,
+                hello: hello,
+                tls: tls,
+                onStatus: onStatus)
+        } catch {
+            if let tls, !tls.required {
+                return try await self.pairAndHelloOnce(
+                    endpoint: endpoint,
+                    hello: hello,
+                    tls: nil,
+                    onStatus: onStatus)
+            }
+            throw error
+        }
+    }
+
+    private func pairAndHelloOnce(
+        endpoint: NWEndpoint,
+        hello: BridgeHello,
+        tls: BridgeTLSParams?,
        onStatus: (@Sendable (String) -> Void)? = nil) async throws -> String
    {
        self.lineBuffer = Data()
-        let connection = NWConnection(to: endpoint, using: .tcp)
+        let params = self.makeParameters(tls: tls)
+        let connection = NWConnection(to: endpoint, using: params)
        let queue = DispatchQueue(label: "com.clawdbot.ios.bridge-client")
        defer { connection.cancel() }
        try await self.withTimeout(seconds: 8, purpose: "connect") {
@@ -142,6 +168,18 @@ actor BridgeClient {
        }
    }

+    private func makeParameters(tls: BridgeTLSParams?) -> NWParameters {
+        if let tlsOptions = makeBridgeTLSOptions(tls) {
+            let tcpOptions = NWProtocolTCP.Options()
+            let params = NWParameters(tls: tlsOptions, tcp: tcpOptions)
+            params.includePeerToPeer = true
+            return params
+        }
+        let params = NWParameters.tcp
+        params.includePeerToPeer = true
+        return params
+    }
+
    private struct TimeoutError: LocalizedError, Sendable {
        var purpose: String
        var seconds: Int
--- a/apps/ios/Sources/Bridge/BridgeConnectionController.swift
+++ b/apps/ios/Sources/Bridge/BridgeConnectionController.swift
@@ -10,6 +10,7 @@ protocol BridgePairingClient: Sendable {
    func pairAndHello(
        endpoint: NWEndpoint,
        hello: BridgeHello,
+        tls: BridgeTLSParams?,
        onStatus: (@Sendable (String) -> Void)?) async throws -> String
 }

@@ -115,9 +116,12 @@ final class BridgeConnectionController {

            self.didAutoConnect = true
            let endpoint = NWEndpoint.hostPort(host: NWEndpoint.Host(manualHost), port: port)
+            let stableID = BridgeEndpointID.stableID(endpoint)
+            let tlsParams = self.resolveManualTLSParams(stableID: stableID)
            self.startAutoConnect(
                endpoint: endpoint,
-                bridgeStableID: BridgeEndpointID.stableID(endpoint),
+                bridgeStableID: stableID,
+                tls: tlsParams,
                token: token,
                instanceId: instanceId)
            return
@@ -135,10 +139,12 @@ final class BridgeConnectionController {

        guard let target = self.bridges.first(where: { $0.stableID == targetStableID }) else { return }

+        let tlsParams = self.resolveDiscoveredTLSParams(bridge: target)
        self.didAutoConnect = true
        self.startAutoConnect(
            endpoint: target.endpoint,
            bridgeStableID: target.stableID,
+            tls: tlsParams,
            token: token,
            instanceId: instanceId)
    }
@@ -182,6 +188,7 @@ final class BridgeConnectionController {
    private func startAutoConnect(
        endpoint: NWEndpoint,
        bridgeStableID: String,
+        tls: BridgeTLSParams?,
        token: String,
        instanceId: String)
    {
@@ -193,6 +200,7 @@ final class BridgeConnectionController {
                let refreshed = try await self.bridgeClientFactory().pairAndHello(
                    endpoint: endpoint,
                    hello: hello,
+                    tls: tls,
                    onStatus: { status in
                        Task { @MainActor in
                            appModel.bridgeStatusText = status
@@ -208,6 +216,7 @@ final class BridgeConnectionController {
                appModel.connectToBridge(
                    endpoint: endpoint,
                    bridgeStableID: bridgeStableID,
+                    tls: tls,
                    hello: self.makeHello(token: resolvedToken))
            } catch {
                await MainActor.run {
@@ -217,6 +226,47 @@ final class BridgeConnectionController {
        }
    }

+    private func resolveDiscoveredTLSParams(
+        bridge: BridgeDiscoveryModel.DiscoveredBridge) -> BridgeTLSParams?
+    {
+        let stableID = bridge.stableID
+        let stored = BridgeTLSStore.loadFingerprint(stableID: stableID)
+
+        if bridge.tlsEnabled || bridge.tlsFingerprintSha256 != nil {
+            return BridgeTLSParams(
+                required: true,
+                expectedFingerprint: bridge.tlsFingerprintSha256 ?? stored,
+                allowTOFU: stored == nil,
+                storeKey: stableID)
+        }
+
+        if let stored {
+            return BridgeTLSParams(
+                required: true,
+                expectedFingerprint: stored,
+                allowTOFU: false,
+                storeKey: stableID)
+        }
+
+        return nil
+    }
+
+    private func resolveManualTLSParams(stableID: String) -> BridgeTLSParams? {
+        if let stored = BridgeTLSStore.loadFingerprint(stableID: stableID) {
+            return BridgeTLSParams(
+                required: true,
+                expectedFingerprint: stored,
+                allowTOFU: false,
+                storeKey: stableID)
+        }
+
+        return BridgeTLSParams(
+            required: false,
+            expectedFingerprint: nil,
+            allowTOFU: true,
+            storeKey: stableID)
+    }
+
    private func resolvedDisplayName(defaults: UserDefaults) -> String {
        let key = "node.displayName"
        let existing = defaults.string(forKey: key)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
--- a/apps/ios/Sources/Bridge/BridgeDiscoveryModel.swift
+++ b/apps/ios/Sources/Bridge/BridgeDiscoveryModel.swift
@@ -23,6 +23,8 @@ final class BridgeDiscoveryModel {
        var gatewayPort: Int?
        var bridgePort: Int?
        var canvasPort: Int?
+        var tlsEnabled: Bool
+        var tlsFingerprintSha256: String?
        var cliPath: String?
    }

@@ -90,6 +92,8 @@ final class BridgeDiscoveryModel {
                                gatewayPort: Self.txtIntValue(txt, key: "gatewayPort"),
                                bridgePort: Self.txtIntValue(txt, key: "bridgePort"),
                                canvasPort: Self.txtIntValue(txt, key: "canvasPort"),
+                                tlsEnabled: Self.txtBoolValue(txt, key: "bridgeTls"),
+                                tlsFingerprintSha256: Self.txtValue(txt, key: "bridgeTlsSha256"),
                                cliPath: Self.txtValue(txt, key: "cliPath"))
                        default:
                            return nil
@@ -214,4 +218,9 @@ final class BridgeDiscoveryModel {
        guard let raw = self.txtValue(dict, key: key) else { return nil }
        return Int(raw)
    }
+
+    private static func txtBoolValue(_ dict: [String: String], key: String) -> Bool {
+        guard let raw = self.txtValue(dict, key: key)?.lowercased() else { return false }
+        return raw == "1" || raw == "true" || raw == "yes"
+    }
 }
--- a/apps/ios/Sources/Bridge/BridgeSession.swift
+++ b/apps/ios/Sources/Bridge/BridgeSession.swift
@@ -69,15 +69,42 @@ actor BridgeSession {
    func connect(
        endpoint: NWEndpoint,
        hello: BridgeHello,
+        tls: BridgeTLSParams? = nil,
        onConnected: (@Sendable (String, String?) async -> Void)? = nil,
        onInvoke: @escaping @Sendable (BridgeInvokeRequest) async -> BridgeInvokeResponse)
        async throws
    {
        await self.disconnect()
        self.state = .connecting
+        do {
+            try await self.connectOnce(
+                endpoint: endpoint,
+                hello: hello,
+                tls: tls,
+                onConnected: onConnected,
+                onInvoke: onInvoke)
+        } catch {
+            if let tls, !tls.required {
+                try await self.connectOnce(
+                    endpoint: endpoint,
+                    hello: hello,
+                    tls: nil,
+                    onConnected: onConnected,
+                    onInvoke: onInvoke)
+                return
+            }
+            throw error
+        }
+    }

-        let params = NWParameters.tcp
-        params.includePeerToPeer = true
+    private func connectOnce(
+        endpoint: NWEndpoint,
+        hello: BridgeHello,
+        tls: BridgeTLSParams?,
+        onConnected: (@Sendable (String, String?) async -> Void)?,
+        onInvoke: @escaping @Sendable (BridgeInvokeRequest) async -> BridgeInvokeResponse) async throws
+    {
+        let params = self.makeParameters(tls: tls)
        let connection = NWConnection(to: endpoint, using: params)
        let queue = DispatchQueue(label: "com.clawdbot.ios.bridge-session")
        self.connection = connection
@@ -255,6 +282,18 @@ actor BridgeSession {
        }
    }

+    private func makeParameters(tls: BridgeTLSParams?) -> NWParameters {
+        if let tlsOptions = makeBridgeTLSOptions(tls) {
+            let tcpOptions = NWProtocolTCP.Options()
+            let params = NWParameters(tls: tlsOptions, tcp: tcpOptions)
+            params.includePeerToPeer = true
+            return params
+        }
+        let params = NWParameters.tcp
+        params.includePeerToPeer = true
+        return params
+    }
+
    private func timeoutRPC(id: String) async {
        guard let cont = self.pendingRPC.removeValue(forKey: id) else { return }
        cont.resume(throwing: NSError(domain: "Bridge", code: 15, userInfo: [
--- a/apps/ios/Sources/Bridge/BridgeTLS.swift
+++ b/apps/ios/Sources/Bridge/BridgeTLS.swift
@@ -0,0 +1,66 @@
+import CryptoKit
+import Foundation
+import Network
+import Security
+
+struct BridgeTLSParams: Sendable {
+    let required: Bool
+    let expectedFingerprint: String?
+    let allowTOFU: Bool
+    let storeKey: String?
+}
+
+enum BridgeTLSStore {
+    private static let service = "com.clawdbot.bridge.tls"
+
+    static func loadFingerprint(stableID: String) -> String? {
+        KeychainStore.loadString(service: service, account: stableID)?.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+
+    static func saveFingerprint(_ value: String, stableID: String) {
+        _ = KeychainStore.saveString(value, service: service, account: stableID)
+    }
+}
+
+func makeBridgeTLSOptions(_ params: BridgeTLSParams?) -> NWProtocolTLS.Options? {
+    guard let params else { return nil }
+    let options = NWProtocolTLS.Options()
+    let expected = params.expectedFingerprint.map(normalizeBridgeFingerprint)
+    let allowTOFU = params.allowTOFU
+    let storeKey = params.storeKey
+
+    sec_protocol_options_set_verify_block(
+        options.securityProtocolOptions,
+        { _, trust, complete in
+            let trustRef = sec_trust_copy_ref(trust).takeRetainedValue()
+            if let chain = SecTrustCopyCertificateChain(trustRef) as? [SecCertificate],
+               let cert = chain.first
+            {
+                let data = SecCertificateCopyData(cert) as Data
+                let fingerprint = sha256Hex(data)
+                if let expected {
+                    complete(fingerprint == expected)
+                    return
+                }
+                if allowTOFU {
+                    if let storeKey { BridgeTLSStore.saveFingerprint(fingerprint, stableID: storeKey) }
+                    complete(true)
+                    return
+                }
+            }
+            let ok = SecTrustEvaluateWithError(trustRef, nil)
+            complete(ok)
+        },
+        DispatchQueue(label: "com.clawdbot.bridge.tls.verify"))
+
+    return options
+}
+
+private func sha256Hex(_ data: Data) -> String {
+    let digest = SHA256.hash(data: data)
+    return digest.map { String(format: "%02x", $0) }.joined()
+}
+
+private func normalizeBridgeFingerprint(_ raw: String) -> String {
+    raw.lowercased().filter { $0.isHexDigit }
+}
--- a/apps/ios/Sources/Camera/CameraController.swift
+++ b/apps/ios/Sources/Camera/CameraController.swift
@@ -190,14 +190,7 @@ actor CameraController {
    }

    func listDevices() -> [CameraDeviceInfo] {
-        let types: [AVCaptureDevice.DeviceType] = [
-            .builtInWideAngleCamera,
-        ]
-        let session = AVCaptureDevice.DiscoverySession(
-            deviceTypes: types,
-            mediaType: .video,
-            position: .unspecified)
-        return session.devices.map { device in
+        return Self.discoverVideoDevices().map { device in
            CameraDeviceInfo(
                id: device.uniqueID,
                name: device.localizedName,
@@ -232,7 +225,7 @@ actor CameraController {
        deviceId: String?) -> AVCaptureDevice?
    {
        if let deviceId, !deviceId.isEmpty {
-            if let match = AVCaptureDevice.devices(for: .video).first(where: { $0.uniqueID == deviceId }) {
+            if let match = Self.discoverVideoDevices().first(where: { $0.uniqueID == deviceId }) {
                return match
            }
        }
@@ -252,6 +245,24 @@ actor CameraController {
        }
    }

+    private nonisolated static func discoverVideoDevices() -> [AVCaptureDevice] {
+        let types: [AVCaptureDevice.DeviceType] = [
+            .builtInWideAngleCamera,
+            .builtInUltraWideCamera,
+            .builtInTelephotoCamera,
+            .builtInDualCamera,
+            .builtInDualWideCamera,
+            .builtInTripleCamera,
+            .builtInTrueDepthCamera,
+            .builtInLiDARDepthCamera,
+        ]
+        let session = AVCaptureDevice.DiscoverySession(
+            deviceTypes: types,
+            mediaType: .video,
+            position: .unspecified)
+        return session.devices
+    }
+
    nonisolated static func clampQuality(_ quality: Double?) -> Double {
        let q = quality ?? 0.9
        return min(1.0, max(0.05, q))
--- a/apps/ios/Sources/Model/NodeAppModel.swift
+++ b/apps/ios/Sources/Model/NodeAppModel.swift
@@ -205,6 +205,7 @@ final class NodeAppModel {
    func connectToBridge(
        endpoint: NWEndpoint,
        bridgeStableID: String,
+        tls: BridgeTLSParams?,
        hello: BridgeHello)
    {
        self.bridgeTask?.cancel()
@@ -232,6 +233,7 @@ final class NodeAppModel {
                    try await self.bridge.connect(
                        endpoint: endpoint,
                        hello: hello,
+                        tls: tls,
                        onConnected: { [weak self] serverName, mainSessionKey in
                            guard let self else { return }
                            await MainActor.run {
--- a/apps/ios/Sources/Screen/ScreenRecordService.swift
+++ b/apps/ios/Sources/Screen/ScreenRecordService.swift
@@ -137,9 +137,11 @@ final class ScreenRecordService: @unchecked Sendable {
        recordQueue: DispatchQueue) -> @Sendable (CMSampleBuffer, RPSampleBufferType, Error?) -> Void
    {
        { sample, type, error in
+            let sampleBox = UncheckedSendableBox(value: sample)
            // ReplayKit can call the capture handler on a background queue.
            // Serialize writes to avoid queue asserts.
            recordQueue.async {
+                let sample = sampleBox.value
                if let error {
                    state.withLock { state in
                        if state.handlerError == nil { state.handlerError = error }
--- a/apps/ios/Sources/Settings/SettingsTab.swift
+++ b/apps/ios/Sources/Settings/SettingsTab.swift
@@ -407,9 +407,11 @@ struct SettingsTab: View {
                modelIdentifier: self.modelIdentifier(),
                caps: self.currentCaps(),
                commands: self.currentCommands())
+            let tlsParams = self.resolveDiscoveredTLSParams(bridge: bridge)
            let token = try await BridgeClient().pairAndHello(
                endpoint: bridge.endpoint,
                hello: hello,
+                tls: tlsParams,
                onStatus: { status in
                    Task { @MainActor in
                        statusStore.text = status
@@ -426,6 +428,7 @@ struct SettingsTab: View {
            self.appModel.connectToBridge(
                endpoint: bridge.endpoint,
                bridgeStableID: bridge.stableID,
+                tls: tlsParams,
                hello: BridgeHello(
                    nodeId: self.instanceId,
                    displayName: self.displayName,
@@ -462,6 +465,8 @@ struct SettingsTab: View {
        defer { self.connectingBridgeID = nil }

        let endpoint: NWEndpoint = .hostPort(host: NWEndpoint.Host(host), port: port)
+        let stableID = BridgeEndpointID.stableID(endpoint)
+        let tlsParams = self.resolveManualTLSParams(stableID: stableID)

        do {
            let statusStore = self.connectStatus
@@ -485,6 +490,7 @@ struct SettingsTab: View {
            let token = try await BridgeClient().pairAndHello(
                endpoint: endpoint,
                hello: hello,
+                tls: tlsParams,
                onStatus: { status in
                    Task { @MainActor in
                        statusStore.text = status
@@ -500,7 +506,8 @@ struct SettingsTab: View {

            self.appModel.connectToBridge(
                endpoint: endpoint,
-                bridgeStableID: BridgeEndpointID.stableID(endpoint),
+                bridgeStableID: stableID,
+                tls: tlsParams,
                hello: BridgeHello(
                    nodeId: self.instanceId,
                    displayName: self.displayName,
@@ -517,6 +524,47 @@ struct SettingsTab: View {
        }
    }

+    private func resolveDiscoveredTLSParams(
+        bridge: BridgeDiscoveryModel.DiscoveredBridge) -> BridgeTLSParams?
+    {
+        let stableID = bridge.stableID
+        let stored = BridgeTLSStore.loadFingerprint(stableID: stableID)
+
+        if bridge.tlsEnabled || bridge.tlsFingerprintSha256 != nil {
+            return BridgeTLSParams(
+                required: true,
+                expectedFingerprint: bridge.tlsFingerprintSha256 ?? stored,
+                allowTOFU: stored == nil,
+                storeKey: stableID)
+        }
+
+        if let stored {
+            return BridgeTLSParams(
+                required: true,
+                expectedFingerprint: stored,
+                allowTOFU: false,
+                storeKey: stableID)
+        }
+
+        return nil
+    }
+
+    private func resolveManualTLSParams(stableID: String) -> BridgeTLSParams? {
+        if let stored = BridgeTLSStore.loadFingerprint(stableID: stableID) {
+            return BridgeTLSParams(
+                required: true,
+                expectedFingerprint: stored,
+                allowTOFU: false,
+                storeKey: stableID)
+        }
+
+        return BridgeTLSParams(
+            required: false,
+            expectedFingerprint: nil,
+            allowTOFU: true,
+            storeKey: stableID)
+    }
+
    private static func primaryIPv4Address() -> String? {
        var addrList: UnsafeMutablePointer<ifaddrs>?
        guard getifaddrs(&addrList) == 0, let first = addrList else { return nil }
--- a/apps/ios/SwiftSources.input.xcfilelist
+++ b/apps/ios/SwiftSources.input.xcfilelist
@@ -26,7 +26,8 @@ Sources/Voice/VoiceTab.swift
 Sources/Voice/VoiceWakeManager.swift
 Sources/Voice/VoiceWakePreferences.swift
 ../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatComposer.swift
-../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatMarkdownSplitter.swift
+../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatMarkdownRenderer.swift
+../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatMarkdownPreprocessor.swift
 ../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatMessageViews.swift
 ../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatModels.swift
 ../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatPayloadDecoding.swift
--- a/apps/ios/Tests/BridgeConnectionControllerTests.swift
+++ b/apps/ios/Tests/BridgeConnectionControllerTests.swift
@@ -27,6 +27,7 @@ private actor MockBridgePairingClient: BridgePairingClient {
    func pairAndHello(
        endpoint: NWEndpoint,
        hello: BridgeHello,
+        tls: BridgeTLSParams?,
        onStatus: (@Sendable (String) -> Void)?) async throws -> String
    {
        self.lastToken = hello.token
@@ -244,6 +245,8 @@ private func withKeychainValues<T>(
            gatewayPort: 18789,
            bridgePort: 18790,
            canvasPort: 18793,
+            tlsEnabled: false,
+            tlsFingerprintSha256: nil,
            cliPath: nil)
        let mock = MockBridgePairingClient(resultToken: "new-token")
        let account = "bridge-token.ios-test"
@@ -292,6 +295,8 @@ private func withKeychainValues<T>(
            gatewayPort: 18789,
            bridgePort: 18790,
            canvasPort: 18793,
+            tlsEnabled: false,
+            tlsFingerprintSha256: nil,
            cliPath: nil)
        let bridgeB = BridgeDiscoveryModel.DiscoveredBridge(
            name: "Gateway B",
@@ -303,6 +308,8 @@ private func withKeychainValues<T>(
            gatewayPort: 28789,
            bridgePort: 28790,
            canvasPort: 28793,
+            tlsEnabled: false,
+            tlsFingerprintSha256: nil,
            cliPath: nil)

        let mock = MockBridgePairingClient(resultToken: "token-ok")
--- a/apps/ios/project.yml
+++ b/apps/ios/project.yml
@@ -2,7 +2,7 @@ name: Clawdbot
 options:
  bundleIdPrefix: com.clawdbot
  deploymentTarget:
-    iOS: "17.0"
+    iOS: "18.0"
  xcodeVersion: "16.0"

 settings:
--- a/apps/macos/Package.resolved
+++ b/apps/macos/Package.resolved
@@ -1,5 +1,5 @@
 {
-  "originHash" : "9de32b5fc115432dadd84c3ab4d67d2fed22ffaf5675a77033d69ea194ac3862",
+  "originHash" : "7eec77e2b399c480e76fdfc7dc3162652f5c775530e9fc282953de38ef2de79b",
  "pins" : [
    {
      "identity" : "elevenlabskit",
@@ -73,6 +73,15 @@
        "revision" : "8e5e4a8f3617283b556064574651fc0869943c9a"
      }
    },
+    {
+      "identity" : "swift-concurrency-extras",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/pointfreeco/swift-concurrency-extras",
+      "state" : {
+        "revision" : "5a3825302b1a0d744183200915a47b508c828e6f",
+        "version" : "1.3.2"
+      }
+    },
    {
      "identity" : "swift-configuration",
      "kind" : "remoteSourceControl",
@@ -144,6 +153,24 @@
        "revision" : "395a77f0aa927f0ff73941d7ac35f2b46d47c9db",
        "version" : "1.6.3"
      }
+    },
+    {
+      "identity" : "swiftui-math",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/gonzalezreal/swiftui-math",
+      "state" : {
+        "revision" : "0b5c2cfaaec8d6193db206f675048eeb5ce95f71",
+        "version" : "0.1.0"
+      }
+    },
+    {
+      "identity" : "textual",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/gonzalezreal/textual",
+      "state" : {
+        "revision" : "a03c1e103d88de4ea0dd8320ea1611ec0d4b29b3",
+        "version" : "0.2.0"
+      }
    }
  ],
  "version" : 3
--- a/apps/macos/Sources/Clawdbot/AgentWorkspace.swift
+++ b/apps/macos/Sources/Clawdbot/AgentWorkspace.swift
@@ -307,8 +307,8 @@ enum AgentWorkspace {
        }
        let cwd = URL(fileURLWithPath: FileManager.default.currentDirectoryPath)
        urls.append(cwd.appendingPathComponent("docs")
-                        .appendingPathComponent(self.templateDirname)
-                        .appendingPathComponent(named))
+            .appendingPathComponent(self.templateDirname)
+            .appendingPathComponent(named))
        return urls
    }

--- a/apps/macos/Sources/Clawdbot/AnthropicAuthControls.swift
+++ b/apps/macos/Sources/Clawdbot/AnthropicAuthControls.swift
@@ -109,8 +109,8 @@ struct AnthropicAuthControls: View {
                    }
                    .buttonStyle(.bordered)
                    .disabled(self.busy || self.connectionMode != .local || self.code
-                                .trimmingCharacters(in: .whitespacesAndNewlines)
-                                .isEmpty)
+                        .trimmingCharacters(in: .whitespacesAndNewlines)
+                        .isEmpty)
                }
            }

--- a/apps/macos/Sources/Clawdbot/AnthropicOAuth.swift
+++ b/apps/macos/Sources/Clawdbot/AnthropicOAuth.swift
@@ -228,7 +228,7 @@ enum ClawdbotOAuthStore {
    static func oauthDir() -> URL {
        if let override = ProcessInfo.processInfo.environment[self.clawdbotOAuthDirEnv]?
            .trimmingCharacters(in: .whitespacesAndNewlines),
-           !override.isEmpty
+            !override.isEmpty
        {
            let expanded = NSString(string: override).expandingTildeInPath
            return URL(fileURLWithPath: expanded, isDirectory: true)
--- a/apps/macos/Sources/Clawdbot/AppState.swift
+++ b/apps/macos/Sources/Clawdbot/AppState.swift
@@ -170,6 +170,10 @@ final class AppState {
        didSet { self.ifNotPreview { UserDefaults.standard.set(self.canvasEnabled, forKey: canvasEnabledKey) } }
    }

+    var systemRunPolicy: SystemRunPolicy {
+        didSet { self.ifNotPreview { MacNodeConfigFile.setSystemRunPolicy(self.systemRunPolicy) } }
+    }
+
    /// Tracks whether the Canvas panel is currently visible (not persisted).
    var canvasPanelVisible: Bool = false

@@ -253,30 +257,8 @@ final class AppState {

        let configRoot = ClawdbotConfigFile.loadDict()
        let configGateway = configRoot["gateway"] as? [String: Any]
-        let configModeRaw = (configGateway?["mode"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines)
-        let configMode: ConnectionMode? = switch configModeRaw {
-        case "local":
-            .local
-        case "remote":
-            .remote
-        default:
-            nil
-        }
        let configRemoteUrl = (configGateway?["remote"] as? [String: Any])?["url"] as? String
-        let configHasRemoteUrl = !(configRemoteUrl?
-                                    .trimmingCharacters(in: .whitespacesAndNewlines)
-                                    .isEmpty ?? true)
-
-        let storedMode = UserDefaults.standard.string(forKey: connectionModeKey)
-        let resolvedConnectionMode: ConnectionMode = if let configMode {
-            configMode
-        } else if configHasRemoteUrl {
-            .remote
-        } else if let storedMode {
-            ConnectionMode(rawValue: storedMode) ?? .local
-        } else {
-            onboardingSeen ? .local : .unconfigured
-        }
+        let resolvedConnectionMode = ConnectionModeResolver.resolve(root: configRoot).mode
        self.connectionMode = resolvedConnectionMode

        let storedRemoteTarget = UserDefaults.standard.string(forKey: remoteTargetKey) ?? ""
@@ -292,6 +274,7 @@ final class AppState {
        self.remoteProjectRoot = UserDefaults.standard.string(forKey: remoteProjectRootKey) ?? ""
        self.remoteCliPath = UserDefaults.standard.string(forKey: remoteCliPathKey) ?? ""
        self.canvasEnabled = UserDefaults.standard.object(forKey: canvasEnabledKey) as? Bool ?? true
+        self.systemRunPolicy = SystemRunPolicy.load()
        self.peekabooBridgeEnabled = UserDefaults.standard
            .object(forKey: peekabooBridgeEnabledKey) as? Bool ?? true
        if !self.isPreview {
@@ -336,6 +319,15 @@ final class AppState {
        return host
    }

+    private static func sanitizeSSHTarget(_ value: String) -> String {
+        let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        if trimmed.hasPrefix("ssh ") {
+            return trimmed.replacingOccurrences(of: "ssh ", with: "")
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+        }
+        return trimmed
+    }
+
    private func startConfigWatcher() {
        let configUrl = ClawdbotConfigFile.url()
        self.configWatcher = ConfigFileWatcher(url: configUrl) { [weak self] in
@@ -356,8 +348,8 @@ final class AppState {
        let modeRaw = (gateway?["mode"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines)
        let remoteUrl = (gateway?["remote"] as? [String: Any])?["url"] as? String
        let hasRemoteUrl = !(remoteUrl?
-                                .trimmingCharacters(in: .whitespacesAndNewlines)
-                                .isEmpty ?? true)
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .isEmpty ?? true)

        let desiredMode: ConnectionMode? = switch modeRaw {
        case "local":
@@ -401,6 +393,7 @@ final class AppState {

        let connectionMode = self.connectionMode
        let remoteTarget = self.remoteTarget
+        let remoteIdentity = self.remoteIdentity
        let desiredMode: String? = switch connectionMode {
        case .local:
            "local"
@@ -430,15 +423,46 @@ final class AppState {
                changed = true
            }

-            if connectionMode == .remote, let host = remoteHost {
+            if connectionMode == .remote {
                var remote = gateway["remote"] as? [String: Any] ?? [:]
-                let existingUrl = (remote["url"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
-                let parsedExisting = existingUrl.isEmpty ? nil : URL(string: existingUrl)
-                let scheme = parsedExisting?.scheme?.isEmpty == false ? parsedExisting?.scheme : "ws"
-                let port = parsedExisting?.port ?? 18789
-                let desiredUrl = "\(scheme ?? "ws")://\(host):\(port)"
-                if existingUrl != desiredUrl {
-                    remote["url"] = desiredUrl
+                var remoteChanged = false
+
+                if let host = remoteHost {
+                    let existingUrl = (remote["url"] as? String)?
+                        .trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+                    let parsedExisting = existingUrl.isEmpty ? nil : URL(string: existingUrl)
+                    let scheme = parsedExisting?.scheme?.isEmpty == false ? parsedExisting?.scheme : "ws"
+                    let port = parsedExisting?.port ?? 18789
+                    let desiredUrl = "\(scheme ?? "ws")://\(host):\(port)"
+                    if existingUrl != desiredUrl {
+                        remote["url"] = desiredUrl
+                        remoteChanged = true
+                    }
+                }
+
+                let sanitizedTarget = Self.sanitizeSSHTarget(remoteTarget)
+                if !sanitizedTarget.isEmpty {
+                    if (remote["sshTarget"] as? String) != sanitizedTarget {
+                        remote["sshTarget"] = sanitizedTarget
+                        remoteChanged = true
+                    }
+                } else if remote["sshTarget"] != nil {
+                    remote.removeValue(forKey: "sshTarget")
+                    remoteChanged = true
+                }
+
+                let trimmedIdentity = remoteIdentity.trimmingCharacters(in: .whitespacesAndNewlines)
+                if !trimmedIdentity.isEmpty {
+                    if (remote["sshIdentity"] as? String) != trimmedIdentity {
+                        remote["sshIdentity"] = trimmedIdentity
+                        remoteChanged = true
+                    }
+                } else if remote["sshIdentity"] != nil {
+                    remote.removeValue(forKey: "sshIdentity")
+                    remoteChanged = true
+                }
+
+                if remoteChanged {
                    gateway["remote"] = remote
                    changed = true
                }
--- a/apps/macos/Sources/Clawdbot/Bridge/BridgeServer.swift
+++ b/apps/macos/Sources/Clawdbot/Bridge/BridgeServer.swift
@@ -182,12 +182,12 @@ actor BridgeServer {
                ?? "main"

            _ = await GatewayConnection.shared.sendAgent(GatewayAgentInvocation(
-                                                            message: text,
-                                                            sessionKey: sessionKey,
-                                                            thinking: "low",
-                                                            deliver: false,
-                                                            to: nil,
-                                                            channel: .last))
+                message: text,
+                sessionKey: sessionKey,
+                thinking: "low",
+                deliver: false,
+                to: nil,
+                channel: .last))

        case "agent.request":
            guard let json = evt.payloadJSON, let data = json.data(using: .utf8) else {
@@ -208,12 +208,12 @@ actor BridgeServer {
            let channel = GatewayAgentChannel(raw: link.channel)

            _ = await GatewayConnection.shared.sendAgent(GatewayAgentInvocation(
-                                                            message: message,
-                                                            sessionKey: sessionKey,
-                                                            thinking: thinking,
-                                                            deliver: link.deliver,
-                                                            to: to,
-                                                            channel: channel))
+                message: message,
+                sessionKey: sessionKey,
+                thinking: thinking,
+                deliver: link.deliver,
+                to: to,
+                channel: channel))

        default:
            break
--- a/apps/macos/Sources/Clawdbot/CanvasA2UIActionMessageHandler.swift
+++ b/apps/macos/Sources/Clawdbot/CanvasA2UIActionMessageHandler.swift
@@ -55,7 +55,7 @@ final class CanvasA2UIActionMessageHandler: NSObject, WKScriptMessageHandler {
        guard let name = ClawdbotCanvasA2UIAction.extractActionName(userAction) else { return }
        let actionId =
            (userAction["id"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines).nonEmpty
-            ?? UUID().uuidString
+                ?? UUID().uuidString

        canvasWindowLogger.info("A2UI action \(name, privacy: .public) session=\(self.sessionKey, privacy: .public)")

