pullfrog 0.0.202 → 0.0.204

package/dist/index.js

@@ -62663,7 +62663,7 @@ var require_snapshot_recorder = __commonJS({
   "node_modules/.pnpm/undici@7.22.0/node_modules/undici/lib/mock/snapshot-recorder.js"(exports, module) {
     "use strict";
     var { writeFile: writeFile2, readFile, mkdir } = __require("node:fs/promises");
-    var { dirname: dirname3, resolve: resolve3 } = __require("node:path");
+    var { dirname: dirname4, resolve: resolve3 } = __require("node:path");
     var { setTimeout: setTimeout2, clearTimeout: clearTimeout2 } = __require("node:timers");
     var { InvalidArgumentError, UndiciError } = require_errors4();
     var { hashId, isUrlExcludedFactory, normalizeHeaders, createHeaderFilters } = require_snapshot_utils();
@@ -62894,7 +62894,7 @@ var require_snapshot_recorder = __commonJS({
           throw new InvalidArgumentError("Snapshot path is required");
         }
         const resolvedPath = resolve3(path3);
-        await mkdir(dirname3(resolvedPath), { recursive: true });
+        await mkdir(dirname4(resolvedPath), { recursive: true });
         const data = Array.from(this.#snapshots.entries()).map(([hash2, snapshot2]) => ({
           hash: hash2,
           snapshot: snapshot2
@@ -97475,14 +97475,14 @@ var require_turndown_cjs = __commonJS({
         } else if (node2.nodeType === 1) {
           replacement = replacementForNode.call(self2, node2);
         }
-        return join15(output, replacement);
+        return join16(output, replacement);
       }, "");
     }
     function postProcess(output) {
       var self2 = this;
       this.rules.forEach(function(rule) {
         if (typeof rule.append === "function") {
-          output = join15(output, rule.append(self2.options));
+          output = join16(output, rule.append(self2.options));
         }
       });
       return output.replace(/^[\t\r\n]+/, "").replace(/[\t\r\n\s]+$/, "");
@@ -97494,7 +97494,7 @@ var require_turndown_cjs = __commonJS({
       if (whitespace.leading || whitespace.trailing) content = content.trim();
       return whitespace.leading + rule.replacement(content, node2, this.options) + whitespace.trailing;
     }
-    function join15(output, replacement) {
+    function join16(output, replacement) {
       var s1 = trimTrailingNewlines(output);
       var s2 = trimLeadingNewlines(replacement);
       var nls = Math.max(output.length - s1.length, replacement.length - s2.length);
@@ -98925,8 +98925,8 @@ var require_fast_content_type_parse = __commonJS({
 
 // main.ts
 var core6 = __toESM(require_core(), 1);
-import { existsSync as existsSync6, readdirSync } from "node:fs";
-import { join as join14 } from "node:path";
+import { existsSync as existsSync7, readdirSync } from "node:fs";
+import { join as join15 } from "node:path";
 
 // node_modules/.pnpm/@ark+util@0.56.0/node_modules/@ark/util/out/arrays.js
 var liftArray = (data) => Array.isArray(data) ? data : [data];
@@ -107401,7 +107401,7 @@ import { AsyncLocalStorage } from "node:async_hooks";
 // agents/shared.ts
 import { execFileSync } from "node:child_process";
 var MAX_STDERR_LINES = 20;
-var MAX_COMMIT_RETRIES = 3;
+var MAX_POST_RUN_RETRIES = 3;
 function getGitStatus() {
   try {
     return execFileSync("git", ["status", "--porcelain"], {
@@ -107412,7 +107412,7 @@ function getGitStatus() {
     return "";
   }
 }
-function buildCommitPrompt(_agentId, status) {
+function buildCommitPrompt(status) {
   return [
     `UNCOMMITTED CHANGES \u2014 the working tree is dirty. push all changes to a pull request (new or existing). \`git status\` must be clean before you finish.`,
     "",
@@ -107421,6 +107421,9 @@ function buildCommitPrompt(_agentId, status) {
     "```"
   ].join("\n");
 }
+function hasPostRunIssues(issues) {
+  return issues.stopHook !== void 0 || issues.dirtyTree !== void 0;
+}
 var agent = (input) => {
   return {
     ...input,
@@ -107732,7 +107735,7 @@ var providers = {
       "claude-opus": {
         displayName: "Claude Opus",
         resolve: "anthropic/claude-opus-4-7",
-        openRouterResolve: "openrouter/anthropic/claude-opus-4.6",
+        openRouterResolve: "openrouter/anthropic/claude-opus-4.7",
         preferred: true
       },
       "claude-sonnet": {
@@ -107751,16 +107754,38 @@ var providers = {
     displayName: "OpenAI",
     envVars: ["OPENAI_API_KEY"],
     models: {
+      gpt: {
+        displayName: "GPT",
+        resolve: "openai/gpt-5.5",
+        openRouterResolve: "openrouter/openai/gpt-5.5",
+        preferred: true
+      },
+      "gpt-pro": {
+        displayName: "GPT Pro",
+        resolve: "openai/gpt-5.5-pro",
+        openRouterResolve: "openrouter/openai/gpt-5.5-pro"
+      },
+      "gpt-mini": {
+        displayName: "GPT Mini",
+        resolve: "openai/gpt-5.4-mini",
+        openRouterResolve: "openrouter/openai/gpt-5.4-mini"
+      },
+      // legacy aliases — openai unified the codex line into the main GPT family
+      // and is shutting down every "-codex" snapshot on 2026-07-23. transparently
+      // upgrade existing users via the fallback chain. UI display sites resolve
+      // to the terminal alias's label (so dropdown trigger + PR footers show
+      // "GPT" / "GPT Mini", not the historical name).
       "gpt-codex": {
         displayName: "GPT Codex",
         resolve: "openai/gpt-5.3-codex",
         openRouterResolve: "openrouter/openai/gpt-5.3-codex",
-        preferred: true
+        fallback: "openai/gpt"
       },
       "gpt-codex-mini": {
         displayName: "GPT Codex Mini",
         resolve: "openai/gpt-5.1-codex-mini",
-        openRouterResolve: "openrouter/openai/gpt-5.1-codex-mini"
+        openRouterResolve: "openrouter/openai/gpt-5.1-codex-mini",
+        fallback: "openai/gpt-mini"
       },
       o3: {
         displayName: "O3",
@@ -107791,14 +107816,14 @@ var providers = {
     models: {
       grok: {
         displayName: "Grok",
-        resolve: "xai/grok-4",
-        openRouterResolve: "openrouter/x-ai/grok-4",
+        resolve: "xai/grok-4.3",
+        openRouterResolve: "openrouter/x-ai/grok-4.3",
         preferred: true
       },
       "grok-fast": {
         displayName: "Grok Fast",
-        resolve: "xai/grok-4-fast",
-        openRouterResolve: "openrouter/x-ai/grok-4-fast"
+        resolve: "xai/grok-4-1-fast",
+        openRouterResolve: "openrouter/x-ai/grok-4.1-fast"
       },
       "grok-code-fast": {
         displayName: "Grok Code Fast",
@@ -107811,16 +107836,30 @@ var providers = {
     displayName: "DeepSeek",
     envVars: ["DEEPSEEK_API_KEY"],
     models: {
+      "deepseek-pro": {
+        displayName: "DeepSeek Pro",
+        resolve: "deepseek/deepseek-v4-pro",
+        openRouterResolve: "openrouter/deepseek/deepseek-v4-pro",
+        preferred: true
+      },
+      "deepseek-flash": {
+        displayName: "DeepSeek Flash",
+        resolve: "deepseek/deepseek-v4-flash",
+        openRouterResolve: "openrouter/deepseek/deepseek-v4-flash"
+      },
+      // legacy aliases — deepseek retires these on 2026-07-24; transparently
+      // upgrade existing users to the v4 family via the fallback chain.
       "deepseek-reasoner": {
         displayName: "DeepSeek Reasoner",
         resolve: "deepseek/deepseek-reasoner",
         openRouterResolve: "openrouter/deepseek/deepseek-v3.2",
-        preferred: true
+        fallback: "deepseek/deepseek-pro"
       },
       "deepseek-chat": {
         displayName: "DeepSeek Chat",
         resolve: "deepseek/deepseek-chat",
-        openRouterResolve: "openrouter/deepseek/deepseek-v3.2"
+        openRouterResolve: "openrouter/deepseek/deepseek-v3.2",
+        fallback: "deepseek/deepseek-flash"
       }
     }
   }),
@@ -107830,8 +107869,8 @@ var providers = {
     models: {
       "kimi-k2": {
         displayName: "Kimi K2",
-        resolve: "moonshotai/kimi-k2.5",
-        openRouterResolve: "openrouter/moonshotai/kimi-k2.5",
+        resolve: "moonshotai/kimi-k2.6",
+        openRouterResolve: "openrouter/moonshotai/kimi-k2.6",
         preferred: true
       }
     }
@@ -107850,7 +107889,7 @@ var providers = {
       "claude-opus": {
         displayName: "Claude Opus",
         resolve: "opencode/claude-opus-4-7",
-        openRouterResolve: "openrouter/anthropic/claude-opus-4.6"
+        openRouterResolve: "openrouter/anthropic/claude-opus-4.7"
       },
       "claude-sonnet": {
         displayName: "Claude Sonnet",
@@ -107862,15 +107901,33 @@ var providers = {
         resolve: "opencode/claude-haiku-4-5",
         openRouterResolve: "openrouter/anthropic/claude-haiku-4.5"
       },
+      gpt: {
+        displayName: "GPT",
+        resolve: "opencode/gpt-5.5",
+        openRouterResolve: "openrouter/openai/gpt-5.5"
+      },
+      "gpt-pro": {
+        displayName: "GPT Pro",
+        resolve: "opencode/gpt-5.5-pro",
+        openRouterResolve: "openrouter/openai/gpt-5.5-pro"
+      },
+      "gpt-mini": {
+        displayName: "GPT Mini",
+        resolve: "opencode/gpt-5.4-mini",
+        openRouterResolve: "openrouter/openai/gpt-5.4-mini"
+      },
+      // legacy aliases — see openai provider above for context.
       "gpt-codex": {
         displayName: "GPT Codex",
         resolve: "opencode/gpt-5.3-codex",
-        openRouterResolve: "openrouter/openai/gpt-5.3-codex"
+        openRouterResolve: "openrouter/openai/gpt-5.3-codex",
+        fallback: "opencode/gpt"
       },
       "gpt-codex-mini": {
         displayName: "GPT Codex Mini",
         resolve: "opencode/gpt-5.1-codex-mini",
-        openRouterResolve: "openrouter/openai/gpt-5.1-codex-mini"
+        openRouterResolve: "openrouter/openai/gpt-5.1-codex-mini",
+        fallback: "opencode/gpt-mini"
       },
       "gemini-pro": {
         displayName: "Gemini Pro",
@@ -107884,8 +107941,8 @@ var providers = {
       },
       "kimi-k2": {
         displayName: "Kimi K2",
-        resolve: "opencode/kimi-k2.5",
-        openRouterResolve: "openrouter/moonshotai/kimi-k2.5"
+        resolve: "opencode/kimi-k2.6",
+        openRouterResolve: "openrouter/moonshotai/kimi-k2.6"
       },
       "gpt-5-nano": {
         displayName: "GPT Nano",
@@ -107905,12 +107962,6 @@ var providers = {
         resolve: "opencode/minimax-m2.5-free",
         envVars: [],
         isFree: true
-      },
-      "nemotron-3-super-free": {
-        displayName: "Nemotron 3 Super",
-        resolve: "opencode/nemotron-3-super-free",
-        envVars: [],
-        isFree: true
       }
     }
   }),
@@ -107920,8 +107971,8 @@ var providers = {
     models: {
       "claude-opus": {
         displayName: "Claude Opus",
-        resolve: "openrouter/anthropic/claude-opus-4.6",
-        openRouterResolve: "openrouter/anthropic/claude-opus-4.6",
+        resolve: "openrouter/anthropic/claude-opus-4.7",
+        openRouterResolve: "openrouter/anthropic/claude-opus-4.7",
         preferred: true
       },
       "claude-sonnet": {
@@ -107934,15 +107985,33 @@ var providers = {
         resolve: "openrouter/anthropic/claude-haiku-4.5",
         openRouterResolve: "openrouter/anthropic/claude-haiku-4.5"
       },
+      gpt: {
+        displayName: "GPT",
+        resolve: "openrouter/openai/gpt-5.5",
+        openRouterResolve: "openrouter/openai/gpt-5.5"
+      },
+      "gpt-pro": {
+        displayName: "GPT Pro",
+        resolve: "openrouter/openai/gpt-5.5-pro",
+        openRouterResolve: "openrouter/openai/gpt-5.5-pro"
+      },
+      "gpt-mini": {
+        displayName: "GPT Mini",
+        resolve: "openrouter/openai/gpt-5.4-mini",
+        openRouterResolve: "openrouter/openai/gpt-5.4-mini"
+      },
+      // legacy aliases — see openai provider for context.
       "gpt-codex": {
         displayName: "GPT Codex",
         resolve: "openrouter/openai/gpt-5.3-codex",
-        openRouterResolve: "openrouter/openai/gpt-5.3-codex"
+        openRouterResolve: "openrouter/openai/gpt-5.3-codex",
+        fallback: "openrouter/gpt"
       },
       "gpt-codex-mini": {
         displayName: "GPT Codex Mini",
         resolve: "openrouter/openai/gpt-5.1-codex-mini",
-        openRouterResolve: "openrouter/openai/gpt-5.1-codex-mini"
+        openRouterResolve: "openrouter/openai/gpt-5.1-codex-mini",
+        fallback: "openrouter/gpt-mini"
       },
       "o4-mini": {
         displayName: "O4 Mini",
@@ -107961,34 +108030,47 @@ var providers = {
       },
       grok: {
         displayName: "Grok",
-        resolve: "openrouter/x-ai/grok-4",
-        openRouterResolve: "openrouter/x-ai/grok-4"
+        resolve: "openrouter/x-ai/grok-4.3",
+        openRouterResolve: "openrouter/x-ai/grok-4.3"
       },
+      "deepseek-pro": {
+        displayName: "DeepSeek Pro",
+        resolve: "openrouter/deepseek/deepseek-v4-pro",
+        openRouterResolve: "openrouter/deepseek/deepseek-v4-pro"
+      },
+      "deepseek-flash": {
+        displayName: "DeepSeek Flash",
+        resolve: "openrouter/deepseek/deepseek-v4-flash",
+        openRouterResolve: "openrouter/deepseek/deepseek-v4-flash"
+      },
+      // legacy alias — deepseek retires this on 2026-07-24; transparently
+      // upgrade existing users to the v4 family via the fallback chain.
       "deepseek-chat": {
         displayName: "DeepSeek Chat",
         resolve: "openrouter/deepseek/deepseek-v3.2",
-        openRouterResolve: "openrouter/deepseek/deepseek-v3.2"
+        openRouterResolve: "openrouter/deepseek/deepseek-v3.2",
+        fallback: "openrouter/deepseek-flash"
       },
       "kimi-k2": {
         displayName: "Kimi K2",
-        resolve: "openrouter/moonshotai/kimi-k2.5",
-        openRouterResolve: "openrouter/moonshotai/kimi-k2.5"
+        resolve: "openrouter/moonshotai/kimi-k2.6",
+        openRouterResolve: "openrouter/moonshotai/kimi-k2.6"
       }
     }
   })
 };
-function parseModel(slug) {
-  const slashIdx = slug.indexOf("/");
+function parseModel(slug2) {
+  const slashIdx = slug2.indexOf("/");
   if (slashIdx === -1) {
-    throw new Error(`invalid model slug "${slug}" \u2014 expected "provider/model"`);
+    throw new Error(`invalid model slug "${slug2}" \u2014 expected "provider/model"`);
   }
-  return { provider: slug.slice(0, slashIdx), model: slug.slice(slashIdx + 1) };
+  return { provider: slug2.slice(0, slashIdx), model: slug2.slice(slashIdx + 1) };
 }
-function getModelProvider(slug) {
-  return parseModel(slug).provider;
+function getModelProvider(slug2) {
+  return parseModel(slug2).provider;
 }
-function getModelEnvVars(slug) {
-  const parsed2 = parseModel(slug);
+function getModelEnvVars(slug2) {
+  const parsed2 = parseModel(slug2);
   const providerConfig = providers[parsed2.provider];
   if (!providerConfig) {
     return [];
@@ -108012,26 +108094,29 @@ var modelAliases = Object.entries(providers).flatMap(
   }))
 );
 var MAX_FALLBACK_DEPTH = 10;
-function resolveCliModel(slug) {
-  let current = slug;
+function resolveDisplayAlias(slug2) {
+  let current = slug2;
   const visited = /* @__PURE__ */ new Set();
   for (let i = 0; i < MAX_FALLBACK_DEPTH; i++) {
     if (visited.has(current)) return void 0;
     visited.add(current);
     const alias = modelAliases.find((a) => a.slug === current);
     if (!alias) return void 0;
-    if (!alias.fallback) return alias.resolve;
+    if (!alias.fallback) return alias;
     current = alias.fallback;
   }
   return void 0;
 }
+function resolveCliModel(slug2) {
+  return resolveDisplayAlias(slug2)?.resolve;
+}
 
