fix: harden memory plugin config (#1149 ) (thanks @radek-paclt)

feat(memory): add lifecycle hooks and vector memory plugin
Add plugin lifecycle hooks infrastructure: - before_agent_start: inject context before agent loop - agent_end: analyze conversation after completion - 13 hook types total (message, tool, session, gateway hooks) Memory plugin implementation: - LanceDB vector storage with OpenAI embeddings - kind: "memory" to integrate with upstream slot system - Auto-recall: injects <relevant-memories> when context found - Auto-capture: stores preferences, decisions, entities - Rule-based capture filtering with 0.95 similarity dedup - Tools: memory_recall, memory_store, memory_forget - CLI: clawdbot ltm list|search|stats Plugin infrastructure: - api.on() method for hook registration - Global hook runner singleton for cross-module access - Priority ordering and error catching Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-18 07:09:49 +00:00 · 2026-01-18 06:59:03 +00:00 · 2026-01-18 06:55:04 +00:00 · 2026-01-18 06:39:26 +00:00 · 2026-01-18 06:37:37 +00:00 · 2026-01-18 06:37:29 +00:00
2898 changed files with 320683 additions and 136133 deletions
--- a/.detect-secrets.cfg
+++ b/.detect-secrets.cfg
@@ -0,0 +1,26 @@
+# detect-secrets exclusion patterns (regex)
+#
+# Note: detect-secrets does not read this file by default. If you want these
+# applied, wire them into your scan command (e.g. translate to --exclude-files
+# / --exclude-lines) or into a baseline's filters_used.
+
+[exclude-files]
+# pnpm lockfiles contain lots of high-entropy package integrity blobs.
+pattern = (^|/)pnpm-lock\.yaml$
+
+[exclude-lines]
+# Fastlane checks for private key marker; not a real key.
+pattern = key_content\.include\?\("BEGIN PRIVATE KEY"\)
+# UI label string for Anthropic auth mode.
+pattern = case \.apiKeyEnv: "API key \(env var\)"
+# CodingKeys mapping uses apiKey literal.
+pattern = case apikey = "apiKey"
+# Schema labels referencing password fields (not actual secrets).
+pattern = "gateway\.remote\.password"
+pattern = "gateway\.auth\.password"
+# Schema label for talk API key (label text only).
+pattern = "talk\.apiKey"
+# checking for typeof is not something we care about.
+pattern = === "string"
+# specific optional-chaining password check that didn't match the line above.
+pattern = typeof remote\?\.password === "string"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -74,9 +74,9 @@ jobs:
          - runtime: node
            task: protocol
            command: pnpm protocol:check
-          - runtime: bun
-            task: lint
-            command: bunx biome check src
+          - runtime: node
+            task: format
+            command: pnpm format
          - runtime: bun
            task: test
            command: bunx vitest run
@@ -141,6 +141,31 @@ jobs:
      - name: Run ${{ matrix.task }} (${{ matrix.runtime }})
        run: ${{ matrix.command }}

+  secrets:
+    runs-on: blacksmith-4vcpu-ubuntu-2404
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: false
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install detect-secrets
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install detect-secrets==1.5.0
+
+      - name: Detect secrets
+        run: |
+          if ! detect-secrets scan --baseline .secrets.baseline; then
+            echo "::error::Secret scanning failed. See docs/gateway/security.md#secret-scanning-detect-secrets"
+            exit 1
+          fi
+
  checks-windows:
    runs-on: blacksmith-4vcpu-windows-2025
    defaults:
--- a/.github/workflows/install-smoke.yml
+++ b/.github/workflows/install-smoke.yml
@@ -0,0 +1,33 @@
+name: Install Smoke
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  install-smoke:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout CLI
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v3
+        with:
+          version: 10
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Install pnpm deps (minimal)
+        run: pnpm install --ignore-scripts --frozen-lockfile
+
+      - name: Run installer docker tests
+        env:
+          CLAWDBOT_INSTALL_URL: https://clawd.bot/install.sh
+          CLAWDBOT_INSTALL_CLI_URL: https://clawd.bot/install-cli.sh
+          CLAWDBOT_NO_ONBOARD: "1"
+          CLAWDBOT_INSTALL_SMOKE_SKIP_CLI: "1"
+          CLAWDBOT_INSTALL_SMOKE_PREVIOUS: "2026.1.11-4"
+        run: pnpm test:install:smoke
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 node_modules
 .env
+docker-compose.extra.yml
 dist
 *.bun-build
 pnpm-lock.yaml
@@ -54,3 +55,6 @@ apps/ios/*.mobileprovision
 # Local untracked files
 .local/
 .vscode/
+IDENTITY.md
+USER.md
+.tgz
--- a/.npmrc
+++ b/.npmrc
@@ -1 +1 @@
-allow-build-scripts=@whiskeysockets/baileys,sharp,esbuild,protobufjs,fs-ext,node-pty
+allow-build-scripts=@whiskeysockets/baileys,sharp,esbuild,protobufjs,fs-ext,node-pty,@lydell/node-pty
--- a/.oxfmtrc.jsonc
+++ b/.oxfmtrc.jsonc
@@ -0,0 +1,5 @@
+{
+  "$schema": "./node_modules/oxfmt/configuration_schema.json",
+  "indentWidth": 2,
+  "printWidth": 100
+}
--- a/.oxlintrc.json
+++ b/.oxlintrc.json
@@ -0,0 +1,12 @@
+{
+  "$schema": "./node_modules/oxlint/configuration_schema.json",
+  "plugins": [
+    "unicorn",
+    "typescript",
+    "oxc"
+  ],
+  "categories": {
+    "correctness": "error"
+  },
+  "ignorePatterns": ["src/canvas-host/a2ui/a2ui.bundle.js"]
+}
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -0,0 +1,518 @@
+{
+  "version": "1.5.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "GitLabTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "IPPublicDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "OpenAIDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "PypiTokenDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TelegramBotTokenDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    },
+    {
+      "path": "detect_secrets.filters.regex.should_exclude_file",
+      "pattern": [
+        "(^|/)pnpm-lock\\.yaml$"
+      ]
+    },
+    {
+      "path": "detect_secrets.filters.regex.should_exclude_line",
+      "pattern": [
+        "key_content\\.include\\?\\(\"BEGIN PRIVATE KEY\"\\)",
+        "case \\.apiKeyEnv: \"API key \\(env var\\)\"",
+        "case apikey = \"apiKey\"",
+        "\"gateway\\.remote\\.password\"",
+        "\"gateway\\.auth\\.password\"",
+        "\"talk\\.apiKey\"",
+        "=== \"string\"",
+        "typeof remote\\?\\.password === \"string\""
+      ]
+    }
+  ],
+  "results": {
+    ".env.example": [
+      {
+        "type": "Twilio API Key",
+        "filename": ".env.example",
+        "hashed_secret": "3c7206eff845bc69cf12d904d0f95f9aec15535e",
+        "is_verified": false,
+        "line_number": 2
+      }
+    ],
+    "appcast.xml": [
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "appcast.xml",
+        "hashed_secret": "1b1c2b73eca84e441a823c37a06c71c9fadcfe24",
+        "is_verified": false,
+        "line_number": 19
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "appcast.xml",
+        "hashed_secret": "5c47736fee5151b26b3bb61bb38955da0e8937c6",
+        "is_verified": false,
+        "line_number": 35
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "appcast.xml",
+        "hashed_secret": "bbbca47179268f154c63affa0ca441c6e49e650f",
+        "is_verified": false,
+        "line_number": 52
+      }
+    ],
+    "apps/macos/Tests/ClawdbotIPCTests/AnthropicAuthResolverTests.swift": [
+      {
+        "type": "Secret Keyword",
+        "filename": "apps/macos/Tests/ClawdbotIPCTests/AnthropicAuthResolverTests.swift",
+        "hashed_secret": "e761624445731fcb8b15da94343c6b92e507d190",
+        "is_verified": false,
+        "line_number": 26
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "apps/macos/Tests/ClawdbotIPCTests/AnthropicAuthResolverTests.swift",
+        "hashed_secret": "a23c8630c8a5fbaa21f095e0269c135c20d21689",
+        "is_verified": false,
+        "line_number": 42
+      }
+    ],
+    "apps/macos/Tests/ClawdbotIPCTests/ConnectionsSettingsSmokeTests.swift": [
+      {
+        "type": "Secret Keyword",
+        "filename": "apps/macos/Tests/ClawdbotIPCTests/ConnectionsSettingsSmokeTests.swift",
+        "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
+        "is_verified": false,
+        "line_number": 83
+      }
+    ],
+    "apps/macos/Tests/ClawdbotIPCTests/TailscaleIntegrationSectionTests.swift": [
+      {
+        "type": "Secret Keyword",
+        "filename": "apps/macos/Tests/ClawdbotIPCTests/TailscaleIntegrationSectionTests.swift",
+        "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
+        "is_verified": false,
+        "line_number": 27
+      }
+    ],
+    "docs/configuration.md": [
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/configuration.md",
+        "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
+        "is_verified": false,
+        "line_number": 268
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/configuration.md",
+        "hashed_secret": "1188d5a8ed7edcff5144a9472af960243eacf12e",
+        "is_verified": false,
+        "line_number": 465
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/configuration.md",
+        "hashed_secret": "22af290a1a3d5e941193a41a3d3a9e4ca8da5e27",
+        "is_verified": false,
+        "line_number": 718
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/configuration.md",
+        "hashed_secret": "16c249e04e2be318050cb883c40137361c0c7209",
+        "is_verified": false,
+        "line_number": 760
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/configuration.md",
+        "hashed_secret": "c1e6ee547fd492df1441ac492e8bb294974712bd",
+        "is_verified": false,
+        "line_number": 859
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/configuration.md",
+        "hashed_secret": "45d676e7c6ab44cf4b8fa366ef2d8fccd3e6d6e6",
+        "is_verified": false,
+        "line_number": 982
+      }
+    ],
+    "docs/faq.md": [
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/faq.md",
+        "hashed_secret": "a219d7693c25cd2d93313512e200ff3eb374d281",
+        "is_verified": false,
+        "line_number": 593
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/faq.md",
+        "hashed_secret": "ec3810e10fb78db55ce38b9c18d1c3eb1db739e0",
+        "is_verified": false,
+        "line_number": 650
+      }
+    ],
+    "docs/skills-config.md": [
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/skills-config.md",
+        "hashed_secret": "c1e6ee547fd492df1441ac492e8bb294974712bd",
+        "is_verified": false,
+        "line_number": 28
+      }
+    ],
+    "docs/skills.md": [
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/skills.md",
+        "hashed_secret": "c1e6ee547fd492df1441ac492e8bb294974712bd",
+        "is_verified": false,
+        "line_number": 97
+      }
+    ],
+    "docs/tailscale.md": [
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/tailscale.md",
+        "hashed_secret": "9cb0dc5383312aa15b9dc6745645bde18ff5ade9",
+        "is_verified": false,
+        "line_number": 52
+      }
+    ],
+    "docs/talk.md": [
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/talk.md",
+        "hashed_secret": "1188d5a8ed7edcff5144a9472af960243eacf12e",
+        "is_verified": false,
+        "line_number": 50
+      }
+    ],
+    "docs/telegram.md": [
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/telegram.md",
+        "hashed_secret": "e9fe51f94eadabf54dbf2fbbd57188b9abee436e",
+        "is_verified": false,
+        "line_number": 57
+      }
+    ],
+    "skills/local-places/SERVER_README.md": [
+      {
+        "type": "Secret Keyword",
+        "filename": "skills/local-places/SERVER_README.md",
+        "hashed_secret": "6d9c68c603e465077bdd49c62347fe54717f83a3",
+        "is_verified": false,
+        "line_number": 28
+      }
+    ],
+    "skills/openai-whisper-api/SKILL.md": [
+      {
+        "type": "Secret Keyword",
+        "filename": "skills/openai-whisper-api/SKILL.md",
+        "hashed_secret": "1077361f94d70e1ddcc7c6dc581a489532a81d03",
+        "is_verified": false,
+        "line_number": 39
+      }
+    ],
+    "skills/trello/SKILL.md": [
+      {
+        "type": "Secret Keyword",
+        "filename": "skills/trello/SKILL.md",
+        "hashed_secret": "11fa7c37d697f30e6aee828b4426a10f83ab2380",
+        "is_verified": false,
+        "line_number": 18
+      }
+    ],
+    "src/agents/models-config.test.ts": [
+      {
+        "type": "Secret Keyword",
+        "filename": "src/agents/models-config.test.ts",
+        "hashed_secret": "7cf31e8b6cda49f70c31f1f25af05d46f924142d",
+        "is_verified": false,
+        "line_number": 25
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "src/agents/models-config.test.ts",
+        "hashed_secret": "3a81eb091f80c845232225be5663d270e90dacb7",
+        "is_verified": false,
+        "line_number": 90
+      }
+    ],
+    "src/agents/skills.test.ts": [
+      {
+        "type": "Secret Keyword",
+        "filename": "src/agents/skills.test.ts",
+        "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f",
+        "is_verified": false,
+        "line_number": 158
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "src/agents/skills.test.ts",
+        "hashed_secret": "7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb",
+        "is_verified": false,
+        "line_number": 265
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "src/agents/skills.test.ts",
+        "hashed_secret": "5df3a673d724e8a1eb673a8baf623e183940804d",
+        "is_verified": false,
+        "line_number": 462
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "src/agents/skills.test.ts",
+        "hashed_secret": "8921daaa546693e52bc1f9c40bdcf15e816e0448",
+        "is_verified": false,
+        "line_number": 490
+      }
+    ],
+    "src/browser/target-id.test.ts": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "src/browser/target-id.test.ts",
+        "hashed_secret": "4e126c049580d66ca1549fa534d95a7263f27f46",
+        "is_verified": false,
+        "line_number": 16
+      }
+    ],
+    "src/commands/antigravity-oauth.ts": [
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "src/commands/antigravity-oauth.ts",
+        "hashed_secret": "709d0f232b6ac4f8d24dec3e4fabfdb14257174f",
+        "is_verified": false,
+        "line_number": 17
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "src/commands/antigravity-oauth.ts",
+        "hashed_secret": "3848603b8e866f62d07c206ff622279b9dcb0238",
+        "is_verified": false,
+        "line_number": 20
+      }
+    ],
+    "src/commands/onboard-auth.ts": [
+      {
+        "type": "Secret Keyword",
+        "filename": "src/commands/onboard-auth.ts",
+        "hashed_secret": "16c249e04e2be318050cb883c40137361c0c7209",
+        "is_verified": false,
+        "line_number": 50
+      }
+    ],
+    "src/config/config.test.ts": [
+      {
+        "type": "Secret Keyword",
+        "filename": "src/config/config.test.ts",
+        "hashed_secret": "bea2f7b64fab8d1d414d0449530b1e088d36d5b1",
+        "is_verified": false,
+        "line_number": 520
+      }
+    ],
+    "src/gateway/server.auth.test.ts": [
+      {
+        "type": "Secret Keyword",
+        "filename": "src/gateway/server.auth.test.ts",
+        "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
+        "is_verified": false,
+        "line_number": 89
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "src/gateway/server.auth.test.ts",
+        "hashed_secret": "a4b48a81cdab1e1a5dd37907d6c85ca1c61ddc7c",
+        "is_verified": false,
+        "line_number": 109
+      }
+    ],
+    "src/infra/env.test.ts": [
+      {
+        "type": "Secret Keyword",
+        "filename": "src/infra/env.test.ts",
+        "hashed_secret": "df98a117ddabf85991b9fe0e268214dc0e1254dc",
+        "is_verified": false,
+        "line_number": 10
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "src/infra/env.test.ts",
+        "hashed_secret": "6d811dc1f59a55ca1a3d38b5042a062b9f79e8ec",
+        "is_verified": false,
+        "line_number": 25
+      }
+    ],
+    "src/infra/shell-env.test.ts": [
+      {
+        "type": "Secret Keyword",
+        "filename": "src/infra/shell-env.test.ts",
+        "hashed_secret": "65c10dc3549fe07424148a8a4790a3341ecbc253",
+        "is_verified": false,
+        "line_number": 35
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "src/infra/shell-env.test.ts",
+        "hashed_secret": "64db6bf7f0e5a0491df4419f0eb1bbcc402989e8",
+        "is_verified": false,
+        "line_number": 56
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "src/infra/shell-env.test.ts",
+        "hashed_secret": "e013ffda590d2178607c16d11b1ea42f75ceb0e7",
+        "is_verified": false,
+        "line_number": 73
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "src/infra/shell-env.test.ts",
+        "hashed_secret": "be6ee9a6bf9f2dad84a5a67d6c0576a5bacc391e",
+        "is_verified": false,
+        "line_number": 75
+      }
+    ],
+    "src/web/qr-image.test.ts": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "src/web/qr-image.test.ts",
+        "hashed_secret": "564666dc1ca6e7318b2d5feeb1ce7b5bf717411e",
+        "is_verified": false,
+        "line_number": 12
+      }
+    ],
+    "vendor/a2ui/README.md": [
+      {
+        "type": "Secret Keyword",
+        "filename": "vendor/a2ui/README.md",
+        "hashed_secret": "2619a5397a5d054dab3fe24e6a8da1fbd76ec3a6",
+        "is_verified": false,
+        "line_number": 123
+      }
+    ]
+  },
+  "generated_at": "2026-01-05T13:01:00Z"
+}
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,15 +1,22 @@
 # Repository Guidelines
+- Repo: https://github.com/clawdbot/clawdbot
+- GitHub issues: use literal multiline strings or $'...' for newlines; avoid "\\n" escapes in `gh issue create/edit`.

 ## Project Structure & Module Organization
 - Source code: `src/` (CLI wiring in `src/cli`, commands in `src/commands`, web provider in `src/provider-web.ts`, infra in `src/infra`, media pipeline in `src/media`).
 - Tests: colocated `*.test.ts`.
 - Docs: `docs/` (images, queue, Pi config). Built output lives in `dist/`.
+- Plugins/extensions: live under `extensions/*` (workspace packages). Keep plugin-only deps in the extension `package.json`; do not add them to the root `package.json` unless core uses them.
+- Installers served from `https://clawd.bot/*`: live in the sibling repo `../clawd.bot` (`public/install.sh`, `public/install-cli.sh`, `public/install.ps1`).

 ## Docs Linking (Mintlify)
 - Docs are hosted on Mintlify (docs.clawd.bot).
 - Internal doc links in `docs/**/*.md`: root-relative, no `.md`/`.mdx` (example: `[Config](/configuration)`).
 - Section cross-references: use anchors on root-relative paths (example: `[Hooks](/configuration#hooks)`).
+- When Peter asks for links, reply with full `https://docs.clawd.bot/...` URLs (not root-relative).
+- When you touch docs, end the reply with the `https://docs.clawd.bot/...` URLs you referenced.
 - README (GitHub): keep absolute docs URLs (`https://docs.clawd.bot/...`) so links work on GitHub.
+- Docs content must be generic: no personal device names/hostnames/paths; use placeholders like `user@gateway-host` and “gateway host”.

 ## Build, Test, and Development Commands
 - Runtime baseline: Node **22+** (keep Node + Bun paths working).
@@ -19,12 +26,12 @@
 - Run CLI in dev: `pnpm clawdbot ...` (bun) or `pnpm dev`.
 - Node remains supported for running built output (`dist/*`) and production installs.
 - Type-check/build: `pnpm build` (tsc)
- Lint/format: `pnpm lint` (biome check), `pnpm format` (biome format)
+- Lint/format: `pnpm lint` (oxlint), `pnpm format` (oxfmt)
 - Tests: `pnpm test` (vitest); coverage: `pnpm test:coverage`

 ## Coding Style & Naming Conventions
 - Language: TypeScript (ESM). Prefer strict typing; avoid `any`.
- Formatting/linting via Biome; run `pnpm lint` before commits.
+- Formatting/linting via Oxlint and Oxfmt; run `pnpm lint` before commits.
 - Add brief code comments for tricky or non-obvious logic.
 - Keep files concise; extract helpers instead of “V2” copies. Use existing patterns for CLI options and dependency injection via `createDefaultDeps`.
 - Aim to keep files under ~700 LOC; guideline only (not a hard guardrail). Split/refactor when it improves clarity or testability.
@@ -47,12 +54,16 @@
 - PRs should summarize scope, note testing performed, and mention any user-facing changes or new flags.
 - PR review flow: when given a PR link, review via `gh pr view`/`gh pr diff` and do **not** change branches.
 - PR merge flow: create a temp branch from `main`, merge the PR branch into it (prefer squash unless commit history is important; use rebase/merge when it is). Always try to merge the PR unless it’s truly difficult, then use another approach. If we squash, add the PR author as a co-contributor. Apply fixes, add changelog entry (include PR # + thanks), run full gate before the final commit, commit, merge back to `main`, delete the temp branch, and end on `main`.
+- If you review a PR and later do work on it, land via merge/squash (no direct-main commits) and always add the PR author as a co-contributor.
 - When working on a PR: add a changelog entry with the PR number and thank the contributor.
 - When working on an issue: reference the issue in the changelog entry.
 - When merging a PR: leave a PR comment that explains exactly what we did and include the SHA hashes.
 - When merging a PR from a new contributor: add their avatar to the README “Thanks to all clawtributors” thumbnail list.
 - After merging a PR: run `bun scripts/update-clawtributors.ts` if the contributor is missing, then commit the regenerated README.

+## Shorthand Commands
+- `sync up`: if working tree is dirty, commit all changes (pick a sensible Conventional Commit message), then `git pull --rebase`; if rebase conflicts and cannot resolve, stop; otherwise `git push`.
+
 ### PR Workflow (Review vs Land)
 - **Review mode (PR link only):** read `gh pr view/diff`; **do not** switch branches; **do not** change code.
 - **Landing mode:** create an integration branch from `main`, bring in PR commits (**prefer rebase** for linear history; **merge allowed** when complexity/conflicts make it safer), apply fixes, add changelog (+ thanks + PR #), run full gate **locally before committing** (`pnpm lint && pnpm build && pnpm test`), commit, merge back to `main`, then `git switch main` (never stay on a topic branch after landing). Important: contributor needs to be in git graph after this!
@@ -60,15 +71,21 @@
 ## Security & Configuration Tips
 - Web provider stores creds at `~/.clawdbot/credentials/`; rerun `clawdbot login` if logged out.
 - Pi sessions live under `~/.clawdbot/sessions/` by default; the base directory is not configurable.
+- Environment variables: see `~/.profile`.
 - Never commit or publish real phone numbers, videos, or live configuration values. Use obviously fake placeholders in docs, tests, and examples.
+ - Release flow: always read `docs/reference/RELEASING.md` and `docs/platforms/mac/release.md` before any release work; do not ask routine questions once those docs answer them.

 ## Troubleshooting
- Rebrand/migration issues (Clawdis → Clawdbot) or legacy config/service warnings: run `clawdbot doctor` (see `docs/gateway/doctor.md`).
+- Rebrand/migration issues or legacy config/service warnings: run `clawdbot doctor` (see `docs/gateway/doctor.md`).

 ## Agent-Specific Notes
 - Vocabulary: "makeup" = "mac app".
+- When working on a GitHub Issue or PR, print the full URL at the end of the task.
 - When answering questions, respond with high-confidence answers only: verify in code; do not guess.
 - Never update the Carbon dependency.
+- Any dependency with `pnpm.patchedDependencies` must use an exact version (no `^`/`~`).
+- CLI progress: use `src/cli/progress.ts` (`osc-progress` + `@clack/prompts` spinner); don’t hand-roll spinners/bars.
+- Status output: keep tables + ANSI-safe wrapping (`src/terminal/table.ts`); `status --all` = read-only/pasteable, `status --deep` = probes.
 - Gateway currently runs only as the menubar app; there is no separate LaunchAgent/helper label installed. Restart via the Clawdbot Mac app or `scripts/restart-mac.sh`; to verify/kill use `launchctl print gui/$UID | grep clawdbot` rather than assuming a fixed label. **When debugging on macOS, start/stop the gateway via the app, not ad-hoc tmux sessions; kill any temporary tunnels before handoff.**
 - macOS logs: use `./scripts/clawlog.sh` (aka `vtlog`) to query unified logs for the Clawdbot subsystem; it supports follow/tail/category filters and expects passwordless sudo for `/usr/bin/log`.
 - If shared guardrails are available locally, review them; otherwise follow this repo's guidance.
@@ -91,6 +108,8 @@
 - **Multi-agent safety:** focus reports on your edits; avoid guard-rail disclaimers unless truly blocked; when multiple agents touch the same file, continue if safe; end with a brief “other files present” note only if relevant.
 - Bug investigations: read source code of relevant npm dependencies and all related local code before concluding; aim for high-confidence root cause.
 - Code style: add brief comments for tricky logic; keep files under ~500 LOC when feasible (split/refactor as needed).
+- Tool schema guardrails (google-antigravity): avoid `Type.Union` in tool input schemas; no `anyOf`/`oneOf`/`allOf`. Use `stringEnum`/`optionalStringEnum` (Type.Unsafe enum) for string lists, and `Type.Optional(...)` instead of `... | null`. Keep top-level tool schema as `type: "object"` with `properties`.
+- Tool schema guardrails: avoid raw `format` property names in tool schemas; some validators treat `format` as a reserved keyword and reject the schema.
 - When asked to open a “session” file, open the Pi session logs under `~/.clawdbot/agents/main/sessions/*.jsonl` (newest unless a specific ID is given), not the default `sessions.json`. If logs are needed from another machine, SSH via Tailscale and read the same path there.
 - Menubar dimming + restart flow mirrors Trimmy: use `scripts/restart-mac.sh` (kills all Clawdbot variants, runs `swift build`, packages, relaunches). Icon dimming depends on MenuBarExtraAccess wiring in AppMain; keep `appearsDisabled` updates intact when touching the status item.
 - Do not rebuild the macOS app over SSH; rebuilds must be run directly on the Mac.
@@ -99,6 +118,15 @@
  - Command template should stay `clawdbot-mac agent --message "${text}" --thinking low`; `VoiceWakeForwarder` already shell-escapes `${text}`. Don’t add extra quotes.
  - launchd PATH is minimal; ensure the app’s launch agent PATH includes standard system paths plus your pnpm bin (typically `$HOME/Library/pnpm`) so `pnpm`/`clawdbot` binaries resolve when invoked via `clawdbot-mac`.
 - For manual `clawdbot message send` messages that include `!`, use the heredoc pattern noted below to avoid the Bash tool’s escaping.
+- Release guardrails: do not change version numbers without operator’s explicit consent; always ask permission before running any npm publish/release step.
+
+## NPM + 1Password (publish/verify)
+- Use the 1password skill; all `op` commands must run inside a fresh tmux session.
+- Sign in: `eval "$(op signin --account my.1password.com)"` (app unlocked + integration on).
+- OTP: `op read 'op://Private/Npmjs/one-time password?attribute=otp'`.
+- Publish: `npm publish --access public --otp="<otp>"` (run from the package dir).
+- Verify without local npmrc side effects: `npm view <pkg> version --userconfig "$(mktemp)"`.
+- Kill the tmux session after publish.

 ## Exclamation Mark Escaping Workaround
 The Claude Code Bash tool escapes `!` to `\\!` in command arguments. When using `clawdbot message send` with messages containing exclamation marks, use heredoc syntax:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,654 @@
 # Changelog

+Docs: https://docs.clawd.bot
+
+## 2026.1.18-3
+
+### Changes
+- Exec: add host/security/ask routing for gateway + node exec.
+- Exec: add `/exec` directive for per-session exec defaults (host/security/ask/node).
+- macOS: migrate exec approvals to `~/.clawdbot/exec-approvals.json` with per-agent allowlists and skill auto-allow toggle.
+- macOS: add approvals socket UI server + node exec lifecycle events.
+- Plugins: add typed lifecycle hooks + vector memory plugin. (#1149) — thanks @radek-paclt.
+- Slash commands: replace `/cost` with `/usage off|tokens|full` to control per-response usage footer; `/usage` no longer aliases `/status`. (Supersedes #1140) — thanks @Nachx639.
+- Sessions: add daily reset policy with per-type overrides and idle windows (default 4am local), preserving legacy idle-only configs. (#1146) — thanks @austinm911.
+- Docs: refresh exec/elevated/exec-approvals docs for the new flow. https://docs.clawd.bot/tools/exec-approvals
+
+### Fixes
+- Tools: return a companion-app-required message when node exec is requested with no paired node.
+- Streaming: emit assistant deltas for OpenAI-compatible SSE chunks. (#1147) — thanks @alauppe.
+
+## 2026.1.18-2
+
+### Fixes
+- Tests: stabilize plugin SDK resolution and embedded agent timeouts.
+
+## 2026.1.17-6
+
+### Changes
+- Plugins: add exclusive plugin slots with a dedicated memory slot selector.
+- Memory: ship core memory tools + CLI as the bundled `memory-core` plugin.
+- Docs: document plugin slots and memory plugin behavior.
+- Plugins: add the bundled BlueBubbles channel plugin (disabled by default).
+- Plugins: migrate bundled messaging extensions to the plugin SDK; resolve plugin-sdk imports in loader.
+- Plugins: migrate the Zalo plugin to the shared plugin SDK runtime.
+- Plugins: migrate the Zalo Personal plugin to the shared plugin SDK runtime.
+
+## 2026.1.17-5
+
+### Changes
+- Memory: add hybrid BM25 + vector search (FTS5) with weighted merging and fallback.
+- Memory: add SQLite embedding cache to speed up reindexing and frequent updates.
+- CLI: surface FTS + embedding cache state in `clawdbot memory status`.
+- Memory: render progress immediately, color batch statuses in verbose logs, and poll OpenAI batch status every 2s by default.
+- Plugins: allow optional agent tools with explicit allowlists and add plugin tool authoring guide. https://docs.clawd.bot/plugins/agent-tools
+- Tools: centralize plugin tool policy helpers.
+- Commands: add `/subagents info` and show sub-agent counts in `/status`.
+- Docs: clarify plugin agent tool configuration. https://docs.clawd.bot/plugins/agent-tools
+
+### Fixes
+- Voice call: include request query in Twilio webhook verification when publicUrl is set. (#864)
+
+## 2026.1.18-1
+
+### Changes
+- Tools: allow `sessions_spawn` to override thinking level for sub-agent runs.
+- Channels: unify thread/topic allowlist matching + command/mention gating helpers across core providers.
+- Models: add Qwen Portal OAuth provider support. (#1120) — thanks @mukhtharcm.
+- Memory: add `--verbose` logging for memory status + batch indexing details.
+- Memory: allow parallel OpenAI batch indexing jobs (default concurrency: 2).
+- macOS: add per-agent exec approvals with allowlists, skill CLI auto-allow, and settings UI.
+- Docs: add exec approvals guide and link from tools index. https://docs.clawd.bot/tools/exec-approvals
+
+### Fixes
+- Memory: apply OpenAI batch defaults even without explicit remote config.
+- macOS: bundle Textual resources in packaged app builds to avoid code block crashes. (#1006)
+- Tools: return a companion-app-required message when `system.run` is requested without a supporting node.
+- Discord: only emit slow listener warnings after 30s.
+## 2026.1.17-3
+
+### Changes
+- Memory: add OpenAI Batch API indexing for embeddings when configured.
+- Memory: enable OpenAI batch indexing by default for OpenAI embeddings.
+
+### Fixes
+- Memory: retry transient 5xx errors (Cloudflare) during embedding indexing.
+
+## 2026.1.17-2
+
+### Changes
+
+### Fixes
+- Tools: show exec elevated flag before the command and keep it outside markdown in tool summaries.
+- Memory: parallelize embedding indexing with rate-limit retries.
+- Memory: split overly long lines to keep embeddings under token limits.
+- Memory: skip empty chunks to avoid invalid embedding inputs.
+- Sessions: fall back to session labels when listing display names. (#1124) — thanks @abdaraxus.
+- Discord: inherit parent channel allowlists for thread slash commands and reactions. (#1123) — thanks @thewilloftheshadow.
+
+## 2026.1.17-1
+
+### Changes
+- Telegram: enrich forwarded message context with normalized origin details + legacy fallback. (#1090) — thanks @sleontenko.
+- macOS: strip prerelease/build suffixes when parsing gateway semver patches. (#1110) — thanks @zerone0x.
+- macOS: keep CLI install pinned to the full build suffix. (#1111) — thanks @artuskg.
+- CLI: surface update availability in `clawdbot status`.
+- CLI: add `clawdbot memory status --deep/--index` probes.
+- CLI: add playful update completion quips.
+
+### Fixes
+- Doctor: avoid re-adding WhatsApp ack reaction config when only legacy auth files exist. (#1087) — thanks @YuriNachos.
+- Hooks: parse multi-line/YAML frontmatter metadata blocks (JSON5-friendly). (#1114) — thanks @sebslight.
+- CLI: add WSL2/systemd unavailable hints in daemon status/doctor output.
+- Windows: install gateway scheduled task as the current user; show friendly guidance instead of failing on access denied.
+- Status: show both usage windows with reset hints when usage data is available. (#1101) — thanks @rhjoh.
+- Memory: probe sqlite-vec availability in `clawdbot memory status`.
+- Memory: split embedding batches to avoid OpenAI token limits during indexing.
+- Telegram: preserve hidden text_link URLs by expanding entities in inbound text. (#1118) — thanks @sleontenko.
+
+## 2026.1.16-2
+
+### Changes
+- CLI: stamp build commit into dist metadata so banners show the commit in npm installs.
+- CLI: close memory manager after memory commands to avoid hanging processes. (#1127) — thanks @NicholasSpisak.
+
+## 2026.1.16-1
+
+### Highlights
+- Hooks: add hooks system with bundled hooks, CLI tooling, and docs. (#1028) — thanks @ThomsenDrake. https://docs.clawd.bot/hooks
+- Media: add inbound media understanding (image/audio/video) with provider + CLI fallbacks. https://docs.clawd.bot/nodes/media-understanding
+- Plugins: add Zalo Personal plugin (`@clawdbot/zalouser`) and unify channel directory for plugins. (#1032) — thanks @suminhthanh. https://docs.clawd.bot/plugins/zalouser
+- Models: add Vercel AI Gateway auth choice + onboarding updates. (#1016) — thanks @timolins. https://docs.clawd.bot/providers/vercel-ai-gateway
+- Sessions: add `session.identityLinks` for cross-platform DM session li  nking. (#1033) — thanks @thewilloftheshadow. https://docs.clawd.bot/concepts/session
+- Web search: add `country`/`language` parameters (schema + Brave API) and docs. (#1046) — thanks @YuriNachos. https://docs.clawd.bot/tools/web
+
+### Breaking
+- **BREAKING:** `clawdbot message` and message tool now require `target` (dropping `to`/`channelId` for destinations). (#1034) — thanks @tobalsan.
+- **BREAKING:** Channel auth now prefers config over env for Discord/Telegram/Matrix (env is fallback only). (#1040) — thanks @thewilloftheshadow.
+- **BREAKING:** Drop legacy `chatType: "room"` support; use `chatType: "channel"`.
+- **BREAKING:** remove legacy provider-specific target resolution fallbacks; target resolution is centralized with plugin hints + directory lookups.
+- **BREAKING:** `clawdbot hooks` is now `clawdbot webhooks`; hooks live under `clawdbot hooks`. https://docs.clawd.bot/cli/webhooks
+- **BREAKING:** `clawdbot plugins install <path>` now copies into `~/.clawdbot/extensions` (use `--link` to keep path-based loading).
+
+### Changes
+- Plugins: ship bundled plugins disabled by default and allow overrides by installed versions. (#1066) — thanks @ItzR3NO.
+- Plugins: add bundled Antigravity + Gemini CLI OAuth + Copilot Proxy provider plugins. (#1066) — thanks @ItzR3NO.
+- Tools: improve `web_fetch` extraction using Readability (with fallback).
+- Tools: add Firecrawl fallback for `web_fetch` when configured.
+- Tools: send Chrome-like headers by default for `web_fetch` to improve extraction on bot-sensitive sites.
+- Tools: Firecrawl fallback now uses bot-circumvention + cache by default; remove basic HTML fallback when extraction fails.
+- Tools: default `exec` exit notifications and auto-migrate legacy `tools.bash` to `tools.exec`.
+- Tools: add `exec` PTY support for interactive sessions. https://docs.clawd.bot/tools/exec
+- Tools: add tmux-style `process send-keys` and bracketed paste helpers for PTY sessions.
+- Tools: add `process submit` helper to send CR for PTY sessions.
+- Tools: respond to PTY cursor position queries to unblock interactive TUIs.
+- Tools: include tool outputs in verbose mode and expand verbose tool feedback.
+- Skills: update coding-agent guidance to prefer PTY-enabled exec runs and simplify tmux usage.
+- TUI: refresh session token counts after runs complete or fail. (#1079) — thanks @d-ploutarchos.
+- Status: trim `/status` to current-provider usage only and drop the OAuth/token block.
+- Directory: unify `clawdbot directory` across channels and plugin channels.
+- UI: allow deleting sessions from the Control UI.
+- Memory: add sqlite-vec vector acceleration with CLI status details.
+- Memory: add experimental session transcript indexing for memory_search (opt-in via memorySearch.experimental.sessionMemory + sources).
+- Skills: add user-invocable skill commands and expanded skill command registration.
+- Telegram: default reaction level to minimal and enable reaction notifications by default.
+- Telegram: allow reply-chain messages to bypass mention gating in groups. (#1038) — thanks @adityashaw2.
+- iMessage: add remote attachment support for VM/SSH deployments.
+- Messages: refresh live directory cache results when resolving targets.
+- Messages: mirror delivered outbound text/media into session transcripts. (#1031) — thanks @TSavo.
+- Messages: avoid redundant sender envelopes for iMessage + Signal group chats. (#1080) — thanks @tyler6204.
+- Media: normalize Deepgram audio upload bytes for fetch compatibility.
+- Cron: isolated cron jobs now start a fresh session id on every run to prevent context buildup.
+- Docs: add `/help` hub, Node/npm PATH guide, and expand directory CLI docs.
+- Config: support env var substitution in config values. (#1044) — thanks @sebslight.
+- Health: add per-agent session summaries and account-level health details, and allow selective probes. (#1047) — thanks @gumadeiras.
+- Hooks: add hook pack installs (npm/path/zip/tar) with `clawdbot.hooks` manifests and `clawdbot hooks install/update`.
+- Plugins: add zip installs and `--link` to avoid copying local paths.
+
+### Fixes
+- macOS: drain subprocess pipes before waiting to avoid deadlocks. (#1081) — thanks @thesash.
+- Verbose: wrap tool summaries/output in markdown only for markdown-capable channels.
+- Tools: include provider/session context in elevated exec denial errors.
+- Tools: normalize exec tool alias naming in tool error logs.
+- Logging: reuse shared ANSI stripping to keep console capture lint-clean.
+- Logging: prefix nested agent output with session/run/channel context.
+- Telegram: accept tg/group/telegram prefixes + topic targets for inline button validation. (#1072) — thanks @danielz1z.
+- Telegram: split long captions into follow-up messages.
+- Config: block startup on invalid config, preserve best-effort doctor config, and keep rolling config backups. (#1083) — thanks @mukhtharcm.
+- Sub-agents: normalize announce delivery origin + queue bucketing by accountId to keep multi-account routing stable. (#1061, #1058) — thanks @adam91holt.
+- Sessions: include deliveryContext in sessions.list and reuse normalized delivery routing for announce/restart fallbacks. (#1058)
+- Sessions: propagate deliveryContext into last-route updates to keep account/channel routing stable. (#1058)
+- Sessions: preserve overrides on `/new` reset.
+- Memory: prevent unhandled rejections when watch/interval sync fails. (#1076) — thanks @roshanasingh4.
+- Memory: avoid gateway crash when embeddings return 429/insufficient_quota (disable tool + surface error). (#1004)
+- Gateway: honor explicit delivery targets without implicit accountId fallback; preserve lastAccountId for implicit routing.
+- Gateway: avoid reusing last-to/accountId when the requested channel differs; sync deliveryContext with last route fields.
+- Build: allow `@lydell/node-pty` builds on supported platforms.
+- Repo: fix oxlint config filename and move ignore pattern into config. (#1064) — thanks @connorshea.
+- Messages: `/stop` now hard-aborts queued followups and sub-agent runs; suppress zero-count stop notes.
+- Messages: honor message tool channel when deduping sends.
+- Messages: include sender labels for live group messages across channels, matching queued/history formatting. (#1059)
+- Sessions: reset `compactionCount` on `/new` and `/reset`, and preserve `sessions.json` file mode (0600).
+- Sessions: repair orphaned user turns before embedded prompts.
+- Sessions: hard-stop `sessions.delete` cleanup.
+- Channels: treat replies to the bot as implicit mentions across supported channels.
+- Channels: normalize object-format capabilities in channel capability parsing.
+- Security: default-deny slash/control commands unless a channel computed `CommandAuthorized` (fixes accidental “open” behavior), and ensure WhatsApp + Zalo plugin channels gate inline `/…` tokens correctly. https://docs.clawd.bot/gateway/security
+- Security: redact sensitive text in gateway WS logs.
+- Tools: cap pending `exec` process output to avoid unbounded buffers.
+- CLI: speed up `clawdbot sandbox-explain` by avoiding heavy plugin imports when normalizing channel ids.
+- Browser: remote profile tab operations prefer persistent Playwright and avoid silent HTTP fallbacks. (#1057) — thanks @mukhtharcm.
+- Browser: remote profile tab ops follow-up: shared Playwright loader, Playwright-based focus, and more coverage (incl. opt-in live Browserless test). (follow-up to #1057) — thanks @mukhtharcm.
+- Browser: refresh extension relay tab metadata after navigation so `/json/list` stays current. (#1073) — thanks @roshanasingh4.
+- WhatsApp: scope self-chat response prefix; inject pending-only group history and clear after any processed message.
+- WhatsApp: include `linked` field in `describeAccount`.
+- Agents: drop unsigned Gemini tool calls and avoid JSON Schema `format` keyword collisions.
+- Agents: hide the image tool when the primary model already supports images.
+- Agents: avoid duplicate sends by replying with `NO_REPLY` after `message` tool sends.
+- Auth: inherit/merge sub-agent auth profiles from the main agent.
+- Gateway: resolve local auth for security probe and validate gateway token/password file modes. (#1011, #1022) — thanks @ivanrvpereira, @kkarimi.
+- Signal/iMessage: bound transport readiness waits to 30s with periodic logging. (#1014) — thanks @Szpadel.
+- iMessage: avoid RPC restart loops.
+- OpenAI image-gen: handle URL + `b64_json` responses and remove deprecated `response_format` (use URL downloads).
+- CLI: auto-update global installs when installed via a package manager.
+- Routing: migrate legacy `accountID` bindings to `accountId` and remove legacy fallback lookups. (#1047) — thanks @gumadeiras.
+- Discord: truncate skill command descriptions to 100 chars for slash command limits. (#1018) — thanks @evalexpr.
+- Security: bump `tar` to 7.5.3.
+- Models: align ZAI thinking toggles.
+- iMessage/Signal: include sender metadata for non-queued group messages. (#1059)
+- Discord: preserve whitespace when chunking long lines so message splits keep spacing intact.
+- Skills: fix skills watcher ignored list typing (tsc).
+
+## 2026.1.15
+
+### Highlights
+- Plugins: add provider auth registry + `clawdbot models auth login` for plugin-driven OAuth/API key flows.
+- Browser: improve remote CDP/Browserless support (auth passthrough, `wss` upgrade, timeouts, clearer errors).
+- Heartbeat: per-agent configuration + 24h duplicate suppression. (#980) — thanks @voidserf.
+- Security: audit warns on weak model tiers; app nodes store auth tokens encrypted (Keychain/SecurePrefs).
+
+### Breaking
+- **BREAKING:** iOS minimum version is now 18.0 to support Textual markdown rendering in native chat. (#702)
+- **BREAKING:** Microsoft Teams is now a plugin; install `@clawdbot/msteams` via `clawdbot plugins install @clawdbot/msteams`.
+- **BREAKING:** Channel auth now prefers config over env for Discord/Telegram/Matrix (env is fallback only). (#1040) — thanks @thewilloftheshadow.
+
+### Changes
+- UI/Apps: move channel/config settings to schema-driven forms and rename Connections → Channels. (#1040) — thanks @thewilloftheshadow.
+- CLI: set process titles to `clawdbot-<command>` for clearer process listings.
+- CLI/macOS: sync remote SSH target/identity to config and let `gateway status` auto-infer SSH targets (ssh-config aware).
+- Telegram: scope inline buttons with allowlist default + callback gating in DMs/groups.
+- Telegram: default reaction notifications to own.
+- Tools: improve `web_fetch` extraction using Readability (with fallback).
+- Heartbeat: tighten prompt guidance + suppress duplicate alerts for 24h. (#980) — thanks @voidserf.
+- Repo: ignore local identity files to avoid accidental commits. (#1001) — thanks @gerardward2007.
+- Sessions/Security: add `session.dmScope` for multi-user DM isolation and audit warnings. (#948) — thanks @Alphonse-arianee.
+- Plugins: add provider auth registry + `clawdbot models auth login` for plugin-driven OAuth/API key flows.
+- Onboarding: switch channels setup to a single-select loop with per-channel actions and disabled hints in the picker.
+- TUI: show provider/model labels for the active session and default model.
+- Heartbeat: add per-agent heartbeat configuration and multi-agent docs example.
+- UI: show gateway auth guidance + doc link on unauthorized Control UI connections.
+- UI: add session deletion action in Control UI sessions list. (#1017) — thanks @Szpadel.
+- Security: warn on weak model tiers (Haiku, below GPT-5, below Claude 4.5) in `clawdbot security audit`.
+- Apps: store node auth tokens encrypted (Keychain/SecurePrefs).
+- Daemon: share profile/state-dir resolution across service helpers and honor `CLAWDBOT_STATE_DIR` for Windows task scripts.
+- Docs: clarify multi-gateway rescue bot guidance. (#969) — thanks @bjesuiter.
+- Agents: add Current Date & Time system prompt section with configurable time format (auto/12/24).
+- Tools: normalize Slack/Discord message timestamps with `timestampMs`/`timestampUtc` while keeping raw provider fields.
+- macOS: add `system.which` for prompt-free remote skill discovery (with gateway fallback to `system.run`).
+- Docs: add Date & Time guide and update prompt/timezone configuration docs.
+- Messages: debounce rapid inbound messages across channels with per-connector overrides. (#971) — thanks @juanpablodlc.
+- Messages: allow media-only sends (CLI/tool) and show Telegram voice recording status for voice notes. (#957) — thanks @rdev.
+- Auth/Status: keep auth profiles sticky per session (rotate on compaction/new), surface provider usage headers in `/status` and `clawdbot models status`, and update docs.
+- CLI: add `--json` output for `clawdbot daemon` lifecycle/install commands.
+- Memory: make `node-llama-cpp` an optional dependency (avoid Node 25 install failures) and improve local-embeddings fallback/errors.
+- Browser: add `snapshot refs=aria` (Playwright aria-ref ids) for self-resolving refs across `snapshot` → `act`.
+- Browser: `profile="chrome"` now defaults to host control and returns clearer “attach a tab” errors.
+- Browser: prefer stable Chrome for auto-detect, with Brave/Edge fallbacks and updated docs. (#983) — thanks @cpojer.
+- Browser: increase remote CDP reachability timeouts + add `remoteCdpTimeoutMs`/`remoteCdpHandshakeTimeoutMs`.
+- Browser: preserve auth/query tokens for remote CDP endpoints and pass Basic auth for CDP HTTP/WS. (#895) — thanks @mukhtharcm.
+- Telegram: add bidirectional reaction support with configurable notifications and agent guidance. (#964) — thanks @bohdanpodvirnyi.
+- Telegram: allow custom commands in the bot menu (merged with native; conflicts ignored). (#860) — thanks @nachoiacovino.
+- Discord: allow allowlisted guilds without channel lists to receive messages when `groupPolicy="allowlist"`. — thanks @thewilloftheshadow.
+- Discord: allow emoji/sticker uploads + channel actions in config defaults. (#870) — thanks @JDIVE.
+
+### Fixes
+- Messages: make `/stop` clear queued followups and pending session lane work for a hard abort.
+- Messages: make `/stop` abort active sub-agent runs spawned from the requester session and report how many were stopped.
+- WhatsApp: report linked status consistently in channel status. (#1050) — thanks @YuriNachos.
+- Sessions: keep per-session overrides when `/new` resets compaction counters. (#1050) — thanks @YuriNachos.
+- Skills: allow OpenAI image-gen helper to handle URL or base64 responses. (#1050) — thanks @YuriNachos.
+- WhatsApp: default response prefix only for self-chat, using identity name when set.
+- Signal/iMessage: bound transport readiness waits to 30s with periodic logging. (#1014) — thanks @Szpadel.
+- iMessage: treat missing `imsg rpc` support as fatal to avoid restart loops.
+- Auth: merge main auth profiles into per-agent stores for sub-agents and document inheritance. (#1013) — thanks @marcmarg.
+- Agents: avoid JSON Schema `format` collisions in tool params by renaming snapshot format fields. (#1013) — thanks @marcmarg.
+- Fix: make `clawdbot update` auto-update global installs when installed via a package manager.
+- Fix: list model picker entries as provider/model pairs for explicit selection. (#970) — thanks @mcinteerj.
+- Fix: align OpenAI image-gen defaults with DALL-E 3 standard quality and document output formats. (#880) — thanks @mkbehr.
+- Fix: persist `gateway.mode=local` after selecting Local run mode in `clawdbot configure`, even if no other sections are chosen.
+- Daemon: fix profile-aware service label resolution (env-driven) and add coverage for launchd/systemd/schtasks. (#969) — thanks @bjesuiter.
+- Agents: avoid false positives when logging unsupported Google tool schema keywords.
+- Agents: skip Gemini history downgrades for google-antigravity to preserve tool calls. (#894) — thanks @mukhtharcm.
+- Status: restore usage summary line for current provider when no OAuth profiles exist.
+- Fix: guard model fallback against undefined provider/model values. (#954) — thanks @roshanasingh4.
+- Fix: refactor session store updates, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.
+- Fix: clean up suspended CLI processes across backends. (#978) — thanks @Nachx639.
+- Fix: support MiniMax coding plan usage responses with `model_remains`/`current_interval_*` payloads.
+- Fix: honor message tool channel for duplicate suppression (prefer `NO_REPLY` after `message` tool sends). (#1053) — thanks @sashcatanzarite.
+- Fix: suppress WhatsApp pairing replies for historical catch-up DMs on initial link. (#904)
+- Browser: extension mode recovers when only one tab is attached (stale targetId fallback).
+- Browser: fix `tab not found` for extension relay snapshots/actions when Playwright blocks `newCDPSession` (use the single available Page).
+- Browser: upgrade `ws` → `wss` when remote CDP uses `https` (fixes Browserless handshake).
+- Telegram: skip `message_thread_id=1` for General topic sends while keeping typing indicators. (#848) — thanks @azade-c.
+- Fix: sanitize user-facing error text + strip `<final>` tags across reply pipelines. (#975) — thanks @ThomsenDrake.
+- Fix: normalize pairing CLI aliases, allow extension channels, and harden Zalo webhook payload parsing. (#991) — thanks @longmaba.
+- Fix: allow local Tailscale Serve hostnames without treating tailnet clients as direct. (#885) — thanks @oswalpalash.
+- Fix: reset sessions after role-ordering conflicts to recover from consecutive user turns. (#998)
+
+## 2026.1.14-1
+
+### Highlights
+- Web search: `web_search`/`web_fetch` tools (Brave API) + first-time setup in onboarding/configure.
+- Browser control: Chrome extension relay takeover mode + remote browser control via `clawdbot browser serve`.
+- Plugins: channel plugins (gateway HTTP hooks) + Zalo plugin + onboarding install flow. (#854) — thanks @longmaba.
+- Security: expanded `clawdbot security audit` (+ `--fix`), detect-secrets CI scan, and a `SECURITY.md` reporting policy.
+
+### Changes
+- Docs: clarify per-agent auth stores, sandboxed skill binaries, and elevated semantics.
+- Docs: add FAQ entries for missing provider auth after adding agents and Gemini thinking signature errors.
+- Agents: add optional auth-profile copy prompt on `agents add` and improve auth error messaging.
+- Security: expand `clawdbot security audit` checks (model hygiene, config includes, plugin allowlists, exposure matrix) and extend `--fix` to tighten more sensitive state paths.
+- Security: add `SECURITY.md` reporting policy.
+- Channels: add Matrix plugin (external) with docs + onboarding hooks.
+- Plugins: add Zalo channel plugin with gateway HTTP hooks and onboarding install prompt. (#854) — thanks @longmaba.
+- Onboarding: add a security checkpoint prompt (docs link + sandboxing hint); require `--accept-risk` for `--non-interactive`.
+- Docs: expand gateway security hardening guidance and incident response checklist.
+- Docs: document DM history limits for channel DMs. (#883) — thanks @pkrmf.
+- Security: add detect-secrets CI scan and baseline guidance. (#227) — thanks @Hyaxia.
+- Tools: add `web_search`/`web_fetch` (Brave API), auto-enable `web_fetch` for sandboxed sessions, and remove the `brave-search` skill.
+- CLI/Docs: add a web tools configure section for storing Brave API keys and update onboarding tips.
+- Browser: add Chrome extension relay takeover mode (toolbar button), plus `clawdbot browser extension install/path` and remote browser control via `clawdbot browser serve` + `browser.controlToken`.
+
+### Fixes
+- Sessions: refactor session store updates to lock + mutate per-entry, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.
+- Browser: add tests for snapshot labels/efficient query params and labeled image responses.
+- Google: downgrade unsigned thinking blocks before send to avoid missing signature errors.
+- Doctor: avoid re-adding WhatsApp config when only legacy ack reactions are set. (#927, fixes #900) — thanks @grp06.
+- Agents: scrub tuple `items` schemas for Gemini tool calls. (#926, fixes #746) — thanks @grp06.
+- Agents: harden Antigravity Claude history/tool-call sanitization. (#968) — thanks @rdev.
+- Agents: stabilize sub-agent announce status from runtime outcomes and normalize Result/Notes. (#835) — thanks @roshanasingh4.
+- Embedded runner: suppress raw API error payloads from replies. (#924) — thanks @grp06.
+- Auth: normalize Claude Code CLI profile mode to oauth and auto-migrate config. (#855) — thanks @sebslight.
+- Daemon: clear persisted launchd disabled state before bootstrap (fixes `daemon install` after uninstall). (#849) — thanks @ndraiman.
+- Logging: tolerate `EIO` from console writes to avoid gateway crashes. (#925, fixes #878) — thanks @grp06.
+- Sandbox: restore `docker.binds` config validation for custom bind mounts. (#873) — thanks @akonyer.
+- Sandbox: preserve configured PATH for `docker exec` so custom tools remain available. (#873) — thanks @akonyer.
+- Slack: respect `channels.slack.requireMention` default when resolving channel mention gating. (#850) — thanks @evalexpr.
+- Telegram: aggregate split inbound messages into one prompt (reduces “one reply per fragment”).
+- Auto-reply: treat trailing `NO_REPLY` tokens as silent replies.
+- Config: prevent partial config writes from clobbering unrelated settings (base hash guard + merge patch for connection saves).
+
+## 2026.1.14
+
+### Changes
+- Usage: add MiniMax coding plan usage tracking.
+- Auth: label Claude Code CLI auth options. (#915) — thanks @SeanZoR.
+- Docs: standardize Claude Code CLI naming across docs and prompts. (follow-up to #915)
+- Telegram: add message delete action in the message tool. (#903) — thanks @sleontenko.
+- Config: add `channels.<provider>.configWrites` gating for channel-initiated config writes; migrate Slack channel IDs.
+
+### Fixes
+ - Mac: pass auth token/password to dashboard URL for authenticated access. (#918) — thanks @rahthakor.
+ - UI: use application-defined WebSocket close code (browser compatibility). (#918) — thanks @rahthakor.
+- TUI: render picker overlays via the overlay stack so /models and /settings display. (#921) — thanks @grizzdank.
+- TUI: add a bright spinner + elapsed time in the status line for send/stream/run states.
+- TUI: show LLM error messages (rate limits, auth, etc.) instead of `(no output)`.
+- Gateway/Dev: ensure `pnpm gateway:dev` always uses the dev profile config + state (`~/.clawdbot-dev`).
+
+#### Agents / Auth / Tools / Sandbox
+- Agents: make user time zone and 24-hour time explicit in the system prompt. (#859) — thanks @CashWilliams.
+- Agents: strip downgraded tool call text without eating adjacent replies and filter thinking-tag leaks. (#905) — thanks @erikpr1994.
+- Agents: cap tool call IDs for OpenAI/OpenRouter to avoid request rejections. (#875) — thanks @j1philli.
+- Agents: scrub tuple `items` schemas for Gemini tool calls. (#926, fixes #746) — thanks @grp06.
+- Agents: stabilize sub-agent announce status from runtime outcomes and normalize Result/Notes. (#835) — thanks @roshanasingh4.
+- Auth: normalize Claude Code CLI profile mode to oauth and auto-migrate config. (#855) — thanks @sebslight.
+- Embedded runner: suppress raw API error payloads from replies. (#924) — thanks @grp06.
+- Logging: tolerate `EIO` from console writes to avoid gateway crashes. (#925, fixes #878) — thanks @grp06.
+- Sandbox: restore `docker.binds` config validation and preserve configured PATH for `docker exec`. (#873) — thanks @akonyer.
+- Google: downgrade unsigned thinking blocks before send to avoid missing signature errors.
+
+#### macOS / Apps
+- macOS: ensure launchd log directory exists with a test-only override. (#909) — thanks @roshanasingh4.
+- macOS: format ConnectionsStore config to satisfy SwiftFormat lint. (#852) — thanks @mneves75.
+- macOS: pass auth token/password to dashboard URL for authenticated access. (#918) — thanks @rahthakor.
+- macOS: reuse launchd gateway auth and skip wizard when gateway config already exists. (#917)
+- macOS: prefer the default bridge tunnel port in remote mode for node bridge connectivity; document macOS remote control + bridge tunnels. (#960, fixes #865) — thanks @kkarimi.
+- Apps: use canonical main session keys from gateway defaults across macOS/iOS/Android to avoid creating bare `main` sessions.
+- macOS: fix cron preview/testing payload to use `channel` key. (#867) — thanks @wes-davis.
+- Telegram: honor `channels.telegram.timeoutSeconds` for grammY API requests. (#863) — thanks @Snaver.
+- Telegram: split long captions into media + follow-up text messages. (#907) - thanks @jalehman.
+- Telegram: migrate group config when supergroups change chat IDs. (#906) — thanks @sleontenko.
+- Messaging: unify markdown formatting + format-first chunking for Slack/Telegram/Signal. (#920) — thanks @TheSethRose.
+- Slack: drop Socket Mode events with mismatched `api_app_id`/`team_id`. (#889) — thanks @roshanasingh4.
+- Discord: isolate autoThread thread context. (#856) — thanks @davidguttman.
+- WhatsApp: fix context isolation using wrong ID (was bot's number, now conversation ID). (#911) — thanks @tristanmanchester.
+- WhatsApp: normalize user JIDs with device suffix for allowlist checks in groups. (#838) — thanks @peschee.
+
+## 2026.1.13
+
+### Fixes
+- Postinstall: treat already-applied pnpm patches as no-ops to avoid npm/bun install failures.
+- Packaging: pin `@mariozechner/pi-ai` to 0.45.7 and refresh patched dependency to match npm resolution.
+
+## 2026.1.12-2
+
+### Fixes
+- Packaging: include `dist/memory/**` in the npm tarball (fixes `ERR_MODULE_NOT_FOUND` for `dist/memory/index.js`).
+- Agents: persist sub-agent registry across gateway restarts and resume announce flow safely. (#831) — thanks @roshanasingh4.
+- Agents: strip invalid Gemini thought signatures from OpenRouter history to avoid 400s. (#841, #845) — thanks @MatthieuBizien.
+
+## 2026.1.12-1
+
+### Fixes
+- Packaging: include `dist/channels/**` in the npm tarball (fixes `ERR_MODULE_NOT_FOUND` for `dist/channels/registry.js`).
+
+## 2026.1.12
+
+### Highlights
+- **BREAKING:** rename chat “providers” (Slack/Telegram/WhatsApp/…) to **channels** across CLI/RPC/config; legacy config keys auto-migrate on load (and are written back as `channels.*`).
+- Memory: add vector search for agent memories (Markdown-only) with SQLite index, chunking, lazy sync + file watch, and per-agent enablement/fallback.
+- Plugins: restore full voice-call plugin parity (Telnyx/Twilio, streaming, inbound policies, tools/CLI).
+- Models: add Synthetic provider plus Moonshot Kimi K2 0905 + turbo/thinking variants (with docs). (#811) — thanks @siraht; (#818) — thanks @mickahouan.
+- Cron: one-shot schedules accept ISO timestamps (UTC) with optional delete-after-run; cron jobs can target a specific agent (CLI + macOS/Control UI).
+- Agents: add compaction mode config with optional safeguard summarization and per-agent model fallbacks. (#700) — thanks @thewilloftheshadow; (#583) — thanks @mitschabaude-bot.
+
+### New & Improved
+- Memory: add custom OpenAI-compatible embedding endpoints; support OpenAI/local `node-llama-cpp` embeddings with per-agent overrides and provider metadata in tools/CLI. (#819) — thanks @mukhtharcm.
+- Memory: new `clawdbot memory` CLI plus `memory_search`/`memory_get` tools with snippets + line ranges; index stored under `~/.clawdbot/memory/{agentId}.sqlite` with watch-on-by-default.
+- Agents: strengthen memory recall guidance; make workspace bootstrap truncation configurable (default 20k) with warnings; add default sub-agent model config.
+- Tools/Sandbox: add tool profiles + group shorthands; support tool-policy groups in `tools.sandbox.tools`; drop legacy `memory` shorthand; allow Docker bind mounts via `docker.binds`. (#790) — thanks @akonyer.
+- Tools: add provider/model-specific tool policy overrides (`tools.byProvider`) to trim tool exposure per provider.
+- Tools: add browser `scrollintoview` action; allow Claude/Gemini tool param aliases; allow thinking `xhigh` for GPT-5.2/Codex with safe downgrades. (#793) — thanks @hsrvc; (#444) — thanks @grp06.
+- Gateway/CLI: add Tailscale binary discovery, custom bind mode, and probe auth retry; add `clawdbot dashboard` auto-open flow; default native slash commands to `"auto"` with per-provider overrides. (#740) — thanks @jeffersonwarrior.
+- Auth/Onboarding: add Chutes OAuth (PKCE + refresh + onboarding choice); normalize API key inputs; default TUI onboarding to `deliver: false`. (#726) — thanks @FrieSei; (#791) — thanks @roshanasingh4.
+- Providers: add `discord.allowBots`; trim legacy MiniMax M2 from default catalogs; route MiniMax vision to the Coding Plan VLM endpoint (also accepts `@/path/to/file.png` inputs). (#802) — thanks @zknicker.
+- Gateway: allow Tailscale Serve identity headers to satisfy token auth; rebuild Control UI assets when protocol schema is newer. (#823) — thanks @roshanasingh4; (#786) — thanks @meaningfool.
+- Heartbeat: default `ackMaxChars` to 300 so short `HEARTBEAT_OK` replies stay internal.
+
+### Installer
+- Install: run `clawdbot doctor --non-interactive` after git installs/updates and nudge daemon restarts when detected.
+
+### Fixes
+- Doctor: warn on pnpm workspace mismatches, missing Control UI assets, and missing tsx binaries; offer UI rebuilds.
+- Tools: apply global tool allow/deny even when agent-specific tool policy is set.
+- Models/Providers: treat credential validation failures as auth errors to trigger fallback; normalize `${ENV_VAR}` apiKey values and auto-fill missing provider keys; preserve explicit GitHub Copilot provider config + agent-dir auth profiles. (#822) — thanks @sebslight; (#705) — thanks @TAGOOZ.
+- Auth: drop invalid auth profiles from ordering so environment keys can still be used for providers like MiniMax.
+- Gemini: normalize Gemini 3 ids to preview variants; strip Gemini CLI tool call/response ids; downgrade missing `thought_signature`; strip Claude `msg_*` thought_signature fields to avoid base64 decode errors. (#795) — thanks @thewilloftheshadow; (#783) — thanks @ananth-vardhan-cn; (#793) — thanks @hsrvc; (#805) — thanks @marcmarg.
+- Agents: auto-recover from compaction context overflow by resetting the session and retrying; propagate overflow details from embedded runs so callers can recover.
+- MiniMax: strip malformed tool invocation XML; include `MiniMax-VL-01` in implicit provider for image pairing. (#809) — thanks @latitudeki5223.
+- Onboarding/Auth: honor `CLAWDBOT_AGENT_DIR` / `PI_CODING_AGENT_DIR` when writing auth profiles (MiniMax). (#829) — thanks @roshanasingh4.
+- Anthropic: handle `overloaded_error` with a friendly message and failover classification. (#832) — thanks @danielz1z.
+- Anthropic: merge consecutive user turns (preserve newest metadata) before validation to avoid incorrect role errors. (#804) — thanks @ThomsenDrake.
+- Messaging: enforce context isolation for message tool sends; keep typing indicators alive during tool execution. (#793) — thanks @hsrvc; (#450, #447) — thanks @thewilloftheshadow.
+- Auto-reply: `/status` allowlist behavior, reasoning-tag enforcement on fallback, and system-event enqueueing for elevated/reasoning toggles. (#810) — thanks @mcinteerj.
+- System events: include local timestamps when events are injected into prompts. (#245) — thanks @thewilloftheshadow.
+- Auto-reply: resolve ambiguous `/model` matches; fix streaming block reply media handling; keep >300 char heartbeat replies instead of dropping.
+- Discord/Slack: centralize reply-thread planning; fix autoThread routing + add per-channel autoThread; avoid duplicate listeners; keep reasoning italics intact; allow clearing channel parents via message tool. (#800, #807) — thanks @davidguttman; (#744) — thanks @thewilloftheshadow.
+- Telegram: preserve forum topic thread ids, persist polling offsets, respect account bindings in webhook mode, and show typing indicator in General topics. (#727, #739) — thanks @thewilloftheshadow; (#821) — thanks @gumadeiras; (#779) — thanks @azade-c.
+- Slack: accept slash commands with or without leading `/` for custom command configs. (#798) — thanks @thewilloftheshadow.
+- Cron: persist disabled jobs correctly; accept `jobId` aliases for update/run/remove params. (#205, #252) — thanks @thewilloftheshadow.
+- Gateway/CLI: honor `CLAWDBOT_LAUNCHD_LABEL` / `CLAWDBOT_SYSTEMD_UNIT` overrides; `agents.list` respects explicit config; reduce noisy loopback WS logs during tests; run `clawdbot doctor --non-interactive` during updates. (#781) — thanks @ronyrus.
+- Onboarding/Control UI: refuse invalid configs (run doctor first); quote Windows browser URLs for OAuth; keep chat scroll position unless the user is near the bottom. (#764) — thanks @mukhtharcm; (#794) — thanks @roshanasingh4; (#217) — thanks @thewilloftheshadow.
+- Tools/UI: harden tool input schemas for strict providers; drop null-only union variants for Gemini schema cleanup; treat `maxChars: 0` as unlimited; keep TUI last streamed response instead of "(no output)". (#782) — thanks @AbhisekBasu1; (#796) — thanks @gabriel-trigo; (#747) — thanks @thewilloftheshadow.
+- Connections UI: polish multi-account account cards. (#816) — thanks @steipete.
+
+### Maintenance
+- Dependencies: bump Pi packages to 0.45.3 and refresh patched pi-ai.
+- Testing: update Vitest + browser-playwright to 4.0.17.
+- Docs: add Amazon Bedrock provider notes and link from models/FAQ.
+
+## 2026.1.11
+
+### Highlights
+- Plugins are now first-class: loader + CLI management, plus the new Voice Call plugin.
+- Config: modular `$include` support for split config files. (#731) — thanks @pasogott.
+- Agents/Pi: reserve compaction headroom so pre-compaction memory writes can run before auto-compaction.
+- Agents: automatic pre-compaction memory flush turn to store durable memories before compaction.
+
+### Changes
+- CLI/Onboarding: simplify MiniMax auth choice to a single M2.1 option.
+- CLI: configure section selection now loops until Continue.
+- Docs: explain MiniMax vs MiniMax Lightning (speed vs cost) and restore LM Studio example.
+- Docs: add Cerebras GLM 4.6/4.7 config example (OpenAI-compatible endpoint).
+- Onboarding/CLI: group model/auth choice by provider and label Z.AI as GLM 4.7.
+- Onboarding/Docs: add Moonshot AI (Kimi K2) auth choice + config example.
+- CLI/Onboarding: prompt to reuse detected API keys for Moonshot/MiniMax/Z.AI/Gemini/Anthropic/OpenCode.
+- Auto-reply: add compact `/model` picker (models + available providers) and show provider endpoints in `/model status`.
+- Control UI: add Config tab model presets (MiniMax M2.1, GLM 4.7, Kimi) for one-click setup.
+- Plugins: add extension loader (tools/RPC/CLI/services), discovery paths, and config schema + Control UI labels (uiHints).
+- Plugins: add `clawdbot plugins install` (path/tgz/npm), plus `list|info|enable|disable|doctor` UX.
+- Plugins: voice-call plugin now real (Twilio/log), adds start/status RPC/CLI/tool + tests.
+- Docs: add plugins doc + cross-links from tools/skills/gateway config.
+- Docs: add beginner-friendly plugin quick start + expand Voice Call plugin docs.
+- Tests: add Docker plugin loader + tgz-install smoke test.
+- Tests: extend Docker plugin E2E to cover installing from local folders (`plugins.load.paths`) and `file:` npm specs.
+- Tests: add coverage for pre-compaction memory flush settings.
+- Tests: modernize live model smoke selection for current releases and enforce tools/images/thinking-high coverage. (#769) — thanks @steipete.
+- Agents/Tools: add `apply_patch` tool for multi-file edits (experimental; gated by tools.exec.applyPatch; OpenAI-only).
+- Agents/Tools: rename the bash tool to exec (config alias maintained). (#748) — thanks @myfunc.
+- Agents: add pre-compaction memory flush config (`agents.defaults.compaction.*`) with a soft threshold + system prompt.
+- Config: add `$include` directive for modular config files. (#731) — thanks @pasogott.
+- Build: set pnpm minimum release age to 2880 minutes (2 days). (#718) — thanks @dan-dr.
+- macOS: prompt to install the global `clawdbot` CLI when missing in local mode; install via `clawd.bot/install-cli.sh` (no onboarding) and use external launchd/CLI instead of the embedded gateway runtime.
+- Docs: add gog calendar event color IDs from `gog calendar colors`. (#715) — thanks @mjrussell.
+- Cron/CLI: add `--model` flag to cron add/edit commands. (#711) — thanks @mjrussell.
+- Cron/CLI: trim model overrides on cron edits and document main-session guidance. (#711) — thanks @mjrussell.
+- Skills: bundle `skill-creator` to guide creating and packaging skills.
+- Providers: add per-DM history limit overrides (`dmHistoryLimit`) with provider-level config. (#728) — thanks @pkrmf.
+- Discord: expose channel/category management actions in the message tool. (#730) — thanks @NicholasSpisak.
+- Docs: rename README “macOS app” section to “Apps”. (#733) — thanks @AbhisekBasu1.
+- Gateway: require `client.id` in WebSocket connect params; use `client.instanceId` for presence de-dupe; update docs/tests.
+- macOS: remove the attach-only gateway setting; local mode now always manages launchd while still attaching to an existing gateway if present.
+
+### Installer
+- Postinstall: replace `git apply` with builtin JS patcher (works npm/pnpm/bun; no git dependency) plus regression tests.
+- Postinstall: skip pnpm patch fallback when the new patcher is active.
+- Installer tests: add root+non-root docker smokes, CI workflow to fetch clawd.bot scripts and run install sh/cli with onboarding skipped.
+- Installer UX: support `CLAWDBOT_NO_ONBOARD=1` for non-interactive installs; fix npm prefix on Linux and auto-install git.
+- Installer UX: add `install.sh --help` with flags/env and git install hint.
+- Installer UX: add `--install-method git|npm` and auto-detect source checkouts (prompt to update git checkout vs migrate to npm).
+
+### Fixes
+- Models/Onboarding: configure MiniMax (minimax.io) via Anthropic-compatible `/anthropic` endpoint by default (keep `minimax-api` as a legacy alias).
+- Models: normalize Gemini 3 Pro/Flash IDs to preview names for live model lookups. (#769) — thanks @steipete.
+- CLI: fix guardCancel typing for configure prompts. (#769) — thanks @steipete.
+- Gateway/WebChat: include handshake validation details in the WebSocket close reason for easier debugging; preserve close codes.
+- Gateway/Auth: send invalid connect responses before closing the handshake; stabilize invalid-connect auth test.
+- Gateway: tighten gateway listener detection.
+- Control UI: hide onboarding chat when configured and guard the mobile chat sidebar overlay.
+- Auth: read Codex keychain credentials and make the lookup platform-aware.
+- macOS/Release: avoid bundling dist artifacts in relay builds and generate appcasts from zip-only sources.
+- Doctor: surface plugin diagnostics in the report.
+- Plugins: treat `plugins.load.paths` directory entries as package roots when they contain `package.json` + `clawdbot.extensions`; load plugin packages from config dirs; extract archives without system tar.
+- Config: expand `~` in `CLAWDBOT_CONFIG_PATH` and common path-like config fields (including `plugins.load.paths`); guard invalid `$include` paths. (#731) — thanks @pasogott.
+- Agents: stop pre-creating session transcripts so first user messages persist in JSONL history.
+- Agents: skip pre-compaction memory flush when the session workspace is read-only.
+- Auto-reply: ignore inline `/status` directives unless the message is directive-only.
+- Auto-reply: align `/think` default display with model reasoning defaults. (#751) — thanks @gabriel-trigo.
+- Auto-reply: flush block reply buffers on tool boundaries. (#750) — thanks @sebslight.
+- Auto-reply: allow sender fallback for command authorization when `SenderId` is empty (WhatsApp self-chat). (#755) — thanks @juanpablodlc.
+- Auto-reply: treat whitespace-only sender ids as missing for command authorization (WhatsApp self-chat). (#766) — thanks @steipete.
+- Heartbeat: refresh prompt text for updated defaults.
+- Agents/Tools: use PowerShell on Windows to capture system utility output. (#748) — thanks @myfunc.
+- Docker: tolerate unset optional env vars in docker-setup.sh under strict mode. (#725) — thanks @petradonka.
+- CLI/Update: preserve base environment when passing overrides to update subprocesses. (#713) — thanks @danielz1z.
+- Agents: treat message tool errors as failures so fallback replies still send; require `to` + `message` for `action=send`. (#717) — thanks @theglove44.
+- Agents: preserve reasoning items on tool-only turns.
+- Agents/Subagents: wait for completion before announcing, align wait timeout with run timeout, and make announce prompts more emphatic.
+- Agents: route subagent transcripts to the target agent sessions directory and add regression coverage. (#708) — thanks @xMikeMickelson.
+- Agents/Tools: preserve action enums when flattening tool schemas. (#708) — thanks @xMikeMickelson.
+- Gateway/Agents: canonicalize main session aliases for store writes and add regression coverage. (#709) — thanks @xMikeMickelson.
+- Agents: reset sessions and retry when auto-compaction overflows instead of crashing the gateway.
+- Providers/Telegram: normalize command mentions for consistent parsing. (#729) — thanks @obviyus.
+- Providers: skip DM history limit handling for non-DM sessions. (#728) — thanks @pkrmf.
+- Sandbox: fix non-main mode incorrectly sandboxing the main DM session and align `/status` runtime reporting with effective sandbox state.
+- Sandbox/Gateway: treat `agent:<id>:main` as a main-session alias when `session.mainKey` is customized (backwards compatible).
+- Auto-reply: fast-path allowlisted slash commands (inline `/help`/`/commands`/`/status`/`/whoami` stripped before model).
+
+## 2026.1.10
+
+### Highlights
+- CLI: `clawdbot status` now table-based + shows OS/update/gateway/daemon/agents/sessions; `status --all` adds a full read-only debug report (tables, log tails, Tailscale summary, and scan progress via OSC-9 + spinner).
+- CLI Backends: add Codex CLI fallback with resume support (text output) and JSONL parsing for new runs, plus a live CLI resume probe.
+- CLI: add `clawdbot update` (safe-ish git checkout update) + `--update` shorthand. (#673) — thanks @fm1randa.
+- Gateway: add OpenAI-compatible `/v1/chat/completions` HTTP endpoint (auth, SSE streaming, per-agent routing). (#680).
+
+### Changes
+- Onboarding/Models: add first-class Z.AI (GLM) auth choice (`zai-api-key`) + `--zai-api-key` flag.
+- CLI/Onboarding: add OpenRouter API key auth option in configure/onboard. (#703) — thanks @mteam88.
+- Agents: add human-delay pacing between block replies (modes: off/natural/custom, per-agent configurable). (#446) — thanks @tony-freedomology.
+- Agents/Browser: add `browser.target` (sandbox/host/custom) with sandbox host-control gating via `agents.defaults.sandbox.browser.allowHostControl`, allowlists for custom control URLs/hosts/ports, and expand browser tool docs (remote control, profiles, internals).
+- Onboarding/Models: add catalog-backed default model picker to onboarding + configure. (#611) — thanks @jonasjancarik.
+- Agents/OpenCode Zen: update fallback models + defaults, keep legacy alias mappings. (#669) — thanks @magimetal.
+- CLI: add `clawdbot reset` and `clawdbot uninstall` flows (interactive + non-interactive) plus docker cleanup smoke test.
+- Providers: move provider wiring to a plugin architecture. (#661).
+- Providers: unify group history context wrappers across providers with per-provider/per-account `historyLimit` overrides (fallback to `messages.groupChat.historyLimit`). Set `0` to disable. (#672).
+- Gateway/Heartbeat: optionally deliver heartbeat `Reasoning:` output (`agents.defaults.heartbeat.includeReasoning`). (#690)
+- Docker: allow optional home volume + extra bind mounts in `docker-setup.sh`. (#679) — thanks @gabriel-trigo.
+
+### Fixes
+- Auto-reply: suppress draft/typing streaming for `NO_REPLY` (silent system ops) so it doesn’t leak partial output.
+- CLI/Status: expand tables to full terminal width; clarify provider setup vs runtime warnings; richer per-provider detail; token previews in `status` while keeping `status --all` redacted; add troubleshooting link footer; keep log tails pasteable; show gateway auth used when reachable; surface provider runtime errors (Signal/iMessage/Slack); harden `tailscale status --json` parsing; make `status --all` scan progress determinate; and replace the footer with a 3-line “Next steps” recommendation (share/debug/probe).
+- CLI/Gateway: clarify that `clawdbot gateway status` reports RPC health (connect + RPC) and shows RPC failures separately from connect failures.
+- CLI/Update: gate progress spinner on stdout TTY and align clean-check step label. (#701) — thanks @bjesuiter.
+- Telegram: add `/whoami` + `/id` commands to reveal sender id for allowlists; allow `@username` and prefixed ids in `allowFrom` prompts (with stability warning).
+- Heartbeat: strip markup-wrapped `HEARTBEAT_OK` so acks don’t leak to external providers (e.g., Telegram).
+- Control UI: stop auto-writing `telegram.groups["*"]` and warn/confirm before enabling wildcard groups.
+- WhatsApp: send ack reactions only for handled messages and ignore legacy `messages.ackReaction` (doctor copies to `whatsapp.ackReaction`). (#629) — thanks @pasogott.
+- Sandbox/Skills: mirror skills into sandbox workspaces for read-only mounts so SKILL.md stays accessible.
+- Terminal/Table: ANSI-safe wrapping to prevent table clipping/color loss; add regression coverage.
+- Docker: allow optional apt packages during image build and document the build arg. (#697) — thanks @gabriel-trigo.
+- Gateway/Heartbeat: deliver reasoning even when the main heartbeat reply is `HEARTBEAT_OK`. (#694) — thanks @antons.
+- Agents/Pi: inject config `temperature`/`maxTokens` into streaming without replacing the session streamFn; cover with live maxTokens probe. (#732) — thanks @peschee.
+- macOS: clear unsigned launchd overrides on signed restarts and warn via doctor when attach-only/disable markers are set. (#695) — thanks @jeffersonwarrior.
+- Agents: enforce single-writer session locks and drop orphan tool results to prevent tool-call ID failures (MiniMax/Anthropic-compatible APIs).
+- Docs: make `clawdbot status` the first diagnostic step, clarify `status --deep` behavior, and document `/whoami` + `/id`.
+- Docs/Testing: clarify live tool+image probes and how to list your testable `provider/model` ids.
+- Tests/Live: make gateway bash+read probes resilient to provider formatting while still validating real tool calls.
+- WhatsApp: detect @lid mentions in groups using authDir reverse mapping + resolve self JID E.164 for mention gating. (#692) — thanks @peschee.
+- Gateway/Auth: default to token auth on loopback during onboarding, add doctor token generation flow, and tighten audio transcription config to Whisper-only.
+- Providers: dedupe inbound messages across providers to avoid duplicate LLM runs on redeliveries/reconnects. (#689) — thanks @adam91holt.
+- Agents: strip `<thought>`/`<antthinking>` tags from hidden reasoning output and cover tag variants in tests. (#688) — thanks @theglove44.
+- macOS: save model picker selections as normalized provider/model IDs and keep manual entries aligned. (#683) — thanks @benithors.
+- Agents: recognize "usage limit" errors as rate limits for failover. (#687) — thanks @evalexpr.
+- CLI: avoid success message when daemon restart is skipped. (#685) — thanks @carlulsoe.
+- Commands: disable `/config` + `/debug` by default; gate via `commands.config`/`commands.debug` and hide from native registration/help output.
+- Agents/System: clarify that sub-agents remain sandboxed and cannot use elevated host access.
+- Gateway: disable the OpenAI-compatible `/v1/chat/completions` endpoint by default; enable via `gateway.http.endpoints.chatCompletions.enabled=true`.
+- macOS: stabilize bridge tunnels, guard invoke senders on disconnect, and drain stdout/stderr to avoid deadlocks. (#676) — thanks @ngutman.
+- Agents/System: clarify sandboxed runtime in system prompt and surface elevated availability when sandboxed.
+- Auto-reply: prefer `RawBody` for command/directive parsing (WhatsApp + Discord) and prevent fallback runs from clobbering concurrent session updates. (#643) — thanks @mcinteerj.
+- WhatsApp: fix group reactions by preserving message IDs and sender JIDs in history; normalize participant phone numbers to JIDs in outbound reactions. (#640) — thanks @mcinteerj.
+- WhatsApp: expose group participant IDs to the model so reactions can target the right sender.
+- Cron: `wakeMode: "now"` waits for heartbeat completion (and retries when the main lane is busy). (#666) — thanks @roshanasingh4.
+- Agents/OpenAI: fix Responses tool-only → follow-up turn handling (avoid standalone `reasoning` items that trigger 400 “required following item”) and replay reasoning items in Responses/Codex Responses history for tool-call-only turns.
+- Sandbox: add `clawdbot sandbox explain` (effective policy inspector + fix-it keys); improve “sandbox jail” tool-policy/elevated errors with actionable config key paths; link to docs.
+- Hooks/Gmail: keep Tailscale serve path at `/` while preserving the public path. (#668) — thanks @antons.
+- Hooks/Gmail: allow Tailscale target URLs to preserve internal serve paths.
+- Auth: update Claude Code keychain credentials in-place during refresh sync; share JSON file helpers; add CLI fallback coverage.
+- Auth: throttle external CLI credential syncs (Claude/Codex), reduce Keychain reads, and skip sync when cached credentials are still fresh.
+- CLI: respect `CLAWDBOT_STATE_DIR` for node pairing + voice wake settings storage. (#664) — thanks @azade-c.
+- Onboarding/Gateway: persist non-interactive gateway token auth in config; add WS wizard + gateway tool-calling regression coverage.
+- Gateway/Control UI: make `chat.send` non-blocking, wire Stop to `chat.abort`, and treat `/stop` as an out-of-band abort. (#653)
+- Gateway/Control UI: allow `chat.abort` without `runId` (abort active runs), suppress post-abort chat streaming, and prune stuck chat runs. (#653)
+- Gateway/Control UI: sniff image attachments for chat.send, drop non-images, and log mismatches. (#670) — thanks @cristip73.
+- macOS: force `restart-mac.sh --sign` to require identities and keep bundled Node signed for relay verification. (#580) — thanks @jeffersonwarrior.
+- Gateway/Agent: accept image attachments on `agent` (multimodal message) and add live gateway image probe (`CLAWDBOT_LIVE_GATEWAY_IMAGE_PROBE=1`).
+- CLI: `clawdbot sessions` now includes `elev:*` + `usage:*` flags in the table output.
+- CLI/Pairing: accept positional provider for `pairing list|approve` (npm-run compatible); update docs/bot hints.
+- Branding: normalize user-facing “ClawdBot”/“CLAWDBOT” → “Clawdbot” (CLI, status, docs).
+- Auto-reply: fix native `/model` not updating the actual chat session (Telegram/Slack/Discord). (#646)
+- Doctor: offer to run `clawdbot update` first on git installs (keeps doctor output aligned with latest).
+- Doctor: avoid false legacy workspace warning when install dir is `~/clawdbot`. (#660)
+- iMessage: fix reasoning persistence across DMs; avoid partial/duplicate replies when reasoning is enabled. (#655) — thanks @antons.
+- Models/Auth: allow MiniMax API configs without `models.providers.minimax.apiKey` (auth profiles / `MINIMAX_API_KEY`). (#656) — thanks @mneves75.
+- Agents: avoid duplicate replies when the message tool sends. (#659) — thanks @mickahouan.
+- Agents: harden Cloud Code Assist tool ID sanitization (toolUse/toolCall/toolResult) and scrub extra JSON Schema constraints. (#665) — thanks @sebslight.
+- Agents: sanitize tool results + Cloud Code Assist tool IDs at context-build time (prevents mid-run strict-provider request rejects).
+- Agents/Tools: resolve workspace-relative Read/Write/Edit paths; align bash default cwd. (#642) — thanks @mukhtharcm.
+- Discord: include forwarded message snapshots in agent session context. (#667) — thanks @rubyrunsstuff.
+- Telegram: add `telegram.draftChunk` to tune draft streaming chunking for `streamMode: "block"`. (#667) — thanks @rubyrunsstuff.
+- Tests/Agents: add regression coverage for workspace tool path resolution and bash cwd defaults.
+- iOS/Android: enable stricter concurrency/lint checks; fix Swift 6 strict concurrency issues + Android lint errors (ExifInterface, obsolete SDK check). (#662) — thanks @KristijanJovanovski.
+- Auth: read Codex CLI keychain tokens on macOS before falling back to `~/.codex/auth.json`, preventing stale refresh tokens from breaking gateway live tests.
+- iOS/macOS: share `AsyncTimeout`, require explicit `bridgeStableID` on connect, and harden tool display defaults (avoids missing-resource label fallbacks).
+- Telegram: serialize media-group processing to avoid missed albums under load.
+- Signal: handle `dataMessage.reaction` events (signal-cli SSE) to avoid broken attachment errors. (#637) — thanks @neist.
+- Docs: showcase entries for ParentPay, R2 Upload, iOS TestFlight, and Oura Health. (#650) — thanks @henrino3.
+- Agents: repair session transcripts by dropping duplicate tool results across the whole history (unblocks Anthropic-compatible APIs after retries).
+- Tests/Live: reset the gateway session between model runs to avoid cross-provider transcript incompatibilities (notably OpenAI Responses reasoning replay rules).
+
+
 ## 2026.1.9

