@trenchwork/coder 1.3.0

package/dist/headless/interactiveShell.js

@@ -0,0 +1,2495 @@
+/**
+ * Interactive Shell - Full interactive CLI experience with rich UI.
+ *
+ * Usage:
+ *   agi                    # Start interactive shell
+ *   agi "initial prompt"   # Start with initial prompt
+ *
+ * Features:
+ * - Rich terminal UI with status bar
+ * - Command history
+ * - Streaming responses
+ * - Tool execution display
+ * - Ctrl+C to interrupt
+ */
+import { stdin, stdout, exit } from 'node:process';
+import { readFileSync } from 'node:fs';
+import { resolve, dirname, relative } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { exec as childExec } from 'node:child_process';
+import { promisify } from 'node:util';
+import chalk from 'chalk';
+import { getHITL, hitlEvents } from '../core/hitl.js';
+// Connector imports removed — CLI is local-only, no GitHub gate.
+// Stub functions (antiTermination removed)
+const initializeProtection = (_config) => { };
+const enterCriticalSection = (_name) => { };
+const exitCriticalSection = (_name) => { };
+// Import real shutdown handler for reliable Ctrl+C handling
+import { authorizedShutdown, installSignalHandlers, onShutdown } from '../core/shutdown.js';
+import { resolveProfileConfig } from '../config.js';
+import { createAgentController } from '../runtime/agentController.js';
+import { expandFileMentions, listWorkspaceFiles } from '../core/fileMentions.js';
+import { resolveWorkspaceCaptureOptions, buildWorkspaceContext } from '../workspace.js';
+import { loadAllSecrets, listSecretDefinitions, setSecretValue, getSecretValue, getSecretDefinition, classifyKeyEntry } from '../core/secretStore.js';
+import { resolveKeyMode, keyModeLine, setPreferOwnKeys, clearHostedSession, loginViaLoopback } from '../core/hostedAuth.js';
+import { appendMemoryNote } from '../tools/memoryTools.js';
+import { recordDeepSeekUsage, getUsage, TAVILY_MONTHLY_FREE, TAVILY_ONE_TIME_BONUS } from '../core/usage.js';
+import { listSessions, loadSessionById, saveSessionSnapshot } from '../core/sessionStore.js';
+import { relativeTime } from '../core/relativeTime.js';
+import { getModelContextInfo } from '../core/contextWindow.js';
+import { computeContextUsage, formatTokenCount } from '../core/contextUsage.js';
+import { getChangedFiles, revertAllChanges, hasChangesToRevert } from '../tools/fileChangeTracker.js';
+import { renderChangePanel } from '../core/diffPanel.js';
+import { rewindPreviewLines, rewindResultLine } from '../core/rewind.js';
+import { formatCompactionNote } from '../core/compactionNote.js';
+import { formatSubAgentStart, formatSubAgentComplete } from '../core/subAgentNote.js';
+import { getConfiguredProviders, getProvidersStatus, quickCheckProviders, getCachedDiscoveredModels, sortModelsByPriority } from '../core/modelDiscovery.js';
+import { saveModelPreference } from '../core/preferences.js';
+import { setDebugMode, debugSnippet } from '../utils/debugLogger.js';
+const exec = promisify(childExec);
+import { ensureNextSteps } from '../core/finalResponseFormatter.js';
+import { getTaskCompletionDetector, detectFailingTestOrBuild } from '../core/taskCompletionDetector.js';
+import { TurnGovernor, pendingTodos, nextTodoPrompt } from '../core/turnGovernor.js';
+import { FailureRegistry } from '../core/failureRegistry.js';
+import { buildAdversarialCorrectionPrompt, MAX_ADVERSARIAL_CORRECTIONS } from '../core/adversarialCorrection.js';
+import { getCurrentTodos } from '../tools/todoTools.js';
+import { checkForUpdates, performBackgroundUpdate } from '../core/updateChecker.js';
+import { startNewRun } from '../tools/fileChangeTracker.js';
+import { onSudoPasswordNeeded, offSudoPasswordNeeded, provideSudoPassword } from '../core/sudoPasswordManager.js';
+import { reportStatus, setStatusSink } from '../utils/statusReporter.js';
+import { isSafetyRefusal } from '../core/refusalDetection.js';
+import { formatToolCall, toolActivityLabel, formatToolResult, formatToolError } from '../shell/toolPresentation.js';
+// Tool-result display (ANSI stripping, summarisation, the `⎿` block) now lives
+// in ../shell/toolPresentation.ts — the shell just emits the formatted strings.
+// Timeout constants for regular prompt processing (reasoning models like DeepSeek)
+const PROMPT_REASONING_TIMEOUT_MS = 60 * 1000; // 60 seconds max for reasoning-only without action
+// Per-step timeout: how long we'll wait for the *next* event before
+// declaring the stream stuck and bailing out. Set generously (10 min) so
+// long-running tool calls (a build, a slow `npm install`, etc.) don't
+// trip it, but short enough that a dead provider / network drop doesn't
+// leave the user staring at a forever-spinner with Ctrl+C as their only
+// escape. iterateWithTimeout resets this per-event, so it only fires on
+// genuine inactivity. Override with TRENCHWORK_STEP_TIMEOUT_MS for tests.
+const PROMPT_STEP_TIMEOUT_MS = (() => {
+    const env = process.env['TRENCHWORK_STEP_TIMEOUT_MS'];
+    const parsed = env ? Number(env) : NaN;
+    if (Number.isFinite(parsed) && parsed > 0)
+        return parsed;
+    return 10 * 60 * 1000;
+})();
+const HITL_TOOL_PREFIX = 'HITL_';
+const isHitlToolName = (toolName) => toolName.startsWith(HITL_TOOL_PREFIX);
+/**
+ * Iterate over an async iterator with a timeout per iteration.
+ * If no event is received within the timeout, yields a special timeout marker.
+ * Emits timeout markers without aborting the underlying iterator.
+ * Pass Infinity to disable timeouts entirely.
+ */
+async function* iterateWithTimeout(iterator, timeoutMs, onTimeout) {
+    const asyncIterator = iterator[Symbol.asyncIterator]();
+    let pending = null;
+    let done = false;
+    // If timeout is Infinity or not a positive finite number, disable timeout entirely
+    const timeoutDisabled = !Number.isFinite(timeoutMs) || timeoutMs <= 0;
+    try {
+        while (true) {
+            if (!pending) {
+                pending = asyncIterator.next();
+            }
+            let result;
+            if (timeoutDisabled) {
+                // No timeout - just wait for the next value
+                result = await pending;
+            }
+            else {
+                // Race between pending result and timeout
+                const timeoutPromise = new Promise((resolve) => setTimeout(() => resolve({ __timeout: true }), timeoutMs));
+                result = await Promise.race([pending, timeoutPromise]);
+            }
+            if ('__timeout' in result) {
+                onTimeout?.();
+                yield result;
+                continue;
+            }
+            pending = null;
+            if (result.done) {
+                done = true;
+                return;
+            }
+            yield result.value;
+        }
+    }
+    finally {
+        if (!done && typeof asyncIterator.return === 'function') {
+            try {
+                await asyncIterator.return(undefined);
+            }
+            catch {
+                // Ignore return errors
+            }
+        }
+    }
+}
+let cachedVersion = null;
+// Get version from package.json
+function getVersion() {
+    if (cachedVersion)
+        return cachedVersion;
+    try {
+        const __filename = fileURLToPath(import.meta.url);
+        const pkgPath = resolve(dirname(__filename), '../../package.json');
+        const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+        cachedVersion = pkg.version || '0.0.0';
+        return cachedVersion;
+    }
+    catch {
+        return '0.0.0';
+    }
+}
+/** Inner content of the welcome box (plain, no border/colour). */
+function welcomeBodyLines(input) {
+    const title = input.version ? `✻ Welcome to Trenchwork Coder ${input.version}` : '✻ Welcome to Trenchwork Coder';
+    const body = [title, ''];
+    const mode = input.keyMode ?? (input.hasApiKey ? 'own' : 'none');
+    if (mode === 'hosted') {
+        // Signed in — running on hosted keys. The mode line names the account so
+        // it's unmistakable this is NOT the user's own key.
+        body.push(input.keyModeLine ?? 'Signed in · using hosted keys');
+    }
+    else if (mode === 'own') {
+        body.push(`${input.model} · ${input.provider}`, `Key: ${input.maskedKey} · /help for commands`);
+    }
+    else {
+        body.push('⚠ No DeepSeek API key configured', '', '/login       Sign in with Google for hosted keys', '', 'Or bring your own:', '  /key sk-…    DeepSeek (required) · platform.deepseek.com', '  /key tvly-…  Tavily web search (optional) · tavily.com');
+    }
+    if (input.cwd)
+        body.push(`cwd: ${input.cwd}`);
+    return body;
+}
+/**
+ * Wrap content lines in a Claude-Code-style rounded box (╭╮╰╯). `paint`
+ * colours an already-padded content cell; `border` colours the frame. Both
+ * default to identity so the pure version stays ANSI-free.
+ */
+function roundedBox(content, paint = (s) => s, border = (s) => s) {
+    const width = Math.min(content.reduce((m, c) => Math.max(m, c.length), 0), 72);
+    const pad = (c) => c + ' '.repeat(Math.max(0, width - c.length));
+    const rule = '─'.repeat(width + 2);
+    return [
+        border(`╭${rule}╮`),
+        ...content.map((c) => `${border('│')} ${paint(pad(c))} ${border('│')}`),
+        border(`╰${rule}╯`),
+    ];
+}
+/**
+ * Compose the lines shown when the interactive shell opens. Deliberately NOT a
+ * marketing splash — bare `trenchwork` opens straight into the chat (like
+ * `claude`); this is the load-bearing welcome: a sparkle, the name, and either
+ * how to set a key or the active model + masked key, inside a rounded box that
+ * mirrors Claude Code's. Pure (no chalk/ANSI, no I/O) so the "no marketing
+ * splash, key guidance kept" contract is unit-testable without a PTY. The live
+ * renderer colourises equivalent content; this is the source of truth for
+ * WHICH lines appear.
+ */
+export function composeWelcomeLines(input) {
+    return ['', ...(input.updateLines ?? []), ...roundedBox(welcomeBodyLines(input)), ''];
+}
+/**
+ * Run the fully interactive shell with rich UI.
+ */
+export async function runInteractiveShell(options) {
+    // Install signal handlers FIRST for reliable Ctrl+C handling
+    installSignalHandlers();
+    // Initialize protection systems
+    initializeProtection({
+        interceptSignals: true,
+        monitorResources: true,
+        armorExceptions: true,
+        enableWatchdog: true,
+        verbose: process.env['TRENCHWORK_DEBUG'] === '1',
+    });
+    // The CLI is interactive-only. There is no piped / one-shot / headless
+    // mode — every session runs through the Ink renderer against a live
+    // terminal. If stdin or stdout isn't a TTY, fail fast with a clear
+    // message rather than emitting unrenderable escape sequences into a
+    // pipe.
+    if (!stdin.isTTY || !stdout.isTTY) {
+        reportStatus('trenchwork requires an interactive terminal. Run it directly in a TTY (no pipes, no shell redirection).');
+        exit(1);
+    }
+    loadAllSecrets();
+    // argv intentionally unused — the bin is shell-only. Any tokens after
+    // `trenchwork` are ignored on purpose; configuration lives in /secrets,
+    // /model, /auto, etc. The options.argv field stays only because tests
+    // pass it; it does not affect runtime.
+    void options;
+    const profile = resolveProfile();
+    const workingDir = process.cwd();
+    const workspaceOptions = resolveWorkspaceCaptureOptions(process.env);
+    const workspaceContext = buildWorkspaceContext(workingDir, workspaceOptions);
+    // Resolve profile config for model info
+    const profileConfig = resolveProfileConfig(profile, workspaceContext);
+    // Create agent controller
+    const controller = await createAgentController({
+        profile,
+        workingDir,
+        workspaceContext,
+        env: process.env,
+    });
+    // Create the interactive shell instance
+    const shell = new InteractiveShell(controller, profile, profileConfig, workingDir);
+    await shell.run();
+}
+class InteractiveShell {
+    controller;
+    profile;
+    profileConfig;
+    workingDir;
+    // The shell holds an `IPromptController`-shaped value. The CLI has a
+    // single renderer — Ink, via InkPromptController. `any` here keeps
+    // existing call signatures unchanged; the interface declares the
+    // same surface but TS would otherwise insist we touch every call
+    // site to declare nullability.
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    promptController = null;
+    isProcessing = false;
+    // Full result + tool of the last tool-result that was TRUNCATED for display,
+    // so Ctrl+O can expand it (null when the last result fit, or none yet).
+    lastExpandableResult = null;
+    // Newer npm version detected at startup (null if up to date / unchecked).
+    pendingUpdate = null;
+    shouldExit = false;
+    pendingPrompts = [];
+    debugEnabled = false;
+    // Stable id for THIS run's persisted session, so each autosave updates the
+    // same snapshot in place. Assigned from the first saveSessionSnapshot; set
+    // to a resumed session's id after /resume so the restored thread continues.
+    sessionId = null;
+    // Real input-token count from the provider's last response (= tokens
+    // currently occupying the context window). Drives the accurate "% context
+    // left" chrome indicator and the /context view.
+    lastInputTokens = null;
+    ctrlCCount = 0;
+    lastCtrlCTime = 0;
+    // Set when the user Ctrl+C interrupts a run; suppresses the auto-continue
+    // re-launch in the finally block of processPrompt so the agent doesn't
+    // immediately resume the work the user just cancelled. Cleared when the
+    // user submits a fresh prompt.
