@oh-my-pi/pi-coding-agent 15.13.0 → 15.13.1

package/src/cli.ts

@@ -15,8 +15,17 @@ try {
  * lightweight CLI runner from pi-utils.
  */
 import type { CliConfig } from "@oh-my-pi/pi-utils/cli";
-import { APP_NAME, MIN_BUN_VERSION, VERSION } from "@oh-my-pi/pi-utils/dirs";
-import { declareWorkerHostEntry } from "@oh-my-pi/pi-utils/env";
+import {
+	APP_NAME,
+	getActiveProfile,
+	MIN_BUN_VERSION,
+	resolveProfileEnv,
+	setProfile,
+	VERSION,
+} from "@oh-my-pi/pi-utils/dirs";
+import { declareWorkerHostEntry } from "@oh-my-pi/pi-utils/worker-host";
+import { installProfileAlias, resolveProfileAliasCommandFromProcess } from "./cli/profile-alias";
+import { extractProfileFlags } from "./cli/profile-bootstrap";
 
 if (Bun.semver.order(Bun.version, MIN_BUN_VERSION) < 0) {
 	process.stderr.write(
@@ -27,11 +36,11 @@ if (Bun.semver.order(Bun.version, MIN_BUN_VERSION) < 0) {
 
 process.title = APP_NAME;
 
-// Declare this module as the worker-host entry: Worker threads and worker
-// subprocesses re-enter `Bun.main` with a hidden argv selector instead of
-// loading separate worker entrypoints (single-entry contract across source,
-// npm bundle, and compiled binary).
-declareWorkerHostEntry();
+// Worker-host entry declaration (Worker threads and worker subprocesses
+// re-enter `Bun.main` with a hidden argv selector instead of loading separate
+// worker entrypoints) happens inside `runCli` after profile bootstrap:
+// `@oh-my-pi/pi-utils/env` eagerly loads `.env` from the agent directory at
+// import time, so it must not be imported before `setProfile` runs.
 
 async function showHelp(config: CliConfig): Promise<void> {
 	const { renderRootHelp } = await import("@oh-my-pi/pi-utils/cli");
@@ -196,15 +205,67 @@ async function runTinyWorker(): Promise<void> {
 
