@sentry/junior 0.51.0 → 0.53.0

package/dist/app.js

@@ -494,6 +494,7 @@ function coerceThreadConversationState(value) {
   const processing = {
     activeTurnId: toOptionalString(rawProcessing.activeTurnId),
     lastCompletedAtMs: toOptionalNumber(rawProcessing.lastCompletedAtMs),
+    lastSessionId: toOptionalString(rawProcessing.lastSessionId),
     pendingAuth: coercePendingAuthState(rawProcessing.pendingAuth)
   };
   const rawStats = isRecord(rawConversation.stats) ? rawConversation.stats : {};
@@ -2101,17 +2102,24 @@ function startActiveTurn(args) {
   args.conversation.processing.activeTurnId = args.nextTurnId;
   args.updateConversationStats(args.conversation);
 }
-function markTurnCompleted(args) {
-  if (!args.sessionId || args.conversation.processing.activeTurnId === args.sessionId) {
-    args.conversation.processing.activeTurnId = void 0;
+function clearActiveTurn(conversation, sessionId) {
+  if (!sessionId || conversation.processing.activeTurnId === sessionId) {
+    conversation.processing.activeTurnId = void 0;
   }
+}
+function markTurnClosed(args) {
+  clearActiveTurn(args.conversation, args.sessionId);
+  args.conversation.processing.lastCompletedAtMs = args.nowMs;
+  args.updateConversationStats(args.conversation);
+}
+function markTurnCompleted(args) {
+  clearActiveTurn(args.conversation, args.sessionId);
+  args.conversation.processing.lastSessionId = args.sessionId;
   args.conversation.processing.lastCompletedAtMs = args.nowMs;
   args.updateConversationStats(args.conversation);
 }
 function markTurnFailed(args) {
-  if (!args.sessionId || args.conversation.processing.activeTurnId === args.sessionId) {
-    args.conversation.processing.activeTurnId = void 0;
-  }
+  clearActiveTurn(args.conversation, args.sessionId);
   args.conversation.processing.lastCompletedAtMs = args.nowMs;
   args.markConversationMessage(args.conversation, args.userMessageId, {
     replied: false,
@@ -2450,6 +2458,9 @@ import { Agent as Agent2 } from "@mariozechner/pi-agent-core";
 import fs from "fs";
 import path2 from "path";
 
+// src/chat/turn-context-tag.ts
+var TURN_CONTEXT_TAG = "runtime-turn-context";
+
 // src/chat/interruption-marker.ts
 var INTERRUPTED_MARKER = "\n\n[Response interrupted before completion]";
 function getInterruptionMarker() {
@@ -3020,7 +3031,6 @@ function formatSlackCapabilityNames(capabilities) {
 }
 var HEADER = "You are a Slack-based helper assistant. Follow the personality block for voice and tone in every reply. The behavior and output blocks define platform mechanics and override personality only when those mechanics conflict.";
 var TURN_CONTEXT_HEADER = "Per-turn runtime context for this request. Treat these blocks as trusted runtime facts and skill/provider instructions for the current turn; the static system prompt remains authoritative.";
-var TURN_CONTEXT_TAG = "runtime-turn-context";
 var TOOL_POLICY_RULES = [
   "- Tool schemas are the source of truth for parameters; tool names are case-sensitive, so call tools exactly by their exposed names and do not invent arguments.",
   "- Use tools for actionable work and for facts that are mutable, external, repository-backed, provider-backed, or requested as verified/current. Stable general knowledge and already-provided context may be answered directly.",
@@ -7882,6 +7892,7 @@ import { Type as Type21 } from "@sinclair/typebox";
 
 // src/chat/respond-helpers.ts
 var MAX_INLINE_ATTACHMENT_BASE64_CHARS = 12e4;
+var RUNTIME_TURN_CONTEXT_START = `<${TURN_CONTEXT_TAG}>`;
 function getSessionIdentifiers(context) {
   return {
     conversationId: context.correlation?.conversationId ?? context.correlation?.threadId ?? context.correlation?.runId,
@@ -8044,6 +8055,75 @@ function getPiMessageRole(value) {
   const role = value.role;
   return typeof role === "string" ? role : void 0;
 }
+function getUserMessageContent(message) {
+  const record = message;
+  return record.role === "user" && Array.isArray(record.content) ? record.content : void 0;
+}
+function isRuntimeTurnContextPart(part, marker) {
+  return part !== null && typeof part === "object" && part.type === "text" && typeof part.text === "string" && part.text.startsWith(marker);
+}
+function replaceRuntimeTurnContext(message, turnContextPrompt) {
+  const content = getUserMessageContent(message);
+  if (!content) {
+    return void 0;
+  }
+  const marker = turnContextPrompt.split("\n", 1)[0];
+  const contextIndex = content.findIndex(
+    (part) => isRuntimeTurnContextPart(part, marker)
+  );
+  if (contextIndex < 0) {
+    return void 0;
+  }
+  const nextContent = [...content];
+  nextContent[contextIndex] = {
+    ...nextContent[contextIndex],
+    text: turnContextPrompt
+  };
+  return {
+    ...message,
+    content: nextContent
+  };
+}
+function refreshRuntimeTurnContext(messages, turnContextPrompt) {
+  for (let index = 0; index < messages.length; index += 1) {
+    const updated = replaceRuntimeTurnContext(
+      messages[index],
+      turnContextPrompt
+    );
+    if (!updated) {
+      continue;
+    }
+    const nextMessages = [...messages];
+    nextMessages[index] = updated;
+    return nextMessages;
+  }
+  return [
+    ...messages,
+    {
+      role: "user",
+      content: [{ type: "text", text: turnContextPrompt }],
+      timestamp: Date.now()
+    }
+  ];
+}
+function stripRuntimeTurnContext(messages) {
+  return messages.flatMap((message) => {
+    const content = getUserMessageContent(message);
+    if (!content) {
+      return [message];
+    }
+    const nextContent = content.filter(
+      (part) => !isRuntimeTurnContextPart(part, RUNTIME_TURN_CONTEXT_START)
+    );
+    if (nextContent.length === content.length) {
+      return [message];
+    }
+    if (nextContent.length === 0) {
+      return [];
+    }
+    return [{ ...message, content: nextContent }];
+  });
+}
 function extractAssistantText(message) {
   const content = message.content ?? [];
   return content.filter(
@@ -9138,84 +9218,51 @@ function createTracedStreamFn(base = streamSimple) {