 ### Highlights
@@ -57,6 +706,7 @@
 - Dependencies: Pi 0.40.0 bump (#543) — thanks @mcinteerj.
 - Build: Docker build cache layer (#605) — thanks @zknicker.

+- Auth: enable OAuth token refresh for Claude Code CLI credentials (`anthropic:claude-cli`) with bidirectional sync back to Claude Code storage (file on Linux/Windows, Keychain on macOS). This allows long-running agents to operate autonomously without manual re-authentication (#654 — thanks @radek-paclt).

 ## 2026.1.8

@@ -73,7 +723,7 @@
  - Previously, if you didn’t configure an allowlist, your bot could be **open to anyone** (especially discoverable Telegram bots).
  - New default: DM pairing (`dmPolicy="pairing"` / `discord.dm.policy="pairing"` / `slack.dm.policy="pairing"`).
  - To keep old “open to everyone” behavior: set `dmPolicy="open"` and include `"*"` in the relevant `allowFrom` (Discord/Slack: `discord.dm.allowFrom` / `slack.dm.allowFrom`).
-  - Approve requests via `clawdbot pairing list --provider <provider>` + `clawdbot pairing approve --provider <provider> <code>`.
+  - Approve requests via `clawdbot pairing list <provider>` + `clawdbot pairing approve <provider> <code>`.
 - Sandbox: default `agent.sandbox.scope` to `"agent"` (one container/workspace per agent). Use `"session"` for per-session isolation; `"shared"` disables cross-session isolation.
 - Timestamps in agent envelopes are now UTC (compact `YYYY-MM-DDTHH:mmZ`); removed `messages.timestampPrefix`. Add `agent.userTimezone` to tell the model the user’s local time (system prompt only).
 - Model config schema changes (auth profiles + model lists); doctor auto-migrates and the gateway rewrites legacy configs on startup.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -13,7 +13,7 @@ Welcome to the lobster tank! 🦞
  - GitHub: [@steipete](https://github.com/steipete) · X: [@steipete](https://x.com/steipete)

 - **Shadow** - Discord + Slack subsystem
-  - GitHub: [@4shadowed](https://github.com/4shadowed) · X: [@4shad0wed](https://x.com/4shad0wed)
+  - GitHub: [@thewilloftheshadow](https://github.com/thewilloftheshadow) · X: [@4shad0wed](https://x.com/4shad0wed)

 - **Jos** - Telegram, API, Nix mode
  - GitHub: [@joshp123](https://github.com/joshp123) · X: [@jjpcodes](https://x.com/jjpcodes)
--- a/10
+++ b/10
@@ -8,6 +8,14 @@ RUN corepack enable

 WORKDIR /app

+ARG CLAWDBOT_DOCKER_APT_PACKAGES=""
+RUN if [ -n "$CLAWDBOT_DOCKER_APT_PACKAGES" ]; then \
+      apt-get update && \
+      DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $CLAWDBOT_DOCKER_APT_PACKAGES && \
+      apt-get clean && \
+      rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*; \
+    fi
+
 COPY package.json pnpm-lock.yaml pnpm-workspace.yaml .npmrc ./
 COPY ui/package.json ./ui/package.json
 COPY patches ./patches
@@ -17,6 +25,8 @@ RUN pnpm install --frozen-lockfile

 COPY . .
 RUN pnpm build
+# Force pnpm for UI build (Bun may fail on ARM/Synology architectures)
+ENV CLAWDBOT_PREFER_PNPM=1
 RUN pnpm ui:install
 RUN pnpm ui:build

--- a/2
+++ b/2
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
-# 🦞 CLAWDBOT — Personal AI Assistant
+# 🦞 Clawdbot — Personal AI Assistant

 <p align="center">
-  <img src="https://raw.githubusercontent.com/clawdbot/clawdbot/main/docs/whatsapp-clawd.jpg" alt="CLAWDBOT" width="400">
+  <img src="https://raw.githubusercontent.com/clawdbot/clawdbot/main/docs/whatsapp-clawd.jpg" alt="Clawdbot" width="400">
 </p>

 <p align="center">
@@ -16,26 +16,26 @@
 </p>

 **Clawdbot** is a *personal AI assistant* you run on your own devices.
-It answers you on the providers you already use (WhatsApp, Telegram, Slack, Discord, Signal, iMessage, WebChat), can speak and listen on macOS/iOS/Android, and can render a live Canvas you control. The Gateway is just the control plane — the product is the assistant.
+It answers you on the channels you already use (WhatsApp, Telegram, Slack, Discord, Signal, iMessage, Microsoft Teams, WebChat), can speak and listen on macOS/iOS/Android, and can render a live Canvas you control. The Gateway is just the control plane — the product is the assistant.

 If you want a personal, single-user assistant that feels local, fast, and always-on, this is it.

-[Website](https://clawdbot.com) · [Docs](https://docs.clawd.bot) · [Getting Started](https://docs.clawd.bot/getting-started) · [Updating](https://docs.clawd.bot/updating) · [Showcase](https://docs.clawd.bot/showcase) · [FAQ](https://docs.clawd.bot/faq) · [Wizard](https://docs.clawd.bot/wizard) · [Nix](https://github.com/clawdbot/nix-clawdbot) · [Docker](https://docs.clawd.bot/docker) · [Discord](https://discord.gg/clawd)
+[Website](https://clawdbot.com) · [Docs](https://docs.clawd.bot) · [Getting Started](https://docs.clawd.bot/start/getting-started) · [Updating](https://docs.clawd.bot/install/updating) · [Showcase](https://docs.clawd.bot/start/showcase) · [FAQ](https://docs.clawd.bot/start/faq) · [Wizard](https://docs.clawd.bot/start/wizard) · [Nix](https://github.com/clawdbot/nix-clawdbot) · [Docker](https://docs.clawd.bot/install/docker) · [Discord](https://discord.gg/clawd)

-Preferred setup: run the onboarding wizard (`clawdbot onboard`). It walks through gateway, workspace, providers, and skills. The CLI wizard is the recommended path and works on **macOS, Linux, and Windows (via WSL2; strongly recommended)**.
+Preferred setup: run the onboarding wizard (`clawdbot onboard`). It walks through gateway, workspace, channels, and skills. The CLI wizard is the recommended path and works on **macOS, Linux, and Windows (via WSL2; strongly recommended)**.
 Works with npm, pnpm, or bun.
-New install? Start here: [Getting started](https://docs.clawd.bot/getting-started)
+New install? Start here: [Getting started](https://docs.clawd.bot/start/getting-started)

 **Subscriptions (OAuth):**
 - **[Anthropic](https://www.anthropic.com/)** (Claude Pro/Max)
 - **[OpenAI](https://openai.com/)** (ChatGPT/Codex)

-Model note: while any model is supported, I strongly recommend **Anthropic Pro/Max (100/200) + Opus 4.5** for long‑context strength and better prompt‑injection resistance. See [Onboarding](https://docs.clawd.bot/onboarding).
+Model note: while any model is supported, I strongly recommend **Anthropic Pro/Max (100/200) + Opus 4.5** for long‑context strength and better prompt‑injection resistance. See [Onboarding](https://docs.clawd.bot/start/onboarding).

 ## Models (selection + auth)

- Models config + CLI: [Models](https://docs.clawd.bot/models)
- Auth profile rotation (OAuth vs API keys) + fallbacks: [Model failover](https://docs.clawd.bot/model-failover)
+- Models config + CLI: [Models](https://docs.clawd.bot/concepts/models)
+- Auth profile rotation (OAuth vs API keys) + fallbacks: [Model failover](https://docs.clawd.bot/concepts/model-failover)

 ## Install (recommended)

@@ -54,7 +54,7 @@ The wizard installs the Gateway daemon (launchd/systemd user service) so it stay

 Runtime: **Node ≥22**.

-Full beginner guide (auth, pairing, providers): [Getting started](https://docs.clawd.bot/getting-started)
+Full beginner guide (auth, pairing, channels): [Getting started](https://docs.clawd.bot/start/getting-started)

 ```bash
 clawdbot onboard --install-daemon
@@ -64,11 +64,11 @@ clawdbot gateway --port 18789 --verbose
 # Send a message
 clawdbot message send --to +1234567890 --message "Hello from Clawdbot"

-# Talk to the assistant (optionally deliver back to WhatsApp/Telegram/Slack/Discord)
+# Talk to the assistant (optionally deliver back to WhatsApp/Telegram/Slack/Discord/Microsoft Teams)
 clawdbot agent --message "Ship checklist" --thinking high
 ```

-Upgrading? [Updating guide](https://docs.clawd.bot/updating) (and run `clawdbot doctor`).
+Upgrading? [Updating guide](https://docs.clawd.bot/install/updating) (and run `clawdbot doctor`).

 ## From source (development)

@@ -94,89 +94,94 @@ Note: `pnpm clawdbot ...` runs TypeScript directly (via `tsx`). `pnpm build` pro

 Clawdbot connects to real messaging surfaces. Treat inbound DMs as **untrusted input**.

-Full security guide: [Security](https://docs.clawd.bot/security)
+Full security guide: [Security](https://docs.clawd.bot/gateway/security)

-Default behavior on Telegram/WhatsApp/Signal/iMessage/Discord/Slack:
- **DM pairing** (`dmPolicy="pairing"` / `discord.dm.policy="pairing"` / `slack.dm.policy="pairing"`): unknown senders receive a short pairing code and the bot does not process their message.
- Approve with: `clawdbot pairing approve --provider <provider> <code>` (then the sender is added to a local allowlist store).
- Public inbound DMs require an explicit opt-in: set `dmPolicy="open"` and include `"*"` in the provider allowlist (`allowFrom` / `discord.dm.allowFrom` / `slack.dm.allowFrom`).
+Default behavior on Telegram/WhatsApp/Signal/iMessage/Microsoft Teams/Discord/Slack:
+- **DM pairing** (`dmPolicy="pairing"` / `channels.discord.dm.policy="pairing"` / `channels.slack.dm.policy="pairing"`): unknown senders receive a short pairing code and the bot does not process their message.
+- Approve with: `clawdbot pairing approve <channel> <code>` (then the sender is added to a local allowlist store).
+- Public inbound DMs require an explicit opt-in: set `dmPolicy="open"` and include `"*"` in the channel allowlist (`allowFrom` / `channels.discord.dm.allowFrom` / `channels.slack.dm.allowFrom`).

 Run `clawdbot doctor` to surface risky/misconfigured DM policies.

 ## Highlights

- **[Local-first Gateway](https://docs.clawd.bot/gateway)** — single control plane for sessions, providers, tools, and events.
- **[Multi-provider inbox](https://docs.clawd.bot/surface)** — WhatsApp, Telegram, Slack, Discord, Signal, iMessage, WebChat, macOS, iOS/Android.
- **[Multi-agent routing](https://docs.clawd.bot/configuration)** — route inbound providers/accounts/peers to isolated agents (workspaces + per-agent sessions).
- **[Voice Wake](https://docs.clawd.bot/voicewake) + [Talk Mode](https://docs.clawd.bot/talk)** — always-on speech for macOS/iOS/Android with ElevenLabs.
- **[Live Canvas](https://docs.clawd.bot/mac/canvas)** — agent-driven visual workspace with [A2UI](https://docs.clawd.bot/mac/canvas#canvas-a2ui).
+- **[Local-first Gateway](https://docs.clawd.bot/gateway)** — single control plane for sessions, channels, tools, and events.
+- **[Multi-channel inbox](https://docs.clawd.bot/channels)** — WhatsApp, Telegram, Slack, Discord, Signal, iMessage, Microsoft Teams, WebChat, macOS, iOS/Android.
+- **[Multi-agent routing](https://docs.clawd.bot/gateway/configuration)** — route inbound channels/accounts/peers to isolated agents (workspaces + per-agent sessions).
+- **[Voice Wake](https://docs.clawd.bot/nodes/voicewake) + [Talk Mode](https://docs.clawd.bot/nodes/talk)** — always-on speech for macOS/iOS/Android with ElevenLabs.
+- **[Live Canvas](https://docs.clawd.bot/platforms/mac/canvas)** — agent-driven visual workspace with [A2UI](https://docs.clawd.bot/platforms/mac/canvas#canvas-a2ui).
 - **[First-class tools](https://docs.clawd.bot/tools)** — browser, canvas, nodes, cron, sessions, and Discord/Slack actions.
- **[Companion apps](https://docs.clawd.bot/macos)** — macOS menu bar app + iOS/Android [nodes](https://docs.clawd.bot/nodes).
- **[Onboarding](https://docs.clawd.bot/wizard) + [skills](https://docs.clawd.bot/skills)** — wizard-driven setup with bundled/managed/workspace skills.
+- **[Companion apps](https://docs.clawd.bot/platforms/macos)** — macOS menu bar app + iOS/Android [nodes](https://docs.clawd.bot/nodes).
+- **[Onboarding](https://docs.clawd.bot/start/wizard) + [skills](https://docs.clawd.bot/tools/skills)** — wizard-driven setup with bundled/managed/workspace skills.
+
+## Star History
+
+[![Star History Chart](https://api.star-history.com/svg?repos=clawdbot/clawdbot&type=date&legend=top-left)](https://www.star-history.com/#clawdbot/clawdbot&type=date&legend=top-left)

 ## Everything we built so far

 ### Core platform
- [Gateway WS control plane](https://docs.clawd.bot/gateway) with sessions, presence, config, cron, webhooks, [Control UI](https://docs.clawd.bot/web), and [Canvas host](https://docs.clawd.bot/mac/canvas#canvas-a2ui).
- [CLI surface](https://docs.clawd.bot/agent-send): gateway, agent, send, [wizard](https://docs.clawd.bot/wizard), and [doctor](https://docs.clawd.bot/doctor).
- [Pi agent runtime](https://docs.clawd.bot/agent) in RPC mode with tool streaming and block streaming.
- [Session model](https://docs.clawd.bot/session): `main` for direct chats, group isolation, activation modes, queue modes, reply-back. Group rules: [Groups](https://docs.clawd.bot/groups).
- [Media pipeline](https://docs.clawd.bot/images): images/audio/video, transcription hooks, size caps, temp file lifecycle. Audio details: [Audio](https://docs.clawd.bot/audio).
+- [Gateway WS control plane](https://docs.clawd.bot/gateway) with sessions, presence, config, cron, webhooks, [Control UI](https://docs.clawd.bot/web), and [Canvas host](https://docs.clawd.bot/platforms/mac/canvas#canvas-a2ui).
+- [CLI surface](https://docs.clawd.bot/tools/agent-send): gateway, agent, send, [wizard](https://docs.clawd.bot/start/wizard), and [doctor](https://docs.clawd.bot/gateway/doctor).
+- [Pi agent runtime](https://docs.clawd.bot/concepts/agent) in RPC mode with tool streaming and block streaming.
+- [Session model](https://docs.clawd.bot/concepts/session): `main` for direct chats, group isolation, activation modes, queue modes, reply-back. Group rules: [Groups](https://docs.clawd.bot/concepts/groups).
+- [Media pipeline](https://docs.clawd.bot/nodes/images): images/audio/video, transcription hooks, size caps, temp file lifecycle. Audio details: [Audio](https://docs.clawd.bot/nodes/audio).

-### Providers
- [Providers](https://docs.clawd.bot/surface): [WhatsApp](https://docs.clawd.bot/whatsapp) (Baileys), [Telegram](https://docs.clawd.bot/telegram) (grammY), [Slack](https://docs.clawd.bot/slack) (Bolt), [Discord](https://docs.clawd.bot/discord) (discord.js), [Signal](https://docs.clawd.bot/signal) (signal-cli), [iMessage](https://docs.clawd.bot/imessage) (imsg), [WebChat](https://docs.clawd.bot/webchat).
- [Group routing](https://docs.clawd.bot/group-messages): mention gating, reply tags, per-provider chunking and routing. Provider rules: [Providers](https://docs.clawd.bot/surface).
+### Channels
+- [Channels](https://docs.clawd.bot/channels): [WhatsApp](https://docs.clawd.bot/channels/whatsapp) (Baileys), [Telegram](https://docs.clawd.bot/channels/telegram) (grammY), [Slack](https://docs.clawd.bot/channels/slack) (Bolt), [Discord](https://docs.clawd.bot/channels/discord) (discord.js), [Signal](https://docs.clawd.bot/channels/signal) (signal-cli), [iMessage](https://docs.clawd.bot/channels/imessage) (imsg), [Microsoft Teams](https://docs.clawd.bot/channels/msteams) (Bot Framework), [WebChat](https://docs.clawd.bot/web/webchat).
+- [Group routing](https://docs.clawd.bot/concepts/group-messages): mention gating, reply tags, per-channel chunking and routing. Channel rules: [Channels](https://docs.clawd.bot/channels).

 ### Apps + nodes
- [macOS app](https://docs.clawd.bot/macos): menu bar control plane, [Voice Wake](https://docs.clawd.bot/voicewake)/PTT, [Talk Mode](https://docs.clawd.bot/talk) overlay, [WebChat](https://docs.clawd.bot/webchat), debug tools, [remote gateway](https://docs.clawd.bot/remote) control.
- [iOS node](https://docs.clawd.bot/ios): [Canvas](https://docs.clawd.bot/mac/canvas), [Voice Wake](https://docs.clawd.bot/voicewake), [Talk Mode](https://docs.clawd.bot/talk), camera, screen recording, Bonjour pairing.
- [Android node](https://docs.clawd.bot/android): [Canvas](https://docs.clawd.bot/mac/canvas), [Talk Mode](https://docs.clawd.bot/talk), camera, screen recording, optional SMS.
+- [macOS app](https://docs.clawd.bot/platforms/macos): menu bar control plane, [Voice Wake](https://docs.clawd.bot/nodes/voicewake)/PTT, [Talk Mode](https://docs.clawd.bot/nodes/talk) overlay, [WebChat](https://docs.clawd.bot/web/webchat), debug tools, [remote gateway](https://docs.clawd.bot/gateway/remote) control.
+- [iOS node](https://docs.clawd.bot/platforms/ios): [Canvas](https://docs.clawd.bot/platforms/mac/canvas), [Voice Wake](https://docs.clawd.bot/nodes/voicewake), [Talk Mode](https://docs.clawd.bot/nodes/talk), camera, screen recording, Bonjour pairing.
+- [Android node](https://docs.clawd.bot/platforms/android): [Canvas](https://docs.clawd.bot/platforms/mac/canvas), [Talk Mode](https://docs.clawd.bot/nodes/talk), camera, screen recording, optional SMS.
 - [macOS node mode](https://docs.clawd.bot/nodes): system.run/notify + canvas/camera exposure.

 ### Tools + automation
- [Browser control](https://docs.clawd.bot/browser): dedicated clawd Chrome/Chromium, snapshots, actions, uploads, profiles.
- [Canvas](https://docs.clawd.bot/mac/canvas): [A2UI](https://docs.clawd.bot/mac/canvas#canvas-a2ui) push/reset, eval, snapshot.
- [Nodes](https://docs.clawd.bot/nodes): camera snap/clip, screen record, [location.get](https://docs.clawd.bot/location-command), notifications.
- [Cron + wakeups](https://docs.clawd.bot/cron); [webhooks](https://docs.clawd.bot/webhook); [Gmail Pub/Sub](https://docs.clawd.bot/gmail-pubsub).
- [Skills platform](https://docs.clawd.bot/skills): bundled, managed, and workspace skills with install gating + UI.
+- [Browser control](https://docs.clawd.bot/tools/browser): dedicated clawd Chrome/Chromium, snapshots, actions, uploads, profiles.
+- [Canvas](https://docs.clawd.bot/platforms/mac/canvas): [A2UI](https://docs.clawd.bot/platforms/mac/canvas#canvas-a2ui) push/reset, eval, snapshot.
+- [Nodes](https://docs.clawd.bot/nodes): camera snap/clip, screen record, [location.get](https://docs.clawd.bot/nodes/location-command), notifications.
+- [Cron + wakeups](https://docs.clawd.bot/automation/cron-jobs); [webhooks](https://docs.clawd.bot/automation/webhook); [Gmail Pub/Sub](https://docs.clawd.bot/automation/gmail-pubsub).
+- [Skills platform](https://docs.clawd.bot/tools/skills): bundled, managed, and workspace skills with install gating + UI.

 ### Runtime + safety
- [Provider routing](https://docs.clawd.bot/provider-routing), [retry policy](https://docs.clawd.bot/retry), and [streaming/chunking](https://docs.clawd.bot/streaming).
- [Presence](https://docs.clawd.bot/presence), [typing indicators](https://docs.clawd.bot/typing-indicators), and [usage tracking](https://docs.clawd.bot/usage-tracking).
- [Models](https://docs.clawd.bot/models), [model failover](https://docs.clawd.bot/model-failover), and [session pruning](https://docs.clawd.bot/session-pruning).
- [Security](https://docs.clawd.bot/security) and [troubleshooting](https://docs.clawd.bot/troubleshooting).
+- [Channel routing](https://docs.clawd.bot/concepts/channel-routing), [retry policy](https://docs.clawd.bot/concepts/retry), and [streaming/chunking](https://docs.clawd.bot/concepts/streaming).
+- [Presence](https://docs.clawd.bot/concepts/presence), [typing indicators](https://docs.clawd.bot/concepts/typing-indicators), and [usage tracking](https://docs.clawd.bot/concepts/usage-tracking).
+- [Models](https://docs.clawd.bot/concepts/models), [model failover](https://docs.clawd.bot/concepts/model-failover), and [session pruning](https://docs.clawd.bot/concepts/session-pruning).
+- [Security](https://docs.clawd.bot/gateway/security) and [troubleshooting](https://docs.clawd.bot/channels/troubleshooting).

 ### Ops + packaging
- [Control UI](https://docs.clawd.bot/web) + [WebChat](https://docs.clawd.bot/webchat) served directly from the Gateway.
- [Tailscale Serve/Funnel](https://docs.clawd.bot/tailscale) or [SSH tunnels](https://docs.clawd.bot/remote) with token/password auth.
- [Nix mode](https://docs.clawd.bot/nix) for declarative config; [Docker](https://docs.clawd.bot/docker)-based installs.
- [Doctor](https://docs.clawd.bot/doctor) migrations, [logging](https://docs.clawd.bot/logging).
+- [Control UI](https://docs.clawd.bot/web) + [WebChat](https://docs.clawd.bot/web/webchat) served directly from the Gateway.
+- [Tailscale Serve/Funnel](https://docs.clawd.bot/gateway/tailscale) or [SSH tunnels](https://docs.clawd.bot/gateway/remote) with token/password auth.
+- [Nix mode](https://docs.clawd.bot/install/nix) for declarative config; [Docker](https://docs.clawd.bot/install/docker)-based installs.
+- [Doctor](https://docs.clawd.bot/gateway/doctor) migrations, [logging](https://docs.clawd.bot/logging).

 ## How it works (short)

 ```
-WhatsApp / Telegram / Slack / Discord / Signal / iMessage / WebChat
+WhatsApp / Telegram / Slack / Discord / Signal / iMessage / Microsoft Teams / WebChat
               │
               ▼
 ┌───────────────────────────────┐
-│            Gateway            │  ws://127.0.0.1:18789
-│       (control plane)         │  bridge: tcp://0.0.0.0:18790
+│            Gateway            │
+│       (control plane)         │
+│     ws://127.0.0.1:18789      │
 └──────────────┬────────────────┘
               │
               ├─ Pi agent (RPC)
               ├─ CLI (clawdbot …)
               ├─ WebChat UI
               ├─ macOS app
-               └─ iOS/Android nodes
+               └─ iOS / Android nodes
 ```

 ## Key subsystems

- **[Gateway WebSocket network](https://docs.clawd.bot/architecture)** — single WS control plane for clients, tools, and events (plus ops: [Gateway runbook](https://docs.clawd.bot/gateway)).
- **[Tailscale exposure](https://docs.clawd.bot/tailscale)** — Serve/Funnel for the Gateway dashboard + WS (remote access: [Remote](https://docs.clawd.bot/remote)).
- **[Browser control](https://docs.clawd.bot/browser)** — clawd‑managed Chrome/Chromium with CDP control.
- **[Canvas + A2UI](https://docs.clawd.bot/mac/canvas)** — agent‑driven visual workspace (A2UI host: [Canvas/A2UI](https://docs.clawd.bot/mac/canvas#canvas-a2ui)).
- **[Voice Wake](https://docs.clawd.bot/voicewake) + [Talk Mode](https://docs.clawd.bot/talk)** — always‑on speech and continuous conversation.
+- **[Gateway WebSocket network](https://docs.clawd.bot/concepts/architecture)** — single WS control plane for clients, tools, and events (plus ops: [Gateway runbook](https://docs.clawd.bot/gateway)).
+- **[Tailscale exposure](https://docs.clawd.bot/gateway/tailscale)** — Serve/Funnel for the Gateway dashboard + WS (remote access: [Remote](https://docs.clawd.bot/gateway/remote)).
+- **[Browser control](https://docs.clawd.bot/tools/browser)** — clawd‑managed Chrome/Chromium with CDP control.
+- **[Canvas + A2UI](https://docs.clawd.bot/platforms/mac/canvas)** — agent‑driven visual workspace (A2UI host: [Canvas/A2UI](https://docs.clawd.bot/platforms/mac/canvas#canvas-a2ui)).
+- **[Voice Wake](https://docs.clawd.bot/nodes/voicewake) + [Talk Mode](https://docs.clawd.bot/nodes/talk)** — always‑on speech and continuous conversation.
 - **[Nodes](https://docs.clawd.bot/nodes)** — Canvas, camera snap/clip, screen record, `location.get`, notifications, plus macOS‑only `system.run`/`system.notify`.

 ## Tailscale access (Gateway dashboard)
@@ -193,17 +198,17 @@ Notes:
 - Funnel refuses to start unless `gateway.auth.mode: "password"` is set.
 - Optional: `gateway.tailscale.resetOnExit` to undo Serve/Funnel on shutdown.

-Details: [Tailscale guide](https://docs.clawd.bot/tailscale) · [Web surfaces](https://docs.clawd.bot/web)
+Details: [Tailscale guide](https://docs.clawd.bot/gateway/tailscale) · [Web surfaces](https://docs.clawd.bot/web)

 ## Remote Gateway (Linux is great)

 It’s perfectly fine to run the Gateway on a small Linux instance. Clients (macOS app, CLI, WebChat) can connect over **Tailscale Serve/Funnel** or **SSH tunnels**, and you can still pair device nodes (macOS/iOS/Android) to execute device‑local actions when needed.

- **Gateway host** runs the bash tool and provider connections by default.
+- **Gateway host** runs the exec tool and channel connections by default.
 - **Device nodes** run device‑local actions (`system.run`, camera, screen recording, notifications) via `node.invoke`.
-In short: bash runs where the Gateway lives; device actions run where the device lives.
+In short: exec runs where the Gateway lives; device actions run where the device lives.

-Details: [Remote access](https://docs.clawd.bot/remote) · [Nodes](https://docs.clawd.bot/nodes) · [Security](https://docs.clawd.bot/security)
+Details: [Remote access](https://docs.clawd.bot/gateway/remote) · [Nodes](https://docs.clawd.bot/nodes) · [Security](https://docs.clawd.bot/gateway/security)

 ## macOS permissions via the Gateway protocol

@@ -218,7 +223,7 @@ Elevated bash (host permissions) is separate from macOS TCC:
 - Use `/elevated on|off` to toggle per‑session elevated access when enabled + allowlisted.
 - Gateway persists the per‑session toggle via `sessions.patch` (WS method) alongside `thinkingLevel`, `verboseLevel`, `model`, `sendPolicy`, and `groupActivation`.

-Details: [Nodes](https://docs.clawd.bot/nodes) · [macOS app](https://docs.clawd.bot/macos) · [Gateway protocol](https://docs.clawd.bot/architecture)
+Details: [Nodes](https://docs.clawd.bot/nodes) · [macOS app](https://docs.clawd.bot/platforms/macos) · [Gateway protocol](https://docs.clawd.bot/concepts/architecture)

 ## Agent to Agent (sessions_* tools)

@@ -227,7 +232,7 @@ Details: [Nodes](https://docs.clawd.bot/nodes) · [macOS app](https://docs.clawd
 - `sessions_history` — fetch transcript logs for a session.
 - `sessions_send` — message another session; optional reply‑back ping‑pong + announce step (`REPLY_SKIP`, `ANNOUNCE_SKIP`).

-Details: [Session tools](https://docs.clawd.bot/session-tool)
+Details: [Session tools](https://docs.clawd.bot/concepts/session-tool)

 ## Skills registry (ClawdHub)

@@ -237,18 +242,18 @@ ClawdHub is a minimal skill registry. With ClawdHub enabled, the agent can searc

 ## Chat commands

-Send these in WhatsApp/Telegram/Slack/WebChat (group commands are owner-only):
+Send these in WhatsApp/Telegram/Slack/Microsoft Teams/WebChat (group commands are owner-only):

 - `/status` — compact session status (model + tokens, cost when available)
 - `/new` or `/reset` — reset the session
 - `/compact` — compact session context (summary)
- `/think <level>` — off|minimal|low|medium|high
+- `/think <level>` — off|minimal|low|medium|high|xhigh (GPT-5.2 + Codex models only)
 - `/verbose on|off`
- `/cost on|off` — append per-response token/cost usage lines
+- `/usage off|tokens|full` — per-response usage footer
 - `/restart` — restart the gateway (owner-only in groups)
 - `/activation mention|always` — group activation toggle (groups only)

-## macOS app (optional)
+## Apps (optional)

 The Gateway alone delivers a great experience. All apps are optional and add extra features.

@@ -274,13 +279,13 @@ Note: signed builds required for macOS permissions to stick across rebuilds (see
 - Voice trigger forwarding + Canvas surface.
 - Controlled via `clawdbot nodes …`.

-Runbook: [iOS connect](https://docs.clawd.bot/ios).
+Runbook: [iOS connect](https://docs.clawd.bot/platforms/ios).

 ### Android node (optional)

 - Pairs via the same Bridge + pairing flow as iOS.
 - Exposes Canvas, Camera, and Screen capture commands.
- Runbook: [Android connect](https://docs.clawd.bot/android).
+- Runbook: [Android connect](https://docs.clawd.bot/platforms/android).

 ## Agent workspace + skills

@@ -300,7 +305,7 @@ Minimal `~/.clawdbot/clawdbot.json` (model + defaults):
 }
 ```

-[Full configuration reference (all keys + examples).](https://docs.clawd.bot/configuration)
+[Full configuration reference (all keys + examples).](https://docs.clawd.bot/gateway/configuration)

 ## Security model (important)

@@ -308,54 +313,63 @@ Minimal `~/.clawdbot/clawdbot.json` (model + defaults):
 - **Group/channel safety:** set `agents.defaults.sandbox.mode: "non-main"` to run **non‑main sessions** (groups/channels) inside per‑session Docker sandboxes; bash then runs in Docker for those sessions.
 - **Sandbox defaults:** allowlist `bash`, `process`, `read`, `write`, `edit`, `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`; denylist `browser`, `canvas`, `nodes`, `cron`, `discord`, `gateway`.

-Details: [Security guide](https://docs.clawd.bot/security) · [Docker + sandboxing](https://docs.clawd.bot/docker) · [Sandbox config](https://docs.clawd.bot/configuration)
+Details: [Security guide](https://docs.clawd.bot/gateway/security) · [Docker + sandboxing](https://docs.clawd.bot/install/docker) · [Sandbox config](https://docs.clawd.bot/gateway/configuration)

-### [WhatsApp](https://docs.clawd.bot/whatsapp)
+### [WhatsApp](https://docs.clawd.bot/channels/whatsapp)

- Link the device: `pnpm clawdbot login` (stores creds in `~/.clawdbot/credentials`).
- Allowlist who can talk to the assistant via `whatsapp.allowFrom`.
- If `whatsapp.groups` is set, it becomes a group allowlist; include `"*"` to allow all.
+- Link the device: `pnpm clawdbot channels login` (stores creds in `~/.clawdbot/credentials`).
+- Allowlist who can talk to the assistant via `channels.whatsapp.allowFrom`.
+- If `channels.whatsapp.groups` is set, it becomes a group allowlist; include `"*"` to allow all.

-### [Telegram](https://docs.clawd.bot/telegram)
+### [Telegram](https://docs.clawd.bot/channels/telegram)

- Set `TELEGRAM_BOT_TOKEN` or `telegram.botToken` (env wins).
- Optional: set `telegram.groups` (with `telegram.groups."*".requireMention`); when set, it is a group allowlist (include `"*"` to allow all). Also `telegram.allowFrom` or `telegram.webhookUrl` as needed.
+- Set `TELEGRAM_BOT_TOKEN` or `channels.telegram.botToken` (env wins).
+- Optional: set `channels.telegram.groups` (with `channels.telegram.groups."*".requireMention`); when set, it is a group allowlist (include `"*"` to allow all). Also `channels.telegram.allowFrom` or `channels.telegram.webhookUrl` as needed.

 ```json5
 {
-  telegram: {
-    botToken: "123456:ABCDEF"
+  channels: {
+    telegram: {
+      botToken: "123456:ABCDEF"
+    }
  }
 }
 ```

-### [Slack](https://docs.clawd.bot/slack)
+### [Slack](https://docs.clawd.bot/channels/slack)

- Set `SLACK_BOT_TOKEN` + `SLACK_APP_TOKEN` (or `slack.botToken` + `slack.appToken`).
+- Set `SLACK_BOT_TOKEN` + `SLACK_APP_TOKEN` (or `channels.slack.botToken` + `channels.slack.appToken`).

-### [Discord](https://docs.clawd.bot/discord)
+### [Discord](https://docs.clawd.bot/channels/discord)

- Set `DISCORD_BOT_TOKEN` or `discord.token` (env wins).
- Optional: set `commands.native`, `commands.text`, or `commands.useAccessGroups`, plus `discord.dm.allowFrom`, `discord.guilds`, or `discord.mediaMaxMb` as needed.
+- Set `DISCORD_BOT_TOKEN` or `channels.discord.token` (env wins).
+- Optional: set `commands.native`, `commands.text`, or `commands.useAccessGroups`, plus `channels.discord.dm.allowFrom`, `channels.discord.guilds`, or `channels.discord.mediaMaxMb` as needed.

