Apply suggestion from @gavrielc

fix(add-karpathy-llm-wiki): update for v2 — schedule_task MCP + no build step
Merge pull request #2313 from alipgoldberg/setup/teams-step-gate-back
2026-06-04 10:14:47 +08:00 · 2026-05-07 18:49:57 +03:00 · 2026-05-07 13:09:40 +02:00 · 2026-05-07 11:16:26 +03:00 · 2026-05-07 08:05:26 +00:00 · 2026-05-07 10:49:07 +03:00
111 changed files with 7212 additions and 750 deletions
@@ -0,0 +1,62 @@
+# Remove DeltaChat
+
+## 1. Disable the adapter
+
+Comment out the import in `src/channels/index.ts`:
+
+```typescript
+// import './deltachat.js';
+```
+
+## 2. Remove credentials
+
+Remove the `DC_*` lines from `.env`:
+
+```bash
+DC_EMAIL
+DC_PASSWORD
+DC_IMAP_HOST
+DC_IMAP_PORT
+DC_SMTP_HOST
+DC_SMTP_PORT
+```
+
+## 3. Rebuild and restart
+
+```bash
+pnpm run build
+
+# Linux
+systemctl --user restart nanoclaw
+
+# macOS
+launchctl kickstart -k gui/$(id -u)/com.nanoclaw
+```
+
+## 4. Remove account data (optional)
+
+To fully remove all account data including DeltaChat encryption keys:
+
+```bash
+rm -rf dc-account/
+```
+
+> **Warning:** This deletes the Autocrypt keys. Contacts who have verified your bot's key will need to re-verify if the same email address is re-used with a new account.
+
+To keep the account for later reinstall, leave `dc-account/` intact.
+
+## 5. Remove the package (optional)
+
+```bash
+pnpm remove @deltachat/stdio-rpc-server
+```
+
+## Verification
+
+After removal, confirm the adapter is no longer starting:
+
+```bash
+grep "deltachat" logs/nanoclaw.log | tail -5
+```
+
+Expected: no `Channel adapter started` entry after the last restart.
@@ -0,0 +1,254 @@
+---
+name: add-deltachat
+description: Add DeltaChat channel integration via @deltachat/stdio-rpc-server. Native adapter — no Chat SDK bridge. Email-based messaging with end-to-end encryption.
+---
+
+# Add DeltaChat Channel
+
+The adapter drives the `@deltachat/stdio-rpc-server` JSON-RPC subprocess directly — pure Node.js against the DeltaChat core library. Messages are delivered over email with Autocrypt/OpenPGP encryption.
+
+## Install
+
+### Pre-flight (idempotent)
+
+Skip to **Credentials** if all of these are already in place:
+
+- `src/channels/deltachat.ts` exists
+- `src/channels/index.ts` contains `import './deltachat.js';`
+- `@deltachat/stdio-rpc-server` is listed in `package.json` dependencies
+
+Otherwise continue. Every step below is safe to re-run.
+
+### 1. Fetch the channels branch
+
+```bash
+git fetch origin channels
+```
+
+### 2. Copy the adapter
+
+```bash
+git show origin/channels:src/channels/deltachat.ts > src/channels/deltachat.ts
+```
+
+### 3. Append the self-registration import
+
+Append to `src/channels/index.ts` (skip if already present):
+
+```typescript
+import './deltachat.js';
+```
+
+### 4. Install the adapter package (pinned)
+
+```bash
+pnpm install @deltachat/stdio-rpc-server@2.49.0
+```
+
+### 5. Build
+
+```bash
+pnpm run build
+```
+
+## Account Setup
+
+A dedicated email account is strongly recommended — it will accumulate DeltaChat-formatted messages and store encryption keys. Not all providers work well with DeltaChat; check https://providers.delta.chat/ before picking one.
+
+**Default security modes:** IMAP uses SSL/TLS (port 993), SMTP uses STARTTLS (port 587). Both are configurable via `.env` — see Credentials below.
+
+To find the correct hostnames for a domain:
+
+```bash
+node -e "require('dns').resolveMx('example.com', (e,r) => console.log(r))"
+```
+
+Most providers publish their IMAP/SMTP hostnames in their help docs under "manual setup" or "IMAP access."
+
+## Credentials
+
+Add to `.env`:
+
+```bash
+DC_EMAIL=bot@example.com
+DC_PASSWORD=your-app-password
+DC_IMAP_HOST=imap.example.com
+DC_IMAP_PORT=993
+DC_IMAP_SECURITY=1        # 1=SSL/TLS (default), 2=STARTTLS, 3=plain
+DC_SMTP_HOST=smtp.example.com
+DC_SMTP_PORT=587
+DC_SMTP_SECURITY=2        # 2=STARTTLS (default), 1=SSL/TLS, 3=plain
+```
+
+Security settings are applied on every startup, so changing them in `.env` and restarting takes effect without wiping the account.
+
+Sync to container: `mkdir -p data/env && cp .env data/env/env`
+
+### Optional settings
+
+The following are read from the process environment (not `.env`). To override them, add `Environment=` lines to the systemd service unit or your launchd plist:
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `DC_ACCOUNT_DIR` | `dc-account` | Directory for DeltaChat account data (IMAP state, keys, blobs) |
+| `DC_DISPLAY_NAME` | `NanoClaw` | Bot display name shown in DeltaChat |
+| `DC_AVATAR_PATH` | _(none)_ | Absolute path to avatar image; set at startup only |
+
+The `/set-avatar` command (send an image with that caption) is the easiest way to set the avatar at runtime without modifying the service file. Only users with `owner` or global `admin` role can use it.
+
+### Restart
+
+```bash
+# Linux
+systemctl --user restart nanoclaw
+
+# macOS
+launchctl kickstart -k gui/$(id -u)/com.nanoclaw
+```
+
+On first start the adapter configures the email account (IMAP/SMTP credentials, calls `configure()`). Subsequent starts skip straight to `startIo()`. Account data is stored in `dc-account/` in the project root (or your `DC_ACCOUNT_DIR`).
+
+## Wiring
+
+### DMs
+
+**DeltaChat contacts cannot be added by email alone** — to start a chat, the user must open the bot's invite link in their DeltaChat app or scan its QR code. This triggers the SecureJoin handshake.
+
+#### Step 1 — Get the invite link
+
+After the service starts, the adapter logs the invite URL and writes a QR SVG:
+
+```bash
+grep "invite link" logs/nanoclaw.log | tail -1
+# url field contains the https://i.delta.chat/... invite link
+# also written to dc-account/invite-qr.svg (or $DC_ACCOUNT_DIR/invite-qr.svg)
+```
+
+The invite URL is stable (tied to the bot's email and encryption keys) so it stays valid across restarts.
+
+#### Step 2 — Add the bot in DeltaChat
+
+Two options for the user to connect:
+
+- **Link**: Copy the `https://i.delta.chat/...` URL and open it on the device running DeltaChat. The app recognises it and shows a "Start chat" prompt.
+- **QR code**: Open `dc-account/invite-qr.svg` in a browser or image viewer, display it on screen, and scan it from the DeltaChat app using the QR-scan button on the new-chat screen.
+
+After accepting, DeltaChat exchanges keys and creates the chat automatically.
+
+#### Step 3 — Wire the chat to an agent
+
+Once the first message arrives the router auto-creates a `messaging_groups` row. Look up the chat ID:
+
+```bash
+pnpm exec tsx scripts/q.ts data/v2.db \
+  "SELECT platform_id, name FROM messaging_groups WHERE channel_type='deltachat' AND is_group=0 ORDER BY created_at DESC LIMIT 5"
+```
+
+Then run `/init-first-agent` — it creates the agent group, grants the user owner access, and wires the messaging group in one step:
+
+```bash
+pnpm exec tsx scripts/init-first-agent.ts \
+  --channel deltachat \
+  --user-id deltachat:user@example.com \
+  --platform-id <platform_id from above> \
+  --display-name "Your Name"
+```
+
+### Groups
+
+Add the bot email to a DeltaChat group. When any member sends a message, the router creates a `messaging_groups` row with `is_group = 1`. Run `/manage-channels` to wire it to an agent group.
+
+## Next Steps
+
+If you're in the middle of `/setup`, return to the setup flow now.
+
+Otherwise, run `/init-first-agent` to create an agent and wire it to your DeltaChat DM (see Wiring above), or `/manage-channels` to wire this channel to an existing agent group.
+
+## Channel Info
+
+- **type**: `deltachat`
+- **terminology**: DeltaChat calls them "chats" (1:1 DMs) and "groups"
+- **supports-threads**: no — DeltaChat has no thread model
+- **platform-id-format**: numeric chat ID as a string (e.g. `"12"`) — the DeltaChat core's internal chat identifier
+- **user-id-format**: `deltachat:{email}` — the contact's email address
+- **how-to-find-id**: Send a message from DeltaChat to the bot email, then query `messaging_groups` as shown above
+- **typical-use**: Personal assistant over DeltaChat DMs; small groups where participants use DeltaChat
+- **default-isolation**: One agent per bot identity. Multiple chats with the same operator can share an agent group; groups with other people should typically use `isolated` session mode
+
+### Features
+
+- File attachments — inbound and outbound; inbound waits up to 30 seconds for large-message download to complete
+- Invite link logged on every startup — URL + QR SVG written to `dc-account/invite-qr.svg`; see Wiring for the bootstrap flow
+- `/set-avatar` — send an image with this caption to change the bot's DeltaChat avatar (admin/owner only)
+- Connectivity watchdog — restarts IO if IMAP goes quiet for 20 minutes or connectivity drops below threshold for two consecutive 5-minute checks
+- Network nudge — `maybeNetwork()` called every 10 minutes to recover from prolonged idle
+
+Not supported: DeltaChat reactions, message editing/deletion, read receipts.
+
+### Connectivity model
+
+`isConnected()` returns `true` when the internal connectivity value is ≥ 3000:
+
+| Range | Meaning |
+|-------|---------|
+| 1000–1999 | Not connected |
+| 2000–2999 | Connecting |
+| 3000–3999 | Working (IMAP fetching) |
+| ≥ 4000 | Fully connected (IMAP IDLE) |
+
+## Troubleshooting
+
+### Adapter not starting — credentials missing
+
+```bash
+grep "Channel credentials missing" logs/nanoclaw.log | grep deltachat
+```
+
+All six required vars (`DC_EMAIL`, `DC_PASSWORD`, `DC_IMAP_HOST`, `DC_IMAP_PORT`, `DC_SMTP_HOST`, `DC_SMTP_PORT`) must be present in `.env`.
+
+### Account configure fails
+
+```bash
+grep "DeltaChat" logs/nanoclaw.log | tail -20
+```
+
+Common causes:
+- Wrong IMAP/SMTP hostnames — double-check provider docs
+- App password not generated — Gmail and some others require this when 2FA is enabled
+- Port/security mismatch — defaults are port 993 + SSL/TLS for IMAP and port 587 + STARTTLS for SMTP; override with `DC_IMAP_PORT`/`DC_IMAP_SECURITY` or `DC_SMTP_PORT`/`DC_SMTP_SECURITY` in `.env`
+
+### Provider uses SMTP port 465 (SSL/TLS) instead of 587
+
+Set `DC_SMTP_SECURITY=1` and `DC_SMTP_PORT=465` in `.env`, then restart.
+
+### Messages not arriving
+
+1. Check the service is running and the adapter started: `grep "Channel adapter started.*deltachat" logs/nanoclaw.log`
+2. Check connectivity: `grep "DeltaChat: IO started" logs/nanoclaw.log`
+3. Check the sender has been granted access — run `/init-first-agent` to create their user record and wire the chat
+4. Verify the messaging group is wired: `pnpm exec tsx scripts/q.ts data/v2.db "SELECT mg.platform_id, mga.agent_group_id FROM messaging_groups mg JOIN messaging_group_agents mga ON mg.id = mga.messaging_group_id WHERE mg.channel_type='deltachat'"`
+
+### Stale lock file after crash
+
+```bash
+rm -f dc-account/accounts.lock
+systemctl --user restart nanoclaw
+```
+
+### Bot not responding after restart
+
+The account is already configured — IO restarts automatically on service start. If the RPC subprocess is stuck, restart the service. Check for errors:
+
+```bash
+grep "DeltaChat" logs/nanoclaw.error.log | tail -20
+```
+
+### Messages received but agent not responding
+
+The messaging group exists but may not be wired to an agent group. Run:
+
+```bash
+pnpm exec tsx scripts/q.ts data/v2.db "SELECT id, platform_id, name FROM messaging_groups WHERE channel_type='deltachat'"
+```
+
+If the group has no entry in `messaging_group_agents`, wire it with `/manage-channels`.
@@ -0,0 +1,54 @@
+# Verify DeltaChat
+
+## 1. Check the adapter started
+
+```bash
+grep "Channel adapter started.*deltachat" logs/nanoclaw.log | tail -1
+```
+
+Expected: `Channel adapter started { channel: 'deltachat', type: 'deltachat' }`
+
+## 2. Check IMAP/SMTP connectivity
+
+Replace with your provider's hostnames from `.env`:
+
+```bash
+DC_IMAP=$(grep '^DC_IMAP_HOST=' .env | cut -d= -f2)
+DC_SMTP=$(grep '^DC_SMTP_HOST=' .env | cut -d= -f2)
+
+bash -c "echo >/dev/tcp/$DC_IMAP/993" && echo "IMAP open" || echo "IMAP blocked"
+bash -c "echo >/dev/tcp/$DC_SMTP/587" && echo "SMTP open" || echo "SMTP blocked"
+```
+
+## 3. End-to-end message test
+
+1. Open DeltaChat on your device
+2. Add the bot email address as a contact
+3. Send a message
+4. The bot should respond within a few seconds
+
+If nothing arrives, check:
+
+```bash
+grep "DeltaChat" logs/nanoclaw.log | tail -20
+grep "DeltaChat" logs/nanoclaw.error.log | tail -10
+```
+
+## 4. Check messaging group was created
+
+```bash
+pnpm exec tsx scripts/q.ts data/v2.db \
+  "SELECT id, platform_id, name FROM messaging_groups WHERE channel_type='deltachat' ORDER BY created_at DESC LIMIT 5"
+```
+
+If a row appears, the inbound routing is working. If not, the adapter isn't receiving the message — check logs for `DeltaChat: error handling incoming message`.
+
+## 5. Verify user access
+
+If the message arrived but the agent didn't respond, the sender may not have access:
+
+```bash
+pnpm exec tsx scripts/q.ts data/v2.db "SELECT id, display_name FROM users WHERE id LIKE 'deltachat:%'"
+```
+
+Grant access as shown in the SKILL.md "Grant user access" section.
@@ -44,7 +44,7 @@ import './discord.js';
 ### 4. Install the adapter package (pinned)

 ```bash
-pnpm install @chat-adapter/discord@4.26.0
+pnpm install @chat-adapter/discord@4.27.0
 ```

 ### 5. Build
@@ -241,7 +241,7 @@ grep -q "import './emacs.js'" src/channels/index.ts && echo "imported" || echo "
 ### No response from agent

 1. NanoClaw running: `launchctl list | grep nanoclaw` (macOS) / `systemctl --user status nanoclaw` (Linux)
-2. Messaging group wired: `sqlite3 data/v2.db "SELECT mg.platform_id, ag.folder FROM messaging_groups mg JOIN messaging_group_agents mga ON mg.id = mga.messaging_group_id JOIN agent_groups ag ON ag.id = mga.agent_group_id WHERE mg.channel_type = 'emacs'"`
+2. Messaging group wired: `pnpm exec tsx scripts/q.ts data/v2.db "SELECT mg.platform_id, ag.folder FROM messaging_groups mg JOIN messaging_group_agents mga ON mg.id = mga.messaging_group_id JOIN agent_groups ag ON ag.id = mga.agent_group_id WHERE mg.channel_type = 'emacs'"`
 3. Logs show inbound: `grep 'channel_type=emacs\|Emacs' logs/nanoclaw.log | tail -20`

 If no messaging group row exists, run the `register` command above.
@@ -292,5 +292,5 @@ launchctl kickstart -k gui/$(id -u)/com.nanoclaw   # macOS

 # Remove the NanoClaw block from your Emacs config
 # Optionally clean up the messaging group:
-sqlite3 data/v2.db "DELETE FROM messaging_group_agents WHERE messaging_group_id IN (SELECT id FROM messaging_groups WHERE channel_type='emacs'); DELETE FROM messaging_groups WHERE channel_type='emacs';"
+pnpm exec tsx scripts/q.ts data/v2.db "DELETE FROM messaging_group_agents WHERE messaging_group_id IN (SELECT id FROM messaging_groups WHERE channel_type='emacs'); DELETE FROM messaging_groups WHERE channel_type='emacs';"
 ```
@@ -44,7 +44,7 @@ import './gchat.js';
 ### 4. Install the adapter package (pinned)

 ```bash
-pnpm install @chat-adapter/gchat@4.26.0
+pnpm install @chat-adapter/gchat@4.27.0
 ```

 ### 5. Build
@@ -48,7 +48,7 @@ import './github.js';
 ### 4. Install the adapter package (pinned)

 ```bash
-pnpm install @chat-adapter/github@4.26.0
+pnpm install @chat-adapter/github@4.27.0
 ```

 ### 5. Build
@@ -71,38 +71,11 @@ AskUserQuestion: "Want periodic wiki health checks?"
 2. **Monthly**
 3. **Skip** — lint manually

-If yes, create a NanoClaw scheduled task that runs in the wiki group. This is NOT a Claude Code cron job — it's a NanoClaw group task that runs in the agent container. Insert it into the SQLite database:
+If yes, ask the agent to schedule the lint task using the `schedule_task` MCP tool in conversation.
+
+## Step 6: Restart

 ```bash
-pnpm exec tsx -e "
-const Database = require('better-sqlite3');
-const { CronExpressionParser } = require('cron-parser');
-const db = new Database('store/messages.db');
-const interval = CronExpressionParser.parse('<cron-expr>', { tz: process.env.TZ || 'UTC' });
-const nextRun = interval.next().toISOString();
-db.prepare('INSERT INTO scheduled_tasks (id, group_folder, chat_jid, prompt, schedule_type, schedule_value, context_mode, next_run, status, created_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)').run(
-  'wiki-lint',
-  '<group_folder>',
-  '<chat_jid>',
-  'Run a wiki lint pass per the wiki container skill. Check for contradictions, orphan pages, stale content, missing cross-references, and gaps. Report findings and offer to fix issues.',
-  'cron',
-  '<cron-expr>',
-  'group',
-  nextRun,
-  'active',
-  new Date().toISOString()
-);
-db.close();
-"
-```
-
-Use the group's `folder` and `chat_jid` from the registered groups table. Cron expressions: `0 10 * * 0` (weekly Sunday 10am) or `0 10 1 * *` (monthly 1st at 10am).
-
-## Step 6: Build and restart
-
-```bash
-pnpm run build
-./container/build.sh
 launchctl kickstart -k gui/$(id -u)/com.nanoclaw  # macOS
 # Linux: systemctl --user restart nanoclaw
 ```
@@ -87,7 +87,7 @@ Linear OAuth apps can't be @-mentioned, so the bridge's `onNewMention` handler n
 ### 5. Install the adapter package (pinned)

 ```bash
-pnpm install @chat-adapter/linear@4.26.0
+pnpm install @chat-adapter/linear@4.27.0
 ```

 ### 6. Build
@@ -76,7 +76,7 @@ Then rebuild the container image: `./container/build.sh`

 Ask the user (plain text, not AskUserQuestion):

-1. **Which agent group?** List available groups: `sqlite3 data/v2.db "SELECT folder, name FROM agent_groups;"`
+1. **Which agent group?** List available groups: `pnpm exec tsx scripts/q.ts data/v2.db "SELECT folder, name FROM agent_groups;"`
 2. **Which Ollama model?** List available: `curl -s http://localhost:11434/api/tags | grep '"name"'`
 3. **Block Anthropic API?** Recommended yes — prevents accidental spend if config drifts.

@@ -111,7 +111,7 @@ Read the agent group's shared Claude settings:

 ```bash
 # Find the agent group ID
-AG_ID=$(sqlite3 data/v2.db "SELECT id FROM agent_groups WHERE folder='<FOLDER>';")
+AG_ID=$(pnpm exec tsx scripts/q.ts data/v2.db "SELECT id FROM agent_groups WHERE folder='<FOLDER>';")
 SETTINGS=data/v2-sessions/$AG_ID/.claude-shared/settings.json
 ```

@@ -275,7 +275,7 @@ Look for: `Parallel AI MCP servers configured`
 - Check agent-runner logs for "Parallel AI MCP servers configured" message

 **Task polling not working:**
- Verify scheduled task was created: `sqlite3 store/messages.db "SELECT * FROM scheduled_tasks"`
+- Verify scheduled task was created: `pnpm exec tsx scripts/q.ts store/messages.db "SELECT * FROM scheduled_tasks"`
 - Check task runs: `tail -f logs/nanoclaw.log | grep "scheduled task"`
 - Ensure task prompt includes proper Parallel MCP tool names

@@ -200,7 +200,7 @@ systemctl --user restart nanoclaw
 After the service starts, send any message to the Signal number from your personal Signal app. The router auto-creates a `messaging_groups` row. Then:

 ```bash
-sqlite3 data/v2.db \
+pnpm exec tsx scripts/q.ts data/v2.db \
  "SELECT id, platform_id FROM messaging_groups WHERE channel_type='signal' ORDER BY created_at DESC LIMIT 5"
 ```

@@ -212,7 +212,7 @@ Add the Signal number to a group from your phone, send any message, then wire th

 ```bash
 NOW=$(date -u +"%Y-%m-%dT%H:%M:%S.000Z")
-sqlite3 data/v2.db "
+pnpm exec tsx scripts/q.ts data/v2.db "
 INSERT OR IGNORE INTO messaging_group_agents
  (id, messaging_group_id, agent_group_id, session_mode, priority, created_at)
 VALUES
@@ -226,7 +226,7 @@ New Signal users (including the owner's Signal identity) are silently dropped wi

 ```bash
 NOW=$(date -u +"%Y-%m-%dT%H:%M:%S.000Z")
-sqlite3 data/v2.db "
+pnpm exec tsx scripts/q.ts data/v2.db "
 INSERT OR REPLACE INTO user_roles (user_id, role, agent_group_id, granted_by, granted_at)
  VALUES ('signal:UUID', 'owner', NULL, 'system', '$NOW');
 INSERT OR IGNORE INTO agent_group_members (user_id, agent_group_id, added_by, added_at)
@@ -282,7 +282,7 @@ If you see `Signal daemon not reachable at 127.0.0.1:7583` and `SIGNAL_MANAGE_DA
 ### Bot not responding

 1. Channel initialized: `grep "Signal channel connected" logs/nanoclaw.log | tail -1`
-2. Channel wired: `sqlite3 data/v2.db "SELECT mg.platform_id, mg.name FROM messaging_groups mg JOIN messaging_group_agents mga ON mg.id = mga.messaging_group_id WHERE mg.channel_type='signal'"`
+2. Channel wired: `pnpm exec tsx scripts/q.ts data/v2.db "SELECT mg.platform_id, mg.name FROM messaging_groups mg JOIN messaging_group_agents mga ON mg.id = mga.messaging_group_id WHERE mg.channel_type='signal'"`
 3. Service running: `launchctl print gui/$(id -u)/com.nanoclaw` (macOS) / `systemctl --user status nanoclaw` (Linux)

 ### Lost connection mid-session
@@ -44,7 +44,7 @@ import './slack.js';
 ### 4. Install the adapter package (pinned)

 ```bash
-pnpm install @chat-adapter/slack@4.26.0
+pnpm install @chat-adapter/slack@4.27.0
 ```

 ### 5. Build
@@ -60,7 +60,7 @@ pnpm run build
 1. Go to [api.slack.com/apps](https://api.slack.com/apps) and click **Create New App** > **From scratch**
 2. Name it (e.g., "NanoClaw") and select your workspace
 3. Go to **OAuth & Permissions** and add Bot Token Scopes:
-   - `chat:write`, `channels:history`, `groups:history`, `im:history`, `channels:read`, `groups:read`, `users:read`, `reactions:write`
+   - `chat:write`, `im:write`, `channels:history`, `groups:history`, `im:history`, `channels:read`, `groups:read`, `users:read`, `reactions:write`
 4. Click **Install to Workspace** and copy the **Bot User OAuth Token** (`xoxb-...`)
 5. Go to **Basic Information** and copy the **Signing Secret**

@@ -76,7 +76,13 @@ pnpm run build
 10. Under **Subscribe to bot events**, add:
    - `message.channels`, `message.groups`, `message.im`, `app_mention`
 11. Click **Save Changes**
-12. Slack will show a banner asking you to **reinstall the app** — click it to apply the new event subscriptions
+
+### Interactivity
+
+12. Go to **Interactivity & Shortcuts** and toggle **Interactivity** on
+13. Set the **Request URL** to the same `https://your-domain/webhook/slack`
+14. Click **Save Changes**
+15. Slack will show a banner asking you to **reinstall the app** — click it to apply the new settings

 ### Configure environment

@@ -44,7 +44,7 @@ import './teams.js';
 ### 4. Install the adapter package (pinned)

 ```bash
-pnpm install @chat-adapter/teams@4.26.0
+pnpm install @chat-adapter/teams@4.27.0
 ```

 ### 5. Build
@@ -58,7 +58,7 @@ In `setup/index.ts`, add this entry to the `STEPS` map (right after the `registe
 ### 5. Install the adapter package (pinned)

 ```bash
-pnpm install @chat-adapter/telegram@4.26.0
+pnpm install @chat-adapter/telegram@4.27.0
 ```

 ### 6. Build
@@ -44,7 +44,7 @@ import './whatsapp-cloud.js';
 ### 4. Install the adapter package (pinned)

 ```bash
-pnpm install @chat-adapter/whatsapp@4.26.0
+pnpm install @chat-adapter/whatsapp@4.27.0
 ```

 ### 5. Build
@@ -57,7 +57,7 @@ groups: () => import('./groups.js'),
 ### 5. Install the adapter packages (pinned)

 ```bash
-pnpm install @whiskeysockets/baileys@6.17.16 qrcode@1.5.4 @types/qrcode@1.5.6 pino@9.6.0
+pnpm install @whiskeysockets/baileys@7.0.0-rc.9 qrcode@1.5.4 @types/qrcode@1.5.6 pino@9.6.0
 ```

 ### 6. Build
@@ -200,7 +200,7 @@ Otherwise, run `/manage-channels` to wire this channel to an agent group.

 - **type**: `whatsapp`
 - **terminology**: WhatsApp calls them "groups" and "chats." A "chat" is a 1:1 DM; a "group" has multiple members.
- **how-to-find-id**: DMs use `<phone>@s.whatsapp.net` (e.g. `14155551234@s.whatsapp.net`). Groups use `<id>@g.us`. To find your number: `node -e "const c=JSON.parse(require('fs').readFileSync('store/auth/creds.json','utf-8'));console.log(c.me?.id?.split(':')[0]+'@s.whatsapp.net')"`. Groups are auto-discovered — check `sqlite3 data/v2.db "SELECT platform_id, name FROM messaging_groups WHERE channel_type='whatsapp' AND is_group=1"`.
+- **how-to-find-id**: DMs use `<phone>@s.whatsapp.net` (e.g. `14155551234@s.whatsapp.net`). Groups use `<id>@g.us`. To find your number: `node -e "const c=JSON.parse(require('fs').readFileSync('store/auth/creds.json','utf-8'));console.log(c.me?.id?.split(':')[0]+'@s.whatsapp.net')"`. Groups are auto-discovered — check `pnpm exec tsx scripts/q.ts data/v2.db "SELECT platform_id, name FROM messaging_groups WHERE channel_type='whatsapp' AND is_group=1"`.
 - **supports-threads**: no
 - **typical-use**: Interactive chat — direct messages or small groups
 - **default-isolation**: Same agent group if you're the only participant across multiple chats. Separate agent group if different people are in different groups.
@@ -256,7 +256,7 @@ systemctl --user start nanoclaw

 1. Auth exists: `test -f store/auth/creds.json`
 2. Connected: `grep "Connected to WhatsApp" logs/nanoclaw.log | tail -1`
-3. Channel wired: `sqlite3 data/v2.db "SELECT mg.platform_id, mg.name FROM messaging_groups mg JOIN messaging_group_agents mga ON mg.id=mga.messaging_group_id WHERE mg.channel_type='whatsapp'"`
+3. Channel wired: `pnpm exec tsx scripts/q.ts data/v2.db "SELECT mg.platform_id, mg.name FROM messaging_groups mg JOIN messaging_group_agents mga ON mg.id=mga.messaging_group_id WHERE mg.channel_type='whatsapp'"`
 4. Service running: `systemctl --user status nanoclaw`

 ### "conflict" disconnection
@@ -279,7 +279,7 @@ rm -rf data/sessions/
 rm -rf data/sessions/{groupFolder}/.claude/

 # Also clear the session ID from NanoClaw's tracking (stored in SQLite)
-sqlite3 store/messages.db "DELETE FROM sessions WHERE group_folder = '{groupFolder}'"
+pnpm exec tsx scripts/q.ts store/messages.db "DELETE FROM sessions WHERE group_folder = '{groupFolder}'"
 ```

 To verify session resumption is working, check the logs for the same session ID across messages:
@@ -54,7 +54,7 @@ Tell the user:
 Wait for the user's confirmation. Then look up the most recent DM messaging groups:

 ```bash
-sqlite3 data/v2.db "SELECT id, platform_id, name, created_at FROM messaging_groups WHERE channel_type='${CHANNEL}' AND is_group=0 ORDER BY created_at DESC LIMIT 5"
+pnpm exec tsx scripts/q.ts data/v2.db "SELECT id, platform_id, name, created_at FROM messaging_groups WHERE channel_type='${CHANNEL}' AND is_group=0 ORDER BY created_at DESC LIMIT 5"
 ```

 Show the top rows to the user and confirm which `platform_id` is theirs (usually the most recent). Record as `PLATFORM_ID`. If none appeared, check `logs/nanoclaw.log` for `unknown_sender` drops — the adapter might be rejecting inbound due to connection or permission issues.
@@ -103,7 +103,7 @@ Wait for the user's reply. If they confirm receipt, the skill is done.

 If they say it didn't arrive, then diagnose using the DB directly (no waiting loops required — the message either delivered or it didn't):

- `sqlite3 data/v2-sessions/<agent-group-id>/sessions/<session-id>/outbound.db "SELECT id, status, created_at FROM messages_out ORDER BY created_at DESC LIMIT 5"` — check for stuck `pending` rows. Replace `<agent-group-id>` and `<session-id>` with the values from the script's output.
+- `pnpm exec tsx scripts/q.ts data/v2-sessions/<agent-group-id>/sessions/<session-id>/outbound.db "SELECT id, status, created_at FROM messages_out ORDER BY created_at DESC LIMIT 5"` — check for stuck `pending` rows. Replace `<agent-group-id>` and `<session-id>` with the values from the script's output.
 - `grep -E 'Unauthorized channel destination|container.*exited|error' logs/nanoclaw.log | tail -20` — look for ACL rejections or container crashes.
 - `ls data/v2-sessions/<agent-group-id>/sessions/*/outbound.db` — confirm the session exists.

@@ -11,7 +11,22 @@ Privilege is a **user-level** concept, not a channel-level one (see `src/db/user

 ## Assess Current State

-Read the central DB (`data/v2.db`) — query `agent_groups`, `messaging_groups`, `messaging_group_agents`, `users`, and `user_roles` tables. Also check `.env` for channel tokens and `src/channels/index.ts` for uncommented imports.
+Read the central DB (`data/v2.db`) using these canonical queries (column names match the schema, not the CLI flags — the `register` command's `--assistant-name` is stored in `agent_groups.name`).
+
+Run each via the in-tree wrapper — the host setup deliberately ships no `sqlite3` CLI:
+
+```bash
+pnpm exec tsx scripts/q.ts data/v2.db "<query>"
+```
+
+```sql
+SELECT id, name AS assistant_name, folder, agent_provider FROM agent_groups;
+SELECT id, channel_type, platform_id, name, unknown_sender_policy FROM messaging_groups;
+SELECT messaging_group_id, agent_group_id, session_mode, priority FROM messaging_group_agents;
+SELECT user_id, role, agent_group_id FROM user_roles ORDER BY role='owner' DESC;
+```
+
+Also check `.env` for channel tokens and `src/channels/index.ts` for uncommented imports.

 Categorize channels as: **wired** (has DB entities + messaging_group_agents row), **configured but unwired** (has credentials + barrel import, no DB entities), or **not configured**.

@@ -0,0 +1,232 @@
+---
+name: migrate-from-v1
+description: Finish migrating a NanoClaw v1 install into v2. Run after `bash migrate-v2.sh` completes. Seeds the owner, cleans up CLAUDE.local.md files, reconciles container configs, and helps port custom v1 code. Triggers on "migrate from v1", "finish migration", "v1 migration".
+---
+
+# Finish v1 → v2 migration
+
+`bash migrate-v2.sh` already ran the deterministic migration. It handled:
+
+- .env keys merged
+- v2 DB seeded (agent_groups, messaging_groups, wiring)
+- Group folders copied (v1 CLAUDE.md → v2 CLAUDE.local.md)
+- Session data copied with conversation continuity (incl. Claude Code memory + JSONL transcripts)
+- Scheduled tasks ported
+- Channel code installed and auth state copied (incl. WhatsApp Baileys keystore)
+- WhatsApp LIDs resolved from `store/auth` and aliased into `messaging_groups`
+- Container skills copied
+- Container image built
+
+Your job is the parts that need human judgment: triage any failed steps, seed the owner, clean up CLAUDE.local.md files, reconcile configs, and port any fork customizations.
+
+Read `logs/setup-migration/handoff.json` first — it has `overall_status`, per-step results in `steps`, and a `followups` list.
+
+## Preflight: was the script run?
+
+Before anything else, check that `logs/setup-migration/handoff.json` exists. If it doesn't, the user is invoking this skill before `migrate-v2.sh` ran. Stop and tell them, verbatim:
+
+> This skill finishes a migration that `migrate-v2.sh` started. Run that first, in your terminal — not from inside Claude:
+>
+> ```bash
+> bash migrate-v2.sh
+> ```
+>
+> It needs interactive prompts (channel selection, service switchover) and runs Node/pnpm bootstrap, Docker, OneCLI setup, and a container build that don't fit inside a Claude session. When it finishes, it'll hand control back to Claude automatically — at which point this skill picks up.
+
+Do not attempt to run the script yourself, simulate its effects, or pick up the migration mid-stream. The deterministic side has dependencies on a real interactive shell.
+
+Once `handoff.json` exists, proceed to Phase 0.
+
+## Phase 0: Get v2 routing real messages
+
+Before any deeper migration work, prove v2 actually answers messages on the user's real channels. v1 is paused, not touched — flipping back is a service restart.
+
+### 0a — Fix blockers only
+
+Walk `handoff.steps`. Fix only the failures that would stop the bot from routing one message; defer the rest to its later phase.
+
+### 0b — Smoke test, then continue
+
+Tell the user the switch is non-destructive (v1 is paused, not modified; reverting is one command). Help them stop v1's service unit and start v2's, tail the host log for a clean boot, and have them send a real test message. Use `AskUserQuestion` to confirm the bot responded.
+
+If yes, continue to Phase 1. If no, diagnose from `logs/nanoclaw.log` and re-test — don't proceed to deeper work on a broken router.
+
+### Deferred failures
+
+Re-visit anything you skipped in 0a before declaring the migration done. Most surface naturally in later phases (`1c-groups` ↔ Phase 2, `1e-tasks` ↔ task verification).
+
+## Phase 1: Owner and access
+
+v2 auto-creates a `users` row for every sender it sees (via `extractAndUpsertUser` in `src/modules/permissions/index.ts`). By the time this skill runs, the owner's row likely already exists — it just needs the `owner` role granted.
+
+**User ID format**: always `<channel_type>:<platform_handle>`. Each channel populates this differently:
+- **Telegram**: `telegram:<numeric_user_id>` (e.g. `telegram:6037840640`)
+- **Discord**: `discord:<snowflake_user_id>` (e.g. `discord:123456789012345678`)
+- **WhatsApp**: `whatsapp:<phone>@s.whatsapp.net` (e.g. `whatsapp:14155551234@s.whatsapp.net`)
+- **Slack**: `slack:<user_id>` (e.g. `slack:U04ABCDEF`)
+- **Others**: `<channel_type>:<platform_id>`
+
+**Steps:**
+
+1. Query `users` table: `SELECT id, kind, display_name FROM users`.
+2. If exactly one user exists, confirm: `AskUserQuestion`: "Is `<display_name>` (`<id>`) you?" — Yes / No, let me type it.
+3. If multiple users exist, present them as options in `AskUserQuestion`.
+4. If no users exist yet (service hasn't received a message), ask the user to send a test message first, then re-query.
+5. Once confirmed, check `user_roles` — if the owner role already exists, skip. Otherwise insert:
+   ```sql
+   INSERT INTO user_roles (user_id, role, agent_group_id, granted_by, granted_at)
+   VALUES ('<user_id>', 'owner', NULL, NULL, datetime('now'))
+   ```
+
+Use the DB helpers in `src/db/user-roles.ts` — they keep indexes correct. Init the DB first:
+
+```ts
+import { initDb } from '../src/db/connection.js';
+import { runMigrations } from '../src/db/migrations/index.js';
+import { DATA_DIR } from '../src/config.js';
+import path from 'path';
+const db = initDb(path.join(DATA_DIR, 'v2.db'));
+runMigrations(db);
+```
+
+### Access policy
+
+After seeding the owner, discuss the access policy. v2's `messaging_groups.unknown_sender_policy` controls who can interact with the bot. `migrate-v2.sh` set it to `public` so the bot would respond during the switchover test, but the user may want to tighten it.
+
+Present the options via `AskUserQuestion`:
+
+1. **Public** (current) — anyone can message the bot. Good for personal DM bots.
+2. **Known users only** — only users in `agent_group_members` can trigger the bot. Others are silently dropped.
+3. **Approval required** — unknown senders trigger an approval request to the owner. Good for group chats where you want to vet new members.
+
+If the user picks option 2 or 3, seed the known users from v1's message history. The v1 database is at `<handoff.v1_path>/store/messages.db`. It has a `messages` table with `sender` and `sender_name` columns. For each group:
+
+```sql
+-- v1: unique senders per chat (excluding bot messages)
+SELECT DISTINCT sender, sender_name
+FROM messages
+WHERE chat_jid = '<v1_jid>' AND is_from_me = 0 AND sender IS NOT NULL
+```
+
+The `sender` value is a platform handle (e.g. `6037840640` for Telegram). Build the v2 user ID by inferring the channel type from the chat JID prefix (use `parseJid` from `setup/migrate-v2/shared.ts`) and combining: `<channel_type>:<sender>`.
+
+For each sender:
+1. Upsert into `users(id, kind, display_name)` if not already present.
+2. Insert into `agent_group_members(user_id, agent_group_id)` for each agent group wired to that messaging group.
+
+Show the user the list of senders being imported and let them deselect any they don't want.
+
+Then update the messaging groups:
+```sql
+UPDATE messaging_groups SET unknown_sender_policy = '<chosen_policy>'
+WHERE id IN (SELECT id FROM messaging_groups WHERE channel_type IN (<migrated_channels>))
+```
+
+## Phase 2: Clean up CLAUDE.local.md
+
+The migration copied v1's entire CLAUDE.md into CLAUDE.local.md for each group. This file now contains v1 boilerplate that v2 handles through its own composed fragments (`container/CLAUDE.md` + `.claude-fragments/module-*.md`). The user's customizations are buried inside.
+
+For each group that has a `CLAUDE.local.md`:
+
+1. Read the file.
+2. Read the v1 template it was based on. Determine which template by checking the v1 install:
+   - If the group had `is_main=1` in v1's `registered_groups`, the template was `groups/main/CLAUDE.md`
+   - Otherwise, the template was `groups/global/CLAUDE.md`
+   - The v1 path is in `handoff.json` → `v1_path`
+3. Diff the file against the template. Identify sections that are:
+   - **Stock boilerplate** (identical to template) — remove. v2's fragments cover this.
+   - **User customizations** (added sections, modified sections) — keep.
+4. The following v1 sections are now handled by v2 fragments and should be removed even if slightly modified:
+   - "What You Can Do" → v2 runtime system prompt
+   - "Communication" / "Internal thoughts" / "Sub-agents" → `container/CLAUDE.md` + `module-core.md`
+   - "Your Workspace" / workspace path references → `container/CLAUDE.md`
+   - "Memory" (the stock version) → `container/CLAUDE.md`
+   - "Message Formatting" → `container/CLAUDE.md`
+   - "Admin Context" → v2 uses `user_roles`, not is_main
+   - "Authentication" → v2 uses OneCLI
+   - "Container Mounts" → v2 mounts are different
+   - "Managing Groups" / "Finding Available Groups" / "Registered Groups Config" → v2 entity model, no IPC
+   - "Global Memory" → v2 has `.claude-shared.md` symlink
+   - "Scheduling for Other Groups" → `module-scheduling.md`
+   - "Task Scripts" → `module-scheduling.md`
+   - "Sender Allowlist" → v2 uses `unknown_sender_policy` + `user_roles`
+5. Fix path references in kept sections:
+   - `/workspace/group/` → `/workspace/agent/`
+   - `/workspace/project/` → these paths don't exist in v2; discuss with the user
+   - `/workspace/ipc/` → gone; remove references
+   - `/workspace/extra/` → v2 uses `container.json` `additionalMounts`; keep but note the path may change
+6. Keep the `# Name` heading and first paragraph (identity) — this is the user's agent personality.
+7. Show the user the proposed new CLAUDE.local.md before writing it. Use `AskUserQuestion`: "Here's what I'd keep — look right?" with options to approve, edit, or keep the original.
+
+If a CLAUDE.local.md has no user customizations (pure template copy), write a minimal file with just the identity heading.
+
+## Phase 3: Container config
+
+`migrate-v2.sh` writes `container.json` directly from v1's `container_config` (the `additionalMounts` shape is identical). If the v1 config was unparseable, it falls back to a `.v1-container-config.json` sidecar.
+
+For each group, check:
+
+1. If `container.json` exists, read it and verify the `additionalMounts` host paths are still valid on this machine. Flag any that don't exist.
+2. If `.v1-container-config.json` exists (parse failure fallback), read it, discuss with the user, and write a proper `container.json`. Then delete the sidecar.
+3. Check for `env` or `packages` fields — `env` may overlap with OneCLI vault, `packages` (apt/npm) are portable.
+
+## Phase 4: Fork customizations
+
+Check whether the user's v1 install was a customized fork.
+
+```bash
+cd <v1_path>
+git remote -v
+git log --oneline <upstream>/main..HEAD 2>/dev/null
+```
+
+If no commits ahead of upstream: stock v1, skip this phase.
+
+If there are commits:
+
+1. Show the commit list to the user.
+2. `AskUserQuestion`: "How do you want to handle your v1 customizations?"
+   - **Copy portable items** (recommended) — copy `container/skills/*`, `.claude/skills/*`, `docs/*`. Scan each with `scanForV1Patterns` from `setup/migrate-v2/shared.ts`.
+   - **Full walkthrough** — go commit by commit, decide together.
+   - **Reference only** — stash to `docs/v1-fork-reference/` for later.
+3. Source code (`src/*`, `container/agent-runner/src/*`) is NOT portable — v2's architecture is fundamentally different. Stash to `docs/v1-fork-reference/` with a README explaining what each file did. Don't translate.
+
+## Principles
+
+- **v1 checkout is read-only.** Never modify files under `handoff.v1_path`.
+- **Show before writing.** Show diffs/proposed content before modifying CLAUDE.local.md or container.json.
+- **Mask credentials** when displaying (first 4 + `...` + last 4 characters).
+- **`handoff.json` is the recovery point.** If context gets compacted, re-read it and `git status` to recover state.
+
+## Setup steps you can run
+
+The setup flow at `setup/index.ts` has individual steps you can invoke if something is missing or failed:
+
+```bash
+pnpm exec tsx setup/index.ts --step <name>
+```
+
+| Step | When to use |
+|------|-------------|
+| `onecli` | OneCLI not installed or not healthy |
+| `auth` | No Anthropic credential in vault |
+| `container` | Container image needs rebuild |
+| `service` | Service not installed or not running |
+| `mounts` | Mount allowlist missing |
+| `verify` | End-to-end health check (run after everything else) |
+| `environment` | System check (Node, dirs) |
+
+## When done
+
+1. Run the verify step to confirm everything works:
+   ```bash
+   pnpm exec tsx setup/index.ts --step verify
+   ```
+2. Delete `logs/setup-migration/handoff.json` — offer to save as `docs/migration-<date>.md` first.
+3. Restart the service if running so changes take effect:
+   ```bash
+   # Linux
+   systemctl --user restart nanoclaw-v2-*
+   # macOS
+   launchctl kickstart -k gui/$(id -u)/com.nanoclaw-v2-*
+   ```
@@ -17,8 +17,9 @@ Run `/update-nanoclaw` in Claude Code.

 **Preview**: runs `git log` and `git diff` against the merge base to show upstream changes since your last sync. Groups changed files into categories:
 - **Skills** (`.claude/skills/`): unlikely to conflict unless you edited an upstream skill
- **Source** (`src/`): may conflict if you modified the same files
- **Build/config** (`package.json`, `tsconfig*.json`, `container/`): review needed
+- **Host source** (`src/`): may conflict if you modified the same files
+- **Container** (`container/`): triggers container rebuild
+- **Build/config** (`package.json`, `pnpm-lock.yaml`, `tsconfig*.json`): lockfile changes trigger dep install

 **Update paths** (you pick one):
 - `merge` (default): `git merge upstream/<branch>`. Resolves all conflicts in one pass.
@@ -30,7 +31,7 @@ Run `/update-nanoclaw` in Claude Code.

 **Conflict resolution**: opens only conflicted files, resolves the conflict markers, keeps your local customizations intact.

-**Validation**: runs `pnpm run build` and `pnpm test`.
+**Validation**: runs `pnpm run build` and `pnpm test`. If container files changed, also runs the container typecheck and `./container/build.sh`.

 **Breaking changes check**: after validation, reads CHANGELOG.md for any `[BREAKING]` entries introduced by the update. If found, shows each breaking change and offers to run the recommended skill to migrate.

@@ -108,9 +109,10 @@ Show file-level impact from upstream:

 Bucket the upstream changed files:
 - **Skills** (`.claude/skills/`): unlikely to conflict unless the user edited an upstream skill
- **Source** (`src/`): may conflict if user modified the same files
- **Build/config** (`package.json`, `pnpm-lock.yaml`, `tsconfig*.json`, `container/`, `launchd/`): review needed
- **Other**: docs, tests, misc
+- **Host source** (`src/`): may conflict if user modified the same files
+- **Container** (`container/`): triggers container rebuild (+ typecheck if `agent-runner/src/` changed)
+- **Build/config** (`package.json`, `pnpm-lock.yaml`, `tsconfig*.json`): lockfile changes trigger dep install
+- **Other**: docs, tests, setup scripts, misc

 **Large drift check:** If the upstream commit count and age suggest the user has a lot of catching up to do, mention that `/migrate-nanoclaw` might be a better fit — it extracts customizations and reapplies them on clean upstream instead of merging. Offer it as an option but don't push.

@@ -173,11 +175,31 @@ If it gets messy (more than 3 rounds of conflicts):
  - `git rebase --abort`
  - Recommend merge instead.

+# Step 4.5: Install dependencies (if lockfiles changed)
+Check if the merge changed any lockfiles or package manifests:
+- `git diff <backup-tag-from-step-1>..HEAD --name-only | grep -E '^(pnpm-lock\.yaml|package\.json)$'`
+  - If matched: `pnpm install`
+- `git diff <backup-tag-from-step-1>..HEAD --name-only | grep -E '^container/agent-runner/(bun\.lock|package\.json)$'`
+  - If matched AND `command -v bun` succeeds: `cd container/agent-runner && bun install`
+  - If bun is not installed on the host, skip — container deps will be installed during `./container/build.sh`
+
+Skip this step if neither lockfile changed.
+
 # Step 5: Validation
-Run:
+Check which areas changed to determine what to validate:
+- `CHANGED_FILES=$(git diff --name-only <backup-tag-from-step-1>..HEAD)`
+
+**Host build** (always):
 - `pnpm run build`
 - `pnpm test` (do not fail the flow if tests are not configured)

+**Container typecheck** (only if `container/agent-runner/src/` files are in CHANGED_FILES AND bun types are available):
+- Check: `pnpm exec tsc -p container/agent-runner/tsconfig.json --noEmit`
+- If this fails because bun types are missing (`Cannot find type definition file for 'bun'`), skip with a note — type errors will surface at container runtime instead
+
+**Container image rebuild** (only if any `container/` files are in CHANGED_FILES):
+- `./container/build.sh`
+
 If build fails:
 - Show the error.
 - Only fix issues clearly caused by the merge (missing imports, type mismatches from merged code).
@@ -209,8 +231,10 @@ If one or more `[BREAKING]` lines are found:
 - For each skill the user selects, invoke it using the Skill tool.
 - After all selected skills complete (or if user chose Skip), proceed to Step 7 (skill updates check).

