Mark US-008 complete: kimi-k2.5 API compatibility fix

- translate_message now conditionally includes is_error field - kimi models (kimi-k2.5, kimi-k1.5, etc.) exclude is_error - Other models (openai, grok, xai) keep is_error support
Fix formatting in task_packet.rs for CI
2026-06-09 10:47:03 -04:00 · 2026-04-16 10:12:36 +00:00 · 2026-04-16 09:35:18 +00:00 · 2026-04-16 09:31:47 +00:00 · 2026-04-16 09:28:42 +00:00 · 2026-04-16 09:12:31 +00:00
62 changed files with 16575 additions and 1505 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,8 @@ archive/
 # Claude Code local artifacts
 .claude/settings.local.json
 .claude/sessions/
 # Claw Code local artifacts
 .claw/settings.local.json
 .claw/sessions/
 .clawhip/
 status-help.txt
--- a/README.md
+++ b/README.md
@@ -33,6 +33,8 @@ The canonical implementation lives in [`rust/`](./rust), and the current source
 > [!IMPORTANT]
 > Start with [`USAGE.md`](./USAGE.md) for build, auth, CLI, session, and parity-harness workflows. Make `claw doctor` your first health check after building, use [`rust/README.md`](./rust/README.md) for crate-level details, read [`PARITY.md`](./PARITY.md) for the current Rust-port checkpoint, and see [`docs/container.md`](./docs/container.md) for the container-first workflow.
 >
 > **ACP / Zed status:** `claw-code` does not ship an ACP/Zed daemon entrypoint yet. Run `claw acp` (or `claw --acp`) for the current status instead of guessing from source layout; `claw acp serve` is currently a discoverability alias only, and real ACP support remains tracked separately in `ROADMAP.md`.
 ## Current repository shape
@@ -45,22 +47,60 @@ The canonical implementation lives in [`rust/`](./rust), and the current source
 ## Quick start
 > [!NOTE]
 > [!WARNING]
 > **`cargo install claw-code` installs the wrong thing.** The `claw-code` crate on crates.io is a deprecated stub that places `claw-code-deprecated.exe` — not `claw`. Running it only prints `"claw-code has been renamed to agent-code"`. **Do not use `cargo install claw-code`.** Either build from source (this repo) or install the upstream binary:
 > ```bash
 > cargo install agent-code   # upstream binary — installs 'agent.exe' (Windows) / 'agent' (Unix), NOT 'agent-code'
 > ```
 > This repo (`ultraworkers/claw-code`) is **build-from-source only** — follow the steps below.
 ```bash
-cd rust
+# 1. Clone and build
 git clone https://github.com/ultraworkers/claw-code
 cd claw-code/rust
 cargo build --workspace
 ./target/debug/claw --help
 ./target/debug/claw prompt "summarize this repository"
 ```
-Authenticate with either an API key or the built-in OAuth flow:
+# 2. Set your API key (Anthropic API key — not a Claude subscription)
 ```bash
 export ANTHROPIC_API_KEY="sk-ant-..."
-# or
+
-cd rust
+# 3. Verify everything is wired correctly
-./target/debug/claw login
+./target/debug/claw doctor
 # 4. Run a prompt
 ./target/debug/claw prompt "say hello"
 ```
 > [!NOTE]
 > **Windows (PowerShell):** the binary is `claw.exe`, not `claw`. Use `.\target\debug\claw.exe` or run `cargo run -- prompt "say hello"` to skip the path lookup.
 ### Windows setup
 **PowerShell is a supported Windows path.** Use whichever shell works for you. The common onboarding issues on Windows are:
 1. **Install Rust first** — download from <https://rustup.rs/> and run the installer. Close and reopen your terminal when it finishes.
 2. **Verify Rust is on PATH:**
   ```powershell
   cargo --version
   ```
   If this fails, reopen your terminal or run the PATH setup from the Rust installer output, then retry.
 3. **Clone and build** (works in PowerShell, Git Bash, or WSL):
   ```powershell
   git clone https://github.com/ultraworkers/claw-code
   cd claw-code/rust
   cargo build --workspace
   ```
 4. **Run** (PowerShell — note `.exe` and backslash):
   ```powershell
   $env:ANTHROPIC_API_KEY = "sk-ant-..."
   .\target\debug\claw.exe prompt "say hello"
   ```
 **Git Bash / WSL** are optional alternatives, not requirements. If you prefer bash-style paths (`/c/Users/you/...` instead of `C:\Users\you\...`), Git Bash (ships with Git for Windows) works well. In Git Bash, the `MINGW64` prompt is expected and normal — not a broken install.
 > [!NOTE]
 > **Auth:** claw requires an **API key** (`ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, etc.) — Claude subscription login is not a supported auth path.
 Run the workspace test suite:
 ```bash
--- a/ROADMAP.md
+++ b/ROADMAP.md
--- a/USAGE.md
+++ b/USAGE.md
@@ -21,7 +21,7 @@ cargo build --workspace
 - Rust toolchain with `cargo`
 - One of:
  - `ANTHROPIC_API_KEY` for direct API access
-  - `claw login` for OAuth-based auth
+  - `ANTHROPIC_AUTH_TOKEN` for bearer-token auth
 - Optional: `ANTHROPIC_BASE_URL` when targeting a proxy or local service
 ## Install / build the workspace
@@ -105,13 +105,26 @@ export ANTHROPIC_API_KEY="sk-ant-..."
 ```bash
 cd rust
-./target/debug/claw login
+export ANTHROPIC_AUTH_TOKEN="anthropic-oauth-or-proxy-bearer-token"
 ./target/debug/claw logout
 ```
 ### Which env var goes where
 `claw` accepts two Anthropic credential env vars and they are **not interchangeable** — the HTTP header Anthropic expects differs per credential shape. Putting the wrong value in the wrong slot is the most common 401 we see.
 | Credential shape | Env var | HTTP header | Typical source |
 |---|---|---|---|
 | `sk-ant-*` API key | `ANTHROPIC_API_KEY` | `x-api-key: sk-ant-...` | [console.anthropic.com](https://console.anthropic.com) |
 | OAuth access token (opaque) | `ANTHROPIC_AUTH_TOKEN` | `Authorization: Bearer ...` | an Anthropic-compatible proxy or OAuth flow that mints bearer tokens |
 | OpenRouter key (`sk-or-v1-*`) | `OPENAI_API_KEY` + `OPENAI_BASE_URL=https://openrouter.ai/api/v1` | `Authorization: Bearer ...` | [openrouter.ai/keys](https://openrouter.ai/keys) |
 **Why this matters:** if you paste an `sk-ant-*` key into `ANTHROPIC_AUTH_TOKEN`, Anthropic's API will return `401 Invalid bearer token` because `sk-ant-*` keys are rejected over the Bearer header. The fix is a one-line env var swap — move the key to `ANTHROPIC_API_KEY`. Recent `claw` builds detect this exact shape (401 + `sk-ant-*` in the Bearer slot) and append a hint to the error message pointing at the fix.
 **If you meant a different provider:** if `claw` reports missing Anthropic credentials but you already have `OPENAI_API_KEY`, `XAI_API_KEY`, or `DASHSCOPE_API_KEY` exported, you most likely forgot to prefix the model name with the provider's routing prefix. Use `--model openai/gpt-4.1-mini` (OpenAI-compat / OpenRouter / Ollama), `--model grok` (xAI), or `--model qwen-plus` (DashScope) and the prefix router will select the right backend regardless of the ambient credentials. The error message now includes a hint that names the detected env var.
 ## Local Models
-`claw` can talk to local servers and provider gateways through either Anthropic-compatible or OpenAI-compatible endpoints. Use `ANTHROPIC_BASE_URL` with `ANTHROPIC_AUTH_TOKEN` for Anthropic-compatible services, or `OPENAI_BASE_URL` with `OPENAI_API_KEY` for OpenAI-compatible services. OAuth is Anthropic-only, so when `OPENAI_BASE_URL` is set you should use API-key style auth instead of `claw login`.
+`claw` can talk to local servers and provider gateways through either Anthropic-compatible or OpenAI-compatible endpoints. Use `ANTHROPIC_BASE_URL` with `ANTHROPIC_AUTH_TOKEN` for Anthropic-compatible services, or `OPENAI_BASE_URL` with `OPENAI_API_KEY` for OpenAI-compatible services.
 ### Anthropic-compatible endpoint
@@ -153,6 +166,133 @@ cd rust
 ./target/debug/claw --model "openai/gpt-4.1-mini" prompt "summarize this repository in one sentence"
 ```
 ### Alibaba DashScope (Qwen)
 For Qwen models via Alibaba's native DashScope API (higher rate limits than OpenRouter):
 ```bash
 export DASHSCOPE_API_KEY="sk-..."
 cd rust
 ./target/debug/claw --model "qwen/qwen-max" prompt "hello"
 # or bare:
 ./target/debug/claw --model "qwen-plus" prompt "hello"
 ```
 Model names starting with `qwen/` or `qwen-` are automatically routed to the DashScope compatible-mode endpoint (`https://dashscope.aliyuncs.com/compatible-mode/v1`). You do **not** need to set `OPENAI_BASE_URL` or unset `ANTHROPIC_API_KEY` — the model prefix wins over the ambient credential sniffer.
 Reasoning variants (`qwen-qwq-*`, `qwq-*`, `*-thinking`) automatically strip `temperature`/`top_p`/`frequency_penalty`/`presence_penalty` before the request hits the wire (these params are rejected by reasoning models).
 ## Supported Providers & Models
 `claw` has three built-in provider backends. The provider is selected automatically based on the model name, falling back to whichever credential is present in the environment.
 ### Provider matrix
 | Provider | Protocol | Auth env var(s) | Base URL env var | Default base URL |
 |---|---|---|---|---|
 | **Anthropic** (direct) | Anthropic Messages API | `ANTHROPIC_API_KEY` or `ANTHROPIC_AUTH_TOKEN` | `ANTHROPIC_BASE_URL` | `https://api.anthropic.com` |
 | **xAI** | OpenAI-compatible | `XAI_API_KEY` | `XAI_BASE_URL` | `https://api.x.ai/v1` |
 | **OpenAI-compatible** | OpenAI Chat Completions | `OPENAI_API_KEY` | `OPENAI_BASE_URL` | `https://api.openai.com/v1` |
 | **DashScope** (Alibaba) | OpenAI-compatible | `DASHSCOPE_API_KEY` | `DASHSCOPE_BASE_URL` | `https://dashscope.aliyuncs.com/compatible-mode/v1` |
 The OpenAI-compatible backend also serves as the gateway for **OpenRouter**, **Ollama**, and any other service that speaks the OpenAI `/v1/chat/completions` wire format — just point `OPENAI_BASE_URL` at the service.
 **Model-name prefix routing:** If a model name starts with `openai/`, `gpt-`, `qwen/`, or `qwen-`, the provider is selected by the prefix regardless of which env vars are set. This prevents accidental misrouting to Anthropic when multiple credentials exist in the environment.
 ### Tested models and aliases
 These are the models registered in the built-in alias table with known token limits:
 | Alias | Resolved model name | Provider | Max output tokens | Context window |
 |---|---|---|---|---|
 | `opus` | `claude-opus-4-6` | Anthropic | 32 000 | 200 000 |
 | `sonnet` | `claude-sonnet-4-6` | Anthropic | 64 000 | 200 000 |
 | `haiku` | `claude-haiku-4-5-20251213` | Anthropic | 64 000 | 200 000 |
 | `grok` / `grok-3` | `grok-3` | xAI | 64 000 | 131 072 |
 | `grok-mini` / `grok-3-mini` | `grok-3-mini` | xAI | 64 000 | 131 072 |
 | `grok-2` | `grok-2` | xAI | — | — |
 Any model name that does not match an alias is passed through verbatim. This is how you use OpenRouter model slugs (`openai/gpt-4.1-mini`), Ollama tags (`llama3.2`), or full Anthropic model IDs (`claude-sonnet-4-20250514`).
 ### User-defined aliases
 You can add custom aliases in any settings file (`~/.claw/settings.json`, `.claw/settings.json`, or `.claw/settings.local.json`):
 ```json
 {
  "aliases": {
    "fast": "claude-haiku-4-5-20251213",
    "smart": "claude-opus-4-6",
    "cheap": "grok-3-mini"
  }
 }
 ```
 Local project settings override user-level settings. Aliases resolve through the built-in table, so `"fast": "haiku"` also works.
 ### How provider detection works
 1. If the resolved model name starts with `claude` → Anthropic.
 2. If it starts with `grok` → xAI.
 3. Otherwise, `claw` checks which credential is set: `ANTHROPIC_API_KEY`/`ANTHROPIC_AUTH_TOKEN` first, then `OPENAI_API_KEY`, then `XAI_API_KEY`.
 4. If nothing matches, it defaults to Anthropic.
 ## FAQ
 ### What about Codex?
 The name "codex" appears in the Claw Code ecosystem but it does **not** refer to OpenAI Codex (the code-generation model). Here is what it means in this project:
 - **`oh-my-codex` (OmX)** is the workflow and plugin layer that sits on top of `claw`. It provides planning modes, parallel multi-agent execution, notification routing, and other automation features. See [PHILOSOPHY.md](./PHILOSOPHY.md) and the [oh-my-codex repo](https://github.com/Yeachan-Heo/oh-my-codex).
 - **`.codex/` directories** (e.g. `.codex/skills`, `.codex/agents`, `.codex/commands`) are legacy lookup paths that `claw` still scans alongside the primary `.claw/` directories.
 - **`CODEX_HOME`** is an optional environment variable that points to a custom root for user-level skill and command lookups.
 `claw` does **not** support OpenAI Codex sessions, the Codex CLI, or Codex session import/export. If you need to use OpenAI models (like GPT-4.1), configure the OpenAI-compatible provider as shown above in the [OpenAI-compatible endpoint](#openai-compatible-endpoint) and [OpenRouter](#openrouter) sections.
 ## HTTP proxy support
 `claw` honours the standard `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables (both upper- and lower-case spellings are accepted) when issuing outbound requests to Anthropic, OpenAI-, and xAI-compatible endpoints. Set them before launching the CLI and the underlying `reqwest` client will be configured automatically.
 ### Environment variables
 ```bash
 export HTTPS_PROXY="http://proxy.corp.example:3128"
 export HTTP_PROXY="http://proxy.corp.example:3128"
 export NO_PROXY="localhost,127.0.0.1,.corp.example"
 cd rust
 ./target/debug/claw prompt "hello via the corporate proxy"
 ```
 ### Programmatic `proxy_url` config option
 As an alternative to per-scheme environment variables, the `ProxyConfig` type exposes a `proxy_url` field that acts as a single catch-all proxy for both HTTP and HTTPS traffic. When `proxy_url` is set it takes precedence over the separate `http_proxy` and `https_proxy` fields.
 ```rust
 use api::{build_http_client_with, ProxyConfig};
 // From a single unified URL (config file, CLI flag, etc.)
 let config = ProxyConfig::from_proxy_url("http://proxy.corp.example:3128");
 let client = build_http_client_with(&config).expect("proxy client");
 // Or set the field directly alongside NO_PROXY
 let config = ProxyConfig {
    proxy_url: Some("http://proxy.corp.example:3128".to_string()),
    no_proxy: Some("localhost,127.0.0.1".to_string()),
    ..ProxyConfig::default()
 };
 let client = build_http_client_with(&config).expect("proxy client");
 ```
 ### Notes
 - When both `HTTPS_PROXY` and `HTTP_PROXY` are set, the secure proxy applies to `https://` URLs and the plain proxy applies to `http://` URLs.
 - `proxy_url` is a unified alternative: when set, it applies to both `http://` and `https://` destinations, overriding the per-scheme fields.
 - `NO_PROXY` accepts a comma-separated list of host suffixes (for example `.corp.example`) and IP literals.
 - Empty values are treated as unset, so leaving `HTTPS_PROXY=""` in your shell will not enable a proxy.
 - If a proxy URL cannot be parsed, `claw` falls back to a direct (no-proxy) client so existing workflows keep working; double-check the URL if you expected the request to be tunnelled.
 ## Common operational commands
 ```bash
--- a/install.sh
+++ b/install.sh
@@ -0,0 +1,394 @@
 #!/usr/bin/env bash
 # Claw Code installer
 #
 # Detects the host OS, verifies the Rust toolchain (rustc + cargo),
 # builds the `claw` binary from the `rust/` workspace, and runs a
 # post-install verification step. Supports Linux, macOS, and WSL.
 #
 # Usage:
 #   ./install.sh                # debug build (fast, default)
 #   ./install.sh --release      # optimized release build
 #   ./install.sh --no-verify    # skip post-install verification
 #   ./install.sh --help         # print usage
 #
 # Environment overrides:
 #   CLAW_BUILD_PROFILE=debug|release   same as --release toggle
 #   CLAW_SKIP_VERIFY=1                 same as --no-verify
 set -euo pipefail
 # ---------------------------------------------------------------------------
 # Pretty printing
 # ---------------------------------------------------------------------------
 if [ -t 1 ] && command -v tput >/dev/null 2>&1 && [ "$(tput colors 2>/dev/null || echo 0)" -ge 8 ]; then
    COLOR_RESET="$(tput sgr0)"
    COLOR_BOLD="$(tput bold)"
    COLOR_DIM="$(tput dim)"
    COLOR_RED="$(tput setaf 1)"
    COLOR_GREEN="$(tput setaf 2)"
    COLOR_YELLOW="$(tput setaf 3)"
    COLOR_BLUE="$(tput setaf 4)"
    COLOR_CYAN="$(tput setaf 6)"
 else
    COLOR_RESET=""
    COLOR_BOLD=""
    COLOR_DIM=""
    COLOR_RED=""
    COLOR_GREEN=""
    COLOR_YELLOW=""
    COLOR_BLUE=""
    COLOR_CYAN=""
 fi
 CURRENT_STEP=0
 TOTAL_STEPS=6
 step() {
    CURRENT_STEP=$((CURRENT_STEP + 1))
    printf '\n%s[%d/%d]%s %s%s%s\n' \
        "${COLOR_BLUE}" "${CURRENT_STEP}" "${TOTAL_STEPS}" "${COLOR_RESET}" \
        "${COLOR_BOLD}" "$1" "${COLOR_RESET}"
 }
 info()  { printf '%s  ->%s %s\n' "${COLOR_CYAN}" "${COLOR_RESET}" "$1"; }
 ok()    { printf '%s  ok%s %s\n' "${COLOR_GREEN}" "${COLOR_RESET}" "$1"; }
 warn()  { printf '%s  warn%s %s\n' "${COLOR_YELLOW}" "${COLOR_RESET}" "$1"; }
 error() { printf '%s  error%s %s\n' "${COLOR_RED}" "${COLOR_RESET}" "$1" 1>&2; }
 print_banner() {
    printf '%s' "${COLOR_BOLD}"
    cat <<'EOF'
   ____  _                   ____          _
  / ___|| |  __ _ __      __ / ___|___   __| | ___
 | |    | | / _` |\ \ /\ / /| |   / _ \ / _` |/ _ \
 | |___ | || (_| | \ V  V / | |__| (_) | (_| |  __/
  \____||_| \__,_|  \_/\_/   \____\___/ \__,_|\___|
 EOF
    printf '%s\n' "${COLOR_RESET}"
    printf '%sClaw Code installer%s\n' "${COLOR_DIM}" "${COLOR_RESET}"
 }
 print_usage() {
    cat <<'EOF'
 Usage: ./install.sh [options]
 Options:
  --release       Build the optimized release profile (slower, smaller binary).
  --debug         Build the debug profile (default, faster compile).
  --no-verify     Skip the post-install verification step.
  -h, --help      Show this help text and exit.
 Environment overrides:
  CLAW_BUILD_PROFILE   debug | release
  CLAW_SKIP_VERIFY     set to 1 to skip verification
 EOF
 }
 # ---------------------------------------------------------------------------
 # Argument parsing
 # ---------------------------------------------------------------------------
 BUILD_PROFILE="${CLAW_BUILD_PROFILE:-debug}"
 SKIP_VERIFY="${CLAW_SKIP_VERIFY:-0}"
 while [ "$#" -gt 0 ]; do
    case "$1" in
        --release)
            BUILD_PROFILE="release"
            ;;
        --debug)
            BUILD_PROFILE="debug"
            ;;
        --no-verify)
            SKIP_VERIFY="1"
            ;;
        -h|--help)
            print_usage
            exit 0
            ;;
        *)
            error "unknown argument: $1"
            print_usage
            exit 2
            ;;
    esac
    shift
 done
 case "${BUILD_PROFILE}" in
    debug|release) ;;
    *)
        error "invalid build profile: ${BUILD_PROFILE} (expected debug or release)"
        exit 2
        ;;
 esac
 # ---------------------------------------------------------------------------
 # Troubleshooting hints
 # ---------------------------------------------------------------------------
 print_troubleshooting() {
    cat <<EOF
 ${COLOR_BOLD}Troubleshooting${COLOR_RESET}
 ${COLOR_DIM}---------------${COLOR_RESET}
  ${COLOR_BOLD}1. Rust toolchain missing${COLOR_RESET}
     Install Rust via rustup:
       curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
     Then reload your shell or run:
       source "\$HOME/.cargo/env"
  ${COLOR_BOLD}2. Linux: missing system packages${COLOR_RESET}
     The build needs git, pkg-config, and OpenSSL headers.
     Debian/Ubuntu:
       sudo apt-get update && sudo apt-get install -y \\
         git pkg-config libssl-dev ca-certificates build-essential
     Fedora/RHEL:
       sudo dnf install -y git pkgconf-pkg-config openssl-devel gcc
     Arch:
       sudo pacman -S --needed git pkgconf openssl base-devel
  ${COLOR_BOLD}3. macOS: missing Xcode CLT${COLOR_RESET}
     Install the command line tools:
       xcode-select --install
  ${COLOR_BOLD}4. Windows users${COLOR_RESET}
     Run this script from inside a WSL distro (Ubuntu/Debian recommended).
     Native Windows builds are not supported by this installer.
  ${COLOR_BOLD}5. Build fails partway through${COLOR_RESET}
     Try a clean build:
       cd rust && cargo clean && cargo build --workspace
     If the failure mentions ring/openssl, double check step 2.
  ${COLOR_BOLD}6. 'claw' not found after install${COLOR_RESET}
     The binary lives at:
       rust/target/${BUILD_PROFILE}/claw
     Add it to your PATH or invoke it with the full path.
 EOF
 }
 trap 'rc=$?; if [ "$rc" -ne 0 ]; then error "installation failed (exit ${rc})"; print_troubleshooting; fi' EXIT
 # ---------------------------------------------------------------------------
 # Helpers
 # ---------------------------------------------------------------------------
 require_cmd() {
    command -v "$1" >/dev/null 2>&1
 }
 # ---------------------------------------------------------------------------
 # Step 1: detect OS / arch / WSL
 # ---------------------------------------------------------------------------
 print_banner
 step "Detecting host environment"
 UNAME_S="$(uname -s 2>/dev/null || echo unknown)"
 UNAME_M="$(uname -m 2>/dev/null || echo unknown)"
 OS_FAMILY="unknown"
 IS_WSL="0"
 case "${UNAME_S}" in
    Linux*)
        OS_FAMILY="linux"
        if grep -qiE 'microsoft|wsl' /proc/version 2>/dev/null; then
            IS_WSL="1"
        fi
        ;;
    Darwin*)
        OS_FAMILY="macos"
        ;;
    MINGW*|MSYS*|CYGWIN*)
        OS_FAMILY="windows-shell"
        ;;
 esac
 info "uname:        ${UNAME_S} ${UNAME_M}"
 info "os family:    ${OS_FAMILY}"
 if [ "${IS_WSL}" = "1" ]; then
    info "wsl:          yes"
 fi
 case "${OS_FAMILY}" in
    linux|macos)
        ok "supported platform detected"
        ;;
    windows-shell)
        error "Detected a native Windows shell (MSYS/Cygwin/MinGW)."
        error "Please re-run this script from inside a WSL distribution."
        exit 1
        ;;
    *)
        error "Unsupported or unknown OS: ${UNAME_S}"
        error "Supported: Linux, macOS, and Windows via WSL."
        exit 1
        ;;
 esac
 # ---------------------------------------------------------------------------
 # Step 2: locate the Rust workspace
 # ---------------------------------------------------------------------------
 step "Locating the Rust workspace"
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 RUST_DIR="${SCRIPT_DIR}/rust"
 if [ ! -d "${RUST_DIR}" ]; then
    error "Could not find rust/ workspace next to install.sh"
    error "Expected: ${RUST_DIR}"
    exit 1
 fi
 if [ ! -f "${RUST_DIR}/Cargo.toml" ]; then
    error "Missing ${RUST_DIR}/Cargo.toml — repository layout looks unexpected."
    exit 1
 fi
 ok "workspace at ${RUST_DIR}"
 # ---------------------------------------------------------------------------
 # Step 3: prerequisite checks
 # ---------------------------------------------------------------------------
 step "Checking prerequisites"
 MISSING_PREREQS=0
 if require_cmd rustc; then
    RUSTC_VERSION="$(rustc --version 2>/dev/null || echo 'unknown')"
    ok "rustc found: ${RUSTC_VERSION}"
 else
    error "rustc not found in PATH"
    MISSING_PREREQS=1
 fi
 if require_cmd cargo; then
    CARGO_VERSION="$(cargo --version 2>/dev/null || echo 'unknown')"
    ok "cargo found: ${CARGO_VERSION}"
 else
    error "cargo not found in PATH"
    MISSING_PREREQS=1
 fi
 if require_cmd git; then
    ok "git found:  $(git --version 2>/dev/null || echo 'unknown')"
 else
    warn "git not found — some workflows (login, session export) may degrade"
 fi
 if [ "${OS_FAMILY}" = "linux" ]; then
    if require_cmd pkg-config; then
        ok "pkg-config found"
    else
        warn "pkg-config not found — may be required for OpenSSL-linked crates"
    fi
 fi
 if [ "${OS_FAMILY}" = "macos" ]; then
    if ! require_cmd cc && ! xcode-select -p >/dev/null 2>&1; then
        warn "Xcode command line tools not detected — run: xcode-select --install"
    fi
 fi
 if [ "${MISSING_PREREQS}" -ne 0 ]; then
    error "Missing required tools. See troubleshooting below."
    exit 1
 fi
 # ---------------------------------------------------------------------------
 # Step 4: build the workspace
 # ---------------------------------------------------------------------------
 step "Building the claw workspace (${BUILD_PROFILE})"
 CARGO_FLAGS=("build" "--workspace")
 if [ "${BUILD_PROFILE}" = "release" ]; then
    CARGO_FLAGS+=("--release")
 fi
 info "running: cargo ${CARGO_FLAGS[*]}"
 info "this may take a few minutes on the first build"
 (
    cd "${RUST_DIR}"
    CARGO_TERM_COLOR="${CARGO_TERM_COLOR:-always}" cargo "${CARGO_FLAGS[@]}"
 )
 CLAW_BIN="${RUST_DIR}/target/${BUILD_PROFILE}/claw"
 if [ ! -x "${CLAW_BIN}" ]; then
    error "Expected binary not found at ${CLAW_BIN}"
    error "The build reported success but the binary is missing — check cargo output above."
    exit 1
 fi
 ok "built ${CLAW_BIN}"
 # ---------------------------------------------------------------------------
 # Step 5: post-install verification
 # ---------------------------------------------------------------------------
 step "Verifying the installed binary"
 if [ "${SKIP_VERIFY}" = "1" ]; then
    warn "verification skipped (--no-verify or CLAW_SKIP_VERIFY=1)"
 else
    info "running: claw --version"
    if VERSION_OUT="$("${CLAW_BIN}" --version 2>&1)"; then
        ok "claw --version -> ${VERSION_OUT}"
    else
        error "claw --version failed:"
        printf '%s\n' "${VERSION_OUT}" 1>&2
        exit 1
    fi
    info "running: claw --help (smoke test)"
    if "${CLAW_BIN}" --help >/dev/null 2>&1; then
        ok "claw --help responded"
    else
        error "claw --help failed"
        exit 1
    fi
 fi
 # ---------------------------------------------------------------------------
 # Step 6: next steps
 # ---------------------------------------------------------------------------
 step "Next steps"
 cat <<EOF
 ${COLOR_GREEN}Claw Code is built and ready.${COLOR_RESET}
  Binary:  ${COLOR_BOLD}${CLAW_BIN}${COLOR_RESET}
  Profile: ${BUILD_PROFILE}
 Try it out:
  ${COLOR_DIM}# interactive REPL${COLOR_RESET}
  ${CLAW_BIN}
  ${COLOR_DIM}# one-shot prompt${COLOR_RESET}
  ${CLAW_BIN} prompt "summarize this repository"
  ${COLOR_DIM}# health check (run /doctor inside the REPL)${COLOR_RESET}
  ${CLAW_BIN}
  /doctor
 Authentication:
  export ANTHROPIC_API_KEY="sk-ant-..."
  ${COLOR_DIM}# or use OAuth:${COLOR_RESET}
  ${CLAW_BIN} login
 For deeper docs, see USAGE.md and rust/README.md.
 EOF
 # clear the failure trap on clean exit
 trap - EXIT
--- a/prd.json
+++ b/prd.json
@@ -0,0 +1,121 @@
 {
  "version": "1.0",
  "description": "Clawable Coding Harness - Clear roadmap stories and commit each",
  "stories": [
    {
      "id": "US-001",
      "title": "Phase 1.6 - startup-no-evidence evidence bundle + classifier",
      "description": "When startup times out, emit typed worker.startup_no_evidence event with evidence bundle including last known worker lifecycle state, pane command, prompt-send timestamp, prompt-acceptance state, trust-prompt detection result, and transport/MCP health summary. Classifier should down-rank into specific failure classes.",
      "acceptanceCriteria": [
        "worker.startup_no_evidence event emitted on startup timeout with evidence bundle",
        "Evidence bundle includes: last lifecycle state, pane command, prompt-send timestamp, prompt-acceptance state, trust-prompt detection, transport/MCP health",
        "Classifier attempts to categorize into: trust_required, prompt_misdelivery, prompt_acceptance_timeout, transport_dead, worker_crashed, or unknown",
        "Tests verify evidence bundle structure and classifier behavior"
      ],
      "passes": true,
      "priority": "P0"
    },
    {
      "id": "US-002",
      "title": "Phase 2 - Canonical lane event schema (4.x series)",
      "description": "Define typed events for lane lifecycle: lane.started, lane.ready, lane.prompt_misdelivery, lane.blocked, lane.red, lane.green, lane.commit.created, lane.pr.opened, lane.merge.ready, lane.finished, lane.failed, branch.stale_against_main. Also implement event ordering, reconciliation, provenance, deduplication, and projection contracts.",
      "acceptanceCriteria": [
        "LaneEvent enum with all required variants defined",
        "Event ordering with monotonic sequence metadata attached",
        "Event provenance labels (live_lane, test, healthcheck, replay, transport)",
        "Session identity completeness at creation (title, workspace, purpose)",
        "Duplicate terminal-event suppression with fingerprinting",
        "Lane ownership/scope binding in events",
        "Nudge acknowledgment with dedupe contract",
        "clawhip consumes typed lane events instead of pane scraping"
      ],
      "passes": true,
      "priority": "P0"
    },
    {
      "id": "US-003",
      "title": "Phase 3 - Stale-branch detection before broad verification",
      "description": "Before broad test runs, compare current branch to main and detect if known fixes are missing. Emit branch.stale_against_main event and suggest/auto-run rebase/merge-forward.",
      "acceptanceCriteria": [
        "Branch freshness comparison against main implemented",
        "branch.stale_against_main event emitted when behind",
        "Auto-rebase/merge-forward policy integration",
        "Avoid misclassifying stale-branch failures as new regressions"
      ],
      "passes": true,
      "priority": "P1"
    },
    {
      "id": "US-004",
      "title": "Phase 3 - Recovery recipes with ledger",
      "description": "Encode automatic recoveries for common failures (trust prompt, prompt misdelivery, stale branch, compile red, MCP startup). Expose recovery attempt ledger with recipe id, attempt count, state, timestamps, failure summary.",
      "acceptanceCriteria": [
        "Recovery recipes defined for: trust_prompt_unresolved, prompt_delivered_to_shell, stale_branch, compile_red_after_refactor, MCP_handshake_failure, partial_plugin_startup",
        "Recovery attempt ledger with: recipe id, attempt count, state, timestamps, failure summary, escalation reason",
        "One automatic recovery attempt before escalation",
        "Ledger emitted as structured event data"
      ],
      "passes": true,
      "priority": "P1"
    },
    {
      "id": "US-005",
      "title": "Phase 4 - Typed task packet format",
      "description": "Define structured task packet with fields: objective, scope, repo/worktree, branch policy, acceptance tests, commit policy, reporting contract, escalation policy.",
      "acceptanceCriteria": [
        "TaskPacket struct with all required fields",
        "TaskScope resolution (workspace/module/single-file/custom)",
        "Validation and serialization support",
        "Integration into tools/src/lib.rs"
      ],
      "passes": true,
      "priority": "P1"
    },
    {
      "id": "US-006",
      "title": "Phase 4 - Policy engine for autonomous coding",
      "description": "Encode automation rules: if green + scoped diff + review passed -> merge to dev; if stale branch -> merge-forward before broad tests; if startup blocked -> recover once, then escalate; if lane completed -> emit closeout and cleanup session.",
      "acceptanceCriteria": [
        "Policy rules engine implemented",
        "Rules: green + scoped diff + review -> merge",
        "Rules: stale branch -> merge-forward before tests",
        "Rules: startup blocked -> recover once, then escalate",
        "Rules: lane completed -> closeout and cleanup"
      ],
      "passes": true,
      "priority": "P2"
    },
    {
      "id": "US-007",
      "title": "Phase 5 - Plugin/MCP lifecycle maturity",
      "description": "First-class plugin/MCP lifecycle contract: config validation, startup healthcheck, discovery result, degraded-mode behavior, shutdown/cleanup. Close gaps in end-to-end lifecycle.",
      "acceptanceCriteria": [
        "Plugin/MCP config validation contract",
        "Startup healthcheck with structured results",
        "Discovery result reporting",
        "Degraded-mode behavior documented and implemented",
        "Shutdown/cleanup contract",
        "Partial startup and per-server failures reported structurally"
      ],
      "passes": true,
      "priority": "P2"
    },
    {
      "id": "US-008",
      "title": "Fix kimi-k2.5 model API compatibility",
      "description": "The kimi-k2.5 model (and other kimi models) reject API requests containing the is_error field in tool result messages. The OpenAI-compatible provider currently always includes is_error for all models. Need to make this field conditional based on model support.",
      "acceptanceCriteria": [
        "translate_message function accepts model parameter",
        "is_error field excluded for kimi models (kimi-k2.5, kimi-k1.5, etc.)",
        "is_error field included for models that support it (openai, grok, xai, etc.)",
        "build_chat_completion_request passes model to translate_message",
        "Tests verify is_error presence/absence based on model",
        "cargo test passes",
        "cargo clippy passes",
        "cargo fmt passes"
      ],
      "passes": true,
      "priority": "P0"
    }
  ]
 }
--- a/progress.txt
+++ b/progress.txt
@@ -0,0 +1,83 @@
 Ralph Iteration Summary - claw-code Roadmap Implementation
 ===========================================================
 Iteration 1: 2026-04-16
 ------------------------
 US-001 COMPLETED (Phase 1.6 - startup-no-evidence evidence bundle + classifier)
 - Files: rust/crates/runtime/src/worker_boot.rs
 - Added StartupFailureClassification enum with 6 variants
 - Added StartupEvidenceBundle with 8 fields
 - Implemented classify_startup_failure() logic
 - Added observe_startup_timeout() method to Worker
 - Tests: 6 new tests verifying classification logic
 US-002 COMPLETED (Phase 2 - Canonical lane event schema)
 - Files: rust/crates/runtime/src/lane_events.rs
 - Added EventProvenance enum with 5 labels
 - Added SessionIdentity, LaneOwnership structs
 - Added LaneEventMetadata with sequence/ordering
 - Added LaneEventBuilder for construction
 - Implemented is_terminal_event(), dedupe_terminal_events()
 - Tests: 10 new tests for events and deduplication
 US-005 COMPLETED (Phase 4 - Typed task packet format)
 - Files:
  - rust/crates/runtime/src/task_packet.rs
  - rust/crates/runtime/src/task_registry.rs
  - rust/crates/tools/src/lib.rs
 - Added TaskScope enum (Workspace, Module, SingleFile, Custom)
 - Updated TaskPacket with scope_path and worktree fields
 - Added validate_scope_requirements() validation logic
 - Fixed all test compilation errors in dependent modules
 - Tests: Updated existing tests to use new types
 PRE-EXISTING IMPLEMENTATIONS (verified working):
 ------------------------------------------------
 US-003 COMPLETE (Phase 3 - Stale-branch detection)
 - Files: rust/crates/runtime/src/stale_branch.rs
 - BranchFreshness enum (Fresh, Stale, Diverged)
 - StaleBranchPolicy (AutoRebase, AutoMergeForward, WarnOnly, Block)
 - StaleBranchEvent with structured events
 - check_freshness() with git integration
 - apply_policy() with policy resolution
 - Tests: 12 unit tests + 5 integration tests passing
 US-004 COMPLETE (Phase 3 - Recovery recipes with ledger)
 - Files: rust/crates/runtime/src/recovery_recipes.rs
 - FailureScenario enum with 7 scenarios
 - RecoveryStep enum with actionable steps
 - RecoveryRecipe with step sequences
 - RecoveryLedger for attempt tracking
 - RecoveryEvent for structured emission
 - attempt_recovery() with escalation logic
 - Tests: 15 unit tests + 1 integration test passing
 US-006 COMPLETE (Phase 4 - Policy engine for autonomous coding)
 - Files: rust/crates/runtime/src/policy_engine.rs
 - PolicyRule with condition/action/priority
 - PolicyCondition (And, Or, GreenAt, StaleBranch, etc.)
 - PolicyAction (MergeToDev, RecoverOnce, Escalate, etc.)
 - LaneContext for evaluation context
 - evaluate() for rule matching
 - Tests: 18 unit tests + 6 integration tests passing
 US-007 COMPLETE (Phase 5 - Plugin/MCP lifecycle maturity)
 - Files: rust/crates/runtime/src/plugin_lifecycle.rs
 - ServerStatus enum (Healthy, Degraded, Failed)
 - ServerHealth with capabilities tracking
 - PluginState with full lifecycle states
 - PluginLifecycle event tracking
 - PluginHealthcheck structured results
 - DiscoveryResult for capability discovery
 - DegradedMode behavior
 - Tests: 11 unit tests passing
 VERIFICATION STATUS:
 ------------------
 - cargo build --workspace: PASSED
 - cargo test --workspace: PASSED (476+ unit tests, 12 integration tests)
 - cargo clippy --workspace: PASSED
 All 7 stories from prd.json now have passes: true
--- a/rust/.claw/sessions/session-1775386832313-0.jsonl
+++ b/rust/.claw/sessions/session-1775386832313-0.jsonl
@@ -1,2 +1 @@
-{"created_at_ms":1775386832313,"session_id":"session-1775386832313-0","type":"session_meta","updated_at_ms":1775386832313,"version":1}
+{"created_at_ms":1775777421902,"session_id":"session-1775777421902-1","type":"session_meta","updated_at_ms":1775777421902,"version":1}
 {"message":{"blocks":[{"text":"status --help","type":"text"}],"role":"user"},"type":"message"}
--- a/rust/Cargo.lock
+++ b/rust/Cargo.lock
@@ -1580,6 +1580,7 @@ version = "0.1.0"
 dependencies = [
 "api",
 "commands",
 "flate2",
 "plugins",
 "reqwest",
 "runtime",
--- a/rust/README.md
+++ b/rust/README.md
@@ -34,10 +34,10 @@ export ANTHROPIC_API_KEY="sk-ant-..."
 export ANTHROPIC_BASE_URL="https://your-proxy.com"
 ```
-Or authenticate via OAuth and let the CLI persist credentials locally:
+Or provide an OAuth bearer token directly:
 ```bash
-cargo run -p rusty-claude-cli -- login
+export ANTHROPIC_AUTH_TOKEN="anthropic-oauth-or-proxy-bearer-token"
 ```
 ## Mock parity harness
@@ -80,7 +80,7 @@ Primary artifacts:
 | Feature | Status |
 |---------|--------|
 | Anthropic / OpenAI-compatible provider flows + streaming | ✅ |
-| OAuth login/logout | ✅ |
+| Direct bearer-token auth via `ANTHROPIC_AUTH_TOKEN` | ✅ |
 | Interactive REPL (rustyline) | ✅ |
 | Tool system (bash, read, write, edit, grep, glob) | ✅ |
 | Web tools (search, fetch) | ✅ |
@@ -135,17 +135,18 @@ Top-level commands:
  version
  status
  sandbox
  acp [serve]
  dump-manifests
  bootstrap-plan
  agents
  mcp
  skills
  system-prompt
  login
  logout
  init
 ```
 `claw acp` is a local discoverability surface for editor-first users: it reports the current ACP/Zed status without starting the runtime. As of April 16, 2026, claw-code does **not** ship an ACP/Zed daemon entrypoint yet, and `claw acp serve` is only a status alias until the real protocol surface lands.
 The command surface is moving quickly. For the canonical live help text, run:
 ```bash
@@ -159,8 +160,8 @@ Tab completion expands slash commands, model aliases, permission modes, and rece
 The REPL now exposes a much broader surface than the original minimal shell:
 - session / visibility: `/help`, `/status`, `/sandbox`, `/cost`, `/resume`, `/session`, `/version`, `/usage`, `/stats`
- workspace / git: `/compact`, `/clear`, `/config`, `/memory`, `/init`, `/diff`, `/commit`, `/pr`, `/issue`, `/export`, `/hooks`, `/files`, `/branch`, `/release-notes`, `/add-dir`
+- workspace / git: `/compact`, `/clear`, `/config`, `/memory`, `/init`, `/diff`, `/commit`, `/pr`, `/issue`, `/export`, `/hooks`, `/files`, `/release-notes`
- discovery / debugging: `/mcp`, `/agents`, `/skills`, `/doctor`, `/tasks`, `/context`, `/desktop`, `/ide`
+- discovery / debugging: `/mcp`, `/agents`, `/skills`, `/doctor`, `/tasks`, `/context`, `/desktop`
 - automation / analysis: `/review`, `/advisor`, `/insights`, `/security-review`, `/subagent`, `/team`, `/telemetry`, `/providers`, `/cron`, and more
 - plugin management: `/plugin` (with aliases `/plugins`, `/marketplace`)
@@ -194,7 +195,7 @@ rust/
 ### Crate Responsibilities
- **api** — provider clients, SSE streaming, request/response types, auth (API key + OAuth bearer), request-size/context-window preflight
+- **api** — provider clients, SSE streaming, request/response types, auth (`ANTHROPIC_API_KEY` + bearer-token support), request-size/context-window preflight
 - **commands** — slash command definitions, parsing, help text generation, JSON/text command rendering
 - **compat-harness** — extracts tool/prompt manifests from upstream TS source
 - **mock-anthropic-service** — deterministic `/v1/messages` mock for CLI parity tests and local harness runs
--- a/rust/crates/api/src/client.rs
+++ b/rust/crates/api/src/client.rs
@@ -31,9 +31,18 @@ impl ProviderClient {
            ProviderKind::Xai => Ok(Self::Xai(OpenAiCompatClient::from_env(
                OpenAiCompatConfig::xai(),
            )?)),
-            ProviderKind::OpenAi => Ok(Self::OpenAi(OpenAiCompatClient::from_env(
+            ProviderKind::OpenAi => {
-                OpenAiCompatConfig::openai(),
+                // DashScope models (qwen-*) also return ProviderKind::OpenAi because they
-            )?)),
+                // speak the OpenAI wire format, but they need the DashScope config which
                // reads DASHSCOPE_API_KEY and points at dashscope.aliyuncs.com.
                let config = match providers::metadata_for_model(&resolved_model) {
                    Some(meta) if meta.auth_env == "DASHSCOPE_API_KEY" => {
                        OpenAiCompatConfig::dashscope()
                    }
                    _ => OpenAiCompatConfig::openai(),
                };
                Ok(Self::OpenAi(OpenAiCompatClient::from_env(config)?))
            }
        }
    }
@@ -135,8 +144,21 @@ pub fn read_xai_base_url() -> String {
 #[cfg(test)]
 mod tests {
    use std::sync::{Mutex, OnceLock};
    use super::ProviderClient;
    use crate::providers::{detect_provider_kind, resolve_model_alias, ProviderKind};
    /// Serializes every test in this module that mutates process-wide
    /// environment variables so concurrent test threads cannot observe
    /// each other's partially-applied state.
    fn env_lock() -> std::sync::MutexGuard<'static, ()> {
        static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
        LOCK.get_or_init(|| Mutex::new(()))
            .lock()
            .unwrap_or_else(std::sync::PoisonError::into_inner)
    }
    #[test]
    fn resolves_existing_and_grok_aliases() {
        assert_eq!(resolve_model_alias("opus"), "claude-opus-4-6");
@@ -152,4 +174,65 @@ mod tests {
            ProviderKind::Anthropic
        );
    }
    /// Snapshot-restore guard for a single environment variable. Mirrors
    /// the pattern used in `providers/mod.rs` tests: captures the original
    /// value on construction, applies the override, and restores on drop so
    /// tests leave the process env untouched even when they panic.
    struct EnvVarGuard {
        key: &'static str,
        original: Option<std::ffi::OsString>,
    }
    impl EnvVarGuard {
        fn set(key: &'static str, value: Option<&str>) -> Self {
            let original = std::env::var_os(key);
            match value {
                Some(value) => std::env::set_var(key, value),
                None => std::env::remove_var(key),
            }
            Self { key, original }
        }
    }
    impl Drop for EnvVarGuard {
        fn drop(&mut self) {
            match self.original.take() {
                Some(value) => std::env::set_var(self.key, value),
                None => std::env::remove_var(self.key),
            }
        }
    }
    #[test]
    fn dashscope_model_uses_dashscope_config_not_openai() {
        // Regression: qwen-plus was being routed to OpenAiCompatConfig::openai()
        // which reads OPENAI_API_KEY and points at api.openai.com, when it should
        // use OpenAiCompatConfig::dashscope() which reads DASHSCOPE_API_KEY and
        // points at dashscope.aliyuncs.com.
        let _lock = env_lock();
        let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", Some("test-dashscope-key"));
        let _openai = EnvVarGuard::set("OPENAI_API_KEY", None);
        let client = ProviderClient::from_model("qwen-plus");
        // Must succeed (not fail with "missing OPENAI_API_KEY")
        assert!(
            client.is_ok(),
            "qwen-plus with DASHSCOPE_API_KEY set should build successfully, got: {:?}",
            client.err()
        );
        // Verify it's the OpenAi variant pointed at the DashScope base URL.
        match client.unwrap() {
            ProviderClient::OpenAi(openai_client) => {
                assert!(
                    openai_client.base_url().contains("dashscope.aliyuncs.com"),
                    "qwen-plus should route to DashScope base URL (contains 'dashscope.aliyuncs.com'), got: {}",
                    openai_client.base_url()
                );
            }
            other => panic!("Expected ProviderClient::OpenAi for qwen-plus, got: {other:?}"),
        }
    }
 }
--- a/rust/crates/api/src/error.rs
+++ b/rust/crates/api/src/error.rs
@@ -22,6 +22,11 @@ pub enum ApiError {
    MissingCredentials {
        provider: &'static str,
        env_vars: &'static [&'static str],
        /// Optional, runtime-computed hint appended to the error Display
        /// output. Populated when the provider resolver can infer what the
        /// user probably intended (e.g. an `OpenAI` key is set but Anthropic
        /// was selected because no Anthropic credentials exist).
        hint: Option<String>,
    },
    ContextWindowExceeded {
        model: String,
@@ -66,7 +71,29 @@ impl ApiError {
        provider: &'static str,
        env_vars: &'static [&'static str],
    ) -> Self {
-        Self::MissingCredentials { provider, env_vars }
+        Self::MissingCredentials {
            provider,
            env_vars,
            hint: None,
        }
    }
    /// Build a `MissingCredentials` error carrying an extra, runtime-computed
    /// hint string that the Display impl appends after the canonical "missing
    /// <provider> credentials" message. Used by the provider resolver to
    /// suggest the likely fix when the user has credentials for a different
    /// provider already in the environment.
    #[must_use]
    pub fn missing_credentials_with_hint(
        provider: &'static str,
        env_vars: &'static [&'static str],
        hint: impl Into<String>,
    ) -> Self {
        Self::MissingCredentials {
            provider,
            env_vars,
            hint: Some(hint.into()),
        }
    }
    /// Build a `Self::Json` enriched with the provider name, the model that
@@ -204,7 +231,11 @@ impl ApiError {
 impl Display for ApiError {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        match self {
-            Self::MissingCredentials { provider, env_vars } => {
+            Self::MissingCredentials {
                provider,
                env_vars,
                hint,
            } => {
                write!(
                    f,
                    "missing {provider} credentials; export {} before calling the {provider} API",
@@ -223,6 +254,9 @@ impl Display for ApiError {
                        )?;
                    }
                }
                if let Some(hint) = hint {
                    write!(f, " — hint: {hint}")?;
                }
                Ok(())
            }
            Self::ContextWindowExceeded {
@@ -483,4 +517,56 @@ mod tests {
        assert_eq!(error.safe_failure_class(), "context_window");
        assert_eq!(error.request_id(), Some("req_ctx_123"));
    }
    #[test]
    fn missing_credentials_without_hint_renders_the_canonical_message() {
        // given
        let error = ApiError::missing_credentials(
            "Anthropic",
            &["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"],
        );
        // when
        let rendered = error.to_string();
        // then
        assert!(
            rendered.starts_with(
                "missing Anthropic credentials; export ANTHROPIC_AUTH_TOKEN or ANTHROPIC_API_KEY before calling the Anthropic API"
            ),
            "rendered error should lead with the canonical missing-credential message: {rendered}"
        );
        assert!(
            !rendered.contains(" — hint: "),
            "no hint should be appended when none is supplied: {rendered}"
        );
    }
    #[test]
    fn missing_credentials_with_hint_appends_the_hint_after_base_message() {
        // given
        let error = ApiError::missing_credentials_with_hint(
            "Anthropic",
            &["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"],
            "I see OPENAI_API_KEY is set — if you meant to use the OpenAI-compat provider, prefix your model name with `openai/` so prefix routing selects it.",
        );
        // when
        let rendered = error.to_string();
        // then
        assert!(
            rendered.starts_with("missing Anthropic credentials;"),
            "hint should be appended, not replace the base message: {rendered}"
        );
        let hint_marker = " — hint: I see OPENAI_API_KEY is set — if you meant to use the OpenAI-compat provider, prefix your model name with `openai/` so prefix routing selects it.";
        assert!(
            rendered.ends_with(hint_marker),
            "rendered error should end with the hint: {rendered}"
        );
        // Classification semantics are unaffected by the presence of a hint.
        assert_eq!(error.safe_failure_class(), "provider_auth");
        assert!(!error.is_retryable());
        assert_eq!(error.request_id(), None);
    }
 }
--- a/rust/crates/api/src/http_client.rs
+++ b/rust/crates/api/src/http_client.rs
@@ -0,0 +1,344 @@
 use crate::error::ApiError;
 const HTTP_PROXY_KEYS: [&str; 2] = ["HTTP_PROXY", "http_proxy"];
 const HTTPS_PROXY_KEYS: [&str; 2] = ["HTTPS_PROXY", "https_proxy"];
 const NO_PROXY_KEYS: [&str; 2] = ["NO_PROXY", "no_proxy"];
 /// Snapshot of the proxy-related environment variables that influence the
 /// outbound HTTP client. Captured up front so callers can inspect, log, and
 /// test the resolved configuration without re-reading the process environment.
 ///
 /// When `proxy_url` is set it acts as a single catch-all proxy for both
 /// HTTP and HTTPS traffic, taking precedence over the per-scheme fields.
 #[derive(Debug, Clone, Default, PartialEq, Eq)]
 pub struct ProxyConfig {
    pub http_proxy: Option<String>,
    pub https_proxy: Option<String>,
    pub no_proxy: Option<String>,
    /// Optional unified proxy URL that applies to both HTTP and HTTPS.
    /// When set, this takes precedence over `http_proxy` and `https_proxy`.
    pub proxy_url: Option<String>,
 }
 impl ProxyConfig {
    /// Read proxy settings from the live process environment, honouring both
    /// the upper- and lower-case spellings used by curl, git, and friends.
    #[must_use]
    pub fn from_env() -> Self {
        Self::from_lookup(|key| std::env::var(key).ok())
    }
    /// Create a proxy configuration from a single URL that applies to both
    /// HTTP and HTTPS traffic. This is the config-file alternative to setting
    /// `HTTP_PROXY` and `HTTPS_PROXY` environment variables separately.
    #[must_use]
    pub fn from_proxy_url(url: impl Into<String>) -> Self {
        Self {
            proxy_url: Some(url.into()),
            ..Self::default()
        }
    }
    fn from_lookup<F>(mut lookup: F) -> Self
    where
        F: FnMut(&str) -> Option<String>,
    {
        Self {
            http_proxy: first_non_empty(&HTTP_PROXY_KEYS, &mut lookup),
            https_proxy: first_non_empty(&HTTPS_PROXY_KEYS, &mut lookup),
            no_proxy: first_non_empty(&NO_PROXY_KEYS, &mut lookup),
            proxy_url: None,
        }
    }
    #[must_use]
    pub fn is_empty(&self) -> bool {
        self.proxy_url.is_none() && self.http_proxy.is_none() && self.https_proxy.is_none()
    }
 }
 /// Build a `reqwest::Client` that honours the standard `HTTP_PROXY`,
 /// `HTTPS_PROXY`, and `NO_PROXY` environment variables. When no proxy is
 /// configured the client behaves identically to `reqwest::Client::new()`.
 pub fn build_http_client() -> Result<reqwest::Client, ApiError> {
    build_http_client_with(&ProxyConfig::from_env())
 }
 /// Infallible counterpart to [`build_http_client`] for constructors that
 /// historically returned `Self` rather than `Result<Self, _>`. When the proxy
 /// configuration is malformed we fall back to a default client so that
 /// callers retain the previous behaviour and the failure surfaces on the
 /// first outbound request instead of at construction time.
 #[must_use]
 pub fn build_http_client_or_default() -> reqwest::Client {
    build_http_client().unwrap_or_else(|_| reqwest::Client::new())
 }
 /// Build a `reqwest::Client` from an explicit [`ProxyConfig`]. Used by tests
 /// and by callers that want to override process-level environment lookups.
 ///
 /// When `config.proxy_url` is set it overrides the per-scheme `http_proxy`
 /// and `https_proxy` fields and is registered as both an HTTP and HTTPS
 /// proxy so a single value can route every outbound request.
 pub fn build_http_client_with(config: &ProxyConfig) -> Result<reqwest::Client, ApiError> {
    let mut builder = reqwest::Client::builder().no_proxy();
    let no_proxy = config
        .no_proxy
        .as_deref()
        .and_then(reqwest::NoProxy::from_string);
    let (http_proxy_url, https_url) = match config.proxy_url.as_deref() {
        Some(unified) => (Some(unified), Some(unified)),
        None => (config.http_proxy.as_deref(), config.https_proxy.as_deref()),
    };
    if let Some(url) = https_url {
        let mut proxy = reqwest::Proxy::https(url)?;
        if let Some(filter) = no_proxy.clone() {
            proxy = proxy.no_proxy(Some(filter));
        }
        builder = builder.proxy(proxy);
    }
    if let Some(url) = http_proxy_url {
        let mut proxy = reqwest::Proxy::http(url)?;
        if let Some(filter) = no_proxy.clone() {
            proxy = proxy.no_proxy(Some(filter));
        }
        builder = builder.proxy(proxy);
    }
    Ok(builder.build()?)