--- a/apps/macos/Sources/Clawdbot/CanvasFileWatcher.swift
+++ b/apps/macos/Sources/Clawdbot/CanvasFileWatcher.swift
@@ -39,13 +39,13 @@ final class CanvasFileWatcher: @unchecked Sendable {
                kFSEventStreamCreateFlagNoDefer)

        guard let stream = FSEventStreamCreate(
-                kCFAllocatorDefault,
-                Self.callback,
-                &context,
-                paths,
-                FSEventStreamEventId(kFSEventStreamEventIdSinceNow),
-                0.05,
-                flags)
+            kCFAllocatorDefault,
+            Self.callback,
+            &context,
+            paths,
+            FSEventStreamEventId(kFSEventStreamEventIdSinceNow),
+            0.05,
+            flags)
        else {
            retainedSelf.release()
            return
--- a/apps/macos/Sources/Clawdbot/CanvasWindowController.swift
+++ b/apps/macos/Sources/Clawdbot/CanvasWindowController.swift
@@ -242,8 +242,8 @@ final class CanvasWindowController: NSWindowController, WKNavigationDelegate, NS
        }

        guard let url = CanvasScheme.makeURL(
-                session: CanvasWindowController.sanitizeSessionKey(self.sessionKey),
-                path: trimmed)
+            session: CanvasWindowController.sanitizeSessionKey(self.sessionKey),
+            path: trimmed)
        else {
            canvasWindowLogger
                .error(
--- a/apps/macos/Sources/Clawdbot/ChannelConfigForm.swift
+++ b/apps/macos/Sources/Clawdbot/ChannelConfigForm.swift
@@ -0,0 +1,368 @@
+import SwiftUI
+
+struct ConfigSchemaForm: View {
+    @Bindable var store: ChannelsStore
+    let schema: ConfigSchemaNode
+    let path: ConfigPath
+
+    var body: some View {
+        self.renderNode(schema, path: path)
+    }
+
+    private func renderNode(_ schema: ConfigSchemaNode, path: ConfigPath) -> AnyView {
+        let storedValue = store.configValue(at: path)
+        let value = storedValue ?? schema.explicitDefault
+        let label = hintForPath(path, hints: store.configUiHints)?.label ?? schema.title
+        let help = hintForPath(path, hints: store.configUiHints)?.help ?? schema.description
+        let variants = schema.anyOf.isEmpty ? schema.oneOf : schema.anyOf
+
+        if !variants.isEmpty {
+            let nonNull = variants.filter { !$0.isNullSchema }
+            if nonNull.count == 1, let only = nonNull.first {
+                return self.renderNode(only, path: path)
+            }
+            let literals = nonNull.compactMap { $0.literalValue }
+            if !literals.isEmpty, literals.count == nonNull.count {
+                return AnyView(
+                    VStack(alignment: .leading, spacing: 6) {
+                        if let label { Text(label).font(.callout.weight(.semibold)) }
+                        if let help {
+                            Text(help)
+                                .font(.caption)
+                                .foregroundStyle(.secondary)
+                        }
+                        Picker("", selection: self.enumBinding(path, options: literals, defaultValue: schema.explicitDefault)) {
+                            Text("Select…").tag(-1)
+                            ForEach(literals.indices, id: \ .self) { index in
+                                Text(String(describing: literals[index])).tag(index)
+                            }
+                        }
+                        .pickerStyle(.menu)
+                    }
+                )
+            }
+        }
+
+        switch schema.schemaType {
+        case "object":
+            return AnyView(
+                VStack(alignment: .leading, spacing: 12) {
+                    if let label {
+                        Text(label)
+                            .font(.callout.weight(.semibold))
+                    }
+                    if let help {
+                        Text(help)
+                            .font(.caption)
+                            .foregroundStyle(.secondary)
+                    }
+                    let properties = schema.properties
+                    let sortedKeys = properties.keys.sorted { lhs, rhs in
+                        let orderA = hintForPath(path + [.key(lhs)], hints: store.configUiHints)?.order ?? 0
+                        let orderB = hintForPath(path + [.key(rhs)], hints: store.configUiHints)?.order ?? 0
+                        if orderA != orderB { return orderA < orderB }
+                        return lhs < rhs
+                    }
+                    ForEach(sortedKeys, id: \ .self) { key in
+                        if let child = properties[key] {
+                            self.renderNode(child, path: path + [.key(key)])
+                        }
+                    }
+                    if schema.allowsAdditionalProperties {
+                        self.renderAdditionalProperties(schema, path: path, value: value)
+                    }
+                }
+            )
+        case "array":
+            return AnyView(self.renderArray(schema, path: path, value: value, label: label, help: help))
+        case "boolean":
+            return AnyView(
+                Toggle(isOn: self.boolBinding(path, defaultValue: schema.explicitDefault as? Bool)) {
+                    if let label { Text(label) } else { Text("Enabled") }
+                }
+                .help(help ?? "")
+            )
+        case "number", "integer":
+            return AnyView(self.renderNumberField(schema, path: path, label: label, help: help))
+        case "string":
+            return AnyView(self.renderStringField(schema, path: path, label: label, help: help))
+        default:
+            return AnyView(
+                VStack(alignment: .leading, spacing: 6) {
+                    if let label { Text(label).font(.callout.weight(.semibold)) }
+                    Text("Unsupported field type.")
+                        .font(.caption)
+                        .foregroundStyle(.secondary)
+                }
+            )
+        }
+    }
+
+    @ViewBuilder
+    private func renderStringField(
+        _ schema: ConfigSchemaNode,
+        path: ConfigPath,
+        label: String?,
+        help: String?) -> some View
+    {
+        let hint = hintForPath(path, hints: store.configUiHints)
+        let placeholder = hint?.placeholder ?? ""
+        let sensitive = hint?.sensitive ?? isSensitivePath(path)
+        let defaultValue = schema.explicitDefault as? String
+        VStack(alignment: .leading, spacing: 6) {
+            if let label { Text(label).font(.callout.weight(.semibold)) }
+            if let help {
+                Text(help)
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+            }
+            if let options = schema.enumValues {
+                Picker("", selection: self.enumBinding(path, options: options, defaultValue: schema.explicitDefault)) {
+                    Text("Select…").tag(-1)
+                    ForEach(options.indices, id: \ .self) { index in
+                        Text(String(describing: options[index])).tag(index)
+                    }
+                }
+                .pickerStyle(.menu)
+            } else if sensitive {
+                SecureField(placeholder, text: self.stringBinding(path, defaultValue: defaultValue))
+                    .textFieldStyle(.roundedBorder)
+            } else {
+                TextField(placeholder, text: self.stringBinding(path, defaultValue: defaultValue))
+                    .textFieldStyle(.roundedBorder)
+            }
+        }
+    }
+
+    @ViewBuilder
+    private func renderNumberField(
+        _ schema: ConfigSchemaNode,
+        path: ConfigPath,
+        label: String?,
+        help: String?) -> some View
+    {
+        let defaultValue = (schema.explicitDefault as? Double)
+            ?? (schema.explicitDefault as? Int).map(Double.init)
+        VStack(alignment: .leading, spacing: 6) {
+            if let label { Text(label).font(.callout.weight(.semibold)) }
+            if let help {
+                Text(help)
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+            }
+            TextField(
+                "",
+                text: self.numberBinding(
+                    path,
+                    isInteger: schema.schemaType == "integer",
+                    defaultValue: defaultValue
+                )
+            )
+                .textFieldStyle(.roundedBorder)
+        }
+    }
+
+    @ViewBuilder
+    private func renderArray(
+        _ schema: ConfigSchemaNode,
+        path: ConfigPath,
+        value: Any?,
+        label: String?,
+        help: String?) -> some View
+    {
+        let items = value as? [Any] ?? []
+        let itemSchema = schema.items
+        VStack(alignment: .leading, spacing: 10) {
+            if let label { Text(label).font(.callout.weight(.semibold)) }
+            if let help {
+                Text(help)
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+            }
+            ForEach(items.indices, id: \ .self) { index in
+                HStack(alignment: .top, spacing: 8) {
+                    if let itemSchema {
+                        self.renderNode(itemSchema, path: path + [.index(index)])
+                    } else {
+                        Text(String(describing: items[index]))
+                    }
+                    Button("Remove") {
+                        var next = items
+                        next.remove(at: index)
+                        store.updateConfigValue(path: path, value: next)
+                    }
+                    .buttonStyle(.bordered)
+                    .controlSize(.small)
+                }
+            }
+            Button("Add") {
+                var next = items
+                if let itemSchema {
+                    next.append(itemSchema.defaultValue)
+                } else {
+                    next.append("")
+                }
+                store.updateConfigValue(path: path, value: next)
+            }
+            .buttonStyle(.bordered)
+            .controlSize(.small)
+        }
+    }
+
+    @ViewBuilder
+    private func renderAdditionalProperties(
+        _ schema: ConfigSchemaNode,
+        path: ConfigPath,
+        value: Any?) -> some View
+    {
+        if let additionalSchema = schema.additionalProperties {
+            let dict = value as? [String: Any] ?? [:]
+            let reserved = Set(schema.properties.keys)
+            let extras = dict.keys.filter { !reserved.contains($0) }.sorted()
+
+            VStack(alignment: .leading, spacing: 8) {
+                Text("Extra entries")
+                    .font(.callout.weight(.semibold))
+                if extras.isEmpty {
+                    Text("No extra entries yet.")
+                        .font(.caption)
+                        .foregroundStyle(.secondary)
+                } else {
+                    ForEach(extras, id: \ .self) { key in
+                        let itemPath: ConfigPath = path + [.key(key)]
+                        HStack(alignment: .top, spacing: 8) {
+                            TextField("Key", text: self.mapKeyBinding(path: path, key: key))
+                                .textFieldStyle(.roundedBorder)
+                                .frame(width: 160)
+                            self.renderNode(additionalSchema, path: itemPath)
+                            Button("Remove") {
+                                var next = dict
+                                next.removeValue(forKey: key)
+                                store.updateConfigValue(path: path, value: next)
+                            }
+                            .buttonStyle(.bordered)
+                            .controlSize(.small)
+                        }
+                    }
+                }
+                Button("Add") {
+                    var next = dict
+                    var index = 1
+                    var key = "new-\(index)"
+                    while next[key] != nil {
+                        index += 1
+                        key = "new-\(index)"
+                    }
+                    next[key] = additionalSchema.defaultValue
+                    store.updateConfigValue(path: path, value: next)
+                }
+                .buttonStyle(.bordered)
+                .controlSize(.small)
+            }
+        }
+    }
+
+    private func stringBinding(_ path: ConfigPath, defaultValue: String?) -> Binding<String> {
+        Binding(
+            get: {
+                if let value = store.configValue(at: path) as? String { return value }
+                return defaultValue ?? ""
+            },
+            set: { newValue in
+                let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
+                store.updateConfigValue(path: path, value: trimmed.isEmpty ? nil : trimmed)
+            }
+        )
+    }
+
+    private func boolBinding(_ path: ConfigPath, defaultValue: Bool?) -> Binding<Bool> {
+        Binding(
+            get: {
+                if let value = store.configValue(at: path) as? Bool { return value }
+                return defaultValue ?? false
+            },
+            set: { newValue in
+                store.updateConfigValue(path: path, value: newValue)
+            }
+        )
+    }
+
+    private func numberBinding(
+        _ path: ConfigPath,
+        isInteger: Bool,
+        defaultValue: Double?
+    ) -> Binding<String> {
+        Binding(
+            get: {
+                if let value = store.configValue(at: path) { return String(describing: value) }
+                guard let defaultValue else { return "" }
+                return isInteger ? String(Int(defaultValue)) : String(defaultValue)
+            },
+            set: { newValue in
+                let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
+                if trimmed.isEmpty {
+                    store.updateConfigValue(path: path, value: nil)
+                } else if let value = Double(trimmed) {
+                    store.updateConfigValue(path: path, value: isInteger ? Int(value) : value)
+                }
+            }
+        )
+    }
+
+    private func enumBinding(
+        _ path: ConfigPath,
+        options: [Any],
+        defaultValue: Any?
+    ) -> Binding<Int> {
+        Binding(
+            get: {
+                let value = store.configValue(at: path) ?? defaultValue
+                guard let value else { return -1 }
+                return options.firstIndex { option in
+                    String(describing: option) == String(describing: value)
+                } ?? -1
+            },
+            set: { index in
+                guard index >= 0, index < options.count else {
+                    store.updateConfigValue(path: path, value: nil)
+                    return
+                }
+                store.updateConfigValue(path: path, value: options[index])
+            }
+        )
+    }
+
+    private func mapKeyBinding(path: ConfigPath, key: String) -> Binding<String> {
+        Binding(
+            get: { key },
+            set: { newValue in
+                let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
+                guard !trimmed.isEmpty else { return }
+                guard trimmed != key else { return }
+                let current = store.configValue(at: path) as? [String: Any] ?? [:]
+                guard current[trimmed] == nil else { return }
+                var next = current
+                next[trimmed] = current[key]
+                next.removeValue(forKey: key)
+                store.updateConfigValue(path: path, value: next)
+            }
+        )
+    }
+}
+
+struct ChannelConfigForm: View {
+    @Bindable var store: ChannelsStore
+    let channelId: String
+
+    var body: some View {
+        if store.configSchemaLoading {
+            ProgressView().controlSize(.small)
+        } else if let schema = store.channelConfigSchema(for: channelId) {
+            ConfigSchemaForm(store: store, schema: schema, path: [.key("channels"), .key(channelId)])
+        } else {
+            Text("Schema unavailable for this channel.")
+                .font(.caption)
+                .foregroundStyle(.secondary)
+        }
+    }
+}
--- a/apps/macos/Sources/Clawdbot/ChannelsSettings+ChannelSections.swift
+++ b/apps/macos/Sources/Clawdbot/ChannelsSettings+ChannelSections.swift
@@ -0,0 +1,139 @@
+import SwiftUI
+
+extension ChannelsSettings {
+    func formSection(_ title: String, @ViewBuilder content: () -> some View) -> some View {
+        GroupBox(title) {
+            VStack(alignment: .leading, spacing: 10) {
+                content()
+            }
+            .frame(maxWidth: .infinity, alignment: .leading)
+        }
+    }
+
+    @ViewBuilder
+    func channelHeaderActions(_ channel: ChannelItem) -> some View {
+        HStack(spacing: 8) {
+            if channel.id == "whatsapp" {
+                Button("Logout") {
+                    Task { await self.store.logoutWhatsApp() }
+                }
+                .buttonStyle(.bordered)
+                .disabled(self.store.whatsappBusy)
+            }
+
+            if channel.id == "telegram" {
+                Button("Logout") {
+                    Task { await self.store.logoutTelegram() }
+                }
+                .buttonStyle(.bordered)
+                .disabled(self.store.telegramBusy)
+            }
+
+            Button {
+                Task { await self.store.refresh(probe: true) }
+            } label: {
+                if self.store.isRefreshing {
+                    ProgressView().controlSize(.small)
+                } else {
+                    Text("Refresh")
+                }
+            }
+            .buttonStyle(.bordered)
+            .disabled(self.store.isRefreshing)
+        }
+        .controlSize(.small)
+    }
+
+    var whatsAppSection: some View {
+        VStack(alignment: .leading, spacing: 16) {
+            self.formSection("Linking") {
+                if let message = self.store.whatsappLoginMessage {
+                    Text(message)
+                        .font(.caption)
+                        .foregroundStyle(.secondary)
+                        .fixedSize(horizontal: false, vertical: true)
+                }
+
+                if let qr = self.store.whatsappLoginQrDataUrl, let image = self.qrImage(from: qr) {
+                    Image(nsImage: image)
+                        .resizable()
+                        .interpolation(.none)
+                        .frame(width: 180, height: 180)
+                        .cornerRadius(8)
+                }
+
+                HStack(spacing: 12) {
+                    Button {
+                        Task { await self.store.startWhatsAppLogin(force: false) }
+                    } label: {
+                        if self.store.whatsappBusy {
+                            ProgressView().controlSize(.small)
+                        } else {
+                            Text("Show QR")
+                        }
+                    }
+                    .buttonStyle(.borderedProminent)
+                    .disabled(self.store.whatsappBusy)
+
+                    Button("Relink") {
+                        Task { await self.store.startWhatsAppLogin(force: true) }
+                    }
+                    .buttonStyle(.bordered)
+                    .disabled(self.store.whatsappBusy)
+                }
+                .font(.caption)
+            }
+
+            self.configEditorSection(channelId: "whatsapp")
+        }
+    }
+
+    @ViewBuilder
+    func genericChannelSection(_ channel: ChannelItem) -> some View {
+        VStack(alignment: .leading, spacing: 16) {
+            self.configEditorSection(channelId: channel.id)
+        }
+    }
+
+    @ViewBuilder
+    private func configEditorSection(channelId: String) -> some View {
+        self.formSection("Configuration") {
+            ChannelConfigForm(store: self.store, channelId: channelId)
+        }
+
+        self.configStatusMessage
+
+        HStack(spacing: 12) {
+            Button {
+                Task { await self.store.saveConfigDraft() }
+            } label: {
+                if self.store.isSavingConfig {
+                    ProgressView().controlSize(.small)
+                } else {
+                    Text("Save")
+                }
+            }
+            .buttonStyle(.borderedProminent)
+            .disabled(self.store.isSavingConfig || !self.store.configDirty)
+
+            Button("Reload") {
+                Task { await self.store.reloadConfigDraft() }
+            }
+            .buttonStyle(.bordered)
+            .disabled(self.store.isSavingConfig)
+
+            Spacer()
+        }
+        .font(.caption)
+    }
+
+    @ViewBuilder
+    var configStatusMessage: some View {
+        if let status = self.store.configStatus {
+            Text(status)
+                .font(.caption)
+                .foregroundStyle(.secondary)
+                .fixedSize(horizontal: false, vertical: true)
+        }
+    }
+}
--- a/apps/macos/Sources/Clawdbot/ConnectionsSettings+ChannelState.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsSettings+ChannelState.swift
@@ -1,6 +1,7 @@
+import ClawdbotProtocol
 import SwiftUI

-extension ConnectionsSettings {
+extension ChannelsSettings {
    private func channelStatus<T: Decodable>(
        _ id: String,
        as type: T.Type) -> T?
@@ -242,16 +243,18 @@ extension ConnectionsSettings {
        return lines.isEmpty ? nil : lines.joined(separator: " · ")
    }

-    var isTelegramTokenLocked: Bool {
-        self.channelStatus("telegram", as: ChannelsStatusSnapshot.TelegramStatus.self)?.tokenSource == "env"
-    }
-
-    var isDiscordTokenLocked: Bool {
-        self.channelStatus("discord", as: ChannelsStatusSnapshot.DiscordStatus.self)?.tokenSource == "env"
-    }
-
-    var orderedChannels: [ConnectionChannel] {
-        ConnectionChannel.allCases.sorted { lhs, rhs in
+    var orderedChannels: [ChannelItem] {
+        let fallback = ["whatsapp", "telegram", "discord", "slack", "signal", "imessage"]
+        let order = self.store.snapshot?.channelOrder ?? fallback
+        let channels = order.enumerated().map { index, id in
+            ChannelItem(
+                id: id,
+                title: self.resolveChannelTitle(id),
+                detailTitle: self.resolveChannelDetailTitle(id),
+                systemImage: self.resolveChannelSystemImage(id),
+                sortOrder: index)
+        }
+        return channels.sorted { lhs, rhs in
            let lhsEnabled = self.channelEnabled(lhs)
            let rhsEnabled = self.channelEnabled(rhs)
            if lhsEnabled != rhsEnabled { return lhsEnabled && !rhsEnabled }
@@ -259,11 +262,11 @@ extension ConnectionsSettings {
        }
    }

-    var enabledChannels: [ConnectionChannel] {
+    var enabledChannels: [ChannelItem] {
        self.orderedChannels.filter { self.channelEnabled($0) }
    }

-    var availableChannels: [ConnectionChannel] {
+    var availableChannels: [ChannelItem] {
        self.orderedChannels.filter { !self.channelEnabled($0) }
    }

@@ -277,143 +280,183 @@ extension ConnectionsSettings {
        }
    }

-    func channelEnabled(_ channel: ConnectionChannel) -> Bool {
-        switch channel {
-        case .whatsapp:
-            guard let status = self.channelStatus("whatsapp", as: ChannelsStatusSnapshot.WhatsAppStatus.self)
-            else { return false }
-            return status.configured || status.linked || status.running
-        case .telegram:
-            guard let status = self.channelStatus("telegram", as: ChannelsStatusSnapshot.TelegramStatus.self)
-            else { return false }
-            return status.configured || status.running
-        case .discord:
-            guard let status = self.channelStatus("discord", as: ChannelsStatusSnapshot.DiscordStatus.self)
-            else { return false }
-            return status.configured || status.running
-        case .signal:
-            guard let status = self.channelStatus("signal", as: ChannelsStatusSnapshot.SignalStatus.self)
-            else { return false }
-            return status.configured || status.running
-        case .imessage:
-            guard let status = self.channelStatus("imessage", as: ChannelsStatusSnapshot.IMessageStatus.self)
-            else { return false }
-            return status.configured || status.running
-        }
+    func channelEnabled(_ channel: ChannelItem) -> Bool {
+        let status = self.channelStatusDictionary(channel.id)
+        let configured = status?["configured"]?.boolValue ?? false
+        let running = status?["running"]?.boolValue ?? false
+        let connected = status?["connected"]?.boolValue ?? false
+        let accountActive = self.store.snapshot?.channelAccounts[channel.id]?.contains(
+            where: { $0.configured == true || $0.running == true || $0.connected == true }) ?? false
+        return configured || running || connected || accountActive
    }

    @ViewBuilder
-    func channelSection(_ channel: ConnectionChannel) -> some View {
-        switch channel {
-        case .whatsapp:
+    func channelSection(_ channel: ChannelItem) -> some View {
+        if channel.id == "whatsapp" {
            self.whatsAppSection
-        case .telegram:
-            self.telegramSection
-        case .discord:
-            self.discordSection
-        case .signal:
-            self.signalSection
-        case .imessage:
-            self.imessageSection
+        } else {
+            self.genericChannelSection(channel)
        }
    }

-    func channelTint(_ channel: ConnectionChannel) -> Color {
-        switch channel {
-        case .whatsapp:
-            self.whatsAppTint
-        case .telegram:
-            self.telegramTint
-        case .discord:
-            self.discordTint
-        case .signal:
-            self.signalTint
-        case .imessage:
-            self.imessageTint
+    func channelTint(_ channel: ChannelItem) -> Color {
+        switch channel.id {
+        case "whatsapp":
+            return self.whatsAppTint
+        case "telegram":
+            return self.telegramTint
+        case "discord":
+            return self.discordTint
+        case "signal":
+            return self.signalTint
+        case "imessage":
+            return self.imessageTint
+        default:
+            if self.channelHasError(channel) { return .orange }
+            if self.channelEnabled(channel) { return .green }
+            return .secondary
        }
    }

-    func channelSummary(_ channel: ConnectionChannel) -> String {
-        switch channel {
-        case .whatsapp:
-            self.whatsAppSummary
-        case .telegram:
-            self.telegramSummary
-        case .discord:
-            self.discordSummary
-        case .signal:
-            self.signalSummary
-        case .imessage:
-            self.imessageSummary
+    func channelSummary(_ channel: ChannelItem) -> String {
+        switch channel.id {
+        case "whatsapp":
+            return self.whatsAppSummary
+        case "telegram":
+            return self.telegramSummary
+        case "discord":
+            return self.discordSummary
+        case "signal":
+            return self.signalSummary
+        case "imessage":
+            return self.imessageSummary
+        default:
+            if self.channelHasError(channel) { return "Error" }
+            if self.channelEnabled(channel) { return "Active" }
+            return "Not configured"
        }
    }

-    func channelDetails(_ channel: ConnectionChannel) -> String? {
-        switch channel {
-        case .whatsapp:
-            self.whatsAppDetails
-        case .telegram:
-            self.telegramDetails
-        case .discord:
-            self.discordDetails
-        case .signal:
-            self.signalDetails
-        case .imessage:
-            self.imessageDetails
+    func channelDetails(_ channel: ChannelItem) -> String? {
+        switch channel.id {
+        case "whatsapp":
+            return self.whatsAppDetails
+        case "telegram":
+            return self.telegramDetails
+        case "discord":
+            return self.discordDetails
+        case "signal":
+            return self.signalDetails
+        case "imessage":
+            return self.imessageDetails
+        default:
+            let status = self.channelStatusDictionary(channel.id)
+            if let err = status?["lastError"]?.stringValue, !err.isEmpty {
+                return "Error: \(err)"
+            }
+            return nil
        }
    }

-    func channelLastCheckText(_ channel: ConnectionChannel) -> String {
+    func channelLastCheckText(_ channel: ChannelItem) -> String {
        guard let date = self.channelLastCheck(channel) else { return "never" }
        return relativeAge(from: date)
    }

-    func channelLastCheck(_ channel: ConnectionChannel) -> Date? {
-        switch channel {
-        case .whatsapp:
+    func channelLastCheck(_ channel: ChannelItem) -> Date? {
+        switch channel.id {
+        case "whatsapp":
            guard let status = self.channelStatus("whatsapp", as: ChannelsStatusSnapshot.WhatsAppStatus.self)
            else { return nil }
            return self.date(fromMs: status.lastEventAt ?? status.lastMessageAt ?? status.lastConnectedAt)
-        case .telegram:
+        case "telegram":
            return self
                .date(fromMs: self.channelStatus("telegram", as: ChannelsStatusSnapshot.TelegramStatus.self)?
-                        .lastProbeAt)
-        case .discord:
+                    .lastProbeAt)
+        case "discord":
            return self
                .date(fromMs: self.channelStatus("discord", as: ChannelsStatusSnapshot.DiscordStatus.self)?
-                        .lastProbeAt)
-        case .signal:
+                    .lastProbeAt)
+        case "signal":
            return self
                .date(fromMs: self.channelStatus("signal", as: ChannelsStatusSnapshot.SignalStatus.self)?.lastProbeAt)
-        case .imessage:
+        case "imessage":
            return self
                .date(fromMs: self.channelStatus("imessage", as: ChannelsStatusSnapshot.IMessageStatus.self)?
-                        .lastProbeAt)
+                    .lastProbeAt)
+        default:
+            let status = self.channelStatusDictionary(channel.id)
+            if let probeAt = status?["lastProbeAt"]?.doubleValue {
+                return self.date(fromMs: probeAt)
+            }
+            if let accounts = self.store.snapshot?.channelAccounts[channel.id] {
+                let last = accounts.compactMap { $0.lastInboundAt ?? $0.lastOutboundAt }.max()
+                return self.date(fromMs: last)
+            }
+            return nil
        }
    }

-    func channelHasError(_ channel: ConnectionChannel) -> Bool {
-        switch channel {
-        case .whatsapp:
+    func channelHasError(_ channel: ChannelItem) -> Bool {
+        switch channel.id {
+        case "whatsapp":
            guard let status = self.channelStatus("whatsapp", as: ChannelsStatusSnapshot.WhatsAppStatus.self)
            else { return false }
            return status.lastError?.isEmpty == false || status.lastDisconnect?.loggedOut == true
-        case .telegram:
+        case "telegram":
            guard let status = self.channelStatus("telegram", as: ChannelsStatusSnapshot.TelegramStatus.self)
            else { return false }
            return status.lastError?.isEmpty == false || status.probe?.ok == false
-        case .discord:
+        case "discord":
            guard let status = self.channelStatus("discord", as: ChannelsStatusSnapshot.DiscordStatus.self)
            else { return false }
            return status.lastError?.isEmpty == false || status.probe?.ok == false
-        case .signal:
+        case "signal":
            guard let status = self.channelStatus("signal", as: ChannelsStatusSnapshot.SignalStatus.self)
            else { return false }
            return status.lastError?.isEmpty == false || status.probe?.ok == false
-        case .imessage:
+        case "imessage":
            guard let status = self.channelStatus("imessage", as: ChannelsStatusSnapshot.IMessageStatus.self)
            else { return false }
            return status.lastError?.isEmpty == false || status.probe?.ok == false
+        default:
+            let status = self.channelStatusDictionary(channel.id)
+            return status?["lastError"]?.stringValue?.isEmpty == false
        }
    }
+
+    private func resolveChannelTitle(_ id: String) -> String {
+        if let label = self.store.snapshot?.channelLabels[id], !label.isEmpty {
+            return label
+        }
+        return id.prefix(1).uppercased() + id.dropFirst()
+    }
+
+    private func resolveChannelDetailTitle(_ id: String) -> String {
+        switch id {
+        case "whatsapp": return "WhatsApp Web"
+        case "telegram": return "Telegram Bot"
+        case "discord": return "Discord Bot"
+        case "slack": return "Slack Bot"
+        case "signal": return "Signal REST"
+        case "imessage": return "iMessage"
+        default: return self.resolveChannelTitle(id)
+        }
+    }
+
+    private func resolveChannelSystemImage(_ id: String) -> String {
+        switch id {
+        case "whatsapp": return "message"
+        case "telegram": return "paperplane"
+        case "discord": return "bubble.left.and.bubble.right"
+        case "slack": return "number"
+        case "signal": return "antenna.radiowaves.left.and.right"
+        case "imessage": return "message.fill"
+        default: return "message"
+        }
+    }
+
+    private func channelStatusDictionary(_ id: String) -> [String: AnyCodable]? {
+        self.store.snapshot?.channels[id]?.dictionaryValue
+    }
 }
--- a/apps/macos/Sources/Clawdbot/ConnectionsSettings+Helpers.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsSettings+Helpers.swift
@@ -1,6 +1,6 @@
 import AppKit

-extension ConnectionsSettings {
+extension ChannelsSettings {
    func date(fromMs ms: Double?) -> Date? {
        guard let ms else { return nil }
        return Date(timeIntervalSince1970: ms / 1000)
--- a/apps/macos/Sources/Clawdbot/ConnectionsSettings+View.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsSettings+View.swift
@@ -1,6 +1,6 @@
 import SwiftUI

-extension ConnectionsSettings {
+extension ChannelsSettings {
    var body: some View {
        HStack(spacing: 0) {
            self.sidebar
@@ -57,7 +57,7 @@ extension ConnectionsSettings {

    private var emptyDetail: some View {
        VStack(alignment: .leading, spacing: 8) {
-            Text("Connections")
+            Text("Channels")
                .font(.title3.weight(.semibold))
            Text("Select a channel to view status and settings.")
                .font(.callout)
@@ -67,7 +67,7 @@ extension ConnectionsSettings {
        .padding(.vertical, 18)
    }

-    private func channelDetail(_ channel: ConnectionChannel) -> some View {
+    private func channelDetail(_ channel: ChannelItem) -> some View {
        ScrollView(.vertical) {
            VStack(alignment: .leading, spacing: 16) {
                self.detailHeader(for: channel)
@@ -81,7 +81,7 @@ extension ConnectionsSettings {
        }
    }

-    private func sidebarRow(_ channel: ConnectionChannel) -> some View {
+    private func sidebarRow(_ channel: ChannelItem) -> some View {
        let isSelected = self.selectedChannel == channel
        return Button {
            self.selectedChannel = channel
@@ -119,7 +119,7 @@ extension ConnectionsSettings {
            .padding(.top, 2)
    }

-    private func detailHeader(for channel: ConnectionChannel) -> some View {
+    private func detailHeader(for channel: ChannelItem) -> some View {
        VStack(alignment: .leading, spacing: 8) {
            HStack(alignment: .firstTextBaseline, spacing: 10) {
                Label(channel.detailTitle, systemImage: channel.systemImage)
--- a/apps/macos/Sources/Clawdbot/ChannelsSettings.swift
+++ b/apps/macos/Sources/Clawdbot/ChannelsSettings.swift
@@ -0,0 +1,19 @@
+import AppKit
+import SwiftUI
+
+struct ChannelsSettings: View {
+    struct ChannelItem: Identifiable, Hashable {
+        let id: String
+        let title: String
+        let detailTitle: String
+        let systemImage: String
+        let sortOrder: Int
+    }
+
+    @Bindable var store: ChannelsStore
+    @State var selectedChannel: ChannelItem?
+
+    init(store: ChannelsStore = .shared) {
+        self.store = store
+    }
+}
--- a/apps/macos/Sources/Clawdbot/ChannelsStore+Config.swift
+++ b/apps/macos/Sources/Clawdbot/ChannelsStore+Config.swift
@@ -0,0 +1,154 @@
+import ClawdbotProtocol
+import Foundation
+
+extension ChannelsStore {
+    func loadConfigSchema() async {
+        guard !self.configSchemaLoading else { return }
+        self.configSchemaLoading = true
+        defer { self.configSchemaLoading = false }
+
+        do {
+            let res: ConfigSchemaResponse = try await GatewayConnection.shared.requestDecoded(
+                method: .configSchema,
+                params: nil,
+                timeoutMs: 8000)
+            let schemaValue = res.schema.foundationValue
+            self.configSchema = ConfigSchemaNode(raw: schemaValue)
+            let hintValues = res.uihints.mapValues { $0.foundationValue }
+            self.configUiHints = decodeUiHints(hintValues)
+        } catch {
+            self.configStatus = error.localizedDescription
+        }
+    }
+
+    func loadConfig() async {
+        do {
+            let snap: ConfigSnapshot = try await GatewayConnection.shared.requestDecoded(
+                method: .configGet,
+                params: nil,
+                timeoutMs: 10000)
+            self.configStatus = snap.valid == false
+                ? "Config invalid; fix it in ~/.clawdbot/clawdbot.json."
+                : nil
+            self.configRoot = snap.config?.mapValues { $0.foundationValue } ?? [:]
+            self.configDraft = cloneConfigValue(self.configRoot) as? [String: Any] ?? self.configRoot
+            self.configDirty = false
+            self.configLoaded = true
+
+            self.applyUIConfig(snap)
+        } catch {
+            self.configStatus = error.localizedDescription
+        }
+    }
+
+    private func applyUIConfig(_ snap: ConfigSnapshot) {
+        let ui = snap.config?["ui"]?.dictionaryValue
+        let rawSeam = ui?["seamColor"]?.stringValue?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        AppStateStore.shared.seamColorHex = rawSeam.isEmpty ? nil : rawSeam
+    }
+
+    func channelConfigSchema(for channelId: String) -> ConfigSchemaNode? {
+        guard let root = self.configSchema else { return nil }
+        return root.node(at: [.key("channels"), .key(channelId)])
+    }
+
+    func configValue(at path: ConfigPath) -> Any? {
+        if let value = valueAtPath(self.configDraft, path: path) {
+            return value
+        }
+        guard path.count >= 2 else { return nil }
+        if case .key("channels") = path[0], case .key(_) = path[1] {
+            let fallbackPath = Array(path.dropFirst())
+            return valueAtPath(self.configDraft, path: fallbackPath)
+        }
+        return nil
+    }
+
+    func updateConfigValue(path: ConfigPath, value: Any?) {
+        var root: Any = self.configDraft
+        setValue(&root, path: path, value: value)
+        self.configDraft = root as? [String: Any] ?? self.configDraft
+        self.configDirty = true
+    }
+
+    func saveConfigDraft() async {
+        guard !self.isSavingConfig else { return }
+        self.isSavingConfig = true
+        defer { self.isSavingConfig = false }
+
+        do {
+            try await ConfigStore.save(self.configDraft)
+            await self.loadConfig()
+        } catch {
+            self.configStatus = error.localizedDescription
+        }
+    }
+
+    func reloadConfigDraft() async {
+        await self.loadConfig()
+    }
+}
+
+private func valueAtPath(_ root: Any, path: ConfigPath) -> Any? {
+    var current: Any? = root
+    for segment in path {
+        switch segment {
+        case .key(let key):
+            guard let dict = current as? [String: Any] else { return nil }
+            current = dict[key]
+        case .index(let index):
+            guard let array = current as? [Any], array.indices.contains(index) else { return nil }
+            current = array[index]
+        }
+    }
+    return current
+}
+
+private func setValue(_ root: inout Any, path: ConfigPath, value: Any?) {
+    guard let segment = path.first else { return }
+    switch segment {
+    case .key(let key):
+        var dict = root as? [String: Any] ?? [:]
+        if path.count == 1 {
+            if let value {
+                dict[key] = value
+            } else {
+                dict.removeValue(forKey: key)
+            }
+            root = dict
+            return
+        }
+        var child = dict[key] ?? [:]
+        setValue(&child, path: Array(path.dropFirst()), value: value)
+        dict[key] = child
+        root = dict
+    case .index(let index):
+        var array = root as? [Any] ?? []
+        if index >= array.count {
+            array.append(contentsOf: repeatElement(NSNull() as Any, count: index - array.count + 1))
+        }
+        if path.count == 1 {
+            if let value {
+                array[index] = value
+            } else if array.indices.contains(index) {
+                array.remove(at: index)
+            }
+            root = array
+            return
+        }
+        var child = array[index]
+        setValue(&child, path: Array(path.dropFirst()), value: value)
+        array[index] = child
+        root = array
+    }
+}
+
+private func cloneConfigValue(_ value: Any) -> Any {
+    guard JSONSerialization.isValidJSONObject(value) else { return value }
+    do {
+        let data = try JSONSerialization.data(withJSONObject: value, options: [])
+        return try JSONSerialization.jsonObject(with: data, options: [])
+    } catch {
+        return value
+    }
+}
--- a/apps/macos/Sources/Clawdbot/ConnectionsStore+Lifecycle.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsStore+Lifecycle.swift
@@ -1,13 +1,14 @@
 import ClawdbotProtocol
 import Foundation

