clay-server 2.31.0 → 2.32.0-beta.1

package/lib/sdk-bridge.js

@@ -1,10 +1,7 @@
 const crypto = require("crypto");
 var fs = require("fs");
 var path = require("path");
-var os = require("os");
-var net = require("net");
-var { execSync, spawn } = require("child_process");
-var { resolveOsUserInfo } = require("./os-users");
+var { execSync } = require("child_process");
 var usersModule = require("./users");
 var { splitShellSegments, attachSkillDiscovery } = require("./sdk-skill-discovery");
 var { createMessageQueue } = require("./sdk-message-queue");
@@ -74,17 +71,26 @@ function mergeMcpServers(localServers, getRemoteFn) {
       merged[lk[i]] = localServers[lk[i]];
       hasAny = true;
     }
+    console.log("[mergeMcpServers] local servers:", lk.join(", ") || "(none)");
+  } else {
+    console.log("[mergeMcpServers] local servers: null");
   }
   if (typeof getRemoteFn === "function") {
     var remote = getRemoteFn();
     if (remote) {
       var rk = Object.keys(remote);
+      console.log("[mergeMcpServers] remote servers:", rk.join(", ") || "(none)");
       for (var j = 0; j < rk.length; j++) {
         merged[rk[j]] = remote[rk[j]];
         hasAny = true;
       }
+    } else {
+      console.log("[mergeMcpServers] remote servers: null/empty");
     }
+  } else {
+    console.log("[mergeMcpServers] getRemoteFn not a function");
   }
+  console.log("[mergeMcpServers] merged result:", Object.keys(merged).join(", ") || "(none)");
   return hasAny ? merged : null;
 }
 
@@ -95,12 +101,16 @@ function createSDKBridge(opts) {
   var send = opts.send;           // broadcast to all clients
   var pushModule = opts.pushModule;
   var getNotificationsModule = opts.getNotificationsModule || function () { return null; };
-  var getSDK = opts.getSDK;
+  var adapter = opts.adapter;
+  var adapters = opts.adapters || {};
   var mateDisplayName = opts.mateDisplayName || "";
   var isMate = opts.isMate || (slug.indexOf("mate-") === 0);
   var dangerouslySkipPermissions = opts.dangerouslySkipPermissions || false;
   var mcpServers = opts.mcpServers || null;
   var getRemoteMcpServers = opts.getRemoteMcpServers || null;
+  var clayPort = opts.clayPort || 2633;
+  var clayTls = opts.clayTls || false;
+  var clayAuthToken = opts.clayAuthToken || null;
   var onProcessingChanged = opts.onProcessingChanged || function () {};
   var onTurnDone = opts.onTurnDone || null;
 
@@ -121,11 +131,10 @@ function createSDKBridge(opts) {
     _idleReaperTimer = setInterval(function () {
       var now = Date.now();
       sm.sessions.forEach(function (session) {
-        // Skip sessions that are actively processing, have no query, use workers,
+        // Skip sessions that are actively processing, have no query,
         // or are single-turn (Ralph Loop — managed by onQueryComplete).
         if (session.isProcessing) return;
         if (!session.queryInstance) return;
-        if (session.worker) return;
         if (session.singleTurn) return;
         if (session.destroying) return;
 
@@ -134,9 +143,12 @@ function createSDKBridge(opts) {
           console.log("[sdk-bridge] Reaping idle session " + session.localId +
             " (idle " + Math.round((now - lastActivity) / 60000) + "min)" +
             (session.title ? " title=" + JSON.stringify(session.title) : ""));
-          // End the message queue so the for-await loop in processQueryStream
+          // End the query so the for-await loop in processQueryStream
           // exits naturally, triggering the finally block cleanup.
-          if (session.messageQueue && typeof session.messageQueue.end === "function") {
+          // Works for both in-process (messageQueue.end) and worker (handle.close) paths.
+          if (session.queryInstance && typeof session.queryInstance.close === "function") {
+            try { session.queryInstance.close(); } catch (e) {}
+          } else if (session.messageQueue && typeof session.messageQueue.end === "function") {
             try { session.messageQueue.end(); } catch (e) {}
           }
         }
@@ -167,7 +179,7 @@ function createSDKBridge(opts) {
     mateDisplayName: mateDisplayName,
     pushModule: pushModule,
     getNotificationsModule: getNotificationsModule,
-    getSDK: getSDK,
+    adapter: adapter,
     onProcessingChanged: onProcessingChanged,
     onTurnDone: onTurnDone,
     opts: opts,
@@ -223,817 +235,48 @@ function createSDKBridge(opts) {
     });
   }
 
-  // --- Worker process management (OS-level multi-user) ---
-
-  var WORKER_SCRIPT = path.join(__dirname, "sdk-worker.js");
 
