docs: update changelog for gog skill

docs: add Sheets/Docs examples to gog skill
2026-01-03 11:18:08 +01:00 · 2026-01-03 11:17:34 +01:00
3922 changed files with 85952 additions and 483642 deletions
--- a/.agent/.DS_Store
+++ b/.agent/.DS_Store
--- a/.agent/workflows/update_clawdbot.md
+++ b/.agent/workflows/update_clawdbot.md
@@ -1,366 +0,0 @@
---
-description: Update Clawdbot from upstream when branch has diverged (ahead/behind)
---
-
-# Clawdbot Upstream Sync Workflow
-
-Use this workflow when your fork has diverged from upstream (e.g., "18 commits ahead, 29 commits behind").
-
-## Quick Reference
-
-```bash
-# Check divergence status
-git fetch upstream && git rev-list --left-right --count main...upstream/main
-
-# Full sync (rebase preferred)
-git fetch upstream && git rebase upstream/main && pnpm install && pnpm build && ./scripts/restart-mac.sh
-
-# Check for Swift 6.2 issues after sync
-grep -r "FileManager\.default\|Thread\.isMainThread" src/ apps/ --include="*.swift"
-```
-
---
-
-## Step 1: Assess Divergence
-
-```bash
-git fetch upstream
-git log --oneline --left-right main...upstream/main | head -20
-```
-
-This shows:
- `<` = your local commits (ahead)
- `>` = upstream commits you're missing (behind)
-
-**Decision point:**
- Few local commits, many upstream → **Rebase** (cleaner history)
- Many local commits or shared branch → **Merge** (preserves history)
-
---
-
-## Step 2A: Rebase Strategy (Preferred)
-
-Replays your commits on top of upstream. Results in linear history.
-
-```bash
-# Ensure working tree is clean
-git status
-
-# Rebase onto upstream
-git rebase upstream/main
-```
-
-### Handling Rebase Conflicts
-
-```bash
-# When conflicts occur:
-# 1. Fix conflicts in the listed files
-# 2. Stage resolved files
-git add <resolved-files>
-
-# 3. Continue rebase
-git rebase --continue
-
-# If a commit is no longer needed (already in upstream):
-git rebase --skip
-
-# To abort and return to original state:
-git rebase --abort
-```
-
-### Common Conflict Patterns
-
-| File | Resolution |
-|------|------------|
-| `package.json` | Take upstream deps, keep local scripts if needed |
-| `pnpm-lock.yaml` | Accept upstream, regenerate with `pnpm install` |
-| `*.patch` files | Usually take upstream version |
-| Source files | Merge logic carefully, prefer upstream structure |
-
---
-
-## Step 2B: Merge Strategy (Alternative)
-
-Preserves all history with a merge commit.
-
-```bash
-git merge upstream/main --no-edit
-```
-
-Resolve conflicts same as rebase, then:
-```bash
-git add <resolved-files>
-git commit
-```
-
---
-
-## Step 3: Rebuild Everything
-
-After sync completes:
-
-```bash
-# Install dependencies (regenerates lock if needed)
-pnpm install
-
-# Build TypeScript
-pnpm build
-
-# Build UI assets
-pnpm ui:build
-
-# Run diagnostics
-pnpm clawdbot doctor
-```
-
---
-
-## Step 4: Rebuild macOS App
-
-```bash
-# Full rebuild, sign, and launch
-./scripts/restart-mac.sh
-
-# Or just package without restart
-pnpm mac:package
-```
-
-### Install to /Applications
-
-```bash
-# Kill running app
-pkill -x "Clawdbot" || true
-
-# Move old version
-mv /Applications/Clawdbot.app /tmp/Clawdbot-backup.app
-
-# Install new build
-cp -R dist/Clawdbot.app /Applications/
-
-# Launch
-open /Applications/Clawdbot.app
-```
-
---
-
-## Step 4A: Verify macOS App & Agent
-
-After rebuilding the macOS app, always verify it works correctly:
-
-```bash
-# Check gateway health
-pnpm clawdbot health
-
-# Verify no zombie processes
-ps aux | grep -E "(clawdbot|gateway)" | grep -v grep
-
-# Test agent functionality by sending a verification message
-pnpm clawdbot agent --message "Verification: macOS app rebuild successful - agent is responding." --session-id YOUR_TELEGRAM_SESSION_ID
-
-# Confirm the message was received on Telegram
-# (Check your Telegram chat with the bot)
-```
-
-**Important:** Always wait for the Telegram verification message before proceeding. If the agent doesn't respond, troubleshoot the gateway or model configuration before pushing.
-
---
-
-## Step 5: Handle Swift/macOS Build Issues (Common After Upstream Sync)
-
-Upstream updates may introduce Swift 6.2 / macOS 26 SDK incompatibilities. Use analyze-mode for systematic debugging:
-
-### Analyze-Mode Investigation
-```bash
-# Gather context with parallel agents
-morph-mcp_warpgrep_codebase_search search_string="Find deprecated FileManager.default and Thread.isMainThread usages in Swift files" repo_path="/Volumes/Main SSD/Developer/clawdis"
-morph-mcp_warpgrep_codebase_search search_string="Locate Peekaboo submodule and macOS app Swift files with concurrency issues" repo_path="/Volumes/Main SSD/Developer/clawdis"
-```
-
-### Common Swift 6.2 Fixes
-
-**FileManager.default Deprecation:**
-```bash
-# Search for deprecated usage
-grep -r "FileManager\.default" src/ apps/ --include="*.swift"
-
-# Replace with proper initialization
-# OLD: FileManager.default
-# NEW: FileManager()
-```
-
-**Thread.isMainThread Deprecation:**
-```bash
-# Search for deprecated usage
-grep -r "Thread\.isMainThread" src/ apps/ --include="*.swift"
-
-# Replace with modern concurrency check
-# OLD: Thread.isMainThread
-# NEW: await MainActor.run { ... } or DispatchQueue.main.sync { ... }
-```
-
-### Peekaboo Submodule Fixes
-```bash
-# Check Peekaboo for concurrency issues
-cd src/canvas-host/a2ui
-grep -r "Thread\.isMainThread\|FileManager\.default" . --include="*.swift"
-
-# Fix and rebuild submodule
-cd /Volumes/Main SSD/Developer/clawdis
-pnpm canvas:a2ui:bundle
-```
-
-### macOS App Concurrency Fixes
-```bash
-# Check macOS app for issues
-grep -r "Thread\.isMainThread\|FileManager\.default" apps/macos/ --include="*.swift"
-
-# Clean and rebuild after fixes
-cd apps/macos && rm -rf .build .swiftpm
-./scripts/restart-mac.sh
-```
-
-### Model Configuration Updates
-If upstream introduced new model configurations:
-```bash
-# Check for OpenRouter API key requirements
-grep -r "openrouter\|OPENROUTER" src/ --include="*.ts" --include="*.js"
-
-# Update clawdbot.json with fallback chains
-# Add model fallback configurations as needed
-```
-
---
-
-## Step 6: Verify & Push
-
-```bash
-# Verify everything works
-pnpm clawdbot health
-pnpm test
-
-# Push (force required after rebase)
-git push origin main --force-with-lease
-
-# Or regular push after merge
-git push origin main
-```
-
---
-
-## Troubleshooting
-
-### Build Fails After Sync
-
-```bash
-# Clean and rebuild
-rm -rf node_modules dist
-pnpm install
-pnpm build
-```
-
-### Type Errors (Bun/Node Incompatibility)
-
-Common issue: `fetch.preconnect` type mismatch. Fix by using `FetchLike` type instead of `typeof fetch`.
-
-### macOS App Crashes on Launch
-
-Usually resource bundle mismatch. Full rebuild required:
-```bash
-cd apps/macos && rm -rf .build .swiftpm
-./scripts/restart-mac.sh
-```
-
-### Patch Failures
-
-```bash
-# Check patch status
-pnpm install 2>&1 | grep -i patch
-
-# If patches fail, they may need updating for new dep versions
-# Check patches/ directory against package.json patchedDependencies
-```
-
-### Swift 6.2 / macOS 26 SDK Build Failures
-
-**Symptoms:** Build fails with deprecation warnings about `FileManager.default` or `Thread.isMainThread`
-
-**Search-Mode Investigation:**
-```bash
-# Exhaustive search for deprecated APIs
-morph-mcp_warpgrep_codebase_search search_string="Find all Swift files using deprecated FileManager.default or Thread.isMainThread" repo_path="/Volumes/Main SSD/Developer/clawdis"
-```
-
-**Quick Fix Commands:**
-```bash
-# Find all affected files
-find . -name "*.swift" -exec grep -l "FileManager\.default\|Thread\.isMainThread" {} \;
-
-# Replace FileManager.default with FileManager()
-find . -name "*.swift" -exec sed -i '' 's/FileManager\.default/FileManager()/g' {} \;
-
-# For Thread.isMainThread, need manual review of each usage
-grep -rn "Thread\.isMainThread" --include="*.swift" .
-```
-
-**Rebuild After Fixes:**
-```bash
-# Clean all build artifacts
-rm -rf apps/macos/.build apps/macos/.swiftpm
-rm -rf src/canvas-host/a2ui/.build
-
-# Rebuild Peekaboo bundle
-pnpm canvas:a2ui:bundle
-
-# Full macOS rebuild
-./scripts/restart-mac.sh
-```
-
---
-
-## Automation Script
-
-Save as `scripts/sync-upstream.sh`:
-
-```bash
-#!/usr/bin/env bash
-set -euo pipefail
-
-echo "==> Fetching upstream..."
-git fetch upstream
-
-echo "==> Current divergence:"
-git rev-list --left-right --count main...upstream/main
-
-echo "==> Rebasing onto upstream/main..."
-git rebase upstream/main
-
-echo "==> Installing dependencies..."
-pnpm install
-
-echo "==> Building..."
-pnpm build
-pnpm ui:build
-
-echo "==> Running doctor..."
-pnpm clawdbot doctor
-
-echo "==> Rebuilding macOS app..."
-./scripts/restart-mac.sh
-
-echo "==> Verifying gateway health..."
-pnpm clawdbot health
-
-echo "==> Checking for Swift 6.2 compatibility issues..."
-if grep -r "FileManager\.default\|Thread\.isMainThread" src/ apps/ --include="*.swift" --quiet; then
-    echo "⚠️  Found potential Swift 6.2 deprecated API usage"
-    echo "   Run manual fixes or use analyze-mode investigation"
-else
-    echo "✅ No obvious Swift deprecation issues found"
-fi
-
-echo "==> Testing agent functionality..."
-# Note: Update YOUR_TELEGRAM_SESSION_ID with actual session ID
-pnpm clawdbot agent --message "Verification: Upstream sync and macOS rebuild completed successfully." --session-id YOUR_TELEGRAM_SESSION_ID || echo "Warning: Agent test failed - check Telegram for verification message"
-
-echo "==> Done! Check Telegram for verification message, then run 'git push --force-with-lease' when ready."
-```
--- a/.detect-secrets.cfg
+++ b/.detect-secrets.cfg
@@ -1,26 +0,0 @@
-# detect-secrets exclusion patterns (regex)
-#
-# Note: detect-secrets does not read this file by default. If you want these
-# applied, wire them into your scan command (e.g. translate to --exclude-files
-# / --exclude-lines) or into a baseline's filters_used.
-
-[exclude-files]
-# pnpm lockfiles contain lots of high-entropy package integrity blobs.
-pattern = (^|/)pnpm-lock\.yaml$
-
-[exclude-lines]
-# Fastlane checks for private key marker; not a real key.
-pattern = key_content\.include\?\("BEGIN PRIVATE KEY"\)
-# UI label string for Anthropic auth mode.
-pattern = case \.apiKeyEnv: "API key \(env var\)"
-# CodingKeys mapping uses apiKey literal.
-pattern = case apikey = "apiKey"
-# Schema labels referencing password fields (not actual secrets).
-pattern = "gateway\.remote\.password"
-pattern = "gateway\.auth\.password"
-# Schema label for talk API key (label text only).
-pattern = "talk\.apiKey"
-# checking for typeof is not something we care about.
-pattern = === "string"
-# specific optional-chaining password check that didn't match the line above.
-pattern = typeof remote\?\.password === "string"
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +0,0 @@
-* text=auto eol=lf
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,28 +0,0 @@
---
-name: Bug report
-about: Report a problem or unexpected behavior in Clawdbot.
-title: "[Bug]: "
-labels: bug
---
-
-## Summary
-What went wrong?
-
-## Steps to reproduce
-1.
-2.
-3.
-
-## Expected behavior
-What did you expect to happen?
-
-## Actual behavior
-What actually happened?
-
-## Environment
- Clawdbot version:
- OS:
- Install method (pnpm/npx/docker/etc):
-
-## Logs or screenshots
-Paste relevant logs or add screenshots (redact secrets).
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,8 +0,0 @@
-blank_issues_enabled: true
-contact_links:
-  - name: Onboarding
-    url: https://discord.gg/clawd
-    about: New to Clawdbot? Join Discord for setup guidance from Krill in #help.
-  - name: Support
-    url: https://discord.gg/clawd
-    about: Get help from Krill and the community on Discord in #help.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,18 +0,0 @@
---
-name: Feature request
-about: Suggest an idea or improvement for Clawdbot.
-title: "[Feature]: "
-labels: enhancement
---
-
-## Summary
-Describe the problem you are trying to solve or the opportunity you see.
-
-## Proposed solution
-What would you like Clawdbot to do?
-
-## Alternatives considered
-Any other approaches you have considered?
-
-## Additional context
-Links, screenshots, or related issues.
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,84 +5,12 @@ on:
  pull_request:

 jobs:
-  install-check:
-    runs-on: blacksmith-4vcpu-ubuntu-2404
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          submodules: false
-
-      - name: Checkout submodules (retry)
-        run: |
-          set -euo pipefail
-          git submodule sync --recursive
-          for attempt in 1 2 3 4 5; do
-            if git -c protocol.version=2 submodule update --init --force --depth=1 --recursive; then
-              exit 0
-            fi
-            echo "Submodule update failed (attempt $attempt/5). Retrying…"
-            sleep $((attempt * 10))
-          done
-          exit 1
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 22.x
-          check-latest: true
-
-      - name: Runtime versions
-        run: |
-          node -v
-          npm -v
-
-      - name: Capture node path
-        run: echo "NODE_BIN=$(dirname \"$(node -p \"process.execPath\")\")" >> "$GITHUB_ENV"
-
-      - name: Enable corepack and pin pnpm
-        run: |
-          corepack enable
-          corepack prepare pnpm@10.23.0 --activate
-          pnpm -v
-
-      - name: Install dependencies (frozen)
-        env:
-          CI: true
-        run: |
-          export PATH="$NODE_BIN:$PATH"
-          which node
-          node -v
-          pnpm -v
-          pnpm install --frozen-lockfile --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true
-
-  checks:
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+  build:
+    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
-        include:
-          - runtime: node
-            task: lint
-            command: pnpm lint
-          - runtime: node
-            task: test
-            command: pnpm test
-          - runtime: node
-            task: build
-            command: pnpm build
-          - runtime: node
-            task: protocol
-            command: pnpm protocol:check
-          - runtime: node
-            task: format
-            command: pnpm format
-          - runtime: bun
-            task: test
-            command: bunx vitest run
-          - runtime: bun
-            task: build
-            command: bunx tsc -p tsconfig.json
+        runtime: [node, bun]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -103,186 +31,32 @@ jobs:
          exit 1

      - name: Setup Node.js
+        if: matrix.runtime == 'node'
        uses: actions/setup-node@v4
        with:
-          node-version: 22.x
+          node-version: 24
          check-latest: true

      - name: Setup Bun
+        if: matrix.runtime == 'bun'
        uses: oven-sh/setup-bun@v2
        with:
-          bun-version: latest
+          # bun.sh downloads currently fail with:
+          # "Failed to list releases from GitHub: 401" -> "Unexpected HTTP response: 400"
+          bun-download-url: "https://github.com/oven-sh/bun/releases/latest/download/bun-linux-x64.zip"

-      - name: Runtime versions
-        run: |
-          node -v
-          npm -v
-          bun -v
-
-      - name: Capture node path
-        run: echo "NODE_BIN=$(dirname \"$(node -p \"process.execPath\")\")" >> "$GITHUB_ENV"
-
-      - name: Enable corepack and pin pnpm
-        run: |
-          corepack enable
-          corepack prepare pnpm@10.23.0 --activate
-          pnpm -v
-
-      - name: Install dependencies
-        env:
-          CI: true
-        run: |
-          export PATH="$NODE_BIN:$PATH"
-          which node
-          node -v
-          pnpm -v
-          pnpm install --frozen-lockfile --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true || pnpm install --frozen-lockfile --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true
-
-      - name: Run ${{ matrix.task }} (${{ matrix.runtime }})
-        run: ${{ matrix.command }}
-
-  secrets:
-    runs-on: blacksmith-4vcpu-ubuntu-2404
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          submodules: false
-
-      - name: Setup Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-
-      - name: Install detect-secrets
-        run: |
-          python -m pip install --upgrade pip
-          python -m pip install detect-secrets==1.5.0
-
-      - name: Detect secrets
-        run: |
-          if ! detect-secrets scan --baseline .secrets.baseline; then
-            echo "::error::Secret scanning failed. See docs/gateway/security.md#secret-scanning-detect-secrets"
-            exit 1
-          fi
-
-  checks-windows:
-    runs-on: blacksmith-4vcpu-windows-2025
-    defaults:
-      run:
-        shell: bash
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - runtime: node
-            task: lint
-            command: pnpm lint
-          - runtime: node
-            task: test
-            command: pnpm test
-          - runtime: node
-            task: build
-            command: pnpm build
-          - runtime: node
-            task: protocol
-            command: pnpm protocol:check
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          submodules: false
-
-      - name: Checkout submodules (retry)
-        run: |
-          set -euo pipefail
-          git submodule sync --recursive
-          for attempt in 1 2 3 4 5; do
-            if git -c protocol.version=2 submodule update --init --force --depth=1 --recursive; then
-              exit 0
-            fi
-            echo "Submodule update failed (attempt $attempt/5). Retrying…"
-            sleep $((attempt * 10))
-          done
-          exit 1
-
-      - name: Setup Node.js
+      - name: Setup Node.js (tooling for bun)
+        if: matrix.runtime == 'bun'
        uses: actions/setup-node@v4
        with:
-          node-version: 22.x
-          check-latest: true
-
-      - name: Setup Bun
-        uses: oven-sh/setup-bun@v2
-        with:
-          bun-version: latest
-
-      - name: Runtime versions
-        run: |
-          node -v
-          npm -v
-          bun -v
-
-      - name: Capture node path
-        run: echo "NODE_BIN=$(dirname \"$(node -p \"process.execPath\")\")" >> "$GITHUB_ENV"
-
-      - name: Enable corepack and pin pnpm
-        run: |
-          corepack enable
-          corepack prepare pnpm@10.23.0 --activate
-          pnpm -v
-
-      - name: Install dependencies
-        env:
-          CI: true
-        run: |
-          export PATH="$NODE_BIN:$PATH"
-          which node
-          node -v
-          pnpm -v
-          pnpm install --frozen-lockfile --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true || pnpm install --frozen-lockfile --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true
-
-      - name: Run ${{ matrix.task }} (${{ matrix.runtime }})
-        run: ${{ matrix.command }}
-
-  checks-macos:
-    if: github.event_name == 'pull_request'
-    runs-on: macos-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - task: test
-            command: pnpm test
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          submodules: false
-
-      - name: Checkout submodules (retry)
-        run: |
-          set -euo pipefail
-          git submodule sync --recursive
-          for attempt in 1 2 3 4 5; do
-            if git -c protocol.version=2 submodule update --init --force --depth=1 --recursive; then
-              exit 0
-            fi
-            echo "Submodule update failed (attempt $attempt/5). Retrying…"
-            sleep $((attempt * 10))
-          done
-          exit 1
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 22.x
+          node-version: 24
          check-latest: true

      - name: Runtime versions
        run: |
          node -v
          npm -v
+          if [ "${{ matrix.runtime }}" = "bun" ]; then bun -v; fi

      - name: Capture node path
        run: echo "NODE_BIN=$(dirname \"$(node -p \"process.execPath\")\")" >> "$GITHUB_ENV"
@@ -301,44 +75,39 @@ jobs:
          which node
          node -v
          pnpm -v
-          pnpm install --frozen-lockfile --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true || pnpm install --frozen-lockfile --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true
+          pnpm install --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true || pnpm install --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true

-      - name: Run ${{ matrix.task }}
-        run: ${{ matrix.command }}
+      - name: Lint (node)
+        if: matrix.runtime == 'node'
+        run: pnpm lint
+
+      - name: Test (node)
+        if: matrix.runtime == 'node'
+        run: pnpm test
+
+      - name: Build (node)
+        if: matrix.runtime == 'node'
+        run: pnpm build
+
+      - name: Protocol check (node)
+        if: matrix.runtime == 'node'
+        run: pnpm protocol:check
+
+      - name: Lint (bun)
+        if: matrix.runtime == 'bun'
+        run: bunx biome check src
+
+      - name: Test (bun)
+        if: matrix.runtime == 'bun'
+        run: bunx vitest run
+
+      - name: Build (bun)
+        if: matrix.runtime == 'bun'
+        run: bunx tsc -p tsconfig.json

  macos-app:
    if: github.event_name == 'pull_request'
    runs-on: macos-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - task: lint
-            command: |
-              swiftlint --config .swiftlint.yml
-              swiftformat --lint apps/macos/Sources --config .swiftformat
-          - task: build
-            command: |
-              set -euo pipefail
-              for attempt in 1 2 3; do
-                if swift build --package-path apps/macos --configuration release; then
-                  exit 0
-                fi
-                echo "swift build failed (attempt $attempt/3). Retrying…"
-                sleep $((attempt * 20))
-              done
-              exit 1
-          - task: test
-            command: |
-              set -euo pipefail
-              for attempt in 1 2 3; do
-                if swift test --package-path apps/macos --parallel --enable-code-coverage --show-codecov-path; then
-                  exit 0
-                fi
-                echo "swift test failed (attempt $attempt/3). Retrying…"
-                sleep $((attempt * 20))
-              done
-              exit 1
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -373,8 +142,35 @@ jobs:
          xcodebuild -version
          swift --version

-      - name: Run ${{ matrix.task }}
-        run: ${{ matrix.command }}
+      - name: SwiftLint
+        run: swiftlint --config .swiftlint.yml
+
+      - name: SwiftFormat (lint mode)
+        run: swiftformat --lint apps/macos/Sources --config .swiftformat
+
+      - name: Swift build (release)
+        run: |
+          set -euo pipefail
+          for attempt in 1 2 3; do
+            if swift build --package-path apps/macos --configuration release; then
+              exit 0
+            fi
+            echo "swift build failed (attempt $attempt/3). Retrying…"
+            sleep $((attempt * 20))
+          done
+          exit 1
+
+      - name: Swift tests (coverage)
+        run: |
+          set -euo pipefail
+          for attempt in 1 2 3; do
+            if swift test --package-path apps/macos --parallel --enable-code-coverage --show-codecov-path; then
+              exit 0
+            fi
+            echo "swift test failed (attempt $attempt/3). Retrying…"
+            sleep $((attempt * 20))
+          done
+          exit 1
  ios:
    if: false # ignore iOS in CI for now
    runs-on: macos-latest
@@ -549,15 +345,7 @@ jobs:
          PY

  android:
-    runs-on: blacksmith-4vcpu-ubuntu-2404
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - task: test
-            command: ./gradlew --no-daemon :app:testDebugUnitTest
-          - task: build
-            command: ./gradlew --no-daemon :app:assembleDebug
+    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -585,8 +373,6 @@ jobs:

      - name: Setup Android SDK
        uses: android-actions/setup-android@v3
-        with:
-          accept-android-sdk-licenses: false

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v4
@@ -599,6 +385,6 @@ jobs:
            "platforms;android-36" \
            "build-tools;36.0.0"

-      - name: Run Android ${{ matrix.task }}
+      - name: Android unit tests + debug build
        working-directory: apps/android
-        run: ${{ matrix.command }}
+        run: ./gradlew --no-daemon :app:testDebugUnitTest :app:assembleDebug
--- a/.github/workflows/install-smoke.yml
+++ b/.github/workflows/install-smoke.yml
@@ -1,33 +0,0 @@
-name: Install Smoke
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-  workflow_dispatch:
-
-jobs:
-  install-smoke:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout CLI
-        uses: actions/checkout@v4
-
-      - name: Setup pnpm
-        uses: pnpm/action-setup@v3
-        with:
-          version: 10
-      - name: Enable Corepack
-        run: corepack enable
-
-      - name: Install pnpm deps (minimal)
-        run: pnpm install --ignore-scripts --frozen-lockfile
-
-      - name: Run installer docker tests
-        env:
-          CLAWDBOT_INSTALL_URL: https://clawd.bot/install.sh
-          CLAWDBOT_INSTALL_CLI_URL: https://clawd.bot/install-cli.sh
-          CLAWDBOT_NO_ONBOARD: "1"
-          CLAWDBOT_INSTALL_SMOKE_SKIP_CLI: "1"
-          CLAWDBOT_INSTALL_SMOKE_PREVIOUS: "2026.1.11-4"
-        run: pnpm test:install:smoke
--- a/.github/workflows/workflow-sanity.yml
+++ b/.github/workflows/workflow-sanity.yml
@@ -1,37 +0,0 @@
-name: Workflow Sanity
-
-on:
-  pull_request:
-  push:
-
-jobs:
-  no-tabs:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Fail on tabs in workflow files
-        run: |
-          python - <<'PY'
-          from __future__ import annotations
-
-          import pathlib
-          import sys
-
-          root = pathlib.Path(".github/workflows")
-          bad: list[str] = []
-          for path in sorted(root.rglob("*.yml")):
-            if b"\t" in path.read_bytes():
-              bad.append(str(path))
-
-          for path in sorted(root.rglob("*.yaml")):
-            if b"\t" in path.read_bytes():
-              bad.append(str(path))
-
-          if bad:
-            print("Tabs found in workflow file(s):")
-            for path in bad:
-              print(f"- {path}")
-            sys.exit(1)
-          PY
--- a/.gitignore
+++ b/.gitignore
@@ -1,12 +1,8 @@
 node_modules
-**/node_modules/
 .env
-docker-compose.extra.yml
 dist
 *.bun-build
 pnpm-lock.yaml
-bun.lock
-bun.lockb
 coverage
 .pnpm-store
 .worktrees/
@@ -19,24 +15,18 @@ ui/test-results/
 # Bun build artifacts
 *.bun-build
 apps/macos/.build/
-apps/shared/ClawdbotKit/.build/
-**/ModuleCache/
+apps/shared/ClawdisKit/.build/
 bin/
-bin/clawdbot-mac
+bin/clawdis-mac
 bin/docs-list
 apps/macos/.build-local/
 apps/macos/.swiftpm/
-apps/shared/ClawdbotKit/.swiftpm/
+apps/shared/ClawdisKit/.swiftpm/
 Core/
 apps/ios/*.xcodeproj/
 apps/ios/*.xcworkspace/
 apps/ios/.swiftpm/
 vendor/
-apps/ios/Clawdbot.xcodeproj/
-apps/ios/Clawdbot.xcodeproj/**
-apps/macos/.build/**
-**/*.bun-build
-apps/ios/*.xcfilelist

 # Vendor build artifacts
 vendor/a2ui/renderers/lit/dist/
@@ -49,8 +39,6 @@ apps/ios/fastlane/Preview.html
 apps/ios/fastlane/screenshots/
 apps/ios/fastlane/test_output/
 apps/ios/fastlane/logs/
-apps/ios/fastlane/.env
-apps/ios/fastlane/report.xml

 # fastlane build artifacts (local)
 apps/ios/*.ipa
@@ -59,13 +47,3 @@ apps/ios/*.dSYM.zip
 # provisioning profiles (local)
 apps/ios/*.mobileprovision
 .env
-
-# Local untracked files
-.local/
-.vscode/
-IDENTITY.md
-USER.md
-.tgz
-
-# local tooling
-.serena/
--- a/.gitmodules
+++ b/.gitmodules
@@ -0,0 +1,4 @@
+[submodule "Peekaboo"]
+	path = Peekaboo
+	url = https://github.com/steipete/Peekaboo.git
+	branch = main
--- a/.npmrc
+++ b/.npmrc
@@ -1 +1 @@
-allow-build-scripts=@whiskeysockets/baileys,sharp,esbuild,protobufjs,fs-ext,node-pty,@lydell/node-pty,@matrix-org/matrix-sdk-crypto-nodejs
+allow-build-scripts=@whiskeysockets/baileys,sharp,esbuild,protobufjs,fs-ext,node-pty
--- a/.oxfmtrc.jsonc
+++ b/.oxfmtrc.jsonc
@@ -1,5 +0,0 @@
-{
-  "$schema": "./node_modules/oxfmt/configuration_schema.json",
-  "indentWidth": 2,
-  "printWidth": 100
-}
--- a/.oxlintrc.json
+++ b/.oxlintrc.json
@@ -1,12 +0,0 @@
-{
-  "$schema": "./node_modules/oxlint/configuration_schema.json",
-  "plugins": [
-    "unicorn",
-    "typescript",
-    "oxc"
-  ],
-  "categories": {
-    "correctness": "error"
-  },
-  "ignorePatterns": ["src/canvas-host/a2ui/a2ui.bundle.js"]
-}
--- a/.prettierignore
+++ b/.prettierignore
@@ -1 +0,0 @@
-src/canvas-host/a2ui/a2ui.bundle.js
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -1,518 +0,0 @@
-{
-  "version": "1.5.0",
-  "plugins_used": [
-    {
-      "name": "ArtifactoryDetector"
-    },
-    {
-      "name": "AWSKeyDetector"
-    },
-    {
-      "name": "AzureStorageKeyDetector"
-    },
-    {
-      "name": "Base64HighEntropyString",
-      "limit": 4.5
-    },
-    {
-      "name": "BasicAuthDetector"
-    },
-    {
-      "name": "CloudantDetector"
-    },
-    {
-      "name": "DiscordBotTokenDetector"
-    },
-    {
-      "name": "GitHubTokenDetector"
-    },
-    {
-      "name": "GitLabTokenDetector"
-    },
-    {
-      "name": "HexHighEntropyString",
-      "limit": 3.0
-    },
-    {
-      "name": "IbmCloudIamDetector"
-    },
-    {
-      "name": "IbmCosHmacDetector"
-    },
-    {
-      "name": "IPPublicDetector"
-    },
-    {
-      "name": "JwtTokenDetector"
-    },
-    {
-      "name": "KeywordDetector",
-      "keyword_exclude": ""
-    },
-    {
-      "name": "MailchimpDetector"
-    },
-    {
-      "name": "NpmDetector"
-    },
-    {
-      "name": "OpenAIDetector"
-    },
-    {
-      "name": "PrivateKeyDetector"
-    },
-    {
-      "name": "PypiTokenDetector"
-    },
-    {
-      "name": "SendGridDetector"
-    },
-    {
-      "name": "SlackDetector"
-    },
-    {
-      "name": "SoftlayerDetector"
-    },
-    {
-      "name": "SquareOAuthDetector"
-    },
-    {
-      "name": "StripeDetector"
-    },
-    {
-      "name": "TelegramBotTokenDetector"
-    },
-    {
-      "name": "TwilioKeyDetector"
-    }
-  ],
-  "filters_used": [
-    {
-      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
-    },
-    {
-      "path": "detect_secrets.filters.common.is_baseline_file",
-      "filename": ".secrets.baseline"
-    },
-    {
-      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
-      "min_level": 2
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_lock_file"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_sequential_string"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_swagger_file"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_templated_secret"
-    },
-    {
-      "path": "detect_secrets.filters.regex.should_exclude_file",
-      "pattern": [
-        "(^|/)pnpm-lock\\.yaml$"
-      ]
-    },
-    {
-      "path": "detect_secrets.filters.regex.should_exclude_line",
-      "pattern": [
-        "key_content\\.include\\?\\(\"BEGIN PRIVATE KEY\"\\)",
-        "case \\.apiKeyEnv: \"API key \\(env var\\)\"",
-        "case apikey = \"apiKey\"",
-        "\"gateway\\.remote\\.password\"",
-        "\"gateway\\.auth\\.password\"",
-        "\"talk\\.apiKey\"",
-        "=== \"string\"",
-        "typeof remote\\?\\.password === \"string\""
-      ]
-    }
-  ],
-  "results": {
-    ".env.example": [
-      {
-        "type": "Twilio API Key",
-        "filename": ".env.example",
-        "hashed_secret": "3c7206eff845bc69cf12d904d0f95f9aec15535e",
-        "is_verified": false,
-        "line_number": 2
-      }
-    ],
-    "appcast.xml": [
-      {
-        "type": "Base64 High Entropy String",
-        "filename": "appcast.xml",
-        "hashed_secret": "1b1c2b73eca84e441a823c37a06c71c9fadcfe24",
-        "is_verified": false,
-        "line_number": 19
-      },
-      {
-        "type": "Base64 High Entropy String",
-        "filename": "appcast.xml",
-        "hashed_secret": "5c47736fee5151b26b3bb61bb38955da0e8937c6",
-        "is_verified": false,
-        "line_number": 35
-      },
-      {
-        "type": "Base64 High Entropy String",
-        "filename": "appcast.xml",
-        "hashed_secret": "bbbca47179268f154c63affa0ca441c6e49e650f",
-        "is_verified": false,
-        "line_number": 52
-      }
-    ],
-    "apps/macos/Tests/ClawdbotIPCTests/AnthropicAuthResolverTests.swift": [
-      {
-        "type": "Secret Keyword",
-        "filename": "apps/macos/Tests/ClawdbotIPCTests/AnthropicAuthResolverTests.swift",
-        "hashed_secret": "e761624445731fcb8b15da94343c6b92e507d190",
-        "is_verified": false,
-        "line_number": 26
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "apps/macos/Tests/ClawdbotIPCTests/AnthropicAuthResolverTests.swift",
-        "hashed_secret": "a23c8630c8a5fbaa21f095e0269c135c20d21689",
-        "is_verified": false,
-        "line_number": 42
-      }
-    ],
-    "apps/macos/Tests/ClawdbotIPCTests/ConnectionsSettingsSmokeTests.swift": [
-      {
-        "type": "Secret Keyword",
-        "filename": "apps/macos/Tests/ClawdbotIPCTests/ConnectionsSettingsSmokeTests.swift",
-        "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
-        "is_verified": false,
-        "line_number": 83
-      }
-    ],
-    "apps/macos/Tests/ClawdbotIPCTests/TailscaleIntegrationSectionTests.swift": [
-      {
-        "type": "Secret Keyword",
-        "filename": "apps/macos/Tests/ClawdbotIPCTests/TailscaleIntegrationSectionTests.swift",
-        "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
-        "is_verified": false,
-        "line_number": 27
-      }
-    ],
-    "docs/configuration.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/configuration.md",
-        "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
-        "is_verified": false,
-        "line_number": 268
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/configuration.md",
-        "hashed_secret": "1188d5a8ed7edcff5144a9472af960243eacf12e",
-        "is_verified": false,
-        "line_number": 465
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/configuration.md",
-        "hashed_secret": "22af290a1a3d5e941193a41a3d3a9e4ca8da5e27",
-        "is_verified": false,
-        "line_number": 718
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/configuration.md",
-        "hashed_secret": "16c249e04e2be318050cb883c40137361c0c7209",
-        "is_verified": false,
-        "line_number": 760
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/configuration.md",
-        "hashed_secret": "c1e6ee547fd492df1441ac492e8bb294974712bd",
-        "is_verified": false,
-        "line_number": 859
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/configuration.md",
-        "hashed_secret": "45d676e7c6ab44cf4b8fa366ef2d8fccd3e6d6e6",
-        "is_verified": false,
-        "line_number": 982
-      }
-    ],
-    "docs/faq.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/faq.md",
-        "hashed_secret": "a219d7693c25cd2d93313512e200ff3eb374d281",
-        "is_verified": false,
-        "line_number": 593
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/faq.md",
-        "hashed_secret": "ec3810e10fb78db55ce38b9c18d1c3eb1db739e0",
-        "is_verified": false,
-        "line_number": 650
-      }
-    ],
-    "docs/skills-config.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/skills-config.md",
-        "hashed_secret": "c1e6ee547fd492df1441ac492e8bb294974712bd",
-        "is_verified": false,
-        "line_number": 28
-      }
-    ],
-    "docs/skills.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/skills.md",
-        "hashed_secret": "c1e6ee547fd492df1441ac492e8bb294974712bd",
-        "is_verified": false,
-        "line_number": 97
-      }
-    ],
-    "docs/tailscale.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/tailscale.md",
-        "hashed_secret": "9cb0dc5383312aa15b9dc6745645bde18ff5ade9",
-        "is_verified": false,
-        "line_number": 52
-      }
-    ],
-    "docs/talk.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/talk.md",
-        "hashed_secret": "1188d5a8ed7edcff5144a9472af960243eacf12e",
-        "is_verified": false,
-        "line_number": 50
-      }
-    ],
-    "docs/telegram.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "docs/telegram.md",
-        "hashed_secret": "e9fe51f94eadabf54dbf2fbbd57188b9abee436e",
-        "is_verified": false,
-        "line_number": 57
-      }
-    ],
-    "skills/local-places/SERVER_README.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "skills/local-places/SERVER_README.md",
-        "hashed_secret": "6d9c68c603e465077bdd49c62347fe54717f83a3",
-        "is_verified": false,
-        "line_number": 28
-      }
-    ],
-    "skills/openai-whisper-api/SKILL.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "skills/openai-whisper-api/SKILL.md",
-        "hashed_secret": "1077361f94d70e1ddcc7c6dc581a489532a81d03",
-        "is_verified": false,
-        "line_number": 39
-      }
-    ],
-    "skills/trello/SKILL.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "skills/trello/SKILL.md",
-        "hashed_secret": "11fa7c37d697f30e6aee828b4426a10f83ab2380",
-        "is_verified": false,
-        "line_number": 18
-      }
-    ],
-    "src/agents/models-config.test.ts": [
-      {
-        "type": "Secret Keyword",
-        "filename": "src/agents/models-config.test.ts",
-        "hashed_secret": "7cf31e8b6cda49f70c31f1f25af05d46f924142d",
-        "is_verified": false,
-        "line_number": 25
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "src/agents/models-config.test.ts",
-        "hashed_secret": "3a81eb091f80c845232225be5663d270e90dacb7",
-        "is_verified": false,
-        "line_number": 90
-      }
-    ],
-    "src/agents/skills.test.ts": [
-      {
-        "type": "Secret Keyword",
-        "filename": "src/agents/skills.test.ts",
-        "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f",
-        "is_verified": false,
-        "line_number": 158
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "src/agents/skills.test.ts",
-        "hashed_secret": "7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb",
-        "is_verified": false,
-        "line_number": 265
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "src/agents/skills.test.ts",
-        "hashed_secret": "5df3a673d724e8a1eb673a8baf623e183940804d",
-        "is_verified": false,
-        "line_number": 462
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "src/agents/skills.test.ts",
-        "hashed_secret": "8921daaa546693e52bc1f9c40bdcf15e816e0448",
-        "is_verified": false,
-        "line_number": 490
-      }
-    ],
-    "src/browser/target-id.test.ts": [
-      {
-        "type": "Hex High Entropy String",
-        "filename": "src/browser/target-id.test.ts",
-        "hashed_secret": "4e126c049580d66ca1549fa534d95a7263f27f46",
-        "is_verified": false,
-        "line_number": 16
-      }
-    ],
-    "src/commands/antigravity-oauth.ts": [
-      {
-        "type": "Base64 High Entropy String",
-        "filename": "src/commands/antigravity-oauth.ts",
-        "hashed_secret": "709d0f232b6ac4f8d24dec3e4fabfdb14257174f",
-        "is_verified": false,
-        "line_number": 17
-      },
-      {
-        "type": "Base64 High Entropy String",
-        "filename": "src/commands/antigravity-oauth.ts",
-        "hashed_secret": "3848603b8e866f62d07c206ff622279b9dcb0238",
-        "is_verified": false,
-        "line_number": 20
-      }
-    ],
-    "src/commands/onboard-auth.ts": [
-      {
-        "type": "Secret Keyword",
-        "filename": "src/commands/onboard-auth.ts",
-        "hashed_secret": "16c249e04e2be318050cb883c40137361c0c7209",
-        "is_verified": false,
-        "line_number": 50
-      }
-    ],
-    "src/config/config.test.ts": [
-      {
-        "type": "Secret Keyword",
-        "filename": "src/config/config.test.ts",
-        "hashed_secret": "bea2f7b64fab8d1d414d0449530b1e088d36d5b1",
-        "is_verified": false,
-        "line_number": 520
-      }
-    ],
-    "src/gateway/server.auth.test.ts": [
-      {
-        "type": "Secret Keyword",
-        "filename": "src/gateway/server.auth.test.ts",
-        "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
-        "is_verified": false,
-        "line_number": 89
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "src/gateway/server.auth.test.ts",
-        "hashed_secret": "a4b48a81cdab1e1a5dd37907d6c85ca1c61ddc7c",
-        "is_verified": false,
-        "line_number": 109
-      }
-    ],
-    "src/infra/env.test.ts": [
-      {
-        "type": "Secret Keyword",
-        "filename": "src/infra/env.test.ts",
-        "hashed_secret": "df98a117ddabf85991b9fe0e268214dc0e1254dc",
-        "is_verified": false,
-        "line_number": 10
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "src/infra/env.test.ts",
-        "hashed_secret": "6d811dc1f59a55ca1a3d38b5042a062b9f79e8ec",
-        "is_verified": false,
-        "line_number": 25
-      }
-    ],
-    "src/infra/shell-env.test.ts": [
-      {
-        "type": "Secret Keyword",
-        "filename": "src/infra/shell-env.test.ts",
-        "hashed_secret": "65c10dc3549fe07424148a8a4790a3341ecbc253",
-        "is_verified": false,
-        "line_number": 35
-      },
-      {
-        "type": "Base64 High Entropy String",
-        "filename": "src/infra/shell-env.test.ts",
-        "hashed_secret": "64db6bf7f0e5a0491df4419f0eb1bbcc402989e8",
-        "is_verified": false,
-        "line_number": 56
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "src/infra/shell-env.test.ts",
-        "hashed_secret": "e013ffda590d2178607c16d11b1ea42f75ceb0e7",
-        "is_verified": false,
-        "line_number": 73
-      },
-      {
-        "type": "Base64 High Entropy String",
-        "filename": "src/infra/shell-env.test.ts",
-        "hashed_secret": "be6ee9a6bf9f2dad84a5a67d6c0576a5bacc391e",
-        "is_verified": false,
-        "line_number": 75
-      }
-    ],
-    "src/web/qr-image.test.ts": [
-      {
-        "type": "Hex High Entropy String",
-        "filename": "src/web/qr-image.test.ts",
-        "hashed_secret": "564666dc1ca6e7318b2d5feeb1ce7b5bf717411e",
-        "is_verified": false,
-        "line_number": 12
-      }
-    ],
-    "vendor/a2ui/README.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "vendor/a2ui/README.md",
-        "hashed_secret": "2619a5397a5d054dab3fe24e6a8da1fbd76ec3a6",
-        "is_verified": false,
-        "line_number": 123
-      }
-    ]
-  },
-  "generated_at": "2026-01-05T13:01:00Z"
-}
--- a/.swiftformat
+++ b/.swiftformat
@@ -48,4 +48,4 @@
 --allman false

 # Exclusions
--exclude .build,.swiftpm,DerivedData,node_modules,dist,coverage,xcuserdata,Peekaboo,Swabble,apps/android,apps/ios,apps/shared,apps/macos/Sources/ClawdisProtocol,apps/macos/Sources/ClawdbotProtocol
+--exclude .build,.swiftpm,DerivedData,node_modules,dist,coverage,xcuserdata,apps/macos/Sources/ClawdisProtocol
--- a/.swiftlint.yml
+++ b/.swiftlint.yml
@@ -17,8 +17,6 @@ excluded:
  - dist
  - coverage
  - "*.playground"
-  # Generated (protocol-gen-swift.ts)
-  - apps/macos/Sources/ClawdbotProtocol/GatewayModels.swift

 analyzer_rules:
  - unused_declaration
@@ -110,10 +108,6 @@ function_body_length:
  warning: 150
  error: 300

-function_parameter_count:
-  warning: 7
-  error: 10
-
 file_length:
  warning: 1500
  error: 2500
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,57 +1,27 @@
 # Repository Guidelines
- Repo: https://github.com/clawdbot/clawdbot
- GitHub issues/comments/PR comments: use literal multiline strings or `-F - <<'EOF'` (or $'...') for real newlines; never embed "\\n".

 ## Project Structure & Module Organization
 - Source code: `src/` (CLI wiring in `src/cli`, commands in `src/commands`, web provider in `src/provider-web.ts`, infra in `src/infra`, media pipeline in `src/media`).
 - Tests: colocated `*.test.ts`.
 - Docs: `docs/` (images, queue, Pi config). Built output lives in `dist/`.
- Plugins/extensions: live under `extensions/*` (workspace packages). Keep plugin-only deps in the extension `package.json`; do not add them to the root `package.json` unless core uses them.
- Installers served from `https://clawd.bot/*`: live in the sibling repo `../clawd.bot` (`public/install.sh`, `public/install-cli.sh`, `public/install.ps1`).
- Messaging channels: always consider **all** built-in + extension channels when refactoring shared logic (routing, allowlists, pairing, command gating, onboarding, docs).
-  - Core channel docs: `docs/channels/`
-  - Core channel code: `src/telegram`, `src/discord`, `src/slack`, `src/signal`, `src/imessage`, `src/web` (WhatsApp web), `src/channels`, `src/routing`
-  - Extensions (channel plugins): `extensions/*` (e.g. `extensions/msteams`, `extensions/matrix`, `extensions/zalo`, `extensions/zalouser`, `extensions/voice-call`)
-
-## Docs Linking (Mintlify)
- Docs are hosted on Mintlify (docs.clawd.bot).
- Internal doc links in `docs/**/*.md`: root-relative, no `.md`/`.mdx` (example: `[Config](/configuration)`).
- Section cross-references: use anchors on root-relative paths (example: `[Hooks](/configuration#hooks)`).
- When Peter asks for links, reply with full `https://docs.clawd.bot/...` URLs (not root-relative).
- When you touch docs, end the reply with the `https://docs.clawd.bot/...` URLs you referenced.
- README (GitHub): keep absolute docs URLs (`https://docs.clawd.bot/...`) so links work on GitHub.
- Docs content must be generic: no personal device names/hostnames/paths; use placeholders like `user@gateway-host` and “gateway host”.

 ## Build, Test, and Development Commands
- Runtime baseline: Node **22+** (keep Node + Bun paths working).
 - Install deps: `pnpm install`
- Also supported: `bun install` (keep `pnpm-lock.yaml` + Bun patching in sync when touching deps/patches).
- Prefer Bun for TypeScript execution (scripts, dev, tests): `bun <file.ts>` / `bunx <tool>`.
- Run CLI in dev: `pnpm clawdbot ...` (bun) or `pnpm dev`.
- Node remains supported for running built output (`dist/*`) and production installs.
+- Run CLI in dev: `pnpm clawdis ...` (tsx entry) or `pnpm dev` for `src/index.ts`.
 - Type-check/build: `pnpm build` (tsc)
- Lint/format: `pnpm lint` (oxlint), `pnpm format` (oxfmt)
+- Lint/format: `pnpm lint` (biome check), `pnpm format` (biome format)
 - Tests: `pnpm test` (vitest); coverage: `pnpm test:coverage`

 ## Coding Style & Naming Conventions
 - Language: TypeScript (ESM). Prefer strict typing; avoid `any`.
- Formatting/linting via Oxlint and Oxfmt; run `pnpm lint` before commits.
- Add brief code comments for tricky or non-obvious logic.
+- Formatting/linting via Biome; run `pnpm lint` before commits.
 - Keep files concise; extract helpers instead of “V2” copies. Use existing patterns for CLI options and dependency injection via `createDefaultDeps`.
 - Aim to keep files under ~700 LOC; guideline only (not a hard guardrail). Split/refactor when it improves clarity or testability.
- Naming: use **Clawdbot** for product/app/docs headings; use `clawdbot` for CLI command, package/binary, paths, and config keys.
-
-## Release Channels (Naming)
- stable: tagged releases only (e.g. `vYYYY.M.D`), npm dist-tag `latest`.
- beta: prerelease tags `vYYYY.M.D-beta.N`, npm dist-tag `beta` (may ship without macOS app).
- dev: moving head on `main` (no tag; git checkout main).

