@jsonstudio/rcc 0.89.2239 → 0.90.1

package/docs/daemon-admin-ui.html

@@ -1489,6 +1489,14 @@
 	                <select id="routingSourceSelect" style="width: 420px;"></select>
 	                <button id="refreshRoutingSourcesBtn">Refresh sources</button>
 	              </div>
+                <div class="row" style="margin-bottom: 10px;">
+                  <label for="routingGroupSelect">group</label>
+                  <select id="routingGroupSelect" style="width: 240px;"></select>
+                  <input id="routingGroupNameInput" type="text" placeholder="new group id" style="width: 200px;" />
+                  <button id="createRoutingGroupBtn">Create/Copy group</button>
+                  <button id="deleteRoutingGroupBtn" class="danger">Delete group</button>
+                  <span id="routingActiveGroupHint" class="mono muted" style="margin-left:auto;"></span>
+                </div>
 	              <div class="row" style="margin-bottom: 10px;">
 	                <label for="routingQuotaModeSelect">mode</label>
 	                <select id="routingQuotaModeSelect" style="width: 160px;">
@@ -1509,9 +1517,9 @@
 	              </div>
 	              <div class="row" style="margin-bottom: 10px;">
 	                <button id="loadRoutingBtn" class="primary">Load</button>
-	                <button id="saveRoutingBtn" class="primary">Save</button>
-                  <button id="saveRoutingRestartLocalBtn">Save + Restart local</button>
-                  <button id="saveRoutingRestartAllBtn">Save + Restart all</button>
+	                <button id="saveRoutingBtn" class="primary">Save group</button>
+                  <button id="saveRoutingRestartLocalBtn">Activate group</button>
+                  <button id="saveRoutingRestartAllBtn">Activate + Restart all</button>
                   <button id="refreshRoutingPoolBtn">Refresh pool status</button>
 	                <button id="routingRegExpandBtn">Expand all</button>
 	                <button id="routingRegCollapseBtn">Collapse all</button>
@@ -1551,6 +1559,9 @@
               routingTargetsUpdatedAt: 0,
               routingSources: [],
               routingSourcesUpdatedAt: 0,
+              routingGroups: {},
+              routingActiveGroupId: "",
+              routingSelectedGroupId: "",
               routingLocation: "virtualrouter.routing",
               routingHasLoadBalancing: false,
               credentials: [],
@@ -4245,9 +4256,13 @@
       }
 
       function buildRoutingPolicyEditorValue(snapshot) {
-        const routingObj = toPlainObjectOrNull(snapshot && snapshot.routing) || {};
-        const hasLoadBalancing = Boolean(snapshot && snapshot.hasLoadBalancing === true);
-        const loadBalancingObj = toPlainObjectOrNull(snapshot && snapshot.loadBalancing) || {};
+        const source = toPlainObjectOrNull(snapshot) || {};
+        const routingObj = toPlainObjectOrNull(source.routing) || {};
+        const loadBalancingObj = toPlainObjectOrNull(source.loadBalancing) || {};
+        const hasLoadBalancing =
+          typeof source.hasLoadBalancing === "boolean"
+            ? Boolean(source.hasLoadBalancing)
+            : Boolean(loadBalancingObj && Object.keys(loadBalancingObj).length > 0);
         UI.routingHasLoadBalancing = hasLoadBalancing;
         return {
           routing: routingObj,
@@ -4276,30 +4291,114 @@
         };
       }
 