 ```json5
 {
-  discord: {
-    token: "1234abcd"
+  channels: {
+    discord: {
+      token: "1234abcd"
+    }
  }
 }
 ```

-### [Signal](https://docs.clawd.bot/signal)
+### [Signal](https://docs.clawd.bot/channels/signal)

- Requires `signal-cli` and a `signal` config section.
+- Requires `signal-cli` and a `channels.signal` config section.

-### [iMessage](https://docs.clawd.bot/imessage)
+### [iMessage](https://docs.clawd.bot/channels/imessage)

 - macOS only; Messages must be signed in.
- If `imessage.groups` is set, it becomes a group allowlist; include `"*"` to allow all.
+- If `channels.imessage.groups` is set, it becomes a group allowlist; include `"*"` to allow all.

-### [WebChat](https://docs.clawd.bot/webchat)
+### [Microsoft Teams](https://docs.clawd.bot/channels/msteams)
+
+- Configure a Teams app + Bot Framework, then add a `msteams` config section.
+- Allowlist who can talk via `msteams.allowFrom`; group access via `msteams.groupAllowFrom` or `msteams.groupPolicy: "open"`.
+
+### [WebChat](https://docs.clawd.bot/web/webchat)

 - Uses the Gateway WebSocket; no separate WebChat port/config.

@@ -375,68 +389,68 @@ Browser control (optional):

 Use these when you’re past the onboarding flow and want the deeper reference.
 - [Start with the docs index for navigation and “what’s where.”](https://docs.clawd.bot)
- [Read the architecture overview for the gateway + protocol model.](https://docs.clawd.bot/architecture)
- [Use the full configuration reference when you need every key and example.](https://docs.clawd.bot/configuration)
+- [Read the architecture overview for the gateway + protocol model.](https://docs.clawd.bot/concepts/architecture)
+- [Use the full configuration reference when you need every key and example.](https://docs.clawd.bot/gateway/configuration)
 - [Run the Gateway by the book with the operational runbook.](https://docs.clawd.bot/gateway)
 - [Learn how the Control UI/Web surfaces work and how to expose them safely.](https://docs.clawd.bot/web)
- [Understand remote access over SSH tunnels or tailnets.](https://docs.clawd.bot/remote)
- [Follow the onboarding wizard flow for a guided setup.](https://docs.clawd.bot/wizard)
- [Wire external triggers via the webhook surface.](https://docs.clawd.bot/webhook)
- [Set up Gmail Pub/Sub triggers.](https://docs.clawd.bot/gmail-pubsub)
- [Learn the macOS menu bar companion details.](https://docs.clawd.bot/mac/menu-bar)
- [Platform guides: Windows (WSL2)](https://docs.clawd.bot/windows), [Linux](https://docs.clawd.bot/linux), [macOS](https://docs.clawd.bot/macos), [iOS](https://docs.clawd.bot/ios), [Android](https://docs.clawd.bot/android)
- [Debug common failures with the troubleshooting guide.](https://docs.clawd.bot/troubleshooting)
- [Review security guidance before exposing anything.](https://docs.clawd.bot/security)
+- [Understand remote access over SSH tunnels or tailnets.](https://docs.clawd.bot/gateway/remote)
+- [Follow the onboarding wizard flow for a guided setup.](https://docs.clawd.bot/start/wizard)
+- [Wire external triggers via the webhook surface.](https://docs.clawd.bot/automation/webhook)
+- [Set up Gmail Pub/Sub triggers.](https://docs.clawd.bot/automation/gmail-pubsub)
+- [Learn the macOS menu bar companion details.](https://docs.clawd.bot/platforms/mac/menu-bar)
+- [Platform guides: Windows (WSL2)](https://docs.clawd.bot/platforms/windows), [Linux](https://docs.clawd.bot/platforms/linux), [macOS](https://docs.clawd.bot/platforms/macos), [iOS](https://docs.clawd.bot/platforms/ios), [Android](https://docs.clawd.bot/platforms/android)
+- [Debug common failures with the troubleshooting guide.](https://docs.clawd.bot/channels/troubleshooting)
+- [Review security guidance before exposing anything.](https://docs.clawd.bot/gateway/security)

 ## Advanced docs (discovery + control)

- [Discovery + transports](https://docs.clawd.bot/discovery)
- [Bonjour/mDNS](https://docs.clawd.bot/bonjour)
+- [Discovery + transports](https://docs.clawd.bot/gateway/discovery)
+- [Bonjour/mDNS](https://docs.clawd.bot/gateway/bonjour)
 - [Gateway pairing](https://docs.clawd.bot/gateway/pairing)
- [Remote gateway README](https://docs.clawd.bot/remote-gateway-readme)
- [Control UI](https://docs.clawd.bot/control-ui)
- [Dashboard](https://docs.clawd.bot/dashboard)
+- [Remote gateway README](https://docs.clawd.bot/gateway/remote-gateway-readme)
+- [Control UI](https://docs.clawd.bot/web/control-ui)
+- [Dashboard](https://docs.clawd.bot/web/dashboard)

 ## Operations & troubleshooting

- [Health checks](https://docs.clawd.bot/health)
- [Gateway lock](https://docs.clawd.bot/gateway-lock)
- [Background process](https://docs.clawd.bot/background-process)
- [Browser troubleshooting (Linux)](https://docs.clawd.bot/browser-linux-troubleshooting)
+- [Health checks](https://docs.clawd.bot/gateway/health)
+- [Gateway lock](https://docs.clawd.bot/gateway/gateway-lock)
+- [Background process](https://docs.clawd.bot/gateway/background-process)
+- [Browser troubleshooting (Linux)](https://docs.clawd.bot/tools/browser-linux-troubleshooting)
 - [Logging](https://docs.clawd.bot/logging)

 ## Deep dives

- [Agent loop](https://docs.clawd.bot/agent-loop)
- [Presence](https://docs.clawd.bot/presence)
- [TypeBox schemas](https://docs.clawd.bot/typebox)
- [RPC adapters](https://docs.clawd.bot/rpc)
- [Queue](https://docs.clawd.bot/queue)
+- [Agent loop](https://docs.clawd.bot/concepts/agent-loop)
+- [Presence](https://docs.clawd.bot/concepts/presence)
+- [TypeBox schemas](https://docs.clawd.bot/concepts/typebox)
+- [RPC adapters](https://docs.clawd.bot/reference/rpc)
+- [Queue](https://docs.clawd.bot/concepts/queue)

 ## Workspace & skills

- [Skills config](https://docs.clawd.bot/skills-config)
- [Default AGENTS](https://docs.clawd.bot/AGENTS.default)
- [Templates: AGENTS](https://docs.clawd.bot/templates/AGENTS)
- [Templates: BOOTSTRAP](https://docs.clawd.bot/templates/BOOTSTRAP)
- [Templates: IDENTITY](https://docs.clawd.bot/templates/IDENTITY)
- [Templates: SOUL](https://docs.clawd.bot/templates/SOUL)
- [Templates: TOOLS](https://docs.clawd.bot/templates/TOOLS)
- [Templates: USER](https://docs.clawd.bot/templates/USER)
+- [Skills config](https://docs.clawd.bot/tools/skills-config)
+- [Default AGENTS](https://docs.clawd.bot/reference/AGENTS.default)
+- [Templates: AGENTS](https://docs.clawd.bot/reference/templates/AGENTS)
+- [Templates: BOOTSTRAP](https://docs.clawd.bot/reference/templates/BOOTSTRAP)
+- [Templates: IDENTITY](https://docs.clawd.bot/reference/templates/IDENTITY)
+- [Templates: SOUL](https://docs.clawd.bot/reference/templates/SOUL)
+- [Templates: TOOLS](https://docs.clawd.bot/reference/templates/TOOLS)
+- [Templates: USER](https://docs.clawd.bot/reference/templates/USER)

 ## Platform internals

- [macOS dev setup](https://docs.clawd.bot/mac/dev-setup)
- [macOS menu bar](https://docs.clawd.bot/mac/menu-bar)
- [macOS voice wake](https://docs.clawd.bot/mac/voicewake)
- [iOS node](https://docs.clawd.bot/ios)
- [Android node](https://docs.clawd.bot/android)
- [Windows (WSL2)](https://docs.clawd.bot/windows)
- [Linux app](https://docs.clawd.bot/linux)
+- [macOS dev setup](https://docs.clawd.bot/platforms/mac/dev-setup)
+- [macOS menu bar](https://docs.clawd.bot/platforms/mac/menu-bar)
+- [macOS voice wake](https://docs.clawd.bot/platforms/mac/voicewake)
+- [iOS node](https://docs.clawd.bot/platforms/ios)
+- [Android node](https://docs.clawd.bot/platforms/android)
+- [Windows (WSL2)](https://docs.clawd.bot/platforms/windows)
+- [Linux app](https://docs.clawd.bot/platforms/linux)

 ## Email hooks (Gmail)

- [docs.clawd.bot/gmail-pubsub](https://docs.clawd.bot/gmail-pubsub)
+- [docs.clawd.bot/gmail-pubsub](https://docs.clawd.bot/automation/gmail-pubsub)

 ## Clawd

@@ -454,20 +468,31 @@ AI/vibe-coded PRs welcome! 🤖

 Special thanks to @andrewting19 for the Anthropic OAuth tool-name fix.

+Core contributors:
+- @cpojer — Telegram onboarding UX + docs
+
 Thanks to all clawtributors:

 <p align="left">
-  <a href="https://github.com/steipete"><img src="https://avatars.githubusercontent.com/u/58493?v=4&s=48" width="48" height="48" alt="steipete" title="steipete"/></a> <a href="https://github.com/joaohlisboa"><img src="https://avatars.githubusercontent.com/u/8200873?v=4&s=48" width="48" height="48" alt="joaohlisboa" title="joaohlisboa"/></a> <a href="https://github.com/mneves75"><img src="https://avatars.githubusercontent.com/u/2423436?v=4&s=48" width="48" height="48" alt="mneves75" title="mneves75"/></a> <a href="https://github.com/rahthakor"><img src="https://avatars.githubusercontent.com/u/8470553?v=4&s=48" width="48" height="48" alt="rahthakor" title="rahthakor"/></a> <a href="https://github.com/joshp123"><img src="https://avatars.githubusercontent.com/u/1497361?v=4&s=48" width="48" height="48" alt="joshp123" title="joshp123"/></a> <a href="https://github.com/mukhtharcm"><img src="https://avatars.githubusercontent.com/u/56378562?v=4&s=48" width="48" height="48" alt="mukhtharcm" title="mukhtharcm"/></a> <a href="https://github.com/maxsumrall"><img src="https://avatars.githubusercontent.com/u/628843?v=4&s=48" width="48" height="48" alt="maxsumrall" title="maxsumrall"/></a> <a href="https://github.com/xadenryan"><img src="https://avatars.githubusercontent.com/u/165437834?v=4&s=48" width="48" height="48" alt="xadenryan" title="xadenryan"/></a> <a href="https://github.com/tobiasbischoff"><img src="https://avatars.githubusercontent.com/u/711564?v=4&s=48" width="48" height="48" alt="Tobias Bischoff" title="Tobias Bischoff"/></a> <a href="https://github.com/hsrvc"><img src="https://avatars.githubusercontent.com/u/129702169?v=4&s=48" width="48" height="48" alt="hsrvc" title="hsrvc"/></a>
-  <a href="https://github.com/jamesgroat"><img src="https://avatars.githubusercontent.com/u/2634024?v=4&s=48" width="48" height="48" alt="jamesgroat" title="jamesgroat"/></a> <a href="https://github.com/NicholasSpisak"><img src="https://avatars.githubusercontent.com/u/129075147?v=4&s=48" width="48" height="48" alt="NicholasSpisak" title="NicholasSpisak"/></a> <a href="https://github.com/dantelex"><img src="https://avatars.githubusercontent.com/u/631543?v=4&s=48" width="48" height="48" alt="dantelex" title="dantelex"/></a> <a href="https://github.com/daveonkels"><img src="https://avatars.githubusercontent.com/u/533642?v=4&s=48" width="48" height="48" alt="daveonkels" title="daveonkels"/></a> <a href="https://github.com/omniwired"><img src="https://avatars.githubusercontent.com/u/322761?v=4&s=48" width="48" height="48" alt="Eng. Juan Combetto" title="Eng. Juan Combetto"/></a> <a href="https://github.com/mbelinky"><img src="https://avatars.githubusercontent.com/u/132747814?v=4&s=48" width="48" height="48" alt="Mariano Belinky" title="Mariano Belinky"/></a> <a href="https://github.com/julianengel"><img src="https://avatars.githubusercontent.com/u/10634231?v=4&s=48" width="48" height="48" alt="julianengel" title="julianengel"/></a> <a href="https://github.com/claude"><img src="https://avatars.githubusercontent.com/u/81847?v=4&s=48" width="48" height="48" alt="claude" title="claude"/></a> <a href="https://github.com/sreekaransrinath"><img src="https://avatars.githubusercontent.com/u/50989977?v=4&s=48" width="48" height="48" alt="sreekaransrinath" title="sreekaransrinath"/></a> <a href="https://github.com/dbhurley"><img src="https://avatars.githubusercontent.com/u/5251425?v=4&s=48" width="48" height="48" alt="dbhurley" title="dbhurley"/></a>
-  <a href="https://github.com/gupsammy"><img src="https://avatars.githubusercontent.com/u/20296019?v=4&s=48" width="48" height="48" alt="gupsammy" title="gupsammy"/></a> <a href="https://github.com/nachoiacovino"><img src="https://avatars.githubusercontent.com/u/50103937?v=4&s=48" width="48" height="48" alt="nachoiacovino" title="nachoiacovino"/></a> <a href="https://github.com/vsabavat"><img src="https://avatars.githubusercontent.com/u/50385532?v=4&s=48" width="48" height="48" alt="Vasanth Rao Naik Sabavat" title="Vasanth Rao Naik Sabavat"/></a> <a href="https://github.com/jeffersonwarrior"><img src="https://avatars.githubusercontent.com/u/89030989?v=4&s=48" width="48" height="48" alt="jeffersonwarrior" title="jeffersonwarrior"/></a> <a href="https://github.com/lc0rp"><img src="https://avatars.githubusercontent.com/u/2609441?v=4&s=48" width="48" height="48" alt="lc0rp" title="lc0rp"/></a> <a href="https://github.com/scald"><img src="https://avatars.githubusercontent.com/u/1215913?v=4&s=48" width="48" height="48" alt="scald" title="scald"/></a> <a href="https://github.com/andranik-sahakyan"><img src="https://avatars.githubusercontent.com/u/8908029?v=4&s=48" width="48" height="48" alt="andranik-sahakyan" title="andranik-sahakyan"/></a> <a href="https://github.com/Nachx639"><img src="https://avatars.githubusercontent.com/u/71144023?v=4&s=48" width="48" height="48" alt="nachx639" title="nachx639"/></a> <a href="https://github.com/sircrumpet"><img src="https://avatars.githubusercontent.com/u/4436535?v=4&s=48" width="48" height="48" alt="sircrumpet" title="sircrumpet"/></a> <a href="https://github.com/rafaelreis-r"><img src="https://avatars.githubusercontent.com/u/57492577?v=4&s=48" width="48" height="48" alt="rafaelreis-r" title="rafaelreis-r"/></a>
-  <a href="https://github.com/meaningfool"><img src="https://avatars.githubusercontent.com/u/2862331?v=4&s=48" width="48" height="48" alt="meaningfool" title="meaningfool"/></a> <a href="https://github.com/ratulsarna"><img src="https://avatars.githubusercontent.com/u/105903728?v=4&s=48" width="48" height="48" alt="ratulsarna" title="ratulsarna"/></a> <a href="https://github.com/lutr0"><img src="https://avatars.githubusercontent.com/u/76906369?v=4&s=48" width="48" height="48" alt="lutr0" title="lutr0"/></a> <a href="https://github.com/AbhisekBasu1"><img src="https://avatars.githubusercontent.com/u/40645221?v=4&s=48" width="48" height="48" alt="abhisekbasu1" title="abhisekbasu1"/></a> <a href="https://github.com/emanuelst"><img src="https://avatars.githubusercontent.com/u/9994339?v=4&s=48" width="48" height="48" alt="emanuelst" title="emanuelst"/></a> <a href="https://github.com/thewilloftheshadow"><img src="https://avatars.githubusercontent.com/u/35580099?v=4&s=48" width="48" height="48" alt="thewilloftheshadow" title="thewilloftheshadow"/></a> <a href="https://github.com/osolmaz"><img src="https://avatars.githubusercontent.com/u/2453968?v=4&s=48" width="48" height="48" alt="osolmaz" title="osolmaz"/></a> <a href="https://github.com/kiranjd"><img src="https://avatars.githubusercontent.com/u/25822851?v=4&s=48" width="48" height="48" alt="kiranjd" title="kiranjd"/></a> <a href="https://github.com/onutc"><img src="https://avatars.githubusercontent.com/u/152018508?v=4&s=48" width="48" height="48" alt="onutc" title="onutc"/></a> <a href="https://github.com/CashWilliams"><img src="https://avatars.githubusercontent.com/u/613573?v=4&s=48" width="48" height="48" alt="CashWilliams" title="CashWilliams"/></a>
-  <a href="https://github.com/search?q=sheeek"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="sheeek" title="sheeek"/></a> <a href="https://github.com/ManuelHettich"><img src="https://avatars.githubusercontent.com/u/17690367?v=4&s=48" width="48" height="48" alt="manuelhettich" title="manuelhettich"/></a> <a href="https://github.com/minghinmatthewlam"><img src="https://avatars.githubusercontent.com/u/14224566?v=4&s=48" width="48" height="48" alt="minghinmatthewlam" title="minghinmatthewlam"/></a> <a href="https://github.com/magimetal"><img src="https://avatars.githubusercontent.com/u/36491250?v=4&s=48" width="48" height="48" alt="magimetal" title="magimetal"/></a> <a href="https://github.com/buddyh"><img src="https://avatars.githubusercontent.com/u/31752869?v=4&s=48" width="48" height="48" alt="buddyh" title="buddyh"/></a> <a href="https://github.com/mcinteerj"><img src="https://avatars.githubusercontent.com/u/3613653?v=4&s=48" width="48" height="48" alt="mcinteerj" title="mcinteerj"/></a> <a href="https://github.com/timkrase"><img src="https://avatars.githubusercontent.com/u/38947626?v=4&s=48" width="48" height="48" alt="timkrase" title="timkrase"/></a> <a href="https://github.com/azade-c"><img src="https://avatars.githubusercontent.com/u/252790079?v=4&s=48" width="48" height="48" alt="azade-c" title="azade-c"/></a> <a href="https://github.com/apps/blacksmith-sh"><img src="https://avatars.githubusercontent.com/in/807020?v=4&s=48" width="48" height="48" alt="blacksmith-sh[bot]" title="blacksmith-sh[bot]"/></a> <a href="https://github.com/imfing"><img src="https://avatars.githubusercontent.com/u/5097752?v=4&s=48" width="48" height="48" alt="imfing" title="imfing"/></a>
-  <a href="https://github.com/petter-b"><img src="https://avatars.githubusercontent.com/u/62076402?v=4&s=48" width="48" height="48" alt="petter-b" title="petter-b"/></a> <a href="https://github.com/RandyVentures"><img src="https://avatars.githubusercontent.com/u/149904821?v=4&s=48" width="48" height="48" alt="RandyVentures" title="RandyVentures"/></a> <a href="https://github.com/search?q=Yurii%20Chukhlib"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Yurii Chukhlib" title="Yurii Chukhlib"/></a> <a href="https://github.com/jalehman"><img src="https://avatars.githubusercontent.com/u/550978?v=4&s=48" width="48" height="48" alt="jalehman" title="jalehman"/></a> <a href="https://github.com/obviyus"><img src="https://avatars.githubusercontent.com/u/22031114?v=4&s=48" width="48" height="48" alt="obviyus" title="obviyus"/></a> <a href="https://github.com/dan-dr"><img src="https://avatars.githubusercontent.com/u/6669808?v=4&s=48" width="48" height="48" alt="dan-dr" title="dan-dr"/></a> <a href="https://github.com/Iamadig"><img src="https://avatars.githubusercontent.com/u/102129234?v=4&s=48" width="48" height="48" alt="iamadig" title="iamadig"/></a> <a href="https://github.com/koala73"><img src="https://avatars.githubusercontent.com/u/996596?v=4&s=48" width="48" height="48" alt="koala73" title="koala73"/></a> <a href="https://github.com/manmal"><img src="https://avatars.githubusercontent.com/u/142797?v=4&s=48" width="48" height="48" alt="manmal" title="manmal"/></a> <a href="https://github.com/ogulcancelik"><img src="https://avatars.githubusercontent.com/u/7064011?v=4&s=48" width="48" height="48" alt="ogulcancelik" title="ogulcancelik"/></a>
-  <a href="https://github.com/VACInc"><img src="https://avatars.githubusercontent.com/u/3279061?v=4&s=48" width="48" height="48" alt="VACInc" title="VACInc"/></a> <a href="https://github.com/zats"><img src="https://avatars.githubusercontent.com/u/2688806?v=4&s=48" width="48" height="48" alt="zats" title="zats"/></a> <a href="https://github.com/djangonavarro220"><img src="https://avatars.githubusercontent.com/u/251162586?v=4&s=48" width="48" height="48" alt="Django Navarro" title="Django Navarro"/></a> <a href="https://github.com/search?q=L36%20Server"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="L36 Server" title="L36 Server"/></a> <a href="https://github.com/neist"><img src="https://avatars.githubusercontent.com/u/1029724?v=4&s=48" width="48" height="48" alt="neist" title="neist"/></a> <a href="https://github.com/pcty-nextgen-service-account"><img src="https://avatars.githubusercontent.com/u/112553441?v=4&s=48" width="48" height="48" alt="pcty-nextgen-service-account" title="pcty-nextgen-service-account"/></a> <a href="https://github.com/Syhids"><img src="https://avatars.githubusercontent.com/u/671202?v=4&s=48" width="48" height="48" alt="Syhids" title="Syhids"/></a> <a href="https://github.com/erik-agens"><img src="https://avatars.githubusercontent.com/u/80908960?v=4&s=48" width="48" height="48" alt="erik-agens" title="erik-agens"/></a> <a href="https://github.com/erikpr1994"><img src="https://avatars.githubusercontent.com/u/6299331?v=4&s=48" width="48" height="48" alt="erikpr1994" title="erikpr1994"/></a> <a href="https://github.com/fcatuhe"><img src="https://avatars.githubusercontent.com/u/17382215?v=4&s=48" width="48" height="48" alt="fcatuhe" title="fcatuhe"/></a>
-  <a href="https://github.com/jayhickey"><img src="https://avatars.githubusercontent.com/u/1676460?v=4&s=48" width="48" height="48" alt="jayhickey" title="jayhickey"/></a> <a href="https://github.com/jonasjancarik"><img src="https://avatars.githubusercontent.com/u/2459191?v=4&s=48" width="48" height="48" alt="jonasjancarik" title="jonasjancarik"/></a> <a href="https://github.com/jdrhyne"><img src="https://avatars.githubusercontent.com/u/7828464?v=4&s=48" width="48" height="48" alt="Jonathan D. Rhyne (DJ-D)" title="Jonathan D. Rhyne (DJ-D)"/></a> <a href="https://github.com/jverdi"><img src="https://avatars.githubusercontent.com/u/345050?v=4&s=48" width="48" height="48" alt="jverdi" title="jverdi"/></a> <a href="https://github.com/search?q=Keith%20the%20Silly%20Goose"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Keith the Silly Goose" title="Keith the Silly Goose"/></a> <a href="https://github.com/search?q=Kit"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Kit" title="Kit"/></a> <a href="https://github.com/mitschabaude-bot"><img src="https://avatars.githubusercontent.com/u/247582884?v=4&s=48" width="48" height="48" alt="mitschabaude-bot" title="mitschabaude-bot"/></a> <a href="https://github.com/ngutman"><img src="https://avatars.githubusercontent.com/u/1540134?v=4&s=48" width="48" height="48" alt="ngutman" title="ngutman"/></a> <a href="https://github.com/oswalpalash"><img src="https://avatars.githubusercontent.com/u/6431196?v=4&s=48" width="48" height="48" alt="oswalpalash" title="oswalpalash"/></a> <a href="https://github.com/p6l-richard"><img src="https://avatars.githubusercontent.com/u/18185649?v=4&s=48" width="48" height="48" alt="p6l-richard" title="p6l-richard"/></a>
-  <a href="https://github.com/philipp-spiess"><img src="https://avatars.githubusercontent.com/u/458591?v=4&s=48" width="48" height="48" alt="philipp-spiess" title="philipp-spiess"/></a> <a href="https://github.com/pkrmf"><img src="https://avatars.githubusercontent.com/u/1714267?v=4&s=48" width="48" height="48" alt="pkrmf" title="pkrmf"/></a> <a href="https://github.com/search?q=Sash%20Catanzarite"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Sash Catanzarite" title="Sash Catanzarite"/></a> <a href="https://github.com/search?q=VAC"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="VAC" title="VAC"/></a> <a href="https://github.com/search?q=alejandro%20maza"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="alejandro maza" title="alejandro maza"/></a> <a href="https://github.com/andrewting19"><img src="https://avatars.githubusercontent.com/u/10536704?v=4&s=48" width="48" height="48" alt="andrewting19" title="andrewting19"/></a> <a href="https://github.com/antons"><img src="https://avatars.githubusercontent.com/u/129705?v=4&s=48" width="48" height="48" alt="antons" title="antons"/></a> <a href="https://github.com/Asleep123"><img src="https://avatars.githubusercontent.com/u/122379135?v=4&s=48" width="48" height="48" alt="Asleep123" title="Asleep123"/></a> <a href="https://github.com/bjesuiter"><img src="https://avatars.githubusercontent.com/u/2365676?v=4&s=48" width="48" height="48" alt="bjesuiter" title="bjesuiter"/></a> <a href="https://github.com/bolismauro"><img src="https://avatars.githubusercontent.com/u/771999?v=4&s=48" width="48" height="48" alt="bolismauro" title="bolismauro"/></a>
-  <a href="https://github.com/cash-echo-bot"><img src="https://avatars.githubusercontent.com/u/252747386?v=4&s=48" width="48" height="48" alt="cash-echo-bot" title="cash-echo-bot"/></a> <a href="https://github.com/search?q=Clawd"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Clawd" title="Clawd"/></a> <a href="https://github.com/conhecendocontato"><img src="https://avatars.githubusercontent.com/u/82890727?v=4&s=48" width="48" height="48" alt="conhecendocontato" title="conhecendocontato"/></a> <a href="https://github.com/gtsifrikas"><img src="https://avatars.githubusercontent.com/u/8904378?v=4&s=48" width="48" height="48" alt="gtsifrikas" title="gtsifrikas"/></a> <a href="https://github.com/HazAT"><img src="https://avatars.githubusercontent.com/u/363802?v=4&s=48" width="48" height="48" alt="HazAT" title="HazAT"/></a> <a href="https://github.com/hrdwdmrbl"><img src="https://avatars.githubusercontent.com/u/554881?v=4&s=48" width="48" height="48" alt="hrdwdmrbl" title="hrdwdmrbl"/></a> <a href="https://github.com/hugobarauna"><img src="https://avatars.githubusercontent.com/u/2719?v=4&s=48" width="48" height="48" alt="hugobarauna" title="hugobarauna"/></a> <a href="https://github.com/search?q=Jarvis"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jarvis" title="Jarvis"/></a> <a href="https://github.com/kitze"><img src="https://avatars.githubusercontent.com/u/1160594?v=4&s=48" width="48" height="48" alt="kitze" title="kitze"/></a> <a href="https://github.com/kkarimi"><img src="https://avatars.githubusercontent.com/u/875218?v=4&s=48" width="48" height="48" alt="kkarimi" title="kkarimi"/></a>
-  <a href="https://github.com/loukotal"><img src="https://avatars.githubusercontent.com/u/18210858?v=4&s=48" width="48" height="48" alt="loukotal" title="loukotal"/></a> <a href="https://github.com/martinpucik"><img src="https://avatars.githubusercontent.com/u/5503097?v=4&s=48" width="48" height="48" alt="martinpucik" title="martinpucik"/></a> <a href="https://github.com/search?q=Miles"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Miles" title="Miles"/></a> <a href="https://github.com/mrdbstn"><img src="https://avatars.githubusercontent.com/u/58957632?v=4&s=48" width="48" height="48" alt="mrdbstn" title="mrdbstn"/></a> <a href="https://github.com/MSch"><img src="https://avatars.githubusercontent.com/u/7475?v=4&s=48" width="48" height="48" alt="MSch" title="MSch"/></a> <a href="https://github.com/nexty5870"><img src="https://avatars.githubusercontent.com/u/3869659?v=4&s=48" width="48" height="48" alt="nexty5870" title="nexty5870"/></a> <a href="https://github.com/prathamdby"><img src="https://avatars.githubusercontent.com/u/134331217?v=4&s=48" width="48" height="48" alt="prathamdby" title="prathamdby"/></a> <a href="https://github.com/reeltimeapps"><img src="https://avatars.githubusercontent.com/u/637338?v=4&s=48" width="48" height="48" alt="reeltimeapps" title="reeltimeapps"/></a> <a href="https://github.com/RLTCmpe"><img src="https://avatars.githubusercontent.com/u/10762242?v=4&s=48" width="48" height="48" alt="RLTCmpe" title="RLTCmpe"/></a> <a href="https://github.com/search?q=Rolf%20Fredheim"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Rolf Fredheim" title="Rolf Fredheim"/></a>
-  <a href="https://github.com/snopoke"><img src="https://avatars.githubusercontent.com/u/249606?v=4&s=48" width="48" height="48" alt="snopoke" title="snopoke"/></a> <a href="https://github.com/wstock"><img src="https://avatars.githubusercontent.com/u/1394687?v=4&s=48" width="48" height="48" alt="wstock" title="wstock"/></a> <a href="https://github.com/YuriNachos"><img src="https://avatars.githubusercontent.com/u/19365375?v=4&s=48" width="48" height="48" alt="YuriNachos" title="YuriNachos"/></a> <a href="https://github.com/search?q=Azade"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Azade" title="Azade"/></a> <a href="https://github.com/search?q=ddyo"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="ddyo" title="ddyo"/></a> <a href="https://github.com/search?q=Erik"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Erik" title="Erik"/></a> <a href="https://github.com/latitudeki5223"><img src="https://avatars.githubusercontent.com/u/119656367?v=4&s=48" width="48" height="48" alt="latitudeki5223" title="latitudeki5223"/></a> <a href="https://github.com/search?q=Manuel%20Maly"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Manuel Maly" title="Manuel Maly"/></a> <a href="https://github.com/search?q=Mourad%20Boustani"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Mourad Boustani" title="Mourad Boustani"/></a> <a href="https://github.com/pcty-nextgen-ios-builder"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="pcty-nextgen-ios-builder" title="pcty-nextgen-ios-builder"/></a>
-  <a href="https://github.com/search?q=Quentin"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Quentin" title="Quentin"/></a> <a href="https://github.com/search?q=Randy%20Torres"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Randy Torres" title="Randy Torres"/></a> <a href="https://github.com/search?q=William%20Stock"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="William Stock" title="William Stock"/></a> <a href="https://github.com/zknicker"><img src="https://avatars.githubusercontent.com/u/1164085?v=4&s=48" width="48" height="48" alt="zknicker" title="zknicker"/></a>
+  <a href="https://github.com/steipete"><img src="https://avatars.githubusercontent.com/u/58493?v=4&s=48" width="48" height="48" alt="steipete" title="steipete"/></a> <a href="https://github.com/bohdanpodvirnyi"><img src="https://avatars.githubusercontent.com/u/31819391?v=4&s=48" width="48" height="48" alt="bohdanpodvirnyi" title="bohdanpodvirnyi"/></a> <a href="https://github.com/joaohlisboa"><img src="https://avatars.githubusercontent.com/u/8200873?v=4&s=48" width="48" height="48" alt="joaohlisboa" title="joaohlisboa"/></a> <a href="https://github.com/mneves75"><img src="https://avatars.githubusercontent.com/u/2423436?v=4&s=48" width="48" height="48" alt="mneves75" title="mneves75"/></a> <a href="https://github.com/MatthieuBizien"><img src="https://avatars.githubusercontent.com/u/173090?v=4&s=48" width="48" height="48" alt="MatthieuBizien" title="MatthieuBizien"/></a> <a href="https://github.com/rahthakor"><img src="https://avatars.githubusercontent.com/u/8470553?v=4&s=48" width="48" height="48" alt="rahthakor" title="rahthakor"/></a> <a href="https://github.com/vrknetha"><img src="https://avatars.githubusercontent.com/u/20596261?v=4&s=48" width="48" height="48" alt="vrknetha" title="vrknetha"/></a> <a href="https://github.com/joshp123"><img src="https://avatars.githubusercontent.com/u/1497361?v=4&s=48" width="48" height="48" alt="joshp123" title="joshp123"/></a> <a href="https://github.com/mukhtharcm"><img src="https://avatars.githubusercontent.com/u/56378562?v=4&s=48" width="48" height="48" alt="mukhtharcm" title="mukhtharcm"/></a> <a href="https://github.com/maxsumrall"><img src="https://avatars.githubusercontent.com/u/628843?v=4&s=48" width="48" height="48" alt="maxsumrall" title="maxsumrall"/></a>
+  <a href="https://github.com/xadenryan"><img src="https://avatars.githubusercontent.com/u/165437834?v=4&s=48" width="48" height="48" alt="xadenryan" title="xadenryan"/></a> <a href="https://github.com/tobiasbischoff"><img src="https://avatars.githubusercontent.com/u/711564?v=4&s=48" width="48" height="48" alt="Tobias Bischoff" title="Tobias Bischoff"/></a> <a href="https://github.com/juanpablodlc"><img src="https://avatars.githubusercontent.com/u/92012363?v=4&s=48" width="48" height="48" alt="juanpablodlc" title="juanpablodlc"/></a> <a href="https://github.com/hsrvc"><img src="https://avatars.githubusercontent.com/u/129702169?v=4&s=48" width="48" height="48" alt="hsrvc" title="hsrvc"/></a> <a href="https://github.com/magimetal"><img src="https://avatars.githubusercontent.com/u/36491250?v=4&s=48" width="48" height="48" alt="magimetal" title="magimetal"/></a> <a href="https://github.com/meaningfool"><img src="https://avatars.githubusercontent.com/u/2862331?v=4&s=48" width="48" height="48" alt="meaningfool" title="meaningfool"/></a> <a href="https://github.com/NicholasSpisak"><img src="https://avatars.githubusercontent.com/u/129075147?v=4&s=48" width="48" height="48" alt="NicholasSpisak" title="NicholasSpisak"/></a> <a href="https://github.com/AbhisekBasu1"><img src="https://avatars.githubusercontent.com/u/40645221?v=4&s=48" width="48" height="48" alt="abhisekbasu1" title="abhisekbasu1"/></a> <a href="https://github.com/claude"><img src="https://avatars.githubusercontent.com/u/81847?v=4&s=48" width="48" height="48" alt="claude" title="claude"/></a> <a href="https://github.com/jamesgroat"><img src="https://avatars.githubusercontent.com/u/2634024?v=4&s=48" width="48" height="48" alt="jamesgroat" title="jamesgroat"/></a>
+  <a href="https://github.com/Hyaxia"><img src="https://avatars.githubusercontent.com/u/36747317?v=4&s=48" width="48" height="48" alt="Hyaxia" title="Hyaxia"/></a> <a href="https://github.com/dantelex"><img src="https://avatars.githubusercontent.com/u/631543?v=4&s=48" width="48" height="48" alt="dantelex" title="dantelex"/></a> <a href="https://github.com/daveonkels"><img src="https://avatars.githubusercontent.com/u/533642?v=4&s=48" width="48" height="48" alt="daveonkels" title="daveonkels"/></a> <a href="https://github.com/radek-paclt"><img src="https://avatars.githubusercontent.com/u/50451445?v=4&s=48" width="48" height="48" alt="radek-paclt" title="radek-paclt"/></a> <a href="https://github.com/mteam88"><img src="https://avatars.githubusercontent.com/u/84196639?v=4&s=48" width="48" height="48" alt="mteam88" title="mteam88"/></a> <a href="https://github.com/omniwired"><img src="https://avatars.githubusercontent.com/u/322761?v=4&s=48" width="48" height="48" alt="Eng. Juan Combetto" title="Eng. Juan Combetto"/></a> <a href="https://github.com/dbhurley"><img src="https://avatars.githubusercontent.com/u/5251425?v=4&s=48" width="48" height="48" alt="dbhurley" title="dbhurley"/></a> <a href="https://github.com/mbelinky"><img src="https://avatars.githubusercontent.com/u/132747814?v=4&s=48" width="48" height="48" alt="Mariano Belinky" title="Mariano Belinky"/></a> <a href="https://github.com/julianengel"><img src="https://avatars.githubusercontent.com/u/10634231?v=4&s=48" width="48" height="48" alt="julianengel" title="julianengel"/></a> <a href="https://github.com/benithors"><img src="https://avatars.githubusercontent.com/u/20652882?v=4&s=48" width="48" height="48" alt="benithors" title="benithors"/></a>
+  <a href="https://github.com/timolins"><img src="https://avatars.githubusercontent.com/u/1440854?v=4&s=48" width="48" height="48" alt="timolins" title="timolins"/></a> <a href="https://github.com/Nachx639"><img src="https://avatars.githubusercontent.com/u/71144023?v=4&s=48" width="48" height="48" alt="nachx639" title="nachx639"/></a> <a href="https://github.com/sreekaransrinath"><img src="https://avatars.githubusercontent.com/u/50989977?v=4&s=48" width="48" height="48" alt="sreekaransrinath" title="sreekaransrinath"/></a> <a href="https://github.com/gupsammy"><img src="https://avatars.githubusercontent.com/u/20296019?v=4&s=48" width="48" height="48" alt="gupsammy" title="gupsammy"/></a> <a href="https://github.com/cristip73"><img src="https://avatars.githubusercontent.com/u/24499421?v=4&s=48" width="48" height="48" alt="cristip73" title="cristip73"/></a> <a href="https://github.com/nachoiacovino"><img src="https://avatars.githubusercontent.com/u/50103937?v=4&s=48" width="48" height="48" alt="nachoiacovino" title="nachoiacovino"/></a> <a href="https://github.com/vsabavat"><img src="https://avatars.githubusercontent.com/u/50385532?v=4&s=48" width="48" height="48" alt="Vasanth Rao Naik Sabavat" title="Vasanth Rao Naik Sabavat"/></a> <a href="https://github.com/cpojer"><img src="https://avatars.githubusercontent.com/u/13352?v=4&s=48" width="48" height="48" alt="cpojer" title="cpojer"/></a> <a href="https://github.com/lc0rp"><img src="https://avatars.githubusercontent.com/u/2609441?v=4&s=48" width="48" height="48" alt="lc0rp" title="lc0rp"/></a> <a href="https://github.com/scald"><img src="https://avatars.githubusercontent.com/u/1215913?v=4&s=48" width="48" height="48" alt="scald" title="scald"/></a>
+  <a href="https://github.com/andranik-sahakyan"><img src="https://avatars.githubusercontent.com/u/8908029?v=4&s=48" width="48" height="48" alt="andranik-sahakyan" title="andranik-sahakyan"/></a> <a href="https://github.com/davidguttman"><img src="https://avatars.githubusercontent.com/u/431696?v=4&s=48" width="48" height="48" alt="davidguttman" title="davidguttman"/></a> <a href="https://github.com/sleontenko"><img src="https://avatars.githubusercontent.com/u/7135949?v=4&s=48" width="48" height="48" alt="sleontenko" title="sleontenko"/></a> <a href="https://github.com/sircrumpet"><img src="https://avatars.githubusercontent.com/u/4436535?v=4&s=48" width="48" height="48" alt="sircrumpet" title="sircrumpet"/></a> <a href="https://github.com/peschee"><img src="https://avatars.githubusercontent.com/u/63866?v=4&s=48" width="48" height="48" alt="peschee" title="peschee"/></a> <a href="https://github.com/rafaelreis-r"><img src="https://avatars.githubusercontent.com/u/57492577?v=4&s=48" width="48" height="48" alt="rafaelreis-r" title="rafaelreis-r"/></a> <a href="https://github.com/ratulsarna"><img src="https://avatars.githubusercontent.com/u/105903728?v=4&s=48" width="48" height="48" alt="ratulsarna" title="ratulsarna"/></a> <a href="https://github.com/thewilloftheshadow"><img src="https://avatars.githubusercontent.com/u/35580099?v=4&s=48" width="48" height="48" alt="thewilloftheshadow" title="thewilloftheshadow"/></a> <a href="https://github.com/lutr0"><img src="https://avatars.githubusercontent.com/u/76906369?v=4&s=48" width="48" height="48" alt="lutr0" title="lutr0"/></a> <a href="https://github.com/danielz1z"><img src="https://avatars.githubusercontent.com/u/235270390?v=4&s=48" width="48" height="48" alt="danielz1z" title="danielz1z"/></a>
+  <a href="https://github.com/gumadeiras"><img src="https://avatars.githubusercontent.com/u/5599352?v=4&s=48" width="48" height="48" alt="gumadeiras" title="gumadeiras"/></a> <a href="https://github.com/emanuelst"><img src="https://avatars.githubusercontent.com/u/9994339?v=4&s=48" width="48" height="48" alt="emanuelst" title="emanuelst"/></a> <a href="https://github.com/KristijanJovanovski"><img src="https://avatars.githubusercontent.com/u/8942284?v=4&s=48" width="48" height="48" alt="KristijanJovanovski" title="KristijanJovanovski"/></a> <a href="https://github.com/CashWilliams"><img src="https://avatars.githubusercontent.com/u/613573?v=4&s=48" width="48" height="48" alt="CashWilliams" title="CashWilliams"/></a> <a href="https://github.com/rdev"><img src="https://avatars.githubusercontent.com/u/8418866?v=4&s=48" width="48" height="48" alt="rdev" title="rdev"/></a> <a href="https://github.com/osolmaz"><img src="https://avatars.githubusercontent.com/u/2453968?v=4&s=48" width="48" height="48" alt="osolmaz" title="osolmaz"/></a> <a href="https://github.com/kiranjd"><img src="https://avatars.githubusercontent.com/u/25822851?v=4&s=48" width="48" height="48" alt="kiranjd" title="kiranjd"/></a> <a href="https://github.com/adityashaw2"><img src="https://avatars.githubusercontent.com/u/41204444?v=4&s=48" width="48" height="48" alt="adityashaw2" title="adityashaw2"/></a> <a href="https://github.com/sebslight"><img src="https://avatars.githubusercontent.com/u/19554889?v=4&s=48" width="48" height="48" alt="sebslight" title="sebslight"/></a> <a href="https://github.com/search?q=sheeek"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="sheeek" title="sheeek"/></a>
+  <a href="https://github.com/artuskg"><img src="https://avatars.githubusercontent.com/u/11966157?v=4&s=48" width="48" height="48" alt="artuskg" title="artuskg"/></a> <a href="https://github.com/onutc"><img src="https://avatars.githubusercontent.com/u/152018508?v=4&s=48" width="48" height="48" alt="onutc" title="onutc"/></a> <a href="https://github.com/ManuelHettich"><img src="https://avatars.githubusercontent.com/u/17690367?v=4&s=48" width="48" height="48" alt="manuelhettich" title="manuelhettich"/></a> <a href="https://github.com/minghinmatthewlam"><img src="https://avatars.githubusercontent.com/u/14224566?v=4&s=48" width="48" height="48" alt="minghinmatthewlam" title="minghinmatthewlam"/></a> <a href="https://github.com/myfunc"><img src="https://avatars.githubusercontent.com/u/19294627?v=4&s=48" width="48" height="48" alt="myfunc" title="myfunc"/></a> <a href="https://github.com/buddyh"><img src="https://avatars.githubusercontent.com/u/31752869?v=4&s=48" width="48" height="48" alt="buddyh" title="buddyh"/></a> <a href="https://github.com/connorshea"><img src="https://avatars.githubusercontent.com/u/2977353?v=4&s=48" width="48" height="48" alt="connorshea" title="connorshea"/></a> <a href="https://github.com/mcinteerj"><img src="https://avatars.githubusercontent.com/u/3613653?v=4&s=48" width="48" height="48" alt="mcinteerj" title="mcinteerj"/></a> <a href="https://github.com/timkrase"><img src="https://avatars.githubusercontent.com/u/38947626?v=4&s=48" width="48" height="48" alt="timkrase" title="timkrase"/></a> <a href="https://github.com/gerardward2007"><img src="https://avatars.githubusercontent.com/u/3002155?v=4&s=48" width="48" height="48" alt="gerardward2007" title="gerardward2007"/></a>
+  <a href="https://github.com/obviyus"><img src="https://avatars.githubusercontent.com/u/22031114?v=4&s=48" width="48" height="48" alt="obviyus" title="obviyus"/></a> <a href="https://github.com/tosh-hamburg"><img src="https://avatars.githubusercontent.com/u/58424326?v=4&s=48" width="48" height="48" alt="tosh-hamburg" title="tosh-hamburg"/></a> <a href="https://github.com/azade-c"><img src="https://avatars.githubusercontent.com/u/252790079?v=4&s=48" width="48" height="48" alt="azade-c" title="azade-c"/></a> <a href="https://github.com/roshanasingh4"><img src="https://avatars.githubusercontent.com/u/88576930?v=4&s=48" width="48" height="48" alt="roshanasingh4" title="roshanasingh4"/></a> <a href="https://github.com/bjesuiter"><img src="https://avatars.githubusercontent.com/u/2365676?v=4&s=48" width="48" height="48" alt="bjesuiter" title="bjesuiter"/></a> <a href="https://github.com/j1philli"><img src="https://avatars.githubusercontent.com/u/3744255?v=4&s=48" width="48" height="48" alt="Josh Phillips" title="Josh Phillips"/></a> <a href="https://github.com/YuriNachos"><img src="https://avatars.githubusercontent.com/u/19365375?v=4&s=48" width="48" height="48" alt="YuriNachos" title="YuriNachos"/></a> <a href="https://github.com/zerone0x"><img src="https://avatars.githubusercontent.com/u/39543393?v=4&s=48" width="48" height="48" alt="zerone0x" title="zerone0x"/></a> <a href="https://github.com/superman32432432"><img src="https://avatars.githubusercontent.com/u/7228420?v=4&s=48" width="48" height="48" alt="superman32432432" title="superman32432432"/></a> <a href="https://github.com/search?q=Yurii%20Chukhlib"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Yurii Chukhlib" title="Yurii Chukhlib"/></a>
+  <a href="https://github.com/antons"><img src="https://avatars.githubusercontent.com/u/129705?v=4&s=48" width="48" height="48" alt="antons" title="antons"/></a> <a href="https://github.com/austinm911"><img src="https://avatars.githubusercontent.com/u/31991302?v=4&s=48" width="48" height="48" alt="austinm911" title="austinm911"/></a> <a href="https://github.com/apps/blacksmith-sh"><img src="https://avatars.githubusercontent.com/in/807020?v=4&s=48" width="48" height="48" alt="blacksmith-sh[bot]" title="blacksmith-sh[bot]"/></a> <a href="https://github.com/dan-dr"><img src="https://avatars.githubusercontent.com/u/6669808?v=4&s=48" width="48" height="48" alt="dan-dr" title="dan-dr"/></a> <a href="https://github.com/grp06"><img src="https://avatars.githubusercontent.com/u/1573959?v=4&s=48" width="48" height="48" alt="grp06" title="grp06"/></a> <a href="https://github.com/HeimdallStrategy"><img src="https://avatars.githubusercontent.com/u/223014405?v=4&s=48" width="48" height="48" alt="HeimdallStrategy" title="HeimdallStrategy"/></a> <a href="https://github.com/imfing"><img src="https://avatars.githubusercontent.com/u/5097752?v=4&s=48" width="48" height="48" alt="imfing" title="imfing"/></a> <a href="https://github.com/jalehman"><img src="https://avatars.githubusercontent.com/u/550978?v=4&s=48" width="48" height="48" alt="jalehman" title="jalehman"/></a> <a href="https://github.com/jarvis-medmatic"><img src="https://avatars.githubusercontent.com/u/252428873?v=4&s=48" width="48" height="48" alt="jarvis-medmatic" title="jarvis-medmatic"/></a> <a href="https://github.com/kkarimi"><img src="https://avatars.githubusercontent.com/u/875218?v=4&s=48" width="48" height="48" alt="kkarimi" title="kkarimi"/></a>
+  <a href="https://github.com/mahmoudashraf93"><img src="https://avatars.githubusercontent.com/u/9130129?v=4&s=48" width="48" height="48" alt="mahmoudashraf93" title="mahmoudashraf93"/></a> <a href="https://github.com/petter-b"><img src="https://avatars.githubusercontent.com/u/62076402?v=4&s=48" width="48" height="48" alt="petter-b" title="petter-b"/></a> <a href="https://github.com/pkrmf"><img src="https://avatars.githubusercontent.com/u/1714267?v=4&s=48" width="48" height="48" alt="pkrmf" title="pkrmf"/></a> <a href="https://github.com/RandyVentures"><img src="https://avatars.githubusercontent.com/u/149904821?v=4&s=48" width="48" height="48" alt="RandyVentures" title="RandyVentures"/></a> <a href="https://github.com/erikpr1994"><img src="https://avatars.githubusercontent.com/u/6299331?v=4&s=48" width="48" height="48" alt="erikpr1994" title="erikpr1994"/></a> <a href="https://github.com/jonasjancarik"><img src="https://avatars.githubusercontent.com/u/2459191?v=4&s=48" width="48" height="48" alt="jonasjancarik" title="jonasjancarik"/></a> <a href="https://github.com/search?q=Keith%20the%20Silly%20Goose"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Keith the Silly Goose" title="Keith the Silly Goose"/></a> <a href="https://github.com/search?q=L36%20Server"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="L36 Server" title="L36 Server"/></a> <a href="https://github.com/search?q=Marc"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Marc" title="Marc"/></a> <a href="https://github.com/mitschabaude-bot"><img src="https://avatars.githubusercontent.com/u/247582884?v=4&s=48" width="48" height="48" alt="mitschabaude-bot" title="mitschabaude-bot"/></a>
+  <a href="https://github.com/neist"><img src="https://avatars.githubusercontent.com/u/1029724?v=4&s=48" width="48" height="48" alt="neist" title="neist"/></a> <a href="https://github.com/tyler6204"><img src="https://avatars.githubusercontent.com/u/64381258?v=4&s=48" width="48" height="48" alt="tyler6204" title="tyler6204"/></a> <a href="https://github.com/chrisrodz"><img src="https://avatars.githubusercontent.com/u/2967620?v=4&s=48" width="48" height="48" alt="chrisrodz" title="chrisrodz"/></a> <a href="https://github.com/search?q=Friederike%20Seiler"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Friederike Seiler" title="Friederike Seiler"/></a> <a href="https://github.com/gabriel-trigo"><img src="https://avatars.githubusercontent.com/u/38991125?v=4&s=48" width="48" height="48" alt="gabriel-trigo" title="gabriel-trigo"/></a> <a href="https://github.com/Iamadig"><img src="https://avatars.githubusercontent.com/u/102129234?v=4&s=48" width="48" height="48" alt="iamadig" title="iamadig"/></a> <a href="https://github.com/search?q=Kit"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Kit" title="Kit"/></a> <a href="https://github.com/koala73"><img src="https://avatars.githubusercontent.com/u/996596?v=4&s=48" width="48" height="48" alt="koala73" title="koala73"/></a> <a href="https://github.com/manmal"><img src="https://avatars.githubusercontent.com/u/142797?v=4&s=48" width="48" height="48" alt="manmal" title="manmal"/></a> <a href="https://github.com/ngutman"><img src="https://avatars.githubusercontent.com/u/1540134?v=4&s=48" width="48" height="48" alt="ngutman" title="ngutman"/></a>
+  <a href="https://github.com/ogulcancelik"><img src="https://avatars.githubusercontent.com/u/7064011?v=4&s=48" width="48" height="48" alt="ogulcancelik" title="ogulcancelik"/></a> <a href="https://github.com/pasogott"><img src="https://avatars.githubusercontent.com/u/23458152?v=4&s=48" width="48" height="48" alt="pasogott" title="pasogott"/></a> <a href="https://github.com/petradonka"><img src="https://avatars.githubusercontent.com/u/7353770?v=4&s=48" width="48" height="48" alt="petradonka" title="petradonka"/></a> <a href="https://github.com/rubyrunsstuff"><img src="https://avatars.githubusercontent.com/u/246602379?v=4&s=48" width="48" height="48" alt="rubyrunsstuff" title="rubyrunsstuff"/></a> <a href="https://github.com/VACInc"><img src="https://avatars.githubusercontent.com/u/3279061?v=4&s=48" width="48" height="48" alt="VACInc" title="VACInc"/></a> <a href="https://github.com/wes-davis"><img src="https://avatars.githubusercontent.com/u/16506720?v=4&s=48" width="48" height="48" alt="wes-davis" title="wes-davis"/></a> <a href="https://github.com/zats"><img src="https://avatars.githubusercontent.com/u/2688806?v=4&s=48" width="48" height="48" alt="zats" title="zats"/></a> <a href="https://github.com/search?q=Chris%20Taylor"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Chris Taylor" title="Chris Taylor"/></a> <a href="https://github.com/djangonavarro220"><img src="https://avatars.githubusercontent.com/u/251162586?v=4&s=48" width="48" height="48" alt="Django Navarro" title="Django Navarro"/></a> <a href="https://github.com/evalexpr"><img src="https://avatars.githubusercontent.com/u/23485511?v=4&s=48" width="48" height="48" alt="evalexpr" title="evalexpr"/></a>
+  <a href="https://github.com/henrino3"><img src="https://avatars.githubusercontent.com/u/4260288?v=4&s=48" width="48" height="48" alt="henrino3" title="henrino3"/></a> <a href="https://github.com/mkbehr"><img src="https://avatars.githubusercontent.com/u/1285?v=4&s=48" width="48" height="48" alt="mkbehr" title="mkbehr"/></a> <a href="https://github.com/oswalpalash"><img src="https://avatars.githubusercontent.com/u/6431196?v=4&s=48" width="48" height="48" alt="oswalpalash" title="oswalpalash"/></a> <a href="https://github.com/pcty-nextgen-service-account"><img src="https://avatars.githubusercontent.com/u/112553441?v=4&s=48" width="48" height="48" alt="pcty-nextgen-service-account" title="pcty-nextgen-service-account"/></a> <a href="https://github.com/Syhids"><img src="https://avatars.githubusercontent.com/u/671202?v=4&s=48" width="48" height="48" alt="Syhids" title="Syhids"/></a> <a href="https://github.com/search?q=Aaron%20Konyer"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Aaron Konyer" title="Aaron Konyer"/></a> <a href="https://github.com/adam91holt"><img src="https://avatars.githubusercontent.com/u/9592417?v=4&s=48" width="48" height="48" alt="adam91holt" title="adam91holt"/></a> <a href="https://github.com/erik-agens"><img src="https://avatars.githubusercontent.com/u/80908960?v=4&s=48" width="48" height="48" alt="erik-agens" title="erik-agens"/></a> <a href="https://github.com/fcatuhe"><img src="https://avatars.githubusercontent.com/u/17382215?v=4&s=48" width="48" height="48" alt="fcatuhe" title="fcatuhe"/></a> <a href="https://github.com/ivanrvpereira"><img src="https://avatars.githubusercontent.com/u/183991?v=4&s=48" width="48" height="48" alt="ivanrvpereira" title="ivanrvpereira"/></a>
+  <a href="https://github.com/jayhickey"><img src="https://avatars.githubusercontent.com/u/1676460?v=4&s=48" width="48" height="48" alt="jayhickey" title="jayhickey"/></a> <a href="https://github.com/jeffersonwarrior"><img src="https://avatars.githubusercontent.com/u/89030989?v=4&s=48" width="48" height="48" alt="jeffersonwarrior" title="jeffersonwarrior"/></a> <a href="https://github.com/search?q=jeffersonwarrior"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="jeffersonwarrior" title="jeffersonwarrior"/></a> <a href="https://github.com/jdrhyne"><img src="https://avatars.githubusercontent.com/u/7828464?v=4&s=48" width="48" height="48" alt="Jonathan D. Rhyne (DJ-D)" title="Jonathan D. Rhyne (DJ-D)"/></a> <a href="https://github.com/jverdi"><img src="https://avatars.githubusercontent.com/u/345050?v=4&s=48" width="48" height="48" alt="jverdi" title="jverdi"/></a> <a href="https://github.com/mickahouan"><img src="https://avatars.githubusercontent.com/u/31423109?v=4&s=48" width="48" height="48" alt="mickahouan" title="mickahouan"/></a> <a href="https://github.com/mjrussell"><img src="https://avatars.githubusercontent.com/u/1641895?v=4&s=48" width="48" height="48" alt="mjrussell" title="mjrussell"/></a> <a href="https://github.com/p6l-richard"><img src="https://avatars.githubusercontent.com/u/18185649?v=4&s=48" width="48" height="48" alt="p6l-richard" title="p6l-richard"/></a> <a href="https://github.com/philipp-spiess"><img src="https://avatars.githubusercontent.com/u/458591?v=4&s=48" width="48" height="48" alt="philipp-spiess" title="philipp-spiess"/></a> <a href="https://github.com/robaxelsen"><img src="https://avatars.githubusercontent.com/u/13132899?v=4&s=48" width="48" height="48" alt="robaxelsen" title="robaxelsen"/></a>
+  <a href="https://github.com/search?q=Sash%20Catanzarite"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Sash Catanzarite" title="Sash Catanzarite"/></a> <a href="https://github.com/sibbl"><img src="https://avatars.githubusercontent.com/u/866535?v=4&s=48" width="48" height="48" alt="sibbl" title="sibbl"/></a> <a href="https://github.com/search?q=VAC"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="VAC" title="VAC"/></a> <a href="https://github.com/zknicker"><img src="https://avatars.githubusercontent.com/u/1164085?v=4&s=48" width="48" height="48" alt="zknicker" title="zknicker"/></a> <a href="https://github.com/search?q=alejandro%20maza"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="alejandro maza" title="alejandro maza"/></a> <a href="https://github.com/andrewting19"><img src="https://avatars.githubusercontent.com/u/10536704?v=4&s=48" width="48" height="48" alt="andrewting19" title="andrewting19"/></a> <a href="https://github.com/Asleep123"><img src="https://avatars.githubusercontent.com/u/122379135?v=4&s=48" width="48" height="48" alt="Asleep123" title="Asleep123"/></a> <a href="https://github.com/bolismauro"><img src="https://avatars.githubusercontent.com/u/771999?v=4&s=48" width="48" height="48" alt="bolismauro" title="bolismauro"/></a> <a href="https://github.com/cash-echo-bot"><img src="https://avatars.githubusercontent.com/u/252747386?v=4&s=48" width="48" height="48" alt="cash-echo-bot" title="cash-echo-bot"/></a> <a href="https://github.com/search?q=Clawd"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Clawd" title="Clawd"/></a>
+  <a href="https://github.com/conhecendocontato"><img src="https://avatars.githubusercontent.com/u/82890727?v=4&s=48" width="48" height="48" alt="conhecendocontato" title="conhecendocontato"/></a> <a href="https://github.com/search?q=Dimitrios%20Ploutarchos"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Dimitrios Ploutarchos" title="Dimitrios Ploutarchos"/></a> <a href="https://github.com/search?q=Drake%20Thomsen"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Drake Thomsen" title="Drake Thomsen"/></a> <a href="https://github.com/gtsifrikas"><img src="https://avatars.githubusercontent.com/u/8904378?v=4&s=48" width="48" height="48" alt="gtsifrikas" title="gtsifrikas"/></a> <a href="https://github.com/HazAT"><img src="https://avatars.githubusercontent.com/u/363802?v=4&s=48" width="48" height="48" alt="HazAT" title="HazAT"/></a> <a href="https://github.com/hrdwdmrbl"><img src="https://avatars.githubusercontent.com/u/554881?v=4&s=48" width="48" height="48" alt="hrdwdmrbl" title="hrdwdmrbl"/></a> <a href="https://github.com/hugobarauna"><img src="https://avatars.githubusercontent.com/u/2719?v=4&s=48" width="48" height="48" alt="hugobarauna" title="hugobarauna"/></a> <a href="https://github.com/search?q=Jamie%20Openshaw"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jamie Openshaw" title="Jamie Openshaw"/></a> <a href="https://github.com/search?q=Jarvis"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jarvis" title="Jarvis"/></a> <a href="https://github.com/search?q=Jefferson%20Nunn"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Jefferson Nunn" title="Jefferson Nunn"/></a>
+  <a href="https://github.com/kitze"><img src="https://avatars.githubusercontent.com/u/1160594?v=4&s=48" width="48" height="48" alt="kitze" title="kitze"/></a> <a href="https://github.com/levifig"><img src="https://avatars.githubusercontent.com/u/1605?v=4&s=48" width="48" height="48" alt="levifig" title="levifig"/></a> <a href="https://github.com/search?q=Lloyd"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Lloyd" title="Lloyd"/></a> <a href="https://github.com/longmaba"><img src="https://avatars.githubusercontent.com/u/9361500?v=4&s=48" width="48" height="48" alt="longmaba" title="longmaba"/></a> <a href="https://github.com/loukotal"><img src="https://avatars.githubusercontent.com/u/18210858?v=4&s=48" width="48" height="48" alt="loukotal" title="loukotal"/></a> <a href="https://github.com/martinpucik"><img src="https://avatars.githubusercontent.com/u/5503097?v=4&s=48" width="48" height="48" alt="martinpucik" title="martinpucik"/></a> <a href="https://github.com/search?q=Miles"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Miles" title="Miles"/></a> <a href="https://github.com/mrdbstn"><img src="https://avatars.githubusercontent.com/u/58957632?v=4&s=48" width="48" height="48" alt="mrdbstn" title="mrdbstn"/></a> <a href="https://github.com/MSch"><img src="https://avatars.githubusercontent.com/u/7475?v=4&s=48" width="48" height="48" alt="MSch" title="MSch"/></a> <a href="https://github.com/search?q=Mustafa%20Tag%20Eldeen"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Mustafa Tag Eldeen" title="Mustafa Tag Eldeen"/></a>
+  <a href="https://github.com/ndraiman"><img src="https://avatars.githubusercontent.com/u/12609607?v=4&s=48" width="48" height="48" alt="ndraiman" title="ndraiman"/></a> <a href="https://github.com/nexty5870"><img src="https://avatars.githubusercontent.com/u/3869659?v=4&s=48" width="48" height="48" alt="nexty5870" title="nexty5870"/></a> <a href="https://github.com/prathamdby"><img src="https://avatars.githubusercontent.com/u/134331217?v=4&s=48" width="48" height="48" alt="prathamdby" title="prathamdby"/></a> <a href="https://github.com/reeltimeapps"><img src="https://avatars.githubusercontent.com/u/637338?v=4&s=48" width="48" height="48" alt="reeltimeapps" title="reeltimeapps"/></a> <a href="https://github.com/RLTCmpe"><img src="https://avatars.githubusercontent.com/u/10762242?v=4&s=48" width="48" height="48" alt="RLTCmpe" title="RLTCmpe"/></a> <a href="https://github.com/search?q=Rolf%20Fredheim"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Rolf Fredheim" title="Rolf Fredheim"/></a> <a href="https://github.com/search?q=Rony%20Kelner"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Rony Kelner" title="Rony Kelner"/></a> <a href="https://github.com/search?q=Samrat%20Jha"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Samrat Jha" title="Samrat Jha"/></a> <a href="https://github.com/siraht"><img src="https://avatars.githubusercontent.com/u/73152895?v=4&s=48" width="48" height="48" alt="siraht" title="siraht"/></a> <a href="https://github.com/snopoke"><img src="https://avatars.githubusercontent.com/u/249606?v=4&s=48" width="48" height="48" alt="snopoke" title="snopoke"/></a>
+  <a href="https://github.com/suminhthanh"><img src="https://avatars.githubusercontent.com/u/2907636?v=4&s=48" width="48" height="48" alt="suminhthanh" title="suminhthanh"/></a> <a href="https://github.com/search?q=The%20Admiral"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="The Admiral" title="The Admiral"/></a> <a href="https://github.com/thesash"><img src="https://avatars.githubusercontent.com/u/1166151?v=4&s=48" width="48" height="48" alt="thesash" title="thesash"/></a> <a href="https://github.com/search?q=Ubuntu"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Ubuntu" title="Ubuntu"/></a> <a href="https://github.com/voidserf"><img src="https://avatars.githubusercontent.com/u/477673?v=4&s=48" width="48" height="48" alt="voidserf" title="voidserf"/></a> <a href="https://github.com/wstock"><img src="https://avatars.githubusercontent.com/u/1394687?v=4&s=48" width="48" height="48" alt="wstock" title="wstock"/></a> <a href="https://github.com/search?q=Zach%20Knickerbocker"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Zach Knickerbocker" title="Zach Knickerbocker"/></a> <a href="https://github.com/Alphonse-arianee"><img src="https://avatars.githubusercontent.com/u/254457365?v=4&s=48" width="48" height="48" alt="Alphonse-arianee" title="Alphonse-arianee"/></a> <a href="https://github.com/search?q=Azade"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Azade" title="Azade"/></a> <a href="https://github.com/carlulsoe"><img src="https://avatars.githubusercontent.com/u/34673973?v=4&s=48" width="48" height="48" alt="carlulsoe" title="carlulsoe"/></a>
+  <a href="https://github.com/search?q=ddyo"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="ddyo" title="ddyo"/></a> <a href="https://github.com/search?q=Erik"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Erik" title="Erik"/></a> <a href="https://github.com/latitudeki5223"><img src="https://avatars.githubusercontent.com/u/119656367?v=4&s=48" width="48" height="48" alt="latitudeki5223" title="latitudeki5223"/></a> <a href="https://github.com/search?q=Manuel%20Maly"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Manuel Maly" title="Manuel Maly"/></a> <a href="https://github.com/search?q=Mourad%20Boustani"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Mourad Boustani" title="Mourad Boustani"/></a> <a href="https://github.com/pcty-nextgen-ios-builder"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="pcty-nextgen-ios-builder" title="pcty-nextgen-ios-builder"/></a> <a href="https://github.com/search?q=Quentin"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Quentin" title="Quentin"/></a> <a href="https://github.com/search?q=Randy%20Torres"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="Randy Torres" title="Randy Torres"/></a> <a href="https://github.com/rhjoh"><img src="https://avatars.githubusercontent.com/u/105699450?v=4&s=48" width="48" height="48" alt="rhjoh" title="rhjoh"/></a> <a href="https://github.com/ronak-guliani"><img src="https://avatars.githubusercontent.com/u/23518228?v=4&s=48" width="48" height="48" alt="ronak-guliani" title="ronak-guliani"/></a>
+  <a href="https://github.com/search?q=William%20Stock"><img src="assets/avatar-placeholder.svg" width="48" height="48" alt="William Stock" title="William Stock"/></a>
 </p>
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy
+
+If you believe you’ve found a security issue in Clawdbot, please report it privately.
+
+## Reporting
+
+- Email: `steipete@gmail.com`
+- What to include: reproduction steps, impact assessment, and (if possible) a minimal PoC.
+
+## Operational Guidance
+
+For threat model + hardening guidance (including `clawdbot security audit --deep` and `--fix`), see:
+
+- `https://docs.clawd.bot/gateway/security`
+
--- a/Swabble/Sources/SwabbleCore/Support/AttributedString+Sentences.swift
+++ b/Swabble/Sources/SwabbleCore/Support/AttributedString+Sentences.swift
@@ -34,8 +34,7 @@ extension AttributedString {
            var ranges: [Range<AttributedString.Index>] = []
            for wordRange in wordRanges {
                if let lastRange = ranges.last,
-                   self[lastRange].characters.count + self[wordRange].characters.count <= maxLength
-                {
+                   self[lastRange].characters.count + self[wordRange].characters.count <= maxLength {
                    ranges[ranges.count - 1] = lastRange.lowerBound..<wordRange.upperBound
                } else {
                    ranges.append(wordRange)
--- a/Swabble/Sources/SwabbleCore/Support/TranscriptsStore.swift
+++ b/Swabble/Sources/SwabbleCore/Support/TranscriptsStore.swift
@@ -13,8 +13,7 @@ public actor TranscriptsStore {
        try? FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true)
        fileURL = dir.appendingPathComponent("transcripts.log")
        if let data = try? Data(contentsOf: fileURL),
-           let text = String(data: data, encoding: .utf8)
-        {
+           let text = String(data: data, encoding: .utf8) {
            entries = text.split(separator: "\n").map(String.init).suffix(limit)
        }
    }
--- a/Swabble/Sources/SwabbleKit/WakeWordGate.swift
+++ b/Swabble/Sources/SwabbleKit/WakeWordGate.swift
@@ -24,8 +24,7 @@ public struct WakeWordGateConfig: Sendable, Equatable {
    public init(
        triggers: [String],
        minPostTriggerGap: TimeInterval = 0.45,
-        minCommandLength: Int = 1)
-    {
+        minCommandLength: Int = 1) {
        self.triggers = triggers
        self.minPostTriggerGap = minPostTriggerGap
        self.minCommandLength = minCommandLength
@@ -57,6 +56,12 @@ public enum WakeWordGate {
        let tokens: [String]
    }

+    private struct MatchCandidate {
+        let index: Int
+        let triggerEnd: TimeInterval
+        let gap: TimeInterval
+    }
+
    public static func match(
        transcript: String,
        segments: [WakeWordSegment],
@@ -68,7 +73,7 @@ public enum WakeWordGate {
        let tokens = normalizeSegments(segments)
        guard !tokens.isEmpty else { return nil }

-        var best: (index: Int, triggerEnd: TimeInterval, gap: TimeInterval)?
+        var best: MatchCandidate?

        for trigger in triggerTokens {
            let count = trigger.tokens.count
@@ -84,7 +89,7 @@ public enum WakeWordGate {

                if let best, i <= best.index { continue }

-                best = (i, triggerEnd, gap)
+                best = MatchCandidate(index: i, triggerEnd: triggerEnd, gap: gap)
            }
        }

--- a/Swabble/Sources/swabble/CLI/CLIRegistry.swift
+++ b/Swabble/Sources/swabble/CLI/CLIRegistry.swift
@@ -24,7 +24,7 @@ enum CLIRegistry {
            subcommands: [
                descriptor(for: ServiceInstall.self),
                descriptor(for: ServiceUninstall.self),
-                descriptor(for: ServiceStatus.self),
+                descriptor(for: ServiceStatus.self)
            ])
        let doctorDesc = descriptor(for: DoctorCommand.self)
        let setupDesc = descriptor(for: SetupCommand.self)
@@ -54,7 +54,7 @@ enum CLIRegistry {
                startDesc,
                stopDesc,
                restartDesc,
-                statusDesc,
+                statusDesc
            ])
        return [root]
    }
--- a/Swabble/Sources/swabble/Commands/ServiceCommands.swift
+++ b/Swabble/Sources/swabble/Commands/ServiceCommands.swift
@@ -25,7 +25,7 @@ private enum LaunchdHelper {
            "Label": label,
            "ProgramArguments": [executable, "serve"],
            "RunAtLoad": true,
-            "KeepAlive": true,
+            "KeepAlive": true
        ]
        let data = try PropertyListSerialization.data(fromPropertyList: plist, format: .xml, options: 0)
        try data.write(to: plistURL)
--- a/Swabble/Sources/swabble/main.swift
+++ b/Swabble/Sources/swabble/main.swift
@@ -25,78 +25,123 @@ private func dispatch(invocation: CommandInvocation) async throws {

    switch first {
    case "swabble":
-        guard path.count >= 2 else { throw CommanderProgramError.missingSubcommand(command: "swabble") }
-        let sub = path[1]
-        switch sub {
-        case "serve":
-            var cmd = ServeCommand(parsed: parsed)
-            try await cmd.run()
-        case "transcribe":
-            var cmd = TranscribeCommand(parsed: parsed)
-            try await cmd.run()
-        case "test-hook":
-            var cmd = TestHookCommand(parsed: parsed)
-            try await cmd.run()
-        case "mic":
-            guard path.count >= 3 else { throw CommanderProgramError.missingSubcommand(command: "mic") }
-            let micSub = path[2]
-            if micSub == "list" {
-                var cmd = MicList(parsed: parsed)
-                try await cmd.run()
-            } else if micSub == "set" {
-                var cmd = MicSet(parsed: parsed)
-                try await cmd.run()
-            } else {
-                throw CommanderProgramError.unknownSubcommand(command: "mic", name: micSub)
-            }
-        case "service":
-            guard path.count >= 3 else { throw CommanderProgramError.missingSubcommand(command: "service") }
-            let svcSub = path[2]
-            switch svcSub {
-            case "install":
-                var cmd = ServiceInstall()
-                try await cmd.run()
-            case "uninstall":
-                var cmd = ServiceUninstall()
-                try await cmd.run()
-            case "status":
-                var cmd = ServiceStatus()
-                try await cmd.run()
-            default:
-                throw CommanderProgramError.unknownSubcommand(command: "service", name: svcSub)
-            }
-        case "doctor":
-            var cmd = DoctorCommand(parsed: parsed)
-            try await cmd.run()
-        case "setup":
-            var cmd = SetupCommand(parsed: parsed)
-            try await cmd.run()
-        case "health":
-            var cmd = HealthCommand(parsed: parsed)
-            try await cmd.run()
-        case "tail-log":
-            var cmd = TailLogCommand(parsed: parsed)
-            try await cmd.run()
-        case "start":
-            var cmd = StartCommand()
-            try await cmd.run()
-        case "stop":
-            var cmd = StopCommand()
-            try await cmd.run()
-        case "restart":
-            var cmd = RestartCommand()
-            try await cmd.run()
-        case "status":
-            var cmd = StatusCommand()
-            try await cmd.run()
-        default:
-            throw CommanderProgramError.unknownSubcommand(command: "swabble", name: sub)
-        }
+        try await dispatchSwabble(parsed: parsed, path: path)
    default:
        throw CommanderProgramError.unknownCommand(first)
    }
 }

+@available(macOS 26.0, *)
+@MainActor
+private func dispatchSwabble(parsed: ParsedValues, path: [String]) async throws {
+    let sub = try subcommand(path, index: 1, command: "swabble")
+    switch sub {
+    case "mic":
+        try await dispatchMic(parsed: parsed, path: path)
+    case "service":
+        try await dispatchService(path: path)
+    default:
+        let handlers = swabbleHandlers(parsed: parsed)
+        guard let handler = handlers[sub] else {
+            throw CommanderProgramError.unknownSubcommand(command: "swabble", name: sub)
+        }
+        try await handler()
+    }
+}
+
+@available(macOS 26.0, *)
+@MainActor
+private func swabbleHandlers(parsed: ParsedValues) -> [String: () async throws -> Void] {
+    [
+        "serve": {
+            var cmd = ServeCommand(parsed: parsed)
+            try await cmd.run()
+        },
+        "transcribe": {
+            var cmd = TranscribeCommand(parsed: parsed)
+            try await cmd.run()
+        },
+        "test-hook": {
+            var cmd = TestHookCommand(parsed: parsed)
+            try await cmd.run()
+        },
+        "doctor": {
+            var cmd = DoctorCommand(parsed: parsed)
+            try await cmd.run()
+        },
+        "setup": {
+            var cmd = SetupCommand(parsed: parsed)
+            try await cmd.run()
+        },
+        "health": {
+            var cmd = HealthCommand(parsed: parsed)
+            try await cmd.run()
+        },
+        "tail-log": {
+            var cmd = TailLogCommand(parsed: parsed)
+            try await cmd.run()
+        },
+        "start": {
+            var cmd = StartCommand()
+            try await cmd.run()
+        },
+        "stop": {
+            var cmd = StopCommand()
+            try await cmd.run()
+        },
+        "restart": {
+            var cmd = RestartCommand()
+            try await cmd.run()
+        },
+        "status": {
+            var cmd = StatusCommand()
+            try await cmd.run()
+        }
+    ]
+}
+
+@available(macOS 26.0, *)
+@MainActor
+private func dispatchMic(parsed: ParsedValues, path: [String]) async throws {
+    let micSub = try subcommand(path, index: 2, command: "mic")
+    switch micSub {
+    case "list":
+        var cmd = MicList(parsed: parsed)
+        try await cmd.run()
+    case "set":
+        var cmd = MicSet(parsed: parsed)
+        try await cmd.run()
+    default:
+        throw CommanderProgramError.unknownSubcommand(command: "mic", name: micSub)
+    }
+}
+
+@available(macOS 26.0, *)
+@MainActor
+private func dispatchService(path: [String]) async throws {
+    let svcSub = try subcommand(path, index: 2, command: "service")
+    switch svcSub {
+    case "install":
+        var cmd = ServiceInstall()
+        try await cmd.run()
+    case "uninstall":
+        var cmd = ServiceUninstall()
+        try await cmd.run()
+    case "status":
+        var cmd = ServiceStatus()
+        try await cmd.run()
+    default:
+        throw CommanderProgramError.unknownSubcommand(command: "service", name: svcSub)
+    }
+}
+
+private func subcommand(_ path: [String], index: Int, command: String) throws -> String {
+    guard path.count > index else {
+        throw CommanderProgramError.missingSubcommand(command: command)
+    }
+    return path[index]
+}
+
 if #available(macOS 26.0, *) {
    let exitCode = await runCLI()
    exit(exitCode)
--- a/appcast.xml
+++ b/appcast.xml
@@ -1,55 +1,275 @@
 <?xml version="1.0" standalone="yes"?>
 <rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
    <channel>
-        <title>Clawdis</title>
+        <title>Clawdbot</title>
        <item>
-            <title>2026.1.5-3</title>
-            <pubDate>Mon, 05 Jan 2026 04:30:46 +0100</pubDate>
+            <title>2026.1.16-2</title>
+            <pubDate>Sat, 17 Jan 2026 12:46:22 +0000</pubDate>
            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
-            <sparkle:version>3095</sparkle:version>
-            <sparkle:shortVersionString>2026.1.5-3</sparkle:shortVersionString>
+            <sparkle:version>6273</sparkle:version>
+            <sparkle:shortVersionString>2026.1.16-2</sparkle:shortVersionString>
            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>Clawdbot 2026.1.5-3</h2>
-<h3>Fixes</h3>
+            <description><![CDATA[<h2>Clawdbot 2026.1.16-2</h2>
+<h3>Changes</h3>
 <ul>
-<li>NPM package: include missing runtime dist folders (slack/signal/imessage/tui/wizard/control-ui/daemon) to avoid <code>ERR_MODULE_NOT_FOUND</code> in Node 25 npx installs.</li>
+<li>CLI: stamp build commit into dist metadata so banners show the commit in npm installs.</li>