 /** Run the CLI with the given argv (no `process.argv` prefix). */
 export async function runCli(argv: string[]): Promise<void> {
-	if (argv[0] === "--smoke-test") {
-		await runSmokeTest();
+	let resolvedArgv = argv;
+	try {
+		const extracted = extractProfileFlags(resolvedArgv);
+		resolvedArgv = extracted.argv;
+		if (extracted.profile !== undefined) {
+			setProfile(extracted.profile);
+		} else {
+			// No explicit --profile: activate any OMP_PROFILE/PI_PROFILE inherited
+			// from the environment. Module-load resolution deliberately swallows an
+			// invalid value to avoid an uncaught throw before this try/catch is in
+			// scope (see `readProfileFromEnvSafe` in dirs.ts), and callers may set
+			// OMP_PROFILE after importing this module (profile aliases/tests). Surfacing
+			// validation here turns `OMP_PROFILE=.. omp --version` into a clean error;
+			// calling setProfile keeps every later path helper on the env-selected
+			// profile instead of the default agent directory.
+			setProfile(resolveProfileEnv(process.env.OMP_PROFILE, process.env.PI_PROFILE));
+		}
+		if (extracted.aliasName !== undefined) {
+			const profile = extracted.profile ?? getActiveProfile();
+			if (!profile) {
+				throw new Error("--alias requires --profile <name> or OMP_PROFILE");
+			}
+			const result = await installProfileAlias({
+				profile,
+				aliasName: extracted.aliasName,
+				command: resolveProfileAliasCommandFromProcess(),
+			});
+			process.stdout.write(
+				`Created ${result.aliasName} for profile ${result.profile} in ${result.configPath}\n` +
+					`Restart your shell or run: ${result.reloadedWith}\n` +
+					`Then use: ${result.aliasName} update, ${result.aliasName} --version, or ${result.aliasName}\n`,
+			);
+			return;
+		}
+	} catch (error) {
+		const message = error instanceof Error ? error.message : String(error);
+		process.stderr.write(`Error: ${message}\n`);
+		process.exitCode = 1;
 		return;
 	}
-	if (TINY_WORKER_ARGS.has(argv[0] ?? "")) {
+
+	// Worker-thread entry dispatch must run before the first `await`: the
+	// stats sync worker's buffering onmessage handler is installed in the
+	// synchronous prefix of `runWorkerEntrypoint`, and Bun flushes the
+	// worker's parked initial messages as soon as the entry module's
+	// top-level evaluation finishes.
+	if (TINY_WORKER_ARGS.has(resolvedArgv[0] ?? "")) {
 		await runTinyWorker();
 		return;
 	}
-	if (await runWorkerEntrypoint(argv[0])) {
+	if (await runWorkerEntrypoint(resolvedArgv[0])) {
+		return;
+	}
+
+	// Declare this module as the worker-host entry now that the active profile
+	// is resolved. The worker-host module is side-effect-free; importing
+	// `@oh-my-pi/pi-utils/env` here would snapshot the wrong agent `.env`.
+	declareWorkerHostEntry();
+
+	if (resolvedArgv[0] === "--smoke-test") {
+		await runSmokeTest();
 		return;
 	}
 	const [{ run }, { commands, resolveCliArgv }] = await Promise.all([
@@ -213,7 +274,7 @@ export async function runCli(argv: string[]): Promise<void> {
 	]);
 	// --help and --version are handled by run() directly, don't rewrite those.
 	// Everything else that isn't a known subcommand routes to "launch".
-	const resolved = resolveCliArgv(argv);
+	const resolved = resolveCliArgv(resolvedArgv);
 	if ("error" in resolved) {
 		process.stderr.write(`error: ${resolved.error}\n`);
 		process.exitCode = 1;
@@ -226,7 +287,13 @@ export async function runCli(argv: string[]): Promise<void> {
 // lowering) builds to fail, and the entrypoint needs nothing after this.
 // The catch mirrors what an unhandled TLA rejection produced: error dump to
 // stderr, exit code 1. Success paths resolve without touching the exit code.
-runCli(process.argv.slice(2)).catch((err: unknown) => {
-	process.stderr.write(`${Bun.inspect(err, { colors: process.stderr.isTTY === true })}\n`);
-	process.exit(1);
-});
+// Guarded so importing `runCli` (profile CLI tests, SDK embedding) does not
+// launch the agent as a side effect. Worker threads re-enter this module as
+// their entry with `import.meta.main === false`, so the worker-host dispatch
+// is admitted via `!Bun.isMainThread`.
+if (import.meta.main || !Bun.isMainThread) {
+	runCli(process.argv.slice(2)).catch((err: unknown) => {
+		process.stderr.write(`${Bun.inspect(err, { colors: process.stderr.isTTY === true })}\n`);
+		process.exit(1);
+	});
+}