 ## Testing Guidelines
 - Framework: Vitest with V8 coverage thresholds (70% lines/branches/functions/statements).
 - Naming: match source names with `*.test.ts`; e2e in `*.e2e.test.ts`.
 - Run `pnpm test` (or `pnpm test:coverage`) before pushing when you touch logic.
- Live tests (real keys): `CLAWDBOT_LIVE_TEST=1 pnpm test:live` (Clawdbot-only) or `LIVE=1 pnpm test:live` (includes provider live tests). Docker: `pnpm test:docker:live-models`, `pnpm test:docker:live-gateway`. Onboarding Docker E2E: `pnpm test:docker:onboard`.
- Full kit + what’s covered: `docs/testing.md`.
 - Pure test additions/fixes generally do **not** need a changelog entry unless they alter user-facing behavior or the user asks for one.
 - Mobile: before using a simulator, check for connected real devices (iOS + Android) and prefer them when available.

@@ -59,83 +29,50 @@
 - Create commits with `scripts/committer "<msg>" <file...>`; avoid manual `git add`/`git commit` so staging stays scoped.
 - Follow concise, action-oriented commit messages (e.g., `CLI: add verbose flag to send`).
 - Group related changes; avoid bundling unrelated refactors.
- Changelog workflow: keep latest released version at top (no `Unreleased`); after publishing, bump version and start a new top section.
 - PRs should summarize scope, note testing performed, and mention any user-facing changes or new flags.
- PR review flow: when given a PR link, review via `gh pr view`/`gh pr diff` and do **not** change branches.
- PR review calls: prefer a single `gh pr view --json ...` to batch metadata/comments; run `gh pr diff` only when needed.
- Before starting a review when a GH Issue/PR is pasted: run `git pull`; if there are local changes or unpushed commits, stop and alert the user before reviewing.
- PR merge flow: create a temp branch from `main`, merge the PR branch into it (prefer squash unless commit history is important; use rebase/merge when it is). Always try to merge the PR unless it’s truly difficult, then use another approach. If we squash, add the PR author as a co-contributor. Apply fixes, add changelog entry (include PR # + thanks), run full gate before the final commit, commit, merge back to `main`, delete the temp branch, and end on `main`.
- If you review a PR and later do work on it, land via merge/squash (no direct-main commits) and always add the PR author as a co-contributor.
- When working on a PR: add a changelog entry with the PR number and thank the contributor.
- When working on an issue: reference the issue in the changelog entry.
- When merging a PR: leave a PR comment that explains exactly what we did and include the SHA hashes.
- When merging a PR from a new contributor: add their avatar to the README “Thanks to all clawtributors” thumbnail list.
- After merging a PR: run `bun scripts/update-clawtributors.ts` if the contributor is missing, then commit the regenerated README.
-
-## Shorthand Commands
- `sync`: if working tree is dirty, commit all changes (pick a sensible Conventional Commit message), then `git pull --rebase`; if rebase conflicts and cannot resolve, stop; otherwise `git push`.
-
-### PR Workflow (Review vs Land)
- **Review mode (PR link only):** read `gh pr view/diff`; **do not** switch branches; **do not** change code.
- **Landing mode:** create an integration branch from `main`, bring in PR commits (**prefer rebase** for linear history; **merge allowed** when complexity/conflicts make it safer), apply fixes, add changelog (+ thanks + PR #), run full gate **locally before committing** (`pnpm lint && pnpm build && pnpm test`), commit, merge back to `main`, then `git switch main` (never stay on a topic branch after landing). Important: contributor needs to be in git graph after this!

 ## Security & Configuration Tips
- Web provider stores creds at `~/.clawdbot/credentials/`; rerun `clawdbot login` if logged out.
- Pi sessions live under `~/.clawdbot/sessions/` by default; the base directory is not configurable.
- Environment variables: see `~/.profile`.
+- Web provider stores creds at `~/.clawdis/credentials/`; rerun `clawdis login` if logged out.
+- Pi sessions live under `~/.clawdis/sessions/` by default; the base directory is not configurable.
 - Never commit or publish real phone numbers, videos, or live configuration values. Use obviously fake placeholders in docs, tests, and examples.
- - Release flow: always read `docs/reference/RELEASING.md` and `docs/platforms/mac/release.md` before any release work; do not ask routine questions once those docs answer them.
-
-## Troubleshooting
- Rebrand/migration issues or legacy config/service warnings: run `clawdbot doctor` (see `docs/gateway/doctor.md`).

 ## Agent-Specific Notes
- Vocabulary: "makeup" = "mac app".
- Never edit `node_modules` (global/Homebrew/npm/git installs too). Updates overwrite. Skill notes go in `tools.md` or `AGENTS.md`.
- When working on a GitHub Issue or PR, print the full URL at the end of the task.
- When answering questions, respond with high-confidence answers only: verify in code; do not guess.
- Never update the Carbon dependency.
- Any dependency with `pnpm.patchedDependencies` must use an exact version (no `^`/`~`).
- Patching dependencies (pnpm patches, overrides, or vendored changes) requires explicit approval; do not do this by default.
- CLI progress: use `src/cli/progress.ts` (`osc-progress` + `@clack/prompts` spinner); don’t hand-roll spinners/bars.
- Status output: keep tables + ANSI-safe wrapping (`src/terminal/table.ts`); `status --all` = read-only/pasteable, `status --deep` = probes.
- Gateway currently runs only as the menubar app; there is no separate LaunchAgent/helper label installed. Restart via the Clawdbot Mac app or `scripts/restart-mac.sh`; to verify/kill use `launchctl print gui/$UID | grep clawdbot` rather than assuming a fixed label. **When debugging on macOS, start/stop the gateway via the app, not ad-hoc tmux sessions; kill any temporary tunnels before handoff.**
- macOS logs: use `./scripts/clawlog.sh` (aka `vtlog`) to query unified logs for the Clawdbot subsystem; it supports follow/tail/category filters and expects passwordless sudo for `/usr/bin/log`.
- If shared guardrails are available locally, review them; otherwise follow this repo's guidance.
+- Gateway currently runs only as the menubar app (launchctl shows `application.com.steipete.clawdis.debug.*`), there is no separate LaunchAgent/helper label installed. Restart via the Clawdis Mac app or `scripts/restart-mac.sh`; to verify/kill use `launchctl print gui/$UID | grep clawdis` rather than expecting `com.steipete.clawdis`. **When debugging on macOS, start/stop the gateway via the app, not ad-hoc tmux sessions; kill any temporary tunnels before handoff.**
+- macOS logs: use `./scripts/clawlog.sh` (aka `vtlog`) to query unified logs for subsystem `com.steipete.clawdis`; it supports follow/tail/category filters and expects passwordless sudo for `/usr/bin/log`.
+- Also read the shared guardrails at `~/Projects/oracle/AGENTS.md` and `~/Projects/agent-scripts/AGENTS.MD` before making changes; align with any cross-repo rules noted there.
 - SwiftUI state management (iOS/macOS): prefer the `Observation` framework (`@Observable`, `@Bindable`) over `ObservableObject`/`@StateObject`; don’t introduce new `ObservableObject` unless required for compatibility, and migrate existing usages when touching related code.
 - Connection providers: when adding a new connection, update every UI surface and docs (macOS app, web UI, mobile if applicable, onboarding/overview docs) and add matching status + configuration forms so provider lists and settings stay in sync.
- Version locations: `package.json` (CLI), `apps/android/app/build.gradle.kts` (versionName/versionCode), `apps/ios/Sources/Info.plist` + `apps/ios/Tests/Info.plist` (CFBundleShortVersionString/CFBundleVersion), `apps/macos/Sources/Clawdbot/Resources/Info.plist` (CFBundleShortVersionString/CFBundleVersion), `docs/install/updating.md` (pinned npm version), `docs/platforms/mac/release.md` (APP_VERSION/APP_BUILD examples), Peekaboo Xcode projects/Info.plists (MARKETING_VERSION/CURRENT_PROJECT_VERSION).
 - **Restart apps:** “restart iOS/Android apps” means rebuild (recompile/install) and relaunch, not just kill/launch.
 - **Device checks:** before testing, verify connected real devices (iOS/Android) before reaching for simulators/emulators.
 - iOS Team ID lookup: `security find-identity -p codesigning -v` → use Apple Development (…) TEAMID. Fallback: `defaults read com.apple.dt.Xcode IDEProvisioningTeamIdentifiers`.
- A2UI bundle hash: `src/canvas-host/a2ui/.bundle.hash` is auto-generated; ignore unexpected changes, and only regenerate via `pnpm canvas:a2ui:bundle` (or `scripts/bundle-a2ui.sh`) when needed. Commit the hash as a separate commit.
- Release signing/notary keys are managed outside the repo; follow internal release docs.
- Notary auth env vars (`APP_STORE_CONNECT_ISSUER_ID`, `APP_STORE_CONNECT_KEY_ID`, `APP_STORE_CONNECT_API_KEY_P8`) are expected in your environment (per internal release docs).
- **Multi-agent safety:** do **not** create/apply/drop `git stash` entries unless explicitly requested (this includes `git pull --rebase --autostash`). Assume other agents may be working; keep unrelated WIP untouched and avoid cross-cutting state changes.
- **Multi-agent safety:** when the user says "push", you may `git pull --rebase` to integrate latest changes (never discard other agents' work). When the user says "commit", scope to your changes only. When the user says "commit all", commit everything in grouped chunks.
- **Multi-agent safety:** do **not** create/remove/modify `git worktree` checkouts (or edit `.worktrees/*`) unless explicitly requested.
- **Multi-agent safety:** do **not** switch branches / check out a different branch unless explicitly requested.
+- A2UI bundle hash: `src/canvas-host/a2ui/.bundle.hash` is auto-generated; regenerate via `pnpm canvas:a2ui:bundle` (or `scripts/bundle-a2ui.sh`) instead of manual conflict resolution.
+- Notary key file lives at `~/Library/CloudStorage/Dropbox/Backup/AppStore/AuthKey_NJF3NFGTS3.p8` (Sparkle keys live under `~/Library/CloudStorage/Dropbox/Backup/Sparkle`).
+- **Multi-agent safety:** do **not** create/apply/drop `git stash` entries unless Peter explicitly asks (this includes `git pull --rebase --autostash`). Assume other agents may be working; keep unrelated WIP untouched and avoid cross-cutting state changes.
+- **Multi-agent safety:** when Peter says "push", you may `git pull --rebase` to integrate latest changes (never discard other agents' work). When Peter says "commit", scope to your changes only. When Peter says "commit all", commit everything in grouped chunks.
+- **Multi-agent safety:** do **not** create/remove/modify `git worktree` checkouts (or edit `.worktrees/*`) unless Peter explicitly asks.
+- **Multi-agent safety:** do **not** switch branches / check out a different branch unless Peter explicitly asks.
 - **Multi-agent safety:** running multiple agents is OK as long as each agent has its own session.
- **Multi-agent safety:** when you see unrecognized files, keep going; focus on your changes and commit only those.
- Lobster seam: use the shared CLI palette in `src/terminal/palette.ts` (no hardcoded colors); apply palette to onboarding/config prompts and other TTY UI output as needed.
- **Multi-agent safety:** focus reports on your edits; avoid guard-rail disclaimers unless truly blocked; when multiple agents touch the same file, continue if safe; end with a brief “other files present” note only if relevant.
- Bug investigations: read source code of relevant npm dependencies and all related local code before concluding; aim for high-confidence root cause.
- Code style: add brief comments for tricky logic; keep files under ~500 LOC when feasible (split/refactor as needed).
- Tool schema guardrails (google-antigravity): avoid `Type.Union` in tool input schemas; no `anyOf`/`oneOf`/`allOf`. Use `stringEnum`/`optionalStringEnum` (Type.Unsafe enum) for string lists, and `Type.Optional(...)` instead of `... | null`. Keep top-level tool schema as `type: "object"` with `properties`.
- Tool schema guardrails: avoid raw `format` property names in tool schemas; some validators treat `format` as a reserved keyword and reject the schema.
- When asked to open a “session” file, open the Pi session logs under `~/.clawdbot/agents/<agentId>/sessions/*.jsonl` (use the `agent=<id>` value in the Runtime line of the system prompt; newest unless a specific ID is given), not the default `sessions.json`. If logs are needed from another machine, SSH via Tailscale and read the same path there.
+- When asked to open a “session” file, open the Pi session logs under `~/.clawdis/sessions/*.jsonl` (newest unless a specific ID is given), not the default `sessions.json`. If logs are needed from Mac Studio, SSH via Tailscale and read the same path there.
+- Menubar dimming + restart flow mirrors Trimmy: use `scripts/restart-mac.sh` (kills all Clawdis variants, runs `swift build`, packages, relaunches). Icon dimming depends on MenuBarExtraAccess wiring in AppMain; keep `appearsDisabled` updates intact when touching the status item.
 - Do not rebuild the macOS app over SSH; rebuilds must be run directly on the Mac.
 - Never send streaming/partial replies to external messaging surfaces (WhatsApp, Telegram); only final replies should be delivered there. Streaming/tool events may still go to internal UIs/control channel.
 - Voice wake forwarding tips:
-  - Command template should stay `clawdbot-mac agent --message "${text}" --thinking low`; `VoiceWakeForwarder` already shell-escapes `${text}`. Don’t add extra quotes.
-  - launchd PATH is minimal; ensure the app’s launch agent PATH includes standard system paths plus your pnpm bin (typically `$HOME/Library/pnpm`) so `pnpm`/`clawdbot` binaries resolve when invoked via `clawdbot-mac`.
- For manual `clawdbot message send` messages that include `!`, use the heredoc pattern noted below to avoid the Bash tool’s escaping.
- Release guardrails: do not change version numbers without operator’s explicit consent; always ask permission before running any npm publish/release step.
+  - Command template should stay `clawdis-mac agent --message "${text}" --thinking low`; `VoiceWakeForwarder` already shell-escapes `${text}`. Don’t add extra quotes.
+  - launchd PATH is minimal; ensure the app’s launch agent sets PATH to include `/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Users/steipete/Library/pnpm` so `pnpm`/`clawdis` binaries resolve when invoked via `clawdis-mac`.
+  - For manual `clawdis send` messages that include `!`, use the heredoc pattern noted below to avoid the Bash tool’s escaping.

-## NPM + 1Password (publish/verify)
- Use the 1password skill; all `op` commands must run inside a fresh tmux session.
- Sign in: `eval "$(op signin --account my.1password.com)"` (app unlocked + integration on).
- OTP: `op read 'op://Private/Npmjs/one-time password?attribute=otp'`.
- Publish: `npm publish --access public --otp="<otp>"` (run from the package dir).
- Verify without local npmrc side effects: `npm view <pkg> version --userconfig "$(mktemp)"`.
- Kill the tmux session after publish.
+## Exclamation Mark Escaping Workaround
+The Claude Code Bash tool escapes `!` to `\\!` in command arguments. When using `clawdis send` with messages containing exclamation marks, use heredoc syntax:
+
+```bash
+# WRONG - will send "Hello\\!" with backslash
+clawdis send --to "+1234" --message 'Hello!'
+
+# CORRECT - use heredoc to avoid escaping
+clawdis send --to "+1234" --message "$(cat <<'EOF'
+Hello!
+EOF
+)"
+```
+
+This is a Claude Code quirk, not a clawdis bug.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,9 +1,9 @@
-# Contributing to Clawdbot
+# Contributing to Clawdis

 Welcome to the lobster tank! 🦞

 ## Quick Links
- **GitHub:** https://github.com/clawdbot/clawdbot
+- **GitHub:** https://github.com/steipete/clawdis
 - **Discord:** https://discord.gg/qkhbAGHRBT
 - **X/Twitter:** [@steipete](https://x.com/steipete) / [@clawdbot](https://x.com/clawdbot)

@@ -12,19 +12,19 @@ Welcome to the lobster tank! 🦞
 - **Peter Steinberger** - Benevolent Dictator
  - GitHub: [@steipete](https://github.com/steipete) · X: [@steipete](https://x.com/steipete)

- **Shadow** - Discord + Slack subsystem
-  - GitHub: [@thewilloftheshadow](https://github.com/thewilloftheshadow) · X: [@4shad0wed](https://x.com/4shad0wed)
+- **Shadow** - Discord subsystem
+  - GitHub: [@4shadowed](https://github.com/4shadowed) · X: [@4shad0wed](https://x.com/4shad0wed)

 - **Jos** - Telegram, API, Nix mode
  - GitHub: [@joshp123](https://github.com/joshp123) · X: [@jjpcodes](https://x.com/jjpcodes)

 ## How to Contribute
 1. **Bugs & small fixes** → Open a PR!
-2. **New features / architecture** → Start a [GitHub Discussion](https://github.com/clawdbot/clawdbot/discussions) or ask in Discord first
+2. **New features / architecture** → Start a [GitHub Discussion](https://github.com/steipete/clawdis/discussions) or ask in Discord first
 3. **Questions** → Discord #setup-help

 ## Before You PR
- Test locally with your Clawdbot instance
+- Test locally with your Clawdis instance
 - Run linter: `npm run lint`
 - Keep PRs focused (one thing per PR)
 - Describe what & why
--- a/21
+++ b/21
@@ -1,32 +1,13 @@
 FROM node:22-bookworm

-# Install Bun (required for build scripts)
-RUN curl -fsSL https://bun.sh/install | bash
-ENV PATH="/root/.bun/bin:${PATH}"
-
 RUN corepack enable

 WORKDIR /app

-ARG CLAWDBOT_DOCKER_APT_PACKAGES=""
-RUN if [ -n "$CLAWDBOT_DOCKER_APT_PACKAGES" ]; then \
-      apt-get update && \
-      DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $CLAWDBOT_DOCKER_APT_PACKAGES && \
-      apt-get clean && \
-      rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*; \
-    fi
-
-COPY package.json pnpm-lock.yaml pnpm-workspace.yaml .npmrc ./
-COPY ui/package.json ./ui/package.json
-COPY patches ./patches
-COPY scripts ./scripts
+COPY . .

 RUN pnpm install --frozen-lockfile
-
-COPY . .
 RUN pnpm build
-# Force pnpm for UI build (Bun may fail on ARM/Synology architectures)
-ENV CLAWDBOT_PREFER_PNPM=1
 RUN pnpm ui:install
 RUN pnpm ui:build

--- a/Dockerfile.sandbox
+++ b/Dockerfile.sandbox
@@ -1,16 +0,0 @@
-FROM debian:bookworm-slim
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-RUN apt-get update \
-  && apt-get install -y --no-install-recommends \
-    bash \
-    ca-certificates \
-    curl \
-    git \
-    jq \
-    python3 \
-    ripgrep \
-  && rm -rf /var/lib/apt/lists/*
-
-CMD ["sleep", "infinity"]
--- a/Dockerfile.sandbox-browser
+++ b/Dockerfile.sandbox-browser
@@ -1,28 +0,0 @@
-FROM debian:bookworm-slim
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-RUN apt-get update \
-  && apt-get install -y --no-install-recommends \
-    bash \
-    ca-certificates \
-    chromium \
-    curl \
-    fonts-liberation \
-    fonts-noto-color-emoji \
-    git \
-    jq \
-    novnc \
-    python3 \
-    socat \
-    websockify \
-    x11vnc \
-    xvfb \
-  && rm -rf /var/lib/apt/lists/*
-
-COPY scripts/sandbox-browser-entrypoint.sh /usr/local/bin/clawdbot-sandbox-browser
-RUN chmod +x /usr/local/bin/clawdbot-sandbox-browser
-
-EXPOSE 9222 5900 6080
-
-CMD ["clawdbot-sandbox-browser"]
--- a/1
+++ b/1
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
-# 🦞 Clawdbot — Personal AI Assistant
+# 🦞 CLAWDIS — Personal AI Assistant

 <p align="center">
-  <img src="https://raw.githubusercontent.com/clawdbot/clawdbot/main/docs/whatsapp-clawd.jpg" alt="Clawdbot" width="400">
+  <img src="https://raw.githubusercontent.com/steipete/clawdis/main/docs/whatsapp-clawd.jpg" alt="CLAWDIS" width="400">
 </p>

 <p align="center">
@@ -9,375 +9,191 @@
 </p>

 <p align="center">
-  <a href="https://github.com/clawdbot/clawdbot/actions/workflows/ci.yml?branch=main"><img src="https://img.shields.io/github/actions/workflow/status/clawdbot/clawdbot/ci.yml?branch=main&style=for-the-badge" alt="CI status"></a>
-  <a href="https://github.com/clawdbot/clawdbot/releases"><img src="https://img.shields.io/github/v/release/clawdbot/clawdbot?include_prereleases&style=for-the-badge" alt="GitHub release"></a>
-  <a href="https://deepwiki.com/clawdbot/clawdbot"><img src="https://img.shields.io/badge/DeepWiki-clawdbot-111111?style=for-the-badge" alt="DeepWiki"></a>
+  <a href="https://github.com/steipete/clawdis/actions/workflows/ci.yml?branch=main"><img src="https://img.shields.io/github/actions/workflow/status/steipete/clawdis/ci.yml?branch=main&style=for-the-badge" alt="CI status"></a>
+  <a href="https://github.com/steipete/clawdis/releases"><img src="https://img.shields.io/github/v/release/steipete/clawdis?include_prereleases&style=for-the-badge" alt="GitHub release"></a>
  <a href="https://discord.gg/clawd"><img src="https://img.shields.io/discord/1456350064065904867?label=Discord&logo=discord&logoColor=white&color=5865F2&style=for-the-badge" alt="Discord"></a>
  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-blue.svg?style=for-the-badge" alt="MIT License"></a>
 </p>

-**Clawdbot** is a *personal AI assistant* you run on your own devices.
-It answers you on the channels you already use (WhatsApp, Telegram, Slack, Discord, Signal, iMessage, Microsoft Teams, WebChat), plus extension channels like BlueBubbles, Matrix, Zalo, and Zalo Personal. It can speak and listen on macOS/iOS/Android, and can render a live Canvas you control. The Gateway is just the control plane — the product is the assistant.
+**Clawdis** is a *personal AI assistant* you run on your own devices.
+It answers you on the surfaces you already use (WhatsApp, Telegram, Discord, iMessage, WebChat), can speak and listen on macOS/iOS, and can render a live Canvas you control. The Gateway is just the control plane — the product is the assistant.

-If you want a personal, single-user assistant that feels local, fast, and always-on, this is it.
+If you want a private, single-user assistant that feels local, fast, and always-on, this is it.

-[Website](https://clawdbot.com) · [Docs](https://docs.clawd.bot) · [Getting Started](https://docs.clawd.bot/start/getting-started) · [Updating](https://docs.clawd.bot/install/updating) · [Showcase](https://docs.clawd.bot/start/showcase) · [FAQ](https://docs.clawd.bot/start/faq) · [Wizard](https://docs.clawd.bot/start/wizard) · [Nix](https://github.com/clawdbot/nix-clawdbot) · [Docker](https://docs.clawd.bot/install/docker) · [Discord](https://discord.gg/clawd)
+Website: https://clawd.me · Docs: [`docs/index.md`](docs/index.md) · FAQ: [`docs/faq.md`](docs/faq.md) · Wizard: [`docs/wizard.md`](docs/wizard.md) · Docker (optional): [`docs/docker.md`](docs/docker.md) · Discord: https://discord.gg/clawd

-Preferred setup: run the onboarding wizard (`clawdbot onboard`). It walks through gateway, workspace, channels, and skills. The CLI wizard is the recommended path and works on **macOS, Linux, and Windows (via WSL2; strongly recommended)**.
-Works with npm, pnpm, or bun.
-New install? Start here: [Getting started](https://docs.clawd.bot/start/getting-started)
+Preferred setup: run the onboarding wizard (`clawdis onboard`). It walks through gateway, workspace, providers, and skills. The CLI wizard is the recommended path and works on **macOS, Windows, and Linux**.

-**Subscriptions (OAuth):**
- **[Anthropic](https://www.anthropic.com/)** (Claude Pro/Max)
- **[OpenAI](https://openai.com/)** (ChatGPT/Codex)
-
-Model note: while any model is supported, I strongly recommend **Anthropic Pro/Max (100/200) + Opus 4.5** for long‑context strength and better prompt‑injection resistance. See [Onboarding](https://docs.clawd.bot/start/onboarding).
-
-## Models (selection + auth)
-
- Models config + CLI: [Models](https://docs.clawd.bot/concepts/models)
- Auth profile rotation (OAuth vs API keys) + fallbacks: [Model failover](https://docs.clawd.bot/concepts/model-failover)
-
-## Install (recommended)
-
-Runtime: **Node ≥22**.
-
-```bash
-npm install -g clawdbot@latest
-# or: pnpm add -g clawdbot@latest
-
-clawdbot onboard --install-daemon
-```
-
-The wizard installs the Gateway daemon (launchd/systemd user service) so it stays running.
-
-## Quick start (TL;DR)
-
-Runtime: **Node ≥22**.
-
-Full beginner guide (auth, pairing, channels): [Getting started](https://docs.clawd.bot/start/getting-started)
-
-```bash
-clawdbot onboard --install-daemon
-
-clawdbot gateway --port 18789 --verbose
-
-# Send a message
-clawdbot message send --to +1234567890 --message "Hello from Clawdbot"
-
-# Talk to the assistant (optionally deliver back to any connected channel: WhatsApp/Telegram/Slack/Discord/Signal/iMessage/BlueBubbles/Microsoft Teams/Matrix/Zalo/Zalo Personal/WebChat)
-clawdbot agent --message "Ship checklist" --thinking high
-```
-
-Upgrading? [Updating guide](https://docs.clawd.bot/install/updating) (and run `clawdbot doctor`).
-
-## Development channels
-
- **stable**: tagged releases (`vYYYY.M.D` or `vYYYY.M.D-<patch>`), npm dist-tag `latest`.
- **beta**: prerelease tags (`vYYYY.M.D-beta.N`), npm dist-tag `beta` (macOS app may be missing).
- **dev**: moving head of `main`, npm dist-tag `dev` (when published).
-
-Switch channels (git + npm): `clawdbot update --channel stable|beta|dev`.
-Details: [Development channels](https://docs.clawd.bot/install/development-channels).
-
-## From source (development)
-
-Prefer `pnpm` for builds from source. Bun is optional for running TypeScript directly.
-
-```bash
-git clone https://github.com/clawdbot/clawdbot.git
-cd clawdbot
-
-pnpm install
-pnpm ui:build # auto-installs UI deps on first run
-pnpm build
-
-pnpm clawdbot onboard --install-daemon
-
-# Dev loop (auto-reload on TS changes)
-pnpm gateway:watch
-```
-
-Note: `pnpm clawdbot ...` runs TypeScript directly (via `tsx`). `pnpm build` produces `dist/` for running via Node / the packaged `clawdbot` binary.
-
-## Security defaults (DM access)
-
-Clawdbot connects to real messaging surfaces. Treat inbound DMs as **untrusted input**.
-
-Full security guide: [Security](https://docs.clawd.bot/gateway/security)
-
-Default behavior on Telegram/WhatsApp/Signal/iMessage/Microsoft Teams/Discord/Slack:
- **DM pairing** (`dmPolicy="pairing"` / `channels.discord.dm.policy="pairing"` / `channels.slack.dm.policy="pairing"`): unknown senders receive a short pairing code and the bot does not process their message.
- Approve with: `clawdbot pairing approve <channel> <code>` (then the sender is added to a local allowlist store).
- Public inbound DMs require an explicit opt-in: set `dmPolicy="open"` and include `"*"` in the channel allowlist (`allowFrom` / `channels.discord.dm.allowFrom` / `channels.slack.dm.allowFrom`).
-
-Run `clawdbot doctor` to surface risky/misconfigured DM policies.
-
-## Highlights
-
- **[Local-first Gateway](https://docs.clawd.bot/gateway)** — single control plane for sessions, channels, tools, and events.
- **[Multi-channel inbox](https://docs.clawd.bot/channels)** — WhatsApp, Telegram, Slack, Discord, Signal, iMessage, BlueBubbles, Microsoft Teams, Matrix, Zalo, Zalo Personal, WebChat, macOS, iOS/Android.
- **[Multi-agent routing](https://docs.clawd.bot/gateway/configuration)** — route inbound channels/accounts/peers to isolated agents (workspaces + per-agent sessions).
- **[Voice Wake](https://docs.clawd.bot/nodes/voicewake) + [Talk Mode](https://docs.clawd.bot/nodes/talk)** — always-on speech for macOS/iOS/Android with ElevenLabs.
- **[Live Canvas](https://docs.clawd.bot/platforms/mac/canvas)** — agent-driven visual workspace with [A2UI](https://docs.clawd.bot/platforms/mac/canvas#canvas-a2ui).
- **[First-class tools](https://docs.clawd.bot/tools)** — browser, canvas, nodes, cron, sessions, and Discord/Slack actions.
- **[Companion apps](https://docs.clawd.bot/platforms/macos)** — macOS menu bar app + iOS/Android [nodes](https://docs.clawd.bot/nodes).
- **[Onboarding](https://docs.clawd.bot/start/wizard) + [skills](https://docs.clawd.bot/tools/skills)** — wizard-driven setup with bundled/managed/workspace skills.
-
-## Star History
-
-[![Star History Chart](https://api.star-history.com/svg?repos=clawdbot/clawdbot&type=date&legend=top-left)](https://www.star-history.com/#clawdbot/clawdbot&type=date&legend=top-left)
-
-## Everything we built so far
-
-### Core platform
- [Gateway WS control plane](https://docs.clawd.bot/gateway) with sessions, presence, config, cron, webhooks, [Control UI](https://docs.clawd.bot/web), and [Canvas host](https://docs.clawd.bot/platforms/mac/canvas#canvas-a2ui).
- [CLI surface](https://docs.clawd.bot/tools/agent-send): gateway, agent, send, [wizard](https://docs.clawd.bot/start/wizard), and [doctor](https://docs.clawd.bot/gateway/doctor).
- [Pi agent runtime](https://docs.clawd.bot/concepts/agent) in RPC mode with tool streaming and block streaming.
- [Session model](https://docs.clawd.bot/concepts/session): `main` for direct chats, group isolation, activation modes, queue modes, reply-back. Group rules: [Groups](https://docs.clawd.bot/concepts/groups).
- [Media pipeline](https://docs.clawd.bot/nodes/images): images/audio/video, transcription hooks, size caps, temp file lifecycle. Audio details: [Audio](https://docs.clawd.bot/nodes/audio).
-
-### Channels
- [Channels](https://docs.clawd.bot/channels): [WhatsApp](https://docs.clawd.bot/channels/whatsapp) (Baileys), [Telegram](https://docs.clawd.bot/channels/telegram) (grammY), [Slack](https://docs.clawd.bot/channels/slack) (Bolt), [Discord](https://docs.clawd.bot/channels/discord) (discord.js), [Signal](https://docs.clawd.bot/channels/signal) (signal-cli), [iMessage](https://docs.clawd.bot/channels/imessage) (imsg), [BlueBubbles](https://docs.clawd.bot/channels/bluebubbles) (extension), [Microsoft Teams](https://docs.clawd.bot/channels/msteams) (extension), [Matrix](https://docs.clawd.bot/channels/matrix) (extension), [Zalo](https://docs.clawd.bot/channels/zalo) (extension), [Zalo Personal](https://docs.clawd.bot/channels/zalouser) (extension), [WebChat](https://docs.clawd.bot/web/webchat).
- [Group routing](https://docs.clawd.bot/concepts/group-messages): mention gating, reply tags, per-channel chunking and routing. Channel rules: [Channels](https://docs.clawd.bot/channels).
-
-### Apps + nodes
- [macOS app](https://docs.clawd.bot/platforms/macos): menu bar control plane, [Voice Wake](https://docs.clawd.bot/nodes/voicewake)/PTT, [Talk Mode](https://docs.clawd.bot/nodes/talk) overlay, [WebChat](https://docs.clawd.bot/web/webchat), debug tools, [remote gateway](https://docs.clawd.bot/gateway/remote) control.
- [iOS node](https://docs.clawd.bot/platforms/ios): [Canvas](https://docs.clawd.bot/platforms/mac/canvas), [Voice Wake](https://docs.clawd.bot/nodes/voicewake), [Talk Mode](https://docs.clawd.bot/nodes/talk), camera, screen recording, Bonjour pairing.
- [Android node](https://docs.clawd.bot/platforms/android): [Canvas](https://docs.clawd.bot/platforms/mac/canvas), [Talk Mode](https://docs.clawd.bot/nodes/talk), camera, screen recording, optional SMS.
- [macOS node mode](https://docs.clawd.bot/nodes): system.run/notify + canvas/camera exposure.
-
-### Tools + automation
- [Browser control](https://docs.clawd.bot/tools/browser): dedicated clawd Chrome/Chromium, snapshots, actions, uploads, profiles.
- [Canvas](https://docs.clawd.bot/platforms/mac/canvas): [A2UI](https://docs.clawd.bot/platforms/mac/canvas#canvas-a2ui) push/reset, eval, snapshot.
- [Nodes](https://docs.clawd.bot/nodes): camera snap/clip, screen record, [location.get](https://docs.clawd.bot/nodes/location-command), notifications.
- [Cron + wakeups](https://docs.clawd.bot/automation/cron-jobs); [webhooks](https://docs.clawd.bot/automation/webhook); [Gmail Pub/Sub](https://docs.clawd.bot/automation/gmail-pubsub).
- [Skills platform](https://docs.clawd.bot/tools/skills): bundled, managed, and workspace skills with install gating + UI.
-
-### Runtime + safety
- [Channel routing](https://docs.clawd.bot/concepts/channel-routing), [retry policy](https://docs.clawd.bot/concepts/retry), and [streaming/chunking](https://docs.clawd.bot/concepts/streaming).
- [Presence](https://docs.clawd.bot/concepts/presence), [typing indicators](https://docs.clawd.bot/concepts/typing-indicators), and [usage tracking](https://docs.clawd.bot/concepts/usage-tracking).
- [Models](https://docs.clawd.bot/concepts/models), [model failover](https://docs.clawd.bot/concepts/model-failover), and [session pruning](https://docs.clawd.bot/concepts/session-pruning).
- [Security](https://docs.clawd.bot/gateway/security) and [troubleshooting](https://docs.clawd.bot/channels/troubleshooting).
-
-### Ops + packaging
- [Control UI](https://docs.clawd.bot/web) + [WebChat](https://docs.clawd.bot/web/webchat) served directly from the Gateway.
- [Tailscale Serve/Funnel](https://docs.clawd.bot/gateway/tailscale) or [SSH tunnels](https://docs.clawd.bot/gateway/remote) with token/password auth.
- [Nix mode](https://docs.clawd.bot/install/nix) for declarative config; [Docker](https://docs.clawd.bot/install/docker)-based installs.
- [Doctor](https://docs.clawd.bot/gateway/doctor) migrations, [logging](https://docs.clawd.bot/logging).
-
-## How it works (short)
+Using Claude Pro/Max subscription? See `docs/onboarding.md` for the Anthropic OAuth setup.

 ```
-WhatsApp / Telegram / Slack / Discord / Signal / iMessage / BlueBubbles / Microsoft Teams / Matrix / Zalo / Zalo Personal / WebChat
-               │
-               ▼
+Your surfaces
+   │
+   ▼
 ┌───────────────────────────────┐
-│            Gateway            │
-│       (control plane)         │
-│     ws://127.0.0.1:18789      │
+│            Gateway            │  ws://127.0.0.1:18789
+│       (control plane)         │  tcp://0.0.0.0:18790 (optional Bridge)
 └──────────────┬────────────────┘
               │
               ├─ Pi agent (RPC)
-               ├─ CLI (clawdbot …)
-               ├─ WebChat UI
-               ├─ macOS app
-               └─ iOS / Android nodes
+               ├─ CLI (clawdis …)
+               ├─ WebChat (browser)
+               ├─ macOS app (Clawdis.app)
+               └─ iOS node (Canvas + voice)
 ```

-## Key subsystems
+## What Clawdis does

- **[Gateway WebSocket network](https://docs.clawd.bot/concepts/architecture)** — single WS control plane for clients, tools, and events (plus ops: [Gateway runbook](https://docs.clawd.bot/gateway)).
- **[Tailscale exposure](https://docs.clawd.bot/gateway/tailscale)** — Serve/Funnel for the Gateway dashboard + WS (remote access: [Remote](https://docs.clawd.bot/gateway/remote)).
- **[Browser control](https://docs.clawd.bot/tools/browser)** — clawd‑managed Chrome/Chromium with CDP control.
- **[Canvas + A2UI](https://docs.clawd.bot/platforms/mac/canvas)** — agent‑driven visual workspace (A2UI host: [Canvas/A2UI](https://docs.clawd.bot/platforms/mac/canvas#canvas-a2ui)).
- **[Voice Wake](https://docs.clawd.bot/nodes/voicewake) + [Talk Mode](https://docs.clawd.bot/nodes/talk)** — always‑on speech and continuous conversation.
- **[Nodes](https://docs.clawd.bot/nodes)** — Canvas, camera snap/clip, screen record, `location.get`, notifications, plus macOS‑only `system.run`/`system.notify`.
+- **Personal assistant** — one user, one identity, one memory surface.
+- **Multi-surface inbox** — WhatsApp, Telegram, Discord, iMessage, WebChat, macOS, iOS. Signal support via `signal-cli` (see `docs/signal.md`). iMessage uses `imsg` (see `docs/imessage.md`).
+- **Voice wake + push-to-talk** — local speech recognition on macOS/iOS.
+- **Canvas** — a live visual workspace you can drive from the agent.
+- **Automation-ready** — browser control, media handling, and tool streaming.
+- **Local-first control plane** — the Gateway owns state, everything else connects.
+- **Group chats** — mention-based by default, `/activation always|mention` per group (owner-only).
+- **Nix mode** — opt-in declarative config + read-only UI when `CLAWDIS_NIX_MODE=1`.

-## Tailscale access (Gateway dashboard)
+## How it works (short)

-Clawdbot can auto-configure Tailscale **Serve** (tailnet-only) or **Funnel** (public) while the Gateway stays bound to loopback. Configure `gateway.tailscale.mode`:
+- **Gateway** is the single source of truth for sessions/providers.
+- **Loopback-first**: `ws://127.0.0.1:18789` by default.
+- **Bridge** (optional) exposes a paired-node port for iOS/Android.
+- **Agent runtime** is **Pi** in RPC mode.

- `off`: no Tailscale automation (default).
- `serve`: tailnet-only HTTPS via `tailscale serve` (uses Tailscale identity headers by default).
- `funnel`: public HTTPS via `tailscale funnel` (requires shared password auth).
+## Quick start (from source)

-Notes:
- `gateway.bind` must stay `loopback` when Serve/Funnel is enabled (Clawdbot enforces this).
- Serve can be forced to require a password by setting `gateway.auth.mode: "password"` or `gateway.auth.allowTailscale: false`.
- Funnel refuses to start unless `gateway.auth.mode: "password"` is set.
- Optional: `gateway.tailscale.resetOnExit` to undo Serve/Funnel on shutdown.
+Runtime: **Node ≥22** + **pnpm**.

-Details: [Tailscale guide](https://docs.clawd.bot/gateway/tailscale) · [Web surfaces](https://docs.clawd.bot/web)
+```bash
+pnpm install
+pnpm build
+pnpm ui:build

-## Remote Gateway (Linux is great)
+# Recommended: run the onboarding wizard
+pnpm clawdis onboard

-It’s perfectly fine to run the Gateway on a small Linux instance. Clients (macOS app, CLI, WebChat) can connect over **Tailscale Serve/Funnel** or **SSH tunnels**, and you can still pair device nodes (macOS/iOS/Android) to execute device‑local actions when needed.
+# Link WhatsApp (stores creds in ~/.clawdis/credentials)
+pnpm clawdis login

- **Gateway host** runs the exec tool and channel connections by default.
- **Device nodes** run device‑local actions (`system.run`, camera, screen recording, notifications) via `node.invoke`.
-In short: exec runs where the Gateway lives; device actions run where the device lives.
+# Start the gateway
+pnpm clawdis gateway --port 18789 --verbose

-Details: [Remote access](https://docs.clawd.bot/gateway/remote) · [Nodes](https://docs.clawd.bot/nodes) · [Security](https://docs.clawd.bot/gateway/security)
+# Dev loop (auto-reload on TS changes)
+pnpm gateway:watch

-## macOS permissions via the Gateway protocol
+# Send a message
+pnpm clawdis send --to +1234567890 --message "Hello from Clawdis"

-The macOS app can run in **node mode** and advertises its capabilities + permission map over the Gateway WebSocket (`node.list` / `node.describe`). Clients can then execute local actions via `node.invoke`:
+# Talk to the assistant (optionally deliver back to WhatsApp/Telegram/Discord)
+pnpm clawdis agent --message "Ship checklist" --thinking high
+```

- `system.run` runs a local command and returns stdout/stderr/exit code; set `needsScreenRecording: true` to require screen-recording permission (otherwise you’ll get `PERMISSION_MISSING`).
- `system.notify` posts a user notification and fails if notifications are denied.
- `canvas.*`, `camera.*`, `screen.record`, and `location.get` are also routed via `node.invoke` and follow TCC permission status.
-
-Elevated bash (host permissions) is separate from macOS TCC:
-
- Use `/elevated on|off` to toggle per‑session elevated access when enabled + allowlisted.
- Gateway persists the per‑session toggle via `sessions.patch` (WS method) alongside `thinkingLevel`, `verboseLevel`, `model`, `sendPolicy`, and `groupActivation`.
-
-Details: [Nodes](https://docs.clawd.bot/nodes) · [macOS app](https://docs.clawd.bot/platforms/macos) · [Gateway protocol](https://docs.clawd.bot/concepts/architecture)
-
-## Agent to Agent (sessions_* tools)
-
- Use these to coordinate work across sessions without jumping between chat surfaces.
- `sessions_list` — discover active sessions (agents) and their metadata.
- `sessions_history` — fetch transcript logs for a session.
- `sessions_send` — message another session; optional reply‑back ping‑pong + announce step (`REPLY_SKIP`, `ANNOUNCE_SKIP`).
-
-Details: [Session tools](https://docs.clawd.bot/concepts/session-tool)
-
-## Skills registry (ClawdHub)
-
-ClawdHub is a minimal skill registry. With ClawdHub enabled, the agent can search for skills automatically and pull in new ones as needed.
-
-[ClawdHub](https://ClawdHub.com)
+If you run from source, prefer `pnpm clawdis …` (not global `clawdis`).

 ## Chat commands

-Send these in WhatsApp/Telegram/Slack/Microsoft Teams/WebChat (group commands are owner-only):
+Send these in WhatsApp/Telegram/WebChat (group commands are owner-only):

- `/status` — compact session status (model + tokens, cost when available)
+- `/status` — health + session info (group shows activation mode)
 - `/new` or `/reset` — reset the session
- `/compact` — compact session context (summary)
- `/think <level>` — off|minimal|low|medium|high|xhigh (GPT-5.2 + Codex models only)
+- `/think <level>` — off|minimal|low|medium|high
 - `/verbose on|off`
- `/usage off|tokens|full` — per-response usage footer
 - `/restart` — restart the gateway (owner-only in groups)
 - `/activation mention|always` — group activation toggle (groups only)

-## Apps (optional)
+## Architecture

-The Gateway alone delivers a great experience. All apps are optional and add extra features.
+### TypeScript Gateway (src/gateway/server.ts)
+- **Single HTTP+WS server** on `ws://127.0.0.1:18789` (bind policy: loopback/lan/tailnet/auto). The first frame must be `connect`; AJV validates frames against TypeBox schemas (`src/gateway/protocol`).
+- **Single source of truth** for sessions, providers, cron, voice wake, and presence. Methods cover `send`, `agent`, `chat.*`, `sessions.*`, `config.*`, `cron.*`, `voicewake.*`, `node.*`, `system-*`, `wake`.
+- **Events + snapshot**: handshake returns a snapshot (presence/health) and declares event types; runtime events include `agent`, `chat`, `presence`, `tick`, `health`, `heartbeat`, `cron`, `node.pair.*`, `voicewake.changed`, `shutdown`.
+- **Idempotency & safety**: `send`/`agent`/`chat.send` require idempotency keys with a TTL cache (5 min, cap 1000) to avoid double‑sends on reconnects; payload sizes are capped per connection.
+- **Bridge for nodes**: optional TCP bridge (`src/infra/bridge/server.ts`) is newline‑delimited JSON frames (`hello`, pairing, RPC, `invoke`); node connect/disconnect is surfaced into presence.
+- **Control UI + Canvas Host**: HTTP serves `/ui` assets (if built) and can host a live‑reload Canvas host for nodes (`src/canvas-host/server.ts`), injecting the A2UI postMessage bridge.

-If you plan to build/run companion apps, follow the platform runbooks below.
+### iOS app (apps/ios)
+- **Discovery + pairing**: Bonjour discovery via `BridgeDiscoveryModel` (NWBrowser). `BridgeConnectionController` auto‑connects using Keychain token or allows manual host/port.
+- **Node runtime**: `BridgeSession` (actor) maintains the `NWConnection`, hello handshake, ping/pong, RPC requests, and `invoke` callbacks.
+- **Capabilities + commands**: advertises `canvas`, `screen`, `camera`, `voiceWake` (settings‑driven) and executes `canvas.*`, `canvas.a2ui.*`, `camera.*`, `screen.record` (`NodeAppModel.handleInvoke`).
+- **Canvas**: `WKWebView` with bundled Canvas scaffold + A2UI, JS eval, snapshot capture, and `clawdis://` deep‑link interception (`ScreenController`).
+- **Voice + deep links**: voice wake sends `voice.transcript` events; `clawdis://agent` links emit `agent.request`. Voice wake triggers sync via `voicewake.get` + `voicewake.changed`.

-### macOS (Clawdbot.app) (optional)
+## Companion apps
+
+The **macOS app is critical**: it runs the menu‑bar control plane, owns local permissions (TCC), hosts Voice Wake, exposes WebChat/debug tools, and coordinates local/remote gateway mode. Most “assistant” UX lives here.
+
+### macOS (Clawdis.app)

 - Menu bar control for the Gateway and health.
 - Voice Wake + push-to-talk overlay.
 - WebChat + debug tools.
 - Remote gateway control over SSH.

-Note: signed builds required for macOS permissions to stick across rebuilds (see `docs/mac/permissions.md`).
+Build/run: `./scripts/restart-mac.sh` (packages + launches).

-### iOS node (optional)
+### iOS node (internal)

 - Pairs as a node via the Bridge.
 - Voice trigger forwarding + Canvas surface.
- Controlled via `clawdbot nodes …`.
+- Controlled via `clawdis nodes …`.

-Runbook: [iOS connect](https://docs.clawd.bot/platforms/ios).
+Runbook: `docs/ios/connect.md`.

-### Android node (optional)
+### Android node (internal)

 - Pairs via the same Bridge + pairing flow as iOS.
 - Exposes Canvas, Camera, and Screen capture commands.
- Runbook: [Android connect](https://docs.clawd.bot/platforms/android).
+- Runbook: `docs/android/connect.md`.

 ## Agent workspace + skills

- Workspace root: `~/clawd` (configurable via `agents.defaults.workspace`).
+- Workspace root: `~/clawd` (configurable via `agent.workspace`).
 - Injected prompt files: `AGENTS.md`, `SOUL.md`, `TOOLS.md`.
 - Skills: `~/clawd/skills/<skill>/SKILL.md`.

 ## Configuration

-Minimal `~/.clawdbot/clawdbot.json` (model + defaults):
+Minimal `~/.clawdis/clawdis.json`:

 ```json5
 {
-  agent: {
-    model: "anthropic/claude-opus-4-5"
+  whatsapp: {
+    allowFrom: ["+1234567890"]
  }
 }
 ```

-[Full configuration reference (all keys + examples).](https://docs.clawd.bot/gateway/configuration)
+### WhatsApp

-## Security model (important)
+- Link the device: `pnpm clawdis login` (stores creds in `~/.clawdis/credentials`).
+- Allowlist who can talk to the assistant via `whatsapp.allowFrom`.