+    userInterruptedRun = false;
+    cachedProviders = null;
+    secretInputMode = {
+        active: false,
+        secretId: null,
+        queue: [],
+    };
+    pendingModelSwitch = null;
+    currentResponseBuffer = '';
+    // The turn's final assistant text, captured BEFORE currentResponseBuffer is
+    // cleared on message.complete. The auto-continue refusal/completion/governor
+    // reads run in the `finally`, AFTER that clear, so reading the buffer there saw
+    // '' and blinded them (completion detection + safety-refusal both need the
+    // text). This mirrors the buffer's content but is never cleared mid-turn.
+    finalResponseText = '';
+    // Store original prompt for auto-continuation
+    originalPromptForAutoContinue = null;
+    // (Pinned prompt removed per request — field intentionally absent.)
+    // Bounds + stall-detects the auto-continue loop per user request, and drives
+    // continuation from the live TODO plan (see src/core/turnGovernor.ts). Reset
+    // when a fresh user prompt arrives.
+    autoGovernor = new TurnGovernor();
+    // Remembers recurring error signatures across auto-continue turns so the
+    // agent stops re-trying the same dead end (see src/core/failureRegistry.ts).
+    failureRegistry = new FailureRegistry();
+    // Adversarial auto-correction: how many bounded re-fixes the reviewer has
+    // triggered for the CURRENT user request (capped). Reset on a fresh prompt;
+    // the findings themselves are a per-turn local in processPrompt.
+    adversarialCorrectionCount = 0;
+    constructor(controller, profile, profileConfig, workingDir) {
+        this.controller = controller;
+        this.profile = profile;
+        this.profileConfig = profileConfig;
+        this.workingDir = workingDir;
+        // Pre-fetch provider status in background
+        void this.fetchProviders();
+    }
+    async fetchProviders() {
+        try {
+            this.cachedProviders = await quickCheckProviders();
+        }
+        catch {
+            this.cachedProviders = [];
+        }
+    }
+    validateRequiredApiKeys() {
+        const missingKeys = [];
+        // Check DeepSeek API key (required)
+        if (!getSecretValue('DEEPSEEK_API_KEY')) {
+            missingKeys.push('DEEPSEEK_API_KEY');
+        }
+        // Prompt for missing keys directly without showing warning
+        if (missingKeys.length > 0 && this.promptController) {
+            // Queue all missing keys for input
+            this.secretInputMode.queue = missingKeys.slice(1); // Rest of the keys
+            const first = missingKeys[0];
+            if (first) {
+                // Set secret mode immediately to mask input
+                this.secretInputMode.active = true;
+                this.secretInputMode.secretId = first;
+                this.promptController.setSecretMode(true);
+                // Show the inline panel with instructions
+                const secrets = listSecretDefinitions();
+                const secret = secrets.find(s => s.id === first);
+                if (secret && this.promptController.supportsInlinePanel()) {
+                    const lines = [
+                        chalk.bold.hex('#ece6da')(`Set ${secret.label}`),
+                        chalk.dim(secret.description),
+                        '',
+                        chalk.dim('Enter value (or press Enter to skip)'),
+                    ];
+                    this.promptController.setInlinePanel(lines);
+                    this.promptController.setStatusMessage(`Enter ${secret.label}...`);
+                }
+            }
+        }
+    }
+    queuePrompt(prompt) {
+        this.pendingPrompts.push(prompt);
+    }
+    async run() {
+        // createPromptController returns the Ink-backed controller
+        // (src/ui/ink/InkPromptController.ts) — the only renderer. The
+        // dynamic import keeps React/Ink off the cold-start path until
+        // the interactive shell actually starts.
+        const { createPromptController } = await import('../ui/ink/InkPromptController.js');
+        this.promptController = await createPromptController(stdin, stdout, {
+            onSubmit: (text) => this.handleSubmit(text),
+            onQueue: (text) => this.queuePrompt(text),
+            onInterrupt: () => this.handleInterrupt(),
+            onExit: () => this.handleExit(),
+            onCtrlC: (info) => this.handleCtrlC(info),
+            onToggleAutoContinue: () => this.handleAutoContinueToggle(),
+            onToggleHITL: () => this.handleHITLToggle(),
+            onCyclePermissionMode: (mode) => this.handlePermissionModeChange(mode),
+            onExpandToolResult: () => this.handleExpandToolResult(),
+            // Esc interrupts a running turn (handleInterrupt no-ops when idle), so
+            // the spinner's "esc to interrupt" is real. Ctrl+C still works too.
+            onEscape: () => this.handleInterrupt(),
+            onShowShortcuts: () => this.showKeyboardShortcuts(),
+            onDismissPanel: () => this.dismissInlinePanel(),
+        });
+        // Register cleanup callback for graceful shutdown
+        onShutdown(() => {
+            this.shouldExit = true;
+            this.promptController?.stop();
+            setStatusSink(null);
+        });
+        setStatusSink((message) => this.promptController?.setStatusMessage(message));
+        // Hand the terminal off to the HITL prompt while it's open: suspend
+        // prompt rendering and detach our keypress handler so arrow keys aren't
+        // double-consumed. Restore both when the prompt closes so the next turn's
+        // input works correctly.
+        const onHitlOpen = () => {
+            const r = this.promptController?.getRenderer();
+            if (!r)
+                return;
+            try {
+                r.suspendPromptRendering();
+            }
+            catch { /* ignore */ }
+            try {
+                r.suspendInputCapture();
+            }
+            catch { /* ignore */ }
+        };
+        const onHitlClose = () => {
+            const r = this.promptController?.getRenderer();
+            if (!r)
+                return;
+            try {
+                r.resumeInputCapture();
+            }
+            catch { /* ignore */ }
+            try {
+                r.resumePromptRendering(true);
+            }
+            catch { /* ignore */ }
+        };
+        hitlEvents.on('prompt-open', onHitlOpen);
+        hitlEvents.on('prompt-close', onHitlClose);
+        onShutdown(() => {
+            hitlEvents.removeListener('prompt-open', onHitlOpen);
+            hitlEvents.removeListener('prompt-close', onHitlClose);
+        });
+        // Start the UI
+        this.promptController.start();
+        this.applyDebugState(this.debugEnabled);
+        // Build the @-mention completion file list (bounded walk; new files appear
+        // on the next launch). Best-effort — a scan failure must not block the UI.
+        try {
+            this.promptController.setCompletionFiles(listWorkspaceFiles(this.workingDir));
+        }
+        catch { /* ignore — completion is a convenience */ }
+        // Set up sudo password prompt handler
+        this.setupSudoPasswordHandler();
+        // Set initial status
+        this.promptController.setChromeMeta({
+            directory: this.workingDir,
+        });
+        // Show welcome message
+        await this.showWelcome();
+        // Pinned prompt loading removed — feature stripped per request.
+        // TEST SEAM (guarded; never active unless TRENCHWORK_TEST_FORCE_BUSY_MS + SKIP_AUTH):
+        // Lets PTY E2E harness drive the exact live follow-up queue paths
+        // (handleSubmit during isProcessing, transient queued UI, drain) with
+        // real binary + real keystrokes, no LLM key or network required.
+        const forceBusyMs = Number(process.env['TRENCHWORK_TEST_FORCE_BUSY_MS'] || '0');
+        if (forceBusyMs > 0) {
+            this.isProcessing = true;
+            this.promptController?.setStreaming(true);
+            this.promptController?.setActivityMessage('TEST BUSY (seam for queue E2E)');
+            setTimeout(() => {
+                this.isProcessing = false;
+                this.promptController?.setStreaming(false);
+                this.promptController?.setActivityMessage(null);
+                this.promptController?.forceRender();
+                // Explicitly drain here (exercises the real drain + processPrompt path
+                // even though the fake "run" had no controller.send). Pending items
+                // will hit the normal early guard + error path, but the queue/dequeue
+                // logic itself runs for the test assertions.
+                if (this.pendingPrompts.length > 0 && !this.shouldExit) {
+                    const next = this.pendingPrompts.shift();
+                    if (next) {
+                        const r = this.promptController?.getRenderer();
+                        r?.setFollowUpQueueMode(false);
+                        r?.addUserHistoryItem(next);
+                        r?.setQueuedPrompts(this.pendingPrompts.slice());
+                        void this.processPrompt(next).catch(() => { });
+                    }
+                }
+            }, forceBusyMs);
+        }
+        // Process any queued prompts
+        if (this.pendingPrompts.length > 0) {
+            const prompts = this.pendingPrompts.splice(0);
+            for (const prompt of prompts) {
+                await this.processPrompt(prompt);
+            }
+        }
+        // Keep running until exit
+        await this.waitForExit();
+    }
+    async showWelcome() {
+        const renderer = this.promptController?.getRenderer();
+        if (!renderer)
+            return;
+        const version = getVersion();
+        // Append to existing terminal history — do not clear scrollback.
+        // Check if DeepSeek API key is set
+        const apiKey = process.env.DEEPSEEK_API_KEY?.trim() || '';
+        const hasApiKey = apiKey.length > 0;
+        // Mask API key: show first 4 and last 4 chars
+        const maskApiKey = (key) => {
+            if (key.length <= 12)
+                return key.slice(0, 3) + '...' + key.slice(-3);
+            return key.slice(0, 6) + '...' + key.slice(-4);
+        };
+        // Update check runs for everyone (no account required), with a hard
+        // race-timeout so a slow registry never delays the banner.
+        const updateLines = [];
+        const updatePromise = Promise.race([
+            checkForUpdates(version).catch(() => null),
+            new Promise((resolve) => setTimeout(() => resolve(null), 2000)),
+        ]);
+        // Resolve the update check BEFORE composing the welcome lines — the
+        // previous order built welcomeLines with `...updateLines` (the array
+        // was empty at that point) and only populated updateLines afterwards,
+        // so the upgrade banner literally never rendered. Bug shipped before
+        // the scoped-package rename made the check return wrong data anyway.
+        const updateInfo = await updatePromise;
+        if (updateInfo?.updateAvailable) {
+            // Detect + OFFER (don't force) — the user applies it in-shell with
+            // /update. Auto-installing on every startup ran `npm i -g` without
+            // consent and could fail silently; making it user-initiated is clearer.
+            this.pendingUpdate = updateInfo;
+            updateLines.push(chalk.cyan('  ⬆ ') +
+                chalk.dim('Update available: ') +
+                chalk.yellow(`v${updateInfo.current}`) +
+                chalk.dim(' → ') +
+                chalk.green(`v${updateInfo.latest}`) +
+                chalk.dim(' · type ') + chalk.hex('#ffb142')('/update') + chalk.dim(' to upgrade'));
+        }
+        // Clean, minimal welcome — a sparkle + the essentials in a rounded box,
+        // mirroring Claude Code. The pure composeWelcomeLines() is the contract for
+        // WHICH lines appear; here we draw the same box with brand colour.
+        const flare = chalk.hex('#ff6a1f');
+        const wire = chalk.hex('#3a362e');
+        const keyStatus = resolveKeyMode();
+        const body = welcomeBodyLines({
+            hasApiKey,
+            maskedKey: hasApiKey ? maskApiKey(apiKey) : '',
+            model: this.profileConfig.model,
+            provider: this.profileConfig.provider,
+            cwd: this.workingDir,
+            keyMode: keyStatus.mode,
+            keyModeLine: keyModeLine(keyStatus),
+            version: `v${version}`,
+        });
+        const boxed = roundedBox(body, (cell) => cell.replace('✻', flare('✻')), (s) => wire(s));
+        const welcomeContent = ['', ...updateLines, ...boxed, ''].join('\n');
+        // Use renderer event system instead of direct stdout writes
+        renderer.addEvent('banner', welcomeContent);
+        // Update renderer meta with model info
+        this.promptController?.setModelContext({
+            model: this.profileConfig.model,
+            provider: this.profileConfig.provider,
+        });
+    }
+    /**
+     * Kick off `npm install -g <pkg>@latest` in a background process. When it
+     * completes, surface a renderer event so the user sees the result without
+     * any blocking. The running CLI keeps the old code — the new version is
+     * picked up on next launch.
+     */
+    /**
+     * /update — re-check npm for a newer version (so it works on demand, not
+     * just from the startup notice) and, if one exists, upgrade in-shell. The
+     * install runs in the background and the new version takes effect on the
+     * next launch (a running Node process can't hot-swap its own global pkg).
+     */
+    async handleUpdateCommand() {
+        const renderer = this.promptController?.getRenderer();
+        this.promptController?.setStatusMessage('Checking npm for updates…');
+        const info = await checkForUpdates(getVersion(), true).catch(() => null); // force a fresh check
+        this.promptController?.setStatusMessage(null);
+        if (!info) {
+            renderer?.addEvent('system', chalk.dim('Could not reach npm to check for updates. Try again, or run: npm i -g @trenchwork/coder@latest'));
+            return;
+        }
+        if (!info.updateAvailable) {
+            renderer?.addEvent('system', chalk.dim(`You're on the latest version (v${info.current}).`));
+            this.pendingUpdate = null;
+            return;
+        }
+        renderer?.addEvent('system', chalk.cyan('⬆ ') + chalk.dim('Updating ') + chalk.yellow(`v${info.current}`) +
+            chalk.dim(' → ') + chalk.green(`v${info.latest}`) + chalk.dim('…'));
+        this.pendingUpdate = null;
+        this.runBackgroundUpdate(info);
+    }
+    runBackgroundUpdate(info) {
+        const renderer = this.promptController?.getRenderer();
+        void performBackgroundUpdate(info, (msg) => {
+            try {
+                renderer?.addEvent('system', msg);
+            }
+            catch { /* ignore */ }
+        }).then((res) => {
+            if (!res.started)
+                return;
+            try {
+                renderer?.addEvent('system', chalk.green(`✓ Update installer launched for v${info.latest}. `) +
+                    chalk.dim('Exit and reopen the CLI to use the new version.'));
+            }
+            catch { /* ignore */ }
+        }).catch(() => { });
+    }
+    /**
+     * Set up handler for sudo password prompts from bash tool execution.
+     * When a sudo command needs a password, this prompts the user securely.
