@oh-my-pi/pi-coding-agent 15.10.1 → 15.10.2

package/src/session/agent-session.ts

@@ -109,6 +109,7 @@ import {
 	extractExplicitThinkingSelector,
 	formatModelSelectorValue,
 	formatModelString,
+	getModelMatchPreferences,
 	parseModelString,
 	type ResolvedModelRoleValue,
 	resolveModelRoleValue,
@@ -283,6 +284,11 @@ export type AgentSessionEventListener = (event: AgentSessionEvent) => void;
 export type AsyncJobSnapshotItem = Pick<AsyncJob, "id" | "type" | "status" | "label" | "startTime">;
 
 const EMPTY_STOP_MAX_RETRIES = 3;
+const NON_WHITESPACE_RE = /\S/;
+
+function hasNonWhitespace(value: string): boolean {
+	return NON_WHITESPACE_RE.test(value);
+}
 
 export interface AsyncJobSnapshot {
 	running: AsyncJobSnapshotItem[];
@@ -5445,7 +5451,7 @@ export class AgentSession {
 
 		const currentModel = this.model;
 		if (!currentModel) return undefined;
-		const matchPreferences = { usageOrder: this.settings.getStorage()?.getModelUsageOrder() };
+		const matchPreferences = getModelMatchPreferences(this.settings);
 		const models: ResolvedRoleModel[] = [];
 
 		for (const role of roleOrder) {
@@ -6539,9 +6545,13 @@ export class AgentSession {
 				this.#retryAttempt = 0;
 			}
 			this.#resolveRetry();
+			// Tool-use orphans corrupt Anthropic message history (tool_result without
+			// matching tool_use). Always remove them even when the retry cap is hit.
+			if (assistantMessage.stopReason === "toolUse") {
+				this.#removeEmptyStopFromActiveContext(assistantMessage);
+			}
 			return true;
 		}
-
 		this.#removeEmptyStopFromActiveContext(assistantMessage);
 		this.agent.appendMessage({
 			role: "developer",
@@ -6554,12 +6564,26 @@ export class AgentSession {
 	}
 
 	#isEmptyAssistantStop(assistantMessage: AssistantMessage): boolean {
-		if (assistantMessage.stopReason !== "stop") return false;
-		return !assistantMessage.content.some(content => {
-			if (content.type === "text") return content.text.trim().length > 0;
-			if (content.type === "thinking") return content.thinking.trim().length > 0;
-			return content.type === "toolCall";
-		});
+		switch (assistantMessage.stopReason) {
+			case "stop":
+				for (const content of assistantMessage.content) {
+					if (content.type === "toolCall") return false;
+					if (content.type === "text" && hasNonWhitespace(content.text)) return false;
+					if (content.type === "thinking" && hasNonWhitespace(content.thinking)) return false;
+				}
+				return true;
+			case "toolUse":
+				// An orphaned toolUse stop (no tool_use block) corrupts Anthropic history:
+				// a later tool_result has nothing to anchor to. Thinking alone cannot anchor
+				// a tool_result, so it does not rescue a toolUse stop here.
+				for (const content of assistantMessage.content) {
+					if (content.type === "toolCall") return false;
+					if (content.type === "text" && hasNonWhitespace(content.text)) return false;
+				}
+				return true;
+			default:
+				return false;
+		}
 	}
 
 	#emptyStopRetryReminder(): string {
@@ -7143,7 +7167,7 @@ export class AgentSession {
 