-  // Ensure the package directory tree is world-readable so OS-level users
-  // can access the worker script and its dependencies (the install path
-  // may be under /root/.npm/_npx/ which defaults to 700)
-  (function ensurePackageReadable() {
+  // --- Linux user project directory setup ---
+  // Ensures the linux user's .claude project directory exists and is writable,
+  // then pre-copies CLI session file if needed. Called before starting a query
+  // so the worker can resume from the correct session file.
+  function ensureLinuxUserProjectDir(linuxUser, session) {
     try {
-      // Walk up from __dirname to find the package root (where node_modules lives)
-      var pkgDir = path.join(__dirname, "..");
-      // Open read+execute on each ancestor directory up to and including the
-      // npx cache entry so that non-root users can traverse the path
-      var dir = pkgDir;
-      var dirs = [];
-      while (dir !== path.dirname(dir)) {
-        dirs.push(dir);
-        dir = path.dirname(dir);
-      }
-      // Open o+rx on each ancestor so non-root users can traverse the path
-      // (e.g. /root/.npm/_npx/.../node_modules/clay-server needs /root to be o+x)
-      for (var di = 0; di < dirs.length; di++) {
-        try {
-          var st = fs.statSync(dirs[di]);
-          // Add o+x (traverse) to all ancestors, o+rx to npm cache dirs
-          var isNpmDir = dirs[di].indexOf(".npm") !== -1 || dirs[di].indexOf("node_modules") !== -1;
-          var needed = isNpmDir ? 0o005 : 0o001; // rx for npm dirs, just x for ancestors like /root
-          if ((st.mode & needed) !== needed) {
-            fs.chmodSync(dirs[di], st.mode | needed);
-          }
-        } catch (e) {}
-      }
-      // Recursively make the package AND hoisted dependencies readable.
-      // npm/npx may hoist deps (e.g. @anthropic-ai/claude-agent-sdk) to the
-      // parent node_modules/ instead of inside clay-server/node_modules/.
-      var { execSync: chmodExec } = require("child_process");
-      // Find the top-level node_modules that contains clay-server
-      var topNodeModules = path.join(pkgDir, "..");
-      if (path.basename(topNodeModules) === "node_modules") {
-        chmodExec("chmod -R o+rX " + JSON.stringify(topNodeModules), { stdio: "ignore", timeout: 15000 });
-      } else {
-        chmodExec("chmod -R o+rX " + JSON.stringify(pkgDir), { stdio: "ignore", timeout: 5000 });
-      }
-    } catch (e) {}
-  })();
-
-  // resolveLinuxUser delegates to shared os-users utility
-  function resolveLinuxUser(username) {
-    return resolveOsUserInfo(username);
-  }
-
-  /**
-   * Spawn an SDK worker process running as the given Linux user.
-   * Returns a worker handle with send/kill/event methods.
-   */
-  function spawnWorker(linuxUser) {
-    var userInfo = resolveLinuxUser(linuxUser);
-    var socketId = crypto.randomUUID();
-    var socketPath = path.join(os.tmpdir(), "clay-worker-" + socketId + ".sock");
-
-    var worker = {
-      process: null,
-      connection: null,
-      socketPath: socketPath,
-      server: null,
-      messageHandlers: [],
-      ready: false,
-      readyPromise: null,
-      _readyResolve: null,
-      buffer: "",
-    };
-
-    worker.readyPromise = new Promise(function(resolve) {
-      worker._readyResolve = resolve;
-    });
-
-    // Resolves when the worker process actually exits.
-    // Used to prevent spawning a new worker before the old one finishes
-    // flushing SDK session state to disk (race condition on resume).
-    worker.exitPromise = new Promise(function(resolve) {
-      worker._exitResolve = resolve;
-    });
-
-    // Create Unix socket server
-    var spawnT0 = Date.now();
-    worker.server = net.createServer(function(connection) {
-      console.log("[PERF] spawnWorker: socket connection accepted +" + (Date.now() - spawnT0) + "ms");
-      worker.connection = connection;
-      connection.on("data", function(chunk) {
-        worker.buffer += chunk.toString();
-        var lines = worker.buffer.split("\n");
-        worker.buffer = lines.pop();
-        for (var i = 0; i < lines.length; i++) {
-          if (!lines[i].trim()) continue;
+      var configMod = require("./config");
+      var osUsersMod = require("./os-users");
+      var originalHome = configMod.REAL_HOME || require("os").homedir();
+      var linuxUserHome = osUsersMod.getLinuxUserHome(linuxUser);
+      var uid = osUsersMod.getLinuxUserUid(linuxUser);
+      if (originalHome !== linuxUserHome && uid != null) {
+        var projectSlug = (cwd || "").replace(/\//g, "-");
+        var dstDir = path.join(linuxUserHome, ".claude", "projects", projectSlug);
+        // Create and chown the project directory once
+        if (!fs.existsSync(dstDir)) {
+          fs.mkdirSync(dstDir, { recursive: true });
+          try { require("child_process").execSync("chown -R " + uid + " " + JSON.stringify(path.join(linuxUserHome, ".claude"))); } catch (e2) {}
+        } else {
           try {
-            var msg = JSON.parse(lines[i]);
-            if (msg.type === "ready") {
-              console.log("[PERF] spawnWorker: 'ready' IPC received +" + (Date.now() - spawnT0) + "ms");
-              worker.ready = true;
-              if (worker._readyResolve) {
-                worker._readyResolve();
-                worker._readyResolve = null;
-              }
-            }
-            for (var h = 0; h < worker.messageHandlers.length; h++) {
-              worker.messageHandlers[h](msg);
-            }
-          } catch (e) {
-            console.error("[sdk-bridge] Failed to parse worker message:", e.message);
-          }
-        }
-      });
-      connection.on("error", function(err) {
-        console.error("[sdk-bridge] Worker connection error:", err.message);
-      });
-    });
-
-    worker.server.listen(socketPath, function() {
-      console.log("[PERF] spawnWorker: socket listen ready +" + (Date.now() - spawnT0) + "ms");
-      // Set socket permissions so the target user can connect
-      try { fs.chmodSync(socketPath, 0o777); } catch (e) {}
-
-      // Spawn worker process as the target Linux user.
-      // Build a minimal, isolated env (no daemon env leakage).
-      var workerEnv = require("./build-user-env").buildUserEnv({
-        uid: userInfo.uid,
-        gid: userInfo.gid,
-        home: userInfo.home,
-        user: linuxUser,
-        shell: userInfo.shell || "/bin/bash",
-      });
-
-      console.log("[sdk-bridge] Spawning worker: uid=" + userInfo.uid + " gid=" + userInfo.gid + " cwd=" + cwd + " socket=" + socketPath);
-      console.log("[sdk-bridge] Worker script: " + WORKER_SCRIPT);
-      console.log("[sdk-bridge] Node: " + process.execPath);
-      worker.process = spawn(process.execPath, [WORKER_SCRIPT, socketPath], {
-        uid: userInfo.uid,
-        gid: userInfo.gid,
-        env: workerEnv,
-        cwd: cwd,
-        stdio: ["ignore", "pipe", "pipe"],
-      });
-
-      worker.process.stdout.on("data", function(data) {
-        console.log("[sdk-worker:" + linuxUser + "] " + data.toString().trim());
-      });
-      worker._stderrBuf = "";
-      worker.process.stderr.on("data", function(data) {
-        var text = data.toString().trim();
-        worker._stderrBuf += text + "\n";
-        console.error("[sdk-worker:" + linuxUser + "] " + text);
-      });
-
-      worker.process.on("exit", function(code, signal) {
-        console.log("[sdk-bridge] Worker for " + linuxUser + " exited (code=" + code + ", signal=" + signal + ")" + (worker._stderrBuf ? " stderr: " + worker._stderrBuf.trim() : ""));
-        // Reject readyPromise if worker dies before becoming ready
-        if (!worker.ready && worker._readyResolve) {
-          worker._readyResolve = null;
-          // Let the readyPromise hang; the query_error handler will clean up
-        }
-        // Notify message handlers about unexpected exit so sessions don't hang.
-        // Always dispatch a fallback query_error. The handler is idempotent:
-        // it checks isProcessing before taking action, and cleanupSessionWorker
-        // guards against stale workers. This covers all exit cases including
-        // signal kills (code=null) and normal exits where the IPC query_error
-        // was lost due to connection timing.
-        console.log("[sdk-bridge] Exit handler: pid=" + (worker.process ? worker.process.pid : "?") + " ready=" + worker.ready + " _queryEnded=" + worker._queryEnded + " _abortSent=" + worker._abortSent + " handlers=" + worker.messageHandlers.length);
-        if (code === 0 && !worker.ready) {
-          // Worker exited cleanly before sending "ready"
-          for (var h = 0; h < worker.messageHandlers.length; h++) {
-            worker.messageHandlers[h]({
-              type: "query_error",
-              error: "Worker exited before ready (code=0). stderr: " + (worker._stderrBuf || "(none)"),
-              exitCode: 0,
-              stderr: worker._stderrBuf || null,
-            });
-          }
-        } else if (code !== 0 || code === null || signal) {
-          // Worker crashed, was killed by signal, or exited abnormally
-          var stderrText = worker._stderrBuf || "";
-          var exitReason = signal
-            ? "Worker killed by " + signal
-            : (stderrText || "Worker exited with code " + code);
-          for (var h = 0; h < worker.messageHandlers.length; h++) {
-            worker.messageHandlers[h]({
-              type: "query_error",
-              error: exitReason,
-              exitCode: code,
-              stderr: stderrText || null,
-            });
-          }
-        } else if (worker.messageHandlers.length > 0) {
-          // Normal exit (code=0, ready=true). Dispatch fallback in case the
-          // IPC query_done/query_error was lost (e.g. connection closed early).
-          var fallbackMsg = worker._abortSent
-            ? "Worker aborted"
-            : "Worker exited before query completed";
-          for (var h = 0; h < worker.messageHandlers.length; h++) {
-            worker.messageHandlers[h]({
-              type: "query_error",
-              error: fallbackMsg,
-              exitCode: 0,
-              stderr: worker._stderrBuf || null,
-              _fallback: true,
-            });
-          }
-        }
-        cleanupWorker(worker);
-        if (worker._exitResolve) {
-          worker._exitResolve();
-          worker._exitResolve = null;
-        }
-      });
-    });
-
-    worker.send = function(msg) {
-      if (!worker.connection || worker.connection.destroyed) return;
-      try {
-        worker.connection.write(JSON.stringify(msg) + "\n");
-      } catch (e) {
-        console.error("[sdk-bridge] Failed to send to worker:", e.message);
-      }
-    };
-
-    worker.onMessage = function(handler) {
-      worker.messageHandlers.push(handler);
-    };
-
-    worker.kill = function() {
-      console.log("[sdk-bridge] worker.kill() called, pid=" + (worker.process ? worker.process.pid : "?") + " stack=" + new Error().stack.split("\n").slice(1, 4).join(" | "));
-      worker.send({ type: "shutdown" });
-      // Force kill after 5 seconds if still alive (gives SDK time to save session)
-      setTimeout(function() {
-        if (worker.process && !worker.process.killed) {
-          try { worker.process.kill("SIGKILL"); } catch (e) {}
-        }
-      }, 5000);
-      // Don't call cleanupWorker here. Let the exit handler do it after
-      // the worker has had time to save SDK session state to disk.
-      // Closing the connection prematurely causes the worker to exit
-      // before the SDK can flush its session file, leading to "no
-      // conversation found" errors on resume (OS multi-user mode).
-    };
-
-    return worker;
-  }
-
-  function cleanupWorker(worker) {
-    console.log("[sdk-bridge] cleanupWorker() called, pid=" + (worker.process ? worker.process.pid : "?") + " stack=" + new Error().stack.split("\n").slice(1, 4).join(" | "));
-    if (worker._abortTimeout) { clearTimeout(worker._abortTimeout); worker._abortTimeout = null; }
-    if (worker.connection && !worker.connection.destroyed) {
-      try { worker.connection.end(); } catch (e) {}
-    }
-    if (worker.server) {
-      try { worker.server.close(); } catch (e) {}
-    }
-    // Remove socket file
-    try { fs.unlinkSync(worker.socketPath); } catch (e) {}
-    worker.ready = false;
-  }
-
-  /**
-   * Start a query via a worker process running as the target Linux user.
-   * Mirrors the in-process startQuery flow but delegates SDK execution to the worker.
-   */
-  async function startQueryViaWorker(session, text, images, linuxUser) {
-    var t0 = session._queryStartTs || Date.now();
-    function perf(label) { console.log("[PERF] sdk-bridge: " + label + " +" + (Date.now() - t0) + "ms"); }
-    perf("startQueryViaWorker entered");
-
-    // Wait for the previous worker to fully exit before spawning a new one.
-    // Without this, the new worker may try to resume the SDK session file
-    // while the old worker is still flushing it to disk (800ms grace period),
-    // causing "no conversation found" and losing all prior context.
-    if (session._workerExitPromise) {
-      perf("waiting for old worker exit");
-      var exitWait = session._workerExitPromise;
-      session._workerExitPromise = null;
-      await Promise.race([
-        exitWait,
-        new Promise(function(resolve) { setTimeout(resolve, 3000); }),
-      ]);
-      perf("old worker exit wait done");
-    }
-
-    // Reuse existing worker if alive, otherwise spawn a new one.
-    // Spawn FIRST so the worker starts booting while we do dir setup below.
-    var worker;
-    var reusingWorker = false;
-    if (session.worker && session.worker.ready && session.worker.process && !session.worker.process.killed) {
-      worker = session.worker;
-      reusingWorker = true;
-      // Clear old message handlers so they don't fire for the new query
-      worker.messageHandlers = [];
-      worker._queryEnded = false;
-      worker._abortSent = false;
-      perf("reusing existing worker pid=" + (worker.process ? worker.process.pid : "?"));
-    } else {
-      try {
-        perf("spawning new worker");
-        worker = spawnWorker(linuxUser);
-        perf("spawnWorker returned");
-        session.worker = worker;
-      } catch (e) {
-        session.isProcessing = false;
-        onProcessingChanged();
-        sendAndRecord(session, { type: "error", text: "Failed to spawn worker for " + linuxUser + ": " + (e.message || e) });
-        sendAndRecord(session, { type: "done", code: 1 });
-        sm.broadcastSessionList();
-        return;
-      }
-    }
-
-    // Ensure the linux user's .claude project directory exists and is writable,
-    // then pre-copy CLI session file if needed. This runs while the worker is
-    // booting (readyPromise pending), so it adds no extra latency.
-    perf("dir setup start");
-    if (linuxUser) {
-      try {
-        var configMod = require("./config");
-        var osUsersMod = require("./os-users");
-        var originalHome = configMod.REAL_HOME || require("os").homedir();
-        var linuxUserHome = osUsersMod.getLinuxUserHome(linuxUser);
-        var uid = osUsersMod.getLinuxUserUid(linuxUser);
-        if (originalHome !== linuxUserHome && uid != null) {
-          var projectSlug = (cwd || "").replace(/\//g, "-");
-          var dstDir = path.join(linuxUserHome, ".claude", "projects", projectSlug);
-          // Create and chown the project directory once
-          if (!fs.existsSync(dstDir)) {
-            fs.mkdirSync(dstDir, { recursive: true });
-            try { require("child_process").execSync("chown -R " + uid + " " + JSON.stringify(path.join(linuxUserHome, ".claude"))); } catch (e2) {}
-          } else {
-            try {
-              var dirStat = fs.statSync(dstDir);
-              if (dirStat.uid !== uid) {
-                require("child_process").execSync("chown " + uid + " " + JSON.stringify(dstDir));
-              }
-            } catch (e2) {}
-          }
-          // Pre-copy CLI session file so the worker can resume the conversation
-          if (session.cliSessionId) {
-            var sessionFileName = session.cliSessionId + ".jsonl";
-            var srcFile = path.join(originalHome, ".claude", "projects", projectSlug, sessionFileName);
-            var dstFile = path.join(dstDir, sessionFileName);
-            if (fs.existsSync(srcFile) && !fs.existsSync(dstFile)) {
-              fs.copyFileSync(srcFile, dstFile);
-              try { require("child_process").execSync("chown " + uid + " " + JSON.stringify(dstFile)); } catch (e2) {}
-              console.log("[sdk-bridge] Pre-copied CLI session " + session.cliSessionId + " to " + linuxUser);
-            }
-          }
-        }
-      } catch (copyErr) {
-        console.log("[sdk-bridge] Dir setup / session pre-copy skipped:", copyErr.message);
-      }
-    }
-    perf("dir setup done");
-
-    session.messageQueue = "worker"; // sentinel: messages go via worker IPC
-    session.blocks = {};
-    session.sentToolResults = {};
-    session.activeTaskToolIds = {};
-    session.pendingElicitations = {};
-    session.streamedText = false;
-    session.responsePreview = "";
-    session.abortController = { abort: function() {
-      console.log("[sdk-bridge] ABORT sent to worker pid=" + (worker.process ? worker.process.pid : "?"));
-      worker._abortSent = true;
-      try { worker.send({ type: "abort" }); } catch (e) {}
-      // If the worker doesn't finish within 5s (e.g. subagent stuck), force-kill it.
-      // The worker exit handler will dispatch a fallback query_error and send done.
-      if (worker._abortTimeout) clearTimeout(worker._abortTimeout);
-      worker._abortTimeout = setTimeout(function() {
-        if (worker.process && !worker.process.killed && session.isProcessing) {
-          console.log("[sdk-bridge] Abort timeout: force-killing worker pid=" + (worker.process ? worker.process.pid : "?"));
-          try { worker.process.kill("SIGKILL"); } catch (e) {}
-        }
-      }, 5000);
-    } };
-
-    // Build initial user message content
-    var content = [];
-    if (images && images.length > 0) {
-      for (var i = 0; i < images.length; i++) {
-        content.push({
-          type: "image",
-          source: { type: "base64", media_type: images[i].mediaType, data: images[i].data },
-        });
-      }
-    }
-    if (text) {
-      content.push({ type: "text", text: text });
-    }
-
-    var initialMessage = {
-      type: "user",
-      message: { role: "user", content: content },
-    };
-
-    // Build serializable query options (no callbacks, no AbortController)
-    var queryOptions = {
-      cwd: cwd,
-      settingSources: ["user", "project", "local"],
-      includePartialMessages: true,
-      enableFileCheckpointing: true,
-      extraArgs: { "replay-user-messages": null },
-      promptSuggestions: true,
-      agentProgressSummaries: true,
-    };
-
-    // MCP servers contain circular references (McpServer instances) and cannot
-    // be serialized for IPC. Instead, extract serializable tool descriptors and
-    // proxy tool calls back to the daemon via IPC.
-    var _mergedMcp = mergeMcpServers(mcpServers, getRemoteMcpServers);
-    var _mcpDescriptors = extractMcpDescriptors(_mergedMcp);
-    // Do NOT put _mergedMcp into queryOptions; the worker will reconstruct
-    // MCP servers from descriptors with IPC-proxied handlers.
-
-    // Per-loop settings override global defaults when present
-    var ls2 = session.loopSettings || {};
-
-    if (ls2.model || sm.currentModel) queryOptions.model = ls2.model || sm.currentModel;
-    if (ls2.effort || sm.currentEffort) queryOptions.effort = ls2.effort || sm.currentEffort;