 }
 fn first_non_empty<F>(keys: &[&str], lookup: &mut F) -> Option<String>
 where
    F: FnMut(&str) -> Option<String>,
 {
    keys.iter()
        .find_map(|key| lookup(key).filter(|value| !value.is_empty()))
 }
 #[cfg(test)]
 mod tests {
    use std::collections::HashMap;
    use super::{build_http_client_with, ProxyConfig};
    fn config_from_map(pairs: &[(&str, &str)]) -> ProxyConfig {
        let map: HashMap<String, String> = pairs
            .iter()
            .map(|(key, value)| ((*key).to_string(), (*value).to_string()))
            .collect();
        ProxyConfig::from_lookup(|key| map.get(key).cloned())
    }
    #[test]
    fn proxy_config_is_empty_when_no_env_vars_are_set() {
        // given
        let config = config_from_map(&[]);
        // when
        let empty = config.is_empty();
        // then
        assert!(empty);
        assert_eq!(config, ProxyConfig::default());
    }
    #[test]
    fn proxy_config_reads_uppercase_http_https_and_no_proxy() {
        // given
        let pairs = [
            ("HTTP_PROXY", "http://proxy.internal:3128"),
            ("HTTPS_PROXY", "http://secure.internal:3129"),
            ("NO_PROXY", "localhost,127.0.0.1,.corp"),
        ];
        // when
        let config = config_from_map(&pairs);
        // then
        assert_eq!(
            config.http_proxy.as_deref(),
            Some("http://proxy.internal:3128")
        );
        assert_eq!(
            config.https_proxy.as_deref(),
            Some("http://secure.internal:3129")
        );
        assert_eq!(
            config.no_proxy.as_deref(),
            Some("localhost,127.0.0.1,.corp")
        );
        assert!(!config.is_empty());
    }
    #[test]
    fn proxy_config_falls_back_to_lowercase_keys() {
        // given
        let pairs = [
            ("http_proxy", "http://lower.internal:3128"),
            ("https_proxy", "http://lower-secure.internal:3129"),
            ("no_proxy", ".lower"),
        ];
        // when
        let config = config_from_map(&pairs);
        // then
        assert_eq!(
            config.http_proxy.as_deref(),
            Some("http://lower.internal:3128")
        );
        assert_eq!(
            config.https_proxy.as_deref(),
            Some("http://lower-secure.internal:3129")
        );
        assert_eq!(config.no_proxy.as_deref(), Some(".lower"));
    }
    #[test]
    fn proxy_config_prefers_uppercase_over_lowercase_when_both_set() {
        // given
        let pairs = [
            ("HTTP_PROXY", "http://upper.internal:3128"),
            ("http_proxy", "http://lower.internal:3128"),
        ];
        // when
        let config = config_from_map(&pairs);
        // then
        assert_eq!(
            config.http_proxy.as_deref(),
            Some("http://upper.internal:3128")
        );
    }
    #[test]
    fn proxy_config_treats_empty_strings_as_unset() {
        // given
        let pairs = [("HTTP_PROXY", ""), ("http_proxy", "")];
        // when
        let config = config_from_map(&pairs);
        // then
        assert!(config.http_proxy.is_none());
    }
    #[test]
    fn build_http_client_succeeds_when_no_proxy_is_configured() {
        // given
        let config = ProxyConfig::default();
        // when
        let result = build_http_client_with(&config);
        // then
        assert!(result.is_ok());
    }
    #[test]
    fn build_http_client_succeeds_with_valid_http_and_https_proxies() {
        // given
        let config = ProxyConfig {
            http_proxy: Some("http://proxy.internal:3128".to_string()),
            https_proxy: Some("http://secure.internal:3129".to_string()),
            no_proxy: Some("localhost,127.0.0.1".to_string()),
            proxy_url: None,
        };
        // when
        let result = build_http_client_with(&config);
        // then
        assert!(result.is_ok());
    }
    #[test]
    fn build_http_client_returns_http_error_for_invalid_proxy_url() {
        // given
        let config = ProxyConfig {
            http_proxy: None,
            https_proxy: Some("not a url".to_string()),
            no_proxy: None,
            proxy_url: None,
        };
        // when
        let result = build_http_client_with(&config);
        // then
        let error = result.expect_err("invalid proxy URL must be reported as a build failure");
        assert!(
            matches!(error, crate::error::ApiError::Http(_)),
            "expected ApiError::Http for invalid proxy URL, got: {error:?}"
        );
    }
    #[test]
    fn from_proxy_url_sets_unified_field_and_leaves_per_scheme_empty() {
        // given / when
        let config = ProxyConfig::from_proxy_url("http://unified.internal:3128");
        // then
        assert_eq!(
            config.proxy_url.as_deref(),
            Some("http://unified.internal:3128")
        );
        assert!(config.http_proxy.is_none());
        assert!(config.https_proxy.is_none());
        assert!(!config.is_empty());
    }
    #[test]
    fn build_http_client_succeeds_with_unified_proxy_url() {
        // given
        let config = ProxyConfig {
            proxy_url: Some("http://unified.internal:3128".to_string()),
            no_proxy: Some("localhost".to_string()),
            ..ProxyConfig::default()
        };
        // when
        let result = build_http_client_with(&config);
        // then
        assert!(result.is_ok());
    }
    #[test]
    fn proxy_url_takes_precedence_over_per_scheme_fields() {
        // given – both per-scheme and unified are set
        let config = ProxyConfig {
            http_proxy: Some("http://per-scheme.internal:1111".to_string()),
            https_proxy: Some("http://per-scheme.internal:2222".to_string()),
            no_proxy: None,
            proxy_url: Some("http://unified.internal:3128".to_string()),
        };
        // when – building succeeds (the unified URL is valid)
        let result = build_http_client_with(&config);
        // then
        assert!(result.is_ok());
    }
    #[test]
    fn build_http_client_returns_error_for_invalid_unified_proxy_url() {
        // given
        let config = ProxyConfig::from_proxy_url("not a url");
        // when
        let result = build_http_client_with(&config);
        // then
        assert!(
            matches!(result, Err(crate::error::ApiError::Http(_))),
            "invalid unified proxy URL should fail: {result:?}"
        );
    }
 }
--- a/rust/crates/api/src/lib.rs
+++ b/rust/crates/api/src/lib.rs
@@ -1,5 +1,6 @@
 mod client;
 mod error;
 mod http_client;
 mod prompt_cache;
 mod providers;
 mod sse;
@@ -10,6 +11,9 @@ pub use client::{
    resolve_startup_auth_source, MessageStream, OAuthTokenSet, ProviderClient,
 };
 pub use error::ApiError;
 pub use http_client::{
    build_http_client, build_http_client_or_default, build_http_client_with, ProxyConfig,
 };
 pub use prompt_cache::{
    CacheBreakEvent, PromptCache, PromptCacheConfig, PromptCachePaths, PromptCacheRecord,
    PromptCacheStats,
@@ -17,7 +21,8 @@ pub use prompt_cache::{
 pub use providers::anthropic::{AnthropicClient, AnthropicClient as ApiClient, AuthSource};
 pub use providers::openai_compat::{OpenAiCompatClient, OpenAiCompatConfig};
 pub use providers::{
-    detect_provider_kind, max_tokens_for_model, resolve_model_alias, ProviderKind,
+    detect_provider_kind, max_tokens_for_model, max_tokens_for_model_with_override,
    resolve_model_alias, ProviderKind,
 };
 pub use sse::{parse_frame, SseParser};
 pub use types::{
--- a/rust/crates/api/src/prompt_cache.rs
+++ b/rust/crates/api/src/prompt_cache.rs
@@ -704,6 +704,7 @@ mod tests {
            tools: None,
            tool_choice: None,
            stream: false,
            ..Default::default()
        }
    }
--- a/rust/crates/api/src/providers/anthropic.rs
+++ b/rust/crates/api/src/providers/anthropic.rs
@@ -1,4 +1,5 @@
 use std::collections::VecDeque;
 use std::sync::atomic::{AtomicU64, Ordering};
 use std::sync::{Arc, Mutex};
 use std::time::{Duration, SystemTime, UNIX_EPOCH};
@@ -12,18 +13,21 @@ use serde_json::{Map, Value};
 use telemetry::{AnalyticsEvent, AnthropicRequestProfile, ClientIdentity, SessionTracer};
 use crate::error::ApiError;
 use crate::http_client::build_http_client_or_default;
 use crate::prompt_cache::{PromptCache, PromptCacheRecord, PromptCacheStats};
-use super::{model_token_limit, resolve_model_alias, Provider, ProviderFuture};
+use super::{
    anthropic_missing_credentials, model_token_limit, resolve_model_alias, Provider, ProviderFuture,
 };
 use crate::sse::SseParser;
 use crate::types::{MessageDeltaEvent, MessageRequest, MessageResponse, StreamEvent, Usage};
 pub const DEFAULT_BASE_URL: &str = "https://api.anthropic.com";
 const REQUEST_ID_HEADER: &str = "request-id";
 const ALT_REQUEST_ID_HEADER: &str = "x-request-id";
-const DEFAULT_INITIAL_BACKOFF: Duration = Duration::from_millis(200);
+const DEFAULT_INITIAL_BACKOFF: Duration = Duration::from_secs(1);
-const DEFAULT_MAX_BACKOFF: Duration = Duration::from_secs(2);
+const DEFAULT_MAX_BACKOFF: Duration = Duration::from_secs(128);
-const DEFAULT_MAX_RETRIES: u32 = 2;
+const DEFAULT_MAX_RETRIES: u32 = 8;
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub enum AuthSource {
@@ -47,10 +51,7 @@ impl AuthSource {
            }),
            (Some(api_key), None) => Ok(Self::ApiKey(api_key)),
            (None, Some(bearer_token)) => Ok(Self::BearerToken(bearer_token)),
-            (None, None) => Err(ApiError::missing_credentials(
+            (None, None) => Err(anthropic_missing_credentials()),
                "Anthropic",
                &["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"],
            )),
        }
    }
@@ -127,7 +128,7 @@ impl AnthropicClient {
    #[must_use]
    pub fn new(api_key: impl Into<String>) -> Self {
        Self {
-            http: reqwest::Client::new(),
+            http: build_http_client_or_default(),
            auth: AuthSource::ApiKey(api_key.into()),
            base_url: DEFAULT_BASE_URL.to_string(),
            max_retries: DEFAULT_MAX_RETRIES,
@@ -143,7 +144,7 @@ impl AnthropicClient {
    #[must_use]
    pub fn from_auth(auth: AuthSource) -> Self {
        Self {
-            http: reqwest::Client::new(),
+            http: build_http_client_or_default(),
            auth,
            base_url: DEFAULT_BASE_URL.to_string(),
            max_retries: DEFAULT_MAX_RETRIES,
@@ -434,6 +435,7 @@ impl AnthropicClient {
                        last_error = Some(error);
                    }
                    Err(error) => {
                        let error = enrich_bearer_auth_error(error, &self.auth);
                        self.record_request_failure(attempts, &error);
                        return Err(error);
                    }
@@ -452,7 +454,7 @@ impl AnthropicClient {
                break;
            }
-            tokio::time::sleep(self.backoff_for_attempt(attempts)?).await;
+            tokio::time::sleep(self.jittered_backoff_for_attempt(attempts)?).await;
        }
        Err(ApiError::RetriesExhausted {
@@ -485,13 +487,23 @@ impl AnthropicClient {
    }
    async fn preflight_message_request(&self, request: &MessageRequest) -> Result<(), ApiError> {
        // Always run the local byte-estimate guard first. This catches
        // oversized requests even if the remote count_tokens endpoint is
        // unreachable, misconfigured, or unimplemented (e.g., third-party
        // Anthropic-compatible gateways). If byte estimation already flags
        // the request as oversized, reject immediately without a network
        // round trip.
        super::preflight_message_request(request)?;
        let Some(limit) = model_token_limit(&request.model) else {
            return Ok(());
        };
-        let counted_input_tokens = match self.count_tokens(request).await {
+        // Best-effort refinement using the Anthropic count_tokens endpoint.
-            Ok(count) => count,
+        // On any failure (network, parse, auth), fall back to the local
-            Err(_) => return Ok(()),
+        // byte-estimate result which already passed above.
        let Ok(counted_input_tokens) = self.count_tokens(request).await else {
            return Ok(());
        };
        let estimated_total_tokens = counted_input_tokens.saturating_add(request.max_tokens);
        if estimated_total_tokens > limit.context_window_tokens {
@@ -513,7 +525,10 @@ impl AnthropicClient {
            input_tokens: u32,
        }
-        let request_url = format!("{}/v1/messages/count_tokens", self.base_url.trim_end_matches('/'));
+        let request_url = format!(
            "{}/v1/messages/count_tokens",
            self.base_url.trim_end_matches('/')
        );
        let mut request_body = self.request_profile.render_json_body(request)?;
        strip_unsupported_beta_body_fields(&mut request_body);
        let response = self
@@ -526,12 +541,7 @@ impl AnthropicClient {
        let response = expect_success(response).await?;
        let body = response.text().await.map_err(ApiError::from)?;
        let parsed = serde_json::from_str::<CountTokensResponse>(&body).map_err(|error| {
-            ApiError::json_deserialize(
+            ApiError::json_deserialize("Anthropic count_tokens", &request.model, &body, error)
                "Anthropic count_tokens",
                &request.model,
                &body,
                error,
            )
        })?;
        Ok(parsed.input_tokens)
    }
@@ -568,6 +578,42 @@ impl AnthropicClient {
            .checked_mul(multiplier)
            .map_or(self.max_backoff, |delay| delay.min(self.max_backoff)))
    }
    fn jittered_backoff_for_attempt(&self, attempt: u32) -> Result<Duration, ApiError> {
        let base = self.backoff_for_attempt(attempt)?;
        Ok(base + jitter_for_base(base))
    }
 }
 /// Process-wide counter that guarantees distinct jitter samples even when
 /// the system clock resolution is coarser than consecutive retry sleeps.
 static JITTER_COUNTER: AtomicU64 = AtomicU64::new(0);
 /// Returns a random additive jitter in `[0, base]` to decorrelate retries
 /// from multiple concurrent clients. Entropy is drawn from the nanosecond
 /// wall clock mixed with a monotonic counter and run through a splitmix64
 /// finalizer; adequate for retry jitter (no cryptographic requirement).
 fn jitter_for_base(base: Duration) -> Duration {
    let base_nanos = u64::try_from(base.as_nanos()).unwrap_or(u64::MAX);
    if base_nanos == 0 {
        return Duration::ZERO;
    }
    let raw_nanos = SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .map(|elapsed| u64::try_from(elapsed.as_nanos()).unwrap_or(u64::MAX))
        .unwrap_or(0);
    let tick = JITTER_COUNTER.fetch_add(1, Ordering::Relaxed);
    // splitmix64 finalizer — mixes the low bits so large bases still see
    // jitter across their full range instead of being clamped to subsec nanos.
    let mut mixed = raw_nanos
        .wrapping_add(tick)
        .wrapping_add(0x9E37_79B9_7F4A_7C15);
    mixed = (mixed ^ (mixed >> 30)).wrapping_mul(0xBF58_476D_1CE4_E5B9);
    mixed = (mixed ^ (mixed >> 27)).wrapping_mul(0x94D0_49BB_1331_11EB);
    mixed ^= mixed >> 31;
    // Inclusive upper bound: jitter may equal `base`, matching "up to base".
    let jitter_nanos = mixed % base_nanos.saturating_add(1);
    Duration::from_nanos(jitter_nanos)
 }
 impl AuthSource {
@@ -584,24 +630,7 @@ impl AuthSource {
        if let Some(bearer_token) = read_env_non_empty("ANTHROPIC_AUTH_TOKEN")? {
            return Ok(Self::BearerToken(bearer_token));
        }
-        match load_saved_oauth_token() {
+        Err(anthropic_missing_credentials())
            Ok(Some(token_set)) if oauth_token_is_expired(&token_set) => {
                if token_set.refresh_token.is_some() {
                    Err(ApiError::Auth(
                        "saved OAuth token is expired; load runtime OAuth config to refresh it"
                            .to_string(),
                    ))
                } else {
                    Err(ApiError::ExpiredOAuthToken)
                }
            }
            Ok(Some(token_set)) => Ok(Self::BearerToken(token_set.access_token)),
            Ok(None) => Err(ApiError::missing_credentials(
                "Anthropic",
                &["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"],
            )),
            Err(error) => Err(error),
        }
    }
 }
@@ -621,14 +650,14 @@ pub fn resolve_saved_oauth_token(config: &OAuthConfig) -> Result<Option<OAuthTok
 pub fn has_auth_from_env_or_saved() -> Result<bool, ApiError> {
    Ok(read_env_non_empty("ANTHROPIC_API_KEY")?.is_some()
-        || read_env_non_empty("ANTHROPIC_AUTH_TOKEN")?.is_some()
+        || read_env_non_empty("ANTHROPIC_AUTH_TOKEN")?.is_some())
        || load_saved_oauth_token()?.is_some())
 }
 pub fn resolve_startup_auth_source<F>(load_oauth_config: F) -> Result<AuthSource, ApiError>
 where
    F: FnOnce() -> Result<Option<OAuthConfig>, ApiError>,
 {
    let _ = load_oauth_config;
    if let Some(api_key) = read_env_non_empty("ANTHROPIC_API_KEY")? {
        return match read_env_non_empty("ANTHROPIC_AUTH_TOKEN")? {
            Some(bearer_token) => Ok(AuthSource::ApiKeyAndBearer {
@@ -641,28 +670,7 @@ where
    if let Some(bearer_token) = read_env_non_empty("ANTHROPIC_AUTH_TOKEN")? {
        return Ok(AuthSource::BearerToken(bearer_token));
    }
-
+    Err(anthropic_missing_credentials())
    let Some(token_set) = load_saved_oauth_token()? else {
        return Err(ApiError::missing_credentials(
            "Anthropic",
            &["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"],
        ));
    };
    if !oauth_token_is_expired(&token_set) {
        return Ok(AuthSource::BearerToken(token_set.access_token));
    }
    if token_set.refresh_token.is_none() {
        return Err(ApiError::ExpiredOAuthToken);
    }
    let Some(config) = load_oauth_config()? else {
        return Err(ApiError::Auth(
            "saved OAuth token is expired; runtime OAuth config is missing".to_string(),
        ));
    };
    Ok(AuthSource::from(resolve_saved_oauth_token_set(
        &config, token_set,
    )?))
 }
 fn resolve_saved_oauth_token_set(
@@ -743,10 +751,7 @@ fn read_api_key() -> Result<String, ApiError> {
    auth.api_key()
        .or_else(|| auth.bearer_token())
        .map(ToOwned::to_owned)
-        .ok_or(ApiError::missing_credentials(
+        .ok_or_else(anthropic_missing_credentials)
            "Anthropic",
            &["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"],
        ))
 }
 #[cfg(test)]
@@ -887,6 +892,85 @@ const fn is_retryable_status(status: reqwest::StatusCode) -> bool {
    matches!(status.as_u16(), 408 | 409 | 429 | 500 | 502 | 503 | 504)
 }
 /// Anthropic API keys (`sk-ant-*`) are accepted over the `x-api-key` header
 /// and rejected with HTTP 401 "Invalid bearer token" when sent as a Bearer
 /// token via `ANTHROPIC_AUTH_TOKEN`. This happens often enough in the wild
 /// (users copy-paste an `sk-ant-...` key into `ANTHROPIC_AUTH_TOKEN` because
 /// the env var name sounds auth-related) that a bare 401 error is useless.
 /// When we detect this exact shape, append a hint to the error message that
 /// points the user at the one-line fix.
 const SK_ANT_BEARER_HINT: &str = "sk-ant-* keys go in ANTHROPIC_API_KEY (x-api-key header), not ANTHROPIC_AUTH_TOKEN (Bearer header). Move your key to ANTHROPIC_API_KEY.";
 fn enrich_bearer_auth_error(error: ApiError, auth: &AuthSource) -> ApiError {
    let ApiError::Api {
        status,
        error_type,
        message,
        request_id,
        body,
        retryable,
    } = error
    else {
        return error;
    };
    if status.as_u16() != 401 {
        return ApiError::Api {
            status,
            error_type,
            message,
            request_id,
            body,
            retryable,
        };
    }
    let Some(bearer_token) = auth.bearer_token() else {
        return ApiError::Api {
            status,
            error_type,
            message,
            request_id,
            body,
            retryable,
        };
    };
    if !bearer_token.starts_with("sk-ant-") {
        return ApiError::Api {
            status,
            error_type,
            message,
            request_id,
            body,
            retryable,
        };
    }
    // Only append the hint when the AuthSource is pure BearerToken. If both
    // api_key and bearer_token are present (`ApiKeyAndBearer`), the x-api-key
    // header is already being sent alongside the Bearer header and the 401
    // is coming from a different cause — adding the hint would be misleading.
    if auth.api_key().is_some() {
        return ApiError::Api {
            status,
            error_type,
            message,
            request_id,
            body,
            retryable,
        };
    }
    let enriched_message = match message {
        Some(existing) => Some(format!("{existing} — hint: {SK_ANT_BEARER_HINT}")),
        None => Some(format!("hint: {SK_ANT_BEARER_HINT}")),
    };
    ApiError::Api {
        status,
        error_type,
        message: enriched_message,
        request_id,
        body,
        retryable,
    }
 }
 /// Remove beta-only body fields that the standard `/v1/messages` and
 /// `/v1/messages/count_tokens` endpoints reject as `Extra inputs are not
 /// permitted`. The `betas` opt-in is communicated via the `anthropic-beta`
@@ -894,6 +978,15 @@ const fn is_retryable_status(status: reqwest::StatusCode) -> bool {
 fn strip_unsupported_beta_body_fields(body: &mut Value) {
    if let Some(object) = body.as_object_mut() {
        object.remove("betas");
        // These fields are OpenAI-compatible only; Anthropic rejects them.
        object.remove("frequency_penalty");
        object.remove("presence_penalty");
        // Anthropic uses "stop_sequences" not "stop". Convert if present.
        if let Some(stop_val) = object.remove("stop") {
            if stop_val.as_array().is_some_and(|a| !a.is_empty()) {
                object.insert("stop_sequences".to_string(), stop_val);
            }
        }
    }
 }
@@ -1054,7 +1147,7 @@ mod tests {
    }
    #[test]
-    fn auth_source_from_saved_oauth_when_env_absent() {
+    fn auth_source_from_env_or_saved_ignores_saved_oauth_when_env_absent() {
        let _guard = env_lock();
        let config_home = temp_config_home();
        std::env::set_var("CLAW_CONFIG_HOME", &config_home);
@@ -1068,8 +1161,8 @@ mod tests {
        })
        .expect("save oauth credentials");
-        let auth = AuthSource::from_env_or_saved().expect("saved auth");
+        let error = AuthSource::from_env_or_saved().expect_err("saved oauth should be ignored");
-        assert_eq!(auth.bearer_token(), Some("saved-access-token"));
+        assert!(error.to_string().contains("ANTHROPIC_API_KEY"));
        clear_oauth_credentials().expect("clear credentials");
        std::env::remove_var("CLAW_CONFIG_HOME");
@@ -1125,7 +1218,7 @@ mod tests {
    }
    #[test]
-    fn resolve_startup_auth_source_uses_saved_oauth_without_loading_config() {
+    fn resolve_startup_auth_source_ignores_saved_oauth_without_loading_config() {
        let _guard = env_lock();
        let config_home = temp_config_home();
        std::env::set_var("CLAW_CONFIG_HOME", &config_home);
@@ -1139,41 +1232,9 @@ mod tests {
        })
        .expect("save oauth credentials");
-        let auth = resolve_startup_auth_source(|| panic!("config should not be loaded"))
+        let error = resolve_startup_auth_source(|| panic!("config should not be loaded"))
-            .expect("startup auth");
+            .expect_err("saved oauth should be ignored");
-        assert_eq!(auth.bearer_token(), Some("saved-access-token"));
+        assert!(error.to_string().contains("ANTHROPIC_API_KEY"));
        clear_oauth_credentials().expect("clear credentials");
        std::env::remove_var("CLAW_CONFIG_HOME");
        cleanup_temp_config_home(&config_home);
    }
    #[test]
    fn resolve_startup_auth_source_errors_when_refreshable_token_lacks_config() {
        let _guard = env_lock();
        let config_home = temp_config_home();
        std::env::set_var("CLAW_CONFIG_HOME", &config_home);
        std::env::remove_var("ANTHROPIC_AUTH_TOKEN");
        std::env::remove_var("ANTHROPIC_API_KEY");
        save_oauth_credentials(&runtime::OAuthTokenSet {
            access_token: "expired-access-token".to_string(),
            refresh_token: Some("refresh-token".to_string()),
            expires_at: Some(1),
            scopes: vec!["scope:a".to_string()],
        })
        .expect("save expired oauth credentials");
        let error =
            resolve_startup_auth_source(|| Ok(None)).expect_err("missing config should error");
        assert!(
            matches!(error, crate::error::ApiError::Auth(message) if message.contains("runtime OAuth config is missing"))
        );
        let stored = runtime::load_oauth_credentials()
            .expect("load stored credentials")
            .expect("stored token set");
        assert_eq!(stored.access_token, "expired-access-token");
        assert_eq!(stored.refresh_token.as_deref(), Some("refresh-token"));
        clear_oauth_credentials().expect("clear credentials");
        std::env::remove_var("CLAW_CONFIG_HOME");
@@ -1223,6 +1284,7 @@ mod tests {
            tools: None,
            tool_choice: None,
            stream: false,
            ..Default::default()
        };
        assert!(request.with_streaming().stream);
@@ -1249,6 +1311,58 @@ mod tests {
        );
    }
    #[test]
    fn jittered_backoff_stays_within_additive_bounds_and_varies() {
        let client = AnthropicClient::new("test-key").with_retry_policy(
            8,
            Duration::from_secs(1),
            Duration::from_secs(128),
        );
        let mut samples = Vec::with_capacity(64);
        for _ in 0..64 {
            let base = client.backoff_for_attempt(3).expect("base attempt 3");
            let jittered = client
                .jittered_backoff_for_attempt(3)
                .expect("jittered attempt 3");
            assert!(
                jittered >= base,
                "jittered delay {jittered:?} must be at least the base {base:?}"
            );
            assert!(
                jittered <= base * 2,
                "jittered delay {jittered:?} must not exceed base*2 {:?}",
                base * 2
            );
            samples.push(jittered);
        }
        let distinct: std::collections::HashSet<_> = samples.iter().collect();
        assert!(
            distinct.len() > 1,
            "jitter should produce varied delays across samples, got {samples:?}"
        );
    }
    #[test]
    fn default_retry_policy_matches_exponential_schedule() {
        let client = AnthropicClient::new("test-key");
        assert_eq!(
            client.backoff_for_attempt(1).expect("attempt 1"),
            Duration::from_secs(1)
        );
        assert_eq!(
            client.backoff_for_attempt(2).expect("attempt 2"),
            Duration::from_secs(2)
        );
        assert_eq!(
            client.backoff_for_attempt(3).expect("attempt 3"),
            Duration::from_secs(4)
        );
        assert_eq!(
            client.backoff_for_attempt(8).expect("attempt 8"),
            Duration::from_secs(128)
        );
    }
    #[test]
    fn retryable_statuses_are_detected() {
        assert!(super::is_retryable_status(
@@ -1350,6 +1464,52 @@ mod tests {
        assert_eq!(body, original);
    }
    #[test]
    fn strip_removes_openai_only_fields_and_converts_stop() {
        let mut body = serde_json::json!({
            "model": "claude-sonnet-4-6",
            "max_tokens": 1024,
            "temperature": 0.7,
            "frequency_penalty": 0.5,
            "presence_penalty": 0.3,
            "stop": ["\n"],
        });
        super::strip_unsupported_beta_body_fields(&mut body);
        // temperature is kept (Anthropic supports it)
        assert_eq!(body["temperature"], serde_json::json!(0.7));
        // frequency_penalty and presence_penalty are removed
        assert!(
            body.get("frequency_penalty").is_none(),
            "frequency_penalty must be stripped for Anthropic"
        );
        assert!(
            body.get("presence_penalty").is_none(),
            "presence_penalty must be stripped for Anthropic"
        );
        // stop is renamed to stop_sequences
        assert!(body.get("stop").is_none(), "stop must be renamed");
        assert_eq!(body["stop_sequences"], serde_json::json!(["\n"]));
    }
    #[test]
    fn strip_does_not_add_empty_stop_sequences() {
        let mut body = serde_json::json!({
            "model": "claude-sonnet-4-6",
            "max_tokens": 1024,
            "stop": [],
        });
        super::strip_unsupported_beta_body_fields(&mut body);
        assert!(body.get("stop").is_none());
        assert!(
            body.get("stop_sequences").is_none(),
            "empty stop should not produce stop_sequences"
        );
    }
    #[test]
    fn rendered_request_body_strips_betas_for_standard_messages_endpoint() {
        let client = AnthropicClient::new("test-key").with_beta("tools-2026-04-01");
@@ -1361,6 +1521,7 @@ mod tests {
            tools: None,
            tool_choice: None,
            stream: false,
            ..Default::default()
        };
        let mut rendered = client
@@ -1382,4 +1543,163 @@ mod tests {
            Some("claude-sonnet-4-6")
        );
    }
    #[test]
    fn enrich_bearer_auth_error_appends_sk_ant_hint_on_401_with_pure_bearer_token() {
        // given
        let auth = AuthSource::BearerToken("sk-ant-api03-deadbeef".to_string());
        let error = crate::error::ApiError::Api {
            status: reqwest::StatusCode::UNAUTHORIZED,
            error_type: Some("authentication_error".to_string()),
            message: Some("Invalid bearer token".to_string()),
            request_id: Some("req_varleg_001".to_string()),
            body: String::new(),
            retryable: false,
        };
        // when
        let enriched = super::enrich_bearer_auth_error(error, &auth);
        // then
        let rendered = enriched.to_string();
        assert!(
            rendered.contains("Invalid bearer token"),
            "existing provider message should be preserved: {rendered}"
        );
        assert!(
            rendered.contains(
                "sk-ant-* keys go in ANTHROPIC_API_KEY (x-api-key header), not ANTHROPIC_AUTH_TOKEN (Bearer header). Move your key to ANTHROPIC_API_KEY."
            ),
            "rendered error should include the sk-ant-* hint: {rendered}"
        );
        assert!(
            rendered.contains("[trace req_varleg_001]"),
            "request id should still flow through the enriched error: {rendered}"
        );
        match enriched {
            crate::error::ApiError::Api { status, .. } => {
                assert_eq!(status, reqwest::StatusCode::UNAUTHORIZED);
            }
            other => panic!("expected Api variant, got {other:?}"),
        }
    }
    #[test]
    fn enrich_bearer_auth_error_leaves_non_401_errors_unchanged() {
        // given
        let auth = AuthSource::BearerToken("sk-ant-api03-deadbeef".to_string());
        let error = crate::error::ApiError::Api {
            status: reqwest::StatusCode::INTERNAL_SERVER_ERROR,
            error_type: Some("api_error".to_string()),
            message: Some("internal server error".to_string()),
            request_id: None,
            body: String::new(),
            retryable: true,
        };
        // when
        let enriched = super::enrich_bearer_auth_error(error, &auth);
        // then
        let rendered = enriched.to_string();
        assert!(
            !rendered.contains("sk-ant-*"),
            "non-401 errors must not be annotated with the bearer hint: {rendered}"
        );
        assert!(
            rendered.contains("internal server error"),
            "original message must be preserved verbatim: {rendered}"
        );
    }
    #[test]
    fn enrich_bearer_auth_error_ignores_401_when_bearer_token_is_not_sk_ant() {
        // given
        let auth = AuthSource::BearerToken("oauth-access-token-opaque".to_string());
        let error = crate::error::ApiError::Api {
            status: reqwest::StatusCode::UNAUTHORIZED,
            error_type: Some("authentication_error".to_string()),
            message: Some("Invalid bearer token".to_string()),
            request_id: None,
            body: String::new(),
            retryable: false,
        };
        // when
        let enriched = super::enrich_bearer_auth_error(error, &auth);
        // then
        let rendered = enriched.to_string();
        assert!(
            !rendered.contains("sk-ant-*"),
            "oauth-style bearer tokens must not trigger the sk-ant-* hint: {rendered}"
        );
    }
    #[test]
    fn enrich_bearer_auth_error_skips_hint_when_api_key_header_is_also_present() {
        // given
        let auth = AuthSource::ApiKeyAndBearer {
            api_key: "sk-ant-api03-legitimate".to_string(),
            bearer_token: "sk-ant-api03-deadbeef".to_string(),
        };
        let error = crate::error::ApiError::Api {
            status: reqwest::StatusCode::UNAUTHORIZED,
            error_type: Some("authentication_error".to_string()),
            message: Some("Invalid bearer token".to_string()),
            request_id: None,
            body: String::new(),
            retryable: false,
        };
        // when
        let enriched = super::enrich_bearer_auth_error(error, &auth);
        // then
        let rendered = enriched.to_string();
        assert!(
            !rendered.contains("sk-ant-*"),
            "hint should be suppressed when x-api-key header is already being sent: {rendered}"
        );
    }
    #[test]
    fn enrich_bearer_auth_error_ignores_401_when_auth_source_has_no_bearer() {
        // given
        let auth = AuthSource::ApiKey("sk-ant-api03-legitimate".to_string());
        let error = crate::error::ApiError::Api {
            status: reqwest::StatusCode::UNAUTHORIZED,
            error_type: Some("authentication_error".to_string()),
            message: Some("Invalid x-api-key".to_string()),
            request_id: None,
            body: String::new(),
            retryable: false,
        };
        // when
        let enriched = super::enrich_bearer_auth_error(error, &auth);
        // then
        let rendered = enriched.to_string();
        assert!(
            !rendered.contains("sk-ant-*"),
            "bearer hint must not apply when AuthSource is ApiKey-only: {rendered}"
        );
    }
    #[test]
    fn enrich_bearer_auth_error_passes_non_api_errors_through_unchanged() {
        // given
        let auth = AuthSource::BearerToken("sk-ant-api03-deadbeef".to_string());
        let error = crate::error::ApiError::InvalidSseFrame("unterminated event");
        // when
        let enriched = super::enrich_bearer_auth_error(error, &auth);
        // then
        assert!(matches!(
            enriched,
            crate::error::ApiError::InvalidSseFrame(_)
        ));
    }
 }
--- a/rust/crates/api/src/providers/mod.rs
+++ b/rust/crates/api/src/providers/mod.rs
@@ -169,6 +169,31 @@ pub fn metadata_for_model(model: &str) -> Option<ProviderMetadata> {
            default_base_url: openai_compat::DEFAULT_XAI_BASE_URL,
        });
    }
    // Explicit provider-namespaced models (e.g. "openai/gpt-4.1-mini") must
    // route to the correct provider regardless of which auth env vars are set.
    // Without this, detect_provider_kind falls through to the auth-sniffer
    // order and misroutes to Anthropic if ANTHROPIC_API_KEY is present.
    if canonical.starts_with("openai/") || canonical.starts_with("gpt-") {
        return Some(ProviderMetadata {
            provider: ProviderKind::OpenAi,
            auth_env: "OPENAI_API_KEY",
            base_url_env: "OPENAI_BASE_URL",
            default_base_url: openai_compat::DEFAULT_OPENAI_BASE_URL,
        });
    }
    // Alibaba DashScope compatible-mode endpoint. Routes qwen/* and bare
    // qwen-* model names (qwen-max, qwen-plus, qwen-turbo, qwen-qwq, etc.)
    // to the OpenAI-compat client pointed at DashScope's /compatible-mode/v1.
    // Uses the OpenAi provider kind because DashScope speaks the OpenAI REST
    // shape — only the base URL and auth env var differ.
    if canonical.starts_with("qwen/") || canonical.starts_with("qwen-") {
        return Some(ProviderMetadata {
            provider: ProviderKind::OpenAi,
            auth_env: "DASHSCOPE_API_KEY",
            base_url_env: "DASHSCOPE_BASE_URL",
            default_base_url: openai_compat::DEFAULT_DASHSCOPE_BASE_URL,
        });
    }
    None
 }
@@ -177,6 +202,15 @@ pub fn detect_provider_kind(model: &str) -> ProviderKind {
    if let Some(metadata) = metadata_for_model(model) {
        return metadata.provider;
    }
    // When OPENAI_BASE_URL is set, the user explicitly configured an
    // OpenAI-compatible endpoint. Prefer it over the Anthropic fallback
    // even when the model name has no recognized prefix — this is the
    // common case for local providers (Ollama, LM Studio, vLLM, etc.)
    // where model names like "qwen2.5-coder:7b" don't match any prefix.
    if std::env::var_os("OPENAI_BASE_URL").is_some() && openai_compat::has_api_key("OPENAI_API_KEY")
    {
        return ProviderKind::OpenAi;
    }
    if anthropic::has_auth_from_env_or_saved().unwrap_or(false) {
        return ProviderKind::Anthropic;
    }
@@ -186,6 +220,11 @@ pub fn detect_provider_kind(model: &str) -> ProviderKind {
    if openai_compat::has_api_key("XAI_API_KEY") {
        return ProviderKind::Xai;
    }
    // Last resort: if OPENAI_BASE_URL is set without OPENAI_API_KEY (some
    // local providers like Ollama don't require auth), still route there.
    if std::env::var_os("OPENAI_BASE_URL").is_some() {
        return ProviderKind::OpenAi;
    }
    ProviderKind::Anthropic
 }
@@ -204,6 +243,14 @@ pub fn max_tokens_for_model(model: &str) -> u32 {
    )
 }
 /// Returns the effective max output tokens for a model, preferring a plugin
 /// override when present. Falls back to [`max_tokens_for_model`] when the
 /// override is `None`.
 #[must_use]
 pub fn max_tokens_for_model_with_override(model: &str, plugin_override: Option<u32>) -> u32 {
    plugin_override.unwrap_or_else(|| max_tokens_for_model(model))
 }
 #[must_use]
 pub fn model_token_limit(model: &str) -> Option<ModelTokenLimit> {
    let canonical = resolve_model_alias(model);
@@ -258,6 +305,73 @@ fn estimate_serialized_tokens<T: Serialize>(value: &T) -> u32 {
        .map_or(0, |bytes| (bytes.len() / 4 + 1) as u32)
 }
 /// Env var names used by other provider backends. When Anthropic auth
 /// resolution fails we sniff these so we can hint the user that their
 /// credentials probably belong to a different provider and suggest the
 /// model-prefix routing fix that would select it.
 const FOREIGN_PROVIDER_ENV_VARS: &[(&str, &str, &str)] = &[
    (
        "OPENAI_API_KEY",
        "OpenAI-compat",
        "prefix your model name with `openai/` (e.g. `--model openai/gpt-4.1-mini`) so prefix routing selects the OpenAI-compatible provider, and set `OPENAI_BASE_URL` if you are pointing at OpenRouter/Ollama/a local server",
    ),
    (
        "XAI_API_KEY",
        "xAI",
        "use an xAI model alias (e.g. `--model grok` or `--model grok-mini`) so the prefix router selects the xAI backend",
    ),
    (
        "DASHSCOPE_API_KEY",
        "Alibaba DashScope",
        "prefix your model name with `qwen/` or `qwen-` (e.g. `--model qwen-plus`) so prefix routing selects the DashScope backend",
    ),
 ];
 /// Check whether an env var is set to a non-empty value either in the real
 /// process environment or in the working-directory `.env` file. Mirrors the
 /// credential discovery path used by `read_env_non_empty` so the hint text
 /// stays truthful when users rely on `.env` instead of a real export.
 fn env_or_dotenv_present(key: &str) -> bool {
    match std::env::var(key) {
        Ok(value) if !value.is_empty() => true,
        Ok(_) | Err(std::env::VarError::NotPresent) => {
            dotenv_value(key).is_some_and(|value| !value.is_empty())
        }
        Err(_) => false,
    }
 }
 /// Produce a hint string describing the first foreign provider credential
 /// that is present in the environment when Anthropic auth resolution has
 /// just failed. Returns `None` when no foreign credential is set, in which
 /// case the caller should fall back to the plain `missing_credentials`
 /// error without a hint.
 pub(crate) fn anthropic_missing_credentials_hint() -> Option<String> {
    for (env_var, provider_label, fix_hint) in FOREIGN_PROVIDER_ENV_VARS {
        if env_or_dotenv_present(env_var) {
            return Some(format!(
                "I see {env_var} is set — if you meant to use the {provider_label} provider, {fix_hint}."
            ));
        }
    }
    None
 }
 /// Build an Anthropic-specific `MissingCredentials` error, attaching a
 /// hint suggesting the probable fix whenever a different provider's
 /// credentials are already present in the environment. Anthropic call
 /// sites should prefer this helper over `ApiError::missing_credentials`
 /// so users who mistyped a model name or forgot the prefix get a useful
 /// signal instead of a generic "missing Anthropic credentials" wall.
 pub(crate) fn anthropic_missing_credentials() -> ApiError {
    const PROVIDER: &str = "Anthropic";
    const ENV_VARS: &[&str] = &["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"];
    match anthropic_missing_credentials_hint() {
        Some(hint) => ApiError::missing_credentials_with_hint(PROVIDER, ENV_VARS, hint),
        None => ApiError::missing_credentials(PROVIDER, ENV_VARS),
    }
 }
 /// Parse a `.env` file body into key/value pairs using a minimal `KEY=VALUE`
 /// grammar. Lines that are blank, start with `#`, or do not contain `=` are
 /// ignored. Surrounding double or single quotes are stripped from the value.
@@ -315,6 +429,9 @@ pub(crate) fn dotenv_value(key: &str) -> Option<String> {
 #[cfg(test)]
 mod tests {
    use std::ffi::OsString;
    use std::sync::{Mutex, OnceLock};
    use serde_json::json;
    use crate::error::ApiError;
@@ -323,10 +440,52 @@ mod tests {
    };
    use super::{
-        detect_provider_kind, load_dotenv_file, max_tokens_for_model, model_token_limit,
+        anthropic_missing_credentials, anthropic_missing_credentials_hint, detect_provider_kind,
-        parse_dotenv, preflight_message_request, resolve_model_alias, ProviderKind,
+        load_dotenv_file, max_tokens_for_model, max_tokens_for_model_with_override,
        model_token_limit, parse_dotenv, preflight_message_request, resolve_model_alias,
        ProviderKind,
    };
    /// Serializes every test in this module that mutates process-wide
    /// environment variables so concurrent test threads cannot observe
    /// each other's partially-applied state while probing the foreign
    /// provider credential sniffer.
    fn env_lock() -> std::sync::MutexGuard<'static, ()> {
        static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
        LOCK.get_or_init(|| Mutex::new(()))
            .lock()
            .unwrap_or_else(std::sync::PoisonError::into_inner)
    }
    /// Snapshot-restore guard for a single environment variable. Captures
    /// the original value on construction, applies the requested override
    /// (set or remove), and restores the original on drop so tests leave
    /// the process env untouched even when they panic mid-assertion.
    struct EnvVarGuard {
        key: &'static str,
        original: Option<OsString>,
    }
    impl EnvVarGuard {
        fn set(key: &'static str, value: Option<&str>) -> Self {
            let original = std::env::var_os(key);
            match value {
                Some(value) => std::env::set_var(key, value),
                None => std::env::remove_var(key),
            }
            Self { key, original }
        }
    }
    impl Drop for EnvVarGuard {
        fn drop(&mut self) {
            match self.original.take() {
                Some(value) => std::env::set_var(self.key, value),
                None => std::env::remove_var(self.key),
            }
        }
    }
    #[test]
    fn resolves_grok_aliases() {
        assert_eq!(resolve_model_alias("grok"), "grok-3");
@@ -343,12 +502,114 @@ mod tests {
        );
    }
    #[test]
    fn openai_namespaced_model_routes_to_openai_not_anthropic() {
        // Regression: "openai/gpt-4.1-mini" was misrouted to Anthropic when
        // ANTHROPIC_API_KEY was set because metadata_for_model returned None
        // and detect_provider_kind fell through to auth-sniffer order.
        // The model prefix must win over env-var presence.
        let kind = super::metadata_for_model("openai/gpt-4.1-mini").map_or_else(
            || detect_provider_kind("openai/gpt-4.1-mini"),
            |m| m.provider,
        );
        assert_eq!(
            kind,
            ProviderKind::OpenAi,
            "openai/ prefix must route to OpenAi regardless of ANTHROPIC_API_KEY"
        );
        // Also cover bare gpt- prefix
        let kind2 = super::metadata_for_model("gpt-4o")
            .map_or_else(|| detect_provider_kind("gpt-4o"), |m| m.provider);
        assert_eq!(kind2, ProviderKind::OpenAi);
    }
    #[test]
    fn qwen_prefix_routes_to_dashscope_not_anthropic() {
        // User request from Discord #clawcode-get-help: web3g wants to use
        // Qwen 3.6 Plus via native Alibaba DashScope API (not OpenRouter,
        // which has lower rate limits). metadata_for_model must route
        // qwen/* and bare qwen-* to the OpenAi provider kind pointed at
        // the DashScope compatible-mode endpoint, regardless of whether
        // ANTHROPIC_API_KEY is present in the environment.
        let meta = super::metadata_for_model("qwen/qwen-max")
            .expect("qwen/ prefix must resolve to DashScope metadata");
        assert_eq!(meta.provider, ProviderKind::OpenAi);
        assert_eq!(meta.auth_env, "DASHSCOPE_API_KEY");
        assert_eq!(meta.base_url_env, "DASHSCOPE_BASE_URL");
        assert!(meta.default_base_url.contains("dashscope.aliyuncs.com"));
        // Bare qwen- prefix also routes
        let meta2 = super::metadata_for_model("qwen-plus")
            .expect("qwen- prefix must resolve to DashScope metadata");
        assert_eq!(meta2.provider, ProviderKind::OpenAi);
        assert_eq!(meta2.auth_env, "DASHSCOPE_API_KEY");
        // detect_provider_kind must agree even if ANTHROPIC_API_KEY is set
        let kind = detect_provider_kind("qwen/qwen3-coder");
        assert_eq!(
            kind,
            ProviderKind::OpenAi,
            "qwen/ prefix must win over auth-sniffer order"
        );
    }
    #[test]
    fn keeps_existing_max_token_heuristic() {
        assert_eq!(max_tokens_for_model("opus"), 32_000);
        assert_eq!(max_tokens_for_model("grok-3"), 64_000);
    }
    #[test]
    fn plugin_config_max_output_tokens_overrides_model_default() {
        // given
        let nanos = std::time::SystemTime::now()
            .duration_since(std::time::UNIX_EPOCH)
            .expect("time should be after epoch")
            .as_nanos();
        let root = std::env::temp_dir().join(format!("api-plugin-max-tokens-{nanos}"));
        let cwd = root.join("project");
        let home = root.join("home").join(".claw");
        std::fs::create_dir_all(cwd.join(".claw")).expect("project config dir");
        std::fs::create_dir_all(&home).expect("home config dir");
        std::fs::write(
            home.join("settings.json"),
            r#"{
              "plugins": {
                "maxOutputTokens": 12345
              }
            }"#,
        )
        .expect("write plugin settings");
        // when
        let loaded = runtime::ConfigLoader::new(&cwd, &home)
            .load()
            .expect("config should load");
        let plugin_override = loaded.plugins().max_output_tokens();
        let effective = max_tokens_for_model_with_override("claude-opus-4-6", plugin_override);
        // then
        assert_eq!(plugin_override, Some(12345));
        assert_eq!(effective, 12345);
        assert_ne!(effective, max_tokens_for_model("claude-opus-4-6"));
        std::fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn max_tokens_for_model_with_override_falls_back_when_plugin_unset() {
        // given
        let plugin_override: Option<u32> = None;
        // when
        let effective = max_tokens_for_model_with_override("claude-opus-4-6", plugin_override);
        // then
        assert_eq!(effective, max_tokens_for_model("claude-opus-4-6"));
        assert_eq!(effective, 32_000);
    }
    #[test]
    fn returns_context_window_metadata_for_supported_models() {
        assert_eq!(
@@ -387,6 +648,7 @@ mod tests {
            }]),
            tool_choice: Some(ToolChoice::Auto),
            stream: true,
            ..Default::default()
        };
        let error = preflight_message_request(&request)
@@ -425,6 +687,7 @@ mod tests {
            tools: None,
            tool_choice: None,
            stream: false,
            ..Default::default()
        };
        preflight_message_request(&request)
@@ -511,4 +774,252 @@ NO_EQUALS_LINE
        let _ = std::fs::remove_dir_all(&temp_root);
    }
    #[test]
    fn anthropic_missing_credentials_hint_is_none_when_no_foreign_creds_present() {
        // given
        let _lock = env_lock();
        let _openai = EnvVarGuard::set("OPENAI_API_KEY", None);
        let _xai = EnvVarGuard::set("XAI_API_KEY", None);
        let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", None);
        // when
        let hint = anthropic_missing_credentials_hint();
        // then
        assert!(
            hint.is_none(),
            "no hint should be produced when every foreign provider env var is absent, got {hint:?}"
        );
    }
    #[test]
    fn anthropic_missing_credentials_hint_detects_openai_api_key_and_recommends_openai_prefix() {
        // given
        let _lock = env_lock();
        let _openai = EnvVarGuard::set("OPENAI_API_KEY", Some("sk-openrouter-varleg"));
        let _xai = EnvVarGuard::set("XAI_API_KEY", None);
        let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", None);
        // when
        let hint = anthropic_missing_credentials_hint()
            .expect("OPENAI_API_KEY presence should produce a hint");
        // then
        assert!(
            hint.contains("OPENAI_API_KEY is set"),
            "hint should name the detected env var so users recognize it: {hint}"
        );
        assert!(
            hint.contains("OpenAI-compat"),
            "hint should identify the target provider: {hint}"
        );
        assert!(
            hint.contains("openai/"),
            "hint should mention the `openai/` prefix routing fix: {hint}"
        );
        assert!(
            hint.contains("OPENAI_BASE_URL"),
            "hint should mention OPENAI_BASE_URL so OpenRouter users see the full picture: {hint}"
        );
    }
    #[test]
    fn anthropic_missing_credentials_hint_detects_xai_api_key() {
        // given
        let _lock = env_lock();
        let _openai = EnvVarGuard::set("OPENAI_API_KEY", None);
        let _xai = EnvVarGuard::set("XAI_API_KEY", Some("xai-test-key"));
        let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", None);
        // when
        let hint = anthropic_missing_credentials_hint()
            .expect("XAI_API_KEY presence should produce a hint");
        // then
        assert!(
            hint.contains("XAI_API_KEY is set"),
            "hint should name XAI_API_KEY: {hint}"
        );
        assert!(
            hint.contains("xAI"),
            "hint should identify the xAI provider: {hint}"
        );
        assert!(
            hint.contains("grok"),
            "hint should suggest a grok-prefixed model alias: {hint}"
        );
    }
    #[test]
    fn anthropic_missing_credentials_hint_detects_dashscope_api_key() {
        // given
        let _lock = env_lock();
        let _openai = EnvVarGuard::set("OPENAI_API_KEY", None);
        let _xai = EnvVarGuard::set("XAI_API_KEY", None);
        let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", Some("sk-dashscope-test"));
        // when
        let hint = anthropic_missing_credentials_hint()
            .expect("DASHSCOPE_API_KEY presence should produce a hint");
        // then
        assert!(
            hint.contains("DASHSCOPE_API_KEY is set"),
            "hint should name DASHSCOPE_API_KEY: {hint}"
        );
        assert!(
            hint.contains("DashScope"),
            "hint should identify the DashScope provider: {hint}"
        );
        assert!(
            hint.contains("qwen"),
            "hint should suggest a qwen-prefixed model alias: {hint}"
        );
    }
    #[test]
    fn anthropic_missing_credentials_hint_prefers_openai_when_multiple_foreign_creds_set() {
        // given
        let _lock = env_lock();
        let _openai = EnvVarGuard::set("OPENAI_API_KEY", Some("sk-openrouter-varleg"));
        let _xai = EnvVarGuard::set("XAI_API_KEY", Some("xai-test-key"));
        let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", Some("sk-dashscope-test"));
        // when
        let hint = anthropic_missing_credentials_hint()
            .expect("multiple foreign creds should still produce a hint");
        // then
        assert!(
            hint.contains("OPENAI_API_KEY"),
            "OpenAI should be prioritized because it is the most common misrouting pattern (OpenRouter users), got: {hint}"
        );
        assert!(
            !hint.contains("XAI_API_KEY"),
            "only the first detected provider should be named to keep the hint focused, got: {hint}"
        );
    }
    #[test]
    fn anthropic_missing_credentials_builds_error_with_canonical_env_vars_and_no_hint_when_clean() {
        // given
        let _lock = env_lock();
        let _openai = EnvVarGuard::set("OPENAI_API_KEY", None);
        let _xai = EnvVarGuard::set("XAI_API_KEY", None);
        let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", None);
        // when
        let error = anthropic_missing_credentials();
        // then
        match &error {
            ApiError::MissingCredentials {
                provider,
                env_vars,
                hint,
            } => {
                assert_eq!(*provider, "Anthropic");
                assert_eq!(*env_vars, &["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"]);
                assert!(
                    hint.is_none(),
                    "clean environment should not generate a hint, got {hint:?}"
                );
            }
            other => panic!("expected MissingCredentials variant, got {other:?}"),
        }
        let rendered = error.to_string();
        assert!(
            !rendered.contains(" — hint: "),
            "rendered error should be a plain missing-creds message: {rendered}"
        );
    }
    #[test]
    fn anthropic_missing_credentials_builds_error_with_hint_when_openai_key_is_set() {
        // given
        let _lock = env_lock();
        let _openai = EnvVarGuard::set("OPENAI_API_KEY", Some("sk-openrouter-varleg"));
        let _xai = EnvVarGuard::set("XAI_API_KEY", None);
        let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", None);
        // when
        let error = anthropic_missing_credentials();
        // then
        match &error {
            ApiError::MissingCredentials {
                provider,
                env_vars,
                hint,
            } => {
                assert_eq!(*provider, "Anthropic");
                assert_eq!(*env_vars, &["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"]);
                let hint_value = hint.as_deref().expect("hint should be populated");
                assert!(
                    hint_value.contains("OPENAI_API_KEY is set"),
                    "hint should name the detected env var: {hint_value}"
                );
            }
            other => panic!("expected MissingCredentials variant, got {other:?}"),
        }
        let rendered = error.to_string();
        assert!(
            rendered.starts_with("missing Anthropic credentials;"),
            "canonical base message should still lead the rendered error: {rendered}"
        );
        assert!(
            rendered.contains(" — hint: I see OPENAI_API_KEY is set"),
            "rendered error should carry the env-driven hint: {rendered}"
        );
    }
    #[test]
    fn anthropic_missing_credentials_hint_ignores_empty_string_values() {
        // given
        let _lock = env_lock();
        // An empty value is semantically equivalent to "not set" for the
        // credential discovery path, so the sniffer must treat it that way
        // to avoid false-positive hints for users who intentionally cleared
        // a stale export with `OPENAI_API_KEY=`.
        let _openai = EnvVarGuard::set("OPENAI_API_KEY", Some(""));
        let _xai = EnvVarGuard::set("XAI_API_KEY", None);
        let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", None);
        // when
        let hint = anthropic_missing_credentials_hint();
        // then
        assert!(
            hint.is_none(),
            "empty env var should not trigger the hint sniffer, got {hint:?}"
        );
    }
    #[test]
    fn openai_base_url_overrides_anthropic_fallback_for_unknown_model() {
        // given — user has OPENAI_BASE_URL + OPENAI_API_KEY but no Anthropic
        // creds, and a model name with no recognized prefix.
        let _lock = env_lock();
        let _base_url = EnvVarGuard::set("OPENAI_BASE_URL", Some("http://127.0.0.1:11434/v1"));
        let _api_key = EnvVarGuard::set("OPENAI_API_KEY", Some("dummy"));
        let _anthropic_key = EnvVarGuard::set("ANTHROPIC_API_KEY", None);
        let _anthropic_token = EnvVarGuard::set("ANTHROPIC_AUTH_TOKEN", None);
        // when
        let provider = detect_provider_kind("qwen2.5-coder:7b");
        // then — should route to OpenAI, not Anthropic
        assert_eq!(
            provider,
            ProviderKind::OpenAi,
            "OPENAI_BASE_URL should win over Anthropic fallback for unknown models"
        );
    }
    // NOTE: a "OPENAI_BASE_URL without OPENAI_API_KEY" test is omitted
    // because workspace-parallel test binaries can race on process env
    // (env_lock only protects within a single binary). The detection logic
    // is covered: OPENAI_BASE_URL alone routes to OpenAi as a last-resort
    // fallback in detect_provider_kind().
 }
--- a/rust/crates/api/src/providers/openai_compat.rs
+++ b/rust/crates/api/src/providers/openai_compat.rs
@@ -1,10 +1,12 @@
 use std::collections::{BTreeMap, VecDeque};
-use std::time::Duration;
+use std::sync::atomic::{AtomicU64, Ordering};
 use std::time::{Duration, SystemTime, UNIX_EPOCH};
 use serde::Deserialize;
 use serde_json::{json, Value};
 use crate::error::ApiError;
 use crate::http_client::build_http_client_or_default;
 use crate::types::{
    ContentBlockDelta, ContentBlockDeltaEvent, ContentBlockStartEvent, ContentBlockStopEvent,
    InputContentBlock, InputMessage, MessageDelta, MessageDeltaEvent, MessageRequest,
@@ -16,11 +18,12 @@ use super::{preflight_message_request, Provider, ProviderFuture};
 pub const DEFAULT_XAI_BASE_URL: &str = "https://api.x.ai/v1";
 pub const DEFAULT_OPENAI_BASE_URL: &str = "https://api.openai.com/v1";
 pub const DEFAULT_DASHSCOPE_BASE_URL: &str = "https://dashscope.aliyuncs.com/compatible-mode/v1";
 const REQUEST_ID_HEADER: &str = "request-id";
 const ALT_REQUEST_ID_HEADER: &str = "x-request-id";
-const DEFAULT_INITIAL_BACKOFF: Duration = Duration::from_millis(200);
+const DEFAULT_INITIAL_BACKOFF: Duration = Duration::from_secs(1);
-const DEFAULT_MAX_BACKOFF: Duration = Duration::from_secs(2);
+const DEFAULT_MAX_BACKOFF: Duration = Duration::from_secs(128);
-const DEFAULT_MAX_RETRIES: u32 = 2;
+const DEFAULT_MAX_RETRIES: u32 = 8;
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub struct OpenAiCompatConfig {
@@ -32,6 +35,7 @@ pub struct OpenAiCompatConfig {
 const XAI_ENV_VARS: &[&str] = &["XAI_API_KEY"];
 const OPENAI_ENV_VARS: &[&str] = &["OPENAI_API_KEY"];
 const DASHSCOPE_ENV_VARS: &[&str] = &["DASHSCOPE_API_KEY"];
 impl OpenAiCompatConfig {
    #[must_use]
@@ -53,11 +57,27 @@ impl OpenAiCompatConfig {
            default_base_url: DEFAULT_OPENAI_BASE_URL,
        }
    }
    /// Alibaba `DashScope` compatible-mode endpoint (Qwen family models).
    /// Uses the OpenAI-compatible REST shape at /compatible-mode/v1.
    /// Requested via Discord #clawcode-get-help: native Alibaba API for
    /// higher rate limits than going through `OpenRouter`.
    #[must_use]
    pub const fn dashscope() -> Self {
        Self {
            provider_name: "DashScope",
            api_key_env: "DASHSCOPE_API_KEY",
            base_url_env: "DASHSCOPE_BASE_URL",
            default_base_url: DEFAULT_DASHSCOPE_BASE_URL,
        }
    }
    #[must_use]
    pub fn credential_env_vars(self) -> &'static [&'static str] {
        match self.provider_name {
            "xAI" => XAI_ENV_VARS,
            "OpenAI" => OPENAI_ENV_VARS,
            "DashScope" => DASHSCOPE_ENV_VARS,
            _ => &[],
        }
    }
@@ -78,10 +98,15 @@ impl OpenAiCompatClient {
    const fn config(&self) -> OpenAiCompatConfig {
        self.config
    }
    #[must_use]
    pub fn base_url(&self) -> &str {
        &self.base_url
    }
    #[must_use]
    pub fn new(api_key: impl Into<String>, config: OpenAiCompatConfig) -> Self {
        Self {
-            http: reqwest::Client::new(),
+            http: build_http_client_or_default(),
            api_key: api_key.into(),
            config,
            base_url: read_base_url(config),
@@ -132,13 +157,37 @@ impl OpenAiCompatClient {
        let response = self.send_with_retry(&request).await?;
        let request_id = request_id_from_headers(response.headers());
        let body = response.text().await.map_err(ApiError::from)?;
        // Some backends return {"error":{"message":"...","type":"...","code":...}}
        // instead of a valid completion object. Check for this before attempting
        // full deserialization so the user sees the actual error, not a cryptic
        // "missing field 'id'" parse failure.
        if let Ok(raw) = serde_json::from_str::<serde_json::Value>(&body) {
            if let Some(err_obj) = raw.get("error") {
                let msg = err_obj
                    .get("message")
                    .and_then(|m| m.as_str())
                    .unwrap_or("provider returned an error")
                    .to_string();
                let code = err_obj
                    .get("code")
                    .and_then(serde_json::Value::as_u64)
                    .map(|c| c as u16);
                return Err(ApiError::Api {
                    status: reqwest::StatusCode::from_u16(code.unwrap_or(400))
                        .unwrap_or(reqwest::StatusCode::BAD_REQUEST),
                    error_type: err_obj
                        .get("type")
                        .and_then(|t| t.as_str())
                        .map(str::to_owned),
                    message: Some(msg),
                    request_id,
                    body,
                    retryable: false,
                });
            }
        }
        let payload = serde_json::from_str::<ChatCompletionResponse>(&body).map_err(|error| {
-            ApiError::json_deserialize(
+            ApiError::json_deserialize(self.config.provider_name, &request.model, &body, error)
                self.config.provider_name,
                &request.model,
                &body,
                error,
            )
        })?;
        let mut normalized = normalize_response(&request.model, payload)?;
        if normalized.request_id.is_none() {
@@ -158,10 +207,7 @@ impl OpenAiCompatClient {
        Ok(MessageStream {
            request_id: request_id_from_headers(response.headers()),
            response,
-            parser: OpenAiSseParser::with_context(
+            parser: OpenAiSseParser::with_context(self.config.provider_name, request.model.clone()),
                self.config.provider_name,
                request.model.clone(),
            ),
            pending: VecDeque::new(),
            done: false,
            state: StreamState::new(request.model.clone()),
@@ -190,7 +236,7 @@ impl OpenAiCompatClient {
                break retryable_error;
            }
-            tokio::time::sleep(self.backoff_for_attempt(attempts)?).await;
+            tokio::time::sleep(self.jittered_backoff_for_attempt(attempts)?).await;
        };
        Err(ApiError::RetriesExhausted {
@@ -226,6 +272,52 @@ impl OpenAiCompatClient {
            .checked_mul(multiplier)
            .map_or(self.max_backoff, |delay| delay.min(self.max_backoff)))
    }
    fn jittered_backoff_for_attempt(&self, attempt: u32) -> Result<Duration, ApiError> {
        let base = self.backoff_for_attempt(attempt)?;
        Ok(base + jitter_for_base(base))
    }
 }
 /// Process-wide counter that guarantees distinct jitter samples even when
 /// the system clock resolution is coarser than consecutive retry sleeps.
 static JITTER_COUNTER: AtomicU64 = AtomicU64::new(0);
 /// Returns a random additive jitter in `[0, base]` to decorrelate retries
 /// Deserialize a JSON field as a `Vec<T>`, treating an explicit `null` value
 /// the same as a missing field (i.e. as an empty vector).
