feat: 接入内建 weixin channel(同 #301 重构版本) (#303 )

* feat: 接入 weixin 服务层与命令入口 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * feat: 注册内建 weixin channel 插件 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 修正 channel permission relay 路由与能力判定 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 修复 builtin channel 的 ChannelsNotice 误报 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * docs: 补充内建 weixin channel 使用说明 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * docs: 更新微信 channel 接入计划状态 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 延迟加载 weixin 登录二维码依赖 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 改用 qrcode 生成 weixin 登录二维码 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 修正 vite 构建的 Windows 路径解析 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * chore: 删除临时规划文档 wx_channel.md 并还原 package.json 排序 wx_channel.md 内容已整合到 docs/features/channels.md，不再需要。 package.json 中 @ant/model-provider 位置从原始位置被无意移动，还原。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: 将 weixin 模块从 src/ 迁移至 packages/weixin 工作区包将 src/services/weixin/ 中的纯业务逻辑迁入 @claude-code-best/weixin workspace 包，降低 src/ 耦合度。仅保留 server.ts 作为薄适配层。 - 迁移 7 个无修改的纯模块 (types/api/accounts/login/pairing/media/send) - monitor.ts 内联 PERMISSION_REPLY_RE 正则，解除对 src/ 的依赖 - permissions.ts 本地定义 ChannelPermissionRequestParams 接口 - cli.ts 拆分：serve 子命令通过回调注入，login/access 保留在包内 - server.ts 重写为从 @claude-code-best/weixin 导入 - 新增 cli-serve.ts 作为 serve 入口薄壳 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: 修正 weixin barrel export 中 interface 的导出方式 ChannelPermissionRequestParams 是纯类型，必须用 export type 导出，否则 Bun 运行时会报 "export not found" 错误。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: 将 server.ts 迁入 packages/weixin，彻底移除 src/services/weixin/ 通过依赖注入（WeixinServerDeps）解耦 src/ 依赖（analytics、config、 MCP channel schema），server.ts 完全移入包内。cli.tsx 入口处一次性注入所有依赖。 src/services/weixin/ 目录已完全删除。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: 修复 markdownToPlainText 中代码块正则的 ReDoS 风险用非正则的线性扫描替代 \`\`\`[\s\S]*?\n([\s\S]*?)\`\`\` 匹配，避免在含有大量重复 \`\`\` 序列的输入上触发多项式回溯。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: 1111 <11111@asd.c> Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
docs: 更新 discord 地址
2026-06-19 14:55:50 +00:00 · 2026-04-19 21:33:27 +08:00 · 2026-04-19 21:21:04 +08:00 · 2026-04-19 21:18:18 +08:00 · 2026-04-19 13:04:09 +08:00 · 2026-04-19 12:34:51 +08:00
31 changed files with 1507 additions and 134 deletions
--- a/.githooks/pre-commit
+++ b/.githooks/pre-commit
@@ -1,22 +0,0 @@
-#!/bin/sh
-# pre-commit hook: 对暂存的文件运行 Biome 检查
-# 仅检查 src/ 下的 .ts/.tsx/.js/.jsx 文件
-
-STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '^src/.*\.(ts|tsx|js|jsx)$')
-
-if [ -z "$STAGED_FILES" ]; then
-  exit 0
-fi
-
-echo "Running Biome lint on staged files..."
-
-# 使用 biome lint 对暂存文件进行检查（仅 lint，不格式化，不自动修复）
-echo "$STAGED_FILES" | xargs bunx biome lint --no-errors-on-unmatched
-
-if [ $? -ne 0 ]; then
-  echo ""
-  echo "Biome lint failed. Fix errors or use --no-verify to bypass."
-  exit 1
-fi
-
-exit 0
--- a/README.md
+++ b/README.md
@@ -6,13 +6,13 @@
 [![GitHub License](https://img.shields.io/github/license/claude-code-best/claude-code?style=flat-square)](https://github.com/claude-code-best/claude-code/blob/main/LICENSE)
 [![Last Commit](https://img.shields.io/github/last-commit/claude-code-best/claude-code?style=flat-square&color=blue)](https://github.com/claude-code-best/claude-code/commits/main)
 [![Bun](https://img.shields.io/badge/runtime-Bun-black?style=flat-square&logo=bun)](https://bun.sh/)
-[![Discord](https://img.shields.io/badge/Discord-Join-5865F2?style=flat-square&logo=discord)](https://discord.gg/qZU6zS7Q)
+[![Discord](https://img.shields.io/badge/Discord-Join-5865F2?style=flat-square&logo=discord)](https://discord.gg/uApuzJWGKX)

 > Which Claude do you like? The open source one is the best.

 牢 A (Anthropic) 官方 [Claude Code](https://docs.anthropic.com/en/docs/claude-code) CLI 工具的源码反编译/逆向还原项目。目标是将 Claude Code 大部分功能及工程化能力复现 (问就是老佛爷已经付过钱了)。虽然很难绷, 但是它叫做 CCB(踩踩背)... 而且, 我们实现了企业版或者需要登陆 Claude 账号才能使用的特性, 实现技术普惠

-[文档在这里, 支持投稿 PR](https://ccb.agent-aura.top/) | [留影文档在这里](./Friends.md) | [Discord 群组](https://discord.gg/qZU6zS7Q)
+[文档在这里, 支持投稿 PR](https://ccb.agent-aura.top/) | [留影文档在这里](./Friends.md) | [Discord 群组](https://discord.gg/uApuzJWGKX)

 | 特性 | 说明 | 文档 |
 |------|------|------|
--- a/bun.lock
+++ b/bun.lock
@@ -195,9 +195,10 @@
    },
    "packages/acp-link": {
      "name": "acp-link",
-      "version": "1.0.1",
+      "version": "1.1.0",
      "bin": {
        "acp-link": "dist/cli/bin.js",
+        "acp-manager": "dist/manager/bin.js",
      },
      "dependencies": {
        "@agentclientprotocol/sdk": "^0.19.0",
@@ -211,6 +212,7 @@
        "selfsigned": "^5.5.0",
      },
      "devDependencies": {
+        "@types/bun": "^1.3.12",
        "@types/selfsigned": "^2.0.4",
        "@types/ws": "^8.18.1",
      },
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "claude-code-best",
-  "version": "1.4.4",
+  "version": "1.5.0",
  "description": "Reverse-engineered Anthropic Claude Code CLI — interactive AI coding assistant in the terminal",
  "type": "module",
  "author": "claude-code-best <claude-code-best@proton.me>",
--- a/packages/acp-link/README.md
+++ b/packages/acp-link/README.md
@@ -41,6 +41,9 @@ acp-link --https /path/to/agent
 # Disable authentication (dangerous)
 acp-link --no-auth /path/to/agent

+# Register to RCS with a specific channel group
+acp-link --group my-team /path/to/agent
+
 # Pass arguments to the agent (use -- to separate)
 acp-link /path/to/agent -- --verbose --model gpt-4
 ```
@@ -49,7 +52,7 @@ acp-link /path/to/agent -- --verbose --model gpt-4

 ```
 USAGE
-  acp-link [--port value] [--host value] [--debug] [--no-auth] [--https] <command>...
+  acp-link [--port value] [--host value] [--debug] [--no-auth] [--https] [--group value] <command>...
  acp-link --help
  acp-link --version

@@ -59,6 +62,7 @@ FLAGS
       [--debug]    Enable debug logging to file
       [--no-auth]  Disable authentication (dangerous)
       [--https]    Enable HTTPS with self-signed cert
+       [--group]    Channel group ID for RCS registration (letters, digits, hyphens, underscores only)
    -h  --help      Print help information and exit
    -v  --version   Print version information and exit

@@ -84,6 +88,34 @@ ws://localhost:9315/ws?token=<your-token>

 Set `ACP_AUTH_TOKEN` env var to use a fixed token, or use `--no-auth` to disable (not recommended).

+## RCS Upstream
+
+acp-link can register to a Remote Control Server (RCS) for remote access. Set the following environment variables:
+
+| Variable | Description |
+|----------|-------------|
+| `ACP_RCS_URL` | RCS server URL (e.g. `http://rcs.example.com:3000`) |
+| `ACP_RCS_TOKEN` | API token for RCS authentication |
+| `ACP_RCS_GROUP` | Channel group ID to lock the agent into (letters, digits, `-`, `_` only) |
+
+You can also use `--group <id>` on the CLI. The CLI flag takes priority over the env var.
+
+## Manager UI
+
+通过 `--manager` flag 启动独立的管理服务（不启动代理）：
+
+```bash
+# 启动 Manager（默认端口 9315）
+acp-link --manager
+
+# 指定端口
+acp-link --manager --port 3210
+```
+
+在浏览器打开 `http://localhost:<port>` 即可访问管理界面，创建、停止、删除多个 acp-link 子进程实例并实时查看日志。
+
+通过 Manager UI 创建的子进程会自动跳过 Manager UI。
+
 ## License

