jfl 0.9.9 → 0.9.11

package/packages/pi/extensions/session.ts

@@ -3,26 +3,134 @@
  *
  * Pi-native session lifecycle via Context Hub API.
  * Calls POST /api/session/init on start and POST /api/session/end on shutdown.
- * Hub handles sync, branch creation, doctor — single source of truth.
+ * Hub handles sync, doctor, branch creation — single source of truth.
  * Pi only manages the auto-commit daemon locally (needs a detached process).
  *
+ * AGENT MODE: When JFL_AGENT_MODE=1 or --print is used (PP agent runs),
+ * skip ALL session branching. PP agents work in isolated /tmp worktrees —
+ * they must NOT touch the main repo's git state.
+ *
  * @purpose Pi session lifecycle — Hub API for init/end, local auto-commit daemon
  */
 
-import { execSync, spawn } from "child_process"
-import { existsSync, readFileSync, writeFileSync } from "fs"
+import { execSync, spawn, exec } from "child_process"
+import { promisify } from "util"
+import { existsSync, readFileSync, writeFileSync, unlinkSync } from "fs"
 import { join } from "path"
 import type { PiContext, JflConfig } from "./types.js"
 import { hubUrl, authToken } from "./map-bridge.js"
 
+const execAsync = promisify(exec)
+
 let autoCommitProcess: ReturnType<typeof spawn> | null = null
 let sessionBranch = ""
+let isAgentMode = false
+
+/**
+ * Detect if we're running in agent/ephemeral mode where session branching
+ * should be completely skipped. This happens when:
+ * - JFL_AGENT_MODE=1 env var is set (PP agent runs)
+ * - PI_PRINT_MODE=1 (set by Pi core in --print mode)
+ * - Process was spawned by PP (JFL_PP_SPAWNED=1)
+ */
+function detectAgentMode(): boolean {
+  return (
+    process.env.JFL_AGENT_MODE === "1" ||
+    process.env.JFL_PP_SPAWNED === "1" ||
+    process.env.PI_PRINT_MODE === "1" ||
+    process.argv.includes("--print") ||
+    process.argv.includes("-p")
+  )
+}
+
+/**
+ * Get working branch from .jfl/config.json or default to "main"
+ */
+function getWorkingBranch(root: string): string {
+  const configPath = join(root, ".jfl", "config.json")
+  if (existsSync(configPath)) {
+    try {
+      const cfg = JSON.parse(readFileSync(configPath, "utf-8"))
+      if (cfg.working_branch) return cfg.working_branch
+    } catch {}
+  }
+  return "main"
+}
+
+/**
+ * Merge a stale session branch to the working branch.
+ * Called during onInit when we find ourselves on an old session branch,
+ * to prevent data loss from abandoned branches.
+ *
+ * Returns true if merge succeeded (or branch had no unique work).
+ */
+function mergeStaleSessionBranch(
+  root: string,
+  staleBranch: string,
+  workingBranch: string,
+  ctx: { log: (msg: string, level?: "debug" | "info" | "warn" | "error") => void; ui: { notify: (msg: string, opts?: any) => void } },
+): boolean {
+  try {
+    // Check if the stale branch has any commits not in working branch
+    const uniqueCommits = execSync(
+      `git log --oneline "${workingBranch}".."${staleBranch}" 2>/dev/null | wc -l`,
+      { cwd: root, encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] },
+    ).trim()
+
+    if (uniqueCommits === "0") {
+      // No unique work — safe to just switch away
+      ctx.log(`Stale branch ${staleBranch} has no unique commits, switching to ${workingBranch}`, "debug")
+      return true
+    }
+
+    ctx.log(`Stale branch ${staleBranch} has ${uniqueCommits} unique commits — merging to ${workingBranch}`, "info")
+    ctx.ui.notify(`⚠ Recovering ${uniqueCommits} commits from stale session ${staleBranch}`, { level: "warn" })
+
+    // Commit any dirty state first
+    try {
+      const status = execSync("git status --porcelain", { cwd: root, encoding: "utf-8", timeout: 5000, stdio: ["pipe", "pipe", "pipe"] }).trim()
+      if (status) {
+        execSync("git add -A && git commit -m 'auto: save before stale branch merge' --no-verify", {
+          cwd: root, timeout: 10000, stdio: ["pipe", "pipe", "pipe"],
+        })
+      }
+    } catch {}
+
+    // Switch to working branch
+    execSync(`git checkout "${workingBranch}"`, { cwd: root, timeout: 10000, stdio: ["pipe", "pipe", "pipe"] })
+
+    // Merge stale branch with auto-resolve for .jfl conflicts
+    try {
+      execSync(`git merge "${staleBranch}" --no-edit -X ours`, { cwd: root, timeout: 15000, stdio: ["pipe", "pipe", "pipe"] })
+      ctx.ui.notify(`✓ Recovered stale session ${staleBranch} → ${workingBranch}`, { level: "info" })
+
+      // Clean up the stale branch
+      try {
+        execSync(`git branch -d "${staleBranch}"`, { cwd: root, timeout: 5000, stdio: ["pipe", "pipe", "pipe"] })
+      } catch {}
+
+      return true
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err)
+      if (msg.includes("CONFLICT") || msg.includes("conflict")) {
+        // Abort merge, stay on working branch, leave stale branch for manual resolution
+        try { execSync("git merge --abort", { cwd: root, timeout: 5000, stdio: ["pipe", "pipe", "pipe"] }) } catch {}
+        ctx.ui.notify(`⚠ Merge conflict recovering ${staleBranch} — branch preserved for manual merge`, { level: "warn" })
+        return true // Still switch to working branch, just don't delete the old one
+      }
+      throw err
+    }
+  } catch (err) {
+    ctx.log(`Failed to merge stale branch ${staleBranch}: ${err}`, "warn")
+    return false
+  }
+}
 