 // src/chat/sandbox/sandbox.ts
 import fs4 from "fs/promises";
 
-// src/chat/sandbox/egress-policy.ts
-function matchesSandboxEgressDomain(host, domain) {
-  return host.toLowerCase() === domain.toLowerCase();
-}
-function manifestDomains(manifest) {
-  const domains = /* @__PURE__ */ new Set([
-    ...manifest.credentials?.domains ?? [],
-    ...manifest.domains ?? []
-  ]);
-  return [...domains].sort((left, right) => left.localeCompare(right));
-}
-function providerEntries() {
-  return getPluginProviders().map((plugin) => ({
-    provider: plugin.manifest.name,
-    domains: manifestDomains(plugin.manifest)
-  })).filter((entry) => entry.domains.length > 0).sort((left, right) => left.provider.localeCompare(right.provider));
-}
-function resolveSandboxEgressProviderForHost(host) {
-  return providerEntries().find(
-    (entry) => entry.domains.some((domain) => matchesSandboxEgressDomain(host, domain))
-  )?.provider;
-}
-function sandboxProxyUrl() {
-  const baseUrl = resolveBaseUrl();
-  if (!baseUrl) {
-    throw new Error(
-      "Cannot determine base URL for sandbox credential egress (set JUNIOR_BASE_URL or deploy to Vercel)"
-    );
-  }
-  return new URL("/", baseUrl).toString();
+// src/chat/sandbox/egress-session.ts
+import { createHmac, randomUUID as randomUUID3, timingSafeEqual } from "crypto";
+var SANDBOX_EGRESS_PROXY_PATH = "/api/internal/sandbox-egress";
+var SANDBOX_EGRESS_TOKEN_VERSION = "v1";
+var SANDBOX_EGRESS_LEASE_PREFIX = "sandbox-egress-lease";
+var DEFAULT_SESSION_TTL_MS = 30 * 60 * 1e3;
+function leaseKey(provider, context) {
+  return `${SANDBOX_EGRESS_LEASE_PREFIX}:${provider}:${context.requesterId}:${context.egressId}:${context.contextId}`;
 }
-function buildSandboxEgressNetworkPolicy() {
-  const allow = {
-    "*": []
-  };
-  const entries = providerEntries();
-  if (entries.length === 0) {
-    return { allow };
+function getSandboxEgressSecret() {
+  const explicit = process.env.JUNIOR_SANDBOX_EGRESS_SECRET?.trim();
+  if (explicit) {
+    return explicit;
   }
-  const forwardURL = sandboxProxyUrl();
-  for (const entry of entries) {
-    for (const domain of entry.domains) {
-      allow[domain] = [{ forwardURL }];
-    }
+  const sharedInternal = process.env.JUNIOR_INTERNAL_RESUME_SECRET?.trim();
+  if (sharedInternal) {
+    return sharedInternal;
   }
-  return { allow };
+  throw new Error(
+    "Cannot determine sandbox egress secret (set JUNIOR_SANDBOX_EGRESS_SECRET or JUNIOR_INTERNAL_RESUME_SECRET)"
+  );
 }
-async function resolveSandboxCommandEnvironment() {
-  const env = {};
-  for (const plugin of getPluginProviders().sort(
-    (left, right) => left.manifest.name.localeCompare(right.manifest.name)
-  )) {
-    Object.assign(env, resolvePluginCommandEnv(plugin.manifest));
-    const credentials = plugin.manifest.credentials;
-    if (credentials) {
-      env[credentials.authTokenEnv] = resolveAuthTokenPlaceholder(credentials);
-    }
-  }
-  return env;
+function base64Url(input) {
+  return Buffer.from(input, "utf8").toString("base64url");
 }
-
-// src/chat/sandbox/egress-session.ts
-import { randomUUID as randomUUID3 } from "crypto";
-var SANDBOX_EGRESS_SESSION_PREFIX = "sandbox-egress-session";
-var SANDBOX_EGRESS_LEASE_PREFIX = "sandbox-egress-lease";
-var DEFAULT_SESSION_TTL_MS = 30 * 60 * 1e3;
-function sessionKey2(egressId) {
-  return `${SANDBOX_EGRESS_SESSION_PREFIX}:${egressId}`;
+function fromBase64Url(input) {
+  return Buffer.from(input, "base64url").toString("utf8");
 }
-function leaseKey(egressId, provider, session) {
-  return `${SANDBOX_EGRESS_LEASE_PREFIX}:${egressId}:${provider}:${session.requesterId}:${session.activationId}`;
+function signPayload(payload) {
+  return createHmac("sha256", getSandboxEgressSecret()).update(payload).digest("base64url");
 }
-function parseSession(value) {
+function timingSafeMatch(expected, actual) {
+  const expectedBuffer = Buffer.from(expected);
+  const actualBuffer = Buffer.from(actual);
+  if (expectedBuffer.length !== actualBuffer.length) {
+    return false;
+  }
+  return timingSafeEqual(expectedBuffer, actualBuffer);
+}
+function parseRequesterContext(value) {
   if (!value || typeof value !== "object") {
     return void 0;
   }
   const record = value;
-  if (typeof record.requesterId !== "string" || typeof record.expiresAtMs !== "number" || !Number.isFinite(record.expiresAtMs) || typeof record.activationId !== "string" || !record.activationId) {
+  if (typeof record.requesterId !== "string" || !record.requesterId || typeof record.egressId !== "string" || !record.egressId || typeof record.expiresAtMs !== "number" || !Number.isFinite(record.expiresAtMs) || typeof record.contextId !== "string" || !record.contextId) {
     return void 0;
   }
   if (record.expiresAtMs <= Date.now()) {
@@ -9223,8 +9270,9 @@ function parseSession(value) {
   }
   return {
     requesterId: record.requesterId,
+    egressId: record.egressId,
     expiresAtMs: record.expiresAtMs,
-    activationId: record.activationId
+    contextId: record.contextId
   };
 }
 function parseLease(value) {
@@ -9253,50 +9301,127 @@ function parseLease(value) {
     headerTransforms
   };
 }
-async function upsertSandboxEgressSession(input) {
-  const state = getStateAdapter();
-  await state.connect();
+function createSandboxEgressRequesterToken(input) {
   const ttlMs = Math.max(1, input.ttlMs ?? DEFAULT_SESSION_TTL_MS);
   const now = Date.now();
-  const session = {
+  const context = {
     requesterId: input.requesterId,
+    egressId: input.egressId,
     expiresAtMs: now + ttlMs,
-    activationId: randomUUID3()
+    contextId: randomUUID3()
   };
-  await state.set(sessionKey2(input.egressId), session, ttlMs);
-}
-async function clearSandboxEgressSession(egressId) {
-  const state = getStateAdapter();
-  await state.connect();
-  await state.delete(sessionKey2(egressId));
+  const payload = `${SANDBOX_EGRESS_TOKEN_VERSION}.${base64Url(
+    JSON.stringify(context)
+  )}`;