 /// Some OpenAI-compatible providers emit `"tool_calls": null` instead of
 /// omitting the field or using `[]`, which serde's `#[serde(default)]` alone
 /// does not tolerate — `default` only handles absent keys, not null values.
 fn deserialize_null_as_empty_vec<'de, D, T>(deserializer: D) -> Result<Vec<T>, D::Error>
 where
    D: serde::Deserializer<'de>,
    T: serde::Deserialize<'de>,
 {
    Ok(Option::<Vec<T>>::deserialize(deserializer)?.unwrap_or_default())
 }
 /// from multiple concurrent clients. Entropy is drawn from the nanosecond
 /// wall clock mixed with a monotonic counter and run through a splitmix64
 /// finalizer; adequate for retry jitter (no cryptographic requirement).
 fn jitter_for_base(base: Duration) -> Duration {
    let base_nanos = u64::try_from(base.as_nanos()).unwrap_or(u64::MAX);
    if base_nanos == 0 {
        return Duration::ZERO;
    }
    let raw_nanos = SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .map(|elapsed| u64::try_from(elapsed.as_nanos()).unwrap_or(u64::MAX))
        .unwrap_or(0);
    let tick = JITTER_COUNTER.fetch_add(1, Ordering::Relaxed);
    let mut mixed = raw_nanos
        .wrapping_add(tick)
        .wrapping_add(0x9E37_79B9_7F4A_7C15);
    mixed = (mixed ^ (mixed >> 30)).wrapping_mul(0xBF58_476D_1CE4_E5B9);
    mixed = (mixed ^ (mixed >> 27)).wrapping_mul(0x94D0_49BB_1331_11EB);
    mixed ^= mixed >> 31;
    let jitter_nanos = mixed % base_nanos.saturating_add(1);
    Duration::from_nanos(jitter_nanos)
 }
 impl Provider for OpenAiCompatClient {
@@ -623,7 +715,7 @@ struct ChunkChoice {
 struct ChunkDelta {
    #[serde(default)]
    content: Option<String>,
-    #[serde(default)]
+    #[serde(default, deserialize_with = "deserialize_null_as_empty_vec")]
    tool_calls: Vec<DeltaToolCall>,
 }
@@ -657,6 +749,43 @@ struct ErrorBody {
    message: Option<String>,
 }
 /// Returns true for models known to reject tuning parameters like temperature,
 /// `top_p`, `frequency_penalty`, and `presence_penalty`. These are typically
 /// reasoning/chain-of-thought models with fixed sampling.
 fn is_reasoning_model(model: &str) -> bool {
    let lowered = model.to_ascii_lowercase();
    // Strip any provider/ prefix for the check (e.g. qwen/qwen-qwq -> qwen-qwq)
    let canonical = lowered.rsplit('/').next().unwrap_or(lowered.as_str());
    // OpenAI reasoning models
    canonical.starts_with("o1")
        || canonical.starts_with("o3")
        || canonical.starts_with("o4")
        // xAI reasoning: grok-3-mini always uses reasoning mode
        || canonical == "grok-3-mini"
        // Alibaba DashScope reasoning variants (QwQ + Qwen3-Thinking family)
        || canonical.starts_with("qwen-qwq")
        || canonical.starts_with("qwq")
        || canonical.contains("thinking")
 }
 /// Strip routing prefix (e.g., "openai/gpt-4" → "gpt-4") for the wire.
 /// The prefix is used only to select transport; the backend expects the
 /// bare model id.
 fn strip_routing_prefix(model: &str) -> &str {
    if let Some(pos) = model.find('/') {
        let prefix = &model[..pos];
        // Only strip if the prefix before "/" is a known routing prefix,
        // not if "/" appears in the middle of the model name for other reasons.
        if matches!(prefix, "openai" | "xai" | "grok" | "qwen") {
            &model[pos + 1..]
        } else {
            model
        }
    } else {
        model
    }
 }
 fn build_chat_completion_request(request: &MessageRequest, config: OpenAiCompatConfig) -> Value {
    let mut messages = Vec::new();
    if let Some(system) = request.system.as_ref().filter(|value| !value.is_empty()) {
@@ -668,10 +797,30 @@ fn build_chat_completion_request(request: &MessageRequest, config: OpenAiCompatC
    for message in &request.messages {
        messages.extend(translate_message(message));
    }
    // Sanitize: drop any `role:"tool"` message that does not have a valid
    // paired `role:"assistant"` with a `tool_calls` entry carrying the same
    // `id` immediately before it (directly or as part of a run of tool
    // results). OpenAI-compatible backends return 400 for orphaned tool
    // messages regardless of how they were produced (compaction, session
    // editing, resume, etc.). We drop rather than error so the request can
    // still proceed with the remaining history intact.
    messages = sanitize_tool_message_pairing(messages);
    // Strip routing prefix (e.g., "openai/gpt-4" → "gpt-4") for the wire.
    let wire_model = strip_routing_prefix(&request.model);
    // gpt-5* requires `max_completion_tokens`; older OpenAI models accept both.
    // We send the correct field based on the wire model name so gpt-5.x requests
    // don't fail with "unknown field max_tokens".
    let max_tokens_key = if wire_model.starts_with("gpt-5") {
        "max_completion_tokens"
    } else {
        "max_tokens"
    };
    let mut payload = json!({
-        "model": request.model,
+        "model": wire_model,
-        "max_tokens": request.max_tokens,
+        max_tokens_key: request.max_tokens,
        "messages": messages,
        "stream": request.stream,
    });
@@ -688,6 +837,34 @@ fn build_chat_completion_request(request: &MessageRequest, config: OpenAiCompatC
        payload["tool_choice"] = openai_tool_choice(tool_choice);
    }
    // OpenAI-compatible tuning parameters — only included when explicitly set.
    // Reasoning models (o1/o3/o4/grok-3-mini) reject these params with 400;
    // silently strip them to avoid cryptic provider errors.
    if !is_reasoning_model(&request.model) {
        if let Some(temperature) = request.temperature {
            payload["temperature"] = json!(temperature);
        }
        if let Some(top_p) = request.top_p {
            payload["top_p"] = json!(top_p);
        }
        if let Some(frequency_penalty) = request.frequency_penalty {
            payload["frequency_penalty"] = json!(frequency_penalty);
        }
        if let Some(presence_penalty) = request.presence_penalty {
            payload["presence_penalty"] = json!(presence_penalty);
        }
    }
    // stop is generally safe for all providers
    if let Some(stop) = &request.stop {
        if !stop.is_empty() {
            payload["stop"] = json!(stop);
        }
    }
    // reasoning_effort for OpenAI-compatible reasoning models (o4-mini, o3, etc.)
    if let Some(effort) = &request.reasoning_effort {
        payload["reasoning_effort"] = json!(effort);
    }
    payload
 }
@@ -713,11 +890,16 @@ fn translate_message(message: &InputMessage) -> Vec<Value> {
            if text.is_empty() && tool_calls.is_empty() {
                Vec::new()
            } else {
-                vec![json!({
+                let mut msg = serde_json::json!({
                    "role": "assistant",
                    "content": (!text.is_empty()).then_some(text),
-                    "tool_calls": tool_calls,
+                });
-                })]
+                // Only include tool_calls when non-empty: some providers reject
                // assistant messages with an explicit empty tool_calls array.
                if !tool_calls.is_empty() {
                    msg["tool_calls"] = json!(tool_calls);
                }
                vec![msg]
            }
        }
        _ => message
@@ -744,6 +926,74 @@ fn translate_message(message: &InputMessage) -> Vec<Value> {
    }
 }
 /// Remove `role:"tool"` messages from `messages` that have no valid paired
 /// `role:"assistant"` message with a matching `tool_calls[].id` immediately
 /// preceding them. This is a last-resort safety net at the request-building
 /// layer — the compaction boundary fix (6e301c8) prevents the most common
 /// producer path, but resume, session editing, or future compaction variants
 /// could still create orphaned tool messages.
 ///
 /// Algorithm: scan left-to-right. For each `role:"tool"` message, check the
 /// immediately preceding non-tool message. If it's `role:"assistant"` with a
 /// `tool_calls` array containing an entry whose `id` matches the tool
 /// message's `tool_call_id`, the pair is valid and both are kept. Otherwise
 /// the tool message is dropped.
 fn sanitize_tool_message_pairing(messages: Vec<Value>) -> Vec<Value> {
    // Collect indices of tool messages that are orphaned.
    let mut drop_indices = std::collections::HashSet::new();
    for (i, msg) in messages.iter().enumerate() {
        if msg.get("role").and_then(|v| v.as_str()) != Some("tool") {
            continue;
        }
        let tool_call_id = msg
            .get("tool_call_id")
            .and_then(|v| v.as_str())
            .unwrap_or("");
        // Find the nearest preceding non-tool message.
        let preceding = messages[..i]
            .iter()
            .rev()
            .find(|m| m.get("role").and_then(|v| v.as_str()) != Some("tool"));
        // A tool message is considered paired when:
        // (a) the nearest preceding non-tool message is an assistant message
        //     whose `tool_calls` array contains an entry with the matching id, OR
        // (b) there's no clear preceding context (e.g. the message comes right
        //     after a user turn — this can happen with translated mixed-content
        //     user messages). In case (b) we allow the message through rather
        //     than silently dropping potentially valid history.
        let preceding_role = preceding
            .and_then(|m| m.get("role"))
            .and_then(|v| v.as_str())
            .unwrap_or("");
        // Only apply sanitization when the preceding message is an assistant
        // turn (the invariant is: assistant-with-tool_calls must precede tool).
        // If the preceding is something else (user, system) don't drop — it
        // may be a valid translation artifact or a path we don't understand.
        if preceding_role != "assistant" {
            continue;
        }
        let paired = preceding
            .and_then(|m| m.get("tool_calls").and_then(|tc| tc.as_array()))
            .is_some_and(|tool_calls| {
                tool_calls
                    .iter()
                    .any(|tc| tc.get("id").and_then(|v| v.as_str()) == Some(tool_call_id))
            });
        if !paired {
            drop_indices.insert(i);
        }
    }
    if drop_indices.is_empty() {
        return messages;
    }
    messages
        .into_iter()
        .enumerate()
        .filter(|(i, _)| !drop_indices.contains(i))
        .map(|(_, m)| m)
        .collect()
 }
 fn flatten_tool_result_content(content: &[ToolResultContentBlock]) -> String {
    content
        .iter()
@@ -755,13 +1005,45 @@ fn flatten_tool_result_content(content: &[ToolResultContentBlock]) -> String {
        .join("\n")
 }
 /// Recursively ensure every object-type node in a JSON Schema has
 /// `"properties"` (at least `{}`) and `"additionalProperties": false`.
 /// The `OpenAI` `/responses` endpoint validates schemas strictly and rejects
 /// objects that omit these fields; `/chat/completions` is lenient but also
 /// accepts them, so we normalise unconditionally.
 fn normalize_object_schema(schema: &mut Value) {
    if let Some(obj) = schema.as_object_mut() {
        if obj.get("type").and_then(Value::as_str) == Some("object") {
            obj.entry("properties").or_insert_with(|| json!({}));
            obj.entry("additionalProperties")
                .or_insert(Value::Bool(false));
        }
        // Recurse into properties values
        if let Some(props) = obj.get_mut("properties") {
            if let Some(props_obj) = props.as_object_mut() {
                let keys: Vec<String> = props_obj.keys().cloned().collect();
                for k in keys {
                    if let Some(v) = props_obj.get_mut(&k) {
                        normalize_object_schema(v);
                    }
                }
            }
        }
        // Recurse into items (arrays)
        if let Some(items) = obj.get_mut("items") {
            normalize_object_schema(items);
        }
    }
 }
 fn openai_tool_definition(tool: &ToolDefinition) -> Value {
    let mut parameters = tool.input_schema.clone();
    normalize_object_schema(&mut parameters);
    json!({
        "type": "function",
        "function": {
            "name": tool.name,
            "description": tool.description,
-            "parameters": tool.input_schema,
+            "parameters": parameters,
        }
    })
 }
@@ -878,6 +1160,35 @@ fn parse_sse_frame(
    if payload == "[DONE]" {
        return Ok(None);
    }
    // Some backends embed an error object in a data: frame instead of using an
    // HTTP error status. Surface the error message directly rather than letting
    // ChatCompletionChunk deserialization fail with a cryptic 'missing field' error.
    if let Ok(raw) = serde_json::from_str::<serde_json::Value>(&payload) {
        if let Some(err_obj) = raw.get("error") {
            let msg = err_obj
                .get("message")
                .and_then(|m| m.as_str())
                .unwrap_or("provider returned an error in stream")
                .to_string();
            let code = err_obj
                .get("code")
                .and_then(serde_json::Value::as_u64)
                .map(|c| c as u16);
            let status = reqwest::StatusCode::from_u16(code.unwrap_or(400))
                .unwrap_or(reqwest::StatusCode::BAD_REQUEST);
            return Err(ApiError::Api {
                status,
                error_type: err_obj
                    .get("type")
                    .and_then(|t| t.as_str())
                    .map(str::to_owned),
                message: Some(msg),
                request_id: None,
                body: payload.clone(),
                retryable: false,
            });
        }
    }
    serde_json::from_str::<ChatCompletionChunk>(&payload)
        .map(Some)
        .map_err(|error| ApiError::json_deserialize(provider, model, &payload, error))
@@ -976,8 +1287,9 @@ impl StringExt for String {
 #[cfg(test)]
 mod tests {
    use super::{
-        build_chat_completion_request, chat_completions_endpoint, normalize_finish_reason,
+        build_chat_completion_request, chat_completions_endpoint, is_reasoning_model,
-        openai_tool_choice, parse_tool_arguments, OpenAiCompatClient, OpenAiCompatConfig,
+        normalize_finish_reason, openai_tool_choice, parse_tool_arguments, OpenAiCompatClient,
        OpenAiCompatConfig,
    };
    use crate::error::ApiError;
    use crate::types::{
@@ -1016,6 +1328,7 @@ mod tests {
                }]),
                tool_choice: Some(ToolChoice::Auto),
                stream: false,
                ..Default::default()
            },
            OpenAiCompatConfig::xai(),
        );
@@ -1027,6 +1340,76 @@ mod tests {
        assert_eq!(payload["tool_choice"], json!("auto"));
    }
    #[test]
    fn tool_schema_object_gets_strict_fields_for_responses_endpoint() {
        // OpenAI /responses endpoint rejects object schemas missing
        // "properties" and "additionalProperties". Verify normalize_object_schema
        // fills them in so the request shape is strict-validator-safe.
        use super::normalize_object_schema;
        // Bare object — no properties at all
        let mut schema = json!({"type": "object"});
        normalize_object_schema(&mut schema);
        assert_eq!(schema["properties"], json!({}));
        assert_eq!(schema["additionalProperties"], json!(false));
        // Nested object inside properties
        let mut schema2 = json!({
            "type": "object",
            "properties": {
                "location": {"type": "object", "properties": {"lat": {"type": "number"}}}
            }
        });
        normalize_object_schema(&mut schema2);
        assert_eq!(schema2["additionalProperties"], json!(false));
        assert_eq!(
            schema2["properties"]["location"]["additionalProperties"],
            json!(false)
        );
        // Existing properties/additionalProperties should not be overwritten
        let mut schema3 = json!({
            "type": "object",
            "properties": {"x": {"type": "string"}},
            "additionalProperties": true
        });
        normalize_object_schema(&mut schema3);
        assert_eq!(
            schema3["additionalProperties"],
            json!(true),
            "must not overwrite existing"
        );
    }
    #[test]
    fn reasoning_effort_is_included_when_set() {
        let payload = build_chat_completion_request(
            &MessageRequest {
                model: "o4-mini".to_string(),
                max_tokens: 1024,
                messages: vec![InputMessage::user_text("think hard")],
                reasoning_effort: Some("high".to_string()),
                ..Default::default()
            },
            OpenAiCompatConfig::openai(),
        );
        assert_eq!(payload["reasoning_effort"], json!("high"));
    }
    #[test]
    fn reasoning_effort_omitted_when_not_set() {
        let payload = build_chat_completion_request(
            &MessageRequest {
                model: "gpt-4o".to_string(),
                max_tokens: 64,
                messages: vec![InputMessage::user_text("hello")],
                ..Default::default()
            },
            OpenAiCompatConfig::openai(),
        );
        assert!(payload.get("reasoning_effort").is_none());
    }
    #[test]
    fn openai_streaming_requests_include_usage_opt_in() {
        let payload = build_chat_completion_request(
@@ -1038,6 +1421,7 @@ mod tests {
                tools: None,
                tool_choice: None,
                stream: true,
                ..Default::default()
            },
            OpenAiCompatConfig::openai(),
        );
@@ -1056,6 +1440,7 @@ mod tests {
                tools: None,
                tool_choice: None,
                stream: true,
                ..Default::default()
            },
            OpenAiCompatConfig::xai(),
        );
@@ -1126,4 +1511,287 @@ mod tests {
        assert_eq!(normalize_finish_reason("stop"), "end_turn");
        assert_eq!(normalize_finish_reason("tool_calls"), "tool_use");
    }
    #[test]
    fn tuning_params_included_in_payload_when_set() {
        let request = MessageRequest {
            model: "gpt-4o".to_string(),
            max_tokens: 1024,
            messages: vec![],
            system: None,
            tools: None,
            tool_choice: None,
            stream: false,
            temperature: Some(0.7),
            top_p: Some(0.9),
            frequency_penalty: Some(0.5),
            presence_penalty: Some(0.3),
            stop: Some(vec!["\n".to_string()]),
            reasoning_effort: None,
        };
        let payload = build_chat_completion_request(&request, OpenAiCompatConfig::openai());
        assert_eq!(payload["temperature"], 0.7);
        assert_eq!(payload["top_p"], 0.9);
        assert_eq!(payload["frequency_penalty"], 0.5);
        assert_eq!(payload["presence_penalty"], 0.3);
        assert_eq!(payload["stop"], json!(["\n"]));
    }
    #[test]
    fn reasoning_model_strips_tuning_params() {
        let request = MessageRequest {
            model: "o1-mini".to_string(),
            max_tokens: 1024,
            messages: vec![],
            stream: false,
            temperature: Some(0.7),
            top_p: Some(0.9),
            frequency_penalty: Some(0.5),
            presence_penalty: Some(0.3),
            stop: Some(vec!["\n".to_string()]),
            ..Default::default()
        };
        let payload = build_chat_completion_request(&request, OpenAiCompatConfig::openai());
        assert!(
            payload.get("temperature").is_none(),
            "reasoning model should strip temperature"
        );
        assert!(
            payload.get("top_p").is_none(),
            "reasoning model should strip top_p"
        );
        assert!(payload.get("frequency_penalty").is_none());
        assert!(payload.get("presence_penalty").is_none());
        // stop is safe for all providers
        assert_eq!(payload["stop"], json!(["\n"]));
    }
    #[test]
    fn grok_3_mini_is_reasoning_model() {
        assert!(is_reasoning_model("grok-3-mini"));
        assert!(is_reasoning_model("o1"));
        assert!(is_reasoning_model("o1-mini"));
        assert!(is_reasoning_model("o3-mini"));
        assert!(!is_reasoning_model("gpt-4o"));
        assert!(!is_reasoning_model("grok-3"));
        assert!(!is_reasoning_model("claude-sonnet-4-6"));
    }
    #[test]
    fn qwen_reasoning_variants_are_detected() {
        // QwQ reasoning model
        assert!(is_reasoning_model("qwen-qwq-32b"));
        assert!(is_reasoning_model("qwen/qwen-qwq-32b"));
        // Qwen3 thinking family
        assert!(is_reasoning_model("qwen3-30b-a3b-thinking"));
        assert!(is_reasoning_model("qwen/qwen3-30b-a3b-thinking"));
        // Bare qwq
        assert!(is_reasoning_model("qwq-plus"));
        // Regular Qwen models must NOT be classified as reasoning
        assert!(!is_reasoning_model("qwen-max"));
        assert!(!is_reasoning_model("qwen/qwen-plus"));
        assert!(!is_reasoning_model("qwen-turbo"));
    }
    #[test]
    fn tuning_params_omitted_from_payload_when_none() {
        let request = MessageRequest {
            model: "gpt-4o".to_string(),
            max_tokens: 1024,
            messages: vec![],
            stream: false,
            ..Default::default()
        };
        let payload = build_chat_completion_request(&request, OpenAiCompatConfig::openai());
        assert!(
            payload.get("temperature").is_none(),
            "temperature should be absent"
        );
        assert!(payload.get("top_p").is_none(), "top_p should be absent");
        assert!(payload.get("frequency_penalty").is_none());
        assert!(payload.get("presence_penalty").is_none());
        assert!(payload.get("stop").is_none());
    }
    #[test]
    fn gpt5_uses_max_completion_tokens_not_max_tokens() {
        // gpt-5* models require `max_completion_tokens`; legacy `max_tokens` causes
        // a request-validation failure. Verify the correct key is emitted.
        let request = MessageRequest {
            model: "gpt-5.2".to_string(),
            max_tokens: 512,
            messages: vec![],
            stream: false,
            ..Default::default()
        };
        let payload = build_chat_completion_request(&request, OpenAiCompatConfig::openai());
        assert_eq!(
            payload["max_completion_tokens"],
            json!(512),
            "gpt-5.2 should emit max_completion_tokens"
        );
        assert!(
            payload.get("max_tokens").is_none(),
            "gpt-5.2 must not emit max_tokens"
        );
    }
    /// Regression test: some OpenAI-compatible providers emit `"tool_calls": null`
    /// in stream delta chunks instead of omitting the field or using `[]`.
    /// Before the fix this produced: `invalid type: null, expected a sequence`.
    #[test]
    fn delta_with_null_tool_calls_deserializes_as_empty_vec() {
        use super::deserialize_null_as_empty_vec;
        #[allow(dead_code)]
        #[derive(serde::Deserialize, Debug)]
        struct Delta {
            content: Option<String>,
            #[serde(default, deserialize_with = "deserialize_null_as_empty_vec")]
            tool_calls: Vec<super::DeltaToolCall>,
        }
        // Simulate the exact shape observed in the wild (gaebal-gajae repro 2026-04-09)
        let json = r#"{
            "content": "",
            "function_call": null,
            "refusal": null,
            "role": "assistant",
            "tool_calls": null
        }"#;
        let delta: Delta = serde_json::from_str(json)
            .expect("delta with tool_calls:null must deserialize without error");
        assert!(
            delta.tool_calls.is_empty(),
            "tool_calls:null must produce an empty vec, not an error"
        );
    }
    /// Regression: when building a multi-turn request where a prior assistant
    /// turn has no tool calls, the serialized assistant message must NOT include
    /// `tool_calls: []`. Some providers reject requests that carry an empty
    /// `tool_calls` array on assistant turns (gaebal-gajae repro 2026-04-09).
    #[test]
    fn assistant_message_without_tool_calls_omits_tool_calls_field() {
        use crate::types::{InputContentBlock, InputMessage};
        let request = MessageRequest {
            model: "gpt-4o".to_string(),
            max_tokens: 100,
            messages: vec![InputMessage {
                role: "assistant".to_string(),
                content: vec![InputContentBlock::Text {
                    text: "Hello".to_string(),
                }],
            }],
            stream: false,
            ..Default::default()
        };
        let payload = build_chat_completion_request(&request, OpenAiCompatConfig::openai());
        let messages = payload["messages"].as_array().unwrap();
        let assistant_msg = messages
            .iter()
            .find(|m| m["role"] == "assistant")
            .expect("assistant message must be present");
        assert!(
            assistant_msg.get("tool_calls").is_none(),
            "assistant message without tool calls must omit tool_calls field: {assistant_msg:?}"
        );
    }
    /// Regression: assistant messages WITH tool calls must still include
    /// the `tool_calls` array (normal multi-turn tool-use flow).
    #[test]
    fn assistant_message_with_tool_calls_includes_tool_calls_field() {
        use crate::types::{InputContentBlock, InputMessage};
        let request = MessageRequest {
            model: "gpt-4o".to_string(),
            max_tokens: 100,
            messages: vec![InputMessage {
                role: "assistant".to_string(),
                content: vec![InputContentBlock::ToolUse {
                    id: "call_1".to_string(),
                    name: "read_file".to_string(),
                    input: serde_json::json!({"path": "/tmp/test"}),
                }],
            }],
            stream: false,
            ..Default::default()
        };
        let payload = build_chat_completion_request(&request, OpenAiCompatConfig::openai());
        let messages = payload["messages"].as_array().unwrap();
        let assistant_msg = messages
            .iter()
            .find(|m| m["role"] == "assistant")
            .expect("assistant message must be present");
        let tool_calls = assistant_msg
            .get("tool_calls")
            .expect("assistant message with tool calls must include tool_calls field");
        assert!(tool_calls.is_array());
        assert_eq!(tool_calls.as_array().unwrap().len(), 1);
    }
    /// Orphaned tool messages (no preceding assistant `tool_calls`) must be
    /// dropped by the request-builder sanitizer. Regression for the second
    /// layer of the tool-pairing invariant fix (gaebal-gajae 2026-04-10).
    #[test]
    fn sanitize_drops_orphaned_tool_messages() {
        use super::sanitize_tool_message_pairing;
        // Valid pair: assistant with tool_calls → tool result
        let valid = vec![
            json!({"role": "assistant", "content": null, "tool_calls": [{"id": "call_1", "type": "function", "function": {"name": "search", "arguments": "{}"}}]}),
            json!({"role": "tool", "tool_call_id": "call_1", "content": "result"}),
        ];
        let out = sanitize_tool_message_pairing(valid);
        assert_eq!(out.len(), 2, "valid pair must be preserved");
        // Orphaned tool message: no preceding assistant tool_calls
        let orphaned = vec![
            json!({"role": "assistant", "content": "hi"}),
            json!({"role": "tool", "tool_call_id": "call_2", "content": "orphaned"}),
        ];
        let out = sanitize_tool_message_pairing(orphaned);
        assert_eq!(out.len(), 1, "orphaned tool message must be dropped");
        assert_eq!(out[0]["role"], json!("assistant"));
        // Mismatched tool_call_id
        let mismatched = vec![
            json!({"role": "assistant", "content": null, "tool_calls": [{"id": "call_3", "type": "function", "function": {"name": "f", "arguments": "{}"}}]}),
            json!({"role": "tool", "tool_call_id": "call_WRONG", "content": "bad"}),
        ];
        let out = sanitize_tool_message_pairing(mismatched);
        assert_eq!(out.len(), 1, "tool message with wrong id must be dropped");
        // Two tool results both valid (same preceding assistant)
        let two_results = vec![
            json!({"role": "assistant", "content": null, "tool_calls": [
                {"id": "call_a", "type": "function", "function": {"name": "fa", "arguments": "{}"}},
                {"id": "call_b", "type": "function", "function": {"name": "fb", "arguments": "{}"}}
            ]}),
            json!({"role": "tool", "tool_call_id": "call_a", "content": "ra"}),
            json!({"role": "tool", "tool_call_id": "call_b", "content": "rb"}),
        ];
        let out = sanitize_tool_message_pairing(two_results);
        assert_eq!(out.len(), 3, "both valid tool results must be preserved");
    }
    #[test]
    fn non_gpt5_uses_max_tokens() {
        // Older OpenAI models expect `max_tokens`; verify gpt-4o is unaffected.
        let request = MessageRequest {
            model: "gpt-4o".to_string(),
            max_tokens: 512,
            messages: vec![],
            stream: false,
            ..Default::default()
        };
        let payload = build_chat_completion_request(&request, OpenAiCompatConfig::openai());
        assert_eq!(payload["max_tokens"], json!(512));
        assert!(
            payload.get("max_completion_tokens").is_none(),
            "gpt-4o must not emit max_completion_tokens"
        );
    }
 }
--- a/rust/crates/api/src/types.rs
+++ b/rust/crates/api/src/types.rs
@@ -2,7 +2,7 @@ use runtime::{pricing_for_model, TokenUsage, UsageCostEstimate};
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default)]
 pub struct MessageRequest {
    pub model: String,
    pub max_tokens: u32,
@@ -15,6 +15,22 @@ pub struct MessageRequest {
    pub tool_choice: Option<ToolChoice>,
    #[serde(default, skip_serializing_if = "std::ops::Not::not")]
    pub stream: bool,
    /// OpenAI-compatible tuning parameters. Optional — omitted from payload when None.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub temperature: Option<f64>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub top_p: Option<f64>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub frequency_penalty: Option<f64>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub presence_penalty: Option<f64>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub stop: Option<Vec<String>>,
    /// Reasoning effort level for OpenAI-compatible reasoning models (e.g. `o4-mini`).
    /// Accepted values: `"low"`, `"medium"`, `"high"`. Omitted when `None`.
    /// Silently ignored by backends that do not support it.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub reasoning_effort: Option<String>,
 }
 impl MessageRequest {
--- a/rust/crates/api/tests/client_integration.rs
+++ b/rust/crates/api/tests/client_integration.rs
@@ -127,6 +127,7 @@ async fn send_message_blocks_oversized_requests_before_the_http_call() {
            tools: None,
            tool_choice: None,
            stream: false,
            ..Default::default()
        })
        .await
        .expect_err("oversized request should fail local context-window preflight");
@@ -545,6 +546,71 @@ async fn surfaces_retry_exhaustion_for_persistent_retryable_errors() {
    }
 }
 #[tokio::test]
 async fn retries_multiple_retryable_failures_with_exponential_backoff_and_jitter() {
    let state = Arc::new(Mutex::new(Vec::<CapturedRequest>::new()));
    let server = spawn_server(
        state.clone(),
        vec![
            http_response(
                "429 Too Many Requests",
                "application/json",
                "{\"type\":\"error\",\"error\":{\"type\":\"rate_limit_error\",\"message\":\"slow down\"}}",
            ),
            http_response(
                "500 Internal Server Error",
                "application/json",
                "{\"type\":\"error\",\"error\":{\"type\":\"api_error\",\"message\":\"boom\"}}",
            ),
            http_response(
                "503 Service Unavailable",
                "application/json",
                "{\"type\":\"error\",\"error\":{\"type\":\"overloaded_error\",\"message\":\"busy\"}}",
            ),
            http_response(
                "429 Too Many Requests",
                "application/json",
                "{\"type\":\"error\",\"error\":{\"type\":\"rate_limit_error\",\"message\":\"slow down again\"}}",
            ),
            http_response(
                "503 Service Unavailable",
                "application/json",
                "{\"type\":\"error\",\"error\":{\"type\":\"overloaded_error\",\"message\":\"still busy\"}}",
            ),
            http_response(
                "200 OK",
                "application/json",
                "{\"id\":\"msg_exp_retry\",\"type\":\"message\",\"role\":\"assistant\",\"content\":[{\"type\":\"text\",\"text\":\"Recovered after 5\"}],\"model\":\"claude-3-7-sonnet-latest\",\"stop_reason\":\"end_turn\",\"stop_sequence\":null,\"usage\":{\"input_tokens\":3,\"output_tokens\":2}}",
            ),
        ],
    )
    .await;
    let client = ApiClient::new("test-key")
        .with_base_url(server.base_url())
        .with_retry_policy(8, Duration::from_millis(1), Duration::from_millis(4));
    let started_at = std::time::Instant::now();
    let response = client
        .send_message(&sample_request(false))
        .await
        .expect("8-retry policy should absorb 5 retryable failures");
    let elapsed = started_at.elapsed();
    assert_eq!(response.total_tokens(), 5);
    assert_eq!(
        state.lock().await.len(),
        6,
        "client should issue 1 original + 5 retry requests before the 200"
    );
    // Jittered sleeps are bounded by 2 * max_backoff per retry (base + jitter),
    // so 5 sleeps fit comfortably below this upper bound with generous slack.
    assert!(
        elapsed < Duration::from_secs(5),
        "retries should complete promptly, took {elapsed:?}"
    );
 }
 #[tokio::test]
 #[allow(clippy::await_holding_lock)]
 async fn send_message_reuses_recent_completion_cache_entries() {
@@ -676,6 +742,7 @@ async fn live_stream_smoke_test() {
            tools: None,
            tool_choice: None,
            stream: false,
            ..Default::default()
        })
        .await
        .expect("live stream should start");
@@ -856,5 +923,6 @@ fn sample_request(stream: bool) -> MessageRequest {
        }]),
        tool_choice: Some(ToolChoice::Auto),
        stream,
        ..Default::default()
    }
 }
--- a/rust/crates/api/tests/openai_compat_integration.rs
+++ b/rust/crates/api/tests/openai_compat_integration.rs
@@ -88,6 +88,7 @@ async fn send_message_blocks_oversized_xai_requests_before_the_http_call() {
            tools: None,
            tool_choice: None,
            stream: false,
            ..Default::default()
        })
        .await
        .expect_err("oversized request should fail local context-window preflight");
@@ -496,6 +497,7 @@ fn sample_request(stream: bool) -> MessageRequest {
        }]),
        tool_choice: Some(ToolChoice::Auto),
        stream,
        ..Default::default()
    }
 }
--- a/rust/crates/api/tests/provider_client_integration.rs
+++ b/rust/crates/api/tests/provider_client_integration.rs
@@ -22,7 +22,9 @@ fn provider_client_reports_missing_xai_credentials_for_grok_models() {
        .expect_err("grok requests without XAI_API_KEY should fail fast");
    match error {
-        ApiError::MissingCredentials { provider, env_vars } => {
+        ApiError::MissingCredentials {
            provider, env_vars, ..
        } => {
            assert_eq!(provider, "xAI");
            assert_eq!(env_vars, &["XAI_API_KEY"]);
        }
--- a/rust/crates/api/tests/proxy_integration.rs
+++ b/rust/crates/api/tests/proxy_integration.rs
@@ -0,0 +1,173 @@
 use std::ffi::OsString;
 use std::sync::{Mutex, OnceLock};
 use api::{build_http_client_with, ProxyConfig};
 fn env_lock() -> std::sync::MutexGuard<'static, ()> {
    static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
    LOCK.get_or_init(|| Mutex::new(()))
        .lock()
        .unwrap_or_else(std::sync::PoisonError::into_inner)
 }
 struct EnvVarGuard {
    key: &'static str,
    original: Option<OsString>,
 }
 impl EnvVarGuard {
    fn set(key: &'static str, value: Option<&str>) -> Self {
        let original = std::env::var_os(key);
        match value {
            Some(value) => std::env::set_var(key, value),
            None => std::env::remove_var(key),
        }
        Self { key, original }
    }
 }
 impl Drop for EnvVarGuard {
    fn drop(&mut self) {
        match &self.original {
            Some(value) => std::env::set_var(self.key, value),
            None => std::env::remove_var(self.key),
        }
    }
 }
 #[test]
 fn proxy_config_from_env_reads_uppercase_proxy_vars() {
    // given
    let _lock = env_lock();
    let _http = EnvVarGuard::set("HTTP_PROXY", Some("http://proxy.corp:3128"));
    let _https = EnvVarGuard::set("HTTPS_PROXY", Some("http://secure.corp:3129"));
    let _no = EnvVarGuard::set("NO_PROXY", Some("localhost,127.0.0.1"));
    let _http_lower = EnvVarGuard::set("http_proxy", None);
    let _https_lower = EnvVarGuard::set("https_proxy", None);
    let _no_lower = EnvVarGuard::set("no_proxy", None);
    // when
    let config = ProxyConfig::from_env();
    // then
    assert_eq!(config.http_proxy.as_deref(), Some("http://proxy.corp:3128"));
    assert_eq!(
        config.https_proxy.as_deref(),
        Some("http://secure.corp:3129")
    );
    assert_eq!(config.no_proxy.as_deref(), Some("localhost,127.0.0.1"));
    assert!(config.proxy_url.is_none());
    assert!(!config.is_empty());
 }
 #[test]
 fn proxy_config_from_env_reads_lowercase_proxy_vars() {
    // given
    let _lock = env_lock();
    let _http = EnvVarGuard::set("HTTP_PROXY", None);
    let _https = EnvVarGuard::set("HTTPS_PROXY", None);
    let _no = EnvVarGuard::set("NO_PROXY", None);
    let _http_lower = EnvVarGuard::set("http_proxy", Some("http://lower.corp:3128"));
    let _https_lower = EnvVarGuard::set("https_proxy", Some("http://lower-secure.corp:3129"));
    let _no_lower = EnvVarGuard::set("no_proxy", Some(".internal"));
    // when
    let config = ProxyConfig::from_env();
    // then
    assert_eq!(config.http_proxy.as_deref(), Some("http://lower.corp:3128"));
    assert_eq!(
        config.https_proxy.as_deref(),
        Some("http://lower-secure.corp:3129")
    );
    assert_eq!(config.no_proxy.as_deref(), Some(".internal"));
    assert!(!config.is_empty());
 }
 #[test]
 fn proxy_config_from_env_is_empty_when_no_vars_set() {
    // given
    let _lock = env_lock();
    let _http = EnvVarGuard::set("HTTP_PROXY", None);
    let _https = EnvVarGuard::set("HTTPS_PROXY", None);
    let _no = EnvVarGuard::set("NO_PROXY", None);
    let _http_lower = EnvVarGuard::set("http_proxy", None);
    let _https_lower = EnvVarGuard::set("https_proxy", None);
    let _no_lower = EnvVarGuard::set("no_proxy", None);
    // when
    let config = ProxyConfig::from_env();
    // then
    assert!(config.is_empty());
    assert!(config.http_proxy.is_none());
    assert!(config.https_proxy.is_none());
    assert!(config.no_proxy.is_none());
 }
 #[test]
 fn proxy_config_from_env_treats_empty_values_as_unset() {
    // given
    let _lock = env_lock();
    let _http = EnvVarGuard::set("HTTP_PROXY", Some(""));
    let _https = EnvVarGuard::set("HTTPS_PROXY", Some(""));
    let _http_lower = EnvVarGuard::set("http_proxy", Some(""));
    let _https_lower = EnvVarGuard::set("https_proxy", Some(""));
    let _no = EnvVarGuard::set("NO_PROXY", Some(""));
    let _no_lower = EnvVarGuard::set("no_proxy", Some(""));
    // when
    let config = ProxyConfig::from_env();
    // then
    assert!(config.is_empty());
 }
 #[test]
 fn build_client_with_env_proxy_config_succeeds() {
    // given
    let _lock = env_lock();
    let _http = EnvVarGuard::set("HTTP_PROXY", Some("http://proxy.corp:3128"));
    let _https = EnvVarGuard::set("HTTPS_PROXY", Some("http://secure.corp:3129"));
    let _no = EnvVarGuard::set("NO_PROXY", Some("localhost"));
    let _http_lower = EnvVarGuard::set("http_proxy", None);
    let _https_lower = EnvVarGuard::set("https_proxy", None);
    let _no_lower = EnvVarGuard::set("no_proxy", None);
    let config = ProxyConfig::from_env();
    // when
    let result = build_http_client_with(&config);
    // then
    assert!(result.is_ok());
 }
 #[test]
 fn build_client_with_proxy_url_config_succeeds() {
    // given
    let config = ProxyConfig::from_proxy_url("http://unified.corp:3128");
    // when
    let result = build_http_client_with(&config);
    // then
    assert!(result.is_ok());
 }
 #[test]
 fn proxy_config_from_env_prefers_uppercase_over_lowercase() {
    // given
    let _lock = env_lock();
    let _http_upper = EnvVarGuard::set("HTTP_PROXY", Some("http://upper.corp:3128"));
    let _http_lower = EnvVarGuard::set("http_proxy", Some("http://lower.corp:3128"));
    let _https = EnvVarGuard::set("HTTPS_PROXY", None);
    let _https_lower = EnvVarGuard::set("https_proxy", None);
    let _no = EnvVarGuard::set("NO_PROXY", None);
    let _no_lower = EnvVarGuard::set("no_proxy", None);
    // when
    let config = ProxyConfig::from_env();
    // then
    assert_eq!(config.http_proxy.as_deref(), Some("http://upper.corp:3128"));
 }
--- a/rust/crates/commands/src/lib.rs
+++ b/rust/crates/commands/src/lib.rs
@@ -4,7 +4,7 @@ use std::fmt;
 use std::fs;
 use std::path::{Path, PathBuf};
-use plugins::{PluginError, PluginManager, PluginSummary};
+use plugins::{PluginError, PluginLoadFailure, PluginManager, PluginSummary};
 use runtime::{
    compact_session, CompactionConfig, ConfigLoader, ConfigSource, McpOAuthConfig, McpServerConfig,
    ScopedMcpServerConfig, Session,
@@ -221,8 +221,10 @@ const SLASH_COMMAND_SPECS: &[SlashCommandSpec] = &[
    SlashCommandSpec {
        name: "session",
        aliases: &[],
-        summary: "List, switch, or fork managed local sessions",
+        summary: "List, switch, fork, or delete managed local sessions",
-        argument_hint: Some("[list|switch <session-id>|fork [branch-name]]"),
+        argument_hint: Some(
            "[list|switch <session-id>|fork [branch-name]|delete <session-id> [--force]]",
        ),
        resume_supported: false,
    },
    SlashCommandSpec {
@@ -255,20 +257,6 @@ const SLASH_COMMAND_SPECS: &[SlashCommandSpec] = &[
        argument_hint: None,
        resume_supported: true,
    },
    SlashCommandSpec {
        name: "login",
        aliases: &[],
        summary: "Log in to the service",
        argument_hint: None,
        resume_supported: false,
    },
    SlashCommandSpec {
        name: "logout",
        aliases: &[],
        summary: "Log out of the current session",
        argument_hint: None,
        resume_supported: false,
    },
    SlashCommandSpec {
        name: "plan",
        aliases: &[],
@@ -1188,6 +1176,9 @@ pub enum SlashCommand {
    AddDir {
        path: Option<String>,
    },
    History {
        count: Option<String>,
    },
    Unknown(String),
 }
@@ -1216,6 +1207,83 @@ impl SlashCommand {
    pub fn parse(input: &str) -> Result<Option<Self>, SlashCommandParseError> {
        validate_slash_command_input(input)
    }
    /// Returns the canonical slash-command name (e.g. `"/branch"`) for use in
    /// error messages and logging. Derived from the spec table so it always
    /// matches what the user would have typed.
    #[must_use]
    pub fn slash_name(&self) -> &'static str {
        match self {
            Self::Help => "/help",
            Self::Clear { .. } => "/clear",
            Self::Compact { .. } => "/compact",
            Self::Cost => "/cost",
            Self::Doctor => "/doctor",
            Self::Config { .. } => "/config",
            Self::Memory { .. } => "/memory",
            Self::History { .. } => "/history",
            Self::Diff => "/diff",
            Self::Status => "/status",
            Self::Stats => "/stats",
            Self::Version => "/version",
            Self::Commit { .. } => "/commit",
            Self::Pr { .. } => "/pr",
            Self::Issue { .. } => "/issue",
            Self::Init => "/init",
            Self::Bughunter { .. } => "/bughunter",
            Self::Ultraplan { .. } => "/ultraplan",
            Self::Teleport { .. } => "/teleport",
            Self::DebugToolCall { .. } => "/debug-tool-call",
            Self::Resume { .. } => "/resume",
            Self::Model { .. } => "/model",
            Self::Permissions { .. } => "/permissions",
            Self::Session { .. } => "/session",
            Self::Plugins { .. } => "/plugins",
            Self::Login => "/login",
            Self::Logout => "/logout",
            Self::Vim => "/vim",
            Self::Upgrade => "/upgrade",
            Self::Share => "/share",
            Self::Feedback => "/feedback",
            Self::Files => "/files",
            Self::Fast => "/fast",
            Self::Exit => "/exit",
            Self::Summary => "/summary",
            Self::Desktop => "/desktop",
            Self::Brief => "/brief",
            Self::Advisor => "/advisor",
            Self::Stickers => "/stickers",
            Self::Insights => "/insights",
            Self::Thinkback => "/thinkback",
            Self::ReleaseNotes => "/release-notes",
            Self::SecurityReview => "/security-review",
            Self::Keybindings => "/keybindings",
            Self::PrivacySettings => "/privacy-settings",
            Self::Plan { .. } => "/plan",
            Self::Review { .. } => "/review",
            Self::Tasks { .. } => "/tasks",
            Self::Theme { .. } => "/theme",
            Self::Voice { .. } => "/voice",
            Self::Usage { .. } => "/usage",
            Self::Rename { .. } => "/rename",
            Self::Copy { .. } => "/copy",
            Self::Hooks { .. } => "/hooks",
            Self::Context { .. } => "/context",
            Self::Color { .. } => "/color",
            Self::Effort { .. } => "/effort",
            Self::Branch { .. } => "/branch",
            Self::Rewind { .. } => "/rewind",
            Self::Ide { .. } => "/ide",
            Self::Tag { .. } => "/tag",
            Self::OutputStyle { .. } => "/output-style",
            Self::AddDir { .. } => "/add-dir",
            Self::Sandbox => "/sandbox",
            Self::Mcp { .. } => "/mcp",
            Self::Export { .. } => "/export",
            #[allow(unreachable_patterns)]
            _ => "/unknown",
        }
    }
 }
 #[allow(clippy::too_many_lines)]
@@ -1315,17 +1383,16 @@ pub fn validate_slash_command_input(
        "skills" | "skill" => SlashCommand::Skills {
            args: parse_skills_args(remainder.as_deref())?,
        },
-        "doctor" => {
+        "doctor" | "providers" => {
            validate_no_args(command, &args)?;
            SlashCommand::Doctor
        }
-        "login" => {
+        "login" | "logout" => {
-            validate_no_args(command, &args)?;
+            return Err(command_error(
-            SlashCommand::Login
+                "This auth flow was removed. Set ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN instead.",
-        }
+                command,
-        "logout" => {
+                "",
-            validate_no_args(command, &args)?;
+            ));
            SlashCommand::Logout
        }
        "vim" => {
            validate_no_args(command, &args)?;
@@ -1335,7 +1402,7 @@ pub fn validate_slash_command_input(
            validate_no_args(command, &args)?;
            SlashCommand::Upgrade
        }
-        "stats" => {
+        "stats" | "tokens" | "cache" => {
            validate_no_args(command, &args)?;
            SlashCommand::Stats
        }
@@ -1421,6 +1488,9 @@ pub fn validate_slash_command_input(
        "tag" => SlashCommand::Tag { label: remainder },
        "output-style" => SlashCommand::OutputStyle { style: remainder },
        "add-dir" => SlashCommand::AddDir { path: remainder },
        "history" => SlashCommand::History {
            count: optional_single_arg(command, &args, "[count]")?,
        },
        other => SlashCommand::Unknown(other.to_string()),
    }))
 }
@@ -1520,7 +1590,7 @@ fn parse_session_command(args: &[&str]) -> Result<SlashCommand, SlashCommandPars
            action: Some("list".to_string()),
            target: None,
        }),
-        ["list", ..] => Err(usage_error("session", "[list|switch <session-id>|fork [branch-name]]")),
+        ["list", ..] => Err(usage_error("session", "[list|switch <session-id>|fork [branch-name]|delete <session-id> [--force]]")),
        ["switch"] => Err(usage_error("session switch", "<session-id>")),
        ["switch", target] => Ok(SlashCommand::Session {
            action: Some("switch".to_string()),
@@ -1544,12 +1614,33 @@ fn parse_session_command(args: &[&str]) -> Result<SlashCommand, SlashCommandPars
            "session",
            "/session fork [branch-name]",
        )),
-        [action, ..] => Err(command_error(
+        ["delete"] => Err(usage_error("session delete", "<session-id> [--force]")),
        ["delete", target] => Ok(SlashCommand::Session {
            action: Some("delete".to_string()),
            target: Some((*target).to_string()),
        }),
        ["delete", target, "--force"] => Ok(SlashCommand::Session {
            action: Some("delete-force".to_string()),
            target: Some((*target).to_string()),
        }),
        ["delete", _target, unexpected] => Err(command_error(
            &format!(
-                "Unknown /session action '{action}'. Use list, switch <session-id>, or fork [branch-name]."
+                "Unsupported /session delete flag '{unexpected}'. Use --force to skip confirmation."
            ),
            "session",
-            "/session [list|switch <session-id>|fork [branch-name]]",
+            "/session delete <session-id> [--force]",
        )),
        ["delete", ..] => Err(command_error(
            "Unexpected arguments for /session delete.",
            "session",
            "/session delete <session-id> [--force]",
        )),
        [action, ..] => Err(command_error(
            &format!(
                "Unknown /session action '{action}'. Use list, switch <session-id>, fork [branch-name], or delete <session-id> [--force]."
            ),
            "session",
            "/session [list|switch <session-id>|fork [branch-name]|delete <session-id> [--force]]",
        )),
    }
 }
@@ -1786,24 +1877,21 @@ pub fn resume_supported_slash_commands() -> Vec<&'static SlashCommandSpec> {
 fn slash_command_category(name: &str) -> &'static str {
    match name {
-        "help" | "status" | "sandbox" | "model" | "permissions" | "cost" | "resume" | "session"
+        "help" | "status" | "cost" | "resume" | "session" | "version" | "usage" | "stats"
-        | "version" | "login" | "logout" | "usage" | "stats" | "rename" | "privacy-settings" => {
+        | "rename" | "clear" | "compact" | "history" | "tokens" | "cache" | "exit" | "summary"
-            "Session & visibility"
+        | "tag" | "thinkback" | "copy" | "share" | "feedback" | "rewind" | "pin" | "unpin"
        | "bookmarks" | "context" | "files" | "focus" | "unfocus" | "retry" | "stop" | "undo" => {
            "Session"
        }
-        "compact" | "clear" | "config" | "memory" | "init" | "diff" | "commit" | "pr" | "issue"
+        "model" | "permissions" | "config" | "memory" | "theme" | "vim" | "voice" | "color"
-        | "export" | "plugin" | "branch" | "add-dir" | "files" | "hooks" | "release-notes" => {
+        | "effort" | "fast" | "brief" | "output-style" | "keybindings" | "privacy-settings"
-            "Workspace & git"
+        | "stickers" | "language" | "profile" | "max-tokens" | "temperature" | "system-prompt"
-        }
+        | "api-key" | "terminal-setup" | "notifications" | "telemetry" | "providers" | "env"
-        "agents" | "skills" | "teleport" | "debug-tool-call" | "mcp" | "context" | "tasks"
+        | "project" | "reasoning" | "budget" | "rate-limit" | "workspace" | "reset" | "ide"
-        | "doctor" | "ide" | "desktop" => "Discovery & debugging",
+        | "desktop" | "upgrade" => "Config",
-        "bughunter" | "ultraplan" | "review" | "security-review" | "advisor" | "insights" => {
+        "debug-tool-call" | "doctor" | "sandbox" | "diagnostics" | "tool-details" | "changelog"
-            "Analysis & automation"
+        | "metrics" => "Debug",
-        }
+        _ => "Tools",
        "theme" | "vim" | "voice" | "color" | "effort" | "fast" | "brief" | "output-style"
        | "keybindings" | "stickers" => "Appearance & input",
        "copy" | "share" | "feedback" | "summary" | "tag" | "thinkback" | "plan" | "exit"
        | "upgrade" | "rewind" => "Communication & control",
        _ => "Other",
    }
 }
@@ -1904,6 +1992,42 @@ pub fn suggest_slash_commands(input: &str, limit: usize) -> Vec<String> {
 }
 #[must_use]
 /// Render the slash-command help section, optionally excluding stub commands
 /// (commands that are registered in the spec list but not yet implemented).
 /// Pass an empty slice to include all commands.
 pub fn render_slash_command_help_filtered(exclude: &[&str]) -> String {
    let mut lines = vec![
        "Slash commands".to_string(),
        "  Start here        /status, /diff, /agents, /skills, /commit".to_string(),
        "  [resume]          also works with --resume SESSION.jsonl".to_string(),
        String::new(),
    ];
    let categories = ["Session", "Tools", "Config", "Debug"];
    for category in categories {
        lines.push(category.to_string());
        for spec in slash_command_specs()
            .iter()
            .filter(|spec| slash_command_category(spec.name) == category)
            .filter(|spec| !exclude.contains(&spec.name))
        {
            lines.push(format_slash_command_help_line(spec));
        }
        lines.push(String::new());
    }
    lines
        .into_iter()
        .rev()
        .skip_while(String::is_empty)
        .collect::<Vec<_>>()
        .into_iter()
        .rev()
        .collect::<Vec<_>>()
        .join("\n")
 }
 pub fn render_slash_command_help() -> String {
    let mut lines = vec![
        "Slash commands".to_string(),
@@ -1912,12 +2036,7 @@ pub fn render_slash_command_help() -> String {
        String::new(),
    ];
-    let categories = [
+    let categories = ["Session", "Tools", "Config", "Debug"];
        "Session & visibility",
        "Workspace & git",
        "Discovery & debugging",
        "Analysis & automation",
    ];
    for category in categories {
        lines.push(category.to_string());
@@ -1930,6 +2049,12 @@ pub fn render_slash_command_help() -> String {
        lines.push(String::new());
    }
    lines.push("Keyboard shortcuts".to_string());
    lines.push("  Up/Down              Navigate prompt history".to_string());
    lines.push("  Tab                  Complete commands, modes, and recent sessions".to_string());
    lines.push("  Ctrl-C               Clear input (or exit on empty prompt)".to_string());
    lines.push("  Shift+Enter/Ctrl+J   Insert a newline".to_string());
    lines
        .into_iter()
        .rev()
@@ -2061,10 +2186,15 @@ pub fn handle_plugins_slash_command(
    manager: &mut PluginManager,
 ) -> Result<PluginsCommandResult, PluginError> {
    match action {
-        None | Some("list") => Ok(PluginsCommandResult {
+        None | Some("list") => {
-            message: render_plugins_report(&manager.list_installed_plugins()?),
+            let report = manager.installed_plugin_registry_report()?;
-            reload_runtime: false,
+            let plugins = report.summaries();
-        }),
+            let failures = report.failures();
            Ok(PluginsCommandResult {
                message: render_plugins_report_with_failures(&plugins, failures),
                reload_runtime: false,
            })
        }
        Some("install") => {
            let Some(target) = target else {
                return Ok(PluginsCommandResult {
@@ -2314,8 +2444,7 @@ pub fn resolve_skill_invocation(
            .unwrap_or_default();
        if !skill_token.is_empty() {
            if let Err(error) = resolve_skill_path(cwd, skill_token) {
-                let mut message =
+                let mut message = format!("Unknown skill: {skill_token} ({error})");
                    format!("Unknown skill: {skill_token} ({error})");
                let roots = discover_skill_roots(cwd);
                if let Ok(available) = load_skills_from_roots(&roots) {
                    let names: Vec<String> = available
@@ -2324,15 +2453,11 @@ pub fn resolve_skill_invocation(
                        .map(|s| s.name.clone())
                        .collect();
                    if !names.is_empty() {
-                        message.push_str(&format!(
+                        message.push_str("\n  Available skills: ");
-                            "\n  Available skills: {}",
+                        message.push_str(&names.join(", "));
                            names.join(", ")
                        ));
                    }
                }
-                message.push_str(
+                message.push_str("\n  Usage: /skills [list|install <path>|help|<skill> [args]]");
                    "\n  Usage: /skills [list|install <path>|help|<skill> [args]]",
                );
                return Err(message);
            }
        }
@@ -2524,6 +2649,48 @@ pub fn render_plugins_report(plugins: &[PluginSummary]) -> String {
    lines.join("\n")
 }
 #[must_use]
 pub fn render_plugins_report_with_failures(
    plugins: &[PluginSummary],
    failures: &[PluginLoadFailure],
 ) -> String {
    let mut lines = vec!["Plugins".to_string()];
    // Show successfully loaded plugins
    if plugins.is_empty() {
        lines.push("  No plugins installed.".to_string());
    } else {
        for plugin in plugins {
            let enabled = if plugin.enabled {
                "enabled"
            } else {
                "disabled"
            };
            lines.push(format!(
                "  {name:<20} v{version:<10} {enabled}",
                name = plugin.metadata.name,
                version = plugin.metadata.version,
            ));
        }
    }
    // Show warnings for broken plugins
    if !failures.is_empty() {
        lines.push(String::new());
        lines.push("Warnings:".to_string());
        for failure in failures {
            lines.push(format!(
                "  ⚠️  Failed to load {} plugin from `{}`",
                failure.kind,
                failure.plugin_root.display()
            ));
            lines.push(format!("      Error: {}", failure.error()));
        }
    }
    lines.join("\n")
 }
 fn render_plugin_install_report(plugin_id: &str, plugin: Option<&PluginSummary>) -> String {
    let name = plugin.map_or(plugin_id, |plugin| plugin.metadata.name.as_str());
    let version = plugin.map_or("unknown", |plugin| plugin.metadata.version.as_str());
@@ -3942,6 +4109,7 @@ pub fn handle_slash_command(
        | SlashCommand::Tag { .. }
        | SlashCommand::OutputStyle { .. }
        | SlashCommand::AddDir { .. }
        | SlashCommand::History { .. }
        | SlashCommand::Unknown(_) => None,
    }
 }
@@ -3953,12 +4121,15 @@ mod tests {
        handle_plugins_slash_command, handle_skills_slash_command_json, handle_slash_command,
        load_agents_from_roots, load_skills_from_roots, render_agents_report,
        render_agents_report_json, render_mcp_report_json_for, render_plugins_report,
-        render_skills_report, render_slash_command_help, render_slash_command_help_detail,
+        render_plugins_report_with_failures, render_skills_report, render_slash_command_help,
-        resolve_skill_path, resume_supported_slash_commands, slash_command_specs,
+        render_slash_command_help_detail, resolve_skill_path, resume_supported_slash_commands,
-        suggest_slash_commands, validate_slash_command_input, DefinitionSource, SkillOrigin,
+        slash_command_specs, suggest_slash_commands, validate_slash_command_input,
-        SkillRoot, SkillSlashDispatch, SlashCommand,
+        DefinitionSource, SkillOrigin, SkillRoot, SkillSlashDispatch, SlashCommand,
    };
    use plugins::{
        PluginError, PluginKind, PluginLoadFailure, PluginManager, PluginManagerConfig,
        PluginMetadata, PluginSummary,
    };
    use plugins::{PluginKind, PluginManager, PluginManagerConfig, PluginMetadata, PluginSummary};
    use runtime::{
        CompactionConfig, ConfigLoader, ContentBlock, ConversationMessage, MessageRole, Session,
    };
@@ -3981,6 +4152,24 @@ mod tests {
        LOCK.get_or_init(|| Mutex::new(()))
    }
    fn env_guard() -> std::sync::MutexGuard<'static, ()> {
        env_lock()
            .lock()
            .unwrap_or_else(std::sync::PoisonError::into_inner)
    }
    #[test]
    fn env_guard_recovers_after_poisoning() {
        let poisoned = std::thread::spawn(|| {
            let _guard = env_guard();
            panic!("poison env lock");
        })
        .join();
        assert!(poisoned.is_err(), "poisoning thread should panic");
        let _guard = env_guard();
    }
    fn restore_env_var(key: &str, original: Option<OsString>) {
        match original {
            Some(value) => std::env::set_var(key, value),
@@ -4256,6 +4445,47 @@ mod tests {
        );
    }
    #[test]
    fn parses_history_command_without_count() {
        // given
        let input = "/history";
        // when
        let parsed = SlashCommand::parse(input);
        // then
        assert_eq!(parsed, Ok(Some(SlashCommand::History { count: None })));
    }
    #[test]
    fn parses_history_command_with_numeric_count() {
        // given
        let input = "/history 25";
        // when
        let parsed = SlashCommand::parse(input);
        // then
        assert_eq!(
            parsed,
            Ok(Some(SlashCommand::History {
                count: Some("25".to_string())
            }))
        );
    }
    #[test]
    fn rejects_history_with_extra_arguments() {
        // given
        let input = "/history 25 extra";
        // when
        let error = parse_error_message(input);
        // then
        assert!(error.contains("Usage: /history [count]"));
    }
    #[test]
    fn rejects_unexpected_arguments_for_no_arg_commands() {
        // given
@@ -4297,7 +4527,7 @@ mod tests {
        // then
        assert!(error.contains("Usage: /teleport <symbol-or-path>"));
-        assert!(error.contains("  Category         Discovery & debugging"));
+        assert!(error.contains("  Category         Tools"));
    }
    #[test]
@@ -4366,15 +4596,23 @@ mod tests {
        assert!(action_error.contains("  Usage            /mcp [list|show <server>|help]"));
    }
    #[test]
    fn removed_login_and_logout_commands_report_env_auth_guidance() {
        let login_error = parse_error_message("/login");
        assert!(login_error.contains("ANTHROPIC_API_KEY"));
        let logout_error = parse_error_message("/logout");
        assert!(logout_error.contains("ANTHROPIC_AUTH_TOKEN"));
    }
    #[test]
    fn renders_help_from_shared_specs() {
        let help = render_slash_command_help();
        assert!(help.contains("Start here        /status, /diff, /agents, /skills, /commit"));
        assert!(help.contains("[resume]          also works with --resume SESSION.jsonl"));
-        assert!(help.contains("Session & visibility"));
+        assert!(help.contains("Session"));
-        assert!(help.contains("Workspace & git"));
+        assert!(help.contains("Tools"));
-        assert!(help.contains("Discovery & debugging"));
+        assert!(help.contains("Config"));
-        assert!(help.contains("Analysis & automation"));
+        assert!(help.contains("Debug"));
        assert!(help.contains("/help"));
        assert!(help.contains("/status"));
        assert!(help.contains("/sandbox"));
@@ -4398,7 +4636,7 @@ mod tests {
        assert!(help.contains("/diff"));
        assert!(help.contains("/version"));
        assert!(help.contains("/export [file]"));
-        assert!(help.contains("/session [list|switch <session-id>|fork [branch-name]]"));
+        assert!(help.contains("/session"), "help must mention /session");
        assert!(help.contains("/sandbox"));
        assert!(help.contains(
            "/plugin [list|install <path>|enable <name>|disable <name>|uninstall <id>|update <id>]"
@@ -4407,10 +4645,59 @@ mod tests {
        assert!(help.contains("/agents [list|help]"));
        assert!(help.contains("/skills [list|install <path>|help|<skill> [args]]"));
        assert!(help.contains("aliases: /skill"));
-        assert_eq!(slash_command_specs().len(), 141);
+        assert!(!help.contains("/login"));
        assert!(!help.contains("/logout"));
        assert_eq!(slash_command_specs().len(), 139);
        assert!(resume_supported_slash_commands().len() >= 39);
    }
    #[test]
    fn renders_help_with_grouped_categories_and_keyboard_shortcuts() {
        // given
        let categories = ["Session", "Tools", "Config", "Debug"];
        // when
        let help = render_slash_command_help();
        // then
        for category in categories {
            assert!(
                help.contains(category),
                "expected help to contain category {category}"
            );
        }
        let session_index = help.find("Session").expect("Session header should exist");
        let tools_index = help.find("Tools").expect("Tools header should exist");
        let config_index = help.find("Config").expect("Config header should exist");
        let debug_index = help.find("Debug").expect("Debug header should exist");
        assert!(session_index < tools_index);
        assert!(tools_index < config_index);
        assert!(config_index < debug_index);
        assert!(help.contains("Keyboard shortcuts"));
        assert!(help.contains("Up/Down              Navigate prompt history"));
        assert!(help.contains("Tab                  Complete commands, modes, and recent sessions"));
        assert!(help.contains("Ctrl-C               Clear input (or exit on empty prompt)"));
        assert!(help.contains("Shift+Enter/Ctrl+J   Insert a newline"));
        // every command should still render with a summary line
        for spec in slash_command_specs() {
            let usage = match spec.argument_hint {
                Some(hint) => format!("/{} {hint}", spec.name),
                None => format!("/{}", spec.name),
            };
            assert!(
                help.contains(&usage),
                "expected help to contain command {usage}"
            );
            assert!(
                help.contains(spec.summary),
                "expected help to contain summary for /{}",
                spec.name
            );
        }
    }
    #[test]
    fn renders_per_command_help_detail() {
        // given
@@ -4423,7 +4710,7 @@ mod tests {
        assert!(help.contains("/plugin"));
        assert!(help.contains("Summary          Manage Claw Code plugins"));
        assert!(help.contains("Aliases          /plugins, /marketplace"));
-        assert!(help.contains("Category         Workspace & git"));
+        assert!(help.contains("Category         Tools"));
    }
    #[test]
@@ -4431,7 +4718,7 @@ mod tests {
        let help = render_slash_command_help_detail("mcp").expect("detail help should exist");
        assert!(help.contains("/mcp"));
        assert!(help.contains("Summary          Inspect configured MCP servers"));
-        assert!(help.contains("Category         Discovery & debugging"));
+        assert!(help.contains("Category         Tools"));
        assert!(help.contains("Resume           Supported with --resume SESSION.jsonl"));
    }
@@ -4491,7 +4778,14 @@ mod tests {
        )
        .expect("slash command should be handled");
-        assert!(result.message.contains("Compacted 2 messages"));
+        // With the tool-use/tool-result boundary guard the compaction may
        // preserve one extra message, so 1 or 2 messages may be removed.
        assert!(
            result.message.contains("Compacted 1 messages")
                || result.message.contains("Compacted 2 messages"),
            "unexpected compaction message: {}",
            result.message
        );
        assert_eq!(result.session.messages[0].role, MessageRole::System);
    }
@@ -4611,6 +4905,36 @@ mod tests {
        assert!(rendered.contains("disabled"));
    }
    #[test]
    fn renders_plugins_report_with_broken_plugin_warnings() {
        let rendered = render_plugins_report_with_failures(
            &[PluginSummary {
                metadata: PluginMetadata {
                    id: "demo@external".to_string(),
                    name: "demo".to_string(),
                    version: "1.2.3".to_string(),
                    description: "demo plugin".to_string(),
                    kind: PluginKind::External,
                    source: "demo".to_string(),
                    default_enabled: false,
                    root: None,
                },
                enabled: true,
            }],
            &[PluginLoadFailure::new(
                PathBuf::from("/tmp/broken-plugin"),
                PluginKind::External,
                "broken".to_string(),
                PluginError::InvalidManifest("hook path `hooks/pre.sh` does not exist".to_string()),
            )],
        );
        assert!(rendered.contains("Warnings:"));
        assert!(rendered.contains("Failed to load external plugin"));
        assert!(rendered.contains("/tmp/broken-plugin"));
        assert!(rendered.contains("does not exist"));
    }
    #[test]
    fn lists_agents_from_project_and_user_roots() {
        let workspace = temp_dir("agents-workspace");
@@ -4908,7 +5232,7 @@ mod tests {
    #[test]
    fn discovers_omc_skills_from_project_and_user_compatibility_roots() {
-        let _guard = env_lock().lock().expect("env lock");
+        let _guard = env_guard();
        let workspace = temp_dir("skills-omc-workspace");
        let user_home = temp_dir("skills-omc-home");
        let claude_config_dir = temp_dir("skills-omc-claude-config");
--- a/rust/crates/compat-harness/src/lib.rs
+++ b/rust/crates/compat-harness/src/lib.rs
@@ -18,6 +18,12 @@ impl UpstreamPaths {
        }
    }
    /// Returns the repository root path.
