pullfrog 0.1.8 → 0.1.10

package/dist/index.js

@@ -19718,10 +19718,10 @@ var require_core = __commonJS({
       (0, command_1.issueCommand)("set-env", { name }, convertedVal);
     }
     exports.exportVariable = exportVariable;
-    function setSecret4(secret) {
+    function setSecret5(secret) {
       (0, command_1.issueCommand)("add-mask", {}, secret);
     }
-    exports.setSecret = setSecret4;
+    exports.setSecret = setSecret5;
     function addPath(inputPath) {
       const filePath = process.env["GITHUB_PATH"] || "";
       if (filePath) {
@@ -19732,7 +19732,7 @@ var require_core = __commonJS({
       process.env["PATH"] = `${inputPath}${path3.delimiter}${process.env["PATH"]}`;
     }
     exports.addPath = addPath;
-    function getInput4(name, options) {
+    function getInput3(name, options) {
       const val = process.env[`INPUT_${name.replace(/ /g, "_").toUpperCase()}`] || "";
       if (options && options.required && !val) {
         throw new Error(`Input required and not supplied: ${name}`);
@@ -19742,9 +19742,9 @@ var require_core = __commonJS({
       }
       return val.trim();
     }
-    exports.getInput = getInput4;
+    exports.getInput = getInput3;
     function getMultilineInput(name, options) {
-      const inputs = getInput4(name, options).split("\n").filter((x) => x !== "");
+      const inputs = getInput3(name, options).split("\n").filter((x) => x !== "");
       if (options && options.trimWhitespace === false) {
         return inputs;
       }
@@ -19754,7 +19754,7 @@ var require_core = __commonJS({
     function getBooleanInput(name, options) {
       const trueValue = ["true", "True", "TRUE"];
       const falseValue = ["false", "False", "FALSE"];
-      const val = getInput4(name, options);
+      const val = getInput3(name, options);
       if (trueValue.includes(val))
         return true;
       if (falseValue.includes(val))
@@ -19826,14 +19826,14 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
       });
     }
     exports.group = group2;
-    function saveState(name, value2) {
+    function saveState2(name, value2) {
       const filePath = process.env["GITHUB_STATE"] || "";
       if (filePath) {
         return (0, file_command_1.issueFileCommand)("STATE", (0, file_command_1.prepareKeyValueMessage)(name, value2));
       }
       (0, command_1.issueCommand)("save-state", { name }, (0, utils_1.toCommandValue)(value2));
     }
-    exports.saveState = saveState;
+    exports.saveState = saveState2;
     function getState(name) {
       return process.env[`STATE_${name}`] || "";
     }
@@ -47737,7 +47737,7 @@ var require_core3 = __commonJS({
     Object.defineProperty(exports, "__esModule", { value: true });
     var id_1 = require_id();
     var ref_1 = require_ref();
-    var core8 = [
+    var core11 = [
       "$schema",
       "$id",
       "$defs",
@@ -47747,7 +47747,7 @@ var require_core3 = __commonJS({
       id_1.default,
       ref_1.default
     ];
-    exports.default = core8;
+    exports.default = core11;
   }
 });
 
@@ -97475,14 +97475,14 @@ var require_turndown_cjs = __commonJS({
         } else if (node2.nodeType === 1) {
           replacement = replacementForNode.call(self2, node2);
         }
-        return join18(output, replacement);
+        return join19(output, replacement);
       }, "");
     }
     function postProcess(output) {
       var self2 = this;
       this.rules.forEach(function(rule) {
         if (typeof rule.append === "function") {
-          output = join18(output, rule.append(self2.options));
+          output = join19(output, rule.append(self2.options));
         }
       });
       return output.replace(/^[\t\r\n]+/, "").replace(/[\t\r\n\s]+$/, "");
@@ -97494,7 +97494,7 @@ var require_turndown_cjs = __commonJS({
       if (whitespace.leading || whitespace.trailing) content = content.trim();
       return whitespace.leading + rule.replacement(content, node2, this.options) + whitespace.trailing;
     }
-    function join18(output, replacement) {
+    function join19(output, replacement) {
       var s1 = trimTrailingNewlines(output);
       var s2 = trimLeadingNewlines(replacement);
       var nls = Math.max(output.length - s1.length, replacement.length - s2.length);
@@ -98924,10 +98924,9 @@ var require_fast_content_type_parse = __commonJS({
 });
 
 // main.ts
-var core7 = __toESM(require_core(), 1);
 import { existsSync as existsSync7, readdirSync } from "node:fs";
 import { readFile as readFile4 } from "node:fs/promises";
-import { join as join17 } from "node:path";
+import { join as join18 } from "node:path";
 
 // node_modules/.pnpm/@ark+util@0.56.0/node_modules/@ark/util/out/arrays.js
 var liftArray = (data) => Array.isArray(data) ? data : [data];
@@ -107762,6 +107761,7 @@ var providers = {
   openai: provider({
     displayName: "OpenAI",
     envVars: ["OPENAI_API_KEY"],
+    managedCredentials: ["CODEX_AUTH_JSON"],
     models: {
       gpt: {
         displayName: "GPT",
@@ -107821,12 +107821,16 @@ var providers = {
         displayName: "Gemini Pro",
         resolve: "google/gemini-3.1-pro-preview",
         openRouterResolve: "openrouter/google/gemini-3.1-pro-preview",
-        preferred: true,
-        subagentModel: "gemini-flash"
+        preferred: true
+        // Inherit (subagents stay on Pro). Google has no in-between tier;
+        // dropping to Flash for review work was a meaningful capability cliff
+        // (Flash missed the catastrophic camelCase/snake_case mismatch in
+        // the v4 e2e test). Pro is cost-effective enough to use for both
+        // orchestrator and lenses.
       },
       "gemini-flash": {
         displayName: "Gemini Flash",
-        resolve: "google/gemini-3-flash-preview",
+        resolve: "google/gemini-3.5-flash",
         openRouterResolve: "openrouter/google/gemini-3-flash-preview"
       }
     }
@@ -107841,15 +107845,22 @@ var providers = {
         openRouterResolve: "openrouter/x-ai/grok-4.3",
         preferred: true
       },
+      // legacy aliases — xAI retired the entire fast/code-fast line on
+      // 2026-05-15 (https://docs.x.ai/developers/migration/may-15-deprecation)
+      // and now redirects every deprecated text-model slug to grok-4.3 at
+      // standard pricing. fall back to the live `xai/grok` so the alias
+      // chain resolves to grok-4.3 for both direct-key and OpenRouter users.
       "grok-fast": {
         displayName: "Grok Fast",
         resolve: "xai/grok-4-1-fast",
-        openRouterResolve: "openrouter/x-ai/grok-4.1-fast"
+        openRouterResolve: "openrouter/x-ai/grok-4.3",
+        fallback: "xai/grok"
       },
       "grok-code-fast": {
         displayName: "Grok Code Fast",
         resolve: "xai/grok-code-fast-1",
-        openRouterResolve: "openrouter/x-ai/grok-code-fast-1"
+        openRouterResolve: "openrouter/x-ai/grok-4.3",
+        fallback: "xai/grok"
       }
     }
   }),
@@ -107963,8 +107974,8 @@ var providers = {
       "gemini-pro": {
         displayName: "Gemini Pro",
         resolve: "opencode/gemini-3.1-pro",
-        openRouterResolve: "openrouter/google/gemini-3.1-pro-preview",
-        subagentModel: "gemini-flash"
+        openRouterResolve: "openrouter/google/gemini-3.1-pro-preview"
+        // Inherit — see google/gemini-pro for rationale.
       },
       "gemini-flash": {
         displayName: "Gemini Flash",
@@ -108076,8 +108087,8 @@ var providers = {
       "gemini-pro": {
         displayName: "Gemini Pro",
         resolve: "openrouter/google/gemini-3.1-pro-preview",
-        openRouterResolve: "openrouter/google/gemini-3.1-pro-preview",
-        subagentModel: "gemini-flash"
+        openRouterResolve: "openrouter/google/gemini-3.1-pro-preview"
+        // Inherit — see google/gemini-pro for rationale.
       },
       "gemini-flash": {
         displayName: "Gemini Flash",
@@ -108180,14 +108191,25 @@ function isBedrockAnthropicId(bedrockModelId) {
 // utils/buildPullfrogFooter.ts
 var PULLFROG_DIVIDER = "<!-- PULLFROG_DIVIDER_DO_NOT_REMOVE_PLZ -->";
 var FROG_LOGO = `<a href="https://pullfrog.com"><picture><source media="(prefers-color-scheme: dark)" srcset="https://pullfrog.com/logos/frog-white-full-18px.png"><img src="https://pullfrog.com/logos/frog-green-full-18px.png" width="9px" height="9px" style="vertical-align: middle; " alt="Pullfrog"></picture></a>`;
-function formatModelLabel(slug2) {
-  const alias = resolveDisplayAlias(slug2) ?? // reverse-lookup: when the caller passes an effective model (proxy or
+function providerDisplayName(slug2) {
+  try {
+    const key = getModelProvider(slug2);
+    const meta3 = providers[key];
+    return meta3?.displayName ?? key;
+  } catch {
+    return slug2;
+  }
+}
+function formatModelLabel(params) {
+  const alias = resolveDisplayAlias(params.model) ?? // reverse-lookup: when the caller passes an effective model (proxy or
   // resolved target like "openrouter/anthropic/claude-opus-4.7") instead of
   // a stored alias slug, find the alias whose resolve target matches so we
   // still render a friendly display name.
-  modelAliases.find((a) => a.resolve === slug2 || a.openRouterResolve === slug2);
-  if (!alias) return `\`${slug2}\``;
-  return alias.isFree ? `\`${alias.displayName}\` (free)` : `\`${alias.displayName}\``;
+  modelAliases.find((a) => a.resolve === params.model || a.openRouterResolve === params.model);
+  const displayName = alias?.displayName ?? params.model;
+  const base = alias?.isFree ? `\`${displayName}\` (free)` : `\`${displayName}\``;
+  if (!params.fallbackFrom) return base;
+  return `${base} (credentials for ${providerDisplayName(params.fallbackFrom)} not configured)`;
 }
 function buildPullfrogFooter(params) {
   const parts = [];
@@ -108205,7 +108227,9 @@ function buildPullfrogFooter(params) {
     parts.push("via [Pullfrog](https://pullfrog.com)");
   }
   if (params.model) {
-    parts.push(`Using ${formatModelLabel(params.model)}`);
+    parts.push(
+      `Using ${formatModelLabel({ model: params.model, fallbackFrom: params.fallbackFrom })}`
+    );
   }
   const allParts = [...parts, "[\u{1D54F}](https://x.com/pullfrogai)"];
   return `
@@ -108998,7 +109022,8 @@ function buildCommentFooter(ctx, customParts) {
       jobId: ctx.jobId
     } : void 0,
     customParts,
-    model: ctx.toolState.model
+    model: ctx.toolState.model,
+    fallbackFrom: ctx.toolState.modelFallback?.from
   });
 }
 function buildImplementPlanLink(ctx, issueNumber, commentId) {
@@ -109023,7 +109048,7 @@ var Comment = type({
 function CreateCommentTool(ctx) {
   return tool({
     name: "create_issue_comment",
-    description: "Create a comment on a GitHub issue or PR. Example: `create_issue_comment({ issueNumber: 1234, body: \"Thanks for the report.\" })`. For progress/plan updates on the current run use report_progress instead. Use type: 'Plan' for plan comments.",
+    description: 'Create a comment on a GitHub issue or PR. Example: `create_issue_comment({ issueNumber: 1234, body: "Thanks for the report." })`. For progress/plan updates on the current run use report_progress instead \u2014 plan output (initial post AND revisions) is always posted via report_progress, never via this tool.',
     parameters: Comment,
     execute: execute(async ({ issueNumber, body, type: commentType }) => {
       const bodyWithFooter = addFooter(ctx, body);
@@ -109096,7 +109121,7 @@ function EditCommentTool(ctx) {
 var ReportProgress = type({
   body: type.string.describe("the progress update content to share"),
   "target_plan_comment?": type("boolean").describe(
-    "when true, update the existing plan comment (from select_mode lookup) instead of the progress comment; use when editing an existing plan"
+    "for revising an existing plan comment ONLY. set to true only when the PlanEdit checklist from select_mode tells you to (i.e. a prior plan comment was found for this issue). NEVER set on the initial plan post \u2014 the initial plan reuses the run's progress comment and is posted by calling report_progress without this flag."
   )
 });
 async function reportProgress(ctx, params) {
@@ -109643,12 +109668,37 @@ function isActivityNoise(chunk) {
   });
 }
 var _lastActivity = performance2.now();
+var MAX_TOOL_CALL_SUSPENSION_MS = 15 * 60 * 1e3;
+var _suspendedAt = null;
+var _suspensionTimer = null;
 function markActivity() {
   _lastActivity = performance2.now();
 }
 function getIdleMs() {
+  if (_suspendedAt !== null) return 0;
   return Math.round(performance2.now() - _lastActivity);
 }
+function suspendActivity(maxMs = MAX_TOOL_CALL_SUSPENSION_MS) {
+  if (_suspendedAt !== null) return;
+  _suspendedAt = performance2.now();
+  _suspensionTimer = setTimeout(() => {
+    log.warning(`activity watchdog suspended >${Math.round(maxMs / 1e3)}s \u2014 auto-resuming`);
+    resumeActivity();
+  }, maxMs);
+  _suspensionTimer.unref?.();
+}
+function resumeActivity() {
+  if (_suspendedAt === null) return;
+  _suspendedAt = null;
+  if (_suspensionTimer) {
+    clearTimeout(_suspensionTimer);
+    _suspensionTimer = null;
+  }
+  _lastActivity = performance2.now();
+}
+function isActivitySuspended() {
+  return _suspendedAt !== null;
+}
 function wrapWrite(original, onActivity) {
   const wrapped = (chunk, encodingOrCb, cb) => {
     if (!isActivityNoise(chunk)) {
@@ -109881,6 +109931,11 @@ async function spawn(options) {
         `spawn activity timer: pid=${child.pid} cmd=${options.cmd} timeout=${activityTimeoutMs}ms`
       );
       activityCheckIntervalId = setInterval(() => {
+        if (options.isPausedExternally?.()) {
+          lastActivityTime = performance3.now();
+          log.debug(`spawn activity check: pid=${child.pid} paused externally`);
+          return;
+        }
         const idleMs = performance3.now() - lastActivityTime;
         log.debug(
           `spawn activity check: pid=${child.pid} idle=${Math.round(idleMs)}ms / ${activityTimeoutMs}ms`
@@ -137894,7 +137949,7 @@ var require_core4 = /* @__PURE__ */ __commonJSMin(((exports) => {
   Object.defineProperty(exports, "__esModule", { value: true });
   const id_1 = require_id2();
   const ref_1 = require_ref2();
-  const core8 = [
+  const core11 = [
     "$schema",
     "$id",
     "$defs",
@@ -137904,7 +137959,7 @@ var require_core4 = /* @__PURE__ */ __commonJSMin(((exports) => {
     id_1.default,
     ref_1.default
   ];
-  exports.default = core8;
+  exports.default = core11;
 }));
 var require_limitNumber2 = /* @__PURE__ */ __commonJSMin(((exports) => {
   Object.defineProperty(exports, "__esModule", { value: true });
@@ -142414,7 +142469,7 @@ var import_semver = __toESM(require_semver2(), 1);
 // package.json
 var package_default = {
   name: "pullfrog",
-  version: "0.1.8",
+  version: "0.1.10",
   type: "module",
   bin: {
     pullfrog: "dist/cli.mjs",
@@ -142430,6 +142485,7 @@ var package_default = {
     typecheck: "tsc --noEmit",
     build: "node esbuild.config.js && tsc -p tsconfig.exports.json",
     "check:entrypoints": "node scripts/check-entrypoint-imports.ts",
+    docker: "node docker.ts",
     play: "node play.ts",
     runtest: "node test/run.ts",
     scratch: "node scratch.ts",
@@ -142463,7 +142519,7 @@ var package_default = {
     fastmcp: "^3.34.0",
     "file-type": "^21.3.0",
     husky: "^9.0.0",
-    "opencode-ai": "1.1.56",
+    "opencode-ai": "1.15.1",
     "package-manager-detector": "^1.6.0",
     picocolors: "^1.1.1",
     semver: "^7.7.3",
@@ -142919,8 +142975,9 @@ function $(cmd, args2, options) {
       options.onError(errorResult);
       return stdout.trim();
     }
+    const detail = [stderr, stdout].map((s) => s.trim()).filter(Boolean).join("\n");
     throw new Error(
-      `Command failed with exit code ${errorResult.status}: ${stderr || "Unknown error"}`
+      `Command failed with exit code ${errorResult.status}: ${detail || "Unknown error"}`
     );
   }
   return stdout.trim();
@@ -143060,6 +143117,7 @@ async function executeLifecycleHook(params) {
     if (result.exitCode !== 0) {
       const output = (result.stderr || result.stdout).trim();
       return {
+        failure: { kind: "exit", output, exitCode: result.exitCode },
         warning: `lifecycle hook '${params.event}' failed with exit code ${result.exitCode}. output: ${output || "(empty)"}. retry the operation if the failure looks flaky (network blips, transient rate limits). do NOT retry if the script is broken (missing commands, syntax errors) or the error is persistent.`
       };
     }
@@ -143070,11 +143128,13 @@ async function executeLifecycleHook(params) {
     if (isTimeout) {
       const minutes = Math.round(LIFECYCLE_HOOK_TIMEOUT_MS / 6e4);
       return {
+        failure: { kind: "timeout" },
         warning: `lifecycle hook '${params.event}' timed out after ${minutes}min. do NOT retry \u2014 the script is likely hung or doing too much work. ask the repo owner to simplify the hook (e.g. move long-running work out of the hook, add caching, or split it).`
       };
     }
     const msg = err instanceof Error ? err.message : String(err);
     return {
+      failure: { kind: "spawn", spawnError: msg },
       warning: `lifecycle hook '${params.event}' failed to spawn: ${msg}. this is likely a transient failure \u2014 retry the operation.`
     };
   }
@@ -143293,7 +143353,7 @@ function PushBranchTool(ctx) {
   const pushPermission = ctx.payload.push;
   return tool({
     name: "push_branch",
-    description: "Push the current branch to the remote repository. Omit branchName to push the current branch (recommended). Example: `push_branch({})` to push the current branch. Example: `push_branch({ branchName: \"pr-1\" })` to push a specific local branch. If specifying branchName, use the LOCAL branch name (e.g., 'pr-1'), not the remote branch name. The correct remote and remote branch are determined automatically from branch config set by checkout_pr. Requires a clean working tree. Runs the repository prepush hook (if configured) before the network push \u2014 hook failure means tests/lint or similar in that script failed, not necessarily a Pullfrog timeout. Never force push unless explicitly requested. Pushes to the default branch are blocked in restricted mode. If the response reports a timeout, the underlying push may have actually succeeded \u2014 verify with `git log origin/<branch>` (or this tool with command 'log') before retrying, otherwise you'll push a duplicate.",
+    description: "Push the current branch to the remote repository. Omit branchName to push the current branch (recommended). Example: `push_branch({})` to push the current branch. Example: `push_branch({ branchName: \"pr-1\" })` to push a specific local branch. If specifying branchName, use the LOCAL branch name (e.g., 'pr-1'), not the remote branch name. The correct remote and remote branch are determined automatically from branch config set by checkout_pr. Requires a clean working tree. Runs the repository prepush hook (if configured) \u2014 best-effort. If the hook fails, the tool returns the failure output and every subsequent call this run skips the hook. Never force push unless explicitly requested. Pushes to the default branch are blocked in restricted mode. If the response reports a timeout, the underlying push may have actually succeeded \u2014 verify with `git log origin/<branch>` (or this tool with command 'log') before retrying, otherwise you'll push a duplicate.",
     parameters: PushBranch,
     execute: execute(async ({ branchName, force }) => {
       if (pushPermission === "disabled") {
@@ -143307,10 +143367,21 @@ function PushBranchTool(ctx) {
           `push blocked: working tree is not clean (tracked changes and/or untracked files). commit, discard, or remove stray artifacts before pushing.
 
 git status:
-${status}`
+${status}` + (ctx.toolState.prepushFailureCount > 0 ? "\n\nnote: the prepush hook failed earlier this run \u2014 once the working tree is clean, push_branch will skip the hook." : "")
         );
       }
       const pushDest = validatePushDestination(ctx, branch);
+      const prBranchMatch = branch.match(/^pr-(\d+)$/);
+      if (prBranchMatch && pushDest.remoteBranch !== branch) {
+        const prNumber = Number(prBranchMatch[1]);
+        const event = ctx.payload.event;
+        const runScoped = event.is_pr === true && event.issue_number === prNumber;
+        if (!runScoped) {
+          throw new Error(
+            `push blocked: local branch '${branch}' would push to '${pushDest.remoteName}/${pushDest.remoteBranch}', but this run is not scoped to PR #${prNumber}. the 'pr-${prNumber}' branch was created by a prior checkout_pr call (likely from a subagent \u2014 subagents share the working tree and toolState with the orchestrator). you have probably landed your commit on the wrong branch. switch to your own feature branch first (e.g. 'git checkout <feature-branch>') and then push. if the push to PR #${prNumber} is intentional, this run needs to be triggered against that PR.`
+          );
+        }
+      }
       if (pushPermission === "restricted" && pushDest.remoteBranch === defaultBranch) {
         throw new Error(
           `Push blocked: cannot push directly to default branch '${pushDest.remoteBranch}'. Create a feature branch and open a PR instead.`
@@ -143318,21 +143389,27 @@ ${status}`
       }
       const refspec = branch === pushDest.remoteBranch ? branch : `${branch}:${pushDest.remoteBranch}`;
       const pushArgs = force ? ["--force", "-u", pushDest.remoteName, refspec] : ["-u", pushDest.remoteName, refspec];
-      const prepushHook = await executeLifecycleHook({
-        event: "prepush",
-        script: ctx.prepushScript
-      });
-      if (prepushHook.warning) {
-        throw new Error(prepushHook.warning);
-      }
-      const postHookStatus = $("git", ["status", "--porcelain"], { log: false });
-      if (postHookStatus) {
-        throw new Error(
-          `push blocked: the prepush hook modified the working tree. those changes are not included in the push. commit or discard them (or change the hook to not mutate tracked files) before retrying.
+      const prepushSkipped = ctx.toolState.prepushFailureCount > 0;
+      if (prepushSkipped) {
+        log.info(`\xBB skipping prepush hook (failed earlier this run)`);
+      } else if (ctx.prepushScript) {
+        const prepushHook = await executeLifecycleHook({
+          event: "prepush",
+          script: ctx.prepushScript
+        });
+        if (prepushHook.failure) {
+          ctx.toolState.prepushFailureCount += 1;
+          throw new Error(buildPrepushFailureMessage(prepushHook.failure, ctx.payload.shell));
+        }
+        const postHookStatus = $("git", ["status", "--porcelain"], { log: false });
+        if (postHookStatus) {
+          throw new Error(
+            `push blocked: the prepush hook modified the working tree. those changes are not included in the push. commit or discard them (or change the hook to not mutate tracked files) before retrying.
 