 		return resolveModelRoleValue(roleModelStr, availableModels, {
 			settings: this.settings,
-			matchPreferences: { usageOrder: this.settings.getStorage()?.getModelUsageOrder() },
+			matchPreferences: getModelMatchPreferences(this.settings),
 			modelRegistry: this.#modelRegistry,
 		});
 	}
@@ -7874,11 +7898,12 @@ export class AgentSession {
 	#isTransientTransportErrorMessage(errorMessage: string): boolean {
 		// Match: overloaded_error, provider returned error, rate limit, 429, 500, 502, 503, 504,
 		// service unavailable, provider-suggested retry, network/connection/socket errors, fetch failed,
-		// terminated, retry delay exceeded, Bun HTTP/2 stream resets (RST_STREAM / REFUSED_STREAM /
-		// ENHANCE_YOUR_CALM, surfaced verbatim from src/http/h2_client/dispatch.zig)
+		// gateway upstream failures, terminated, retry delay exceeded, Bun HTTP/2 stream resets
+		// (RST_STREAM / REFUSED_STREAM / ENHANCE_YOUR_CALM, surfaced verbatim from
+		// src/http/h2_client/dispatch.zig)
 		return (
 			isUnexpectedSocketCloseMessage(errorMessage) ||
-			/overloaded|provider.?returned.?error|rate.?limit|too many requests|429|500|502|503|504|service.?unavailable|server.?error|internal.?error|retry your request|network.?error|connection.?error|connection.?refused|other side closed|fetch failed|upstream.?connect|reset before headers|socket hang up|timed? out|timeout|terminated|retry delay|stream stall|no error details in response|HTTP2(?:StreamReset|RefusedStream|EnhanceYourCalm)/i.test(
+			/overloaded|provider.?returned.?error|rate.?limit|too many requests|429|500|502|503|504|service.?unavailable|server.?error|internal.?error|retry your request|network.?error|connection.?error|connection.?refused|other side closed|fetch failed|upstream.?connect|upstream.?request.?failed|reset before headers|socket hang up|timed? out|timeout|terminated|retry delay|stream stall|no error details in response|HTTP2(?:StreamReset|RefusedStream|EnhanceYourCalm)/i.test(
 				errorMessage,
 			)
 		);

package/src/session/auth-storage.ts

@@ -10,6 +10,8 @@ export type {
 	AuthCredentialStore,
 	AuthStorageData,
 	AuthStorageOptions,
+	CredentialOrigin,
+	CredentialOriginKind,
 	OAuthCredential,
 	SerializedAuthStorage,
 	SnapshotResponse,

package/src/session/session-manager.ts

@@ -845,11 +845,18 @@ function writeTerminalBreadcrumb(cwd: string, sessionFile: string): void {
 	Bun.write(breadcrumbFile, content).catch(() => {});
 }
 
+interface TerminalBreadcrumb {
+	cwd: string;
+	sessionFile: string;
+}
+
 /**
- * Read the terminal breadcrumb for the current terminal, scoped to a cwd.
- * Returns the session file path if it exists and matches the cwd, null otherwise.
+ * Read the raw terminal breadcrumb for the current terminal.
+ * Returns the recorded cwd + session file (verified to exist) regardless of
+ * whether the recorded cwd still matches the current one. Callers decide how
+ * to interpret a cwd mismatch (e.g. a moved/renamed worktree).
  */
-async function readTerminalBreadcrumb(cwd: string): Promise<string | null> {
+async function readTerminalBreadcrumbEntry(): Promise<TerminalBreadcrumb | null> {
 	const terminalId = getTerminalId();
 	if (!terminalId) return null;
 
@@ -862,12 +869,9 @@ async function readTerminalBreadcrumb(cwd: string): Promise<string | null> {
 		const breadcrumbCwd = lines[0];
 		const sessionFile = lines[1];
 
-		// Only return if cwd matches (user might have cd'd)
-		if (path.resolve(breadcrumbCwd) !== path.resolve(cwd)) return null;
-
 		// Verify the session file still exists
 		const stat = fs.statSync(sessionFile, { throwIfNoEntry: false });
-		if (stat?.isFile()) return sessionFile;
+		if (stat?.isFile()) return { cwd: breadcrumbCwd, sessionFile };
 	} catch (err) {
 		if (!isEnoent(err)) logger.debug("Terminal breadcrumb read failed", { err });
 		// Breadcrumb doesn't exist or is corrupt — fall through
@@ -1968,6 +1972,7 @@ export class SessionManager {
 	#inMemoryArtifactCounter = 0;
 	readonly #blobStore: BlobStore;
 	#suppressBreadcrumb = false;
+	#sessionNameChangedCallbacks = new Set<() => void>();
 