- **Default:** tools run on the host for the **main** session, so the agent has full access when it’s just you.
- **Group/channel safety:** set `agents.defaults.sandbox.mode: "non-main"` to run **non‑main sessions** (groups/channels) inside per‑session Docker sandboxes; bash then runs in Docker for those sessions.
- **Sandbox defaults:** allowlist `bash`, `process`, `read`, `write`, `edit`, `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`; denylist `browser`, `canvas`, `nodes`, `cron`, `discord`, `gateway`.
+### Telegram

-Details: [Security guide](https://docs.clawd.bot/gateway/security) · [Docker + sandboxing](https://docs.clawd.bot/install/docker) · [Sandbox config](https://docs.clawd.bot/gateway/configuration)
-
-### [WhatsApp](https://docs.clawd.bot/channels/whatsapp)
-
- Link the device: `pnpm clawdbot channels login` (stores creds in `~/.clawdbot/credentials`).
- Allowlist who can talk to the assistant via `channels.whatsapp.allowFrom`.
- If `channels.whatsapp.groups` is set, it becomes a group allowlist; include `"*"` to allow all.
-
-### [Telegram](https://docs.clawd.bot/channels/telegram)
-
- Set `TELEGRAM_BOT_TOKEN` or `channels.telegram.botToken` (env wins).
- Optional: set `channels.telegram.groups` (with `channels.telegram.groups."*".requireMention`); when set, it is a group allowlist (include `"*"` to allow all). Also `channels.telegram.allowFrom` or `channels.telegram.webhookUrl` as needed.
+- Set `TELEGRAM_BOT_TOKEN` or `telegram.botToken` (env wins).
+- Optional: set `telegram.groups` (with `telegram.groups."*".requireMention`), `telegram.allowFrom`, or `telegram.webhookUrl` as needed.

 ```json5
 {
-  channels: {
-    telegram: {
-      botToken: "123456:ABCDEF"
-    }
+  telegram: {
+    botToken: "123456:ABCDEF"
  }
 }
 ```

-### [Slack](https://docs.clawd.bot/channels/slack)
+### Discord

- Set `SLACK_BOT_TOKEN` + `SLACK_APP_TOKEN` (or `channels.slack.botToken` + `channels.slack.appToken`).
-
-### [Discord](https://docs.clawd.bot/channels/discord)
-
- Set `DISCORD_BOT_TOKEN` or `channels.discord.token` (env wins).
- Optional: set `commands.native`, `commands.text`, or `commands.useAccessGroups`, plus `channels.discord.dm.allowFrom`, `channels.discord.guilds`, or `channels.discord.mediaMaxMb` as needed.
+- Set `DISCORD_BOT_TOKEN` or `discord.token` (env wins).
+- Optional: set `discord.slashCommand`, `discord.dm.allowFrom`, `discord.guilds`, or `discord.mediaMaxMb` as needed.

 ```json5
 {
-  channels: {
-    discord: {
-      token: "1234abcd"
-    }
+  discord: {
+    token: "1234abcd"
  }
 }
 ```

