acpx 0.7.0 → 0.9.0

package/dist/{prompt-turn-CVPMWdj1.js → live-checkpoint-D5d-K9s1.js}

@@ -1,5 +1,3 @@
-import { B as PermissionDeniedError, C as isAcpResourceNotFoundError, F as AgentStartupError, G as SessionModeReplayError, I as AuthPolicyError, J as SessionResolutionError, K as SessionModelReplayError, L as ClaudeAcpSessionCreateTimeoutError, M as SESSION_RECORD_SCHEMA, N as AgentDisconnectedError, P as AgentSpawnError, R as CopilotAcpUnsupportedError, S as extractAcpError, V as PermissionPromptUnavailableError, W as SessionConfigOptionReplayError, Y as SessionResumeRequiredError, g as textPrompt, i as measurePerf, l as extractRuntimeSessionId, q as SessionNotFoundError, r as incrementPerfCounter, u as normalizeRuntimeSessionId, v as formatErrorMessage, y as isAcpQueryClosedBeforeResponseError, z as GeminiAcpStartupTimeoutError } from "./perf-metrics-C2pXfxvR.js";
-import { r as isSessionUpdateNotification } from "./jsonrpc-DSxh2w5R.js";
 import fs, { statSync } from "node:fs";
 import { fileURLToPath } from "node:url";
 import path from "node:path";
@@ -11,16 +9,435 @@ import { ClientSideConnection, PROTOCOL_VERSION } from "@agentclientprotocol/sdk
 import readline from "node:readline/promises";
 import { promisify } from "node:util";
 import { randomUUID } from "node:crypto";
+//#region src/errors.ts
+var AcpxOperationalError = class extends Error {
+	outputCode;
+	detailCode;
+	origin;
+	retryable;
+	acp;
+	outputAlreadyEmitted;
+	constructor(message, options) {
+		super(message, options);
+		this.name = new.target.name;
+		this.outputCode = options?.outputCode;
+		this.detailCode = options?.detailCode;
+		this.origin = options?.origin;
+		this.retryable = options?.retryable;
+		this.acp = options?.acp;
+		this.outputAlreadyEmitted = options?.outputAlreadyEmitted;
+	}
+};
+var SessionNotFoundError = class extends AcpxOperationalError {
+	sessionId;
+	constructor(sessionId) {
+		super(`Session not found: ${sessionId}`);
+		this.sessionId = sessionId;
+	}
+};
+var SessionResolutionError = class extends AcpxOperationalError {};
+var AgentSpawnError = class extends AcpxOperationalError {
+	agentCommand;
+	constructor(agentCommand, cause) {
+		super(`Failed to spawn agent command: ${agentCommand}`, { cause: cause instanceof Error ? cause : void 0 });
+		this.agentCommand = agentCommand;
+	}
+};
+var AgentStartupError = class extends AcpxOperationalError {
+	agentCommand;
+	exitCode;
+	signal;
+	stderrSummary;
+	constructor(params) {
+		const exitSummary = `exit=${params.exitCode ?? "null"}, signal=${params.signal ?? "null"}`;
+		const stderrSuffix = typeof params.stderrSummary === "string" && params.stderrSummary.trim().length > 0 ? `: ${params.stderrSummary.trim()}` : "";
+		super(`ACP agent exited before initialize completed (${exitSummary})${stderrSuffix}`, {
+			cause: params.cause instanceof Error ? params.cause : void 0,
+			outputCode: "RUNTIME",
+			detailCode: "AGENT_STARTUP_FAILED",
+			origin: "acp"
+		});
+		this.agentCommand = params.agentCommand;
+		this.exitCode = params.exitCode;
+		this.signal = params.signal;
+		this.stderrSummary = params.stderrSummary?.trim() || void 0;
+	}
+};
+var AgentDisconnectedError = class extends AcpxOperationalError {
+	reason;
+	exitCode;
+	signal;
+	constructor(reason, exitCode, signal, options) {
+		super(`ACP agent disconnected during request (${reason}, exit=${exitCode ?? "null"}, signal=${signal ?? "null"})`, {
+			outputCode: "RUNTIME",
+			detailCode: "AGENT_DISCONNECTED",
+			origin: "acp",
+			...options
+		});
+		this.reason = reason;
+		this.exitCode = exitCode;
+		this.signal = signal;
+	}
+};
+var UnsupportedPromptContentError = class extends AcpxOperationalError {
+	constructor(message) {
+		super(message, {
+			outputCode: "USAGE",
+			detailCode: "UNSUPPORTED_PROMPT_CONTENT",
+			origin: "acp"
+		});
+	}
+};
+var SessionResumeRequiredError = class extends AcpxOperationalError {
+	constructor(message, options) {
+		super(message, {
+			outputCode: "RUNTIME",
+			detailCode: "SESSION_RESUME_REQUIRED",
+			origin: "acp",
+			retryable: true,
+			...options
+		});
+	}
+};
+var GeminiAcpStartupTimeoutError = class extends AcpxOperationalError {
+	constructor(message, options) {
+		super(message, {
+			outputCode: "TIMEOUT",
+			detailCode: "GEMINI_ACP_STARTUP_TIMEOUT",
+			origin: "acp",
+			...options
+		});
+	}
+};
+var SessionModeReplayError = class extends AcpxOperationalError {
+	constructor(message, options) {
+		super(message, {
+			outputCode: "RUNTIME",
+			detailCode: "SESSION_MODE_REPLAY_FAILED",
+			origin: "acp",
+			...options
+		});
+	}
+};
+var SessionModelReplayError = class extends AcpxOperationalError {
+	constructor(message, options) {
+		super(message, {
+			outputCode: "RUNTIME",
+			detailCode: "SESSION_MODEL_REPLAY_FAILED",
+			origin: "acp",
+			...options
+		});
+	}
+};
+var SessionConfigOptionReplayError = class extends AcpxOperationalError {
+	constructor(message, options) {
+		super(message, {
+			outputCode: "RUNTIME",
+			detailCode: "SESSION_CONFIG_OPTION_REPLAY_FAILED",
+			origin: "acp",
+			...options
+		});
+	}
+};
+var ClaudeAcpSessionCreateTimeoutError = class extends AcpxOperationalError {
+	constructor(message, options) {
+		super(message, {
+			outputCode: "TIMEOUT",
+			detailCode: "CLAUDE_ACP_SESSION_CREATE_TIMEOUT",
+			origin: "acp",
+			...options
+		});
+	}
+};
+var CopilotAcpUnsupportedError = class extends AcpxOperationalError {
+	constructor(message, options) {
+		super(message, {
+			outputCode: "RUNTIME",
+			detailCode: "COPILOT_ACP_UNSUPPORTED",
+			origin: "acp",
+			...options
+		});
+	}
+};
+var AuthPolicyError = class extends AcpxOperationalError {
+	constructor(message, options) {
+		super(message, {
+			outputCode: "RUNTIME",
+			detailCode: "AUTH_REQUIRED",
+			origin: "acp",
+			...options
+		});
+	}
+};
+var QueueConnectionError = class extends AcpxOperationalError {};
+var QueueProtocolError = class extends AcpxOperationalError {};
+var PermissionDeniedError = class extends AcpxOperationalError {};
+var PermissionPromptUnavailableError = class extends AcpxOperationalError {
+	constructor() {
+		super("Permission prompt unavailable in non-interactive mode");
+	}
+};
+//#endregion
+//#region src/types.ts
+const EXIT_CODES = {
+	SUCCESS: 0,
+	ERROR: 1,
+	USAGE: 2,
+	TIMEOUT: 3,
+	NO_SESSION: 4,
+	PERMISSION_DENIED: 5,
+	INTERRUPTED: 130
+};
+const OUTPUT_FORMATS = [
+	"text",
+	"json",
+	"quiet"
+];
+const PERMISSION_MODES = [
+	"approve-all",
+	"approve-reads",
+	"deny-all"
+];
+const AUTH_POLICIES = ["skip", "fail"];
+const NON_INTERACTIVE_PERMISSION_POLICIES = ["deny", "fail"];
+const PERMISSION_POLICY_ACTIONS = [
+	"approve",
+	"deny",
+	"escalate"
+];
+const OUTPUT_ERROR_CODES = [
+	"NO_SESSION",
+	"TIMEOUT",
+	"PERMISSION_DENIED",
+	"PERMISSION_PROMPT_UNAVAILABLE",
+	"RUNTIME",
+	"USAGE"
+];
+const OUTPUT_ERROR_ORIGINS = [
+	"cli",
+	"runtime",
+	"queue",
+	"acp"
+];
+const SESSION_RECORD_SCHEMA = "acpx.session.v1";
+//#endregion
+//#region src/acp/error-shapes.ts
+const RESOURCE_NOT_FOUND_ACP_CODES = new Set([-32001, -32002]);
+function asRecord$7(value) {
+	if (!value || typeof value !== "object" || Array.isArray(value)) return;
+	return value;
+}
+function toAcpErrorPayload(value) {
+	const record = asRecord$7(value);
+	if (!record) return;
+	if (typeof record.code !== "number" || !Number.isFinite(record.code)) return;
+	if (typeof record.message !== "string" || record.message.length === 0) return;
+	return {
+		code: record.code,
+		message: record.message,
+		data: record.data
+	};
+}
+function extractAcpErrorInternal(value, depth) {
+	if (depth > 5) return;
+	const direct = toAcpErrorPayload(value);
+	if (direct) return direct;
+	const record = asRecord$7(value);
+	if (!record) return;
+	return extractNestedAcpError(record, depth);
+}
+function extractNestedAcpError(record, depth) {
+	for (const key of [
+		"error",
+		"acp",
+		"cause"
+	]) if (key in record) {
+		const nested = extractAcpErrorInternal(record[key], depth + 1);
+		if (nested) return nested;
+	}
+}
+function formatUnknownErrorMessage(error) {
+	if (error instanceof Error) return error.message;
+	if (error && typeof error === "object") {
+		const maybeMessage = error.message;
+		if (typeof maybeMessage === "string" && maybeMessage.length > 0) return maybeMessage;
+		try {
+			return JSON.stringify(error);
+		} catch {}
+	}
+	return String(error);
+}
+const SESSION_NOT_FOUND_PATTERN = /session\s+["'\w-]+\s+not found/i;
+function isSessionNotFoundText(value) {
+	if (typeof value !== "string") return false;
+	const normalized = value.toLowerCase();
+	return normalized.includes("resource_not_found") || normalized.includes("resource not found") || normalized.includes("session not found") || normalized.includes("unknown session") || normalized.includes("invalid session identifier") || SESSION_NOT_FOUND_PATTERN.test(value);
+}
+function hasSessionNotFoundHint(value, depth = 0) {
+	if (depth > 4) return false;
+	if (isSessionNotFoundText(value)) return true;
+	if (Array.isArray(value)) return value.some((entry) => hasSessionNotFoundHint(entry, depth + 1));
+	const record = asRecord$7(value);
+	if (!record) return false;
+	return Object.values(record).some((entry) => hasSessionNotFoundHint(entry, depth + 1));
+}
+function extractAcpError(error) {
+	return extractAcpErrorInternal(error, 0);
+}
+function isAcpResourceNotFoundError(error) {
+	const acp = extractAcpError(error);
+	if (acp && RESOURCE_NOT_FOUND_ACP_CODES.has(acp.code)) return true;
+	if (acp) {
+		if (isSessionNotFoundText(acp.message)) return true;
+		if (hasSessionNotFoundHint(acp.data)) return true;
+	}
+	return isSessionNotFoundText(formatUnknownErrorMessage(error));
+}
+//#endregion
+//#region src/acp/error-normalization.ts
+const AUTH_REQUIRED_ACP_CODES = new Set([-32e3]);
+const QUERY_CLOSED_BEFORE_RESPONSE_DETAIL = "query closed before response received";
+function asRecord$6(value) {
+	if (!value || typeof value !== "object" || Array.isArray(value)) return;
+	return value;
+}
+function isAuthRequiredMessage(value) {
+	if (!value) return false;
+	const normalized = value.toLowerCase();
+	return [
+		"auth required",
+		"authentication required",
+		"authorization required",
+		"credential required",
+		"credentials required",
+		"token required",
+		"login required"
+	].some((needle) => normalized.includes(needle));
+}
+function isAcpAuthRequiredPayload(acp) {
+	if (!acp) return false;
+	if (!AUTH_REQUIRED_ACP_CODES.has(acp.code)) return false;
+	if (isAuthRequiredMessage(acp.message)) return true;
+	const data = asRecord$6(acp.data);
+	if (!data) return false;
+	return hasAuthRequiredData(data);
+}
+function hasAuthRequiredData(data) {
+	return data.authRequired === true || hasNonEmptyString(data.methodId) || hasNonEmptyArray(data.methods);
+}
+function hasNonEmptyString(value) {
+	return typeof value === "string" && value.trim().length > 0;
+}
+function hasNonEmptyArray(value) {
+	return Array.isArray(value) && value.length > 0;
+}
+function isOutputErrorCode(value) {
+	return typeof value === "string" && OUTPUT_ERROR_CODES.includes(value);
+}
+function isOutputErrorOrigin(value) {
+	return typeof value === "string" && OUTPUT_ERROR_ORIGINS.includes(value);
+}
+function readOutputErrorMeta(error) {
+	const record = asRecord$6(error);
+	if (!record) return {};
+	return {
+		outputCode: isOutputErrorCode(record.outputCode) ? record.outputCode : void 0,
+		detailCode: typeof record.detailCode === "string" && record.detailCode.trim().length > 0 ? record.detailCode : void 0,
+		origin: isOutputErrorOrigin(record.origin) ? record.origin : void 0,
+		retryable: typeof record.retryable === "boolean" ? record.retryable : void 0,
+		acp: extractAcpError(record.acp)
+	};
+}
+function isTimeoutLike(error) {
+	return error instanceof Error && error.name === "TimeoutError";
+}
+function isNoSessionLike(error) {
+	return error instanceof Error && error.name === "NoSessionError";
+}
+function isUsageLike(error) {
+	if (!(error instanceof Error)) return false;
+	return error.name === "CommanderError" || error.name === "InvalidArgumentError" || asRecord$6(error)?.code === "commander.invalidArgument";
+}
+function formatErrorMessage(error) {
+	return formatUnknownErrorMessage(error);
+}
+function isAcpQueryClosedBeforeResponseError(error) {
+	const acp = extractAcpError(error);
+	if (!acp || acp.code !== -32603) return false;
+	const details = asRecord$6(acp.data)?.details;
+	if (typeof details !== "string") return false;
+	return details.toLowerCase().includes(QUERY_CLOSED_BEFORE_RESPONSE_DETAIL);
+}
+function mapErrorCode(error) {
+	if (error instanceof PermissionPromptUnavailableError) return "PERMISSION_PROMPT_UNAVAILABLE";
+	if (error instanceof PermissionDeniedError) return "PERMISSION_DENIED";
+	if (isTimeoutLike(error)) return "TIMEOUT";
+	if (isNoSessionLike(error) || isAcpResourceNotFoundError(error)) return "NO_SESSION";
+	if (isUsageLike(error)) return "USAGE";
+}
+function normalizeOutputError(error, options = {}) {
+	const meta = readOutputErrorMeta(error);
+	const code = resolveOutputErrorCode(error, options, meta);
+	const acp = options.acp ?? meta.acp ?? extractAcpError(error);
+	return {
+		code,
+		message: formatErrorMessage(error),
+		detailCode: resolveDetailCode(error, acp, options, meta),
+		origin: meta.origin ?? options.origin,
+		retryable: meta.retryable ?? options.retryable,
+		acp
+	};
+}
+function resolveOutputErrorCode(error, options, meta) {
+	const code = meta.outputCode ?? mapErrorCode(error) ?? options.defaultCode ?? "RUNTIME";
+	if (code === "RUNTIME" && isAcpResourceNotFoundError(error)) return "NO_SESSION";
+	return code;
+}
+function resolveDetailCode(error, acp, options, meta) {
+	return meta.detailCode ?? options.detailCode ?? (error instanceof AuthPolicyError || isAcpAuthRequiredPayload(acp) ? "AUTH_REQUIRED" : void 0);
+}
+/**
+* Returns true when an error from `client.prompt()` looks transient and
+* can reasonably be retried (e.g. model-API 400/500, network hiccups that
+* surface as ACP internal errors).
+*
+* Errors that are definitively non-recoverable (auth, missing session,
+* invalid params, timeout, permission) return false.