-    if (sm.currentBetas && sm.currentBetas.length > 0) queryOptions.betas = sm.currentBetas;
-
-    var thinkingMode2 = ls2.thinking || sm.currentThinking;
-    if (thinkingMode2 === "disabled") {
-      queryOptions.thinking = { type: "disabled" };
-    } else if (thinkingMode2 === "budget") {
-      var budgetTokens2 = ls2.thinkingBudget || sm.currentThinkingBudget;
-      if (budgetTokens2) queryOptions.thinking = { type: "enabled", budgetTokens: budgetTokens2 };
-    }
-
-    if (ls2.disableAllHooks !== undefined) {
-      queryOptions.settings = Object.assign({}, queryOptions.settings || {}, { disableAllHooks: ls2.disableAllHooks });
-    }
-
-    if (dangerouslySkipPermissions) {
-      queryOptions.allowDangerouslySkipPermissions = true;
-    }
-    var modeToApply = ls2.permissionMode || (session.acceptEditsAfterStart ? "acceptEdits" : sm.currentPermissionMode);
-    if (session.acceptEditsAfterStart) delete session.acceptEditsAfterStart;
-    if (modeToApply && modeToApply !== "default") {
-      queryOptions.permissionMode = modeToApply;
-    }
-
-    if (session.cliSessionId) {
-      queryOptions.resume = session.cliSessionId;
-      if (session.lastRewindUuid) {
-        queryOptions.resumeSessionAt = session.lastRewindUuid;
-        delete session.lastRewindUuid;
-        // Persist the deletion so server restarts don't re-use a stale UUID
-        sm.saveSessionFile(session);
-      }
-    }
-
-    // Set up message handler for worker events
-    var firstEventLogged = false;
-    worker.onMessage(function(msg) {
-      if (!firstEventLogged && msg.type === "sdk_event") {
-        firstEventLogged = true;
-        perf("FIRST sdk_event received (type=" + (msg.event && msg.event.type || "?") + ")");
-      }
-      switch (msg.type) {
-        case "sdk_event":
-          processSDKMessage(session, msg.event);
-          break;
-
-        case "permission_request":
-          handleCanUseTool(session, msg.toolName, msg.input, {
-            toolUseID: msg.toolUseId,
-            decisionReason: msg.decisionReason,
-            signal: session.abortController ? { addEventListener: function() {} } : undefined,
-          }).then(function(result) {
-            worker.send({ type: "permission_response", requestId: msg.requestId, result: result });
-          }).catch(function(e) {
-            console.error("[sdk-bridge] permission_response send failed:", e.message || e);
-          });
-          break;
-
-        case "ask_user_request":
-          // Delegate to the daemon's AskUserQuestion handling
-          handleCanUseTool(session, "AskUserQuestion", msg.input, {
-            toolUseID: msg.toolUseId,
-            signal: session.abortController ? { addEventListener: function() {} } : undefined,
-          }).then(function(result) {
-            worker.send({ type: "ask_user_response", toolUseId: msg.toolUseId, result: result });
-          }).catch(function(e) {
-            console.error("[sdk-bridge] ask_user_response send failed:", e.message || e);
-          });
-          break;
-
-        case "elicitation_request":
-          handleElicitation(session, {
-            serverName: msg.serverName,
-            message: msg.message,
-            mode: msg.mode,
-            url: msg.url,
-            elicitationId: msg.elicitationId,
-            requestedSchema: msg.requestedSchema,
-          }, {
-            signal: session.abortController ? { addEventListener: function() {} } : undefined,
-          }).then(function(result) {
-            worker.send({ type: "elicitation_response", requestId: msg.requestId, result: result });
-          }).catch(function(e) {
-            console.error("[sdk-bridge] elicitation_response send failed:", e.message || e);
-          });
-          break;
-
-        case "mcp_tool_call":
-          // Worker is proxying an MCP tool call back to the daemon where
-          // the actual MCP server instances (with handlers) live.
-          callMcpToolHandler(_mergedMcp, msg.serverName, msg.toolName, msg.args)
-            .then(function(result) {
-              worker.send({ type: "mcp_tool_result", requestId: msg.requestId, result: result });
-            })
-            .catch(function(e) {
-              worker.send({ type: "mcp_tool_result", requestId: msg.requestId, error: e.message || String(e) });
-            });
-          break;
-
-        case "context_usage":
-          session.lastContextUsage = msg.data;
-          sendToSession(session, { type: "context_usage", data: msg.data });
-          break;
-
-        case "query_done":
-          console.log("[sdk-bridge] IPC query_done received, pid=" + (worker.process ? worker.process.pid : "?"));
-          // Mark that we received a proper IPC completion, so the exit
-          // handler fallback knows not to double-process.
-          worker._queryEnded = true;
-          // Stream ended normally
-          if (session.isProcessing && session.taskStopRequested) {
-            session.isProcessing = false;
-            onProcessingChanged();
-            sendAndRecord(session, { type: "info", text: "Interrupted \u00b7 What should Claude do instead?" });
-            sendAndRecord(session, { type: "done", code: 0 });
-            sm.broadcastSessionList();
-          }
-          cleanupSessionWorker(session, worker);
-          // Mark session as done so late rate_limit_event can detect race condition
-          session.isProcessing = false;
-          // Auto-continue on rate limit (scheduler sessions, or user setting)
-          var doneDidScheduleAC = false;
-          var doneACEnabled = session.onQueryComplete || (typeof opts.getAutoContinueSetting === "function" && opts.getAutoContinueSetting(session));
-          console.log("[sdk-bridge] query_done: session " + session.localId + " rateLimitResetsAt=" + session.rateLimitResetsAt + " acEnabled=" + doneACEnabled + " destroying=" + session.destroying + " scheduledMessage=" + !!session.scheduledMessage);
-          if (session.rateLimitResetsAt && session.rateLimitResetsAt > Date.now()
-              && doneACEnabled && !session.destroying) {
-            var doneResetsAt = session.rateLimitResetsAt;
-            session.rateLimitResetsAt = null;
-            session.rateLimitAutoContinuePending = true;
-            doneDidScheduleAC = true;
-            console.log("[sdk-bridge] Rate limited (worker/query_done), scheduling auto-continue for session " + session.localId);
-            if (typeof opts.scheduleMessage === "function") {
-              opts.scheduleMessage(session, "continue", doneResetsAt);
-            }
-          }
-          if (session.onQueryComplete && !doneDidScheduleAC) {
-            try { session.onQueryComplete(session); } catch (err) {
-              console.error("[sdk-bridge] onQueryComplete error:", err.message || err);
-            }
-          }
-          break;
-
-        case "query_error": {
-          console.log("[sdk-bridge] IPC query_error received, pid=" + (worker.process ? worker.process.pid : "?") + " _fallback=" + !!msg._fallback + " _queryEnded=" + worker._queryEnded + " error=" + (msg.error || "").substring(0, 100));
-          // Skip fallback errors from exit handler if we already handled the real one
-          if (msg._fallback && worker._queryEnded) break;
-          // Mark that we received a proper IPC completion
-          worker._queryEnded = true;
-          // Check session-not-found before isProcessing gate (it can arrive after processing is cleared)
-          var qerrLower = (msg.error || "").toLowerCase();
-          // Only match the exact SDK error, not generic worker stderr
-          var isSessionNotFound = qerrLower.indexOf("no conversation found with session id") !== -1;
-          if (isSessionNotFound) {
-            // Clear stale cliSessionId so next message starts a fresh
-            // conversation in the same UI session.
-            session.cliSessionId = null;
-          }
-          if (session.isProcessing) {
-            session.isProcessing = false;
-            onProcessingChanged();
-            var isAbort = (msg.error && (msg.error.indexOf("AbortError") !== -1 || msg.error.indexOf("aborted") !== -1))
-              || session.taskStopRequested;
-            if (isAbort) {
-              if (!session.destroying) {
-                sendAndRecord(session, { type: "info", text: "Interrupted \u00b7 What should Claude do instead?" });
-                sendAndRecord(session, { type: "done", code: 0 });
-              }
-            } else if (session.destroying) {
-              console.log("[sdk-bridge] Suppressing worker error during shutdown for session " + session.localId);
-            } else {
-              var errDetail = msg.error || "Unknown error";
-              if (msg.stderr) errDetail += "\nstderr: " + msg.stderr;
-              if (msg.exitCode != null) errDetail += " (exitCode: " + msg.exitCode + ")";
-              console.error("[sdk-bridge] Worker query error for session " + session.localId + ":", errDetail);
-
-              var errLower = errDetail.toLowerCase();
-              var isContextOverflow = errLower.indexOf("prompt is too long") !== -1
-                || errLower.indexOf("context_length") !== -1
-                || errLower.indexOf("maximum context length") !== -1;
-              var isAuthError = errLower.indexOf("not logged in") !== -1
-                || errLower.indexOf("unauthenticated") !== -1
-                || errLower.indexOf("authentication") !== -1
-                || errLower.indexOf("sign in") !== -1
-                || errLower.indexOf("log in") !== -1
-                || errLower.indexOf("please login") !== -1;
-              if (isContextOverflow) {
-                sendAndRecord(session, { type: "context_overflow", text: "Conversation too long to continue." });
-              } else if (isAuthError) {
-                var authUser = session.ownerId ? usersModule.findUserById(session.ownerId) : null;
-                var authLinuxUser = authUser && authUser.linuxUser ? authUser.linuxUser : null;
-                // Determine if auto-login (auto terminal + claude) is safe:
-                // - Single-user mode: always ok
-                // - Multi-user + OS user isolation (linuxUser set): ok (isolated)
-                // - Multi-user + admin role: ok (they own the shared account)
-                // - Multi-user + regular user (no linuxUser): not ok (shared account)
-                var canAutoLogin = !usersModule.isMultiUser()
-                  || !!authLinuxUser
-                  || (authUser && authUser.role === "admin");
-                sendAndRecord(session, {
-                  type: "auth_required",
-                  text: "Claude Code is not logged in.",
-                  linuxUser: authLinuxUser,
-                  canAutoLogin: canAutoLogin,
-                });
-              } else {
-                var errText = msg.error || "Unknown error";
-                // When stderr is empty, fall back to worker stderr buffer (covers hook failures at session start)
-                if (!msg.stderr && worker._stderrBuf) {
-                  errText += "\n" + worker._stderrBuf.trim();
-                }
-                sendAndRecord(session, { type: "error", text: "Claude process error: " + errText });
-              }
-              sendAndRecord(session, { type: "done", code: 1 });
-            }
-            sm.broadcastSessionList();
-          }
-          cleanupSessionWorker(session, worker);
-          // Mark session as done so late rate_limit_event can detect race condition
-          session.isProcessing = false;
-          // Auto-continue on rate limit (scheduler sessions, or user setting)
-          var workerDidScheduleAC = false;
-          var workerACEnabled = session.onQueryComplete || (typeof opts.getAutoContinueSetting === "function" && opts.getAutoContinueSetting(session));
-          if (session.rateLimitResetsAt && session.rateLimitResetsAt > Date.now()
-              && workerACEnabled && !session.destroying) {
-            var wacResetsAt = session.rateLimitResetsAt;
-            session.rateLimitResetsAt = null;
-            session.rateLimitAutoContinuePending = true;
-            workerDidScheduleAC = true;
-            console.log("[sdk-bridge] Rate limited (worker), scheduling auto-continue via scheduleMessage for session " + session.localId);
-            if (typeof opts.scheduleMessage === "function") {
-              opts.scheduleMessage(session, "continue", wacResetsAt);
+            var dirStat = fs.statSync(dstDir);
+            if (dirStat.uid !== uid) {
+              require("child_process").execSync("chown " + uid + " " + JSON.stringify(dstDir));
             }
-          }
-          if (session.onQueryComplete && !workerDidScheduleAC) {
-            try { session.onQueryComplete(session); } catch (err) {
-              console.error("[sdk-bridge] onQueryComplete error:", err.message || err);
-            }
-          }
-          break;
+          } catch (e2) {}
         }
-
-        case "model_changed":
-          sm.currentModel = msg.model;
-          send({ type: "model_info", model: msg.model, models: sm.availableModels || [] });
-          send({ type: "config_state", model: sm.currentModel, mode: sm.currentPermissionMode || "default", effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
-          break;
-
-        case "effort_changed":
-          sm.currentEffort = msg.effort;
-          send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode || "default", effort: sm.currentEffort, betas: sm.currentBetas || [] });
-          break;
-
-        case "permission_mode_changed":
-          sm.currentPermissionMode = msg.mode;
-          send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode, effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
-          break;
-
-        case "worker_error":
-          send({ type: "error", text: msg.error });
-          break;
-      }
-    });
-
-    // Wait for worker to be ready, then send query
-    if (!reusingWorker) {
-      perf("awaiting readyPromise");
-      try {
-        await worker.readyPromise;
-        perf("readyPromise resolved");
-      } catch (e) {
-        session.isProcessing = false;
-        onProcessingChanged();
-        sendAndRecord(session, { type: "error", text: "Worker failed to connect: " + (e.message || e) });
-        sendAndRecord(session, { type: "done", code: 1 });
-        sm.broadcastSessionList();
-        killSessionWorker(session);
-        return;
-      }
-    }
-
-    perf("sending query_start to worker");
-    worker.send({
-      type: "query_start",
-      prompt: initialMessage,
-      options: queryOptions,
-      mcpDescriptors: _mcpDescriptors,
-      singleTurn: !!session.singleTurn,
-      originalHome: require("./config").REAL_HOME || null,
-      projectPath: session.cwd || null,
-      _perfT0: t0,
-    });
-    perf("query_start sent");
-  }
-
-  function cleanupSessionWorker(session, fromWorker) {
-    console.log("[sdk-bridge] cleanupSessionWorker() called, localId=" + session.localId +
-      " fromWorkerPid=" + (fromWorker && fromWorker.process ? fromWorker.process.pid : "none") +
-      " currentWorkerPid=" + (session.worker && session.worker.process ? session.worker.process.pid : "none") +
-      " stack=" + new Error().stack.split("\n").slice(1, 4).join(" | "));
-    // If called from a specific worker's exit/error handler, only cleanup if
-    // that worker is still the session's current worker. Prevents stale
-    // worker exit events from killing a newer worker.
-    if (fromWorker && session.worker && session.worker !== fromWorker) {
-      console.log("[sdk-bridge] cleanupSessionWorker: stale worker guard triggered, skipping");
-      return;
-    }
-    session.queryInstance = null;
-    session.messageQueue = null;
-    session.abortController = null;
-    session.taskStopRequested = false;
-    session.pendingPermissions = {};
-    session.pendingAskUser = {};
-    session.pendingElicitations = {};
-    // Keep the worker alive between queries so the SDK can maintain session
-    // state in memory. Killing the worker after each query forces resume from
-    // disk, but the SDK may not save the session file on abort, causing
-    // "no conversation found" and losing all conversation history.
-    // The worker is only killed when the UI session is destroyed or on error.
-  }
-
-  // Force-kill the worker and remove it from the session.
-  // Used when the session is destroyed or on unrecoverable errors.
-  function killSessionWorker(session) {
-    if (session.worker) {
-      session._workerExitPromise = session.worker.exitPromise;
-      session.worker.kill();
-      session.worker = null;
-    }
-  }
-
-  /**
-   * Run warmup via a worker process for a specific Linux user.
-   */
-  async function warmupViaWorker(linuxUser) {
-    var worker;
-    try {
-      worker = spawnWorker(linuxUser);
-    } catch (e) {
-      send({ type: "error", text: "Failed to spawn warmup worker for " + linuxUser + ": " + (e.message || e) });
-      return;
-    }
-
-    var warmupDone = false;
-
-    worker.onMessage(function(msg) {
-      if (msg.type === "warmup_done" && !warmupDone) {
-        warmupDone = true;
-        var result = msg.result || {};
-        var fsSkills = discoverSkillDirs();
-        sm.skillNames = mergeSkills(result.skills, fsSkills);
-        if (result.slashCommands) {
-          var seen = new Set();
-          var combined = [];
-          var all = result.slashCommands.concat(Array.from(sm.skillNames));
-          for (var k = 0; k < all.length; k++) {
-            if (!seen.has(all[k])) {
-              seen.add(all[k]);
-              combined.push(all[k]);
-            }
+        // Pre-copy CLI session file so the worker can resume the conversation
+        if (session.cliSessionId) {
+          var sessionFileName = session.cliSessionId + ".jsonl";
+          var srcFile = path.join(originalHome, ".claude", "projects", projectSlug, sessionFileName);
+          var dstFile = path.join(dstDir, sessionFileName);
+          if (fs.existsSync(srcFile) && !fs.existsSync(dstFile)) {
+            fs.copyFileSync(srcFile, dstFile);
+            try { require("child_process").execSync("chown " + uid + " " + JSON.stringify(dstFile)); } catch (e2) {}
+            console.log("[sdk-bridge] Pre-copied CLI session " + session.cliSessionId + " to " + linuxUser);
           }
-          sm.slashCommands = combined;
-          send({ type: "slash_commands", commands: sm.slashCommands });
-        }
-        if (result.model) {
-          sm.currentModel = sm._savedDefaultModel || result.model;
         }
-        sm.availableModels = result.models || [];
-        send({ type: "model_info", model: sm.currentModel || "", models: sm.availableModels || [] });
-        worker.kill();
-      } else if (msg.type === "warmup_error" && !warmupDone) {
-        warmupDone = true;
-        send({ type: "error", text: msg.error || "Warmup failed" });
-        worker.kill();
       }
-    });
-
-    try {
-      await worker.readyPromise;
-    } catch (e) {
-      send({ type: "error", text: "Warmup worker failed to connect: " + (e.message || e) });
-      cleanupWorker(worker);
-      return;
+    } catch (copyErr) {
+      console.log("[sdk-bridge] Dir setup / session pre-copy skipped:", copyErr.message);
     }
-
-    var warmupOptions = { cwd: cwd, settingSources: ["user", "project", "local"], settings: { disableAllHooks: true } };
-    if (dangerouslySkipPermissions) {
-      warmupOptions.permissionMode = "bypassPermissions";
-      warmupOptions.allowDangerouslySkipPermissions = true;
-    }
-    worker.send({ type: "warmup", options: warmupOptions });
   }
 