 git status:
 ${postHookStatus}`
-        );
+          );
+        }
       }
       log.debug(`pushing ${branch} to ${pushDest.remoteName}/${pushDest.remoteBranch}`);
       if (force) {
@@ -143385,17 +143462,30 @@ ${integrateStep}
       log.info(
         `\xBB pushed branch ${branch} to ${pushDest.remoteName}/${pushDest.remoteBranch} (sha ${pushedSha})`
       );
+      const baseMsg = `successfully pushed ${branch} to ${pushDest.remoteName}/${pushDest.remoteBranch}`;
+      const message = prepushSkipped ? `${baseMsg} (prepush hook skipped \u2014 failed earlier this run).` : baseMsg;
       return {
         success: true,
         branch,
         remoteBranch: pushDest.remoteBranch,
         remote: pushDest.remoteName,
         force,
-        message: `successfully pushed ${branch} to ${pushDest.remoteName}/${pushDest.remoteBranch}`
+        prepushSkipped,
+        message
       };
     })
   });
 }
+function buildPrepushFailureMessage(failure, shell) {
+  const header = failure.kind === "exit" ? `prepush hook failed with exit code ${failure.exitCode}.
+
+script output:
+${failure.output || "(empty)"}` : failure.kind === "timeout" ? `prepush hook timed out \u2014 the script is hung or doing too much work.` : `prepush hook failed to spawn: ${failure.spawnError}.`;
+  const ifRealBug = shell === "disabled" ? `fix it before pushing again \u2014 shell access is disabled in this run, so you can't re-run the hook command yourself.` : `run the hook command yourself via the shell tool to iterate (push_branch will NOT re-run it).`;
+  return `${header}
+
+this repo's prepush hook is best-effort: the next push_branch call will SKIP the hook and proceed. if the failure is unrelated to your changes (pre-existing breakage, flaky check), just call push_branch again. if it could be a real bug in your code, ${ifRealBug}`;
+}
 var AUTH_REQUIRED_REDIRECT = {
   push: "use the push_branch tool instead \u2014 it handles authentication and permission checks.",
   fetch: "use the git_fetch tool instead \u2014 it handles authentication.",
@@ -143457,6 +143547,23 @@ function GitTool(ctx) {
           }
         }
       }
+      if (command === "merge-base" && args2.includes("--is-ancestor")) {
+        let isAncestor = true;
+        $("git", [command, ...args2], {
+          log: false,
+          onError: (r) => {
+            if (r.status === 1) {
+              isAncestor = false;
+              return;
+            }
+            const detail = [r.stderr, r.stdout].map((s) => s.trim()).filter(Boolean).join("\n");
+            throw new Error(
+              `git merge-base --is-ancestor failed (exit ${r.status}): ${detail || "Unknown error"}`
+            );
+          }
+        });
+        return { success: true, isAncestor };
+      }
       const output = $("git", [command, ...args2], { log: false });
       const lineCount = output.split("\n").length;
       if (lineCount > COLLAPSE_THRESHOLD) {
@@ -143696,7 +143803,7 @@ var CreatePullRequestReview = type({
     "1-2 sentence high-level summary with urgency level, critical callouts, and feedback about code outside the diff. Specific feedback on diff lines goes in 'comments' array."
   ).optional(),
   approved: type.boolean.describe(
-    "Set to true to submit as an approval. Use for both 'no issues found' and informational `> [!NOTE]` reviews where the PR is mergeable as-is and nothing in the body warrants code changes \u2014 approving also suppresses the Fix-button footer affordance so users don't dispatch a fix run on non-actionable feedback. Reserve approved: false for `> [!IMPORTANT]` (recommended changes) and `> [!CAUTION]` (critical) reviews. Defaults to false (comment-only review). Rejections are not supported."
+    "Set to true to submit as an approval. Use for `> \u2705 No new issues found.` reviews where the PR is mergeable as-is and nothing in the body warrants code changes \u2014 approving also suppresses the Fix-button footer affordance so users don't dispatch a fix run on non-actionable feedback. Reserve approved: false for `> \u2139\uFE0F ...` (minor suggestions inline), `> [!IMPORTANT]` (recommended changes), and `> [!CAUTION]` (critical) reviews. Defaults to false (comment-only review). Rejections are not supported."
   ).optional(),
   commit_id: type.string.describe(
     "Optional SHA of the commit being reviewed. Defaults to latest. Must be the FULL 40-character SHA \u2014 abbreviated SHAs are rejected by GitHub with `422 Unprocessable Entity`. The PR-synchronize event payload's `head_sha` is already full-length."
@@ -144041,7 +144148,8 @@ async function createAndSubmitWithFooter(ctx, params, opts) {
     const footer = buildPullfrogFooter({
       workflowRun: ctx.runId ? { owner: ctx.repo.owner, repo: ctx.repo.name, runId: ctx.runId, jobId: ctx.jobId } : void 0,
       customParts,
-      model: ctx.toolState.model
+      model: ctx.toolState.model,
+      fallbackFrom: ctx.toolState.modelFallback?.from
     });
     return await ctx.octokit.rest.pulls.submitReview({
       owner: params.owner,
@@ -144540,8 +144648,8 @@ ${diffPreview}`);
         log.info(`\xBB checkout_pr({pull_number:${pull_number}}) already in flight \u2014 sharing result`);
         return inFlight;
       }
-      const current = ctx.toolState.issueNumber;
-      if (current !== void 0 && current !== pull_number) {
+      const currentBranch = $("git", ["rev-parse", "--abbrev-ref", "HEAD"], { log: false }).trim();
+      if (currentBranch !== `pr-${pull_number}`) {
         const dirty = $("git", ["status", "--porcelain"], { log: false }).trim();
         if (dirty) {
           throw new Error(
@@ -144874,9 +144982,8 @@ function GetIssueEventsTool(ctx) {
       });
       const relevantEventTypes = /* @__PURE__ */ new Set(["cross_referenced", "referenced"]);
       const parsedEvents = events.flatMap((event) => {
-        if (!("event" in event) || !relevantEventTypes.has(event.event)) {
-          return [];
-        }
+        if (!("event" in event) || typeof event.event !== "string") return [];
+        if (!relevantEventTypes.has(event.event)) return [];
         const baseEvent = {
           event: event.event
         };
@@ -145076,7 +145183,8 @@ function buildPrBodyWithFooter(ctx, body) {
   const footer = buildPullfrogFooter({
     triggeredBy: true,
     workflowRun: ctx.runId ? { owner: ctx.repo.owner, repo: ctx.repo.name, runId: ctx.runId, jobId: ctx.jobId } : void 0,
-    model: ctx.toolState.model
+    model: ctx.toolState.model,
+    fallbackFrom: ctx.toolState.modelFallback?.from
   });
   const bodyWithoutFooter = stripExistingFooter(fixDoubleEscapedString(body));
   return `${bodyWithoutFooter}${footer}`;
@@ -145647,7 +145755,9 @@ function ListPullRequestReviewsTool(ctx) {
           body: review.body,
           state: review.state,
           user: review.user?.login,
-          submitted_at: review.submitted_at
+          submitted_at: review.submitted_at,
+          commit_id: review.commit_id,
+          html_url: review.html_url
         })),
         count: reviews.length
       };
@@ -145887,6 +145997,14 @@ function detectSandboxMethod() {
   return "none";
 }
 var PROC_CLEANUP = "umount /proc 2>/dev/null; umount /proc 2>/dev/null; mount -t proc proc /proc 2>/dev/null;";
+var SOCKET_CLEANUP = [
+  "/var/run/docker.sock",
+  "/run/docker.sock",
+  "/var/run/podman/podman.sock",
+  "/run/podman/podman.sock",
+  "/run/containerd/containerd.sock",
+  "/var/run/crio/crio.sock"
+].map((path3) => `mount --bind /dev/null ${path3} 2>/dev/null;`).join(" ");
 function spawnShell(params) {
   const spawnOpts = { env: params.env, cwd: params.cwd, stdio: params.stdio, detached: true };
   const sandboxMethod = detectSandboxMethod();
@@ -145899,7 +146017,14 @@ function spawnShell(params) {
   if (sandboxMethod === "unshare") {
     return spawn2(
       "unshare",
-      ["--pid", "--fork", "--mount-proc", "bash", "-c", `${PROC_CLEANUP} ${params.command}`],
+      [
+        "--pid",
+        "--fork",
+        "--mount-proc",
+        "bash",
+        "-c",
+        `${PROC_CLEANUP} ${SOCKET_CLEANUP} ${params.command}`
+      ],
       spawnOpts
     );
   }
@@ -145925,7 +146050,7 @@ function spawnShell(params) {
         "--mount-proc",
         "bash",
         "-c",
-        `${PROC_CLEANUP} exec su -p -s /bin/bash ${username} -c '${escaped}'`
+        `${PROC_CLEANUP} ${SOCKET_CLEANUP} exec su -p -s /bin/bash ${username} -c '${escaped}'`
       ],
       { ...spawnOpts, env: {} }
     );
@@ -146360,52 +146485,145 @@ Report findings clearly with file:line references and quoted evidence where poss
 // modes.ts
 var PR_SUMMARY_FORMAT = `### Default format
 
-Follow this structure exactly:
+The body has at most three parts in this exact order:
+
+1. **Reviewed changes preamble** \u2014 one bolded inline lead-in describing what was reviewed in this run, a bullet list of the substantive changes, and an HTML comment carrying review metadata for downstream agents.
+2. **Cross-cutting issue sections** (zero or more) \u2014 one \`### \` heading per concern, with a human-readable problem write-up and a collapsed \`<details>Technical details</details>\` block underneath.
+3. **\`### \u2139\uFE0F Nitpicks\`** at the very bottom (only if there are nits worth surfacing in the body) \u2014 a flat bullet list, no technical-details block.
+
+Inline-vs-body split: concerns that anchor to a specific line go inline (use the \`comments\` parameter). Body \`### \` sections are reserved for concerns that **have no line to anchor to** \u2014 typically because the concern is about *absence* (something the diff should have done but didn't), *sequencing* (rollout / deletion / migration order), *design decisions only the human can make*, or *scope questions the diff implicitly raises but doesn't address*. A concern that anchors to a line but has broad implications still goes inline (use the technical-details block there to capture the implications \u2014 see Inline technical details below). If you found no non-anchorable concerns, the body has zero \`### \` issue sections \u2014 just the preamble + metadata.
+
+## 1. Reviewed changes preamble
 
-<b>TL;DR</b> \u2014 1-3 sentences on what the PR does and why. Focus on intent, not mechanics.
-NOTE: use HTML bold <b>TL;DR</b>, NOT markdown bold **TL;DR**.
+Open with a single bolded inline lead-in followed immediately by the bullet list (no \`### Key changes\` heading, no \`<b>TL;DR</b>\`):
 
-### Key changes
+\`\`\`
+**Reviewed changes** \u2014 one sentence on what was reviewed in this run. For Review (initial), this is what the PR does and why. For IncrementalReview, this is what changed since the prior pullfrog review. Focus on intent, not mechanics.
+
+- **Short human-readable title** \u2014 1 sentence per substantive change. Write a short prose phrase; when you name a file, type, or function, put that name in backticks (e.g. **Add \\\`TodoTracker\\\` for live checklists**). A reviewer should understand the full reviewed scope from this list alone \u2014 this IS the dispassionate "what was reviewed and what changed" overview, so cover the substantive changes, not just the loudest ones.
+
+<!--
+Pullfrog review metadata \u2014 for any agent (or human-with-agent) reading this
+review. Incorporate the fields below into your understanding of the context
+this review was made in. The findings below were written against
+{head_sha_short}; if new commits have landed on {head_ref} since this review
+was submitted, treat any specific bug, file, or line callout as POTENTIALLY
+STALE \u2014 re-diff against {head_sha_short} (or trigger a fresh review) and
+factor commits past {head_sha_short} into your understanding of the current
+state before acting on findings.
+
+- Mode: Review (initial)   or   IncrementalReview (delta against prior pullfrog review)
+- Files reviewed: {file_count}
+- Commits reviewed: {commit_count}
+- Base: {base_ref} ({base_sha_short})
+- Head: {head_ref} ({head_sha_short})
+- Reviewed commits:
+  - {sha_short} \u2014 {commit_subject}
+  - ...
+- Prior pullfrog review: none   or   {prior_sha_short} ({prior_review_html_url})
+- Submitted at: {iso_timestamp}
+-->
+\`\`\`
 
-- **Short human-readable title** \u2014 1 sentence per change. Write a short prose phrase (title case or sentence case); when you name a file, type, or function, put that name in backticks (e.g. **Add \`TodoTracker\` for live checklists**). A reviewer should understand the full PR from this list alone.
+Pull every metadata field from the \`checkout_pr\` tool's response \u2014 file count, commit count, base/head ref + SHA, the commit list. For \`IncrementalReview\` runs, populate \`Prior pullfrog review\` with the prior review's commit_id (short SHA) and \`html_url\` from \`list_pull_request_reviews\`.
 
-<sub><b>Summary</b> \uFF5C {file_count} files \uFF5C {commit_count} commits \uFF5C base: \`{base}\` \u2190 \`{head}\`</sub>
-NOTE: the metadata line goes AFTER the bullet list, not before it.
+## 2. Cross-cutting issue sections (zero or more)
 
-Then for each key change, a ## section with a short descriptive title that reads like a documentation heading (e.g. ## Live todo checklist tracking).
+For each cross-cutting concern, one \`### \` section. Use this exact shape:
 
-<br/>
+\`\`\`
+### {emoji} {short, descriptive title \u2014 what's wrong, not what to do}
 
-## Example readable section title
+{Human-readable problem write-up. Describes the PROBLEM only \u2014 what's broken, what the symptom is, what the blast radius is. NO asks, NO suggested fixes, NO "the right thing to do is...". Asks and fixes live in the technical-details block below; the visible part is for the human to *understand* the problem, not to implement it.}
 
-> **Before:** [old behavior/state]<br/>**After:** [new behavior/state]
-IMPORTANT: Before and After MUST be on a SINGLE blockquote line with an inline <br/> between them. Two separate \`>\` lines creates a double line break.
+<details><summary>Technical details</summary>
 
-1-2 sentences of explanation. Break up text with tables, blockquotes, or lists \u2014 NEVER 3+ plain paragraphs in a row.
+\\\`\\\`\\\`\\\`markdown
+# {title repeated}
 
-If a change warrants deeper explanation, use a blockquoted details/summary framed as a question:
-> <details><summary>How does X work?</summary>
-> Extended explanation here.
-> </details>
+## Affected sites
+- {file path:line} \u2014 {what's wrong there}
+- ...
 
-End each section with a file links trail (3-4 key files max):
-[\`file.ts\`](https://github.com/{owner}/{repo}/pull/{number}/files#diff-{sha256hex_of_filepath}) \xB7 ...
+## Required outcome
+- {what the fix needs to achieve, not how to achieve it}
+- ...
 
-Single-feature PRs: skip the ## sections. Fold before/after and explanation into the header after key changes.
+## Suggested approach (optional)
+{When the fix shape is non-obvious, sketch one or more reasonable directions. Skip when the outcome alone makes the fix obvious.}
 
-CRITICAL \u2014 GitHub markdown rendering rule:
-GitHub's markdown parser requires a blank line between ALL block-level elements. This includes transitions between: HTML tags (<br/>, <sub>, <details>, <b>, etc.) and markdown syntax (headings, lists, blockquotes, paragraphs). Without a blank line, GitHub treats the following content as a continuation of the HTML block and renders markdown syntax as literal text. ALWAYS separate block-level elements with a blank line.
+## Open questions for the human (optional)
+- {Any decision an implementing agent shouldn't make unilaterally \u2014 pricing thresholds, breaking-change policy, naming, scope of follow-up.}
+\\\`\\\`\\\`\\\`
 
-Rules:
-- \`##\` titles and key-change bullet lead-ins are plain-language summaries; backtick only actual code tokens (files, types, functions) where they appear in the title
-- ALL variable names, identifiers, and file names in body text must be in backticks
-- ALL file references MUST link to the PR Files Changed view. Use the \`diff-<hex>\` anchor precomputed next to each filename in the \`checkout_pr\` TOC \u2014 do NOT run \`sha256sum\` or any other shell command to compute anchors. NEVER fabricate hex strings. If a file is not in the TOC, omit the \`#diff-\` anchor rather than guessing.
-- Add <br/> before each ## heading for visual spacing. Do NOT use horizontal rules (---)
-- Do NOT include raw diff stats like '+123 / -45' or line counts
-- Do NOT include code blocks or repeat diff contents
-- Do NOT include a changelog section \u2014 the key changes list serves this purpose
-- Focus on *intent*, not *what* \u2014 the diff already shows what changed
-- Get the file count and commit count from the checkout_pr metadata, not by counting manually`;
+</details>
+\`\`\`
+
+Concrete example of the visible part of a non-anchored section (technical-details block unchanged from the template above):
+
+\`\`\`
+### \u2139\uFE0F Legacy \`opencode.ts\` has no documented deletion plan
+
+The v2 harness lands alongside the v1 file and imports one helper from it. Worth a follow-up issue or a TODO so the next maintainer doesn't have to re-derive the cleanup plan.
+\`\`\`
+
+The example's value is its *shape*: a finding about absence (no deletion plan), not a line-anchored bug. Body sections live or die on whether the concern genuinely doesn't fit on a line.
+
+**Heading severity emoji** \u2014 every \`### \` heading carries one:
+
+- \u{1F6A8} critical \u2014 blocks merge (data loss, security, broken core flow)
+- \u26A0\uFE0F important \u2014 must address before merging (regression, missing validation, incorrect behavior)
+- \u2139\uFE0F informational \u2014 surfaced for awareness; mergeable as-is
+
+**Visible problem write-up rules:**
+
+- **No asks, no suggested fixes** in the visible part. The visible portion describes the problem; the technical-details block describes the fix shape and any open questions. The exception: a fix so self-evident that NOT stating it would be weird (e.g. "the typo is missing an 'r'") \u2014 in that case, fold it into the problem statement and skip the suggested-approach block in technical details too.
+- **Never two successive plain paragraphs.** Every transition between block-level elements must alternate prose with structure: paragraph \u2192 bullet list \u2192 paragraph; paragraph \u2192 code fence \u2192 bullet list; paragraph \u2192 table \u2192 paragraph. Two consecutive paragraphs in a row create a wall of text that's impossible to digest. If you catch yourself writing one, find a way to split it: pull a list out of it, drop a 2-3 line code fence between them, or merge them into a single tighter paragraph.
+- **Per-paragraph budget:** ~3 sentences max. Past that, you're explaining where you should be structuring.
+- **Identifier discipline still applies** in the visible part. Lead with behavior in plain English; name an identifier only when it's the subject of the concern or a public surface a reader would recognize. The technical-details block is where dense identifier references belong.
+
+**Technical-details block rules:**
+
+- Wrapped in a 4-backtick markdown fence (\`\\\`\\\`\\\`\\\`markdown ... \\\`\\\`\\\`\\\`\`) so it's visually distinct, one-click copyable, and can contain its own 3-backtick code fences without escape gymnastics. The contents are agent-readable \u2014 a fix-agent will pull the body down and use this block as the brief.
+- File paths and \`file:line\` refs are encouraged (and necessary) \u2014 the next agent uses these to navigate. Identifier density is fine here.
+- Slightly more verbose than the absolute minimum is OK when it materially helps the next agent: a small code snippet showing the symptom, a short table of mismatched key/column pairs, a one-paragraph "why CI doesn't catch it" note. Skip massive regression-test scaffolding or full route rewrites \u2014 the implementing agent writes those.
+- Use the four standard sections (\`Affected sites\`, \`Required outcome\`, optional \`Suggested approach\`, optional \`Open questions for the human\`). Skip the optional sections when they wouldn't add anything.
+
+## Inline technical details
+
+Inline comments are short (~2-3 sentences) by default. When an inline finding has broader implications worth recording for a fix-agent \u2014 e.g. a localized bug whose proper fix requires touching several files, or where the right fix depends on a design decision the human needs to make \u2014 append a collapsed \`<details><summary>Technical details</summary>\` block to the inline comment's body. Same shape as the body-section technical-details block (4-backtick fenced markdown, \`## Affected sites\` / \`## Required outcome\` / optional \`## Suggested approach\` / optional \`## Open questions for the human\`).
+
+GitHub renders the same markdown parser in inline comments as in the review body, so the collapsed-details affordance works the same way. The visible part of the inline comment stays scannable; the depth is one click away for any agent that needs it.
+
+## 3. \`### \u2139\uFE0F Nitpicks\` (optional, last section)
+
+Only when there are nits that for some reason can't be inlined. Filepaths in nit text are fine \u2014 these are simple enough that a human or agent reads once and acts. No technical-details block.
+
+\`\`\`
+### \u2139\uFE0F Nitpicks
+
+- {nit, with file path inline if useful, \u2264 ~200 chars}
+- ...
+\`\`\`
+
+## Inline comment shape
+
+Inline comments use the same severity framing as body \`### \` sections, scaled down for line-anchored use:
+
+- **Lead with a 1-2 sentence problem statement.** The reader is looking at the line in question, so don't restate what the line says \u2014 describe what's wrong with it. Optionally prefix the visible line with a severity emoji (\u{1F6A8} / \u26A0\uFE0F / \u2139\uFE0F) when severity isn't obvious from context.
+- **Optional \`<details><summary>Technical details</summary>...</details>\` collapsible** for findings whose technical context (longer file:line references, related-code snippets, suggested approach, regression-risk notes) would overwhelm the human-readable lead-in. Same agent-readable purpose, same 4-backtick fence shape, and same 4-section structure as the body's technical-details block \u2014 see *Inline technical details* above. Encouraged whenever the depth helps a downstream fix-agent; don't force one when the inline lead-in already says everything.
+- **Visible portion \u2264 2-3 sentences.** If you find yourself writing more, that's the cue to split the depth into the \`Technical details\` collapsible.
+
+## Body-wide rules
+
+- **Inline-vs-body discipline (repeated for emphasis):** anything that anchors to a specific line goes inline (with a \`<details>Technical details</details>\` block when the implications are broad). The body is for non-anchorable concerns only \u2014 absence, sequencing, design decisions, scope questions, architectural risk.
+- **No \`### Issues found\` heading** above the issue sections \u2014 each \`### \` heading IS the issue.
+- **Severity emoji on every \`### \` heading** (\u{1F6A8} / \u26A0\uFE0F / \u2139\uFE0F). No emoji on the preamble lead-in or anywhere else.
+- **GitHub block-level rendering**: GitHub's markdown parser requires a blank line between ALL block-level elements (HTML tags like \`<br/>\`, \`<sub>\`, \`<details>\`, \`<b>\` and markdown syntax like headings, lists, blockquotes, code fences, paragraphs). Without a blank line, GitHub treats following content as a continuation of the HTML block and renders markdown syntax as literal text. ALWAYS separate block-level elements with a blank line.
+- **Backtick-wrap** every variable, identifier, or file name when you mention one (in either visible or technical-details portions).
+- **Don't repeat diff content**, don't include raw \`+123 / -45\` stats, don't include a changelog section, don't use horizontal rules (\`---\`).
+- **Pull file/commit counts from \`checkout_pr\` metadata** \u2014 never count manually.
+- **Legacy headings REMOVED.** Do not use \`### Key changes\`, \`### Issues found\`, \`<b>TL;DR</b>\`, or \`<sub><b>Summary</b>\`. The new structure subsumes them.`;
 function computeModes(agentId) {
   const t = (toolName) => formatMcpToolRef(agentId, toolName);
   return [
@@ -146447,7 +146665,7 @@ function computeModes(agentId) {
 
    Otherwise delegate the \`${REVIEWER_AGENT_NAME}\` subagent to review your diff with fresh eyes against YOUR TASK. The subagent's baked-in system prompt enforces a non-mutative + non-recursive contract: read-only file/search/web tools and read-only MCP queries only; no writes, shell side effects, state-changing MCP calls, or nested subagent dispatch. Enforcement is prose-only \u2014 restate the constraint in your dispatch instructions and do not relax it.
 
-   Provide the subagent with YOUR TASK, the output of \`git diff\`, and a tight summary (not raw output) of any lint/typecheck/test failures you fixed during build \u2014 what broke, root cause, the fix \u2014 so it can check that fixes addressed root causes rather than suppressed symptoms; say "no build-phase failures" if the build path was clean. Instruct it to flag bugs, logic errors, missing edge cases, gaps between request and diff, and unintended changes.
+   Provide the subagent with YOUR TASK, the output of \`git diff origin/<base-branch>\` (single-rev form, no \`HEAD\` \u2014 this compares the working tree against the remote base and captures committed + staged + unstaged work; \`main...HEAD\` and \`--cached\` both miss the uncommitted edits Build self-review runs on, since self-review happens BEFORE the commit), and a tight summary (not raw output) of any lint/typecheck/test failures you fixed during build \u2014 what broke, root cause, the fix \u2014 so it can check that fixes addressed root causes rather than suppressed symptoms; say "no build-phase failures" if the build path was clean. Instruct it to flag bugs, logic errors, missing edge cases, gaps between request and diff, and unintended changes.
 
    Delegation + research discipline (distilled from \`/anneal\` canonical \u2014 these are codified learnings from many review rounds, not theoretical best practices):
    - Do NOT summarize what you implemented \u2014 that biases the subagent toward validating the shape of your solution rather than questioning it.
@@ -146456,7 +146674,7 @@ function computeModes(agentId) {
    - Do NOT defect-hunt the diff yourself in parallel with the subagent. Your role is dispatch + evaluation; doing the review yourself reintroduces the implementation bias the subagent is meant to mitigate.
    - For diffs that rely on third-party API contracts, SDK semantics, framework directives, or DB engine specifics, instruct the subagent to verify load-bearing claims via web search and quote source URLs rather than trust training data \u2014 this is the single most common review-quality failure mode.
 