+     */
+    sudoPasswordHandler = null;
+    setupSudoPasswordHandler() {
+        this.sudoPasswordHandler = async () => {
+            const renderer = this.promptController?.getRenderer();
+            if (!renderer) {
+                provideSudoPassword(null);
+                return;
+            }
+            try {
+                // Show password prompt
+                renderer.addEvent('system', chalk.yellow('Sudo password required'));
+                renderer.setSecretMode(true);
+                renderer.clearBuffer();
+                // Capture password input
+                const password = await renderer.captureInput({ allowEmpty: false, trim: true, resetBuffer: true });
+                // Hide password mode
+                renderer.setSecretMode(false);
+                if (password) {
+                    provideSudoPassword(password);
+                    renderer.addEvent('system', chalk.green('✓ Password provided'));
+                }
+                else {
+                    provideSudoPassword(null);
+                    renderer.addEvent('system', chalk.yellow('Sudo cancelled'));
+                }
+            }
+            catch (error) {
+                renderer.setSecretMode(false);
+                provideSudoPassword(null);
+                reportStatus('Password prompt cancelled');
+            }
+        };
+        onSudoPasswordNeeded(this.sudoPasswordHandler);
+    }
+    cleanupSudoPasswordHandler() {
+        if (this.sudoPasswordHandler) {
+            offSudoPasswordNeeded(this.sudoPasswordHandler);
+            this.sudoPasswordHandler = null;
+        }
+    }
+    applyDebugState(enabled, statusMessage) {
+        this.debugEnabled = enabled;
+        setDebugMode(enabled);
+        this.promptController?.setDebugMode(enabled);
+        // Show transient status message instead of chat banner
+        if (statusMessage) {
+            this.promptController?.setStatusMessage(statusMessage);
+            setTimeout(() => this.promptController?.setStatusMessage(null), 2000);
+        }
+    }
+    describeEventForDebug(event) {
+        switch (event.type) {
+            case 'message.start':
+                return 'message.start';
+            case 'message.delta': {
+                const snippet = debugSnippet(event.content);
+                return snippet ? `message.delta → ${snippet}` : 'message.delta (empty)';
+            }
+            case 'message.complete': {
+                const snippet = debugSnippet(event.content);
+                return snippet
+                    ? `message.complete → ${snippet} (${event.elapsedMs}ms)`
+                    : `message.complete (${event.elapsedMs}ms)`;
+            }
+            case 'tool.start':
+                return `tool.start ${event.toolName}`;
+            case 'tool.complete': {
+                const snippet = debugSnippet(event.result);
+                return snippet
+                    ? `tool.complete ${event.toolName} → ${snippet}`
+                    : `tool.complete ${event.toolName}`;
+            }
+            case 'tool.error':
+                return `tool.error ${event.toolName} → ${event.error}`;
+            case 'edit.explanation': {
+                const snippet = debugSnippet(event.content);
+                return snippet ? `edit.explanation → ${snippet}` : 'edit.explanation';
+            }
+            case 'error':
+                return `error → ${event.error}`;
+            case 'usage': {
+                const parts = [];
+                if (event.inputTokens != null)
+                    parts.push(`in:${event.inputTokens}`);
+                if (event.outputTokens != null)
+                    parts.push(`out:${event.outputTokens}`);
+                if (event.totalTokens != null)
+                    parts.push(`total:${event.totalTokens}`);
+                return `usage ${parts.length ? parts.join(', ') : '(no tokens)'}`;
+            }
+            default:
+                return event.type;
+        }
+    }
+    handleDebugCommand(arg) {
+        const normalized = arg?.toLowerCase();
+        // /debug alone - toggle
+        if (!normalized) {
+            const targetState = !this.debugEnabled;
+            this.applyDebugState(targetState, `Debug ${targetState ? 'on' : 'off'}`);
+            return true;
+        }
+        // /debug status - show current state
+        if (normalized === 'status') {
+            this.promptController?.setStatusMessage(`Debug is ${this.debugEnabled ? 'on' : 'off'}`);
+            setTimeout(() => this.promptController?.setStatusMessage(null), 2000);
+            return true;
+        }
+        // /debug on|enable
+        if (normalized === 'on' || normalized === 'enable') {
+            if (this.debugEnabled) {
+                this.promptController?.setStatusMessage('Debug already on');
+                setTimeout(() => this.promptController?.setStatusMessage(null), 2000);
+                return true;
+            }
+            this.applyDebugState(true, 'Debug on');
+            return true;
+        }
+        // /debug off|disable
+        if (normalized === 'off' || normalized === 'disable') {
+            if (!this.debugEnabled) {
+                this.promptController?.setStatusMessage('Debug already off');
+                setTimeout(() => this.promptController?.setStatusMessage(null), 2000);
+                return true;
+            }
+            this.applyDebugState(false, 'Debug off');
+            return true;
+        }
+        // Invalid argument
+        this.promptController?.setStatusMessage(`Invalid: /debug ${arg}. Use on|off|status`);
+        setTimeout(() => this.promptController?.setStatusMessage(null), 2500);
+        return true;
+    }
+    /**
+     * Synthesize a user-facing response from reasoning content when the model
+     * provides reasoning but no actual response (common with deepseek-v4-pro).
+     * Extracts key conclusions and formats them as a concise response.
+     */
+    synthesizeFromReasoning(reasoning) {
+        if (!reasoning || reasoning.trim().length < 50) {
+            return null;
+        }
+        // Filter out internal meta-reasoning patterns that shouldn't be shown to user
+        const metaPatterns = [
+            /according to the rules?:?/gi,
+            /let me (?:use|search|look|check|find|think|analyze)/gi,
+            /I (?:should|need to|will|can|must) (?:use|search|look|check|find)/gi,
+            /⚡\s*Executing\.*/gi,
+            /use web\s?search/gi,
+            /for (?:non-)?coding (?:questions|tasks)/gi,
+            /answer (?:directly )?from knowledge/gi,
+            /this is a (?:general knowledge|coding|security)/gi,
+            /the user (?:is asking|wants|might be)/gi,
+            /however,? (?:the user|I|we)/gi,
+            /(?:first|next),? (?:I should|let me|I need)/gi,
+        ];
+        let filtered = reasoning;
+        for (const pattern of metaPatterns) {
+            filtered = filtered.replace(pattern, '');
+        }
+        // Split into sentences
+        const sentences = filtered
+            .split(/[.!?\n]+/)
+            .map(s => s.trim())
+            .filter(s => s.length > 20 && !/^[•\-–—*]/.test(s)); // Skip bullets and short fragments
+        if (sentences.length === 0) {
+            return null;
+        }
+        // Look for actual content (not process descriptions)
+        const contentPatterns = [
+            /(?:refers? to|involves?|relates? to|is about|concerns?)/i,
+            /(?:scandal|deal|agreement|proposal|plan|policy)/i,
+            /(?:Trump|Biden|Ukraine|Russia|president|congress)/i,
+            /(?:the (?:main|key|primary)|importantly)/i,
+        ];
+        const contentSentences = [];
+        for (const sentence of sentences) {
+            // Skip sentences that are clearly meta-reasoning
+            if (/^(?:so|therefore|thus|hence|accordingly)/i.test(sentence))
+                continue;
+            if (/(?:I should|let me|I will|I need|I can)/i.test(sentence))
+                continue;
+            for (const pattern of contentPatterns) {
+                if (pattern.test(sentence)) {
+                    contentSentences.push(sentence);
+                    break;
+                }
+            }
+        }
+        // Use content sentences if found, otherwise take last few sentences (often conclusions)
+        const useSentences = contentSentences.length > 0
+            ? contentSentences.slice(0, 3)
+            : sentences.slice(-3);
+        if (useSentences.length === 0) {
+            return null;
+        }
+        const response = useSentences.join('. ').replace(/\.{2,}/g, '.').trim();
+        // Don't prefix with "Based on my analysis" - just return clean content
+        return response.endsWith('.') ? response : response + '.';
+    }
+    async runLocalCommand(command) {
+        const renderer = this.promptController?.getRenderer();
+        if (!command) {
+            this.promptController?.setStatusMessage('Usage: /bash <command>');
+            setTimeout(() => this.promptController?.setStatusMessage(null), 2500);
+            return;
+        }
+        this.promptController?.setStatusMessage(`bash: ${command}`);
+        try {
+            const { stdout: out, stderr } = await exec(command, {
+                cwd: this.workingDir,
+                maxBuffer: 4 * 1024 * 1024,
+            });
+            const output = [out, stderr].filter(Boolean).join('').trim() || '(no output)';
+            renderer?.addEvent('tool', `$ ${command}\n${output}`);
+        }
+        catch (error) {
+            const err = error;
+            const output = [err.stdout, err.stderr, err.message].filter(Boolean).join('\n').trim();
+            renderer?.addEvent('error', `$ ${command}\n${output || 'command failed'}`);
+        }
+        finally {
+            this.promptController?.setStatusMessage(null);
+        }
+    }
+    handleSlashCommand(command) {
+        const trimmed = command.trim();
+        const lower = trimmed.toLowerCase();
+        // /model and /secrets were removed: Trenchwork is locked to deepseek-v4-pro
+        // on max thought (no model switching), and /key is the one key you set.
+        // Handle /key — set your own DeepSeek OR Tavily API key. Routed by prefix:
+        // `sk-…` → DeepSeek (the model), `tvly-…` → Tavily (web search). Explicit
+        // `/key tavily <k>` / `/key deepseek <k>` also work. Bring-your-own-key is
+        // the model; both are stored in the OS-permission secret store.
+        if (lower === '/key' || lower.startsWith('/key ')) {
+            const renderer = this.promptController?.getRenderer();
+            const arg = trimmed.slice('/key'.length).trim();
+            const entry = classifyKeyEntry(arg);
+            if (entry) {
+                try {
+                    setSecretValue(entry.id, entry.value);
+                    const label = getSecretDefinition(entry.id)?.label ?? entry.id;
+                    renderer?.addEvent('system', chalk.green(`✓ ${label} saved`));
+                }
+                catch (error) {
+                    const msg = error instanceof Error ? error.message : String(error);
+                    renderer?.addEvent('system', chalk.red(`✗ Failed: ${msg}`));
+                }
+            }
+            else {
+                renderer?.addEvent('system', chalk.yellow('Usage: /key sk-… (DeepSeek) or /key tvly-… (Tavily web search)'));
+            }
+            return true;
+        }
+        // /account — show the active key source (hosted vs your own) and switch
+        // between them. `/account own` forces your own keys even while signed in;
+        // `/account hosted` returns to hosted. Hosted keys come from sign-in
+        // (server-side, never baked into this client) — see core/hostedAuth.ts.
+        if (lower === '/account' || lower.startsWith('/account ')) {
+            const r = this.promptController?.getRenderer();
+            const arg = trimmed.slice('/account'.length).trim().toLowerCase();
+            if (arg === 'own')
+                setPreferOwnKeys(true);
+            else if (arg === 'hosted')
+                setPreferOwnKeys(false);
+            if (arg === 'own' || arg === 'hosted')
+                void this.showWelcome(); // banner reflects the switch
+            r?.addEvent('system', this.accountStatusText(resolveKeyMode()));
+            return true;
+        }
+        // /login — Google sign-in via ero.solar (loopback OAuth) to unlock hosted keys.
+        if (lower === '/login' || lower === '/signin') {
+            void this.handleLogin();
+            return true;
+        }
+        // /logout — drop the hosted session (back to your own keys, or none).
+        if (lower === '/logout' || lower === '/signout') {
+            clearHostedSession();
+            this.promptController?.getRenderer()?.addEvent('system', chalk.green('✓ Signed out — using your own keys.'));
+            void this.showWelcome();
+            return true;
+        }
+        // /update — check npm for a newer version and upgrade in-shell.
+        if (lower === '/update' || lower === '/upgrade') {
+            void this.handleUpdateCommand();
+            return true;
+        }
+        if (lower === '/help' || lower === '/h' || lower === '/?') {
+            this.showHelp();
+            return true;
+        }
+        if (lower === '/clear' || lower === '/c') {
+            this.pendingPrompts = [];
+            const r = this.promptController?.getRenderer();
+            r?.setFollowUpQueueMode(false);
+            r?.setQueuedPrompts([]);
+            this.promptController?.clearScreen();
+            void this.showWelcome();
+            return true;
+        }
+        if (lower.startsWith('/bash') || lower.startsWith('/sh ')) {
+            const cmd = trimmed.replace(/^\/(bash|sh)\s*/i, '').trim();
+            void this.runLocalCommand(cmd);
+            return true;
+        }
+        if (lower === '/exit' || lower === '/quit' || lower === '/q') {
+            this.handleExit();
+            return true;
+        }
+        // Keyboard shortcuts help
+        if (lower === '/keys' || lower === '/shortcuts' || lower === '/kb') {
+            this.showKeyboardShortcuts();
+            return true;
+        }
+        // /resume — pick a saved conversation and restore its full history into
+        // context (the agent continues where it left off).
+        if (lower === '/resume' || lower === '/sessions') {
+            this.handleResume();
+            return true;
+        }
+        // /context — show how much of the model's context window is in use.
+        if (lower === '/context' || lower === '/usage') {
+            this.showContext();
+            return true;
+        }
+        // /cost — DeepSeek tokens + Tavily searches consumed (this session + all
+        // time), and the hosted free-pool reference. Account-wide remaining is a
+        // backend number shown in the ero.solar portal.
+        if (lower === '/cost' || lower === '/spend') {
+            this.showUsage();
+            return true;
+        }
+        // /diff — review the files the agent changed this run, as colored diffs.
+        if (lower === '/diff' || lower === '/changes') {
+            this.showDiff();
+            return true;
+        }
+        // /rewind — restore the files changed this run to their prior state
+        // (two-step: preview, then `/rewind confirm`).