+  return `${payload}.${signPayload(payload)}`;
 }
-async function getSandboxEgressSession(egressId) {
-  const state = getStateAdapter();
-  await state.connect();
-  return parseSession(await state.get(sessionKey2(egressId)));
+function parseSandboxEgressRequesterToken(token) {
+  if (!token) {
+    return void 0;
+  }
+  const parts = token.split(".");
+  if (parts.length !== 3 || parts[0] !== SANDBOX_EGRESS_TOKEN_VERSION) {
+    return void 0;
+  }
+  const encodedSession = parts[1];
+  const signature = parts[2];
+  if (!encodedSession || !signature) {
+    return void 0;
+  }
+  const payload = `${parts[0]}.${encodedSession}`;
+  if (!timingSafeMatch(signPayload(payload), signature)) {
+    return void 0;
+  }
+  try {
+    return parseRequesterContext(JSON.parse(fromBase64Url(encodedSession)));
+  } catch {
+    return void 0;
+  }
 }
-async function setSandboxEgressCredentialLease(egressId, session, lease) {
+async function setSandboxEgressCredentialLease(context, lease) {
   const leaseExpiresAtMs = Date.parse(lease.expiresAt);
   if (!Number.isFinite(leaseExpiresAtMs) || leaseExpiresAtMs <= Date.now()) {
     return;
   }
   const ttlMs = Math.max(
     1,
-    Math.min(leaseExpiresAtMs, session.expiresAtMs) - Date.now()
+    Math.min(leaseExpiresAtMs, context.expiresAtMs) - Date.now()
   );
   const state = getStateAdapter();
   await state.connect();
-  await state.set(leaseKey(egressId, lease.provider, session), lease, ttlMs);
+  await state.set(leaseKey(lease.provider, context), lease, ttlMs);
 }
-async function getSandboxEgressCredentialLease(egressId, provider, session) {
+async function getSandboxEgressCredentialLease(provider, context) {
   const state = getStateAdapter();
   await state.connect();
-  return parseLease(await state.get(leaseKey(egressId, provider, session)));
+  return parseLease(await state.get(leaseKey(provider, context)));
 }
-async function clearSandboxEgressCredentialLease(egressId, provider, session) {
+async function clearSandboxEgressCredentialLease(provider, context) {
   const state = getStateAdapter();
   await state.connect();
-  await state.delete(leaseKey(egressId, provider, session));
+  await state.delete(leaseKey(provider, context));
+}
+
+// src/chat/sandbox/egress-policy.ts
+function matchesSandboxEgressDomain(host, domain) {
+  return host.toLowerCase() === domain.toLowerCase();
+}
+function manifestDomains(manifest) {
+  const domains = /* @__PURE__ */ new Set([
+    ...manifest.credentials?.domains ?? [],
+    ...manifest.domains ?? []
+  ]);
+  return [...domains].sort((left, right) => left.localeCompare(right));
+}
+function providerEntries() {
+  return getPluginProviders().map((plugin) => ({
+    provider: plugin.manifest.name,
+    domains: manifestDomains(plugin.manifest)
+  })).filter((entry) => entry.domains.length > 0).sort((left, right) => left.provider.localeCompare(right.provider));
+}
+function resolveSandboxEgressProviderForHost(host) {
+  return providerEntries().find(
+    (entry) => entry.domains.some((domain) => matchesSandboxEgressDomain(host, domain))
+  )?.provider;
+}
+function sandboxProxyUrl(requesterToken) {
+  const baseUrl = resolveBaseUrl();
+  if (!baseUrl) {
+    throw new Error(
+      "Cannot determine base URL for sandbox credential egress (set JUNIOR_BASE_URL or deploy to Vercel)"
+    );
+  }
+  const path11 = requesterToken ? `${SANDBOX_EGRESS_PROXY_PATH}/${requesterToken}` : SANDBOX_EGRESS_PROXY_PATH;
+  return new URL(path11, baseUrl).toString();
+}
+function buildSandboxEgressNetworkPolicy(input) {
+  const allow = {
+    "*": []
+  };
+  const entries = providerEntries();
+  if (entries.length === 0) {
+    return { allow };
+  }
+  const forwardURL = sandboxProxyUrl(input?.requesterToken);
+  for (const entry of entries) {
+    for (const domain of entry.domains) {
+      allow[domain] = [{ forwardURL }];
+    }
+  }
+  return { allow };
+}
+async function resolveSandboxCommandEnvironment() {
+  const env = {};
+  for (const plugin of getPluginProviders().sort(
+    (left, right) => left.manifest.name.localeCompare(right.manifest.name)
+  )) {
+    Object.assign(env, resolvePluginCommandEnv(plugin.manifest));
+    const credentials = plugin.manifest.credentials;
+    if (credentials) {
+      env[credentials.authTokenEnv] = resolveAuthTokenPlaceholder(credentials);
+    }
+  }
+  return env;
 }
 
 // src/chat/sandbox/http-error-details.ts
@@ -10601,7 +10726,6 @@ function createSandboxSessionManager(options) {
     }
   };
   const buildToolExecutors = async (sandboxInstance) => {
-    const activeSandboxId = sandboxInstance.sandboxId;
     const toolkit = await withSandboxSpan(
       "sandbox.bash_tool.init",
       "sandbox.tool.init",
@@ -10621,35 +10745,9 @@ function createSandboxSessionManager(options) {
     }
     return {
       bash: async (input) => {
-        const commandEgressId = sandboxInstance.sandboxEgressId;
         let timedOut = false;
         let timeoutId;
-        let commandFinished = false;
-        const finishCommand = async () => {
-          if (commandFinished) {
-            return;
-          }
-          commandFinished = true;
-          await options?.afterCommand?.(commandEgressId);
-          await refreshNetworkPolicy(sandboxInstance);
-        };
-        const finishCommandBestEffort = async () => {
-          try {
-            await finishCommand();
-          } catch (error) {
-            logWarn(
-              "sandbox_command_cleanup_failed",
-              traceContext,
-              {
-                "app.sandbox.id": activeSandboxId,
-                "error.type": error instanceof Error ? error.name : "sandbox_command_cleanup_error"
-              },
-              "Sandbox command cleanup failed"
-            );
-          }
-        };
         try {
-          await options?.beforeCommand?.(commandEgressId);
           await refreshNetworkPolicy(sandboxInstance);
           const sandboxCommandEnv = await resolveCommandEnv();