-	      async function loadRouting() {
-	        setLog("routingOpLog", "");
-	        const auth = UI.adminAuth ? UI.adminAuth : await refreshAdminAuthStatus();
-	        if (!auth || !auth.authenticated) {
-	          notifyUnauthorizedOnce("routing");
-	          return;
-	        }
-	        try {
-	          const selectedPath = textOf($("routingSourceSelect").value || "").trim();
-	          const query = selectedPath ? `?path=${encodeURIComponent(selectedPath)}` : "";
-	          const out = await apiFetch(`/config/routing${query}`);
-	          UI.routingLocation = out.location || "virtualrouter.routing";
-	          routingEditorSetValue(buildRoutingPolicyEditorValue(out));
-	          setLog(
-              "routingOpLog",
-              `Loaded. Path: ${out.path || "—"}\nLocation: ${UI.routingLocation}\nloadBalancing: ${UI.routingHasLoadBalancing ? "present" : "absent"}`
-            );
-	          toast("Routing policy loaded.", "ok");
-	        } catch (e) {
-	          if (e && e.status === 401) notifyUnauthorizedOnce("routing");
-	          setLog("routingOpLog", `Load failed: ${e.message}`);
-	          toast(`Load failed: ${e.message}`);
-	        }
-	      }
+      function normalizeRoutingGroupsMap(value) {
+        const out = {};
+        if (!value || typeof value !== "object" || Array.isArray(value)) return out;
+        for (const [groupId, groupPolicy] of Object.entries(value)) {
+          const policyObj = toPlainObjectOrNull(groupPolicy);
+          if (!groupId || !policyObj) continue;
+          out[groupId] = policyObj;
+        }
+        return out;
+      }
+
+      function currentRoutingSourcePath() {
+        return textOf($("routingSourceSelect").value || "").trim();
+      }
+
+      function currentRoutingSourceQuery() {
+        const selectedPath = currentRoutingSourcePath();
+        return selectedPath ? `?path=${encodeURIComponent(selectedPath)}` : "";
+      }
+
+      function updateRoutingGroupHint() {
+        const hint = $("routingActiveGroupHint");
+        if (!hint) return;
+        const selected = textOf(UI.routingSelectedGroupId || "").trim();
+        const active = textOf(UI.routingActiveGroupId || "").trim();
+        if (!selected && !active) {
+          hint.textContent = "group: —";
+          return;
+        }
+        hint.textContent = `selected=${selected || "—"} · active=${active || "—"}`;
+      }
+
+      function renderRoutingGroupSelect(preferredGroupId) {
+        const select = $("routingGroupSelect");
+        if (!select) return "";
+        const groups = normalizeRoutingGroupsMap(UI.routingGroups);
+        let ids = Object.keys(groups).sort((a, b) => a.localeCompare(b));
+        if (!ids.length) {
+          groups.default = { routing: {} };
+          ids = ["default"];
+        }
+        UI.routingGroups = groups;
+
+        const prev = textOf(select.value || "").trim();
+        select.replaceChildren();
+        for (const id of ids) {
+          const opt = document.createElement("option");
+          opt.value = id;
+          opt.textContent = id === UI.routingActiveGroupId ? `${id} (active)` : id;
+          select.appendChild(opt);
+        }
+        const nextSelected =
+          (preferredGroupId && groups[preferredGroupId] ? preferredGroupId : "")
+          || (prev && groups[prev] ? prev : "")
+          || (UI.routingSelectedGroupId && groups[UI.routingSelectedGroupId] ? UI.routingSelectedGroupId : "")
+          || (UI.routingActiveGroupId && groups[UI.routingActiveGroupId] ? UI.routingActiveGroupId : "")
+          || ids[0];
+        select.value = nextSelected;
+        UI.routingSelectedGroupId = nextSelected;
+        updateRoutingGroupHint();
+        return nextSelected;
+      }
+
+      function getSelectedRoutingGroupId() {
+        const select = $("routingGroupSelect");
+        const selected = textOf((select && select.value) || UI.routingSelectedGroupId || "").trim();
+        if (selected) UI.routingSelectedGroupId = selected;
+        return selected;
+      }
+
+      function loadSelectedRoutingGroupIntoEditor() {
+        const selectedGroupId = getSelectedRoutingGroupId();
+        const groups = normalizeRoutingGroupsMap(UI.routingGroups);
+        const selectedPolicy = toPlainObjectOrNull(groups[selectedGroupId]) || { routing: {} };
+        routingEditorSetValue(buildRoutingPolicyEditorValue(selectedPolicy));
+        updateRoutingGroupHint();
+      }
+
+      async function loadRouting(preferredGroupId) {
+        setLog("routingOpLog", "");
+        const auth = UI.adminAuth ? UI.adminAuth : await refreshAdminAuthStatus();
+        if (!auth || !auth.authenticated) {
+          notifyUnauthorizedOnce("routing");
+          return;
+        }
+        try {
+          const selectedPath = currentRoutingSourcePath();
+          const query = currentRoutingSourceQuery();
+          const out = await apiFetch(`/config/routing/groups${query}`);
+          UI.routingLocation = out.location || "virtualrouter.routing";
+          UI.routingGroups = normalizeRoutingGroupsMap(out.groups);
+          UI.routingActiveGroupId = textOf(out.activeGroupId || "").trim();
+          const selectedGroupId = renderRoutingGroupSelect(preferredGroupId);
+          if (!UI.routingActiveGroupId && selectedGroupId) {
+            UI.routingActiveGroupId = selectedGroupId;
+          }
+          loadSelectedRoutingGroupIntoEditor();
+          setLog(
+            "routingOpLog",
+            `Loaded groups. Path: ${out.path || selectedPath || "—"}\nLocation: ${UI.routingLocation}\nselected: ${UI.routingSelectedGroupId || "—"}\nactive: ${UI.routingActiveGroupId || "—"}\nloadBalancing: ${UI.routingHasLoadBalancing ? "present" : "absent"}`
+          );
+          toast("Routing groups loaded.", "ok");
+        } catch (e) {
+          if (e && e.status === 401) notifyUnauthorizedOnce("routing");
+          setLog("routingOpLog", `Load failed: ${e.message}`);
+          toast(`Load failed: ${e.message}`);
+        }
+      }
 