    #[must_use]
    pub fn repo_root(&self) -> &Path {
        &self.repo_root
    }
    #[must_use]
    pub fn from_workspace_dir(workspace_dir: impl AsRef<Path>) -> Self {
        let workspace_dir = workspace_dir
--- a/rust/crates/plugins/src/hooks.rs
+++ b/rust/crates/plugins/src/hooks.rs
@@ -337,7 +337,28 @@ impl CommandWithStdin {
        let mut child = self.command.spawn()?;
        if let Some(mut child_stdin) = child.stdin.take() {
            use std::io::Write as _;
-            child_stdin.write_all(stdin)?;
+            // Tolerate BrokenPipe: a hook script that runs to completion
            // (or exits early without reading stdin) closes its stdin
            // before the parent finishes writing the JSON payload, and
            // the kernel raises EPIPE on the parent's write_all. That is
            // not a hook failure — the child still exited cleanly and we
            // still need to wait_with_output() to capture stdout/stderr
            // and the real exit code. Other write errors (e.g. EIO,
            // permission, OOM) still propagate.
            //
            // This was the root cause of the Linux CI flake on
            // hooks::tests::collects_and_runs_hooks_from_enabled_plugins
            // (ROADMAP #25, runs 24120271422 / 24120538408 / 24121392171
            // / 24121776826): the test hook scripts run in microseconds
            // and the parent's stdin write races against child exit.
            // macOS pipes happen to buffer the small payload before the
            // child exits; Linux pipes do not, so the race shows up
            // deterministically on ubuntu runners.
            match child_stdin.write_all(stdin) {
                Ok(()) => {}
                Err(error) if error.kind() == std::io::ErrorKind::BrokenPipe => {}
                Err(error) => return Err(error),
            }
        }
        child.wait_with_output()
    }
@@ -359,6 +380,18 @@ mod tests {
        std::env::temp_dir().join(format!("plugins-hook-runner-{label}-{nanos}"))
    }
    fn make_executable(path: &Path) {
        #[cfg(unix)]
        {
            use std::os::unix::fs::PermissionsExt;
            let perms = fs::Permissions::from_mode(0o755);
            fs::set_permissions(path, perms)
                .unwrap_or_else(|e| panic!("chmod +x {}: {e}", path.display()));
        }
        #[cfg(not(unix))]
        let _ = path;
    }
    fn write_hook_plugin(
        root: &Path,
        name: &str,
@@ -368,21 +401,30 @@ mod tests {
    ) {
        fs::create_dir_all(root.join(".claude-plugin")).expect("manifest dir");
        fs::create_dir_all(root.join("hooks")).expect("hooks dir");
        let pre_path = root.join("hooks").join("pre.sh");
        fs::write(
-            root.join("hooks").join("pre.sh"),
+            &pre_path,
            format!("#!/bin/sh\nprintf '%s\\n' '{pre_message}'\n"),
        )
        .expect("write pre hook");
        make_executable(&pre_path);
        let post_path = root.join("hooks").join("post.sh");
        fs::write(
-            root.join("hooks").join("post.sh"),
+            &post_path,
            format!("#!/bin/sh\nprintf '%s\\n' '{post_message}'\n"),
        )
        .expect("write post hook");
        make_executable(&post_path);
        let failure_path = root.join("hooks").join("failure.sh");
        fs::write(
-            root.join("hooks").join("failure.sh"),
+            &failure_path,
            format!("#!/bin/sh\nprintf '%s\\n' '{failure_message}'\n"),
        )
        .expect("write failure hook");
        make_executable(&failure_path);
        fs::write(
            root.join(".claude-plugin").join("plugin.json"),
            format!(
@@ -496,4 +538,27 @@ mod tests {
            .iter()
            .any(|message| message == "later plugin hook"));
    }
    #[test]
    #[cfg(unix)]
    fn generated_hook_scripts_are_executable() {
        use std::os::unix::fs::PermissionsExt;
        // given
        let root = temp_dir("exec-guard");
        write_hook_plugin(&root, "exec-check", "pre", "post", "fail");
        // then
        for script in ["pre.sh", "post.sh", "failure.sh"] {
            let path = root.join("hooks").join(script);
            let mode = fs::metadata(&path)
                .unwrap_or_else(|e| panic!("{script} metadata: {e}"))
                .permissions()
                .mode();
            assert!(
                mode & 0o111 != 0,
                "{script} must have at least one execute bit set, got mode {mode:#o}"
            );
        }
    }
 }
--- a/rust/crates/plugins/src/lib.rs
+++ b/rust/crates/plugins/src/lib.rs
@@ -1,10 +1,13 @@
 mod hooks;
 #[cfg(test)]
 pub mod test_isolation;
 use std::collections::{BTreeMap, BTreeSet};
 use std::fmt::{Display, Formatter};
 use std::fs;
 use std::path::{Path, PathBuf};
 use std::process::{Command, Stdio};
 use std::sync::atomic::{AtomicU64, Ordering};
 use std::time::{SystemTime, UNIX_EPOCH};
 use serde::{Deserialize, Serialize};
@@ -2160,7 +2163,13 @@ fn materialize_source(
    match source {
        PluginInstallSource::LocalPath { path } => Ok(path.clone()),
        PluginInstallSource::GitUrl { url } => {
-            let destination = temp_root.join(format!("plugin-{}", unix_time_ms()));
+            static MATERIALIZE_COUNTER: AtomicU64 = AtomicU64::new(0);
            let unique = MATERIALIZE_COUNTER.fetch_add(1, Ordering::Relaxed);
            let nanos = SystemTime::now()
                .duration_since(UNIX_EPOCH)
                .unwrap()
                .as_nanos();
            let destination = temp_root.join(format!("plugin-{nanos}-{unique}"));
            let output = Command::new("git")
                .arg("clone")
                .arg("--depth")
@@ -2273,10 +2282,24 @@ fn ensure_object<'a>(root: &'a mut Map<String, Value>, key: &str) -> &'a mut Map
        .expect("object should exist")
 }
 /// Environment variable lock for test isolation.
 /// Guards against concurrent modification of `CLAW_CONFIG_HOME`.
 #[cfg(test)]
 fn env_lock() -> &'static std::sync::Mutex<()> {
    static ENV_LOCK: std::sync::Mutex<()> = std::sync::Mutex::new(());
    &ENV_LOCK
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    fn env_guard() -> std::sync::MutexGuard<'static, ()> {
        env_lock()
            .lock()
            .unwrap_or_else(std::sync::PoisonError::into_inner)
    }
    fn temp_dir(label: &str) -> PathBuf {
        let nanos = std::time::SystemTime::now()
            .duration_since(std::time::UNIX_EPOCH)
@@ -2285,6 +2308,18 @@ mod tests {
        std::env::temp_dir().join(format!("plugins-{label}-{nanos}"))
    }
    #[test]
    fn env_guard_recovers_after_poisoning() {
        let poisoned = std::thread::spawn(|| {
            let _guard = env_guard();
            panic!("poison env lock");
        })
        .join();
        assert!(poisoned.is_err(), "poisoning thread should panic");
        let _guard = env_guard();
    }
    fn write_file(path: &Path, contents: &str) {
        if let Some(parent) = path.parent() {
            fs::create_dir_all(parent).expect("parent dir");
@@ -2468,6 +2503,7 @@ mod tests {
    #[test]
    fn load_plugin_from_directory_validates_required_fields() {
        let _guard = env_guard();
        let root = temp_dir("manifest-required");
        write_file(
            root.join(MANIFEST_FILE_NAME).as_path(),
@@ -2482,6 +2518,7 @@ mod tests {
    #[test]
    fn load_plugin_from_directory_reads_root_manifest_and_validates_entries() {
        let _guard = env_guard();
        let root = temp_dir("manifest-root");
        write_loader_plugin(&root);
@@ -2511,6 +2548,7 @@ mod tests {
    #[test]
    fn load_plugin_from_directory_supports_packaged_manifest_path() {
        let _guard = env_guard();
        let root = temp_dir("manifest-packaged");
        write_external_plugin(&root, "packaged-demo", "1.0.0");
@@ -2524,6 +2562,7 @@ mod tests {
    #[test]
    fn load_plugin_from_directory_defaults_optional_fields() {
        let _guard = env_guard();
        let root = temp_dir("manifest-defaults");
        write_file(
            root.join(MANIFEST_FILE_NAME).as_path(),
@@ -2545,6 +2584,7 @@ mod tests {
    #[test]
    fn load_plugin_from_directory_rejects_duplicate_permissions_and_commands() {
        let _guard = env_guard();
        let root = temp_dir("manifest-duplicates");
        write_file(
            root.join("commands").join("sync.sh").as_path(),
@@ -2840,6 +2880,7 @@ mod tests {
    #[test]
    fn discovers_builtin_and_bundled_plugins() {
        let _guard = env_guard();
        let manager = PluginManager::new(PluginManagerConfig::new(temp_dir("discover")));
        let plugins = manager.list_plugins().expect("plugins should list");
        assert!(plugins
@@ -2852,6 +2893,7 @@ mod tests {
    #[test]
    fn installs_enables_updates_and_uninstalls_external_plugins() {
        let _guard = env_guard();
        let config_home = temp_dir("home");
        let source_root = temp_dir("source");
        write_external_plugin(&source_root, "demo", "1.0.0");
@@ -2900,6 +2942,7 @@ mod tests {
    #[test]
    fn auto_installs_bundled_plugins_into_the_registry() {
        let _guard = env_guard();
        let config_home = temp_dir("bundled-home");
        let bundled_root = temp_dir("bundled-root");
        write_bundled_plugin(&bundled_root.join("starter"), "starter", "0.1.0", false);
@@ -2931,6 +2974,7 @@ mod tests {
    #[test]
    fn default_bundled_root_loads_repo_bundles_as_installed_plugins() {
        let _guard = env_guard();
        let config_home = temp_dir("default-bundled-home");
        let manager = PluginManager::new(PluginManagerConfig::new(&config_home));
@@ -2949,6 +2993,7 @@ mod tests {
    #[test]
    fn bundled_sync_prunes_removed_bundled_registry_entries() {
        let _guard = env_guard();
        let config_home = temp_dir("bundled-prune-home");
        let bundled_root = temp_dir("bundled-prune-root");
        let stale_install_path = config_home
@@ -3012,6 +3057,7 @@ mod tests {
    #[test]
    fn installed_plugin_discovery_keeps_registry_entries_outside_install_root() {
        let _guard = env_guard();
        let config_home = temp_dir("registry-fallback-home");
        let bundled_root = temp_dir("registry-fallback-bundled");
        let install_root = config_home.join("plugins").join("installed");
@@ -3066,6 +3112,7 @@ mod tests {
    #[test]
    fn installed_plugin_discovery_prunes_stale_registry_entries() {
        let _guard = env_guard();
        let config_home = temp_dir("registry-prune-home");
        let bundled_root = temp_dir("registry-prune-bundled");
        let install_root = config_home.join("plugins").join("installed");
@@ -3111,6 +3158,7 @@ mod tests {
    #[test]
    fn persists_bundled_plugin_enable_state_across_reloads() {
        let _guard = env_guard();
        let config_home = temp_dir("bundled-state-home");
        let bundled_root = temp_dir("bundled-state-root");
        write_bundled_plugin(&bundled_root.join("starter"), "starter", "0.1.0", false);
@@ -3144,6 +3192,7 @@ mod tests {
    #[test]
    fn persists_bundled_plugin_disable_state_across_reloads() {
        let _guard = env_guard();
        let config_home = temp_dir("bundled-disabled-home");
        let bundled_root = temp_dir("bundled-disabled-root");
        write_bundled_plugin(&bundled_root.join("starter"), "starter", "0.1.0", true);
@@ -3177,6 +3226,7 @@ mod tests {
    #[test]
    fn validates_plugin_source_before_install() {
        let _guard = env_guard();
        let config_home = temp_dir("validate-home");
        let source_root = temp_dir("validate-source");
        write_external_plugin(&source_root, "validator", "1.0.0");
@@ -3191,6 +3241,7 @@ mod tests {
    #[test]
    fn plugin_registry_tracks_enabled_state_and_lookup() {
        let _guard = env_guard();
        let config_home = temp_dir("registry-home");
        let source_root = temp_dir("registry-source");
        write_external_plugin(&source_root, "registry-demo", "1.0.0");
@@ -3218,6 +3269,7 @@ mod tests {
    #[test]
    fn plugin_registry_report_collects_load_failures_without_dropping_valid_plugins() {
        let _guard = env_guard();
        // given
        let config_home = temp_dir("report-home");
        let external_root = temp_dir("report-external");
@@ -3262,6 +3314,7 @@ mod tests {
    #[test]
    fn installed_plugin_registry_report_collects_load_failures_from_install_root() {
        let _guard = env_guard();
        // given
        let config_home = temp_dir("installed-report-home");
        let bundled_root = temp_dir("installed-report-bundled");
@@ -3292,6 +3345,7 @@ mod tests {
    #[test]
    fn rejects_plugin_sources_with_missing_hook_paths() {
        let _guard = env_guard();
        // given
        let config_home = temp_dir("broken-home");
        let source_root = temp_dir("broken-source");
@@ -3319,6 +3373,7 @@ mod tests {
    #[test]
    fn rejects_plugin_sources_with_missing_failure_hook_paths() {
        let _guard = env_guard();
        // given
        let config_home = temp_dir("broken-failure-home");
        let source_root = temp_dir("broken-failure-source");
@@ -3346,6 +3401,7 @@ mod tests {
    #[test]
    fn plugin_registry_runs_initialize_and_shutdown_for_enabled_plugins() {
        let _guard = env_guard();
        let config_home = temp_dir("lifecycle-home");
        let source_root = temp_dir("lifecycle-source");
        let _ = write_lifecycle_plugin(&source_root, "lifecycle-demo", "1.0.0");
@@ -3369,6 +3425,7 @@ mod tests {
    #[test]
    fn aggregates_and_executes_plugin_tools() {
        let _guard = env_guard();
        let config_home = temp_dir("tool-home");
        let source_root = temp_dir("tool-source");
        write_tool_plugin(&source_root, "tool-demo", "1.0.0");
@@ -3397,6 +3454,7 @@ mod tests {
    #[test]
    fn list_installed_plugins_scans_install_root_without_registry_entries() {
        let _guard = env_guard();
        let config_home = temp_dir("installed-scan-home");
        let bundled_root = temp_dir("installed-scan-bundled");
        let install_root = config_home.join("plugins").join("installed");
@@ -3428,6 +3486,7 @@ mod tests {
    #[test]
    fn list_installed_plugins_scans_packaged_manifests_in_install_root() {
        let _guard = env_guard();
        let config_home = temp_dir("installed-packaged-scan-home");
        let bundled_root = temp_dir("installed-packaged-scan-bundled");
        let install_root = config_home.join("plugins").join("installed");
@@ -3456,4 +3515,143 @@ mod tests {
        let _ = fs::remove_dir_all(config_home);
        let _ = fs::remove_dir_all(bundled_root);
    }
    /// Regression test for ROADMAP #41: verify that `CLAW_CONFIG_HOME` isolation prevents
    /// host `~/.claw/plugins/` from bleeding into test runs.
    #[test]
    fn claw_config_home_isolation_prevents_host_plugin_leakage() {
        let _guard = env_guard();
        // Create a temp directory to act as our isolated CLAW_CONFIG_HOME
        let config_home = temp_dir("isolated-home");
        let bundled_root = temp_dir("isolated-bundled");
        // Set CLAW_CONFIG_HOME to our temp directory
        std::env::set_var("CLAW_CONFIG_HOME", &config_home);
        // Create a test fixture plugin in the isolated config home
        let install_root = config_home.join("plugins").join("installed");
        let fixture_plugin_root = install_root.join("isolated-test-plugin");
        write_file(
            fixture_plugin_root.join(MANIFEST_RELATIVE_PATH).as_path(),
            r#"{
  "name": "isolated-test-plugin",
  "version": "1.0.0",
  "description": "Test fixture plugin in isolated config home"
 }"#,
        );
        // Create PluginManager with isolated bundled_root - it should use the temp config_home, not host ~/.claw/
        let mut config = PluginManagerConfig::new(&config_home);
        config.bundled_root = Some(bundled_root.clone());
        let manager = PluginManager::new(config);
        // List installed plugins - should only see the test fixture, not host plugins
        let installed = manager
            .list_installed_plugins()
            .expect("installed plugins should list");
        // Verify we only see the test fixture plugin
        assert_eq!(
            installed.len(),
            1,
            "should only see the test fixture plugin, not host ~/.claw/plugins/"
        );
        assert_eq!(
            installed[0].metadata.id, "isolated-test-plugin@external",
            "should see the test fixture plugin"
        );
        // Cleanup
        std::env::remove_var("CLAW_CONFIG_HOME");
        let _ = fs::remove_dir_all(config_home);
        let _ = fs::remove_dir_all(bundled_root);
    }
    #[test]
    fn plugin_lifecycle_handles_parallel_execution() {
        use std::sync::atomic::{AtomicUsize, Ordering as AtomicOrdering};
        use std::sync::Arc;
        use std::thread;
        let _guard = env_guard();
        // Shared base directory for all threads
        let base_dir = temp_dir("parallel-base");
        // Track successful installations and any errors
        let success_count = Arc::new(AtomicUsize::new(0));
        let error_count = Arc::new(AtomicUsize::new(0));
        // Spawn multiple threads to install plugins simultaneously
        let mut handles = Vec::new();
        for thread_id in 0..5 {
            let base_dir = base_dir.clone();
            let success_count = Arc::clone(&success_count);
            let error_count = Arc::clone(&error_count);
            let handle = thread::spawn(move || {
                // Create unique directories for this thread
                let config_home = base_dir.join(format!("config-{thread_id}"));
                let source_root = base_dir.join(format!("source-{thread_id}"));
                // Write lifecycle plugin for this thread
                let _log_path =
                    write_lifecycle_plugin(&source_root, &format!("parallel-{thread_id}"), "1.0.0");
                // Create PluginManager and install
                let mut manager = PluginManager::new(PluginManagerConfig::new(&config_home));
                let install_result = manager.install(source_root.to_str().expect("utf8 path"));
                match install_result {
                    Ok(install) => {
                        let log_path = install.install_path.join("lifecycle.log");
                        // Initialize and shutdown the registry to trigger lifecycle hooks
                        let registry = manager.plugin_registry();
                        match registry {
                            Ok(registry) => {
                                if registry.initialize().is_ok() && registry.shutdown().is_ok() {
                                    // Verify lifecycle.log exists and has expected content
                                    if let Ok(log) = fs::read_to_string(&log_path) {
                                        if log == "init\nshutdown\n" {
                                            success_count.fetch_add(1, AtomicOrdering::Relaxed);
                                        }
                                    }
                                }
                            }
                            Err(_) => {
                                error_count.fetch_add(1, AtomicOrdering::Relaxed);
                            }
                        }
                    }
                    Err(_) => {
                        error_count.fetch_add(1, AtomicOrdering::Relaxed);
                    }
                }
            });
            handles.push(handle);
        }
        // Wait for all threads to complete
        for handle in handles {
            handle.join().expect("thread should complete");
        }
        // Verify all threads succeeded without collisions
        let successes = success_count.load(AtomicOrdering::Relaxed);
        let errors = error_count.load(AtomicOrdering::Relaxed);
        assert_eq!(
            successes, 5,
            "all 5 parallel plugin installations should succeed"
        );
        assert_eq!(
            errors, 0,
            "no errors should occur during parallel execution"
        );
        // Cleanup
        let _ = fs::remove_dir_all(base_dir);
    }
 }
--- a/rust/crates/plugins/src/test_isolation.rs
+++ b/rust/crates/plugins/src/test_isolation.rs
@@ -0,0 +1,73 @@
 // Test isolation utilities for plugin tests
 // ROADMAP #41: Stop ambient plugin state from skewing CLI regression checks
 use std::env;
 use std::path::PathBuf;
 use std::sync::atomic::{AtomicU64, Ordering};
 use std::sync::Mutex;
 static TEST_COUNTER: AtomicU64 = AtomicU64::new(0);
 static ENV_LOCK: Mutex<()> = Mutex::new(());
 /// Lock for test environment isolation
 pub struct EnvLock {
    _guard: std::sync::MutexGuard<'static, ()>,
    temp_home: PathBuf,
 }
 impl EnvLock {
    /// Acquire environment lock for test isolation
    pub fn lock() -> Self {
        let guard = ENV_LOCK.lock().unwrap();
        let count = TEST_COUNTER.fetch_add(1, Ordering::SeqCst);
        let temp_home = std::env::temp_dir().join(format!("plugin-test-{count}"));
        // Set up isolated environment
        std::fs::create_dir_all(&temp_home).ok();
        std::fs::create_dir_all(temp_home.join(".claude/plugins/installed")).ok();
        std::fs::create_dir_all(temp_home.join(".config")).ok();
        // Redirect HOME and XDG_CONFIG_HOME to temp directory
        env::set_var("HOME", &temp_home);
        env::set_var("XDG_CONFIG_HOME", temp_home.join(".config"));
        env::set_var("XDG_DATA_HOME", temp_home.join(".local/share"));
        EnvLock {
            _guard: guard,
            temp_home,
        }
    }
    /// Get the temporary home directory for this test
    #[must_use]
    pub fn temp_home(&self) -> &PathBuf {
        &self.temp_home
    }
 }
 impl Drop for EnvLock {
    fn drop(&mut self) {
        // Cleanup temp directory
        std::fs::remove_dir_all(&self.temp_home).ok();
    }
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[test]
    fn test_env_lock_creates_isolated_home() {
        let lock = EnvLock::lock();
        let home = env::var("HOME").unwrap();
        assert!(home.contains("plugin-test-"));
        assert_eq!(home, lock.temp_home().to_str().unwrap());
    }
    #[test]
    fn test_env_lock_creates_plugin_directories() {
        let lock = EnvLock::lock();
        let plugins_dir = lock.temp_home().join(".claude/plugins/installed");
        assert!(plugins_dir.exists());
    }
 }
--- a/rust/crates/runtime/Cargo.toml
+++ b/rust/crates/runtime/Cargo.toml
@@ -13,7 +13,7 @@ regex = "1"
 serde = { version = "1", features = ["derive"] }
 serde_json.workspace = true
 telemetry = { path = "../telemetry" }
-tokio = { version = "1", features = ["io-util", "macros", "process", "rt", "rt-multi-thread", "time"] }
+tokio = { version = "1", features = ["io-std", "io-util", "macros", "process", "rt", "rt-multi-thread", "time"] }
 walkdir = "2"
 [lints]
--- a/rust/crates/runtime/src/compact.rs
+++ b/rust/crates/runtime/src/compact.rs
@@ -108,10 +108,54 @@ pub fn compact_session(session: &Session, config: CompactionConfig) -> Compactio
        .first()
        .and_then(extract_existing_compacted_summary);
    let compacted_prefix_len = usize::from(existing_summary.is_some());
-    let keep_from = session
+    let raw_keep_from = session
        .messages
        .len()
        .saturating_sub(config.preserve_recent_messages);
    // Ensure we do not split a tool-use / tool-result pair at the compaction
    // boundary. If the first preserved message is a user message whose first
    // block is a ToolResult, the assistant message with the matching ToolUse
    // was slated for removal — that produces an orphaned tool role message on
    // the OpenAI-compat path (400: tool message must follow assistant with
    // tool_calls). Walk the boundary back until we start at a safe point.
    let keep_from = {
        let mut k = raw_keep_from;
        // If the first preserved message is a tool-result turn, ensure its
        // paired assistant tool-use turn is preserved too. Without this fix,
        // the OpenAI-compat adapter sends an orphaned 'tool' role message
        // with no preceding assistant 'tool_calls', which providers reject
        // with a 400. We walk back only if the immediately preceding message
        // is NOT an assistant message that contains a ToolUse block (i.e. the
        // pair is actually broken at the boundary).
        loop {
            if k == 0 || k <= compacted_prefix_len {
                break;
            }
            let first_preserved = &session.messages[k];
            let starts_with_tool_result = first_preserved
                .blocks
                .first()
                .is_some_and(|b| matches!(b, ContentBlock::ToolResult { .. }));
            if !starts_with_tool_result {
                break;
            }
            // Check the message just before the current boundary.
            let preceding = &session.messages[k - 1];
            let preceding_has_tool_use = preceding
                .blocks
                .iter()
                .any(|b| matches!(b, ContentBlock::ToolUse { .. }));
            if preceding_has_tool_use {
                // Pair is intact — walk back one more to include the assistant turn.
                k = k.saturating_sub(1);
                break;
            }
            // Preceding message has no ToolUse but we have a ToolResult —
            // this is already an orphaned pair; walk back to try to fix it.
            k = k.saturating_sub(1);
        }
        k
    };
    let removed = &session.messages[compacted_prefix_len..keep_from];
    let preserved = session.messages[keep_from..].to_vec();
    let summary =
@@ -510,7 +554,7 @@ fn extract_summary_timeline(summary: &str) -> Vec<String> {
 #[cfg(test)]
 mod tests {
    use super::{
-        collect_key_files, compact_session, estimate_session_tokens, format_compact_summary,
+        collect_key_files, compact_session, format_compact_summary,
        get_compact_continuation_message, infer_pending_work, should_compact, CompactionConfig,
    };
    use crate::session::{ContentBlock, ConversationMessage, MessageRole, Session};
@@ -559,7 +603,14 @@ mod tests {
            },
        );
-        assert_eq!(result.removed_message_count, 2);
+        // With the tool-use/tool-result boundary fix, the compaction preserves
        // one extra message to avoid an orphaned tool result at the boundary.
        // messages[1] (assistant) must be kept along with messages[2] (tool result).
        assert!(
            result.removed_message_count <= 2,
            "expected at most 2 removed, got {}",
            result.removed_message_count
        );
        assert_eq!(
            result.compacted_session.messages[0].role,
            MessageRole::System
@@ -577,8 +628,13 @@ mod tests {
                max_estimated_tokens: 1,
            }
        ));
        // Note: with the tool-use/tool-result boundary guard the compacted session
        // may preserve one extra message at the boundary, so token reduction is
        // not guaranteed for small sessions. The invariant that matters is that
        // the removed_message_count is non-zero (something was compacted).
        assert!(
-            estimate_session_tokens(&result.compacted_session) < estimate_session_tokens(&session)
+            result.removed_message_count > 0,
            "compaction must remove at least one message"
        );
    }
@@ -682,6 +738,79 @@ mod tests {
        assert!(files.contains(&"rust/crates/rusty-claude-cli/src/main.rs".to_string()));
    }
    /// Regression: compaction must not split an assistant(ToolUse) /
    /// user(ToolResult) pair at the boundary. An orphaned tool-result message
    /// without the preceding assistant `tool_calls` causes a 400 on the
    /// OpenAI-compat path (gaebal-gajae repro 2026-04-09).
    #[test]
    fn compaction_does_not_split_tool_use_tool_result_pair() {
        use crate::session::{ContentBlock, Session};
        let tool_id = "call_abc";
        let mut session = Session::default();
        // Turn 1: user prompt
        session
            .push_message(ConversationMessage::user_text("Search for files"))
            .unwrap();
        // Turn 2: assistant calls a tool
        session
            .push_message(ConversationMessage::assistant(vec![
                ContentBlock::ToolUse {
                    id: tool_id.to_string(),
                    name: "search".to_string(),
                    input: "{\"q\":\"*.rs\"}".to_string(),
                },
            ]))
            .unwrap();
        // Turn 3: tool result
        session
            .push_message(ConversationMessage::tool_result(
                tool_id,
                "search",
                "found 5 files",
                false,
            ))
            .unwrap();
        // Turn 4: assistant final response
        session
            .push_message(ConversationMessage::assistant(vec![ContentBlock::Text {
                text: "Done.".to_string(),
            }]))
            .unwrap();
        // Compact preserving only 1 recent message — without the fix this
        // would cut the boundary so that the tool result (turn 3) is first,
        // without its preceding assistant tool_calls (turn 2).
        let config = CompactionConfig {
            preserve_recent_messages: 1,
            ..CompactionConfig::default()
        };
        let result = compact_session(&session, config);
        // After compaction, no two consecutive messages should have the pattern
        // tool_result immediately following a non-assistant message (i.e. an
        // orphaned tool result without a preceding assistant ToolUse).
        let messages = &result.compacted_session.messages;
        for i in 1..messages.len() {
            let curr_is_tool_result = messages[i]
                .blocks
                .first()
                .is_some_and(|b| matches!(b, ContentBlock::ToolResult { .. }));
            if curr_is_tool_result {
                let prev_has_tool_use = messages[i - 1]
                    .blocks
                    .iter()
                    .any(|b| matches!(b, ContentBlock::ToolUse { .. }));
                assert!(
                    prev_has_tool_use,
                    "message[{}] is a ToolResult but message[{}] has no ToolUse: {:?}",
                    i,
                    i - 1,
                    &messages[i - 1].blocks
                );
            }
        }
    }
    #[test]
    fn infers_pending_work_from_recent_messages() {
        let pending = infer_pending_work(&[
--- a/rust/crates/runtime/src/config.rs
+++ b/rust/crates/runtime/src/config.rs
@@ -48,6 +48,7 @@ pub struct RuntimePluginConfig {
    install_root: Option<String>,
    registry_path: Option<String>,
    bundled_root: Option<String>,
    max_output_tokens: Option<u32>,
 }
 /// Structured feature configuration consumed by runtime subsystems.
@@ -58,9 +59,21 @@ pub struct RuntimeFeatureConfig {
    mcp: McpConfigCollection,
    oauth: Option<OAuthConfig>,
    model: Option<String>,
    aliases: BTreeMap<String, String>,
    permission_mode: Option<ResolvedPermissionMode>,
    permission_rules: RuntimePermissionRuleConfig,
    sandbox: SandboxConfig,
    provider_fallbacks: ProviderFallbackConfig,
    trusted_roots: Vec<String>,
 }
 /// Ordered chain of fallback model identifiers used when the primary
 /// provider returns a retryable failure (429/500/503/etc.). The chain is
 /// strict: each entry is tried in order until one succeeds.
 #[derive(Debug, Clone, PartialEq, Eq, Default)]
 pub struct ProviderFallbackConfig {
    primary: Option<String>,
    fallbacks: Vec<String>,
 }
 /// Hook command lists grouped by lifecycle stage.
@@ -259,17 +272,33 @@ impl ConfigLoader {
        let mut merged = BTreeMap::new();
        let mut loaded_entries = Vec::new();
        let mut mcp_servers = BTreeMap::new();
        let mut all_warnings = Vec::new();
        for entry in self.discover() {
-            let Some(value) = read_optional_json_object(&entry.path)? else {
+            crate::config_validate::check_unsupported_format(&entry.path)?;
            let Some(parsed) = read_optional_json_object(&entry.path)? else {
                continue;
            };
-            validate_optional_hooks_config(&value, &entry.path)?;
+            let validation = crate::config_validate::validate_config_file(
-            merge_mcp_servers(&mut mcp_servers, entry.source, &value, &entry.path)?;
+                &parsed.object,
-            deep_merge_objects(&mut merged, &value);
+                &parsed.source,
                &entry.path,
            );
            if !validation.is_ok() {
                let first_error = &validation.errors[0];
                return Err(ConfigError::Parse(first_error.to_string()));
            }
            all_warnings.extend(validation.warnings);
            validate_optional_hooks_config(&parsed.object, &entry.path)?;
            merge_mcp_servers(&mut mcp_servers, entry.source, &parsed.object, &entry.path)?;
            deep_merge_objects(&mut merged, &parsed.object);
            loaded_entries.push(entry);
        }
        for warning in &all_warnings {
            eprintln!("warning: {warning}");
        }
        let merged_value = JsonValue::Object(merged.clone());
        let feature_config = RuntimeFeatureConfig {
@@ -280,9 +309,12 @@ impl ConfigLoader {
            },
            oauth: parse_optional_oauth_config(&merged_value, "merged settings.oauth")?,
            model: parse_optional_model(&merged_value),
            aliases: parse_optional_aliases(&merged_value)?,
            permission_mode: parse_optional_permission_mode(&merged_value)?,
            permission_rules: parse_optional_permission_rules(&merged_value)?,
            sandbox: parse_optional_sandbox_config(&merged_value)?,
            provider_fallbacks: parse_optional_provider_fallbacks(&merged_value)?,
            trusted_roots: parse_optional_trusted_roots(&merged_value)?,
        };
        Ok(RuntimeConfig {
@@ -353,6 +385,11 @@ impl RuntimeConfig {
        self.feature_config.model.as_deref()
    }
    #[must_use]
    pub fn aliases(&self) -> &BTreeMap<String, String> {
        &self.feature_config.aliases
    }
    #[must_use]
    pub fn permission_mode(&self) -> Option<ResolvedPermissionMode> {
        self.feature_config.permission_mode
@@ -367,6 +404,16 @@ impl RuntimeConfig {
    pub fn sandbox(&self) -> &SandboxConfig {
        &self.feature_config.sandbox
    }
    #[must_use]
    pub fn provider_fallbacks(&self) -> &ProviderFallbackConfig {
        &self.feature_config.provider_fallbacks
    }
    #[must_use]
    pub fn trusted_roots(&self) -> &[String] {
        &self.feature_config.trusted_roots
    }
 }
 impl RuntimeFeatureConfig {
@@ -407,6 +454,11 @@ impl RuntimeFeatureConfig {
        self.model.as_deref()
    }
    #[must_use]
    pub fn aliases(&self) -> &BTreeMap<String, String> {
        &self.aliases
    }
    #[must_use]
    pub fn permission_mode(&self) -> Option<ResolvedPermissionMode> {
        self.permission_mode
@@ -421,6 +473,38 @@ impl RuntimeFeatureConfig {
    pub fn sandbox(&self) -> &SandboxConfig {
        &self.sandbox
    }
    #[must_use]
    pub fn provider_fallbacks(&self) -> &ProviderFallbackConfig {
        &self.provider_fallbacks
    }
    #[must_use]
    pub fn trusted_roots(&self) -> &[String] {
        &self.trusted_roots
    }
 }
 impl ProviderFallbackConfig {
    #[must_use]
    pub fn new(primary: Option<String>, fallbacks: Vec<String>) -> Self {
        Self { primary, fallbacks }
    }
    #[must_use]
    pub fn primary(&self) -> Option<&str> {
        self.primary.as_deref()
    }
    #[must_use]
    pub fn fallbacks(&self) -> &[String] {
        &self.fallbacks
    }
    #[must_use]
    pub fn is_empty(&self) -> bool {
        self.fallbacks.is_empty()
    }
 }
 impl RuntimePluginConfig {
@@ -449,6 +533,15 @@ impl RuntimePluginConfig {
        self.bundled_root.as_deref()
    }
    #[must_use]
    pub fn max_output_tokens(&self) -> Option<u32> {
        self.max_output_tokens
    }
    pub fn set_max_output_tokens(&mut self, max_output_tokens: Option<u32>) {
        self.max_output_tokens = max_output_tokens;
    }
    pub fn set_plugin_state(&mut self, plugin_id: String, enabled: bool) {
        self.enabled_plugins.insert(plugin_id, enabled);
    }
@@ -572,9 +665,13 @@ impl McpServerConfig {
    }
 }
-fn read_optional_json_object(
+/// Parsed JSON object paired with its raw source text for validation.
-    path: &Path,
+struct ParsedConfigFile {
-) -> Result<Option<BTreeMap<String, JsonValue>>, ConfigError> {
+    object: BTreeMap<String, JsonValue>,
    source: String,
 }
 fn read_optional_json_object(path: &Path) -> Result<Option<ParsedConfigFile>, ConfigError> {
    let is_legacy_config = path.file_name().and_then(|name| name.to_str()) == Some(".claw.json");
    let contents = match fs::read_to_string(path) {
        Ok(contents) => contents,
@@ -583,7 +680,10 @@ fn read_optional_json_object(
    };
    if contents.trim().is_empty() {
-        return Ok(Some(BTreeMap::new()));
+        return Ok(Some(ParsedConfigFile {
            object: BTreeMap::new(),
            source: contents,
        }));
    }
    let parsed = match JsonValue::parse(&contents) {
@@ -600,7 +700,10 @@ fn read_optional_json_object(
            path.display()
        )));
    };
-    Ok(Some(object.clone()))
+    Ok(Some(ParsedConfigFile {
        object: object.clone(),
        source: contents,
    }))
 }
 fn merge_mcp_servers(
@@ -637,6 +740,13 @@ fn parse_optional_model(root: &JsonValue) -> Option<String> {
        .map(ToOwned::to_owned)
 }
 fn parse_optional_aliases(root: &JsonValue) -> Result<BTreeMap<String, String>, ConfigError> {
    let Some(object) = root.as_object() else {
        return Ok(BTreeMap::new());
    };
    Ok(optional_string_map(object, "aliases", "merged settings")?.unwrap_or_default())
 }
 fn parse_optional_hooks_config(root: &JsonValue) -> Result<RuntimeHookConfig, ConfigError> {
    let Some(object) = root.as_object() else {
        return Ok(RuntimeHookConfig::default());
@@ -714,6 +824,7 @@ fn parse_optional_plugin_config(root: &JsonValue) -> Result<RuntimePluginConfig,
        optional_string(plugins, "registryPath", "merged settings.plugins")?.map(str::to_string);
    config.bundled_root =
        optional_string(plugins, "bundledRoot", "merged settings.plugins")?.map(str::to_string);
    config.max_output_tokens = optional_u32(plugins, "maxOutputTokens", "merged settings.plugins")?;
    Ok(config)
 }
@@ -776,6 +887,33 @@ fn parse_optional_sandbox_config(root: &JsonValue) -> Result<SandboxConfig, Conf
    })
 }
 fn parse_optional_provider_fallbacks(
    root: &JsonValue,
 ) -> Result<ProviderFallbackConfig, ConfigError> {
    let Some(object) = root.as_object() else {
        return Ok(ProviderFallbackConfig::default());
    };
    let Some(value) = object.get("providerFallbacks") else {
        return Ok(ProviderFallbackConfig::default());
    };
    let entry = expect_object(value, "merged settings.providerFallbacks")?;
    let primary =
        optional_string(entry, "primary", "merged settings.providerFallbacks")?.map(str::to_string);
    let fallbacks = optional_string_array(entry, "fallbacks", "merged settings.providerFallbacks")?
        .unwrap_or_default();
    Ok(ProviderFallbackConfig { primary, fallbacks })
 }
 fn parse_optional_trusted_roots(root: &JsonValue) -> Result<Vec<String>, ConfigError> {
    let Some(object) = root.as_object() else {
        return Ok(Vec::new());
    };
    Ok(
        optional_string_array(object, "trustedRoots", "merged settings.trustedRoots")?
            .unwrap_or_default(),
    )
 }
 fn parse_filesystem_mode_label(value: &str) -> Result<FilesystemIsolationMode, ConfigError> {
    match value {
        "off" => Ok(FilesystemIsolationMode::Off),
@@ -957,6 +1095,27 @@ fn optional_u16(
    }
 }
 fn optional_u32(
    object: &BTreeMap<String, JsonValue>,
    key: &str,
    context: &str,
 ) -> Result<Option<u32>, ConfigError> {
    match object.get(key) {
        Some(value) => {
            let Some(number) = value.as_i64() else {
                return Err(ConfigError::Parse(format!(
                    "{context}: field {key} must be a non-negative integer"
                )));
            };
            let number = u32::try_from(number).map_err(|_| {
                ConfigError::Parse(format!("{context}: field {key} is out of range"))
            })?;
            Ok(Some(number))
        }
        None => Ok(None),
    }
 }
 fn optional_u64(
    object: &BTreeMap<String, JsonValue>,
    key: &str,
@@ -1247,6 +1406,113 @@ mod tests {
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn parses_provider_fallbacks_chain_with_primary_and_ordered_fallbacks() {
        // given
        let root = temp_dir();
        let cwd = root.join("project");
        let home = root.join("home").join(".claw");
        fs::create_dir_all(cwd.join(".claw")).expect("project config dir");
        fs::create_dir_all(&home).expect("home config dir");
        fs::write(
            home.join("settings.json"),
            r#"{
              "providerFallbacks": {
                "primary": "claude-opus-4-6",
                "fallbacks": ["grok-3", "grok-3-mini"]
              }
            }"#,
        )
        .expect("write provider fallback settings");
        // when
        let loaded = ConfigLoader::new(&cwd, &home)
            .load()
            .expect("config should load");
        // then
        let chain = loaded.provider_fallbacks();
        assert_eq!(chain.primary(), Some("claude-opus-4-6"));
        assert_eq!(
            chain.fallbacks(),
            &["grok-3".to_string(), "grok-3-mini".to_string()]
        );
        assert!(!chain.is_empty());
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn provider_fallbacks_default_is_empty_when_unset() {
        // given
        let root = temp_dir();
        let cwd = root.join("project");
        let home = root.join("home").join(".claw");
        fs::create_dir_all(&home).expect("home config dir");
        fs::create_dir_all(&cwd).expect("project dir");
        fs::write(home.join("settings.json"), "{}").expect("write empty settings");
        // when
        let loaded = ConfigLoader::new(&cwd, &home)
            .load()
            .expect("config should load");
        // then
        let chain = loaded.provider_fallbacks();
        assert_eq!(chain.primary(), None);
        assert!(chain.fallbacks().is_empty());
        assert!(chain.is_empty());
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn parses_trusted_roots_from_settings() {
        // given
        let root = temp_dir();
        let cwd = root.join("project");
        let home = root.join("home").join(".claw");
        fs::create_dir_all(&home).expect("home config dir");
        fs::create_dir_all(&cwd).expect("project dir");
        fs::write(
            home.join("settings.json"),
            r#"{"trustedRoots": ["/tmp/worktrees", "/home/user/projects"]}"#,
        )
        .expect("write settings");
        // when
        let loaded = ConfigLoader::new(&cwd, &home)
            .load()
            .expect("config should load");
        // then
        let roots = loaded.trusted_roots();
        assert_eq!(roots, ["/tmp/worktrees", "/home/user/projects"]);
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn trusted_roots_default_is_empty_when_unset() {
        // given
        let root = temp_dir();
        let cwd = root.join("project");
        let home = root.join("home").join(".claw");
        fs::create_dir_all(&home).expect("home config dir");
        fs::create_dir_all(&cwd).expect("project dir");
        fs::write(home.join("settings.json"), "{}").expect("write empty settings");
        // when
        let loaded = ConfigLoader::new(&cwd, &home)
            .load()
            .expect("config should load");
        // then
        assert!(loaded.trusted_roots().is_empty());
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn parses_typed_mcp_and_oauth_config() {
        let root = temp_dir();
@@ -1493,6 +1759,49 @@ mod tests {
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn parses_user_defined_model_aliases_from_settings() {
        // given
        let root = temp_dir();
        let cwd = root.join("project");
        let home = root.join("home").join(".claw");
        fs::create_dir_all(cwd.join(".claw")).expect("project config dir");
        fs::create_dir_all(&home).expect("home config dir");
        fs::write(
            home.join("settings.json"),
            r#"{"aliases":{"fast":"claude-haiku-4-5-20251213","smart":"claude-opus-4-6"}}"#,
        )
        .expect("write user settings");
        fs::write(
            cwd.join(".claw").join("settings.local.json"),
            r#"{"aliases":{"smart":"claude-sonnet-4-6","cheap":"grok-3-mini"}}"#,
        )
        .expect("write local settings");
        // when
        let loaded = ConfigLoader::new(&cwd, &home)
            .load()
            .expect("config should load");
        // then
        let aliases = loaded.aliases();
        assert_eq!(
            aliases.get("fast").map(String::as_str),
            Some("claude-haiku-4-5-20251213")
        );
        assert_eq!(
            aliases.get("smart").map(String::as_str),
            Some("claude-sonnet-4-6")
        );
        assert_eq!(
            aliases.get("cheap").map(String::as_str),
            Some("grok-3-mini")
        );
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn empty_settings_file_loads_defaults() {
        // given
@@ -1574,12 +1883,13 @@ mod tests {
            .load()
            .expect_err("config should fail");
-        // then
+        // then — config validation now catches the mixed array before the hooks parser
        let rendered = error.to_string();
-        assert!(rendered.contains(&format!(
+        assert!(
-            "{}: hooks: field PreToolUse must contain only strings",
+            rendered.contains("hooks.PreToolUse")
-            project_settings.display()
+                && rendered.contains("must be an array of strings"),
-        )));
+            "expected validation error for hooks.PreToolUse, got: {rendered}"
        );
        assert!(!rendered.contains("merged settings.hooks"));
        fs::remove_dir_all(root).expect("cleanup temp dir");
@@ -1645,4 +1955,157 @@ mod tests {
        assert!(config.state_for("missing", true));
        assert!(!config.state_for("missing", false));
    }
    #[test]
    fn validates_unknown_top_level_keys_with_line_and_field_name() {
        // given
        let root = temp_dir();
        let cwd = root.join("project");
        let home = root.join("home").join(".claw");
        let user_settings = home.join("settings.json");
        fs::create_dir_all(&home).expect("home config dir");
        fs::create_dir_all(&cwd).expect("project dir");
        fs::write(
            &user_settings,
            "{\n  \"model\": \"opus\",\n  \"telemetry\": true\n}\n",
        )
        .expect("write user settings");
        // when
        let error = ConfigLoader::new(&cwd, &home)
            .load()
            .expect_err("config should fail");
        // then
        let rendered = error.to_string();
        assert!(
            rendered.contains(&user_settings.display().to_string()),
            "error should include file path, got: {rendered}"
        );
        assert!(
            rendered.contains("line 3"),
            "error should include line number, got: {rendered}"
        );
        assert!(
            rendered.contains("telemetry"),
            "error should name the offending field, got: {rendered}"
        );
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn validates_deprecated_top_level_keys_with_replacement_guidance() {
        // given
        let root = temp_dir();
        let cwd = root.join("project");
        let home = root.join("home").join(".claw");
        let user_settings = home.join("settings.json");
        fs::create_dir_all(&home).expect("home config dir");
        fs::create_dir_all(&cwd).expect("project dir");
        fs::write(
            &user_settings,
            "{\n  \"model\": \"opus\",\n  \"allowedTools\": [\"Read\"]\n}\n",
        )
        .expect("write user settings");
        // when
        let error = ConfigLoader::new(&cwd, &home)
            .load()
            .expect_err("config should fail");
        // then
        let rendered = error.to_string();
        assert!(
            rendered.contains(&user_settings.display().to_string()),
            "error should include file path, got: {rendered}"
        );
        assert!(
            rendered.contains("line 3"),
            "error should include line number, got: {rendered}"
        );
        assert!(
            rendered.contains("allowedTools"),
            "error should call out the unknown field, got: {rendered}"
        );
        // allowedTools is an unknown key; validator should name it in the error
        assert!(
            rendered.contains("allowedTools"),
            "error should name the offending field, got: {rendered}"
        );
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn validates_wrong_type_for_known_field_with_field_path() {
        // given
        let root = temp_dir();
        let cwd = root.join("project");
        let home = root.join("home").join(".claw");
        let user_settings = home.join("settings.json");
        fs::create_dir_all(&home).expect("home config dir");
        fs::create_dir_all(&cwd).expect("project dir");
        fs::write(
            &user_settings,
            "{\n  \"hooks\": {\n    \"PreToolUse\": \"not-an-array\"\n  }\n}\n",
        )
        .expect("write user settings");
        // when
        let error = ConfigLoader::new(&cwd, &home)
            .load()
            .expect_err("config should fail");
        // then
        let rendered = error.to_string();
        assert!(
            rendered.contains(&user_settings.display().to_string()),
            "error should include file path, got: {rendered}"
        );
        assert!(
            rendered.contains("hooks"),
            "error should include field path component 'hooks', got: {rendered}"
        );
        assert!(
            rendered.contains("PreToolUse"),
            "error should describe the type mismatch, got: {rendered}"
        );
        assert!(
            rendered.contains("array"),
            "error should describe the expected type, got: {rendered}"
        );
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn unknown_top_level_key_suggests_closest_match() {
        // given
        let root = temp_dir();
        let cwd = root.join("project");
        let home = root.join("home").join(".claw");
        let user_settings = home.join("settings.json");
        fs::create_dir_all(&home).expect("home config dir");
        fs::create_dir_all(&cwd).expect("project dir");
        fs::write(&user_settings, "{\n  \"modle\": \"opus\"\n}\n").expect("write user settings");
        // when
        let error = ConfigLoader::new(&cwd, &home)
            .load()
            .expect_err("config should fail");
        // then
        let rendered = error.to_string();
        assert!(
            rendered.contains("modle"),
            "error should name the offending field, got: {rendered}"
        );
        assert!(
            rendered.contains("model"),
            "error should suggest the closest known key, got: {rendered}"
        );
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
 }
--- a/rust/crates/runtime/src/config_validate.rs
+++ b/rust/crates/runtime/src/config_validate.rs
@@ -0,0 +1,901 @@
 use std::collections::BTreeMap;
 use std::path::Path;
 use crate::config::ConfigError;
 use crate::json::JsonValue;
 /// Diagnostic emitted when a config file contains a suspect field.
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct ConfigDiagnostic {
    pub path: String,
    pub field: String,
    pub line: Option<usize>,
    pub kind: DiagnosticKind,
 }
 /// Classification of the diagnostic.
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub enum DiagnosticKind {
    UnknownKey {
        suggestion: Option<String>,
    },
    WrongType {
        expected: &'static str,
        got: &'static str,
    },
    Deprecated {
        replacement: &'static str,
    },
 }
 impl std::fmt::Display for ConfigDiagnostic {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        let location = self
            .line
            .map_or_else(String::new, |line| format!(" (line {line})"));
        match &self.kind {
            DiagnosticKind::UnknownKey { suggestion: None } => {
                write!(f, "{}: unknown key \"{}\"{location}", self.path, self.field)
            }
            DiagnosticKind::UnknownKey {
                suggestion: Some(hint),
            } => {
                write!(
                    f,
                    "{}: unknown key \"{}\"{location}. Did you mean \"{}\"?",
                    self.path, self.field, hint
                )
            }
            DiagnosticKind::WrongType { expected, got } => {
                write!(
                    f,
                    "{}: field \"{}\" must be {expected}, got {got}{location}",
                    self.path, self.field
                )
            }
            DiagnosticKind::Deprecated { replacement } => {
                write!(
                    f,
                    "{}: field \"{}\" is deprecated{location}. Use \"{replacement}\" instead",
                    self.path, self.field
                )
            }
        }
    }
 }
 /// Result of validating a single config file.
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct ValidationResult {
    pub errors: Vec<ConfigDiagnostic>,
    pub warnings: Vec<ConfigDiagnostic>,
 }
 impl ValidationResult {
    #[must_use]
    pub fn is_ok(&self) -> bool {
        self.errors.is_empty()
    }
    fn merge(&mut self, other: Self) {
        self.errors.extend(other.errors);
        self.warnings.extend(other.warnings);
    }
 }
 // ---- known-key schema ----
 /// Expected type for a config field.