+        if (lower === '/rewind' || lower.startsWith('/rewind ') || lower === '/revert' || lower.startsWith('/revert ')) {
+            this.handleRewind(trimmed.split(/\s+/).slice(1).join(' '));
+            return true;
+        }
+        // Everything is on by default for max performance — there are no toggles.
+        // Ultracode + max thought, the adversarial verifier, and auto-continue all
+        // run under the hood. The /auto, /adversarial, /debug, /ultracode, /model,
+        // /secrets, /pin, and /email commands were removed; /key is the one knob.
+        return false;
+    }
+    /**
+     * Switch model silently without writing to chat.
+     * Accepts formats: "provider", "provider model", "provider/model", or "model"
+     * Updates status bar to show new model.
+     */
+    async switchModel(arg) {
+        // Ensure we have provider info
+        if (!this.cachedProviders) {
+            await this.fetchProviders();
+        }
+        const providers = this.cachedProviders || [];
+        const configuredProviders = getConfiguredProviders();
+        let targetProvider = null;
+        let targetModel = null;
+        // Parse argument: could be "provider model", "provider/model", "provider", or just "model"
+        // Check for space-separated format first: "openai o1-pro"
+        const parts = arg.split(/[\s/]+/);
+        if (parts.length >= 2) {
+            // Try first part as provider
+            const providerMatch = this.matchProvider(parts[0] || '');
+            if (providerMatch) {
+                targetProvider = providerMatch;
+                targetModel = parts.slice(1).join('/'); // Rest is model (handle models with slashes)
+            }
+            else {
+                // First part isn't a provider, treat whole arg as model name
+                const inferredProvider = this.inferProviderFromModel(arg.replace(/\s+/g, '-'));
+                if (inferredProvider) {
+                    targetProvider = inferredProvider;
+                    targetModel = arg.replace(/\s+/g, '-');
+                }
+            }
+        }
+        else {
+            // Single token - could be provider or model
+            const matched = this.matchProvider(arg);
+            if (matched) {
+                targetProvider = matched;
+                // Use provider's best model
+                const providerStatus = providers.find(p => p.provider === targetProvider);
+                targetModel = providerStatus?.latestModel || null;
+            }
+            else {
+                // Assume it's a model name - try to infer provider from model prefix
+                const inferredProvider = this.inferProviderFromModel(arg);
+                if (inferredProvider) {
+                    targetProvider = inferredProvider;
+                    targetModel = arg;
+                }
+            }
+        }
+        // Validate we have a valid provider
+        if (!targetProvider) {
+            // Silent error - just flash status briefly
+            this.promptController?.setStatusMessage(`Unknown: ${arg}`);
+            setTimeout(() => this.promptController?.setStatusMessage(null), 2000);
+            return;
+        }
+        // Check provider is configured
+        const providerInfo = configuredProviders.find(p => p.id === targetProvider);
+        if (!providerInfo) {
+            // Provider not configured - offer to set up API key
+            const secretMap = {
+                'deepseek': 'DEEPSEEK_API_KEY',
+            };
+            const secretId = secretMap[targetProvider];
+            if (secretId) {
+                this.promptController?.setStatusMessage(`${targetProvider} needs API key - setting up...`);
+                // Store the pending model switch to complete after secret is set
+                this.pendingModelSwitch = { provider: targetProvider, model: targetModel };
+                setTimeout(() => this.promptForSecret(secretId), 500);
+                return;
+            }
+            // Provider not supported
+            this.promptController?.setStatusMessage(`${targetProvider} not available - only DeepSeek is supported`);
+            setTimeout(() => this.promptController?.setStatusMessage(null), 2000);
+            return;
+        }
+        // Get model if not specified
+        if (!targetModel) {
+            const providerStatus = providers.find(p => p.provider === targetProvider);
+            targetModel = providerStatus?.latestModel || providerInfo.latestModel;
+        }
+        // Save preference and update config
+        saveModelPreference(this.profile, {
+            provider: targetProvider,
+            model: targetModel,
+        });
+        // Update local config
+        this.profileConfig = {
+            ...this.profileConfig,
+            provider: targetProvider,
+            model: targetModel,
+        };
+        // Update controller's model
+        await this.controller.switchModel({
+            provider: targetProvider,
+            model: targetModel,
+        });
+        // Update status bar - this displays the model below the chat box
+        this.promptController?.setModelContext({
+            model: targetModel,
+            provider: targetProvider,
+        });
+        // Silent success - no chat output, just status bar update
+    }
+    /**
+     * Match user input to a provider ID (fuzzy matching)
+     */
+    matchProvider(input) {
+        const lower = input.toLowerCase();
+        const providers = getConfiguredProviders();
+        // Exact match
+        const exact = providers.find(p => p.id === lower || p.name.toLowerCase() === lower);
+        if (exact)
+            return exact.id;
+        // Prefix match
+        const prefix = providers.find(p => p.id.startsWith(lower) || p.name.toLowerCase().startsWith(lower));
+        if (prefix)
+            return prefix.id;
+        // Alias matching
+        const aliases = {
+            'ds': 'deepseek',
+            'deep': 'deepseek',
+        };
+        if (aliases[lower]) {
+            const aliased = providers.find(p => p.id === aliases[lower]);
+            if (aliased)
+                return aliased.id;
+        }
+        return null;
+    }
+    /**
+     * Infer provider from model name
+     */
+    inferProviderFromModel(model) {
+        const lower = model.toLowerCase();
+        if (lower.startsWith('deepseek')) {
+            return 'deepseek';
+        }
+        return null;
+    }
+    /**
+     * Show interactive model picker menu (Claude Code style).
+     * Auto-discovers latest models from each provider's API.
+     * Uses arrow key navigation with inline panel display.
+     */
+    showModelMenu() {
+        if (!this.promptController?.supportsInlinePanel()) {
+            this.promptController?.setStatusMessage('Use /model <provider> <model> to switch');
+            setTimeout(() => this.promptController?.setStatusMessage(null), 3000);
+            return;
+        }
+        // Show loading indicator
+        this.promptController?.setStatusMessage('Discovering models...');
+        // Fetch latest models from APIs
+        void this.fetchAndShowModelMenu();
+    }
+    /**
+     * Fetch models from provider APIs and show the interactive menu.
+     */
+    async fetchAndShowModelMenu() {
+        try {
+            // Get provider status and cached models
+            const allProviders = getProvidersStatus();
+            const cachedModels = getCachedDiscoveredModels();
+            const currentModel = this.profileConfig.model;
+            const currentProvider = this.profileConfig.provider;
+            // Try to get fresh models from configured providers (with short timeout)
+            let freshStatus = [];
+            try {
+                freshStatus = await Promise.race([
+                    quickCheckProviders(),
+                    new Promise((resolve) => setTimeout(() => resolve([]), 3000))
+                ]);
+            }
+            catch {
+                // Use cached data on error
+            }
+            // Build menu items - group by provider, show models
+            const menuItems = [];
+            for (const provider of allProviders) {
+                // Get models for this provider
+                const providerCachedModels = cachedModels.filter(m => m.provider === provider.id);
+                const freshProvider = freshStatus.find(s => s.provider === provider.id);
+                // Collect model IDs
+                let modelIds = [];
+                // Add fresh latest model if available
+                if (freshProvider?.available && freshProvider.latestModel) {
+                    modelIds.push(freshProvider.latestModel);
+                }
+                // Add cached models
+                modelIds.push(...providerCachedModels.map(m => m.id));
+                // Add provider's default model
+                if (provider.latestModel && !modelIds.includes(provider.latestModel)) {
+                    modelIds.push(provider.latestModel);
+                }
+                // Remove duplicates and sort by priority (best first)
+                modelIds = [...new Set(modelIds)];
+                modelIds = sortModelsByPriority(provider.id, modelIds);
+                // Limit to top 3 models per provider
+                const topModels = modelIds.slice(0, 3);
+                if (!provider.configured) {
+                    // Show unconfigured provider as single disabled item
+                    menuItems.push({
+                        id: `${provider.id}:setup`,
+                        label: `${provider.name}`,
+                        description: `(${provider.envVar} not set - select to configure)`,
+                        category: provider.id,
+                        isActive: false,
+                        disabled: false, // Allow selection to configure
+                    });
+                }
+                else if (topModels.length === 0) {
+                    // No models found - show provider with default
+                    menuItems.push({
+                        id: `${provider.id}:${provider.latestModel}`,
+                        label: `${provider.name} › ${provider.latestModel}`,
+                        description: 'default',
+                        category: provider.id,
+                        isActive: provider.id === currentProvider && provider.latestModel === currentModel,
+                        disabled: false,
+                    });
+                }
+                else {
+                    // Show each model as selectable item
+                    for (const modelId of topModels) {
+                        const isCurrentModel = provider.id === currentProvider && modelId === currentModel;
+                        const modelLabel = this.formatModelLabel(modelId);
+                        menuItems.push({
+                            id: `${provider.id}:${modelId}`,
+                            label: `${provider.name} › ${modelLabel}`,
+                            description: isCurrentModel ? '(current)' : '',
+                            category: provider.id,
+                            isActive: isCurrentModel,
+                            disabled: false,
+                        });
+                    }
+                }
+            }
+            // Clear loading message
+            this.promptController?.setStatusMessage(null);
+            // Show the interactive menu
+            this.promptController?.setMenu(menuItems, { title: 'Select Model' }, (selected) => {
+                if (selected) {
+                    // Parse provider:model format
+                    const [providerId, ...modelParts] = selected.id.split(':');
+                    const modelId = modelParts.join(':');
+                    if (modelId === 'setup') {
+                        // Configure provider API key
+                        const secretMap = {
+                            'deepseek': 'DEEPSEEK_API_KEY',
+                        };
+                        const secretId = secretMap[providerId ?? ''];
+                        if (secretId) {
+                            this.promptForSecret(secretId);
+                        }
+                    }
+                    else {
+                        // Switch to selected model
+                        void this.switchModel(`${providerId} ${modelId}`);
+                    }
+                }
+            });
+        }
+        catch (error) {
+            this.promptController?.setStatusMessage('Failed to load models');
+            setTimeout(() => this.promptController?.setStatusMessage(null), 2000);
+        }
+    }
+    /**
+     * Format model ID for display (shorten long IDs).
+     */
+    formatModelLabel(modelId) {
+        let label = modelId
+            .replace(/^deepseek-/, 'DeepSeek ');
+        if (label.length > 30) {
+            label = label.slice(0, 27) + '...';
+        }
+        return label;
+    }
+    showSecrets() {
+        const secrets = listSecretDefinitions();
+        if (!this.promptController?.supportsInlinePanel()) {
+            // Fallback for non-TTY - use status message
+            const setCount = secrets.filter(s => !!process.env[s.envVar]).length;
+            this.promptController?.setStatusMessage(`API Keys: ${setCount}/${secrets.length} configured`);
+            setTimeout(() => this.promptController?.setStatusMessage(null), 3000);
+            return;
+        }
+        // Build interactive menu items
+        const menuItems = secrets.map(secret => {
+            const isSet = !!process.env[secret.envVar];
+            const statusIcon = isSet ? '✓' : '✗';
+            const providers = secret.providers?.length ? ` (${secret.providers.join(', ')})` : '';
+            return {
+                id: secret.id,
+                label: `${statusIcon} ${secret.envVar}`,
+                description: isSet ? 'configured' + providers : 'not set' + providers,
+                isActive: isSet,
+                disabled: false,
+            };
+        });
+        // Show the interactive menu
+        this.promptController.setMenu(menuItems, { title: 'API Keys — Select to Configure' }, (selected) => {
+            if (selected) {
+                // Start secret input for selected key
+                this.promptForSecret(selected.id);
+            }
+        });
+    }
+    /**
+     * Start interactive secret input flow.
+     * If secretArg is provided, set only that secret.
+     * Otherwise, prompt for all unset secrets.
+     */
+    async startSecretInput(secretArg) {
+        const secrets = listSecretDefinitions();
+        if (secretArg) {
+            // Set a specific secret
+            const upper = secretArg.toUpperCase();
+            const secret = secrets.find(s => s.id === upper || s.envVar === upper);
+            if (!secret) {
+                this.promptController?.setStatusMessage(`Unknown secret: ${secretArg}`);
+                setTimeout(() => this.promptController?.setStatusMessage(null), 2000);
+                return;
+            }
+            this.promptForSecret(secret.id);
+            return;
+        }
+        // Queue all unset secrets for input
+        const unsetSecrets = secrets.filter(s => !getSecretValue(s.id));
+        if (unsetSecrets.length === 0) {
+            this.promptController?.setStatusMessage('All secrets configured');
+            setTimeout(() => this.promptController?.setStatusMessage(null), 2000);
+            return;
+        }
+        // Queue all unset secrets and start with the first one
+        this.secretInputMode.queue = unsetSecrets.map(s => s.id);
+        const first = this.secretInputMode.queue.shift();
+        if (first) {
+            this.promptForSecret(first);
+        }
+    }
+    /**
+     * Show prompt for a specific secret and enable secret input mode.
+     */
+    promptForSecret(secretId) {
+        const secrets = listSecretDefinitions();
+        const secret = secrets.find(s => s.id === secretId);
+        if (!secret)
+            return;
+        // Show in inline panel (no chat output)
+        if (this.promptController?.supportsInlinePanel()) {
+            const lines = [
+                chalk.bold.hex('#ece6da')(`Set ${secret.label}`),
+                chalk.dim(secret.description),
+                '',
+                chalk.dim('Enter value (or press Enter to skip)'),
+            ];
+            this.promptController.setInlinePanel(lines);
+        }
+        // Enable secret input mode
+        this.secretInputMode.active = true;
+        this.secretInputMode.secretId = secretId;
+        this.promptController?.setSecretMode(true);
+        this.promptController?.setStatusMessage(`Enter ${secret.label}...`);
+    }
+    /**
+     * Handle secret value submission.