-   Review the findings, address valid points, and discard nitpicks or false positives. The reviewer is fallible \u2014 it biases toward *recommending additions* (defensive checks for impossible cases, extra logging, new abstractions used once, comments restating code, tests asserting tautologies, "just-in-case" guards). For each finding, ask: would applying it leave the code more sound, correct, AND elegant? Two-out-of-three is usually a signal to look harder for a fix that gets all three before settling for one that trades elegance for correctness. Reject bloat-shaped findings without applying them, and after applying the rest re-read your diff and be discerning about what *you just changed*: if any fix turned out to be bloat in context, revert it. The goal is code that is sound and correct *while remaining elegant*; the smallest diff that fixes the real defect almost always wins. Then verify only intended changes are present, no debug artifacts or commented-out code remain, no unrelated files were modified. Commit locally via shell (\`git add . && git commit -m "..."\`).
+   Be **discerning** about what comes back. The reviewer is an AI subagent and is fallible \u2014 treat every finding as a hypothesis, not a directive, and **verify each one yourself** against the diff and the code before deciding whether to apply. You are searching for a solution that is **complete, minimal, and elegant** \u2014 you may need to think hard to find it. Do not over-engineer, do not be over-defensive, **do not write AI slop**. Reviewers bias toward *recommending additions*, and that bias has a recognizable slop texture: defensive checks for cases that cannot happen, extra logging, new abstractions used once, comments restating code, tests asserting tautologies, "just-in-case" guards, error handlers for cases the type system already rules out. Reject those. For each surviving finding, ask: would applying it leave the code more sound, correct, AND elegant? Two-out-of-three means look harder for a fix that gets all three before settling. After applying the fixes you accept, re-read your diff and be discerning about what *you just changed*: if any fix turned out to be bloat in context, revert it. Then verify only intended changes are present, no debug artifacts or commented-out code remain, no unrelated files were modified. Commit locally via shell (\`git add . && git commit -m "..."\`).
 
 6. **finalize**:
    - confirm a clean working tree, then push via \`${t("push_branch")}\` (see *SYSTEM* Git rules if this fails \u2014 prepush errors are usually the repo's tests/lint, not infra timeouts)
@@ -146480,7 +146698,8 @@ For simple, well-defined tasks, skip the plan phase and go straight to build.`
 
 4. For each comment:
    - understand the feedback
-   - evaluate whether applying it would leave the code more **sound, correct, AND elegant**. reviewers are fallible and bias toward *recommending additions* (defensive checks for impossible cases, extra abstractions, comments restating obvious code, tests asserting tautologies, "just-in-case" guards). if a request would add bloat \u2014 ceremony without commensurate correctness benefit \u2014 push back in your reply rather than mechanically applying it. two-out-of-three is usually a signal to look harder for a fix that gets all three before settling.
+   - **verify the finding yourself** against the actual code before deciding whether to apply \u2014 every comment (human or agent) is a hypothesis, not a directive. agent reviewers especially are fallible.
+   - you are searching for a solution that is **complete, minimal, and elegant** \u2014 you may need to think hard to find it. do not over-engineer, do not be over-defensive, **do not write AI slop**. reviewers bias toward *recommending additions*, and that bias has a recognizable slop texture: defensive checks for impossible cases, extra abstractions used once, comments restating obvious code, tests asserting tautologies, "just-in-case" guards, error handlers for cases the type system already rules out. reject those. evaluate whether applying the finding would leave the code more **sound, correct, AND elegant**; two-out-of-three is a signal to look harder for a fix that gets all three. if a request would add bloat \u2014 ceremony without commensurate correctness benefit \u2014 push back in your reply rather than mechanically applying it.
    - if the request stands, make the code change using your native tools; otherwise reply explaining why
    - record what was done (or why nothing was done)
 
@@ -146488,11 +146707,13 @@ For simple, well-defined tasks, skip the plan phase and go straight to build.`
    - test changes, then review the diff before committing \u2014 verify only intended changes are present, no debug artifacts remain, no fix turned out to be bloat in context (revert any that did), and the changes are clean enough that a senior engineer would approve without hesitation
    - commit locally via shell (\`git add . && git commit -m "..."\`)
 
-6. Finalize:
+6. Finalize. Reply + resolve are paired write actions: do BOTH or NEITHER for each thread.
    - confirm a clean working tree, then push via \`${t("push_branch")}\` (same push/prepush guidance as Build mode in *SYSTEM*)
-   - reply to each comment **exactly once** using \`${t("reply_to_review_comment")}\` \u2014 do not re-emit the same call (the runtime dedupes identical bodies and the second call is wasted)
-   - resolve addressed threads via \`${t("resolve_review_thread")}\`
-   - call \`${t("report_progress")}\` with a brief summary (or the exact push error if push failed)`
+   - **if push fails**, call \`${t("report_progress")}\` with the exact error and STOP \u2014 do NOT reply or resolve any thread until the fix is live on the remote. Resolving a thread without the fix landing misleads the reviewer.
+   - **on push success**, for each thread you acted on:
+     - reply ONCE via \`${t("reply_to_review_comment")}\`. The \`comment_id\` parameter takes the root comment's numeric \`id=\` (from the first \`comment author=...\` tag in the \`${t("get_review_comments")}\` output) \u2014 NOT the \`thread=\` value; that's a separate GraphQL ID used by resolve. The runtime dedupes identical bodies within a session.
+     - **immediately** call \`${t("resolve_review_thread")}\` with that thread's \`thread=\` value as \`thread_id\`. Resolve every thread where you (a) made the requested code change in full \u2014 partial fixes leave the thread open \u2014 OR (b) replied with a substantive answer the user explicitly asked for. Do NOT resolve threads where you pushed back on the request and the disagreement is unresolved; leave those open for the human to mediate.
+   - call \`${t("report_progress")}\` with a brief summary`
     },
     // Review and IncrementalReview use a 0-or-2+ lens pattern. The default is
     // 0 lenses (orchestrator handles the review solo). Multi-lens (2+
@@ -146509,9 +146730,12 @@ For simple, well-defined tasks, skip the plan phase and go straight to build.`
     // the Review/IncrementalReview lens fan-out where independence between
     // perspectives is what's being purchased.
     //
-    // Deliberate omission vs canonical /anneal: severity categorization in
-    // the final message (the review body has its own CAUTION/IMPORTANT
-    // framing instead of a severity table).
+    // Severity categorization is split across two surfaces: the opening
+    // callout (CAUTION/IMPORTANT/ℹ️/✅) sets the review's overall tier, and
+    // per-bullet emoji prefixes (🚨/⚠️/ℹ️ in PR_SUMMARY_FORMAT) tag
+    // individual points inside summary sections — scoping severity to the
+    // specific bullet rather than the whole section keeps a section that
+    // mixes a 🚨 and an ℹ️ from being mislabeled by either of them.
     {
       name: "Review",
       description: "Review code, PRs, or implementations; provide feedback or suggestions; identify issues; or check code quality, style, and correctness",
@@ -146597,7 +146821,9 @@ For simple, well-defined tasks, skip the plan phase and go straight to build.`
 
 6. **aggregate & draft**: when the fan-out lands, merge findings; de-dup overlaps (two lenses catching the same issue = higher-confidence signal); trace each finding yourself before accepting it. drop praise, style preferences, speculative/unverified claims, findings about pre-existing code unrelated to the PR (heuristic: if the finding's root cause lives in lines this PR added or modified, it's in scope; otherwise drop unless the PR plausibly introduced or amplified the regression), and anything not actionable. also drop **bloat-shaped findings** \u2014 proposed fixes that would add defensive checks for cases that can't happen, abstractions used once, comments restating obvious code, tests asserting tautologies, or "just-in-case" guards. subagents are fallible and bias toward recommending changes; the bar for an actionable inline comment is sound + correct + elegant. recommending a change that improves only one of the three (or worse, degrades elegance to nominally improve correctness) makes the codebase worse, not better.
 
-   for surviving findings, draft inline comments with NEW line numbers from the diff. every comment must be actionable, 2-3 sentences max. use GitHub permalink format for code references. for impact-analysis findings (stale references after rename/remove), report them in the review body ordered by severity (runtime breakage > incorrect docs > stale comments) rather than as inline comments unless they're anchored to a specific line.
+   **Hunt for non-anchored concerns before drafting.** After collecting your anchored findings, deliberately scan for concerns that have no specific line to point at \u2014 typically: deletion / cleanup plans for code the diff replaces or shadows; rollout sequencing (what happens to in-flight state during deploy / revert?); coverage gaps the diff implies but doesn't add; scope questions that only the human can answer (e.g. is the legacy path going away or is this a long-term dual track?); architectural risks the diff opens up that aren't a single-line bug. On substantial PRs (migrations, refactors, multi-file rewrites, version bumps that change runtime semantics), at least one such concern almost always exists; if you can't think of any, your bar is probably too high.
+
+   for surviving findings, draft inline comments with NEW line numbers from the diff \u2014 attach a \`<details>Technical details</details>\` block to any inline comment whose fix is non-trivial or has cross-file implications (see Inline technical details in the format below). every comment must be actionable, 2-3 sentences max in the visible part. use GitHub permalink format for code references. for impact-analysis findings (stale references after rename/remove), report them in the review body ordered by severity (runtime breakage > incorrect docs > stale comments) rather than as inline comments unless they're anchored to a specific line.
 
 7. **submit**: ALWAYS submit exactly one review via \`${t("create_pull_request_review")}\`. Do NOT call \`report_progress\` \u2014 the review is the final record and the progress comment will be cleaned up automatically.
 
@@ -146605,12 +146831,12 @@ For simple, well-defined tasks, skip the plan phase and go straight to build.`
 
    The review body is structured as: \`[optional alert blockquote]\` \u2192 \`[PR summary using the default format below]\`. Inline comments are passed via the \`comments\` parameter, not in the body.
 
-   GitHub alert blockquotes render at four visual intensities \u2014 the callout is what the author sees first, so pick the one that matches what you want them to do:
+   The opening callout is what the author sees first \u2014 pick the one that matches what you want them to do. Five tiers, from loudest to friendliest:
 
    - \`[!CAUTION]\` \u2014 large red banner. Reads as "this will break something."
    - \`[!IMPORTANT]\` \u2014 large purple banner. Reads as "you need to look at this before merging."
-   - \`[!NOTE]\` \u2014 small blue inline callout. Reads as "FYI, here's something worth noting."
-   - no callout \u2014 plain text. Reads as routine review output.
+   - \`> \u2139\uFE0F ...\` \u2014 informational blockquote. Reads as "minor suggestions, nothing blocking."
+   - \`> \u2705 ...\` \u2014 green friendly blockquote. Reads as "no concerns, mergeable."
 
    Two reinforcing levers: callout intensity (above) and \`approved\` (which gates the footer Fix-button affordance \u2014 Fix renders on every non-approving review, so \`approved: true\` suppresses it). Wrapping mergeable feedback in \`[!IMPORTANT]\` trains users to click Fix on reviews that don't need fixing. Pick the tier the author's actual next action justifies.
 
@@ -146619,25 +146845,25 @@ For simple, well-defined tasks, skip the plan phase and go straight to build.`
    - **must-address non-critical findings** (real consequences if shipped \u2014 incorrect behavior in non-critical paths, missing validation on user input, regressions the author should fix before merge):
      \`approved: false\`. Body opens with \`> [!IMPORTANT]\\n> ...\`, followed by the PR summary. Reserve this tier for findings with concrete fallout \u2014 do NOT use \`[!IMPORTANT]\` for nits, style preferences, or "consider also" suggestions. Include all inline comments via \`comments\`.
    - **minor suggestions only** (single-line nits, doc/comment polish, defer-able observations, "rough edges"):
-     \`approved: false\`. NO alert blockquote. Body opens directly with the PR summary. Include all inline comments via \`comments\`.
+     \`approved: false\`. Body opens with \`> \u2139\uFE0F No critical issues \u2014 minor suggestions inline.\\n\\n\` followed by the PR summary. Include all inline comments via \`comments\`. Vary the wording after the emoji to fit the review (e.g. "Minor suggestions only.", "Two rough edges worth a look."), but always keep the \u2139\uFE0F prefix and keep it short.
    - **informational observations** (mergeable as-is, nothing actionable \u2014 e.g. prior feedback addressed cleanly, surfacing a minor stale doc reference, calling out something noteworthy without recommending a change):
-     \`approved: true\`. Body opens with \`> [!NOTE]\\n> ...\`, followed by the PR summary. Do NOT include inline \`comments\` \u2014 \`[!NOTE]\` signals "no action needed", which contradicts an actionable anchor; if a point is concrete enough to anchor to a line, downgrade the whole review to "minor suggestions only" (\`approved: false\`) instead.
+     \`approved: true\`. Body opens with \`> \u2705 No new issues found.\\n\\n\` followed by the PR summary. Do NOT include inline \`comments\` \u2014 the \u2705 signals "no action needed", which contradicts an actionable anchor; if a point is concrete enough to anchor to a line, downgrade the whole review to "minor suggestions only" (\`approved: false\`) instead.
    - **no actionable issues**:
-     \`approved: true\`. Body opens with \`No new issues found.\` followed by the PR summary.
+     \`approved: true\`. Body opens with \`> \u2705 No new issues found.\\n\\n\` followed by the PR summary.
 
 ${PR_SUMMARY_FORMAT}`
     },
-    // IncrementalReview shares Review's 0-or-2+ lens pattern but scopes the
-    // target to the incremental diff. The "issues must be NEW since the last
-    // Pullfrog review" filter lives at aggregation time (step 8), NOT in the
-    // subagent prompt — pushing the filter into
-    // subagents matches the canonical anneal anti-pattern of "list known
-    // pre-existing failures — don't flag these" and suppresses signal on
-    // regressions the new commits amplified. The review body is just
-    // "Reviewed changes" — a separate "Prior review feedback" checklist
-    // would duplicate the rolling PR summary snapshot's record of what
-    // earlier runs already addressed and add noise to the user-facing
-    // body. Same severity-table omission as Review.
+    // IncrementalReview shares Review's 0-or-2+ lens pattern AND its body
+    // format (PR_SUMMARY_FORMAT), scoped to the incremental delta against the
+    // prior pullfrog review. The "issues must be NEW since the last Pullfrog
+    // review" filter lives at aggregation time (step 8), NOT in the subagent
+    // prompt — pushing the filter into subagents matches the canonical anneal
+    // anti-pattern of "list known pre-existing failures — don't flag these"
+    // and suppresses signal on regressions the new commits amplified. A
+    // separate "Prior review feedback" checklist would duplicate the rolling
+    // PR summary snapshot's record of what earlier runs already addressed and
+    // add noise to the user-facing body. Same opening-callout + per-bullet
+    // emoji severity split as Review.
     {
       name: "IncrementalReview",
       description: "Re-review a PR after new commits are pushed; focus on new changes since the last review",
@@ -146649,7 +146875,15 @@ ${PR_SUMMARY_FORMAT}`
 
 3. **incremental scope**: if \`incrementalDiffPath\` is present, read it to see what changed since the last review. this is a range-diff that isolates the net changes, filtering out base branch noise. if not present, fall back to reviewing the full PR diff and determine what changed since Pullfrog's most recent review.
 
-4. **prior feedback**: fetch previous reviews via \`${t("list_pull_request_reviews")}\`. for the most recent Pullfrog review, call \`${t("get_review_comments")}\` with the review ID to retrieve specific prior line-level feedback. you'll use this to filter your aggregation in step 8 \u2014 anything already flagged in a prior review and not changed by the new commits should not be re-raised. you do NOT need to render this in the review body; the rolling PR summary snapshot is the durable record of what's been addressed.
+4. **prior feedback \u2014 read AND retire it**: fetch previous reviews via \`${t("list_pull_request_reviews")}\`, then call \`${t("get_review_comments")}\` on each prior Pullfrog review. Each thread renders as a section whose first line is a fenced tag \`comment author=<login> id=<fullDatabaseId> review=<reviewId> thread=<graphqlId>\`; section headers carry \`[RESOLVED]\` / \`[OUTDATED]\` when relevant. For every **open, Pullfrog-originated** thread, decide and act:
+
+   - **Pullfrog-originated** means the FIRST \`comment author=...\` tag in the section is \`author=pullfrog[bot]\`. The \`*\` marker on individual comments is unrelated \u2014 it flags whether a comment belongs to the queried review, not whether it is the thread root.
+   - **addressed?** read the file at the thread's anchor and judge whether the substantive concern is now resolved by the new commits. Lines being modified isn't enough: reformatting, renaming, or moving the same code elsewhere doesn't address a concern. If the comment raised multiple distinct concerns, ALL must be addressed. The \`[OUTDATED]\` tag means GitHub moved the anchor (line shift, force-push, rename) \u2014 it does NOT mean the concern was addressed; re-read the code at its new location before deciding.
+   - **if addressed**: call \`${t("reply_to_review_comment")}\` with the root tag's numeric \`id=\` as \`comment_id\` (NOT the \`thread=\` value \u2014 that's a separate GraphQL ID used only by resolve) and a one-line body (e.g. \`Addressed in <short-sha>.\`), then call \`${t("resolve_review_thread")}\` with the root tag's \`thread=\` value as \`thread_id\`. Do this BEFORE drafting the new review so the GitHub thread state aligns with the new review by the time it lands.
+   - **if uncertain or partially addressed**: leave open. False-positive resolutions erode trust faster than false negatives.
+   - **scope**: only retire Pullfrog-originated threads. Threads from human reviewers belong to those humans to resolve, even if the commit happened to address them.
+
+   The remaining open threads feed step 8's dedup filter \u2014 anything already flagged and unchanged by the new commits should not be re-raised. The rolling PR summary snapshot is the durable record of retire activity; you don't need to surface it in the review body.
 
 5. **triage**: orient on the *incremental* changes \u2014 domain, seams, external contracts, user-facing surfaces. pull as much context as you need to render a confident review: read related files, grep for callers of changed symbols, check tests that exercise the touched paths. **you are the synthesizer.**
 
@@ -146695,22 +146929,28 @@ ${PR_SUMMARY_FORMAT}`
    - do NOT pre-shape their output with a finding schema
    - do NOT mention the other lenses (independence is the point)
 
-8. **aggregate, draft, self-critique**: merge findings (yours + any subagent output if you went multi-lens); de-dup overlaps; trace each finding yourself. drop praise, style preferences, speculative/unverified claims, findings about pre-existing code unrelated to the new commits, anything not actionable, and anything that re-states prior review feedback (heuristic: if the finding's root cause lives in lines the *new commits* added or modified, it's in scope; otherwise drop). also drop **bloat-shaped findings** \u2014 proposed fixes that would add defensive checks for cases that can't happen, abstractions used once, comments restating obvious code, tests asserting tautologies, or "just-in-case" guards. subagents are fallible and bias toward recommending changes; the bar for an actionable inline comment is sound + correct + elegant. recommending a change that improves only one of the three (or degrades elegance to nominally improve correctness) makes the codebase worse, not better. To compute "lines the new commits added or modified": if \`incrementalDiffPath\` from step 2 is present, use it directly. Otherwise, take the prior Pullfrog review's \`commit_id\` (returned alongside each entry from \`${t("list_pull_request_reviews")}\` in step 4) and run \`git diff <prior-review-sha>..HEAD\` to isolate the lines added since that review. draft inline comments with NEW line numbers from the full PR diff \u2014 every comment must be actionable, 2-3 sentences max.
+8. **aggregate, draft, self-critique**: merge findings (yours + any subagent output if you went multi-lens); de-dup overlaps; trace each finding yourself. drop praise, style preferences, speculative/unverified claims, findings about pre-existing code unrelated to the new commits, anything not actionable, and anything that re-states prior review feedback (heuristic: if the finding's root cause lives in lines the *new commits* added or modified, it's in scope; otherwise drop). also drop **bloat-shaped findings** \u2014 proposed fixes that would add defensive checks for cases that can't happen, abstractions used once, comments restating obvious code, tests asserting tautologies, or "just-in-case" guards. subagents are fallible and bias toward recommending changes; the bar for an actionable inline comment is sound + correct + elegant. recommending a change that improves only one of the three (or degrades elegance to nominally improve correctness) makes the codebase worse, not better. To compute "lines the new commits added or modified": if \`incrementalDiffPath\` from step 2 is present, use it directly. Otherwise, take the prior Pullfrog review's \`commit_id\` (returned alongside each entry from \`${t("list_pull_request_reviews")}\` in step 4) and run \`git diff <prior-review-sha>..HEAD\` to isolate the lines added since that review.
+
+   **Hunt for non-anchored concerns before drafting.** After collecting your anchored findings, deliberately scan for concerns that have no specific line to point at \u2014 typically: deletion / cleanup plans for code the new commits replace or shadow; rollout sequencing (what happens to in-flight state during deploy / revert?); coverage gaps the new commits imply but don't add; scope questions that only the human can answer (e.g. is the legacy path going away or is this a long-term dual track?); architectural risks the new commits open up that aren't a single-line bug. On substantial incremental diffs (migrations, refactors, multi-file rewrites, version bumps that change runtime semantics), at least one such concern almost always exists; if you can't think of any, your bar is probably too high.
 
-9. **build the review body** \u2014 a single "Reviewed changes" section: summarize at the logical-change level, not per-file. each bullet starts with a past-tense verb (e.g. \`- Extracted shared CLI runtime into a single module\`, \`- Renamed package to pullfrog\`). avoid file paths unless they add clarity. if the changes can be described in one sentence, use one sentence \u2014 no bullets needed. do NOT include a separate "Prior review feedback" checklist; that's tracked in the rolling PR summary snapshot for the next agent run, and surfacing it in the user-facing body is noise (changes that addressed prior feedback are already covered by the Reviewed-changes bullets). in some cases you may receive a complete diff for the whole pull request instead of an incremental one \u2014 when this happens, you will need to determine what changes have happened since Pullfrog's most recent review.
+   draft inline comments with NEW line numbers from the full PR diff \u2014 attach a \`<details>Technical details</details>\` block to any inline comment whose fix is non-trivial or has cross-file implications (see Inline technical details in the format below). every comment must be actionable, 2-3 sentences max in the visible part.
+
+9. **build the review body**: use the same default format as Review mode (preamble + optional cross-cutting \`### \` sections + optional \`### \u2139\uFE0F Nitpicks\`) \u2014 scoped to the **incremental delta**, not the full PR. The "Reviewed changes" bullets describe what changed since the prior pullfrog review (each bullet starts with a past-tense verb, e.g. \`- Extracted shared CLI runtime into a single module\`). Do NOT include a separate "Prior review feedback" checklist \u2014 that's tracked in the rolling PR summary snapshot for the next agent run, and surfacing it in the user-facing body is noise (changes that addressed prior feedback are already covered by the Reviewed-changes bullets). In some cases you may receive a complete diff for the whole PR instead of an incremental one; when this happens, determine what changed since Pullfrog's most recent review yourself before drafting bullets.
 
 10. Submit \u2014 every run must end with EXACTLY ONE of \`${t("create_pull_request_review")}\` (substantive review) or \`${t("report_progress")}\` (no-review acknowledgement). do NOT call \`create_issue_comment\` for review output.
 
-   Same callout-intensity ladder as Review mode \u2014 \`[!CAUTION]\` (large red, "will break") \u2192 \`[!IMPORTANT]\` (large purple, "must address before merging") \u2192 \`[!NOTE]\` (small blue, "FYI") \u2192 no callout (plain text). And the same Fix-button lever: the footer renders a Fix button on every non-approving review, so \`approved: true\` suppresses it. Wrapping mergeable feedback in \`[!IMPORTANT]\` trains users to click Fix on reviews that don't need fixing \u2014 pick the tier the author's actual next action justifies.
+   Same callout ladder as Review mode \u2014 \`[!CAUTION]\` (red, "will break") \u2192 \`[!IMPORTANT]\` (purple, "must address before merging") \u2192 \`> \u2139\uFE0F ...\` (informational, "minor suggestions only") \u2192 \`> \u2705 ...\` (green friendly, "no concerns"). Same Fix-button lever: the footer renders a Fix button on every non-approving review, so \`approved: true\` suppresses it. Wrapping mergeable feedback in \`[!IMPORTANT]\` trains users to click Fix on reviews that don't need fixing \u2014 pick the tier the author's actual next action justifies.
 