 /**
  * Create a session branch locally without the Hub.
  * Parity with scripts/session/session-init.sh:
- * 1. Commit or stash dirty state
- * 2. If on a stale session branch, try to switch to working branch
+ * 1. If on a stale session branch, MERGE it first (prevent data loss!)
+ * 2. Commit or stash remaining dirty state
  * 3. Create new session branch from clean base
  * 4. Pop stash if needed
  */
@@ -40,23 +148,23 @@ function createSessionBranchLocally(root: string, ctx: { log: (msg: string, leve
   const randomId = Math.random().toString(16).slice(2, 8)
   const branchName = `session-${user}-${dateStr}-${timeStr}-${randomId}`
 
-  // Get working branch from config
-  let workingBranch = "main"
-  const configPath = join(root, ".jfl", "config.json")
-  if (existsSync(configPath)) {
-    try {
-      const cfg = JSON.parse(readFileSync(configPath, "utf-8"))
-      if (cfg.working_branch) workingBranch = cfg.working_branch
-    } catch {}
+  const workingBranch = getWorkingBranch(root)
+
+  // Step 1: If on a stale session branch, MERGE it to working branch first
+  const currentBranch = getCurrentBranch(root)
+  if (currentBranch.startsWith("session-")) {
+    ctx.log(`Found stale session branch ${currentBranch} — merging before creating new session`, "info")
+    mergeStaleSessionBranch(root, currentBranch, workingBranch, ctx)
+    // After merge, we should be on workingBranch
   }
 
-  // Step 1: Commit or stash dirty state so checkout doesn't fail
+  // Step 2: Commit or stash dirty state so checkout doesn't fail
   let stashed = false
   try {
     const status = execSync("git status --porcelain", { cwd: root, timeout: 5000, encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] }).trim()
     if (status) {
       try {
-        execSync("git add -A && git commit -m 'auto: session-init save before branch switch' --no-verify", { cwd: root, timeout: 10000, stdio: ["pipe", "pipe", "pipe"] })
+        execSync("git add -A && git commit -m 'auto: session-init save' --no-verify", { cwd: root, timeout: 10000, stdio: ["pipe", "pipe", "pipe"] })
       } catch {
         // Commit failed — stash instead
         try {
@@ -67,18 +175,17 @@ function createSessionBranchLocally(root: string, ctx: { log: (msg: string, leve
     }
   } catch {}
 
-  // Step 2: If on a stale session branch, try to switch to working branch
-  const currentBranch = getCurrentBranch(root)
-  if (currentBranch.startsWith("session-")) {
+  // Step 3: Ensure we're on working branch before creating session branch
+  const nowBranch = getCurrentBranch(root)
+  if (nowBranch !== workingBranch) {
     try {
       execSync(`git checkout "${workingBranch}"`, { cwd: root, timeout: 10000, stdio: ["pipe", "pipe", "pipe"] })
-      ctx.log(`Switched from stale session branch ${currentBranch} → ${workingBranch}`, "info")
     } catch {
-      ctx.log(`Could not switch from ${currentBranch} — branching from it`, "warn")
+      ctx.log(`Could not switch to ${workingBranch} — branching from ${nowBranch}`, "warn")
     }
   }
 