 MIT
--- a/packages/acp-link/package.json
+++ b/packages/acp-link/package.json
@@ -1,6 +1,6 @@
 {
  "name": "acp-link",
-  "version": "1.0.1",
+  "version": "2.0.0",
  "description": "ACP proxy server that bridges WebSocket clients to ACP agents",
  "author": "claude-code-best",
  "type": "module",
@@ -14,12 +14,15 @@
  ],
  "scripts": {
    "build": "tsc",
-    "dev": "bun run src/cli/bin.ts",
+    "dev": "ACP_RCS_URL=http://localhost:3000 ACP_RCS_TOKEN=test-my-key bun run src/cli/bin.ts ccb-bun -- --acp",
+    "dev:remote": "ACP_RCS_URL=https://remote-control.claude-code-best.win/ ACP_RCS_TOKEN=test-my-key bun run src/cli/bin.ts ccb-bun -- --acp",
+    "dev:manager": "ACP_RCS_URL=http://localhost:3000 ACP_RCS_TOKEN=test-my-key bun run src/cli/bin.ts --manager",
    "prepublishOnly": "bun run build"
  },
  "devDependencies": {
    "@types/selfsigned": "^2.0.4",
-    "@types/ws": "^8.18.1"
+    "@types/ws": "^8.18.1",
+    "@types/bun": "^1.3.12"
  },
  "dependencies": {
    "@agentclientprotocol/sdk": "^0.19.0",
--- a/packages/acp-link/src/cli/command.ts
+++ b/packages/acp-link/src/cli/command.ts
@@ -9,6 +9,8 @@ export const command = buildCommand({
      "The agent command is spawned as a subprocess and communicates via stdin/stdout.\n\n" +
      "Use -- to pass arguments to the agent:\n" +
      "  acp-link /path/to/agent -- --verbose --model gpt-4\n\n" +
+      "Use --manager to start the Manager Web UI instead:\n" +
+      "  acp-link --manager\n\n" +
      "For remote access, set ACP_AUTH_TOKEN environment variable or let it auto-generate.",
  },
  parameters: {
@@ -40,6 +42,22 @@ export const command = buildCommand({
        brief: "Enable HTTPS with auto-generated self-signed certificate",
        default: false,
      },
+      manager: {
+        kind: "boolean",
+        brief: "Start Manager Web UI (no proxy)",
+        default: false,
+      },
+      group: {
+        kind: "parsed",
+        parse: (value: string) => {
+          if (!/^[a-zA-Z0-9_-]+$/.test(value)) {
+            throw new Error(`Invalid group "${value}": only letters, digits, hyphens, and underscores are allowed`);
+          }
+          return value;
+        },
+        brief: "Channel group ID for RCS registration (env: ACP_RCS_GROUP)",
+        optional: true,
+      },
    },
    positional: {
      kind: "array",
@@ -48,12 +66,12 @@ export const command = buildCommand({
        parse: String,
        placeholder: "command",
      },
-      minimum: 1,
+      minimum: 0,
    },
  },
  func: async function (
    this: LocalContext,
-    flags: { port: number; host: string; debug: boolean; "no-auth": boolean; https: boolean },
+    flags: { port: number; host: string; debug: boolean; "no-auth": boolean; https: boolean; manager: boolean; group: string | undefined },
    ...args: readonly string[]
  ) {
    const port = flags.port;
@@ -61,6 +79,21 @@ export const command = buildCommand({
    const debug = flags.debug;
    const noAuth = flags["no-auth"];
    const https = flags.https;
+    const manager = flags.manager;
+    const group = flags.group;
+
+    // Manager mode: start web UI only, no proxy
+    if (manager) {
+      const { startManager } = await import("../manager/index.js");
+      await startManager(port);
+      return;
+    }
+
+    // Proxy mode: agent command is required
+    if (args.length === 0) {
+      console.error("Error: agent command is required (or use --manager)");
+      process.exit(1);
+    }
    const [command, ...agentArgs] = args;
    const cwd = process.cwd();