+     */
+    handleSecretValue(value) {
+        const secretId = this.secretInputMode.secretId;
+        if (!secretId)
+            return;
+        // Disable secret mode and clear inline panel
+        this.promptController?.setSecretMode(false);
+        this.promptController?.clearInlinePanel();
+        this.secretInputMode.active = false;
+        this.secretInputMode.secretId = null;
+        let savedSuccessfully = false;
+        if (value.trim()) {
+            try {
+                setSecretValue(secretId, value.trim());
+                this.promptController?.setStatusMessage(`${secretId} saved`);
+                savedSuccessfully = true;
+            }
+            catch (error) {
+                const msg = error instanceof Error ? error.message : 'Failed to save';
+                this.promptController?.setStatusMessage(msg);
+            }
+        }
+        else {
+            this.promptController?.setStatusMessage(`Skipped ${secretId}`);
+        }
+        // Clear status after a moment
+        setTimeout(() => this.promptController?.setStatusMessage(null), 1500);
+        // Process next secret in queue if any
+        if (this.secretInputMode.queue.length > 0) {
+            const next = this.secretInputMode.queue.shift();
+            if (next) {
+                setTimeout(() => this.promptForSecret(next), 500);
+            }
+            return;
+        }
+        // Complete pending model switch if secret was saved successfully
+        if (savedSuccessfully && this.pendingModelSwitch) {
+            const { provider, model } = this.pendingModelSwitch;
+            this.pendingModelSwitch = null;
+            // Refresh provider cache and complete the switch
+            setTimeout(async () => {
+                await this.fetchProviders();
+                await this.switchModel(model ? `${provider} ${model}` : provider);
+            }, 500);
+        }
+    }
+    /**
+     * Snapshot the live conversation to the session store so /resume can
+     * restore it later. Best-effort: a persistence failure must never break a
+     * turn, so everything is wrapped. Skips empty/system-only histories so we
+     * don't litter the picker with sessions that have no real exchange.
+     */
+    persistSessionSnapshot() {
+        try {
+            const messages = this.controller.getHistory();
+            if (!messages.some((m) => m.role === 'user')) {
+                return;
+            }
+            const summary = saveSessionSnapshot({
+                id: this.sessionId,
+                profile: this.profile,
+                provider: this.profileConfig.provider,
+                model: this.profileConfig.model,
+                workspaceRoot: this.workingDir,
+                messages,
+            });
+            this.sessionId = summary.id;
+        }
+        catch {
+            // best-effort persistence — never interrupt the user's turn
+        }
+    }
+    /**
+     * /resume — present saved conversations newest-first and restore the
+     * chosen one's full message history into the agent's context.
+     */
+    handleResume() {
+        const renderer = this.promptController?.getRenderer();
+        const sessions = listSessions().filter((s) => s.id !== this.sessionId && s.messageCount > 0);
+        if (sessions.length === 0) {
+            renderer?.addEvent('system', chalk.dim('No saved conversations to resume yet.'));
+            return;
+        }
+        const items = sessions.slice(0, 25).map((s) => ({
+            id: s.id,
+            label: s.title,
+            description: `${s.messageCount} msg · ${relativeTime(s.updatedAt)}`,
+        }));
+        this.promptController?.setMenu(items, { title: 'Resume a conversation' }, (selected) => {
+            if (selected) {
+                this.resumeSession(selected.id);
+            }
+        });
+    }
+    /**
+     * Load a saved session by id, restore its history into the controller (and
+     * thus the agent's context), and reprint the prior exchange so the user
+     * sees where they left off.
+     */
+    resumeSession(id) {
+        const renderer = this.promptController?.getRenderer();
+        const stored = loadSessionById(id);
+        if (!stored) {
+            renderer?.addEvent('error', 'That conversation could not be loaded.');
+            return;
+        }
+        this.controller.loadHistory(stored.messages);
+        this.sessionId = stored.id;
+        const restored = stored.messages.filter((m) => m.role === 'user' || m.role === 'assistant');
+        renderer?.addEvent('system', chalk.dim(`Resumed "${stored.title}" — ${restored.length} message${restored.length === 1 ? '' : 's'} restored`));
+        for (const m of stored.messages) {
+            if (m.role === 'user') {
+                renderer?.addUserHistoryItem(m.content);
+            }
+            else if (m.role === 'assistant' && m.content.trim()) {
+                renderer?.addEvent('response', m.content);
+            }
+        }
+    }
+    /**
+     * /context — a compact context-window usage panel. Uses the real model
+     * window and the provider's last input-token count (falls back to a char/4
+     * estimate, marked "~", before the first turn).
+     */
+    showContext() {
+        if (!this.promptController?.supportsInlinePanel()) {
+            this.promptController?.setStatusMessage('Use /context in interactive mode');
+            setTimeout(() => this.promptController?.setStatusMessage(null), 3000);
+            return;
+        }
+        const model = this.profileConfig.model;
+        const windowTokens = getModelContextInfo(model).contextWindow;
+        const usage = computeContextUsage(this.controller.getHistory(), windowTokens, this.lastInputTokens);
+        const label = (s) => chalk.hex('#ffb142')(s.padEnd(8));
+        const dim = (s) => chalk.dim(s);
+        const approx = usage.estimated ? '~' : '';
+        const barWidth = 24;
+        const filled = Math.min(barWidth, Math.round((usage.percentUsed / 100) * barWidth));
+        const bar = '█'.repeat(filled) + '░'.repeat(barWidth - filled);
+        const lines = [
+            chalk.bold.hex('#ece6da')('Context') + dim('  (press any key to dismiss)'),
+            '',
+            dim(bar) + '  ' + chalk.hex('#ece6da')(`${usage.percentLeft}% context left`),
+            '',
+            label('Window') + dim(`${formatTokenCount(windowTokens)} tokens · ${model}`),
+            label('Used') + dim(`${approx}${formatTokenCount(usage.usedTokens)} tokens (${usage.percentUsed}%)`),
+            label('Free') + dim(`${formatTokenCount(usage.freeTokens)} tokens (${usage.percentLeft}%)`),
+            '',
+            dim(`System prompt ~${formatTokenCount(usage.systemTokens)} · conversation ~${formatTokenCount(usage.conversationTokens)} · ${usage.messageCount} messages`),
+        ];
+        this.promptController.setInlinePanel(lines);
+        this.scheduleInlinePanelDismiss();
+    }
+    /** /cost — DeepSeek tokens + Tavily searches consumed (this install). */
+    showUsage() {
+        if (!this.promptController?.supportsInlinePanel()) {
+            this.promptController?.setStatusMessage('Use /cost in interactive mode');
+            setTimeout(() => this.promptController?.setStatusMessage(null), 3000);
+            return;
+        }
+        const { session, cumulative } = getUsage();
+        const label = (s) => chalk.hex('#ffb142')(s.padEnd(9));
+        const dim = (s) => chalk.dim(s);
+        const ds = (u) => `${formatTokenCount(u.deepseekInputTokens)} in · ${formatTokenCount(u.deepseekOutputTokens)} out`;
+        const lines = [
+            chalk.bold.hex('#ece6da')('Usage') + dim('  (press any key to dismiss)'),
+            '',
+            label('DeepSeek') + dim(`${ds(cumulative)}   ·   this session ${ds(session)}`),
+            label('Tavily') + dim(`${cumulative.tavilySearches} searches   ·   this session ${session.tavilySearches}`),
+            '',
+            dim(`Hosted free pool: Tavily ${TAVILY_MONTHLY_FREE.toLocaleString('en-US')}/mo + ${TAVILY_ONE_TIME_BONUS.toLocaleString('en-US')} one-time bonus.`),
+            dim('Account-wide totals + remaining show in the ero.solar portal after sign-in.'),
+        ];
+        this.promptController.setInlinePanel(lines);
+        this.scheduleInlinePanelDismiss();
+    }
+    /**
+     * /diff — review every file the agent changed this run as a colored diff,
+     * in a dismissable panel. Reads each file's original content from the change
+     * tracker and its current content from disk; an empty tracker means nothing
+     * changed since the last prompt.
+     */
+    showDiff() {
+        const renderer = this.promptController?.getRenderer();
+        const changed = getChangedFiles();
+        if (changed.size === 0) {
+            renderer?.addEvent('system', chalk.dim('No file changes in the last run.'));
+            return;
+        }
+        if (!this.promptController?.supportsInlinePanel()) {
+            this.promptController?.setStatusMessage(`${changed.size} file(s) changed this run`);
+            setTimeout(() => this.promptController?.setStatusMessage(null), 3000);
+            return;
+        }
+        const items = [];
+        for (const [absPath, record] of changed) {
+            let current = '';
+            let deleted = false;
+            try {
+                current = readFileSync(absPath, 'utf-8');
+            }
+            catch {
+                deleted = true;
+            }
+            items.push({
+                relPath: relative(this.workingDir, absPath) || absPath,
+                previous: record.originalContent ?? '',
+                current,
+                existedBefore: record.existedBefore,
+                deleted,
+            });
+        }
+        const panel = renderChangePanel(items);
+        const dim = (s) => chalk.dim(s);
+        const lines = [
+            chalk.bold.hex('#ece6da')('Changes') + dim('  (press any key to dismiss)'),
+            '',
+            ...panel.lines,
+        ];
+        this.promptController.setInlinePanel(lines);
+        this.scheduleInlinePanelDismiss();
+    }
+    /**
+     * /rewind — restore the files changed this run. Two-step: bare `/rewind`
+     * previews what will be restored/deleted (kept in the transcript so it stays
+     * visible while the user types the confirm); `/rewind confirm` performs the
+     * revert via the change tracker. File-level only — the conversation is not
+     * rewound, and the message says so by scope ("files … before this run").
+     */
+    handleRewind(arg) {
+        const renderer = this.promptController?.getRenderer();
+        const changed = getChangedFiles();
+        if (changed.size === 0 || !hasChangesToRevert()) {
+            renderer?.addEvent('system', chalk.dim('Nothing to rewind — no file changes this run.'));
+            return;
+        }
+        if (arg.trim().toLowerCase() !== 'confirm') {
+            const items = [...changed].map(([abs, rec]) => ({
+                relPath: relative(this.workingDir, abs) || abs,
+                existedBefore: rec.existedBefore,
+            }));
+            const lines = rewindPreviewLines(items);
+            lines.forEach((line, i) => {
+                const last = i === lines.length - 1;
+                renderer?.addEvent('system', last ? chalk.hex('#ffb142')(line) : chalk.dim(line));
+            });
+            return;
+        }
+        let restored = 0;
+        let deleted = 0;
+        for (const [, rec] of changed) {
+            if (rec.existedBefore && rec.originalContent !== null)
+                restored += 1;
+            else if (!rec.existedBefore)
+                deleted += 1;
+        }
+        revertAllChanges(this.workingDir); // restores/deletes on disk + clears tracking
+        renderer?.addEvent('system', chalk.green('✓ ' + rewindResultLine(restored, deleted)));
+    }
+    /** One-line summary of the active key source for /account. */
+    accountStatusText(s) {
+        if (s.mode === 'hosted') {
+            return chalk.green(`Hosted keys · signed in as ${s.email}.`) +
+                chalk.dim(` /account own to use your own · /logout to sign out.`);
+        }
+        if (s.mode === 'own') {
+            return chalk.green(`Your own keys · DeepSeek${s.ownTavily ? ' + Tavily' : ''}.`) +
+                chalk.dim(s.signedIn ? ` /account hosted to use hosted keys.` : ` /login to use hosted keys.`);
+        }
+        return chalk.yellow('No keys configured.') +
+            chalk.dim(' /login for hosted keys, or set your own: /key sk-… (and /key tvly-…).');
+    }
+    /**
+     * /login — Google sign-in via ero.solar. Opens the browser to the SSO URL and
+     * runs a one-shot 127.0.0.1 loopback server that captures the redirect with
+     * the short-lived token (see core/hostedAuth.ts). On success the CLI is on
+     * hosted keys; no key ever touches this client.
+     */
+    async handleLogin() {
+        const r = this.promptController?.getRenderer();
+        const status = resolveKeyMode();
+        if (status.signedIn) {
+            r?.addEvent('system', chalk.green(`Already signed in as ${status.email}.`) +
+                chalk.dim(' /logout to sign out · /account to switch key source.'));
+            return;
+        }
+        r?.addEvent('system', chalk.dim('Opening ero.solar sign-in in your browser — finish there, then return here…'));
+        const result = await loginViaLoopback({ open: (url) => this.openInBrowser(url) });
+        if (result.ok && result.session) {
+            r?.addEvent('system', chalk.green(`✓ Signed in as ${result.session.email} — using hosted keys.`));
+            void this.showWelcome();
+        }
+        else {
+            r?.addEvent('system', chalk.yellow(`Sign-in didn't complete: ${result.error ?? 'unknown error'}.`) +
+                chalk.dim(' Retry /login, or use /key sk-… for your own key.'));
+        }
+    }
+    /** Best-effort open a URL in the OS browser; also prints it as a fallback. */
+    openInBrowser(url) {
+        const opener = process.platform === 'darwin' ? 'open'
+            : process.platform === 'win32' ? 'start ""'
+                : 'xdg-open';
+        // url is built by loginViaLoopback (no user input) and JSON-quoted, so the
+        // `&` in the query string can't break out of the argument.
+        childExec(`${opener} ${JSON.stringify(url)}`, () => { });
+        this.promptController?.getRenderer()?.addEvent('system', chalk.dim(`If the browser didn't open: ${url}`));
+    }
+    showHelp() {
+        if (!this.promptController?.supportsInlinePanel()) {
+            this.promptController?.setStatusMessage('Help: /key sk-… (everything else is automatic)');
+            setTimeout(() => this.promptController?.setStatusMessage(null), 3000);
+            return;
+        }
+        const cmd = (s) => chalk.hex('#ffb142')(s);
+        const dim = (s) => chalk.dim(s);
+        // One knob. Everything else (ultracode, max thought, the adversarial
+        // verifier, auto-continue) is on by default for max performance — there
+        // are no toggles to tune.