 	      async function saveRouting() {
 	        setLog("routingOpLog", "");
@@ -4309,30 +4408,41 @@
 	          return null;
 	        }
 	        try {
-	          const selectedPath = textOf($("routingSourceSelect").value || "").trim();
-	          const query = selectedPath ? `?path=${encodeURIComponent(selectedPath)}` : "";
+	          const selectedPath = currentRoutingSourcePath();
+	          const query = currentRoutingSourceQuery();
+            const selectedGroupId = getSelectedRoutingGroupId();
+            if (!selectedGroupId) {
+              throw new Error("No routing group selected");
+            }
 	          const policy = parseRoutingPolicyEditorValue(routingEditorGetValue() || {});
-            const payload = {
-              routing: policy.routing,
-              location: UI.routingLocation,
-              path: selectedPath || undefined
+            const basePolicy = toPlainObjectOrNull((UI.routingGroups || {})[selectedGroupId]) || {};
+            const nextPolicy = {
+              ...basePolicy,
+              routing: policy.routing
             };
             if (policy.shouldWriteLoadBalancing) {
-              payload.loadBalancing = policy.loadBalancing || {};
+              nextPolicy.loadBalancing = policy.loadBalancing || {};
+            } else {
+              delete nextPolicy.loadBalancing;
             }
-	          const out = await apiFetch(`/config/routing${query}`, {
+	          const out = await apiFetch(`/config/routing/groups/${encodeURIComponent(selectedGroupId)}${query}`, {
 	            method: "PUT",
-	            body: JSON.stringify(payload)
+	            body: JSON.stringify({
+                policy: nextPolicy,
+                location: UI.routingLocation,
+                path: selectedPath || undefined
+              })
 	          });
-	          UI.routingLocation = out.location || UI.routingLocation;
-            if (typeof out.hasLoadBalancing === "boolean") {
-              UI.routingHasLoadBalancing = out.hasLoadBalancing;
-            }
+            UI.routingLocation = out.location || UI.routingLocation;
+            UI.routingGroups = normalizeRoutingGroupsMap(out.groups);
+            UI.routingActiveGroupId = textOf(out.activeGroupId || UI.routingActiveGroupId || "").trim();
+            renderRoutingGroupSelect(selectedGroupId);
+            loadSelectedRoutingGroupIntoEditor();
 	          setLog(
               "routingOpLog",
-              `Saved. Path: ${out.path || "—"}\nLocation: ${UI.routingLocation}\nloadBalancing: ${UI.routingHasLoadBalancing ? "present" : "absent"}\nRestart required to apply.`
+              `Saved group. Path: ${out.path || selectedPath || "—"}\nLocation: ${UI.routingLocation}\nselected: ${UI.routingSelectedGroupId || "—"}\nactive: ${UI.routingActiveGroupId || "—"}`
             );
-	          toast("Routing policy saved.", "ok");
+	          toast("Routing group saved.", "ok");
 	          routingEditorSetDirty(false);
             return out;
 	        } catch (e) {
@@ -4344,17 +4454,39 @@
 	      }
 