    Follow these rules:
    - note: the first create_pull_request_review submission may error with a one-time diff-coverage nudge listing unread TOC regions. retry the same call to proceed \u2014 optionally after reading the listed ranges. the pre-flight will not block again this session.
    - IF NO NEW ISSUES, NON-SUBSTANTIVE CHANGES ONLY (trivial formatting, import reordering, comment tweaks): do NOT submit a review. Instead call \`${t("report_progress")}\` with a 1-2 sentence note explaining no review was warranted (e.g. "No new issues. Changes since last review are formatting-only."). this leaves a visible signal that the run completed.
-   - ELSE IF NEW CRITICAL ISSUES (blocks merge \u2014 bugs, security, data loss, broken core flows): call \`${t("create_pull_request_review")}\` with \`approved: false\`, all comments, and the review body. body opens with \`> [!CAUTION]\\n> This PR introduces ...\`, then the Reviewed-changes summary.
-   - ELSE IF NEW MUST-ADDRESS NON-CRITICAL FINDINGS (real consequences if shipped \u2014 incorrect behavior, missing validation, regressions the author should fix before merge): call \`${t("create_pull_request_review")}\` with \`approved: false\`, all comments, and the review body. body opens with \`> [!IMPORTANT]\\n> ...\`, then the Reviewed-changes summary. Do NOT use this tier for nits, style preferences, or "consider also" suggestions.
-   - ELSE IF NEW MINOR SUGGESTIONS ONLY (single-line nits, doc/comment polish, defer-able observations, "rough edges"): call \`${t("create_pull_request_review")}\` with \`approved: false\`, all comments, and the review body. body opens directly with \`Reviewed the following changes:\\n\` (NO alert blockquote), then the Reviewed-changes summary.
-   - ELSE IF INFORMATIONAL OBSERVATIONS (mergeable as-is, but worth surfacing \u2014 e.g. prior feedback addressed cleanly with one minor stale doc reference, or a noteworthy positive observation): call \`${t("create_pull_request_review")}\` with \`approved: true\`, NO inline comments, and the review body. body opens with \`> [!NOTE]\\n> ...\` alert, then the Reviewed-changes summary. If a point is concrete enough to anchor to a line, downgrade the whole review to "minor suggestions only" (\`approved: false\`) instead \u2014 \`[!NOTE]\` and inline comments don't mix.
-   - ELSE IF NO NEW ISSUES, SUBSTANTIVE CHANGES (new functionality, behavior changes, or fixes to prior review feedback): call \`${t("create_pull_request_review")}\` to create a PR review. If all previous reviews have been properly addressed and no new issues were discovered, you can set \`approved: true\`. body opens with \`No new issues. Reviewed the following changes:\\n\`, then the Reviewed-changes summary.`
+   - ELSE IF NEW CRITICAL ISSUES (blocks merge \u2014 bugs, security, data loss, broken core flows): call \`${t("create_pull_request_review")}\` with \`approved: false\`, all comments, and the review body. body opens with \`> [!CAUTION]\\n> This PR introduces ...\`, followed by the PR summary using the default format below.
+   - ELSE IF NEW MUST-ADDRESS NON-CRITICAL FINDINGS (real consequences if shipped \u2014 incorrect behavior, missing validation, regressions the author should fix before merge): call \`${t("create_pull_request_review")}\` with \`approved: false\`, all comments, and the review body. body opens with \`> [!IMPORTANT]\\n> ...\`, followed by the PR summary using the default format below. Do NOT use this tier for nits, style preferences, or "consider also" suggestions.
+   - ELSE IF NEW MINOR SUGGESTIONS ONLY (single-line nits, doc/comment polish, defer-able observations, "rough edges"): call \`${t("create_pull_request_review")}\` with \`approved: false\`, all comments, and the review body. body opens with \`> \u2139\uFE0F No critical issues \u2014 minor suggestions inline.\\n\\n\` (vary the wording after \u2139\uFE0F to fit the review), followed by the PR summary using the default format below.
+   - ELSE IF INFORMATIONAL OBSERVATIONS (mergeable as-is, but worth surfacing \u2014 e.g. prior feedback addressed cleanly with one minor stale doc reference, or a noteworthy positive observation): call \`${t("create_pull_request_review")}\` with \`approved: true\`, NO inline comments, and the review body. body opens with \`> \u2705 No new issues found.\\n\\n\` (or similar friendly green opener), followed by the PR summary using the default format below. If a point is concrete enough to anchor to a line, downgrade the whole review to "minor suggestions only" (\`approved: false\`) instead \u2014 the \u2705 signals "no action needed", which contradicts an actionable anchor.
+   - ELSE IF NO NEW ISSUES, SUBSTANTIVE CHANGES (new functionality, behavior changes, or fixes to prior review feedback): call \`${t("create_pull_request_review")}\` to create a PR review. If all previous reviews have been properly addressed and no new issues were discovered, set \`approved: true\`. body opens with \`> \u2705 No new issues found.\\n\\n\`, followed by the PR summary using the default format below.
+
+${PR_SUMMARY_FORMAT}`
     },
     {
       name: "Plan",
@@ -146725,7 +146965,7 @@ ${PR_SUMMARY_FORMAT}`
 
 3. Produce a structured, actionable plan with clear milestones.
 
-4. Call \`${t("report_progress")}\` with the plan.`
+4. Call \`${t("report_progress")}\` with the plan body. Do NOT set \`target_plan_comment\` \u2014 that flag is exclusively for revising an existing plan, and \`${t("select_mode")}\` will route you to a separate PlanEdit checklist when a prior plan comment exists for this issue.`
     },
     {
       name: "Fix",
@@ -146817,6 +147057,7 @@ function initToolState(params) {
   return {
     progressComment: resolved,
     hadProgressComment: !!resolved,
+    prepushFailureCount: 0,
     backgroundProcesses: /* @__PURE__ */ new Map(),
     usageEntries: []
   };
@@ -146916,6 +147157,17 @@ async function installFromNpmTarball(params) {
 // utils/providerErrors.ts
 var statusKey = `\\b(?:status[_ ]?code|http[_ ]?status|status)["']?\\s*[:=]\\s*["']?`;
 var PROVIDER_ERROR_PATTERNS = [
+  // billing-payload patterns come BEFORE bare status-code patterns. providers
+  // commonly return 401 / 429 for billing/quota exhaustion (OpenCode Zen
+  // `CreditsError` / `FreeUsageLimitError`, Gemini `RESOURCE_EXHAUSTED` +
+  // "spending cap", Anthropic "Insufficient balance"). these are non-retryable
+  // and require user-billing action — distinct from a transient auth error or
+  // rate-limit. status-code patterns would otherwise win and surface
+  // "auth error (401)" / "rate limited (429)" with no billing hint. see #778.
+  { regex: /\bCreditsError\b/, label: "provider billing exhausted" },
+  { regex: /\bFreeUsageLimitError\b/, label: "provider billing exhausted" },
+  { regex: /Insufficient balance/i, label: "provider billing exhausted" },
+  { regex: /spending cap/i, label: "provider billing exhausted" },
   // auth patterns must come BEFORE rate-limit patterns. OpenRouter 401 error
   // payloads carry `x-ratelimit-*` response headers in the dump, and the
   // free-form rate-limit regex below would otherwise win on word-boundary
@@ -147042,11 +147294,25 @@ function addSkill(params) {
   );
   if (result.status === 0) {
     log.success(`installed ${params.skill} skill (${params.agent})`);
-  } else {
-    const stderr = (result.stderr?.toString() || "").trim();
-    const errorMsg = result.error ? result.error.message : stderr;
-    log.info(`${params.skill} skill install failed: ${errorMsg}`);
+    return;
   }
+  const stdout = (result.stdout?.toString() || "").trim();
+  const stderr = (result.stderr?.toString() || "").trim();
+  const parts = [
+    `exit=${result.status ?? "null"} signal=${result.signal ?? "null"}`,
+    result.error ? `spawn error: ${result.error.message}` : null,
+    stderr ? `stderr:
+${tailLines(stderr, 20)}` : null,
+    stdout ? `stdout:
+${tailLines(stdout, 20)}` : null
+  ].filter(Boolean);
+  log.warning(`${params.skill} skill install failed \u2014 ${parts.join(" | ")}`);
+}
+function tailLines(text, n) {
+  const lines = text.split("\n");
+  if (lines.length <= n) return text;
+  return `...(truncated, last ${n} of ${lines.length} lines)
+${lines.slice(-n).join("\n")}`;
 }
 
 // utils/timer.ts
@@ -147143,7 +147409,7 @@ function buildUnsubmittedReviewPrompt(mode) {
     return [
       `MISSING REVIEW OUTPUT \u2014 you selected Review mode but stopped without calling \`create_pull_request_review\`. the user has no visible signal that this run produced anything; the progress comment will be deleted on exit and no review will appear on the PR.`,
       "",
-      "call `create_pull_request_review` now with your aggregated review (body + inline comments). pick the tier per the mode prompt \u2014 Review mode has no no-submit exit, so even informational `> [!NOTE]` reviews and `No new issues found.` reviews must be submitted (both use `approved: true`). the first call may error once with a diff-coverage nudge \u2014 retry the same call to proceed.",
+      "call `create_pull_request_review` now with your aggregated review (body + inline comments). pick the tier per the mode prompt \u2014 Review mode has no no-submit exit, so even informational `> \u2705 No new issues found.` reviews must be submitted (with `approved: true`). the first call may error once with a diff-coverage nudge \u2014 retry the same call to proceed.",
       "",
       "do NOT stop again until `create_pull_request_review` has been called successfully."
     ].join("\n");
@@ -147189,6 +147455,11 @@ function buildPostRunPrompt(issues) {
   if (issues.summaryStale) parts.push(buildSummaryStalePrompt(issues.summaryStale.filePath));
   return parts.join("\n\n---\n\n");
 }
+var REFLECTION_SKIP_MODES = /* @__PURE__ */ new Set(["IncrementalReview"]);
+function shouldRunReflection(mode) {
+  if (!mode) return true;
+  return !REFLECTION_SKIP_MODES.has(mode);
+}
 function buildLearningsReflectionPrompt(filePath) {
   return [
     `REFLECTION \u2014 before you finish, think back over this task: did you discover anything about this repo's setup, test commands, conventions, or patterns that is high-confidence and would reliably help future runs?`,
@@ -147200,18 +147471,16 @@ function buildLearningsReflectionPrompt(filePath) {
     `- **no section over ~300 lines.** when a section is approaching that, split it: introduce \`### \` subsections grouping related bullets, or hoist a coherent group into a new top-level \`## \` section. granular sections mean future runs read targeted line ranges instead of slurping the whole file. this is the most important hygiene rule on long-lived repos.`,
     `- if you find a flat unstructured list (legacy content from before this format), restructure it: read it, group related bullets, rewrite the file with \`## \` / \`### \` headings around them. don't preserve bad structure \u2014 fix it.`,
     "",
+    `the only test: would a future run on this repo do its work better because this bullet exists? useful for future runs in this repo \u2014 prevent wasted tool calls, rabbit holes, and mistakes.`,
+    "",
     `bullet hygiene:`,
-    `- one fact per line starting with \`- \`. each bullet is ONE specific durable fact, not a paragraph or essay.`,
-    `- aim for \u2264 240 chars per bullet. longer bullets are almost always mixing multiple facts that should be split, or burying the durable claim under PR-specific context that should be cut.`,
-    `- only add bullets when the finding is high-confidence AND broadly useful AND will still be true in 3+ months. skip speculative, one-off, or "maybe" findings.`,
-    `- prune bullets that are clearly wrong, no longer relevant, or low-signal. a focused, accurate file beats a long stale one. compressing two overlapping bullets into one tighter bullet counts as progress.`,
-    `- deduplicate against existing entries (in any section) \u2014 if a bullet covers the same fact, update it in place instead of adding a duplicate.`,
+    `- one fact per line starting with \`- \`, \u2264 240 chars.`,
+    `- only add when high-confidence, broadly useful, evergreen.`,
+    `- prune wrong or low-signal bullets; merge overlaps; dedupe across sections.`,
+    "",
+    `don't anchor facts to repo state that will move: PR / review / commit / branch refs, dates, version pins, line numbers. state the rule directly. if it needs the anchor to be load-bearing, it isn't evergreen.`,
     "",
-    `do NOT add bullets for:`,
-    `- pullfrog tool quirks (e.g. "\`shell\` timeout is in milliseconds", "\`git\` args must be a JSON array", "\`create_pull_request_review\` drops out-of-hunk comments", "\`push_branch\` may report timeout when push succeeded"). these are universal across repos and belong in the tool descriptions \u2014 flag the gap rather than hoarding the workaround per-repo.`,
-    `- references to specific PR numbers, review IDs, commit SHAs, branch names, or person handles ("PR #595 introduced X", "flagged in review 12345", "as of commit abc123"). repo state changes; these decay into noise within weeks.`,
-    `- dated assertions ("as of May 2026", "currently...", "for now..."). if a fact needs a date to be true, it isn't durable enough to belong here.`,
-    `- play-by-play of what THIS run did. learnings are for the NEXT run, not a retrospective.`,
+    `tool-quirk bullets are fine when you burned calls discovering the quirk and a future run would repeat them. write the workaround, not the war story.`,
     "",
     `if you have nothing substantively new to add AND the existing entries still look healthy and well-structured, leave the file alone \u2014 just reply "done" and stop. silence is a valid outcome.`
   ].join("\n");
@@ -147431,7 +147700,7 @@ function stripProviderPrefix(specifier) {
 function resolveEffort(_model) {
   return "high";
 }
-function tailLines(text, maxCodeUnits) {
+function tailLines2(text, maxCodeUnits) {
   if (text.length <= maxCodeUnits) return text;
   const tail = text.slice(-maxCodeUnits);
   const firstNewline = tail.indexOf("\n");
@@ -147495,6 +147764,7 @@ async function runClaude(params) {
           }
         } else if (block.type === "tool_use") {
           const toolName = block.name || "unknown";
+          suspendActivity();
           if (params.onToolUse) {
             params.onToolUse({
               toolName,
@@ -147539,6 +147809,7 @@ async function runClaude(params) {
       for (const block of content) {
         if (typeof block === "string") continue;
         if (block.type === "tool_result") {
+          resumeActivity();
           timerFor(label).markToolResult();
           const outputContent = typeof block.content === "string" ? block.content : Array.isArray(block.content) ? block.content.map(
             (entry) => typeof entry === "string" ? entry : typeof entry === "object" && entry !== null && "text" in entry ? String(entry.text) : JSON.stringify(entry)
@@ -147627,6 +147898,7 @@ async function runClaude(params) {
       env: params.env,
       activityTimeout: 3e5,
       onActivityTimeout: params.onActivityTimeout,
+      isPausedExternally: isActivitySuspended,
       stdio: ["ignore", "pipe", "pipe"],
       // run claude in its own process group so SIGKILL on activity timeout /
       // outer cancellation reaches any subprocesses it spawns (rg, file
@@ -147720,7 +147992,7 @@ ${stderrContext}`);
       const errorContext = lastProviderError ? ` (${lastProviderError})` : "";
       const stdoutSnapshot = output.toString();
       const stderrSnapshot = recentStderr.join("\n");
-      const truncatedStdout = stdoutSnapshot ? tailLines(stdoutSnapshot, 2048) : "";
+      const truncatedStdout = stdoutSnapshot ? tailLines2(stdoutSnapshot, 2048) : "";
       const nonJsonStdoutSnapshot = recentNonJsonStdout.join("\n");
       const errorMessage = lastResultError || stderrSnapshot || nonJsonStdoutSnapshot || truncatedStdout || `unknown error - no output from Claude CLI${errorContext}`;
       log.error(
@@ -147782,6 +148054,7 @@ ${stderrContext}`
 }
 var MANAGED_SETTINGS_DIR = "/etc/claude-code";
 var MANAGED_SETTINGS_PATH = `${MANAGED_SETTINGS_DIR}/managed-settings.json`;
+var CODEX_AUTH_DENY_PATH = "~/.local/share/opencode/auth.json";
 var managedSettings = {
   allowManagedPermissionRulesOnly: true,
   allowManagedHooksOnly: true,
@@ -147794,12 +148067,16 @@ var managedSettings = {
       "Edit(//proc/**)",
       "Edit(//sys/**)",
       "Glob(//proc/**)",
-      "Glob(//sys/**)"
+      "Glob(//sys/**)",
+      `Read(${CODEX_AUTH_DENY_PATH})`,
+      `Grep(${CODEX_AUTH_DENY_PATH})`,
+      `Edit(${CODEX_AUTH_DENY_PATH})`,
+      `Glob(${CODEX_AUTH_DENY_PATH})`
     ]
   },
   sandbox: {
     filesystem: {
-      denyRead: ["/proc", "/sys"]
+      denyRead: ["/proc", "/sys", CODEX_AUTH_DENY_PATH]
     }
   }
 };
@@ -147860,14 +148137,21 @@ var claude = agent({
     if (model) {
       baseArgs.push("--model", model);
     }
+    const repoDir = process.cwd();
     const env2 = {
       ...process.env,
-      ...homeEnv
+      ...homeEnv,
+      PWD: repoDir
     };
     if (isBedrockRoute) {
       env2.CLAUDE_CODE_USE_BEDROCK = "1";
     }
-    const repoDir = process.cwd();
+    if (env2.CLAUDE_CODE_OAUTH_TOKEN && !isBedrockRoute && env2.ANTHROPIC_API_KEY) {
+      log.debug(
+        "\xBB CLAUDE_CODE_OAUTH_TOKEN present \u2014 stripping ANTHROPIC_API_KEY from Claude Code env so the OAuth subscription is used"
+      );
+      delete env2.ANTHROPIC_API_KEY;
+    }
     log.info(`\xBB effort: ${effort}`);
     log.debug(`\xBB starting Pullfrog (Claude Code): node ${baseArgs.join(" ")}`);
     log.debug(`\xBB working directory: ${repoDir}`);
@@ -147887,7 +148171,7 @@ var claude = agent({
       ctx,
       initialResult: result,
       initialUsage: result.usage,
-      reflectionPrompt: ctx.toolState.learningsFilePath ? buildLearningsReflectionPrompt(ctx.toolState.learningsFilePath) : void 0,
+      reflectionPrompt: ctx.toolState.learningsFilePath && shouldRunReflection(ctx.toolState.selectedMode) ? buildLearningsReflectionPrompt(ctx.toolState.learningsFilePath) : void 0,
       canResume: (r) => Boolean(r.sessionId),
       resume: async (c) => {
         const sessionId = c.previousResult.sessionId;
@@ -147901,16 +148185,19 @@ var claude = agent({
   }
 });
 
-// agents/opencode.ts
-import { execFileSync as execFileSync4 } from "node:child_process";
-import { mkdirSync as mkdirSync5, writeFileSync as writeFileSync8 } from "node:fs";
-import { join as join11 } from "node:path";
+// agents/opencode_v2.ts
+var core2 = __toESM(require_core(), 1);
+import { mkdirSync as mkdirSync6, writeFileSync as writeFileSync9 } from "node:fs";
+import { join as join12 } from "node:path";
 import { performance as performance7 } from "node:perf_hooks";
 
 // utils/agentHangReport.ts
 var MAX_STDERR_BYTES = 3e3;
 function formatAgentHangBody(input) {
   if (!input.diagnostic) return null;
+  if (input.diagnostic.lastProviderError === "provider billing exhausted") {
+    return formatBillingExhaustedBody(input.diagnostic);
+  }
   const verb = input.isHang ? "stalled" : "failed";
   const cause = input.diagnostic.lastProviderError ? ` \u2014 likely cause: \`${input.diagnostic.lastProviderError}\`` : "";
   const headline = `**${input.diagnostic.label} ${verb}**${cause}`;
@@ -147968,6 +148255,97 @@ function pickFence(content) {
   }
   return "`".repeat(Math.max(3, max + 1));
 }
+function extractBillingUrl(lines) {
+  const urlPattern = /https:\/\/(?:opencode\.ai\/[^\s"]*billing[^\s"]*|console\.anthropic\.com[^\s"]*|console\.cloud\.google\.com[^\s"]*billing[^\s"]*)/i;
+  for (let i = lines.length - 1; i >= 0; i--) {
+    const m = urlPattern.exec(lines[i] ?? "");
+    if (m) return m[0];
+  }
+  return void 0;
+}
+function formatBillingExhaustedBody(diagnostic) {
+  const headline = `**${diagnostic.label} stopped** \u2014 your model provider returned a billing-exhausted response.`;
+  const billingUrl = extractBillingUrl(diagnostic.recentStderr);
+  const cta = billingUrl ? `Top up your provider balance, then re-run: [${billingUrl}](${billingUrl})` : "Top up your model-provider balance (or rotate to a key with remaining credits) and re-run.";
+  const explanation = "The agent kept retrying the request because the provider marked the failure as transient. Pullfrog's activity-timeout watchdog ended the run after no further events were emitted.";
+  const parts = [headline, "", explanation, "", cta];
+  const tail = renderStderrTail(diagnostic.recentStderr);
+  if (tail) {
+    const fence = pickFence(tail);
+    parts.push(
+      "",
+      "<details><summary>Recent agent stderr</summary>",
+      "",
+      fence,
+      tail,
+      fence,
+      "",
+      "</details>"
+    );
+  }
+  return parts.join("\n");
+}
+
+// utils/codexHome.ts
+import { mkdirSync as mkdirSync5, writeFileSync as writeFileSync8 } from "node:fs";
+import { homedir } from "node:os";
+import { join as join11 } from "node:path";
+var CODEX_AUTH_ENV = "CODEX_AUTH_JSON";
+function installCodexAuth() {
+  const raw2 = process.env[CODEX_AUTH_ENV];
+  if (!raw2) return null;
+  const blob = parseCodexBlob(raw2);
+  if (!blob) {
+    log.warning(`\xBB ${CODEX_AUTH_ENV} present but malformed; ignoring`);
+    return null;
+  }
+  const xdgDataHome = join11(homedir(), ".local", "share");
+  const opencodeDir = join11(xdgDataHome, "opencode");
+  const authPath = join11(opencodeDir, "auth.json");
+  const opencodeAuth = {
+    openai: {
+      type: "oauth",
+      refresh: blob.tokens.refresh_token,
+      access: blob.tokens.access_token,
+      // expires: 0 forces OpenCode's CodexAuthPlugin to refresh on first
+      // request (it checks `expires < Date.now()`). safest default — we
+      // don't carry an `expires_in` from the Codex blob.
+      expires: 0,
+      ...blob.tokens.account_id ? { accountId: blob.tokens.account_id } : {}
+    }
+  };
+  mkdirSync5(opencodeDir, { recursive: true });
+  writeFileSync8(authPath, `${JSON.stringify(opencodeAuth, null, 2)}
+`, { mode: 384 });
+  log.info(`\xBB installed Codex auth at ${authPath}`);
+  return { authPath, xdgDataHome, originalRefresh: blob.tokens.refresh_token };
+}
+function parseCodexBlob(raw2) {
+  let parsed2;
+  try {
+    parsed2 = JSON.parse(raw2);
+  } catch {
+    return null;
+  }
+  if (!parsed2 || typeof parsed2 !== "object") return null;
+  const v = parsed2;
+  if (v.auth_mode !== "chatgpt") return null;
+  const tokens = v.tokens;
+  if (!tokens || typeof tokens !== "object") return null;
+  const t = tokens;
+  if (typeof t.access_token !== "string" || t.access_token.length === 0) return null;
+  if (typeof t.refresh_token !== "string" || t.refresh_token.length === 0) return null;
+  return {
+    auth_mode: "chatgpt",
+    tokens: {
+      access_token: t.access_token,
+      refresh_token: t.refresh_token,
+      ...typeof t.id_token === "string" ? { id_token: t.id_token } : {},
+      ...typeof t.account_id === "string" ? { account_id: t.account_id } : {}
+    },
+    ...typeof v.last_refresh === "string" ? { last_refresh: v.last_refresh } : {}
+  };
+}
 
 // agents/opencodePlugin.ts
 var PULLFROG_BUS_EVENT_TYPE = "pullfrog_bus_event";
@@ -148050,6 +148428,9 @@ export default async function pullfrogEventsPlugin() {
 }
 `;
 