-# Step 7: Check for skill updates
-After the summary, check if skills are distributed as branches in this repo:
+# Step 7: Check for skill and channel/provider updates
+
+## 7a: Skill branches
+Check if skills are distributed as branches in this repo:
 - `git branch -r --list 'upstream/skill/*'`

 If any `upstream/skill/*` branches exist:
@@ -218,7 +242,21 @@ If any `upstream/skill/*` branches exist:
  - Option 1: "Yes, check for updates" (description: "Runs /update-skills to check for and apply skill branch updates")
  - Option 2: "No, skip" (description: "You can run /update-skills later any time")
 - If user selects yes, invoke `/update-skills` using the Skill tool.
- After the skill completes (or if user selected no), proceed to Step 8.
+
+## 7b: Channel and provider updates
+Detect installed channels by reading `src/channels/index.ts` and collecting all `import './<name>.js';` lines (excluding `cli`). For providers, check `src/providers/index.ts` the same way.
+
+If any channels/providers are installed AND `upstream/channels` or `upstream/providers` branches exist:
+- List the installed channels/providers.
+- Use AskUserQuestion to ask: "Would you like to update your installed channels/providers? Re-running `/add-<name>` is safe — it only updates code files, credentials and wiring are untouched."
+  - One option per installed channel/provider (e.g., "Update Slack (/add-slack)")
+  - "Skip — I'll update them later"
+  - Set `multiSelect: true`
+- For each selected option, invoke the corresponding `/add-<channel>` or `/add-<provider>` skill.
+
+If no channels/providers are installed, skip silently.
+
+Proceed to Step 8.

 # Step 8: Summary + rollback instructions
 Show:
@@ -232,9 +270,10 @@ Show:
 Tell the user:
 - To rollback: `git reset --hard <backup-tag-from-step-1>`
 - Backup branch also exists: `backup/pre-update-<HASH>-<TIMESTAMP>`
- Restart the service to apply changes:
-  - If using launchd: `launchctl unload ~/Library/LaunchAgents/com.nanoclaw.plist && launchctl load ~/Library/LaunchAgents/com.nanoclaw.plist`
-  - If running manually: restart `pnpm run dev`
+- Restart the service to apply changes. Detect platform with `uname -s`:
+  - **macOS (Darwin)**: `launchctl kickstart -k gui/$(id -u)/com.nanoclaw`
+  - **Linux**: detect the service name with `systemctl --user list-units --type=service | grep nanoclaw | awk '{print $1}'`, then `systemctl --user restart <detected-name>`
+  - **Manual** (no service found): restart `pnpm run dev`


 ## Diagnostics
@@ -4,6 +4,11 @@ All notable changes to NanoClaw will be documented in this file.

 For detailed release notes, see the [full changelog on the documentation site](https://docs.nanoclaw.dev/changelog).

+## [Unreleased]
+
+- **v1 → v2 migration.** Run `bash migrate-v2.sh` from the v2 checkout. Finds your v1 install (sibling directory or `NANOCLAW_V1_PATH`), merges `.env`, seeds the v2 DB from `registered_groups`, copies group folders (`CLAUDE.md` → `CLAUDE.local.md`), copies session data with conversation continuity, ports scheduled tasks, interactively selects and installs channels (clack multiselect), copies container skills, builds the agent container, and offers a service switchover to test. Hands off to Claude (`/migrate-from-v1`) for owner seeding, access policy, CLAUDE.md cleanup, and fork customization porting. See [docs/migration-dev.md](docs/migration-dev.md) and [docs/v1-to-v2-changes.md](docs/v1-to-v2-changes.md).
+- **Migration fixes.** `1b-db` now resolves Discord DMs as `discord:@me:<id>` (previously skipped any v1 chat that wasn't a guild channel — a blocker for personal-bot installs). `1c-groups` skips symlinks instead of following them (a single broken `.claude-shared.md → /app/CLAUDE.md` no longer aborts the whole copy). When `1b-db` reuses an auto-created `messaging_group` with no wired agents, its `unknown_sender_policy` is now reconciled to the migration's `public` default.
+
 ## [2.0.0] - 2026-04-22

 Major version. NanoClaw v2 is a substantial architectural rewrite. Existing forks should run `/migrate-nanoclaw` (clean-base replay of customizations) or `/update-nanoclaw` (selective cherry-pick) before resuming work.
@@ -6,8 +6,8 @@ This is NanoClaw v2, a ground-up rewrite with breaking changes throughout. It ca

 **Do this instead:**
 1. Abort the merge: `git merge --abort` (or `git reset --hard ORIG_HEAD` if the merge already completed).
-2. Tell the user, verbatim: *"This is the v2 rewrite — it can't be merged into your existing install. Run `bash migrate-v2.sh` to migrate instead."*
-3. Wait for the user to confirm before doing anything else. Do not attempt the migration yourself.
+2. Tell the user, verbatim: *"This is the v2 rewrite — it can't be merged into your existing install. Exit Claude Code (or open a separate terminal) and run `bash migrate-v2.sh` from the shell."*
+3. Wait for the user to confirm before doing anything else. Do not run the migration script yourself — it requires an interactive terminal and cannot be run from within Claude Code.

 If you are a fresh install (you ran `git clone`, not `git pull`) and there are no conflicts, ignore this banner and continue below.

@@ -53,6 +53,8 @@ Exactly one writer per file — no cross-mount lock contention. Heartbeat is a f

 `data/v2.db` holds everything that isn't per-session: users, user_roles, agent_groups, messaging_groups, wiring, pending_approvals, user_dms, chat_sdk_* (for the Chat SDK bridge), schema_version. Migrations live at `src/db/migrations/`.

+For ad-hoc queries from skills or scripts, use the in-tree wrapper rather than the `sqlite3` CLI: `pnpm exec tsx scripts/q.ts <db> "<sql>"`. The host setup intentionally avoids depending on the `sqlite3` binary (`setup/verify.ts:5`); the wrapper goes through the `better-sqlite3` dep that setup already installs and verifies. Default-output format matches `sqlite3 -list` (pipe-separated, no header) so existing skill text reads identically.
+
 ## Key Files

 | File | Purpose |
@@ -77,6 +79,7 @@ Exactly one writer per file — no cross-mount lock contention. Heartbeat is a f
 | `container/skills/` | Container skills mounted into every agent session |
 | `groups/<folder>/` | Per-agent-group filesystem (CLAUDE.md, skills, per-group `agent-runner-src/` overlay) |
 | `scripts/init-first-agent.ts` | Bootstrap the first DM-wired agent (used by `/init-first-agent` skill) |
+| `migrate-v2.sh` + `setup/migrate-v2/` | v1→v2 migration. Standalone script: `bash migrate-v2.sh`. Seeds DB, copies groups/sessions, installs channels, builds container, offers service switchover, then hands off to `/migrate-from-v1` skill for owner setup and CLAUDE.md cleanup. See [docs/migration-dev.md](docs/migration-dev.md). |

 ## Channels and Providers (skill-installed)

@@ -157,6 +160,17 @@ Four types of skills. See [CONTRIBUTING.md](CONTRIBUTING.md) for the full taxono

 Before creating a PR, adding a skill, or preparing any contribution, you MUST read [CONTRIBUTING.md](CONTRIBUTING.md). It covers accepted change types, the four skill types and their guidelines, `SKILL.md` format rules, and the pre-submission checklist.

+## PR Hygiene
+
+Before creating a PR, run these checks:
+
+```bash
+git diff upstream/main --stat HEAD
+git log upstream/main..HEAD --oneline
+```
+
+Show the output and wait for approval. Installation-specific files (group files, .claude/settings.json, local configs) should not be included.
+
 ## Development