 	private constructor(
 		private cwd: string,
@@ -2163,19 +2168,24 @@ export class SessionManager {
 	/**
 	 * Move the session to a new working directory.
 	 * Moves session files and artifacts on disk, updates all internal references,
-	 * and rewrites the session header with the new cwd.
+	 * and rewrites the session header with the new cwd. When provided,
+	 * `targetSessionDir` is used instead of deriving the default directory for
+	 * the new cwd (for `--continue --session-dir` / `--resume --session-dir`).
 	 */
-	async moveTo(newCwd: string): Promise<void> {
+	async moveTo(newCwd: string, targetSessionDir?: string): Promise<void> {
 		const resolvedCwd = path.resolve(newCwd);
-		if (resolvedCwd === this.cwd) return;
+		if (resolvedCwd === this.cwd && (!targetSessionDir || path.resolve(targetSessionDir) === this.sessionDir)) return;
 
 		const managedSessionsRoot = resolveManagedSessionRoot(this.sessionDir, this.cwd);
-		const newSessionDir = managedSessionsRoot
-			? computeDefaultSessionDir(resolvedCwd, this.storage, managedSessionsRoot)
-			: computeDefaultSessionDir(resolvedCwd, this.storage);
+		const newSessionDir = targetSessionDir
+			? path.resolve(targetSessionDir)
+			: managedSessionsRoot
+				? computeDefaultSessionDir(resolvedCwd, this.storage, managedSessionsRoot)
+				: computeDefaultSessionDir(resolvedCwd, this.storage);
 		let hadSessionFile = false;
 
 		if (this.persist && this.#sessionFile) {
+			this.storage.ensureDirSync(newSessionDir);
 			// Close the persist writer before moving files
 			await this.#closePersistWriter();
 			this.#persistChain = Promise.resolve();
@@ -2186,25 +2196,29 @@ export class SessionManager {
 			const newSessionFile = path.join(newSessionDir, path.basename(oldSessionFile));
 			const oldArtifactDir = oldSessionFile.slice(0, -6); // strip .jsonl
 			const newArtifactDir = newSessionFile.slice(0, -6);
+			const sameSessionFile = path.resolve(oldSessionFile) === path.resolve(newSessionFile);
+			const sameArtifactDir = path.resolve(oldArtifactDir) === path.resolve(newArtifactDir);
 			hadSessionFile = this.storage.existsSync(oldSessionFile);
 			let movedSessionFile = false;
 			let movedArtifactDir = false;
 
 			try {
 				// Guard: session file may not exist yet (no assistant messages persisted)
-				if (hadSessionFile) {
+				if (hadSessionFile && !sameSessionFile) {
 					await fs.promises.rename(oldSessionFile, newSessionFile);
 					movedSessionFile = true;
 				}
 
-				try {
-					const stat = await fs.promises.stat(oldArtifactDir);
-					if (stat.isDirectory()) {
-						await fs.promises.rename(oldArtifactDir, newArtifactDir);
-						movedArtifactDir = true;
+				if (!sameArtifactDir) {
+					try {
+						const stat = await fs.promises.stat(oldArtifactDir);
+						if (stat.isDirectory()) {
+							await fs.promises.rename(oldArtifactDir, newArtifactDir);
+							movedArtifactDir = true;
+						}
+					} catch (err) {
+						if (!isEnoent(err)) throw err;
 					}
-				} catch (err) {
-					if (!isEnoent(err)) throw err;
 				}
 			} catch (err) {
 				if (movedArtifactDir) {
@@ -2730,6 +2744,23 @@ export class SessionManager {
 		return this.#sessionName;
 	}
 
+	onSessionNameChanged(cb: () => void): () => void {
+		this.#sessionNameChangedCallbacks.add(cb);
+		return () => {
+			this.#sessionNameChangedCallbacks.delete(cb);
+		};
+	}
+
+	#fireSessionNameChanged(): void {
+		for (const cb of [...this.#sessionNameChangedCallbacks]) {
+			try {
+				cb();
+			} catch (err) {
+				logger.warn("SessionManager: session name change hook failed", { error: String(err) });
+			}
+		}
+	}
+
 	/** Strip C0/C1 control characters (includes ESC, so removes ANSI sequences) and collapse whitespace. */
 	static #sanitizeName(name: string): string {
 		return name
@@ -2765,6 +2796,7 @@ export class SessionManager {
 		if (this.persist && sessionFile && this.storage.existsSync(sessionFile)) {
 			await this.#rewriteFile();
 		}
+		this.#fireSessionNameChanged();
 		return true;
 	}
 