-  // Step 3: Create new session branch
+  // Step 4: Create new session branch
   let finalBranch = branchName
   try {
     execSync(`git checkout -b "${branchName}"`, { cwd: root, stdio: ["pipe", "pipe", "pipe"] })
@@ -98,7 +205,7 @@ function createSessionBranchLocally(root: string, ctx: { log: (msg: string, leve
     }
   }
 
-  // Step 4: Pop stash if we stashed
+  // Step 5: Pop stash if we stashed
   if (stashed) {
     try {
       execSync("git stash pop", { cwd: root, timeout: 10000, stdio: ["pipe", "pipe", "pipe"] })
@@ -130,6 +237,16 @@ function findScript(root: string, scriptName: string): string | null {
 export async function setupSession(ctx: PiContext, _config: JflConfig): Promise<void> {
   const root = ctx.session.projectRoot
 
+  // ── Agent mode detection ─────────────────────────────────────────────
+  // PP agents work in isolated /tmp worktrees. They must NOT create session
+  // branches or do any git operations in the main repo.
+  isAgentMode = detectAgentMode()
+  if (isAgentMode) {
+    sessionBranch = getCurrentBranch(root)
+    ctx.log(`Agent mode detected — skipping session branching (on ${sessionBranch})`, "info")
+    return
+  }
+
   // Call Hub session init — handles sync, doctor, branch creation
   try {
     const resp = await fetch(`${hubUrl}/api/session/init`, {
@@ -260,10 +377,48 @@ export async function pivot(ctx: PiContext, summary?: string): Promise<{
 export async function onShutdown(ctx: PiContext): Promise<void> {
   const root = ctx.session.projectRoot
   const branch = getSessionBranch() || getCurrentBranch(root)
+  const t0 = Date.now()
 
-  ctx.ui.notify("Shutting down session…", { level: "info" })
+  ctx.ui.notify("Ending session…", { level: "info" })
 
-  // ── 1. Journal check (parity with CC Stop hook) ──────────────────────
+  // ── Agent mode: skip all git operations ──────────────────────────────
+  if (isAgentMode) {
+    ctx.log("Agent mode — skipping session cleanup (no branching was done)", "debug")
+    ctx.emit("hook:session-end", { session: ctx.session.id, branch, ts: new Date().toISOString() })
+    return
+  }
+
+  // ── PHASE 1: Fire non-blocking tasks immediately ─────────────────────
+  // These run in parallel with the sequential git ops below.
+  // Using async I/O so they actually progress while git work happens.
+
+  // 1a. Hub API end (fire-and-forget, 5s cap)
+  const hubP = fetch(`${hubUrl}/api/session/end`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      ...(authToken ? { Authorization: `Bearer ${authToken}` } : {}),
+    },
+    body: JSON.stringify({ runtime: "pi" }),
+    signal: AbortSignal.timeout(5000),
+  }).then(() => { ctx.log("Hub session closed", "debug") })
+    .catch(() => { ctx.log("Hub session end failed", "debug") })
+
+  // 1b. Synopsis generation (read-only, safe to run during git ops)
+  const synopsisP = execAsync("jfl synopsis 4 2>/dev/null || true", { cwd: root, timeout: 10000 })
+    .then(r => r.stdout.trim())
+    .catch(() => "")
+
+  // 1c. Memory indexing (read-only index build, safe to run in parallel)
+  const memoryP = execAsync("jfl memory-index 2>/dev/null || true", { cwd: root, timeout: 15000 })
+    .then(() => { ctx.log("Memory indexed", "debug") })
+    .catch(() => { ctx.log("Memory index skipped", "debug") })
+
+  // ── PHASE 2: Sequential git ops (critical path) ─────────────────────
+  // These MUST be ordered: commit → merge → push
+  // Using async exec so parallel tasks can progress between steps.
+
+  // 2a. Journal check
   const journalPath = join(root, ".jfl", "journal", `${branch}.jsonl`)
   const hasJournal = existsSync(journalPath) && readFileSync(journalPath, "utf-8").trim().length > 0
   if (!hasJournal) {
@@ -274,111 +429,116 @@ export async function onShutdown(ctx: PiContext): Promise<void> {
     )
   }
 