-extension ConnectionsStore {
+extension ChannelsStore {
    func start() {
        guard !self.isPreview else { return }
        guard self.pollTask == nil else { return }
        self.pollTask = Task.detached { [weak self] in
            guard let self else { return }
            await self.refresh(probe: true)
+            await self.loadConfigSchema()
            await self.loadConfig()
            while !Task.isCancelled {
                try? await Task.sleep(nanoseconds: UInt64(self.interval * 1_000_000_000))
--- a/apps/macos/Sources/Clawdbot/ConnectionsStore.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsStore.swift
@@ -187,49 +187,10 @@ struct ConfigSnapshot: Codable {
    let issues: [Issue]?
 }

-struct DiscordGuildChannelForm: Identifiable {
-    let id = UUID()
-    var key: String
-    var allow: Bool
-    var requireMention: Bool
-
-    init(key: String = "", allow: Bool = true, requireMention: Bool = false) {
-        self.key = key
-        self.allow = allow
-        self.requireMention = requireMention
-    }
-}
-
-struct DiscordGuildForm: Identifiable {
-    let id = UUID()
-    var key: String
-    var slug: String
-    var requireMention: Bool
-    var reactionNotifications: String
-    var users: String
-    var channels: [DiscordGuildChannelForm]
-
-    init(
-        key: String = "",
-        slug: String = "",
-        requireMention: Bool = false,
-        reactionNotifications: String = "own",
-        users: String = "",
-        channels: [DiscordGuildChannelForm] = [])
-    {
-        self.key = key
-        self.slug = slug
-        self.requireMention = requireMention
-        self.reactionNotifications = reactionNotifications
-        self.users = users
-        self.channels = channels
-    }
-}
-
@MainActor
@Observable
-final class ConnectionsStore {
-    static let shared = ConnectionsStore()
+final class ChannelsStore {
+    static let shared = ChannelsStore()

    var snapshot: ChannelsStatusSnapshot?
    var lastError: String?
@@ -240,75 +201,21 @@ final class ConnectionsStore {
    var whatsappLoginQrDataUrl: String?
    var whatsappLoginConnected: Bool?
    var whatsappBusy = false
-
-    var telegramToken: String = ""
-    var telegramRequireMention = true
-    var telegramAllowFrom: String = ""
-    var telegramProxy: String = ""
-    var telegramWebhookUrl: String = ""
-    var telegramWebhookSecret: String = ""
-    var telegramWebhookPath: String = ""
    var telegramBusy = false
-    var discordEnabled = true
-    var discordToken: String = ""
-    var discordDmEnabled = true
-    var discordAllowFrom: String = ""
-    var discordGroupEnabled = false
-    var discordGroupChannels: String = ""
-    var discordMediaMaxMb: String = ""
-    var discordHistoryLimit: String = ""
-    var discordTextChunkLimit: String = ""
-    var discordReplyToMode: String = "off"
-    var discordGuilds: [DiscordGuildForm] = []
-    var discordActionReactions = true
-    var discordActionStickers = true
-    var discordActionPolls = true
-    var discordActionPermissions = true
-    var discordActionMessages = true
-    var discordActionThreads = true
-    var discordActionPins = true
-    var discordActionSearch = true
-    var discordActionMemberInfo = true
-    var discordActionRoleInfo = true
-    var discordActionChannelInfo = true
-    var discordActionVoiceStatus = true
-    var discordActionEvents = true
-    var discordActionRoles = false
-    var discordActionModeration = false
-    var discordSlashEnabled = false
-    var discordSlashName: String = ""
-    var discordSlashSessionPrefix: String = ""
-    var discordSlashEphemeral = true
-    var signalEnabled = true
-    var signalAccount: String = ""
-    var signalHttpUrl: String = ""
-    var signalHttpHost: String = ""
-    var signalHttpPort: String = ""
-    var signalCliPath: String = ""
-    var signalAutoStart = true
-    var signalReceiveMode: String = ""
-    var signalIgnoreAttachments = false
-    var signalIgnoreStories = false
-    var signalSendReadReceipts = false
-    var signalAllowFrom: String = ""
-    var signalMediaMaxMb: String = ""
-    var imessageEnabled = true
-    var imessageCliPath: String = ""
-    var imessageDbPath: String = ""
-    var imessageService: String = "auto"
-    var imessageRegion: String = ""
-    var imessageAllowFrom: String = ""
-    var imessageIncludeAttachments = false
-    var imessageMediaMaxMb: String = ""
+
    var configStatus: String?
    var isSavingConfig = false
+    var configSchemaLoading = false
+    var configSchema: ConfigSchemaNode?
+    var configUiHints: [String: ConfigUiHint] = [:]
+    var configDraft: [String: Any] = [:]
+    var configDirty = false

    let interval: TimeInterval = 45
    let isPreview: Bool
    var pollTask: Task<Void, Never>?
    var configRoot: [String: Any] = [:]
    var configLoaded = false
-    var configHash: String?

    init(isPreview: Bool = ProcessInfo.processInfo.isPreview) {
        self.isPreview = isPreview
--- a/apps/macos/Sources/Clawdbot/CommandResolver.swift
+++ b/apps/macos/Sources/Clawdbot/CommandResolver.swift
@@ -125,13 +125,13 @@ enum CommandResolver {

        // fnm
        bins.append(contentsOf: self.versionedNodeBinPaths(
-                        base: home.appendingPathComponent(".local/share/fnm/node-versions"),
-                        suffix: "installation/bin"))
+            base: home.appendingPathComponent(".local/share/fnm/node-versions"),
+            suffix: "installation/bin"))

        // nvm
        bins.append(contentsOf: self.versionedNodeBinPaths(
-                        base: home.appendingPathComponent(".nvm/versions/node"),
-                        suffix: "bin"))
+            base: home.appendingPathComponent(".nvm/versions/node"),
+            suffix: "bin"))

        return bins
    }
@@ -385,14 +385,8 @@ enum CommandResolver {
    }

    static func connectionSettings(defaults: UserDefaults = .standard) -> RemoteSettings {
-        let modeRaw = defaults.string(forKey: connectionModeKey)
-        let mode: AppState.ConnectionMode
-        if let modeRaw {
-            mode = AppState.ConnectionMode(rawValue: modeRaw) ?? .local
-        } else {
-            let seen = defaults.bool(forKey: "clawdbot.onboardingSeen")
-            mode = seen ? .local : .unconfigured
-        }
+        let root = ClawdbotConfigFile.loadDict()
+        let mode = ConnectionModeResolver.resolve(root: root, defaults: defaults).mode
        let target = defaults.string(forKey: remoteTargetKey) ?? ""
        let identity = defaults.string(forKey: remoteIdentityKey) ?? ""
        let projectRoot = defaults.string(forKey: remoteProjectRootKey) ?? ""
--- a/apps/macos/Sources/Clawdbot/ConfigFileWatcher.swift
+++ b/apps/macos/Sources/Clawdbot/ConfigFileWatcher.swift
@@ -45,13 +45,13 @@ final class ConfigFileWatcher: @unchecked Sendable {
                kFSEventStreamCreateFlagNoDefer)

        guard let stream = FSEventStreamCreate(
-                kCFAllocatorDefault,
-                Self.callback,
-                &context,
-                paths,
-                FSEventStreamEventId(kFSEventStreamEventIdSinceNow),
-                0.05,
-                flags)
+            kCFAllocatorDefault,
+            Self.callback,
+            &context,
+            paths,
+            FSEventStreamEventId(kFSEventStreamEventIdSinceNow),
+            0.05,
+            flags)
        else {
            retainedSelf.release()
            return
--- a/apps/macos/Sources/Clawdbot/ConfigSchemaSupport.swift
+++ b/apps/macos/Sources/Clawdbot/ConfigSchemaSupport.swift
@@ -0,0 +1,204 @@
+import Foundation
+
+enum ConfigPathSegment: Hashable {
+    case key(String)
+    case index(Int)
+}
+
+typealias ConfigPath = [ConfigPathSegment]
+
+struct ConfigUiHint {
+    let label: String?
+    let help: String?
+    let order: Double?
+    let advanced: Bool?
+    let sensitive: Bool?
+    let placeholder: String?
+
+    init(raw: [String: Any]) {
+        self.label = raw["label"] as? String
+        self.help = raw["help"] as? String
+        if let order = raw["order"] as? Double {
+            self.order = order
+        } else if let orderInt = raw["order"] as? Int {
+            self.order = Double(orderInt)
+        } else {
+            self.order = nil
+        }
+        self.advanced = raw["advanced"] as? Bool
+        self.sensitive = raw["sensitive"] as? Bool
+        self.placeholder = raw["placeholder"] as? String
+    }
+}
+
+struct ConfigSchemaNode {
+    let raw: [String: Any]
+
+    init?(raw: Any) {
+        guard let dict = raw as? [String: Any] else { return nil }
+        self.raw = dict
+    }
+
+    var title: String? { self.raw["title"] as? String }
+    var description: String? { self.raw["description"] as? String }
+    var enumValues: [Any]? { self.raw["enum"] as? [Any] }
+    var constValue: Any? { self.raw["const"] }
+    var explicitDefault: Any? { self.raw["default"] }
+    var requiredKeys: Set<String> {
+        Set((self.raw["required"] as? [String]) ?? [])
+    }
+
+    var typeList: [String] {
+        if let type = self.raw["type"] as? String { return [type] }
+        if let types = self.raw["type"] as? [String] { return types }
+        return []
+    }
+
+    var schemaType: String? {
+        let filtered = self.typeList.filter { $0 != "null" }
+        if let first = filtered.first { return first }
+        return self.typeList.first
+    }
+
+    var isNullSchema: Bool {
+        let types = self.typeList
+        return types.count == 1 && types.first == "null"
+    }
+
+    var properties: [String: ConfigSchemaNode] {
+        guard let props = self.raw["properties"] as? [String: Any] else { return [:] }
+        return props.compactMapValues { ConfigSchemaNode(raw: $0) }
+    }
+
+    var anyOf: [ConfigSchemaNode] {
+        guard let raw = self.raw["anyOf"] as? [Any] else { return [] }
+        return raw.compactMap { ConfigSchemaNode(raw: $0) }
+    }
+
+    var oneOf: [ConfigSchemaNode] {
+        guard let raw = self.raw["oneOf"] as? [Any] else { return [] }
+        return raw.compactMap { ConfigSchemaNode(raw: $0) }
+    }
+
+    var literalValue: Any? {
+        if let constValue { return constValue }
+        if let enumValues, enumValues.count == 1 { return enumValues[0] }
+        return nil
+    }
+
+    var items: ConfigSchemaNode? {
+        if let items = self.raw["items"] as? [Any], let first = items.first {
+            return ConfigSchemaNode(raw: first)
+        }
+        if let items = self.raw["items"] {
+            return ConfigSchemaNode(raw: items)
+        }
+        return nil
+    }
+
+    var additionalProperties: ConfigSchemaNode? {
+        if let additional = self.raw["additionalProperties"] as? [String: Any] {
+            return ConfigSchemaNode(raw: additional)
+        }
+        return nil
+    }
+
+    var allowsAdditionalProperties: Bool {
+        if let allow = self.raw["additionalProperties"] as? Bool { return allow }
+        return self.additionalProperties != nil
+    }
+
+    var defaultValue: Any {
+        if let value = self.raw["default"] { return value }
+        switch self.schemaType {
+        case "object":
+            return [String: Any]()
+        case "array":
+            return [Any]()
+        case "boolean":
+            return false
+        case "integer":
+            return 0
+        case "number":
+            return 0.0
+        case "string":
+            return ""
+        default:
+            return ""
+        }
+    }
+
+    func node(at path: ConfigPath) -> ConfigSchemaNode? {
+        var current: ConfigSchemaNode? = self
+        for segment in path {
+            guard let node = current else { return nil }
+            switch segment {
+            case .key(let key):
+                if node.schemaType == "object" {
+                    if let next = node.properties[key] {
+                        current = next
+                        continue
+                    }
+                    if let additional = node.additionalProperties {
+                        current = additional
+                        continue
+                    }
+                    return nil
+                }
+                return nil
+            case .index:
+                guard node.schemaType == "array" else { return nil }
+                current = node.items
+            }
+        }
+        return current
+    }
+}
+
+func decodeUiHints(_ raw: [String: Any]) -> [String: ConfigUiHint] {
+    raw.reduce(into: [:]) { result, entry in
+        if let hint = entry.value as? [String: Any] {
+            result[entry.key] = ConfigUiHint(raw: hint)
+        }
+    }
+}
+
+func hintForPath(_ path: ConfigPath, hints: [String: ConfigUiHint]) -> ConfigUiHint? {
+    let key = pathKey(path)
+    if let direct = hints[key] { return direct }
+    let segments = key.split(separator: ".").map(String.init)
+    for (hintKey, hint) in hints {
+        guard hintKey.contains("*") else { continue }
+        let hintSegments = hintKey.split(separator: ".").map(String.init)
+        guard hintSegments.count == segments.count else { continue }
+        var match = true
+        for (index, seg) in segments.enumerated() {
+            let hintSegment = hintSegments[index]
+            if hintSegment != "*" && hintSegment != seg {
+                match = false
+                break
+            }
+        }
+        if match { return hint }
+    }
+    return nil
+}
+
+func isSensitivePath(_ path: ConfigPath) -> Bool {
+    let key = pathKey(path).lowercased()
+    return key.contains("token")
+        || key.contains("password")
+        || key.contains("secret")
+        || key.contains("apikey")
+        || key.hasSuffix("key")
+}
+
+func pathKey(_ path: ConfigPath) -> String {
+    path.compactMap { segment -> String? in
+        switch segment {
+        case .key(let key): return key
+        case .index: return nil
+        }
+    }
+    .joined(separator: ".")
+}
--- a/apps/macos/Sources/Clawdbot/ConfigSettings.swift
+++ b/apps/macos/Sources/Clawdbot/ConfigSettings.swift
@@ -4,86 +4,54 @@ import SwiftUI
 struct ConfigSettings: View {
    private let isPreview = ProcessInfo.processInfo.isPreview
    private let isNixMode = ProcessInfo.processInfo.isNixMode
-    private let state = AppStateStore.shared
-    private let labelColumnWidth: CGFloat = 120
-    private static let browserAttachOnlyHelp =
-        "When enabled, the browser server will only connect if the clawd browser is already running."
-    private static let browserProfileNote =
-        "Clawd uses a separate Chrome profile and ports (default 18791/18792) "
-        + "so it won’t interfere with your daily browser."
-    @State private var configModel: String = ""
-    @State private var configSaving = false
+    @Bindable var store: ChannelsStore
    @State private var hasLoaded = false
-    @State private var models: [ModelChoice] = []
-    @State private var modelsLoading = false
-    @State private var modelSearchQuery: String = ""
-    @State private var isModelPickerOpen = false
-    @State private var modelError: String?
-    @State private var modelsSourceLabel: String?
-    @AppStorage(modelCatalogPathKey) private var modelCatalogPath: String = ModelCatalogLoader.defaultPath
-    @AppStorage(modelCatalogReloadKey) private var modelCatalogReloadBump: Int = 0
-    @State private var allowAutosave = false
-    @State private var heartbeatMinutes: Int?
-    @State private var heartbeatBody: String = "HEARTBEAT"

-    // clawd browser settings (stored in ~/.clawdbot/clawdbot.json under "browser")
-    @State private var browserEnabled: Bool = true
-    @State private var browserControlUrl: String = "http://127.0.0.1:18791"
-    @State private var browserColorHex: String = "#FF4500"
-    @State private var browserAttachOnly: Bool = false
-
-    // Talk mode settings (stored in ~/.clawdbot/clawdbot.json under "talk")
-    @State private var talkVoiceId: String = ""
-    @State private var talkInterruptOnSpeech: Bool = true
-    @State private var talkApiKey: String = ""
-    @State private var gatewayApiKeyFound = false
-    @FocusState private var modelSearchFocused: Bool
-
-    private struct ConfigDraft {
-        let configModel: String
-        let heartbeatMinutes: Int?
-        let heartbeatBody: String
-        let browserEnabled: Bool
-        let browserControlUrl: String
-        let browserColorHex: String
-        let browserAttachOnly: Bool
-        let talkVoiceId: String
-        let talkApiKey: String
-        let talkInterruptOnSpeech: Bool
+    init(store: ChannelsStore = .shared) {
+        self.store = store
    }

    var body: some View {
-        ScrollView { self.content }
-            .onChange(of: self.modelCatalogPath) { _, _ in
-                Task { await self.loadModels() }
-            }
-            .onChange(of: self.modelCatalogReloadBump) { _, _ in
-                Task { await self.loadModels() }
-            }
-            .task {
-                guard !self.hasLoaded else { return }
-                guard !self.isPreview else { return }
-                self.hasLoaded = true
-                await self.loadConfig()
-                await self.loadModels()
-                await self.refreshGatewayTalkApiKey()
-                self.allowAutosave = true
-            }
+        ScrollView {
+            self.content
+        }
+        .task {
+            guard !self.hasLoaded else { return }
+            guard !self.isPreview else { return }
+            self.hasLoaded = true
+            await self.store.loadConfigSchema()
+            await self.store.loadConfig()
+        }
    }
 }

 extension ConfigSettings {
    private var content: some View {
-        VStack(alignment: .leading, spacing: 14) {
+        VStack(alignment: .leading, spacing: 16) {
            self.header
-            self.agentSection
-                .disabled(self.isNixMode)
-            self.heartbeatSection
-                .disabled(self.isNixMode)
-            self.talkSection
-                .disabled(self.isNixMode)
-            self.browserSection
-                .disabled(self.isNixMode)
+            if let status = self.store.configStatus {
+                Text(status)
+                    .font(.callout)
+                    .foregroundStyle(.secondary)
+            }
+            self.actionRow
+            Group {
+                if self.store.configSchemaLoading {
+                    ProgressView().controlSize(.small)
+                } else if let schema = self.store.configSchema {
+                    ConfigSchemaForm(store: self.store, schema: schema, path: [])
+                        .disabled(self.isNixMode)
+                } else {
+                    Text("Schema unavailable.")
+                        .font(.caption)
+                        .foregroundStyle(.secondary)
+                }
+            }
+            if self.store.configDirty && !self.isNixMode {
+                Text("Unsaved changes")
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+            }
            Spacer(minLength: 0)
        }
        .frame(maxWidth: .infinity, alignment: .leading)
@@ -94,843 +62,33 @@ extension ConfigSettings {

    @ViewBuilder
    private var header: some View {
-        Text("Clawdbot CLI config")
+        Text("Config")
            .font(.title3.weight(.semibold))
        Text(self.isNixMode
-                ? "This tab is read-only in Nix mode. Edit config via Nix and rebuild."
-                : "Edit ~/.clawdbot/clawdbot.json (agent / session / routing / messages).")
+            ? "This tab is read-only in Nix mode. Edit config via Nix and rebuild."
+            : "Edit ~/.clawdbot/clawdbot.json using the schema-driven form.")
            .font(.callout)
            .foregroundStyle(.secondary)
    }

-    private var agentSection: some View {
-        GroupBox("Agent") {
-            Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 10) {
-                GridRow {
-                    self.gridLabel("Model")
-                    VStack(alignment: .leading, spacing: 6) {
-                        self.modelPickerField
-                        self.modelMetaLabels
-                    }
-                }
+    private var actionRow: some View {
+        HStack(spacing: 10) {
+            Button("Reload") {
+                Task { await self.store.reloadConfigDraft() }
            }
-        }
-        .frame(maxWidth: .infinity, alignment: .leading)
-    }
+            .disabled(!self.store.configLoaded)

-    private var modelPickerField: some View {
-        Button {
-            guard !self.modelsLoading else { return }
-            self.isModelPickerOpen = true
-        } label: {
-            HStack(spacing: 8) {
-                Text(self.modelPickerLabel)
-                    .foregroundStyle(self.modelPickerLabelIsPlaceholder ? .secondary : .primary)
-                    .lineLimit(1)
-                    .truncationMode(.tail)
-                Spacer(minLength: 8)
-                Image(systemName: "chevron.up.chevron.down")
-                    .foregroundStyle(.secondary)
+            Button(self.store.isSavingConfig ? "Saving…" : "Save") {
+                Task { await self.store.saveConfigDraft() }
            }
-            .padding(.vertical, 6)
-            .padding(.horizontal, 8)
+            .disabled(self.isNixMode || self.store.isSavingConfig || !self.store.configDirty)
        }
-        .buttonStyle(.plain)
-        .frame(maxWidth: .infinity, alignment: .leading)
-        .contentShape(Rectangle())
-        .background(
-            RoundedRectangle(cornerRadius: 6)
-                .fill(
-                    Color(nsColor: .textBackgroundColor)))
-        .overlay(
-            RoundedRectangle(cornerRadius: 6)
-                .stroke(
-                    Color.secondary.opacity(0.25),
-                    lineWidth: 1))
-        .popover(isPresented: self.$isModelPickerOpen, arrowEdge: .bottom) {
-            self.modelPickerPopover
-        }
-        .disabled(self.modelsLoading || (!self.modelError.isNilOrEmpty && self.models.isEmpty))
-        .onChange(of: self.isModelPickerOpen) { _, isOpen in
-            if isOpen {
-                self.modelSearchQuery = ""
-                self.modelSearchFocused = true
-            }
-        }
-    }
-
-    private var modelPickerPopover: some View {
-        VStack(alignment: .leading, spacing: 10) {
-            TextField("Search models", text: self.$modelSearchQuery)
-                .textFieldStyle(.roundedBorder)
-                .focused(self.$modelSearchFocused)
-                .controlSize(.small)
-                .onSubmit {
-                    if let exact = self.exactMatchForQuery() {
-                        self.selectModel(exact)
-                        return
-                    }
-                    if let manual = self.manualEntryCandidate {
-                        self.selectManualModel(manual)
-                        return
-                    }
-                    if self.modelSearchMatches.count == 1 {
-                        self.selectModel(self.modelSearchMatches[0])
-                    }
-                }
-            List {
-                if self.modelSearchMatches.isEmpty {
-                    Text("No models match \"\(self.modelSearchQuery)\"")
-                        .font(.footnote)
-                        .foregroundStyle(.secondary)
-                } else {
-                    ForEach(self.modelSearchMatches) { choice in
-                        Button {
-                            self.selectModel(choice)
-                        } label: {
-                            HStack(spacing: 8) {
-                                Text(choice.name)
-                                    .lineLimit(1)
-                                Spacer(minLength: 8)
-                                Text(choice.provider.uppercased())
-                                    .font(.caption2.weight(.semibold))
-                                    .foregroundStyle(.secondary)
-                                    .padding(.vertical, 2)
-                                    .padding(.horizontal, 6)
-                                    .background(Color.secondary.opacity(0.15))
-                                    .clipShape(RoundedRectangle(cornerRadius: 4))
-                            }
-                            .padding(.vertical, 2)
-                        }
-                        .buttonStyle(.plain)
-                        .listRowInsets(EdgeInsets(top: 4, leading: 8, bottom: 4, trailing: 8))
-                    }
-                }
-
-                if let manual = self.manualEntryCandidate {
-                    Button("Use \"\(manual)\"") {
-                        self.selectManualModel(manual)
-                    }
-                    .listRowInsets(EdgeInsets(top: 4, leading: 8, bottom: 4, trailing: 8))
-                }
-            }
-            .listStyle(.inset)
-        }
-        .frame(width: 340, height: 260)
-        .padding(8)
-    }
-
-    @ViewBuilder
-    private var modelMetaLabels: some View {
-        if self.shouldShowProviderHintForSelection {
-            self.statusLine(label: "Tip: prefer provider/model (e.g. openai-codex/gpt-5.2)", color: .orange)
-        }
-
-        if let contextLabel = self.selectedContextLabel {
-            Text(contextLabel)
-                .font(.footnote)
-                .foregroundStyle(.secondary)
-        }
-
-        if let authMode = self.selectedAnthropicAuthMode {
-            HStack(spacing: 8) {
-                Circle()
-                    .fill(authMode.isConfigured ? Color.green : Color.orange)
-                    .frame(width: 8, height: 8)
-                Text("Anthropic auth: \(authMode.shortLabel)")
-            }
-            .font(.footnote)
-            .foregroundStyle(authMode.isConfigured ? Color.secondary : Color.orange)
-            .help(self.anthropicAuthHelpText)
-
-            AnthropicAuthControls(connectionMode: self.state.connectionMode)
-        }
-
-        if let modelError {
-            Text(modelError)
-                .font(.footnote)
-                .foregroundStyle(.secondary)
-        }
-
-        if let modelsSourceLabel {
-            Text("Model catalog: \(modelsSourceLabel)")
-                .font(.footnote)
-                .foregroundStyle(.secondary)
-        }
-    }
-
-    private var anthropicAuthHelpText: String {
-        "Determined from Clawdbot OAuth token file (~/.clawdbot/credentials/oauth.json) " +
-            "or environment variables (ANTHROPIC_OAUTH_TOKEN / ANTHROPIC_API_KEY)."
-    }
-
-    private var heartbeatSection: some View {
-        GroupBox("Heartbeat") {
-            Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 10) {
-                GridRow {
-                    self.gridLabel("Schedule")
-                    VStack(alignment: .leading, spacing: 6) {
-                        HStack(spacing: 12) {
-                            Stepper(
-                                value: Binding(
-                                    get: { self.heartbeatMinutes ?? 10 },
-                                    set: { self.heartbeatMinutes = $0; self.autosaveConfig() }),
-                                in: 0...720)
-                            {
-                                Text("Every \(self.heartbeatMinutes ?? 10) min")
-                                    .frame(width: 150, alignment: .leading)
-                            }
-                            .help("Set to 0 to disable automatic heartbeats")
-
-                            TextField("HEARTBEAT", text: self.$heartbeatBody)
-                                .textFieldStyle(.roundedBorder)
-                                .frame(maxWidth: .infinity)
-                                .onChange(of: self.heartbeatBody) { _, _ in
-                                    self.autosaveConfig()
-                                }
-                                .help("Message body sent on each heartbeat")
-                        }
-                        Text("Heartbeats keep agent sessions warm; 0 minutes disables them.")
-                            .font(.footnote)
-                            .foregroundStyle(.secondary)
-                    }
-                }
-            }
-        }
-        .frame(maxWidth: .infinity, alignment: .leading)
-    }
-
-    private var browserSection: some View {
-        GroupBox("Browser (clawd)") {
-            Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 10) {
-                GridRow {
-                    self.gridLabel("Enabled")
-                    Toggle("", isOn: self.$browserEnabled)
-                        .labelsHidden()
-                        .toggleStyle(.checkbox)
-                        .onChange(of: self.browserEnabled) { _, _ in self.autosaveConfig() }
-                }
-                GridRow {
-                    self.gridLabel("Control URL")
-                    TextField("http://127.0.0.1:18791", text: self.$browserControlUrl)
-                        .textFieldStyle(.roundedBorder)
-                        .frame(maxWidth: .infinity)
-                        .disabled(!self.browserEnabled)
-                        .onChange(of: self.browserControlUrl) { _, _ in self.autosaveConfig() }
-                }
-                GridRow {
-                    self.gridLabel("Browser path")
-                    VStack(alignment: .leading, spacing: 2) {
-                        if let label = self.browserPathLabel {
-                            Text(label)
-                                .font(.caption.monospaced())
-                                .foregroundStyle(.secondary)
-                                .textSelection(.enabled)
-                                .lineLimit(1)
-                                .truncationMode(.middle)
-                        } else {
-                            Text("—")
-                                .foregroundStyle(.secondary)
-                        }
-                    }
-                    .frame(maxWidth: .infinity, alignment: .leading)
-                }
-                GridRow {
-                    self.gridLabel("Accent")
-                    HStack(spacing: 8) {
-                        TextField("#FF4500", text: self.$browserColorHex)
-                            .textFieldStyle(.roundedBorder)
-                            .frame(width: 120)
-                            .disabled(!self.browserEnabled)
-                            .onChange(of: self.browserColorHex) { _, _ in self.autosaveConfig() }
-                        Circle()
-                            .fill(self.browserColor)
-                            .frame(width: 12, height: 12)
-                            .overlay(Circle().stroke(Color.secondary.opacity(0.25), lineWidth: 1))
-                        Text("lobster-orange")
-                            .font(.footnote)
-                            .foregroundStyle(.secondary)
-                    }
-                }
-                GridRow {
-                    self.gridLabel("Attach only")
-                    Toggle("", isOn: self.$browserAttachOnly)
-                        .labelsHidden()
-                        .toggleStyle(.checkbox)
-                        .disabled(!self.browserEnabled)
-                        .onChange(of: self.browserAttachOnly) { _, _ in self.autosaveConfig() }
-                        .help(Self.browserAttachOnlyHelp)
-                }
-                GridRow {
-                    Color.clear
-                        .frame(width: self.labelColumnWidth, height: 1)
-                    Text(Self.browserProfileNote)
-                        .font(.footnote)
-                        .foregroundStyle(.secondary)
-                        .frame(maxWidth: .infinity, alignment: .leading)
-                }
-            }
-        }
-        .frame(maxWidth: .infinity, alignment: .leading)
-    }
-
-    private var talkSection: some View {
-        GroupBox("Talk Mode") {
-            Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 10) {
-                GridRow {
-                    self.gridLabel("Voice ID")
-                    VStack(alignment: .leading, spacing: 6) {
-                        HStack(spacing: 8) {
-                            TextField("ElevenLabs voice ID", text: self.$talkVoiceId)
-                                .textFieldStyle(.roundedBorder)
-                                .frame(maxWidth: .infinity)
-                                .onChange(of: self.talkVoiceId) { _, _ in self.autosaveConfig() }
-                            if !self.talkVoiceSuggestions.isEmpty {
-                                Menu {
-                                    ForEach(self.talkVoiceSuggestions, id: \.self) { value in
-                                        Button(value) {
-                                            self.talkVoiceId = value
-                                            self.autosaveConfig()
-                                        }
-                                    }
-                                } label: {
-                                    Label("Suggestions", systemImage: "chevron.up.chevron.down")
-                                }
-                                .fixedSize()
-                            }
-                        }
-                        Text("Defaults to ELEVENLABS_VOICE_ID / SAG_VOICE_ID if unset.")
-                            .font(.footnote)
-                            .foregroundStyle(.secondary)
-                    }
-                }
-                GridRow {
-                    self.gridLabel("API key")
-                    VStack(alignment: .leading, spacing: 6) {
-                        HStack(spacing: 8) {
-                            SecureField("ELEVENLABS_API_KEY", text: self.$talkApiKey)
-                                .textFieldStyle(.roundedBorder)
-                                .frame(maxWidth: .infinity)
-                                .disabled(self.hasEnvApiKey)
-                                .onChange(of: self.talkApiKey) { _, _ in self.autosaveConfig() }
-                            if !self.hasEnvApiKey, !self.talkApiKey.isEmpty {
-                                Button("Clear") {
-                                    self.talkApiKey = ""
-                                    self.autosaveConfig()
-                                }
-                            }
-                        }
-                        self.statusLine(label: self.apiKeyStatusLabel, color: self.apiKeyStatusColor)
-                        if self.hasEnvApiKey {
-                            Text("Using ELEVENLABS_API_KEY from the environment.")
-                                .font(.footnote)
-                                .foregroundStyle(.secondary)
-                        } else if self.gatewayApiKeyFound,
-                                  self.talkApiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
-                        {
-                            Text("Using API key from the gateway profile.")
-                                .font(.footnote)
-                                .foregroundStyle(.secondary)
-                        }
-                    }
-                }
-                GridRow {
-                    self.gridLabel("Interrupt")
-                    Toggle("Stop speaking when you start talking", isOn: self.$talkInterruptOnSpeech)
-                        .labelsHidden()
-                        .toggleStyle(.checkbox)
-                        .onChange(of: self.talkInterruptOnSpeech) { _, _ in self.autosaveConfig() }
-                }
-            }
-        }
-        .frame(maxWidth: .infinity, alignment: .leading)
-    }
-
-    private func gridLabel(_ text: String) -> some View {
-        Text(text)
-            .foregroundStyle(.secondary)
-            .frame(width: self.labelColumnWidth, alignment: .leading)
-    }
-
-    private func statusLine(label: String, color: Color) -> some View {
-        HStack(spacing: 6) {
-            Circle()
-                .fill(color)
-                .frame(width: 6, height: 6)
-            Text(label)
-                .font(.footnote)
-                .foregroundStyle(.secondary)
-        }
-        .padding(.top, 2)
+        .buttonStyle(.bordered)
    }
 }