package/src/commands/launch.ts

@@ -49,6 +49,12 @@ export default class Index extends Command {
 		"allow-home": Flags.boolean({
 			description: "Allow starting in ~ without auto-switching to a temp dir",
 		}),
+		profile: Flags.string({
+			description: "Use an isolated profile for auth, sessions, settings, and caches",
+		}),
+		alias: Flags.string({
+			description: "Create a shell shortcut for the selected profile and exit",
+		}),
 		cwd: Flags.string({
 			description: "Directory to start in (overrides the launch cwd)",
 		}),
@@ -151,6 +157,7 @@ export default class Index extends Command {
 		`# Include files in initial message\n  ${APP_NAME} @prompt.md @image.png "What color is the sky?"`,
 		`# Non-interactive mode (process and exit)\n  ${APP_NAME} -p "List all .ts files in src/"`,
 		`# Continue previous session\n  ${APP_NAME} --continue "What did we discuss?"`,
+		`# Create a shell shortcut for a work profile\n  ${APP_NAME} --profile work --alias omp-work`,
 		`# Use different model (fuzzy matching)\n  ${APP_NAME} --model opus "Help me refactor this code"`,
 		`# Limit model cycling to specific models\n  ${APP_NAME} --models claude-sonnet,claude-haiku,gpt-4o`,
 		`# Export a session file to HTML\n  ${APP_NAME} --export ~/.omp/agent/sessions/--path--/session.jsonl`,

package/src/config/mcp-schema.json

@@ -89,6 +89,10 @@
         },
         "callbackPath": {
           "type": "string"
+        },
+        "prompt": {
+          "type": "string",
+          "description": "OAuth `prompt` parameter sent during authorization (default: \"consent\" so the provider always shows its account/consent screen; set to \"\" to omit)."
         }
       },
       "description": "Explicit OAuth client settings for servers that need them during /mcp reauth or initial connect."

package/src/config/model-roles.ts

@@ -5,12 +5,14 @@
 import { isValidThemeColor, type ThemeColor } from "../modes/theme/theme";
 import type { Settings } from "./settings";
 
-export type ModelRole = "default" | "smol" | "slow" | "vision" | "plan" | "designer" | "commit" | "task";
+export type ModelRole = "default" | "smol" | "slow" | "vision" | "plan" | "designer" | "commit" | "title" | "task";
 
 export interface ModelRoleInfo {
 	tag?: string;
 	name: string;
 	color?: ThemeColor;
+	/** If true, the role is functional but not shown in the model selector UI. */
+	hidden?: boolean;
 }
 
 export const MODEL_ROLES: Record<ModelRole, ModelRoleInfo> = {
@@ -21,12 +23,22 @@ export const MODEL_ROLES: Record<ModelRole, ModelRoleInfo> = {
 	plan: { tag: "PLAN", name: "Architect", color: "muted" },
 	designer: { tag: "DESIGNER", name: "Designer", color: "muted" },
 	commit: { tag: "COMMIT", name: "Commit", color: "dim" },
+	title: { tag: "TITLE", name: "Title", color: "dim", hidden: true },
 	task: { tag: "TASK", name: "Subtask", color: "muted" },
 };
 
-export const MODEL_ROLE_IDS: ModelRole[] = ["default", "smol", "slow", "vision", "plan", "designer", "commit", "task"];
+export const MODEL_ROLE_IDS: ModelRole[] = [
+	"default",
+	"smol",
+	"slow",
+	"vision",
+	"plan",
+	"designer",
+	"commit",
+	"title",
+	"task",
+];
 
-/** Alias for ModelRoleInfo - used for both built-in and custom roles */
 export type RoleInfo = ModelRoleInfo;
 
 /**
@@ -37,7 +49,7 @@ export type RoleInfo = ModelRoleInfo;
  * entries across settings.
  */
 export function getKnownRoleIds(settings: Settings): string[] {
-	const roles = [...MODEL_ROLE_IDS] as string[];
+	const roles = MODEL_ROLE_IDS.filter(role => !MODEL_ROLES[role as ModelRole]?.hidden) as string[];
 	const seen = new Set<string>(roles);
 	const addRole = (role: string) => {
 		if (seen.has(role)) return;
@@ -65,6 +77,7 @@ export function getRoleInfo(role: string, settings: Settings): RoleInfo {
 			tag: builtIn?.tag,
 			name: configured.name || builtIn?.name || role,
 			color: configured.color && isValidThemeColor(configured.color) ? configured.color : builtIn?.color,
+			hidden: configured.hidden ?? builtIn?.hidden,
 		};
 	}
 