       async function saveRoutingAndRestartLocal() {
-        const saved = await saveRouting();
-        if (!saved) return;
-        if (!confirm("Restart this RouteCodex runtime now to apply routing policy changes?")) return;
+        const selectedGroupId = getSelectedRoutingGroupId();
+        if (!selectedGroupId) {
+          toast("No routing group selected.");
+          return;
+        }
+        if (routingEditorState.dirty) {
+          const shouldSave = confirm("Current group has unsaved changes. Save now before activation?");
+          if (!shouldSave) return;
+          const saved = await saveRouting();
+          if (!saved) return;
+        }
+        if (!confirm(`Activate routing group \"${selectedGroupId}\" and reload local runtime now?`)) return;
         try {
-          const out = await apiFetch("/daemon/restart", { method: "POST" });
-          const warnings = Array.isArray(out.warnings) && out.warnings.length ? `\nWarnings:\n- ${out.warnings.join("\n- ")}` : "";
+          const selectedPath = currentRoutingSourcePath();
+          const query = currentRoutingSourceQuery();
+          const out = await apiFetch(`/config/routing/groups/activate${query}`, {
+            method: "POST",
+            body: JSON.stringify({
+              groupId: selectedGroupId,
+              location: UI.routingLocation,
+              path: selectedPath || undefined
+            })
+          });
+          UI.routingLocation = out.location || UI.routingLocation;
+          UI.routingGroups = normalizeRoutingGroupsMap(out.groups);
+          UI.routingActiveGroupId = textOf(out.activeGroupId || selectedGroupId).trim();
+          renderRoutingGroupSelect(selectedGroupId);
+          loadSelectedRoutingGroupIntoEditor();
           setLog(
             "routingOpLog",
-            `Saved + restarted local.\nconfigPath: ${out.configPath || "—"}\nreloadedAt: ${out.reloadedAt || "—"}${warnings}`
+            `Activated local.\nPath: ${out.path || selectedPath || "—"}\nselected: ${UI.routingSelectedGroupId || "—"}\nactive: ${UI.routingActiveGroupId || "—"}\nselfReload: ${JSON.stringify(out.selfReload ?? null, null, 2)}`
           );
-          toast("Routing saved and local runtime restarted.", "ok");
+          toast("Routing group activated (local).", "ok");
           await refreshStatus();
           await refreshProviders();
           await refreshCredentials();
@@ -4369,13 +4501,37 @@
       }
 
       async function saveRoutingAndRestartAll() {
-        const saved = await saveRouting();
-        if (!saved) return;
+        const selectedGroupId = getSelectedRoutingGroupId();
+        if (!selectedGroupId) {
+          toast("No routing group selected.");
+          return;
+        }
+        if (routingEditorState.dirty) {
+          const shouldSave = confirm("Current group has unsaved changes. Save now before activation?");
+          if (!shouldSave) return;
+          const saved = await saveRouting();
+          if (!saved) return;
+        }
         if (!confirm("Broadcast restart all local RouteCodex servers now?")) return;
         try {
+          const selectedPath = currentRoutingSourcePath();
+          const query = currentRoutingSourceQuery();
+          const activated = await apiFetch(`/config/routing/groups/activate${query}`, {
+            method: "POST",
+            body: JSON.stringify({
+              groupId: selectedGroupId,
+              location: UI.routingLocation,
+              path: selectedPath || undefined
+            })
+          });
+          UI.routingLocation = activated.location || UI.routingLocation;
+          UI.routingGroups = normalizeRoutingGroupsMap(activated.groups);
+          UI.routingActiveGroupId = textOf(activated.activeGroupId || selectedGroupId).trim();
+          renderRoutingGroupSelect(selectedGroupId);
+          loadSelectedRoutingGroupIntoEditor();
           const out = await controlMutate("servers.restart", {});
-          setLog("routingOpLog", `Saved + restart-all requested.\n${JSON.stringify(out, null, 2)}`);
-          toast("Routing saved and restart-all requested.", "ok");
+          setLog("routingOpLog", `Activated + restart-all requested.\n${JSON.stringify(out, null, 2)}`);
+          toast("Routing group activated and restart-all requested.", "ok");
           await refreshControl();
           await refreshStatus();
         } catch (e) {
@@ -4384,6 +4540,106 @@
         }
       }
 