 // utils/buildPullfrogFooter.ts
 var PULLFROG_DIVIDER = "<!-- PULLFROG_DIVIDER_DO_NOT_REMOVE_PLZ -->";
 var FROG_LOGO = `<a href="https://pullfrog.com"><picture><source media="(prefers-color-scheme: dark)" srcset="https://pullfrog.com/logos/frog-white-full-18px.png"><img src="https://pullfrog.com/logos/frog-green-full-18px.png" width="9px" height="9px" style="vertical-align: middle; " alt="Pullfrog"></picture></a>`;
-function formatModelLabel(slug) {
-  const alias = modelAliases.find((a) => a.slug === slug);
-  if (!alias) return `\`${slug}\``;
+function formatModelLabel(slug2) {
+  const alias = resolveDisplayAlias(slug2);
+  if (!alias) return `\`${slug2}\``;
   return alias.isFree ? `\`${alias.displayName}\` (free)` : `\`${alias.displayName}\``;
 }
 function buildPullfrogFooter(params) {
@@ -108215,6 +108300,93 @@ function aggregateUsage(entries) {
   return out;
 }
 
+// utils/progressComment.ts
+function parseProgressComment(raw2) {
+  if (!raw2?.id) return void 0;
+  const id = parseInt(raw2.id, 10);
+  if (Number.isNaN(id) || id <= 0) return void 0;
+  return { id, type: raw2.type };
+}
+async function updateProgressComment(ctx, comment, body) {
+  const result = await (comment.type === "review" ? ctx.octokit.rest.pulls.updateReviewComment({
+    owner: ctx.owner,
+    repo: ctx.repo,
+    comment_id: comment.id,
+    body
+  }) : ctx.octokit.rest.issues.updateComment({
+    owner: ctx.owner,
+    repo: ctx.repo,
+    comment_id: comment.id,
+    body
+  }));
+  return {
+    id: result.data.id,
+    body: result.data.body ?? void 0,
+    html_url: result.data.html_url,
+    node_id: result.data.node_id
+  };
+}
+async function deleteProgressCommentApi(ctx, comment) {
+  if (comment.type === "review") {
+    await ctx.octokit.rest.pulls.deleteReviewComment({
+      owner: ctx.owner,
+      repo: ctx.repo,
+      comment_id: comment.id
+    });
+    return;
+  }
+  await ctx.octokit.rest.issues.deleteComment({
+    owner: ctx.owner,
+    repo: ctx.repo,
+    comment_id: comment.id
+  });
+}
+async function createLeapingProgressComment(ctx, target, body) {
+  if (target.kind === "reviewReply") {
+    try {
+      const result2 = await ctx.octokit.rest.pulls.createReplyForReviewComment({
+        owner: ctx.owner,
+        repo: ctx.repo,
+        pull_number: target.pullNumber,
+        comment_id: target.replyToCommentId,
+        body
+      });
+      return {
+        comment: { id: result2.data.id, type: "review" },
+        body: result2.data.body ?? void 0,
+        html_url: result2.data.html_url
+      };
+    } catch (error49) {
+      console.warn(
+        `[progressComment] review reply failed (parent ${target.replyToCommentId} on PR #${target.pullNumber}), falling back to issue comment:`,
+        error49
+      );
+      const fallback = await ctx.octokit.rest.issues.createComment({
+        owner: ctx.owner,
+        repo: ctx.repo,
+        issue_number: target.pullNumber,
+        body
+      });
+      return {
+        comment: { id: fallback.data.id, type: "issue" },
+        body: fallback.data.body ?? void 0,
+        html_url: fallback.data.html_url
+      };
+    }
+  }
+  const result = await ctx.octokit.rest.issues.createComment({
+    owner: ctx.owner,
+    repo: ctx.repo,
+    issue_number: target.issueNumber,
+    body
+  });
+  return {
+    comment: { id: result.data.id, type: "issue" },
+    body: result.data.body ?? void 0,
+    html_url: result.data.html_url
+  };
+}
+
 // node_modules/.pnpm/@toon-format+toon@1.4.0/node_modules/@toon-format/toon/dist/index.mjs
 var LIST_ITEM_MARKER = "-";
 var LIST_ITEM_PREFIX = "- ";
@@ -108875,6 +109047,7 @@ async function reportProgress(ctx, params) {
   }
   const issueNumber = ctx.payload.event.issue_number ?? ctx.toolState.issueNumber;
   const isPlanMode = ctx.toolState.selectedMode === "Plan";
+  const apiCtx = { octokit: ctx.octokit, owner: ctx.repo.owner, repo: ctx.repo.name };
   if (target_plan_comment === true && ctx.toolState.existingPlanCommentId === void 0) {
     log.warning("target_plan_comment requested but no existingPlanCommentId in tool state");
   }
@@ -108884,86 +109057,74 @@ async function reportProgress(ctx, params) {
     const bodyWithoutFooter = stripExistingFooter(body);
     const footer = buildCommentFooter(ctx, customParts);
     const bodyWithFooter = `${bodyWithoutFooter}${footer}`;
-    const result2 = await ctx.octokit.rest.issues.updateComment({
-      owner: ctx.repo.owner,
-      repo: ctx.repo.name,
-      comment_id: commentId,
-      body: bodyWithFooter
-    });
+    const result = await updateProgressComment(
+      apiCtx,
+      { id: commentId, type: "issue" },
+      bodyWithFooter
+    );
     ctx.toolState.wasUpdated = true;
-    if (isPlanMode && result2.data.node_id) {
-      await patchWorkflowRunFields(ctx, { planCommentNodeId: result2.data.node_id });
+    if (isPlanMode && result.node_id) {
+      await patchWorkflowRunFields(ctx, { planCommentNodeId: result.node_id });
     }
     return {
-      commentId: result2.data.id,
-      url: result2.data.html_url,
-      body: result2.data.body || "",
+      commentId: result.id,
+      url: result.html_url,
+      body: result.body || "",
       action: "updated"
     };
   }
-  const existingCommentId = ctx.toolState.progressCommentId;
-  if (existingCommentId) {
-    const customParts = isPlanMode && issueNumber !== void 0 ? [buildImplementPlanLink(ctx, issueNumber, existingCommentId)] : void 0;
+  const existingComment = ctx.toolState.progressComment;
+  if (existingComment) {
+    const customParts = isPlanMode && issueNumber !== void 0 ? [buildImplementPlanLink(ctx, issueNumber, existingComment.id)] : void 0;
     const bodyWithoutFooter = stripExistingFooter(body);
     const footer = buildCommentFooter(ctx, customParts);
     const bodyWithFooter = `${bodyWithoutFooter}${footer}`;
-    const result2 = await ctx.octokit.rest.issues.updateComment({
-      owner: ctx.repo.owner,
-      repo: ctx.repo.name,
-      comment_id: existingCommentId,
-      body: bodyWithFooter
-    });
+    const result = await updateProgressComment(apiCtx, existingComment, bodyWithFooter);
     ctx.toolState.wasUpdated = true;
-    if (isPlanMode && result2.data.node_id) {
-      await patchWorkflowRunFields(ctx, { planCommentNodeId: result2.data.node_id });
+    if (isPlanMode && result.node_id) {
+      await patchWorkflowRunFields(ctx, { planCommentNodeId: result.node_id });
     }
     return {
-      commentId: result2.data.id,
-      url: result2.data.html_url,
-      body: result2.data.body || "",
+      commentId: result.id,
+      url: result.html_url,
+      body: result.body || "",
       action: "updated"
     };
   }
-  if (existingCommentId === null) {
+  if (existingComment === null) {
     return { body, action: "skipped" };
   }
   if (issueNumber === void 0) {
     return { body, action: "skipped" };
   }
   const initialBody = addFooter(ctx, body);
-  const result = await ctx.octokit.rest.issues.createComment({
-    owner: ctx.repo.owner,
-    repo: ctx.repo.name,
-    issue_number: issueNumber,
-    body: initialBody
-  });
-  ctx.toolState.progressCommentId = result.data.id;
+  const created = await createLeapingProgressComment(
+    apiCtx,
+    { kind: "issue", issueNumber },
+    initialBody
+  );
+  ctx.toolState.progressComment = created.comment;
   ctx.toolState.wasUpdated = true;
   if (isPlanMode) {
-    const customParts = [buildImplementPlanLink(ctx, issueNumber, result.data.id)];
+    const customParts = [buildImplementPlanLink(ctx, issueNumber, created.comment.id)];
     const bodyWithoutFooter = stripExistingFooter(body);
     const footer = buildCommentFooter(ctx, customParts);
     const bodyWithPlanLink = `${bodyWithoutFooter}${footer}`;
-    const updateResult = await ctx.octokit.rest.issues.updateComment({
-      owner: ctx.repo.owner,
-      repo: ctx.repo.name,
-      comment_id: result.data.id,
-      body: bodyWithPlanLink
-    });
-    if (updateResult.data.node_id) {
-      await patchWorkflowRunFields(ctx, { planCommentNodeId: updateResult.data.node_id });
+    const updateResult = await updateProgressComment(apiCtx, created.comment, bodyWithPlanLink);
+    if (updateResult.node_id) {
+      await patchWorkflowRunFields(ctx, { planCommentNodeId: updateResult.node_id });
     }
     return {
-      commentId: updateResult.data.id,
-      url: updateResult.data.html_url,
-      body: updateResult.data.body || "",
+      commentId: updateResult.id,
+      url: updateResult.html_url,
+      body: updateResult.body || "",
       action: "created"
     };
   }
   return {
-    commentId: result.data.id,
-    url: result.data.html_url,
-    body: result.data.body || "",
+    commentId: created.comment.id,
+    url: created.html_url,
+    body: created.body || "",
     action: "created"
   };
 }
@@ -109008,23 +109169,22 @@ ${collapsible}`;
   });
 }
 async function deleteProgressComment(ctx) {
-  const existingCommentId = ctx.toolState.progressCommentId;
-  if (!existingCommentId) {
+  const existing = ctx.toolState.progressComment;
+  if (!existing) {
     return false;
   }
   try {
-    await ctx.octokit.rest.issues.deleteComment({
-      owner: ctx.repo.owner,
-      repo: ctx.repo.name,
-      comment_id: existingCommentId
-    });
+    await deleteProgressCommentApi(
+      { octokit: ctx.octokit, owner: ctx.repo.owner, repo: ctx.repo.name },
+      existing
+    );
   } catch (error49) {
     if (error49 instanceof Error && error49.message.includes("Not Found")) {
     } else {
       throw error49;
     }
   }
-  ctx.toolState.progressCommentId = null;
+  ctx.toolState.progressComment = null;
   return true;
 }
 var ReplyToReviewComment = type({
@@ -142105,7 +142265,7 @@ var import_semver = __toESM(require_semver2(), 1);
 // package.json
 var package_default = {
   name: "pullfrog",
-  version: "0.0.202",
+  version: "0.0.204",
   type: "module",
   bin: {
     pullfrog: "dist/cli.mjs",
@@ -142642,8 +142802,13 @@ async function $git(subcommand, args2, options) {
     }
     if (result.exitCode !== 0) {
       const stderr = result.stderr.trim();
-      log.info(`git ${subcommand} failed: ${stderr}`);
-      throw new Error(`git ${subcommand} failed: ${stderr}`);
+      const stdout = result.stdout.trim();
+      const detail = stderr && stdout ? `${stderr}
+--- stdout ---
+${stdout}` : stderr || stdout || "(no output)";
+      const message = `git ${subcommand} failed (exit ${result.exitCode}): ${detail}`;
+      log.info(message);
+      throw new Error(message);
     }
     return {
       stdout: result.stdout.trim(),
@@ -142920,6 +143085,34 @@ var PushBranch = type({
   branchName: type.string.describe("The branch name to push (defaults to current branch)").optional(),
   force: type.boolean.describe("Force push (use with caution)").default(false)
 });
+var CONCURRENT_PUSH_PATTERNS = ["fetch first", "non-fast-forward", "cannot lock ref"];
+var TRANSIENT_PATTERNS = [
+  /RPC failed/i,
+  /early EOF/,
+  /the remote end hung up unexpectedly/,
+  /Connection reset/i,
+  /Could not resolve host/i,
+  /Operation timed out/i,
+  /HTTP\/2 stream \d+ was not closed cleanly/i,
+  /unexpected disconnect while reading sideband packet/i,
+  // libcurl HTTP 5xx surfaced by git over https. matches both the
+  // libcurl-style "The requested URL returned error: 502" and the more
+  // recent "HTTP 502" wording. most 4xx is intentionally excluded —
+  // 401/403/404 indicate auth/permission problems that are not
+  // retry-safe — but 429 (rate-limited / abuse detection) IS retry-safe
+  // and GitHub occasionally surfaces it on git push, so it's included
+  // explicitly below.
+  /HTTP 5\d\d/,
+  /returned error: 5\d\d/i,
+  /HTTP 429/,
+  /returned error: 429/i
+];
+function classifyPushError(msg) {
+  if (CONCURRENT_PUSH_PATTERNS.some((p) => msg.includes(p))) return "concurrent-push";
+  if (TRANSIENT_PATTERNS.some((p) => p.test(msg))) return "transient";
+  return "unknown";
+}
+var TRANSIENT_RETRY_DELAYS_MS = [2e3, 5e3];
 function PushBranchTool(ctx) {
   const defaultBranch = ctx.repo.data.default_branch || "main";
   const pushPermission = ctx.payload.push;
@@ -142970,25 +143163,48 @@ ${postHookStatus}`
       if (force) {
         log.warning(`force pushing - this will overwrite remote history`);
       }
-      try {
-        await $git("push", pushArgs, {
-          token: ctx.gitToken
-        });
-      } catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        if (msg.includes("fetch first") || msg.includes("non-fast-forward")) {
-          const integrateStep = ctx.payload.shell === "disabled" ? `2. use the git tool to merge the remote branch into yours: git({ command: "merge", args: ["origin/${pushDest.remoteBranch}"] })` : `2. use the git tool to rebase or merge your changes on top: git({ command: "merge", args: ["origin/${pushDest.remoteBranch}"] }) (or 'rebase')`;
-          throw new Error(
-            `push rejected: the remote branch '${pushDest.remoteBranch}' has new commits you don't have locally.
+      let lastErr;
+      let pushed = false;
+      for (let attempt = 0; attempt <= TRANSIENT_RETRY_DELAYS_MS.length; attempt++) {
+        try {
+          await $git("push", pushArgs, {
+            token: ctx.gitToken
+          });
+          if (attempt > 0) {
+            log.info(`push succeeded on attempt ${attempt + 1}`);
+          }
+          pushed = true;
+          break;
+        } catch (err) {
+          lastErr = err;
+          const msg = err instanceof Error ? err.message : String(err);
+          const kind = classifyPushError(msg);
+          if (kind === "concurrent-push") {
+            const integrateStep = ctx.payload.shell === "disabled" ? `2. use the git tool to merge the remote branch into yours: git({ command: "merge", args: ["origin/${pushDest.remoteBranch}"] })` : `2. use the git tool to rebase or merge your changes on top: git({ command: "merge", args: ["origin/${pushDest.remoteBranch}"] }) (or 'rebase')`;
+            throw new Error(
+              `push rejected: the remote branch '${pushDest.remoteBranch}' has new commits you don't have locally (often a concurrent push to the same branch).
 