@@ -3491,8 +3523,49 @@ export class SessionManager {
 	): Promise<SessionManager> {
 		const dir = sessionDir ?? SessionManager.getDefaultSessionDir(cwd, undefined, storage);
 		// Prefer terminal-scoped breadcrumb (handles concurrent sessions correctly)
-		const terminalSession = await readTerminalBreadcrumb(cwd);
-		const mostRecent = terminalSession ?? (await findMostRecentSession(dir, storage));
+		const breadcrumb = await readTerminalBreadcrumbEntry();
+		const breadcrumbCwd = breadcrumb ? path.resolve(breadcrumb.cwd) : undefined;
+		const resolvedCwd = path.resolve(cwd);
+		let mostRecent: string | null | undefined;
+		if (breadcrumb && breadcrumbCwd !== resolvedCwd) {
+			// The terminal's last session was started in a different cwd. If that cwd no
+			// longer exists (e.g. `git worktree move`/dir rename) and the new location has
+			// no sessions of its own, re-root the session here instead of silently starting
+			// fresh — otherwise the relocated session would be unreachable via --continue.
+			// When an explicit sessionDir is reused across the move, the stale breadcrumb
+			// file itself may be the most recent entry there; don't count it as a
+			// current-directory session. If that shared dir also contains an older session
+			// that already belongs to the current cwd, prefer that local session instead
+			// of re-rooting the stale breadcrumb over it.
+			const resolvedBreadcrumbCwd = path.resolve(breadcrumb.cwd);
+			mostRecent = await findMostRecentSession(dir, storage);
+			const sourceCwdGone = !fs.existsSync(resolvedBreadcrumbCwd);
+			const breadcrumbSessionFile = path.resolve(breadcrumb.sessionFile);
+			const mostRecentIsBreadcrumb =
+				mostRecent !== null && mostRecent !== undefined && path.resolve(mostRecent) === breadcrumbSessionFile;
+			let hasCurrentCwdSession = false;
+			if (sourceCwdGone && mostRecentIsBreadcrumb) {
+				const currentCwdSession = (await SessionManager.list(cwd, dir, storage)).find(
+					session =>
+						path.resolve(session.path) !== breadcrumbSessionFile &&
+						session.cwd &&
+						path.resolve(session.cwd) === resolvedCwd,
+				);
+				if (currentCwdSession) {
+					mostRecent = currentCwdSession.path;
+					hasCurrentCwdSession = true;
+				}
+			}
+			const relocated = sourceCwdGone && (mostRecent === null || (mostRecentIsBreadcrumb && !hasCurrentCwdSession));
+			if (relocated) {
+				process.stderr.write(`Re-rooting moved session from ${resolvedBreadcrumbCwd} to ${resolvedCwd}.\n`);
+				const manager = await SessionManager.open(breadcrumb.sessionFile, undefined, storage);
+				await manager.moveTo(cwd, sessionDir);
+				return manager;
+			}
+		}
+		const terminalSession = breadcrumb && breadcrumbCwd === resolvedCwd ? breadcrumb.sessionFile : null;
+		if (mostRecent === undefined) mostRecent = terminalSession ?? (await findMostRecentSession(dir, storage));
 		const manager = new SessionManager(cwd, dir, true, storage);
 		if (mostRecent) {
 			await manager.#initSessionFile(mostRecent);

package/src/task/executor.ts

@@ -34,7 +34,11 @@ import { SessionManager } from "../session/session-manager";
 import { truncateTail } from "../session/streaming-output";
 import type { ContextFileEntry } from "../tools";
 import { normalizeSchema } from "../tools/jtd-to-json-schema";
-import { buildOutputValidator, summarizeValidationFailure } from "../tools/output-schema-validator";
+import {
+	buildOutputValidator,
+	type OutputValidator,
+	summarizeValidationFailure,
+} from "../tools/output-schema-validator";
 
 import { type ReportFindingDetails, toReviewFinding } from "../tools/review";
 import { ToolAbortError } from "../tools/tool-errors";
@@ -256,21 +260,40 @@ function extractCompletionData(parsed: unknown): unknown {
 	return parsed;
 }
 