+*/
+function isRetryablePromptError(error) {
+	if (isNonRetryablePromptError(error)) return false;
+	const acp = extractAcpError(error);
+	if (!acp) return false;
+	if (isPermanentPromptAcpError(acp)) return false;
+	return acp.code === -32603 || acp.code === -32700;
+}
+function isNonRetryablePromptError(error) {
+	return error instanceof PermissionDeniedError || error instanceof PermissionPromptUnavailableError || isTimeoutLike(error) || isNoSessionLike(error) || isUsageLike(error);
+}
+function isPermanentPromptAcpError(acp) {
+	return acp.code === -32001 || acp.code === -32002 || acp.code === -32601 || acp.code === -32602 || isAcpAuthRequiredPayload(acp);
+}
+function exitCodeForOutputErrorCode(code) {
+	switch (code) {
+		case "USAGE": return EXIT_CODES.USAGE;
+		case "TIMEOUT": return EXIT_CODES.TIMEOUT;
+		case "NO_SESSION": return EXIT_CODES.NO_SESSION;
+		case "PERMISSION_DENIED":
+		case "PERMISSION_PROMPT_UNAVAILABLE": return EXIT_CODES.PERMISSION_DENIED;
+		default: return EXIT_CODES.ERROR;
+	}
+}
+//#endregion
 //#region src/agent-registry.ts
 const ACP_ADAPTER_PACKAGE_RANGES = {
 	pi: "^0.0.26",
-	codex: "^0.12.0",
-	claude: "^0.31.0"
+	codex: "^0.0.44",
+	claude: "^0.36.1"
 };
 const AGENT_REGISTRY = {
 	pi: `npx pi-acp@${ACP_ADAPTER_PACKAGE_RANGES.pi}`,
 	openclaw: "openclaw acp",
-	codex: `npx @zed-industries/codex-acp@${ACP_ADAPTER_PACKAGE_RANGES.codex}`,
+	codex: `npx -y @agentclientprotocol/codex-acp@${ACP_ADAPTER_PACKAGE_RANGES.codex}`,
 	claude: `npx -y @agentclientprotocol/claude-agent-acp@${ACP_ADAPTER_PACKAGE_RANGES.claude}`,
 	gemini: "gemini --acp",
 	cursor: "cursor-agent acp",
@@ -37,7 +454,7 @@ const AGENT_REGISTRY = {
 };
 const BUILT_IN_AGENT_PACKAGES = {
 	codex: {
-		packageName: "@zed-industries/codex-acp",
+		packageName: "@agentclientprotocol/codex-acp",
 		packageRange: ACP_ADAPTER_PACKAGE_RANGES.codex,
 		preferredBinName: "codex-acp",
 		fallbackCommand: AGENT_REGISTRY.codex,
@@ -109,26 +526,37 @@ function resolveInstalledBuiltInAgentLaunch(agentCommand, options = {}) {
 	const existsSync = options.existsSync ?? fs.existsSync;
 	const resolvePackageRoot = options.resolvePackageRoot ?? defaultResolvePackageRoot;
 	try {
-		const packageRoot = resolvePackageRoot(spec.packageName);
-		const manifest = JSON.parse(readFileSync(path.join(packageRoot, "package.json"), "utf8"));
-		if (manifest.name !== spec.packageName) return;
-		const relativeBinPath = resolvePackageBin(spec, manifest);
-		if (!relativeBinPath) return;
-		const binPath = path.resolve(packageRoot, relativeBinPath);
-		if (!existsSync(binPath)) return;
+		const resolved = resolveInstalledBuiltInAgentPackage(spec, {
+			readFileSync,
+			existsSync,
+			resolvePackageRoot
+		});
+		if (!resolved) return;
 		return {
 			source: "installed",
 			command: process.execPath,
-			args: [binPath],
+			args: [resolved.binPath],
 			packageName: spec.packageName,
 			packageRange: spec.packageRange,
-			packageVersion: manifest.version,
-			binPath
+			packageVersion: resolved.packageVersion,
+			binPath: resolved.binPath
 		};
 	} catch {
 		return;
 	}
 }
+function resolveInstalledBuiltInAgentPackage(spec, options) {
+	const packageRoot = options.resolvePackageRoot(spec.packageName);
+	const manifest = JSON.parse(options.readFileSync(path.join(packageRoot, "package.json"), "utf8"));
+	if (manifest.name !== spec.packageName) return;
+	const relativeBinPath = resolvePackageBin(spec, manifest);
+	if (!relativeBinPath) return;
+	const binPath = path.resolve(packageRoot, relativeBinPath);
+	return options.existsSync(binPath) ? {
+		packageVersion: manifest.version,
+		binPath
+	} : void 0;
+}
 function resolvePackageExecBuiltInAgentLaunch(agentCommand, options = {}) {
 	const spec = findBuiltInAgentPackage(agentCommand);
 	if (!spec) return;
@@ -223,6 +651,210 @@ async function withInterrupt(run, onInterrupt) {
 	});
 }
 //#endregion
+//#region src/prompt-content.ts
+var PromptInputValidationError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "PromptInputValidationError";
+	}
+};
+function asRecord$5(value) {
+	if (!value || typeof value !== "object" || Array.isArray(value)) return;
+	return value;
+}
+function isNonEmptyString(value) {
+	return typeof value === "string" && value.trim().length > 0;
+}
+function isBase64Data(value) {
+	if (value.length === 0 || value.length % 4 !== 0) return false;
+	return /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(value);
+}
+function isImageMimeType(value) {
+	return /^image\/[A-Za-z0-9.+-]+$/i.test(value);
+}
+function isAudioMimeType(value) {
+	return /^audio\/[A-Za-z0-9.+-]+$/i.test(value);
+}
+function isTextBlock(value) {
+	const record = asRecord$5(value);
+	return record?.type === "text" && typeof record.text === "string";
+}
+function isImageBlock(value) {
+	const record = asRecord$5(value);
+	return record?.type === "image" && isNonEmptyString(record.mimeType) && isImageMimeType(record.mimeType) && typeof record.data === "string" && isBase64Data(record.data);
+}
+function isAudioBlock(value) {
+	const record = asRecord$5(value);
+	return record?.type === "audio" && isNonEmptyString(record.mimeType) && isAudioMimeType(record.mimeType) && typeof record.data === "string" && isBase64Data(record.data);
+}
+function isResourceLinkBlock(value) {
+	const record = asRecord$5(value);
+	return record?.type === "resource_link" && isNonEmptyString(record.uri) && (record.title === void 0 || typeof record.title === "string") && (record.name === void 0 || typeof record.name === "string");
+}
+function isResourcePayload(value) {
+	const record = asRecord$5(value);
+	if (!record || !isNonEmptyString(record.uri)) return false;
+	return record.text === void 0 || typeof record.text === "string";
+}
+function isResourceBlock(value) {
+	const record = asRecord$5(value);
+	return record?.type === "resource" && isResourcePayload(record.resource);
+}
+const CONTENT_BLOCK_VALIDATORS = [
+	isTextBlock,
+	isImageBlock,
+	isAudioBlock,
+	isResourceLinkBlock,
+	isResourceBlock
+];
+function isContentBlock(value) {
+	return CONTENT_BLOCK_VALIDATORS.some((validator) => validator(value));
+}
+const CONTENT_BLOCK_ERROR_VALIDATORS = {
+	text: validateTextContentBlock,
+	image: validateImageContentBlock,
+	audio: validateAudioContentBlock,
+	resource_link: validateResourceLinkContentBlock,
+	resource: validateResourceContentBlock
+};
+function contentBlockErrorValidator(type) {
+	return Object.hasOwn(CONTENT_BLOCK_ERROR_VALIDATORS, type) ? CONTENT_BLOCK_ERROR_VALIDATORS[type] : void 0;
+}
+function validateTextContentBlock(record, index) {
+	return typeof record.text === "string" ? void 0 : `prompt[${index}] text block must include a string text field`;
+}
+function validateImageContentBlock(record, index) {
+	if (!isNonEmptyString(record.mimeType)) return `prompt[${index}] image block must include a non-empty mimeType`;
+	if (!isImageMimeType(record.mimeType)) return `prompt[${index}] image block mimeType must start with image/`;
+	if (typeof record.data !== "string" || record.data.length === 0) return `prompt[${index}] image block must include non-empty base64 data`;
+	return isBase64Data(record.data) ? void 0 : `prompt[${index}] image block data must be valid base64`;
+}
+function validateAudioContentBlock(record, index) {
+	if (!isNonEmptyString(record.mimeType)) return `prompt[${index}] audio block must include a non-empty mimeType`;
+	if (!isAudioMimeType(record.mimeType)) return `prompt[${index}] audio block mimeType must start with audio/`;
+	if (typeof record.data !== "string" || record.data.length === 0) return `prompt[${index}] audio block must include non-empty base64 data`;
+	return isBase64Data(record.data) ? void 0 : `prompt[${index}] audio block data must be valid base64`;
+}
+function validateResourceLinkContentBlock(record, index) {
+	if (!isNonEmptyString(record.uri)) return `prompt[${index}] resource_link block must include a non-empty uri`;
+	if (record.title !== void 0 && typeof record.title !== "string") return `prompt[${index}] resource_link block title must be a string when present`;
+	if (record.name !== void 0 && typeof record.name !== "string") return `prompt[${index}] resource_link block name must be a string when present`;
+}
+function validateResourceContentBlock(record, index) {
+	if (!asRecord$5(record.resource)) return `prompt[${index}] resource block must include a resource object`;
+	return isResourcePayload(record.resource) ? void 0 : `prompt[${index}] resource block resource must include a non-empty uri and optional text`;
+}
+function getContentBlockValidationError(value, index) {
+	const record = asRecord$5(value);
+	if (!record || typeof record.type !== "string") return `prompt[${index}] must be an ACP content block object`;
+	const validator = contentBlockErrorValidator(record.type);
+	return validator ? validator(record, index) : `prompt[${index}] has unsupported content block type ${JSON.stringify(record.type)}`;
+}
+function isPromptInput(value) {
+	return Array.isArray(value) && value.every((entry) => isContentBlock(entry));
+}
+function promptCapabilityRequirement(block) {
+	switch (block.type) {
+		case "image": return {
+			blockType: "image",
+			capability: "image"
+		};
+		case "audio": return {
+			blockType: "audio",
+			capability: "audio"
+		};
+		case "resource": return {
+			blockType: "resource",
+			capability: "embeddedContext"
+		};
+		default: return;
+	}
+}
+function getUnsupportedPromptContentMessage(prompt, agentCapabilities) {
+	for (const [index, block] of prompt.entries()) {
+		const requirement = promptCapabilityRequirement(block);
+		if (!requirement) continue;
+		if (agentCapabilities?.promptCapabilities?.[requirement.capability] === true) continue;
+		return `prompt[${index}] ${requirement.blockType} content requires agentCapabilities.promptCapabilities.${requirement.capability}`;
+	}
+}
+function textPrompt(text) {
+	return [{
+		type: "text",
+		text
+	}];
+}
+function parseStructuredPrompt(source) {
+	if (!source.startsWith("[")) return;
+	try {
+		const parsed = JSON.parse(source);
+		if (isPromptInput(parsed)) return parsed;
+		if (Array.isArray(parsed)) throw new PromptInputValidationError(parsed.map((entry, index) => getContentBlockValidationError(entry, index)).find((message) => message !== void 0) ?? "Structured prompt JSON must be an array of valid ACP content blocks");
+		return;
+	} catch (error) {
+		if (error instanceof PromptInputValidationError) throw error;
+		return;
+	}
+}
+function parsePromptSource(source) {
+	const trimmed = source.trim();
+	const structured = parseStructuredPrompt(trimmed);
+	if (structured) return structured;
+	if (!trimmed) return [];
+	return textPrompt(trimmed);
+}
+function mergePromptSourceWithText(source, suffixText) {
+	const prompt = parsePromptSource(source);
+	const appended = suffixText.trim();
+	if (!appended) return prompt;
+	if (prompt.length === 0) return textPrompt(appended);
+	return [...prompt, ...textPrompt(appended)];
+}
+function promptToDisplayText(prompt) {
+	return prompt.map((block) => contentBlockDisplayText(block)).filter((entry) => entry.trim().length > 0).join("\n\n").trim();
+}
+function contentBlockDisplayText(block) {
+	switch (block.type) {
+		case "text": return block.text;
+		case "resource_link": return block.title ?? block.name ?? block.uri;
+		case "resource": return resourceBlockDisplayText(block);
+		case "image": return `[image] ${block.mimeType}`;
+		case "audio": return `[audio] ${block.mimeType}`;
+		default: return "";
+	}
+}
+function resourceBlockDisplayText(block) {
+	return "text" in block.resource && typeof block.resource.text === "string" ? block.resource.text : block.resource.uri;
+}
+//#endregion
+//#region src/acp/agent-session-id.ts
+const AGENT_SESSION_ID_META_KEYS = ["agentSessionId", "sessionId"];
+function normalizeAgentSessionId(value) {
+	if (typeof value !== "string") return;
+	const trimmed = value.trim();
+	return trimmed.length > 0 ? trimmed : void 0;
+}
+function asMetaRecord(meta) {
+	if (!meta || typeof meta !== "object" || Array.isArray(meta)) return;
+	return meta;
+}
+function extractAgentSessionId(meta) {
+	const record = asMetaRecord(meta);
+	if (!record) return;
+	for (const key of AGENT_SESSION_ID_META_KEYS) {
+		const normalized = normalizeAgentSessionId(record[key]);
+		if (normalized) return normalized;
+	}
+}
+//#endregion
+//#region src/session/runtime-session-id.ts
+function normalizeRuntimeSessionId(value) {
+	return normalizeAgentSessionId(value);
+}
+function extractRuntimeSessionId(meta) {
+	return extractAgentSessionId(meta);
+}
+//#endregion
 //#region src/session/persistence/serialize.ts
 function serializeSessionRecordForDisk(record) {
 	const canonical = {
@@ -262,6 +894,72 @@ function serializeSessionRecordForDisk(record) {
 	};
 }
 //#endregion
+//#region src/perf-metrics.ts
+const counters = /* @__PURE__ */ new Map();
+const gauges = /* @__PURE__ */ new Map();
+const timings = /* @__PURE__ */ new Map();
+function hrNow() {
+	return process.hrtime.bigint();
+}
+function durationMs(start) {
+	return Number(process.hrtime.bigint() - start) / 1e6;
+}
+function roundMetric(value) {
+	return Number(value.toFixed(3));
+}
+function incrementPerfCounter(name, delta = 1) {
+	counters.set(name, (counters.get(name) ?? 0) + delta);
+}
+function setPerfGauge(name, value) {
+	gauges.set(name, value);
+}
+function recordPerfDuration(name, durationMsValue) {
+	const next = timings.get(name) ?? {
+		count: 0,
+		totalMs: 0,
+		maxMs: 0
+	};
+	next.count += 1;
+	next.totalMs += durationMsValue;
+	next.maxMs = Math.max(next.maxMs, durationMsValue);
+	timings.set(name, next);
+}
+async function measurePerf(name, run) {
+	const startedAt = hrNow();
+	try {
+		return await run();
+	} finally {
+		recordPerfDuration(name, durationMs(startedAt));
+	}
+}
+function startPerfTimer(name) {
+	const startedAt = hrNow();
+	return () => {
+		const elapsedMs = durationMs(startedAt);
+		recordPerfDuration(name, elapsedMs);
+		return elapsedMs;
+	};
+}
+function getPerfMetricsSnapshot() {
+	return {
+		counters: Object.fromEntries(counters.entries()),
+		gauges: Object.fromEntries(gauges.entries()),
+		timings: Object.fromEntries([...timings.entries()].map(([name, bucket]) => [name, {
+			count: bucket.count,
+			totalMs: roundMetric(bucket.totalMs),
+			maxMs: roundMetric(bucket.maxMs)
+		}]))
+	};
+}
+function resetPerfMetrics() {
+	counters.clear();
+	gauges.clear();
+	timings.clear();
+}
+function formatPerfMetric(name, durationMsValue) {
+	return `${name}=${roundMetric(durationMsValue)}ms`;
+}
+//#endregion
 //#region src/persisted-key-policy.ts
 const SNAKE_CASE_KEY = /^[a-z][a-z0-9_]*$/;
 const ZED_TAG_KEYS = new Set([
@@ -271,6 +969,7 @@ const ZED_TAG_KEYS = new Set([
 	"Text",
 	"Mention",
 	"Image",
+	"Audio",
 	"Thinking",
 	"RedactedThinking",
 	"ToolUse"
@@ -298,10 +997,13 @@ function shouldSkipKeyRule(path) {
 function shouldSkipDescend(path) {
 	return OPAQUE_VALUE_PATHS.has(joinPath(path)) || isToolResultOutputPath(path);
 }
+function isToolResultOutputTail(path, toolResultsIndex) {
+	return toolResultsIndex !== -1 && toolResultsIndex + 2 === path.length - 1;
+}
 function isToolResultOutputPath(path) {
 	if (path.length < 5 || path[path.length - 1] !== "output") return false;
 	const toolResultsIndex = path.lastIndexOf("tool_results");
-	if (toolResultsIndex === -1 || toolResultsIndex + 2 !== path.length - 1) return false;
+	if (!isToolResultOutputTail(path, toolResultsIndex)) return false;
 	return path.slice(0, toolResultsIndex + 1).join(".") === "messages.Agent.tool_results";
 }
 function collectViolations(value, path, violations) {
@@ -311,12 +1013,12 @@ function collectViolations(value, path, violations) {
 	}
 	if (!isRecord(value)) return;
 	const skipKeyRule = shouldSkipKeyRule(path);
-	for (const [key, child] of Object.entries(value)) {
-		if (!skipKeyRule && !SNAKE_CASE_KEY.test(key) && !isAllowedKey(path, key)) violations.push(`${joinPath(path)}.${key}`.replace(/^\./, ""));
-		const childPath = [...path, key];
-		if (shouldSkipDescend(childPath)) continue;
-		collectViolations(child, childPath, violations);
-	}
+	for (const [key, child] of Object.entries(value)) collectKeyViolation(child, key, path, skipKeyRule, violations);
+}
+function collectKeyViolation(child, key, path, skipKeyRule, violations) {
+	if (!skipKeyRule && !SNAKE_CASE_KEY.test(key) && !isAllowedKey(path, key)) violations.push(`${joinPath(path)}.${key}`.replace(/^\./, ""));
+	const childPath = [...path, key];
+	if (!shouldSkipDescend(childPath)) collectViolations(child, childPath, violations);
 }
 function findPersistedKeyPolicyViolations(value) {
 	const violations = [];
@@ -358,7 +1060,7 @@ function defaultSessionEventLog(sessionId) {
 }
 //#endregion
 //#region src/session/persistence/parse.ts
-function asRecord$3(value) {
+function asRecord$4(value) {
 	if (!value || typeof value !== "object" || Array.isArray(value)) return;
 	return value;
 }
@@ -370,7 +1072,7 @@ function isStringArray(value) {
 }
 function parseTokenUsage(raw) {
 	if (raw === void 0 || raw === null) return;
-	const record = asRecord$3(raw);
+	const record = asRecord$4(raw);
 	if (!record) return null;
 	const usage = {};
 	for (const field of [
@@ -381,14 +1083,17 @@ function parseTokenUsage(raw) {
 	]) {
 		const value = record[field];
 		if (value === void 0) continue;
-		if (typeof value !== "number" || !Number.isFinite(value) || value < 0) return null;
+		if (!isNonNegativeFiniteNumber(value)) return null;
 		usage[field] = value;
 	}
 	return usage;
 }
+function isNonNegativeFiniteNumber(value) {
+	return typeof value === "number" && Number.isFinite(value) && value >= 0;
+}
 function parseRequestTokenUsage(raw) {
 	if (raw === void 0 || raw === null) return;
-	const record = asRecord$3(raw);
+	const record = asRecord$4(raw);
 	if (!record) return null;
 	const usage = {};
 	for (const [key, value] of Object.entries(record)) {
@@ -399,62 +1104,81 @@ function parseRequestTokenUsage(raw) {
 	return usage;
 }
 function isSessionMessageImage(raw) {
-	const record = asRecord$3(raw);
+	const record = asRecord$4(raw);
 	if (!record || typeof record.source !== "string") return false;
 	if (record.size === void 0 || record.size === null) return true;
-	const size = asRecord$3(record.size);
-	return !!size && typeof size.width === "number" && Number.isFinite(size.width) && typeof size.height === "number" && Number.isFinite(size.height);
+	const size = asRecord$4(record.size);
+	return !!size && isFiniteNumber(size.width) && isFiniteNumber(size.height);
+}
+function isSessionMessageAudio(raw) {
+	const record = asRecord$4(raw);
+	return !!record && typeof record.source === "string" && typeof record.mime_type === "string";
+}
+function isFiniteNumber(value) {
+	return typeof value === "number" && Number.isFinite(value);
 }
 function isUserContent(raw) {
-	const record = asRecord$3(raw);
+	const record = asRecord$4(raw);
 	if (!record) return false;
 	if (typeof record.Text === "string") return true;
 	if (record.Mention !== void 0) {
-		const mention = asRecord$3(record.Mention);
+		const mention = asRecord$4(record.Mention);
 		return !!mention && typeof mention.uri === "string" && typeof mention.content === "string";
 	}
 	if (record.Image !== void 0) return isSessionMessageImage(record.Image);
+	if (record.Audio !== void 0) return isSessionMessageAudio(record.Audio);
 	return false;
 }
 function isToolUse(raw) {
-	const record = asRecord$3(raw);
-	return !!record && typeof record.id === "string" && typeof record.name === "string" && typeof record.raw_input === "string" && hasOwn$1(record, "input") && typeof record.is_input_complete === "boolean" && (record.thought_signature === void 0 || record.thought_signature === null || typeof record.thought_signature === "string");
+	const record = asRecord$4(raw);
+	return !!record && hasStringFields(record, [
+		"id",
+		"name",
+		"raw_input"
+	]) && hasOwn$1(record, "input") && typeof record.is_input_complete === "boolean" && isOptionalString(record.thought_signature);
+}
+function hasStringFields(record, keys) {
+	return keys.every((key) => typeof record[key] === "string");
+}
+function isOptionalString(value) {
+	return value === void 0 || value === null || typeof value === "string";
 }
 function isToolResultContent(raw) {
-	const record = asRecord$3(raw);
+	const record = asRecord$4(raw);
 	if (!record) return false;
 	if (typeof record.Text === "string") return true;
 	if (record.Image !== void 0) return isSessionMessageImage(record.Image);
 	return false;
 }
 function isToolResult(raw) {
-	const record = asRecord$3(raw);