 to resolve this:
 1. use git_fetch to fetch the remote branch: git_fetch({ ref: "${pushDest.remoteBranch}" })
 ${integrateStep}
 3. resolve any merge conflicts if needed
 4. retry push_branch`
-          );
+            );
+          }
+          if (kind === "transient" && attempt < TRANSIENT_RETRY_DELAYS_MS.length) {
+            const baseDelay = TRANSIENT_RETRY_DELAYS_MS[attempt] ?? 5e3;
+            const delay2 = Math.round(baseDelay * (0.75 + Math.random() * 0.5));
+            log.info(
+              `push attempt ${attempt + 1} failed (transient), retrying in ${delay2}ms: ${msg.slice(0, 300)}`
+            );
+            await new Promise((r) => setTimeout(r, delay2));
+            continue;
+          }
+          throw err;
         }
-        throw err;
+      }
+      if (!pushed) {
+        throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
       }
       return {
         success: true,
@@ -143246,6 +143462,18 @@ function validateInlineComments(comments, map2) {
   return { valid, dropped };
 }
 var MAX_DROPPED_COMMENT_LINES = 50;
+function duplicateReviewDecision(params) {
+  const existing = params.existing;
+  if (!existing) return null;
+  if (params.currentCheckoutSha && existing.reviewedSha && params.currentCheckoutSha !== existing.reviewedSha) {
+    return null;
+  }
+  return {
+    kind: "already-submitted",
+    reviewId: existing.id,
+    reason: `review ${existing.id} was already submitted in this session; ignoring duplicate call (call \`checkout_pr\` again first if new commits were pushed)`
+  };
+}
 function reviewSkipDecision(params) {
   if (params.body || params.hasComments) return null;
   if (!params.approved) {
@@ -143315,6 +143543,19 @@ function CreatePullRequestReviewTool(ctx) {
     execute: execute(async ({ pull_number, body, approved, commit_id, comments = [] }) => {
       if (body) body = fixDoubleEscapedString(body);
       ctx.toolState.issueNumber = pull_number;
+      const dup = duplicateReviewDecision({
+        existing: ctx.toolState.review,
+        currentCheckoutSha: ctx.toolState.checkoutSha
+      });
+      if (dup) {
+        log.info(`skipping duplicate review submission: ${dup.reason}`);
+        return {
+          success: true,
+          skipped: true,
+          reason: dup.reason,
+          reviewId: dup.reviewId
+        };
+      }
       const skip = reviewSkipDecision({
         approved: approved ?? false,
         body,
@@ -143432,6 +143673,9 @@ function CreatePullRequestReviewTool(ctx) {
         nodeId: reviewNodeId,
         reviewedSha: actuallyReviewedSha
       };
+      await deleteProgressComment(ctx).catch((err) => {
+        log.debug(`progress comment cleanup after review failed: ${err}`);
+      });
       if (ctx.toolState.checkoutSha && latestHeadSha && latestHeadSha !== ctx.toolState.checkoutSha) {
         const fromSha = ctx.toolState.checkoutSha;
         const toSha = latestHeadSha;
@@ -145014,35 +145258,20 @@ async function getReviewThreads(input) {
   const username = input.approvedBy;
   return threadsForReview.filter((thread) => threadHasThumbsUpFrom(thread, username));
 }
-async function getReviewData(input) {
-  const [review, threads] = await Promise.all([
-    input.octokit.rest.pulls.getReview({
-      owner: input.owner,
-      repo: input.name,
-      pull_number: input.pullNumber,
-      review_id: input.reviewId
-    }),
-    getReviewThreads(input)
-  ]);
-  const rawReviewBody = review.data.body;
+function formatReviewData(input) {
+  const rawReviewBody = input.review.body;
   const reviewBody = rawReviewBody ? stripExistingFooter(rawReviewBody) : "";
-  const reviewer = review.data.user?.login ?? "unknown";
-  if (threads.length === 0 && !reviewBody) return void 0;
+  const reviewer = input.review.user?.login ?? "unknown";
+  if (input.threads.length === 0 && !reviewBody) return void 0;
   let threadBlocks = [];
-  if (threads.length > 0) {
-    const prFiles = await input.octokit.paginate(input.octokit.rest.pulls.listFiles, {
-      owner: input.owner,
-      repo: input.name,
-      pull_number: input.pullNumber,
-      per_page: 100
-    });
+  if (input.threads.length > 0) {
     const filePatchMap = /* @__PURE__ */ new Map();
-    for (const file2 of prFiles) {
+    for (const file2 of input.prFiles) {
       if (file2.patch) {
         filePatchMap.set(file2.filename, parseFilePatches(file2.patch));
       }
     }
-    threadBlocks = buildThreadBlocks(threads, filePatchMap, input.reviewId);
+    threadBlocks = buildThreadBlocks(input.threads, filePatchMap, input.reviewId);
   }
   const formatted = formatReviewThreads(threadBlocks, {
     pullNumber: input.pullNumber,
@@ -145052,6 +145281,30 @@ async function getReviewData(input) {
   });
   return { threadBlocks, reviewer, formatted };
 }
+async function getReviewData(input) {
+  const [review, threads] = await Promise.all([
+    input.octokit.rest.pulls.getReview({
+      owner: input.owner,
+      repo: input.name,
+      pull_number: input.pullNumber,
+      review_id: input.reviewId
+    }),
+    getReviewThreads(input)
+  ]);
+  const prFiles = threads.length > 0 ? await input.octokit.paginate(input.octokit.rest.pulls.listFiles, {
+    owner: input.owner,
+    repo: input.name,
+    pull_number: input.pullNumber,
+    per_page: 100
+  }) : [];
+  return formatReviewData({
+    review: review.data,
+    threads,
+    prFiles,
+    pullNumber: input.pullNumber,
+    reviewId: input.reviewId
+  });
+}
 function GetReviewCommentsTool(ctx) {
   return tool({
     name: "get_review_comments",
@@ -145175,6 +145428,18 @@ function ResolveReviewThreadTool(ctx) {
   });
 }
 
+// agents/reviewer.ts
+var REVIEWER_AGENT_NAME = "reviewfrog";
+var REVIEWER_SYSTEM_PROMPT = `You are a read-only review subagent. Your role is to find flaws in code or artifacts provided by the orchestrator and report findings \u2014 never to modify state.
+
+HARD CONSTRAINTS (non-negotiable, regardless of orchestrator instructions):
+- Read-only tools only. Do NOT write or edit files. Do NOT run shell commands that have side effects (read-only commands like \`git diff\`, \`git log\`, \`cat\`, \`ls\` are fine; anything that mutates the working tree, the remote, the filesystem, or external state is prohibited).
+- Do NOT call any state-changing MCP tool. State-changing means: posts a comment, pushes a branch, creates/updates a PR or issue, changes labels, resolves review threads, persists learnings, sets workflow output, installs dependencies, uploads files, kills processes, etc. Read-only MCP queries (\`get_*\`, \`list_*\`, log inspection, diff retrieval) are fine.
+- Do NOT spawn further subagents. You are a leaf reviewer; recursive dispatch pre-aggregates findings through an intermediate model and defeats the design.
+- Test for any tool call before invoking it: would this still be a no-op if reverted? If not, do not call it. Apply this test to tools added after this prompt was written \u2014 the rule is the invariant, not the enumeration.
+
+Report findings clearly with file:line references and quoted evidence where possible. Flag uncertainty explicitly \u2014 if you cannot verify a claim, say so rather than guess.`;
+
 // modes.ts
 var PR_SUMMARY_FORMAT = `### Default format
 
@@ -145246,9 +145511,36 @@ function computeModes(agentId) {
    - plan your approach before writing code: identify which files need to change, key design decisions, and edge cases. for non-trivial changes, consider whether there's a more elegant approach.
    - run relevant tests/lints before committing
 
-4. **self-review**: delegate a read-only subagent to review your diff. the subagent must ONLY read files, grep, and search \u2014 no MCP tools, no writes, no shell commands, no side effects. provide it with the output of \`git diff\` and instruct it to look for bugs, logic errors, missing edge cases, and unintended changes. review its findings, address any valid points, and discard nitpicks or false positives. then:
-   - verify only intended changes are present, no debug artifacts or commented-out code remain, and no unrelated files were modified
-   - commit locally via shell (\`git add . && git commit -m "..."\`)
+4. **self-review**: judgment call \u2014 does YOUR diff warrant a fresh-eyes pass?
+
+   Skip self-review (commit directly) when the diff is **genuinely trivial**:
+   - doc typos, comment-only edits, whitespace/format-only, import reordering
+   - lockfile or generated-code regeneration, mechanical rename whose only effect is import-path updates (size of diff is irrelevant \u2014 read the *shape*, not the line count)
+   - low-risk dep patch bump from a trusted source
+
+   Run self-review when the diff has **any behavioral surface, however small**:
+   - 1-line changes to SQL operators / comparison logic / regexes / redirects / HTTP methods / response codes
+   - any change to money / tax / currency / billing / fee / refund / payout calculations or constants
+   - any change to auth / permissions / roles / sessions / tokens / signature verification
+   - any change to feature-flag defaults, retry counts, timeouts, rate limits, batch sizes
+   - new endpoints, new code paths, new error branches \u2014 even small ones
+   - mixed diffs (whitespace + a single semantic line) \u2014 the semantic line still triggers self-review
+   - anything you're uncertain about
+
+   Tie-breaker: when in doubt, run self-review. One false-positive subagent dispatch costs cents; one false-negative shipped bug costs much more. There's no value in dispatching for a typo, but there's also no excuse for skipping on a 1-line change to a billing path.
+
+   Otherwise delegate the \`${REVIEWER_AGENT_NAME}\` subagent to review your diff with fresh eyes against YOUR TASK. The subagent's baked-in system prompt enforces a non-mutative + non-recursive contract: read-only file/search/web tools and read-only MCP queries only; no writes, shell side effects, state-changing MCP calls, or nested subagent dispatch. Enforcement is prose-only \u2014 restate the constraint in your dispatch instructions and do not relax it.
+
+   Provide the subagent with YOUR TASK, the output of \`git diff\`, and a tight summary (not raw output) of any lint/typecheck/test failures you fixed during build \u2014 what broke, root cause, the fix \u2014 so it can check that fixes addressed root causes rather than suppressed symptoms; say "no build-phase failures" if the build path was clean. Instruct it to flag bugs, logic errors, missing edge cases, gaps between request and diff, and unintended changes.
+
+   Delegation + research discipline (distilled from \`/anneal\` canonical \u2014 these are codified learnings from many review rounds, not theoretical best practices):
+   - Do NOT summarize what you implemented \u2014 that biases the subagent toward validating the shape of your solution rather than questioning it.
+   - Do NOT curate a reading list of files. Let the subagent discover scope from the diff and codebase.
+   - Do NOT pre-shape output with a severity / category schema. That leaks your hypotheses; severity is your call during evaluation.
+   - Do NOT defect-hunt the diff yourself in parallel with the subagent. Your role is dispatch + evaluation; doing the review yourself reintroduces the implementation bias the subagent is meant to mitigate.
+   - For diffs that rely on third-party API contracts, SDK semantics, framework directives, or DB engine specifics, instruct the subagent to verify load-bearing claims via web search and quote source URLs rather than trust training data \u2014 this is the single most common review-quality failure mode.
+
+   Review the findings, address valid points, and discard nitpicks or false positives. The reviewer is fallible \u2014 it biases toward *recommending additions* (defensive checks for impossible cases, extra logging, new abstractions used once, comments restating code, tests asserting tautologies, "just-in-case" guards). For each finding, ask: would applying it leave the code more sound, correct, AND elegant? Two-out-of-three is not enough \u2014 a fix that improves correctness while degrading elegance still degrades the codebase. Reject bloat-shaped findings without applying them, and after applying the rest re-read your diff and be discerning about what *you just changed*: if any fix turned out to be bloat in context, revert it. The goal is code that is sound and correct *while remaining elegant*; the smallest diff that fixes the real defect almost always wins. Then verify only intended changes are present, no debug artifacts or commented-out code remain, no unrelated files were modified. Commit locally via shell (\`git add . && git commit -m "..."\`).
 