-extension ConfigSettings {
-    private func loadConfig() async {
-        let parsed = await ConfigStore.load()
-        let agents = parsed["agents"] as? [String: Any]
-        let defaults = agents?["defaults"] as? [String: Any]
-        let heartbeat = defaults?["heartbeat"] as? [String: Any]
-        let heartbeatEvery = heartbeat?["every"] as? String
-        let heartbeatBody = heartbeat?["prompt"] as? String
-        let browser = parsed["browser"] as? [String: Any]
-        let talk = parsed["talk"] as? [String: Any]
-
-        let loadedModel: String = {
-            if let raw = defaults?["model"] as? String { return raw }
-            if let modelDict = defaults?["model"] as? [String: Any],
-               let primary = modelDict["primary"] as? String { return primary }
-            return ""
-        }()
-        if !loadedModel.isEmpty {
-            self.configModel = loadedModel
-        } else {
-            self.configModel = SessionLoader.fallbackModel
-        }
-
-        if let heartbeatEvery {
-            let digits = heartbeatEvery.trimmingCharacters(in: .whitespacesAndNewlines)
-                .prefix { $0.isNumber }
-            if let minutes = Int(digits) {
-                self.heartbeatMinutes = minutes
-            }
-        }
-        if let heartbeatBody, !heartbeatBody.isEmpty { self.heartbeatBody = heartbeatBody }
-
-        if let browser {
-            if let enabled = browser["enabled"] as? Bool { self.browserEnabled = enabled }
-            if let url = browser["controlUrl"] as? String, !url.isEmpty { self.browserControlUrl = url }
-            if let color = browser["color"] as? String, !color.isEmpty { self.browserColorHex = color }
-            if let attachOnly = browser["attachOnly"] as? Bool { self.browserAttachOnly = attachOnly }
-        }
-
-        if let talk {
-            if let voice = talk["voiceId"] as? String { self.talkVoiceId = voice }
-            if let apiKey = talk["apiKey"] as? String { self.talkApiKey = apiKey }
-            if let interrupt = talk["interruptOnSpeech"] as? Bool {
-                self.talkInterruptOnSpeech = interrupt
-            }
-        }
-    }
-
-    private func refreshGatewayTalkApiKey() async {
-        do {
-            let snap: ConfigSnapshot = try await GatewayConnection.shared.requestDecoded(
-                method: .configGet,
-                params: nil,
-                timeoutMs: 8000)
-            let talk = snap.config?["talk"]?.dictionaryValue
-            let apiKey = talk?["apiKey"]?.stringValue?.trimmingCharacters(in: .whitespacesAndNewlines)
-            self.gatewayApiKeyFound = !(apiKey ?? "").isEmpty
-        } catch {
-            self.gatewayApiKeyFound = false
-        }
-    }
-
-    private func autosaveConfig() {
-        guard self.allowAutosave, !self.isNixMode else { return }
-        Task { await self.saveConfig() }
-    }
-
-    private func saveConfig() async {
-        guard !self.configSaving else { return }
-        self.configSaving = true
-        defer { self.configSaving = false }
-
-        let configModel = self.configModel
-        let heartbeatMinutes = self.heartbeatMinutes
-        let heartbeatBody = self.heartbeatBody
-        let browserEnabled = self.browserEnabled
-        let browserControlUrl = self.browserControlUrl
-        let browserColorHex = self.browserColorHex
-        let browserAttachOnly = self.browserAttachOnly
-        let talkVoiceId = self.talkVoiceId
-        let talkApiKey = self.talkApiKey
-        let talkInterruptOnSpeech = self.talkInterruptOnSpeech
-
-        let draft = ConfigDraft(
-            configModel: configModel,
-            heartbeatMinutes: heartbeatMinutes,
-            heartbeatBody: heartbeatBody,
-            browserEnabled: browserEnabled,
-            browserControlUrl: browserControlUrl,
-            browserColorHex: browserColorHex,
-            browserAttachOnly: browserAttachOnly,
-            talkVoiceId: talkVoiceId,
-            talkApiKey: talkApiKey,
-            talkInterruptOnSpeech: talkInterruptOnSpeech)
-
-        let errorMessage = await ConfigSettings.buildAndSaveConfig(draft)
-
-        if let errorMessage {
-            self.modelError = errorMessage
-        }
-    }
-
-    @MainActor
-    private static func buildAndSaveConfig(_ draft: ConfigDraft) async -> String? {
-        var root = await ConfigStore.load()
-        var agents = root["agents"] as? [String: Any] ?? [:]
-        var defaults = agents["defaults"] as? [String: Any] ?? [:]
-        var browser = root["browser"] as? [String: Any] ?? [:]
-        var talk = root["talk"] as? [String: Any] ?? [:]
-
-        let chosenModel = draft.configModel.trimmingCharacters(in: .whitespacesAndNewlines)
-        let trimmedModel = chosenModel
-        if !trimmedModel.isEmpty {
-            var model = defaults["model"] as? [String: Any] ?? [:]
-            model["primary"] = trimmedModel
-            defaults["model"] = model
-
-            var models = defaults["models"] as? [String: Any] ?? [:]
-            if models[trimmedModel] == nil {
-                models[trimmedModel] = [:]
-            }
-            defaults["models"] = models
-        }
-
-        if let heartbeatMinutes = draft.heartbeatMinutes {
-            var heartbeat = defaults["heartbeat"] as? [String: Any] ?? [:]
-            heartbeat["every"] = "\(heartbeatMinutes)m"
-            defaults["heartbeat"] = heartbeat
-        }
-
-        let trimmedBody = draft.heartbeatBody.trimmingCharacters(in: .whitespacesAndNewlines)
-        if !trimmedBody.isEmpty {
-            var heartbeat = defaults["heartbeat"] as? [String: Any] ?? [:]
-            heartbeat["prompt"] = trimmedBody
-            defaults["heartbeat"] = heartbeat
-        }
-
-        if defaults.isEmpty {
-            agents.removeValue(forKey: "defaults")
-        } else {
-            agents["defaults"] = defaults
-        }
-        if agents.isEmpty {
-            root.removeValue(forKey: "agents")
-        } else {
-            root["agents"] = agents
-        }
-
-        browser["enabled"] = draft.browserEnabled
-        let trimmedUrl = draft.browserControlUrl.trimmingCharacters(in: .whitespacesAndNewlines)
-        if !trimmedUrl.isEmpty { browser["controlUrl"] = trimmedUrl }
-        let trimmedColor = draft.browserColorHex.trimmingCharacters(in: .whitespacesAndNewlines)
-        if !trimmedColor.isEmpty { browser["color"] = trimmedColor }
-        browser["attachOnly"] = draft.browserAttachOnly
-        root["browser"] = browser
-
-        let trimmedVoice = draft.talkVoiceId.trimmingCharacters(in: .whitespacesAndNewlines)
-        if trimmedVoice.isEmpty {
-            talk.removeValue(forKey: "voiceId")
-        } else {
-            talk["voiceId"] = trimmedVoice
-        }
-        let trimmedApiKey = draft.talkApiKey.trimmingCharacters(in: .whitespacesAndNewlines)
-        if trimmedApiKey.isEmpty {
-            talk.removeValue(forKey: "apiKey")
-        } else {
-            talk["apiKey"] = trimmedApiKey
-        }
-        talk["interruptOnSpeech"] = draft.talkInterruptOnSpeech
-        root["talk"] = talk
-
-        do {
-            try await ConfigStore.save(root)
-            return nil
-        } catch {
-            return error.localizedDescription
-        }
-    }
-}
-
-extension ConfigSettings {
-    private var browserColor: Color {
-        let raw = self.browserColorHex.trimmingCharacters(in: .whitespacesAndNewlines)
-        let hex = raw.hasPrefix("#") ? String(raw.dropFirst()) : raw
-        guard hex.count == 6, let value = Int(hex, radix: 16) else { return .orange }
-        let r = Double((value >> 16) & 0xFF) / 255.0
-        let g = Double((value >> 8) & 0xFF) / 255.0
-        let b = Double(value & 0xFF) / 255.0
-        return Color(red: r, green: g, blue: b)
-    }
-
-    private var talkVoiceSuggestions: [String] {
-        let env = ProcessInfo.processInfo.environment
-        let candidates = [
-            self.talkVoiceId,
-            env["ELEVENLABS_VOICE_ID"] ?? "",
-            env["SAG_VOICE_ID"] ?? "",
-        ]
-        var seen = Set<String>()
-        return candidates
-            .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
-            .filter { !$0.isEmpty }
-            .filter { seen.insert($0).inserted }
-    }
-
-    private var hasEnvApiKey: Bool {
-        let raw = ProcessInfo.processInfo.environment["ELEVENLABS_API_KEY"] ?? ""
-        return !raw.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
-    }
-
-    private var apiKeyStatusLabel: String {
-        if self.hasEnvApiKey { return "ElevenLabs API key: found (environment)" }
-        if !self.talkApiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty {
-            return "ElevenLabs API key: stored in config"
-        }
-        if self.gatewayApiKeyFound { return "ElevenLabs API key: found (gateway)" }
-        return "ElevenLabs API key: missing"
-    }
-
-    private var apiKeyStatusColor: Color {
-        if self.hasEnvApiKey { return .green }
-        if !self.talkApiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty { return .green }
-        if self.gatewayApiKeyFound { return .green }
-        return .red
-    }
-
-    private var browserPathLabel: String? {
-        guard self.browserEnabled else { return nil }
-
-        let host = (URL(string: self.browserControlUrl)?.host ?? "").lowercased()
-        if !host.isEmpty, !Self.isLoopbackHost(host) {
-            return "remote (\(host))"
-        }
-
-        guard let candidate = Self.detectedBrowserCandidate() else { return nil }
-        return candidate.executablePath ?? candidate.appPath
-    }
-
-    private struct BrowserCandidate {
-        let name: String
-        let appPath: String
-        let executablePath: String?
-    }
-
-    private static func detectedBrowserCandidate() -> BrowserCandidate? {
-        let candidates: [(name: String, appName: String)] = [
-            ("Google Chrome Canary", "Google Chrome Canary.app"),
-            ("Chromium", "Chromium.app"),
-            ("Google Chrome", "Google Chrome.app"),
-        ]
-
-        let roots = [
-            "/Applications",
-            "\(NSHomeDirectory())/Applications",
-        ]
-
-        let fm = FileManager.default
-        for (name, appName) in candidates {
-            for root in roots {
-                let appPath = "\(root)/\(appName)"
-                if fm.fileExists(atPath: appPath) {
-                    let bundle = Bundle(url: URL(fileURLWithPath: appPath))
-                    let exec = bundle?.executableURL?.path
-                    return BrowserCandidate(name: name, appPath: appPath, executablePath: exec)
-                }
-            }
-        }
-
-        return nil
-    }
-
-    private static func isLoopbackHost(_ host: String) -> Bool {
-        if host == "localhost" { return true }
-        if host == "127.0.0.1" { return true }
-        if host == "::1" { return true }
-        return false
-    }
-}
-
-extension ConfigSettings {
-    private func loadModels() async {
-        guard !self.modelsLoading else { return }
-        self.modelsLoading = true
-        self.modelError = nil
-        self.modelsSourceLabel = nil
-        do {
-            let res: ModelsListResult =
-                try await GatewayConnection.shared
-                .requestDecoded(
-                    method: .modelsList,
-                    timeoutMs: 15000)
-            self.models = res.models
-            self.modelsSourceLabel = "gateway"
-        } catch {
-            do {
-                let loaded = try await ModelCatalogLoader.load(from: self.modelCatalogPath)
-                self.models = loaded
-                self.modelsSourceLabel = "local fallback"
-            } catch {
-                self.modelError = error.localizedDescription
-                self.models = []
-            }
-        }
-        self.modelsLoading = false
-    }
-
-    private struct ModelsListResult: Decodable {
-        let models: [ModelChoice]
-    }
-
-    private var modelSearchMatches: [ModelChoice] {
-        let raw = self.modelSearchQuery.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
-        guard !raw.isEmpty else { return self.models }
-        let tokens = raw
-            .split(whereSeparator: { $0.isWhitespace })
-            .map { token in
-                token.trimmingCharacters(in: CharacterSet(charactersIn: "%"))
-            }
-            .filter { !$0.isEmpty }
-        guard !tokens.isEmpty else { return self.models }
-        return self.models.filter { choice in
-            let haystack = [
-                choice.id,
-                choice.name,
-                choice.provider,
-                self.modelRef(for: choice),
-            ]
-            .joined(separator: " ")
-            .lowercased()
-            return tokens.allSatisfy { haystack.contains($0) }
-        }
-    }
-
-    private var selectedModelChoice: ModelChoice? {
-        guard !self.configModel.isEmpty else { return nil }
-        return self.models.first(where: { self.matchesConfigModel($0) })
-    }
-
-    private var modelPickerLabel: String {
-        if let choice = self.selectedModelChoice {
-            return "\(choice.name) — \(choice.provider.uppercased())"
-        }
-        if !self.configModel.isEmpty { return self.configModel }
-        return "Select model"
-    }
-
-    private var modelPickerLabelIsPlaceholder: Bool {
-        self.configModel.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
-    }
-
-    private var manualEntryCandidate: String? {
-        let trimmed = self.modelSearchQuery.trimmingCharacters(in: .whitespacesAndNewlines)
-        guard !trimmed.isEmpty else { return nil }
-        let cleaned = trimmed.trimmingCharacters(in: CharacterSet(charactersIn: "%"))
-        guard !cleaned.isEmpty else { return nil }
-        guard !self.isKnownModelRef(cleaned) else { return nil }
-        return cleaned
-    }
-
-    private func isKnownModelRef(_ value: String) -> Bool {
-        let needle = value.lowercased()
-        return self.models.contains { choice in
-            choice.id.lowercased() == needle
-                || self.modelRef(for: choice).lowercased() == needle
-        }
-    }
-
-    private func modelRef(for choice: ModelChoice) -> String {
-        let id = choice.id.trimmingCharacters(in: .whitespacesAndNewlines)
-        let provider = choice.provider.trimmingCharacters(in: .whitespacesAndNewlines)
-        guard !provider.isEmpty else { return id }
-        let normalizedProvider = provider.lowercased()
-        if id.lowercased().hasPrefix("\(normalizedProvider)/") {
-            return id
-        }
-        return "\(normalizedProvider)/\(id)"
-    }
-
-    private func matchesConfigModel(_ choice: ModelChoice) -> Bool {
-        let configured = self.configModel.trimmingCharacters(in: .whitespacesAndNewlines)
-        guard !configured.isEmpty else { return false }
-        if configured.caseInsensitiveCompare(choice.id) == .orderedSame { return true }
-        let ref = self.modelRef(for: choice)
-        return configured.caseInsensitiveCompare(ref) == .orderedSame
-    }
-
-    private func exactMatchForQuery() -> ModelChoice? {
-        let trimmed = self.modelSearchQuery.trimmingCharacters(in: .whitespacesAndNewlines)
-        guard !trimmed.isEmpty else { return nil }
-        let cleaned = trimmed.trimmingCharacters(in: CharacterSet(charactersIn: "%")).lowercased()
-        guard !cleaned.isEmpty else { return nil }
-        return self.models.first(where: { choice in
-            let id = choice.id.lowercased()
-            if id == cleaned { return true }
-            return self.modelRef(for: choice).lowercased() == cleaned
-        })
-    }
-
-    private var shouldShowProviderHint: Bool {
-        let trimmed = self.modelSearchQuery.trimmingCharacters(in: .whitespacesAndNewlines)
-        guard !trimmed.isEmpty else { return false }
-        let cleaned = trimmed.trimmingCharacters(in: CharacterSet(charactersIn: "%"))
-        return !cleaned.contains("/")
-    }
-
-    private var shouldShowProviderHintForSelection: Bool {
-        let trimmed = self.configModel.trimmingCharacters(in: .whitespacesAndNewlines)
-        guard !trimmed.isEmpty else { return false }
-        return !trimmed.contains("/")
-    }
-
-    private func selectModel(_ choice: ModelChoice) {
-        self.configModel = self.modelRef(for: choice)
-        self.autosaveConfig()
-        self.isModelPickerOpen = false
-    }
-
-    private func selectManualModel(_ value: String) {
-        let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
-        if let slash = trimmed.firstIndex(of: "/") {
-            let provider = trimmed[..<slash].trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
-            let model = trimmed[trimmed.index(after: slash)...].trimmingCharacters(in: .whitespacesAndNewlines)
-            self.configModel = provider.isEmpty ? String(model) : "\(provider)/\(model)"
-        } else {
-            self.configModel = trimmed
-        }
-        self.autosaveConfig()
-        self.isModelPickerOpen = false
-    }
-
-    private var selectedContextLabel: String? {
-        guard
-            let choice = self.selectedModelChoice,
-            let context = choice.contextWindow
-        else {
-            return nil
-        }
-
-        let human = context >= 1000 ? "\(context / 1000)k" : "\(context)"
-        return "Context window: \(human) tokens"
-    }
-
-    private var selectedAnthropicAuthMode: AnthropicAuthMode? {
-        guard let choice = self.selectedModelChoice else { return nil }
-        guard choice.provider.lowercased() == "anthropic" else { return nil }
-        return AnthropicAuthResolver.resolve()
-    }
-
-    private struct PlainSettingsGroupBoxStyle: GroupBoxStyle {
-        func makeBody(configuration: Configuration) -> some View {
-            VStack(alignment: .leading, spacing: 10) {
-                configuration.label
-                    .font(.caption.weight(.semibold))
-                    .foregroundStyle(.secondary)
-                configuration.content
-            }
-            .frame(maxWidth: .infinity, alignment: .leading)
-        }
-    }
-}
-
-#if DEBUG
 struct ConfigSettings_Previews: PreviewProvider {
    static var previews: some View {
        ConfigSettings()
-            .frame(width: SettingsTab.windowWidth, height: SettingsTab.windowHeight)
    }
 }
-#endif
--- a/apps/macos/Sources/Clawdbot/ConnectionModeCoordinator.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionModeCoordinator.swift
@@ -53,8 +53,8 @@ final class ConnectionModeCoordinator {
                _ = try await GatewayEndpointStore.shared.ensureRemoteControlTunnel()
                let settings = CommandResolver.connectionSettings()
                try await ControlChannel.shared.configure(mode: .remote(
-                                                            target: settings.target,
-                                                            identity: settings.identity))
+                    target: settings.target,
+                    identity: settings.identity))
            } catch {
                self.logger.error("remote tunnel/configure failed: \(error.localizedDescription, privacy: .public)")
            }
--- a/apps/macos/Sources/Clawdbot/ConnectionModeResolver.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionModeResolver.swift
@@ -0,0 +1,49 @@
+import Foundation
+
+enum EffectiveConnectionModeSource: Sendable, Equatable {
+    case configMode
+    case configRemoteURL
+    case userDefaults
+    case onboarding
+}
+
+struct EffectiveConnectionMode: Sendable, Equatable {
+    let mode: AppState.ConnectionMode
+    let source: EffectiveConnectionModeSource
+}
+
+enum ConnectionModeResolver {
+    static func resolve(
+        root: [String: Any],
+        defaults: UserDefaults = .standard) -> EffectiveConnectionMode
+    {
+        let gateway = root["gateway"] as? [String: Any]
+        let configModeRaw = (gateway?["mode"] as? String) ?? ""
+        let configMode = configModeRaw
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased()
+
+        switch configMode {
+        case "local":
+            return EffectiveConnectionMode(mode: .local, source: .configMode)
+        case "remote":
+            return EffectiveConnectionMode(mode: .remote, source: .configMode)
+        default:
+            break
+        }
+
+        let remoteURLRaw = ((gateway?["remote"] as? [String: Any])?["url"] as? String) ?? ""
+        let remoteURL = remoteURLRaw.trimmingCharacters(in: .whitespacesAndNewlines)
+        if !remoteURL.isEmpty {
+            return EffectiveConnectionMode(mode: .remote, source: .configRemoteURL)
+        }
+
+        if let storedModeRaw = defaults.string(forKey: connectionModeKey) {
+            let storedMode = AppState.ConnectionMode(rawValue: storedModeRaw) ?? .local
+            return EffectiveConnectionMode(mode: storedMode, source: .userDefaults)
+        }
+
+        let seen = defaults.bool(forKey: "clawdbot.onboardingSeen")
+        return EffectiveConnectionMode(mode: seen ? .local : .unconfigured, source: .onboarding)
+    }
+}
--- a/apps/macos/Sources/Clawdbot/ConnectionsSettings+ChannelSections.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsSettings+ChannelSections.swift
@@ -1,707 +0,0 @@
-import SwiftUI
-
-extension ConnectionsSettings {
-    func formSection(_ title: String, @ViewBuilder content: () -> some View) -> some View {
-        GroupBox(title) {
-            VStack(alignment: .leading, spacing: 10) {
-                content()
-            }
-            .frame(maxWidth: .infinity, alignment: .leading)
-        }
-    }
-
-    @ViewBuilder
-    func channelHeaderActions(_ channel: ConnectionChannel) -> some View {
-        HStack(spacing: 8) {
-            if channel == .whatsapp {
-                Button("Logout") {
-                    Task { await self.store.logoutWhatsApp() }
-                }
-                .buttonStyle(.bordered)
-                .disabled(self.store.whatsappBusy)
-            }
-
-            if channel == .telegram {
-                Button("Logout") {
-                    Task { await self.store.logoutTelegram() }
-                }
-                .buttonStyle(.bordered)
-                .disabled(self.store.telegramBusy)
-            }
-
-            Button {
-                Task { await self.store.refresh(probe: true) }
-            } label: {
-                if self.store.isRefreshing {
-                    ProgressView().controlSize(.small)
-                } else {
-                    Text("Refresh")
-                }
-            }
-            .buttonStyle(.bordered)
-            .disabled(self.store.isRefreshing)
-        }
-        .controlSize(.small)
-    }
-
-    var whatsAppSection: some View {
-        VStack(alignment: .leading, spacing: 16) {
-            self.formSection("Linking") {
-                if let message = self.store.whatsappLoginMessage {
-                    Text(message)
-                        .font(.caption)
-                        .foregroundStyle(.secondary)
-                        .fixedSize(horizontal: false, vertical: true)
-                }
-
-                if let qr = self.store.whatsappLoginQrDataUrl, let image = self.qrImage(from: qr) {
-                    Image(nsImage: image)
-                        .resizable()
-                        .interpolation(.none)
-                        .frame(width: 180, height: 180)
-                        .cornerRadius(8)
-                }
-
-                HStack(spacing: 12) {
-                    Button {
-                        Task { await self.store.startWhatsAppLogin(force: false) }
-                    } label: {
-                        if self.store.whatsappBusy {
-                            ProgressView().controlSize(.small)
-                        } else {
-                            Text("Show QR")
-                        }
-                    }
-                    .buttonStyle(.borderedProminent)
-                    .disabled(self.store.whatsappBusy)
-
-                    Button("Relink") {
-                        Task { await self.store.startWhatsAppLogin(force: true) }
-                    }
-                    .buttonStyle(.bordered)
-                    .disabled(self.store.whatsappBusy)
-                }
-                .font(.caption)
-            }
-        }
-    }
-
-    var telegramSection: some View {
-        VStack(alignment: .leading, spacing: 16) {
-            self.formSection("Authentication") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Bot token")
-                        if self.showTelegramToken {
-                            TextField("123:abc", text: self.$store.telegramToken)
-                                .textFieldStyle(.roundedBorder)
-                                .disabled(self.isTelegramTokenLocked)
-                        } else {
-                            SecureField("123:abc", text: self.$store.telegramToken)
-                                .textFieldStyle(.roundedBorder)
-                                .disabled(self.isTelegramTokenLocked)
-                        }
-                        Toggle("Show", isOn: self.$showTelegramToken)
-                            .toggleStyle(.switch)
-                            .disabled(self.isTelegramTokenLocked)
-                    }
-                }
-            }
-
-            self.formSection("Access") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Require mention")
-                        Toggle("", isOn: self.$store.telegramRequireMention)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Allow from")
-                        TextField("123456789, @team", text: self.$store.telegramAllowFrom)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            self.formSection("Webhook") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Webhook URL")
-                        TextField("https://example.com/telegram-webhook", text: self.$store.telegramWebhookUrl)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Webhook secret")
-                        TextField("secret", text: self.$store.telegramWebhookSecret)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Webhook path")
-                        TextField("/telegram-webhook", text: self.$store.telegramWebhookPath)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            self.formSection("Network") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Proxy")
-                        TextField("socks5://localhost:9050", text: self.$store.telegramProxy)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            if self.isTelegramTokenLocked {
-                Text("Token set via TELEGRAM_BOT_TOKEN env; config edits won’t override it.")
-                    .font(.caption)
-                    .foregroundStyle(.secondary)
-            }
-
-            self.configStatusMessage
-
-            HStack(spacing: 12) {
-                Button {
-                    Task { await self.store.saveTelegramConfig() }
-                } label: {
-                    if self.store.isSavingConfig {
-                        ProgressView().controlSize(.small)
-                    } else {
-                        Text("Save")
-                    }
-                }
-                .buttonStyle(.borderedProminent)
-                .disabled(self.store.isSavingConfig)
-
-                Spacer()
-            }
-            .font(.caption)
-        }
-    }
-
-    var discordSection: some View {
-        VStack(alignment: .leading, spacing: 16) {
-            self.formSection("Authentication") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Enabled")
-                        Toggle("", isOn: self.$store.discordEnabled)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Bot token")
-                        if self.showDiscordToken {
-                            TextField("bot token", text: self.$store.discordToken)
-                                .textFieldStyle(.roundedBorder)
-                                .disabled(self.isDiscordTokenLocked)
-                        } else {
-                            SecureField("bot token", text: self.$store.discordToken)
-                                .textFieldStyle(.roundedBorder)
-                                .disabled(self.isDiscordTokenLocked)
-                        }
-                        Toggle("Show", isOn: self.$showDiscordToken)
-                            .toggleStyle(.switch)
-                            .disabled(self.isDiscordTokenLocked)
-                    }
-                }
-            }
-
-            self.formSection("Messages") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Allow DMs from")
-                        TextField("123456789, username#1234", text: self.$store.discordAllowFrom)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("DMs enabled")
-                        Toggle("", isOn: self.$store.discordDmEnabled)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Group DMs")
-                        Toggle("", isOn: self.$store.discordGroupEnabled)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Group channels")
-                        TextField("channelId1, channelId2", text: self.$store.discordGroupChannels)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Reply to mode")
-                        Picker("", selection: self.$store.discordReplyToMode) {
-                            Text("off").tag("off")
-                            Text("first").tag("first")
-                            Text("all").tag("all")
-                        }
-                        .labelsHidden()
-                    }
-                }
-            }
-
-            self.formSection("Limits") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Media max MB")
-                        TextField("8", text: self.$store.discordMediaMaxMb)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("History limit")
-                        TextField("20", text: self.$store.discordHistoryLimit)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Text chunk limit")
-                        TextField("2000", text: self.$store.discordTextChunkLimit)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            self.formSection("Slash command") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Enabled")
-                        Toggle("", isOn: self.$store.discordSlashEnabled)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Slash name")
-                        TextField("clawd", text: self.$store.discordSlashName)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Session prefix")
-                        TextField("discord:slash", text: self.$store.discordSlashSessionPrefix)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Ephemeral")
-                        Toggle("", isOn: self.$store.discordSlashEphemeral)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                }
-            }
-
-            GroupBox("Guilds") {
-                VStack(alignment: .leading, spacing: 12) {
-                    ForEach(self.$store.discordGuilds) { $guild in
-                        VStack(alignment: .leading, spacing: 10) {
-                            HStack {
-                                TextField("guild id or slug", text: $guild.key)
-                                    .textFieldStyle(.roundedBorder)
-                                Button("Remove") {
-                                    self.store.discordGuilds.removeAll { $0.id == guild.id }
-                                }
-                                .buttonStyle(.bordered)
-                            }
-
-                            Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                                GridRow {
-                                    self.gridLabel("Slug")
-                                    TextField("optional slug", text: $guild.slug)
-                                        .textFieldStyle(.roundedBorder)
-                                }
-                                GridRow {
-                                    self.gridLabel("Require mention")
-                                    Toggle("", isOn: $guild.requireMention)
-                                        .labelsHidden()
-                                        .toggleStyle(.checkbox)
-                                }
-                                GridRow {
-                                    self.gridLabel("Reaction notifications")
-                                    Picker("", selection: $guild.reactionNotifications) {
-                                        Text("Off").tag("off")
-                                        Text("Own").tag("own")
-                                        Text("All").tag("all")
-                                        Text("Allowlist").tag("allowlist")
-                                    }
-                                    .labelsHidden()
-                                    .pickerStyle(.segmented)
-                                }
-                                GridRow {
-                                    self.gridLabel("Users allowlist")
-                                    TextField("123456789, username#1234", text: $guild.users)
-                                        .textFieldStyle(.roundedBorder)
-                                }
-                            }
-
-                            Text("Channels")
-                                .font(.caption)
-                                .foregroundStyle(.secondary)
-
-                            VStack(alignment: .leading, spacing: 8) {
-                                ForEach($guild.channels) { $channel in
-                                    HStack(spacing: 10) {
-                                        TextField("channel id or slug", text: $channel.key)
-                                            .textFieldStyle(.roundedBorder)
-                                        Toggle("Allow", isOn: $channel.allow)
-                                            .toggleStyle(.checkbox)
-                                        Toggle("Require mention", isOn: $channel.requireMention)
-                                            .toggleStyle(.checkbox)
-                                        Button("Remove") {
-                                            guild.channels.removeAll { $0.id == channel.id }
-                                        }
-                                        .buttonStyle(.bordered)
-                                    }
-                                }
-                                Button("Add channel") {
-                                    guild.channels.append(DiscordGuildChannelForm())
-                                }
-                                .buttonStyle(.bordered)
-                            }
-                        }
-                        .padding(10)
-                        .background(Color.secondary.opacity(0.08))
-                        .clipShape(RoundedRectangle(cornerRadius: 8))
-                    }
-
-                    Button("Add guild") {
-                        self.store.discordGuilds.append(DiscordGuildForm())
-                    }
-                    .buttonStyle(.bordered)
-                }
-                .frame(maxWidth: .infinity, alignment: .leading)
-            }
-
-            GroupBox("Tool actions") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Reactions")
-                        Toggle("", isOn: self.$store.discordActionReactions)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Stickers")
-                        Toggle("", isOn: self.$store.discordActionStickers)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Polls")
-                        Toggle("", isOn: self.$store.discordActionPolls)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Permissions")
-                        Toggle("", isOn: self.$store.discordActionPermissions)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Messages")
-                        Toggle("", isOn: self.$store.discordActionMessages)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Threads")
-                        Toggle("", isOn: self.$store.discordActionThreads)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Pins")
-                        Toggle("", isOn: self.$store.discordActionPins)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Search")
-                        Toggle("", isOn: self.$store.discordActionSearch)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Member info")
-                        Toggle("", isOn: self.$store.discordActionMemberInfo)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Role info")
-                        Toggle("", isOn: self.$store.discordActionRoleInfo)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Channel info")
-                        Toggle("", isOn: self.$store.discordActionChannelInfo)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Voice status")
-                        Toggle("", isOn: self.$store.discordActionVoiceStatus)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Events")
-                        Toggle("", isOn: self.$store.discordActionEvents)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Role changes")
-                        Toggle("", isOn: self.$store.discordActionRoles)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Moderation")
-                        Toggle("", isOn: self.$store.discordActionModeration)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                }
-                .frame(maxWidth: .infinity, alignment: .leading)
-            }
-
-            if self.isDiscordTokenLocked {
-                Text("Token set via DISCORD_BOT_TOKEN env; config edits won’t override it.")
-                    .font(.caption)
-                    .foregroundStyle(.secondary)
-            }
-
-            self.configStatusMessage
-
-            HStack(spacing: 12) {
-                Button {
-                    Task { await self.store.saveDiscordConfig() }
-                } label: {
-                    if self.store.isSavingConfig {
-                        ProgressView().controlSize(.small)
-                    } else {
-                        Text("Save")
-                    }
-                }
-                .buttonStyle(.borderedProminent)
-                .disabled(self.store.isSavingConfig)
-
-                Spacer()
-            }
-            .font(.caption)
-        }
-    }
-
-    var signalSection: some View {
-        VStack(alignment: .leading, spacing: 16) {
-            self.formSection("Connection") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Enabled")
-                        Toggle("", isOn: self.$store.signalEnabled)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Account")
-                        TextField("+15551234567", text: self.$store.signalAccount)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("HTTP URL")
-                        TextField("http://127.0.0.1:8080", text: self.$store.signalHttpUrl)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("HTTP host")
-                        TextField("127.0.0.1", text: self.$store.signalHttpHost)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("HTTP port")
-                        TextField("8080", text: self.$store.signalHttpPort)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("CLI path")
-                        TextField("signal-cli", text: self.$store.signalCliPath)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            self.formSection("Behavior") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Auto start")
-                        Toggle("", isOn: self.$store.signalAutoStart)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Receive mode")
-                        Picker("", selection: self.$store.signalReceiveMode) {
-                            Text("Default").tag("")
-                            Text("on-start").tag("on-start")
-                            Text("manual").tag("manual")
-                        }
-                        .labelsHidden()
-                        .pickerStyle(.menu)
-                    }
-                    GridRow {
-                        self.gridLabel("Ignore attachments")
-                        Toggle("", isOn: self.$store.signalIgnoreAttachments)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Ignore stories")
-                        Toggle("", isOn: self.$store.signalIgnoreStories)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Read receipts")
-                        Toggle("", isOn: self.$store.signalSendReadReceipts)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                }
-            }
-
-            self.formSection("Access & limits") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Allow from")
-                        TextField("12345, +1555", text: self.$store.signalAllowFrom)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Media max MB")
-                        TextField("8", text: self.$store.signalMediaMaxMb)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            self.configStatusMessage
-
-            HStack(spacing: 12) {
-                Button {
-                    Task { await self.store.saveSignalConfig() }
-                } label: {
-                    if self.store.isSavingConfig {
-                        ProgressView().controlSize(.small)
-                    } else {
-                        Text("Save")
-                    }
-                }
-                .buttonStyle(.borderedProminent)
-                .disabled(self.store.isSavingConfig)
-
-                Spacer()
-            }
-            .font(.caption)
-        }
-    }
-
-    var imessageSection: some View {
-        VStack(alignment: .leading, spacing: 16) {
-            self.formSection("Connection") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Enabled")
-                        Toggle("", isOn: self.$store.imessageEnabled)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("CLI path")
-                        TextField("imsg", text: self.$store.imessageCliPath)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("DB path")
-                        TextField("~/Library/Messages/chat.db", text: self.$store.imessageDbPath)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Service")
-                        Picker("", selection: self.$store.imessageService) {
-                            Text("auto").tag("auto")
-                            Text("imessage").tag("imessage")
-                            Text("sms").tag("sms")
-                        }
-                        .labelsHidden()
-                        .pickerStyle(.menu)
-                    }
-                }
-            }
-
-            self.formSection("Behavior") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Region")
-                        TextField("US", text: self.$store.imessageRegion)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Allow from")
-                        TextField("chat_id:101, +1555", text: self.$store.imessageAllowFrom)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Attachments")
-                        Toggle("", isOn: self.$store.imessageIncludeAttachments)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Media max MB")
-                        TextField("16", text: self.$store.imessageMediaMaxMb)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            self.configStatusMessage
-
-            HStack(spacing: 12) {
-                Button {
-                    Task { await self.store.saveIMessageConfig() }
-                } label: {
-                    if self.store.isSavingConfig {
-                        ProgressView().controlSize(.small)
-                    } else {
-                        Text("Save")
-                    }
-                }
-                .buttonStyle(.borderedProminent)
-                .disabled(self.store.isSavingConfig)
-
-                Spacer()
-            }
-            .font(.caption)
-        }
-    }
-
-    @ViewBuilder
-    var configStatusMessage: some View {
-        if let status = self.store.configStatus {
-            Text(status)
-                .font(.caption)
-                .foregroundStyle(.secondary)
-                .fixedSize(horizontal: false, vertical: true)
-        }
-    }
-
-    func gridLabel(_ text: String) -> some View {
-        Text(text)
-            .font(.callout.weight(.semibold))
-            .frame(width: 140, alignment: .leading)
-    }
-}
--- a/apps/macos/Sources/Clawdbot/ConnectionsSettings.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsSettings.swift
@@ -1,63 +0,0 @@
-import AppKit
-import SwiftUI
-
-struct ConnectionsSettings: View {
-    enum ConnectionChannel: String, CaseIterable, Identifiable, Hashable {
-        case whatsapp
-        case telegram
-        case discord
-        case signal
-        case imessage
-
-        var id: String { self.rawValue }
-
-        var sortOrder: Int {
-            switch self {
-            case .whatsapp: 0
-            case .telegram: 1
-            case .discord: 2
-            case .signal: 3
-            case .imessage: 4
-            }
-        }
-
-        var title: String {
-            switch self {
-            case .whatsapp: "WhatsApp"
-            case .telegram: "Telegram"
-            case .discord: "Discord"
-            case .signal: "Signal"
-            case .imessage: "iMessage"
-            }
-        }
-
-        var detailTitle: String {
-            switch self {
-            case .whatsapp: "WhatsApp Web"
-            case .telegram: "Telegram Bot"
-            case .discord: "Discord Bot"
-            case .signal: "Signal REST"
-            case .imessage: "iMessage (imsg)"
-            }
-        }
-
-        var systemImage: String {
-            switch self {
-            case .whatsapp: "message"
-            case .telegram: "paperplane"
-            case .discord: "bubble.left.and.bubble.right"
-            case .signal: "antenna.radiowaves.left.and.right"
-            case .imessage: "message.fill"
-            }
-        }
-    }
-
-    @Bindable var store: ConnectionsStore
-    @State var selectedChannel: ConnectionChannel?
-    @State var showTelegramToken = false
-    @State var showDiscordToken = false
-
-    init(store: ConnectionsStore = .shared) {
-        self.store = store
-    }
-}
--- a/apps/macos/Sources/Clawdbot/ConnectionsStore+Config.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsStore+Config.swift
@@ -1,594 +0,0 @@
-import ClawdbotProtocol
-import Foundation
-
-extension ConnectionsStore {
-    var isTelegramTokenLocked: Bool {
-        self.snapshot?.decodeChannel("telegram", as: ChannelsStatusSnapshot.TelegramStatus.self)?
-            .tokenSource == "env"
-    }
-
-    var isDiscordTokenLocked: Bool {
-        self.snapshot?.decodeChannel("discord", as: ChannelsStatusSnapshot.DiscordStatus.self)?
-            .tokenSource == "env"
-    }
-
-    func loadConfig() async {
-        do {
-            let snap: ConfigSnapshot = try await GatewayConnection.shared.requestDecoded(
-                method: .configGet,
-                params: nil,
-                timeoutMs: 10000)
-            self.configStatus = snap.valid == false
-                ? "Config invalid; fix it in ~/.clawdbot/clawdbot.json."
-                : nil
-            self.configRoot = snap.config?.mapValues { $0.foundationValue } ?? [:]
-            self.configHash = snap.hash
-            self.configLoaded = true
-
-            self.applyUIConfig(snap)
-            self.applyTelegramConfig(snap)
-            self.applyDiscordConfig(snap)
-            self.applySignalConfig(snap)
-            self.applyIMessageConfig(snap)
-        } catch {
-            self.configStatus = error.localizedDescription
-        }
-    }
-
-    private func applyUIConfig(_ snap: ConfigSnapshot) {
-        let ui = snap.config?[
-            "ui",
-            ]?.dictionaryValue
-        let rawSeam = ui?[
-            "seamColor",
-            ]?.stringValue?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
-        AppStateStore.shared.seamColorHex = rawSeam.isEmpty ? nil : rawSeam
-    }
-
-    private func resolveChannelConfig(_ snap: ConfigSnapshot, key: String) -> [String: AnyCodable]? {
-        if let channels = snap.config?["channels"]?.dictionaryValue,
-           let entry = channels[key]?.dictionaryValue
-        {
-            return entry
-        }
-        return snap.config?[key]?.dictionaryValue
-    }
-
-    private func applyTelegramConfig(_ snap: ConfigSnapshot) {
-        let telegram = self.resolveChannelConfig(snap, key: "telegram")
-        self.telegramToken = telegram?["botToken"]?.stringValue ?? ""
-        let groups = telegram?["groups"]?.dictionaryValue
-        let defaultGroup = groups?["*"]?.dictionaryValue
-        self.telegramRequireMention = defaultGroup?["requireMention"]?.boolValue
-            ?? telegram?["requireMention"]?.boolValue
-            ?? true
-        self.telegramAllowFrom = self.stringList(from: telegram?["allowFrom"]?.arrayValue)
-        self.telegramProxy = telegram?["proxy"]?.stringValue ?? ""
-        self.telegramWebhookUrl = telegram?["webhookUrl"]?.stringValue ?? ""
-        self.telegramWebhookSecret = telegram?["webhookSecret"]?.stringValue ?? ""
-        self.telegramWebhookPath = telegram?["webhookPath"]?.stringValue ?? ""
-    }
-
-    private func applyDiscordConfig(_ snap: ConfigSnapshot) {
-        let discord = self.resolveChannelConfig(snap, key: "discord")
-        self.discordEnabled = discord?["enabled"]?.boolValue ?? true
-        self.discordToken = discord?["token"]?.stringValue ?? ""
-
-        let discordDm = discord?["dm"]?.dictionaryValue
-        self.discordDmEnabled = discordDm?["enabled"]?.boolValue ?? true
-        self.discordAllowFrom = self.stringList(from: discordDm?["allowFrom"]?.arrayValue)
-        self.discordGroupEnabled = discordDm?["groupEnabled"]?.boolValue ?? false
-        self.discordGroupChannels = self.stringList(from: discordDm?["groupChannels"]?.arrayValue)
-        self.discordMediaMaxMb = self.numberString(from: discord?["mediaMaxMb"])
-        self.discordHistoryLimit = self.numberString(from: discord?["historyLimit"])
-        self.discordTextChunkLimit = self.numberString(from: discord?["textChunkLimit"])
-        self.discordReplyToMode = self.replyMode(from: discord?["replyToMode"]?.stringValue)
-        self.discordGuilds = self.decodeDiscordGuilds(discord?["guilds"]?.dictionaryValue)
-
-        let discordActions = discord?["actions"]?.dictionaryValue
-        self.discordActionReactions = discordActions?["reactions"]?.boolValue ?? true
-        self.discordActionStickers = discordActions?["stickers"]?.boolValue ?? true
-        self.discordActionPolls = discordActions?["polls"]?.boolValue ?? true
-        self.discordActionPermissions = discordActions?["permissions"]?.boolValue ?? true
-        self.discordActionMessages = discordActions?["messages"]?.boolValue ?? true
-        self.discordActionThreads = discordActions?["threads"]?.boolValue ?? true
-        self.discordActionPins = discordActions?["pins"]?.boolValue ?? true
-        self.discordActionSearch = discordActions?["search"]?.boolValue ?? true
-        self.discordActionMemberInfo = discordActions?["memberInfo"]?.boolValue ?? true
-        self.discordActionRoleInfo = discordActions?["roleInfo"]?.boolValue ?? true
-        self.discordActionChannelInfo = discordActions?["channelInfo"]?.boolValue ?? true
-        self.discordActionVoiceStatus = discordActions?["voiceStatus"]?.boolValue ?? true
-        self.discordActionEvents = discordActions?["events"]?.boolValue ?? true
-        self.discordActionRoles = discordActions?["roles"]?.boolValue ?? false
-        self.discordActionModeration = discordActions?["moderation"]?.boolValue ?? false
-
-        let slash = discord?["slashCommand"]?.dictionaryValue
-        self.discordSlashEnabled = slash?["enabled"]?.boolValue ?? false
-        self.discordSlashName = slash?["name"]?.stringValue ?? ""
-        self.discordSlashSessionPrefix = slash?["sessionPrefix"]?.stringValue ?? ""
-        self.discordSlashEphemeral = slash?["ephemeral"]?.boolValue ?? true
-    }
-
-    private func decodeDiscordGuilds(_ guilds: [String: AnyCodable]?) -> [DiscordGuildForm] {
-        guard let guilds else { return [] }
-        return guilds
-            .map { key, value in
-                let entry = value.dictionaryValue ?? [:]
-                let slug = entry["slug"]?.stringValue ?? ""
-                let requireMention = entry["requireMention"]?.boolValue ?? false
-                let reactionModeRaw = entry["reactionNotifications"]?.stringValue ?? ""
-                let reactionNotifications = ["off", "own", "all", "allowlist"].contains(reactionModeRaw)
-                    ? reactionModeRaw
-                    : "own"
-                let users = self.stringList(from: entry["users"]?.arrayValue)
-                let channels: [DiscordGuildChannelForm] = if let channelMap = entry["channels"]?.dictionaryValue {
-                    channelMap.map { channelKey, channelValue in
-                        let channelEntry = channelValue.dictionaryValue ?? [:]
-                        let allow = channelEntry["allow"]?.boolValue ?? true
-                        let channelRequireMention = channelEntry["requireMention"]?.boolValue ?? false
-                        return DiscordGuildChannelForm(
-                            key: channelKey,
-                            allow: allow,
-                            requireMention: channelRequireMention)
-                    }
-                } else {
-                    []
-                }
-                return DiscordGuildForm(
-                    key: key,
-                    slug: slug,
-                    requireMention: requireMention,
-                    reactionNotifications: reactionNotifications,
-                    users: users,
-                    channels: channels)
-            }
-            .sorted { $0.key < $1.key }
-    }
-
-    private func applySignalConfig(_ snap: ConfigSnapshot) {
-        let signal = self.resolveChannelConfig(snap, key: "signal")
-        self.signalEnabled = signal?["enabled"]?.boolValue ?? true
-        self.signalAccount = signal?["account"]?.stringValue ?? ""
-        self.signalHttpUrl = signal?["httpUrl"]?.stringValue ?? ""
-        self.signalHttpHost = signal?["httpHost"]?.stringValue ?? ""
-        self.signalHttpPort = self.numberString(from: signal?["httpPort"])
-        self.signalCliPath = signal?["cliPath"]?.stringValue ?? ""
-        self.signalAutoStart = signal?["autoStart"]?.boolValue ?? true
-        self.signalReceiveMode = signal?["receiveMode"]?.stringValue ?? ""
-        self.signalIgnoreAttachments = signal?["ignoreAttachments"]?.boolValue ?? false
-        self.signalIgnoreStories = signal?["ignoreStories"]?.boolValue ?? false
-        self.signalSendReadReceipts = signal?["sendReadReceipts"]?.boolValue ?? false
-        self.signalAllowFrom = self.stringList(from: signal?["allowFrom"]?.arrayValue)
-        self.signalMediaMaxMb = self.numberString(from: signal?["mediaMaxMb"])
-    }
-
-    private func applyIMessageConfig(_ snap: ConfigSnapshot) {
-        let imessage = self.resolveChannelConfig(snap, key: "imessage")
-        self.imessageEnabled = imessage?["enabled"]?.boolValue ?? true
-        self.imessageCliPath = imessage?["cliPath"]?.stringValue ?? ""
-        self.imessageDbPath = imessage?["dbPath"]?.stringValue ?? ""
-        self.imessageService = imessage?["service"]?.stringValue ?? "auto"
-        self.imessageRegion = imessage?["region"]?.stringValue ?? ""
-        self.imessageAllowFrom = self.stringList(from: imessage?["allowFrom"]?.arrayValue)
-        self.imessageIncludeAttachments = imessage?["includeAttachments"]?.boolValue ?? false
-        self.imessageMediaMaxMb = self.numberString(from: imessage?["mediaMaxMb"])
-    }
-
-    private func channelConfigRoot(for key: String) -> [String: Any] {
-        if let channels = self.configRoot["channels"] as? [String: Any],
-           let entry = channels[key] as? [String: Any]
-        {
-            return entry
-        }
-        return self.configRoot[key] as? [String: Any] ?? [:]
-    }
-
-    func saveTelegramConfig() async {
-        guard !self.isSavingConfig else { return }
-        self.isSavingConfig = true
-        defer { self.isSavingConfig = false }
-        if !self.configLoaded {
-            await self.loadConfig()
-        }
-
-        var telegram: [String: Any] = [:]
-        if !self.isTelegramTokenLocked {
-            self.setPatchString(&telegram, key: "botToken", value: self.telegramToken)
-        }
-        telegram["requireMention"] = NSNull()
-        telegram["groups"] = [
-            "*": [
-                "requireMention": self.telegramRequireMention,
-            ],
-        ]
-        let allow = self.splitCsv(self.telegramAllowFrom)
-        self.setPatchList(&telegram, key: "allowFrom", values: allow)
-        self.setPatchString(&telegram, key: "proxy", value: self.telegramProxy)
-        self.setPatchString(&telegram, key: "webhookUrl", value: self.telegramWebhookUrl)
-        self.setPatchString(&telegram, key: "webhookSecret", value: self.telegramWebhookSecret)
-        self.setPatchString(&telegram, key: "webhookPath", value: self.telegramWebhookPath)
-
-        await self.persistChannelPatch("telegram", payload: telegram)
-    }
-
-    func saveDiscordConfig() async {
-        guard !self.isSavingConfig else { return }
-        self.isSavingConfig = true
-        defer { self.isSavingConfig = false }
-        if !self.configLoaded {
-            await self.loadConfig()
-        }
-
-        let base = self.channelConfigRoot(for: "discord")
-        let discord = self.buildDiscordPatch(base: base)
-        await self.persistChannelPatch("discord", payload: discord)
-    }
-
-    func saveSignalConfig() async {
-        guard !self.isSavingConfig else { return }
-        self.isSavingConfig = true
-        defer { self.isSavingConfig = false }
-        if !self.configLoaded {
-            await self.loadConfig()
-        }
-
-        var signal: [String: Any] = [:]
-        self.setPatchBool(&signal, key: "enabled", value: self.signalEnabled, defaultValue: true)
-        self.setPatchString(&signal, key: "account", value: self.signalAccount)
-        self.setPatchString(&signal, key: "httpUrl", value: self.signalHttpUrl)
-        self.setPatchString(&signal, key: "httpHost", value: self.signalHttpHost)
-        self.setPatchNumber(&signal, key: "httpPort", value: self.signalHttpPort)
-        self.setPatchString(&signal, key: "cliPath", value: self.signalCliPath)
-        self.setPatchBool(&signal, key: "autoStart", value: self.signalAutoStart, defaultValue: true)
-        self.setPatchString(&signal, key: "receiveMode", value: self.signalReceiveMode)
-        self.setPatchBool(&signal, key: "ignoreAttachments", value: self.signalIgnoreAttachments, defaultValue: false)
-        self.setPatchBool(&signal, key: "ignoreStories", value: self.signalIgnoreStories, defaultValue: false)
-        self.setPatchBool(&signal, key: "sendReadReceipts", value: self.signalSendReadReceipts, defaultValue: false)
-        let allow = self.splitCsv(self.signalAllowFrom)
-        self.setPatchList(&signal, key: "allowFrom", values: allow)
-        self.setPatchNumber(&signal, key: "mediaMaxMb", value: self.signalMediaMaxMb)
-
-        await self.persistChannelPatch("signal", payload: signal)
-    }
-
-    func saveIMessageConfig() async {
-        guard !self.isSavingConfig else { return }
-        self.isSavingConfig = true
-        defer { self.isSavingConfig = false }
-        if !self.configLoaded {
-            await self.loadConfig()
-        }
-
-        var imessage: [String: Any] = [:]
-        self.setPatchBool(&imessage, key: "enabled", value: self.imessageEnabled, defaultValue: true)
-        self.setPatchString(&imessage, key: "cliPath", value: self.imessageCliPath)
-        self.setPatchString(&imessage, key: "dbPath", value: self.imessageDbPath)
-
-        let service = self.trimmed(self.imessageService)
-        if service.isEmpty || service == "auto" {
-            imessage["service"] = NSNull()
-        } else {
-            imessage["service"] = service
-        }
-
-        self.setPatchString(&imessage, key: "region", value: self.imessageRegion)
-
-        let allow = self.splitCsv(self.imessageAllowFrom)
-        self.setPatchList(&imessage, key: "allowFrom", values: allow)
-
-        self.setPatchBool(
-            &imessage,
-            key: "includeAttachments",
-            value: self.imessageIncludeAttachments,
-            defaultValue: false)
-        self.setPatchNumber(&imessage, key: "mediaMaxMb", value: self.imessageMediaMaxMb)
-
-        await self.persistChannelPatch("imessage", payload: imessage)
-    }
-
-    private func buildDiscordPatch(base: [String: Any]) -> [String: Any] {
-        var discord: [String: Any] = [:]
-        self.setPatchBool(&discord, key: "enabled", value: self.discordEnabled, defaultValue: true)
-        if !self.isDiscordTokenLocked {
-            self.setPatchString(&discord, key: "token", value: self.discordToken)
-        }
-
-        if let dm = self.buildDiscordDmPatch() {
-            discord["dm"] = dm
-        } else {
-            discord["dm"] = NSNull()
-        }
-
-        self.setPatchNumber(&discord, key: "mediaMaxMb", value: self.discordMediaMaxMb)
-        self.setPatchInt(&discord, key: "historyLimit", value: self.discordHistoryLimit, allowZero: true)
-        self.setPatchInt(&discord, key: "textChunkLimit", value: self.discordTextChunkLimit, allowZero: false)
-
-        let replyToMode = self.trimmed(self.discordReplyToMode)
-        if replyToMode.isEmpty || replyToMode == "off" || !["first", "all"].contains(replyToMode) {
-            discord["replyToMode"] = NSNull()
-        } else {
-            discord["replyToMode"] = replyToMode
-        }
-
-        let baseGuilds = base["guilds"] as? [String: Any] ?? [:]
-        if let guilds = self.buildDiscordGuildsPatch(base: baseGuilds) {
-            discord["guilds"] = guilds
-        } else {
-            discord["guilds"] = NSNull()
-        }
-
-        if let actions = self.buildDiscordActionsPatch() {
-            discord["actions"] = actions
-        } else {
-            discord["actions"] = NSNull()
-        }
-
-        if let slash = self.buildDiscordSlashPatch() {
-            discord["slashCommand"] = slash
-        } else {
-            discord["slashCommand"] = NSNull()
-        }
-
-        return discord
-    }
-
-    private func buildDiscordDmPatch() -> [String: Any]? {
-        var dm: [String: Any] = [:]
-        self.setPatchBool(&dm, key: "enabled", value: self.discordDmEnabled, defaultValue: true)
-        let allow = self.splitCsv(self.discordAllowFrom)
-        self.setPatchList(&dm, key: "allowFrom", values: allow)
-        self.setPatchBool(&dm, key: "groupEnabled", value: self.discordGroupEnabled, defaultValue: false)
-        let groupChannels = self.splitCsv(self.discordGroupChannels)
-        self.setPatchList(&dm, key: "groupChannels", values: groupChannels)
-        return dm.isEmpty ? nil : dm
-    }
-
-    private func buildDiscordGuildsPatch(base: [String: Any]) -> Any? {
-        if self.discordGuilds.isEmpty {
-            return NSNull()
-        }
-        var patch: [String: Any] = [:]
-        let baseKeys = Set(base.keys)
-        var formKeys = Set<String>()
-        for entry in self.discordGuilds {
-            let key = self.trimmed(entry.key)
-            guard !key.isEmpty else { continue }
-            formKeys.insert(key)
-            let baseGuild = base[key] as? [String: Any] ?? [:]
-            patch[key] = self.buildDiscordGuildPatch(entry, base: baseGuild)
-        }
-        for key in baseKeys.subtracting(formKeys) {
-            patch[key] = NSNull()
-        }
-        return patch.isEmpty ? NSNull() : patch
-    }
-
-    private func buildDiscordGuildPatch(_ entry: DiscordGuildForm, base: [String: Any]) -> [String: Any] {
-        var payload: [String: Any] = [:]
-        let slug = self.trimmed(entry.slug)
-        if slug.isEmpty {
-            payload["slug"] = NSNull()
-        } else {
-            payload["slug"] = slug
-        }
-        if entry.requireMention {
-            payload["requireMention"] = true
-        } else {
-            payload["requireMention"] = NSNull()
-        }
-        if ["off", "all", "allowlist"].contains(entry.reactionNotifications) {
-            payload["reactionNotifications"] = entry.reactionNotifications
-        } else {
-            payload["reactionNotifications"] = NSNull()
-        }
-        let users = self.splitCsv(entry.users)
-        self.setPatchList(&payload, key: "users", values: users)
-
-        let baseChannels = base["channels"] as? [String: Any] ?? [:]
-        if let channels = self.buildDiscordChannelsPatch(base: baseChannels, forms: entry.channels) {
-            payload["channels"] = channels
-        } else {
-            payload["channels"] = NSNull()
-        }
-        return payload
-    }
-
-    private func buildDiscordChannelsPatch(base: [String: Any], forms: [DiscordGuildChannelForm]) -> Any? {
-        if forms.isEmpty {
-            return NSNull()
-        }
-        var patch: [String: Any] = [:]
-        let baseKeys = Set(base.keys)
-        var formKeys = Set<String>()
-        for channel in forms {
-            let channelKey = self.trimmed(channel.key)
-            guard !channelKey.isEmpty else { continue }
-            formKeys.insert(channelKey)
-            var channelPayload: [String: Any] = [:]
-            self.setPatchBool(&channelPayload, key: "allow", value: channel.allow, defaultValue: true)
-            self.setPatchBool(
-                &channelPayload,
-                key: "requireMention",
-                value: channel.requireMention,
-                defaultValue: false)
-            patch[channelKey] = channelPayload
-        }
-        for key in baseKeys.subtracting(formKeys) {
-            patch[key] = NSNull()
-        }
-        return patch.isEmpty ? NSNull() : patch
-    }
-
-    private func buildDiscordActionsPatch() -> [String: Any]? {
-        var actions: [String: Any] = [:]
-        self.setAction(&actions, key: "reactions", value: self.discordActionReactions, defaultValue: true)
-        self.setAction(&actions, key: "stickers", value: self.discordActionStickers, defaultValue: true)
-        self.setAction(&actions, key: "polls", value: self.discordActionPolls, defaultValue: true)
-        self.setAction(&actions, key: "permissions", value: self.discordActionPermissions, defaultValue: true)
-        self.setAction(&actions, key: "messages", value: self.discordActionMessages, defaultValue: true)
-        self.setAction(&actions, key: "threads", value: self.discordActionThreads, defaultValue: true)
-        self.setAction(&actions, key: "pins", value: self.discordActionPins, defaultValue: true)
-        self.setAction(&actions, key: "search", value: self.discordActionSearch, defaultValue: true)
-        self.setAction(&actions, key: "memberInfo", value: self.discordActionMemberInfo, defaultValue: true)
-        self.setAction(&actions, key: "roleInfo", value: self.discordActionRoleInfo, defaultValue: true)
-        self.setAction(&actions, key: "channelInfo", value: self.discordActionChannelInfo, defaultValue: true)
-        self.setAction(&actions, key: "voiceStatus", value: self.discordActionVoiceStatus, defaultValue: true)
-        self.setAction(&actions, key: "events", value: self.discordActionEvents, defaultValue: true)
-        self.setAction(&actions, key: "roles", value: self.discordActionRoles, defaultValue: false)
-        self.setAction(&actions, key: "moderation", value: self.discordActionModeration, defaultValue: false)
-        return actions.isEmpty ? nil : actions
-    }
-
-    private func buildDiscordSlashPatch() -> [String: Any]? {
-        var slash: [String: Any] = [:]
-        self.setPatchBool(&slash, key: "enabled", value: self.discordSlashEnabled, defaultValue: false)
-        self.setPatchString(&slash, key: "name", value: self.discordSlashName)
-        self.setPatchString(&slash, key: "sessionPrefix", value: self.discordSlashSessionPrefix)
-        self.setPatchBool(&slash, key: "ephemeral", value: self.discordSlashEphemeral, defaultValue: true)
-        return slash.isEmpty ? nil : slash
-    }
-
-    private func persistChannelPatch(_ channelId: String, payload: [String: Any]) async {
-        do {
-            guard let baseHash = self.configHash else {
-                self.configStatus = "Config hash missing; reload and retry."
-                return
-            }
-            let data = try JSONSerialization.data(
-                withJSONObject: ["channels": [channelId: payload]],
-                options: [.prettyPrinted, .sortedKeys])
-            guard let raw = String(data: data, encoding: .utf8) else {
-                self.configStatus = "Failed to encode config."
-                return
-            }
-            let params: [String: AnyCodable] = [
-                "raw": AnyCodable(raw),
-                "baseHash": AnyCodable(baseHash),
-            ]
-            _ = try await GatewayConnection.shared.requestRaw(
-                method: .configPatch,
-                params: params,
-                timeoutMs: 10000)
-            self.configStatus = "Saved to ~/.clawdbot/clawdbot.json."
-            await self.loadConfig()
-            await self.refresh(probe: true)
-        } catch {
-            self.configStatus = error.localizedDescription
-        }
-    }
-
-    private func stringList(from values: [AnyCodable]?) -> String {
-        guard let values else { return "" }
-        let strings = values.compactMap { entry -> String? in
-            if let str = entry.stringValue { return str }
-            if let intVal = entry.intValue { return String(intVal) }
-            if let doubleVal = entry.doubleValue { return String(Int(doubleVal)) }
-            return nil
-        }
-        return strings.joined(separator: ", ")
-    }
-
-    private func numberString(from value: AnyCodable?) -> String {
-        if let number = value?.doubleValue ?? value?.intValue.map(Double.init) {
-            return String(Int(number))
-        }
-        return ""
-    }
-
-    private func replyMode(from value: String?) -> String {
-        if let value, ["off", "first", "all"].contains(value) {
-            return value
-        }
-        return "off"
-    }
-
-    private func splitCsv(_ value: String) -> [String] {
-        value
-            .split(separator: ",")
-            .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
-            .filter { !$0.isEmpty }
-    }
-
-    private func trimmed(_ value: String) -> String {
-        value.trimmingCharacters(in: .whitespacesAndNewlines)
-    }
-
-    private func setPatchString(_ target: inout [String: Any], key: String, value: String) {
-        let trimmed = self.trimmed(value)
-        if trimmed.isEmpty {
-            target[key] = NSNull()
-        } else {
-            target[key] = trimmed
-        }
-    }
-
-    private func setPatchNumber(_ target: inout [String: Any], key: String, value: String) {
-        let trimmed = self.trimmed(value)
-        if trimmed.isEmpty {
-            target[key] = NSNull()
-            return
-        }
-        if let number = Double(trimmed) {
-            target[key] = number
-        } else {
-            target[key] = NSNull()
-        }
-    }
-
-    private func setPatchInt(
-        _ target: inout [String: Any],
-        key: String,
-        value: String,
-        allowZero: Bool)
-    {
-        let trimmed = self.trimmed(value)
-        if trimmed.isEmpty {
-            target[key] = NSNull()
-            return
-        }
-        guard let number = Int(trimmed) else {
-            target[key] = NSNull()
-            return
-        }
-        let isValid = allowZero ? number >= 0 : number > 0
-        guard isValid else {
-            target[key] = NSNull()
-            return
-        }
-        target[key] = number
-    }
-
-    private func setPatchBool(
-        _ target: inout [String: Any],
-        key: String,
-        value: Bool,
-        defaultValue: Bool)
-    {
-        if value == defaultValue {
-            target[key] = NSNull()
-        } else {
-            target[key] = value
-        }
-    }
-
-    private func setPatchList(_ target: inout [String: Any], key: String, values: [String]) {
-        if values.isEmpty {
-            target[key] = NSNull()
-        } else {
-            target[key] = values
-        }
-    }
-
-    private func setAction(
-        _ actions: inout [String: Any],
-        key: String,
-        value: Bool,
-        defaultValue: Bool)
-    {
-        if value == defaultValue {
-            actions[key] = NSNull()
-        } else {
-            actions[key] = value
-        }
-    }
-}
--- a/apps/macos/Sources/Clawdbot/Constants.swift
+++ b/apps/macos/Sources/Clawdbot/Constants.swift
@@ -26,6 +26,9 @@ let remoteProjectRootKey = "clawdbot.remoteProjectRoot"
 let remoteCliPathKey = "clawdbot.remoteCliPath"
 let canvasEnabledKey = "clawdbot.canvasEnabled"
 let cameraEnabledKey = "clawdbot.cameraEnabled"
+let systemRunPolicyKey = "clawdbot.systemRunPolicy"
+let systemRunAllowlistKey = "clawdbot.systemRunAllowlist"
+let systemRunEnabledKey = "clawdbot.systemRunEnabled"
 let locationModeKey = "clawdbot.locationMode"
 let locationPreciseKey = "clawdbot.locationPreciseEnabled"
 let peekabooBridgeEnabledKey = "clawdbot.peekabooBridgeEnabled"
--- a/apps/macos/Sources/Clawdbot/CritterIconRenderer.swift
+++ b/apps/macos/Sources/Clawdbot/CritterIconRenderer.swift
@@ -189,20 +189,20 @@ enum CritterIconRenderer {
        canvas.context.setFillColor(NSColor.labelColor.cgColor)