 Run commands directly — don't tell the user to run them.
@@ -186,7 +200,17 @@ launchctl kickstart -k gui/$(id -u)/com.nanoclaw  # restart
 systemctl --user start|stop|restart nanoclaw
 ```

-Host logs: `logs/nanoclaw.log` (normal) and `logs/nanoclaw.error.log` (errors only — some delivery/approval failures only show up here).
+## Troubleshooting
+
+Check these first when something goes wrong:
+
+| What | Where |
+|------|-------|
+| Host logs | `logs/nanoclaw.error.log` first (delivery failures, crash-loop backoff, warnings), then `logs/nanoclaw.log` for the full routing chain |
+| Setup logs | `logs/setup.log` (overall), `logs/setup-steps/*.log` (per-step: bootstrap, environment, container, onecli, mounts, service, etc.) |
+| Session DBs | `data/v2-sessions/<agent-group>/<session>/` — `inbound.db` (`messages_in`: did the message reach the container?), `outbound.db` (`messages_out`: did the agent produce a response?) |
+
+Note: container logs are lost after the container exits (`--rm` flag). If the agent silently failed inside the container, there's no persistent log to inspect.

 ## Supply Chain Security (pnpm)

@@ -211,6 +235,8 @@ This project uses pnpm with `minimumReleaseAge: 4320` (3 days) in `pnpm-workspac
 | [docs/setup-wiring.md](docs/setup-wiring.md) | What's wired, what's open in the setup flow |
 | [docs/architecture-diagram.md](docs/architecture-diagram.md) | Diagram version of the architecture |
 | [docs/build-and-runtime.md](docs/build-and-runtime.md) | Runtime split (Node host + Bun container), lockfiles, image build surface, CI, key invariants |
+| [docs/v1-to-v2-changes.md](docs/v1-to-v2-changes.md) | v1→v2 architecture diff — vocabulary for where v1 things moved |
+| [docs/migration-dev.md](docs/migration-dev.md) | Migration development guide — testing, debugging, dev loop |

 ## Container Build Cache

@@ -123,7 +123,8 @@ Test your contribution on a fresh clone before submitting. For skills, run the s

 1. **Link related issues.** If your PR resolves an open issue, include `Closes #123` in the description so it's auto-closed on merge.
 2. **Test thoroughly.** Run the feature yourself. For skills, test on a fresh clone.
-3. **Check the right box** in the PR template. Labels are auto-applied based on your selection:
+3. **Check for installation-specific files.** Before creating a PR, verify no installation-specific files are in your diff (see PR Hygiene in CLAUDE.md).
+4. **Check the right box** in the PR template. Labels are auto-applied based on your selection:

 | Checkbox | Label |
 |----------|-------|
@@ -16,6 +16,7 @@ Thanks to everyone who has contributed to NanoClaw!
 - [flobo3](https://github.com/flobo3) — Flo
 - [edwinwzhe](https://github.com/edwinwzhe) — Edwin He
 - [scottgl9](https://github.com/scottgl9) — Scott Glover
+- [ingyukoh](https://github.com/ingyukoh) — Ingyu Koh
 - [cschmidt](https://github.com/cschmidt) — Carl Schmidt
 - [leonalfredbot-ship-it](https://github.com/leonalfredbot-ship-it) — Alfred-the-buttler
 - [moktamd](https://github.com/moktamd)
@@ -33,6 +33,29 @@ bash nanoclaw.sh

 `nanoclaw.sh` walks you from a fresh machine to a named agent you can message. It installs Node, pnpm, and Docker if missing, registers your Anthropic credential with OneCLI, builds the agent container, and pairs your first channel (Telegram, Discord, WhatsApp, or a local CLI). If a step fails, Claude Code is invoked automatically to diagnose and resume from where it broke.

+<details>
+<summary><strong>Migrating from NanoClaw v1?</strong></summary>
+
+Run from a fresh v2 checkout next to your v1 install:
+
+```bash
+git clone https://github.com/qwibitai/nanoclaw.git nanoclaw-v2
+cd nanoclaw-v2
+bash migrate-v2.sh
+```
+
+`migrate-v2.sh` finds your v1 install (sibling directory, or `NANOCLAW_V1_PATH=/path/to/nanoclaw`), migrates state into the v2 checkout, then `exec`s into Claude Code to finish the parts that need judgment (owner seeding, CLAUDE.local.md cleanup, fork-customisation replay).
+
+Run the script directly, not from inside a Claude session — the deterministic side needs interactive prompts and real shell I/O for Node/pnpm bootstrap, Docker, OneCLI, and the container build.
+
+**What it does:** merges `.env`, seeds the v2 DB from `registered_groups`, copies group folders + session data + scheduled tasks, installs the channel adapters you select, copies channel auth state (including Baileys keystore + LID mappings for WhatsApp), builds the agent container.
+
+**What it doesn't:** flip the system service. Pick *"switch to v2"* at the prompt, or do it manually after testing — your v1 install is left untouched.
+
+See [docs/v1-to-v2-changes.md](docs/v1-to-v2-changes.md) for what's different and [docs/migration-dev.md](docs/migration-dev.md) for development notes.
+
+</details>
+
 ## Philosophy

 **Small enough to understand.** One process, a few source files and no microservices. If you want to understand the full NanoClaw codebase, just ask Claude Code to walk you through it.
@@ -192,3 +215,5 @@ See [CHANGELOG.md](CHANGELOG.md) for breaking changes, or the [full release hist
 ## License

 MIT
+
+<img referrerpolicy="no-referrer-when-downgrade" src="https://static.scarf.sh/a.png?x-pxid=47894bd5-353b-42fe-bb97-74144e6df0bf" />
@@ -0,0 +1,30 @@
+
+     [38;2;43;183;206m⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠰⣄⠘⣦⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀[39m   
+     [38;2;43;183;206m⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⡆⢸⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀[39m  [2m[38;2;43;183;206m°[39m[22m
+     [38;2;43;183;206m⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⡇⢸⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀[39m   
+     [38;2;43;183;206m⠀⠀⠀⠀⠀⢀⣠⣴⠾⠟⠛⠛⠿⢶⣦⣾⠇⣾⠁⠀⠀⠀⢀⣤⣤⠀⢀⣄⠀[39m   
+     [38;2;43;183;206m⠀⠀⠀⠀⣴⡿⡋⠀⠀⠀⠀⠀⢤⣾⣿⢛⢿⣏⠀⠀⠀⢰⣟⣽⡏⠀⣸⡿⣧[39m   
+   [2m[38;2;43;183;206mo[39m[22m [38;2;43;183;206m⠀⠀⢀⣾⠋⠀⠀⠀⠀⠀⠀⠀⠀⠘⠈⣧⣀⣿⣧⠀⠀⣿⣼⣿⣇⣾⠋⢠⣿[39m   
+     [38;2;43;183;206m⠀⠀⣾⢃⠀⢲⣷⡋⣰⡀⢀⣀⣀⡀⠠⣿⣿⣠⣿⣇⠀⣿⢻⣉⠉⠙⠠⣼⠇[39m   
+     [38;2;43;183;206m⠀⣼⡏⠃⠀⢸⣿⣿⡿⠃⣾⣷⣻⣿⡏⢹⠿⠿⣿⣿⢀⣿⣐⠙⣷⣦⡾⠋⠀[39m  [2m[38;2;43;183;206mo[39m[22m
+     [38;2;43;183;206m⢠⣿⡃⠀⠀⠀⠀⠀⠈⠀⠀⠉⠙⠁⠀⠀⠀⠐⣿⣿⣟⠁⣿⣿⠟⠋⠀⠀⠀[39m   
+   [2m[38;2;43;183;206m°[39m[22m [38;2;43;183;206m⢸⣿⣧⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣨⣿⣿⣿⣿⣿⠟⠁⠀⠀⠀⠀⠀[39m   
+     [38;2;43;183;206m⢸⣿⣿⣷⣤⣤⠀⣀⢀⠀⢀⣀⣠⣴⣶⣿⣿⣿⣿⡿⠛⠁⠀⠀⠀⠀⠀⠀⠀[39m   
+     [38;2;43;183;206m⣿⢋⠿⣿⣿⣿⣿⡿⣿⣿⣿⣿⣿⣿⠿⠿⠿⣿⣅⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀[39m  [38;2;43;183;206mO[39m
+     [38;2;43;183;206m⣿⣿⠙⢾⣽⣟⣿⣿⣼⣿⣿⣿⣩⣶⣶⣦⠀⠀⠩⢻⣆⠀⠀⠀⠀⠀⠀⠀⠀[39m   
+     [38;2;43;183;206m⠘⣿⣶⣤⣿⣿⣿⣿⣵⢖⡀⠉⠹⡛⢷⣝⡿⠁⠀⠀⣿⡆⠀⠀⠀⠀⠀⠀⠀[39m   
+     [38;2;43;183;206m⠀⢹⣯⣽⣟⣛⣻⣿⣿⣾⣽⢶⣽⣿⣿⣿⣏⠀⠠⣤⣿⡇⠀⠀⠀⠀⠀⠀⠀[39m   
+     [38;2;43;183;206m⠀⠀⠻⣿⣶⣾⣿⢿⣻⣿⣿⣿⣿⣿⣿⣏⣛⣧⣦⣿⣿⣧⣄⠀⠀⠀⠀⠀⠀[39m   
+   [38;2;43;183;206mo[39m [38;2;43;183;206m⠀⠀⠀⠈⠻⣿⣶⣥⣼⣿⣿⣽⣿⣿⣿⣷⣶⣾⣿⣿⣯⣘⣿⣧⠀⠀⠀⠀⠀[39m   
+     [38;2;43;183;206m⠀⠀⠀⠀⠤⣤⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠿⠿⠋⠀⠀⠀⠀⠀[39m   
+
+[1m _  _               [22m[38;2;43;183;206m[1m  ___ _             [22m[39m
+[1m| \| |__ _ _ _  ___ [22m[38;2;43;183;206m[1m / __| |__ ___ __ __[22m[39m
+[1m| .` / _` | ' \/ _ \[22m[38;2;43;183;206m[1m| (__| / _` \ V  V /[22m[39m
+[1m|_|\_\__,_|_||_\___/[22m[38;2;43;183;206m[1m \___|_\__,_|\_/\_/ [22m[39m
+
+                 [2mSmall.[22m
+         [2mRuns on your machine.[22m
+            [2mYours to modify.[22m
+
+[38;2;5;62;165m════════════════════════════════════════[39m
@@ -21,7 +21,7 @@ ARG INSTALL_CJK_FONTS=false
 # across all users.
 ARG CLAUDE_CODE_VERSION=2.1.116
 ARG AGENT_BROWSER_VERSION=latest
-ARG VERCEL_VERSION=latest
+ARG VERCEL_VERSION=52.2.1
 ARG BUN_VERSION=1.3.12

 # ---- System dependencies -----------------------------------------------------
@@ -27,12 +27,46 @@ const DEFAULT_HEARTBEAT_PATH = '/workspace/.heartbeat';
 let _inbound: Database | null = null;
 let _outbound: Database | null = null;
 let _heartbeatPath: string = DEFAULT_HEARTBEAT_PATH;
+let _testMode = false;

-/** Inbound DB — container opens read-only (host is the sole writer). */
+/**
+ * Avoid all cached db reads; open inbound.db read-only with mmap and page cache disabled.
+ *
+ * Use this (not getInboundDb) for readers that need to see host-written rows
+ * promptly — e.g. messages_in polling. Caller must .close() the returned
+ * connection (try/finally).
+ *
+ * Needed for mounts where host writes don't reliably invalidate
+ * SQLite's caches: virtiofs (Colima, Lima, Podman Machine, Apple
+ * Container), NFS.
+ *
+ * Cost is microseconds per query, so safe for universal use.
+ */
+export function openInboundDb(): Database {
+  // In test mode return a thin wrapper over the in-memory singleton.
+  // Callers do try/finally { db.close() } — the wrapper no-ops close()
+  // so the singleton survives for the rest of the test.
+  if (_testMode && _inbound) {
+    const db = _inbound;
+    return { prepare: (sql: string) => db.prepare(sql), exec: (sql: string) => db.exec(sql), close: () => {} } as unknown as Database;
+  }
+  const db = new Database(DEFAULT_INBOUND_PATH, { readonly: true });
+  db.exec('PRAGMA busy_timeout = 5000');
+  db.exec('PRAGMA mmap_size = 0');
+  return db;
+}
+
+/**
+ * Inbound DB — long-lived singleton, OK for tables the host writes once
+ * at spawn and never again (destinations, session_routing). For
+ * messages_in polling — where the host writes continuously and a stale
+ * view causes the pollHandle hang — use `openInboundDb()` instead.
+ */
 export function getInboundDb(): Database {
  if (!_inbound) {
    _inbound = new Database(DEFAULT_INBOUND_PATH, { readonly: true });
    _inbound.exec('PRAGMA busy_timeout = 5000');
+    _inbound.exec('PRAGMA mmap_size = 0');
  }
  return _inbound;
 }
@@ -144,6 +178,7 @@ export function clearStaleProcessingAcks(): void {

 /** For tests — creates in-memory DBs with the session schemas. */
 export function initTestSessionDb(): { inbound: Database; outbound: Database } {
+  _testMode = true;
  _inbound = new Database(':memory:');
  _inbound.exec('PRAGMA foreign_keys = ON');
  _inbound.exec(`
@@ -220,6 +255,7 @@ export function initTestSessionDb(): { inbound: Database; outbound: Database } {
 export function closeSessionDb(): void {
  _inbound?.close();
  _inbound = null;
+  _testMode = false;
  _outbound?.close();
  _outbound = null;
 }
@@ -8,7 +8,7 @@
 * processing_ack. The host reads processing_ack to sync message lifecycle.
 */
 import { getConfig } from '../config.js';
-import { getInboundDb, getOutboundDb } from './connection.js';
+import { openInboundDb, getOutboundDb } from './connection.js';

 export interface MessageInRow {
  id: string;
@@ -50,31 +50,35 @@ function getMaxMessagesPerPrompt(): number {
 * trigger=1 separately (see src/db/session-db.ts).
 */
 export function getPendingMessages(): MessageInRow[] {
-  const inbound = getInboundDb();
+  const inbound = openInboundDb();
  const outbound = getOutboundDb();

-  const pending = inbound
-    .prepare(
-      `SELECT * FROM messages_in
-       WHERE status = 'pending'
-         AND (process_after IS NULL OR datetime(process_after) <= datetime('now'))
-       ORDER BY seq DESC
-       LIMIT ?`,
-    )
-    .all(getMaxMessagesPerPrompt()) as MessageInRow[];
+  try {
+    const pending = inbound
+      .prepare(
+        `SELECT * FROM messages_in
+         WHERE status = 'pending'
+           AND (process_after IS NULL OR datetime(process_after) <= datetime('now'))
+         ORDER BY seq DESC
+         LIMIT ?`,
+      )
+      .all(getMaxMessagesPerPrompt()) as MessageInRow[];

-  if (pending.length === 0) return [];
+    if (pending.length === 0) return [];

-  // Filter out messages already acknowledged in outbound.db
-  const ackedIds = new Set(
-    (outbound.prepare('SELECT message_id FROM processing_ack').all() as Array<{ message_id: string }>).map(
-      (r) => r.message_id,
-    ),
-  );
+    // Filter out messages already acknowledged in outbound.db
+    const ackedIds = new Set(
+      (outbound.prepare('SELECT message_id FROM processing_ack').all() as Array<{ message_id: string }>).map(
+        (r) => r.message_id,
+      ),
+    );

-  // Reverse: we fetched DESC to take the most recent N, but the agent
-  // should see them in chronological order (oldest first).
-  return pending.filter((m) => !ackedIds.has(m.id)).reverse();
+    // Reverse: we fetched DESC to take the most recent N, but the agent
+    // should see them in chronological order (oldest first).
+    return pending.filter((m) => !ackedIds.has(m.id)).reverse();
+  } finally {
+    inbound.close();
+  }
 }

 /** Mark messages as processing — writes to processing_ack in outbound.db. */
@@ -112,7 +116,12 @@ export function markFailed(id: string): void {

 /** Get a message by ID (read from inbound.db). */
 export function getMessageIn(id: string): MessageInRow | undefined {
-  return getInboundDb().prepare('SELECT * FROM messages_in WHERE id = ?').get(id) as MessageInRow | undefined;
+  const inbound = openInboundDb();
+  try {
+    return inbound.prepare('SELECT * FROM messages_in WHERE id = ?').get(id) as MessageInRow | undefined;
+  } finally {
+    inbound.close();
+  }
 }

 /**
@@ -120,19 +129,23 @@ export function getMessageIn(id: string): MessageInRow | undefined {
 * Reads from inbound.db, checks processing_ack to skip already-handled responses.
 */
 export function findQuestionResponse(questionId: string): MessageInRow | undefined {
-  const inbound = getInboundDb();
+  const inbound = openInboundDb();
  const outbound = getOutboundDb();

-  const response = inbound
-    .prepare("SELECT * FROM messages_in WHERE status = 'pending' AND content LIKE ?")
-    .get(`%"questionId":"${questionId}"%`) as MessageInRow | undefined;
+  try {
+    const response = inbound
+      .prepare("SELECT * FROM messages_in WHERE status = 'pending' AND content LIKE ?")
+      .get(`%"questionId":"${questionId}"%`) as MessageInRow | undefined;

-  if (!response) return undefined;
+    if (!response) return undefined;

-  // Check it hasn't been acked already
-  const acked = outbound.prepare('SELECT 1 FROM processing_ack WHERE message_id = ?').get(response.id);
-  if (acked) return undefined;
+    // Check it hasn't been acked already
+    const acked = outbound.prepare('SELECT 1 FROM processing_ack WHERE message_id = ?').get(response.id);
+    if (acked) return undefined;

-  return response;
+    return response;
+  } finally {
+    inbound.close();
+  }
 }

@@ -66,6 +66,18 @@ export function isClearCommand(msg: MessageInRow): boolean {
  return text.toLowerCase().startsWith('/clear');
 }

+/**
+ * True for any chat that needs the outer loop's command path: /clear plus
+ * admin/passthrough slash commands the SDK can only dispatch when they are
+ * a query's first input. Used by the follow-up poller to bail out and let
+ * the outer loop reopen the query.
+ */
+export function isRunnerCommand(msg: MessageInRow): boolean {
+  if (msg.kind !== 'chat' && msg.kind !== 'chat-sdk') return false;
+  const cat = categorizeMessage(msg).category;
+  return cat === 'admin' || cat === 'passthrough';
+}
+
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 function extractSenderId(msg: MessageInRow, content: any): string | null {
  const raw: string | null = content?.senderId || content?.author?.userId || null;
@@ -89,6 +89,9 @@ export const scheduleTask: McpToolDefinition = {
        script,
        processAfter,
        recurrence,
+        platformId: r.platform_id,
+        channelType: r.channel_type,
+        threadId: r.thread_id,
      }),
    });

@@ -7,7 +7,7 @@ import {
  migrateLegacyContinuation,
  setContinuation,
 } from './db/session-state.js';
-import { formatMessages, extractRouting, categorizeMessage, isClearCommand, stripInternalTags, type RoutingContext } from './formatter.js';
+import { formatMessages, extractRouting, categorizeMessage, isClearCommand, isRunnerCommand, stripInternalTags, type RoutingContext } from './formatter.js';
 import type { AgentProvider, AgentQuery, ProviderEvent } from './providers/types.js';

 const POLL_INTERVAL_MS = 1000;
@@ -255,36 +255,90 @@ async function processQuery(
  let done = false;

  // Concurrent polling: push follow-ups into the active query as they arrive.
-  // We do NOT force-end the stream on silence — keeping the query open is
-  // strictly cheaper than close+reopen (no cold prompt cache, no reconnect).
+  // We do NOT force-end the stream on silence — keeping the query open avoids
+  // re-spawning the SDK subprocess (~few seconds) and re-loading the .jsonl
+  // transcript on every turn. The Anthropic prompt cache is server-side with
+  // a 5-min TTL keyed on prefix hash, so stream lifecycle does NOT affect
+  // cache lifetime — close+reopen within 5 min still gets cache hits.
  // Stream liveness is decided host-side via the heartbeat file + processing
  // claim age (see src/host-sweep.ts); if something is truly stuck, the host
  // will kill the container and messages get reset to pending.
+  let pollInFlight = false;
+  let endedForCommand = false;
  const pollHandle = setInterval(() => {
-    if (done) return;
+    if (done || pollInFlight || endedForCommand) return;
+    pollInFlight = true;

-    // Skip system messages (MCP tool responses) and /clear (needs fresh query).
-    // Thread routing is the router's concern — if a message landed in this
-    // session, the agent should see it. Per-thread sessions already isolate
-    // threads into separate containers; shared sessions intentionally merge
-    // everything. Filtering on thread_id here caused deadlocks when the
-    // initial batch and follow-ups had mismatched thread_ids (e.g. a
-    // host-generated welcome trigger with null thread vs a Discord DM reply).
-    const newMessages = getPendingMessages().filter((m) => {
-      if (m.kind === 'system') return false;
-      if ((m.kind === 'chat' || m.kind === 'chat-sdk') && isClearCommand(m)) return false;
-      return true;
-    });
-    if (newMessages.length > 0) {
-      const newIds = newMessages.map((m) => m.id);
-      markProcessing(newIds);
+    void (async () => {
+      try {
+        const pending = getPendingMessages();

-      const prompt = formatMessages(newMessages);
-      log(`Pushing ${newMessages.length} follow-up message(s) into active query`);
-      query.push(prompt);
+        // Slash commands need a fresh query: /clear resets the SDK's
+        // resume id (fixed at sdkQuery() time); admin/passthrough commands
+        // (/compact, /cost, …) only dispatch when they're the first input
+        // of a query — pushed mid-stream they arrive as plain text and
+        // the SDK never runs them. End the stream and leave the rows
+        // pending; the outer loop handles them on next iteration via the
+        // canonical command path + formatMessagesWithCommands.
+        if (pending.some((m) => isRunnerCommand(m))) {
+          log('Pending slash command — ending stream so outer loop can process');
+          endedForCommand = true;
+          query.end();
+          return;
+        }

-      markCompleted(newIds);
-    }
+        // Skip system messages (MCP tool responses).
+        // Thread routing is the router's concern — if a message landed in this
+        // session, the agent should see it. Per-thread sessions already isolate
+        // threads into separate containers; shared sessions intentionally merge
+        // everything. Filtering on thread_id here caused deadlocks when the
+        // initial batch and follow-ups had mismatched thread_ids (e.g. a
+        // host-generated welcome trigger with null thread vs a Discord DM reply).
+        const newMessages = pending.filter((m) => m.kind !== 'system');
+        if (newMessages.length === 0) return;
+
+        const newIds = newMessages.map((m) => m.id);
+        markProcessing(newIds);
+
+        // Run pre-task scripts on follow-ups too — without this, a task that
+        // arrives during an active query (e.g. a */10 monitoring cron) bypasses
+        // its script gate and always wakes the agent, defeating the gate.
+        // Mirrors the initial-batch hook above.
+        let keep = newMessages;
+        let skipped: string[] = [];
+        // MODULE-HOOK:scheduling-pre-task-followup:start
+        const { applyPreTaskScripts } = await import('./scheduling/task-script.js');
+        const preTask = await applyPreTaskScripts(newMessages);
+        keep = preTask.keep;
+        skipped = preTask.skipped;
+        if (skipped.length > 0) {
+          markCompleted(skipped);
+          log(`Pre-task script skipped ${skipped.length} follow-up task(s): ${skipped.join(', ')}`);
+        }
+        // MODULE-HOOK:scheduling-pre-task-followup:end
+
+        if (keep.length === 0) return;
+        // Re-check done — the outer query may have finished while the script
+        // was awaited. Pushing into a closed stream is wasted work; the
+        // claimed messages get released by the host's processing-claim sweep.
+        if (done) return;
+
+        const keptIds = keep.map((m) => m.id);
+        const prompt = formatMessages(keep);
+        log(`Pushing ${keep.length} follow-up message(s) into active query`);
+        query.push(prompt);
+        markCompleted(keptIds);
+      } catch (err) {
+        // Without this catch the rejection escapes the void IIFE and Node
+        // terminates the container on unhandled-rejection. The initial-batch
+        // path is wrapped by processQuery's outer try/catch; the follow-up
+        // path is not, so it needs its own.
+        const errMsg = err instanceof Error ? err.message : String(err);
+        log(`Follow-up poll error: ${errMsg}`);
+      } finally {
+        pollInFlight = false;
+      }
+    })();
  }, ACTIVE_POLL_INTERVAL_MS);

  try {
@@ -34,7 +34,11 @@ const SDK_DISALLOWED_TOOLS = [
  'ExitWorktree',
 ];

-// Tool allowlist for NanoClaw agent containers
+// Tool allowlist for NanoClaw agent containers. MCP-tool entries are derived
+// at the call site from the registered `mcpServers` map so that any server
+// added via `add_mcp_server` (or wired in container.json directly) is
+// reachable to the agent — without this, the SDK's allowedTools filter
+// silently drops every MCP namespace not listed here.
 const TOOL_ALLOWLIST = [
  'Bash',
  'Read',
@@ -54,9 +58,15 @@ const TOOL_ALLOWLIST = [
  'ToolSearch',
  'Skill',
  'NotebookEdit',
-  'mcp__nanoclaw__*',
 ];

+// MCP server names are sanitized by the SDK when forming tool prefixes:
+// any character outside [A-Za-z0-9_-] becomes '_'. Mirror that here so our
+// allowlist patterns match what the SDK actually exposes.
+function mcpAllowPattern(serverName: string): string {
+  return `mcp__${serverName.replace(/[^a-zA-Z0-9_-]/g, '_')}__*`;
+}
+
 interface SDKUserMessage {
  type: 'user';
  message: { role: 'user'; content: string };
@@ -226,8 +236,12 @@ function createPreCompactHook(assistantName?: string): HookCallback {
 /**
 * Claude Code auto-compacts context at this window (tokens). Kept here so
 * the generic bootstrap doesn't need to know about Claude-specific env vars.
+ *
+ * Operator override: set CLAUDE_CODE_AUTO_COMPACT_WINDOW in the host env to
+ * raise or lower the threshold without editing source — useful when running
+ * with a 1M-context model variant or when emergency-tuning a deployment.
 */
-const CLAUDE_CODE_AUTO_COMPACT_WINDOW = '165000';
+const CLAUDE_CODE_AUTO_COMPACT_WINDOW = process.env.CLAUDE_CODE_AUTO_COMPACT_WINDOW || '165000';

 /**
 * Stale-session detection. Matches Claude Code's error text when a
@@ -273,7 +287,10 @@ export class ClaudeProvider implements AgentProvider {
        resume: input.continuation,
        pathToClaudeCodeExecutable: '/pnpm/claude',
        systemPrompt: instructions ? { type: 'preset' as const, preset: 'claude_code' as const, append: instructions } : undefined,
-        allowedTools: TOOL_ALLOWLIST,
+        allowedTools: [
+          ...TOOL_ALLOWLIST,
+          ...Object.keys(this.mcpServers).map(mcpAllowPattern),
+        ],
        disallowedTools: SDK_DISALLOWED_TOOLS,
        env: this.env,
        permissionMode: 'bypassPermissions',
@@ -0,0 +1,139 @@
+# v1 → v2 Migration — Development Guide
+
+How to test, develop, and debug the migration flow.
+
+## Quick start
+
+```bash
+# Full cycle: reset → migrate → Claude finishes
+bash migrate-v2-reset.sh && bash migrate-v2.sh
+```
+
+## Architecture
+
+Two-part migration:
+
+1. **`migrate-v2.sh`** — deterministic bash script. Handles prerequisites, DB seeding, file copies, channel install, container build, service switchover. Writes `logs/setup-migration/handoff.json` then `exec`s into Claude.
+
+2. **`/migrate-from-v1` skill** — Claude-driven. Reads the handoff, seeds owner/roles, cleans up CLAUDE.local.md, validates container configs, ports fork customizations.
+
+## File layout
+
+```
+migrate-v2.sh                        # Entry point
+migrate-v2-reset.sh                  # Wipe v2 state for re-testing
+setup/migrate-v2/
+  env.ts                             # Phase 1a: merge .env
+  db.ts                              # Phase 1b: seed v2 DB
+  groups.ts                          # Phase 1c: copy group folders + container.json
+  sessions.ts                        # Phase 1d: copy sessions + set continuation
+  tasks.ts                           # Phase 1e: port scheduled tasks
+  channel-auth.ts                    # Phase 2b: copy channel auth state
+  select-channels.ts                 # Phase 2a: clack multiselect
+  switchover-prompt.ts               # Service switch prompts
+setup/migrate-v2/shared.ts           # Shared helpers (JID parsing, trigger mapping, etc.)
+.claude/skills/migrate-from-v1/      # The Claude skill
+logs/setup-migration/handoff.json    # Written by migrate-v2.sh, read by skill
+logs/migrate-steps/*.log             # Per-step raw output
+```
+
+## Development loop
+
+```bash
+# Reset v2 to clean state (keeps node_modules)
+bash migrate-v2-reset.sh
+
+# Run migration with non-interactive channel selection
+NANOCLAW_CHANNELS="telegram" bash migrate-v2.sh
+
+# Or run interactively (clack multiselect)
+bash migrate-v2.sh
+```
+
+`migrate-v2-reset.sh` wipes: `data/`, `logs/`, `.env`, `groups/` (restores git-tracked), `container/skills/` (restores git-tracked), `src/channels/` (restores git-tracked).
+
+It does NOT wipe `node_modules/` (expensive to reinstall).
+
+## Testing individual steps
+
+Each step is a standalone TypeScript file:
+
+```bash
+# Run a single step (after pnpm install)
+pnpm exec tsx setup/migrate-v2/env.ts /path/to/v1
+pnpm exec tsx setup/migrate-v2/db.ts /path/to/v1
+pnpm exec tsx setup/migrate-v2/groups.ts /path/to/v1
+pnpm exec tsx setup/migrate-v2/sessions.ts /path/to/v1
+pnpm exec tsx setup/migrate-v2/tasks.ts /path/to/v1
+pnpm exec tsx setup/migrate-v2/channel-auth.ts /path/to/v1 telegram discord
+```
+
+Each prints `OK:<details>`, `SKIPPED:<reason>`, or errors to stdout. Exit 0 on success/skip, non-zero on failure.
+
+## Debugging
+
+### Check what was migrated
+
+```bash
+# Agent groups
+sqlite3 data/v2.db "SELECT * FROM agent_groups"
+
+# Messaging groups + wiring
+sqlite3 data/v2.db "SELECT mg.id, mg.channel_type, mg.platform_id, mg.unknown_sender_policy, mga.engage_mode, mga.engage_pattern FROM messaging_groups mg JOIN messaging_group_agents mga ON mga.messaging_group_id = mg.id"
+
+# Sessions
+sqlite3 data/v2.db "SELECT * FROM sessions"
+
+# Users and roles
+sqlite3 data/v2.db "SELECT * FROM users"
+sqlite3 data/v2.db "SELECT * FROM user_roles"
+
+# Session continuation (which Claude Code session will be resumed)
+AG_ID=$(sqlite3 data/v2.db "SELECT id FROM agent_groups LIMIT 1")
+SESS_ID=$(sqlite3 data/v2.db "SELECT id FROM sessions LIMIT 1")
+sqlite3 data/v2-sessions/$AG_ID/$SESS_ID/outbound.db "SELECT * FROM session_state"
+
+# Scheduled tasks
+sqlite3 data/v2-sessions/$AG_ID/$SESS_ID/inbound.db "SELECT id, kind, recurrence, status FROM messages_in WHERE kind='task'"
+```
+
+### Check handoff
+
+```bash
+python3 -m json.tool logs/setup-migration/handoff.json
+```
+
+### Common issues
+
+**Bot doesn't respond after switchover:**
+1. Check both services aren't running: `systemctl --user list-units 'nanoclaw*'`
+2. Check error log: `tail logs/nanoclaw.error.log`
+3. Check sender policy: `sqlite3 data/v2.db "SELECT unknown_sender_policy FROM messaging_groups"` — must be `public` before owner is seeded
+4. Check engage pattern: `sqlite3 data/v2.db "SELECT engage_mode, engage_pattern FROM messaging_group_agents"` — should be `pattern` / `.` for respond-to-everything
+
+**Session not continuing from v1:**
+1. Check continuation is set: see "Session continuation" query above
+2. Check JSONL exists at the right path: `ls data/v2-sessions/<ag_id>/.claude-shared/projects/-workspace-agent/`
+3. The v1 session JSONL should be copied from `-workspace-group/` to `-workspace-agent/` (v2 container CWD is `/workspace/agent`)
+
+**Service switchover revert didn't work:**
+1. The v2 service name is `nanoclaw-v2-<hash>` — find it: `systemctl --user list-units 'nanoclaw*'`
+2. Manually stop: `systemctl --user stop <unit> && systemctl --user disable <unit>`
+3. Restart v1: `systemctl --user start nanoclaw`
+
+### Step logs
+
+Each step writes raw output to `logs/migrate-steps/<step>.log`. Read these when a step fails:
+
+```bash
+cat logs/migrate-steps/1b-db.log
+cat logs/migrate-steps/1d-sessions.log
+```
+
+## Key decisions
+
+- `unknown_sender_policy` is set to `public` during migration so the bot responds immediately. The `/migrate-from-v1` skill tightens it after seeding the owner.
+- `requires_trigger=0` in v1 takes priority over a non-empty `trigger_pattern` — it means "respond to everything."
+- v1 `container_config.additionalMounts` is written directly to v2 `container.json` (same shape).
+- v1 Claude Code sessions are copied from `-workspace-group/` to `-workspace-agent/` and the session ID is written to `outbound.db` as `continuation:claude` so the agent-runner resumes the same conversation.
+- `exec claude "/migrate-from-v1"` at the end replaces the bash process — `write_handoff` is called explicitly before `exec` since EXIT traps don't fire on `exec`.
@@ -0,0 +1,172 @@
+# NanoClaw v1 → v2 — what changed
+
+Big-picture differences between NanoClaw v1 (the `~/nanoclaw` checkout you've been running) and v2 (this rewrite). Not a migration guide — that's what `bash migrate-v2.sh` and the `/migrate-from-v1` skill are for. This doc is the **vocabulary**: when something has moved or been renamed, find it here.
+
+Read this before touching the migration code or porting customizations forward.
+
+---
+
+## One-line summary
+
+v1 was one Node process with one SQLite file and native channel adapters. v2 is a host that spawns per-session Docker containers, splits state across a central DB + per-session DB pair, routes through an explicit entity model, and installs channels as skills from a sibling branch.
+
+---
+
+## Entity model — the biggest shift
+
+**v1:** one flat table `registered_groups(jid, name, folder, trigger_pattern, requires_trigger, is_main, channel_name)`. A group folder is the unit of agent identity. A chat (JID) is wired to exactly one folder, and `trigger_pattern` is an opaque regex the router applies to every incoming message.
+
+**v2:** three tables, with a deliberate many-to-many in the middle:
+
+```
+agent_groups  ─┐
+               ├─ messaging_group_agents ─┬─ messaging_groups
+               │   (engage_mode,          │   (channel_type,
+               │    engage_pattern,       │    platform_id,
+               │    sender_scope,         │    unknown_sender_policy)
+               │    ignored_message_policy,
+               │    session_mode, priority)
+```
+
+Consequences:
+
+- **One agent can answer on many chats, and one chat can fan out to many agents.** v1 couldn't do either.
+- **No `is_main` flag.** Privilege is now explicit via `user_roles` (owner/admin, global or scoped). See below.
+- **No `trigger_pattern` regex.** Replaced with four orthogonal columns. Mapping rule used by the automated migration and by the `/migrate-from-v1` skill:
+  - v1 `trigger_pattern` non-empty → v2 `engage_mode='pattern'`, `engage_pattern = <the regex>`
+  - v1 `requires_trigger=0` or pattern was `.`/`.*` → v2 `engage_mode='pattern'`, `engage_pattern='.'` (the "always" flavor)
+  - no pattern and requires a trigger → v2 `engage_mode='mention'`
+  - `sender_scope` and `ignored_message_policy` are new; defaults `all` / `drop`
+- **JID decomposition.** v1's `jid` column stored `dc:12345` / `tg:67890`. v2 splits this into `channel_type` + `platform_id`. Concretely: `dc:12345` becomes `channel_type='discord'`, `platform_id='discord:12345'`. Prefix aliases (`dc` → `discord`, `tg` → `telegram`, `wa` → `whatsapp`) are in `setup/migrate-v2/shared.ts`.
+- **`channel_name` was unreliable in v1.** Many rows had it empty; the actual channel had to be guessed from the JID prefix. v2's `channel_type` is always explicit.
+
+---
+
+## Central DB vs session DBs
+
+**v1:** one SQLite file at `store/messages.db`. Every chat, message, registered group, scheduled task, and session lived there. Host and any agent processes all opened the same file.
+
+**v2:** three DB shapes.
+
+1. `data/v2.db` — **central**. Everything that isn't per-session: users, roles, agent groups, messaging groups, wirings, pending approvals, user DMs, schema migrations.
+2. `data/v2-sessions/<session_id>/inbound.db` — **host writes, container reads**. `messages_in`, routing, destinations, pending questions, processing_ack. This is where scheduled tasks live (see "Scheduling" below).
+3. `data/v2-sessions/<session_id>/outbound.db` — **container writes, host reads**. `messages_out`, session_state.
+
+Exactly one writer per file. No cross-mount lock contention. Heartbeat is a file touch at `/workspace/.heartbeat`, not a DB update. Host uses even `seq` numbers, container uses odd.
+
+Message history (v1 `messages` table, v1 `chats` table) is **not migrated**. The migration copies operationally important state forward (agents, channels, wirings, scheduled tasks, group folders) and leaves chat logs behind.
+
+---
+
+## Scheduling
+
+**v1:** dedicated `scheduled_tasks` table in `store/messages.db` with its own columns (`schedule_type`, `schedule_value`, `next_run`, `last_run`, `context_mode`, `script`, `status`). A separate cron-ish scheduler process read from it.
+
+**v2:** scheduled tasks are **`messages_in` rows with `kind='task'`** in a session's `inbound.db`. Relevant columns:
+- `process_after` (ISO8601) — host sweep wakes the container when `datetime(process_after) <= datetime('now')`
+- `recurrence` — cron string; `NULL` = one-shot
+- `series_id` — groups recurring occurrences; set to the task id on first insert
+- `status` — `pending` | `processing` | `completed` | `failed` | `paused`
+
+The public API is `insertTask()` in `src/modules/scheduling/db.ts`. Recurrence is computed in the user's TZ via `cron-parser` (see `src/modules/scheduling/recurrence.ts`). The migration maps v1's `schedule_type`+`schedule_value` pair into a single cron string before calling `insertTask()`.
+
+Tasks can exist before a session is awake — the host sweep creates/wakes the container on the first due tick.
+
+---
+
+## Credentials
+
+**v1:** `.env` — plain environment variables. `DISCORD_BOT_TOKEN`, `ANTHROPIC_API_KEY`, etc. The host read them directly and passed them in to any code that needed them.
+
+**v2:** OneCLI Agent Vault. A separate local service at `http://127.0.0.1:10254` holds secrets. Agents are *scoped* to specific secrets and the vault injects them into approved API requests as they leave the container. The container never sees the raw secret value.
+
+Gotcha: auto-created agents default to `selective` secret mode — no secrets attached, even if matching secrets exist in the vault. See the "auto-created agents start in selective secret mode" section of the root CLAUDE.md for the fix (`onecli agents set-secret-mode --mode all`).
+
+**What the automated migration does:** copies every v1 `.env` key verbatim into v2 `.env`, never overwriting existing v2 keys. The OneCLI vault migration is a separate step owned by the `/init-onecli` skill, which knows how to pull from `.env`.
+
+---
+
+## Channel adapters
+
+**v1:** native adapters (e.g. `discord.js` used directly) imported in `src/channels/`. Installing a channel meant editing code, adding a dependency, and setting env vars.
+
+**v2:** channel adapters live on a sibling `channels` branch. Each `/add-<channel>` skill:
+1. `git fetch origin channels`
+2. `git show channels:src/channels/<name>.ts > src/channels/<name>.ts`
+3. Appends `import './<name>.js';` to `src/channels/index.ts`
+4. `pnpm install @chat-adapter/<name>@<pinned>`
+5. `pnpm run build`
+
+Idempotent — re-running is a no-op. Pinned versions keep the supply chain honest. The automated migration detects which channels were wired in v1 (via distinct `channel_name` / JID prefix) and runs the matching `setup/install-<channel>.sh` for each. Channels in v1 that don't have a v2 skill (rare now, more common as v2 catches up) are recorded in the handoff file for the `/migrate-from-v1` skill to raise with the user.
+
+**Channel auth beyond `.env`.** Some channels store session state on disk (Baileys WhatsApp keystore, Matrix sync state, iMessage tokens). The `channel-auth` step has a per-channel registry (`setup/migrate-v2/shared.ts: CHANNEL_AUTH_REGISTRY`) that knows which file globs to copy alongside env keys.
+
+---
+
+## Privilege — from implicit to explicit
+
+**v1:** `registered_groups.is_main = 1` flagged one group as the privileged one. No `users` table. Permissions were conventions, not enforced.
+
+**v2:** explicit tables.
+- `users(id = "<channel_type>:<handle>", kind, display_name)` — one row per messaging-platform identifier
+- `user_roles(user_id, role ∈ {owner, admin}, agent_group_id nullable, granted_by, granted_at)` — owner is always global; admin can be global or scoped
+- `agent_group_members(user_id, agent_group_id, ...)` — "known" membership for the `sender_scope='known'` gate
+
+Owner gets seeded during the `/migrate-from-v1` skill's interview phase ("Which handle is you?"). The automated migration doesn't guess — v1 has no source of truth for it.
+
+**Default access — "anyone can talk to the bot" vs "only known users".** v1 stored this implicitly (via trigger regex + `is_main`). v2 exposes it as `messaging_groups.unknown_sender_policy ∈ {'strict', 'request_approval', 'public'}`. The skill asks the user which mode v1 ran in and flips the migrated messaging groups accordingly.
+
+---
+
+## Group folders on disk
+
+**v1:** `groups/<folder>/CLAUDE.md` and optional `logs/`. `CLAUDE.md` was a plain instruction file, group-specific.
+
+**v2:** each group still lives at `groups/<folder>/`, but the shape is richer:
+- `CLAUDE.md` — **composed at container spawn** from `.claude-shared.md` (symlink to global) + `.claude-fragments/*.md` (module fragments) + `CLAUDE.local.md`. **Don't edit `CLAUDE.md` directly.**
+- `CLAUDE.local.md` — per-group content. The migration writes v1's old `CLAUDE.md` here.
+- `container.json` — optional per-group container config (apt deps, env, mounts). v1's `registered_groups.container_config` JSON is close but not identical — the migration stores the v1 payload at `groups/<folder>/.v1-container-config.json` for the skill to reconcile, rather than silently mapping it.
+- `.claude-fragments/` and `.claude-shared.md` are installed by `initGroupFilesystem()` the first time the host touches the group, so the migration only has to write `CLAUDE.local.md` and leave the scaffolding to the host.
+
+---
+
+## Host process vs containers
+
+**v1:** single Node process. The "agent" was the same process as the router.
+
+**v2:** Node host at top, Bun-runtime Docker container per session. They communicate only via the two session DBs. No shared modules, no IPC, no stdin piping. If you wrote custom code that reached from the agent into host internals (or vice versa), that surface no longer exists — porting it is a `/migrate-from-v1` skill topic, not a mechanical copy.
+
+Lockfiles: host uses `pnpm-lock.yaml`, agent-runner uses `bun.lock`. `minimumReleaseAge: 4320` on the host side (3-day supply-chain wait); agent-runner has no release-age gate.
+
+---
+
+## Self-modification and MCP tools
+
+**v1:** if you added MCP servers or self-modification plumbing, it was usually direct edits to the long-running process.
+
+**v2:**
+- MCP servers register through `container/agent-runner/src/mcp-tools/*.ts` and load per-session. There's also `install_packages` and `add_mcp_server` self-mod tools that go through an admin-approval flow (`src/modules/self-mod/apply.ts`) before rebuilding the container image.
+- Custom MCP tools you wrote in v1 map cleanly to the v2 tool registry, but the import paths, runtime (Bun vs Node), and SQL helper differences (`bun:sqlite` uses `$name`-prefixed params) may need adjustment. The skill walks through this.
+
+---
+
+## Things that are gone or don't map
+
+- **`scheduled_tasks` as a separate table** — moved into session `inbound.db` under `kind='task'`. Migration ports active rows; inactive/completed are exported to `logs/setup-migration/inactive-tasks.json` for reference.
+- **`messages` / `chats` tables (chat history)** — not migrated. Stay in the v1 checkout if you need them.
+- **`router_state` (key/value)** — not migrated. v2 state lives in the explicit tables above.
+- **`sessions` (v1 group→session_id)** — v1 sessions don't map; v2 sessions are keyed by `(agent_group_id, messaging_group_id, thread_id)` and are created on demand.
+- **Raw access to the old `store/messages.db`** — the v1 DB is left in place and untouched. If migration goes wrong you can re-run it (the migration sub-steps are idempotent for agents/channels/wirings; folders use rsync semantics).
+
+---
+
+## Migration surface — where the code lives
+
+- `migrate-v2.sh` — entry point: `bash migrate-v2.sh` from the v2 checkout.
+- `setup/migrate-v2/*.ts` — individual migration steps (env, db, groups, sessions, tasks, channel-auth, select-channels, switchover-prompt).
+- `setup/migrate-v2/shared.ts` — JID parsing, trigger mapping, channel auth registry.
+- `logs/setup-migration/handoff.json` — written by `migrate-v2.sh`, read by the `/migrate-from-v1` skill.
+- `logs/migrate-steps/*.log` — raw per-step stdout.
+- `.claude/skills/migrate-from-v1/SKILL.md` — Claude skill for owner seeding, CLAUDE.md cleanup, container config validation, fork porting.
+- `migrate-v2-reset.sh` — development helper to wipe v2 state for re-testing.
+- See [docs/migration-dev.md](migration-dev.md) for the full development guide.
@@ -0,0 +1,98 @@
+#!/usr/bin/env bash
+#
+# migrate-v2-reset.sh — Wipe v2 migration state back to clean.
+#
+# For development iteration:
+#   bash migrate-v2-reset.sh && bash migrate-v2.sh
+#
+# What it removes:
+#   - data/                (v2 DBs, session state)
+#   - logs/                (migration + setup logs)
+#   - .env                 (merged env keys)
+#   - groups/*/            (non-git group folders copied from v1)
+#   - container/skills/*/  (untracked skill dirs copied from v1)
+#   - src/channels/*.ts    (untracked adapters copied from channels branch)
+#   - setup/groups.ts      (untracked, copied by channel install scripts)
+#
+# What it restores from git:
+#   - groups/                       (CLAUDE.md files etc.)
+#   - container/skills/             (tracked container skills)
+#   - src/channels/                 (tracked bridge / registry code)
+#   - setup/whatsapp-auth.ts        (channel installs may overwrite)
+#   - setup/pair-telegram.ts        (channel installs may overwrite)
+#   - setup/index.ts                (channel installs append entries)
+#   - package.json + pnpm-lock.yaml (channel installs add deps)
+#
+# What it does NOT touch:
+#   - node_modules/             (expensive to reinstall, kept on purpose)
+#   - setup/migrate-v2/*        (the migration scripts themselves, plus user WIP)
+#   - The v1 install            (read-only, never modified)
+
+set -euo pipefail
+
+PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "$PROJECT_ROOT"
+
+use_ansi() { [ -t 1 ] && [ -z "${NO_COLOR:-}" ]; }
+dim()   { use_ansi && printf '\033[2m%s\033[0m' "$1" || printf '%s' "$1"; }
+green() { use_ansi && printf '\033[32m%s\033[0m' "$1" || printf '%s' "$1"; }
+
+clean() {
+  local target=$1 label=$2
+  if [ -e "$target" ]; then
+    rm -rf "$target"
+    printf '%s  Removed %s\n' "$(green '✓')" "$label"
+  fi
+}
+
+echo
+printf '%s\n\n' "$(dim 'Resetting v2 migration state…')"
+
+clean "data"  "data/"
+clean "logs"  "logs/"
+clean ".env"  ".env"
+
+# Remove all group folders, then restore the two git-tracked ones
+if [ -d "groups" ]; then
+  rm -rf groups
+  printf '%s  Removed %s\n' "$(green '✓')" "groups/"
+fi
+git checkout -- groups/ 2>/dev/null || true
+printf '%s  Restored %s\n' "$(green '✓')" "groups/ from git"
+
+# Restore container/skills/ to git state (remove v1-copied skills)
+git checkout -- container/skills/ 2>/dev/null || true
+# Remove any untracked skill dirs that were copied from v1
+for d in container/skills/*/; do
+  [ -d "$d" ] || continue
+  if ! git ls-files --error-unmatch "$d" >/dev/null 2>&1; then
+    rm -rf "$d"
+  fi
+done
+printf '%s  Restored %s\n' "$(green '✓')" "container/skills/ from git"
+
+# Restore channel code (src/channels/) to git state
+git checkout -- src/channels/ 2>/dev/null || true
+# Remove any untracked channel adapters copied in by install-*.sh
+for f in src/channels/*.ts; do
+  [ -f "$f" ] || continue
+  if ! git ls-files --error-unmatch "$f" >/dev/null 2>&1; then
+    rm -f "$f"
+  fi
+done
+printf '%s  Restored %s\n' "$(green '✓')" "src/channels/ from git"
+
+# Restore tracked setup helpers that channel installs overwrite, and
+# remove the untracked ones they create. Don't blanket-clean setup/
+# because user WIP (setup/migrate-v2/*) lives there too.
+git checkout -- setup/whatsapp-auth.ts setup/pair-telegram.ts setup/index.ts 2>/dev/null || true
+rm -f setup/groups.ts
+printf '%s  Restored %s\n' "$(green '✓')" "setup/ install helpers"
+
+# Restore package.json + lockfile (channel installs add deps like
+# @whiskeysockets/baileys). node_modules/ is intentionally kept.
+git checkout -- package.json pnpm-lock.yaml 2>/dev/null || true
+printf '%s  Restored %s\n' "$(green '✓')" "package.json + pnpm-lock.yaml"
+
+echo
+printf '%s\n\n' "$(dim 'Clean. Run: bash migrate-v2.sh')"
@@ -0,0 +1,742 @@
+#!/usr/bin/env bash
+#
+# migrate-v2.sh — Migrate a NanoClaw v1 install into this v2 checkout.
+#
+# Run from the v2 directory:
+#   bash migrate-v2.sh
+#
+# If you're in Claude Code, exit first or open a separate terminal.
+#
+# Finds v1 automatically (sibling directory, or $NANOCLAW_V1_PATH).
+# Installs prerequisites (Node, pnpm, deps) via the existing setup.sh
+# bootstrap, then runs the migration steps.
+#
+# Idempotent — safe to re-run. Use migrate-v2-reset.sh to wipe v2 state
+# back to clean for development iteration.
+
+set -uo pipefail
+
+PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "$PROJECT_ROOT"
+
+# This script has interactive prompts (channel selection, service switchover)
+# and streams progress output — it must run in a real terminal, not inside
+# a tool subprocess (e.g. Claude Code's Bash tool, which collapses output).
+if ! [ -t 0 ] || ! [ -t 1 ]; then
+  echo "This script requires an interactive terminal."
+  echo ""
+  echo "If you're in Claude Code, exit first or open a separate terminal,"
+  echo "then run:"
+  echo "  bash migrate-v2.sh"
+  echo ""
+  exit 1
+fi
+
+LOGS_DIR="$PROJECT_ROOT/logs"
+STEPS_DIR="$LOGS_DIR/migrate-steps"
+MIGRATE_LOG="$LOGS_DIR/migrate-v2.log"
+
+# Defaults for variables that may not be set if we exit early
+V1_PATH=""
+V1_VERSION="unknown"
+ONECLI_OK=false
+SERVICE_SWITCHED=false
+SELECTED_CHANNELS=()
+ABORTED_AT=""
+
+# Per-step status tracking. Parallel indexed arrays so this works on
+# bash 3.2 (macOS default) which has no associative arrays.
+STEP_NAMES=()
+STEP_STATUSES=()
+
+record_step() {
+  STEP_NAMES+=("$1")
+  STEP_STATUSES+=("$2")
+}
+
+# Write handoff.json on any exit so the skill can always read it
+write_handoff() {
+  local handoff_dir="$LOGS_DIR/setup-migration"
+  mkdir -p "$handoff_dir"
+
+  local has_failures=false
+  local i
+  for ((i=0; i<${#STEP_NAMES[@]}; i++)); do
+    [ "${STEP_STATUSES[$i]}" = "failed" ] && has_failures=true
+  done
+
+  local overall="success"
+  $has_failures && overall="partial"
+  [ -n "$ABORTED_AT" ] && overall="failed"
+
+  local steps_json="{"
+  for ((i=0; i<${#STEP_NAMES[@]}; i++)); do
+    local n="${STEP_NAMES[$i]}"
+    local s="${STEP_STATUSES[$i]}"
+    steps_json="${steps_json}\"${n}\": {\"status\": \"${s}\", \"log\": \"logs/migrate-steps/${n}.log\"},"
+  done
+  steps_json="${steps_json%,}}"
+
+  cat > "$handoff_dir/handoff.json" <<HANDOFF_EOF
+{
+  "version": 1,
+  "started_at": "$(ts_utc)",
+  "v1_path": "$V1_PATH",
+  "v1_version": "$V1_VERSION",
+  "overall_status": "$overall",
+  "aborted_at": "$ABORTED_AT",
+  "source": "migrate-v2.sh",
+  "channels_installed": [$(printf '"%s",' "${SELECTED_CHANNELS[@]}" 2>/dev/null | sed 's/,$//')],
+  "onecli_healthy": $ONECLI_OK,
+  "service_switched": $SERVICE_SWITCHED,
+  "steps": $steps_json,
+  "step_logs_dir": "logs/migrate-steps",
+  "followups": [
+    "Seed owner user and access policy",
+    "Review CLAUDE.local.md files for v1-specific patterns",
+    "Verify container.json mount paths are valid"
+  ]
+}
+HANDOFF_EOF
+}
+
+trap write_handoff EXIT
+
+abort() {
+  ABORTED_AT="$1"
+  log "ABORTED at $1"
+  exit 1
+}
+
+# ─── output helpers ──────────────────────────────────────────────────────
+
+use_ansi() { [ -t 1 ] && [ -z "${NO_COLOR:-}" ]; }
+dim()      { use_ansi && printf '\033[2m%s\033[0m' "$1" || printf '%s' "$1"; }
+green()    { use_ansi && printf '\033[32m%s\033[0m' "$1" || printf '%s' "$1"; }
+red()      { use_ansi && printf '\033[31m%s\033[0m' "$1" || printf '%s' "$1"; }
+bold()     { use_ansi && printf '\033[1m%s\033[0m' "$1" || printf '%s' "$1"; }
+clear_line() { use_ansi && printf '\r\033[2K' || printf '\n'; }
+
+step_ok()   { printf '%s  %s\n' "$(green '✓')" "$1"; }
+step_fail() { printf '%s  %s\n' "$(red '✗')"   "$1"; }
+step_skip() { printf '%s  %s\n' "$(dim '–')"   "$1"; }
+step_info() { printf '%s  %s\n' "$(dim '·')"   "$1"; }
+
+ts_utc() { date -u +%Y-%m-%dT%H:%M:%SZ; }
+
+log() {
+  echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" >> "$MIGRATE_LOG"
+}
+
+# ─── init logs ───────────────────────────────────────────────────────────
+
+mkdir -p "$STEPS_DIR"
+{
+  echo "## $(ts_utc) · migrate-v2.sh started"
+  echo "  cwd: $PROJECT_ROOT"
+  echo ""
+} > "$MIGRATE_LOG"
+
+echo
+bold "NanoClaw v1 → v2 migration"
+echo
+echo
+
+# ─── phase 0a: bootstrap prerequisites ──────────────────────────────────
+
+step_info "Installing prerequisites (Node, pnpm, dependencies)…"
+
+BOOTSTRAP_RAW="$STEPS_DIR/01-bootstrap.log"
+export NANOCLAW_BOOTSTRAP_LOG="$BOOTSTRAP_RAW"
+
+if bash "$PROJECT_ROOT/setup.sh" > "$BOOTSTRAP_RAW" 2>&1; then
+  # Parse the status block from setup.sh output
+  STATUS=$(grep '^STATUS:' "$BOOTSTRAP_RAW" | head -1 | sed 's/^STATUS: *//')
+  NODE_VERSION=$(grep '^NODE_VERSION:' "$BOOTSTRAP_RAW" | head -1 | sed 's/^NODE_VERSION: *//')
+
+  if [ "$STATUS" = "success" ]; then
+    step_ok "Prerequisites ready $(dim "(node $NODE_VERSION)")"
+    log "Bootstrap succeeded: node=$NODE_VERSION"
+  else
+    step_fail "Bootstrap reported: $STATUS"
+    echo
+    dim "  See: $BOOTSTRAP_RAW"
+    echo
+    abort "bootstrap"
+  fi
+else
+  step_fail "Bootstrap failed"
+  echo
+  echo "$(dim '── last 20 lines ──')"
+  tail -20 "$BOOTSTRAP_RAW" 2>/dev/null || true
+  echo
+  dim "  Full log: $BOOTSTRAP_RAW"
+  echo
+  abort "bootstrap"
+fi
+
+# setup.sh may have installed pnpm to a prefix not on our PATH — replay
+# the same lookup nanoclaw.sh does.
+if ! command -v pnpm >/dev/null 2>&1 && command -v npm >/dev/null 2>&1; then