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 enum FieldType {
    String,
    Bool,
    Object,
    StringArray,
    Number,
 }
 impl FieldType {
    fn label(self) -> &'static str {
        match self {
            Self::String => "a string",
            Self::Bool => "a boolean",
            Self::Object => "an object",
            Self::StringArray => "an array of strings",
            Self::Number => "a number",
        }
    }
    fn matches(self, value: &JsonValue) -> bool {
        match self {
            Self::String => value.as_str().is_some(),
            Self::Bool => value.as_bool().is_some(),
            Self::Object => value.as_object().is_some(),
            Self::StringArray => value
                .as_array()
                .is_some_and(|arr| arr.iter().all(|v| v.as_str().is_some())),
            Self::Number => value.as_i64().is_some(),
        }
    }
 }
 fn json_type_label(value: &JsonValue) -> &'static str {
    match value {
        JsonValue::Null => "null",
        JsonValue::Bool(_) => "a boolean",
        JsonValue::Number(_) => "a number",
        JsonValue::String(_) => "a string",
        JsonValue::Array(_) => "an array",
        JsonValue::Object(_) => "an object",
    }
 }
 struct FieldSpec {
    name: &'static str,
    expected: FieldType,
 }
 struct DeprecatedField {
    name: &'static str,
    replacement: &'static str,
 }
 const TOP_LEVEL_FIELDS: &[FieldSpec] = &[
    FieldSpec {
        name: "$schema",
        expected: FieldType::String,
    },
    FieldSpec {
        name: "model",
        expected: FieldType::String,
    },
    FieldSpec {
        name: "hooks",
        expected: FieldType::Object,
    },
    FieldSpec {
        name: "permissions",
        expected: FieldType::Object,
    },
    FieldSpec {
        name: "permissionMode",
        expected: FieldType::String,
    },
    FieldSpec {
        name: "mcpServers",
        expected: FieldType::Object,
    },
    FieldSpec {
        name: "oauth",
        expected: FieldType::Object,
    },
    FieldSpec {
        name: "enabledPlugins",
        expected: FieldType::Object,
    },
    FieldSpec {
        name: "plugins",
        expected: FieldType::Object,
    },
    FieldSpec {
        name: "sandbox",
        expected: FieldType::Object,
    },
    FieldSpec {
        name: "env",
        expected: FieldType::Object,
    },
    FieldSpec {
        name: "aliases",
        expected: FieldType::Object,
    },
    FieldSpec {
        name: "providerFallbacks",
        expected: FieldType::Object,
    },
    FieldSpec {
        name: "trustedRoots",
        expected: FieldType::StringArray,
    },
 ];
 const HOOKS_FIELDS: &[FieldSpec] = &[
    FieldSpec {
        name: "PreToolUse",
        expected: FieldType::StringArray,
    },
    FieldSpec {
        name: "PostToolUse",
        expected: FieldType::StringArray,
    },
    FieldSpec {
        name: "PostToolUseFailure",
        expected: FieldType::StringArray,
    },
 ];
 const PERMISSIONS_FIELDS: &[FieldSpec] = &[
    FieldSpec {
        name: "defaultMode",
        expected: FieldType::String,
    },
    FieldSpec {
        name: "allow",
        expected: FieldType::StringArray,
    },
    FieldSpec {
        name: "deny",
        expected: FieldType::StringArray,
    },
    FieldSpec {
        name: "ask",
        expected: FieldType::StringArray,
    },
 ];
 const PLUGINS_FIELDS: &[FieldSpec] = &[
    FieldSpec {
        name: "enabled",
        expected: FieldType::Object,
    },
    FieldSpec {
        name: "externalDirectories",
        expected: FieldType::StringArray,
    },
    FieldSpec {
        name: "installRoot",
        expected: FieldType::String,
    },
    FieldSpec {
        name: "registryPath",
        expected: FieldType::String,
    },
    FieldSpec {
        name: "bundledRoot",
        expected: FieldType::String,
    },
    FieldSpec {
        name: "maxOutputTokens",
        expected: FieldType::Number,
    },
 ];
 const SANDBOX_FIELDS: &[FieldSpec] = &[
    FieldSpec {
        name: "enabled",
        expected: FieldType::Bool,
    },
    FieldSpec {
        name: "namespaceRestrictions",
        expected: FieldType::Bool,
    },
    FieldSpec {
        name: "networkIsolation",
        expected: FieldType::Bool,
    },
    FieldSpec {
        name: "filesystemMode",
        expected: FieldType::String,
    },
    FieldSpec {
        name: "allowedMounts",
        expected: FieldType::StringArray,
    },
 ];
 const OAUTH_FIELDS: &[FieldSpec] = &[
    FieldSpec {
        name: "clientId",
        expected: FieldType::String,
    },
    FieldSpec {
        name: "authorizeUrl",
        expected: FieldType::String,
    },
    FieldSpec {
        name: "tokenUrl",
        expected: FieldType::String,
    },
    FieldSpec {
        name: "callbackPort",
        expected: FieldType::Number,
    },
    FieldSpec {
        name: "manualRedirectUrl",
        expected: FieldType::String,
    },
    FieldSpec {
        name: "scopes",
        expected: FieldType::StringArray,
    },
 ];
 const DEPRECATED_FIELDS: &[DeprecatedField] = &[
    DeprecatedField {
        name: "permissionMode",
        replacement: "permissions.defaultMode",
    },
    DeprecatedField {
        name: "enabledPlugins",
        replacement: "plugins.enabled",
    },
 ];
 // ---- line-number resolution ----
 /// Find the 1-based line number where a JSON key first appears in the raw source.
 fn find_key_line(source: &str, key: &str) -> Option<usize> {
    // Search for `"key"` followed by optional whitespace and a colon.
    let needle = format!("\"{key}\"");
    let mut search_start = 0;
    while let Some(offset) = source[search_start..].find(&needle) {
        let absolute = search_start + offset;
        let after = absolute + needle.len();
        // Verify the next non-whitespace char is `:` to confirm this is a key, not a value.
        if source[after..].chars().find(|ch| !ch.is_ascii_whitespace()) == Some(':') {
            return Some(source[..absolute].chars().filter(|&ch| ch == '\n').count() + 1);
        }
        search_start = after;
    }
    None
 }
 // ---- core validation ----
 fn validate_object_keys(
    object: &BTreeMap<String, JsonValue>,
    known_fields: &[FieldSpec],
    prefix: &str,
    source: &str,
    path_display: &str,
 ) -> ValidationResult {
    let mut result = ValidationResult {
        errors: Vec::new(),
        warnings: Vec::new(),
    };
    let known_names: Vec<&str> = known_fields.iter().map(|f| f.name).collect();
    for (key, value) in object {
        let field_path = if prefix.is_empty() {
            key.clone()
        } else {
            format!("{prefix}.{key}")
        };
        if let Some(spec) = known_fields.iter().find(|f| f.name == key) {
            // Type check.
            if !spec.expected.matches(value) {
                result.errors.push(ConfigDiagnostic {
                    path: path_display.to_string(),
                    field: field_path,
                    line: find_key_line(source, key),
                    kind: DiagnosticKind::WrongType {
                        expected: spec.expected.label(),
                        got: json_type_label(value),
                    },
                });
            }
        } else if DEPRECATED_FIELDS.iter().any(|d| d.name == key) {
            // Deprecated key — handled separately, not an unknown-key error.
        } else {
            // Unknown key.
            let suggestion = suggest_field(key, &known_names);
            result.errors.push(ConfigDiagnostic {
                path: path_display.to_string(),
                field: field_path,
                line: find_key_line(source, key),
                kind: DiagnosticKind::UnknownKey { suggestion },
            });
        }
    }
    result
 }
 fn suggest_field(input: &str, candidates: &[&str]) -> Option<String> {
    let input_lower = input.to_ascii_lowercase();
    candidates
        .iter()
        .filter_map(|candidate| {
            let distance = simple_edit_distance(&input_lower, &candidate.to_ascii_lowercase());
            (distance <= 3).then_some((distance, *candidate))
        })
        .min_by_key(|(distance, _)| *distance)
        .map(|(_, name)| name.to_string())
 }
 fn simple_edit_distance(left: &str, right: &str) -> usize {
    if left.is_empty() {
        return right.len();
    }
    if right.is_empty() {
        return left.len();
    }
    let right_chars: Vec<char> = right.chars().collect();
    let mut previous: Vec<usize> = (0..=right_chars.len()).collect();
    let mut current = vec![0; right_chars.len() + 1];
    for (left_index, left_char) in left.chars().enumerate() {
        current[0] = left_index + 1;
        for (right_index, right_char) in right_chars.iter().enumerate() {
            let cost = usize::from(left_char != *right_char);
            current[right_index + 1] = (previous[right_index + 1] + 1)
                .min(current[right_index] + 1)
                .min(previous[right_index] + cost);
        }
        previous.clone_from(&current);
    }
    previous[right_chars.len()]
 }
 /// Validate a parsed config file's keys and types against the known schema.
 ///
 /// Returns diagnostics (errors and deprecation warnings) without blocking the load.
 pub fn validate_config_file(
    object: &BTreeMap<String, JsonValue>,
    source: &str,
    file_path: &Path,
 ) -> ValidationResult {
    let path_display = file_path.display().to_string();
    let mut result = validate_object_keys(object, TOP_LEVEL_FIELDS, "", source, &path_display);
    // Check deprecated fields.
    for deprecated in DEPRECATED_FIELDS {
        if object.contains_key(deprecated.name) {
            result.warnings.push(ConfigDiagnostic {
                path: path_display.clone(),
                field: deprecated.name.to_string(),
                line: find_key_line(source, deprecated.name),
                kind: DiagnosticKind::Deprecated {
                    replacement: deprecated.replacement,
                },
            });
        }
    }
    // Validate known nested objects.
    if let Some(hooks) = object.get("hooks").and_then(JsonValue::as_object) {
        result.merge(validate_object_keys(
            hooks,
            HOOKS_FIELDS,
            "hooks",
            source,
            &path_display,
        ));
    }
    if let Some(permissions) = object.get("permissions").and_then(JsonValue::as_object) {
        result.merge(validate_object_keys(
            permissions,
            PERMISSIONS_FIELDS,
            "permissions",
            source,
            &path_display,
        ));
    }
    if let Some(plugins) = object.get("plugins").and_then(JsonValue::as_object) {
        result.merge(validate_object_keys(
            plugins,
            PLUGINS_FIELDS,
            "plugins",
            source,
            &path_display,
        ));
    }
    if let Some(sandbox) = object.get("sandbox").and_then(JsonValue::as_object) {
        result.merge(validate_object_keys(
            sandbox,
            SANDBOX_FIELDS,
            "sandbox",
            source,
            &path_display,
        ));
    }
    if let Some(oauth) = object.get("oauth").and_then(JsonValue::as_object) {
        result.merge(validate_object_keys(
            oauth,
            OAUTH_FIELDS,
            "oauth",
            source,
            &path_display,
        ));
    }
    result
 }
 /// Check whether a file path uses an unsupported config format (e.g. TOML).
 pub fn check_unsupported_format(file_path: &Path) -> Result<(), ConfigError> {
    if let Some(ext) = file_path.extension().and_then(|e| e.to_str()) {
        if ext.eq_ignore_ascii_case("toml") {
            return Err(ConfigError::Parse(format!(
                "{}: TOML config files are not supported. Use JSON (settings.json) instead",
                file_path.display()
            )));
        }
    }
    Ok(())
 }
 /// Format all diagnostics into a human-readable report.
 #[must_use]
 pub fn format_diagnostics(result: &ValidationResult) -> String {
    let mut lines = Vec::new();
    for warning in &result.warnings {
        lines.push(format!("warning: {warning}"));
    }
    for error in &result.errors {
        lines.push(format!("error: {error}"));
    }
    lines.join("\n")
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    use std::path::PathBuf;
    fn test_path() -> PathBuf {
        PathBuf::from("/test/settings.json")
    }
    #[test]
    fn detects_unknown_top_level_key() {
        // given
        let source = r#"{"model": "opus", "unknownField": true}"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.errors.len(), 1);
        assert_eq!(result.errors[0].field, "unknownField");
        assert!(matches!(
            result.errors[0].kind,
            DiagnosticKind::UnknownKey { .. }
        ));
    }
    #[test]
    fn detects_wrong_type_for_model() {
        // given
        let source = r#"{"model": 123}"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.errors.len(), 1);
        assert_eq!(result.errors[0].field, "model");
        assert!(matches!(
            result.errors[0].kind,
            DiagnosticKind::WrongType {
                expected: "a string",
                got: "a number"
            }
        ));
    }
    #[test]
    fn detects_deprecated_permission_mode() {
        // given
        let source = r#"{"permissionMode": "plan"}"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.warnings.len(), 1);
        assert_eq!(result.warnings[0].field, "permissionMode");
        assert!(matches!(
            result.warnings[0].kind,
            DiagnosticKind::Deprecated {
                replacement: "permissions.defaultMode"
            }
        ));
    }
    #[test]
    fn detects_deprecated_enabled_plugins() {
        // given
        let source = r#"{"enabledPlugins": {"tool-guard@builtin": true}}"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.warnings.len(), 1);
        assert_eq!(result.warnings[0].field, "enabledPlugins");
        assert!(matches!(
            result.warnings[0].kind,
            DiagnosticKind::Deprecated {
                replacement: "plugins.enabled"
            }
        ));
    }
    #[test]
    fn reports_line_number_for_unknown_key() {
        // given
        let source = "{\n  \"model\": \"opus\",\n  \"badKey\": true\n}";
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.errors.len(), 1);
        assert_eq!(result.errors[0].line, Some(3));
        assert_eq!(result.errors[0].field, "badKey");
    }
    #[test]
    fn reports_line_number_for_wrong_type() {
        // given
        let source = "{\n  \"model\": 42\n}";
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.errors.len(), 1);
        assert_eq!(result.errors[0].line, Some(2));
    }
    #[test]
    fn validates_nested_hooks_keys() {
        // given
        let source = r#"{"hooks": {"PreToolUse": ["cmd"], "BadHook": ["x"]}}"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.errors.len(), 1);
        assert_eq!(result.errors[0].field, "hooks.BadHook");
    }
    #[test]
    fn validates_nested_permissions_keys() {
        // given
        let source = r#"{"permissions": {"allow": ["Read"], "denyAll": true}}"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.errors.len(), 1);
        assert_eq!(result.errors[0].field, "permissions.denyAll");
    }
    #[test]
    fn validates_nested_sandbox_keys() {
        // given
        let source = r#"{"sandbox": {"enabled": true, "containerMode": "strict"}}"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.errors.len(), 1);
        assert_eq!(result.errors[0].field, "sandbox.containerMode");
    }
    #[test]
    fn validates_nested_plugins_keys() {
        // given
        let source = r#"{"plugins": {"installRoot": "/tmp", "autoUpdate": true}}"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.errors.len(), 1);
        assert_eq!(result.errors[0].field, "plugins.autoUpdate");
    }
    #[test]
    fn validates_nested_oauth_keys() {
        // given
        let source = r#"{"oauth": {"clientId": "abc", "secret": "hidden"}}"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.errors.len(), 1);
        assert_eq!(result.errors[0].field, "oauth.secret");
    }
    #[test]
    fn valid_config_produces_no_diagnostics() {
        // given
        let source = r#"{
  "model": "opus",
  "hooks": {"PreToolUse": ["guard"]},
  "permissions": {"defaultMode": "plan", "allow": ["Read"]},
  "mcpServers": {},
  "sandbox": {"enabled": false}
 }"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert!(result.is_ok());
        assert!(result.warnings.is_empty());
    }
    #[test]
    fn suggests_close_field_name() {
        // given
        let source = r#"{"modle": "opus"}"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.errors.len(), 1);
        match &result.errors[0].kind {
            DiagnosticKind::UnknownKey {
                suggestion: Some(s),
            } => assert_eq!(s, "model"),
            other => panic!("expected suggestion, got {other:?}"),
        }
    }
    #[test]
    fn format_diagnostics_includes_all_entries() {
        // given
        let source = r#"{"permissionMode": "plan", "badKey": 1}"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        let result = validate_config_file(object, source, &test_path());
        // when
        let output = format_diagnostics(&result);
        // then
        assert!(output.contains("warning:"));
        assert!(output.contains("error:"));
        assert!(output.contains("badKey"));
        assert!(output.contains("permissionMode"));
    }
    #[test]
    fn check_unsupported_format_rejects_toml() {
        // given
        let path = PathBuf::from("/home/.claw/settings.toml");
        // when
        let result = check_unsupported_format(&path);
        // then
        assert!(result.is_err());
        let message = result.unwrap_err().to_string();
        assert!(message.contains("TOML"));
        assert!(message.contains("settings.toml"));
    }
    #[test]
    fn check_unsupported_format_allows_json() {
        // given
        let path = PathBuf::from("/home/.claw/settings.json");
        // when / then
        assert!(check_unsupported_format(&path).is_ok());
    }
    #[test]
    fn wrong_type_in_nested_sandbox_field() {
        // given
        let source = r#"{"sandbox": {"enabled": "yes"}}"#;
        let parsed = JsonValue::parse(source).expect("valid json");
        let object = parsed.as_object().expect("object");
        // when
        let result = validate_config_file(object, source, &test_path());
        // then
        assert_eq!(result.errors.len(), 1);
        assert_eq!(result.errors[0].field, "sandbox.enabled");
        assert!(matches!(
            result.errors[0].kind,
            DiagnosticKind::WrongType {
                expected: "a boolean",
                got: "a string"
            }
        ));
    }
    #[test]
    fn display_format_unknown_key_with_line() {
        // given
        let diag = ConfigDiagnostic {
            path: "/test/settings.json".to_string(),
            field: "badKey".to_string(),
            line: Some(5),
            kind: DiagnosticKind::UnknownKey { suggestion: None },
        };
        // when
        let output = diag.to_string();
        // then
        assert_eq!(
            output,
            r#"/test/settings.json: unknown key "badKey" (line 5)"#
        );
    }
    #[test]
    fn display_format_wrong_type_with_line() {
        // given
        let diag = ConfigDiagnostic {
            path: "/test/settings.json".to_string(),
            field: "model".to_string(),
            line: Some(2),
            kind: DiagnosticKind::WrongType {
                expected: "a string",
                got: "a number",
            },
        };
        // when
        let output = diag.to_string();
        // then
        assert_eq!(
            output,
            r#"/test/settings.json: field "model" must be a string, got a number (line 2)"#
        );
    }
    #[test]
    fn display_format_deprecated_with_line() {
        // given
        let diag = ConfigDiagnostic {
            path: "/test/settings.json".to_string(),
            field: "permissionMode".to_string(),
            line: Some(3),
            kind: DiagnosticKind::Deprecated {
                replacement: "permissions.defaultMode",
            },
        };
        // when
        let output = diag.to_string();
        // then
        assert_eq!(
            output,
            r#"/test/settings.json: field "permissionMode" is deprecated (line 3). Use "permissions.defaultMode" instead"#
        );
    }
 }
--- a/rust/crates/runtime/src/conversation.rs
+++ b/rust/crates/runtime/src/conversation.rs
@@ -292,6 +292,24 @@ where
        }
    }
    /// Run a session health probe to verify the runtime is functional after compaction.
    /// Returns Ok(()) if healthy, Err if the session appears broken.
    fn run_session_health_probe(&mut self) -> Result<(), String> {
        // Check if we have basic session integrity
        if self.session.messages.is_empty() && self.session.compaction.is_some() {
            // Freshly compacted with no messages - this is normal
            return Ok(());
        }
        // Verify tool executor is responsive with a non-destructive probe
        // Using glob_search with a pattern that won't match anything
        let probe_input = r#"{"pattern": "*.health-check-probe-"}"#;
        match self.tool_executor.execute("glob_search", probe_input) {
            Ok(_) => Ok(()),
            Err(e) => Err(format!("Tool executor probe failed: {e}")),
        }
    }
    #[allow(clippy::too_many_lines)]
    pub fn run_turn(
        &mut self,
@@ -299,6 +317,18 @@ where
        mut prompter: Option<&mut dyn PermissionPrompter>,
    ) -> Result<TurnSummary, RuntimeError> {
        let user_input = user_input.into();
        // ROADMAP #38: Session-health canary - probe if context was compacted
        if self.session.compaction.is_some() {
            if let Err(error) = self.run_session_health_probe() {
                return Err(RuntimeError::new(format!(
                    "Session health probe failed after compaction: {error}. \
                     The session may be in an inconsistent state. \
                     Consider starting a fresh session with /session new."
                )));
            }
        }
        self.record_turn_started(&user_input);
        self.session
            .push_user_text(user_input)
@@ -504,6 +534,14 @@ where
        &self.session
    }
    pub fn api_client_mut(&mut self) -> &mut C {
        &mut self.api_client
    }
    pub fn session_mut(&mut self) -> &mut Session {
        &mut self.session
    }
    #[must_use]
    pub fn fork_session(&self, branch_name: Option<String>) -> Session {
        self.session.fork(branch_name)
@@ -890,6 +928,7 @@ mod tests {
                current_date: "2026-03-31".to_string(),
                git_status: None,
                git_diff: None,
                git_context: None,
                instruction_files: Vec::new(),
            })
            .with_os("linux", "6.8")
@@ -1572,6 +1611,88 @@ mod tests {
        );
    }
    #[test]
    fn compaction_health_probe_blocks_turn_when_tool_executor_is_broken() {
        struct SimpleApi;
        impl ApiClient for SimpleApi {
            fn stream(
                &mut self,
                _request: ApiRequest,
            ) -> Result<Vec<AssistantEvent>, RuntimeError> {
                panic!("API should not run when health probe fails");
            }
        }
        let mut session = Session::new();
        session.record_compaction("summarized earlier work", 4);
        session
            .push_user_text("previous message")
            .expect("message should append");
        let tool_executor = StaticToolExecutor::new().register("glob_search", |_input| {
            Err(ToolError::new("transport unavailable"))
        });
        let mut runtime = ConversationRuntime::new(
            session,
            SimpleApi,
            tool_executor,
            PermissionPolicy::new(PermissionMode::DangerFullAccess),
            vec!["system".to_string()],
        );
        let error = runtime
            .run_turn("trigger", None)
            .expect_err("health probe failure should abort the turn");
        assert!(
            error
                .to_string()
                .contains("Session health probe failed after compaction"),
            "unexpected error: {error}"
        );
        assert!(
            error.to_string().contains("transport unavailable"),
            "expected underlying probe error: {error}"
        );
    }
    #[test]
    fn compaction_health_probe_skips_empty_compacted_session() {
        struct SimpleApi;
        impl ApiClient for SimpleApi {
            fn stream(
                &mut self,
                _request: ApiRequest,
            ) -> Result<Vec<AssistantEvent>, RuntimeError> {
                Ok(vec![
                    AssistantEvent::TextDelta("done".to_string()),
                    AssistantEvent::MessageStop,
                ])
            }
        }
        let mut session = Session::new();
        session.record_compaction("fresh summary", 2);
        let tool_executor = StaticToolExecutor::new().register("glob_search", |_input| {
            Err(ToolError::new(
                "glob_search should not run for an empty compacted session",
            ))
        });
        let mut runtime = ConversationRuntime::new(
            session,
            SimpleApi,
            tool_executor,
            PermissionPolicy::new(PermissionMode::DangerFullAccess),
            vec!["system".to_string()],
        );
        let summary = runtime
            .run_turn("trigger", None)
            .expect("empty compacted session should not fail health probe");
        assert_eq!(summary.auto_compaction, None);
        assert_eq!(runtime.session().messages.len(), 2);
    }
    #[test]
    fn build_assistant_message_requires_message_stop_event() {
        // given
--- a/rust/crates/runtime/src/file_ops.rs
+++ b/rust/crates/runtime/src/file_ops.rs
@@ -308,12 +308,20 @@ pub fn glob_search(pattern: &str, path: Option<&str>) -> io::Result<GlobSearchOu
        base_dir.join(pattern).to_string_lossy().into_owned()
    };
    // The `glob` crate does not support brace expansion ({a,b,c}).
    // Expand braces into multiple patterns so patterns like
    // `Assets/**/*.{cs,uxml,uss}` work correctly.
    let expanded = expand_braces(&search_pattern);
    let mut seen = std::collections::HashSet::new();
    let mut matches = Vec::new();
-    let entries = glob::glob(&search_pattern)
+    for pat in &expanded {
-        .map_err(|error| io::Error::new(io::ErrorKind::InvalidInput, error.to_string()))?;
+        let entries = glob::glob(pat)
-    for entry in entries.flatten() {
+            .map_err(|error| io::Error::new(io::ErrorKind::InvalidInput, error.to_string()))?;
-        if entry.is_file() {
+        for entry in entries.flatten() {
-            matches.push(entry);
+            if entry.is_file() && seen.insert(entry.clone()) {
                matches.push(entry);
            }
        }
    }
@@ -619,13 +627,35 @@ pub fn is_symlink_escape(path: &Path, workspace_root: &Path) -> io::Result<bool>
    Ok(!resolved.starts_with(&canonical_root))
 }
 /// Expand shell-style brace groups in a glob pattern.
 ///
 /// Handles one level of braces: `foo.{a,b,c}` → `["foo.a", "foo.b", "foo.c"]`.
 /// Nested braces are not expanded (uncommon in practice).
 /// Patterns without braces pass through unchanged.
 fn expand_braces(pattern: &str) -> Vec<String> {
    let Some(open) = pattern.find('{') else {
        return vec![pattern.to_owned()];
    };
    let Some(close) = pattern[open..].find('}').map(|i| open + i) else {
        // Unmatched brace — treat as literal.
        return vec![pattern.to_owned()];
    };
    let prefix = &pattern[..open];
    let suffix = &pattern[close + 1..];
    let alternatives = &pattern[open + 1..close];
    alternatives
        .split(',')
        .flat_map(|alt| expand_braces(&format!("{prefix}{alt}{suffix}")))
        .collect()
 }
 #[cfg(test)]
 mod tests {
    use std::time::{SystemTime, UNIX_EPOCH};
    use super::{
-        edit_file, glob_search, grep_search, is_symlink_escape, read_file, read_file_in_workspace,
+        edit_file, expand_braces, glob_search, grep_search, is_symlink_escape, read_file,
-        write_file, GrepSearchInput, MAX_WRITE_SIZE,
+        read_file_in_workspace, write_file, GrepSearchInput, MAX_WRITE_SIZE,
    };
    fn temp_path(name: &str) -> std::path::PathBuf {
@@ -759,4 +789,51 @@ mod tests {
        .expect("grep should succeed");
        assert!(grep_output.content.unwrap_or_default().contains("hello"));
    }
    #[test]
    fn expand_braces_no_braces() {
        assert_eq!(expand_braces("*.rs"), vec!["*.rs"]);
    }
    #[test]
    fn expand_braces_single_group() {
        let mut result = expand_braces("Assets/**/*.{cs,uxml,uss}");
        result.sort();
        assert_eq!(
            result,
            vec!["Assets/**/*.cs", "Assets/**/*.uss", "Assets/**/*.uxml",]
        );
    }
    #[test]
    fn expand_braces_nested() {
        let mut result = expand_braces("src/{a,b}.{rs,toml}");
        result.sort();
        assert_eq!(
            result,
            vec!["src/a.rs", "src/a.toml", "src/b.rs", "src/b.toml"]
        );
    }
    #[test]
    fn expand_braces_unmatched() {
        assert_eq!(expand_braces("foo.{bar"), vec!["foo.{bar"]);
    }
    #[test]
    fn glob_search_with_braces_finds_files() {
        let dir = temp_path("glob-braces");
        std::fs::create_dir_all(&dir).unwrap();
        std::fs::write(dir.join("a.rs"), "fn main() {}").unwrap();
        std::fs::write(dir.join("b.toml"), "[package]").unwrap();
        std::fs::write(dir.join("c.txt"), "hello").unwrap();
        let result =
            glob_search("*.{rs,toml}", Some(dir.to_str().unwrap())).expect("glob should succeed");
        assert_eq!(
            result.num_files, 2,
            "should match .rs and .toml but not .txt"
        );
        let _ = std::fs::remove_dir_all(&dir);
    }
 }
--- a/rust/crates/runtime/src/git_context.rs
+++ b/rust/crates/runtime/src/git_context.rs
@@ -0,0 +1,324 @@
 use std::path::Path;
 use std::process::Command;
 /// A single git commit entry from the log.
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct GitCommitEntry {
    pub hash: String,
    pub subject: String,
 }
 /// Git-aware context gathered at startup for injection into the system prompt.
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct GitContext {
    pub branch: Option<String>,
    pub recent_commits: Vec<GitCommitEntry>,
    pub staged_files: Vec<String>,
 }
 const MAX_RECENT_COMMITS: usize = 5;
 impl GitContext {
    /// Detect the git context from the given working directory.
    ///
    /// Returns `None` when the directory is not inside a git repository.
    #[must_use]
    pub fn detect(cwd: &Path) -> Option<Self> {
        // Quick gate: is this a git repo at all?
        let rev_parse = Command::new("git")
            .args(["rev-parse", "--is-inside-work-tree"])
            .current_dir(cwd)
            .output()
            .ok()?;
        if !rev_parse.status.success() {
            return None;
        }
        Some(Self {
            branch: read_branch(cwd),
            recent_commits: read_recent_commits(cwd),
            staged_files: read_staged_files(cwd),
        })
    }
    /// Render a human-readable summary suitable for system-prompt injection.
    #[must_use]
    pub fn render(&self) -> String {
        let mut lines = Vec::new();
        if let Some(branch) = &self.branch {
            lines.push(format!("Git branch: {branch}"));
        }
        if !self.recent_commits.is_empty() {
            lines.push(String::new());
            lines.push("Recent commits:".to_string());
            for entry in &self.recent_commits {
                lines.push(format!("  {} {}", entry.hash, entry.subject));
            }
        }
        if !self.staged_files.is_empty() {
            lines.push(String::new());
            lines.push("Staged files:".to_string());
            for file in &self.staged_files {
                lines.push(format!("  {file}"));
            }
        }
        lines.join("\n")
    }
 }
 fn read_branch(cwd: &Path) -> Option<String> {
    let output = Command::new("git")
        .args(["rev-parse", "--abbrev-ref", "HEAD"])
        .current_dir(cwd)
        .output()
        .ok()?;
    if !output.status.success() {
        return None;
    }
    let branch = String::from_utf8(output.stdout).ok()?;
    let trimmed = branch.trim();
    if trimmed.is_empty() || trimmed == "HEAD" {
        None
    } else {
        Some(trimmed.to_string())
    }
 }
 fn read_recent_commits(cwd: &Path) -> Vec<GitCommitEntry> {
    let output = Command::new("git")
        .args([
            "--no-optional-locks",
            "log",
            "--oneline",
            "-n",
            &MAX_RECENT_COMMITS.to_string(),
            "--no-decorate",
        ])
        .current_dir(cwd)
        .output()
        .ok();
    let Some(output) = output else {
        return Vec::new();
    };
    if !output.status.success() {
        return Vec::new();
    }
    let stdout = String::from_utf8(output.stdout).unwrap_or_default();
    stdout
        .lines()
        .filter_map(|line| {
            let line = line.trim();
            if line.is_empty() {
                return None;
            }
            let (hash, subject) = line.split_once(' ')?;
            Some(GitCommitEntry {
                hash: hash.to_string(),
                subject: subject.to_string(),
            })
        })
        .collect()
 }
 fn read_staged_files(cwd: &Path) -> Vec<String> {
    let output = Command::new("git")
        .args(["--no-optional-locks", "diff", "--cached", "--name-only"])
        .current_dir(cwd)
        .output()
        .ok();
    let Some(output) = output else {
        return Vec::new();
    };
    if !output.status.success() {
        return Vec::new();
    }
    let stdout = String::from_utf8(output.stdout).unwrap_or_default();
    stdout
        .lines()
        .filter(|line| !line.trim().is_empty())
        .map(|line| line.trim().to_string())
        .collect()
 }
 #[cfg(test)]
 mod tests {
    use super::{GitCommitEntry, GitContext};
    use std::fs;
    use std::process::Command;
    use std::time::{SystemTime, UNIX_EPOCH};
    fn temp_dir(label: &str) -> std::path::PathBuf {
        let nanos = SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .expect("time should be after epoch")
            .as_nanos();
        std::env::temp_dir().join(format!("runtime-git-context-{label}-{nanos}"))
    }
    fn env_lock() -> std::sync::MutexGuard<'static, ()> {
        crate::test_env_lock()
    }
    fn ensure_valid_cwd() {
        if std::env::current_dir().is_err() {
            std::env::set_current_dir(env!("CARGO_MANIFEST_DIR"))
                .expect("test cwd should be recoverable");
        }
    }
    #[test]
    fn returns_none_for_non_git_directory() {
        // given
        let _guard = env_lock();
        ensure_valid_cwd();
        let root = temp_dir("non-git");
        fs::create_dir_all(&root).expect("create dir");
        // when
        let context = GitContext::detect(&root);
        // then
        assert!(context.is_none());
        fs::remove_dir_all(root).expect("cleanup");
    }
    #[test]
    fn detects_branch_name_and_commits() {
        // given
        let _guard = env_lock();
        ensure_valid_cwd();
        let root = temp_dir("branch-commits");
        fs::create_dir_all(&root).expect("create dir");
        git(&root, &["init", "--quiet", "--initial-branch=main"]);
        git(&root, &["config", "user.email", "tests@example.com"]);
        git(&root, &["config", "user.name", "Git Context Tests"]);
        fs::write(root.join("a.txt"), "a\n").expect("write a");
        git(&root, &["add", "a.txt"]);
        git(&root, &["commit", "-m", "first commit", "--quiet"]);
        fs::write(root.join("b.txt"), "b\n").expect("write b");
        git(&root, &["add", "b.txt"]);
        git(&root, &["commit", "-m", "second commit", "--quiet"]);
        // when
        let context = GitContext::detect(&root).expect("should detect git repo");
        // then
        assert_eq!(context.branch.as_deref(), Some("main"));
        assert_eq!(context.recent_commits.len(), 2);
        assert_eq!(context.recent_commits[0].subject, "second commit");
        assert_eq!(context.recent_commits[1].subject, "first commit");
        assert!(context.staged_files.is_empty());
        fs::remove_dir_all(root).expect("cleanup");
    }
    #[test]
    fn detects_staged_files() {
        // given
        let _guard = env_lock();
        ensure_valid_cwd();
        let root = temp_dir("staged");
        fs::create_dir_all(&root).expect("create dir");
        git(&root, &["init", "--quiet", "--initial-branch=main"]);
        git(&root, &["config", "user.email", "tests@example.com"]);
        git(&root, &["config", "user.name", "Git Context Tests"]);
        fs::write(root.join("init.txt"), "init\n").expect("write init");
        git(&root, &["add", "init.txt"]);
        git(&root, &["commit", "-m", "initial", "--quiet"]);
        fs::write(root.join("staged.txt"), "staged\n").expect("write staged");
        git(&root, &["add", "staged.txt"]);
        // when
        let context = GitContext::detect(&root).expect("should detect git repo");
        // then
        assert_eq!(context.staged_files, vec!["staged.txt"]);
        fs::remove_dir_all(root).expect("cleanup");
    }
    #[test]
    fn render_formats_all_sections() {
        // given
        let context = GitContext {
            branch: Some("feat/test".to_string()),
            recent_commits: vec![
                GitCommitEntry {
                    hash: "abc1234".to_string(),
                    subject: "add feature".to_string(),
                },
                GitCommitEntry {
                    hash: "def5678".to_string(),
                    subject: "fix bug".to_string(),
                },
            ],
            staged_files: vec!["src/main.rs".to_string()],
        };
        // when
        let rendered = context.render();
        // then
        assert!(rendered.contains("Git branch: feat/test"));
        assert!(rendered.contains("abc1234 add feature"));
        assert!(rendered.contains("def5678 fix bug"));
        assert!(rendered.contains("src/main.rs"));
    }
    #[test]
    fn render_omits_empty_sections() {
        // given
        let context = GitContext {
            branch: Some("main".to_string()),
            recent_commits: Vec::new(),
            staged_files: Vec::new(),
        };
        // when
        let rendered = context.render();
        // then
        assert!(rendered.contains("Git branch: main"));
        assert!(!rendered.contains("Recent commits:"));
        assert!(!rendered.contains("Staged files:"));
    }
    #[test]
    fn limits_to_five_recent_commits() {
        // given
        let _guard = env_lock();
        ensure_valid_cwd();
        let root = temp_dir("five-commits");
        fs::create_dir_all(&root).expect("create dir");
        git(&root, &["init", "--quiet", "--initial-branch=main"]);
        git(&root, &["config", "user.email", "tests@example.com"]);
        git(&root, &["config", "user.name", "Git Context Tests"]);
        for i in 1..=8 {
            let name = format!("file{i}.txt");
            fs::write(root.join(&name), format!("{i}\n")).expect("write file");
            git(&root, &["add", &name]);
            git(&root, &["commit", "-m", &format!("commit {i}"), "--quiet"]);
        }
        // when
        let context = GitContext::detect(&root).expect("should detect git repo");
        // then
        assert_eq!(context.recent_commits.len(), 5);
        assert_eq!(context.recent_commits[0].subject, "commit 8");
        assert_eq!(context.recent_commits[4].subject, "commit 4");
        fs::remove_dir_all(root).expect("cleanup");
    }
    fn git(cwd: &std::path::Path, args: &[&str]) {
        let status = Command::new("git")
            .args(args)
            .current_dir(cwd)
            .output()
            .unwrap_or_else(|_| panic!("git {args:?} should run"))
            .status;
        assert!(status.success(), "git {args:?} failed");
    }
 }
--- a/rust/crates/runtime/src/hooks.rs
+++ b/rust/crates/runtime/src/hooks.rs
@@ -1,4 +1,5 @@
 use std::ffi::OsStr;
 use std::fmt::Write as FmtWrite;
 use std::io::Write;
 use std::process::{Command, Stdio};
 use std::sync::{
@@ -13,6 +14,8 @@ use serde_json::{json, Value};
 use crate::config::{RuntimeFeatureConfig, RuntimeHookConfig};
 use crate::permissions::PermissionOverride;
 const HOOK_PREVIEW_CHAR_LIMIT: usize = 160;
 pub type HookPermissionDecision = PermissionOverride;
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
@@ -437,7 +440,7 @@ impl HookRunner {
            Ok(CommandExecution::Finished(output)) => {
                let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
                let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
-                let parsed = parse_hook_output(&stdout);
+                let parsed = parse_hook_output(event, tool_name, command, &stdout, &stderr);
                let primary_message = parsed.primary_message().map(ToOwned::to_owned);
                match output.status.code() {
                    Some(0) => {
@@ -532,16 +535,54 @@ fn merge_parsed_hook_output(target: &mut HookRunResult, parsed: ParsedHookOutput
    }
 }
-fn parse_hook_output(stdout: &str) -> ParsedHookOutput {
+fn parse_hook_output(
    event: HookEvent,
    tool_name: &str,
    command: &str,
    stdout: &str,
    stderr: &str,
 ) -> ParsedHookOutput {
    if stdout.is_empty() {
        return ParsedHookOutput::default();
    }
-    let Ok(Value::Object(root)) = serde_json::from_str::<Value>(stdout) else {
+    let root = match serde_json::from_str::<Value>(stdout) {
-        return ParsedHookOutput {
+        Ok(Value::Object(root)) => root,
-            messages: vec![stdout.to_string()],
+        Ok(value) => {
-            ..ParsedHookOutput::default()
+            return ParsedHookOutput {
-        };
+                messages: vec![format_invalid_hook_output(
                    event,
                    tool_name,
                    command,
                    &format!(
                        "expected top-level JSON object, got {}",
                        json_type_name(&value)
                    ),
                    stdout,
                    stderr,
                )],
                ..ParsedHookOutput::default()
            };
        }
        Err(error) if looks_like_json_attempt(stdout) => {
            return ParsedHookOutput {
                messages: vec![format_invalid_hook_output(
                    event,
                    tool_name,
                    command,
                    &error.to_string(),
                    stdout,
                    stderr,
                )],
                ..ParsedHookOutput::default()
            };
        }
        Err(_) => {
            return ParsedHookOutput {
                messages: vec![stdout.to_string()],
                ..ParsedHookOutput::default()
            };
        }
    };
    let mut parsed = ParsedHookOutput::default();
@@ -619,6 +660,69 @@ fn parse_tool_input(tool_input: &str) -> Value {
    serde_json::from_str(tool_input).unwrap_or_else(|_| json!({ "raw": tool_input }))
 }
 fn format_invalid_hook_output(
    event: HookEvent,
    tool_name: &str,
    command: &str,
    detail: &str,
    stdout: &str,
    stderr: &str,
 ) -> String {
    let stdout_preview = bounded_hook_preview(stdout).unwrap_or_else(|| "<empty>".to_string());
    let stderr_preview = bounded_hook_preview(stderr).unwrap_or_else(|| "<empty>".to_string());
    let command_preview = bounded_hook_preview(command).unwrap_or_else(|| "<empty>".to_string());
    format!(
        "hook_invalid_json: phase={} tool={} command={} detail={} stdout_preview={} stderr_preview={}",
        event.as_str(),
        tool_name,
        command_preview,
        detail,
        stdout_preview,
        stderr_preview
    )
 }
 fn bounded_hook_preview(value: &str) -> Option<String> {
    let trimmed = value.trim();
    if trimmed.is_empty() {
        return None;
    }
    let mut preview = String::new();
    for (count, ch) in trimmed.chars().enumerate() {
        if count == HOOK_PREVIEW_CHAR_LIMIT {
            preview.push('…');
            break;
        }
        match ch {
            '\n' => preview.push_str("\\n"),
            '\r' => preview.push_str("\\r"),
            '\t' => preview.push_str("\\t"),
            control if control.is_control() => {
                let _ = write!(&mut preview, "\\u{{{:x}}}", control as u32);
            }
            _ => preview.push(ch),
        }
    }
    Some(preview)
 }
 fn json_type_name(value: &Value) -> &'static str {
    match value {
        Value::Null => "null",
        Value::Bool(_) => "boolean",
        Value::Number(_) => "number",
        Value::String(_) => "string",
        Value::Array(_) => "array",
        Value::Object(_) => "object",
    }
 }
 fn looks_like_json_attempt(value: &str) -> bool {
    matches!(value.trim_start().chars().next(), Some('{' | '['))
 }
 fn format_hook_failure(command: &str, code: i32, stdout: Option<&str>, stderr: &str) -> String {
    let mut message = format!("Hook `{command}` exited with status {code}");
    if let Some(stdout) = stdout.filter(|stdout| !stdout.is_empty()) {
@@ -935,6 +1039,31 @@ mod tests {
        assert!(!result.messages().iter().any(|message| message == "later"));
    }
    #[test]
    fn malformed_nonempty_hook_output_reports_explicit_diagnostic_with_previews() {
        let runner = HookRunner::new(RuntimeHookConfig::new(
            vec![shell_snippet(
                "printf '{not-json\nsecond line'; printf 'stderr warning' >&2; exit 1",
            )],
            Vec::new(),
            Vec::new(),
        ));
        let result = runner.run_pre_tool_use("Edit", r#"{"file":"src/lib.rs"}"#);
        assert!(result.is_failed());
        let rendered = result.messages().join("\n");
        assert!(rendered.contains("hook_invalid_json:"));
        assert!(rendered.contains("phase=PreToolUse"));
        assert!(rendered.contains("tool=Edit"));
        assert!(rendered.contains("command=printf '{not-json"));
        assert!(rendered.contains("printf 'stderr warning' >&2; exit 1"));
        assert!(rendered.contains("detail=key must be a string"));
        assert!(rendered.contains("stdout_preview={not-json"));
        assert!(rendered.contains("second line stderr_preview=stderr warning"));
        assert!(rendered.contains("stderr_preview=stderr warning"));
    }
    #[test]
    fn abort_signal_cancels_long_running_hook_and_reports_progress() {
        let runner = HookRunner::new(RuntimeHookConfig::new(
--- a/rust/crates/runtime/src/lane_events.rs
+++ b/rust/crates/runtime/src/lane_events.rs
@@ -1,4 +1,4 @@
-#![allow(clippy::similar_names)]
+#![allow(clippy::similar_names, clippy::cast_possible_truncation)]
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
@@ -36,6 +36,8 @@ pub enum LaneEventName {
    Closed,
    #[serde(rename = "branch.stale_against_main")]
    BranchStaleAgainstMain,
    #[serde(rename = "branch.workspace_mismatch")]
    BranchWorkspaceMismatch,
 }
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
@@ -67,9 +69,320 @@ pub enum LaneFailureClass {
    McpHandshake,
    GatewayRouting,
    ToolRuntime,
    WorkspaceMismatch,
    Infra,
 }
 /// Provenance labels for event source classification.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
 #[serde(rename_all = "snake_case")]
 pub enum EventProvenance {
    /// Event from a live, active lane
    LiveLane,
    /// Event from a synthetic test
    Test,
    /// Event from a healthcheck probe
    Healthcheck,
    /// Event from a replay/log replay
    Replay,
    /// Event from the transport layer itself
    Transport,
 }
 /// Session identity metadata captured at creation time.
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
 pub struct SessionIdentity {
    /// Stable title for the session
    pub title: String,
    /// Workspace/worktree path
    pub workspace: String,
    /// Lane/session purpose
    pub purpose: String,
    /// Placeholder reason if any field is unknown
    #[serde(skip_serializing_if = "Option::is_none")]
    pub placeholder_reason: Option<String>,
 }
 impl SessionIdentity {
    /// Create complete session identity
    #[must_use]
    pub fn new(
        title: impl Into<String>,
        workspace: impl Into<String>,
        purpose: impl Into<String>,
    ) -> Self {
        Self {
            title: title.into(),
            workspace: workspace.into(),
            purpose: purpose.into(),
            placeholder_reason: None,
        }
    }
    /// Create session identity with placeholder for missing fields
    #[must_use]
    pub fn with_placeholder(
        title: impl Into<String>,
        workspace: impl Into<String>,
        purpose: impl Into<String>,
        reason: impl Into<String>,
    ) -> Self {
        Self {
            title: title.into(),
            workspace: workspace.into(),
            purpose: purpose.into(),
            placeholder_reason: Some(reason.into()),
        }
    }
 }
 /// Lane ownership and workflow scope binding.
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
 pub struct LaneOwnership {
    /// Owner/assignee identity
    pub owner: String,
    /// Workflow scope (e.g., claw-code-dogfood, external-git-maintenance)
    pub workflow_scope: String,
    /// Whether the watcher is expected to act, observe, or ignore
    pub watcher_action: WatcherAction,
 }
 /// Watcher action expectation for a lane event.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
 #[serde(rename_all = "snake_case")]
 pub enum WatcherAction {
    /// Watcher should take action on this event
    Act,
    /// Watcher should only observe
    Observe,
    /// Watcher should ignore this event
    Ignore,
 }
 /// Event metadata for ordering, provenance, deduplication, and ownership.
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
 pub struct LaneEventMetadata {
    /// Monotonic sequence number for event ordering
    pub seq: u64,
    /// Event provenance source
    pub provenance: EventProvenance,
    /// Session identity at creation
    #[serde(skip_serializing_if = "Option::is_none")]
    pub session_identity: Option<SessionIdentity>,
    /// Lane ownership and scope
    #[serde(skip_serializing_if = "Option::is_none")]
    pub ownership: Option<LaneOwnership>,
    /// Nudge ID for deduplication cycles
    #[serde(skip_serializing_if = "Option::is_none")]
    pub nudge_id: Option<String>,
    /// Event fingerprint for terminal event deduplication
    #[serde(skip_serializing_if = "Option::is_none")]
    pub event_fingerprint: Option<String>,
    /// Timestamp when event was observed/created
    pub timestamp_ms: u64,
 }
 impl LaneEventMetadata {
    /// Create new event metadata
    #[must_use]
    pub fn new(seq: u64, provenance: EventProvenance) -> Self {
        Self {
            seq,
            provenance,
            session_identity: None,
            ownership: None,
            nudge_id: None,
            event_fingerprint: None,
            timestamp_ms: std::time::SystemTime::now()
                .duration_since(std::time::UNIX_EPOCH)
                .unwrap_or_default()
                .as_millis() as u64,
        }
    }
    /// Add session identity
    #[must_use]
    pub fn with_session_identity(mut self, identity: SessionIdentity) -> Self {
        self.session_identity = Some(identity);
        self
    }
    /// Add ownership info
    #[must_use]
    pub fn with_ownership(mut self, ownership: LaneOwnership) -> Self {
        self.ownership = Some(ownership);
        self
    }
    /// Add nudge ID for dedupe
    #[must_use]
    pub fn with_nudge_id(mut self, nudge_id: impl Into<String>) -> Self {
        self.nudge_id = Some(nudge_id.into());
        self
    }
    /// Compute and add event fingerprint for terminal events
    #[must_use]
    pub fn with_fingerprint(mut self, fingerprint: impl Into<String>) -> Self {
        self.event_fingerprint = Some(fingerprint.into());
        self
    }
 }
 /// Builder for constructing [`LaneEvent`]s with proper metadata.
 #[derive(Debug, Clone)]
 pub struct LaneEventBuilder {
    event: LaneEventName,
    status: LaneEventStatus,
    emitted_at: String,
    metadata: LaneEventMetadata,
    detail: Option<String>,
    failure_class: Option<LaneFailureClass>,
    data: Option<serde_json::Value>,
 }
 impl LaneEventBuilder {
    /// Start building a new lane event
    #[must_use]
    pub fn new(
        event: LaneEventName,
        status: LaneEventStatus,
        emitted_at: impl Into<String>,
        seq: u64,
        provenance: EventProvenance,
    ) -> Self {
        Self {
            event,
            status,
            emitted_at: emitted_at.into(),
            metadata: LaneEventMetadata::new(seq, provenance),
            detail: None,
            failure_class: None,
            data: None,
        }
    }
    /// Add session identity
    #[must_use]
    pub fn with_session_identity(mut self, identity: SessionIdentity) -> Self {
        self.metadata = self.metadata.with_session_identity(identity);
        self
    }
    /// Add ownership info
    #[must_use]
    pub fn with_ownership(mut self, ownership: LaneOwnership) -> Self {
        self.metadata = self.metadata.with_ownership(ownership);
        self
    }
    /// Add nudge ID
    #[must_use]
    pub fn with_nudge_id(mut self, nudge_id: impl Into<String>) -> Self {
        self.metadata = self.metadata.with_nudge_id(nudge_id);
        self
    }
    /// Add detail
    #[must_use]
    pub fn with_detail(mut self, detail: impl Into<String>) -> Self {
        self.detail = Some(detail.into());
        self
    }
    /// Add failure class
    #[must_use]
    pub fn with_failure_class(mut self, failure_class: LaneFailureClass) -> Self {
        self.failure_class = Some(failure_class);
        self
    }
    /// Add data payload
    #[must_use]
    pub fn with_data(mut self, data: serde_json::Value) -> Self {
        self.data = Some(data);
        self
    }
    /// Compute fingerprint and build terminal event
    #[must_use]
    pub fn build_terminal(mut self) -> LaneEvent {
        let fingerprint = compute_event_fingerprint(&self.event, &self.status, self.data.as_ref());
        self.metadata = self.metadata.with_fingerprint(fingerprint);
        self.build()
    }
    /// Build the event
    #[must_use]
    pub fn build(self) -> LaneEvent {
        LaneEvent {
            event: self.event,
            status: self.status,
            emitted_at: self.emitted_at,
            failure_class: self.failure_class,
            detail: self.detail,
            data: self.data,
            metadata: self.metadata,
        }
    }
 }
 /// Check if an event kind is terminal (completed, failed, superseded, closed).
 #[must_use]
 pub fn is_terminal_event(event: LaneEventName) -> bool {
    matches!(
        event,
        LaneEventName::Finished
            | LaneEventName::Failed
            | LaneEventName::Superseded
            | LaneEventName::Closed
            | LaneEventName::Merged
    )
 }
 /// Compute a fingerprint for terminal event deduplication.
 #[must_use]
 pub fn compute_event_fingerprint(
    event: &LaneEventName,
    status: &LaneEventStatus,
    data: Option<&serde_json::Value>,
 ) -> String {
    use std::collections::hash_map::DefaultHasher;
    use std::hash::{Hash, Hasher};
    let mut hasher = DefaultHasher::new();
    format!("{event:?}").hash(&mut hasher);
    format!("{status:?}").hash(&mut hasher);
    if let Some(d) = data {
        serde_json::to_string(d)
            .unwrap_or_default()
            .hash(&mut hasher);
    }
    format!("{:016x}", hasher.finish())
 }
 /// Deduplicate terminal events within a reconciliation window.
 /// Returns only the first occurrence of each terminal fingerprint.
 #[must_use]
 pub fn dedupe_terminal_events(events: &[LaneEvent]) -> Vec<LaneEvent> {
    let mut seen_fingerprints = std::collections::HashSet::new();
    let mut result = Vec::new();
    for event in events {
        if is_terminal_event(event.event) {
            if let Some(fp) = &event.metadata.event_fingerprint {
                if seen_fingerprints.contains(fp) {
                    continue; // Skip duplicate terminal event
                }
                seen_fingerprints.insert(fp.clone());
            }
        }
        result.push(event.clone());
    }
    result
 }
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
 pub struct LaneEventBlocker {
    #[serde(rename = "failureClass")]
@@ -103,9 +416,13 @@ pub struct LaneEvent {
    pub detail: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub data: Option<Value>,
    /// Event metadata for ordering, provenance, dedupe, and ownership
    pub metadata: LaneEventMetadata,
 }
 impl LaneEvent {
    /// Create a new lane event with minimal metadata (seq=0, provenance=LiveLane)
    /// Use `LaneEventBuilder` for events requiring full metadata.
    #[must_use]
    pub fn new(
        event: LaneEventName,
@@ -119,6 +436,7 @@ impl LaneEvent {
            failure_class: None,
            detail: None,
            data: None,
            metadata: LaneEventMetadata::new(0, EventProvenance::LiveLane),
        }
    }
@@ -251,8 +569,10 @@ mod tests {
    use serde_json::json;
    use super::{
-        dedupe_superseded_commit_events, LaneCommitProvenance, LaneEvent, LaneEventBlocker,
+        compute_event_fingerprint, dedupe_superseded_commit_events, dedupe_terminal_events,
-        LaneEventName, LaneEventStatus, LaneFailureClass,
+        is_terminal_event, EventProvenance, LaneCommitProvenance, LaneEvent, LaneEventBlocker,
        LaneEventBuilder, LaneEventMetadata, LaneEventName, LaneEventStatus, LaneFailureClass,
        LaneOwnership, SessionIdentity, WatcherAction,
    };
    #[test]
@@ -277,6 +597,10 @@ mod tests {
                LaneEventName::BranchStaleAgainstMain,
                "branch.stale_against_main",
            ),
            (
                LaneEventName::BranchWorkspaceMismatch,
                "branch.workspace_mismatch",
            ),
        ];
        for (event, expected) in cases {
@@ -300,6 +624,7 @@ mod tests {
            (LaneFailureClass::McpHandshake, "mcp_handshake"),
            (LaneFailureClass::GatewayRouting, "gateway_routing"),
            (LaneFailureClass::ToolRuntime, "tool_runtime"),
            (LaneFailureClass::WorkspaceMismatch, "workspace_mismatch"),
            (LaneFailureClass::Infra, "infra"),
        ];
@@ -329,6 +654,38 @@ mod tests {
        assert_eq!(failed.detail.as_deref(), Some("broken server"));
    }
    #[test]
    fn workspace_mismatch_failure_class_round_trips_in_branch_event_payloads() {
        let mismatch = LaneEvent::new(
            LaneEventName::BranchWorkspaceMismatch,
            LaneEventStatus::Blocked,
            "2026-04-04T00:00:02Z",
        )
        .with_failure_class(LaneFailureClass::WorkspaceMismatch)
        .with_detail("session belongs to /tmp/repo-a but current workspace is /tmp/repo-b")
        .with_data(json!({
            "expectedWorkspaceRoot": "/tmp/repo-a",
            "actualWorkspaceRoot": "/tmp/repo-b",
            "sessionId": "sess-123",
        }));
        let mismatch_json = serde_json::to_value(&mismatch).expect("lane event should serialize");
        assert_eq!(mismatch_json["event"], "branch.workspace_mismatch");
        assert_eq!(mismatch_json["failureClass"], "workspace_mismatch");
        assert_eq!(
            mismatch_json["data"]["expectedWorkspaceRoot"],
            "/tmp/repo-a"
        );
        let round_trip: LaneEvent =
            serde_json::from_value(mismatch_json).expect("lane event should deserialize");
        assert_eq!(round_trip.event, LaneEventName::BranchWorkspaceMismatch);
        assert_eq!(
            round_trip.failure_class,
            Some(LaneFailureClass::WorkspaceMismatch)
        );
    }
    #[test]
    fn commit_events_can_carry_worktree_and_supersession_metadata() {
        let event = LaneEvent::commit_created(
@@ -380,4 +737,222 @@ mod tests {
        assert_eq!(retained.len(), 1);
        assert_eq!(retained[0].detail.as_deref(), Some("new"));
    }
    #[test]
    fn lane_event_metadata_includes_monotonic_sequence() {
        let meta1 = LaneEventMetadata::new(0, EventProvenance::LiveLane);
        let meta2 = LaneEventMetadata::new(1, EventProvenance::LiveLane);
        let meta3 = LaneEventMetadata::new(2, EventProvenance::Test);
        assert_eq!(meta1.seq, 0);
        assert_eq!(meta2.seq, 1);
        assert_eq!(meta3.seq, 2);
        assert!(meta1.timestamp_ms <= meta2.timestamp_ms);
    }
    #[test]
    fn event_provenance_round_trips_through_serialization() {
        let cases = [
            (EventProvenance::LiveLane, "live_lane"),
            (EventProvenance::Test, "test"),
            (EventProvenance::Healthcheck, "healthcheck"),
            (EventProvenance::Replay, "replay"),
            (EventProvenance::Transport, "transport"),
        ];
        for (provenance, expected) in cases {
            let json = serde_json::to_value(provenance).expect("should serialize");
            assert_eq!(json, serde_json::json!(expected));
            let round_trip: EventProvenance =
                serde_json::from_value(json).expect("should deserialize");
            assert_eq!(round_trip, provenance);
        }
    }
    #[test]
    fn session_identity_is_complete_at_creation() {
        let identity = SessionIdentity::new("my-lane", "/tmp/repo", "implement feature X");
        assert_eq!(identity.title, "my-lane");
        assert_eq!(identity.workspace, "/tmp/repo");
        assert_eq!(identity.purpose, "implement feature X");
        assert!(identity.placeholder_reason.is_none());
        // Test with placeholder
        let with_placeholder = SessionIdentity::with_placeholder(
            "untitled",
            "/tmp/unknown",
            "unknown",
            "session created before title was known",
        );
        assert_eq!(
            with_placeholder.placeholder_reason,
            Some("session created before title was known".to_string())
        );
    }
    #[test]
    fn lane_ownership_binding_includes_workflow_scope() {
        let ownership = LaneOwnership {
            owner: "claw-1".to_string(),
            workflow_scope: "claw-code-dogfood".to_string(),
            watcher_action: WatcherAction::Act,
        };
        assert_eq!(ownership.owner, "claw-1");
        assert_eq!(ownership.workflow_scope, "claw-code-dogfood");
        assert_eq!(ownership.watcher_action, WatcherAction::Act);
    }
    #[test]
    fn watcher_action_round_trips_through_serialization() {
        let cases = [
            (WatcherAction::Act, "act"),
            (WatcherAction::Observe, "observe"),
            (WatcherAction::Ignore, "ignore"),
        ];
        for (action, expected) in cases {
            let json = serde_json::to_value(action).expect("should serialize");
            assert_eq!(json, serde_json::json!(expected));
            let round_trip: WatcherAction =
                serde_json::from_value(json).expect("should deserialize");
            assert_eq!(round_trip, action);
        }
    }
    #[test]
    fn is_terminal_event_detects_terminal_states() {
        assert!(is_terminal_event(LaneEventName::Finished));
        assert!(is_terminal_event(LaneEventName::Failed));
        assert!(is_terminal_event(LaneEventName::Superseded));
        assert!(is_terminal_event(LaneEventName::Closed));
        assert!(is_terminal_event(LaneEventName::Merged));
        assert!(!is_terminal_event(LaneEventName::Started));
        assert!(!is_terminal_event(LaneEventName::Ready));
        assert!(!is_terminal_event(LaneEventName::Blocked));
    }
    #[test]
    fn compute_event_fingerprint_is_deterministic() {
        let fp1 = compute_event_fingerprint(
            &LaneEventName::Finished,
            &LaneEventStatus::Completed,
            Some(&json!({"commit": "abc123"})),
        );
        let fp2 = compute_event_fingerprint(
            &LaneEventName::Finished,
            &LaneEventStatus::Completed,
            Some(&json!({"commit": "abc123"})),
        );
        assert_eq!(fp1, fp2, "same inputs should produce same fingerprint");
        assert!(!fp1.is_empty());
        assert_eq!(fp1.len(), 16, "fingerprint should be 16 hex chars");
    }
    #[test]
    fn compute_event_fingerprint_differs_for_different_inputs() {
        let fp1 =
            compute_event_fingerprint(&LaneEventName::Finished, &LaneEventStatus::Completed, None);
        let fp2 = compute_event_fingerprint(&LaneEventName::Failed, &LaneEventStatus::Failed, None);
        let fp3 = compute_event_fingerprint(
            &LaneEventName::Finished,
            &LaneEventStatus::Completed,
            Some(&json!({"commit": "abc123"})),
        );
        assert_ne!(fp1, fp2, "different event/status should differ");
        assert_ne!(fp1, fp3, "different data should differ");
    }
    #[test]
    fn dedupe_terminal_events_suppresses_duplicates() {
        let event1 = LaneEventBuilder::new(
            LaneEventName::Finished,
            LaneEventStatus::Completed,
            "2026-04-04T00:00:00Z",
            0,
            EventProvenance::LiveLane,
        )
        .build_terminal();
        let event2 = LaneEventBuilder::new(
            LaneEventName::Started,
            LaneEventStatus::Running,
            "2026-04-04T00:00:01Z",
            1,
            EventProvenance::LiveLane,
        )
        .build();
        let event3 = LaneEventBuilder::new(
            LaneEventName::Finished,
            LaneEventStatus::Completed,
            "2026-04-04T00:00:02Z",
            2,
            EventProvenance::LiveLane,
        )
        .build_terminal(); // Same fingerprint as event1
        let deduped = dedupe_terminal_events(&[event1.clone(), event2.clone(), event3.clone()]);
        assert_eq!(deduped.len(), 2, "should have 2 events after dedupe");
        assert_eq!(deduped[0].event, LaneEventName::Finished);
        assert_eq!(deduped[1].event, LaneEventName::Started);
        // event3 should be suppressed as duplicate of event1
    }
    #[test]
    fn lane_event_builder_constructs_event_with_metadata() {
        let event = LaneEventBuilder::new(
            LaneEventName::Started,
            LaneEventStatus::Running,
            "2026-04-04T00:00:00Z",
            42,
            EventProvenance::Test,
        )
        .with_session_identity(SessionIdentity::new("test-lane", "/tmp", "test"))
        .with_ownership(LaneOwnership {
            owner: "bot-1".to_string(),
            workflow_scope: "test-suite".to_string(),
            watcher_action: WatcherAction::Observe,
        })
        .with_nudge_id("nudge-123")
        .with_detail("starting test run")
        .build();
        assert_eq!(event.event, LaneEventName::Started);
        assert_eq!(event.metadata.seq, 42);
        assert_eq!(event.metadata.provenance, EventProvenance::Test);
        assert_eq!(
            event.metadata.session_identity.as_ref().unwrap().title,
            "test-lane"
        );
        assert_eq!(event.metadata.ownership.as_ref().unwrap().owner, "bot-1");
        assert_eq!(event.metadata.nudge_id, Some("nudge-123".to_string()));
        assert_eq!(event.detail, Some("starting test run".to_string()));
    }
    #[test]
    fn lane_event_metadata_round_trips_through_serialization() {
        let meta = LaneEventMetadata::new(5, EventProvenance::Healthcheck)
            .with_session_identity(SessionIdentity::new("lane-1", "/tmp", "purpose"))
            .with_nudge_id("nudge-abc");
        let json = serde_json::to_value(&meta).expect("should serialize");
        assert_eq!(json["seq"], 5);
        assert_eq!(json["provenance"], "healthcheck");
        assert_eq!(json["nudge_id"], "nudge-abc");
        assert!(json["timestamp_ms"].as_u64().is_some());
        let round_trip: LaneEventMetadata =
            serde_json::from_value(json).expect("should deserialize");
        assert_eq!(round_trip.seq, 5);
        assert_eq!(round_trip.provenance, EventProvenance::Healthcheck);
        assert_eq!(round_trip.nudge_id, Some("nudge-abc".to_string()));
    }
 }
--- a/rust/crates/runtime/src/lib.rs
+++ b/rust/crates/runtime/src/lib.rs
@@ -10,8 +10,10 @@ mod bootstrap;
 pub mod branch_lock;
 mod compact;
 mod config;
 pub mod config_validate;
 mod conversation;
 mod file_ops;
 mod git_context;
 pub mod green_contract;
 mod hooks;
 mod json;
@@ -20,6 +22,7 @@ pub mod lsp_client;
 mod mcp;
 mod mcp_client;
 pub mod mcp_lifecycle_hardened;
 pub mod mcp_server;
 mod mcp_stdio;
 pub mod mcp_tool_bridge;
 mod oauth;
@@ -32,9 +35,10 @@ pub mod recovery_recipes;
 mod remote;
 pub mod sandbox;
 mod session;
-#[cfg(test)]
+pub mod session_control;
-mod session_control;
+pub use session_control::SessionStore;
 mod sse;
 pub mod stale_base;
 pub mod stale_branch;
 pub mod summary_compression;
 pub mod task_packet;
@@ -56,10 +60,14 @@ pub use config::{
    ConfigEntry, ConfigError, ConfigLoader, ConfigSource, McpConfigCollection,
    McpManagedProxyServerConfig, McpOAuthConfig, McpRemoteServerConfig, McpSdkServerConfig,
    McpServerConfig, McpStdioServerConfig, McpTransport, McpWebSocketServerConfig, OAuthConfig,
-    ResolvedPermissionMode, RuntimeConfig, RuntimeFeatureConfig, RuntimeHookConfig,
+    ProviderFallbackConfig, ResolvedPermissionMode, RuntimeConfig, RuntimeFeatureConfig,
-    RuntimePermissionRuleConfig, RuntimePluginConfig, ScopedMcpServerConfig,
+    RuntimeHookConfig, RuntimePermissionRuleConfig, RuntimePluginConfig, ScopedMcpServerConfig,
    CLAW_SETTINGS_SCHEMA_NAME,
 };
 pub use config_validate::{
    check_unsupported_format, format_diagnostics, validate_config_file, ConfigDiagnostic,
    DiagnosticKind, ValidationResult,
 };
 pub use conversation::{
    auto_compaction_threshold_from_env, ApiClient, ApiRequest, AssistantEvent, AutoCompactionEvent,
    ConversationRuntime, PromptCacheEvent, RuntimeError, StaticToolExecutor, ToolError,
@@ -70,12 +78,15 @@ pub use file_ops::{
    GrepSearchInput, GrepSearchOutput, ReadFileOutput, StructuredPatchHunk, TextFilePayload,
    WriteFileOutput,
 };
 pub use git_context::{GitCommitEntry, GitContext};
 pub use hooks::{
    HookAbortSignal, HookEvent, HookProgressEvent, HookProgressReporter, HookRunResult, HookRunner,
 };
 pub use lane_events::{
-    dedupe_superseded_commit_events, LaneCommitProvenance, LaneEvent, LaneEventBlocker,
+    compute_event_fingerprint, dedupe_superseded_commit_events, dedupe_terminal_events,
-    LaneEventName, LaneEventStatus, LaneFailureClass,
+    is_terminal_event, EventProvenance, LaneCommitProvenance, LaneEvent, LaneEventBlocker,
    LaneEventBuilder, LaneEventMetadata, LaneEventName, LaneEventStatus, LaneFailureClass,
    LaneOwnership, SessionIdentity, WatcherAction,
 };
 pub use mcp::{
    mcp_server_signature, mcp_tool_name, mcp_tool_prefix, normalize_name_for_mcp,
@@ -89,6 +100,7 @@ pub use mcp_lifecycle_hardened::{
    McpDegradedReport, McpErrorSurface, McpFailedServer, McpLifecyclePhase, McpLifecycleState,
    McpLifecycleValidator, McpPhaseResult,
 };
 pub use mcp_server::{McpServer, McpServerSpec, ToolCallHandler, MCP_SERVER_PROTOCOL_VERSION};
 pub use mcp_stdio::{
    spawn_mcp_stdio_process, JsonRpcError, JsonRpcId, JsonRpcRequest, JsonRpcResponse,
    ManagedMcpTool, McpDiscoveryFailure, McpInitializeClientInfo, McpInitializeParams,
@@ -138,9 +150,13 @@ pub use sandbox::{
 };
 pub use session::{
    ContentBlock, ConversationMessage, MessageRole, Session, SessionCompaction, SessionError,
-    SessionFork,
+    SessionFork, SessionPromptEntry,
 };
 pub use sse::{IncrementalSseParser, SseEvent};
 pub use stale_base::{
    check_base_commit, format_stale_base_warning, read_claw_base_file, resolve_expected_base,
    BaseCommitSource, BaseCommitState,
 };
 pub use stale_branch::{
    apply_policy, check_freshness, BranchFreshness, StaleBranchAction, StaleBranchEvent,
    StaleBranchPolicy,
--- a/rust/crates/runtime/src/mcp_server.rs
+++ b/rust/crates/runtime/src/mcp_server.rs
@@ -0,0 +1,440 @@
 //! Minimal Model Context Protocol (MCP) server.