+	const record = asRecord$4(raw);
 	return !!record && typeof record.tool_use_id === "string" && typeof record.tool_name === "string" && typeof record.is_error === "boolean" && isToolResultContent(record.content);
 }
 function isAgentContent(raw) {
-	const record = asRecord$3(raw);
+	const record = asRecord$4(raw);
 	if (!record) return false;
 	if (typeof record.Text === "string") return true;
-	if (record.Thinking !== void 0) {
-		const thinking = asRecord$3(record.Thinking);
-		return !!thinking && typeof thinking.text === "string" && (thinking.signature === void 0 || thinking.signature === null || typeof thinking.signature === "string");
-	}
+	if (record.Thinking !== void 0) return isThinkingContent(record.Thinking);
 	if (typeof record.RedactedThinking === "string") return true;
 	if (record.ToolUse !== void 0) return isToolUse(record.ToolUse);
 	return false;
 }
+function isThinkingContent(raw) {
+	const thinking = asRecord$4(raw);
+	return !!thinking && typeof thinking.text === "string" && isOptionalString(thinking.signature);
+}
 function isUserMessage$1(raw) {
-	const record = asRecord$3(raw);
+	const record = asRecord$4(raw);
 	if (!record || record.User === void 0) return false;
-	const user = asRecord$3(record.User);
+	const user = asRecord$4(record.User);
 	return !!user && typeof user.id === "string" && Array.isArray(user.content) && user.content.every((entry) => isUserContent(entry));
 }
 function isAgentMessage$1(raw) {
-	const record = asRecord$3(raw);
+	const record = asRecord$4(raw);
 	if (!record || record.Agent === void 0) return false;
-	const agent = asRecord$3(record.Agent);
+	const agent = asRecord$4(record.Agent);
 	if (!agent || !Array.isArray(agent.content) || !agent.content.every(isAgentContent)) return false;
-	const toolResults = asRecord$3(agent.tool_results);
+	const toolResults = asRecord$4(agent.tool_results);
 	if (!toolResults) return false;
 	return Object.values(toolResults).every(isToolResult);
 }
@@ -462,56 +1186,88 @@ function isConversationMessage(raw) {
 	return raw === "Resume" || isUserMessage$1(raw) || isAgentMessage$1(raw);
 }
 function parseConversationRecord(record) {
-	if (!Array.isArray(record.messages) || !record.messages.every(isConversationMessage) || typeof record.updated_at !== "string") return;
-	if (record.title !== void 0 && record.title !== null && typeof record.title !== "string") return;
+	if (!hasValidConversationCore(record)) return;
+	const title = parseConversationTitle(record.title);
+	if (title === INVALID_VALUE) return;
 	const cumulativeTokenUsage = parseTokenUsage(record.cumulative_token_usage);
 	const requestTokenUsage = parseRequestTokenUsage(record.request_token_usage);
 	if (cumulativeTokenUsage === null || requestTokenUsage === null) return;
 	return {
-		title: record.title === void 0 || record.title === null || typeof record.title === "string" ? record.title : null,
+		title,
 		messages: record.messages,
 		updated_at: record.updated_at,
 		cumulative_token_usage: cumulativeTokenUsage ?? {},
 		request_token_usage: requestTokenUsage ?? {}
 	};
 }
+const INVALID_VALUE = Symbol("invalid");
+function parseConversationTitle(value) {
+	if (value === void 0 || value === null || typeof value === "string") return value;
+	return INVALID_VALUE;
+}
+function hasValidConversationCore(record) {
+	return Array.isArray(record.messages) && record.messages.every(isConversationMessage) && typeof record.updated_at === "string";
+}
 function parseAcpxState(raw) {
-	const record = asRecord$3(raw);
+	const record = asRecord$4(raw);
 	if (!record) return;
 	const state = {};
-	if (record.reset_on_next_ensure === true) state.reset_on_next_ensure = true;
-	if (typeof record.current_mode_id === "string") state.current_mode_id = record.current_mode_id;
-	if (typeof record.desired_mode_id === "string") state.desired_mode_id = record.desired_mode_id;
-	const desiredConfigOptions = asRecord$3(record.desired_config_options);
-	if (desiredConfigOptions) {
-		const parsed = {};
-		for (const [key, value] of Object.entries(desiredConfigOptions)) if (typeof key === "string" && typeof value === "string") parsed[key] = value;
-		if (Object.keys(parsed).length > 0) state.desired_config_options = parsed;
-	}
-	if (typeof record.current_model_id === "string") state.current_model_id = record.current_model_id;
+	assignBooleanTrue(state, "reset_on_next_ensure", record.reset_on_next_ensure);
+	assignStringState(state, "current_mode_id", record.current_mode_id);
+	assignStringState(state, "desired_mode_id", record.desired_mode_id);
+	assignDesiredConfigOptions(state, record.desired_config_options);
+	assignStringState(state, "current_model_id", record.current_model_id);
 	if (isStringArray(record.available_models)) state.available_models = [...record.available_models];
 	if (isStringArray(record.available_commands)) state.available_commands = [...record.available_commands];
 	if (Array.isArray(record.config_options)) state.config_options = record.config_options;
-	const sessionOptions = asRecord$3(record.session_options);
-	if (sessionOptions) {
-		const parsedSessionOptions = {};
-		if (typeof sessionOptions.model === "string") parsedSessionOptions.model = sessionOptions.model;
-		if (isStringArray(sessionOptions.allowed_tools)) parsedSessionOptions.allowed_tools = [...sessionOptions.allowed_tools];
-		if (typeof sessionOptions.max_turns === "number" && Number.isInteger(sessionOptions.max_turns) && sessionOptions.max_turns > 0) parsedSessionOptions.max_turns = sessionOptions.max_turns;
-		const rawSystemPrompt = sessionOptions.system_prompt;
-		if (typeof rawSystemPrompt === "string" && rawSystemPrompt.length > 0) parsedSessionOptions.system_prompt = rawSystemPrompt;
-		else {
-			const appendRecord = asRecord$3(rawSystemPrompt);
-			if (appendRecord && typeof appendRecord.append === "string" && appendRecord.append.length > 0) parsedSessionOptions.system_prompt = { append: appendRecord.append };
-		}
-		if (Object.keys(parsedSessionOptions).length > 0) state.session_options = parsedSessionOptions;
-	}
+	assignParsedSessionOptions(state, record.session_options);
 	return state;
 }
+function assignBooleanTrue(state, key, value) {
+	if (value === true) state[key] = true;
+}
+function assignStringState(state, key, value) {
+	if (typeof value === "string") state[key] = value;
+}
+function assignDesiredConfigOptions(state, raw) {
+	const desiredConfigOptions = asRecord$4(raw);
+	if (!desiredConfigOptions) return;
+	const parsed = Object.fromEntries(Object.entries(desiredConfigOptions).filter((entry) => {
+		const [, value] = entry;
+		return typeof value === "string";
+	}));
+	if (Object.keys(parsed).length > 0) state.desired_config_options = parsed;
+}
+function assignParsedSessionOptions(state, raw) {
+	const sessionOptions = asRecord$4(raw);
+	if (!sessionOptions) return;
+	const parsedSessionOptions = {};
+	assignSessionOptionModel(parsedSessionOptions, sessionOptions.model);
+	assignSessionOptionAllowedTools(parsedSessionOptions, sessionOptions.allowed_tools);
+	assignSessionOptionMaxTurns(parsedSessionOptions, sessionOptions.max_turns);
+	assignSessionOptionSystemPrompt(parsedSessionOptions, sessionOptions.system_prompt);
+	if (Object.keys(parsedSessionOptions).length > 0) state.session_options = parsedSessionOptions;
+}
+function assignSessionOptionModel(options, value) {
+	if (typeof value === "string") options.model = value;
+}
+function assignSessionOptionAllowedTools(options, value) {
+	if (isStringArray(value)) options.allowed_tools = [...value];
+}
+function assignSessionOptionMaxTurns(options, value) {
+	if (typeof value === "number" && Number.isInteger(value) && value > 0) options.max_turns = value;
+}
+function assignSessionOptionSystemPrompt(options, value) {
+	if (typeof value === "string" && value.length > 0) {
+		options.system_prompt = value;
+		return;
+	}
+	const appendRecord = asRecord$4(value);
+	if (appendRecord && typeof appendRecord.append === "string" && appendRecord.append.length > 0) options.system_prompt = { append: appendRecord.append };
+}
 function parseEventLog(raw, sessionId) {
-	const record = asRecord$3(raw);
-	if (!record) return defaultSessionEventLog(sessionId);
-	if (typeof record.active_path !== "string" || typeof record.segment_count !== "number" || !Number.isInteger(record.segment_count) || record.segment_count < 1 || typeof record.max_segment_bytes !== "number" || !Number.isInteger(record.max_segment_bytes) || record.max_segment_bytes < 1 || typeof record.max_segments !== "number" || !Number.isInteger(record.max_segments) || record.max_segments < 1) return defaultSessionEventLog(sessionId);
+	const record = asRecord$4(raw);
+	if (!record || !hasValidEventLogCore(record)) return defaultSessionEventLog(sessionId);
 	return {
 		active_path: record.active_path,
 		segment_count: record.segment_count,
@@ -521,6 +1277,12 @@ function parseEventLog(raw, sessionId) {
 		last_write_error: record.last_write_error == null || typeof record.last_write_error === "string" ? record.last_write_error : null
 	};
 }
+function hasValidEventLogCore(record) {
+	return typeof record.active_path === "string" && isPositiveInteger(record.segment_count) && isPositiveInteger(record.max_segment_bytes) && isPositiveInteger(record.max_segments);
+}
+function isPositiveInteger(value) {
+	return typeof value === "number" && Number.isInteger(value) && value > 0;
+}
 function normalizeOptionalName(value) {
 	if (value == null) return;
 	if (typeof value !== "string") return null;
@@ -553,20 +1315,22 @@ function normalizeOptionalSignal(value) {
 	return Symbol("invalid");
 }
 function parseSessionRecord(raw) {
-	const record = asRecord$3(raw);
+	const record = asRecord$4(raw);
 	if (!record) return null;
 	if (record.schema !== "acpx.session.v1") return null;
-	const name = normalizeOptionalName(record.name);
-	const pid = normalizeOptionalPid(record.pid);
-	const closed = normalizeOptionalBoolean(record.closed, false);
-	const closedAt = normalizeOptionalString(record.closed_at);
-	const agentStartedAt = normalizeOptionalString(record.agent_started_at);
-	const lastPromptAt = normalizeOptionalString(record.last_prompt_at);
-	const lastAgentExitCode = normalizeOptionalExitCode(record.last_agent_exit_code);
-	const lastAgentExitSignal = normalizeOptionalSignal(record.last_agent_exit_signal);
-	const lastAgentExitAt = normalizeOptionalString(record.last_agent_exit_at);
-	const lastAgentDisconnectReason = normalizeOptionalString(record.last_agent_disconnect_reason);
-	if (typeof record.acpx_record_id !== "string" || typeof record.acp_session_id !== "string" || typeof record.agent_command !== "string" || typeof record.cwd !== "string" || typeof record.created_at !== "string" || typeof record.last_used_at !== "string" || typeof record.last_seq !== "number" || !Number.isInteger(record.last_seq) || record.last_seq < 0 || name === null || pid === null || closed === null || closedAt === null || agentStartedAt === null || lastPromptAt === null || typeof lastAgentExitCode === "symbol" || typeof lastAgentExitSignal === "symbol" || lastAgentExitAt === null || lastAgentDisconnectReason === null) return null;
+	const optionals = validSessionOptionals({
+		name: normalizeOptionalName(record.name),
+		pid: normalizeOptionalPid(record.pid),
+		closed: normalizeOptionalBoolean(record.closed, false),
+		closedAt: normalizeOptionalString(record.closed_at),
+		agentStartedAt: normalizeOptionalString(record.agent_started_at),
+		lastPromptAt: normalizeOptionalString(record.last_prompt_at),
+		lastAgentExitCode: normalizeOptionalExitCode(record.last_agent_exit_code),
+		lastAgentExitSignal: normalizeOptionalSignal(record.last_agent_exit_signal),
+		lastAgentExitAt: normalizeOptionalString(record.last_agent_exit_at),
+		lastAgentDisconnectReason: normalizeOptionalString(record.last_agent_disconnect_reason)
+	});
+	if (!hasValidSessionRecordCore(record) || !optionals) return null;
 	const conversation = parseConversationRecord(record);
 	if (!conversation) return null;
 	const eventLog = parseEventLog(record.event_log, record.acpx_record_id);
@@ -579,23 +1343,23 @@ function parseSessionRecord(raw) {
 		agentSessionId: normalizeRuntimeSessionId(record.agent_session_id),
 		agentCommand: record.agent_command,
 		cwd: record.cwd,
-		name,
+		name: optionals.name,
 		createdAt: record.created_at,
 		lastUsedAt: record.last_used_at,
 		lastSeq: record.last_seq,
 		lastRequestId,
 		eventLog,
-		closed,
-		closedAt,
-		pid,
-		agentStartedAt,
-		lastPromptAt,
-		lastAgentExitCode,
-		lastAgentExitSignal,
-		lastAgentExitAt,
-		lastAgentDisconnectReason,
+		closed: optionals.closed,
+		closedAt: optionals.closedAt,
+		pid: optionals.pid,
+		agentStartedAt: optionals.agentStartedAt,
+		lastPromptAt: optionals.lastPromptAt,
+		lastAgentExitCode: optionals.lastAgentExitCode,
+		lastAgentExitSignal: optionals.lastAgentExitSignal,
+		lastAgentExitAt: optionals.lastAgentExitAt,
+		lastAgentDisconnectReason: optionals.lastAgentDisconnectReason,
 		protocolVersion: typeof record.protocol_version === "number" ? record.protocol_version : void 0,
-		agentCapabilities: asRecord$3(record.agent_capabilities),
+		agentCapabilities: asRecord$4(record.agent_capabilities),
 		title: conversation.title,
 		messages: conversation.messages,
 		updated_at: conversation.updated_at,
@@ -604,17 +1368,46 @@ function parseSessionRecord(raw) {
 		acpx: parseAcpxState(record.acpx)
 	};
 }
+function hasValidSessionRecordCore(record) {
+	return hasStringFields(record, [
+		"acpx_record_id",
+		"acp_session_id",
+		"agent_command",
+		"cwd",
+		"created_at",
+		"last_used_at"
+	]) && typeof record.last_seq === "number" && Number.isInteger(record.last_seq) && record.last_seq >= 0;
+}
+function validSessionOptionals(options) {
+	if (hasNullOptionalSessionFields(options) || hasInvalidExitStatus(options)) return null;
+	return options;
+}
+function hasNullOptionalSessionFields(options) {
+	return [
+		options.name,
+		options.pid,
+		options.closed,
+		options.closedAt,
+		options.agentStartedAt,
+		options.lastPromptAt,
+		options.lastAgentExitAt,
+		options.lastAgentDisconnectReason
+	].some((value) => value === null);
+}
+function hasInvalidExitStatus(options) {
+	return typeof options.lastAgentExitCode === "symbol" || typeof options.lastAgentExitSignal === "symbol";
+}
 //#endregion
 //#region src/session/persistence/index.ts
 const SESSION_INDEX_SCHEMA = "acpx.session-index.v1";
-function asRecord$2(value) {
+function asRecord$3(value) {
 	if (!value || typeof value !== "object" || Array.isArray(value)) return;
 	return value;
 }
 function parseIndexEntry(raw) {
-	const record = asRecord$2(raw);
+	const record = asRecord$3(raw);
 	if (!record) return;
-	if (typeof record.file !== "string" || typeof record.acpxRecordId !== "string" || typeof record.acpSessionId !== "string" || typeof record.agentCommand !== "string" || typeof record.cwd !== "string" || typeof record.lastUsedAt !== "string" || typeof record.closed !== "boolean") return;
+	if (!hasRequiredIndexEntryFields(record)) return;
 	if (record.name !== void 0 && typeof record.name !== "string") return;
 	return {
 		file: record.file,
@@ -627,6 +1420,16 @@ function parseIndexEntry(raw) {
 		lastUsedAt: record.lastUsedAt
 	};
 }
+function hasRequiredIndexEntryFields(record) {
+	return [
+		"file",
+		"acpxRecordId",
+		"acpSessionId",
+		"agentCommand",
+		"cwd",
+		"lastUsedAt"
+	].every((key) => typeof record[key] === "string") && typeof record.closed === "boolean";
+}
 function sessionIndexPath(sessionDir) {
 	return path.join(sessionDir, "index.json");
 }
@@ -646,7 +1449,7 @@ async function readSessionIndex(sessionDir) {
 	const filePath = sessionIndexPath(sessionDir);
 	try {
 		const payload = await fs$1.readFile(filePath, "utf8");
-		const record = asRecord$2(JSON.parse(payload));
+		const record = asRecord$3(JSON.parse(payload));
 		if (!record || record.schema !== SESSION_INDEX_SCHEMA || !Array.isArray(record.files)) return;
 		const files = record.files.filter((entry) => typeof entry === "string");
 		if (files.length !== record.files.length || !Array.isArray(record.entries)) return;
@@ -838,13 +1641,17 @@ async function findSessionByDirectoryWalk(options) {
 	for (;;) {
 		const match = sessions.find((session) => matchesSessionEntry(session, current, normalizedName));
 		if (match) return await loadRecordFromIndexEntry(match);
-		if (current === walkBoundary || current === walkRoot) return;
-		const parent = path.dirname(current);
-		if (parent === current) return;
+		const parent = nextWalkParent(current, walkBoundary, walkRoot);
+		if (!parent) return;
 		current = parent;
-		if (!isWithinBoundary(walkBoundary, current)) return;
 	}
 }
+function nextWalkParent(current, walkBoundary, walkRoot) {
+	if (current === walkBoundary || current === walkRoot) return;
+	const parent = path.dirname(current);
+	if (parent === current || !isWithinBoundary(walkBoundary, parent)) return;
+	return parent;
+}
 function closedAtOrLastUsedAt(record) {
 	return record.closedAt ?? record.lastUsedAt;
 }
@@ -853,14 +1660,7 @@ function isSessionStreamFile(fileName, safeId) {
 }
 async function pruneSessions(options = {}) {
 	await ensureSessionDir();
-	let eligible = (await loadSessionIndexEntries()).filter((entry) => entry.closed);
-	if (options.agentCommand) eligible = eligible.filter((entry) => entry.agentCommand === options.agentCommand);
-	const cutoff = options.before ?? (options.olderThanMs != null ? new Date(Date.now() - options.olderThanMs) : void 0);
-	const records = [];
-	for (const entry of eligible) {
-		const record = await loadRecordFromIndexEntry(entry);
-		if (record && (!cutoff || closedAtOrLastUsedAt(record) < cutoff.toISOString())) records.push(record);
-	}
+	const records = await loadPrunableRecords(filterPruneCandidates(await loadSessionIndexEntries(), options.agentCommand), options.before ?? (options.olderThanMs != null ? new Date(Date.now() - options.olderThanMs) : void 0));
 	if (options.dryRun) return {
 		pruned: records,
 		bytesFreed: 0,
@@ -872,24 +1672,7 @@ async function pruneSessions(options = {}) {
 	if (options.includeHistory) try {
 		dirEntries = await fs$1.readdir(sessionDir);
 	} catch {}
-	for (const record of records) {
-		const safeId = encodeURIComponent(record.acpxRecordId);
-		const jsonFile = path.join(sessionDir, `${safeId}.json`);
-		try {
-			const stat = await fs$1.stat(jsonFile);
-			bytesFreed += stat.size;
-		} catch {}
-		await fs$1.unlink(jsonFile).catch(() => void 0);
-		if (options.includeHistory) for (const name of dirEntries) {
-			if (!isSessionStreamFile(name, safeId)) continue;
-			const filePath = path.join(sessionDir, name);
-			try {
-				const stat = await fs$1.stat(filePath);
-				bytesFreed += stat.size;
-			} catch {}
-			await fs$1.unlink(filePath).catch(() => void 0);
-		}
-	}
+	for (const record of records) bytesFreed += await pruneSessionFiles(record, sessionDir, dirEntries, options.includeHistory === true);
 	await rebuildSessionIndex(sessionDir).catch(() => {});
 	return {
 		pruned: records,
@@ -897,6 +1680,35 @@ async function pruneSessions(options = {}) {
 		dryRun: false
 	};
 }
+function filterPruneCandidates(entries, agentCommand) {
+	return entries.filter((entry) => entry.closed && (!agentCommand || entry.agentCommand === agentCommand));
+}
+async function loadPrunableRecords(entries, cutoff) {
+	const records = [];
+	const cutoffIso = cutoff?.toISOString();
+	for (const entry of entries) {
+		const record = await loadRecordFromIndexEntry(entry);
+		if (record && isBeforeCutoff(record, cutoffIso)) records.push(record);
+	}
+	return records;
+}
+function isBeforeCutoff(record, cutoffIso) {
+	return !cutoffIso || closedAtOrLastUsedAt(record) < cutoffIso;
+}
+async function pruneSessionFiles(record, sessionDir, dirEntries, includeHistory) {
+	const safeId = encodeURIComponent(record.acpxRecordId);
+	let bytesFreed = await unlinkCountingBytes(path.join(sessionDir, `${safeId}.json`));
+	if (includeHistory) for (const name of dirEntries.filter((entry) => isSessionStreamFile(entry, safeId))) bytesFreed += await unlinkCountingBytes(path.join(sessionDir, name));
+	return bytesFreed;
+}
+async function unlinkCountingBytes(filePath) {
+	let bytes = 0;
+	try {
+		bytes = (await fs$1.stat(filePath)).size;
+	} catch {}
+	await fs$1.unlink(filePath).catch(() => void 0);
+	return bytes;
+}
 //#endregion
 //#region src/permission-prompt.ts
 async function promptForPermission(options) {
@@ -1076,27 +1888,84 @@ function selected(optionId) {
 function cancelled() {
 	return { outcome: { outcome: "cancelled" } };
 }