+  NPM_PREFIX="$(npm config get prefix 2>/dev/null)"
+  if [ -n "$NPM_PREFIX" ] && [ -x "$NPM_PREFIX/bin/pnpm" ]; then
+    export PATH="$NPM_PREFIX/bin:$PATH"
+  fi
+fi
+
+if ! command -v pnpm >/dev/null 2>&1; then
+  step_fail "pnpm not found after bootstrap"
+  abort "pnpm-missing"
+fi
+
+# ─── phase 0b: find v1 install ──────────────────────────────────────────
+
+find_v1() {
+  # Explicit override
+  if [ -n "${NANOCLAW_V1_PATH:-}" ]; then
+    if [ -f "$NANOCLAW_V1_PATH/store/messages.db" ]; then
+      echo "$NANOCLAW_V1_PATH"
+      return 0
+    fi
+    step_fail "NANOCLAW_V1_PATH=$NANOCLAW_V1_PATH does not contain store/messages.db"
+    return 1
+  fi
+
+  # Scan sibling directories for anything claw-ish with a v1 DB
+  local parent
+  parent="$(dirname "$PROJECT_ROOT")"
+  for entry in "$parent"/*/; do
+    [ -d "$entry" ] || continue
+    # Skip ourselves
+    [ "$(cd "$entry" && pwd)" = "$PROJECT_ROOT" ] && continue
+    # Must have the v1 DB
+    [ -f "$entry/store/messages.db" ] || continue
+    # Must not be v2 (check package.json version)
+    if [ -f "$entry/package.json" ]; then
+      local ver
+      ver=$(grep '"version"' "$entry/package.json" 2>/dev/null | head -1 | sed -E 's/.*"([0-9]+)\..*/\1/')
+      [ "$ver" = "2" ] && continue
+    fi
+    echo "$(cd "$entry" && pwd)"
+    return 0
+  done
+
+  return 1
+}
+
+V1_PATH=""
+if V1_PATH=$(find_v1); then
+  V1_VERSION=$(grep '"version"' "$V1_PATH/package.json" 2>/dev/null | head -1 | sed -E 's/.*"([^"]+)".*/\1/' || echo "unknown")
+  step_ok "Found v1 at $(dim "$V1_PATH") $(dim "(v$V1_VERSION)")"
+  log "v1 found: $V1_PATH (v$V1_VERSION)"
+else
+  step_fail "No v1 install found"
+  echo
+  echo "  $(dim 'Set NANOCLAW_V1_PATH to point at your v1 checkout:')"
+  echo "  $(dim 'NANOCLAW_V1_PATH=~/nanoclaw bash migrate-v2.sh')"
+  echo
+  abort "v1-not-found"
+fi
+
+# ─── phase 0c: validate v1 DB ───────────────────────────────────────────
+
+V1_DB="$V1_PATH/store/messages.db"
+
+# Quick schema check — make sure the tables we need exist.
+# Uses the in-tree wrapper instead of the sqlite3 CLI: setup.sh (run via
+# phase 0a above) installs Node + better-sqlite3 but NOT the sqlite3 CLI,
+# and #2191 documented how a missing CLI here used to surface as a
+# misleading "registered_groups missing" abort.
+TABLES=$(pnpm exec tsx scripts/q.ts "$V1_DB" "SELECT name FROM sqlite_master WHERE type='table'" 2>/dev/null || true)
+
+if echo "$TABLES" | grep -q "registered_groups"; then
+  step_ok "v1 database has registered_groups"
+else
+  step_fail "v1 database missing registered_groups table"
+  abort "v1-db-invalid"
+fi
+
+# Show what we found
+GROUP_COUNT=$(pnpm exec tsx scripts/q.ts "$V1_DB" "SELECT COUNT(*) FROM registered_groups" 2>/dev/null || echo 0)
+TASK_COUNT=$(pnpm exec tsx scripts/q.ts "$V1_DB" "SELECT COUNT(*) FROM scheduled_tasks WHERE status='active'" 2>/dev/null || echo 0)
+ENV_KEYS=0
+if [ -f "$V1_PATH/.env" ]; then
+  ENV_KEYS=$(grep -c '=' "$V1_PATH/.env" 2>/dev/null || echo 0)
+fi
+
+step_info "v1 state: $(bold "$GROUP_COUNT") groups, $(bold "$TASK_COUNT") active tasks, $(bold "$ENV_KEYS") env keys"
+
+echo
+step_ok "Phase 0 complete — ready to migrate"
+echo
+log "Phase 0 complete: groups=$GROUP_COUNT tasks=$TASK_COUNT env_keys=$ENV_KEYS"
+
+export NANOCLAW_V1_PATH="$V1_PATH"
+export NANOCLAW_V2_PATH="$PROJECT_ROOT"
+
+# ─── run_step helper ─────────────────────────────────────────────────────
+# Runs a TypeScript migration step, captures output, reports success/failure.
+
+# Step outcomes are tracked via record_step() into STEP_NAMES/STEP_STATUSES
+# (defined above, near write_handoff).
+
+run_step() {
+  local name=$1 label=$2 script=$3
+  shift 3
+  local raw="$STEPS_DIR/${name}.log"
+
+  if pnpm exec tsx "$script" "$@" > "$raw" 2>&1; then
+    local result
+    result=$(grep '^OK:' "$raw" | head -1 || true)
+    step_ok "$label $(dim "$result")"
+    log "$name: $result"
+    record_step "$name" "success"
+    # Surface partial errors (rows skipped due to parse/lookup failures)
+    # even when the step exited successfully — they're easy to miss in the
+    # raw log and have caused silent migrations before.
+    if grep -q '^ERROR:' "$raw" 2>/dev/null; then
+      local err_count
+      err_count=$(grep -c '^ERROR:' "$raw")
+      echo "  $(dim "${err_count} error(s) reported — see $raw")"
+      grep '^ERROR:' "$raw" | head -3 | while IFS= read -r line; do
+        echo "  $(dim "$line")"
+      done
+      log "$name: ${err_count} non-fatal errors"
+    fi
+  elif grep -q '^SKIPPED:' "$raw" 2>/dev/null; then
+    local reason
+    reason=$(grep '^SKIPPED:' "$raw" | head -1 | sed 's/^SKIPPED://')
+    step_skip "$label $(dim "($reason)")"
+    log "$name: skipped ($reason)"
+    record_step "$name" "skipped"
+  else
+    step_fail "$label"
+    echo
+    tail -10 "$raw" 2>/dev/null | while IFS= read -r line; do
+      echo "  $(dim "$line")"
+    done
+    echo
+    log "$name: FAILED (see $raw)"
+    record_step "$name" "failed"
+  fi
+}
+
+# ─── phase 1: core state ────────────────────────────────────────────────
+
+echo "$(bold 'Phase 1: Core state')"
+echo
+
+run_step "1a-env" \
+  "Merge .env" \
+  "setup/migrate-v2/env.ts" "$V1_PATH"
+
+run_step "1b-db" \
+  "Seed v2 database" \
+  "setup/migrate-v2/db.ts" "$V1_PATH"
+
+run_step "1c-groups" \
+  "Copy group folders" \
+  "setup/migrate-v2/groups.ts" "$V1_PATH"
+
+run_step "1d-sessions" \
+  "Copy session data" \
+  "setup/migrate-v2/sessions.ts" "$V1_PATH"
+
+run_step "1e-tasks" \
+  "Port scheduled tasks" \
+  "setup/migrate-v2/tasks.ts" "$V1_PATH"
+
+echo
+step_ok "Phase 1 complete"
+echo
+
+# ─── phase 2: channels (interactive) ────────────────────────────────────
+
+echo "$(bold 'Phase 2: Channels')"
+echo
+
+# Channel selection — clack multiselect (interactive) or NANOCLAW_CHANNELS env var.
+# NANOCLAW_CHANNELS accepts comma-separated channel names: "telegram,discord"
+SELECTED_CHANNELS=()
+CHANNEL_SELECT_OUT="$STEPS_DIR/2a-channels-selected.txt"
+
+pnpm exec tsx setup/migrate-v2/select-channels.ts "$CHANNEL_SELECT_OUT" || true
+
+if [ -f "$CHANNEL_SELECT_OUT" ]; then
+  while IFS= read -r ch; do
+    [ -n "$ch" ] && SELECTED_CHANNELS+=("$ch")
+  done < "$CHANNEL_SELECT_OUT"
+fi
+
+if [ ${#SELECTED_CHANNELS[@]} -eq 0 ]; then
+  echo
+  step_skip "No channels selected"
+else
+  echo
+  step_info "Selected: ${SELECTED_CHANNELS[*]}"
+  echo
+
+  # 2b. Copy channel auth state
+  run_step "2b-channel-auth" \
+    "Copy channel credentials" \
+    "setup/migrate-v2/channel-auth.ts" "$V1_PATH" "${SELECTED_CHANNELS[@]}"
+
+  # 2c. Install channel code
+  for ch in "${SELECTED_CHANNELS[@]}"; do
+    INSTALL_SCRIPT="setup/install-${ch}.sh"
+    STEP_NAME="2c-install-${ch}"
+    if [ -f "$INSTALL_SCRIPT" ]; then
+      STEP_LOG="$STEPS_DIR/${STEP_NAME}.log"
+      if bash "$INSTALL_SCRIPT" > "$STEP_LOG" 2>&1; then
+        STATUS_LINE=$(grep '^STATUS:' "$STEP_LOG" | head -1 | sed 's/^STATUS: *//')
+        if [ "$STATUS_LINE" = "already-installed" ]; then
+          step_skip "Install $ch $(dim "(already installed)")"
+          record_step "$STEP_NAME" "skipped"
+        else
+          step_ok "Install $ch"
+          record_step "$STEP_NAME" "success"
+        fi
+        log "install-$ch: $STATUS_LINE"
+      else
+        step_fail "Install $ch"
+        tail -5 "$STEP_LOG" 2>/dev/null | while IFS= read -r line; do
+          echo "  $(dim "$line")"
+        done
+        log "install-$ch: FAILED (see $STEP_LOG)"
+        record_step "$STEP_NAME" "failed"
+      fi
+    else
+      step_skip "Install $ch $(dim "(no install script)")"
+      log "install-$ch: no install script"
+      record_step "$STEP_NAME" "failed"
+    fi
+  done
+
+  # 2d. (Removed) WhatsApp LID resolution was previously needed because the
+  # v6 adapter couldn't reliably translate LID→phone JIDs, so the migration
+  # pre-created dual messaging_groups rows. With Baileys v7, the adapter
+  # resolves LIDs via extractAddressingContext + signalRepository.lidMapping
+  # on every inbound message, so dual rows are unnecessary and were causing
+  # split sessions.
+fi
+
+echo
+step_ok "Phase 2 complete"
+echo
+
+# ─── phase 3: infrastructure ────────────────────────────────────────────
+
+echo "$(bold 'Phase 3: Infrastructure')"
+echo
+
+# 3a. Docker — install if missing (OneCLI needs it)
+if command -v docker >/dev/null 2>&1; then
+  DOCKER_V=$(docker --version 2>/dev/null | head -1)
+  step_ok "Docker available $(dim "($DOCKER_V)")"
+  log "Docker: $DOCKER_V"
+else
+  step_info "Installing Docker…"
+  DOCKER_LOG="$STEPS_DIR/3a-docker.log"
+  if bash setup/install-docker.sh > "$DOCKER_LOG" 2>&1; then
+    hash -r 2>/dev/null || true
+    step_ok "Docker installed"
+    record_step "3a-docker" "success"
+    log "Docker: installed"
+  else
+    step_fail "Docker install failed $(dim "(see $DOCKER_LOG)")"
+    record_step "3a-docker" "failed"
+    log "Docker: FAILED"
+  fi
+fi
+
+# 3b. OneCLI — detect or install via setup step (requires Docker)
+ONECLI_OK=false
+ONECLI_URL_FROM_ENV=$(grep '^ONECLI_URL=' .env 2>/dev/null | head -1 | sed 's/^ONECLI_URL=//')
+ONECLI_URL_CHECK="${ONECLI_URL_FROM_ENV:-http://127.0.0.1:10254}"
+
+if curl -sf "${ONECLI_URL_CHECK}/api/health" >/dev/null 2>&1; then
+  step_ok "OneCLI running at $(dim "$ONECLI_URL_CHECK")"
+  ONECLI_OK=true
+  log "OneCLI: running at $ONECLI_URL_CHECK"
+elif command -v docker >/dev/null 2>&1; then
+  step_info "Setting up OneCLI…"
+  ONECLI_LOG="$STEPS_DIR/3b-onecli.log"
+  ONECLI_ERR="$STEPS_DIR/3b-onecli.err"
+  if pnpm exec tsx setup/index.ts --step onecli > "$ONECLI_LOG" 2>"$ONECLI_ERR"; then
+    step_ok "OneCLI ready"
+    ONECLI_OK=true
+    record_step "3b-onecli" "success"
+    log "OneCLI: installed/configured"
+  else
+    step_fail "OneCLI setup failed $(dim "(see $ONECLI_LOG)")"
+    record_step "3b-onecli" "failed"
+    log "OneCLI: FAILED"
+  fi
+else
+  step_fail "OneCLI needs Docker $(dim "(install Docker first)")"
+  record_step "3b-onecli" "failed"
+  log "OneCLI: skipped (no Docker)"
+fi
+
+# 3c. Anthropic credential — run the auth setup step if no credential found
+if grep -qE '^(ANTHROPIC_API_KEY|CLAUDE_CODE_OAUTH_TOKEN)=' .env 2>/dev/null; then
+  step_ok "Anthropic credential found in .env"
+  log "Anthropic credential: found in .env"
+elif [ "$ONECLI_OK" = "true" ]; then
+  step_info "Registering Anthropic credential…"
+  AUTH_LOG="$STEPS_DIR/3c-auth.log"
+  AUTH_ERR="$STEPS_DIR/3c-auth.err"
+  if pnpm exec tsx setup/index.ts --step auth > "$AUTH_LOG" 2>"$AUTH_ERR"; then
+    step_ok "Anthropic credential registered"
+    record_step "3c-auth" "success"
+    log "Anthropic credential: registered via auth step"
+  else
+    step_fail "Auth setup failed $(dim "(see $AUTH_LOG)")"
+    record_step "3c-auth" "failed"
+    log "Anthropic credential: FAILED"
+  fi
+else
+  step_info "No Anthropic credential $(dim "(OneCLI not available — add manually to .env)")"
+  log "Anthropic credential: skipped (no OneCLI)"
+fi
+
+# 3d. Copy container skills from v1 that v2 doesn't have
+V1_SKILLS_DIR="$V1_PATH/container/skills"
+V2_SKILLS_DIR="$PROJECT_ROOT/container/skills"
+
+if [ -d "$V1_SKILLS_DIR" ]; then
+  SKILLS_COPIED=0
+  SKILLS_SKIPPED=0
+  for skill_dir in "$V1_SKILLS_DIR"/*/; do
+    [ -d "$skill_dir" ] || continue
+    skill_name=$(basename "$skill_dir")
+    if [ -d "$V2_SKILLS_DIR/$skill_name" ]; then
+      SKILLS_SKIPPED=$((SKILLS_SKIPPED + 1))
+    else
+      cp -r "$skill_dir" "$V2_SKILLS_DIR/$skill_name"
+      SKILLS_COPIED=$((SKILLS_COPIED + 1))
+    fi
+  done
+  if [ $SKILLS_COPIED -gt 0 ]; then
+    step_ok "Copied $SKILLS_COPIED container skills $(dim "(skipped $SKILLS_SKIPPED already in v2)")"
+  else
+    step_skip "All v1 container skills already in v2 $(dim "($SKILLS_SKIPPED)")"
+  fi
+  log "Container skills: copied=$SKILLS_COPIED skipped=$SKILLS_SKIPPED"
+else
+  step_skip "No v1 container skills"
+fi
+
+# 3e. Build agent container image
+if command -v docker >/dev/null 2>&1; then
+  step_info "Building agent container image…"
+  BUILD_LOG="$STEPS_DIR/3e-container-build.log"
+  if bash container/build.sh > "$BUILD_LOG" 2>&1; then
+    step_ok "Container image built"
+    record_step "3e-build" "success"
+    log "Container build: success"
+  else
+    step_fail "Container build failed"
+    record_step "3e-build" "failed"
+    tail -10 "$BUILD_LOG" 2>/dev/null | while IFS= read -r line; do
+      echo "  $(dim "$line")"
+    done
+    log "Container build: FAILED (see $BUILD_LOG)"
+  fi
+else
+  step_fail "Docker not available — cannot build container"
+  record_step "3e-build" "failed"
+  log "Container build: skipped (no Docker)"
+fi
+
+echo
+step_ok "Phase 3 complete"
+echo
+
+# ─── service switchover ─────────────────────────────────────────────────
+
+echo "$(bold 'Service switchover')"
+echo
+
+# Disable the v1 service so it doesn't auto-start, but leave the unit file
+# on disk so the user can rollback with: systemctl --user start nanoclaw
+# Idempotent — safe to call multiple times.
+disable_v1_service() {
+  if [ "$PLATFORM_SERVICE" = "systemd" ]; then
+    local v1_file="$HOME/.config/systemd/user/${V1_SERVICE}.service"
+    if [ -f "$v1_file" ] || [ -L "$v1_file" ]; then
+      systemctl --user stop "$V1_SERVICE" 2>/dev/null || true
+      systemctl --user disable "$V1_SERVICE" 2>/dev/null || true
+      step_ok "Disabled $V1_SERVICE (unit file kept for rollback)"
+    fi
+  elif [ "$PLATFORM_SERVICE" = "launchd" ]; then
+    local v1_plist="$HOME/Library/LaunchAgents/${V1_SERVICE}.plist"
+    if [ -f "$v1_plist" ] || [ -L "$v1_plist" ]; then
+      launchctl unload "$v1_plist" 2>/dev/null || true
+      step_ok "Unloaded $V1_SERVICE (plist kept for rollback)"
+    fi
+  fi
+}
+
+# Detect platform and service names
+V1_SERVICE=""
+V2_SERVICE=""
+PLATFORM_SERVICE=""
+
+if [ "$(uname -s)" = "Darwin" ]; then
+  PLATFORM_SERVICE="launchd"
+  V1_SERVICE="com.nanoclaw"
+  # v2 uses install-slug for unique service names
+  V2_SERVICE=$(pnpm exec tsx -e "import{getLaunchdLabel}from'./src/install-slug.js';console.log(getLaunchdLabel())" 2>/dev/null || echo "")
+elif [ "$(uname -s)" = "Linux" ]; then
+  PLATFORM_SERVICE="systemd"
+  V1_SERVICE="nanoclaw"
+  V2_SERVICE=$(pnpm exec tsx -e "import{getSystemdUnit}from'./src/install-slug.js';console.log(getSystemdUnit())" 2>/dev/null || echo "")
+fi
+
+# Check if v1 service is running
+V1_RUNNING=false
+if [ "$PLATFORM_SERVICE" = "systemd" ]; then
+  systemctl --user is-active "$V1_SERVICE" >/dev/null 2>&1 && V1_RUNNING=true
+elif [ "$PLATFORM_SERVICE" = "launchd" ]; then
+  launchctl list "$V1_SERVICE" >/dev/null 2>&1 && V1_RUNNING=true
+fi
+
+SERVICE_SWITCHED=false
+if [ "$V1_RUNNING" = "true" ]; then
+  step_info "v1 service is running $(dim "($V1_SERVICE)")"
+
+  # Ask user if they want to switch
+  SWITCH_ANSWER_FILE=$(mktemp)
+  pnpm exec tsx setup/migrate-v2/switchover-prompt.ts --offer-switch "$SWITCH_ANSWER_FILE" || true
+  SWITCH_ANSWER=$(cat "$SWITCH_ANSWER_FILE" 2>/dev/null || echo "skip")
+  rm -f "$SWITCH_ANSWER_FILE"
+
+  if [ "$SWITCH_ANSWER" = "switch" ]; then
+    # Stop v1
+    if [ "$PLATFORM_SERVICE" = "systemd" ]; then
+      systemctl --user stop "$V1_SERVICE" 2>/dev/null && step_ok "Stopped v1 service" || step_fail "Could not stop v1"
+    elif [ "$PLATFORM_SERVICE" = "launchd" ]; then
+      launchctl unload ~/Library/LaunchAgents/${V1_SERVICE}.plist 2>/dev/null && step_ok "Stopped v1 service" || step_fail "Could not stop v1"
+    fi
+
+    # Install and start v2 service
+    V2_SERVICE_LOG="$STEPS_DIR/service-install.log"
+    V2_SERVICE_ERR="$STEPS_DIR/service-install.err"
+    if pnpm exec tsx setup/index.ts --step service > "$V2_SERVICE_LOG" 2>"$V2_SERVICE_ERR"; then
+      # Parse the actual unit name from the service step stdout (clean, no ANSI)
+      if [ "$PLATFORM_SERVICE" = "systemd" ]; then
+        V2_SERVICE=$(grep '^SERVICE_UNIT:' "$V2_SERVICE_LOG" | head -1 | sed 's/^SERVICE_UNIT: *//')
+      elif [ "$PLATFORM_SERVICE" = "launchd" ]; then
+        V2_SERVICE=$(grep '^SERVICE_LABEL:' "$V2_SERVICE_LOG" | head -1 | sed 's/^SERVICE_LABEL: *//')
+      fi
+      step_ok "v2 service installed and started $(dim "($V2_SERVICE)")"
+    else
+      step_fail "Could not start v2 service $(dim "(see $V2_SERVICE_LOG)")"
+    fi
+
+    SERVICE_SWITCHED=true
+    echo
+    step_info "v2 is running — send a test message to your bot"
+    echo
+
+    # Ask: keep or revert?
+    KEEP_ANSWER_FILE=$(mktemp)
+    pnpm exec tsx setup/migrate-v2/switchover-prompt.ts --keep-or-revert "$KEEP_ANSWER_FILE" || true
+    KEEP_ANSWER=$(cat "$KEEP_ANSWER_FILE" 2>/dev/null || echo "keep")
+    rm -f "$KEEP_ANSWER_FILE"
+
+    if [ "$KEEP_ANSWER" = "revert" ]; then
+      # Stop v2
+      if [ "$PLATFORM_SERVICE" = "systemd" ] && [ -n "$V2_SERVICE" ]; then
+        systemctl --user stop "$V2_SERVICE" 2>/dev/null || true
+        systemctl --user disable "$V2_SERVICE" 2>/dev/null || true
+      elif [ "$PLATFORM_SERVICE" = "launchd" ] && [ -n "$V2_SERVICE" ]; then
+        launchctl unload ~/Library/LaunchAgents/${V2_SERVICE}.plist 2>/dev/null || true
+      fi
+
+      # Restart v1
+      if [ "$PLATFORM_SERVICE" = "systemd" ]; then
+        systemctl --user start "$V1_SERVICE" 2>/dev/null || true
+      elif [ "$PLATFORM_SERVICE" = "launchd" ]; then
+        launchctl load ~/Library/LaunchAgents/${V1_SERVICE}.plist 2>/dev/null || true
+      fi
+
+      step_ok "Reverted to v1 service"
+      SERVICE_SWITCHED=false
+    else
+      step_ok "Keeping v2 service"
+      disable_v1_service
+    fi
+  else
+    step_skip "Service switchover skipped"
+  fi
+else
+  step_skip "v1 service not running — nothing to switch"
+  disable_v1_service
+fi
+
+echo
+
+# ─── phase 4: handoff ───────────────────────────────────────────────────
+# handoff.json is written by the EXIT trap (write_handoff) — always, even on
+# abort. Here we just print the summary.
+
+echo "$(bold 'Phase 4: Handoff')"
+echo
+
+step_ok "Wrote handoff summary"
+
+# Summary
+echo
+echo "$(bold '── Migration complete ──')"
+echo
+echo "  $(dim 'v1:')  $V1_PATH"
+echo "  $(dim 'v2:')  $PROJECT_ROOT"
+echo
+echo "  $(bold 'What was done:')"
+echo "    $(green '✓')  .env keys merged"
+echo "    $(green '✓')  Database seeded (agent groups, messaging groups, wiring)"
+echo "    $(green '✓')  Group folders copied (CLAUDE.md → CLAUDE.local.md)"
+echo "    $(green '✓')  Session data copied"
+echo "    $(green '✓')  Scheduled tasks ported"
+if [ ${#SELECTED_CHANNELS[@]} -gt 0 ]; then
+echo "    $(green '✓')  Channels installed: ${SELECTED_CHANNELS[*]}"
+fi
+echo "    $(green '✓')  Container skills copied"
+echo "    $(green '✓')  Container image built"
+if [ "$SERVICE_SWITCHED" = "true" ] && [ -n "$V2_SERVICE" ]; then
+echo "    $(green '✓')  Service switched to v2 $(dim "($V2_SERVICE)")"
+echo
+echo "  $(bold 'Rollback to v1:')"
+if [ "$PLATFORM_SERVICE" = "systemd" ]; then
+echo "    $(dim '$') systemctl --user stop $V2_SERVICE && systemctl --user start $V1_SERVICE"
+elif [ "$PLATFORM_SERVICE" = "launchd" ]; then
+echo "    $(dim '$') launchctl unload ~/Library/LaunchAgents/${V2_SERVICE}.plist && launchctl load ~/Library/LaunchAgents/${V1_SERVICE}.plist"
+fi
+fi
+echo
+echo "  $(bold 'What still needs a human:')"
+if [ "$ONECLI_OK" = "false" ]; then
+echo "    $(dim '·')  Set up OneCLI: pnpm exec tsx setup/index.ts --step onecli"
+fi
+if ! grep -qE '^(ANTHROPIC_API_KEY|CLAUDE_CODE_OAUTH_TOKEN)=' .env 2>/dev/null; then
+echo "    $(dim '·')  Add Anthropic credential to .env or OneCLI vault"
+fi
+echo "    $(dim '·')  Run $(bold '/migrate-from-v1') in Claude to finish:"
+echo "       $(dim '- Seed your owner account')"
+echo "       $(dim '- Set access policies')"
+echo "       $(dim '- Port any custom v1 code')"
+echo
+echo "  $(dim "Handoff: $LOGS_DIR/setup-migration/handoff.json")"
+echo "  $(dim "Full log: $MIGRATE_LOG")"
+echo "  $(dim "Step logs: $STEPS_DIR/")"
+echo
+
+# ─── hand off to Claude ─────────────────────────────────────────────────
+
+if command -v claude >/dev/null 2>&1; then
+  write_handoff
+  trap - EXIT
+  exec claude "/migrate-from-v1"
+fi
@@ -129,10 +129,123 @@ rm -f  "$PROGRESS_LOG"
 mkdir -p "$STEPS_DIR" "$LOGS_DIR"
 write_header

-# NanoClaw wordmark — clack's intro carries the "let's get you set up" framing,
-# so we don't print a subtitle here. setup:auto sees NANOCLAW_BOOTSTRAPPED=1 and
-# skips re-printing the wordmark, keeping the flow visually continuous.
-printf '\n  %s%s\n\n' "$(bold 'Nano')" "$(brand_bold 'Claw')"
+# NanoClaw splash — under-the-sea lobster mascot in truecolor braille,
+# with the figlet wordmark and taglines below. Pre-rendered into
+# assets/setup-splash.txt (built from assets/nanoclaw-icon.png via chafa +
+# figlet); the bash script just streams the literal frame. clack's intro
+# then carries the "let's get you set up" framing — setup:auto sees
+# NANOCLAW_BOOTSTRAPPED=1 and skips re-printing the wordmark.
+cat "$PROJECT_ROOT/assets/setup-splash.txt"
+
+# ─── pre-flight: minimum hardware specs ────────────────────────────────
+# NanoClaw runs an agent container per session. Below this threshold the
+# host + container + agent will struggle (OOM under load). Soft warn — the
+# user can override.
+
+# RAM floor is set below 4 GB because "4 GB" VMs typically report 3700–3900 MB
+# after kernel reserves (e.g. Hetzner CX21 ≈ 3814, AWS t3.medium ≈ 3800).
+MIN_MEM_MB=3700
+
+detect_mem_mb() {
+  case "$(uname -s)" in
+    Linux)
+      awk '/^MemTotal:/ {printf "%d", $2 / 1024}' /proc/meminfo 2>/dev/null
+      ;;
+    Darwin)
+      local bytes
+      bytes=$(sysctl -n hw.memsize 2>/dev/null || echo 0)
+      echo $(( bytes / 1024 / 1024 ))
+      ;;
+  esac
+}
+
+MEM_MB=$(detect_mem_mb)
+: "${MEM_MB:=0}"
+
+LOW_MEM=false
+[ "$MEM_MB" -gt 0 ] && [ "$MEM_MB" -lt "$MIN_MEM_MB" ] && LOW_MEM=true
+
+if [ "$LOW_MEM" = true ]; then
+  printf '  %s\n' "$(red 'Warning: this machine likely cannot run NanoClaw.')"
+  printf '  %s\n' "$(dim 'NanoClaw recommends a 4 GB+ RAM machine. Below this, the host + agent')"
+  printf '  %s\n' "$(dim 'container will run out of memory under most workloads. A stronger')"
+  printf '  %s\n' "$(dim 'machine is strongly recommended.')"
+  printf '  %s\n' "$(dim "  · Detected RAM: ${MEM_MB} MB")"
+  printf '\n'
+  read -r -p "  $(bold 'Try anyway?') [y/N] " SPECS_ANS </dev/tty
+
+  case "${SPECS_ANS:-N}" in
+    [Yy]*)
+      ph_event setup_low_specs_continued mem_mb="$MEM_MB" low_mem="$LOW_MEM"
+      printf '\n'
+      ;;
+    *)
+      ph_event setup_low_specs_aborted mem_mb="$MEM_MB" low_mem="$LOW_MEM"
+      printf '\n  %s\n\n' "$(dim 'Aborted. Re-run after upgrading the host.')"
+      exit 1
+      ;;
+  esac
+fi
+
+# ─── pre-flight: Google Cloud VM warning (Linux) ──────────────────────
+# NanoClaw is known to not run reliably on Google Compute Engine instances.
+# Warn early — before the root check or bootstrap spinner — so users can
+# switch providers before sinking time into setup. Detection uses DMI
+# (no network round-trip), which on GCE reports "Google" / "Google
+# Compute Engine".
+if [ "$(uname -s)" = "Linux" ] \
+  && { grep -qi 'Google' /sys/class/dmi/id/product_name 2>/dev/null \
+    || grep -qi 'Google' /sys/class/dmi/id/sys_vendor   2>/dev/null; }; then
+  printf '  %s\n' "$(red 'Warning: Google Cloud VM detected.')"
+  printf '  %s\n' "$(dim 'Google blocks sudo commands, so NanoClaw is unlikely to run successfully on this VM.')"
+  printf '  %s\n\n' "$(dim 'If you want to run NanoClaw successfully, switch to a different provider (Hetzner, Hostinger, exe.dev and others..).')"
+  read -r -p "  $(bold 'Try anyway?') [y/N] " GCE_ANS </dev/tty
+
+  case "${GCE_ANS:-N}" in
+    [Yy]*)
+      ph_event setup_gce_continued
+      printf '\n'
+      ;;
+    *)
+      ph_event setup_gce_aborted
+      printf '\n  %s\n\n' "$(dim 'Aborted. Re-run on a non-GCE host to continue.')"
+      exit 1
+      ;;
+  esac
+fi
+
+# ─── pre-flight: root user warning (Linux) ────────────────────────────
+if [ "$(uname -s)" = "Linux" ] && [ "$(id -u)" -eq 0 ]; then
+  printf '  %s\n' \
+    "$(red 'Warning: you are running as root.')"
+  printf '  %s\n' \
+    "$(dim "Running NanoClaw as root is not recommended. It can cause permission")"
+  printf '  %s\n\n' \
+    "$(dim "issues with containers, services, and file ownership.")"
+  printf '  %s\n' "$(bold '1)') $(dim 'Show me instructions for creating a new Linux user')"
+  printf '  %s\n\n' "$(bold '2)') $(dim 'Continue setting up NanoClaw as root user (not recommended)')"
+  read -r -p "  $(bold 'Choose [1/2]: ')" ROOT_ANS </dev/tty
+
+  case "${ROOT_ANS:-1}" in
+    2)
+      ph_event setup_root_continued
+      printf '\n'
+      ;;
+    *)
+      ph_event setup_root_aborted
+      printf '\n  %s\n' "$(bold 'To set up a regular user (via SSH):')"
+      printf '  %s\n\n' "$(dim 'Not using SSH? Refer to your hosting provider docs or ask your coding agent to help you set up SSH access.')"
+      printf '  %s\n' "$(dim '1. Create a new user:           adduser nanoclaw')"
+      printf '  %s\n' "$(dim '2. Add to sudo group:           usermod -aG sudo nanoclaw')"
+      printf '  %s\n' "$(dim '3. Enable passwordless sudo:    echo "nanoclaw ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/nanoclaw')"
+      printf '  %s\n' "$(dim '4. Log out:                     exit')"
+      printf '  %s\n' "$(dim '5. Log back in as the new user: ssh nanoclaw@your-server')"
+      printf '  %s\n' "$(dim '6. Clone the repo:              git clone https://github.com/qwibitai/nanoclaw.git && cd nanoclaw')"
+      printf '  %s\n\n' "$(dim '7. Re-run setup:               bash nanoclaw.sh')"
+      exit 1
+      ;;
+  esac
+fi

 # ─── pre-flight: Homebrew on macOS ─────────────────────────────────────
 # setup/install-node.sh and setup/install-docker.sh both require `brew` on
@@ -188,9 +301,6 @@ BOOTSTRAP_RAW="${STEPS_DIR}/01-bootstrap.log"
 BOOTSTRAP_LABEL="Installing the basics"
 BOOTSTRAP_START=$(date +%s)

-# One-line "why" that teaches a differentiator while the user waits.
-printf '%s  %s\n' "$(gray '│')" \
-  "$(dim "Small. Runs on your machine. Yours to modify.")"
 spinner_start "$BOOTSTRAP_LABEL"

 # Run in the background so we can tick elapsed time. Capture exit code via
@@ -1,6 +1,6 @@
 {
  "name": "nanoclaw",
-  "version": "2.0.14",
+  "version": "2.0.33",
  "description": "Personal Claude assistant. Lightweight, secure, customizable.",
  "type": "module",
  "packageManager": "pnpm@10.33.0",
@@ -1,5 +1,5 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="90" height="20" role="img" aria-label="133k tokens, 66% of context window">
-  <title>133k tokens, 66% of context window</title>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="90" height="20" role="img" aria-label="141k tokens, 71% of context window">
+  <title>141k tokens, 71% of context window</title>
  <linearGradient id="s" x2="0" y2="100%">
    <stop offset="0" stop-color="#bbb" stop-opacity=".1"/>
    <stop offset="1" stop-opacity=".1"/>
@@ -10,13 +10,13 @@
  <a xlink:href="https://github.com/qwibitai/nanoclaw/tree/main/repo-tokens">
    <g clip-path="url(#r)">
      <rect width="52" height="20" fill="#555"/>
-      <rect x="52" width="38" height="20" fill="#dfb317"/>
+      <rect x="52" width="38" height="20" fill="#e05d44"/>
      <rect width="90" height="20" fill="url(#s)"/>
      <g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" font-size="11">
        <text aria-hidden="true" x="26" y="15" fill="#010101" fill-opacity=".3">tokens</text>
        <text x="26" y="14">tokens</text>
-        <text aria-hidden="true" x="71" y="15" fill="#010101" fill-opacity=".3">133k</text>
-        <text x="71" y="14">133k</text>
+        <text aria-hidden="true" x="71" y="15" fill="#010101" fill-opacity=".3">141k</text>
+        <text x="71" y="14">141k</text>
      </g>
    </g>
  </a>
@@ -0,0 +1,75 @@
+/**
+ * Delete the scratch CLI agent created during setup's ping-pong test.
+ *
+ * Dynamically finds and removes all rows referencing the agent group
+ * (any table with an agent_group_id column), deletes the agent group
+ * itself, and removes the groups/<folder>/ directory. Leaves the CLI
+ * messaging group intact so it can be reused for a new agent.
+ *
+ * Usage:
+ *   pnpm exec tsx scripts/delete-cli-agent.ts --folder <folder-name>
+ */
+import fs from 'fs';
+import path from 'path';
+
+import { DATA_DIR } from '../src/config.js';
+import { getAgentGroupByFolder, deleteAgentGroup } from '../src/db/agent-groups.js';
+import { initDb } from '../src/db/connection.js';
+import { runMigrations } from '../src/db/migrations/index.js';
+
+interface Args {
+  folder: string;
+}
+
+function parseArgs(): Args {
+  const argv = process.argv.slice(2);
+  let folder = '';
+  for (let i = 0; i < argv.length; i++) {
+    if (argv[i] === '--folder' && argv[i + 1]) folder = argv[++i];
+  }
+  if (!folder) {
+    console.error('usage: pnpm exec tsx scripts/delete-cli-agent.ts --folder <folder-name>');
+    process.exit(1);
+  }
+  return { folder };
+}
+
+const args = parseArgs();
+
+const db = initDb(path.join(DATA_DIR, 'v2.db'));
+runMigrations(db);
+
+const ag = getAgentGroupByFolder(args.folder);
+if (!ag) {
+  console.log(`No agent group with folder "${args.folder}" — nothing to delete.`);
+  process.exit(0);
+}
+
+const cleanup = db.transaction(() => {
+  const tables = db
+    .prepare(
+      `SELECT DISTINCT m.name FROM sqlite_master m
+       JOIN pragma_table_info(m.name) p ON p.name = 'agent_group_id'
+       WHERE m.type = 'table' AND m.name != 'agent_groups'`,
+    )
+    .all() as { name: string }[];
+  for (const { name } of tables) {
+    db.prepare(`DELETE FROM ${name} WHERE agent_group_id = ?`).run(ag.id);
+  }
+  deleteAgentGroup(ag.id);
+});
+cleanup();
+
+// Remove the groups/<folder>/ directory.
+const groupDir = path.join(process.cwd(), 'groups', args.folder);
+if (fs.existsSync(groupDir)) {
+  fs.rmSync(groupDir, { recursive: true });
+}
+
+// Remove session data on disk.
+const sessionsDir = path.join(DATA_DIR, 'v2-sessions', ag.id);
+if (fs.existsSync(sessionsDir)) {
+  fs.rmSync(sessionsDir, { recursive: true });
+}
+
+console.log(`Deleted agent group ${ag.id} (${args.folder}).`);
@@ -41,11 +41,13 @@ const CLI_SYNTHETIC_USER_ID = `${CLI_CHANNEL}:${CLI_PLATFORM_ID}`;
 interface Args {
  displayName: string;
  agentName: string;
+  folder?: string;
 }

 function parseArgs(argv: string[]): Args {
  let displayName: string | undefined;
  let agentName: string | undefined;
+  let folder: string | undefined;
  for (let i = 0; i < argv.length; i++) {
    const key = argv[i];
    const val = argv[i + 1];
@@ -55,6 +57,9 @@ function parseArgs(argv: string[]): Args {
    } else if (key === '--agent-name') {
      agentName = val;
      i++;
+    } else if (key === '--folder') {
+      folder = val;
+      i++;
    }
  }

@@ -67,6 +72,7 @@ function parseArgs(argv: string[]): Args {
  return {
    displayName,
    agentName: agentName?.trim() || displayName,
+    folder,
  };
 }

@@ -95,7 +101,7 @@ async function main(): Promise<void> {
  const promotedToOwner = false;

  // 2. Agent group + filesystem.
-  const folder = `cli-with-${normalizeName(args.displayName)}`;
+  const folder = args.folder || `cli-with-${normalizeName(args.displayName)}`;
  let ag: AgentGroup | undefined = getAgentGroupByFolder(folder);
  if (!ag) {
    const agId = generateId('ag');
@@ -0,0 +1,106 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import { spawnSync } from 'child_process';
+
+import Database from 'better-sqlite3';
+
+/**
+ * Smoke tests for the q.ts sqlite-CLI replacement wrapper.
+ *
+ * Verifies the two modes (SELECT prints rows in sqlite3 default "list"
+ * format; mutation runs via db.exec) and a few edge cases that real
+ * skill invocations rely on.
+ */
+
+const Q = path.resolve(__dirname, 'q.ts');
+
+describe('scripts/q.ts', () => {
+  let tempDir: string;
+  let dbPath: string;
+
+  beforeEach(() => {
+    tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'q-test-'));
+    dbPath = path.join(tempDir, 'test.db');
+    const db = new Database(dbPath);
+    db.exec(`
+      CREATE TABLE t (id INTEGER, name TEXT, note TEXT);
+      INSERT INTO t (id, name, note) VALUES (1, 'alice', 'hi'), (2, 'bob', NULL);
+    `);
+    db.close();
+  });
+
+  afterEach(() => {
+    fs.rmSync(tempDir, { recursive: true, force: true });
+  });
+
+  function run(sql: string): { stdout: string; stderr: string; status: number } {
+    const r = spawnSync('pnpm', ['exec', 'tsx', Q, dbPath, sql], {
+      encoding: 'utf-8',
+      cwd: path.resolve(__dirname, '..'),
+    });
+    return { stdout: r.stdout ?? '', stderr: r.stderr ?? '', status: r.status ?? -1 };
+  }
+
+  it('SELECT prints pipe-separated rows in default order', () => {
+    const r = run('SELECT id, name FROM t ORDER BY id');
+    expect(r.status).toBe(0);
+    expect(r.stdout.trim()).toBe('1|alice\n2|bob');
+  });
+
+  it('SELECT renders NULL as empty string (matches sqlite3 default mode)', () => {
+    const r = run('SELECT id, note FROM t ORDER BY id');
+    expect(r.status).toBe(0);
+    expect(r.stdout.trim()).toBe('1|hi\n2|');
+  });
+
+  it('SELECT with no rows prints nothing', () => {
+    const r = run("SELECT id FROM t WHERE name = 'nobody'");
+    expect(r.status).toBe(0);
+    expect(r.stdout).toBe('');
+  });
+
+  it('INSERT runs via db.exec and persists', () => {
+    const r = run("INSERT INTO t (id, name) VALUES (3, 'carol')");
+    expect(r.status).toBe(0);
+    expect(r.stdout).toBe('');
+
+    const db = new Database(dbPath, { readonly: true });
+    const row = db.prepare('SELECT name FROM t WHERE id = 3').get() as { name: string };
+    db.close();
+    expect(row.name).toBe('carol');
+  });
+
+  it('compound mutation statements execute together', () => {
+    const r = run("DELETE FROM t WHERE id = 1; INSERT INTO t (id, name) VALUES (9, 'zed');");
+    expect(r.status).toBe(0);
+
+    const db = new Database(dbPath, { readonly: true });
+    const ids = (db.prepare('SELECT id FROM t ORDER BY id').all() as { id: number }[]).map(
+      (r) => r.id,
+    );
+    db.close();
+    expect(ids).toEqual([2, 9]);
+  });
+
+  it('WITH...DELETE is treated as a mutation, not a query', () => {
+    const r = run("WITH stale AS (SELECT id FROM t WHERE name = 'alice') DELETE FROM t WHERE id IN (SELECT id FROM stale)");
+    expect(r.status).toBe(0);
+    expect(r.stdout).toBe('');
+
+    const db = new Database(dbPath, { readonly: true });
+    const rows = db.prepare('SELECT name FROM t').all() as { name: string }[];
+    db.close();
+    expect(rows).toEqual([{ name: 'bob' }]);
+  });
+
+  it('exits 2 with usage when args are missing', () => {
+    const r = spawnSync('pnpm', ['exec', 'tsx', Q], {
+      encoding: 'utf-8',
+      cwd: path.resolve(__dirname, '..'),
+    });
+    expect(r.status).toBe(2);
+    expect(r.stderr).toMatch(/Usage/);
+  });
+});
@@ -0,0 +1,58 @@
+/**
+ * scripts/q.ts — sqlite3 CLI replacement for skill SQL invocations.
+ *
+ * Usage:
+ *   pnpm exec tsx scripts/q.ts <db-path> "<sql>"
+ *
+ * Uses better-sqlite3's stmt.reader property to distinguish queries
+ * (SELECT / WITH...SELECT) from mutations. Queries print rows in
+ * sqlite3 CLI default ("list") format — pipe-separated, no header —
+ * so existing skill text reads identically. Mutations run via
+ * stmt.run() (single statement) or db.exec() (compound).
+ *
+ * Why this exists: setup/verify.ts:5 codifies that NanoClaw avoids
+ * depending on the sqlite3 CLI binary; setup never installs or probes
+ * for it. Skills that shell out to `sqlite3` therefore fail on hosts
+ * where it isn't preinstalled (common on fresh Ubuntu — see #2191).
+ * This wrapper preserves the skill-text shape (path then SQL string)
+ * while routing through the better-sqlite3 dep that setup already
+ * installs and verifies.
+ */
+import Database from 'better-sqlite3';
+
+const [, , dbPath, sql] = process.argv;
+
+if (!dbPath || sql === undefined) {
+  console.error('Usage: pnpm exec tsx scripts/q.ts <db-path> "<sql>"');
+  process.exit(2);
+}
+
+const db = new Database(dbPath);
+try {
+  try {
+    const stmt = db.prepare(sql);
+    if (stmt.reader) {
+      const rows = stmt.all() as Record<string, unknown>[];
+      for (const row of rows) {
+        console.log(
+          Object.values(row)
+            .map((v) => (v === null ? '' : String(v)))
+            .join('|'),
+        );
+      }
+    } else {
+      stmt.run();
+    }
+  } catch (e: unknown) {
+    // better-sqlite3 throws on compound statements ("contains more than
+    // one statement"). Compound SQL in skills is always mutations
+    // (e.g. "DELETE ...; INSERT ...;"), so fall back to db.exec().
+    if (e instanceof Error && /more than one statement/i.test(e.message)) {
+      db.exec(sql);
+    } else {
+      throw e;
+    }
+  }
+} finally {
+  db.close();
+}
@@ -16,7 +16,7 @@ PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
 cd "$PROJECT_ROOT"

 # Keep in sync with .claude/skills/add-whatsapp/SKILL.md.
-BAILEYS_VERSION="@whiskeysockets/baileys@6.17.16"
+BAILEYS_VERSION="@whiskeysockets/baileys@7.0.0-rc.9"
 QRCODE_VERSION="qrcode@1.5.4"
 QRCODE_TYPES_VERSION="@types/qrcode@1.5.6"
 PINO_VERSION="pino@9.6.0"
@@ -14,8 +14,8 @@
 *                          "Terminal Agent".
 *   NANOCLAW_SKIP          comma-separated step names to skip
 *                          (environment|container|onecli|auth|mounts|
- *                           service|cli-agent|timezone|channel|verify|
- *                           first-chat)
+ *                           service|cli-agent|timezone|channel|
+ *                           verify|first-chat)
 *
 * Timezone is auto-detected after the CLI agent step. UTC resolves are
 * confirmed with the user, and free-text replies fall through to a
@@ -23,11 +23,13 @@
 */
 import { spawn, spawnSync } from 'child_process';
 import fs from 'fs';
+import * as os from 'os';
 import path from 'path';

 import * as p from '@clack/prompts';
 import k from 'kleur';

+import { BACK_TO_CHANNEL_SELECTION } from './lib/back-nav.js';
 import { runDiscordChannel } from './channels/discord.js';
 import { runIMessageChannel } from './channels/imessage.js';
 import { runSignalChannel } from './channels/signal.js';
@@ -46,21 +48,29 @@ import {
 } from './lib/setup-config-parse.js';
 import { runAdvancedScreen } from './lib/setup-config-screen.js';
 import { runWindowedStep } from './lib/windowed-runner.js';
+import { detectRegisteredGroups, detectExistingDisplayName } from './environment.js';
 import { pollHealth } from './onecli.js';
 import { getLaunchdLabel, getSystemdUnit } from '../src/install-slug.js';
 import { claudeCliAvailable, resolveTimezoneViaClaude } from './lib/tz-from-claude.js';
 import * as setupLog from './logs.js';
-import { ensureAnswer, fail, runQuietChild, runQuietStep } from './lib/runner.js';
+import { ensureAnswer, fail, runQuietChild, runQuietStep, spawnQuiet } from './lib/runner.js';
 import { emit as phEmit } from './lib/diagnostics.js';
-import { brandBold, brandChip, dimWrap, fitToWidth, wrapForGutter } from './lib/theme.js';
+import { accentGreen, brandBody, brandBold, brandChip, dimWrap, fitToWidth, fmtDuration, note, wrapForGutter } from './lib/theme.js';
 import { isValidTimezone } from '../src/timezone.js';

 const CLI_AGENT_NAME = 'Terminal Agent';
 const RUN_START = Date.now();

-type ChannelChoice = 'telegram' | 'discord' | 'whatsapp' | 'signal' | 'teams' | 'slack' | 'imessage' | 'skip';
+type ChannelChoice = 'telegram' | 'discord' | 'whatsapp' | 'signal' | 'teams' | 'slack' | 'imessage' | 'other' | 'skip';

 async function main(): Promise<void> {
+  // Make sure ~/.local/bin is on PATH for every child process we spawn.
+  // Installers we run mid-setup (OneCLI, claude) drop binaries there and
+  // append a PATH line to the user's shell rc, but rc updates don't reach
+  // an already-running Node process — so without this patch a freshly
+  // installed `onecli` is invisible to a subsequent `runInheritScript`.
+  ensureLocalBinOnPath();
+
  // Parse CLI flags first — `--help` short-circuits before we render anything,
  // and flag values get folded into process.env so existing step code reading
  // NANOCLAW_* sees them unchanged.
@@ -84,17 +94,21 @@ async function main(): Promise<void> {

  // Welcome menu — default path or open advanced overrides before any setup
  // work begins. Default lands on standard so Enter is the happy path.
-  const startChoice = ensureAnswer(
-    await brightSelect<'default' | 'advanced'>({
-      message: 'How would you like to begin?',
-      options: [
-        { value: 'default', label: 'Standard setup' },
-        { value: 'advanced', label: 'Advanced', hint: 'override defaults' },
-      ],
-      initialValue: 'default',
-    }),
-  ) as 'default' | 'advanced';
-  setupLog.userInput('start_choice', startChoice);
+  // On sg re-exec, the user already chose — skip straight to standard.
+  let startChoice: 'default' | 'advanced' = 'default';
+  if (process.env.NANOCLAW_REEXEC_SG !== '1') {
+    startChoice = ensureAnswer(
+      await brightSelect<'default' | 'advanced'>({
+        message: 'How would you like to begin?',
+        options: [
+          { value: 'default', label: 'Standard setup' },
+          { value: 'advanced', label: 'Advanced', hint: 'override defaults' },
+        ],
+        initialValue: 'default',
+      }),
+    ) as 'default' | 'advanced';
+    setupLog.userInput('start_choice', startChoice);
+  }
  if (startChoice === 'advanced') {
    configValues = await runAdvancedScreen(configValues);
    applyToEnv(configValues);
@@ -122,11 +136,13 @@ async function main(): Promise<void> {
  }

  if (!skip.has('container')) {
-    p.log.message(dimWrap('Your assistant lives in its own sandbox. It can only see what you explicitly share.', 4));
+    p.log.message(brandBody(dimWrap('Your assistant lives in its own sandbox. It can only see what you explicitly share.', 4)));
    p.log.message(
-      dimWrap(
-        'The first build pulls a base image and installs a few tools. On a fresh machine this usually takes 3–10 minutes.',
-        4,
+      brandBody(
+        dimWrap(
+          'The first build pulls a base image and installs a few tools. On a fresh machine this usually takes 3–10 minutes.',
+          4,
+        ),
      ),
    );
    const res = await runWindowedStep('container', {
@@ -161,9 +177,11 @@ async function main(): Promise<void> {

  if (!skip.has('onecli')) {
    p.log.message(
-      dimWrap(
-        'Your assistant never gets your API keys directly. The vault adds them to approved requests as they leave the sandbox.',
-        4,
+      brandBody(
+        dimWrap(
+          'Your assistant never gets your API keys directly. The vault adds them to approved requests as they leave the sandbox.',
+          4,
+        ),
      ),
    );

@@ -287,29 +305,39 @@ async function main(): Promise<void> {
      await fail('service', "Couldn't start NanoClaw.", 'See logs/nanoclaw.error.log for details.');
    }
    if (res.terminal?.fields.DOCKER_GROUP_STALE === 'true') {
-      p.log.warn("NanoClaw's permissions need a tweak before it can reach Docker.");
+      p.log.warn(brandBody("NanoClaw's permissions need a tweak before it can reach Docker."));
      p.log.message(
-        '  sudo setfacl -m u:$(whoami):rw /var/run/docker.sock\n' + `  systemctl --user restart ${getSystemdUnit()}`,
+        brandBody(
+          '  sudo setfacl -m u:$(whoami):rw /var/run/docker.sock\n' + `  systemctl --user restart ${getSystemdUnit()}`,
+        ),
      );
    }
  }

  let displayName: string | undefined;
-  const needsDisplayName = !skip.has('cli-agent') || !skip.has('channel');
-  if (needsDisplayName) {
-    const fallback = process.env.USER?.trim() || 'Operator';
+  async function resolveDisplayName(): Promise<string> {
+    if (displayName) return displayName;
    const preset = process.env.NANOCLAW_DISPLAY_NAME?.trim();
-    displayName = preset || (await askDisplayName(fallback));
+    const existing = detectExistingDisplayName(process.cwd());
+    const fallback = process.env.USER?.trim() || 'Operator';
+    displayName = preset || existing || (await askDisplayName(fallback));
+    return displayName;
+  }
+
+  if (!skip.has('cli-agent') && detectRegisteredGroups(process.cwd())) {
+    skip.add('cli-agent');
+    skip.add('first-chat');
  }

  if (!skip.has('cli-agent')) {
+    await resolveDisplayName();
    const res = await runQuietStep(
      'cli-agent',
      {
        running: 'Bringing your assistant online…',
        done: 'Assistant wired up.',
      },
-      ['--display-name', displayName!, '--agent-name', CLI_AGENT_NAME],
+      ['--display-name', displayName!, '--agent-name', CLI_AGENT_NAME, '--folder', '_ping-test'],
    );
    if (!res.ok) {
      await fail(
@@ -320,16 +348,39 @@ async function main(): Promise<void> {
    }
    if (!skip.has('first-chat')) {
      p.log.message(
-        dimWrap(
-          "Your assistant runs in an isolated sandbox. I'm going to send it a quick test message (ping) and wait for a reply (pong) to confirm it's responding. First startup typically takes 30–60 seconds while the sandbox warms up.",
-          4,
+        brandBody(
+          dimWrap(
+            "Your assistant runs in an isolated sandbox. I'm going to send it a quick test message (ping) and wait for a reply (pong) to confirm it's responding. First startup typically takes 30–60 seconds while the sandbox warms up.",
+            4,
+          ),
        ),
      );
      const ping = await confirmAssistantResponds();
      if (ping === 'ok') {
        phEmit('first_chat_ready');
+        const cleanupRawLog = setupLog.stepRawLog('cleanup-cli-agent');
+        const cleanupStart = Date.now();
+        const cleanup = await spawnQuiet(
+          'pnpm',
+          ['exec', 'tsx', 'scripts/delete-cli-agent.ts', '--folder', '_ping-test'],
+          cleanupRawLog,
+        );
+        setupLog.step(
+          'cleanup-cli-agent',
+          cleanup.ok ? 'success' : 'failed',
+          Date.now() - cleanupStart,
+          { exit_code: cleanup.exitCode },
+          cleanupRawLog,
+        );
+        if (!cleanup.ok) {
+          p.log.warn(
+            brandBody(
+              `Couldn't clean up the test agent — it may still appear in your agent list. See ${cleanupRawLog} for details.`,
+            ),
+          );
+        }
        const next = ensureAnswer(
-          await p.select({
+          await brightSelect<'continue' | 'chat'>({
            message: 'What next?',
            options: [
              {
@@ -345,7 +396,23 @@ async function main(): Promise<void> {
          }),
        ) as 'continue' | 'chat';
        setupLog.userInput('first_chat_choice', next);
-        if (next === 'chat') await runFirstChat();
+        if (next === 'chat') {
+          const terminalAgentName = `${displayName!}'s Terminal`;
+          const createRes = await runQuietChild(
+            'create-terminal-agent',
+            'pnpm',
+            ['exec', 'tsx', 'scripts/init-cli-agent.ts', '--display-name', displayName!, '--agent-name', terminalAgentName],
+            { running: `Creating ${terminalAgentName}…`, done: `${terminalAgentName} is ready.` },
+          );
+          if (!createRes.ok) {
+            await fail(
+              'create-terminal-agent',
+              `Couldn't create ${terminalAgentName}.`,
+              'You can retry later with `pnpm exec tsx scripts/init-cli-agent.ts`.',
+            );
+          }
+          await runFirstChat();
+        }
      } else {
        phEmit('first_chat_failed', { reason: ping });
        renderPingFailureNote(ping);
@@ -368,30 +435,51 @@ async function main(): Promise<void> {
    await runTimezoneStep();
  }

+  // v1 → v2 migration is handled by `bash migrate-v2.sh`, not the setup flow.
+  // Users migrating from v1 run that script before (or instead of) setup.
+
  let channelChoice: ChannelChoice = 'skip';
+
  if (!skip.has('channel')) {
-    channelChoice = await askChannelChoice();
-    if (channelChoice === 'telegram') {
-      await runTelegramChannel(displayName!);
-    } else if (channelChoice === 'discord') {
-      await runDiscordChannel(displayName!);
-    } else if (channelChoice === 'whatsapp') {
-      await runWhatsAppChannel(displayName!);
-    } else if (channelChoice === 'signal') {
-      await runSignalChannel(displayName!);
-    } else if (channelChoice === 'teams') {
-      await runTeamsChannel(displayName!);
-    } else if (channelChoice === 'slack') {
-      await runSlackChannel(displayName!);
-    } else if (channelChoice === 'imessage') {
-      await runIMessageChannel(displayName!);
-    } else {
-      p.log.info(
-        wrapForGutter(
-          'No messaging app for now. You can add one later (like Telegram, Discord, WhatsApp, Teams, Slack, or iMessage).',
-          4,
-        ),
-      );
+    // Loop so a channel sub-flow can return BACK_TO_CHANNEL_SELECTION on
+    // its first prompt and bounce the user back to the chooser without
+    // restarting setup. Channels not yet wired with the back option just
+    // return void and the loop exits after one pass.
+    let backed = true;
+    while (backed) {
+      backed = false;
+      channelChoice = await askChannelChoice();
+      if (channelChoice !== 'skip' && channelChoice !== 'other') {
+        await resolveDisplayName();
+      }
+      let result: void | typeof BACK_TO_CHANNEL_SELECTION;
+      if (channelChoice === 'telegram') {
+        result = await runTelegramChannel(displayName!);
+      } else if (channelChoice === 'discord') {
+        result = await runDiscordChannel(displayName!);
+      } else if (channelChoice === 'whatsapp') {
+        result = await runWhatsAppChannel(displayName!);
+      } else if (channelChoice === 'signal') {
+        result = await runSignalChannel(displayName!);
+      } else if (channelChoice === 'teams') {
+        result = await runTeamsChannel(displayName!);
+      } else if (channelChoice === 'slack') {
+        result = await runSlackChannel(displayName!);
+      } else if (channelChoice === 'imessage') {
+        result = await runIMessageChannel(displayName!);
+      } else if (channelChoice === 'other') {
+        await askOtherChannelName();
+      } else {
+        p.log.info(
+          brandBody(
+            wrapForGutter(
+              'No messaging app for now. You can add one later (like Telegram, Discord, WhatsApp, Teams, Slack, or iMessage).',
+              4,
+            ),
+          ),
+        );
+      }
+      if (result === BACK_TO_CHANNEL_SELECTION) backed = true;
    }
  }

@@ -420,14 +508,6 @@ async function main(): Promise<void> {
            6,
          ),
        );
-      } else {
-        const agentPing = res.terminal?.fields.AGENT_PING;
-        if (agentPing && agentPing !== 'ok' && agentPing !== 'skipped') {
-          notes.push(
-            "• Your assistant didn't reply to a test message. " +
-              'Check `logs/nanoclaw.log` for clues, then try `pnpm run chat hi`.',
-          );
-        }
      }
      if (!res.terminal?.fields.CONFIGURED_CHANNELS) {
        notes.push(
@@ -435,7 +515,7 @@ async function main(): Promise<void> {
        );
      }
      if (notes.length > 0) {
-        p.note(notes.join('\n'), "What's left");
+        note(notes.join('\n'), "What's left");
      }
      // "What's left" is a soft failure — we don't abort like fail(), but the
      // user is still stuck and a fix is exactly what claude-assist is for.
@@ -447,7 +527,6 @@ async function main(): Promise<void> {
        unresolved_count: notes.length,
        service_running: res.terminal?.fields.SERVICE === 'running',
        has_credentials: res.terminal?.fields.CREDENTIALS === 'configured',
-        agent_responds: res.terminal?.fields.AGENT_PING === 'ok',
      });
      await offerClaudeAssist({
        stepName: 'verify',