           const script = buildNonInteractiveShellScript(input.command, {
@@ -10671,7 +10769,6 @@ function createSandboxSessionManager(options) {
             cwd: SANDBOX_WORKSPACE_ROOT,
             ...controller ? { signal: controller.signal } : {}
           });
-          await finishCommandBestEffort();
           return await readCommandOutput(commandResult2);
         } catch (error) {
           if (timedOut) {
@@ -10692,7 +10789,6 @@ function createSandboxSessionManager(options) {
           if (timeoutId) {
             clearTimeout(timeoutId);
           }
-          await finishCommandBestEffort();
         }
       },
       readFile: async (input) => await executeReadFile(input, {
@@ -10781,25 +10877,40 @@ function createSandboxExecutor(options) {
   let referenceFiles = [];
   const traceContext = options?.traceContext ?? {};
   const credentialEgress = options?.credentialEgress;
-  const authorizeSandboxEgressForCommand = credentialEgress ? async (egressId) => {
-    await upsertSandboxEgressSession({
-      egressId,
+  const sandboxEgressTokenTtlMs = Math.max(
+    1,
+    options?.timeoutMs ?? 1e3 * 60 * 30
+  );
+  const sandboxEgressRequesterTokens = /* @__PURE__ */ new Map();
+  const sandboxEgressRequesterTokenFor = (egressId) => {
+    const cached = sandboxEgressRequesterTokens.get(egressId);
+    if (cached && cached.expiresAtMs > Date.now()) {
+      return cached.token;
+    }
+    if (!credentialEgress) {
+      throw new Error("Sandbox credential egress is not configured");
+    }
+    const now = Date.now();
+    const token = createSandboxEgressRequesterToken({
       requesterId: credentialEgress.requesterId,
-      ttlMs: options?.timeoutMs
+      egressId,
+      ttlMs: sandboxEgressTokenTtlMs
+    });
+    sandboxEgressRequesterTokens.set(egressId, {
+      expiresAtMs: now + sandboxEgressTokenTtlMs,
+      token
     });
-  } : void 0;
-  const clearSandboxEgressForCommand = credentialEgress ? async (egressId) => {
-    await clearSandboxEgressSession(egressId);
-  } : void 0;
+    return token;
+  };
   const sessionManager = createSandboxSessionManager({
     sandboxId: options?.sandboxId,
     sandboxDependencyProfileHash: options?.sandboxDependencyProfileHash,
     timeoutMs: options?.timeoutMs,
     traceContext,
     commandEnv: credentialEgress ? async () => await resolveSandboxCommandEnvironment() : void 0,
-    createNetworkPolicy: credentialEgress ? buildSandboxEgressNetworkPolicy : void 0,
-    beforeCommand: authorizeSandboxEgressForCommand,
-    afterCommand: clearSandboxEgressForCommand,
+    createNetworkPolicy: credentialEgress ? (egressId) => buildSandboxEgressNetworkPolicy({
+      requesterToken: sandboxEgressRequesterTokenFor(egressId)
+    }) : void 0,
     onSandboxAcquired: async (sandbox) => {
       await options?.onSandboxAcquired?.(sandbox);
     }
@@ -11295,9 +11406,98 @@ async function unlinkProvider(userId, provider, userTokenStore) {
   ]);
 }
 
+// src/chat/state/turn-session-store.ts
+import { THREAD_STATE_TTL_MS as THREAD_STATE_TTL_MS3 } from "chat";
+
+// src/chat/state/pi-session-message-store.ts
+import { isDeepStrictEqual } from "util";
+var PI_SESSION_MESSAGE_PREFIX = "junior:pi_session_message";
+function piSessionMessageKey(scope, index) {
+  return `${PI_SESSION_MESSAGE_PREFIX}:${scope.conversationId}:${scope.sessionId}:${index}`;
+}
+function parsePiMessage(value) {
+  return isRecord(value) ? value : void 0;
+}
+function normalizeMessageCount(value) {
+  return Number.isFinite(value) ? Math.max(0, Math.floor(value)) : 0;
+}
+function countMatchingPrefix(left, right) {
+  const limit = Math.min(left.length, right.length);
+  for (let index = 0; index < limit; index += 1) {
+    if (!isDeepStrictEqual(left[index], right[index])) {
+      return index;
+    }
+  }
+  return limit;
+}
+async function loadPiSessionMessages(args) {
+  const stateAdapter = getStateAdapter();
+  await stateAdapter.connect();
+  const messageCount = normalizeMessageCount(args.messageCount);
+  if (messageCount === 0) {
+    return [];
+  }
+  const values = await Promise.all(
+    Array.from(
+      { length: messageCount },
+      (_, index) => stateAdapter.get(piSessionMessageKey(args, index))
+    )
+  );
+  const messages = [];
+  for (const value of values) {
+    const message = parsePiMessage(value);
+    if (!message) {
+      break;
+    }
+    messages.push(message);
+  }
+  return messages.length === messageCount ? messages : void 0;
+}
+async function loadExistingPiSessionMessages(scope, maxCount) {
+  const count = normalizeMessageCount(maxCount);
+  if (count === 0) {
+    return [];
+  }
+  const stateAdapter = getStateAdapter();
+  await stateAdapter.connect();
+  const values = await Promise.all(
+    Array.from(
+      { length: count },
+      (_, index) => stateAdapter.get(piSessionMessageKey(scope, index))
+    )
+  );
+  const messages = [];
+  for (const value of values) {
+    const message = parsePiMessage(value);
+    if (!message) {
+      break;
+    }
+    messages.push(message);
+  }
+  return messages;
+}
+async function commitPiSessionMessages(args) {
+  const stateAdapter = getStateAdapter();
+  await stateAdapter.connect();
+  const existingMessages = await loadExistingPiSessionMessages(
+    { conversationId: args.conversationId, sessionId: args.sessionId },
+    args.messages.length
+  );
+  const writeFromIndex = countMatchingPrefix(existingMessages, args.messages);
+  await Promise.all(
+    args.messages.slice(writeFromIndex).map(
+      (message, offset) => stateAdapter.set(
+        piSessionMessageKey(args, writeFromIndex + offset),
+        message,
+        args.ttlMs
+      )
+    )
+  );
+}
+
 // src/chat/state/turn-session-store.ts
 var AGENT_TURN_SESSION_PREFIX = "junior:agent_turn_session";
-var AGENT_TURN_SESSION_TTL_MS = 24 * 60 * 60 * 1e3;
+var AGENT_TURN_SESSION_TTL_MS = THREAD_STATE_TTL_MS3;
 function agentTurnSessionKey(conversationId, sessionId) {
   return `${AGENT_TURN_SESSION_PREFIX}:${conversationId}:${sessionId}`;