-### [Signal](https://docs.clawd.bot/channels/signal)
-
- Requires `signal-cli` and a `channels.signal` config section.
-
-### [iMessage](https://docs.clawd.bot/channels/imessage)
-
- macOS only; Messages must be signed in.
- If `channels.imessage.groups` is set, it becomes a group allowlist; include `"*"` to allow all.
-
-### [Microsoft Teams](https://docs.clawd.bot/channels/msteams)
-
- Configure a Teams app + Bot Framework, then add a `msteams` config section.
- Allowlist who can talk via `msteams.allowFrom`; group access via `msteams.groupAllowFrom` or `msteams.groupPolicy: "open"`.
-
-### [WebChat](https://docs.clawd.bot/web/webchat)
-
- Uses the Gateway WebSocket; no separate WebChat port/config.
-
 Browser control (optional):

 ```json5
@@ -392,114 +208,39 @@ Browser control (optional):

 ## Docs

-Use these when you’re past the onboarding flow and want the deeper reference.
- [Start with the docs index for navigation and “what’s where.”](https://docs.clawd.bot)
- [Read the architecture overview for the gateway + protocol model.](https://docs.clawd.bot/concepts/architecture)
- [Use the full configuration reference when you need every key and example.](https://docs.clawd.bot/gateway/configuration)
- [Run the Gateway by the book with the operational runbook.](https://docs.clawd.bot/gateway)
- [Learn how the Control UI/Web surfaces work and how to expose them safely.](https://docs.clawd.bot/web)
- [Understand remote access over SSH tunnels or tailnets.](https://docs.clawd.bot/gateway/remote)
- [Follow the onboarding wizard flow for a guided setup.](https://docs.clawd.bot/start/wizard)
- [Wire external triggers via the webhook surface.](https://docs.clawd.bot/automation/webhook)
- [Set up Gmail Pub/Sub triggers.](https://docs.clawd.bot/automation/gmail-pubsub)
- [Learn the macOS menu bar companion details.](https://docs.clawd.bot/platforms/mac/menu-bar)
- [Platform guides: Windows (WSL2)](https://docs.clawd.bot/platforms/windows), [Linux](https://docs.clawd.bot/platforms/linux), [macOS](https://docs.clawd.bot/platforms/macos), [iOS](https://docs.clawd.bot/platforms/ios), [Android](https://docs.clawd.bot/platforms/android)
- [Debug common failures with the troubleshooting guide.](https://docs.clawd.bot/channels/troubleshooting)
- [Review security guidance before exposing anything.](https://docs.clawd.bot/gateway/security)
-
-## Advanced docs (discovery + control)
-
- [Discovery + transports](https://docs.clawd.bot/gateway/discovery)
- [Bonjour/mDNS](https://docs.clawd.bot/gateway/bonjour)
- [Gateway pairing](https://docs.clawd.bot/gateway/pairing)
- [Remote gateway README](https://docs.clawd.bot/gateway/remote-gateway-readme)
- [Control UI](https://docs.clawd.bot/web/control-ui)
- [Dashboard](https://docs.clawd.bot/web/dashboard)
-
-## Operations & troubleshooting
-
- [Health checks](https://docs.clawd.bot/gateway/health)
- [Gateway lock](https://docs.clawd.bot/gateway/gateway-lock)
- [Background process](https://docs.clawd.bot/gateway/background-process)
- [Browser troubleshooting (Linux)](https://docs.clawd.bot/tools/browser-linux-troubleshooting)
- [Logging](https://docs.clawd.bot/logging)
-
-## Deep dives
-
- [Agent loop](https://docs.clawd.bot/concepts/agent-loop)
- [Presence](https://docs.clawd.bot/concepts/presence)
- [TypeBox schemas](https://docs.clawd.bot/concepts/typebox)
- [RPC adapters](https://docs.clawd.bot/reference/rpc)
- [Queue](https://docs.clawd.bot/concepts/queue)
-
-## Workspace & skills
-
- [Skills config](https://docs.clawd.bot/tools/skills-config)
- [Default AGENTS](https://docs.clawd.bot/reference/AGENTS.default)
- [Templates: AGENTS](https://docs.clawd.bot/reference/templates/AGENTS)
- [Templates: BOOTSTRAP](https://docs.clawd.bot/reference/templates/BOOTSTRAP)
- [Templates: IDENTITY](https://docs.clawd.bot/reference/templates/IDENTITY)
- [Templates: SOUL](https://docs.clawd.bot/reference/templates/SOUL)
- [Templates: TOOLS](https://docs.clawd.bot/reference/templates/TOOLS)
- [Templates: USER](https://docs.clawd.bot/reference/templates/USER)
-
-## Platform internals
-
- [macOS dev setup](https://docs.clawd.bot/platforms/mac/dev-setup)
- [macOS menu bar](https://docs.clawd.bot/platforms/mac/menu-bar)
- [macOS voice wake](https://docs.clawd.bot/platforms/mac/voicewake)
- [iOS node](https://docs.clawd.bot/platforms/ios)
- [Android node](https://docs.clawd.bot/platforms/android)
- [Windows (WSL2)](https://docs.clawd.bot/platforms/windows)
- [Linux app](https://docs.clawd.bot/platforms/linux)
+- [`docs/index.md`](docs/index.md) (overview)
+- [`docs/configuration.md`](docs/configuration.md)
+- [`docs/group-messages.md`](docs/group-messages.md)
+- [`docs/gateway.md`](docs/gateway.md)
+- [`docs/web.md`](docs/web.md)
+- [`docs/discovery.md`](docs/discovery.md)
+- [`docs/agent.md`](docs/agent.md)
+- [`docs/discord.md`](docs/discord.md)
+- [`docs/wizard.md`](docs/wizard.md)
+- Webhooks + external triggers: [`docs/webhook.md`](docs/webhook.md)
+- Gmail hooks (email → wake): [`docs/gmail-pubsub.md`](docs/gmail-pubsub.md)

 ## Email hooks (Gmail)

- [docs.clawd.bot/gmail-pubsub](https://docs.clawd.bot/automation/gmail-pubsub)
+```bash
+clawdis hooks gmail setup --account you@gmail.com
+clawdis hooks gmail run
+```
+- [`docs/security.md`](docs/security.md)
+- [`docs/troubleshooting.md`](docs/troubleshooting.md)
+- [`docs/ios/connect.md`](docs/ios/connect.md)
+- [`docs/clawdis-mac.md`](docs/clawdis-mac.md)
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines, maintainers, and how to submit PRs.
+
+AI/vibe-coded PRs welcome! 🤖

 ## Clawd

-Clawdbot was built for **Clawd**, a space lobster AI assistant. 🦞  
-by Peter Steinberger and the community.
+Clawdis was built for **Clawd**, a space lobster AI assistant.

- [clawd.me](https://clawd.me)
- [soul.md](https://soul.md)
- [steipete.me](https://steipete.me)
-
-## Community
-
-See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines, maintainers, and how to submit PRs.  
-AI/vibe-coded PRs welcome! 🤖
-
-Special thanks to @andrewting19 for the Anthropic OAuth tool-name fix.
-
-Core contributors:
- @cpojer — Telegram onboarding UX + docs
-
-Thanks to all clawtributors:
-
-<p align="left">
-  <a href="https://github.com/steipete"><img src="https://avatars.githubusercontent.com/u/58493?v=4&s=48" width="48" height="48" alt="steipete" title="steipete"/></a> <a href="https://github.com/bohdanpodvirnyi"><img src="https://avatars.githubusercontent.com/u/31819391?v=4&s=48" width="48" height="48" alt="bohdanpodvirnyi" title="bohdanpodvirnyi"/></a> <a href="https://github.com/joaohlisboa"><img src="https://avatars.githubusercontent.com/u/8200873?v=4&s=48" width="48" height="48" alt="joaohlisboa" title="joaohlisboa"/></a> <a href="https://github.com/mneves75"><img src="https://avatars.githubusercontent.com/u/2423436?v=4&s=48" width="48" height="48" alt="mneves75" title="mneves75"/></a> <a href="https://github.com/MatthieuBizien"><img src="https://avatars.githubusercontent.com/u/173090?v=4&s=48" width="48" height="48" alt="MatthieuBizien" title="MatthieuBizien"/></a> <a href="https://github.com/rahthakor"><img src="https://avatars.githubusercontent.com/u/8470553?v=4&s=48" width="48" height="48" alt="rahthakor" title="rahthakor"/></a> <a href="https://github.com/vrknetha"><img src="https://avatars.githubusercontent.com/u/20596261?v=4&s=48" width="48" height="48" alt="vrknetha" title="vrknetha"/></a> <a href="https://github.com/radek-paclt"><img src="https://avatars.githubusercontent.com/u/50451445?v=4&s=48" width="48" height="48" alt="radek-paclt" title="radek-paclt"/></a> <a href="https://github.com/joshp123"><img src="https://avatars.githubusercontent.com/u/1497361?v=4&s=48" width="48" height="48" alt="joshp123" title="joshp123"/></a> <a href="https://github.com/mukhtharcm"><img src="https://avatars.githubusercontent.com/u/56378562?v=4&s=48" width="48" height="48" alt="mukhtharcm" title="mukhtharcm"/></a>
-  <a href="https://github.com/maxsumrall"><img src="https://avatars.githubusercontent.com/u/628843?v=4&s=48" width="48" height="48" alt="maxsumrall" title="maxsumrall"/></a> <a href="https://github.com/xadenryan"><img src="https://avatars.githubusercontent.com/u/165437834?v=4&s=48" width="48" height="48" alt="xadenryan" title="xadenryan"/></a> <a href="https://github.com/tobiasbischoff"><img src="https://avatars.githubusercontent.com/u/711564?v=4&s=48" width="48" height="48" alt="Tobias Bischoff" title="Tobias Bischoff"/></a> <a href="https://github.com/juanpablodlc"><img src="https://avatars.githubusercontent.com/u/92012363?v=4&s=48" width="48" height="48" alt="juanpablodlc" title="juanpablodlc"/></a> <a href="https://github.com/hsrvc"><img src="https://avatars.githubusercontent.com/u/129702169?v=4&s=48" width="48" height="48" alt="hsrvc" title="hsrvc"/></a> <a href="https://github.com/magimetal"><img src="https://avatars.githubusercontent.com/u/36491250?v=4&s=48" width="48" height="48" alt="magimetal" title="magimetal"/></a> <a href="https://github.com/meaningfool"><img src="https://avatars.githubusercontent.com/u/2862331?v=4&s=48" width="48" height="48" alt="meaningfool" title="meaningfool"/></a> <a href="https://github.com/NicholasSpisak"><img src="https://avatars.githubusercontent.com/u/129075147?v=4&s=48" width="48" height="48" alt="NicholasSpisak" title="NicholasSpisak"/></a> <a href="https://github.com/AbhisekBasu1"><img src="https://avatars.githubusercontent.com/u/40645221?v=4&s=48" width="48" height="48" alt="abhisekbasu1" title="abhisekbasu1"/></a> <a href="https://github.com/sebslight"><img src="https://avatars.githubusercontent.com/u/19554889?v=4&s=48" width="48" height="48" alt="sebslight" title="sebslight"/></a>
-  <a href="https://github.com/claude"><img src="https://avatars.githubusercontent.com/u/81847?v=4&s=48" width="48" height="48" alt="claude" title="claude"/></a> <a href="https://github.com/jamesgroat"><img src="https://avatars.githubusercontent.com/u/2634024?v=4&s=48" width="48" height="48" alt="jamesgroat" title="jamesgroat"/></a> <a href="https://github.com/Hyaxia"><img src="https://avatars.githubusercontent.com/u/36747317?v=4&s=48" width="48" height="48" alt="Hyaxia" title="Hyaxia"/></a> <a href="https://github.com/dantelex"><img src="https://avatars.githubusercontent.com/u/631543?v=4&s=48" width="48" height="48" alt="dantelex" title="dantelex"/></a> <a href="https://github.com/daveonkels"><img src="https://avatars.githubusercontent.com/u/533642?v=4&s=48" width="48" height="48" alt="daveonkels" title="daveonkels"/></a> <a href="https://github.com/mteam88"><img src="https://avatars.githubusercontent.com/u/84196639?v=4&s=48" width="48" height="48" alt="mteam88" title="mteam88"/></a> <a href="https://github.com/omniwired"><img src="https://avatars.githubusercontent.com/u/322761?v=4&s=48" width="48" height="48" alt="Eng. Juan Combetto" title="Eng. Juan Combetto"/></a> <a href="https://github.com/dbhurley"><img src="https://avatars.githubusercontent.com/u/5251425?v=4&s=48" width="48" height="48" alt="dbhurley" title="dbhurley"/></a> <a href="https://github.com/mbelinky"><img src="https://avatars.githubusercontent.com/u/132747814?v=4&s=48" width="48" height="48" alt="Mariano Belinky" title="Mariano Belinky"/></a> <a href="https://github.com/TSavo"><img src="https://avatars.githubusercontent.com/u/877990?v=4&s=48" width="48" height="48" alt="TSavo" title="TSavo"/></a>
-  <a href="https://github.com/julianengel"><img src="https://avatars.githubusercontent.com/u/10634231?v=4&s=48" width="48" height="48" alt="julianengel" title="julianengel"/></a> <a href="https://github.com/benithors"><img src="https://avatars.githubusercontent.com/u/20652882?v=4&s=48" width="48" height="48" alt="benithors" title="benithors"/></a> <a href="https://github.com/bradleypriest"><img src="https://avatars.githubusercontent.com/u/167215?v=4&s=48" width="48" height="48" alt="bradleypriest" title="bradleypriest"/></a> <a href="https://github.com/timolins"><img src="https://avatars.githubusercontent.com/u/1440854?v=4&s=48" width="48" height="48" alt="timolins" title="timolins"/></a> <a href="https://github.com/Nachx639"><img src="https://avatars.githubusercontent.com/u/71144023?v=4&s=48" width="48" height="48" alt="nachx639" title="nachx639"/></a> <a href="https://github.com/sreekaransrinath"><img src="https://avatars.githubusercontent.com/u/50989977?v=4&s=48" width="48" height="48" alt="sreekaransrinath" title="sreekaransrinath"/></a> <a href="https://github.com/gupsammy"><img src="https://avatars.githubusercontent.com/u/20296019?v=4&s=48" width="48" height="48" alt="gupsammy" title="gupsammy"/></a> <a href="https://github.com/cristip73"><img src="https://avatars.githubusercontent.com/u/24499421?v=4&s=48" width="48" height="48" alt="cristip73" title="cristip73"/></a> <a href="https://github.com/nachoiacovino"><img src="https://avatars.githubusercontent.com/u/50103937?v=4&s=48" width="48" height="48" alt="nachoiacovino" title="nachoiacovino"/></a> <a href="https://github.com/vsabavat"><img src="https://avatars.githubusercontent.com/u/50385532?v=4&s=48" width="48" height="48" alt="Vasanth Rao Naik Sabavat" title="Vasanth Rao Naik Sabavat"/></a>
-  <a href="https://github.com/cpojer"><img src="https://avatars.githubusercontent.com/u/13352?v=4&s=48" width="48" height="48" alt="cpojer" title="cpojer"/></a> <a href="https://github.com/lc0rp"><img src="https://avatars.githubusercontent.com/u/2609441?v=4&s=48" width="48" height="48" alt="lc0rp" title="lc0rp"/></a> <a href="https://github.com/scald"><img src="https://avatars.githubusercontent.com/u/1215913?v=4&s=48" width="48" height="48" alt="scald" title="scald"/></a> <a href="https://github.com/gumadeiras"><img src="https://avatars.githubusercontent.com/u/5599352?v=4&s=48" width="48" height="48" alt="gumadeiras" title="gumadeiras"/></a> <a href="https://github.com/andranik-sahakyan"><img src="https://avatars.githubusercontent.com/u/8908029?v=4&s=48" width="48" height="48" alt="andranik-sahakyan" title="andranik-sahakyan"/></a> <a href="https://github.com/davidguttman"><img src="https://avatars.githubusercontent.com/u/431696?v=4&s=48" width="48" height="48" alt="davidguttman" title="davidguttman"/></a> <a href="https://github.com/sleontenko"><img src="https://avatars.githubusercontent.com/u/7135949?v=4&s=48" width="48" height="48" alt="sleontenko" title="sleontenko"/></a> <a href="https://github.com/sircrumpet"><img src="https://avatars.githubusercontent.com/u/4436535?v=4&s=48" width="48" height="48" alt="sircrumpet" title="sircrumpet"/></a> <a href="https://github.com/peschee"><img src="https://avatars.githubusercontent.com/u/63866?v=4&s=48" width="48" height="48" alt="peschee" title="peschee"/></a> <a href="https://github.com/rafaelreis-r"><img src="https://avatars.githubusercontent.com/u/57492577?v=4&s=48" width="48" height="48" alt="rafaelreis-r" title="rafaelreis-r"/></a>
-  <a href="https://github.com/thewilloftheshadow"><img src="https://avatars.githubusercontent.com/u/35580099?v=4&s=48" width="48" height="48" alt="thewilloftheshadow" title="thewilloftheshadow"/></a> <a href="https://github.com/ratulsarna"><img src="https://avatars.githubusercontent.com/u/105903728?v=4&s=48" width="48" height="48" alt="ratulsarna" title="ratulsarna"/></a> <a href="https://github.com/lutr0"><img src="https://avatars.githubusercontent.com/u/76906369?v=4&s=48" width="48" height="48" alt="lutr0" title="lutr0"/></a> <a href="https://github.com/danielz1z"><img src="https://avatars.githubusercontent.com/u/235270390?v=4&s=48" width="48" height="48" alt="danielz1z" title="danielz1z"/></a> <a href="https://github.com/emanuelst"><img src="https://avatars.githubusercontent.com/u/9994339?v=4&s=48" width="48" height="48" alt="emanuelst" title="emanuelst"/></a> <a href="https://github.com/KristijanJovanovski"><img src="https://avatars.githubusercontent.com/u/8942284?v=4&s=48" width="48" height="48" alt="KristijanJovanovski" title="KristijanJovanovski"/></a> <a href="https://github.com/CashWilliams"><img src="https://avatars.githubusercontent.com/u/613573?v=4&s=48" width="48" height="48" alt="CashWilliams" title="CashWilliams"/></a> <a href="https://github.com/rdev"><img src="https://avatars.githubusercontent.com/u/8418866?v=4&s=48" width="48" height="48" alt="rdev" title="rdev"/></a> <a href="https://github.com/osolmaz"><img src="https://avatars.githubusercontent.com/u/2453968?v=4&s=48" width="48" height="48" alt="osolmaz" title="osolmaz"/></a> <a href="https://github.com/joshrad-dev"><img src="https://avatars.githubusercontent.com/u/62785552?v=4&s=48" width="48" height="48" alt="joshrad-dev" title="joshrad-dev"/></a>
-  <a href="https://github.com/kiranjd"><img src="https://avatars.githubusercontent.com/u/25822851?v=4&s=48" width="48" height="48" alt="kiranjd" title="kiranjd"/></a> <a href="https://github.com/adityashaw2"><img src="https://avatars.githubusercontent.com/u/41204444?v=4&s=48" width="48" height="48" alt="adityashaw2" title="adityashaw2"/></a> <a href="https://github.com/search?q=sheeek"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="sheeek" title="sheeek"/></a> <a href="https://github.com/artuskg"><img src="https://avatars.githubusercontent.com/u/11966157?v=4&s=48" width="48" height="48" alt="artuskg" title="artuskg"/></a> <a href="https://github.com/onutc"><img src="https://avatars.githubusercontent.com/u/152018508?v=4&s=48" width="48" height="48" alt="onutc" title="onutc"/></a> <a href="https://github.com/tyler6204"><img src="https://avatars.githubusercontent.com/u/64381258?v=4&s=48" width="48" height="48" alt="tyler6204" title="tyler6204"/></a> <a href="https://github.com/ManuelHettich"><img src="https://avatars.githubusercontent.com/u/17690367?v=4&s=48" width="48" height="48" alt="manuelhettich" title="manuelhettich"/></a> <a href="https://github.com/minghinmatthewlam"><img src="https://avatars.githubusercontent.com/u/14224566?v=4&s=48" width="48" height="48" alt="minghinmatthewlam" title="minghinmatthewlam"/></a> <a href="https://github.com/myfunc"><img src="https://avatars.githubusercontent.com/u/19294627?v=4&s=48" width="48" height="48" alt="myfunc" title="myfunc"/></a> <a href="https://github.com/buddyh"><img src="https://avatars.githubusercontent.com/u/31752869?v=4&s=48" width="48" height="48" alt="buddyh" title="buddyh"/></a>
-  <a href="https://github.com/connorshea"><img src="https://avatars.githubusercontent.com/u/2977353?v=4&s=48" width="48" height="48" alt="connorshea" title="connorshea"/></a> <a href="https://github.com/mcinteerj"><img src="https://avatars.githubusercontent.com/u/3613653?v=4&s=48" width="48" height="48" alt="mcinteerj" title="mcinteerj"/></a> <a href="https://github.com/John-Rood"><img src="https://avatars.githubusercontent.com/u/62669593?v=4&s=48" width="48" height="48" alt="John-Rood" title="John-Rood"/></a> <a href="https://github.com/timkrase"><img src="https://avatars.githubusercontent.com/u/38947626?v=4&s=48" width="48" height="48" alt="timkrase" title="timkrase"/></a> <a href="https://github.com/zerone0x"><img src="https://avatars.githubusercontent.com/u/39543393?v=4&s=48" width="48" height="48" alt="zerone0x" title="zerone0x"/></a> <a href="https://github.com/gerardward2007"><img src="https://avatars.githubusercontent.com/u/3002155?v=4&s=48" width="48" height="48" alt="gerardward2007" title="gerardward2007"/></a> <a href="https://github.com/obviyus"><img src="https://avatars.githubusercontent.com/u/22031114?v=4&s=48" width="48" height="48" alt="obviyus" title="obviyus"/></a> <a href="https://github.com/tosh-hamburg"><img src="https://avatars.githubusercontent.com/u/58424326?v=4&s=48" width="48" height="48" alt="tosh-hamburg" title="tosh-hamburg"/></a> <a href="https://github.com/azade-c"><img src="https://avatars.githubusercontent.com/u/252790079?v=4&s=48" width="48" height="48" alt="azade-c" title="azade-c"/></a> <a href="https://github.com/roshanasingh4"><img src="https://avatars.githubusercontent.com/u/88576930?v=4&s=48" width="48" height="48" alt="roshanasingh4" title="roshanasingh4"/></a>
-  <a href="https://github.com/bjesuiter"><img src="https://avatars.githubusercontent.com/u/2365676?v=4&s=48" width="48" height="48" alt="bjesuiter" title="bjesuiter"/></a> <a href="https://github.com/cheeeee"><img src="https://avatars.githubusercontent.com/u/21245729?v=4&s=48" width="48" height="48" alt="cheeeee" title="cheeeee"/></a> <a href="https://github.com/j1philli"><img src="https://avatars.githubusercontent.com/u/3744255?v=4&s=48" width="48" height="48" alt="Josh Phillips" title="Josh Phillips"/></a> <a href="https://github.com/Whoaa512"><img src="https://avatars.githubusercontent.com/u/1581943?v=4&s=48" width="48" height="48" alt="Whoaa512" title="Whoaa512"/></a> <a href="https://github.com/YuriNachos"><img src="https://avatars.githubusercontent.com/u/19365375?v=4&s=48" width="48" height="48" alt="YuriNachos" title="YuriNachos"/></a> <a href="https://github.com/chriseidhof"><img src="https://avatars.githubusercontent.com/u/5382?v=4&s=48" width="48" height="48" alt="chriseidhof" title="chriseidhof"/></a> <a href="https://github.com/ysqander"><img src="https://avatars.githubusercontent.com/u/80843820?v=4&s=48" width="48" height="48" alt="ysqander" title="ysqander"/></a> <a href="https://github.com/superman32432432"><img src="https://avatars.githubusercontent.com/u/7228420?v=4&s=48" width="48" height="48" alt="superman32432432" title="superman32432432"/></a> <a href="https://github.com/vignesh07"><img src="https://avatars.githubusercontent.com/u/1436853?v=4&s=48" width="48" height="48" alt="vignesh07" title="vignesh07"/></a> <a href="https://github.com/search?q=Yurii%20Chukhlib"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Yurii Chukhlib" title="Yurii Chukhlib"/></a>
-  <a href="https://github.com/grp06"><img src="https://avatars.githubusercontent.com/u/1573959?v=4&s=48" width="48" height="48" alt="grp06" title="grp06"/></a> <a href="https://github.com/antons"><img src="https://avatars.githubusercontent.com/u/129705?v=4&s=48" width="48" height="48" alt="antons" title="antons"/></a> <a href="https://github.com/austinm911"><img src="https://avatars.githubusercontent.com/u/31991302?v=4&s=48" width="48" height="48" alt="austinm911" title="austinm911"/></a> <a href="https://github.com/apps/blacksmith-sh"><img src="https://avatars.githubusercontent.com/in/807020?v=4&s=48" width="48" height="48" alt="blacksmith-sh[bot]" title="blacksmith-sh[bot]"/></a> <a href="https://github.com/dan-dr"><img src="https://avatars.githubusercontent.com/u/6669808?v=4&s=48" width="48" height="48" alt="dan-dr" title="dan-dr"/></a> <a href="https://github.com/HeimdallStrategy"><img src="https://avatars.githubusercontent.com/u/223014405?v=4&s=48" width="48" height="48" alt="HeimdallStrategy" title="HeimdallStrategy"/></a> <a href="https://github.com/imfing"><img src="https://avatars.githubusercontent.com/u/5097752?v=4&s=48" width="48" height="48" alt="imfing" title="imfing"/></a> <a href="https://github.com/jalehman"><img src="https://avatars.githubusercontent.com/u/550978?v=4&s=48" width="48" height="48" alt="jalehman" title="jalehman"/></a> <a href="https://github.com/jarvis-medmatic"><img src="https://avatars.githubusercontent.com/u/252428873?v=4&s=48" width="48" height="48" alt="jarvis-medmatic" title="jarvis-medmatic"/></a> <a href="https://github.com/kkarimi"><img src="https://avatars.githubusercontent.com/u/875218?v=4&s=48" width="48" height="48" alt="kkarimi" title="kkarimi"/></a>
-  <a href="https://github.com/mahmoudashraf93"><img src="https://avatars.githubusercontent.com/u/9130129?v=4&s=48" width="48" height="48" alt="mahmoudashraf93" title="mahmoudashraf93"/></a> <a href="https://github.com/petter-b"><img src="https://avatars.githubusercontent.com/u/62076402?v=4&s=48" width="48" height="48" alt="petter-b" title="petter-b"/></a> <a href="https://github.com/pkrmf"><img src="https://avatars.githubusercontent.com/u/1714267?v=4&s=48" width="48" height="48" alt="pkrmf" title="pkrmf"/></a> <a href="https://github.com/RandyVentures"><img src="https://avatars.githubusercontent.com/u/149904821?v=4&s=48" width="48" height="48" alt="RandyVentures" title="RandyVentures"/></a> <a href="https://github.com/search?q=Ryan%20Lisse"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Ryan Lisse" title="Ryan Lisse"/></a> <a href="https://github.com/erikpr1994"><img src="https://avatars.githubusercontent.com/u/6299331?v=4&s=48" width="48" height="48" alt="erikpr1994" title="erikpr1994"/></a> <a href="https://github.com/search?q=Ghost"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Ghost" title="Ghost"/></a> <a href="https://github.com/jonasjancarik"><img src="https://avatars.githubusercontent.com/u/2459191?v=4&s=48" width="48" height="48" alt="jonasjancarik" title="jonasjancarik"/></a> <a href="https://github.com/search?q=Keith%20the%20Silly%20Goose"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Keith the Silly Goose" title="Keith the Silly Goose"/></a> <a href="https://github.com/search?q=L36%20Server"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="L36 Server" title="L36 Server"/></a>
-  <a href="https://github.com/search?q=Marc"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Marc" title="Marc"/></a> <a href="https://github.com/mitschabaude-bot"><img src="https://avatars.githubusercontent.com/u/247582884?v=4&s=48" width="48" height="48" alt="mitschabaude-bot" title="mitschabaude-bot"/></a> <a href="https://github.com/neist"><img src="https://avatars.githubusercontent.com/u/1029724?v=4&s=48" width="48" height="48" alt="neist" title="neist"/></a> <a href="https://github.com/ngutman"><img src="https://avatars.githubusercontent.com/u/1540134?v=4&s=48" width="48" height="48" alt="ngutman" title="ngutman"/></a> <a href="https://github.com/chrisrodz"><img src="https://avatars.githubusercontent.com/u/2967620?v=4&s=48" width="48" height="48" alt="chrisrodz" title="chrisrodz"/></a> <a href="https://github.com/dougvk"><img src="https://avatars.githubusercontent.com/u/401660?v=4&s=48" width="48" height="48" alt="dougvk" title="dougvk"/></a> <a href="https://github.com/search?q=Friederike%20Seiler"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Friederike Seiler" title="Friederike Seiler"/></a> <a href="https://github.com/gabriel-trigo"><img src="https://avatars.githubusercontent.com/u/38991125?v=4&s=48" width="48" height="48" alt="gabriel-trigo" title="gabriel-trigo"/></a> <a href="https://github.com/Iamadig"><img src="https://avatars.githubusercontent.com/u/102129234?v=4&s=48" width="48" height="48" alt="iamadig" title="iamadig"/></a> <a href="https://github.com/search?q=Kit"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Kit" title="Kit"/></a>
-  <a href="https://github.com/koala73"><img src="https://avatars.githubusercontent.com/u/996596?v=4&s=48" width="48" height="48" alt="koala73" title="koala73"/></a> <a href="https://github.com/manmal"><img src="https://avatars.githubusercontent.com/u/142797?v=4&s=48" width="48" height="48" alt="manmal" title="manmal"/></a> <a href="https://github.com/ogulcancelik"><img src="https://avatars.githubusercontent.com/u/7064011?v=4&s=48" width="48" height="48" alt="ogulcancelik" title="ogulcancelik"/></a> <a href="https://github.com/pasogott"><img src="https://avatars.githubusercontent.com/u/23458152?v=4&s=48" width="48" height="48" alt="pasogott" title="pasogott"/></a> <a href="https://github.com/petradonka"><img src="https://avatars.githubusercontent.com/u/7353770?v=4&s=48" width="48" height="48" alt="petradonka" title="petradonka"/></a> <a href="https://github.com/rubyrunsstuff"><img src="https://avatars.githubusercontent.com/u/246602379?v=4&s=48" width="48" height="48" alt="rubyrunsstuff" title="rubyrunsstuff"/></a> <a href="https://github.com/sibbl"><img src="https://avatars.githubusercontent.com/u/866535?v=4&s=48" width="48" height="48" alt="sibbl" title="sibbl"/></a> <a href="https://github.com/suminhthanh"><img src="https://avatars.githubusercontent.com/u/2907636?v=4&s=48" width="48" height="48" alt="suminhthanh" title="suminhthanh"/></a> <a href="https://github.com/VACInc"><img src="https://avatars.githubusercontent.com/u/3279061?v=4&s=48" width="48" height="48" alt="VACInc" title="VACInc"/></a> <a href="https://github.com/wes-davis"><img src="https://avatars.githubusercontent.com/u/16506720?v=4&s=48" width="48" height="48" alt="wes-davis" title="wes-davis"/></a>
-  <a href="https://github.com/zats"><img src="https://avatars.githubusercontent.com/u/2688806?v=4&s=48" width="48" height="48" alt="zats" title="zats"/></a> <a href="https://github.com/24601"><img src="https://avatars.githubusercontent.com/u/1157207?v=4&s=48" width="48" height="48" alt="24601" title="24601"/></a> <a href="https://github.com/search?q=Chris%20Taylor"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Chris Taylor" title="Chris Taylor"/></a> <a href="https://github.com/djangonavarro220"><img src="https://avatars.githubusercontent.com/u/251162586?v=4&s=48" width="48" height="48" alt="Django Navarro" title="Django Navarro"/></a> <a href="https://github.com/evalexpr"><img src="https://avatars.githubusercontent.com/u/23485511?v=4&s=48" width="48" height="48" alt="evalexpr" title="evalexpr"/></a> <a href="https://github.com/henrino3"><img src="https://avatars.githubusercontent.com/u/4260288?v=4&s=48" width="48" height="48" alt="henrino3" title="henrino3"/></a> <a href="https://github.com/humanwritten"><img src="https://avatars.githubusercontent.com/u/206531610?v=4&s=48" width="48" height="48" alt="humanwritten" title="humanwritten"/></a> <a href="https://github.com/larlyssa"><img src="https://avatars.githubusercontent.com/u/13128869?v=4&s=48" width="48" height="48" alt="larlyssa" title="larlyssa"/></a> <a href="https://github.com/mkbehr"><img src="https://avatars.githubusercontent.com/u/1285?v=4&s=48" width="48" height="48" alt="mkbehr" title="mkbehr"/></a> <a href="https://github.com/oswalpalash"><img src="https://avatars.githubusercontent.com/u/6431196?v=4&s=48" width="48" height="48" alt="oswalpalash" title="oswalpalash"/></a>
-  <a href="https://github.com/pcty-nextgen-service-account"><img src="https://avatars.githubusercontent.com/u/112553441?v=4&s=48" width="48" height="48" alt="pcty-nextgen-service-account" title="pcty-nextgen-service-account"/></a> <a href="https://github.com/Syhids"><img src="https://avatars.githubusercontent.com/u/671202?v=4&s=48" width="48" height="48" alt="Syhids" title="Syhids"/></a> <a href="https://github.com/search?q=Aaron%20Konyer"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Aaron Konyer" title="Aaron Konyer"/></a> <a href="https://github.com/aaronveklabs"><img src="https://avatars.githubusercontent.com/u/225997828?v=4&s=48" width="48" height="48" alt="aaronveklabs" title="aaronveklabs"/></a> <a href="https://github.com/adam91holt"><img src="https://avatars.githubusercontent.com/u/9592417?v=4&s=48" width="48" height="48" alt="adam91holt" title="adam91holt"/></a> <a href="https://github.com/erik-agens"><img src="https://avatars.githubusercontent.com/u/80908960?v=4&s=48" width="48" height="48" alt="erik-agens" title="erik-agens"/></a> <a href="https://github.com/fcatuhe"><img src="https://avatars.githubusercontent.com/u/17382215?v=4&s=48" width="48" height="48" alt="fcatuhe" title="fcatuhe"/></a> <a href="https://github.com/ivanrvpereira"><img src="https://avatars.githubusercontent.com/u/183991?v=4&s=48" width="48" height="48" alt="ivanrvpereira" title="ivanrvpereira"/></a> <a href="https://github.com/jayhickey"><img src="https://avatars.githubusercontent.com/u/1676460?v=4&s=48" width="48" height="48" alt="jayhickey" title="jayhickey"/></a> <a href="https://github.com/jeffersonwarrior"><img src="https://avatars.githubusercontent.com/u/89030989?v=4&s=48" width="48" height="48" alt="jeffersonwarrior" title="jeffersonwarrior"/></a>
-  <a href="https://github.com/search?q=jeffersonwarrior"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="jeffersonwarrior" title="jeffersonwarrior"/></a> <a href="https://github.com/jdrhyne"><img src="https://avatars.githubusercontent.com/u/7828464?v=4&s=48" width="48" height="48" alt="Jonathan D. Rhyne (DJ-D)" title="Jonathan D. Rhyne (DJ-D)"/></a> <a href="https://github.com/jverdi"><img src="https://avatars.githubusercontent.com/u/345050?v=4&s=48" width="48" height="48" alt="jverdi" title="jverdi"/></a> <a href="https://github.com/longmaba"><img src="https://avatars.githubusercontent.com/u/9361500?v=4&s=48" width="48" height="48" alt="longmaba" title="longmaba"/></a> <a href="https://github.com/mickahouan"><img src="https://avatars.githubusercontent.com/u/31423109?v=4&s=48" width="48" height="48" alt="mickahouan" title="mickahouan"/></a> <a href="https://github.com/mjrussell"><img src="https://avatars.githubusercontent.com/u/1641895?v=4&s=48" width="48" height="48" alt="mjrussell" title="mjrussell"/></a> <a href="https://github.com/p6l-richard"><img src="https://avatars.githubusercontent.com/u/18185649?v=4&s=48" width="48" height="48" alt="p6l-richard" title="p6l-richard"/></a> <a href="https://github.com/philipp-spiess"><img src="https://avatars.githubusercontent.com/u/458591?v=4&s=48" width="48" height="48" alt="philipp-spiess" title="philipp-spiess"/></a> <a href="https://github.com/robaxelsen"><img src="https://avatars.githubusercontent.com/u/13132899?v=4&s=48" width="48" height="48" alt="robaxelsen" title="robaxelsen"/></a> <a href="https://github.com/search?q=Sash%20Catanzarite"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Sash Catanzarite" title="Sash Catanzarite"/></a>
-  <a href="https://github.com/T5-AndyML"><img src="https://avatars.githubusercontent.com/u/22801233?v=4&s=48" width="48" height="48" alt="T5-AndyML" title="T5-AndyML"/></a> <a href="https://github.com/search?q=VAC"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="VAC" title="VAC"/></a> <a href="https://github.com/zknicker"><img src="https://avatars.githubusercontent.com/u/1164085?v=4&s=48" width="48" height="48" alt="zknicker" title="zknicker"/></a> <a href="https://github.com/search?q=alejandro%20maza"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="alejandro maza" title="alejandro maza"/></a> <a href="https://github.com/andrewting19"><img src="https://avatars.githubusercontent.com/u/10536704?v=4&s=48" width="48" height="48" alt="andrewting19" title="andrewting19"/></a> <a href="https://github.com/anpoirier"><img src="https://avatars.githubusercontent.com/u/1245729?v=4&s=48" width="48" height="48" alt="anpoirier" title="anpoirier"/></a> <a href="https://github.com/Asleep123"><img src="https://avatars.githubusercontent.com/u/122379135?v=4&s=48" width="48" height="48" alt="Asleep123" title="Asleep123"/></a> <a href="https://github.com/bolismauro"><img src="https://avatars.githubusercontent.com/u/771999?v=4&s=48" width="48" height="48" alt="bolismauro" title="bolismauro"/></a> <a href="https://github.com/cash-echo-bot"><img src="https://avatars.githubusercontent.com/u/252747386?v=4&s=48" width="48" height="48" alt="cash-echo-bot" title="cash-echo-bot"/></a> <a href="https://github.com/search?q=Clawd"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Clawd" title="Clawd"/></a>
-  <a href="https://github.com/conhecendocontato"><img src="https://avatars.githubusercontent.com/u/82890727?v=4&s=48" width="48" height="48" alt="conhecendocontato" title="conhecendocontato"/></a> <a href="https://github.com/search?q=Dimitrios%20Ploutarchos"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Dimitrios Ploutarchos" title="Dimitrios Ploutarchos"/></a> <a href="https://github.com/search?q=Drake%20Thomsen"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Drake Thomsen" title="Drake Thomsen"/></a> <a href="https://github.com/search?q=Felix%20Krause"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Felix Krause" title="Felix Krause"/></a> <a href="https://github.com/gtsifrikas"><img src="https://avatars.githubusercontent.com/u/8904378?v=4&s=48" width="48" height="48" alt="gtsifrikas" title="gtsifrikas"/></a> <a href="https://github.com/HazAT"><img src="https://avatars.githubusercontent.com/u/363802?v=4&s=48" width="48" height="48" alt="HazAT" title="HazAT"/></a> <a href="https://github.com/hrdwdmrbl"><img src="https://avatars.githubusercontent.com/u/554881?v=4&s=48" width="48" height="48" alt="hrdwdmrbl" title="hrdwdmrbl"/></a> <a href="https://github.com/hugobarauna"><img src="https://avatars.githubusercontent.com/u/2719?v=4&s=48" width="48" height="48" alt="hugobarauna" title="hugobarauna"/></a> <a href="https://github.com/search?q=Jamie%20Openshaw"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jamie Openshaw" title="Jamie Openshaw"/></a> <a href="https://github.com/search?q=Jarvis"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jarvis" title="Jarvis"/></a>
-  <a href="https://github.com/search?q=Jefferson%20Nunn"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jefferson Nunn" title="Jefferson Nunn"/></a> <a href="https://github.com/search?q=Kevin%20Lin"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Kevin Lin" title="Kevin Lin"/></a> <a href="https://github.com/kitze"><img src="https://avatars.githubusercontent.com/u/1160594?v=4&s=48" width="48" height="48" alt="kitze" title="kitze"/></a> <a href="https://github.com/levifig"><img src="https://avatars.githubusercontent.com/u/1605?v=4&s=48" width="48" height="48" alt="levifig" title="levifig"/></a> <a href="https://github.com/search?q=Lloyd"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Lloyd" title="Lloyd"/></a> <a href="https://github.com/loukotal"><img src="https://avatars.githubusercontent.com/u/18210858?v=4&s=48" width="48" height="48" alt="loukotal" title="loukotal"/></a> <a href="https://github.com/martinpucik"><img src="https://avatars.githubusercontent.com/u/5503097?v=4&s=48" width="48" height="48" alt="martinpucik" title="martinpucik"/></a> <a href="https://github.com/search?q=Miles"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Miles" title="Miles"/></a> <a href="https://github.com/mrdbstn"><img src="https://avatars.githubusercontent.com/u/58957632?v=4&s=48" width="48" height="48" alt="mrdbstn" title="mrdbstn"/></a> <a href="https://github.com/MSch"><img src="https://avatars.githubusercontent.com/u/7475?v=4&s=48" width="48" height="48" alt="MSch" title="MSch"/></a>
-  <a href="https://github.com/search?q=Mustafa%20Tag%20Eldeen"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Mustafa Tag Eldeen" title="Mustafa Tag Eldeen"/></a> <a href="https://github.com/ndraiman"><img src="https://avatars.githubusercontent.com/u/12609607?v=4&s=48" width="48" height="48" alt="ndraiman" title="ndraiman"/></a> <a href="https://github.com/nexty5870"><img src="https://avatars.githubusercontent.com/u/3869659?v=4&s=48" width="48" height="48" alt="nexty5870" title="nexty5870"/></a> <a href="https://github.com/odysseus0"><img src="https://avatars.githubusercontent.com/u/8635094?v=4&s=48" width="48" height="48" alt="odysseus0" title="odysseus0"/></a> <a href="https://github.com/prathamdby"><img src="https://avatars.githubusercontent.com/u/134331217?v=4&s=48" width="48" height="48" alt="prathamdby" title="prathamdby"/></a> <a href="https://github.com/reeltimeapps"><img src="https://avatars.githubusercontent.com/u/637338?v=4&s=48" width="48" height="48" alt="reeltimeapps" title="reeltimeapps"/></a> <a href="https://github.com/RLTCmpe"><img src="https://avatars.githubusercontent.com/u/10762242?v=4&s=48" width="48" height="48" alt="RLTCmpe" title="RLTCmpe"/></a> <a href="https://github.com/rodrigouroz"><img src="https://avatars.githubusercontent.com/u/384037?v=4&s=48" width="48" height="48" alt="rodrigouroz" title="rodrigouroz"/></a> <a href="https://github.com/search?q=Rolf%20Fredheim"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Rolf Fredheim" title="Rolf Fredheim"/></a> <a href="https://github.com/search?q=Rony%20Kelner"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Rony Kelner" title="Rony Kelner"/></a>
-  <a href="https://github.com/search?q=Samrat%20Jha"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Samrat Jha" title="Samrat Jha"/></a> <a href="https://github.com/siraht"><img src="https://avatars.githubusercontent.com/u/73152895?v=4&s=48" width="48" height="48" alt="siraht" title="siraht"/></a> <a href="https://github.com/snopoke"><img src="https://avatars.githubusercontent.com/u/249606?v=4&s=48" width="48" height="48" alt="snopoke" title="snopoke"/></a> <a href="https://github.com/search?q=The%20Admiral"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="The Admiral" title="The Admiral"/></a> <a href="https://github.com/thesash"><img src="https://avatars.githubusercontent.com/u/1166151?v=4&s=48" width="48" height="48" alt="thesash" title="thesash"/></a> <a href="https://github.com/search?q=Ubuntu"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Ubuntu" title="Ubuntu"/></a> <a href="https://github.com/voidserf"><img src="https://avatars.githubusercontent.com/u/477673?v=4&s=48" width="48" height="48" alt="voidserf" title="voidserf"/></a> <a href="https://github.com/wstock"><img src="https://avatars.githubusercontent.com/u/1394687?v=4&s=48" width="48" height="48" alt="wstock" title="wstock"/></a> <a href="https://github.com/search?q=Zach%20Knickerbocker"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Zach Knickerbocker" title="Zach Knickerbocker"/></a> <a href="https://github.com/Alphonse-arianee"><img src="https://avatars.githubusercontent.com/u/254457365?v=4&s=48" width="48" height="48" alt="Alphonse-arianee" title="Alphonse-arianee"/></a>
-  <a href="https://github.com/search?q=Azade"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Azade" title="Azade"/></a> <a href="https://github.com/carlulsoe"><img src="https://avatars.githubusercontent.com/u/34673973?v=4&s=48" width="48" height="48" alt="carlulsoe" title="carlulsoe"/></a> <a href="https://github.com/search?q=ddyo"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="ddyo" title="ddyo"/></a> <a href="https://github.com/search?q=Erik"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Erik" title="Erik"/></a> <a href="https://github.com/latitudeki5223"><img src="https://avatars.githubusercontent.com/u/119656367?v=4&s=48" width="48" height="48" alt="latitudeki5223" title="latitudeki5223"/></a> <a href="https://github.com/search?q=Manuel%20Maly"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Manuel Maly" title="Manuel Maly"/></a> <a href="https://github.com/search?q=Mourad%20Boustani"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Mourad Boustani" title="Mourad Boustani"/></a> <a href="https://github.com/odrobnik"><img src="https://avatars.githubusercontent.com/u/333270?v=4&s=48" width="48" height="48" alt="odrobnik" title="odrobnik"/></a> <a href="https://github.com/pcty-nextgen-ios-builder"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="pcty-nextgen-ios-builder" title="pcty-nextgen-ios-builder"/></a> <a href="https://github.com/search?q=Quentin"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Quentin" title="Quentin"/></a>
-  <a href="https://github.com/search?q=Randy%20Torres"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Randy Torres" title="Randy Torres"/></a> <a href="https://github.com/rhjoh"><img src="https://avatars.githubusercontent.com/u/105699450?v=4&s=48" width="48" height="48" alt="rhjoh" title="rhjoh"/></a> <a href="https://github.com/ronak-guliani"><img src="https://avatars.githubusercontent.com/u/23518228?v=4&s=48" width="48" height="48" alt="ronak-guliani" title="ronak-guliani"/></a> <a href="https://github.com/search?q=William%20Stock"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="William Stock" title="William Stock"/></a>
-</p>
+- https://clawd.me
+- https://soul.md
+- https://steipete.me
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,15 +0,0 @@
-# Security Policy
-
-If you believe you’ve found a security issue in Clawdbot, please report it privately.
-
-## Reporting
-
- Email: `steipete@gmail.com`
- What to include: reproduction steps, impact assessment, and (if possible) a minimal PoC.
-
-## Operational Guidance
-
-For threat model + hardening guidance (including `clawdbot security audit --deep` and `--fix`), see:
-
- `https://docs.clawd.bot/gateway/security`
-
--- a/Swabble/Package.resolved
+++ b/Swabble/Package.resolved
@@ -1,15 +1,6 @@
 {
-  "originHash" : "c0677e232394b5f6b0191b6dbb5bae553d55264f65ae725cd03a8ffdfda9cdd3",
+  "originHash" : "2012d083159d375d07febbc184c592c569d7ab48247045e35a762e3269d4cadc",
  "pins" : [
-    {
-      "identity" : "commander",
-      "kind" : "remoteSourceControl",
-      "location" : "https://github.com/steipete/Commander.git",
-      "state" : {
-        "revision" : "9e349575c8e3c6745e81fe19e5bb5efa01b078ce",
-        "version" : "0.2.1"
-      }
-    },
    {
      "identity" : "swift-syntax",
      "kind" : "remoteSourceControl",
--- a/Swabble/Package.swift
+++ b/Swabble/Package.swift
@@ -13,7 +13,7 @@ let package = Package(
        .executable(name: "swabble", targets: ["SwabbleCLI"]),
    ],
    dependencies: [
-        .package(url: "https://github.com/steipete/Commander.git", exact: "0.2.1"),
+        .package(path: "../Peekaboo/Commander"),
        .package(url: "https://github.com/apple/swift-testing", from: "0.99.0"),
    ],
    targets: [
--- a/Swabble/README.md
+++ b/Swabble/README.md
@@ -101,8 +101,8 @@ Environment variables:
 - Authorization requested at first start; requires macOS 26 + new Speech.framework APIs.

 ## Development
- Format: `./scripts/format.sh` (uses local `.swiftformat`)
- Lint: `./scripts/lint.sh` (uses local `.swiftlint.yml`)
+- Format: `./scripts/format.sh` (uses ../peekaboo/.swiftformat if present)
+- Lint: `./scripts/lint.sh` (uses ../peekaboo/.swiftlint.yml if present)
 - Tests: `swift test` (uses swift-testing package)

 ## Roadmap
--- a/Swabble/Sources/SwabbleCore/Support/AttributedString+Sentences.swift
+++ b/Swabble/Sources/SwabbleCore/Support/AttributedString+Sentences.swift
@@ -34,7 +34,8 @@ extension AttributedString {
            var ranges: [Range<AttributedString.Index>] = []
            for wordRange in wordRanges {
                if let lastRange = ranges.last,
-                   self[lastRange].characters.count + self[wordRange].characters.count <= maxLength {
+                   self[lastRange].characters.count + self[wordRange].characters.count <= maxLength
+                {
                    ranges[ranges.count - 1] = lastRange.lowerBound..<wordRange.upperBound
                } else {
                    ranges.append(wordRange)
--- a/Swabble/Sources/SwabbleCore/Support/TranscriptsStore.swift
+++ b/Swabble/Sources/SwabbleCore/Support/TranscriptsStore.swift
@@ -13,7 +13,8 @@ public actor TranscriptsStore {
        try? FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true)
        fileURL = dir.appendingPathComponent("transcripts.log")
        if let data = try? Data(contentsOf: fileURL),
-           let text = String(data: data, encoding: .utf8) {
+           let text = String(data: data, encoding: .utf8)
+        {
            entries = text.split(separator: "\n").map(String.init).suffix(limit)
        }
    }
--- a/Swabble/Sources/SwabbleKit/WakeWordGate.swift
+++ b/Swabble/Sources/SwabbleKit/WakeWordGate.swift
@@ -13,7 +13,7 @@ public struct WakeWordSegment: Sendable, Equatable {
        self.range = range
    }

-    public var end: TimeInterval { start + duration }
+    public var end: TimeInterval { self.start + self.duration }
 }

 public struct WakeWordGateConfig: Sendable, Equatable {
@@ -24,7 +24,8 @@ public struct WakeWordGateConfig: Sendable, Equatable {
    public init(
        triggers: [String],
        minPostTriggerGap: TimeInterval = 0.45,
-        minCommandLength: Int = 1) {
+        minCommandLength: Int = 1)
+    {
        self.triggers = triggers
        self.minPostTriggerGap = minPostTriggerGap
        self.minCommandLength = minCommandLength
@@ -56,24 +57,18 @@ public enum WakeWordGate {
        let tokens: [String]
    }

-    private struct MatchCandidate {
-        let index: Int
-        let triggerEnd: TimeInterval
-        let gap: TimeInterval
-    }
-
    public static func match(
        transcript: String,
        segments: [WakeWordSegment],
        config: WakeWordGateConfig)
    -> WakeWordGateMatch? {
-        let triggerTokens = normalizeTriggers(config.triggers)
+        let triggerTokens = self.normalizeTriggers(config.triggers)
        guard !triggerTokens.isEmpty else { return nil }

-        let tokens = normalizeSegments(segments)
+        let tokens = self.normalizeSegments(segments)
        guard !tokens.isEmpty else { return nil }

-        var best: MatchCandidate?
+        var best: (index: Int, triggerEnd: TimeInterval, gap: TimeInterval)?

        for trigger in triggerTokens {
            let count = trigger.tokens.count
@@ -89,12 +84,12 @@ public enum WakeWordGate {

                if let best, i <= best.index { continue }

-                best = MatchCandidate(index: i, triggerEnd: triggerEnd, gap: gap)
+                best = (i, triggerEnd, gap)
            }
        }

        guard let best else { return nil }
-        let command = commandText(transcript: transcript, segments: segments, triggerEndTime: best.triggerEnd)
+        let command = self.commandText(transcript: transcript, segments: segments, triggerEndTime: best.triggerEnd)
            .trimmingCharacters(in: Self.whitespaceAndPunctuation)
        guard command.count >= config.minCommandLength else { return nil }
        return WakeWordGateMatch(triggerEndTime: best.triggerEnd, postGap: best.gap, command: command)
@@ -116,7 +111,7 @@ public enum WakeWordGate {
        }

        let text = segments
-            .filter { $0.start >= threshold && !normalizeToken($0.text).isEmpty }
+            .filter { $0.start >= threshold && !self.normalizeToken($0.text).isEmpty }
            .map(\.text)
            .joined(separator: " ")
        return text.trimmingCharacters(in: Self.whitespaceAndPunctuation)
@@ -126,7 +121,7 @@ public enum WakeWordGate {
        guard !text.isEmpty else { return false }
        let normalized = text.lowercased()
        for trigger in triggers {
-            let token = trigger.trimmingCharacters(in: whitespaceAndPunctuation).lowercased()
+            let token = trigger.trimmingCharacters(in: self.whitespaceAndPunctuation).lowercased()
            if token.isEmpty { continue }
            if normalized.contains(token) { return true }
        }
@@ -136,11 +131,11 @@ public enum WakeWordGate {
    public static func stripWake(text: String, triggers: [String]) -> String {
        var out = text
        for trigger in triggers {
-            let token = trigger.trimmingCharacters(in: whitespaceAndPunctuation)
+            let token = trigger.trimmingCharacters(in: self.whitespaceAndPunctuation)
            guard !token.isEmpty else { continue }
            out = out.replacingOccurrences(of: token, with: "", options: [.caseInsensitive])
        }
-        return out.trimmingCharacters(in: whitespaceAndPunctuation)
+        return out.trimmingCharacters(in: self.whitespaceAndPunctuation)
    }

    private static func normalizeTriggers(_ triggers: [String]) -> [TriggerTokens] {
@@ -148,7 +143,7 @@ public enum WakeWordGate {
        for trigger in triggers {
            let tokens = trigger
                .split(whereSeparator: { $0.isWhitespace })
-                .map { normalizeToken(String($0)) }
+                .map { self.normalizeToken(String($0)) }
                .filter { !$0.isEmpty }
            if tokens.isEmpty { continue }
            output.append(TriggerTokens(tokens: tokens))
@@ -158,7 +153,7 @@ public enum WakeWordGate {

    private static func normalizeSegments(_ segments: [WakeWordSegment]) -> [Token] {
        segments.compactMap { segment in
-            let normalized = normalizeToken(segment.text)
+            let normalized = self.normalizeToken(segment.text)
            guard !normalized.isEmpty else { return nil }
            return Token(
                normalized: normalized,
@@ -171,7 +166,7 @@ public enum WakeWordGate {

    private static func normalizeToken(_ token: String) -> String {
        token
-            .trimmingCharacters(in: whitespaceAndPunctuation)
+            .trimmingCharacters(in: self.whitespaceAndPunctuation)
            .lowercased()
    }

--- a/Swabble/Sources/swabble/CLI/CLIRegistry.swift
+++ b/Swabble/Sources/swabble/CLI/CLIRegistry.swift
@@ -24,7 +24,7 @@ enum CLIRegistry {
            subcommands: [
                descriptor(for: ServiceInstall.self),
                descriptor(for: ServiceUninstall.self),
-                descriptor(for: ServiceStatus.self)
+                descriptor(for: ServiceStatus.self),
            ])
        let doctorDesc = descriptor(for: DoctorCommand.self)
        let setupDesc = descriptor(for: SetupCommand.self)
@@ -54,7 +54,7 @@ enum CLIRegistry {
                startDesc,
                stopDesc,
                restartDesc,
-                statusDesc
+                statusDesc,
            ])
        return [root]
    }
--- a/Swabble/Sources/swabble/Commands/ServiceCommands.swift
+++ b/Swabble/Sources/swabble/Commands/ServiceCommands.swift
@@ -25,7 +25,7 @@ private enum LaunchdHelper {
            "Label": label,
            "ProgramArguments": [executable, "serve"],
            "RunAtLoad": true,
-            "KeepAlive": true
+            "KeepAlive": true,
        ]
        let data = try PropertyListSerialization.data(fromPropertyList: plist, format: .xml, options: 0)
        try data.write(to: plistURL)
--- a/Swabble/Sources/swabble/main.swift
+++ b/Swabble/Sources/swabble/main.swift
@@ -25,123 +25,78 @@ private func dispatch(invocation: CommandInvocation) async throws {

    switch first {
    case "swabble":
-        try await dispatchSwabble(parsed: parsed, path: path)
+        guard path.count >= 2 else { throw CommanderProgramError.missingSubcommand(command: "swabble") }
+        let sub = path[1]
+        switch sub {
+        case "serve":
+            var cmd = ServeCommand(parsed: parsed)
+            try await cmd.run()
+        case "transcribe":
+            var cmd = TranscribeCommand(parsed: parsed)
+            try await cmd.run()
+        case "test-hook":
+            var cmd = TestHookCommand(parsed: parsed)
+            try await cmd.run()
+        case "mic":
+            guard path.count >= 3 else { throw CommanderProgramError.missingSubcommand(command: "mic") }
+            let micSub = path[2]
+            if micSub == "list" {
+                var cmd = MicList(parsed: parsed)
+                try await cmd.run()
+            } else if micSub == "set" {
+                var cmd = MicSet(parsed: parsed)
+                try await cmd.run()
+            } else {
+                throw CommanderProgramError.unknownSubcommand(command: "mic", name: micSub)
+            }
+        case "service":
+            guard path.count >= 3 else { throw CommanderProgramError.missingSubcommand(command: "service") }
+            let svcSub = path[2]
+            switch svcSub {
+            case "install":
+                var cmd = ServiceInstall()
+                try await cmd.run()
+            case "uninstall":
+                var cmd = ServiceUninstall()
+                try await cmd.run()
+            case "status":
+                var cmd = ServiceStatus()
+                try await cmd.run()
+            default:
+                throw CommanderProgramError.unknownSubcommand(command: "service", name: svcSub)
+            }
+        case "doctor":
+            var cmd = DoctorCommand(parsed: parsed)
+            try await cmd.run()
+        case "setup":
+            var cmd = SetupCommand(parsed: parsed)
+            try await cmd.run()
+        case "health":
+            var cmd = HealthCommand(parsed: parsed)
+            try await cmd.run()
+        case "tail-log":
+            var cmd = TailLogCommand(parsed: parsed)
+            try await cmd.run()
+        case "start":
+            var cmd = StartCommand()
+            try await cmd.run()
+        case "stop":
+            var cmd = StopCommand()
+            try await cmd.run()
+        case "restart":
+            var cmd = RestartCommand()
+            try await cmd.run()
+        case "status":
+            var cmd = StatusCommand()