@@ -85,6 +118,6 @@ export const command = buildCommand({

    // Import and run the server
    const { startServer } = await import("../server.js");
-    await startServer({ port, host, command: command!, args: [...agentArgs], cwd, debug, token, https });
+    await startServer({ port, host, command: command!, args: [...agentArgs], cwd, debug, token, https, group });
  },
 });
--- a/packages/acp-link/src/manager/html.ts
+++ b/packages/acp-link/src/manager/html.ts
@@ -0,0 +1,345 @@
+export const MANAGER_HTML = `<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>ACP Manager</title>
+<style>
+* { margin: 0; padding: 0; box-sizing: border-box; }
+body {
+  font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
+  background: #f8f7f5;
+  color: #1a1a1a;
+  padding: 24px;
+  min-height: 100vh;
+}
+h1 { font-size: 20px; font-weight: 600; margin-bottom: 20px; color: #1a1a1a; }
+.header { display: flex; justify-content: space-between; align-items: center; margin-bottom: 24px; }
+.create-form {
+  background: #fff;
+  border: 1px solid #e5e2de;
+  border-radius: 8px;
+  padding: 16px;
+  margin-bottom: 24px;
+  display: flex;
+  gap: 10px;
+  align-items: flex-end;
+}
+.form-group { display: flex; flex-direction: column; gap: 4px; }
+.form-group label { font-size: 12px; color: #888; }
+.form-group input {
+  background: #fff;
+  border: 1px solid #d5d2ce;
+  border-radius: 4px;
+  padding: 8px 12px;
+  color: #1a1a1a;
+  font-size: 14px;
+  width: 200px;
+}
+.form-group input.wide { width: 400px; }
+button {
+  background: #d77757;
+  color: #fff;
+  border: none;
+  border-radius: 4px;
+  padding: 8px 16px;
+  font-size: 14px;
+  cursor: pointer;
+  white-space: nowrap;
+}
+button:hover { background: #c4694b; }
+button:disabled { opacity: 0.5; cursor: not-allowed; }
+button.danger { background: #a63d3d; }
+button.danger:hover { background: #c44a4a; }
+button.small { padding: 4px 10px; font-size: 12px; }
+.instances { display: flex; flex-direction: column; gap: 8px; }
+.instance-card {
+  background: #fff;
+  border: 1px solid #e5e2de;
+  border-radius: 8px;
+  overflow: hidden;
+}
+.instance-header {
+  display: flex;
+  align-items: center;
+  padding: 12px 16px;
+  gap: 12px;
+  cursor: pointer;
+  user-select: none;
+}
+.instance-header:hover { background: #f5f3f0; }
+.status-dot {
+  width: 10px; height: 10px;
+  border-radius: 50%;
+  flex-shrink: 0;
+}
+.status-dot.running { background: #4ade80; box-shadow: 0 0 6px #4ade8066; }
+.status-dot.stopped { background: #aaa; }
+.status-dot.failed { background: #f87171; box-shadow: 0 0 6px #f8717166; }
+.instance-info { flex: 1; display: flex; gap: 16px; align-items: center; font-size: 13px; }
+.instance-info .group { font-weight: 600; color: #d77757; }
+.instance-info .cmd { color: #888; max-width: 300px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
+.instance-info .pid { color: #999; font-size: 12px; }
+.instance-info .uptime { color: #999; font-size: 12px; }
+.instance-actions { display: flex; gap: 6px; }
+.expand-icon { color: #999; font-size: 12px; transition: transform 0.2s; }
+.expand-icon.open { transform: rotate(90deg); }
+.log-panel {
+  display: none;
+  border-top: 1px solid #e5e2de;
+  background: #faf9f7;
+  max-height: 300px;
+  overflow-y: auto;
+  padding: 12px 16px;
+  font-family: 'SF Mono', 'Fira Code', 'Consolas', monospace;
+  font-size: 12px;
+  line-height: 1.6;
+}
+.log-panel.visible { display: block; }
+.log-line { white-space: pre-wrap; word-break: break-all; }
+.log-line.stdout { color: #333; }
+.log-line.stderr { color: #d94040; }
+.empty { color: #999; text-align: center; padding: 40px; font-size: 14px; }
+
+@media (max-width: 640px) {
+  body { padding: 12px; }
+  .create-form { flex-wrap: wrap; }
+  .form-group input, .form-group input.wide { width: 100%; }
+  .form-group { flex: 1 1 120px; min-width: 0; }
+  .instance-header { flex-wrap: wrap; padding: 10px 12px; gap: 8px; }
+  .instance-info { flex-wrap: wrap; gap: 6px; font-size: 12px; }
+  .instance-info .cmd { max-width: 100%; }
+  button.small { padding: 8px 14px; min-height: 44px; font-size: 13px; }
+  .log-panel { max-height: 50vh; }
+}
+</style>
+</head>
+<body>
+<div class="header">
+  <h1>ACP Manager</h1>
+</div>
+
+<div class="create-form">
+  <div class="form-group">
+    <label>Group</label>
+    <input type="text" id="inp-group" placeholder="my-group" />
+  </div>
+  <div class="form-group">
+    <label>ACP Command</label>
+    <input type="text" id="inp-command" class="wide" placeholder="/path/to/agent --verbose" />
+  </div>
+  <button id="btn-create">Create</button>
+</div>
+
+<div class="instances" id="instance-list"></div>
+
+<script>
+var listEl = document.getElementById('instance-list');
+var esMap = {};
+var instances = [];
+var inpGroup = document.getElementById('inp-group');
+var inpCommand = document.getElementById('inp-command');
+var btnCreate = document.getElementById('btn-create');
+
+// localStorage persistence
+function loadForm() {
+  try {
+    inpGroup.value = localStorage.getItem('acp-mgr-group') || '';
+    inpCommand.value = localStorage.getItem('acp-mgr-command') || '';
+  } catch(e) {}
+}
+function saveForm() {
+  try {
+    localStorage.setItem('acp-mgr-group', inpGroup.value);
+    localStorage.setItem('acp-mgr-command', inpCommand.value);
+  } catch(e) {}
+}
+inpGroup.addEventListener('input', saveForm);
+inpCommand.addEventListener('input', saveForm);
+loadForm();
+
+btnCreate.addEventListener('click', function() {
+  var group = inpGroup.value.trim();
+  var command = inpCommand.value.trim();
+  if (!group || !command) return alert('Both fields required');
+  btnCreate.disabled = true;
+  fetch('/api/instances', {
+    method: 'POST',
+    headers: {'Content-Type': 'application/json'},
+    body: JSON.stringify({ group: group, command: command }),
+  }).then(function() { fetchInstances(); })
+   .finally(function() { btnCreate.disabled = false; });
+});
+
+// event delegation for instance actions
+listEl.addEventListener('click', function(e) {
+  var btn = e.target.closest('[data-action]');
+  if (btn) {
+    e.stopPropagation();
+    var id = btn.getAttribute('data-id');
+    var action = btn.getAttribute('data-action');
+    if (action === 'stop') stopInstance(id);
+    else if (action === 'delete') deleteInstance(id);
+    return;
+  }
+  var header = e.target.closest('.instance-header');
+  if (header) {
+    var cardId = header.closest('.instance-card').getAttribute('data-id');
+    toggleLog(cardId);
+  }
+});
+
+async function fetchInstances() {
+  var res = await fetch('/api/instances');
+  instances = await res.json();
+  render();
+}
+
+function uptime(start) {
+  var s = Math.floor((Date.now() - start) / 1000);
+  if (s < 60) return s + 's';
+  if (s < 3600) return Math.floor(s/60) + 'm ' + (s%60) + 's';
+  return Math.floor(s/3600) + 'h ' + Math.floor((s%3600)/60) + 'm';
+}
+
+function esc(s) {
+  return s.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;');
+}
+
+function render() {
+  if (instances.length === 0) {
+    listEl.innerHTML = '<div class="empty">No instances. Create one above.</div>';
+    return;
+  }
+  // Diff-based update: only rebuild cards whose status changed
+  var existingCards = {};
+  listEl.querySelectorAll('.instance-card').forEach(function(card) {
+    existingCards[card.getAttribute('data-id')] = card;
+  });
+
+  var newIds = new Set(instances.map(function(i) { return i.id; }));
+
+  // Remove cards that no longer exist
+  for (var eid in existingCards) {
+    if (!newIds.has(eid)) {
+      closeLog(eid);
+      existingCards[eid].remove();
+      delete existingCards[eid];
+    }
+  }
+
+  // Update or create cards in order
+  instances.forEach(function(inst) {
+    var card = existingCards[inst.id];
+    if (!card) {
+      // New instance — create card
+      card = document.createElement('div');
+      card.className = 'instance-card';
+      card.setAttribute('data-id', inst.id);
+      card.innerHTML =
+        '<div class="instance-header">' +
+        '<span class="expand-icon">&#9654;</span>' +
+        '<span class="status-dot"></span>' +
+        '<div class="instance-info">' +
+        '<span class="group"></span>' +
+        '<span class="cmd"></span>' +
+        '<span class="pid"></span>' +
+        '<span class="uptime"></span>' +
+        '</div>' +
+        '<div class="instance-actions"></div>' +
+        '</div>' +
+        '<div class="log-panel" id="log-' + inst.id + '"></div>';
+      listEl.appendChild(card);
+    }
+    // Update card content
+    card.querySelector('.status-dot').className = 'status-dot ' + inst.status;
+    card.querySelector('.group').textContent = inst.group;
+    card.querySelector('.cmd').textContent = inst.command;
+    card.querySelector('.pid').textContent = inst.pid ? 'PID ' + inst.pid : '';
+    card.querySelector('.uptime').textContent = inst.status === 'running' ? uptime(inst.startTime) : '';
+
+    // Update action buttons
+    var actions = card.querySelector('.instance-actions');
+    var prevStatus = card.getAttribute('data-status');
+    if (prevStatus !== inst.status) {
+      card.setAttribute('data-status', inst.status);
+      actions.innerHTML = inst.status === 'running'
+        ? '<button class="small danger" data-action="stop" data-id="' + inst.id + '">Stop</button>'
+        : '<button class="small danger" data-action="delete" data-id="' + inst.id + '">Delete</button>';
+    }
+  });
+}
+
+async function stopInstance(id) {
+  var btn = listEl.querySelector('[data-action="stop"][data-id="' + id + '"]');
+  if (btn) btn.disabled = true;
+  await fetch('/api/instances/' + id + '/stop', { method: 'POST' });
+  await fetchInstances();
+}
+
+async function deleteInstance(id) {
+  var btn = listEl.querySelector('[data-action="delete"][data-id="' + id + '"]');
+  if (btn) btn.disabled = true;
+  await fetch('/api/instances/' + id, { method: 'DELETE' });
+  closeLog(id);
+  await fetchInstances();
+}
+
+function toggleLog(id) {
+  var panel = document.getElementById('log-' + id);
+  if (!panel) return;
+  if (panel.classList.contains('visible')) {
+    closeLog(id);
+  } else {
+    openLog(id);
+  }
+  var icon = listEl.querySelector('[data-id="' + id + '"] .expand-icon');
+  if (icon) icon.classList.toggle('open', panel.classList.contains('visible'));
+}
+
+function openLog(id) {
+  var panel = document.getElementById('log-' + id);
+  if (!panel) return;
+  panel.classList.add('visible');
+  panel.innerHTML = '';
+  var es = new EventSource('/api/instances/' + id + '/logs');
+  esMap[id] = es;
+  var scrollPending = false;
+  es.onmessage = function(e) {
+    try {
+      var entry = JSON.parse(e.data);
+      var line = document.createElement('div');
+      line.className = 'log-line ' + entry.stream;
+      var time = new Date(entry.timestamp).toLocaleTimeString();
+      line.textContent = '[' + time + '] ' + entry.text;
+      panel.appendChild(line);
+      if (panel.children.length > 500) panel.removeChild(panel.firstChild);
+      if (!scrollPending) {
+        scrollPending = true;
+        requestAnimationFrame(function() {
+          panel.scrollTop = panel.scrollHeight;
+          scrollPending = false;
+        });
+      }
+    } catch(err) {}
+  };
+  es.onerror = function() {
+    es.close();
+    delete esMap[id];
+  };
+}
+
+function closeLog(id) {
+  if (esMap[id]) {
+    esMap[id].close();
+    delete esMap[id];
+  }
+  var panel = document.getElementById('log-' + id);
+  if (panel) panel.classList.remove('visible');
+}
+
+fetchInstances();
+setInterval(fetchInstances, 3000);
+</script>
+</body>
+</html>`;
--- a/packages/acp-link/src/manager/index.ts
+++ b/packages/acp-link/src/manager/index.ts
@@ -0,0 +1,44 @@
+import { Hono } from "hono";
+import { serve } from "@hono/node-server";
+import { ProcessManager } from "./manager.js";
+import { createApp } from "./routes.js";
+
+export async function startManager(port: number): Promise<void> {
+  const manager = new ProcessManager();
+  const app = createApp(manager);
+
+  // Health check
+  app.get("/health", (c) => c.json({ status: "ok" }));
+
+  let shuttingDown = false;
+  const shutdown = async () => {
+    if (shuttingDown) return;
+    shuttingDown = true;
+    console.log("Shutting down...");
+    await manager.shutdownAll();
+    process.exit(0);
+  };
+  process.on("SIGTERM", shutdown);
+  process.on("SIGINT", shutdown);
+
+  const server = serve({ fetch: app.fetch, port });
+  server.on("error", (err: NodeJS.ErrnoException) => {
+    if (err.code === "EADDRINUSE") {
+      console.error(`\n  Error: port ${port} is already in use. Use --port to specify a different port.\n`);
+    } else {
+      console.error(`\n  Error: ${err.message}\n`);
+    }
+    process.exit(1);
+  });
+
+  console.log();
+  console.log(`  🖥️  ACP Manager`);
+  console.log();
+  console.log(`    URL:   http://localhost:${port}`);
+  console.log();
+  console.log(`  Press Ctrl+C to stop`);
+  console.log();
+
+  // Keep running
+  await new Promise(() => {});
+}
--- a/packages/acp-link/src/manager/manager.ts
+++ b/packages/acp-link/src/manager/manager.ts
@@ -0,0 +1,233 @@
+import type { AcpInstance, InstanceSummary, LogEntry } from "./types.js";
+
+function log(tag: string, msg: string) {
+  const ts = new Date().toISOString();
+  console.log(`[${ts}] [${tag}] ${msg}`);
+}
+
+const MAX_LOG_LINES = 2000;
+const SHUTDOWN_TIMEOUT_MS = 5000;
+
+export class ProcessManager {
+  private instances = new Map<string, AcpInstance>();
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  private processes = new Map<string, any>();
+
+  create(group: string, command: string): AcpInstance {
+    const id = crypto.randomUUID();
+    const instance: AcpInstance = {
+      id,
+      group,
+      command,
+      status: "running",
+      pid: undefined,
+      startTime: Date.now(),
+      exitCode: null,
+      logs: [],
+      subscribers: new Set(),
+    };
+
+    const args = this.parseCommand(command);
+    const fullArgs = ["--group", group, ...args];
+
+    const proc = Bun.spawn(["acp-link", ...fullArgs], {
+      stdout: "pipe",
+      stderr: "pipe",
+      env: { ...Bun.env, ACP_CHILD: "1" },
+    });
+
+    instance.pid = proc.pid;
+    this.instances.set(id, instance);
+    this.processes.set(id, proc);
+    log("manager", `created instance ${id.slice(0, 8)} group=${group} pid=${proc.pid} cmd="acp-link ${fullArgs.join(" ")}"`);
+
+    this.pipeStream(proc.stdout, id, "stdout");
+    this.pipeStream(proc.stderr, id, "stderr");
+
+    proc.exited.then((code) => {
+      instance.status = code === 0 ? "stopped" : "failed";
+      instance.exitCode = code;
+      instance.pid = undefined;
+      this.processes.delete(id);
+      log("manager", `instance ${id.slice(0, 8)} ${instance.status} exit=${code}`);
+      this.notifyStatus(instance);
+    });
+
+    return instance;
+  }
+
+  stop(id: string): boolean {
+    const proc = this.processes.get(id);
+    if (!proc) return false;
+    const inst = this.instances.get(id);
+    log("manager", `stopping instance ${id.slice(0, 8)} pid=${proc.pid}`);
+    proc.kill("SIGTERM");
+    // Immediately mark as stopped to prevent stale state
+    if (inst) {
+      inst.status = "stopped";
+    }
+    return true;
+  }
+
+  remove(id: string): boolean {
+    const instance = this.instances.get(id);
+    if (!instance) return false;
+    if (instance.status === "running") return false;
+    instance.subscribers.clear();
+    this.instances.delete(id);
+    log("manager", `removed instance ${id.slice(0, 8)} group=${instance.group}`);
+    return true;
+  }
+
+  list(): InstanceSummary[] {
+    return Array.from(this.instances.values()).map(this.toSummary);
+  }
+
+  get(id: string): AcpInstance | undefined {
+    return this.instances.get(id);
+  }
+
+  subscribe(id: string, callback: (entry: LogEntry) => void): () => void {
+    const instance = this.instances.get(id);
+    if (!instance) return () => {};
+    instance.subscribers.add(callback);
+    return () => instance.subscribers.delete(callback);
+  }
+
+  async shutdownAll(): Promise<void> {
+    const running = Array.from(this.processes.entries());
+    if (running.length === 0) return;
+
+    log("manager", `shutting down ${running.length} running instance(s)...`);
+    for (const [id, proc] of running) {
+      try {
+        proc.kill("SIGTERM");
+        log("manager", `sent SIGTERM to ${id.slice(0, 8)} pid=${proc.pid}`);
+      } catch {
+        // already dead
+      }
+    }
+
+    const timeout = new Promise<void>((resolve) => setTimeout(resolve, SHUTDOWN_TIMEOUT_MS));
+    await Promise.race([
+      Promise.all(running.map(([, proc]) => proc.exited.catch(() => {}))),
+      timeout,
+    ]);
+
+    for (const [id, proc] of running) {
+      try {
+        proc.kill("SIGKILL");
+        log("manager", `sent SIGKILL to ${id.slice(0, 8)}`);
+      } catch {
+        // already dead
+      }
+    }
+    log("manager", "all instances shut down");
+  }
+
+  private parseCommand(command: string): string[] {
+    const args: string[] = [];
+    let current = "";
+    let inQuote: string | null = null;
+
+    for (const ch of command) {
+      if (inQuote) {
+        if (ch === inQuote) {
+          inQuote = null;
+        } else {
+          current += ch;
+        }
+      } else if (ch === '"' || ch === "'") {
+        inQuote = ch;
+      } else if (ch === " " || ch === "\t") {
+        if (current) {
+          args.push(current);
+          current = "";
+        }
+      } else {
+        current += ch;
+      }
+    }
+    if (current) args.push(current);
+    return args;
+  }
+
+  private pipeStream(
+    readable: ReadableStream<Uint8Array>,
+    instanceId: string,
+    stream: "stdout" | "stderr",
+  ) {
+    const reader = readable.getReader();
+    const decoder = new TextDecoder();
+    let buffer = "";
+
+    const processChunk = () => {
+      reader
+        .read()
+        .then(({ done, value }) => {
+          if (done) {
+            if (buffer) this.appendLog(instanceId, buffer, stream);
+            return;
+          }
+          buffer += decoder.decode(value, { stream: true });
+          const lines = buffer.split("\n");
+          buffer = lines.pop() ?? "";
+          for (const line of lines) {
+            if (line) this.appendLog(instanceId, line, stream);
+          }
+          processChunk();
+        })
+        .catch(() => {
+          // stream ended or error
+        });
+    };
+    processChunk();
+  }
+
+  private appendLog(instanceId: string, text: string, stream: "stdout" | "stderr") {
+    const instance = this.instances.get(instanceId);
+    if (!instance) return;
+
+    const entry: LogEntry = { timestamp: Date.now(), stream, text };
+    instance.logs.push(entry);
+    if (instance.logs.length > MAX_LOG_LINES) {
+      instance.logs.splice(0, instance.logs.length - MAX_LOG_LINES);
+    }
+
+    for (const sub of instance.subscribers) {
+      try {
+        sub(entry);
+      } catch {
+        // subscriber error, remove it
+        instance.subscribers.delete(sub);
+      }
+    }
+  }
+
+  private notifyStatus(instance: AcpInstance) {
+    const statusEntry: LogEntry = {
+      timestamp: Date.now(),
+      stream: "stderr",
+      text: `[${instance.status}] exit code: ${instance.exitCode}`,
+    };
+    for (const sub of instance.subscribers) {
+      try {
+        sub(statusEntry);
+      } catch {
+        instance.subscribers.delete(sub);
+      }
+    }
+  }
+
+  private toSummary(inst: AcpInstance): InstanceSummary {
+    return {
+      id: inst.id,
+      group: inst.group,
+      command: inst.command,
+      status: inst.status,
+      pid: inst.pid,
+      startTime: inst.startTime,
+      exitCode: inst.exitCode,
+    };
+  }
+}
--- a/packages/acp-link/src/manager/routes.ts
+++ b/packages/acp-link/src/manager/routes.ts
@@ -0,0 +1,153 @@
+import { Hono } from "hono";
+import type { ProcessManager } from "./manager.js";
+import { MANAGER_HTML } from "./html.js";
+
+function logReq(method: string, path: string, status?: number) {
+  const ts = new Date().toISOString();
+  const suffix = status != null ? ` -> ${status}` : "";
+  console.log(`[${ts}] [http] ${method} ${path}${suffix}`);
+}
+
+export function createApp(manager: ProcessManager): Hono {
+  const app = new Hono();
+
+  app.get("/", (c) => {
+    logReq("GET", "/", 200);
+    return c.html(MANAGER_HTML);
+  });
+
+  app.get("/api/instances", (c) => {
+    const list = manager.list();
+    logReq("GET", "/api/instances", 200);
+    return c.json(list);
+  });
+
+  app.post("/api/instances", async (c) => {
+    let body: { group?: string; command?: string };
+    try {
+      body = await c.req.json<{ group?: string; command?: string }>();
+    } catch {
+      logReq("POST", "/api/instances", 400);
+      return c.json({ error: "invalid JSON body" }, 400);
+    }
+    if (!body.group?.trim() || !body.command?.trim()) {
+      logReq("POST", "/api/instances", 400);
+      return c.json({ error: "group and command are required" }, 400);
+    }
+    const instance = manager.create(body.group.trim(), body.command.trim());
+    logReq("POST", `/api/instances group=${body.group}`, 201);
+    return c.json(
+      {
+        id: instance.id,
+        group: instance.group,
+        command: instance.command,
+        status: instance.status,
+        pid: instance.pid,
+        startTime: instance.startTime,
+        exitCode: instance.exitCode,
+      },
+      201,
+    );
+  });
+
+  app.post("/api/instances/:id/stop", (c) => {
+    const id = c.req.param("id");
+    const inst = manager.get(id);
+    if (!inst) {
+      logReq("POST", `/api/instances/${id.slice(0, 8)}/stop`, 404);
+      return c.json({ error: "not found" }, 404);
+    }
+    if (inst.status !== "running") {
+      logReq("POST", `/api/instances/${id.slice(0, 8)}/stop`, 400);
+      return c.json({ error: "not running" }, 400);
+    }
+    manager.stop(inst.id);
+    logReq("POST", `/api/instances/${id.slice(0, 8)}/stop`, 200);
+    return c.json({ ok: true });
+  });
+
+  app.delete("/api/instances/:id", (c) => {
+    const id = c.req.param("id");
+    const inst = manager.get(id);
+    if (!inst) {
+      logReq("DELETE", `/api/instances/${id.slice(0, 8)}`, 404);
+      return c.json({ error: "not found" }, 404);
+    }
+    if (inst.status === "running") {
+      logReq("DELETE", `/api/instances/${id.slice(0, 8)}`, 400);
+      return c.json({ error: "still running" }, 400);
+    }
+    manager.remove(inst.id);
+    logReq("DELETE", `/api/instances/${id.slice(0, 8)}`, 200);
+    return c.json({ ok: true });
+  });
+
+  app.get("/api/instances/:id/logs", (c) => {
+    const id = c.req.param("id");
+    const inst = manager.get(id);
+    if (!inst) {
+      logReq("GET", `/api/instances/${id.slice(0, 8)}/logs`, 404);
+      return c.json({ error: "not found" }, 404);
+    }
+    logReq("GET", `/api/instances/${id.slice(0, 8)}/logs SSE`);
+
+    const stream = new ReadableStream({
+      start(controller) {
+        const encoder = new TextEncoder();
+
+        const send = (data: string) => {
+          try {
+            controller.enqueue(encoder.encode(data));
+          } catch {
+            // stream closed
+          }
+        };
+
+        // send historical logs
+        for (const log of inst.logs) {
+          send(`data: ${JSON.stringify(log)}\n\n`);
+        }
+
+        // subscribe to new logs
+        const unsub = manager.subscribe(inst.id, (entry) => {
+          send(`data: ${JSON.stringify(entry)}\n\n`);
+        });
+
+        // keepalive every 15s
+        const keepalive = setInterval(() => {
+          send(": keepalive\n\n");
+        }, 15000);
+
+        const cleanup = () => {
+          unsub();
+          clearInterval(keepalive);
+          logReq("SSE", `/api/instances/${id.slice(0, 8)}/logs closed`);
+          try {
+            controller.close();
+          } catch {
+            // already closed
+          }
+        };
+
+        c.req.raw.signal.addEventListener("abort", cleanup, { once: true });
+      },
+    });
+
+    return new Response(stream, {
+      headers: {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        Connection: "keep-alive",
+        "X-Accel-Buffering": "no",
+      },
+    });
+  });
+
+  // Catch-all: log unmatched routes for debugging
+  app.all("*", (c) => {
+    logReq(c.req.method, c.req.path, 404);
+    return c.json({ error: "not found", path: c.req.path }, 404);
+  });
+
+  return app;
+}
--- a/packages/acp-link/src/manager/types.ts
+++ b/packages/acp-link/src/manager/types.ts
@@ -0,0 +1,34 @@
+export type InstanceStatus = "running" | "stopped" | "failed";
+
+export interface AcpInstance {
+  id: string;
+  group: string;
+  command: string;
+  status: InstanceStatus;
+  pid: number | undefined;
+  startTime: number;
+  exitCode: number | null;
+  logs: LogEntry[];
+  subscribers: Set<(entry: LogEntry) => void>;
+}
+
+export interface LogEntry {
+  timestamp: number;
+  stream: "stdout" | "stderr";
+  text: string;
+}
+
+export interface CreateInstanceRequest {
+  group: string;
+  command: string;
+}
+
+export interface InstanceSummary {
+  id: string;
+  group: string;
+  command: string;
+  status: InstanceStatus;
+  pid: number | undefined;
+  startTime: number;
+  exitCode: number | null;
+}
--- a/packages/acp-link/src/server.ts
+++ b/packages/acp-link/src/server.ts
@@ -22,6 +22,8 @@ export interface ServerConfig {
  https?: boolean;
  /** Default permission mode for new sessions (e.g. "auto", "default", "bypassPermissions") */
  permissionMode?: string;
+  /** Channel group ID for RCS registration */
+  group?: string;
 }