-  // ── 2. Kill auto-commit daemon ───────────────────────────────────────
+  // 2b. Kill auto-commit daemon
   if (autoCommitProcess) {
     try { autoCommitProcess.kill() } catch {}
     autoCommitProcess = null
-    ctx.ui.notify("  ✓ Auto-commit stopped", { level: "info" })
   }
 
-  // ── 3. Auto-commit any uncommitted changes ───────────────────────────
+  // 2c. Auto-commit any uncommitted changes (async — doesn't block event loop)
   try {
-    const status = execSync("git status --porcelain", { cwd: root, timeout: 3000, encoding: "utf-8" }).trim()
+    const status = (await execAsync("git status --porcelain", { cwd: root, timeout: 3000 })).stdout.trim()
     if (status) {
-      execSync("git add -A && git commit -m 'auto: session-end save'", { cwd: root, timeout: 5000, stdio: "pipe" })
-      ctx.ui.notify("  ✓ Uncommitted changes saved", { level: "info" })
+      await execAsync("git add -A && git commit -m 'auto: session-end save' --no-verify", { cwd: root, timeout: 5000 })
+      ctx.ui.notify("  ✓ Changes saved", { level: "info" })
     }
   } catch {}
 
-  // ── 4. Call Hub session end ──────────────────────────────────────────
-  try {
-    await fetch(`${hubUrl}/api/session/end`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        ...(authToken ? { Authorization: `Bearer ${authToken}` } : {}),
-      },
-      body: JSON.stringify({ runtime: "pi" }),
-      signal: AbortSignal.timeout(5000),
-    })
-    ctx.ui.notify("  ✓ Hub session closed", { level: "info" })
-  } catch {
-    ctx.log("Hub session end failed — running local cleanup", "debug")
-  }
+  // 2d. Merge session branch
+  let mergeOk = false
+  let workingBranch = "main"
 
-  // ── 5. Merge session branch back (parity with CC session-cleanup.sh) ─
   if (branch.startsWith("session-")) {
-    // Guard: if git is already on a DIFFERENT branch (e.g. a new session started),
-    // don't merge — the old session branch may already be gone.
-    const currentGitBranch = getCurrentBranch(root)
-    if (currentGitBranch !== branch) {
-      ctx.log(`Skipping merge — git is on ${currentGitBranch}, not ${branch} (new session likely started)`, "debug")
-      ctx.ui.notify(`  ⚠ Skipped merge — already on ${currentGitBranch}`, { level: "info" })
-    } else try {
-      // Get working branch from config or default to main
-      let workingBranch = "main"
-      const configPath = join(root, ".jfl", "config.json")
-      if (existsSync(configPath)) {
-        try {
-          const config = JSON.parse(readFileSync(configPath, "utf-8"))
-          if (config.working_branch) workingBranch = config.working_branch
-        } catch {}
-      }
+    try {
+      workingBranch = getWorkingBranch(root)
 
-      // Remove stale lock files that block git operations
+      // Remove stale lock files
       const lockFile = join(root, ".git", "index.lock")
       if (existsSync(lockFile)) {
-        try { require("fs").unlinkSync(lockFile) } catch {}
+        try { unlinkSync(lockFile) } catch {}
       }
 
-      // Commit any dirty tracked files before switching branches
-      try {
-        execSync("git add -A && git commit -m 'session: auto-commit before merge' --no-verify", {
-          cwd: root, timeout: 10000, stdio: "pipe",
-        })
-      } catch {} // OK if nothing to commit
+      // Ensure we're on our session branch
+      const currentGitBranch = getCurrentBranch(root)
+      if (currentGitBranch !== branch) {
+        try {
+          await execAsync(`git checkout "${branch}"`, { cwd: root, timeout: 10000 })
+          ctx.log(`Recovered session branch from ${currentGitBranch}`, "info")
+        } catch {
+          ctx.log(`Cannot checkout ${branch} — attempting merge anyway`, "warn")
+        }
+      }
 
-      // Push session branch first
+      // Commit any remaining dirty state
       try {
-        execSync(`git push origin ${branch}`, { cwd: root, timeout: 15000, stdio: "pipe" })
-        ctx.ui.notify("  ✓ Session branch pushed", { level: "info" })
-      } catch {}
+        await execAsync("git add -A && git commit -m 'session: auto-commit before merge' --no-verify", { cwd: root, timeout: 10000 })
+      } catch {} // OK if nothing to commit
 