   // --- SDK query lifecycle ---
@@ -1235,6 +478,7 @@ function createSDKBridge(opts) {
         toolInput: input,
         toolUseId: opts.toolUseID,
         decisionReason: opts.decisionReason || "",
+        vendor: session.vendor || (adapter && adapter.vendor) || "claude",
       };
       sendAndRecord(session, permMsg);
       onProcessingChanged(); // update cross-project permission badge
@@ -1338,19 +582,53 @@ function createSDKBridge(opts) {
     // Capture references at start so we only clean up OUR resources in finally,
     // not resources from a newer query that may have been created after an abort.
     var myQueryInstance = session.queryInstance;
-    var myMessageQueue = session.messageQueue;
     var myAbortController = session.abortController;
+    console.log("[sdk-bridge] processQueryStream: starting for-await loop, vendor=" + (session.vendor || adapter.vendor));
     try {
       for await (var msg of myQueryInstance) {
+        console.log("[sdk-bridge] processQueryStream: received event yokeType=" + (msg && msg.yokeType) + " type=" + (msg && msg.type) + (msg && msg.text ? " text=" + msg.text.substring(0, 200) : ""));
+        // Handle worker meta events (context_usage, model_changed, etc.)
+        if (msg && msg.type === "_worker_meta") {
+          var metaData = msg.data || {};
+          switch (msg.subtype) {
+            case "context_usage":
+              session.lastContextUsage = metaData.data;
+              sendToSession(session, { type: "context_usage", data: metaData.data });
+              break;
+            case "model_changed":
+              sm.currentModel = metaData.model;
+              send({ type: "model_info", model: metaData.model, models: sm.availableModels || [], vendor: adapter.vendor });
+              send({ type: "config_state", model: sm.currentModel, mode: sm.currentPermissionMode || "default", effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
+              break;
+            case "effort_changed":
+              sm.currentEffort = metaData.effort;
+              send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode || "default", effort: sm.currentEffort, betas: sm.currentBetas || [] });
+              break;
+            case "permission_mode_changed":
+              sm.currentPermissionMode = metaData.mode;
+              send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode, effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
+              break;
+            case "worker_error":
+              send({ type: "error", text: metaData.error });
+              break;
+          }
+          continue;
+        }
         processSDKMessage(session, msg);
       }
       // (getContextUsage moved to processSDKMessage result handler -- fire-and-forget)
       // Stream ended normally after a task stop — no "result" message was sent,
       // so the session is still marked as processing. Send interrupted feedback.
+      console.log("[sdk-bridge] processQueryStream ended: isProcessing=" + session.isProcessing + " taskStopRequested=" + session.taskStopRequested);
       if (session.isProcessing && session.taskStopRequested) {
         session.isProcessing = false;
         onProcessingChanged();
-        sendAndRecord(session, { type: "info", text: "Interrupted \u00b7 What should Claude do instead?" });
+        send({ type: "status", processing: false });
+        sendAndRecord(session, { type: "thinking_stop" });
+        var interruptMsg = (session.vendor === "codex")
+          ? "\u25a0 Conversation interrupted - tell the model what to do differently."
+          : "Interrupted \u00b7 What should Claude do instead?";
+        sendAndRecord(session, { type: "info", text: interruptMsg });
         sendAndRecord(session, { type: "done", code: 0 });
         sm.broadcastSessionList();
       }
@@ -1360,7 +638,11 @@ function createSDKBridge(opts) {
         onProcessingChanged();
         if (err.name === "AbortError" || (myAbortController && myAbortController.signal.aborted) || session.taskStopRequested) {
           if (!session.destroying) {
-            sendAndRecord(session, { type: "info", text: "Interrupted \u00b7 What should Claude do instead?" });
+            sendAndRecord(session, { type: "thinking_stop" });
+            var interruptMsg2 = (session.vendor === "codex")
+              ? "\u25a0 Conversation interrupted - tell the model what to do differently."
+              : "Interrupted \u00b7 What should Claude do instead?";
+            sendAndRecord(session, { type: "info", text: interruptMsg2 });
             sendAndRecord(session, { type: "done", code: 0 });
           }
         } else if (session.destroying) {
@@ -1433,7 +715,7 @@ function createSDKBridge(opts) {
         } catch (e) {}
         session.queryInstance = null;
       }
-      if (session.messageQueue === myMessageQueue) session.messageQueue = null;
+      session.messageQueue = null;
       if (session.abortController === myAbortController) session.abortController = null;
       session.taskStopRequested = false;
       session.pendingPermissions = {};
@@ -1478,58 +760,157 @@ function createSDKBridge(opts) {
   async function getOrCreateRewindQuery(session) {
     if (session.queryInstance) return { query: session.queryInstance, isTemp: false, cleanup: function() {} };
 