+// agents/opencodeShared.ts
+import { execFileSync as execFileSync4 } from "node:child_process";
+
 // agents/subagentModels.ts
 function deriveSubagentModels(orchestratorSpec) {
   if (!orchestratorSpec) return { reviewer: void 0 };
@@ -148066,68 +148447,14 @@ function deriveSubagentModels(orchestratorSpec) {
   return { reviewer: void 0 };
 }
 
-// agents/opencode.ts
-async function installOpencodeCli() {
-  return await installFromNpmTarball({
-    packageName: "opencode-ai",
-    version: getDevDependencyVersion("opencode-ai"),
-    executablePath: "bin/opencode",
-    installDependencies: true
-  });
-}
-var GEMINI_3_DIRECT_THINKING_LEVEL = "medium";
-var GEMINI_3_DIRECT_API_IDS = ["gemini-3.1-pro-preview", "gemini-3-flash-preview"];
-function buildSecurityConfig(ctx, model) {
-  const config3 = {
-    permission: {
-      bash: "deny",
-      edit: "allow",
-      read: "allow",
-      webfetch: "allow",
-      external_directory: "allow",
-      skill: "allow"
-    },
-    mcp: {
-      [pullfrogMcpName]: { type: "remote", url: ctx.mcpServerUrl }
-    },
-    agent: (() => {
-      const cfg = buildReviewerAgentConfig(model);
-      const reviewerModel = cfg[REVIEWER_AGENT_NAME]?.model ?? "(inherit)";
-      log.info(`\xBB subagent models: reviewfrog=${reviewerModel}`);
-      return cfg;
-    })(),
-    // opt into opencode's experimental `batch` tool (added in
-    // anomalyco/opencode PR #2983, opt-in via `experimental.batch_tool`). it
-    // exposes a single `batch` tool that runs 1-25 independent tool calls
-    // (read/grep/glob/bash/etc.) concurrently in one assistant turn, which
-    // collapses the dominant grep→20×read pattern into a single round trip.
-    // edits are explicitly disallowed inside the batch upstream. paired with
-    // the "Parallel tool execution" guidance in utils/instructions.ts so the
-    // model actually reaches for it. see wiki/prompt.md.
-    experimental: { batch_tool: true },
-    provider: {
-      google: {
-        models: Object.fromEntries(
-          GEMINI_3_DIRECT_API_IDS.map((id) => [
-            id,
-            {
-              options: {
-                thinkingConfig: { thinkingLevel: GEMINI_3_DIRECT_THINKING_LEVEL }
-              }
-            }
-          ])
-        )
-      }
-    }
-  };
-  if (model) {
-    config3.model = model;
-    const slashIndex = model.indexOf("/");
-    if (slashIndex > 0) {
-      config3.enabled_providers = [model.slice(0, slashIndex).toLowerCase()];
-    }
-  }
-  return JSON.stringify(config3);
+// agents/opencodeShared.ts
+function geminiHighThinkingOverrides() {
+  return Object.fromEntries(
+    modelAliases.filter((a) => a.provider === "google").map((a) => [
+      a.resolve.replace(/^google\//, ""),
+      { options: { thinkingConfig: { thinkingLevel: "high" } } }
+    ])
+  );
 }
 function buildReviewerAgentConfig(orchestratorModel) {
   const overrides = deriveSubagentModels(orchestratorModel);
@@ -148140,6 +148467,15 @@ function buildReviewerAgentConfig(orchestratorModel) {
     }
   };
 }
+async function installOpencodeCli(params) {
+  return await installFromNpmTarball({
+    packageName: "opencode-ai",
+    version: getDevDependencyVersion("opencode-ai"),
+    executablePath: params.binPath,
+    installDependencies: true
+  });
+}
+var AUTO_SELECT_WARNING = "select a model explicitly in the Pullfrog console (https://pullfrog.com/console) to avoid this.";
 function getOpenCodeModels(cliPath) {
   try {
     const output = execFileSync4(cliPath, ["models"], {
@@ -148155,7 +148491,6 @@ function getOpenCodeModels(cliPath) {
     return [];
   }
 }
-var AUTO_SELECT_WARNING = "select a model explicitly in the Pullfrog console (https://pullfrog.com/console) to avoid this.";
 function autoSelectModel(cliPath) {
   const availableModels = getOpenCodeModels(cliPath);
   const availableSet = new Set(availableModels);
@@ -148176,6 +148511,58 @@ function autoSelectModel(cliPath) {
   log.warning(`\xBB no model resolved. letting OpenCode auto-select. ${AUTO_SELECT_WARNING}`);
   return void 0;
 }
+
+// agents/opencode_v2.ts
+var installCli = () => installOpencodeCli({ binPath: "bin/opencode.exe" });
+function buildSecurityConfig(ctx, model) {
+  const config3 = {
+    permission: {
+      bash: "deny",
+      edit: "allow",
+      read: "allow",
+      webfetch: "allow",
+      external_directory: "allow",
+      skill: "allow"
+    },
+    mcp: {
+      [pullfrogMcpName]: { type: "remote", url: ctx.mcpServerUrl }
+    },
+    agent: (() => {
+      const cfg = buildReviewerAgentConfig(model);
+      const reviewerModel = cfg[REVIEWER_AGENT_NAME]?.model ?? "(inherit)";
+      log.info(`\xBB subagent models: reviewfrog=${reviewerModel}`);
+      return cfg;
+    })(),
+    // NB: `experimental.batch_tool: true` was opt-in at v1.4.x but is
+    // declared-but-inert at v1.15.0 — the schema accepts it (`config/config.ts`)
+    // and the SDK exposes the type, but no runtime call site reads it. removed
+    // here to avoid carrying dead config; re-add when upstream wires the batch
+    // tool back. see wiki/prompt.md and the v2 plan doc for the audit trail.
+    //
+    // gemini-3 thinking pinned to high for review depth; gpt and anthropic
+    // effort set elsewhere (gpt: upstream default, anthropic: --effort flag in claude.ts).
+    provider: { google: { models: geminiHighThinkingOverrides() } }
+  };
+  if (model) {
+    config3.model = model;
+    const slashIndex = model.indexOf("/");
+    if (slashIndex > 0) {
+      config3.enabled_providers = [model.slice(0, slashIndex).toLowerCase()];
+    }
+  }
+  return JSON.stringify(config3);
+}
+function formatPartDuration(time4) {
+  if (!time4 || typeof time4.start !== "number" || typeof time4.end !== "number") return "";
+  if (time4.end <= time4.start) return "";
+  return ` (${((time4.end - time4.start) / 1e3).toFixed(1)}s)`;
+}
+function terminalPayload(state) {
+  if (!state) return void 0;
+  if (state.status === "completed") return state.output;
+  if (state.status === "error") return state.error;
+  return void 0;
+}
 async function runOpenCode(params) {
   const startTime = performance7.now();
   let eventCount = 0;
@@ -148184,9 +148571,10 @@ async function runOpenCode(params) {
   let accumulatedCostUsd = 0;
   let tokensLogged = false;
   const toolCallTimings = /* @__PURE__ */ new Map();
-  let currentStepId = null;
-  let currentStepType = null;
-  let stepHistory = [];
+  let lastEventAt = performance7.now();
+  const recentStderr = [];
+  let lastProviderError = null;
+  let agentErrorEvent = null;
   const labeler = new SessionLabeler();
   function eventLabel(event) {
     const sid = event.sessionID ?? event.session_id;
@@ -148195,30 +148583,15 @@ async function runOpenCode(params) {
   function withLabel(label, message) {
     return label === ORCHESTRATOR_LABEL ? message : formatWithLabel(label, message);
   }
-  const thinkingTimers = /* @__PURE__ */ new Map();
-  function timerFor(label) {
-    let t = thinkingTimers.get(label);
-    if (!t) {
-      const formatLine = (line) => label === ORCHESTRATOR_LABEL ? line : formatWithLabel(label, line);
-      t = new ThinkingTimer(formatLine);
-      thinkingTimers.set(label, t);
-    }
-    return t;
-  }
   const taskDispatchByCallID = /* @__PURE__ */ new Map();
-  const pendingTaskDispatches = [];
-  const knownNonTaskCallIDs = /* @__PURE__ */ new Set();
-  function emitSubagentFinished(dispatch, status, output2, matchKind) {
+  function emitSubagentFinished(dispatch, status, output2) {
     const subagentDuration = performance7.now() - dispatch.startedAt;
     const outputStr = typeof output2 === "string" ? output2 : "";
     const outputPreview = outputStr.length > 120 ? `${outputStr.slice(0, 120)}\u2026` : outputStr;
-    const matchSuffix = matchKind === "fifo" ? " [fifo-matched]" : "";
     log.info(
-      `\xBB subagent finished: ${dispatch.label} (${(subagentDuration / 1e3).toFixed(1)}s, status=${status})${matchSuffix}` + (outputPreview ? ` \u2014 ${outputPreview.replace(/\n/g, " ")}` : "")
+      `\xBB subagent finished: ${dispatch.label} (${(subagentDuration / 1e3).toFixed(1)}s, status=${status})` + (outputPreview ? ` \u2014 ${outputPreview.replace(/\n/g, " ")}` : "")
     );
     taskDispatchByCallID.delete(dispatch.toolUseCallID);
-    const idx = pendingTaskDispatches.indexOf(dispatch);
-    if (idx >= 0) pendingTaskDispatches.splice(idx, 1);
   }
   function buildUsage() {
     const totalInput = accumulatedTokens.input + accumulatedTokens.cacheRead + accumulatedTokens.cacheWrite;
@@ -148232,55 +148605,6 @@ async function runOpenCode(params) {
     } : void 0;
   }
   const handlers2 = {
-    init: (event) => {
-      const label = labeler.labelFor(event.session_id ?? null);
-      log.debug(
-        withLabel(
-          label,
-          `\xBB ${params.label} init: session_id=${event.session_id || "unknown"}, model=${event.model || "unknown"}`
-        )
-      );
-      log.debug(withLabel(label, `\xBB ${params.label} init event (full): ${JSON.stringify(event)}`));
-      if (label === ORCHESTRATOR_LABEL) {
-        finalOutput = "";
-        accumulatedTokens = { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 };
-        accumulatedCostUsd = 0;
-        tokensLogged = false;
-      } else {
-        log.info(`\xBB ${params.label} subagent init: ${label} (session ${event.session_id || "?"})`);
-      }
-    },
-    message: (event) => {
-      const label = eventLabel(event);
-      if (event.role === "assistant" && event.content?.trim()) {
-        const message = event.content.trim();
-        if (event.delta) {
-          log.debug(
-            withLabel(
-              label,
-              `\xBB ${params.label} thinking: ${message.substring(0, 300)}${message.length > 300 ? "..." : ""}`
-            )
-          );
-        } else {
-          log.debug(
-            withLabel(
-              label,
-              `\xBB ${params.label} message (${event.role}): ${message.substring(0, 100)}${message.length > 100 ? "..." : ""}`
-            )
-          );
-          if (label === ORCHESTRATOR_LABEL) {
-            finalOutput = message;
-          }
-        }
-      } else if (event.role === "user") {
-        log.debug(
-          withLabel(
-            label,
-            `\xBB ${params.label} message (${event.role}): ${event.content?.substring(0, 100) || ""}${event.content && event.content.length > 100 ? "..." : ""}`
-          )
-        );
-      }
-    },
     text: (event) => {
       if (event.part?.text?.trim()) {
         const message = event.part.text.trim();
@@ -148292,119 +148616,90 @@ async function runOpenCode(params) {
         }
       }
     },
-    step_start: (event) => {
-      const stepType = event.part?.type || "unknown";
-      const stepId = event.part?.id || "unknown";
-      currentStepId = stepId;
-      currentStepType = stepType;
-      stepHistory.push({ stepId, stepType, toolCalls: [] });
+    /**
+     * Reasoning blocks (only emitted when `--thinking` is set in baseArgs).
+     * `part.time.{start,end}` give us a precise duration from opencode
+     * itself. Not folded into `finalOutput` — that's the final answer,
+     * not inner monologue.
+     */
+    reasoning: (event) => {
+      const text = event.part?.text?.trim();
+      if (!text) return;
+      const label = eventLabel(event);
+      const durationStr = formatPartDuration(event.part?.time);
+      const preview = text.length > 280 ? `${text.slice(0, 280)}\u2026` : text;
+      log.info(withLabel(label, `\xBB thinking${durationStr}: ${preview.replace(/\n+/g, " ")}`));
+      if (text.length > 280) {
+        log.debug(withLabel(label, `\xBB thinking (full): ${text}`));
+      }
+    },
+    // step_start carries no information we surface today (token / cost are
+    // reported on step_finish). explicit no-op so the dispatcher doesn't
+    // log "unhandled event" for every step.
+    step_start: () => {
     },
-    step_finish: async (event) => {
-      const stepId = event.part?.id || "unknown";
-      const eventTokens = event.part?.tokens;
-      if (eventTokens) {
-        accumulatedTokens.input += eventTokens.input || 0;
-        accumulatedTokens.output += eventTokens.output || 0;
-        accumulatedTokens.cacheRead += eventTokens.cache?.read || 0;
-        accumulatedTokens.cacheWrite += eventTokens.cache?.write || 0;
+    step_finish: (event) => {
+      const t = event.part?.tokens;
+      if (t) {
+        accumulatedTokens.input += t.input || 0;
+        accumulatedTokens.output += t.output || 0;
+        accumulatedTokens.cacheRead += t.cache?.read || 0;
+        accumulatedTokens.cacheWrite += t.cache?.write || 0;
       }
       if (typeof event.part?.cost === "number" && Number.isFinite(event.part.cost)) {
         accumulatedCostUsd += event.part.cost;
       }
-      if (currentStepId === stepId) {
-        currentStepId = null;
-        currentStepType = null;
-      }
     },
+    /**
+     * Tool lifecycle event — at v1.15 a single event covers both completed
+     * and error terminal states (read `part.state.status`). Subagent tool
+     * parts arrive here via the bus-envelope re-emit too.
+     */
     tool_use: (event) => {
       const toolName = event.part?.tool;
       const toolId = event.part?.callID;
+      const state = event.part?.state;
       if (!toolName || !toolId) {
         log.info(
           `\xBB tool_use event missing toolName or toolId: ${JSON.stringify(event).substring(0, 500)}`
         );
         return;
       }
-      if (toolName === "task") {
-        if (!taskDispatchByCallID.has(toolId)) {
-          const taskInput = event.part?.state?.input ?? {};
-          const dispatchedLabel = labeler.recordTaskDispatch(taskInput);
-          const dispatch = {
-            label: dispatchedLabel,
-            startedAt: performance7.now(),
-            toolUseCallID: toolId
-          };
-          taskDispatchByCallID.set(toolId, dispatch);
-          pendingTaskDispatches.push(dispatch);
-          log.info(
-            `\xBB dispatching subagent: ${dispatchedLabel}` + (taskInput.subagent_type ? ` (subagent_type=${taskInput.subagent_type})` : "")
-          );
-        }
-      } else {
-        knownNonTaskCallIDs.add(toolId);
-      }
+      const status = state?.status;
+      const isTerminal2 = status === "completed" || status === "error";
       const label = eventLabel(event);
-      if (stepHistory.length > 0) {
-        stepHistory[stepHistory.length - 1].toolCalls.push(toolName);
-      }
-      if (params.onToolUse) {
-        params.onToolUse({
-          toolName,
-          input: event.part?.state?.input
+      if (toolName === "task" && !taskDispatchByCallID.has(toolId)) {
+        const taskInput = state?.input ?? {};
+        const dispatchedLabel = labeler.recordTaskDispatch(taskInput);
+        taskDispatchByCallID.set(toolId, {
+          label: dispatchedLabel,
+          startedAt: performance7.now(),
+          toolUseCallID: toolId
         });
+        log.info(
+          `\xBB dispatching subagent: ${dispatchedLabel}` + (taskInput.subagent_type ? ` (subagent_type=${taskInput.subagent_type})` : "")
+        );
       }
-      timerFor(label).markToolCall();
-      const inputFormatted = formatJsonValue(event.part?.state?.input || {});
-      const toolCallLine = inputFormatted !== "{}" ? `\xBB ${toolName}(${inputFormatted})` : `\xBB ${toolName}()`;
-      log.info(withLabel(label, toolCallLine));
-      if (event.part?.state?.status === "completed" && event.part.state.output) {
-        log.debug(withLabel(label, `  output: ${event.part.state.output}`));
-      }
-      if (event.part?.state?.status === "error") {
-        log.info(withLabel(label, `\xBB tool call failed: ${event.part.state.error}`));
-      }
-      if (toolName.includes("report_progress") && params.todoTracker) {
-        log.debug("\xBB report_progress detected, disabling todo tracking");
-        params.todoTracker.cancel();
+      params.onToolUse?.({ toolName, input: state?.input });
+      if (!toolCallTimings.has(toolId)) {
+        toolCallTimings.set(toolId, performance7.now());
       }
-      if (toolName === "todowrite" && params.todoTracker?.enabled) {
-        params.todoTracker.update(event.part?.state?.input);
+      const inputFormatted = formatJsonValue(state?.input || {});
+      const callLine = inputFormatted !== "{}" ? `\xBB ${toolName}(${inputFormatted})` : `\xBB ${toolName}()`;
+      log.info(withLabel(label, callLine));
+      if (state?.status === "completed") {
+        log.debug(withLabel(label, `  output: ${state.output}`));
       }
-    },
-    tool_result: (event) => {
-      const toolId = event.part?.callID || event.tool_id;
-      const state = event.part?.state;
-      const status = state?.status ?? event.status ?? "unknown";
-      const payload = state?.status === "completed" ? state.output : state?.status === "error" ? state.error : event.output;
-      const label = eventLabel(event);
-      timerFor(label).markToolResult();
-      if (taskDispatchByCallID.size > 0 || pendingTaskDispatches.length > 0) {
-        if (toolId && taskDispatchByCallID.has(toolId)) {
-          const dispatch = taskDispatchByCallID.get(toolId);
-          if (dispatch) emitSubagentFinished(dispatch, status, payload, "exact");
-        } else {
-          const callIDIsKnownNonTask = toolId ? knownNonTaskCallIDs.has(toolId) : false;
-          if (!callIDIsKnownNonTask && pendingTaskDispatches.length > 0) {
-            const dispatch = pendingTaskDispatches[0];
-            emitSubagentFinished(dispatch, status, payload, "fifo");
-          }
-        }
+      if (state?.status === "error") {
+        log.info(withLabel(label, `\xBB tool call failed: ${state.error}`));
       }
-      if (toolId) {
+      if (isTerminal2) {
+        const dispatch = toolName === "task" ? taskDispatchByCallID.get(toolId) : void 0;
+        if (dispatch) emitSubagentFinished(dispatch, status, terminalPayload(state));
         const toolStartTime = toolCallTimings.get(toolId);
-        if (toolStartTime) {
+        if (toolStartTime !== void 0) {
           const toolDuration = performance7.now() - toolStartTime;
           toolCallTimings.delete(toolId);
-          const stepContext = currentStepId ? ` (step=${currentStepType || "unknown"})` : "";
-          log.debug(
-            withLabel(
-              label,
-              `\xBB ${params.label} tool_result${stepContext}: id=${toolId}, status=${status}, duration=${Math.round(toolDuration)}ms`
-            )
-          );
-          if (payload) {
-            log.debug(withLabel(label, `  output: ${payload}`));
-          }
           if (toolDuration > 5e3) {
             log.info(
               withLabel(
@@ -148415,10 +148710,12 @@ async function runOpenCode(params) {
           }
         }
       }
-      if (status === "error") {
-        log.info(withLabel(label, `\xBB tool call failed: ${payload ?? "(no error message)"}`));
-      } else if (payload) {
-        log.debug(withLabel(label, `tool output: ${payload}`));
+      if (toolName.includes("report_progress") && params.todoTracker) {
+        log.debug("\xBB report_progress detected, disabling todo tracking");
+        params.todoTracker.cancel();
+      }
+      if (toolName === "todowrite" && params.todoTracker?.enabled && isTerminal2) {
+        params.todoTracker.update(state?.input);
       }
     },
     error: (event) => {
@@ -148427,23 +148724,18 @@ async function runOpenCode(params) {
       const errorMessage = event.error?.data?.message || event.error?.name || JSON.stringify(event);
       log.info(`\xBB ${params.label} error event: ${errorName}: ${errorMessage}`);
     },
-    result: async (event) => {
-      const status = event.status || "unknown";
-      const duration4 = event.stats?.duration_ms || 0;
-      const toolCalls = event.stats?.tool_calls || 0;
-      log.info(
-        `\xBB ${params.label} result: status=${status}, duration=${duration4}ms, tool_calls=${toolCalls}`
-      );
-      if (event.status === "error") {
-        log.info(`\xBB ${params.label} failed: ${JSON.stringify(event)}`);
-      } else {
-        log.info(`\xBB run complete: tool_calls=${toolCalls}, duration=${duration4}ms`);
-        if ((accumulatedTokens.input > 0 || accumulatedTokens.output > 0 || accumulatedTokens.cacheRead > 0 || accumulatedTokens.cacheWrite > 0) && !tokensLogged) {
-          logTokenTable({ ...accumulatedTokens, costUsd: accumulatedCostUsd });
-          tokensLogged = true;
-        }
-      }
-    },
+    /**
+     * Bus envelope (re-emitted by `opencodePlugin.ts`). Synthesizes a
+     * CLI-style event for each part type and routes it through the
+     * orchestrator's handlers — same labeling / attribution / logging path.
+     * Mirrors the dispatch in upstream's `cli/cmd/run.ts` `loop()`.
+     *
+     * NOT routed: subagent `step-start` / `step-finish`. step_finish carries
+     * `tokens` and `cost` that the orchestrator's handler folds into run-wide
+     * accumulators — double-counting subagent tokens would inflate usage
+     * telemetry. text/tool_use already gate on ORCHESTRATOR_LABEL inside their
+     * handlers for the same reason.
+     */
     [PULLFROG_BUS_EVENT_TYPE]: async (event) => {
       const busEvent = event.bus_event;
       if (!busEvent || busEvent.type !== "message.part.updated") return;
@@ -148453,20 +148745,15 @@ async function runOpenCode(params) {
       const partType = part.type;
       if (partType === "tool") {
         const status = part.state?.status;
-        const partWithToolFields = part;
-        const isOrchestratorTaskDispatch = partWithToolFields.tool === "task" && status === "running";
-        if (isOrchestratorTaskDispatch) {
-          const callID = partWithToolFields.callID;
-          if (typeof callID === "string" && !taskDispatchByCallID.has(callID)) {
-            const taskInput = partWithToolFields.state?.input ?? {};
+        if (part.tool === "task" && status === "running" && part.callID) {
+          if (!taskDispatchByCallID.has(part.callID)) {
+            const taskInput = part.state?.input ?? {};
             const dispatchedLabel = labeler.recordTaskDispatch(taskInput);
-            const dispatch = {
+            taskDispatchByCallID.set(part.callID, {
               label: dispatchedLabel,
               startedAt: performance7.now(),
-              toolUseCallID: callID
-            };
-            taskDispatchByCallID.set(callID, dispatch);
-            pendingTaskDispatches.push(dispatch);
+              toolUseCallID: part.callID
+            });
             log.info(
               `\xBB dispatching subagent: ${dispatchedLabel}` + (taskInput.subagent_type ? ` (subagent_type=${taskInput.subagent_type})` : "")
             );
@@ -148474,27 +148761,19 @@ async function runOpenCode(params) {
           return;
         }
         if (status !== "completed" && status !== "error") return;
-        await handlers2.tool_use({
-          type: "tool_use",
-          sessionID,
-          part
-        });
+        await handlers2.tool_use({ type: "tool_use", sessionID, part });
         return;
       }
       if (partType === "step-start" || partType === "step-finish") return;
       if (partType === "text" && part.time?.end !== void 0) {
-        await handlers2.text({
-          type: "text",
-          sessionID,
-          part
-        });
+        handlers2.text({ type: "text", sessionID, part });
         return;
       }
+      if (partType === "reasoning" && part.time?.end !== void 0) {
+        handlers2.reasoning({ type: "reasoning", sessionID, part });
+      }
     }
   };
-  const recentStderr = [];
-  let lastProviderError = null;
-  let agentErrorEvent = null;
   const diagnostic = {
     label: params.label,
     recentStderr,
@@ -148552,15 +148831,15 @@ async function runOpenCode(params) {
           eventCount++;
           diagnostic.eventCount = eventCount;
           log.debug(JSON.stringify(event, null, 2));
-          const timeSinceLastActivity = getIdleMs();
-          if (timeSinceLastActivity > 1e4) {
+          const idleMs = performance7.now() - lastEventAt;
+          if (idleMs > 1e4) {
             const activeToolCalls = toolCallTimings.size;
             const toolCallInfo = activeToolCalls > 0 ? ` (waiting for ${activeToolCalls} tool call${activeToolCalls > 1 ? "s" : ""})` : ` (${params.label} may be processing internally - LLM calls, planning, etc.)`;
             log.info(
-              `\xBB no activity for ${(timeSinceLastActivity / 1e3).toFixed(1)}s${toolCallInfo} (${eventCount} events processed so far)`
+              `\xBB no activity for ${(idleMs / 1e3).toFixed(1)}s${toolCallInfo} (${eventCount} events processed so far)`
             );
           }
-          markActivity();
+          lastEventAt = performance7.now();
           const handler2 = handlers2[event.type];
           if (!handler2) {
             log.info(
@@ -148597,14 +148876,13 @@ async function runOpenCode(params) {
     } else {
       params.todoTracker?.cancel();
     }
-    if (pendingTaskDispatches.length > 0) {
-      for (const dispatch of [...pendingTaskDispatches]) {
+    if (taskDispatchByCallID.size > 0) {
+      for (const dispatch of taskDispatchByCallID.values()) {
         const elapsed = performance7.now() - dispatch.startedAt;
         log.info(
-          `\xBB subagent finished (inferred at run-end): ${dispatch.label} (\u2264${(elapsed / 1e3).toFixed(1)}s) \u2014 no matching tool_result observed; subagent reply likely arrived via assistant message`
+          `\xBB subagent finished (inferred at run-end): ${dispatch.label} (\u2264${(elapsed / 1e3).toFixed(1)}s) \u2014 no terminal tool_use observed; reply likely arrived via assistant message`
         );
       }
-      pendingTaskDispatches.length = 0;
       taskDispatchByCallID.clear();
     }
     const duration4 = performance7.now() - startTime;
@@ -148687,22 +148965,22 @@ ${stderrContext}`
 }
 var opencode = agent({
   name: "opencode",
-  install: installOpencodeCli,
+  install: installCli,
   run: async (ctx) => {
-    const cliPath = await installOpencodeCli();
+    const cliPath = await installCli();
     const rawModel = ctx.payload.proxyModel ?? ctx.resolvedModel ?? autoSelectModel(cliPath);
     const bedrockModelId = process.env[BEDROCK_MODEL_ID_ENV]?.trim();
     const isBedrockRoute = rawModel !== void 0 && bedrockModelId !== void 0 && bedrockModelId === rawModel;
     const model = isBedrockRoute ? `amazon-bedrock/${rawModel}` : rawModel;
     const homeEnv = {
       HOME: ctx.tmpdir,
-      XDG_CONFIG_HOME: join11(ctx.tmpdir, ".config")
+      XDG_CONFIG_HOME: join12(ctx.tmpdir, ".config")
     };
-    mkdirSync5(join11(homeEnv.XDG_CONFIG_HOME, "opencode"), { recursive: true });
-    const opencodePluginDir = join11(homeEnv.XDG_CONFIG_HOME, "opencode", "plugin");
-    mkdirSync5(opencodePluginDir, { recursive: true });
-    writeFileSync8(
-      join11(opencodePluginDir, PULLFROG_OPENCODE_PLUGIN_FILENAME),
+    mkdirSync6(join12(homeEnv.XDG_CONFIG_HOME, "opencode"), { recursive: true });
+    const opencodePluginDir = join12(homeEnv.XDG_CONFIG_HOME, "opencode", "plugin");
+    mkdirSync6(opencodePluginDir, { recursive: true });
+    writeFileSync9(
+      join12(opencodePluginDir, PULLFROG_OPENCODE_PLUGIN_FILENAME),
       PULLFROG_OPENCODE_PLUGIN_SOURCE
     );
     const agentBrowserVersion = getDevDependencyVersion("agent-browser");
@@ -148713,18 +148991,32 @@ var opencode = agent({
       agent: "opencode"
     });
     installBundledSkills({ home: homeEnv.HOME });
-    const baseArgs = ["run", "--format", "json", "--print-logs"];
+    const codexAuth = installCodexAuth();
+    const baseArgs = ["run", "--format", "json", "--print-logs", "--thinking"];
     const permissionOverride = JSON.stringify({
       external_directory: { "*": "deny", "/tmp/*": "allow" }
     });
+    const repoDir = process.cwd();
     const env2 = {
       ...process.env,
       ...homeEnv,
+      PWD: repoDir,
       OPENCODE_CONFIG_CONTENT: buildSecurityConfig(ctx, model),
       OPENCODE_PERMISSION: permissionOverride,
       GOOGLE_GENERATIVE_AI_API_KEY: process.env.GOOGLE_GENERATIVE_AI_API_KEY || process.env.GEMINI_API_KEY
     };
-    const repoDir = process.cwd();
+    if (codexAuth) {
+      env2.XDG_DATA_HOME = codexAuth.xdgDataHome;
+      delete env2.OPENAI_API_KEY;
+      core2.saveState(
+        "codex_writeback",
+        JSON.stringify({
+          apiToken: ctx.apiToken,
+          authPath: codexAuth.authPath,
+          originalRefresh: codexAuth.originalRefresh
+        })
+      );
+    }
     log.debug(`\xBB starting Pullfrog (OpenCode): ${cliPath} ${baseArgs.join(" ")}`);
     log.debug(`\xBB working directory: ${repoDir}`);
     const runParams = {
@@ -148745,7 +149037,7 @@ var opencode = agent({
       ctx,
       initialResult: result,
       initialUsage: result.usage,
-      reflectionPrompt: ctx.toolState.learningsFilePath ? buildLearningsReflectionPrompt(ctx.toolState.learningsFilePath) : void 0,
+      reflectionPrompt: ctx.toolState.learningsFilePath && shouldRunReflection(ctx.toolState.selectedMode) ? buildLearningsReflectionPrompt(ctx.toolState.learningsFilePath) : void 0,
       resume: async (c) => runOpenCode({
         ...runParams,
         args: [...baseArgs, "--continue", c.prompt]
@@ -148819,7 +149111,9 @@ function resolveAgent(ctx) {
 }
 