-      // Merge session into working branch
-      execSync(`git checkout ${workingBranch}`, { cwd: root, timeout: 5000, stdio: "pipe" })
-      execSync(`git merge ${branch} --no-edit`, { cwd: root, timeout: 10000, stdio: "pipe" })
-      ctx.ui.notify(`  ✓ Merged ${branch} → ${workingBranch}`, { level: "info" })
+      // Merge session into working branch (skip session branch push — we'll push working branch after merge)
+      await execAsync(`git checkout "${workingBranch}"`, { cwd: root, timeout: 5000 })
+      await execAsync(`git merge "${branch}" --no-edit`, { cwd: root, timeout: 10000 })
+      ctx.ui.notify(`  ✓ Merged → ${workingBranch}`, { level: "info" })
+      mergeOk = true
 
-      // Push merged working branch
+      // Delete local session branch immediately (fast, no network)
       try {
-        execSync(`git push origin ${workingBranch}`, { cwd: root, timeout: 15000, stdio: "pipe" })
+        await execAsync(`git branch -d "${branch}"`, { cwd: root, timeout: 5000 })
       } catch {}
 
-      // Delete session branch (local + remote)
-      try {
-        execSync(`git branch -d ${branch}`, { cwd: root, timeout: 5000, stdio: "pipe" })
-        execSync(`git push origin --delete ${branch}`, { cwd: root, timeout: 10000, stdio: "pipe" })
-        ctx.ui.notify("  ✓ Session branch cleaned up", { level: "info" })
-      } catch {}
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err)
       if (msg.includes("CONFLICT") || msg.includes("conflict")) {
-        ctx.ui.notify(`  ⚠ Merge conflict — session branch ${branch} preserved`, { level: "warn" })
-        // Switch back to session branch so user can resolve
-        try { execSync(`git checkout ${branch}`, { cwd: root, timeout: 5000, stdio: "pipe" }) } catch {}
+        ctx.ui.notify(`  ⚠ Merge conflict — branch ${branch} preserved`, { level: "warn" })
+        try { await execAsync(`git checkout "${branch}"`, { cwd: root, timeout: 5000 }) } catch {}
       } else {
-        ctx.ui.notify(`  ⚠ Branch merge failed: ${msg.slice(0, 80)}`, { level: "warn" })
+        ctx.ui.notify(`  ⚠ Merge failed: ${msg.slice(0, 100)}`, { level: "warn" })
+        try { await execAsync(`git checkout "${branch}"`, { cwd: root, timeout: 5000 }) } catch {}
       }
     }
   }
 
-  // ── 6. Fallback cleanup script ───────────────────────────────────────
-  const cleanupScript = findScript(root, "session-cleanup.sh")
-  if (cleanupScript && !branch.startsWith("session-")) {
-    // Only run cleanup script if we didn't already handle merge above
+  // ── PHASE 3: Parallel push + cleanup + collect ───────────────────────
+  // Push and remote cleanup are network I/O — run them in parallel with
+  // synopsis/memory collection. Single git push command does both push +
+  // remote branch delete to avoid lock contention.
+
+  const pushP = (async () => {
+    if (!mergeOk) return
     try {
-      execSync(`bash "${cleanupScript}"`, { cwd: root, timeout: 10000, stdio: "pipe" })
-    } catch {}
+      // Single push: update working branch AND delete remote session branch
+      // This avoids two separate network round-trips and git lock contention
+      await execAsync(
+        `git push origin "${workingBranch}" ":${branch}" 2>/dev/null || git push origin "${workingBranch}" 2>/dev/null || true`,
+        { cwd: root, timeout: 20000 }
+      )
+      ctx.ui.notify("  ✓ Pushed & cleaned up remote", { level: "info" })
+    } catch {
+      ctx.log("Push failed — run manually: git push", "warn")
+    }
+  })()
+
+  // ── PHASE 4: Await all parallel work ─────────────────────────────────
+  const [, synopsisResult] = await Promise.allSettled([hubP, synopsisP, memoryP, pushP])
+
+  // Show synopsis if we got one
+  if (synopsisResult.status === "fulfilled" && synopsisResult.value) {
+    const lines = (synopsisResult.value as string).split("\n")
+    // Show condensed version — first 20 lines max
+    const condensed = lines.slice(0, 20).join("\n")
+    if (condensed.trim()) {
+      ctx.ui.notify(`\n${condensed}`, { level: "info" })
+    }
+  }
+
+  const elapsed = ((Date.now() - t0) / 1000).toFixed(1)
+  ctx.ui.notify(`✓ Session ended (${elapsed}s)`, { level: "info" })
+
+  // ── Fallback cleanup script for non-session branches ─────────────────
+  if (!branch.startsWith("session-")) {
+    const cleanupScript = findScript(root, "session-cleanup.sh")
+    if (cleanupScript) {
+      try { await execAsync(`bash "${cleanupScript}"`, { cwd: root, timeout: 10000 }) } catch {}
+    }
   }
 