 //!
 //! Implements a newline-safe, LSP-framed JSON-RPC server over stdio that
 //! answers `initialize`, `tools/list`, and `tools/call` requests. The framing
 //! matches the client transport implemented in [`crate::mcp_stdio`] so this
 //! server can be driven by either an external MCP client (e.g. Claude
 //! Desktop) or `claw`'s own [`McpServerManager`](crate::McpServerManager).
 //!
 //! The server is intentionally small: it exposes a list of pre-built
 //! [`McpTool`] descriptors and delegates `tools/call` to a caller-supplied
 //! handler. Tool execution itself lives in the `tools` crate; this module is
 //! purely the transport + dispatch loop.
 //!
 //! [`McpTool`]: crate::mcp_stdio::McpTool
 use std::io;
 use serde_json::{json, Value as JsonValue};
 use tokio::io::{
    stdin, stdout, AsyncBufReadExt, AsyncReadExt, AsyncWriteExt, BufReader, Stdin, Stdout,
 };
 use crate::mcp_stdio::{
    JsonRpcError, JsonRpcId, JsonRpcRequest, JsonRpcResponse, McpInitializeResult,
    McpInitializeServerInfo, McpListToolsResult, McpTool, McpToolCallContent, McpToolCallParams,
    McpToolCallResult,
 };
 /// Protocol version the server advertises during `initialize`.
 ///
 /// Matches the version used by the built-in client in
 /// [`crate::mcp_stdio`], so the two stay in lockstep.
 pub const MCP_SERVER_PROTOCOL_VERSION: &str = "2025-03-26";
 /// Synchronous handler invoked for every `tools/call` request.
 ///
 /// Returning `Ok(text)` yields a single `text` content block and
 /// `isError: false`. Returning `Err(message)` yields a `text` block with the
 /// error and `isError: true`, mirroring the error-surfacing convention used
 /// elsewhere in claw.
 pub type ToolCallHandler =
    Box<dyn Fn(&str, &JsonValue) -> Result<String, String> + Send + Sync + 'static>;
 /// Configuration for an [`McpServer`] instance.
 ///
 /// Named `McpServerSpec` rather than `McpServerConfig` to avoid colliding
 /// with the existing client-side [`crate::config::McpServerConfig`] that
 /// describes *remote* MCP servers the runtime connects to.
 pub struct McpServerSpec {
    /// Name advertised in the `serverInfo` field of the `initialize` response.
    pub server_name: String,
    /// Version advertised in the `serverInfo` field of the `initialize`
    /// response.
    pub server_version: String,
    /// Tool descriptors returned for `tools/list`.
    pub tools: Vec<McpTool>,
    /// Handler invoked for `tools/call`.
    pub tool_handler: ToolCallHandler,
 }
 /// Minimal MCP stdio server.
 ///
 /// The server runs a blocking read/dispatch/write loop over the current
 /// process's stdin/stdout, terminating cleanly when the peer closes the
 /// stream.
 pub struct McpServer {
    spec: McpServerSpec,
    stdin: BufReader<Stdin>,
    stdout: Stdout,
 }
 impl McpServer {
    #[must_use]
    pub fn new(spec: McpServerSpec) -> Self {
        Self {
            spec,
            stdin: BufReader::new(stdin()),
            stdout: stdout(),
        }
    }
    /// Runs the server until the client closes stdin.
    ///
    /// Returns `Ok(())` on clean EOF; any other I/O error is propagated so
    /// callers can log and exit non-zero.
    pub async fn run(&mut self) -> io::Result<()> {
        loop {
            let Some(payload) = read_frame(&mut self.stdin).await? else {
                return Ok(());
            };
            // Requests and notifications share a wire format; the absence of
            // `id` distinguishes notifications, which must never receive a
            // response.
            let message: JsonValue = match serde_json::from_slice(&payload) {
                Ok(value) => value,
                Err(error) => {
                    // Parse error with null id per JSON-RPC 2.0 §4.2.
                    let response = JsonRpcResponse::<JsonValue> {
                        jsonrpc: "2.0".to_string(),
                        id: JsonRpcId::Null,
                        result: None,
                        error: Some(JsonRpcError {
                            code: -32700,
                            message: format!("parse error: {error}"),
                            data: None,
                        }),
                    };
                    write_response(&mut self.stdout, &response).await?;
                    continue;
                }
            };
            if message.get("id").is_none() {
                // Notification: dispatch for side effects only (e.g. log),
                // but send no reply.
                continue;
            }
            let request: JsonRpcRequest<JsonValue> = match serde_json::from_value(message) {
                Ok(request) => request,
                Err(error) => {
                    let response = JsonRpcResponse::<JsonValue> {
                        jsonrpc: "2.0".to_string(),
                        id: JsonRpcId::Null,
                        result: None,
                        error: Some(JsonRpcError {
                            code: -32600,
                            message: format!("invalid request: {error}"),
                            data: None,
                        }),
                    };
                    write_response(&mut self.stdout, &response).await?;
                    continue;
                }
            };
            let response = self.dispatch(request);
            write_response(&mut self.stdout, &response).await?;
        }
    }
    fn dispatch(&self, request: JsonRpcRequest<JsonValue>) -> JsonRpcResponse<JsonValue> {
        let id = request.id.clone();
        match request.method.as_str() {
            "initialize" => self.handle_initialize(id),
            "tools/list" => self.handle_tools_list(id),
            "tools/call" => self.handle_tools_call(id, request.params),
            other => JsonRpcResponse {
                jsonrpc: "2.0".to_string(),
                id,
                result: None,
                error: Some(JsonRpcError {
                    code: -32601,
                    message: format!("method not found: {other}"),
                    data: None,
                }),
            },
        }
    }
    fn handle_initialize(&self, id: JsonRpcId) -> JsonRpcResponse<JsonValue> {
        let result = McpInitializeResult {
            protocol_version: MCP_SERVER_PROTOCOL_VERSION.to_string(),
            capabilities: json!({ "tools": {} }),
            server_info: McpInitializeServerInfo {
                name: self.spec.server_name.clone(),
                version: self.spec.server_version.clone(),
            },
        };
        JsonRpcResponse {
            jsonrpc: "2.0".to_string(),
            id,
            result: serde_json::to_value(result).ok(),
            error: None,
        }
    }
    fn handle_tools_list(&self, id: JsonRpcId) -> JsonRpcResponse<JsonValue> {
        let result = McpListToolsResult {
            tools: self.spec.tools.clone(),
            next_cursor: None,
        };
        JsonRpcResponse {
            jsonrpc: "2.0".to_string(),
            id,
            result: serde_json::to_value(result).ok(),
            error: None,
        }
    }
    fn handle_tools_call(
        &self,
        id: JsonRpcId,
        params: Option<JsonValue>,
    ) -> JsonRpcResponse<JsonValue> {
        let Some(params) = params else {
            return invalid_params_response(id, "missing params for tools/call");
        };
        let call: McpToolCallParams = match serde_json::from_value(params) {
            Ok(value) => value,
            Err(error) => {
                return invalid_params_response(id, &format!("invalid tools/call params: {error}"));
            }
        };
        let arguments = call.arguments.unwrap_or_else(|| json!({}));
        let tool_result = (self.spec.tool_handler)(&call.name, &arguments);
        let (text, is_error) = match tool_result {
            Ok(text) => (text, false),
            Err(message) => (message, true),
        };
        let mut data = std::collections::BTreeMap::new();
        data.insert("text".to_string(), JsonValue::String(text));
        let call_result = McpToolCallResult {
            content: vec![McpToolCallContent {
                kind: "text".to_string(),
                data,
            }],
            structured_content: None,
            is_error: Some(is_error),
            meta: None,
        };
        JsonRpcResponse {
            jsonrpc: "2.0".to_string(),
            id,
            result: serde_json::to_value(call_result).ok(),
            error: None,
        }
    }
 }
 fn invalid_params_response(id: JsonRpcId, message: &str) -> JsonRpcResponse<JsonValue> {
    JsonRpcResponse {
        jsonrpc: "2.0".to_string(),
        id,
        result: None,
        error: Some(JsonRpcError {
            code: -32602,
            message: message.to_string(),
            data: None,
        }),
    }
 }
 /// Reads a single LSP-framed JSON-RPC payload from `reader`.
 ///
 /// Returns `Ok(None)` on clean EOF before any header bytes have been read,
 /// matching how [`crate::mcp_stdio::McpStdioProcess`] treats stream closure.
 async fn read_frame(reader: &mut BufReader<Stdin>) -> io::Result<Option<Vec<u8>>> {
    let mut content_length: Option<usize> = None;
    let mut first_header = true;
    loop {
        let mut line = String::new();
        let bytes_read = reader.read_line(&mut line).await?;
        if bytes_read == 0 {
            if first_header {
                return Ok(None);
            }
            return Err(io::Error::new(
                io::ErrorKind::UnexpectedEof,
                "MCP stdio stream closed while reading headers",
            ));
        }
        first_header = false;
        if line == "\r\n" || line == "\n" {
            break;
        }
        let header = line.trim_end_matches(['\r', '\n']);
        if let Some((name, value)) = header.split_once(':') {
            if name.trim().eq_ignore_ascii_case("Content-Length") {
                let parsed = value
                    .trim()
                    .parse::<usize>()
                    .map_err(|error| io::Error::new(io::ErrorKind::InvalidData, error))?;
                content_length = Some(parsed);
            }
        }
    }
    let content_length = content_length.ok_or_else(|| {
        io::Error::new(io::ErrorKind::InvalidData, "missing Content-Length header")
    })?;
    let mut payload = vec![0_u8; content_length];
    reader.read_exact(&mut payload).await?;
    Ok(Some(payload))
 }
 async fn write_response(
    stdout: &mut Stdout,
    response: &JsonRpcResponse<JsonValue>,
 ) -> io::Result<()> {
    let body = serde_json::to_vec(response)
        .map_err(|error| io::Error::new(io::ErrorKind::InvalidData, error))?;
    let header = format!("Content-Length: {}\r\n\r\n", body.len());
    stdout.write_all(header.as_bytes()).await?;
    stdout.write_all(&body).await?;
    stdout.flush().await
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[test]
    fn dispatch_initialize_returns_server_info() {
        let server = McpServer {
            spec: McpServerSpec {
                server_name: "test".to_string(),
                server_version: "9.9.9".to_string(),
                tools: Vec::new(),
                tool_handler: Box::new(|_, _| Ok(String::new())),
            },
            stdin: BufReader::new(stdin()),
            stdout: stdout(),
        };
        let request = JsonRpcRequest::<JsonValue> {
            jsonrpc: "2.0".to_string(),
            id: JsonRpcId::Number(1),
            method: "initialize".to_string(),
            params: None,
        };
        let response = server.dispatch(request);
        assert_eq!(response.id, JsonRpcId::Number(1));
        assert!(response.error.is_none());
        let result = response.result.expect("initialize result");
        assert_eq!(result["protocolVersion"], MCP_SERVER_PROTOCOL_VERSION);
        assert_eq!(result["serverInfo"]["name"], "test");
        assert_eq!(result["serverInfo"]["version"], "9.9.9");
    }
    #[test]
    fn dispatch_tools_list_returns_registered_tools() {
        let tool = McpTool {
            name: "echo".to_string(),
            description: Some("Echo".to_string()),
            input_schema: Some(json!({"type": "object"})),
            annotations: None,
            meta: None,
        };
        let server = McpServer {
            spec: McpServerSpec {
                server_name: "test".to_string(),
                server_version: "0.0.0".to_string(),
                tools: vec![tool.clone()],
                tool_handler: Box::new(|_, _| Ok(String::new())),
            },
            stdin: BufReader::new(stdin()),
            stdout: stdout(),
        };
        let request = JsonRpcRequest::<JsonValue> {
            jsonrpc: "2.0".to_string(),
            id: JsonRpcId::Number(2),
            method: "tools/list".to_string(),
            params: None,
        };
        let response = server.dispatch(request);
        assert!(response.error.is_none());
        let result = response.result.expect("tools/list result");
        assert_eq!(result["tools"][0]["name"], "echo");
    }
    #[test]
    fn dispatch_tools_call_wraps_handler_output() {
        let server = McpServer {
            spec: McpServerSpec {
                server_name: "test".to_string(),
                server_version: "0.0.0".to_string(),
                tools: Vec::new(),
                tool_handler: Box::new(|name, args| Ok(format!("called {name} with {args}"))),
            },
            stdin: BufReader::new(stdin()),
            stdout: stdout(),
        };
        let request = JsonRpcRequest::<JsonValue> {
            jsonrpc: "2.0".to_string(),
            id: JsonRpcId::Number(3),
            method: "tools/call".to_string(),
            params: Some(json!({
                "name": "echo",
                "arguments": {"text": "hi"}
            })),
        };
        let response = server.dispatch(request);
        assert!(response.error.is_none());
        let result = response.result.expect("tools/call result");
        assert_eq!(result["isError"], false);
        assert_eq!(result["content"][0]["type"], "text");
        assert!(result["content"][0]["text"]
            .as_str()
            .unwrap()
            .starts_with("called echo"));
    }
    #[test]
    fn dispatch_tools_call_surfaces_handler_error() {
        let server = McpServer {
            spec: McpServerSpec {
                server_name: "test".to_string(),
                server_version: "0.0.0".to_string(),
                tools: Vec::new(),
                tool_handler: Box::new(|_, _| Err("boom".to_string())),
            },
            stdin: BufReader::new(stdin()),
            stdout: stdout(),
        };
        let request = JsonRpcRequest::<JsonValue> {
            jsonrpc: "2.0".to_string(),
            id: JsonRpcId::Number(4),
            method: "tools/call".to_string(),
            params: Some(json!({"name": "broken"})),
        };
        let response = server.dispatch(request);
        let result = response.result.expect("tools/call result");
        assert_eq!(result["isError"], true);
        assert_eq!(result["content"][0]["text"], "boom");
    }
    #[test]
    fn dispatch_unknown_method_returns_method_not_found() {
        let server = McpServer {
            spec: McpServerSpec {
                server_name: "test".to_string(),
                server_version: "0.0.0".to_string(),
                tools: Vec::new(),
                tool_handler: Box::new(|_, _| Ok(String::new())),
            },
            stdin: BufReader::new(stdin()),
            stdout: stdout(),
        };
        let request = JsonRpcRequest::<JsonValue> {
            jsonrpc: "2.0".to_string(),
            id: JsonRpcId::Number(5),
            method: "nonsense".to_string(),
            params: None,
        };
        let response = server.dispatch(request);
        let error = response.error.expect("error payload");
        assert_eq!(error.code, -32601);
    }
 }
--- a/rust/crates/runtime/src/oauth.rs
+++ b/rust/crates/runtime/src/oauth.rs
@@ -335,7 +335,14 @@ fn credentials_home_dir() -> io::Result<PathBuf> {
        return Ok(PathBuf::from(path));
    }
    let home = std::env::var_os("HOME")
-        .ok_or_else(|| io::Error::new(io::ErrorKind::NotFound, "HOME is not set"))?;
+        .or_else(|| std::env::var_os("USERPROFILE"))
        .ok_or_else(|| {
            io::Error::new(
                io::ErrorKind::NotFound,
                "HOME is not set (on Windows, set USERPROFILE or HOME, \
                 or use CLAW_CONFIG_HOME to point directly at the config directory)",
            )
        })?;
    Ok(PathBuf::from(home).join(".claw"))
 }
--- a/rust/crates/runtime/src/permission_enforcer.rs
+++ b/rust/crates/runtime/src/permission_enforcer.rs
@@ -65,6 +65,40 @@ impl PermissionEnforcer {
        matches!(self.check(tool_name, input), EnforcementResult::Allowed)
    }
    /// Check permission with an explicitly provided required mode.
    /// Used when the required mode is determined dynamically (e.g., bash command classification).
    pub fn check_with_required_mode(
        &self,
        tool_name: &str,
        input: &str,
        required_mode: PermissionMode,
    ) -> EnforcementResult {
        // When the active mode is Prompt, defer to the caller's interactive
        // prompt flow rather than hard-denying.
        if self.policy.active_mode() == PermissionMode::Prompt {
            return EnforcementResult::Allowed;
        }
        let active_mode = self.policy.active_mode();
        // Check if active mode meets the dynamically determined required mode
        if active_mode >= required_mode {
            return EnforcementResult::Allowed;
        }
        // Permission denied - active mode is insufficient
        EnforcementResult::Denied {
            tool: tool_name.to_owned(),
            active_mode: active_mode.as_str().to_owned(),
            required_mode: required_mode.as_str().to_owned(),
            reason: format!(
                "'{tool_name}' with input '{input}' requires '{}' permission, but current mode is '{}'",
                required_mode.as_str(),
                active_mode.as_str()
            ),
        }
    }
    #[must_use]
    pub fn active_mode(&self) -> PermissionMode {
        self.policy.active_mode()
--- a/rust/crates/runtime/src/prompt.rs
+++ b/rust/crates/runtime/src/prompt.rs
@@ -4,6 +4,7 @@ use std::path::{Path, PathBuf};
 use std::process::Command;
 use crate::config::{ConfigError, ConfigLoader, RuntimeConfig};
 use crate::git_context::GitContext;
 /// Errors raised while assembling the final system prompt.
 #[derive(Debug)]
@@ -56,6 +57,7 @@ pub struct ProjectContext {
    pub current_date: String,
    pub git_status: Option<String>,
    pub git_diff: Option<String>,
    pub git_context: Option<GitContext>,
    pub instruction_files: Vec<ContextFile>,
 }
@@ -71,6 +73,7 @@ impl ProjectContext {
            current_date: current_date.into(),
            git_status: None,
            git_diff: None,
            git_context: None,
            instruction_files,
        })
    }
@@ -82,6 +85,7 @@ impl ProjectContext {
        let mut context = Self::discover(cwd, current_date)?;
        context.git_status = read_git_status(&context.cwd);
        context.git_diff = read_git_diff(&context.cwd);
        context.git_context = GitContext::detect(&context.cwd);
        Ok(context)
    }
 }
@@ -299,11 +303,27 @@ fn render_project_context(project_context: &ProjectContext) -> String {
        lines.push("Git status snapshot:".to_string());
        lines.push(status.clone());
    }
    if let Some(ref gc) = project_context.git_context {
        if !gc.recent_commits.is_empty() {
            lines.push(String::new());
            lines.push("Recent commits (last 5):".to_string());
            for c in &gc.recent_commits {
                lines.push(format!("  {} {}", c.hash, c.subject));
            }
        }
    }
    if let Some(diff) = &project_context.git_diff {
        lines.push(String::new());
        lines.push("Git diff snapshot:".to_string());
        lines.push(diff.clone());
    }
    if let Some(git_context) = &project_context.git_context {
        let rendered = git_context.render();
        if !rendered.is_empty() {
            lines.push(String::new());
            lines.push(rendered);
        }
    }
    lines.join("\n")
 }
@@ -639,6 +659,88 @@ mod tests {
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn discover_with_git_includes_recent_commits_and_renders_them() {
        // given: a git repo with three commits and a current branch
        let _guard = env_lock();
        ensure_valid_cwd();
        let root = temp_dir();
        fs::create_dir_all(&root).expect("root dir");
        std::process::Command::new("git")
            .args(["init", "--quiet", "-b", "main"])
            .current_dir(&root)
            .status()
            .expect("git init should run");
        std::process::Command::new("git")
            .args(["config", "user.email", "tests@example.com"])
            .current_dir(&root)
            .status()
            .expect("git config email should run");
        std::process::Command::new("git")
            .args(["config", "user.name", "Runtime Prompt Tests"])
            .current_dir(&root)
            .status()
            .expect("git config name should run");
        for (file, message) in [
            ("a.txt", "first commit"),
            ("b.txt", "second commit"),
            ("c.txt", "third commit"),
        ] {
            fs::write(root.join(file), "x\n").expect("write commit file");
            std::process::Command::new("git")
                .args(["add", file])
                .current_dir(&root)
                .status()
                .expect("git add should run");
            std::process::Command::new("git")
                .args(["commit", "-m", message, "--quiet"])
                .current_dir(&root)
                .status()
                .expect("git commit should run");
        }
        fs::write(root.join("d.txt"), "staged\n").expect("write staged file");
        std::process::Command::new("git")
            .args(["add", "d.txt"])
            .current_dir(&root)
            .status()
            .expect("git add staged should run");
        // when: discovering project context with git auto-include
        let context =
            ProjectContext::discover_with_git(&root, "2026-03-31").expect("context should load");
        let rendered = SystemPromptBuilder::new()
            .with_os("linux", "6.8")
            .with_project_context(context.clone())
            .render();
        // then: branch, recent commits and staged files are present in context
        let gc = context
            .git_context
            .as_ref()
            .expect("git context should be present");
        let commits: String = gc
            .recent_commits
            .iter()
            .map(|c| c.subject.clone())
            .collect::<Vec<_>>()
            .join("\n");
        assert!(commits.contains("first commit"));
        assert!(commits.contains("second commit"));
        assert!(commits.contains("third commit"));
        assert_eq!(gc.recent_commits.len(), 3);
        let status = context.git_status.as_deref().expect("status snapshot");
        assert!(status.contains("## main"));
        assert!(status.contains("A  d.txt"));
        assert!(rendered.contains("Recent commits (last 5):"));
        assert!(rendered.contains("first commit"));
        assert!(rendered.contains("Git status snapshot:"));
        assert!(rendered.contains("## main"));
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
    #[test]
    fn discover_with_git_includes_diff_snapshot_for_tracked_changes() {
        let _guard = env_lock();
--- a/rust/crates/runtime/src/recovery_recipes.rs
+++ b/rust/crates/runtime/src/recovery_recipes.rs
@@ -48,7 +48,9 @@ impl FailureScenario {
            WorkerFailureKind::TrustGate => Self::TrustPromptUnresolved,
            WorkerFailureKind::PromptDelivery => Self::PromptMisdelivery,
            WorkerFailureKind::Protocol => Self::McpHandshakeFailure,
-            WorkerFailureKind::Provider => Self::ProviderFailure,
+            WorkerFailureKind::Provider | WorkerFailureKind::StartupNoEvidence => {
                Self::ProviderFailure
            }
        }
    }
 }
--- a/rust/crates/runtime/src/session.rs
+++ b/rust/crates/runtime/src/session.rs
@@ -13,6 +13,7 @@ const SESSION_VERSION: u32 = 1;
 const ROTATE_AFTER_BYTES: u64 = 256 * 1024;
 const MAX_ROTATED_FILES: usize = 3;
 static SESSION_ID_COUNTER: AtomicU64 = AtomicU64::new(0);
 static LAST_TIMESTAMP_MS: AtomicU64 = AtomicU64::new(0);
 /// Speaker role associated with a persisted conversation message.
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
@@ -65,6 +66,13 @@ pub struct SessionFork {
    pub branch_name: Option<String>,
 }
 /// A single user prompt recorded with a timestamp for history tracking.
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct SessionPromptEntry {
    pub timestamp_ms: u64,
    pub text: String,
 }
 #[derive(Debug, Clone, PartialEq, Eq)]
 struct SessionPersistence {
    path: PathBuf,
@@ -88,6 +96,12 @@ pub struct Session {
    pub compaction: Option<SessionCompaction>,
    pub fork: Option<SessionFork>,
    pub workspace_root: Option<PathBuf>,
    pub prompt_history: Vec<SessionPromptEntry>,
    /// The model used in this session, persisted so resumed sessions can
    /// report which model was originally used.
    /// Timestamp of last successful health check (ROADMAP #38)
    pub last_health_check_ms: Option<u64>,
    pub model: Option<String>,
    persistence: Option<SessionPersistence>,
 }
@@ -101,6 +115,8 @@ impl PartialEq for Session {
            && self.compaction == other.compaction
            && self.fork == other.fork
            && self.workspace_root == other.workspace_root
            && self.prompt_history == other.prompt_history
            && self.last_health_check_ms == other.last_health_check_ms
    }
 }
@@ -151,6 +167,9 @@ impl Session {
            compaction: None,
            fork: None,
            workspace_root: None,
            prompt_history: Vec::new(),
            last_health_check_ms: None,
            model: None,
            persistence: None,
        }
    }
@@ -252,6 +271,9 @@ impl Session {
                branch_name: normalize_optional_string(branch_name),
            }),
            workspace_root: self.workspace_root.clone(),
            prompt_history: self.prompt_history.clone(),
            last_health_check_ms: self.last_health_check_ms,
            model: self.model.clone(),
            persistence: None,
        }
    }
@@ -295,6 +317,17 @@ impl Session {
                JsonValue::String(workspace_root_to_string(workspace_root)?),
            );
        }
        if !self.prompt_history.is_empty() {
            object.insert(
                "prompt_history".to_string(),
                JsonValue::Array(
                    self.prompt_history
                        .iter()
                        .map(SessionPromptEntry::to_jsonl_record)
                        .collect(),
                ),
            );
        }
        Ok(JsonValue::Object(object))
    }
@@ -339,6 +372,20 @@ impl Session {
            .get("workspace_root")
            .and_then(JsonValue::as_str)
            .map(PathBuf::from);
        let prompt_history = object
            .get("prompt_history")
            .and_then(JsonValue::as_array)
            .map(|entries| {
                entries
                    .iter()
                    .filter_map(SessionPromptEntry::from_json_opt)
                    .collect()
            })
            .unwrap_or_default();
        let model = object
            .get("model")
            .and_then(JsonValue::as_str)
            .map(String::from);
        Ok(Self {
            version,
            session_id,
@@ -348,6 +395,9 @@ impl Session {
            compaction,
            fork,
            workspace_root,
            prompt_history,
            last_health_check_ms: None,
            model,
            persistence: None,
        })
    }
@@ -361,6 +411,8 @@ impl Session {
        let mut compaction = None;
        let mut fork = None;
        let mut workspace_root = None;
        let mut model = None;
        let mut prompt_history = Vec::new();
        for (line_number, raw_line) in contents.lines().enumerate() {
            let line = raw_line.trim();
@@ -399,6 +451,10 @@ impl Session {
                        .get("workspace_root")
                        .and_then(JsonValue::as_str)
                        .map(PathBuf::from);
                    model = object
                        .get("model")
                        .and_then(JsonValue::as_str)
                        .map(String::from);
                }
                "message" => {
                    let message_value = object.get("message").ok_or_else(|| {
@@ -414,6 +470,13 @@ impl Session {
                        object.clone(),
                    ))?);
                }
                "prompt_history" => {
                    if let Some(entry) =
                        SessionPromptEntry::from_json_opt(&JsonValue::Object(object.clone()))
                    {
                        prompt_history.push(entry);
                    }
                }
                other => {
                    return Err(SessionError::Format(format!(
                        "unsupported JSONL record type at line {}: {other}",
@@ -433,15 +496,38 @@ impl Session {
            compaction,
            fork,
            workspace_root,
            prompt_history,
            last_health_check_ms: None,
            model,
            persistence: None,
        })
    }
    /// Record a user prompt with the current wall-clock timestamp.
    ///
    /// The entry is appended to the in-memory history and, when a persistence
    /// path is configured, incrementally written to the JSONL session file.
    pub fn push_prompt_entry(&mut self, text: impl Into<String>) -> Result<(), SessionError> {
        let timestamp_ms = current_time_millis();
        let entry = SessionPromptEntry {
            timestamp_ms,
            text: text.into(),
        };
        self.prompt_history.push(entry);
        let entry_ref = self.prompt_history.last().expect("entry was just pushed");
        self.append_persisted_prompt_entry(entry_ref)
    }
    fn render_jsonl_snapshot(&self) -> Result<String, SessionError> {
        let mut lines = vec![self.meta_record()?.render()];
        if let Some(compaction) = &self.compaction {
            lines.push(compaction.to_jsonl_record()?.render());
        }
        lines.extend(
            self.prompt_history
                .iter()
                .map(|entry| entry.to_jsonl_record().render()),
        );
        lines.extend(
            self.messages
                .iter()
@@ -468,6 +554,25 @@ impl Session {
        Ok(())
    }
    fn append_persisted_prompt_entry(
        &self,
        entry: &SessionPromptEntry,
    ) -> Result<(), SessionError> {
        let Some(path) = self.persistence_path() else {
            return Ok(());
        };
        let needs_bootstrap = !path.exists() || fs::metadata(path)?.len() == 0;
        if needs_bootstrap {
            self.save_to_path(path)?;
            return Ok(());
        }
        let mut file = OpenOptions::new().append(true).open(path)?;
        writeln!(file, "{}", entry.to_jsonl_record().render())?;
        Ok(())
    }
    fn meta_record(&self) -> Result<JsonValue, SessionError> {
        let mut object = BTreeMap::new();
        object.insert(
@@ -499,6 +604,9 @@ impl Session {
                JsonValue::String(workspace_root_to_string(workspace_root)?),
            );
        }
        if let Some(model) = &self.model {
            object.insert("model".to_string(), JsonValue::String(model.clone()));
        }
        Ok(JsonValue::Object(object))
    }
@@ -784,6 +892,33 @@ impl SessionFork {
    }
 }
 impl SessionPromptEntry {
    #[must_use]
    pub fn to_jsonl_record(&self) -> JsonValue {
        let mut object = BTreeMap::new();
        object.insert(
            "type".to_string(),
            JsonValue::String("prompt_history".to_string()),
        );
        object.insert(
            "timestamp_ms".to_string(),
            JsonValue::Number(i64::try_from(self.timestamp_ms).unwrap_or(i64::MAX)),
        );
        object.insert("text".to_string(), JsonValue::String(self.text.clone()));
        JsonValue::Object(object)
    }
    fn from_json_opt(value: &JsonValue) -> Option<Self> {
        let object = value.as_object()?;
        let timestamp_ms = object
            .get("timestamp_ms")
            .and_then(JsonValue::as_i64)
            .and_then(|value| u64::try_from(value).ok())?;
        let text = object.get("text").and_then(JsonValue::as_str)?.to_string();
        Some(Self { timestamp_ms, text })
    }
 }
 fn message_record(message: &ConversationMessage) -> JsonValue {
    let mut object = BTreeMap::new();
    object.insert("type".to_string(), JsonValue::String("message".to_string()));
@@ -896,10 +1031,27 @@ fn normalize_optional_string(value: Option<String>) -> Option<String> {
 }
 fn current_time_millis() -> u64 {
-    SystemTime::now()
+    let wall_clock = SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .map(|duration| u64::try_from(duration.as_millis()).unwrap_or(u64::MAX))
-        .unwrap_or_default()
+        .unwrap_or_default();
    let mut candidate = wall_clock;
    loop {
        let previous = LAST_TIMESTAMP_MS.load(Ordering::Relaxed);
        if candidate <= previous {
            candidate = previous.saturating_add(1);
        }
        match LAST_TIMESTAMP_MS.compare_exchange(
            previous,
            candidate,
            Ordering::SeqCst,
            Ordering::SeqCst,
        ) {
            Ok(_) => return candidate,
            Err(actual) => candidate = actual.saturating_add(1),
        }
    }
 }
 fn generate_session_id() -> String {
@@ -991,8 +1143,8 @@ fn cleanup_rotated_logs(path: &Path) -> Result<(), SessionError> {
 #[cfg(test)]
 mod tests {
    use super::{
-        cleanup_rotated_logs, rotate_session_file_if_needed, ContentBlock, ConversationMessage,
+        cleanup_rotated_logs, current_time_millis, rotate_session_file_if_needed, ContentBlock,
-        MessageRole, Session, SessionFork,
+        ConversationMessage, MessageRole, Session, SessionFork,
    };
    use crate::json::JsonValue;
    use crate::usage::TokenUsage;
@@ -1000,6 +1152,16 @@ mod tests {
    use std::path::{Path, PathBuf};
    use std::time::{SystemTime, UNIX_EPOCH};
    #[test]
    fn session_timestamps_are_monotonic_under_tight_loops() {
        let first = current_time_millis();
        let second = current_time_millis();
        let third = current_time_millis();
        assert!(first < second);
        assert!(second < third);
    }
    #[test]
    fn persists_and_restores_session_jsonl() {
        let mut session = Session::new();
@@ -1326,3 +1488,58 @@ mod tests {
            .collect()
    }
 }
 /// Per-worktree session isolation: returns a session directory namespaced
 /// by the workspace fingerprint of the given working directory.
 /// This prevents parallel `opencode serve` instances from colliding.
 /// Called by external consumers (e.g. clawhip) to enumerate sessions for a CWD.
 #[allow(dead_code)]
 pub fn workspace_sessions_dir(cwd: &std::path::Path) -> Result<std::path::PathBuf, SessionError> {
    let store = crate::session_control::SessionStore::from_cwd(cwd)
        .map_err(|e| SessionError::Io(std::io::Error::other(e.to_string())))?;
    Ok(store.sessions_dir().to_path_buf())
 }
 #[cfg(test)]
 mod workspace_sessions_dir_tests {
    use super::*;
    use std::fs;
    #[test]
    fn workspace_sessions_dir_returns_fingerprinted_path_for_valid_cwd() {
        let tmp = std::env::temp_dir().join("claw-session-dir-test");
        fs::create_dir_all(&tmp).expect("create temp dir");
        let result = workspace_sessions_dir(&tmp);
        assert!(
            result.is_ok(),
            "workspace_sessions_dir should succeed for a valid CWD, got: {result:?}"
        );
        let dir = result.unwrap();
        // The returned path should be non-empty and end with a hash component
        assert!(!dir.as_os_str().is_empty());
        // Two calls with the same CWD should produce identical paths (deterministic)
        let result2 = workspace_sessions_dir(&tmp).unwrap();
        assert_eq!(dir, result2, "workspace_sessions_dir must be deterministic");
        fs::remove_dir_all(&tmp).ok();
    }
    #[test]
    fn workspace_sessions_dir_differs_for_different_cwds() {
        let tmp_a = std::env::temp_dir().join("claw-session-dir-a");
        let tmp_b = std::env::temp_dir().join("claw-session-dir-b");
        fs::create_dir_all(&tmp_a).expect("create dir a");
        fs::create_dir_all(&tmp_b).expect("create dir b");
        let dir_a = workspace_sessions_dir(&tmp_a).expect("dir a");
        let dir_b = workspace_sessions_dir(&tmp_b).expect("dir b");
        assert_ne!(
            dir_a, dir_b,
            "different CWDs must produce different session dirs"
        );
        fs::remove_dir_all(&tmp_a).ok();
        fs::remove_dir_all(&tmp_b).ok();
    }
 }
--- a/rust/crates/runtime/src/session_control.rs
+++ b/rust/crates/runtime/src/session_control.rs
@@ -7,6 +7,302 @@ use std::time::UNIX_EPOCH;
 use crate::session::{Session, SessionError};
 /// Per-worktree session store that namespaces on-disk session files by
 /// workspace fingerprint so that parallel `opencode serve` instances never
 /// collide.
 ///
 /// Create via [`SessionStore::from_cwd`] (derives the store path from the
 /// server's working directory) or [`SessionStore::from_data_dir`] (honours an
 /// explicit `--data-dir` flag).  Both constructors produce a directory layout
 /// of `<data_dir>/sessions/<workspace_hash>/` where `<workspace_hash>` is a
 /// stable hex digest of the canonical workspace root.
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct SessionStore {
    /// Resolved root of the session namespace, e.g.
    /// `/home/user/project/.claw/sessions/a1b2c3d4e5f60718/`.
    sessions_root: PathBuf,
    /// The canonical workspace path that was fingerprinted.
    workspace_root: PathBuf,
 }
 impl SessionStore {
    /// Build a store from the server's current working directory.
    ///
    /// The on-disk layout becomes `<cwd>/.claw/sessions/<workspace_hash>/`.
    pub fn from_cwd(cwd: impl AsRef<Path>) -> Result<Self, SessionControlError> {
        let cwd = cwd.as_ref();
        let sessions_root = cwd
            .join(".claw")
            .join("sessions")
            .join(workspace_fingerprint(cwd));
        fs::create_dir_all(&sessions_root)?;
        Ok(Self {
            sessions_root,
            workspace_root: cwd.to_path_buf(),
        })
    }
    /// Build a store from an explicit `--data-dir` flag.
    ///
    /// The on-disk layout becomes `<data_dir>/sessions/<workspace_hash>/`
    /// where `<workspace_hash>` is derived from `workspace_root`.
    pub fn from_data_dir(
        data_dir: impl AsRef<Path>,
        workspace_root: impl AsRef<Path>,
    ) -> Result<Self, SessionControlError> {
        let workspace_root = workspace_root.as_ref();
        let sessions_root = data_dir
            .as_ref()
            .join("sessions")
            .join(workspace_fingerprint(workspace_root));
        fs::create_dir_all(&sessions_root)?;
        Ok(Self {
            sessions_root,
            workspace_root: workspace_root.to_path_buf(),
        })
    }
    /// The fully resolved sessions directory for this namespace.
    #[must_use]
    pub fn sessions_dir(&self) -> &Path {
        &self.sessions_root
    }
    /// The workspace root this store is bound to.
    #[must_use]
    pub fn workspace_root(&self) -> &Path {
        &self.workspace_root
    }
    #[must_use]
    pub fn create_handle(&self, session_id: &str) -> SessionHandle {
        let id = session_id.to_string();
        let path = self
            .sessions_root
            .join(format!("{id}.{PRIMARY_SESSION_EXTENSION}"));
        SessionHandle { id, path }
    }
    pub fn resolve_reference(&self, reference: &str) -> Result<SessionHandle, SessionControlError> {
        if is_session_reference_alias(reference) {
            let latest = self.latest_session()?;
            return Ok(SessionHandle {
                id: latest.id,
                path: latest.path,
            });
        }
        let direct = PathBuf::from(reference);
        let candidate = if direct.is_absolute() {
            direct.clone()
        } else {
            self.workspace_root.join(&direct)
        };
        let looks_like_path = direct.extension().is_some() || direct.components().count() > 1;
        let path = if candidate.exists() {
            candidate
        } else if looks_like_path {
            return Err(SessionControlError::Format(
                format_missing_session_reference(reference),
            ));
        } else {
            self.resolve_managed_path(reference)?
        };
        Ok(SessionHandle {
            id: session_id_from_path(&path).unwrap_or_else(|| reference.to_string()),
            path,
        })
    }
    pub fn resolve_managed_path(&self, session_id: &str) -> Result<PathBuf, SessionControlError> {
        for extension in [PRIMARY_SESSION_EXTENSION, LEGACY_SESSION_EXTENSION] {
            let path = self.sessions_root.join(format!("{session_id}.{extension}"));
            if path.exists() {
                return Ok(path);
            }
        }
        if let Some(legacy_root) = self.legacy_sessions_root() {
            for extension in [PRIMARY_SESSION_EXTENSION, LEGACY_SESSION_EXTENSION] {
                let path = legacy_root.join(format!("{session_id}.{extension}"));
                if !path.exists() {
                    continue;
                }
                let session = Session::load_from_path(&path)?;
                self.validate_loaded_session(&path, &session)?;
                return Ok(path);
            }
        }
        Err(SessionControlError::Format(
            format_missing_session_reference(session_id),
        ))
    }
    pub fn list_sessions(&self) -> Result<Vec<ManagedSessionSummary>, SessionControlError> {
        let mut sessions = Vec::new();
        self.collect_sessions_from_dir(&self.sessions_root, &mut sessions)?;
        if let Some(legacy_root) = self.legacy_sessions_root() {
            self.collect_sessions_from_dir(&legacy_root, &mut sessions)?;
        }
        sort_managed_sessions(&mut sessions);
        Ok(sessions)
    }
    pub fn latest_session(&self) -> Result<ManagedSessionSummary, SessionControlError> {
        self.list_sessions()?
            .into_iter()
            .next()
            .ok_or_else(|| SessionControlError::Format(format_no_managed_sessions()))
    }
    pub fn load_session(
        &self,
        reference: &str,
    ) -> Result<LoadedManagedSession, SessionControlError> {
        let handle = self.resolve_reference(reference)?;
        let session = Session::load_from_path(&handle.path)?;
        self.validate_loaded_session(&handle.path, &session)?;
        Ok(LoadedManagedSession {
            handle: SessionHandle {
                id: session.session_id.clone(),
                path: handle.path,
            },
            session,
        })
    }
    pub fn fork_session(
        &self,
        session: &Session,
        branch_name: Option<String>,
    ) -> Result<ForkedManagedSession, SessionControlError> {
        let parent_session_id = session.session_id.clone();
        let forked = session
            .fork(branch_name)
            .with_workspace_root(self.workspace_root.clone());
        let handle = self.create_handle(&forked.session_id);
        let branch_name = forked
            .fork
            .as_ref()
            .and_then(|fork| fork.branch_name.clone());
        let forked = forked.with_persistence_path(handle.path.clone());
        forked.save_to_path(&handle.path)?;
        Ok(ForkedManagedSession {
            parent_session_id,
            handle,
            session: forked,
            branch_name,
        })
    }
    fn legacy_sessions_root(&self) -> Option<PathBuf> {
        self.sessions_root
            .parent()
            .filter(|parent| parent.file_name().is_some_and(|name| name == "sessions"))
            .map(Path::to_path_buf)
    }
    fn validate_loaded_session(
        &self,
        session_path: &Path,
        session: &Session,
    ) -> Result<(), SessionControlError> {
        let Some(actual) = session.workspace_root() else {
            if path_is_within_workspace(session_path, &self.workspace_root) {
                return Ok(());
            }
            return Err(SessionControlError::Format(
                format_legacy_session_missing_workspace_root(session_path, &self.workspace_root),
            ));
        };
        if workspace_roots_match(actual, &self.workspace_root) {
            return Ok(());
        }
        Err(SessionControlError::WorkspaceMismatch {
            expected: self.workspace_root.clone(),
            actual: actual.to_path_buf(),
        })
    }
    fn collect_sessions_from_dir(
        &self,
        directory: &Path,
        sessions: &mut Vec<ManagedSessionSummary>,
    ) -> Result<(), SessionControlError> {
        let entries = match fs::read_dir(directory) {
            Ok(entries) => entries,
            Err(err) if err.kind() == std::io::ErrorKind::NotFound => return Ok(()),
            Err(err) => return Err(err.into()),
        };
        for entry in entries {
            let entry = entry?;
            let path = entry.path();
            if !is_managed_session_file(&path) {
                continue;
            }
            let metadata = entry.metadata()?;
            let modified_epoch_millis = metadata
                .modified()
                .ok()
                .and_then(|time| time.duration_since(UNIX_EPOCH).ok())
                .map(|duration| duration.as_millis())
                .unwrap_or_default();
            let summary = match Session::load_from_path(&path) {
                Ok(session) => {
                    if self.validate_loaded_session(&path, &session).is_err() {
                        continue;
                    }
                    ManagedSessionSummary {
                        id: session.session_id,
                        path,
                        updated_at_ms: session.updated_at_ms,
                        modified_epoch_millis,
                        message_count: session.messages.len(),
                        parent_session_id: session
                            .fork
                            .as_ref()
                            .map(|fork| fork.parent_session_id.clone()),
                        branch_name: session
                            .fork
                            .as_ref()
                            .and_then(|fork| fork.branch_name.clone()),
                    }
                }
                Err(_) => ManagedSessionSummary {
                    id: path
                        .file_stem()
                        .and_then(|value| value.to_str())
                        .unwrap_or("unknown")
                        .to_string(),
                    path,
                    updated_at_ms: 0,
                    modified_epoch_millis,
                    message_count: 0,
                    parent_session_id: None,
                    branch_name: None,
                },
            };
            sessions.push(summary);
        }
        Ok(())
    }
 }
 /// Stable hex fingerprint of a workspace path.
 ///
 /// Uses FNV-1a (64-bit) to produce a 16-char hex string that partitions the
 /// on-disk session directory per workspace root.
 #[must_use]
 pub fn workspace_fingerprint(workspace_root: &Path) -> String {
    let input = workspace_root.to_string_lossy();
    let mut hash = 0xcbf2_9ce4_8422_2325_u64;
    for byte in input.as_bytes() {
        hash ^= u64::from(*byte);
        hash = hash.wrapping_mul(0x0100_0000_01b3);
    }
    format!("{hash:016x}")
 }
 pub const PRIMARY_SESSION_EXTENSION: &str = "jsonl";
 pub const LEGACY_SESSION_EXTENSION: &str = "json";
 pub const LATEST_SESSION_REFERENCE: &str = "latest";
@@ -23,12 +319,23 @@ pub struct SessionHandle {
 pub struct ManagedSessionSummary {
    pub id: String,
    pub path: PathBuf,
    pub updated_at_ms: u64,
    pub modified_epoch_millis: u128,
    pub message_count: usize,
    pub parent_session_id: Option<String>,
    pub branch_name: Option<String>,
 }
 fn sort_managed_sessions(sessions: &mut [ManagedSessionSummary]) {
    sessions.sort_by(|left, right| {
        right
            .updated_at_ms
            .cmp(&left.updated_at_ms)
            .then_with(|| right.modified_epoch_millis.cmp(&left.modified_epoch_millis))
            .then_with(|| right.id.cmp(&left.id))
    });
 }
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct LoadedManagedSession {
    pub handle: SessionHandle,
@@ -48,6 +355,7 @@ pub enum SessionControlError {
    Io(std::io::Error),
    Session(SessionError),
    Format(String),
    WorkspaceMismatch { expected: PathBuf, actual: PathBuf },
 }
 impl Display for SessionControlError {
@@ -56,6 +364,12 @@ impl Display for SessionControlError {
            Self::Io(error) => write!(f, "{error}"),
            Self::Session(error) => write!(f, "{error}"),
            Self::Format(error) => write!(f, "{error}"),
            Self::WorkspaceMismatch { expected, actual } => write!(
                f,
                "session workspace mismatch: expected {}, found {}",
                expected.display(),
                actual.display()
            ),
        }
    }
 }
@@ -81,9 +395,8 @@ pub fn sessions_dir() -> Result<PathBuf, SessionControlError> {
 pub fn managed_sessions_dir_for(
    base_dir: impl AsRef<Path>,
 ) -> Result<PathBuf, SessionControlError> {
-    let path = base_dir.as_ref().join(".claw").join("sessions");
+    let store = SessionStore::from_cwd(base_dir)?;
-    fs::create_dir_all(&path)?;
+    Ok(store.sessions_dir().to_path_buf())
    Ok(path)
 }
 pub fn create_managed_session_handle(
@@ -96,10 +409,8 @@ pub fn create_managed_session_handle_for(
    base_dir: impl AsRef<Path>,
    session_id: &str,
 ) -> Result<SessionHandle, SessionControlError> {
-    let id = session_id.to_string();
+    let store = SessionStore::from_cwd(base_dir)?;
-    let path =
+    Ok(store.create_handle(session_id))
        managed_sessions_dir_for(base_dir)?.join(format!("{id}.{PRIMARY_SESSION_EXTENSION}"));
    Ok(SessionHandle { id, path })
 }
 pub fn resolve_session_reference(reference: &str) -> Result<SessionHandle, SessionControlError> {
@@ -110,36 +421,8 @@ pub fn resolve_session_reference_for(
    base_dir: impl AsRef<Path>,
    reference: &str,
 ) -> Result<SessionHandle, SessionControlError> {
-    let base_dir = base_dir.as_ref();
+    let store = SessionStore::from_cwd(base_dir)?;
-    if is_session_reference_alias(reference) {
+    store.resolve_reference(reference)
        let latest = latest_managed_session_for(base_dir)?;
        return Ok(SessionHandle {
            id: latest.id,
            path: latest.path,
        });
    }
    let direct = PathBuf::from(reference);
    let candidate = if direct.is_absolute() {
        direct.clone()
    } else {
        base_dir.join(&direct)
    };
    let looks_like_path = direct.extension().is_some() || direct.components().count() > 1;
    let path = if candidate.exists() {
        candidate
    } else if looks_like_path {
        return Err(SessionControlError::Format(
            format_missing_session_reference(reference),
        ));
    } else {
        resolve_managed_session_path_for(base_dir, reference)?
    };
    Ok(SessionHandle {
        id: session_id_from_path(&path).unwrap_or_else(|| reference.to_string()),
        path,
    })
 }
 pub fn resolve_managed_session_path(session_id: &str) -> Result<PathBuf, SessionControlError> {
@@ -150,16 +433,8 @@ pub fn resolve_managed_session_path_for(
    base_dir: impl AsRef<Path>,
    session_id: &str,
 ) -> Result<PathBuf, SessionControlError> {
-    let directory = managed_sessions_dir_for(base_dir)?;
+    let store = SessionStore::from_cwd(base_dir)?;
-    for extension in [PRIMARY_SESSION_EXTENSION, LEGACY_SESSION_EXTENSION] {
+    store.resolve_managed_path(session_id)
        let path = directory.join(format!("{session_id}.{extension}"));
        if path.exists() {
            return Ok(path);
        }
    }
    Err(SessionControlError::Format(
        format_missing_session_reference(session_id),
    ))
 }
 #[must_use]
@@ -178,64 +453,8 @@ pub fn list_managed_sessions() -> Result<Vec<ManagedSessionSummary>, SessionCont
 pub fn list_managed_sessions_for(
    base_dir: impl AsRef<Path>,
 ) -> Result<Vec<ManagedSessionSummary>, SessionControlError> {
-    let mut sessions = Vec::new();
+    let store = SessionStore::from_cwd(base_dir)?;
-    for entry in fs::read_dir(managed_sessions_dir_for(base_dir)?)? {
+    store.list_sessions()
        let entry = entry?;
        let path = entry.path();
        if !is_managed_session_file(&path) {
            continue;
        }
        let metadata = entry.metadata()?;
        let modified_epoch_millis = metadata
            .modified()
            .ok()
            .and_then(|time| time.duration_since(UNIX_EPOCH).ok())
            .map(|duration| duration.as_millis())
            .unwrap_or_default();
        let (id, message_count, parent_session_id, branch_name) =
            match Session::load_from_path(&path) {
                Ok(session) => {
                    let parent_session_id = session
                        .fork
                        .as_ref()
                        .map(|fork| fork.parent_session_id.clone());
                    let branch_name = session
                        .fork
                        .as_ref()
                        .and_then(|fork| fork.branch_name.clone());
                    (
                        session.session_id,
                        session.messages.len(),
                        parent_session_id,
                        branch_name,
                    )
                }
                Err(_) => (
                    path.file_stem()
                        .and_then(|value| value.to_str())
                        .unwrap_or("unknown")
                        .to_string(),
                    0,
                    None,
                    None,
                ),
            };
        sessions.push(ManagedSessionSummary {
            id,
            path,
            modified_epoch_millis,
            message_count,
            parent_session_id,
            branch_name,
        });
    }
    sessions.sort_by(|left, right| {
        right
            .modified_epoch_millis
            .cmp(&left.modified_epoch_millis)
            .then_with(|| right.id.cmp(&left.id))
    });
    Ok(sessions)
 }
 pub fn latest_managed_session() -> Result<ManagedSessionSummary, SessionControlError> {
@@ -245,10 +464,8 @@ pub fn latest_managed_session() -> Result<ManagedSessionSummary, SessionControlE
 pub fn latest_managed_session_for(
    base_dir: impl AsRef<Path>,
 ) -> Result<ManagedSessionSummary, SessionControlError> {
-    list_managed_sessions_for(base_dir)?