 // utils/apiKeys.ts
-var knownApiKeys = new Set(Object.values(providers).flatMap((p) => [...p.envVars]));
+var knownApiKeys = new Set(
+  Object.values(providers).flatMap((p) => [...p.envVars, ...p.managedCredentials ?? []])
+);
 var MISSING_KEY_MARKER = "no API key found";
 function buildMissingApiKeyError(params) {
   const githubSecretsUrl = `https://github.com/${params.owner}/${params.name}/settings/secrets/actions`;
@@ -148848,6 +149142,11 @@ function hasEnvVar2(name) {
   const value2 = process.env[name];
   return typeof value2 === "string" && value2.length > 0;
 }
+function hasProviderKey(model) {
+  const requiredVars = getModelEnvVars(model);
+  if (requiredVars.length === 0) return true;
+  return requiredVars.some((v) => hasEnvVar2(v));
+}
 function validateBedrockSetup(params) {
   const hasAuth = hasEnvVar2("AWS_BEARER_TOKEN_BEDROCK") || hasEnvVar2("AWS_ACCESS_KEY_ID") && hasEnvVar2("AWS_SECRET_ACCESS_KEY");
   const missing = [];
@@ -148882,7 +149181,7 @@ function validateAgentApiKey(params) {
 }
 function isApiKeyAuthError(text) {
   if (!text) return false;
-  return text.includes(MISSING_KEY_MARKER) || /Invalid API key/i.test(text) || /\bUser not found\b/i.test(text) || /\bInvalid authentication\b/i.test(text);
+  return text.includes(MISSING_KEY_MARKER) || /Invalid API key/i.test(text) || /\bUser not found\b/i.test(text) || /\bInvalid authentication\b/i.test(text) || /authentication_error/i.test(text) || /Invalid bearer token/i.test(text) || /api_error_status\s*=\s*401/i.test(text) || /API Error:\s*401/i.test(text);
 }
 function formatApiKeyErrorSummary(params) {
   if (params.raw.includes(MISSING_KEY_MARKER)) {
@@ -148994,11 +149293,137 @@ async function fetchBodyHtml(ctx) {
   }
 }
 
+// utils/byokFallback.ts
+var FREE_FALLBACK_SLUG = "opencode/minimax-m2.5-free";
+function selectFallbackModelIfNeeded(input) {
+  if (input.proxyModel) return { fallback: false };
+  if (!input.resolvedModel) return { fallback: false };
+  if (input.resolvedModel === FREE_FALLBACK_SLUG) return { fallback: false };
+  if (!input.resolvedModel.includes("/")) return { fallback: false };
+  if (hasProviderKey(input.resolvedModel)) return { fallback: false };
+  return {
+    fallback: true,
+    from: input.resolvedModel,
+    to: FREE_FALLBACK_SLUG
+  };
+}
+
+// utils/gitAuthServer.ts
+import { randomUUID as randomUUID3 } from "node:crypto";
+import { writeFileSync as writeFileSync10 } from "node:fs";
+import { createServer as createServer2 } from "node:http";
+import { join as join13 } from "node:path";
+var CODE_TTL_MS = 5 * 60 * 1e3;
+var TAMPER_WINDOW_MS = 6e4;
+function revokeGitHubToken(token) {
+  fetch("https://api.github.com/installation/token", {
+    method: "DELETE",
+    headers: {
+      Authorization: `Bearer ${token}`,
+      Accept: "application/vnd.github+json",
+      "User-Agent": "pullfrog"
+    }
+  }).then(
+    (r) => log.info(`token revocation response: ${r.status}`),
+    () => log.warning("token revocation request failed")
+  );
+}
+async function startGitAuthServer(tmpdir3) {
+  const codes = /* @__PURE__ */ new Map();
+  const server = createServer2((req, res) => {
+    if (req.method !== "GET") {
+      res.writeHead(405).end();
+      return;
+    }
+    const code = req.url?.slice(1);
+    if (!code) {
+      res.writeHead(400).end();
+      return;
+    }
+    const entry = codes.get(code);
+    if (!entry) {
+      res.writeHead(404).end();
+      return;
+    }
+    if (entry.state === "pending") {
+      entry.state = "consumed";
+      clearTimeout(entry.timeout);
+      entry.timeout = setTimeout(() => codes.delete(code), TAMPER_WINDOW_MS);
+      entry.timeout.unref();
+      res.writeHead(200, { "Content-Type": "text/plain" });
+      res.end(entry.token);
+      return;
+    }
+    log.info("askpass code used twice \u2014 revoking token");
+    revokeGitHubToken(entry.token);
+    clearTimeout(entry.timeout);
+    codes.delete(code);
+    res.writeHead(409, { "Content-Type": "text/plain" });
+    res.end("compromised");
+  });
+  await new Promise((resolve3, reject) => {
+    server.on("error", reject);
+    server.listen(0, "127.0.0.1", () => resolve3());
+  });
+  const rawAddr = server.address();
+  if (!rawAddr || typeof rawAddr === "string") {
+    throw new Error("git auth server failed to bind");
+  }
+  const port = rawAddr.port;
+  log.debug(`git auth server listening on 127.0.0.1:${port}`);
+  function register4(token) {
+    const code = randomUUID3();
+    const timeout = setTimeout(() => {
+      codes.delete(code);
+      log.debug(`git auth code expired: ${code.slice(0, 8)}...`);
+    }, CODE_TTL_MS);
+    timeout.unref();
+    codes.set(code, { token, state: "pending", timeout });
+    return code;
+  }
+  function writeAskpassScript(code) {
+    const scriptId = randomUUID3();
+    const scriptName = `askpass-${scriptId}.js`;
+    const scriptPath = join13(tmpdir3, scriptName);
+    const content = [
+      `#!/usr/bin/env node`,
+      `var a=process.argv[2]||"";`,
+      `if(/^Username/i.test(a)){process.stdout.write("x-access-token\\n")}`,
+      `else{var h=require("http");`,
+      `h.get("http://127.0.0.1:${port}/${code}",function(r){`,
+      `if(r.statusCode===409){process.stderr.write("askpass-compromised\\n");process.exit(1)}`,
+      `if(r.statusCode!==200){process.exit(1)}`,
+      `var d="";r.on("data",function(c){d+=c});`,
+      `r.on("end",function(){`,
+      `process.stdout.write(d+"\\n");`,
+      `try{require("fs").unlinkSync("${scriptPath.replace(/\\/g, "\\\\")}")}catch(e){}`,
+      `})}).on("error",function(){process.exit(1)})}`
+    ].join("\n");
+    writeFileSync10(scriptPath, content, { mode: 448 });
+    return scriptPath;
+  }
+  async function close() {
+    for (const entry of codes.values()) {
+      clearTimeout(entry.timeout);
+    }
+    codes.clear();
+    await new Promise((resolve3) => server.close(() => resolve3()));
+    log.debug("git auth server closed");
+  }
+  return {
+    port,
+    register: register4,
+    writeAskpassScript,
+    close,
+    [Symbol.asyncDispose]: close
+  };
+}
+
 // utils/github.ts
-var core2 = __toESM(require_core(), 1);
+var core3 = __toESM(require_core(), 1);
 import { createSign } from "node:crypto";
 import { rename, writeFile } from "node:fs/promises";
-import { dirname as dirname3, join as join12 } from "node:path";
+import { dirname as dirname3, join as join14 } from "node:path";
 
 // node_modules/.pnpm/@octokit+plugin-throttling@11.0.3_@octokit+core@7.0.5/node_modules/@octokit/plugin-throttling/dist-bundle/index.js
 var import_light = __toESM(require_light(), 1);
@@ -152657,7 +153082,7 @@ var TokenExchangeError = class extends Error {
   }
 };
 async function acquireTokenViaOIDC(opts) {
-  const oidcToken = await core2.getIDToken("pullfrog-api");
+  const oidcToken = await core3.getIDToken("pullfrog-api");
   const repos = [...opts?.repos ?? []];
   const targetRepo = process.env.GITHUB_REPOSITORY?.split("/")[1];
   if (targetRepo) {
@@ -152815,9 +153240,13 @@ async function acquireNewToken(opts) {
         return error49 instanceof Error && (error49.message.includes("timed out") || error49.message.includes("fetch failed") || error49.message.includes("ECONNRESET") || error49.message.includes("ETIMEDOUT"));
       }
     });
-  } else {
-    return await acquireTokenViaGitHubApp(opts);
   }
+  if (process.env.GITHUB_ACTIONS === "true") {
+    throw new Error(
+      "missing `permissions: id-token: write` on the Pullfrog workflow job.\n\nPullfrog mints short-lived GitHub App installation tokens via OIDC and\nrequires `id-token: write` to be granted at the job level. add the\nfollowing to your workflow yaml:\n\n  jobs:\n    pullfrog:\n      permissions:\n        id-token: write   # mint Pullfrog installation tokens via OIDC\n        contents: read    # for actions/checkout\n\nsee https://docs.pullfrog.com/headless-action#required-permissions for the full template."
+    );
+  }
+  return await acquireTokenViaGitHubApp(opts);
 }
 function parseRepoContext() {
   const githubRepo = process.env.GITHUB_REPOSITORY;
@@ -152852,7 +153281,7 @@ function getGitHubUsageSummary() {
 }
 async function writeGitHubUsageSummaryToFile(path3) {
   const summary2 = getGitHubUsageSummary();
-  const tmpPath = join12(dirname3(path3), `.usage-summary-${process.pid}.tmp`);
+  const tmpPath = join14(dirname3(path3), `.usage-summary-${process.pid}.tmp`);
   await writeFile(tmpPath, JSON.stringify(summary2));
   await rename(tmpPath, path3);
 }
@@ -152902,253 +153331,6 @@ function createOctokit(token) {
   return octokit;
 }
 
-// utils/token.ts
-var core3 = __toESM(require_core(), 1);
-import assert2 from "node:assert/strict";
-var mcpTokenValue;
-function getJobToken() {
-  const inputToken = core3.getInput("token");
-  if (inputToken) {
-    return inputToken;
-  }
-  const fallbackToken = process.env.GH_TOKEN || process.env.GITHUB_TOKEN;
-  if (fallbackToken) {
-    return fallbackToken;
-  }
-  throw new Error("token input is required");
-}
-async function resolveTokens(params) {
-  assert2(!mcpTokenValue, "tokens are already resolved");
-  const externalToken = process.env.GH_TOKEN;
-  if (externalToken) {
-    mcpTokenValue = externalToken;
-    if (isGitHubActions) {
-      core3.setSecret(externalToken);
-    }
-    log.info("\xBB using external GH_TOKEN for both git and MCP");
-    return {
-      gitToken: externalToken,
-      mcpToken: externalToken,
-      async [Symbol.asyncDispose]() {
-        mcpTokenValue = void 0;
-      }
-    };
-  }
-  const gitPermissions = params.push === "disabled" ? { contents: "read" } : { contents: "write", workflows: "write" };
-  const gitToken = await acquireNewToken({ permissions: gitPermissions });
-  if (isGitHubActions) {
-    core3.setSecret(gitToken);
-  }
-  log.info(
-    `\xBB acquired git token (${Object.entries(gitPermissions).map((e) => e.join(":")).join(", ")})`
-  );
-  const mcpPermissions = {
-    contents: "write",
-    pull_requests: "write",
-    issues: "write",
-    checks: "read",
-    actions: "read"
-  };
-  const mcpToken = await acquireNewToken({ permissions: mcpPermissions });
-  if (isGitHubActions) {
-    core3.setSecret(mcpToken);
-  }
-  log.info(
-    `\xBB acquired scoped MCP token (${Object.entries(mcpPermissions).map((e) => e.join(":")).join(", ")})`
-  );
-  mcpTokenValue = mcpToken;
-  let disposingRef;
-  const dispose = async () => {
-    if (disposingRef) {
-      return disposingRef.promise;
-    }
-    disposingRef = Promise.withResolvers();
-    try {
-      mcpTokenValue = void 0;
-      await Promise.all([
-        revokeGitHubInstallationToken(gitToken),
-        revokeGitHubInstallationToken(mcpToken)
-      ]);
-    } finally {
-      removeSignalHandler();
-      disposingRef.resolve();
-      disposingRef = void 0;
-    }
-  };
-  const removeSignalHandler = onExitSignal(dispose);
-  return {
-    gitToken,
-    mcpToken,
-    [Symbol.asyncDispose]: dispose
-  };
-}
-function getGitHubInstallationToken() {
-  assert2(mcpTokenValue, "tokens not set. call resolveTokens first.");
-  return mcpTokenValue;
-}
-async function revokeGitHubInstallationToken(token) {
-  const apiUrl = process.env.GITHUB_API_URL || "https://api.github.com";
-  try {
-    await fetch(`${apiUrl}/installation/token`, {
-      method: "DELETE",
-      headers: {
-        Accept: "application/vnd.github+json",
-        Authorization: `Bearer ${token}`,
-        "X-GitHub-Api-Version": "2022-11-28"
-      }
-    });
-    log.debug("\xBB installation token revoked");
-  } catch (error49) {
-    log.info(
-      `Failed to revoke installation token: ${error49 instanceof Error ? error49.message : String(error49)}`
-    );
-  }
-}
-
-// utils/errorReport.ts
-async function reportErrorToComment(ctx) {
-  const formattedError = ctx.title ? `${ctx.title}
-
-${ctx.error}` : ctx.error;
-  const comment = ctx.toolState.progressComment;
-  if (!comment) {
-    return;
-  }
-  const repoContext = parseRepoContext();
-  const octokit = createOctokit(getGitHubInstallationToken());
-  const runId = process.env.GITHUB_RUN_ID ? Number.parseInt(process.env.GITHUB_RUN_ID, 10) : void 0;
-  const customParts = [];
-  if (runId) {
-    const apiUrl = getApiUrl();
-    customParts.push(
-      `[Rerun failed job \u2794](${apiUrl}/trigger/${repoContext.owner}/${repoContext.name}/${runId}?action=rerun)`
-    );
-  }
-  const footer = buildPullfrogFooter({
-    triggeredBy: true,
-    workflowRun: runId ? { owner: repoContext.owner, repo: repoContext.name, runId } : void 0,
-    customParts,
-    model: ctx.toolState.model
-  });
-  await updateProgressComment(
-    { octokit, owner: repoContext.owner, repo: repoContext.name },
-    comment,
-    `${formattedError}${footer}`
-  );
-  ctx.toolState.wasUpdated = true;
-}
-
-// utils/gitAuthServer.ts
-import { randomUUID as randomUUID3 } from "node:crypto";
-import { writeFileSync as writeFileSync9 } from "node:fs";
-import { createServer as createServer2 } from "node:http";
-import { join as join13 } from "node:path";
-var CODE_TTL_MS = 5 * 60 * 1e3;
-var TAMPER_WINDOW_MS = 6e4;
-function revokeGitHubToken(token) {
-  fetch("https://api.github.com/installation/token", {
-    method: "DELETE",
-    headers: {
-      Authorization: `Bearer ${token}`,
-      Accept: "application/vnd.github+json",
-      "User-Agent": "pullfrog"
-    }
-  }).then(
-    (r) => log.info(`token revocation response: ${r.status}`),
-    () => log.warning("token revocation request failed")
-  );
-}
-async function startGitAuthServer(tmpdir3) {
-  const codes = /* @__PURE__ */ new Map();
-  const server = createServer2((req, res) => {
-    if (req.method !== "GET") {
-      res.writeHead(405).end();
-      return;
-    }
-    const code = req.url?.slice(1);
-    if (!code) {
-      res.writeHead(400).end();
-      return;
-    }
-    const entry = codes.get(code);
-    if (!entry) {
-      res.writeHead(404).end();
-      return;
-    }
-    if (entry.state === "pending") {
-      entry.state = "consumed";
-      clearTimeout(entry.timeout);
-      entry.timeout = setTimeout(() => codes.delete(code), TAMPER_WINDOW_MS);
-      entry.timeout.unref();
-      res.writeHead(200, { "Content-Type": "text/plain" });
-      res.end(entry.token);
-      return;
-    }
-    log.info("askpass code used twice \u2014 revoking token");
-    revokeGitHubToken(entry.token);
-    clearTimeout(entry.timeout);
-    codes.delete(code);
-    res.writeHead(409, { "Content-Type": "text/plain" });
-    res.end("compromised");
-  });
-  await new Promise((resolve3, reject) => {
-    server.on("error", reject);
-    server.listen(0, "127.0.0.1", () => resolve3());
-  });
-  const rawAddr = server.address();
-  if (!rawAddr || typeof rawAddr === "string") {
-    throw new Error("git auth server failed to bind");
-  }
-  const port = rawAddr.port;
-  log.debug(`git auth server listening on 127.0.0.1:${port}`);
-  function register4(token) {
-    const code = randomUUID3();
-    const timeout = setTimeout(() => {
-      codes.delete(code);
-      log.debug(`git auth code expired: ${code.slice(0, 8)}...`);
-    }, CODE_TTL_MS);
-    timeout.unref();
-    codes.set(code, { token, state: "pending", timeout });
-    return code;
-  }
-  function writeAskpassScript(code) {
-    const scriptId = randomUUID3();
-    const scriptName = `askpass-${scriptId}.js`;
-    const scriptPath = join13(tmpdir3, scriptName);
-    const content = [
-      `#!/usr/bin/env node`,
-      `var a=process.argv[2]||"";`,
-      `if(/^Username/i.test(a)){process.stdout.write("x-access-token\\n")}`,
-      `else{var h=require("http");`,
-      `h.get("http://127.0.0.1:${port}/${code}",function(r){`,
-      `if(r.statusCode===409){process.stderr.write("askpass-compromised\\n");process.exit(1)}`,
-      `if(r.statusCode!==200){process.exit(1)}`,
-      `var d="";r.on("data",function(c){d+=c});`,
-      `r.on("end",function(){`,
-      `process.stdout.write(d+"\\n");`,
-      `try{require("fs").unlinkSync("${scriptPath.replace(/\\/g, "\\\\")}")}catch(e){}`,
-      `})}).on("error",function(){process.exit(1)})}`
-    ].join("\n");
-    writeFileSync9(scriptPath, content, { mode: 448 });
-    return scriptPath;
-  }
-  async function close() {
-    for (const entry of codes.values()) {
-      clearTimeout(entry.timeout);
-    }
-    codes.clear();
-    await new Promise((resolve3) => server.close(() => resolve3()));
-    log.debug("git auth server closed");
-  }
-  return {
-    port,
-    register: register4,
-    writeAskpassScript,
-    close,
-    [Symbol.asyncDispose]: close
-  };
-}
-
 // utils/instructions.ts
 import { execSync as execSync2 } from "node:child_process";
 function buildRuntimeContext(ctx) {
@@ -153341,7 +153523,7 @@ Rules:
 - Never push commits directly to the default branch or any protected branch (commonly: main, master, production, develop, staging). Always create a feature branch following the pattern: \`pullfrog/<issue-number>-<kebab-case-description>\` (e.g., \`pullfrog/123-fix-login-bug\`).
 - Never add co-author trailers (e.g., "Co-authored-by" or "Co-Authored-By") to commit messages.
 - Untracked files from tests or tooling (e.g. \`coverage/\`) often remain *after* your last commit and still block \`${t("push_branch")}\` \u2014 delete them, extend \`.gitignore\`, or only add files that truly belong in the repo.
-- \`${t("push_branch")}\` runs the repository's optional **prepush** hook before the network push. If the error includes \`lifecycle hook 'prepush' failed\` (with an exit code and script output after it), the hook script exited non-zero (commonly tests or lint). Fix that or change the hook \u2014 do not describe it as an infrastructure "timeout" unless the tool output or logs clearly show a timeout.
+- \`${t("push_branch")}\` runs the repository's optional **prepush** hook (commonly tests or lint) \u2014 best-effort. On failure the output is returned, the hook is latched off, and every subsequent \`${t("push_branch")}\` call this run skips it. If the failure is unrelated to your changes (pre-existing breakage, env-dependent test, flaky check), just call \`${t("push_branch")}\` again. If it could be a real bug in your code, ${ctx.payload.shell === "disabled" ? `fix it from the failure output (shell is disabled, so you can't re-run the hook)` : `re-run the hook via the shell tool to iterate \u2014 \`${t("push_branch")}\` itself won't re-run it`}. Don't describe the failure as an infrastructure "timeout" unless the tool output clearly shows one.
 - If push or PR creation fails, \`${t("report_progress")}\` must summarize using the **actual** error from the tool. Do not substitute vague causes unless they match what failed.
 