 }
@@ -11323,41 +11523,55 @@ function parseAgentTurnUsage(value) {
   }
   return Object.keys(usage).length > 0 ? usage : void 0;
 }
-function parseAgentTurnSessionCheckpoint(value) {
+function parseStoredRecord(value) {
+  if (isRecord(value)) {
+    return value;
+  }
   if (typeof value !== "string") {
     return void 0;
   }
   try {
     const parsed = JSON.parse(value);
-    if (!isRecord(parsed)) {
-      return void 0;
-    }
-    const status = parsed.state;
-    if (status !== "running" && status !== "awaiting_resume" && status !== "completed" && status !== "failed" && status !== "superseded") {
-      return void 0;
-    }
-    const conversationId = parsed.conversationId;
-    const sessionId = parsed.sessionId;
-    const sliceId = parsed.sliceId;
-    const checkpointVersion = parsed.checkpointVersion;
-    const updatedAtMs = parsed.updatedAtMs;
-    const cumulativeDurationMs = toFiniteNonNegativeNumber(
-      parsed.cumulativeDurationMs
-    );
-    const cumulativeUsage = parseAgentTurnUsage(parsed.cumulativeUsage);
-    if (typeof conversationId !== "string" || typeof sessionId !== "string" || typeof sliceId !== "number" || typeof checkpointVersion !== "number" || typeof updatedAtMs !== "number") {
-      return void 0;
-    }
-    return {
+    return isRecord(parsed) ? parsed : void 0;
+  } catch {
+    return void 0;
+  }
+}
+function parseAgentTurnSessionRecord(value) {
+  const parsed = parseStoredRecord(value);
+  if (!parsed) {
+    return void 0;
+  }
+  const status = parsed.state;
+  if (status !== "running" && status !== "awaiting_resume" && status !== "completed" && status !== "failed" && status !== "superseded") {
+    return void 0;
+  }
+  const conversationId = parsed.conversationId;
+  const sessionId = parsed.sessionId;
+  const sliceId = parsed.sliceId;
+  const checkpointVersion = parsed.checkpointVersion;
+  const updatedAtMs = parsed.updatedAtMs;
+  const cumulativeDurationMs = toFiniteNonNegativeNumber(
+    parsed.cumulativeDurationMs
+  );
+  const cumulativeUsage = parseAgentTurnUsage(parsed.cumulativeUsage);
+  if (typeof conversationId !== "string" || typeof sessionId !== "string" || typeof sliceId !== "number" || typeof checkpointVersion !== "number" || typeof updatedAtMs !== "number") {
+    return void 0;
+  }
+  const legacyPiMessages = Array.isArray(parsed.piMessages) ? parsed.piMessages : [];
+  const messageCount = toFiniteNonNegativeNumber(parsed.messageCount) ?? legacyPiMessages.length;
+  return {
+    legacyPiMessages,
+    record: {
       checkpointVersion,
       conversationId,
       sessionId,
       sliceId,
       state: status,
       updatedAtMs,
+      messageCount,
       ...cumulativeDurationMs !== void 0 ? { cumulativeDurationMs } : {},
       ...cumulativeUsage ? { cumulativeUsage } : {},
-      piMessages: Array.isArray(parsed.piMessages) ? parsed.piMessages : [],
       ...Array.isArray(parsed.loadedSkillNames) ? {
         loadedSkillNames: parsed.loadedSkillNames.filter(
           (value2) => typeof value2 === "string"
@@ -11366,10 +11580,20 @@ function parseAgentTurnSessionCheckpoint(value) {
       ...parsed.resumeReason === "timeout" || parsed.resumeReason === "auth" ? { resumeReason: parsed.resumeReason } : {},
       ...typeof parsed.errorMessage === "string" ? { errorMessage: parsed.errorMessage } : {},
       ...typeof parsed.resumedFromSliceId === "number" ? { resumedFromSliceId: parsed.resumedFromSliceId } : {}
-    };
-  } catch {
-    return void 0;
+    }
+  };
+}
+function materializePiMessages(legacyPiMessages, messageCount, sessionMessages) {
+  if (messageCount === 0) {
+    return [];
   }
+  if (sessionMessages) {
+    return sessionMessages;
+  }
+  if (legacyPiMessages.length >= messageCount) {
+    return legacyPiMessages.slice(0, messageCount);
+  }
+  return void 0;
 }
 async function getAgentTurnSessionCheckpoint(conversationId, sessionId) {
   const stateAdapter = getStateAdapter();
@@ -11377,23 +11601,51 @@ async function getAgentTurnSessionCheckpoint(conversationId, sessionId) {
   const value = await stateAdapter.get(
     agentTurnSessionKey(conversationId, sessionId)
   );
-  return parseAgentTurnSessionCheckpoint(value);
+  const parsed = parseAgentTurnSessionRecord(value);
+  if (!parsed) {
+    return void 0;
+  }
+  const sessionMessages = await loadPiSessionMessages({
+    conversationId,
+    sessionId,
+    messageCount: parsed.record.messageCount
+  });
+  const piMessages = materializePiMessages(
+    parsed.legacyPiMessages,
+    parsed.record.messageCount,
+    sessionMessages
+  );
+  if (!piMessages) {
+    return void 0;
+  }
+  return {
+    ...parsed.record,
+    piMessages
+  };
 }
 async function upsertAgentTurnSessionCheckpoint(args) {
   const stateAdapter = getStateAdapter();
   await stateAdapter.connect();
-  const existing = await getAgentTurnSessionCheckpoint(
-    args.conversationId,
-    args.sessionId
+  const existingValue = await stateAdapter.get(
+    agentTurnSessionKey(args.conversationId, args.sessionId)
   );
+  const existingRecord = parseAgentTurnSessionRecord(existingValue);
+  const ttlMs = Math.max(1, args.ttlMs ?? AGENT_TURN_SESSION_TTL_MS);
+  await commitPiSessionMessages({
+    conversationId: args.conversationId,
+    sessionId: args.sessionId,
+    messages: args.piMessages,
+    ttlMs
+  });
+  const storedMessageCount = args.piMessages.length;
   const checkpoint = {
-    checkpointVersion: (existing?.checkpointVersion ?? 0) + 1,
+    checkpointVersion: (existingRecord?.record.checkpointVersion ?? 0) + 1,
     conversationId: args.conversationId,
     sessionId: args.sessionId,
     sliceId: args.sliceId,
     state: args.state,
     updatedAtMs: Date.now(),
-    piMessages: Array.isArray(args.piMessages) ? args.piMessages : [],
+    messageCount: storedMessageCount,
     ...typeof args.cumulativeDurationMs === "number" && Number.isFinite(args.cumulativeDurationMs) ? {
       cumulativeDurationMs: Math.max(
         0,