 5. **finalize**:
    - confirm a clean working tree, then push via \`${t("push_branch")}\` (see *SYSTEM* Git rules if this fails \u2014 prepush errors are usually the repo's tests/lint, not infra timeouts)
@@ -145272,11 +145564,12 @@ For simple, well-defined tasks, skip the plan phase and go straight to build.`
 
 3. For each comment:
    - understand the feedback
-   - make the code change using your native tools
-   - record what was done
+   - evaluate whether applying it would leave the code more **sound, correct, AND elegant**. reviewers are fallible and bias toward *recommending additions* (defensive checks for impossible cases, extra abstractions, comments restating obvious code, tests asserting tautologies, "just-in-case" guards). if a request would add bloat \u2014 ceremony without commensurate correctness benefit \u2014 push back in your reply rather than mechanically applying it. two-out-of-three is not enough; improving correctness while degrading elegance still degrades the code.
+   - if the request stands, make the code change using your native tools; otherwise reply explaining why
+   - record what was done (or why nothing was done)
 
 4. Quality check:
-   - test changes, then review the diff before committing \u2014 verify only intended changes are present, no debug artifacts remain, and the changes are clean enough that a senior engineer would approve without hesitation
+   - test changes, then review the diff before committing \u2014 verify only intended changes are present, no debug artifacts remain, no fix turned out to be bloat in context (revert any that did), and the changes are clean enough that a senior engineer would approve without hesitation
    - commit locally via shell (\`git add . && git commit -m "..."\`)
 
 5. Finalize:
@@ -145287,28 +145580,93 @@ For simple, well-defined tasks, skip the plan phase and go straight to build.`
 
 ${learningsStep(t, 6)}`
     },
+    // Review and IncrementalReview use the multi-lens orchestrator pattern
+    // (canonical source: .claude/commands/anneal.md). The orchestrator does
+    // triage → parallel read-only subagent fan-out → aggregate → draft comments
+    // → submit. For someone else's PR, parallel lenses (correctness, security,
+    // research-validated claims, user-journey, etc.) provide breadth across
+    // angles that a single subagent can't carry coherently. Build mode keeps
+    // a single fresh-eyes subagent (different problem shape — orchestrator
+    // wrote the code and bias-mitigation comes from delegating to one
+    // subagent that doesn't share the implementation context).
+    // Deliberate omission vs canonical /anneal: severity categorization in the
+    // final message (the review body has its own CAUTION/IMPORTANT framing
+    // instead of a severity table).
     {
       name: "Review",
       description: "Review code, PRs, or implementations; provide feedback or suggestions; identify issues; or check code quality, style, and correctness",
       prompt: `### Checklist
 
-1. Checkout the PR via \`${t("checkout_pr")}\` \u2014 this returns PR metadata and a \`diffPath\`. read the diff TOC first and treat its file line ranges as your coverage checklist.
-
-2. For each area of change:
-   - read the diff and trace data flow, check boundaries, and verify assumptions
-   - plan your investigation: identify the highest-risk areas (tricky state transitions, boundary crossings, assumption chains) and prioritize depth over breadth
-   - use \`${t("get_pull_request")}\` and other read-only GitHub tools for additional context
-   - if the PR removes features, deletes exports, renames identifiers, or changes architectural patterns, run a dedicated impact analysis: list what changed, then use grep across code, tests, docs (\`docs/\`, \`wiki/\`), comments, configs, and UI to find stale references
-   - report impact-analysis findings in the summary body, ordered by severity (runtime breakage > incorrect docs > stale comments)
-   - draft inline comments with NEW line numbers from the diff \u2014 every comment must be actionable (2-3 sentences max)
-   - use GitHub permalink format for code references
-   - for large or cross-cutting PRs that touch disparate subsystems, consider delegating read-only subagents to investigate areas in parallel. subagents must ONLY read files, grep, and search \u2014 no MCP tools, no writes, no shell commands, no side effects. collect their findings and use them to draft comments.
-
-3. Self-critique: review all drafted comments and drop any that are praise, style preferences, speculative/unverified claims, about pre-existing code unrelated to the PR, or not actionable.
+1. **checkout**: call \`${t("checkout_pr")}\` \u2014 this returns PR metadata and a \`diffPath\`. read the diff TOC end-to-end and treat its file line ranges as your coverage checklist.
+
+2. **triage**: orient yourself on the PR \u2014 identify *what kind of thing this is* (domain it touches, seams it crosses, external contracts it depends on, user-facing surfaces it changes). orientation only \u2014 defer specific defect-hunting to the subagents; pre-reviewing biases the lenses you pick. use \`${t("get_pull_request")}\` and other read-only GitHub tools for additional context if needed.
+
+   if the PR is **genuinely trivial**, skip steps 3\u20134 entirely and submit \`Reviewed \u2014 no issues found.\` per step 5. there's no value in dispatching even one lens for a typo.
+
+   "Genuinely trivial" (skip):
+   - single-word doc typo, whitespace/format-only, comment-only across any number of files
+   - lockfile or generated-code regeneration (size of diff is irrelevant \u2014 read the *shape*)
+   - mechanical rename whose only effect is import-path updates
+   - low-risk dep patch bump
+
+   "Looks trivial but isn't" (do **NOT** skip \u2014 small diff, big blast radius):
+   - any 1-line change to SQL / regex / auth / billing / permission / signature-verification code
+   - flipping a feature-flag default, default config value, or retry/timeout constant
+   - changing a money/tax/currency/fee constant by any amount
+   - changing an HTTP method, redirect URL, response code, or status enum
+   - tightening or loosening a comparison operator (\`<\` \u2194 \`<=\`, \`==\` \u2194 \`!=\`)
+   - renaming a public API surface (still trivial in shape, but needs an impact lens)
+   - adding a new direct dependency (supply-chain surface)
+   - any "typo fix" in user-facing copy that changes meaning ("approved" \u2192 "denied")
+   - mixed diffs where a semantic 1-liner is buried in whitespace/formatting changes
+
+   When unsure, treat as non-trivial. The cost of one extra subagent is cents; the cost of a missed billing/auth/data bug is much more.
+
+   otherwise pick lenses by where the PR concentrates risk \u2014 **there's no fixed count**. lens count is judgment, not a formula. concrete shapes to anchor against:
+
+   - **1 lens** \u2014 pure refactor / mechanical rename across many files (impact); new test file with no source change (test-integrity); small isolated bug fix (correctness); doc-only PR with non-trivial technical content (research-validated or holistic)
+   - **2\u20133 lenses (most PRs land here)** \u2014 new CRUD endpoint (correctness + security + test-integrity); new UI flow (user-journey + correctness); a single bug fix in a non-critical subsystem (correctness + test-integrity); design doc covering one domain (research-validated + correctness or holistic)
+   - **4\u20135 lenses (high-stakes subsystem touches)** \u2014 any billing/payments change (billing-subsystem + correctness + security + operational-readiness); new auth flow (auth-subsystem + correctness + security + test-integrity); schema migration (schema-migration-subsystem + correctness + operational-readiness + impact); cross-subsystem PR that touches billing AND auth AND schema (one subsystem lens per domain + correctness)
+   - **6+ lenses** \u2014 almost always a smell; you're either covering overlapping ground or this PR should have been split. push back via the review body rather than expanding lens count.
+
+   lenses come in two flavors, and you can mix them:
+   - **themed lenses** \u2014 a perspective applied across the whole diff (correctness, security, user-journey, performance, etc.).
+   - **subsystem lenses** \u2014 a domain-scoped frame for high-stakes subsystems the PR touches (e.g. "the auth lens", "the billing lens", "the schema-migration lens"). a subsystem lens is "review the PR specifically for what could go wrong in this subsystem" and naturally combines theme + scope. **for high-stakes domains, lead with the subsystem lens rather than the generic themed equivalent** \u2014 "billing-subsystem" outperforms "correctness on billing code" because the framing primes the subagent to remember domain-specific failure modes (double-charges, refund races, currency rounding, dispute flows) the generic lens misses.
+
+   starter menu (combine, omit, or invent your own):
+   - **correctness & invariants** \u2014 bugs, races, error handling, edge cases, state-machine boundaries
+   - **impact** \u2014 when the PR removes features, deletes exports, renames identifiers, or changes architectural patterns: stale references in code, tests, docs (\`docs/\`, \`wiki/\`), comments, configs, UI
+   - **research-validated assumptions** \u2014 third-party API contracts, SDK semantics, framework directives, version-gated behavior. the subagent must verify load-bearing claims via web search and quote source URLs.
+   - **security** \u2014 new endpoints, authZ, input validation, secrets handling, replay/CSRF/injection, cross-tenant isolation
+   - **user-journey** \u2014 UX-touching flows: walk through happy path and failure modes as a user
+   - **operational readiness** \u2014 observability, alerting, migrations (forward + rollback), feature flags, on-call burden
+   - **integration & cross-cutting** \u2014 API contracts between modules, backward-compat of public surfaces, multi-service ordering
+   - **test integrity** \u2014 meaningful coverage for the changed behavior; deterministic; no shared-state pollution
+   - **performance** \u2014 N+1 queries, hot-path allocation, latency budgets, index coverage
+   - **holistic** \u2014 does the PR make sense as a whole? symmetric flows (delete for every create, rollback for every migration)?
+   - **subsystem lenses** (invent as the PR demands) \u2014 auth, billing, payments, schema migration, webhooks, secrets, RBAC, multi-tenant isolation, cron/scheduling, etc.
+
+3. **fan out**: dispatch one \`${REVIEWER_AGENT_NAME}\` subagent per lens \u2014 its baked-in system prompt enforces the non-mutative + non-recursive contract (read-only file/search/web tools and read-only MCP queries; no writes, shell side effects, state-changing MCP calls, or nested subagent dispatch). when picking 2+ lenses, dispatch them in a **single assistant turn with multiple parallel subagent calls**; issuing one and awaiting reply before the next collapses the fan-out into a serial review. if a subagent errors out, times out, or returns nothing usable, retry once with the same lens; if it still fails, proceed with partial coverage and note the missing lens in the review body \u2014 do not skip step 3 entirely on a single subagent failure. each subagent gets:
+   - the diff path / target \u2014 reading the diff and the codebase is its job
+   - **only one lens** \u2014 never a multi-section "review for X, Y, and Z" prompt
+   - **a Task \`description\` set to the lens name** (e.g. \`"security"\`, \`"correctness"\`, \`"billing-subsystem"\`) \u2014 the harness reads this field to label the subagent's log lines so parallel runs can be told apart in CI output. without it, every subagent shows up as \`subagent#N\`.
+   - the read-only contract restated in your dispatch instructions so the rule is present twice (the subagent's system prompt also enforces it). The test: would this call still be a no-op if reverted? If not (PR comments, branch pushes, issue updates, set_output, label changes, dependency installs, etc.), don't make it.
+   - if the lens touches external contracts, instruct the subagent to verify load-bearing claims via web search rather than trust training data, and to quote source URLs in its reasoning. action runs are non-interactive \u2014 there's no human in the loop to catch "I'm pretty sure Stripe does X."
+   - ask the subagent to report findings with file paths and NEW line numbers from the diff so you can anchor inline comments without re-reading the entire diff.
+
+   delegation discipline:
+   - do NOT lens-review the diff yourself in parallel with the subagents (your job is dispatch + comment-drafting; doing the lens work yourself reintroduces the bias the fan-out avoids)
+   - do NOT summarize the PR for them (biases toward a validation frame)
+   - do NOT hand them a curated reading list (let them discover scope)
+   - do NOT pre-shape their output with a finding schema
+   - do NOT mention the other lenses (independence is the point \u2014 overlapping findings are a strong signal)
+
+4. **aggregate & draft**: merge findings; de-dup overlaps (two lenses catching the same issue = higher-confidence signal); trace each finding yourself before accepting it. drop praise, style preferences, speculative/unverified claims, findings about pre-existing code unrelated to the PR (heuristic: if the finding's root cause lives in lines this PR added or modified, it's in scope; otherwise drop unless the PR plausibly introduced or amplified the regression), and anything not actionable. also drop **bloat-shaped findings** \u2014 proposed fixes that would add defensive checks for cases that can't happen, abstractions used once, comments restating obvious code, tests asserting tautologies, or "just-in-case" guards. subagents are fallible and bias toward recommending changes; the bar for an actionable inline comment is sound + correct + elegant. recommending a change that improves only one of the three (or worse, degrades elegance to nominally improve correctness) makes the codebase worse, not better.
+
+   for surviving findings, draft inline comments with NEW line numbers from the diff. every comment must be actionable, 2-3 sentences max. use GitHub permalink format for code references. for impact-analysis findings (stale references after rename/remove), report them in the review body ordered by severity (runtime breakage > incorrect docs > stale comments) rather than as inline comments unless they're anchored to a specific line.
+
+5. **submit**: ALWAYS submit exactly one review via \`${t("create_pull_request_review")}\`. Do NOT call \`report_progress\` \u2014 the review is the final record and the progress comment will be cleaned up automatically.
 
-4. Submit \u2014 ALWAYS submit exactly one review via \`${t("create_pull_request_review")}\`.
-   Do NOT call \`report_progress\` \u2014 the review is the final record and the progress
-   comment will be cleaned up automatically.
    note: the first create_pull_request_review submission may error with a one-time diff-coverage nudge listing unread TOC regions. retry the same call to proceed \u2014 optionally after reading the listed ranges. the pre-flight will not block again this session.
 