-    var sdk;
+    var handle;
     try {
-      sdk = await getSDK();
+      handle = await adapter.createQuery({
+        cwd: cwd,
+        resumeSessionId: session.cliSessionId,
+        adapterOptions: {
+          CLAUDE: {
+            settingSources: ["user", "project", "local"],
+            enableFileCheckpointing: true,
+          },
+        },
+      });
     } catch (e) {
       sendAndRecord(session, { type: "error", text: "Failed to load Claude SDK: " + (e.message || e) });
       throw e;
     }
-    var mq = createMessageQueue();
-
-    var tempQuery = sdk.query({
-      prompt: mq,
-      options: {
-        cwd: cwd,
-        settingSources: ["user", "project", "local"],
-        enableFileCheckpointing: true,
-        resume: session.cliSessionId,
-      },
-    });
 
-    // Drain messages in background (stream stays alive until mq.end())
+    // Drain messages in background (stream stays alive until close)
     (async function() {
-      try { for await (var msg of tempQuery) {} } catch(e) {}
+      try { for await (var msg of handle) {} } catch(e) {}
     })();
 
     return {
-      query: tempQuery,
+      query: handle,
       isTemp: true,
-      cleanup: function() { try { mq.end(); } catch(e) {} },
+      cleanup: function() { try { handle.close(); } catch(e) {} },
     };
   }
 
-  async function startQuery(session, text, images, linuxUser) {
-    // Remember linuxUser for auto-continue after rate limit
-    session.lastLinuxUser = linuxUser || null;
-    // OS-level isolation: delegate to worker process if linuxUser is set
-    if (linuxUser) {
-      return startQueryViaWorker(session, text, images, linuxUser);
+  // --- Unified rewind/fork interface (adapter-agnostic) ---
+
+  async function rewindPreview(session, uuid) {
+    var sessionAdapter = getAdapterForSession(session);
+    // Adapters with rollbackThread (e.g. Codex) do chat-only rewind, no file diffs
+    if (sessionAdapter && typeof sessionAdapter.rollbackThread === "function") {
+      return { preview: { filesChanged: [] }, diffs: {}, chatOnly: true };
+    }
+    // Claude path: use rewindFiles with dryRun
+    var result = await getOrCreateRewindQuery(session);
+    try {
+      var preview = await result.query.rewindFiles(uuid, { dryRun: true });
+      var diffs = {};
+      var changedFiles = preview.filesChanged || [];
+      for (var f = 0; f < changedFiles.length; f++) {
+        try {
+          diffs[changedFiles[f]] = require("child_process").execFileSync(
+            "git", ["diff", "HEAD", "--", changedFiles[f]],
+            { cwd: cwd, encoding: "utf8", timeout: 5000 }
+          ) || "";
+        } catch (e) { diffs[changedFiles[f]] = ""; }
+      }
+      return { preview: preview, diffs: diffs, chatOnly: false };
+    } finally {
+      if (result.isTemp) result.cleanup();
     }
+  }
 
-    var sdk;
+  async function rewindExecuteFiles(session, uuid) {
+    var sessionAdapter = getAdapterForSession(session);
+    // Adapters with rollbackThread skip file restoration
+    if (sessionAdapter && typeof sessionAdapter.rollbackThread === "function") return;
+    // Claude path: restore files
+    var result = await getOrCreateRewindQuery(session);
     try {
-      sdk = await getSDK();
-    } catch (e) {
-      session.isProcessing = false;
-      onProcessingChanged();
-      sendAndRecord(session, { type: "error", text: "Failed to load Claude SDK: " + (e.message || e) });
+      await result.query.rewindFiles(uuid, { dryRun: false });
+    } finally {
+      if (result.isTemp) result.cleanup();
+    }
+  }
+
+  async function rollbackConversation(session, numTurns) {
+    var sessionAdapter = getAdapterForSession(session);
+    if (sessionAdapter && typeof sessionAdapter.rollbackThread === "function") {
+      await sessionAdapter.rollbackThread(session.cliSessionId, numTurns);
+    }
+    // Claude: conversation rollback is handled by rewindFiles + local history trim
+  }
+
+  function getAdapterForSession(session) {
+    var vendor = session.vendor || sm.defaultVendor || "claude";
+    return adapters[vendor] || adapter;
+  }
+
+  async function forkSessionUnified(session, uuid) {
+    var sessionAdapter = getAdapterForSession(session);
+    var result = await sessionAdapter.forkSession(session.cliSessionId, { upToMessageId: uuid, dir: cwd });
+    if (!result || !result.sessionId) throw new Error("Fork returned no session id");
+
+    // Adapters with rollbackThread (e.g. Codex) use local history copy
+    if (typeof sessionAdapter.rollbackThread === "function") {
+      return { sessionId: result.sessionId, useLocalHistory: true };
+    }
+    // Claude: read history from CLI session files
+    return { sessionId: result.sessionId, useLocalHistory: false };
+  }
+
+  async function startQuery(session, text, images, linuxUser) {
+    // If vendor is set but adapter not ready, try lazy creation (user may have logged in)
+    if (session.vendor && !adapters[session.vendor]) {
+      var yoke = require("./yoke");
+      var lazyAdapter = yoke.lazyCreateAdapter(adapters, session.vendor, { cwd: cwd });
+      if (lazyAdapter) {
+        console.log("[sdk-bridge] Lazy adapter created for " + session.vendor);
+      }
+    }
+    // If still not available after lazy check, send auth_required
+    if (session.vendor && !adapters[session.vendor]) {
+      var vendorName = session.vendor.charAt(0).toUpperCase() + session.vendor.slice(1);
+      var authUser = session.ownerId ? usersModule.findUserById(session.ownerId) : null;
+      var authLinuxUser = authUser && authUser.linuxUser ? authUser.linuxUser : null;
+      var canAutoLogin = !usersModule.isMultiUser()
+        || !!authLinuxUser
+        || (authUser && authUser.role === "admin");
+      sendAndRecord(session, {
+        type: "auth_required",
+        text: vendorName + " is not logged in.",
+        vendor: session.vendor,
+        loginCommand: session.vendor === "codex" ? "codex --login" : session.vendor + " login",
+        linuxUser: authLinuxUser,
+        canAutoLogin: canAutoLogin,
+      });
       sendAndRecord(session, { type: "done", code: 1 });
-      sm.broadcastSessionList();
       return;
     }
+    // Select adapter based on session vendor (fallback to default)
+    var sessionAdapter = (session.vendor && adapters[session.vendor]) || adapter;
+    console.log("[sdk-bridge] startQuery: vendor=" + sessionAdapter.vendor + " session=" + session.localId + " text=" + (text || "").substring(0, 50));
+    // Remember linuxUser for auto-continue after rate limit
+    session.lastLinuxUser = linuxUser || null;
+
+    var t0 = session._queryStartTs || Date.now();
+
+    // Wait for previous worker to fully exit before spawning a new one.
+    // Without this, the new worker may try to resume the SDK session file
+    // while the old worker is still flushing it to disk, causing
+    // "no conversation found" and losing all prior context.
+    // Harmless if null (no previous worker).
+    if (session._workerExitPromise) {
+      var exitWait = session._workerExitPromise;
+      session._workerExitPromise = null;
+      await Promise.race([
+        exitWait,
+        new Promise(function(resolve) { setTimeout(resolve, 3000); }),
+      ]);
+    }
+
+    // Ensure Linux user project directory exists (runs in parallel with worker boot)
+    if (linuxUser) {
+      ensureLinuxUserProjectDir(linuxUser, session);
+    }
 