   ctx.emit("hook:session-end", {

package/packages/pi/skills/end/SKILL.md

@@ -29,6 +29,14 @@ JFL's session architecture guarantees work preservation through multiple safety
 
 **Note for Pi sessions:** Hook enforcement is handled by the `session_shutdown` extension (`extensions/session.ts`), not `.claude/settings.json` Stop hooks. The cleanup script and journal checks run via the Pi extension lifecycle.
 
+**Parallel architecture (session.ts):** The `onShutdown` hook runs 4 phases concurrently:
+- **Phase 1 (fire immediately):** Hub API end, synopsis generation, memory indexing — all start in parallel before git ops
+- **Phase 2 (sequential):** Commit → merge (must be ordered, but uses async exec so Phase 1 tasks progress between steps)
+- **Phase 3 (after merge):** Push + remote branch delete in single command, runs in parallel with Phase 1 collection
+- **Phase 4 (collect):** Await all parallel tasks, show synopsis, report timing
+
+This means the user sees "Session ended (Xs)" where X is roughly max(merge_time, push_time, synopsis_time) instead of the sum of all operations.
+
 When you invoke `/end`, the user wants to:
 - **Know what happened** - What commits merged? What changed?
 - **Trust their work is saved** - No uncertainty about state

package/scripts/session/session-cleanup.sh

@@ -127,15 +127,28 @@ fi
 echo "Attempting to merge $BRANCH to $WORKING_BRANCH..."
 cd "$MAIN_REPO"
 
+# Commit any dirty .jfl/ files that background processes (PP, flow engine) may have written.
+# Without this, git checkout refuses to switch branches when these files differ.
+if ! git diff --quiet 2>/dev/null || ! git diff --cached --quiet 2>/dev/null; then
+  echo "Committing background-modified files before checkout..."
+  git add -A .jfl/ 2>/dev/null || true
+  git diff --cached --quiet 2>/dev/null || git commit -m "session: auto-commit before merge" 2>/dev/null || true
+fi
+
 # Checkout working branch in the main repo
 if ! git checkout "$WORKING_BRANCH" 2>/dev/null; then
-  echo "⚠ Could not checkout $WORKING_BRANCH, skipping merge"
-  echo "  Session branch $BRANCH preserved for manual merge"
-  # Notify jfl-services that session ended
-  if command -v curl >/dev/null 2>&1; then
-    curl -s -X DELETE "http://localhost:3401/sessions/$BRANCH" >/dev/null 2>&1 || true
+  # Last resort: stash anything remaining and retry
+  echo "Checkout blocked by dirty files, stashing..."
+  git stash push -m "session-cleanup: auto-stash before merge" 2>/dev/null || true
+  if ! git checkout "$WORKING_BRANCH" 2>/dev/null; then
+    echo "⚠ Could not checkout $WORKING_BRANCH, skipping merge"
+    echo "  Session branch $BRANCH preserved for manual merge"
+    # Notify jfl-services that session ended
+    if command -v curl >/dev/null 2>&1; then
+      curl -s -X DELETE "http://localhost:3401/sessions/$BRANCH" >/dev/null 2>&1 || true
+    fi
+    exit 0
   fi
-  exit 0
 fi
 
 # Attempt merge with auto-resolve for .jfl/ conflicts

package/template/.github/workflows/jfl-eval.yml

@@ -513,6 +513,9 @@ jobs:
           PR_NUMBER=${{ github.event.pull_request.number }}
           IMPROVED="${{ steps.delta.outputs.improved }}"
 