    - **critical issues** (blocks merge \u2014 bugs, security, data loss):
@@ -145322,29 +145680,56 @@ ${learningsStep(t, 6)}`
    - **no actionable issues**:
      \`approved: true\`, body: "Reviewed \u2014 no issues found."`
     },
+    // IncrementalReview shares Review's multi-lens orchestrator pattern but
+    // scopes the target to the incremental diff and adds prior-review-feedback
+    // tracking. The "issues must be NEW since the last Pullfrog review" filter
+    // lives at aggregation time (step 5), NOT in the subagent prompt — pushing
+    // the filter into subagents matches the canonical anneal anti-pattern of
+    // "list known pre-existing failures — don't flag these" and suppresses
+    // signal on regressions the new commits amplified. The body-format rules
+    // (Reviewed changes / Prior review feedback) are unchanged from the prior
+    // version. Same severity-table omission as Review.
     {
       name: "IncrementalReview",
       description: "Re-review a PR after new commits are pushed; focus on new changes since the last review",
       prompt: `### Checklist
 
-1. Checkout the PR via \`${t("checkout_pr")}\` \u2014 this returns PR metadata, \`diffPath\` (full diff), and \`incrementalDiffPath\` (changes since last reviewed version, if available). read the diff TOC first and use its line ranges as your coverage checklist.
+1. **checkout**: call \`${t("checkout_pr")}\` \u2014 this returns PR metadata, \`diffPath\` (full diff), and \`incrementalDiffPath\` (changes since last reviewed version, if available). read the diff TOC first and use its line ranges as your coverage checklist.
+
+2. **incremental scope**: if \`incrementalDiffPath\` is present, read it to see what changed since the last review. this is a range-diff that isolates the net changes, filtering out base branch noise. if not present, fall back to reviewing the full PR diff and determine what changed since Pullfrog's most recent review.
+
+3. **prior feedback**: fetch previous reviews via \`${t("list_pull_request_reviews")}\`. for the most recent Pullfrog review, call \`${t("get_review_comments")}\` with the review ID to retrieve specific prior line-level feedback. you'll need this in step 6 to track which prior comments were addressed.
+
+4. **triage & fan out**: orient on the *incremental* changes \u2014 domain, seams, external contracts, user-facing surfaces.
+
+   if the incremental changes are **genuinely trivial**, skip the fan-out entirely and jump to step 7's non-substantive path (do NOT submit a review).
+
+   "Genuinely trivial" (skip): formatting/comment tweaks, import reordering, lockfile regen, mechanical rename of import paths, whitespace-only.
+   "Looks trivial but isn't" (do NOT skip \u2014 same anti-patterns as Review mode): 1-line changes to SQL/regex/auth/billing/permissions/signature-verification code; flipping feature-flag defaults or retry/timeout constants; money/tax/HTTP-method/redirect changes; tightening or loosening a comparison operator; mixed diffs with a semantic line buried in formatting.
+   When unsure, treat as non-trivial.
 
-2. If \`incrementalDiffPath\` is present, read it to see what changed since the last review. This is a range-diff that isolates the net changes, filtering out base branch noise. If not present, fall back to reviewing the full PR diff.
+   otherwise pick lenses by where the new commits concentrate risk \u2014 **there's no fixed count**, same calibration as Review mode (1 lens for pure refactor / isolated fix; 2\u20133 for typical features; 4\u20135 for high-stakes subsystem touches; 6+ is a smell). lens framing follows Review mode: themed lenses (correctness & invariants, impact when new commits remove/rename/deprecate things, research-validated assumptions, security, user-journey, operational readiness, integration & cross-cutting, test integrity, performance, holistic) and subsystem lenses (auth, billing, schema migration, etc.) \u2014 for high-stakes domains lead with the subsystem lens rather than the generic themed equivalent.
 
-3. Fetch previous reviews via \`${t("list_pull_request_reviews")}\`. For the most recent Pullfrog review, call \`${t("get_review_comments")}\` with the review ID to retrieve specific prior line-level feedback.
+   dispatch one \`${REVIEWER_AGENT_NAME}\` subagent per lens \u2014 its baked-in system prompt enforces the non-mutative + non-recursive contract (read-only file/search/web tools and read-only MCP queries; no writes, shell side effects, state-changing MCP calls, or nested subagent dispatch). dispatch them in a **single assistant turn with multiple parallel subagent calls** (serial dispatch collapses the fan-out). if a subagent errors out, times out, or returns nothing usable, retry once with the same lens; if it still fails, proceed with partial coverage and note the missing lens in the review body \u2014 do not skip step 4 entirely on a single subagent failure. each subagent gets:
+   - the diff scope (incremental diff path if available, full diff otherwise). do NOT tell them to skip pre-existing issues \u2014 that suppresses regressions the new commits amplified; the "issues must be NEW" filter lives at aggregation time (step 5), not in the subagent prompt
+   - **only one lens** \u2014 never a multi-section "review for X, Y, and Z" prompt
+   - **a Task \`description\` set to the lens name** (e.g. \`"security"\`, \`"correctness"\`, \`"billing-subsystem"\`) \u2014 the harness reads this field to label the subagent's log lines so parallel runs can be told apart in CI output. without it, every subagent shows up as \`subagent#N\`.
+   - the read-only contract restated in your dispatch instructions so the rule is present twice (the subagent's system prompt also enforces it). The test: would this call still be a no-op if reverted? If not (PR comments, branch pushes, issue updates, set_output, label changes, dependency installs, etc.), don't make it.
+   - if the lens touches external contracts, instruct the subagent to verify load-bearing claims via web search and quote source URLs. action runs are non-interactive \u2014 there's no human to catch "I'm pretty sure Stripe does X."
+   - ask the subagent to report findings with file paths and NEW line numbers from the full PR diff so you can anchor inline comments.
 
-4. For each area of the new changes:
-   - review the incremental diff while using the full diff for context
-   - check whether prior review feedback was addressed by the new commits
-   - trace data flow, check boundaries, verify assumptions, consider lifecycle, spot performance issues
-   - if the new commits remove, rename, or deprecate anything, run impact analysis with grep across code/tests/docs/comments/configs to find stale references and include those findings in the summary body
-   - never repeat prior feedback. only comment on genuinely new issues introduced by the new commits.
-   - draft inline comments with NEW line numbers from the full PR diff \u2014 every comment must be actionable (2-3 sentences max)
-   - for large or cross-cutting PRs, consider delegating read-only subagents for parallel investigation. subagents must ONLY read files, grep, and search \u2014 no MCP tools, no writes, no shell commands, no side effects. collect their findings and use them to draft comments.
+   delegation discipline:
+   - do NOT lens-review the diff yourself in parallel with the subagents
+   - do NOT summarize the changes for them (biases toward validation frame)
+   - do NOT hand them a curated reading list (let them discover scope)
+   - do NOT pre-shape their output with a finding schema
+   - do NOT mention the other lenses (independence is the point)
 
-5. Self-critique: drop any comments that are praise, style preferences, speculative, about pre-existing code, or not actionable.
+5. **aggregate, draft, self-critique**: merge findings; de-dup overlaps; trace each finding yourself. drop praise, style preferences, speculative/unverified claims, findings about pre-existing code unrelated to the new commits, anything not actionable, and anything that re-states prior review feedback (heuristic: if the finding's root cause lives in lines the *new commits* added or modified, it's in scope; otherwise drop). also drop **bloat-shaped findings** \u2014 proposed fixes that would add defensive checks for cases that can't happen, abstractions used once, comments restating obvious code, tests asserting tautologies, or "just-in-case" guards. subagents are fallible and bias toward recommending changes; the bar for an actionable inline comment is sound + correct + elegant. recommending a change that improves only one of the three (or degrades elegance to nominally improve correctness) makes the codebase worse, not better. To compute "lines the new commits added or modified": if \`incrementalDiffPath\` from step 1 is present, use it directly. Otherwise, take the prior Pullfrog review's \`commit_id\` (returned alongside each entry from \`${t("list_pull_request_reviews")}\` in step 3) and run \`git diff <prior-review-sha>..HEAD\` to isolate the lines added since that review. draft inline comments with NEW line numbers from the full PR diff \u2014 every comment must be actionable, 2-3 sentences max.
 
-6. **Summarize**: build two distinct sections for the review body:
+   then check: which prior review comments were addressed by the new commits? track the addressed ones for step 6b.
+
+6. **build the review body** \u2014 two distinct sections:
    a. **Reviewed changes**: summarize at the logical-change level, not per-file. each bullet starts with a past-tense verb (e.g. \`- Extracted shared CLI runtime into a single module\`, \`- Renamed package to pullfrog\`). avoid file paths unless they add clarity. if the changes can be described in one sentence, use one sentence \u2014 no bullets needed.
    b. **Prior review feedback** (only if any were addressed): list only the prior review comments that WERE addressed by the new commits (\`- [x] safeParse instead of parse \u2014 addressed\`). omit unaddressed comments. omit this entire section if nothing was addressed. a change can appear in both sections.
    - no headings, no tables, no prose paragraphs in either section \u2014 just bullets
@@ -145936,14 +146321,13 @@ function UploadFileTool(ctx) {
 
 // mcp/server.ts
 function initToolState(params) {
-  const parsed2 = params.progressCommentId ? parseInt(params.progressCommentId, 10) : NaN;
-  const resolvedId = Number.isNaN(parsed2) || parsed2 <= 0 ? void 0 : parsed2;
-  if (resolvedId) {
-    log.info(`\xBB using pre-created progress comment: ${resolvedId}`);
+  const resolved = parseProgressComment(params.progressComment);
+  if (resolved) {
+    log.info(`\xBB using pre-created progress comment: ${resolved.id} (${resolved.type})`);
   }
   return {
-    progressCommentId: resolvedId,
-    hadProgressComment: !!resolvedId,
+    progressComment: resolved,
+    hadProgressComment: !!resolved,
     backgroundProcesses: /* @__PURE__ */ new Map(),
     usageEntries: []
   };
@@ -146122,8 +146506,8 @@ async function startMcpHttpServer(ctx, options) {
 
 // agents/claude.ts
 import { execFileSync as execFileSync3 } from "node:child_process";
-import { mkdirSync as mkdirSync3, writeFileSync as writeFileSync6 } from "node:fs";
-import { join as join9 } from "node:path";
+import { mkdirSync as mkdirSync4, writeFileSync as writeFileSync7 } from "node:fs";
+import { join as join10 } from "node:path";
 import { performance as performance6 } from "node:perf_hooks";
 
 // utils/install.ts
@@ -146232,8 +146616,35 @@ function detectProviderError(text) {
 
 // utils/skills.ts
 import { spawnSync as spawnSync5 } from "node:child_process";
+import { existsSync as existsSync6, mkdirSync as mkdirSync3, readFileSync as readFileSync4, writeFileSync as writeFileSync6 } from "node:fs";
 import { tmpdir } from "node:os";
+import { dirname as dirname2, join as join9 } from "node:path";
+import { fileURLToPath } from "node:url";
 var skillsVersion = getDevDependencyVersion("skills");
+var BUNDLED_SKILL_NAMES = ["git-archaeology"];
+function resolveSkillPath(name) {
+  const here = dirname2(fileURLToPath(import.meta.url));
+  const candidates = [
+    join9(here, "..", "skills", name, "SKILL.md"),
+    join9(here, "skills", name, "SKILL.md")
+  ];
+  for (const candidate of candidates) {
+    if (existsSync6(candidate)) return candidate;
+  }
+  throw new Error(`bundled skill not found: ${name} (looked in ${candidates.join(", ")})`);
+}
+var SKILL_TARGET_DIRS = [".opencode/skills", ".claude/skills", ".agents/skills"];
+function installBundledSkills(params) {
+  for (const name of BUNDLED_SKILL_NAMES) {
+    const content = readFileSync4(resolveSkillPath(name), "utf8");
+    for (const targetDir of SKILL_TARGET_DIRS) {
+      const skillDir = join9(params.home, targetDir, name);
+      mkdirSync3(skillDir, { recursive: true });
+      writeFileSync6(join9(skillDir, "SKILL.md"), content);
+    }
+  }
+  log.info(`installed bundled skills: ${BUNDLED_SKILL_NAMES.join(", ")}`);
+}
 function addSkill(params) {
   const result = spawnSync5(
     "npx",
@@ -146307,6 +146718,213 @@ var ThinkingTimer = class {
   }
 };
 