+        const lines = [
+            chalk.bold.hex('#ece6da')('Trenchwork Coder') + dim('  (press any key to dismiss)'),
+            '',
+            cmd('/login') + dim('       Sign in with Google (ero.solar) to use hosted keys'),
+            cmd('/key sk-…') + dim('     Set your DeepSeek API key (required)'),
+            cmd('/key tvly-…') + dim('   Set your Tavily key for web search (optional)'),
+            cmd('/account') + dim('      Show / switch key source (hosted vs your own)'),
+            cmd('/update') + dim('      Check npm and upgrade to the latest version'),
+            cmd('/resume') + dim('      Restore a previous conversation'),
+            cmd('/context') + dim('     Show context-window usage'),
+            cmd('/cost') + dim('        DeepSeek tokens + Tavily searches consumed'),
+            cmd('/diff') + dim('        Review changes made this run'),
+            cmd('/rewind') + dim('      Undo this run\'s file changes'),
+            '',
+            dim('Prefixes: ') + cmd('@file') + dim(' attach · ') + cmd('!cmd') + dim(' run shell · ') + cmd('#note') + dim(' save to memory'),
+            '',
+            dim('Everything else runs automatically —'),
+            dim('deepseek-v4-pro · max thought · ultracode · adversarial verifier, all on.'),
+            dim('Shift+Tab cycles permission mode · Ctrl+D exits · ? for shortcuts'),
+        ];
+        this.promptController.setInlinePanel(lines);
+        this.scheduleInlinePanelDismiss();
+    }
+    showKeyboardShortcuts() {
+        if (!this.promptController?.supportsInlinePanel()) {
+            this.promptController?.setStatusMessage('Use /keys in interactive mode');
+            setTimeout(() => this.promptController?.setStatusMessage(null), 3000);
+            return;
+        }
+        const kb = (key) => chalk.hex('#ffb142')(key);
+        const desc = (text) => chalk.dim(text);
+        // Only shortcuts the Ink Prompt (src/ui/ink/Prompt.tsx) actually
+        // implements are listed — advertising keys the input handler ignores
+        // would be a deceptive panel (Glasswing transparency).
+        const lines = [
+            chalk.bold.hex('#ece6da')('Keyboard Shortcuts') + chalk.dim('  (press any key to dismiss)'),
+            '',
+            chalk.hex('#cbf24e')('Navigation'),
+            `  ${kb('Ctrl+A')} / ${kb('Home')}  ${desc('Move to start of line')}`,
+            `  ${kb('Ctrl+E')} / ${kb('End')}   ${desc('Move to end of line')}`,
+            `  ${kb('←')} / ${kb('→')}        ${desc('Move cursor')}`,
+            `  ${kb('↑')} / ${kb('↓')}        ${desc('Prompt history (older / newer)')}`,
+            `  ${kb('Ctrl+R')}        ${desc('Reverse-search prompt history')}`,
+            '',
+            chalk.hex('#cbf24e')('Editing'),
+            `  ${kb('Ctrl+U')}  ${desc('Delete to start of line')}`,
+            `  ${kb('Ctrl+W')}  ${desc('Delete word backward')}`,
+            `  ${kb('Ctrl+K')}  ${desc('Delete to end of line')}`,
+            '',
+            chalk.hex('#cbf24e')('Modes'),
+            `  ${kb('Shift+Tab')}  ${desc('Cycle permission mode (default · accept edits · plan)')}`,
+            `  ${kb('Ctrl+O')}     ${desc('Expand the last truncated tool result')}`,
+            '',
+            chalk.hex('#cbf24e')('Completion'),
+            `  ${kb('@')}          ${desc('Autocomplete a file (↑/↓ · Tab/Enter); its content is inlined for the agent')}`,
+            `  ${kb('/')}          ${desc('Autocomplete a command (↑/↓ · Tab to complete; Enter runs it)')}`,
+            '',
+            chalk.hex('#cbf24e')('Control'),
+            `  ${kb('Ctrl+C')}  ${desc('Clear input / interrupt')}`,
+            `  ${kb('Ctrl+D')}  ${desc('Exit (when empty)')}`,
+        ];
+        this.promptController.setInlinePanel(lines);
+        this.scheduleInlinePanelDismiss();
+    }
+    /**
+     * Auto-dismiss inline panel after timeout or on next input.
+     */
+    inlinePanelDismissTimer = null;
+    scheduleInlinePanelDismiss() {
+        // Clear any existing timer
+        if (this.inlinePanelDismissTimer) {
+            clearTimeout(this.inlinePanelDismissTimer);
+        }
+        // Auto-dismiss after 8 seconds
+        this.inlinePanelDismissTimer = setTimeout(() => {
+            this.promptController?.clearInlinePanel();
+            this.inlinePanelDismissTimer = null;
+        }, 8000);
+    }
+    dismissInlinePanel() {
+        if (this.inlinePanelDismissTimer) {
+            clearTimeout(this.inlinePanelDismissTimer);
+            this.inlinePanelDismissTimer = null;
+        }
+        this.promptController?.clearInlinePanel();
+    }
+    handleSubmit(text) {
+        const trimmed = text.trim();
+        // Handle secret input mode - capture the API key value
+        if (this.secretInputMode.active && this.secretInputMode.secretId) {
+            this.handleSecretValue(trimmed);
+            return;
+        }
+        if (!trimmed) {
+            return;
+        }
+        // Handle slash commands first - these don't go to the AI
+        if (trimmed.startsWith('/')) {
+            if (this.handleSlashCommand(trimmed)) {
+                return;
+            }
+            // Unknown slash command - silent status flash, dismiss inline panel
+            this.dismissInlinePanel();
+            this.promptController?.setStatusMessage(`Unknown: ${trimmed.slice(0, 30)}`);
+            setTimeout(() => this.promptController?.setStatusMessage(null), 2000);
+            return;
+        }
+        // `!cmd` — bash mode (Claude Code parity): run the rest as a shell command
+        // directly, no model round-trip. Same executor as /bash, via the leading
+        // bang. Runs immediately (like a slash command), not queued behind the agent.
+        if (trimmed.startsWith('!')) {
+            this.dismissInlinePanel();
+            void this.runLocalCommand(trimmed.slice(1).trim());
+            return;
+        }
+        // `#note` — quick-capture a note to persistent project memory (Claude Code
+        // parity), no model round-trip. Lands in .trenchwork/memory/ where the agent
+        // reads it on later sessions.
+        if (trimmed.startsWith('#')) {
+            this.dismissInlinePanel();
+            const note = trimmed.slice(1).trim();
+            const r = this.promptController?.getRenderer();
+            if (appendMemoryNote(this.workingDir, note))
+                r?.addEvent('system', chalk.green('✓ Saved to memory'));
+            else
+                r?.addEvent('system', chalk.yellow('Usage: #<note to remember>'));
+            return;
+        }
+        // Dismiss inline panel for regular user prompts
+        this.dismissInlinePanel();
+        // Live follow-up queue (Claude Code parity): a prompt typed while the agent
+        // is working is accepted immediately into a transient queue (visible above
+        // the input, *not* in permanent history). It is processed at the next turn
+        // boundary (ASAP, before any outer auto-continue decides the original task
+        // is "complete"). No polluting system banners.
+        if (this.isProcessing) {
+            this.pendingPrompts.push(trimmed);
+            const renderer = this.promptController?.getRenderer();
+            renderer?.setFollowUpQueueMode(true);
+            renderer?.setQueuedPrompts(this.pendingPrompts.slice());
+            return;
+        }
+        void this.processPrompt(trimmed);
+    }
+    async processPrompt(prompt) {
+        if (this.isProcessing) {
+            return;
+        }
+        // Start new run for file change tracking (enables /revert)
+        startNewRun();
+        // @-file mentions: inline the content of any `@path` the user referenced
+        // so the agent gets it directly (the chat history still shows the raw
+        // `@path` the user typed — only this agent-bound copy is expanded).
+        const mentions = expandFileMentions(prompt, this.workingDir);
+        const sanitizedPrompt = mentions.prompt;
+        if (mentions.included.length > 0) {
+            this.promptController?.getRenderer()?.addEvent('system', chalk.dim(`Included ${mentions.included.length} referenced file${mentions.included.length === 1 ? '' : 's'}: ${mentions.included.join(', ')}`));
+        }
+        // Store original prompt for auto-continuation (if not a continuation or auto-generated prompt)
+        if (prompt !== 'continue' && !prompt.startsWith('IMPORTANT:')) {
+            this.originalPromptForAutoContinue = prompt;
+            // A fresh user prompt clears any prior interrupt state — this is new
+            // work the user actually wants done.
+            this.userInterruptedRun = false;
+            // Fresh user request → start a new auto-continue turn budget + failure log.
+            this.autoGovernor.reset();
+            this.failureRegistry.reset();
+            this.adversarialCorrectionCount = 0;
+            // Pinned-prompt persistence removed per request — no longer
+            // displayed above the chat box.
+        }
+        enterCriticalSection();
+        this.isProcessing = true;
+        this.currentResponseBuffer = '';
+        this.finalResponseText = '';
+        this.promptController?.setStreaming(true);
+        this.promptController?.setStatusMessage('Analyzing request…');
+        const renderer = this.promptController?.getRenderer();
+        let episodeSuccess = false;
+        const toolsUsed = [];
+        const filesModified = [];
+        // Tail of this turn's tool outputs (where TS/test/build errors land), so the
+        // failure registry + governor see real error text, not just the narration.
+        let turnToolOutput = '';
+        // Reviewer findings from THIS turn (set by the adversarial.findings event),
+        // used in the finally to drive a bounded auto-correction.
+        let turnAdversarialFindings = null;
+        // Track reasoning content for fallback when response is empty
+        let reasoningBuffer = '';
+        // Track reasoning-only time to prevent models from reasoning forever without action
+        let reasoningOnlyStartTime = null;
+        let reasoningTimedOut = false;
+        let stepTimedOut = false;
+        let hitlDepth = 0;
+        // Track total prompt processing time to prevent infinite loops
+        const promptStartTime = Date.now();
+        const TOTAL_PROMPT_TIMEOUT_MS = 24 * 60 * 60 * 1000; // 24 hours max for entire prompt without meaningful content
+        let hasReceivedMeaningfulContent = false;
+        // Track response content separately - tool calls don't count for reasoning timeout
+        let hasReceivedResponseContent = false;
+        try {
+            // Use timeout-wrapped iterator to prevent hanging on slow/stuck models
+            for await (const eventOrTimeout of iterateWithTimeout(this.controller.send(sanitizedPrompt), PROMPT_STEP_TIMEOUT_MS)) {
+                // Check for timeout marker
+                if (eventOrTimeout && typeof eventOrTimeout === 'object' && '__timeout' in eventOrTimeout) {
+                    if (hitlDepth > 0) {
+                        this.promptController?.setStatusMessage('Waiting for human decision…');
+                        continue;
+                    }
+                    stepTimedOut = true;
+                    this.promptController?.setStatusMessage(`Step timeout (${PROMPT_STEP_TIMEOUT_MS / 1000}s) — completing response`);
+                    // Cancel the controller so the underlying agent stops generating
+                    // events that would never be consumed. Without this the spinner
+                    // can keep ticking against a "ghost" run after the for-await
+                    // loop exits, and any in-flight tool keeps doing work the user
+                    // can't see or stop.
+                    try {
+                        this.controller.cancel('step timeout');
+                    }
+                    catch { /* best-effort */ }
+                    break;
+                }
+                // Check total elapsed time - bail out if too long without meaningful content
+                const totalElapsed = Date.now() - promptStartTime;
+                if (!hasReceivedMeaningfulContent && totalElapsed > TOTAL_PROMPT_TIMEOUT_MS) {
+                    if (renderer) {
+                        renderer.addEvent('response', chalk.yellow(`\nResponse timeout (${Math.round(totalElapsed / 1000)}s) — completing\n`));
+                    }
+                    reasoningTimedOut = true;
+                    try {
+                        this.controller.cancel('response timeout');
+                    }
+                    catch { /* best-effort */ }
+                    break;
+                }
+                const event = eventOrTimeout;
+                if (this.shouldExit) {
+                    break;
+                }
+                switch (event.type) {
+                    case 'message.start':
+                        // AI has started processing - update status to show activity
+                        this.currentResponseBuffer = '';
+                        this.finalResponseText = '';
+                        reasoningBuffer = '';
+                        reasoningOnlyStartTime = null; // Reset on new message
+                        this.promptController?.setStatusMessage('Thinking...');
+                        break;
+                    case 'message.delta':
+                        // Stream content as it arrives
+                        this.currentResponseBuffer += event.content ?? '';
+                        this.finalResponseText += event.content ?? '';
+                        if (renderer) {
+                            renderer.addEvent('stream', event.content);
+                        }
+                        // Reset reasoning timer only when we get actual non-empty content
+                        if (event.content && event.content.trim()) {
+                            reasoningOnlyStartTime = null;
+                            hasReceivedMeaningfulContent = true;
+                            hasReceivedResponseContent = true; // Track actual response content
+                        }
+                        break;
+                    case 'reasoning':
+                        // Accumulate reasoning for potential fallback synthesis
+                        reasoningBuffer += event.content ?? '';
+                        // Update status to show reasoning is actively streaming
+                        this.promptController?.setActivityMessage('Thinking');
+                        // Start the reasoning timer on first reasoning event
+                        if (!reasoningOnlyStartTime) {
+                            reasoningOnlyStartTime = Date.now();
+                        }
+                        // Display useful reasoning as 'thought' events BEFORE the response
+                        // The renderer's curateReasoningContent and shouldRenderThought will filter
+                        // to show only actionable/structured thoughts
+                        if (renderer && event.content?.trim()) {
+                            renderer.addEvent('thought', event.content);
+                        }
+                        break;
+                    case 'message.complete':
+                        // Response complete - clear the thinking indicator
+                        this.promptController?.setStatusMessage(null);
+                        // Response complete - ensure final output includes required "Next steps"
+                        if (renderer) {
+                            // Use the appended field from ensureNextSteps to avoid re-rendering the entire response
+                            const base = (event.content ?? '').trimEnd();
+                            let sourceText = base || this.currentResponseBuffer;
+                            // If content came via message.complete but NOT via deltas, render it now as a proper response
+                            // This handles models that don't stream deltas (e.g., deepseek-v4-pro)
+                            // IMPORTANT: Do NOT re-emit content that was already streamed via 'message.delta' events
+                            // to prevent duplicate display of the same response
+                            if (base && !this.currentResponseBuffer.trim()) {
+                                renderer.addEvent('response', base);
+                            }
+                            // Note: We intentionally DO NOT re-emit currentResponseBuffer as a 'response' event
+                            // because it was already displayed via 'stream' events during message.delta handling
+                            // Fallback: If response is empty but we have reasoning, synthesize a response
+                            if (!sourceText.trim() && reasoningBuffer.trim()) {
+                                // Extract key conclusions from reasoning for display
+                                const synthesized = this.synthesizeFromReasoning(reasoningBuffer);
+                                if (synthesized) {
+                                    renderer.addEvent('response', synthesized);
+                                    sourceText = synthesized;
+                                }
+                            }
+                            episodeSuccess = true; // Mark episode as successful only after we have content
+                            // Only add "Next steps" if tools were actually used (real work done)
+                            // This prevents showing "Next steps" after reasoning-only responses
+                            if (toolsUsed.length > 0) {
+                                const { appended } = ensureNextSteps(sourceText);
+                                // Only stream the newly appended content (e.g., "Next steps:")
+                                // The main response was already added as a response event above
+                                if (appended && appended.trim()) {
+                                    renderer.addEvent('response', appended);
+                                }
+                            }
+                            renderer.addEvent('response', '\n');
+                            // Capture the authoritative final text BEFORE the buffer is cleared
+                            // (the finally's auto-continue reads run after this clear).