+          DELTA="${{ steps.delta.outputs.delta }}"
+          REGRESSION=$(node -e "console.log(parseFloat('$DELTA') < 0)")
+
           if [ "$IMPROVED" = "true" ]; then
             # Check if AI review requested changes
             REVIEW_STATE=$(gh pr view $PR_NUMBER --json reviews --jq '[.reviews[] | select(.author.login == "github-actions")] | last | .state // "NONE"' 2>/dev/null || echo "NONE")
@@ -525,10 +528,14 @@ jobs:
               gh pr merge $PR_NUMBER --merge --delete-branch \
                 --body "Auto-merged by JFL eval: test_pass_rate improved by ${{ steps.delta.outputs.delta }} (${{ steps.baseline.outputs.score }} → ${{ steps.pr_eval.outputs.score }})"
             fi
-          else
+          elif [ "$REGRESSION" = "true" ]; then
             echo "Eval regression — requesting changes on PR #$PR_NUMBER"
             gh pr review $PR_NUMBER --request-changes \
               --body "JFL eval regression: test_pass_rate dropped by ${{ steps.delta.outputs.delta }} (${{ steps.baseline.outputs.score }} → ${{ steps.pr_eval.outputs.score }}). Run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          else
+            echo "Eval neutral (no improvement, no regression) — approving PR #$PR_NUMBER"
+            gh pr review $PR_NUMBER --approve \
+              --body "JFL eval: no regression (delta=${{ steps.delta.outputs.delta }}, ${{ steps.baseline.outputs.score }} → ${{ steps.pr_eval.outputs.score }}). Manual merge OK."
           fi
 
       - name: Eval Summary

package/template/scripts/session/session-cleanup.sh

@@ -48,8 +48,10 @@ if [ -f ".auto-merge.pid" ]; then
   rm -f ".auto-merge.pid"
 fi
 
-# Context Hub is a persistent daemon — do NOT kill it on session end.
-# It serves multiple sessions and runtimes (Claude Code, Pi, etc).
+# Context Hub is a DAEMON — persists across sessions. Do NOT kill it here.
+# Killing it before Stop hooks fire causes ECONNREFUSED on all HTTP hooks.
+# The hub has 5-layer resilience (launchd, MCP auto-recovery, SessionStart ensure,
+# self-healing on crash, startup grace period). Only stop via: jfl context-hub stop
 
 # Get current session info
 BRANCH=$(git branch --show-current 2>/dev/null || echo "")
@@ -125,15 +127,28 @@ fi
 echo "Attempting to merge $BRANCH to $WORKING_BRANCH..."
 cd "$MAIN_REPO"
 
+# Commit any dirty .jfl/ files that background processes (PP, flow engine) may have written.
+# Without this, git checkout refuses to switch branches when these files differ.
+if ! git diff --quiet 2>/dev/null || ! git diff --cached --quiet 2>/dev/null; then
+  echo "Committing background-modified files before checkout..."
+  git add -A .jfl/ 2>/dev/null || true
+  git diff --cached --quiet 2>/dev/null || git commit -m "session: auto-commit before merge" 2>/dev/null || true
+fi
+
 # Checkout working branch in the main repo
 if ! git checkout "$WORKING_BRANCH" 2>/dev/null; then
-  echo "⚠ Could not checkout $WORKING_BRANCH, skipping merge"
-  echo "  Session branch $BRANCH preserved for manual merge"
-  # Notify jfl-services that session ended
-  if command -v curl >/dev/null 2>&1; then
-    curl -s -X DELETE "http://localhost:3401/sessions/$BRANCH" >/dev/null 2>&1 || true
+  # Last resort: stash anything remaining and retry
+  echo "Checkout blocked by dirty files, stashing..."
+  git stash push -m "session-cleanup: auto-stash before merge" 2>/dev/null || true
+  if ! git checkout "$WORKING_BRANCH" 2>/dev/null; then
+    echo "⚠ Could not checkout $WORKING_BRANCH, skipping merge"
+    echo "  Session branch $BRANCH preserved for manual merge"
+    # Notify jfl-services that session ended
+    if command -v curl >/dev/null 2>&1; then
+      curl -s -X DELETE "http://localhost:3401/sessions/$BRANCH" >/dev/null 2>&1 || true
+    fi
+    exit 0
   fi
-  exit 0
 fi
 
 # Attempt merge with auto-resolve for .jfl/ conflicts