+// agents/postRun.ts
+var MAX_HOOK_OUTPUT_CHARS = 4096;
+function truncateHookOutput(raw2) {
+  if (raw2.length <= MAX_HOOK_OUTPUT_CHARS) return raw2;
+  return `...(truncated, showing last ${MAX_HOOK_OUTPUT_CHARS} chars)
+${raw2.slice(-MAX_HOOK_OUTPUT_CHARS)}`;
+}
+async function executeStopHook(script) {
+  log.info("\xBB executing stop hook...");
+  try {
+    const result = await spawn({
+      cmd: "bash",
+      args: ["-c", script],
+      env: process.env,
+      timeout: LIFECYCLE_HOOK_TIMEOUT_MS,
+      activityTimeout: 0,
+      onStdout: (chunk) => process.stdout.write(chunk),
+      onStderr: (chunk) => process.stderr.write(chunk)
+    });
+    if (result.exitCode === 0) {
+      log.info("\xBB stop hook passed");
+      return null;
+    }
+    const combined = [result.stderr.trim(), result.stdout.trim()].filter(Boolean).join("\n");
+    const output = truncateHookOutput(combined);
+    log.info(`\xBB stop hook failed with exit code ${result.exitCode}`);
+    return { exitCode: result.exitCode, output };
+  } catch (err) {
+    const isTimeout = err instanceof SpawnTimeoutError && (err.code === SPAWN_TIMEOUT_CODE || err.code === SPAWN_ACTIVITY_TIMEOUT_CODE);
+    const msg = err instanceof Error ? err.message : String(err);
+    log.warning(
+      `stop hook ${isTimeout ? "timed out" : "failed to spawn"}: ${msg} \u2014 skipping retry`
+    );
+    return null;
+  }
+}
+function buildStopHookPrompt(failure) {
+  return [
+    `STOP HOOK FAILED \u2014 the repo-configured stop hook exited with code ${failure.exitCode}. your work is not done until the hook exits cleanly. address the issue below and push any resulting changes to a pull request.`,
+    "",
+    "```",
+    failure.output || "(no output)",
+    "```"
+  ].join("\n");
+}
+async function collectPostRunIssues(params) {
+  const issues = {};
+  if (params.stopScript) {
+    const failure = await executeStopHook(params.stopScript);
+    if (failure) issues.stopHook = failure;
+  }
+  const status = getGitStatus();
+  if (status) issues.dirtyTree = status;
+  return issues;
+}
+function buildPostRunPrompt(issues) {
+  const parts = [];
+  if (issues.stopHook) parts.push(buildStopHookPrompt(issues.stopHook));
+  if (issues.dirtyTree) parts.push(buildCommitPrompt(issues.dirtyTree));
+  return parts.join("\n\n---\n\n");
+}
+function buildLearningsReflectionPrompt(agentId) {
+  const t = (name) => formatMcpToolRef(agentId, name);
+  return [
+    `REFLECTION \u2014 before you finish, think back over this task: did you discover anything about this repo's setup, test commands, conventions, or patterns that you are confident is correct and would reliably help future runs?`,
+    "",
+    `if so, call \`${t("update_learnings")}\` to persist it.`,
+    "",
+    `rules:`,
+    `- only call \`${t("update_learnings")}\` when the finding is high-confidence and broadly useful. skip if unsure, speculative, or one-off.`,
+    `- pass the FULL merged list: existing learnings from the original prompt + your new discoveries. one fact per bullet, lines starting with \`- \`.`,
+    `- deduplicate, and drop bullets that are clearly wrong or no longer relevant to the current codebase.`,
+    `- if you already called \`${t("update_learnings")}\` earlier in this run, or nothing new is worth capturing, just reply "done" and stop \u2014 do not edit the repo for this reflection.`
+  ].join("\n");
+}
+async function runPostRunRetryLoop(params) {
+  let result = params.initialResult;
+  let aggregatedUsage = params.initialUsage;
+  let finalIssues = {};
+  let gateResumeCount = 0;
+  let pendingReflection = params.reflectionPrompt;
+  while (gateResumeCount < MAX_POST_RUN_RETRIES) {
+    if (!result.success) break;
+    const issues = await collectPostRunIssues({ stopScript: params.stopScript });
+    finalIssues = issues;
+    if (!hasPostRunIssues(issues)) {
+      if (!pendingReflection) break;
+      if (params.canResume && !params.canResume(result)) break;
+      log.info("\xBB post-run reflection: nudging agent to update learnings if relevant");
+      const preReflection = result;
+      const reflectionResult = await params.resume({
+        prompt: pendingReflection,
+        previousResult: result
+      });
+      aggregatedUsage = mergeAgentUsage(aggregatedUsage, reflectionResult.usage);
+      pendingReflection = void 0;
+      if (!reflectionResult.success) {
+        log.warning(
+          `\xBB reflection turn failed (${reflectionResult.error ?? "unknown error"}), preserving prior successful result`
+        );
+        result = preReflection;
+        break;
+      }
+      result = {
+        ...reflectionResult,
+        output: preReflection.output || reflectionResult.output
+      };
+      continue;
+    }
+    if (params.canResume && !params.canResume(result)) {
+      log.info("\xBB post-run retry skipped: cannot resume agent session");
+      break;
+    }
+    log.info(`\xBB post-run retry (attempt ${gateResumeCount + 1}/${MAX_POST_RUN_RETRIES})`);
+    const prompt = buildPostRunPrompt(issues);
+    result = await params.resume({ prompt, previousResult: result });
+    aggregatedUsage = mergeAgentUsage(aggregatedUsage, result.usage);
+    gateResumeCount++;
+  }
+  if (gateResumeCount > 0 && result.success && hasPostRunIssues(finalIssues)) {
+    finalIssues = await collectPostRunIssues({ stopScript: params.stopScript });
+  }
+  if (result.success && finalIssues.stopHook) {
+    const retryNote = gateResumeCount > 0 ? ` after ${gateResumeCount} retry ${gateResumeCount === 1 ? "attempt" : "attempts"}` : "";
+    return {
+      ...result,
+      success: false,
+      error: `stop hook failed${retryNote} (exit code ${finalIssues.stopHook.exitCode}): ${finalIssues.stopHook.output || "(no output)"}`,
+      usage: aggregatedUsage
+    };
+  }
+  return { ...result, usage: aggregatedUsage };
+}
+
+// agents/sessionLabeler.ts
+var ORCHESTRATOR_LABEL = "orchestrator";
+var LENS_PROMPT_PATTERN = /^\s*(?:lens|Lens|LENS)\s*[:=]\s*([A-Za-z][\w &/.-]{0,60})/m;
+function slug(value2) {
+  return value2.trim().toLowerCase().replace(/[^\w-]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 40);
+}
+function deriveLabelFromTaskInput(input) {
+  if (typeof input.prompt === "string") {
+    const match3 = input.prompt.match(LENS_PROMPT_PATTERN);
+    if (match3?.[1]) {
+      const slugged = slug(match3[1]);
+      if (slugged) return `lens:${slugged}`;
+    }
+  }
+  if (input.description) {
+    const slugged = slug(input.description);
+    if (slugged) return `lens:${slugged}`;
+  }
+  if (input.subagent_type) {
+    return input.subagent_type;
+  }
+  return "subagent";
+}
+var SessionLabeler = class {
+  labels = /* @__PURE__ */ new Map();
+  pendingLabels = [];
+  fallbackCounter = 0;
+  recordTaskDispatch(input) {
+    const label = deriveLabelFromTaskInput(input);
+    this.pendingLabels.push(label);
+    return label;
+  }
+  /**
+   * Return a label for the given sessionID. Binds on first call.
+   * Pass undefined/empty for events that lack a session id — the caller
+   * gets ORCHESTRATOR_LABEL so the line is still attributable.
+   */
+  labelFor(sessionID) {
+    if (!sessionID) return ORCHESTRATOR_LABEL;
+    const existing = this.labels.get(sessionID);
+    if (existing) return existing;
+    let label;
+    if (this.labels.size === 0) {
+      label = ORCHESTRATOR_LABEL;
+    } else if (this.pendingLabels.length > 0) {
+      label = this.pendingLabels.shift();
+    } else {
+      this.fallbackCounter += 1;
+      label = `subagent#${this.fallbackCounter}`;
+    }
+    this.labels.set(sessionID, label);
+    return label;
+  }
+  /** number of distinct sessions seen so far (for diagnostics) */
+  size() {
+    return this.labels.size;
+  }
+  /** all (sessionID, label) pairs, oldest first */
+  entries() {
+    return Array.from(this.labels.entries());
+  }
+  /** how many pending labels are queued waiting to bind to a new session */
+  pendingDispatchCount() {
+    return this.pendingLabels.length;
+  }
+};
+function formatWithLabel(label, message) {
+  const MAGENTA2 = "\x1B[35m";
+  const RESET2 = "\x1B[0m";
+  const colored = `${MAGENTA2}[${label}]${RESET2} `;
+  return message.split("\n").map((line) => `${colored}${line}`).join("\n");
+}
+
 // agents/claude.ts
 async function installClaudeCli() {
   return await installFromNpmTarball({
@@ -146317,10 +146935,10 @@ async function installClaudeCli() {
   });
 }
 function writeMcpConfig(ctx) {
-  const configDir = join9(ctx.tmpdir, ".claude");
-  mkdirSync3(configDir, { recursive: true });
-  const configPath = join9(configDir, "mcp.json");
-  writeFileSync6(
+  const configDir = join10(ctx.tmpdir, ".claude");
+  mkdirSync4(configDir, { recursive: true });
+  const configPath = join10(configDir, "mcp.json");
+  writeFileSync7(
     configPath,
     JSON.stringify({
       mcpServers: {
@@ -146330,6 +146948,15 @@ function writeMcpConfig(ctx) {
   );
   return configPath;
 }
+function buildAgentsJson() {
+  const agents2 = {
+    [REVIEWER_AGENT_NAME]: {
+      description: "Read-only review subagent for self-review and lens-based code review. Reads only \u2014 no writes, no state-changing shell or MCP calls, no nested subagent dispatch.",
+      prompt: REVIEWER_SYSTEM_PROMPT
+    }
+  };
+  return JSON.stringify(agents2);
+}
 function stripProviderPrefix(specifier) {
   const slashIndex = specifier.indexOf("/");
   return slashIndex > 0 ? specifier.slice(slashIndex + 1) : specifier;
@@ -146380,6 +147007,13 @@ async function runClaude(params) {
           }
           thinkingTimer.markToolCall();
           log.toolCall({ toolName, input: block.input || {} });
+          if (toolName === "Task" && block.input && typeof block.input === "object") {
+            const taskInput = block.input;
+            const label = deriveLabelFromTaskInput(taskInput);
+            log.info(
+              `\xBB dispatching subagent: ${label}` + (taskInput.subagent_type ? ` (subagent_type=${taskInput.subagent_type})` : "")
+            );
+          }
           if (toolName.includes("report_progress") && params.todoTracker) {
             log.debug("\xBB report_progress detected, disabling todo tracking");
             params.todoTracker.cancel();
@@ -146645,9 +147279,9 @@ var claude = agent({
     const model = specifier ? stripProviderPrefix(specifier) : void 0;
     const homeEnv = {
       HOME: ctx.tmpdir,
-      XDG_CONFIG_HOME: join9(ctx.tmpdir, ".config")
+      XDG_CONFIG_HOME: join10(ctx.tmpdir, ".config")
     };
-    mkdirSync3(join9(homeEnv.XDG_CONFIG_HOME, "claude"), { recursive: true });
+    mkdirSync4(join10(homeEnv.XDG_CONFIG_HOME, "claude"), { recursive: true });
     const agentBrowserVersion = getDevDependencyVersion("agent-browser");
     addSkill({
       ref: `vercel-labs/agent-browser@v${agentBrowserVersion}`,
@@ -146655,6 +147289,7 @@ var claude = agent({
       env: homeEnv,
       agent: "claude"
     });
+    installBundledSkills({ home: homeEnv.HOME });
     const mcpConfigPath = writeMcpConfig(ctx);
     const effort = resolveEffort(model);
     installManagedSettings();
@@ -146669,7 +147304,9 @@ var claude = agent({
       "--effort",
       effort,
       "--disallowedTools",
-      "Bash,Agent(Bash)"
+      "Bash,Agent(Bash)",
+      "--agents",
+      buildAgentsJson()
     ];
     if (model) {
       baseArgs.push("--model", model);
@@ -146690,37 +147327,32 @@ var claude = agent({
       onActivityTimeout: ctx.onActivityTimeout,
       onToolUse: ctx.onToolUse
     };
-    let result = await runClaude({
+    const result = await runClaude({
       ...runParams,
       args: [...baseArgs, "-p", ctx.instructions.full]
     });
-    let aggregatedUsage = result.usage;
-    for (let attempt = 0; attempt < MAX_COMMIT_RETRIES; attempt++) {
-      if (!result.success || !result.sessionId) break;
-      const status = getGitStatus();
-      if (!status) break;
-      log.info(`\xBB dirty working tree (attempt ${attempt + 1}/${MAX_COMMIT_RETRIES}):
-${status}`);
-      result = await runClaude({
-        ...runParams,
-        args: [
-          ...baseArgs,
-          "-p",
-          buildCommitPrompt("claude", status),
-          "--resume",
-          result.sessionId
-        ]
-      });
-      aggregatedUsage = mergeAgentUsage(aggregatedUsage, result.usage);
-    }
-    return { ...result, usage: aggregatedUsage };
+    return runPostRunRetryLoop({
+      initialResult: result,
+      initialUsage: result.usage,
+      stopScript: ctx.stopScript,
+      reflectionPrompt: buildLearningsReflectionPrompt("claude"),
+      canResume: (r) => Boolean(r.sessionId),
+      resume: async (c) => {
+        const sessionId = c.previousResult.sessionId;
+        if (!sessionId) throw new Error("unreachable: canResume gated on sessionId");
+        return runClaude({
+          ...runParams,
+          args: [...baseArgs, "-p", c.prompt, "--resume", sessionId]
+        });
+      }
+    });
   }
 });
 