-function normalizeCompleteData(data: unknown, reportFindings?: ReviewFinding[]): unknown {
-	let normalized = parseStringifiedJson(data ?? null);
+/**
+ * Resolve the final yielded payload, optionally splicing collected
+ * `report_finding` entries into a top-level `findings` array.
+ *
+ * Injection is suppressed when an active validator would reject the augmented
+ * payload (e.g. a caller-supplied schema with `additionalProperties: false`
+ * that does not declare `findings`). That keeps the in-tool yield validator
+ * (which only sees the raw, pre-injection data) in lockstep with this
+ * post-mortem validator — honoring the "accepted in-tool ⇒ accepted
+ * post-mortem" guarantee documented in `output-schema-validator.ts`. The
+ * dropped findings are still preserved verbatim in the agent's progress
+ * stream and JSONL artifact, so no information is lost when injection is
+ * suppressed.
+ */
+function normalizeCompleteData(
+	data: unknown,
+	reportFindings: ReviewFinding[] | undefined,
+	validator: OutputValidator | undefined,
+): unknown {
+	const normalized = parseStringifiedJson(data ?? null);
 	if (
-		Array.isArray(reportFindings) &&
-		reportFindings.length > 0 &&
-		normalized &&
-		typeof normalized === "object" &&
-		!Array.isArray(normalized)
+		!Array.isArray(reportFindings) ||
+		reportFindings.length === 0 ||
+		!normalized ||
+		typeof normalized !== "object" ||
+		Array.isArray(normalized)
 	) {
-		const record = normalized as Record<string, unknown>;
-		if (!("findings" in record)) {
-			normalized = { ...record, findings: reportFindings };
-		}
+		return normalized;
 	}
-	return normalized;
+	const record = normalized as Record<string, unknown>;
+	if ("findings" in record) return normalized;
+	const injected = { ...record, findings: reportFindings };
+	if (validator && !validator.validate(injected).success) return normalized;
+	return injected;
 }
 
 function resolveFallbackCompletion(rawOutput: string, outputSchema: unknown): { data: unknown } | null {
@@ -288,6 +311,15 @@ export interface YieldItem {
 	data?: unknown;
 	status?: "success" | "aborted";
 	error?: string;
+	/**
+	 * Set by the in-tool yield validator when it exhausted its retry budget
+	 * (MAX_SCHEMA_RETRIES) and accepted a schema-invalid payload anyway.
+	 * `finalizeSubprocessOutput` honors this by serializing the payload and
+	 * surfacing a stderr warning, instead of re-emitting `schema_violation`
+	 * — which would silently swap the subagent's "accepted" view for a
+	 * different, opaque error blob in the parent's view of the result.
+	 */
+	schemaOverridden?: boolean;
 }
 