+            try await cmd.run()
+        default:
+            throw CommanderProgramError.unknownSubcommand(command: "swabble", name: sub)
+        }
    default:
        throw CommanderProgramError.unknownCommand(first)
    }
 }

-@available(macOS 26.0, *)
-@MainActor
-private func dispatchSwabble(parsed: ParsedValues, path: [String]) async throws {
-    let sub = try subcommand(path, index: 1, command: "swabble")
-    switch sub {
-    case "mic":
-        try await dispatchMic(parsed: parsed, path: path)
-    case "service":
-        try await dispatchService(path: path)
-    default:
-        let handlers = swabbleHandlers(parsed: parsed)
-        guard let handler = handlers[sub] else {
-            throw CommanderProgramError.unknownSubcommand(command: "swabble", name: sub)
-        }
-        try await handler()
-    }
-}
-
-@available(macOS 26.0, *)
-@MainActor
-private func swabbleHandlers(parsed: ParsedValues) -> [String: () async throws -> Void] {
-    [
-        "serve": {
-            var cmd = ServeCommand(parsed: parsed)
-            try await cmd.run()
-        },
-        "transcribe": {
-            var cmd = TranscribeCommand(parsed: parsed)
-            try await cmd.run()
-        },
-        "test-hook": {
-            var cmd = TestHookCommand(parsed: parsed)
-            try await cmd.run()
-        },
-        "doctor": {
-            var cmd = DoctorCommand(parsed: parsed)
-            try await cmd.run()
-        },
-        "setup": {
-            var cmd = SetupCommand(parsed: parsed)
-            try await cmd.run()
-        },
-        "health": {
-            var cmd = HealthCommand(parsed: parsed)
-            try await cmd.run()
-        },
-        "tail-log": {
-            var cmd = TailLogCommand(parsed: parsed)
-            try await cmd.run()
-        },
-        "start": {
-            var cmd = StartCommand()
-            try await cmd.run()
-        },
-        "stop": {
-            var cmd = StopCommand()
-            try await cmd.run()
-        },
-        "restart": {
-            var cmd = RestartCommand()
-            try await cmd.run()
-        },
-        "status": {
-            var cmd = StatusCommand()
-            try await cmd.run()
-        }
-    ]
-}
-
-@available(macOS 26.0, *)
-@MainActor
-private func dispatchMic(parsed: ParsedValues, path: [String]) async throws {
-    let micSub = try subcommand(path, index: 2, command: "mic")
-    switch micSub {
-    case "list":
-        var cmd = MicList(parsed: parsed)
-        try await cmd.run()
-    case "set":
-        var cmd = MicSet(parsed: parsed)
-        try await cmd.run()
-    default:
-        throw CommanderProgramError.unknownSubcommand(command: "mic", name: micSub)
-    }
-}
-
-@available(macOS 26.0, *)
-@MainActor
-private func dispatchService(path: [String]) async throws {
-    let svcSub = try subcommand(path, index: 2, command: "service")
-    switch svcSub {
-    case "install":
-        var cmd = ServiceInstall()
-        try await cmd.run()
-    case "uninstall":
-        var cmd = ServiceUninstall()
-        try await cmd.run()
-    case "status":
-        var cmd = ServiceStatus()
-        try await cmd.run()
-    default:
-        throw CommanderProgramError.unknownSubcommand(command: "service", name: svcSub)
-    }
-}
-
-private func subcommand(_ path: [String], index: Int, command: String) throws -> String {
-    guard path.count > index else {
-        throw CommanderProgramError.missingSubcommand(command: command)
-    }
-    return path[index]
-}
-
 if #available(macOS 26.0, *) {
    let exitCode = await runCLI()
    exit(exitCode)
--- a/Swabble/Tests/SwabbleKitTests/WakeWordGateTests.swift
+++ b/Swabble/Tests/SwabbleKitTests/WakeWordGateTests.swift
@@ -1,6 +1,6 @@
 import Foundation
-import SwabbleKit
 import Testing
+import SwabbleKit

@Suite struct WakeWordGateTests {
    @Test func matchRequiresGapAfterTrigger() {
--- a/Swabble/scripts/format.sh
+++ b/Swabble/scripts/format.sh
@@ -1,5 +1,10 @@
 #!/bin/bash
 set -euo pipefail
 ROOT="$(cd "$(dirname "$0")/.." && pwd)"
-CONFIG="${ROOT}/.swiftformat"
+PEEKABOO_ROOT="${ROOT}/../peekaboo"
+if [ -f "${PEEKABOO_ROOT}/.swiftformat" ]; then
+  CONFIG="${PEEKABOO_ROOT}/.swiftformat"
+else
+  CONFIG="${ROOT}/.swiftformat"
+fi
 swiftformat --config "$CONFIG" "$ROOT/Sources"
--- a/Swabble/scripts/lint.sh
+++ b/Swabble/scripts/lint.sh
@@ -1,7 +1,12 @@
 #!/bin/bash
 set -euo pipefail
 ROOT="$(cd "$(dirname "$0")/.." && pwd)"
-CONFIG="${ROOT}/.swiftlint.yml"
+PEEKABOO_ROOT="${ROOT}/../peekaboo"
+if [ -f "${PEEKABOO_ROOT}/.swiftlint.yml" ]; then
+  CONFIG="${PEEKABOO_ROOT}/.swiftlint.yml"
+else
+  CONFIG="$ROOT/.swiftlint.yml"
+fi
 if ! command -v swiftlint >/dev/null; then
  echo "swiftlint not installed" >&2
  exit 1
--- a/appcast.xml
+++ b/appcast.xml
@@ -1,275 +1,212 @@
 <?xml version="1.0" standalone="yes"?>
 <rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
    <channel>
-        <title>Clawdbot</title>
+        <title>Clawdis</title>
        <item>
-            <title>2026.1.16-2</title>
-            <pubDate>Sat, 17 Jan 2026 12:46:22 +0000</pubDate>
-            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
-            <sparkle:version>6273</sparkle:version>
-            <sparkle:shortVersionString>2026.1.16-2</sparkle:shortVersionString>
+            <title>2.0.0-beta5</title>
+            <pubDate>Sat, 03 Jan 2026 07:15:16 +0100</pubDate>
+            <link>https://raw.githubusercontent.com/steipete/clawdis/main/appcast.xml</link>
+            <sparkle:version>2765</sparkle:version>
+            <sparkle:shortVersionString>2.0.0-beta5</sparkle:shortVersionString>
            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>Clawdbot 2026.1.16-2</h2>
-<h3>Changes</h3>
+            <description><![CDATA[<h2>Clawdis 2.0.0-beta5</h2>
+<h3>Fixed</h3>
 <ul>
-<li>CLI: stamp build commit into dist metadata so banners show the commit in npm installs.</li>
-</ul>
-<p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
-]]></description>
-            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.16-2/Clawdbot-2026.1.16-2.zip" length="21399591" type="application/octet-stream" sparkle:edSignature="zelT+KzN32cXsihbFniPF5Heq0hkwFfL3Agrh/AaoKUkr7kJAFarkGSOZRTWZ9y+DvOluzn2wHHjVigRjMzrBA=="/>
-        </item>
-        <item>
-            <title>2026.1.15</title>
-            <pubDate>Fri, 16 Jan 2026 10:31:53 +0000</pubDate>
-            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
-            <sparkle:version>5998</sparkle:version>
-            <sparkle:shortVersionString>2026.1.15</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>Clawdbot 2026.1.15</h2>
-<h3>Highlights</h3>
-<ul>
-<li>Plugins: add provider auth registry + <code>clawdbot models auth login</code> for plugin-driven OAuth/API key flows.</li>
-<li>Browser: improve remote CDP/Browserless support (auth passthrough, <code>wss</code> upgrade, timeouts, clearer errors).</li>
-<li>Heartbeat: per-agent configuration + 24h duplicate suppression. (#980) — thanks @voidserf.</li>
-<li>Security: audit warns on weak model tiers; app nodes store auth tokens encrypted (Keychain/SecurePrefs).</li>
+<li>Media: preserve GIF animation when uploading to Discord/other providers (skip JPEG optimization for image/gif).</li>
+<li>Agent runtime: update pi-mono dependencies to 0.31.1 (agent-core split).</li>
+<li>Dependencies: bump to latest compatible versions (TypeBox, grammY, Zod, Rolldown, oxlint-tsgolint).</li>
+<li>Tests: cover read tool image metadata + text output.</li>
+<li>Tests: add queue mode coverage (collect/followup + directive parsing).</li>
 </ul>
 <h3>Breaking</h3>
 <ul>
-<li><strong>BREAKING:</strong> iOS minimum version is now 18.0 to support Textual markdown rendering in native chat. (#702)</li>
-<li><strong>BREAKING:</strong> Microsoft Teams is now a plugin; install <code>@clawdbot/msteams</code> via <code>clawdbot plugins install @clawdbot/msteams</code>.</li>
+<li>Skills config schema moved under <code>skills.*</code>:</li>
 </ul>
-<h3>Changes</h3>
+  - <code>skillsLoad.extraDirs</code> → <code>skills.load.extraDirs</code>
+  - <code>skillsInstall.*</code> → <code>skills.install.*</code>
+  - per-skill config map moved to <code>skills.entries</code> (e.g. <code>skills.peekaboo.enabled</code> → <code>skills.entries.peekaboo.enabled</code>)
+  - new optional bundled allowlist: <code>skills.allowBundled</code> (only affects bundled skills)
 <ul>
-<li>CLI: set process titles to <code>clawdbot-<command></code> for clearer process listings.</li>
-<li>CLI/macOS: sync remote SSH target/identity to config and let <code>gateway status</code> auto-infer SSH targets (ssh-config aware).</li>
-<li>Heartbeat: tighten prompt guidance + suppress duplicate alerts for 24h. (#980) — thanks @voidserf.</li>
-<li>Sessions/Security: add <code>session.dmScope</code> for multi-user DM isolation and audit warnings. (#948) — thanks @Alphonse-arianee.</li>
-<li>Plugins: add provider auth registry + <code>clawdbot models auth login</code> for plugin-driven OAuth/API key flows.</li>
-<li>Onboarding: switch channels setup to a single-select loop with per-channel actions and disabled hints in the picker.</li>
-<li>TUI: show provider/model labels for the active session and default model.</li>
-<li>Heartbeat: add per-agent heartbeat configuration and multi-agent docs example.</li>
-<li>UI: show gateway auth guidance + doc link on unauthorized Control UI connections.</li>
-<li>Security: warn on weak model tiers (Haiku, below GPT-5, below Claude 4.5) in <code>clawdbot security audit</code>.</li>
-<li>Apps: store node auth tokens encrypted (Keychain/SecurePrefs).</li>
-<li>Daemon: share profile/state-dir resolution across service helpers and honor <code>CLAWDBOT_STATE_DIR</code> for Windows task scripts.</li>
-<li>Docs: clarify multi-gateway rescue bot guidance. (#969) — thanks @bjesuiter.</li>
-<li>Agents: add Current Date & Time system prompt section with configurable time format (auto/12/24).</li>
-<li>Tools: normalize Slack/Discord message timestamps with <code>timestampMs</code>/<code>timestampUtc</code> while keeping raw provider fields.</li>
-<li>macOS: add <code>system.which</code> for prompt-free remote skill discovery (with gateway fallback to <code>system.run</code>).</li>
-<li>Docs: add Date & Time guide and update prompt/timezone configuration docs.</li>
-<li>Messages: debounce rapid inbound messages across channels with per-connector overrides. (#971) — thanks @juanpablodlc.</li>
-<li>Messages: allow media-only sends (CLI/tool) and show Telegram voice recording status for voice notes. (#957) — thanks @rdev.</li>
-<li>Auth/Status: keep auth profiles sticky per session (rotate on compaction/new), surface provider usage headers in <code>/status</code> and <code>clawdbot models status</code>, and update docs.</li>
-<li>CLI: add <code>--json</code> output for <code>clawdbot daemon</code> lifecycle/install commands.</li>
-<li>Memory: make <code>node-llama-cpp</code> an optional dependency (avoid Node 25 install failures) and improve local-embeddings fallback/errors.</li>
-<li>Browser: add <code>snapshot refs=aria</code> (Playwright aria-ref ids) for self-resolving refs across <code>snapshot</code> → <code>act</code>.</li>
-<li>Browser: <code>profile="chrome"</code> now defaults to host control and returns clearer “attach a tab” errors.</li>
-<li>Browser: prefer stable Chrome for auto-detect, with Brave/Edge fallbacks and updated docs. (#983) — thanks @cpojer.</li>
-<li>Browser: increase remote CDP reachability timeouts + add <code>remoteCdpTimeoutMs</code>/<code>remoteCdpHandshakeTimeoutMs</code>.</li>
-<li>Browser: preserve auth/query tokens for remote CDP endpoints and pass Basic auth for CDP HTTP/WS. (#895) — thanks @mukhtharcm.</li>
-<li>Telegram: add bidirectional reaction support with configurable notifications and agent guidance. (#964) — thanks @bohdanpodvirnyi.</li>
-<li>Telegram: allow custom commands in the bot menu (merged with native; conflicts ignored). (#860) — thanks @nachoiacovino.</li>
-<li>Discord: allow allowlisted guilds without channel lists to receive messages when <code>groupPolicy="allowlist"</code>. — thanks @thewilloftheshadow.</li>
-<li>Discord: allow emoji/sticker uploads + channel actions in config defaults. (#870) — thanks @JDIVE.</li>
+<li>Sessions: group keys now use <code>surface:group:<id></code> / <code>surface:channel:<id></code>; legacy <code>group:*</code> keys migrate on next message; <code>groupdm</code> keys are no longer recognized.</li>
+<li>Discord: remove legacy <code>discord.allowFrom</code>, <code>discord.guildAllowFrom</code>, and <code>discord.requireMention</code>; use <code>discord.dm</code> + <code>discord.guilds</code>.</li>
+<li>Providers: Discord/Telegram no longer auto-start from env tokens alone; add <code>discord: { enabled: true }</code> / <code>telegram: { enabled: true }</code> to your config when using <code>DISCORD_BOT_TOKEN</code> / <code>TELEGRAM_BOT_TOKEN</code>.</li>
+<li>Config: remove <code>routing.allowFrom</code>; use <code>whatsapp.allowFrom</code> instead (run <code>clawdis doctor</code> to migrate).</li>
+<li>Config: remove <code>routing.groupChat.requireMention</code> + <code>telegram.requireMention</code>; use <code>whatsapp.groups</code>, <code>imessage.groups</code>, and <code>telegram.groups</code> defaults instead (run <code>clawdis doctor</code> to migrate).</li>
+</ul>
+<h3>Features</h3>
+<ul>
+<li>Discord: expand <code>discord</code> tool actions (reactions, stickers, polls, threads, search, moderation gates) (#115) — thanks @thewilloftheshadow.</li>
+<li>Discord/Telegram: add reply tags (<code>[[reply_to_current]]</code>, <code>[[reply_to:<id>]]</code>) with per-provider <code>replyToMode</code> (off|first|all) for native threaded replies.</li>
+<li>Talk mode: continuous speech conversations (macOS/iOS/Android) with ElevenLabs TTS, reply directives, and optional interrupt-on-speech.</li>
+<li>Auto-reply: expand queue modes (steer/followup/collect/steer-backlog) with debounce/cap/drop options and followup backlog handling.</li>
+<li>UI: add optional <code>ui.seamColor</code> accent to tint the Talk Mode side bubble (macOS/iOS/Android).</li>
+<li>Nix mode: opt-in declarative config + read-only settings UI when <code>CLAWDIS_NIX_MODE=1</code> (thanks @joshp123 for the persistence — earned my trust; I'll merge these going forward).</li>
+<li>CLI: add Google Antigravity OAuth auth option for Claude Opus 4.5/Gemini 3 (#88) — thanks @mukhtharcm.</li>
+<li>Agent runtime: accept legacy <code>Z_AI_API_KEY</code> for Z.AI provider auth (maps to <code>ZAI_API_KEY</code>).</li>
+<li>Groups: add per-group mention gating defaults/overrides for Telegram/WhatsApp/iMessage via <code>*.groups</code> with <code>"*"</code> defaults; Discord now supports <code>discord.guilds."*"</code> as a default.</li>
+<li>Discord: add user-installed slash command handling with per-user sessions and auto-registration (#94) — thanks @thewilloftheshadow.</li>
+<li>Discord: add DM enable/allowlist plus guild channel/user/guild allowlists with id/name matching.</li>
+<li>Signal: add <code>signal-cli</code> JSON-RPC support for send/receive via the Signal provider.</li>
+<li>iMessage: add imsg JSON-RPC integration (stdio), chat_id routing, and group chat support.</li>
+<li>Chat UI: add recent-session dropdown switcher (main first) in macOS/iOS/Android + Control UI.</li>
+<li>UI: add Discord/Signal/iMessage connection panels in macOS + Control UI (thanks @thewilloftheshadow).</li>
+<li>Discord: allow agent-triggered reactions via <code>clawdis_discord</code> when enabled, and surface message ids in context.</li>
+<li>Discord: revamp guild routing config with per-guild/channel rules and slugged display names; add optional group DM support (default off).</li>
+<li>Discord: remove legacy guild/channel ignore lists in favor of per-guild allowlists (and proposed per-guild ignore lists).</li>
+<li>Skills: add Trello skill for board/list/card management (thanks @clawd).</li>
+<li>Docker: add containerized gateway/CLI setup via Dockerfile, compose, and setup script (thanks @dan-dr).</li>
+<li>Tests: add a Z.AI live test gate for smoke validation when keys are present.</li>
+<li>macOS Debug: add app log verbosity and rolling file log toggle for swift-log-backed app logs.</li>
+<li>CLI: add onboarding wizard (gateway + workspace + skills) with daemon installers and Anthropic/Minimax setup paths.</li>
+<li>CLI: add ASCII banner header to wizard entry points.</li>
+<li>CLI: add <code>configure</code>, <code>doctor</code>, and <code>update</code> wizards for ongoing setup, health checks, and modernization.</li>
+<li>CLI: add Signal CLI auto-install from GitHub releases in the wizard and persist wizard run metadata in config.</li>
+<li>CLI: add remote gateway client config (gateway.remote.*) with Bonjour-assisted discovery.</li>
+<li>CLI: enhance <code>clawdis tui</code> with model/session pickers, tool cards, and slash commands (local or remote).</li>
+<li>Gateway: allow <code>sessions.patch</code> to set per-session model overrides (used by the TUI <code>/model</code> flow).</li>
+<li>Skills: allow <code>bun</code> as a node manager for skill installs.</li>
+<li>Skills: add <code>things-mac</code> (Things 3 CLI) for read/search plus add/update via URL scheme.</li>
+<li>Skills: add Apple Notes + Reminders skills via memo CLI (thanks @tylerwince).</li>
+<li>Tests: add a Docker-based onboarding E2E harness.</li>
+<li>Tests: harden wizard E2E flows for reset, providers, skills, and remote non-interactive runs.</li>
+<li>Browser tools: add remote CDP URL support, Linux launcher options (<code>executablePath</code>, <code>noSandbox</code>), and surface <code>cdpUrl</code> in status.</li>
+<li>Skills: add tmux-first coding-agent skill + <code>requires.anyBins</code> gate for multi-CLI setup (thanks @sreekaransrinath).</li>
 </ul>
 <h3>Fixes</h3>
 <ul>
-<li>Fix: list model picker entries as provider/model pairs for explicit selection. (#970) — thanks @mcinteerj.</li>
-<li>Fix: align OpenAI image-gen defaults with DALL-E 3 standard quality and document output formats. (#880) — thanks @mkbehr.</li>
-<li>Fix: persist <code>gateway.mode=local</code> after selecting Local run mode in <code>clawdbot configure</code>, even if no other sections are chosen.</li>
-<li>Daemon: fix profile-aware service label resolution (env-driven) and add coverage for launchd/systemd/schtasks. (#969) — thanks @bjesuiter.</li>
-<li>Agents: avoid false positives when logging unsupported Google tool schema keywords.</li>
-<li>Agents: skip Gemini history downgrades for google-antigravity to preserve tool calls. (#894) — thanks @mukhtharcm.</li>
-<li>Status: restore usage summary line for current provider when no OAuth profiles exist.</li>
-<li>Fix: guard model fallback against undefined provider/model values. (#954) — thanks @roshanasingh4.</li>
-<li>Fix: refactor session store updates, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.</li>
-<li>Fix: clean up suspended CLI processes across backends. (#978) — thanks @Nachx639.</li>
-<li>Fix: support MiniMax coding plan usage responses with <code>model_remains</code>/<code>current_interval_*</code> payloads.</li>
-<li>Fix: suppress WhatsApp pairing replies for historical catch-up DMs on initial link. (#904)</li>
-<li>Browser: extension mode recovers when only one tab is attached (stale targetId fallback).</li>
-<li>Browser: fix <code>tab not found</code> for extension relay snapshots/actions when Playwright blocks <code>newCDPSession</code> (use the single available Page).</li>
-<li>Browser: upgrade <code>ws</code> → <code>wss</code> when remote CDP uses <code>https</code> (fixes Browserless handshake).</li>
-<li>Telegram: skip <code>message_thread_id=1</code> for General topic sends while keeping typing indicators. (#848) — thanks @azade-c.</li>
-<li>Fix: sanitize user-facing error text + strip <code><final></code> tags across reply pipelines. (#975) — thanks @ThomsenDrake.</li>
-<li>Fix: normalize pairing CLI aliases, allow extension channels, and harden Zalo webhook payload parsing. (#991) — thanks @longmaba.</li>
-<li>Fix: allow local Tailscale Serve hostnames without treating tailnet clients as direct. (#885) — thanks @oswalpalash.</li>
-<li>Fix: reset sessions after role-ordering conflicts to recover from consecutive user turns. (#998)</li>
+<li>Gog calendar: format date ranges as RFC 3339 with timezone to satisfy Google Calendar API (thanks @jayhickey).</li>
+<li>macOS onboarding: add scrollable page gutter for overflowing content (#105) — thanks @thewilloftheshadow.</li>
+<li>Chat UI: keep the chat scrolled to the latest message after switching sessions.</li>
+<li>Chat UI: show rich session display names in Web Chat + SwiftUI + Android.</li>
+<li>Auto-reply: stream completed reply blocks as soon as they finish (configurable default + break); skip empty tool-only blocks unless verbose.</li>
+<li>Discord: avoid duplicate sends when block streaming is enabled (race with typing hook).</li>
+<li>Providers: make outbound text chunk limits configurable via <code>*.textChunkLimit</code> (defaults remain 4000/Discord 2000).</li>
+<li>CLI onboarding: persist gateway token in config so local CLI auth works; recommend auth Off unless you need multi-machine access.</li>
+<li>Control UI: accept a <code>?token=</code> URL param to auto-fill Gateway auth; onboarding now opens the dashboard with token auth when configured.</li>
+<li>Agent prompt: remove hardcoded user name in system prompt example.</li>
+<li>Chat UI: add extra top padding before the first message bubble in Web Chat (macOS/iOS/Android).</li>
+<li>Control UI: refine Web Chat session selector styling (chevron spacing + background).</li>
+<li>WebChat: stream live updates for sessions even when runs start outside the chat UI.</li>
+<li>Gateway CLI: read <code>CLAWDIS_GATEWAY_PASSWORD</code> from environment in <code>callGateway()</code> — allows <code>doctor</code>/<code>health</code> commands to auth without explicit <code>--password</code> flag.</li>
+<li>Gateway: add password auth support for remote gateway connections (thanks @jeffersonwarrior).</li>
+<li>Auto-reply: strip stray leading/trailing <code>HEARTBEAT_OK</code> from normal replies; drop short (≤ 30 chars) heartbeat acks.</li>
+<li>WhatsApp auto-reply: default to self-only when no config is present.</li>
+<li>Logging: trim provider prefix duplication in Discord/Signal/Telegram runtime log lines.</li>
+<li>Logging/Signal: treat signal-cli "Failed …" lines as errors in gateway logs.</li>
+<li>Discord: include recent guild context when replying to mentions and add <code>discord.historyLimit</code> to tune how many messages are captured.</li>
+<li>Discord: include author tag + id in group context <code>[from:]</code> lines for ping-ready replies (thanks @thewilloftheshadow).</li>
+<li>Discord: include replied-to message context when a Discord message references another message (thanks @thewilloftheshadow).</li>
+<li>Discord: preserve newlines when stripping reply tags from agent output.</li>
+<li>Gateway: fix TypeScript build by aligning hook mapping <code>channel</code> types and removing a dead Group DM branch in Discord monitor.</li>
+<li>Skills: switch imsg installer to brew tap formula.</li>
+<li>Skills: gate macOS-only skills by OS and surface block reasons in the Skills UI.</li>
+<li>Onboarding: show skill descriptions in the macOS setup flow and surface clearer Gateway/skills error messages.</li>
+<li>Onboarding: auto-verify Claude OAuth tokens, show “verified” when detected working, and avoid re-auth prompts unless verification fails.</li>
+<li>CLI onboarding: include exit code + a useful one-line summary when skill dependency installs fail.</li>
+<li>CLI onboarding: explain Tailscale exposure options (Off/Serve/Funnel) and colorize provider status (linked/configured/needs setup).</li>
+<li>CLI onboarding: add provider primers (WhatsApp/Telegram/Discord/Signal) incl. Discord bot token setup steps.</li>
+<li>CLI onboarding: allow skipping the “install missing skill dependencies” selection without canceling the wizard.</li>
+<li>CLI onboarding: always prompt for WhatsApp <code>whatsapp.allowFrom</code> and print (optionally open) the Control UI URL when done.</li>
+<li>CLI onboarding: detect gateway reachability and annotate Local/Remote choices (helps pick the right mode).</li>
+<li>macOS settings: colorize provider status subtitles to distinguish healthy vs degraded states.</li>
+<li>macOS: keep config writes on the main actor to satisfy Swift concurrency rules.</li>
+<li>macOS menu: show multi-line gateway error details, add an always-visible gateway row, avoid duplicate gateway status rows, suppress transient <code>cancelled</code> device refresh errors, and auto-recover the control channel on disconnect.</li>
+<li>macOS menu: show session last-used timestamps in the list and add recent-message previews in session submenus.</li>
+<li>macOS menu: tighten session row padding and time out session preview loading with cached fallback.</li>
+<li>macOS: log health refresh failures and recovery to make gateway issues easier to diagnose.</li>
+<li>macOS codesign: skip hardened runtime for ad-hoc signing and avoid empty options args (#70) — thanks @petter-b</li>
+<li>macOS codesign: include camera entitlement so permission prompts work in the menu bar app.</li>
+<li>Agent tools: bash tool supports real TTY via <code>stdinMode: "pty"</code> with node-pty, warning + fallback on load/start failure.</li>
+<li>Agent tools: map <code>camera.snap</code> JPEG payloads to <code>image/jpeg</code> to avoid MIME mismatch errors.</li>
+<li>Tests: cover <code>camera.snap</code> MIME mapping to prevent image/png vs image/jpeg mismatches.</li>
+<li>macOS camera: wait for exposure/white balance to settle before capturing a snap to avoid dark images.</li>
+<li>Camera snap: add <code>delayMs</code> parameter (default 2000ms on macOS) to improve exposure reliability.</li>
+<li>Camera: add <code>camera.list</code> and optional <code>deviceId</code> selection for snaps/clips.</li>
+<li>Tests: cover camera device selection params in CLI + agent tools.</li>
+<li>macOS packaging: move rpath config into swift build for reliability (#69) — thanks @petter-b</li>
+<li>macOS: prioritize main bundle for device resources to prevent crash (#73) — thanks @petter-b</li>
+<li>macOS remote: route settings through gateway config and avoid local config reads in remote mode.</li>
+<li>Telegram: align token resolution for cron/agent/CLI sends (env/config/tokenFile) to prevent isolated delivery failures (#76).</li>
+<li>Telegram: honor per-group mention gating defaults/overrides via <code>telegram.groups</code> and <code>"*"</code> defaults (thanks @joshp123).</li>
+<li>Chat UI: clear composer input immediately and allow clear while editing to prevent duplicate sends (#72) — thanks @hrdwdmrbl</li>
+<li>Restart: use systemd on Linux (and report actual restart method) instead of always launchctl.</li>
+<li>Gateway relay: detect Bun binaries via execPath to resolve packaged assets on macOS.</li>
+<li>Cron: prevent <code>every</code> schedules without an anchor from firing in a tight loop (thanks @jamesgroat).</li>
+<li>Docs: add manual OAuth setup for remote/headless deployments (#67) — thanks @wstock</li>
+<li>Docs/agent tools: clarify that browser <code>wait</code> should be avoided by default and used only in exceptional cases.</li>
+<li>Docs: clarify self-chat mode and group mention gating config (#111) — thanks @rafaelreis-r.</li>
+<li>Browser tools: <code>upload</code> supports auto-click refs, direct <code>inputRef</code>/<code>element</code> file inputs, and emits input/change after <code>setFiles</code> so JS-heavy sites pick up attachments.</li>
+<li>Browser tools: harden CDP readiness (HTTP + WS), retry CDP connects, and auto-restart the clawd browser when the socket handshake stalls.</li>
+<li>Browser CLI: add <code>clawdis browser reset-profile</code> to move the clawd profile to Trash when it gets wedged.</li>
+<li>Signal: fix daemon startup race (wait for <code>/api/v1/check</code>) and normalize JSON-RPC <code>version</code> probe parsing.</li>
+<li>Docs/Signal: clarify bot-number vs personal-account setup (self-chat loop protection) and add a quickstart config snippet.</li>
+<li>Docs: refresh the CLI wizard guide and highlight onboarding in the README.</li>
+<li>CLI: tighten onboarding prompt typing to keep bun builds green.</li>
+<li>macOS: Voice Wake now fully tears down the Speech pipeline when disabled (cancel pending restarts, drop stale callbacks) to avoid high CPU in the background.</li>
+<li>macOS menu: add a Talk Mode action alongside the Open Dashboard/Chat/Canvas entries.</li>
+<li>macOS Debug: hide “Restart Gateway” when the app won’t start a local gateway (remote mode / attach-only).</li>
+<li>macOS Debug: add an icon for the App Logging submenu.</li>
+<li>macOS Talk Mode: orb overlay refresh, ElevenLabs request logging, API key status in settings, and auto-select first voice when none is configured.</li>
+<li>macOS Talk Mode: add hard timeout around ElevenLabs TTS synthesis to avoid getting stuck “speaking” forever on hung requests.</li>
+<li>macOS Talk Mode: avoid stuck playback when the audio player never starts (fail-fast + watchdog).</li>
+<li>macOS Talk Mode: fix audio stop ordering so disabling Talk Mode always stops in-flight playback.</li>
+<li>macOS Talk Mode: throttle audio-level updates (avoid per-buffer task creation) to reduce CPU/task churn.</li>
+<li>macOS Talk Mode: increase overlay window size so wave rings don’t clip; close button is hover-only and closer to the orb.</li>
+<li>WebChat: preserve chat run ordering per session so concurrent runs don’t strand the typing indicator.</li>
+<li>Talk Mode: fall back to system TTS when ElevenLabs is unavailable, returns non-audio, or playback fails (macOS/iOS/Android).</li>
+<li>Talk Mode: stream PCM on macOS/iOS for lower latency (incremental playback); Android continues MP3 streaming.</li>
+<li>Talk Mode: validate ElevenLabs v3 stability and latency tier directives before sending requests.</li>
+<li>iOS/Android Talk Mode: auto-select the first ElevenLabs voice when none is configured.</li>
+<li>ElevenLabs: add retry/backoff for 429/5xx and include content-type in errors for debugging.</li>
+<li>Talk Mode: align to the gateway’s main session key and fall back to history polling when chat events drop (prevents stuck “thinking” / missing messages).</li>
+<li>Talk Mode: treat history timestamps as seconds or milliseconds to avoid stale assistant picks (macOS/iOS/Android).</li>
+<li>Chat UI: clear streaming/tool bubbles when external runs finish, preventing duplicate assistant bubbles.</li>
+<li>Chat UI: user bubbles use <code>ui.seamColor</code> (fallback to a calmer default blue).</li>
+<li>Android Chat UI: use <code>onPrimary</code> for user bubble text to preserve contrast (thanks @Syhids).</li>
+<li>Control UI: sync sidebar navigation with the URL for deep-linking, and auto-scroll chat to the latest message.</li>
+<li>Control UI: disable Web Chat + Talk when no iOS/Android node is connected; refreshed Web Chat styling and keyboard send.</li>
+<li>Control UI: keep chat pinned to the latest message while typing/sending and restore drafts on send failures.</li>
+<li>Control UI: soften chat bubble text opacity for calmer readability.</li>
+<li>macOS Web Chat: improve empty/error states, focus message field on open, keep pill/send inside the input field, and make the composer pill edge-to-edge with square top corners.</li>
+<li>macOS: bundle Control UI assets into the app relay so the packaged app can serve them (thanks @mbelinky).</li>
+<li>Talk Mode: wait for chat history to surface the assistant reply before starting TTS (macOS/iOS/Android).</li>
+<li>iOS Talk Mode: fix chat completion wait to time out even if no events arrive (prevents “Thinking…” hangs).</li>
+<li>iOS Talk Mode: keep recognition running during playback to support interrupt-on-speech.</li>
+<li>iOS Talk Mode: preserve directive voice/model overrides across config reloads and add ElevenLabs request timeouts.</li>
+<li>iOS/Android Talk Mode: explicitly <code>chat.subscribe</code> when Talk Mode is active, so completion events arrive even if the Chat UI isn’t open.</li>
+<li>Chat UI: refresh history when another client finishes a run in the same session, so Talk Mode + Voice Wake transcripts appear consistently.</li>
+<li>Gateway: <code>voice.transcript</code> now also maps agent bus output to <code>chat</code> events, ensuring chat UIs refresh for voice-triggered runs.</li>
+<li>Gateway: auto-migrate legacy config on startup (non-Nix); Nix mode hard-fails with a clear error when legacy keys are present.</li>
+<li>iOS/Android: show a centered Talk Mode orb overlay while Talk Mode is enabled.</li>
+<li>Gateway config: inject <code>talk.apiKey</code> from <code>ELEVENLABS_API_KEY</code>/shell profile so nodes can fetch it on demand.</li>
+<li>Canvas A2UI: tag requests with <code>platform=android|ios|macos</code> and boost Android canvas background contrast.</li>
+<li>iOS/Android nodes: enable scrolling for loaded web pages in the Canvas WebView (default scaffold stays touch-first).</li>
+<li>macOS menu: device list now uses <code>node.list</code> (devices only; no agent/tool presence entries).</li>
+<li>macOS menu: device list now shows connected nodes only.</li>
+<li>macOS menu: device rows now pack platform/version on the first line, and command lists wrap in submenus.</li>
+<li>macOS menu: split device platform/version across first and second rows for better fit.</li>
+<li>macOS Canvas: show remote control status in the debug overlay and log A2UI auto-nav decisions.</li>
+<li>Canvas A2UI: polish the debug status HUD styling.</li>
+<li>iOS node: fix ReplayKit screen recording crash caused by queue isolation assertions during capture.</li>
+<li>iOS Talk Mode: avoid audio tap queue assertions when starting recognition.</li>
+<li>macOS: use $HOME/Library/pnpm for SSH PATH exports (thanks @mbelinky).</li>
+<li>macOS remote: harden SSH tunnel recovery/logging, honor <code>gateway.remote.url</code> port when forwarding, clarify gateway disconnect status, and add Debug menu tunnel reset.</li>
+<li>iOS/Android nodes: bridge auto-connect refreshes stale tokens and settings now show richer bridge/device details.</li>
+<li>macOS: bundle device model resources to prevent Instances crashes (thanks @mbelinky).</li>
+<li>iOS/Android nodes: status pill now surfaces camera activity instead of overlay toasts.</li>
+<li>iOS/Android/macOS nodes: camera snaps recompress to keep base64 payloads under 5 MB.</li>
+<li>iOS/Android nodes: status pill now surfaces pairing, screen recording, voice wake, and foreground-required states.</li>
+<li>iOS/Android nodes: avoid duplicating “Gateway reconnecting…” when the bridge is already connecting.</li>
+<li>iOS/Android nodes: Talk Mode now lives on a side bubble (with an iOS toggle to hide it), and Android settings no longer show the Talk Mode switch.</li>
+<li>macOS menu: top status line now shows pending node pairing approvals (incl. repairs).</li>
+<li>CLI: avoid spurious gateway close errors after successful request/response cycles.</li>
+<li>Agent runtime: clamp tool-result images to the 5MB Anthropic limit to avoid hard request rejections.</li>
+<li>Agent runtime: write v2 session headers so Pi session branching stays in the Clawdis sessions dir.</li>
+<li>Tests: add Swift Testing coverage for camera errors and Kotest coverage for Android bridge endpoints.</li>
 </ul>
-<p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
+<p><a href="https://github.com/steipete/clawdis/blob/main/CHANGELOG.md">View full changelog</a></p>
 ]]></description>
-            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.15/Clawdbot-2026.1.15.zip" length="12127276" type="application/octet-stream" sparkle:edSignature="o79vwTbtW/d91NQFRVfUDhsv6D4zIw7IkhY0N1iLImMu94BURgLcecA6z7Smy3bMobPwOyzN8yfm6mA/Rt8FCA=="/>
-        </item>
-        <item>
-            <title>2026.1.14-1</title>
-            <pubDate>Thu, 15 Jan 2026 11:14:40 +0000</pubDate>
-            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
-            <sparkle:version>5825</sparkle:version>
-            <sparkle:shortVersionString>2026.1.14-1</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>Clawdbot 2026.1.14-1</h2>
-<h3>Highlights</h3>
-<ul>
-<li>Web search: <code>web_search</code>/<code>web_fetch</code> tools (Brave API) + first-time setup in onboarding/configure.</li>
-<li>Browser control: Chrome extension relay takeover mode + remote browser control via <code>clawdbot browser serve</code>.</li>
-<li>Plugins: channel plugins (gateway HTTP hooks) + Zalo plugin + onboarding install flow. (#854) — thanks @longmaba.</li>
-<li>Security: expanded <code>clawdbot security audit</code> (+ <code>--fix</code>), detect-secrets CI scan, and a <code>SECURITY.md</code> reporting policy.</li>
-</ul>
-<h3>Changes</h3>
-<h4>Web Tools</h4>
-<ul>
-<li>Tools: add <code>web_search</code>/<code>web_fetch</code> (Brave API), including helpful setup hints when the key is missing.</li>
-<li>Tools: enable <code>web_fetch</code> by default (unless explicitly disabled in config).</li>
-<li>CLI/Docs: add <code>clawdbot configure --section web</code> for storing Brave API keys and update onboarding tips.</li>
-</ul>
-<h4>Browser / Control UI</h4>
-<ul>
-<li>Browser: add Chrome extension relay takeover mode (toolbar button) + <code>clawdbot browser serve</code> remote control + <code>browser.controlToken</code>.</li>
-<li>Browser: ship a built-in <code>chrome</code> profile for extension relay and start the relay automatically when running locally.</li>
-<li>Browser: default <code>browser.defaultProfile</code> to <code>chrome</code> (existing Chrome takeover mode).</li>
-<li>Browser: add <code>clawdbot browser extension install/path</code> and copy extension path to clipboard.</li>
-<li>Browser: add <code>snapshot refs=aria</code> (Playwright aria-ref ids) for self-resolving refs across <code>snapshot</code> → <code>act</code>.</li>
-<li>Browser: <code>profile="chrome"</code> now defaults to host control and returns clearer “attach a tab” errors.</li>
-<li>Browser: extension mode recovers when only one tab is attached (stale targetId fallback).</li>
-<li>Control UI: show raw any-map entries in config views; move Docs link into the left nav.</li>
-</ul>
-<h4>Plugins</h4>
-<ul>
-<li>Plugins: add plugin HTTP hooks + loader updates to support channel plugins. (#854) — thanks @longmaba.</li>
-<li>Plugins: add onboarding plugin install flow. (#854) — thanks @longmaba.</li>
-<li>Channels: add Matrix plugin (external) with docs + onboarding hooks.</li>
-<li>Voice Call: add Plivo provider (no SDK dependency). (#846) — thanks @vrknetha.</li>
-</ul>
-<h4>Security</h4>
-<ul>
-<li>Security: expand <code>clawdbot security audit</code> checks and publish a <code>SECURITY.md</code> reporting policy.</li>
-<li>Security: extend <code>clawdbot security audit --fix</code> to tighten more sensitive state paths.</li>
-<li>Security: add detect-secrets CI scan and baseline guidance. (#227) — thanks @Hyaxia.</li>
-</ul>
-<h4>Onboarding / Daemon</h4>
-<ul>
-<li>Onboarding: add a security checkpoint prompt (docs link + sandboxing hint); require <code>--accept-risk</code> for <code>--non-interactive</code>.</li>
-<li>Daemon: support profile-aware service names for multi-gateway setups. (#671) — thanks @bjesuiter.</li>
-</ul>
-<h4>Auth / Usage / Config</h4>
-<ul>
-<li>Usage: add MiniMax coding plan usage tracking.</li>
-<li>Auth: label Claude Code CLI auth options. (#915) — thanks @SeanZoR.</li>
-<li>Agents: add optional auth-profile copy prompt on <code>agents add</code> and improve auth error messaging.</li>
-<li>Auth: add dynamic template variables to <code>messages.responsePrefix</code>. (#928) — thanks @sebslight.</li>
-<li>Config: add <code>channels.<provider>.configWrites</code> gating for channel-initiated config writes; migrate Slack channel IDs.</li>
-</ul>
-<h4>Channels</h4>
-<ul>
-<li>Telegram: add message delete action in the message tool. (#903) — thanks @sleontenko.</li>
-<li>WhatsApp: add <code>channels.whatsapp.sendReadReceipts</code> to disable auto read receipts. (#882) — thanks @chrisrodz.</li>
-</ul>
-<h4>Docs</h4>
-<ul>
-<li>Docs: clarify per-agent auth stores, sandboxed skill binaries, and elevated semantics.</li>
-<li>Docs: add FAQ entries for missing provider auth after adding agents and Gemini thinking signature errors.</li>
-<li>Docs: expand gateway security hardening guidance and incident response checklist.</li>
-<li>Docs: document DM history limits for channel DMs. (#883) — thanks @pkrmf.</li>
-<li>Docs: standardize Claude Code CLI naming across docs and prompts. (follow-up to #915)</li>
-<li>Docs: add per-command CLI doc pages and link them from <code>clawdbot <command> --help</code>.</li>
-<li>Docs: add multi-gateway guide (sidebar + nav).</li>
-</ul>
-<h3>Fixes</h3>
-<h4>Gateway / Daemon / Sessions</h4>
-<ul>
-<li>Gateway: forward termination signals to respawned CLI child processes to avoid orphaned systemd runs. (#933) — thanks @roshanasingh4.</li>
-<li>Gateway/UI: ship session defaults in the hello snapshot so the Control UI canonicalizes main session keys (no bare <code>main</code> alias).</li>
-<li>Agents: skip thinking/final tag stripping inside Markdown code spans. (#939) — thanks @ngutman.</li>
-<li>Browser: add tests for snapshot labels/efficient query params and labeled image responses.</li>
-<li>Browser: persist role snapshot refs per CDP target so <code>snapshot</code> → <code>act</code> clicks work even if Playwright returns a different Page instance.</li>
-<li>macOS: ensure launchd log directory exists with a test-only override. (#909) — thanks @roshanasingh4.</li>
-<li>macOS: format ConnectionsStore config to satisfy SwiftFormat lint. (#852) — thanks @mneves75.</li>
-<li>Packaging: run <code>pnpm build</code> on <code>prepack</code> so npm publishes include fresh <code>dist/</code> output.</li>
-<li>Telegram: register dock native commands with underscores to avoid <code>BOT_COMMAND_INVALID</code> (#929, fixes #901) — thanks @grp06.</li>
-<li>Google: downgrade unsigned thinking blocks before send to avoid missing signature errors.</li>
-<li>Agents: make user time zone and 24-hour time explicit in the system prompt. (#859) — thanks @CashWilliams.</li>
-<li>Agents: strip downgraded tool call text without eating adjacent replies and filter thinking-tag leaks. (#905) — thanks @erikpr1994.</li>
-<li>Agents: cap tool call IDs for OpenAI/OpenRouter to avoid request rejections. (#875) — thanks @j1philli.</li>
-<li>Doctor: avoid re-adding WhatsApp config when only legacy ack reactions are set. (#927, fixes #900) — thanks @grp06.</li>
-<li>Agents: scrub tuple <code>items</code> schemas for Gemini tool calls. (#926, fixes #746) — thanks @grp06.</li>
-<li>Agents: stabilize sub-agent announce status from runtime outcomes and normalize Result/Notes. (#835) — thanks @roshanasingh4.</li>
-<li>Apps: use canonical main session keys from gateway defaults across macOS/iOS/Android to avoid creating bare <code>main</code> sessions.</li>
-<li>Embedded runner: suppress raw API error payloads from replies. (#924) — thanks @grp06.</li>
-<li>Auth: normalize Claude Code CLI profile mode to oauth and auto-migrate config. (#855) — thanks @sebslight.</li>
-<li>Daemon: clear persisted launchd disabled state before bootstrap (fixes <code>daemon install</code> after uninstall). (#849) — thanks @ndraiman.</li>
-<li>Sessions: return deep clones (<code>structuredClone</code>) so cached session entries can't be mutated. (#934) — thanks @ronak-guliani.</li>
-<li>Heartbeat: keep <code>updatedAt</code> monotonic when restoring heartbeat sessions. (#934) — thanks @ronak-guliani.</li>
-<li>Agent: clear run context after CLI runs (<code>clearAgentRunContext</code>) to avoid runaway contexts. (#934) — thanks @ronak-guliani.</li>
-<li>Gateway/Dev: ensure <code>pnpm gateway:dev</code> always uses the dev profile config + state (<code>~/.clawdbot-dev</code>).</li>
-</ul>
-<h4>CLI / Onboarding</h4>
-<ul>
-<li>Onboarding: show web search setup at the end (not the beginning).</li>
-<li>Onboarding: show daemon install/restart progress (avoid “blinking cursor”) and fix daemon install output formatting.</li>
-<li>Health: colorize “not configured” provider lines for easier scanning.</li>
-</ul>
-<h4>Control UI / TUI</h4>
-<ul>
-<li>Control UI: load cron run history on job selection and clarify empty-state messaging. (#866)</li>
-<li>UI: use application-defined WebSocket close code and fix dashboard auth query items. (#918) — thanks @rahthakor.</li>
-<li>UI: always apply <code>?token=</code> from URL (fixes unauthorized after re-onboard).</li>
-<li>Browser: add tests for snapshot labels/efficient query params and labeled image responses.</li>
-<li>TUI: render picker overlays via the overlay stack so /models and /settings display. (#921) — thanks @grizzdank.</li>
-<li>TUI: add a bright spinner + elapsed time in the status line for send/stream/run states.</li>
-<li>TUI: show LLM error messages (rate limits, auth, etc.) instead of <code>(no output)</code>.</li>
-</ul>
-<h4>Agents / Auth / Tools / Sandbox</h4>
-<ul>
-<li>Agents: make user time zone and 24-hour time explicit in the system prompt. (#859) — thanks @CashWilliams.</li>
-<li>Agents: strip downgraded tool call text without eating adjacent replies and filter thinking-tag leaks. (#905) — thanks @erikpr1994.</li>
-<li>Agents: cap tool call IDs for OpenAI/OpenRouter to avoid request rejections. (#875) — thanks @j1philli.</li>
-<li>Agents: scrub tuple <code>items</code> schemas for Gemini tool calls. (#926, fixes #746) — thanks @grp06.</li>
-<li>Agents: stabilize sub-agent announce status from runtime outcomes and normalize Result/Notes. (#835) — thanks @roshanasingh4.</li>
-<li>Auth: normalize Claude Code CLI profile mode to oauth and auto-migrate config. (#855) — thanks @sebslight.</li>
-<li>Embedded runner: suppress raw API error payloads from replies. (#924) — thanks @grp06.</li>
-<li>Logging: tolerate <code>EIO</code> from console writes to avoid gateway crashes. (#925, fixes #878) — thanks @grp06.</li>
-<li>Sandbox: restore <code>docker.binds</code> config validation and preserve configured PATH for <code>docker exec</code>. (#873) — thanks @akonyer.</li>
-<li>Google: downgrade unsigned thinking blocks before send to avoid missing signature errors.</li>
-</ul>
-<h4>macOS / Apps</h4>
-<ul>
-<li>macOS: ensure launchd log directory exists with a test-only override. (#909) — thanks @roshanasingh4.</li>
-<li>macOS: format ConnectionsStore config to satisfy SwiftFormat lint. (#852) — thanks @mneves75.</li>
-<li>macOS: pass auth token/password to dashboard URL for authenticated access. (#918) — thanks @rahthakor.</li>
-<li>macOS: reuse launchd gateway auth and skip wizard when gateway config already exists. (#917)</li>
-<li>Apps: use canonical main session keys from gateway defaults across macOS/iOS/Android to avoid creating bare <code>main</code> sessions.</li>
-<li>macOS: fix cron preview/testing payload to use <code>channel</code> key. (#867) — thanks @wes-davis.</li>
-<li>macOS: update cron testing channel arg. (#896) — thanks @ngutman.</li>
-</ul>
-<h4>Channels / Messaging</h4>
-<ul>
-<li>Slack: isolate thread history and avoid inheriting channel transcripts for new threads by default. (#758)</li>
-<li>Slack: respect <code>channels.slack.requireMention</code> default when resolving channel mention gating. (#850) — thanks @evalexpr.</li>
-<li>Slack: drop Socket Mode events with mismatched <code>api_app_id</code>/<code>team_id</code>. (#889) — thanks @roshanasingh4.</li>
-<li>Commands: add native command argument menus across Discord/Slack/Telegram. (#936) — thanks @thewilloftheshadow.</li>
-<li>Discord: isolate autoThread thread context. (#856) — thanks @davidguttman.</li>
-<li>Telegram: honor <code>channels.telegram.timeoutSeconds</code> for grammY API requests. (#863) — thanks @Snaver.</li>
-<li>Telegram: aggregate split inbound messages into one prompt (reduces “one reply per fragment”).</li>
-<li>Telegram: let control commands bypass per-chat sequentialization; always allow abort triggers.</li>
-<li>Telegram: split long captions into media + follow-up text messages. (#907) — thanks @jalehman.</li>
-<li>Telegram: migrate group config when supergroups change chat IDs. (#906) — thanks @sleontenko.</li>
-<li>Telegram: register dock native commands with underscores to avoid <code>BOT_COMMAND_INVALID</code> (#929, fixes #901) — thanks @grp06.</li>
-<li>Messaging: unify markdown formatting + format-first chunking for Slack/Telegram/Signal. (#920) — thanks @TheSethRose.</li>
-<li>iMessage: prefer handle routing for direct-message replies; include imsg RPC error details. (#935)</li>
-<li>WhatsApp: fix context isolation using wrong ID (was bot's number, now conversation ID). (#911) — thanks @tristanmanchester.</li>
-<li>WhatsApp: normalize user JIDs with device suffix for allowlist checks in groups. (#838) — thanks @peschee.</li>
-<li>WhatsApp: harden owner command auth.</li>
-<li>Auto-reply: treat trailing <code>NO_REPLY</code> tokens as silent replies.</li>
-</ul>
-<h4>Config / Doctor / Packaging</h4>
-<ul>
-<li>Config: prevent partial config writes from clobbering unrelated settings (base hash guard + merge patch for connection saves).</li>
-<li>Config/Doctor: remove legacy Clawdis env fallbacks and config/service migrations (Clawdbot-only).</li>
-<li>Doctor: avoid re-adding WhatsApp config when only legacy ack reactions are set. (#927, fixes #900) — thanks @grp06.</li>
-<li>Packaging: run <code>pnpm build</code> on <code>prepack</code> so npm publishes include fresh <code>dist/</code> output.</li>
-</ul>
-<p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
-]]></description>
-            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.14-1/Clawdbot-2026.1.14-1.zip" length="19887144" type="application/octet-stream" sparkle:edSignature="1irKxBLt2eRtns34m/8JsjL/ZzhZQNjahwrxtArTvzaCnidS/MEnpD4nV2SHnhuo8g+fJZQpV9NoCAoEOAinCw=="/>
+            <enclosure url="https://github.com/steipete/clawdis/releases/download/v2.0.0-beta5/Clawdis-2.0.0-beta5.zip" length="145432870" type="application/octet-stream" sparkle:edSignature="qKPcmSx2pAaIYz9NqFp0TY63KrcDlpctUHnNpRs6Q60qQqBWtQycLIhhvhxmGnHupaiEXJfspb/Ad9RgODIzAw=="/>
        </item>
    </channel>
 </rss>
--- a/apps/android/README.md
+++ b/apps/android/README.md
@@ -1,6 +1,6 @@
-## Clawdbot Node (Android) (internal)
+## Clawdis Node (Android) (internal)

-Modern Android node app: connects to the **Gateway WebSocket** (`_clawdbot-gw._tcp`) and exposes **Canvas + Chat + Camera**.
+Modern Android node app: connects to the **Gateway-owned bridge** (`_clawdis-bridge._tcp`) over TCP and exposes **Canvas + Chat + Camera**.

 Notes:
 - The node keeps the connection alive via a **foreground service** (persistent notification with a Disconnect action).
@@ -25,20 +25,20 @@ cd apps/android

 1) Start the gateway (on your “master” machine):
 ```bash
-pnpm clawdbot gateway --port 18789 --verbose
+pnpm clawdis gateway --port 18789 --verbose
 ```

 2) In the Android app:
 - Open **Settings**
- Either select a discovered gateway under **Discovered Gateways**, or use **Advanced → Manual Gateway** (host + port).
+- Either select a discovered bridge under **Discovered Bridges**, or use **Advanced → Manual Bridge** (host + port).

 3) Approve pairing (on the gateway machine):
 ```bash
-clawdbot nodes pending
-clawdbot nodes approve <requestId>
+clawdis nodes pending
+clawdis nodes approve <requestId>
 ```

-More details: `docs/platforms/android.md`.
+More details: `docs/android/connect.md`.

 ## Permissions

--- a/apps/android/app/build.gradle.kts
+++ b/apps/android/app/build.gradle.kts
@@ -1,5 +1,3 @@
-import com.android.build.api.variant.impl.VariantOutputImpl
-
 plugins {
  id("com.android.application")
  id("org.jetbrains.kotlin.android")
@@ -8,21 +6,21 @@ plugins {
 }

 android {
-  namespace = "com.clawdbot.android"
+  namespace = "com.steipete.clawdis.node"
  compileSdk = 36

  sourceSets {
    getByName("main") {
-      assets.srcDir(file("../../shared/ClawdbotKit/Sources/ClawdbotKit/Resources"))
+      assets.srcDir(file("../../shared/ClawdisKit/Sources/ClawdisKit/Resources"))
    }
  }

  defaultConfig {
-    applicationId = "com.clawdbot.android"
+    applicationId = "com.steipete.clawdis.node"
    minSdk = 31
    targetSdk = 36
-    versionCode = 202601200
-    versionName = "2026.1.20"
+    versionCode = 1
+    versionName = "2.0.0-beta3"
  }

  buildTypes {
@@ -49,31 +47,12 @@ android {

  lint {
    disable += setOf("IconLauncherShape")
-    warningsAsErrors = true
-  }
-
-  testOptions {
-    unitTests.isIncludeAndroidResources = true
  }
 }

-androidComponents {
-  onVariants { variant ->
-    variant.outputs
-      .filterIsInstance<VariantOutputImpl>()
-      .forEach { output ->
-        val versionName = output.versionName.orNull ?: "0"
-        val buildType = variant.buildType
-
-        val outputFileName = "clawdbot-${versionName}-${buildType}.apk"
-        output.outputFileName = outputFileName
-      }
-  }
-}
 kotlin {
  compilerOptions {
    jvmTarget.set(org.jetbrains.kotlin.gradle.dsl.JvmTarget.JVM_17)
-    allWarningsAsErrors.set(true)
  }
 }

@@ -85,7 +64,7 @@ dependencies {
  implementation("androidx.core:core-ktx:1.17.0")
  implementation("androidx.lifecycle:lifecycle-runtime-ktx:2.10.0")
  implementation("androidx.activity:activity-compose:1.12.2")
-  implementation("androidx.webkit:webkit:1.15.0")
+  implementation("androidx.webkit:webkit:1.14.0")

  implementation("androidx.compose.ui:ui")
  implementation("androidx.compose.ui:ui-tooling-preview")
@@ -102,8 +81,6 @@ dependencies {
  implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.9.0")

  implementation("androidx.security:security-crypto:1.1.0")
-  implementation("androidx.exifinterface:exifinterface:1.4.2")
-  implementation("com.squareup.okhttp3:okhttp:5.3.2")

  // CameraX (for node.invoke camera.* parity)
  implementation("androidx.camera:camera-core:1.5.2")
@@ -113,14 +90,13 @@ dependencies {
  implementation("androidx.camera:camera-view:1.5.2")

  // Unicast DNS-SD (Wide-Area Bonjour) for tailnet discovery domains.
-  implementation("dnsjava:dnsjava:3.6.4")
+  implementation("dnsjava:dnsjava:3.6.3")

  testImplementation("junit:junit:4.13.2")
  testImplementation("org.jetbrains.kotlinx:kotlinx-coroutines-test:1.10.2")
  testImplementation("io.kotest:kotest-runner-junit5-jvm:6.0.7")
  testImplementation("io.kotest:kotest-assertions-core-jvm:6.0.7")
-  testImplementation("org.robolectric:robolectric:4.16")
-  testRuntimeOnly("org.junit.vintage:junit-vintage-engine:6.0.2")
+  testRuntimeOnly("org.junit.vintage:junit-vintage-engine:5.13.3")
 }

 tasks.withType<Test>().configureEach {
--- a/apps/android/app/src/main/AndroidManifest.xml
+++ b/apps/android/app/src/main/AndroidManifest.xml
@@ -9,18 +9,17 @@
    <uses-permission
        android:name="android.permission.NEARBY_WIFI_DEVICES"
        android:usesPermissionFlags="neverForLocation" />
-    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
-    <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
-    <uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />
+    <uses-permission
+        android:name="android.permission.ACCESS_FINE_LOCATION"
+        android:maxSdkVersion="32" />
+    <uses-permission
+        android:name="android.permission.ACCESS_COARSE_LOCATION"
+        android:maxSdkVersion="32" />
    <uses-permission android:name="android.permission.CAMERA" />
    <uses-permission android:name="android.permission.RECORD_AUDIO" />
-    <uses-permission android:name="android.permission.SEND_SMS" />
    <uses-feature
        android:name="android.hardware.camera"
        android:required="false" />
-    <uses-feature
-        android:name="android.hardware.telephony"
-        android:required="false" />

    <application
        android:name=".NodeApp"
@@ -32,7 +31,7 @@
        android:label="@string/app_name"
        android:supportsRtl="true"
        android:networkSecurityConfig="@xml/network_security_config"