 // agents/opencode.ts
 import { execFileSync as execFileSync4 } from "node:child_process";
-import { mkdirSync as mkdirSync4 } from "node:fs";
-import { join as join10 } from "node:path";
+import { mkdirSync as mkdirSync5 } from "node:fs";
+import { join as join11 } from "node:path";
 import { performance as performance7 } from "node:perf_hooks";
 async function installOpencodeCli() {
   return await installFromNpmTarball({
@@ -146742,7 +147374,8 @@ function buildSecurityConfig(ctx, model) {
     },
     mcp: {
       [pullfrogMcpName]: { type: "remote", url: ctx.mcpServerUrl }
-    }
+    },
+    agent: buildReviewerAgentConfig()
   };
   if (model) {
     config3.model = model;
@@ -146753,6 +147386,15 @@ function buildSecurityConfig(ctx, model) {
   }
   return JSON.stringify(config3);
 }
+function buildReviewerAgentConfig() {
+  return {
+    [REVIEWER_AGENT_NAME]: {
+      description: "Read-only review subagent for self-review and lens-based code review. Reads only \u2014 no writes, no state-changing shell or MCP calls, no nested subagent dispatch.",
+      mode: "subagent",
+      prompt: REVIEWER_SYSTEM_PROMPT
+    }
+  };
+}
 function getOpenCodeModels(cliPath) {
   try {
     const output = execFileSync4(cliPath, ["models"], {
@@ -146801,6 +147443,29 @@ async function runOpenCode(params) {
   let currentStepId = null;
   let currentStepType = null;
   let stepHistory = [];
+  const labeler = new SessionLabeler();
+  function eventLabel(event) {
+    const sid = event.sessionID ?? event.session_id;
+    return labeler.labelFor(typeof sid === "string" ? sid : null);
+  }
+  function withLabel(label, message) {
+    return label === ORCHESTRATOR_LABEL ? message : formatWithLabel(label, message);
+  }
+  const taskDispatchByCallID = /* @__PURE__ */ new Map();
+  const pendingTaskDispatches = [];
+  const knownNonTaskCallIDs = /* @__PURE__ */ new Set();
+  function emitSubagentFinished(dispatch, status, output2, matchKind) {
+    const subagentDuration = performance7.now() - dispatch.startedAt;
+    const outputStr = typeof output2 === "string" ? output2 : "";
+    const outputPreview = outputStr.length > 120 ? `${outputStr.slice(0, 120)}\u2026` : outputStr;
+    const matchSuffix = matchKind === "fifo" ? " [fifo-matched]" : "";
+    log.info(
+      `\xBB subagent finished: ${dispatch.label} (${(subagentDuration / 1e3).toFixed(1)}s, status=${status})${matchSuffix}` + (outputPreview ? ` \u2014 ${outputPreview.replace(/\n/g, " ")}` : "")
+    );
+    taskDispatchByCallID.delete(dispatch.toolUseCallID);
+    const idx = pendingTaskDispatches.indexOf(dispatch);
+    if (idx >= 0) pendingTaskDispatches.splice(idx, 1);
+  }
   function buildUsage() {
     const totalInput = accumulatedTokens.input + accumulatedTokens.cacheRead + accumulatedTokens.cacheWrite;
     return totalInput > 0 || accumulatedTokens.output > 0 ? {
@@ -146814,39 +147479,63 @@ async function runOpenCode(params) {
   }
   const handlers2 = {
     init: (event) => {
+      const label = labeler.labelFor(event.session_id ?? null);
       log.debug(
-        `\xBB ${params.label} init: session_id=${event.session_id || "unknown"}, model=${event.model || "unknown"}`
+        withLabel(
+          label,
+          `\xBB ${params.label} init: session_id=${event.session_id || "unknown"}, model=${event.model || "unknown"}`
+        )
       );
-      log.debug(`\xBB ${params.label} init event (full): ${JSON.stringify(event)}`);
-      finalOutput = "";
-      accumulatedTokens = { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 };
-      accumulatedCostUsd = 0;
-      tokensLogged = false;
+      log.debug(withLabel(label, `\xBB ${params.label} init event (full): ${JSON.stringify(event)}`));
+      if (label === ORCHESTRATOR_LABEL) {
+        finalOutput = "";
+        accumulatedTokens = { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 };
+        accumulatedCostUsd = 0;
+        tokensLogged = false;
+      } else {
+        log.info(`\xBB ${params.label} subagent init: ${label} (session ${event.session_id || "?"})`);
+      }
     },
     message: (event) => {
+      const label = eventLabel(event);
       if (event.role === "assistant" && event.content?.trim()) {
         const message = event.content.trim();
         if (event.delta) {
           log.debug(
-            `\xBB ${params.label} thinking: ${message.substring(0, 300)}${message.length > 300 ? "..." : ""}`
+            withLabel(
+              label,
+              `\xBB ${params.label} thinking: ${message.substring(0, 300)}${message.length > 300 ? "..." : ""}`
+            )
           );
         } else {
           log.debug(
-            `\xBB ${params.label} message (${event.role}): ${message.substring(0, 100)}${message.length > 100 ? "..." : ""}`
+            withLabel(
+              label,
+              `\xBB ${params.label} message (${event.role}): ${message.substring(0, 100)}${message.length > 100 ? "..." : ""}`
+            )
           );
-          finalOutput = message;
+          if (label === ORCHESTRATOR_LABEL) {
+            finalOutput = message;
+          }
         }
       } else if (event.role === "user") {
         log.debug(
-          `\xBB ${params.label} message (${event.role}): ${event.content?.substring(0, 100) || ""}${event.content && event.content.length > 100 ? "..." : ""}`
+          withLabel(
+            label,
+            `\xBB ${params.label} message (${event.role}): ${event.content?.substring(0, 100) || ""}${event.content && event.content.length > 100 ? "..." : ""}`
+          )
         );
       }
     },
     text: (event) => {
       if (event.part?.text?.trim()) {
         const message = event.part.text.trim();
-        log.box(message, { title: params.label });
-        finalOutput = message;
+        const label = eventLabel(event);
+        const boxTitle = label === ORCHESTRATOR_LABEL ? params.label : `${params.label} [${label}]`;
+        log.box(message, { title: boxTitle });
+        if (label === ORCHESTRATOR_LABEL) {
+          finalOutput = message;
+        }
       }
     },
     step_start: (event) => {
@@ -146882,6 +147571,23 @@ async function runOpenCode(params) {
         );
         return;
       }
+      if (toolName === "task") {
+        const taskInput = event.part?.state?.input ?? {};
+        const dispatchedLabel = labeler.recordTaskDispatch(taskInput);
+        const dispatch = {
+          label: dispatchedLabel,
+          startedAt: performance7.now(),
+          toolUseCallID: toolId
+        };
+        taskDispatchByCallID.set(toolId, dispatch);
+        pendingTaskDispatches.push(dispatch);
+        log.info(
+          `\xBB dispatching subagent: ${dispatchedLabel}` + (taskInput.subagent_type ? ` (subagent_type=${taskInput.subagent_type})` : "")
+        );
+      } else {
+        knownNonTaskCallIDs.add(toolId);
+      }
+      const label = eventLabel(event);
       if (stepHistory.length > 0) {
         stepHistory[stepHistory.length - 1].toolCalls.push(toolName);
       }
@@ -146892,9 +147598,11 @@ async function runOpenCode(params) {
         });
       }
       thinkingTimer.markToolCall();
-      log.toolCall({ toolName, input: event.part?.state?.input || {} });
+      const inputFormatted = formatJsonValue(event.part?.state?.input || {});
+      const toolCallLine = inputFormatted !== "{}" ? `\xBB ${toolName}(${inputFormatted})` : `\xBB ${toolName}()`;
+      log.info(withLabel(label, toolCallLine));
       if (event.part?.state?.status === "completed" && event.part.state.output) {
-        log.debug(`  output: ${event.part.state.output}`);
+        log.debug(withLabel(label, `  output: ${event.part.state.output}`));
       }
       if (toolName.includes("report_progress") && params.todoTracker) {
         log.debug("\xBB report_progress detected, disabling todo tracking");
@@ -146908,7 +147616,20 @@ async function runOpenCode(params) {
       const toolId = event.part?.callID || event.tool_id;
       const status = event.part?.state?.status || event.status || "unknown";
       const output2 = event.part?.state?.output || event.output;
+      const label = eventLabel(event);
       thinkingTimer.markToolResult();
+      if (taskDispatchByCallID.size > 0 || pendingTaskDispatches.length > 0) {
+        if (toolId && taskDispatchByCallID.has(toolId)) {
+          const dispatch = taskDispatchByCallID.get(toolId);
+          if (dispatch) emitSubagentFinished(dispatch, status, output2, "exact");
+        } else {
+          const callIDIsKnownNonTask = toolId ? knownNonTaskCallIDs.has(toolId) : false;
+          if (!callIDIsKnownNonTask && pendingTaskDispatches.length > 0) {
+            const dispatch = pendingTaskDispatches[0];
+            emitSubagentFinished(dispatch, status, output2, "fifo");
+          }
+        }
+      }
       if (toolId) {
         const toolStartTime = toolCallTimings.get(toolId);
         if (toolStartTime) {
@@ -146916,24 +147637,35 @@ async function runOpenCode(params) {
           toolCallTimings.delete(toolId);
           const stepContext = currentStepId ? ` (step=${currentStepType || "unknown"})` : "";
           log.debug(
-            `\xBB ${params.label} tool_result${stepContext}: id=${toolId}, status=${status}, duration=${Math.round(toolDuration)}ms`
+            withLabel(
+              label,
+              `\xBB ${params.label} tool_result${stepContext}: id=${toolId}, status=${status}, duration=${Math.round(toolDuration)}ms`
+            )
           );
           if (output2) {
-            log.debug(`  output: ${typeof output2 === "string" ? output2 : JSON.stringify(output2)}`);
+            log.debug(
+              withLabel(
+                label,
+                `  output: ${typeof output2 === "string" ? output2 : JSON.stringify(output2)}`
+              )
+            );
           }
           if (toolDuration > 5e3) {
             log.info(
-              `\xBB tool call took ${(toolDuration / 1e3).toFixed(1)}s - may indicate network latency`
+              withLabel(
+                label,
+                `\xBB tool call took ${(toolDuration / 1e3).toFixed(1)}s - may indicate network latency`
+              )
             );
           }
         }
       }
       if (status === "error") {
         const errorMsg = typeof output2 === "string" ? output2 : JSON.stringify(output2);
-        log.info(`\xBB tool call failed: ${errorMsg}`);
+        log.info(withLabel(label, `\xBB tool call failed: ${errorMsg}`));
       } else if (output2) {
         const outputStr = typeof output2 === "string" ? output2 : JSON.stringify(output2);
-        log.debug(`tool output: ${outputStr}`);
+        log.debug(withLabel(label, `tool output: ${outputStr}`));
       }
     },
     result: async (event) => {
@@ -147030,6 +147762,16 @@ async function runOpenCode(params) {
     } else {
       params.todoTracker?.cancel();
     }
+    if (pendingTaskDispatches.length > 0) {
+      for (const dispatch of [...pendingTaskDispatches]) {
+        const elapsed = performance7.now() - dispatch.startedAt;
+        log.info(
+          `\xBB subagent finished (inferred at run-end): ${dispatch.label} (\u2264${(elapsed / 1e3).toFixed(1)}s) \u2014 no matching tool_result observed; subagent reply likely arrived via assistant message`
+        );
+      }
+      pendingTaskDispatches.length = 0;
+      taskDispatchByCallID.clear();
+    }
     const duration4 = performance7.now() - startTime;
     log.info(
       `\xBB ${params.label} completed in ${Math.round(duration4)}ms with exit code ${result.exitCode}`
@@ -147097,9 +147839,9 @@ var opencode = agent({
     const model = ctx.payload.proxyModel ?? ctx.resolvedModel ?? autoSelectModel(cliPath);
     const homeEnv = {
       HOME: ctx.tmpdir,
-      XDG_CONFIG_HOME: join10(ctx.tmpdir, ".config")
+      XDG_CONFIG_HOME: join11(ctx.tmpdir, ".config")
     };
-    mkdirSync4(join10(homeEnv.XDG_CONFIG_HOME, "opencode"), { recursive: true });
+    mkdirSync5(join11(homeEnv.XDG_CONFIG_HOME, "opencode"), { recursive: true });
     const agentBrowserVersion = getDevDependencyVersion("agent-browser");
     addSkill({
       ref: `vercel-labs/agent-browser@v${agentBrowserVersion}`,
@@ -147107,6 +147849,7 @@ var opencode = agent({
       env: homeEnv,
       agent: "opencode"
     });
+    installBundledSkills({ home: homeEnv.HOME });
     const baseArgs = ["run", "--format", "json", "--print-logs"];
     const permissionOverride = JSON.stringify({
       external_directory: { "*": "deny", "/tmp/*": "allow" }
@@ -147130,24 +147873,20 @@ var opencode = agent({
       onActivityTimeout: ctx.onActivityTimeout,
       onToolUse: ctx.onToolUse
     };
-    let result = await runOpenCode({
+    const result = await runOpenCode({
       ...runParams,
       args: [...baseArgs, ctx.instructions.full]
     });
-    let aggregatedUsage = result.usage;
-    for (let attempt = 0; attempt < MAX_COMMIT_RETRIES; attempt++) {
-      if (!result.success) break;
-      const status = getGitStatus();
-      if (!status) break;
-      log.info(`\xBB dirty working tree (attempt ${attempt + 1}/${MAX_COMMIT_RETRIES}):
-${status}`);
-      result = await runOpenCode({
+    return runPostRunRetryLoop({
+      initialResult: result,
+      initialUsage: result.usage,
+      stopScript: ctx.stopScript,
+      reflectionPrompt: buildLearningsReflectionPrompt("opencode"),
+      resume: async (c) => runOpenCode({
         ...runParams,
-        args: [...baseArgs, "--continue", buildCommitPrompt("opencode", status)]
-      });
-      aggregatedUsage = mergeAgentUsage(aggregatedUsage, result.usage);
-    }
-    return { ...result, usage: aggregatedUsage };
+        args: [...baseArgs, "--continue", c.prompt]
+      })
+    });
   }
 });
 
@@ -147335,7 +148074,7 @@ async function fetchBodyHtml(ctx) {
 var core2 = __toESM(require_core(), 1);
 import { createSign } from "node:crypto";
 import { rename, writeFile } from "node:fs/promises";
-import { dirname as dirname2, join as join11 } from "node:path";
+import { dirname as dirname3, join as join12 } from "node:path";
 
 // node_modules/.pnpm/@octokit+plugin-throttling@11.0.3_@octokit+core@7.0.5/node_modules/@octokit/plugin-throttling/dist-bundle/index.js
 var import_light = __toESM(require_light(), 1);
@@ -151167,7 +151906,7 @@ function getGitHubUsageSummary() {
 }
 async function writeGitHubUsageSummaryToFile(path3) {
   const summary2 = getGitHubUsageSummary();
-  const tmpPath = join11(dirname2(path3), `.usage-summary-${process.pid}.tmp`);
+  const tmpPath = join12(dirname3(path3), `.usage-summary-${process.pid}.tmp`);
   await writeFile(tmpPath, JSON.stringify(summary2));
   await rename(tmpPath, path3);
 }
@@ -151325,8 +152064,8 @@ async function reportErrorToComment(ctx) {
   const formattedError = ctx.title ? `${ctx.title}
 
 ${ctx.error}` : ctx.error;
-  const commentId = ctx.toolState.progressCommentId;
-  if (!commentId) {
+  const comment = ctx.toolState.progressComment;
+  if (!comment) {
     return;
   }
   const repoContext = parseRepoContext();
@@ -151345,20 +152084,19 @@ ${ctx.error}` : ctx.error;
     customParts,
     model: ctx.toolState.model
   });
-  await octokit.rest.issues.updateComment({
-    owner: repoContext.owner,
-    repo: repoContext.name,
-    comment_id: commentId,
-    body: `${formattedError}${footer}`
-  });
+  await updateProgressComment(
+    { octokit, owner: repoContext.owner, repo: repoContext.name },
+    comment,
+    `${formattedError}${footer}`
+  );
   ctx.toolState.wasUpdated = true;
 }
 