        canvas.context.addPath(CGPath(
-                                roundedRect: geometry.bodyRect,
-                                cornerWidth: geometry.bodyCorner,
-                                cornerHeight: geometry.bodyCorner,
-                                transform: nil))
+            roundedRect: geometry.bodyRect,
+            cornerWidth: geometry.bodyCorner,
+            cornerHeight: geometry.bodyCorner,
+            transform: nil))
        canvas.context.addPath(CGPath(
-                                roundedRect: geometry.leftEarRect,
-                                cornerWidth: geometry.earCorner,
-                                cornerHeight: geometry.earCorner,
-                                transform: nil))
+            roundedRect: geometry.leftEarRect,
+            cornerWidth: geometry.earCorner,
+            cornerHeight: geometry.earCorner,
+            transform: nil))
        canvas.context.addPath(CGPath(
-                                roundedRect: geometry.rightEarRect,
-                                cornerWidth: geometry.earCorner,
-                                cornerHeight: geometry.earCorner,
-                                transform: nil))
+            roundedRect: geometry.rightEarRect,
+            cornerWidth: geometry.earCorner,
+            cornerHeight: geometry.earCorner,
+            transform: nil))

        for i in 0..<4 {
            let x = geometry.legStartX + CGFloat(i) * (geometry.legW + geometry.legSpacing)
@@ -213,10 +213,10 @@ enum CritterIconRenderer {
                width: geometry.legW,
                height: geometry.legH * geometry.legHeightScale)
            canvas.context.addPath(CGPath(
-                                    roundedRect: rect,
-                                    cornerWidth: geometry.legW * 0.34,
-                                    cornerHeight: geometry.legW * 0.34,
-                                    transform: nil))
+                roundedRect: rect,
+                cornerWidth: geometry.legW * 0.34,
+                cornerHeight: geometry.legW * 0.34,
+                transform: nil))
        }
        canvas.context.fillPath()
    }
@@ -252,15 +252,15 @@ enum CritterIconRenderer {
                height: holeH)

            canvas.context.addPath(CGPath(
-                                    roundedRect: leftHoleRect,
-                                    cornerWidth: holeCorner,
-                                    cornerHeight: holeCorner,
-                                    transform: nil))
+                roundedRect: leftHoleRect,
+                cornerWidth: holeCorner,
+                cornerHeight: holeCorner,
+                transform: nil))
            canvas.context.addPath(CGPath(
-                                    roundedRect: rightHoleRect,
-                                    cornerWidth: holeCorner,
-                                    cornerHeight: holeCorner,
-                                    transform: nil))
+                roundedRect: rightHoleRect,
+                cornerWidth: holeCorner,
+                cornerHeight: holeCorner,
+                transform: nil))
        }

        if options.eyesClosedLines {
@@ -278,41 +278,41 @@ enum CritterIconRenderer {
                width: lineW,
                height: lineH)
            canvas.context.addPath(CGPath(
-                                    roundedRect: leftRect,
-                                    cornerWidth: corner,
-                                    cornerHeight: corner,
-                                    transform: nil))
+                roundedRect: leftRect,
+                cornerWidth: corner,
+                cornerHeight: corner,
+                transform: nil))
            canvas.context.addPath(CGPath(
-                                    roundedRect: rightRect,
-                                    cornerWidth: corner,
-                                    cornerHeight: corner,
-                                    transform: nil))
+                roundedRect: rightRect,
+                cornerWidth: corner,
+                cornerHeight: corner,
+                transform: nil))
        } else {
            let eyeOpen = max(0.05, 1 - options.blink)
            let eyeH = canvas.snapY(geometry.bodyRect.height * 0.26 * eyeOpen)

            let left = CGMutablePath()
            left.move(to: CGPoint(
-                        x: canvas.snapX(leftCenter.x - geometry.eyeW / 2),
-                        y: canvas.snapY(leftCenter.y - eyeH)))
+                x: canvas.snapX(leftCenter.x - geometry.eyeW / 2),
+                y: canvas.snapY(leftCenter.y - eyeH)))
            left.addLine(to: CGPoint(
-                            x: canvas.snapX(leftCenter.x + geometry.eyeW / 2),
-                            y: canvas.snapY(leftCenter.y)))
+                x: canvas.snapX(leftCenter.x + geometry.eyeW / 2),
+                y: canvas.snapY(leftCenter.y)))
            left.addLine(to: CGPoint(
-                            x: canvas.snapX(leftCenter.x - geometry.eyeW / 2),
-                            y: canvas.snapY(leftCenter.y + eyeH)))
+                x: canvas.snapX(leftCenter.x - geometry.eyeW / 2),
+                y: canvas.snapY(leftCenter.y + eyeH)))
            left.closeSubpath()

            let right = CGMutablePath()
            right.move(to: CGPoint(
-                        x: canvas.snapX(rightCenter.x + geometry.eyeW / 2),
-                        y: canvas.snapY(rightCenter.y - eyeH)))
+                x: canvas.snapX(rightCenter.x + geometry.eyeW / 2),
+                y: canvas.snapY(rightCenter.y - eyeH)))
            right.addLine(to: CGPoint(
-                            x: canvas.snapX(rightCenter.x - geometry.eyeW / 2),
-                            y: canvas.snapY(rightCenter.y)))
+                x: canvas.snapX(rightCenter.x - geometry.eyeW / 2),
+                y: canvas.snapY(rightCenter.y)))
            right.addLine(to: CGPoint(
-                            x: canvas.snapX(rightCenter.x + geometry.eyeW / 2),
-                            y: canvas.snapY(rightCenter.y + eyeH)))
+                x: canvas.snapX(rightCenter.x + geometry.eyeW / 2),
+                y: canvas.snapY(rightCenter.y + eyeH)))
            right.closeSubpath()

            canvas.context.addPath(left)
--- a/apps/macos/Sources/Clawdbot/CritterStatusLabel+Behavior.swift
+++ b/apps/macos/Sources/Clawdbot/CritterStatusLabel+Behavior.swift
@@ -121,12 +121,12 @@ extension CritterStatusLabel {
        }

        return Image(nsImage: CritterIconRenderer.makeIcon(
-                        blink: self.blinkAmount,
-                        legWiggle: max(self.legWiggle, self.isWorkingNow ? 0.6 : 0),
-                        earWiggle: self.earWiggle,
-                        earScale: self.earBoostActive ? 1.9 : 1.0,
-                        earHoles: self.earBoostActive,
-                        badge: badge))
+            blink: self.blinkAmount,
+            legWiggle: max(self.legWiggle, self.isWorkingNow ? 0.6 : 0),
+            earWiggle: self.earWiggle,
+            earScale: self.earBoostActive ? 1.9 : 1.0,
+            earHoles: self.earBoostActive,
+            badge: badge))
    }

    private func resetMotion() {
--- a/apps/macos/Sources/Clawdbot/CronJobEditor+Helpers.swift
+++ b/apps/macos/Sources/Clawdbot/CronJobEditor+Helpers.swift
@@ -188,9 +188,15 @@ extension CronJobEditor {
        }
    }