+      function buildRoutingTemplatePolicyForNewGroup() {
+        const selectedGroupId = getSelectedRoutingGroupId();
+        const groups = normalizeRoutingGroupsMap(UI.routingGroups);
+        const base = toPlainObjectOrNull(groups[selectedGroupId]) || { routing: {} };
+        if (!routingEditorState.dirty) {
+          return { ...base };
+        }
+        const parsed = parseRoutingPolicyEditorValue(routingEditorGetValue() || {});
+        const next = {
+          ...base,
+          routing: parsed.routing
+        };
+        if (parsed.shouldWriteLoadBalancing) {
+          next.loadBalancing = parsed.loadBalancing || {};
+        } else {
+          delete next.loadBalancing;
+        }
+        return next;
+      }
+
+      async function createRoutingGroup() {
+        setLog("routingOpLog", "");
+        const auth = UI.adminAuth ? UI.adminAuth : await refreshAdminAuthStatus();
+        if (!auth || !auth.authenticated) {
+          notifyUnauthorizedOnce("routing groups");
+          return;
+        }
+        const input = $("routingGroupNameInput");
+        const groupId = textOf((input && input.value) || "").trim();
+        if (!groupId) {
+          toast("Group id is required.");
+          return;
+        }
+        const selectedPath = currentRoutingSourcePath();
+        const query = currentRoutingSourceQuery();
+        try {
+          const policy = buildRoutingTemplatePolicyForNewGroup();
+          const out = await apiFetch(`/config/routing/groups/${encodeURIComponent(groupId)}${query}`, {
+            method: "PUT",
+            body: JSON.stringify({
+              policy,
+              location: UI.routingLocation,
+              path: selectedPath || undefined
+            })
+          });
+          UI.routingLocation = out.location || UI.routingLocation;
+          UI.routingGroups = normalizeRoutingGroupsMap(out.groups);
+          UI.routingActiveGroupId = textOf(out.activeGroupId || UI.routingActiveGroupId || "").trim();
+          renderRoutingGroupSelect(groupId);
+          loadSelectedRoutingGroupIntoEditor();
+          if (input) input.value = "";
+          setLog(
+            "routingOpLog",
+            `Created/updated group.\nPath: ${out.path || selectedPath || "—"}\nselected: ${UI.routingSelectedGroupId || "—"}\nactive: ${UI.routingActiveGroupId || "—"}`
+          );
+          toast("Routing group created/updated.", "ok");
+        } catch (e) {
+          if (e && e.status === 401) notifyUnauthorizedOnce("routing groups");
+          setLog("routingOpLog", `Create group failed: ${e && e.message ? e.message : String(e)}`);
+          toast(`Create group failed: ${e && e.message ? e.message : String(e)}`);
+        }
+      }
+
+      async function deleteRoutingGroup() {
+        setLog("routingOpLog", "");
+        const auth = UI.adminAuth ? UI.adminAuth : await refreshAdminAuthStatus();
+        if (!auth || !auth.authenticated) {
+          notifyUnauthorizedOnce("routing groups");
+          return;
+        }
+        const groupId = getSelectedRoutingGroupId();
+        if (!groupId) {
+          toast("No routing group selected.");
+          return;
+        }
+        if (!confirm(`Delete routing group \"${groupId}\"?`)) return;
+        try {
+          const queryBase = currentRoutingSourceQuery();
+          const locationPart = UI.routingLocation ? `${queryBase ? "&" : "?"}location=${encodeURIComponent(UI.routingLocation)}` : "";
+          const query = `${queryBase}${locationPart}`;
+          const out = await apiFetch(`/config/routing/groups/${encodeURIComponent(groupId)}${query}`, {
+            method: "DELETE"
+          });
+          UI.routingLocation = out.location || UI.routingLocation;
+          UI.routingGroups = normalizeRoutingGroupsMap(out.groups);
+          UI.routingActiveGroupId = textOf(out.activeGroupId || UI.routingActiveGroupId || "").trim();
+          renderRoutingGroupSelect();
+          loadSelectedRoutingGroupIntoEditor();
+          setLog(
+            "routingOpLog",
+            `Deleted group \"${groupId}\".\nPath: ${out.path || currentRoutingSourcePath() || "—"}\nselected: ${UI.routingSelectedGroupId || "—"}\nactive: ${UI.routingActiveGroupId || "—"}`
+          );
+          toast("Routing group deleted.", "ok");
+        } catch (e) {
+          if (e && e.status === 401) notifyUnauthorizedOnce("routing groups");
+          setLog("routingOpLog", `Delete group failed: ${e && e.message ? e.message : String(e)}`);
+          toast(`Delete group failed: ${e && e.message ? e.message : String(e)}`);
+        }
+      }
+
 	      async function refreshRoutingSources() {
 	        const select = $("routingSourceSelect");
 	        if (!select) return;
@@ -5642,8 +5898,23 @@
       $("saveRoutingBtn").addEventListener("click", saveRouting);
       $("saveRoutingRestartLocalBtn").addEventListener("click", () => void saveRoutingAndRestartLocal());
       $("saveRoutingRestartAllBtn").addEventListener("click", () => void saveRoutingAndRestartAll());
+      $("createRoutingGroupBtn").addEventListener("click", () => void createRoutingGroup());
+      $("deleteRoutingGroupBtn").addEventListener("click", () => void deleteRoutingGroup());
       $("refreshRoutingSourcesBtn").addEventListener("click", refreshRoutingSources);
-      $("routingSourceSelect").addEventListener("change", loadRouting);
+      $("routingSourceSelect").addEventListener("change", async () => {
+        if (routingEditorState.dirty && !confirm("Discard unsaved routing editor changes and switch source?")) {
+          return;
+        }
+        await loadRouting();
+      });
+      $("routingGroupSelect").addEventListener("change", () => {
+        if (routingEditorState.dirty && !confirm("Discard unsaved routing editor changes and switch group?")) {
+          renderRoutingGroupSelect(UI.routingSelectedGroupId || UI.routingActiveGroupId || "");
+          return;
+        }
+        UI.routingSelectedGroupId = textOf($("routingGroupSelect").value || "").trim();
+        loadSelectedRoutingGroupIntoEditor();
+      });
       $("routingRegExpandBtn").addEventListener("click", () => setAllDetailsOpen($("routingKvEditor"), true));
       $("routingRegCollapseBtn").addEventListener("click", () => setAllDetailsOpen($("routingKvEditor"), false));
       $("refreshRoutingPoolBtn").addEventListener("click", async () => {