 interface FinalizeSubprocessOutputArgs {
@@ -308,7 +340,8 @@ interface FinalizeSubprocessOutputResult {
 	abortedViaYield: boolean;
 	hasYield: boolean;
 }
-
+export const SUBAGENT_WARNING_SCHEMA_OVERRIDDEN =
+	"SYSTEM WARNING: Subagent exhausted schema-retry budget; result was accepted despite failing the output schema.";
 export const SUBAGENT_WARNING_NULL_YIELD = "SYSTEM WARNING: Subagent called yield with null data.";
 export const SUBAGENT_WARNING_MISSING_YIELD =
 	"SYSTEM WARNING: Subagent exited without calling yield tool after 3 reminders.";
@@ -360,30 +393,32 @@ export function finalizeSubprocessOutput(args: FinalizeSubprocessOutputArgs): Fi
 			if (submitData === null || submitData === undefined) {
 				rawOutput = rawOutput ? `${SUBAGENT_WARNING_NULL_YIELD}\n\n${rawOutput}` : SUBAGENT_WARNING_NULL_YIELD;
 			} else {
-				const completeData = normalizeCompleteData(submitData, reportFindings);
 				const { validator, error: schemaError } = buildOutputValidator(outputSchema);
-				if (schemaError) {
-					rawOutput = `{"error":"schema_violation","message":"invalid output schema: ${schemaError.replace(/"/g, '\\"')}"}`;
-					stderr = `schema_violation: invalid output schema: ${schemaError}`;
-					exitCode = 1;
+				const overridden = lastYield?.schemaOverridden === true;
+				const completeData = normalizeCompleteData(submitData, reportFindings, validator);
+				const result =
+					schemaError || overridden
+						? { success: true as const }
+						: (validator?.validate(completeData) ?? { success: true as const });
+				if (!result.success) {
+					const summary = summarizeValidationFailure(result, completeData, validator?.requiredFields ?? []);
+					const outcome = buildSchemaViolationOutcome(summary, completeData);
+					rawOutput = outcome.rawOutput;
+					stderr = outcome.stderr;
+					exitCode = outcome.exitCode;
 				} else {
-					const result = validator?.validate(completeData) ?? { success: true as const };
-					if (!result.success) {
-						const summary = summarizeValidationFailure(result, completeData, validator?.requiredFields ?? []);
-						const outcome = buildSchemaViolationOutcome(summary, completeData);
-						rawOutput = outcome.rawOutput;
-						stderr = outcome.stderr;
-						exitCode = outcome.exitCode;
-					} else {
-						try {
-							rawOutput = JSON.stringify(completeData, null, 2) ?? "null";
-						} catch (err) {
-							const errorMessage = err instanceof Error ? err.message : String(err);
-							rawOutput = `{"error":"Failed to serialize yield data: ${errorMessage}"}`;
-						}
-						exitCode = 0;
-						stderr = "";
+					try {
+						rawOutput = JSON.stringify(completeData, null, 2) ?? "null";
+					} catch (err) {
+						const errorMessage = err instanceof Error ? err.message : String(err);
+						rawOutput = `{"error":"Failed to serialize yield data: ${errorMessage}"}`;
 					}
+					exitCode = 0;
+					stderr = overridden
+						? SUBAGENT_WARNING_SCHEMA_OVERRIDDEN
+						: schemaError
+							? `invalid output schema: ${schemaError}`
+							: "";
 				}
 			}
 		}
@@ -393,8 +428,8 @@ export function finalizeSubprocessOutput(args: FinalizeSubprocessOutputArgs): Fi
 		const hasOutputSchema = normalizedSchema !== undefined && !schemaError;
 		const fallback = allowFallback ? resolveFallbackCompletion(rawOutput, outputSchema) : null;
 		if (fallback) {
-			const completeData = normalizeCompleteData(fallback.data, reportFindings);
 			const { validator } = buildOutputValidator(outputSchema);
+			const completeData = normalizeCompleteData(fallback.data, reportFindings, validator);
 			const result = validator?.validate(completeData) ?? { success: true as const };
 			if (!result.success) {
 				const summary = summarizeValidationFailure(result, completeData, validator?.requiredFields ?? []);

package/src/task/render.ts

@@ -633,12 +633,11 @@ function renderAgentProgress(
 	let statusLine: string;
 	if (progress.status === "running") {
 		const bullet = theme.fg("accent", "•");
-		const name = shimmerEnabled()
-			? shimmerText(displayId, theme)
-			: theme.fg("accent", description ? theme.bold(displayId) : displayId);
+		const name = theme.fg("accent", description ? theme.bold(displayId) : displayId);
 		statusLine = `${indent}${bullet} ${name}`;
 		if (description) {
-			statusLine += theme.fg("accent", `: ${description}`);
+			const desc = shimmerEnabled() ? shimmerText(description, theme) : theme.fg("accent", description);
+			statusLine += `${theme.fg("accent", ":")} ${desc}`;
 		}
 	} else {
 		statusLine = `${indent}${theme.fg(iconColor, icon)} ${theme.fg("accent", titlePart)}`;