@@ -467,11 +546,11 @@ async function main(): Promise<void> {
  ];
  const labelWidth = Math.max(...rows.map(([l]) => l.length));
  const nextSteps = rows.map(([l, c]) => `${k.cyan(l.padEnd(labelWidth))}  ${c}`).join('\n');
-  p.note(nextSteps, 'Try these');
+  note(nextSteps, 'Try these');

  // Always-on warning goes before the "check your DMs" directive so the
  // caveat doesn't land after the user's already looked away at their phone.
-  p.note(
+  note(
    wrapForGutter(
      "NanoClaw runs on this machine. It's only reachable while this computer is on and connected to the internet. For always-on availability, run it on a cloud VM — or keep this machine awake.",
      6,
@@ -488,7 +567,7 @@ async function main(): Promise<void> {
    // that the welcome-message signal was too easy to miss. Use p.note so it
    // renders with a visible box, cyan-bold the directive line, and put it
    // as the last thing before outro.
-    p.note(`${brandBold('→')} ${k.bold(`Check your ${dmTarget} — your assistant is saying hi.`)}`, 'Go say hi');
+    note(`${brandBold('→')} ${k.bold(`Check your ${dmTarget} — your assistant is saying hi.`)}`, 'Go say hi');
    p.outro(k.green("You're set."));
  } else {
    p.outro(k.green("You're ready! Chat with `pnpm run chat hi`."));
@@ -510,10 +589,7 @@ function channelDmLabel(choice: ChannelChoice): string | null {
    case 'imessage':
      return 'iMessage';
    case 'slack':
-      // Slack install doesn't wire an agent or send a welcome DM — the
-      // driver prints its own "finish in your Slack app" note. Falling
-      // through to null avoids a misleading "check your Slack DMs" banner.
-      return null;
+      return 'Slack DMs';
    default:
      return null;
  }
@@ -532,18 +608,16 @@ async function confirmAssistantResponds(): Promise<PingResult> {
  const s = p.spinner();
  const start = Date.now();
  const label = 'Waking your assistant…';
-  s.start(fitToWidth(label, ' (999s)'));
+  s.start(fitToWidth(label, ' (99m 59s)'));
  const tick = setInterval(() => {
-    const elapsed = Math.round((Date.now() - start) / 1000);
-    const suffix = ` (${elapsed}s)`;
+    const suffix = ` (${fmtDuration(Date.now() - start)})`;
    s.message(`${fitToWidth(label, suffix)}${k.dim(suffix)}`);
  }, 1000);

  const result = await pingCliAgent();

  clearInterval(tick);
-  const elapsed = Math.round((Date.now() - start) / 1000);
-  const suffix = ` (${elapsed}s)`;
+  const suffix = ` (${fmtDuration(Date.now() - start)})`;
  if (result === 'ok') {
    s.stop(`${k.bold(fitToWidth('Your assistant is ready.', suffix))}${k.dim(suffix)}`);
  } else {
@@ -570,7 +644,7 @@ function renderPingFailureNote(result: PingResult): void {
          'No reply from your assistant within 30 seconds. Check `logs/nanoclaw.log` for clues, then try `pnpm run chat hi`.',
          6,
        );
-  p.note(body, 'Skipping the first chat');
+  note(body, 'Skipping the first chat');
 }

 /**
@@ -585,7 +659,7 @@ function renderPingFailureNote(result: PingResult): void {
 * clearly optional.
 */
 async function runFirstChat(): Promise<void> {
-  p.note(
+  note(
    wrapForGutter(
      [
        'Your assistant runs in a sandbox on this machine.',
@@ -632,7 +706,7 @@ function sendChatMessage(message: string): Promise<void> {

 async function runAuthStep(): Promise<void> {
  if (anthropicSecretExists()) {
-    p.log.success('Your Claude account is already connected.');
+    p.log.success(brandBody('Your Claude account is already connected.'));
    setupLog.step('auth', 'skipped', 0, { REASON: 'secret-already-present' });
    return;
  }
@@ -680,7 +754,7 @@ async function runAuthStep(): Promise<void> {
 }

 async function runSubscriptionAuth(): Promise<void> {
-  p.log.step('Opening the Claude sign-in flow…');
+  p.log.step(brandBody('Opening the Claude sign-in flow…'));
  console.log(k.dim('   (a browser will open for sign-in; this part is interactive)'));
  console.log();
  const start = Date.now();
@@ -699,7 +773,7 @@ async function runSubscriptionAuth(): Promise<void> {
    );
  }
  setupLog.step('auth', 'interactive', durationMs, { METHOD: 'subscription' });
-  p.log.success('Claude account connected.');
+  p.log.success(brandBody('Claude account connected.'));
 }

 async function runPasteAuth(method: 'oauth' | 'api'): Promise<void> {
@@ -709,16 +783,27 @@ async function runPasteAuth(method: 'oauth' | 'api'): Promise<void> {
  const answer = ensureAnswer(
    await p.password({
      message: `Paste your ${label}`,
+      clearOnError: true,
      validate: (v) => {
-        if (!v || !v.trim()) return 'Required';
-        if (!v.trim().startsWith(prefix)) {
+        // Strip any internal whitespace so a line-wrapped paste that did
+        // survive into clack can still validate. The mid-token-newline
+        // case where clack only sees the first line is caught by the
+        // shape check below.
+        const cleaned = (v ?? '').replace(/\s+/g, '');
+        if (!cleaned) return 'Required';
+        if (!cleaned.startsWith(prefix)) {
          return `Should start with ${prefix}…`;
        }
+        if (method === 'oauth' && !/^sk-ant-oat[A-Za-z0-9_-]{80,500}AA$/.test(cleaned)) {
+          return cleaned.length < 90
+            ? 'Token looks truncated — line breaks in the paste can cut it off. Widen your terminal so the token fits on one line, then paste again.'
+            : "Token shape doesn't look right (expected sk-ant-oat…AA).";
+        }
        return undefined;
      },
    }),
  );
-  const token = (answer as string).trim();
+  const token = (answer as string).replace(/\s+/g, '');

  const res = await runQuietChild(
    'auth',
@@ -922,9 +1007,11 @@ async function runTimezoneStep(): Promise<void> {
      tz = await resolveTimezoneViaClaude(raw);
    } else {
      p.log.warn(
-        wrapForGutter(
-          "That's not a standard IANA zone and I can't call Claude to interpret it here — try again with a zone like `America/New_York` or `Europe/London`.",
-          4,
+        brandBody(
+          wrapForGutter(
+            "That's not a standard IANA zone and I can't call Claude to interpret it here — try again with a zone like `America/New_York` or `Europe/London`.",
+            4,
+          ),
        ),
      );
    }
@@ -967,7 +1054,7 @@ async function runTimezoneStep(): Promise<void> {
 async function askDisplayName(fallback: string): Promise<string> {
  const answer = ensureAnswer(
    await p.text({
-      message: 'What should your assistant call you?',
+      message: `What should your assistant call ${accentGreen('you')}?`,
      placeholder: fallback,
      defaultValue: fallback,
    }),
@@ -1002,6 +1089,7 @@ async function askChannelChoice(): Promise<ChannelChoice> {
          hint: 'needs public URL',
        },
        { value: 'teams', label: 'Yes, connect Microsoft Teams', hint: 'complex setup' },
+        { value: 'other', label: 'Other…', hint: 'install via /add-<name> after setup' },
        { value: 'skip', label: 'Skip for now', hint: "I'll just use the terminal" },
      ],
    }),
@@ -1011,8 +1099,36 @@ async function askChannelChoice(): Promise<ChannelChoice> {
  return choice;
 }

+async function askOtherChannelName(): Promise<void> {
+  const answer = ensureAnswer(
+    await p.text({
+      message: 'Which channel would you like to install?',
+      placeholder: 'e.g. matrix, github, linear, webex',
+    }),
+  );
+  const name = (answer as string).trim().toLowerCase().replace(/^\/?(add-)?/, '');
+  setupLog.userInput('other_channel', name);
+  phEmit('channel_other_named', { channel: name });
+  p.log.info(
+    brandBody(
+      wrapForGutter(
+        `No bash installer for ${k.bold(name)} — open Claude Code after setup and run ${k.bold(`/add-${name}`)} to install it.`,
+        4,
+      ),
+    ),
+  );
+}
+
 // ─── interactive / env helpers ─────────────────────────────────────────

+function ensureLocalBinOnPath(): void {
+  const localBin = path.join(os.homedir(), '.local', 'bin');
+  const current = process.env.PATH ?? '';
+  const segments = current.split(path.delimiter).filter(Boolean);
+  if (segments.includes(localBin)) return;
+  process.env.PATH = current ? `${localBin}${path.delimiter}${current}` : localBin;
+}
+
 function anthropicSecretExists(): boolean {
  try {
    const res = spawnSync('onecli', ['secrets', 'list'], {
@@ -1089,10 +1205,12 @@ function maybeReexecUnderSg(): void {
  if (!/permission denied/i.test(err)) return;
  if (spawnSync('which', ['sg'], { stdio: 'ignore' }).status !== 0) return;

-  p.log.warn('Docker socket not accessible in current group. Re-executing under `sg docker`.');
+  p.log.warn(brandBody('Docker socket not accessible in current group. Re-executing under `sg docker`.'));
+  const existingSkip = (process.env.NANOCLAW_SKIP ?? '').split(',').map((s) => s.trim()).filter(Boolean);
+  const skipList = [...new Set([...existingSkip, ...setupLog.completedStepNames()])].join(',');
  const res = spawnSync('sg', ['docker', '-c', 'pnpm run setup:auto'], {
    stdio: 'inherit',
-    env: { ...process.env, NANOCLAW_REEXEC_SG: '1' },
+    env: { ...process.env, NANOCLAW_REEXEC_SG: '1', ...(skipList ? { NANOCLAW_SKIP: skipList } : {}) },
  });
  process.exit(res.status ?? 1);
 }
@@ -27,10 +27,13 @@ import * as p from '@clack/prompts';
 import k from 'kleur';

 import * as setupLog from '../logs.js';
+import { BACK_TO_CHANNEL_SELECTION, type ChannelFlowResult } from '../lib/back-nav.js';
 import { brightSelect } from '../lib/bright-select.js';
-import { confirmThenOpen } from '../lib/browser.js';
+import { confirmThenOpen, formatNoteLink } from '../lib/browser.js';
 import { askOperatorRole } from '../lib/role-prompt.js';
 import { ensureAnswer, fail, runQuietChild } from '../lib/runner.js';
+import { readEnvKey } from '../environment.js';
+import { accentGreen, brandBody, fmtDuration, note } from '../lib/theme.js';

 const DEFAULT_AGENT_NAME = 'Nano';
 const DISCORD_API = 'https://discord.com/api/v10';
@@ -46,8 +49,10 @@ interface AppInfo {
  owner: { id: string; username: string } | null;
 }

-export async function runDiscordChannel(displayName: string): Promise<void> {
-  const hasBot = await askHasBotToken();
+export async function runDiscordChannel(displayName: string): Promise<ChannelFlowResult> {
+  const choice = await askHasBotToken();
+  if (choice === 'back') return BACK_TO_CHANNEL_SELECTION;
+  const hasBot = choice === 'yes';
  if (!hasBot) {
    await walkThroughBotCreation();
  }
@@ -140,22 +145,23 @@ export async function runDiscordChannel(displayName: string): Promise<void> {
  }
 }

-async function askHasBotToken(): Promise<boolean> {
+async function askHasBotToken(): Promise<'yes' | 'no' | 'back'> {
  const answer = ensureAnswer(
    await brightSelect({
      message: 'Do you already have a Discord bot?',
      options: [
        { value: 'yes', label: 'Yes, I have a bot token ready' },
        { value: 'no', label: "No, walk me through creating one" },
+        { value: 'back', label: '← Back to channel selection' },
      ],
    }),
  );
-  return answer === 'yes';
+  return answer as 'yes' | 'no' | 'back';
 }

 async function walkThroughBotCreation(): Promise<void> {
  const url = 'https://discord.com/developers/applications';
-  p.note(
+  note(
    [
      "You'll create a Discord bot in the Developer Portal. It's free and takes about a minute.",
      '',
@@ -163,9 +169,8 @@ async function walkThroughBotCreation(): Promise<void> {
      '  2. In the "Bot" tab, click "Reset Token" and copy the token',
      '  3. On the same tab, enable "Message Content Intent"',
      '     (under Privileged Gateway Intents)',
-      '',
-      k.dim(url),
-    ].join('\n'),
+      formatNoteLink(url),
+    ].filter((line): line is string => line !== null).join('\n'),
    'Create a Discord bot',
  );
  await confirmThenOpen(url, 'Press Enter to open the Developer Portal');
@@ -184,7 +189,7 @@ function showTokenLocationReminder(hasExistingBot: boolean): void {
  // to find it — tokens in the Dev Portal aren't visible after first reveal,
  // and "Reset Token" issues a new one.
  if (hasExistingBot) {
-    p.note(
+    note(
      [
        "Where to find your bot token:",
        '',
@@ -216,16 +221,15 @@ async function walkThroughServerCreation(): Promise<void> {
  // the web client and rely on the + button being visible. The steps below
  // are the same whether they're in the desktop app or the browser.
  const url = 'https://discord.com/channels/@me';
-  p.note(
+  note(
    [
      "A Discord server is just a private space for you and the bot. Free and takes 30 seconds.",
      '',
      '  1. In Discord, click the "+" at the bottom of the server list',
      '  2. Choose "Create My Own" → "For me and my friends"',
      '  3. Give it any name (e.g. "NanoClaw")',
-      '',
-      k.dim(url),
-    ].join('\n'),
+      formatNoteLink(url),
+    ].filter((line): line is string => line !== null).join('\n'),
    'Create a Discord server',
  );
  await confirmThenOpen(url, 'Press Enter to open Discord');
@@ -239,9 +243,22 @@ async function walkThroughServerCreation(): Promise<void> {
 }

 async function collectDiscordToken(): Promise<string> {
+  const existing = readEnvKey('DISCORD_BOT_TOKEN');
+  if (existing && /^[A-Za-z0-9._-]{50,}$/.test(existing)) {
+    const reuse = ensureAnswer(await p.confirm({
+      message: `Found an existing Discord bot token (${existing.slice(0, 10)}…). Use it?`,
+      initialValue: true,
+    }));
+    if (reuse) {
+      setupLog.userInput('discord_token', 'reused-existing');
+      return existing;
+    }
+  }
+
  const answer = ensureAnswer(
    await p.password({
      message: 'Paste your bot token',
+      clearOnError: true,
      validate: (v) => {
        const t = (v ?? '').trim();
        if (!t) return 'Token is required';
@@ -275,9 +292,8 @@ async function validateDiscordToken(token: string): Promise<string> {
      username?: string;
      message?: string;
    };
-    const elapsedS = Math.round((Date.now() - start) / 1000);
    if (res.ok && data.username) {
-      s.stop(`Found your bot: @${data.username}. ${k.dim(`(${elapsedS}s)`)}`);
+      s.stop(`Found your bot: @${data.username}. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`);
      setupLog.step('discord-validate', 'success', Date.now() - start, {
        BOT_USERNAME: data.username,
        BOT_ID: data.id ?? '',
@@ -295,8 +311,7 @@ async function validateDiscordToken(token: string): Promise<string> {
      'Copy the token again from the Developer Portal and retry setup.',
    );
  } catch (err) {
-    const elapsedS = Math.round((Date.now() - start) / 1000);
-    s.stop(`Couldn't reach Discord. ${k.dim(`(${elapsedS}s)`)}`, 1);
+    s.stop(`Couldn't reach Discord. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`, 1);
    const message = err instanceof Error ? err.message : String(err);
    setupLog.step('discord-validate', 'failed', Date.now() - start, {
      ERROR: message,
@@ -324,7 +339,6 @@ async function fetchApplicationInfo(token: string): Promise<AppInfo> {
      team?: unknown;
      message?: string;
    };
-    const elapsedS = Math.round((Date.now() - start) / 1000);
    if (!res.ok || !data.id || !data.verify_key) {
      const reason = data.message ?? `HTTP ${res.status}`;
      s.stop(`Couldn't read application info: ${reason}`, 1);
@@ -337,7 +351,7 @@ async function fetchApplicationInfo(token: string): Promise<AppInfo> {
        'Re-run setup. If it keeps failing, check the bot token has the right scopes.',
      );
    }
-    s.stop(`Got your application details. ${k.dim(`(${elapsedS}s)`)}`);
+    s.stop(`Got your application details. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`);
    // owner is populated for solo applications; team-owned apps return a
    // team object instead and we'll fall back to a manual user-id prompt.
    const owner =
@@ -355,8 +369,7 @@ async function fetchApplicationInfo(token: string): Promise<AppInfo> {
      owner,
    };
  } catch (err) {
-    const elapsedS = Math.round((Date.now() - start) / 1000);
-    s.stop(`Couldn't reach Discord. ${k.dim(`(${elapsedS}s)`)}`, 1);
+    s.stop(`Couldn't reach Discord. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`, 1);
    const message = err instanceof Error ? err.message : String(err);
    setupLog.step('discord-app-info', 'failed', Date.now() - start, {
      ERROR: message,
@@ -385,14 +398,14 @@ async function resolveOwnerUserId(
    }
  } else {
    p.log.info(
-      "Your bot is owned by a Developer Team, so we need your Discord user ID directly.",
+      brandBody("Your bot is owned by a Developer Team, so we need your Discord user ID directly."),
    );
  }
  return await promptForUserIdWithDevMode();
 }

 async function promptForUserIdWithDevMode(): Promise<string> {
-  p.note(
+  note(
    [
      "To get your Discord user ID:",
      '',
@@ -430,15 +443,14 @@ async function promptInviteBot(
    `&scope=bot` +
    `&permissions=${INVITE_PERMISSIONS}`;

-  p.note(
+  note(
    [
      `@${botUsername} needs to share a server with you before it can DM you.`,
      '',
      '  1. Pick any server you\'re in (a personal one is fine)',
      '  2. Click "Authorize"',
-      '',
-      k.dim(url),
-    ].join('\n'),
+      formatNoteLink(url),
+    ].filter((line): line is string => line !== null).join('\n'),
    'Add bot to a server',
  );
  await confirmThenOpen(url, 'Press Enter to open the invite page');
@@ -465,7 +477,6 @@ async function openDmChannel(token: string, userId: string): Promise<string> {
      body: JSON.stringify({ recipient_id: userId }),
    });
    const data = (await res.json()) as { id?: string; message?: string };
-    const elapsedS = Math.round((Date.now() - start) / 1000);
    if (!res.ok || !data.id) {
      const reason = data.message ?? `HTTP ${res.status}`;
      s.stop(`Couldn't open a DM channel: ${reason}`, 1);
@@ -478,14 +489,13 @@ async function openDmChannel(token: string, userId: string): Promise<string> {
        'Make sure the bot is in a server you\'re also in, then retry setup.',
      );
    }
-    s.stop(`DM channel ready. ${k.dim(`(${elapsedS}s)`)}`);
+    s.stop(`DM channel ready. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`);
    setupLog.step('discord-open-dm', 'success', Date.now() - start, {
      DM_CHANNEL_ID: data.id,
    });
    return data.id;
  } catch (err) {
-    const elapsedS = Math.round((Date.now() - start) / 1000);
-    s.stop(`Couldn't reach Discord. ${k.dim(`(${elapsedS}s)`)}`, 1);
+    s.stop(`Couldn't reach Discord. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`, 1);
    const message = err instanceof Error ? err.message : String(err);
    setupLog.step('discord-open-dm', 'failed', Date.now() - start, {
      ERROR: message,
@@ -506,7 +516,7 @@ async function resolveAgentName(): Promise<string> {
  }
  const answer = ensureAnswer(
    await p.text({
-      message: 'What should your assistant be called?',
+      message: `What should your ${accentGreen('assistant')} be called?`,
      placeholder: DEFAULT_AGENT_NAME,
      defaultValue: DEFAULT_AGENT_NAME,
    }),
@@ -33,10 +33,12 @@ import * as p from '@clack/prompts';
 import k from 'kleur';

 import * as setupLog from '../logs.js';
+import { BACK_TO_CHANNEL_SELECTION, type ChannelFlowResult } from '../lib/back-nav.js';
 import { brightSelect } from '../lib/bright-select.js';
 import { askOperatorRole } from '../lib/role-prompt.js';
 import { ensureAnswer, fail, runQuietChild } from '../lib/runner.js';
-import { wrapForGutter } from '../lib/theme.js';
+import { accentGreen, note, wrapForGutter } from '../lib/theme.js';
+import { readEnvKey } from '../environment.js';

 const DEFAULT_AGENT_NAME = 'Nano';

@@ -47,10 +49,11 @@ interface RemoteCreds {
  apiKey: string;
 }

-export async function runIMessageChannel(displayName: string): Promise<void> {
+export async function runIMessageChannel(displayName: string): Promise<ChannelFlowResult> {
  const isMac = os.platform() === 'darwin';

  const mode = await askMode(isMac);
+  if (mode === 'back') return BACK_TO_CHANNEL_SELECTION;
  let remoteCreds: RemoteCreds | null = null;

  if (mode === 'local') {
@@ -138,34 +141,38 @@ export async function runIMessageChannel(displayName: string): Promise<void> {
  }
 }

-async function askMode(isMac: boolean): Promise<Mode> {
+async function askMode(isMac: boolean): Promise<Mode | 'back'> {
+  const baseOptions = isMac
+    ? [
+        {
+          value: 'local' as const,
+          label: 'Local (this Mac)',
+          hint: "uses this machine's iMessage account",
+        },
+        {
+          value: 'remote' as const,
+          label: 'Remote (Photon API)',
+          hint: 'the bot lives on another server',
+        },
+      ]
+    : [
+        {
+          value: 'remote' as const,
+          label: 'Remote (Photon API)',
+          hint: 'only option off macOS',
+        },
+      ];
  const choice = ensureAnswer(
-    await brightSelect<Mode>({
+    await brightSelect<Mode | 'back'>({
      message: 'How should iMessage run?',
      initialValue: isMac ? 'local' : 'remote',
-      options: isMac
-        ? [
-            {
-              value: 'local',
-              label: 'Local (this Mac)',
-              hint: "uses this machine's iMessage account",
-            },
-            {
-              value: 'remote',
-              label: 'Remote (Photon API)',
-              hint: 'the bot lives on another server',
-            },
-          ]
-        : [
-            {
-              value: 'remote',
-              label: 'Remote (Photon API)',
-              hint: 'only option off macOS',
-            },
-          ],
+      options: [
+        ...baseOptions,
+        { value: 'back', label: '← Back to channel selection' },
+      ],
    }),
  );
-  setupLog.userInput('imessage_mode', String(choice));
+  if (choice !== 'back') setupLog.userInput('imessage_mode', String(choice));
  return choice;
 }

@@ -189,7 +196,7 @@ async function walkThroughFullDiskAccess(): Promise<void> {
  }
  const nodeDir = path.dirname(nodePath);

-  p.note(
+  note(
    wrapForGutter(
      [
        `iMessage needs Full Disk Access granted to the Node binary:`,
@@ -222,7 +229,20 @@ async function walkThroughFullDiskAccess(): Promise<void> {
 }

 async function collectRemoteCreds(): Promise<RemoteCreds> {
-  p.note(
+  const existingUrl = readEnvKey('IMESSAGE_SERVER_URL');
+  const existingKey = readEnvKey('IMESSAGE_API_KEY');
+  if (existingUrl && existingKey && /^https?:\/\//i.test(existingUrl)) {
+    const reuse = ensureAnswer(await p.confirm({
+      message: `Found existing Photon credentials (${existingUrl}). Use them?`,
+      initialValue: true,
+    }));
+    if (reuse) {
+      setupLog.userInput('imessage_remote_creds', 'reused-existing');
+      return { serverUrl: existingUrl, apiKey: existingKey };
+    }
+  }
+
+  note(
    [
      "Photon is a separate service that owns an iMessage account and",
      "exposes it over HTTP. NanoClaw will talk to it via its API.",
@@ -250,6 +270,7 @@ async function collectRemoteCreds(): Promise<RemoteCreds> {
  const keyAnswer = ensureAnswer(
    await p.password({
      message: 'Photon API key',
+      clearOnError: true,
      validate: (v) => ((v ?? '').trim() ? undefined : 'API key is required'),
    }),
  );
@@ -264,7 +285,7 @@ async function collectRemoteCreds(): Promise<RemoteCreds> {
 }

 async function askOperatorHandle(): Promise<string> {
-  p.note(
+  note(
    [
      "What phone number or email do you iMessage with?",
      "That's where your assistant will send its welcome message.",
@@ -303,7 +324,7 @@ async function resolveAgentName(): Promise<string> {
  }
  const answer = ensureAnswer(
    await p.text({
-      message: 'What should your assistant be called?',
+      message: `What should your ${accentGreen('assistant')} be called?`,
      placeholder: DEFAULT_AGENT_NAME,
      defaultValue: DEFAULT_AGENT_NAME,
    }),
@@ -33,6 +33,8 @@ import k from 'kleur';

 import * as setupLog from '../logs.js';
 import { getLaunchdLabel, getSystemdUnit } from '../../src/install-slug.js';
+import { BACK_TO_CHANNEL_SELECTION, type ChannelFlowResult } from '../lib/back-nav.js';
+import { brightSelect } from '../lib/bright-select.js';
 import {
  type Block,
  type StepResult,
@@ -44,10 +46,37 @@ import {
  writeStepEntry,
 } from '../lib/runner.js';
 import { askOperatorRole } from '../lib/role-prompt.js';
+import { accentGreen, fmtDuration, note } from '../lib/theme.js';

 const DEFAULT_AGENT_NAME = 'Nano';

-export async function runSignalChannel(displayName: string): Promise<void> {
+export async function runSignalChannel(displayName: string): Promise<ChannelFlowResult> {
+  note(
+    [
+      "NanoClaw links to Signal as a *secondary* device on your existing",
+      "phone — no new number needed. Your assistant will send and receive",
+      "messages as the number on that phone.",
+      '',
+      "Here's what's about to happen — no input needed for any of it:",
+      '',
+      '  1. Set up signal-cli (auto-installs if missing)',
+      '  2. Install the Signal adapter',
+      '  3. Show a QR code — scan it from Signal → Settings → Linked Devices',
+      '  4. Wire your assistant and send a welcome message',
+    ].join('\n'),
+    'Set up Signal',
+  );
+
+  const proceed = ensureAnswer(await brightSelect<'continue' | 'back'>({
+    message: 'Ready to set up Signal?',
+    options: [
+      { value: 'continue', label: 'Continue' },
+      { value: 'back', label: '← Back to channel selection' },
+    ],
+    initialValue: 'continue',
+  }));
+  if (proceed === 'back') return BACK_TO_CHANNEL_SELECTION;
+
  await ensureSignalCli();

  const install = await runQuietChild(
@@ -133,42 +162,74 @@ export async function runSignalChannel(displayName: string): Promise<void> {

 async function ensureSignalCli(): Promise<void> {
  const cli = process.env.SIGNAL_CLI_PATH || 'signal-cli';
-  const probe = spawnSync(cli, ['--version'], {
-    stdio: ['ignore', 'pipe', 'pipe'],
-  });
-  if (!probe.error && probe.status === 0) return;
+  const probeFor = (): boolean => {
+    const r = spawnSync(cli, ['--version'], {
+      stdio: ['ignore', 'pipe', 'pipe'],
+    });
+    return !r.error && r.status === 0;
+  };
+  if (probeFor()) return;

+  note(
+    [
+      "NanoClaw talks to Signal through signal-cli, which isn't installed yet.",
+      "We'll install it for you now — about 30 seconds, one-time only.",
+      '',
+      process.platform === 'darwin'
+        ? "On this Mac we'll use Homebrew (no admin password needed)."
+        : "On Linux we'll grab the native release binary (no Java needed) and install it to ~/.local/bin.",
+    ].join('\n'),
+    'Setting up signal-cli',
+  );
+
+  const install = await runQuietChild(
+    'install-signal-cli',
+    'bash',
+    ['setup/install-signal-cli.sh'],
+    {
+      running: 'Installing signal-cli…',
+      done: 'signal-cli installed.',
+    },
+  );
+
+  if (install.ok && probeFor()) return;
+
+  const reason = install.terminal?.fields.ERROR;
  if (process.platform === 'darwin') {
-    p.note(
+    note(
      [
-        "NanoClaw talks to Signal through signal-cli, which isn't installed yet.",
+        "We couldn't install signal-cli automatically.",
+        reason === 'homebrew_not_installed'
+          ? '  Reason: Homebrew is not installed.'
+          : `  Reason: ${reason ?? 'unknown'}.`,
        '',
-        'The quickest way on macOS is Homebrew:',
+        'You can install it manually:',
        '',
        k.cyan('  brew install signal-cli'),
        '',
-        "Install it in another terminal, then re-run setup.",
+        'Then re-run setup.',
      ].join('\n'),
-      'signal-cli not found',
+      "Couldn't install signal-cli",
    );
  } else {
-    p.note(
+    note(
      [
-        "NanoClaw talks to Signal through signal-cli, which isn't installed yet.",
+        "We couldn't install signal-cli automatically.",
+        `  Reason: ${reason ?? 'unknown'}.`,
        '',
-        'Grab the latest release from GitHub:',
+        'You can install it manually from GitHub:',
        '',
        k.cyan('  https://github.com/AsamK/signal-cli/releases'),
        '',
-        "Install it, make sure `signal-cli --version` works, then re-run setup.",
+        'Then re-run setup.',
      ].join('\n'),
-      'signal-cli not found',
+      "Couldn't install signal-cli",
    );
  }
  await fail(
-    'signal-install',
-    'signal-cli is required but not installed.',
-    'Install it and re-run setup.',
+    'install-signal-cli',
+    'signal-cli is required but the auto-install failed.',
+    'Install it manually and re-run setup.',
  );
 }

@@ -323,8 +384,7 @@ async function restartService(): Promise<void> {
    // Give the adapter a moment to connect to signal-cli before
    // init-first-agent's welcome DM hits the delivery path.
    await new Promise((r) => setTimeout(r, 5000));
-    const elapsed = Math.round((Date.now() - start) / 1000);
-    s.stop(`NanoClaw restarted. ${k.dim(`(${elapsed}s)`)}`);
+    s.stop(`NanoClaw restarted. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`);
    setupLog.step('signal-restart', 'success', Date.now() - start, {
      PLATFORM: platform,
    });
@@ -346,7 +406,7 @@ async function resolveAgentName(): Promise<string> {
  }
  const answer = ensureAnswer(
    await p.text({
-      message: 'What should your assistant be called?',
+      message: `What should your ${accentGreen('assistant')} be called?`,
      placeholder: DEFAULT_AGENT_NAME,
      defaultValue: DEFAULT_AGENT_NAME,
    }),
@@ -1,24 +1,23 @@
 /**
 * Slack channel flow for setup:auto.
 *
- * `runSlackChannel(displayName)` walks the operator from a bare Slack
- * workspace through a running bot, then stops before wiring an agent:
+ * `runSlackChannel(displayName)` owns the full branch from creating a
+ * Slack app through the welcome DM:
 *
 *   1. Walk through creating a Slack app (api.slack.com/apps) — scopes,
 *      event subscriptions, and signing secret
 *   2. Paste the bot token + signing secret (clack password prompts)
 *   3. Validate via auth.test → resolves workspace + bot identity
 *   4. Install the adapter (setup/add-slack.sh, non-interactive)
- *   5. Print the post-install checklist: set the public webhook URL in
- *      Slack's Event Subscriptions, DM the bot to bootstrap the channel,
- *      then `/manage-channels` to wire an agent.
+ *   5. Ask for the operator's Slack user ID
+ *   6. conversations.open to get the DM channel ID
+ *   7. Ask for the messaging-agent name (defaulting to "Nano")
+ *   8. Wire the agent via scripts/init-first-agent.ts
 *
- * Why no welcome DM here: unlike Discord/Telegram (gateway / long-poll),
- * Slack needs a public Event Subscriptions URL for inbound events, and
- * opening an unsolicited DM would need `im:write` scope we don't force
- * the SKILL.md to require. Shipping a honest "here's what's left" note
- * is better than a welcome DM the user won't receive until they
- * configure the webhook anyway.
+ * The welcome DM is sent via outbound delivery (chat.postMessage), which
+ * works without Event Subscriptions being configured. The user sees the
+ * greeting in Slack immediately; inbound replies require webhooks, so the
+ * post-install note covers that.
 *
 * All output obeys the three-level contract. See docs/setup-flow.md.
 */
@@ -26,12 +25,18 @@ import * as p from '@clack/prompts';
 import k from 'kleur';

 import * as setupLog from '../logs.js';
-import { confirmThenOpen } from '../lib/browser.js';
+import { BACK_TO_CHANNEL_SELECTION, type ChannelFlowResult } from '../lib/back-nav.js';
+import { brightSelect } from '../lib/bright-select.js';
+import { openUrl } from '../lib/browser.js';
+import { isHeadless } from '../platform.js';
+import { askOperatorRole } from '../lib/role-prompt.js';
 import { ensureAnswer, fail, runQuietChild } from '../lib/runner.js';
-import { wrapForGutter } from '../lib/theme.js';
+import { readEnvKey } from '../environment.js';
+import { accentGreen, fmtDuration, note, wrapForGutter } from '../lib/theme.js';

 const SLACK_API = 'https://slack.com/api';
 const SLACK_APPS_URL = 'https://api.slack.com/apps';
+const DEFAULT_AGENT_NAME = 'Nano';

 interface WorkspaceInfo {
  teamName: string;
@@ -40,11 +45,9 @@ interface WorkspaceInfo {
  botUserId: string;
 }

-// displayName is reserved for when we start wiring the first agent here.
-// Kept to match the `run<X>Channel(displayName)` signature every other
-// channel driver uses, so auto.ts can dispatch without a branch.
-export async function runSlackChannel(_displayName: string): Promise<void> {
-  await walkThroughAppCreation();
+export async function runSlackChannel(displayName: string): Promise<ChannelFlowResult> {
+  const intro = await walkThroughAppCreation();
+  if (intro === 'back') return BACK_TO_CHANNEL_SELECTION;

  const token = await collectBotToken();
  const signingSecret = await collectSigningSecret();
@@ -78,29 +81,92 @@ export async function runSlackChannel(_displayName: string): Promise<void> {
    );
  }

+  const ownerUserId = await collectSlackUserId();
+  const dmChannelId = await openDmChannel(token, ownerUserId);
+  const platformId = `slack:${dmChannelId}`;
+
+  const role = await askOperatorRole('Slack');
+  setupLog.userInput('slack_role', role);
+
+  const agentName = await resolveAgentName();
+
+  const init = await runQuietChild(
+    'init-first-agent',
+    'pnpm',
+    [
+      'exec', 'tsx', 'scripts/init-first-agent.ts',
+      '--channel', 'slack',
+      '--user-id', `slack:${ownerUserId}`,
+      '--platform-id', platformId,
+      '--display-name', displayName,
+      '--agent-name', agentName,
+      '--role', role,
+    ],
+    {
+      running: `Wiring ${agentName} to your Slack DMs…`,
+      done: 'Agent wired.',
+    },
+    {
+      extraFields: {
+        CHANNEL: 'slack',
+        AGENT_NAME: agentName,
+        PLATFORM_ID: platformId,
+      },
+    },
+  );
+  if (!init.ok) {
+    await fail(
+      'init-first-agent',
+      `Couldn't finish connecting ${agentName}.`,
+      'You can retry later with `/init-first-agent` in Claude Code.',
+    );
+  }
+
  showPostInstallChecklist(info);
 }

-async function walkThroughAppCreation(): Promise<void> {
-  p.note(
+async function walkThroughAppCreation(): Promise<'continue' | 'back'> {
+  // Bright-white ANSI overrides the surrounding brand-cyan from `note()`'s
+  // per-line formatter so the URL stands out against the rest of the body.
+  const linkBlock = isHeadless()
+    ? [`\x1b[97mGet started: ${SLACK_APPS_URL}\x1b[39m`, '']
+    : [];
+
+  note(
    [
      "You'll create a Slack app that the assistant talks through.",
      "Free and stays inside the workspaces you pick.",
      '',
+      ...linkBlock,
      '  1. Create a new app "From scratch", name it, pick a workspace',
      '  2. OAuth & Permissions → add Bot Token Scopes:',
-      '     chat:write, channels:history, groups:history, im:history,',
-      '     channels:read, groups:read, users:read, reactions:write',
+      '     • im:write, im:history',
+      '     • channels:read, channels:history',
+      '     • groups:read, groups:history',
+      '     • chat:write',
+      '     • users:read',
+      '     • reactions:write',
      '  3. App Home → enable "Messages Tab" and "Allow users to send',
      '     slash commands and messages from the messages tab"',
      '  4. Basic Information → copy the "Signing Secret"',
      '  5. Install to Workspace → copy the "Bot User OAuth Token" (xoxb-…)',
-      '',
-      k.dim(SLACK_APPS_URL),
    ].join('\n'),
    'Create a Slack app',
  );
-  await confirmThenOpen(SLACK_APPS_URL, 'Press Enter to open Slack app settings');
+
+  // Back-aware gate replacing the old `confirmThenOpen` "Press Enter to open
+  // Slack app settings" so users can bail out of Slack before we open the
+  // browser or ask for tokens.
+  const choice = ensureAnswer(await brightSelect<'open' | 'back'>({
+    message: 'Open Slack app settings in your browser?',
+    options: [
+      { value: 'open', label: 'Open Slack app settings' },
+      { value: 'back', label: '← Back to channel selection' },
+    ],
+    initialValue: 'open',
+  }));
+  if (choice === 'back') return 'back';
+  if (!isHeadless()) openUrl(SLACK_APPS_URL);

  ensureAnswer(
    await p.confirm({
@@ -108,12 +174,26 @@ async function walkThroughAppCreation(): Promise<void> {
      initialValue: true,
    }),
  );
+  return 'continue';
 }

 async function collectBotToken(): Promise<string> {
+  const existing = readEnvKey('SLACK_BOT_TOKEN');
+  if (existing && existing.startsWith('xoxb-') && existing.length >= 24) {
+    const reuse = ensureAnswer(await p.confirm({
+      message: `Found an existing Slack bot token (${existing.slice(0, 10)}…). Use it?`,
+      initialValue: true,
+    }));
+    if (reuse) {
+      setupLog.userInput('slack_bot_token', 'reused-existing');
+      return existing;
+    }
+  }
+
  const answer = ensureAnswer(
    await p.password({
      message: 'Paste your Slack bot token',
+      clearOnError: true,
      validate: (v) => {
        const t = (v ?? '').trim();
        if (!t) return 'Token is required';
@@ -132,9 +212,22 @@ async function collectBotToken(): Promise<string> {
 }

 async function collectSigningSecret(): Promise<string> {
+  const existing = readEnvKey('SLACK_SIGNING_SECRET');
+  if (existing && /^[a-f0-9]{16,}$/i.test(existing)) {
+    const reuse = ensureAnswer(await p.confirm({
+      message: 'Found an existing Slack signing secret. Use it?',
+      initialValue: true,
+    }));
+    if (reuse) {
+      setupLog.userInput('slack_signing_secret', 'reused-existing');
+      return existing;
+    }
+  }
+
  const answer = ensureAnswer(
    await p.password({
      message: 'Paste your Slack signing secret',
+      clearOnError: true,
      validate: (v) => {
        const t = (v ?? '').trim();
        if (!t) return 'Signing secret is required';
@@ -175,10 +268,9 @@ async function validateSlackToken(token: string): Promise<WorkspaceInfo> {
      user_id?: string;
      error?: string;
    };
-    const elapsedS = Math.round((Date.now() - start) / 1000);
    if (data.ok && data.team && data.user) {
      s.stop(
-        `Connected to ${data.team} as @${data.user}. ${k.dim(`(${elapsedS}s)`)}`,
+        `Connected to ${data.team} as @${data.user}. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`,
      );
      const info: WorkspaceInfo = {
        teamName: data.team,
@@ -207,8 +299,7 @@ async function validateSlackToken(token: string): Promise<WorkspaceInfo> {
        : `Slack said "${reason}". Check the token scopes and workspace install, then retry.`,
    );
  } catch (err) {
-    const elapsedS = Math.round((Date.now() - start) / 1000);
-    s.stop(`Couldn't reach Slack. ${k.dim(`(${elapsedS}s)`)}`, 1);
+    s.stop(`Couldn't reach Slack. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`, 1);
    const message = err instanceof Error ? err.message : String(err);
    setupLog.step('slack-validate', 'failed', Date.now() - start, {
      ERROR: message,
@@ -221,26 +312,133 @@ async function validateSlackToken(token: string): Promise<WorkspaceInfo> {
  }
 }

+async function collectSlackUserId(): Promise<string> {
+  note(
+    [
+      "To get your Slack member ID:",
+      '',
+      '  1. In Slack, click your profile picture (top right)',
+      '  2. Click "Profile"',
+      '  3. Click the three dots (⋯) → "Copy member ID"',
+    ].join('\n'),
+    'Find your Slack user ID',
+  );
+  const answer = ensureAnswer(
+    await p.text({
+      message: 'Paste your Slack member ID',
+      validate: (v) => {
+        const t = (v ?? '').trim();
+        if (!t) return 'Member ID is required';
+        if (!/^U[A-Z0-9]{8,}$/.test(t)) {
+          return "That doesn't look like a Slack member ID (starts with U)";
+        }
+        return undefined;
+      },
+    }),
+  );
+  const id = (answer as string).trim();
+  setupLog.userInput('slack_user_id', id);
+  return id;
+}
+
+async function openDmChannel(token: string, userId: string): Promise<string> {
+  const s = p.spinner();
+  const start = Date.now();
+  s.start('Opening a DM channel…');
+  try {
+    const res = await fetch(`${SLACK_API}/conversations.open`, {
+      method: 'POST',
+      headers: {
+        Authorization: `Bearer ${token}`,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({ users: userId }),
+    });
+    const data = (await res.json()) as {
+      ok?: boolean;
+      channel?: { id?: string };
+      error?: string;
+    };
+    if (data.ok && data.channel?.id) {
+      s.stop(`DM channel ready. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`);
+      setupLog.step('slack-open-dm', 'success', Date.now() - start, {
+        DM_CHANNEL_ID: data.channel.id,
+      });
+      return data.channel.id;
+    }
+    const reason = data.error ?? `HTTP ${res.status}`;
+    s.stop(`Couldn't open a DM channel: ${reason}`, 1);
+    setupLog.step('slack-open-dm', 'failed', Date.now() - start, {
+      ERROR: reason,
+    });
+    if (reason === 'missing_scope') {
+      await fail(
+        'slack-open-dm',
+        "Your Slack app is missing the im:write scope.",
+        'Go to OAuth & Permissions in your Slack app settings, add the im:write scope, reinstall the app, then retry setup.',
+      );
+    }
+    await fail(
+      'slack-open-dm',
+      "Couldn't open a DM channel with you.",
+      `Slack said "${reason}". Check the member ID and app permissions, then retry.`,
+    );
+  } catch (err) {
+    s.stop(`Couldn't reach Slack. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`, 1);
+    const message = err instanceof Error ? err.message : String(err);
+    setupLog.step('slack-open-dm', 'failed', Date.now() - start, {
+      ERROR: message,
+    });
+    await fail(
+      'slack-open-dm',
+      "Couldn't reach Slack.",
+      'Check your internet connection and retry setup.',
+    );
+  }
+}
+
+async function resolveAgentName(): Promise<string> {
+  const preset = process.env.NANOCLAW_AGENT_NAME?.trim();
+  if (preset) {
+    setupLog.userInput('agent_name', preset);
+    return preset;
+  }
+  const answer = ensureAnswer(
+    await p.text({
+      message: `What should your ${accentGreen('assistant')} be called?`,
+      placeholder: DEFAULT_AGENT_NAME,
+      defaultValue: DEFAULT_AGENT_NAME,
+    }),
+  );
+  const value = (answer as string).trim() || DEFAULT_AGENT_NAME;
+  setupLog.userInput('agent_name', value);
+  return value;
+}
+
 function showPostInstallChecklist(info: WorkspaceInfo): void {
-  p.note(
+  note(
    wrapForGutter(
      [
-        `The Slack adapter is installed and your creds are saved. ${info.teamName} still needs two things before it can talk to you:`,
+        `Your agent is wired to Slack and a welcome DM is on its way.`,
+        `To receive replies, Slack needs a public URL for delivering events:`,
        '',
-        '  1. A public URL so Slack can deliver events.',
-        '     NanoClaw serves a webhook on port 3000 by default — expose it',
-        '     via ngrok, Cloudflare Tunnel, or a reverse proxy on a VPS.',
+        '  1. Expose NanoClaw\'s webhook server (port 3000) via ngrok,',
+        '     Cloudflare Tunnel, or a reverse proxy on a VPS.',
        '',
        '  2. In your Slack app → Event Subscriptions:',
        '     • Toggle "Enable Events" on',
        `     • Request URL: https://<your-public-host>/webhook/slack`,
        '     • Subscribe to bot events: message.channels, message.groups,',
        '       message.im, app_mention',
-        '     • Save, then reinstall the app when Slack prompts',
+        '     • Save Changes',
        '',
-        `  3. DM @${info.botName} from Slack once — that bootstraps the`,
-        '     messaging group. Then run `/manage-channels` in `claude` to',
-        '     wire an agent to it.',
+        '  3. In your Slack app → Interactivity & Shortcuts:',
+        '     • Toggle "Interactivity" on',
+        `     • Request URL: https://<your-public-host>/webhook/slack`,
+        '     • Save Changes',
+        '',
+        '  4. Slack will prompt you to reinstall the app — do it to apply',
+        '     the new settings',
      ].join('\n'),
      6,
    ),
@@ -30,6 +30,7 @@ import path from 'path';
 import * as p from '@clack/prompts';
 import k from 'kleur';

+import { BACK_TO_CHANNEL_SELECTION, type ChannelFlowResult } from '../lib/back-nav.js';
 import { brightSelect } from '../lib/bright-select.js';
 import { confirmThenOpen } from '../lib/browser.js';
 import {
@@ -40,7 +41,9 @@ import {
 } from '../lib/claude-handoff.js';
 import { ensureAnswer, fail, runQuietChild } from '../lib/runner.js';
 import { buildTeamsAppPackage } from '../lib/teams-manifest.js';
+import { note } from '../lib/theme.js';
 import * as setupLog from '../logs.js';
+import { readEnvKey } from '../environment.js';

 const CHANNEL = 'teams';
 const MANIFEST_DIR = path.join(process.cwd(), 'data', 'teams');
@@ -55,20 +58,62 @@ interface Collected {
  agentName?: string;
 }

-export async function runTeamsChannel(_displayName: string): Promise<void> {
+export async function runTeamsChannel(_displayName: string): Promise<ChannelFlowResult> {
  const collected: Collected = {};
  const completed: string[] = [];

+  const existingAppId = readEnvKey('TEAMS_APP_ID');
+  const existingPassword = readEnvKey('TEAMS_APP_PASSWORD');
+  if (existingAppId && existingPassword) {
+    const choice = ensureAnswer(await brightSelect<'yes' | 'no' | 'back'>({
+      message: `Found existing Teams credentials (App ID: ${existingAppId.slice(0, 8)}…). Use them?`,
+      options: [
+        { value: 'yes', label: 'Yes, use the existing credentials' },
+        { value: 'no', label: "No, set up new ones" },
+        { value: 'back', label: '← Back to channel selection' },
+      ],
+      initialValue: 'yes',
+    }));
+    if (choice === 'back') return BACK_TO_CHANNEL_SELECTION;
+    if (choice === 'yes') {
+      collected.appId = existingAppId;
+      collected.appPassword = existingPassword;
+      collected.appType = (readEnvKey('TEAMS_APP_TYPE') as 'SingleTenant' | 'MultiTenant') || 'MultiTenant';
+      if (collected.appType === 'SingleTenant') {
+        collected.tenantId = readEnvKey('TEAMS_APP_TENANT_ID') ?? undefined;
+      }
+      setupLog.userInput('teams_credentials', 'reused-existing');
+      await installAdapter(collected);
+      completed.push('Adapter installed and service restarted (reused existing credentials).');
+      await finishWithHandoff(collected, completed);
+      return;
+    }
+  }
+
  printIntro();

-  await confirmPrereqs({ collected, completed });
+  const prereqsResult = await confirmPrereqs({ collected, completed });
+  if (prereqsResult === 'back') return BACK_TO_CHANNEL_SELECTION;
  await stepPublicUrl({ collected, completed });
-  await stepAppRegistration({ collected, completed });
-  await stepClientSecret({ collected, completed });
-  await stepAzureBot({ collected, completed });
-  await stepEnableTeamsChannel({ collected, completed });
+  if (await stepAppRegistration({ collected, completed }) === 'back') {
+    return BACK_TO_CHANNEL_SELECTION;
+  }
+  if (await stepClientSecret({ collected, completed }) === 'back') {
+    return BACK_TO_CHANNEL_SELECTION;
+  }
+  if (await stepAzureBot({ collected, completed }) === 'back') {
+    return BACK_TO_CHANNEL_SELECTION;
+  }
+  if (await stepEnableTeamsChannel({ collected, completed }) === 'back') {
+    return BACK_TO_CHANNEL_SELECTION;
+  }
  const manifestResult = await stepGenerateManifest({ collected, completed });
-  await stepSideload({ collected, completed, zipPath: manifestResult.zipPath });
+  if (
+    await stepSideload({ collected, completed, zipPath: manifestResult.zipPath })
+    === 'back'
+  ) {
+    return BACK_TO_CHANNEL_SELECTION;
+  }

  await installAdapter(collected);
  completed.push('Adapter installed and service restarted.');
@@ -79,7 +124,7 @@ export async function runTeamsChannel(_displayName: string): Promise<void> {
 // ─── step: intro / prereqs ──────────────────────────────────────────────

 function printIntro(): void {
-  p.note(
+  note(
    [
      'Setting up Teams is more involved than the other channels — about',
      '7 steps across the Azure portal and Teams admin.',
@@ -92,8 +137,8 @@ function printIntro(): void {
  );
 }

-async function confirmPrereqs(args: { collected: Collected; completed: string[] }): Promise<void> {
-  p.note(
+async function confirmPrereqs(args: { collected: Collected; completed: string[] }): Promise<'continue' | 'back'> {
+  note(
    [
      'Before we start, confirm you have:',
      '',
@@ -107,19 +152,42 @@ async function confirmPrereqs(args: { collected: Collected; completed: string[]
    'Prereqs',
  );

-  await stepGate({
-    stepName: 'teams-prereqs',
-    stepDescription: 'confirming they have the right Microsoft 365 tenant and tunnel',
-    reshow: () => confirmPrereqs(args),
-    args,
-  });
+  // Back-aware variant of stepGate — Back is only offered on the very first
+  // step of the Teams flow so users can bail out before any state is taken.
+  while (true) {
+    const choice = ensureAnswer(
+      await brightSelect<'done' | 'help' | 'reshow' | 'back'>({
+        message: 'How did that go?',
+        options: [
+          { value: 'done', label: "Done — let's continue" },
+          { value: 'help', label: 'Stuck — hand me off to Claude' },
+          { value: 'reshow', label: 'Show me the steps again' },
+          { value: 'back', label: '← Back to channel selection' },
+        ],
+      }),
+    );
+    if (choice === 'back') return 'back';
+    if (choice === 'done') break;
+    if (choice === 'help') {
+      await offerHandoff({
+        step: 'teams-prereqs',
+        stepDescription: 'confirming they have the right Microsoft 365 tenant and tunnel',
+        args,
+      });
+      continue;
+    }
+    if (choice === 'reshow') {
+      return confirmPrereqs(args);
+    }
+  }
  args.completed.push('Prereqs confirmed.');
+  return 'continue';
 }

 // ─── step: public URL ──────────────────────────────────────────────────

 async function stepPublicUrl(args: { collected: Collected; completed: string[] }): Promise<void> {
-  p.note(
+  note(
    [
      "Azure Bot Service delivers messages to an HTTPS endpoint you",
      "control. The endpoint needs to reach this machine's webhook",
@@ -174,8 +242,8 @@ async function stepPublicUrl(args: { collected: Collected; completed: string[] }
 async function stepAppRegistration(args: {
  collected: Collected;
  completed: string[];
-}): Promise<void> {
-  p.note(
+}): Promise<'continue' | 'back'> {
+  note(
    [
      `1. In ${AZURE_PORTAL_URL}, search "App registrations" → "New registration"`,
      '2. Name it (e.g. "NanoClaw")',
@@ -207,15 +275,17 @@ async function stepAppRegistration(args: {
    );
  }

-  await stepGate({
+  const gate = await stepGate({
    stepName: 'teams-app-registration',
    stepDescription: 'registering an app in Azure and collecting App ID + tenant type',
    reshow: () => stepAppRegistration(args),
    args,
  });
+  if (gate === 'back') return 'back';
  args.completed.push(
    `App registered: ${args.collected.appId} (${args.collected.appType})`,
  );
+  return 'continue';
 }

 async function askAppType(args: {
@@ -258,8 +328,8 @@ async function askAppType(args: {
 async function stepClientSecret(args: {
  collected: Collected;
  completed: string[];
-}): Promise<void> {
-  p.note(
+}): Promise<'continue' | 'back'> {
+  note(
    [
      `1. In your app registration, open "Certificates & secrets"`,
      '2. Click "New client secret"',
@@ -276,6 +346,7 @@ async function stepClientSecret(args: {
    const answer = ensureAnswer(
      await p.password({
        message: 'Paste the client secret Value',
+        clearOnError: true,