 </ul>
 <p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
 ]]></description>
-            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.5-3/Clawdbot-2026.1.5-3.zip" length="160800596" type="application/octet-stream" sparkle:edSignature="P8U3nvIFpbGmRItT/NGPmJ/i370OMVvDHYQL/znYsLI0MrbGfXgMGEvR5A0uwW+cJevlX/hrJLiY51zo4rAMBg=="/>
+            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.16-2/Clawdbot-2026.1.16-2.zip" length="21399591" type="application/octet-stream" sparkle:edSignature="zelT+KzN32cXsihbFniPF5Heq0hkwFfL3Agrh/AaoKUkr7kJAFarkGSOZRTWZ9y+DvOluzn2wHHjVigRjMzrBA=="/>
        </item>
        <item>
-            <title>2026.1.5-3</title>
-            <pubDate>Mon, 05 Jan 2026 03:57:59 +0100</pubDate>
+            <title>2026.1.15</title>
+            <pubDate>Fri, 16 Jan 2026 10:31:53 +0000</pubDate>
            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
-            <sparkle:version>3091</sparkle:version>
-            <sparkle:shortVersionString>2026.1.5-3</sparkle:shortVersionString>
+            <sparkle:version>5998</sparkle:version>
+            <sparkle:shortVersionString>2026.1.15</sparkle:shortVersionString>
            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>Clawdbot 2026.1.5-3</h2>
+            <description><![CDATA[<h2>Clawdbot 2026.1.15</h2>
+<h3>Highlights</h3>
+<ul>
+<li>Plugins: add provider auth registry + <code>clawdbot models auth login</code> for plugin-driven OAuth/API key flows.</li>
+<li>Browser: improve remote CDP/Browserless support (auth passthrough, <code>wss</code> upgrade, timeouts, clearer errors).</li>
+<li>Heartbeat: per-agent configuration + 24h duplicate suppression. (#980) — thanks @voidserf.</li>
+<li>Security: audit warns on weak model tiers; app nodes store auth tokens encrypted (Keychain/SecurePrefs).</li>
+</ul>
+<h3>Breaking</h3>
+<ul>
+<li><strong>BREAKING:</strong> iOS minimum version is now 18.0 to support Textual markdown rendering in native chat. (#702)</li>
+<li><strong>BREAKING:</strong> Microsoft Teams is now a plugin; install <code>@clawdbot/msteams</code> via <code>clawdbot plugins install @clawdbot/msteams</code>.</li>
+</ul>
+<h3>Changes</h3>
+<ul>
+<li>CLI: set process titles to <code>clawdbot-<command></code> for clearer process listings.</li>
+<li>CLI/macOS: sync remote SSH target/identity to config and let <code>gateway status</code> auto-infer SSH targets (ssh-config aware).</li>
+<li>Heartbeat: tighten prompt guidance + suppress duplicate alerts for 24h. (#980) — thanks @voidserf.</li>
+<li>Sessions/Security: add <code>session.dmScope</code> for multi-user DM isolation and audit warnings. (#948) — thanks @Alphonse-arianee.</li>
+<li>Plugins: add provider auth registry + <code>clawdbot models auth login</code> for plugin-driven OAuth/API key flows.</li>
+<li>Onboarding: switch channels setup to a single-select loop with per-channel actions and disabled hints in the picker.</li>
+<li>TUI: show provider/model labels for the active session and default model.</li>
+<li>Heartbeat: add per-agent heartbeat configuration and multi-agent docs example.</li>
+<li>UI: show gateway auth guidance + doc link on unauthorized Control UI connections.</li>
+<li>Security: warn on weak model tiers (Haiku, below GPT-5, below Claude 4.5) in <code>clawdbot security audit</code>.</li>
+<li>Apps: store node auth tokens encrypted (Keychain/SecurePrefs).</li>
+<li>Daemon: share profile/state-dir resolution across service helpers and honor <code>CLAWDBOT_STATE_DIR</code> for Windows task scripts.</li>
+<li>Docs: clarify multi-gateway rescue bot guidance. (#969) — thanks @bjesuiter.</li>
+<li>Agents: add Current Date & Time system prompt section with configurable time format (auto/12/24).</li>
+<li>Tools: normalize Slack/Discord message timestamps with <code>timestampMs</code>/<code>timestampUtc</code> while keeping raw provider fields.</li>
+<li>macOS: add <code>system.which</code> for prompt-free remote skill discovery (with gateway fallback to <code>system.run</code>).</li>
+<li>Docs: add Date & Time guide and update prompt/timezone configuration docs.</li>
+<li>Messages: debounce rapid inbound messages across channels with per-connector overrides. (#971) — thanks @juanpablodlc.</li>
+<li>Messages: allow media-only sends (CLI/tool) and show Telegram voice recording status for voice notes. (#957) — thanks @rdev.</li>
+<li>Auth/Status: keep auth profiles sticky per session (rotate on compaction/new), surface provider usage headers in <code>/status</code> and <code>clawdbot models status</code>, and update docs.</li>
+<li>CLI: add <code>--json</code> output for <code>clawdbot daemon</code> lifecycle/install commands.</li>
+<li>Memory: make <code>node-llama-cpp</code> an optional dependency (avoid Node 25 install failures) and improve local-embeddings fallback/errors.</li>
+<li>Browser: add <code>snapshot refs=aria</code> (Playwright aria-ref ids) for self-resolving refs across <code>snapshot</code> → <code>act</code>.</li>
+<li>Browser: <code>profile="chrome"</code> now defaults to host control and returns clearer “attach a tab” errors.</li>
+<li>Browser: prefer stable Chrome for auto-detect, with Brave/Edge fallbacks and updated docs. (#983) — thanks @cpojer.</li>
+<li>Browser: increase remote CDP reachability timeouts + add <code>remoteCdpTimeoutMs</code>/<code>remoteCdpHandshakeTimeoutMs</code>.</li>
+<li>Browser: preserve auth/query tokens for remote CDP endpoints and pass Basic auth for CDP HTTP/WS. (#895) — thanks @mukhtharcm.</li>
+<li>Telegram: add bidirectional reaction support with configurable notifications and agent guidance. (#964) — thanks @bohdanpodvirnyi.</li>
+<li>Telegram: allow custom commands in the bot menu (merged with native; conflicts ignored). (#860) — thanks @nachoiacovino.</li>
+<li>Discord: allow allowlisted guilds without channel lists to receive messages when <code>groupPolicy="allowlist"</code>. — thanks @thewilloftheshadow.</li>
+<li>Discord: allow emoji/sticker uploads + channel actions in config defaults. (#870) — thanks @JDIVE.</li>
+</ul>
 <h3>Fixes</h3>
 <ul>
-<li>NPM package: include missing runtime dist folders (slack/signal/imessage/tui/wizard/control-ui/daemon) to avoid <code>ERR_MODULE_NOT_FOUND</code> in Node 25 npx installs.</li>
+<li>Fix: list model picker entries as provider/model pairs for explicit selection. (#970) — thanks @mcinteerj.</li>
+<li>Fix: align OpenAI image-gen defaults with DALL-E 3 standard quality and document output formats. (#880) — thanks @mkbehr.</li>
+<li>Fix: persist <code>gateway.mode=local</code> after selecting Local run mode in <code>clawdbot configure</code>, even if no other sections are chosen.</li>
+<li>Daemon: fix profile-aware service label resolution (env-driven) and add coverage for launchd/systemd/schtasks. (#969) — thanks @bjesuiter.</li>
+<li>Agents: avoid false positives when logging unsupported Google tool schema keywords.</li>
+<li>Agents: skip Gemini history downgrades for google-antigravity to preserve tool calls. (#894) — thanks @mukhtharcm.</li>
+<li>Status: restore usage summary line for current provider when no OAuth profiles exist.</li>
+<li>Fix: guard model fallback against undefined provider/model values. (#954) — thanks @roshanasingh4.</li>
+<li>Fix: refactor session store updates, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.</li>
+<li>Fix: clean up suspended CLI processes across backends. (#978) — thanks @Nachx639.</li>
+<li>Fix: support MiniMax coding plan usage responses with <code>model_remains</code>/<code>current_interval_*</code> payloads.</li>
+<li>Fix: suppress WhatsApp pairing replies for historical catch-up DMs on initial link. (#904)</li>
+<li>Browser: extension mode recovers when only one tab is attached (stale targetId fallback).</li>
+<li>Browser: fix <code>tab not found</code> for extension relay snapshots/actions when Playwright blocks <code>newCDPSession</code> (use the single available Page).</li>
+<li>Browser: upgrade <code>ws</code> → <code>wss</code> when remote CDP uses <code>https</code> (fixes Browserless handshake).</li>
+<li>Telegram: skip <code>message_thread_id=1</code> for General topic sends while keeping typing indicators. (#848) — thanks @azade-c.</li>
+<li>Fix: sanitize user-facing error text + strip <code><final></code> tags across reply pipelines. (#975) — thanks @ThomsenDrake.</li>
+<li>Fix: normalize pairing CLI aliases, allow extension channels, and harden Zalo webhook payload parsing. (#991) — thanks @longmaba.</li>
+<li>Fix: allow local Tailscale Serve hostnames without treating tailnet clients as direct. (#885) — thanks @oswalpalash.</li>
+<li>Fix: reset sessions after role-ordering conflicts to recover from consecutive user turns. (#998)</li>
 </ul>
 <p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
 ]]></description>
-            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.5-3/Clawdbot-2026.1.5-3.zip" length="160797048" type="application/octet-stream" sparkle:edSignature="5KYFg0SW7liwLxLJbfzd2KsAxbX06gMH0rH/W3a4V0p4N48hjz4AsSrfFLdGZSnW+6XaJjC3MN6Ynh+l7kffDQ=="/>
+            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.15/Clawdbot-2026.1.15.zip" length="12127276" type="application/octet-stream" sparkle:edSignature="o79vwTbtW/d91NQFRVfUDhsv6D4zIw7IkhY0N1iLImMu94BURgLcecA6z7Smy3bMobPwOyzN8yfm6mA/Rt8FCA=="/>
        </item>
        <item>
-            <title>2026.1.5-2</title>
-            <pubDate>Mon, 05 Jan 2026 03:51:30 +0100</pubDate>
+            <title>2026.1.14-1</title>
+            <pubDate>Thu, 15 Jan 2026 11:14:40 +0000</pubDate>
            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
-            <sparkle:version>3089</sparkle:version>
-            <sparkle:shortVersionString>2026.1.5-2</sparkle:shortVersionString>
+            <sparkle:version>5825</sparkle:version>
+            <sparkle:shortVersionString>2026.1.14-1</sparkle:shortVersionString>
            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>Clawdbot 2026.1.5-2</h2>
-<h3>Fixes</h3>
+            <description><![CDATA[<h2>Clawdbot 2026.1.14-1</h2>
+<h3>Highlights</h3>
 <ul>
-<li>NPM package: include <code>dist/sessions</code> so <code>clawdbot agent</code> resolves session helpers in npx installs.</li>
-<li>Node 25: avoid unsupported directory import by targeting <code>qrcode-terminal/vendor/QRCode/*.js</code> modules.</li>
+<li>Web search: <code>web_search</code>/<code>web_fetch</code> tools (Brave API) + first-time setup in onboarding/configure.</li>
+<li>Browser control: Chrome extension relay takeover mode + remote browser control via <code>clawdbot browser serve</code>.</li>
+<li>Plugins: channel plugins (gateway HTTP hooks) + Zalo plugin + onboarding install flow. (#854) — thanks @longmaba.</li>
+<li>Security: expanded <code>clawdbot security audit</code> (+ <code>--fix</code>), detect-secrets CI scan, and a <code>SECURITY.md</code> reporting policy.</li>
+</ul>
+<h3>Changes</h3>
+<h4>Web Tools</h4>
+<ul>
+<li>Tools: add <code>web_search</code>/<code>web_fetch</code> (Brave API), including helpful setup hints when the key is missing.</li>
+<li>Tools: enable <code>web_fetch</code> by default (unless explicitly disabled in config).</li>
+<li>CLI/Docs: add <code>clawdbot configure --section web</code> for storing Brave API keys and update onboarding tips.</li>
+</ul>
+<h4>Browser / Control UI</h4>
+<ul>
+<li>Browser: add Chrome extension relay takeover mode (toolbar button) + <code>clawdbot browser serve</code> remote control + <code>browser.controlToken</code>.</li>
+<li>Browser: ship a built-in <code>chrome</code> profile for extension relay and start the relay automatically when running locally.</li>
+<li>Browser: default <code>browser.defaultProfile</code> to <code>chrome</code> (existing Chrome takeover mode).</li>
+<li>Browser: add <code>clawdbot browser extension install/path</code> and copy extension path to clipboard.</li>
+<li>Browser: add <code>snapshot refs=aria</code> (Playwright aria-ref ids) for self-resolving refs across <code>snapshot</code> → <code>act</code>.</li>
+<li>Browser: <code>profile="chrome"</code> now defaults to host control and returns clearer “attach a tab” errors.</li>
+<li>Browser: extension mode recovers when only one tab is attached (stale targetId fallback).</li>
+<li>Control UI: show raw any-map entries in config views; move Docs link into the left nav.</li>
+</ul>
+<h4>Plugins</h4>
+<ul>
+<li>Plugins: add plugin HTTP hooks + loader updates to support channel plugins. (#854) — thanks @longmaba.</li>
+<li>Plugins: add onboarding plugin install flow. (#854) — thanks @longmaba.</li>
+<li>Channels: add Matrix plugin (external) with docs + onboarding hooks.</li>
+<li>Voice Call: add Plivo provider (no SDK dependency). (#846) — thanks @vrknetha.</li>
+</ul>
+<h4>Security</h4>
+<ul>
+<li>Security: expand <code>clawdbot security audit</code> checks and publish a <code>SECURITY.md</code> reporting policy.</li>
+<li>Security: extend <code>clawdbot security audit --fix</code> to tighten more sensitive state paths.</li>
+<li>Security: add detect-secrets CI scan and baseline guidance. (#227) — thanks @Hyaxia.</li>
+</ul>
+<h4>Onboarding / Daemon</h4>
+<ul>
+<li>Onboarding: add a security checkpoint prompt (docs link + sandboxing hint); require <code>--accept-risk</code> for <code>--non-interactive</code>.</li>
+<li>Daemon: support profile-aware service names for multi-gateway setups. (#671) — thanks @bjesuiter.</li>
+</ul>
+<h4>Auth / Usage / Config</h4>
+<ul>
+<li>Usage: add MiniMax coding plan usage tracking.</li>
+<li>Auth: label Claude Code CLI auth options. (#915) — thanks @SeanZoR.</li>
+<li>Agents: add optional auth-profile copy prompt on <code>agents add</code> and improve auth error messaging.</li>
+<li>Auth: add dynamic template variables to <code>messages.responsePrefix</code>. (#928) — thanks @sebslight.</li>
+<li>Config: add <code>channels.<provider>.configWrites</code> gating for channel-initiated config writes; migrate Slack channel IDs.</li>
+</ul>
+<h4>Channels</h4>
+<ul>
+<li>Telegram: add message delete action in the message tool. (#903) — thanks @sleontenko.</li>
+<li>WhatsApp: add <code>channels.whatsapp.sendReadReceipts</code> to disable auto read receipts. (#882) — thanks @chrisrodz.</li>
+</ul>
+<h4>Docs</h4>
+<ul>
+<li>Docs: clarify per-agent auth stores, sandboxed skill binaries, and elevated semantics.</li>
+<li>Docs: add FAQ entries for missing provider auth after adding agents and Gemini thinking signature errors.</li>
+<li>Docs: expand gateway security hardening guidance and incident response checklist.</li>
+<li>Docs: document DM history limits for channel DMs. (#883) — thanks @pkrmf.</li>
+<li>Docs: standardize Claude Code CLI naming across docs and prompts. (follow-up to #915)</li>
+<li>Docs: add per-command CLI doc pages and link them from <code>clawdbot <command> --help</code>.</li>
+<li>Docs: add multi-gateway guide (sidebar + nav).</li>
+</ul>
+<h3>Fixes</h3>
+<h4>Gateway / Daemon / Sessions</h4>
+<ul>
+<li>Gateway: forward termination signals to respawned CLI child processes to avoid orphaned systemd runs. (#933) — thanks @roshanasingh4.</li>
+<li>Gateway/UI: ship session defaults in the hello snapshot so the Control UI canonicalizes main session keys (no bare <code>main</code> alias).</li>
+<li>Agents: skip thinking/final tag stripping inside Markdown code spans. (#939) — thanks @ngutman.</li>
+<li>Browser: add tests for snapshot labels/efficient query params and labeled image responses.</li>
+<li>Browser: persist role snapshot refs per CDP target so <code>snapshot</code> → <code>act</code> clicks work even if Playwright returns a different Page instance.</li>
+<li>macOS: ensure launchd log directory exists with a test-only override. (#909) — thanks @roshanasingh4.</li>
+<li>macOS: format ConnectionsStore config to satisfy SwiftFormat lint. (#852) — thanks @mneves75.</li>
+<li>Packaging: run <code>pnpm build</code> on <code>prepack</code> so npm publishes include fresh <code>dist/</code> output.</li>
+<li>Telegram: register dock native commands with underscores to avoid <code>BOT_COMMAND_INVALID</code> (#929, fixes #901) — thanks @grp06.</li>
+<li>Google: downgrade unsigned thinking blocks before send to avoid missing signature errors.</li>
+<li>Agents: make user time zone and 24-hour time explicit in the system prompt. (#859) — thanks @CashWilliams.</li>
+<li>Agents: strip downgraded tool call text without eating adjacent replies and filter thinking-tag leaks. (#905) — thanks @erikpr1994.</li>
+<li>Agents: cap tool call IDs for OpenAI/OpenRouter to avoid request rejections. (#875) — thanks @j1philli.</li>
+<li>Doctor: avoid re-adding WhatsApp config when only legacy ack reactions are set. (#927, fixes #900) — thanks @grp06.</li>
+<li>Agents: scrub tuple <code>items</code> schemas for Gemini tool calls. (#926, fixes #746) — thanks @grp06.</li>
+<li>Agents: stabilize sub-agent announce status from runtime outcomes and normalize Result/Notes. (#835) — thanks @roshanasingh4.</li>
+<li>Apps: use canonical main session keys from gateway defaults across macOS/iOS/Android to avoid creating bare <code>main</code> sessions.</li>
+<li>Embedded runner: suppress raw API error payloads from replies. (#924) — thanks @grp06.</li>
+<li>Auth: normalize Claude Code CLI profile mode to oauth and auto-migrate config. (#855) — thanks @sebslight.</li>
+<li>Daemon: clear persisted launchd disabled state before bootstrap (fixes <code>daemon install</code> after uninstall). (#849) — thanks @ndraiman.</li>
+<li>Sessions: return deep clones (<code>structuredClone</code>) so cached session entries can't be mutated. (#934) — thanks @ronak-guliani.</li>
+<li>Heartbeat: keep <code>updatedAt</code> monotonic when restoring heartbeat sessions. (#934) — thanks @ronak-guliani.</li>
+<li>Agent: clear run context after CLI runs (<code>clearAgentRunContext</code>) to avoid runaway contexts. (#934) — thanks @ronak-guliani.</li>
+<li>Gateway/Dev: ensure <code>pnpm gateway:dev</code> always uses the dev profile config + state (<code>~/.clawdbot-dev</code>).</li>
+</ul>
+<h4>CLI / Onboarding</h4>
+<ul>
+<li>Onboarding: show web search setup at the end (not the beginning).</li>
+<li>Onboarding: show daemon install/restart progress (avoid “blinking cursor”) and fix daemon install output formatting.</li>
+<li>Health: colorize “not configured” provider lines for easier scanning.</li>
+</ul>
+<h4>Control UI / TUI</h4>
+<ul>
+<li>Control UI: load cron run history on job selection and clarify empty-state messaging. (#866)</li>
+<li>UI: use application-defined WebSocket close code and fix dashboard auth query items. (#918) — thanks @rahthakor.</li>
+<li>UI: always apply <code>?token=</code> from URL (fixes unauthorized after re-onboard).</li>
+<li>Browser: add tests for snapshot labels/efficient query params and labeled image responses.</li>
+<li>TUI: render picker overlays via the overlay stack so /models and /settings display. (#921) — thanks @grizzdank.</li>
+<li>TUI: add a bright spinner + elapsed time in the status line for send/stream/run states.</li>
+<li>TUI: show LLM error messages (rate limits, auth, etc.) instead of <code>(no output)</code>.</li>
+</ul>
+<h4>Agents / Auth / Tools / Sandbox</h4>
+<ul>
+<li>Agents: make user time zone and 24-hour time explicit in the system prompt. (#859) — thanks @CashWilliams.</li>
+<li>Agents: strip downgraded tool call text without eating adjacent replies and filter thinking-tag leaks. (#905) — thanks @erikpr1994.</li>
+<li>Agents: cap tool call IDs for OpenAI/OpenRouter to avoid request rejections. (#875) — thanks @j1philli.</li>
+<li>Agents: scrub tuple <code>items</code> schemas for Gemini tool calls. (#926, fixes #746) — thanks @grp06.</li>
+<li>Agents: stabilize sub-agent announce status from runtime outcomes and normalize Result/Notes. (#835) — thanks @roshanasingh4.</li>
+<li>Auth: normalize Claude Code CLI profile mode to oauth and auto-migrate config. (#855) — thanks @sebslight.</li>
+<li>Embedded runner: suppress raw API error payloads from replies. (#924) — thanks @grp06.</li>
+<li>Logging: tolerate <code>EIO</code> from console writes to avoid gateway crashes. (#925, fixes #878) — thanks @grp06.</li>
+<li>Sandbox: restore <code>docker.binds</code> config validation and preserve configured PATH for <code>docker exec</code>. (#873) — thanks @akonyer.</li>
+<li>Google: downgrade unsigned thinking blocks before send to avoid missing signature errors.</li>
+</ul>
+<h4>macOS / Apps</h4>
+<ul>
+<li>macOS: ensure launchd log directory exists with a test-only override. (#909) — thanks @roshanasingh4.</li>
+<li>macOS: format ConnectionsStore config to satisfy SwiftFormat lint. (#852) — thanks @mneves75.</li>
+<li>macOS: pass auth token/password to dashboard URL for authenticated access. (#918) — thanks @rahthakor.</li>
+<li>macOS: reuse launchd gateway auth and skip wizard when gateway config already exists. (#917)</li>
+<li>Apps: use canonical main session keys from gateway defaults across macOS/iOS/Android to avoid creating bare <code>main</code> sessions.</li>
+<li>macOS: fix cron preview/testing payload to use <code>channel</code> key. (#867) — thanks @wes-davis.</li>
+<li>macOS: update cron testing channel arg. (#896) — thanks @ngutman.</li>
+</ul>
+<h4>Channels / Messaging</h4>
+<ul>
+<li>Slack: isolate thread history and avoid inheriting channel transcripts for new threads by default. (#758)</li>
+<li>Slack: respect <code>channels.slack.requireMention</code> default when resolving channel mention gating. (#850) — thanks @evalexpr.</li>
+<li>Slack: drop Socket Mode events with mismatched <code>api_app_id</code>/<code>team_id</code>. (#889) — thanks @roshanasingh4.</li>
+<li>Commands: add native command argument menus across Discord/Slack/Telegram. (#936) — thanks @thewilloftheshadow.</li>
+<li>Discord: isolate autoThread thread context. (#856) — thanks @davidguttman.</li>
+<li>Telegram: honor <code>channels.telegram.timeoutSeconds</code> for grammY API requests. (#863) — thanks @Snaver.</li>
+<li>Telegram: aggregate split inbound messages into one prompt (reduces “one reply per fragment”).</li>
+<li>Telegram: let control commands bypass per-chat sequentialization; always allow abort triggers.</li>
+<li>Telegram: split long captions into media + follow-up text messages. (#907) — thanks @jalehman.</li>
+<li>Telegram: migrate group config when supergroups change chat IDs. (#906) — thanks @sleontenko.</li>
+<li>Telegram: register dock native commands with underscores to avoid <code>BOT_COMMAND_INVALID</code> (#929, fixes #901) — thanks @grp06.</li>
+<li>Messaging: unify markdown formatting + format-first chunking for Slack/Telegram/Signal. (#920) — thanks @TheSethRose.</li>
+<li>iMessage: prefer handle routing for direct-message replies; include imsg RPC error details. (#935)</li>
+<li>WhatsApp: fix context isolation using wrong ID (was bot's number, now conversation ID). (#911) — thanks @tristanmanchester.</li>
+<li>WhatsApp: normalize user JIDs with device suffix for allowlist checks in groups. (#838) — thanks @peschee.</li>
+<li>WhatsApp: harden owner command auth.</li>
+<li>Auto-reply: treat trailing <code>NO_REPLY</code> tokens as silent replies.</li>
+</ul>
+<h4>Config / Doctor / Packaging</h4>
+<ul>
+<li>Config: prevent partial config writes from clobbering unrelated settings (base hash guard + merge patch for connection saves).</li>
+<li>Config/Doctor: remove legacy Clawdis env fallbacks and config/service migrations (Clawdbot-only).</li>
+<li>Doctor: avoid re-adding WhatsApp config when only legacy ack reactions are set. (#927, fixes #900) — thanks @grp06.</li>
+<li>Packaging: run <code>pnpm build</code> on <code>prepack</code> so npm publishes include fresh <code>dist/</code> output.</li>
 </ul>
 <p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
 ]]></description>
-            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.5-2/Clawdbot-2026.1.5-2.zip" length="150250417" type="application/octet-stream" sparkle:edSignature="ntHNmwyHrv6cPk6NAKOT3AUkwdt5ZadrGU6mJK4GmVxi44uIMT3ZXluvnqK9SxXQwA0H0dXjiGMS/cg8NbgqDA=="/>
+            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.14-1/Clawdbot-2026.1.14-1.zip" length="19887144" type="application/octet-stream" sparkle:edSignature="1irKxBLt2eRtns34m/8JsjL/ZzhZQNjahwrxtArTvzaCnidS/MEnpD4nV2SHnhuo8g+fJZQpV9NoCAoEOAinCw=="/>
        </item>
    </channel>
 </rss>
--- a/apps/android/app/build.gradle.kts
+++ b/apps/android/app/build.gradle.kts
@@ -21,8 +21,8 @@ android {
    applicationId = "com.clawdbot.android"
    minSdk = 31
    targetSdk = 36
-    versionCode = 20260109
-    versionName = "2026.1.9"
+    versionCode = 202601114
+    versionName = "2026.1.11-4"
  }

  buildTypes {
@@ -49,6 +49,7 @@ android {

  lint {
    disable += setOf("IconLauncherShape")
+    warningsAsErrors = true
  }

  testOptions {
@@ -72,6 +73,7 @@ androidComponents {
 kotlin {
  compilerOptions {
    jvmTarget.set(org.jetbrains.kotlin.gradle.dsl.JvmTarget.JVM_17)
+    allWarningsAsErrors.set(true)
  }
 }

@@ -100,6 +102,7 @@ dependencies {
  implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.9.0")

  implementation("androidx.security:security-crypto:1.1.0")
+  implementation("androidx.exifinterface:exifinterface:1.4.2")

  // CameraX (for node.invoke camera.* parity)
  implementation("androidx.camera:camera-core:1.5.2")
@@ -116,7 +119,7 @@ dependencies {
  testImplementation("io.kotest:kotest-runner-junit5-jvm:6.0.7")
  testImplementation("io.kotest:kotest-assertions-core-jvm:6.0.7")
  testImplementation("org.robolectric:robolectric:4.16")
-  testRuntimeOnly("org.junit.vintage:junit-vintage-engine:6.0.1")
+  testRuntimeOnly("org.junit.vintage:junit-vintage-engine:6.0.2")
 }

 tasks.withType<Test>().configureEach {
--- a/apps/android/app/src/main/java/com/clawdbot/android/MainViewModel.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/MainViewModel.kt
@@ -27,6 +27,7 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
  val remoteAddress: StateFlow<String?> = runtime.remoteAddress
  val isForeground: StateFlow<Boolean> = runtime.isForeground
  val seamColorArgb: StateFlow<Long> = runtime.seamColorArgb
+  val mainSessionKey: StateFlow<String> = runtime.mainSessionKey

  val cameraHud: StateFlow<CameraHudState?> = runtime.cameraHud
  val cameraFlashToken: StateFlow<Long> = runtime.cameraFlashToken
@@ -138,7 +139,7 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
    runtime.handleCanvasA2UIActionFromWebView(payloadJson)
  }

-  fun loadChat(sessionKey: String = "main") {
+  fun loadChat(sessionKey: String) {
    runtime.loadChat(sessionKey)
  }

--- a/apps/android/app/src/main/java/com/clawdbot/android/NodeApp.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/NodeApp.kt
@@ -1,8 +1,26 @@
 package com.clawdbot.android

 import android.app.Application
+import android.os.StrictMode

 class NodeApp : Application() {
  val runtime: NodeRuntime by lazy { NodeRuntime(this) }
-}

+  override fun onCreate() {
+    super.onCreate()
+    if (BuildConfig.DEBUG) {
+      StrictMode.setThreadPolicy(
+        StrictMode.ThreadPolicy.Builder()
+          .detectAll()
+          .penaltyLog()
+          .build(),
+      )
+      StrictMode.setVmPolicy(
+        StrictMode.VmPolicy.Builder()
+          .detectAll()
+          .penaltyLog()
+          .build(),
+      )
+    }
+  }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/NodeRuntime.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/NodeRuntime.kt
@@ -16,6 +16,7 @@ import com.clawdbot.android.bridge.BridgeDiscovery
 import com.clawdbot.android.bridge.BridgeEndpoint
 import com.clawdbot.android.bridge.BridgePairingClient
 import com.clawdbot.android.bridge.BridgeSession
+import com.clawdbot.android.bridge.BridgeTlsParams
 import com.clawdbot.android.node.CameraCaptureManager
 import com.clawdbot.android.node.LocationCaptureManager
 import com.clawdbot.android.BuildConfig
@@ -78,7 +79,7 @@ class NodeRuntime(context: Context) {
          payloadJson =
            buildJsonObject {
              put("message", JsonPrimitive(command))
-              put("sessionKey", JsonPrimitive(mainSessionKey.value))
+              put("sessionKey", JsonPrimitive(resolveMainSessionKey()))
              put("thinking", JsonPrimitive(chatThinkingLevel.value))
              put("deliver", JsonPrimitive(false))
            }.toString(),
@@ -142,12 +143,13 @@ class NodeRuntime(context: Context) {
  private val session =
    BridgeSession(
      scope = scope,
-      onConnected = { name, remote ->
+      onConnected = { name, remote, mainSessionKey ->
        _statusText.value = "Connected"
        _serverName.value = name
        _remoteAddress.value = remote
        _isConnected.value = true
        _seamColorArgb.value = DEFAULT_SEAM_COLOR_ARGB
+        applyMainSessionKey(mainSessionKey)
        scope.launch { refreshBrandingFromGateway() }
        scope.launch { refreshWakeWordsFromGateway() }
        maybeNavigateToA2uiOnConnect()
@@ -159,6 +161,9 @@ class NodeRuntime(context: Context) {
      onInvoke = { req ->
        handleInvoke(req.command, req.paramsJson)
      },
+      onTlsFingerprint = { stableId, fingerprint ->
+        prefs.saveBridgeTlsFingerprint(stableId, fingerprint)
+      },
    )

  private val chat = ChatController(scope = scope, session = session, json = json)
@@ -172,11 +177,31 @@ class NodeRuntime(context: Context) {
    _remoteAddress.value = null
    _isConnected.value = false
    _seamColorArgb.value = DEFAULT_SEAM_COLOR_ARGB
-    _mainSessionKey.value = "main"
+    if (!isCanonicalMainSessionKey(_mainSessionKey.value)) {
+      _mainSessionKey.value = "main"
+    }
+    val mainKey = resolveMainSessionKey()
+    talkMode.setMainSessionKey(mainKey)
+    chat.applyMainSessionKey(mainKey)
    chat.onDisconnected(message)
    showLocalCanvasOnDisconnect()
  }

+  private fun applyMainSessionKey(candidate: String?) {
+    val trimmed = candidate?.trim().orEmpty()
+    if (trimmed.isEmpty()) return
+    if (isCanonicalMainSessionKey(_mainSessionKey.value)) return
+    if (_mainSessionKey.value == trimmed) return
+    _mainSessionKey.value = trimmed
+    talkMode.setMainSessionKey(trimmed)
+    chat.applyMainSessionKey(trimmed)
+  }
+
+  private fun resolveMainSessionKey(): String {
+    val trimmed = _mainSessionKey.value.trim()
+    return if (trimmed.isEmpty()) "main" else trimmed
+  }
+
  private fun maybeNavigateToA2uiOnConnect() {
    val a2uiUrl = resolveA2uiHostUrl() ?: return
    val current = canvas.currentUrl()?.trim().orEmpty()
@@ -467,12 +492,17 @@ class NodeRuntime(context: Context) {
    scope.launch {
      _statusText.value = "Connecting…"
      val storedToken = prefs.loadBridgeToken()
+      val tls = resolveTlsParams(endpoint)
      val resolved =
        if (storedToken.isNullOrBlank()) {
          _statusText.value = "Pairing…"
          BridgePairingClient().pairAndHello(
            endpoint = endpoint,
            hello = buildPairingHello(token = null),
+            tls = tls,
+            onTlsFingerprint = { fingerprint ->
+              prefs.saveBridgeTlsFingerprint(endpoint.stableId, fingerprint)
+            },
          )
        } else {
          BridgePairingClient.PairResult(ok = true, token = storedToken.trim())
@@ -489,6 +519,7 @@ class NodeRuntime(context: Context) {
      session.connect(
        endpoint = endpoint,
        hello = buildSessionHello(token = authToken),
+        tls = tls,
      )
    }
  }
@@ -535,6 +566,41 @@ class NodeRuntime(context: Context) {
    session.disconnect()
  }

+  private fun resolveTlsParams(endpoint: BridgeEndpoint): BridgeTlsParams? {
+    val stored = prefs.loadBridgeTlsFingerprint(endpoint.stableId)
+    val hinted = endpoint.tlsEnabled || !endpoint.tlsFingerprintSha256.isNullOrBlank()
+    val manual = endpoint.stableId.startsWith("manual|")
+
+    if (hinted) {
+      return BridgeTlsParams(
+        required = true,
+        expectedFingerprint = endpoint.tlsFingerprintSha256 ?: stored,
+        allowTOFU = stored == null,
+        stableId = endpoint.stableId,
+      )
+    }
+
+    if (!stored.isNullOrBlank()) {
+      return BridgeTlsParams(
+        required = true,
+        expectedFingerprint = stored,
+        allowTOFU = false,
+        stableId = endpoint.stableId,
+      )
+    }
+
+    if (manual) {
+      return BridgeTlsParams(
+        required = false,
+        expectedFingerprint = null,
+        allowTOFU = true,
+        stableId = endpoint.stableId,
+      )
+    }
+
+    return null
+  }
+
  fun handleCanvasA2UIActionFromWebView(payloadJson: String) {
    scope.launch {
      val trimmed = payloadJson.trim()
@@ -559,7 +625,7 @@ class NodeRuntime(context: Context) {
        (userActionObj["sourceComponentId"] as? JsonPrimitive)?.content?.trim().orEmpty().ifEmpty { "-" }
      val contextJson = (userActionObj["context"] as? JsonObject)?.toString()

-      val sessionKey = "main"
+      val sessionKey = resolveMainSessionKey()
      val message =
        ClawdbotCanvasA2UIAction.formatAgentMessage(
          actionName = name,
@@ -607,8 +673,9 @@ class NodeRuntime(context: Context) {
    }
  }

-  fun loadChat(sessionKey: String = "main") {
-    chat.load(sessionKey)
+  fun loadChat(sessionKey: String) {
+    val key = sessionKey.trim().ifEmpty { resolveMainSessionKey() }
+    chat.load(key)
  }

  fun refreshChat() {
@@ -701,7 +768,7 @@ class NodeRuntime(context: Context) {
      val raw = ui?.get("seamColor").asStringOrNull()?.trim()
      val sessionCfg = config?.get("session").asObjectOrNull()
      val mainKey = normalizeMainKey(sessionCfg?.get("mainKey").asStringOrNull())
-      _mainSessionKey.value = mainKey
+      applyMainSessionKey(mainKey)

      val parsed = parseHexColorArgb(raw)
      _seamColorArgb.value = parsed ?: DEFAULT_SEAM_COLOR_ARGB
--- a/apps/android/app/src/main/java/com/clawdbot/android/SecurePrefs.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/SecurePrefs.kt
@@ -147,6 +147,16 @@ class SecurePrefs(context: Context) {
    prefs.edit { putString(key, token.trim()) }
  }

+  fun loadBridgeTlsFingerprint(stableId: String): String? {
+    val key = "bridge.tls.$stableId"
+    return prefs.getString(key, null)?.trim()?.takeIf { it.isNotEmpty() }
+  }
+
+  fun saveBridgeTlsFingerprint(stableId: String, fingerprint: String) {
+    val key = "bridge.tls.$stableId"
+    prefs.edit { putString(key, fingerprint.trim()) }
+  }
+
  private fun loadOrCreateInstanceId(): String {
    val existing = prefs.getString("node.instanceId", null)?.trim()
    if (!existing.isNullOrBlank()) return existing
--- a/apps/android/app/src/main/java/com/clawdbot/android/SessionKey.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/SessionKey.kt
@@ -4,3 +4,10 @@ internal fun normalizeMainKey(raw: String?): String {
  val trimmed = raw?.trim()
  return if (!trimmed.isNullOrEmpty()) trimmed else "main"
 }
+
+internal fun isCanonicalMainSessionKey(raw: String?): Boolean {
+  val trimmed = raw?.trim().orEmpty()
+  if (trimmed.isEmpty()) return false
+  if (trimmed == "global") return true
+  return trimmed.startsWith("agent:")
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeDiscovery.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeDiscovery.kt
@@ -143,6 +143,8 @@ class BridgeDiscovery(
        val gatewayPort = txtInt(resolved, "gatewayPort")
        val bridgePort = txtInt(resolved, "bridgePort")
        val canvasPort = txtInt(resolved, "canvasPort")
+        val tlsEnabled = txtBool(resolved, "bridgeTls")
+        val tlsFingerprint = txt(resolved, "bridgeTlsSha256")
        val id = stableId(serviceName, "local.")
        localById[id] =
          BridgeEndpoint(
@@ -155,6 +157,8 @@ class BridgeDiscovery(
            gatewayPort = gatewayPort,
            bridgePort = bridgePort,
            canvasPort = canvasPort,
+            tlsEnabled = tlsEnabled,
+            tlsFingerprintSha256 = tlsFingerprint,
          )
        publish()
      }
@@ -209,6 +213,11 @@ class BridgeDiscovery(
    return txt(info, key)?.toIntOrNull()
  }

+  private fun txtBool(info: NsdServiceInfo, key: String): Boolean {
+    val raw = txt(info, key)?.trim()?.lowercase() ?: return false
+    return raw == "1" || raw == "true" || raw == "yes"
+  }
+
  private suspend fun refreshUnicast(domain: String) {
    val ptrName = "${serviceType}${domain}"
    val ptrMsg = lookupUnicastMessage(ptrName, Type.PTR) ?: return
@@ -252,6 +261,8 @@ class BridgeDiscovery(
      val gatewayPort = txtIntValue(txt, "gatewayPort")
      val bridgePort = txtIntValue(txt, "bridgePort")
      val canvasPort = txtIntValue(txt, "canvasPort")
+      val tlsEnabled = txtBoolValue(txt, "bridgeTls")
+      val tlsFingerprint = txtValue(txt, "bridgeTlsSha256")
      val id = stableId(instanceName, domain)
      next[id] =
        BridgeEndpoint(
@@ -264,6 +275,8 @@ class BridgeDiscovery(
          gatewayPort = gatewayPort,
          bridgePort = bridgePort,
          canvasPort = canvasPort,
+          tlsEnabled = tlsEnabled,
+          tlsFingerprintSha256 = tlsFingerprint,
        )
    }

@@ -474,6 +487,11 @@ class BridgeDiscovery(
    return txtValue(records, key)?.toIntOrNull()
  }

+  private fun txtBoolValue(records: List<TXTRecord>, key: String): Boolean {
+    val raw = txtValue(records, key)?.trim()?.lowercase() ?: return false
+    return raw == "1" || raw == "true" || raw == "yes"
+  }
+
  private fun decodeDnsTxtString(raw: String): String {
    // dnsjava treats TXT as opaque bytes and decodes as ISO-8859-1 to preserve bytes.
    // Our TXT payload is UTF-8 (written by the gateway), so re-decode when possible.
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeEndpoint.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeEndpoint.kt
@@ -10,6 +10,8 @@ data class BridgeEndpoint(
  val gatewayPort: Int? = null,
  val bridgePort: Int? = null,
  val canvasPort: Int? = null,
+  val tlsEnabled: Boolean = false,
+  val tlsFingerprintSha256: String? = null,
 ) {
  companion object {
    fun manual(host: String, port: Int): BridgeEndpoint =
@@ -18,6 +20,8 @@ data class BridgeEndpoint(
        name = "$host:$port",
        host = host,
        port = port,
+        tlsEnabled = false,
+        tlsFingerprintSha256 = null,
      )
  }
 }
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgePairingClient.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgePairingClient.kt
@@ -14,7 +14,6 @@ import java.io.BufferedWriter
 import java.io.InputStreamReader
 import java.io.OutputStreamWriter
 import java.net.InetSocketAddress
-import java.net.Socket

 class BridgePairingClient {
  private val json = Json { ignoreUnknownKeys = true }
@@ -33,95 +32,120 @@ class BridgePairingClient {

  data class PairResult(val ok: Boolean, val token: String?, val error: String? = null)

-  suspend fun pairAndHello(endpoint: BridgeEndpoint, hello: Hello): PairResult =
+  suspend fun pairAndHello(
+    endpoint: BridgeEndpoint,
+    hello: Hello,
+    tls: BridgeTlsParams? = null,
+    onTlsFingerprint: ((String) -> Unit)? = null,
+  ): PairResult =
    withContext(Dispatchers.IO) {
-      val socket = Socket()
-      socket.tcpNoDelay = true
-      try {
-        socket.connect(InetSocketAddress(endpoint.host, endpoint.port), 8_000)
-        socket.soTimeout = 60_000
-
-        val reader = BufferedReader(InputStreamReader(socket.getInputStream(), Charsets.UTF_8))
-        val writer = BufferedWriter(OutputStreamWriter(socket.getOutputStream(), Charsets.UTF_8))
-
-        fun send(line: String) {
-          writer.write(line)
-          writer.write("\n")
-          writer.flush()
-        }
-
-        fun sendJson(obj: JsonObject) = send(obj.toString())
-
-        sendJson(
-          buildJsonObject {
-            put("type", JsonPrimitive("hello"))
-            put("nodeId", JsonPrimitive(hello.nodeId))
-            hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
-            hello.token?.let { put("token", JsonPrimitive(it)) }
-            hello.platform?.let { put("platform", JsonPrimitive(it)) }
-            hello.version?.let { put("version", JsonPrimitive(it)) }
-            hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
-            hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
-            hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
-            hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
-          },
-        )
-
-        val firstObj = json.parseToJsonElement(reader.readLine()).asObjectOrNull()
-          ?: return@withContext PairResult(ok = false, token = null, error = "unexpected bridge response")
-        when (firstObj["type"].asStringOrNull()) {
-          "hello-ok" -> PairResult(ok = true, token = hello.token)
-          "error" -> {
-            val code = firstObj["code"].asStringOrNull() ?: "UNAVAILABLE"
-            val message = firstObj["message"].asStringOrNull() ?: "pairing required"
-            if (code != "NOT_PAIRED" && code != "UNAUTHORIZED") {
-              return@withContext PairResult(ok = false, token = null, error = "$code: $message")
-            }
-
-            sendJson(
-              buildJsonObject {
-                put("type", JsonPrimitive("pair-request"))
-                put("nodeId", JsonPrimitive(hello.nodeId))
-                hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
-                hello.platform?.let { put("platform", JsonPrimitive(it)) }
-                hello.version?.let { put("version", JsonPrimitive(it)) }
-                hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
-                hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
-                hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
-                hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
-              },
-            )
-
-            while (true) {
-              val nextLine = reader.readLine() ?: break
-              val next = json.parseToJsonElement(nextLine).asObjectOrNull() ?: continue
-              when (next["type"].asStringOrNull()) {
-                "pair-ok" -> {
-                  val token = next["token"].asStringOrNull()
-                  return@withContext PairResult(ok = !token.isNullOrBlank(), token = token)
-                }
-                "error" -> {
-                  val c = next["code"].asStringOrNull() ?: "UNAVAILABLE"
-                  val m = next["message"].asStringOrNull() ?: "pairing failed"
-                  return@withContext PairResult(ok = false, token = null, error = "$c: $m")
-                }
-              }
-            }
-            PairResult(ok = false, token = null, error = "pairing failed")
-          }
-          else -> PairResult(ok = false, token = null, error = "unexpected bridge response")
-        }
-      } catch (e: Exception) {
-        val message = e.message?.trim().orEmpty().ifEmpty { "gateway unreachable" }
-        PairResult(ok = false, token = null, error = message)
-      } finally {
+      if (tls != null) {
        try {
-          socket.close()
-        } catch (_: Throwable) {
-          // ignore
+          return@withContext pairAndHelloWithTls(endpoint, hello, tls, onTlsFingerprint)
+        } catch (e: Exception) {
+          if (tls.required) throw e
        }
      }
+      pairAndHelloWithTls(endpoint, hello, null, null)
    }
+
+  private fun pairAndHelloWithTls(
+    endpoint: BridgeEndpoint,
+    hello: Hello,
+    tls: BridgeTlsParams?,
+    onTlsFingerprint: ((String) -> Unit)?,
+  ): PairResult {
+    val socket =
+      createBridgeSocket(tls) { fingerprint ->
+        onTlsFingerprint?.invoke(fingerprint)
+      }
+    socket.tcpNoDelay = true
+    try {
+      socket.connect(InetSocketAddress(endpoint.host, endpoint.port), 8_000)
+      socket.soTimeout = 60_000
+      startTlsHandshakeIfNeeded(socket)
+
+      val reader = BufferedReader(InputStreamReader(socket.getInputStream(), Charsets.UTF_8))
+      val writer = BufferedWriter(OutputStreamWriter(socket.getOutputStream(), Charsets.UTF_8))
+
+      fun send(line: String) {
+        writer.write(line)
+        writer.write("\n")
+        writer.flush()
+      }
+
+      fun sendJson(obj: JsonObject) = send(obj.toString())
+
+      sendJson(
+        buildJsonObject {
+          put("type", JsonPrimitive("hello"))
+          put("nodeId", JsonPrimitive(hello.nodeId))
+          hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
+          hello.token?.let { put("token", JsonPrimitive(it)) }
+          hello.platform?.let { put("platform", JsonPrimitive(it)) }
+          hello.version?.let { put("version", JsonPrimitive(it)) }
+          hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
+          hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
+          hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
+          hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
+        },
+      )
+
+      val firstObj = json.parseToJsonElement(reader.readLine()).asObjectOrNull()
+        ?: return PairResult(ok = false, token = null, error = "unexpected bridge response")
+      return when (firstObj["type"].asStringOrNull()) {
+        "hello-ok" -> PairResult(ok = true, token = hello.token)
+        "error" -> {
+          val code = firstObj["code"].asStringOrNull() ?: "UNAVAILABLE"
+          val message = firstObj["message"].asStringOrNull() ?: "pairing required"
+          if (code != "NOT_PAIRED" && code != "UNAUTHORIZED") {
+            return PairResult(ok = false, token = null, error = "$code: $message")
+          }
+
+          sendJson(
+            buildJsonObject {
+              put("type", JsonPrimitive("pair-request"))
+              put("nodeId", JsonPrimitive(hello.nodeId))
+              hello.displayName?.let { put("displayName", JsonPrimitive(it)) }
+              hello.platform?.let { put("platform", JsonPrimitive(it)) }
+              hello.version?.let { put("version", JsonPrimitive(it)) }
+              hello.deviceFamily?.let { put("deviceFamily", JsonPrimitive(it)) }
+              hello.modelIdentifier?.let { put("modelIdentifier", JsonPrimitive(it)) }
+              hello.caps?.let { put("caps", JsonArray(it.map(::JsonPrimitive))) }
+              hello.commands?.let { put("commands", JsonArray(it.map(::JsonPrimitive))) }
+            },
+          )
+
+          while (true) {
+            val nextLine = reader.readLine() ?: break
+            val next = json.parseToJsonElement(nextLine).asObjectOrNull() ?: continue
+            when (next["type"].asStringOrNull()) {
+              "pair-ok" -> {
+                val token = next["token"].asStringOrNull()
+                return PairResult(ok = !token.isNullOrBlank(), token = token)
+              }
+              "error" -> {
+                val c = next["code"].asStringOrNull() ?: "UNAVAILABLE"
+                val m = next["message"].asStringOrNull() ?: "pairing failed"
+                return PairResult(ok = false, token = null, error = "$c: $m")
+              }
+            }
+          }
+          PairResult(ok = false, token = null, error = "pairing failed")
+        }
+        else -> PairResult(ok = false, token = null, error = "unexpected bridge response")
+      }
+    } catch (e: Exception) {
+      val message = e.message?.trim().orEmpty().ifEmpty { "gateway unreachable" }
+      return PairResult(ok = false, token = null, error = message)
+    } finally {
+      try {
+        socket.close()
+      } catch (_: Throwable) {
+        // ignore
+      }
+    }
+  }
 }

 private fun JsonElement?.asObjectOrNull(): JsonObject? = this as? JsonObject
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeSession.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeSession.kt
@@ -31,10 +31,11 @@ import java.util.concurrent.ConcurrentHashMap

 class BridgeSession(
  private val scope: CoroutineScope,
-  private val onConnected: (serverName: String, remoteAddress: String?) -> Unit,
+  private val onConnected: (serverName: String, remoteAddress: String?, mainSessionKey: String?) -> Unit,
  private val onDisconnected: (message: String) -> Unit,
  private val onEvent: (event: String, payloadJson: String?) -> Unit,
  private val onInvoke: suspend (InvokeRequest) -> InvokeResult,
+  private val onTlsFingerprint: ((stableId: String, fingerprint: String) -> Unit)? = null,
 ) {
  data class Hello(
    val nodeId: String,
@@ -64,12 +65,19 @@ class BridgeSession(
  private val writeLock = Mutex()
  private val pending = ConcurrentHashMap<String, CompletableDeferred<RpcResponse>>()
  @Volatile private var canvasHostUrl: String? = null
+  @Volatile private var mainSessionKey: String? = null

-  private var desired: Pair<BridgeEndpoint, Hello>? = null
+  private data class DesiredConnection(
+    val endpoint: BridgeEndpoint,
+    val hello: Hello,
+    val tls: BridgeTlsParams?,
+  )
+
+  private var desired: DesiredConnection? = null
  private var job: Job? = null

-  fun connect(endpoint: BridgeEndpoint, hello: Hello) {
-    desired = endpoint to hello
+  fun connect(endpoint: BridgeEndpoint, hello: Hello, tls: BridgeTlsParams? = null) {
+    desired = DesiredConnection(endpoint, hello, tls)
    if (job == null) {
      job = scope.launch(Dispatchers.IO) { runLoop() }
    }
@@ -77,7 +85,7 @@ class BridgeSession(

  suspend fun updateHello(hello: Hello) {
    val target = desired ?: return
-    desired = target.first to hello
+    desired = target.copy(hello = hello)
    val conn = currentConnection ?: return
    conn.sendJson(buildHelloJson(hello))
  }
@@ -90,11 +98,13 @@ class BridgeSession(
      job?.cancelAndJoin()
      job = null
      canvasHostUrl = null
+      mainSessionKey = null
      onDisconnected("Offline")
    }
  }

  fun currentCanvasHostUrl(): String? = canvasHostUrl
+  fun currentMainSessionKey(): String? = mainSessionKey

  suspend fun sendEvent(event: String, payloadJson: String?) {
    val conn = currentConnection ?: return
@@ -162,10 +172,10 @@ class BridgeSession(
        continue
      }

-      val (endpoint, hello) = target
+      val (endpoint, hello, tls) = target
      try {
        onDisconnected(if (attempt == 0) "Connecting…" else "Reconnecting…")
-        connectOnce(endpoint, hello)
+        connectOnce(endpoint, hello, tls)
        attempt = 0
      } catch (err: Throwable) {
        attempt += 1
@@ -189,58 +199,76 @@ class BridgeSession(
    return InvokeResult.error(code = "UNAVAILABLE", message = msg)
  }

-  private suspend fun connectOnce(endpoint: BridgeEndpoint, hello: Hello) =
+  private suspend fun connectOnce(endpoint: BridgeEndpoint, hello: Hello, tls: BridgeTlsParams?) =
    withContext(Dispatchers.IO) {
-      val socket = Socket()
-      socket.tcpNoDelay = true
-      socket.connect(InetSocketAddress(endpoint.host, endpoint.port), 8_000)
-      socket.soTimeout = 0
-
-      val reader = BufferedReader(InputStreamReader(socket.getInputStream(), Charsets.UTF_8))
-      val writer = BufferedWriter(OutputStreamWriter(socket.getOutputStream(), Charsets.UTF_8))
-
-      val conn = Connection(socket, reader, writer, writeLock)
-      currentConnection = conn
-
-      try {
-        conn.sendJson(buildHelloJson(hello))
-
-        val firstLine = reader.readLine() ?: throw IllegalStateException("bridge closed connection")
-        val first = json.parseToJsonElement(firstLine).asObjectOrNull()
-          ?: throw IllegalStateException("unexpected bridge response")
-        when (first["type"].asStringOrNull()) {
-          "hello-ok" -> {
-            val name = first["serverName"].asStringOrNull() ?: "Bridge"
-            val rawCanvasUrl = first["canvasHostUrl"].asStringOrNull()?.trim()?.ifEmpty { null }
-            canvasHostUrl = normalizeCanvasHostUrl(rawCanvasUrl, endpoint)
-            if (BuildConfig.DEBUG) {
-              // Local JVM unit tests use android.jar stubs; Log.d can throw "not mocked".
-              runCatching {
-                android.util.Log.d(
-                  "ClawdbotBridge",
-                  "canvasHostUrl resolved=${canvasHostUrl ?: "none"} (raw=${rawCanvasUrl ?: "none"})",
-                )
-              }
-            }
-            onConnected(name, conn.remoteAddress)
-          }
-          "error" -> {
-            val code = first["code"].asStringOrNull() ?: "UNAVAILABLE"
-            val msg = first["message"].asStringOrNull() ?: "connect failed"
-            throw IllegalStateException("$code: $msg")
-          }
-          else -> throw IllegalStateException("unexpected bridge response")
+      if (tls != null) {
+        try {
+          connectWithSocket(endpoint, hello, tls)
+          return@withContext
+        } catch (err: Throwable) {
+          if (tls.required) throw err
        }
+      }
+      connectWithSocket(endpoint, hello, null)
+    }

-        while (scope.isActive) {
-          val line = reader.readLine() ?: break
-          val frame = json.parseToJsonElement(line).asObjectOrNull() ?: continue
-          when (frame["type"].asStringOrNull()) {
-            "event" -> {
-              val event = frame["event"].asStringOrNull() ?: return@withContext
-              val payload = frame["payloadJSON"].asStringOrNull()
-              onEvent(event, payload)
+  private suspend fun connectWithSocket(endpoint: BridgeEndpoint, hello: Hello, tls: BridgeTlsParams?) {
+    val socket =
+      createBridgeSocket(tls) { fingerprint ->
+        onTlsFingerprint?.invoke(tls?.stableId ?: endpoint.stableId, fingerprint)
+      }
+    socket.tcpNoDelay = true
+    socket.connect(InetSocketAddress(endpoint.host, endpoint.port), 8_000)
+    socket.soTimeout = 0
+    startTlsHandshakeIfNeeded(socket)
+
+    val reader = BufferedReader(InputStreamReader(socket.getInputStream(), Charsets.UTF_8))
+    val writer = BufferedWriter(OutputStreamWriter(socket.getOutputStream(), Charsets.UTF_8))
+
+    val conn = Connection(socket, reader, writer, writeLock)
+    currentConnection = conn
+
+    try {
+      conn.sendJson(buildHelloJson(hello))
+
+      val firstLine = reader.readLine() ?: throw IllegalStateException("bridge closed connection")
+      val first = json.parseToJsonElement(firstLine).asObjectOrNull()
+        ?: throw IllegalStateException("unexpected bridge response")
+      when (first["type"].asStringOrNull()) {
+        "hello-ok" -> {
+          val name = first["serverName"].asStringOrNull() ?: "Bridge"
+          val rawCanvasUrl = first["canvasHostUrl"].asStringOrNull()?.trim()?.ifEmpty { null }
+          val rawMainSessionKey = first["mainSessionKey"].asStringOrNull()?.trim()?.ifEmpty { null }
+          canvasHostUrl = normalizeCanvasHostUrl(rawCanvasUrl, endpoint)
+          mainSessionKey = rawMainSessionKey
+          if (BuildConfig.DEBUG) {
+            // Local JVM unit tests use android.jar stubs; Log.d can throw "not mocked".
+            runCatching {
+              android.util.Log.d(
+                "ClawdbotBridge",
+                "canvasHostUrl resolved=${canvasHostUrl ?: "none"} (raw=${rawCanvasUrl ?: "none"})",
+              )
            }
+          }
+          onConnected(name, conn.remoteAddress, rawMainSessionKey)
+        }
+        "error" -> {
+          val code = first["code"].asStringOrNull() ?: "UNAVAILABLE"
+          val msg = first["message"].asStringOrNull() ?: "connect failed"
+          throw IllegalStateException("$code: $msg")
+        }
+        else -> throw IllegalStateException("unexpected bridge response")
+      }
+
+      while (scope.isActive) {
+        val line = reader.readLine() ?: break
+        val frame = json.parseToJsonElement(line).asObjectOrNull() ?: continue
+        when (frame["type"].asStringOrNull()) {
+          "event" -> {
+            val event = frame["event"].asStringOrNull() ?: continue
+            val payload = frame["payloadJSON"].asStringOrNull()
+            onEvent(event, payload)
+          }
            "ping" -> {
              val id = frame["id"].asStringOrNull() ?: ""
              conn.sendJson(buildJsonObject { put("type", JsonPrimitive("pong")); put("id", JsonPrimitive(id)) })
@@ -286,20 +314,20 @@ class BridgeSession(
                },
              )
            }
-            "invoke-res" -> {
-              // gateway->node only (ignore)
-            }
+          "invoke-res" -> {
+            // gateway->node only (ignore)
          }
        }
-      } finally {
-        currentConnection = null
-        for ((_, waiter) in pending) {
-          waiter.cancel()
-        }
-        pending.clear()
-        conn.closeQuietly()
      }
+    } finally {
+      currentConnection = null
+      for ((_, waiter) in pending) {
+        waiter.cancel()
+      }
+      pending.clear()
+      conn.closeQuietly()
    }
+  }

  private fun buildHelloJson(hello: Hello): JsonObject =
    buildJsonObject {
--- a/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeTls.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/bridge/BridgeTls.kt
@@ -0,0 +1,81 @@
+package com.clawdbot.android.bridge
+
+import android.annotation.SuppressLint
+import java.net.Socket
+import java.security.MessageDigest
+import java.security.SecureRandom
+import java.security.cert.CertificateException
+import java.security.cert.X509Certificate
+import javax.net.ssl.SSLContext
+import javax.net.ssl.SSLSocket
+import javax.net.ssl.TrustManagerFactory
+import javax.net.ssl.X509TrustManager
+
+data class BridgeTlsParams(
+  val required: Boolean,
+  val expectedFingerprint: String?,
+  val allowTOFU: Boolean,
+  val stableId: String,
+)
+
+fun createBridgeSocket(params: BridgeTlsParams?, onStore: ((String) -> Unit)? = null): Socket {
+  if (params == null) return Socket()
+  val expected = params.expectedFingerprint?.let(::normalizeFingerprint)
+  val defaultTrust = defaultTrustManager()
+  @SuppressLint("CustomX509TrustManager")
+  val trustManager =
+    object : X509TrustManager {
+      override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) {
+        defaultTrust.checkClientTrusted(chain, authType)
+      }
+
+      override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) {
+        if (chain.isEmpty()) throw CertificateException("empty certificate chain")
+        val fingerprint = sha256Hex(chain[0].encoded)
+        if (expected != null) {
+          if (fingerprint != expected) {
+            throw CertificateException("bridge TLS fingerprint mismatch")
+          }
+          return
+        }
+        if (params.allowTOFU) {
+          onStore?.invoke(fingerprint)
+          return
+        }
+        defaultTrust.checkServerTrusted(chain, authType)
+      }
+
+      override fun getAcceptedIssuers(): Array<X509Certificate> = defaultTrust.acceptedIssuers
+    }
+
+  val context = SSLContext.getInstance("TLS")
+  context.init(null, arrayOf(trustManager), SecureRandom())
+  return context.socketFactory.createSocket()
+}
+
+fun startTlsHandshakeIfNeeded(socket: Socket) {
+  if (socket is SSLSocket) {
+    socket.startHandshake()
+  }
+}
+
+private fun defaultTrustManager(): X509TrustManager {
+  val factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
+  factory.init(null as java.security.KeyStore?)
+  val trust =
+    factory.trustManagers.firstOrNull { it is X509TrustManager } as? X509TrustManager
+  return trust ?: throw IllegalStateException("No default X509TrustManager found")
+}
+
+private fun sha256Hex(data: ByteArray): String {
+  val digest = MessageDigest.getInstance("SHA-256").digest(data)
+  val out = StringBuilder(digest.size * 2)
+  for (byte in digest) {
+    out.append(String.format("%02x", byte))
+  }
+  return out.toString()
+}
+
+private fun normalizeFingerprint(raw: String): String {
+  return raw.lowercase().filter { it in '0'..'9' || it in 'a'..'f' }
+}
--- a/apps/android/app/src/main/java/com/clawdbot/android/chat/ChatController.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/chat/ChatController.kt
@@ -71,12 +71,21 @@ class ChatController(
    _sessionId.value = null
  }

-  fun load(sessionKey: String = "main") {
+  fun load(sessionKey: String) {
    val key = sessionKey.trim().ifEmpty { "main" }
    _sessionKey.value = key
    scope.launch { bootstrap(forceHealth = true) }
  }

+  fun applyMainSessionKey(mainSessionKey: String) {
+    val trimmed = mainSessionKey.trim()
+    if (trimmed.isEmpty()) return
+    if (_sessionKey.value == trimmed) return
+    if (_sessionKey.value != "main") return
+    _sessionKey.value = trimmed
+    scope.launch { bootstrap(forceHealth = true) }
+  }
+
  fun refresh() {
    scope.launch { bootstrap(forceHealth = true) }
  }
--- a/apps/android/app/src/main/java/com/clawdbot/android/node/CameraCaptureManager.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/node/CameraCaptureManager.kt
@@ -8,7 +8,7 @@ import android.graphics.BitmapFactory
 import android.graphics.Matrix
 import android.util.Base64
 import android.content.pm.PackageManager
-import android.media.ExifInterface
+import androidx.exifinterface.media.ExifInterface
 import androidx.lifecycle.LifecycleOwner
 import androidx.camera.core.CameraSelector
 import androidx.camera.core.ImageCapture
--- a/apps/android/app/src/main/java/com/clawdbot/android/node/ScreenRecordManager.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/node/ScreenRecordManager.kt
@@ -122,13 +122,7 @@ class ScreenRecordManager(private val context: Context) {
      )
    }

-  private fun createMediaRecorder(): MediaRecorder =
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
-      MediaRecorder(context)
-    } else {
-      @Suppress("DEPRECATION")
-      MediaRecorder()
-    }
+  private fun createMediaRecorder(): MediaRecorder = MediaRecorder(context)

  private suspend fun ensureMicPermission() {
    val granted =
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatComposer.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatComposer.kt
@@ -44,6 +44,7 @@ import com.clawdbot.android.chat.ChatSessionEntry
 fun ChatComposer(
  sessionKey: String,
  sessions: List<ChatSessionEntry>,
+  mainSessionKey: String,
  healthOk: Boolean,
  thinkingLevel: String,
  pendingRunCount: Int,
@@ -61,7 +62,7 @@ fun ChatComposer(
  var showThinkingMenu by remember { mutableStateOf(false) }
  var showSessionMenu by remember { mutableStateOf(false) }

-  val sessionOptions = resolveSessionChoices(sessionKey, sessions)
+  val sessionOptions = resolveSessionChoices(sessionKey, sessions, mainSessionKey = mainSessionKey)
  val currentSessionLabel =
    sessionOptions.firstOrNull { it.key == sessionKey }?.displayName ?: sessionKey

--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatSheetContent.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/ChatSheetContent.kt
@@ -33,13 +33,14 @@ fun ChatSheetContent(viewModel: MainViewModel) {
  val pendingRunCount by viewModel.pendingRunCount.collectAsState()
  val healthOk by viewModel.chatHealthOk.collectAsState()
  val sessionKey by viewModel.chatSessionKey.collectAsState()
+  val mainSessionKey by viewModel.mainSessionKey.collectAsState()
  val thinkingLevel by viewModel.chatThinkingLevel.collectAsState()
  val streamingAssistantText by viewModel.chatStreamingAssistantText.collectAsState()
  val pendingToolCalls by viewModel.chatPendingToolCalls.collectAsState()
  val sessions by viewModel.chatSessions.collectAsState()

-  LaunchedEffect(Unit) {
-    viewModel.loadChat("main")
+  LaunchedEffect(mainSessionKey) {
+    viewModel.loadChat(mainSessionKey)
    viewModel.refreshChatSessions(limit = 200)
  }

@@ -85,6 +86,7 @@ fun ChatSheetContent(viewModel: MainViewModel) {
    ChatComposer(
      sessionKey = sessionKey,
      sessions = sessions,
+      mainSessionKey = mainSessionKey,
      healthOk = healthOk,
      thinkingLevel = thinkingLevel,
      pendingRunCount = pendingRunCount,
--- a/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/SessionFilters.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/ui/chat/SessionFilters.kt
@@ -2,20 +2,23 @@ package com.clawdbot.android.ui.chat

 import com.clawdbot.android.chat.ChatSessionEntry

-private const val MAIN_SESSION_KEY = "main"
 private const val RECENT_WINDOW_MS = 24 * 60 * 60 * 1000L

 fun resolveSessionChoices(
  currentSessionKey: String,
  sessions: List<ChatSessionEntry>,
+  mainSessionKey: String,
  nowMs: Long = System.currentTimeMillis(),
 ): List<ChatSessionEntry> {
-  val current = currentSessionKey.trim()
+  val mainKey = mainSessionKey.trim().ifEmpty { "main" }
+  val current = currentSessionKey.trim().let { if (it == "main" && mainKey != "main") mainKey else it }
+  val aliasKey = if (mainKey == "main") null else "main"
  val cutoff = nowMs - RECENT_WINDOW_MS
  val sorted = sessions.sortedByDescending { it.updatedAtMs ?: 0L }
  val recent = mutableListOf<ChatSessionEntry>()
  val seen = mutableSetOf<String>()
  for (entry in sorted) {
+    if (aliasKey != null && entry.key == aliasKey) continue
    if (!seen.add(entry.key)) continue
    if ((entry.updatedAtMs ?: 0L) < cutoff) continue
    recent.add(entry)
@@ -23,13 +26,13 @@ fun resolveSessionChoices(

  val result = mutableListOf<ChatSessionEntry>()
  val included = mutableSetOf<String>()
-  val mainEntry = sorted.firstOrNull { it.key == MAIN_SESSION_KEY }
+  val mainEntry = sorted.firstOrNull { it.key == mainKey }
  if (mainEntry != null) {
    result.add(mainEntry)
-    included.add(MAIN_SESSION_KEY)
-  } else if (current == MAIN_SESSION_KEY) {
-    result.add(ChatSessionEntry(key = MAIN_SESSION_KEY, updatedAtMs = null))
-    included.add(MAIN_SESSION_KEY)
+    included.add(mainKey)
+  } else if (current == mainKey) {
+    result.add(ChatSessionEntry(key = mainKey, updatedAtMs = null))
+    included.add(mainKey)
  }

  for (entry in recent) {
--- a/apps/android/app/src/main/java/com/clawdbot/android/voice/TalkModeManager.kt
+++ b/apps/android/app/src/main/java/com/clawdbot/android/voice/TalkModeManager.kt
@@ -21,6 +21,7 @@ import android.speech.tts.UtteranceProgressListener
 import android.util.Log
 import androidx.core.content.ContextCompat
 import com.clawdbot.android.bridge.BridgeSession
+import com.clawdbot.android.isCanonicalMainSessionKey
 import com.clawdbot.android.normalizeMainKey
 import java.net.HttpURLConnection
 import java.net.URL
@@ -116,6 +117,13 @@ class TalkModeManager(
    chatSubscribedSessionKey = null
  }

+  fun setMainSessionKey(sessionKey: String?) {
+    val trimmed = sessionKey?.trim().orEmpty()
+    if (trimmed.isEmpty()) return
+    if (isCanonicalMainSessionKey(mainSessionKey)) return
+    mainSessionKey = trimmed
+  }
+
  fun setEnabled(enabled: Boolean) {
    if (_isEnabled.value == enabled) return
    _isEnabled.value = enabled
@@ -827,7 +835,9 @@ class TalkModeManager(
      val key = talk?.get("apiKey")?.asStringOrNull()?.trim()?.takeIf { it.isNotEmpty() }
      val interrupt = talk?.get("interruptOnSpeech")?.asBooleanOrNull()

-      mainSessionKey = mainKey
+      if (!isCanonicalMainSessionKey(mainSessionKey)) {
+        mainSessionKey = mainKey
+      }
      defaultVoiceId = voice ?: envVoice?.takeIf { it.isNotEmpty() } ?: sagVoice?.takeIf { it.isNotEmpty() }
      voiceAliases = aliases
      if (!voiceOverrideActive) currentVoiceId = defaultVoiceId
--- a/apps/android/app/src/test/java/com/clawdbot/android/bridge/BridgeSessionTest.kt
+++ b/apps/android/app/src/test/java/com/clawdbot/android/bridge/BridgeSessionTest.kt
@@ -30,7 +30,7 @@ class BridgeSessionTest {
    val session =
      BridgeSession(
        scope = scope,
-        onConnected = { _, _ -> connected.complete(Unit) },
+        onConnected = { _, _, _ -> connected.complete(Unit) },
        onDisconnected = { /* ignore */ },
        onEvent = { _, _ -> /* ignore */ },
        onInvoke = { BridgeSession.InvokeResult.ok(null) },
@@ -97,7 +97,7 @@ class BridgeSessionTest {
    val session =
      BridgeSession(
        scope = scope,
-        onConnected = { _, _ -> connected.complete(Unit) },
+        onConnected = { _, _, _ -> connected.complete(Unit) },
        onDisconnected = { /* ignore */ },
        onEvent = { _, _ -> /* ignore */ },
        onInvoke = { BridgeSession.InvokeResult.ok(null) },
@@ -167,7 +167,7 @@ class BridgeSessionTest {
    val session =
      BridgeSession(
        scope = scope,
-        onConnected = { _, _ -> connected.complete(Unit) },
+        onConnected = { _, _, _ -> connected.complete(Unit) },
        onDisconnected = { /* ignore */ },
        onEvent = { _, _ -> /* ignore */ },
        onInvoke = { throw IllegalStateException("FOO_BAR: boom") },
@@ -239,7 +239,7 @@ class BridgeSessionTest {
    val session =
      BridgeSession(
        scope = scope,
-        onConnected = { _, _ -> connected.countDown() },
+        onConnected = { _, _, _ -> connected.countDown() },
        onDisconnected = { /* ignore */ },
        onEvent = { _, _ -> /* ignore */ },
        onInvoke = { BridgeSession.InvokeResult.ok(null) },
--- a/apps/android/app/src/test/java/com/clawdbot/android/ui/chat/SessionFiltersTest.kt
+++ b/apps/android/app/src/test/java/com/clawdbot/android/ui/chat/SessionFiltersTest.kt
@@ -19,7 +19,7 @@ class SessionFiltersTest {
        ChatSessionEntry(key = "recent-2", updatedAtMs = recent2),
      )

-    val result = resolveSessionChoices("main", sessions, nowMs = now).map { it.key }
+    val result = resolveSessionChoices("main", sessions, mainSessionKey = "main", nowMs = now).map { it.key }
    assertEquals(listOf("main", "recent-1", "recent-2"), result)
  }

@@ -29,7 +29,7 @@ class SessionFiltersTest {
    val recent = now - 10 * 60 * 1000L
    val sessions = listOf(ChatSessionEntry(key = "main", updatedAtMs = recent))

-    val result = resolveSessionChoices("custom", sessions, nowMs = now).map { it.key }
+    val result = resolveSessionChoices("custom", sessions, mainSessionKey = "main", nowMs = now).map { it.key }
    assertEquals(listOf("main", "custom"), result)
  }
 }
--- a/apps/ios/Sources/Bridge/BridgeClient.swift
+++ b/apps/ios/Sources/Bridge/BridgeClient.swift
@@ -10,10 +10,36 @@ actor BridgeClient {
    func pairAndHello(
        endpoint: NWEndpoint,
        hello: BridgeHello,
+        tls: BridgeTLSParams? = nil,
+        onStatus: (@Sendable (String) -> Void)? = nil) async throws -> String
+    {
+        do {
+            return try await self.pairAndHelloOnce(
+                endpoint: endpoint,
+                hello: hello,
+                tls: tls,
+                onStatus: onStatus)
+        } catch {
+            if let tls, !tls.required {
+                return try await self.pairAndHelloOnce(
+                    endpoint: endpoint,
+                    hello: hello,
+                    tls: nil,
+                    onStatus: onStatus)
+            }
+            throw error
+        }
+    }
+
+    private func pairAndHelloOnce(
+        endpoint: NWEndpoint,
+        hello: BridgeHello,
+        tls: BridgeTLSParams?,
        onStatus: (@Sendable (String) -> Void)? = nil) async throws -> String
    {
        self.lineBuffer = Data()
-        let connection = NWConnection(to: endpoint, using: .tcp)
+        let params = self.makeParameters(tls: tls)
+        let connection = NWConnection(to: endpoint, using: params)
        let queue = DispatchQueue(label: "com.clawdbot.ios.bridge-client")
        defer { connection.cancel() }
        try await self.withTimeout(seconds: 8, purpose: "connect") {
@@ -142,6 +168,18 @@ actor BridgeClient {
        }
    }

+    private func makeParameters(tls: BridgeTLSParams?) -> NWParameters {
+        if let tlsOptions = makeBridgeTLSOptions(tls) {
+            let tcpOptions = NWProtocolTCP.Options()
+            let params = NWParameters(tls: tlsOptions, tcp: tcpOptions)
+            params.includePeerToPeer = true
+            return params
+        }
+        let params = NWParameters.tcp
+        params.includePeerToPeer = true
+        return params
+    }
+
    private struct TimeoutError: LocalizedError, Sendable {
        var purpose: String
        var seconds: Int
@@ -161,18 +199,10 @@ actor BridgeClient {
        purpose: String,
        _ op: @escaping @Sendable () async throws -> T) async throws -> T
    {
-        try await withThrowingTaskGroup(of: T.self) { group in
-            group.addTask {
-                try await op()
-            }
-            group.addTask {
-                try await Task.sleep(nanoseconds: UInt64(seconds) * 1_000_000_000)
-                throw TimeoutError(purpose: purpose, seconds: seconds)
-            }
-            let result = try await group.next()!
-            group.cancelAll()
-            return result
-        }
+        try await AsyncTimeout.withTimeout(
+            seconds: Double(seconds),
+            onTimeout: { TimeoutError(purpose: purpose, seconds: seconds) },
+            operation: op)
    }

    private func startAndWaitForReady(_ connection: NWConnection, queue: DispatchQueue) async throws {
--- a/apps/ios/Sources/Bridge/BridgeConnectionController.swift
+++ b/apps/ios/Sources/Bridge/BridgeConnectionController.swift
@@ -10,6 +10,7 @@ protocol BridgePairingClient: Sendable {
    func pairAndHello(
        endpoint: NWEndpoint,
        hello: BridgeHello,
+        tls: BridgeTLSParams?,
        onStatus: (@Sendable (String) -> Void)?) async throws -> String
 }

@@ -115,7 +116,14 @@ final class BridgeConnectionController {

            self.didAutoConnect = true
            let endpoint = NWEndpoint.hostPort(host: NWEndpoint.Host(manualHost), port: port)
-            self.startAutoConnect(endpoint: endpoint, token: token, instanceId: instanceId)
+            let stableID = BridgeEndpointID.stableID(endpoint)
+            let tlsParams = self.resolveManualTLSParams(stableID: stableID)
+            self.startAutoConnect(
+                endpoint: endpoint,
+                bridgeStableID: stableID,
+                tls: tlsParams,
+                token: token,
+                instanceId: instanceId)
            return
        }

@@ -131,8 +139,14 @@ final class BridgeConnectionController {

        guard let target = self.bridges.first(where: { $0.stableID == targetStableID }) else { return }

+        let tlsParams = self.resolveDiscoveredTLSParams(bridge: target)
        self.didAutoConnect = true
-        self.startAutoConnect(endpoint: target.endpoint, token: token, instanceId: instanceId)
+        self.startAutoConnect(
+            endpoint: target.endpoint,
+            bridgeStableID: target.stableID,
+            tls: tlsParams,
+            token: token,
+            instanceId: instanceId)
    }

    private func updateLastDiscoveredBridge(from bridges: [BridgeDiscoveryModel.DiscoveredBridge]) {