package/src/tools/bash.ts

@@ -29,6 +29,7 @@ import { type BashInteractiveResult, runInteractiveBashPty } from "./bash-intera
 import { checkBashInterception } from "./bash-interceptor";
 import { canUseInteractiveBashPty } from "./bash-pty-selection";
 import { expandInternalUrls, type InternalUrlExpansionOptions } from "./bash-skill-urls";
+import { invalidateGithubCacheForBashCommand } from "./gh-cache-invalidation";
 import { formatStyledTruncationWarning, type OutputMeta, stripOutputNotice } from "./output-meta";
 import { resolveToCwd } from "./path-utils";
 import { capPreviewLines, formatToolWorkingDirectory, replaceTabs } from "./render-utils";
@@ -721,6 +722,12 @@ export class BashTool implements AgentTool<BashToolSchema, BashToolDetails> {
 			cwd = await expandInternalUrls(cwd, { ...internalUrlOptions, noEscape: true });
 		}
 
+		// Best-effort cache invalidation: drop github-cache rows for any issue/PR
+		// number touched by a mutating `gh` subcommand inside this bash call so
+		// subsequent issue:// / pr:// reads pick up the post-mutation state
+		// instead of the cached pre-mutation snapshot.
+		invalidateGithubCacheForBashCommand(command);
+
 		const commandCwd = cwd ? resolveToCwd(cwd, this.session.cwd) : this.session.cwd;
 		let cwdStat: fs.Stats;
 		try {

package/src/tools/browser/tab-supervisor.ts

@@ -101,11 +101,23 @@ export async function acquireTab(
 			if (opts.dialogs !== undefined && opts.dialogs !== existing.dialogPolicy) {
 				await releaseTab(name, { kill: false });
 			} else {
+				const reuseSteps: string[] = [];
+				if (opts.viewport) {
+					const dsf = opts.viewport.deviceScaleFactor;
+					reuseSteps.push(
+						`await page.setViewport({ width: ${opts.viewport.width}, height: ${opts.viewport.height}, deviceScaleFactor: ${dsf === undefined ? "undefined" : String(dsf)} });`,
+					);
+				}
 				if (opts.url) {
+					reuseSteps.push(
+						`await tab.goto(${JSON.stringify(opts.url)}, { waitUntil: ${JSON.stringify(opts.waitUntil ?? "load")} });`,
+					);
+				}
+				if (reuseSteps.length) {
 					await runInTabWithSnapshot(
 						name,
 						{
-							code: `await tab.goto(${JSON.stringify(opts.url)}, { waitUntil: ${JSON.stringify(opts.waitUntil ?? "load")} });`,
+							code: reuseSteps.join("\n"),
 							timeoutMs: opts.timeoutMs,
 							signal: opts.signal,
 						},

package/src/tools/browser/tab-worker.ts

@@ -27,7 +27,7 @@ import {
 	DEFAULT_VIEWPORT,
 	loadPuppeteerInWorker,
 } from "./launch";
-import { extractReadableFromHtml, type ReadableFormat, type ReadableResult } from "./readable";
+import { extractReadableFromHtml, type ReadableFormat } from "./readable";
 import type {
 	Observation,
 	ObservationEntry,
@@ -97,7 +97,7 @@ interface TabApi {
 	): Promise<void>;
 	observe(opts?: { includeAll?: boolean; viewportOnly?: boolean }): Promise<Observation>;
 	screenshot(opts?: ScreenshotOptions): Promise<ScreenshotResult>;
-	extract(format?: ReadableFormat): Promise<ReadableResult | null>;
+	extract(format?: ReadableFormat): Promise<string>;
 	click(selector: string): Promise<void>;
 	type(selector: string, text: string): Promise<void>;
 	fill(selector: string, value: string): Promise<void>;
@@ -167,6 +167,25 @@ function cloneSafe(value: unknown): unknown {
 	return String(value);
 }
 