@@ -11410,13 +11662,15 @@ async function upsertAgentTurnSessionCheckpoint(args) {
     ...args.errorMessage ? { errorMessage: args.errorMessage } : {},
     ...typeof args.resumedFromSliceId === "number" ? { resumedFromSliceId: args.resumedFromSliceId } : {}
   };
-  const ttlMs = Math.max(1, args.ttlMs ?? AGENT_TURN_SESSION_TTL_MS);
   await stateAdapter.set(
     agentTurnSessionKey(args.conversationId, args.sessionId),
-    JSON.stringify(checkpoint),
+    checkpoint,
     ttlMs
   );
-  return checkpoint;
+  return {
+    ...checkpoint,
+    piMessages: [...args.piMessages]
+  };
 }
 async function supersedeAgentTurnSessionCheckpoint(args) {
   const existing = await getAgentTurnSessionCheckpoint(
@@ -11969,7 +12223,6 @@ function buildBriefPostCanvasReply(artifactStatePatch) {
 function buildTurnResult(input) {
   const {
     newMessages,
-    piMessages,
     userInput,
     replyFiles,
     artifactStatePatch,
@@ -12073,7 +12326,6 @@ function buildTurnResult(input) {
     text: resolvedText,
     files: replyFiles.length > 0 ? replyFiles : void 0,
     artifactStatePatch: Object.keys(artifactStatePatch).length > 0 ? artifactStatePatch : void 0,
-    piMessages,
     deliveryPlan,
     deliveryMode,
     sandboxId,
@@ -12756,69 +13008,6 @@ function buildUserTurnInput(args) {
   }
   return { routerBlocks, userContentParts };
 }
-function refreshCheckpointTurnContext(messages, turnContextPrompt) {
-  const marker = getTurnContextMarker(turnContextPrompt);
-  for (let index = 0; index < messages.length; index += 1) {
-    const content = getUserMessageContent(messages[index]);
-    if (!content) {
-      continue;
-    }
-    const contextIndex = content.findIndex(
-      (part) => isTurnContextPart(part, marker)
-    );
-    if (contextIndex < 0) {
-      continue;
-    }
-    const updatedMessages = [...messages];
-    const updatedContent = [...content];
-    updatedContent[contextIndex] = {
-      ...updatedContent[contextIndex],
-      text: turnContextPrompt
-    };
-    updatedMessages[index] = {
-      ...messages[index],
-      content: updatedContent
-    };
-    return updatedMessages;
-  }
-  return [
-    ...messages,
-    {
-      role: "user",
-      content: [{ type: "text", text: turnContextPrompt }],
-      timestamp: Date.now()
-    }
-  ];
-}
-function stripTurnContextFromMessages(messages, turnContextPrompt) {
-  const marker = getTurnContextMarker(turnContextPrompt);
-  return messages.flatMap((message) => {
-    const content = getUserMessageContent(message);
-    if (!content) {
-      return [message];
-    }
-    const strippedContent = content.filter(
-      (part) => !isTurnContextPart(part, marker)
-    );
-    if (strippedContent.length === content.length) {
-      return [message];
-    }
-    if (strippedContent.length === 0) {
-      return [];
-    }
-    return [{ ...message, content: strippedContent }];
-  });
-}
-function getTurnContextMarker(turnContextPrompt) {
-  return turnContextPrompt.split("\n", 1)[0];
-}
-function getUserMessageContent(message) {
-  const record = message;
-  return record.role === "user" && Array.isArray(record.content) ? record.content : void 0;
-}
-function isTurnContextPart(part, marker) {
-  return part !== null && typeof part === "object" && part.type === "text" && typeof part.text === "string" && part.text.startsWith(marker);
-}
 async function generateAssistantReply(messageText, context = {}) {
   const replyStartedAtMs = Date.now();
   let timeoutResumeConversationId;
@@ -13331,7 +13520,7 @@ async function generateAssistantReply(messageText, context = {}) {
     beforeMessageCount = agent.state.messages.length;
     try {
       if (resumedFromCheckpoint) {
-        agent.state.messages = refreshCheckpointTurnContext(
+        agent.state.messages = refreshRuntimeTurnContext(
           existingCheckpoint.piMessages,
           turnContextPrompt
         );
@@ -13444,10 +13633,6 @@ async function generateAssistantReply(messageText, context = {}) {
     }
     return buildTurnResult({
       newMessages,
-      piMessages: stripTurnContextFromMessages(
-        agent.state.messages,
-        turnContextPrompt
-      ),
       userInput,
       replyFiles,
       artifactStatePatch,
@@ -14909,7 +15094,7 @@ function completeAuthPauseTurn(args) {
       skippedReason: void 0
     }
   );
-  markTurnCompleted({
+  markTurnClosed({
     conversation: args.conversation,
     nowMs: Date.now(),
     sessionId: args.sessionId,
@@ -14927,7 +15112,7 @@ async function persistAuthPauseTurnState(args) {
 }
 
 // src/chat/services/timeout-resume.ts
-import { createHmac, timingSafeEqual } from "crypto";
+import { createHmac as createHmac2, timingSafeEqual as timingSafeEqual2 } from "crypto";
 var TURN_TIMEOUT_RESUME_PATH = "/api/internal/turn-resume";
 var TURN_TIMEOUT_RESUME_SIGNATURE_VERSION = "v1";
 var TURN_TIMEOUT_RESUME_MAX_SKEW_MS = 5 * 60 * 1e3;
@@ -14962,16 +15147,16 @@ function buildSignedPayload(timestamp, body) {
   return `${timestamp}:${body}`;
 }
 function signTurnTimeoutResumeBody(secret, timestamp, body) {
-  const digest = createHmac("sha256", secret).update(buildSignedPayload(timestamp, body)).digest("hex");
+  const digest = createHmac2("sha256", secret).update(buildSignedPayload(timestamp, body)).digest("hex");
   return `${TURN_TIMEOUT_RESUME_SIGNATURE_VERSION}=${digest}`;
 }
-function timingSafeMatch(expected, actual) {
+function timingSafeMatch2(expected, actual) {
   const expectedBuffer = Buffer.from(expected);
   const actualBuffer = Buffer.from(actual);
   if (expectedBuffer.length !== actualBuffer.length) {
     return false;
   }
-  return timingSafeEqual(expectedBuffer, actualBuffer);
+  return timingSafeEqual2(expectedBuffer, actualBuffer);
 }
 function parseTurnTimeoutResumeRequest(value) {
   if (!value || typeof value !== "object") {
@@ -15034,7 +15219,7 @@ async function verifyTurnTimeoutResumeRequest(request) {
   }
   const body = await request.text();
   const expectedSignature = signTurnTimeoutResumeBody(secret, timestamp, body);