+function withEscalationMetadata(response, event) {
+	return {
+		...response,
+		_meta: {
+			...response._meta,
+			acpx: {
+				...response._meta?.acpx && typeof response._meta.acpx === "object" && !Array.isArray(response._meta.acpx) ? response._meta.acpx : {},
+				permissionEscalation: event
+			}
+		}
+	};
+}
 function pickOption(options, kinds) {
 	for (const kind of kinds) {
 		const match = options.find((option) => option.kind === kind);
 		if (match) return match;
 	}
 }
+const TOOL_KIND_TITLE_MATCHERS = [
+	{
+		kind: "read",
+		needles: ["read", "cat"]
+	},
+	{
+		kind: "search",
+		needles: [
+			"search",
+			"find",
+			"grep"
+		]
+	},
+	{
+		kind: "edit",
+		needles: [
+			"write",
+			"edit",
+			"patch"
+		]
+	},
+	{
+		kind: "delete",
+		needles: ["delete", "remove"]
+	},
+	{
+		kind: "move",
+		needles: ["move", "rename"]
+	},
+	{
+		kind: "execute",
+		needles: [
+			"run",
+			"execute",
+			"bash"
+		]
+	},
+	{
+		kind: "fetch",
+		needles: [
+			"fetch",
+			"http",
+			"url"
+		]
+	},
+	{
+		kind: "think",
+		needles: ["think"]
+	}
+];
 function inferToolKind(params) {
 	if (params.toolCall.kind) return params.toolCall.kind;
 	const title = params.toolCall.title?.trim().toLowerCase();
 	if (!title) return;
 	const head = title.split(":", 1)[0]?.trim();
 	if (!head) return;
-	if (head.includes("read") || head.includes("cat")) return "read";
-	if (head.includes("search") || head.includes("find") || head.includes("grep")) return "search";
-	if (head.includes("write") || head.includes("edit") || head.includes("patch")) return "edit";
-	if (head.includes("delete") || head.includes("remove")) return "delete";
-	if (head.includes("move") || head.includes("rename")) return "move";
-	if (head.includes("run") || head.includes("execute") || head.includes("bash")) return "execute";
-	if (head.includes("fetch") || head.includes("http") || head.includes("url")) return "fetch";
-	if (head.includes("think")) return "think";
-	return "other";
+	return titleHeadToolKind(head) ?? "other";
+}
+function titleHeadToolKind(head) {
+	return TOOL_KIND_TITLE_MATCHERS.find(({ needles }) => needles.some((needle) => head.includes(needle)))?.kind;
 }
 function isAutoApprovedReadKind(kind) {
 	return kind === "read" || kind === "search";
@@ -1107,32 +1976,152 @@ async function promptForToolPermission(params) {
 function canPromptForPermission$1() {
 	return process.stdin.isTTY && process.stderr.isTTY;
 }
-function permissionModeSatisfies(actual, required) {
-	return PERMISSION_MODE_RANK[actual] >= PERMISSION_MODE_RANK[required];
+function readStringProperty(value, keys) {
+	if (!value || typeof value !== "object" || Array.isArray(value)) return;
+	const record = value;
+	for (const key of keys) {
+		const entry = record[key];
+		if (typeof entry === "string" && entry.trim().length > 0) return entry.trim();
+	}
 }
-async function resolvePermissionRequest(params, mode, nonInteractivePolicy = "deny") {
-	const options = params.options ?? [];
-	if (options.length === 0) return cancelled();
+function readToolName(params) {
+	const rawInputName = readStringProperty(params.toolCall.rawInput, [
+		"name",
+		"tool",
+		"toolName"
+	]);
+	if (rawInputName) return rawInputName;
+	const head = (params.toolCall.title?.trim())?.split(/[:\s]/, 1)[0]?.trim();
+	return head && head.length > 0 ? head : void 0;
+}
+function normalizeMatcher(value) {
+	return value.trim().toLowerCase();
+}
+function permissionMatchTokens(params) {
+	const tokens = /* @__PURE__ */ new Set();
+	const kind = inferToolKind(params);
+	const rawKind = params.toolCall.kind;
+	const title = params.toolCall.title?.trim();
+	const toolName = readToolName(params);
+	for (const value of [
+		kind,
+		rawKind,
+		title,
+		toolName
+	]) if (typeof value === "string" && value.trim().length > 0) tokens.add(normalizeMatcher(value));
+	if (title) {
+		const head = title.split(/[:\s]/, 1)[0]?.trim();
+		if (head) tokens.add(normalizeMatcher(head));
+	}
+	return [...tokens];
+}
+function findPolicyRule(rules, params) {
+	if (!rules || rules.length === 0) return;
+	const tokens = permissionMatchTokens(params);
+	for (const rule of rules) {
+		const normalized = normalizeMatcher(rule);
+		if (normalized === "*" || tokens.includes(normalized)) return rule;
+	}
+}
+function matchPermissionPolicy(params, policy) {
+	if (!policy) return;
+	const denyRule = findPolicyRule(policy.autoDeny, params);
+	if (denyRule) return {
+		action: "deny",
+		matchedRule: denyRule
+	};
+	const approveRule = findPolicyRule(policy.autoApprove, params);
+	if (approveRule) return {
+		action: "approve",
+		matchedRule: approveRule
+	};
+	const escalateRule = findPolicyRule(policy.escalate, params);
+	if (escalateRule) return {
+		action: "escalate",
+		matchedRule: escalateRule
+	};
+	return policy.defaultAction ? { action: policy.defaultAction } : void 0;
+}
+function buildEscalationEvent(params, matchedRule) {
+	const toolKind = inferToolKind(params);
+	const toolTitle = params.toolCall.title?.trim() || "tool";
+	const toolName = readToolName(params);
+	return {
+		type: "permission_escalation",
+		sessionId: params.sessionId,
+		toolCallId: params.toolCall.toolCallId,
+		...toolName ? { toolName } : {},
+		toolTitle,
+		...params.toolCall.rawInput !== void 0 ? { toolInput: params.toolCall.rawInput } : {},
+		...toolKind ? { toolKind } : {},
+		action: "escalate",
+		...matchedRule ? { matchedRule } : {},
+		message: `Permission escalation required for ${toolTitle}`,
+		timestamp: (/* @__PURE__ */ new Date()).toISOString()
+	};
+}
+function selectedOrFirst(options, allowOption) {
+	return { response: selected((allowOption ?? options[0]).optionId) };
+}
+function selectedOrCancelled(option) {
+	return { response: option ? selected(option.optionId) : cancelled() };
+}
+async function resolveEscalatingPermissionRequest(params, policyMatch, allowOption, rejectOption) {
+	if (canPromptForPermission$1()) return resolveInteractivePromptResult(params, allowOption, rejectOption);
+	const escalation = buildEscalationEvent(params, policyMatch.matchedRule);
+	return {
+		response: withEscalationMetadata(rejectOption ? selected(rejectOption.optionId) : cancelled(), escalation),
+		escalation
+	};
+}
+async function resolveInteractivePromptResult(params, allowOption, rejectOption) {
+	const approved = await promptForToolPermission(params);
+	if (approved && allowOption) return { response: selected(allowOption.optionId) };
+	if (!approved && rejectOption) return { response: selected(rejectOption.optionId) };
+	return { response: cancelled() };
+}
+function resolvePolicyMatch(params, policyMatch, options, allowOption, rejectOption) {
+	if (policyMatch?.action === "approve") return selectedOrFirst(options, allowOption);
+	if (policyMatch?.action === "deny") return selectedOrCancelled(rejectOption);
+	if (policyMatch?.action === "escalate") return resolveEscalatingPermissionRequest(params, policyMatch, allowOption, rejectOption);
+}
+function resolveModeMatch(options, mode, allowOption, rejectOption) {
+	if (mode === "approve-all") return selectedOrFirst(options, allowOption);
+	if (mode === "deny-all") return selectedOrCancelled(rejectOption);
+}
+function resolveNonInteractivePermission(nonInteractivePolicy, rejectOption) {
+	if (nonInteractivePolicy === "fail") throw new PermissionPromptUnavailableError();
+	return selectedOrCancelled(rejectOption);
+}
+async function resolveReadOrPromptPermission(params, nonInteractivePolicy, allowOption, rejectOption) {
+	if (isAutoApprovedReadKind(inferToolKind(params)) && allowOption) return { response: selected(allowOption.optionId) };
+	if (!canPromptForPermission$1()) return resolveNonInteractivePermission(nonInteractivePolicy, rejectOption);
+	return resolveInteractivePromptResult(params, allowOption, rejectOption);
+}
+function permissionModeSatisfies(actual, required) {
+	return PERMISSION_MODE_RANK[actual] >= PERMISSION_MODE_RANK[required];
+}
+async function resolvePermissionRequestWithDetails(params, mode, nonInteractivePolicy = "deny", policy) {
+	const options = params.options ?? [];
+	if (options.length === 0) return { response: cancelled() };
 	const allowOption = pickOption(options, ["allow_once", "allow_always"]);
 	const rejectOption = pickOption(options, ["reject_once", "reject_always"]);
-	if (mode === "approve-all") {
-		if (allowOption) return selected(allowOption.optionId);
-		return selected(options[0].optionId);
-	}
-	if (mode === "deny-all") {
-		if (rejectOption) return selected(rejectOption.optionId);
-		return cancelled();
-	}
-	if (isAutoApprovedReadKind(inferToolKind(params)) && allowOption) return selected(allowOption.optionId);
-	if (!canPromptForPermission$1()) {
-		if (nonInteractivePolicy === "fail") throw new PermissionPromptUnavailableError();
-		if (rejectOption) return selected(rejectOption.optionId);
-		return cancelled();
-	}
-	const approved = await promptForToolPermission(params);
-	if (approved && allowOption) return selected(allowOption.optionId);
-	if (!approved && rejectOption) return selected(rejectOption.optionId);
-	return cancelled();
+	const resolvedByPolicy = await resolvePolicyMatch(params, matchPermissionPolicy(params, policy), options, allowOption, rejectOption);
+	if (resolvedByPolicy) return resolvedByPolicy;
+	const resolvedByMode = resolveModeMatch(options, mode, allowOption, rejectOption);
+	if (resolvedByMode) return resolvedByMode;
+	return resolveReadOrPromptPermission(params, nonInteractivePolicy, allowOption, rejectOption);
+}
+const DECISION_FALLBACK_ORDER = {
+	allow_once: ["allow_once", "allow_always"],
+	allow_always: ["allow_always", "allow_once"],
+	reject_once: ["reject_once", "reject_always"],
+	reject_always: ["reject_always", "reject_once"]
+};
+function decisionToResponse(params, decision) {
+	if (decision.outcome === "cancel") return cancelled();
+	const matched = pickOption(params.options ?? [], DECISION_FALLBACK_ORDER[decision.outcome]);
+	return matched ? selected(matched.optionId) : cancelled();
 }
 function classifyPermissionDecision(params, response) {
 	if (response.outcome.outcome !== "selected") return "cancelled";
@@ -1148,21 +2137,35 @@ function readWindowsEnvValue(env, key) {
 	const matchedKey = Object.keys(env).find((entry) => entry.toUpperCase() === key);
 	return matchedKey ? env[matchedKey] : void 0;
 }
-function resolveWindowsCommand(command, env = process.env) {
-	const extensions = (readWindowsEnvValue(env, "PATHEXT") ?? ".COM;.EXE;.BAT;.CMD").split(";").map((value) => value.trim().toLowerCase()).filter((value) => value.length > 0);
-	const candidates = path.extname(command).length > 0 ? [command] : extensions.map((extension) => `${command}${extension}`);
-	if (command.includes("/") || command.includes("\\") || path.isAbsolute(command)) return candidates.find((candidate) => fs.existsSync(candidate));
+function windowsExecutableExtensions(env) {
+	return (readWindowsEnvValue(env, "PATHEXT") ?? ".COM;.EXE;.BAT;.CMD").split(";").map((value) => value.trim().toLowerCase()).filter((value) => value.length > 0);
+}
+function commandCandidates(command, env) {
+	if (path.extname(command).length > 0) return [command];
+	return windowsExecutableExtensions(env).map((extension) => `${command}${extension}`);
+}
+function commandHasPath(command) {
+	return command.includes("/") || command.includes("\\") || path.isAbsolute(command);
+}
+function resolveWindowsPathCommand(command, env) {
+	const candidates = commandCandidates(command, env);
 	const pathValue = readWindowsEnvValue(env, "PATH");
 	if (!pathValue) return;
 	for (const directory of pathValue.split(";")) {
-		const trimmedDirectory = directory.trim();
-		if (trimmedDirectory.length === 0) continue;
-		for (const candidate of candidates) {
-			const resolved = path.join(trimmedDirectory, candidate);
-			if (fs.existsSync(resolved)) return resolved;
-		}
+		const resolved = findExistingCommandInDirectory(directory, candidates);
+		if (resolved) return resolved;
 	}
 }
+function findExistingCommandInDirectory(directory, candidates) {
+	const trimmedDirectory = directory.trim();
+	if (trimmedDirectory.length === 0) return;
+	return candidates.map((candidate) => path.join(trimmedDirectory, candidate)).find((resolved) => fs.existsSync(resolved));
+}
+function resolveWindowsCommand(command, env = process.env) {
+	const candidates = commandCandidates(command, env);
+	if (commandHasPath(command)) return candidates.find((candidate) => fs.existsSync(candidate));
+	return resolveWindowsPathCommand(command, env);
+}
 function shouldUseWindowsBatchShell(command, platform = process.platform, env = process.env) {
 	if (platform !== "win32") return false;
 	const resolvedCommand = resolveWindowsCommand(command, env) ?? command;
@@ -1176,6 +2179,30 @@ function buildSpawnCommandOptions(command, options, platform = process.platform,
 		shell: true
 	};
 }
+function buildTerminalSpawnCommand(command, args) {
+	return {
+		command,
+		args: args ?? [],
+		killProcessGroup: false
+	};
+}
+function buildTerminalShellSpawnCommand(command, platform = process.platform) {
+	if (platform === "win32") return {
+		command: "cmd.exe",
+		args: [
+			"/d",
+			"/s",
+			"/c",
+			command
+		],
+		killProcessGroup: true
+	};
+	return {
+		command: "/bin/sh",
+		args: ["-c", command],
+		killProcessGroup: true
+	};
+}
 //#endregion
 //#region src/acp/client-process.ts
 const execFileAsync = promisify(execFile);
@@ -1231,32 +2258,16 @@ function splitCommandLine(value) {
 	let quote = null;
 	let escaping = false;
 	for (const ch of value) {
-		if (escaping) {
-			current += ch;
-			escaping = false;
-			continue;
-		}
-		if (ch === "\\" && quote !== "'") {
-			escaping = true;
-			continue;
-		}
-		if (quote) {
-			if (ch === quote) quote = null;
-			else current += ch;
-			continue;
-		}
-		if (ch === "'" || ch === "\"") {
-			quote = ch;
-			continue;
-		}
-		if (/\s/.test(ch)) {
-			if (current.length > 0) {
-				parts.push(current);
-				current = "";
-			}
-			continue;
-		}
-		current += ch;
+		const next = readCommandLineChar({
+			ch,
+			current,
+			quote,
+			escaping,
+			parts
+		});
+		current = next.current;
+		quote = next.quote;
+		escaping = next.escaping;
 	}
 	if (escaping) current += "\\";
 	if (quote) throw new Error("Invalid --agent command: unterminated quote");
@@ -1267,6 +2278,59 @@ function splitCommandLine(value) {
 		args: parts.slice(1)
 	};
 }
+function readCommandLineChar(state) {
+	if (state.escaping) return {
+		current: state.current + state.ch,
+		quote: state.quote,
+		escaping: false
+	};
+	if (state.ch === "\\" && state.quote !== "'") return {
+		current: state.current,
+		quote: state.quote,
+		escaping: true
+	};
+	if (state.quote) return readQuotedCommandLineChar({
+		ch: state.ch,
+		current: state.current,
+		quote: state.quote
+	});
+	return readUnquotedCommandLineChar(state);
+}
+function readQuotedCommandLineChar(state) {
+	if (state.ch === state.quote) return {
+		current: state.current,
+		quote: null,
+		escaping: false
+	};
+	return {
+		current: state.current + state.ch,
+		quote: state.quote,
+		escaping: false
+	};
+}
+function readUnquotedCommandLineChar(state) {
+	if (state.ch === "'" || state.ch === "\"") return {
+		current: state.current,
+		quote: state.ch,
+		escaping: false
+	};
+	if (/\s/.test(state.ch)) {
+		flushCommandLinePart(state.parts, state.current);
+		return {
+			current: "",
+			quote: null,
+			escaping: false
+		};
+	}
+	return {
+		current: state.current + state.ch,
+		quote: null,
+		escaping: false
+	};
+}
+function flushCommandLinePart(parts, current) {
+	if (current.length > 0) parts.push(current);
+}
 function asAbsoluteCwd(cwd) {
 	return path.resolve(cwd);
 }
@@ -1480,17 +2544,28 @@ async function ensureCopilotAcpSupport(command) {
 function buildClaudeCodeOptionsMeta(options) {
 	if (!options) return;
 	const claudeCodeOptions = {};
-	if (typeof options.model === "string" && options.model.trim().length > 0) claudeCodeOptions.model = options.model;
-	if (Array.isArray(options.allowedTools)) claudeCodeOptions.allowedTools = [...options.allowedTools];
-	if (typeof options.maxTurns === "number") claudeCodeOptions.maxTurns = options.maxTurns;
+	assignClaudeCodeOptions(claudeCodeOptions, options);
 	const meta = {};
 	if (Object.keys(claudeCodeOptions).length > 0) meta.claudeCode = { options: claudeCodeOptions };
-	const systemPrompt = options.systemPrompt;
-	if (typeof systemPrompt === "string" && systemPrompt.length > 0) meta.systemPrompt = systemPrompt;
-	else if (systemPrompt && typeof systemPrompt === "object" && typeof systemPrompt.append === "string" && systemPrompt.append.length > 0) meta.systemPrompt = { append: systemPrompt.append };
+	assignClaudeCodeSystemPrompt(meta, options.systemPrompt);
 	if (Object.keys(meta).length === 0) return;
 	return meta;
 }
+function assignClaudeCodeOptions(target, options) {
+	if (typeof options.model === "string" && options.model.trim().length > 0) target.model = options.model;
+	if (Array.isArray(options.allowedTools)) target.allowedTools = [...options.allowedTools];
+	if (typeof options.maxTurns === "number") target.maxTurns = options.maxTurns;
+}
+function assignClaudeCodeSystemPrompt(target, systemPrompt) {
+	if (typeof systemPrompt === "string" && systemPrompt.length > 0) {
+		target.systemPrompt = systemPrompt;
+		return;
+	}
+	if (isAppendSystemPrompt(systemPrompt)) target.systemPrompt = { append: systemPrompt.append };
+}
+function isAppendSystemPrompt(value) {
+	return !!value && typeof value === "object" && typeof value.append === "string" && value.append.length > 0;
+}
 function resolveClaudeCodeExecutable(platform = process.platform, env = process.env) {
 	if (platform !== "win32") return;
 	if (readWindowsEnvValue(env, "CLAUDE_CODE_EXECUTABLE")) return;
@@ -1535,18 +2610,21 @@ function buildAgentEnvironment(authCredentials) {
 	const env = { ...process.env };
 	promotePrefixedAuthEnvironment(env);
 	if (!authCredentials) return env;
-	for (const [methodId, credential] of Object.entries(authCredentials)) {
-		if (typeof credential !== "string" || credential.trim().length === 0) continue;
-		if (!methodId.includes("=") && !methodId.includes("\0") && env[methodId] == null) env[methodId] = credential;
-		const normalized = toEnvToken(methodId);
-		if (normalized) {
-			const prefixed = `${AUTH_ENV_PREFIX}${normalized}`;
-			if (env[prefixed] == null) env[prefixed] = credential;
-			if (env[normalized] == null) env[normalized] = credential;
-		}
-	}
+	for (const [methodId, credential] of Object.entries(authCredentials)) assignAuthCredentialEnv(env, methodId, credential);
 	return env;
 }
+function assignAuthCredentialEnv(env, methodId, credential) {
+	if (typeof credential !== "string" || credential.trim().length === 0) return;
+	if (!methodId.includes("=") && !methodId.includes("\0") && env[methodId] == null) env[methodId] = credential;
+	const normalized = toEnvToken(methodId);
+	if (normalized) {
+		assignIfMissing(env, `${AUTH_ENV_PREFIX}${normalized}`, credential);
+		assignIfMissing(env, normalized, credential);
+	}
+}
+function assignIfMissing(env, key, value) {
+	if (env[key] == null) env[key] = value;
+}
 function resolveConfiguredAuthCredential(methodId, authCredentials) {
 	const configCredentials = authCredentials ?? {};
 	return configCredentials[methodId] ?? configCredentials[toEnvToken(methodId)];
@@ -1564,6 +2642,76 @@ function buildAgentSpawnOptions(cwd, authCredentials) {
 	};
 }
 //#endregion
+//#region src/acp/jsonrpc.ts
+function asRecord$2(value) {
+	if (!value || typeof value !== "object" || Array.isArray(value)) return null;
+	return value;
+}
+function hasValidId(value) {
+	return value === null || typeof value === "string" || typeof value === "number" && Number.isFinite(value);
+}
+function isErrorObject(value) {
+	const record = asRecord$2(value);
+	return !!record && typeof record.code === "number" && Number.isFinite(record.code) && typeof record.message === "string";
+}
+function hasResultOrError(value) {
+	const hasResult = Object.hasOwn(value, "result");
+	const hasError = Object.hasOwn(value, "error");
+	if (hasResult && hasError) return false;
+	if (!hasResult && !hasError) return false;
+	if (hasError && !isErrorObject(value.error)) return false;
+	return true;
+}
+function hasMethod(value) {
+	return typeof value.method === "string" && value.method.length > 0;
+}
+function isJsonRpcRequest(value) {
+	return hasMethod(value) && Object.hasOwn(value, "id") && hasValidId(value.id);
+}
+function isJsonRpcNotificationRecord(value) {
+	return hasMethod(value) && !Object.hasOwn(value, "id");
+}
+function isJsonRpcResponse(value) {