+    let store = SessionStore::from_cwd(base_dir)?;
-        .into_iter()
+    store.latest_session()
        .next()
        .ok_or_else(|| SessionControlError::Format(format_no_managed_sessions()))
 }
 pub fn load_managed_session(reference: &str) -> Result<LoadedManagedSession, SessionControlError> {
@@ -259,15 +476,8 @@ pub fn load_managed_session_for(
    base_dir: impl AsRef<Path>,
    reference: &str,
 ) -> Result<LoadedManagedSession, SessionControlError> {
-    let handle = resolve_session_reference_for(base_dir, reference)?;
+    let store = SessionStore::from_cwd(base_dir)?;
-    let session = Session::load_from_path(&handle.path)?;
+    store.load_session(reference)
    Ok(LoadedManagedSession {
        handle: SessionHandle {
            id: session.session_id.clone(),
            path: handle.path,
        },
        session,
    })
 }
 pub fn fork_managed_session(
@@ -282,21 +492,8 @@ pub fn fork_managed_session_for(
    session: &Session,
    branch_name: Option<String>,
 ) -> Result<ForkedManagedSession, SessionControlError> {
-    let parent_session_id = session.session_id.clone();
+    let store = SessionStore::from_cwd(base_dir)?;
-    let forked = session.fork(branch_name);
+    store.fork_session(session, branch_name)
    let handle = create_managed_session_handle_for(base_dir, &forked.session_id)?;
    let branch_name = forked
        .fork
        .as_ref()
        .and_then(|fork| fork.branch_name.clone());
    let forked = forked.with_persistence_path(handle.path.clone());
    forked.save_to_path(&handle.path)?;
    Ok(ForkedManagedSession {
        parent_session_id,
        handle,
        session: forked,
        branch_name,
    })
 }
 #[must_use]
@@ -328,12 +525,36 @@ fn format_no_managed_sessions() -> String {
    )
 }
 fn format_legacy_session_missing_workspace_root(
    session_path: &Path,
    workspace_root: &Path,
 ) -> String {
    format!(
        "legacy session is missing workspace binding: {}\nOpen it from its original workspace or re-save it from {}.",
        session_path.display(),
        workspace_root.display()
    )
 }
 fn workspace_roots_match(left: &Path, right: &Path) -> bool {
    canonicalize_for_compare(left) == canonicalize_for_compare(right)
 }
 fn canonicalize_for_compare(path: &Path) -> PathBuf {
    fs::canonicalize(path).unwrap_or_else(|_| path.to_path_buf())
 }
 fn path_is_within_workspace(path: &Path, workspace_root: &Path) -> bool {
    canonicalize_for_compare(path).starts_with(canonicalize_for_compare(workspace_root))
 }
 #[cfg(test)]
 mod tests {
    use super::{
        create_managed_session_handle_for, fork_managed_session_for, is_session_reference_alias,
        list_managed_sessions_for, load_managed_session_for, resolve_session_reference_for,
-        ManagedSessionSummary, LATEST_SESSION_REFERENCE,
+        workspace_fingerprint, ManagedSessionSummary, SessionControlError, SessionStore,
        LATEST_SESSION_REFERENCE,
    };
    use crate::session::Session;
    use std::fs;
@@ -349,7 +570,7 @@ mod tests {
    }
    fn persist_session(root: &Path, text: &str) -> Session {
-        let mut session = Session::new();
+        let mut session = Session::new().with_workspace_root(root.to_path_buf());
        session
            .push_user_text(text)
            .expect("session message should save");
@@ -385,6 +606,35 @@ mod tests {
            .expect("session summary should exist")
    }
    #[test]
    fn latest_session_prefers_semantic_updated_at_over_file_mtime() {
        let mut sessions = vec![
            ManagedSessionSummary {
                id: "older-file-newer-session".to_string(),
                path: PathBuf::from("/tmp/older"),
                updated_at_ms: 200,
                modified_epoch_millis: 100,
                message_count: 2,
                parent_session_id: None,
                branch_name: None,
            },
            ManagedSessionSummary {
                id: "newer-file-older-session".to_string(),
                path: PathBuf::from("/tmp/newer"),
                updated_at_ms: 100,
                modified_epoch_millis: 200,
                message_count: 1,
                parent_session_id: None,
                branch_name: None,
            },
        ];
        crate::session_control::sort_managed_sessions(&mut sessions);
        assert_eq!(sessions[0].id, "older-file-newer-session");
        assert_eq!(sessions[1].id, "newer-file-older-session");
    }
    #[test]
    fn creates_and_lists_managed_sessions() {
        // given
@@ -456,4 +706,261 @@ mod tests {
        );
        fs::remove_dir_all(root).expect("temp dir should clean up");
    }
    // ------------------------------------------------------------------
    // Per-worktree session isolation (SessionStore) tests
    // ------------------------------------------------------------------
    fn persist_session_via_store(store: &SessionStore, text: &str) -> Session {
        let mut session = Session::new().with_workspace_root(store.workspace_root().to_path_buf());
        session
            .push_user_text(text)
            .expect("session message should save");
        let handle = store.create_handle(&session.session_id);
        let session = session.with_persistence_path(handle.path.clone());
        session
            .save_to_path(&handle.path)
            .expect("session should persist");
        session
    }
    #[test]
    fn workspace_fingerprint_is_deterministic_and_differs_per_path() {
        // given
        let path_a = Path::new("/tmp/worktree-alpha");
        let path_b = Path::new("/tmp/worktree-beta");
        // when
        let fp_a1 = workspace_fingerprint(path_a);
        let fp_a2 = workspace_fingerprint(path_a);
        let fp_b = workspace_fingerprint(path_b);
        // then
        assert_eq!(fp_a1, fp_a2, "same path must produce the same fingerprint");
        assert_ne!(
            fp_a1, fp_b,
            "different paths must produce different fingerprints"
        );
        assert_eq!(fp_a1.len(), 16, "fingerprint must be a 16-char hex string");
    }
    #[test]
    fn session_store_from_cwd_isolates_sessions_by_workspace() {
        // given
        let base = temp_dir();
        let workspace_a = base.join("repo-alpha");
        let workspace_b = base.join("repo-beta");
        fs::create_dir_all(&workspace_a).expect("workspace a should exist");
        fs::create_dir_all(&workspace_b).expect("workspace b should exist");
        let store_a = SessionStore::from_cwd(&workspace_a).expect("store a should build");
        let store_b = SessionStore::from_cwd(&workspace_b).expect("store b should build");
        // when
        let session_a = persist_session_via_store(&store_a, "alpha work");
        let _session_b = persist_session_via_store(&store_b, "beta work");
        // then — each store only sees its own sessions
        let list_a = store_a.list_sessions().expect("list a");
        let list_b = store_b.list_sessions().expect("list b");
        assert_eq!(list_a.len(), 1, "store a should see exactly one session");
        assert_eq!(list_b.len(), 1, "store b should see exactly one session");
        assert_eq!(list_a[0].id, session_a.session_id);
        assert_ne!(
            store_a.sessions_dir(),
            store_b.sessions_dir(),
            "session directories must differ across workspaces"
        );
        fs::remove_dir_all(base).expect("temp dir should clean up");
    }
    #[test]
    fn session_store_from_data_dir_namespaces_by_workspace() {
        // given
        let base = temp_dir();
        let data_dir = base.join("global-data");
        let workspace_a = PathBuf::from("/tmp/project-one");
        let workspace_b = PathBuf::from("/tmp/project-two");
        fs::create_dir_all(&data_dir).expect("data dir should exist");
        let store_a =
            SessionStore::from_data_dir(&data_dir, &workspace_a).expect("store a should build");
        let store_b =
            SessionStore::from_data_dir(&data_dir, &workspace_b).expect("store b should build");
        // when
        persist_session_via_store(&store_a, "work in project-one");
        persist_session_via_store(&store_b, "work in project-two");
        // then
        assert_ne!(
            store_a.sessions_dir(),
            store_b.sessions_dir(),
            "data-dir stores must namespace by workspace"
        );
        assert_eq!(store_a.list_sessions().expect("list a").len(), 1);
        assert_eq!(store_b.list_sessions().expect("list b").len(), 1);
        assert_eq!(store_a.workspace_root(), workspace_a.as_path());
        assert_eq!(store_b.workspace_root(), workspace_b.as_path());
        fs::remove_dir_all(base).expect("temp dir should clean up");
    }
    #[test]
    fn session_store_create_and_load_round_trip() {
        // given
        let base = temp_dir();
        fs::create_dir_all(&base).expect("base dir should exist");
        let store = SessionStore::from_cwd(&base).expect("store should build");
        let session = persist_session_via_store(&store, "round-trip message");
        // when
        let loaded = store
            .load_session(&session.session_id)
            .expect("session should load via store");
        // then
        assert_eq!(loaded.handle.id, session.session_id);
        assert_eq!(loaded.session.messages.len(), 1);
        fs::remove_dir_all(base).expect("temp dir should clean up");
    }
    #[test]
    fn session_store_rejects_legacy_session_from_other_workspace() {
        // given
        let base = temp_dir();
        let workspace_a = base.join("repo-alpha");
        let workspace_b = base.join("repo-beta");
        fs::create_dir_all(&workspace_a).expect("workspace a should exist");
        fs::create_dir_all(&workspace_b).expect("workspace b should exist");
        let store_b = SessionStore::from_cwd(&workspace_b).expect("store b should build");
        let legacy_root = workspace_b.join(".claw").join("sessions");
        fs::create_dir_all(&legacy_root).expect("legacy root should exist");
        let legacy_path = legacy_root.join("legacy-cross.jsonl");
        let session = Session::new()
            .with_workspace_root(workspace_a.clone())
            .with_persistence_path(legacy_path.clone());
        session
            .save_to_path(&legacy_path)
            .expect("legacy session should persist");
        // when
        let err = store_b
            .load_session("legacy-cross")
            .expect_err("workspace mismatch should be rejected");
        // then
        match err {
            SessionControlError::WorkspaceMismatch { expected, actual } => {
                assert_eq!(expected, workspace_b);
                assert_eq!(actual, workspace_a);
            }
            other => panic!("expected workspace mismatch, got {other:?}"),
        }
        fs::remove_dir_all(base).expect("temp dir should clean up");
    }
    #[test]
    fn session_store_loads_safe_legacy_session_from_same_workspace() {
        // given
        let base = temp_dir();
        fs::create_dir_all(&base).expect("base dir should exist");
        let store = SessionStore::from_cwd(&base).expect("store should build");
        let legacy_root = base.join(".claw").join("sessions");
        let legacy_path = legacy_root.join("legacy-safe.jsonl");
        fs::create_dir_all(&legacy_root).expect("legacy root should exist");
        let session = Session::new()
            .with_workspace_root(base.clone())
            .with_persistence_path(legacy_path.clone());
        session
            .save_to_path(&legacy_path)
            .expect("legacy session should persist");
        // when
        let loaded = store
            .load_session("legacy-safe")
            .expect("same-workspace legacy session should load");
        // then
        assert_eq!(loaded.handle.id, session.session_id);
        assert_eq!(loaded.handle.path, legacy_path);
        assert_eq!(loaded.session.workspace_root(), Some(base.as_path()));
        fs::remove_dir_all(base).expect("temp dir should clean up");
    }
    #[test]
    fn session_store_loads_unbound_legacy_session_from_same_workspace() {
        // given
        let base = temp_dir();
        fs::create_dir_all(&base).expect("base dir should exist");
        let store = SessionStore::from_cwd(&base).expect("store should build");
        let legacy_root = base.join(".claw").join("sessions");
        let legacy_path = legacy_root.join("legacy-unbound.json");
        fs::create_dir_all(&legacy_root).expect("legacy root should exist");
        let session = Session::new().with_persistence_path(legacy_path.clone());
        session
            .save_to_path(&legacy_path)
            .expect("legacy session should persist");
        // when
        let loaded = store
            .load_session("legacy-unbound")
            .expect("same-workspace legacy session without workspace binding should load");
        // then
        assert_eq!(loaded.handle.path, legacy_path);
        assert_eq!(loaded.session.workspace_root(), None);
        fs::remove_dir_all(base).expect("temp dir should clean up");
    }
    #[test]
    fn session_store_latest_and_resolve_reference() {
        // given
        let base = temp_dir();
        fs::create_dir_all(&base).expect("base dir should exist");
        let store = SessionStore::from_cwd(&base).expect("store should build");
        let _older = persist_session_via_store(&store, "older");
        wait_for_next_millisecond();
        let newer = persist_session_via_store(&store, "newer");
        // when
        let latest = store.latest_session().expect("latest should resolve");
        let handle = store
            .resolve_reference("latest")
            .expect("latest alias should resolve");
        // then
        assert_eq!(latest.id, newer.session_id);
        assert_eq!(handle.id, newer.session_id);
        fs::remove_dir_all(base).expect("temp dir should clean up");
    }
    #[test]
    fn session_store_fork_stays_in_same_namespace() {
        // given
        let base = temp_dir();
        fs::create_dir_all(&base).expect("base dir should exist");
        let store = SessionStore::from_cwd(&base).expect("store should build");
        let source = persist_session_via_store(&store, "parent work");
        // when
        let forked = store
            .fork_session(&source, Some("bugfix".to_string()))
            .expect("fork should succeed");
        let sessions = store.list_sessions().expect("list sessions");
        // then
        assert_eq!(
            sessions.len(),
            2,
            "forked session must land in the same namespace"
        );
        assert_eq!(forked.parent_session_id, source.session_id);
        assert_eq!(forked.branch_name.as_deref(), Some("bugfix"));
        assert!(
            forked.handle.path.starts_with(store.sessions_dir()),
            "forked session path must be inside the store namespace"
        );
        fs::remove_dir_all(base).expect("temp dir should clean up");
    }
 }
--- a/rust/crates/runtime/src/stale_base.rs
+++ b/rust/crates/runtime/src/stale_base.rs
@@ -0,0 +1,429 @@
 #![allow(clippy::must_use_candidate)]
 use std::path::Path;
 use std::process::Command;
 /// Outcome of comparing the worktree HEAD against the expected base commit.
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub enum BaseCommitState {
    /// HEAD matches the expected base commit.
    Matches,
    /// HEAD has diverged from the expected base.
    Diverged { expected: String, actual: String },
    /// No expected base was supplied (neither flag nor file).
    NoExpectedBase,
    /// The working directory is not inside a git repository.
    NotAGitRepo,
 }
 /// Where the expected base commit originated from.
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub enum BaseCommitSource {
    Flag(String),
    File(String),
 }
 /// Read the `.claw-base` file from the given directory and return the trimmed
 /// commit hash, or `None` when the file is absent or empty.
 pub fn read_claw_base_file(cwd: &Path) -> Option<String> {
    let path = cwd.join(".claw-base");
    let content = std::fs::read_to_string(path).ok()?;
    let trimmed = content.trim();
    if trimmed.is_empty() {
        None
    } else {
        Some(trimmed.to_string())
    }
 }
 /// Resolve the expected base commit: prefer the `--base-commit` flag value,
 /// fall back to reading `.claw-base` from `cwd`.
 pub fn resolve_expected_base(flag_value: Option<&str>, cwd: &Path) -> Option<BaseCommitSource> {
    if let Some(value) = flag_value {
        let trimmed = value.trim();
        if !trimmed.is_empty() {
            return Some(BaseCommitSource::Flag(trimmed.to_string()));
        }
    }
    read_claw_base_file(cwd).map(BaseCommitSource::File)
 }
 /// Verify that the worktree HEAD matches `expected_base`.
 ///
 /// Returns [`BaseCommitState::NoExpectedBase`] when no expected commit is
 /// provided (the check is effectively a no-op in that case).
 pub fn check_base_commit(cwd: &Path, expected_base: Option<&BaseCommitSource>) -> BaseCommitState {
    let Some(source) = expected_base else {
        return BaseCommitState::NoExpectedBase;
    };
    let expected_raw = match source {
        BaseCommitSource::Flag(value) | BaseCommitSource::File(value) => value.as_str(),
    };
    let Some(head_sha) = resolve_head_sha(cwd) else {
        return BaseCommitState::NotAGitRepo;
    };
    let Some(expected_sha) = resolve_rev(cwd, expected_raw) else {
        // If the expected ref cannot be resolved, compare raw strings as a
        // best-effort fallback (e.g. partial SHA provided by the caller).
        return if head_sha.starts_with(expected_raw) || expected_raw.starts_with(&head_sha) {
            BaseCommitState::Matches
        } else {
            BaseCommitState::Diverged {
                expected: expected_raw.to_string(),
                actual: head_sha,
            }
        };
    };
    if head_sha == expected_sha {
        BaseCommitState::Matches
    } else {
        BaseCommitState::Diverged {
            expected: expected_sha,
            actual: head_sha,
        }
    }
 }
 /// Format a human-readable warning when the base commit has diverged.
 ///
 /// Returns `None` for non-warning states (`Matches`, `NoExpectedBase`).
 pub fn format_stale_base_warning(state: &BaseCommitState) -> Option<String> {
    match state {
        BaseCommitState::Diverged { expected, actual } => Some(format!(
            "warning: worktree HEAD ({actual}) does not match expected base commit ({expected}). \
             Session may run against a stale codebase."
        )),
        BaseCommitState::NotAGitRepo => {
            Some("warning: stale-base check skipped — not inside a git repository.".to_string())
        }
        BaseCommitState::Matches | BaseCommitState::NoExpectedBase => None,
    }
 }
 fn resolve_head_sha(cwd: &Path) -> Option<String> {
    resolve_rev(cwd, "HEAD")
 }
 fn resolve_rev(cwd: &Path, rev: &str) -> Option<String> {
    let output = Command::new("git")
        .args(["rev-parse", rev])
        .current_dir(cwd)
        .output()
        .ok()?;
    if !output.status.success() {
        return None;
    }
    let sha = String::from_utf8(output.stdout).ok()?;
    let trimmed = sha.trim();
    if trimmed.is_empty() {
        None
    } else {
        Some(trimmed.to_string())
    }
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    use std::fs;
    use std::process::Command;
    use std::time::{SystemTime, UNIX_EPOCH};
    fn temp_dir() -> std::path::PathBuf {
        let nanos = SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .expect("time should be after epoch")
            .as_nanos();
        std::env::temp_dir().join(format!("runtime-stale-base-{nanos}"))
    }
    fn init_repo(path: &std::path::Path) {
        fs::create_dir_all(path).expect("create repo dir");
        run(path, &["init", "--quiet", "-b", "main"]);
        run(path, &["config", "user.email", "tests@example.com"]);
        run(path, &["config", "user.name", "Stale Base Tests"]);
        fs::write(path.join("init.txt"), "initial\n").expect("write init file");
        run(path, &["add", "."]);
        run(path, &["commit", "-m", "initial commit", "--quiet"]);
    }
    fn run(cwd: &std::path::Path, args: &[&str]) {
        let status = Command::new("git")
            .args(args)
            .current_dir(cwd)
            .status()
            .unwrap_or_else(|e| panic!("git {} failed to execute: {e}", args.join(" ")));
        assert!(
            status.success(),
            "git {} exited with {status}",
            args.join(" ")
        );
    }
    fn commit_file(repo: &std::path::Path, name: &str, msg: &str) {
        fs::write(repo.join(name), format!("{msg}\n")).expect("write file");
        run(repo, &["add", name]);
        run(repo, &["commit", "-m", msg, "--quiet"]);
    }
    fn head_sha(repo: &std::path::Path) -> String {
        let output = Command::new("git")
            .args(["rev-parse", "HEAD"])
            .current_dir(repo)
            .output()
            .expect("git rev-parse HEAD");
        String::from_utf8(output.stdout)
            .expect("valid utf8")
            .trim()
            .to_string()
    }
    #[test]
    fn matches_when_head_equals_expected_base() {
        // given
        let root = temp_dir();
        init_repo(&root);
        let sha = head_sha(&root);
        let source = BaseCommitSource::Flag(sha);
        // when
        let state = check_base_commit(&root, Some(&source));
        // then
        assert_eq!(state, BaseCommitState::Matches);
        fs::remove_dir_all(&root).expect("cleanup");
    }
    #[test]
    fn diverged_when_head_moved_past_expected_base() {
        // given
        let root = temp_dir();
        init_repo(&root);
        let old_sha = head_sha(&root);
        commit_file(&root, "extra.txt", "move head forward");
        let new_sha = head_sha(&root);
        let source = BaseCommitSource::Flag(old_sha.clone());
        // when
        let state = check_base_commit(&root, Some(&source));
        // then
        assert_eq!(
            state,
            BaseCommitState::Diverged {
                expected: old_sha,
                actual: new_sha,
            }
        );
        fs::remove_dir_all(&root).expect("cleanup");
    }
    #[test]
    fn no_expected_base_when_source_is_none() {
        // given
        let root = temp_dir();
        init_repo(&root);
        // when
        let state = check_base_commit(&root, None);
        // then
        assert_eq!(state, BaseCommitState::NoExpectedBase);
        fs::remove_dir_all(&root).expect("cleanup");
    }
    #[test]
    fn not_a_git_repo_when_outside_repo() {
        // given
        let root = temp_dir();
        fs::create_dir_all(&root).expect("create dir");
        let source = BaseCommitSource::Flag("abc1234".to_string());
        // when
        let state = check_base_commit(&root, Some(&source));
        // then
        assert_eq!(state, BaseCommitState::NotAGitRepo);
        fs::remove_dir_all(&root).expect("cleanup");
    }
    #[test]
    fn reads_claw_base_file() {
        // given
        let root = temp_dir();
        fs::create_dir_all(&root).expect("create dir");
        fs::write(root.join(".claw-base"), "abc1234def5678\n").expect("write .claw-base");
        // when
        let value = read_claw_base_file(&root);
        // then
        assert_eq!(value, Some("abc1234def5678".to_string()));
        fs::remove_dir_all(&root).expect("cleanup");
    }
    #[test]
    fn returns_none_for_missing_claw_base_file() {
        // given
        let root = temp_dir();
        fs::create_dir_all(&root).expect("create dir");
        // when
        let value = read_claw_base_file(&root);
        // then
        assert!(value.is_none());
        fs::remove_dir_all(&root).expect("cleanup");
    }
    #[test]
    fn returns_none_for_empty_claw_base_file() {
        // given
        let root = temp_dir();
        fs::create_dir_all(&root).expect("create dir");
        fs::write(root.join(".claw-base"), "  \n").expect("write empty .claw-base");
        // when
        let value = read_claw_base_file(&root);
        // then
        assert!(value.is_none());
        fs::remove_dir_all(&root).expect("cleanup");
    }
    #[test]
    fn resolve_expected_base_prefers_flag_over_file() {
        // given
        let root = temp_dir();
        fs::create_dir_all(&root).expect("create dir");
        fs::write(root.join(".claw-base"), "from_file\n").expect("write .claw-base");
        // when
        let source = resolve_expected_base(Some("from_flag"), &root);
        // then
        assert_eq!(
            source,
            Some(BaseCommitSource::Flag("from_flag".to_string()))
        );
        fs::remove_dir_all(&root).expect("cleanup");
    }
    #[test]
    fn resolve_expected_base_falls_back_to_file() {
        // given
        let root = temp_dir();
        fs::create_dir_all(&root).expect("create dir");
        fs::write(root.join(".claw-base"), "from_file\n").expect("write .claw-base");
        // when
        let source = resolve_expected_base(None, &root);
        // then
        assert_eq!(
            source,
            Some(BaseCommitSource::File("from_file".to_string()))
        );
        fs::remove_dir_all(&root).expect("cleanup");
    }
    #[test]
    fn resolve_expected_base_returns_none_when_nothing_available() {
        // given
        let root = temp_dir();
        fs::create_dir_all(&root).expect("create dir");
        // when
        let source = resolve_expected_base(None, &root);
        // then
        assert!(source.is_none());
        fs::remove_dir_all(&root).expect("cleanup");
    }
    #[test]
    fn format_warning_returns_message_for_diverged() {
        // given
        let state = BaseCommitState::Diverged {
            expected: "abc1234".to_string(),
            actual: "def5678".to_string(),
        };
        // when
        let warning = format_stale_base_warning(&state);
        // then
        let message = warning.expect("should produce warning");
        assert!(message.contains("abc1234"));
        assert!(message.contains("def5678"));
        assert!(message.contains("stale codebase"));
    }
    #[test]
    fn format_warning_returns_none_for_matches() {
        // given
        let state = BaseCommitState::Matches;
        // when
        let warning = format_stale_base_warning(&state);
        // then
        assert!(warning.is_none());
    }
    #[test]
    fn format_warning_returns_none_for_no_expected_base() {
        // given
        let state = BaseCommitState::NoExpectedBase;
        // when
        let warning = format_stale_base_warning(&state);
        // then
        assert!(warning.is_none());
    }
    #[test]
    fn matches_with_claw_base_file_in_real_repo() {
        // given
        let root = temp_dir();
        init_repo(&root);
        let sha = head_sha(&root);
        fs::write(root.join(".claw-base"), format!("{sha}\n")).expect("write .claw-base");
        let source = resolve_expected_base(None, &root);
        // when
        let state = check_base_commit(&root, source.as_ref());
        // then
        assert_eq!(state, BaseCommitState::Matches);
        fs::remove_dir_all(&root).expect("cleanup");
    }
    #[test]
    fn diverged_with_claw_base_file_after_new_commit() {
        // given
        let root = temp_dir();
        init_repo(&root);
        let old_sha = head_sha(&root);
        fs::write(root.join(".claw-base"), format!("{old_sha}\n")).expect("write .claw-base");
        commit_file(&root, "new.txt", "advance head");
        let new_sha = head_sha(&root);
        let source = resolve_expected_base(None, &root);
        // when
        let state = check_base_commit(&root, source.as_ref());
        // then
        assert_eq!(
            state,
            BaseCommitState::Diverged {
                expected: old_sha,
                actual: new_sha,
            }
        );
        fs::remove_dir_all(&root).expect("cleanup");
    }
 }
--- a/rust/crates/runtime/src/task_packet.rs
+++ b/rust/crates/runtime/src/task_packet.rs
@@ -1,11 +1,42 @@
 use serde::{Deserialize, Serialize};
 use std::fmt::{Display, Formatter};
 /// Task scope resolution for defining the granularity of work.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
 #[serde(rename_all = "snake_case")]
 pub enum TaskScope {
    /// Work across the entire workspace
    Workspace,
    /// Work within a specific module/crate
    Module,
    /// Work on a single file
    SingleFile,
    /// Custom scope defined by the user
    Custom,
 }
 impl std::fmt::Display for TaskScope {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::Workspace => write!(f, "workspace"),
            Self::Module => write!(f, "module"),
            Self::SingleFile => write!(f, "single-file"),
            Self::Custom => write!(f, "custom"),
        }
    }
 }
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
 pub struct TaskPacket {
    pub objective: String,
-    pub scope: String,
+    pub scope: TaskScope,
    /// Optional scope path when scope is `Module`, `SingleFile`, or `Custom`
    #[serde(skip_serializing_if = "Option::is_none")]
    pub scope_path: Option<String>,
    pub repo: String,
    /// Worktree path for the task
    #[serde(skip_serializing_if = "Option::is_none")]
    pub worktree: Option<String>,
    pub branch_policy: String,
    pub acceptance_tests: Vec<String>,
    pub commit_policy: String,
@@ -57,7 +88,6 @@ pub fn validate_packet(packet: TaskPacket) -> Result<ValidatedPacket, TaskPacket
    let mut errors = Vec::new();
    validate_required("objective", &packet.objective, &mut errors);
    validate_required("scope", &packet.scope, &mut errors);
    validate_required("repo", &packet.repo, &mut errors);
    validate_required("branch_policy", &packet.branch_policy, &mut errors);
    validate_required("commit_policy", &packet.commit_policy, &mut errors);
@@ -68,6 +98,9 @@ pub fn validate_packet(packet: TaskPacket) -> Result<ValidatedPacket, TaskPacket
    );
    validate_required("escalation_policy", &packet.escalation_policy, &mut errors);
    // Validate scope-specific requirements
    validate_scope_requirements(&packet, &mut errors);
    for (index, test) in packet.acceptance_tests.iter().enumerate() {
        if test.trim().is_empty() {
            errors.push(format!(
@@ -83,6 +116,26 @@ pub fn validate_packet(packet: TaskPacket) -> Result<ValidatedPacket, TaskPacket
    }
 }
 fn validate_scope_requirements(packet: &TaskPacket, errors: &mut Vec<String>) {
    // Scope path is required for Module, SingleFile, and Custom scopes
    let needs_scope_path = matches!(
        packet.scope,
        TaskScope::Module | TaskScope::SingleFile | TaskScope::Custom
    );
    if needs_scope_path
        && packet
            .scope_path
            .as_ref()
            .is_none_or(|p| p.trim().is_empty())
    {
        errors.push(format!(
            "scope_path is required for scope '{}'",
            packet.scope
        ));
    }
 }
 fn validate_required(field: &str, value: &str, errors: &mut Vec<String>) {
    if value.trim().is_empty() {
        errors.push(format!("{field} must not be empty"));
@@ -96,8 +149,10 @@ mod tests {
    fn sample_packet() -> TaskPacket {
        TaskPacket {
            objective: "Implement typed task packet format".to_string(),
-            scope: "runtime/task system".to_string(),
+            scope: TaskScope::Module,
            scope_path: Some("runtime/task system".to_string()),
            repo: "claw-code-parity".to_string(),
            worktree: Some("/tmp/wt-1".to_string()),
            branch_policy: "origin/main only".to_string(),
            acceptance_tests: vec![
                "cargo build --workspace".to_string(),
@@ -119,9 +174,12 @@ mod tests {
    #[test]
    fn invalid_packet_accumulates_errors() {
        use super::TaskScope;
        let packet = TaskPacket {
            objective: " ".to_string(),
-            scope: String::new(),
+            scope: TaskScope::Workspace,
            scope_path: None,
            worktree: None,
            repo: String::new(),
            branch_policy: "\t".to_string(),
            acceptance_tests: vec!["ok".to_string(), " ".to_string()],
@@ -136,9 +194,6 @@ mod tests {
        assert!(error
            .errors()
            .contains(&"objective must not be empty".to_string()));
        assert!(error
            .errors()
            .contains(&"scope must not be empty".to_string()));
        assert!(error
            .errors()
            .contains(&"repo must not be empty".to_string()));
--- a/rust/crates/runtime/src/task_registry.rs
+++ b/rust/crates/runtime/src/task_registry.rs
@@ -85,11 +85,12 @@ impl TaskRegistry {
        packet: TaskPacket,
    ) -> Result<Task, TaskPacketValidationError> {
        let packet = validate_packet(packet)?.into_inner();
-        Ok(self.create_task(
+        // Use scope_path as description if available, otherwise use scope as string
-            packet.objective.clone(),
+        let description = packet
-            Some(packet.scope.clone()),
+            .scope_path
-            Some(packet),
+            .clone()
-        ))
+            .or_else(|| Some(packet.scope.to_string()));
        Ok(self.create_task(packet.objective.clone(), description, Some(packet)))
    }
    fn create_task(
@@ -249,10 +250,13 @@ mod tests {
    #[test]
    fn creates_task_from_packet() {
        use crate::task_packet::TaskScope;
        let registry = TaskRegistry::new();
        let packet = TaskPacket {
            objective: "Ship task packet support".to_string(),
-            scope: "runtime/task system".to_string(),
+            scope: TaskScope::Module,
            scope_path: Some("runtime/task system".to_string()),
            worktree: Some("/tmp/wt-task".to_string()),
            repo: "claw-code-parity".to_string(),
            branch_policy: "origin/main only".to_string(),
            acceptance_tests: vec!["cargo test --workspace".to_string()],
--- a/rust/crates/runtime/src/worker_boot.rs
+++ b/rust/crates/runtime/src/worker_boot.rs
@@ -56,6 +56,7 @@ pub enum WorkerFailureKind {
    PromptDelivery,
    Protocol,
    Provider,
    StartupNoEvidence,
 }
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
@@ -78,6 +79,7 @@ pub enum WorkerEventKind {
    Restarted,
    Finished,
    Failed,
    StartupNoEvidence,
 }
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
@@ -92,9 +94,50 @@ pub enum WorkerTrustResolution {
 pub enum WorkerPromptTarget {
    Shell,
    WrongTarget,
    WrongTask,
    Unknown,
 }
 /// Classification of startup failure when no evidence is available.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
 #[serde(rename_all = "snake_case")]
 pub enum StartupFailureClassification {
    /// Trust prompt is required but not detected/resolved
    TrustRequired,
    /// Prompt was delivered to wrong target (shell misdelivery)
    PromptMisdelivery,
    /// Prompt was sent but acceptance timed out
    PromptAcceptanceTimeout,
    /// Transport layer is dead/unresponsive
    TransportDead,
    /// Worker process crashed during startup
    WorkerCrashed,
    /// Cannot determine specific cause
    Unknown,
 }
 /// Evidence bundle collected when worker startup times out without clear evidence.
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
 pub struct StartupEvidenceBundle {
    /// Last known worker lifecycle state before timeout
    pub last_lifecycle_state: WorkerStatus,
    /// The pane/command that was being executed
    pub pane_command: String,
    /// Timestamp when prompt was sent (if any), unix epoch seconds
    #[serde(skip_serializing_if = "Option::is_none")]
    pub prompt_sent_at: Option<u64>,
    /// Whether prompt acceptance was detected
    pub prompt_acceptance_state: bool,
    /// Result of trust prompt detection at timeout
    pub trust_prompt_detected: bool,
    /// Transport health summary (true = healthy/responsive)
    pub transport_healthy: bool,
    /// MCP health summary (true = all servers healthy)
    pub mcp_healthy: bool,
    /// Seconds since worker creation
    pub elapsed_seconds: u64,
 }
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
 #[serde(tag = "type", rename_all = "snake_case")]
 pub enum WorkerEventPayload {
@@ -108,8 +151,26 @@ pub enum WorkerEventPayload {
        observed_target: WorkerPromptTarget,
        #[serde(skip_serializing_if = "Option::is_none")]
        observed_cwd: Option<String>,
        #[serde(skip_serializing_if = "Option::is_none")]
        observed_prompt_preview: Option<String>,
        #[serde(skip_serializing_if = "Option::is_none")]
        task_receipt: Option<WorkerTaskReceipt>,
        recovery_armed: bool,
    },
    StartupNoEvidence {
        evidence: StartupEvidenceBundle,
        classification: StartupFailureClassification,
    },
 }
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
 pub struct WorkerTaskReceipt {
    pub repo: String,
    pub task_kind: String,
    pub source_surface: String,
    #[serde(default, skip_serializing_if = "Vec::is_empty")]
    pub expected_artifacts: Vec<String>,
    pub objective_preview: String,
 }
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
@@ -134,6 +195,7 @@ pub struct Worker {
    pub prompt_delivery_attempts: u32,
    pub prompt_in_flight: bool,
    pub last_prompt: Option<String>,
    pub expected_receipt: Option<WorkerTaskReceipt>,
    pub replay_prompt: Option<String>,
    pub last_error: Option<WorkerFailure>,
    pub created_at: u64,
@@ -182,6 +244,7 @@ impl WorkerRegistry {
            prompt_delivery_attempts: 0,
            prompt_in_flight: false,
            last_prompt: None,
            expected_receipt: None,
            replay_prompt: None,
            last_error: None,
            created_at: ts,
@@ -257,6 +320,7 @@ impl WorkerRegistry {
                    &lowered,
                    worker.last_prompt.as_deref(),
                    &worker.cwd,
                    worker.expected_receipt.as_ref(),
                )
            })
            .flatten()
@@ -272,6 +336,10 @@ impl WorkerRegistry {
                    "worker prompt landed in the wrong target instead of {}: {}",
                    worker.cwd, prompt_preview
                ),
                WorkerPromptTarget::WrongTask => format!(
                    "worker prompt receipt mismatched the expected task context for {}: {}",
                    worker.cwd, prompt_preview
                ),
                WorkerPromptTarget::Unknown => format!(
                    "worker prompt delivery failed before reaching coding agent: {prompt_preview}"
                ),
@@ -291,6 +359,8 @@ impl WorkerRegistry {
                    prompt_preview: prompt_preview.clone(),
                    observed_target: observation.target,
                    observed_cwd: observation.observed_cwd.clone(),
                    observed_prompt_preview: observation.observed_prompt_preview.clone(),
                    task_receipt: worker.expected_receipt.clone(),
                    recovery_armed: false,
                }),
            );
@@ -306,6 +376,8 @@ impl WorkerRegistry {
                        prompt_preview,
                        observed_target: observation.target,
                        observed_cwd: observation.observed_cwd,
                        observed_prompt_preview: observation.observed_prompt_preview,
                        task_receipt: worker.expected_receipt.clone(),
                        recovery_armed: true,
                    }),
                );
@@ -374,7 +446,12 @@ impl WorkerRegistry {
        Ok(worker.clone())
    }
-    pub fn send_prompt(&self, worker_id: &str, prompt: Option<&str>) -> Result<Worker, String> {
+    pub fn send_prompt(
        &self,
        worker_id: &str,
        prompt: Option<&str>,
        task_receipt: Option<WorkerTaskReceipt>,
    ) -> Result<Worker, String> {
        let mut inner = self.inner.lock().expect("worker registry lock poisoned");
        let worker = inner
            .workers
@@ -398,6 +475,7 @@ impl WorkerRegistry {
        worker.prompt_delivery_attempts += 1;
        worker.prompt_in_flight = true;
        worker.last_prompt = Some(next_prompt.clone());
        worker.expected_receipt = task_receipt;
        worker.replay_prompt = None;
        worker.last_error = None;
        worker.status = WorkerStatus::Running;
@@ -528,6 +606,117 @@ impl WorkerRegistry {
        Ok(worker.clone())
    }
    /// Handle startup timeout by emitting typed `worker.startup_no_evidence` event with evidence bundle.
    /// Classifier attempts to down-rank the vague bucket into a specific failure classification.
    pub fn observe_startup_timeout(
        &self,
        worker_id: &str,
        pane_command: &str,
        transport_healthy: bool,
        mcp_healthy: bool,
    ) -> Result<Worker, String> {
        let mut inner = self.inner.lock().expect("worker registry lock poisoned");
        let worker = inner
            .workers
            .get_mut(worker_id)
            .ok_or_else(|| format!("worker not found: {worker_id}"))?;
        let now = now_secs();
        let elapsed = now.saturating_sub(worker.created_at);
        // Build evidence bundle
        let evidence = StartupEvidenceBundle {
            last_lifecycle_state: worker.status,
            pane_command: pane_command.to_string(),
            prompt_sent_at: if worker.prompt_delivery_attempts > 0 {
                Some(worker.updated_at)
            } else {
                None
            },
            prompt_acceptance_state: worker.status == WorkerStatus::Running
                && !worker.prompt_in_flight,
            trust_prompt_detected: worker
                .events
                .iter()
                .any(|e| e.kind == WorkerEventKind::TrustRequired),
            transport_healthy,
            mcp_healthy,
            elapsed_seconds: elapsed,
        };
        // Classify the failure
        let classification = classify_startup_failure(&evidence);
        // Emit failure with evidence
        worker.last_error = Some(WorkerFailure {
            kind: WorkerFailureKind::StartupNoEvidence,
            message: format!(
                "worker startup stalled after {elapsed}s — classified as {classification:?}"
            ),
            created_at: now,
        });
        worker.status = WorkerStatus::Failed;
        worker.prompt_in_flight = false;
        push_event(
            worker,
            WorkerEventKind::StartupNoEvidence,
            WorkerStatus::Failed,
            Some(format!(
                "startup timeout with evidence: last_state={:?}, trust_detected={}, prompt_accepted={}",
                evidence.last_lifecycle_state,
                evidence.trust_prompt_detected,
                evidence.prompt_acceptance_state
            )),
            Some(WorkerEventPayload::StartupNoEvidence {
                evidence,
                classification,
            }),
        );
        Ok(worker.clone())
    }
 }
 /// Classify startup failure based on evidence bundle.
 /// Attempts to down-rank the vague `startup-no-evidence` bucket into a specific failure class.
 fn classify_startup_failure(evidence: &StartupEvidenceBundle) -> StartupFailureClassification {
    // Check for transport death first
    if !evidence.transport_healthy {
        return StartupFailureClassification::TransportDead;
    }
    // Check for trust prompt that wasn't resolved
    if evidence.trust_prompt_detected
        && evidence.last_lifecycle_state == WorkerStatus::TrustRequired
    {
        return StartupFailureClassification::TrustRequired;
    }
    // Check for prompt acceptance timeout
    if evidence.prompt_sent_at.is_some()
        && !evidence.prompt_acceptance_state
        && evidence.last_lifecycle_state == WorkerStatus::Running
    {
        return StartupFailureClassification::PromptAcceptanceTimeout;
    }
    // Check for misdelivery when prompt was sent but not accepted
    if evidence.prompt_sent_at.is_some()
        && !evidence.prompt_acceptance_state
        && evidence.elapsed_seconds > 30
    {
        return StartupFailureClassification::PromptMisdelivery;
    }
    // If MCP is unhealthy but transport is fine, worker may have crashed
    if !evidence.mcp_healthy && evidence.transport_healthy {
        return StartupFailureClassification::WorkerCrashed;
    }
    // Default to unknown if no stronger classification exists
    StartupFailureClassification::Unknown
 }
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
@@ -548,6 +737,7 @@ fn prompt_misdelivery_is_relevant(worker: &Worker) -> bool {
 struct PromptDeliveryObservation {
    target: WorkerPromptTarget,
    observed_cwd: Option<String>,
    observed_prompt_preview: Option<String>,
 }
 fn push_event(
@@ -560,6 +750,7 @@ fn push_event(
    let timestamp = now_secs();
    let seq = worker.events.len() as u64 + 1;
    worker.updated_at = timestamp;
    worker.status = status;
    worker.events.push(WorkerEvent {
        seq,
        kind,
@@ -568,6 +759,50 @@ fn push_event(
        payload,
        timestamp,
    });
    emit_state_file(worker);
 }
 /// Write current worker state to `.claw/worker-state.json` under the worker's cwd.
 /// This is the file-based observability surface: external observers (clawhip, orchestrators)
 /// poll this file instead of requiring an HTTP route on the opencode binary.
 #[derive(serde::Serialize)]
 struct StateSnapshot<'a> {
    worker_id: &'a str,
    status: WorkerStatus,
    is_ready: bool,
    trust_gate_cleared: bool,
    prompt_in_flight: bool,
    last_event: Option<&'a WorkerEvent>,
    updated_at: u64,
    /// Seconds since last state transition. Clawhip uses this to detect
    /// stalled workers without computing epoch deltas.
    seconds_since_update: u64,
 }
 fn emit_state_file(worker: &Worker) {
    let state_dir = std::path::Path::new(&worker.cwd).join(".claw");
    if std::fs::create_dir_all(&state_dir).is_err() {
        return;
    }
    let state_path = state_dir.join("worker-state.json");
    let tmp_path = state_dir.join("worker-state.json.tmp");
    let now = now_secs();
    let snapshot = StateSnapshot {
        worker_id: &worker.worker_id,
        status: worker.status,
        is_ready: worker.status == WorkerStatus::ReadyForPrompt,
        trust_gate_cleared: worker.trust_gate_cleared,
        prompt_in_flight: worker.prompt_in_flight,
        last_event: worker.events.last(),
        updated_at: worker.updated_at,
        seconds_since_update: now.saturating_sub(worker.updated_at),
    };
    if let Ok(json) = serde_json::to_string_pretty(&snapshot) {
        let _ = std::fs::write(&tmp_path, json);
        let _ = std::fs::rename(&tmp_path, &state_path);
    }
 }
 fn path_matches_allowlist(cwd: &str, trusted_root: &str) -> bool {
@@ -654,6 +889,7 @@ fn detect_prompt_misdelivery(
    lowered: &str,
    prompt: Option<&str>,
    expected_cwd: &str,
    expected_receipt: Option<&WorkerTaskReceipt>,
 ) -> Option<PromptDeliveryObservation> {
    let Some(prompt) = prompt else {
        return None;
@@ -668,12 +904,30 @@ fn detect_prompt_misdelivery(
        return None;
    }
    let prompt_visible = lowered.contains(&prompt_snippet);
    let observed_prompt_preview = detect_prompt_echo(screen_text);
    if let Some(receipt) = expected_receipt {
        let receipt_visible = task_receipt_visible(lowered, receipt);
        let mismatched_prompt_visible = observed_prompt_preview
            .as_deref()
            .map(str::to_ascii_lowercase)
            .is_some_and(|preview| !preview.contains(&prompt_snippet));
        if (prompt_visible || mismatched_prompt_visible) && !receipt_visible {
            return Some(PromptDeliveryObservation {
                target: WorkerPromptTarget::WrongTask,
                observed_cwd: detect_observed_shell_cwd(screen_text),
                observed_prompt_preview,
            });
        }
    }
    if let Some(observed_cwd) = detect_observed_shell_cwd(screen_text) {
        if prompt_visible && !cwd_matches_observed_target(expected_cwd, &observed_cwd) {
            return Some(PromptDeliveryObservation {
                target: WorkerPromptTarget::WrongTarget,
                observed_cwd: Some(observed_cwd),
                observed_prompt_preview,
            });
        }
    }
@@ -691,6 +945,7 @@ fn detect_prompt_misdelivery(
    (shell_error && prompt_visible).then_some(PromptDeliveryObservation {
        target: WorkerPromptTarget::Shell,
        observed_cwd: None,
        observed_prompt_preview,
    })
 }
@@ -703,10 +958,38 @@ fn prompt_preview(prompt: &str) -> String {
    format!("{}…", preview.trim_end())
 }
 fn detect_prompt_echo(screen_text: &str) -> Option<String> {
    screen_text.lines().find_map(|line| {
        line.trim_start()
            .strip_prefix('›')
            .map(str::trim)
            .filter(|value| !value.is_empty())
            .map(str::to_string)
    })
 }
 fn task_receipt_visible(lowered_screen_text: &str, receipt: &WorkerTaskReceipt) -> bool {
    let expected_tokens = [
        receipt.repo.to_ascii_lowercase(),
        receipt.task_kind.to_ascii_lowercase(),
        receipt.source_surface.to_ascii_lowercase(),
        receipt.objective_preview.to_ascii_lowercase(),
    ];
    expected_tokens
        .iter()
        .all(|token| lowered_screen_text.contains(token))
        && receipt
            .expected_artifacts
            .iter()
            .all(|artifact| lowered_screen_text.contains(&artifact.to_ascii_lowercase()))
 }
 fn prompt_misdelivery_detail(observation: &PromptDeliveryObservation) -> &'static str {
    match observation.target {
        WorkerPromptTarget::Shell => "shell misdelivery detected",
        WorkerPromptTarget::WrongTarget => "prompt landed in wrong target",
        WorkerPromptTarget::WrongTask => "prompt receipt mismatched expected task context",
        WorkerPromptTarget::Unknown => "prompt delivery failure detected",
    }
 }
@@ -820,7 +1103,7 @@ mod tests {
            WorkerFailureKind::TrustGate
        );
-        let send_before_resolve = registry.send_prompt(&worker.worker_id, Some("ship it"));
+        let send_before_resolve = registry.send_prompt(&worker.worker_id, Some("ship it"), None);
        assert!(send_before_resolve
            .expect_err("prompt delivery should be gated")
            .contains("not ready for prompt delivery"));
@@ -860,7 +1143,7 @@ mod tests {
            .expect("ready observe should succeed");
        let running = registry
-            .send_prompt(&worker.worker_id, Some("Implement worker handshake"))
+            .send_prompt(&worker.worker_id, Some("Implement worker handshake"), None)
            .expect("prompt send should succeed");
        assert_eq!(running.status, WorkerStatus::Running);
        assert_eq!(running.prompt_delivery_attempts, 1);
@@ -896,6 +1179,8 @@ mod tests {
                prompt_preview: "Implement worker handshake".to_string(),
                observed_target: WorkerPromptTarget::Shell,
                observed_cwd: None,
                observed_prompt_preview: None,
                task_receipt: None,
                recovery_armed: false,
            })
        );
@@ -911,12 +1196,14 @@ mod tests {
                prompt_preview: "Implement worker handshake".to_string(),
                observed_target: WorkerPromptTarget::Shell,
                observed_cwd: None,
                observed_prompt_preview: None,
                task_receipt: None,
                recovery_armed: true,
            })
        );
        let replayed = registry
-            .send_prompt(&worker.worker_id, None)
+            .send_prompt(&worker.worker_id, None, None)
            .expect("replay send should succeed");
        assert_eq!(replayed.status, WorkerStatus::Running);
        assert!(replayed.replay_prompt.is_none());
@@ -931,7 +1218,11 @@ mod tests {
            .observe(&worker.worker_id, "Ready for input\n>")
            .expect("ready observe should succeed");
        registry
-            .send_prompt(&worker.worker_id, Some("Run the worker bootstrap tests"))
+            .send_prompt(
                &worker.worker_id,
                Some("Run the worker bootstrap tests"),
                None,
            )
            .expect("prompt send should succeed");
        let recovered = registry
@@ -962,6 +1253,8 @@ mod tests {
                prompt_preview: "Run the worker bootstrap tests".to_string(),
                observed_target: WorkerPromptTarget::WrongTarget,
                observed_cwd: Some("/tmp/repo-target-b".to_string()),
                observed_prompt_preview: None,
                task_receipt: None,
                recovery_armed: false,
            })
        );
@@ -1004,6 +1297,75 @@ mod tests {
        assert!(ready.last_error.is_none());
    }
    #[test]
    fn wrong_task_receipt_mismatch_is_detected_before_execution_continues() {
        let registry = WorkerRegistry::new();
        let worker = registry.create("/tmp/repo-task", &[], true);
        registry
            .observe(&worker.worker_id, "Ready for input\n>")
            .expect("ready observe should succeed");
        registry
            .send_prompt(
                &worker.worker_id,
                Some("Implement worker handshake"),
                Some(WorkerTaskReceipt {
                    repo: "claw-code".to_string(),
                    task_kind: "repo_code".to_string(),
                    source_surface: "omx_team".to_string(),
                    expected_artifacts: vec!["patch".to_string(), "tests".to_string()],
                    objective_preview: "Implement worker handshake".to_string(),
                }),
            )
            .expect("prompt send should succeed");
        let recovered = registry
            .observe(
                &worker.worker_id,
                "› Explain this KakaoTalk screenshot for a friend\nI can help analyze the screenshot…",
            )
            .expect("mismatch observe should succeed");
        assert_eq!(recovered.status, WorkerStatus::ReadyForPrompt);
        assert_eq!(
            recovered
                .last_error
                .expect("mismatch error should exist")
                .kind,
            WorkerFailureKind::PromptDelivery
        );
        let mismatch = recovered
            .events
            .iter()
            .find(|event| event.kind == WorkerEventKind::PromptMisdelivery)
            .expect("wrong-task event should exist");
        assert_eq!(mismatch.status, WorkerStatus::Failed);
        assert_eq!(
            mismatch.payload,
            Some(WorkerEventPayload::PromptDelivery {
                prompt_preview: "Implement worker handshake".to_string(),
                observed_target: WorkerPromptTarget::WrongTask,
                observed_cwd: None,
                observed_prompt_preview: Some(
                    "Explain this KakaoTalk screenshot for a friend".to_string()
                ),
                task_receipt: Some(WorkerTaskReceipt {
                    repo: "claw-code".to_string(),
                    task_kind: "repo_code".to_string(),
                    source_surface: "omx_team".to_string(),
                    expected_artifacts: vec!["patch".to_string(), "tests".to_string()],
                    objective_preview: "Implement worker handshake".to_string(),
                }),
                recovery_armed: false,
            })
        );
        let replay = recovered
            .events
            .iter()
            .find(|event| event.kind == WorkerEventKind::PromptReplayArmed)
            .expect("replay event should exist");
        assert_eq!(replay.status, WorkerStatus::ReadyForPrompt);
    }
    #[test]
    fn restart_and_terminate_reset_or_finish_worker() {
        let registry = WorkerRegistry::new();
@@ -1012,7 +1374,7 @@ mod tests {
            .observe(&worker.worker_id, "Ready for input\n>")
            .expect("ready observe should succeed");
        registry
-            .send_prompt(&worker.worker_id, Some("Run tests"))
+            .send_prompt(&worker.worker_id, Some("Run tests"), None)
            .expect("prompt send should succeed");
        let restarted = registry
@@ -1041,7 +1403,7 @@ mod tests {
            .observe(&worker.worker_id, "Ready for input\n>")
            .expect("ready observe should succeed");
        registry
-            .send_prompt(&worker.worker_id, Some("Run tests"))
+            .send_prompt(&worker.worker_id, Some("Run tests"), None)
            .expect("prompt send should succeed");
        let failed = registry
@@ -1058,6 +1420,58 @@ mod tests {
            .any(|event| event.kind == WorkerEventKind::Failed));
    }
    #[test]
    fn emit_state_file_writes_worker_status_on_transition() {
        let cwd_path = std::env::temp_dir().join(format!(
            "claw-state-test-{}",
            std::time::SystemTime::now()
                .duration_since(std::time::UNIX_EPOCH)
                .unwrap_or_default()
                .as_nanos()
        ));
        std::fs::create_dir_all(&cwd_path).expect("test dir should create");
        let cwd = cwd_path.to_str().expect("test path should be utf8");
        let registry = WorkerRegistry::new();
        let worker = registry.create(cwd, &[], true);
        // After create the worker is Spawning — state file should exist
        let state_path = cwd_path.join(".claw").join("worker-state.json");
        assert!(
            state_path.exists(),
            "state file should exist after worker creation"
        );
        let raw = std::fs::read_to_string(&state_path).expect("state file should be readable");
        let value: serde_json::Value =
            serde_json::from_str(&raw).expect("state file should be valid JSON");
        assert_eq!(
            value["status"].as_str(),
            Some("spawning"),
            "initial status should be spawning"
        );
        assert_eq!(value["is_ready"].as_bool(), Some(false));
        // Transition to ReadyForPrompt by observing trust-cleared text
        registry
            .observe(&worker.worker_id, "Ready for input\n>")
            .expect("observe ready should succeed");
        let raw = std::fs::read_to_string(&state_path)
            .expect("state file should be readable after observe");
        let value: serde_json::Value =
            serde_json::from_str(&raw).expect("state file should be valid JSON after observe");
        assert_eq!(
            value["status"].as_str(),
            Some("ready_for_prompt"),
            "status should be ready_for_prompt after observe"
        );
        assert_eq!(
            value["is_ready"].as_bool(),
            Some(true),
            "is_ready should be true when ReadyForPrompt"
        );
    }
    #[test]
    fn observe_completion_accepts_normal_finish_with_tokens() {
        let registry = WorkerRegistry::new();
@@ -1066,7 +1480,7 @@ mod tests {
            .observe(&worker.worker_id, "Ready for input\n>")
            .expect("ready observe should succeed");
        registry
-            .send_prompt(&worker.worker_id, Some("Run tests"))
+            .send_prompt(&worker.worker_id, Some("Run tests"), None)
            .expect("prompt send should succeed");
        let finished = registry
@@ -1080,4 +1494,215 @@ mod tests {
            .iter()
            .any(|event| event.kind == WorkerEventKind::Finished));
    }
    #[test]
    fn startup_timeout_emits_evidence_bundle_with_classification() {
        let registry = WorkerRegistry::new();
        let worker = registry.create("/tmp/repo-timeout", &[], true);
        // Simulate startup timeout with transport dead
        let timed_out = registry
            .observe_startup_timeout(&worker.worker_id, "cargo test", false, true)
            .expect("startup timeout observe should succeed");
        assert_eq!(timed_out.status, WorkerStatus::Failed);
        let error = timed_out
            .last_error
            .expect("startup timeout error should exist");
        assert_eq!(error.kind, WorkerFailureKind::StartupNoEvidence);
        // Check for "TransportDead" (the Debug representation of the enum variant)
        assert!(
            error.message.contains("TransportDead"),
            "expected TransportDead in: {}",
            error.message
        );
        let event = timed_out
            .events
            .iter()
            .find(|e| e.kind == WorkerEventKind::StartupNoEvidence)
            .expect("startup no evidence event should exist");
        match event.payload.as_ref() {
            Some(WorkerEventPayload::StartupNoEvidence {
                evidence,
                classification,
            }) => {
                assert_eq!(
                    evidence.last_lifecycle_state,
                    WorkerStatus::Spawning,
                    "last state should be spawning"
                );
                assert_eq!(evidence.pane_command, "cargo test");
                assert!(!evidence.transport_healthy);
                assert!(evidence.mcp_healthy);
                assert_eq!(*classification, StartupFailureClassification::TransportDead);
            }
            _ => panic!(
                "expected StartupNoEvidence payload, got {:?}",
                event.payload
            ),
        }
    }
    #[test]
    fn startup_timeout_classifies_trust_required_when_prompt_blocked() {
        let registry = WorkerRegistry::new();
        let worker = registry.create("/tmp/repo-trust", &[], false);
        // Simulate trust prompt detected but not resolved
        registry
            .observe(
                &worker.worker_id,
                "Do you trust the files in this folder?\n1. Yes, proceed\n2. No",
            )
            .expect("trust observe should succeed");
        // Now simulate startup timeout
        let timed_out = registry
            .observe_startup_timeout(&worker.worker_id, "claw prompt", true, true)
            .expect("startup timeout observe should succeed");
        let event = timed_out
            .events
            .iter()
            .find(|e| e.kind == WorkerEventKind::StartupNoEvidence)
            .expect("startup no evidence event should exist");
        match event.payload.as_ref() {
            Some(WorkerEventPayload::StartupNoEvidence { classification, .. }) => {
                assert_eq!(
                    *classification,
                    StartupFailureClassification::TrustRequired,
                    "should classify as trust_required when trust prompt detected"
                );
            }
            _ => panic!("expected StartupNoEvidence payload"),
        }
    }
    #[test]
    fn startup_timeout_classifies_prompt_acceptance_timeout() {
        let registry = WorkerRegistry::new();
        let worker = registry.create("/tmp/repo-accept", &[], true);
        // Get worker to ReadyForPrompt
        registry
            .observe(&worker.worker_id, "Ready for your input\n>")
            .expect("ready observe should succeed");
        // Send prompt but don't get acceptance
        registry
            .send_prompt(&worker.worker_id, Some("Run tests"), None)
            .expect("prompt send should succeed");
        // Simulate startup timeout while prompt is still in flight
        let timed_out = registry
            .observe_startup_timeout(&worker.worker_id, "claw prompt", true, true)
            .expect("startup timeout observe should succeed");
        let event = timed_out
            .events
            .iter()
            .find(|e| e.kind == WorkerEventKind::StartupNoEvidence)
            .expect("startup no evidence event should exist");
        match event.payload.as_ref() {
            Some(WorkerEventPayload::StartupNoEvidence {
                evidence,
                classification,
            }) => {
                assert!(
                    evidence.prompt_sent_at.is_some(),
                    "should have prompt_sent_at"
                );
                assert!(!evidence.prompt_acceptance_state, "prompt not yet accepted");
                assert_eq!(
                    *classification,
                    StartupFailureClassification::PromptAcceptanceTimeout
                );
            }
            _ => panic!("expected StartupNoEvidence payload"),
        }
    }
    #[test]
    fn startup_evidence_bundle_serializes_correctly() {
        let bundle = StartupEvidenceBundle {
            last_lifecycle_state: WorkerStatus::Running,
            pane_command: "test command".to_string(),
            prompt_sent_at: Some(1_234_567_890),
            prompt_acceptance_state: false,
            trust_prompt_detected: true,
            transport_healthy: true,
            mcp_healthy: false,
            elapsed_seconds: 60,
        };
        let json = serde_json::to_string(&bundle).expect("should serialize");
        assert!(json.contains("\"last_lifecycle_state\""));
        assert!(json.contains("\"pane_command\""));
        assert!(json.contains("\"prompt_sent_at\":1234567890"));
        assert!(json.contains("\"trust_prompt_detected\":true"));
        assert!(json.contains("\"transport_healthy\":true"));
        assert!(json.contains("\"mcp_healthy\":false"));
        let deserialized: StartupEvidenceBundle =
            serde_json::from_str(&json).expect("should deserialize");
        assert_eq!(deserialized.last_lifecycle_state, WorkerStatus::Running);
        assert_eq!(deserialized.prompt_sent_at, Some(1_234_567_890));
    }
    #[test]
    fn classify_startup_failure_detects_transport_dead() {
        let evidence = StartupEvidenceBundle {
            last_lifecycle_state: WorkerStatus::Spawning,
            pane_command: "test".to_string(),
            prompt_sent_at: None,
            prompt_acceptance_state: false,
            trust_prompt_detected: false,
            transport_healthy: false,
            mcp_healthy: true,
            elapsed_seconds: 30,
        };
        let classification = classify_startup_failure(&evidence);
        assert_eq!(classification, StartupFailureClassification::TransportDead);
    }
    #[test]
    fn classify_startup_failure_defaults_to_unknown() {
        let evidence = StartupEvidenceBundle {
            last_lifecycle_state: WorkerStatus::Spawning,
            pane_command: "test".to_string(),
            prompt_sent_at: None,
            prompt_acceptance_state: false,
            trust_prompt_detected: false,
            transport_healthy: true,
            mcp_healthy: true,
            elapsed_seconds: 10,
        };
        let classification = classify_startup_failure(&evidence);
        assert_eq!(classification, StartupFailureClassification::Unknown);
    }
    #[test]
    fn classify_startup_failure_detects_worker_crashed() {
        // Worker crashed scenario: transport healthy but MCP unhealthy
        // Don't have prompt in flight (no prompt_sent_at) to avoid matching PromptAcceptanceTimeout
        let evidence = StartupEvidenceBundle {
            last_lifecycle_state: WorkerStatus::Spawning,
            pane_command: "test".to_string(),
            prompt_sent_at: None, // No prompt sent yet
            prompt_acceptance_state: false,
            trust_prompt_detected: false,
            transport_healthy: true,
            mcp_healthy: false, // MCP unhealthy but transport healthy suggests crash
            elapsed_seconds: 45,
        };
        let classification = classify_startup_failure(&evidence);
        assert_eq!(classification, StartupFailureClassification::WorkerCrashed);
    }
 }
--- a/rust/crates/runtime/tests/integration_tests.rs
+++ b/rust/crates/runtime/tests/integration_tests.rs
@@ -304,7 +304,7 @@ fn worker_provider_failure_flows_through_recovery_to_policy() {
        .observe(&worker.worker_id, "Ready for your input\n>")
        .expect("ready observe should succeed");
    registry
-        .send_prompt(&worker.worker_id, Some("Run analysis"))
+        .send_prompt(&worker.worker_id, Some("Run analysis"), None)
        .expect("prompt send should succeed");
    // Session completes with provider failure (finish="unknown", tokens=0)
--- a/rust/crates/rusty-claude-cli/build.rs
+++ b/rust/crates/rusty-claude-cli/build.rs
@@ -0,0 +1,57 @@
 use std::env;
 use std::process::Command;
 fn main() {
    // Get git SHA (short hash)
    let git_sha = Command::new("git")
        .args(["rev-parse", "--short", "HEAD"])
        .output()
        .ok()
        .and_then(|output| {
            if output.status.success() {
                String::from_utf8(output.stdout).ok()
            } else {
                None
            }
        })
        .map_or_else(|| "unknown".to_string(), |s| s.trim().to_string());
    println!("cargo:rustc-env=GIT_SHA={git_sha}");
    // TARGET is always set by Cargo during build
    let target = env::var("TARGET").unwrap_or_else(|_| "unknown".to_string());
    println!("cargo:rustc-env=TARGET={target}");
    // Build date from SOURCE_DATE_EPOCH (reproducible builds) or current UTC date.