        validate: validateWithHelpEscape((v) => {
          const t = (v ?? '').trim();
          if (!t) return 'Required';
@@ -300,13 +371,15 @@ async function stepClientSecret(args: {
    break;
  }

-  await stepGate({
+  const gate = await stepGate({
    stepName: 'teams-client-secret',
    stepDescription: 'creating and copying the client secret',
    reshow: () => stepClientSecret(args),
    args,
  });
+  if (gate === 'back') return 'back';
  args.completed.push('Client secret captured.');
+  return 'continue';
 }

 // ─── step: Azure Bot resource ──────────────────────────────────────────
@@ -314,7 +387,7 @@ async function stepClientSecret(args: {
 async function stepAzureBot(args: {
  collected: Collected;
  completed: string[];
-}): Promise<void> {
+}): Promise<'continue' | 'back'> {
  const endpoint = `${args.collected.publicUrl}/api/webhooks/teams`;
  const tenantFlag =
    args.collected.appType === 'SingleTenant'
@@ -328,7 +401,7 @@ async function stepAzureBot(args: {
    `  --appid ${args.collected.appId} \\\n` +
    `  ${tenantFlag}--endpoint "${endpoint}"`;

-  p.note(
+  note(
    [
      `In ${AZURE_PORTAL_URL}, search "Azure Bot" → Create.`,
      '',
@@ -349,14 +422,16 @@ async function stepAzureBot(args: {
    'Step 3 of 6 — Create Azure Bot resource',
  );

-  await stepGate({
+  const gate = await stepGate({
    stepName: 'teams-azure-bot',
    stepDescription:
      'creating an Azure Bot resource linked to the app registration and setting the messaging endpoint',
    reshow: () => stepAzureBot(args),
    args,
  });
+  if (gate === 'back') return 'back';
  args.completed.push('Azure Bot created; messaging endpoint configured.');
+  return 'continue';
 }

 // ─── step: enable Teams channel ────────────────────────────────────────
@@ -364,8 +439,8 @@ async function stepAzureBot(args: {
 async function stepEnableTeamsChannel(args: {
  collected: Collected;
  completed: string[];
-}): Promise<void> {
-  p.note(
+}): Promise<'continue' | 'back'> {
+  note(
    [
      '1. Open your Azure Bot resource → Channels',
      '2. Click Microsoft Teams → Accept terms → Apply',
@@ -375,13 +450,15 @@ async function stepEnableTeamsChannel(args: {
    ].join('\n'),
    'Step 4 of 6 — Enable Teams channel on the bot',
  );
-  await stepGate({
+  const gate = await stepGate({
    stepName: 'teams-enable-channel',
    stepDescription: 'enabling the Microsoft Teams channel on the Azure Bot resource',
    reshow: () => stepEnableTeamsChannel(args),
    args,
  });
+  if (gate === 'back') return 'back';
  args.completed.push('Teams channel enabled on the bot.');
+  return 'continue';
 }

 // ─── step: manifest zip ────────────────────────────────────────────────
@@ -434,8 +511,8 @@ async function stepSideload(args: {
  collected: Collected;
  completed: string[];
  zipPath: string;
-}): Promise<void> {
-  p.note(
+}): Promise<'continue' | 'back'> {
+  note(
    [
      '1. Open Microsoft Teams',
      '2. Go to Apps → Manage your apps → Upload an app',
@@ -449,13 +526,15 @@ async function stepSideload(args: {
    ].join('\n'),
    'Step 5 of 6 — Sideload the app into Teams',
  );
-  await stepGate({
+  const gate = await stepGate({
    stepName: 'teams-sideload',
    stepDescription: 'uploading the generated zip into Teams as a custom app',
-    reshow: () => stepSideload(args),
+    reshow: () => stepSideload({ ...args, zipPath: args.zipPath }),
    args,
  });
+  if (gate === 'back') return 'back';
  args.completed.push('App sideloaded into Teams.');
+  return 'continue';
 }

 // ─── step: install adapter ─────────────────────────────────────────────
@@ -501,7 +580,7 @@ async function finishWithHandoff(
  collected: Collected,
  completed: string[],
 ): Promise<void> {
-  p.note(
+  note(
    [
      'The Teams adapter is live and the service is running.',
      '',
@@ -530,7 +609,7 @@ async function finishWithHandoff(
  );

  if (choice === 'self') {
-    p.note(
+    note(
      [
        '  1. Find your bot in Teams (search by name, or via the sideloaded',
        '     app) and send it a message ("hi" is fine)',
@@ -567,9 +646,9 @@ async function finishWithHandoff(
 async function stepGate(args: {
  stepName: string;
  stepDescription: string;
-  reshow: () => Promise<void> | Promise<unknown>;
+  reshow: () => Promise<'continue' | 'back'>;
  args: { collected: Collected; completed: string[] };
-}): Promise<void> {
+}): Promise<'continue' | 'back'> {
  while (true) {
    const choice = ensureAnswer(
      await brightSelect({
@@ -578,10 +657,12 @@ async function stepGate(args: {
          { value: 'done', label: "Done — let's continue" },
          { value: 'help', label: 'Stuck — hand me off to Claude' },
          { value: 'reshow', label: 'Show me the steps again' },
+          { value: 'back', label: '← Back to channel selection' },
        ],
      }),
    );
-    if (choice === 'done') return;
+    if (choice === 'done') return 'continue';
+    if (choice === 'back') return 'back';
    if (choice === 'help') {
      await offerHandoff({
        step: args.stepName,
@@ -591,8 +672,7 @@ async function stepGate(args: {
      continue;
    }
    if (choice === 'reshow') {
-      await args.reshow();
-      return;
+      return args.reshow();
    }
  }
 }
@@ -21,7 +21,10 @@ import * as p from '@clack/prompts';
 import k from 'kleur';

 import * as setupLog from '../logs.js';
-import { confirmThenOpen } from '../lib/browser.js';
+import { isHeadless } from '../platform.js';
+import { BACK_TO_CHANNEL_SELECTION, type ChannelFlowResult } from '../lib/back-nav.js';
+import { confirmThenOpen, formatNoteLink, openUrl } from '../lib/browser.js';
+import { brightSelect } from '../lib/bright-select.js';
 import { askOperatorRole } from '../lib/role-prompt.js';
 import {
  type Block,
@@ -33,12 +36,15 @@ import {
  spawnStep,
  writeStepEntry,
 } from '../lib/runner.js';
-import { brandBold } from '../lib/theme.js';
+import { readEnvKey } from '../environment.js';
+import { accentGreen, brandBold, fitToWidth, fmtDuration, note } from '../lib/theme.js';

 const DEFAULT_AGENT_NAME = 'Nano';

-export async function runTelegramChannel(displayName: string): Promise<void> {
-  const token = await collectTelegramToken();
+export async function runTelegramChannel(displayName: string): Promise<ChannelFlowResult> {
+  const tokenOrBack = await collectTelegramToken();
+  if (tokenOrBack === 'back') return BACK_TO_CHANNEL_SELECTION;
+  const token = tokenOrBack;
  const botUsername = await validateTelegramToken(token);

  // Deep-link the user into the bot's chat so they're on the right screen
@@ -47,15 +53,37 @@ export async function runTelegramChannel(displayName: string): Promise<void> {
  // installed, or the bot's web profile if not. tg://resolve?domain= is
  // more direct but silently fails when the scheme isn't registered.
  const botUrl = `https://t.me/${botUsername}`;
-  p.note(
-    [
+  // Two card variants — auto-open fires only on GUI, so headless users
+  // need full self-serve instructions inside the card itself, while GUI
+  // users get a leaner status line plus the auto-open + a single
+  // combined dim fallback line (URL + mobile alternative) on the
+  // confirm prompt below.
+  if (isHeadless()) {
+    note(
+      [
+        `Open @${botUsername} in Telegram now — the pairing code is coming next, and that's where you'll send it.`,
+        '',
+        `Get started: ${botUrl}`,
+        '',
+        `Don't have Telegram installed here? Open it on any device and search for @${botUsername}`,
+      ].join('\n'),
+      'Open Telegram',
+    );
+  } else {
+    note(
      `Opening @${botUsername} in Telegram so it's ready when the pairing code shows up.`,
-      '',
-      k.dim(botUrl),
-    ].join('\n'),
-    'Open Telegram',
-  );
-  await confirmThenOpen(botUrl, 'Press Enter to open Telegram');
+      'Open Telegram',
+    );
+    ensureAnswer(
+      await p.confirm({
+        message: `Press Enter to open Telegram (must be installed here)\n${k.dim(
+          `If browser does not appear, please visit: ${botUrl} — or search for @${botUsername} in Telegram`,
+        )}`,
+        initialValue: true,
+      }),
+    );
+    openUrl(botUrl);
+  }

  const install = await runQuietChild(
    'telegram-install',
@@ -131,13 +159,32 @@ export async function runTelegramChannel(displayName: string): Promise<void> {
  }
 }

-async function collectTelegramToken(): Promise<string> {
-  p.note(
+async function collectTelegramToken(): Promise<string | 'back'> {
+  const existing = readEnvKey('TELEGRAM_BOT_TOKEN');
+  if (existing && /^[0-9]+:[A-Za-z0-9_-]{35,}$/.test(existing)) {
+    const choice = ensureAnswer(await brightSelect<'yes' | 'no' | 'back'>({
+      message: `Found an existing Telegram bot token (${existing.slice(0, 8)}…). Use it?`,
+      options: [
+        { value: 'yes', label: 'Yes, use the existing token' },
+        { value: 'no', label: 'No, paste a new one' },
+        { value: 'back', label: '← Back to channel selection' },
+      ],
+      initialValue: 'yes',
+    }));
+    if (choice === 'back') return 'back';
+    if (choice === 'yes') {
+      setupLog.userInput('telegram_token', 'reused-existing');
+      return existing;
+    }
+    // 'no' falls through to the paste flow below
+  }
+
+  note(
    [
      "Your assistant talks to you through a Telegram bot you create.",
      "Here's how:",
      '',
-      '  1. Open Telegram and message @BotFather',
+      "  1. Open Telegram and message @BotFather — Telegram's official bot for creating and managing bots",
      '  2. Send /newbot and follow the prompts',
      '  3. Copy the token it gives you (it looks like <digits>:<chars>)',
      '',
@@ -147,9 +194,23 @@ async function collectTelegramToken(): Promise<string> {
    'Set up your Telegram bot',
  );

+  // Back-aware gate before the password prompt — `p.password` doesn't
+  // accept extra options, so we offer Back as a separate brightSelect
+  // immediately after the BotFather instructions and before the paste.
+  const proceed = ensureAnswer(await brightSelect<'continue' | 'back'>({
+    message: 'Ready to paste your bot token?',
+    options: [
+      { value: 'continue', label: 'Yes, paste it on the next prompt' },
+      { value: 'back', label: '← Back to channel selection' },
+    ],
+    initialValue: 'continue',
+  }));
+  if (proceed === 'back') return 'back';
+
  const answer = ensureAnswer(
    await p.password({
      message: 'Paste your bot token',
+      clearOnError: true,
      validate: (v) => {
        if (!v || !v.trim()) return "Token is required";
        if (!/^[0-9]+:[A-Za-z0-9_-]{35,}$/.test(v.trim())) {
@@ -178,10 +239,9 @@ async function validateTelegramToken(token: string): Promise<string> {
      result?: { username?: string; id?: number };
      description?: string;
    };
-    const elapsedS = Math.round((Date.now() - start) / 1000);
    if (data.ok && data.result?.username) {
      const username = data.result.username;
-      s.stop(`Found your bot: @${username}. ${k.dim(`(${elapsedS}s)`)}`);
+      s.stop(`Found your bot: @${username}. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`);
      setupLog.step('telegram-validate', 'success', Date.now() - start, {
        BOT_USERNAME: username,
        BOT_ID: data.result.id ?? '',
@@ -199,8 +259,7 @@ async function validateTelegramToken(token: string): Promise<string> {
      'Copy the token again from @BotFather and try setup once more.',
    );
  } catch (err) {
-    const elapsedS = Math.round((Date.now() - start) / 1000);
-    s.stop(`Couldn't reach Telegram. ${k.dim(`(${elapsedS}s)`)}`, 1);
+    s.stop(`Couldn't reach Telegram. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`, 1);
    const message = err instanceof Error ? err.message : String(err);
    setupLog.step('telegram-validate', 'failed', Date.now() - start, {
      ERROR: message,
@@ -240,12 +299,12 @@ async function runPairTelegram(): Promise<
        } else {
          stopSpinner("Old code expired. Here's a fresh one.");
        }
-        p.note(formatCodeCard(block.fields.CODE ?? '????'), 'Secret code');
-        s.start('Waiting for you to send the code from Telegram…');
+        note(formatCodeCard(block.fields.CODE ?? '????'), 'Secret code');
+        s.start(fitToWidth('Waiting for you to send the code from Telegram…', ''));
        spinnerActive = true;
      } else if (block.type === 'PAIR_TELEGRAM_ATTEMPT') {
        stopSpinner(`Got "${block.fields.CANDIDATE ?? '?'}", not a match.`);
-        s.start('Waiting for the correct code…');
+        s.start(fitToWidth('Waiting for the correct code…', ''));
        spinnerActive = true;
      } else if (block.type === 'PAIR_TELEGRAM') {
        if (block.fields.STATUS === 'success') {
@@ -291,7 +350,7 @@ async function resolveAgentName(): Promise<string> {
  }
  const answer = ensureAnswer(
    await p.text({
-      message: 'What should your assistant be called?',
+      message: `What should your ${accentGreen('assistant')} be called?`,
      placeholder: DEFAULT_AGENT_NAME,
      defaultValue: DEFAULT_AGENT_NAME,
    }),
@@ -33,6 +33,7 @@ import * as p from '@clack/prompts';
 import k from 'kleur';

 import * as setupLog from '../logs.js';
+import { BACK_TO_CHANNEL_SELECTION, type ChannelFlowResult } from '../lib/back-nav.js';
 import { brightSelect } from '../lib/bright-select.js';
 import { getLaunchdLabel, getSystemdUnit } from '../../src/install-slug.js';
 import {
@@ -46,15 +47,16 @@ import {
  writeStepEntry,
 } from '../lib/runner.js';
 import { askOperatorRole } from '../lib/role-prompt.js';
-import { brandBold } from '../lib/theme.js';
+import { accentGreen, brandBody, brandBold, fmtDuration, note } from '../lib/theme.js';

 const DEFAULT_AGENT_NAME = 'Nano';
 const AUTH_CREDS_PATH = path.join(process.cwd(), 'store', 'auth', 'creds.json');

 type AuthMethod = 'qr' | 'pairing-code';

-export async function runWhatsAppChannel(displayName: string): Promise<void> {
+export async function runWhatsAppChannel(displayName: string): Promise<ChannelFlowResult> {
  const method = await askAuthMethod();
+  if (method === 'back') return BACK_TO_CHANNEL_SELECTION;
  const phone = method === 'pairing-code' ? await askPhoneNumber() : undefined;

  const install = await runQuietChild(
@@ -148,7 +150,7 @@ export async function runWhatsAppChannel(displayName: string): Promise<void> {
  }
 }

-async function askAuthMethod(): Promise<AuthMethod> {
+async function askAuthMethod(): Promise<AuthMethod | 'back'> {
  const choice = ensureAnswer(
    await brightSelect({
      message: 'How would you like to authenticate with WhatsApp?',
@@ -163,15 +165,19 @@ async function askAuthMethod(): Promise<AuthMethod> {
          label: 'Enter a pairing code on your phone',
          hint: 'no camera needed',
        },
+        {
+          value: 'back',
+          label: '← Back to channel selection',
+        },
      ],
    }),
-  ) as AuthMethod;
-  setupLog.userInput('whatsapp_auth_method', choice);
+  ) as AuthMethod | 'back';
+  if (choice !== 'back') setupLog.userInput('whatsapp_auth_method', choice);
  return choice;
 }

 async function askPhoneNumber(): Promise<string> {
-  p.note(
+  note(
    [
      "Enter your phone number the way WhatsApp expects it:",
      '',
@@ -249,7 +255,7 @@ async function runWhatsAppAuth(
      } else if (block.type === 'WHATSAPP_AUTH_PAIRING_CODE') {
        const code = block.fields.CODE ?? '????';
        stopSpinner('Your pairing code is ready.');
-        p.note(formatPairingCard(code), 'Pairing code');
+        note(formatPairingCard(code), 'Pairing code');
        s.start('Waiting for you to enter the code…');
        spinnerActive = true;
      } else if (block.type === 'WHATSAPP_AUTH') {
@@ -267,7 +273,7 @@ async function runWhatsAppAuth(
          if (spinnerActive) {
            stopSpinner('WhatsApp linked.');
          } else {
-            p.log.success('WhatsApp linked.');
+            p.log.success(brandBody('WhatsApp linked.'));
          }
        } else if (status === 'failed') {
          if (qrLinesPrinted > 0) {
@@ -312,7 +318,7 @@ async function renderQr(qr: string): Promise<string[]> {
    const QRCode = await import('qrcode');
    const qrText = await QRCode.toString(qr, { type: 'terminal', small: true });
    const caption = k.dim(
-      '   Open WhatsApp → Settings → Linked Devices → Link a Device → scan.',
+      '   Open WhatsApp → You / Settings → Linked Devices → Link a Device → scan.',
    );
    return [...qrText.trimEnd().split('\n'), '', caption];
  } catch {
@@ -328,7 +334,7 @@ function formatPairingCard(code: string): string {
    '',
    `   ${brandBold(spaced)}`,
    '',
-    k.dim('   Open WhatsApp → Settings → Linked Devices → Link a Device'),
+    k.dim('   Open WhatsApp → You / Settings → Linked Devices → Link a Device'),
    k.dim('   → "Link with phone number instead" → enter this code.'),
    k.dim('   It expires in ~60 seconds.'),
  ].join('\n');
@@ -379,8 +385,7 @@ async function restartService(): Promise<void> {
    // Give the adapter a moment to reconnect before init-first-agent's
    // welcome DM hits the delivery path.
    await new Promise((r) => setTimeout(r, 5000));
-    const elapsed = Math.round((Date.now() - start) / 1000);
-    s.stop(`NanoClaw restarted. ${k.dim(`(${elapsed}s)`)}`);
+    s.stop(`NanoClaw restarted. ${k.dim(`(${fmtDuration(Date.now() - start)})`)}`);
    setupLog.step('whatsapp-restart', 'success', Date.now() - start, {
      PLATFORM: platform,
    });
@@ -395,7 +400,7 @@ async function restartService(): Promise<void> {
 }

 async function askChatPhone(authedPhone: string): Promise<string> {
-  p.note(
+  note(
    [
      `Authenticated with ${k.cyan('+' + authedPhone)}.`,
      '',
@@ -462,7 +467,7 @@ async function resolveAgentName(): Promise<string> {
  }
  const answer = ensureAnswer(
    await p.text({
-      message: 'What should your assistant be called?',
+      message: `What should your ${accentGreen('assistant')} be called?`,
      placeholder: DEFAULT_AGENT_NAME,
      defaultValue: DEFAULT_AGENT_NAME,
    }),
@@ -8,6 +8,7 @@
 * Args:
 *   --display-name <name>   (required) operator's display name
 *   --agent-name   <name>   (optional) agent persona name, defaults to display-name
+ *   --folder       <name>   (optional) explicit folder name, defaults to cli-with-<normalized-display-name>
 */
 import { execFileSync } from 'child_process';
 import path from 'path';
@@ -18,9 +19,11 @@ import { emitStatus } from './status.js';
 function parseArgs(args: string[]): {
  displayName: string;
  agentName?: string;
+  folder?: string;
 } {
  let displayName: string | undefined;
  let agentName: string | undefined;
+  let folder: string | undefined;

  for (let i = 0; i < args.length; i++) {
    const key = args[i];
@@ -34,6 +37,10 @@ function parseArgs(args: string[]): {
        agentName = val;
        i++;
        break;
+      case '--folder':
+        folder = val;
+        i++;
+        break;
    }
  }

@@ -46,17 +53,18 @@ function parseArgs(args: string[]): {
    process.exit(2);
  }

-  return { displayName, agentName };
+  return { displayName, agentName, folder };
 }

 export async function run(args: string[]): Promise<void> {
-  const { displayName, agentName } = parseArgs(args);
+  const { displayName, agentName, folder } = parseArgs(args);

  const projectRoot = process.cwd();
  const script = path.join(projectRoot, 'scripts', 'init-cli-agent.ts');

  const scriptArgs = ['exec', 'tsx', script, '--display-name', displayName];
  if (agentName) scriptArgs.push('--agent-name', agentName);
+  if (folder) scriptArgs.push('--folder', folder);

  log.info('Invoking init-cli-agent', { displayName, agentName });

@@ -127,11 +127,22 @@ export async function run(args: string[]): Promise<void> {
    }

    // Socket is unreachable due to group perms — current shell's supplementary
-    // groups are fixed at login, so `usermod -aG docker` (via install-docker.sh
-    // or a prior install) doesn't affect us until next login. Re-exec this
-    // step under `sg docker` so the child picks up docker as its primary
-    // group and can talk to /var/run/docker.sock without a logout.
+    // groups are fixed at login, so `usermod -aG docker` doesn't affect us
+    // until next login. Ensure the user is in the docker group (install-docker.sh
+    // does this on fresh installs, but skips when Docker is already present),
+    // then re-exec under `sg docker` so the child picks up docker as its
+    // primary group and can talk to /var/run/docker.sock without a logout.
    if (status === 'no-permission' && getPlatform() === 'linux' && commandExists('sg')) {
+      // Ensure the current user is in the docker group — without this,
+      // sg will ask for the (typically unset) group password and fail.
+      const inGroup = spawnSync('id', ['-nG'], { encoding: 'utf-8' });
+      if (!(inGroup.stdout ?? '').split(/\s+/).includes('docker')) {
+        log.info('Adding current user to docker group');
+        spawnSync('sudo', ['usermod', '-aG', 'docker', process.env.USER ?? ''], {
+          stdio: 'inherit',
+        });
+      }
+
      log.info('Re-executing container step under `sg docker`');
      const res = spawnSync(
        'sg',
@@ -84,21 +84,28 @@ describe('credentials detection', () => {
    const content =
      'SOME_KEY=value\nANTHROPIC_API_KEY=sk-ant-test123\nOTHER=foo';
    const hasCredentials =
-      /^(CLAUDE_CODE_OAUTH_TOKEN|ANTHROPIC_API_KEY)=/m.test(content);
+      /^(CLAUDE_CODE_OAUTH_TOKEN|ANTHROPIC_API_KEY|ANTHROPIC_AUTH_TOKEN|ONECLI_URL)=/m.test(content);
    expect(hasCredentials).toBe(true);
  });

  it('detects CLAUDE_CODE_OAUTH_TOKEN in env content', () => {
    const content = 'CLAUDE_CODE_OAUTH_TOKEN=token123';
    const hasCredentials =
-      /^(CLAUDE_CODE_OAUTH_TOKEN|ANTHROPIC_API_KEY)=/m.test(content);
+      /^(CLAUDE_CODE_OAUTH_TOKEN|ANTHROPIC_API_KEY|ANTHROPIC_AUTH_TOKEN|ONECLI_URL)=/m.test(content);
+    expect(hasCredentials).toBe(true);
+  });
+
+  it('detects ANTHROPIC_AUTH_TOKEN in env content', () => {
+    const content = 'ANTHROPIC_AUTH_TOKEN=token123\nANTHROPIC_BASE_URL=http://localhost:8080';
+    const hasCredentials =
+      /^(CLAUDE_CODE_OAUTH_TOKEN|ANTHROPIC_API_KEY|ANTHROPIC_AUTH_TOKEN|ONECLI_URL)=/m.test(content);
    expect(hasCredentials).toBe(true);
  });

  it('returns false when no credentials', () => {
    const content = 'ASSISTANT_NAME="Andy"\nOTHER=foo';
    const hasCredentials =
-      /^(CLAUDE_CODE_OAUTH_TOKEN|ANTHROPIC_API_KEY)=/m.test(content);
+      /^(CLAUDE_CODE_OAUTH_TOKEN|ANTHROPIC_API_KEY|ANTHROPIC_AUTH_TOKEN|ONECLI_URL)=/m.test(content);
    expect(hasCredentials).toBe(false);
  });
 });
@@ -11,6 +11,48 @@ import { log } from '../src/log.js';
 import { commandExists, getPlatform, isHeadless, isWSL } from './platform.js';
 import { emitStatus } from './status.js';

+/**
+ * Read a single key from `.env` on disk (not process.env).
+ * Returns the trimmed value or null if the key isn't set / file doesn't exist.
+ */
+export function readEnvKey(key: string, projectRoot?: string): string | null {
+  const envPath = path.join(projectRoot ?? process.cwd(), '.env');
+  let content: string;
+  try {
+    content = fs.readFileSync(envPath, 'utf-8');
+  } catch {
+    return null;
+  }
+  for (const line of content.split('\n')) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith('#')) continue;
+    const eq = trimmed.indexOf('=');
+    if (eq < 1) continue;
+    if (trimmed.slice(0, eq) === key) {
+      return trimmed.slice(eq + 1).trim() || null;
+    }
+  }
+  return null;
+}
+
+export function detectExistingDisplayName(projectRoot: string): string | null {
+  const dbPath = path.join(projectRoot, 'data', 'v2.db');
+  if (!fs.existsSync(dbPath)) return null;
+
+  let db: Database.Database | null = null;
+  try {
+    db = new Database(dbPath, { readonly: true });
+    const row = db
+      .prepare(`SELECT display_name FROM users WHERE id = 'cli:local'`)
+      .get() as { display_name: string } | undefined;
+    return row?.display_name?.trim() || null;
+  } catch {
+    return null;
+  } finally {
+    db?.close();
+  }
+}
+
 export function detectRegisteredGroups(projectRoot: string): boolean {
  if (fs.existsSync(path.join(projectRoot, 'data', 'registered_groups.json'))) {
    return true;
@@ -14,6 +14,7 @@ const STEPS: Record<
  environment: () => import('./environment.js'),
  container: () => import('./container.js'),
  register: () => import('./register.js'),
+  'pair-telegram': () => import('./pair-telegram.js'),
  groups: () => import('./groups.js'),
  'whatsapp-auth': () => import('./whatsapp-auth.js'),
  'signal-auth': () => import('./signal-auth.js'),
@@ -17,30 +17,40 @@ if command -v node >/dev/null 2>&1; then
  exit 0
 fi

-case "$(uname -s)" in
-  Darwin)
-    echo "STEP: brew-install-node"
-    if ! command -v brew >/dev/null 2>&1; then
+if command -v uvx >/dev/null 2>&1; then
+  echo "STEP: uvx-nodeenv"
+  uvx nodeenv -n lts ~/node
+  mkdir -p ~/.local/bin
+  ln -sf ~/node/bin/node ~/.local/bin/node
+  ln -sf ~/node/bin/npm ~/.local/bin/npm
+  ln -sf ~/node/bin/npx ~/.local/bin/npx
+  ln -sf ~/node/bin/pnpm ~/.local/bin/pnpm
+else
+  case "$(uname -s)" in
+    Darwin)
+      echo "STEP: brew-install-node"
+      if ! command -v brew >/dev/null 2>&1; then
+        echo "STATUS: failed"
+        echo "ERROR: Homebrew not installed. Install brew first (https://brew.sh) then re-run."
+        echo "=== END ==="
+        exit 1
+      fi
+      brew install node@22
+      ;;
+    Linux)
+      echo "STEP: nodesource-setup"
+      curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
+      echo "STEP: apt-install-nodejs"
+      sudo apt-get install -y nodejs
+      ;;
+    *)
      echo "STATUS: failed"
-      echo "ERROR: Homebrew not installed. Install brew first (https://brew.sh) then re-run."
+      echo "ERROR: Unsupported platform: $(uname -s)"
      echo "=== END ==="
      exit 1
-    fi
-    brew install node@22
-    ;;
-  Linux)
-    echo "STEP: nodesource-setup"
-    curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
-    echo "STEP: apt-install-nodejs"
-    sudo apt-get install -y nodejs
-    ;;
-  *)
-    echo "STATUS: failed"
-    echo "ERROR: Unsupported platform: $(uname -s)"
-    echo "=== END ==="
-    exit 1
-    ;;
-esac
+      ;;
+  esac
+fi

 if ! command -v node >/dev/null 2>&1; then
  echo "STATUS: failed"
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+# install-signal-cli.sh — auto-install signal-cli on the host.
+#
+# NanoClaw needs `signal-cli` on PATH to talk to Signal. Picks the right
+# install method per platform:
+#   macOS  → `brew install signal-cli` (bottled, no Java needed)
+#   Linux  → download latest native binary from GitHub releases to
+#            ~/.local/bin/signal-cli (no Java, no sudo)
+#
+# Emits the standard NanoClaw STATUS block on success or failure so the
+# `runQuietChild` driver can parse the outcome.
+
+set -euo pipefail
+
+VERSION="0.14.3"
+INSTALL_DIR="${HOME}/.local/bin"
+
+emit_status() {
+  local status=$1 error=${2:-}
+  echo "=== NANOCLAW SETUP: INSTALL_SIGNAL_CLI ==="
+  echo "STATUS: ${status}"
+  [ -n "$error" ] && echo "ERROR: ${error}"
+  echo "=== END ==="
+}
+
+log() { echo "[install-signal-cli] $*" >&2; }
+
+uname_s=$(uname)
+
+if [[ "${uname_s}" == "Darwin" ]]; then
+  if ! command -v brew >/dev/null 2>&1; then
+    emit_status failed "homebrew_not_installed"
+    exit 1
+  fi
+  log "Installing signal-cli via Homebrew…"
+  brew install signal-cli >&2 || {
+    emit_status failed "brew_install_failed"
+    exit 1
+  }
+  emit_status success
+  exit 0
+fi
+
+if [[ "${uname_s}" != "Linux" ]]; then
+  emit_status failed "unsupported_platform_${uname_s}"
+  exit 1
+fi
+
+# Linux native build (no Java required) → ~/.local/bin/signal-cli.
+URL="https://github.com/AsamK/signal-cli/releases/download/v${VERSION}/signal-cli-${VERSION}-Linux-native.tar.gz"
+TARBALL=$(mktemp -t signal-cli.XXXXXX.tar.gz)
+
+log "Downloading signal-cli v${VERSION} (~96MB)…"
+if ! curl -fLsS -o "${TARBALL}" "${URL}"; then
+  rm -f "${TARBALL}"
+  emit_status failed "download_failed"
+  exit 1
+fi
+
+log "Extracting…"
+EXTRACT_DIR=$(mktemp -d)
+if ! tar -xzf "${TARBALL}" -C "${EXTRACT_DIR}"; then
+  rm -rf "${TARBALL}" "${EXTRACT_DIR}"
+  emit_status failed "extract_failed"
+  exit 1
+fi
+
+mkdir -p "${INSTALL_DIR}"
+log "Installing to ${INSTALL_DIR}/signal-cli…"
+if ! mv "${EXTRACT_DIR}/signal-cli" "${INSTALL_DIR}/signal-cli"; then
+  rm -rf "${TARBALL}" "${EXTRACT_DIR}"
+  emit_status failed "install_failed"
+  exit 1
+fi
+chmod +x "${INSTALL_DIR}/signal-cli"
+rm -rf "${TARBALL}" "${EXTRACT_DIR}"
+
+emit_status success
@@ -66,7 +66,7 @@ if ! grep -q "'whatsapp-auth':" setup/index.ts; then
 fi

 echo "STEP: pnpm-install"
-pnpm install @whiskeysockets/baileys@6.17.16 qrcode@1.5.4 @types/qrcode@1.5.6 pino@9.6.0
+pnpm install @whiskeysockets/baileys@7.0.0-rc.9 qrcode@1.5.4 @types/qrcode@1.5.6 pino@9.6.0

 echo "STEP: pnpm-build"
 pnpm run build
@@ -20,6 +20,15 @@ describe('classifyPingResult', () => {
    expect(classifyPingResult(1, '', 'Authentication error')).toBe('auth_error');
  });

+  it('detects Claude Code login banners printed as a chat reply', () => {
+    expect(
+      classifyPingResult(0, 'Invalid API key · Please run /login'),
+    ).toBe('auth_error');
+    expect(
+      classifyPingResult(0, 'Not logged in · Please run /login'),
+    ).toBe('auth_error');
+  });
+
  it('preserves socket errors', () => {
    expect(classifyPingResult(2, '')).toBe('socket_error');
  });
@@ -20,7 +20,10 @@ export function classifyPingResult(exitCode: number | null, stdout: string, stde
  if (
    /Invalid bearer token/i.test(output) ||
    /authentication[_ ]error/i.test(output) ||
-    /Failed to authenticate/i.test(output)
+    /Failed to authenticate/i.test(output) ||
+    /Please run \/login/i.test(output) ||
+    /Not logged in/i.test(output) ||
+    /Invalid API key/i.test(output)
  ) {
    return 'auth_error';
  }
@@ -0,0 +1,17 @@
+/**
+ * Channel-flow back-navigation sentinel.
+ *
+ * Each `runXxxChannel(displayName)` in `setup/channels/` may return either
+ * `void` (sub-flow completed normally) or `BACK_TO_CHANNEL_SELECTION` to
+ * signal "the user picked '← Back to channel selection' on my first
+ * prompt; please re-run the channel chooser." `setup/auto.ts` catches
+ * that signal and loops back to `askChannelChoice()`.
+ *
+ * Back is only offered on the *first* interactive prompt of each channel
+ * sub-flow — once the user has answered something, they're committed
+ * (subsequent steps may have side effects like opening browsers, hitting
+ * APIs, or installing adapter packages, none of which are easily undone).
+ */
+export const BACK_TO_CHANNEL_SELECTION = Symbol('BACK_TO_CHANNEL_SELECTION');
+
+export type ChannelFlowResult = void | typeof BACK_TO_CHANNEL_SELECTION;
@@ -18,6 +18,8 @@ import { SelectPrompt } from '@clack/core';
 import { isCancel } from '@clack/prompts';
 import { styleText } from 'node:util';

+import { brandBody } from './theme.js';
+
 const BULLET_ACTIVE = '●';
 const BULLET_INACTIVE = '○';
 const BAR = '│';
@@ -95,7 +97,7 @@ export function brightSelect<T>(
        const shown =
          st === 'cancel'
            ? styleText(['strikethrough', 'dim'], selected)
-            : styleText('dim', selected);
+            : styleText('dim', brandBody(selected));
        lines.push(`${grayBar}  ${shown}`);
        return lines.join('\n');
      }
@@ -104,11 +106,12 @@ export function brightSelect<T>(
      options.forEach((opt, idx) => {
        const label = opt.label ?? String(opt.value);
        const hint = opt.hint ? ` ${styleText('dim', `(${opt.hint})`)}` : '';
-        const marker =
-          idx === cursor
-            ? styleText('green', BULLET_ACTIVE)
-            : styleText('dim', BULLET_INACTIVE);
-        lines.push(`${bar}  ${marker} ${label}${hint}`);
+        const isActive = idx === cursor;
+        const marker = isActive
+          ? styleText('green', BULLET_ACTIVE)
+          : styleText('dim', BULLET_INACTIVE);
+        const shownLabel = isActive ? brandBody(label) : label;
+        lines.push(`${bar}  ${marker} ${shownLabel}${hint}`);
      });
      lines.push(styleText(color, CAP_BOT));
      return lines.join('\n');
@@ -9,12 +9,19 @@
 * `confirmThenOpen` pauses for the operator before triggering the open —
 * the browser tends to steal focus when it pops, and a split-second
 * "wait what just happened" moment is worse than letting the user hit
- * Enter when they're ready.
+ * Enter when they're ready. On headless devices (no graphical session
+ * available) it skips both the prompt and the open: there's no browser
+ * to launch, the surrounding `note(...)` already shows the URL for
+ * copy-paste on another device, and the next prompt in the channel
+ * flow ("Got your bot token?" etc.) provides the natural completion
+ * confirmation.
 */
 import { spawn } from 'child_process';

 import * as p from '@clack/prompts';
+import k from 'kleur';

+import { isHeadless } from '../platform.js';
 import { ensureAnswer } from './runner.js';

 /** Best-effort open of a URL in the user's default browser. Silent on failure. */
@@ -32,18 +39,43 @@ export function openUrl(url: string): void {
  }
 }

+/**
+ * Format a URL for inclusion in a setup `note(...)` card. On
+ * headless devices we surface the URL inside the card with a
+ * "Get started:" label at full strength — copy-pasting onto
+ * another device is the actual action, not an incidental
+ * reference. The leading `\n` acts as a visual separator from
+ * the body steps above; callers `.filter(line => line !== null)`
+ * before joining, so on GUI we drop the line entirely (and the
+ * URL ends up below the next-step confirm prompt as a "if
+ * browser does not appear, please visit" fallback — see
+ * `confirmThenOpen`).
+ */
+export function formatNoteLink(url: string): string | null {
+  if (isHeadless()) return `\nGet started: ${url}`;
+  return null;
+}
+
 /**
 * Gate a browser-open on a confirm so the user is ready for their browser
- * to take focus. Proceeds on cancel as well — the user can always copy the
- * URL from the note that precedes the prompt.
+ * to take focus. Proceeds on cancel as well. On headless devices both the
+ * prompt and the open are skipped — the URL is already surfaced inside
+ * the surrounding note (via `formatNoteLink`).
+ *
+ * On GUI devices the confirm message includes the fallback URL on the
+ * lines below the action ("If browser does not appear, please visit:
+ * <url>" in dim) so the user has a copy-paste path right next to the
+ * action button without needing to scroll back up to the card.
 */
 export async function confirmThenOpen(
  url: string,
  message = 'Press Enter to open your browser',
 ): Promise<void> {
+  if (isHeadless()) return;
+  const fallback = `\n${k.dim(`If browser does not appear, please visit: ${url}`)}`;
  ensureAnswer(
    await p.confirm({
-      message,
+      message: `${message}${fallback}`,
      initialValue: true,
    }),
  );
@@ -2,8 +2,11 @@
 * Offer Claude-assisted debugging when a setup step fails.
 *
 * Flow:
- *   1. Check `claude` is on PATH and has a working credential. If not,
- *      silently skip — pre-auth failures can't use this path.
+ *   1. Check `claude` is on PATH — if not, offer to install it via
+ *      setup/install-claude.sh. Then check auth via `claude auth status`
+ *      — if not signed in, offer to run `claude setup-token` (browser
+ *      OAuth with code-paste fallback for headless/remote systems).
+ *      If either is declined or fails, silently skip.
 *   2. Ask the user for consent ("Want me to ask Claude for a fix?").
 *   3. Build a minimal prompt: the one-paragraph situation, the failing
 *      step's name/message/hint, and a short list of *file references*
@@ -16,15 +19,16 @@
 *
 * Skippable with NANOCLAW_SKIP_CLAUDE_ASSIST=1 for CI/scripted runs.
 */
-import { execSync, spawn } from 'child_process';
+import { execSync, spawn, spawnSync } from 'child_process';
 import fs from 'fs';
+import os from 'os';
 import path from 'path';

 import * as p from '@clack/prompts';
 import k from 'kleur';

 import { ensureAnswer } from './runner.js';
-import { fitToWidth } from './theme.js';
+import { brandBody, fitToWidth, fmtDuration, note } from './theme.js';

 export interface AssistContext {
  stepName: string;
@@ -90,7 +94,7 @@ export async function offerClaudeAssist(
  projectRoot: string = process.cwd(),
 ): Promise<boolean> {
  if (process.env.NANOCLAW_SKIP_CLAUDE_ASSIST === '1') return false;
-  if (!isClaudeUsable()) return false;
+  if (!(await ensureClaudeReady(projectRoot))) return false;

  const want = ensureAnswer(
    await p.confirm({
@@ -106,12 +110,12 @@ export async function offerClaudeAssist(

  const parsed = parseResponse(response);
  if (!parsed) {
-    p.log.warn("Claude responded but I couldn't parse a command out of it.");
+    p.log.warn(brandBody("Claude responded but I couldn't parse a command out of it."));
    p.log.message(k.dim(response.trim().slice(0, 500)));
    return false;
  }

-  p.note(
+  note(
    `${parsed.reason}\n\n${k.cyan('$')} ${parsed.command}`,
    "Claude's suggestion",
  );
@@ -128,15 +132,101 @@ export async function offerClaudeAssist(
  return true;
 }

-function isClaudeUsable(): boolean {
+function isClaudeInstalled(): boolean {
  try {
    execSync('command -v claude', { stdio: 'ignore' });
+    return true;
  } catch {
    return false;
  }
-  // Availability without auth is half the story; a real query will still
-  // fail if the token isn't registered. We try first and surface the error
-  // rather than pre-checking auth with a separate round trip.
+}
+
+function isClaudeAuthenticated(): boolean {
+  try {
+    execSync('claude auth status', { stdio: 'ignore', timeout: 5_000 });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function ensureClaudeReady(projectRoot: string): Promise<boolean> {
+  if (!isClaudeInstalled()) {
+    const install = ensureAnswer(
+      await p.confirm({
+        message:
+          'Claude CLI is needed to diagnose this. Install it now?',
+        initialValue: true,
+      }),
+    );
+    if (!install) return false;
+
+    const code = spawnSync('bash', ['setup/install-claude.sh'], {
+      cwd: projectRoot,
+      stdio: 'inherit',
+    }).status;
+    if (code !== 0 || !isClaudeInstalled()) {
+      p.log.error("Couldn't install the Claude CLI.");
+      return false;
+    }
+    p.log.success('Claude CLI installed.');
+  }
+
+  if (!isClaudeAuthenticated()) {
+    const auth = ensureAnswer(
+      await p.confirm({
+        message:
+          "Claude CLI isn't signed in. Sign in now? (a browser will open)",
+        initialValue: true,
+      }),
+    );
+    if (!auth) return false;
+
+    // setup-token has an interactive TUI; reset terminal to cooked mode
+    // so its prompts render correctly after clack's raw-mode prompts.
+    spawnSync('stty', ['sane'], { stdio: 'inherit' });
+
+    // Run under script(1) to capture the OAuth token from PTY output
+    // while preserving interactive TTY for the browser OAuth flow.
+    // Same approach as register-claude-token.sh, but we set the env var
+    // instead of writing to OneCLI.
+    const tmpfile = path.join(os.tmpdir(), `claude-setup-token-${process.pid}`);
+    try {
+      const isUtilLinux = (() => {
+        try {
+          return execSync('script --version 2>&1', { encoding: 'utf-8' }).includes('util-linux');
+        } catch { return false; }
+      })();
+      const scriptArgs = isUtilLinux
+        ? ['-q', '-c', 'claude setup-token', tmpfile]
+        : ['-q', tmpfile, 'claude', 'setup-token'];
+
+      spawnSync('script', scriptArgs, {
+        cwd: projectRoot,
+        stdio: 'inherit',
+      });
+
+      if (!isClaudeAuthenticated() && fs.existsSync(tmpfile)) {
+        const raw = fs.readFileSync(tmpfile, 'utf-8');
+        const stripped = raw
+          .replace(/\x1b\[[0-9;]*[a-zA-Z]/g, '')
+          .replace(/[\n\r]/g, '');
+        const matches = stripped.match(/(sk-ant-oat[A-Za-z0-9_-]{80,500}AA)/g);
+        if (matches) {
+          process.env.CLAUDE_CODE_OAUTH_TOKEN = matches[matches.length - 1];
+        }
+      }
+    } finally {
+      try { fs.unlinkSync(tmpfile); } catch {}
+    }
+
+    if (!isClaudeAuthenticated()) {
+      p.log.error("Couldn't complete Claude sign-in.");
+      return false;
+    }
+    p.log.success('Claude CLI signed in.');
+  }
+
  return true;
 }

@@ -205,9 +295,8 @@ async function queryClaudeUnderSpinner(
    // Move cursor back to the start of the block (WINDOW_SIZE + 1 = header + window).
    out.write(`\x1b[${WINDOW_SIZE + 1}A`);

-    const elapsed = Math.round((Date.now() - start) / 1000);
    const icon = SPINNER_FRAMES[frameIdx % SPINNER_FRAMES.length];
-    const suffix = ` (${elapsed}s)`;
+    const suffix = ` (${fmtDuration(Date.now() - start)})`;
    const header = fitToWidth('Asking Claude to diagnose…', suffix);
    out.write(`\x1b[2K${k.cyan(icon)}  ${header}${k.dim(suffix)}\n`);

@@ -265,10 +354,9 @@ async function queryClaudeUnderSpinner(
      clearBlock();
      out.write(SHOW_CURSOR);
      process.off('exit', restoreCursorOnExit);
-      const elapsed = Math.round((Date.now() - start) / 1000);
-      const suffix = ` (${elapsed}s)`;
+      const suffix = ` (${fmtDuration(Date.now() - start)})`;
      if (kind === 'ok') {
-        p.log.success(`${fitToWidth('Claude replied.', suffix)}${k.dim(suffix)}`);
+        p.log.success(`${brandBody(fitToWidth('Claude replied.', suffix))}${k.dim(suffix)}`);
        resolve(payload);
      } else {
        p.log.error(
@@ -27,6 +27,8 @@ import { execSync, spawn } from 'child_process';
 import * as p from '@clack/prompts';
 import k from 'kleur';

+import { brandBody, note } from './theme.js';
+
 export interface HandoffContext {
  /** Channel this handoff is happening in (e.g., 'teams'). */
  channel: string;
@@ -62,14 +64,14 @@ export interface HandoffContext {
 export async function offerClaudeHandoff(ctx: HandoffContext): Promise<boolean> {
  if (!isClaudeUsable()) {
    p.log.warn(
-      "Claude isn't installed yet — can't hand you off here. Finish setup first, then retry.",
+      brandBody("Claude isn't installed yet — can't hand you off here. Finish setup first, then retry."),
    );
    return false;
  }

  const systemPrompt = buildSystemPrompt(ctx);

-  p.note(
+  note(
    [
      "I'm handing you off to Claude in interactive mode.",
      "It has the context of where you are in setup.",
@@ -91,7 +93,7 @@ export async function offerClaudeHandoff(ctx: HandoffContext): Promise<boolean>
      { stdio: 'inherit' },
    );
    child.on('close', () => {
-      p.log.success("Back from Claude. Let's continue.");
+      p.log.success(brandBody("Back from Claude. Let's continue."));
      resolve(true);
    });
    child.on('error', () => {
@@ -20,7 +20,7 @@ import k from 'kleur';
 import * as setupLog from '../logs.js';
 import { offerClaudeAssist } from './claude-assist.js';
 import { emit as phEmit } from './diagnostics.js';
-import { fitToWidth } from './theme.js';
+import { brandBody, fitToWidth, fmtDuration } from './theme.js';

 export type Fields = Record<string, string>;
 export type Block = { type: string; fields: Fields };
@@ -307,18 +307,16 @@ async function runUnderSpinner<
 ): Promise<T> {
  const s = p.spinner();
  const start = Date.now();
-  s.start(fitToWidth(labels.running, ' (999s)'));
+  s.start(fitToWidth(labels.running, ' (99m 59s)'));
  const tick = setInterval(() => {
-    const elapsed = Math.round((Date.now() - start) / 1000);
-    const suffix = ` (${elapsed}s)`;
+    const suffix = ` (${fmtDuration(Date.now() - start)})`;
    s.message(`${fitToWidth(labels.running, suffix)}${k.dim(suffix)}`);
  }, 1000);

  const result = await work();

  clearInterval(tick);
-  const elapsed = Math.round((Date.now() - start) / 1000);
-  const suffix = ` (${elapsed}s)`;
+  const suffix = ` (${fmtDuration(Date.now() - start)})`;
  if (result.ok) {
    const isSkipped = result.terminal?.fields.STATUS === 'skipped';
    const msg = isSkipped && labels.skipped ? labels.skipped : labels.done;
@@ -390,7 +388,7 @@ export async function fail(
      const skipList = [
        ...new Set([...existingSkip, ...setupLog.completedStepNames()]),
      ].join(',');
-      p.log.step(`Retrying from ${stepName}…`);
+      p.log.step(brandBody(`Retrying from ${stepName}…`));
      const result = spawnSync('pnpm', ['--silent', 'run', 'setup:auto'], {
        stdio: 'inherit',
        env: { ...process.env, NANOCLAW_SKIP: skipList },
@@ -115,7 +115,7 @@ async function promptOne(e: Entry, values: ConfigValues): Promise<void> {
  };
  const ans = ensureAnswer(
    e.secret
-      ? await p.password({ message: e.label, validate })
+      ? await p.password({ message: e.label, clearOnError: true, validate })
      : await p.text({
          message: e.label,
          placeholder: e.placeholder ?? e.default,
@@ -11,6 +11,7 @@
 *   - COLORTERM truecolor/24bit  → 24-bit ANSI (exact brand cyan)
 *   - Otherwise                  → kleur's 16-color cyan (closest fallback)
 */
+import * as p from '@clack/prompts';
 import k from 'kleur';

 const USE_ANSI = Boolean(process.stdout.isTTY) && !process.env.NO_COLOR;
@@ -38,6 +39,57 @@ export function brandChip(s: string): string {
  return k.bgCyan(k.black(k.bold(s)));
 }

+/**
+ * Accent green (#3fba50) for emphasizing a single word inside prompt
+ * messages — currently the "you" in "What should your assistant call
+ * you?" so the operator parses at a glance who the question is about.
+ * Same TTY/NO_COLOR/truecolor gating as the rest of the palette.
+ */
+export function accentGreen(s: string): string {
+  if (!USE_ANSI) return s;
+  if (TRUECOLOR) return `\x1b[38;2;63;186;80m${s}\x1b[39m`;
+  return k.green(s);
+}
+
+/**
+ * Format an elapsed-time duration (in milliseconds) for the spinner
+ * suffixes setup writes everywhere. Sub-minute durations stay in plain
+ * seconds (`47s`); once the timer crosses 60 seconds we switch to the
+ * `Xm Ys` form (`2m 34s`) so a long step doesn't read as `247s` or
+ * similar. The format is consistent above 60s — `4m 0s` over `4m` —
+ * so live spinner output doesn't change shape at every whole minute.
+ */
+export function fmtDuration(ms: number): string {
+  const totalSec = Math.round(ms / 1000);
+  if (totalSec < 60) return `${totalSec}s`;
+  const m = Math.floor(totalSec / 60);
+  const s = totalSec % 60;
+  return `${m}m ${s}s`;
+}
+
+/**
+ * Brand body color for setup-flow prose. Used for card bodies (via the
+ * `note()` formatter) and `p.log.*` body arguments — anywhere the
+ * previous "dim" treatment was making prose hard to read or washing
+ * out embedded brand emphasis.
+ *
+ * Multi-line input is colored line-by-line so embedded line breaks
+ * don't bleed the SGR sequence across clack's gutter prefix.
+ */
+export function brandBody(s: string): string {
+  if (!USE_ANSI) return s;
+  if (TRUECOLOR) {
+    return s
+      .split('\n')
+      .map((line) => (line.length > 0 ? `\x1b[38;2;43;183;206m${line}\x1b[39m` : line))
+      .join('\n');
+  }
+  return s
+    .split('\n')
+    .map((line) => (line.length > 0 ? k.cyan(line) : line))
+    .join('\n');
+}
+
 /**
 * Wrap text so it fits inside clack's gutter without the terminal's soft
 * wrap breaking the `│ …` bar on long lines. Works on a single string with
@@ -68,6 +120,16 @@ export function dimWrap(text: string, gutter: number): string {
  return wrapForGutter(text, gutter);
 }

+/**
+ * Wrap clack's `p.note` so card bodies render in the brand body color
+ * (#2b6fdc) instead of clack's default dim. Clack runs the formatter
+ * on each line individually, so `brandBody` colors each line cleanly
+ * without bleeding across the gutter prefix.
+ */
+export function note(message: string, title?: string): void {
+  p.note(message, title, { format: brandBody });
+}
+
 const ANSI_RE = /\x1b\[[0-9;]*m/g;

 function visibleLength(s: string): number {
@@ -17,7 +17,7 @@ import * as p from '@clack/prompts';
 import k from 'kleur';

 import { isValidTimezone } from '../../src/timezone.js';
-import { fitToWidth } from './theme.js';
+import { fitToWidth, fmtDuration } from './theme.js';

 export function claudeCliAvailable(): boolean {
  try {
@@ -44,18 +44,16 @@ export async function resolveTimezoneViaClaude(
  const s = p.spinner();
  const start = Date.now();
  const label = 'Looking up that timezone…';
-  s.start(fitToWidth(label, ' (999s)'));
+  s.start(fitToWidth(label, ' (99m 59s)'));
  const tick = setInterval(() => {
-    const elapsed = Math.round((Date.now() - start) / 1000);
-    const suffix = ` (${elapsed}s)`;
+    const suffix = ` (${fmtDuration(Date.now() - start)})`;
    s.message(`${fitToWidth(label, suffix)}${k.dim(suffix)}`);
  }, 1000);

  const reply = await queryClaude(prompt);

  clearInterval(tick);
-  const elapsed = Math.round((Date.now() - start) / 1000);
-  const suffix = ` (${elapsed}s)`;
+  const suffix = ` (${fmtDuration(Date.now() - start)})`;

  const resolved = reply ? extractTimezone(reply) : null;
  if (resolved) {
@@ -23,7 +23,7 @@ import { emit as phEmit } from './diagnostics.js';
 import type { StepResult, SpinnerLabels } from './runner.js';
 import { dumpTranscriptOnFailure, spawnStep, writeStepEntry } from './runner.js';
 import * as setupLog from '../logs.js';
-import { fitToWidth } from './theme.js';
+import { brandBody, fitToWidth, fmtDuration } from './theme.js';

 const WINDOW_SIZE = 3;
 const SPINNER_FRAMES = ['◒', '◐', '◓', '◑'];
@@ -85,9 +85,8 @@ async function runUnderWindow(
  const redraw = (): void => {
    if (stallPromptActive) return;
    out.write(`\x1b[${WINDOW_SIZE + 1}A`);
-    const elapsed = Math.round((Date.now() - start) / 1000);
    const icon = SPINNER_FRAMES[frameIdx % SPINNER_FRAMES.length];
-    const suffix = ` (${elapsed}s)`;
+    const suffix = ` (${fmtDuration(Date.now() - start)})`;
    const header = fitToWidth(labels.running, suffix);
    out.write(`\x1b[2K${k.cyan(icon)}  ${header}${k.dim(suffix)}\n`);

@@ -164,12 +163,11 @@ async function runUnderWindow(
  out.write(SHOW_CURSOR);
  process.off('exit', restoreCursorOnExit);

-  const elapsed = Math.round((Date.now() - start) / 1000);
-  const suffix = ` (${elapsed}s)`;
+  const suffix = ` (${fmtDuration(Date.now() - start)})`;
  if (result.ok) {
    const isSkipped = result.terminal?.fields.STATUS === 'skipped';
    const msg = isSkipped && labels.skipped ? labels.skipped : labels.done;
-    p.log.success(`${fitToWidth(msg, suffix)}${k.dim(suffix)}`);
+    p.log.success(`${brandBody(fitToWidth(msg, suffix))}${k.dim(suffix)}`);
  } else {
    const failMsg = labels.failed ?? labels.running.replace(/…$/, ' failed');
    p.log.error(`${fitToWidth(failMsg, suffix)}${k.dim(suffix)}`);
@@ -185,7 +183,7 @@ async function handleStall(
 ): Promise<void> {
  render.pauseRender();
  p.log.warn(
-    `This looks stuck — no output from the ${stepName} step for the last 60 seconds.`,
+    brandBody(`This looks stuck — no output from the ${stepName} step for the last 60 seconds.`),
  );
  phEmit('step_stalled', { step: stepName });

@@ -0,0 +1,134 @@
+/**
+ * migrate-v2 step: channel-auth
+ *
+ * Copy channel auth state from v1 to v2 for selected channels.
+ * Handles both env keys and on-disk auth files (Baileys, Matrix, etc.)
+ * per the CHANNEL_AUTH_REGISTRY.
+ *
+ * Usage: pnpm exec tsx setup/migrate-v2/channel-auth.ts <v1-path> <channel1> [channel2...]
+ */
+import fs from 'fs';
+import path from 'path';
+
+import { CHANNEL_AUTH_REGISTRY } from './shared.js';
+
+function parseEnv(filePath: string): Map<string, string> {
+  const out = new Map<string, string>();
+  if (!fs.existsSync(filePath)) return out;
+  for (const line of fs.readFileSync(filePath, 'utf-8').split('\n')) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith('#')) continue;