-    func applyDeleteAfterRun(to root: inout [String: Any]) {
-        if self.scheduleKind == .at {
-            root["deleteAfterRun"] = self.deleteAfterRun
+    func applyDeleteAfterRun(
+        to root: inout [String: Any],
+        scheduleKind: ScheduleKind? = nil,
+        deleteAfterRun: Bool? = nil)
+    {
+        let resolvedSchedule = scheduleKind ?? self.scheduleKind
+        let resolvedDelete = deleteAfterRun ?? self.deleteAfterRun
+        if resolvedSchedule == .at {
+            root["deleteAfterRun"] = resolvedDelete
        } else if self.job?.deleteAfterRun != nil {
            root["deleteAfterRun"] = false
        }
--- a/apps/macos/Sources/Clawdbot/CronJobEditor.swift
+++ b/apps/macos/Sources/Clawdbot/CronJobEditor.swift
@@ -11,15 +11,15 @@ struct CronJobEditor: View {
    let labelColumnWidth: CGFloat = 160
    static let introText =
        "Create a schedule that wakes clawd via the Gateway. "
-        + "Use an isolated session for agent turns so your main chat stays clean."
+            + "Use an isolated session for agent turns so your main chat stays clean."
    static let sessionTargetNote =
        "Main jobs post a system event into the current main session. "
-        + "Isolated jobs run clawd in a dedicated session and can deliver results (WhatsApp/Telegram/Discord/etc)."
+            + "Isolated jobs run clawd in a dedicated session and can deliver results (WhatsApp/Telegram/Discord/etc)."
    static let scheduleKindNote =
        "“At” runs once, “Every” repeats with a duration, “Cron” uses a 5-field Unix expression."
    static let isolatedPayloadNote =
        "Isolated jobs always run an agent turn. The result can be delivered to a channel, "
-        + "and a short summary is posted back to your main chat."
+            + "and a short summary is posted back to your main chat."
    static let mainPayloadNote =
        "System events are injected into the current main session. Agent turns require an isolated session target."
    static let mainSummaryNote =
--- a/apps/macos/Sources/Clawdbot/CronModels.swift
+++ b/apps/macos/Sources/Clawdbot/CronModels.swift
@@ -70,13 +70,13 @@ enum CronSchedule: Codable, Equatable {
 enum CronPayload: Codable, Equatable {
    case systemEvent(text: String)
    case agentTurn(
-            message: String,
-            thinking: String?,
-            timeoutSeconds: Int?,
-            deliver: Bool?,
-            channel: String?,
-            to: String?,
-            bestEffortDeliver: Bool?)
+        message: String,
+        thinking: String?,
+        timeoutSeconds: Int?,
+        deliver: Bool?,
+        channel: String?,
+        to: String?,
+        bestEffortDeliver: Bool?)

    enum CodingKeys: String, CodingKey {
        case kind, text, message, thinking, timeoutSeconds, deliver, channel, provider, to, bestEffortDeliver
--- a/apps/macos/Sources/Clawdbot/CronSettings+Layout.swift
+++ b/apps/macos/Sources/Clawdbot/CronSettings+Layout.swift
@@ -26,8 +26,8 @@ extension CronSettings {
                })
        }
        .alert("Delete cron job?", isPresented: Binding(
-                get: { self.confirmDelete != nil },
-                set: { if !$0 { self.confirmDelete = nil } }))
+            get: { self.confirmDelete != nil },
+            set: { if !$0 { self.confirmDelete = nil } }))
        {
            Button("Cancel", role: .cancel) { self.confirmDelete = nil }
            Button("Delete", role: .destructive) {
@@ -42,9 +42,9 @@ extension CronSettings {
            }
        }
        .onChange(of: self.store.selectedJobId) { _, newValue in
-            guard let newValue else { return }
-            Task { await self.store.refreshRuns(jobId: newValue) }
-        }
+                guard let newValue else { return }
+                Task { await self.store.refreshRuns(jobId: newValue) }
+            }
    }

    var schedulerBanner: some View {
--- a/apps/macos/Sources/Clawdbot/CronSettings+Rows.swift
+++ b/apps/macos/Sources/Clawdbot/CronSettings+Rows.swift
@@ -69,8 +69,8 @@ extension CronSettings {
            Spacer()
            HStack(spacing: 8) {
                Toggle("Enabled", isOn: Binding(
-                        get: { job.enabled },
-                        set: { enabled in Task { await self.store.setJobEnabled(id: job.id, enabled: enabled) } }))
+                    get: { job.enabled },
+                    set: { enabled in Task { await self.store.setJobEnabled(id: job.id, enabled: enabled) } }))
                    .toggleStyle(.switch)
                    .labelsHidden()
                Button("Run") { Task { await self.store.runJob(id: job.id, force: true) } }
--- a/apps/macos/Sources/Clawdbot/DebugActions.swift
+++ b/apps/macos/Sources/Clawdbot/DebugActions.swift
@@ -102,8 +102,8 @@ enum DebugActions {
                    _ = try await RemoteTunnelManager.shared.ensureControlTunnel()
                    let settings = CommandResolver.connectionSettings()
                    try await ControlChannel.shared.configure(mode: .remote(
-                                                                target: settings.target,
-                                                                identity: settings.identity))
+                        target: settings.target,
+                        identity: settings.identity))
                } catch {
                    // ControlChannel will surface a degraded state; also refresh health to update the menu text.
                    Task { await HealthStore.shared.refresh(onDemand: true) }
@@ -127,8 +127,8 @@ enum DebugActions {
            _ = try await RemoteTunnelManager.shared.ensureControlTunnel()
            let settings = CommandResolver.connectionSettings()
            try await ControlChannel.shared.configure(mode: .remote(
-                                                        target: settings.target,
-                                                        identity: settings.identity))
+                target: settings.target,
+                identity: settings.identity))
            await HealthStore.shared.refresh(onDemand: true)
            return .success("SSH tunnel reset.")
        } catch {
--- a/apps/macos/Sources/Clawdbot/DebugSettings.swift
+++ b/apps/macos/Sources/Clawdbot/DebugSettings.swift
@@ -900,7 +900,7 @@ extension DebugSettings {
    }
 }

-private struct PlainSettingsGroupBoxStyle: GroupBoxStyle {
+struct PlainSettingsGroupBoxStyle: GroupBoxStyle {
    func makeBody(configuration: Configuration) -> some View {
        VStack(alignment: .leading, spacing: 10) {
            configuration.label
--- a/apps/macos/Sources/Clawdbot/DeviceModelCatalog.swift
+++ b/apps/macos/Sources/Clawdbot/DeviceModelCatalog.swift
@@ -107,9 +107,9 @@ enum DeviceModelCatalog {

    private static func loadMapping(resourceName: String) -> [String: String] {
        guard let url = self.resourceBundle?.url(
-                forResource: resourceName,
-                withExtension: "json",
-                subdirectory: self.resourceSubdirectory)
+            forResource: resourceName,
+            withExtension: "json",
+            subdirectory: self.resourceSubdirectory)
        else { return [:] }

        do {
--- a/apps/macos/Sources/Clawdbot/GatewayChannel.swift
+++ b/apps/macos/Sources/Clawdbot/GatewayChannel.swift
@@ -113,17 +113,17 @@ actor GatewayChannelActor {
        self.task = nil

        await self.failPending(NSError(
-                                domain: "Gateway",
-                                code: 0,
-                                userInfo: [NSLocalizedDescriptionKey: "gateway channel shutdown"]))
+            domain: "Gateway",
+            code: 0,
+            userInfo: [NSLocalizedDescriptionKey: "gateway channel shutdown"]))

        let waiters = self.connectWaiters
        self.connectWaiters.removeAll()
        for waiter in waiters {
            waiter.resume(throwing: NSError(
-                            domain: "Gateway",
-                            code: 0,
-                            userInfo: [NSLocalizedDescriptionKey: "gateway channel shutdown"]))
+                domain: "Gateway",
+                code: 0,
+                userInfo: [NSLocalizedDescriptionKey: "gateway channel shutdown"]))
        }
    }

--- a/apps/macos/Sources/Clawdbot/GatewayConnection.swift
+++ b/apps/macos/Sources/Clawdbot/GatewayConnection.swift
@@ -56,6 +56,7 @@ actor GatewayConnection {
        case configGet = "config.get"
        case configSet = "config.set"
        case configPatch = "config.patch"
+        case configSchema = "config.schema"
        case wizardStart = "wizard.start"
        case wizardNext = "wizard.next"
        case wizardCancel = "wizard.cancel"
@@ -433,14 +434,14 @@ extension GatewayConnection {
        idempotencyKey: String = UUID().uuidString) async -> (ok: Bool, error: String?)
    {
        await self.sendAgent(GatewayAgentInvocation(
-                                message: message,
-                                sessionKey: sessionKey,
-                                thinking: thinking,
-                                deliver: deliver,
-                                to: to,
-                                channel: channel,
-                                timeoutSeconds: timeoutSeconds,
-                                idempotencyKey: idempotencyKey))
+            message: message,
+            sessionKey: sessionKey,
+            thinking: thinking,
+            deliver: deliver,
+            to: to,
+            channel: channel,
+            timeoutSeconds: timeoutSeconds,
+            idempotencyKey: idempotencyKey))
    }

    func sendSystemEvent(_ params: [String: AnyCodable]) async {
--- a/apps/macos/Sources/Clawdbot/GatewayDiscoveryMenu.swift
+++ b/apps/macos/Sources/Clawdbot/GatewayDiscoveryMenu.swift
@@ -27,7 +27,7 @@ struct GatewayDiscoveryInlineList: View {
                    ForEach(self.discovery.gateways.prefix(6)) { gateway in
                        let target = self.suggestedSSHTarget(gateway)
                        let selected = (target != nil && self.currentTarget?
-                                            .trimmingCharacters(in: .whitespacesAndNewlines) == target)
+                            .trimmingCharacters(in: .whitespacesAndNewlines) == target)

                        Button {
                            withAnimation(.spring(response: 0.25, dampingFraction: 0.9)) {
@@ -61,8 +61,8 @@ struct GatewayDiscoveryInlineList: View {
                            .background(
                                RoundedRectangle(cornerRadius: 10, style: .continuous)
                                    .fill(self.rowBackground(
-                                            selected: selected,
-                                            hovered: self.hoveredGatewayID == gateway.id)))
+                                        selected: selected,
+                                        hovered: self.hoveredGatewayID == gateway.id)))
                            .overlay(
                                RoundedRectangle(cornerRadius: 10, style: .continuous)
                                    .strokeBorder(
--- a/apps/macos/Sources/Clawdbot/GatewayEndpointStore.swift
+++ b/apps/macos/Sources/Clawdbot/GatewayEndpointStore.swift
@@ -1,3 +1,4 @@
+import ConcurrencyExtras
 import Foundation
 import OSLog

@@ -16,6 +17,13 @@ actor GatewayEndpointStore {
    static let shared = GatewayEndpointStore()
    private static let supportedBindModes: Set<String> = ["loopback", "tailnet", "lan", "auto"]
    private static let remoteConnectingDetail = "Connecting to remote gateway…"
+    private static let staticLogger = Logger(subsystem: "com.clawdbot", category: "gateway-endpoint")
+    private enum EnvOverrideWarningKind: Sendable {
+        case token
+        case password
+    }
+
+    private static let envOverrideWarnings = LockIsolated((token: false, password: false))

    struct Deps: Sendable {
        let mode: @Sendable () async -> AppState.ConnectionMode
@@ -30,16 +38,18 @@ actor GatewayEndpointStore {
            mode: { await MainActor.run { AppStateStore.shared.connectionMode } },
            token: {
                let root = ClawdbotConfigFile.loadDict()
+                let isRemote = ConnectionModeResolver.resolve(root: root).mode == .remote
                return GatewayEndpointStore.resolveGatewayToken(
-                    isRemote: CommandResolver.connectionModeIsRemote(),
+                    isRemote: isRemote,
                    root: root,
                    env: ProcessInfo.processInfo.environment,
                    launchdSnapshot: GatewayLaunchAgentManager.launchdConfigSnapshot())
            },
            password: {
                let root = ClawdbotConfigFile.loadDict()
+                let isRemote = ConnectionModeResolver.resolve(root: root).mode == .remote
                return GatewayEndpointStore.resolveGatewayPassword(
-                    isRemote: CommandResolver.connectionModeIsRemote(),
+                    isRemote: isRemote,
                    root: root,
                    env: ProcessInfo.processInfo.environment,
                    launchdSnapshot: GatewayLaunchAgentManager.launchdConfigSnapshot())
@@ -68,6 +78,14 @@ actor GatewayEndpointStore {
        let raw = env["CLAWDBOT_GATEWAY_PASSWORD"] ?? ""
        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
        if !trimmed.isEmpty {
+            if let configPassword = self.resolveConfigPassword(isRemote: isRemote, root: root),
+               !configPassword.isEmpty
+            {
+                self.warnEnvOverrideOnce(
+                    kind: .password,
+                    envVar: "CLAWDBOT_GATEWAY_PASSWORD",
+                    configKey: isRemote ? "gateway.remote.password" : "gateway.auth.password")
+            }
            return trimmed
        }
        if isRemote {
@@ -99,6 +117,26 @@ actor GatewayEndpointStore {
        return nil
    }

+    private static func resolveConfigPassword(isRemote: Bool, root: [String: Any]) -> String? {
+        if isRemote {
+            if let gateway = root["gateway"] as? [String: Any],
+               let remote = gateway["remote"] as? [String: Any],
+               let password = remote["password"] as? String
+            {
+                return password.trimmingCharacters(in: .whitespacesAndNewlines)
+            }
+            return nil
+        }
+
+        if let gateway = root["gateway"] as? [String: Any],
+           let auth = gateway["auth"] as? [String: Any],
+           let password = auth["password"] as? String
+        {
+            return password.trimmingCharacters(in: .whitespacesAndNewlines)
+        }
+        return nil
+    }
+
    private static func resolveGatewayToken(
        isRemote: Bool,
        root: [String: Any],
@@ -108,6 +146,14 @@ actor GatewayEndpointStore {
        let raw = env["CLAWDBOT_GATEWAY_TOKEN"] ?? ""
        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
        if !trimmed.isEmpty {
+            if let configToken = self.resolveConfigToken(isRemote: isRemote, root: root),
+               !configToken.isEmpty
+            {
+                self.warnEnvOverrideOnce(
+                    kind: .token,
+                    envVar: "CLAWDBOT_GATEWAY_TOKEN",
+                    configKey: isRemote ? "gateway.remote.token" : "gateway.auth.token")
+            }
            return trimmed
        }
        if isRemote {
@@ -139,6 +185,49 @@ actor GatewayEndpointStore {
        return nil
    }

+    private static func resolveConfigToken(isRemote: Bool, root: [String: Any]) -> String? {
+        if isRemote {
+            if let gateway = root["gateway"] as? [String: Any],
+               let remote = gateway["remote"] as? [String: Any],
+               let token = remote["token"] as? String
+            {
+                return token.trimmingCharacters(in: .whitespacesAndNewlines)
+            }
+            return nil
+        }
+
+        if let gateway = root["gateway"] as? [String: Any],
+           let auth = gateway["auth"] as? [String: Any],
+           let token = auth["token"] as? String
+        {
+            return token.trimmingCharacters(in: .whitespacesAndNewlines)
+        }
+        return nil
+    }
+
+    private static func warnEnvOverrideOnce(
+        kind: EnvOverrideWarningKind,
+        envVar: String,
+        configKey: String)
+    {
+        let shouldWarn = Self.envOverrideWarnings.withValue { state in
+            switch kind {
+            case .token:
+                guard !state.token else { return false }
+                state.token = true
+                return true
+            case .password:
+                guard !state.password else { return false }
+                state.password = true
+                return true
+            }
+        }
+        guard shouldWarn else { return }
+        Self.staticLogger.warning(
+            "\(envVar, privacy: .public) is set and overrides \(configKey, privacy: .public). " +
+                "If this is unintentional, clear it with: launchctl unsetenv \(envVar, privacy: .public)")
+    }
+
    private let deps: Deps
    private let logger = Logger(subsystem: "com.clawdbot", category: "gateway-endpoint")

@@ -206,10 +295,10 @@ actor GatewayEndpointStore {
            let port = self.deps.localPort()
            let host = await self.deps.localHost()
            self.setState(.ready(
-                            mode: .local,
-                            url: URL(string: "ws://\(host):\(port)")!,
-                            token: token,
-                            password: password))
+                mode: .local,
+                url: URL(string: "ws://\(host):\(port)")!,
+                token: token,
+                password: password))
        case .remote:
            let port = await self.deps.remotePortIfRunning()
            guard let port else {
@@ -219,10 +308,10 @@ actor GatewayEndpointStore {
            }
            self.cancelRemoteEnsure()
            self.setState(.ready(
-                            mode: .remote,
-                            url: URL(string: "ws://127.0.0.1:\(Int(port))")!,
-                            token: token,
-                            password: password))
+                mode: .remote,
+                url: URL(string: "ws://127.0.0.1:\(Int(port))")!,
+                token: token,
+                password: password))
        case .unconfigured:
            self.cancelRemoteEnsure()
            self.setState(.unavailable(mode: .unconfigured, reason: "Gateway not configured"))
--- a/apps/macos/Sources/Clawdbot/GatewayLaunchAgentManager.swift
+++ b/apps/macos/Sources/Clawdbot/GatewayLaunchAgentManager.swift
@@ -2,77 +2,16 @@ import Foundation

 enum GatewayLaunchAgentManager {
    private static let logger = Logger(subsystem: "com.clawdbot", category: "gateway.launchd")
-    private static let supportedBindModes: Set<String> = ["loopback", "tailnet", "lan", "auto"]
-    private static let legacyGatewayLaunchdLabel = "com.steipete.clawdbot.gateway"
    private static let disableLaunchAgentMarker = ".clawdbot/disable-launchagent"

-    private enum GatewayProgramArgumentsError: LocalizedError {
-        case message(String)
-
-        var errorDescription: String? {
-            switch self {
-            case let .message(message):
-                message
-            }
-        }
-    }
-
    private static var plistURL: URL {
        FileManager.default.homeDirectoryForCurrentUser
            .appendingPathComponent("Library/LaunchAgents/\(gatewayLaunchdLabel).plist")
    }

-    private static var legacyPlistURL: URL {
-        FileManager.default.homeDirectoryForCurrentUser
-            .appendingPathComponent("Library/LaunchAgents/\(legacyGatewayLaunchdLabel).plist")
-    }
-
-    private static func gatewayProgramArguments(
-        port: Int,
-        bind: String) -> Result<[String], GatewayProgramArgumentsError>
-    {
-        let projectRoot = CommandResolver.projectRoot()
-        #if DEBUG
-        if let localBin = CommandResolver.projectClawdbotExecutable(projectRoot: projectRoot) {
-            return .success([localBin, "gateway-daemon", "--port", "\(port)", "--bind", bind])
-        }
-        if let entry = CommandResolver.gatewayEntrypoint(in: projectRoot) {
-            switch CommandResolver.runtimeResolution() {
-            case let .success(runtime):
-                let cmd = CommandResolver.makeRuntimeCommand(
-                    runtime: runtime,
-                    entrypoint: entry,
-                    subcommand: "gateway-daemon",
-                    extraArgs: ["--port", "\(port)", "--bind", bind])
-                return .success(cmd)
-            case .failure:
-                break
-            }
-        }
-        #endif
-        let searchPaths = CommandResolver.preferredPaths()
-        if let gatewayBin = CommandResolver.clawdbotExecutable(searchPaths: searchPaths) {
-            return .success([gatewayBin, "gateway-daemon", "--port", "\(port)", "--bind", bind])
-        }
-
-        if let entry = CommandResolver.gatewayEntrypoint(in: projectRoot),
-           case let .success(runtime) = CommandResolver.runtimeResolution(searchPaths: searchPaths)
-        {
-            let cmd = CommandResolver.makeRuntimeCommand(
-                runtime: runtime,
-                entrypoint: entry,
-                subcommand: "gateway-daemon",
-                extraArgs: ["--port", "\(port)", "--bind", bind])
-            return .success(cmd)
-        }
-
-        return .failure(.message("clawdbot CLI not found in PATH; install the CLI."))
-    }
-
    static func isLoaded() async -> Bool {
-        guard FileManager.default.fileExists(atPath: self.plistURL.path) else { return false }
-        let result = await Launchctl.run(["print", "gui/\(getuid())/\(gatewayLaunchdLabel)"])
-        return result.status == 0
+        guard let loaded = await self.readDaemonLoaded() else { return false }
+        return loaded
    }

    static func set(enabled: Bool, bundlePath: String, port: Int) async -> String? {
@@ -81,255 +20,44 @@ enum GatewayLaunchAgentManager {
            self.logger.info("launchd enable skipped (disable marker set)")
            return nil
        }
+
        if enabled {
-            _ = await Launchctl.run(["bootout", "gui/\(getuid())/\(self.legacyGatewayLaunchdLabel)"])
-            try? FileManager.default.removeItem(at: self.legacyPlistURL)
-
-            let desiredBind = self.preferredGatewayBind() ?? "loopback"
-            let desiredToken = self.preferredGatewayToken()
-            let desiredPassword = self.preferredGatewayPassword()
-            let desiredConfig = DesiredConfig(
-                port: port,
-                bind: desiredBind,
-                token: desiredToken,
-                password: desiredPassword)
-            let programArgumentsResult = self.gatewayProgramArguments(port: port, bind: desiredBind)
-            guard case let .success(programArguments) = programArgumentsResult else {
-                if case let .failure(error) = programArgumentsResult {
-                    let message = error.localizedDescription
-                    self.logger.error("launchd enable failed: \(message)")
-                    return message
-                }
-                return "Failed to resolve gateway command."
-            }
-
-            // If launchd already loaded the job (common on login), avoid `bootout` unless we must
-            // change the config. `bootout` can kill a just-started gateway and cause attach loops.
-            let loaded = await self.isLoaded()
-            if loaded {
-                if let existing = self.readPlistConfig(), existing.matches(desiredConfig) {
-                    self.logger.info("launchd job already loaded with desired config; skipping bootout")
-                    await self.ensureEnabled()
-                    _ = await Launchctl.run(["kickstart", "gui/\(getuid())/\(gatewayLaunchdLabel)"])
-                    return nil
-                }
-            }
-
-            self.logger.info("launchd enable requested port=\(port) bind=\(desiredBind)")
-            self.writePlist(programArguments: programArguments)
-
-            await self.ensureEnabled()
-            if loaded {
-                _ = await Launchctl.run(["bootout", "gui/\(getuid())/\(gatewayLaunchdLabel)"])
-            }
-            let bootstrap = await Launchctl.run(["bootstrap", "gui/\(getuid())", self.plistURL.path])
-            if bootstrap.status != 0 {
-                let msg = bootstrap.output.trimmingCharacters(in: .whitespacesAndNewlines)
-                self.logger.error("launchd bootstrap failed: \(msg)")
-                return bootstrap.output.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
-                    ? "Failed to bootstrap gateway launchd job"
-                    : bootstrap.output.trimmingCharacters(in: .whitespacesAndNewlines)
-            }
-            await self.ensureEnabled()
-            return nil
+            self.logger.info("launchd enable requested via CLI port=\(port)")
+            return await self.runDaemonCommand([
+                "install",
+                "--force",
+                "--port",
+                "\(port)",
+                "--runtime",
+                "node",
+            ])
        }

-        self.logger.info("launchd disable requested")
-        _ = await Launchctl.run(["bootout", "gui/\(getuid())/\(gatewayLaunchdLabel)"])
-        await self.ensureDisabled()
-        try? FileManager.default.removeItem(at: self.plistURL)
-        return nil
+        self.logger.info("launchd disable requested via CLI")
+        return await self.runDaemonCommand(["uninstall"])
    }

    static func kickstart() async {
-        _ = await Launchctl.run(["kickstart", "-k", "gui/\(getuid())/\(gatewayLaunchdLabel)"])
-    }
-
-    private static func writePlist(programArguments: [String]) {
-        let preferredPath = CommandResolver.preferredPaths().joined(separator: ":")
-        let token = self.preferredGatewayToken()
-        let password = self.preferredGatewayPassword()
-        var envEntries = """
-            <key>PATH</key>
-            <string>\(preferredPath)</string>
-        """
-        if let token {
-            let escapedToken = self.escapePlistValue(token)
-            envEntries += """
-                <key>CLAWDBOT_GATEWAY_TOKEN</key>
-                <string>\(escapedToken)</string>
-            """
-        }
-        if let password {
-            let escapedPassword = self.escapePlistValue(password)
-            envEntries += """
-                <key>CLAWDBOT_GATEWAY_PASSWORD</key>
-                <string>\(escapedPassword)</string>
-            """
-        }
-        let argsXml = programArguments
-            .map { "<string>\(self.escapePlistValue($0))</string>" }
-            .joined(separator: "\n            ")
-        let plist = """
-        <?xml version="1.0" encoding="UTF-8"?>
-        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-        <plist version="1.0">
-        <dict>
-          <key>Label</key>
-          <string>\(gatewayLaunchdLabel)</string>
-          <key>ProgramArguments</key>
-          <array>
-            \(argsXml)
-          </array>
-          <key>WorkingDirectory</key>
-          <string>\(FileManager.default.homeDirectoryForCurrentUser.path)</string>
-          <key>RunAtLoad</key>
-          <true/>
-          <key>KeepAlive</key>
-          <true/>
-          <key>EnvironmentVariables</key>
-          <dict>
-        \(envEntries)
-          </dict>
-          <key>StandardOutPath</key>
-          <string>\(LogLocator.launchdGatewayLogPath)</string>
-          <key>StandardErrorPath</key>
-          <string>\(LogLocator.launchdGatewayLogPath)</string>
-        </dict>
-        </plist>
-        """
-        do {
-            try plist.write(to: self.plistURL, atomically: true, encoding: .utf8)
-        } catch {
-            self.logger.error("launchd plist write failed: \(error.localizedDescription)")
-        }
-    }
-
-    private static func preferredGatewayBind() -> String? {
-        if CommandResolver.connectionModeIsRemote() {
-            return nil
-        }
-        if let env = ProcessInfo.processInfo.environment["CLAWDBOT_GATEWAY_BIND"] {
-            let trimmed = env.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
-            if self.supportedBindModes.contains(trimmed) {
-                return trimmed
-            }
-        }
-
-        let root = ClawdbotConfigFile.loadDict()
-        if let gateway = root["gateway"] as? [String: Any],
-           let bind = gateway["bind"] as? String
-        {
-            let trimmed = bind.trimmingCharacters(in: .whitespacesAndNewlines).lowercased()
-            if self.supportedBindModes.contains(trimmed) {
-                return trimmed
-            }
-        }
-
-        return nil
-    }
-
-    private static func preferredGatewayToken() -> String? {
-        let raw = ProcessInfo.processInfo.environment["CLAWDBOT_GATEWAY_TOKEN"] ?? ""
-        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
-        if !trimmed.isEmpty {
-            return trimmed
-        }
-        let root = ClawdbotConfigFile.loadDict()
-        if let gateway = root["gateway"] as? [String: Any],
-           let auth = gateway["auth"] as? [String: Any],
-           let token = auth["token"] as? String
-        {
-            let value = token.trimmingCharacters(in: .whitespacesAndNewlines)
-            if !value.isEmpty {
-                return value
-            }
-        }
-        return nil
-    }
-
-    private static func preferredGatewayPassword() -> String? {
-        // First check environment variable
-        let raw = ProcessInfo.processInfo.environment["CLAWDBOT_GATEWAY_PASSWORD"] ?? ""
-        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
-        if !trimmed.isEmpty {
-            return trimmed
-        }
-        // Then check config file (gateway.auth.password)
-        let root = ClawdbotConfigFile.loadDict()
-        if let gateway = root["gateway"] as? [String: Any],
-           let auth = gateway["auth"] as? [String: Any],
-           let password = auth["password"] as? String
-        {
-            return password.trimmingCharacters(in: .whitespacesAndNewlines)
-        }
-        return nil
-    }
-
-    private static func escapePlistValue(_ raw: String) -> String {
-        raw
-            .replacingOccurrences(of: "&", with: "&amp;")
-            .replacingOccurrences(of: "<", with: "&lt;")
-            .replacingOccurrences(of: ">", with: "&gt;")
-            .replacingOccurrences(of: "\"", with: "&quot;")
-            .replacingOccurrences(of: "'", with: "&apos;")
-    }
-
-    private struct DesiredConfig: Equatable {
-        let port: Int
-        let bind: String
-        let token: String?
-        let password: String?
-    }
-
-    private struct InstalledConfig: Equatable {
-        let port: Int?
-        let bind: String?
-        let token: String?
-        let password: String?
-
-        func matches(_ desired: DesiredConfig) -> Bool {
-            guard self.port == desired.port else { return false }
-            guard (self.bind ?? "loopback") == desired.bind else { return false }
-            guard self.token == desired.token else { return false }
-            guard self.password == desired.password else { return false }
-            return true
-        }
-    }
-
-    private static func readPlistConfig() -> InstalledConfig? {
-        guard let snapshot = LaunchAgentPlist.snapshot(url: self.plistURL) else { return nil }
-        return InstalledConfig(
-            port: snapshot.port,
-            bind: snapshot.bind,
-            token: snapshot.token,
-            password: snapshot.password)
+        _ = await self.runDaemonCommand(["restart"], timeout: 20)
    }

    static func launchdConfigSnapshot() -> LaunchAgentPlistSnapshot? {
        LaunchAgentPlist.snapshot(url: self.plistURL)
    }

-    private static func ensureEnabled() async {
-        let result = await Launchctl.run(["enable", "gui/\(getuid())/\(gatewayLaunchdLabel)"])
-        guard result.status != 0 else { return }
-        let msg = result.output.trimmingCharacters(in: .whitespacesAndNewlines)
-        if msg.isEmpty {
-            self.logger.warning("launchd enable failed")
-        } else {
-            self.logger.warning("launchd enable failed: \(msg)")
+    static func launchdGatewayLogPath() -> String {
+        let snapshot = self.launchdConfigSnapshot()
+        if let stdout = snapshot?.stdoutPath?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !stdout.isEmpty
+        {
+            return stdout
        }
-    }
-
-    private static func ensureDisabled() async {
-        let result = await Launchctl.run(["disable", "gui/\(getuid())/\(gatewayLaunchdLabel)"])
-        guard result.status != 0 else { return }
-        let msg = result.output.trimmingCharacters(in: .whitespacesAndNewlines)
-        if msg.isEmpty {
-            self.logger.warning("launchd disable failed")
-        } else {
-            self.logger.warning("launchd disable failed: \(msg)")
+        if let stderr = snapshot?.stderrPath?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !stderr.isEmpty
+        {
+            return stderr
        }
+        return LogLocator.launchdGatewayLogPath
    }
 }

@@ -339,20 +67,102 @@ extension GatewayLaunchAgentManager {
            .appendingPathComponent(self.disableLaunchAgentMarker)
        return FileManager.default.fileExists(atPath: marker.path)
    }
-}

-#if DEBUG
-extension GatewayLaunchAgentManager {
-    static func _testPreferredGatewayBind() -> String? {
-        self.preferredGatewayBind()
+    private static func readDaemonLoaded() async -> Bool? {
+        let result = await self.runDaemonCommandResult(
+            ["status", "--json", "--no-probe"],
+            timeout: 15,
+            quiet: true)
+        guard result.success, let payload = result.payload else { return nil }
+        guard
+            let json = try? JSONSerialization.jsonObject(with: payload) as? [String: Any],
+            let service = json["service"] as? [String: Any],
+            let loaded = service["loaded"] as? Bool
+        else {
+            return nil
+        }
+        return loaded
    }

-    static func _testPreferredGatewayToken() -> String? {
-        self.preferredGatewayToken()
+    private struct CommandResult {
+        let success: Bool
+        let payload: Data?
+        let message: String?
    }