@@ -171,7 +185,13 @@ final class BridgeConnectionController {
        "bridge-token.\(instanceId)"
    }

-    private func startAutoConnect(endpoint: NWEndpoint, token: String, instanceId: String) {
+    private func startAutoConnect(
+        endpoint: NWEndpoint,
+        bridgeStableID: String,
+        tls: BridgeTLSParams?,
+        token: String,
+        instanceId: String)
+    {
        guard let appModel else { return }
        Task { [weak self] in
            guard let self else { return }
@@ -180,6 +200,7 @@ final class BridgeConnectionController {
                let refreshed = try await self.bridgeClientFactory().pairAndHello(
                    endpoint: endpoint,
                    hello: hello,
+                    tls: tls,
                    onStatus: { status in
                        Task { @MainActor in
                            appModel.bridgeStatusText = status
@@ -192,7 +213,11 @@ final class BridgeConnectionController {
                        service: "com.clawdbot.bridge",
                        account: self.keychainAccount(instanceId: instanceId))
                }
-                appModel.connectToBridge(endpoint: endpoint, hello: self.makeHello(token: resolvedToken))
+                appModel.connectToBridge(
+                    endpoint: endpoint,
+                    bridgeStableID: bridgeStableID,
+                    tls: tls,
+                    hello: self.makeHello(token: resolvedToken))
            } catch {
                await MainActor.run {
                    appModel.bridgeStatusText = "Bridge error: \(error.localizedDescription)"
@@ -201,6 +226,47 @@ final class BridgeConnectionController {
        }
    }

+    private func resolveDiscoveredTLSParams(
+        bridge: BridgeDiscoveryModel.DiscoveredBridge) -> BridgeTLSParams?
+    {
+        let stableID = bridge.stableID
+        let stored = BridgeTLSStore.loadFingerprint(stableID: stableID)
+
+        if bridge.tlsEnabled || bridge.tlsFingerprintSha256 != nil {
+            return BridgeTLSParams(
+                required: true,
+                expectedFingerprint: bridge.tlsFingerprintSha256 ?? stored,
+                allowTOFU: stored == nil,
+                storeKey: stableID)
+        }
+
+        if let stored {
+            return BridgeTLSParams(
+                required: true,
+                expectedFingerprint: stored,
+                allowTOFU: false,
+                storeKey: stableID)
+        }
+
+        return nil
+    }
+
+    private func resolveManualTLSParams(stableID: String) -> BridgeTLSParams? {
+        if let stored = BridgeTLSStore.loadFingerprint(stableID: stableID) {
+            return BridgeTLSParams(
+                required: true,
+                expectedFingerprint: stored,
+                allowTOFU: false,
+                storeKey: stableID)
+        }
+
+        return BridgeTLSParams(
+            required: false,
+            expectedFingerprint: nil,
+            allowTOFU: true,
+            storeKey: stableID)
+    }
+
    private func resolvedDisplayName(defaults: UserDefaults) -> String {
        let key = "node.displayName"
        let existing = defaults.string(forKey: key)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
--- a/apps/ios/Sources/Bridge/BridgeDiscoveryModel.swift
+++ b/apps/ios/Sources/Bridge/BridgeDiscoveryModel.swift
@@ -23,6 +23,8 @@ final class BridgeDiscoveryModel {
        var gatewayPort: Int?
        var bridgePort: Int?
        var canvasPort: Int?
+        var tlsEnabled: Bool
+        var tlsFingerprintSha256: String?
        var cliPath: String?
    }

@@ -90,6 +92,8 @@ final class BridgeDiscoveryModel {
                                gatewayPort: Self.txtIntValue(txt, key: "gatewayPort"),
                                bridgePort: Self.txtIntValue(txt, key: "bridgePort"),
                                canvasPort: Self.txtIntValue(txt, key: "canvasPort"),
+                                tlsEnabled: Self.txtBoolValue(txt, key: "bridgeTls"),
+                                tlsFingerprintSha256: Self.txtValue(txt, key: "bridgeTlsSha256"),
                                cliPath: Self.txtValue(txt, key: "cliPath"))
                        default:
                            return nil
@@ -214,4 +218,9 @@ final class BridgeDiscoveryModel {
        guard let raw = self.txtValue(dict, key: key) else { return nil }
        return Int(raw)
    }
+
+    private static func txtBoolValue(_ dict: [String: String], key: String) -> Bool {
+        guard let raw = self.txtValue(dict, key: key)?.lowercased() else { return false }
+        return raw == "1" || raw == "true" || raw == "yes"
+    }
 }
--- a/apps/ios/Sources/Bridge/BridgeSession.swift
+++ b/apps/ios/Sources/Bridge/BridgeSession.swift
@@ -26,6 +26,7 @@ actor BridgeSession {

    private(set) var state: State = .idle
    private var canvasHostUrl: String?
+    private var mainSessionKey: String?

    func currentCanvasHostUrl() -> String? {
        self.canvasHostUrl
@@ -68,15 +69,42 @@ actor BridgeSession {
    func connect(
        endpoint: NWEndpoint,
        hello: BridgeHello,
-        onConnected: (@Sendable (String) async -> Void)? = nil,
+        tls: BridgeTLSParams? = nil,
+        onConnected: (@Sendable (String, String?) async -> Void)? = nil,
        onInvoke: @escaping @Sendable (BridgeInvokeRequest) async -> BridgeInvokeResponse)
        async throws
    {
        await self.disconnect()
        self.state = .connecting
+        do {
+            try await self.connectOnce(
+                endpoint: endpoint,
+                hello: hello,
+                tls: tls,
+                onConnected: onConnected,
+                onInvoke: onInvoke)
+        } catch {
+            if let tls, !tls.required {
+                try await self.connectOnce(
+                    endpoint: endpoint,
+                    hello: hello,
+                    tls: nil,
+                    onConnected: onConnected,
+                    onInvoke: onInvoke)
+                return
+            }
+            throw error
+        }
+    }

-        let params = NWParameters.tcp
-        params.includePeerToPeer = true
+    private func connectOnce(
+        endpoint: NWEndpoint,
+        hello: BridgeHello,
+        tls: BridgeTLSParams?,
+        onConnected: (@Sendable (String, String?) async -> Void)?,
+        onInvoke: @escaping @Sendable (BridgeInvokeRequest) async -> BridgeInvokeResponse) async throws
+    {
+        let params = self.makeParameters(tls: tls)
        let connection = NWConnection(to: endpoint, using: params)
        let queue = DispatchQueue(label: "com.clawdbot.ios.bridge-session")
        self.connection = connection
@@ -107,7 +135,9 @@ actor BridgeSession {
            let ok = try self.decoder.decode(BridgeHelloOk.self, from: data)
            self.state = .connected(serverName: ok.serverName)
            self.canvasHostUrl = ok.canvasHostUrl?.trimmingCharacters(in: .whitespacesAndNewlines)
-            await onConnected?(ok.serverName)
+            let mainKey = ok.mainSessionKey?.trimmingCharacters(in: .whitespacesAndNewlines)
+            self.mainSessionKey = (mainKey?.isEmpty == false) ? mainKey : nil
+            await onConnected?(ok.serverName, self.mainSessionKey)
        } else if base.type == "error" {
            let err = try self.decoder.decode(BridgeErrorFrame.self, from: data)
            self.state = .failed(message: "\(err.code): \(err.message)")
@@ -217,6 +247,7 @@ actor BridgeSession {
        self.queue = nil
        self.buffer = Data()
        self.canvasHostUrl = nil
+        self.mainSessionKey = nil

        let pending = self.pendingRPC.values
        self.pendingRPC.removeAll()
@@ -234,6 +265,10 @@ actor BridgeSession {
        self.state = .idle
    }

+    func currentMainSessionKey() -> String? {
+        self.mainSessionKey
+    }
+
    private func beginRPC(
        id: String,
        request: BridgeRPCRequest,
@@ -247,6 +282,18 @@ actor BridgeSession {
        }
    }

+    private func makeParameters(tls: BridgeTLSParams?) -> NWParameters {
+        if let tlsOptions = makeBridgeTLSOptions(tls) {
+            let tcpOptions = NWProtocolTCP.Options()
+            let params = NWParameters(tls: tlsOptions, tcp: tcpOptions)
+            params.includePeerToPeer = true
+            return params
+        }
+        let params = NWParameters.tcp
+        params.includePeerToPeer = true
+        return params
+    }
+
    private func timeoutRPC(id: String) async {
        guard let cont = self.pendingRPC.removeValue(forKey: id) else { return }
        cont.resume(throwing: NSError(domain: "Bridge", code: 15, userInfo: [
@@ -321,20 +368,10 @@ actor BridgeSession {
        seconds: Double,
        operation: @escaping @Sendable () async throws -> T) async throws -> T
    {
-        try await withThrowingTaskGroup(of: T.self) { group in
-            group.addTask { try await operation() }
-            group.addTask {
-                try await Task.sleep(nanoseconds: UInt64(seconds * 1_000_000_000))
-                throw TimeoutError(message: "UNAVAILABLE: connection timeout")
-            }
-
-            guard let first = try await group.next() else {
-                throw TimeoutError(message: "UNAVAILABLE: connection timeout")
-            }
-
-            group.cancelAll()
-            return first
-        }
+        try await AsyncTimeout.withTimeout(
+            seconds: seconds,
+            onTimeout: { TimeoutError(message: "UNAVAILABLE: connection timeout") },
+            operation: operation)
    }

    private static func makeStateStream(for connection: NWConnection) -> AsyncStream<NWConnection.State> {
--- a/apps/ios/Sources/Bridge/BridgeTLS.swift
+++ b/apps/ios/Sources/Bridge/BridgeTLS.swift
@@ -0,0 +1,66 @@
+import CryptoKit
+import Foundation
+import Network
+import Security
+
+struct BridgeTLSParams: Sendable {
+    let required: Bool
+    let expectedFingerprint: String?
+    let allowTOFU: Bool
+    let storeKey: String?
+}
+
+enum BridgeTLSStore {
+    private static let service = "com.clawdbot.bridge.tls"
+
+    static func loadFingerprint(stableID: String) -> String? {
+        KeychainStore.loadString(service: service, account: stableID)?.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+
+    static func saveFingerprint(_ value: String, stableID: String) {
+        _ = KeychainStore.saveString(value, service: service, account: stableID)
+    }
+}
+
+func makeBridgeTLSOptions(_ params: BridgeTLSParams?) -> NWProtocolTLS.Options? {
+    guard let params else { return nil }
+    let options = NWProtocolTLS.Options()
+    let expected = params.expectedFingerprint.map(normalizeBridgeFingerprint)
+    let allowTOFU = params.allowTOFU
+    let storeKey = params.storeKey
+
+    sec_protocol_options_set_verify_block(
+        options.securityProtocolOptions,
+        { _, trust, complete in
+            let trustRef = sec_trust_copy_ref(trust).takeRetainedValue()
+            if let chain = SecTrustCopyCertificateChain(trustRef) as? [SecCertificate],
+               let cert = chain.first
+            {
+                let data = SecCertificateCopyData(cert) as Data
+                let fingerprint = sha256Hex(data)
+                if let expected {
+                    complete(fingerprint == expected)
+                    return
+                }
+                if allowTOFU {
+                    if let storeKey { BridgeTLSStore.saveFingerprint(fingerprint, stableID: storeKey) }
+                    complete(true)
+                    return
+                }
+            }
+            let ok = SecTrustEvaluateWithError(trustRef, nil)
+            complete(ok)
+        },
+        DispatchQueue(label: "com.clawdbot.bridge.tls.verify"))
+
+    return options
+}
+
+private func sha256Hex(_ data: Data) -> String {
+    let digest = SHA256.hash(data: data)
+    return digest.map { String(format: "%02x", $0) }.joined()
+}
+
+private func normalizeBridgeFingerprint(_ raw: String) -> String {
+    raw.lowercased().filter { $0.isHexDigit }
+}
--- a/apps/ios/Sources/Camera/CameraController.swift
+++ b/apps/ios/Sources/Camera/CameraController.swift
@@ -190,14 +190,7 @@ actor CameraController {
    }

    func listDevices() -> [CameraDeviceInfo] {
-        let types: [AVCaptureDevice.DeviceType] = [
-            .builtInWideAngleCamera,
-        ]
-        let session = AVCaptureDevice.DiscoverySession(
-            deviceTypes: types,
-            mediaType: .video,
-            position: .unspecified)
-        return session.devices.map { device in
+        return Self.discoverVideoDevices().map { device in
            CameraDeviceInfo(
                id: device.uniqueID,
                name: device.localizedName,
@@ -232,7 +225,7 @@ actor CameraController {
        deviceId: String?) -> AVCaptureDevice?
    {
        if let deviceId, !deviceId.isEmpty {
-            if let match = AVCaptureDevice.devices(for: .video).first(where: { $0.uniqueID == deviceId }) {
+            if let match = Self.discoverVideoDevices().first(where: { $0.uniqueID == deviceId }) {
                return match
            }
        }
@@ -252,6 +245,24 @@ actor CameraController {
        }
    }

+    private nonisolated static func discoverVideoDevices() -> [AVCaptureDevice] {
+        let types: [AVCaptureDevice.DeviceType] = [
+            .builtInWideAngleCamera,
+            .builtInUltraWideCamera,
+            .builtInTelephotoCamera,
+            .builtInDualCamera,
+            .builtInDualWideCamera,
+            .builtInTripleCamera,
+            .builtInTrueDepthCamera,
+            .builtInLiDARDepthCamera,
+        ]
+        let session = AVCaptureDevice.DiscoverySession(
+            deviceTypes: types,
+            mediaType: .video,
+            position: .unspecified)
+        return session.devices
+    }
+
    nonisolated static func clampQuality(_ quality: Double?) -> Double {
        let q = quality ?? 0.9
        return min(1.0, max(0.05, q))
--- a/apps/ios/Sources/Chat/ChatSheet.swift
+++ b/apps/ios/Sources/Chat/ChatSheet.swift
@@ -6,7 +6,7 @@ struct ChatSheet: View {
    @State private var viewModel: ClawdbotChatViewModel
    private let userAccent: Color?

-    init(bridge: BridgeSession, sessionKey: String = "main", userAccent: Color? = nil) {
+    init(bridge: BridgeSession, sessionKey: String, userAccent: Color? = nil) {
        let transport = IOSBridgeChatTransport(bridge: bridge)
        self._viewModel = State(
            initialValue: ClawdbotChatViewModel(
--- a/apps/ios/Sources/Info.plist
+++ b/apps/ios/Sources/Info.plist
@@ -19,9 +19,9 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2026.1.9</string>
+	<string>2026.1.11-4</string>
 	<key>CFBundleVersion</key>
-	<string>20260109</string>
+	<string>202601113</string>
 	<key>NSAppTransportSecurity</key>
 	<dict>
 		<key>NSAllowsArbitraryLoadsInWebContent</key>
@@ -35,10 +35,10 @@
 	<string>Clawdbot can capture photos or short video clips when requested via the bridge.</string>
 	<key>NSLocalNetworkUsageDescription</key>
 	<string>Clawdbot discovers and connects to your Clawdbot bridge on the local network.</string>
-	<key>NSLocationWhenInUseUsageDescription</key>
-	<string>Clawdbot uses your location when you allow location sharing.</string>
 	<key>NSLocationAlwaysAndWhenInUseUsageDescription</key>
 	<string>Clawdbot can share your location in the background when you enable Always.</string>
+	<key>NSLocationWhenInUseUsageDescription</key>
+	<string>Clawdbot uses your location when you allow location sharing.</string>
 	<key>NSMicrophoneUsageDescription</key>
 	<string>Clawdbot needs microphone access for voice wake.</string>
 	<key>NSSpeechRecognitionUsageDescription</key>
--- a/apps/ios/Sources/Location/LocationService.swift
+++ b/apps/ios/Sources/Location/LocationService.swift
@@ -86,24 +86,11 @@ final class LocationService: NSObject, CLLocationManagerDelegate {
        }
    }

-    private func withTimeout<T>(
+    private func withTimeout<T: Sendable>(
        timeoutMs: Int,
-        operation: @escaping () async throws -> T) async throws -> T
+        operation: @escaping @Sendable () async throws -> T) async throws -> T
    {
-        if timeoutMs == 0 {
-            return try await operation()
-        }
-
-        return try await withThrowingTaskGroup(of: T.self) { group in
-            group.addTask { try await operation() }
-            group.addTask {
-                try await Task.sleep(nanoseconds: UInt64(timeoutMs) * 1_000_000)
-                throw Error.timeout
-            }
-            let result = try await group.next()!
-            group.cancelAll()
-            return result
-        }
+        try await AsyncTimeout.withTimeoutMs(timeoutMs: timeoutMs, onTimeout: { Error.timeout }, operation: operation)
    }

    private static func accuracyValue(_ accuracy: ClawdbotLocationAccuracy) -> CLLocationAccuracy {
@@ -117,26 +104,35 @@ final class LocationService: NSObject, CLLocationManagerDelegate {
        }
    }

-    func locationManagerDidChangeAuthorization(_ manager: CLLocationManager) {
-        if let cont = self.authContinuation {
-            self.authContinuation = nil
-            cont.resume(returning: manager.authorizationStatus)
+    nonisolated func locationManagerDidChangeAuthorization(_ manager: CLLocationManager) {
+        let status = manager.authorizationStatus
+        Task { @MainActor in
+            if let cont = self.authContinuation {
+                self.authContinuation = nil
+                cont.resume(returning: status)
+            }
        }
    }

-    func locationManager(_ manager: CLLocationManager, didUpdateLocations locations: [CLLocation]) {
-        guard let cont = self.locationContinuation else { return }
-        self.locationContinuation = nil
-        if let latest = locations.last {
-            cont.resume(returning: latest)
-        } else {
-            cont.resume(throwing: Error.unavailable)
+    nonisolated func locationManager(_ manager: CLLocationManager, didUpdateLocations locations: [CLLocation]) {
+        let locs = locations
+        Task { @MainActor in
+            guard let cont = self.locationContinuation else { return }
+            self.locationContinuation = nil
+            if let latest = locs.last {
+                cont.resume(returning: latest)
+            } else {
+                cont.resume(throwing: Error.unavailable)
+            }
        }
    }

-    func locationManager(_ manager: CLLocationManager, didFailWithError error: Swift.Error) {
-        guard let cont = self.locationContinuation else { return }
-        self.locationContinuation = nil
-        cont.resume(throwing: error)
+    nonisolated func locationManager(_ manager: CLLocationManager, didFailWithError error: Swift.Error) {
+        let err = error
+        Task { @MainActor in
+            guard let cont = self.locationContinuation else { return }
+            self.locationContinuation = nil
+            cont.resume(throwing: err)
+        }
    }
 }
--- a/apps/ios/Sources/Model/NodeAppModel.swift
+++ b/apps/ios/Sources/Model/NodeAppModel.swift
@@ -109,7 +109,7 @@ final class NodeAppModel {
        let host = UserDefaults.standard.string(forKey: "node.displayName") ?? UIDevice.current.name
        let instanceId = (UserDefaults.standard.string(forKey: "node.instanceId") ?? "ios-node").lowercased()
        let contextJSON = ClawdbotCanvasA2UIAction.compactJSON(userAction["context"])
-        let sessionKey = "main"
+        let sessionKey = self.mainSessionKey

        let messageContext = ClawdbotCanvasA2UIAction.AgentMessageContext(
            actionName: name,
@@ -204,12 +204,15 @@ final class NodeAppModel {

    func connectToBridge(
        endpoint: NWEndpoint,
+        bridgeStableID: String,
+        tls: BridgeTLSParams?,
        hello: BridgeHello)
    {
        self.bridgeTask?.cancel()
        self.bridgeServerName = nil
        self.bridgeRemoteAddress = nil
-        self.connectedBridgeID = BridgeEndpointID.stableID(endpoint)
+        let id = bridgeStableID.trimmingCharacters(in: .whitespacesAndNewlines)
+        self.connectedBridgeID = id.isEmpty ? BridgeEndpointID.stableID(endpoint) : id
        self.voiceWakeSyncTask?.cancel()
        self.voiceWakeSyncTask = nil

@@ -230,12 +233,16 @@ final class NodeAppModel {
                    try await self.bridge.connect(
                        endpoint: endpoint,
                        hello: hello,
-                        onConnected: { [weak self] serverName in
+                        tls: tls,
+                        onConnected: { [weak self] serverName, mainSessionKey in
                            guard let self else { return }
                            await MainActor.run {
                                self.bridgeStatusText = "Connected"
                                self.bridgeServerName = serverName
                            }
+                            await MainActor.run {
+                                self.applyMainSessionKey(mainSessionKey)
+                            }
                            if let addr = await self.bridge.currentRemoteAddress() {
                                await MainActor.run {
                                    self.bridgeRemoteAddress = addr
@@ -284,7 +291,10 @@ final class NodeAppModel {
                self.bridgeRemoteAddress = nil
                self.connectedBridgeID = nil
                self.seamColorHex = nil
-                self.mainSessionKey = "main"
+                if !SessionKey.isCanonicalMainSessionKey(self.mainSessionKey) {
+                    self.mainSessionKey = "main"
+                    self.talkMode.updateMainSessionKey(self.mainSessionKey)
+                }
                self.showLocalCanvasOnDisconnect()
            }
        }
@@ -301,10 +311,23 @@ final class NodeAppModel {
        self.bridgeRemoteAddress = nil
        self.connectedBridgeID = nil
        self.seamColorHex = nil
-        self.mainSessionKey = "main"
+        if !SessionKey.isCanonicalMainSessionKey(self.mainSessionKey) {
+            self.mainSessionKey = "main"
+            self.talkMode.updateMainSessionKey(self.mainSessionKey)
+        }
        self.showLocalCanvasOnDisconnect()
    }

+    private func applyMainSessionKey(_ key: String?) {
+        let trimmed = (key ?? "").trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return }
+        let current = self.mainSessionKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        if SessionKey.isCanonicalMainSessionKey(current) { return }
+        if trimmed == current { return }
+        self.mainSessionKey = trimmed
+        self.talkMode.updateMainSessionKey(trimmed)
+    }
+
    var seamColor: Color {
        Self.color(fromHex: self.seamColorHex) ?? Self.defaultSeamColor
    }
@@ -333,7 +356,10 @@ final class NodeAppModel {
            let mainKey = SessionKey.normalizeMainKey(session?["mainKey"] as? String)
            await MainActor.run {
                self.seamColorHex = raw.isEmpty ? nil : raw
-                self.mainSessionKey = mainKey
+                if !SessionKey.isCanonicalMainSessionKey(self.mainSessionKey) {
+                    self.mainSessionKey = mainKey
+                    self.talkMode.updateMainSessionKey(mainKey)
+                }
            }
        } catch {
            // ignore
--- a/apps/ios/Sources/Screen/ScreenRecordService.swift
+++ b/apps/ios/Sources/Screen/ScreenRecordService.swift
@@ -137,9 +137,11 @@ final class ScreenRecordService: @unchecked Sendable {
        recordQueue: DispatchQueue) -> @Sendable (CMSampleBuffer, RPSampleBufferType, Error?) -> Void
    {
        { sample, type, error in
+            let sampleBox = UncheckedSendableBox(value: sample)
            // ReplayKit can call the capture handler on a background queue.
            // Serialize writes to avoid queue asserts.
            recordQueue.async {
+                let sample = sampleBox.value
                if let error {
                    state.withLock { state in
                        if state.handlerError == nil { state.handlerError = error }
--- a/apps/ios/Sources/SessionKey.swift
+++ b/apps/ios/Sources/SessionKey.swift
@@ -5,4 +5,11 @@ enum SessionKey {
        let trimmed = (raw ?? "").trimmingCharacters(in: .whitespacesAndNewlines)
        return trimmed.isEmpty ? "main" : trimmed
    }
+
+    static func isCanonicalMainSessionKey(_ value: String?) -> Bool {
+        let trimmed = (value ?? "").trimmingCharacters(in: .whitespacesAndNewlines)
+        if trimmed.isEmpty { return false }
+        if trimmed == "global" { return true }
+        return trimmed.hasPrefix("agent:")
+    }
 }
--- a/apps/ios/Sources/Settings/SettingsTab.swift
+++ b/apps/ios/Sources/Settings/SettingsTab.swift
@@ -407,9 +407,11 @@ struct SettingsTab: View {
                modelIdentifier: self.modelIdentifier(),
                caps: self.currentCaps(),
                commands: self.currentCommands())
+            let tlsParams = self.resolveDiscoveredTLSParams(bridge: bridge)
            let token = try await BridgeClient().pairAndHello(
                endpoint: bridge.endpoint,
                hello: hello,
+                tls: tlsParams,
                onStatus: { status in
                    Task { @MainActor in
                        statusStore.text = status
@@ -425,6 +427,8 @@ struct SettingsTab: View {

            self.appModel.connectToBridge(
                endpoint: bridge.endpoint,
+                bridgeStableID: bridge.stableID,
+                tls: tlsParams,
                hello: BridgeHello(
                    nodeId: self.instanceId,
                    displayName: self.displayName,
@@ -461,6 +465,8 @@ struct SettingsTab: View {
        defer { self.connectingBridgeID = nil }

        let endpoint: NWEndpoint = .hostPort(host: NWEndpoint.Host(host), port: port)
+        let stableID = BridgeEndpointID.stableID(endpoint)
+        let tlsParams = self.resolveManualTLSParams(stableID: stableID)

        do {
            let statusStore = self.connectStatus
@@ -484,6 +490,7 @@ struct SettingsTab: View {
            let token = try await BridgeClient().pairAndHello(
                endpoint: endpoint,
                hello: hello,
+                tls: tlsParams,
                onStatus: { status in
                    Task { @MainActor in
                        statusStore.text = status
@@ -499,6 +506,8 @@ struct SettingsTab: View {

            self.appModel.connectToBridge(
                endpoint: endpoint,
+                bridgeStableID: stableID,
+                tls: tlsParams,
                hello: BridgeHello(
                    nodeId: self.instanceId,
                    displayName: self.displayName,
@@ -515,6 +524,47 @@ struct SettingsTab: View {
        }
    }

+    private func resolveDiscoveredTLSParams(
+        bridge: BridgeDiscoveryModel.DiscoveredBridge) -> BridgeTLSParams?
+    {
+        let stableID = bridge.stableID
+        let stored = BridgeTLSStore.loadFingerprint(stableID: stableID)
+
+        if bridge.tlsEnabled || bridge.tlsFingerprintSha256 != nil {
+            return BridgeTLSParams(
+                required: true,
+                expectedFingerprint: bridge.tlsFingerprintSha256 ?? stored,
+                allowTOFU: stored == nil,
+                storeKey: stableID)
+        }
+
+        if let stored {
+            return BridgeTLSParams(
+                required: true,
+                expectedFingerprint: stored,
+                allowTOFU: false,
+                storeKey: stableID)
+        }
+
+        return nil
+    }
+
+    private func resolveManualTLSParams(stableID: String) -> BridgeTLSParams? {
+        if let stored = BridgeTLSStore.loadFingerprint(stableID: stableID) {
+            return BridgeTLSParams(
+                required: true,
+                expectedFingerprint: stored,
+                allowTOFU: false,
+                storeKey: stableID)
+        }
+
+        return BridgeTLSParams(
+            required: false,
+            expectedFingerprint: nil,
+            allowTOFU: true,
+            storeKey: stableID)
+    }
+
    private static func primaryIPv4Address() -> String? {
        var addrList: UnsafeMutablePointer<ifaddrs>?
        guard getifaddrs(&addrList) == 0, let first = addrList else { return nil }
--- a/apps/ios/Sources/Voice/TalkModeManager.swift
+++ b/apps/ios/Sources/Voice/TalkModeManager.swift
@@ -53,6 +53,13 @@ final class TalkModeManager: NSObject {
        self.bridge = bridge
    }

+    func updateMainSessionKey(_ sessionKey: String?) {
+        let trimmed = (sessionKey ?? "").trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return }
+        if SessionKey.isCanonicalMainSessionKey(self.mainSessionKey) { return }
+        self.mainSessionKey = trimmed
+    }
+
    func setEnabled(_ enabled: Bool) {
        self.isEnabled = enabled
        if enabled {
@@ -288,9 +295,8 @@ final class TalkModeManager: NSObject {
            self.chatSubscribedSessionKeys.insert(key)
            self.logger.info("chat.subscribe ok sessionKey=\(key, privacy: .public)")
        } catch {
-            self.logger.warning(
-                "chat.subscribe failed sessionKey=\(key, privacy: .public) " +
-                    "err=\(error.localizedDescription, privacy: .public)")
+            let err = error.localizedDescription
+            self.logger.warning("chat.subscribe failed key=\(key, privacy: .public) err=\(err, privacy: .public)")
        }
    }

@@ -528,9 +534,8 @@ final class TalkModeManager: NSObject {
                    self.lastPlaybackWasPCM = false
                    result = await self.mp3Player.play(stream: stream)
                }
-                self.logger.info(
-                    "elevenlabs stream finished=\(result.finished, privacy: .public) " +
-                        "dur=\(Date().timeIntervalSince(started), privacy: .public)s")
+                let duration = Date().timeIntervalSince(started)
+                self.logger.info("elevenlabs stream finished=\(result.finished, privacy: .public) dur=\(duration, privacy: .public)s")
                if !result.finished, let interruptedAt = result.interruptedAt {
                    self.lastInterruptedAtSeconds = interruptedAt
                }
@@ -651,7 +656,10 @@ final class TalkModeManager: NSObject {
            guard let config = json["config"] as? [String: Any] else { return }
            let talk = config["talk"] as? [String: Any]
            let session = config["session"] as? [String: Any]
-            self.mainSessionKey = SessionKey.normalizeMainKey(session?["mainKey"] as? String)
+            let mainKey = SessionKey.normalizeMainKey(session?["mainKey"] as? String)
+            if !SessionKey.isCanonicalMainSessionKey(self.mainSessionKey) {
+                self.mainSessionKey = mainKey
+            }
            self.defaultVoiceId = (talk?["voiceId"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines)
            if let aliases = talk?["voiceAliases"] as? [String: Any] {
                var resolved: [String: String] = [:]
--- a/apps/ios/SwiftSources.input.xcfilelist
+++ b/apps/ios/SwiftSources.input.xcfilelist
@@ -26,7 +26,8 @@ Sources/Voice/VoiceTab.swift
 Sources/Voice/VoiceWakeManager.swift
 Sources/Voice/VoiceWakePreferences.swift
 ../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatComposer.swift
-../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatMarkdownSplitter.swift
+../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatMarkdownRenderer.swift
+../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatMarkdownPreprocessor.swift
 ../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatMessageViews.swift
 ../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatModels.swift
 ../shared/ClawdbotKit/Sources/ClawdbotChatUI/ChatPayloadDecoding.swift
--- a/apps/ios/Tests/BridgeConnectionControllerTests.swift
+++ b/apps/ios/Tests/BridgeConnectionControllerTests.swift
@@ -27,6 +27,7 @@ private actor MockBridgePairingClient: BridgePairingClient {
    func pairAndHello(
        endpoint: NWEndpoint,
        hello: BridgeHello,
+        tls: BridgeTLSParams?,
        onStatus: (@Sendable (String) -> Void)?) async throws -> String
    {
        self.lastToken = hello.token
@@ -175,7 +176,6 @@ private func withKeychainValues<T>(
    }

    @Test @MainActor func makeHelloBuildsCapsAndCommands() {
-        let defaults = UserDefaults.standard
        let voiceWakeKey = VoiceWakePreferences.enabledKey

        withKeychainValues([instanceIdEntry: nil, preferredBridgeEntry: nil, lastBridgeEntry: nil]) {
@@ -245,6 +245,8 @@ private func withKeychainValues<T>(
            gatewayPort: 18789,
            bridgePort: 18790,
            canvasPort: 18793,
+            tlsEnabled: false,
+            tlsFingerprintSha256: nil,
            cliPath: nil)
        let mock = MockBridgePairingClient(resultToken: "new-token")
        let account = "bridge-token.ios-test"
@@ -293,6 +295,8 @@ private func withKeychainValues<T>(
            gatewayPort: 18789,
            bridgePort: 18790,
            canvasPort: 18793,
+            tlsEnabled: false,
+            tlsFingerprintSha256: nil,
            cliPath: nil)
        let bridgeB = BridgeDiscoveryModel.DiscoveredBridge(
            name: "Gateway B",
@@ -304,6 +308,8 @@ private func withKeychainValues<T>(
            gatewayPort: 28789,
            bridgePort: 28790,
            canvasPort: 28793,
+            tlsEnabled: false,
+            tlsFingerprintSha256: nil,
            cliPath: nil)

        let mock = MockBridgePairingClient(resultToken: "token-ok")
--- a/apps/ios/Tests/Info.plist
+++ b/apps/ios/Tests/Info.plist
@@ -17,8 +17,8 @@
 	<key>CFBundlePackageType</key>
 	<string>BNDL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2026.1.9</string>
+	<string>2026.1.11-4</string>
 	<key>CFBundleVersion</key>
-	<string>20260109</string>
+	<string>202601113</string>
 </dict>
 </plist>
--- a/apps/ios/project.yml
+++ b/apps/ios/project.yml
@@ -2,9 +2,13 @@ name: Clawdbot
 options:
  bundleIdPrefix: com.clawdbot
  deploymentTarget:
-    iOS: "17.0"
+    iOS: "18.0"
  xcodeVersion: "16.0"

+settings:
+  base:
+    SWIFT_VERSION: "6.0"
+
 packages:
  ClawdbotKit:
    path: ../shared/ClawdbotKit
@@ -68,11 +72,15 @@ targets:
        PRODUCT_BUNDLE_IDENTIFIER: com.clawdbot.ios
        PROVISIONING_PROFILE_SPECIFIER: "com.clawdbot.ios Development"
        SWIFT_VERSION: "6.0"
+        SWIFT_STRICT_CONCURRENCY: complete
+        ENABLE_APPINTENTS_METADATA: NO
    info:
      path: Sources/Info.plist
      properties:
        CFBundleDisplayName: Clawdbot
        CFBundleIconName: AppIcon
+        CFBundleShortVersionString: "2026.1.9"
+        CFBundleVersion: "20260109"
        UILaunchScreen: {}
        UIApplicationSceneManifest:
          UIApplicationSupportsMultipleScenes: false
@@ -84,8 +92,20 @@ targets:
        NSBonjourServices:
          - _clawdbot-bridge._tcp
        NSCameraUsageDescription: Clawdbot can capture photos or short video clips when requested via the bridge.
+        NSLocationWhenInUseUsageDescription: Clawdbot uses your location when you allow location sharing.
+        NSLocationAlwaysAndWhenInUseUsageDescription: Clawdbot can share your location in the background when you enable Always.
        NSMicrophoneUsageDescription: Clawdbot needs microphone access for voice wake.
        NSSpeechRecognitionUsageDescription: Clawdbot uses on-device speech recognition for voice wake.
+        UISupportedInterfaceOrientations:
+          - UIInterfaceOrientationPortrait
+          - UIInterfaceOrientationPortraitUpsideDown
+          - UIInterfaceOrientationLandscapeLeft
+          - UIInterfaceOrientationLandscapeRight
+        UISupportedInterfaceOrientations~ipad:
+          - UIInterfaceOrientationPortrait
+          - UIInterfaceOrientationPortraitUpsideDown
+          - UIInterfaceOrientationLandscapeLeft
+          - UIInterfaceOrientationLandscapeRight

  ClawdbotTests:
    type: bundle.unit-test
@@ -96,13 +116,17 @@ targets:
      - target: Clawdbot
      - package: Swabble
        product: SwabbleKit
+      - sdk: AppIntents.framework
    settings:
      base:
        PRODUCT_BUNDLE_IDENTIFIER: com.clawdbot.ios.tests
        SWIFT_VERSION: "6.0"
+        SWIFT_STRICT_CONCURRENCY: complete
        TEST_HOST: "$(BUILT_PRODUCTS_DIR)/Clawdbot.app/Clawdbot"
        BUNDLE_LOADER: "$(TEST_HOST)"
    info:
      path: Tests/Info.plist
      properties:
        CFBundleDisplayName: ClawdbotTests
+        CFBundleShortVersionString: "2026.1.9"
+        CFBundleVersion: "20260109"
--- a/apps/macos/Package.resolved
+++ b/apps/macos/Package.resolved
@@ -1,5 +1,5 @@
 {
-  "originHash" : "9de32b5fc115432dadd84c3ab4d67d2fed22ffaf5675a77033d69ea194ac3862",
+  "originHash" : "7eec77e2b399c480e76fdfc7dc3162652f5c775530e9fc282953de38ef2de79b",
  "pins" : [
    {
      "identity" : "elevenlabskit",
@@ -73,6 +73,15 @@
        "revision" : "8e5e4a8f3617283b556064574651fc0869943c9a"
      }
    },
+    {
+      "identity" : "swift-concurrency-extras",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/pointfreeco/swift-concurrency-extras",
+      "state" : {
+        "revision" : "5a3825302b1a0d744183200915a47b508c828e6f",
+        "version" : "1.3.2"
+      }
+    },
    {
      "identity" : "swift-configuration",
      "kind" : "remoteSourceControl",
@@ -144,6 +153,24 @@
        "revision" : "395a77f0aa927f0ff73941d7ac35f2b46d47c9db",
        "version" : "1.6.3"
      }
+    },
+    {
+      "identity" : "swiftui-math",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/gonzalezreal/swiftui-math",
+      "state" : {
+        "revision" : "0b5c2cfaaec8d6193db206f675048eeb5ce95f71",
+        "version" : "0.1.0"
+      }
+    },
+    {
+      "identity" : "textual",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/gonzalezreal/textual",
+      "state" : {
+        "revision" : "a03c1e103d88de4ea0dd8320ea1611ec0d4b29b3",
+        "version" : "0.2.0"
+      }
    }
  ],
  "version" : 3
--- a/apps/macos/Package.swift
+++ b/apps/macos/Package.swift
@@ -10,7 +10,10 @@ let package = Package(
    ],
    products: [
        .library(name: "ClawdbotIPC", targets: ["ClawdbotIPC"]),
+        .library(name: "ClawdbotDiscovery", targets: ["ClawdbotDiscovery"]),
        .executable(name: "Clawdbot", targets: ["Clawdbot"]),
+        .executable(name: "clawdbot-mac-discovery", targets: ["ClawdbotDiscoveryCLI"]),
+        .executable(name: "clawdbot-mac-wizard", targets: ["ClawdbotWizardCLI"]),
    ],
    dependencies: [
        .package(url: "https://github.com/orchetect/MenuBarExtraAccess", exact: "1.2.2"),
@@ -36,10 +39,20 @@ let package = Package(
            swiftSettings: [
                .enableUpcomingFeature("StrictConcurrency"),
            ]),
+        .target(
+            name: "ClawdbotDiscovery",
+            dependencies: [
+                .product(name: "ClawdbotKit", package: "ClawdbotKit"),
+            ],
+            path: "Sources/ClawdbotDiscovery",
+            swiftSettings: [
+                .enableUpcomingFeature("StrictConcurrency"),
+            ]),
        .executableTarget(
            name: "Clawdbot",
            dependencies: [
                "ClawdbotIPC",
+                "ClawdbotDiscovery",
                "ClawdbotProtocol",
                .product(name: "ClawdbotKit", package: "ClawdbotKit"),
                .product(name: "ClawdbotChatUI", package: "ClawdbotKit"),
@@ -61,11 +74,30 @@ let package = Package(
            swiftSettings: [
                .enableUpcomingFeature("StrictConcurrency"),
            ]),
+        .executableTarget(
+            name: "ClawdbotDiscoveryCLI",
+            dependencies: [
+                "ClawdbotDiscovery",
+            ],
+            path: "Sources/ClawdbotDiscoveryCLI",
+            swiftSettings: [
+                .enableUpcomingFeature("StrictConcurrency"),
+            ]),
+        .executableTarget(
+            name: "ClawdbotWizardCLI",
+            dependencies: [
+                "ClawdbotProtocol",
+            ],
+            path: "Sources/ClawdbotWizardCLI",
+            swiftSettings: [
+                .enableUpcomingFeature("StrictConcurrency"),
+            ]),
        .testTarget(
            name: "ClawdbotIPCTests",
            dependencies: [
                "ClawdbotIPC",
                "Clawdbot",
+                "ClawdbotDiscovery",
                "ClawdbotProtocol",
                .product(name: "SwabbleKit", package: "swabble"),
            ],
--- a/apps/macos/Sources/Clawdbot/AppState.swift
+++ b/apps/macos/Sources/Clawdbot/AppState.swift
@@ -170,6 +170,17 @@ final class AppState {
        didSet { self.ifNotPreview { UserDefaults.standard.set(self.canvasEnabled, forKey: canvasEnabledKey) } }
    }

+    var execApprovalMode: ExecApprovalQuickMode {
+        didSet {
+            self.ifNotPreview {
+                ExecApprovalsStore.updateDefaults { defaults in
+                    defaults.security = self.execApprovalMode.security
+                    defaults.ask = self.execApprovalMode.ask
+                }
+            }
+        }
+    }
+
    /// Tracks whether the Canvas panel is currently visible (not persisted).
    var canvasPanelVisible: Bool = false

@@ -182,14 +193,6 @@ final class AppState {
        }
    }

-    var attachExistingGatewayOnly: Bool {
-        didSet {
-            self.ifNotPreview {
-                UserDefaults.standard.set(self.attachExistingGatewayOnly, forKey: attachExistingGatewayOnlyKey)
-            }
-        }
-    }
-
    var remoteTarget: String {
        didSet {
            self.ifNotPreview { UserDefaults.standard.set(self.remoteTarget, forKey: remoteTargetKey) }
@@ -212,7 +215,7 @@ final class AppState {
    private var earBoostTask: Task<Void, Never>?

    init(preview: Bool = false) {
-        self.isPreview = preview
+        self.isPreview = preview || ProcessInfo.processInfo.isRunningTests
        let onboardingSeen = UserDefaults.standard.bool(forKey: "clawdbot.onboardingSeen")
        self.isPaused = UserDefaults.standard.bool(forKey: pauseDefaultsKey)
        self.launchAtLogin = false
@@ -261,30 +264,8 @@ final class AppState {

        let configRoot = ClawdbotConfigFile.loadDict()
        let configGateway = configRoot["gateway"] as? [String: Any]
-        let configModeRaw = (configGateway?["mode"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines)
-        let configMode: ConnectionMode? = switch configModeRaw {
-        case "local":
-            .local
-        case "remote":
-            .remote
-        default:
-            nil
-        }
        let configRemoteUrl = (configGateway?["remote"] as? [String: Any])?["url"] as? String
-        let configHasRemoteUrl = !(configRemoteUrl?
-            .trimmingCharacters(in: .whitespacesAndNewlines)
-            .isEmpty ?? true)
-
-        let storedMode = UserDefaults.standard.string(forKey: connectionModeKey)
-        let resolvedConnectionMode: ConnectionMode = if let configMode {
-            configMode
-        } else if configHasRemoteUrl {
-            .remote
-        } else if let storedMode {
-            ConnectionMode(rawValue: storedMode) ?? .local
-        } else {
-            onboardingSeen ? .local : .unconfigured
-        }
+        let resolvedConnectionMode = ConnectionModeResolver.resolve(root: configRoot).mode
        self.connectionMode = resolvedConnectionMode

        let storedRemoteTarget = UserDefaults.standard.string(forKey: remoteTargetKey) ?? ""
@@ -300,10 +281,10 @@ final class AppState {
        self.remoteProjectRoot = UserDefaults.standard.string(forKey: remoteProjectRootKey) ?? ""
        self.remoteCliPath = UserDefaults.standard.string(forKey: remoteCliPathKey) ?? ""
        self.canvasEnabled = UserDefaults.standard.object(forKey: canvasEnabledKey) as? Bool ?? true
+        let execDefaults = ExecApprovalsStore.resolveDefaults()
+        self.execApprovalMode = ExecApprovalQuickMode.from(security: execDefaults.security, ask: execDefaults.ask)
        self.peekabooBridgeEnabled = UserDefaults.standard
            .object(forKey: peekabooBridgeEnabledKey) as? Bool ?? true
-        self.attachExistingGatewayOnly = UserDefaults.standard.bool(forKey: attachExistingGatewayOnlyKey)
-
        if !self.isPreview {
            Task.detached(priority: .utility) { [weak self] in
                let current = await LaunchAgentManager.status()
@@ -346,6 +327,15 @@ final class AppState {
        return host
    }

+    private static func sanitizeSSHTarget(_ value: String) -> String {
+        let trimmed = value.trimmingCharacters(in: .whitespacesAndNewlines)
+        if trimmed.hasPrefix("ssh ") {
+            return trimmed.replacingOccurrences(of: "ssh ", with: "")
+                .trimmingCharacters(in: .whitespacesAndNewlines)
+        }
+        return trimmed
+    }
+
    private func startConfigWatcher() {
        let configUrl = ClawdbotConfigFile.url()
        self.configWatcher = ConfigFileWatcher(url: configUrl) { [weak self] in
@@ -411,6 +401,7 @@ final class AppState {

        let connectionMode = self.connectionMode
        let remoteTarget = self.remoteTarget
+        let remoteIdentity = self.remoteIdentity
        let desiredMode: String? = switch connectionMode {
        case .local:
            "local"
@@ -440,15 +431,46 @@ final class AppState {
                changed = true
            }

-            if connectionMode == .remote, let host = remoteHost {
+            if connectionMode == .remote {
                var remote = gateway["remote"] as? [String: Any] ?? [:]
-                let existingUrl = (remote["url"] as? String)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
-                let parsedExisting = existingUrl.isEmpty ? nil : URL(string: existingUrl)
-                let scheme = parsedExisting?.scheme?.isEmpty == false ? parsedExisting?.scheme : "ws"
-                let port = parsedExisting?.port ?? 18789
-                let desiredUrl = "\(scheme ?? "ws")://\(host):\(port)"
-                if existingUrl != desiredUrl {
-                    remote["url"] = desiredUrl
+                var remoteChanged = false
+
+                if let host = remoteHost {
+                    let existingUrl = (remote["url"] as? String)?
+                        .trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+                    let parsedExisting = existingUrl.isEmpty ? nil : URL(string: existingUrl)
+                    let scheme = parsedExisting?.scheme?.isEmpty == false ? parsedExisting?.scheme : "ws"
+                    let port = parsedExisting?.port ?? 18789
+                    let desiredUrl = "\(scheme ?? "ws")://\(host):\(port)"
+                    if existingUrl != desiredUrl {
+                        remote["url"] = desiredUrl
+                        remoteChanged = true
+                    }
+                }
+
+                let sanitizedTarget = Self.sanitizeSSHTarget(remoteTarget)
+                if !sanitizedTarget.isEmpty {
+                    if (remote["sshTarget"] as? String) != sanitizedTarget {
+                        remote["sshTarget"] = sanitizedTarget
+                        remoteChanged = true
+                    }
+                } else if remote["sshTarget"] != nil {
+                    remote.removeValue(forKey: "sshTarget")
+                    remoteChanged = true
+                }
+
+                let trimmedIdentity = remoteIdentity.trimmingCharacters(in: .whitespacesAndNewlines)
+                if !trimmedIdentity.isEmpty {
+                    if (remote["sshIdentity"] as? String) != trimmedIdentity {
+                        remote["sshIdentity"] = trimmedIdentity
+                        remoteChanged = true
+                    }
+                } else if remote["sshIdentity"] != nil {
+                    remote.removeValue(forKey: "sshIdentity")
+                    remoteChanged = true
+                }
+
+                if remoteChanged {
                    gateway["remote"] = remote
                    changed = true
                }
@@ -604,7 +626,6 @@ extension AppState {
        state.remoteIdentity = "~/.ssh/id_ed25519"
        state.remoteProjectRoot = "~/Projects/clawdbot"
        state.remoteCliPath = ""
-        state.attachExistingGatewayOnly = false
        return state
    }
 }
@@ -623,10 +644,6 @@ enum AppStateStore {
    static var canvasEnabled: Bool {
        UserDefaults.standard.object(forKey: canvasEnabledKey) as? Bool ?? true
    }
-
-    static var attachExistingGatewayOnly: Bool {
-        UserDefaults.standard.bool(forKey: attachExistingGatewayOnlyKey)
-    }
 }

@MainActor
--- a/apps/macos/Sources/Clawdbot/Bridge/BridgeConnectionHandler.swift
+++ b/apps/macos/Sources/Clawdbot/Bridge/BridgeConnectionHandler.swift
@@ -282,7 +282,12 @@ actor BridgeConnectionHandler {
            do {
                try await self.send(BridgePairOk(type: "pair-ok", token: token))
                self.isAuthenticated = true
-                try await self.send(BridgeHelloOk(type: "hello-ok", serverName: serverName))
+                let mainSessionKey = await GatewayConnection.shared.mainSessionKey()
+                try await self.send(
+                    BridgeHelloOk(
+                        type: "hello-ok",
+                        serverName: serverName,
+                        mainSessionKey: mainSessionKey))
            } catch {
                self.logger.error("bridge send pair-ok failed: \(error.localizedDescription, privacy: .public)")
            }
@@ -298,7 +303,12 @@ actor BridgeConnectionHandler {
        case .ok:
            self.isAuthenticated = true
            do {
-                try await self.send(BridgeHelloOk(type: "hello-ok", serverName: serverName))
+                let mainSessionKey = await GatewayConnection.shared.mainSessionKey()
+                try await self.send(
+                    BridgeHelloOk(
+                        type: "hello-ok",
+                        serverName: serverName,
+                        mainSessionKey: mainSessionKey))
            } catch {
                self.logger.error("bridge send hello-ok failed: \(error.localizedDescription, privacy: .public)")
            }
--- a/apps/macos/Sources/Clawdbot/Bridge/BridgeServer.swift
+++ b/apps/macos/Sources/Clawdbot/Bridge/BridgeServer.swift
@@ -187,7 +187,7 @@ actor BridgeServer {
                thinking: "low",
                deliver: false,
                to: nil,
-                provider: .last))
+                channel: .last))

        case "agent.request":
            guard let json = evt.payloadJSON, let data = json.data(using: .utf8) else {
@@ -205,7 +205,7 @@ actor BridgeServer {
                ?? "node-\(nodeId)"
            let thinking = link.thinking?.trimmingCharacters(in: .whitespacesAndNewlines).nonEmpty
            let to = link.to?.trimmingCharacters(in: .whitespacesAndNewlines).nonEmpty
-            let provider = GatewayAgentProvider(raw: link.channel)
+            let channel = GatewayAgentChannel(raw: link.channel)

            _ = await GatewayConnection.shared.sendAgent(GatewayAgentInvocation(
                message: message,
@@ -213,7 +213,7 @@ actor BridgeServer {
                thinking: thinking,
                deliver: link.deliver,
                to: to,
-                provider: provider))
+                channel: channel))

        default:
            break
--- a/apps/macos/Sources/Clawdbot/CLIInstallPrompter.swift
+++ b/apps/macos/Sources/Clawdbot/CLIInstallPrompter.swift
@@ -0,0 +1,84 @@
+import AppKit
+import Foundation
+import OSLog
+
+@MainActor
+final class CLIInstallPrompter {
+    static let shared = CLIInstallPrompter()
+    private let logger = Logger(subsystem: "com.clawdbot", category: "cli.prompt")
+    private var isPrompting = false
+
+    func checkAndPromptIfNeeded(reason: String) {
+        guard self.shouldPrompt() else { return }
+        guard let version = Self.appVersion() else { return }
+        self.isPrompting = true
+        UserDefaults.standard.set(version, forKey: cliInstallPromptedVersionKey)
+
+        let alert = NSAlert()
+        alert.messageText = "Install Clawdbot CLI?"
+        alert.informativeText = "Local mode needs the CLI so launchd can run the gateway."
+        alert.addButton(withTitle: "Install CLI")
+        alert.addButton(withTitle: "Not now")
+        alert.addButton(withTitle: "Open Settings")
+        let response = alert.runModal()
+
+        switch response {
+        case .alertFirstButtonReturn:
+            Task { await self.installCLI() }
+        case .alertThirdButtonReturn:
+            self.openSettings(tab: .general)
+        default:
+            break
+        }
+
+        self.logger.debug("cli install prompt handled reason=\(reason, privacy: .public)")
+        self.isPrompting = false
+    }
+
+    private func shouldPrompt() -> Bool {
+        guard !self.isPrompting else { return false }
+        guard AppStateStore.shared.onboardingSeen else { return false }
+        guard AppStateStore.shared.connectionMode == .local else { return false }
+        guard CLIInstaller.installedLocation() == nil else { return false }
+        guard let version = Self.appVersion() else { return false }
+        let lastPrompt = UserDefaults.standard.string(forKey: cliInstallPromptedVersionKey)
+        return lastPrompt != version
+    }
+
+    private func installCLI() async {
+        let status = StatusBox()
+        await CLIInstaller.install { message in
+            await status.set(message)
+        }
+        if let message = await status.get() {
+            let alert = NSAlert()
+            alert.messageText = "CLI install finished"
+            alert.informativeText = message
+            alert.runModal()
+        }
+    }
+
+    private func openSettings(tab: SettingsTab) {
+        SettingsTabRouter.request(tab)
+        SettingsWindowOpener.shared.open()
+        DispatchQueue.main.async {
+            NotificationCenter.default.post(name: .clawdbotSelectSettingsTab, object: tab)
+        }
+    }
+
+    private static func appVersion() -> String? {
+        Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String
+    }
+}
+
+private actor StatusBox {
+    private var value: String?
+
+    func set(_ value: String) {
+        self.value = value
+    }
+
+    func get() -> String? {
+        self.value
+    }
+}
--- a/apps/macos/Sources/Clawdbot/CLIInstaller.swift
+++ b/apps/macos/Sources/Clawdbot/CLIInstaller.swift
@@ -2,24 +2,16 @@ import Foundation

@MainActor
 enum CLIInstaller {
-    private static func embeddedHelperURL() -> URL {
-        Bundle.main.bundleURL.appendingPathComponent("Contents/Resources/Relay/clawdbot")
-    }
-
    static func installedLocation() -> String? {
        self.installedLocation(
-            searchPaths: cliHelperSearchPaths,
-            embeddedHelper: self.embeddedHelperURL(),
+            searchPaths: CommandResolver.preferredPaths(),
            fileManager: .default)
    }

    static func installedLocation(
        searchPaths: [String],
-        embeddedHelper: URL,
        fileManager: FileManager) -> String?
    {
-        let embedded = embeddedHelper.resolvingSymlinksInPath()
-
        for basePath in searchPaths {
            let candidate = URL(fileURLWithPath: basePath).appendingPathComponent("clawdbot").path
            var isDirectory: ObjCBool = false
@@ -32,10 +24,7 @@ enum CLIInstaller {

            guard fileManager.isExecutableFile(atPath: candidate) else { continue }

-            let resolved = URL(fileURLWithPath: candidate).resolvingSymlinksInPath()
-            if resolved == embedded {
-                return candidate
-            }
+            return candidate
        }

        return nil
@@ -45,58 +34,70 @@ enum CLIInstaller {
        self.installedLocation() != nil
    }

-    static func install(statusHandler: @escaping @Sendable (String) async -> Void) async {
-        let helper = self.embeddedHelperURL()
-        guard FileManager.default.isExecutableFile(atPath: helper.path) else {
-            await statusHandler(
-                "Embedded CLI missing in bundle; repackage via scripts/package-mac-app.sh " +
-                    "(or restart-mac.sh without SKIP_GATEWAY_PACKAGE=1).")
+    static func install(statusHandler: @escaping @MainActor @Sendable (String) async -> Void) async {
+        let expected = GatewayEnvironment.expectedGatewayVersionString() ?? "latest"
+        let prefix = Self.installPrefix()
+        await statusHandler("Installing clawdbot CLI…")
+        let cmd = self.installScriptCommand(version: expected, prefix: prefix)
+        let response = await ShellExecutor.runDetailed(command: cmd, cwd: nil, env: nil, timeout: 900)
+
+        if response.success {
+            let parsed = self.parseInstallEvents(response.stdout)
+            let installedVersion = parsed.last { $0.event == "done" }?.version
+            let summary = installedVersion.map { "Installed clawdbot \($0)." } ?? "Installed clawdbot."
+            await statusHandler(summary)
            return
        }

-        let targets = cliHelperSearchPaths.map { "\($0)/clawdbot" }
-        let result = await self.privilegedSymlink(source: helper.path, targets: targets)
-        await statusHandler(result)
-    }
-
-    private static func privilegedSymlink(source: String, targets: [String]) async -> String {
-        let escapedSource = self.shellEscape(source)
-        let targetList = targets.map(self.shellEscape).joined(separator: " ")
-        let cmds = [
-            "mkdir -p /usr/local/bin /opt/homebrew/bin",
-            targets.map { "ln -sf \(escapedSource) \($0)" }.joined(separator: "; "),
-        ].joined(separator: "; ")
-
-        let script = """
-        do shell script "\(cmds)" with administrator privileges
-        """
-
-        let proc = Process()
-        proc.executableURL = URL(fileURLWithPath: "/usr/bin/osascript")
-        proc.arguments = ["-e", script]
-
-        let pipe = Pipe()
-        proc.standardOutput = pipe
-        proc.standardError = pipe
-
-        do {
-            try proc.run()
-            proc.waitUntilExit()
-            let data = pipe.fileHandleForReading.readToEndSafely()
-            let output = String(data: data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
-            if proc.terminationStatus == 0 {
-                return output.isEmpty ? "CLI helper linked into \(targetList)" : output
-            }
-            if output.lowercased().contains("user canceled") {
-                return "Install canceled"
-            }
-            return "Failed to install CLI helper: \(output)"
-        } catch {
-            return "Failed to run installer: \(error.localizedDescription)"
+        let parsed = self.parseInstallEvents(response.stdout)
+        if let error = parsed.last(where: { $0.event == "error" })?.message {
+            await statusHandler("Install failed: \(error)")
+            return
        }
+
+        let detail = response.stderr.trimmingCharacters(in: .whitespacesAndNewlines)
+        let fallback = response.errorMessage ?? "install failed"
+        await statusHandler("Install failed: \(detail.isEmpty ? fallback : detail)")
    }

-    private static func shellEscape(_ path: String) -> String {
-        "'" + path.replacingOccurrences(of: "'", with: "'\"'\"'") + "'"
+    private static func installPrefix() -> String {
+        FileManager.default.homeDirectoryForCurrentUser
+            .appendingPathComponent(".clawdbot")
+            .path
+    }
+
+    private static func installScriptCommand(version: String, prefix: String) -> [String] {
+        let escapedVersion = self.shellEscape(version)
+        let escapedPrefix = self.shellEscape(prefix)
+        let script = """
+        curl -fsSL https://clawd.bot/install-cli.sh | \
+        bash -s -- --json --no-onboard --prefix \(escapedPrefix) --version \(escapedVersion)
+        """
+        return ["/bin/bash", "-lc", script]
+    }
+
+    private static func parseInstallEvents(_ output: String) -> [InstallEvent] {
+        let decoder = JSONDecoder()
+        let lines = output
+            .split(whereSeparator: \.isNewline)
+            .map { String($0) }
+        var events: [InstallEvent] = []
+        for line in lines {
+            guard let data = line.data(using: .utf8) else { continue }
+            if let event = try? decoder.decode(InstallEvent.self, from: data) {
+                events.append(event)
+            }
+        }
+        return events
+    }
+
+    private static func shellEscape(_ raw: String) -> String {
+        "'" + raw.replacingOccurrences(of: "'", with: "'\"'\"'") + "'"
    }
 }
+
+private struct InstallEvent: Decodable {
+    let event: String
+    let version: String?
+    let message: String?
+}
--- a/apps/macos/Sources/Clawdbot/CanvasA2UIActionMessageHandler.swift
+++ b/apps/macos/Sources/Clawdbot/CanvasA2UIActionMessageHandler.swift
@@ -86,7 +86,7 @@ final class CanvasA2UIActionMessageHandler: NSObject, WKScriptMessageHandler {
                    thinking: "low",
                    deliver: false,
                    to: nil,
-                    provider: .last,
+                    channel: .last,
                    idempotencyKey: actionId))

            await MainActor.run {
--- a/apps/macos/Sources/Clawdbot/ChannelConfigForm.swift
+++ b/apps/macos/Sources/Clawdbot/ChannelConfigForm.swift
@@ -0,0 +1,363 @@
+import SwiftUI
+
+struct ConfigSchemaForm: View {
+    @Bindable var store: ChannelsStore
+    let schema: ConfigSchemaNode
+    let path: ConfigPath
+
+    var body: some View {
+        self.renderNode(self.schema, path: self.path)
+    }
+
+    private func renderNode(_ schema: ConfigSchemaNode, path: ConfigPath) -> AnyView {
+        let storedValue = self.store.configValue(at: path)
+        let value = storedValue ?? schema.explicitDefault
+        let label = hintForPath(path, hints: store.configUiHints)?.label ?? schema.title
+        let help = hintForPath(path, hints: store.configUiHints)?.help ?? schema.description
+        let variants = schema.anyOf.isEmpty ? schema.oneOf : schema.anyOf
+
+        if !variants.isEmpty {
+            let nonNull = variants.filter { !$0.isNullSchema }
+            if nonNull.count == 1, let only = nonNull.first {
+                return self.renderNode(only, path: path)
+            }
+            let literals = nonNull.compactMap(\.literalValue)
+            if !literals.isEmpty, literals.count == nonNull.count {
+                return AnyView(
+                    VStack(alignment: .leading, spacing: 6) {
+                        if let label { Text(label).font(.callout.weight(.semibold)) }
+                        if let help {
+                            Text(help)
+                                .font(.caption)
+                                .foregroundStyle(.secondary)
+                        }
+                        Picker(
+                            "",
+                            selection: self.enumBinding(
+                                path,
+                                options: literals,
+                                defaultValue: schema.explicitDefault))
+                        {
+                            Text("Select…").tag(-1)
+                            ForEach(literals.indices, id: \ .self) { index in
+                                Text(String(describing: literals[index])).tag(index)
+                            }
+                        }
+                        .pickerStyle(.menu)
+                    })
+            }
+        }
+
+        switch schema.schemaType {
+        case "object":
+            return AnyView(
+                VStack(alignment: .leading, spacing: 12) {
+                    if let label {
+                        Text(label)
+                            .font(.callout.weight(.semibold))
+                    }
+                    if let help {
+                        Text(help)
+                            .font(.caption)
+                            .foregroundStyle(.secondary)
+                    }
+                    let properties = schema.properties
+                    let sortedKeys = properties.keys.sorted { lhs, rhs in
+                        let orderA = hintForPath(path + [.key(lhs)], hints: store.configUiHints)?.order ?? 0
+                        let orderB = hintForPath(path + [.key(rhs)], hints: store.configUiHints)?.order ?? 0
+                        if orderA != orderB { return orderA < orderB }
+                        return lhs < rhs
+                    }
+                    ForEach(sortedKeys, id: \ .self) { key in
+                        if let child = properties[key] {
+                            self.renderNode(child, path: path + [.key(key)])
+                        }
+                    }
+                    if schema.allowsAdditionalProperties {
+                        self.renderAdditionalProperties(schema, path: path, value: value)
+                    }
+                })
+        case "array":
+            return AnyView(self.renderArray(schema, path: path, value: value, label: label, help: help))
+        case "boolean":
+            return AnyView(
+                Toggle(isOn: self.boolBinding(path, defaultValue: schema.explicitDefault as? Bool)) {
+                    if let label { Text(label) } else { Text("Enabled") }
+                }
+                .help(help ?? ""))
+        case "number", "integer":
+            return AnyView(self.renderNumberField(schema, path: path, label: label, help: help))
+        case "string":
+            return AnyView(self.renderStringField(schema, path: path, label: label, help: help))
+        default:
+            return AnyView(
+                VStack(alignment: .leading, spacing: 6) {
+                    if let label { Text(label).font(.callout.weight(.semibold)) }
+                    Text("Unsupported field type.")
+                        .font(.caption)
+                        .foregroundStyle(.secondary)
+                })
+        }
+    }
+
+    @ViewBuilder
+    private func renderStringField(
+        _ schema: ConfigSchemaNode,
+        path: ConfigPath,
+        label: String?,
+        help: String?) -> some View
+    {
+        let hint = hintForPath(path, hints: store.configUiHints)
+        let placeholder = hint?.placeholder ?? ""
+        let sensitive = hint?.sensitive ?? isSensitivePath(path)
+        let defaultValue = schema.explicitDefault as? String
+        VStack(alignment: .leading, spacing: 6) {
+            if let label { Text(label).font(.callout.weight(.semibold)) }
+            if let help {
+                Text(help)
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+            }
+            if let options = schema.enumValues {
+                Picker("", selection: self.enumBinding(path, options: options, defaultValue: schema.explicitDefault)) {
+                    Text("Select…").tag(-1)
+                    ForEach(options.indices, id: \ .self) { index in
+                        Text(String(describing: options[index])).tag(index)
+                    }
+                }
+                .pickerStyle(.menu)
+            } else if sensitive {
+                SecureField(placeholder, text: self.stringBinding(path, defaultValue: defaultValue))
+                    .textFieldStyle(.roundedBorder)
+            } else {
+                TextField(placeholder, text: self.stringBinding(path, defaultValue: defaultValue))
+                    .textFieldStyle(.roundedBorder)
+            }
+        }
+    }
+
+    @ViewBuilder
+    private func renderNumberField(
+        _ schema: ConfigSchemaNode,
+        path: ConfigPath,
+        label: String?,
+        help: String?) -> some View
+    {
+        let defaultValue = (schema.explicitDefault as? Double)
+            ?? (schema.explicitDefault as? Int).map(Double.init)
+        VStack(alignment: .leading, spacing: 6) {
+            if let label { Text(label).font(.callout.weight(.semibold)) }
+            if let help {
+                Text(help)
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+            }
+            TextField(
+                "",
+                text: self.numberBinding(
+                    path,
+                    isInteger: schema.schemaType == "integer",
+                    defaultValue: defaultValue))
+                .textFieldStyle(.roundedBorder)
+        }
+    }
+
+    @ViewBuilder
+    private func renderArray(
+        _ schema: ConfigSchemaNode,
+        path: ConfigPath,
+        value: Any?,
+        label: String?,
+        help: String?) -> some View
+    {
+        let items = value as? [Any] ?? []
+        let itemSchema = schema.items
+        VStack(alignment: .leading, spacing: 10) {
+            if let label { Text(label).font(.callout.weight(.semibold)) }
+            if let help {
+                Text(help)
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+            }
+            ForEach(items.indices, id: \ .self) { index in
+                HStack(alignment: .top, spacing: 8) {
+                    if let itemSchema {
+                        self.renderNode(itemSchema, path: path + [.index(index)])
+                    } else {
+                        Text(String(describing: items[index]))
+                    }
+                    Button("Remove") {
+                        var next = items
+                        next.remove(at: index)
+                        self.store.updateConfigValue(path: path, value: next)
+                    }
+                    .buttonStyle(.bordered)
+                    .controlSize(.small)
+                }
+            }
+            Button("Add") {
+                var next = items
+                if let itemSchema {
+                    next.append(itemSchema.defaultValue)
+                } else {
+                    next.append("")
+                }
+                self.store.updateConfigValue(path: path, value: next)
+            }
+            .buttonStyle(.bordered)
+            .controlSize(.small)
+        }
+    }
+
+    @ViewBuilder
+    private func renderAdditionalProperties(
+        _ schema: ConfigSchemaNode,
+        path: ConfigPath,
+        value: Any?) -> some View
+    {
+        if let additionalSchema = schema.additionalProperties {
+            let dict = value as? [String: Any] ?? [:]
+            let reserved = Set(schema.properties.keys)
+            let extras = dict.keys.filter { !reserved.contains($0) }.sorted()
+
+            VStack(alignment: .leading, spacing: 8) {
+                Text("Extra entries")
+                    .font(.callout.weight(.semibold))
+                if extras.isEmpty {
+                    Text("No extra entries yet.")
+                        .font(.caption)
+                        .foregroundStyle(.secondary)
+                } else {
+                    ForEach(extras, id: \ .self) { key in
+                        let itemPath: ConfigPath = path + [.key(key)]
+                        HStack(alignment: .top, spacing: 8) {
+                            TextField("Key", text: self.mapKeyBinding(path: path, key: key))
+                                .textFieldStyle(.roundedBorder)
+                                .frame(width: 160)
+                            self.renderNode(additionalSchema, path: itemPath)
+                            Button("Remove") {
+                                var next = dict
+                                next.removeValue(forKey: key)
+                                self.store.updateConfigValue(path: path, value: next)
+                            }
+                            .buttonStyle(.bordered)
+                            .controlSize(.small)
+                        }
+                    }
+                }
+                Button("Add") {
+                    var next = dict
+                    var index = 1
+                    var key = "new-\(index)"
+                    while next[key] != nil {
+                        index += 1
+                        key = "new-\(index)"
+                    }
+                    next[key] = additionalSchema.defaultValue
+                    self.store.updateConfigValue(path: path, value: next)
+                }
+                .buttonStyle(.bordered)
+                .controlSize(.small)
+            }
+        }
+    }
+
+    private func stringBinding(_ path: ConfigPath, defaultValue: String?) -> Binding<String> {
+        Binding(
+            get: {
+                if let value = store.configValue(at: path) as? String { return value }
+                return defaultValue ?? ""
+            },
+            set: { newValue in
+                let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
+                self.store.updateConfigValue(path: path, value: trimmed.isEmpty ? nil : trimmed)
+            })
+    }
+
+    private func boolBinding(_ path: ConfigPath, defaultValue: Bool?) -> Binding<Bool> {
+        Binding(
+            get: {
+                if let value = store.configValue(at: path) as? Bool { return value }
+                return defaultValue ?? false
+            },
+            set: { newValue in
+                self.store.updateConfigValue(path: path, value: newValue)
+            })
+    }
+
+    private func numberBinding(
+        _ path: ConfigPath,
+        isInteger: Bool,
+        defaultValue: Double?) -> Binding<String>
+    {
+        Binding(
+            get: {
+                if let value = store.configValue(at: path) { return String(describing: value) }
+                guard let defaultValue else { return "" }
+                return isInteger ? String(Int(defaultValue)) : String(defaultValue)
+            },
+            set: { newValue in
+                let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
+                if trimmed.isEmpty {
+                    self.store.updateConfigValue(path: path, value: nil)
+                } else if let value = Double(trimmed) {
+                    self.store.updateConfigValue(path: path, value: isInteger ? Int(value) : value)
+                }
+            })
+    }
+
+    private func enumBinding(
+        _ path: ConfigPath,
+        options: [Any],
+        defaultValue: Any?) -> Binding<Int>