package/src/config/settings-schema.ts

@@ -258,6 +258,8 @@ type SettingDef =
 export interface ModelTagDef {
 	name: string;
 	color?: string;
+	/** If true, the role is functional but not shown in the model selector UI. */
+	hidden?: boolean;
 }
 
 export interface ModelTagsSettings {

package/src/discovery/builtin.ts

@@ -4,7 +4,7 @@
  * Primary provider for OMP native configs. Supports all capabilities.
  */
 import * as path from "node:path";
-import { logger, parseFrontmatter, tryParseJson } from "@oh-my-pi/pi-utils";
+import { getAgentDir, logger, parseFrontmatter, tryParseJson } from "@oh-my-pi/pi-utils";
 import { YAML } from "bun";
 import { getManagedSkillsDir, MANAGED_SKILLS_PROVIDER_ID } from "../autolearn/managed-skills";
 import { registerProvider } from "../capability";
@@ -61,7 +61,9 @@ async function getConfigDirs(ctx: LoadContext): Promise<Array<{ dir: string; lev
 	if (projectDir) {
 		result.push({ dir: projectDir, level: "project" });
 	}
-	const userDir = await ifNonEmptyDir(ctx.home, PATHS.userAgent);
+	// Native user config is profile-scoped: getAgentDir() points at the active
+	// profile's agent dir (~/.omp/profiles/<name>/agent), like sessions and MCP.
+	const userDir = await ifNonEmptyDir(getAgentDir());
 	if (userDir) {
 		result.push({ dir: userDir, level: "user" });
 	}
@@ -178,6 +180,7 @@ async function loadMCPServers(ctx: LoadContext): Promise<LoadResult<MCPServer>>
 							redirectUri?: string;
 							callbackPort?: number;
 							callbackPath?: string;
+							prompt?: string;
 					  }
 					| undefined,
 				transport: serverConfig.type as "stdio" | "sse" | "http" | undefined,
@@ -187,11 +190,14 @@ async function loadMCPServers(ctx: LoadContext): Promise<LoadResult<MCPServer>>
 		return result;
 	};
 
+	// User scope tracks the active profile via getAgentDir() (not ctx.home), so it
+	// stays in sync with getMCPConfigPath("user") and the /mcp config writer.
+	const userAgentDir = getAgentDir();
 	const paths = [
 		{ path: path.join(ctx.cwd, PATHS.projectDir, "mcp.json"), level: "project" as const },
 		{ path: path.join(ctx.cwd, PATHS.projectDir, ".mcp.json"), level: "project" as const },
-		{ path: path.join(ctx.home, PATHS.userAgent, "mcp.json"), level: "user" as const },
-		{ path: path.join(ctx.home, PATHS.userAgent, ".mcp.json"), level: "user" as const },
+		{ path: path.join(userAgentDir, "mcp.json"), level: "user" as const },
+		{ path: path.join(userAgentDir, ".mcp.json"), level: "user" as const },
 	];
 
 	const contents = await Promise.allSettled(
@@ -226,7 +232,7 @@ registerProvider<MCPServer>(mcpCapability.id, {
 async function loadSystemPrompt(ctx: LoadContext): Promise<LoadResult<SystemPrompt>> {
 	const items: SystemPrompt[] = [];
 
-	const userPath = path.join(ctx.home, PATHS.userAgent, "SYSTEM.md");
+	const userPath = path.join(getAgentDir(), "SYSTEM.md");
 	const userContent = await readFile(userPath);
 	if (userContent) {
 		items.push({
@@ -277,7 +283,7 @@ async function loadSkills(ctx: LoadContext): Promise<LoadResult<Skill>> {
 