-    session.messageQueue = createMessageQueue();
     session.blocks = {};
     session.sentToolResults = {};
     session.activeTaskToolIds = {};
@@ -1537,106 +918,117 @@ function createSDKBridge(opts) {
     session.streamedText = false;
     session.responsePreview = "";
 
-    // Build initial user message
-    var content = [];
-    if (images && images.length > 0) {
-      for (var i = 0; i < images.length; i++) {
-        content.push({
-          type: "image",
-          source: { type: "base64", media_type: images[i].mediaType, data: images[i].data },
-        });
-      }
+    // For in-process path, create AbortController. For worker path, the adapter
+    // handles abort internally and exposes it via handle.abort().
+    if (!linuxUser) {
+      session.abortController = new AbortController();
     }
-    if (text) {
-      content.push({ type: "text", text: text });
-    }
-
-    session.messageQueue.push({
-      type: "user",
-      message: { role: "user", content: content },
-    });
 
-    session.abortController = new AbortController();
-
-    var queryOptions = {
-      cwd: cwd,
+    // Build Claude-specific adapter options
+    var claudeOpts = {
       settingSources: ["user", "project", "local"],
       includePartialMessages: true,
       enableFileCheckpointing: true,
       extraArgs: { "replay-user-messages": null },
-      abortController: session.abortController,
       promptSuggestions: true,
       agentProgressSummaries: true,
-      mcpServers: mergeMcpServers(mcpServers, getRemoteMcpServers) || undefined,
-      canUseTool: function(toolName, input, toolOpts) {
-        return handleCanUseTool(session, toolName, input, toolOpts);
-      },
-      onElicitation: function(request, elicitOpts) {
-        return handleElicitation(session, request, elicitOpts);
-      },
     };
 
     // Per-loop settings override global defaults when present
     var ls = session.loopSettings || {};
 
-    if (ls.model || sm.currentModel) {
-      queryOptions.model = ls.model || sm.currentModel;
-    }
-
-    if (ls.effort || sm.currentEffort) {
-      queryOptions.effort = ls.effort || sm.currentEffort;
-    }
-
     if (sm.currentBetas && sm.currentBetas.length > 0) {
-      queryOptions.betas = sm.currentBetas;
+      claudeOpts.betas = sm.currentBetas;
     }
-
     var thinkingMode = ls.thinking || sm.currentThinking;
     if (thinkingMode === "disabled") {
-      queryOptions.thinking = { type: "disabled" };
+      claudeOpts.thinking = { type: "disabled" };
     } else if (thinkingMode === "budget") {
       var budgetTokens = ls.thinkingBudget || sm.currentThinkingBudget;
-      if (budgetTokens) queryOptions.thinking = { type: "enabled", budgetTokens: budgetTokens };
+      if (budgetTokens) claudeOpts.thinking = { type: "enabled", budgetTokens: budgetTokens };
     }
 
     if (ls.permissionMode) {
-      // Will be applied below, store for later
       session._loopPermissionMode = ls.permissionMode;
     }
 
     // Pass through any extra SDK settings from LOOP.json
     if (ls.disableAllHooks !== undefined) {
-      queryOptions.settings = Object.assign({}, queryOptions.settings || {}, { disableAllHooks: ls.disableAllHooks });
+      claudeOpts.settings = Object.assign({}, claudeOpts.settings || {}, { disableAllHooks: ls.disableAllHooks });
     }
 
     if (dangerouslySkipPermissions) {
-      queryOptions.allowDangerouslySkipPermissions = true;
+      claudeOpts.allowDangerouslySkipPermissions = true;
     }
-    // Pass permissionMode in queryOptions at creation time to avoid race condition
     var modeToApply = session._loopPermissionMode || (session.acceptEditsAfterStart ? "acceptEdits" : sm.currentPermissionMode);
     if (session.acceptEditsAfterStart) delete session.acceptEditsAfterStart;
     if (modeToApply && modeToApply !== "default") {
-      queryOptions.permissionMode = modeToApply;
+      claudeOpts.permissionMode = modeToApply;
+    }
+    if (session.cliSessionId && session.lastRewindUuid) {
+      claudeOpts.resumeSessionAt = session.lastRewindUuid;
+      delete session.lastRewindUuid;
+      sm.saveSessionFile(session);
+    }
+
+    // Pass linuxUser to adapter for worker-based queries
+    if (linuxUser) {
+      claudeOpts.linuxUser = linuxUser;
+      claudeOpts.singleTurn = !!session.singleTurn;
+      claudeOpts.originalHome = require("./config").REAL_HOME || null;
+      claudeOpts.projectPath = session.cwd || null;
+      claudeOpts._perfT0 = t0;
+      // Pass previous worker state for reuse
+      if (session._adapterWorkerState) {
+        claudeOpts._workerState = session._adapterWorkerState;
+        session._adapterWorkerState = null;
+      }
     }
 
-    if (session.cliSessionId) {
-      queryOptions.resume = session.cliSessionId;
-      if (session.lastRewindUuid) {
-        queryOptions.resumeSessionAt = session.lastRewindUuid;
-        delete session.lastRewindUuid;
-        // Persist the deletion so server restarts don't re-use a stale UUID
-        sm.saveSessionFile(session);
+    // Use vendor-specific model: if session vendor differs from default, use that vendor's default model
+    var queryModel = ls.model || sm.currentModel || undefined;
+    if (session.vendor && session.vendor !== (adapter && adapter.vendor)) {
+      var vendorModels = (sm.modelsByVendor && sm.modelsByVendor[session.vendor]) || [];
+      if (vendorModels.length > 0 && queryModel && vendorModels.indexOf(queryModel) === -1) {
+        queryModel = vendorModels[0];
       }
     }
 
+    var queryOpts = {
+      cwd: cwd,
+      model: queryModel,
+      effort: ls.effort || sm.currentEffort || undefined,
+      toolServers: mergeMcpServers(mcpServers, getRemoteMcpServers) || undefined,
+      resumeSessionId: session.cliSessionId || undefined,
+      abortController: linuxUser ? undefined : session.abortController,
+      canUseTool: function(toolName, input, toolOpts) {
+        return handleCanUseTool(session, toolName, input, toolOpts);
+      },
+      onElicitation: function(request, elicitOpts) {
+        return handleElicitation(session, request, elicitOpts);
+      },
+      adapterOptions: {
+        CLAUDE: claudeOpts,
+        CODEX: {
+          // Always use "never" (auto-approve) because Clay handles tool
+          // permissions via its own UI (checkToolWhitelist + handleCanUseTool).
+          // Codex's native approval prompts are terminal-based and cannot be
+          // relayed through Clay's web UI, causing MCP tool calls to hang.
+          approvalPolicy: "never",
+          sandboxMode: sm.codexSandbox || "workspace-write",
+          webSearchMode: sm.codexWebSearch || undefined,
+        },
+      },
+    };
+
+    var handle;
+    console.log("[sdk-bridge] calling adapter.createQuery... vendor=" + sessionAdapter.vendor);
     try {
-      session.queryInstance = sdk.query({
-        prompt: session.messageQueue,
-        options: queryOptions,
-      });
+      handle = await sessionAdapter.createQuery(queryOpts);
+      console.log("[sdk-bridge] createQuery returned handle, vendor=" + sessionAdapter.vendor);
     } catch (e) {
       console.error("[sdk-bridge] Failed to create query for session " + session.localId + ":", e.message || e);
-      console.error("[sdk-bridge] cliSessionId:", session.cliSessionId, "resume:", !!queryOptions.resume);
+      console.error("[sdk-bridge] cliSessionId:", session.cliSessionId, "resume:", !!session.cliSessionId);
       console.error("[sdk-bridge] Stack:", e.stack || "(no stack)");
       session.isProcessing = false;
       onProcessingChanged();
@@ -1649,12 +1041,38 @@ function createSDKBridge(opts) {
       return;
     }
 
+    // Store adapter worker state for reuse on next query
+    if (handle._adapterState) {
+      session._adapterWorkerState = handle._adapterState;
+      // Keep session.worker reference for external code (sessions.js, project.js)
+      // that needs to kill the worker on session destroy.
+      if (handle._adapterState.worker) {
+        session.worker = handle._adapterState.worker;
+      }
+    }
+
+    // For worker path, create an abortController wrapper that delegates to handle.abort()
+    if (linuxUser) {
+      session.abortController = {
+        abort: function() { handle.abort(); },
+        signal: { aborted: false, addEventListener: function() {} },
+      };
+    }
+
+    // Store QueryHandle on session for iteration and control.
+    session.queryInstance = handle;
+
+    // Push initial user message through the QueryHandle
+    console.log("[sdk-bridge] pushing initial message via handle.pushMessage...");
+    handle.pushMessage(text, images);
+    console.log("[sdk-bridge] pushMessage done, starting processQueryStream...");
+
     // For single-turn sessions (Ralph Loop), end the message queue so the SDK
     // query finishes after processing the one message. Without this, the query
     // stream stays open forever waiting for more messages, and onQueryComplete
     // never fires.
     if (session.singleTurn) {
-      session.messageQueue.end();
+      handle.endInput();
     }
 
     session.lastActivityAt = Date.now();
@@ -1663,28 +1081,10 @@ function createSDKBridge(opts) {
   }
 
   function pushMessage(session, text, images) {
-    var content = [];
-    if (images && images.length > 0) {
-      for (var i = 0; i < images.length; i++) {
-        content.push({
-          type: "image",
-          source: { type: "base64", media_type: images[i].mediaType, data: images[i].data },
-        });
-      }
-    }
-    if (text) {
-      content.push({ type: "text", text: text });
-    }
-    var userMsg = {
-      type: "user",
-      message: { role: "user", content: content },
-    };
     session.lastActivityAt = Date.now();
-    // Route through worker if active, otherwise direct to message queue
-    if (session.worker) {
-      session.worker.send({ type: "push_message", content: userMsg });
-    } else {
-      session.messageQueue.push(userMsg);
+    // Route through QueryHandle (works for both in-process and worker paths)
+    if (session.queryInstance && typeof session.queryInstance.pushMessage === "function") {
+      session.queryInstance.pushMessage(text, images);
     }
   }
 