+                            this.finalResponseText = sourceText || this.finalResponseText;
+                        }
+                        this.currentResponseBuffer = '';
+                        break;
+                    case 'tool.start': {
+                        const toolName = event.toolName;
+                        const args = event.parameters;
+                        if (isHitlToolName(toolName)) {
+                            hitlDepth += 1;
+                        }
+                        // Reset reasoning timer when tools are being called (model is taking action)
+                        reasoningOnlyStartTime = null;
+                        hasReceivedMeaningfulContent = true;
+                        if (!toolsUsed.includes(toolName)) {
+                            toolsUsed.push(toolName);
+                        }
+                        const filePath = (args?.['file_path'] ?? args?.['path']);
+                        if (filePath && /edit|write|create|update/i.test(toolName)) {
+                            if (!filesModified.includes(filePath)) {
+                                filesModified.push(filePath);
+                            }
+                        }
+                        // Claude-Code action line: `⏺ ToolName(primaryArg)`. The dim
+                        // present-tense label drives the working spinner above the prompt.
+                        // parallel_agents is suppressed here — its per-sub-agent Task notes
+                        // (subagent.start/complete) are the visible surface instead of a
+                        // raw `parallel_agents({"tasks":…})` JSON dump.
+                        if (renderer && toolName !== 'parallel_agents') {
+                            renderer.addEvent('tool', formatToolCall(toolName, args, this.workingDir));
+                        }
+                        this.promptController?.setStatusMessage(toolActivityLabel(toolName, args, this.workingDir));
+                        break;
+                    }
+                    case 'tool.complete': {
+                        if (isHitlToolName(event.toolName)) {
+                            hitlDepth = Math.max(0, hitlDepth - 1);
+                        }
+                        // Keep the tail of tool output for the failure registry / governor
+                        // (errors land here, not in the assistant narration).
+                        if (typeof event.result === 'string' && event.result) {
+                            turnToolOutput = (turnToolOutput + '\n' + event.result).slice(-16000);
+                        }
+                        // Clear the activity label; the agent is thinking again.
+                        this.promptController?.setStatusMessage('Thinking…');
+                        // Reset reasoning timer after tool completes
+                        reasoningOnlyStartTime = null;
+                        // Render the result as a dim `  ⎿  …` block (summarised, never a
+                        // raw multi-KB dump). Pre-formatted ⏺ blocks (editTools) pass
+                        // through with just their duplicate header stripped.
+                        if (event.result && typeof event.result === 'string' && event.result.trim() && renderer) {
+                            const params = event.parameters;
+                            const summary = formatToolResult(event.toolName, event.result, params);
+                            renderer.addEvent('tool-result', summary);
+                            // Remember the full result so Ctrl+O can expand it — but only
+                            // when the summary actually truncated (the `(ctrl+o to expand)`
+                            // marker promises the affordance; without truncation there's
+                            // nothing to expand). Keeps that promise honest.
+                            this.lastExpandableResult = summary.includes('(ctrl+o to expand)')
+                                ? { name: event.toolName, result: event.result, params }
+                                : null;
+                        }
+                        break;
+                    }
+                    case 'tool.error':
+                        if (isHitlToolName(event.toolName)) {
+                            hitlDepth = Math.max(0, hitlDepth - 1);
+                        }
+                        this.promptController?.setStatusMessage('Thinking…');
+                        if (renderer) {
+                            // Red `  ⎿  Error: …` line, mirroring a failed tool result.
+                            renderer.addEvent('error', formatToolError(event.error));
+                        }
+                        break;
+                    case 'error':
+                        if (renderer) {
+                            renderer.addEvent('error', event.error);
+                        }
+                        break;
+                    case 'usage': {
+                        // Meter cumulative DeepSeek consumption for /usage + the portal.
+                        recordDeepSeekUsage(event.inputTokens, event.outputTokens);
+                        // inputTokens = exactly what occupies the context window this turn.
+                        // The real model window (not a hardcoded guess) is the denominator
+                        // so "% context left" reflects the actual model.
+                        const contextTokens = event.inputTokens ?? event.totalTokens ?? null;
+                        if (typeof contextTokens === 'number' && contextTokens > 0) {
+                            this.lastInputTokens = contextTokens;
+                        }
+                        const windowTokens = getModelContextInfo(this.profileConfig.model).contextWindow;
+                        this.promptController?.setMetaStatus({
+                            tokensUsed: contextTokens,
+                            tokenLimit: windowTokens,
+                        });
+                        break;
+                    }
+                    case 'subagent.start':
+                        // A parallel sub-agent spawned — show it like Claude Code's Task.
+                        renderer?.addEvent('tool', formatSubAgentStart(event.description));
+                        this.promptController?.setStatusMessage(`Running sub-agent: ${event.description}`);
+                        break;
+                    case 'subagent.complete':
+                        renderer?.addEvent('system', chalk.dim(formatSubAgentComplete({
+                            description: event.description,
+                            success: event.success,
+                            elapsedMs: event.elapsedMs,
+                        })));
+                        break;
+                    case 'adversarial.findings':
+                        // The reviewer refuted this turn's draft — remember it so the
+                        // auto-continue loop can run a bounded re-fix (handled in finally).
+                        turnAdversarialFindings = event.findings;
+                        break;
+                    case 'context.compacted': {
+                        // The conversation was auto-compacted to stay within the window —
+                        // surface it as a dim note (Claude Code parity) instead of silently.
+                        renderer?.addEvent('system', chalk.dim(formatCompactionNote({
+                            removed: event.removed,
+                            freedTokens: event.freedTokens,
+                            summarized: event.summarized,
+                            percentage: event.percentage,
+                        })));
+                        break;
+                    }
+                    case 'provider.fallback': {
+                        // Display fallback notification
+                        if (renderer) {
+                            const fallbackMsg = chalk.yellow('⚠ ') +
+                                chalk.dim(`${event.fromProvider}/${event.fromModel} failed: `) +
+                                chalk.hex('#EF4444')(event.reason) +
+                                chalk.dim(' → switching to ') +
+                                chalk.hex('#34D399')(`${event.toProvider}/${event.toModel}`);
+                            renderer.addEvent('banner', fallbackMsg);
+                        }
+                        // Update the model context to reflect the new provider/model
+                        this.profileConfig = {
+                            ...this.profileConfig,
+                            provider: event.toProvider,
+                            model: event.toModel,
+                        };
+                        this.promptController?.setModelContext({
+                            model: event.toModel,
+                            provider: event.toProvider,
+                        });
+                        break;
+                    }
+                    case 'edit.explanation':
+                        // Show explanation for edits made
+                        if (event.content && renderer) {
+                            const filesInfo = event.files?.length ? ` (${event.files.join(', ')})` : '';
+                            renderer.addEvent('response', `${event.content}${filesInfo}`);
+                        }
+                        break;
+                }
+                // Check reasoning timeout on EVERY iteration (not just when reasoning events arrive)
+                // This ensures we bail out even if events are sparse
+                // Use hasReceivedResponseContent (not hasReceivedMeaningfulContent) so timeout
+                // still triggers after tool calls if model just reasons without responding
+                if (reasoningOnlyStartTime && !hasReceivedResponseContent) {
+                    const reasoningElapsed = Date.now() - reasoningOnlyStartTime;
+                    if (reasoningElapsed > PROMPT_REASONING_TIMEOUT_MS) {
+                        if (renderer) {
+                            renderer.addEvent('response', chalk.yellow(`\nReasoning timeout (${Math.round(reasoningElapsed / 1000)}s)\n`));
+                        }
+                        reasoningTimedOut = true;
+                    }
+                }
+                // Check if reasoning timeout was triggered - break out of event loop
+                if (reasoningTimedOut) {
+                    // Cancel the controller too; otherwise the for-await drain
+                    // exits but the agent keeps producing events and side-effects
+                    // for the next 30+ seconds with no UI to consume them.
+                    try {
+                        this.controller.cancel('reasoning timeout');
+                    }
+                    catch { /* best-effort */ }
+                    break;
+                }
+            }
+            // After loop: synthesize from reasoning if no response was generated or timed out
+            // This handles models like deepseek-v4-pro that output thinking but empty response
+            // Also handles step timeouts where the model was stuck
+            // IMPORTANT: Don't add "Next steps" when only reasoning occurred - only after real work
+            if ((!episodeSuccess || reasoningTimedOut || stepTimedOut) && reasoningBuffer.trim() && !this.currentResponseBuffer.trim()) {
+                const synthesized = this.synthesizeFromReasoning(reasoningBuffer);
+                if (synthesized && renderer) {
+                    renderer.addEvent('stream', '\n' + synthesized);
+                    // Only add "Next steps" if tools were actually used (real work done)
+                    if (toolsUsed.length > 0) {
+                        const { appended } = ensureNextSteps(synthesized);
+                        if (appended?.trim()) {
+                            renderer.addEvent('stream', appended);
+                        }
+                    }
+                    renderer.addEvent('response', '\n');
+                    episodeSuccess = true;
+                }
+            }
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            if (renderer) {
+                renderer.addEvent('error', message);
+            }
+            // Fallback: If we have reasoning content but no response was generated, synthesize one
+            if (!episodeSuccess && reasoningBuffer.trim() && !this.currentResponseBuffer.trim()) {
+                const synthesized = this.synthesizeFromReasoning(reasoningBuffer);
+                if (synthesized && renderer) {
+                    renderer.addEvent('stream', '\n' + synthesized);
+                    renderer.addEvent('response', '\n');
+                    episodeSuccess = true; // Mark as partial success
+                }
+            }
+        }
+        finally {
+            // Exit critical section - allow termination again
+            exitCriticalSection();
+            // Final fallback: If stream ended without message.complete but we have reasoning
+            if (!episodeSuccess && reasoningBuffer.trim() && !this.currentResponseBuffer.trim()) {
+                const synthesized = this.synthesizeFromReasoning(reasoningBuffer);
+                if (synthesized && renderer) {
+                    renderer.addEvent('stream', '\n' + synthesized);
+                    // Only add "Next steps" if tools were actually used (real work done)
+                    if (toolsUsed.length > 0) {
+                        const { appended } = ensureNextSteps(synthesized);
+                        if (appended?.trim()) {
+                            renderer.addEvent('stream', appended);
+                        }
+                    }
+                    renderer.addEvent('response', '\n');
+                    episodeSuccess = true;
+                }
+            }
+            // Detect a model safety refusal in the just-finished turn. When the
+            // model declines the request, the request is *done* — auto-continue
+            // would just resubmit "continue" and start a new spinner cycle, which
+            // is what produced the stuck "Thinking… (4m N s)" timer the user saw.
+            const refusedTurn = isSafetyRefusal(this.finalResponseText);
+            this.isProcessing = false;
+            this.promptController?.setStreaming(false);
+            this.promptController?.setStatusMessage(null);
+            // Belt-and-suspenders: explicitly clear the activity message so the
+            // "Thinking… (esc to interrupt · Ns)" line doesn't linger after the
+            // final reply if setMode→stopSpinnerAnimation races with another
+            // renderPrompt tick.
+            this.promptController?.setActivityMessage(null);
+            // Force an idle re-render so the spinner area is repainted without
+            // the streaming activity line. setStreaming(false) → setMode('idle')
+            // already calls renderPrompt(), but a coalesced spinner tick that
+            // races with the transition can leave the last "Thinking… (Ns)"
+            // frame on screen until the next event. forceRender squashes it.
+            this.promptController?.forceRender();
+            // Clear any transient follow-up queue UI when we return to idle.
+            const r = this.promptController?.getRenderer();
+            r?.setFollowUpQueueMode(false);
+            r?.setQueuedPrompts([]);
+            // Note: pendingPrompts may still have items if a drain just started
+            // a new processPrompt; the new run will manage the list.