+	if (hasMethod(value) || !Object.hasOwn(value, "id") || !hasValidId(value.id)) return false;
+	return hasResultOrError(value);
+}
+function isAcpJsonRpcMessage(value) {
+	const record = asRecord$2(value);
+	if (!record || record.jsonrpc !== "2.0") return false;
+	return isJsonRpcNotificationRecord(record) || isJsonRpcRequest(record) || isJsonRpcResponse(record);
+}
+function isJsonRpcNotification(message) {
+	return Object.hasOwn(message, "method") && typeof message.method === "string" && !Object.hasOwn(message, "id");
+}
+function isSessionUpdateNotification(message) {
+	return isJsonRpcNotification(message) && message.method === "session/update";
+}
+function extractSessionUpdateNotification(message) {
+	if (!isSessionUpdateNotification(message)) return;
+	const params = asRecord$2(message.params);
+	if (!params) return;
+	const sessionId = typeof params.sessionId === "string" ? params.sessionId : null;
+	if (!sessionId) return;
+	const update = asRecord$2(params.update);
+	if (!update || typeof update.sessionUpdate !== "string") return;
+	return {
+		sessionId,
+		update
+	};
+}
+function parsePromptStopReason(message) {
+	if (!Object.hasOwn(message, "id") || !Object.hasOwn(message, "result")) return;
+	const record = asRecord$2(message.result);
+	if (!record) return;
+	return typeof record.stopReason === "string" ? record.stopReason : void 0;
+}
+function parseJsonRpcErrorMessage(message) {
+	if (!Object.hasOwn(message, "error")) return;
+	const errorRecord = asRecord$2(message.error);
+	if (!errorRecord || typeof errorRecord.message !== "string") return;
+	return errorRecord.message;
+}
+//#endregion
 //#region src/acp/session-control-errors.ts
 const SESSION_CONTROL_UNSUPPORTED_ACP_CODES = new Set([-32601, -32602]);
 function asRecord$1(value) {
@@ -1687,14 +2835,15 @@ var TerminalManager = class {
 		try {
 			if (!await this.isExecuteApproved(commandLine)) throw new PermissionDeniedError("Permission denied for terminal/create");
 			const outputByteLimit = Math.max(0, Math.round(params.outputByteLimit ?? DEFAULT_TERMINAL_OUTPUT_LIMIT_BYTES));
-			const proc = spawn(params.command, params.args ?? [], buildTerminalSpawnOptions(params.command, params.cwd ?? this.cwd, params.env));
-			await waitForSpawn(proc);
+			const { proc, spawnCommand } = await spawnTerminalProcess(params, this.cwd);
 			let resolveExit = () => {};
 			const exitPromise = new Promise((resolve) => {
 				resolveExit = resolve;
 			});
 			const terminal = {
 				process: proc,
+				killProcessGroup: spawnCommand.killProcessGroup,
+				descendantPids: /* @__PURE__ */ new Set(),
 				output: Buffer.alloc(0),
 				truncated: false,
 				outputByteLimit,
@@ -1717,10 +2866,14 @@ var TerminalManager = class {
 			proc.once("exit", (exitCode, signal) => {
 				terminal.exitCode = exitCode;
 				terminal.signal = signal;
-				terminal.resolveExit({
-					exitCode: exitCode ?? null,
-					signal: signal ?? null
-				});
+				terminal.processGroupSnapshotPromise = rememberProcessGroupPids(terminal);
+				(async () => {
+					await terminal.processGroupSnapshotPromise;
+					terminal.resolveExit({
+						exitCode: exitCode ?? null,
+						signal: signal ?? null
+					});
+				})();
 			});
 			const terminalId = randomUUID();
 			this.terminals.set(terminalId, terminal);
@@ -1872,21 +3025,301 @@ var TerminalManager = class {
 		return terminal.exitCode === void 0 && terminal.signal === void 0;
 	}
 	async killProcess(terminal) {
-		if (!this.isRunning(terminal)) return;
+		if (!this.isRunning(terminal) && !terminal.killProcessGroup) return;
 		try {
-			terminal.process.kill("SIGTERM");
+			await this.signalProcess(terminal, "SIGTERM");
 		} catch {
 			return;
 		}
-		if (await Promise.race([terminal.exitPromise.then(() => true), waitMs(this.killGraceMs).then(() => false)]) || !this.isRunning(terminal)) return;
+		if (await this.waitForCleanupAfterSignal(terminal) && !terminal.killProcessGroup) return;
 		try {
-			terminal.process.kill("SIGKILL");
+			await this.signalProcess(terminal, "SIGKILL");
 		} catch {
 			return;
 		}
-		await Promise.race([terminal.exitPromise.then(() => void 0), waitMs(this.killGraceMs)]);
+		await this.waitForCleanupAfterSignal(terminal);
+	}
+	async signalProcess(terminal, signal) {
+		const pid = terminal.process.pid;
+		if (terminal.killProcessGroup && pid && process.platform === "win32") {
+			await this.signalWindowsProcessGroup(terminal, pid, signal);
+			return;
+		}
+		if (terminal.killProcessGroup && pid) {
+			await this.signalPosixProcessGroup(terminal, pid, signal);
+			return;
+		}
+		terminal.process.kill(signal);
+	}
+	async signalWindowsProcessGroup(terminal, pid, signal) {
+		await this.captureDescendantPids(terminal, pid);
+		if (this.isRunning(terminal)) {
+			await killWindowsProcessTree(pid, signal);
+			return;
+		}
+		for (const descendantPid of terminal.descendantPids) await killWindowsProcessTree(descendantPid, signal);
+	}
+	async signalPosixProcessGroup(terminal, pid, signal) {
+		await this.captureDescendantPids(terminal, pid);
+		if (hasLiveProcessGroup(pid)) {
+			sendSignal(-pid, signal);
+			return;
+		}
+		for (const descendantPid of terminal.descendantPids) sendSignal(descendantPid, signal);
+	}
+	async captureDescendantPids(terminal, pid) {
+		if (!this.isRunning(terminal)) await terminal.processGroupSnapshotPromise?.catch(() => {});
+		for (const descendantPid of await listDescendantPids(pid)) terminal.descendantPids.add(descendantPid);
+	}
+	async waitForCleanupAfterSignal(terminal) {
+		return await Promise.race([this.waitForTerminalAndTrackedDescendants(terminal).then(() => true), waitMs(this.killGraceMs).then(() => false)]);
+	}
+	async waitForTerminalAndTrackedDescendants(terminal) {
+		await terminal.exitPromise;
+		while (hasLiveTerminalProcessGroup(terminal)) await waitMs(25);
+		while (hasLivePid(terminal.descendantPids)) await waitMs(25);
 	}
 };
+async function spawnTerminalProcess(params, defaultCwd) {
+	const directCommand = buildTerminalSpawnCommand(params.command, params.args);
+	try {
+		return {
+			proc: await spawnAndWait(directCommand, params, defaultCwd),
+			spawnCommand: directCommand
+		};
+	} catch (error) {
+		const fallbackCommand = params.args === void 0 && isNotFoundSpawnError(error) ? buildTerminalFallbackSpawnCommand(params.command, params.cwd ?? defaultCwd) : void 0;
+		if (!fallbackCommand) throw error;
+		return {
+			proc: await spawnAndWait(fallbackCommand, params, defaultCwd),
+			spawnCommand: fallbackCommand
+		};
+	}
+}
+async function spawnAndWait(spawnCommand, params, defaultCwd) {
+	const spawnOptions = buildTerminalSpawnOptions(spawnCommand.command, params.cwd ?? defaultCwd, params.env);
+	if (spawnCommand.killProcessGroup) spawnOptions.detached = true;
+	const proc = spawn(spawnCommand.command, spawnCommand.args, spawnOptions);
+	await waitForSpawn(proc);
+	return proc;
+}
+function isNotFoundSpawnError(error) {
+	return error instanceof Error && error.code === "ENOENT";
+}
+function buildTerminalFallbackSpawnCommand(command, cwd, platform = process.platform) {
+	if (commandPathExists(command, cwd)) return;
+	if (platform === "win32") return hasWindowsShellSyntax(command) || /\s/u.test(command) ? buildTerminalShellSpawnCommand(command, platform) : void 0;
+	if (hasShellSyntax(command) || /\s/u.test(command)) return buildTerminalShellSpawnCommand(command, platform);
+}
+function hasShellSyntax(command) {
+	return /[|&;<>()>$`*?[\]{}'"\\\r\n]/u.test(command);
+}
+function hasWindowsShellSyntax(command) {
+	return /[|&;<>()>$`*?[\]{}'"\r\n]/u.test(command);
+}
+function commandPathExists(command, cwd) {
+	if (!/[\\/]/u.test(command)) return false;
+	const resolvedPath = path.isAbsolute(command) ? command : path.resolve(cwd, command);
+	return fs.existsSync(resolvedPath);
+}
+async function listDescendantPids(rootPid) {
+	let output;
+	try {
+		output = await runProcessListCommand();
+	} catch {
+		return [];
+	}
+	const childrenByParent = /* @__PURE__ */ new Map();
+	for (const line of output.split("\n")) addProcessListLine(childrenByParent, line);
+	const descendants = [];
+	const queue = [...childrenByParent.get(rootPid) ?? []];
+	for (let index = 0; index < queue.length; index += 1) {
+		const pid = queue[index];
+		descendants.push(pid);
+		queue.push(...childrenByParent.get(pid) ?? []);
+	}
+	return descendants;
+}
+function addProcessListLine(childrenByParent, line) {
+	const parsed = parseProcessListLine(line);
+	if (!parsed) return;
+	const children = childrenByParent.get(parsed.parentPid);
+	if (children) children.push(parsed.pid);
+	else childrenByParent.set(parsed.parentPid, [parsed.pid]);
+}
+function parseProcessListLine(line) {
+	const match = line.trim().match(/^(\d+)\s+(\d+)$/);
+	if (!match) return;
+	const pid = Number(match[1]);
+	const parentPid = Number(match[2]);
+	if (!Number.isInteger(pid) || !Number.isInteger(parentPid) || pid <= 0 || parentPid <= 0) return;
+	return {
+		pid,
+		parentPid
+	};
+}
+async function runProcessListCommand() {
+	if (process.platform === "win32") return await runWindowsProcessListCommand();
+	return await new Promise((resolve, reject) => {
+		const child = spawn("ps", ["-eo", "pid=,ppid="], { stdio: [
+			"ignore",
+			"pipe",
+			"pipe"
+		] });
+		let stdout = "";
+		let stderr = "";
+		child.stdout.setEncoding("utf8");
+		child.stderr.setEncoding("utf8");
+		child.stdout.on("data", (chunk) => {
+			stdout += chunk;
+		});
+		child.stderr.on("data", (chunk) => {
+			stderr += chunk;
+		});
+		child.once("error", reject);
+		child.once("close", (code, signal) => {
+			if (code === 0) {
+				resolve(stdout);
+				return;
+			}
+			reject(/* @__PURE__ */ new Error(`ps exited with code ${code ?? "null"} signal ${signal ?? "null"}: ${stderr}`));
+		});
+	});
+}
+async function rememberProcessGroupPids(terminal) {
+	const processGroupId = terminal.process.pid;
+	if (!terminal.killProcessGroup || !processGroupId) return;
+	if (process.platform === "win32") {
+		for (const pid of await listDescendantPids(processGroupId)) terminal.descendantPids.add(pid);
+		return;
+	}
+	for (const pid of await listProcessGroupPids(processGroupId)) if (pid !== processGroupId) terminal.descendantPids.add(pid);
+}
+async function listProcessGroupPids(processGroupId) {
+	let output;
+	try {
+		output = await runProcessGroupListCommand();
+	} catch {
+		return [];
+	}
+	const pids = [];
+	for (const line of output.split("\n")) {
+		const match = line.trim().match(/^(\d+)\s+(\d+)$/);
+		if (!match) continue;
+		const pid = Number(match[1]);
+		const pgid = Number(match[2]);
+		if (Number.isInteger(pid) && Number.isInteger(pgid) && pid > 0 && pgid === processGroupId) pids.push(pid);
+	}
+	return pids;
+}
+async function runProcessGroupListCommand() {
+	return await new Promise((resolve, reject) => {
+		const child = spawn("ps", ["-eo", "pid=,pgid="], { stdio: [
+			"ignore",
+			"pipe",
+			"pipe"
+		] });
+		let stdout = "";
+		let stderr = "";
+		child.stdout.setEncoding("utf8");
+		child.stderr.setEncoding("utf8");
+		child.stdout.on("data", (chunk) => {
+			stdout += chunk;
+		});
+		child.stderr.on("data", (chunk) => {
+			stderr += chunk;
+		});
+		child.once("error", reject);
+		child.once("close", (code, signal) => {
+			if (code === 0) {
+				resolve(stdout);
+				return;
+			}
+			reject(/* @__PURE__ */ new Error(`ps exited with code ${code ?? "null"} signal ${signal ?? "null"}: ${stderr}`));
+		});
+	});
+}
+async function runWindowsProcessListCommand() {
+	return await new Promise((resolve, reject) => {
+		const child = spawn("powershell.exe", [
+			"-NoProfile",
+			"-NonInteractive",
+			"-Command",
+			["Get-CimInstance Win32_Process |", "ForEach-Object { \"$($_.ProcessId) $($_.ParentProcessId)\" }"].join(" ")
+		], {
+			stdio: [
+				"ignore",
+				"pipe",
+				"pipe"
+			],
+			windowsHide: true
+		});
+		let stdout = "";
+		let stderr = "";
+		child.stdout.setEncoding("utf8");
+		child.stderr.setEncoding("utf8");
+		child.stdout.on("data", (chunk) => {
+			stdout += chunk;
+		});
+		child.stderr.on("data", (chunk) => {
+			stderr += chunk;
+		});
+		child.once("error", reject);
+		child.once("close", (code, signal) => {
+			if (code === 0) {
+				resolve(stdout);
+				return;
+			}
+			reject(/* @__PURE__ */ new Error(`powershell process list exited with code ${code ?? "null"} signal ${signal ?? "null"}: ${stderr}`));
+		});
+	});
+}
+async function killWindowsProcessTree(pid, signal) {
+	const args = [
+		"/pid",
+		String(pid),
+		"/t"
+	];
+	if (signal === "SIGKILL") args.push("/f");
+	await new Promise((resolve) => {
+		const child = spawn("taskkill", args, {
+			stdio: [
+				"ignore",
+				"ignore",
+				"ignore"
+			],
+			windowsHide: true
+		});
+		child.once("error", () => resolve());
+		child.once("close", () => resolve());
+	});
+}
+function sendSignal(pid, signal) {
+	try {
+		process.kill(pid, signal);
+	} catch {}
+}
+function hasLiveProcessGroup(processGroupId) {
+	try {
+		process.kill(-processGroupId, 0);
+		return true;
+	} catch {
+		return false;
+	}
+}
+function hasLiveTerminalProcessGroup(terminal) {
+	const pid = terminal.process.pid;
+	return Boolean(terminal.killProcessGroup && pid && process.platform !== "win32" && hasLiveProcessGroup(pid));
+}
+function hasLivePid(pids) {
+	for (const pid of pids) try {
+		process.kill(pid, 0);
+		return true;
+	} catch {
+		pids.delete(pid);
+	}
+	return false;
+}
 //#endregion
 //#region src/acp/client.ts
 const REPLAY_IDLE_MS = 80;
@@ -1895,6 +3328,20 @@ const DRAIN_POLL_INTERVAL_MS = 20;
 const AGENT_CLOSE_TERM_GRACE_MS = 1500;
 const AGENT_CLOSE_KILL_GRACE_MS = 1e3;
 const STARTUP_STDERR_MAX_CHARS = 8192;
+function toReconnectedSessionResult(response) {
+	return {
+		agentSessionId: extractRuntimeSessionId(response?._meta),
+		configOptions: response?.configOptions ?? void 0,
+		models: response?.models ?? void 0
+	};
+}
+function childProcessIsRunning(agent) {
+	if (!agent) return false;
+	return agent.exitCode == null && agent.signalCode == null && !agent.killed;
+}
+function cancelledPermissionResponse() {
+	return { outcome: { outcome: "cancelled" } };
+}
 function shouldSuppressSdkConsoleError(args) {
 	if (args.length === 0) return false;
 	return typeof args[0] === "string" && args[0] === "Error handling request";
@@ -1909,6 +3356,19 @@ function installSdkConsoleErrorSuppression() {
 		console.error = originalConsoleError;
 	};
 }
+function enqueueNdJsonLine(agentCommand, line, controller) {
+	const trimmedLine = line.trim();
+	if (!trimmedLine || shouldIgnoreNonJsonAgentOutputLine(agentCommand, trimmedLine)) return;
+	try {
+		const message = JSON.parse(trimmedLine);
+		controller.enqueue(message);
+	} catch (err) {
+		console.error("Failed to parse JSON message:", trimmedLine, err);
+	}
+}
+function enqueueNdJsonLines(agentCommand, lines, controller) {
+	for (const line of lines) enqueueNdJsonLine(agentCommand, line, controller);
+}
 function createNdJsonMessageStream(agentCommand, output, input) {
 	const textEncoder = new TextEncoder();
 	const textDecoder = new TextDecoder();
@@ -1924,16 +3384,7 @@ function createNdJsonMessageStream(agentCommand, output, input) {
 					content += textDecoder.decode(value, { stream: true });
 					const lines = content.split("\n");
 					content = lines.pop() || "";
-					for (const line of lines) {
-						const trimmedLine = line.trim();
-						if (!trimmedLine || shouldIgnoreNonJsonAgentOutputLine(agentCommand, trimmedLine)) continue;
-						try {
-							const message = JSON.parse(trimmedLine);
-							controller.enqueue(message);
-						} catch (err) {
-							console.error("Failed to parse JSON message:", trimmedLine, err);
-						}
-					}
+					enqueueNdJsonLines(agentCommand, lines, controller);
 				}
 			} finally {
 				reader.releaseLock();
@@ -1973,6 +3424,7 @@ var AcpClient = class {
 	suppressReplaySessionUpdateMessages = false;
 	activePrompt;
 	cancellingSessionIds = /* @__PURE__ */ new Set();
+	permissionAbortControllers = /* @__PURE__ */ new Map();
 	closing = false;
 	agentStartedAt;
 	lastAgentExit;
@@ -1989,7 +3441,8 @@ var AcpClient = class {
 			onAcpMessage: this.options.onAcpMessage,
 			onAcpOutputMessage: this.options.onAcpOutputMessage,
 			onSessionUpdate: this.options.onSessionUpdate,
-			onClientOperation: this.options.onClientOperation
+			onClientOperation: this.options.onClientOperation,
+			onPermissionEscalation: this.options.onPermissionEscalation
 		};
 		this.filesystem = new FileSystemHandlers({
 			cwd: this.options.cwd,
@@ -2019,7 +3472,7 @@ var AcpClient = class {
 	}
 	getAgentLifecycleSnapshot() {
 		const pid = this.agent?.pid ?? this.lastKnownPid;
-		const running = Boolean(this.agent) && this.agent?.exitCode == null && this.agent?.signalCode == null && !this.agent?.killed;
+		const running = childProcessIsRunning(this.agent);
 		return {
 			pid,
 			startedAt: this.agentStartedAt,
@@ -2030,9 +3483,15 @@ var AcpClient = class {
 	supportsLoadSession() {
 		return Boolean(this.initResult?.agentCapabilities?.loadSession);
 	}
+	supportsResumeSession() {
+		return Boolean(this.initResult?.agentCapabilities?.sessionCapabilities?.resume);
+	}
 	supportsCloseSession() {
 		return Boolean(this.initResult?.agentCapabilities?.sessionCapabilities?.close);
 	}
+	supportsListSessions() {
+		return Boolean(this.initResult?.agentCapabilities?.sessionCapabilities?.list);
+	}
 	setEventHandlers(handlers) {
 		this.eventHandlers = { ...handlers };
 	}
@@ -2040,16 +3499,20 @@ var AcpClient = class {
 		this.eventHandlers = {};
 	}
 	updateRuntimeOptions(options) {
+		const shouldRefreshPermissionPolicy = options.permissionMode !== void 0 || options.nonInteractivePermissions !== void 0;
 		if (options.permissionMode) this.options.permissionMode = options.permissionMode;
 		if (options.nonInteractivePermissions !== void 0) this.options.nonInteractivePermissions = options.nonInteractivePermissions;
+		if (Object.prototype.hasOwnProperty.call(options, "permissionPolicy")) this.options.permissionPolicy = options.permissionPolicy;
 		if (options.terminal !== void 0) this.options.terminal = options.terminal;
-		if (options.permissionMode || options.nonInteractivePermissions !== void 0) {
-			this.filesystem.updatePermissionPolicy(this.options.permissionMode, this.options.nonInteractivePermissions);
-			this.terminalManager.updatePermissionPolicy(this.options.permissionMode, this.options.nonInteractivePermissions);
-		}
+		this.refreshRuntimePermissionPolicy(shouldRefreshPermissionPolicy);
 		if (options.suppressSdkConsoleErrors !== void 0) this.options.suppressSdkConsoleErrors = options.suppressSdkConsoleErrors;
 		if (options.verbose !== void 0) this.options.verbose = options.verbose;
 	}
+	refreshRuntimePermissionPolicy(enabled) {
+		if (!enabled) return;
+		this.filesystem.updatePermissionPolicy(this.options.permissionMode, this.options.nonInteractivePermissions);
+		this.terminalManager.updatePermissionPolicy(this.options.permissionMode, this.options.nonInteractivePermissions);
+	}
 	hasReusableSession(sessionId) {
 		return this.connection != null && this.agent != null && isChildProcessRunning(this.agent) && this.loadedSessionId === sessionId;
 	}
@@ -2061,32 +3524,10 @@ var AcpClient = class {
 	async start() {
 		if (this.connection && this.agent && isChildProcessRunning(this.agent)) return;
 		if (this.connection || this.agent) await this.close();
-		const configuredCommand = splitCommandLine(this.options.agentCommand);
-		const resolvedBuiltInLaunch = resolveBuiltInAgentLaunch(this.options.agentCommand);
-		const spawnCommand = resolvedBuiltInLaunch?.command ?? configuredCommand.command;
-		let args = resolvedBuiltInLaunch?.args ?? configuredCommand.args;
-		args = await resolveGeminiCommandArgs(spawnCommand, args);
-		if (isQoderAcpCommand(spawnCommand, args)) args = buildQoderAcpCommandArgs(args, this.options);
-		if (resolvedBuiltInLaunch?.source === "installed") this.log(`spawning installed built-in agent ${resolvedBuiltInLaunch.packageName}${resolvedBuiltInLaunch.packageVersion ? `@${resolvedBuiltInLaunch.packageVersion}` : ""} via ${spawnCommand} ${args.join(" ")}`);
-		else if (resolvedBuiltInLaunch?.source === "package-exec") this.log(`spawning built-in agent ${resolvedBuiltInLaunch.packageName}@${resolvedBuiltInLaunch.packageRange} via current Node package exec bridge ${spawnCommand} ${args.join(" ")}`);
-		else this.log(`spawning agent: ${spawnCommand} ${args.join(" ")}`);
-		const geminiAcp = isGeminiAcpCommand(spawnCommand, args);
-		if (isCopilotAcpCommand(spawnCommand, args)) await ensureCopilotAcpSupport(spawnCommand);