 // Pending permission request
@@ -608,11 +610,16 @@ export async function startServer(config: ServerConfig): Promise<void> {
  // Initialize RCS upstream client if configured
  const rcsUrl = process.env.ACP_RCS_URL;
  const rcsToken = process.env.ACP_RCS_TOKEN;
+  const rcsGroup = config.group || process.env.ACP_RCS_GROUP;
+  if (rcsGroup && !/^[a-zA-Z0-9_-]+$/.test(rcsGroup)) {
+    throw new Error(`Invalid ACP_RCS_GROUP "${rcsGroup}": only letters, digits, hyphens, and underscores are allowed`);
+  }
  if (rcsUrl) {
    rcsUpstream = new RcsUpstreamClient({
      rcsUrl,
      apiToken: rcsToken || "",
      agentName: command,
+      channelGroupId: rcsGroup || undefined,
      maxSessions: 1,
    });

@@ -876,20 +883,16 @@ export async function startServer(config: ServerConfig): Promise<void> {
    authEnabled: !!AUTH_TOKEN,
  }, "started");

+  // Graceful shutdown — close RCS upstream
+  const shutdown = async () => {
+    if (rcsUpstream) {
+      await rcsUpstream.close();
+    }
+    process.exit(0);
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+
  // Keep the server running
  await new Promise(() => {});
 }
-
-// Graceful shutdown — close RCS upstream on process exit
-process.on("SIGINT", async () => {
-  if (rcsUpstream) {
-    await rcsUpstream.close();
-  }
-  process.exit(0);
-});
-process.on("SIGTERM", async () => {
-  if (rcsUpstream) {
-    await rcsUpstream.close();
-  }
-  process.exit(0);
-});
--- a/packages/acp-link/tsconfig.json
+++ b/packages/acp-link/tsconfig.json
@@ -3,12 +3,12 @@
    // Environment setup & latest features
    "lib": ["ESNext"],
    "target": "ES2022",
-    "module": "NodeNext",
+    "module": "esnext",
    "moduleDetection": "force",
    "allowJs": true,