-  if (!timingSafeMatch(expectedSignature, signature)) {
+  if (!timingSafeMatch2(expectedSignature, signature)) {
     return void 0;
   }
   try {
@@ -15111,9 +15296,9 @@ async function persistCompletedReplyState(channelId, threadTs, sessionId, reply)
   const conversation = coerceThreadConversationState(currentState);
   const artifacts = coerceThreadArtifactsState(currentState);
   const nextArtifacts = reply.artifactStatePatch ? mergeArtifactsState(artifacts, reply.artifactStatePatch) : void 0;
-  const userMessageId = getTurnUserMessageId(conversation, sessionId);
+  const userMessage = getTurnUserMessage(conversation, sessionId);
   clearPendingAuth(conversation, sessionId);
-  markConversationMessage(conversation, userMessageId, {
+  markConversationMessage(conversation, userMessage?.id, {
     replied: true,
     skippedReason: void 0
   });
@@ -15130,9 +15315,6 @@ async function persistCompletedReplyState(channelId, threadTs, sessionId, reply)
       replied: true
     }
   });
-  if (reply.piMessages) {
-    conversation.piMessages = reply.piMessages;
-  }
   markTurnCompleted({
     conversation,
     nowMs: Date.now(),
@@ -15554,9 +15736,6 @@ async function persistCompletedOAuthReplyState(args) {
       replied: true
     }
   });
-  if (args.reply.piMessages) {
-    conversation.piMessages = args.reply.piMessages;
-  }
   markTurnCompleted({
     conversation,
     nowMs: Date.now(),
@@ -16069,10 +16248,32 @@ function egressAttributes(input) {
     ...input.status ? { "http.response.status_code": input.status } : {}
   };
 }
+function requesterTokenFromRequest(request) {
+  const pathname = new URL(request.url).pathname;
+  const prefix = `${SANDBOX_EGRESS_PROXY_PATH}/`;
+  if (!pathname.startsWith(prefix)) {
+    return void 0;
+  }
+  const token = pathname.slice(prefix.length).split("/")[0];
+  if (!token) {
+    return void 0;
+  }
+  try {
+    return decodeURIComponent(token);
+  } catch {
+    return void 0;
+  }
+}
+function redactedProxyPath(pathname) {
+  if (pathname.startsWith(`${SANDBOX_EGRESS_PROXY_PATH}/`)) {
+    return `${SANDBOX_EGRESS_PROXY_PATH}/<token>`;
+  }
+  return pathname;
+}
 function routingAttributes(request, upstreamUrl) {
   const proxyUrl = new URL(request.url);
   const attributes = {
-    "app.sandbox.egress.proxy_path": proxyUrl.pathname
+    "app.sandbox.egress.proxy_path": redactedProxyPath(proxyUrl.pathname)
   };
   if (upstreamUrl) {
     attributes["app.sandbox.egress.upstream_path"] = upstreamUrl.pathname;
@@ -16125,22 +16326,23 @@ function normalizePort(value) {
 function sandboxIdFromPayload(payload) {
   return typeof payload.sandbox_id === "string" ? payload.sandbox_id : void 0;
 }
+function normalizedForwardedPath(path11) {
+  if (!path11.startsWith("/") || path11.startsWith("//") || path11.includes("#") || /[\r\n]/.test(path11)) {
+    return { ok: false, error: "Invalid forwarded path" };
+  }
+  try {
+    const url = new URL(path11, "https://sandbox-forwarded.local");
+    return { ok: true, path: `${url.pathname}${url.search}` };
+  } catch {
+    return { ok: false, error: "Invalid forwarded path" };
+  }
+}
 function upstreamPath(request) {
   const forwardedPath = request.headers.get(FORWARDED_PATH_HEADER);
-  if (forwardedPath?.trim()) {
-    const path11 = forwardedPath.trim();
-    if (!path11.startsWith("/") || path11.startsWith("//") || path11.includes("#") || /[\r\n]/.test(path11)) {
-      return { ok: false, error: "Invalid forwarded path" };
-    }
-    try {
-      const url2 = new URL(path11, "https://sandbox-forwarded.local");
-      return { ok: true, path: `${url2.pathname}${url2.search}` };
-    } catch {
-      return { ok: false, error: "Invalid forwarded path" };
-    }
+  if (!forwardedPath?.trim()) {
+    return { ok: false, error: "Missing forwarded path" };
   }
-  const url = new URL(request.url);
-  return { ok: true, path: `${url.pathname}${url.search}` };
+  return normalizedForwardedPath(forwardedPath.trim());
 }
 function buildUpstreamUrl(request) {
   const forwardedHost = request.headers.get(FORWARDED_HOST_HEADER);
@@ -16212,18 +16414,14 @@ function responseHeaders(upstream) {
   });
   return headers;
 }
-async function credentialLease(egressId, provider, session) {
-  const cached = await getSandboxEgressCredentialLease(
-    egressId,
-    provider,
-    session
-  );
+async function credentialLease(provider, context) {
+  const cached = await getSandboxEgressCredentialLease(provider, context);
   if (cached) {
     return cached;
   }
   const lease = await issueProviderCredentialLease({
     provider,
-    requesterId: session.requesterId,
+    requesterId: context.requesterId,
     reason: `sandbox-egress:${provider}`
   });
   const headerTransforms = lease.headerTransforms ?? [];
@@ -16237,7 +16435,7 @@ async function credentialLease(egressId, provider, session) {
     expiresAt: lease.expiresAt,
     headerTransforms
   };
-  await setSandboxEgressCredentialLease(egressId, session, cachedLease);
+  await setSandboxEgressCredentialLease(context, cachedLease);
   return cachedLease;
 }
 function hasTransformForHost(lease, host) {
@@ -16278,7 +16476,7 @@ async function proxySandboxEgressRequest(request, deps = {}) {
       {},
       {
         "http.request.method": request.method,
-        "url.path": new URL(request.url).pathname
+        "url.path": redactedProxyPath(new URL(request.url).pathname)
       },
       "Sandbox egress OIDC payload did not include a VM session id"
     );
@@ -16296,7 +16494,7 @@ async function proxySandboxEgressRequest(request, deps = {}) {
         ...egressAttributes({
           egressId: activeEgressId,
           method: request.method,
-          path: new URL(request.url).pathname,
+          path: redactedProxyPath(new URL(request.url).pathname),
           status: 400
         }),
         ...routingAttributes(request)
@@ -16325,10 +16523,12 @@ async function proxySandboxEgressRequest(request, deps = {}) {
     );