package/docs/design/servertool-stopmessage-lifecycle.md

@@ -0,0 +1,109 @@
+# ServerTool / StopMessage Lifecycle (tmux-only)
+
+## 1. Scope
+
+This document defines the only valid lifecycle for:
+
+- `stopMessage`
+- `clock` client injection
+- `continue_execution` client injection
+
+Design goals:
+
+1. Trigger logic stays in Chat Process response orchestration.
+2. Execution path is tmux stdin injection only.
+3. `stopMessage` does not use nested reenter model requests.
+4. State is scoped by `tmux:<sessionId>` only.
+
+## 2. Current Code Entry Points
+
+- Request metadata resolution: `src/server/runtime/http-server/executor-metadata.ts`
+- Scope resolution: `src/server/runtime/http-server/clock-scope-resolution.ts`
+- Injection implementation: `src/server/runtime/http-server/executor/client-injection-flow.ts`
+- ServerTool orchestration (response side): `sharedmodule/llmswitch-core/src/servertool/engine.ts`
+- StopMessage handler: `sharedmodule/llmswitch-core/src/servertool/handlers/stop-message-auto.ts`
+- Routing state store (tmux scope selection): `sharedmodule/llmswitch-core/src/router/virtual-router/engine/routing-state/store.ts`
+
+## 3. Lifecycle (Approved Target)
+
+1. Client starts via `routecodex codex` / `routecodex claude` inside tmux.
+2. Client request carries tmux metadata (`tmuxSessionId` family fields / headers).
+3. Server resolves tmux session and marks `clientInjectReady=true`.
+4. User sends `<**stopMessage,...**>` instruction.
+5. Chat-process parser saves instruction state under `tmux:<sessionId>`.
+6. Model response reaches response orchestration.
+7. StopMessage matcher runs in chat-process servertool stage.
+8. If matched, build reviewer followup text.
+9. Dispatch to client injection (tmux stdin) directly.
+10. Injection success: increment `used`, keep/update state.
+11. Injection failure: clear stopMessage state for that tmux scope, skip followup.
+12. Main request must still complete (no request-level hard failure only because stopMessage inject failed).
+
+## 4. Hard Rules
+
+1. Split dispatch:
+- Normal servertools (e.g. search/vision) may use `reenterPipeline`.
+- `stopMessage/clock/continue_execution` must use client injection dispatcher only.
+
+2. No fallback:
+- No old session-based fallback compare.
+- No daemon-only fallback for stopMessage matching.
+
+3. Scope:
+- All stopMessage state read/write keys are `tmux:<sessionId>`.
+
+4. Set behavior:
+- If tmux scope missing when setting stopMessage: drop set instruction, keep request normal.
+
+5. Trigger behavior:
+- If tmux not ready at trigger time: clear stale state and skip followup (no loop).
+
+## 5. Client Restart Rebinding (New Requirement)
+
+When tmux client restarts and re-registers:
+
+1. Registration updates daemon->tmux mapping immediately.
+2. If previous stopMessage state exists under old tmux scope and the same daemon/client identity is re-registered with a new tmux session, migrate stopMessage binding to the new `tmux:<newSessionId>` scope.
+3. Migration is atomic:
+- copy state to new tmux scope
+- delete old tmux scope state
+4. If old tmux session is already gone and no valid rebind target exists, clean old state.
+
+This prevents:
+
+- trigger using stale scope
+- inject lookup miss loops after client restart
+
+## 6. Observability Requirements
+
+Required logs:
+
+1. stopMessage set parse:
+- parse success/fail
+- resolved tmux scope
+
+2. stopMessage match:
+- matched/miss
+- reason
+- scope
+
+3. client injection:
+- selected tmux session
+- submit key result
+- success/failure reason
+
+4. state mutation:
+- set/override
+- trigger used counter
+- clear on failure
+- rebind migration (old scope -> new scope)
+
+## 7. Validation Checklist
+
+1. Set stopMessage in tmux session A -> state key is `tmux:A`.
+2. Trigger matched response -> tmux A receives injected text + enter.
+3. Counter decrements and persists.
+4. Restart client with new tmux session B (same client identity) -> state migrates to `tmux:B`.
+5. Next trigger injects into B, not A.
+6. Injection failure clears active state and does not create reenter loop.
+7. Non-stop servertools still execute through normal reenter path.