 ### GitHub
@@ -153369,11 +153551,9 @@ For maximum efficiency, whenever you need to perform multiple independent operat
 - listing multiple directories
 - inspecting multiple MCP tools or resources
 
-Do NOT parallelize operations that depend on prior output (e.g. create a file then read it), or ordered stateful mutations. Edits are not parallelizable \u2014 sequence those normally.${ctx.agentId === "opencode" ? `
+Do NOT parallelize operations that depend on prior output (e.g. create a file then read it), or ordered stateful mutations. Edits are not parallelizable \u2014 sequence those normally.
 
-On OpenCode you also have a \`batch\` tool that bundles 1-25 independent calls into one wrapper call. Reach for it whenever you have >=2 independent calls. Native parallel tool_use and \`batch\` both achieve one round trip instead of N \u2014 use whichever your provider supports best.` : `
-
-Emit multiple \`tool_use\` blocks in the same assistant message for independent calls \u2014 the runtime executes them concurrently. Do not wait for one tool result before issuing the next independent call.`}
+Emit multiple \`tool_use\` blocks in the same assistant message for independent calls \u2014 the runtime executes them concurrently. Do not wait for one tool result before issuing the next independent call.
 
 ### Command execution
 
@@ -153391,7 +153571,7 @@ When embedding images (e.g. uploaded screenshots) in comments or PR bodies, alwa
 
 **\`report_progress\`**: call this exactly once at the end of every run with a brief final summary (1-3 sentences) unless the mode guidance instructs otherwise. Never call it for intermediate status updates (e.g., "Checking for changes...", "Starting review...") \u2014 the task list handles live progress automatically. Calling \`report_progress\` replaces the task list with your summary and preserves the current task list in a collapsible section. Keep the summary concise \u2014 do not repeat what the task list already shows. Focus on the outcome (what was accomplished, links to artifacts) rather than listing individual steps. If something failed, include the tool's error text even when that makes the summary longer.
 
-Never use \`create_issue_comment\` for task progress \u2014 that creates duplicate comments and leaves the progress comment stuck in its initial state. \`create_issue_comment\` is only for standalone comments unrelated to your current task (e.g., Plan comments).
+Never use \`create_issue_comment\` for task progress \u2014 that creates duplicate comments and leaves the progress comment stuck in its initial state. \`create_issue_comment\` is only for standalone comments unrelated to your current task. Plan output (initial post AND revisions) goes through \`report_progress\` \u2014 see the Plan mode guidance for details.
 
 ### If you get stuck
 
@@ -153430,8 +153610,8 @@ function renderLearningsToc(headings) {
 }
 function buildLearningsSection(ctx) {
   if (!ctx.filePath) return "";
-  const intro = `Repo-level learnings accumulated by previous agent runs live at \`${ctx.filePath}\`. Use this file as durable context (test commands, conventions, gotchas, architecture notes).`;
-  const tocBody = ctx.headings.length === 0 ? "(no headings yet \u2014 file is empty or a flat list. read the whole file. during the post-run reflection turn, structure it with `## ` / `### ` headings so future runs can read targeted ranges.)" : `Read targeted line ranges via your native file tool \u2014 do NOT slurp the whole file. Each range starts at the section heading line, so reading the range gives you heading + body together.
+  const intro = `The repo-level learnings file at \`${ctx.filePath}\` holds durable context (test commands, conventions, gotchas, architecture notes) maintained across runs.`;
+  const tocBody = ctx.headings.length === 0 ? "(no headings yet \u2014 the file is empty or contains a flat list. read the whole file if it has content. during the post-run reflection turn, structure it with `## ` / `### ` headings so future runs can read targeted ranges.)" : `Read targeted line ranges via your native file tool \u2014 do NOT slurp the whole file. Each range starts at the section heading line, so reading the range gives you heading + body together. The ranges below are a run-start snapshot: any edit shifts the line numbers of every later section, so re-read the TOC range you need before relying on it.
 
 ${renderLearningsToc(ctx.headings)}`;
   return `************* LEARNINGS *************
@@ -153501,18 +153681,10 @@ function resolveInstructions(ctx) {
 
 // utils/learnings.ts
 import { mkdir, readFile as readFile2, writeFile as writeFile2 } from "node:fs/promises";
-import { dirname as dirname4, join as join14 } from "node:path";
-var LEARNINGS_FILE_NAME = "pullfrog-learnings.md";
+import { dirname as dirname4, join as join15 } from "node:path";
+
+// utils/learningsTruncate.ts
 var MAX_LEARNINGS_LENGTH = 1e5;
-function learningsFilePath(tmpdir3) {
-  return join14(tmpdir3, LEARNINGS_FILE_NAME);
-}
-async function seedLearningsFile(params) {
-  const path3 = learningsFilePath(params.tmpdir);
-  await mkdir(dirname4(path3), { recursive: true });
-  await writeFile2(path3, params.current ?? "", "utf8");
-  return path3;
-}
 var TRUNCATION_LINE_BOUNDARY_TOLERANCE = 4096;
 function truncateAtLineBoundary(body, cap) {
   if (body.length <= cap) return body;
@@ -153522,6 +153694,18 @@ function truncateAtLineBoundary(body, cap) {
   if (cap - lastNewline > TRUNCATION_LINE_BOUNDARY_TOLERANCE) return head;
   return head.slice(0, lastNewline);
 }
+
+// utils/learnings.ts
+var LEARNINGS_FILE_NAME = "pullfrog-learnings.md";
+function learningsFilePath(tmpdir3) {
+  return join15(tmpdir3, LEARNINGS_FILE_NAME);
+}
+async function seedLearningsFile(params) {
+  const path3 = learningsFilePath(params.tmpdir);
+  await mkdir(dirname4(path3), { recursive: true });
+  await writeFile2(path3, params.current ?? "", "utf8");
+  return path3;
+}
 async function readLearningsFile(path3) {
   let raw2;
   try {
@@ -153531,6 +153715,45 @@ async function readLearningsFile(path3) {
   }
   return truncateAtLineBoundary(raw2.trim(), MAX_LEARNINGS_LENGTH);
 }
+async function persistLearnings(ctx) {
+  const filePath = ctx.toolState.learningsFilePath;
+  if (!filePath) return;
+  if (ctx.toolState.learningsPersistAttempted) return;
+  ctx.toolState.learningsPersistAttempted = true;
+  const current = await readLearningsFile(filePath);
+  if (current === null) {
+    log.debug(`learnings tmpfile missing or unreadable at ${filePath} \u2014 skipping persist`);
+    return;
+  }
+  const seed = ctx.toolState.learningsSeed?.trim() ?? "";
+  if (current === seed) {
+    log.debug("learnings tmpfile unchanged from seed \u2014 skipping persist");
+    return;
+  }
+  try {
+    const response = await apiFetch({
+      path: `/api/repo/${ctx.repo.owner}/${ctx.repo.name}/learnings`,
+      method: "PATCH",
+      headers: {
+        authorization: `Bearer ${ctx.apiToken}`,
+        "content-type": "application/json"
+      },
+      body: JSON.stringify({
+        learnings: current,
+        model: ctx.toolState.model
+      }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!response.ok) {
+      const error49 = await response.text().catch(() => "(no body)");
+      log.warning(`learnings persist failed (${response.status}): ${error49}`);
+      return;
+    }
+    log.info("\xBB learnings updated");
+  } catch (err) {
+    log.warning(`learnings persist failed: ${err instanceof Error ? err.message : String(err)}`);
+  }
+}
 
 // utils/normalizeEnv.ts
 var core4 = __toESM(require_core(), 1);
@@ -153590,8 +153813,63 @@ function normalizeEnv() {
   }
 }
 
-// utils/payload.ts
+// utils/overrides.ts
 var core5 = __toESM(require_core(), 1);
+var DENIED_OVERRIDE_NAMES = /* @__PURE__ */ new Set([
+  "GITHUB_TOKEN",
+  "GH_TOKEN",
+  "ACTIONS_RUNTIME_TOKEN",
+  "ACTIONS_RUNTIME_URL",
+  "ACTIONS_ID_TOKEN_REQUEST_URL",
+  "ACTIONS_ID_TOKEN_REQUEST_TOKEN",
+  "ACTIONS_CACHE_URL",
+  "PULLFROG_API_SECRET",
+  "VERCEL_AUTOMATION_BYPASS_SECRET"
+]);
+function parseOverrides(raw2) {
+  const trimmed = raw2.trim();
+  if (!trimmed) return {};
+  let parsed2;
+  try {
+    parsed2 = JSON.parse(trimmed);
+  } catch (err) {
+    throw new Error(
+      `invalid UNSAFE_OVERRIDES: not valid JSON (${err instanceof Error ? err.message : String(err)})`
+    );
+  }
+  if (!parsed2 || typeof parsed2 !== "object" || Array.isArray(parsed2)) {
+    throw new Error(`invalid UNSAFE_OVERRIDES: must be a JSON object`);
+  }
+  const out = {};
+  for (const [key, value2] of Object.entries(parsed2)) {
+    if (typeof value2 !== "string") {
+      throw new Error(
+        `invalid UNSAFE_OVERRIDES: key "${key}" must have a string value (got ${typeof value2})`
+      );
+    }
+    out[key] = value2;
+  }
+  return out;
+}
+function applyOverrides(params) {
+  const overrides = parseOverrides(params.raw);
+  const applied = [];
+  const denied = [];
+  for (const [key, value2] of Object.entries(overrides)) {
+    if (DENIED_OVERRIDE_NAMES.has(key)) {
+      denied.push(key);
+      continue;
+    }
+    if (value2.length > 0) core5.setSecret(value2);
+    params.env[key] = value2;
+    applied.push(key);
+  }
+  delete params.env.UNSAFE_OVERRIDES;
+  return { applied, denied };
+}
+
+// utils/payload.ts
+var core6 = __toESM(require_core(), 1);
 import { isAbsolute as isAbsolute2, resolve as resolve2 } from "node:path";
 
 // utils/versioning.ts
@@ -153655,7 +153933,7 @@ function resolveCwd(cwd) {
   return workspace ? resolve2(workspace, cwd) : cwd;
 }
 function resolvePromptInput() {
-  const prompt = core5.getInput("prompt", { required: true });
+  const prompt = core6.getInput("prompt", { required: true });
   let parsed2;
   try {
     parsed2 = JSON.parse(prompt);
@@ -153671,11 +153949,11 @@ function resolvePromptInput() {
 }
 function resolveNonPromptInputs() {
   return Inputs.omit("prompt").assert({
-    model: core5.getInput("model") || void 0,
-    timeout: core5.getInput("timeout") || void 0,
-    cwd: core5.getInput("cwd") || void 0,
-    push: core5.getInput("push") || void 0,
-    shell: core5.getInput("shell") || void 0
+    model: core6.getInput("model") || void 0,
+    timeout: core6.getInput("timeout") || void 0,
+    cwd: core6.getInput("cwd") || void 0,
+    push: core6.getInput("push") || void 0,
+    shell: core6.getInput("shell") || void 0
   });
 }
 var isPullfrog = (actor) => {
@@ -153721,10 +153999,386 @@ function resolvePayload(resolvedPromptInput, repoSettings) {
     proxyModel: void 0
   };
 }
+function resolveOutputSchema() {
+  const raw2 = core6.getInput("output_schema");
+  if (!raw2) return void 0;
+  let parsed2;
+  try {
+    parsed2 = JSON.parse(raw2);
+  } catch {
+    throw new Error(`invalid output_schema: not valid JSON`);
+  }
+  if (!parsed2 || typeof parsed2 !== "object" || Array.isArray(parsed2)) {
+    throw new Error(`invalid output_schema: must be a JSON object`);
+  }
+  log.info("\xBB structured output schema provided \u2014 output will be required");
+  return parsed2;
+}
+
+// utils/proxy.ts
+var core8 = __toESM(require_core(), 1);
+
+// utils/billingErrors.ts
+var BillingError = class extends Error {
+  code;
+  declineCode;
+  needsReauthentication;
+  constructor(message, opts = {}) {
+    super(message);
+    this.name = "BillingError";
+    this.code = opts.code ?? null;
+    this.declineCode = opts.declineCode ?? null;
+    this.needsReauthentication = opts.needsReauthentication ?? false;
+  }
+};
+var TransientError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "TransientError";
+  }
+};
+function billingConsoleUrl(owner, anchor) {
+  return `https://pullfrog.com/console/${encodeURIComponent(owner)}#${anchor}`;
+}
+function formatBillingErrorSummary(error49, owner) {
+  if (error49.code === "router_requires_card") {
+    return [
+      "**Add a card to start using Pullfrog Router.**",
+      "",
+      "Router proxies OpenRouter at raw cost \u2014 no platform markup. Add a card and we'll auto-reload your wallet so runs keep flowing.",
+      "",
+      `[Add a card \u2192](${billingConsoleUrl(owner, "model-access")})`
+    ].join("\n");
+  }
+  if (error49.code === "router_balance_exhausted") {
+    return [
+      "**Your Pullfrog Router balance is exhausted.**",
+      "",
+      "You have a card on file but auto-reload is disabled, so runs paused once your balance went past the overdraft buffer.",
+      "",
+      `[Top up balance \u2192](${billingConsoleUrl(owner, "billing")}) \xB7 [Enable auto-reload \u2192](${billingConsoleUrl(owner, "model-access")})`
+    ].join("\n");
+  }
+  if (error49.code === "router_keylimit_exhausted") {
+    return [
+      "**This run was cut short \u2014 your Pullfrog Router balance ran out mid-run.**",
+      "",
+      "OpenRouter stopped the agent because the per-run budget was exhausted. Your wallet is now negative; top up or enable auto-reload to keep runs flowing.",
+      "",
+      `[Top up balance \u2192](${billingConsoleUrl(owner, "billing")}) \xB7 [Enable auto-reload \u2192](${billingConsoleUrl(owner, "model-access")})`
+    ].join("\n");
+  }
+  if (error49.code === "router_monthly_limit") {
+    return [
+      "**Pullfrog Router hit its monthly spend limit.**",
+      "",
+      "Auto-reloads are paused for the rest of this UTC month. Ask your admin to raise the cap, or wait for it to reset at 00:00 UTC on the 1st.",
+      "",
+      `[Adjust limit \u2192](${billingConsoleUrl(owner, "model-access")})`
+    ].join("\n");
+  }
+  if (error49.needsReauthentication) {
+    const code = error49.declineCode ?? "authentication_required";
+    return [
+      `**Your card issuer requires 3D Secure on every charge** (\`${code}\`).`,
+      "",
+      "Pullfrog can't complete a 3DS challenge from inside a workflow. Top up your Router balance once in Stripe Checkout \u2014 subsequent runs draw from the prepaid balance without re-triggering 3DS.",
+      "",
+      `[Top up balance \u2192](${billingConsoleUrl(owner, "billing")})`
+    ].join("\n");
+  }
+  if (error49.declineCode) {
+    return [
+      `**Your card was declined** (\`${error49.declineCode}\`).`,
+      "",
+      "Update your payment method and Pullfrog will retry on the next run.",
+      "",
+      `[Update payment method \u2192](${billingConsoleUrl(owner, "billing")})`
+    ].join("\n");
+  }
+  return [
+    "**Your Pullfrog balance is empty.**",
+    "",
+    "Top up your balance or enable auto-reload to keep runs flowing.",
+    "",
+    `[Manage billing \u2192](${billingConsoleUrl(owner, "billing")})`
+  ].join("\n");
+}
+function formatTransientErrorSummary(error49, owner) {
+  return [
+    "**Pullfrog billing is temporarily unavailable.**",
+    "",
+    error49.message,
+    "",
+    `Usually transient \u2014 the next dispatch should succeed. If it persists, check [status.pullfrog.com](https://status.pullfrog.com) or [your console](${billingConsoleUrl(owner, "billing")}).`
+  ].join("\n");
+}
+
+// utils/token.ts
+var core7 = __toESM(require_core(), 1);
+import assert2 from "node:assert/strict";
+var mcpTokenValue;
+function getJobToken() {
+  const inputToken = core7.getInput("token");
+  if (inputToken) {
+    return inputToken;
+  }
+  const fallbackToken = process.env.GH_TOKEN || process.env.GITHUB_TOKEN;
+  if (fallbackToken) {
+    return fallbackToken;
+  }
+  throw new Error("token input is required");
+}
+async function resolveTokens(params) {
+  assert2(!mcpTokenValue, "tokens are already resolved");
+  const externalToken = process.env.GH_TOKEN;
+  if (externalToken) {
+    mcpTokenValue = externalToken;
+    if (isGitHubActions) {
+      core7.setSecret(externalToken);
+    }
+    log.info("\xBB using external GH_TOKEN for both git and MCP");
+    return {
+      gitToken: externalToken,
+      mcpToken: externalToken,
+      async [Symbol.asyncDispose]() {
+        mcpTokenValue = void 0;
+      }
+    };
+  }
+  const gitPermissions = params.push === "disabled" ? { contents: "read" } : { contents: "write", workflows: "write" };
+  const gitToken = await acquireNewToken({ permissions: gitPermissions });
+  if (isGitHubActions) {
+    core7.setSecret(gitToken);
+  }
+  log.info(
+    `\xBB acquired git token (${Object.entries(gitPermissions).map((e) => e.join(":")).join(", ")})`
+  );
+  const mcpPermissions = {
+    contents: "write",
+    pull_requests: "write",
+    issues: "write",
+    checks: "read",
+    actions: "read"
+  };
+  const mcpToken = await acquireNewToken({ permissions: mcpPermissions });
+  if (isGitHubActions) {
+    core7.setSecret(mcpToken);
+  }
+  log.info(
+    `\xBB acquired scoped MCP token (${Object.entries(mcpPermissions).map((e) => e.join(":")).join(", ")})`
+  );
+  mcpTokenValue = mcpToken;
+  let disposingRef;
+  const dispose = async () => {
+    if (disposingRef) {
+      return disposingRef.promise;
+    }
+    disposingRef = Promise.withResolvers();
+    try {
+      mcpTokenValue = void 0;
+      await Promise.all([
+        revokeGitHubInstallationToken(gitToken),
+        revokeGitHubInstallationToken(mcpToken)
+      ]);
+    } finally {
+      removeSignalHandler();
+      disposingRef.resolve();
+      disposingRef = void 0;
+    }
+  };
+  const removeSignalHandler = onExitSignal(dispose);
+  return {
+    gitToken,
+    mcpToken,
+    [Symbol.asyncDispose]: dispose
+  };
+}
+function getGitHubInstallationToken() {
+  assert2(mcpTokenValue, "tokens not set. call resolveTokens first.");
+  return mcpTokenValue;
+}
+async function revokeGitHubInstallationToken(token) {
+  const apiUrl = process.env.GITHUB_API_URL || "https://api.github.com";
+  try {
+    await fetch(`${apiUrl}/installation/token`, {
+      method: "DELETE",
+      headers: {
+        Accept: "application/vnd.github+json",
+        Authorization: `Bearer ${token}`,
+        "X-GitHub-Api-Version": "2022-11-28"
+      }
+    });
+    log.debug("\xBB installation token revoked");
+  } catch (error49) {
+    log.info(
+      `Failed to revoke installation token: ${error49 instanceof Error ? error49.message : String(error49)}`
+    );
+  }
+}
+
+// utils/errorReport.ts
+async function reportErrorToComment(ctx) {
+  const formattedError = ctx.title ? `${ctx.title}
+
+${ctx.error}` : ctx.error;
+  const repoContext = parseRepoContext();
+  const octokit = createOctokit(getGitHubInstallationToken());
+  const runId = process.env.GITHUB_RUN_ID ? Number.parseInt(process.env.GITHUB_RUN_ID, 10) : void 0;
+  const customParts = [];
+  if (runId) {
+    const apiUrl = getApiUrl();
+    customParts.push(
+      `[Rerun failed job \u2794](${apiUrl}/trigger/${repoContext.owner}/${repoContext.name}/${runId}?action=rerun)`
+    );
+  }
+  const footer = buildPullfrogFooter({
+    triggeredBy: true,
+    workflowRun: runId ? { owner: repoContext.owner, repo: repoContext.name, runId } : void 0,
+    customParts,
+    model: ctx.toolState.model,
+    fallbackFrom: ctx.toolState.modelFallback?.from
+  });
+  const body = `${formattedError}${footer}`;
+  const comment = ctx.toolState.progressComment;
+  if (comment) {
+    await updateProgressComment(
+      { octokit, owner: repoContext.owner, repo: repoContext.name },
+      comment,
+      body
+    );
+    ctx.toolState.wasUpdated = true;
+    return;
+  }
+  if (!ctx.createIfMissing) return;
+  if (!ctx.toolState.issueNumber) return;
+  try {
+    const created = await octokit.rest.issues.createComment({
+      owner: repoContext.owner,
+      repo: repoContext.name,
+      issue_number: ctx.toolState.issueNumber,
+      body
+    });
+    ctx.toolState.progressComment = { id: created.data.id, type: "issue" };
+    ctx.toolState.wasUpdated = true;
+  } catch (error49) {
+    log.warning(
+      `[errorReport] fallback comment create failed: ${error49 instanceof Error ? error49.message : String(error49)}`
+    );
+  }
+}
+
+// utils/proxy.ts
+async function mintProxyKey(ctx) {
+  try {
+    const headers = await buildProxyTokenHeaders(ctx);
+    if (!headers) return null;
+    const response = await apiFetch({
+      path: "/api/proxy-token",
+      method: "POST",
+      headers
+    });
+    if (response.status === 402) {
+      const body = await response.json().catch(() => null);
+      throw new BillingError(body?.error ?? "insufficient balance", {
+        code: body?.code ?? null,
+        declineCode: body?.declineCode ?? null,
+        needsReauthentication: body?.needsReauthentication ?? false
+      });
+    }
+    if (response.status === 503) {
+      const body = await response.json().catch(() => null);
+      throw new TransientError(
+        body?.error ?? "billing service temporarily unavailable \u2014 retry shortly"
+      );
+    }
+    if (!response.ok) {
+      log.warning(`proxy key mint failed (${response.status})`);
+      return null;
+    }
+    const data = await response.json();
+    return data.key;
+  } catch (error49) {
+    if (error49 instanceof BillingError) throw error49;
+    if (error49 instanceof TransientError) throw error49;
+    log.warning(`proxy key mint error: ${error49 instanceof Error ? error49.message : String(error49)}`);
+    return null;
+  } finally {
+    delete process.env.ACTIONS_ID_TOKEN_REQUEST_URL;
+    delete process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN;
+  }
+}
+async function buildProxyTokenHeaders(ctx) {
+  if (ctx.oidcCredentials) {
+    process.env.ACTIONS_ID_TOKEN_REQUEST_URL = ctx.oidcCredentials.requestUrl;
+    process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN = ctx.oidcCredentials.requestToken;
+    const oidcToken = await core8.getIDToken("pullfrog-api");
+    delete process.env.ACTIONS_ID_TOKEN_REQUEST_URL;
+    delete process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN;
+    return { Authorization: `Bearer ${oidcToken}` };
+  }
+  if (isLocalApiUrl()) {
+    log.info(`\xBB proxy: dev bypass (x-dev-repo) for ${ctx.repo.owner}/${ctx.repo.name}`);
+    return { "x-dev-repo": `${ctx.repo.owner}/${ctx.repo.name}` };
+  }
+  return null;
+}
+async function resolveProxyModel(ctx) {
+  if (process.env.PULLFROG_MODEL?.trim()) return;
+  if (!ctx.proxyModel) return;
+  if (!ctx.oidcCredentials && !isLocalApiUrl()) {
+    log.warning("\xBB proxy requested but no OIDC credentials available \u2014 skipping");
+    return;
+  }
+  const key = await mintProxyKey({ oidcCredentials: ctx.oidcCredentials, repo: ctx.repo });
+  if (!key) return;
+  process.env.OPENROUTER_API_KEY = key;
+  core8.setSecret(key);
+  ctx.payload.proxyModel = ctx.proxyModel;
+  const label = ctx.oss ? "oss" : "router";
+  log.info(`\xBB proxy: ${label} \u2192 ${ctx.proxyModel}`);
+}
+async function runProxyResolution(ctx) {
+  try {
+    await resolveProxyModel({
+      payload: ctx.payload,
+      oss: ctx.oss,
+      proxyModel: ctx.proxyModel,
+      oidcCredentials: ctx.oidcCredentials,
+      repo: ctx.repo
+    });
+  } catch (error49) {
+    if (error49 instanceof BillingError) {
+      const summary2 = formatBillingErrorSummary(error49, ctx.repo.owner);
+      await writeSummary(summary2).catch(() => {
+      });
+      await reportErrorToComment({
+        toolState: ctx.toolState,
+        error: summary2,
+        createIfMissing: true
+      }).catch(() => {
+      });
+      throw error49;
+    }
+    if (error49 instanceof TransientError) {
+      const summary2 = formatTransientErrorSummary(error49, ctx.repo.owner);
+      await writeSummary(summary2).catch(() => {
+      });
+      await reportErrorToComment({
+        toolState: ctx.toolState,
+        error: summary2,
+        createIfMissing: true
+      }).catch(() => {
+      });
+      throw error49;
+    }
+    throw error49;
+  }
+}
 