-    static func _testEscapePlistValue(_ raw: String) -> String {
-        self.escapePlistValue(raw)
+    private struct ParsedDaemonJson {
+        let text: String
+        let object: [String: Any]
+    }
+
+    private static func runDaemonCommand(
+        _ args: [String],
+        timeout: Double = 15,
+        quiet: Bool = false) async -> String?
+    {
+        let result = await self.runDaemonCommandResult(args, timeout: timeout, quiet: quiet)
+        if result.success { return nil }
+        return result.message ?? "Gateway daemon command failed"
+    }
+
+    private static func runDaemonCommandResult(
+        _ args: [String],
+        timeout: Double,
+        quiet: Bool) async -> CommandResult
+    {
+        let command = CommandResolver.clawdbotCommand(
+            subcommand: "daemon",
+            extraArgs: self.withJsonFlag(args))
+        var env = ProcessInfo.processInfo.environment
+        env["PATH"] = CommandResolver.preferredPaths().joined(separator: ":")
+        let response = await ShellExecutor.runDetailed(command: command, cwd: nil, env: env, timeout: timeout)
+        let parsed = self.parseDaemonJson(from: response.stdout) ?? self.parseDaemonJson(from: response.stderr)
+        let ok = parsed?.object["ok"] as? Bool
+        let message = (parsed?.object["error"] as? String) ?? (parsed?.object["message"] as? String)
+        let payload = parsed?.text.data(using: .utf8)
+            ?? (response.stdout.isEmpty ? response.stderr : response.stdout).data(using: .utf8)
+        let success = ok ?? response.success
+        if success {
+            return CommandResult(success: true, payload: payload, message: nil)
+        }
+
+        if quiet {
+            return CommandResult(success: false, payload: payload, message: message)
+        }
+
+        let detail = message ?? self.summarize(response.stderr) ?? self.summarize(response.stdout)
+        let exit = response.exitCode.map { "exit \($0)" } ?? (response.errorMessage ?? "failed")
+        let fullMessage = detail.map { "Gateway daemon command failed (\(exit)): \($0)" }
+            ?? "Gateway daemon command failed (\(exit))"
+        self.logger.error("\(fullMessage, privacy: .public)")
+        return CommandResult(success: false, payload: payload, message: detail)
+    }
+
+    private static func withJsonFlag(_ args: [String]) -> [String] {
+        if args.contains("--json") { return args }
+        return args + ["--json"]
+    }
+
+    private static func parseDaemonJson(from raw: String) -> ParsedDaemonJson? {
+        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard let start = trimmed.firstIndex(of: "{"),
+              let end = trimmed.lastIndex(of: "}")
+        else {
+            return nil
+        }
+        let jsonText = String(trimmed[start...end])
+        guard let data = jsonText.data(using: .utf8) else { return nil }
+        guard let object = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else { return nil }
+        return ParsedDaemonJson(text: jsonText, object: object)
+    }
+
+    private static func summarize(_ text: String) -> String? {
+        let lines = text
+            .split(whereSeparator: \.isNewline)
+            .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
+            .filter { !$0.isEmpty }
+        guard let last = lines.last else { return nil }
+        let normalized = last.replacingOccurrences(of: "\\s+", with: " ", options: .regularExpression)
+        return normalized.count > 200 ? String(normalized.prefix(199)) + "…" : normalized
    }
 }
-#endif
--- a/apps/macos/Sources/Clawdbot/GatewayPayloadDecoding.swift
+++ b/apps/macos/Sources/Clawdbot/GatewayPayloadDecoding.swift
@@ -8,7 +8,7 @@ enum GatewayPayloadDecoding {
    }

    static func decodeIfPresent<T: Decodable>(_ payload: ClawdbotProtocol.AnyCodable?, as _: T.Type = T.self) throws
-    -> T?
+        -> T?
    {
        guard let payload else { return nil }
        return try self.decode(payload, as: T.self)
--- a/apps/macos/Sources/Clawdbot/GatewayProcessManager.swift
+++ b/apps/macos/Sources/Clawdbot/GatewayProcessManager.swift
@@ -87,6 +87,14 @@ final class GatewayProcessManager {
            self.status = .stopped
            return
        }
+        // Many surfaces can call `setActive(true)` in quick succession (startup, Canvas, health checks).
+        // Avoid spawning multiple concurrent "start" tasks that can thrash launchd and flap the port.
+        switch self.status {
+        case .starting, .running, .attachedExisting:
+            return
+        case .stopped, .failed:
+            break
+        }
        self.status = .starting
        self.logger.debug("gateway start requested")

@@ -140,7 +148,7 @@ final class GatewayProcessManager {

    func refreshLog() {
        guard self.logRefreshTask == nil else { return }
-        let path = LogLocator.launchdGatewayLogPath
+        let path = GatewayLaunchAgentManager.launchdGatewayLogPath()
        let limit = self.logLimit
        self.logRefreshTask = Task { [weak self] in
            let log = await Task.detached(priority: .utility) {
@@ -354,7 +362,7 @@ final class GatewayProcessManager {

    func clearLog() {
        self.log = ""
-        try? FileManager.default.removeItem(atPath: LogLocator.launchdGatewayLogPath)
+        try? FileManager.default.removeItem(atPath: GatewayLaunchAgentManager.launchdGatewayLogPath())
        self.logger.debug("gateway log cleared")
    }

--- a/apps/macos/Sources/Clawdbot/GeneralSettings.swift
+++ b/apps/macos/Sources/Clawdbot/GeneralSettings.swift
@@ -83,6 +83,28 @@ struct GeneralSettings: View {
                        subtitle: "Allow the agent to capture a photo or short video via the built-in camera.",
                        binding: self.$cameraEnabled)

+                    VStack(alignment: .leading, spacing: 6) {
+                        Text("Node Run Commands")
+                            .font(.body)
+
+                        Picker("", selection: self.$state.systemRunPolicy) {
+                            ForEach(SystemRunPolicy.allCases) { policy in
+                                Text(policy.title).tag(policy)
+                            }
+                        }
+                        .labelsHidden()
+                        .pickerStyle(.menu)
+
+                        Text("""
+                        Controls remote command execution on this Mac when it is paired as a node. \
+                        "Always Ask" prompts on each command; "Always Allow" runs without prompts; \
+                        "Never" disables `system.run`.
+                        """)
+                        .font(.footnote)
+                        .foregroundStyle(.tertiary)
+                        .fixedSize(horizontal: false, vertical: true)
+                    }
+
                    VStack(alignment: .leading, spacing: 6) {
                        Text("Location Access")
                            .font(.body)
@@ -92,7 +114,8 @@ struct GeneralSettings: View {
                            Text("While Using").tag(ClawdbotLocationMode.whileUsing.rawValue)
                            Text("Always").tag(ClawdbotLocationMode.always.rawValue)
                        }
-                        .pickerStyle(.segmented)
+                        .labelsHidden()
+                        .pickerStyle(.menu)

                        Toggle("Precise Location", isOn: self.$locationPreciseEnabled)
                            .disabled(self.locationMode == .off)
@@ -238,7 +261,7 @@ struct GeneralSettings: View {
                }
                .buttonStyle(.borderedProminent)
                .disabled(self.remoteStatus == .checking || self.state.remoteTarget
-                            .trimmingCharacters(in: .whitespacesAndNewlines).isEmpty)
+                    .trimmingCharacters(in: .whitespacesAndNewlines).isEmpty)
            }

            GatewayDiscoveryInlineList(
@@ -627,8 +650,8 @@ extension GeneralSettings {
        let originalMode = AppStateStore.shared.connectionMode
        do {
            try await ControlChannel.shared.configure(mode: .remote(
-                                                        target: settings.target,
-                                                        identity: settings.identity))
+                target: settings.target,
+                identity: settings.identity))
            let data = try await ControlChannel.shared.health(timeout: 10)
            if decodeHealthSnapshot(from: data) != nil {
                self.remoteStatus = .ok
--- a/apps/macos/Sources/Clawdbot/InstanceIdentity.swift
+++ b/apps/macos/Sources/Clawdbot/InstanceIdentity.swift
@@ -13,7 +13,7 @@ enum InstanceIdentity {
        let defaults = Self.defaults
        if let existing = defaults.string(forKey: instanceIdKey)?
            .trimmingCharacters(in: .whitespacesAndNewlines),
-           !existing.isEmpty
+            !existing.isEmpty
        {
            return existing
        }
--- a/apps/macos/Sources/Clawdbot/InstancesSettings.swift
+++ b/apps/macos/Sources/Clawdbot/InstancesSettings.swift
@@ -395,7 +395,7 @@ extension InstancesSettings {
            host: "phone",
            ip: "10.0.0.3",
            version: "2.0.0",
-            platform: "iOS 17.2",
+            platform: "iOS 18.0",
            deviceFamily: "iPhone",
            modelIdentifier: nil,
            lastInputSeconds: 35,
@@ -446,7 +446,7 @@ extension InstancesSettings {
        _ = view.platformIcon("watchOS 10")
        _ = view.platformIcon("unknown 1.0")
        _ = view.prettyPlatform("macOS 14.2")
-        _ = view.prettyPlatform("iOS 17")
+        _ = view.prettyPlatform("iOS 18")
        _ = view.prettyPlatform("ipados 17.1")
        _ = view.prettyPlatform("linux")
        _ = view.prettyPlatform("   ")
--- a/apps/macos/Sources/Clawdbot/Launchctl.swift
+++ b/apps/macos/Sources/Clawdbot/Launchctl.swift
@@ -31,6 +31,8 @@ enum Launchctl {
 struct LaunchAgentPlistSnapshot: Equatable, Sendable {
    let programArguments: [String]
    let environment: [String: String]
+    let stdoutPath: String?
+    let stderrPath: String?

    let port: Int?
    let bind: String?
@@ -53,6 +55,10 @@ enum LaunchAgentPlist {
        guard let root = rootAny as? [String: Any] else { return nil }
        let programArguments = root["ProgramArguments"] as? [String] ?? []
        let env = root["EnvironmentVariables"] as? [String: String] ?? [:]
+        let stdoutPath = (root["StandardOutPath"] as? String)?
+            .trimmingCharacters(in: .whitespacesAndNewlines).nonEmpty
+        let stderrPath = (root["StandardErrorPath"] as? String)?
+            .trimmingCharacters(in: .whitespacesAndNewlines).nonEmpty
        let port = Self.extractFlagInt(programArguments, flag: "--port")
        let bind = Self.extractFlagString(programArguments, flag: "--bind")?.lowercased()
        let token = env["CLAWDBOT_GATEWAY_TOKEN"]?.trimmingCharacters(in: .whitespacesAndNewlines).nonEmpty
@@ -60,6 +66,8 @@ enum LaunchAgentPlist {
        return LaunchAgentPlistSnapshot(
            programArguments: programArguments,
            environment: env,
+            stdoutPath: stdoutPath,
+            stderrPath: stderrPath,
            port: port,
            bind: bind,
            token: token,
--- a/apps/macos/Sources/Clawdbot/LogLocator.swift
+++ b/apps/macos/Sources/Clawdbot/LogLocator.swift
@@ -30,9 +30,9 @@ enum LogLocator {
        self.ensureLogDirExists()
        let fm = FileManager.default
        let files = (try? fm.contentsOfDirectory(
-                        at: self.logDir,
-                        includingPropertiesForKeys: [.contentModificationDateKey],
-                        options: [.skipsHiddenFiles])) ?? []
+            at: self.logDir,
+            includingPropertiesForKeys: [.contentModificationDateKey],
+            options: [.skipsHiddenFiles])) ?? []

        return files
            .filter { $0.lastPathComponent.hasPrefix("clawdbot") && $0.pathExtension == "log" }
--- a/apps/macos/Sources/Clawdbot/MacNodeConfigFile.swift
+++ b/apps/macos/Sources/Clawdbot/MacNodeConfigFile.swift
@@ -0,0 +1,81 @@
+import Foundation
+import OSLog
+
+enum MacNodeConfigFile {
+    private static let logger = Logger(subsystem: "com.clawdbot", category: "mac-node-config")
+
+    static func url() -> URL {
+        ClawdbotPaths.stateDirURL.appendingPathComponent("macos-node.json")
+    }
+
+    static func loadDict() -> [String: Any] {
+        let url = self.url()
+        guard FileManager.default.fileExists(atPath: url.path) else { return [:] }
+        do {
+            let data = try Data(contentsOf: url)
+            guard let root = try JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+                self.logger.warning("mac node config JSON root invalid")
+                return [:]
+            }
+            return root
+        } catch {
+            self.logger.warning("mac node config read failed: \(error.localizedDescription, privacy: .public)")
+            return [:]
+        }
+    }
+
+    static func saveDict(_ dict: [String: Any]) {
+        do {
+            let data = try JSONSerialization.data(withJSONObject: dict, options: [.prettyPrinted, .sortedKeys])
+            let url = self.url()
+            try FileManager.default.createDirectory(
+                at: url.deletingLastPathComponent(),
+                withIntermediateDirectories: true)
+            try data.write(to: url, options: [.atomic])
+            try? FileManager.default.setAttributes([.posixPermissions: 0o600], ofItemAtPath: url.path)
+        } catch {
+            self.logger.error("mac node config save failed: \(error.localizedDescription, privacy: .public)")
+        }
+    }
+
+    static func systemRunPolicy() -> SystemRunPolicy? {
+        let root = self.loadDict()
+        let systemRun = root["systemRun"] as? [String: Any]
+        let raw = systemRun?["policy"] as? String
+        guard let raw, let policy = SystemRunPolicy(rawValue: raw) else { return nil }
+        return policy
+    }
+
+    static func setSystemRunPolicy(_ policy: SystemRunPolicy) {
+        var root = self.loadDict()
+        var systemRun = root["systemRun"] as? [String: Any] ?? [:]
+        systemRun["policy"] = policy.rawValue
+        root["systemRun"] = systemRun
+        self.saveDict(root)
+    }
+
+    static func systemRunAllowlist() -> [String]? {
+        let root = self.loadDict()
+        let systemRun = root["systemRun"] as? [String: Any]
+        return systemRun?["allowlist"] as? [String]
+    }
+
+    static func setSystemRunAllowlist(_ allowlist: [String]) {
+        let cleaned = allowlist
+            .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
+            .filter { !$0.isEmpty }
+        var root = self.loadDict()
+        var systemRun = root["systemRun"] as? [String: Any] ?? [:]
+        if cleaned.isEmpty {
+            systemRun.removeValue(forKey: "allowlist")
+        } else {
+            systemRun["allowlist"] = cleaned
+        }
+        if systemRun.isEmpty {
+            root.removeValue(forKey: "systemRun")
+        } else {
+            root["systemRun"] = systemRun
+        }
+        self.saveDict(root)
+    }
+}
--- a/apps/macos/Sources/Clawdbot/MenuContentView.swift
+++ b/apps/macos/Sources/Clawdbot/MenuContentView.swift
@@ -31,6 +31,12 @@ struct MenuContent: View {
        self._updateStatus = Bindable(wrappedValue: updater?.updateStatus ?? UpdateStatus.disabled)
    }

+    private var systemRunPolicyBinding: Binding<SystemRunPolicy> {
+        Binding(
+            get: { self.state.systemRunPolicy },
+            set: { self.state.systemRunPolicy = $0 })
+    }
+
    var body: some View {
        VStack(alignment: .leading, spacing: 8) {
            Toggle(isOn: self.activeBinding) {
@@ -68,6 +74,13 @@ struct MenuContent: View {
            Toggle(isOn: self.$cameraEnabled) {
                Label("Allow Camera", systemImage: "camera")
            }
+            Picker(selection: self.systemRunPolicyBinding) {
+                ForEach(SystemRunPolicy.allCases) { policy in
+                    Text(policy.title).tag(policy)
+                }
+            } label: {
+                Label("Node Run Commands", systemImage: "terminal")
+            }
            Toggle(isOn: Binding(get: { self.state.canvasEnabled }, set: { self.state.canvasEnabled = $0 })) {
                Label("Allow Canvas", systemImage: "rectangle.and.pencil.and.ellipsis")
            }
--- a/apps/macos/Sources/Clawdbot/MenuContextCardInjector.swift
+++ b/apps/macos/Sources/Clawdbot/MenuContextCardInjector.swift
@@ -51,9 +51,9 @@ final class MenuContextCardInjector: NSObject, NSMenuDelegate {
        let initialWidth = self.initialCardWidth(for: menu)

        let initial = AnyView(ContextMenuCardView(
-                                rows: initialRows,
-                                statusText: initialStatusText,
-                                isLoading: initialIsLoading))
+            rows: initialRows,
+            statusText: initialStatusText,
+            isLoading: initialIsLoading))

        let hosting = NSHostingView(rootView: initial)
        hosting.frame.size.width = max(1, initialWidth)
--- a/apps/macos/Sources/Clawdbot/MenuSessionsInjector.swift
+++ b/apps/macos/Sources/Clawdbot/MenuSessionsInjector.swift
@@ -103,6 +103,7 @@ final class MenuSessionsInjector: NSObject, NSMenuDelegate {

 extension MenuSessionsInjector {
    // MARK: - Injection
+
    private var mainSessionKey: String { WorkActivityStore.shared.mainSessionKey }

    private func inject(into menu: NSMenu) {
@@ -138,8 +139,8 @@ extension MenuSessionsInjector {
            headerItem.isEnabled = false
            let hosted = self.makeHostedView(
                rootView: AnyView(MenuSessionsHeaderView(
-                                    count: rows.count,
-                                    statusText: isConnected ? nil : self.controlChannelStatusText(for: channelState))),
+                    count: rows.count,
+                    statusText: isConnected ? nil : self.controlChannelStatusText(for: channelState))),
                width: width,
                highlighted: false)
            headerItem.view = hosted
@@ -175,8 +176,8 @@ extension MenuSessionsInjector {
                : self.controlChannelStatusText(for: channelState)
            let hosted = self.makeHostedView(
                rootView: AnyView(MenuSessionsHeaderView(
-                                    count: 0,
-                                    statusText: statusText)),
+                    count: 0,
+                    statusText: statusText)),
                width: width,
                highlighted: false)
            headerItem.view = hosted
@@ -299,7 +300,7 @@ extension MenuSessionsInjector {
        headerItem.isEnabled = false
        headerItem.view = self.makeHostedView(
            rootView: AnyView(MenuUsageHeaderView(
-                                count: rows.count)),
+                count: rows.count)),
            width: width,
            highlighted: false)
        menu.insertItem(headerItem, at: cursor)
@@ -472,11 +473,11 @@ extension MenuSessionsInjector {
        item.tag = self.tag
        item.isEnabled = false
        let view = AnyView(SessionMenuPreviewView(
-                            sessionKey: sessionKey,
-                            width: width,
-                            maxItems: 10,
-                            maxLines: maxLines,
-                            title: title))
+            sessionKey: sessionKey,
+            width: width,
+            maxItems: 10,
+            maxLines: maxLines,
+            title: title))
        item.view = self.makeHostedView(rootView: view, width: width, highlighted: false)
        return item
    }
@@ -596,10 +597,10 @@ extension MenuSessionsInjector {
        let width = self.submenuWidth()

        menu.addItem(self.makeSessionPreviewItem(
-                        sessionKey: row.key,
-                        title: "Recent messages (last 10)",
-                        width: width,
-                        maxLines: 3))
+            sessionKey: row.key,
+            title: "Recent messages (last 10)",
+            width: width,
+            maxLines: 3))

        let morePreview = NSMenuItem(title: "More preview…", action: nil, keyEquivalent: "")
        morePreview.submenu = self.buildPreviewSubmenu(sessionKey: row.key, width: width)
@@ -703,10 +704,10 @@ extension MenuSessionsInjector {
    private func buildPreviewSubmenu(sessionKey: String, width: CGFloat) -> NSMenu {
        let menu = NSMenu()
        menu.addItem(self.makeSessionPreviewItem(
-                        sessionKey: sessionKey,
-                        title: "Recent messages (expanded)",
-                        width: width,
-                        maxLines: 8))
+            sessionKey: sessionKey,
+            title: "Recent messages (expanded)",
+            width: width,
+            maxLines: 8))
        return menu
    }

@@ -763,9 +764,9 @@ extension MenuSessionsInjector {
           !commands.isEmpty
        {
            menu.addItem(self.makeNodeMultilineItem(
-                            label: "Commands",
-                            value: commands.joined(separator: ", "),
-                            width: width))
+                label: "Commands",
+                value: commands.joined(separator: ", "),
+                width: width))
        }

        return menu
@@ -855,9 +856,9 @@ extension MenuSessionsInjector {
        guard let key = sender.representedObject as? String else { return }
        Task { @MainActor in
            guard SessionActions.confirmDestructiveAction(
-                    title: "Reset session?",
-                    message: "Starts a new session id for “\(key)”.",
-                    action: "Reset")
+                title: "Reset session?",
+                message: "Starts a new session id for “\(key)”.",
+                action: "Reset")
            else { return }

            do {
@@ -874,9 +875,9 @@ extension MenuSessionsInjector {
        guard let key = sender.representedObject as? String else { return }
        Task { @MainActor in
            guard SessionActions.confirmDestructiveAction(
-                    title: "Compact session log?",
-                    message: "Keeps the last 400 lines; archives the old file.",
-                    action: "Compact")
+                title: "Compact session log?",
+                message: "Keeps the last 400 lines; archives the old file.",
+                action: "Compact")
            else { return }

            do {
@@ -893,9 +894,9 @@ extension MenuSessionsInjector {
        guard let key = sender.representedObject as? String else { return }
        Task { @MainActor in
            guard SessionActions.confirmDestructiveAction(
-                    title: "Delete session?",
-                    message: "Deletes the “\(key)” entry and archives its transcript.",
-                    action: "Delete")
+                title: "Delete session?",
+                message: "Deletes the “\(key)” entry and archives its transcript.",
+                action: "Delete")
            else { return }

            do {
--- a/apps/macos/Sources/Clawdbot/NodeMode/MacNodeBridgePairingClient.swift
+++ b/apps/macos/Sources/Clawdbot/NodeMode/MacNodeBridgePairingClient.swift
@@ -11,10 +11,39 @@ actor MacNodeBridgePairingClient {
        endpoint: NWEndpoint,
        hello: BridgeHello,
        silent: Bool,
+        tls: MacNodeBridgeTLSParams? = nil,
+        onStatus: (@Sendable (String) -> Void)? = nil) async throws -> String
+    {
+        do {
+            return try await self.pairAndHelloOnce(
+                endpoint: endpoint,
+                hello: hello,
+                silent: silent,
+                tls: tls,
+                onStatus: onStatus)
+        } catch {
+            if let tls, !tls.required {
+                return try await self.pairAndHelloOnce(
+                    endpoint: endpoint,
+                    hello: hello,
+                    silent: silent,
+                    tls: nil,
+                    onStatus: onStatus)
+            }
+            throw error
+        }
+    }
+
+    private func pairAndHelloOnce(
+        endpoint: NWEndpoint,
+        hello: BridgeHello,
+        silent: Bool,
+        tls: MacNodeBridgeTLSParams?,
        onStatus: (@Sendable (String) -> Void)? = nil) async throws -> String
    {
        self.lineBuffer = Data()
-        let connection = NWConnection(to: endpoint, using: .tcp)
+        let params = self.makeParameters(tls: tls)
+        let connection = NWConnection(to: endpoint, using: params)
        let queue = DispatchQueue(label: "com.clawdbot.macos.bridge-client")
        defer { connection.cancel() }
        try await AsyncTimeout.withTimeout(
@@ -164,6 +193,18 @@ actor MacNodeBridgePairingClient {
        }
    }

+    private func makeParameters(tls: MacNodeBridgeTLSParams?) -> NWParameters {
+        let tcpOptions = NWProtocolTCP.Options()
+        if let tlsOptions = makeMacNodeTLSOptions(tls) {
+            let params = NWParameters(tls: tlsOptions, tcp: tcpOptions)
+            params.includePeerToPeer = true
+            return params
+        }
+        let params = NWParameters.tcp
+        params.includePeerToPeer = true
+        return params
+    }
+
    private func startAndWaitForReady(
        _ connection: NWConnection,
        queue: DispatchQueue) async throws
--- a/apps/macos/Sources/Clawdbot/NodeMode/MacNodeBridgeSession.swift
+++ b/apps/macos/Sources/Clawdbot/NodeMode/MacNodeBridgeSession.swift
@@ -36,23 +36,44 @@ actor MacNodeBridgeSession {
    func connect(
        endpoint: NWEndpoint,
        hello: BridgeHello,
+        tls: MacNodeBridgeTLSParams? = nil,
        onConnected: (@Sendable (String, String?) async -> Void)? = nil,
        onDisconnected: (@Sendable (String) async -> Void)? = nil,
        onInvoke: @escaping @Sendable (BridgeInvokeRequest) async -> BridgeInvokeResponse)
-    async throws
+        async throws
    {
        await self.disconnect()
        self.disconnectHandler = onDisconnected
        self.state = .connecting
+        do {
+            try await self.connectOnce(
+                endpoint: endpoint,
+                hello: hello,
+                tls: tls,
+                onConnected: onConnected,
+                onInvoke: onInvoke)
+        } catch {
+            if let tls, !tls.required {
+                try await self.connectOnce(
+                    endpoint: endpoint,
+                    hello: hello,
+                    tls: nil,
+                    onConnected: onConnected,
+                    onInvoke: onInvoke)
+                return
+            }
+            throw error
+        }
+    }

-        let params = NWParameters.tcp
-        params.includePeerToPeer = true
-        let tcpOptions = NWProtocolTCP.Options()
-        tcpOptions.enableKeepalive = true
-        tcpOptions.keepaliveIdle = 30
-        tcpOptions.keepaliveInterval = 15
-        tcpOptions.keepaliveCount = 3
-        params.defaultProtocolStack.transportProtocol = tcpOptions
+    private func connectOnce(
+        endpoint: NWEndpoint,
+        hello: BridgeHello,
+        tls: MacNodeBridgeTLSParams?,
+        onConnected: (@Sendable (String, String?) async -> Void)? = nil,
+        onInvoke: @escaping @Sendable (BridgeInvokeRequest) async -> BridgeInvokeResponse) async throws
+    {
+        let params = self.makeParameters(tls: tls)
        let connection = NWConnection(to: endpoint, using: params)
        let queue = DispatchQueue(label: "com.clawdbot.macos.bridge-session")
        self.connection = connection
@@ -77,15 +98,15 @@ actor MacNodeBridgeSession {
            })

        guard let line = try await AsyncTimeout.withTimeout(
-                seconds: 6,
-                onTimeout: {
-                    TimeoutError(message: "operation timed out")
-                },
-                operation: {
-                    try await self.receiveLine()
-                }),
-              let data = line.data(using: .utf8),
-              let base = try? self.decoder.decode(BridgeBaseFrame.self, from: data)
+            seconds: 6,
+            onTimeout: {
+                TimeoutError(message: "operation timed out")
+            },
+            operation: {
+                try await self.receiveLine()
+            }),
+            let data = line.data(using: .utf8),
+            let base = try? self.decoder.decode(BridgeBaseFrame.self, from: data)
        else {
            self.logger.error("node bridge hello failed (unexpected response)")
            await self.disconnect()
@@ -262,6 +283,25 @@ actor MacNodeBridgeSession {
        }
    }

+    private func makeParameters(tls: MacNodeBridgeTLSParams?) -> NWParameters {
+        let tcpOptions = NWProtocolTCP.Options()
+        tcpOptions.enableKeepalive = true
+        tcpOptions.keepaliveIdle = 30
+        tcpOptions.keepaliveInterval = 15
+        tcpOptions.keepaliveCount = 3
+
+        if let tlsOptions = makeMacNodeTLSOptions(tls) {
+            let params = NWParameters(tls: tlsOptions, tcp: tcpOptions)
+            params.includePeerToPeer = true
+            return params
+        }
+
+        let params = NWParameters.tcp
+        params.includePeerToPeer = true
+        params.defaultProtocolStack.transportProtocol = tcpOptions
+        return params
+    }
+
    private func failRPC(id: String, error: Error) async {
        if let cont = self.pendingRPC.removeValue(forKey: id) {
            cont.resume(throwing: error)
@@ -420,7 +460,7 @@ actor MacNodeBridgeSession {
        do {
            try await self.send(response)
        } catch {
-            await self.logInvokeSendFailure(error)
+            self.logInvokeSendFailure(error)
        }
    }

--- a/apps/macos/Sources/Clawdbot/NodeMode/MacNodeBridgeTLS.swift
+++ b/apps/macos/Sources/Clawdbot/NodeMode/MacNodeBridgeTLS.swift
@@ -0,0 +1,74 @@
+import CryptoKit
+import Foundation
+import Network
+import Security
+
+struct MacNodeBridgeTLSParams: Sendable {
+    let required: Bool
+    let expectedFingerprint: String?
+    let allowTOFU: Bool
+    let storeKey: String?
+}
+
+enum MacNodeBridgeTLSStore {
+    private static let suiteName = "com.clawdbot.shared"
+    private static let keyPrefix = "mac.node.bridge.tls."
+
+    private static var defaults: UserDefaults {
+        UserDefaults(suiteName: suiteName) ?? .standard
+    }
+
+    static func loadFingerprint(stableID: String) -> String? {
+        let key = self.keyPrefix + stableID
+        let raw = self.defaults.string(forKey: key)?.trimmingCharacters(in: .whitespacesAndNewlines)
+        return raw?.isEmpty == false ? raw : nil
+    }
+
+    static func saveFingerprint(_ value: String, stableID: String) {
+        let key = self.keyPrefix + stableID
+        self.defaults.set(value, forKey: key)
+    }
+}
+
+func makeMacNodeTLSOptions(_ params: MacNodeBridgeTLSParams?) -> NWProtocolTLS.Options? {
+    guard let params else { return nil }
+    let options = NWProtocolTLS.Options()
+    let expected = params.expectedFingerprint.map(normalizeMacNodeFingerprint)
+    let allowTOFU = params.allowTOFU
+    let storeKey = params.storeKey
+
+    sec_protocol_options_set_verify_block(
+        options.securityProtocolOptions,
+        { _, trust, complete in
+            let trustRef = sec_trust_copy_ref(trust).takeRetainedValue()
+            if let chain = SecTrustCopyCertificateChain(trustRef) as? [SecCertificate],
+               let cert = chain.first
+            {
+                let data = SecCertificateCopyData(cert) as Data
+                let fingerprint = sha256Hex(data)
+                if let expected {
+                    complete(fingerprint == expected)
+                    return
+                }
+                if allowTOFU {
+                    if let storeKey { MacNodeBridgeTLSStore.saveFingerprint(fingerprint, stableID: storeKey) }
+                    complete(true)
+                    return
+                }
+            }
+            let ok = SecTrustEvaluateWithError(trustRef, nil)
+            complete(ok)
+        },
+        DispatchQueue(label: "com.clawdbot.macos.bridge.tls.verify"))
+
+    return options
+}
+
+private func sha256Hex(_ data: Data) -> String {
+    let digest = SHA256.hash(data: data)
+    return digest.map { String(format: "%02x", $0) }.joined()
+}
+
+private func normalizeMacNodeFingerprint(_ raw: String) -> String {
+    raw.lowercased().filter(\.isHexDigit)
+}
--- a/apps/macos/Sources/Clawdbot/NodeMode/MacNodeModeCoordinator.swift
+++ b/apps/macos/Sources/Clawdbot/NodeMode/MacNodeModeCoordinator.swift
@@ -4,6 +4,12 @@ import Foundation
 import Network
 import OSLog

+private struct BridgeTarget {
+    let endpoint: NWEndpoint
+    let stableID: String
+    let tls: MacNodeBridgeTLSParams?
+}
+
@MainActor
 final class MacNodeModeCoordinator {
    static let shared = MacNodeModeCoordinator()
@@ -37,6 +43,7 @@ final class MacNodeModeCoordinator {
    private func run() async {
        var retryDelay: UInt64 = 1_000_000_000
        var lastCameraEnabled: Bool?
+        var lastSystemRunPolicy: SystemRunPolicy?
        let defaults = UserDefaults.standard
        while !Task.isCancelled {
            if await MainActor.run(body: { AppStateStore.shared.isPaused }) {
@@ -53,7 +60,16 @@ final class MacNodeModeCoordinator {
                try? await Task.sleep(nanoseconds: 200_000_000)
            }

-            guard let endpoint = await self.resolveBridgeEndpoint(timeoutSeconds: 5) else {
+            let systemRunPolicy = SystemRunPolicy.load()
+            if lastSystemRunPolicy == nil {
+                lastSystemRunPolicy = systemRunPolicy
+            } else if lastSystemRunPolicy != systemRunPolicy {
+                lastSystemRunPolicy = systemRunPolicy
+                await self.session.disconnect()
+                try? await Task.sleep(nanoseconds: 200_000_000)
+            }
+
+            guard let target = await self.resolveBridgeEndpoint(timeoutSeconds: 5) else {
                try? await Task.sleep(nanoseconds: min(retryDelay, 5_000_000_000))
                retryDelay = min(retryDelay * 2, 10_000_000_000)
                continue
@@ -63,10 +79,11 @@ final class MacNodeModeCoordinator {
            do {
                let hello = await self.makeHello()
                self.logger.info(
-                    "mac node bridge connecting endpoint=\(endpoint, privacy: .public)")
+                    "mac node bridge connecting endpoint=\(target.endpoint, privacy: .public)")
                try await self.session.connect(
-                    endpoint: endpoint,
+                    endpoint: target.endpoint,
                    hello: hello,
+                    tls: target.tls,
                    onConnected: { [weak self] serverName, mainSessionKey in
                        self?.logger.info("mac node connected to \(serverName, privacy: .public)")
                        if let mainSessionKey {
@@ -86,7 +103,7 @@ final class MacNodeModeCoordinator {
                        return await self.runtime.handleInvoke(req)
                    })
            } catch {
-                if await self.tryPair(endpoint: endpoint, error: error) {
+                if await self.tryPair(target: target, error: error) {
                    continue
                }
                self.logger.error(
@@ -143,10 +160,14 @@ final class MacNodeModeCoordinator {
            ClawdbotCanvasA2UICommand.pushJSONL.rawValue,
            ClawdbotCanvasA2UICommand.reset.rawValue,
            MacNodeScreenCommand.record.rawValue,
-            ClawdbotSystemCommand.run.rawValue,
            ClawdbotSystemCommand.notify.rawValue,
        ]

+        if SystemRunPolicy.load() != .never {
+            commands.append(ClawdbotSystemCommand.which.rawValue)
+            commands.append(ClawdbotSystemCommand.run.rawValue)
+        }
+
        let capsSet = Set(caps)
        if capsSet.contains(ClawdbotCapability.camera.rawValue) {
            commands.append(ClawdbotCameraCommand.list.rawValue)
@@ -160,7 +181,7 @@ final class MacNodeModeCoordinator {
        return commands
    }

-    private func tryPair(endpoint: NWEndpoint, error: Error) async -> Bool {
+    private func tryPair(target: BridgeTarget, error: Error) async -> Bool {
        let text = error.localizedDescription.uppercased()
        guard text.contains("NOT_PAIRED") || text.contains("UNAUTHORIZED") else { return false }