+    {
+        Binding(
+            get: {
+                let value = self.store.configValue(at: path) ?? defaultValue
+                guard let value else { return -1 }
+                return options.firstIndex { option in
+                    String(describing: option) == String(describing: value)
+                } ?? -1
+            },
+            set: { index in
+                guard index >= 0, index < options.count else {
+                    self.store.updateConfigValue(path: path, value: nil)
+                    return
+                }
+                self.store.updateConfigValue(path: path, value: options[index])
+            })
+    }
+
+    private func mapKeyBinding(path: ConfigPath, key: String) -> Binding<String> {
+        Binding(
+            get: { key },
+            set: { newValue in
+                let trimmed = newValue.trimmingCharacters(in: .whitespacesAndNewlines)
+                guard !trimmed.isEmpty else { return }
+                guard trimmed != key else { return }
+                let current = self.store.configValue(at: path) as? [String: Any] ?? [:]
+                guard current[trimmed] == nil else { return }
+                var next = current
+                next[trimmed] = current[key]
+                next.removeValue(forKey: key)
+                self.store.updateConfigValue(path: path, value: next)
+            })
+    }
+}
+
+struct ChannelConfigForm: View {
+    @Bindable var store: ChannelsStore
+    let channelId: String
+
+    var body: some View {
+        if self.store.configSchemaLoading {
+            ProgressView().controlSize(.small)
+        } else if let schema = store.channelConfigSchema(for: channelId) {
+            ConfigSchemaForm(store: self.store, schema: schema, path: [.key("channels"), .key(self.channelId)])
+        } else {
+            Text("Schema unavailable for this channel.")
+                .font(.caption)
+                .foregroundStyle(.secondary)
+        }
+    }
+}
--- a/apps/macos/Sources/Clawdbot/ChannelsSettings+ChannelSections.swift
+++ b/apps/macos/Sources/Clawdbot/ChannelsSettings+ChannelSections.swift
@@ -0,0 +1,139 @@
+import SwiftUI
+
+extension ChannelsSettings {
+    func formSection(_ title: String, @ViewBuilder content: () -> some View) -> some View {
+        GroupBox(title) {
+            VStack(alignment: .leading, spacing: 10) {
+                content()
+            }
+            .frame(maxWidth: .infinity, alignment: .leading)
+        }
+    }
+
+    @ViewBuilder
+    func channelHeaderActions(_ channel: ChannelItem) -> some View {
+        HStack(spacing: 8) {
+            if channel.id == "whatsapp" {
+                Button("Logout") {
+                    Task { await self.store.logoutWhatsApp() }
+                }
+                .buttonStyle(.bordered)
+                .disabled(self.store.whatsappBusy)
+            }
+
+            if channel.id == "telegram" {
+                Button("Logout") {
+                    Task { await self.store.logoutTelegram() }
+                }
+                .buttonStyle(.bordered)
+                .disabled(self.store.telegramBusy)
+            }
+
+            Button {
+                Task { await self.store.refresh(probe: true) }
+            } label: {
+                if self.store.isRefreshing {
+                    ProgressView().controlSize(.small)
+                } else {
+                    Text("Refresh")
+                }
+            }
+            .buttonStyle(.bordered)
+            .disabled(self.store.isRefreshing)
+        }
+        .controlSize(.small)
+    }
+
+    var whatsAppSection: some View {
+        VStack(alignment: .leading, spacing: 16) {
+            self.formSection("Linking") {
+                if let message = self.store.whatsappLoginMessage {
+                    Text(message)
+                        .font(.caption)
+                        .foregroundStyle(.secondary)
+                        .fixedSize(horizontal: false, vertical: true)
+                }
+
+                if let qr = self.store.whatsappLoginQrDataUrl, let image = self.qrImage(from: qr) {
+                    Image(nsImage: image)
+                        .resizable()
+                        .interpolation(.none)
+                        .frame(width: 180, height: 180)
+                        .cornerRadius(8)
+                }
+
+                HStack(spacing: 12) {
+                    Button {
+                        Task { await self.store.startWhatsAppLogin(force: false) }
+                    } label: {
+                        if self.store.whatsappBusy {
+                            ProgressView().controlSize(.small)
+                        } else {
+                            Text("Show QR")
+                        }
+                    }
+                    .buttonStyle(.borderedProminent)
+                    .disabled(self.store.whatsappBusy)
+
+                    Button("Relink") {
+                        Task { await self.store.startWhatsAppLogin(force: true) }
+                    }
+                    .buttonStyle(.bordered)
+                    .disabled(self.store.whatsappBusy)
+                }
+                .font(.caption)
+            }
+
+            self.configEditorSection(channelId: "whatsapp")
+        }
+    }
+
+    @ViewBuilder
+    func genericChannelSection(_ channel: ChannelItem) -> some View {
+        VStack(alignment: .leading, spacing: 16) {
+            self.configEditorSection(channelId: channel.id)
+        }
+    }
+
+    @ViewBuilder
+    private func configEditorSection(channelId: String) -> some View {
+        self.formSection("Configuration") {
+            ChannelConfigForm(store: self.store, channelId: channelId)
+        }
+
+        self.configStatusMessage
+
+        HStack(spacing: 12) {
+            Button {
+                Task { await self.store.saveConfigDraft() }
+            } label: {
+                if self.store.isSavingConfig {
+                    ProgressView().controlSize(.small)
+                } else {
+                    Text("Save")
+                }
+            }
+            .buttonStyle(.borderedProminent)
+            .disabled(self.store.isSavingConfig || !self.store.configDirty)
+
+            Button("Reload") {
+                Task { await self.store.reloadConfigDraft() }
+            }
+            .buttonStyle(.bordered)
+            .disabled(self.store.isSavingConfig)
+
+            Spacer()
+        }
+        .font(.caption)
+    }
+
+    @ViewBuilder
+    var configStatusMessage: some View {
+        if let status = self.store.configStatus {
+            Text(status)
+                .font(.caption)
+                .foregroundStyle(.secondary)
+                .fixedSize(horizontal: false, vertical: true)
+        }
+    }
+}
--- a/apps/macos/Sources/Clawdbot/ChannelsSettings+ChannelState.swift
+++ b/apps/macos/Sources/Clawdbot/ChannelsSettings+ChannelState.swift
@@ -0,0 +1,462 @@
+import ClawdbotProtocol
+import SwiftUI
+
+extension ChannelsSettings {
+    private func channelStatus<T: Decodable>(
+        _ id: String,
+        as type: T.Type) -> T?
+    {
+        self.store.snapshot?.decodeChannel(id, as: type)
+    }
+
+    var whatsAppTint: Color {
+        guard let status = self.channelStatus("whatsapp", as: ChannelsStatusSnapshot.WhatsAppStatus.self)
+        else { return .secondary }
+        if !status.configured { return .secondary }
+        if !status.linked { return .red }
+        if status.lastError != nil { return .orange }
+        if status.connected { return .green }
+        if status.running { return .orange }
+        return .orange
+    }
+
+    var telegramTint: Color {
+        guard let status = self.channelStatus("telegram", as: ChannelsStatusSnapshot.TelegramStatus.self)
+        else { return .secondary }
+        if !status.configured { return .secondary }
+        if status.lastError != nil { return .orange }
+        if status.probe?.ok == false { return .orange }
+        if status.running { return .green }
+        return .orange
+    }
+
+    var discordTint: Color {
+        guard let status = self.channelStatus("discord", as: ChannelsStatusSnapshot.DiscordStatus.self)
+        else { return .secondary }
+        if !status.configured { return .secondary }
+        if status.lastError != nil { return .orange }
+        if status.probe?.ok == false { return .orange }
+        if status.running { return .green }
+        return .orange
+    }
+
+    var signalTint: Color {
+        guard let status = self.channelStatus("signal", as: ChannelsStatusSnapshot.SignalStatus.self)
+        else { return .secondary }
+        if !status.configured { return .secondary }
+        if status.lastError != nil { return .orange }
+        if status.probe?.ok == false { return .orange }
+        if status.running { return .green }
+        return .orange
+    }
+
+    var imessageTint: Color {
+        guard let status = self.channelStatus("imessage", as: ChannelsStatusSnapshot.IMessageStatus.self)
+        else { return .secondary }
+        if !status.configured { return .secondary }
+        if status.lastError != nil { return .orange }
+        if status.probe?.ok == false { return .orange }
+        if status.running { return .green }
+        return .orange
+    }
+
+    var whatsAppSummary: String {
+        guard let status = self.channelStatus("whatsapp", as: ChannelsStatusSnapshot.WhatsAppStatus.self)
+        else { return "Checking…" }
+        if !status.linked { return "Not linked" }
+        if status.connected { return "Connected" }
+        if status.running { return "Running" }
+        return "Linked"
+    }
+
+    var telegramSummary: String {
+        guard let status = self.channelStatus("telegram", as: ChannelsStatusSnapshot.TelegramStatus.self)
+        else { return "Checking…" }
+        if !status.configured { return "Not configured" }
+        if status.running { return "Running" }
+        return "Configured"
+    }
+
+    var discordSummary: String {
+        guard let status = self.channelStatus("discord", as: ChannelsStatusSnapshot.DiscordStatus.self)
+        else { return "Checking…" }
+        if !status.configured { return "Not configured" }
+        if status.running { return "Running" }
+        return "Configured"
+    }
+
+    var signalSummary: String {
+        guard let status = self.channelStatus("signal", as: ChannelsStatusSnapshot.SignalStatus.self)
+        else { return "Checking…" }
+        if !status.configured { return "Not configured" }
+        if status.running { return "Running" }
+        return "Configured"
+    }
+
+    var imessageSummary: String {
+        guard let status = self.channelStatus("imessage", as: ChannelsStatusSnapshot.IMessageStatus.self)
+        else { return "Checking…" }
+        if !status.configured { return "Not configured" }
+        if status.running { return "Running" }
+        return "Configured"
+    }
+
+    var whatsAppDetails: String? {
+        guard let status = self.channelStatus("whatsapp", as: ChannelsStatusSnapshot.WhatsAppStatus.self)
+        else { return nil }
+        var lines: [String] = []
+        if let e164 = status.`self`?.e164 ?? status.`self`?.jid {
+            lines.append("Linked as \(e164)")
+        }
+        if let age = status.authAgeMs {
+            lines.append("Auth age \(msToAge(age))")
+        }
+        if let last = self.date(fromMs: status.lastConnectedAt) {
+            lines.append("Last connect \(relativeAge(from: last))")
+        }
+        if let disconnect = status.lastDisconnect {
+            let when = self.date(fromMs: disconnect.at).map { relativeAge(from: $0) } ?? "unknown"
+            let code = disconnect.status.map { "status \($0)" } ?? "status unknown"
+            let err = disconnect.error ?? "disconnect"
+            lines.append("Last disconnect \(code) · \(err) · \(when)")
+        }
+        if status.reconnectAttempts > 0 {
+            lines.append("Reconnect attempts \(status.reconnectAttempts)")
+        }
+        if let msgAt = self.date(fromMs: status.lastMessageAt) {
+            lines.append("Last message \(relativeAge(from: msgAt))")
+        }
+        if let err = status.lastError, !err.isEmpty {
+            lines.append("Error: \(err)")
+        }
+        return lines.isEmpty ? nil : lines.joined(separator: " · ")
+    }
+
+    var telegramDetails: String? {
+        guard let status = self.channelStatus("telegram", as: ChannelsStatusSnapshot.TelegramStatus.self)
+        else { return nil }
+        var lines: [String] = []
+        if let source = status.tokenSource {
+            lines.append("Token source: \(source)")
+        }
+        if let mode = status.mode {
+            lines.append("Mode: \(mode)")
+        }
+        if let probe = status.probe {
+            if probe.ok {
+                if let name = probe.bot?.username {
+                    lines.append("Bot: @\(name)")
+                }
+                if let url = probe.webhook?.url, !url.isEmpty {
+                    lines.append("Webhook: \(url)")
+                }
+            } else {
+                let code = probe.status.map { String($0) } ?? "unknown"
+                lines.append("Probe failed (\(code))")
+            }
+        }
+        if let last = self.date(fromMs: status.lastProbeAt) {
+            lines.append("Last probe \(relativeAge(from: last))")
+        }
+        if let err = status.lastError, !err.isEmpty {
+            lines.append("Error: \(err)")
+        }
+        return lines.isEmpty ? nil : lines.joined(separator: " · ")
+    }
+
+    var discordDetails: String? {
+        guard let status = self.channelStatus("discord", as: ChannelsStatusSnapshot.DiscordStatus.self)
+        else { return nil }
+        var lines: [String] = []
+        if let source = status.tokenSource {
+            lines.append("Token source: \(source)")
+        }
+        if let probe = status.probe {
+            if probe.ok {
+                if let name = probe.bot?.username {
+                    lines.append("Bot: @\(name)")
+                }
+                if let elapsed = probe.elapsedMs {
+                    lines.append("Probe \(Int(elapsed))ms")
+                }
+            } else {
+                let code = probe.status.map { String($0) } ?? "unknown"
+                lines.append("Probe failed (\(code))")
+            }
+        }
+        if let last = self.date(fromMs: status.lastProbeAt) {
+            lines.append("Last probe \(relativeAge(from: last))")
+        }
+        if let err = status.lastError, !err.isEmpty {
+            lines.append("Error: \(err)")
+        }
+        return lines.isEmpty ? nil : lines.joined(separator: " · ")
+    }
+
+    var signalDetails: String? {
+        guard let status = self.channelStatus("signal", as: ChannelsStatusSnapshot.SignalStatus.self)
+        else { return nil }
+        var lines: [String] = []
+        lines.append("Base URL: \(status.baseUrl)")
+        if let probe = status.probe {
+            if probe.ok {
+                if let version = probe.version, !version.isEmpty {
+                    lines.append("Version \(version)")
+                }
+                if let elapsed = probe.elapsedMs {
+                    lines.append("Probe \(Int(elapsed))ms")
+                }
+            } else {
+                let code = probe.status.map { String($0) } ?? "unknown"
+                lines.append("Probe failed (\(code))")
+            }
+        }
+        if let last = self.date(fromMs: status.lastProbeAt) {
+            lines.append("Last probe \(relativeAge(from: last))")
+        }
+        if let err = status.lastError, !err.isEmpty {
+            lines.append("Error: \(err)")
+        }
+        return lines.isEmpty ? nil : lines.joined(separator: " · ")
+    }
+
+    var imessageDetails: String? {
+        guard let status = self.channelStatus("imessage", as: ChannelsStatusSnapshot.IMessageStatus.self)
+        else { return nil }
+        var lines: [String] = []
+        if let cliPath = status.cliPath, !cliPath.isEmpty {
+            lines.append("CLI: \(cliPath)")
+        }
+        if let dbPath = status.dbPath, !dbPath.isEmpty {
+            lines.append("DB: \(dbPath)")
+        }
+        if let probe = status.probe, !probe.ok {
+            let err = probe.error ?? "probe failed"
+            lines.append("Probe error: \(err)")
+        }
+        if let last = self.date(fromMs: status.lastProbeAt) {
+            lines.append("Last probe \(relativeAge(from: last))")
+        }
+        if let err = status.lastError, !err.isEmpty {
+            lines.append("Error: \(err)")
+        }
+        return lines.isEmpty ? nil : lines.joined(separator: " · ")
+    }
+
+    var orderedChannels: [ChannelItem] {
+        let fallback = ["whatsapp", "telegram", "discord", "slack", "signal", "imessage"]
+        let order = self.store.snapshot?.channelOrder ?? fallback
+        let channels = order.enumerated().map { index, id in
+            ChannelItem(
+                id: id,
+                title: self.resolveChannelTitle(id),
+                detailTitle: self.resolveChannelDetailTitle(id),
+                systemImage: self.resolveChannelSystemImage(id),
+                sortOrder: index)
+        }
+        return channels.sorted { lhs, rhs in
+            let lhsEnabled = self.channelEnabled(lhs)
+            let rhsEnabled = self.channelEnabled(rhs)
+            if lhsEnabled != rhsEnabled { return lhsEnabled && !rhsEnabled }
+            return lhs.sortOrder < rhs.sortOrder
+        }
+    }
+
+    var enabledChannels: [ChannelItem] {
+        self.orderedChannels.filter { self.channelEnabled($0) }
+    }
+
+    var availableChannels: [ChannelItem] {
+        self.orderedChannels.filter { !self.channelEnabled($0) }
+    }
+
+    func ensureSelection() {
+        guard let selected = self.selectedChannel else {
+            self.selectedChannel = self.orderedChannels.first
+            return
+        }
+        if !self.orderedChannels.contains(selected) {
+            self.selectedChannel = self.orderedChannels.first
+        }
+    }
+
+    func channelEnabled(_ channel: ChannelItem) -> Bool {
+        let status = self.channelStatusDictionary(channel.id)
+        let configured = status?["configured"]?.boolValue ?? false
+        let running = status?["running"]?.boolValue ?? false
+        let connected = status?["connected"]?.boolValue ?? false
+        let accountActive = self.store.snapshot?.channelAccounts[channel.id]?.contains(
+            where: { $0.configured == true || $0.running == true || $0.connected == true }) ?? false
+        return configured || running || connected || accountActive
+    }
+
+    @ViewBuilder
+    func channelSection(_ channel: ChannelItem) -> some View {
+        if channel.id == "whatsapp" {
+            self.whatsAppSection
+        } else {
+            self.genericChannelSection(channel)
+        }
+    }
+
+    func channelTint(_ channel: ChannelItem) -> Color {
+        switch channel.id {
+        case "whatsapp":
+            return self.whatsAppTint
+        case "telegram":
+            return self.telegramTint
+        case "discord":
+            return self.discordTint
+        case "signal":
+            return self.signalTint
+        case "imessage":
+            return self.imessageTint
+        default:
+            if self.channelHasError(channel) { return .orange }
+            if self.channelEnabled(channel) { return .green }
+            return .secondary
+        }
+    }
+
+    func channelSummary(_ channel: ChannelItem) -> String {
+        switch channel.id {
+        case "whatsapp":
+            return self.whatsAppSummary
+        case "telegram":
+            return self.telegramSummary
+        case "discord":
+            return self.discordSummary
+        case "signal":
+            return self.signalSummary
+        case "imessage":
+            return self.imessageSummary
+        default:
+            if self.channelHasError(channel) { return "Error" }
+            if self.channelEnabled(channel) { return "Active" }
+            return "Not configured"
+        }
+    }
+
+    func channelDetails(_ channel: ChannelItem) -> String? {
+        switch channel.id {
+        case "whatsapp":
+            return self.whatsAppDetails
+        case "telegram":
+            return self.telegramDetails
+        case "discord":
+            return self.discordDetails
+        case "signal":
+            return self.signalDetails
+        case "imessage":
+            return self.imessageDetails
+        default:
+            let status = self.channelStatusDictionary(channel.id)
+            if let err = status?["lastError"]?.stringValue, !err.isEmpty {
+                return "Error: \(err)"
+            }
+            return nil
+        }
+    }
+
+    func channelLastCheckText(_ channel: ChannelItem) -> String {
+        guard let date = self.channelLastCheck(channel) else { return "never" }
+        return relativeAge(from: date)
+    }
+
+    func channelLastCheck(_ channel: ChannelItem) -> Date? {
+        switch channel.id {
+        case "whatsapp":
+            guard let status = self.channelStatus("whatsapp", as: ChannelsStatusSnapshot.WhatsAppStatus.self)
+            else { return nil }
+            return self.date(fromMs: status.lastEventAt ?? status.lastMessageAt ?? status.lastConnectedAt)
+        case "telegram":
+            return self
+                .date(fromMs: self.channelStatus("telegram", as: ChannelsStatusSnapshot.TelegramStatus.self)?
+                    .lastProbeAt)
+        case "discord":
+            return self
+                .date(fromMs: self.channelStatus("discord", as: ChannelsStatusSnapshot.DiscordStatus.self)?
+                    .lastProbeAt)
+        case "signal":
+            return self
+                .date(fromMs: self.channelStatus("signal", as: ChannelsStatusSnapshot.SignalStatus.self)?.lastProbeAt)
+        case "imessage":
+            return self
+                .date(fromMs: self.channelStatus("imessage", as: ChannelsStatusSnapshot.IMessageStatus.self)?
+                    .lastProbeAt)
+        default:
+            let status = self.channelStatusDictionary(channel.id)
+            if let probeAt = status?["lastProbeAt"]?.doubleValue {
+                return self.date(fromMs: probeAt)
+            }
+            if let accounts = self.store.snapshot?.channelAccounts[channel.id] {
+                let last = accounts.compactMap { $0.lastInboundAt ?? $0.lastOutboundAt }.max()
+                return self.date(fromMs: last)
+            }
+            return nil
+        }
+    }
+
+    func channelHasError(_ channel: ChannelItem) -> Bool {
+        switch channel.id {
+        case "whatsapp":
+            guard let status = self.channelStatus("whatsapp", as: ChannelsStatusSnapshot.WhatsAppStatus.self)
+            else { return false }
+            return status.lastError?.isEmpty == false || status.lastDisconnect?.loggedOut == true
+        case "telegram":
+            guard let status = self.channelStatus("telegram", as: ChannelsStatusSnapshot.TelegramStatus.self)
+            else { return false }
+            return status.lastError?.isEmpty == false || status.probe?.ok == false
+        case "discord":
+            guard let status = self.channelStatus("discord", as: ChannelsStatusSnapshot.DiscordStatus.self)
+            else { return false }
+            return status.lastError?.isEmpty == false || status.probe?.ok == false
+        case "signal":
+            guard let status = self.channelStatus("signal", as: ChannelsStatusSnapshot.SignalStatus.self)
+            else { return false }
+            return status.lastError?.isEmpty == false || status.probe?.ok == false
+        case "imessage":
+            guard let status = self.channelStatus("imessage", as: ChannelsStatusSnapshot.IMessageStatus.self)
+            else { return false }
+            return status.lastError?.isEmpty == false || status.probe?.ok == false
+        default:
+            let status = self.channelStatusDictionary(channel.id)
+            return status?["lastError"]?.stringValue?.isEmpty == false
+        }
+    }
+
+    private func resolveChannelTitle(_ id: String) -> String {
+        if let label = self.store.snapshot?.channelLabels[id], !label.isEmpty {
+            return label
+        }
+        return id.prefix(1).uppercased() + id.dropFirst()
+    }
+
+    private func resolveChannelDetailTitle(_ id: String) -> String {
+        switch id {
+        case "whatsapp": "WhatsApp Web"
+        case "telegram": "Telegram Bot"
+        case "discord": "Discord Bot"
+        case "slack": "Slack Bot"
+        case "signal": "Signal REST"
+        case "imessage": "iMessage"
+        default: self.resolveChannelTitle(id)
+        }
+    }
+
+    private func resolveChannelSystemImage(_ id: String) -> String {
+        switch id {
+        case "whatsapp": "message"
+        case "telegram": "paperplane"
+        case "discord": "bubble.left.and.bubble.right"
+        case "slack": "number"
+        case "signal": "antenna.radiowaves.left.and.right"
+        case "imessage": "message.fill"
+        default: "message"
+        }
+    }
+
+    private func channelStatusDictionary(_ id: String) -> [String: AnyCodable]? {
+        self.store.snapshot?.channels[id]?.dictionaryValue
+    }
+}
--- a/apps/macos/Sources/Clawdbot/ConnectionsSettings+Helpers.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsSettings+Helpers.swift
@@ -1,6 +1,6 @@
 import AppKit

-extension ConnectionsSettings {
+extension ChannelsSettings {
    func date(fromMs ms: Double?) -> Date? {
        guard let ms else { return nil }
        return Date(timeIntervalSince1970: ms / 1000)
--- a/apps/macos/Sources/Clawdbot/ConnectionsSettings+View.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsSettings+View.swift
@@ -1,6 +1,6 @@
 import SwiftUI

-extension ConnectionsSettings {
+extension ChannelsSettings {
    var body: some View {
        HStack(spacing: 0) {
            self.sidebar
@@ -11,7 +11,7 @@ extension ConnectionsSettings {
            self.store.start()
            self.ensureSelection()
        }
-        .onChange(of: self.orderedProviders) { _, _ in
+        .onChange(of: self.orderedChannels) { _, _ in
            self.ensureSelection()
        }
        .onDisappear { self.store.stop() }
@@ -20,17 +20,17 @@ extension ConnectionsSettings {
    private var sidebar: some View {
        ScrollView {
            LazyVStack(alignment: .leading, spacing: 8) {
-                if !self.enabledProviders.isEmpty {
+                if !self.enabledChannels.isEmpty {
                    self.sidebarSectionHeader("Configured")
-                    ForEach(self.enabledProviders) { provider in
-                        self.sidebarRow(provider)
+                    ForEach(self.enabledChannels) { channel in
+                        self.sidebarRow(channel)
                    }
                }

-                if !self.availableProviders.isEmpty {
+                if !self.availableChannels.isEmpty {
                    self.sidebarSectionHeader("Available")
-                    ForEach(self.availableProviders) { provider in
-                        self.sidebarRow(provider)
+                    ForEach(self.availableChannels) { channel in
+                        self.sidebarRow(channel)
                    }
                }
            }
@@ -46,8 +46,8 @@ extension ConnectionsSettings {

    private var detail: some View {
        Group {
-            if let provider = self.selectedProvider {
-                self.providerDetail(provider)
+            if let channel = self.selectedChannel {
+                self.channelDetail(channel)
            } else {
                self.emptyDetail
            }
@@ -57,9 +57,9 @@ extension ConnectionsSettings {

    private var emptyDetail: some View {
        VStack(alignment: .leading, spacing: 8) {
-            Text("Connections")
+            Text("Channels")
                .font(.title3.weight(.semibold))
-            Text("Select a provider to view status and settings.")
+            Text("Select a channel to view status and settings.")
                .font(.callout)
                .foregroundStyle(.secondary)
        }
@@ -67,12 +67,12 @@ extension ConnectionsSettings {
        .padding(.vertical, 18)
    }

-    private func providerDetail(_ provider: ConnectionProvider) -> some View {
+    private func channelDetail(_ channel: ChannelItem) -> some View {
        ScrollView(.vertical) {
            VStack(alignment: .leading, spacing: 16) {
-                self.detailHeader(for: provider)
+                self.detailHeader(for: channel)
                Divider()
-                self.providerSection(provider)
+                self.channelSection(channel)
                Spacer(minLength: 0)
            }
            .frame(maxWidth: .infinity, alignment: .leading)
@@ -81,18 +81,18 @@ extension ConnectionsSettings {
        }
    }

-    private func sidebarRow(_ provider: ConnectionProvider) -> some View {
-        let isSelected = self.selectedProvider == provider
+    private func sidebarRow(_ channel: ChannelItem) -> some View {
+        let isSelected = self.selectedChannel == channel
        return Button {
-            self.selectedProvider = provider
+            self.selectedChannel = channel
        } label: {
            HStack(spacing: 8) {
                Circle()
-                    .fill(self.providerTint(provider))
+                    .fill(self.channelTint(channel))
                    .frame(width: 8, height: 8)
                VStack(alignment: .leading, spacing: 2) {
-                    Text(provider.title)
-                    Text(self.providerSummary(provider))
+                    Text(channel.title)
+                    Text(self.channelSummary(channel))
                        .font(.caption)
                        .foregroundStyle(.secondary)
                }
@@ -119,23 +119,23 @@ extension ConnectionsSettings {
            .padding(.top, 2)
    }

-    private func detailHeader(for provider: ConnectionProvider) -> some View {
+    private func detailHeader(for channel: ChannelItem) -> some View {
        VStack(alignment: .leading, spacing: 8) {
            HStack(alignment: .firstTextBaseline, spacing: 10) {
-                Label(provider.detailTitle, systemImage: provider.systemImage)
+                Label(channel.detailTitle, systemImage: channel.systemImage)
                    .font(.title3.weight(.semibold))
                self.statusBadge(
-                    self.providerSummary(provider),
-                    color: self.providerTint(provider))
+                    self.channelSummary(channel),
+                    color: self.channelTint(channel))
                Spacer()
-                self.providerHeaderActions(provider)
+                self.channelHeaderActions(channel)
            }

            HStack(spacing: 10) {
-                Text("Last check \(self.providerLastCheckText(provider))")
+                Text("Last check \(self.channelLastCheckText(channel))")
                    .font(.caption)
                    .foregroundStyle(.secondary)
-                if self.providerHasError(provider) {
+                if self.channelHasError(channel) {
                    Text("Error")
                        .font(.caption2.weight(.semibold))
                        .padding(.horizontal, 6)
@@ -146,7 +146,7 @@ extension ConnectionsSettings {
                }
            }

-            if let details = self.providerDetails(provider) {
+            if let details = self.channelDetails(channel) {
                Text(details)
                    .font(.caption)
                    .foregroundStyle(.secondary)
--- a/apps/macos/Sources/Clawdbot/ChannelsSettings.swift
+++ b/apps/macos/Sources/Clawdbot/ChannelsSettings.swift
@@ -0,0 +1,19 @@
+import AppKit
+import SwiftUI
+
+struct ChannelsSettings: View {
+    struct ChannelItem: Identifiable, Hashable {
+        let id: String
+        let title: String
+        let detailTitle: String
+        let systemImage: String
+        let sortOrder: Int
+    }
+
+    @Bindable var store: ChannelsStore
+    @State var selectedChannel: ChannelItem?
+
+    init(store: ChannelsStore = .shared) {
+        self.store = store
+    }
+}
--- a/apps/macos/Sources/Clawdbot/ChannelsStore+Config.swift
+++ b/apps/macos/Sources/Clawdbot/ChannelsStore+Config.swift
@@ -0,0 +1,154 @@
+import ClawdbotProtocol
+import Foundation
+
+extension ChannelsStore {
+    func loadConfigSchema() async {
+        guard !self.configSchemaLoading else { return }
+        self.configSchemaLoading = true
+        defer { self.configSchemaLoading = false }
+
+        do {
+            let res: ConfigSchemaResponse = try await GatewayConnection.shared.requestDecoded(
+                method: .configSchema,
+                params: nil,
+                timeoutMs: 8000)
+            let schemaValue = res.schema.foundationValue
+            self.configSchema = ConfigSchemaNode(raw: schemaValue)
+            let hintValues = res.uihints.mapValues { $0.foundationValue }
+            self.configUiHints = decodeUiHints(hintValues)
+        } catch {
+            self.configStatus = error.localizedDescription
+        }
+    }
+
+    func loadConfig() async {
+        do {
+            let snap: ConfigSnapshot = try await GatewayConnection.shared.requestDecoded(
+                method: .configGet,
+                params: nil,
+                timeoutMs: 10000)
+            self.configStatus = snap.valid == false
+                ? "Config invalid; fix it in ~/.clawdbot/clawdbot.json."
+                : nil
+            self.configRoot = snap.config?.mapValues { $0.foundationValue } ?? [:]
+            self.configDraft = cloneConfigValue(self.configRoot) as? [String: Any] ?? self.configRoot
+            self.configDirty = false
+            self.configLoaded = true
+
+            self.applyUIConfig(snap)
+        } catch {
+            self.configStatus = error.localizedDescription
+        }
+    }
+
+    private func applyUIConfig(_ snap: ConfigSnapshot) {
+        let ui = snap.config?["ui"]?.dictionaryValue
+        let rawSeam = ui?["seamColor"]?.stringValue?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        AppStateStore.shared.seamColorHex = rawSeam.isEmpty ? nil : rawSeam
+    }
+
+    func channelConfigSchema(for channelId: String) -> ConfigSchemaNode? {
+        guard let root = self.configSchema else { return nil }
+        return root.node(at: [.key("channels"), .key(channelId)])
+    }
+
+    func configValue(at path: ConfigPath) -> Any? {
+        if let value = valueAtPath(self.configDraft, path: path) {
+            return value
+        }
+        guard path.count >= 2 else { return nil }
+        if case .key("channels") = path[0], case .key = path[1] {
+            let fallbackPath = Array(path.dropFirst())
+            return valueAtPath(self.configDraft, path: fallbackPath)
+        }
+        return nil
+    }
+
+    func updateConfigValue(path: ConfigPath, value: Any?) {
+        var root: Any = self.configDraft
+        setValue(&root, path: path, value: value)
+        self.configDraft = root as? [String: Any] ?? self.configDraft
+        self.configDirty = true
+    }
+
+    func saveConfigDraft() async {
+        guard !self.isSavingConfig else { return }
+        self.isSavingConfig = true
+        defer { self.isSavingConfig = false }
+
+        do {
+            try await ConfigStore.save(self.configDraft)
+            await self.loadConfig()
+        } catch {
+            self.configStatus = error.localizedDescription
+        }
+    }
+
+    func reloadConfigDraft() async {
+        await self.loadConfig()
+    }
+}
+
+private func valueAtPath(_ root: Any, path: ConfigPath) -> Any? {
+    var current: Any? = root
+    for segment in path {
+        switch segment {
+        case let .key(key):
+            guard let dict = current as? [String: Any] else { return nil }
+            current = dict[key]
+        case let .index(index):
+            guard let array = current as? [Any], array.indices.contains(index) else { return nil }
+            current = array[index]
+        }
+    }
+    return current
+}
+
+private func setValue(_ root: inout Any, path: ConfigPath, value: Any?) {
+    guard let segment = path.first else { return }
+    switch segment {
+    case let .key(key):
+        var dict = root as? [String: Any] ?? [:]
+        if path.count == 1 {
+            if let value {
+                dict[key] = value
+            } else {
+                dict.removeValue(forKey: key)
+            }
+            root = dict
+            return
+        }
+        var child = dict[key] ?? [:]
+        setValue(&child, path: Array(path.dropFirst()), value: value)
+        dict[key] = child
+        root = dict
+    case let .index(index):
+        var array = root as? [Any] ?? []
+        if index >= array.count {
+            array.append(contentsOf: repeatElement(NSNull() as Any, count: index - array.count + 1))
+        }
+        if path.count == 1 {
+            if let value {
+                array[index] = value
+            } else if array.indices.contains(index) {
+                array.remove(at: index)
+            }
+            root = array
+            return
+        }
+        var child = array[index]
+        setValue(&child, path: Array(path.dropFirst()), value: value)
+        array[index] = child
+        root = array
+    }
+}
+
+private func cloneConfigValue(_ value: Any) -> Any {
+    guard JSONSerialization.isValidJSONObject(value) else { return value }
+    do {
+        let data = try JSONSerialization.data(withJSONObject: value, options: [])
+        return try JSONSerialization.jsonObject(with: data, options: [])
+    } catch {
+        return value
+    }
+}
--- a/apps/macos/Sources/Clawdbot/ConnectionsStore+Lifecycle.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsStore+Lifecycle.swift
@@ -1,13 +1,14 @@
 import ClawdbotProtocol
 import Foundation

-extension ConnectionsStore {
+extension ChannelsStore {
    func start() {
        guard !self.isPreview else { return }
        guard self.pollTask == nil else { return }
        self.pollTask = Task.detached { [weak self] in
            guard let self else { return }
            await self.refresh(probe: true)
+            await self.loadConfigSchema()
            await self.loadConfig()
            while !Task.isCancelled {
                try? await Task.sleep(nanoseconds: UInt64(self.interval * 1_000_000_000))
@@ -31,8 +32,8 @@ extension ConnectionsStore {
                "probe": AnyCodable(probe),
                "timeoutMs": AnyCodable(8000),
            ]
-            let snap: ProvidersStatusSnapshot = try await GatewayConnection.shared.requestDecoded(
-                method: .providersStatus,
+            let snap: ChannelsStatusSnapshot = try await GatewayConnection.shared.requestDecoded(
+                method: .channelsStatus,
                params: params,
                timeoutMs: 12000)
            self.snapshot = snap
@@ -100,9 +101,12 @@ extension ConnectionsStore {
        self.whatsappBusy = true
        defer { self.whatsappBusy = false }
        do {
-            let result: WhatsAppLogoutResult = try await GatewayConnection.shared.requestDecoded(
-                method: .webLogout,
-                params: nil,
+            let params: [String: AnyCodable] = [
+                "channel": AnyCodable("whatsapp"),
+            ]
+            let result: ChannelLogoutResult = try await GatewayConnection.shared.requestDecoded(
+                method: .channelsLogout,
+                params: params,
                timeoutMs: 15000)
            self.whatsappLoginMessage = result.cleared
                ? "Logged out and cleared credentials."
@@ -119,9 +123,12 @@ extension ConnectionsStore {
        self.telegramBusy = true
        defer { self.telegramBusy = false }
        do {
-            let result: TelegramLogoutResult = try await GatewayConnection.shared.requestDecoded(
-                method: .telegramLogout,
-                params: nil,
+            let params: [String: AnyCodable] = [
+                "channel": AnyCodable("telegram"),
+            ]
+            let result: ChannelLogoutResult = try await GatewayConnection.shared.requestDecoded(
+                method: .channelsLogout,
+                params: params,
                timeoutMs: 15000)
            if result.envToken == true {
                self.configStatus = "Telegram token still set via env; config cleared."
@@ -148,11 +155,9 @@ private struct WhatsAppLoginWaitResult: Codable {
    let message: String
 }

-private struct WhatsAppLogoutResult: Codable {
-    let cleared: Bool
-}
-
-private struct TelegramLogoutResult: Codable {
+private struct ChannelLogoutResult: Codable {
+    let channel: String?
+    let accountId: String?
    let cleared: Bool
    let envToken: Bool?
 }
--- a/apps/macos/Sources/Clawdbot/ConnectionsStore.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsStore.swift
@@ -2,7 +2,7 @@ import ClawdbotProtocol
 import Foundation
 import Observation

-struct ProvidersStatusSnapshot: Codable {
+struct ChannelsStatusSnapshot: Codable {
    struct WhatsAppSelf: Codable {
        let e164: String?
        let jid: String?
@@ -121,12 +121,54 @@ struct ProvidersStatusSnapshot: Codable {
        let lastProbeAt: Double?
    }

+    struct ChannelAccountSnapshot: Codable {
+        let accountId: String
+        let name: String?
+        let enabled: Bool?
+        let configured: Bool?
+        let linked: Bool?
+        let running: Bool?
+        let connected: Bool?
+        let reconnectAttempts: Int?
+        let lastConnectedAt: Double?
+        let lastError: String?
+        let lastStartAt: Double?
+        let lastStopAt: Double?
+        let lastInboundAt: Double?
+        let lastOutboundAt: Double?
+        let lastProbeAt: Double?
+        let mode: String?
+        let dmPolicy: String?
+        let allowFrom: [String]?
+        let tokenSource: String?
+        let botTokenSource: String?
+        let appTokenSource: String?
+        let baseUrl: String?
+        let allowUnmentionedGroups: Bool?
+        let cliPath: String?
+        let dbPath: String?
+        let port: Int?
+        let probe: AnyCodable?
+        let audit: AnyCodable?
+        let application: AnyCodable?
+    }
+
    let ts: Double
-    let whatsapp: WhatsAppStatus
-    let telegram: TelegramStatus
-    let discord: DiscordStatus?
-    let signal: SignalStatus?
-    let imessage: IMessageStatus?
+    let channelOrder: [String]
+    let channelLabels: [String: String]
+    let channels: [String: AnyCodable]
+    let channelAccounts: [String: [ChannelAccountSnapshot]]
+    let channelDefaultAccountId: [String: String]
+
+    func decodeChannel<T: Decodable>(_ id: String, as type: T.Type) -> T? {
+        guard let value = self.channels[id] else { return nil }
+        do {
+            let data = try JSONEncoder().encode(value)
+            return try JSONDecoder().decode(type, from: data)
+        } catch {
+            return nil
+        }
+    }
 }

 struct ConfigSnapshot: Codable {
@@ -138,57 +180,19 @@ struct ConfigSnapshot: Codable {
    let path: String?
    let exists: Bool?
    let raw: String?
+    let hash: String?
    let parsed: AnyCodable?
    let valid: Bool?
    let config: [String: AnyCodable]?
    let issues: [Issue]?
 }

-struct DiscordGuildChannelForm: Identifiable {
-    let id = UUID()
-    var key: String
-    var allow: Bool
-    var requireMention: Bool
-
-    init(key: String = "", allow: Bool = true, requireMention: Bool = false) {
-        self.key = key
-        self.allow = allow
-        self.requireMention = requireMention
-    }
-}
-
-struct DiscordGuildForm: Identifiable {
-    let id = UUID()
-    var key: String
-    var slug: String
-    var requireMention: Bool
-    var reactionNotifications: String
-    var users: String
-    var channels: [DiscordGuildChannelForm]
-
-    init(
-        key: String = "",
-        slug: String = "",
-        requireMention: Bool = false,
-        reactionNotifications: String = "own",
-        users: String = "",
-        channels: [DiscordGuildChannelForm] = [])
-    {
-        self.key = key
-        self.slug = slug
-        self.requireMention = requireMention
-        self.reactionNotifications = reactionNotifications
-        self.users = users
-        self.channels = channels
-    }
-}
-
@MainActor
@Observable
-final class ConnectionsStore {
-    static let shared = ConnectionsStore()
+final class ChannelsStore {
+    static let shared = ChannelsStore()

-    var snapshot: ProvidersStatusSnapshot?
+    var snapshot: ChannelsStatusSnapshot?
    var lastError: String?
    var lastSuccess: Date?
    var isRefreshing = false
@@ -197,68 +201,15 @@ final class ConnectionsStore {
    var whatsappLoginQrDataUrl: String?
    var whatsappLoginConnected: Bool?
    var whatsappBusy = false
-
-    var telegramToken: String = ""
-    var telegramRequireMention = true
-    var telegramAllowFrom: String = ""
-    var telegramProxy: String = ""
-    var telegramWebhookUrl: String = ""
-    var telegramWebhookSecret: String = ""
-    var telegramWebhookPath: String = ""
    var telegramBusy = false
-    var discordEnabled = true
-    var discordToken: String = ""
-    var discordDmEnabled = true
-    var discordAllowFrom: String = ""
-    var discordGroupEnabled = false
-    var discordGroupChannels: String = ""
-    var discordMediaMaxMb: String = ""
-    var discordHistoryLimit: String = ""
-    var discordTextChunkLimit: String = ""
-    var discordReplyToMode: String = "off"
-    var discordGuilds: [DiscordGuildForm] = []
-    var discordActionReactions = true
-    var discordActionStickers = true
-    var discordActionPolls = true
-    var discordActionPermissions = true
-    var discordActionMessages = true
-    var discordActionThreads = true
-    var discordActionPins = true
-    var discordActionSearch = true
-    var discordActionMemberInfo = true
-    var discordActionRoleInfo = true
-    var discordActionChannelInfo = true
-    var discordActionVoiceStatus = true
-    var discordActionEvents = true
-    var discordActionRoles = false
-    var discordActionModeration = false
-    var discordSlashEnabled = false
-    var discordSlashName: String = ""
-    var discordSlashSessionPrefix: String = ""
-    var discordSlashEphemeral = true
-    var signalEnabled = true
-    var signalAccount: String = ""
-    var signalHttpUrl: String = ""
-    var signalHttpHost: String = ""
-    var signalHttpPort: String = ""
-    var signalCliPath: String = ""
-    var signalAutoStart = true
-    var signalReceiveMode: String = ""
-    var signalIgnoreAttachments = false
-    var signalIgnoreStories = false
-    var signalSendReadReceipts = false
-    var signalAllowFrom: String = ""
-    var signalMediaMaxMb: String = ""
-    var imessageEnabled = true
-    var imessageCliPath: String = ""
-    var imessageDbPath: String = ""
-    var imessageService: String = "auto"
-    var imessageRegion: String = ""
-    var imessageAllowFrom: String = ""
-    var imessageIncludeAttachments = false
-    var imessageMediaMaxMb: String = ""
+
    var configStatus: String?
    var isSavingConfig = false
+    var configSchemaLoading = false
+    var configSchema: ConfigSchemaNode?
+    var configUiHints: [String: ConfigUiHint] = [:]
+    var configDraft: [String: Any] = [:]
+    var configDirty = false

    let interval: TimeInterval = 45
    let isPreview: Bool
--- a/apps/macos/Sources/Clawdbot/CommandResolver.swift
+++ b/apps/macos/Sources/Clawdbot/CommandResolver.swift
@@ -84,12 +84,30 @@ enum CommandResolver {
            "/bin",
        ]
        extras.insert(projectRoot.appendingPathComponent("node_modules/.bin").path, at: 0)
-        extras.insert(contentsOf: self.nodeManagerBinPaths(home: home), at: 1)
+        let clawdbotPaths = self.clawdbotManagedPaths(home: home)
+        if !clawdbotPaths.isEmpty {
+            extras.insert(contentsOf: clawdbotPaths, at: 1)
+        }
+        extras.insert(contentsOf: self.nodeManagerBinPaths(home: home), at: 1 + clawdbotPaths.count)
        var seen = Set<String>()
        // Preserve order while stripping duplicates so PATH lookups remain deterministic.
        return (extras + current).filter { seen.insert($0).inserted }
    }

+    private static func clawdbotManagedPaths(home: URL) -> [String] {
+        let base = home.appendingPathComponent(".clawdbot")
+        let bin = base.appendingPathComponent("bin")
+        let nodeBin = base.appendingPathComponent("tools/node/bin")
+        var paths: [String] = []
+        if FileManager.default.fileExists(atPath: bin.path) {
+            paths.append(bin.path)
+        }
+        if FileManager.default.fileExists(atPath: nodeBin.path) {
+            paths.append(nodeBin.path)
+        }
+        return paths
+    }
+
    private static func nodeManagerBinPaths(home: URL) -> [String] {
        var bins: [String] = []

@@ -196,9 +214,10 @@ enum CommandResolver {
        subcommand: String,
        extraArgs: [String] = [],
        defaults: UserDefaults = .standard,
+        configRoot: [String: Any]? = nil,
        searchPaths: [String]? = nil) -> [String]
    {
-        let settings = self.connectionSettings(defaults: defaults)
+        let settings = self.connectionSettings(defaults: defaults, configRoot: configRoot)
        if settings.mode == .remote, let ssh = self.sshNodeCommand(
            subcommand: subcommand,
            extraArgs: extraArgs,
@@ -246,12 +265,14 @@ enum CommandResolver {
        subcommand: String,
        extraArgs: [String] = [],
        defaults: UserDefaults = .standard,
+        configRoot: [String: Any]? = nil,
        searchPaths: [String]? = nil) -> [String]
    {
        self.clawdbotNodeCommand(
            subcommand: subcommand,
            extraArgs: extraArgs,
            defaults: defaults,
+            configRoot: configRoot,
            searchPaths: searchPaths)
    }

@@ -366,15 +387,12 @@ enum CommandResolver {
        let cliPath: String
    }

-    static func connectionSettings(defaults: UserDefaults = .standard) -> RemoteSettings {
-        let modeRaw = defaults.string(forKey: connectionModeKey)
-        let mode: AppState.ConnectionMode
-        if let modeRaw {
-            mode = AppState.ConnectionMode(rawValue: modeRaw) ?? .local
-        } else {
-            let seen = defaults.bool(forKey: "clawdbot.onboardingSeen")
-            mode = seen ? .local : .unconfigured
-        }
+    static func connectionSettings(
+        defaults: UserDefaults = .standard,
+        configRoot: [String: Any]? = nil) -> RemoteSettings
+    {
+        let root = configRoot ?? ClawdbotConfigFile.loadDict()
+        let mode = ConnectionModeResolver.resolve(root: root, defaults: defaults).mode
        let target = defaults.string(forKey: remoteTargetKey) ?? ""
        let identity = defaults.string(forKey: remoteIdentityKey) ?? ""
        let projectRoot = defaults.string(forKey: remoteProjectRootKey) ?? ""
@@ -387,10 +405,6 @@ enum CommandResolver {
            cliPath: cliPath)
    }

-    static var attachExistingGatewayOnly: Bool {
-        UserDefaults.standard.bool(forKey: attachExistingGatewayOnlyKey)
-    }
-
    static func connectionModeIsRemote(defaults: UserDefaults = .standard) -> Bool {
        self.connectionSettings(defaults: defaults).mode == .remote
    }
--- a/apps/macos/Sources/Clawdbot/ConfigSchemaSupport.swift
+++ b/apps/macos/Sources/Clawdbot/ConfigSchemaSupport.swift
@@ -0,0 +1,204 @@
+import Foundation
+
+enum ConfigPathSegment: Hashable {
+    case key(String)
+    case index(Int)
+}
+
+typealias ConfigPath = [ConfigPathSegment]
+
+struct ConfigUiHint {
+    let label: String?
+    let help: String?
+    let order: Double?
+    let advanced: Bool?
+    let sensitive: Bool?
+    let placeholder: String?
+
+    init(raw: [String: Any]) {
+        self.label = raw["label"] as? String
+        self.help = raw["help"] as? String
+        if let order = raw["order"] as? Double {
+            self.order = order
+        } else if let orderInt = raw["order"] as? Int {
+            self.order = Double(orderInt)
+        } else {
+            self.order = nil
+        }
+        self.advanced = raw["advanced"] as? Bool
+        self.sensitive = raw["sensitive"] as? Bool
+        self.placeholder = raw["placeholder"] as? String
+    }
+}
+
+struct ConfigSchemaNode {
+    let raw: [String: Any]
+
+    init?(raw: Any) {
+        guard let dict = raw as? [String: Any] else { return nil }
+        self.raw = dict
+    }
+
+    var title: String? { self.raw["title"] as? String }
+    var description: String? { self.raw["description"] as? String }
+    var enumValues: [Any]? { self.raw["enum"] as? [Any] }
+    var constValue: Any? { self.raw["const"] }
+    var explicitDefault: Any? { self.raw["default"] }
+    var requiredKeys: Set<String> {
+        Set((self.raw["required"] as? [String]) ?? [])
+    }
+
+    var typeList: [String] {
+        if let type = self.raw["type"] as? String { return [type] }
+        if let types = self.raw["type"] as? [String] { return types }
+        return []
+    }
+
+    var schemaType: String? {
+        let filtered = self.typeList.filter { $0 != "null" }
+        if let first = filtered.first { return first }
+        return self.typeList.first
+    }
+
+    var isNullSchema: Bool {
+        let types = self.typeList
+        return types.count == 1 && types.first == "null"
+    }
+
+    var properties: [String: ConfigSchemaNode] {
+        guard let props = self.raw["properties"] as? [String: Any] else { return [:] }
+        return props.compactMapValues { ConfigSchemaNode(raw: $0) }
+    }
+
+    var anyOf: [ConfigSchemaNode] {
+        guard let raw = self.raw["anyOf"] as? [Any] else { return [] }
+        return raw.compactMap { ConfigSchemaNode(raw: $0) }
+    }
+
+    var oneOf: [ConfigSchemaNode] {
+        guard let raw = self.raw["oneOf"] as? [Any] else { return [] }
+        return raw.compactMap { ConfigSchemaNode(raw: $0) }
+    }
+
+    var literalValue: Any? {
+        if let constValue { return constValue }
+        if let enumValues, enumValues.count == 1 { return enumValues[0] }
+        return nil
+    }
+
+    var items: ConfigSchemaNode? {
+        if let items = self.raw["items"] as? [Any], let first = items.first {
+            return ConfigSchemaNode(raw: first)
+        }
+        if let items = self.raw["items"] {
+            return ConfigSchemaNode(raw: items)
+        }
+        return nil
+    }
+
+    var additionalProperties: ConfigSchemaNode? {
+        if let additional = self.raw["additionalProperties"] as? [String: Any] {
+            return ConfigSchemaNode(raw: additional)
+        }
+        return nil
+    }
+
+    var allowsAdditionalProperties: Bool {
+        if let allow = self.raw["additionalProperties"] as? Bool { return allow }
+        return self.additionalProperties != nil
+    }
+
+    var defaultValue: Any {
+        if let value = self.raw["default"] { return value }
+        switch self.schemaType {
+        case "object":
+            return [String: Any]()
+        case "array":
+            return [Any]()
+        case "boolean":
+            return false
+        case "integer":
+            return 0
+        case "number":
+            return 0.0
+        case "string":
+            return ""
+        default:
+            return ""
+        }
+    }
+
+    func node(at path: ConfigPath) -> ConfigSchemaNode? {
+        var current: ConfigSchemaNode? = self
+        for segment in path {
+            guard let node = current else { return nil }
+            switch segment {
+            case let .key(key):
+                if node.schemaType == "object" {
+                    if let next = node.properties[key] {
+                        current = next
+                        continue
+                    }
+                    if let additional = node.additionalProperties {
+                        current = additional
+                        continue
+                    }
+                    return nil
+                }
+                return nil
+            case .index:
+                guard node.schemaType == "array" else { return nil }
+                current = node.items
+            }
+        }
+        return current
+    }
+}
+
+func decodeUiHints(_ raw: [String: Any]) -> [String: ConfigUiHint] {
+    raw.reduce(into: [:]) { result, entry in
+        if let hint = entry.value as? [String: Any] {
+            result[entry.key] = ConfigUiHint(raw: hint)
+        }
+    }
+}
+
+func hintForPath(_ path: ConfigPath, hints: [String: ConfigUiHint]) -> ConfigUiHint? {
+    let key = pathKey(path)
+    if let direct = hints[key] { return direct }
+    let segments = key.split(separator: ".").map(String.init)
+    for (hintKey, hint) in hints {
+        guard hintKey.contains("*") else { continue }
+        let hintSegments = hintKey.split(separator: ".").map(String.init)
+        guard hintSegments.count == segments.count else { continue }
+        var match = true
+        for (index, seg) in segments.enumerated() {
+            let hintSegment = hintSegments[index]
+            if hintSegment != "*", hintSegment != seg {
+                match = false
+                break
+            }
+        }
+        if match { return hint }
+    }
+    return nil
+}
+
+func isSensitivePath(_ path: ConfigPath) -> Bool {
+    let key = pathKey(path).lowercased()
+    return key.contains("token")
+        || key.contains("password")
+        || key.contains("secret")
+        || key.contains("apikey")
+        || key.hasSuffix("key")
+}
+
+func pathKey(_ path: ConfigPath) -> String {
+    path.compactMap { segment -> String? in
+        switch segment {
+        case let .key(key): return key
+        case .index: return nil
+        }
+    }
+    .joined(separator: ".")
+}
--- a/apps/macos/Sources/Clawdbot/ConfigSettings.swift
+++ b/apps/macos/Sources/Clawdbot/ConfigSettings.swift
@@ -4,83 +4,54 @@ import SwiftUI
 struct ConfigSettings: View {
    private let isPreview = ProcessInfo.processInfo.isPreview
    private let isNixMode = ProcessInfo.processInfo.isNixMode
-    private let state = AppStateStore.shared
-    private let labelColumnWidth: CGFloat = 120
-    private static let browserAttachOnlyHelp =
-        "When enabled, the browser server will only connect if the clawd browser is already running."
-    private static let browserProfileNote =
-        "Clawd uses a separate Chrome profile and ports (default 18791/18792) "
-            + "so it won’t interfere with your daily browser."
-    @State private var configModel: String = ""
-    @State private var customModel: String = ""
-    @State private var configSaving = false
+    @Bindable var store: ChannelsStore
    @State private var hasLoaded = false
-    @State private var models: [ModelChoice] = []
-    @State private var modelsLoading = false
-    @State private var modelError: String?
-    @State private var modelsSourceLabel: String?
-    @AppStorage(modelCatalogPathKey) private var modelCatalogPath: String = ModelCatalogLoader.defaultPath
-    @AppStorage(modelCatalogReloadKey) private var modelCatalogReloadBump: Int = 0
-    @State private var allowAutosave = false
-    @State private var heartbeatMinutes: Int?
-    @State private var heartbeatBody: String = "HEARTBEAT"

-    // clawd browser settings (stored in ~/.clawdbot/clawdbot.json under "browser")
-    @State private var browserEnabled: Bool = true
-    @State private var browserControlUrl: String = "http://127.0.0.1:18791"
-    @State private var browserColorHex: String = "#FF4500"
-    @State private var browserAttachOnly: Bool = false
-
-    // Talk mode settings (stored in ~/.clawdbot/clawdbot.json under "talk")
-    @State private var talkVoiceId: String = ""
-    @State private var talkInterruptOnSpeech: Bool = true
-    @State private var talkApiKey: String = ""
-    @State private var gatewayApiKeyFound = false
-
-    private struct ConfigDraft {
-        let configModel: String
-        let customModel: String
-        let heartbeatMinutes: Int?
-        let heartbeatBody: String
-        let browserEnabled: Bool
-        let browserControlUrl: String
-        let browserColorHex: String
-        let browserAttachOnly: Bool
-        let talkVoiceId: String
-        let talkApiKey: String
-        let talkInterruptOnSpeech: Bool
+    init(store: ChannelsStore = .shared) {
+        self.store = store
    }

    var body: some View {
-        ScrollView { self.content }
-            .onChange(of: self.modelCatalogPath) { _, _ in
-                Task { await self.loadModels() }
-            }
-            .onChange(of: self.modelCatalogReloadBump) { _, _ in
-                Task { await self.loadModels() }
-            }
-            .task {
-                guard !self.hasLoaded else { return }
-                guard !self.isPreview else { return }
-                self.hasLoaded = true
-                await self.loadConfig()
-                await self.loadModels()
-                await self.refreshGatewayTalkApiKey()
-                self.allowAutosave = true
-            }
+        ScrollView {
+            self.content
+        }
+        .task {
+            guard !self.hasLoaded else { return }
+            guard !self.isPreview else { return }
+            self.hasLoaded = true
+            await self.store.loadConfigSchema()
+            await self.store.loadConfig()
+        }
    }
+}

+extension ConfigSettings {
    private var content: some View {
-        VStack(alignment: .leading, spacing: 14) {
+        VStack(alignment: .leading, spacing: 16) {
            self.header
-            self.agentSection
-                .disabled(self.isNixMode)
-            self.heartbeatSection
-                .disabled(self.isNixMode)
-            self.talkSection
-                .disabled(self.isNixMode)
-            self.browserSection
-                .disabled(self.isNixMode)
+            if let status = self.store.configStatus {
+                Text(status)
+                    .font(.callout)
+                    .foregroundStyle(.secondary)
+            }
+            self.actionRow
+            Group {
+                if self.store.configSchemaLoading {
+                    ProgressView().controlSize(.small)
+                } else if let schema = self.store.configSchema {
+                    ConfigSchemaForm(store: self.store, schema: schema, path: [])
+                        .disabled(self.isNixMode)
+                } else {
+                    Text("Schema unavailable.")
+                        .font(.caption)
+                        .foregroundStyle(.secondary)
+                }
+            }
+            if self.store.configDirty, !self.isNixMode {
+                Text("Unsaved changes")
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+            }
            Spacer(minLength: 0)
        }
        .frame(maxWidth: .infinity, alignment: .leading)
@@ -91,661 +62,33 @@ struct ConfigSettings: View {

    @ViewBuilder
    private var header: some View {
-        Text("Clawdbot CLI config")
+        Text("Config")
            .font(.title3.weight(.semibold))
        Text(self.isNixMode
            ? "This tab is read-only in Nix mode. Edit config via Nix and rebuild."
-            : "Edit ~/.clawdbot/clawdbot.json (agent / session / routing / messages).")
+            : "Edit ~/.clawdbot/clawdbot.json using the schema-driven form.")
            .font(.callout)
            .foregroundStyle(.secondary)
    }

-    private var agentSection: some View {
-        GroupBox("Agent") {
-            Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 10) {
-                GridRow {
-                    self.gridLabel("Model")
-                    VStack(alignment: .leading, spacing: 6) {
-                        self.modelPicker
-                        self.customModelField
-                        self.modelMetaLabels
-                    }
-                }
+    private var actionRow: some View {
+        HStack(spacing: 10) {
+            Button("Reload") {
+                Task { await self.store.reloadConfigDraft() }
            }
-        }
-        .frame(maxWidth: .infinity, alignment: .leading)
-    }
+            .disabled(!self.store.configLoaded)

-    private var modelPicker: some View {
-        Picker("Model", selection: self.$configModel) {
-            ForEach(self.models) { choice in
-                Text("\(choice.name) — \(choice.provider.uppercased())")
-                    .tag(choice.id)
+            Button(self.store.isSavingConfig ? "Saving…" : "Save") {
+                Task { await self.store.saveConfigDraft() }
            }
-            Text("Manual entry…").tag("__custom__")
-        }
-        .labelsHidden()
-        .frame(maxWidth: .infinity)
-        .disabled(self.modelsLoading || (!self.modelError.isNilOrEmpty && self.models.isEmpty))
-        .onChange(of: self.configModel) { _, _ in
-            self.autosaveConfig()
-        }
-    }
-
-    @ViewBuilder
-    private var customModelField: some View {
-        if self.configModel == "__custom__" {
-            TextField("Enter model ID", text: self.$customModel)
-                .textFieldStyle(.roundedBorder)
-                .frame(maxWidth: .infinity)
-                .onChange(of: self.customModel) { _, newValue in
-                    self.configModel = newValue
-                    self.autosaveConfig()
-                }
-        }
-    }
-
-    @ViewBuilder
-    private var modelMetaLabels: some View {
-        if let contextLabel = self.selectedContextLabel {
-            Text(contextLabel)
-                .font(.footnote)
-                .foregroundStyle(.secondary)
-        }
-
-        if let authMode = self.selectedAnthropicAuthMode {
-            HStack(spacing: 8) {
-                Circle()
-                    .fill(authMode.isConfigured ? Color.green : Color.orange)
-                    .frame(width: 8, height: 8)
-                Text("Anthropic auth: \(authMode.shortLabel)")
-            }
-            .font(.footnote)
-            .foregroundStyle(authMode.isConfigured ? Color.secondary : Color.orange)
-            .help(self.anthropicAuthHelpText)
-
-            AnthropicAuthControls(connectionMode: self.state.connectionMode)
-        }
-
-        if let modelError {
-            Text(modelError)
-                .font(.footnote)
-                .foregroundStyle(.secondary)
-        }
-
-        if let modelsSourceLabel {
-            Text("Model catalog: \(modelsSourceLabel)")
-                .font(.footnote)
-                .foregroundStyle(.secondary)
-        }
-    }
-
-    private var anthropicAuthHelpText: String {
-        "Determined from Clawdbot OAuth token file (~/.clawdbot/credentials/oauth.json) " +
-            "or environment variables (ANTHROPIC_OAUTH_TOKEN / ANTHROPIC_API_KEY)."
-    }
-
-    private var heartbeatSection: some View {
-        GroupBox("Heartbeat") {
-            Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 10) {
-                GridRow {
-                    self.gridLabel("Schedule")
-                    VStack(alignment: .leading, spacing: 6) {
-                        HStack(spacing: 12) {
-                            Stepper(
-                                value: Binding(
-                                    get: { self.heartbeatMinutes ?? 10 },
-                                    set: { self.heartbeatMinutes = $0; self.autosaveConfig() }),
-                                in: 0...720)
-                            {
-                                Text("Every \(self.heartbeatMinutes ?? 10) min")
-                                    .frame(width: 150, alignment: .leading)
-                            }
-                            .help("Set to 0 to disable automatic heartbeats")
-
-                            TextField("HEARTBEAT", text: self.$heartbeatBody)
-                                .textFieldStyle(.roundedBorder)
-                                .frame(maxWidth: .infinity)
-                                .onChange(of: self.heartbeatBody) { _, _ in
-                                    self.autosaveConfig()
-                                }
-                                .help("Message body sent on each heartbeat")
-                        }
-                        Text("Heartbeats keep agent sessions warm; 0 minutes disables them.")
-                            .font(.footnote)
-                            .foregroundStyle(.secondary)
-                    }
-                }
-            }
-        }
-        .frame(maxWidth: .infinity, alignment: .leading)
-    }
-
-    private var browserSection: some View {
-        GroupBox("Browser (clawd)") {
-            Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 10) {
-                GridRow {
-                    self.gridLabel("Enabled")
-                    Toggle("", isOn: self.$browserEnabled)
-                        .labelsHidden()
-                        .toggleStyle(.checkbox)
-                        .onChange(of: self.browserEnabled) { _, _ in self.autosaveConfig() }
-                }
-                GridRow {
-                    self.gridLabel("Control URL")
-                    TextField("http://127.0.0.1:18791", text: self.$browserControlUrl)
-                        .textFieldStyle(.roundedBorder)
-                        .frame(maxWidth: .infinity)
-                        .disabled(!self.browserEnabled)
-                        .onChange(of: self.browserControlUrl) { _, _ in self.autosaveConfig() }
-                }
-                GridRow {
-                    self.gridLabel("Browser path")
-                    VStack(alignment: .leading, spacing: 2) {
-                        if let label = self.browserPathLabel {
-                            Text(label)
-                                .font(.caption.monospaced())
-                                .foregroundStyle(.secondary)
-                                .textSelection(.enabled)
-                                .lineLimit(1)
-                                .truncationMode(.middle)
-                        } else {
-                            Text("—")
-                                .foregroundStyle(.secondary)
-                        }
-                    }
-                    .frame(maxWidth: .infinity, alignment: .leading)
-                }
-                GridRow {
-                    self.gridLabel("Accent")
-                    HStack(spacing: 8) {
-                        TextField("#FF4500", text: self.$browserColorHex)
-                            .textFieldStyle(.roundedBorder)
-                            .frame(width: 120)
-                            .disabled(!self.browserEnabled)
-                            .onChange(of: self.browserColorHex) { _, _ in self.autosaveConfig() }
-                        Circle()
-                            .fill(self.browserColor)
-                            .frame(width: 12, height: 12)
-                            .overlay(Circle().stroke(Color.secondary.opacity(0.25), lineWidth: 1))
-                        Text("lobster-orange")
-                            .font(.footnote)
-                            .foregroundStyle(.secondary)
-                    }
-                }
-                GridRow {
-                    self.gridLabel("Attach only")
-                    Toggle("", isOn: self.$browserAttachOnly)
-                        .labelsHidden()
-                        .toggleStyle(.checkbox)
-                        .disabled(!self.browserEnabled)
-                        .onChange(of: self.browserAttachOnly) { _, _ in self.autosaveConfig() }
-                        .help(Self.browserAttachOnlyHelp)
-                }
-                GridRow {
-                    Color.clear
-                        .frame(width: self.labelColumnWidth, height: 1)
-                    Text(Self.browserProfileNote)
-                        .font(.footnote)
-                        .foregroundStyle(.secondary)
-                        .frame(maxWidth: .infinity, alignment: .leading)
-                }
-            }
-        }
-        .frame(maxWidth: .infinity, alignment: .leading)
-    }
-
-    private var talkSection: some View {
-        GroupBox("Talk Mode") {
-            Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 10) {
-                GridRow {
-                    self.gridLabel("Voice ID")
-                    VStack(alignment: .leading, spacing: 6) {
-                        HStack(spacing: 8) {
-                            TextField("ElevenLabs voice ID", text: self.$talkVoiceId)
-                                .textFieldStyle(.roundedBorder)
-                                .frame(maxWidth: .infinity)
-                                .onChange(of: self.talkVoiceId) { _, _ in self.autosaveConfig() }
-                            if !self.talkVoiceSuggestions.isEmpty {
-                                Menu {
-                                    ForEach(self.talkVoiceSuggestions, id: \.self) { value in
-                                        Button(value) {
-                                            self.talkVoiceId = value
-                                            self.autosaveConfig()
-                                        }
-                                    }
-                                } label: {
-                                    Label("Suggestions", systemImage: "chevron.up.chevron.down")
-                                }
-                                .fixedSize()
-                            }
-                        }
-                        Text("Defaults to ELEVENLABS_VOICE_ID / SAG_VOICE_ID if unset.")
-                            .font(.footnote)
-                            .foregroundStyle(.secondary)
-                    }
-                }
-                GridRow {
-                    self.gridLabel("API key")
-                    VStack(alignment: .leading, spacing: 6) {