+    const eq = trimmed.indexOf('=');
+    if (eq <= 0) continue;
+    out.set(trimmed.slice(0, eq).trim(), trimmed.slice(eq + 1));
+  }
+  return out;
+}
+
+function appendEnvKey(envPath: string, key: string, value: string): boolean {
+  const existing = parseEnv(envPath);
+  if (existing.has(key)) return false;
+
+  let content = fs.existsSync(envPath) ? fs.readFileSync(envPath, 'utf-8') : '';
+  if (content && !content.endsWith('\n')) content += '\n';
+  content += `${key}=${value}\n`;
+  fs.writeFileSync(envPath, content);
+  return true;
+}
+
+function copyGlob(v1Root: string, v2Root: string, relativePath: string): string[] {
+  const src = path.join(v1Root, relativePath);
+  if (!fs.existsSync(src)) return [];
+
+  const copied: string[] = [];
+  const stat = fs.statSync(src);
+
+  if (stat.isFile()) {
+    const dst = path.join(v2Root, relativePath);
+    if (!fs.existsSync(dst)) {
+      fs.mkdirSync(path.dirname(dst), { recursive: true });
+      fs.copyFileSync(src, dst);
+      copied.push(relativePath);
+    }
+  } else if (stat.isDirectory()) {
+    const dst = path.join(v2Root, relativePath);
+    fs.mkdirSync(dst, { recursive: true });
+    for (const entry of fs.readdirSync(src, { withFileTypes: true })) {
+      const sub = path.join(relativePath, entry.name);
+      copied.push(...copyGlob(v1Root, v2Root, sub));
+    }
+  }
+
+  return copied;
+}
+
+function main(): void {
+  const args = process.argv.slice(2);
+  const v1Path = args[0];
+  const channels = args.slice(1);
+
+  if (!v1Path || channels.length === 0) {
+    console.error('Usage: tsx setup/migrate-v2/channel-auth.ts <v1-path> <channel1> [channel2...]');
+    process.exit(1);
+  }
+
+  const v1EnvPath = path.join(v1Path, '.env');
+  const v2EnvPath = path.join(process.cwd(), '.env');
+  const v1Env = parseEnv(v1EnvPath);
+
+  let envKeysCopied = 0;
+  let filesCopied = 0;
+  let channelsProcessed = 0;
+  const missing: string[] = [];
+
+  for (const channel of channels) {
+    const spec = CHANNEL_AUTH_REGISTRY[channel];
+    if (!spec) {
+      // Unknown channel — just try copying env keys with common naming
+      channelsProcessed++;
+      continue;
+    }
+
+    // Copy env keys
+    for (const key of spec.v1EnvKeys) {
+      const value = v1Env.get(key);
+      if (value) {
+        if (appendEnvKey(v2EnvPath, key, value)) {
+          envKeysCopied++;
+        }
+      }
+    }
+
+    // Check required v2 keys — report missing ones
+    const v2Env = parseEnv(v2EnvPath);
+    for (const req of spec.requiredV2Keys) {
+      if (!v2Env.has(req.key)) {
+        missing.push(`${channel}:${req.key} (${req.where})`);
+      }
+    }
+
+    // Copy on-disk auth files
+    for (const candidate of spec.candidatePaths) {
+      const copied = copyGlob(v1Path, process.cwd(), candidate);
+      filesCopied += copied.length;
+    }
+
+    channelsProcessed++;
+  }
+
+  // Sync to data/env/env
+  if (fs.existsSync(v2EnvPath)) {
+    const containerEnvDir = path.join(process.cwd(), 'data', 'env');
+    try {
+      fs.mkdirSync(containerEnvDir, { recursive: true });
+      fs.copyFileSync(v2EnvPath, path.join(containerEnvDir, 'env'));
+    } catch { /* non-fatal */ }
+  }
+
+  console.log(`OK:channels=${channelsProcessed},env_keys=${envKeysCopied},files=${filesCopied}`);
+  if (missing.length > 0) {
+    console.log(`MISSING:${missing.join(',')}`);
+  }
+}
+
+main();
@@ -0,0 +1,231 @@
+/**
+ * migrate-v2 step: db
+ *
+ * Seed v2.db from v1's registered_groups table.
+ * Creates agent_groups, messaging_groups, and messaging_group_agents.
+ *
+ * Does NOT seed users/user_roles — the /migrate-from-v1 skill handles that.
+ *
+ * Idempotent: re-running skips rows that already exist.
+ *
+ * Usage: pnpm exec tsx setup/migrate-v2/db.ts <v1-path>
+ */
+import fs from 'fs';
+import path from 'path';
+
+import Database from 'better-sqlite3';
+
+import { DATA_DIR } from '../../src/config.js';
+import { createAgentGroup, getAgentGroupByFolder } from '../../src/db/agent-groups.js';
+import { initDb } from '../../src/db/connection.js';
+import {
+  createMessagingGroup,
+  createMessagingGroupAgent,
+  getMessagingGroupAgentByPair,
+  getMessagingGroupAgents,
+  getMessagingGroupByPlatform,
+  updateMessagingGroup,
+} from '../../src/db/messaging-groups.js';
+import { runMigrations } from '../../src/db/migrations/index.js';
+import { readEnvFile } from '../../src/env.js';
+import { buildDiscordResolver, type DiscordResolver } from './discord-resolver.js';
+import {
+  generateId,
+  inferIsGroup,
+  parseJid,
+  triggerToEngage,
+  v2PlatformId,
+} from './shared.js';
+
+interface V1Group {
+  jid: string;
+  name: string;
+  folder: string;
+  trigger_pattern: string | null;
+  requires_trigger: number | null;
+  is_main: number | null;
+}
+
+async function main(): Promise<void> {
+  const v1Path = process.argv[2];
+  if (!v1Path) {
+    console.error('Usage: tsx setup/migrate-v2/db.ts <v1-path>');
+    process.exit(1);
+  }
+
+  const v1DbPath = path.join(v1Path, 'store', 'messages.db');
+  if (!fs.existsSync(v1DbPath)) {
+    console.error(`v1 DB not found: ${v1DbPath}`);
+    process.exit(1);
+  }
+
+  // Read v1 groups
+  const v1Db = new Database(v1DbPath, { readonly: true, fileMustExist: true });
+
+  // v1 schema varies — channel_name was a late addition. Query only the
+  // columns we know exist in all v1 installs.
+  const v1Groups = v1Db
+    .prepare('SELECT jid, name, folder, trigger_pattern, requires_trigger, is_main FROM registered_groups')
+    .all() as V1Group[];
+  v1Db.close();
+
+  if (v1Groups.length === 0) {
+    console.log('SKIPPED:no registered groups in v1');
+    process.exit(0);
+  }
+
+  // Init v2 DB
+  fs.mkdirSync(path.join(process.cwd(), 'data'), { recursive: true });
+  const v2Db = initDb(path.join(DATA_DIR, 'v2.db'));
+  runMigrations(v2Db);
+
+  let created = 0;
+  let reused = 0;
+  let skipped = 0;
+  const errors: string[] = [];
+
+  // v1 stored Discord groups as `dc:<channelId>` with no guild/DM signal.
+  // v2 needs either `discord:<guildId>:<channelId>` (guild) or
+  // `discord:@me:<channelId>` (DM / group DM). Use the v1 bot token to
+  // enumerate guilds + channels and to classify any leftover ids as DMs.
+  // On any failure the resolver returns null for every channel and the
+  // affected groups skip with a clear warning.
+  let discordResolver: DiscordResolver | null = null;
+  const discordChannelIds = v1Groups
+    .map((g) => parseJid(g.jid))
+    .filter((p): p is NonNullable<typeof p> => p?.channel_type === 'discord')
+    .map((p) => p.id);
+  if (discordChannelIds.length > 0) {
+    const env = readEnvFile(['DISCORD_BOT_TOKEN']);
+    discordResolver = await buildDiscordResolver(env.DISCORD_BOT_TOKEN ?? '', discordChannelIds);
+    const stats = discordResolver.stats();
+    if (stats.reason) {
+      console.log(`WARN:discord resolver disabled: ${stats.reason}`);
+    } else {
+      console.log(
+        `INFO:discord resolver: ${stats.guilds} guild(s), ${stats.channels} guild channel(s), ${stats.dms} DM(s)`,
+      );
+    }
+  }
+
+  for (const g of v1Groups) {
+    const parsed = parseJid(g.jid);
+    if (!parsed) {
+      skipped++;
+      errors.push(`Could not parse JID: ${g.jid}`);
+      continue;
+    }
+
+    const channelType = parsed.channel_type;
+    let platformId: string;
+    if (channelType === 'discord') {
+      const resolved = discordResolver?.resolve(parsed.id) ?? null;
+      if (!resolved) {
+        const stats = discordResolver?.stats();
+        const why = stats?.reason
+          ? `discord resolver unavailable (${stats.reason})`
+          : 'not found in any guild the bot can see — re-add the bot to that server and re-run, or rewire after migration';
+        skipped++;
+        errors.push(`Discord channel ${parsed.id} (${g.folder}): ${why}`);
+        continue;
+      }
+      platformId = resolved;
+    } else {
+      platformId = v2PlatformId(channelType, parsed.raw);
+    }
+    const createdAt = new Date().toISOString();
+
+    try {
+      // agent_group — one per folder
+      let ag = getAgentGroupByFolder(g.folder);
+      if (!ag) {
+        createAgentGroup({
+          id: generateId('ag'),
+          name: g.name || g.folder,
+          folder: g.folder,
+          agent_provider: null,
+          created_at: createdAt,
+        });
+        ag = getAgentGroupByFolder(g.folder)!;
+      }
+
+      // messaging_group — one per (channel_type, platform_id).
+      //
+      // If the row already exists *and* has zero wired agent_groups, it
+      // was almost certainly auto-created by the runtime router on an
+      // inbound message (which uses 'request_approval' or similar — not
+      // the migration's 'public'). Reset its policy to match what the
+      // migration would have set if it had created the row first. Once
+      // any wiring exists, the user has had a chance to tighten the
+      // policy via the skill — leave it alone.
+      let mg = getMessagingGroupByPlatform(channelType, platformId);
+      if (!mg) {
+        createMessagingGroup({
+          id: generateId('mg'),
+          channel_type: channelType,
+          platform_id: platformId,
+          name: g.name || null,
+          is_group: inferIsGroup(channelType, platformId),
+          unknown_sender_policy: 'public',
+          created_at: createdAt,
+        });
+        mg = getMessagingGroupByPlatform(channelType, platformId)!;
+      } else if (
+        mg.unknown_sender_policy !== 'public' &&
+        getMessagingGroupAgents(mg.id).length === 0
+      ) {
+        updateMessagingGroup(mg.id, { unknown_sender_policy: 'public' });
+        mg = getMessagingGroupByPlatform(channelType, platformId)!;
+      }
+
+      // messaging_group_agents — wire them
+      const existing = getMessagingGroupAgentByPair(mg.id, ag.id);
+      if (!existing) {
+        const engage = triggerToEngage({
+          trigger_pattern: g.trigger_pattern,
+          requires_trigger: g.requires_trigger,
+        });
+        createMessagingGroupAgent({
+          id: generateId('mga'),
+          messaging_group_id: mg.id,
+          agent_group_id: ag.id,
+          engage_mode: engage.engage_mode,
+          engage_pattern: engage.engage_pattern,
+          sender_scope: 'all',
+          ignored_message_policy: 'drop',
+          session_mode: 'shared',
+          priority: 0,
+          created_at: createdAt,
+        });
+        created++;
+      } else {
+        reused++;
+      }
+    } catch (err) {
+      skipped++;
+      errors.push(`${g.folder}: ${err instanceof Error ? err.message : String(err)}`);
+    }
+  }
+
+  v2Db.close();
+
+  // If every group was skipped, the migration didn't actually do anything.
+  // Treat that as failure so the wrapper script surfaces it instead of
+  // hiding it under an `OK:` line.
+  const totalDone = created + reused;
+  if (v1Groups.length > 0 && totalDone === 0) {
+    console.error(`FAIL:groups=${v1Groups.length},created=0,reused=0,skipped=${skipped}`);
+    for (const e of errors) console.error(`ERROR:${e}`);
+    process.exit(1);
+  }
+
+  console.log(`OK:groups=${v1Groups.length},created=${created},reused=${reused},skipped=${skipped}`);
+  if (errors.length > 0) {
+    for (const e of errors) console.log(`ERROR:${e}`);
+  }
+}
+
+main().catch((err) => {
+  console.error(`FAIL:${err instanceof Error ? err.message : String(err)}`);
+  process.exit(1);
+});
@@ -0,0 +1,195 @@
+import { describe, expect, it, vi } from 'vitest';
+
+import { buildDiscordResolver } from './discord-resolver.js';
+
+function mockFetch(handlers: Record<string, unknown>): typeof fetch {
+  return vi.fn(async (input: string | URL | Request) => {
+    const url = typeof input === 'string' ? input : input instanceof URL ? input.toString() : input.url;
+    const match = Object.keys(handlers).find((k) => url.startsWith(k));
+    if (!match) throw new Error(`unexpected fetch: ${url}`);
+    const body = handlers[match];
+    if (body instanceof Error) throw body;
+    if (typeof body === 'object' && body !== null && 'status' in body && (body as { status?: number }).status) {
+      const r = body as { status: number; statusText?: string; body?: string };
+      return new Response(r.body ?? '', { status: r.status, statusText: r.statusText ?? '' });
+    }
+    return new Response(JSON.stringify(body), { status: 200 });
+  }) as unknown as typeof fetch;
+}
+
+describe('buildDiscordResolver', () => {
+  it('returns empty resolver when token is missing', async () => {
+    const r = await buildDiscordResolver('');
+    expect(r.stats()).toMatchObject({ guilds: 0, channels: 0, dms: 0 });
+    expect(r.stats().reason).toMatch(/no DISCORD_BOT_TOKEN/);
+    expect(r.resolve('any')).toBeNull();
+  });
+
+  it('resolves channels to guild-prefixed platform ids', async () => {
+    const fetchImpl = mockFetch({
+      'https://discord.com/api/v10/users/@me/guilds': [
+        { id: 'g1', name: 'Guild 1' },
+        { id: 'g2', name: 'Guild 2' },
+      ],
+      'https://discord.com/api/v10/guilds/g1/channels': [
+        { id: 'c1' },
+        { id: 'c2' },
+      ],
+      'https://discord.com/api/v10/guilds/g2/channels': [
+        { id: 'c3' },
+      ],
+    });
+
+    const r = await buildDiscordResolver('valid-token', [], fetchImpl);
+
+    expect(r.stats()).toEqual({ guilds: 2, channels: 3, dms: 0 });
+    expect(r.resolve('c1')).toBe('discord:g1:c1');
+    expect(r.resolve('c2')).toBe('discord:g1:c2');
+    expect(r.resolve('c3')).toBe('discord:g2:c3');
+    expect(r.resolve('cX')).toBeNull();
+  });
+
+  it('returns disabled resolver on 401', async () => {
+    const fetchImpl = mockFetch({
+      'https://discord.com/api/v10/users/@me/guilds': {
+        status: 401,
+        statusText: 'Unauthorized',
+        body: '{"message":"401: Unauthorized","code":0}',
+      },
+    });
+
+    const r = await buildDiscordResolver('bad-token', [], fetchImpl);
+    expect(r.stats().guilds).toBe(0);
+    expect(r.stats().reason).toMatch(/401/);
+    expect(r.resolve('c1')).toBeNull();
+  });
+
+  it('keeps partial results when one guild lookup fails', async () => {
+    const fetchImpl = mockFetch({
+      'https://discord.com/api/v10/users/@me/guilds': [
+        { id: 'g1', name: 'Good Guild' },
+        { id: 'g2', name: 'Bad Guild' },
+      ],
+      'https://discord.com/api/v10/guilds/g1/channels': [{ id: 'c1' }],
+      'https://discord.com/api/v10/guilds/g2/channels': {
+        status: 403,
+        statusText: 'Forbidden',
+        body: '{}',
+      },
+    });
+
+    const errSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+    const r = await buildDiscordResolver('valid-token', [], fetchImpl);
+    errSpy.mockRestore();
+
+    expect(r.resolve('c1')).toBe('discord:g1:c1');
+    expect(r.stats().guilds).toBe(2);
+    expect(r.stats().channels).toBe(1);
+  });
+
+  it('paginates the guild list', async () => {
+    // First page: 200 guilds (g0..g199); second page: 1 guild (g200); third call would not happen.
+    const page1 = Array.from({ length: 200 }, (_, i) => ({ id: `g${i}`, name: `G${i}` }));
+    const page2 = [{ id: 'g200', name: 'G200' }];
+    let call = 0;
+    const fetchImpl = vi.fn(async (input: string | URL | Request) => {
+      const url = typeof input === 'string' ? input : input instanceof URL ? input.toString() : input.url;
+      if (url.includes('/users/@me/guilds')) {
+        call++;
+        const body = call === 1 ? page1 : page2;
+        return new Response(JSON.stringify(body), { status: 200 });
+      }
+      // Every guild has one channel named after itself
+      const m = /\/guilds\/([^/]+)\/channels/.exec(url);
+      const gid = m ? m[1] : '';
+      return new Response(JSON.stringify([{ id: `c-${gid}` }]), { status: 200 });
+    }) as unknown as typeof fetch;
+
+    const r = await buildDiscordResolver('valid-token', [], fetchImpl);
+
+    expect(r.stats().guilds).toBe(201);
+    expect(r.stats().channels).toBe(201);
+    expect(r.resolve('c-g0')).toBe('discord:g0:c-g0');
+    expect(r.resolve('c-g200')).toBe('discord:g200:c-g200');
+  });
+
+  it('classifies unresolved ids as DMs and emits discord:@me:<id>', async () => {
+    const fetchImpl = mockFetch({
+      'https://discord.com/api/v10/users/@me/guilds': [{ id: 'g1', name: 'G1' }],
+      'https://discord.com/api/v10/guilds/g1/channels': [{ id: 'guild-chan' }],
+      // dmId is a 1:1 DM (type=1)
+      'https://discord.com/api/v10/channels/dmId': { id: 'dmId', type: 1 },
+      // groupDmId is a multi-recipient DM (type=3)
+      'https://discord.com/api/v10/channels/groupDmId': { id: 'groupDmId', type: 3 },
+    });
+
+    const r = await buildDiscordResolver(
+      'valid-token',
+      ['guild-chan', 'dmId', 'groupDmId'],
+      fetchImpl,
+    );
+
+    expect(r.stats()).toEqual({ guilds: 1, channels: 1, dms: 2 });
+    expect(r.resolve('guild-chan')).toBe('discord:g1:guild-chan');
+    expect(r.resolve('dmId')).toBe('discord:@me:dmId');
+    expect(r.resolve('groupDmId')).toBe('discord:@me:groupDmId');
+  });
+
+  it('leaves ids unresolved when classify returns 404 or non-DM type', async () => {
+    const fetchImpl = mockFetch({
+      'https://discord.com/api/v10/users/@me/guilds': [],
+      // 404 — bot has no access (typical when bot was kicked from the guild)
+      'https://discord.com/api/v10/channels/orphanId': {
+        status: 404,
+        statusText: 'Not Found',
+        body: '{"message":"Unknown Channel","code":10003}',
+      },
+      // type=0 — guild text channel in a guild we no longer enumerate (shouldn't happen,
+      // but the fallback is conservative: only emit @me for type 1/3)
+      'https://discord.com/api/v10/channels/leftoverGuildChan': {
+        id: 'leftoverGuildChan',
+        type: 0,
+      },
+    });
+
+    const r = await buildDiscordResolver(
+      'valid-token',
+      ['orphanId', 'leftoverGuildChan'],
+      fetchImpl,
+    );
+
+    expect(r.stats()).toEqual({ guilds: 0, channels: 0, dms: 0 });
+    expect(r.resolve('orphanId')).toBeNull();
+    expect(r.resolve('leftoverGuildChan')).toBeNull();
+  });
+
+  it('skips classify for ids already found in a guild and dedupes input', async () => {
+    let dmCallCount = 0;
+    const fetchImpl = vi.fn(async (input: string | URL | Request) => {
+      const url = typeof input === 'string' ? input : input instanceof URL ? input.toString() : input.url;
+      if (url.includes('/users/@me/guilds')) {
+        return new Response(JSON.stringify([{ id: 'g1', name: 'G1' }]), { status: 200 });
+      }
+      if (url.includes('/guilds/g1/channels')) {
+        return new Response(JSON.stringify([{ id: 'guild-chan' }]), { status: 200 });
+      }
+      if (url.includes('/channels/dmId')) {
+        dmCallCount++;
+        return new Response(JSON.stringify({ id: 'dmId', type: 1 }), { status: 200 });
+      }
+      throw new Error(`unexpected fetch: ${url}`);
+    }) as unknown as typeof fetch;
+
+    // 'guild-chan' is in the guild map (skip classify); 'dmId' appears twice
+    // in the input (classify exactly once).
+    const r = await buildDiscordResolver(
+      'valid-token',
+      ['guild-chan', 'dmId', 'dmId'],
+      fetchImpl,
+    );
+
+    expect(dmCallCount).toBe(1);
+    expect(r.resolve('guild-chan')).toBe('discord:g1:guild-chan');
+    expect(r.resolve('dmId')).toBe('discord:@me:dmId');
+  });
+});
@@ -0,0 +1,176 @@
+/**
+ * Discord channel → platform_id resolver for the v1 → v2 migration.
+ *
+ * v1 stored Discord groups as `dc:<channelId>` — only the channel id, with
+ * no signal for guild vs. DM. v2's `@chat-adapter/discord` encodes
+ * `platform_id` as either `discord:<guildId>:<channelId>` (guild channel)
+ * or `discord:@me:<channelId>` (DM / group DM) — see `guild_id || "@me"`
+ * in the runtime adapter. We can't reconstruct that from v1 data alone, so
+ * we use the v1 bot token (carried forward by 1a-env) to query Discord:
+ *   1. Enumerate every guild the bot is in and every channel in those
+ *      guilds → channelId → guildId map.
+ *   2. For any v1 channel id NOT in that map, classify via `GET
+ *      /channels/<id>` — DM (type=1) and GROUP_DM (type=3) get
+ *      `discord:@me:<id>`. Anything else returns null and the caller
+ *      skips with a warning.
+ *
+ * Network calls are best-effort: on auth failure or network error, the
+ * resolver returns null for every channel and the caller falls back to
+ * skipping with a clear warning.
+ */
+
+const DISCORD_API = 'https://discord.com/api/v10';
+
+// Discord channel types we care about. See:
+// https://discord.com/developers/docs/resources/channel#channel-object-channel-types
+const CHANNEL_TYPE_DM = 1;
+const CHANNEL_TYPE_GROUP_DM = 3;
+
+interface Guild {
+  id: string;
+  name: string;
+}
+
+interface Channel {
+  id: string;
+  name?: string;
+}
+
+interface ChannelInfo {
+  id: string;
+  type: number;
+}
+
+export interface DiscordResolver {
+  /**
+   * Returns the v2 `platform_id` for a v1 channel id, or null if the bot
+   * can't see it. Format is `discord:<guildId>:<channelId>` for guild
+   * channels and `discord:@me:<channelId>` for DMs / group DMs.
+   */
+  resolve(channelId: string): string | null;
+  /** Diagnostic info — guild count, channel count, DM count, optional disable reason. */
+  stats(): { guilds: number; channels: number; dms: number; reason?: string };
+}
+
+/** A no-op resolver that returns null for every lookup with a stored reason. */
+function emptyResolver(reason: string): DiscordResolver {
+  return {
+    resolve: () => null,
+    stats: () => ({ guilds: 0, channels: 0, dms: 0, reason }),
+  };
+}
+
+type FetchFn = typeof fetch;
+
+async function getJson<T>(url: string, token: string, fetchImpl: FetchFn): Promise<T> {
+  const res = await fetchImpl(url, {
+    headers: {
+      Authorization: `Bot ${token}`,
+      'User-Agent': 'NanoClaw-Migration (https://github.com/qwibitai/nanoclaw, 2.x)',
+    },
+  });
+  if (!res.ok) {
+    const body = await res.text().catch(() => '');
+    throw new Error(`Discord API ${res.status} ${res.statusText}: ${body.slice(0, 200)}`);
+  }
+  return (await res.json()) as T;
+}
+
+/**
+ * Build a Discord resolver by enumerating every guild the bot is in and
+ * every channel in those guilds, then classifying any `unresolvedChannelIds`
+ * that didn't show up in a guild via `GET /channels/<id>` (so DMs and
+ * group DMs can be encoded as `discord:@me:<id>`).
+ *
+ * Returns an empty resolver on any error during guild enumeration.
+ *
+ * Costs: 1 + N + K HTTP calls — N = guild count (enumerated channels per
+ * guild), K = unresolved-channel classification calls. Discord's global
+ * rate limit is 50 req/s; even installs with hundreds of guilds finish in
+ * under a second of network time.
+ */
+export async function buildDiscordResolver(
+  token: string,
+  unresolvedChannelIds: string[] = [],
+  fetchImpl: FetchFn = fetch,
+): Promise<DiscordResolver> {
+  if (!token) return emptyResolver('no DISCORD_BOT_TOKEN in .env');
+
+  // Page through guilds. Default page size is 200; loop until short page.
+  const guilds: Guild[] = [];
+  let after: string | null = null;
+  try {
+    while (true) {
+      const url = new URL(`${DISCORD_API}/users/@me/guilds`);
+      url.searchParams.set('limit', '200');
+      if (after) url.searchParams.set('after', after);
+      const page = await getJson<Guild[]>(url.toString(), token, fetchImpl);
+      guilds.push(...page);
+      if (page.length < 200) break;
+      after = page[page.length - 1].id;
+    }
+  } catch (err) {
+    return emptyResolver(`failed to list guilds: ${err instanceof Error ? err.message : String(err)}`);
+  }
+
+  // Per-guild channel enumeration.
+  const channelToGuild = new Map<string, string>();
+  for (const guild of guilds) {
+    try {
+      const channels = await getJson<Channel[]>(
+        `${DISCORD_API}/guilds/${guild.id}/channels`,
+        token,
+        fetchImpl,
+      );
+      for (const ch of channels) {
+        channelToGuild.set(ch.id, guild.id);
+      }
+    } catch (err) {
+      // Skip this guild but keep going — partial results are still useful.
+      // The caller logs which channels couldn't be resolved.
+      console.error(
+        `WARN:discord-resolver: failed to enumerate guild ${guild.id} (${guild.name}): ${
+          err instanceof Error ? err.message : String(err)
+        }`,
+      );
+    }
+  }
+
+  // Classify any v1 channel ids that didn't surface in a guild — they're
+  // most likely DMs (type=1) or group DMs (type=3). Anything else (404,
+  // 403, type=0 in a guild the bot left) stays unresolved so the caller's
+  // existing skip-with-warning path fires.
+  const dmChannels = new Set<string>();
+  const seen = new Set<string>();
+  for (const channelId of unresolvedChannelIds) {
+    if (channelToGuild.has(channelId)) continue;
+    if (seen.has(channelId)) continue;
+    seen.add(channelId);
+    try {
+      const ch = await getJson<ChannelInfo>(
+        `${DISCORD_API}/channels/${channelId}`,
+        token,
+        fetchImpl,
+      );
+      if (ch.type === CHANNEL_TYPE_DM || ch.type === CHANNEL_TYPE_GROUP_DM) {
+        dmChannels.add(channelId);
+      }
+    } catch {
+      // Channel not visible to the bot — leave it unresolved.
+    }
+  }
+
+  return {
+    resolve(channelId: string): string | null {
+      const guildId = channelToGuild.get(channelId);
+      if (guildId) return `discord:${guildId}:${channelId}`;
+      if (dmChannels.has(channelId)) return `discord:@me:${channelId}`;
+      return null;
+    },
+    stats: () => ({
+      guilds: guilds.length,
+      channels: channelToGuild.size,
+      dms: dmChannels.size,
+    }),
+  };
+}
@@ -0,0 +1,81 @@
+/**
+ * migrate-v2 step: env
+ *
+ * Copy every key from v1 .env into v2 .env. Never overwrites existing v2
+ * keys. Idempotent — re-running skips keys already present.
+ *
+ * Usage: pnpm exec tsx setup/migrate-v2/env.ts <v1-path>
+ */
+import fs from 'fs';
+import path from 'path';
+
+function parseEnv(text: string): Map<string, string> {
+  const out = new Map<string, string>();
+  for (const raw of text.split('\n')) {
+    const line = raw.trimEnd();
+    if (!line || line.startsWith('#')) continue;
+    const eq = line.indexOf('=');
+    if (eq <= 0) continue;
+    const key = line.slice(0, eq).trim();
+    if (!/^[A-Z_][A-Z0-9_]*$/i.test(key)) continue;
+    out.set(key, line);
+  }
+  return out;
+}
+
+function main(): void {
+  const v1Path = process.argv[2];
+  if (!v1Path) {
+    console.error('Usage: tsx setup/migrate-v2/env.ts <v1-path>');
+    process.exit(1);
+  }
+
+  const v1EnvPath = path.join(v1Path, '.env');
+  if (!fs.existsSync(v1EnvPath)) {
+    console.log('SKIPPED:no v1 .env');
+    process.exit(0);
+  }
+
+  const v2EnvPath = path.join(process.cwd(), '.env');
+  const v1Lines = parseEnv(fs.readFileSync(v1EnvPath, 'utf-8'));
+  const v2Text = fs.existsSync(v2EnvPath) ? fs.readFileSync(v2EnvPath, 'utf-8') : '';
+  const v2Lines = parseEnv(v2Text);
+
+  const copied: string[] = [];
+  const skipped: string[] = [];
+  const appended: string[] = [];
+
+  const BLOCK_START = '# ── migrated from v1 ──';
+  const alreadyMigrated = v2Text.includes(BLOCK_START);
+
+  for (const [key, raw] of v1Lines) {
+    if (v2Lines.has(key)) {
+      skipped.push(key);
+      continue;
+    }
+    copied.push(key);
+    appended.push(raw);
+  }
+
+  if (appended.length > 0) {
+    let result = v2Text;
+    if (result && !result.endsWith('\n')) result += '\n';
+    if (!alreadyMigrated) result += `\n${BLOCK_START}\n`;
+    result += appended.join('\n') + '\n';
+    fs.writeFileSync(v2EnvPath, result);
+  }
+
+  // Sync to data/env/env (container reads from here)
+  const containerEnvDir = path.join(process.cwd(), 'data', 'env');
+  try {
+    fs.mkdirSync(containerEnvDir, { recursive: true });
+    fs.copyFileSync(v2EnvPath, path.join(containerEnvDir, 'env'));
+  } catch {
+    // Non-fatal
+  }
+
+  console.log(`OK:copied=${copied.length},skipped=${skipped.length}`);
+  if (copied.length > 0) console.log(`COPIED:${copied.join(',')}`);
+}
+
+main();
@@ -0,0 +1,133 @@
+/**
+ * migrate-v2 step: groups
+ *
+ * Copy v1 group folders into v2.
+ *   - v1 CLAUDE.md → v2 CLAUDE.local.md (v2 composes CLAUDE.md at spawn)
+ *   - v1 container_config → .v1-container-config.json sidecar
+ *   - All other files copied (no overwrite)
+ *   - Also copies global/ if it exists
+ *
+ * Idempotent — does not overwrite files that already exist in v2.
+ *
+ * Usage: pnpm exec tsx setup/migrate-v2/groups.ts <v1-path>
+ */
+import fs from 'fs';
+import path from 'path';
+
+import Database from 'better-sqlite3';
+
+const SKIP_NAMES = new Set(['CLAUDE.md', 'logs', '.git', '.DS_Store', 'node_modules']);
+
+/**
+ * Copy a directory tree, skipping SKIP_NAMES. Never overwrites existing files.
+ *
+ * Symlinks are skipped, not followed: v1 group folders sometimes contain
+ * container-side paths like `.claude-shared.md → /app/CLAUDE.md` that
+ * don't resolve on the host. Following them with `fs.copyFileSync` would
+ * crash ENOENT on a broken target and abort the rest of the traversal.
+ * v2 uses composed CLAUDE.md fragments anyway — these v1 symlinks have no
+ * v2 meaning and don't need to be carried forward.
+ */
+function copyTree(src: string, dst: string): number {
+  let written = 0;
+  if (!fs.existsSync(src)) return 0;
+  fs.mkdirSync(dst, { recursive: true });
+
+  for (const entry of fs.readdirSync(src, { withFileTypes: true })) {
+    if (SKIP_NAMES.has(entry.name)) continue;
+    const s = path.join(src, entry.name);
+    const d = path.join(dst, entry.name);
+
+    if (entry.isSymbolicLink()) {
+      console.log(`SKIP:symlink ${path.relative(process.cwd(), s)}`);
+      continue;
+    }
+    if (entry.isDirectory()) {
+      written += copyTree(s, d);
+      continue;
+    }
+    if (fs.existsSync(d)) continue;
+    fs.copyFileSync(s, d);
+    written += 1;
+  }
+  return written;
+}
+
+function main(): void {
+  const v1Path = process.argv[2];
+  if (!v1Path) {
+    console.error('Usage: tsx setup/migrate-v2/groups.ts <v1-path>');
+    process.exit(1);
+  }
+
+  const v1GroupsDir = path.join(v1Path, 'groups');
+  const v2GroupsDir = path.join(process.cwd(), 'groups');
+
+  if (!fs.existsSync(v1GroupsDir)) {
+    console.log('SKIPPED:no v1 groups/ directory');
+    process.exit(0);
+  }
+
+  // Get all folders from v1 DB to know which groups are registered
+  const v1DbPath = path.join(v1Path, 'store', 'messages.db');
+  const registeredFolders = new Set<string>();
+  if (fs.existsSync(v1DbPath)) {
+    const v1Db = new Database(v1DbPath, { readonly: true, fileMustExist: true });
+    const rows = v1Db
+      .prepare('SELECT folder, container_config FROM registered_groups')
+      .all() as Array<{ folder: string; container_config: string | null }>;
+    const containerConfigs = new Map<string, string | null>();
+    for (const r of rows) {
+      registeredFolders.add(r.folder);
+      containerConfigs.set(r.folder, r.container_config);
+    }
+    v1Db.close();
+
+    // Write container.json from v1 container_config.
+    // The additionalMounts shape is identical between v1 and v2.
+    for (const [folder, config] of containerConfigs) {
+      if (!config) continue;
+      const v2Folder = path.join(v2GroupsDir, folder);
+      const containerJson = path.join(v2Folder, 'container.json');
+      if (fs.existsSync(containerJson)) continue;
+      fs.mkdirSync(v2Folder, { recursive: true });
+      try {
+        const parsed = JSON.parse(config) as Record<string, unknown>;
+        fs.writeFileSync(containerJson, JSON.stringify(parsed, null, 2));
+      } catch {
+        // Unparseable config — write as sidecar for the skill to handle
+        fs.writeFileSync(path.join(v2Folder, '.v1-container-config.json'), config);
+      }
+    }
+  }
+
+  // Copy all v1 group folders (registered + global + any extras)
+  let foldersCopied = 0;
+  let claudesMigrated = 0;
+  let filesCopied = 0;
+
+  for (const entry of fs.readdirSync(v1GroupsDir, { withFileTypes: true })) {
+    if (!entry.isDirectory()) continue;
+    const folder = entry.name;
+    const v1Folder = path.join(v1GroupsDir, folder);
+    const v2Folder = path.join(v2GroupsDir, folder);
+
+    fs.mkdirSync(v2Folder, { recursive: true });
+
+    // CLAUDE.md → CLAUDE.local.md
+    const v1Claude = path.join(v1Folder, 'CLAUDE.md');
+    const v2Local = path.join(v2Folder, 'CLAUDE.local.md');
+    if (fs.existsSync(v1Claude) && !fs.existsSync(v2Local)) {
+      fs.copyFileSync(v1Claude, v2Local);
+      claudesMigrated++;
+    }
+
+    // Copy everything else
+    filesCopied += copyTree(v1Folder, v2Folder);
+    foldersCopied++;
+  }
+
+  console.log(`OK:folders=${foldersCopied},claudes=${claudesMigrated},files=${filesCopied}`);
+}
+
+main();
@@ -0,0 +1,64 @@
+/**
+ * migrate-v2: interactive channel selection via clack multiselect.
+ *
+ * Writes selected channel names (one per line) to the file path given as
+ * the first argument. Clack renders to the terminal normally.
+ *
+ * If NANOCLAW_CHANNELS env var is set (comma-separated names), skips the
+ * prompt and writes those directly.
+ *
+ * Usage: pnpm exec tsx setup/migrate-v2/select-channels.ts <output-file>
+ */
+import fs from 'fs';
+
+import * as p from '@clack/prompts';
+import { styleText } from 'node:util';
+
+const CHANNELS = [
+  { value: 'telegram',       label: 'Telegram' },
+  { value: 'discord',        label: 'Discord' },
+  { value: 'slack',          label: 'Slack' },
+  { value: 'whatsapp',       label: 'WhatsApp' },
+  { value: 'teams',          label: 'Microsoft Teams' },
+  { value: 'matrix',         label: 'Matrix' },
+  { value: 'imessage',       label: 'iMessage' },
+  { value: 'webex',          label: 'Webex' },
+  { value: 'gchat',          label: 'Google Chat' },
+  { value: 'resend',         label: 'Resend (email)' },
+  { value: 'github',         label: 'GitHub' },
+  { value: 'linear',         label: 'Linear' },
+  { value: 'whatsapp-cloud', label: 'WhatsApp Cloud API' },
+];
+
+const VALID_NAMES = new Set(CHANNELS.map((c) => c.value));
+
+async function main(): Promise<void> {
+  const outFile = process.argv[2];
+  if (!outFile) {
+    console.error('Usage: tsx setup/migrate-v2/select-channels.ts <output-file>');
+    process.exit(1);
+  }
+
+  // Non-interactive: NANOCLAW_CHANNELS="telegram,discord"
+  const envChannels = process.env.NANOCLAW_CHANNELS?.trim();
+  if (envChannels) {
+    const names = envChannels.split(',').map((s) => s.trim()).filter((s) => VALID_NAMES.has(s));
+    fs.writeFileSync(outFile, names.join('\n') + '\n');
+    return;
+  }
+
+  const selected = await p.multiselect({
+    message: 'Which channels do you want to set up?\n' + styleText('dim', '  space to select, enter to confirm') + '\n',
+    options: CHANNELS,
+    required: false,
+  });
+
+  if (p.isCancel(selected)) {
+    fs.writeFileSync(outFile, '');
+    return;
+  }
+
+  fs.writeFileSync(outFile, (selected as string[]).join('\n') + '\n');
+}
+
+main();
@@ -0,0 +1,183 @@
+/**
+ * migrate-v2 step: sessions
+ *
+ * For each v1 session folder, create a proper v2 session:
+ *   1. Create a sessions row in v2.db (via resolveSession)
+ *   2. Initialize the session folder (inbound.db, outbound.db, outbox/)
+ *   3. Write session routing so the container knows where to reply
+ *   4. Copy v1 .claude/ state into v2's .claude-shared/ directory
+ *
+ * v1: data/sessions/<folder>/.claude/ (settings, conversation history, skills)
+ * v2: data/v2-sessions/<agent_group_id>/.claude-shared/ + session folder
+ *
+ * v1's agent-runner-src/ is NOT copied — v2 uses a completely different
+ * Bun-based agent-runner.
+ *
+ * Idempotent — reuses existing sessions, does not overwrite files.
+ *
+ * Usage: pnpm exec tsx setup/migrate-v2/sessions.ts <v1-path>
+ */
+import fs from 'fs';
+import path from 'path';
+
+import Database from 'better-sqlite3';
+
+import { DATA_DIR } from '../../src/config.js';
+import { initDb, closeDb } from '../../src/db/connection.js';
+import { getAllAgentGroups } from '../../src/db/agent-groups.js';
+import { getMessagingGroupsByAgentGroup } from '../../src/db/messaging-groups.js';
+import { runMigrations } from '../../src/db/migrations/index.js';
+import {
+  resolveSession,
+  writeSessionRouting,
+  outboundDbPath,
+} from '../../src/session-manager.js';
+
+const SKIP_NAMES = new Set(['.DS_Store']);
+
+/** Recursively copy, never overwriting existing files. */
+function copyTree(src: string, dst: string): number {
+  let written = 0;
+  if (!fs.existsSync(src)) return 0;
+  fs.mkdirSync(dst, { recursive: true });
+
+  for (const entry of fs.readdirSync(src, { withFileTypes: true })) {
+    if (SKIP_NAMES.has(entry.name)) continue;
+    const s = path.join(src, entry.name);
+    const d = path.join(dst, entry.name);
+
+    if (entry.isDirectory()) {
+      written += copyTree(s, d);
+      continue;
+    }
+    // Skip dangling symlinks (e.g. v1's .claude/debug/latest pointer).
+    if (entry.isSymbolicLink() && !fs.existsSync(s)) continue;
+    if (fs.existsSync(d)) continue;
+    fs.copyFileSync(s, d);
+    written += 1;
+  }
+  return written;
+}
+
+function main(): void {
+  const v1Path = process.argv[2];
+  if (!v1Path) {
+    console.error('Usage: tsx setup/migrate-v2/sessions.ts <v1-path>');
+    process.exit(1);
+  }
+
+  const v1SessionsDir = path.join(v1Path, 'data', 'sessions');
+  if (!fs.existsSync(v1SessionsDir)) {
+    console.log('SKIPPED:no v1 data/sessions/ directory');
+    process.exit(0);
+  }
+
+  // Init v2 central DB
+  const v2DbPath = path.join(DATA_DIR, 'v2.db');
+  if (!fs.existsSync(v2DbPath)) {
+    console.error('v2.db not found — run db step first');
+    process.exit(1);
+  }
+
+  const v2Db = initDb(v2DbPath);
+  runMigrations(v2Db);
+
+  const agentGroups = getAllAgentGroups();
+  const folderToAg = new Map<string, { id: string; folder: string }>();
+  for (const ag of agentGroups) {
+    folderToAg.set(ag.folder, ag);
+  }
+
+  let sessionsCreated = 0;
+  let sessionsReused = 0;
+  let sessionsSkipped = 0;
+  let filesCopied = 0;
+
+  for (const entry of fs.readdirSync(v1SessionsDir, { withFileTypes: true })) {
+    if (!entry.isDirectory()) continue;
+    const folder = entry.name;
+
+    const ag = folderToAg.get(folder);
+    if (!ag) {
+      sessionsSkipped++;
+      continue;
+    }
+
+    // Find the messaging groups wired to this agent group
+    const messagingGroups = getMessagingGroupsByAgentGroup(ag.id);
+    if (messagingGroups.length === 0) {
+      sessionsSkipped++;
+      continue;
+    }
+
+    // Create a session for each messaging group (v1 had one session per
+    // folder, v2 has one per agent_group + messaging_group pair)
+    for (const mg of messagingGroups) {
+      const { session, created } = resolveSession(ag.id, mg.id, null, 'shared');
+
+      if (created) {
+        // Write routing so the container knows where to reply
+        writeSessionRouting(ag.id, session.id);
+        sessionsCreated++;
+      } else {
+        sessionsReused++;
+      }
+    }
+
+    // Copy v1 .claude/ state into v2's .claude-shared/ directory
+    // This is per-agent-group, shared across all sessions for that group
+    const v1ClaudeDir = path.join(v1SessionsDir, folder, '.claude');
+    if (fs.existsSync(v1ClaudeDir)) {
+      const v2ClaudeDir = path.join(DATA_DIR, 'v2-sessions', ag.id, '.claude-shared');
+      filesCopied += copyTree(v1ClaudeDir, v2ClaudeDir);
+
+      // v1 containers worked in /workspace/group, v2 works in /workspace/agent.
+      // Claude Code stores sessions under projects/<hashed-cwd>/. Copy the v1
+      // project dir to the v2 path so Claude Code finds the conversation history.
+      const projectsDir = path.join(v2ClaudeDir, 'projects');
+      const v1ProjectDir = path.join(projectsDir, '-workspace-group');
+      const v2ProjectDir = path.join(projectsDir, '-workspace-agent');
+      if (fs.existsSync(v1ProjectDir) && !fs.existsSync(v2ProjectDir)) {
+        filesCopied += copyTree(v1ProjectDir, v2ProjectDir);
+      }
+
+      // Write the v1 Claude Code session ID as the continuation in outbound.db
+      // so the agent-runner resumes the exact same conversation.
+      // The session ID is the JSONL filename (without extension) under the
+      // project dir.
+      const sourceDir = fs.existsSync(v2ProjectDir) ? v2ProjectDir : v1ProjectDir;
+      if (fs.existsSync(sourceDir)) {
+        const jsonlFiles = fs.readdirSync(sourceDir).filter((f) => f.endsWith('.jsonl'));
+        if (jsonlFiles.length > 0) {
+          // Use the most recent JSONL file (by mtime from v1)
+          const v1SessionId = jsonlFiles
+            .map((f) => ({
+              name: f.replace('.jsonl', ''),
+              mtime: fs.statSync(path.join(sourceDir, f)).mtimeMs,
+            }))
+            .sort((a, b) => b.mtime - a.mtime)[0].name;
+
+          // Write into each v2 session's outbound.db for this agent group
+          const sessions = getMessagingGroupsByAgentGroup(ag.id);
+          for (const mg of sessions) {
+            const { session } = resolveSession(ag.id, mg.id, null, 'shared');
+            const obPath = outboundDbPath(ag.id, session.id);
+            if (fs.existsSync(obPath)) {
+              const ob = new Database(obPath);
+              ob.prepare(
+                "INSERT OR REPLACE INTO session_state (key, value, updated_at) VALUES ('continuation:claude', ?, ?)",
+              ).run(v1SessionId, new Date().toISOString());
+              ob.close();
+            }
+          }
+        }
+      }
+    }
+  }
+
+  closeDb();
+
+  console.log(`OK:created=${sessionsCreated},reused=${sessionsReused},skipped=${sessionsSkipped},files=${filesCopied}`);
+}
+
+main();
@@ -0,0 +1,228 @@
+/**
+ * Shared helpers for the v1 → v2 migration steps.
+ */
+
+// ── JID parsing ─────────────────────────────────────────────────────────
+
+/** v1 JID prefix → v2 channel_type. Unknown prefixes pass through as-is. */
+export const JID_PREFIX_TO_CHANNEL: Record<string, string> = {
+  dc: 'discord',
+  discord: 'discord',
+  tg: 'telegram',
+  telegram: 'telegram',
+  wa: 'whatsapp',
+  whatsapp: 'whatsapp',
+  slack: 'slack',
+  matrix: 'matrix',
+  mx: 'matrix',
+  teams: 'teams',
+  imessage: 'imessage',
+  im: 'imessage',
+  email: 'email',
+  webex: 'webex',
+  gchat: 'gchat',
+  linear: 'linear',
+  github: 'github',
+};
+
+export interface ParsedJid {
+  raw: string;
+  prefix: string;
+  id: string;
+  channel_type: string;
+}
+
+/** WhatsApp (Baileys) JID hosts. v1 stored these raw, with no `wa:` prefix. */
+const WA_JID_HOSTS = new Set(['s.whatsapp.net', 'g.us', 'lid', 'broadcast', 'newsletter']);
+
+function isWhatsappJid(raw: string): boolean {
+  const at = raw.lastIndexOf('@');
+  if (at === -1) return false;
+  return WA_JID_HOSTS.has(raw.slice(at + 1).toLowerCase());
+}
+
+export function parseJid(raw: string): ParsedJid | null {
+  if (isWhatsappJid(raw)) {
+    return { raw, prefix: 'whatsapp', id: raw, channel_type: 'whatsapp' };
+  }
+  const colon = raw.indexOf(':');
+  if (colon === -1) return null;
+  const prefix = raw.slice(0, colon).toLowerCase();
+  const id = raw.slice(colon + 1);
+  if (!prefix || !id) return null;
+  return {
+    raw,
+    prefix,
+    id,
+    channel_type: JID_PREFIX_TO_CHANNEL[prefix] ?? prefix,
+  };
+}
+
+/**
+ * Build a v2 platform_id from a v1 JID, in the format the runtime adapter
+ * for that channel emits. WhatsApp uses the raw Baileys JID (`<id>@<host>`,
+ * no prefix). Other channels use `<channel_type>:<id>`.
+ */
+export function v2PlatformId(channelType: string, jid: string): string {
+  if (channelType === 'whatsapp') {
+    // Strip any v1 `wa:`/`whatsapp:` prefix; otherwise pass through raw.
+    const parsed = parseJid(jid);
+    return parsed?.channel_type === 'whatsapp' ? parsed.id : jid;
+  }
+  const parsed = parseJid(jid);
+  const id = parsed?.id ?? jid;
+  return id.startsWith(`${channelType}:`) ? id : `${channelType}:${id}`;
+}
+
+/**
+ * Infer messaging_groups.is_group from a v2 platform_id, given a channel type.
+ *
+ * v1 didn't track is_group, but most channels encode it in the JID/id format:
+ *   - whatsapp: `<id>@g.us` is a group, `<id>@s.whatsapp.net` / `@lid` is a DM
+ *   - telegram: negative chat IDs are groups, positive are DMs
+ *   - everything else: default to 1 (group/channel) — least-surprising guess
+ *     for chats v1 chose to register, where DM auto-create paths weren't used
+ */
+export function inferIsGroup(channelType: string, platformId: string): number {
+  if (channelType === 'whatsapp') {
+    return platformId.endsWith('@g.us') ? 1 : 0;
+  }
+  if (channelType === 'telegram') {
+    // platform_id is `telegram:<chatId>` — negative chatId means group/channel.
+    const chatId = platformId.replace(/^telegram:/, '');
+    return chatId.startsWith('-') ? 1 : 0;
+  }
+  return 1;
+}
+
+// ── Trigger mapping ─────────────────────────────────────────────────────
+
+/**
+ * Map v1's trigger_pattern + requires_trigger to v2's engage_mode + engage_pattern.
+ *
+ * Key rule: requires_trigger=0 means "respond to everything" regardless
+ * of the pattern value. The pattern was for mention highlighting, not gating.
+ */
+export function triggerToEngage(input: {
+  trigger_pattern: string | null;
+  requires_trigger: number | null;
+}): {
+  engage_mode: 'pattern' | 'mention' | 'mention-sticky';
+  engage_pattern: string | null;
+} {
+  const pattern = input.trigger_pattern && input.trigger_pattern.trim().length > 0 ? input.trigger_pattern : null;
+  const requiresTrigger = input.requires_trigger !== 0;
+
+  if (pattern === '.' || pattern === '.*') {
+    return { engage_mode: 'pattern', engage_pattern: '.' };
+  }
+  if (!requiresTrigger) {
+    return { engage_mode: 'pattern', engage_pattern: '.' };
+  }
+  if (pattern) {
+    return { engage_mode: 'pattern', engage_pattern: pattern };
+  }
+  return { engage_mode: 'mention', engage_pattern: null };
+}
+
+// ── ID generation ───────────────────────────────────────────────────────
+
+export function generateId(prefix: string): string {
+  return `${prefix}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+}
+
+// ── Channel auth registry ───────────────────────────────────────────────
+
+export interface ChannelAuthSpec {
+  v1EnvKeys: string[];
+  requiredV2Keys: { key: string; where: string }[];
+  candidatePaths: string[];
+  note?: string;
+}
+
+export const CHANNEL_AUTH_REGISTRY: Record<string, ChannelAuthSpec> = {
+  discord: {
+    v1EnvKeys: ['DISCORD_BOT_TOKEN', 'DISCORD_CLIENT_ID', 'DISCORD_GUILD_ID'],
+    requiredV2Keys: [
+      { key: 'DISCORD_BOT_TOKEN', where: 'Discord Developer Portal → Application → Bot → Token' },
+      { key: 'DISCORD_APPLICATION_ID', where: 'Discord Developer Portal → Application → General → Application ID' },
+      { key: 'DISCORD_PUBLIC_KEY', where: 'Discord Developer Portal → Application → General → Public Key' },
+    ],
+    candidatePaths: [],
+    note: 'v1 used raw discord.js (bot token only). v2 uses Chat SDK and needs APPLICATION_ID + PUBLIC_KEY too.',
+  },
+  telegram: {
+    v1EnvKeys: ['TELEGRAM_BOT_TOKEN', 'TELEGRAM_API_ID', 'TELEGRAM_API_HASH'],
+    requiredV2Keys: [
+      { key: 'TELEGRAM_BOT_TOKEN', where: 'BotFather on Telegram → /mybots → Bot → API Token' },
+    ],
+    candidatePaths: ['data/sessions/telegram', 'store/telegram-session'],
+  },
+  whatsapp: {
+    v1EnvKeys: ['WHATSAPP_PHONE', 'WHATSAPP_OWNER'],
+    requiredV2Keys: [],
+    candidatePaths: [
+      'data/sessions/baileys',
+      'data/baileys_auth',
+      'store/auth_info_baileys',
+      'store/baileys',
+      'auth_info_baileys',
+    ],
+    note: 'Baileys keystore — copying is best-effort. Encryption sessions may still need a fresh pair via /add-whatsapp.',
+  },
+  matrix: {
+    v1EnvKeys: ['MATRIX_HOMESERVER', 'MATRIX_USER_ID', 'MATRIX_ACCESS_TOKEN'],
+    requiredV2Keys: [
+      { key: 'MATRIX_HOMESERVER', where: 'your Matrix homeserver URL (e.g. https://matrix.org)' },
+      { key: 'MATRIX_ACCESS_TOKEN', where: 'Element → Settings → Help & About → Access Token (keep secret)' },
+    ],
+    candidatePaths: ['data/matrix-store', 'store/matrix', 'data/sessions/matrix'],
+  },
+  slack: {
+    v1EnvKeys: ['SLACK_BOT_TOKEN', 'SLACK_APP_TOKEN', 'SLACK_SIGNING_SECRET'],
+    requiredV2Keys: [
+      { key: 'SLACK_BOT_TOKEN', where: 'Slack app → OAuth & Permissions → Bot User OAuth Token (xoxb-…)' },
+      { key: 'SLACK_SIGNING_SECRET', where: 'Slack app → Basic Information → Signing Secret' },
+    ],
+    candidatePaths: [],
+  },
+  teams: {
+    v1EnvKeys: ['TEAMS_APP_ID', 'TEAMS_APP_PASSWORD', 'TEAMS_TENANT_ID'],
+    requiredV2Keys: [
+      { key: 'TEAMS_APP_ID', where: 'Azure portal → App registration → Application (client) ID' },
+      { key: 'TEAMS_APP_PASSWORD', where: 'Azure portal → App registration → Certificates & secrets' },
+    ],
+    candidatePaths: [],
+  },
+  imessage: {
+    v1EnvKeys: ['IMESSAGE_PHOTON_URL', 'IMESSAGE_PHOTON_TOKEN'],
+    requiredV2Keys: [],
+    candidatePaths: ['data/imessage', 'store/imessage'],
+  },
+  webex: {
+    v1EnvKeys: ['WEBEX_BOT_TOKEN'],
+    requiredV2Keys: [{ key: 'WEBEX_BOT_TOKEN', where: 'Webex developer portal → Bot → Bot Access Token' }],
+    candidatePaths: [],
+  },
+  gchat: {
+    v1EnvKeys: ['GCHAT_SERVICE_ACCOUNT', 'GCHAT_WEBHOOK_URL'],
+    requiredV2Keys: [],
+    candidatePaths: ['data/gchat-credentials.json', 'store/gchat-sa.json'],
+  },
+  resend: {
+    v1EnvKeys: ['RESEND_API_KEY', 'RESEND_FROM'],
+    requiredV2Keys: [{ key: 'RESEND_API_KEY', where: 'resend.com → API Keys' }],
+    candidatePaths: [],
+  },
+  github: {
+    v1EnvKeys: ['GITHUB_WEBHOOK_SECRET', 'GITHUB_APP_ID', 'GITHUB_PRIVATE_KEY_PATH'],
+    requiredV2Keys: [],
+    candidatePaths: [],
+    note: 'Webhook channel — secrets carry over, but GitHub webhook URLs are new per v2 install.',
+  },
+  linear: {
+    v1EnvKeys: ['LINEAR_API_KEY', 'LINEAR_WEBHOOK_SECRET'],
+    requiredV2Keys: [{ key: 'LINEAR_API_KEY', where: 'Linear → Settings → API → Personal API keys' }],
+    candidatePaths: [],
+  },
+};
@@ -0,0 +1,53 @@
+/**
+ * migrate-v2: service switchover prompts.
+ *
+ * Writes a single word to the output file:
+ *   --offer-switch   → "switch" | "skip"
+ *   --keep-or-revert → "keep" | "revert"
+ *
+ * Clack renders to the terminal normally.
+ *
+ * Usage: pnpm exec tsx setup/migrate-v2/switchover-prompt.ts --offer-switch <output-file>
+ */
+import fs from 'fs';
+
+import * as p from '@clack/prompts';
+
+async function main(): Promise<void> {
+  const mode = process.argv[2];
+  const outFile = process.argv[3];
+
+  if (!outFile) {
+    console.error('Usage: tsx setup/migrate-v2/switchover-prompt.ts <--offer-switch|--keep-or-revert> <output-file>');
+    process.exit(1);
+  }
+
+  if (mode === '--offer-switch') {
+    const answer = await p.select({
+      message: 'Want to stop the v1 service and start v2 so you can test?',
+      options: [
+        { value: 'switch', label: 'Yes, switch to v2 now', hint: 'you can switch back after' },
+        { value: 'skip', label: 'No, skip for now', hint: 'start v2 manually later' },
+      ],
+    });
+    fs.writeFileSync(outFile, p.isCancel(answer) ? 'skip' : String(answer));
+    return;
+  }
+
+  if (mode === '--keep-or-revert') {
+    const answer = await p.select({
+      message: 'Keep v2 running, or switch back to v1?',
+      options: [
+        { value: 'keep', label: 'Keep v2', hint: 'v1 stays stopped' },
+        { value: 'revert', label: 'Switch back to v1', hint: 'stop v2, restart v1' },
+      ],
+    });
+    fs.writeFileSync(outFile, p.isCancel(answer) ? 'revert' : String(answer));
+    return;
+  }
+
+  console.error('Usage: --offer-switch | --keep-or-revert');
+  process.exit(1);
+}
+
+main();
@@ -0,0 +1,178 @@
+/**