    // Node.js module resolution
-    "moduleResolution": "NodeNext",
+    "moduleResolution": "bundler",
    "verbatimModuleSyntax": true,

    // Output
@@ -30,7 +30,8 @@
    // Some stricter flags (disabled by default)
    "noUnusedLocals": false,
    "noUnusedParameters": false,
-    "noPropertyAccessFromIndexSignature": false
+    "noPropertyAccessFromIndexSignature": false,
+    "types": ["bun"],
  },
  "include": ["src/**/*"],
  "exclude": ["node_modules", "dist", "src/__tests__"]
--- a/packages/remote-control-server/src/auth/middleware.ts
+++ b/packages/remote-control-server/src/auth/middleware.ts
@@ -90,9 +90,20 @@ export function getUuidFromRequest(c: Context): string | undefined {

 /**
 * UUID-based auth for Web UI routes (no-login mode).
- * Requires a UUID in query param or header, injects it into context as c.set("uuid").
+ * Accepts UUID in query param/header, OR a valid API key via Authorization header.
 */
 export async function uuidAuth(c: Context, next: Next) {
+  // Try API key auth via Authorization header
+  const bearer = extractBearerToken(c);
+  if (bearer && validateApiKey(bearer)) {
+    // Valid API key — generate a stable UUID from the key for downstream use
+    const uuid = getUuidFromRequest(c);
+    c.set("uuid", uuid || bearer);
+    await next();
+    return;
+  }
+
+  // Fall back to UUID auth
  const uuid = getUuidFromRequest(c);
  if (!uuid) {
    return c.json({ error: { type: "unauthorized", message: "Missing UUID" } }, 401);
--- a/packages/remote-control-server/src/routes/v1/environments.ts
+++ b/packages/remote-control-server/src/routes/v1/environments.ts
@@ -1,6 +1,7 @@
 import { Hono } from "hono";
 import { registerEnvironment, deregisterEnvironment, reconnectEnvironment } from "../../services/environment";
 import { apiKeyAuth, acceptCliHeaders } from "../../auth/middleware";
+import { storeBindSession } from "../../store";

 const app = new Hono();

@@ -9,6 +10,13 @@ app.post("/bridge", acceptCliHeaders, apiKeyAuth, async (c) => {
  const body = await c.req.json();
  const username = c.get("username");
  const result = registerEnvironment({ ...body, username });
+  // Bind ACP session to the group ID so the web UI can find it by group
+  if (result.session_id) {
+    const groupId = body.bridge_id as string | undefined;
+    if (groupId) {
+      storeBindSession(result.session_id, groupId);
+    }
+  }
  return c.json(result, 200);
 });

--- a/packages/remote-control-server/src/services/environment.ts
+++ b/packages/remote-control-server/src/services/environment.ts
@@ -6,6 +6,7 @@ import {
  storeUpdateEnvironment,
  storeListActiveEnvironments,
  storeListActiveEnvironmentsByUsername,
+  storeListSessionsByEnvironment,
 } from "../store";
 import type { RegisterEnvironmentRequest, EnvironmentResponse } from "../types/api";
 import type { EnvironmentRecord } from "../store";
@@ -20,6 +21,7 @@ function toResponse(row: EnvironmentRecord): EnvironmentResponse {
    username: row.username,
    last_poll_at: row.lastPollAt ? row.lastPollAt.getTime() / 1000 : null,
    worker_type: row.workerType,
+    channel_group_id: row.bridgeId,
    capabilities: row.capabilities,
  };
 }
@@ -41,14 +43,19 @@ export function registerEnvironment(req: RegisterEnvironmentRequest & { metadata
  });

  let sessionId: string | undefined;
-  // ACP agents: auto-create a session so they appear in the dashboard sessions list
+  // ACP agents: reuse existing session or create one
  if (workerType === "acp") {
-    const session = storeCreateSession({
-      environmentId: record.id,
-      title: req.machine_name || "ACP Agent",
-      source: "acp",
-    });
-    sessionId = session.id;
+    const existing = storeListSessionsByEnvironment(record.id);
+    if (existing.length > 0) {
+      sessionId = existing[0].id;
+    } else {
+      const session = storeCreateSession({
+        environmentId: record.id,
+        title: req.machine_name || "ACP Agent",
+        source: "acp",
+      });
+      sessionId = session.id;
+    }
  }

  return { environment_id: record.id, environment_secret: record.secret, status: record.status as "active", session_id: sessionId };
--- a/packages/remote-control-server/src/store.ts
+++ b/packages/remote-control-server/src/store.ts
@@ -98,13 +98,14 @@ export function storeDeleteToken(token: string): boolean {

 // ---------- Environment ----------

-/** Find an active environment by machineName (optionally filtered by workerType) */
+/** Find an active or offline environment by machineName (optionally filtered by workerType).
+ *  Includes "offline" so ACP agents can be reused on reconnect. */
 export function storeFindEnvironmentByMachineName(
  machineName: string,
  workerType?: string,
 ): EnvironmentRecord | undefined {
  for (const rec of environments.values()) {
-    if (rec.machineName === machineName && rec.status === "active") {
+    if (rec.machineName === machineName && (rec.status === "active" || rec.status === "offline")) {
      if (!workerType || rec.workerType === workerType) {
        return rec;
      }
@@ -313,12 +314,32 @@ export function storeGetSessionOwners(sessionId: string): Set<string> | undefine

 export function storeListSessionsByOwnerUuid(uuid: string): SessionRecord[] {
  const result: SessionRecord[] = [];
+  const resultIds = new Set<string>();
+
+  // Collect sessions already owned by this UUID
  for (const [sessionId, owners] of sessionOwners) {
    if (owners.has(uuid)) {
      const session = sessions.get(sessionId);
-      if (session) result.push(session);
+      if (session) {
+        result.push(session);
+        resultIds.add(sessionId);
+      }
    }
  }
+
+  // Auto-bind orphaned sessions (no owner — typically ACP agent sessions created via REST registration)
+  for (const [sessionId, session] of sessions) {
+    if (resultIds.has(sessionId)) continue;
+    const owners = sessionOwners.get(sessionId);
+    // No owners map entry at all, or empty owners set
+    const isOrphaned = !owners || owners.size === 0;
+    if (isOrphaned) {
+      storeBindSession(sessionId, uuid);
+      result.push(session);
+      resultIds.add(sessionId);
+    }
+  }
+
  return result;
 }

--- a/packages/remote-control-server/src/types/api.ts
+++ b/packages/remote-control-server/src/types/api.ts
@@ -107,6 +107,7 @@ export interface EnvironmentResponse {
  username: string | null;
  last_poll_at: number | null;
  worker_type?: string;
+  channel_group_id?: string | null;
  capabilities?: Record<string, unknown> | null;
 }

--- a/packages/remote-control-server/web/src/App.tsx
+++ b/packages/remote-control-server/web/src/App.tsx
@@ -1,9 +1,11 @@
 import { useState, useEffect, useCallback, lazy, Suspense } from "react";
 import { Navbar } from "./components/Navbar";
 import { IdentityPanel } from "./components/IdentityPanel";
+import { TokenManagerDialog } from "./components/TokenManagerDialog";
 import { ThemeProvider } from "./lib/theme";
-import { getUuid, setUuid, apiBind } from "./api/client";
+import { getUuid, setUuid, apiBind, setActiveApiToken } from "./api/client";
 import { ACPDirectView } from "./components/ACPDirectView";
+import { useTokens } from "./hooks/useTokens";

 const Dashboard = lazy(() => import("./pages/Dashboard").then((m) => ({ default: m.Dashboard })));
 const SessionDetail = lazy(() => import("./pages/SessionDetail").then((m) => ({ default: m.SessionDetail })));
@@ -11,7 +13,18 @@ const SessionDetail = lazy(() => import("./pages/SessionDetail").then((m) => ({
 export default function App() {
  const [currentSessionId, setCurrentSessionId] = useState<string | null>(null);
  const [identityOpen, setIdentityOpen] = useState(false);
+  const [tokenDialogOpen, setTokenDialogOpen] = useState(false);
  const [acpDirect, setAcpDirect] = useState<{ url: string; token: string } | null>(null);
+  const { tokens, activeTokenId, activeLabel, activeTokenValue, setActiveTokenId, addToken, removeToken, updateToken } = useTokens();
+
+  // Sync active token to API client
+  useEffect(() => {
+    setActiveApiToken(activeTokenValue);
+  }, [activeTokenValue]);
+
+  const handleSetActiveToken = useCallback((id: string) => {
+    setActiveTokenId(id);
+  }, [setActiveTokenId]);

  // Simple hash-based router
  const parseRoute = useCallback(() => {
@@ -97,6 +110,8 @@ export default function App() {
      <div className="flex h-screen flex-col bg-surface-0 text-text-primary">
        <Navbar
          onIdentityClick={() => setIdentityOpen(true)}
+          onTokenClick={() => setTokenDialogOpen(true)}
+          activeTokenLabel={currentSessionId ? undefined : activeLabel}
          sessionTitle={currentSessionId || (acpDirect ? "ACP" : undefined)}
          onBack={(currentSessionId || acpDirect) ? navigateToDashboard : undefined}
        />
@@ -114,6 +129,17 @@ export default function App() {
        </Suspense>

        <IdentityPanel open={identityOpen} onClose={() => setIdentityOpen(false)} />
+
+        <TokenManagerDialog
+          open={tokenDialogOpen}
+          onClose={() => setTokenDialogOpen(false)}
+          tokens={tokens}
+          activeTokenId={activeTokenId}
+          onSetActive={handleSetActiveToken}
+          onAdd={addToken}
+          onRemove={removeToken}
+          onUpdate={updateToken}
+        />
      </div>
    </ThemeProvider>
  );
--- a/packages/remote-control-server/web/src/api/client.ts
+++ b/packages/remote-control-server/web/src/api/client.ts
@@ -24,11 +24,35 @@ export function setUuid(uuid: string): void {
  localStorage.setItem("rcs_uuid", uuid);
 }