+/**
+ * Strip `user:pass@` from a URL before surfacing it in tool outputs / details
+ * so Basic Auth credentials don't leak into transcripts. Returns the original
+ * string verbatim when it doesn't parse as a URL or when there are no
+ * credentials to redact.
+ */
+function redactUrlCredentials(url: string): string {
+	if (!url || (!url.includes("@") && !url.includes("//"))) return url;
+	try {
+		const parsed = new URL(url);
+		if (!parsed.username && !parsed.password) return url;
+		parsed.username = "";
+		parsed.password = "";
+		return parsed.toString();
+	} catch {
+		return url;
+	}
+}
+
 function errorPayload(error: unknown): RunErrorPayload {
 	if (error instanceof ToolAbortError) {
 		return { name: error.name, message: error.message, stack: error.stack, isToolError: false, isAbort: true };
@@ -491,7 +510,7 @@ export class WorkerCore {
 		const targetId = this.#targetId ?? (await targetIdForPage(page));
 		this.#targetId = targetId;
 		return {
-			url: page.url(),
+			url: redactUrlCredentials(page.url()),
 			title: await page.title().catch(() => undefined),
 			viewport: page.viewport() ?? DEFAULT_VIEWPORT,
 			targetId,
@@ -677,7 +696,17 @@ export class WorkerCore {
 			screenshot: async opts => await this.#captureScreenshot(session, displays, screenshots, signal, opts),
 			extract: async (format = "markdown") => {
 				const html = (await untilAborted(signal, () => page.content())) as string;
-				return extractReadableFromHtml(html, page.url(), format);
+				const result = await extractReadableFromHtml(html, page.url(), format);
+				if (!result) {
+					throw new ToolError(`tab.extract(${JSON.stringify(format)}) found no readable content on ${page.url()}`);
+				}
+				const content = format === "markdown" ? result.markdown : result.text;
+				if (!content) {
+					throw new ToolError(
+						`tab.extract(${JSON.stringify(format)}) produced empty ${format} content for ${page.url()}`,
+					);
+				}
+				return content;
 			},
 			click: async selector => {
 				const resolved = normalizeSelector(selector);

package/src/tools/eval.ts

@@ -88,12 +88,21 @@ function formatDisplayOutputsForText(outputs: EvalDisplayOutput[]): string {
 export interface EvalToolDescriptionOptions {
 	py?: boolean;
 	js?: boolean;
+	/**
+	 * Whether `agent()` is allowed in this session. Driven by the parent's
+	 * spawn policy (`getSessionSpawns`). Defaults to `true` for backward
+	 * compatibility — when the session forbids spawning, the prelude doc
+	 * omits the `agent()` entry so the model does not promise itself a
+	 * helper that will only ever throw "spawns disabled".
+	 */
+	spawns?: boolean;
 }
 
 export function getEvalToolDescription(options: EvalToolDescriptionOptions = {}): string {
 	const py = options.py ?? true;
 	const js = options.js ?? true;
-	return prompt.render(evalDescription, { py, js });
+	const spawns = options.spawns ?? true;
+	return prompt.render(evalDescription, { py, js, spawns });
 }
 
 export interface EvalToolOptions {
@@ -169,7 +178,9 @@ export class EvalTool implements AgentTool<typeof evalSchema> {
 	get description(): string {
 		if (!this.session) return getEvalToolDescription();
 		const backends = resolveEvalBackends(this.session);
-		return getEvalToolDescription({ py: backends.python, js: backends.js });
+		const sessionSpawns = this.session.getSessionSpawns?.() ?? "*";
+		const spawnsAllowed = sessionSpawns !== "" && sessionSpawns !== null;
+		return getEvalToolDescription({ py: backends.python, js: backends.js, spawns: spawnsAllowed });
 	}
 	readonly parameters = evalSchema;
 	readonly concurrency = "exclusive";

package/src/tools/find.ts

@@ -353,6 +353,13 @@ export class FindTool implements AgentTool<typeof findSchema, FindToolDetails> {
 							maxResults: effectiveLimit,
 							sortByMtime: true,
 							gitignore: useGitignore,
+							// parseFindPattern explicitly prepends "**/" when the user's
+							// pattern begins with a glob (so `*.ts` becomes `**/*.ts`).
+							// Anything that arrives here without "**/" was scoped to a
+							// single directory by the user (e.g. `dir/*`); disable the
+							// native auto-recursion so `dir/*` does not silently match
+							// `dir/sub/nested.ts`.
+							recursive: false,
 							signal: combinedSignal,
 						},
 						onMatch,