-		const agentSpawnOptions = buildAgentSpawnOptions(this.options.cwd, this.options.authCredentials);
-		if (isClaudeAcpCommand(spawnCommand, args)) {
-			const claudeExe = resolveClaudeCodeExecutable(process.platform, agentSpawnOptions.env);
-			if (claudeExe) {
-				agentSpawnOptions.env.CLAUDE_CODE_EXECUTABLE = claudeExe;
-				this.log(`resolved system Claude Code executable: ${claudeExe}`);
-			}
-		}
-		const spawnedChild = spawn(spawnCommand, args, buildSpawnCommandOptions(spawnCommand, agentSpawnOptions));
-		try {
-			await waitForSpawn$1(spawnedChild);
-		} catch (error) {
-			throw new AgentSpawnError(this.options.agentCommand, error);
-		}
-		const child = requireAgentStdio(spawnedChild);
+		const launch = await this.resolveAgentLaunchPlan();
+		this.logAgentLaunch(launch);
+		await this.ensureLaunchSupport(launch);
+		const child = await this.spawnAgentProcess(launch);
 		this.closing = false;
 		this.agentStartedAt = isoNow$1();
 		this.lastAgentExit = void 0;
@@ -2100,22 +3541,84 @@ var AcpClient = class {
 		});
 		const input = Writable.toWeb(child.stdin);
 		const output = Readable.toWeb(child.stdout);
-		const connection = new ClientSideConnection(() => ({
-			sessionUpdate: async (params) => {
-				await this.handleSessionUpdate(params);
-			},
-			requestPermission: async (params) => {
-				return this.handlePermissionRequest(params);
-			},
-			readTextFile: async (params) => {
-				return this.handleReadTextFile(params);
-			},
-			writeTextFile: async (params) => {
-				return this.handleWriteTextFile(params);
-			},
-			createTerminal: async (params) => {
-				return this.handleCreateTerminal(params);
-			},
+		const stream = this.createTappedStream(createNdJsonMessageStream(this.options.agentCommand, input, output));
+		const connection = this.createConnection(stream);
+		connection.signal.addEventListener("abort", () => {
+			this.recordAgentExit("connection_close", child.exitCode ?? null, child.signalCode ?? null);
+		}, { once: true });
+		const startupFailure = this.createStartupFailureWatcher(child, startupStderr);
+		await this.initializeAgentConnection({
+			child,
+			connection,
+			startupFailure,
+			startupStderr,
+			launch
+		});
+	}
+	async resolveAgentLaunchPlan() {
+		const configuredCommand = splitCommandLine(this.options.agentCommand);
+		const resolvedBuiltInLaunch = resolveBuiltInAgentLaunch(this.options.agentCommand);
+		const spawnCommand = resolvedBuiltInLaunch?.command ?? configuredCommand.command;
+		let args = resolvedBuiltInLaunch?.args ?? configuredCommand.args;
+		args = await resolveGeminiCommandArgs(spawnCommand, args);
+		if (isQoderAcpCommand(spawnCommand, args)) args = buildQoderAcpCommandArgs(args, this.options);
+		return {
+			spawnCommand,
+			args,
+			resolvedBuiltInLaunch,
+			geminiAcp: isGeminiAcpCommand(spawnCommand, args),
+			copilotAcp: isCopilotAcpCommand(spawnCommand, args),
+			claudeAcp: isClaudeAcpCommand(spawnCommand, args),
+			spawnOptions: buildAgentSpawnOptions(this.options.cwd, this.options.authCredentials)
+		};
+	}
+	logAgentLaunch(plan) {
+		const launch = plan.resolvedBuiltInLaunch;
+		if (launch?.source === "installed") {
+			this.log(`spawning installed built-in agent ${launch.packageName}${launch.packageVersion ? `@${launch.packageVersion}` : ""} via ${plan.spawnCommand} ${plan.args.join(" ")}`);
+			return;
+		}
+		if (launch?.source === "package-exec") {
+			this.log(`spawning built-in agent ${launch.packageName}@${launch.packageRange} via current Node package exec bridge ${plan.spawnCommand} ${plan.args.join(" ")}`);
+			return;
+		}
+		this.log(`spawning agent: ${plan.spawnCommand} ${plan.args.join(" ")}`);
+	}
+	async ensureLaunchSupport(plan) {
+		if (plan.copilotAcp) await ensureCopilotAcpSupport(plan.spawnCommand);
+		if (!plan.claudeAcp) return;
+		const claudeExe = resolveClaudeCodeExecutable(process.platform, plan.spawnOptions.env);
+		if (claudeExe) {
+			plan.spawnOptions.env.CLAUDE_CODE_EXECUTABLE = claudeExe;
+			this.log(`resolved system Claude Code executable: ${claudeExe}`);
+		}
+	}
+	async spawnAgentProcess(plan) {
+		const spawnedChild = spawn(plan.spawnCommand, plan.args, buildSpawnCommandOptions(plan.spawnCommand, plan.spawnOptions));
+		try {
+			await waitForSpawn$1(spawnedChild);
+		} catch (error) {
+			throw new AgentSpawnError(this.options.agentCommand, error);
+		}
+		return requireAgentStdio(spawnedChild);
+	}
+	createConnection(stream) {
+		return new ClientSideConnection(() => ({
+			sessionUpdate: async (params) => {
+				await this.handleSessionUpdate(params);
+			},
+			requestPermission: async (params) => {
+				return this.handlePermissionRequest(params);
+			},
+			readTextFile: async (params) => {
+				return this.handleReadTextFile(params);
+			},
+			writeTextFile: async (params) => {
+				return this.handleWriteTextFile(params);
+			},
+			createTerminal: async (params) => {
+				return this.handleCreateTerminal(params);
+			},
 			terminalOutput: async (params) => {
 				return this.handleTerminalOutput(params);
 			},
@@ -2128,49 +3631,51 @@ var AcpClient = class {
 			releaseTerminal: async (params) => {
 				return this.handleReleaseTerminal(params);
 			}
-		}), this.createTappedStream(createNdJsonMessageStream(this.options.agentCommand, input, output)));
-		connection.signal.addEventListener("abort", () => {
-			this.recordAgentExit("connection_close", child.exitCode ?? null, child.signalCode ?? null);
-		}, { once: true });
-		const startupFailure = this.createStartupFailureWatcher(child, startupStderr);
+		}), stream);
+	}
+	async initializeAgentConnection(params) {
 		try {
-			const initResult = await Promise.race([(async () => {
-				const initializePromise = connection.initialize({
-					protocolVersion: PROTOCOL_VERSION,
-					clientCapabilities: {
-						fs: {
-							readTextFile: true,
-							writeTextFile: true
-						},
-						terminal: this.options.terminal !== false
-					},
-					clientInfo: {
-						name: "acpx",
-						version: "0.1.0"
-					}
-				});
-				const initialized = geminiAcp ? await withTimeout(initializePromise, resolveGeminiAcpStartupTimeoutMs()) : await initializePromise;
-				await this.authenticateIfRequired(connection, initialized.authMethods ?? []);
-				return initialized;
-			})(), startupFailure.promise]);
-			startupFailure.dispose();
-			this.connection = connection;
-			this.agent = child;
+			const initResult = await Promise.race([this.initializeProtocolConnection(params.connection, params.launch.geminiAcp), params.startupFailure.promise]);
+			params.startupFailure.dispose();
+			this.connection = params.connection;
+			this.agent = params.child;
 			this.initResult = initResult;
 			this.log(`initialized protocol version ${initResult.protocolVersion}`);
 		} catch (error) {
-			startupFailure.dispose();
-			const normalizedError = await this.normalizeInitializeError(error, child, startupStderr);
-			try {
-				child.kill();
-			} catch {}
-			if (geminiAcp && error instanceof TimeoutError) throw new GeminiAcpStartupTimeoutError(await buildGeminiAcpStartupTimeoutMessage(spawnCommand), {
-				cause: error,
-				retryable: true
-			});
-			throw normalizedError;
+			await this.handleInitializeFailure(params, error);
 		}
 	}
+	async initializeProtocolConnection(connection, geminiAcp) {
+		const initializePromise = connection.initialize({
+			protocolVersion: PROTOCOL_VERSION,
+			clientCapabilities: {
+				fs: {
+					readTextFile: true,
+					writeTextFile: true
+				},
+				terminal: this.options.terminal !== false
+			},
+			clientInfo: {
+				name: "acpx",
+				version: "0.1.0"
+			}
+		});
+		const initialized = geminiAcp ? await withTimeout(initializePromise, resolveGeminiAcpStartupTimeoutMs()) : await initializePromise;
+		await this.authenticateIfRequired(connection, initialized.authMethods ?? []);
+		return initialized;
+	}
+	async handleInitializeFailure(params, error) {
+		params.startupFailure.dispose();
+		const normalizedError = await this.normalizeInitializeError(error, params.child, params.startupStderr);
+		try {
+			params.child.kill();
+		} catch {}
+		if (params.launch.geminiAcp && error instanceof TimeoutError) throw new GeminiAcpStartupTimeoutError(await buildGeminiAcpStartupTimeoutMessage(params.launch.spawnCommand), {
+			cause: error,
+			retryable: true
+		});
+		throw normalizedError;
+	}
 	createTappedStream(base) {
 		const onAcpMessage = () => this.eventHandlers.onAcpMessage;
 		const onAcpOutputMessage = () => this.eventHandlers.onAcpOutputMessage;
@@ -2243,10 +3748,7 @@ var AcpClient = class {
 	async loadSessionWithOptions(sessionId, cwd = this.options.cwd, options = {}) {
 		const connection = this.getConnection();
 		const sessionCwd = await resolveAgentSessionCwd(cwd, this.options.agentCommand);
-		const previousSuppression = this.suppressSessionUpdates;
-		const previousReplaySuppression = this.suppressReplaySessionUpdateMessages;
-		this.suppressSessionUpdates = previousSuppression || Boolean(options.suppressReplayUpdates);
-		this.suppressReplaySessionUpdateMessages = previousReplaySuppression || Boolean(options.suppressReplayUpdates);
+		const previousSuppression = this.applySessionUpdateSuppression(Boolean(options.suppressReplayUpdates));
 		let response;
 		try {
 			response = await this.runConnectionRequest(() => connection.loadSession({
@@ -2256,24 +3758,44 @@ var AcpClient = class {
 			}));
 			await this.waitForSessionUpdateDrain(options.replayIdleMs ?? REPLAY_IDLE_MS, options.replayDrainTimeoutMs ?? REPLAY_DRAIN_TIMEOUT_MS);
 		} finally {
-			this.suppressSessionUpdates = previousSuppression;
-			this.suppressReplaySessionUpdateMessages = previousReplaySuppression;
+			this.restoreSessionUpdateSuppression(previousSuppression);
 		}
 		this.loadedSessionId = sessionId;
-		return {
-			agentSessionId: extractRuntimeSessionId(response?._meta),
-			configOptions: response?.configOptions ?? void 0,
-			models: response?.models ?? void 0
+		return toReconnectedSessionResult(response);
+	}
+	async resumeSession(sessionId, cwd = this.options.cwd) {
+		const connection = this.getConnection();
+		const sessionCwd = await resolveAgentSessionCwd(cwd, this.options.agentCommand);
+		const response = await this.runConnectionRequest(() => connection.resumeSession({
+			sessionId,
+			cwd: sessionCwd,
+			mcpServers: this.options.mcpServers ?? []
+		}));
+		this.loadedSessionId = sessionId;
+		return toReconnectedSessionResult(response);
+	}
+	applySessionUpdateSuppression(enabled) {
+		const previous = {
+			suppressSessionUpdates: this.suppressSessionUpdates,
+			suppressReplaySessionUpdateMessages: this.suppressReplaySessionUpdateMessages
 		};
+		this.suppressSessionUpdates = previous.suppressSessionUpdates || enabled;
+		this.suppressReplaySessionUpdateMessages = previous.suppressReplaySessionUpdateMessages || enabled;
+		return previous;
+	}
+	restoreSessionUpdateSuppression(previous) {
+		this.suppressSessionUpdates = previous.suppressSessionUpdates;
+		this.suppressReplaySessionUpdateMessages = previous.suppressReplaySessionUpdateMessages;
 	}
 	async prompt(sessionId, prompt) {
 		const connection = this.getConnection();
+		const normalizedPrompt = this.normalizePromptForAgent(prompt);
 		const restoreConsoleError = this.options.suppressSdkConsoleErrors ? installSdkConsoleErrorSuppression() : void 0;
 		let promptPromise;
 		try {
 			promptPromise = this.runConnectionRequest(() => connection.prompt({
 				sessionId,
-				prompt: typeof prompt === "string" ? textPrompt(prompt) : prompt
+				prompt: normalizedPrompt
 			}));
 		} catch (error) {
 			restoreConsoleError?.();
@@ -2284,21 +3806,32 @@ var AcpClient = class {
 			promise: promptPromise
 		};
 		try {
-			const response = await promptPromise;
-			const permissionFailure = this.consumePromptPermissionFailure(sessionId);
-			if (permissionFailure) throw permissionFailure;
-			return response;
+			return this.returnPromptResponseOrPermissionFailure(sessionId, await promptPromise);
 		} catch (error) {
-			const permissionFailure = this.consumePromptPermissionFailure(sessionId);
-			if (permissionFailure) throw permissionFailure;
+			this.throwPromptPermissionFailureIfPresent(sessionId);
 			throw error;
 		} finally {
 			restoreConsoleError?.();
 			if (this.activePrompt?.promise === promptPromise) this.activePrompt = void 0;
 			this.cancellingSessionIds.delete(sessionId);
+			this.abortAndDropPermissionSignal(sessionId);
 			this.promptPermissionFailures.delete(sessionId);
 		}
 	}
+	normalizePromptForAgent(prompt) {
+		const normalizedPrompt = typeof prompt === "string" ? textPrompt(prompt) : prompt;
+		const unsupportedPromptContent = getUnsupportedPromptContentMessage(normalizedPrompt, this.initResult?.agentCapabilities);
+		if (unsupportedPromptContent) throw new UnsupportedPromptContentError(unsupportedPromptContent);
+		return normalizedPrompt;
+	}
+	returnPromptResponseOrPermissionFailure(sessionId, response) {
+		this.throwPromptPermissionFailureIfPresent(sessionId);
+		return response;
+	}
+	throwPromptPermissionFailureIfPresent(sessionId) {
+		const permissionFailure = this.consumePromptPermissionFailure(sessionId);
+		if (permissionFailure) throw permissionFailure;
+	}
 	async setSessionMode(sessionId, modeId) {
 		const connection = this.getConnection();
 		try {
@@ -2341,6 +3874,7 @@ var AcpClient = class {
 	async cancel(sessionId) {
 		const connection = this.getConnection();
 		this.cancellingSessionIds.add(sessionId);
+		this.abortAndDropPermissionSignal(sessionId);
 		await this.runConnectionRequest(() => connection.cancel({ sessionId }));
 	}
 	async closeSession(sessionId) {
@@ -2348,6 +3882,10 @@ var AcpClient = class {
 		await this.runConnectionRequest(() => connection.closeSession({ sessionId }));
 		if (this.loadedSessionId === sessionId) this.loadedSessionId = void 0;
 	}
+	async listSessions(params = {}) {
+		const connection = this.getConnection();
+		return await this.runConnectionRequest(() => connection.listSessions(params));
+	}
 	async requestCancelActivePrompt() {
 		const active = this.activePrompt;
 		if (!active) return false;
@@ -2387,6 +3925,8 @@ var AcpClient = class {
 		this.suppressReplaySessionUpdateMessages = false;
 		this.activePrompt = void 0;
 		this.cancellingSessionIds.clear();
+		for (const controller of this.permissionAbortControllers.values()) controller.abort();
+		this.permissionAbortControllers.clear();
 		this.promptPermissionFailures.clear();
 		this.loadedSessionId = void 0;
 		this.initResult = void 0;
@@ -2395,25 +3935,28 @@ var AcpClient = class {
 	}
 	async terminateAgentProcess(child) {
 		const stdinCloseGraceMs = resolveAgentCloseAfterStdinEndMs(this.options.agentCommand);
-		if (!child.stdin.destroyed) try {
-			child.stdin.end();
-		} catch {}
+		this.endAgentStdin(child);
 		let exited = await waitForChildExit(child, stdinCloseGraceMs);
-		if (!exited && isChildProcessRunning(child)) {
-			try {
-				child.kill("SIGTERM");
-			} catch {}
-			exited = await waitForChildExit(child, AGENT_CLOSE_TERM_GRACE_MS);
-		}
-		if (!exited && isChildProcessRunning(child)) {
+		exited = await this.killAgentIfRunning(child, exited, "SIGTERM", AGENT_CLOSE_TERM_GRACE_MS);
+		if (!exited) {
 			this.log(`agent did not exit after ${AGENT_CLOSE_TERM_GRACE_MS}ms; forcing SIGKILL`);
-			try {
-				child.kill("SIGKILL");
-			} catch {}
-			exited = await waitForChildExit(child, AGENT_CLOSE_KILL_GRACE_MS);
+			exited = await this.killAgentIfRunning(child, exited, "SIGKILL", AGENT_CLOSE_KILL_GRACE_MS);
 		}
 		this.detachAgentHandles(child, !exited);
 	}
+	endAgentStdin(child) {
+		if (child.stdin.destroyed) return;
+		try {
+			child.stdin.end();
+		} catch {}
+	}
+	async killAgentIfRunning(child, alreadyExited, signal, waitMs) {
+		if (alreadyExited || !isChildProcessRunning(child)) return alreadyExited;
+		try {
+			child.kill(signal);
+		} catch {}
+		return await waitForChildExit(child, waitMs);
+	}
 	detachAgentHandles(agent, unref) {
 		const stdin = agent.stdin;
 		const stdout = agent.stdout;
@@ -2534,22 +4077,71 @@ var AcpClient = class {
 		this.log(`authenticated with method ${selected.methodId} (${selected.source})`);
 	}
 	async handlePermissionRequest(params) {
-		if (this.cancellingSessionIds.has(params.sessionId)) return { outcome: { outcome: "cancelled" } };
-		let response;
+		if (this.cancellingSessionIds.has(params.sessionId)) return cancelledPermissionResponse();
+		const hostResponse = await this.tryHandlePermissionRequestWithHost(params);
+		if (hostResponse) return hostResponse;
+		const { response, recorded } = await this.resolvePermissionRequestFromMode(params);
+		if (!recorded) {
+			const decision = classifyPermissionDecision(params, response);
+			this.recordPermissionDecision(decision);
+		}
+		return response;
+	}
+	async tryHandlePermissionRequestWithHost(params) {
+		if (!this.options.onPermissionRequest) return;
+		const signal = this.cancellationSignalForSession(params.sessionId);
 		try {
-			response = await resolvePermissionRequest(params, this.options.permissionMode, this.options.nonInteractivePermissions ?? "deny");
+			const decision = await this.options.onPermissionRequest({
+				sessionId: params.sessionId,
+				raw: params,
+				inferredKind: inferToolKind(params)
+			}, { signal });
+			return this.hostPermissionDecisionResponse(params, signal, decision);
 		} catch (error) {
-			if (error instanceof PermissionPromptUnavailableError) {
-				this.notePromptPermissionFailure(params.sessionId, error);
-				this.recordPermissionDecision("cancelled");
-				return { outcome: { outcome: "cancelled" } };
-			}
-			throw error;
+			return this.hostPermissionErrorResponse(params, signal, error);
+		}
+	}
+	hostPermissionDecisionResponse(params, signal, decision) {
+		if (signal.aborted || this.cancellingSessionIds.has(params.sessionId)) {
+			this.recordPermissionDecision("cancelled");
+			return cancelledPermissionResponse();
 		}
-		const decision = classifyPermissionDecision(params, response);
-		this.recordPermissionDecision(decision);
+		if (!decision) return;
+		const response = decisionToResponse(params, decision);
+		this.recordPermissionDecision(classifyPermissionDecision(params, response));
 		return response;
 	}
+	hostPermissionErrorResponse(params, signal, error) {
+		if (signal.aborted || this.cancellingSessionIds.has(params.sessionId)) {
+			this.recordPermissionDecision("cancelled");
+			return cancelledPermissionResponse();
+		}
+		this.log(`onPermissionRequest threw, falling through to mode-based resolver: ${error instanceof Error ? error.message : String(error)}`);
+	}
+	async resolvePermissionRequestFromMode(params) {
+		try {
+			const result = await resolvePermissionRequestWithDetails(params, this.options.permissionMode, this.options.nonInteractivePermissions ?? "deny", this.options.permissionPolicy);
+			this.emitPermissionEscalation(result.escalation);
+			return {
+				response: result.response,
+				recorded: false
+			};
+		} catch (error) {
+			return this.handleModePermissionError(params.sessionId, error);
+		}
+	}
+	emitPermissionEscalation(escalation) {
+		if (escalation) this.eventHandlers.onPermissionEscalation?.(escalation);
+	}
+	handleModePermissionError(sessionId, error) {
+		if (!(error instanceof PermissionPromptUnavailableError)) throw error;
+		this.notePromptPermissionFailure(sessionId, error);
+		this.recordPermissionDecision("cancelled");
+		return {
+			response: cancelledPermissionResponse(),
+			recorded: true
+		};
+	}
 	attachAgentLifecycleObservers(child) {
 		child.once("exit", (exitCode, signal) => {
 			this.recordAgentExit("process_exit", exitCode, signal);
@@ -2643,6 +4235,21 @@ var AcpClient = class {
 	async handleReleaseTerminal(params) {
 		return await this.terminalManager.releaseTerminal(params);
 	}
+	cancellationSignalForSession(sessionId) {
+		let controller = this.permissionAbortControllers.get(sessionId);
+		if (!controller) {
+			controller = new AbortController();
+			this.permissionAbortControllers.set(sessionId, controller);
+		}
+		return controller.signal;
+	}
+	abortAndDropPermissionSignal(sessionId) {
+		const controller = this.permissionAbortControllers.get(sessionId);
+		if (controller) {
+			controller.abort();
+			this.permissionAbortControllers.delete(sessionId);
+		}
+	}
 	recordPermissionDecision(decision) {
 		this.permissionStats.requested += 1;
 		if (decision === "approved") {
@@ -2704,6 +4311,111 @@ var AcpClient = class {
 	}
 };
 //#endregion
+//#region src/runtime/engine/lifecycle.ts
+function applyLifecycleSnapshotToRecord(record, snapshot) {
+	if (!snapshot) return;