 	// User-level scan from ~/.omp/agent/skills/
 	const userScan = scanSkillsFromDir(ctx, {
-		dir: path.join(ctx.home, PATHS.userAgent, "skills"),
+		dir: path.join(getAgentDir(), "skills"),
 		providerId: PROVIDER_ID,
 		level: "user",
 		requireDescription: true,
@@ -297,7 +303,7 @@ async function loadSkills(ctx: LoadContext): Promise<LoadResult<Skill>> {
 const MANAGED_SKILLS_PRIORITY = 5;
 async function loadManagedSkills(ctx: LoadContext): Promise<LoadResult<Skill>> {
 	return scanSkillsFromDir(ctx, {
-		dir: getManagedSkillsDir(ctx.home),
+		dir: getManagedSkillsDir(),
 		providerId: MANAGED_SKILLS_PROVIDER_ID,
 		level: "user",
 		requireDescription: true,
@@ -373,7 +379,7 @@ async function loadRules(ctx: LoadContext): Promise<LoadResult<Rule>> {
 	// the current turn so they keep hold across long conversations".
 	// User scope:    ~/.omp/agent/RULES.md
 	// Project scope: nearest .omp/RULES.md walking up from cwd to repoRoot
-	const userRulesFile = path.join(ctx.home, PATHS.userAgent, "RULES.md");
+	const userRulesFile = path.join(getAgentDir(), "RULES.md");
 	const userRule = await loadStickyRulesFile(userRulesFile, "user");
 	if (userRule) items.push(userRule);
 
@@ -890,7 +896,7 @@ async function loadContextFiles(ctx: LoadContext): Promise<LoadResult<ContextFil
 	const items: ContextFile[] = [];
 	const warnings: string[] = [];
 
-	const userPath = path.join(ctx.home, PATHS.userAgent, "AGENTS.md");
+	const userPath = path.join(getAgentDir(), "AGENTS.md");
 	const userContent = await readFile(userPath);
 	if (userContent) {
 		items.push({

package/src/discovery/helpers.ts

@@ -5,6 +5,7 @@ import type { ThinkingLevel } from "@oh-my-pi/pi-agent-core";
 import { FileType, glob } from "@oh-my-pi/pi-natives";
 import {
 	CONFIG_DIR_NAME,
+	getAgentDir,
 	getConfigDirName,
 	getPluginsDir,
 	getProjectDir,
@@ -86,6 +87,11 @@ export type SourceId = keyof typeof SOURCE_PATHS;
  * Get user-level path for a source.
  */
 export function getUserPath(ctx: LoadContext, source: SourceId, subpath: string): string | null {
+	// Native user config is profile-scoped via getAgentDir() (the active profile's
+	// agent dir), matching builtin.ts and getMCPConfigPath("user"). External tools
+	// (~/.claude, ~/.gemini, …) are intentionally not profile-scoped, so they keep
+	// resolving against ctx.home below.
+	if (source === "native") return path.join(getAgentDir(), subpath);
 	const paths = SOURCE_PATHS[source];
 	if (!paths.userAgent) return null;
 	return path.join(ctx.home, paths.userAgent, subpath);
@@ -569,6 +575,25 @@ export async function discoverExtensionModulePaths(_ctx: LoadContext, dir: strin
 	const indexFiles = [...globIndexFiles, ...linkedFiles.indexFiles];
 	const packageJsonFiles = [...globPackageJsonFiles, ...linkedFiles.packageJsonFiles];
 