+            // Snapshot this turn's full output (tool results + narration) BEFORE the
+            // buffer is cleared — the auto-continue governor + failure registry need
+            // the real error text, which the reset below would otherwise wipe.
+            const combinedTurnOutput = (turnToolOutput + '\n' + this.finalResponseText).slice(-16000);
+            this.currentResponseBuffer = '';
+            // Autosave the conversation so /resume has something to restore. Each
+            // turn updates the same snapshot in place (keyed by this.sessionId).
+            this.persistSessionSnapshot();
+            // Process any queued prompts (late safety net; primary drain is now per-turn
+            // after each assistant response for "ASAP before the running prompt finishes").
+            if (this.pendingPrompts.length > 0 && !this.shouldExit) {
+                const next = this.pendingPrompts.shift();
+                if (next) {
+                    const r = this.promptController?.getRenderer();
+                    r?.setFollowUpQueueMode(false);
+                    r?.addUserHistoryItem(next);
+                    r?.setQueuedPrompts(this.pendingPrompts.slice());
+                    await this.processPrompt(next);
+                }
+            }
+            else if (refusedTurn) {
+                // Refusal terminates the turn. Don't re-prompt the model — the
+                // user's request is finished from the agent's side. Clear the
+                // stored "original prompt" so a stray Alt+G later doesn't pick
+                // up where this turn left off.
+                this.originalPromptForAutoContinue = null;
+            }
+            else if (!this.shouldExit && !this.userInterruptedRun) {
+                // Auto mode: keep running until user's prompt is fully completed.
+                // Skipped after a Ctrl+C interrupt so we don't immediately resume
+                // the work the user just cancelled.
+                const autoMode = this.promptController?.getAutoMode() ?? 'off';
+                if (autoMode !== 'off') {
+                    // Check if original user prompt is fully completed
+                    const detector = getTaskCompletionDetector();
+                    const analysis = detector.analyzeCompletion(this.finalResponseText, toolsUsed);
+                    // Record this turn with the governor (bounds the loop + detects a
+                    // stall: the same tools/files/failure repeating with no new progress)
+                    // and the failure registry (catches the same error recurring across
+                    // NON-consecutive turns — a thrash the stall check would miss).
+                    this.autoGovernor.recordTurn({
+                        toolsUsed,
+                        filesModified,
+                        failingSignal: detectFailingTestOrBuild(combinedTurnOutput),
+                    });
+                    this.failureRegistry.trackTurn(combinedTurnOutput);
+                    const gov = this.autoGovernor.check();
+                    const failureNudge = this.failureRegistry.nudge();
+                    const todos = getCurrentTodos();
+                    const pending = pendingTodos(todos);
+                    if (gov.stop) {
+                        // Yield to the user WITH state instead of thrashing forever.
+                        const note = gov.reason === 'limit'
+                            ? `Paused after ${gov.turn} auto-continue turns (turn limit).${pending.length ? ` ${pending.length} task${pending.length === 1 ? '' : 's'} still pending` : ''} — say "continue" to keep going.`
+                            : `Paused: no new progress over the last few turns (same actions repeating).${pending.length ? ` ${pending.length} task${pending.length === 1 ? '' : 's'} pending` : ''} — tell me how to proceed.`;
+                        this.promptController?.getRenderer()?.addEvent('system', chalk.dim(note));
+                        this.promptController?.setStatusMessage(null);
+                        this.originalPromptForAutoContinue = null;
+                    }
+                    else if (turnAdversarialFindings && this.adversarialCorrectionCount < MAX_ADVERSARIAL_CORRECTIONS) {
+                        // The reviewer refuted this turn's draft — re-run the FULL tool loop
+                        // to actually fix the findings (not just show the caveat), bounded
+                        // by the governor + this per-request cap.
+                        this.adversarialCorrectionCount += 1;
+                        this.promptController?.setStatusMessage('Addressing reviewer findings…');
+                        await new Promise(resolve => setTimeout(resolve, 300));
+                        await this.processPrompt(buildAdversarialCorrectionPrompt(turnAdversarialFindings));
+                    }
+                    else if (!analysis.isComplete || pending.length > 0) {
+                        // Continue — but only stop when the LIVE PLAN is also clear: pending
+                        // todos force a continue even if the response sounded "done".
+                        this.promptController?.setStatusMessage('Continuing...');
+                        await new Promise(resolve => setTimeout(resolve, 500));
+                        // Prefer the plan's next task; fall back to the response heuristic.
+                        const base = nextTodoPrompt(todos)
+                            ?? this.generateAutoContinuePrompt(this.originalPromptForAutoContinue || '', combinedTurnOutput, toolsUsed)
+                            ?? 'continue';
+                        // When a failure keeps recurring, lead with the change-approach nudge.
+                        // Keep an IMPORTANT: prefix so this counts as an auto-continue (not a
+                        // fresh user prompt, which would reset the governor).
+                        const autoPrompt = failureNudge
+                            ? `IMPORTANT: ${failureNudge}\n\n${base.replace(/^IMPORTANT:\s*/, '')}`
+                            : base;
+                        await this.processPrompt(autoPrompt);
+                    }
+                    else {
+                        this.promptController?.setStatusMessage('Task complete');
+                        setTimeout(() => this.promptController?.setStatusMessage(null), 2000);
+                    }
+                }
+            }
+        }
+    }
+    generateAutoContinuePrompt(originalPrompt, response, toolsUsed) {
+        // Highest-priority signal: a test or build is currently failing
+        // in the visible output. Override every other heuristic and force
+        // a sharp, focused next-action prompt — the agent must drill into
+        // the FIRST failure rather than declaring victory.
+        const failingSignal = detectFailingTestOrBuild(response);
+        if (failingSignal) {
+            const noDocsInstruction = `IMPORTANT: Do NOT create markdown files, documentation, summaries, or reports.`;
+            return `${noDocsInstruction} The output above shows a failing test/build (${failingSignal}). Read the FIRST failure carefully, identify the root cause, edit exactly the file(s) needed, then re-run the same test/build command to confirm. Do not stop until that command exits cleanly.`;
+        }
+        // Only auto-continue for certain types of work
+        const hasFileOperations = toolsUsed.some(t => ['Read', 'Write', 'Edit', 'Search', 'Grep'].includes(t));
+        const hasBashOperations = toolsUsed.includes('Bash');
+        if (!hasFileOperations && !hasBashOperations) {
+            return null; // No meaningful work to continue
+        }
+        // Analyze response to determine what to do next
+        const lowercaseResponse = response.toLowerCase();
+        // Check for common patterns that indicate more work is needed
+        if (lowercaseResponse.includes('next steps') ||
+            lowercaseResponse.includes('further') ||
+            lowercaseResponse.includes('additional') ||
+            lowercaseResponse.includes('implement') ||
+            lowercaseResponse.includes('complete') ||
+            lowercaseResponse.includes('finish')) {
+            // Core instruction to prevent documentation spam
+            const noDocsInstruction = `IMPORTANT: Do NOT create markdown files, documentation, summaries, or reports. Focus only on the actual code/implementation work. Perform the next concrete action in the codebase.`;
+            // Generate a follow-up prompt based on the original task
+            if (originalPrompt.includes('fix') || originalPrompt.includes('bug')) {
+                return `${noDocsInstruction} Continue fixing - edit the next file that needs changes.`;
+            }
+            else if (originalPrompt.includes('implement') || originalPrompt.includes('add')) {
+                return `${noDocsInstruction} Continue implementing - write or edit the next piece of code.`;
+            }
+            else if (originalPrompt.includes('refactor') || originalPrompt.includes('clean')) {
+                return `${noDocsInstruction} Continue refactoring - apply changes to the next file.`;
+            }
+            else if (originalPrompt.includes('test')) {
+                return `${noDocsInstruction} Continue with tests - run or fix the next test.`;
+            }
+            else if (originalPrompt.includes('build') || originalPrompt.includes('deploy') || originalPrompt.includes('publish')) {
+                return `${noDocsInstruction} Continue the build/deploy process - execute the next command.`;
+            }
+            else {
+                return `${noDocsInstruction} Continue with the original task "${originalPrompt.slice(0, 100)}..." - perform the next action.`;
+            }
+        }
+        return null;
+    }
+    handleInterrupt() {
+        if (!this.isProcessing) {
+            return;
+        }
+        const renderer = this.promptController?.getRenderer();
+        if (renderer) {
+            renderer.addEvent('banner', chalk.yellow('Interrupted'));
+        }
+        // Actually cancel the in-flight controller run. Without this the
+        // for-await loop in processPrompt keeps consuming events, the spinner
+        // stays up, and the agent grinds through the rest of its tool loop
+        // while the user sees only a "Interrupted" banner. cancel() is a no-op
+        // when there's no active sink, so this is safe to call unconditionally.
+        try {
+            this.controller.cancel('user interrupt via Ctrl+C');
+        }
+        catch {
+            // Best-effort; if the controller is already torn down the next
+            // Ctrl+C will fall through to authorizedShutdown.
+        }
+        // Suppress the auto-continue re-launch in processPrompt's finally
+        // block. Otherwise the agent immediately starts a fresh "continue"
+        // cycle 500ms later and the user has to keep mashing Ctrl+C to keep
+        // up. Cleared when the user submits a new prompt.
+        this.userInterruptedRun = true;
+    }
+    handleAutoContinueToggle() {
+        const autoMode = this.promptController?.getAutoMode() ?? 'off';
+        this.promptController?.setStatusMessage(`Auto: ${autoMode}`);
+        setTimeout(() => this.promptController?.setStatusMessage(null), 1500);
+        // Reset task completion detector when entering any auto mode
+        if (autoMode !== 'off') {
+            const detector = getTaskCompletionDetector();
+            detector.reset();
+            // Clear any stored original prompt
+            this.originalPromptForAutoContinue = null;
+        }
+    }
+    handleHITLToggle() {
+        const mode = this.promptController?.getModeToggleState().hitlMode ?? 'off';
+        getHITL().updateConfig({ autoPause: mode === 'on' });
+        this.promptController?.setStatusMessage(`HITL: ${mode}`);
+        setTimeout(() => this.promptController?.setStatusMessage(null), 1500);
+    }
+    /**
+     * Shift+Tab cycled the permission mode. The hint line under the input box
+     * already shows the active mode; this surfaces a brief one-line note in
+     * the chat so the change is unmistakable, matching how Claude Code echoes
+     * a mode switch.
+     */
+    handlePermissionModeChange(mode) {
+        const note = mode === 'plan'
+            ? 'plan mode — read-only; I won’t edit files or run commands until you approve a plan'
+            : mode === 'acceptEdits'
+                ? 'accept edits on — file edits apply without the adversarial pre-flight'
+                : 'default mode';
+        this.promptController?.setStatusMessage(note);
+        setTimeout(() => this.promptController?.setStatusMessage(null), 2500);
+    }
+    /**
+     * Ctrl+O — expand the last truncated tool result. The `(ctrl+o to expand)`
+     * marker promises this; we honor it by re-emitting the SAME tool result with
+     * no line cap (a huge maxLines), appended below as a dim block. If nothing is
+     * pending (the last result fit on screen), a brief status note says so rather
+     * than silently doing nothing.
+     */
+    handleExpandToolResult() {
+        const last = this.lastExpandableResult;
+        const renderer = this.promptController?.getRenderer();
+        if (!last || !renderer) {
+            this.promptController?.setStatusMessage('Nothing to expand');
+            setTimeout(() => this.promptController?.setStatusMessage(null), 1500);
+            return;
+        }
+        // Re-render the full result (no truncation). One expand per result.
+        this.lastExpandableResult = null;
+        renderer.addEvent('tool-result', formatToolResult(last.name, last.result, last.params, { maxLines: 100000 }));
+    }
+    handleCtrlC(info) {
+        const now = Date.now();
+        // Reset count if more than 2 seconds since last Ctrl+C
+        if (now - this.lastCtrlCTime > 2000) {
+            this.ctrlCCount = 0;
+        }
+        this.lastCtrlCTime = now;
+        this.ctrlCCount++;
+        if (info.hadBuffer) {
+            // Clear buffer, reset count
+            this.ctrlCCount = 0;
+            return;
+        }
+        // Always allow double Ctrl+C to exit, even while processing
+        if (this.ctrlCCount >= 2) {
+            // Use authorized shutdown to bypass anti-termination guard
+            void authorizedShutdown(0);
+            this.shouldExit = true;
+            this.ctrlCCount = 0;
+            return;
+        }
+        if (this.isProcessing) {
+            // Interrupt processing on first Ctrl+C, then allow next Ctrl+C to exit
+            this.handleInterrupt();
+            const renderer = this.promptController?.getRenderer();
+            if (renderer) {
+                renderer.addEvent('banner', chalk.dim('Press Ctrl+C again to exit'));
+            }
+            return;
+        }
+        // First Ctrl+C when idle: show hint
+        const renderer = this.promptController?.getRenderer();
+        if (renderer) {
+            renderer.addEvent('banner', chalk.dim('Press Ctrl+C again to exit'));
+        }
+    }
+    handleExit() {
+        this.shouldExit = true;
+        this.cleanupSudoPasswordHandler();
+        this.promptController?.stop();
+        void authorizedShutdown(0);
+    }
+    waitForExit() {
+        return new Promise((resolve) => {
+            const check = () => {
+                if (this.shouldExit) {
+                    resolve();
+                }
+                else {
+                    setTimeout(check, 100);
+                }
+            };
+            check();
+        });
+    }
+}
+// The --profile / -p flag was removed; the only call site passes nothing.
+// We retain the function as a single source of truth for the hardcoded
+// profile name that downstream config (agent prompt, model, rulebook)
+// keys off of.
+function resolveProfile() {
+    return 'trenchwork-code';
+}
+//# sourceMappingURL=interactiveShell.js.map