package/docs/exec-command-guard-policy.example.v1.json

@@ -36,7 +36,13 @@
       "pattern": "\\b(xargs\\s+rm\\b|for\\s+[^;\\n]+;\\s*do\\s+rm\\b|while\\s+[^;\\n]+;\\s*do\\s+rm\\b)",
       "flags": "i",
       "reason": "Loop/batch deletion is not allowed"
+    },
+    {
+      "id": "deny-mass-kill-commands",
+      "type": "regex",
+      "pattern": "\\bpkill\\b|\\bkillall\\b|\\btaskkill\\b|\\bxargs\\b[^\\n]*\\bkill\\b|\\blsof\\b[^\\n]*\\|[^\\n]*\\bxargs\\b[^\\n]*\\bkill\\b",
+      "flags": "i",
+      "reason": "mass kill command is not allowed"
     }
   ]
 }
-

package/docs/providers/antigravity-gemini-provider-compat.md

@@ -171,9 +171,9 @@ antigravity/<version> <os>/<arch>
 版本解析顺序（从高到低）：
 1. 显式 UA：`ROUTECODEX_ANTIGRAVITY_USER_AGENT` / `RCC_ANTIGRAVITY_USER_AGENT`（完全覆盖）
 2. 显式版本号：`ROUTECODEX_ANTIGRAVITY_UA_VERSION` / `RCC_ANTIGRAVITY_UA_VERSION`
-3. 远程拉取：`VERSION_URL`（可用 `ROUTECODEX_ANTIGRAVITY_UA_DISABLE_REMOTE=1` 禁用）
+3. 远程拉取：`VERSION_URL`，失败时回退 `CHANGELOG_URL`（可用 `ROUTECODEX_ANTIGRAVITY_UA_DISABLE_REMOTE=1` 禁用）
 4. 本地磁盘 cache：`~/.routecodex/state/antigravity-ua-version.json`
-5. 最后兜底：`LEGACY_PINNED_VERSION`（只保证“有值”，不保证不过期）
+5. 最后兜底：`KNOWN_STABLE_VERSION`（当前 `4.1.24`，对齐 Antigravity-Manager）
 
 ### 4.3 `<os>/<arch>` suffix 如何从指纹推断（并且为何禁 linux）