@@ -1731,74 +1131,124 @@ function createSDKBridge(opts) {
     return text;
   }
 
-  // SDK warmup: grab slash_commands, model, and available models from SDK init
-  async function warmup(linuxUser) {
-    // OS-level isolation: delegate warmup to worker process
-    if (linuxUser) {
-      return warmupViaWorker(linuxUser);
-    }
+  // Detect which vendor binaries are installed for this user.
+  // In multi-user mode, runs checks as the specific Linux user.
+  function detectInstalledVendors(linuxUser) {
+    var execSync = require("child_process").execSync;
+    var fs = require("fs");
+    var path = require("path");
+    var result = [];
 
-    try {
-      var sdk = await getSDK();
-      var ac = new AbortController();
-      var mq = createMessageQueue();
-      mq.push({ type: "user", message: { role: "user", content: [{ type: "text", text: "hi" }] } });
-      mq.end();
-      var warmupOptions = { cwd: cwd, settingSources: ["user", "project", "local"], abortController: ac, settings: { disableAllHooks: true } };
-      if (dangerouslySkipPermissions) {
-        warmupOptions.permissionMode = "bypassPermissions";
-        warmupOptions.allowDangerouslySkipPermissions = true;
+    function tryExec(cmd) {
+      try {
+        if (linuxUser) {
+          execSync("su - " + linuxUser + " -c " + JSON.stringify(cmd), { timeout: 3000, stdio: ["pipe", "pipe", "pipe"] });
+        } else {
+          execSync(cmd, { timeout: 3000, stdio: ["pipe", "pipe", "pipe"] });
+        }
+        return true;
+      } catch (e) {
+        return false;
       }
-      var stream = sdk.query({
-        prompt: mq,
-        options: warmupOptions,
-      });
-      for await (var msg of stream) {
-        if (msg.type === "system" && msg.subtype === "init") {
-          var fsSkills = discoverSkillDirs();
-          sm.skillNames = mergeSkills(msg.skills, fsSkills);
-          if (msg.slash_commands) {
-            // Union: SDK slash_commands + merged skills (deduplicated)
-            var seen = new Set();
-            var combined = [];
-            var all = msg.slash_commands.concat(Array.from(sm.skillNames));
-            for (var k = 0; k < all.length; k++) {
-              if (!seen.has(all[k])) {
-                seen.add(all[k]);
-                combined.push(all[k]);
-              }
+    }
+
+    // Claude: check if binary is in PATH
+    if (tryExec("which claude")) result.push("claude");
+
+    // Codex: check bundled binary or PATH
+    var codexBin = path.join(__dirname, "../node_modules/@openai/codex-darwin-arm64/vendor/aarch64-apple-darwin/codex/codex");
+    if (fs.existsSync(codexBin) || tryExec("which codex")) result.push("codex");
+
+    return result;
+  }
+
+  // SDK warmup: initialize all available adapters and collect models.
+  // The default adapter is initialized first for slash_commands and skills.
+  // Passes linuxUser to adapter for worker-based warmup when OS isolation is needed.
+  async function warmup(linuxUser) {
+    var defaultVendor = adapter ? adapter.vendor : "claude";
+    sm.defaultVendor = defaultVendor;
+
+    // Initialize default adapter first (provides skills, slash commands, etc.)
+    if (adapter) {
+      try {
+        var result = await adapter.init({
+          cwd: cwd,
+          dangerouslySkipPermissions: dangerouslySkipPermissions,
+          linuxUser: linuxUser || undefined,
+          clayPort: clayPort,
+          clayTls: clayTls,
+          clayAuthToken: clayAuthToken,
+          slug: slug,
+        });
+
+        var fsSkills = discoverSkillDirs();
+        sm.skillNames = mergeSkills(result.skills, fsSkills);
+        if (result.slashCommands) {
+          var seen = new Set();
+          var combined = [];
+          var all = result.slashCommands.concat(Array.from(sm.skillNames));
+          for (var k = 0; k < all.length; k++) {
+            if (!seen.has(all[k])) {
+              seen.add(all[k]);
+              combined.push(all[k]);
             }
-            sm.slashCommands = combined;
-            send({ type: "slash_commands", commands: sm.slashCommands });
           }
-          if (msg.model) {
-            sm.currentModel = msg.model;
-          }
-          // Fetch available models before aborting
-          try {
-            var models = await stream.supportedModels();
-            sm.availableModels = models || [];
-          } catch (e) {}
-          send({ type: "model_info", model: sm.currentModel || "", models: sm.availableModels || [] });
-          ac.abort();
-          break;
+          sm.slashCommands = combined;
+          send({ type: "slash_commands", commands: sm.slashCommands });
+        }
+        if (result.defaultModel) {
+          sm.currentModel = sm._savedDefaultModel || result.defaultModel;
+        }
+        sm.availableModels = result.models || [];
+        // Store per-vendor models and capabilities
+        sm.modelsByVendor = sm.modelsByVendor || {};
+        sm.modelsByVendor[defaultVendor] = result.models || [];
+        sm.capabilitiesByVendor = sm.capabilitiesByVendor || {};
+        sm.capabilitiesByVendor[defaultVendor] = result.capabilities || {};
+      } catch (e) {
+        if (e && e.name !== "AbortError" && !(e.message && e.message.indexOf("aborted") !== -1)) {
+          send({ type: "error", text: "Failed to load " + defaultVendor + " SDK: " + (e.message || e) });
         }
-      }
-    } catch (e) {
-      if (e && e.name !== "AbortError" && !(e.message && e.message.indexOf("aborted") !== -1)) {
-        send({ type: "error", text: "Failed to load Claude SDK: " + (e.message || e) });
       }
     }
+
+    // Initialize other adapters in parallel (skip if already have models cached)
+    sm.modelsByVendor = sm.modelsByVendor || {};
+    var otherVendors = Object.keys(adapters).filter(function(v) {
+      return v !== defaultVendor && !sm.modelsByVendor[v];
+    });
+    for (var i = 0; i < otherVendors.length; i++) {
+      (function(v) {
+        adapters[v].init({ cwd: cwd, clayPort: clayPort, clayTls: clayTls, clayAuthToken: clayAuthToken, slug: slug }).then(function(r) {
+          sm.modelsByVendor[v] = r.models || [];
+          sm.capabilitiesByVendor[v] = r.capabilities || {};
+        }).catch(function(e) {
+          console.error("[sdk-bridge] warmup: " + v + " init failed:", e.message || e);
+        });
+      })(otherVendors[i]);
+    }
+
+    // Detect installed vendors per-user (binary existence check)
+    sm.installedVendors = detectInstalledVendors(linuxUser);
+    sm.availableVendors = Object.keys(adapters);
+
+    // Send initial state to client
+    send({
+      type: "model_info",
+      model: sm.currentModel || "",
+      models: sm.availableModels || [],
+      vendor: defaultVendor,
+      availableVendors: sm.availableVendors,
+      installedVendors: sm.installedVendors,
+    });
   }
 
   async function setModel(session, model) {
-    if (session.worker) {
-      session.worker.send({ type: "set_model", model: model });
-      return;
-    }
     if (!session.queryInstance) {
       // No active query — just store the model for next startQuery
       sm.currentModel = model;
+      // Don't send vendor here: session vendor not yet bound, let client keep its selection
       send({ type: "model_info", model: model, models: sm.availableModels || [] });
       send({ type: "config_state", model: sm.currentModel, mode: sm.currentPermissionMode || "default", effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
       return;
@@ -1806,7 +1256,8 @@ function createSDKBridge(opts) {
     try {
       await session.queryInstance.setModel(model);
       sm.currentModel = model;
-      send({ type: "model_info", model: model, models: sm.availableModels || [] });
+      var sessionVendor = session.vendor || (adapter && adapter.vendor) || "claude";
+      send({ type: "model_info", model: model, models: sm.availableModels || [], vendor: sessionVendor });
       send({ type: "config_state", model: sm.currentModel, mode: sm.currentPermissionMode || "default", effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
     } catch (e) {
       send({ type: "error", text: "Failed to switch model: " + (e.message || e) });
@@ -1814,26 +1265,20 @@ function createSDKBridge(opts) {
   }
 
   async function setEffort(session, effort) {
-    if (session.worker) {
-      session.worker.send({ type: "set_effort", effort: effort });
-      return;
-    }
     if (!session.queryInstance) {
       sm.currentEffort = effort;
       send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode || "default", effort: sm.currentEffort, betas: sm.currentBetas || [] });
       return;
     }
-    // SDK Query interface has no setEffort method.
-    // Store the effort level — it will be applied via queryOptions.effort on the next query.
+    // Route through QueryHandle (works for both in-process and worker paths)
+    if (typeof session.queryInstance.setEffort === "function") {
+      await session.queryInstance.setEffort(effort);
+    }
     sm.currentEffort = effort;
     send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode || "default", effort: sm.currentEffort, betas: sm.currentBetas || [] });
   }
 
   async function setPermissionMode(session, mode) {
-    if (session.worker) {
-      session.worker.send({ type: "set_permission_mode", mode: mode });
-      return;
-    }
     if (!session.queryInstance) {
       // No active query — just store the mode for next startQuery
       sm.currentPermissionMode = mode;
@@ -1841,6 +1286,7 @@ function createSDKBridge(opts) {
       return;
     }
     try {
+      // Route through QueryHandle (works for both in-process and worker paths)
       await session.queryInstance.setPermissionMode(mode);
       sm.currentPermissionMode = mode;
       send({ type: "config_state", model: sm.currentModel || "", mode: sm.currentPermissionMode, effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
@@ -1853,12 +1299,9 @@ function createSDKBridge(opts) {
     var session = sm.getActiveSession();
     if (!session) return;
     session.taskStopRequested = true;
-    if (session.worker) {
-      session.worker.send({ type: "stop_task", taskId: taskId });
-      return;
-    }
     if (!session.queryInstance) return;
     try {
+      // Route through QueryHandle (works for both in-process and worker paths)
       await session.queryInstance.stopTask(taskId);
     } catch (e) {
       console.error("[sdk-bridge] stopTask error:", e.message);
@@ -1875,15 +1318,6 @@ function createSDKBridge(opts) {
   // within a conversation flow (session continuity).
   async function createMentionSession(opts) {
     // opts: { claudeMd, initialContext, initialMessage, onDelta, onDone, onError, onActivity }
-    var sdk;
-    try {
-      sdk = await getSDK();
-    } catch (e) {
-      opts.onError("Failed to load Claude SDK: " + (e.message || e));
-      return null;
-    }
-
-    var mq = createMessageQueue();
     var abortController = new AbortController();
 