-                        HStack(spacing: 8) {
-                            SecureField("ELEVENLABS_API_KEY", text: self.$talkApiKey)
-                                .textFieldStyle(.roundedBorder)
-                                .frame(maxWidth: .infinity)
-                                .disabled(self.hasEnvApiKey)
-                                .onChange(of: self.talkApiKey) { _, _ in self.autosaveConfig() }
-                            if !self.hasEnvApiKey, !self.talkApiKey.isEmpty {
-                                Button("Clear") {
-                                    self.talkApiKey = ""
-                                    self.autosaveConfig()
-                                }
-                            }
-                        }
-                        self.statusLine(label: self.apiKeyStatusLabel, color: self.apiKeyStatusColor)
-                        if self.hasEnvApiKey {
-                            Text("Using ELEVENLABS_API_KEY from the environment.")
-                                .font(.footnote)
-                                .foregroundStyle(.secondary)
-                        } else if self.gatewayApiKeyFound,
-                                  self.talkApiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
-                        {
-                            Text("Using API key from the gateway profile.")
-                                .font(.footnote)
-                                .foregroundStyle(.secondary)
-                        }
-                    }
-                }
-                GridRow {
-                    self.gridLabel("Interrupt")
-                    Toggle("Stop speaking when you start talking", isOn: self.$talkInterruptOnSpeech)
-                        .labelsHidden()
-                        .toggleStyle(.checkbox)
-                        .onChange(of: self.talkInterruptOnSpeech) { _, _ in self.autosaveConfig() }
-                }
-            }
-        }
-        .frame(maxWidth: .infinity, alignment: .leading)
-    }
-
-    private func gridLabel(_ text: String) -> some View {
-        Text(text)
-            .foregroundStyle(.secondary)
-            .frame(width: self.labelColumnWidth, alignment: .leading)
-    }
-
-    private func statusLine(label: String, color: Color) -> some View {
-        HStack(spacing: 6) {
-            Circle()
-                .fill(color)
-                .frame(width: 6, height: 6)
-            Text(label)
-                .font(.footnote)
-                .foregroundStyle(.secondary)
-        }
-        .padding(.top, 2)
-    }
-
-    private func loadConfig() async {
-        let parsed = await ConfigStore.load()
-        let agents = parsed["agents"] as? [String: Any]
-        let defaults = agents?["defaults"] as? [String: Any]
-        let heartbeat = defaults?["heartbeat"] as? [String: Any]
-        let heartbeatEvery = heartbeat?["every"] as? String
-        let heartbeatBody = heartbeat?["prompt"] as? String
-        let browser = parsed["browser"] as? [String: Any]
-        let talk = parsed["talk"] as? [String: Any]
-
-        let loadedModel: String = {
-            if let raw = defaults?["model"] as? String { return raw }
-            if let modelDict = defaults?["model"] as? [String: Any],
-               let primary = modelDict["primary"] as? String { return primary }
-            return ""
-        }()
-        if !loadedModel.isEmpty {
-            self.configModel = loadedModel
-            self.customModel = loadedModel
-        } else {
-            self.configModel = SessionLoader.fallbackModel
-            self.customModel = SessionLoader.fallbackModel
-        }
-
-        if let heartbeatEvery {
-            let digits = heartbeatEvery.trimmingCharacters(in: .whitespacesAndNewlines)
-                .prefix { $0.isNumber }
-            if let minutes = Int(digits) {
-                self.heartbeatMinutes = minutes
-            }
-        }
-        if let heartbeatBody, !heartbeatBody.isEmpty { self.heartbeatBody = heartbeatBody }
-
-        if let browser {
-            if let enabled = browser["enabled"] as? Bool { self.browserEnabled = enabled }
-            if let url = browser["controlUrl"] as? String, !url.isEmpty { self.browserControlUrl = url }
-            if let color = browser["color"] as? String, !color.isEmpty { self.browserColorHex = color }
-            if let attachOnly = browser["attachOnly"] as? Bool { self.browserAttachOnly = attachOnly }
-        }
-
-        if let talk {
-            if let voice = talk["voiceId"] as? String { self.talkVoiceId = voice }
-            if let apiKey = talk["apiKey"] as? String { self.talkApiKey = apiKey }
-            if let interrupt = talk["interruptOnSpeech"] as? Bool {
-                self.talkInterruptOnSpeech = interrupt
-            }
-        }
-    }
-
-    private func refreshGatewayTalkApiKey() async {
-        do {
-            let snap: ConfigSnapshot = try await GatewayConnection.shared.requestDecoded(
-                method: .configGet,
-                params: nil,
-                timeoutMs: 8000)
-            let talk = snap.config?["talk"]?.dictionaryValue
-            let apiKey = talk?["apiKey"]?.stringValue?.trimmingCharacters(in: .whitespacesAndNewlines)
-            self.gatewayApiKeyFound = !(apiKey ?? "").isEmpty
-        } catch {
-            self.gatewayApiKeyFound = false
-        }
-    }
-
-    private func autosaveConfig() {
-        guard self.allowAutosave, !self.isNixMode else { return }
-        Task { await self.saveConfig() }
-    }
-
-    private func saveConfig() async {
-        guard !self.configSaving else { return }
-        self.configSaving = true
-        defer { self.configSaving = false }
-
-        let configModel = self.configModel
-        let customModel = self.customModel
-        let heartbeatMinutes = self.heartbeatMinutes
-        let heartbeatBody = self.heartbeatBody
-        let browserEnabled = self.browserEnabled
-        let browserControlUrl = self.browserControlUrl
-        let browserColorHex = self.browserColorHex
-        let browserAttachOnly = self.browserAttachOnly
-        let talkVoiceId = self.talkVoiceId
-        let talkApiKey = self.talkApiKey
-        let talkInterruptOnSpeech = self.talkInterruptOnSpeech
-
-        let draft = ConfigDraft(
-            configModel: configModel,
-            customModel: customModel,
-            heartbeatMinutes: heartbeatMinutes,
-            heartbeatBody: heartbeatBody,
-            browserEnabled: browserEnabled,
-            browserControlUrl: browserControlUrl,
-            browserColorHex: browserColorHex,
-            browserAttachOnly: browserAttachOnly,
-            talkVoiceId: talkVoiceId,
-            talkApiKey: talkApiKey,
-            talkInterruptOnSpeech: talkInterruptOnSpeech)
-
-        let errorMessage = await ConfigSettings.buildAndSaveConfig(draft)
-
-        if let errorMessage {
-            self.modelError = errorMessage
-        }
-    }
-
-    @MainActor
-    private static func buildAndSaveConfig(_ draft: ConfigDraft) async -> String? {
-        var root = await ConfigStore.load()
-        var agents = root["agents"] as? [String: Any] ?? [:]
-        var defaults = agents["defaults"] as? [String: Any] ?? [:]
-        var browser = root["browser"] as? [String: Any] ?? [:]
-        var talk = root["talk"] as? [String: Any] ?? [:]
-
-        let chosenModel = (draft.configModel == "__custom__" ? draft.customModel : draft.configModel)
-            .trimmingCharacters(in: .whitespacesAndNewlines)
-        let trimmedModel = chosenModel
-        if !trimmedModel.isEmpty {
-            var model = defaults["model"] as? [String: Any] ?? [:]
-            model["primary"] = trimmedModel
-            defaults["model"] = model
-
-            var models = defaults["models"] as? [String: Any] ?? [:]
-            if models[trimmedModel] == nil {
-                models[trimmedModel] = [:]
-            }
-            defaults["models"] = models
-        }
-
-        if let heartbeatMinutes = draft.heartbeatMinutes {
-            var heartbeat = defaults["heartbeat"] as? [String: Any] ?? [:]
-            heartbeat["every"] = "\(heartbeatMinutes)m"
-            defaults["heartbeat"] = heartbeat
-        }
-
-        let trimmedBody = draft.heartbeatBody.trimmingCharacters(in: .whitespacesAndNewlines)
-        if !trimmedBody.isEmpty {
-            var heartbeat = defaults["heartbeat"] as? [String: Any] ?? [:]
-            heartbeat["prompt"] = trimmedBody
-            defaults["heartbeat"] = heartbeat
-        }
-
-        if defaults.isEmpty {
-            agents.removeValue(forKey: "defaults")
-        } else {
-            agents["defaults"] = defaults
-        }
-        if agents.isEmpty {
-            root.removeValue(forKey: "agents")
-        } else {
-            root["agents"] = agents
-        }
-
-        browser["enabled"] = draft.browserEnabled
-        let trimmedUrl = draft.browserControlUrl.trimmingCharacters(in: .whitespacesAndNewlines)
-        if !trimmedUrl.isEmpty { browser["controlUrl"] = trimmedUrl }
-        let trimmedColor = draft.browserColorHex.trimmingCharacters(in: .whitespacesAndNewlines)
-        if !trimmedColor.isEmpty { browser["color"] = trimmedColor }
-        browser["attachOnly"] = draft.browserAttachOnly
-        root["browser"] = browser
-
-        let trimmedVoice = draft.talkVoiceId.trimmingCharacters(in: .whitespacesAndNewlines)
-        if trimmedVoice.isEmpty {
-            talk.removeValue(forKey: "voiceId")
-        } else {
-            talk["voiceId"] = trimmedVoice
-        }
-        let trimmedApiKey = draft.talkApiKey.trimmingCharacters(in: .whitespacesAndNewlines)
-        if trimmedApiKey.isEmpty {
-            talk.removeValue(forKey: "apiKey")
-        } else {
-            talk["apiKey"] = trimmedApiKey
-        }
-        talk["interruptOnSpeech"] = draft.talkInterruptOnSpeech
-        root["talk"] = talk
-
-        do {
-            try await ConfigStore.save(root)
-            return nil
-        } catch {
-            return error.localizedDescription
-        }
-    }
-
-    private var browserColor: Color {
-        let raw = self.browserColorHex.trimmingCharacters(in: .whitespacesAndNewlines)
-        let hex = raw.hasPrefix("#") ? String(raw.dropFirst()) : raw
-        guard hex.count == 6, let value = Int(hex, radix: 16) else { return .orange }
-        let r = Double((value >> 16) & 0xFF) / 255.0
-        let g = Double((value >> 8) & 0xFF) / 255.0
-        let b = Double(value & 0xFF) / 255.0
-        return Color(red: r, green: g, blue: b)
-    }
-
-    private var talkVoiceSuggestions: [String] {
-        let env = ProcessInfo.processInfo.environment
-        let candidates = [
-            self.talkVoiceId,
-            env["ELEVENLABS_VOICE_ID"] ?? "",
-            env["SAG_VOICE_ID"] ?? "",
-        ]
-        var seen = Set<String>()
-        return candidates
-            .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
-            .filter { !$0.isEmpty }
-            .filter { seen.insert($0).inserted }
-    }
-
-    private var hasEnvApiKey: Bool {
-        let raw = ProcessInfo.processInfo.environment["ELEVENLABS_API_KEY"] ?? ""
-        return !raw.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
-    }
-
-    private var apiKeyStatusLabel: String {
-        if self.hasEnvApiKey { return "ElevenLabs API key: found (environment)" }
-        if !self.talkApiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty {
-            return "ElevenLabs API key: stored in config"
-        }
-        if self.gatewayApiKeyFound { return "ElevenLabs API key: found (gateway)" }
-        return "ElevenLabs API key: missing"
-    }
-
-    private var apiKeyStatusColor: Color {
-        if self.hasEnvApiKey { return .green }
-        if !self.talkApiKey.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty { return .green }
-        if self.gatewayApiKeyFound { return .green }
-        return .red
-    }
-
-    private var browserPathLabel: String? {
-        guard self.browserEnabled else { return nil }
-
-        let host = (URL(string: self.browserControlUrl)?.host ?? "").lowercased()
-        if !host.isEmpty, !Self.isLoopbackHost(host) {
-            return "remote (\(host))"
-        }
-
-        guard let candidate = Self.detectedBrowserCandidate() else { return nil }
-        return candidate.executablePath ?? candidate.appPath
-    }
-
-    private struct BrowserCandidate {
-        let name: String
-        let appPath: String
-        let executablePath: String?
-    }
-
-    private static func detectedBrowserCandidate() -> BrowserCandidate? {
-        let candidates: [(name: String, appName: String)] = [
-            ("Google Chrome Canary", "Google Chrome Canary.app"),
-            ("Chromium", "Chromium.app"),
-            ("Google Chrome", "Google Chrome.app"),
-        ]
-
-        let roots = [
-            "/Applications",
-            "\(NSHomeDirectory())/Applications",
-        ]
-
-        let fm = FileManager.default
-        for (name, appName) in candidates {
-            for root in roots {
-                let appPath = "\(root)/\(appName)"
-                if fm.fileExists(atPath: appPath) {
-                    let bundle = Bundle(url: URL(fileURLWithPath: appPath))
-                    let exec = bundle?.executableURL?.path
-                    return BrowserCandidate(name: name, appPath: appPath, executablePath: exec)
-                }
-            }
-        }
-
-        return nil
-    }
-
-    private static func isLoopbackHost(_ host: String) -> Bool {
-        if host == "localhost" { return true }
-        if host == "127.0.0.1" { return true }
-        if host == "::1" { return true }
-        return false
-    }
-
-    private func loadModels() async {
-        guard !self.modelsLoading else { return }
-        self.modelsLoading = true
-        self.modelError = nil
-        self.modelsSourceLabel = nil
-        do {
-            let res: ModelsListResult =
-                try await GatewayConnection.shared
-                    .requestDecoded(
-                        method: .modelsList,
-                        timeoutMs: 15000)
-            self.models = res.models
-            self.modelsSourceLabel = "gateway"
-            if !self.configModel.isEmpty,
-               !res.models.contains(where: { $0.id == self.configModel })
-            {
-                self.customModel = self.configModel
-                self.configModel = "__custom__"
-            }
-        } catch {
-            do {
-                let loaded = try await ModelCatalogLoader.load(from: self.modelCatalogPath)
-                self.models = loaded
-                self.modelsSourceLabel = "local fallback"
-                if !self.configModel.isEmpty,
-                   !loaded.contains(where: { $0.id == self.configModel })
-                {
-                    self.customModel = self.configModel
-                    self.configModel = "__custom__"
-                }
-            } catch {
-                self.modelError = error.localizedDescription
-                self.models = []
-            }
-        }
-        self.modelsLoading = false
-    }
-
-    private struct ModelsListResult: Decodable {
-        let models: [ModelChoice]
-    }
-
-    private var selectedContextLabel: String? {
-        let chosenId = (self.configModel == "__custom__") ? self.customModel : self.configModel
-        guard
-            !chosenId.isEmpty,
-            let choice = self.models.first(where: { $0.id == chosenId }),
-            let context = choice.contextWindow
-        else {
-            return nil
-        }
-
-        let human = context >= 1000 ? "\(context / 1000)k" : "\(context)"
-        return "Context window: \(human) tokens"
-    }
-
-    private var selectedAnthropicAuthMode: AnthropicAuthMode? {
-        let chosenId = (self.configModel == "__custom__") ? self.customModel : self.configModel
-        guard !chosenId.isEmpty, let choice = self.models.first(where: { $0.id == chosenId }) else { return nil }
-        guard choice.provider.lowercased() == "anthropic" else { return nil }
-        return AnthropicAuthResolver.resolve()
-    }
-
-    private struct PlainSettingsGroupBoxStyle: GroupBoxStyle {
-        func makeBody(configuration: Configuration) -> some View {
-            VStack(alignment: .leading, spacing: 10) {
-                configuration.label
-                    .font(.caption.weight(.semibold))
-                    .foregroundStyle(.secondary)
-                configuration.content
-            }
-            .frame(maxWidth: .infinity, alignment: .leading)
+            .disabled(self.isNixMode || self.store.isSavingConfig || !self.store.configDirty)
        }
+        .buttonStyle(.bordered)
    }
 }

-#if DEBUG
 struct ConfigSettings_Previews: PreviewProvider {
    static var previews: some View {
        ConfigSettings()
-            .frame(width: SettingsTab.windowWidth, height: SettingsTab.windowHeight)
    }
 }
-#endif
--- a/apps/macos/Sources/Clawdbot/ConfigStore.swift
+++ b/apps/macos/Sources/Clawdbot/ConfigStore.swift
@@ -19,6 +19,7 @@ enum ConfigStore {
    }

    private static let overrideStore = OverrideStore()
+    @MainActor private static var lastHash: String?

    private static func isRemoteMode() async -> Bool {
        let overrides = await self.overrideStore.overrides
@@ -75,6 +76,7 @@ enum ConfigStore {
                method: .configGet,
                params: nil,
                timeoutMs: 8000)
+            self.lastHash = snap.hash
            return snap.config?.mapValues { $0.foundationValue } ?? [:]
        } catch {
            return nil
@@ -83,17 +85,24 @@ enum ConfigStore {

    @MainActor
    private static func saveToGateway(_ root: [String: Any]) async throws {
+        if self.lastHash == nil {
+            _ = await self.loadFromGateway()
+        }
        let data = try JSONSerialization.data(withJSONObject: root, options: [.prettyPrinted, .sortedKeys])
        guard let raw = String(data: data, encoding: .utf8) else {
            throw NSError(domain: "ConfigStore", code: 1, userInfo: [
                NSLocalizedDescriptionKey: "Failed to encode config.",
            ])
        }
-        let params: [String: AnyCodable] = ["raw": AnyCodable(raw)]
+        var params: [String: AnyCodable] = ["raw": AnyCodable(raw)]
+        if let baseHash = self.lastHash {
+            params["baseHash"] = AnyCodable(baseHash)
+        }
        _ = try await GatewayConnection.shared.requestRaw(
            method: .configSet,
            params: params,
            timeoutMs: 10000)
+        _ = await self.loadFromGateway()
    }

    #if DEBUG
--- a/apps/macos/Sources/Clawdbot/ConnectionModeCoordinator.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionModeCoordinator.swift
@@ -27,8 +27,7 @@ final class ConnectionModeCoordinator {
                GatewayProcessManager.shared.setActive(true)
                if GatewayAutostartPolicy.shouldEnsureLaunchAgent(
                    mode: .local,
-                    paused: paused,
-                    attachExistingOnly: AppStateStore.attachExistingGatewayOnly)
+                    paused: paused)
                {
                    Task { await GatewayProcessManager.shared.ensureLaunchAgentEnabledIfNeeded() }
                }
--- a/apps/macos/Sources/Clawdbot/ConnectionModeResolver.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionModeResolver.swift
@@ -0,0 +1,49 @@
+import Foundation
+
+enum EffectiveConnectionModeSource: Sendable, Equatable {
+    case configMode
+    case configRemoteURL
+    case userDefaults
+    case onboarding
+}
+
+struct EffectiveConnectionMode: Sendable, Equatable {
+    let mode: AppState.ConnectionMode
+    let source: EffectiveConnectionModeSource
+}
+
+enum ConnectionModeResolver {
+    static func resolve(
+        root: [String: Any],
+        defaults: UserDefaults = .standard) -> EffectiveConnectionMode
+    {
+        let gateway = root["gateway"] as? [String: Any]
+        let configModeRaw = (gateway?["mode"] as? String) ?? ""
+        let configMode = configModeRaw
+            .trimmingCharacters(in: .whitespacesAndNewlines)
+            .lowercased()
+
+        switch configMode {
+        case "local":
+            return EffectiveConnectionMode(mode: .local, source: .configMode)
+        case "remote":
+            return EffectiveConnectionMode(mode: .remote, source: .configMode)
+        default:
+            break
+        }
+
+        let remoteURLRaw = ((gateway?["remote"] as? [String: Any])?["url"] as? String) ?? ""
+        let remoteURL = remoteURLRaw.trimmingCharacters(in: .whitespacesAndNewlines)
+        if !remoteURL.isEmpty {
+            return EffectiveConnectionMode(mode: .remote, source: .configRemoteURL)
+        }
+
+        if let storedModeRaw = defaults.string(forKey: connectionModeKey) {
+            let storedMode = AppState.ConnectionMode(rawValue: storedModeRaw) ?? .local
+            return EffectiveConnectionMode(mode: storedMode, source: .userDefaults)
+        }
+
+        let seen = defaults.bool(forKey: "clawdbot.onboardingSeen")
+        return EffectiveConnectionMode(mode: seen ? .local : .unconfigured, source: .onboarding)
+    }
+}
--- a/apps/macos/Sources/Clawdbot/ConnectionsSettings+ProviderSections.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsSettings+ProviderSections.swift
@@ -1,707 +0,0 @@
-import SwiftUI
-
-extension ConnectionsSettings {
-    func formSection(_ title: String, @ViewBuilder content: () -> some View) -> some View {
-        GroupBox(title) {
-            VStack(alignment: .leading, spacing: 10) {
-                content()
-            }
-            .frame(maxWidth: .infinity, alignment: .leading)
-        }
-    }
-
-    @ViewBuilder
-    func providerHeaderActions(_ provider: ConnectionProvider) -> some View {
-        HStack(spacing: 8) {
-            if provider == .whatsapp {
-                Button("Logout") {
-                    Task { await self.store.logoutWhatsApp() }
-                }
-                .buttonStyle(.bordered)
-                .disabled(self.store.whatsappBusy)
-            }
-
-            if provider == .telegram {
-                Button("Logout") {
-                    Task { await self.store.logoutTelegram() }
-                }
-                .buttonStyle(.bordered)
-                .disabled(self.store.telegramBusy)
-            }
-
-            Button {
-                Task { await self.store.refresh(probe: true) }
-            } label: {
-                if self.store.isRefreshing {
-                    ProgressView().controlSize(.small)
-                } else {
-                    Text("Refresh")
-                }
-            }
-            .buttonStyle(.bordered)
-            .disabled(self.store.isRefreshing)
-        }
-        .controlSize(.small)
-    }
-
-    var whatsAppSection: some View {
-        VStack(alignment: .leading, spacing: 16) {
-            self.formSection("Linking") {
-                if let message = self.store.whatsappLoginMessage {
-                    Text(message)
-                        .font(.caption)
-                        .foregroundStyle(.secondary)
-                        .fixedSize(horizontal: false, vertical: true)
-                }
-
-                if let qr = self.store.whatsappLoginQrDataUrl, let image = self.qrImage(from: qr) {
-                    Image(nsImage: image)
-                        .resizable()
-                        .interpolation(.none)
-                        .frame(width: 180, height: 180)
-                        .cornerRadius(8)
-                }
-
-                HStack(spacing: 12) {
-                    Button {
-                        Task { await self.store.startWhatsAppLogin(force: false) }
-                    } label: {
-                        if self.store.whatsappBusy {
-                            ProgressView().controlSize(.small)
-                        } else {
-                            Text("Show QR")
-                        }
-                    }
-                    .buttonStyle(.borderedProminent)
-                    .disabled(self.store.whatsappBusy)
-
-                    Button("Relink") {
-                        Task { await self.store.startWhatsAppLogin(force: true) }
-                    }
-                    .buttonStyle(.bordered)
-                    .disabled(self.store.whatsappBusy)
-                }
-                .font(.caption)
-            }
-        }
-    }
-
-    var telegramSection: some View {
-        VStack(alignment: .leading, spacing: 16) {
-            self.formSection("Authentication") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Bot token")
-                        if self.showTelegramToken {
-                            TextField("123:abc", text: self.$store.telegramToken)
-                                .textFieldStyle(.roundedBorder)
-                                .disabled(self.isTelegramTokenLocked)
-                        } else {
-                            SecureField("123:abc", text: self.$store.telegramToken)
-                                .textFieldStyle(.roundedBorder)
-                                .disabled(self.isTelegramTokenLocked)
-                        }
-                        Toggle("Show", isOn: self.$showTelegramToken)
-                            .toggleStyle(.switch)
-                            .disabled(self.isTelegramTokenLocked)
-                    }
-                }
-            }
-
-            self.formSection("Access") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Require mention")
-                        Toggle("", isOn: self.$store.telegramRequireMention)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Allow from")
-                        TextField("123456789, @team", text: self.$store.telegramAllowFrom)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            self.formSection("Webhook") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Webhook URL")
-                        TextField("https://example.com/telegram-webhook", text: self.$store.telegramWebhookUrl)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Webhook secret")
-                        TextField("secret", text: self.$store.telegramWebhookSecret)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Webhook path")
-                        TextField("/telegram-webhook", text: self.$store.telegramWebhookPath)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            self.formSection("Network") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Proxy")
-                        TextField("socks5://localhost:9050", text: self.$store.telegramProxy)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            if self.isTelegramTokenLocked {
-                Text("Token set via TELEGRAM_BOT_TOKEN env; config edits won’t override it.")
-                    .font(.caption)
-                    .foregroundStyle(.secondary)
-            }
-
-            self.configStatusMessage
-
-            HStack(spacing: 12) {
-                Button {
-                    Task { await self.store.saveTelegramConfig() }
-                } label: {
-                    if self.store.isSavingConfig {
-                        ProgressView().controlSize(.small)
-                    } else {
-                        Text("Save")
-                    }
-                }
-                .buttonStyle(.borderedProminent)
-                .disabled(self.store.isSavingConfig)
-
-                Spacer()
-            }
-            .font(.caption)
-        }
-    }
-
-    var discordSection: some View {
-        VStack(alignment: .leading, spacing: 16) {
-            self.formSection("Authentication") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Enabled")
-                        Toggle("", isOn: self.$store.discordEnabled)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Bot token")
-                        if self.showDiscordToken {
-                            TextField("bot token", text: self.$store.discordToken)
-                                .textFieldStyle(.roundedBorder)
-                                .disabled(self.isDiscordTokenLocked)
-                        } else {
-                            SecureField("bot token", text: self.$store.discordToken)
-                                .textFieldStyle(.roundedBorder)
-                                .disabled(self.isDiscordTokenLocked)
-                        }
-                        Toggle("Show", isOn: self.$showDiscordToken)
-                            .toggleStyle(.switch)
-                            .disabled(self.isDiscordTokenLocked)
-                    }
-                }
-            }
-
-            self.formSection("Messages") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Allow DMs from")
-                        TextField("123456789, username#1234", text: self.$store.discordAllowFrom)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("DMs enabled")
-                        Toggle("", isOn: self.$store.discordDmEnabled)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Group DMs")
-                        Toggle("", isOn: self.$store.discordGroupEnabled)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Group channels")
-                        TextField("channelId1, channelId2", text: self.$store.discordGroupChannels)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Reply to mode")
-                        Picker("", selection: self.$store.discordReplyToMode) {
-                            Text("off").tag("off")
-                            Text("first").tag("first")
-                            Text("all").tag("all")
-                        }
-                        .labelsHidden()
-                    }
-                }
-            }
-
-            self.formSection("Limits") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Media max MB")
-                        TextField("8", text: self.$store.discordMediaMaxMb)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("History limit")
-                        TextField("20", text: self.$store.discordHistoryLimit)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Text chunk limit")
-                        TextField("2000", text: self.$store.discordTextChunkLimit)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            self.formSection("Slash command") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Enabled")
-                        Toggle("", isOn: self.$store.discordSlashEnabled)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Slash name")
-                        TextField("clawd", text: self.$store.discordSlashName)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Session prefix")
-                        TextField("discord:slash", text: self.$store.discordSlashSessionPrefix)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Ephemeral")
-                        Toggle("", isOn: self.$store.discordSlashEphemeral)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                }
-            }
-
-            GroupBox("Guilds") {
-                VStack(alignment: .leading, spacing: 12) {
-                    ForEach(self.$store.discordGuilds) { $guild in
-                        VStack(alignment: .leading, spacing: 10) {
-                            HStack {
-                                TextField("guild id or slug", text: $guild.key)
-                                    .textFieldStyle(.roundedBorder)
-                                Button("Remove") {
-                                    self.store.discordGuilds.removeAll { $0.id == guild.id }
-                                }
-                                .buttonStyle(.bordered)
-                            }
-
-                            Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                                GridRow {
-                                    self.gridLabel("Slug")
-                                    TextField("optional slug", text: $guild.slug)
-                                        .textFieldStyle(.roundedBorder)
-                                }
-                                GridRow {
-                                    self.gridLabel("Require mention")
-                                    Toggle("", isOn: $guild.requireMention)
-                                        .labelsHidden()
-                                        .toggleStyle(.checkbox)
-                                }
-                                GridRow {
-                                    self.gridLabel("Reaction notifications")
-                                    Picker("", selection: $guild.reactionNotifications) {
-                                        Text("Off").tag("off")
-                                        Text("Own").tag("own")
-                                        Text("All").tag("all")
-                                        Text("Allowlist").tag("allowlist")
-                                    }
-                                    .labelsHidden()
-                                    .pickerStyle(.segmented)
-                                }
-                                GridRow {
-                                    self.gridLabel("Users allowlist")
-                                    TextField("123456789, username#1234", text: $guild.users)
-                                        .textFieldStyle(.roundedBorder)
-                                }
-                            }
-
-                            Text("Channels")
-                                .font(.caption)
-                                .foregroundStyle(.secondary)
-
-                            VStack(alignment: .leading, spacing: 8) {
-                                ForEach($guild.channels) { $channel in
-                                    HStack(spacing: 10) {
-                                        TextField("channel id or slug", text: $channel.key)
-                                            .textFieldStyle(.roundedBorder)
-                                        Toggle("Allow", isOn: $channel.allow)
-                                            .toggleStyle(.checkbox)
-                                        Toggle("Require mention", isOn: $channel.requireMention)
-                                            .toggleStyle(.checkbox)
-                                        Button("Remove") {
-                                            guild.channels.removeAll { $0.id == channel.id }
-                                        }
-                                        .buttonStyle(.bordered)
-                                    }
-                                }
-                                Button("Add channel") {
-                                    guild.channels.append(DiscordGuildChannelForm())
-                                }
-                                .buttonStyle(.bordered)
-                            }
-                        }
-                        .padding(10)
-                        .background(Color.secondary.opacity(0.08))
-                        .clipShape(RoundedRectangle(cornerRadius: 8))
-                    }
-
-                    Button("Add guild") {
-                        self.store.discordGuilds.append(DiscordGuildForm())
-                    }
-                    .buttonStyle(.bordered)
-                }
-                .frame(maxWidth: .infinity, alignment: .leading)
-            }
-
-            GroupBox("Tool actions") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Reactions")
-                        Toggle("", isOn: self.$store.discordActionReactions)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Stickers")
-                        Toggle("", isOn: self.$store.discordActionStickers)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Polls")
-                        Toggle("", isOn: self.$store.discordActionPolls)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Permissions")
-                        Toggle("", isOn: self.$store.discordActionPermissions)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Messages")
-                        Toggle("", isOn: self.$store.discordActionMessages)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Threads")
-                        Toggle("", isOn: self.$store.discordActionThreads)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Pins")
-                        Toggle("", isOn: self.$store.discordActionPins)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Search")
-                        Toggle("", isOn: self.$store.discordActionSearch)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Member info")
-                        Toggle("", isOn: self.$store.discordActionMemberInfo)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Role info")
-                        Toggle("", isOn: self.$store.discordActionRoleInfo)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Channel info")
-                        Toggle("", isOn: self.$store.discordActionChannelInfo)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Voice status")
-                        Toggle("", isOn: self.$store.discordActionVoiceStatus)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Events")
-                        Toggle("", isOn: self.$store.discordActionEvents)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Role changes")
-                        Toggle("", isOn: self.$store.discordActionRoles)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Moderation")
-                        Toggle("", isOn: self.$store.discordActionModeration)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                }
-                .frame(maxWidth: .infinity, alignment: .leading)
-            }
-
-            if self.isDiscordTokenLocked {
-                Text("Token set via DISCORD_BOT_TOKEN env; config edits won’t override it.")
-                    .font(.caption)
-                    .foregroundStyle(.secondary)
-            }
-
-            self.configStatusMessage
-
-            HStack(spacing: 12) {
-                Button {
-                    Task { await self.store.saveDiscordConfig() }
-                } label: {
-                    if self.store.isSavingConfig {
-                        ProgressView().controlSize(.small)
-                    } else {
-                        Text("Save")
-                    }
-                }
-                .buttonStyle(.borderedProminent)
-                .disabled(self.store.isSavingConfig)
-
-                Spacer()
-            }
-            .font(.caption)
-        }
-    }
-
-    var signalSection: some View {
-        VStack(alignment: .leading, spacing: 16) {
-            self.formSection("Connection") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Enabled")
-                        Toggle("", isOn: self.$store.signalEnabled)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Account")
-                        TextField("+15551234567", text: self.$store.signalAccount)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("HTTP URL")
-                        TextField("http://127.0.0.1:8080", text: self.$store.signalHttpUrl)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("HTTP host")
-                        TextField("127.0.0.1", text: self.$store.signalHttpHost)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("HTTP port")
-                        TextField("8080", text: self.$store.signalHttpPort)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("CLI path")
-                        TextField("signal-cli", text: self.$store.signalCliPath)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            self.formSection("Behavior") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Auto start")
-                        Toggle("", isOn: self.$store.signalAutoStart)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Receive mode")
-                        Picker("", selection: self.$store.signalReceiveMode) {
-                            Text("Default").tag("")
-                            Text("on-start").tag("on-start")
-                            Text("manual").tag("manual")
-                        }
-                        .labelsHidden()
-                        .pickerStyle(.menu)
-                    }
-                    GridRow {
-                        self.gridLabel("Ignore attachments")
-                        Toggle("", isOn: self.$store.signalIgnoreAttachments)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Ignore stories")
-                        Toggle("", isOn: self.$store.signalIgnoreStories)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Read receipts")
-                        Toggle("", isOn: self.$store.signalSendReadReceipts)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                }
-            }
-
-            self.formSection("Access & limits") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Allow from")
-                        TextField("12345, +1555", text: self.$store.signalAllowFrom)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Media max MB")
-                        TextField("8", text: self.$store.signalMediaMaxMb)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            self.configStatusMessage
-
-            HStack(spacing: 12) {
-                Button {
-                    Task { await self.store.saveSignalConfig() }
-                } label: {
-                    if self.store.isSavingConfig {
-                        ProgressView().controlSize(.small)
-                    } else {
-                        Text("Save")
-                    }
-                }
-                .buttonStyle(.borderedProminent)
-                .disabled(self.store.isSavingConfig)
-
-                Spacer()
-            }
-            .font(.caption)
-        }
-    }
-
-    var imessageSection: some View {
-        VStack(alignment: .leading, spacing: 16) {
-            self.formSection("Connection") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Enabled")
-                        Toggle("", isOn: self.$store.imessageEnabled)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("CLI path")
-                        TextField("imsg", text: self.$store.imessageCliPath)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("DB path")
-                        TextField("~/Library/Messages/chat.db", text: self.$store.imessageDbPath)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Service")
-                        Picker("", selection: self.$store.imessageService) {
-                            Text("auto").tag("auto")
-                            Text("imessage").tag("imessage")
-                            Text("sms").tag("sms")
-                        }
-                        .labelsHidden()
-                        .pickerStyle(.menu)
-                    }
-                }
-            }
-
-            self.formSection("Behavior") {
-                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 8) {
-                    GridRow {
-                        self.gridLabel("Region")
-                        TextField("US", text: self.$store.imessageRegion)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Allow from")
-                        TextField("chat_id:101, +1555", text: self.$store.imessageAllowFrom)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                    GridRow {
-                        self.gridLabel("Attachments")
-                        Toggle("", isOn: self.$store.imessageIncludeAttachments)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                    }
-                    GridRow {
-                        self.gridLabel("Media max MB")
-                        TextField("16", text: self.$store.imessageMediaMaxMb)
-                            .textFieldStyle(.roundedBorder)
-                    }
-                }
-            }
-
-            self.configStatusMessage
-
-            HStack(spacing: 12) {
-                Button {
-                    Task { await self.store.saveIMessageConfig() }
-                } label: {
-                    if self.store.isSavingConfig {
-                        ProgressView().controlSize(.small)
-                    } else {
-                        Text("Save")
-                    }
-                }
-                .buttonStyle(.borderedProminent)
-                .disabled(self.store.isSavingConfig)
-
-                Spacer()
-            }
-            .font(.caption)
-        }
-    }
-
-    @ViewBuilder
-    var configStatusMessage: some View {
-        if let status = self.store.configStatus {
-            Text(status)
-                .font(.caption)
-                .foregroundStyle(.secondary)
-                .fixedSize(horizontal: false, vertical: true)
-        }
-    }
-
-    func gridLabel(_ text: String) -> some View {
-        Text(text)
-            .font(.callout.weight(.semibold))
-            .frame(width: 140, alignment: .leading)
-    }
-}
--- a/apps/macos/Sources/Clawdbot/ConnectionsSettings+ProviderState.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsSettings+ProviderState.swift
@@ -1,379 +0,0 @@
-import SwiftUI
-
-extension ConnectionsSettings {
-    var whatsAppTint: Color {
-        guard let status = self.store.snapshot?.whatsapp else { return .secondary }
-        if !status.configured { return .secondary }
-        if !status.linked { return .red }
-        if status.lastError != nil { return .orange }
-        if status.connected { return .green }
-        if status.running { return .orange }
-        return .orange
-    }
-
-    var telegramTint: Color {
-        guard let status = self.store.snapshot?.telegram else { return .secondary }
-        if !status.configured { return .secondary }
-        if status.lastError != nil { return .orange }
-        if status.probe?.ok == false { return .orange }
-        if status.running { return .green }
-        return .orange
-    }
-
-    var discordTint: Color {
-        guard let status = self.store.snapshot?.discord else { return .secondary }
-        if !status.configured { return .secondary }
-        if status.lastError != nil { return .orange }
-        if status.probe?.ok == false { return .orange }
-        if status.running { return .green }
-        return .orange
-    }
-
-    var signalTint: Color {
-        guard let status = self.store.snapshot?.signal else { return .secondary }
-        if !status.configured { return .secondary }
-        if status.lastError != nil { return .orange }
-        if status.probe?.ok == false { return .orange }
-        if status.running { return .green }
-        return .orange
-    }
-
-    var imessageTint: Color {
-        guard let status = self.store.snapshot?.imessage else { return .secondary }
-        if !status.configured { return .secondary }
-        if status.lastError != nil { return .orange }
-        if status.probe?.ok == false { return .orange }
-        if status.running { return .green }
-        return .orange
-    }
-
-    var whatsAppSummary: String {
-        guard let status = self.store.snapshot?.whatsapp else { return "Checking…" }
-        if !status.linked { return "Not linked" }
-        if status.connected { return "Connected" }
-        if status.running { return "Running" }
-        return "Linked"
-    }
-
-    var telegramSummary: String {
-        guard let status = self.store.snapshot?.telegram else { return "Checking…" }
-        if !status.configured { return "Not configured" }
-        if status.running { return "Running" }
-        return "Configured"
-    }
-
-    var discordSummary: String {
-        guard let status = self.store.snapshot?.discord else { return "Checking…" }
-        if !status.configured { return "Not configured" }
-        if status.running { return "Running" }
-        return "Configured"
-    }
-
-    var signalSummary: String {
-        guard let status = self.store.snapshot?.signal else { return "Checking…" }
-        if !status.configured { return "Not configured" }
-        if status.running { return "Running" }
-        return "Configured"
-    }
-
-    var imessageSummary: String {
-        guard let status = self.store.snapshot?.imessage else { return "Checking…" }
-        if !status.configured { return "Not configured" }
-        if status.running { return "Running" }
-        return "Configured"
-    }
-
-    var whatsAppDetails: String? {
-        guard let status = self.store.snapshot?.whatsapp else { return nil }
-        var lines: [String] = []
-        if let e164 = status.`self`?.e164 ?? status.`self`?.jid {
-            lines.append("Linked as \(e164)")
-        }
-        if let age = status.authAgeMs {
-            lines.append("Auth age \(msToAge(age))")
-        }
-        if let last = self.date(fromMs: status.lastConnectedAt) {
-            lines.append("Last connect \(relativeAge(from: last))")
-        }
-        if let disconnect = status.lastDisconnect {
-            let when = self.date(fromMs: disconnect.at).map { relativeAge(from: $0) } ?? "unknown"
-            let code = disconnect.status.map { "status \($0)" } ?? "status unknown"
-            let err = disconnect.error ?? "disconnect"
-            lines.append("Last disconnect \(code) · \(err) · \(when)")
-        }
-        if status.reconnectAttempts > 0 {
-            lines.append("Reconnect attempts \(status.reconnectAttempts)")
-        }
-        if let msgAt = self.date(fromMs: status.lastMessageAt) {
-            lines.append("Last message \(relativeAge(from: msgAt))")
-        }
-        if let err = status.lastError, !err.isEmpty {
-            lines.append("Error: \(err)")
-        }
-        return lines.isEmpty ? nil : lines.joined(separator: " · ")
-    }
-
-    var telegramDetails: String? {
-        guard let status = self.store.snapshot?.telegram else { return nil }
-        var lines: [String] = []
-        if let source = status.tokenSource {
-            lines.append("Token source: \(source)")
-        }
-        if let mode = status.mode {
-            lines.append("Mode: \(mode)")
-        }
-        if let probe = status.probe {
-            if probe.ok {
-                if let name = probe.bot?.username {
-                    lines.append("Bot: @\(name)")
-                }
-                if let url = probe.webhook?.url, !url.isEmpty {
-                    lines.append("Webhook: \(url)")
-                }
-            } else {
-                let code = probe.status.map { String($0) } ?? "unknown"
-                lines.append("Probe failed (\(code))")
-            }
-        }
-        if let last = self.date(fromMs: status.lastProbeAt) {
-            lines.append("Last probe \(relativeAge(from: last))")
-        }
-        if let err = status.lastError, !err.isEmpty {
-            lines.append("Error: \(err)")
-        }
-        return lines.isEmpty ? nil : lines.joined(separator: " · ")
-    }
-
-    var discordDetails: String? {
-        guard let status = self.store.snapshot?.discord else { return nil }
-        var lines: [String] = []
-        if let source = status.tokenSource {
-            lines.append("Token source: \(source)")
-        }
-        if let probe = status.probe {
-            if probe.ok {
-                if let name = probe.bot?.username {
-                    lines.append("Bot: @\(name)")
-                }
-                if let elapsed = probe.elapsedMs {
-                    lines.append("Probe \(Int(elapsed))ms")
-                }
-            } else {
-                let code = probe.status.map { String($0) } ?? "unknown"
-                lines.append("Probe failed (\(code))")
-            }
-        }
-        if let last = self.date(fromMs: status.lastProbeAt) {
-            lines.append("Last probe \(relativeAge(from: last))")
-        }
-        if let err = status.lastError, !err.isEmpty {
-            lines.append("Error: \(err)")
-        }
-        return lines.isEmpty ? nil : lines.joined(separator: " · ")
-    }
-
-    var signalDetails: String? {
-        guard let status = self.store.snapshot?.signal else { return nil }
-        var lines: [String] = []
-        lines.append("Base URL: \(status.baseUrl)")
-        if let probe = status.probe {
-            if probe.ok {
-                if let version = probe.version, !version.isEmpty {
-                    lines.append("Version \(version)")
-                }
-                if let elapsed = probe.elapsedMs {
-                    lines.append("Probe \(Int(elapsed))ms")
-                }
-            } else {
-                let code = probe.status.map { String($0) } ?? "unknown"
-                lines.append("Probe failed (\(code))")
-            }
-        }
-        if let last = self.date(fromMs: status.lastProbeAt) {
-            lines.append("Last probe \(relativeAge(from: last))")
-        }
-        if let err = status.lastError, !err.isEmpty {
-            lines.append("Error: \(err)")
-        }
-        return lines.isEmpty ? nil : lines.joined(separator: " · ")
-    }
-
-    var imessageDetails: String? {
-        guard let status = self.store.snapshot?.imessage else { return nil }
-        var lines: [String] = []
-        if let cliPath = status.cliPath, !cliPath.isEmpty {
-            lines.append("CLI: \(cliPath)")
-        }
-        if let dbPath = status.dbPath, !dbPath.isEmpty {
-            lines.append("DB: \(dbPath)")
-        }
-        if let probe = status.probe, !probe.ok {
-            let err = probe.error ?? "probe failed"
-            lines.append("Probe error: \(err)")
-        }
-        if let last = self.date(fromMs: status.lastProbeAt) {
-            lines.append("Last probe \(relativeAge(from: last))")
-        }
-        if let err = status.lastError, !err.isEmpty {
-            lines.append("Error: \(err)")
-        }
-        return lines.isEmpty ? nil : lines.joined(separator: " · ")
-    }
-
-    var isTelegramTokenLocked: Bool {
-        self.store.snapshot?.telegram.tokenSource == "env"
-    }
-
-    var isDiscordTokenLocked: Bool {
-        self.store.snapshot?.discord?.tokenSource == "env"
-    }
-
-    var orderedProviders: [ConnectionProvider] {
-        ConnectionProvider.allCases.sorted { lhs, rhs in
-            let lhsEnabled = self.providerEnabled(lhs)
-            let rhsEnabled = self.providerEnabled(rhs)
-            if lhsEnabled != rhsEnabled { return lhsEnabled && !rhsEnabled }
-            return lhs.sortOrder < rhs.sortOrder
-        }
-    }
-
-    var enabledProviders: [ConnectionProvider] {
-        self.orderedProviders.filter { self.providerEnabled($0) }
-    }
-
-    var availableProviders: [ConnectionProvider] {
-        self.orderedProviders.filter { !self.providerEnabled($0) }
-    }
-
-    func ensureSelection() {
-        guard let selected = self.selectedProvider else {
-            self.selectedProvider = self.orderedProviders.first
-            return
-        }
-        if !self.orderedProviders.contains(selected) {
-            self.selectedProvider = self.orderedProviders.first
-        }
-    }
-
-    func providerEnabled(_ provider: ConnectionProvider) -> Bool {
-        switch provider {
-        case .whatsapp:
-            guard let status = self.store.snapshot?.whatsapp else { return false }
-            return status.configured || status.linked || status.running
-        case .telegram:
-            guard let status = self.store.snapshot?.telegram else { return false }
-            return status.configured || status.running
-        case .discord:
-            guard let status = self.store.snapshot?.discord else { return false }
-            return status.configured || status.running
-        case .signal:
-            guard let status = self.store.snapshot?.signal else { return false }
-            return status.configured || status.running
-        case .imessage:
-            guard let status = self.store.snapshot?.imessage else { return false }
-            return status.configured || status.running
-        }
-    }
-
-    @ViewBuilder
-    func providerSection(_ provider: ConnectionProvider) -> some View {
-        switch provider {
-        case .whatsapp:
-            self.whatsAppSection
-        case .telegram:
-            self.telegramSection
-        case .discord:
-            self.discordSection
-        case .signal:
-            self.signalSection
-        case .imessage:
-            self.imessageSection
-        }
-    }
-
-    func providerTint(_ provider: ConnectionProvider) -> Color {
-        switch provider {
-        case .whatsapp:
-            self.whatsAppTint
-        case .telegram:
-            self.telegramTint
-        case .discord:
-            self.discordTint
-        case .signal:
-            self.signalTint
-        case .imessage:
-            self.imessageTint
-        }
-    }
-
-    func providerSummary(_ provider: ConnectionProvider) -> String {
-        switch provider {
-        case .whatsapp:
-            self.whatsAppSummary
-        case .telegram:
-            self.telegramSummary
-        case .discord:
-            self.discordSummary
-        case .signal:
-            self.signalSummary
-        case .imessage:
-            self.imessageSummary
-        }
-    }
-
-    func providerDetails(_ provider: ConnectionProvider) -> String? {
-        switch provider {
-        case .whatsapp:
-            self.whatsAppDetails
-        case .telegram:
-            self.telegramDetails
-        case .discord:
-            self.discordDetails
-        case .signal:
-            self.signalDetails
-        case .imessage:
-            self.imessageDetails
-        }
-    }
-
-    func providerLastCheckText(_ provider: ConnectionProvider) -> String {
-        guard let date = self.providerLastCheck(provider) else { return "never" }
-        return relativeAge(from: date)
-    }
-
-    func providerLastCheck(_ provider: ConnectionProvider) -> Date? {
-        switch provider {
-        case .whatsapp:
-            guard let status = self.store.snapshot?.whatsapp else { return nil }
-            return self.date(fromMs: status.lastEventAt ?? status.lastMessageAt ?? status.lastConnectedAt)
-        case .telegram:
-            return self.date(fromMs: self.store.snapshot?.telegram.lastProbeAt)
-        case .discord:
-            return self.date(fromMs: self.store.snapshot?.discord?.lastProbeAt)
-        case .signal:
-            return self.date(fromMs: self.store.snapshot?.signal?.lastProbeAt)
-        case .imessage:
-            return self.date(fromMs: self.store.snapshot?.imessage?.lastProbeAt)
-        }
-    }
-
-    func providerHasError(_ provider: ConnectionProvider) -> Bool {
-        switch provider {
-        case .whatsapp:
-            guard let status = self.store.snapshot?.whatsapp else { return false }
-            return status.lastError?.isEmpty == false || status.lastDisconnect?.loggedOut == true
-        case .telegram:
-            guard let status = self.store.snapshot?.telegram else { return false }
-            return status.lastError?.isEmpty == false || status.probe?.ok == false
-        case .discord:
-            guard let status = self.store.snapshot?.discord else { return false }
-            return status.lastError?.isEmpty == false || status.probe?.ok == false
-        case .signal:
-            guard let status = self.store.snapshot?.signal else { return false }
-            return status.lastError?.isEmpty == false || status.probe?.ok == false
-        case .imessage:
-            guard let status = self.store.snapshot?.imessage else { return false }
-            return status.lastError?.isEmpty == false || status.probe?.ok == false
-        }
-    }
-}
--- a/apps/macos/Sources/Clawdbot/ConnectionsSettings.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsSettings.swift
@@ -1,63 +0,0 @@
-import AppKit
-import SwiftUI
-
-struct ConnectionsSettings: View {
-    enum ConnectionProvider: String, CaseIterable, Identifiable, Hashable {
-        case whatsapp
-        case telegram
-        case discord
-        case signal
-        case imessage
-
-        var id: String { self.rawValue }
-
-        var sortOrder: Int {
-            switch self {
-            case .whatsapp: 0
-            case .telegram: 1
-            case .discord: 2
-            case .signal: 3
-            case .imessage: 4
-            }
-        }
-
-        var title: String {
-            switch self {
-            case .whatsapp: "WhatsApp"
-            case .telegram: "Telegram"
-            case .discord: "Discord"
-            case .signal: "Signal"
-            case .imessage: "iMessage"
-            }
-        }
-
-        var detailTitle: String {
-            switch self {
-            case .whatsapp: "WhatsApp Web"
-            case .telegram: "Telegram Bot"
-            case .discord: "Discord Bot"
-            case .signal: "Signal REST"
-            case .imessage: "iMessage (imsg)"
-            }
-        }
-
-        var systemImage: String {
-            switch self {
-            case .whatsapp: "message"
-            case .telegram: "paperplane"
-            case .discord: "bubble.left.and.bubble.right"
-            case .signal: "antenna.radiowaves.left.and.right"
-            case .imessage: "message.fill"
-            }
-        }
-    }
-
-    @Bindable var store: ConnectionsStore
-    @State var selectedProvider: ConnectionProvider?
-    @State var showTelegramToken = false
-    @State var showDiscordToken = false
-
-    init(store: ConnectionsStore = .shared) {
-        self.store = store
-    }
-}
--- a/apps/macos/Sources/Clawdbot/ConnectionsStore+Config.swift
+++ b/apps/macos/Sources/Clawdbot/ConnectionsStore+Config.swift
@@ -1,556 +0,0 @@
-import ClawdbotProtocol
-import Foundation
-
-extension ConnectionsStore {
-    func loadConfig() async {
-        do {
-            let snap: ConfigSnapshot = try await GatewayConnection.shared.requestDecoded(
-                method: .configGet,
-                params: nil,
-                timeoutMs: 10000)
-            self.configStatus = snap.valid == false
-                ? "Config invalid; fix it in ~/.clawdbot/clawdbot.json."
-                : nil
-            self.configRoot = snap.config?.mapValues { $0.foundationValue } ?? [:]
-            self.configLoaded = true
-
-            self.applyUIConfig(snap)
-            self.applyTelegramConfig(snap)
-            self.applyDiscordConfig(snap)
-            self.applySignalConfig(snap)
-            self.applyIMessageConfig(snap)
-        } catch {
-            self.configStatus = error.localizedDescription
-        }
-    }
-
-    private func applyUIConfig(_ snap: ConfigSnapshot) {
-        let ui = snap.config?[
-            "ui",
-        ]?.dictionaryValue
-        let rawSeam = ui?[
-            "seamColor",
-        ]?.stringValue?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
-        AppStateStore.shared.seamColorHex = rawSeam.isEmpty ? nil : rawSeam
-    }
-
-    private func applyTelegramConfig(_ snap: ConfigSnapshot) {
-        let telegram = snap.config?["telegram"]?.dictionaryValue
-        self.telegramToken = telegram?["botToken"]?.stringValue ?? ""
-        self.telegramRequireMention = telegram?["requireMention"]?.boolValue ?? true
-        self.telegramAllowFrom = self.stringList(from: telegram?["allowFrom"]?.arrayValue)
-        self.telegramProxy = telegram?["proxy"]?.stringValue ?? ""
-        self.telegramWebhookUrl = telegram?["webhookUrl"]?.stringValue ?? ""
-        self.telegramWebhookSecret = telegram?["webhookSecret"]?.stringValue ?? ""
-        self.telegramWebhookPath = telegram?["webhookPath"]?.stringValue ?? ""
-    }
-
-    private func applyDiscordConfig(_ snap: ConfigSnapshot) {
-        let discord = snap.config?["discord"]?.dictionaryValue
-        self.discordEnabled = discord?["enabled"]?.boolValue ?? true
-        self.discordToken = discord?["token"]?.stringValue ?? ""
-
-        let discordDm = discord?["dm"]?.dictionaryValue
-        self.discordDmEnabled = discordDm?["enabled"]?.boolValue ?? true
-        self.discordAllowFrom = self.stringList(from: discordDm?["allowFrom"]?.arrayValue)
-        self.discordGroupEnabled = discordDm?["groupEnabled"]?.boolValue ?? false
-        self.discordGroupChannels = self.stringList(from: discordDm?["groupChannels"]?.arrayValue)
-        self.discordMediaMaxMb = self.numberString(from: discord?["mediaMaxMb"])
-        self.discordHistoryLimit = self.numberString(from: discord?["historyLimit"])
-        self.discordTextChunkLimit = self.numberString(from: discord?["textChunkLimit"])
-        self.discordReplyToMode = self.replyMode(from: discord?["replyToMode"]?.stringValue)
-        self.discordGuilds = self.decodeDiscordGuilds(discord?["guilds"]?.dictionaryValue)
-
-        let discordActions = discord?["actions"]?.dictionaryValue
-        self.discordActionReactions = discordActions?["reactions"]?.boolValue ?? true
-        self.discordActionStickers = discordActions?["stickers"]?.boolValue ?? true
-        self.discordActionPolls = discordActions?["polls"]?.boolValue ?? true
-        self.discordActionPermissions = discordActions?["permissions"]?.boolValue ?? true
-        self.discordActionMessages = discordActions?["messages"]?.boolValue ?? true
-        self.discordActionThreads = discordActions?["threads"]?.boolValue ?? true
-        self.discordActionPins = discordActions?["pins"]?.boolValue ?? true
-        self.discordActionSearch = discordActions?["search"]?.boolValue ?? true
-        self.discordActionMemberInfo = discordActions?["memberInfo"]?.boolValue ?? true
-        self.discordActionRoleInfo = discordActions?["roleInfo"]?.boolValue ?? true
-        self.discordActionChannelInfo = discordActions?["channelInfo"]?.boolValue ?? true
-        self.discordActionVoiceStatus = discordActions?["voiceStatus"]?.boolValue ?? true
-        self.discordActionEvents = discordActions?["events"]?.boolValue ?? true
-        self.discordActionRoles = discordActions?["roles"]?.boolValue ?? false
-        self.discordActionModeration = discordActions?["moderation"]?.boolValue ?? false
-
-        let slash = discord?["slashCommand"]?.dictionaryValue
-        self.discordSlashEnabled = slash?["enabled"]?.boolValue ?? false
-        self.discordSlashName = slash?["name"]?.stringValue ?? ""
-        self.discordSlashSessionPrefix = slash?["sessionPrefix"]?.stringValue ?? ""
-        self.discordSlashEphemeral = slash?["ephemeral"]?.boolValue ?? true
-    }
-
-    private func decodeDiscordGuilds(_ guilds: [String: AnyCodable]?) -> [DiscordGuildForm] {
-        guard let guilds else { return [] }
-        return guilds
-            .map { key, value in
-                let entry = value.dictionaryValue ?? [:]
-                let slug = entry["slug"]?.stringValue ?? ""
-                let requireMention = entry["requireMention"]?.boolValue ?? false
-                let reactionModeRaw = entry["reactionNotifications"]?.stringValue ?? ""
-                let reactionNotifications = ["off", "own", "all", "allowlist"].contains(reactionModeRaw)
-                    ? reactionModeRaw
-                    : "own"
-                let users = self.stringList(from: entry["users"]?.arrayValue)
-                let channels: [DiscordGuildChannelForm] = if let channelMap = entry["channels"]?.dictionaryValue {
-                    channelMap.map { channelKey, channelValue in
-                        let channelEntry = channelValue.dictionaryValue ?? [:]
-                        let allow = channelEntry["allow"]?.boolValue ?? true
-                        let channelRequireMention = channelEntry["requireMention"]?.boolValue ?? false
-                        return DiscordGuildChannelForm(
-                            key: channelKey,
-                            allow: allow,
-                            requireMention: channelRequireMention)
-                    }
-                } else {
-                    []
-                }
-                return DiscordGuildForm(
-                    key: key,
-                    slug: slug,
-                    requireMention: requireMention,
-                    reactionNotifications: reactionNotifications,
-                    users: users,
-                    channels: channels)
-            }
-            .sorted { $0.key < $1.key }
-    }
-
-    private func applySignalConfig(_ snap: ConfigSnapshot) {
-        let signal = snap.config?["signal"]?.dictionaryValue
-        self.signalEnabled = signal?["enabled"]?.boolValue ?? true
-        self.signalAccount = signal?["account"]?.stringValue ?? ""
-        self.signalHttpUrl = signal?["httpUrl"]?.stringValue ?? ""
-        self.signalHttpHost = signal?["httpHost"]?.stringValue ?? ""
-        self.signalHttpPort = self.numberString(from: signal?["httpPort"])
-        self.signalCliPath = signal?["cliPath"]?.stringValue ?? ""
-        self.signalAutoStart = signal?["autoStart"]?.boolValue ?? true
-        self.signalReceiveMode = signal?["receiveMode"]?.stringValue ?? ""
-        self.signalIgnoreAttachments = signal?["ignoreAttachments"]?.boolValue ?? false
-        self.signalIgnoreStories = signal?["ignoreStories"]?.boolValue ?? false
-        self.signalSendReadReceipts = signal?["sendReadReceipts"]?.boolValue ?? false
-        self.signalAllowFrom = self.stringList(from: signal?["allowFrom"]?.arrayValue)
-        self.signalMediaMaxMb = self.numberString(from: signal?["mediaMaxMb"])
-    }
-
-    private func applyIMessageConfig(_ snap: ConfigSnapshot) {
-        let imessage = snap.config?["imessage"]?.dictionaryValue
-        self.imessageEnabled = imessage?["enabled"]?.boolValue ?? true
-        self.imessageCliPath = imessage?["cliPath"]?.stringValue ?? ""
-        self.imessageDbPath = imessage?["dbPath"]?.stringValue ?? ""
-        self.imessageService = imessage?["service"]?.stringValue ?? "auto"
-        self.imessageRegion = imessage?["region"]?.stringValue ?? ""
-        self.imessageAllowFrom = self.stringList(from: imessage?["allowFrom"]?.arrayValue)
-        self.imessageIncludeAttachments = imessage?["includeAttachments"]?.boolValue ?? false
-        self.imessageMediaMaxMb = self.numberString(from: imessage?["mediaMaxMb"])
-    }
-
-    func saveTelegramConfig() async {
-        guard !self.isSavingConfig else { return }
-        self.isSavingConfig = true
-        defer { self.isSavingConfig = false }
-        if !self.configLoaded {
-            await self.loadConfig()
-        }
-
-        var telegram: [String: Any] = (self.configRoot["telegram"] as? [String: Any]) ?? [:]
-        let token = self.trimmed(self.telegramToken)
-        if token.isEmpty {
-            telegram.removeValue(forKey: "botToken")
-        } else {
-            telegram["botToken"] = token
-        }
-
-        telegram["requireMention"] = self.telegramRequireMention
-
-        let allow = self.splitCsv(self.telegramAllowFrom)
-        if allow.isEmpty {
-            telegram.removeValue(forKey: "allowFrom")
-        } else {
-            telegram["allowFrom"] = allow
-        }
-
-        self.setOptionalString(&telegram, key: "proxy", value: self.telegramProxy)
-        self.setOptionalString(&telegram, key: "webhookUrl", value: self.telegramWebhookUrl)
-        self.setOptionalString(&telegram, key: "webhookSecret", value: self.telegramWebhookSecret)
-        self.setOptionalString(&telegram, key: "webhookPath", value: self.telegramWebhookPath)
-
-        self.setSection("telegram", payload: telegram)
-        await self.persistConfig()
-    }
-
-    func saveDiscordConfig() async {
-        guard !self.isSavingConfig else { return }
-        self.isSavingConfig = true
-        defer { self.isSavingConfig = false }
-        if !self.configLoaded {
-            await self.loadConfig()
-        }
-
-        let discord = self.buildDiscordConfig()
-        self.setSection("discord", payload: discord)
-        await self.persistConfig()
-    }
-
-    func saveSignalConfig() async {
-        guard !self.isSavingConfig else { return }
-        self.isSavingConfig = true
-        defer { self.isSavingConfig = false }
-        if !self.configLoaded {
-            await self.loadConfig()
-        }
-
-        var signal: [String: Any] = (self.configRoot["signal"] as? [String: Any]) ?? [:]
-        if self.signalEnabled {
-            signal.removeValue(forKey: "enabled")
-        } else {
-            signal["enabled"] = false
-        }
-
-        self.setOptionalString(&signal, key: "account", value: self.signalAccount)
-        self.setOptionalString(&signal, key: "httpUrl", value: self.signalHttpUrl)
-        self.setOptionalString(&signal, key: "httpHost", value: self.signalHttpHost)
-        self.setOptionalNumber(&signal, key: "httpPort", value: self.signalHttpPort)
-        self.setOptionalString(&signal, key: "cliPath", value: self.signalCliPath)
-
-        if self.signalAutoStart {
-            signal.removeValue(forKey: "autoStart")
-        } else {
-            signal["autoStart"] = false
-        }
-
-        self.setOptionalString(&signal, key: "receiveMode", value: self.signalReceiveMode)
-
-        self.setOptionalBool(&signal, key: "ignoreAttachments", value: self.signalIgnoreAttachments)
-        self.setOptionalBool(&signal, key: "ignoreStories", value: self.signalIgnoreStories)
-        self.setOptionalBool(&signal, key: "sendReadReceipts", value: self.signalSendReadReceipts)
-
-        let allow = self.splitCsv(self.signalAllowFrom)
-        if allow.isEmpty {
-            signal.removeValue(forKey: "allowFrom")
-        } else {
-            signal["allowFrom"] = allow
-        }
-
-        self.setOptionalNumber(&signal, key: "mediaMaxMb", value: self.signalMediaMaxMb)
-
-        self.setSection("signal", payload: signal)
-        await self.persistConfig()
-    }
-
-    func saveIMessageConfig() async {
-        guard !self.isSavingConfig else { return }
-        self.isSavingConfig = true
-        defer { self.isSavingConfig = false }
-        if !self.configLoaded {
-            await self.loadConfig()
-        }
-
-        var imessage: [String: Any] = (self.configRoot["imessage"] as? [String: Any]) ?? [:]
-        if self.imessageEnabled {
-            imessage.removeValue(forKey: "enabled")
-        } else {
-            imessage["enabled"] = false
-        }
-