+	record.pid = snapshot.running ? snapshot.pid : void 0;
+	record.agentStartedAt = snapshot.startedAt;
+	if (snapshot.lastExit) {
+		record.lastAgentExitCode = snapshot.lastExit.exitCode;
+		record.lastAgentExitSignal = snapshot.lastExit.signal;
+		record.lastAgentExitAt = snapshot.lastExit.exitedAt;
+		record.lastAgentDisconnectReason = snapshot.lastExit.reason;
+		return;
+	}
+	record.lastAgentExitCode = void 0;
+	record.lastAgentExitSignal = void 0;
+	record.lastAgentExitAt = void 0;
+	record.lastAgentDisconnectReason = void 0;
+}
+function reconcileAgentSessionId(record, agentSessionId) {
+	const normalized = normalizeRuntimeSessionId(agentSessionId);
+	if (!normalized) return;
+	record.agentSessionId = normalized;
+}
+function sessionHasAgentMessages(recordOrConversation) {
+	return recordOrConversation.messages.some((message) => typeof message === "object" && message !== null && "Agent" in message);
+}
+function applyConversation(record, conversation) {
+	record.title = conversation.title;
+	record.updated_at = conversation.updated_at;
+	record.messages = conversation.messages;
+	record.cumulative_token_usage = conversation.cumulative_token_usage;
+	record.request_token_usage = conversation.request_token_usage;
+}
+//#endregion
+//#region src/runtime/engine/session-options.ts
+function mergeSessionOptions(preferred, fallback) {
+	const merged = { ...fallback };
+	assignDefinedOption(merged, "model", preferred?.model);
+	assignDefinedOption(merged, "allowedTools", preferred?.allowedTools);
+	assignDefinedOption(merged, "maxTurns", preferred?.maxTurns);
+	assignDefinedOption(merged, "systemPrompt", preferred?.systemPrompt);
+	return Object.keys(merged).length > 0 ? merged : void 0;
+}
+function assignDefinedOption(target, key, value) {
+	if (value !== void 0) target[key] = value;
+}
+function persistSessionOptions(record, options) {
+	const next = options === void 0 ? void 0 : persistedSessionOptions(options);
+	if (next !== void 0) {
+		record.acpx = {
+			...record.acpx,
+			session_options: next
+		};
+		return;
+	}
+	if (!record.acpx) return;
+	delete record.acpx.session_options;
+}
+function sessionOptionsFromRecord(record) {
+	const stored = record.acpx?.session_options;
+	if (!stored) return;
+	const sessionOptions = {};
+	assignStoredOption(sessionOptions, "model", nonEmptyString(stored.model));
+	assignStoredOption(sessionOptions, "allowedTools", storedAllowedTools(stored.allowed_tools));
+	assignStoredOption(sessionOptions, "maxTurns", storedMaxTurns(stored.max_turns));
+	assignStoredOption(sessionOptions, "systemPrompt", storedSystemPromptOption(stored.system_prompt));
+	return Object.keys(sessionOptions).length > 0 ? sessionOptions : void 0;
+}
+function persistedSessionOptions(options) {
+	const next = {
+		model: nonEmptyString(options.model),
+		allowed_tools: Array.isArray(options.allowedTools) ? [...options.allowedTools] : void 0,
+		max_turns: typeof options.maxTurns === "number" ? options.maxTurns : void 0,
+		system_prompt: normalizeSystemPromptOption(options.systemPrompt)
+	};
+	return hasPersistedSessionOptions(next) ? next : void 0;
+}
+function hasPersistedSessionOptions(options) {
+	return options.model !== void 0 || options.allowed_tools !== void 0 || options.max_turns !== void 0 || options.system_prompt !== void 0;
+}
+function normalizeSystemPromptOption(value) {
+	const prompt = nonEmptyString(value);
+	if (prompt !== void 0) return prompt;
+	const append = appendedSystemPrompt(value);
+	return append === void 0 ? void 0 : { append };
+}
+function appendedSystemPrompt(value) {
+	if (typeof value !== "object" || value === null || Array.isArray(value)) return;
+	return nonEmptyString(value.append);
+}
+function assignStoredOption(target, key, value) {
+	assignDefinedOption(target, key, value);
+}
+function storedAllowedTools(value) {
+	return Array.isArray(value) && value.every((item) => typeof item === "string") ? [...value] : void 0;
+}
+function storedMaxTurns(value) {
+	return typeof value === "number" ? value : void 0;
+}
+function storedSystemPromptOption(value) {
+	return normalizeSystemPromptOption(value);
+}
+function nonEmptyString(value) {
+	return typeof value === "string" && value.trim().length > 0 ? value : void 0;
+}
+//#endregion
 //#region src/session/conversation-model.ts
 const MAX_RUNTIME_MESSAGES = 200;
 const MAX_RUNTIME_AGENT_TEXT_CHARS = 8e3;
@@ -2729,13 +4441,17 @@ function normalizeAgentName(value) {
 	return trimmed.length > 0 ? trimmed : void 0;
 }
 function extractText(content) {
-	if (content.type === "text") return content.text;
-	if (content.type === "resource_link") return content.title ?? content.name ?? content.uri;
-	if (content.type === "resource") {
-		if ("text" in content.resource && typeof content.resource.text === "string") return content.resource.text;
-		return content.resource.uri;
+	switch (content.type) {
+		case "text": return content.text;
+		case "resource_link": return content.title ?? content.name ?? content.uri;
+		case "resource": return extractResourceText(content);
+		case "audio": return `[audio] ${content.mimeType}`;
+		default: return;
 	}
 }
+function extractResourceText(content) {
+	return "text" in content.resource && typeof content.resource.text === "string" ? content.resource.text : content.resource.uri;
+}
 function contentToUserContent(content) {
 	if (content.type === "text") return { Text: content.text };
 	if (content.type === "resource_link") {
@@ -2745,17 +4461,22 @@ function contentToUserContent(content) {
 			content: value
 		} };
 	}
-	if (content.type === "resource") {
-		if ("text" in content.resource && typeof content.resource.text === "string") return { Text: content.resource.text };
-		return { Mention: {
-			uri: content.resource.uri,
-			content: content.resource.uri
-		} };
-	}
+	if (content.type === "resource") return resourceToUserContent(content);
 	if (content.type === "image") return { Image: {
 		source: content.data,
 		size: null
 	} };
+	if (content.type === "audio") return { Audio: {
+		source: content.data,
+		mime_type: content.mimeType
+	} };
+}
+function resourceToUserContent(content) {
+	if ("text" in content.resource && typeof content.resource.text === "string") return { Text: content.resource.text };
+	return { Mention: {
+		uri: content.resource.uri,
+		content: content.resource.uri
+	} };
 }
 function nextUserMessageId() {
 	return randomUUID();
@@ -2857,38 +4578,67 @@ function ensureToolUseContent(agent, toolCallId) {
 }
 function upsertToolResult(agent, toolCallId, patch) {
 	const existing = agent.tool_results[toolCallId];
+	const fallback = existingToolResultValues(existing);
 	const next = {
 		tool_use_id: toolCallId,
-		tool_name: patch.tool_name ?? existing?.tool_name ?? "tool_call",
-		is_error: patch.is_error ?? existing?.is_error ?? false,
-		content: patch.content ?? existing?.content ?? { Text: "" },
-		output: patch.output ?? existing?.output
+		tool_name: patch.tool_name ?? fallback.tool_name,
+		is_error: patch.is_error ?? fallback.is_error,
+		content: patch.content ?? fallback.content,
+		output: patch.output ?? fallback.output
 	};
 	agent.tool_results[toolCallId] = next;
 }
+function existingToolResultValues(existing) {
+	if (existing) return existing;
+	return {
+		tool_use_id: "",
+		tool_name: "tool_call",
+		is_error: false,
+		content: { Text: "" },
+		output: void 0
+	};
+}
 function applyToolCallUpdate(agent, update) {
 	const tool = ensureToolUseContent(agent, update.toolCallId);
+	applyToolIdentityUpdate(tool, update);
+	applyToolInputUpdate(tool, update);
+	applyToolStatusUpdate(tool, update);
+	applyToolResultUpdate(agent, tool, update);
+}
+function applyToolIdentityUpdate(tool, update) {
 	if (hasOwn(update, "title")) tool.name = normalizeAgentName(update.title) ?? tool.name ?? "tool_call";
 	if (hasOwn(update, "kind")) {
 		const kindName = normalizeAgentName(update.kind);
 		if (!tool.name || tool.name === "tool_call") tool.name = kindName ?? tool.name;
 	}
-	if (hasOwn(update, "rawInput")) {
-		const rawInput = deepClone(update.rawInput);
-		tool.input = rawInput ?? {};
-		tool.raw_input = toRawInput(rawInput);
-	}
+}
+function applyToolInputUpdate(tool, update) {
+	if (!hasOwn(update, "rawInput")) return;
+	const rawInput = deepClone(update.rawInput);
+	tool.input = rawInput ?? {};
+	tool.raw_input = toRawInput(rawInput);
+}
+function applyToolStatusUpdate(tool, update) {
 	if (hasOwn(update, "status")) tool.is_input_complete = statusIndicatesComplete(update.status);
-	if (hasOwn(update, "rawOutput") || hasOwn(update, "status") || hasOwn(update, "title") || hasOwn(update, "kind")) {
-		const status = update.status;
-		const output = hasOwn(update, "rawOutput") ? deepClone(update.rawOutput) : void 0;
-		upsertToolResult(agent, update.toolCallId, {
-			tool_name: tool.name,
-			is_error: statusIndicatesError(status),
-			content: output === void 0 ? void 0 : toToolResultContent(output),
-			output
-		});
-	}
+}
+function applyToolResultUpdate(agent, tool, update) {
+	if (!hasToolResultPatch(update)) return;
+	const status = update.status;
+	const output = hasOwn(update, "rawOutput") ? deepClone(update.rawOutput) : void 0;
+	upsertToolResult(agent, update.toolCallId, {
+		tool_name: tool.name,
+		is_error: statusIndicatesError(status),
+		content: output === void 0 ? void 0 : toToolResultContent(output),
+		output
+	});
+}
+function hasToolResultPatch(update) {
+	return [
+		"rawOutput",
+		"status",
+		"title",
+		"kind"
+	].some((key) => hasOwn(update, key));
 }
 function asRecord(value) {
 	if (!value || typeof value !== "object" || Array.isArray(value)) return;
@@ -2919,9 +4669,12 @@ function usageToTokenUsage(update) {
 			"cachedReadTokens"
 		])
 	};
-	if (normalized.input_tokens === void 0 && normalized.output_tokens === void 0 && normalized.cache_creation_input_tokens === void 0 && normalized.cache_read_input_tokens === void 0) return;
+	if (!hasTokenUsageValue(normalized)) return;
 	return normalized;
 }
+function hasTokenUsageValue(usage) {
+	return Object.values(usage).some((value) => value !== void 0);
+}
 function ensureAcpxState$1(state) {
 	return state ?? {};
 }
@@ -2960,14 +4713,21 @@ function cloneSessionAcpxState(state) {
 		available_models: state.available_models ? [...state.available_models] : void 0,
 		available_commands: state.available_commands ? [...state.available_commands] : void 0,
 		config_options: state.config_options ? deepClone(state.config_options) : void 0,
-		session_options: state.session_options ? {
-			model: state.session_options.model,
-			allowed_tools: state.session_options.allowed_tools ? [...state.session_options.allowed_tools] : void 0,
-			max_turns: state.session_options.max_turns,
-			...state.session_options.system_prompt !== void 0 ? { system_prompt: typeof state.session_options.system_prompt === "string" ? state.session_options.system_prompt : { append: state.session_options.system_prompt.append } } : {}
-		} : void 0
+		session_options: cloneSessionOptions(state.session_options)
+	};
+}
+function cloneSessionOptions(options) {
+	if (!options) return;
+	return {
+		model: options.model,
+		allowed_tools: options.allowed_tools ? [...options.allowed_tools] : void 0,
+		max_turns: options.max_turns,
+		...options.system_prompt !== void 0 ? { system_prompt: cloneSystemPromptOption(options.system_prompt) } : {}
 	};
 }
+function cloneSystemPromptOption(option) {
+	return typeof option === "string" ? option : { append: option.append };
+}
 function recordPromptSubmission(conversation, prompt, timestamp = isoNow()) {
 	const userContent = (typeof prompt === "string" ? textPrompt(prompt) : prompt).map((content) => contentToUserContent(content)).filter((content) => content !== void 0);
 	if (userContent.length === 0) return;
@@ -3000,57 +4760,70 @@ function hasAgentReplyAfterPrompt(conversation, promptMessageId) {
 function recordSessionUpdate(conversation, state, notification, timestamp = isoNow()) {
 	const acpx = ensureAcpxState$1(state);
 	const update = notification.update;
-	switch (update.sessionUpdate) {
-		case "user_message_chunk": {
-			const userContent = contentToUserContent(update.content);
-			if (userContent) conversation.messages.push({ User: {
-				id: nextUserMessageId(),
-				content: [userContent]
-			} });
-			break;
-		}
-		case "agent_message_chunk": {
-			const text = extractText(update.content);
-			if (text) appendAgentText(ensureAgentMessage(conversation), text);
-			break;
-		}
-		case "agent_thought_chunk": {
-			const text = extractText(update.content);
-			if (text) appendAgentThinking(ensureAgentMessage(conversation), text);
-			break;
-		}
-		case "tool_call":
-		case "tool_call_update":
-			applyToolCallUpdate(ensureAgentMessage(conversation), update);
-			break;
-		case "usage_update": {
-			const usage = usageToTokenUsage(update);
-			if (usage) {
-				conversation.cumulative_token_usage = usage;
-				const userId = lastUserMessageId(conversation);
-				if (userId) conversation.request_token_usage[userId] = usage;
-			}
-			break;
-		}
-		case "session_info_update":
-			if (hasOwn(update, "title")) conversation.title = update.title ?? null;
-			if (hasOwn(update, "updatedAt")) conversation.updated_at = update.updatedAt ?? conversation.updated_at;
-			break;
-		case "available_commands_update":
-			acpx.available_commands = update.availableCommands.map((entry) => entry.name).filter((entry) => typeof entry === "string" && entry.trim().length > 0);
-			break;
-		case "current_mode_update":
-			acpx.current_mode_id = update.currentModeId;
-			break;
-		case "config_option_update":
-			acpx.config_options = deepClone(update.configOptions);
-			break;
-		default: break;
-	}
+	applySessionUpdate(conversation, acpx, update);
 	updateConversationTimestamp(conversation, timestamp);
 	trimConversationForRuntime(conversation);
 	return acpx;
 }
+function applySessionUpdate(conversation, acpx, update) {
+	const handler = SESSION_UPDATE_HANDLERS[update.sessionUpdate];
+	handler?.(conversation, acpx, update);
+}
+const SESSION_UPDATE_HANDLERS = {
+	user_message_chunk: (conversation, _acpx, update) => {
+		if (update.sessionUpdate === "user_message_chunk") appendUserMessageChunk(conversation, update.content);
+	},
+	agent_message_chunk: (conversation, _acpx, update) => {
+		if (update.sessionUpdate === "agent_message_chunk") appendAgentMessageChunk(conversation, update.content, appendAgentText);
+	},
+	agent_thought_chunk: (conversation, _acpx, update) => {
+		if (update.sessionUpdate === "agent_thought_chunk") appendAgentMessageChunk(conversation, update.content, appendAgentThinking);
+	},
+	tool_call: (conversation, _acpx, update) => {
+		if (update.sessionUpdate === "tool_call" || update.sessionUpdate === "tool_call_update") applyToolCallUpdate(ensureAgentMessage(conversation), update);
+	},
+	tool_call_update: (conversation, _acpx, update) => {
+		if (update.sessionUpdate === "tool_call" || update.sessionUpdate === "tool_call_update") applyToolCallUpdate(ensureAgentMessage(conversation), update);
+	},
+	usage_update: (conversation, _acpx, update) => {
+		if (update.sessionUpdate === "usage_update") applyUsageUpdate(conversation, update);
+	},
+	session_info_update: (conversation, _acpx, update) => {
+		if (update.sessionUpdate === "session_info_update") applySessionInfoUpdate(conversation, update);
+	},
+	available_commands_update: (_conversation, acpx, update) => {
+		if (update.sessionUpdate === "available_commands_update") acpx.available_commands = update.availableCommands.map((entry) => entry.name).filter((entry) => typeof entry === "string" && entry.trim().length > 0);
+	},
+	current_mode_update: (_conversation, acpx, update) => {
+		if (update.sessionUpdate === "current_mode_update") acpx.current_mode_id = update.currentModeId;
+	},
+	config_option_update: (_conversation, acpx, update) => {
+		if (update.sessionUpdate === "config_option_update") acpx.config_options = deepClone(update.configOptions);
+	}
+};
+function appendUserMessageChunk(conversation, content) {
+	const userContent = contentToUserContent(content);
+	if (!userContent) return;
+	conversation.messages.push({ User: {
+		id: nextUserMessageId(),
+		content: [userContent]
+	} });
+}
+function appendAgentMessageChunk(conversation, content, append) {
+	const text = extractText(content);
+	if (text) append(ensureAgentMessage(conversation), text);
+}
+function applyUsageUpdate(conversation, update) {
+	const usage = usageToTokenUsage(update);
+	if (!usage) return;
+	conversation.cumulative_token_usage = usage;
+	const userId = lastUserMessageId(conversation);
+	if (userId) conversation.request_token_usage[userId] = usage;
+}
+function applySessionInfoUpdate(conversation, update) {
+	if (hasOwn(update, "title")) conversation.title = update.title ?? null;
+	if (hasOwn(update, "updatedAt")) conversation.updated_at = update.updatedAt ?? conversation.updated_at;
+}
 function recordClientOperation(conversation, state, operation, timestamp = isoNow()) {
 	const acpx = ensureAcpxState$1(state);
 	updateConversationTimestamp(conversation, timestamp);
@@ -3059,25 +4832,36 @@ function recordClientOperation(conversation, state, operation, timestamp = isoNo
 }
 function trimConversationForRuntime(conversation) {
 	if (conversation.messages.length > MAX_RUNTIME_MESSAGES) conversation.messages = conversation.messages.slice(-MAX_RUNTIME_MESSAGES);
-	for (const message of conversation.messages) {
-		if (!isAgentMessage(message)) {
-			if (isUserMessage(message)) message.User.content = message.User.content.map((content) => {
-				if ("Text" in content) return { Text: trimRuntimeText(content.Text, MAX_RUNTIME_AGENT_TEXT_CHARS) };
-				return content;
-			});
-			continue;
-		}
-		for (const content of message.Agent.content) if ("Text" in content) content.Text = trimRuntimeText(content.Text, MAX_RUNTIME_AGENT_TEXT_CHARS);
-		else if ("Thinking" in content) content.Thinking.text = trimRuntimeText(content.Thinking.text, MAX_RUNTIME_THINKING_CHARS);
-		else if ("ToolUse" in content) content.ToolUse.raw_input = trimRuntimeText(content.ToolUse.raw_input, MAX_RUNTIME_TOOL_IO_CHARS);
-		for (const result of Object.values(message.Agent.tool_results)) {
-			if ("Text" in result.content) result.content.Text = trimRuntimeText(result.content.Text, MAX_RUNTIME_TOOL_IO_CHARS);
-			if (typeof result.output === "string") result.output = trimRuntimeText(result.output, MAX_RUNTIME_TOOL_IO_CHARS);
-		}
-	}
+	for (const message of conversation.messages) trimRuntimeMessage(message);
 	const requestUsageEntries = Object.entries(conversation.request_token_usage);
 	if (requestUsageEntries.length > MAX_RUNTIME_REQUEST_TOKEN_USAGE) conversation.request_token_usage = Object.fromEntries(requestUsageEntries.slice(-MAX_RUNTIME_REQUEST_TOKEN_USAGE));
 }
+function trimRuntimeMessage(message) {
+	if (isUserMessage(message)) {
+		trimRuntimeUserMessage(message.User);
+		return;
+	}
+	if (isAgentMessage(message)) trimRuntimeAgentMessage(message.Agent);
+}
+function trimRuntimeUserMessage(message) {
+	message.content = message.content.map((content) => {
+		if ("Text" in content) return { Text: trimRuntimeText(content.Text, MAX_RUNTIME_AGENT_TEXT_CHARS) };
+		return content;
+	});
+}
+function trimRuntimeAgentMessage(message) {
+	for (const content of message.content) trimRuntimeAgentContent(content);
+	for (const result of Object.values(message.tool_results)) trimRuntimeToolResult(result);
+}
+function trimRuntimeAgentContent(content) {
+	if ("Text" in content) content.Text = trimRuntimeText(content.Text, MAX_RUNTIME_AGENT_TEXT_CHARS);
+	else if ("Thinking" in content) content.Thinking.text = trimRuntimeText(content.Thinking.text, MAX_RUNTIME_THINKING_CHARS);
+	else if ("ToolUse" in content) content.ToolUse.raw_input = trimRuntimeText(content.ToolUse.raw_input, MAX_RUNTIME_TOOL_IO_CHARS);
+}
+function trimRuntimeToolResult(result) {
+	if ("Text" in result.content) result.content.Text = trimRuntimeText(result.content.Text, MAX_RUNTIME_TOOL_IO_CHARS);
+	if (typeof result.output === "string") result.output = trimRuntimeText(result.output, MAX_RUNTIME_TOOL_IO_CHARS);
+}
 //#endregion
 //#region src/session/config-options.ts
 function applyConfigOptionsToRecord(record, result) {
@@ -3183,37 +4967,20 @@ function assertRequestedModelSupported(params) {
 	if (!new Set(params.models.availableModels.map((model) => model.modelId)).has(params.requestedModel)) throw new RequestedModelUnsupportedError(`Cannot ${params.context === "replay" ? "replay saved model" : "apply --model"} "${params.requestedModel}": the ACP agent did not advertise that model. Available models: ${formatAvailableModelIds(params.models)}.`);