-        android:theme="@style/Theme.ClawdbotNode">
+        android:theme="@style/Theme.ClawdisNode">
        <service
            android:name=".NodeForegroundService"
            android:exported="false"
--- a/apps/android/app/src/main/java/com/clawdbot/android/LocationMode.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/LocationMode.kt
@@ -1,15 +0,0 @@
-package com.clawdbot.android
-
-enum class LocationMode(val rawValue: String) {
-  Off("off"),
-  WhileUsing("whileUsing"),
-  Always("always"),
-  ;
-
-  companion object {
-    fun fromRawValue(raw: String?): LocationMode {
-      val normalized = raw?.trim()?.lowercase()
-      return entries.firstOrNull { it.rawValue.lowercase() == normalized } ?: Off
-    }
-  }
-}
--- a/apps/android/app/src/main/java/com/clawdbot/android/NodeApp.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/NodeApp.kt
@@ -1,26 +0,0 @@
-package com.clawdbot.android
-
-import android.app.Application
-import android.os.StrictMode
-
-class NodeApp : Application() {
-  val runtime: NodeRuntime by lazy { NodeRuntime(this) }
-
-  override fun onCreate() {
-    super.onCreate()
-    if (BuildConfig.DEBUG) {
-      StrictMode.setThreadPolicy(
-        StrictMode.ThreadPolicy.Builder()
-          .detectAll()
-          .penaltyLog()
-          .build(),
-      )
-      StrictMode.setVmPolicy(
-        StrictMode.VmPolicy.Builder()
-          .detectAll()
-          .penaltyLog()
-          .build(),
-      )
-    }
-  }
-}
--- a/apps/android/app/src/main/java/com/clawdbot/android/SessionKey.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/SessionKey.kt
@@ -1,13 +0,0 @@
-package com.clawdbot.android
-
-internal fun normalizeMainKey(raw: String?): String {
-  val trimmed = raw?.trim()
-  return if (!trimmed.isNullOrEmpty()) trimmed else "main"
-}
-
-internal fun isCanonicalMainSessionKey(raw: String?): Boolean {
-  val trimmed = raw?.trim().orEmpty()
-  if (trimmed.isEmpty()) return false
-  if (trimmed == "global") return true
-  return trimmed.startsWith("agent:")
-}
--- a/apps/android/app/src/main/java/com/clawdbot/android/gateway/DeviceAuthStore.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/gateway/DeviceAuthStore.kt
@@ -1,26 +0,0 @@
-package com.clawdbot.android.gateway
-
-import com.clawdbot.android.SecurePrefs
-
-class DeviceAuthStore(private val prefs: SecurePrefs) {
-  fun loadToken(deviceId: String, role: String): String? {
-    val key = tokenKey(deviceId, role)
-    return prefs.getString(key)?.trim()?.takeIf { it.isNotEmpty() }
-  }
-
-  fun saveToken(deviceId: String, role: String, token: String) {
-    val key = tokenKey(deviceId, role)
-    prefs.putString(key, token.trim())
-  }
-
-  fun clearToken(deviceId: String, role: String) {
-    val key = tokenKey(deviceId, role)
-    prefs.remove(key)
-  }
-
-  private fun tokenKey(deviceId: String, role: String): String {
-    val normalizedDevice = deviceId.trim().lowercase()
-    val normalizedRole = role.trim().lowercase()
-    return "gateway.deviceToken.$normalizedDevice.$normalizedRole"
-  }
-}
--- a/apps/android/app/src/main/java/com/clawdbot/android/gateway/DeviceIdentityStore.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/gateway/DeviceIdentityStore.kt
@@ -1,146 +0,0 @@
-package com.clawdbot.android.gateway
-
-import android.content.Context
-import android.util.Base64
-import java.io.File
-import java.security.KeyFactory
-import java.security.KeyPairGenerator
-import java.security.MessageDigest
-import java.security.Signature
-import java.security.spec.PKCS8EncodedKeySpec
-import kotlinx.serialization.Serializable
-import kotlinx.serialization.json.Json
-
-@Serializable
-data class DeviceIdentity(
-  val deviceId: String,
-  val publicKeyRawBase64: String,
-  val privateKeyPkcs8Base64: String,
-  val createdAtMs: Long,
-)
-
-class DeviceIdentityStore(context: Context) {
-  private val json = Json { ignoreUnknownKeys = true }
-  private val identityFile = File(context.filesDir, "clawdbot/identity/device.json")
-
-  @Synchronized
-  fun loadOrCreate(): DeviceIdentity {
-    val existing = load()
-    if (existing != null) {
-      val derived = deriveDeviceId(existing.publicKeyRawBase64)
-      if (derived != null && derived != existing.deviceId) {
-        val updated = existing.copy(deviceId = derived)
-        save(updated)
-        return updated
-      }
-      return existing
-    }
-    val fresh = generate()
-    save(fresh)
-    return fresh
-  }
-
-  fun signPayload(payload: String, identity: DeviceIdentity): String? {
-    return try {
-      val privateKeyBytes = Base64.decode(identity.privateKeyPkcs8Base64, Base64.DEFAULT)
-      val keySpec = PKCS8EncodedKeySpec(privateKeyBytes)
-      val keyFactory = KeyFactory.getInstance("Ed25519")
-      val privateKey = keyFactory.generatePrivate(keySpec)
-      val signature = Signature.getInstance("Ed25519")
-      signature.initSign(privateKey)
-      signature.update(payload.toByteArray(Charsets.UTF_8))
-      base64UrlEncode(signature.sign())
-    } catch (_: Throwable) {
-      null
-    }
-  }
-
-  fun publicKeyBase64Url(identity: DeviceIdentity): String? {
-    return try {
-      val raw = Base64.decode(identity.publicKeyRawBase64, Base64.DEFAULT)
-      base64UrlEncode(raw)
-    } catch (_: Throwable) {
-      null
-    }
-  }
-
-  private fun load(): DeviceIdentity? {
-    return try {
-      if (!identityFile.exists()) return null
-      val raw = identityFile.readText(Charsets.UTF_8)
-      val decoded = json.decodeFromString(DeviceIdentity.serializer(), raw)
-      if (decoded.deviceId.isBlank() ||
-        decoded.publicKeyRawBase64.isBlank() ||
-        decoded.privateKeyPkcs8Base64.isBlank()
-      ) {
-        null
-      } else {
-        decoded
-      }
-    } catch (_: Throwable) {
-      null
-    }
-  }
-
-  private fun save(identity: DeviceIdentity) {
-    try {
-      identityFile.parentFile?.mkdirs()
-      val encoded = json.encodeToString(DeviceIdentity.serializer(), identity)
-      identityFile.writeText(encoded, Charsets.UTF_8)
-    } catch (_: Throwable) {
-      // best-effort only
-    }
-  }
-
-  private fun generate(): DeviceIdentity {
-    val keyPair = KeyPairGenerator.getInstance("Ed25519").generateKeyPair()
-    val spki = keyPair.public.encoded
-    val rawPublic = stripSpkiPrefix(spki)
-    val deviceId = sha256Hex(rawPublic)
-    val privateKey = keyPair.private.encoded
-    return DeviceIdentity(
-      deviceId = deviceId,
-      publicKeyRawBase64 = Base64.encodeToString(rawPublic, Base64.NO_WRAP),
-      privateKeyPkcs8Base64 = Base64.encodeToString(privateKey, Base64.NO_WRAP),
-      createdAtMs = System.currentTimeMillis(),
-    )
-  }
-
-  private fun deriveDeviceId(publicKeyRawBase64: String): String? {
-    return try {
-      val raw = Base64.decode(publicKeyRawBase64, Base64.DEFAULT)
-      sha256Hex(raw)
-    } catch (_: Throwable) {
-      null
-    }
-  }
-
-  private fun stripSpkiPrefix(spki: ByteArray): ByteArray {
-    if (spki.size == ED25519_SPKI_PREFIX.size + 32 &&
-      spki.copyOfRange(0, ED25519_SPKI_PREFIX.size).contentEquals(ED25519_SPKI_PREFIX)
-    ) {
-      return spki.copyOfRange(ED25519_SPKI_PREFIX.size, spki.size)
-    }
-    return spki
-  }
-
-  private fun sha256Hex(data: ByteArray): String {
-    val digest = MessageDigest.getInstance("SHA-256").digest(data)
-    val out = StringBuilder(digest.size * 2)
-    for (byte in digest) {
-      out.append(String.format("%02x", byte))
-    }
-    return out.toString()
-  }
-
-  private fun base64UrlEncode(data: ByteArray): String {
-    return Base64.encodeToString(data, Base64.URL_SAFE or Base64.NO_WRAP or Base64.NO_PADDING)
-  }
-
-  companion object {
-    private val ED25519_SPKI_PREFIX =
-      byteArrayOf(
-        0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
-      )
-  }
-}
--- a/apps/android/app/src/main/java/com/clawdbot/android/gateway/GatewayEndpoint.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/gateway/GatewayEndpoint.kt
@@ -1,26 +0,0 @@
-package com.clawdbot.android.gateway
-
-data class GatewayEndpoint(
-  val stableId: String,
-  val name: String,
-  val host: String,
-  val port: Int,
-  val lanHost: String? = null,
-  val tailnetDns: String? = null,
-  val gatewayPort: Int? = null,
-  val canvasPort: Int? = null,
-  val tlsEnabled: Boolean = false,
-  val tlsFingerprintSha256: String? = null,
-) {
-  companion object {
-    fun manual(host: String, port: Int): GatewayEndpoint =
-      GatewayEndpoint(
-        stableId = "manual|${host.lowercase()}|$port",
-        name = "$host:$port",
-        host = host,
-        port = port,
-        tlsEnabled = false,
-        tlsFingerprintSha256 = null,
-      )
-  }
-}
--- a/apps/android/app/src/main/java/com/clawdbot/android/gateway/GatewayProtocol.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/gateway/GatewayProtocol.kt
@@ -1,3 +0,0 @@
-package com.clawdbot.android.gateway
-
-const val GATEWAY_PROTOCOL_VERSION = 3
--- a/apps/android/app/src/main/java/com/clawdbot/android/gateway/GatewaySession.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/gateway/GatewaySession.kt
@@ -1,683 +0,0 @@
-package com.clawdbot.android.gateway
-
-import android.util.Log
-import java.util.Locale
-import java.util.UUID
-import java.util.concurrent.ConcurrentHashMap
-import java.util.concurrent.atomic.AtomicBoolean
-import kotlinx.coroutines.CompletableDeferred
-import kotlinx.coroutines.CoroutineScope
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.Job
-import kotlinx.coroutines.TimeoutCancellationException
-import kotlinx.coroutines.cancelAndJoin
-import kotlinx.coroutines.delay
-import kotlinx.coroutines.isActive
-import kotlinx.coroutines.launch
-import kotlinx.coroutines.sync.Mutex
-import kotlinx.coroutines.sync.withLock
-import kotlinx.coroutines.withContext
-import kotlinx.coroutines.withTimeout
-import kotlinx.serialization.json.Json
-import kotlinx.serialization.json.JsonArray
-import kotlinx.serialization.json.JsonElement
-import kotlinx.serialization.json.JsonNull
-import kotlinx.serialization.json.JsonObject
-import kotlinx.serialization.json.JsonPrimitive
-import kotlinx.serialization.json.buildJsonObject
-import okhttp3.OkHttpClient
-import okhttp3.Request
-import okhttp3.Response
-import okhttp3.WebSocket
-import okhttp3.WebSocketListener
-
-data class GatewayClientInfo(
-  val id: String,
-  val displayName: String?,
-  val version: String,
-  val platform: String,
-  val mode: String,
-  val instanceId: String?,
-  val deviceFamily: String?,
-  val modelIdentifier: String?,
-)
-
-data class GatewayConnectOptions(
-  val role: String,
-  val scopes: List<String>,
-  val caps: List<String>,
-  val commands: List<String>,
-  val permissions: Map<String, Boolean>,
-  val client: GatewayClientInfo,
-  val userAgent: String? = null,
-)
-
-class GatewaySession(
-  private val scope: CoroutineScope,
-  private val identityStore: DeviceIdentityStore,
-  private val deviceAuthStore: DeviceAuthStore,
-  private val onConnected: (serverName: String?, remoteAddress: String?, mainSessionKey: String?) -> Unit,
-  private val onDisconnected: (message: String) -> Unit,
-  private val onEvent: (event: String, payloadJson: String?) -> Unit,
-  private val onInvoke: (suspend (InvokeRequest) -> InvokeResult)? = null,
-  private val onTlsFingerprint: ((stableId: String, fingerprint: String) -> Unit)? = null,
-) {
-  data class InvokeRequest(
-    val id: String,
-    val nodeId: String,
-    val command: String,
-    val paramsJson: String?,
-    val timeoutMs: Long?,
-  )
-
-  data class InvokeResult(val ok: Boolean, val payloadJson: String?, val error: ErrorShape?) {
-    companion object {
-      fun ok(payloadJson: String?) = InvokeResult(ok = true, payloadJson = payloadJson, error = null)
-      fun error(code: String, message: String) =
-        InvokeResult(ok = false, payloadJson = null, error = ErrorShape(code = code, message = message))
-    }
-  }
-
-  data class ErrorShape(val code: String, val message: String)
-
-  private val json = Json { ignoreUnknownKeys = true }
-  private val writeLock = Mutex()
-  private val pending = ConcurrentHashMap<String, CompletableDeferred<RpcResponse>>()
-
-  @Volatile private var canvasHostUrl: String? = null
-  @Volatile private var mainSessionKey: String? = null
-
-  private data class DesiredConnection(
-    val endpoint: GatewayEndpoint,
-    val token: String?,
-    val password: String?,
-    val options: GatewayConnectOptions,
-    val tls: GatewayTlsParams?,
-  )
-
-  private var desired: DesiredConnection? = null
-  private var job: Job? = null
-  @Volatile private var currentConnection: Connection? = null
-
-  fun connect(
-    endpoint: GatewayEndpoint,
-    token: String?,
-    password: String?,
-    options: GatewayConnectOptions,
-    tls: GatewayTlsParams? = null,
-  ) {
-    desired = DesiredConnection(endpoint, token, password, options, tls)
-    if (job == null) {
-      job = scope.launch(Dispatchers.IO) { runLoop() }
-    }
-  }
-
-  fun disconnect() {
-    desired = null
-    currentConnection?.closeQuietly()
-    scope.launch(Dispatchers.IO) {
-      job?.cancelAndJoin()
-      job = null
-      canvasHostUrl = null
-      mainSessionKey = null
-      onDisconnected("Offline")
-    }
-  }
-
-  fun reconnect() {
-    currentConnection?.closeQuietly()
-  }
-
-  fun currentCanvasHostUrl(): String? = canvasHostUrl
-  fun currentMainSessionKey(): String? = mainSessionKey
-
-  suspend fun sendNodeEvent(event: String, payloadJson: String?) {
-    val conn = currentConnection ?: return
-    val parsedPayload = payloadJson?.let { parseJsonOrNull(it) }
-    val params =
-      buildJsonObject {
-        put("event", JsonPrimitive(event))
-        if (parsedPayload != null) {
-          put("payload", parsedPayload)
-        } else if (payloadJson != null) {
-          put("payloadJSON", JsonPrimitive(payloadJson))
-        } else {
-          put("payloadJSON", JsonNull)
-        }
-      }
-    try {
-      conn.request("node.event", params, timeoutMs = 8_000)
-    } catch (err: Throwable) {
-      Log.w("ClawdbotGateway", "node.event failed: ${err.message ?: err::class.java.simpleName}")
-    }
-  }
-
-  suspend fun request(method: String, paramsJson: String?, timeoutMs: Long = 15_000): String {
-    val conn = currentConnection ?: throw IllegalStateException("not connected")
-    val params =
-      if (paramsJson.isNullOrBlank()) {
-        null
-      } else {
-        json.parseToJsonElement(paramsJson)
-      }
-    val res = conn.request(method, params, timeoutMs)
-    if (res.ok) return res.payloadJson ?: ""
-    val err = res.error
-    throw IllegalStateException("${err?.code ?: "UNAVAILABLE"}: ${err?.message ?: "request failed"}")
-  }
-
-  private data class RpcResponse(val id: String, val ok: Boolean, val payloadJson: String?, val error: ErrorShape?)
-
-  private inner class Connection(
-    private val endpoint: GatewayEndpoint,
-    private val token: String?,
-    private val password: String?,
-    private val options: GatewayConnectOptions,
-    private val tls: GatewayTlsParams?,
-  ) {
-    private val connectDeferred = CompletableDeferred<Unit>()
-    private val closedDeferred = CompletableDeferred<Unit>()
-    private val isClosed = AtomicBoolean(false)
-    private val connectNonceDeferred = CompletableDeferred<String?>()
-    private val client: OkHttpClient = buildClient()
-    private var socket: WebSocket? = null
-    private val loggerTag = "ClawdbotGateway"
-
-    val remoteAddress: String =
-      if (endpoint.host.contains(":")) {
-        "[${endpoint.host}]:${endpoint.port}"
-      } else {
-        "${endpoint.host}:${endpoint.port}"
-      }
-
-    suspend fun connect() {
-      val scheme = if (tls != null) "wss" else "ws"
-      val url = "$scheme://${endpoint.host}:${endpoint.port}"
-      val request = Request.Builder().url(url).build()
-      socket = client.newWebSocket(request, Listener())
-      try {
-        connectDeferred.await()
-      } catch (err: Throwable) {
-        throw err
-      }
-    }
-
-    suspend fun request(method: String, params: JsonElement?, timeoutMs: Long): RpcResponse {
-      val id = UUID.randomUUID().toString()
-      val deferred = CompletableDeferred<RpcResponse>()
-      pending[id] = deferred
-      val frame =
-        buildJsonObject {
-          put("type", JsonPrimitive("req"))
-          put("id", JsonPrimitive(id))
-          put("method", JsonPrimitive(method))
-          if (params != null) put("params", params)
-        }
-      sendJson(frame)
-      return try {
-        withTimeout(timeoutMs) { deferred.await() }
-      } catch (err: TimeoutCancellationException) {
-        pending.remove(id)
-        throw IllegalStateException("request timeout")
-      }
-    }
-
-    suspend fun sendJson(obj: JsonObject) {
-      val jsonString = obj.toString()
-      writeLock.withLock {
-        socket?.send(jsonString)
-      }
-    }
-
-    suspend fun awaitClose() = closedDeferred.await()
-
-    fun closeQuietly() {
-      if (isClosed.compareAndSet(false, true)) {
-        socket?.close(1000, "bye")
-        socket = null
-        closedDeferred.complete(Unit)
-      }
-    }
-
-    private fun buildClient(): OkHttpClient {
-      val builder = OkHttpClient.Builder()
-      val tlsConfig = buildGatewayTlsConfig(tls) { fingerprint ->
-        onTlsFingerprint?.invoke(tls?.stableId ?: endpoint.stableId, fingerprint)
-      }
-      if (tlsConfig != null) {
-        builder.sslSocketFactory(tlsConfig.sslSocketFactory, tlsConfig.trustManager)
-        builder.hostnameVerifier(tlsConfig.hostnameVerifier)
-      }
-      return builder.build()
-    }
-
-    private inner class Listener : WebSocketListener() {
-      override fun onOpen(webSocket: WebSocket, response: Response) {
-        scope.launch {
-          try {
-            val nonce = awaitConnectNonce()
-            sendConnect(nonce)
-          } catch (err: Throwable) {
-            connectDeferred.completeExceptionally(err)
-            closeQuietly()
-          }
-        }
-      }
-
-      override fun onMessage(webSocket: WebSocket, text: String) {
-        scope.launch { handleMessage(text) }
-      }
-
-      override fun onFailure(webSocket: WebSocket, t: Throwable, response: Response?) {
-        if (!connectDeferred.isCompleted) {
-          connectDeferred.completeExceptionally(t)
-        }
-        if (isClosed.compareAndSet(false, true)) {
-          failPending()
-          closedDeferred.complete(Unit)
-          onDisconnected("Gateway error: ${t.message ?: t::class.java.simpleName}")
-        }
-      }
-
-      override fun onClosed(webSocket: WebSocket, code: Int, reason: String) {
-        if (!connectDeferred.isCompleted) {
-          connectDeferred.completeExceptionally(IllegalStateException("Gateway closed: $reason"))
-        }
-        if (isClosed.compareAndSet(false, true)) {
-          failPending()
-          closedDeferred.complete(Unit)
-          onDisconnected("Gateway closed: $reason")
-        }
-      }
-    }
-
-    private suspend fun sendConnect(connectNonce: String?) {
-      val identity = identityStore.loadOrCreate()
-      val storedToken = deviceAuthStore.loadToken(identity.deviceId, options.role)
-      val trimmedToken = token?.trim().orEmpty()
-      val authToken = if (storedToken.isNullOrBlank()) trimmedToken else storedToken
-      val canFallbackToShared = !storedToken.isNullOrBlank() && trimmedToken.isNotBlank()
-      val payload = buildConnectParams(identity, connectNonce, authToken, password?.trim())
-      val res = request("connect", payload, timeoutMs = 8_000)
-      if (!res.ok) {
-        val msg = res.error?.message ?: "connect failed"
-        if (canFallbackToShared) {
-          deviceAuthStore.clearToken(identity.deviceId, options.role)
-        }
-        throw IllegalStateException(msg)
-      }
-      val payloadJson = res.payloadJson ?: throw IllegalStateException("connect failed: missing payload")
-      val obj = json.parseToJsonElement(payloadJson).asObjectOrNull() ?: throw IllegalStateException("connect failed")
-      val serverName = obj["server"].asObjectOrNull()?.get("host").asStringOrNull()
-      val authObj = obj["auth"].asObjectOrNull()
-      val deviceToken = authObj?.get("deviceToken").asStringOrNull()
-      val authRole = authObj?.get("role").asStringOrNull() ?: options.role
-      if (!deviceToken.isNullOrBlank()) {
-        deviceAuthStore.saveToken(identity.deviceId, authRole, deviceToken)
-      }
-      val rawCanvas = obj["canvasHostUrl"].asStringOrNull()
-      canvasHostUrl = normalizeCanvasHostUrl(rawCanvas, endpoint)
-      val sessionDefaults =
-        obj["snapshot"].asObjectOrNull()
-          ?.get("sessionDefaults").asObjectOrNull()
-      mainSessionKey = sessionDefaults?.get("mainSessionKey").asStringOrNull()
-      onConnected(serverName, remoteAddress, mainSessionKey)
-      connectDeferred.complete(Unit)
-    }
-
-    private fun buildConnectParams(
-      identity: DeviceIdentity,
-      connectNonce: String?,
-      authToken: String,
-      authPassword: String?,
-    ): JsonObject {
-      val client = options.client
-      val locale = Locale.getDefault().toLanguageTag()
-      val clientObj =
-        buildJsonObject {
-          put("id", JsonPrimitive(client.id))
-          client.displayName?.let { put("displayName", JsonPrimitive(it)) }
-          put("version", JsonPrimitive(client.version))
-          put("platform", JsonPrimitive(client.platform))
-          put("mode", JsonPrimitive(client.mode))
-          client.instanceId?.let { put("instanceId", JsonPrimitive(it)) }
-          client.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
-          client.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
-        }
-
-      val password = authPassword?.trim().orEmpty()
-      val authJson =
-        when {
-          authToken.isNotEmpty() ->
-            buildJsonObject {
-              put("token", JsonPrimitive(authToken))
-            }
-          password.isNotEmpty() ->
-            buildJsonObject {
-              put("password", JsonPrimitive(password))
-            }
-          else -> null
-        }
-
-      val signedAtMs = System.currentTimeMillis()
-      val payload =
-        buildDeviceAuthPayload(
-          deviceId = identity.deviceId,
-          clientId = client.id,
-          clientMode = client.mode,
-          role = options.role,
-          scopes = options.scopes,
-          signedAtMs = signedAtMs,
-          token = if (authToken.isNotEmpty()) authToken else null,
-          nonce = connectNonce,
-        )
-      val signature = identityStore.signPayload(payload, identity)
-      val publicKey = identityStore.publicKeyBase64Url(identity)
-      val deviceJson =
-        if (!signature.isNullOrBlank() && !publicKey.isNullOrBlank()) {
-          buildJsonObject {
-            put("id", JsonPrimitive(identity.deviceId))
-            put("publicKey", JsonPrimitive(publicKey))
-            put("signature", JsonPrimitive(signature))
-            put("signedAt", JsonPrimitive(signedAtMs))
-            if (!connectNonce.isNullOrBlank()) {
-              put("nonce", JsonPrimitive(connectNonce))
-            }
-          }
-        } else {
-          null
-        }
-
-      return buildJsonObject {
-        put("minProtocol", JsonPrimitive(GATEWAY_PROTOCOL_VERSION))
-        put("maxProtocol", JsonPrimitive(GATEWAY_PROTOCOL_VERSION))
-        put("client", clientObj)
-        if (options.caps.isNotEmpty()) put("caps", JsonArray(options.caps.map(::JsonPrimitive)))
-        if (options.commands.isNotEmpty()) put("commands", JsonArray(options.commands.map(::JsonPrimitive)))
-        if (options.permissions.isNotEmpty()) {
-          put(
-            "permissions",
-            buildJsonObject {
-              options.permissions.forEach { (key, value) ->
-                put(key, JsonPrimitive(value))
-              }
-            },
-          )
-        }
-        put("role", JsonPrimitive(options.role))
-        if (options.scopes.isNotEmpty()) put("scopes", JsonArray(options.scopes.map(::JsonPrimitive)))
-        authJson?.let { put("auth", it) }
-        deviceJson?.let { put("device", it) }
-        put("locale", JsonPrimitive(locale))
-        options.userAgent?.trim()?.takeIf { it.isNotEmpty() }?.let {
-          put("userAgent", JsonPrimitive(it))
-        }
-      }
-    }
-
-    private suspend fun handleMessage(text: String) {
-      val frame = json.parseToJsonElement(text).asObjectOrNull() ?: return
-      when (frame["type"].asStringOrNull()) {
-        "res" -> handleResponse(frame)
-        "event" -> handleEvent(frame)
-      }
-    }
-
-    private fun handleResponse(frame: JsonObject) {
-      val id = frame["id"].asStringOrNull() ?: return
-      val ok = frame["ok"].asBooleanOrNull() ?: false
-      val payloadJson = frame["payload"]?.let { payload -> payload.toString() }
-      val error =
-        frame["error"]?.asObjectOrNull()?.let { obj ->
-          val code = obj["code"].asStringOrNull() ?: "UNAVAILABLE"
-          val msg = obj["message"].asStringOrNull() ?: "request failed"
-          ErrorShape(code, msg)
-        }
-      pending.remove(id)?.complete(RpcResponse(id, ok, payloadJson, error))
-    }
-
-    private fun handleEvent(frame: JsonObject) {
-      val event = frame["event"].asStringOrNull() ?: return
-      val payloadJson =
-        frame["payload"]?.let { it.toString() } ?: frame["payloadJSON"].asStringOrNull()
-      if (event == "connect.challenge") {
-        val nonce = extractConnectNonce(payloadJson)
-        if (!connectNonceDeferred.isCompleted) {
-          connectNonceDeferred.complete(nonce)
-        }
-        return
-      }
-      if (event == "node.invoke.request" && payloadJson != null && onInvoke != null) {
-        handleInvokeEvent(payloadJson)
-        return
-      }
-      onEvent(event, payloadJson)
-    }
-
-    private suspend fun awaitConnectNonce(): String? {
-      if (isLoopbackHost(endpoint.host)) return null
-      return try {
-        withTimeout(2_000) { connectNonceDeferred.await() }
-      } catch (_: Throwable) {
-        null
-      }
-    }
-
-    private fun extractConnectNonce(payloadJson: String?): String? {
-      if (payloadJson.isNullOrBlank()) return null
-      val obj = parseJsonOrNull(payloadJson)?.asObjectOrNull() ?: return null
-      return obj["nonce"].asStringOrNull()
-    }
-
-    private fun handleInvokeEvent(payloadJson: String) {
-      val payload =
-        try {
-          json.parseToJsonElement(payloadJson).asObjectOrNull()
-        } catch (_: Throwable) {
-          null
-        } ?: return
-      val id = payload["id"].asStringOrNull() ?: return
-      val nodeId = payload["nodeId"].asStringOrNull() ?: return
-      val command = payload["command"].asStringOrNull() ?: return
-      val params =
-        payload["paramsJSON"].asStringOrNull()
-          ?: payload["params"]?.let { value -> if (value is JsonNull) null else value.toString() }
-      val timeoutMs = payload["timeoutMs"].asLongOrNull()
-      scope.launch {
-        val result =
-          try {
-            onInvoke?.invoke(InvokeRequest(id, nodeId, command, params, timeoutMs))
-              ?: InvokeResult.error("UNAVAILABLE", "invoke handler missing")
-          } catch (err: Throwable) {
-            invokeErrorFromThrowable(err)
-          }
-        sendInvokeResult(id, nodeId, result)
-      }
-    }
-
-    private suspend fun sendInvokeResult(id: String, nodeId: String, result: InvokeResult) {
-      val parsedPayload = result.payloadJson?.let { parseJsonOrNull(it) }
-      val params =
-        buildJsonObject {
-          put("id", JsonPrimitive(id))
-          put("nodeId", JsonPrimitive(nodeId))
-          put("ok", JsonPrimitive(result.ok))
-          if (parsedPayload != null) {
-            put("payload", parsedPayload)
-          } else if (result.payloadJson != null) {
-            put("payloadJSON", JsonPrimitive(result.payloadJson))
-          }
-          result.error?.let { err ->
-            put(
-              "error",
-              buildJsonObject {
-                put("code", JsonPrimitive(err.code))
-                put("message", JsonPrimitive(err.message))
-              },
-            )
-          }
-        }
-      try {
-        request("node.invoke.result", params, timeoutMs = 15_000)
-      } catch (err: Throwable) {
-        Log.w(loggerTag, "node.invoke.result failed: ${err.message ?: err::class.java.simpleName}")
-      }
-    }
-
-    private fun invokeErrorFromThrowable(err: Throwable): InvokeResult {
-      val msg = err.message?.trim().takeIf { !it.isNullOrEmpty() } ?: err::class.java.simpleName
-      val parts = msg.split(":", limit = 2)
-      if (parts.size == 2) {
-        val code = parts[0].trim()
-        val rest = parts[1].trim()
-        if (code.isNotEmpty() && code.all { it.isUpperCase() || it == '_' }) {
-          return InvokeResult.error(code = code, message = rest.ifEmpty { msg })
-        }
-      }
-      return InvokeResult.error(code = "UNAVAILABLE", message = msg)
-    }
-
-    private fun failPending() {
-      for ((_, waiter) in pending) {
-        waiter.cancel()
-      }
-      pending.clear()
-    }
-  }
-
-  private suspend fun runLoop() {
-    var attempt = 0
-    while (scope.isActive) {
-      val target = desired
-      if (target == null) {
-        currentConnection?.closeQuietly()
-        currentConnection = null
-        delay(250)
-        continue
-      }
-
-      try {
-        onDisconnected(if (attempt == 0) "Connecting…" else "Reconnecting…")
-        connectOnce(target)
-        attempt = 0
-      } catch (err: Throwable) {
-        attempt += 1
-        onDisconnected("Gateway error: ${err.message ?: err::class.java.simpleName}")
-        val sleepMs = minOf(8_000L, (350.0 * Math.pow(1.7, attempt.toDouble())).toLong())
-        delay(sleepMs)
-      }
-    }
-  }
-
-  private suspend fun connectOnce(target: DesiredConnection) = withContext(Dispatchers.IO) {
-    val conn = Connection(target.endpoint, target.token, target.password, target.options, target.tls)
-    currentConnection = conn
-    try {
-      conn.connect()
-      conn.awaitClose()
-    } finally {
-      currentConnection = null
-      canvasHostUrl = null
-      mainSessionKey = null
-    }
-  }
-
-  private fun buildDeviceAuthPayload(
-    deviceId: String,
-    clientId: String,
-    clientMode: String,
-    role: String,
-    scopes: List<String>,
-    signedAtMs: Long,
-    token: String?,
-    nonce: String?,
-  ): String {
-    val scopeString = scopes.joinToString(",")
-    val authToken = token.orEmpty()
-    val version = if (nonce.isNullOrBlank()) "v1" else "v2"
-    val parts =
-      mutableListOf(
-        version,
-        deviceId,
-        clientId,
-        clientMode,
-        role,
-        scopeString,
-        signedAtMs.toString(),
-        authToken,
-      )
-    if (!nonce.isNullOrBlank()) {
-      parts.add(nonce)
-    }
-    return parts.joinToString("|")
-  }
-
-  private fun normalizeCanvasHostUrl(raw: String?, endpoint: GatewayEndpoint): String? {
-    val trimmed = raw?.trim().orEmpty()
-    val parsed = trimmed.takeIf { it.isNotBlank() }?.let { runCatching { java.net.URI(it) }.getOrNull() }
-    val host = parsed?.host?.trim().orEmpty()
-    val port = parsed?.port ?: -1
-    val scheme = parsed?.scheme?.trim().orEmpty().ifBlank { "http" }
-
-    if (trimmed.isNotBlank() && !isLoopbackHost(host)) {
-      return trimmed
-    }
-
-    val fallbackHost =
-      endpoint.tailnetDns?.trim().takeIf { !it.isNullOrEmpty() }
-        ?: endpoint.lanHost?.trim().takeIf { !it.isNullOrEmpty() }
-        ?: endpoint.host.trim()
-    if (fallbackHost.isEmpty()) return trimmed.ifBlank { null }
-
-    val fallbackPort = endpoint.canvasPort ?: if (port > 0) port else 18793
-    val formattedHost = if (fallbackHost.contains(":")) "[${fallbackHost}]" else fallbackHost
-    return "$scheme://$formattedHost:$fallbackPort"
-  }
-
-  private fun isLoopbackHost(raw: String?): Boolean {
-    val host = raw?.trim()?.lowercase().orEmpty()
-    if (host.isEmpty()) return false
-    if (host == "localhost") return true
-    if (host == "::1") return true
-    if (host == "0.0.0.0" || host == "::") return true
-    return host.startsWith("127.")
-  }
-}
-
-private fun JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
-
-private fun JsonElement?.asStringOrNull(): String? =
-  when (this) {
-    is JsonNull -> null
-    is JsonPrimitive -> content
-    else -> null
-  }
-
-private fun JsonElement?.asBooleanOrNull(): Boolean? =
-  when (this) {
-    is JsonPrimitive -> {
-      val c = content.trim()
-      when {
-        c.equals("true", ignoreCase = true) -> true
-        c.equals("false", ignoreCase = true) -> false
-        else -> null
-      }
-    }
-    else -> null
-  }
-
-private fun JsonElement?.asLongOrNull(): Long? =
-  when (this) {
-    is JsonPrimitive -> content.toLongOrNull()
-    else -> null
-  }
-
-private fun parseJsonOrNull(payload: String): JsonElement? {
-  val trimmed = payload.trim()
-  if (trimmed.isEmpty()) return null
-  return try {
-    Json.parseToJsonElement(trimmed)
-  } catch (_: Throwable) {
-    null
-  }
-}
--- a/apps/android/app/src/main/java/com/clawdbot/android/gateway/GatewayTls.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/gateway/GatewayTls.kt
@@ -1,90 +0,0 @@
-package com.clawdbot.android.gateway
-
-import android.annotation.SuppressLint
-import java.security.MessageDigest
-import java.security.SecureRandom
-import java.security.cert.CertificateException
-import java.security.cert.X509Certificate
-import javax.net.ssl.HostnameVerifier
-import javax.net.ssl.SSLContext
-import javax.net.ssl.SSLSocketFactory
-import javax.net.ssl.TrustManagerFactory
-import javax.net.ssl.X509TrustManager
-
-data class GatewayTlsParams(
-  val required: Boolean,
-  val expectedFingerprint: String?,
-  val allowTOFU: Boolean,
-  val stableId: String,
-)
-
-data class GatewayTlsConfig(
-  val sslSocketFactory: SSLSocketFactory,
-  val trustManager: X509TrustManager,
-  val hostnameVerifier: HostnameVerifier,
-)
-
-fun buildGatewayTlsConfig(
-  params: GatewayTlsParams?,
-  onStore: ((String) -> Unit)? = null,
-): GatewayTlsConfig? {
-  if (params == null) return null
-  val expected = params.expectedFingerprint?.let(::normalizeFingerprint)
-  val defaultTrust = defaultTrustManager()
-  @SuppressLint("CustomX509TrustManager")
-  val trustManager =
-    object : X509TrustManager {
-      override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) {
-        defaultTrust.checkClientTrusted(chain, authType)
-      }
-
-      override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) {
-        if (chain.isEmpty()) throw CertificateException("empty certificate chain")
-        val fingerprint = sha256Hex(chain[0].encoded)
-        if (expected != null) {
-          if (fingerprint != expected) {
-            throw CertificateException("gateway TLS fingerprint mismatch")
-          }
-          return
-        }
-        if (params.allowTOFU) {
-          onStore?.invoke(fingerprint)
-          return
-        }
-        defaultTrust.checkServerTrusted(chain, authType)
-      }
-
-      override fun getAcceptedIssuers(): Array<X509Certificate> = defaultTrust.acceptedIssuers
-    }
-
-  val context = SSLContext.getInstance("TLS")
-  context.init(null, arrayOf(trustManager), SecureRandom())
-  return GatewayTlsConfig(
-    sslSocketFactory = context.socketFactory,
-    trustManager = trustManager,
-    hostnameVerifier = HostnameVerifier { _, _ -> true },
-  )
-}
-
-private fun defaultTrustManager(): X509TrustManager {
-  val factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
-  factory.init(null as java.security.KeyStore?)
-  val trust =
-    factory.trustManagers.firstOrNull { it is X509TrustManager } as? X509TrustManager
-  return trust ?: throw IllegalStateException("No default X509TrustManager found")
-}
-
-private fun sha256Hex(data: ByteArray): String {
-  val digest = MessageDigest.getInstance("SHA-256").digest(data)
-  val out = StringBuilder(digest.size * 2)
-  for (byte in digest) {
-    out.append(String.format("%02x", byte))
-  }
-  return out.toString()
-}
-
-private fun normalizeFingerprint(raw: String): String {
-  val stripped = raw.trim()
-    .replace(Regex("^sha-?256\\s*:?\\s*", RegexOption.IGNORE_CASE), "")
-  return stripped.lowercase().filter { it in '0'..'9' || it in 'a'..'f' }
-}
--- a/apps/android/app/src/main/java/com/clawdbot/android/node/LocationCaptureManager.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/node/LocationCaptureManager.kt
@@ -1,117 +0,0 @@
-package com.clawdbot.android.node
-
-import android.Manifest
-import android.content.Context
-import android.content.pm.PackageManager
-import android.location.Location
-import android.location.LocationManager
-import android.os.CancellationSignal
-import androidx.core.content.ContextCompat
-import java.time.Instant
-import java.time.format.DateTimeFormatter
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.withContext
-import kotlinx.coroutines.withTimeout
-import kotlin.coroutines.resume
-import kotlin.coroutines.resumeWithException
-import kotlinx.coroutines.suspendCancellableCoroutine
-
-class LocationCaptureManager(private val context: Context) {
-  data class Payload(val payloadJson: String)
-
-  suspend fun getLocation(
-    desiredProviders: List<String>,
-    maxAgeMs: Long?,
-    timeoutMs: Long,
-    isPrecise: Boolean,
-  ): Payload =
-    withContext(Dispatchers.Main) {
-      val manager = context.getSystemService(Context.LOCATION_SERVICE) as LocationManager
-      if (!manager.isProviderEnabled(LocationManager.GPS_PROVIDER) &&
-        !manager.isProviderEnabled(LocationManager.NETWORK_PROVIDER)
-      ) {
-        throw IllegalStateException("LOCATION_UNAVAILABLE: no location providers enabled")
-      }
-
-      val cached = bestLastKnown(manager, desiredProviders, maxAgeMs)
-      val location =
-        cached ?: requestCurrent(manager, desiredProviders, timeoutMs)
-
-      val timestamp = DateTimeFormatter.ISO_INSTANT.format(Instant.ofEpochMilli(location.time))
-      val source = location.provider
-      val altitudeMeters = if (location.hasAltitude()) location.altitude else null
-      val speedMps = if (location.hasSpeed()) location.speed.toDouble() else null
-      val headingDeg = if (location.hasBearing()) location.bearing.toDouble() else null
-      Payload(
-        buildString {
-          append("{\"lat\":")
-          append(location.latitude)
-          append(",\"lon\":")
-          append(location.longitude)
-          append(",\"accuracyMeters\":")
-          append(location.accuracy.toDouble())
-          if (altitudeMeters != null) append(",\"altitudeMeters\":").append(altitudeMeters)
-          if (speedMps != null) append(",\"speedMps\":").append(speedMps)
-          if (headingDeg != null) append(",\"headingDeg\":").append(headingDeg)
-          append(",\"timestamp\":\"").append(timestamp).append('"')
-          append(",\"isPrecise\":").append(isPrecise)
-          append(",\"source\":\"").append(source).append('"')
-          append('}')
-        },
-      )
-    }
-
-  private fun bestLastKnown(
-    manager: LocationManager,
-    providers: List<String>,
-    maxAgeMs: Long?,
-  ): Location? {
-    val fineOk =
-      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_FINE_LOCATION) ==
-        PackageManager.PERMISSION_GRANTED
-    val coarseOk =
-      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_COARSE_LOCATION) ==
-        PackageManager.PERMISSION_GRANTED
-    if (!fineOk && !coarseOk) {
-      throw IllegalStateException("LOCATION_PERMISSION_REQUIRED: grant Location permission")
-    }
-    val now = System.currentTimeMillis()
-    val candidates =
-      providers.mapNotNull { provider -> manager.getLastKnownLocation(provider) }
-    val freshest = candidates.maxByOrNull { it.time } ?: return null
-    if (maxAgeMs != null && now - freshest.time > maxAgeMs) return null
-    return freshest
-  }
-
-  private suspend fun requestCurrent(
-    manager: LocationManager,
-    providers: List<String>,
-    timeoutMs: Long,
-  ): Location {
-    val fineOk =
-      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_FINE_LOCATION) ==
-        PackageManager.PERMISSION_GRANTED
-    val coarseOk =
-      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_COARSE_LOCATION) ==
-        PackageManager.PERMISSION_GRANTED
-    if (!fineOk && !coarseOk) {
-      throw IllegalStateException("LOCATION_PERMISSION_REQUIRED: grant Location permission")
-    }
-    val resolved =
-      providers.firstOrNull { manager.isProviderEnabled(it) }
-        ?: throw IllegalStateException("LOCATION_UNAVAILABLE: no providers available")
-    return withTimeout(timeoutMs.coerceAtLeast(1)) {
-      suspendCancellableCoroutine { cont ->
-        val signal = CancellationSignal()
-        cont.invokeOnCancellation { signal.cancel() }
-        manager.getCurrentLocation(resolved, signal, context.mainExecutor) { location ->
-          if (location != null) {
-            cont.resume(location)
-          } else {
-            cont.resumeWithException(IllegalStateException("LOCATION_UNAVAILABLE: no fix"))
-          }
-        }
-      }
-    }
-  }
-}
--- a/apps/android/app/src/main/java/com/clawdbot/android/node/SmsManager.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/node/SmsManager.kt
@@ -1,230 +0,0 @@
-package com.clawdbot.android.node
-
-import android.Manifest
-import android.content.Context
-import android.content.pm.PackageManager
-import android.telephony.SmsManager as AndroidSmsManager
-import androidx.core.content.ContextCompat
-import kotlinx.serialization.json.Json
-import kotlinx.serialization.json.JsonElement
-import kotlinx.serialization.json.JsonObject
-import kotlinx.serialization.json.JsonPrimitive
-import kotlinx.serialization.json.jsonObject
-import kotlinx.serialization.encodeToString
-import com.clawdbot.android.PermissionRequester
-
-/**
- * Sends SMS messages via the Android SMS API.
- * Requires SEND_SMS permission to be granted.
- */
-class SmsManager(private val context: Context) {
-
-    private val json = JsonConfig
-    @Volatile private var permissionRequester: PermissionRequester? = null
-
-    data class SendResult(
-        val ok: Boolean,
-        val to: String,
-        val message: String?,
-        val error: String? = null,
-        val payloadJson: String,
-    )
-
-    internal data class ParsedParams(
-        val to: String,
-        val message: String,
-    )
-
-    internal sealed class ParseResult {
-        data class Ok(val params: ParsedParams) : ParseResult()
-        data class Error(
-            val error: String,
-            val to: String = "",
-            val message: String? = null,
-        ) : ParseResult()
-    }
-
-    internal data class SendPlan(
-        val parts: List<String>,
-        val useMultipart: Boolean,
-    )
-
-    companion object {
-        internal val JsonConfig = Json { ignoreUnknownKeys = true }
-
-        internal fun parseParams(paramsJson: String?, json: Json = JsonConfig): ParseResult {
-            val params = paramsJson?.trim().orEmpty()
-            if (params.isEmpty()) {
-                return ParseResult.Error(error = "INVALID_REQUEST: paramsJSON required")
-            }
-
-            val obj = try {
-                json.parseToJsonElement(params).jsonObject
-            } catch (_: Throwable) {
-                null
-            }
-
-            if (obj == null) {
-                return ParseResult.Error(error = "INVALID_REQUEST: expected JSON object")
-            }
-
-            val to = (obj["to"] as? JsonPrimitive)?.content?.trim().orEmpty()
-            val message = (obj["message"] as? JsonPrimitive)?.content.orEmpty()
-
-            if (to.isEmpty()) {
-                return ParseResult.Error(
-                    error = "INVALID_REQUEST: 'to' phone number required",
-                    message = message,
-                )
-            }
-
-            if (message.isEmpty()) {
-                return ParseResult.Error(
-                    error = "INVALID_REQUEST: 'message' text required",
-                    to = to,
-                )
-            }
-
-            return ParseResult.Ok(ParsedParams(to = to, message = message))
-        }
-
-        internal fun buildSendPlan(
-            message: String,
-            divider: (String) -> List<String>,
-        ): SendPlan {
-            val parts = divider(message).ifEmpty { listOf(message) }
-            return SendPlan(parts = parts, useMultipart = parts.size > 1)
-        }
-
-        internal fun buildPayloadJson(
-            json: Json = JsonConfig,
-            ok: Boolean,
-            to: String,
-            error: String?,
-        ): String {
-            val payload =
-                mutableMapOf<String, JsonElement>(
-                    "ok" to JsonPrimitive(ok),
-                    "to" to JsonPrimitive(to),
-                )
-            if (!ok) {
-                payload["error"] = JsonPrimitive(error ?: "SMS_SEND_FAILED")
-            }
-            return json.encodeToString(JsonObject.serializer(), JsonObject(payload))
-        }
-    }
-
-    fun hasSmsPermission(): Boolean {
-        return ContextCompat.checkSelfPermission(
-            context,
-            Manifest.permission.SEND_SMS
-        ) == PackageManager.PERMISSION_GRANTED
-    }
-
-    fun canSendSms(): Boolean {
-        return hasSmsPermission() && hasTelephonyFeature()
-    }
-
-    fun hasTelephonyFeature(): Boolean {
-        return context.packageManager?.hasSystemFeature(PackageManager.FEATURE_TELEPHONY) == true
-    }
-
-    fun attachPermissionRequester(requester: PermissionRequester) {
-        permissionRequester = requester
-    }
-
-    /**
-     * Send an SMS message.
-     * 
-     * @param paramsJson JSON with "to" (phone number) and "message" (text) fields
-     * @return SendResult indicating success or failure
-     */
-    suspend fun send(paramsJson: String?): SendResult {
-        if (!hasTelephonyFeature()) {
-            return errorResult(
-                error = "SMS_UNAVAILABLE: telephony not available",
-            )
-        }
-
-        if (!ensureSmsPermission()) {
-            return errorResult(
-                error = "SMS_PERMISSION_REQUIRED: grant SMS permission",
-            )
-        }
-
-        val parseResult = parseParams(paramsJson, json)
-        if (parseResult is ParseResult.Error) {
-            return errorResult(
-                error = parseResult.error,
-                to = parseResult.to,
-                message = parseResult.message,
-            )
-        }
-        val params = (parseResult as ParseResult.Ok).params
-
-        return try {
-            val smsManager = context.getSystemService(AndroidSmsManager::class.java)
-                ?: throw IllegalStateException("SMS_UNAVAILABLE: SmsManager not available")
-
-            val plan = buildSendPlan(params.message) { smsManager.divideMessage(it) }
-            if (plan.useMultipart) {
-                smsManager.sendMultipartTextMessage(
-                    params.to,     // destination
-                    null,          // service center (null = default)
-                    ArrayList(plan.parts),    // message parts
-                    null,          // sent intents
-                    null,          // delivery intents
-                )
-            } else {
-                smsManager.sendTextMessage(
-                    params.to,     // destination
-                    null,          // service center (null = default)
-                    params.message,// message
-                    null,          // sent intent
-                    null,          // delivery intent
-                )
-            }
-
-            okResult(to = params.to, message = params.message)
-        } catch (e: SecurityException) {
-            errorResult(
-                error = "SMS_PERMISSION_REQUIRED: ${e.message}",
-                to = params.to,
-                message = params.message,
-            )
-        } catch (e: Throwable) {
-            errorResult(
-                error = "SMS_SEND_FAILED: ${e.message ?: "unknown error"}",
-                to = params.to,
-                message = params.message,
-            )
-        }
-    }
-
-    private suspend fun ensureSmsPermission(): Boolean {
-        if (hasSmsPermission()) return true
-        val requester = permissionRequester ?: return false
-        val results = requester.requestIfMissing(listOf(Manifest.permission.SEND_SMS))
-        return results[Manifest.permission.SEND_SMS] == true
-    }
-
-    private fun okResult(to: String, message: String): SendResult {
-        return SendResult(
-            ok = true,
-            to = to,
-            message = message,
-            error = null,
-            payloadJson = buildPayloadJson(json = json, ok = true, to = to, error = null),
-        )
-    }
-
-    private fun errorResult(error: String, to: String = "", message: String? = null): SendResult {
-        return SendResult(
-            ok = false,
-            to = to,
-            message = message,
-            error = error,
-            payloadJson = buildPayloadJson(json = json, ok = false, to = to, error = error),
-        )
-    }
-}
--- a/apps/android/app/src/main/java/com/clawdbot/android/tools/ToolDisplay.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/tools/ToolDisplay.kt
@@ -1,222 +0,0 @@
-package com.clawdbot.android.tools
-
-import android.content.Context
-import kotlinx.serialization.Serializable
-import kotlinx.serialization.json.Json
-import kotlinx.serialization.json.JsonArray
-import kotlinx.serialization.json.JsonElement
-import kotlinx.serialization.json.JsonObject
-import kotlinx.serialization.json.JsonPrimitive
-import kotlinx.serialization.json.contentOrNull
-
-@Serializable
-private data class ToolDisplayActionSpec(
-  val label: String? = null,
-  val detailKeys: List<String>? = null,
-)
-
-@Serializable
-private data class ToolDisplaySpec(
-  val emoji: String? = null,
-  val title: String? = null,
-  val label: String? = null,
-  val detailKeys: List<String>? = null,
-  val actions: Map<String, ToolDisplayActionSpec>? = null,
-)
-
-@Serializable
-private data class ToolDisplayConfig(
-  val version: Int? = null,
-  val fallback: ToolDisplaySpec? = null,
-  val tools: Map<String, ToolDisplaySpec>? = null,
-)
-
-data class ToolDisplaySummary(
-  val name: String,
-  val emoji: String,
-  val title: String,
-  val label: String,
-  val verb: String?,
-  val detail: String?,
-) {
-  val detailLine: String?
-    get() {
-      val parts = mutableListOf<String>()
-      if (!verb.isNullOrBlank()) parts.add(verb)
-      if (!detail.isNullOrBlank()) parts.add(detail)
-      return if (parts.isEmpty()) null else parts.joinToString(" · ")
-    }
-
-  val summaryLine: String
-    get() = if (detailLine != null) "${emoji} ${label}: ${detailLine}" else "${emoji} ${label}"
-}
-
-object ToolDisplayRegistry {
-  private const val CONFIG_ASSET = "tool-display.json"
-
-  private val json = Json { ignoreUnknownKeys = true }
-  @Volatile private var cachedConfig: ToolDisplayConfig? = null
-
-  fun resolve(
-    context: Context,
-    name: String?,
-    args: JsonObject?,
-    meta: String? = null,
-  ): ToolDisplaySummary {
-    val trimmedName = name?.trim().orEmpty().ifEmpty { "tool" }
-    val key = trimmedName.lowercase()
-    val config = loadConfig(context)
-    val spec = config.tools?.get(key)
-    val fallback = config.fallback
-
-    val emoji = spec?.emoji ?: fallback?.emoji ?: "🧩"
-    val title = spec?.title ?: titleFromName(trimmedName)
-    val label = spec?.label ?: trimmedName
-
-    val actionRaw = args?.get("action")?.asStringOrNull()?.trim()
-    val action = actionRaw?.takeIf { it.isNotEmpty() }
-    val actionSpec = action?.let { spec?.actions?.get(it) }
-    val verb = normalizeVerb(actionSpec?.label ?: action)
-
-    var detail: String? = null
-    if (key == "read") {
-      detail = readDetail(args)
-    } else if (key == "write" || key == "edit" || key == "attach") {
-      detail = pathDetail(args)
-    }
-
-    val detailKeys = actionSpec?.detailKeys ?: spec?.detailKeys ?: fallback?.detailKeys ?: emptyList()
-    if (detail == null) {
-      detail = firstValue(args, detailKeys)
-    }
-
-    if (detail == null) {
-      detail = meta
-    }
-
-    if (detail != null) {
-      detail = shortenHomeInString(detail)
-    }
-
-    return ToolDisplaySummary(
-      name = trimmedName,
-      emoji = emoji,
-      title = title,
-      label = label,
-      verb = verb,
-      detail = detail,
-    )
-  }
-
-  private fun loadConfig(context: Context): ToolDisplayConfig {
-    val existing = cachedConfig
-    if (existing != null) return existing
-    return try {
-      val jsonString = context.assets.open(CONFIG_ASSET).bufferedReader().use { it.readText() }
-      val decoded = json.decodeFromString(ToolDisplayConfig.serializer(), jsonString)
-      cachedConfig = decoded
-      decoded
-    } catch (_: Throwable) {
-      val fallback = ToolDisplayConfig()
-      cachedConfig = fallback
-      fallback
-    }
-  }
-
-  private fun titleFromName(name: String): String {
-    val cleaned = name.replace("_", " ").trim()
-    if (cleaned.isEmpty()) return "Tool"
-    return cleaned
-      .split(Regex("\\s+"))
-      .joinToString(" ") { part ->
-        val upper = part.uppercase()
-        if (part.length <= 2 && part == upper) part
-        else upper.firstOrNull()?.toString().orEmpty() + part.lowercase().drop(1)
-      }
-  }
-
-  private fun normalizeVerb(value: String?): String? {
-    val trimmed = value?.trim().orEmpty()
-    if (trimmed.isEmpty()) return null
-    return trimmed.replace("_", " ")
-  }
-
-  private fun readDetail(args: JsonObject?): String? {
-    val path = args?.get("path")?.asStringOrNull() ?: return null
-    val offset = args["offset"].asNumberOrNull()
-    val limit = args["limit"].asNumberOrNull()
-    return if (offset != null && limit != null) {
-      val end = offset + limit
-      "${path}:${offset.toInt()}-${end.toInt()}"
-    } else {
-      path
-    }
-  }
-
-  private fun pathDetail(args: JsonObject?): String? {
-    return args?.get("path")?.asStringOrNull()
-  }
-
-  private fun firstValue(args: JsonObject?, keys: List<String>): String? {
-    for (key in keys) {
-      val value = valueForPath(args, key)
-      val rendered = renderValue(value)
-      if (!rendered.isNullOrBlank()) return rendered
-    }
-    return null
-  }
-
-  private fun valueForPath(args: JsonObject?, path: String): JsonElement? {
-    var current: JsonElement? = args
-    for (segment in path.split(".")) {
-      if (segment.isBlank()) return null
-      val obj = current as? JsonObject ?: return null
-      current = obj[segment]
-    }
-    return current
-  }
-
-  private fun renderValue(value: JsonElement?): String? {
-    if (value == null) return null
-    if (value is JsonPrimitive) {
-      if (value.isString) {
-        val trimmed = value.contentOrNull?.trim().orEmpty()
-        if (trimmed.isEmpty()) return null
-        val firstLine = trimmed.lineSequence().firstOrNull()?.trim().orEmpty()
-        if (firstLine.isEmpty()) return null
-        return if (firstLine.length > 160) "${firstLine.take(157)}…" else firstLine
-      }
-      val raw = value.contentOrNull?.trim().orEmpty()
-      raw.toBooleanStrictOrNull()?.let { return it.toString() }
-      raw.toLongOrNull()?.let { return it.toString() }
-      raw.toDoubleOrNull()?.let { return it.toString() }
-    }
-    if (value is JsonArray) {
-      val items = value.mapNotNull { renderValue(it) }
-      if (items.isEmpty()) return null
-      val preview = items.take(3).joinToString(", ")
-      return if (items.size > 3) "${preview}…" else preview
-    }
-    return null
-  }
-
-  private fun shortenHomeInString(value: String): String {
-    val home = System.getProperty("user.home")?.takeIf { it.isNotBlank() }
-      ?: System.getenv("HOME")?.takeIf { it.isNotBlank() }
-    if (home.isNullOrEmpty()) return value