+/** Active API token for Authorization header (set by useTokens) */
+let _activeToken: string | null = null;
+
+export function setActiveApiToken(token: string | null): void {
+  _activeToken = token;
+}
+
+export function getActiveApiToken(): string | null {
+  return _activeToken;
+}
+
 async function api<T>(method: string, path: string, body?: unknown): Promise<T> {
  const headers: Record<string, string> = { "Content-Type": "application/json" };
-  const uuid = getUuid();
-  const sep = path.includes("?") ? "&" : "?";
-  const url = `${BASE}${path}${sep}uuid=${encodeURIComponent(uuid)}`;
+
+  if (_activeToken) {
+    headers["Authorization"] = `Bearer ${_activeToken}`;
+  }
+
+  // When using Bearer token auth, backend derives UUID from the token — no need to send query param.
+  // Otherwise fall back to UUID auth via query param.
+  let url: string;
+  if (_activeToken) {
+    const sep = path.includes("?") ? "&" : "?";
+    url = `${BASE}${path}${sep}uuid=${encodeURIComponent(_activeToken)}`;
+  } else {
+    const uuid = getUuid();
+    const sep = path.includes("?") ? "&" : "?";
+    url = `${BASE}${path}${sep}uuid=${encodeURIComponent(uuid)}`;
+  }
  const opts: RequestInit = { method, headers };
  if (body !== undefined) opts.body = JSON.stringify(body);

--- a/packages/remote-control-server/web/src/components/Navbar.tsx
+++ b/packages/remote-control-server/web/src/components/Navbar.tsx
@@ -1,14 +1,16 @@
 import { cn } from "../lib/utils";
 import { ThemeToggle } from "../../components/ui/theme-toggle";
-import { ChevronLeft, LayoutGrid, UserPlus } from "lucide-react";
+import { ChevronLeft, LayoutGrid, UserPlus, KeyRound } from "lucide-react";

 interface NavbarProps {
  onIdentityClick: () => void;
+  onTokenClick: () => void;
+  activeTokenLabel?: string | null;
  sessionTitle?: string;
  onBack?: () => void;
 }

-export function Navbar({ onIdentityClick, sessionTitle, onBack }: NavbarProps) {
+export function Navbar({ onIdentityClick, onTokenClick, activeTokenLabel, sessionTitle, onBack }: NavbarProps) {
  return (
    <nav className="sticky top-0 z-40 border-b border-border bg-surface-1/80 backdrop-blur-md">
      <div className="mx-auto flex h-11 sm:h-12 max-w-5xl items-center justify-between px-3 sm:px-4">
@@ -51,6 +53,19 @@ export function Navbar({ onIdentityClick, sessionTitle, onBack }: NavbarProps) {
            </a>
          )}
          <ThemeToggle />
+          <button
+            onClick={onTokenClick}
+            className={cn(
+              "flex items-center gap-1 rounded-md px-2 sm:px-3 py-1.5 text-sm transition-colors",
+              activeTokenLabel
+                ? "bg-brand/10 text-brand hover:bg-brand/20"
+                : "text-text-secondary hover:bg-surface-2 hover:text-text-primary"
+            )}
+            title="Token Manager"
+          >
+            <KeyRound className="h-4 w-4" />
+            <span className="hidden sm:inline max-w-24 truncate">{activeTokenLabel || "No Token"}</span>
+          </button>
          <button
            onClick={onIdentityClick}
            className="flex items-center gap-1 rounded-md px-2 sm:px-3 py-1.5 text-sm text-text-secondary hover:bg-surface-2 hover:text-text-primary transition-colors"
--- a/packages/remote-control-server/web/src/components/TokenManagerDialog.tsx
+++ b/packages/remote-control-server/web/src/components/TokenManagerDialog.tsx
@@ -0,0 +1,217 @@
+import { useState } from "react";
+import type { TokenEntry } from "../hooks/useTokens";
+import {
+  Dialog,
+  DialogContent,
+  DialogHeader,
+  DialogTitle,
+  DialogDescription,
+} from "../../components/ui/dialog";
+import { Check, Copy, Eye, EyeOff, Pencil, Plus, Trash2, X } from "lucide-react";
+
+interface TokenManagerDialogProps {
+  open: boolean;
+  onClose: () => void;
+  tokens: TokenEntry[];
+  activeTokenId: string | null;
+  onSetActive: (id: string) => void;
+  onAdd: (token: string, label: string) => string | null;
+  onRemove: (id: string) => void;
+  onUpdate: (id: string, label: string) => void;
+}
+
+export function TokenManagerDialog({
+  open,
+  onClose,
+  tokens,
+  activeTokenId,
+  onSetActive,
+  onAdd,
+  onRemove,
+  onUpdate,
+}: TokenManagerDialogProps) {
+  const [newToken, setNewToken] = useState("");
+  const [newLabel, setNewLabel] = useState("");
+  const [addError, setAddError] = useState("");
+  const [editingId, setEditingId] = useState<string | null>(null);
+  const [editLabel, setEditLabel] = useState("");
+  const [visibleTokenId, setVisibleTokenId] = useState<string | null>(null);
+  const [copiedId, setCopiedId] = useState<string | null>(null);
+
+  const handleCopy = (id: string, token: string) => {
+    navigator.clipboard.writeText(token).then(() => {
+      setCopiedId(id);
+      setTimeout(() => setCopiedId(null), 1500);
+    });
+  };
+
+  const handleAdd = () => {
+    const error = onAdd(newToken, newLabel);
+    if (error) {
+      setAddError(error);
+      return;
+    }
+    setNewToken("");
+    setNewLabel("");
+    setAddError("");
+  };
+
+  const handleStartEdit = (entry: TokenEntry) => {
+    setEditingId(entry.id);
+    setEditLabel(entry.label);
+  };
+
+  const handleSaveEdit = (id: string) => {
+    onUpdate(id, editLabel.trim() || "Unnamed");
+    setEditingId(null);
+  };
+
+  const handleSwitch = (id: string) => {
+    onSetActive(id);
+    onClose();
+  };
+
+  return (
+    <Dialog open={open} onOpenChange={(o) => { if (!o) onClose(); }}>
+      <DialogContent className="max-w-md rounded-2xl border-border bg-surface-1 p-6 shadow-2xl">
+        <DialogHeader>
+          <DialogTitle className="font-display text-lg font-semibold text-text-primary">
+            Token Manager
+          </DialogTitle>
+          <DialogDescription className="text-sm text-text-muted">
+            Manage API tokens for RCS authentication.
+          </DialogDescription>
+        </DialogHeader>
+
+        {/* Token list */}
+        <div className="space-y-1 max-h-64 overflow-y-auto">
+          {tokens.map((entry) => (
+            <div key={entry.id} className="group flex items-center gap-1">
+              {editingId === entry.id ? (
+                <div className="flex flex-1 items-center gap-2 rounded-lg bg-surface-2 px-3 py-1.5">
+                  <input
+                    value={editLabel}
+                    onChange={(e) => setEditLabel(e.target.value)}
+                    onKeyDown={(e) => {
+                      if (e.key === "Enter") handleSaveEdit(entry.id);
+                      if (e.key === "Escape") setEditingId(null);
+                    }}
+                    className="flex-1 rounded border border-border bg-surface-1 px-2 py-1 text-sm text-text-primary focus:border-brand focus:outline-none"
+                    autoFocus
+                  />
+                  <button
+                    onClick={() => handleSaveEdit(entry.id)}
+                    className="text-brand hover:text-brand-light transition-colors"
+                  >
+                    <Check className="h-4 w-4" />
+                  </button>
+                  <button
+                    onClick={() => setEditingId(null)}
+                    className="text-text-muted hover:text-text-primary transition-colors"
+                  >
+                    <X className="h-4 w-4" />
+                  </button>
+                </div>
+              ) : (
+                <>
+                  <button
+                    onClick={() => handleSwitch(entry.id)}
+                    className={`flex flex-1 items-center justify-between rounded-lg px-3 py-2 text-sm transition-colors ${
+                      activeTokenId === entry.id
+                        ? "bg-brand/10 text-brand"
+                        : "text-text-secondary hover:bg-surface-2"
+                    }`}
+                  >
+                    <div className="flex flex-col items-start min-w-0">
+                      <span className="font-medium truncate w-full">{entry.label}</span>
+                      <span className="text-xs text-text-muted font-mono">
+                        {visibleTokenId === entry.id
+                          ? entry.token
+                          : `${entry.token.slice(0, 6)}${"\u2022".repeat(6)}`}
+                      </span>
+                    </div>
+                    {activeTokenId === entry.id && <Check className="h-4 w-4 flex-shrink-0" />}
+                  </button>
+                  <button
+                    onClick={() => setVisibleTokenId(visibleTokenId === entry.id ? null : entry.id)}
+                    className="rounded p-1 text-text-muted opacity-0 group-hover:opacity-100 hover:text-text-primary transition-all"
+                    title="Toggle token visibility"
+                  >
+                    {visibleTokenId === entry.id ? <EyeOff className="h-3.5 w-3.5" /> : <Eye className="h-3.5 w-3.5" />}
+                  </button>
+                  <button
+                    onClick={() => handleCopy(entry.id, entry.token)}
+                    className="rounded p-1 text-text-muted opacity-0 group-hover:opacity-100 hover:text-text-primary transition-all"
+                    title="Copy token"
+                  >
+                    {copiedId === entry.id ? <Check className="h-3.5 w-3.5 text-status-active" /> : <Copy className="h-3.5 w-3.5" />}
+                  </button>
+                  <button
+                    onClick={() => handleStartEdit(entry)}
+                    className="rounded p-1 text-text-muted opacity-0 group-hover:opacity-100 hover:text-text-primary transition-all"
+                    title="Edit label"
+                  >
+                    <Pencil className="h-3.5 w-3.5" />
+                  </button>
+                  <button
+                    onClick={() => onRemove(entry.id)}
+                    className="rounded p-1 text-text-muted opacity-0 group-hover:opacity-100 hover:text-status-error transition-all"
+                    title="Delete token"
+                  >
+                    <Trash2 className="h-3.5 w-3.5" />
+                  </button>
+                </>
+              )}
+            </div>
+          ))}
+
+          {tokens.length === 0 && (
+            <div className="py-4 text-center text-sm text-text-muted">
+              No tokens saved yet. Add one below.
+            </div>
+          )}
+        </div>
+
+        {/* Add form */}
+        <div className="border-t border-border pt-4 space-y-3">
+          <div className="text-sm font-medium text-text-secondary">Add Token</div>
+          <div className="space-y-2">
+            <input
+              type="text"
+              value={newToken}
+              onChange={(e) => {
+                setNewToken(e.target.value);
+                setAddError("");
+              }}
+              placeholder="API Token"
+              className="w-full rounded-lg border border-border bg-surface-2 px-3 py-2 text-sm text-text-primary placeholder:text-text-muted focus:border-brand focus:outline-none font-mono"
+              onKeyDown={(e) => {
+                if (e.key === "Enter") handleAdd();
+              }}
+            />
+            <div className="flex gap-2">
+              <input
+                type="text"
+                value={newLabel}
+                onChange={(e) => setNewLabel(e.target.value)}
+                placeholder="Label (optional)"
+                className="flex-1 rounded-lg border border-border bg-surface-2 px-3 py-2 text-sm text-text-primary placeholder:text-text-muted focus:border-brand focus:outline-none"
+                onKeyDown={(e) => {
+                  if (e.key === "Enter") handleAdd();
+                }}
+              />
+              <button
+                onClick={handleAdd}
+                disabled={!newToken.trim()}
+                className="rounded-lg bg-brand px-3 py-2 text-white hover:bg-brand-light disabled:opacity-50 transition-colors"
+              >
+                <Plus className="h-4 w-4" />
+              </button>
+            </div>
+          </div>
+          {addError && <div className="text-xs text-status-error">{addError}</div>}
+        </div>
+      </DialogContent>
+    </Dialog>
+  );
+}
--- a/packages/remote-control-server/web/src/hooks/useTokens.ts
+++ b/packages/remote-control-server/web/src/hooks/useTokens.ts
@@ -0,0 +1,120 @@
+import { useState, useCallback } from "react";
+
+export interface TokenEntry {
+  id: string;
+  token: string;
+  label: string;
+}
+
+const TOKENS_KEY = "rcs_tokens";
+const ACTIVE_TOKEN_KEY = "rcs_uuid";
+const DEFAULT_ID = "__default__";
+
+function generateId(): string {
+  return `tk_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`;
+}
+
+/** Ensure the existing rcs_uuid is present as the default token entry */
+function ensureDefault(tokens: TokenEntry[]): TokenEntry[] {
+  if (tokens.some((t) => t.id === DEFAULT_ID)) return tokens;
+  let uuid: string | null = null;
+  try {
+    uuid = localStorage.getItem("rcs_uuid");
+  } catch {
+    // ignore
+  }
+  if (!uuid) return tokens;
+  return [{ id: DEFAULT_ID, token: uuid, label: "Default" }, ...tokens];
+}
+
+function loadTokens(): TokenEntry[] {
+  let tokens: TokenEntry[] = [];
+  try {
+    const raw = localStorage.getItem(TOKENS_KEY);
+    if (raw) {
+      const parsed = JSON.parse(raw);
+      if (Array.isArray(parsed)) tokens = parsed;
+    }
+  } catch {
+    // ignore
+  }
+  return ensureDefault(tokens);
+}
+
+function loadActiveTokenId(tokens: TokenEntry[]): string {
+  // Try saved active token
+  try {
+    const saved = localStorage.getItem(ACTIVE_TOKEN_KEY);
+    if (saved && tokens.some((t) => t.id === saved)) return saved;
+  } catch {
+    // ignore
+  }
+  // Fall back to default (rcs_uuid) entry
+  const defaultEntry = tokens.find((t) => t.id === DEFAULT_ID);
+  if (defaultEntry) return defaultEntry.id;
+  // Fall back to first entry
+  return tokens[0]?.id ?? DEFAULT_ID;
+}
+
+export function useTokens() {
+  const [tokens, setTokens] = useState<TokenEntry[]>(loadTokens);
+  const [activeTokenId, setActiveTokenIdState] = useState<string>(() => loadActiveTokenId(loadTokens()));
+
+  const persistTokens = useCallback((next: TokenEntry[]) => {
+    setTokens(next);
+    try {
+      localStorage.setItem(TOKENS_KEY, JSON.stringify(next));
+    } catch {
+      // ignore
+    }
+  }, []);
+
+  const setActiveTokenId = useCallback((id: string) => {
+    setActiveTokenIdState(id);
+    try {
+      localStorage.setItem(ACTIVE_TOKEN_KEY, id);
+	  location.reload(); // Reload to ensure api client picks up new token from localStorage
+    } catch {
+      // ignore
+    }
+  }, []);
+
+  const addToken = useCallback((token: string, label: string): string | null => {
+    const trimmed = token.trim();
+    if (!trimmed) return "Token is required";
+    const entry: TokenEntry = { id: generateId(), token: trimmed, label: label.trim() || trimmed.slice(0, 8) };
+    const next = [...tokens, entry];
+    persistTokens(next);
+    return null;
+  }, [tokens, persistTokens]);
+
+  const removeToken = useCallback((id: string) => {
+    if (id === DEFAULT_ID) return; // Cannot remove default
+    const next = tokens.filter((t) => t.id !== id);
+    persistTokens(next);
+    if (activeTokenId === id) {
+      setActiveTokenId(DEFAULT_ID);
+    }
+  }, [tokens, persistTokens, activeTokenId, setActiveTokenId]);
+
+  const updateToken = useCallback((id: string, label: string) => {
+    const next = tokens.map((t) => t.id === id ? { ...t, label } : t);
+    persistTokens(next);
+  }, [tokens, persistTokens]);
+
+  const activeToken = tokens.find((t) => t.id === activeTokenId) ?? tokens[0] ?? null;
+  const activeLabel = activeToken?.label ?? "Default";
+  const activeTokenValue = activeToken?.token ?? null;
+
+  return {
+    tokens,
+    activeTokenId,
+    activeToken,
+    activeLabel,
+    activeTokenValue,
+    setActiveTokenId,
+    addToken,
+    removeToken,
+    updateToken,
+  };
+}
--- a/packages/remote-control-server/web/src/types/index.ts
+++ b/packages/remote-control-server/web/src/types/index.ts
@@ -5,6 +5,7 @@ export interface Environment {
  status: string;
  branch?: string;
  worker_type?: string;
+  channel_group_id?: string | null;
  capabilities?: Record<string, unknown> | null;
 }