 }
 //#endregion
-//#region src/runtime/engine/lifecycle.ts
-function applyLifecycleSnapshotToRecord(record, snapshot) {
-	if (!snapshot) return;
-	record.pid = snapshot.pid;
-	record.agentStartedAt = snapshot.startedAt;
-	if (snapshot.lastExit) {
-		record.lastAgentExitCode = snapshot.lastExit.exitCode;
-		record.lastAgentExitSignal = snapshot.lastExit.signal;
-		record.lastAgentExitAt = snapshot.lastExit.exitedAt;
-		record.lastAgentDisconnectReason = snapshot.lastExit.reason;
-		return;
-	}
-	record.lastAgentExitCode = void 0;
-	record.lastAgentExitSignal = void 0;
-	record.lastAgentExitAt = void 0;
-	record.lastAgentDisconnectReason = void 0;
-}
-function reconcileAgentSessionId(record, agentSessionId) {
-	const normalized = normalizeRuntimeSessionId(agentSessionId);
-	if (!normalized) return;
-	record.agentSessionId = normalized;
-}
-function sessionHasAgentMessages(recordOrConversation) {
-	return recordOrConversation.messages.some((message) => typeof message === "object" && message !== null && "Agent" in message);
-}
-function applyConversation(record, conversation) {
-	record.title = conversation.title;
-	record.updated_at = conversation.updated_at;
-	record.messages = conversation.messages;
-	record.cumulative_token_usage = conversation.cumulative_token_usage;
-	record.request_token_usage = conversation.request_token_usage;
+//#region src/session/model-application.ts
+async function applyRequestedModelIfAdvertised(params) {
+	const requestedModel = typeof params.requestedModel === "string" ? params.requestedModel.trim() : "";
+	if (!requestedModel) return false;
+	assertRequestedModelSupported({
+		requestedModel,
+		models: params.models,
+		agentCommand: params.agentCommand,
+		context: "apply"
+	});
+	if (!params.models) return false;
+	if (params.models.currentModelId === requestedModel) return true;
+	await withTimeout(params.client.setSessionModel(params.sessionId, requestedModel), params.timeoutMs);
+	return true;
 }
 //#endregion
 //#region src/runtime/engine/reconnect.ts
@@ -3228,15 +4995,19 @@ function isProcessAlive(pid) {
 }
 const SESSION_LOAD_UNSUPPORTED_CODES = new Set([-32601, -32602]);
 function shouldFallbackToNewSession(error, record) {
-	if (error instanceof TimeoutError || error instanceof InterruptedError) return false;
-	if (isAcpResourceNotFoundError(error)) return true;
+	if (isHardReconnectFailure(error)) return false;
 	const acp = extractAcpError(error);
-	if (acp && SESSION_LOAD_UNSUPPORTED_CODES.has(acp.code)) return true;
-	if (!sessionHasAgentMessages(record)) {
-		if (isAcpQueryClosedBeforeResponseError(error)) return true;
-		if (acp?.code === -32603) return true;
-	}
-	return false;
+	if (isAcpResourceNotFoundError(error) || isUnsupportedSessionLoadAcpError(acp)) return true;
+	return !sessionHasAgentMessages(record) && isFallbackSafeEmptySessionError(error, acp);
+}
+function isHardReconnectFailure(error) {
+	return error instanceof TimeoutError || error instanceof InterruptedError;
+}
+function isUnsupportedSessionLoadAcpError(acp) {
+	return !!acp && SESSION_LOAD_UNSUPPORTED_CODES.has(acp.code);
+}
+function isFallbackSafeEmptySessionError(error, acp) {
+	return isAcpQueryClosedBeforeResponseError(error) || acp?.code === -32603;
 }
 function requiresSameSession(resumePolicy) {
 	return resumePolicy === "same-session-only";
@@ -3300,11 +5071,7 @@ async function connectAndLoadSession(options) {
 	const desiredModelId = getDesiredModelId(record.acpx);
 	const desiredConfigOptions = getDesiredConfigOptions(record.acpx);
 	const storedProcessAlive = isProcessAlive(record.pid);
-	const shouldReconnect = Boolean(record.pid) && !storedProcessAlive;
-	if (options.verbose) {
-		if (storedProcessAlive) process.stderr.write(`[acpx] saved session pid ${record.pid} is running; reconnecting with loadSession\n`);
-		else if (shouldReconnect) process.stderr.write(`[acpx] saved session pid ${record.pid} is dead; respawning agent and attempting session/load\n`);
-	}
+	logReconnectAttempt(record, storedProcessAlive, Boolean(record.pid) && !storedProcessAlive, options.verbose);
 	const reusingLoadedSession = client.hasReusableSession(record.acpSessionId);
 	if (reusingLoadedSession) incrementPerfCounter("runtime.connect_and_load.reused_session");
 	else await withTimeout(client.start(), options.timeoutMs);
@@ -3319,82 +5086,35 @@ async function connectAndLoadSession(options) {
 	let createdFreshSession = false;
 	let pendingAgentSessionId = record.agentSessionId;
 	let sessionModels;
-	if (reusingLoadedSession) resumed = true;
-	else if (client.supportsLoadSession()) try {
-		const loadResult = await withTimeout(client.loadSessionWithOptions(record.acpSessionId, record.cwd, { suppressReplayUpdates: true }), options.timeoutMs);
-		reconcileAgentSessionId(record, loadResult.agentSessionId);
-		applyConfigOptionsToRecord(record, loadResult);
-		sessionModels = loadResult.models;
-		resumed = true;
-	} catch (error) {
-		loadError = formatErrorMessage(error);
-		if (sameSessionOnly) throw makeSessionResumeRequiredError({
-			record,
-			reason: loadError,
-			cause: error
-		});
-		if (!shouldFallbackToNewSession(error, record)) throw error;
-		const createdSession = await withTimeout(client.createSession(record.cwd), options.timeoutMs);
-		sessionId = createdSession.sessionId;
-		createdFreshSession = true;
-		pendingAgentSessionId = createdSession.agentSessionId;
-		applyConfigOptionsToRecord(record, createdSession);
-		sessionModels = createdSession.models;
-	}
-	else {
-		if (sameSessionOnly) throw makeSessionResumeRequiredError({
-			record,
-			reason: "agent does not support session/load"
-		});
-		const createdSession = await withTimeout(client.createSession(record.cwd), options.timeoutMs);
-		sessionId = createdSession.sessionId;
-		createdFreshSession = true;
-		pendingAgentSessionId = createdSession.agentSessionId;
-		applyConfigOptionsToRecord(record, createdSession);
-		sessionModels = createdSession.models;
-	}
-	if (createdFreshSession) {
-		try {
-			await replayDesiredMode({
-				client,
-				sessionId,
-				desiredModeId,
-				previousSessionId: originalSessionId,
-				timeoutMs: options.timeoutMs,
-				verbose: options.verbose
-			});
-			await replayDesiredModel({
-				client,
-				sessionId,
-				desiredModelId,
-				previousSessionId: originalSessionId,
-				record,
-				models: sessionModels,
-				timeoutMs: options.timeoutMs,
-				verbose: options.verbose
-			});
-			await replayDesiredConfigOptions({
-				client,
-				sessionId,
-				desiredConfigOptions,
-				previousSessionId: originalSessionId,
-				timeoutMs: options.timeoutMs,
-				verbose: options.verbose
-			});
-		} catch (error) {
-			restoreOriginalSessionState({
-				record,
-				sessionId: originalSessionId,
-				agentSessionId: originalAgentSessionId
-			});
-			if (options.verbose) process.stderr.write(`[acpx] ${formatErrorMessage(error)}\n`);
-			throw error;
-		}
-		record.acpSessionId = sessionId;
-		reconcileAgentSessionId(record, pendingAgentSessionId);
-	}
-	syncAdvertisedModelState(record, sessionModels);
-	if (createdFreshSession && desiredModelId && sessionModels) setCurrentModelId(record, desiredModelId);
+	const loadState = await loadOrCreateRuntimeSession({
+		client,
+		record,
+		reusingLoadedSession,
+		sameSessionOnly,
+		timeoutMs: options.timeoutMs
+	});
+	resumed = loadState.resumed;
+	loadError = loadState.loadError;
+	sessionId = loadState.sessionId;
+	createdFreshSession = loadState.createdFreshSession;
+	pendingAgentSessionId = loadState.pendingAgentSessionId;
+	sessionModels = loadState.sessionModels;
+	await replayFreshSessionPreferences({
+		client,
+		record,
+		createdFreshSession,
+		sessionId,
+		pendingAgentSessionId,
+		originalSessionId,
+		originalAgentSessionId,
+		desiredModeId,
+		desiredModelId,
+		desiredConfigOptions,
+		sessionModels,
+		timeoutMs: options.timeoutMs,
+		verbose: options.verbose
+	});
+	applyReconnectedModelState(record, sessionModels, createdFreshSession, desiredModelId);
 	options.onSessionIdResolved?.(sessionId);
 	return {
 		sessionId,
@@ -3403,27 +5123,130 @@ async function connectAndLoadSession(options) {
 		loadError
 	};
 }
-//#endregion
-//#region src/runtime/engine/session-options.ts
-function mergeSessionOptions(preferred, fallback) {
-	const merged = { ...fallback };
-	if (preferred?.model !== void 0) merged.model = preferred.model;
-	if (preferred?.allowedTools !== void 0) merged.allowedTools = preferred.allowedTools;
-	if (preferred?.maxTurns !== void 0) merged.maxTurns = preferred.maxTurns;
-	if (preferred?.systemPrompt !== void 0) merged.systemPrompt = preferred.systemPrompt;
-	return Object.keys(merged).length > 0 ? merged : void 0;
+function applyReconnectedModelState(record, sessionModels, createdFreshSession, desiredModelId) {
+	syncAdvertisedModelState(record, sessionModels);
+	if (createdFreshSession && desiredModelId && sessionModels) setCurrentModelId(record, desiredModelId);
 }
-function sessionOptionsFromRecord(record) {
-	const stored = record.acpx?.session_options;
-	if (!stored) return;
-	const sessionOptions = {};
-	if (typeof stored.model === "string" && stored.model.trim().length > 0) sessionOptions.model = stored.model;
-	if (Array.isArray(stored.allowed_tools)) sessionOptions.allowedTools = [...stored.allowed_tools];
-	if (typeof stored.max_turns === "number") sessionOptions.maxTurns = stored.max_turns;
-	const storedSystemPrompt = stored.system_prompt;
-	if (typeof storedSystemPrompt === "string" && storedSystemPrompt.length > 0) sessionOptions.systemPrompt = storedSystemPrompt;
-	else if (storedSystemPrompt && typeof storedSystemPrompt === "object" && typeof storedSystemPrompt.append === "string" && storedSystemPrompt.append.length > 0) sessionOptions.systemPrompt = { append: storedSystemPrompt.append };
-	return Object.keys(sessionOptions).length > 0 ? sessionOptions : void 0;
+function logReconnectAttempt(record, storedProcessAlive, shouldReconnect, verbose) {
+	if (!verbose) return;
+	if (storedProcessAlive) {
+		process.stderr.write(`[acpx] saved session pid ${record.pid} is running; reconnecting to saved ACP session\n`);
+		return;
+	}
+	if (shouldReconnect) process.stderr.write(`[acpx] saved session pid ${record.pid} is dead; respawning agent and attempting session reconnect\n`);
+}
+async function replayFreshSessionPreferences(params) {
+	if (!params.createdFreshSession) return;
+	try {
+		await replayDesiredMode({
+			client: params.client,
+			sessionId: params.sessionId,
+			desiredModeId: params.desiredModeId,
+			previousSessionId: params.originalSessionId,
+			timeoutMs: params.timeoutMs,
+			verbose: params.verbose
+		});
+		await replayDesiredModel({
+			client: params.client,
+			sessionId: params.sessionId,
+			desiredModelId: params.desiredModelId,
+			previousSessionId: params.originalSessionId,
+			record: params.record,
+			models: params.sessionModels,
+			timeoutMs: params.timeoutMs,
+			verbose: params.verbose
+		});
+		await replayDesiredConfigOptions({
+			client: params.client,
+			sessionId: params.sessionId,
+			desiredConfigOptions: params.desiredConfigOptions,
+			previousSessionId: params.originalSessionId,
+			timeoutMs: params.timeoutMs,
+			verbose: params.verbose
+		});
+	} catch (error) {
+		restoreOriginalSessionState({
+			record: params.record,
+			sessionId: params.originalSessionId,
+			agentSessionId: params.originalAgentSessionId
+		});
+		if (params.verbose) process.stderr.write(`[acpx] ${formatErrorMessage(error)}\n`);
+		throw error;
+	}
+	params.record.acpSessionId = params.sessionId;
+	reconcileAgentSessionId(params.record, params.pendingAgentSessionId);
+}
+async function loadOrCreateRuntimeSession(params) {
+	if (params.reusingLoadedSession) return {
+		sessionId: params.record.acpSessionId,
+		pendingAgentSessionId: params.record.agentSessionId,
+		sessionModels: void 0,
+		resumed: true,
+		createdFreshSession: false
+	};
+	if (params.client.supportsResumeSession()) return await resumeRuntimeSession(params);
+	if (params.client.supportsLoadSession()) return await loadRuntimeSession(params);
+	if (params.sameSessionOnly) throw makeSessionResumeRequiredError({
+		record: params.record,
+		reason: "agent does not support session/resume or session/load"
+	});
+	return await createFreshRuntimeSession(params.client, params.record, params.timeoutMs);
+}
+async function resumeRuntimeSession(params) {
+	try {
+		const resumeResult = await withTimeout(params.client.resumeSession(params.record.acpSessionId, params.record.cwd), params.timeoutMs);
+		reconcileAgentSessionId(params.record, resumeResult.agentSessionId);
+		applyConfigOptionsToRecord(params.record, resumeResult);
+		return {
+			sessionId: params.record.acpSessionId,
+			pendingAgentSessionId: params.record.agentSessionId,
+			sessionModels: resumeResult.models,
+			resumed: true,
+			createdFreshSession: false
+		};
+	} catch (error) {
+		return await recoverRuntimeSessionLoadFailure(params, error);
+	}
+}
+async function loadRuntimeSession(params) {
+	try {
+		const loadResult = await withTimeout(params.client.loadSessionWithOptions(params.record.acpSessionId, params.record.cwd, { suppressReplayUpdates: true }), params.timeoutMs);
+		reconcileAgentSessionId(params.record, loadResult.agentSessionId);
+		applyConfigOptionsToRecord(params.record, loadResult);
+		return {
+			sessionId: params.record.acpSessionId,
+			pendingAgentSessionId: params.record.agentSessionId,
+			sessionModels: loadResult.models,
+			resumed: true,
+			createdFreshSession: false
+		};
+	} catch (error) {
+		return await recoverRuntimeSessionLoadFailure(params, error);
+	}
+}
+async function recoverRuntimeSessionLoadFailure(params, error) {
+	const loadError = formatErrorMessage(error);
+	if (params.sameSessionOnly) throw makeSessionResumeRequiredError({
+		record: params.record,
+		reason: loadError,
+		cause: error
+	});
+	if (!shouldFallbackToNewSession(error, params.record)) throw error;
+	return {
+		...await createFreshRuntimeSession(params.client, params.record, params.timeoutMs),
+		loadError
+	};
+}
+async function createFreshRuntimeSession(client, record, timeoutMs) {
+	const createdSession = await withTimeout(client.createSession(record.cwd), timeoutMs);
+	applyConfigOptionsToRecord(record, createdSession);
+	return {
+		sessionId: createdSession.sessionId,
+		pendingAgentSessionId: createdSession.agentSessionId,
+		sessionModels: createdSession.models,
+		resumed: false,
+		createdFreshSession: true
+	};
 }
 //#endregion
 //#region src/runtime/engine/connected-session.ts
@@ -3451,6 +5274,7 @@ async function withConnectedSession(options) {
 		mcpServers: options.mcpServers,
 		permissionMode: options.permissionMode ?? "approve-reads",
 		nonInteractivePermissions: options.nonInteractivePermissions,
+		onPermissionRequest: options.onPermissionRequest,
 		authCredentials: options.authCredentials,
 		authPolicy: options.authPolicy,
 		terminal: options.terminal,
@@ -3462,6 +5286,7 @@ async function withConnectedSession(options) {
 		mcpServers: options.mcpServers,
 		permissionMode: options.permissionMode ?? "approve-reads",
 		nonInteractivePermissions: options.nonInteractivePermissions,
+		onPermissionRequest: options.onPermissionRequest,
 		authCredentials: options.authCredentials,
 		authPolicy: options.authPolicy,
 		terminal: options.terminal,
@@ -3562,6 +5387,59 @@ async function runPromptTurn(params) {
 	}
 }
 //#endregion
-export { resolveAgentCommand as $, isoNow$2 as A, sessionBaseDir$1 as B, AcpClient as C, findGitRepositoryRoot as D, absolutePath as E, resolveSessionRecord as F, serializeSessionRecordForDisk as G, sessionEventLockPath as H, writeSessionRecord as I, withInterrupt as J, InterruptedError as K, parseSessionRecord as L, listSessionsForAgent as M, normalizeName as N, findSession as O, pruneSessions as P, normalizeAgentName$1 as Q, DEFAULT_EVENT_SEGMENT_MAX_BYTES as R, trimConversationForRuntime as S, DEFAULT_HISTORY_LIMIT as T, sessionEventSegmentPath as U, sessionEventActivePath as V, assertPersistedKeyPolicy as W, DEFAULT_AGENT_NAME as X, withTimeout as Y, listBuiltInAgents as Z, cloneSessionConversation as _, connectAndLoadSession as a, recordPromptSubmission as b, reconcileAgentSessionId as c, setDesiredConfigOption as d, setDesiredModeId as f, cloneSessionAcpxState as g, applyConfigOptionsToRecord as h, sessionOptionsFromRecord as i, listSessions as j, findSessionByDirectoryWalk as k, assertRequestedModelSupported as l, syncAdvertisedModelState as m, withConnectedSession as n, applyConversation as o, setDesiredModelId as p, TimeoutError as q, mergeSessionOptions as r, applyLifecycleSnapshotToRecord as s, runPromptTurn as t, setCurrentModelId as u, createSessionConversation as v, permissionModeSatisfies as w, recordSessionUpdate as x, recordClientOperation as y, defaultSessionEventLog as z };
+//#region src/session/live-checkpoint.ts
+const DEFAULT_LIVE_CHECKPOINT_INTERVAL_MS = 500;
+var LiveSessionCheckpoint = class {
+	save;
+	intervalMs;
+	onError;
+	dirty = false;
+	flushing;
+	timer;
+	constructor(options) {
+		this.save = options.save;
+		this.intervalMs = options.intervalMs ?? DEFAULT_LIVE_CHECKPOINT_INTERVAL_MS;
+		this.onError = options.onError;
+	}
+	request() {
+		this.dirty = true;
+		if (this.timer) return;
+		this.timer = setTimeout(() => {
+			this.timer = void 0;
+			this.flush().catch((error) => {
+				this.onError?.(error);
+			});
+		}, this.intervalMs);
+		this.timer.unref?.();
+	}
+	async checkpoint() {
+		this.dirty = true;
+		await this.flush();
+	}
+	async flush() {
+		if (this.timer) {
+			clearTimeout(this.timer);
+			this.timer = void 0;
+		}
+		if (this.flushing) {
+			await this.flushing;
+			if (!this.dirty) return;
+		}
+		this.flushing = this.flushDirty();
+		try {
+			await this.flushing;
+		} finally {
+			this.flushing = void 0;
+		}
+	}
+	async flushDirty() {
+		while (this.dirty) {
+			this.dirty = false;
+			await this.save();
+		}
+	}
+};
+//#endregion
+export { getPerfMetricsSnapshot as $, parsePromptStopReason as A, EXIT_CODES as At, normalizeName as B, QueueProtocolError as Bt, applyConversation as C, formatErrorMessage as Ct, extractSessionUpdateNotification as D, isAcpResourceNotFoundError as Dt, AcpClient as E, extractAcpError as Et, findSession as F, PERMISSION_MODES as Ft, DEFAULT_EVENT_SEGMENT_MAX_BYTES as G, resolveSessionRecord as H, findSessionByDirectoryWalk as I, PERMISSION_POLICY_ACTIONS as It, sessionEventActivePath as J, defaultSessionEventLog as K, isoNow$2 as L, SESSION_RECORD_SCHEMA as Lt, DEFAULT_HISTORY_LIMIT as M, OUTPUT_ERROR_CODES as Mt, absolutePath as N, OUTPUT_ERROR_ORIGINS as Nt, isAcpJsonRpcMessage as O, toAcpErrorPayload as Ot, findGitRepositoryRoot as P, OUTPUT_FORMATS as Pt, formatPerfMetric as Q, listSessions as R, AgentSpawnError as Rt, sessionOptionsFromRecord as S, exitCodeForOutputErrorCode as St, reconcileAgentSessionId as T, normalizeOutputError as Tt, writeSessionRecord as U, pruneSessions as V, parseSessionRecord as W, sessionEventSegmentPath as X, sessionEventLockPath as Y, assertPersistedKeyPolicy as Z, recordPromptSubmission as _, withTimeout as _t, applyRequestedModelIfAdvertised as a, startPerfTimer as at, mergeSessionOptions as b, normalizeAgentName$1 as bt, setDesiredConfigOption as c, PromptInputValidationError as ct, syncAdvertisedModelState as d, parsePromptSource as dt, incrementPerfCounter as et, applyConfigOptionsToRecord as f, promptToDisplayText as ft, recordClientOperation as g, withInterrupt as gt, createSessionConversation as h, TimeoutError as ht, connectAndLoadSession as i, setPerfGauge as it, permissionModeSatisfies as j, NON_INTERACTIVE_PERMISSION_POLICIES as jt, parseJsonRpcErrorMessage as k, AUTH_POLICIES as kt, setDesiredModeId as l, isPromptInput as lt, cloneSessionConversation as m, InterruptedError as mt, runPromptTurn as n, recordPerfDuration as nt, assertRequestedModelSupported as o, serializeSessionRecordForDisk as ot, cloneSessionAcpxState as p, textPrompt as pt, sessionBaseDir$1 as q, withConnectedSession as r, resetPerfMetrics as rt, setCurrentModelId as s, normalizeRuntimeSessionId as st, LiveSessionCheckpoint as t, measurePerf as tt, setDesiredModelId as u, mergePromptSourceWithText as ut, recordSessionUpdate as v, DEFAULT_AGENT_NAME as vt, applyLifecycleSnapshotToRecord as w, isRetryablePromptError as wt, persistSessionOptions as x, resolveAgentCommand as xt, trimConversationForRuntime as y, listBuiltInAgents as yt, listSessionsForAgent as z, QueueConnectionError as zt };
 
-//# sourceMappingURL=prompt-turn-CVPMWdj1.js.map
+//# sourceMappingURL=live-checkpoint-D5d-K9s1.js.map