     return jsonError("No provider owns forwarded host", 403);
   }
-  const session = await getSandboxEgressSession(activeEgressId);
-  if (!session) {
+  const requesterContext = parseSandboxEgressRequesterToken(
+    requesterTokenFromRequest(request)
+  );
+  if (!requesterContext || requesterContext.egressId !== activeEgressId) {
     logWarn(
-      "sandbox_egress_session_unauthorized",
+      "sandbox_egress_requester_context_unauthorized",
       {},
       {
         ...egressAttributes({
@@ -16341,13 +16541,13 @@ async function proxySandboxEgressRequest(request, deps = {}) {
         }),
         ...routingAttributes(request, upstreamUrl)
       },
-      "Sandbox egress VM session is not authorized for requester credentials"
+      "Sandbox egress request did not include a valid requester context for the VM session"
     );
-    return jsonError("Sandbox egress session is not authorized", 403);
+    return jsonError("Sandbox egress requester context is not authorized", 403);
   }
   let lease;
   try {
-    lease = await credentialLease(activeEgressId, provider, session);
+    lease = await credentialLease(provider, requesterContext);
   } catch (error) {
     if (error instanceof CredentialUnavailableError) {
       logWarn(
@@ -16451,7 +16651,7 @@ ${error.message}`,
       },
       "Sandbox egress upstream auth rejected"
     );
-    await clearSandboxEgressCredentialLease(activeEgressId, provider, session);
+    await clearSandboxEgressCredentialLease(provider, requesterContext);
   }
   return new Response(upstream.body, {
     status: upstream.status,
@@ -16502,9 +16702,6 @@ async function persistCompletedReplyState2(args) {
       replied: true
     }
   });
-  if (args.reply.piMessages) {
-    conversation.piMessages = args.reply.piMessages;
-  }
   markTurnCompleted({
     conversation,
     nowMs: Date.now(),
@@ -18208,6 +18405,31 @@ function getCurrentTurnCanvasUrl(args) {
 function buildCanvasRecoveryReply(canvasUrl) {
   return `I created the canvas, but the turn was interrupted before I could finish the thread reply: ${canvasUrl}`;
 }
+async function loadPiMessagesForTurn(args) {
+  const fallback = args.fallback.length > 0 ? [...args.fallback] : void 0;
+  if (!args.conversationId) {
+    return fallback;
+  }
+  if (args.activeTurnId) {
+    const checkpoint2 = await getAgentTurnSessionCheckpoint(
+      args.conversationId,
+      args.activeTurnId
+    );
+    if (checkpoint2?.piMessages.length) {
+      return stripRuntimeTurnContext(
+        trimTrailingAssistantMessages(checkpoint2.piMessages)
+      );
+    }
+  }
+  if (!args.lastSessionId) {
+    return fallback;
+  }
+  const checkpoint = await getAgentTurnSessionCheckpoint(
+    args.conversationId,
+    args.lastSessionId
+  );
+  return checkpoint?.state === "completed" && checkpoint.piMessages.length > 0 ? stripRuntimeTurnContext(checkpoint.piMessages) : fallback;
+}
 function createReplyToThread(deps) {
   return async function replyToThread(thread, message, options = {}) {
     if (message.author.isMe) {
@@ -18360,6 +18582,7 @@ function createReplyToThread(deps) {
             return;
           }
         }
+        const lastSessionIdForHistory = preparedState.conversation.processing.lastSessionId;
         const configReply = await maybeApplyProviderDefaultConfigRequest({
           channelConfiguration: preparedState.channelConfiguration,
           requesterId: message.author.userId,
@@ -18435,6 +18658,12 @@ function createReplyToThread(deps) {
           }
         );
         const omittedImageAttachmentCount = !isVisionEnabled() && hasPotentialImageAttachment(message.attachments) ? countPotentialImageAttachments(message.attachments) : 0;
+        const piMessages = await loadPiMessagesForTurn({
+          conversationId,
+          activeTurnId,
+          lastSessionId: lastSessionIdForHistory,
+          fallback: preparedState.conversation.piMessages
+        });
         const status = createSlackAdapterAssistantStatusSession({
           channelId: assistantThreadContext?.channelId,
           threadTs: assistantThreadContext?.threadTs,
@@ -18486,7 +18715,7 @@ function createReplyToThread(deps) {
             },
             conversationContext: preparedState.routingContext ?? preparedState.conversationContext,
             artifactState: preparedState.artifacts,
-            piMessages: preparedState.conversation.piMessages,
+            piMessages,
             pendingAuth: preparedState.conversation.processing.pendingAuth,
             configuration: preparedState.configuration,
             channelConfiguration: preparedState.channelConfiguration,
@@ -18569,9 +18798,6 @@ function createReplyToThread(deps) {
               replied: true
             }
           });
-          if (reply.piMessages) {
-            preparedState.conversation.piMessages = reply.piMessages;
-          }
           const artifactStatePatch = reply.artifactStatePatch ? { ...reply.artifactStatePatch } : {};
           const reactionPerformed = reply.diagnostics.toolCalls.includes(
             "slackMessageAddReaction"
@@ -18649,6 +18875,7 @@ function createReplyToThread(deps) {
           markTurnCompleted({
             conversation: preparedState.conversation,
             nowMs: Date.now(),
+            sessionId: turnId,
             updateConversationStats
           });
           await persistThreadState(thread, {
@@ -18774,9 +19001,10 @@ function createReplyToThread(deps) {
                 replied: true
               }
             });
-            markTurnCompleted({
+            markTurnClosed({
               conversation: preparedState.conversation,
               nowMs: Date.now(),
+              sessionId: turnId,
               updateConversationStats
             });
             await persistThreadState(thread, {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentry/junior",
-  "version": "0.51.0",
+  "version": "0.53.0",
   "private": false,
   "publishConfig": {
     "access": "public"