-        self.setOptionalString(&imessage, key: "cliPath", value: self.imessageCliPath)
-        self.setOptionalString(&imessage, key: "dbPath", value: self.imessageDbPath)
-
-        let service = self.trimmed(self.imessageService)
-        if service.isEmpty || service == "auto" {
-            imessage.removeValue(forKey: "service")
-        } else {
-            imessage["service"] = service
-        }
-
-        self.setOptionalString(&imessage, key: "region", value: self.imessageRegion)
-
-        let allow = self.splitCsv(self.imessageAllowFrom)
-        if allow.isEmpty {
-            imessage.removeValue(forKey: "allowFrom")
-        } else {
-            imessage["allowFrom"] = allow
-        }
-
-        self.setOptionalBool(&imessage, key: "includeAttachments", value: self.imessageIncludeAttachments)
-        self.setOptionalNumber(&imessage, key: "mediaMaxMb", value: self.imessageMediaMaxMb)
-
-        self.setSection("imessage", payload: imessage)
-        await self.persistConfig()
-    }
-
-    private func buildDiscordConfig() -> [String: Any] {
-        var discord: [String: Any] = (self.configRoot["discord"] as? [String: Any]) ?? [:]
-        if self.discordEnabled {
-            discord.removeValue(forKey: "enabled")
-        } else {
-            discord["enabled"] = false
-        }
-        self.setOptionalString(&discord, key: "token", value: self.discordToken)
-
-        if let dm = self.buildDiscordDmConfig(base: discord["dm"] as? [String: Any] ?? [:]) {
-            discord["dm"] = dm
-        } else {
-            discord.removeValue(forKey: "dm")
-        }
-
-        self.setOptionalNumber(&discord, key: "mediaMaxMb", value: self.discordMediaMaxMb)
-        self.setOptionalInt(&discord, key: "historyLimit", value: self.discordHistoryLimit, allowZero: true)
-        self.setOptionalInt(&discord, key: "textChunkLimit", value: self.discordTextChunkLimit, allowZero: false)
-
-        let replyToMode = self.trimmed(self.discordReplyToMode)
-        if replyToMode.isEmpty || replyToMode == "off" {
-            discord.removeValue(forKey: "replyToMode")
-        } else if ["first", "all"].contains(replyToMode) {
-            discord["replyToMode"] = replyToMode
-        } else {
-            discord.removeValue(forKey: "replyToMode")
-        }
-
-        if let guilds = self.buildDiscordGuildsConfig() {
-            discord["guilds"] = guilds
-        } else {
-            discord.removeValue(forKey: "guilds")
-        }
-
-        if let actions = self.buildDiscordActionsConfig(base: discord["actions"] as? [String: Any] ?? [:]) {
-            discord["actions"] = actions
-        } else {
-            discord.removeValue(forKey: "actions")
-        }
-
-        if let slash = self.buildDiscordSlashConfig(base: discord["slashCommand"] as? [String: Any] ?? [:]) {
-            discord["slashCommand"] = slash
-        } else {
-            discord.removeValue(forKey: "slashCommand")
-        }
-
-        return discord
-    }
-
-    private func buildDiscordDmConfig(base: [String: Any]) -> [String: Any]? {
-        var dm = base
-        if self.discordDmEnabled {
-            dm.removeValue(forKey: "enabled")
-        } else {
-            dm["enabled"] = false
-        }
-        let allow = self.splitCsv(self.discordAllowFrom)
-        if allow.isEmpty {
-            dm.removeValue(forKey: "allowFrom")
-        } else {
-            dm["allowFrom"] = allow
-        }
-
-        if self.discordGroupEnabled {
-            dm["groupEnabled"] = true
-        } else {
-            dm.removeValue(forKey: "groupEnabled")
-        }
-
-        let groupChannels = self.splitCsv(self.discordGroupChannels)
-        if groupChannels.isEmpty {
-            dm.removeValue(forKey: "groupChannels")
-        } else {
-            dm["groupChannels"] = groupChannels
-        }
-
-        return dm.isEmpty ? nil : dm
-    }
-
-    private func buildDiscordGuildsConfig() -> [String: Any]? {
-        let guilds: [String: Any] = self.discordGuilds.reduce(into: [:]) { result, entry in
-            let key = self.trimmed(entry.key)
-            guard !key.isEmpty else { return }
-            var payload: [String: Any] = [:]
-            let slug = self.trimmed(entry.slug)
-            if !slug.isEmpty { payload["slug"] = slug }
-            if entry.requireMention { payload["requireMention"] = true }
-            if ["off", "own", "all", "allowlist"].contains(entry.reactionNotifications) {
-                payload["reactionNotifications"] = entry.reactionNotifications
-            }
-            let users = self.splitCsv(entry.users)
-            if !users.isEmpty { payload["users"] = users }
-            let channels: [String: Any] = entry.channels.reduce(into: [:]) { channelsResult, channel in
-                let channelKey = self.trimmed(channel.key)
-                guard !channelKey.isEmpty else { return }
-                var channelPayload: [String: Any] = [:]
-                if !channel.allow { channelPayload["allow"] = false }
-                if channel.requireMention { channelPayload["requireMention"] = true }
-                channelsResult[channelKey] = channelPayload
-            }
-            if !channels.isEmpty { payload["channels"] = channels }
-            result[key] = payload
-        }
-        return guilds.isEmpty ? nil : guilds
-    }
-
-    private func buildDiscordActionsConfig(base: [String: Any]) -> [String: Any]? {
-        var actions = base
-        self.setAction(&actions, key: "reactions", value: self.discordActionReactions, defaultValue: true)
-        self.setAction(&actions, key: "stickers", value: self.discordActionStickers, defaultValue: true)
-        self.setAction(&actions, key: "polls", value: self.discordActionPolls, defaultValue: true)
-        self.setAction(&actions, key: "permissions", value: self.discordActionPermissions, defaultValue: true)
-        self.setAction(&actions, key: "messages", value: self.discordActionMessages, defaultValue: true)
-        self.setAction(&actions, key: "threads", value: self.discordActionThreads, defaultValue: true)
-        self.setAction(&actions, key: "pins", value: self.discordActionPins, defaultValue: true)
-        self.setAction(&actions, key: "search", value: self.discordActionSearch, defaultValue: true)
-        self.setAction(&actions, key: "memberInfo", value: self.discordActionMemberInfo, defaultValue: true)
-        self.setAction(&actions, key: "roleInfo", value: self.discordActionRoleInfo, defaultValue: true)
-        self.setAction(&actions, key: "channelInfo", value: self.discordActionChannelInfo, defaultValue: true)
-        self.setAction(&actions, key: "voiceStatus", value: self.discordActionVoiceStatus, defaultValue: true)
-        self.setAction(&actions, key: "events", value: self.discordActionEvents, defaultValue: true)
-        self.setAction(&actions, key: "roles", value: self.discordActionRoles, defaultValue: false)
-        self.setAction(&actions, key: "moderation", value: self.discordActionModeration, defaultValue: false)
-        return actions.isEmpty ? nil : actions
-    }
-
-    private func buildDiscordSlashConfig(base: [String: Any]) -> [String: Any]? {
-        var slash = base
-        if self.discordSlashEnabled {
-            slash["enabled"] = true
-        } else {
-            slash.removeValue(forKey: "enabled")
-        }
-        self.setOptionalString(&slash, key: "name", value: self.discordSlashName)
-        self.setOptionalString(&slash, key: "sessionPrefix", value: self.discordSlashSessionPrefix)
-        if self.discordSlashEphemeral {
-            slash.removeValue(forKey: "ephemeral")
-        } else {
-            slash["ephemeral"] = false
-        }
-        return slash.isEmpty ? nil : slash
-    }
-
-    private func persistConfig() async {
-        do {
-            let data = try JSONSerialization.data(
-                withJSONObject: self.configRoot,
-                options: [.prettyPrinted, .sortedKeys])
-            guard let raw = String(data: data, encoding: .utf8) else {
-                self.configStatus = "Failed to encode config."
-                return
-            }
-            let params: [String: AnyCodable] = ["raw": AnyCodable(raw)]
-            _ = try await GatewayConnection.shared.requestRaw(
-                method: .configSet,
-                params: params,
-                timeoutMs: 10000)
-            self.configStatus = "Saved to ~/.clawdbot/clawdbot.json."
-            await self.refresh(probe: true)
-        } catch {
-            self.configStatus = error.localizedDescription
-        }
-    }
-
-    private func setSection(_ key: String, payload: [String: Any]) {
-        if payload.isEmpty {
-            self.configRoot.removeValue(forKey: key)
-        } else {
-            self.configRoot[key] = payload
-        }
-    }
-
-    private func stringList(from values: [AnyCodable]?) -> String {
-        guard let values else { return "" }
-        let strings = values.compactMap { entry -> String? in
-            if let str = entry.stringValue { return str }
-            if let intVal = entry.intValue { return String(intVal) }
-            if let doubleVal = entry.doubleValue { return String(Int(doubleVal)) }
-            return nil
-        }
-        return strings.joined(separator: ", ")
-    }
-
-    private func numberString(from value: AnyCodable?) -> String {
-        if let number = value?.doubleValue ?? value?.intValue.map(Double.init) {
-            return String(Int(number))
-        }
-        return ""
-    }
-
-    private func replyMode(from value: String?) -> String {
-        if let value, ["off", "first", "all"].contains(value) {
-            return value
-        }
-        return "off"
-    }
-
-    private func splitCsv(_ value: String) -> [String] {
-        value
-            .split(separator: ",")
-            .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
-            .filter { !$0.isEmpty }
-    }
-
-    private func trimmed(_ value: String) -> String {
-        value.trimmingCharacters(in: .whitespacesAndNewlines)
-    }
-
-    private func setOptionalString(_ target: inout [String: Any], key: String, value: String) {
-        let trimmed = self.trimmed(value)
-        if trimmed.isEmpty {
-            target.removeValue(forKey: key)
-        } else {
-            target[key] = trimmed
-        }
-    }
-
-    private func setOptionalNumber(_ target: inout [String: Any], key: String, value: String) {
-        let trimmed = self.trimmed(value)
-        if trimmed.isEmpty {
-            target.removeValue(forKey: key)
-        } else if let number = Double(trimmed) {
-            target[key] = number
-        }
-    }
-
-    private func setOptionalInt(
-        _ target: inout [String: Any],
-        key: String,
-        value: String,
-        allowZero: Bool)
-    {
-        let trimmed = self.trimmed(value)
-        if trimmed.isEmpty {
-            target.removeValue(forKey: key)
-            return
-        }
-        guard let number = Int(trimmed) else {
-            target.removeValue(forKey: key)
-            return
-        }
-        let isValid = allowZero ? number >= 0 : number > 0
-        guard isValid else {
-            target.removeValue(forKey: key)
-            return
-        }
-        target[key] = number
-    }
-
-    private func setOptionalBool(_ target: inout [String: Any], key: String, value: Bool) {
-        if value {
-            target[key] = true
-        } else {
-            target.removeValue(forKey: key)
-        }
-    }
-
-    private func setAction(
-        _ actions: inout [String: Any],
-        key: String,
-        value: Bool,
-        defaultValue: Bool)
-    {
-        if value == defaultValue {
-            actions.removeValue(forKey: key)
-        } else {
-            actions[key] = value
-        }
-    }
-}
--- a/apps/macos/Sources/Clawdbot/Constants.swift
+++ b/apps/macos/Sources/Clawdbot/Constants.swift
@@ -26,15 +26,17 @@ let remoteProjectRootKey = "clawdbot.remoteProjectRoot"
 let remoteCliPathKey = "clawdbot.remoteCliPath"
 let canvasEnabledKey = "clawdbot.canvasEnabled"
 let cameraEnabledKey = "clawdbot.cameraEnabled"
+let systemRunPolicyKey = "clawdbot.systemRunPolicy"
+let systemRunAllowlistKey = "clawdbot.systemRunAllowlist"
+let systemRunEnabledKey = "clawdbot.systemRunEnabled"
 let locationModeKey = "clawdbot.locationMode"
 let locationPreciseKey = "clawdbot.locationPreciseEnabled"
 let peekabooBridgeEnabledKey = "clawdbot.peekabooBridgeEnabled"
 let deepLinkKeyKey = "clawdbot.deepLinkKey"
 let modelCatalogPathKey = "clawdbot.modelCatalogPath"
 let modelCatalogReloadKey = "clawdbot.modelCatalogReload"
-let attachExistingGatewayOnlyKey = "clawdbot.gateway.attachExistingOnly"
+let cliInstallPromptedVersionKey = "clawdbot.cliInstallPromptedVersion"
 let heartbeatsEnabledKey = "clawdbot.heartbeatsEnabled"
 let debugFileLogEnabledKey = "clawdbot.debug.fileLogEnabled"
 let appLogLevelKey = "clawdbot.debug.appLogLevel"
 let voiceWakeSupported: Bool = ProcessInfo.processInfo.operatingSystemVersion.majorVersion >= 26
-let cliHelperSearchPaths = ["/usr/local/bin", "/opt/homebrew/bin"]
--- a/apps/macos/Sources/Clawdbot/ControlChannel.swift
+++ b/apps/macos/Sources/Clawdbot/ControlChannel.swift
@@ -108,6 +108,7 @@ final class ControlChannel {
                self.logger.info(
                    "control channel configure mode=remote " +
                        "target=\(target, privacy: .public) identitySet=\(idSet, privacy: .public)")
+                self.state = .connecting
                _ = try await GatewayEndpointStore.shared.ensureRemoteControlTunnel()
                await self.configure()
            } catch {
@@ -182,7 +183,7 @@ final class ControlChannel {
        {
            let reason = urlErr.failureURLString ?? urlErr.localizedDescription
            return
-                "Gateway rejected token; set CLAWDBOT_GATEWAY_TOKEN in the mac app environment " +
+                "Gateway rejected token; set gateway.auth.token (or CLAWDBOT_GATEWAY_TOKEN) " +
                "or clear it on the gateway. " +
                "Reason: \(reason)"
        }
@@ -211,12 +212,6 @@ final class ControlChannel {
                return "Gateway connection was closed; start the gateway (localhost:\(port)) and retry."
            case .cannotFindHost, .cannotConnectToHost:
                let isRemote = CommandResolver.connectionModeIsRemote()
-                if AppStateStore.attachExistingGatewayOnly, !isRemote {
-                    return """
-                    Cannot reach gateway at localhost:\(port) and “Attach existing gateway only” is enabled.
-                    Disable it in Debug Settings or start a gateway on that port.
-                    """
-                }
                if isRemote {
                    return """
                    Cannot reach gateway at localhost:\(port).
--- a/apps/macos/Sources/Clawdbot/CronJobEditor+Helpers.swift
+++ b/apps/macos/Sources/Clawdbot/CronJobEditor+Helpers.swift
@@ -13,7 +13,9 @@ extension CronJobEditor {
        guard let job else { return }
        self.name = job.name
        self.description = job.description ?? ""
+        self.agentId = job.agentId ?? ""
        self.enabled = job.enabled
+        self.deleteAfterRun = job.deleteAfterRun ?? false
        self.sessionTarget = job.sessionTarget
        self.wakeMode = job.wakeMode

@@ -34,13 +36,13 @@ extension CronJobEditor {
        case let .systemEvent(text):
            self.payloadKind = .systemEvent
            self.systemEventText = text
-        case let .agentTurn(message, thinking, timeoutSeconds, deliver, provider, to, bestEffortDeliver):
+        case let .agentTurn(message, thinking, timeoutSeconds, deliver, channel, to, bestEffortDeliver):
            self.payloadKind = .agentTurn
            self.agentMessage = message
            self.thinking = thinking ?? ""
            self.timeoutSeconds = timeoutSeconds.map(String.init) ?? ""
            self.deliver = deliver ?? false
-            self.provider = GatewayAgentProvider(raw: provider)
+            self.channel = GatewayAgentChannel(raw: channel)
            self.to = to ?? ""
            self.bestEffortDeliver = bestEffortDeliver ?? false
        }
@@ -59,18 +61,60 @@ extension CronJobEditor {
    }

    func buildPayload() throws -> [String: AnyCodable] {
-        let name = self.name.trimmingCharacters(in: .whitespacesAndNewlines)
+        let name = try self.requireName()
+        let description = self.trimmed(self.description)
+        let agentId = self.trimmed(self.agentId)
+        let schedule = try self.buildSchedule()
+        let payload = try self.buildSelectedPayload()
+
+        try self.validateSessionTarget(payload)
+        try self.validatePayloadRequiredFields(payload)
+
+        var root: [String: Any] = [
+            "name": name,
+            "enabled": self.enabled,
+            "schedule": schedule,
+            "sessionTarget": self.sessionTarget.rawValue,
+            "wakeMode": self.wakeMode.rawValue,
+            "payload": payload,
+        ]
+        self.applyDeleteAfterRun(to: &root)
+        if !description.isEmpty { root["description"] = description }
+        if !agentId.isEmpty {
+            root["agentId"] = agentId
+        } else if self.job?.agentId != nil {
+            root["agentId"] = NSNull()
+        }
+
+        if self.sessionTarget == .isolated {
+            let trimmed = self.postPrefix.trimmingCharacters(in: .whitespacesAndNewlines)
+            root["isolation"] = [
+                "postToMainPrefix": trimmed.isEmpty ? "Cron" : trimmed,
+            ]
+        }
+
+        return root.mapValues { AnyCodable($0) }
+    }
+
+    func trimmed(_ value: String) -> String {
+        value.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+
+    func requireName() throws -> String {
+        let name = self.trimmed(self.name)
        if name.isEmpty {
            throw NSError(
                domain: "Cron",
                code: 0,
                userInfo: [NSLocalizedDescriptionKey: "Name is required."])
        }
-        let description = self.description.trimmingCharacters(in: .whitespacesAndNewlines)
-        let schedule: [String: Any]
+        return name
+    }
+
+    func buildSchedule() throws -> [String: Any] {
        switch self.scheduleKind {
        case .at:
-            schedule = ["kind": "at", "atMs": Int(self.atDate.timeIntervalSince1970 * 1000)]
+            return ["kind": "at", "atMs": Int(self.atDate.timeIntervalSince1970 * 1000)]
        case .every:
            guard let ms = Self.parseDurationMs(self.everyText) else {
                throw NSError(
@@ -78,34 +122,35 @@ extension CronJobEditor {
                    code: 0,
                    userInfo: [NSLocalizedDescriptionKey: "Invalid every duration (use 10m, 1h, 1d)."])
            }
-            schedule = ["kind": "every", "everyMs": ms]
+            return ["kind": "every", "everyMs": ms]
        case .cron:
-            let expr = self.cronExpr.trimmingCharacters(in: .whitespacesAndNewlines)
+            let expr = self.trimmed(self.cronExpr)
            if expr.isEmpty {
                throw NSError(
                    domain: "Cron",
                    code: 0,
                    userInfo: [NSLocalizedDescriptionKey: "Cron expression is required."])
            }
-            let tz = self.cronTz.trimmingCharacters(in: .whitespacesAndNewlines)
+            let tz = self.trimmed(self.cronTz)
            if tz.isEmpty {
-                schedule = ["kind": "cron", "expr": expr]
-            } else {
-                schedule = ["kind": "cron", "expr": expr, "tz": tz]
+                return ["kind": "cron", "expr": expr]
            }
+            return ["kind": "cron", "expr": expr, "tz": tz]
        }
+    }

-        let payload: [String: Any] = {
-            if self.sessionTarget == .isolated { return self.buildAgentTurnPayload() }
-            switch self.payloadKind {
-            case .systemEvent:
-                let text = self.systemEventText.trimmingCharacters(in: .whitespacesAndNewlines)
-                return ["kind": "systemEvent", "text": text]
-            case .agentTurn:
-                return self.buildAgentTurnPayload()
-            }
-        }()
+    func buildSelectedPayload() throws -> [String: Any] {
+        if self.sessionTarget == .isolated { return self.buildAgentTurnPayload() }
+        switch self.payloadKind {
+        case .systemEvent:
+            let text = self.trimmed(self.systemEventText)
+            return ["kind": "systemEvent", "text": text]
+        case .agentTurn:
+            return self.buildAgentTurnPayload()
+        }
+    }

+    func validateSessionTarget(_ payload: [String: Any]) throws {
        if self.sessionTarget == .main, payload["kind"] as? String == "agentTurn" {
            throw NSError(
                domain: "Cron",
@@ -122,7 +167,9 @@ extension CronJobEditor {
                code: 0,
                userInfo: [NSLocalizedDescriptionKey: "Isolated jobs require agentTurn payloads."])
        }
+    }

+    func validatePayloadRequiredFields(_ payload: [String: Any]) throws {
        if payload["kind"] as? String == "systemEvent" {
            if (payload["text"] as? String ?? "").isEmpty {
                throw NSError(
@@ -130,7 +177,8 @@ extension CronJobEditor {
                    code: 0,
                    userInfo: [NSLocalizedDescriptionKey: "System event text is required."])
            }
-        } else if payload["kind"] as? String == "agentTurn" {
+        }
+        if payload["kind"] as? String == "agentTurn" {
            if (payload["message"] as? String ?? "").isEmpty {
                throw NSError(
                    domain: "Cron",
@@ -138,25 +186,20 @@ extension CronJobEditor {
                    userInfo: [NSLocalizedDescriptionKey: "Agent message is required."])
            }
        }
+    }

-        var root: [String: Any] = [
-            "name": name,
-            "enabled": self.enabled,
-            "schedule": schedule,
-            "sessionTarget": self.sessionTarget.rawValue,
-            "wakeMode": self.wakeMode.rawValue,
-            "payload": payload,
-        ]
-        if !description.isEmpty { root["description"] = description }
-
-        if self.sessionTarget == .isolated {
-            let trimmed = self.postPrefix.trimmingCharacters(in: .whitespacesAndNewlines)
-            root["isolation"] = [
-                "postToMainPrefix": trimmed.isEmpty ? "Cron" : trimmed,
-            ]
+    func applyDeleteAfterRun(
+        to root: inout [String: Any],
+        scheduleKind: ScheduleKind? = nil,
+        deleteAfterRun: Bool? = nil)
+    {
+        let resolvedSchedule = scheduleKind ?? self.scheduleKind
+        let resolvedDelete = deleteAfterRun ?? self.deleteAfterRun
+        if resolvedSchedule == .at {
+            root["deleteAfterRun"] = resolvedDelete
+        } else if self.job?.deleteAfterRun != nil {
+            root["deleteAfterRun"] = false
        }
-
-        return root.mapValues { AnyCodable($0) }
    }

    func buildAgentTurnPayload() -> [String: Any] {
@@ -167,7 +210,7 @@ extension CronJobEditor {
        if let n = Int(self.timeoutSeconds), n > 0 { payload["timeoutSeconds"] = n }
        payload["deliver"] = self.deliver
        if self.deliver {
-            payload["provider"] = self.provider.rawValue
+            payload["channel"] = self.channel.rawValue
            let to = self.to.trimmingCharacters(in: .whitespacesAndNewlines)
            if !to.isEmpty { payload["to"] = to }
            payload["bestEffortDeliver"] = self.bestEffortDeliver
--- a/apps/macos/Sources/Clawdbot/CronJobEditor+Testing.swift
+++ b/apps/macos/Sources/Clawdbot/CronJobEditor+Testing.swift
@@ -3,6 +3,7 @@ extension CronJobEditor {
    mutating func exerciseForTesting() {
        self.name = "Test job"
        self.description = "Test description"
+        self.agentId = "ops"
        self.enabled = true
        self.sessionTarget = .isolated
        self.wakeMode = .now
@@ -13,7 +14,7 @@ extension CronJobEditor {
        self.payloadKind = .agentTurn
        self.agentMessage = "Run diagnostic"
        self.deliver = true
-        self.provider = .last
+        self.channel = .last
        self.to = "+15551230000"
        self.thinking = "low"
        self.timeoutSeconds = "90"
--- a/apps/macos/Sources/Clawdbot/CronJobEditor.swift
+++ b/apps/macos/Sources/Clawdbot/CronJobEditor.swift
@@ -18,7 +18,7 @@ struct CronJobEditor: View {
    static let scheduleKindNote =
        "“At” runs once, “Every” repeats with a duration, “Cron” uses a 5-field Unix expression."
    static let isolatedPayloadNote =
-        "Isolated jobs always run an agent turn. The result can be delivered to a provider, "
+        "Isolated jobs always run an agent turn. The result can be delivered to a channel, "
            + "and a short summary is posted back to your main chat."
    static let mainPayloadNote =
        "System events are injected into the current main session. Agent turns require an isolated session target."
@@ -27,9 +27,11 @@ struct CronJobEditor: View {

    @State var name: String = ""
    @State var description: String = ""
+    @State var agentId: String = ""
    @State var enabled: Bool = true
    @State var sessionTarget: CronSessionTarget = .main
    @State var wakeMode: CronWakeMode = .nextHeartbeat
+    @State var deleteAfterRun: Bool = false

    enum ScheduleKind: String, CaseIterable, Identifiable { case at, every, cron; var id: String { rawValue } }
    @State var scheduleKind: ScheduleKind = .every
@@ -43,7 +45,7 @@ struct CronJobEditor: View {
    @State var systemEventText: String = ""
    @State var agentMessage: String = ""
    @State var deliver: Bool = false
-    @State var provider: GatewayAgentProvider = .last
+    @State var channel: GatewayAgentChannel = .last
    @State var to: String = ""
    @State var thinking: String = ""
    @State var timeoutSeconds: String = ""
@@ -77,6 +79,12 @@ struct CronJobEditor: View {
                                    .textFieldStyle(.roundedBorder)
                                    .frame(maxWidth: .infinity)
                            }
+                            GridRow {
+                                self.gridLabel("Agent ID")
+                                TextField("Optional (default agent)", text: self.$agentId)
+                                    .textFieldStyle(.roundedBorder)
+                                    .frame(maxWidth: .infinity)
+                            }
                            GridRow {
                                self.gridLabel("Enabled")
                                Toggle("", isOn: self.$enabled)
@@ -149,6 +157,11 @@ struct CronJobEditor: View {
                                        .labelsHidden()
                                        .frame(maxWidth: .infinity, alignment: .leading)
                                }
+                                GridRow {
+                                    self.gridLabel("Auto-delete")
+                                    Toggle("Delete after successful run", isOn: self.$deleteAfterRun)
+                                        .toggleStyle(.switch)
+                                }
                            case .every:
                                GridRow {
                                    self.gridLabel("Every")
@@ -310,7 +323,7 @@ struct CronJobEditor: View {
                }
                GridRow {
                    self.gridLabel("Deliver")
-                    Toggle("Deliver result to a provider", isOn: self.$deliver)
+                    Toggle("Deliver result to a channel", isOn: self.$deliver)
                        .toggleStyle(.switch)
                }
            }
@@ -318,15 +331,15 @@ struct CronJobEditor: View {
            if self.deliver {
                Grid(alignment: .leadingFirstTextBaseline, horizontalSpacing: 14, verticalSpacing: 10) {
                    GridRow {
-                        self.gridLabel("Provider")
-                        Picker("", selection: self.$provider) {
-                            Text("last").tag(GatewayAgentProvider.last)
-                            Text("whatsapp").tag(GatewayAgentProvider.whatsapp)
-                            Text("telegram").tag(GatewayAgentProvider.telegram)
-                            Text("discord").tag(GatewayAgentProvider.discord)
-                            Text("slack").tag(GatewayAgentProvider.slack)
-                            Text("signal").tag(GatewayAgentProvider.signal)
-                            Text("imessage").tag(GatewayAgentProvider.imessage)
+                        self.gridLabel("Channel")
+                        Picker("", selection: self.$channel) {
+                            Text("last").tag(GatewayAgentChannel.last)
+                            Text("whatsapp").tag(GatewayAgentChannel.whatsapp)
+                            Text("telegram").tag(GatewayAgentChannel.telegram)
+                            Text("discord").tag(GatewayAgentChannel.discord)
+                            Text("slack").tag(GatewayAgentChannel.slack)
+                            Text("signal").tag(GatewayAgentChannel.signal)
+                            Text("imessage").tag(GatewayAgentChannel.imessage)
                        }
                        .labelsHidden()
                        .pickerStyle(.segmented)
--- a/apps/macos/Sources/Clawdbot/CronModels.swift
+++ b/apps/macos/Sources/Clawdbot/CronModels.swift
@@ -74,12 +74,12 @@ enum CronPayload: Codable, Equatable {
        thinking: String?,
        timeoutSeconds: Int?,
        deliver: Bool?,
-        provider: String?,
+        channel: String?,
        to: String?,
        bestEffortDeliver: Bool?)

    enum CodingKeys: String, CodingKey {
-        case kind, text, message, thinking, timeoutSeconds, deliver, provider, to, bestEffortDeliver
+        case kind, text, message, thinking, timeoutSeconds, deliver, channel, provider, to, bestEffortDeliver
    }

    var kind: String {
@@ -101,7 +101,8 @@ enum CronPayload: Codable, Equatable {
                thinking: container.decodeIfPresent(String.self, forKey: .thinking),
                timeoutSeconds: container.decodeIfPresent(Int.self, forKey: .timeoutSeconds),
                deliver: container.decodeIfPresent(Bool.self, forKey: .deliver),
-                provider: container.decodeIfPresent(String.self, forKey: .provider),
+                channel: container.decodeIfPresent(String.self, forKey: .channel)
+                    ?? container.decodeIfPresent(String.self, forKey: .provider),
                to: container.decodeIfPresent(String.self, forKey: .to),
                bestEffortDeliver: container.decodeIfPresent(Bool.self, forKey: .bestEffortDeliver))
        default:
@@ -118,12 +119,12 @@ enum CronPayload: Codable, Equatable {
        switch self {
        case let .systemEvent(text):
            try container.encode(text, forKey: .text)
-        case let .agentTurn(message, thinking, timeoutSeconds, deliver, provider, to, bestEffortDeliver):
+        case let .agentTurn(message, thinking, timeoutSeconds, deliver, channel, to, bestEffortDeliver):
            try container.encode(message, forKey: .message)
            try container.encodeIfPresent(thinking, forKey: .thinking)
            try container.encodeIfPresent(timeoutSeconds, forKey: .timeoutSeconds)
            try container.encodeIfPresent(deliver, forKey: .deliver)
-            try container.encodeIfPresent(provider, forKey: .provider)
+            try container.encodeIfPresent(channel, forKey: .channel)
            try container.encodeIfPresent(to, forKey: .to)
            try container.encodeIfPresent(bestEffortDeliver, forKey: .bestEffortDeliver)
        }
@@ -145,9 +146,11 @@ struct CronJobState: Codable, Equatable {

 struct CronJob: Identifiable, Codable, Equatable {
    let id: String
+    let agentId: String?
    var name: String
    var description: String?
    var enabled: Bool
+    var deleteAfterRun: Bool?
    let createdAtMs: Int
    let updatedAtMs: Int
    let schedule: CronSchedule
--- a/apps/macos/Sources/Clawdbot/CronSettings+Rows.swift
+++ b/apps/macos/Sources/Clawdbot/CronSettings+Rows.swift
@@ -20,6 +20,9 @@ extension CronSettings {
            HStack(spacing: 6) {
                StatusPill(text: job.sessionTarget.rawValue, tint: .secondary)
                StatusPill(text: job.wakeMode.rawValue, tint: .secondary)
+                if let agentId = job.agentId, !agentId.isEmpty {
+                    StatusPill(text: "agent \(agentId)", tint: .secondary)
+                }
                if let status = job.state.lastStatus {
                    StatusPill(text: status, tint: status == "ok" ? .green : .orange)
                }
@@ -91,9 +94,15 @@ extension CronSettings {
    func detailCard(_ job: CronJob) -> some View {
        VStack(alignment: .leading, spacing: 10) {
            LabeledContent("Schedule") { Text(self.scheduleSummary(job.schedule)).font(.callout) }
+            if case .at = job.schedule, job.deleteAfterRun == true {
+                LabeledContent("Auto-delete") { Text("after success") }
+            }
            if let desc = job.description, !desc.isEmpty {
                LabeledContent("Description") { Text(desc).font(.callout) }
            }
+            if let agentId = job.agentId, !agentId.isEmpty {
+                LabeledContent("Agent") { Text(agentId) }
+            }
            LabeledContent("Session") { Text(job.sessionTarget.rawValue) }
            LabeledContent("Wake") { Text(job.wakeMode.rawValue) }
            LabeledContent("Next run") {
--- a/apps/macos/Sources/Clawdbot/CronSettings+Testing.swift
+++ b/apps/macos/Sources/Clawdbot/CronSettings+Testing.swift
@@ -7,9 +7,11 @@ struct CronSettings_Previews: PreviewProvider {
        store.jobs = [
            CronJob(
                id: "job-1",
+                agentId: "ops",
                name: "Daily summary",
                description: nil,
                enabled: true,
+                deleteAfterRun: nil,
                createdAtMs: 0,
                updatedAtMs: 0,
                schedule: .every(everyMs: 86_400_000, anchorMs: nil),
@@ -20,7 +22,7 @@ struct CronSettings_Previews: PreviewProvider {
                    thinking: "low",
                    timeoutSeconds: 600,
                    deliver: true,
-                    provider: "last",
+                    channel: "last",
                    to: nil,
                    bestEffortDeliver: true),
                isolation: CronIsolation(postToMainPrefix: "Cron"),
@@ -59,9 +61,11 @@ extension CronSettings {

        let job = CronJob(
            id: "job-1",
+            agentId: "ops",
            name: "Daily summary",
            description: "Summary job",
            enabled: true,
+            deleteAfterRun: nil,
            createdAtMs: 1_700_000_000_000,
            updatedAtMs: 1_700_000_100_000,
            schedule: .cron(expr: "0 8 * * *", tz: "UTC"),
@@ -72,7 +76,7 @@ extension CronSettings {
                thinking: "low",
                timeoutSeconds: 120,
                deliver: true,
-                provider: "whatsapp",
+                channel: "whatsapp",
                to: "+15551234567",
                bestEffortDeliver: true),
            isolation: CronIsolation(postToMainPrefix: "[cron] "),
--- a/apps/macos/Sources/Clawdbot/DebugActions.swift
+++ b/apps/macos/Sources/Clawdbot/DebugActions.swift
@@ -5,6 +5,7 @@ import SwiftUI
 enum DebugActions {
    private static let verboseDefaultsKey = "clawdbot.debug.verboseMain"
    private static let sessionMenuLimit = 12
+    private static let onboardingSeenKey = "clawdbot.onboardingSeen"

    @MainActor
    static func openAgentEventsWindow() {
@@ -183,6 +184,14 @@ enum DebugActions {
        NSApp.terminate(nil)
    }

+    @MainActor
+    static func restartOnboarding() {
+        UserDefaults.standard.set(false, forKey: self.onboardingSeenKey)
+        UserDefaults.standard.set(0, forKey: onboardingVersionKey)
+        AppStateStore.shared.onboardingSeen = false
+        OnboardingController.shared.restart()
+    }
+
    @MainActor
    private static func resolveSessionStorePath() -> String {
        let defaultPath = SessionLoader.defaultStorePath
--- a/apps/macos/Sources/Clawdbot/DebugSettings.swift
+++ b/apps/macos/Sources/Clawdbot/DebugSettings.swift
@@ -28,7 +28,6 @@ struct DebugSettings: View {
    @State private var tunnelResetInFlight = false
    @State private var tunnelResetStatus: String?
    @State private var pendingKill: DebugActions.PortListener?
-    @AppStorage(attachExistingGatewayOnlyKey) private var attachExistingGatewayOnly: Bool = false
    @AppStorage(debugFileLogEnabledKey) private var diagnosticsFileLogEnabled: Bool = false
    @AppStorage(appLogLevelKey) private var appLogLevelRaw: String = AppLogLevel.default.rawValue

@@ -108,7 +107,7 @@ struct DebugSettings: View {
                    .frame(maxWidth: .infinity, alignment: .leading)
                }
                GridRow {
-                    self.gridLabel("CLI helper")
+                    self.gridLabel("CLI")
                    let loc = CLIInstaller.installedLocation()
                    Text(loc ?? "missing")
                        .font(.caption.monospaced())
@@ -145,16 +144,6 @@ struct DebugSettings: View {
                        }
                        .frame(maxWidth: .infinity, alignment: .leading)
                    }
-                    GridRow {
-                        self.gridLabel("Attach only")
-                        Toggle("", isOn: self.$attachExistingGatewayOnly)
-                            .labelsHidden()
-                            .toggleStyle(.checkbox)
-                            .help(
-                                "When enabled in local mode, the mac app will only connect " +
-                                    "to an already-running gateway " +
-                                    "and will not start one itself.")
-                    }
                }

                let key = DeepLinkHandler.currentKey()
@@ -497,6 +486,7 @@ struct DebugSettings: View {

                HStack(spacing: 8) {
                    Button("Restart app") { DebugActions.restartApp() }
+                    Button("Restart onboarding") { DebugActions.restartOnboarding() }
                    Button("Reveal app in Finder") { self.revealApp() }
                    Spacer(minLength: 0)
                }
@@ -782,7 +772,7 @@ struct DebugSettings: View {
    }

    private var canRestartGateway: Bool {
-        self.state.connectionMode == .local && !self.attachExistingGatewayOnly
+        self.state.connectionMode == .local
    }

    private func configURL() -> URL {
@@ -910,7 +900,7 @@ extension DebugSettings {
    }
 }

-private struct PlainSettingsGroupBoxStyle: GroupBoxStyle {
+struct PlainSettingsGroupBoxStyle: GroupBoxStyle {
    func makeBody(configuration: Configuration) -> some View {
        VStack(alignment: .leading, spacing: 10) {
            configuration.label
--- a/apps/macos/Sources/Clawdbot/DeepLinks.swift
+++ b/apps/macos/Sources/Clawdbot/DeepLinks.swift
@@ -59,7 +59,7 @@ final class DeepLinkHandler {
        }

        do {
-            let provider = GatewayAgentProvider(raw: link.channel)
+            let channel = GatewayAgentChannel(raw: link.channel)
            let explicitSessionKey = link.sessionKey?
                .trimmingCharacters(in: .whitespacesAndNewlines)
                .nonEmpty
@@ -72,9 +72,9 @@ final class DeepLinkHandler {
                message: messagePreview,
                sessionKey: resolvedSessionKey,
                thinking: link.thinking?.trimmingCharacters(in: .whitespacesAndNewlines).nonEmpty,
-                deliver: provider.shouldDeliver(link.deliver),
+                deliver: channel.shouldDeliver(link.deliver),
                to: link.to?.trimmingCharacters(in: .whitespacesAndNewlines).nonEmpty,
-                provider: provider,
+                channel: channel,
                timeoutSeconds: link.timeoutSeconds,
                idempotencyKey: UUID().uuidString)

--- a/apps/macos/Sources/Clawdbot/ExecApprovals.swift
+++ b/apps/macos/Sources/Clawdbot/ExecApprovals.swift
@@ -0,0 +1,566 @@
+import Foundation
+import OSLog
+import Security
+
+enum ExecSecurity: String, CaseIterable, Codable, Identifiable {
+    case deny
+    case allowlist
+    case full
+
+    var id: String { self.rawValue }
+
+    var title: String {
+        switch self {
+        case .deny: "Deny"
+        case .allowlist: "Allowlist"
+        case .full: "Always Allow"
+        }
+    }
+}
+
+enum ExecApprovalQuickMode: String, CaseIterable, Identifiable {
+    case deny
+    case ask
+    case allow
+
+    var id: String { self.rawValue }
+
+    var title: String {
+        switch self {
+        case .deny: "Deny"
+        case .ask: "Always Ask"
+        case .allow: "Always Allow"
+        }
+    }
+
+    var security: ExecSecurity {
+        switch self {
+        case .deny: .deny
+        case .ask: .allowlist
+        case .allow: .full
+        }
+    }
+
+    var ask: ExecAsk {
+        switch self {
+        case .deny: .off
+        case .ask: .onMiss
+        case .allow: .off
+        }
+    }
+
+    static func from(security: ExecSecurity, ask: ExecAsk) -> ExecApprovalQuickMode {
+        switch security {
+        case .deny:
+            return .deny
+        case .full:
+            return .allow
+        case .allowlist:
+            return .ask
+        }
+    }
+}
+
+enum ExecAsk: String, CaseIterable, Codable, Identifiable {
+    case off
+    case onMiss = "on-miss"
+    case always
+
+    var id: String { self.rawValue }
+
+    var title: String {
+        switch self {
+        case .off: "Never Ask"
+        case .onMiss: "Ask on Allowlist Miss"
+        case .always: "Always Ask"
+        }
+    }
+}
+
+enum ExecApprovalDecision: String, Codable, Sendable {
+    case allowOnce = "allow-once"
+    case allowAlways = "allow-always"
+    case deny
+}
+
+struct ExecAllowlistEntry: Codable, Hashable {
+    var pattern: String
+    var lastUsedAt: Double? = nil
+    var lastUsedCommand: String? = nil
+    var lastResolvedPath: String? = nil
+}
+
+struct ExecApprovalsDefaults: Codable {
+    var security: ExecSecurity?
+    var ask: ExecAsk?
+    var askFallback: ExecSecurity?
+    var autoAllowSkills: Bool?
+}
+
+struct ExecApprovalsAgent: Codable {
+    var security: ExecSecurity?
+    var ask: ExecAsk?
+    var askFallback: ExecSecurity?
+    var autoAllowSkills: Bool?
+    var allowlist: [ExecAllowlistEntry]?
+
+    var isEmpty: Bool {
+        security == nil && ask == nil && askFallback == nil && autoAllowSkills == nil && (allowlist?.isEmpty ?? true)
+    }
+}
+
+struct ExecApprovalsSocketConfig: Codable {
+    var path: String?
+    var token: String?
+}
+
+struct ExecApprovalsFile: Codable {
+    var version: Int
+    var socket: ExecApprovalsSocketConfig?
+    var defaults: ExecApprovalsDefaults?
+    var agents: [String: ExecApprovalsAgent]?
+}
+
+struct ExecApprovalsResolved {
+    let url: URL
+    let socketPath: String
+    let token: String
+    let defaults: ExecApprovalsResolvedDefaults
+    let agent: ExecApprovalsResolvedDefaults
+    let allowlist: [ExecAllowlistEntry]
+    var file: ExecApprovalsFile
+}
+
+struct ExecApprovalsResolvedDefaults {
+    var security: ExecSecurity
+    var ask: ExecAsk
+    var askFallback: ExecSecurity
+    var autoAllowSkills: Bool
+}
+
+enum ExecApprovalsStore {
+    private static let logger = Logger(subsystem: "com.clawdbot", category: "exec-approvals")
+    private static let defaultSecurity: ExecSecurity = .deny
+    private static let defaultAsk: ExecAsk = .onMiss
+    private static let defaultAskFallback: ExecSecurity = .deny
+    private static let defaultAutoAllowSkills = false
+
+    static func fileURL() -> URL {
+        ClawdbotPaths.stateDirURL.appendingPathComponent("exec-approvals.json")
+    }
+
+    static func socketPath() -> String {
+        ClawdbotPaths.stateDirURL.appendingPathComponent("exec-approvals.sock").path
+    }
+
+    static func loadFile() -> ExecApprovalsFile {
+        let url = self.fileURL()
+        guard FileManager.default.fileExists(atPath: url.path) else {
+            return ExecApprovalsFile(version: 1, socket: nil, defaults: nil, agents: [:])
+        }
+        do {
+            let data = try Data(contentsOf: url)
+            let decoded = try JSONDecoder().decode(ExecApprovalsFile.self, from: data)
+            if decoded.version != 1 {
+                return ExecApprovalsFile(version: 1, socket: decoded.socket, defaults: decoded.defaults, agents: decoded.agents)
+            }
+            return decoded
+        } catch {
+            self.logger.warning("exec approvals load failed: \(error.localizedDescription, privacy: .public)")
+            return ExecApprovalsFile(version: 1, socket: nil, defaults: nil, agents: [:])
+        }
+    }
+
+    static func saveFile(_ file: ExecApprovalsFile) {
+        do {
+            let encoder = JSONEncoder()
+            encoder.outputFormatting = [.prettyPrinted, .sortedKeys]
+            let data = try encoder.encode(file)
+            let url = self.fileURL()
+            try FileManager.default.createDirectory(
+                at: url.deletingLastPathComponent(),
+                withIntermediateDirectories: true)
+            try data.write(to: url, options: [.atomic])
+            try? FileManager.default.setAttributes([.posixPermissions: 0o600], ofItemAtPath: url.path)
+        } catch {
+            self.logger.error("exec approvals save failed: \(error.localizedDescription, privacy: .public)")
+        }
+    }
+
+    static func ensureFile() -> ExecApprovalsFile {
+        var file = self.loadFile()
+        if file.socket == nil { file.socket = ExecApprovalsSocketConfig(path: nil, token: nil) }
+        let path = file.socket?.path?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        if path.isEmpty {
+            file.socket?.path = self.socketPath()
+        }
+        let token = file.socket?.token?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        if token.isEmpty {
+            file.socket?.token = self.generateToken()
+        }
+        if file.agents == nil { file.agents = [:] }
+        self.saveFile(file)
+        return file
+    }
+
+    static func resolve(agentId: String?) -> ExecApprovalsResolved {
+        var file = self.ensureFile()
+        let defaults = file.defaults ?? ExecApprovalsDefaults()
+        let resolvedDefaults = ExecApprovalsResolvedDefaults(
+            security: defaults.security ?? self.defaultSecurity,
+            ask: defaults.ask ?? self.defaultAsk,
+            askFallback: defaults.askFallback ?? self.defaultAskFallback,
+            autoAllowSkills: defaults.autoAllowSkills ?? self.defaultAutoAllowSkills)
+        let key = (agentId?.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty == false)
+            ? agentId!.trimmingCharacters(in: .whitespacesAndNewlines)
+            : "default"
+        let agentEntry = file.agents?[key] ?? ExecApprovalsAgent()
+        let resolvedAgent = ExecApprovalsResolvedDefaults(
+            security: agentEntry.security ?? resolvedDefaults.security,
+            ask: agentEntry.ask ?? resolvedDefaults.ask,
+            askFallback: agentEntry.askFallback ?? resolvedDefaults.askFallback,
+            autoAllowSkills: agentEntry.autoAllowSkills ?? resolvedDefaults.autoAllowSkills)
+        let allowlist = (agentEntry.allowlist ?? [])
+            .map { entry in
+                ExecAllowlistEntry(
+                    pattern: entry.pattern.trimmingCharacters(in: .whitespacesAndNewlines),
+                    lastUsedAt: entry.lastUsedAt,
+                    lastUsedCommand: entry.lastUsedCommand,
+                    lastResolvedPath: entry.lastResolvedPath)
+            }
+            .filter { !$0.pattern.isEmpty }
+        let socketPath = self.expandPath(file.socket?.path ?? self.socketPath())
+        let token = file.socket?.token ?? ""
+        return ExecApprovalsResolved(
+            url: self.fileURL(),
+            socketPath: socketPath,
+            token: token,
+            defaults: resolvedDefaults,
+            agent: resolvedAgent,
+            allowlist: allowlist,
+            file: file)
+    }
+
+    static func resolveDefaults() -> ExecApprovalsResolvedDefaults {
+        let file = self.ensureFile()
+        let defaults = file.defaults ?? ExecApprovalsDefaults()
+        return ExecApprovalsResolvedDefaults(
+            security: defaults.security ?? self.defaultSecurity,
+            ask: defaults.ask ?? self.defaultAsk,
+            askFallback: defaults.askFallback ?? self.defaultAskFallback,
+            autoAllowSkills: defaults.autoAllowSkills ?? self.defaultAutoAllowSkills)
+    }
+
+    static func saveDefaults(_ defaults: ExecApprovalsDefaults) {
+        self.updateFile { file in
+            file.defaults = defaults
+        }
+    }
+
+    static func updateDefaults(_ mutate: (inout ExecApprovalsDefaults) -> Void) {
+        self.updateFile { file in
+            var defaults = file.defaults ?? ExecApprovalsDefaults()
+            mutate(&defaults)
+            file.defaults = defaults
+        }
+    }
+
+    static func saveAgent(_ agent: ExecApprovalsAgent, agentId: String?) {
+        self.updateFile { file in
+            var agents = file.agents ?? [:]
+            let key = self.agentKey(agentId)
+            if agent.isEmpty {
+                agents.removeValue(forKey: key)
+            } else {
+                agents[key] = agent
+            }
+            file.agents = agents.isEmpty ? nil : agents
+        }
+    }
+
+    static func addAllowlistEntry(agentId: String?, pattern: String) {
+        let trimmed = pattern.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return }
+        self.updateFile { file in
+            let key = self.agentKey(agentId)
+            var agents = file.agents ?? [:]
+            var entry = agents[key] ?? ExecApprovalsAgent()
+            var allowlist = entry.allowlist ?? []
+            if allowlist.contains(where: { $0.pattern == trimmed }) { return }
+            allowlist.append(ExecAllowlistEntry(pattern: trimmed, lastUsedAt: Date().timeIntervalSince1970 * 1000))
+            entry.allowlist = allowlist
+            agents[key] = entry
+            file.agents = agents
+        }
+    }
+
+    static func recordAllowlistUse(
+        agentId: String?,
+        pattern: String,
+        command: String,
+        resolvedPath: String?)
+    {
+        self.updateFile { file in
+            let key = self.agentKey(agentId)
+            var agents = file.agents ?? [:]
+            var entry = agents[key] ?? ExecApprovalsAgent()
+            let allowlist = (entry.allowlist ?? []).map { item -> ExecAllowlistEntry in
+                guard item.pattern == pattern else { return item }
+                return ExecAllowlistEntry(
+                    pattern: item.pattern,
+                    lastUsedAt: Date().timeIntervalSince1970 * 1000,
+                    lastUsedCommand: command,
+                    lastResolvedPath: resolvedPath)
+            }
+            entry.allowlist = allowlist
+            agents[key] = entry
+            file.agents = agents
+        }
+    }
+
+    static func updateAllowlist(agentId: String?, allowlist: [ExecAllowlistEntry]) {
+        self.updateFile { file in
+            let key = self.agentKey(agentId)
+            var agents = file.agents ?? [:]
+            var entry = agents[key] ?? ExecApprovalsAgent()
+            let cleaned = allowlist
+                .map { item in
+                    ExecAllowlistEntry(
+                        pattern: item.pattern.trimmingCharacters(in: .whitespacesAndNewlines),
+                        lastUsedAt: item.lastUsedAt,
+                        lastUsedCommand: item.lastUsedCommand,
+                        lastResolvedPath: item.lastResolvedPath)
+                }
+                .filter { !$0.pattern.isEmpty }
+            entry.allowlist = cleaned
+            agents[key] = entry
+            file.agents = agents
+        }
+    }
+
+    static func updateAgentSettings(agentId: String?, mutate: (inout ExecApprovalsAgent) -> Void) {
+        self.updateFile { file in
+            let key = self.agentKey(agentId)
+            var agents = file.agents ?? [:]
+            var entry = agents[key] ?? ExecApprovalsAgent()
+            mutate(&entry)
+            if entry.isEmpty {
+                agents.removeValue(forKey: key)
+            } else {
+                agents[key] = entry
+            }
+            file.agents = agents.isEmpty ? nil : agents
+        }
+    }
+
+    private static func updateFile(_ mutate: (inout ExecApprovalsFile) -> Void) {
+        var file = self.ensureFile()
+        mutate(&file)
+        self.saveFile(file)
+    }
+
+    private static func generateToken() -> String {
+        var bytes = [UInt8](repeating: 0, count: 24)
+        let status = SecRandomCopyBytes(kSecRandomDefault, bytes.count, &bytes)
+        if status == errSecSuccess {
+            return Data(bytes)
+                .base64EncodedString()
+                .replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+                .replacingOccurrences(of: "=", with: "")
+        }
+        return UUID().uuidString
+    }
+
+    private static func expandPath(_ raw: String) -> String {
+        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
+        if trimmed == "~" {
+            return FileManager.default.homeDirectoryForCurrentUser.path
+        }
+        if trimmed.hasPrefix("~/") {
+            let suffix = trimmed.dropFirst(2)
+            return FileManager.default.homeDirectoryForCurrentUser
+                .appendingPathComponent(String(suffix)).path
+        }
+        return trimmed
+    }
+
+    private static func agentKey(_ agentId: String?) -> String {
+        let trimmed = agentId?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        return trimmed.isEmpty ? "default" : trimmed
+    }
+}
+
+struct ExecCommandResolution: Sendable {
+    let rawExecutable: String
+    let resolvedPath: String?
+    let executableName: String
+    let cwd: String?
+
+    static func resolve(command: [String], cwd: String?, env: [String: String]?) -> ExecCommandResolution? {
+        guard let raw = command.first?.trimmingCharacters(in: .whitespacesAndNewlines), !raw.isEmpty else {
+            return nil
+        }
+        let expanded = raw.hasPrefix("~") ? (raw as NSString).expandingTildeInPath : raw
+        let hasPathSeparator = expanded.contains("/") || expanded.contains("\\")
+        let resolvedPath: String? = {
+            if hasPathSeparator {
+                if expanded.hasPrefix("/") {
+                    return expanded
+                }
+                let base = cwd?.trimmingCharacters(in: .whitespacesAndNewlines)
+                let root = (base?.isEmpty == false) ? base! : FileManager.default.currentDirectoryPath
+                return URL(fileURLWithPath: root).appendingPathComponent(expanded).path
+            }
+            let searchPaths = self.searchPaths(from: env)
+            return CommandResolver.findExecutable(named: expanded, searchPaths: searchPaths)
+        }()
+        let name = resolvedPath.map { URL(fileURLWithPath: $0).lastPathComponent } ?? expanded
+        return ExecCommandResolution(rawExecutable: expanded, resolvedPath: resolvedPath, executableName: name, cwd: cwd)
+    }
+
+    private static func searchPaths(from env: [String: String]?) -> [String] {
+        let raw = env?["PATH"]
+        if let raw, !raw.isEmpty {
+            return raw.split(separator: ":").map(String.init)
+        }
+        return CommandResolver.preferredPaths()
+    }
+}
+
+enum ExecCommandFormatter {
+    static func displayString(for argv: [String]) -> String {
+        argv.map { arg in
+            let trimmed = arg.trimmingCharacters(in: .whitespacesAndNewlines)
+            guard !trimmed.isEmpty else { return "\"\"" }
+            let needsQuotes = trimmed.contains { $0.isWhitespace || $0 == "\"" }
+            if !needsQuotes { return trimmed }
+            let escaped = trimmed.replacingOccurrences(of: "\"", with: "\\\"")
+            return "\"\(escaped)\""
+        }.joined(separator: " ")
+    }
+}
+
+enum ExecAllowlistMatcher {
+    static func match(entries: [ExecAllowlistEntry], resolution: ExecCommandResolution?) -> ExecAllowlistEntry? {
+        guard let resolution, !entries.isEmpty else { return nil }
+        let rawExecutable = resolution.rawExecutable
+        let resolvedPath = resolution.resolvedPath
+        let executableName = resolution.executableName
+
+        for entry in entries {
+            let pattern = entry.pattern.trimmingCharacters(in: .whitespacesAndNewlines)
+            if pattern.isEmpty { continue }
+            let hasPath = pattern.contains("/") || pattern.contains("~") || pattern.contains("\\")
+            if hasPath {
+                let target = resolvedPath ?? rawExecutable
+                if self.matches(pattern: pattern, target: target) { return entry }
+            } else if self.matches(pattern: pattern, target: executableName) {
+                return entry
+            }
+        }
+        return nil
+    }
+
+    private static func matches(pattern: String, target: String) -> Bool {
+        let trimmed = pattern.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return false }
+        let expanded = trimmed.hasPrefix("~") ? (trimmed as NSString).expandingTildeInPath : trimmed
+        let normalizedPattern = self.normalizeMatchTarget(expanded)
+        let normalizedTarget = self.normalizeMatchTarget(target)
+        guard let regex = self.regex(for: normalizedPattern) else { return false }
+        let range = NSRange(location: 0, length: normalizedTarget.utf16.count)
+        return regex.firstMatch(in: normalizedTarget, options: [], range: range) != nil
+    }
+
+    private static func normalizeMatchTarget(_ value: String) -> String {
+        value.replacingOccurrences(of: "\\\\", with: "/").lowercased()
+    }
+
+    private static func regex(for pattern: String) -> NSRegularExpression? {
+        var regex = "^"
+        var idx = pattern.startIndex
+        while idx < pattern.endIndex {
+            let ch = pattern[idx]
+            if ch == "*" {
+                let next = pattern.index(after: idx)
+                if next < pattern.endIndex, pattern[next] == "*" {
+                    regex += ".*"
+                    idx = pattern.index(after: next)
+                } else {
+                    regex += "[^/]*"
+                    idx = next
+                }
+                continue
+            }
+            if ch == "?" {
+                regex += "."
+                idx = pattern.index(after: idx)
+                continue
+            }
+            regex += NSRegularExpression.escapedPattern(for: String(ch))
+            idx = pattern.index(after: idx)
+        }
+        regex += "$"
+        return try? NSRegularExpression(pattern: regex, options: [.caseInsensitive])
+    }
+}
+
+struct ExecEventPayload: Codable, Sendable {
+    var sessionKey: String
+    var runId: String
+    var host: String
+    var command: String?
+    var exitCode: Int?
+    var timedOut: Bool?
+    var success: Bool?
+    var output: String?
+    var reason: String?
+
+    static func truncateOutput(_ raw: String, maxChars: Int = 20_000) -> String? {
+        let trimmed = raw.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return nil }
+        if trimmed.count <= maxChars { return trimmed }
+        let suffix = trimmed.suffix(maxChars)
+        return "… (truncated) \(suffix)"
+    }
+}
+
+actor SkillBinsCache {
+    static let shared = SkillBinsCache()
+
+    private var bins: Set<String> = []
+    private var lastRefresh: Date?
+    private let refreshInterval: TimeInterval = 90
+
+    func currentBins(force: Bool = false) async -> Set<String> {
+        if force || self.isStale() {
+            await self.refresh()
+        }
+        return self.bins
+    }
+
+    func refresh() async {
+        do {
+            let report = try await GatewayConnection.shared.skillsStatus()
+            var next = Set<String>()
+            for skill in report.skills {
+                for bin in skill.requirements.bins {
+                    let trimmed = bin.trimmingCharacters(in: .whitespacesAndNewlines)
+                    if !trimmed.isEmpty { next.insert(trimmed) }
+                }
+            }
+            self.bins = next
+            self.lastRefresh = Date()
+        } catch {
+            if self.lastRefresh == nil {
+                self.bins = []
+            }
+        }
+    }
+
+    private func isStale() -> Bool {
+        guard let lastRefresh else { return true }
+        return Date().timeIntervalSince(lastRefresh) > self.refreshInterval
+    }
+}
--- a/apps/macos/Sources/Clawdbot/ExecApprovalsSocket.swift
+++ b/apps/macos/Sources/Clawdbot/ExecApprovalsSocket.swift
@@ -0,0 +1,359 @@
+import AppKit
+import ClawdbotKit
+import Darwin
+import Foundation
+import OSLog
+
+struct ExecApprovalPromptRequest: Codable, Sendable {
+    var command: String
+    var cwd: String?
+    var host: String?
+    var security: String?
+    var ask: String?
+    var agentId: String?
+    var resolvedPath: String?
+}
+
+private struct ExecApprovalSocketRequest: Codable {
+    var type: String
+    var token: String
+    var id: String
+    var request: ExecApprovalPromptRequest
+}
+
+private struct ExecApprovalSocketDecision: Codable {
+    var type: String
+    var id: String
+    var decision: ExecApprovalDecision
+}
+
+enum ExecApprovalsSocketClient {
+    private struct TimeoutError: LocalizedError {
+        var message: String
+        var errorDescription: String? { message }
+    }
+
+    static func requestDecision(
+        socketPath: String,
+        token: String,
+        request: ExecApprovalPromptRequest,
+        timeoutMs: Int = 15_000) async -> ExecApprovalDecision?
+    {
+        let trimmedPath = socketPath.trimmingCharacters(in: .whitespacesAndNewlines)
+        let trimmedToken = token.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmedPath.isEmpty, !trimmedToken.isEmpty else { return nil }
+        do {
+            return try await AsyncTimeout.withTimeoutMs(timeoutMs: timeoutMs, onTimeout: {
+                TimeoutError(message: "exec approvals socket timeout")
+            }, operation: {
+                try await Task.detached {
+                    try self.requestDecisionSync(
+                        socketPath: trimmedPath,
+                        token: trimmedToken,
+                        request: request)
+                }.value
+            })
+        } catch {
+            return nil
+        }
+    }
+
+    private static func requestDecisionSync(
+        socketPath: String,
+        token: String,
+        request: ExecApprovalPromptRequest) throws -> ExecApprovalDecision?
+    {
+        let fd = socket(AF_UNIX, SOCK_STREAM, 0)
+        guard fd >= 0 else {
+            throw NSError(domain: "ExecApprovals", code: 1, userInfo: [
+                NSLocalizedDescriptionKey: "socket create failed",
+            ])
+        }
+
+        var addr = sockaddr_un()
+        addr.sun_family = sa_family_t(AF_UNIX)
+        let maxLen = MemoryLayout.size(ofValue: addr.sun_path)
+        if socketPath.utf8.count >= maxLen {
+            throw NSError(domain: "ExecApprovals", code: 2, userInfo: [
+                NSLocalizedDescriptionKey: "socket path too long",
+            ])
+        }
+        socketPath.withCString { cstr in
+            withUnsafeMutablePointer(to: &addr.sun_path) { ptr in
+                let raw = UnsafeMutableRawPointer(ptr).assumingMemoryBound(to: Int8.self)
+                strncpy(raw, cstr, maxLen - 1)
+            }
+        }
+        let size = socklen_t(MemoryLayout.size(ofValue: addr))
+        let result = withUnsafePointer(to: &addr) { ptr in
+            ptr.withMemoryRebound(to: sockaddr.self, capacity: 1) { rebound in
+                connect(fd, rebound, size)
+            }
+        }
+        if result != 0 {
+            throw NSError(domain: "ExecApprovals", code: 3, userInfo: [
+                NSLocalizedDescriptionKey: "socket connect failed",
+            ])
+        }
+
+        let handle = FileHandle(fileDescriptor: fd, closeOnDealloc: true)
+
+        let message = ExecApprovalSocketRequest(
+            type: "request",
+            token: token,
+            id: UUID().uuidString,
+            request: request)
+        let data = try JSONEncoder().encode(message)
+        var payload = data
+        payload.append(0x0A)
+        try handle.write(contentsOf: payload)
+
+        guard let line = try self.readLine(from: handle, maxBytes: 256_000),
+              let lineData = line.data(using: .utf8)
+        else { return nil }
+        let response = try JSONDecoder().decode(ExecApprovalSocketDecision.self, from: lineData)
+        return response.decision
+    }
+
+    private static func readLine(from handle: FileHandle, maxBytes: Int) throws -> String? {
+        var buffer = Data()
+        while buffer.count < maxBytes {
+            let chunk = try handle.read(upToCount: 4096) ?? Data()
+            if chunk.isEmpty { break }
+            buffer.append(chunk)
+            if buffer.contains(0x0A) { break }
+        }
+        guard let newlineIndex = buffer.firstIndex(of: 0x0A) else {
+            guard !buffer.isEmpty else { return nil }
+            return String(data: buffer, encoding: .utf8)
+        }
+        let lineData = buffer.subdata(in: 0..<newlineIndex)
+        return String(data: lineData, encoding: .utf8)
+    }
+}
+
+@MainActor
+final class ExecApprovalsPromptServer {
+    static let shared = ExecApprovalsPromptServer()
+
+    private var server: ExecApprovalsSocketServer?
+
+    func start() {
+        guard self.server == nil else { return }
+        let approvals = ExecApprovalsStore.resolve(agentId: nil)
+        let server = ExecApprovalsSocketServer(
+            socketPath: approvals.socketPath,
+            token: approvals.token,
+            onPrompt: { request in
+                await ExecApprovalsPromptPresenter.prompt(request)
+            })
+        server.start()
+        self.server = server
+    }
+
+    func stop() {
+        self.server?.stop()
+        self.server = nil
+    }
+}
+
+private enum ExecApprovalsPromptPresenter {
+    @MainActor
+    static func prompt(_ request: ExecApprovalPromptRequest) -> ExecApprovalDecision {
+        let alert = NSAlert()
+        alert.alertStyle = .warning
+        alert.messageText = "Allow this command?"
+
+        var details = "Clawdbot wants to run:\n\n\(request.command)"
+        let trimmedCwd = request.cwd?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        if !trimmedCwd.isEmpty {
+            details += "\n\nWorking directory:\n\(trimmedCwd)"
+        }
+        let trimmedAgent = request.agentId?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        if !trimmedAgent.isEmpty {
+            details += "\n\nAgent:\n\(trimmedAgent)"
+        }
+        let trimmedPath = request.resolvedPath?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        if !trimmedPath.isEmpty {
+            details += "\n\nExecutable:\n\(trimmedPath)"
+        }
+        let trimmedHost = request.host?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        if !trimmedHost.isEmpty {
+            details += "\n\nHost:\n\(trimmedHost)"
+        }
+        if let security = request.security?.trimmingCharacters(in: .whitespacesAndNewlines), !security.isEmpty {
+            details += "\n\nSecurity:\n\(security)"
+        }
+        if let ask = request.ask?.trimmingCharacters(in: .whitespacesAndNewlines), !ask.isEmpty {
+            details += "\nAsk mode:\n\(ask)"
+        }
+        details += "\n\nThis runs on this machine."
+        alert.informativeText = details
+
+        alert.addButton(withTitle: "Allow Once")
+        alert.addButton(withTitle: "Always Allow")
+        alert.addButton(withTitle: "Don't Allow")
+
+        switch alert.runModal() {
+        case .alertFirstButtonReturn:
+            return .allowOnce
+        case .alertSecondButtonReturn:
+            return .allowAlways
+        default:
+            return .deny
+        }
+    }
+}
+
+private final class ExecApprovalsSocketServer {
+    private let logger = Logger(subsystem: "com.clawdbot", category: "exec-approvals.socket")
+    private let socketPath: String
+    private let token: String
+    private let onPrompt: @Sendable (ExecApprovalPromptRequest) async -> ExecApprovalDecision
+    private var socketFD: Int32 = -1
+    private var acceptTask: Task<Void, Never>?
+    private var isRunning = false
+
+    init(
+        socketPath: String,
+        token: String,
+        onPrompt: @escaping @Sendable (ExecApprovalPromptRequest) async -> ExecApprovalDecision)
+    {
+        self.socketPath = socketPath
+        self.token = token
+        self.onPrompt = onPrompt
+    }
+
+    func start() {
+        guard !self.isRunning else { return }
+        self.isRunning = true
+        self.acceptTask = Task.detached { [weak self] in
+            await self?.runAcceptLoop()
+        }
+    }
+
+    func stop() {
+        self.isRunning = false
+        self.acceptTask?.cancel()
+        self.acceptTask = nil
+        if self.socketFD >= 0 {
+            close(self.socketFD)
+            self.socketFD = -1
+        }
+        if !self.socketPath.isEmpty {
+            unlink(self.socketPath)
+        }
+    }
+
+    private func runAcceptLoop() async {
+        let fd = self.openSocket()
+        guard fd >= 0 else {
+            self.isRunning = false
+            return
+        }
+        self.socketFD = fd
+        while self.isRunning {
+            var addr = sockaddr_un()
+            var len = socklen_t(MemoryLayout.size(ofValue: addr))
+            let client = withUnsafeMutablePointer(to: &addr) { ptr in
+                ptr.withMemoryRebound(to: sockaddr.self, capacity: 1) { rebound in
+                    accept(fd, rebound, &len)
+                }
+            }
+            if client < 0 {
+                if errno == EINTR { continue }
+                break
+            }
+            Task.detached { [weak self] in
+                await self?.handleClient(fd: client)
+            }
+        }
+    }
+
+    private func openSocket() -> Int32 {
+        let fd = socket(AF_UNIX, SOCK_STREAM, 0)
+        guard fd >= 0 else {
+            self.logger.error("exec approvals socket create failed")
+            return -1
+        }
+        unlink(self.socketPath)
+        var addr = sockaddr_un()
+        addr.sun_family = sa_family_t(AF_UNIX)
+        let maxLen = MemoryLayout.size(ofValue: addr.sun_path)
+        if self.socketPath.utf8.count >= maxLen {
+            self.logger.error("exec approvals socket path too long")
+            close(fd)
+            return -1
+        }
+        self.socketPath.withCString { cstr in
+            withUnsafeMutablePointer(to: &addr.sun_path) { ptr in
+                let raw = UnsafeMutableRawPointer(ptr).assumingMemoryBound(to: Int8.self)
+                memset(raw, 0, maxLen)
+                strncpy(raw, cstr, maxLen - 1)
+            }
+        }
+        let size = socklen_t(MemoryLayout.size(ofValue: addr))
+        let result = withUnsafePointer(to: &addr) { ptr in
+            ptr.withMemoryRebound(to: sockaddr.self, capacity: 1) { rebound in
+                bind(fd, rebound, size)
+            }
+        }
+        if result != 0 {
+            self.logger.error("exec approvals socket bind failed")
+            close(fd)
+            return -1
+        }
+        if listen(fd, 16) != 0 {
+            self.logger.error("exec approvals socket listen failed")
+            close(fd)
+            return -1
+        }
+        chmod(self.socketPath, 0o600)
+        self.logger.info("exec approvals socket listening at \(self.socketPath, privacy: .public)")
+        return fd
+    }
+
+    private func handleClient(fd: Int32) async {
+        let handle = FileHandle(fileDescriptor: fd, closeOnDealloc: true)
+        do {
+            guard let line = try self.readLine(from: handle, maxBytes: 256_000),
+                  let data = line.data(using: .utf8)
+            else {
+                return
+            }
+            let request = try JSONDecoder().decode(ExecApprovalSocketRequest.self, from: data)
+            guard request.type == "request", request.token == self.token else {
+                let response = ExecApprovalSocketDecision(type: "decision", id: request.id, decision: .deny)
+                let data = try JSONEncoder().encode(response)
+                var payload = data
+                payload.append(0x0A)
+                try handle.write(contentsOf: payload)
+                return
+            }
+            let decision = await self.onPrompt(request.request)
+            let response = ExecApprovalSocketDecision(type: "decision", id: request.id, decision: decision)
+            let responseData = try JSONEncoder().encode(response)
+            var payload = responseData
+            payload.append(0x0A)
+            try handle.write(contentsOf: payload)
+        } catch {
+            self.logger.error("exec approvals socket handling failed: \(error.localizedDescription, privacy: .public)")
+        }
+    }
+
+    private func readLine(from handle: FileHandle, maxBytes: Int) throws -> String? {
+        var buffer = Data()
+        while buffer.count < maxBytes {
+            let chunk = try handle.read(upToCount: 4096) ?? Data()
+            if chunk.isEmpty { break }
+            buffer.append(chunk)
+            if buffer.contains(0x0A) { break }
+        }
+        guard let newlineIndex = buffer.firstIndex(of: 0x0A) else {
+            guard !buffer.isEmpty else { return nil }
+            return String(data: buffer, encoding: .utf8)
+        }
+        let lineData = buffer.subdata(in: 0..<newlineIndex)
+        return String(data: lineData, encoding: .utf8)
+    }
+}
--- a/Show More
+++ b/Show More