@@ -170,9 +191,10 @@ final class MacNodeModeCoordinator {
            }
            let hello = await self.makeHello()
            let token = try await MacNodeBridgePairingClient().pairAndHello(
-                endpoint: endpoint,
+                endpoint: target.endpoint,
                hello: hello,
                silent: shouldSilent,
+                tls: target.tls,
                onStatus: { [weak self] status in
                    self?.logger.info("mac node pairing: \(status, privacy: .public)")
                })
@@ -190,7 +212,7 @@ final class MacNodeModeCoordinator {
        "mac-\(InstanceIdentity.instanceId)"
    }

-    private func resolveLoopbackBridgeEndpoint(timeoutSeconds: Double) async -> NWEndpoint? {
+    private func resolveLoopbackBridgeEndpoint(timeoutSeconds: Double) async -> BridgeTarget? {
        guard let port = Self.loopbackBridgePort(),
              let endpointPort = NWEndpoint.Port(rawValue: port)
        else {
@@ -198,7 +220,10 @@ final class MacNodeModeCoordinator {
        }
        let endpoint = NWEndpoint.hostPort(host: "127.0.0.1", port: endpointPort)
        let reachable = await Self.probeEndpoint(endpoint, timeoutSeconds: timeoutSeconds)
-        return reachable ? endpoint : nil
+        guard reachable else { return nil }
+        let stableID = BridgeEndpointID.stableID(endpoint)
+        let tlsParams = Self.resolveManualTLSParams(stableID: stableID)
+        return BridgeTarget(endpoint: endpoint, stableID: stableID, tls: tlsParams)
    }

    static func loopbackBridgePort() -> UInt16? {
@@ -291,7 +316,7 @@ final class MacNodeModeCoordinator {
            })
    }

-    private func resolveBridgeEndpoint(timeoutSeconds: Double) async -> NWEndpoint? {
+    private func resolveBridgeEndpoint(timeoutSeconds: Double) async -> BridgeTarget? {
        let mode = await MainActor.run(body: { AppStateStore.shared.connectionMode })
        if mode == .remote {
            do {
@@ -303,7 +328,10 @@ final class MacNodeModeCoordinator {
                    if healthy, let port = NWEndpoint.Port(rawValue: localPort) {
                        self.logger.info(
                            "reusing mac node bridge tunnel localPort=\(localPort, privacy: .public)")
-                        return .hostPort(host: "127.0.0.1", port: port)
+                        let endpoint = NWEndpoint.hostPort(host: "127.0.0.1", port: port)
+                        let stableID = BridgeEndpointID.stableID(endpoint)
+                        let tlsParams = Self.resolveManualTLSParams(stableID: stableID)
+                        return BridgeTarget(endpoint: endpoint, stableID: stableID, tls: tlsParams)
                    }
                    self.logger.error(
                        "mac node bridge tunnel unhealthy localPort=\(localPort, privacy: .public); restarting")
@@ -312,9 +340,23 @@ final class MacNodeModeCoordinator {
                }

                let remotePort = Self.remoteBridgePort()
+                let preferredLocalPort = Self.loopbackBridgePort()
+                if let preferredLocalPort {
+                    self.logger.info(
+                        "mac node bridge tunnel starting " +
+                            "preferredLocalPort=\(preferredLocalPort, privacy: .public) " +
+                            "remotePort=\(remotePort, privacy: .public)")
+                } else {
+                    self.logger.info(
+                        "mac node bridge tunnel starting " +
+                            "preferredLocalPort=none " +
+                            "remotePort=\(remotePort, privacy: .public)")
+                }
                self.tunnel = try await RemotePortTunnel.create(
                    remotePort: remotePort,
-                    allowRemoteUrlOverride: false)
+                    preferredLocalPort: preferredLocalPort,
+                    allowRemoteUrlOverride: false,
+                    allowRandomLocalPort: true)
                if let localPort = self.tunnel?.localPort,
                   let port = NWEndpoint.Port(rawValue: localPort)
                {
@@ -322,7 +364,10 @@ final class MacNodeModeCoordinator {
                        "mac node bridge tunnel ready " +
                            "localPort=\(localPort, privacy: .public) " +
                            "remotePort=\(remotePort, privacy: .public)")
-                    return .hostPort(host: "127.0.0.1", port: port)
+                    let endpoint = NWEndpoint.hostPort(host: "127.0.0.1", port: port)
+                    let stableID = BridgeEndpointID.stableID(endpoint)
+                    let tlsParams = Self.resolveManualTLSParams(stableID: stableID)
+                    return BridgeTarget(endpoint: endpoint, stableID: stableID, tls: tlsParams)
                }
            } catch {
                self.logger.error("mac node bridge tunnel failed: \(error.localizedDescription, privacy: .public)")
@@ -333,8 +378,8 @@ final class MacNodeModeCoordinator {
            tunnel.terminate()
            self.tunnel = nil
        }
-        if mode == .local, let endpoint = await self.resolveLoopbackBridgeEndpoint(timeoutSeconds: 0.4) {
-            return endpoint
+        if mode == .local, let target = await self.resolveLoopbackBridgeEndpoint(timeoutSeconds: 0.4) {
+            return target
        }
        return await Self.discoverBridgeEndpoint(timeoutSeconds: timeoutSeconds)
    }
@@ -354,14 +399,14 @@ final class MacNodeModeCoordinator {
        return await Self.probeEndpoint(.hostPort(host: "127.0.0.1", port: port), timeoutSeconds: timeoutSeconds)
    }

-    private static func discoverBridgeEndpoint(timeoutSeconds: Double) async -> NWEndpoint? {
+    private static func discoverBridgeEndpoint(timeoutSeconds: Double) async -> BridgeTarget? {
        final class DiscoveryState: @unchecked Sendable {
            let lock = NSLock()
            var resolved = false
            var browsers: [NWBrowser] = []
-            var continuation: CheckedContinuation<NWEndpoint?, Never>?
+            var continuation: CheckedContinuation<BridgeTarget?, Never>?

-            func finish(_ endpoint: NWEndpoint?) {
+            func finish(_ target: BridgeTarget?) {
                self.lock.lock()
                defer { lock.unlock() }
                if self.resolved { return }
@@ -369,7 +414,7 @@ final class MacNodeModeCoordinator {
                for browser in self.browsers {
                    browser.cancel()
                }
-                self.continuation?.resume(returning: endpoint)
+                self.continuation?.resume(returning: target)
                self.continuation = nil
            }
        }
@@ -389,18 +434,18 @@ final class MacNodeModeCoordinator {
                    let preferred = BridgeDiscoveryPreferences.preferredStableID()
                    if let preferred,
                       let match = results.first(where: {
-                        if case .service = $0.endpoint {
-                            return BridgeEndpointID.stableID($0.endpoint) == preferred
-                        }
-                        return false
+                           if case .service = $0.endpoint {
+                               return BridgeEndpointID.stableID($0.endpoint) == preferred
+                           }
+                           return false
                       })
                    {
-                        state.finish(match.endpoint)
+                        state.finish(Self.targetFromResult(match))
                        return
                    }

                    if let result = results.first(where: { if case .service = $0.endpoint { true } else { false } }) {
-                        state.finish(result.endpoint)
+                        state.finish(Self.targetFromResult(result))
                    }
                }
                browser.stateUpdateHandler = { browserState in
@@ -418,6 +463,72 @@ final class MacNodeModeCoordinator {
            }
        }
    }
+
+    private nonisolated static func targetFromResult(_ result: NWBrowser.Result) -> BridgeTarget? {
+        let endpoint = result.endpoint
+        guard case .service = endpoint else { return nil }
+        let stableID = BridgeEndpointID.stableID(endpoint)
+        let txt = result.endpoint.txtRecord?.dictionary ?? [:]
+        let tlsEnabled = Self.txtBoolValue(txt, key: "bridgeTls")
+        let tlsFingerprint = Self.txtValue(txt, key: "bridgeTlsSha256")
+        let tlsParams = Self.resolveDiscoveredTLSParams(
+            stableID: stableID,
+            tlsEnabled: tlsEnabled,
+            tlsFingerprintSha256: tlsFingerprint)
+        return BridgeTarget(endpoint: endpoint, stableID: stableID, tls: tlsParams)
+    }
+
+    private nonisolated static func resolveDiscoveredTLSParams(
+        stableID: String,
+        tlsEnabled: Bool,
+        tlsFingerprintSha256: String?) -> MacNodeBridgeTLSParams?
+    {
+        let stored = MacNodeBridgeTLSStore.loadFingerprint(stableID: stableID)
+
+        if tlsEnabled || tlsFingerprintSha256 != nil {
+            return MacNodeBridgeTLSParams(
+                required: true,
+                expectedFingerprint: tlsFingerprintSha256 ?? stored,
+                allowTOFU: stored == nil,
+                storeKey: stableID)
+        }
+
+        if let stored {
+            return MacNodeBridgeTLSParams(
+                required: true,
+                expectedFingerprint: stored,
+                allowTOFU: false,
+                storeKey: stableID)
+        }
+
+        return nil
+    }
+
+    private nonisolated static func resolveManualTLSParams(stableID: String) -> MacNodeBridgeTLSParams? {
+        if let stored = MacNodeBridgeTLSStore.loadFingerprint(stableID: stableID) {
+            return MacNodeBridgeTLSParams(
+                required: true,
+                expectedFingerprint: stored,
+                allowTOFU: false,
+                storeKey: stableID)
+        }
+
+        return MacNodeBridgeTLSParams(
+            required: false,
+            expectedFingerprint: nil,
+            allowTOFU: true,
+            storeKey: stableID)
+    }
+
+    private nonisolated static func txtValue(_ dict: [String: String], key: String) -> String? {
+        let raw = dict[key]?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        return raw.isEmpty ? nil : raw
+    }
+
+    private nonisolated static func txtBoolValue(_ dict: [String: String], key: String) -> Bool {
+        guard let raw = self.txtValue(dict, key: key)?.lowercased() else { return false }
+        return raw == "1" || raw == "true" || raw == "yes"
+    }
 }

 enum MacNodeTokenStore {
--- a/apps/macos/Sources/Clawdbot/NodeMode/MacNodeRuntime.swift
+++ b/apps/macos/Sources/Clawdbot/NodeMode/MacNodeRuntime.swift
@@ -55,6 +55,8 @@ actor MacNodeRuntime {
                return try await self.handleScreenRecordInvoke(req)
            case ClawdbotSystemCommand.run.rawValue:
                return try await self.handleSystemRun(req)
+            case ClawdbotSystemCommand.which.rawValue:
+                return try await self.handleSystemWhich(req)
            case ClawdbotSystemCommand.notify.rawValue:
                return try await self.handleSystemNotify(req)
            default:
@@ -181,10 +183,10 @@ actor MacNodeRuntime {
                var height: Int
            }
            let payload = try Self.encodePayload(SnapPayload(
-                                                    format: (params.format ?? .jpg).rawValue,
-                                                    base64: res.data.base64EncodedString(),
-                                                    width: Int(res.size.width),
-                                                    height: Int(res.size.height)))
+                format: (params.format ?? .jpg).rawValue,
+                base64: res.data.base64EncodedString(),
+                width: Int(res.size.width),
+                height: Int(res.size.height)))
            return BridgeInvokeResponse(id: req.id, ok: true, payloadJSON: payload)
        case ClawdbotCameraCommand.clip.rawValue:
            let params = (try? Self.decodeParams(ClawdbotCameraClipParams.self, from: req.paramsJSON)) ??
@@ -204,10 +206,10 @@ actor MacNodeRuntime {
                var hasAudio: Bool
            }
            let payload = try Self.encodePayload(ClipPayload(
-                                                    format: (params.format ?? .mp4).rawValue,
-                                                    base64: data.base64EncodedString(),
-                                                    durationMs: res.durationMs,
-                                                    hasAudio: res.hasAudio))
+                format: (params.format ?? .mp4).rawValue,
+                base64: data.base64EncodedString(),
+                durationMs: res.durationMs,
+                hasAudio: res.hasAudio))
            return BridgeInvokeResponse(id: req.id, ok: true, payloadJSON: payload)
        case ClawdbotCameraCommand.list.rawValue:
            let devices = await self.cameraCapture.listDevices()
@@ -312,12 +314,12 @@ actor MacNodeRuntime {
            var hasAudio: Bool
        }
        let payload = try Self.encodePayload(ScreenPayload(
-                                                format: "mp4",
-                                                base64: data.base64EncodedString(),
-                                                durationMs: params.durationMs,
-                                                fps: params.fps,
-                                                screenIndex: params.screenIndex,
-                                                hasAudio: res.hasAudio))
+            format: "mp4",
+            base64: data.base64EncodedString(),
+            durationMs: params.durationMs,
+            fps: params.fps,
+            screenIndex: params.screenIndex,
+            hasAudio: res.hasAudio))
        return BridgeInvokeResponse(id: req.id, ok: true, payloadJSON: payload)
    }

@@ -426,6 +428,37 @@ actor MacNodeRuntime {
            return Self.errorResponse(req, code: .invalidRequest, message: "INVALID_REQUEST: command required")
        }

+        let wasAllowlisted = SystemRunAllowlist.contains(command)
+        switch Self.systemRunPolicy() {
+        case .never:
+            return Self.errorResponse(
+                req,
+                code: .unavailable,
+                message: "SYSTEM_RUN_DISABLED: policy=never")
+        case .always:
+            break
+        case .ask:
+            if !wasAllowlisted {
+                let services = await self.mainActorServices()
+                let decision = await services.confirmSystemRun(
+                    command: SystemRunAllowlist.displayString(for: command),
+                    cwd: params.cwd)
+                switch decision {
+                case .allowOnce:
+                    break
+                case .allowAlways:
+                    SystemRunAllowlist.add(command)
+                case .deny:
+                    return Self.errorResponse(
+                        req,
+                        code: .unavailable,
+                        message: "SYSTEM_RUN_DENIED: user denied")
+                }
+            }
+        }
+
+        let env = Self.sanitizedEnv(params.env)
+
        if params.needsScreenRecording == true {
            let authorized = await PermissionManager
                .status([.screenRecording])[.screenRecording] ?? false
@@ -441,7 +474,7 @@ actor MacNodeRuntime {
        let result = await ShellExecutor.runDetailed(
            command: command,
            cwd: params.cwd,
-            env: params.env,
+            env: env,
            timeout: timeoutSec)

        struct RunPayload: Encodable {
@@ -454,12 +487,39 @@ actor MacNodeRuntime {
        }

        let payload = try Self.encodePayload(RunPayload(
-                                                exitCode: result.exitCode,
-                                                timedOut: result.timedOut,
-                                                success: result.success,
-                                                stdout: result.stdout,
-                                                stderr: result.stderr,
-                                                error: result.errorMessage))
+            exitCode: result.exitCode,
+            timedOut: result.timedOut,
+            success: result.success,
+            stdout: result.stdout,
+            stderr: result.stderr,
+            error: result.errorMessage))
+        return BridgeInvokeResponse(id: req.id, ok: true, payloadJSON: payload)
+    }
+
+    private func handleSystemWhich(_ req: BridgeInvokeRequest) async throws -> BridgeInvokeResponse {
+        let params = try Self.decodeParams(ClawdbotSystemWhichParams.self, from: req.paramsJSON)
+        let bins = params.bins
+            .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
+            .filter { !$0.isEmpty }
+        guard !bins.isEmpty else {
+            return Self.errorResponse(req, code: .invalidRequest, message: "INVALID_REQUEST: bins required")
+        }
+
+        let searchPaths = CommandResolver.preferredPaths()
+        var matches: [String] = []
+        var paths: [String: String] = [:]
+        for bin in bins {
+            if let path = CommandResolver.findExecutable(named: bin, searchPaths: searchPaths) {
+                matches.append(bin)
+                paths[bin] = path
+            }
+        }
+
+        struct WhichPayload: Encodable {
+            let bins: [String]
+            let paths: [String: String]
+        }
+        let payload = try Self.encodePayload(WhichPayload(bins: matches, paths: paths))
        return BridgeInvokeResponse(id: req.id, ok: true, payloadJSON: payload)
    }

@@ -529,6 +589,39 @@ actor MacNodeRuntime {
        UserDefaults.standard.object(forKey: cameraEnabledKey) as? Bool ?? false
    }

+    private nonisolated static func systemRunPolicy() -> SystemRunPolicy {
+        SystemRunPolicy.load()
+    }
+
+    private static let blockedEnvKeys: Set<String> = [
+        "PATH",
+        "NODE_OPTIONS",
+        "PYTHONHOME",
+        "PYTHONPATH",
+        "PERL5LIB",
+        "PERL5OPT",
+        "RUBYOPT",
+    ]
+
+    private static let blockedEnvPrefixes: [String] = [
+        "DYLD_",
+        "LD_",
+    ]
+
+    private static func sanitizedEnv(_ overrides: [String: String]?) -> [String: String]? {
+        guard let overrides else { return nil }
+        var merged = ProcessInfo.processInfo.environment
+        for (rawKey, value) in overrides {
+            let key = rawKey.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !key.isEmpty else { continue }
+            let upper = key.uppercased()
+            if self.blockedEnvKeys.contains(upper) { continue }
+            if self.blockedEnvPrefixes.contains(where: { upper.hasPrefix($0) }) { continue }
+            merged[key] = value
+        }
+        return merged
+    }
+
    private nonisolated static func locationMode() -> ClawdbotLocationMode {
        let raw = UserDefaults.standard.string(forKey: locationModeKey) ?? "off"
        return ClawdbotLocationMode(rawValue: raw) ?? .off
@@ -576,8 +669,8 @@ actor MacNodeRuntime {
        case .jpeg:
            let clamped = min(1.0, max(0.05, quality))
            guard let data = rep.representation(
-                    using: .jpeg,
-                    properties: [.compressionFactor: clamped])
+                using: .jpeg,
+                properties: [.compressionFactor: clamped])
            else {
                throw NSError(domain: "Canvas", code: 24, userInfo: [
                    NSLocalizedDescriptionKey: "jpeg encode failed",
--- a/apps/macos/Sources/Clawdbot/NodeMode/MacNodeRuntimeMainActorServices.swift
+++ b/apps/macos/Sources/Clawdbot/NodeMode/MacNodeRuntimeMainActorServices.swift
@@ -1,7 +1,14 @@
+import AppKit
 import ClawdbotKit
 import CoreLocation
 import Foundation

+enum SystemRunDecision: Sendable {
+    case allowOnce
+    case allowAlways
+    case deny
+}
+
@MainActor
 protocol MacNodeRuntimeMainActorServices: Sendable {
    func recordScreen(
@@ -17,6 +24,8 @@ protocol MacNodeRuntimeMainActorServices: Sendable {
        desiredAccuracy: ClawdbotLocationAccuracy,
        maxAgeMs: Int?,
        timeoutMs: Int?) async throws -> CLLocation
+
+    func confirmSystemRun(command: String, cwd: String?) async -> SystemRunDecision
 }

@MainActor
@@ -57,4 +66,31 @@ final class LiveMacNodeRuntimeMainActorServices: MacNodeRuntimeMainActorServices
            maxAgeMs: maxAgeMs,
            timeoutMs: timeoutMs)
    }
+
+    func confirmSystemRun(command: String, cwd: String?) async -> SystemRunDecision {
+        let alert = NSAlert()
+        alert.alertStyle = .warning
+        alert.messageText = "Allow this command?"
+
+        var details = "Clawdbot wants to run:\n\n\(command)"
+        let trimmedCwd = cwd?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        if !trimmedCwd.isEmpty {
+            details += "\n\nWorking directory:\n\(trimmedCwd)"
+        }
+        details += "\n\nThis runs on this Mac via node mode."
+        alert.informativeText = details
+
+        alert.addButton(withTitle: "Allow Once")
+        alert.addButton(withTitle: "Always Allow")
+        alert.addButton(withTitle: "Don't Allow")
+
+        switch alert.runModal() {
+        case .alertFirstButtonReturn:
+            return .allowOnce
+        case .alertSecondButtonReturn:
+            return .allowAlways
+        default:
+            return .deny
+        }
+    }
 }
--- a/apps/macos/Sources/Clawdbot/NodePairingApprovalPrompter.swift
+++ b/apps/macos/Sources/Clawdbot/NodePairingApprovalPrompter.swift
@@ -454,7 +454,7 @@ final class NodePairingApprovalPrompter {
        let center = UNUserNotificationCenter.current()
        let settings = await center.notificationSettings()
        guard settings.authorizationStatus == .authorized ||
-                settings.authorizationStatus == .provisional
+            settings.authorizationStatus == .provisional
        else {
            return
        }
@@ -547,7 +547,7 @@ final class NodePairingApprovalPrompter {
        let gateway = model.gateways.first { $0.stableID == preferred } ?? model.gateways.first
        guard let gateway else { return nil }
        let host = (gateway.tailnetDns?.trimmingCharacters(in: .whitespacesAndNewlines).nonEmpty ??
-                        gateway.lanHost?.trimmingCharacters(in: .whitespacesAndNewlines).nonEmpty)
+            gateway.lanHost?.trimmingCharacters(in: .whitespacesAndNewlines).nonEmpty)
        guard let host, !host.isEmpty else { return nil }
        let port = gateway.sshPort > 0 ? gateway.sshPort : 22
        return SSHTarget(host: host, port: port)
--- a/apps/macos/Sources/Clawdbot/OnboardingView+Pages.swift
+++ b/apps/macos/Sources/Clawdbot/OnboardingView+Pages.swift
@@ -694,10 +694,10 @@ extension OnboardingView {
                    systemImage: "bubble.left.and.bubble.right")
                self.featureActionRow(
                    title: "Connect WhatsApp or Telegram",
-                    subtitle: "Open Settings → Connections to link channels and monitor status.",
+                    subtitle: "Open Settings → Channels to link channels and monitor status.",
                    systemImage: "link")
                {
-                    self.openSettings(tab: .connections)
+                    self.openSettings(tab: .channels)
                }
                self.featureRow(
                    title: "Try Voice Wake",
--- a/apps/macos/Sources/Clawdbot/PeekabooBridgeHostCoordinator.swift
+++ b/apps/macos/Sources/Clawdbot/PeekabooBridgeHostCoordinator.swift
@@ -77,10 +77,10 @@ final class PeekabooBridgeHostCoordinator {

        var infoCF: CFDictionary?
        guard SecCodeCopySigningInformation(
-                staticCode,
-                SecCSFlags(rawValue: kSecCSSigningInformation),
-                &infoCF) == errSecSuccess,
-              let info = infoCF as? [String: Any]
+            staticCode,
+            SecCSFlags(rawValue: kSecCSSigningInformation),
+            &infoCF) == errSecSuccess,
+            let info = infoCF as? [String: Any]
        else {
            return nil
        }
@@ -106,9 +106,9 @@ private final class ClawdbotPeekabooBridgeServices: PeekabooBridgeServiceProvidi
        let feedbackClient: any AutomationFeedbackClient = NoopAutomationFeedbackClient()

        let snapshots = InMemorySnapshotManager(options: .init(
-                                                    snapshotValidityWindow: 600,
-                                                    maxSnapshots: 50,
-                                                    deleteArtifactsOnCleanup: false))
+            snapshotValidityWindow: 600,
+            maxSnapshots: 50,
+            deleteArtifactsOnCleanup: false))
        let applications = ApplicationService(feedbackClient: feedbackClient)

        let screenCapture = ScreenCaptureService(loggingService: logging)
--- a/apps/macos/Sources/Clawdbot/PortGuardian.swift
+++ b/apps/macos/Sources/Clawdbot/PortGuardian.swift
@@ -158,10 +158,10 @@ actor PortGuardian {
                mode: mode,
                listeners: listeners)
            reports.append(Self.buildReport(
-                            port: port,
-                            listeners: listeners,
-                            mode: mode,
-                            tunnelHealthy: tunnelHealthy))
+                port: port,
+                listeners: listeners,
+                mode: mode,
+                tunnelHealthy: tunnelHealthy))
        }

        return reports
@@ -351,10 +351,11 @@ actor PortGuardian {
            if port == GatewayEnvironment.gatewayPort() { return cmd.contains("ssh") }
            return false
        case .local:
-            if !cmd.contains("clawdbot") { return false }
+            // The gateway daemon may listen as `clawdbot` or as its runtime (`node`, `bun`, etc).
            if full.contains("gateway-daemon") { return true }
            // If args are unavailable, treat a clawdbot listener as expected.
-            return full == cmd
+            if cmd.contains("clawdbot"), full == cmd { return true }
+            return false
        case .unconfigured:
            return false
        }
--- a/apps/macos/Sources/Clawdbot/RemotePortTunnel.swift
+++ b/apps/macos/Sources/Clawdbot/RemotePortTunnel.swift
@@ -105,8 +105,8 @@ final class RemotePortTunnel {
                return
            }
            guard let line = String(data: data, encoding: .utf8)?
-                    .trimmingCharacters(in: .whitespacesAndNewlines),
-                  !line.isEmpty
+                .trimmingCharacters(in: .whitespacesAndNewlines),
+                !line.isEmpty
            else { return }
            Self.logger.error("ssh tunnel stderr: \(line, privacy: .public)")
        }
--- a/apps/macos/Sources/Clawdbot/RuntimeLocator.swift
+++ b/apps/macos/Sources/Clawdbot/RuntimeLocator.swift
@@ -42,11 +42,11 @@ struct RuntimeResolution {
 enum RuntimeResolutionError: Error {
    case notFound(searchPaths: [String])
    case unsupported(
-            kind: RuntimeKind,
-            found: RuntimeVersion,
-            required: RuntimeVersion,
-            path: String,
-            searchPaths: [String])
+        kind: RuntimeKind,
+        found: RuntimeVersion,
+        required: RuntimeVersion,
+        path: String,
+        searchPaths: [String])
    case versionParse(kind: RuntimeKind, raw: String, path: String, searchPaths: [String])
 }

@@ -65,21 +65,21 @@ enum RuntimeLocator {
        }
        guard let rawVersion = readVersion(of: binary, pathEnv: pathEnv) else {
            return .failure(.versionParse(
-                                kind: runtime,
-                                raw: "(unreadable)",
-                                path: binary,
-                                searchPaths: searchPaths))
+                kind: runtime,
+                raw: "(unreadable)",
+                path: binary,
+                searchPaths: searchPaths))
        }
        guard let parsed = RuntimeVersion.from(string: rawVersion) else {
            return .failure(.versionParse(kind: runtime, raw: rawVersion, path: binary, searchPaths: searchPaths))
        }
        guard parsed >= self.minNode else {
            return .failure(.unsupported(
-                                kind: runtime,
-                                found: parsed,
-                                required: self.minNode,
-                                path: binary,
-                                searchPaths: searchPaths))
+                kind: runtime,
+                found: parsed,
+                required: self.minNode,
+                path: binary,
+                searchPaths: searchPaths))
        }

        return .success(RuntimeResolution(kind: runtime, path: binary, version: parsed))
--- a/apps/macos/Sources/Clawdbot/ScreenRecordService.swift
+++ b/apps/macos/Sources/Clawdbot/ScreenRecordService.swift
@@ -251,11 +251,11 @@ private final class StreamRecorder: NSObject, SCStreamOutput, SCStreamDelegate,
                    if let err = self.writer.error {
                        cont
                            .resume(throwing: ScreenRecordService.ScreenRecordError
-                                        .writeFailed(err.localizedDescription))
+                                .writeFailed(err.localizedDescription))
                    } else if self.writer.status != .completed {
                        cont
                            .resume(throwing: ScreenRecordService.ScreenRecordError
-                                        .writeFailed("Failed to finalize video"))
+                                .writeFailed("Failed to finalize video"))
                    } else {
                        cont.resume()
                    }
--- a/apps/macos/Sources/Clawdbot/SettingsRootView.swift
+++ b/apps/macos/Sources/Clawdbot/SettingsRootView.swift
@@ -27,9 +27,9 @@ struct SettingsRootView: View {
                    .tabItem { Label("General", systemImage: "gearshape") }
                    .tag(SettingsTab.general)

-                ConnectionsSettings()
-                    .tabItem { Label("Connections", systemImage: "link") }
-                    .tag(SettingsTab.connections)
+                ChannelsSettings()
+                    .tabItem { Label("Channels", systemImage: "link") }
+                    .tag(SettingsTab.channels)

                VoiceWakeSettings(state: self.state, isActive: self.selectedTab == .voiceWake)
                    .tabItem { Label("Voice Wake", systemImage: "waveform.circle") }
@@ -176,13 +176,13 @@ struct SettingsRootView: View {
 }

 enum SettingsTab: CaseIterable {
-    case general, connections, skills, sessions, cron, config, instances, voiceWake, permissions, debug, about
+    case general, channels, skills, sessions, cron, config, instances, voiceWake, permissions, debug, about
    static let windowWidth: CGFloat = 824 // wider
    static let windowHeight: CGFloat = 790 // +10% (more room)
    var title: String {
        switch self {
        case .general: "General"
-        case .connections: "Connections"
+        case .channels: "Channels"
        case .skills: "Skills"
        case .sessions: "Sessions"
        case .cron: "Cron"
@@ -198,7 +198,7 @@ enum SettingsTab: CaseIterable {
    var systemImage: String {
        switch self {
        case .general: "gearshape"
-        case .connections: "link"
+        case .channels: "link"
        case .skills: "sparkles"
        case .sessions: "clock.arrow.circlepath"
        case .cron: "calendar"
--- a/apps/macos/Sources/Clawdbot/SoundEffects.swift
+++ b/apps/macos/Sources/Clawdbot/SoundEffects.swift
@@ -54,9 +54,9 @@ enum SoundEffectCatalog {
        var map: [String: URL] = [:]
        for root in Self.searchRoots {
            guard let contents = try? FileManager.default.contentsOfDirectory(
-                    at: root,
-                    includingPropertiesForKeys: nil,
-                    options: [.skipsHiddenFiles])
+                at: root,
+                includingPropertiesForKeys: nil,
+                options: [.skipsHiddenFiles])
            else { continue }

            for url in contents where Self.allowedExtensions.contains(url.pathExtension.lowercased()) {
@@ -88,9 +88,9 @@ enum SoundEffectPlayer {
    static func sound(from bookmark: Data) -> NSSound? {
        var stale = false
        guard let url = try? URL(
-                resolvingBookmarkData: bookmark,
-                options: [.withoutUI, .withSecurityScope],
-                bookmarkDataIsStale: &stale)
+            resolvingBookmarkData: bookmark,
+            options: [.withoutUI, .withSecurityScope],
+            bookmarkDataIsStale: &stale)
        else { return nil }

        let scoped = url.startAccessingSecurityScopedResource()
--- a/apps/macos/Sources/Clawdbot/SystemRunPolicy.swift
+++ b/apps/macos/Sources/Clawdbot/SystemRunPolicy.swift
@@ -0,0 +1,89 @@
+import Foundation
+
+enum SystemRunPolicy: String, CaseIterable, Identifiable {
+    case never
+    case ask
+    case always
+
+    var id: String { self.rawValue }
+
+    var title: String {
+        switch self {
+        case .never:
+            "Never"
+        case .ask:
+            "Always Ask"
+        case .always:
+            "Always Allow"
+        }
+    }
+
+    static func load(from defaults: UserDefaults = .standard) -> SystemRunPolicy {
+        if let policy = MacNodeConfigFile.systemRunPolicy() {
+            return policy
+        }
+        if let raw = defaults.string(forKey: systemRunPolicyKey),
+           let policy = SystemRunPolicy(rawValue: raw)
+        {
+            MacNodeConfigFile.setSystemRunPolicy(policy)
+            return policy
+        }
+        if let legacy = defaults.object(forKey: systemRunEnabledKey) as? Bool {
+            let policy: SystemRunPolicy = legacy ? .ask : .never
+            MacNodeConfigFile.setSystemRunPolicy(policy)
+            return policy
+        }
+        let fallback: SystemRunPolicy = .ask
+        MacNodeConfigFile.setSystemRunPolicy(fallback)
+        return fallback
+    }
+}
+
+enum SystemRunAllowlist {
+    static func key(for argv: [String]) -> String {
+        let trimmed = argv.map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
+        guard !trimmed.isEmpty else { return "" }
+        if let data = try? JSONEncoder().encode(trimmed),
+           let json = String(data: data, encoding: .utf8)
+        {
+            return json
+        }
+        return trimmed.joined(separator: " ")
+    }
+
+    static func displayString(for argv: [String]) -> String {
+        argv.map { arg in
+            let trimmed = arg.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !trimmed.isEmpty else { return "\"\"" }
+            let needsQuotes = trimmed.contains { $0.isWhitespace || $0 == "\"" }
+            if !needsQuotes { return trimmed }
+            let escaped = trimmed.replacingOccurrences(of: "\"", with: "\\\"")
+            return "\"\(escaped)\""
+        }.joined(separator: " ")
+    }
+
+    static func load(from defaults: UserDefaults = .standard) -> Set<String> {
+        if let allowlist = MacNodeConfigFile.systemRunAllowlist() {
+            return Set(allowlist)
+        }
+        if let legacy = defaults.stringArray(forKey: systemRunAllowlistKey), !legacy.isEmpty {
+            MacNodeConfigFile.setSystemRunAllowlist(legacy)
+            return Set(legacy)
+        }
+        return []
+    }
+
+    static func contains(_ argv: [String], defaults: UserDefaults = .standard) -> Bool {
+        let key = key(for: argv)
+        return self.load(from: defaults).contains(key)
+    }
+
+    static func add(_ argv: [String], defaults: UserDefaults = .standard) {
+        let key = key(for: argv)
+        guard !key.isEmpty else { return }
+        var allowlist = self.load(from: defaults)
+        if allowlist.insert(key).inserted {
+            MacNodeConfigFile.setSystemRunAllowlist(Array(allowlist).sorted())
+        }
+    }
+}
--- a/apps/macos/Sources/Clawdbot/TalkModeRuntime.swift
+++ b/apps/macos/Sources/Clawdbot/TalkModeRuntime.swift
@@ -354,9 +354,9 @@ actor TalkModeRuntime {
                    "session=\(sessionKey, privacy: .public)")

            guard let assistantText = await self.waitForAssistantText(
-                    sessionKey: sessionKey,
-                    since: startedAt,
-                    timeoutSeconds: 45)
+                sessionKey: sessionKey,
+                since: startedAt,
+                timeoutSeconds: 45)
            else {
                self.logger.warning("talk assistant text missing after timeout")
                await self.startListening()
--- a/Show More
+++ b/Show More