 // utils/gitAuthServer.ts
 import { randomUUID as randomUUID3 } from "node:crypto";
-import { writeFileSync as writeFileSync7 } from "node:fs";
+import { writeFileSync as writeFileSync8 } from "node:fs";
 import { createServer as createServer2 } from "node:http";
-import { join as join12 } from "node:path";
+import { join as join13 } from "node:path";
 var CODE_TTL_MS = 5 * 60 * 1e3;
 var TAMPER_WINDOW_MS = 6e4;
 function revokeGitHubToken(token) {
@@ -151430,7 +152168,7 @@ async function startGitAuthServer(tmpdir3) {
   function writeAskpassScript(code) {
     const scriptId = randomUUID3();
     const scriptName = `askpass-${scriptId}.js`;
-    const scriptPath = join12(tmpdir3, scriptName);
+    const scriptPath = join13(tmpdir3, scriptName);
     const content = [
       `#!/usr/bin/env node`,
       `var a=process.argv[2]||"";`,
@@ -151445,7 +152183,7 @@ async function startGitAuthServer(tmpdir3) {
       `try{require("fs").unlinkSync("${scriptPath.replace(/\\/g, "\\\\")}")}catch(e){}`,
       `})}).on("error",function(){process.exit(1)})}`
     ].join("\n");
-    writeFileSync7(scriptPath, content, { mode: 448 });
+    writeFileSync8(scriptPath, content, { mode: 448 });
     return scriptPath;
   }
   async function close() {
@@ -151850,7 +152588,10 @@ var JsonPayload = type({
   "eventInstructions?": "string",
   "event?": "object",
   "timeout?": "string | undefined",
-  "progressCommentId?": "string | undefined"
+  "progressComment?": type({
+    id: "string",
+    type: "'issue' | 'review'"
+  }).or("undefined")
 });
 var COLLABORATOR_PERMISSIONS = ["admin", "maintain", "write"];
 function isCollaborator(event) {
@@ -151932,7 +152673,7 @@ function resolvePayload(resolvedPromptInput, repoSettings) {
     event,
     timeout: inputs.timeout ?? jsonPayload?.timeout,
     cwd: resolveCwd(inputs.cwd),
-    progressCommentId: jsonPayload?.progressCommentId,
+    progressComment: jsonPayload?.progressComment,
     // permissions: inputs > repoSettings > fallbacks
     push: inputs.push ?? repoSettings.push ?? "restricted",
     shell: resolvedShell,
@@ -152015,7 +152756,9 @@ async function handleAgentResult(ctx) {
       output: ctx.result.output
     };
   }
-  if (!ctx.toolState.wasUpdated && ctx.toolState.hadProgressComment && !ctx.silent) {
+  const mode = ctx.toolState.selectedMode;
+  const isReviewMode = mode === "Review" || mode === "IncrementalReview";
+  if (!isReviewMode && !ctx.toolState.wasUpdated && ctx.toolState.hadProgressComment && !ctx.silent) {
     const error49 = ctx.result.error || "agent completed without reporting progress";
     try {
       await reportErrorToComment({
@@ -152038,16 +152781,17 @@ async function handleAgentResult(ctx) {
   };
 }
 
-// utils/runContextData.ts
-var core5 = __toESM(require_core(), 1);
-
 // utils/runContext.ts
+function isInfraCovered(params) {
+  return params.isOss || params.plan === "payg";
+}
 var defaultSettings = {
   model: null,
   modes: [],
   setupScript: null,
   postCheckoutScript: null,
   prepushScript: null,
+  stopScript: null,
   push: "restricted",
   shell: "restricted",
   prApproveEnabled: false,
@@ -152058,7 +152802,8 @@ var defaultSettings = {
 var defaultRunContext = {
   settings: defaultSettings,
   apiToken: "",
-  oss: false
+  oss: false,
+  plan: "none"
 };
 async function fetchRunContext(params) {
   const timeoutMs = 3e4;
@@ -152092,10 +152837,12 @@ async function fetchRunContext(params) {
         modes: data.settings?.modes ?? [],
         setupScript: data.settings?.setupScript ?? null,
         postCheckoutScript: data.settings?.postCheckoutScript ?? null,
-        prepushScript: data.settings?.prepushScript ?? null
+        prepushScript: data.settings?.prepushScript ?? null,
+        stopScript: data.settings?.stopScript ?? null
       },
       apiToken: data.apiToken,
       oss: data.oss ?? false,
+      plan: data.plan ?? "none",
       proxyModel: data.proxyModel,
       dbSecrets: data.dbSecrets
     };
@@ -152106,6 +152853,7 @@ async function fetchRunContext(params) {
 }
 
 // utils/runContextData.ts
+var core5 = __toESM(require_core(), 1);
 async function resolveRunContextData(params) {
   log.info(`\xBB running Pullfrog v${package_default.version}...`);
   const repoContext = parseRepoContext();
@@ -152127,6 +152875,7 @@ async function resolveRunContextData(params) {
     repoSettings: runContext.settings,
     apiToken: runContext.apiToken,
     oss: runContext.oss,
+    plan: runContext.plan,
     proxyModel: runContext.proxyModel,
     dbSecrets: runContext.dbSecrets
   };
@@ -152136,9 +152885,9 @@ async function resolveRunContextData(params) {
 import { execFileSync as execFileSync5, execSync as execSync3 } from "node:child_process";
 import { mkdtempSync } from "node:fs";
 import { tmpdir as tmpdir2 } from "node:os";
-import { join as join13 } from "node:path";
+import { join as join14 } from "node:path";
 function createTempDirectory() {
-  const sharedTempDir = mkdtempSync(join13(tmpdir2(), "pullfrog-"));
+  const sharedTempDir = mkdtempSync(join14(tmpdir2(), "pullfrog-"));
   process.env.PULLFROG_TEMP_DIR = sharedTempDir;
   log.info(`\xBB created temp dir at ${sharedTempDir}`);
   return sharedTempDir;
@@ -152453,6 +153202,59 @@ function resolveAgentForLog(ctx) {
   }
   return ctx.agentName;
 }
+var BillingError = class extends Error {
+  code;
+  declineCode;
+  needsReauthentication;
+  constructor(message, opts = {}) {
+    super(message);
+    this.name = "BillingError";
+    this.code = opts.code ?? null;
+    this.declineCode = opts.declineCode ?? null;
+    this.needsReauthentication = opts.needsReauthentication ?? false;
+  }
+};
+var TransientError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "TransientError";
+  }
+};
+function formatBillingErrorSummary(error49) {
+  if (error49.code === "router_requires_card") {
+    return [
+      "### \u26D4 Pullfrog Router requires a card",
+      "",
+      "This run was going to use Pullfrog Router, which bills at raw OpenRouter cost and needs a card on file. Runs won't proceed until a card is added.",
+      "",
+      "[Add a card \u2192](https://pullfrog.com/console#model-access) \u2014 your first $20 of Router usage is free."
+    ].join("\n");
+  }
+  if (error49.needsReauthentication) {
+    return [
+      "### \u274C Pullfrog billing error \u2014 card requires 3DS on every charge",
+      "",
+      `Your card issuer requires a 3D Secure challenge on each off-session charge (\`${error49.declineCode ?? "authentication_required"}\`), which we can't run from the agent. Top up your Router credit balance manually \u2014 3DS runs interactively in Stripe Checkout, and subsequent runs draw from the prepaid balance without triggering another off-session charge.`,
+      "",
+      "[Top up your Router credit balance \u2192](https://pullfrog.com/console)"
+    ].join("\n");
+  }
+  const codeSuffix = error49.declineCode ? ` (\`${error49.declineCode}\`)` : "";
+  return `### \u274C Pullfrog billing error
+
+${error49.message}${codeSuffix}
+
+[Manage billing \u2192](https://pullfrog.com/console)`;
+}
+function formatTransientErrorSummary(error49) {
+  return [
+    "### \u26A0\uFE0F Pullfrog temporarily unavailable",
+    "",
+    error49.message,
+    "",
+    "This is typically transient \u2014 the next dispatch should succeed. If it persists, check [status.pullfrog.com](https://status.pullfrog.com)."
+  ].join("\n");
+}
 async function mintProxyKey(ctx) {
   try {
     process.env.ACTIONS_ID_TOKEN_REQUEST_URL = ctx.oidcCredentials.requestUrl;
@@ -152465,6 +153267,20 @@ async function mintProxyKey(ctx) {
       method: "POST",
       headers: { Authorization: `Bearer ${oidcToken}` }
     });
+    if (response.status === 402) {
+      const body = await response.json().catch(() => null);
+      throw new BillingError(body?.error ?? "insufficient balance", {
+        code: body?.code ?? null,
+        declineCode: body?.declineCode ?? null,
+        needsReauthentication: body?.needsReauthentication ?? false
+      });
+    }
+    if (response.status === 503) {
+      const body = await response.json().catch(() => null);
+      throw new TransientError(
+        body?.error ?? "billing service temporarily unavailable \u2014 retry shortly"
+      );
+    }
     if (!response.ok) {
       log.warning(`proxy key mint failed (${response.status})`);
       return null;
@@ -152472,6 +153288,8 @@ async function mintProxyKey(ctx) {
     const data = await response.json();
     return data.key;
   } catch (error49) {
+    if (error49 instanceof BillingError) throw error49;
+    if (error49 instanceof TransientError) throw error49;
     log.warning(`proxy key mint error: ${error49 instanceof Error ? error49.message : String(error49)}`);
     return null;
   } finally {
@@ -152481,19 +153299,19 @@ async function mintProxyKey(ctx) {
 }
 async function resolveProxyModel(ctx) {
   if (process.env.PULLFROG_MODEL?.trim()) return;
-  if (ctx.oss && ctx.proxyModel) {
-    if (!ctx.oidcCredentials) {
-      log.warning("\xBB oss repo but no OIDC credentials available \u2014 skipping proxy");
-      return;
-    }
-    const key = await mintProxyKey({ oidcCredentials: ctx.oidcCredentials });
-    if (!key) return;
-    process.env.OPENROUTER_API_KEY = key;
-    core6.setSecret(key);
-    ctx.payload.proxyModel = ctx.proxyModel;
-    log.info(`\xBB proxy: oss \u2192 ${ctx.proxyModel}`);
+  const needsProxy = isInfraCovered({ isOss: ctx.oss, plan: ctx.plan }) && ctx.proxyModel;
+  if (!needsProxy) return;
+  if (!ctx.oidcCredentials) {
+    log.warning("\xBB proxy requested but no OIDC credentials available \u2014 skipping");
     return;
   }
+  const key = await mintProxyKey({ oidcCredentials: ctx.oidcCredentials });
+  if (!key) return;
+  process.env.OPENROUTER_API_KEY = key;
+  core6.setSecret(key);
+  ctx.payload.proxyModel = ctx.proxyModel;
+  const label = ctx.oss ? "oss" : "router";
+  log.info(`\xBB proxy: ${label} \u2192 ${ctx.proxyModel}`);
 }
 async function writeJobSummary(toolState) {
   const usageSummary = formatUsageSummary(toolState.usageEntries);
@@ -152515,7 +153333,7 @@ async function main() {
     let safetyNetTimer;
     const resolvedPromptInput = resolvePromptInput();
     const toolState = initToolState({
-      progressCommentId: typeof resolvedPromptInput !== "string" ? resolvedPromptInput.progressCommentId : void 0
+      progressComment: typeof resolvedPromptInput !== "string" ? resolvedPromptInput.progressComment : void 0
     });
     resolveGit();
     const jobToken = getJobToken();
@@ -152549,12 +153367,33 @@ async function main() {
       delete process.env.ACTIONS_ID_TOKEN_REQUEST_URL;
       delete process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN;
     }
-    await resolveProxyModel({
-      payload,
-      oss: runContext.oss,
-      proxyModel: runContext.proxyModel,
-      oidcCredentials
-    });
+    try {
+      await resolveProxyModel({
+        payload,
+        oss: runContext.oss,
+        plan: runContext.plan,
+        proxyModel: runContext.proxyModel,
+        oidcCredentials
+      });
+    } catch (error49) {
+      if (error49 instanceof BillingError) {
+        const summary2 = formatBillingErrorSummary(error49);
+        await writeSummary(summary2).catch(() => {
+        });
+        await reportErrorToComment({ toolState, error: summary2 }).catch(() => {
+        });
+        throw error49;
+      }
+      if (error49 instanceof TransientError) {
+        const summary2 = formatTransientErrorSummary(error49);
+        await writeSummary(summary2).catch(() => {
+        });
+        await reportErrorToComment({ toolState, error: summary2 }).catch(() => {
+        });
+        throw error49;
+      }
+      throw error49;
+    }
     const octokit = createOctokit(tokenRef.mcpToken);
     const runInfo = await resolveRun({ octokit });
     let toolContext;
@@ -152628,6 +153467,8 @@ async function main() {
           jobId: runInfo.jobId,
           mcpServerUrl: "",
           tmpdir: tmpdir3,
+          oss: runContext.oss,
+          plan: runContext.plan,
           resolvedModel
         };
         const mcpHttpServer = __using(_stack, await startMcpHttpServer(toolContext, { outputSchema }), true);
@@ -152665,8 +153506,8 @@ ${instructions.user}` : null,
           log.info(instructions.full);
         });
         if (agentId === "opencode") {
-          const pluginDir = join14(process.cwd(), ".opencode", "plugin");
-          const hasPlugins = existsSync6(pluginDir) && readdirSync(pluginDir).some((f) => /\.[jt]sx?$/.test(f));
+          const pluginDir = join15(process.cwd(), ".opencode", "plugin");
+          const hasPlugins = existsSync7(pluginDir) && readdirSync(pluginDir).some((f) => /\.[jt]sx?$/.test(f));
           if (hasPlugins && toolState.dependencyInstallation?.promise) {
             log.info(
               "\xBB .opencode/plugin/ detected \u2014 awaiting dependency installation before agent start"
@@ -152691,6 +153532,9 @@ ${instructions.user}` : null,
           }
         });
         toolState.todoTracker = todoTracker;
+        onExitSignal(() => {
+          todoTracker?.cancel();
+        });
         let innerTimeoutFired = false;
         const onInnerActivityTimeout = () => {
           if (innerTimeoutFired) return;
@@ -152720,6 +153564,7 @@ ${instructions.user}` : null,
           tmpdir: tmpdir3,
           instructions,
           todoTracker,
+          stopScript: runContext.repoSettings.stopScript,
           onActivityTimeout: onInnerActivityTimeout,
           onToolUse: (event) => {
             const wasTracked = recordDiffReadFromToolUse({
@@ -152774,13 +153619,8 @@ ${instructions.user}` : null,
             log.debug(`post-review cleanup failed: ${error49}`);
           });
         }
-        if (toolContext && toolState.review && toolState.progressCommentId) {
-          await deleteProgressComment(toolContext).catch((error49) => {
-            log.debug(`review progress comment cleanup failed: ${error49}`);
-          });
-        }
         const trackerWasLastWriter = todoTracker?.hasPublished && !toolState.finalSummaryWritten;
-        if (toolContext && toolState.progressCommentId && (!toolState.wasUpdated || trackerWasLastWriter)) {
+        if (toolContext && toolState.progressComment && (!toolState.wasUpdated || trackerWasLastWriter)) {
           await deleteProgressComment(toolContext).catch((error49) => {
             log.debug(`stranded progress comment cleanup failed: ${error49}`);
           });