+	// The native glob walker runs with follow_links=false, so a symlinked extension
+	// directory is yielded as a Symlink entry but never descended into: its inner
+	// index.{ts,js}/package.json are invisible to the `*/...` patterns above.
+	// Detect top-level symlinked directories and synthesize the equivalent subdir
+	// matches so the resolution below treats them like real directories. Symlinked
+	// *files* already match, because the native file-type filter resolves a
+	// symlink's target type for File filters.
+	const topLevelEntries = await readDirEntries(dir);
+	for (const entry of topLevelEntries) {
+		if (!entry.isSymbolicLink()) continue;
+		// readDirEntries follows the symlink: a link to a file/dangling link yields [].
+		const subEntries = await readDirEntries(path.join(dir, entry.name));
+		const hasEntry = (name: string): boolean =>
+			subEntries.some(e => e.name === name && (e.isFile() || e.isSymbolicLink()));
+		if (hasEntry("package.json")) packageJsonFiles.push({ path: `${entry.name}/package.json` });
+		if (hasEntry("index.ts")) indexFiles.push({ path: `${entry.name}/index.ts` });
+		else if (hasEntry("index.js")) indexFiles.push({ path: `${entry.name}/index.js` });
+	}
+
 	// Process direct files
 	for (const match of directFiles) {
 		if (match.path.includes("/")) continue;

package/src/discovery/mcp-json.ts

@@ -46,6 +46,7 @@ interface MCPConfigFile {
 				redirectUri?: string;
 				callbackPort?: number;
 				callbackPath?: string;
+				prompt?: string;
 			};
 		}
 	>;

package/src/discovery/omp-extension-roots.ts

@@ -17,7 +17,7 @@
  */
 import * as fs from "node:fs/promises";
 import * as path from "node:path";
-import { isEnoent, logger, tryParseJson } from "@oh-my-pi/pi-utils";
+import { getAgentDir, isEnoent, logger, tryParseJson } from "@oh-my-pi/pi-utils";
 import { readDirEntries, readFile } from "../capability/fs";
 import type { LoadContext } from "../capability/types";
 import { getEnabledPlugins } from "../extensibility/plugins/loader";
@@ -82,7 +82,7 @@ interface ScopeDirs {
 function scopeDirs(ctx: LoadContext): ScopeDirs {
 	return {
 		project: path.join(ctx.cwd, ".omp"),
-		user: path.join(ctx.home, ".omp", "agent"),
+		user: getAgentDir(),
 	};
 }
 

package/src/edit/file-snapshot-store.ts

@@ -89,3 +89,46 @@ export async function recordFileSnapshot(
 		return undefined;
 	}
 }
+
+/**
+ * Leading line-number prefix the hashline/summary/grep formatters stamp on
+ * every displayed body line: `NN:` or a collapsed summary `NN-MM:` from `read`,
+ * optionally preceded by a grep `*` (match) / space (context) marker from
+ * `search`/`ast-grep`. Anchored at line start, so source content after the
+ * colon never matches.
+ */
+const HASHLINE_LINE_PREFIX = /^[ *]?(\d+)(?:-(\d+))?:/;
+
+/**
+ * The 1-indexed file lines a hashline-formatted body actually displayed.
+ * Single `NN:` rows contribute that line; a collapsed summary `NN-MM:` row
+ * (a `{ .. }` brace pair) contributes only its boundary lines `NN` and `MM` —
+ * the elided interior was never shown, so editing inside it must be rejected.
+ */
+export function parseSeenLinesFromHashlineBody(body: string): number[] {
+	const seen: number[] = [];
+	for (const row of body.split("\n")) {
+		const match = HASHLINE_LINE_PREFIX.exec(row);
+		if (!match) continue;
+		seen.push(Number(match[1]));
+		if (match[2] !== undefined) seen.push(Number(match[2]));
+	}
+	return seen;
+}
+
+/**
+ * Attach the lines a read displayed to the snapshot it minted, so the patcher
+ * can reject edits anchored on lines the model never saw. Best-effort: a no-op
+ * when the body has no numbered rows or the snapshot already aged out. `tag`
+ * must be the tag returned when this exact content was recorded.
+ */
+export function recordSeenLinesFromBody(
+	session: FileSnapshotStoreOwner,
+	absolutePath: string,
+	tag: string,
+	body: string,
+): void {
+	const seen = parseSeenLinesFromHashlineBody(body);
+	if (seen.length === 0) return;
+	getFileSnapshotStore(session).recordSeenLines(canonicalSnapshotKey(absolutePath), tag, seen);
+}