     // Current response callbacks (swapped on each pushMessage)
@@ -1896,114 +1330,86 @@ function createSDKBridge(opts) {
     var mentionBlocks = {};
     var alive = true;
 
-    var query;
+    var handle;
     try {
-      var mentionQueryOptions = {
-          cwd: cwd,
-          systemPrompt: opts.claudeMd,
-          settingSources: ["user"],
-          includePartialMessages: true,
-          abortController: abortController,
-          canUseTool: opts.canUseTool || function (toolName, input) {
-            var whitelisted = checkToolWhitelist(toolName, input);
-            if (whitelisted) {
-              return Promise.resolve(whitelisted);
-            }
-            return Promise.resolve({
-              behavior: "deny",
-              message: "Read-only access. You cannot make changes via @mention.",
-            });
+      handle = await adapter.createQuery({
+        cwd: cwd,
+        systemPrompt: opts.claudeMd,
+        model: opts.model || undefined,
+        toolServers: opts.includeMcpServers ? (mergeMcpServers(mcpServers, getRemoteMcpServers) || undefined) : undefined,
+        abortController: abortController,
+        canUseTool: opts.canUseTool || function (toolName, input) {
+          var whitelisted = checkToolWhitelist(toolName, input);
+          if (whitelisted) {
+            return Promise.resolve(whitelisted);
+          }
+          return Promise.resolve({
+            behavior: "deny",
+            message: "Read-only access. You cannot make changes via @mention.",
+          });
+        },
+        adapterOptions: {
+          CLAUDE: {
+            settingSources: ["user"],
+            includePartialMessages: true,
           },
-        };
-      if (opts.model) mentionQueryOptions.model = opts.model;
-      if (opts.includeMcpServers) {
-        var _mentionMcp = mergeMcpServers(mcpServers, getRemoteMcpServers);
-        if (_mentionMcp) mentionQueryOptions.mcpServers = _mentionMcp;
-      }
-      query = sdk.query({
-        prompt: mq,
-        options: mentionQueryOptions,
+        },
       });
     } catch (e) {
       opts.onError("Failed to create mention query: " + (e.message || e));
       return null;
     }
+    var query = handle;
 
     // Push the initial message (context + question, with optional images)
     var initialPrompt = opts.initialContext + "\n\n" + opts.initialMessage;
-    var initialContent = [];
-    if (opts.initialImages && opts.initialImages.length > 0) {
-      for (var ii = 0; ii < opts.initialImages.length; ii++) {
-        initialContent.push({
-          type: "image",
-          source: { type: "base64", media_type: opts.initialImages[ii].mediaType, data: opts.initialImages[ii].data },
-        });
-      }
-    }
-    initialContent.push({ type: "text", text: initialPrompt });
-    mq.push({
-      type: "user",
-      message: { role: "user", content: initialContent },
-    });
+    handle.pushMessage(initialPrompt, opts.initialImages || null);
 
-    // Background stream processing loop
+    // Background stream processing loop (consumes flattened yokeType events)
     (async function () {
       try {
-        for await (var sdkMsg of query) {
-          if (sdkMsg.type === "stream_event" && sdkMsg.event) {
-            var evt = sdkMsg.event;
-
-            // Track content blocks for activity reporting
-            if (evt.type === "content_block_start") {
-              var block = evt.content_block;
-              var idx = evt.index;
-              if (block.type === "thinking") {
-                mentionBlocks[idx] = { type: "thinking" };
-                if (currentOnActivity) currentOnActivity("thinking");
-              } else if (block.type === "tool_use") {
-                mentionBlocks[idx] = { type: "tool_use", name: block.name, inputJson: "" };
-                var toolLabel = block.name;
-                if (toolLabel === "Read") toolLabel = "Reading file...";
-                else if (toolLabel === "Grep") toolLabel = "Searching code...";
-                else if (toolLabel === "Glob") toolLabel = "Finding files...";
-                if (currentOnActivity) currentOnActivity(toolLabel);
-              } else if (block.type === "text") {
-                mentionBlocks[idx] = { type: "text" };
-              }
-            }
-
-            if (evt.type === "content_block_delta" && evt.delta) {
-              if (evt.delta.type === "text_delta" && typeof evt.delta.text === "string") {
-                responseStreamedText = true;
-                responseFullText += evt.delta.text;
-                if (currentOnActivity) currentOnActivity(null); // clear activity on text
-                if (currentOnDelta) currentOnDelta(evt.delta.text);
-              } else if (evt.delta.type === "input_json_delta" && mentionBlocks[evt.index]) {
-                mentionBlocks[evt.index].inputJson += evt.delta.partial_json;
-              }
-            }
-
-            if (evt.type === "content_block_stop") {
-              var blk = mentionBlocks[evt.index];
-              if (blk && blk.type === "tool_use") {
-                // Show what file is being read
-                var toolInput = {};
-                try { toolInput = JSON.parse(blk.inputJson); } catch (e) {}
-                if (blk.name === "Read" && toolInput.file_path) {
-                  var fname = toolInput.file_path.split(/[/\\]/).pop();
-                  if (currentOnActivity) currentOnActivity("Reading " + fname + "...");
-                } else if (blk.name === "Grep" && toolInput.pattern) {
-                  if (currentOnActivity) currentOnActivity("Searching: " + toolInput.pattern.substring(0, 30) + "...");
-                } else if (blk.name === "Glob" && toolInput.pattern) {
-                  if (currentOnActivity) currentOnActivity("Finding: " + toolInput.pattern.substring(0, 30) + "...");
-                }
+        for await (var msg of query) {
+          // Track content blocks for activity reporting
+          if (msg.yokeType === "thinking_start") {
+            mentionBlocks[msg.blockId] = { type: "thinking" };
+            if (currentOnActivity) currentOnActivity("thinking");
+          } else if (msg.yokeType === "tool_start") {
+            mentionBlocks[msg.blockId] = { type: "tool_use", name: msg.toolName, inputJson: "" };
+            var toolLabel = msg.toolName;
+            if (toolLabel === "Read") toolLabel = "Reading file...";
+            else if (toolLabel === "Grep") toolLabel = "Searching code...";
+            else if (toolLabel === "Glob") toolLabel = "Finding files...";
+            if (currentOnActivity) currentOnActivity(toolLabel);
+          } else if (msg.yokeType === "text_start") {
+            mentionBlocks[msg.blockId] = { type: "text" };
+
+          } else if (msg.yokeType === "text_delta" && typeof msg.text === "string") {
+            responseStreamedText = true;
+            responseFullText += msg.text;
+            if (currentOnActivity) currentOnActivity(null);
+            if (currentOnDelta) currentOnDelta(msg.text);
+          } else if (msg.yokeType === "tool_input_delta" && mentionBlocks[msg.blockId]) {
+            mentionBlocks[msg.blockId].inputJson += msg.partialJson;
+
+          } else if (msg.yokeType === "block_stop") {
+            var blk = mentionBlocks[msg.blockId];
+            if (blk && blk.type === "tool_use") {
+              var toolInput = {};
+              try { toolInput = JSON.parse(blk.inputJson); } catch (e) {}
+              if (blk.name === "Read" && toolInput.file_path) {
+                var fname = toolInput.file_path.split(/[/\\]/).pop();
+                if (currentOnActivity) currentOnActivity("Reading " + fname + "...");
+              } else if (blk.name === "Grep" && toolInput.pattern) {
+                if (currentOnActivity) currentOnActivity("Searching: " + toolInput.pattern.substring(0, 30) + "...");
+              } else if (blk.name === "Glob" && toolInput.pattern) {
+                if (currentOnActivity) currentOnActivity("Finding: " + toolInput.pattern.substring(0, 30) + "...");
               }
-              delete mentionBlocks[evt.index];
             }
+            delete mentionBlocks[msg.blockId];
 
-          } else if (sdkMsg.type === "assistant" && !responseStreamedText && sdkMsg.message && sdkMsg.message.content) {
+          } else if (msg.yokeType === "message" && msg.messageRole === "assistant" && !responseStreamedText && msg.content) {
             // Fallback: if text was not streamed via deltas, extract from assistant message
-            var content = sdkMsg.message.content;
+            var content = msg.content;
             if (Array.isArray(content)) {
               for (var ci = 0; ci < content.length; ci++) {
                 if (content[ci].type === "text" && content[ci].text) {
@@ -2012,7 +1418,8 @@ function createSDKBridge(opts) {
                 }
               }
             }
-          } else if (sdkMsg.type === "result") {
+
+          } else if (msg.yokeType === "result") {
             // One response complete. Signal done and reset for next message.
             if (currentOnActivity) currentOnActivity(null);
             var doneRef = currentOnDone;
@@ -2054,27 +1461,14 @@ function createSDKBridge(opts) {
         mentionBlocks = {};
         responseFullText = "";
         responseStreamedText = false;
-        var content = [];
-        if (images && images.length > 0) {
-          for (var pi = 0; pi < images.length; pi++) {
-            content.push({
-              type: "image",
-              source: { type: "base64", media_type: images[pi].mediaType, data: images[pi].data },
-            });
-          }
-        }
-        content.push({ type: "text", text: text });
-        mq.push({
-          type: "user",
-          message: { role: "user", content: content },
-        });
+        handle.pushMessage(text, images || null);
       },
       abort: function () {
         try { abortController.abort(); } catch (e) {}
       },
       close: function () {
         alive = false;
-        try { mq.end(); } catch (e) {}
+        try { handle.close(); } catch (e) {}
       },
       isAlive: function () { return alive; },
     };
@@ -2088,6 +1482,10 @@ function createSDKBridge(opts) {
     handleElicitation: handleElicitation,
     processQueryStream: processQueryStream,
     getOrCreateRewindQuery: getOrCreateRewindQuery,
+    rewindPreview: rewindPreview,
+    rewindExecuteFiles: rewindExecuteFiles,
+    rollbackConversation: rollbackConversation,
+    forkSession: forkSessionUnified,
     startQuery: startQuery,
     pushMessage: pushMessage,
     setModel: setModel,