--- a/packages/weixin/src/cli.ts
+++ b/packages/weixin/src/cli.ts
@@ -1,6 +1,8 @@
 import { clearAccount, DEFAULT_BASE_URL, loadAccount, saveAccount } from './accounts.js'
 import { startLogin, waitForLogin } from './login.js'
 import { confirmPairing } from './pairing.js'
+import { runWeixinMcpServer } from './server.js'
+import type { WeixinServerDeps } from './server.js'

 function printUsage(): void {
  process.stdout.write(
@@ -92,18 +94,18 @@ function runAccess(args: string[]): void {

 export async function handleWeixinCli(
  args: string[],
-  serveHandler?: () => Promise<void>,
+  serverDeps?: WeixinServerDeps,
+  version?: string,
 ): Promise<void> {
  const [subcommand, ...rest] = args

  switch (subcommand) {
    case 'serve':
-      if (serveHandler) {
-        await serveHandler()
-      } else {
+      if (!serverDeps) {
        process.stderr.write('[weixin] serve handler not available in this context.\n')
        process.exit(1)
      }
+      await runWeixinMcpServer(version ?? '0.0.0', serverDeps)
      return
    case 'login':
      await runLogin(rest[0] === 'clear')
--- a/packages/weixin/src/index.ts
+++ b/packages/weixin/src/index.ts
@@ -96,16 +96,20 @@ export type {

 // Permission state
 export {
-  ChannelPermissionRequestParams,
  setActivePermissionChat,
  getActivePermissionChat,
  savePendingPermission,
  consumePendingPermission,
 } from './permissions.js'
 export type {
+  ChannelPermissionRequestParams,
  PendingPermissionRequest,
  ActivePermissionChat,
 } from './permissions.js'

+// Server (MCP)
+export { createWeixinMcpServer, runWeixinMcpServer } from './server.js'
+export type { WeixinServerDeps } from './server.js'
+
 // CLI
 export { handleWeixinCli } from './cli.js'
--- a/packages/weixin/src/send.ts
+++ b/packages/weixin/src/send.ts
@@ -4,9 +4,45 @@ import { sendMessage } from './api.js'
 import { guessMediaType, uploadFile } from './media.js'
 import { MessageItemType, MessageState, MessageType } from './types.js'

+function stripCodeBlocks(text: string): string {
+  // Non-regex approach to avoid ReDoS on inputs with many ``` sequences.
+  let result = ''
+  let i = 0
+  while (i < text.length) {
+    if (text.startsWith('```', i)) {
+      // Skip the opening fence (including optional language tag on same line)
+      let j = i + 3
+      // skip to end of first line (the fence line itself)
+      while (j < text.length && text[j] !== '\n') j++
+      if (j < text.length) j++ // skip the \n
+      // Collect content until closing ```
+      const contentStart = j
+      while (j < text.length) {
+        if (text.startsWith('```', j)) {
+          result += text.slice(contentStart, j)
+          // skip closing fence and its trailing newline
+          j += 3
+          while (j < text.length && text[j] !== '\n') j++
+          if (j < text.length) j++ // skip \n
+          break
+        }
+        j++
+      }
+      // If no closing fence found, include rest as-is
+      if (j >= text.length && !text.startsWith('```', j - 3)) {
+        result += text.slice(i)
+      }
+      i = j
+    } else {
+      result += text[i]
+      i++
+    }
+  }
+  return result
+}
+
 export function markdownToPlainText(text: string): string {
-  return text
-    .replace(/```[\s\S]*?\n([\s\S]*?)```/g, '$1')
+  return stripCodeBlocks(text)
    .replace(/`([^`]+)`/g, '$1')
    .replace(/\*\*\*(.+?)\*\*\*/g, '$1')
    .replace(/\*\*(.+?)\*\*/g, '$1')
--- a/packages/weixin/src/server.ts
+++ b/packages/weixin/src/server.ts
@@ -5,15 +5,6 @@ import {
  CallToolRequestSchema,
  ListToolsRequestSchema,
 } from '@modelcontextprotocol/sdk/types.js'
-import {
-  ChannelPermissionRequestNotificationSchema,
-  type ChannelPermissionRequestParams,
-} from '../mcp/channelNotification.js'
-import { initializeAnalyticsSink } from '../analytics/sink.js'
-import { shutdownDatadog } from '../analytics/datadog.js'
-import { shutdown1PEventLogging } from '../analytics/firstPartyEventLogger.js'
-import { enableConfigs } from '../../utils/config.js'
-import { logForDebugging } from '../../utils/debug.js'
 import {
  CDN_BASE_URL,
  DEFAULT_BASE_URL,
@@ -27,8 +18,21 @@ import {
  sendMediaFile,
  sendText,
  TypingStatus,
-} from '@claude-code-best/weixin'
-import type { ParsedMessage } from '@claude-code-best/weixin'
+} from './index.js'
+import type { ParsedMessage } from './monitor.js'
+import type { ChannelPermissionRequestParams } from './permissions.js'
+
+export interface WeixinServerDeps {
+  enableConfigs(): void
+  initializeAnalyticsSink(): void
+  shutdownDatadog(): Promise<void>
+  shutdown1PEventLogging(): Promise<void>
+  logForDebugging(message: string): void
+  registerPermissionHandler(
+    server: Server,
+    handler: (request: ChannelPermissionRequestParams) => Promise<void>,
+  ): void
+}

 function formatPermissionRequestMessage(
  request: ChannelPermissionRequestParams,
@@ -45,9 +49,9 @@ function formatPermissionRequestMessage(
  ].join('\n')
 }