package/src/eval/__tests__/agent-bridge.test.ts

@@ -679,13 +679,14 @@ describe("agent() through eval runtimes", () => {
 					cost: 0,
 					durationMs: i * 10,
 				});
-				await Bun.sleep(5);
+				await Bun.sleep(40);
 			}
 			return singleResult(options, { output: "done" });
 		});
 
 		const ops: string[] = [];
-		using idle = new IdleTimeout(40);
+		// Timing invariant (keep, do not re-tighten): total mock work (20*40ms = 800ms) > idle window (250ms) > scheduling jitter (~tens of ms).
+		using idle = new IdleTimeout(250);
 		const result = await runEvalAgent(
 			{ prompt: "investigate" },
 			{

package/src/eval/__tests__/helpers-local-roots.test.ts

@@ -1,6 +1,6 @@
 import { describe, expect, it } from "bun:test";
 import * as path from "node:path";
-import { TempDir } from "@oh-my-pi/pi-utils";
+import { TempDir } from "@oh-my-pi/pi-utils/temp";
 import { createHelpers, type HelperContext } from "../js/shared/helpers";
 
 /**

package/src/eval/js/shared/runtime.ts

@@ -342,9 +342,63 @@ export class JsRuntime {
 		// Prelude assigns console bridge + short aliases (`read`, `write`, `tool`, `display`, ...)
 		// onto globalThis. Must run after helpers are in place.
 		indirectEval(JAVASCRIPT_PRELUDE_SOURCE);
+		RUN_HOOK_RESOLVERS.add(() => this.#als.getStore()?.hooks);
+		patchStdioOnce();
 	}
 }
 
+/** Resolvers for each live runtime's active-run hooks (one per JsRuntime instance). */
+const RUN_HOOK_RESOLVERS = new Set<() => RuntimeHooks | undefined>();
+
+/** Streams whose `write` the runtime has already wrapped (patch-once guard). */
+const PATCHED_STDIO_STREAMS = new WeakSet<NodeJS.WriteStream>();
+
+/** Hooks for whichever registered runtime currently has an active run, if any. */
+function activeRunHooks(): RuntimeHooks | undefined {
+	for (const resolve of RUN_HOOK_RESOLVERS) {
+		const hooks = resolve();
+		if (hooks) return hooks;
+	}
+	return undefined;
+}
+
+/**
+ * Wrap `process.stdout` / `process.stderr` `write` exactly once per process so
+ * user `process.stdout.write(...)` lands in the active run's text sink. Models
+ * reach for it out of Node habit, but `process` is intentionally the host
+ * worker's real object (see {@link JsRuntime} `#install`), so unrouted writes
+ * escape to the worker's own stdio and never reach the cell — and `write()`
+ * returns a boolean, so a cell ending in `process.stdout.write("x")` captured
+ * `true` while losing the text. Patch only the `write` method (never replace
+ * `process`), preserve exact bytes (no trailing newline), and fall through to
+ * the real stream when no run is active so the worker's own logging is intact.
+ */
+function patchStdioOnce(): void {
+	const streams: NodeJS.WriteStream[] = [process.stdout, process.stderr];
+	for (const stream of streams) {
+		if (!stream || PATCHED_STDIO_STREAMS.has(stream)) continue;
+		PATCHED_STDIO_STREAMS.add(stream);
+		const original = stream.write.bind(stream) as (...args: unknown[]) => boolean;
+		const routed = (chunk: unknown, encoding?: unknown, callback?: unknown): boolean => {
+			const hooks = activeRunHooks();
+			if (!hooks) return original(chunk, encoding, callback);
+			const cb = typeof encoding === "function" ? encoding : callback;
+			const enc = typeof encoding === "string" ? (encoding as BufferEncoding) : undefined;
+			hooks.onText(chunkToString(chunk, enc));
+			if (typeof cb === "function") (cb as (error?: Error | null) => void)();
+			return true;
+		};
+		stream.write = routed as unknown as typeof stream.write;
+	}
+}
+
+/** Coerce a `write()` chunk to text, honoring an explicit encoding for byte chunks. */
+function chunkToString(chunk: unknown, encoding?: BufferEncoding): string {
+	if (typeof chunk === "string") return chunk;
+	if (chunk instanceof Uint8Array) return Buffer.from(chunk).toString(encoding ?? "utf8");
+	return String(chunk);
+}
+
 function formatConsoleArgs(args: unknown[]): string {
 	return args
 		.map(arg => (typeof arg === "string" ? arg : util.inspect(arg, { depth: 6, colors: false, breakLength: 120 })))