+ * migrate-v2 step: tasks
+ *
+ * Port v1 scheduled_tasks into v2 session inbound DBs.
+ *
+ * v1: scheduled_tasks table (schedule_type, schedule_value, next_run)
+ * v2: messages_in rows with kind='task' in per-session inbound.db
+ *
+ * Requires: db step must have run first (agent_groups + messaging_groups seeded).
+ *
+ * Usage: pnpm exec tsx setup/migrate-v2/tasks.ts <v1-path>
+ */
+import fs from 'fs';
+import path from 'path';
+
+import Database from 'better-sqlite3';
+
+import { DATA_DIR } from '../../src/config.js';
+import { initDb, closeDb } from '../../src/db/connection.js';
+import { getAgentGroupByFolder } from '../../src/db/agent-groups.js';
+import { getMessagingGroupByPlatform } from '../../src/db/messaging-groups.js';
+import { runMigrations } from '../../src/db/migrations/index.js';
+import { insertTask } from '../../src/modules/scheduling/db.js';
+import { openInboundDb, resolveSession } from '../../src/session-manager.js';
+import { readEnvFile } from '../../src/env.js';
+import { buildDiscordResolver, type DiscordResolver } from './discord-resolver.js';
+import { parseJid, v2PlatformId } from './shared.js';
+
+interface V1Task {
+  id: string;
+  group_folder: string;
+  chat_jid: string;
+  prompt: string;
+  schedule_type: string;
+  schedule_value: string;
+  next_run: string | null;
+  status: string;
+  context_mode: string | null;
+  script: string | null;
+}
+
+function toCron(t: V1Task): { processAfter: string; recurrence: string | null } | null {
+  const now = new Date().toISOString();
+
+  if (t.schedule_type === 'cron') {
+    const fields = t.schedule_value.trim().split(/\s+/).length;
+    if (fields < 5 || fields > 6) return null;
+    return { processAfter: t.next_run || now, recurrence: t.schedule_value.trim() };
+  }
+
+  if (t.schedule_type === 'interval') {
+    const m = /^(\d+)([smhd])$/.exec(t.schedule_value.trim());
+    if (!m) return null;
+    const n = parseInt(m[1], 10);
+    const unit = m[2];
+    if (!n || n < 1) return null;
+    let cron: string | null = null;
+    if (unit === 'm' && n < 60) cron = `*/${n} * * * *`;
+    else if (unit === 'h' && n < 24) cron = `0 */${n} * * *`;
+    else if (unit === 'd' && n < 28) cron = `0 0 */${n} * *`;
+    if (!cron) return null;
+    return { processAfter: t.next_run || now, recurrence: cron };
+  }
+
+  if (t.schedule_type === 'once' || t.schedule_type === 'at') {
+    return { processAfter: t.next_run || t.schedule_value || now, recurrence: null };
+  }
+
+  return null;
+}
+
+async function main(): Promise<void> {
+  const v1Path = process.argv[2];
+  if (!v1Path) {
+    console.error('Usage: tsx setup/migrate-v2/tasks.ts <v1-path>');
+    process.exit(1);
+  }
+
+  const v1DbPath = path.join(v1Path, 'store', 'messages.db');
+  if (!fs.existsSync(v1DbPath)) {
+    console.log('SKIPPED:no v1 DB');
+    process.exit(0);
+  }
+
+  // Read v1 tasks
+  const v1Db = new Database(v1DbPath, { readonly: true, fileMustExist: true });
+  const allTasks = v1Db.prepare('SELECT * FROM scheduled_tasks').all() as V1Task[];
+  v1Db.close();
+
+  const activeTasks = allTasks.filter((t) => t.status === 'active');
+  if (activeTasks.length === 0) {
+    console.log('SKIPPED:no active tasks');
+    process.exit(0);
+  }
+
+  // Init v2 central DB
+  const v2DbPath = path.join(DATA_DIR, 'v2.db');
+  if (!fs.existsSync(v2DbPath)) {
+    console.error('v2.db not found — run db step first');
+    process.exit(1);
+  }
+  const v2Db = initDb(v2DbPath);
+  runMigrations(v2Db);
+
+  let migrated = 0;
+  let skipped = 0;
+  let failed = 0;
+
+  // Mirrors db.ts: Discord platform_id needs API lookup to recover guildId.
+  let discordResolver: DiscordResolver | null = null;
+  const hasDiscord = activeTasks.some((t) => parseJid(t.chat_jid)?.channel_type === 'discord');
+  if (hasDiscord) {
+    const env = readEnvFile(['DISCORD_BOT_TOKEN']);
+    discordResolver = await buildDiscordResolver(env.DISCORD_BOT_TOKEN ?? '');
+  }
+
+  for (const t of activeTasks) {
+    try {
+      const ag = getAgentGroupByFolder(t.group_folder);
+      if (!ag) { skipped++; continue; }
+
+      const parsed = parseJid(t.chat_jid);
+      if (!parsed) { skipped++; continue; }
+
+      let platformId: string;
+      if (parsed.channel_type === 'discord') {
+        const resolved = discordResolver?.resolve(parsed.id) ?? null;
+        if (!resolved) { skipped++; continue; }
+        platformId = resolved;
+      } else {
+        platformId = v2PlatformId(parsed.channel_type, t.chat_jid);
+      }
+      const mg = getMessagingGroupByPlatform(parsed.channel_type, platformId);
+      if (!mg) { skipped++; continue; }
+
+      const scheduling = toCron(t);
+      if (!scheduling) { skipped++; continue; }
+
+      const { session } = resolveSession(ag.id, mg.id, null, 'shared');
+      const inboxDb = openInboundDb(ag.id, session.id);
+      try {
+        // Idempotence check
+        const existing = inboxDb
+          .prepare("SELECT id FROM messages_in WHERE id = ? AND kind = 'task'")
+          .get(t.id) as { id: string } | undefined;
+        if (existing) { skipped++; continue; }
+
+        insertTask(inboxDb, {
+          id: t.id,
+          processAfter: scheduling.processAfter,
+          recurrence: scheduling.recurrence,
+          platformId,
+          channelType: parsed.channel_type,
+          threadId: null,
+          content: JSON.stringify({
+            prompt: t.prompt,
+            script: t.script ?? null,
+            migrated_from_v1: { original_id: t.id, context_mode: t.context_mode ?? null },
+          }),
+        });
+        migrated++;
+      } finally {
+        inboxDb.close();
+      }
+    } catch (err) {
+      failed++;
+      console.error(`TASK_ERROR:${t.id}:${err instanceof Error ? err.message : String(err)}`);
+    }
+  }
+
+  closeDb();
+  console.log(`OK:active=${activeTasks.length},migrated=${migrated},skipped=${skipped},failed=${failed}`);
+}
+
+main().catch((err) => {
+  console.error(`FAIL:${err instanceof Error ? err.message : String(err)}`);
+  process.exit(1);
+});
@@ -115,9 +115,43 @@ function installOnecliCliOnly(): { stdout: string; ok: boolean } {
  return { stdout: upstream.stdout + (upstream.stderr ?? '') + '\n' + fallback.stdout, ok: fallback.ok };
 }

+// Remove containers in the "onecli" compose project whose service name isn't
+// in the v2 set. Pre-v2 OneCLI used service "app" (container onecli-app-1);
+// v2 uses "onecli". Compose flags the old container as an orphan but won't
+// stop it without --remove-orphans, leaving port 10254 bound and crashing
+// the new bring-up. Filed upstream; this is the downstream workaround.
+function removeLegacyOnecliContainers(): string {
+  const out: string[] = [];
+  let list = '';
+  try {
+    list = execSync(
+      `docker ps -a --filter "label=com.docker.compose.project=onecli" --format '{{.Names}}|{{.Label "com.docker.compose.service"}}'`,
+      { encoding: 'utf-8', stdio: ['ignore', 'pipe', 'pipe'] },
+    ).trim();
+  } catch {
+    return '';
+  }
+  if (!list) return '';
+  const v2Services = new Set(['onecli', 'postgres']);
+  for (const line of list.split('\n')) {
+    const [name, service] = line.split('|');
+    if (!name || !service || v2Services.has(service)) continue;
+    out.push(`Removing legacy OneCLI container: ${name} (service=${service})`);
+    try {
+      execSync(`docker rm -f ${JSON.stringify(name)}`, { stdio: ['ignore', 'pipe', 'pipe'] });
+    } catch (err) {
+      out.push(`  rm failed (continuing): ${(err as Error).message}`);
+    }
+  }
+  return out.join('\n');
+}
+
 function installOnecli(): { stdout: string; ok: boolean } {
  let stdout = '';

+  const cleanup = removeLegacyOnecliContainers();
+  if (cleanup) stdout += cleanup + '\n';
+
  // Gateway install (docker-compose based, no rate-limit concerns).
  const gw = runInstall('curl -fsSL onecli.sh/install | sh');
  stdout += gw.stdout;
@@ -51,13 +51,34 @@ command -v script >/dev/null \
 tmpfile=$(mktemp -t claude-setup-token.XXXXXX)
 trap 'rm -f "$tmpfile"' EXIT

-cat <<'EOF'
+# Detect headless. Mirrors `isHeadless()` in setup/platform.ts: on Linux
+# with neither DISPLAY nor WAYLAND_DISPLAY set, no graphical session
+# exists, so `claude setup-token` won't be able to auto-open a browser
+# and the user will need to copy the printed sign-in URL by hand. The
+# pre-message copy below is swapped accordingly so we don't promise a
+# browser pop that will never happen.
+is_headless=0
+if [ "$(uname -s)" = "Linux" ] && [ -z "${DISPLAY:-}" ] && [ -z "${WAYLAND_DISPLAY:-}" ]; then
+  is_headless=1
+fi
+
+if [ "$is_headless" = "1" ]; then
+  cat <<'EOF'
+A sign-in link will appear for you to sign in with your Claude account.
+When you finish, we'll save the token to your OneCLI vault automatically.
+
+Press Enter to continue, or edit the command first.
+
+EOF
+else
+  cat <<'EOF'
 A browser window will open for you to sign in with your Claude account.
 When you finish, we'll save the token to your OneCLI vault automatically.

 Press Enter to continue, or edit the command first.

 EOF
+fi

 cmd="claude setup-token"
 if [ "${BASH_VERSINFO[0]:-0}" -ge 4 ]; then
@@ -5,45 +5,14 @@ import { determineVerifyStatus } from './verify.js';
 const healthyBase = {
  service: 'running' as const,
  credentials: 'configured',
-  anyChannelConfigured: false,
  registeredGroups: 1,
-  agentPing: 'ok' as const,
 };

 describe('determineVerifyStatus', () => {
-  it('accepts a working CLI-only install', () => {
+  it('accepts a healthy install with at least one wired agent group', () => {
    expect(determineVerifyStatus(healthyBase)).toBe('success');
  });

-  it('accepts a messaging-channel install when CLI ping is skipped', () => {
-    expect(
-      determineVerifyStatus({
-        ...healthyBase,
-        anyChannelConfigured: true,
-        agentPing: 'skipped',
-      }),
-    ).toBe('success');
-  });
-
-  it('fails when neither CLI nor messaging channels are usable', () => {
-    expect(
-      determineVerifyStatus({
-        ...healthyBase,
-        agentPing: 'skipped',
-      }),
-    ).toBe('failed');
-  });
-
-  it('fails when the CLI agent does not respond', () => {
-    expect(
-      determineVerifyStatus({
-        ...healthyBase,
-        anyChannelConfigured: true,
-        agentPing: 'no_reply',
-      }),
-    ).toBe('failed');
-  });
-
  it('fails when no agent groups are registered', () => {
    expect(
      determineVerifyStatus({
@@ -52,4 +21,22 @@ describe('determineVerifyStatus', () => {
      }),
    ).toBe('failed');
  });
+
+  it('fails when the service is not running', () => {
+    expect(
+      determineVerifyStatus({
+        ...healthyBase,
+        service: 'stopped',
+      }),
+    ).toBe('failed');
+  });
+
+  it('fails when credentials are missing', () => {
+    expect(
+      determineVerifyStatus({
+        ...healthyBase,
+        credentials: 'missing',
+      }),
+    ).toBe('failed');
+  });
 });
@@ -14,7 +14,6 @@ import Database from 'better-sqlite3';
 import { DATA_DIR } from '../src/config.js';
 import { readEnvFile } from '../src/env.js';
 import { log } from '../src/log.js';
-import { pingCliAgent, type PingResult } from './lib/agent-ping.js';
 import { getLaunchdLabel, getSystemdUnit } from '../src/install-slug.js';
 import {
  getPlatform,
@@ -33,11 +32,12 @@ export async function run(_args: string[]): Promise<void> {

  // 1. Check service status + detect checkout mismatch.
  //
-  // Why the mismatch matters: the host binds `<DATA_DIR>/cli.sock` relative
-  // to the project root it was started from. If the running service is from
-  // a sibling checkout (common for developers with multiple clones), this
-  // repo's `data/cli.sock` won't exist — AGENT_PING would return a
-  // misleading `socket_error`. Surface the mismatch directly instead.
+  // Why the mismatch matters: the host reads `<projectRoot>/data/v2.db` and
+  // binds `<DATA_DIR>/cli.sock` relative to the project root it was started
+  // from. If the running service is from a sibling checkout (common for
+  // developers with multiple clones), nothing in this checkout is actually
+  // wired up. Surface the mismatch directly so the user knows to point the
+  // service at the right folder.
  let service:
    | 'not_found'
    | 'stopped'
@@ -139,7 +139,7 @@ export async function run(_args: string[]): Promise<void> {
  const envFile = path.join(projectRoot, '.env');
  if (fs.existsSync(envFile)) {
    const envContent = fs.readFileSync(envFile, 'utf-8');
-    if (/^(CLAUDE_CODE_OAUTH_TOKEN|ANTHROPIC_API_KEY|ONECLI_URL)=/m.test(envContent)) {
+    if (/^(CLAUDE_CODE_OAUTH_TOKEN|ANTHROPIC_API_KEY|ANTHROPIC_AUTH_TOKEN|ONECLI_URL)=/m.test(envContent)) {
      credentials = 'configured';
    }
  }
@@ -186,7 +186,6 @@ export async function run(_args: string[]): Promise<void> {
  if (has('IMESSAGE_ENABLED')) channelAuth.imessage = 'configured';

  const configuredChannels = Object.keys(channelAuth);
-  const anyChannelConfigured = configuredChannels.length > 0;

  // 5. Check registered groups in v2 central DB (agent_groups + messaging_group_agents)
  let registeredGroups = 0;
@@ -218,23 +217,12 @@ export async function run(_args: string[]): Promise<void> {
    mountAllowlist = 'configured';
  }

-  // 7. End-to-end: ping the CLI agent and confirm it replies. Only run if
-  // everything upstream looks healthy, since a broken socket would just hang.
-  let agentPing: 'ok' | 'no_reply' | 'socket_error' | 'auth_error' | 'skipped' = 'skipped';
-  if (service === 'running' && registeredGroups > 0) {
-    log.info('Pinging CLI agent');
-    agentPing = await pingCliAgent();
-    log.info('Agent ping result', { agentPing });
-  }
-
-  // Determine overall status. A CLI-only install is valid when the local
-  // agent round-trip succeeds; messaging app credentials are optional.
+  // Determine overall status. The cli-agent step earlier in setup already
+  // proved the agent round-trip works; verify is a static health check.
  const status = determineVerifyStatus({
    service,
    credentials,
-    anyChannelConfigured,
    registeredGroups,
-    agentPing,
  });

  log.info('Verification complete', { status, channelAuth });
@@ -247,7 +235,6 @@ export async function run(_args: string[]): Promise<void> {
    CHANNEL_AUTH: JSON.stringify(channelAuth),
    REGISTERED_GROUPS: registeredGroups,
    MOUNT_ALLOWLIST: mountAllowlist,
-    AGENT_PING: agentPing,
    STATUS: status,
    LOG: 'logs/setup.log',
  });
@@ -258,18 +245,11 @@ export async function run(_args: string[]): Promise<void> {
 export function determineVerifyStatus(input: {
  service: 'not_found' | 'stopped' | 'running' | 'running_other_checkout';
  credentials: string;
-  anyChannelConfigured: boolean;
  registeredGroups: number;
-  agentPing: PingResult | 'skipped';
 }): 'success' | 'failed' {
-  const cliAgentResponds = input.agentPing === 'ok';
-  const hasUsableChannel = input.anyChannelConfigured || cliAgentResponds;
-
  return input.service === 'running' &&
    input.credentials !== 'missing' &&
-    hasUsableChannel &&
-    input.registeredGroups > 0 &&
-    (cliAgentResponds || input.agentPing === 'skipped')
+    input.registeredGroups > 0
    ? 'success'
    : 'failed';
 }
@@ -0,0 +1,71 @@
+import { describe, it, expect } from 'vitest';
+
+import { deriveAttachmentName, extForMime } from './attachment-naming.js';
+
+describe('extForMime', () => {
+  it('returns empty for undefined / non-string / empty', () => {
+    expect(extForMime(undefined)).toBe('');
+    expect(extForMime('')).toBe('');
+    expect(extForMime({})).toBe('');
+    expect(extForMime(null)).toBe('');
+    expect(extForMime(42)).toBe('');
+  });
+
+  it('maps common MIME types to canonical extensions', () => {
+    expect(extForMime('image/jpeg')).toBe('jpg');
+    expect(extForMime('application/pdf')).toBe('pdf');
+    expect(extForMime('audio/ogg')).toBe('ogg');
+  });
+
+  it('strips parameters and is case-insensitive', () => {
+    expect(extForMime('image/JPEG; foo=bar')).toBe('jpg');
+    expect(extForMime('  Application/PDF  ')).toBe('pdf');
+    expect(extForMime('text/plain; charset=utf-8')).toBe('txt');
+  });
+
+  it('returns empty for unknown MIMEs', () => {
+    expect(extForMime('application/octet-stream')).toBe('');
+    expect(extForMime('application/x-totally-made-up')).toBe('');
+  });
+});
+
+describe('deriveAttachmentName', () => {
+  it('returns explicit name when set, no derivation', () => {
+    expect(deriveAttachmentName({ name: 'photo.jpg', mimeType: 'application/pdf' })).toBe('photo.jpg');
+  });
+
+  it('ignores empty / non-string explicit name and falls through to derivation', () => {
+    const out = deriveAttachmentName({ name: '', mimeType: 'application/pdf' });
+    expect(out).toMatch(/^attachment-\d+\.pdf$/);
+
+    const out2 = deriveAttachmentName({ name: 42, mimeType: 'application/pdf' });
+    expect(out2).toMatch(/^attachment-\d+\.pdf$/);
+  });
+
+  it('derives extension from mimeType when no name', () => {
+    expect(deriveAttachmentName({ mimeType: 'application/pdf' })).toMatch(/^attachment-\d+\.pdf$/);
+    expect(deriveAttachmentName({ mimeType: 'image/jpeg' })).toMatch(/^attachment-\d+\.jpg$/);
+  });
+
+  it('falls back to att.type when mimeType is missing (Telegram photos/stickers)', () => {
+    expect(deriveAttachmentName({ type: 'photo' })).toMatch(/^attachment-\d+\.jpg$/);
+    expect(deriveAttachmentName({ type: 'sticker' })).toMatch(/^attachment-\d+\.webp$/);
+    expect(deriveAttachmentName({ type: 'voice' })).toMatch(/^attachment-\d+\.ogg$/);
+    expect(deriveAttachmentName({ type: 'animation' })).toMatch(/^attachment-\d+\.mp4$/);
+  });
+
+  it('case-insensitive att.type lookup', () => {
+    expect(deriveAttachmentName({ type: 'PHOTO' })).toMatch(/^attachment-\d+\.jpg$/);
+  });
+
+  it('returns bare timestamp when nothing matches', () => {
+    expect(deriveAttachmentName({})).toMatch(/^attachment-\d+$/);
+    expect(deriveAttachmentName({ mimeType: 'application/octet-stream' })).toMatch(/^attachment-\d+$/);
+    expect(deriveAttachmentName({ type: 'mystery-class' })).toMatch(/^attachment-\d+$/);
+  });
+
+  it('does not crash on non-string mimeType (defensive against buggy bridges)', () => {
+    expect(() => deriveAttachmentName({ mimeType: { foo: 'bar' } })).not.toThrow();
+    expect(deriveAttachmentName({ mimeType: { foo: 'bar' } })).toMatch(/^attachment-\d+$/);
+  });
+});
@@ -0,0 +1,69 @@
+/**
+ * Derive a safe, extensioned filename for inbound attachments when the
+ * channel bridge passes data without an explicit `name`.
+ *
+ * Two-step lookup:
+ *   1. `mimeType` → extension (Discord/Slack documents, Telegram document
+ *      uploads — channels that set the MIME but not a filename).
+ *   2. `att.type` → extension (Telegram photos/stickers/voice/animations —
+ *      coarse media-class set by the chat-sdk bridge with no MIME).
+ *
+ * Output is still passed through `isSafeAttachmentName` at the call site.
+ * The maps emit static values, so no derivation path can construct a
+ * traversal payload — only an attacker-controlled `att.name` can, and that
+ * goes through the safety guard unchanged.
+ */
+
+// Map common MIME types to canonical file extensions. Without an extension,
+// agents (and humans) can't tell what kind of file landed in the inbox, and
+// tools keyed on extension (image viewers, exiftool, etc.) misbehave.
+const MIME_TO_EXT: Record<string, string> = {
+  'image/jpeg': 'jpg',
+  'image/png': 'png',
+  'image/webp': 'webp',
+  'image/gif': 'gif',
+  'image/heic': 'heic',
+  'audio/ogg': 'ogg',
+  'audio/mpeg': 'mp3',
+  'audio/wav': 'wav',
+  'audio/mp4': 'm4a',
+  'video/mp4': 'mp4',
+  'video/webm': 'webm',
+  'video/quicktime': 'mov',
+  'application/pdf': 'pdf',
+  'text/plain': 'txt',
+  'application/json': 'json',
+  'application/zip': 'zip',
+};
+
+// Fallback when `mimeType` is missing — Telegram photos and stickers arrive
+// without an explicit MIME on the attachment object. The channel bridge sets
+// `att.type` to a coarse media-class (`photo` / `sticker` / `voice` / etc.)
+// which is reliable enough to derive a canonical extension. Telegram's GIFs
+// are actually MP4, hence `animation: 'mp4'`.
+const TYPE_TO_EXT: Record<string, string> = {
+  image: 'jpg',
+  photo: 'jpg',
+  sticker: 'webp',
+  voice: 'ogg',
+  audio: 'mp3',
+  video: 'mp4',
+  animation: 'mp4',
+};
+
+export function extForMime(mime: unknown): string {
+  if (typeof mime !== 'string' || !mime) return '';
+  const clean = mime.split(';')[0].trim().toLowerCase();
+  return MIME_TO_EXT[clean] ?? '';
+}
+
+export function deriveAttachmentName(att: Record<string, unknown>): string {
+  const explicit = att.name;
+  if (typeof explicit === 'string' && explicit) return explicit;
+  let ext = extForMime(att.mimeType);
+  if (!ext && typeof att.type === 'string') {
+    ext = TYPE_TO_EXT[att.type.toLowerCase()] ?? '';
+  }
+  const ts = Date.now();
+  return ext ? `attachment-${ts}.${ext}` : `attachment-${ts}`;
+}
@@ -135,6 +135,7 @@ export interface ChannelAdapter {
  // Optional
  setTyping?(platformId: string, threadId: string | null): Promise<void>;
  syncConversations?(): Promise<ConversationInfo[]>;
+  resolveChannelName?(platformId: string): Promise<string | null>;

  /**
   * Subscribe the bot to a thread so follow-up messages route via the
@@ -1,6 +1,6 @@
 import { describe, expect, it } from 'vitest';

-import type { Adapter } from 'chat';
+import type { Adapter, AdapterPostableMessage, RawMessage } from 'chat';

 import { createChatSdkBridge, splitForLimit } from './chat-sdk-bridge.js';

@@ -8,6 +8,20 @@ function stubAdapter(partial: Partial<Adapter>): Adapter {
  return { name: 'stub', ...partial } as unknown as Adapter;
 }

+interface PostCall {
+  threadId: string;
+  message: AdapterPostableMessage;
+}
+
+function makePostCapture() {
+  const calls: PostCall[] = [];
+  const postMessage = async (threadId: string, message: AdapterPostableMessage): Promise<RawMessage<unknown>> => {
+    calls.push({ threadId, message });
+    return { id: 'msg-stub', threadId, raw: {} };
+  };
+  return { calls, postMessage };
+}
+
 describe('splitForLimit', () => {
  it('returns a single chunk when text fits', () => {
    expect(splitForLimit('short text', 100)).toEqual(['short text']);
@@ -78,3 +92,116 @@ describe('createChatSdkBridge', () => {
    expect(typeof bridge.subscribe).toBe('function');
  });
 });
+
+describe('createChatSdkBridge.deliver — display cards (send_card)', () => {
+  // The send_card MCP tool writes outbound rows with `{ type: 'card', card, fallbackText }`.
+  // Before this branch existed the bridge silently dropped them: cards have no
+  // `text` / `markdown`, so the trailing fallback `if (text)` was false and the
+  // function returned without calling the adapter. These tests pin the contract
+  // for the dedicated card branch.
+
+  it('renders title, description, and string children, then posts via the adapter', async () => {
+    const { calls, postMessage } = makePostCapture();
+    const bridge = createChatSdkBridge({
+      adapter: stubAdapter({ postMessage }),
+      supportsThreads: false,
+    });
+    const id = await bridge.deliver('telegram:42', null, {
+      kind: 'chat-sdk',
+      content: {
+        type: 'card',
+        card: {
+          title: 'Daily',
+          description: 'Your plate today',
+          children: ['• item one', '• item two'],
+        },
+        fallbackText: 'Daily: your plate',
+      },
+    });
+    expect(id).toBe('msg-stub');
+    expect(calls).toHaveLength(1);
+    const msg = calls[0].message as { card?: unknown; fallbackText?: string };
+    expect(msg.fallbackText).toBe('Daily: your plate');
+    expect(msg.card).toBeDefined();
+  });
+
+  it('drops actions without url (send_card is fire-and-forget; non-URL buttons would have nowhere to land)', async () => {
+    const { calls, postMessage } = makePostCapture();
+    const bridge = createChatSdkBridge({
+      adapter: stubAdapter({ postMessage }),
+      supportsThreads: false,
+    });
+    await bridge.deliver('discord:guild:chan', null, {
+      kind: 'chat-sdk',
+      content: {
+        type: 'card',
+        card: {
+          title: 'Card',
+          description: 'has only label-only actions',
+          actions: [{ label: 'Add' }, { label: 'Skip' }],
+        },
+      },
+    });
+    expect(calls).toHaveLength(1);
+    // Cast through the public Card shape to read the children we set
+    const msg = calls[0].message as { card?: { children?: Array<{ type?: string }> } };
+    const childTypes = (msg.card?.children ?? []).map((c) => c.type);
+    expect(childTypes).not.toContain('actions');
+  });
+
+  it('renders url actions as link buttons inside an Actions row', async () => {
+    const { calls, postMessage } = makePostCapture();
+    const bridge = createChatSdkBridge({
+      adapter: stubAdapter({ postMessage }),
+      supportsThreads: false,
+    });
+    await bridge.deliver('discord:guild:chan', null, {
+      kind: 'chat-sdk',
+      content: {
+        type: 'card',
+        card: {
+          title: 'Docs',
+          actions: [{ label: 'Open', url: 'https://example.com' }, { label: 'No-link' }],
+        },
+      },
+    });
+    const msg = calls[0].message as {
+      card?: { children?: Array<{ type?: string; children?: Array<{ type?: string; url?: string }> }> };
+    };
+    const actionsRow = msg.card?.children?.find((c) => c.type === 'actions');
+    expect(actionsRow).toBeDefined();
+    const buttons = actionsRow?.children ?? [];
+    expect(buttons).toHaveLength(1);
+    expect(buttons[0].type).toBe('link-button');
+    expect(buttons[0].url).toBe('https://example.com');
+  });
+
+  it('skips delivery when the card has neither title nor body content', async () => {
+    const { calls, postMessage } = makePostCapture();
+    const bridge = createChatSdkBridge({
+      adapter: stubAdapter({ postMessage }),
+      supportsThreads: false,
+    });
+    const id = await bridge.deliver('telegram:42', null, {
+      kind: 'chat-sdk',
+      content: { type: 'card', card: {} },
+    });
+    expect(id).toBeUndefined();
+    expect(calls).toHaveLength(0);
+  });
+
+  it('falls through to the text branch for non-card chat-sdk payloads (no regression)', async () => {
+    const { calls, postMessage } = makePostCapture();
+    const bridge = createChatSdkBridge({
+      adapter: stubAdapter({ postMessage }),
+      supportsThreads: false,
+    });
+    await bridge.deliver('telegram:42', null, {
+      kind: 'chat-sdk',
+      content: { text: 'plain hello' },
+    });
+    expect(calls).toHaveLength(1);
+    const msg = calls[0].message as { markdown?: string };
+    expect(msg.markdown).toBe('plain hello');
+  });
+});
@@ -12,6 +12,8 @@ import {
  CardText,
  Actions,
  Button,
+  LinkButton,
+  type CardChild,
  type Adapter,
  type ConcurrencyStrategy,
  type Message as ChatMessage,
@@ -253,12 +255,12 @@ export function createChatSdkBridge(config: ChatSdkBridgeConfig): ChannelAdapter
      // Chat SDK dispatch (handling-events.mdx §"Handler dispatch order") is
      // exclusive: subscribed → onSubscribedMessage; unsubscribed+mention →
      // onNewMention; unsubscribed+pattern-match → onNewMessage. Registering
-      // with `/./` lets the router see every plain message on every
-      // unsubscribed thread the bot can see. The router short-circuits via
+      // with `/[\s\S]*/` lets the router see every plain message (including
+      // media-only messages with empty text) on every unsubscribed thread the
      // getMessagingGroupWithAgentCount (~1 DB read) for unwired channels,
      // so forwarding every one is cheap enough to not need a bridge-side
      // flood gate.
-      chat.onNewMessage(/./, async (thread, message) => {
+      chat.onNewMessage(/[\s\S]*/, async (thread, message) => {
        const channelId = adapter.channelIdFromThreadId(thread.id);
        await setupConfig.onInbound(channelId, thread.id, await messageToInbound(message, false, true));
      });
@@ -399,6 +401,59 @@ export function createChatSdkBridge(config: ChatSdkBridgeConfig): ChannelAdapter
        return result?.id;
      }

+      // Display card (send_card MCP tool) — returns immediately, no callback flow.
+      // Non-URL actions are dropped: send_card's contract is fire-and-forget, so a
+      // callback button would have nowhere to land. URL actions render as link buttons.
+      if (content.type === 'card' && content.card && typeof content.card === 'object') {
+        const cardSpec = content.card as Record<string, unknown>;
+        const title = (cardSpec.title as string) || '';
+        const fallbackText = (content.fallbackText as string) || (cardSpec.description as string) || title || '';
+
+        const cardChildren: CardChild[] = [];
+        if (typeof cardSpec.description === 'string' && cardSpec.description) {
+          cardChildren.push(CardText(cardSpec.description));
+        }
+        if (Array.isArray(cardSpec.children)) {
+          for (const child of cardSpec.children) {
+            if (typeof child === 'string' && child) {
+              cardChildren.push(CardText(child));
+            } else if (
+              child &&
+              typeof child === 'object' &&
+              typeof (child as Record<string, unknown>).text === 'string'
+            ) {
+              cardChildren.push(CardText((child as Record<string, string>).text));
+            }
+          }
+        }
+        if (Array.isArray(cardSpec.actions)) {
+          const linkButtons = (cardSpec.actions as Array<Record<string, unknown>>)
+            .filter((a) => typeof a.url === 'string' && a.url && typeof a.label === 'string' && a.label)
+            .map((a) => {
+              const style = a.style;
+              const safeStyle: 'primary' | 'danger' | 'default' | undefined =
+                style === 'primary' || style === 'danger' || style === 'default' ? style : undefined;
+              return LinkButton({
+                label: a.label as string,
+                url: a.url as string,
+                style: safeStyle,
+              });
+            });
+          if (linkButtons.length > 0) {
+            cardChildren.push(Actions(linkButtons));
+          }
+        }
+
+        if (cardChildren.length === 0 && !title) {
+          log.warn('send_card payload empty, skipping delivery');
+          return;
+        }
+
+        const card = Card({ title, children: cardChildren });
+        const result = await adapter.postMessage(tid, { card, fallbackText });
+        return result?.id;
+      }
+
      // Normal message
      const rawText = (content.markdown as string) || (content.text as string);
      const text = rawText ? transformText(rawText) : rawText;
@@ -0,0 +1,197 @@
+/**
+ * Unit tests for the startup circuit breaker.
+ *
+ * Covers state transitions, the documented backoff schedule, and the
+ * fresh-install case where DATA_DIR doesn't exist yet (the breaker runs
+ * before initDb, so it has to create the dir itself).
+ */
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+
+// vi.mock factories are hoisted above imports, so they can't close over local
+// consts. vi.hoisted is hoisted alongside the mock and runs before any
+// `import` — so it can only use globals (no path/os modules). Use require()
+// inside the callback to compute the test dir.
+const { TEST_DIR } = vi.hoisted(() => {
+  const nodePath = require('path') as typeof import('path');
+  const nodeOs = require('os') as typeof import('os');
+  return { TEST_DIR: nodePath.join(nodeOs.tmpdir(), 'nanoclaw-cb-test') };
+});
+const CB_PATH = path.join(TEST_DIR, 'circuit-breaker.json');
+
+vi.mock('./config.js', async () => {
+  const actual = await vi.importActual<typeof import('./config.js')>('./config.js');
+  return { ...actual, DATA_DIR: TEST_DIR };
+});
+
+vi.mock('./log.js', () => ({
+  log: {
+    debug: vi.fn(),
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    fatal: vi.fn(),
+  },
+}));
+
+import { enforceStartupBackoff, resetCircuitBreaker } from './circuit-breaker.js';
+
+function readState(): { attempt: number; timestamp: string } {
+  return JSON.parse(fs.readFileSync(CB_PATH, 'utf-8'));
+}
+
+function seedState(attempt: number, timestamp = new Date().toISOString()): void {
+  fs.writeFileSync(CB_PATH, JSON.stringify({ attempt, timestamp }));
+}
+
+beforeEach(() => {
+  if (fs.existsSync(TEST_DIR)) fs.rmSync(TEST_DIR, { recursive: true });
+  fs.mkdirSync(TEST_DIR, { recursive: true });
+});
+
+afterEach(() => {
+  vi.useRealTimers();
+  if (fs.existsSync(TEST_DIR)) fs.rmSync(TEST_DIR, { recursive: true });
+});
+
+describe('resetCircuitBreaker', () => {
+  it('deletes the state file', () => {
+    seedState(3);
+    expect(fs.existsSync(CB_PATH)).toBe(true);
+    resetCircuitBreaker();
+    expect(fs.existsSync(CB_PATH)).toBe(false);
+  });
+
+  it('is a no-op when the file does not exist', () => {
+    expect(fs.existsSync(CB_PATH)).toBe(false);
+    expect(() => resetCircuitBreaker()).not.toThrow();
+  });
+});
+
+describe('enforceStartupBackoff — state transitions', () => {
+  it('first run writes attempt=1 and does not delay', async () => {
+    vi.useFakeTimers();
+    const start = Date.now();
+    await enforceStartupBackoff();
+    // No timers should have been queued — clean first start is 0s.
+    expect(Date.now() - start).toBe(0);
+    expect(readState().attempt).toBe(1);
+  });
+
+  it('within reset window, attempt is incremented', async () => {
+    seedState(1);
+    vi.useFakeTimers();
+    const promise = enforceStartupBackoff();
+    await vi.runAllTimersAsync();
+    await promise;
+    expect(readState().attempt).toBe(2);
+  });
+
+  it('outside reset window (>1h), attempt resets to 1', async () => {
+    const longAgo = new Date(Date.now() - 2 * 60 * 60 * 1000).toISOString();
+    seedState(5, longAgo);
+    await enforceStartupBackoff();
+    expect(readState().attempt).toBe(1);
+  });
+
+  it('exactly at the reset window boundary still counts as "within"', async () => {
+    // RESET_WINDOW_MS = 60min. Use 59min59s to stay inside even if the test
+    // takes a few ms to execute.
+    const justInside = new Date(Date.now() - (60 * 60 * 1000 - 1000)).toISOString();
+    seedState(2, justInside);
+    vi.useFakeTimers();
+    const promise = enforceStartupBackoff();
+    await vi.runAllTimersAsync();
+    await promise;
+    expect(readState().attempt).toBe(3);
+  });
+
+  it('treats a malformed state file as no prior state', async () => {
+    fs.writeFileSync(CB_PATH, '{ this is not json');
+    await enforceStartupBackoff();
+    expect(readState().attempt).toBe(1);
+  });
+
+  it('resetCircuitBreaker after a startup actually clears the counter for the next startup', async () => {
+    // Simulate: crash, restart (attempt=2), graceful shutdown, restart again.
+    seedState(1);
+    vi.useFakeTimers();
+    const p1 = enforceStartupBackoff();
+    await vi.runAllTimersAsync();
+    await p1;
+    expect(readState().attempt).toBe(2);
+
+    resetCircuitBreaker();
+    expect(fs.existsSync(CB_PATH)).toBe(false);
+
+    await enforceStartupBackoff();
+    expect(readState().attempt).toBe(1);
+  });
+});
+
+describe('enforceStartupBackoff — backoff schedule', () => {
+  /**
+   * Documented schedule:
+   *
+   *   clean start → 1 crash → 2 crash → 3 crash → 4 crash → 5 crash → 6+ crash
+   *      0s    →    0s    →   10s   →   30s   →   2min  →   5min  →   15min cap
+   *
+   * Each row is [priorAttempt seeded in the file, expected delay this run
+   * produces in seconds]. priorAttempt=null = no file = very first start.
+   *
+   * To assert the *requested* delay (not just observed elapsed real time),
+   * we spy on global.setTimeout and look at the longest call. runAllTimersAsync
+   * lets the function complete so we can move on.
+   */
+  const cases: Array<{ label: string; priorAttempt: number | null; expectedDelaySec: number }> = [
+    { label: 'clean first start (no file)', priorAttempt: null, expectedDelaySec: 0 },
+    { label: 'first crash (attempt=2)', priorAttempt: 1, expectedDelaySec: 0 },
+    { label: 'second crash (attempt=3)', priorAttempt: 2, expectedDelaySec: 10 },
+    { label: 'third crash (attempt=4)', priorAttempt: 3, expectedDelaySec: 30 },
+    { label: 'fourth crash (attempt=5)', priorAttempt: 4, expectedDelaySec: 120 },
+    { label: 'fifth crash (attempt=6)', priorAttempt: 5, expectedDelaySec: 300 },
+    { label: 'sixth crash (attempt=7) — cap', priorAttempt: 6, expectedDelaySec: 900 },
+    { label: 'far past cap (attempt=20)', priorAttempt: 19, expectedDelaySec: 900 },
+  ];
+
+  for (const { label, priorAttempt, expectedDelaySec } of cases) {
+    it(`${label}: delays ${expectedDelaySec}s`, async () => {
+      if (priorAttempt !== null) seedState(priorAttempt);
+
+      vi.useFakeTimers();
+      const setTimeoutSpy = vi.spyOn(global, 'setTimeout');
+
+      const promise = enforceStartupBackoff();
+      await vi.runAllTimersAsync();
+      await promise;
+
+      // enforceStartupBackoff only calls setTimeout when delaySec > 0. Pick
+      // the longest delay it requested (vitest may queue small internal
+      // timers we don't care about).
+      const requestedDelays = setTimeoutSpy.mock.calls.map((c) => c[1] ?? 0);
+      const maxDelayMs = requestedDelays.length ? Math.max(...requestedDelays) : 0;
+
+      expect(maxDelayMs).toBe(expectedDelaySec * 1000);
+    });
+  }
+});
+
+describe('enforceStartupBackoff — fresh install (DATA_DIR missing)', () => {
+  /**
+   * The breaker runs before initDb (which is what creates DATA_DIR). On a
+   * fresh checkout the dir doesn't exist yet, so write() must create it
+   * before writing the state file — otherwise the host crashes on its very
+   * first start.
+   */
+  it('creates DATA_DIR on demand and does not throw', async () => {
+    fs.rmSync(TEST_DIR, { recursive: true });
+    expect(fs.existsSync(TEST_DIR)).toBe(false);
+
+    await expect(enforceStartupBackoff()).resolves.toBeUndefined();
+    expect(fs.existsSync(TEST_DIR)).toBe(true);
+    expect(fs.existsSync(CB_PATH)).toBe(true);
+    expect(readState().attempt).toBe(1);
+  });
+});
@@ -0,0 +1,84 @@
+import fs from 'fs';
+import path from 'path';
+
+import { DATA_DIR } from './config.js';
+import { log } from './log.js';
+
+const CB_PATH = path.join(DATA_DIR, 'circuit-breaker.json');
+const RESET_WINDOW_MS = 60 * 60 * 1000; // 1 hour
+// Index = number of consecutive crashes (0 = clean start, attempt 1).
+// 6+ crashes capped at 15min.
+const BACKOFF_SCHEDULE_S = [0, 0, 10, 30, 120, 300, 900];
+
+interface CircuitBreakerState {
+  attempt: number;
+  timestamp: string;
+}
+
+function read(): CircuitBreakerState | null {
+  try {
+    const raw = fs.readFileSync(CB_PATH, 'utf-8');
+    return JSON.parse(raw) as CircuitBreakerState;
+  } catch {
+    return null;
+  }
+}
+
+function write(state: CircuitBreakerState): void {
+  // The breaker runs before initDb (which is what creates DATA_DIR), so on a
+  // fresh checkout the dir may not exist yet.
+  fs.mkdirSync(DATA_DIR, { recursive: true });
+  fs.writeFileSync(CB_PATH, JSON.stringify(state, null, 2) + '\n');
+}
+
+function getDelay(attempt: number): number {
+  const idx = Math.min(attempt - 1, BACKOFF_SCHEDULE_S.length - 1);
+  return BACKOFF_SCHEDULE_S[idx];
+}
+
+export function resetCircuitBreaker(): void {
+  try {
+    fs.unlinkSync(CB_PATH);
+    log.info('Circuit breaker reset on clean shutdown');
+  } catch {}
+}
+
+export async function enforceStartupBackoff(): Promise<void> {
+  const now = new Date();
+  const prev = read();
+
+  let attempt: number;
+  if (!prev) {
+    attempt = 1;
+  } else {
+    const elapsedMs = now.getTime() - new Date(prev.timestamp).getTime();
+    if (elapsedMs < RESET_WINDOW_MS) {
+      attempt = prev.attempt + 1;
+      log.warn('Previous startup was not a clean shutdown', {
+        previousAttempt: prev.attempt,
+        previousTimestamp: prev.timestamp,
+        elapsedSec: Math.round(elapsedMs / 1000),
+      });
+    } else {
+      attempt = 1;
+      log.info('Circuit breaker reset — last startup was over 1h ago', {
+        previousAttempt: prev.attempt,
+        previousTimestamp: prev.timestamp,
+      });
+    }
+  }
+
+  write({ attempt, timestamp: now.toISOString() });
+
+  const delaySec = getDelay(attempt);
+  if (delaySec > 0) {
+    const resumeAt = new Date(now.getTime() + delaySec * 1000).toISOString();
+    log.warn('Circuit breaker: delaying startup due to repeated crashes', {
+      attempt,
+      delaySec,
+      resumeAt,
+    });
+    await new Promise((resolve) => setTimeout(resolve, delaySec * 1000));
+    log.info('Circuit breaker: backoff complete, resuming startup', { attempt });
+  }
+}
@@ -58,7 +58,7 @@ const activeContainers = new Map<string, { process: ChildProcess; containerName:
 * a duplicate container against the same session directory, producing
 * racy double-replies.
 */
-const wakePromises = new Map<string, Promise<void>>();
+const wakePromises = new Map<string, Promise<boolean>>();

 export function getActiveContainerCount(): number {
  return activeContainers.size;
@@ -73,20 +73,32 @@ export function isContainerRunning(sessionId: string): boolean {
 * (the in-flight wake promise is reused).
 *
 * The container runs the v2 agent-runner which polls the session DB.
+ *
+ * Contract: never throws. Returns `true` on successful spawn, `false` on
+ * transient spawn failure (e.g. OneCLI gateway unreachable). Callers don't
+ * need to wrap — the inbound row stays pending and host-sweep retries on
+ * its next tick. Callers that care (e.g. the router's typing indicator)
+ * can branch on the boolean.
 */
-export function wakeContainer(session: Session): Promise<void> {
+export function wakeContainer(session: Session): Promise<boolean> {
  if (activeContainers.has(session.id)) {
    log.debug('Container already running', { sessionId: session.id });
-    return Promise.resolve();
+    return Promise.resolve(true);
  }
  const existing = wakePromises.get(session.id);
  if (existing) {
    log.debug('Container wake already in-flight — joining existing promise', { sessionId: session.id });
    return existing;
  }
-  const promise = spawnContainer(session).finally(() => {
-    wakePromises.delete(session.id);
-  });
+  const promise = spawnContainer(session)
+    .then(() => true)
+    .catch((err) => {
+      log.warn('wakeContainer failed — host-sweep will retry', { sessionId: session.id, err });
+      return false;
+    })
+    .finally(() => {
+      wakePromises.delete(session.id);
+    });
  wakePromises.set(session.id, promise);
  return promise;
 }
@@ -435,20 +447,18 @@ async function buildContainerArgs(
  }

  // OneCLI gateway — injects HTTPS_PROXY + certs so container API calls
-  // are routed through the agent vault for credential injection.
-  try {
-    if (agentIdentifier) {
-      await onecli.ensureAgent({ name: agentGroup.name, identifier: agentIdentifier });
-    }
-    const onecliApplied = await onecli.applyContainerConfig(args, { addHostMapping: false, agent: agentIdentifier });
-    if (onecliApplied) {
-      log.info('OneCLI gateway applied', { containerName });
-    } else {
-      log.warn('OneCLI gateway not applied — container will have no credentials', { containerName });
-    }
-  } catch (err) {
-    log.warn('OneCLI gateway error — container will have no credentials', { containerName, err });
+  // are routed through the agent vault for credential injection. Treated as
+  // a transient hard failure: if we can't wire the gateway, we don't spawn.
+  // The caller (router or host-sweep) catches the throw, leaves the inbound
+  // message pending, and the next sweep tick retries.
+  if (agentIdentifier) {
+    await onecli.ensureAgent({ name: agentGroup.name, identifier: agentIdentifier });
  }
+  const onecliApplied = await onecli.applyContainerConfig(args, { addHostMapping: false, agent: agentIdentifier });
+  if (!onecliApplied) {
+    throw new Error('OneCLI gateway not applied — refusing to spawn container without credentials');
+  }
+  log.info('OneCLI gateway applied', { containerName });

  // Host gateway
  args.push(...hostGatewayArgs());
@@ -32,6 +32,14 @@ export function openOutboundDb(dbPath: string): Database.Database {
  return db;
 }

+/** Open the outbound DB for a session with write access. Only safe to call when no container is running. */
+export function openOutboundDbRw(dbPath: string): Database.Database {
+  const db = new Database(dbPath);
+  db.pragma('journal_mode = DELETE');
+  db.pragma('busy_timeout = 5000');
+  return db;
+}
+
 export function upsertSessionRouting(
  db: Database.Database,
  routing: { channel_type: string | null; platform_id: string | null; thread_id: string | null },
@@ -180,6 +188,19 @@ export function getProcessingClaims(outDb: Database.Database): ProcessingClaim[]
    .all() as ProcessingClaim[];
 }

+/**
+ * Delete orphan 'processing' rows. Called by the host after killing a
+ * container so the leftover claim doesn't trip claim-stuck on the next sweep
+ * tick (which would kill the freshly respawned container before its
+ * agent-runner can run its own startup cleanup).
+ *
+ * Safe because the host only writes to outbound.db when no container is
+ * running (we just killed it). Returns the number of rows deleted.
+ */
+export function deleteOrphanProcessingClaims(outDb: Database.Database): number {
+  return outDb.prepare("DELETE FROM processing_ack WHERE status = 'processing'").run().changes;
+}
+
 export interface ContainerState {
  current_tool: string | null;
  tool_declared_timeout_ms: number | null;
@@ -23,6 +23,8 @@ import {
  sessionDir,
  inboundDbPath,
  outboundDbPath,
+  readOutboxFiles,
+  clearOutbox,
 } from './session-manager.js';
 import { getSession, findSession } from './db/sessions.js';
 import type { InboundEvent } from './channels/adapter.js';
@@ -108,6 +110,147 @@ describe('session manager', () => {
    outDb.close();
  });

+  it('should reject outbound attachment filenames that escape the message outbox', () => {
+    initSessionFolder('ag-1', 'sess-test');
+    const dir = sessionDir('ag-1', 'sess-test');
+    const msgOutbox = path.join(dir, 'outbox', 'msg-1');
+    fs.mkdirSync(msgOutbox, { recursive: true });
+
+    const outside = path.join(TEST_DIR, 'outside.txt');
+    fs.writeFileSync(outside, 'outside secret');
+
+    expect(readOutboxFiles('ag-1', 'sess-test', 'msg-1', ['../../../../../outside.txt'])).toBeUndefined();
+  });
+
+  it('should reject outbound attachment symlinks that escape the message outbox', () => {
+    initSessionFolder('ag-1', 'sess-test');
+    const dir = sessionDir('ag-1', 'sess-test');
+    const msgOutbox = path.join(dir, 'outbox', 'msg-1');
+    fs.mkdirSync(msgOutbox, { recursive: true });
+
+    const outside = path.join(TEST_DIR, 'outside.txt');
+    fs.writeFileSync(outside, 'outside secret');
+    fs.symlinkSync('../../../../../outside.txt', path.join(msgOutbox, 'safe-name.txt'));
+
+    expect(readOutboxFiles('ag-1', 'sess-test', 'msg-1', ['safe-name.txt'])).toBeUndefined();
+  });
+
+  it('should not recursively delete outside the outbox for unsafe message ids', () => {
+    initSessionFolder('ag-1', 'sess-test');
+    const victimDir = path.join(TEST_DIR, 'victim-dir');
+    fs.mkdirSync(victimDir, { recursive: true });
+    fs.writeFileSync(path.join(victimDir, 'keep.txt'), 'do not delete');
+
+    clearOutbox('ag-1', 'sess-test', '../../../../victim-dir');
+
+    expect(fs.existsSync(path.join(victimDir, 'keep.txt'))).toBe(true);
+  });
+
+  it('should still read and clear normal basename outbox files', () => {
+    initSessionFolder('ag-1', 'sess-test');
+    const dir = sessionDir('ag-1', 'sess-test');
+    const msgOutbox = path.join(dir, 'outbox', 'msg-1');
+    fs.mkdirSync(msgOutbox, { recursive: true });
+    fs.writeFileSync(path.join(msgOutbox, 'result.txt'), 'ok');
+
+    const files = readOutboxFiles('ag-1', 'sess-test', 'msg-1', ['result.txt']);
+    expect(files).toHaveLength(1);
+    expect(files?.[0]?.filename).toBe('result.txt');
+    expect(files?.[0]?.data.toString()).toBe('ok');
+
+    clearOutbox('ag-1', 'sess-test', 'msg-1');
+    expect(fs.existsSync(msgOutbox)).toBe(false);
+  });
+
+  it('should reject inbound attachment writes through a pre-placed symlinked inbox dir', () => {
+    initSessionFolder('ag-1', 'sess-test');
+    const { session } = resolveSession('ag-1', 'mg-1', null, 'shared');
+
+    // The container has /workspace write access, so it can pre create
+    // inbox/<msgId> as a symlink to escape.
+    const inboxRoot = path.join(sessionDir('ag-1', session.id), 'inbox');
+    fs.mkdirSync(inboxRoot, { recursive: true });
+    const evilTarget = path.join(TEST_DIR, 'evil-target');
+    fs.mkdirSync(evilTarget, { recursive: true });
+    fs.symlinkSync(evilTarget, path.join(inboxRoot, 'msg-evil'));
+
+    writeSessionMessage('ag-1', session.id, {
+      id: 'msg-evil',
+      kind: 'chat',
+      timestamp: now(),
+      content: JSON.stringify({
+        text: 'evil',
+        attachments: [{ name: 'photo.png', data: Buffer.from('PNGBYTES').toString('base64'), size: 8 }],
+      }),
+    });
+
+    expect(fs.existsSync(path.join(evilTarget, 'photo.png'))).toBe(false);
+  });
+
+  it('should refuse to follow a pre-existing symlink at the inbound attachment path', () => {
+    initSessionFolder('ag-1', 'sess-test');
+    const { session } = resolveSession('ag-1', 'mg-1', null, 'shared');
+
+    // The container pre creates inbox/<msgId>/photo.png as a symlink to a
+    // host file. Without the wx flag, writeFileSync would follow it.
+    const inboxDir = path.join(sessionDir('ag-1', session.id), 'inbox', 'msg-sym');
+    fs.mkdirSync(inboxDir, { recursive: true });
+    const outside = path.join(TEST_DIR, 'outside.txt');
+    fs.writeFileSync(outside, 'ORIGINAL');
+    fs.symlinkSync(outside, path.join(inboxDir, 'photo.png'));
+
+    writeSessionMessage('ag-1', session.id, {
+      id: 'msg-sym',
+      kind: 'chat',
+      timestamp: now(),
+      content: JSON.stringify({
+        text: 'sym',
+        attachments: [{ name: 'photo.png', data: Buffer.from('PNGBYTES').toString('base64'), size: 8 }],
+      }),
+    });
+
+    expect(fs.readFileSync(outside, 'utf-8')).toBe('ORIGINAL');
+  });
+
+  it('should reject inbound attachments when messageId is unsafe', () => {
+    initSessionFolder('ag-1', 'sess-test');
+    const { session } = resolveSession('ag-1', 'mg-1', null, 'shared');
+
+    writeSessionMessage('ag-1', session.id, {
+      id: '../../escape',
+      kind: 'chat',
+      timestamp: now(),
+      content: JSON.stringify({
+        text: 'msgid',
+        attachments: [{ name: 'photo.png', data: Buffer.from('PNGBYTES').toString('base64'), size: 8 }],
+      }),
+    });
+
+    const inboxRoot = path.join(sessionDir('ag-1', session.id), 'inbox');
+    if (fs.existsSync(inboxRoot)) {
+      expect(fs.readdirSync(inboxRoot)).toEqual([]);
+    }
+  });
+
+  it('should still save inbound attachments with safe basenames', () => {
+    initSessionFolder('ag-1', 'sess-test');
+    const { session } = resolveSession('ag-1', 'mg-1', null, 'shared');
+
+    writeSessionMessage('ag-1', session.id, {
+      id: 'msg-ok',
+      kind: 'chat',
+      timestamp: now(),
+      content: JSON.stringify({
+        text: 'ok',
+        attachments: [{ name: 'photo.png', data: Buffer.from('PNGBYTES').toString('base64'), size: 8 }],
+      }),
+    });
+
+    const expected = path.join(sessionDir('ag-1', session.id), 'inbox', 'msg-ok', 'photo.png');
+    expect(fs.existsSync(expected)).toBe(true);
+    expect(fs.readFileSync(expected, 'utf-8')).toBe('PNGBYTES');
+  });
+
  it('should resolve to existing session (shared mode)', () => {
    const { session: s1, created: c1 } = resolveSession('ag-1', 'mg-1', null, 'shared');
    expect(c1).toBe(true);
--- a/Show More
+++ b/Show More