-    return value.replace(home, "~")
-      .replace(Regex("/Users/[^/]+"), "~")
-      .replace(Regex("/home/[^/]+"), "~")
-  }
-
-  private fun JsonElement?.asStringOrNull(): String? {
-    val primitive = this as? JsonPrimitive ?: return null
-    return if (primitive.isString) primitive.contentOrNull else primitive.toString()
-  }
-
-  private fun JsonElement?.asNumberOrNull(): Double? {
-    val primitive = this as? JsonPrimitive ?: return null
-    val raw = primitive.contentOrNull ?: return null
-    return raw.toDoubleOrNull()
-  }
-}
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/CameraHudState.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/CameraHudState.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android
+package com.steipete.clawdis.node

 enum class CameraHudKind {
  Photo,
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/DeviceNames.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/DeviceNames.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android
+package com.steipete.clawdis.node

 import android.content.Context
 import android.os.Build
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/MainActivity.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/MainActivity.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android
+package com.steipete.clawdis.node

 import android.Manifest
 import android.content.pm.ApplicationInfo
@@ -18,8 +18,8 @@ import androidx.core.view.WindowInsetsControllerCompat
 import androidx.lifecycle.Lifecycle
 import androidx.lifecycle.lifecycleScope
 import androidx.lifecycle.repeatOnLifecycle
-import com.clawdbot.android.ui.RootScreen
-import com.clawdbot.android.ui.ClawdbotTheme
+import com.steipete.clawdis.node.ui.RootScreen
+import com.steipete.clawdis.node.ui.ClawdisTheme
 import kotlinx.coroutines.launch

 class MainActivity : ComponentActivity() {
@@ -39,7 +39,6 @@ class MainActivity : ComponentActivity() {
    screenCaptureRequester = ScreenCaptureRequester(this)
    viewModel.camera.attachLifecycleOwner(this)
    viewModel.camera.attachPermissionRequester(permissionRequester)
-    viewModel.sms.attachPermissionRequester(permissionRequester)
    viewModel.screenRecorder.attachScreenCaptureRequester(screenCaptureRequester)
    viewModel.screenRecorder.attachPermissionRequester(permissionRequester)

@@ -56,7 +55,7 @@ class MainActivity : ComponentActivity() {
    }

    setContent {
-      ClawdbotTheme {
+      ClawdisTheme {
        Surface(modifier = Modifier) {
          RootScreen(viewModel = viewModel)
        }
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/MainViewModel.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/MainViewModel.kt
@@ -1,13 +1,12 @@
-package com.clawdbot.android
+package com.steipete.clawdis.node

 import android.app.Application
 import androidx.lifecycle.AndroidViewModel
-import com.clawdbot.android.gateway.GatewayEndpoint
-import com.clawdbot.android.chat.OutgoingAttachment
-import com.clawdbot.android.node.CameraCaptureManager
-import com.clawdbot.android.node.CanvasController
-import com.clawdbot.android.node.ScreenRecordManager
-import com.clawdbot.android.node.SmsManager
+import com.steipete.clawdis.node.bridge.BridgeEndpoint
+import com.steipete.clawdis.node.chat.OutgoingAttachment
+import com.steipete.clawdis.node.node.CameraCaptureManager
+import com.steipete.clawdis.node.node.CanvasController
+import com.steipete.clawdis.node.node.ScreenRecordManager
 import kotlinx.coroutines.flow.StateFlow

 class MainViewModel(app: Application) : AndroidViewModel(app) {
@@ -16,9 +15,8 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
  val canvas: CanvasController = runtime.canvas
  val camera: CameraCaptureManager = runtime.camera
  val screenRecorder: ScreenRecordManager = runtime.screenRecorder
-  val sms: SmsManager = runtime.sms

-  val gateways: StateFlow<List<GatewayEndpoint>> = runtime.gateways
+  val bridges: StateFlow<List<BridgeEndpoint>> = runtime.bridges
  val discoveryStatusText: StateFlow<String> = runtime.discoveryStatusText

  val isConnected: StateFlow<Boolean> = runtime.isConnected
@@ -27,7 +25,6 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
  val remoteAddress: StateFlow<String?> = runtime.remoteAddress
  val isForeground: StateFlow<Boolean> = runtime.isForeground
  val seamColorArgb: StateFlow<Long> = runtime.seamColorArgb
-  val mainSessionKey: StateFlow<String> = runtime.mainSessionKey

  val cameraHud: StateFlow<CameraHudState?> = runtime.cameraHud
  val cameraFlashToken: StateFlow<Long> = runtime.cameraFlashToken
@@ -36,8 +33,6 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
  val instanceId: StateFlow<String> = runtime.instanceId
  val displayName: StateFlow<String> = runtime.displayName
  val cameraEnabled: StateFlow<Boolean> = runtime.cameraEnabled
-  val locationMode: StateFlow<LocationMode> = runtime.locationMode
-  val locationPreciseEnabled: StateFlow<Boolean> = runtime.locationPreciseEnabled
  val preventSleep: StateFlow<Boolean> = runtime.preventSleep
  val wakeWords: StateFlow<List<String>> = runtime.wakeWords
  val voiceWakeMode: StateFlow<VoiceWakeMode> = runtime.voiceWakeMode
@@ -50,7 +45,6 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
  val manualEnabled: StateFlow<Boolean> = runtime.manualEnabled
  val manualHost: StateFlow<String> = runtime.manualHost
  val manualPort: StateFlow<Int> = runtime.manualPort
-  val manualTls: StateFlow<Boolean> = runtime.manualTls
  val canvasDebugStatusEnabled: StateFlow<Boolean> = runtime.canvasDebugStatusEnabled

  val chatSessionKey: StateFlow<String> = runtime.chatSessionKey
@@ -76,14 +70,6 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
    runtime.setCameraEnabled(value)
  }

-  fun setLocationMode(mode: LocationMode) {
-    runtime.setLocationMode(mode)
-  }
-
-  fun setLocationPreciseEnabled(value: Boolean) {
-    runtime.setLocationPreciseEnabled(value)
-  }
-
  fun setPreventSleep(value: Boolean) {
    runtime.setPreventSleep(value)
  }
@@ -100,10 +86,6 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
    runtime.setManualPort(value)
  }

-  fun setManualTls(value: Boolean) {
-    runtime.setManualTls(value)
-  }
-
  fun setCanvasDebugStatusEnabled(value: Boolean) {
    runtime.setCanvasDebugStatusEnabled(value)
  }
@@ -124,11 +106,7 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
    runtime.setTalkEnabled(enabled)
  }

-  fun refreshGatewayConnection() {
-    runtime.refreshGatewayConnection()
-  }
-
-  fun connect(endpoint: GatewayEndpoint) {
+  fun connect(endpoint: BridgeEndpoint) {
    runtime.connect(endpoint)
  }

@@ -144,7 +122,7 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
    runtime.handleCanvasA2UIActionFromWebView(payloadJson)
  }

-  fun loadChat(sessionKey: String) {
+  fun loadChat(sessionKey: String = "main") {
    runtime.loadChat(sessionKey)
  }

--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/NodeApp.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/NodeApp.kt
@@ -0,0 +1,8 @@
+package com.steipete.clawdis.node
+
+import android.app.Application
+
+class NodeApp : Application() {
+  val runtime: NodeRuntime by lazy { NodeRuntime(this) }
+}
+
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/NodeForegroundService.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/NodeForegroundService.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android
+package com.steipete.clawdis.node

 import android.app.Notification
 import android.app.NotificationChannel
@@ -29,7 +29,7 @@ class NodeForegroundService : Service() {
  override fun onCreate() {
    super.onCreate()
    ensureChannel()
-    val initial = buildNotification(title = "Clawdbot Node", text = "Starting…")
+    val initial = buildNotification(title = "Clawdis Node", text = "Starting…")
    startForegroundWithTypes(notification = initial, requiresMic = false)

    val runtime = (application as NodeApp).runtime
@@ -44,7 +44,7 @@ class NodeForegroundService : Service() {
        ) { status, server, connected, voiceMode, voiceListening ->
          Quint(status, server, connected, voiceMode, voiceListening)
        }.collect { (status, server, connected, voiceMode, voiceListening) ->
-          val title = if (connected) "Clawdbot Node · Connected" else "Clawdbot Node"
+          val title = if (connected) "Clawdis Node · Connected" else "Clawdis Node"
          val voiceSuffix =
            if (voiceMode == VoiceWakeMode.Always) {
              if (voiceListening) " · Voice Wake: Listening" else " · Voice Wake: Paused"
@@ -91,38 +91,21 @@ class NodeForegroundService : Service() {
        "Connection",
        NotificationManager.IMPORTANCE_LOW,
      ).apply {
-        description = "Clawdbot node connection status"
+        description = "Clawdis node connection status"
        setShowBadge(false)
      }
    mgr.createNotificationChannel(channel)
  }

  private fun buildNotification(title: String, text: String): Notification {
-    val launchIntent = Intent(this, MainActivity::class.java).apply {
-      flags = Intent.FLAG_ACTIVITY_SINGLE_TOP or Intent.FLAG_ACTIVITY_CLEAR_TOP
-    }
-    val launchPending =
-      PendingIntent.getActivity(
-        this,
-        1,
-        launchIntent,
-        PendingIntent.FLAG_UPDATE_CURRENT or PendingIntent.FLAG_IMMUTABLE,
-      )
-
    val stopIntent = Intent(this, NodeForegroundService::class.java).setAction(ACTION_STOP)
-    val stopPending =
-      PendingIntent.getService(
-        this,
-        2,
-        stopIntent,
-        PendingIntent.FLAG_UPDATE_CURRENT or PendingIntent.FLAG_IMMUTABLE,
-      )
+    val flags = PendingIntent.FLAG_UPDATE_CURRENT or PendingIntent.FLAG_IMMUTABLE
+    val stopPending = PendingIntent.getService(this, 2, stopIntent, flags)

    return NotificationCompat.Builder(this, CHANNEL_ID)
      .setSmallIcon(R.mipmap.ic_launcher)
      .setContentTitle(title)
      .setContentText(text)
-      .setContentIntent(launchPending)
      .setOngoing(true)
      .setOnlyAlertOnce(true)
      .setForegroundServiceBehavior(NotificationCompat.FOREGROUND_SERVICE_IMMEDIATE)
@@ -163,7 +146,7 @@ class NodeForegroundService : Service() {
    private const val CHANNEL_ID = "connection"
    private const val NOTIFICATION_ID = 1

-    private const val ACTION_STOP = "com.clawdbot.android.action.STOP"
+    private const val ACTION_STOP = "com.steipete.clawdis.node.action.STOP"

    fun start(context: Context) {
      val intent = Intent(context, NodeForegroundService::class.java)
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/NodeRuntime.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/NodeRuntime.kt
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/PermissionRequester.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/PermissionRequester.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android
+package com.steipete.clawdis.node

 import android.content.pm.PackageManager
 import android.content.Intent
@@ -115,7 +115,7 @@ class PermissionRequester(private val activity: ComponentActivity) {

  private fun buildRationaleMessage(permissions: List<String>): String {
    val labels = permissions.map { permissionLabel(it) }
-    return "Clawdbot needs ${labels.joinToString(", ")} permissions to continue."
+    return "Clawdis needs ${labels.joinToString(", ")} to capture camera media."
  }

  private fun buildSettingsMessage(permissions: List<String>): String {
@@ -127,7 +127,6 @@ class PermissionRequester(private val activity: ComponentActivity) {
    when (permission) {
      Manifest.permission.CAMERA -> "Camera"
      Manifest.permission.RECORD_AUDIO -> "Microphone"
-      Manifest.permission.SEND_SMS -> "SMS"
      else -> permission
    }
 }
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ScreenCaptureRequester.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ScreenCaptureRequester.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android
+package com.steipete.clawdis.node

 import android.app.Activity
 import android.content.Context
@@ -55,7 +55,7 @@ class ScreenCaptureRequester(private val activity: ComponentActivity) {
      suspendCancellableCoroutine { cont ->
        AlertDialog.Builder(activity)
          .setTitle("Screen recording required")
-          .setMessage("Clawdbot needs to record the screen for this command.")
+          .setMessage("Clawdis needs to record the screen for this command.")
          .setPositiveButton("Continue") { _, _ -> cont.resume(true) }
          .setNegativeButton("Not now") { _, _ -> cont.resume(false) }
          .setOnCancelListener { cont.resume(false) }
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/SecurePrefs.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/SecurePrefs.kt
@@ -1,6 +1,6 @@
@file:Suppress("DEPRECATION")

-package com.clawdbot.android
+package com.steipete.clawdis.node

 import android.content.Context
 import androidx.core.content.edit
@@ -31,7 +31,7 @@ class SecurePrefs(context: Context) {
  private val prefs =
    EncryptedSharedPreferences.create(
      context,
-      "clawdbot.node.secure",
+      "clawdis.node.secure",
      masterKey,
      EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
      EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM,
@@ -47,41 +47,20 @@ class SecurePrefs(context: Context) {
  private val _cameraEnabled = MutableStateFlow(prefs.getBoolean("camera.enabled", true))
  val cameraEnabled: StateFlow<Boolean> = _cameraEnabled

-  private val _locationMode =
-    MutableStateFlow(LocationMode.fromRawValue(prefs.getString("location.enabledMode", "off")))
-  val locationMode: StateFlow<LocationMode> = _locationMode
-
-  private val _locationPreciseEnabled =
-    MutableStateFlow(prefs.getBoolean("location.preciseEnabled", true))
-  val locationPreciseEnabled: StateFlow<Boolean> = _locationPreciseEnabled
-
  private val _preventSleep = MutableStateFlow(prefs.getBoolean("screen.preventSleep", true))
  val preventSleep: StateFlow<Boolean> = _preventSleep

-  private val _manualEnabled =
-    MutableStateFlow(readBoolWithMigration("gateway.manual.enabled", "bridge.manual.enabled", false))
+  private val _manualEnabled = MutableStateFlow(prefs.getBoolean("bridge.manual.enabled", false))
  val manualEnabled: StateFlow<Boolean> = _manualEnabled

-  private val _manualHost =
-    MutableStateFlow(readStringWithMigration("gateway.manual.host", "bridge.manual.host", ""))
+  private val _manualHost = MutableStateFlow(prefs.getString("bridge.manual.host", "")!!)
  val manualHost: StateFlow<String> = _manualHost

-  private val _manualPort =
-    MutableStateFlow(readIntWithMigration("gateway.manual.port", "bridge.manual.port", 18789))
+  private val _manualPort = MutableStateFlow(prefs.getInt("bridge.manual.port", 18790))
  val manualPort: StateFlow<Int> = _manualPort

-  private val _manualTls =
-    MutableStateFlow(readBoolWithMigration("gateway.manual.tls", null, true))
-  val manualTls: StateFlow<Boolean> = _manualTls
-
  private val _lastDiscoveredStableId =
-    MutableStateFlow(
-      readStringWithMigration(
-        "gateway.lastDiscoveredStableID",
-        "bridge.lastDiscoveredStableId",
-        "",
-      ),
-    )
+    MutableStateFlow(prefs.getString("bridge.lastDiscoveredStableId", "")!!)
  val lastDiscoveredStableId: StateFlow<String> = _lastDiscoveredStableId

  private val _canvasDebugStatusEnabled =
@@ -99,7 +78,7 @@ class SecurePrefs(context: Context) {

  fun setLastDiscoveredStableId(value: String) {
    val trimmed = value.trim()
-    prefs.edit { putString("gateway.lastDiscoveredStableID", trimmed) }
+    prefs.edit { putString("bridge.lastDiscoveredStableId", trimmed) }
    _lastDiscoveredStableId.value = trimmed
  }

@@ -114,91 +93,40 @@ class SecurePrefs(context: Context) {
    _cameraEnabled.value = value
  }

-  fun setLocationMode(mode: LocationMode) {
-    prefs.edit { putString("location.enabledMode", mode.rawValue) }
-    _locationMode.value = mode
-  }
-
-  fun setLocationPreciseEnabled(value: Boolean) {
-    prefs.edit { putBoolean("location.preciseEnabled", value) }
-    _locationPreciseEnabled.value = value
-  }
-
  fun setPreventSleep(value: Boolean) {
    prefs.edit { putBoolean("screen.preventSleep", value) }
    _preventSleep.value = value
  }

  fun setManualEnabled(value: Boolean) {
-    prefs.edit { putBoolean("gateway.manual.enabled", value) }
+    prefs.edit { putBoolean("bridge.manual.enabled", value) }
    _manualEnabled.value = value
  }

  fun setManualHost(value: String) {
    val trimmed = value.trim()
-    prefs.edit { putString("gateway.manual.host", trimmed) }
+    prefs.edit { putString("bridge.manual.host", trimmed) }
    _manualHost.value = trimmed
  }

  fun setManualPort(value: Int) {
-    prefs.edit { putInt("gateway.manual.port", value) }
+    prefs.edit { putInt("bridge.manual.port", value) }
    _manualPort.value = value
  }

-  fun setManualTls(value: Boolean) {
-    prefs.edit { putBoolean("gateway.manual.tls", value) }
-    _manualTls.value = value
-  }
-
  fun setCanvasDebugStatusEnabled(value: Boolean) {
    prefs.edit { putBoolean("canvas.debugStatusEnabled", value) }
    _canvasDebugStatusEnabled.value = value
  }

-  fun loadGatewayToken(): String? {
-    val key = "gateway.token.${_instanceId.value}"
-    val stored = prefs.getString(key, null)?.trim()
-    if (!stored.isNullOrEmpty()) return stored
-    val legacy = prefs.getString("bridge.token.${_instanceId.value}", null)?.trim()
-    return legacy?.takeIf { it.isNotEmpty() }
-  }
-
-  fun saveGatewayToken(token: String) {
-    val key = "gateway.token.${_instanceId.value}"
-    prefs.edit { putString(key, token.trim()) }
-  }
-
-  fun loadGatewayPassword(): String? {
-    val key = "gateway.password.${_instanceId.value}"
-    val stored = prefs.getString(key, null)?.trim()
-    return stored?.takeIf { it.isNotEmpty() }
-  }
-
-  fun saveGatewayPassword(password: String) {
-    val key = "gateway.password.${_instanceId.value}"
-    prefs.edit { putString(key, password.trim()) }
-  }
-
-  fun loadGatewayTlsFingerprint(stableId: String): String? {
-    val key = "gateway.tls.$stableId"
-    return prefs.getString(key, null)?.trim()?.takeIf { it.isNotEmpty() }
-  }
-
-  fun saveGatewayTlsFingerprint(stableId: String, fingerprint: String) {
-    val key = "gateway.tls.$stableId"
-    prefs.edit { putString(key, fingerprint.trim()) }
-  }
-
-  fun getString(key: String): String? {
+  fun loadBridgeToken(): String? {
+    val key = "bridge.token.${_instanceId.value}"
    return prefs.getString(key, null)
  }

-  fun putString(key: String, value: String) {
-    prefs.edit { putString(key, value) }
-  }
-
-  fun remove(key: String) {
-    prefs.edit { remove(key) }
+  fun saveBridgeToken(token: String) {
+    val key = "bridge.token.${_instanceId.value}"
+    prefs.edit { putString(key, token.trim()) }
  }

  private fun loadOrCreateInstanceId(): String {
@@ -269,40 +197,4 @@ class SecurePrefs(context: Context) {
      defaultWakeWords
    }
  }
-
-  private fun readBoolWithMigration(newKey: String, oldKey: String?, defaultValue: Boolean): Boolean {
-    if (prefs.contains(newKey)) {
-      return prefs.getBoolean(newKey, defaultValue)
-    }
-    if (oldKey != null && prefs.contains(oldKey)) {
-      val value = prefs.getBoolean(oldKey, defaultValue)
-      prefs.edit { putBoolean(newKey, value) }
-      return value
-    }
-    return defaultValue
-  }
-
-  private fun readStringWithMigration(newKey: String, oldKey: String?, defaultValue: String): String {
-    if (prefs.contains(newKey)) {
-      return prefs.getString(newKey, defaultValue) ?: defaultValue
-    }
-    if (oldKey != null && prefs.contains(oldKey)) {
-      val value = prefs.getString(oldKey, defaultValue) ?: defaultValue
-      prefs.edit { putString(newKey, value) }
-      return value
-    }
-    return defaultValue
-  }
-
-  private fun readIntWithMigration(newKey: String, oldKey: String?, defaultValue: Int): Int {
-    if (prefs.contains(newKey)) {
-      return prefs.getInt(newKey, defaultValue)
-    }
-    if (oldKey != null && prefs.contains(oldKey)) {
-      val value = prefs.getInt(oldKey, defaultValue)
-      prefs.edit { putInt(newKey, value) }
-      return value
-    }
-    return defaultValue
-  }
 }
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/VoiceWakeMode.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/VoiceWakeMode.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android
+package com.steipete.clawdis.node

 enum class VoiceWakeMode(val rawValue: String) {
  Off("off"),
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/WakeWords.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/WakeWords.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android
+package com.steipete.clawdis.node

 object WakeWords {
  const val maxWords: Int = 32
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BonjourEscapes.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BonjourEscapes.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.gateway
+package com.steipete.clawdis.node.bridge

 object BonjourEscapes {
  fun decode(input: String): String {
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgeDiscovery.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgeDiscovery.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.gateway
+package com.steipete.clawdis.node.bridge

 import android.content.Context
 import android.net.ConnectivityManager
@@ -44,21 +44,21 @@ import kotlin.coroutines.resume
 import kotlin.coroutines.resumeWithException

@Suppress("DEPRECATION")
-class GatewayDiscovery(
+class BridgeDiscovery(
  context: Context,
  private val scope: CoroutineScope,
 ) {
  private val nsd = context.getSystemService(NsdManager::class.java)
  private val connectivity = context.getSystemService(ConnectivityManager::class.java)
  private val dns = DnsResolver.getInstance()
-  private val serviceType = "_clawdbot-gw._tcp."
-  private val wideAreaDomain = "clawdbot.internal."
-  private val logTag = "Clawdbot/GatewayDiscovery"
+  private val serviceType = "_clawdis-bridge._tcp."
+  private val wideAreaDomain = "clawdis.internal."
+  private val logTag = "Clawdis/BridgeDiscovery"

-  private val localById = ConcurrentHashMap<String, GatewayEndpoint>()
-  private val unicastById = ConcurrentHashMap<String, GatewayEndpoint>()
-  private val _gateways = MutableStateFlow<List<GatewayEndpoint>>(emptyList())
-  val gateways: StateFlow<List<GatewayEndpoint>> = _gateways.asStateFlow()
+  private val localById = ConcurrentHashMap<String, BridgeEndpoint>()
+  private val unicastById = ConcurrentHashMap<String, BridgeEndpoint>()
+  private val _bridges = MutableStateFlow<List<BridgeEndpoint>>(emptyList())
+  val bridges: StateFlow<List<BridgeEndpoint>> = _bridges.asStateFlow()

  private val _statusText = MutableStateFlow("Searching…")
  val statusText: StateFlow<String> = _statusText.asStateFlow()
@@ -77,7 +77,7 @@ class GatewayDiscovery(
      override fun onDiscoveryStopped(serviceType: String) {}

      override fun onServiceFound(serviceInfo: NsdServiceInfo) {
-        if (serviceInfo.serviceType != this@GatewayDiscovery.serviceType) return
+        if (serviceInfo.serviceType != this@BridgeDiscovery.serviceType) return
        resolve(serviceInfo)
      }

@@ -141,12 +141,11 @@ class GatewayDiscovery(
        val lanHost = txt(resolved, "lanHost")
        val tailnetDns = txt(resolved, "tailnetDns")
        val gatewayPort = txtInt(resolved, "gatewayPort")
+        val bridgePort = txtInt(resolved, "bridgePort")
        val canvasPort = txtInt(resolved, "canvasPort")
-        val tlsEnabled = txtBool(resolved, "gatewayTls")
-        val tlsFingerprint = txt(resolved, "gatewayTlsSha256")
        val id = stableId(serviceName, "local.")
        localById[id] =
-          GatewayEndpoint(
+          BridgeEndpoint(
            stableId = id,
            name = displayName,
            host = host,
@@ -154,9 +153,8 @@ class GatewayDiscovery(
            lanHost = lanHost,
            tailnetDns = tailnetDns,
            gatewayPort = gatewayPort,
+            bridgePort = bridgePort,
            canvasPort = canvasPort,
-            tlsEnabled = tlsEnabled,
-            tlsFingerprintSha256 = tlsFingerprint,
          )
        publish()
      }
@@ -165,7 +163,7 @@ class GatewayDiscovery(
  }

  private fun publish() {
-    _gateways.value =
+    _bridges.value =
      (localById.values + unicastById.values).sortedBy { it.name.lowercase() }
    _statusText.value = buildStatusText()
  }
@@ -184,7 +182,7 @@ class GatewayDiscovery(
      }

    return when {
-      localCount == 0 && wideRcode == null -> "Searching for gateways…"
+      localCount == 0 && wideRcode == null -> "Searching for bridges…"
      localCount == 0 -> "$wide"
      else -> "Local: $localCount • $wide"
    }
@@ -211,17 +209,12 @@ class GatewayDiscovery(
    return txt(info, key)?.toIntOrNull()
  }

-  private fun txtBool(info: NsdServiceInfo, key: String): Boolean {
-    val raw = txt(info, key)?.trim()?.lowercase() ?: return false
-    return raw == "1" || raw == "true" || raw == "yes"
-  }
-
  private suspend fun refreshUnicast(domain: String) {
    val ptrName = "${serviceType}${domain}"
    val ptrMsg = lookupUnicastMessage(ptrName, Type.PTR) ?: return
    val ptrRecords = records(ptrMsg, Section.ANSWER).mapNotNull { it as? PTRRecord }

-    val next = LinkedHashMap<String, GatewayEndpoint>()
+    val next = LinkedHashMap<String, BridgeEndpoint>()
    for (ptr in ptrRecords) {
      val instanceFqdn = ptr.target.toString()
      val srv =
@@ -257,12 +250,11 @@ class GatewayDiscovery(
      val lanHost = txtValue(txt, "lanHost")
      val tailnetDns = txtValue(txt, "tailnetDns")
      val gatewayPort = txtIntValue(txt, "gatewayPort")
+      val bridgePort = txtIntValue(txt, "bridgePort")
      val canvasPort = txtIntValue(txt, "canvasPort")
-      val tlsEnabled = txtBoolValue(txt, "gatewayTls")
-      val tlsFingerprint = txtValue(txt, "gatewayTlsSha256")
      val id = stableId(instanceName, domain)
      next[id] =
-        GatewayEndpoint(
+        BridgeEndpoint(
          stableId = id,
          name = displayName,
          host = host,
@@ -270,9 +262,8 @@ class GatewayDiscovery(
          lanHost = lanHost,
          tailnetDns = tailnetDns,
          gatewayPort = gatewayPort,
+          bridgePort = bridgePort,
          canvasPort = canvasPort,
-          tlsEnabled = tlsEnabled,
-          tlsFingerprintSha256 = tlsFingerprint,
        )
    }

@@ -483,11 +474,6 @@ class GatewayDiscovery(
    return txtValue(records, key)?.toIntOrNull()
  }

-  private fun txtBoolValue(records: List<TXTRecord>, key: String): Boolean {
-    val raw = txtValue(records, key)?.trim()?.lowercase() ?: return false
-    return raw == "1" || raw == "true" || raw == "yes"
-  }
-
  private fun decodeDnsTxtString(raw: String): String {
    // dnsjava treats TXT as opaque bytes and decodes as ISO-8859-1 to preserve bytes.
    // Our TXT payload is UTF-8 (written by the gateway), so re-decode when possible.
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgeEndpoint.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgeEndpoint.kt
@@ -0,0 +1,23 @@
+package com.steipete.clawdis.node.bridge
+
+data class BridgeEndpoint(
+  val stableId: String,
+  val name: String,
+  val host: String,
+  val port: Int,
+  val lanHost: String? = null,
+  val tailnetDns: String? = null,
+  val gatewayPort: Int? = null,
+  val bridgePort: Int? = null,
+  val canvasPort: Int? = null,
+) {
+  companion object {
+    fun manual(host: String, port: Int): BridgeEndpoint =
+      BridgeEndpoint(
+        stableId = "manual|$host|$port",
+        name = "$host:$port",
+        host = host,
+        port = port,
+      )
+  }
+}
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgePairingClient.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgePairingClient.kt
@@ -0,0 +1,131 @@
+package com.steipete.clawdis.node.bridge
+
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.withContext
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonArray
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonPrimitive
+import kotlinx.serialization.json.JsonNull
+import kotlinx.serialization.json.JsonElement
+import kotlinx.serialization.json.buildJsonObject
+import java.io.BufferedReader
+import java.io.BufferedWriter
+import java.io.InputStreamReader
+import java.io.OutputStreamWriter
+import java.net.InetSocketAddress
+import java.net.Socket
+
+class BridgePairingClient {
+  private val json = Json { ignoreUnknownKeys = true }
+
+  data class Hello(
+    val nodeId: String,
+    val displayName: String?,
+    val token: String?,
+    val platform: String?,
+    val version: String?,
+    val deviceFamily: String?,
+    val modelIdentifier: String?,
+    val caps: List<String>?,
+    val commands: List<String>?,
+  )
+
+  data class PairResult(val ok: Boolean, val token: String?, val error: String? = null)
+
+  suspend fun pairAndHello(endpoint: BridgeEndpoint, hello: Hello): PairResult =
+    withContext(Dispatchers.IO) {
+      val socket = Socket()
+      socket.tcpNoDelay = true
+      socket.connect(InetSocketAddress(endpoint.host, endpoint.port), 8_000)
+      socket.soTimeout = 60_000
+
+      val reader = BufferedReader(InputStreamReader(socket.getInputStream(), Charsets.UTF_8))
+      val writer = BufferedWriter(OutputStreamWriter(socket.getOutputStream(), Charsets.UTF_8))
+
+      fun send(line: String) {
+        writer.write(line)
+        writer.write("\n")
+        writer.flush()
+      }
+
+      fun sendJson(obj: JsonObject) = send(obj.toString())
+
+      try {
+        sendJson(
+          buildJsonObject {
+            put("type", JsonPrimitive("hello"))
+            put("nodeId", JsonPrimitive(hello.nodeId))
+            hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
+            hello.token?.let { put("token", JsonPrimitive(it)) }
+            hello.platform?.let { put("platform", JsonPrimitive(it)) }
+            hello.version?.let { put("version", JsonPrimitive(it)) }
+            hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
+            hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
+            hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
+            hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
+          },
+        )
+
+        val firstObj = json.parseToJsonElement(reader.readLine()).asObjectOrNull()
+          ?: return@withContext PairResult(ok = false, token = null, error = "unexpected bridge response")
+        when (firstObj["type"].asStringOrNull()) {
+          "hello-ok" -> PairResult(ok = true, token = hello.token)
+          "error" -> {
+            val code = firstObj["code"].asStringOrNull() ?: "UNAVAILABLE"
+            val message = firstObj["message"].asStringOrNull() ?: "pairing required"
+            if (code != "NOT_PAIRED" && code != "UNAUTHORIZED") {
+              return@withContext PairResult(ok = false, token = null, error = "$code: $message")
+            }
+
+            sendJson(
+              buildJsonObject {
+                put("type", JsonPrimitive("pair-request"))
+                put("nodeId", JsonPrimitive(hello.nodeId))
+                hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
+                hello.platform?.let { put("platform", JsonPrimitive(it)) }
+                hello.version?.let { put("version", JsonPrimitive(it)) }
+                hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
+                hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
+                hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
+                hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
+              },
+            )
+
+            while (true) {
+              val nextLine = reader.readLine() ?: break
+              val next = json.parseToJsonElement(nextLine).asObjectOrNull() ?: continue
+              when (next["type"].asStringOrNull()) {
+                "pair-ok" -> {
+                  val token = next["token"].asStringOrNull()
+                  return@withContext PairResult(ok = !token.isNullOrBlank(), token = token)
+                }
+                "error" -> {
+                  val c = next["code"].asStringOrNull() ?: "UNAVAILABLE"
+                  val m = next["message"].asStringOrNull() ?: "pairing failed"
+                  return@withContext PairResult(ok = false, token = null, error = "$c: $m")
+                }
+              }
+            }
+            PairResult(ok = false, token = null, error = "pairing failed")
+          }
+          else -> PairResult(ok = false, token = null, error = "unexpected bridge response")
+        }
+      } finally {
+        try {
+          socket.close()
+        } catch (_: Throwable) {
+          // ignore
+        }
+      }
+    }
+}
+
+private fun JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
+
+private fun JsonElement?.asStringOrNull(): String? =
+  when (this) {
+    is JsonNull -> null
+    is JsonPrimitive -> content
+    else -> null
+  }
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgeSession.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/bridge/BridgeSession.kt
@@ -0,0 +1,362 @@
+package com.steipete.clawdis.node.bridge
+
+import kotlinx.coroutines.CompletableDeferred
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.Job
+import kotlinx.coroutines.cancelAndJoin
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.isActive
+import kotlinx.coroutines.launch
+import kotlinx.coroutines.sync.Mutex
+import kotlinx.coroutines.sync.withLock
+import kotlinx.coroutines.withContext
+import com.steipete.clawdis.node.BuildConfig
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonArray
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonNull
+import kotlinx.serialization.json.JsonElement
+import kotlinx.serialization.json.JsonPrimitive
+import kotlinx.serialization.json.buildJsonObject
+import java.io.BufferedReader
+import java.io.BufferedWriter
+import java.io.InputStreamReader
+import java.io.OutputStreamWriter
+import java.net.InetSocketAddress
+import java.net.URI
+import java.net.Socket
+import java.util.UUID
+import java.util.concurrent.ConcurrentHashMap
+
+class BridgeSession(
+  private val scope: CoroutineScope,
+  private val onConnected: (serverName: String, remoteAddress: String?) -> Unit,
+  private val onDisconnected: (message: String) -> Unit,
+  private val onEvent: (event: String, payloadJson: String?) -> Unit,
+  private val onInvoke: suspend (InvokeRequest) -> InvokeResult,
+) {
+  data class Hello(
+    val nodeId: String,
+    val displayName: String?,
+    val token: String?,
+    val platform: String?,
+    val version: String?,
+    val deviceFamily: String?,
+    val modelIdentifier: String?,
+    val caps: List<String>?,
+    val commands: List<String>?,
+  )
+
+  data class InvokeRequest(val id: String, val command: String, val paramsJson: String?)
+
+  data class InvokeResult(val ok: Boolean, val payloadJson: String?, val error: ErrorShape?) {
+    companion object {
+      fun ok(payloadJson: String?) = InvokeResult(ok = true, payloadJson = payloadJson, error = null)
+      fun error(code: String, message: String) =
+        InvokeResult(ok = false, payloadJson = null, error = ErrorShape(code = code, message = message))
+    }
+  }
+
+  data class ErrorShape(val code: String, val message: String)
+
+  private val json = Json { ignoreUnknownKeys = true }
+  private val writeLock = Mutex()
+  private val pending = ConcurrentHashMap<String, CompletableDeferred<RpcResponse>>()
+  @Volatile private var canvasHostUrl: String? = null
+
+  private var desired: Pair<BridgeEndpoint, Hello>? = null
+  private var job: Job? = null
+
+  fun connect(endpoint: BridgeEndpoint, hello: Hello) {
+    desired = endpoint to hello
+    if (job == null) {
+      job = scope.launch(Dispatchers.IO) { runLoop() }
+    }
+  }
+
+  fun disconnect() {
+    desired = null
+    // Unblock connectOnce() read loop. Coroutine cancellation alone won't interrupt BufferedReader.readLine().
+    currentConnection?.closeQuietly()
+    scope.launch(Dispatchers.IO) {
+      job?.cancelAndJoin()
+      job = null
+      canvasHostUrl = null
+      onDisconnected("Offline")
+    }
+  }
+
+  fun currentCanvasHostUrl(): String? = canvasHostUrl
+
+  suspend fun sendEvent(event: String, payloadJson: String?) {
+    val conn = currentConnection ?: return
+    conn.sendJson(
+      buildJsonObject {
+        put("type", JsonPrimitive("event"))
+        put("event", JsonPrimitive(event))
+        if (payloadJson != null) put("payloadJSON", JsonPrimitive(payloadJson)) else put("payloadJSON", JsonNull)
+      },
+    )
+  }
+
+  suspend fun request(method: String, paramsJson: String?): String {
+    val conn = currentConnection ?: throw IllegalStateException("not connected")
+    val id = UUID.randomUUID().toString()
+    val deferred = CompletableDeferred<RpcResponse>()
+    pending[id] = deferred
+    conn.sendJson(
+      buildJsonObject {
+        put("type", JsonPrimitive("req"))
+        put("id", JsonPrimitive(id))
+        put("method", JsonPrimitive(method))
+        if (paramsJson != null) put("paramsJSON", JsonPrimitive(paramsJson)) else put("paramsJSON", JsonNull)
+      },
+    )
+    val res = deferred.await()
+    if (res.ok) return res.payloadJson ?: ""
+    val err = res.error
+    throw IllegalStateException("${err?.code ?: "UNAVAILABLE"}: ${err?.message ?: "request failed"}")
+  }
+
+  private data class RpcResponse(val id: String, val ok: Boolean, val payloadJson: String?, val error: ErrorShape?)
+
+  private class Connection(private val socket: Socket, private val reader: BufferedReader, private val writer: BufferedWriter, private val writeLock: Mutex) {
+    val remoteAddress: String? =
+      socket.inetAddress?.hostAddress?.takeIf { it.isNotBlank() }?.let { "${it}:${socket.port}" }
+
+    suspend fun sendJson(obj: JsonObject) {
+      writeLock.withLock {
+        writer.write(obj.toString())
+        writer.write("\n")
+        writer.flush()
+      }
+    }
+
+    fun closeQuietly() {
+      try {
+        socket.close()
+      } catch (_: Throwable) {
+        // ignore
+      }
+    }
+  }
+
+  @Volatile private var currentConnection: Connection? = null
+
+  private suspend fun runLoop() {
+    var attempt = 0
+    while (scope.isActive) {
+      val target = desired
+      if (target == null) {
+        currentConnection?.closeQuietly()
+        currentConnection = null
+        delay(250)
+        continue
+      }
+
+      val (endpoint, hello) = target
+      try {
+        onDisconnected(if (attempt == 0) "Connecting…" else "Reconnecting…")
+        connectOnce(endpoint, hello)
+        attempt = 0
+      } catch (err: Throwable) {
+        attempt += 1
+        onDisconnected("Bridge error: ${err.message ?: err::class.java.simpleName}")
+        val sleepMs = minOf(8_000L, (350.0 * Math.pow(1.7, attempt.toDouble())).toLong())
+        delay(sleepMs)
+      }
+    }
+  }
+
+  private fun invokeErrorFromThrowable(err: Throwable): InvokeResult {
+    val msg = err.message?.trim().takeIf { !it.isNullOrEmpty() } ?: err::class.java.simpleName
+    val parts = msg.split(":", limit = 2)
+    if (parts.size == 2) {
+      val code = parts[0].trim()
+      val rest = parts[1].trim()
+      if (code.isNotEmpty() && code.all { it.isUpperCase() || it == '_' }) {
+        return InvokeResult.error(code = code, message = rest.ifEmpty { msg })
+      }
+    }
+    return InvokeResult.error(code = "UNAVAILABLE", message = msg)
+  }
+
+  private suspend fun connectOnce(endpoint: BridgeEndpoint, hello: Hello) =
+    withContext(Dispatchers.IO) {
+      val socket = Socket()
+      socket.tcpNoDelay = true
+      socket.connect(InetSocketAddress(endpoint.host, endpoint.port), 8_000)
+      socket.soTimeout = 0
+
+      val reader = BufferedReader(InputStreamReader(socket.getInputStream(), Charsets.UTF_8))
+      val writer = BufferedWriter(OutputStreamWriter(socket.getOutputStream(), Charsets.UTF_8))
+
+      val conn = Connection(socket, reader, writer, writeLock)
+      currentConnection = conn
+
+      try {
+        conn.sendJson(
+          buildJsonObject {
+            put("type", JsonPrimitive("hello"))
+            put("nodeId", JsonPrimitive(hello.nodeId))
+            hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
+            hello.token?.let { put("token", JsonPrimitive(it)) }
+            hello.platform?.let { put("platform", JsonPrimitive(it)) }
+            hello.version?.let { put("version", JsonPrimitive(it)) }
+            hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
+            hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
+            hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
+            hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
+          },
+        )
+
+        val firstLine = reader.readLine() ?: throw IllegalStateException("bridge closed connection")
+        val first = json.parseToJsonElement(firstLine).asObjectOrNull()
+          ?: throw IllegalStateException("unexpected bridge response")
+        when (first["type"].asStringOrNull()) {
+          "hello-ok" -> {
+            val name = first["serverName"].asStringOrNull() ?: "Bridge"
+            val rawCanvasUrl = first["canvasHostUrl"].asStringOrNull()?.trim()?.ifEmpty { null }
+            canvasHostUrl = normalizeCanvasHostUrl(rawCanvasUrl, endpoint)
+            if (BuildConfig.DEBUG) {
+              // Local JVM unit tests use android.jar stubs; Log.d can throw "not mocked".
+              runCatching {
+                android.util.Log.d(
+                  "ClawdisBridge",
+                  "canvasHostUrl resolved=${canvasHostUrl ?: "none"} (raw=${rawCanvasUrl ?: "none"})",
+                )
+              }
+            }
+            onConnected(name, conn.remoteAddress)
+          }
+          "error" -> {
+            val code = first["code"].asStringOrNull() ?: "UNAVAILABLE"
+            val msg = first["message"].asStringOrNull() ?: "connect failed"
+            throw IllegalStateException("$code: $msg")
+          }
+          else -> throw IllegalStateException("unexpected bridge response")
+        }
+
+        while (scope.isActive) {
+          val line = reader.readLine() ?: break
+          val frame = json.parseToJsonElement(line).asObjectOrNull() ?: continue
+          when (frame["type"].asStringOrNull()) {
+            "event" -> {
+              val event = frame["event"].asStringOrNull() ?: return@withContext
+              val payload = frame["payloadJSON"].asStringOrNull()
+              onEvent(event, payload)
+            }
+            "ping" -> {
+              val id = frame["id"].asStringOrNull() ?: ""
+              conn.sendJson(buildJsonObject { put("type", JsonPrimitive("pong")); put("id", JsonPrimitive(id)) })
+            }
+            "res" -> {
+              val id = frame["id"].asStringOrNull() ?: continue
+              val ok = frame["ok"].asBooleanOrNull() ?: false
+              val payloadJson = frame["payloadJSON"].asStringOrNull()
+              val error =
+                frame["error"]?.let {
+                  val obj = it.asObjectOrNull() ?: return@let null
+                  val code = obj["code"].asStringOrNull() ?: "UNAVAILABLE"
+                  val msg = obj["message"].asStringOrNull() ?: "request failed"
+                  ErrorShape(code, msg)
+                }
+              pending.remove(id)?.complete(RpcResponse(id, ok, payloadJson, error))
+            }
+            "invoke" -> {
+              val id = frame["id"].asStringOrNull() ?: continue
+              val command = frame["command"].asStringOrNull() ?: ""
+              val params = frame["paramsJSON"].asStringOrNull()
+              val result =
+                try {
+                  onInvoke(InvokeRequest(id, command, params))
+                } catch (err: Throwable) {
+                  invokeErrorFromThrowable(err)
+                }
+              conn.sendJson(
+                buildJsonObject {
+                  put("type", JsonPrimitive("invoke-res"))
+                  put("id", JsonPrimitive(id))
+                  put("ok", JsonPrimitive(result.ok))
+                  if (result.payloadJson != null) put("payloadJSON", JsonPrimitive(result.payloadJson))
+                  if (result.error != null) {
+                    put(
+                      "error",
+                      buildJsonObject {
+                        put("code", JsonPrimitive(result.error.code))
+                        put("message", JsonPrimitive(result.error.message))
+                      },
+                    )
+                  }
+                },
+              )
+            }
+            "invoke-res" -> {
+              // gateway->node only (ignore)
+            }
+          }
+        }
+      } finally {
+        currentConnection = null
+        for ((_, waiter) in pending) {
+          waiter.cancel()
+        }
+        pending.clear()
+        conn.closeQuietly()
+      }
+    }
+
+  private fun normalizeCanvasHostUrl(raw: String?, endpoint: BridgeEndpoint): String? {
+    val trimmed = raw?.trim().orEmpty()
+    val parsed = trimmed.takeIf { it.isNotBlank() }?.let { runCatching { URI(it) }.getOrNull() }
+    val host = parsed?.host?.trim().orEmpty()
+    val port = parsed?.port ?: -1
+    val scheme = parsed?.scheme?.trim().orEmpty().ifBlank { "http" }
+
+    if (trimmed.isNotBlank() && !isLoopbackHost(host)) {
+      return trimmed
+    }
+
+    val fallbackHost =
+      endpoint.tailnetDns?.trim().takeIf { !it.isNullOrEmpty() }
+        ?: endpoint.lanHost?.trim().takeIf { !it.isNullOrEmpty() }
+        ?: endpoint.host.trim()
+    if (fallbackHost.isEmpty()) return trimmed.ifBlank { null }
+
+    val fallbackPort = endpoint.canvasPort ?: if (port > 0) port else 18793
+    val formattedHost = if (fallbackHost.contains(":")) "[${fallbackHost}]" else fallbackHost
+    return "$scheme://$formattedHost:$fallbackPort"
+  }
+
+  private fun isLoopbackHost(raw: String?): Boolean {
+    val host = raw?.trim()?.lowercase().orEmpty()
+    if (host.isEmpty()) return false
+    if (host == "localhost") return true
+    if (host == "::1") return true
+    if (host == "0.0.0.0" || host == "::") return true
+    return host.startsWith("127.")
+  }
+}
+
+private fun JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
+
+private fun JsonElement?.asStringOrNull(): String? =
+  when (this) {
+    is JsonNull -> null
+    is JsonPrimitive -> content
+    else -> null
+  }
+
+private fun JsonElement?.asBooleanOrNull(): Boolean? =
+  when (this) {
+    is JsonPrimitive -> {
+      val c = content.trim()
+      when {
+        c.equals("true", ignoreCase = true) -> true
+        c.equals("false", ignoreCase = true) -> false
+        else -> null
+      }
+    }
+    else -> null
+  }
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/chat/ChatController.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/chat/ChatController.kt
@@ -1,6 +1,6 @@
-package com.clawdbot.android.chat
+package com.steipete.clawdis.node.chat

-import com.clawdbot.android.gateway.GatewaySession
+import com.steipete.clawdis.node.bridge.BridgeSession
 import java.util.UUID
 import java.util.concurrent.ConcurrentHashMap
 import kotlinx.coroutines.CoroutineScope
@@ -20,9 +20,8 @@ import kotlinx.serialization.json.buildJsonObject

 class ChatController(
  private val scope: CoroutineScope,
-  private val session: GatewaySession,
+  private val session: BridgeSession,
  private val json: Json,
-  private val supportsChatSubscribe: Boolean,
 ) {
  private val _sessionKey = MutableStateFlow("main")
  val sessionKey: StateFlow<String> = _sessionKey.asStateFlow()
@@ -72,21 +71,12 @@ class ChatController(
    _sessionId.value = null
  }

-  fun load(sessionKey: String) {
+  fun load(sessionKey: String = "main") {
    val key = sessionKey.trim().ifEmpty { "main" }
    _sessionKey.value = key
    scope.launch { bootstrap(forceHealth = true) }
  }

-  fun applyMainSessionKey(mainSessionKey: String) {
-    val trimmed = mainSessionKey.trim()
-    if (trimmed.isEmpty()) return
-    if (_sessionKey.value == trimmed) return
-    if (_sessionKey.value != "main") return
-    _sessionKey.value = trimmed
-    scope.launch { bootstrap(forceHealth = true) }
-  }
-
  fun refresh() {
    scope.launch { bootstrap(forceHealth = true) }
  }
@@ -225,7 +215,7 @@ class ChatController(
    }
  }

-  fun handleGatewayEvent(event: String, payloadJson: String?) {
+  fun handleBridgeEvent(event: String, payloadJson: String?) {
    when (event) {
      "tick" -> {
        scope.launch { pollHealthIfNeeded(force = false) }
@@ -260,12 +250,10 @@ class ChatController(

    val key = _sessionKey.value
    try {
-      if (supportsChatSubscribe) {
-        try {
-          session.sendNodeEvent("chat.subscribe", """{"sessionKey":"$key"}""")
-        } catch (_: Throwable) {
-          // best-effort
-        }
+      try {
+        session.sendEvent("chat.subscribe", """{"sessionKey":"$key"}""")
+      } catch (_: Throwable) {
+        // best-effort
      }

      val historyJson = session.request("chat.history", """{"sessionKey":"$key"}""")
@@ -373,12 +361,10 @@ class ChatController(

        val ts = payload["ts"].asLongOrNull() ?: System.currentTimeMillis()
        if (phase == "start") {
-          val args = data?.get("args").asObjectOrNull()
          pendingToolCallsById[toolCallId] =
            ChatPendingToolCall(
              toolCallId = toolCallId,
              name = name,
-              args = args,
              startedAtMs = ts,
              isError = null,
            )
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/chat/ChatModels.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/chat/ChatModels.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.chat
+package com.steipete.clawdis.node.chat

 data class ChatMessage(
  val id: String,
@@ -18,7 +18,6 @@ data class ChatMessageContent(
 data class ChatPendingToolCall(
  val toolCallId: String,
  val name: String,
-  val args: kotlinx.serialization.json.JsonObject? = null,
  val startedAtMs: Long,
  val isError: Boolean? = null,
 )
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/node/CameraCaptureManager.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/node/CameraCaptureManager.kt
@@ -1,14 +1,12 @@
-package com.clawdbot.android.node
+package com.steipete.clawdis.node.node

 import android.Manifest
 import android.content.Context
 import android.annotation.SuppressLint
 import android.graphics.Bitmap
 import android.graphics.BitmapFactory
-import android.graphics.Matrix
 import android.util.Base64
 import android.content.pm.PackageManager
-import androidx.exifinterface.media.ExifInterface
 import androidx.lifecycle.LifecycleOwner
 import androidx.camera.core.CameraSelector
 import androidx.camera.core.ImageCapture
@@ -22,7 +20,7 @@ import androidx.camera.video.VideoRecordEvent
 import androidx.core.content.ContextCompat
 import androidx.core.content.ContextCompat.checkSelfPermission
 import androidx.core.graphics.scale
-import com.clawdbot.android.PermissionRequester
+import com.steipete.clawdis.node.PermissionRequester
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.suspendCancellableCoroutine
 import kotlinx.coroutines.withTimeout
@@ -88,19 +86,18 @@ class CameraCaptureManager(private val context: Context) {
      provider.unbindAll()
      provider.bindToLifecycle(owner, selector, capture)

-      val (bytes, orientation) = capture.takeJpegWithExif(context.mainExecutor())
+      val bytes = capture.takeJpegBytes(context.mainExecutor())
      val decoded = BitmapFactory.decodeByteArray(bytes, 0, bytes.size)
        ?: throw IllegalStateException("UNAVAILABLE: failed to decode captured image")
-      val rotated = rotateBitmapByExif(decoded, orientation)
      val scaled =
-        if (maxWidth != null && maxWidth > 0 && rotated.width > maxWidth) {
+        if (maxWidth != null && maxWidth > 0 && decoded.width > maxWidth) {
          val h =
-            (rotated.height.toDouble() * (maxWidth.toDouble() / rotated.width.toDouble()))
+            (decoded.height.toDouble() * (maxWidth.toDouble() / decoded.width.toDouble()))
              .toInt()
              .coerceAtLeast(1)
-          rotated.scale(maxWidth, h)
+          decoded.scale(maxWidth, h)
        } else {
-          rotated
+          decoded
        }

      val maxPayloadBytes = 5 * 1024 * 1024
@@ -155,7 +152,7 @@ class CameraCaptureManager(private val context: Context) {
      provider.unbindAll()
      provider.bindToLifecycle(owner, selector, videoCapture)

-      val file = File.createTempFile("clawdbot-clip-", ".mp4")
+      val file = File.createTempFile("clawdis-clip-", ".mp4")
      val outputOptions = FileOutputOptions.Builder(file).build()

      val finalized = kotlinx.coroutines.CompletableDeferred<VideoRecordEvent.Finalize>()
@@ -197,31 +194,6 @@ class CameraCaptureManager(private val context: Context) {
      )
    }

-  private fun rotateBitmapByExif(bitmap: Bitmap, orientation: Int): Bitmap {
-    val matrix = Matrix()
-    when (orientation) {
-      ExifInterface.ORIENTATION_ROTATE_90 -> matrix.postRotate(90f)
-      ExifInterface.ORIENTATION_ROTATE_180 -> matrix.postRotate(180f)
-      ExifInterface.ORIENTATION_ROTATE_270 -> matrix.postRotate(270f)
-      ExifInterface.ORIENTATION_FLIP_HORIZONTAL -> matrix.postScale(-1f, 1f)
-      ExifInterface.ORIENTATION_FLIP_VERTICAL -> matrix.postScale(1f, -1f)
-      ExifInterface.ORIENTATION_TRANSPOSE -> {
-        matrix.postRotate(90f)
-        matrix.postScale(-1f, 1f)
-      }
-      ExifInterface.ORIENTATION_TRANSVERSE -> {
-        matrix.postRotate(-90f)
-        matrix.postScale(-1f, 1f)
-      }
-      else -> return bitmap
-    }
-    val rotated = Bitmap.createBitmap(bitmap, 0, 0, bitmap.width, bitmap.height, matrix, true)
-    if (rotated !== bitmap) {
-      bitmap.recycle()
-    }
-    return rotated
-  }
-
  private fun parseFacing(paramsJson: String?): String? =
    when {
      paramsJson?.contains("\"front\"") == true -> "front"
@@ -282,29 +254,22 @@ private suspend fun Context.cameraProvider(): ProcessCameraProvider =
    )
  }

-/** Returns (jpegBytes, exifOrientation) so caller can rotate the decoded bitmap. */
-private suspend fun ImageCapture.takeJpegWithExif(executor: Executor): Pair<ByteArray, Int> =
+private suspend fun ImageCapture.takeJpegBytes(executor: Executor): ByteArray =
  suspendCancellableCoroutine { cont ->
-    val file = File.createTempFile("clawdbot-snap-", ".jpg")
+    val file = File.createTempFile("clawdis-snap-", ".jpg")
    val options = ImageCapture.OutputFileOptions.Builder(file).build()
    takePicture(
      options,
      executor,
      object : ImageCapture.OnImageSavedCallback {
        override fun onError(exception: ImageCaptureException) {
-          file.delete()
          cont.resumeWithException(exception)
        }

        override fun onImageSaved(outputFileResults: ImageCapture.OutputFileResults) {
          try {
-            val exif = ExifInterface(file.absolutePath)
-            val orientation = exif.getAttributeInt(
-              ExifInterface.TAG_ORIENTATION,
-              ExifInterface.ORIENTATION_NORMAL,
-            )
            val bytes = file.readBytes()
-            cont.resume(Pair(bytes, orientation))
+            cont.resume(bytes)
          } catch (e: Exception) {
            cont.resumeWithException(e)
          } finally {
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/node/CanvasController.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/node/CanvasController.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.node
+package com.steipete.clawdis.node.node

 import android.graphics.Bitmap
 import android.graphics.Canvas
@@ -17,7 +17,7 @@ import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonElement
 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
-import com.clawdbot.android.BuildConfig
+import com.steipete.clawdis.node.BuildConfig
 import kotlin.coroutines.resume

 class CanvasController {
@@ -84,12 +84,12 @@ class CanvasController {
    withWebViewOnMain { wv ->
      if (currentUrl == null) {
        if (BuildConfig.DEBUG) {