package/src/extensibility/extensions/runner.ts

@@ -71,6 +71,28 @@ export function testSetExtensionHandlerTimeoutMs(timeoutMs: number): void {
 	extensionHandlerTimeoutMs = timeoutMs;
 }
 
+/**
+ * Dedicated cap for `session_shutdown` handlers. The generic 30s budget is
+ * appropriate for events extensions can observe (e.g. `session_start`,
+ * `before_provider_request`), but `session_shutdown` is fire-and-forget
+ * teardown — extensions receive no result and the user has already asked to
+ * leave. A hung handler (e.g. an extension waiting on a stuck IPC pipe to a
+ * companion app) MUST NOT hold Ctrl+C / `/exit` hostage for the full window.
+ * See issue #2600.
+ */
+export const SESSION_SHUTDOWN_HANDLER_TIMEOUT_MS = 2_000;
+let sessionShutdownHandlerTimeoutMs = SESSION_SHUTDOWN_HANDLER_TIMEOUT_MS;
+
+export function testSetSessionShutdownHandlerTimeoutMs(timeoutMs: number): void {
+	sessionShutdownHandlerTimeoutMs = timeoutMs;
+}
+
+/** Per-event handler budget. Defaults to the generic cap; `session_shutdown`
+ *  uses its own short cap so teardown stays prompt. */
+function handlerTimeoutForEvent(eventType: string): number {
+	return eventType === "session_shutdown" ? sessionShutdownHandlerTimeoutMs : extensionHandlerTimeoutMs;
+}
+
 const EXTENSION_HANDLER_TIMEOUT = Symbol("extensionHandlerTimeout");
 
 const MAX_PENDING_CREDENTIAL_DISABLED = 32;
@@ -576,7 +598,7 @@ export class ExtensionRunner {
 					event,
 					ctx,
 					ext,
-					extensionHandlerTimeoutMs,
+					handlerTimeoutForEvent(event.type),
 				);
 
 				if (this.#isSessionBeforeEvent(event) && handlerResult) {
@@ -907,7 +929,8 @@ export class ExtensionRunner {
 						messages.push(result.message);
 					}
 					if (result.systemPrompt !== undefined) {
-						currentSystemPrompt = result.systemPrompt;
+						currentSystemPrompt =
+							typeof result.systemPrompt === "string" ? [result.systemPrompt] : result.systemPrompt;
 						systemPromptModified = true;
 					}
 				}

package/src/goals/runtime.ts

@@ -356,7 +356,10 @@ export class GoalRuntime {
 			this.#wallClock.lastAccountedAt += wallSeconds * 1000;
 		}
 
-		await this.#commitState(state, { persist: "goal" });
+		// Persisting wall-clock-only accounting on every tool event bloats /goal sessions with full
+		// objective snapshots. Keep the in-memory/UI state fresh, but persist only token/budget changes.
+		const shouldPersistUsage = tokenDelta > 0 || flippedToBudgetLimited;
+		await this.#commitState(state, { persist: shouldPersistUsage ? "goal" : undefined });
 
 		if (state.goal.status !== "budget-limited") {
 			this.#budgetReportedFor = undefined;