-export function createWeixinMcpServer(): Server {
+export function createWeixinMcpServer(version: string): Server {
  const server = new Server(
-    { name: 'weixin', version: MACRO.VERSION },
+    { name: 'weixin', version },
    {
      capabilities: {
        experimental: {
@@ -224,61 +228,60 @@ export function createWeixinMcpServer(): Server {
  return server
 }

-export async function runWeixinMcpServer(): Promise<void> {
-  enableConfigs()
-  initializeAnalyticsSink()
+export async function runWeixinMcpServer(
+  version: string,
+  deps: WeixinServerDeps,
+): Promise<void> {
+  deps.enableConfigs()
+  deps.initializeAnalyticsSink()

  const account = loadAccount()
  if (!account) {
    process.stderr.write(
      '[weixin] No account configured. Run `ccb weixin login` to connect your WeChat account.\n',
    )
-    await Promise.all([shutdown1PEventLogging(), shutdownDatadog()])
+    await Promise.all([deps.shutdown1PEventLogging(), deps.shutdownDatadog()])
    process.exit(1)
  }

-  const server = createWeixinMcpServer()
+  const server = createWeixinMcpServer(version)
  const transport = new StdioServerTransport()

-  server.setNotificationHandler(
-    ChannelPermissionRequestNotificationSchema(),
-    async notification => {
-      const request = notification.params
-      const targetChatId = request.channel_context?.chat_id
-      const targetChat = targetChatId
-        ? {
-            chatId: targetChatId,
-            contextToken: getContextToken(targetChatId),
-          }
-        : getActivePermissionChat()
+  deps.registerPermissionHandler(server, async request => {
+    const targetChatId = request.channel_context?.chat_id
+    const targetChat = targetChatId
+      ? {
+          chatId: targetChatId,
+          contextToken: getContextToken(targetChatId),
+        }
+      : getActivePermissionChat()

-      if (!targetChat) {
-        logForDebugging(
-          `[Weixin MCP] No active chat available for permission request ${request.request_id}`,
-        )
-        return
-      }
+    if (!targetChat) {
+      deps.logForDebugging(
+        `[Weixin MCP] No active chat available for permission request ${request.request_id}`,
+      )
+      return
+    }

-      try {
-        savePendingPermission(
-          request,
-          targetChat.chatId,
-          targetChat.contextToken,
-        )
-        await sendText({
-          to: targetChat.chatId,
-          text: formatPermissionRequestMessage(request),
-          baseUrl,
-          token: account.token,
-          contextToken: targetChat.contextToken || '',
-        })
-      } catch (error) {
-        process.stderr.write(
-          `[weixin] Failed to relay permission request ${request.request_id}: ${error}\n`,
-        )
-      }
-    },
-  )
+    try {
+      savePendingPermission(
+        request,
+        targetChat.chatId,
+        targetChat.contextToken,
+      )
+      await sendText({
+        to: targetChat.chatId,
+        text: formatPermissionRequestMessage(request),
+        baseUrl,
+        token: account.token,
+        contextToken: targetChat.contextToken || '',
+      })
+    } catch (error) {
+      process.stderr.write(
+        `[weixin] Failed to relay permission request ${request.request_id}: ${error}\n`,
+      )
+    }
+  })

  await server.connect(transport)

@@ -292,7 +295,7 @@ export async function runWeixinMcpServer(): Promise<void> {
    if (!controller.signal.aborted) {
      controller.abort()
    }
-    await Promise.all([shutdown1PEventLogging(), shutdownDatadog()])
+    await Promise.all([deps.shutdown1PEventLogging(), deps.shutdownDatadog()])
    process.exit(0)
  }

@@ -313,7 +316,7 @@ export async function runWeixinMcpServer(): Promise<void> {
    }
  }, 5000)

-  logForDebugging('[Weixin MCP] Starting poll loop')
+  deps.logForDebugging('[Weixin MCP] Starting poll loop')
  await startPollLoop({
    baseUrl,
    cdnBaseUrl: CDN_BASE_URL,
--- a/src/entrypoints/cli.tsx
+++ b/src/entrypoints/cli.tsx
@@ -143,8 +143,25 @@ async function main(): Promise<void> {
  if (args[0] === 'weixin') {
    profileCheckpoint('cli_weixin_path')
    const { handleWeixinCli } = await import('@claude-code-best/weixin')
-    const { runWeixinMcpServer } = await import('../services/weixin/cli-serve.js')
-    await handleWeixinCli(args.slice(1), runWeixinMcpServer)
+    const { enableConfigs } = await import('../utils/config.js')
+    const { initializeAnalyticsSink } = await import('../services/analytics/sink.js')
+    const { shutdownDatadog } = await import('../services/analytics/datadog.js')
+    const { shutdown1PEventLogging } = await import('../services/analytics/firstPartyEventLogger.js')
+    const { logForDebugging } = await import('../utils/debug.js')
+    const { ChannelPermissionRequestNotificationSchema } = await import('../services/mcp/channelNotification.js')
+    await handleWeixinCli(args.slice(1), {
+      enableConfigs,
+      initializeAnalyticsSink,
+      shutdownDatadog,
+      shutdown1PEventLogging,
+      logForDebugging,
+      registerPermissionHandler(server, handler) {
+        server.setNotificationHandler(
+          ChannelPermissionRequestNotificationSchema(),
+          async notification => handler(notification.params),
+        )
+      },
+    }, MACRO.VERSION)
    return
  }

--- a/src/services/weixin/cli-serve.ts
+++ b/src/services/weixin/cli-serve.ts
@@ -1 +0,0 @@
-export { runWeixinMcpServer } from './server.js'
Author	SHA1	Message	Date
claude-code-best	494eab7204	feat: 接入内建 weixin channel(同 #301 重构版本) (#303 ) * feat: 接入 weixin 服务层与命令入口 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * feat: 注册内建 weixin channel 插件 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 修正 channel permission relay 路由与能力判定 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 修复 builtin channel 的 ChannelsNotice 误报 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * docs: 补充内建 weixin channel 使用说明 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * docs: 更新微信 channel 接入计划状态 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 延迟加载 weixin 登录二维码依赖 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 改用 qrcode 生成 weixin 登录二维码 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 修正 vite 构建的 Windows 路径解析 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * chore: 删除临时规划文档 wx_channel.md 并还原 package.json 排序 wx_channel.md 内容已整合到 docs/features/channels.md，不再需要。 package.json 中 @ant/model-provider 位置从原始位置被无意移动，还原。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: 将 weixin 模块从 src/ 迁移至 packages/weixin 工作区包将 src/services/weixin/ 中的纯业务逻辑迁入 @claude-code-best/weixin workspace 包，降低 src/ 耦合度。仅保留 server.ts 作为薄适配层。 - 迁移 7 个无修改的纯模块 (types/api/accounts/login/pairing/media/send) - monitor.ts 内联 PERMISSION_REPLY_RE 正则，解除对 src/ 的依赖 - permissions.ts 本地定义 ChannelPermissionRequestParams 接口 - cli.ts 拆分：serve 子命令通过回调注入，login/access 保留在包内 - server.ts 重写为从 @claude-code-best/weixin 导入 - 新增 cli-serve.ts 作为 serve 入口薄壳 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: 修正 weixin barrel export 中 interface 的导出方式 ChannelPermissionRequestParams 是纯类型，必须用 export type 导出，否则 Bun 运行时会报 "export not found" 错误。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: 将 server.ts 迁入 packages/weixin，彻底移除 src/services/weixin/ 通过依赖注入（WeixinServerDeps）解耦 src/ 依赖（analytics、config、 MCP channel schema），server.ts 完全移入包内。cli.tsx 入口处一次性注入所有依赖。 src/services/weixin/ 目录已完全删除。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: 修复 markdownToPlainText 中代码块正则的 ReDoS 风险用非正则的线性扫描替代 \`\`\`[\s\S]?\n([\s\S]?)\`\`\` 匹配，避免在含有大量重复 \`\`\` 序列的输入上触发多项式回溯。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: 1111 <11111@asd.c> Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-19 21:33:27 +08:00
claude-code-best	b83c3008d0	docs: 更新 discord 地址	2026-04-19 21:21:04 +08:00
claude-code-best	66d2671c98	feat: acp manager (#304 ) * feat: acp 控制器第一版 * feat: acp-link 命令二合一	2026-04-19 21:18:18 +08:00
claude-code-best	c7bc8c8636	feat: remote control 支持 auto bind 功能 (#300 ) * feat: acp-link 支持 --group 参数指定 channel group - 添加 --group CLI flag，校验格式 [a-zA-Z0-9_-]+ - 支持 ACP_RCS_GROUP 环境变量 fallback - 传递 channelGroupId 到 RcsUpstreamClient - 更新 README 文档说明 --group 和相关环境变量 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: RCS 后端 session 复用与 group 绑定 - storeFindEnvironmentByMachineName 匹配 offline 状态，防止重连创建重复 session - registerEnvironment 复用已有 session 而非每次新建 - EnvironmentResponse 返回 channel_group_id 字段 - 注册时将 session 绑定到 group ID，支持 web UI 按 group 查询 - apiKeyAuth 不再设置 uuid，由 uuidAuth 统一处理 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: Web UI Token Manager — 多 token 切换与 session 隔离 - 新增 useTokens hook 管理 localStorage token CRUD - 新增 TokenManagerDialog 弹窗组件（添加/编辑/删除/切换 token） - api client 支持Bearer token 认证，UUID 跟随 token 变化 - Navbar 添加 token 切换按钮 - 切换 token 时自动 reload，实现 session 数据隔离 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: 修复 useTokens useState 初始化函数签名错误 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-19 13:04:09 +08:00
claude-code-best	673ccd1800	chore: 1.5.0	2026-04-19 12:34:51 +08:00
claude-code-best	d1ab38c089	chore: 移除 pre-commit git hook Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-19 12:31:31 +08:00
				`@@ -1 +0,0 @@`
				`export { runWeixinMcpServer } from './server.js'`