    // Intentionally ignoring time component to keep output deterministic within a day.
    let build_date = std::env::var("SOURCE_DATE_EPOCH")
        .ok()
        .and_then(|epoch| epoch.parse::<i64>().ok())
        .map(|_ts| {
            // Use SOURCE_DATE_EPOCH to derive date via chrono if available;
            // for simplicity we just use the env var as a signal and fall back
            // to build-time env. In practice CI sets this via workflow.
            std::env::var("BUILD_DATE").unwrap_or_else(|_| "unknown".to_string())
        })
        .or_else(|| std::env::var("BUILD_DATE").ok())
        .unwrap_or_else(|| {
            // Fall back to current date via `date` command
            Command::new("date")
                .args(["+%Y-%m-%d"])
                .output()
                .ok()
                .and_then(|o| {
                    if o.status.success() {
                        String::from_utf8(o.stdout).ok()
                    } else {
                        None
                    }
                })
                .map_or_else(|| "unknown".to_string(), |s| s.trim().to_string())
        });
    println!("cargo:rustc-env=BUILD_DATE={build_date}");
    // Rerun if git state changes
    println!("cargo:rerun-if-changed=.git/HEAD");
    println!("cargo:rerun-if-changed=.git/refs");
 }
--- a/rust/crates/rusty-claude-cli/src/init.rs
+++ b/rust/crates/rusty-claude-cli/src/init.rs
@@ -9,7 +9,7 @@ const STARTER_CLAW_JSON: &str = concat!(
    "}\n",
 );
 const GITIGNORE_COMMENT: &str = "# Claw Code local artifacts";
-const GITIGNORE_ENTRIES: [&str; 2] = [".claw/settings.local.json", ".claw/sessions/"];
+const GITIGNORE_ENTRIES: [&str; 3] = [".claw/settings.local.json", ".claw/sessions/", ".clawhip/"];
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub(crate) enum InitStatus {
@@ -375,6 +375,7 @@ mod tests {
        let gitignore = fs::read_to_string(root.join(".gitignore")).expect("read gitignore");
        assert!(gitignore.contains(".claw/settings.local.json"));
        assert!(gitignore.contains(".claw/sessions/"));
        assert!(gitignore.contains(".clawhip/"));
        let claude_md = fs::read_to_string(root.join("CLAUDE.md")).expect("read claude md");
        assert!(claude_md.contains("Languages: Rust."));
        assert!(claude_md.contains("cargo clippy --workspace --all-targets -- -D warnings"));
@@ -407,6 +408,7 @@ mod tests {
        let gitignore = fs::read_to_string(root.join(".gitignore")).expect("read gitignore");
        assert_eq!(gitignore.matches(".claw/settings.local.json").count(), 1);
        assert_eq!(gitignore.matches(".claw/sessions/").count(), 1);
        assert_eq!(gitignore.matches(".clawhip/").count(), 1);
        fs::remove_dir_all(root).expect("cleanup temp dir");
    }
--- a/rust/crates/rusty-claude-cli/src/main.rs
+++ b/rust/crates/rusty-claude-cli/src/main.rs
--- a/rust/crates/rusty-claude-cli/src/render.rs
+++ b/rust/crates/rusty-claude-cli/src/render.rs
@@ -249,13 +249,14 @@ impl TerminalRenderer {
    #[must_use]
    pub fn render_markdown(&self, markdown: &str) -> String {
        let normalized = normalize_nested_fences(markdown);
        let mut output = String::new();
        let mut state = RenderState::default();
        let mut code_language = String::new();
        let mut code_buffer = String::new();
        let mut in_code_block = false;
-        for event in Parser::new_ext(markdown, Options::all()) {
+        for event in Parser::new_ext(&normalized, Options::all()) {
            self.render_event(
                event,
                &mut state,
@@ -634,8 +635,186 @@ fn apply_code_block_background(line: &str) -> String {
    format!("\u{1b}[48;5;236m{with_background}\u{1b}[0m{trailing_newline}")
 }
 /// Pre-process raw markdown so that fenced code blocks whose body contains
 /// fence markers of equal or greater length are wrapped with a longer fence.
 ///
 /// LLMs frequently emit triple-backtick code blocks that contain triple-backtick
 /// examples.  `CommonMark` (and pulldown-cmark) treats the inner marker as the
 /// closing fence, breaking the render.  This function detects the situation and
 /// upgrades the outer fence to use enough backticks (or tildes) that the inner
 /// markers become ordinary content.
 #[allow(
    clippy::too_many_lines,
    clippy::items_after_statements,
    clippy::manual_repeat_n,
    clippy::manual_str_repeat
 )]
 fn normalize_nested_fences(markdown: &str) -> String {
    // A fence line is either "labeled" (has an info string ⇒ always an opener)
    // or "bare" (no info string ⇒ could be opener or closer).
    #[derive(Debug, Clone)]
    struct FenceLine {
        char: char,
        len: usize,
        has_info: bool,
        indent: usize,
    }
    fn parse_fence_line(line: &str) -> Option<FenceLine> {
        let trimmed = line.trim_end_matches('\n').trim_end_matches('\r');
        let indent = trimmed.chars().take_while(|c| *c == ' ').count();
        if indent > 3 {
            return None;
        }
        let rest = &trimmed[indent..];
        let ch = rest.chars().next()?;
        if ch != '`' && ch != '~' {
            return None;
        }
        let len = rest.chars().take_while(|c| *c == ch).count();
        if len < 3 {
            return None;
        }
        let after = &rest[len..];
        if ch == '`' && after.contains('`') {
            return None;
        }
        let has_info = !after.trim().is_empty();
        Some(FenceLine {
            char: ch,
            len,
            has_info,
            indent,
        })
    }
    let lines: Vec<&str> = markdown.split_inclusive('\n').collect();
    // Handle final line that may lack trailing newline.
    // split_inclusive already keeps the original chunks, including a
    // final chunk without '\n' if the input doesn't end with one.
    // First pass: classify every line.
    let fence_info: Vec<Option<FenceLine>> = lines.iter().map(|l| parse_fence_line(l)).collect();
    // Second pass: pair openers with closers using a stack, recording
    // (opener_idx, closer_idx) pairs plus the max fence length found between
    // them.
    struct StackEntry {
        line_idx: usize,
        fence: FenceLine,
    }
    let mut stack: Vec<StackEntry> = Vec::new();
    // Paired blocks: (opener_line, closer_line, max_inner_fence_len)
    let mut pairs: Vec<(usize, usize, usize)> = Vec::new();
    for (i, fi) in fence_info.iter().enumerate() {
        let Some(fl) = fi else { continue };
        if fl.has_info {
            // Labeled fence ⇒ always an opener.
            stack.push(StackEntry {
                line_idx: i,
                fence: fl.clone(),
            });
        } else {
            // Bare fence ⇒ try to close the top of the stack if compatible.
            let closes_top = stack
                .last()
                .is_some_and(|top| top.fence.char == fl.char && fl.len >= top.fence.len);
            if closes_top {
                let opener = stack.pop().unwrap();
                // Find max fence length of any fence line strictly between
                // opener and closer (these are the nested fences).
                let inner_max = fence_info[opener.line_idx + 1..i]
                    .iter()
                    .filter_map(|fi| fi.as_ref().map(|f| f.len))
                    .max()
                    .unwrap_or(0);
                pairs.push((opener.line_idx, i, inner_max));
            } else {
                // Treat as opener.
                stack.push(StackEntry {
                    line_idx: i,
                    fence: fl.clone(),
                });
            }
        }
    }
    // Determine which lines need rewriting.  A pair needs rewriting when
    // its opener length <= max inner fence length.
    struct Rewrite {
        char: char,
        new_len: usize,
        indent: usize,
    }
    let mut rewrites: std::collections::HashMap<usize, Rewrite> = std::collections::HashMap::new();
    for (opener_idx, closer_idx, inner_max) in &pairs {
        let opener_fl = fence_info[*opener_idx].as_ref().unwrap();
        if opener_fl.len <= *inner_max {
            let new_len = inner_max + 1;
            let info_part = {
                let trimmed = lines[*opener_idx]
                    .trim_end_matches('\n')
                    .trim_end_matches('\r');
                let rest = &trimmed[opener_fl.indent..];
                rest[opener_fl.len..].to_string()
            };
            rewrites.insert(
                *opener_idx,
                Rewrite {
                    char: opener_fl.char,
                    new_len,
                    indent: opener_fl.indent,
                },
            );
            let closer_fl = fence_info[*closer_idx].as_ref().unwrap();
            rewrites.insert(
                *closer_idx,
                Rewrite {
                    char: closer_fl.char,
                    new_len,
                    indent: closer_fl.indent,
                },
            );
            // Store info string only in the opener; closer keeps the trailing
            // portion which is already handled through the original line.
            // Actually, we rebuild both lines from scratch below, including
            // the info string for the opener.
            let _ = info_part; // consumed in rebuild
        }
    }
    if rewrites.is_empty() {
        return markdown.to_string();
    }
    // Rebuild.
    let mut out = String::with_capacity(markdown.len() + rewrites.len() * 4);
    for (i, line) in lines.iter().enumerate() {
        if let Some(rw) = rewrites.get(&i) {
            let fence_str: String = std::iter::repeat(rw.char).take(rw.new_len).collect();
            let indent_str: String = std::iter::repeat(' ').take(rw.indent).collect();
            // Recover the original info string (if any) and trailing newline.
            let trimmed = line.trim_end_matches('\n').trim_end_matches('\r');
            let fi = fence_info[i].as_ref().unwrap();
            let info = &trimmed[fi.indent + fi.len..];
            let trailing = &line[trimmed.len()..];
            out.push_str(&indent_str);
            out.push_str(&fence_str);
            out.push_str(info);
            out.push_str(trailing);
        } else {
            out.push_str(line);
        }
    }
    out
 }
 fn find_stream_safe_boundary(markdown: &str) -> Option<usize> {
-    let mut in_fence = false;
+    let mut open_fence: Option<FenceMarker> = None;
    let mut last_boundary = None;
    for (offset, line) in markdown.split_inclusive('\n').scan(0usize, |cursor, line| {
@@ -643,20 +822,21 @@ fn find_stream_safe_boundary(markdown: &str) -> Option<usize> {
        *cursor += line.len();
        Some((start, line))
    }) {
-        let trimmed = line.trim_start();
+        let line_without_newline = line.trim_end_matches('\n');
-        if trimmed.starts_with("```") || trimmed.starts_with("~~~") {
+        if let Some(opener) = open_fence {
-            in_fence = !in_fence;
+            if line_closes_fence(line_without_newline, opener) {
-            if !in_fence {
+                open_fence = None;
                last_boundary = Some(offset + line.len());
            }
            continue;
        }
-        if in_fence {
+        if let Some(opener) = parse_fence_opener(line_without_newline) {
            open_fence = Some(opener);
            continue;
        }
-        if trimmed.is_empty() {
+        if line_without_newline.trim().is_empty() {
            last_boundary = Some(offset + line.len());
        }
    }
@@ -664,6 +844,46 @@ fn find_stream_safe_boundary(markdown: &str) -> Option<usize> {
    last_boundary
 }
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 struct FenceMarker {
    character: char,
    length: usize,
 }
 fn parse_fence_opener(line: &str) -> Option<FenceMarker> {
    let indent = line.chars().take_while(|c| *c == ' ').count();
    if indent > 3 {
        return None;
    }
    let rest = &line[indent..];
    let character = rest.chars().next()?;
    if character != '`' && character != '~' {
        return None;
    }
    let length = rest.chars().take_while(|c| *c == character).count();
    if length < 3 {
        return None;
    }
    let info_string = &rest[length..];
    if character == '`' && info_string.contains('`') {
        return None;
    }
    Some(FenceMarker { character, length })
 }
 fn line_closes_fence(line: &str, opener: FenceMarker) -> bool {
    let indent = line.chars().take_while(|c| *c == ' ').count();
    if indent > 3 {
        return false;
    }
    let rest = &line[indent..];
    let length = rest.chars().take_while(|c| *c == opener.character).count();
    if length < opener.length {
        return false;
    }
    rest[length..].chars().all(|c| c == ' ' || c == '\t')
 }
 fn visible_width(input: &str) -> usize {
    strip_ansi(input).chars().count()
 }
@@ -778,6 +998,60 @@ mod tests {
        assert!(strip_ansi(&code).contains("fn main()"));
    }
    #[test]
    fn streaming_state_holds_outer_fence_with_nested_inner_fence() {
        let renderer = TerminalRenderer::new();
        let mut state = MarkdownStreamState::default();
        assert_eq!(
            state.push(&renderer, "````markdown\n```rust\nfn inner() {}\n"),
            None,
            "inner triple backticks must not close the outer four-backtick fence"
        );
        assert_eq!(
            state.push(&renderer, "```\n"),
            None,
            "closing the inner fence must not flush the outer fence"
        );
        let flushed = state
            .push(&renderer, "````\n")
            .expect("closing the outer four-backtick fence flushes the buffered block");
        let plain_text = strip_ansi(&flushed);
        assert!(plain_text.contains("fn inner()"));
        assert!(plain_text.contains("```rust"));
    }
    #[test]
    fn streaming_state_distinguishes_backtick_and_tilde_fences() {
        let renderer = TerminalRenderer::new();
        let mut state = MarkdownStreamState::default();
        assert_eq!(state.push(&renderer, "~~~text\n"), None);
        assert_eq!(
            state.push(&renderer, "```\nstill inside tilde fence\n"),
            None,
            "a backtick fence cannot close a tilde-opened fence"
        );
        assert_eq!(state.push(&renderer, "```\n"), None);
        let flushed = state
            .push(&renderer, "~~~\n")
            .expect("matching tilde marker closes the fence");
        let plain_text = strip_ansi(&flushed);
        assert!(plain_text.contains("still inside tilde fence"));
    }
    #[test]
    fn renders_nested_fenced_code_block_preserves_inner_markers() {
        let terminal_renderer = TerminalRenderer::new();
        let markdown_output =
            terminal_renderer.markdown_to_ansi("````markdown\n```rust\nfn nested() {}\n```\n````");
        let plain_text = strip_ansi(&markdown_output);
        assert!(plain_text.contains("╭─ markdown"));
        assert!(plain_text.contains("```rust"));
        assert!(plain_text.contains("fn nested()"));
    }
    #[test]
    fn spinner_advances_frames() {
        let terminal_renderer = TerminalRenderer::new();
--- a/rust/crates/rusty-claude-cli/tests/cli_flags_and_config_defaults.rs
+++ b/rust/crates/rusty-claude-cli/tests/cli_flags_and_config_defaults.rs
@@ -266,7 +266,7 @@ fn command_in(cwd: &Path) -> Command {
 fn write_session(root: &Path, label: &str) -> PathBuf {
    let session_path = root.join(format!("{label}.jsonl"));
-    let mut session = Session::new();
+    let mut session = Session::new().with_workspace_root(root.to_path_buf());
    session
        .push_user_text(format!("session fixture for {label}"))
        .expect("session write should succeed");
--- a/rust/crates/rusty-claude-cli/tests/compact_output.rs
+++ b/rust/crates/rusty-claude-cli/tests/compact_output.rs
@@ -0,0 +1,159 @@
 use std::fs;
 use std::path::PathBuf;
 use std::process::{Command, Output};
 use std::sync::atomic::{AtomicU64, Ordering};
 use std::time::{SystemTime, UNIX_EPOCH};
 use mock_anthropic_service::{MockAnthropicService, SCENARIO_PREFIX};
 static TEMP_COUNTER: AtomicU64 = AtomicU64::new(0);
 #[test]
 fn compact_flag_prints_only_final_assistant_text_without_tool_call_details() {
    // given a workspace pointed at the mock Anthropic service and a fixture file
    // that the read_file_roundtrip scenario will fetch through a tool call
    let runtime = tokio::runtime::Runtime::new().expect("tokio runtime should build");
    let server = runtime
        .block_on(MockAnthropicService::spawn())
        .expect("mock service should start");
    let base_url = server.base_url();
    let workspace = unique_temp_dir("compact-read-file");
    let config_home = workspace.join("config-home");
    let home = workspace.join("home");
    fs::create_dir_all(&workspace).expect("workspace should exist");
    fs::create_dir_all(&config_home).expect("config home should exist");
    fs::create_dir_all(&home).expect("home should exist");
    fs::write(workspace.join("fixture.txt"), "alpha parity line\n").expect("fixture should write");
    // when we run claw in compact text mode against a tool-using scenario
    let prompt = format!("{SCENARIO_PREFIX}read_file_roundtrip");
    let output = run_claw(
        &workspace,
        &config_home,
        &home,
        &base_url,
        &[
            "--model",
            "sonnet",
            "--permission-mode",
            "read-only",
            "--allowedTools",
            "read_file",
            "--compact",
            &prompt,
        ],
    );
    // then the command exits successfully and stdout contains exactly the final
    // assistant text with no tool call IDs, JSON envelopes, or spinner output
    assert!(
        output.status.success(),
        "compact run should succeed\nstdout:\n{}\n\nstderr:\n{}",
        String::from_utf8_lossy(&output.stdout),
        String::from_utf8_lossy(&output.stderr),
    );
    let stdout = String::from_utf8(output.stdout).expect("stdout should be utf8");
    let trimmed = stdout.trim_end_matches('\n');
    assert_eq!(
        trimmed, "read_file roundtrip complete: alpha parity line",
        "compact stdout should contain only the final assistant text"
    );
    assert!(
        !stdout.contains("toolu_"),
        "compact stdout must not leak tool_use_id ({stdout:?})"
    );
    assert!(
        !stdout.contains("\"tool_uses\""),
        "compact stdout must not leak json envelopes ({stdout:?})"
    );
    assert!(
        !stdout.contains("Thinking"),
        "compact stdout must not include the spinner banner ({stdout:?})"
    );
    fs::remove_dir_all(&workspace).expect("workspace cleanup should succeed");
 }
 #[test]
 fn compact_flag_streaming_text_only_emits_final_message_text() {
    // given a workspace pointed at the mock Anthropic service running the
    // streaming_text scenario which only emits a single assistant text block
    let runtime = tokio::runtime::Runtime::new().expect("tokio runtime should build");
    let server = runtime
        .block_on(MockAnthropicService::spawn())
        .expect("mock service should start");
    let base_url = server.base_url();
    let workspace = unique_temp_dir("compact-streaming-text");
    let config_home = workspace.join("config-home");
    let home = workspace.join("home");
    fs::create_dir_all(&workspace).expect("workspace should exist");
    fs::create_dir_all(&config_home).expect("config home should exist");
    fs::create_dir_all(&home).expect("home should exist");
    // when we invoke claw with --compact for the streaming text scenario
    let prompt = format!("{SCENARIO_PREFIX}streaming_text");
    let output = run_claw(
        &workspace,
        &config_home,
        &home,
        &base_url,
        &[
            "--model",
            "sonnet",
            "--permission-mode",
            "read-only",
            "--compact",
            &prompt,
        ],
    );
    // then stdout should be exactly the assistant text followed by a newline
    assert!(
        output.status.success(),
        "compact streaming run should succeed\nstdout:\n{}\n\nstderr:\n{}",
        String::from_utf8_lossy(&output.stdout),
        String::from_utf8_lossy(&output.stderr),
    );
    let stdout = String::from_utf8(output.stdout).expect("stdout should be utf8");
    assert_eq!(
        stdout, "Mock streaming says hello from the parity harness.\n",
        "compact streaming stdout should contain only the final assistant text"
    );
    fs::remove_dir_all(&workspace).expect("workspace cleanup should succeed");
 }
 fn run_claw(
    cwd: &std::path::Path,
    config_home: &std::path::Path,
    home: &std::path::Path,
    base_url: &str,
    args: &[&str],
 ) -> Output {
    let mut command = Command::new(env!("CARGO_BIN_EXE_claw"));
    command
        .current_dir(cwd)
        .env_clear()
        .env("ANTHROPIC_API_KEY", "test-compact-key")
        .env("ANTHROPIC_BASE_URL", base_url)
        .env("CLAW_CONFIG_HOME", config_home)
        .env("HOME", home)
        .env("NO_COLOR", "1")
        .env("PATH", "/usr/bin:/bin")
        .args(args);
    command.output().expect("claw should launch")
 }
 fn unique_temp_dir(label: &str) -> PathBuf {
    let millis = SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .expect("clock should be after epoch")
        .as_millis();
    let counter = TEMP_COUNTER.fetch_add(1, Ordering::Relaxed);
    std::env::temp_dir().join(format!(
        "claw-compact-{label}-{}-{millis}-{counter}",
        std::process::id()
    ))
 }
--- a/rust/crates/rusty-claude-cli/tests/mock_parity_harness.rs
+++ b/rust/crates/rusty-claude-cli/tests/mock_parity_harness.rs
@@ -183,17 +183,24 @@ fn clean_env_cli_reaches_mock_anthropic_service_across_scripted_parity_scenarios
    }
    let captured = runtime.block_on(server.captured_requests());
-    assert_eq!(
+    // After `be561bf` added count_tokens preflight, each turn sends an
-        captured.len(),
+    // extra POST to `/v1/messages/count_tokens` before the messages POST.
-        21,
+    // The original count (21) assumed messages-only requests.  We now
-        "twelve scenarios should produce twenty-one requests"
+    // filter to `/v1/messages` and verify that subset matches the original
-    );
+    // scenario expectation.
-    assert!(captured
+    let messages_only: Vec<_> = captured
        .iter()
-        .all(|request| request.path == "/v1/messages"));
+        .filter(|r| r.path == "/v1/messages")
-    assert!(captured.iter().all(|request| request.stream));
+        .collect();
    assert_eq!(
        messages_only.len(),
        21,
        "twelve scenarios should produce twenty-one /v1/messages requests (total captured: {}, includes count_tokens)",
        captured.len()
    );
    assert!(messages_only.iter().all(|request| request.stream));
-    let scenarios = captured
+    let scenarios = messages_only
        .iter()
        .map(|request| request.scenario.as_str())
        .collect::<Vec<_>>();
--- a/rust/crates/rusty-claude-cli/tests/output_format_contract.rs
+++ b/rust/crates/rusty-claude-cli/tests/output_format_contract.rs
@@ -4,6 +4,7 @@ use std::process::{Command, Output};
 use std::sync::atomic::{AtomicU64, Ordering};
 use std::time::{SystemTime, UNIX_EPOCH};
 use runtime::Session;
 use serde_json::Value;
 static TEMP_COUNTER: AtomicU64 = AtomicU64::new(0);
@@ -45,6 +46,24 @@ fn status_and_sandbox_emit_json_when_requested() {
    assert!(sandbox["filesystem_mode"].as_str().is_some());
 }
 #[test]
 fn acp_guidance_emits_json_when_requested() {
    let root = unique_temp_dir("acp-json");
    fs::create_dir_all(&root).expect("temp dir should exist");
    let acp = assert_json_command(&root, &["--output-format", "json", "acp"]);
    assert_eq!(acp["kind"], "acp");
    assert_eq!(acp["status"], "discoverability_only");
    assert_eq!(acp["supported"], false);
    assert_eq!(acp["serve_alias_only"], true);
    assert_eq!(acp["discoverability_tracking"], "ROADMAP #64a");
    assert_eq!(acp["tracking"], "ROADMAP #76");
    assert!(acp["message"]
        .as_str()
        .expect("acp message")
        .contains("discoverability alias"));
 }
 #[test]
 fn inventory_commands_emit_structured_json_when_requested() {
    let root = unique_temp_dir("inventory-json");
@@ -173,13 +192,15 @@ fn dump_manifests_and_init_emit_json_when_requested() {
    fs::create_dir_all(&root).expect("temp dir should exist");
    let upstream = write_upstream_fixture(&root);
-    let manifests = assert_json_command_with_env(
+    let manifests = assert_json_command(
        &root,
-        &["--output-format", "json", "dump-manifests"],
+        &[
-        &[(
+            "--output-format",
-            "CLAUDE_CODE_UPSTREAM",
+            "json",
            "dump-manifests",
            "--manifests-dir",
            upstream.to_str().expect("utf8 upstream"),
-        )],
+        ],
    );
    assert_eq!(manifests["kind"], "dump-manifests");
    assert_eq!(manifests["commands"], 1);
@@ -206,7 +227,7 @@ fn doctor_and_resume_status_emit_json_when_requested() {
    assert!(summary["failures"].as_u64().is_some());
    let checks = doctor["checks"].as_array().expect("doctor checks");
-    assert_eq!(checks.len(), 5);
+    assert_eq!(checks.len(), 6);
    let check_names = checks
        .iter()
        .map(|check| {
@@ -218,7 +239,27 @@ fn doctor_and_resume_status_emit_json_when_requested() {
        .collect::<Vec<_>>();
    assert_eq!(
        check_names,
-        vec!["auth", "config", "workspace", "sandbox", "system"]
+        vec![
            "auth",
            "config",
            "install source",
            "workspace",
            "sandbox",
            "system"
        ]
    );
    let install_source = checks
        .iter()
        .find(|check| check["name"] == "install source")
        .expect("install source check");
    assert_eq!(
        install_source["official_repo"],
        "https://github.com/ultraworkers/claw-code"
    );
    assert_eq!(
        install_source["deprecated_install"],
        "cargo install claw-code"
    );
    let workspace = checks
@@ -236,12 +277,7 @@ fn doctor_and_resume_status_emit_json_when_requested() {
    assert!(sandbox["enabled"].is_boolean());
    assert!(sandbox["fallback_reason"].is_null() || sandbox["fallback_reason"].is_string());
-    let session_path = root.join("session.jsonl");
+    let session_path = write_session_fixture(&root, "resume-json", Some("hello"));
    fs::write(
        &session_path,
        "{\"type\":\"session_meta\",\"version\":3,\"session_id\":\"resume-json\",\"created_at_ms\":0,\"updated_at_ms\":0}\n{\"type\":\"message\",\"message\":{\"role\":\"user\",\"blocks\":[{\"type\":\"text\",\"text\":\"hello\"}]}}\n",
    )
    .expect("session should write");
    let resumed = assert_json_command(
        &root,
        &[
@@ -253,7 +289,8 @@ fn doctor_and_resume_status_emit_json_when_requested() {
        ],
    );
    assert_eq!(resumed["kind"], "status");
-    assert_eq!(resumed["model"], "restored-session");
+    // model is null in resume mode (not known without --model flag)
    assert!(resumed["model"].is_null());
    assert_eq!(resumed["usage"]["messages"], 1);
    assert!(resumed["workspace"]["cwd"].as_str().is_some());
    assert!(resumed["sandbox"]["filesystem_mode"].as_str().is_some());
@@ -267,12 +304,7 @@ fn resumed_inventory_commands_emit_structured_json_when_requested() {
    fs::create_dir_all(&config_home).expect("config home should exist");
    fs::create_dir_all(&home).expect("home should exist");
-    let session_path = root.join("session.jsonl");
+    let session_path = write_session_fixture(&root, "resume-inventory-json", Some("inventory"));
    fs::write(
        &session_path,
        "{\"type\":\"session_meta\",\"version\":3,\"session_id\":\"resume-inventory-json\",\"created_at_ms\":0,\"updated_at_ms\":0}\n{\"type\":\"message\",\"message\":{\"role\":\"user\",\"blocks\":[{\"type\":\"text\",\"text\":\"inventory\"}]}}\n",
    )
    .expect("session should write");
    let mcp = assert_json_command_with_env(
        &root,
@@ -323,12 +355,7 @@ fn resumed_version_and_init_emit_structured_json_when_requested() {
    let root = unique_temp_dir("resume-version-init-json");
    fs::create_dir_all(&root).expect("temp dir should exist");
-    let session_path = root.join("session.jsonl");
+    let session_path = write_session_fixture(&root, "resume-version-init-json", None);
    fs::write(
        &session_path,
        "{\"type\":\"session_meta\",\"version\":3,\"session_id\":\"resume-version-init-json\",\"created_at_ms\":0,\"updated_at_ms\":0}\n",
    )
    .expect("session should write");
    let version = assert_json_command(
        &root,
@@ -404,6 +431,24 @@ fn write_upstream_fixture(root: &Path) -> PathBuf {
    upstream
 }
 fn write_session_fixture(root: &Path, session_id: &str, user_text: Option<&str>) -> PathBuf {
    let session_path = root.join("session.jsonl");
    let mut session = Session::new()
        .with_workspace_root(root.to_path_buf())
        .with_persistence_path(session_path.clone());
    session.session_id = session_id.to_string();
    if let Some(text) = user_text {
        session
            .push_user_text(text)
            .expect("session fixture message should persist");
    } else {
        session
            .save_to_path(&session_path)
            .expect("session fixture should persist");
    }
    session_path
 }
 fn write_agent(root: &Path, name: &str, description: &str, model: &str, reasoning: &str) {
    fs::create_dir_all(root).expect("agent root should exist");
    fs::write(
--- a/rust/crates/rusty-claude-cli/tests/resume_slash_commands.rs
+++ b/rust/crates/rusty-claude-cli/tests/resume_slash_commands.rs
@@ -20,7 +20,7 @@ fn resumed_binary_accepts_slash_commands_with_arguments() {
    let session_path = temp_dir.join("session.jsonl");
    let export_path = temp_dir.join("notes.txt");
-    let mut session = Session::new();
+    let mut session = workspace_session(&temp_dir);
    session
        .push_user_text("ship the slash command harness")
        .expect("session write should succeed");
@@ -122,7 +122,7 @@ fn resumed_config_command_loads_settings_files_end_to_end() {
    fs::create_dir_all(&config_home).expect("config home should exist");
    let session_path = project_dir.join("session.jsonl");
-    Session::new()
+    workspace_session(&project_dir)
        .with_persistence_path(&session_path)
        .save_to_path(&session_path)
        .expect("session should persist");
@@ -180,13 +180,11 @@ fn resume_latest_restores_the_most_recent_managed_session() {
    // given
    let temp_dir = unique_temp_dir("resume-latest");
    let project_dir = temp_dir.join("project");
-    let sessions_dir = project_dir.join(".claw").join("sessions");
+    let store = runtime::SessionStore::from_cwd(&project_dir).expect("session store should build");
-    fs::create_dir_all(&sessions_dir).expect("sessions dir should exist");
+    let older_path = store.create_handle("session-older").path;
    let newer_path = store.create_handle("session-newer").path;
-    let older_path = sessions_dir.join("session-older.jsonl");
+    let mut older = workspace_session(&project_dir).with_persistence_path(&older_path);
    let newer_path = sessions_dir.join("session-newer.jsonl");
    let mut older = Session::new().with_persistence_path(&older_path);
    older
        .push_user_text("older session")
        .expect("older session write should succeed");
@@ -194,7 +192,7 @@ fn resume_latest_restores_the_most_recent_managed_session() {
        .save_to_path(&older_path)
        .expect("older session should persist");
-    let mut newer = Session::new().with_persistence_path(&newer_path);
+    let mut newer = workspace_session(&project_dir).with_persistence_path(&newer_path);
    newer
        .push_user_text("newer session")
        .expect("newer session write should succeed");
@@ -229,7 +227,7 @@ fn resumed_status_command_emits_structured_json_when_requested() {
    fs::create_dir_all(&temp_dir).expect("temp dir should exist");
    let session_path = temp_dir.join("session.jsonl");
-    let mut session = Session::new();
+    let mut session = workspace_session(&temp_dir);
    session
        .push_user_text("resume status json fixture")
        .expect("session write should succeed");
@@ -261,7 +259,8 @@ fn resumed_status_command_emits_structured_json_when_requested() {
    let parsed: Value =
        serde_json::from_str(stdout.trim()).expect("resume status output should be json");
    assert_eq!(parsed["kind"], "status");
-    assert_eq!(parsed["model"], "restored-session");
+    // model is null in resume mode (not known without --model flag)
    assert!(parsed["model"].is_null());
    assert_eq!(parsed["permission_mode"], "danger-full-access");
    assert_eq!(parsed["usage"]["messages"], 1);
    assert!(parsed["usage"]["turns"].is_number());
@@ -275,6 +274,47 @@ fn resumed_status_command_emits_structured_json_when_requested() {
    assert!(parsed["sandbox"]["filesystem_mode"].as_str().is_some());
 }
 #[test]
 fn resumed_status_surfaces_persisted_model() {
    // given — create a session with model already set
    let temp_dir = unique_temp_dir("resume-status-model");
    fs::create_dir_all(&temp_dir).expect("temp dir should exist");
    let session_path = temp_dir.join("session.jsonl");
    let mut session = workspace_session(&temp_dir);
    session.model = Some("claude-sonnet-4-6".to_string());
    session
        .push_user_text("model persistence fixture")
        .expect("write ok");
    session.save_to_path(&session_path).expect("persist ok");
    // when
    let output = run_claw(
        &temp_dir,
        &[
            "--output-format",
            "json",
            "--resume",
            session_path.to_str().expect("utf8 path"),
            "/status",
        ],
    );
    // then
    assert!(
        output.status.success(),
        "stderr:\n{}",
        String::from_utf8_lossy(&output.stderr)
    );
    let stdout = String::from_utf8(output.stdout).expect("utf8");
    let parsed: Value = serde_json::from_str(stdout.trim()).expect("should be json");
    assert_eq!(parsed["kind"], "status");
    assert_eq!(
        parsed["model"], "claude-sonnet-4-6",
        "model should round-trip through session metadata"
    );
 }
 #[test]
 fn resumed_sandbox_command_emits_structured_json_when_requested() {
    // given
@@ -282,7 +322,7 @@ fn resumed_sandbox_command_emits_structured_json_when_requested() {
    fs::create_dir_all(&temp_dir).expect("temp dir should exist");
    let session_path = temp_dir.join("session.jsonl");
-    Session::new()
+    workspace_session(&temp_dir)
        .save_to_path(&session_path)
        .expect("session should persist");
@@ -318,10 +358,183 @@ fn resumed_sandbox_command_emits_structured_json_when_requested() {
    assert!(parsed["markers"].is_array());
 }
 #[test]
 fn resumed_version_command_emits_structured_json() {
    let temp_dir = unique_temp_dir("resume-version-json");
    fs::create_dir_all(&temp_dir).expect("temp dir should exist");
    let session_path = temp_dir.join("session.jsonl");
    workspace_session(&temp_dir)
        .save_to_path(&session_path)
        .expect("session should persist");
    let output = run_claw(
        &temp_dir,
        &[
            "--output-format",
            "json",
            "--resume",
            session_path.to_str().expect("utf8 path"),
            "/version",
        ],
    );
    assert!(
        output.status.success(),
        "stderr:\n{}",
        String::from_utf8_lossy(&output.stderr)
    );
    let stdout = String::from_utf8(output.stdout).expect("utf8");
    let parsed: Value = serde_json::from_str(stdout.trim()).expect("should be json");
    assert_eq!(parsed["kind"], "version");
    assert!(parsed["version"].as_str().is_some());
    assert!(parsed["git_sha"].as_str().is_some());
    assert!(parsed["target"].as_str().is_some());
 }
 #[test]
 fn resumed_export_command_emits_structured_json() {
    let temp_dir = unique_temp_dir("resume-export-json");
    fs::create_dir_all(&temp_dir).expect("temp dir should exist");
    let session_path = temp_dir.join("session.jsonl");
    let mut session = workspace_session(&temp_dir);
    session
        .push_user_text("export json fixture")
        .expect("write ok");
    session.save_to_path(&session_path).expect("persist ok");
    let output = run_claw(
        &temp_dir,
        &[
            "--output-format",
            "json",
            "--resume",
            session_path.to_str().expect("utf8 path"),
            "/export",
        ],
    );
    assert!(
        output.status.success(),
        "stderr:\n{}",
        String::from_utf8_lossy(&output.stderr)
    );
    let stdout = String::from_utf8(output.stdout).expect("utf8");
    let parsed: Value = serde_json::from_str(stdout.trim()).expect("should be json");
    assert_eq!(parsed["kind"], "export");
    assert!(parsed["file"].as_str().is_some());
    assert_eq!(parsed["message_count"], 1);
 }
 #[test]
 fn resumed_help_command_emits_structured_json() {
    let temp_dir = unique_temp_dir("resume-help-json");
    fs::create_dir_all(&temp_dir).expect("temp dir should exist");
    let session_path = temp_dir.join("session.jsonl");
    workspace_session(&temp_dir)
        .save_to_path(&session_path)
        .expect("persist ok");
    let output = run_claw(
        &temp_dir,
        &[
            "--output-format",
            "json",
            "--resume",
            session_path.to_str().expect("utf8 path"),
            "/help",
        ],
    );
    assert!(
        output.status.success(),
        "stderr:\n{}",
        String::from_utf8_lossy(&output.stderr)
    );
    let stdout = String::from_utf8(output.stdout).expect("utf8");
    let parsed: Value = serde_json::from_str(stdout.trim()).expect("should be json");
    assert_eq!(parsed["kind"], "help");
    assert!(parsed["text"].as_str().is_some());
    let text = parsed["text"].as_str().unwrap();
    assert!(text.contains("/status"), "help text should list /status");
 }
 #[test]
 fn resumed_no_command_emits_restored_json() {
    let temp_dir = unique_temp_dir("resume-no-cmd-json");
    fs::create_dir_all(&temp_dir).expect("temp dir should exist");
    let session_path = temp_dir.join("session.jsonl");
    let mut session = workspace_session(&temp_dir);
    session
        .push_user_text("restored json fixture")
        .expect("write ok");
    session.save_to_path(&session_path).expect("persist ok");
    let output = run_claw(
        &temp_dir,
        &[
            "--output-format",
            "json",
            "--resume",
            session_path.to_str().expect("utf8 path"),
        ],
    );
    assert!(
        output.status.success(),
        "stderr:\n{}",
        String::from_utf8_lossy(&output.stderr)
    );
    let stdout = String::from_utf8(output.stdout).expect("utf8");
    let parsed: Value = serde_json::from_str(stdout.trim()).expect("should be json");
    assert_eq!(parsed["kind"], "restored");
    assert!(parsed["session_id"].as_str().is_some());
    assert!(parsed["path"].as_str().is_some());
    assert_eq!(parsed["message_count"], 1);
 }
 #[test]
 fn resumed_stub_command_emits_not_implemented_json() {
    let temp_dir = unique_temp_dir("resume-stub-json");
    fs::create_dir_all(&temp_dir).expect("temp dir should exist");
    let session_path = temp_dir.join("session.jsonl");
    workspace_session(&temp_dir)
        .save_to_path(&session_path)
        .expect("persist ok");
    let output = run_claw(
        &temp_dir,
        &[
            "--output-format",
            "json",
            "--resume",
            session_path.to_str().expect("utf8 path"),
            "/allowed-tools",
        ],
    );
    // Stub commands exit with code 2
    assert!(!output.status.success());
    let stderr = String::from_utf8(output.stderr).expect("utf8");
    let parsed: Value = serde_json::from_str(stderr.trim()).expect("should be json");
    assert_eq!(parsed["type"], "error");
    assert!(
        parsed["error"]
            .as_str()
            .unwrap()
            .contains("not yet implemented"),
        "error should say not yet implemented: {:?}",
        parsed["error"]
    );
 }
 fn run_claw(current_dir: &Path, args: &[&str]) -> Output {
    run_claw_with_env(current_dir, args, &[])
 }
 fn workspace_session(root: &Path) -> Session {
    Session::new().with_workspace_root(root.to_path_buf())
 }
 fn run_claw_with_env(current_dir: &Path, args: &[&str], envs: &[(&str, &str)]) -> Output {
    let mut command = Command::new(env!("CARGO_BIN_EXE_claw"));
    command.current_dir(current_dir).args(args);
--- a/rust/crates/tools/Cargo.toml
+++ b/rust/crates/tools/Cargo.toml
@@ -8,6 +8,7 @@ publish.workspace = true
 [dependencies]
 api = { path = "../api" }
 commands = { path = "../commands" }
 flate2 = "1"
 plugins = { path = "../plugins" }
 runtime = { path = "../runtime" }
 reqwest = { version = "0.12", default-features = false, features = ["blocking", "rustls-tls"] }
--- a/rust/crates/tools/src/lib.rs
+++ b/rust/crates/tools/src/lib.rs
--- a/rust/crates/tools/src/pdf_extract.rs
+++ b/rust/crates/tools/src/pdf_extract.rs
@@ -0,0 +1,548 @@
 //! Minimal PDF text extraction.
 //!
 //! Reads a PDF file, locates `/Contents` stream objects, decompresses with
 //! flate2 when the stream uses `/FlateDecode`, and extracts text operators
 //! found between `BT` / `ET` markers.
 use std::io::Read as _;
 use std::path::Path;
 /// Extract all readable text from a PDF file.
 ///
 /// Returns the concatenated text found inside BT/ET operators across all
 /// content streams.  Non-text pages or encrypted PDFs yield an empty string
 /// rather than an error.
 pub fn extract_text(path: &Path) -> Result<String, String> {
    let data = std::fs::read(path).map_err(|e| format!("failed to read PDF: {e}"))?;
    Ok(extract_text_from_bytes(&data))
 }
 /// Core extraction from raw PDF bytes — useful for testing without touching the
 /// filesystem.
 pub(crate) fn extract_text_from_bytes(data: &[u8]) -> String {
    let mut all_text = String::new();
    let mut offset = 0;
    while offset < data.len() {
        let Some(stream_start) = find_subsequence(&data[offset..], b"stream") else {
            break;
        };
        let abs_start = offset + stream_start;
        // Determine the byte offset right after "stream\r\n" or "stream\n".
        let content_start = skip_stream_eol(data, abs_start + b"stream".len());
        let Some(end_rel) = find_subsequence(&data[content_start..], b"endstream") else {
            break;
        };
        let content_end = content_start + end_rel;
        // Look backwards from "stream" for a FlateDecode hint in the object
        // dictionary.  We scan at most 512 bytes before the stream keyword.
        let dict_window_start = abs_start.saturating_sub(512);
        let dict_window = &data[dict_window_start..abs_start];
        let is_flate = find_subsequence(dict_window, b"FlateDecode").is_some();
        // Only process streams whose parent dictionary references /Contents or
        // looks like a page content stream (contains /Length).  We intentionally
        // keep this loose to cover both inline and referenced content streams.
        let raw = &data[content_start..content_end];
        let decompressed;
        let stream_bytes: &[u8] = if is_flate {
            if let Ok(buf) = inflate(raw) {
                decompressed = buf;
                &decompressed
            } else {
                offset = content_end;
                continue;
            }
        } else {
            raw
        };
        let text = extract_bt_et_text(stream_bytes);
        if !text.is_empty() {
            if !all_text.is_empty() {
                all_text.push('\n');
            }
            all_text.push_str(&text);
        }
        offset = content_end;
    }
    all_text
 }
 /// Inflate (zlib / deflate) compressed data via `flate2`.
 fn inflate(data: &[u8]) -> Result<Vec<u8>, String> {
    let mut decoder = flate2::read::ZlibDecoder::new(data);
    let mut buf = Vec::new();
    decoder
        .read_to_end(&mut buf)
        .map_err(|e| format!("flate2 inflate error: {e}"))?;
    Ok(buf)
 }
 /// Extract text from PDF content-stream operators between BT and ET markers.
 ///
 /// Handles the common text-showing operators:
 /// - `Tj`  — show a string
 /// - `TJ`  — show an array of strings/numbers
 /// - `'`   — move to next line and show string
 /// - `"`   — set spacing, move to next line and show string
 fn extract_bt_et_text(stream: &[u8]) -> String {
    let text = String::from_utf8_lossy(stream);
    let mut result = String::new();
    let mut in_bt = false;
    for line in text.lines() {
        let trimmed = line.trim();
        if trimmed == "BT" {
            in_bt = true;
            continue;
        }
        if trimmed == "ET" {
            in_bt = false;
            continue;
        }
        if !in_bt {
            continue;
        }
        // Tj operator: (text) Tj
        if trimmed.ends_with("Tj") {
            if let Some(s) = extract_parenthesized_string(trimmed) {
                if !result.is_empty() && !result.ends_with('\n') {
                    result.push(' ');
                }
                result.push_str(&s);
            }
        }
        // TJ operator: [ (text) 123 (text) ] TJ
        else if trimmed.ends_with("TJ") {
            let extracted = extract_tj_array(trimmed);
            if !extracted.is_empty() {
                if !result.is_empty() && !result.ends_with('\n') {
                    result.push(' ');
                }
                result.push_str(&extracted);
            }
        }
        // ' operator: (text) '   and   " operator: aw ac (text) "
        else if is_newline_show_operator(trimmed) {
            if let Some(s) = extract_parenthesized_string(trimmed) {
                if !result.is_empty() {
                    result.push('\n');
                }
                result.push_str(&s);
            }
        }
    }
    result
 }
 /// Returns `true` when `trimmed` looks like a `'` or `"` text-show operator.
 fn is_newline_show_operator(trimmed: &str) -> bool {
    (trimmed.ends_with('\'') && trimmed.len() > 1)
        || (trimmed.ends_with('"') && trimmed.contains('('))
 }
 /// Pull the text from the first `(…)` group, handling escaped parens and
 /// common PDF escape sequences.
 fn extract_parenthesized_string(input: &str) -> Option<String> {
    let open = input.find('(')?;
    let bytes = input.as_bytes();
    let mut depth = 0;
    let mut result = String::new();
    let mut i = open;
    while i < bytes.len() {
        match bytes[i] {
            b'(' => {
                if depth > 0 {
                    result.push('(');
                }
                depth += 1;
            }
            b')' => {
                depth -= 1;
                if depth == 0 {
                    return Some(result);
                }
                result.push(')');
            }
            b'\\' if i + 1 < bytes.len() => {
                i += 1;
                match bytes[i] {
                    b'n' => result.push('\n'),
                    b'r' => result.push('\r'),
                    b't' => result.push('\t'),
                    b'\\' => result.push('\\'),
                    b'(' => result.push('('),
                    b')' => result.push(')'),
                    // Octal sequences — up to 3 digits.
                    d @ b'0'..=b'7' => {
                        let mut octal = u32::from(d - b'0');
                        for _ in 0..2 {
                            if i + 1 < bytes.len()
                                && bytes[i + 1].is_ascii_digit()
                                && bytes[i + 1] <= b'7'
                            {
                                i += 1;
                                octal = octal * 8 + u32::from(bytes[i] - b'0');
                            } else {
                                break;
                            }
                        }
                        if let Some(ch) = char::from_u32(octal) {
                            result.push(ch);
                        }
                    }
                    other => result.push(char::from(other)),
                }
            }
            ch => result.push(char::from(ch)),
        }
        i += 1;
    }
    None // unbalanced
 }
 /// Extract concatenated strings from a TJ array like `[ (Hello) -120 (World) ] TJ`.
 fn extract_tj_array(input: &str) -> String {
    let mut result = String::new();
    let Some(bracket_start) = input.find('[') else {
        return result;
    };
    let Some(bracket_end) = input.rfind(']') else {
        return result;
    };
    let inner = &input[bracket_start + 1..bracket_end];
    let mut i = 0;
    let bytes = inner.as_bytes();
    while i < bytes.len() {
        if bytes[i] == b'(' {
            // Reconstruct the parenthesized string and extract it.
            if let Some(s) = extract_parenthesized_string(&inner[i..]) {
                result.push_str(&s);
                // Skip past the closing paren.
                let mut depth = 0u32;
                for &b in &bytes[i..] {
                    i += 1;
                    if b == b'(' {
                        depth += 1;
                    } else if b == b')' {
                        depth -= 1;
                        if depth == 0 {
                            break;
                        }
                    }
                }
                continue;
            }
        }
        i += 1;
    }
    result
 }
 /// Skip past the end-of-line marker that immediately follows the `stream`
 /// keyword.  Per the PDF spec this is either `\r\n` or `\n`.
 fn skip_stream_eol(data: &[u8], pos: usize) -> usize {
    if pos < data.len() && data[pos] == b'\r' {
        if pos + 1 < data.len() && data[pos + 1] == b'\n' {
            return pos + 2;
        }
        return pos + 1;
    }
    if pos < data.len() && data[pos] == b'\n' {
        return pos + 1;
    }
    pos
 }
 /// Simple byte-subsequence search.
 fn find_subsequence(haystack: &[u8], needle: &[u8]) -> Option<usize> {
    haystack
        .windows(needle.len())
        .position(|window| window == needle)
 }
 /// Check if a user-supplied path looks like a PDF file reference.
 #[must_use]
 pub fn looks_like_pdf_path(text: &str) -> Option<&str> {
    for token in text.split_whitespace() {
        let cleaned = token.trim_matches(|c: char| c == '\'' || c == '"' || c == '`');
        if let Some(dot_pos) = cleaned.rfind('.') {
            if cleaned[dot_pos + 1..].eq_ignore_ascii_case("pdf") && dot_pos > 0 {
                return Some(cleaned);
            }
        }
    }
    None
 }
 /// Auto-extract text from a PDF path mentioned in a user prompt.
 ///
 /// Returns `Some((path, extracted_text))` when a `.pdf` path is detected and
 /// the file exists, otherwise `None`.
 #[must_use]
 pub fn maybe_extract_pdf_from_prompt(prompt: &str) -> Option<(String, String)> {
    let pdf_path = looks_like_pdf_path(prompt)?;
    let path = Path::new(pdf_path);
    if !path.exists() {
        return None;
    }
    let text = extract_text(path).ok()?;
    if text.is_empty() {
        return None;
    }
    Some((pdf_path.to_string(), text))
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    /// Build a minimal valid PDF with a single page containing uncompressed
    /// text.  This is the smallest PDF structure that exercises the BT/ET
    /// extraction path.
    fn build_simple_pdf(text: &str) -> Vec<u8> {
        let content_stream = format!("BT\n/F1 12 Tf\n({text}) Tj\nET");
        let stream_bytes = content_stream.as_bytes();
        let mut pdf = Vec::new();
        // Header
        pdf.extend_from_slice(b"%PDF-1.4\n");
        // Object 1 — Catalog
        let obj1_offset = pdf.len();
        pdf.extend_from_slice(b"1 0 obj\n<< /Type /Catalog /Pages 2 0 R >>\nendobj\n");
        // Object 2 — Pages
        let obj2_offset = pdf.len();
        pdf.extend_from_slice(b"2 0 obj\n<< /Type /Pages /Kids [3 0 R] /Count 1 >>\nendobj\n");
        // Object 3 — Page
        let obj3_offset = pdf.len();
        pdf.extend_from_slice(
            b"3 0 obj\n<< /Type /Page /Parent 2 0 R /Contents 4 0 R >>\nendobj\n",
        );
        // Object 4 — Content stream (uncompressed)
        let obj4_offset = pdf.len();
        let length = stream_bytes.len();
        let header = format!("4 0 obj\n<< /Length {length} >>\nstream\n");
        pdf.extend_from_slice(header.as_bytes());
        pdf.extend_from_slice(stream_bytes);
        pdf.extend_from_slice(b"\nendstream\nendobj\n");
        // Cross-reference table
        let xref_offset = pdf.len();
        pdf.extend_from_slice(b"xref\n0 5\n");
        pdf.extend_from_slice(b"0000000000 65535 f \n");
        pdf.extend_from_slice(format!("{obj1_offset:010} 00000 n \n").as_bytes());
        pdf.extend_from_slice(format!("{obj2_offset:010} 00000 n \n").as_bytes());
        pdf.extend_from_slice(format!("{obj3_offset:010} 00000 n \n").as_bytes());
        pdf.extend_from_slice(format!("{obj4_offset:010} 00000 n \n").as_bytes());
        // Trailer
        pdf.extend_from_slice(b"trailer\n<< /Size 5 /Root 1 0 R >>\n");
        pdf.extend_from_slice(format!("startxref\n{xref_offset}\n%%EOF\n").as_bytes());
        pdf
    }
    /// Build a minimal PDF with flate-compressed content stream.
    fn build_flate_pdf(text: &str) -> Vec<u8> {
        use flate2::write::ZlibEncoder;
        use flate2::Compression;
        use std::io::Write as _;
        let content_stream = format!("BT\n/F1 12 Tf\n({text}) Tj\nET");
        let mut encoder = ZlibEncoder::new(Vec::new(), Compression::default());
        encoder
            .write_all(content_stream.as_bytes())
            .expect("compress");
        let compressed = encoder.finish().expect("finish");
        let mut pdf = Vec::new();
        pdf.extend_from_slice(b"%PDF-1.4\n");
        let obj1_offset = pdf.len();
        pdf.extend_from_slice(b"1 0 obj\n<< /Type /Catalog /Pages 2 0 R >>\nendobj\n");
        let obj2_offset = pdf.len();
        pdf.extend_from_slice(b"2 0 obj\n<< /Type /Pages /Kids [3 0 R] /Count 1 >>\nendobj\n");
        let obj3_offset = pdf.len();
        pdf.extend_from_slice(
            b"3 0 obj\n<< /Type /Page /Parent 2 0 R /Contents 4 0 R >>\nendobj\n",
        );
        let obj4_offset = pdf.len();
        let length = compressed.len();
        let header = format!("4 0 obj\n<< /Length {length} /Filter /FlateDecode >>\nstream\n");
        pdf.extend_from_slice(header.as_bytes());
        pdf.extend_from_slice(&compressed);
        pdf.extend_from_slice(b"\nendstream\nendobj\n");
        let xref_offset = pdf.len();
        pdf.extend_from_slice(b"xref\n0 5\n");
        pdf.extend_from_slice(b"0000000000 65535 f \n");
        pdf.extend_from_slice(format!("{obj1_offset:010} 00000 n \n").as_bytes());
        pdf.extend_from_slice(format!("{obj2_offset:010} 00000 n \n").as_bytes());
        pdf.extend_from_slice(format!("{obj3_offset:010} 00000 n \n").as_bytes());
        pdf.extend_from_slice(format!("{obj4_offset:010} 00000 n \n").as_bytes());
        pdf.extend_from_slice(b"trailer\n<< /Size 5 /Root 1 0 R >>\n");
        pdf.extend_from_slice(format!("startxref\n{xref_offset}\n%%EOF\n").as_bytes());
        pdf
    }
    #[test]
    fn extracts_uncompressed_text_from_minimal_pdf() {
        // given
        let pdf_bytes = build_simple_pdf("Hello World");
        // when
        let text = extract_text_from_bytes(&pdf_bytes);
        // then
        assert_eq!(text, "Hello World");
    }
    #[test]
    fn extracts_text_from_flate_compressed_stream() {
        // given
        let pdf_bytes = build_flate_pdf("Compressed PDF Text");
        // when
        let text = extract_text_from_bytes(&pdf_bytes);
        // then
        assert_eq!(text, "Compressed PDF Text");
    }
    #[test]
    fn handles_tj_array_operator() {
        // given
        let stream = b"BT\n/F1 12 Tf\n[ (Hello) -120 ( World) ] TJ\nET";
        // Build a raw PDF with TJ array operator instead of simple Tj.
        let content_stream = std::str::from_utf8(stream).unwrap();
        let raw = format!(
            "%PDF-1.4\n1 0 obj\n<< /Type /Catalog >>\nendobj\n\
             2 0 obj\n<< /Length {} >>\nstream\n{}\nendstream\nendobj\n%%EOF\n",
            content_stream.len(),
            content_stream
        );
        let pdf_bytes = raw.into_bytes();
        // when
        let text = extract_text_from_bytes(&pdf_bytes);
        // then
        assert_eq!(text, "Hello World");
    }
    #[test]
    fn handles_escaped_parentheses() {
        // given
        let content = b"BT\n(Hello \\(World\\)) Tj\nET";
        let raw = format!(
            "%PDF-1.4\n1 0 obj\n<< /Length {} >>\nstream\n",
            content.len()
        );
        let mut pdf_bytes = raw.into_bytes();
        pdf_bytes.extend_from_slice(content);
        pdf_bytes.extend_from_slice(b"\nendstream\nendobj\n%%EOF\n");
        // when
        let text = extract_text_from_bytes(&pdf_bytes);
        // then
        assert_eq!(text, "Hello (World)");
    }
    #[test]
    fn returns_empty_for_non_pdf_data() {
        // given
        let data = b"This is not a PDF file at all";
        // when
        let text = extract_text_from_bytes(data);
        // then
        assert!(text.is_empty());
    }
    #[test]
    fn extracts_text_from_file_on_disk() {
        // given
        let pdf_bytes = build_simple_pdf("Disk Test");
        let dir = std::env::temp_dir().join("clawd-pdf-extract-test");
        std::fs::create_dir_all(&dir).unwrap();
        let pdf_path = dir.join("test.pdf");
        std::fs::write(&pdf_path, &pdf_bytes).unwrap();
        // when
        let text = extract_text(&pdf_path).unwrap();
        // then
        assert_eq!(text, "Disk Test");
        // cleanup
        let _ = std::fs::remove_dir_all(&dir);
    }
    #[test]
    fn looks_like_pdf_path_detects_pdf_references() {
        // given / when / then
        assert_eq!(
            looks_like_pdf_path("Please read /tmp/report.pdf"),
            Some("/tmp/report.pdf")
        );
        assert_eq!(looks_like_pdf_path("Check file.PDF now"), Some("file.PDF"));
        assert_eq!(looks_like_pdf_path("no pdf here"), None);
    }
    #[test]
    fn maybe_extract_pdf_from_prompt_returns_none_for_missing_file() {
        // given
        let prompt = "Read /tmp/nonexistent-abc123.pdf please";
        // when
        let result = maybe_extract_pdf_from_prompt(prompt);
        // then
        assert!(result.is_none());
    }
    #[test]
    fn maybe_extract_pdf_from_prompt_extracts_existing_file() {
        // given
        let pdf_bytes = build_simple_pdf("Auto Extracted");
        let dir = std::env::temp_dir().join("clawd-pdf-auto-extract-test");
        std::fs::create_dir_all(&dir).unwrap();
        let pdf_path = dir.join("auto.pdf");
        std::fs::write(&pdf_path, &pdf_bytes).unwrap();
        let prompt = format!("Summarize {}", pdf_path.display());
        // when
        let result = maybe_extract_pdf_from_prompt(&prompt);
        // then
        let (path, text) = result.expect("should extract");
        assert_eq!(path, pdf_path.display().to_string());
        assert_eq!(text, "Auto Extracted");
        // cleanup
        let _ = std::fs::remove_dir_all(&dir);
    }
 }
`@@ -1,2 +1 @@`
	`{"created_at_ms":1775386832313,"session_id":"session-1775386832313-0","type":"session_meta","updated_at_ms":1775386832313,"version":1}`	`{"created_at_ms":1775777421902,"session_id":"session-1775777421902-1","type":"session_meta","updated_at_ms":1775777421902,"version":1}`
	`{"message":{"blocks":[{"text":"status --help","type":"text"}],"role":"user"},"type":"message"}`