-          Log.d("ClawdbotCanvas", "load scaffold: $scaffoldAssetUrl")
+          Log.d("ClawdisCanvas", "load scaffold: $scaffoldAssetUrl")
        }
        wv.loadUrl(scaffoldAssetUrl)
      } else {
        if (BuildConfig.DEBUG) {
-          Log.d("ClawdbotCanvas", "load url: $currentUrl")
+          Log.d("ClawdisCanvas", "load url: $currentUrl")
        }
        wv.loadUrl(currentUrl)
      }
@@ -106,7 +106,7 @@ class CanvasController {
      val js = """
        (() => {
          try {
-            const api = globalThis.__clawdbot;
+            const api = globalThis.__clawdis;
            if (!api) return;
            if (typeof api.setDebugStatusEnabled === 'function') {
              api.setDebugStatusEnabled(${if (enabled) "true" else "false"});
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/node/JpegSizeLimiter.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/node/JpegSizeLimiter.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.node
+package com.steipete.clawdis.node.node

 import kotlin.math.max
 import kotlin.math.min
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/node/ScreenRecordManager.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/node/ScreenRecordManager.kt
@@ -1,12 +1,11 @@
-package com.clawdbot.android.node
+package com.steipete.clawdis.node.node

 import android.content.Context
 import android.hardware.display.DisplayManager
 import android.media.MediaRecorder
 import android.media.projection.MediaProjectionManager
-import android.os.Build
 import android.util.Base64
-import com.clawdbot.android.ScreenCaptureRequester
+import com.steipete.clawdis.node.ScreenCaptureRequester
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.delay
 import kotlinx.coroutines.withContext
@@ -17,13 +16,13 @@ class ScreenRecordManager(private val context: Context) {
  data class Payload(val payloadJson: String)

  @Volatile private var screenCaptureRequester: ScreenCaptureRequester? = null
-  @Volatile private var permissionRequester: com.clawdbot.android.PermissionRequester? = null
+  @Volatile private var permissionRequester: com.steipete.clawdis.node.PermissionRequester? = null

  fun attachScreenCaptureRequester(requester: ScreenCaptureRequester) {
    screenCaptureRequester = requester
  }

-  fun attachPermissionRequester(requester: com.clawdbot.android.PermissionRequester) {
+  fun attachPermissionRequester(requester: com.steipete.clawdis.node.PermissionRequester) {
    permissionRequester = requester
  }

@@ -63,10 +62,10 @@ class ScreenRecordManager(private val context: Context) {
      val height = metrics.heightPixels
      val densityDpi = metrics.densityDpi

-      val file = File.createTempFile("clawdbot-screen-", ".mp4")
+      val file = File.createTempFile("clawdis-screen-", ".mp4")
      if (includeAudio) ensureMicPermission()

-      val recorder = createMediaRecorder()
+      val recorder = MediaRecorder()
      var virtualDisplay: android.hardware.display.VirtualDisplay? = null
      try {
        if (includeAudio) {
@@ -90,7 +89,7 @@ class ScreenRecordManager(private val context: Context) {
        val surface = recorder.surface
        virtualDisplay =
          projection.createVirtualDisplay(
-            "clawdbot-screen",
+            "clawdis-screen",
            width,
            height,
            densityDpi,
@@ -122,8 +121,6 @@ class ScreenRecordManager(private val context: Context) {
      )
    }

-  private fun createMediaRecorder(): MediaRecorder = MediaRecorder(context)
-
  private suspend fun ensureMicPermission() {
    val granted =
      androidx.core.content.ContextCompat.checkSelfPermission(
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/protocol/ClawdisCanvasA2UIAction.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/protocol/ClawdisCanvasA2UIAction.kt
@@ -1,9 +1,9 @@
-package com.clawdbot.android.protocol
+package com.steipete.clawdis.node.protocol

 import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive

-object ClawdbotCanvasA2UIAction {
+object ClawdisCanvasA2UIAction {
  fun extractActionName(userAction: JsonObject): String? {
    val name =
      (userAction["name"] as? JsonPrimitive)
@@ -61,6 +61,6 @@ object ClawdbotCanvasA2UIAction {
    val err = (error ?: "").replace("\\", "\\\\").replace("\"", "\\\"")
    val okLiteral = if (ok) "true" else "false"
    val idEscaped = actionId.replace("\\", "\\\\").replace("\"", "\\\"")
-    return "window.dispatchEvent(new CustomEvent('clawdbot:a2ui-action-status', { detail: { id: \"${idEscaped}\", ok: ${okLiteral}, error: \"${err}\" } }));"
+    return "window.dispatchEvent(new CustomEvent('clawdis:a2ui-action-status', { detail: { id: \"${idEscaped}\", ok: ${okLiteral}, error: \"${err}\" } }));"
  }
 }
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/protocol/ClawdisProtocolConstants.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/protocol/ClawdisProtocolConstants.kt
@@ -1,15 +1,13 @@
-package com.clawdbot.android.protocol
+package com.steipete.clawdis.node.protocol

-enum class ClawdbotCapability(val rawValue: String) {
+enum class ClawdisCapability(val rawValue: String) {
  Canvas("canvas"),
  Camera("camera"),
  Screen("screen"),
-  Sms("sms"),
  VoiceWake("voiceWake"),
-  Location("location"),
 }

-enum class ClawdbotCanvasCommand(val rawValue: String) {
+enum class ClawdisCanvasCommand(val rawValue: String) {
  Present("canvas.present"),
  Hide("canvas.hide"),
  Navigate("canvas.navigate"),
@@ -22,7 +20,7 @@ enum class ClawdbotCanvasCommand(val rawValue: String) {
  }
 }

-enum class ClawdbotCanvasA2UICommand(val rawValue: String) {
+enum class ClawdisCanvasA2UICommand(val rawValue: String) {
  Push("canvas.a2ui.push"),
  PushJSONL("canvas.a2ui.pushJSONL"),
  Reset("canvas.a2ui.reset"),
@@ -33,7 +31,7 @@ enum class ClawdbotCanvasA2UICommand(val rawValue: String) {
  }
 }

-enum class ClawdbotCameraCommand(val rawValue: String) {
+enum class ClawdisCameraCommand(val rawValue: String) {
  Snap("camera.snap"),
  Clip("camera.clip"),
  ;
@@ -43,7 +41,7 @@ enum class ClawdbotCameraCommand(val rawValue: String) {
  }
 }

-enum class ClawdbotScreenCommand(val rawValue: String) {
+enum class ClawdisScreenCommand(val rawValue: String) {
  Record("screen.record"),
  ;

@@ -51,21 +49,3 @@ enum class ClawdbotScreenCommand(val rawValue: String) {
    const val NamespacePrefix: String = "screen."
  }
 }
-
-enum class ClawdbotSmsCommand(val rawValue: String) {
-  Send("sms.send"),
-  ;
-
-  companion object {
-    const val NamespacePrefix: String = "sms."
-  }
-}
-
-enum class ClawdbotLocationCommand(val rawValue: String) {
-  Get("location.get"),
-  ;
-
-  companion object {
-    const val NamespacePrefix: String = "location."
-  }
-}
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/CameraHudOverlay.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/CameraHudOverlay.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.ui
+package com.steipete.clawdis.node.ui

 import androidx.compose.foundation.background
 import androidx.compose.foundation.layout.Box
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/ChatSheet.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/ChatSheet.kt
@@ -1,8 +1,8 @@
-package com.clawdbot.android.ui
+package com.steipete.clawdis.node.ui

 import androidx.compose.runtime.Composable
-import com.clawdbot.android.MainViewModel
-import com.clawdbot.android.ui.chat.ChatSheetContent
+import com.steipete.clawdis.node.MainViewModel
+import com.steipete.clawdis.node.ui.chat.ChatSheetContent

@Composable
 fun ChatSheet(viewModel: MainViewModel) {
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/ClawdisTheme.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/ClawdisTheme.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.ui
+package com.steipete.clawdis.node.ui

 import androidx.compose.foundation.isSystemInDarkTheme
 import androidx.compose.material3.MaterialTheme
@@ -9,7 +9,7 @@ import androidx.compose.ui.graphics.Color
 import androidx.compose.ui.platform.LocalContext

@Composable
-fun ClawdbotTheme(content: @Composable () -> Unit) {
+fun ClawdisTheme(content: @Composable () -> Unit) {
  val context = LocalContext.current
  val isDark = isSystemInDarkTheme()
  val colorScheme = if (isDark) dynamicDarkColorScheme(context) else dynamicLightColorScheme(context)
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/RootScreen.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/RootScreen.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.ui
+package com.steipete.clawdis.node.ui

 import android.annotation.SuppressLint
 import android.Manifest
@@ -39,7 +39,6 @@ import androidx.compose.material3.MaterialTheme
 import androidx.compose.material3.ModalBottomSheet
 import androidx.compose.material3.rememberModalBottomSheetState
 import androidx.compose.material.icons.Icons
-import androidx.compose.material.icons.automirrored.filled.ScreenShare
 import androidx.compose.material.icons.filled.ChatBubble
 import androidx.compose.material.icons.filled.CheckCircle
 import androidx.compose.material.icons.filled.Error
@@ -48,6 +47,7 @@ import androidx.compose.material.icons.filled.PhotoCamera
 import androidx.compose.material.icons.filled.RecordVoiceOver
 import androidx.compose.material.icons.filled.Refresh
 import androidx.compose.material.icons.filled.Report
+import androidx.compose.material.icons.filled.ScreenShare
 import androidx.compose.material.icons.filled.Settings
 import androidx.compose.runtime.Composable
 import androidx.compose.runtime.collectAsState
@@ -65,8 +65,8 @@ import androidx.compose.ui.viewinterop.AndroidView
 import androidx.compose.ui.window.Popup
 import androidx.compose.ui.window.PopupProperties
 import androidx.core.content.ContextCompat
-import com.clawdbot.android.CameraHudKind
-import com.clawdbot.android.MainViewModel
+import com.steipete.clawdis.node.CameraHudKind
+import com.steipete.clawdis.node.MainViewModel

@OptIn(ExperimentalMaterial3Api::class)
@Composable
@@ -118,12 +118,12 @@ fun RootScreen(viewModel: MainViewModel) {
          contentDescription = "Approval pending",
        )
      }
-      // Avoid duplicating the primary gateway status ("Connecting…") in the activity slot.
+      // Avoid duplicating the primary bridge status ("Connecting…") in the activity slot.

      if (screenRecordActive) {
        return@remember StatusActivity(
          title = "Recording screen…",
-          icon = Icons.AutoMirrored.Filled.ScreenShare,
+          icon = Icons.Default.ScreenShare,
          contentDescription = "Recording screen",
          tint = androidx.compose.ui.graphics.Color.Red,
        )
@@ -179,14 +179,14 @@ fun RootScreen(viewModel: MainViewModel) {
      null
    }

-  val gatewayState =
+  val bridgeState =
    remember(serverName, statusText) {
      when {
-        serverName != null -> GatewayState.Connected
+        serverName != null -> BridgeState.Connected
        statusText.contains("connecting", ignoreCase = true) ||
-          statusText.contains("reconnecting", ignoreCase = true) -> GatewayState.Connecting
-        statusText.contains("error", ignoreCase = true) -> GatewayState.Error
-        else -> GatewayState.Disconnected
+          statusText.contains("reconnecting", ignoreCase = true) -> BridgeState.Connecting
+        statusText.contains("error", ignoreCase = true) -> BridgeState.Error
+        else -> BridgeState.Disconnected
      }
    }

@@ -206,7 +206,7 @@ fun RootScreen(viewModel: MainViewModel) {
  // Keep the overlay buttons above the WebView canvas (AndroidView), otherwise they may not receive touches.
  Popup(alignment = Alignment.TopStart, properties = PopupProperties(focusable = false)) {
    StatusPill(
-      gateway = gatewayState,
+      bridge = bridgeState,
      voiceEnabled = voiceEnabled,
      activity = activity,
      onClick = { sheet = Sheet.Settings },
@@ -327,13 +327,14 @@ private fun CanvasView(viewModel: MainViewModel, modifier: Modifier = Modifier)
        // Some embedded web UIs (incl. the "background website") use localStorage/sessionStorage.
        settings.domStorageEnabled = true
        settings.mixedContentMode = WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE
+        if (WebViewFeature.isFeatureSupported(WebViewFeature.FORCE_DARK)) {
+          WebSettingsCompat.setForceDark(settings, WebSettingsCompat.FORCE_DARK_OFF)
+        }
        if (WebViewFeature.isFeatureSupported(WebViewFeature.ALGORITHMIC_DARKENING)) {
          WebSettingsCompat.setAlgorithmicDarkeningAllowed(settings, false)
-        } else {
-          disableForceDarkIfSupported(settings)
        }
        if (isDebuggable) {
-          Log.d("ClawdbotWebView", "userAgent: ${settings.userAgentString}")
+          Log.d("ClawdisWebView", "userAgent: ${settings.userAgentString}")
        }
        isScrollContainer = true
        overScrollMode = View.OVER_SCROLL_IF_CONTENT_SCROLLS
@@ -348,7 +349,7 @@ private fun CanvasView(viewModel: MainViewModel, modifier: Modifier = Modifier)
            ) {
              if (!isDebuggable) return
              if (!request.isForMainFrame) return
-              Log.e("ClawdbotWebView", "onReceivedError: ${error.errorCode} ${error.description} ${request.url}")
+              Log.e("ClawdisWebView", "onReceivedError: ${error.errorCode} ${error.description} ${request.url}")
            }

            override fun onReceivedHttpError(
@@ -359,14 +360,14 @@ private fun CanvasView(viewModel: MainViewModel, modifier: Modifier = Modifier)
              if (!isDebuggable) return
              if (!request.isForMainFrame) return
              Log.e(
-                "ClawdbotWebView",
+                "ClawdisWebView",
                "onReceivedHttpError: ${errorResponse.statusCode} ${errorResponse.reasonPhrase} ${request.url}",
              )
            }

            override fun onPageFinished(view: WebView, url: String?) {
              if (isDebuggable) {
-                Log.d("ClawdbotWebView", "onPageFinished: $url")
+                Log.d("ClawdisWebView", "onPageFinished: $url")
              }
              viewModel.canvas.onPageFinished()
            }
@@ -377,7 +378,7 @@ private fun CanvasView(viewModel: MainViewModel, modifier: Modifier = Modifier)
            ): Boolean {
              if (isDebuggable) {
                Log.e(
-                  "ClawdbotWebView",
+                  "ClawdisWebView",
                  "onRenderProcessGone didCrash=${detail.didCrash()} priorityAtExit=${detail.rendererPriorityAtExit()}",
                )
              }
@@ -390,7 +391,7 @@ private fun CanvasView(viewModel: MainViewModel, modifier: Modifier = Modifier)
              if (!isDebuggable) return false
              val msg = consoleMessage ?: return false
              Log.d(
-                "ClawdbotWebView",
+                "ClawdisWebView",
                "console ${msg.messageLevel()} @ ${msg.sourceId()}:${msg.lineNumber()} ${msg.message()}",
              )
              return false
@@ -413,12 +414,6 @@ private fun CanvasView(viewModel: MainViewModel, modifier: Modifier = Modifier)
  )
 }

-private fun disableForceDarkIfSupported(settings: WebSettings) {
-  if (!WebViewFeature.isFeatureSupported(WebViewFeature.FORCE_DARK)) return
-  @Suppress("DEPRECATION")
-  WebSettingsCompat.setForceDark(settings, WebSettingsCompat.FORCE_DARK_OFF)
-}
-
 private class CanvasA2UIActionBridge(private val onMessage: (String) -> Unit) {
  @JavascriptInterface
  fun postMessage(payload: String?) {
@@ -428,7 +423,7 @@ private class CanvasA2UIActionBridge(private val onMessage: (String) -> Unit) {
  }

  companion object {
-    const val interfaceName: String = "clawdbotCanvasA2UIAction"
+    const val interfaceName: String = "clawdisCanvasA2UIAction"
  }
 }

--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/SettingsSheet.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/SettingsSheet.kt
@@ -1,12 +1,8 @@
-package com.clawdbot.android.ui
+package com.steipete.clawdis.node.ui

 import android.Manifest
-import android.content.Context
-import android.content.Intent
 import android.content.pm.PackageManager
-import android.net.Uri
 import android.os.Build
-import android.provider.Settings
 import androidx.activity.compose.rememberLauncherForActivityResult
 import androidx.activity.result.contract.ActivityResultContracts
 import androidx.compose.animation.AnimatedVisibility
@@ -46,18 +42,15 @@ import androidx.compose.runtime.collectAsState
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.remember
-import androidx.compose.runtime.setValue
 import androidx.compose.ui.Modifier
-import androidx.compose.ui.draw.alpha
 import androidx.compose.ui.platform.LocalContext
 import androidx.compose.ui.text.style.TextAlign
 import androidx.compose.ui.unit.dp
 import androidx.core.content.ContextCompat
-import com.clawdbot.android.BuildConfig
-import com.clawdbot.android.LocationMode
-import com.clawdbot.android.MainViewModel
-import com.clawdbot.android.NodeForegroundService
-import com.clawdbot.android.VoiceWakeMode
+import com.steipete.clawdis.node.BuildConfig
+import com.steipete.clawdis.node.MainViewModel
+import com.steipete.clawdis.node.NodeForegroundService
+import com.steipete.clawdis.node.VoiceWakeMode

@Composable
 fun SettingsSheet(viewModel: MainViewModel) {
@@ -65,8 +58,6 @@ fun SettingsSheet(viewModel: MainViewModel) {
  val instanceId by viewModel.instanceId.collectAsState()
  val displayName by viewModel.displayName.collectAsState()
  val cameraEnabled by viewModel.cameraEnabled.collectAsState()
-  val locationMode by viewModel.locationMode.collectAsState()
-  val locationPreciseEnabled by viewModel.locationPreciseEnabled.collectAsState()
  val preventSleep by viewModel.preventSleep.collectAsState()
  val wakeWords by viewModel.wakeWords.collectAsState()
  val voiceWakeMode by viewModel.voiceWakeMode.collectAsState()
@@ -75,12 +66,11 @@ fun SettingsSheet(viewModel: MainViewModel) {
  val manualEnabled by viewModel.manualEnabled.collectAsState()
  val manualHost by viewModel.manualHost.collectAsState()
  val manualPort by viewModel.manualPort.collectAsState()
-  val manualTls by viewModel.manualTls.collectAsState()
  val canvasDebugStatusEnabled by viewModel.canvasDebugStatusEnabled.collectAsState()
  val statusText by viewModel.statusText.collectAsState()
  val serverName by viewModel.serverName.collectAsState()
  val remoteAddress by viewModel.remoteAddress.collectAsState()
-  val gateways by viewModel.gateways.collectAsState()
+  val bridges by viewModel.bridges.collectAsState()
  val discoveryStatusText by viewModel.discoveryStatusText.collectAsState()

  val listState = rememberLazyListState()
@@ -111,63 +101,11 @@ fun SettingsSheet(viewModel: MainViewModel) {
      viewModel.setCameraEnabled(cameraOk)
    }

-  var pendingLocationMode by remember { mutableStateOf<LocationMode?>(null) }
-  var pendingPreciseToggle by remember { mutableStateOf(false) }
-
-  val locationPermissionLauncher =
-    rememberLauncherForActivityResult(ActivityResultContracts.RequestMultiplePermissions()) { perms ->
-      val fineOk = perms[Manifest.permission.ACCESS_FINE_LOCATION] == true
-      val coarseOk = perms[Manifest.permission.ACCESS_COARSE_LOCATION] == true
-      val granted = fineOk || coarseOk
-      val requestedMode = pendingLocationMode
-      pendingLocationMode = null
-
-      if (pendingPreciseToggle) {
-        pendingPreciseToggle = false
-        viewModel.setLocationPreciseEnabled(fineOk)
-        return@rememberLauncherForActivityResult
-      }
-
-      if (!granted) {
-        viewModel.setLocationMode(LocationMode.Off)
-        return@rememberLauncherForActivityResult
-      }
-
-      if (requestedMode != null) {
-        viewModel.setLocationMode(requestedMode)
-        if (requestedMode == LocationMode.Always) {
-          val backgroundOk =
-            ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_BACKGROUND_LOCATION) ==
-              PackageManager.PERMISSION_GRANTED
-          if (!backgroundOk) {
-            openAppSettings(context)
-          }
-        }
-      }
-    }
-
  val audioPermissionLauncher =
    rememberLauncherForActivityResult(ActivityResultContracts.RequestPermission()) { _ ->
      // Status text is handled by NodeRuntime.
    }

-  val smsPermissionAvailable =
-    remember {
-      context.packageManager?.hasSystemFeature(PackageManager.FEATURE_TELEPHONY) == true
-    }
-  var smsPermissionGranted by
-    remember {
-      mutableStateOf(
-        ContextCompat.checkSelfPermission(context, Manifest.permission.SEND_SMS) ==
-          PackageManager.PERMISSION_GRANTED,
-      )
-    }
-  val smsPermissionLauncher =
-    rememberLauncherForActivityResult(ActivityResultContracts.RequestPermission()) { granted ->
-      smsPermissionGranted = granted
-      viewModel.refreshGatewayConnection()
-    }
-
  fun setCameraEnabledChecked(checked: Boolean) {
    if (!checked) {
      viewModel.setCameraEnabled(false)
@@ -184,61 +122,20 @@ fun SettingsSheet(viewModel: MainViewModel) {
    }
  }

-  fun requestLocationPermissions(targetMode: LocationMode) {
-    val fineOk =
-      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_FINE_LOCATION) ==
-        PackageManager.PERMISSION_GRANTED
-    val coarseOk =
-      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_COARSE_LOCATION) ==
-        PackageManager.PERMISSION_GRANTED
-    if (fineOk || coarseOk) {
-      viewModel.setLocationMode(targetMode)
-      if (targetMode == LocationMode.Always) {
-        val backgroundOk =
-          ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_BACKGROUND_LOCATION) ==
-            PackageManager.PERMISSION_GRANTED
-        if (!backgroundOk) {
-          openAppSettings(context)
-        }
-      }
-    } else {
-      pendingLocationMode = targetMode
-      locationPermissionLauncher.launch(
-        arrayOf(Manifest.permission.ACCESS_FINE_LOCATION, Manifest.permission.ACCESS_COARSE_LOCATION),
-      )
-    }
-  }
-
-  fun setPreciseLocationChecked(checked: Boolean) {
-    if (!checked) {
-      viewModel.setLocationPreciseEnabled(false)
-      return
-    }
-    val fineOk =
-      ContextCompat.checkSelfPermission(context, Manifest.permission.ACCESS_FINE_LOCATION) ==
-        PackageManager.PERMISSION_GRANTED
-    if (fineOk) {
-      viewModel.setLocationPreciseEnabled(true)
-    } else {
-      pendingPreciseToggle = true
-      locationPermissionLauncher.launch(arrayOf(Manifest.permission.ACCESS_FINE_LOCATION))
-    }
-  }
-
-  val visibleGateways =
+  val visibleBridges =
    if (isConnected && remoteAddress != null) {
-      gateways.filterNot { "${it.host}:${it.port}" == remoteAddress }
+      bridges.filterNot { "${it.host}:${it.port}" == remoteAddress }
    } else {
-      gateways
+      bridges
    }

-  val gatewayDiscoveryFooterText =
-    if (visibleGateways.isEmpty()) {
+  val bridgeDiscoveryFooterText =
+    if (visibleBridges.isEmpty()) {
      discoveryStatusText
    } else if (isConnected) {
-      "Discovery active • ${visibleGateways.size} other gateway${if (visibleGateways.size == 1) "" else "s"} found"
+      "Discovery active • ${visibleBridges.size} other bridge${if (visibleBridges.size == 1) "" else "s"} found"
    } else {
-      "Discovery active • ${visibleGateways.size} gateway${if (visibleGateways.size == 1) "" else "s"} found"
+      "Discovery active • ${visibleBridges.size} bridge${if (visibleBridges.size == 1) "" else "s"} found"
    }

  LazyColumn(
@@ -252,7 +149,7 @@ fun SettingsSheet(viewModel: MainViewModel) {
    contentPadding = PaddingValues(16.dp),
    verticalArrangement = Arrangement.spacedBy(6.dp),
  ) {
-    // Order parity: Node → Gateway → Voice → Camera → Messaging → Location → Screen.
+    // Order parity: Node → Bridge → Voice → Camera → Screen.
    item { Text("Node", style = MaterialTheme.typography.titleSmall) }
    item {
      OutlinedTextField(
@@ -268,8 +165,8 @@ fun SettingsSheet(viewModel: MainViewModel) {

    item { HorizontalDivider() }

-    // Gateway
-    item { Text("Gateway", style = MaterialTheme.typography.titleSmall) }
+    // Bridge
+    item { Text("Bridge", style = MaterialTheme.typography.titleSmall) }
    item { ListItem(headlineContent = { Text("Status") }, supportingContent = { Text(statusText) }) }
    if (serverName != null) {
      item { ListItem(headlineContent = { Text("Server") }, supportingContent = { Text(serverName!!) }) }
@@ -293,30 +190,31 @@ fun SettingsSheet(viewModel: MainViewModel) {

    item { HorizontalDivider() }

-    if (!isConnected || visibleGateways.isNotEmpty()) {
+    if (!isConnected || visibleBridges.isNotEmpty()) {
      item {
        Text(
-          if (isConnected) "Other Gateways" else "Discovered Gateways",
+          if (isConnected) "Other Bridges" else "Discovered Bridges",
          style = MaterialTheme.typography.titleSmall,
        )
      }
-      if (!isConnected && visibleGateways.isEmpty()) {
-        item { Text("No gateways found yet.", color = MaterialTheme.colorScheme.onSurfaceVariant) }
+      if (!isConnected && visibleBridges.isEmpty()) {
+        item { Text("No bridges found yet.", color = MaterialTheme.colorScheme.onSurfaceVariant) }
      } else {
-        items(items = visibleGateways, key = { it.stableId }) { gateway ->
+        items(items = visibleBridges, key = { it.stableId }) { bridge ->
          val detailLines =
            buildList {
-              add("IP: ${gateway.host}:${gateway.port}")
-              gateway.lanHost?.let { add("LAN: $it") }
-              gateway.tailnetDns?.let { add("Tailnet: $it") }
-              if (gateway.gatewayPort != null || gateway.canvasPort != null) {
-                val gw = (gateway.gatewayPort ?: gateway.port).toString()
-                val canvas = gateway.canvasPort?.toString() ?: "—"
-                add("Ports: gw $gw · canvas $canvas")
+              add("IP: ${bridge.host}:${bridge.port}")
+              bridge.lanHost?.let { add("LAN: $it") }
+              bridge.tailnetDns?.let { add("Tailnet: $it") }
+              if (bridge.gatewayPort != null || bridge.bridgePort != null || bridge.canvasPort != null) {
+                val gw = bridge.gatewayPort?.toString() ?: "—"
+                val br = (bridge.bridgePort ?: bridge.port).toString()
+                val canvas = bridge.canvasPort?.toString() ?: "—"
+                add("Ports: gw $gw · bridge $br · canvas $canvas")
              }
            }
          ListItem(
-            headlineContent = { Text(gateway.name) },
+            headlineContent = { Text(bridge.name) },
            supportingContent = {
              Column(verticalArrangement = Arrangement.spacedBy(2.dp)) {
                detailLines.forEach { line ->
@@ -328,7 +226,7 @@ fun SettingsSheet(viewModel: MainViewModel) {
              Button(
                onClick = {
                  NodeForegroundService.start(context)
-                  viewModel.connect(gateway)
+                  viewModel.connect(bridge)
                },
              ) {
                Text("Connect")
@@ -339,7 +237,7 @@ fun SettingsSheet(viewModel: MainViewModel) {
      }
      item {
        Text(
-          gatewayDiscoveryFooterText,
+          bridgeDiscoveryFooterText,
          modifier = Modifier.fillMaxWidth(),
          textAlign = TextAlign.Center,
          style = MaterialTheme.typography.labelMedium,
@@ -353,7 +251,7 @@ fun SettingsSheet(viewModel: MainViewModel) {
    item {
      ListItem(
        headlineContent = { Text("Advanced") },
-        supportingContent = { Text("Manual gateway connection") },
+        supportingContent = { Text("Manual bridge connection") },
        trailingContent = {
          Icon(
            imageVector = if (advancedExpanded) Icons.Filled.ExpandLess else Icons.Filled.ExpandMore,
@@ -370,7 +268,7 @@ fun SettingsSheet(viewModel: MainViewModel) {
      AnimatedVisibility(visible = advancedExpanded) {
        Column(verticalArrangement = Arrangement.spacedBy(10.dp), modifier = Modifier.fillMaxWidth()) {
          ListItem(
-            headlineContent = { Text("Use Manual Gateway") },
+            headlineContent = { Text("Use Manual Bridge") },
            supportingContent = { Text("Use this when discovery is blocked.") },
            trailingContent = { Switch(checked = manualEnabled, onCheckedChange = viewModel::setManualEnabled) },
          )
@@ -389,12 +287,6 @@ fun SettingsSheet(viewModel: MainViewModel) {
            modifier = Modifier.fillMaxWidth(),
            enabled = manualEnabled,
          )
-          ListItem(
-            headlineContent = { Text("Require TLS") },
-            supportingContent = { Text("Pin the gateway certificate on first connect.") },
-            trailingContent = { Switch(checked = manualTls, onCheckedChange = viewModel::setManualTls, enabled = manualEnabled) },
-            modifier = Modifier.alpha(if (manualEnabled) 1f else 0.5f),
-          )

          val hostOk = manualHost.trim().isNotEmpty()
          val portOk = manualPort in 1..65535
@@ -443,7 +335,7 @@ fun SettingsSheet(viewModel: MainViewModel) {
        Column(verticalArrangement = Arrangement.spacedBy(6.dp), modifier = Modifier.fillMaxWidth()) {
          ListItem(
            headlineContent = { Text("Foreground Only") },
-            supportingContent = { Text("Listens only while Clawdbot is open.") },
+            supportingContent = { Text("Listens only while Clawdis is open.") },
            trailingContent = {
              RadioButton(
                selected = voiceWakeMode == VoiceWakeMode.Foreground,
@@ -489,7 +381,7 @@ fun SettingsSheet(viewModel: MainViewModel) {
      Row(horizontalArrangement = Arrangement.spacedBy(12.dp)) {
        Button(
          onClick = {
-            val parsed = com.clawdbot.android.WakeWords.parseCommaSeparated(wakeWordsText)
+            val parsed = com.steipete.clawdis.node.WakeWords.parseCommaSeparated(wakeWordsText)
            viewModel.setWakeWords(parsed)
          },
          enabled = isConnected,
@@ -503,7 +395,7 @@ fun SettingsSheet(viewModel: MainViewModel) {
    item {
      Text(
        if (isConnected) {
-          "Any node can edit wake words. Changes sync via the gateway."
+          "Any node can edit wake words. Changes sync via the gateway bridge."
        } else {
          "Connect to a gateway to sync wake words globally."
        },
@@ -518,7 +410,7 @@ fun SettingsSheet(viewModel: MainViewModel) {
    item {
      ListItem(
        headlineContent = { Text("Allow Camera") },
-        supportingContent = { Text("Allows the gateway to request photos or short video clips (foreground only).") },
+        supportingContent = { Text("Allows the bridge to request photos or short video clips (foreground only).") },
        trailingContent = { Switch(checked = cameraEnabled, onCheckedChange = ::setCameraEnabledChecked) },
      )
    }
@@ -531,110 +423,12 @@ fun SettingsSheet(viewModel: MainViewModel) {

    item { HorizontalDivider() }

-    // Messaging
-    item { Text("Messaging", style = MaterialTheme.typography.titleSmall) }
-    item {
-      val buttonLabel =
-        when {
-          !smsPermissionAvailable -> "Unavailable"
-          smsPermissionGranted -> "Manage"
-          else -> "Grant"
-        }
-      ListItem(
-        headlineContent = { Text("SMS Permission") },
-        supportingContent = {
-          Text(
-            if (smsPermissionAvailable) {
-              "Allow the gateway to send SMS from this device."
-            } else {
-              "SMS requires a device with telephony hardware."
-            },
-          )
-        },
-        trailingContent = {
-          Button(
-            onClick = {
-              if (!smsPermissionAvailable) return@Button
-              if (smsPermissionGranted) {
-                openAppSettings(context)
-              } else {
-                smsPermissionLauncher.launch(Manifest.permission.SEND_SMS)
-              }
-            },
-            enabled = smsPermissionAvailable,
-          ) {
-            Text(buttonLabel)
-          }
-        },
-      )
-    }
-
-    item { HorizontalDivider() }
-
-    // Location
-    item { Text("Location", style = MaterialTheme.typography.titleSmall) }
-    item {
-      Column(verticalArrangement = Arrangement.spacedBy(6.dp), modifier = Modifier.fillMaxWidth()) {
-        ListItem(
-          headlineContent = { Text("Off") },
-          supportingContent = { Text("Disable location sharing.") },
-          trailingContent = {
-            RadioButton(
-              selected = locationMode == LocationMode.Off,
-              onClick = { viewModel.setLocationMode(LocationMode.Off) },
-            )
-          },
-        )
-        ListItem(
-          headlineContent = { Text("While Using") },
-          supportingContent = { Text("Only while Clawdbot is open.") },
-          trailingContent = {
-            RadioButton(
-              selected = locationMode == LocationMode.WhileUsing,
-              onClick = { requestLocationPermissions(LocationMode.WhileUsing) },
-            )
-          },
-        )
-        ListItem(
-          headlineContent = { Text("Always") },
-          supportingContent = { Text("Allow background location (requires system permission).") },
-          trailingContent = {
-            RadioButton(
-              selected = locationMode == LocationMode.Always,
-              onClick = { requestLocationPermissions(LocationMode.Always) },
-            )
-          },
-        )
-      }
-    }
-    item {
-      ListItem(
-        headlineContent = { Text("Precise Location") },
-        supportingContent = { Text("Use precise GPS when available.") },
-        trailingContent = {
-          Switch(
-            checked = locationPreciseEnabled,
-            onCheckedChange = ::setPreciseLocationChecked,
-            enabled = locationMode != LocationMode.Off,
-          )
-        },
-      )
-    }
-    item {
-      Text(
-        "Always may require Android Settings to allow background location.",
-        color = MaterialTheme.colorScheme.onSurfaceVariant,
-      )
-    }
-
-    item { HorizontalDivider() }
-
    // Screen
    item { Text("Screen", style = MaterialTheme.typography.titleSmall) }
    item {
      ListItem(
        headlineContent = { Text("Prevent Sleep") },
-        supportingContent = { Text("Keeps the screen awake while Clawdbot is open.") },
+        supportingContent = { Text("Keeps the screen awake while Clawdis is open.") },
        trailingContent = { Switch(checked = preventSleep, onCheckedChange = viewModel::setPreventSleep) },
      )
    }
@@ -659,12 +453,3 @@ fun SettingsSheet(viewModel: MainViewModel) {
    item { Spacer(modifier = Modifier.height(20.dp)) }
  }
 }
-
-private fun openAppSettings(context: Context) {
-  val intent =
-    Intent(
-      Settings.ACTION_APPLICATION_DETAILS_SETTINGS,
-      Uri.fromParts("package", context.packageName, null),
-    )
-  context.startActivity(intent)
-}
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/StatusPill.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/StatusPill.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.ui
+package com.steipete.clawdis.node.ui

 import androidx.compose.foundation.layout.Arrangement
 import androidx.compose.foundation.layout.Row
@@ -26,11 +26,11 @@ import androidx.compose.ui.unit.dp

@Composable
 fun StatusPill(
-  gateway: GatewayState,
+  bridge: BridgeState,
  voiceEnabled: Boolean,
+  activity: StatusActivity? = null,
  onClick: () -> Unit,
  modifier: Modifier = Modifier,
-  activity: StatusActivity? = null,
 ) {
  Surface(
    onClick = onClick,
@@ -49,11 +49,11 @@ fun StatusPill(
        Surface(
          modifier = Modifier.size(9.dp),
          shape = CircleShape,
-          color = gateway.color,
+          color = bridge.color,
        ) {}

        Text(
-          text = gateway.title,
+          text = bridge.title,
          style = MaterialTheme.typography.labelLarge,
        )
      }
@@ -106,7 +106,7 @@ data class StatusActivity(
  val tint: Color? = null,
 )

-enum class GatewayState(val title: String, val color: Color) {
+enum class BridgeState(val title: String, val color: Color) {
  Connected("Connected", Color(0xFF2ECC71)),
  Connecting("Connecting…", Color(0xFFF1C40F)),
  Error("Error", Color(0xFFE74C3C)),
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/TalkOrbOverlay.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/TalkOrbOverlay.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.ui
+package com.steipete.clawdis.node.ui

 import androidx.compose.animation.core.LinearEasing
 import androidx.compose.animation.core.RepeatMode
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/ChatComposer.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/ChatComposer.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.ui.chat
+package com.steipete.clawdis.node.ui.chat

 import androidx.compose.foundation.layout.Arrangement
 import androidx.compose.foundation.layout.Box
@@ -38,13 +38,12 @@ import androidx.compose.ui.Alignment
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.graphics.Color
 import androidx.compose.ui.unit.dp
-import com.clawdbot.android.chat.ChatSessionEntry
+import com.steipete.clawdis.node.chat.ChatSessionEntry

@Composable
 fun ChatComposer(
  sessionKey: String,
  sessions: List<ChatSessionEntry>,
-  mainSessionKey: String,
  healthOk: Boolean,
  thinkingLevel: String,
  pendingRunCount: Int,
@@ -62,7 +61,7 @@ fun ChatComposer(
  var showThinkingMenu by remember { mutableStateOf(false) }
  var showSessionMenu by remember { mutableStateOf(false) }

-  val sessionOptions = resolveSessionChoices(sessionKey, sessions, mainSessionKey = mainSessionKey)
+  val sessionOptions = resolveSessionChoices(sessionKey, sessions)
  val currentSessionLabel =
    sessionOptions.firstOrNull { it.key == sessionKey }?.displayName ?: sessionKey

--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/ChatMarkdown.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/ChatMarkdown.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.ui.chat
+package com.steipete.clawdis.node.ui.chat

 import android.graphics.BitmapFactory
 import android.util.Base64
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/ChatMessageListCard.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/ChatMessageListCard.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.ui.chat
+package com.steipete.clawdis.node.ui.chat

 import androidx.compose.foundation.layout.Arrangement
 import androidx.compose.foundation.layout.Box
@@ -20,8 +20,8 @@ import androidx.compose.ui.Alignment
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.draw.alpha
 import androidx.compose.ui.unit.dp
-import com.clawdbot.android.chat.ChatMessage
-import com.clawdbot.android.chat.ChatPendingToolCall
+import com.steipete.clawdis.node.chat.ChatMessage
+import com.steipete.clawdis.node.chat.ChatPendingToolCall

@Composable
 fun ChatMessageListCard(
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/ChatMessageViews.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/ChatMessageViews.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.ui.chat
+package com.steipete.clawdis.node.ui.chat

 import android.graphics.BitmapFactory
 import android.util.Base64
@@ -31,13 +31,11 @@ import androidx.compose.ui.layout.ContentScale
 import androidx.compose.ui.text.font.FontFamily
 import androidx.compose.ui.unit.dp
 import androidx.compose.foundation.Image
-import com.clawdbot.android.chat.ChatMessage
-import com.clawdbot.android.chat.ChatMessageContent
-import com.clawdbot.android.chat.ChatPendingToolCall
-import com.clawdbot.android.tools.ToolDisplayRegistry
+import com.steipete.clawdis.node.chat.ChatMessage
+import com.steipete.clawdis.node.chat.ChatMessageContent
+import com.steipete.clawdis.node.chat.ChatPendingToolCall
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.withContext
-import androidx.compose.ui.platform.LocalContext

@Composable
 fun ChatMessageBubble(message: ChatMessage) {
@@ -106,42 +104,18 @@ fun ChatTypingIndicatorBubble() {

@Composable
 fun ChatPendingToolsBubble(toolCalls: List<ChatPendingToolCall>) {
-  val context = LocalContext.current
-  val displays =
-    remember(toolCalls, context) {
-      toolCalls.map { ToolDisplayRegistry.resolve(context, it.name, it.args) }
-    }
  Row(modifier = Modifier.fillMaxWidth(), horizontalArrangement = Arrangement.Start) {
    Surface(
      shape = RoundedCornerShape(16.dp),
      color = MaterialTheme.colorScheme.surfaceContainer,
    ) {
      Column(modifier = Modifier.padding(horizontal = 12.dp, vertical = 10.dp), verticalArrangement = Arrangement.spacedBy(6.dp)) {
-        Text("Running tools…", style = MaterialTheme.typography.labelLarge, color = MaterialTheme.colorScheme.onSurface)
-        for (display in displays.take(6)) {
-          Column(verticalArrangement = Arrangement.spacedBy(2.dp)) {
-            Text(
-              "${display.emoji} ${display.label}",
-              style = MaterialTheme.typography.bodyMedium,
-              color = MaterialTheme.colorScheme.onSurfaceVariant,
-              fontFamily = FontFamily.Monospace,
-            )
-            display.detailLine?.let { detail ->
-              Text(
-                detail,
-                style = MaterialTheme.typography.bodySmall,
-                color = MaterialTheme.colorScheme.onSurfaceVariant,
-                fontFamily = FontFamily.Monospace,
-              )
-            }
-          }
+        Text("Tools", style = MaterialTheme.typography.labelLarge, color = MaterialTheme.colorScheme.onSurface)
+        for (t in toolCalls.take(6)) {
+          Text("· ${t.name}", style = MaterialTheme.typography.bodyMedium, color = MaterialTheme.colorScheme.onSurfaceVariant)
        }
        if (toolCalls.size > 6) {
-          Text(
-            "… +${toolCalls.size - 6} more",
-            style = MaterialTheme.typography.bodySmall,
-            color = MaterialTheme.colorScheme.onSurfaceVariant,
-          )
+          Text("… +${toolCalls.size - 6} more", style = MaterialTheme.typography.bodySmall, color = MaterialTheme.colorScheme.onSurfaceVariant)
        }
      }
    }
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/ChatSessionsDialog.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/ChatSessionsDialog.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.ui.chat
+package com.steipete.clawdis.node.ui.chat

 import androidx.compose.foundation.layout.Arrangement
 import androidx.compose.foundation.layout.Column
@@ -20,7 +20,7 @@ import androidx.compose.runtime.Composable
 import androidx.compose.ui.Alignment
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.unit.dp
-import com.clawdbot.android.chat.ChatSessionEntry
+import com.steipete.clawdis.node.chat.ChatSessionEntry

@Composable
 fun ChatSessionsDialog(
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/ChatSheetContent.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/ChatSheetContent.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.ui.chat
+package com.steipete.clawdis.node.ui.chat

 import android.content.ContentResolver
 import android.net.Uri
@@ -19,8 +19,8 @@ import androidx.compose.runtime.rememberCoroutineScope
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.platform.LocalContext
 import androidx.compose.ui.unit.dp
-import com.clawdbot.android.MainViewModel
-import com.clawdbot.android.chat.OutgoingAttachment
+import com.steipete.clawdis.node.MainViewModel
+import com.steipete.clawdis.node.chat.OutgoingAttachment
 import java.io.ByteArrayOutputStream
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.launch
@@ -33,14 +33,13 @@ fun ChatSheetContent(viewModel: MainViewModel) {
  val pendingRunCount by viewModel.pendingRunCount.collectAsState()
  val healthOk by viewModel.chatHealthOk.collectAsState()
  val sessionKey by viewModel.chatSessionKey.collectAsState()
-  val mainSessionKey by viewModel.mainSessionKey.collectAsState()
  val thinkingLevel by viewModel.chatThinkingLevel.collectAsState()
  val streamingAssistantText by viewModel.chatStreamingAssistantText.collectAsState()
  val pendingToolCalls by viewModel.chatPendingToolCalls.collectAsState()
  val sessions by viewModel.chatSessions.collectAsState()

-  LaunchedEffect(mainSessionKey) {
-    viewModel.loadChat(mainSessionKey)
+  LaunchedEffect(Unit) {
+    viewModel.loadChat("main")
    viewModel.refreshChatSessions(limit = 200)
  }

@@ -86,7 +85,6 @@ fun ChatSheetContent(viewModel: MainViewModel) {
    ChatComposer(
      sessionKey = sessionKey,
      sessions = sessions,
-      mainSessionKey = mainSessionKey,
      healthOk = healthOk,
      thinkingLevel = thinkingLevel,
      pendingRunCount = pendingRunCount,
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/SessionFilters.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/ui/chat/SessionFilters.kt
@@ -1,24 +1,21 @@
-package com.clawdbot.android.ui.chat
+package com.steipete.clawdis.node.ui.chat

-import com.clawdbot.android.chat.ChatSessionEntry
+import com.steipete.clawdis.node.chat.ChatSessionEntry

+private const val MAIN_SESSION_KEY = "main"
 private const val RECENT_WINDOW_MS = 24 * 60 * 60 * 1000L

 fun resolveSessionChoices(
  currentSessionKey: String,
  sessions: List<ChatSessionEntry>,
-  mainSessionKey: String,
  nowMs: Long = System.currentTimeMillis(),
 ): List<ChatSessionEntry> {
-  val mainKey = mainSessionKey.trim().ifEmpty { "main" }
-  val current = currentSessionKey.trim().let { if (it == "main" && mainKey != "main") mainKey else it }
-  val aliasKey = if (mainKey == "main") null else "main"
+  val current = currentSessionKey.trim()
  val cutoff = nowMs - RECENT_WINDOW_MS
  val sorted = sessions.sortedByDescending { it.updatedAtMs ?: 0L }
  val recent = mutableListOf<ChatSessionEntry>()
  val seen = mutableSetOf<String>()
  for (entry in sorted) {
-    if (aliasKey != null && entry.key == aliasKey) continue
    if (!seen.add(entry.key)) continue
    if ((entry.updatedAtMs ?: 0L) < cutoff) continue
    recent.add(entry)
@@ -26,13 +23,13 @@ fun resolveSessionChoices(

  val result = mutableListOf<ChatSessionEntry>()
  val included = mutableSetOf<String>()
-  val mainEntry = sorted.firstOrNull { it.key == mainKey }
+  val mainEntry = sorted.firstOrNull { it.key == MAIN_SESSION_KEY }
  if (mainEntry != null) {
    result.add(mainEntry)
-    included.add(mainKey)
-  } else if (current == mainKey) {
-    result.add(ChatSessionEntry(key = mainKey, updatedAtMs = null))
-    included.add(mainKey)
+    included.add(MAIN_SESSION_KEY)
+  } else if (current == MAIN_SESSION_KEY) {
+    result.add(ChatSessionEntry(key = MAIN_SESSION_KEY, updatedAtMs = null))
+    included.add(MAIN_SESSION_KEY)
  }

  for (entry in recent) {
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/voice/StreamingMediaDataSource.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/voice/StreamingMediaDataSource.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.voice
+package com.steipete.clawdis.node.voice

 import android.media.MediaDataSource
 import kotlin.math.min
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/voice/TalkDirectiveParser.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/voice/TalkDirectiveParser.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.voice
+package com.steipete.clawdis.node.voice

 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonElement
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/voice/TalkModeManager.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/voice/TalkModeManager.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.voice
+package com.steipete.clawdis.node.voice

 import android.Manifest
 import android.content.Context
@@ -20,9 +20,7 @@ import android.speech.tts.TextToSpeech
 import android.speech.tts.UtteranceProgressListener
 import android.util.Log
 import androidx.core.content.ContextCompat
-import com.clawdbot.android.gateway.GatewaySession
-import com.clawdbot.android.isCanonicalMainSessionKey
-import com.clawdbot.android.normalizeMainKey
+import com.steipete.clawdis.node.bridge.BridgeSession
 import java.net.HttpURLConnection
 import java.net.URL
 import java.util.UUID
@@ -46,9 +44,6 @@ import kotlin.math.max
 class TalkModeManager(
  private val context: Context,
  private val scope: CoroutineScope,
-  private val session: GatewaySession,
-  private val supportsChatSubscribe: Boolean,
-  private val isConnected: () -> Boolean,
 ) {
  companion object {
    private const val tag = "TalkMode"
@@ -102,6 +97,7 @@ class TalkModeManager(
  private var modelOverrideActive = false
  private var mainSessionKey: String = "main"

+  private var session: BridgeSession? = null
  private var pendingRunId: String? = null
  private var pendingFinal: CompletableDeferred<Boolean>? = null
  private var chatSubscribedSessionKey: String? = null
@@ -114,11 +110,9 @@ class TalkModeManager(
  private var systemTtsPending: CompletableDeferred<Unit>? = null
  private var systemTtsPendingId: String? = null

-  fun setMainSessionKey(sessionKey: String?) {
-    val trimmed = sessionKey?.trim().orEmpty()
-    if (trimmed.isEmpty()) return
-    if (isCanonicalMainSessionKey(mainSessionKey)) return
-    mainSessionKey = trimmed
+  fun attachSession(session: BridgeSession) {
+    this.session = session
+    chatSubscribedSessionKey = null
  }

  fun setEnabled(enabled: Boolean) {
@@ -133,7 +127,7 @@ class TalkModeManager(
    }
  }

-  fun handleGatewayEvent(event: String, payloadJson: String?) {
+  fun handleBridgeEvent(event: String, payloadJson: String?) {
    if (event != "chat") return
    if (payloadJson.isNullOrBlank()) return
    val pending = pendingRunId ?: return
@@ -303,24 +297,25 @@ class TalkModeManager(

    reloadConfig()
    val prompt = buildPrompt(transcript)
-    if (!isConnected()) {
-      _statusText.value = "Gateway not connected"
-      Log.w(tag, "finalize: gateway not connected")
+    val bridge = session
+    if (bridge == null) {
+      _statusText.value = "Bridge not connected"
+      Log.w(tag, "finalize: bridge not connected")
      start()
      return
    }

    try {
      val startedAt = System.currentTimeMillis().toDouble() / 1000.0
-      subscribeChatIfNeeded(session = session, sessionKey = mainSessionKey)
+      subscribeChatIfNeeded(bridge = bridge, sessionKey = mainSessionKey)
      Log.d(tag, "chat.send start sessionKey=${mainSessionKey.ifBlank { "main" }} chars=${prompt.length}")
-      val runId = sendChat(prompt, session)
+      val runId = sendChat(prompt, bridge)
      Log.d(tag, "chat.send ok runId=$runId")
      val ok = waitForChatFinal(runId)
      if (!ok) {
        Log.w(tag, "chat final timeout runId=$runId; attempting history fallback")
      }
-      val assistant = waitForAssistantText(session, startedAt, if (ok) 12_000 else 25_000)
+      val assistant = waitForAssistantText(bridge, startedAt, if (ok) 12_000 else 25_000)
      if (assistant.isNullOrBlank()) {
        _statusText.value = "No reply"
        Log.w(tag, "assistant text timeout runId=$runId")
@@ -339,13 +334,12 @@ class TalkModeManager(
    }
  }

-  private suspend fun subscribeChatIfNeeded(session: GatewaySession, sessionKey: String) {
-    if (!supportsChatSubscribe) return
+  private suspend fun subscribeChatIfNeeded(bridge: BridgeSession, sessionKey: String) {
    val key = sessionKey.trim()
    if (key.isEmpty()) return
    if (chatSubscribedSessionKey == key) return
    try {
-      session.sendNodeEvent("chat.subscribe", """{"sessionKey":"$key"}""")
+      bridge.sendEvent("chat.subscribe", """{"sessionKey":"$key"}""")
      chatSubscribedSessionKey = key
      Log.d(tag, "chat.subscribe ok sessionKey=$key")
    } catch (err: Throwable) {
@@ -367,7 +361,7 @@ class TalkModeManager(
    return lines.joinToString("\n")
  }

-  private suspend fun sendChat(message: String, session: GatewaySession): String {
+  private suspend fun sendChat(message: String, bridge: BridgeSession): String {
    val runId = UUID.randomUUID().toString()
    val params =
      buildJsonObject {
@@ -377,7 +371,7 @@ class TalkModeManager(
        put("timeoutMs", JsonPrimitive(30_000))
        put("idempotencyKey", JsonPrimitive(runId))
      }
-    val res = session.request("chat.send", params.toString())
+    val res = bridge.request("chat.send", params.toString())
    val parsed = parseRunId(res) ?: runId
    if (parsed != runId) {
      pendingRunId = parsed
@@ -408,13 +402,13 @@ class TalkModeManager(
  }

  private suspend fun waitForAssistantText(
-    session: GatewaySession,
+    bridge: BridgeSession,
    sinceSeconds: Double,
    timeoutMs: Long,
  ): String? {
    val deadline = SystemClock.elapsedRealtime() + timeoutMs
    while (SystemClock.elapsedRealtime() < deadline) {
-      val text = fetchLatestAssistantText(session, sinceSeconds)
+      val text = fetchLatestAssistantText(bridge, sinceSeconds)
      if (!text.isNullOrBlank()) return text
      delay(300)
    }
@@ -422,11 +416,11 @@ class TalkModeManager(
  }

  private suspend fun fetchLatestAssistantText(
-    session: GatewaySession,
+    bridge: BridgeSession,
    sinceSeconds: Double? = null,
  ): String? {
    val key = mainSessionKey.ifBlank { "main" }
-    val res = session.request("chat.history", "{\"sessionKey\":\"$key\"}")
+    val res = bridge.request("chat.history", "{\"sessionKey\":\"$key\"}")
    val root = json.parseToJsonElement(res).asObjectOrNull() ?: return null
    val messages = root["messages"] as? JsonArray ?: return null
    for (item in messages.reversed()) {
@@ -720,7 +714,6 @@ class TalkModeManager(
            systemTtsPendingId = null
          }

-          @Suppress("OVERRIDE_DEPRECATION")
          @Deprecated("Deprecated in Java")
          override fun onError(utteranceId: String?) {
            if (utteranceId == null) return
@@ -810,16 +803,17 @@ class TalkModeManager(
  }

  private suspend fun reloadConfig() {
+    val bridge = session ?: return
    val envVoice = System.getenv("ELEVENLABS_VOICE_ID")?.trim()
    val sagVoice = System.getenv("SAG_VOICE_ID")?.trim()
    val envKey = System.getenv("ELEVENLABS_API_KEY")?.trim()
    try {
-      val res = session.request("config.get", "{}")
+      val res = bridge.request("config.get", "{}")
      val root = json.parseToJsonElement(res).asObjectOrNull()
      val config = root?.get("config").asObjectOrNull()
      val talk = config?.get("talk").asObjectOrNull()
      val sessionCfg = config?.get("session").asObjectOrNull()
-      val mainKey = normalizeMainKey(sessionCfg?.get("mainKey").asStringOrNull())
+      val mainKey = sessionCfg?.get("mainKey").asStringOrNull()?.trim()?.takeIf { it.isNotEmpty() } ?: "main"
      val voice = talk?.get("voiceId")?.asStringOrNull()?.trim()?.takeIf { it.isNotEmpty() }
      val aliases =
        talk?.get("voiceAliases").asObjectOrNull()?.entries?.mapNotNull { (key, value) ->
@@ -831,9 +825,7 @@ class TalkModeManager(
      val key = talk?.get("apiKey")?.asStringOrNull()?.trim()?.takeIf { it.isNotEmpty() }
      val interrupt = talk?.get("interruptOnSpeech")?.asBooleanOrNull()

-      if (!isCanonicalMainSessionKey(mainSessionKey)) {
-        mainSessionKey = mainKey
-      }
+      mainSessionKey = mainKey
      defaultVoiceId = voice ?: envVoice?.takeIf { it.isNotEmpty() } ?: sagVoice?.takeIf { it.isNotEmpty() }
      voiceAliases = aliases
      if (!voiceOverrideActive) currentVoiceId = defaultVoiceId
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/voice/VoiceWakeCommandExtractor.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/voice/VoiceWakeCommandExtractor.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.voice
+package com.steipete.clawdis.node.voice

 object VoiceWakeCommandExtractor {
  fun extractCommand(text: String, triggerWords: List<String>): String? {
--- a/apps/android/app/src/main/java/com/steipete/clawdis/node/voice/VoiceWakeManager.kt
+++ b/apps/android/app/src/main/java/com/steipete/clawdis/node/voice/VoiceWakeManager.kt
@@ -1,4 +1,4 @@
-package com.clawdbot.android.voice
+package com.steipete.clawdis.node.voice

 import android.content.Context
 import android.content.Intent
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Peter Steinberger	fc4affb949	docs: update changelog for gog skill	2026-01-03 11:18:08 +01:00
Mariano Belinky	b219ad5fda	docs: add Sheets/Docs examples to gog skill	2026-01-03 11:17:34 +01:00