 // utils/prSummary.ts
 import { mkdir as mkdir2, readFile as readFile3, writeFile as writeFile3 } from "node:fs/promises";
-import { dirname as dirname5, join as join15 } from "node:path";
+import { dirname as dirname5, join as join16 } from "node:path";
 var SUMMARY_FILE_NAME = "pullfrog-summary.md";
 var SUMMARY_SCAFFOLD = `# PR summary
 
@@ -153734,7 +154388,7 @@ var SUMMARY_SCAFFOLD = `# PR summary
 var MIN_SNAPSHOT_LENGTH = 60;
 var MAX_SNAPSHOT_LENGTH = 32768;
 function summaryFilePath(tmpdir3) {
-  return join15(tmpdir3, SUMMARY_FILE_NAME);
+  return join16(tmpdir3, SUMMARY_FILE_NAME);
 }
 async function seedSummaryFile(params) {
   const path3 = summaryFilePath(params.tmpdir);
@@ -153755,76 +154409,43 @@ async function readSummaryFile(path3) {
   if (trimmed.length > MAX_SNAPSHOT_LENGTH) return trimmed.slice(0, MAX_SNAPSHOT_LENGTH);
   return trimmed;
 }
-
-// utils/reviewCleanup.ts
-var RE_REVIEW_PREAMBLE = "Incrementally re-review the new commits on this pull request. Use the IncrementalReview mode.";
-async function postReviewCleanup(ctx) {
-  const review = ctx.toolState.review;
-  if (!review) return;
-  delete ctx.toolState.review;
-  await bestEffort(() => reportReviewNodeId(ctx, { nodeId: review.nodeId }), "reportReviewNodeId");
-  if (review.reviewedSha) {
-    await bestEffort(
-      () => dispatchFollowUpReReview(ctx, review.reviewedSha),
-      "follow-up re-review dispatch"
-    );
-  }
-}
-async function bestEffort(fn2, label) {
+async function fetchPreviousSnapshot(ctx, prNumber) {
+  if (!ctx.githubInstallationToken) return null;
   try {
-    await fn2();
-  } catch (error49) {
-    log.debug(`${label} failed: ${error49}`);
+    const response = await apiFetch({
+      path: `/api/repo/${ctx.repo.owner}/${ctx.repo.name}/pr/${prNumber}/summary-comment`,
+      method: "GET",
+      headers: { authorization: `Bearer ${ctx.githubInstallationToken}` },
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!response.ok) return null;
+    const data = await response.json();
+    return typeof data.snapshot === "string" && data.snapshot.length > 0 ? data.snapshot : null;
+  } catch {
+    return null;
   }
 }
-async function dispatchFollowUpReReview(ctx, reviewedSha) {
-  const issueNumber = ctx.payload.event.issue_number;
-  if (!issueNumber) return;
-  const pr = await ctx.octokit.rest.pulls.get({
-    owner: ctx.repo.owner,
-    repo: ctx.repo.name,
-    pull_number: issueNumber
-  });
-  if (pr.data.head.sha === reviewedSha) return;
-  if (pr.data.state !== "open") return;
-  if (pr.data.draft) return;
-  log.info(
-    `safety net: pr HEAD moved from ${reviewedSha.slice(0, 7)} to ${pr.data.head.sha.slice(0, 7)} and agent did not review inline \u2014 dispatching follow-up re-review`
-  );
-  const event = {
-    trigger: "pull_request_synchronize",
-    issue_number: issueNumber,
-    is_pr: true,
-    title: pr.data.title,
-    body: null,
-    branch: pr.data.head.ref,
-    before_sha: reviewedSha,
-    silent: true
-  };
-  if (ctx.payload.event.authorPermission) {
-    event.authorPermission = ctx.payload.event.authorPermission;
+async function persistSummary(ctx) {
+  const filePath = ctx.toolState.summaryFilePath;
+  if (!filePath) return;
+  if (ctx.toolState.summaryPersistAttempted) return;
+  ctx.toolState.summaryPersistAttempted = true;
+  const snapshot2 = await readSummaryFile(filePath);
+  if (!snapshot2) {
+    log.debug(`pr summary tmpfile missing or invalid at ${filePath} \u2014 skipping persist`);
+    return;
   }
-  const payload = {
-    "~pullfrog": true,
-    version: ctx.payload.version,
-    model: ctx.payload.model,
-    prompt: "",
-    eventInstructions: RE_REVIEW_PREAMBLE,
-    event
-  };
-  await ctx.octokit.rest.actions.createWorkflowDispatch({
-    owner: ctx.repo.owner,
-    repo: ctx.repo.name,
-    workflow_id: getCurrentWorkflowFilename(),
-    ref: pr.data.base.repo.default_branch,
-    inputs: { prompt: JSON.stringify(payload) }
+  const seed = ctx.toolState.summarySeed?.trim();
+  if (seed !== void 0 && snapshot2 === seed) {
+    log.warning(
+      "\xBB pr summary tmpfile unchanged from seed \u2014 skipping persist (agent did not edit it)"
+    );
+    return;
+  }
+  await patchWorkflowRunFields(ctx, { summarySnapshot: snapshot2 }).catch((err) => {
+    log.debug(`pr summary persist failed: ${err instanceof Error ? err.message : String(err)}`);
   });
 }
-function getCurrentWorkflowFilename() {
-  const ref = process.env.GITHUB_WORKFLOW_REF ?? "";
-  const match3 = ref.match(/\/([^/]+)@/);
-  return match3?.[1] ?? "pullfrog.yml";
-}
 
 // utils/run.ts
 async function handleAgentResult(ctx) {
@@ -153860,10 +154481,10 @@ async function handleAgentResult(ctx) {
   };
 }
 
+// utils/runContextData.ts
+var core9 = __toESM(require_core(), 1);
+
 // utils/runContext.ts
-function isInfraCovered(params) {
-  return params.isOss || params.plan === "payg";
-}
 var defaultSettings = {
   model: null,
   modes: [],
@@ -153933,13 +154554,12 @@ async function fetchRunContext(params) {
 }
 
 // utils/runContextData.ts
-var core6 = __toESM(require_core(), 1);
 async function resolveRunContextData(params) {
   log.info(`\xBB running Pullfrog v${package_default.version}...`);
   const repoContext = parseRepoContext();
   let oidcToken;
   try {
-    oidcToken = await core6.getIDToken("pullfrog-api");
+    oidcToken = await core9.getIDToken("pullfrog-api");
   } catch {
   }
   const [repoResponse, runContext] = await Promise.all([
@@ -153961,13 +154581,240 @@ async function resolveRunContextData(params) {
   };
 }
 
+// utils/runErrorRenderer.ts
+function renderRunError(input) {
+  const billingError = isRouterKeylimitExhaustedError(input.errorMessage) ? new BillingError(input.errorMessage, { code: "router_keylimit_exhausted" }) : null;
+  if (billingError) {
+    const body = formatBillingErrorSummary(billingError, input.repo.owner);
+    return { summary: body, comment: body };
+  }
+  const isHang = input.errorMessage.startsWith("activity timeout") || input.errorMessage.startsWith("agent still pending");
+  const hangBody = isHang ? formatAgentHangBody({
+    diagnostic: input.agentDiagnostic,
+    isHang: true,
+    errorMessage: input.errorMessage
+  }) : null;
+  const apiKeySource = hangBody ?? input.errorMessage;
+  const apiKeyErrorSummary = isApiKeyAuthError(apiKeySource) ? formatApiKeyErrorSummary({
+    owner: input.repo.owner,
+    name: input.repo.name,
+    raw: apiKeySource
+  }) : null;
+  if (apiKeyErrorSummary) {
+    return { summary: apiKeyErrorSummary, comment: apiKeyErrorSummary };
+  }
+  if (hangBody) {
+    return {
+      summary: `### \u274C Pullfrog failed
+
+${hangBody}`,
+      comment: hangBody
+    };
+  }
+  return {
+    summary: `### \u274C Pullfrog failed
+
+\`\`\`
+${input.errorMessage}
+\`\`\``,
+    comment: input.errorMessage
+  };
+}
+
+// utils/runLifecycle.ts
+var core10 = __toESM(require_core(), 1);
+
+// utils/reviewCleanup.ts
+var RE_REVIEW_PREAMBLE = "Incrementally re-review the new commits on this pull request. Use the IncrementalReview mode.";
+async function postReviewCleanup(ctx) {
+  const review = ctx.toolState.review;
+  if (!review) return;
+  delete ctx.toolState.review;
+  await bestEffort(() => reportReviewNodeId(ctx, { nodeId: review.nodeId }), "reportReviewNodeId");
+  if (review.reviewedSha) {
+    await bestEffort(
+      () => dispatchFollowUpReReview(ctx, review.reviewedSha),
+      "follow-up re-review dispatch"
+    );
+  }
+}
+async function bestEffort(fn2, label) {
+  try {
+    await fn2();
+  } catch (error49) {
+    log.debug(`${label} failed: ${error49}`);
+  }
+}
+async function dispatchFollowUpReReview(ctx, reviewedSha) {
+  const issueNumber = ctx.payload.event.issue_number;
+  if (!issueNumber) return;
+  const pr = await ctx.octokit.rest.pulls.get({
+    owner: ctx.repo.owner,
+    repo: ctx.repo.name,
+    pull_number: issueNumber
+  });
+  if (pr.data.head.sha === reviewedSha) return;
+  if (pr.data.state !== "open") return;
+  if (pr.data.draft) return;
+  log.info(
+    `safety net: pr HEAD moved from ${reviewedSha.slice(0, 7)} to ${pr.data.head.sha.slice(0, 7)} and agent did not review inline \u2014 dispatching follow-up re-review`
+  );
+  const event = {
+    trigger: "pull_request_synchronize",
+    issue_number: issueNumber,
+    is_pr: true,
+    title: pr.data.title,
+    body: null,
+    branch: pr.data.head.ref,
+    before_sha: reviewedSha,
+    silent: true
+  };
+  if (ctx.payload.event.authorPermission) {
+    event.authorPermission = ctx.payload.event.authorPermission;
+  }
+  const payload = {
+    "~pullfrog": true,
+    version: ctx.payload.version,
+    model: ctx.payload.model,
+    prompt: "",
+    eventInstructions: RE_REVIEW_PREAMBLE,
+    event
+  };
+  await ctx.octokit.rest.actions.createWorkflowDispatch({
+    owner: ctx.repo.owner,
+    repo: ctx.repo.name,
+    workflow_id: getCurrentWorkflowFilename(),
+    ref: pr.data.base.repo.default_branch,
+    inputs: { prompt: JSON.stringify(payload) }
+  });
+}
+function getCurrentWorkflowFilename() {
+  const ref = process.env.GITHUB_WORKFLOW_REF ?? "";
+  const match3 = ref.match(/\/([^/]+)@/);
+  return match3?.[1] ?? "pullfrog.yml";
+}
+
+// utils/runLifecycle.ts
+async function persistRunArtifacts(toolContext) {
+  await postReviewCleanup(toolContext).catch((error49) => {
+    log.debug(`post-review cleanup failed: ${error49}`);
+  });
+  await persistSummary(toolContext);
+  await persistLearnings(toolContext);
+}
+async function finalizeSuccessRun(input) {
+  await persistRunArtifacts(input.toolContext);
+  if (!input.result.success && input.toolState.progressComment) {
+    const rawError = input.result.error || "agent run failed";
+    const errorBody = isApiKeyAuthError(rawError) ? formatApiKeyErrorSummary({
+      owner: input.repo.owner,
+      name: input.repo.name,
+      raw: rawError
+    }) : rawError;
+    await reportErrorToComment({ toolState: input.toolState, error: errorBody }).catch((error49) => {
+      log.debug(`failure error report failed: ${error49}`);
+    });
+  }
+  if (input.result.success && input.toolState.progressComment && !input.toolState.finalSummaryWritten) {
+    await deleteProgressComment(input.toolContext).catch((error49) => {
+      log.debug(`stranded progress comment cleanup failed: ${error49}`);
+    });
+  }
+  try {
+    const usageSummary = formatUsageSummary(input.toolState.usageEntries);
+    const body = input.toolState.lastProgressBody || input.result.output;
+    const parts = [body, usageSummary].filter(Boolean);
+    if (parts.length > 0) {
+      await writeSummary(parts.join("\n\n"));
+    }
+  } catch (error49) {
+    log.debug(`job summary write failed: ${error49}`);
+  }
+  if (input.toolState.output) {
+    log.info(`::pullfrog-output::${Buffer.from(input.toolState.output).toString("base64")}`);
+    core10.setOutput("result", input.toolState.output);
+  }
+}
+async function writeRunErrorOutputs(input) {
+  try {
+    const usageSummary = formatUsageSummary(input.toolState.usageEntries);
+    const parts = [input.rendered.summary, input.toolState.lastProgressBody, usageSummary].filter(
+      Boolean
+    );
+    await writeSummary(parts.join("\n\n"));
+  } catch {
+  }
+  try {
+    await reportErrorToComment({ toolState: input.toolState, error: input.rendered.comment });
+  } catch {
+  }
+}
+
+// utils/time.ts
+var TIMEOUT_DISABLED = "none";
+var TIME_STRING_REGEX = /^(?:(\d+)h)?(?:(\d+)m)?(?:(\d+)s)?$/;
+function parseTimeString(input) {
+  const match3 = input.match(TIME_STRING_REGEX);
+  if (!match3 || !match3[1] && !match3[2] && !match3[3]) return null;
+  const hours = parseInt(match3[1] || "0", 10);
+  const minutes = parseInt(match3[2] || "0", 10);
+  const seconds = parseInt(match3[3] || "0", 10);
+  return (hours * 3600 + minutes * 60 + seconds) * 1e3;
+}
+var TIMEOUT_MAX_MS = 2147483647;
+function resolveTimeoutMs(input) {
+  if (!input) return null;
+  const parsed2 = parseTimeString(input);
+  if (parsed2 === null || parsed2 <= 0 || parsed2 > TIMEOUT_MAX_MS) return null;
+  return parsed2;
+}
+
+// utils/runStartupLog.ts
+function resolveTimeoutForLog(timeout) {
+  if (!timeout) return "1h (default)";
+  if (timeout === TIMEOUT_DISABLED) return "none (disabled)";
+  return timeout;
+}
+function resolveModelForLog(ctx) {
+  const envModel = process.env.PULLFROG_MODEL?.trim();
+  if (envModel) return `${envModel} (override via PULLFROG_MODEL)`;
+  if (ctx.payload.proxyModel) return `${ctx.payload.proxyModel} (proxy)`;
+  if (ctx.resolvedModel && ctx.payload.model && ctx.payload.model !== ctx.resolvedModel) {
+    return `${ctx.resolvedModel} (resolved from ${ctx.payload.model})`;
+  }
+  if (ctx.resolvedModel) return ctx.resolvedModel;
+  if (ctx.payload.model) return `${ctx.payload.model} (unresolved)`;
+  return "auto";
+}
+function resolveAgentForLog(ctx) {
+  const envAgent = process.env.PULLFROG_AGENT?.trim();
+  if (envAgent && envAgent === ctx.agentName) {
+    return `${ctx.agentName} (override via PULLFROG_AGENT)`;
+  }
+  if (ctx.agentName === "claude" && ctx.resolvedModel) {
+    return `${ctx.agentName} (auto-selected for ${ctx.resolvedModel})`;
+  }
+  return ctx.agentName;
+}
+function logRunStartup(ctx) {
+  log.info(
+    `\xBB model:   ${resolveModelForLog({ payload: ctx.payload, resolvedModel: ctx.resolvedModel })}`
+  );
+  log.info(
+    `\xBB agent:   ${resolveAgentForLog({ agentName: ctx.agentName, resolvedModel: ctx.resolvedModel })}`
+  );
+  log.info(`\xBB push:    ${ctx.payload.push}`);
+  log.info(`\xBB shell:   ${ctx.payload.shell}`);
+  log.info(`\xBB timeout: ${resolveTimeoutForLog(ctx.payload.timeout)}`);
+}
+
 // utils/setup.ts
 import { execFileSync as execFileSync5, execSync as execSync3 } from "node:child_process";
 import { mkdtempSync } from "node:fs";
 import { tmpdir as tmpdir2 } from "node:os";
-import { join as join16 } from "node:path";
+import { join as join17 } from "node:path";
 function createTempDirectory() {
-  const sharedTempDir = mkdtempSync(join16(tmpdir2(), "pullfrog-"));
+  const sharedTempDir = mkdtempSync(join17(tmpdir2(), "pullfrog-"));
   process.env.PULLFROG_TEMP_DIR = sharedTempDir;
   log.info(`\xBB created temp dir at ${sharedTempDir}`);
   return sharedTempDir;
@@ -154071,25 +154918,6 @@ async function setupGit(params) {
   log.info("\xBB git authentication configured");
 }
 
-// utils/time.ts
-var TIMEOUT_DISABLED = "none";
-var TIME_STRING_REGEX = /^(?:(\d+)h)?(?:(\d+)m)?(?:(\d+)s)?$/;
-function parseTimeString(input) {
-  const match3 = input.match(TIME_STRING_REGEX);
-  if (!match3 || !match3[1] && !match3[2] && !match3[3]) return null;
-  const hours = parseInt(match3[1] || "0", 10);
-  const minutes = parseInt(match3[2] || "0", 10);
-  const seconds = parseInt(match3[3] || "0", 10);
-  return (hours * 3600 + minutes * 60 + seconds) * 1e3;
-}
-var TIMEOUT_MAX_MS = 2147483647;
-function resolveTimeoutMs(input) {
-  if (!input) return null;
-  const parsed2 = parseTimeString(input);
-  if (parsed2 === null || parsed2 <= 0 || parsed2 > TIMEOUT_MAX_MS) return null;
-  return parsed2;
-}
-
 // utils/todoTracking.ts
 function isValidTodoStatus(value2) {
   return value2 === "pending" || value2 === "in_progress" || value2 === "completed" || value2 === "cancelled";
@@ -154226,305 +155054,42 @@ async function resolveRun(params) {
   let jobId;
   const jobName = process.env.GITHUB_JOB;
   if (jobName && runId) {
-    const jobs = await params.octokit.rest.actions.listJobsForWorkflowRun({
-      owner,
-      repo,
-      run_id: runId
-    });
-    const matchingJob = jobs.data.jobs.find((job) => job.name === jobName);
-    if (matchingJob) {
-      jobId = String(matchingJob.id);
-      log.debug(`\xBB found job ID: ${jobId}`);
+    try {
+      const jobs = await params.octokit.rest.actions.listJobsForWorkflowRun({
+        owner,
+        repo,
+        run_id: runId
+      });
+      const matchingJob = jobs.data.jobs.find((job) => job.name === jobName);
+      if (matchingJob) {
+        jobId = String(matchingJob.id);
+        log.debug(`\xBB found job ID: ${jobId}`);
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      log.debug(`\xBB listJobsForWorkflowRun failed (jobId stays undefined): ${msg}`);
     }
   }
   return { runId, jobId };
 }
 
 // main.ts
-function resolveOutputSchema() {
-  const raw2 = core7.getInput("output_schema");
-  if (!raw2) return void 0;
-  let parsed2;
-  try {
-    parsed2 = JSON.parse(raw2);
-  } catch {
-    throw new Error(`invalid output_schema: not valid JSON`);
-  }
-  if (!parsed2 || typeof parsed2 !== "object" || Array.isArray(parsed2)) {
-    throw new Error(`invalid output_schema: must be a JSON object`);
-  }
-  log.info("\xBB structured output schema provided \u2014 output will be required");
-  return parsed2;
-}
-function resolveTimeoutForLog(timeout) {
-  if (!timeout) return "1h (default)";
-  if (timeout === TIMEOUT_DISABLED) return "none (disabled)";
-  return timeout;
-}
-function resolveModelForLog(ctx) {
-  const envModel = process.env.PULLFROG_MODEL?.trim();
-  if (envModel) return `${envModel} (override via PULLFROG_MODEL)`;
-  if (ctx.payload.proxyModel) return `${ctx.payload.proxyModel} (proxy)`;
-  if (ctx.resolvedModel && ctx.payload.model && ctx.payload.model !== ctx.resolvedModel) {
-    return `${ctx.resolvedModel} (resolved from ${ctx.payload.model})`;
-  }
-  if (ctx.resolvedModel) return ctx.resolvedModel;
-  if (ctx.payload.model) return `${ctx.payload.model} (unresolved)`;
-  return "auto";
-}
-function resolveAgentForLog(ctx) {
-  const envAgent = process.env.PULLFROG_AGENT?.trim();
-  if (envAgent && envAgent === ctx.agentName) {
-    return `${ctx.agentName} (override via PULLFROG_AGENT)`;
-  }
-  if (ctx.agentName === "claude" && ctx.resolvedModel) {
-    return `${ctx.agentName} (auto-selected for ${ctx.resolvedModel})`;
-  }
-  return ctx.agentName;
-}
-var BillingError = class extends Error {
-  code;
-  declineCode;
-  needsReauthentication;
-  constructor(message, opts = {}) {
-    super(message);
-    this.name = "BillingError";
-    this.code = opts.code ?? null;
-    this.declineCode = opts.declineCode ?? null;
-    this.needsReauthentication = opts.needsReauthentication ?? false;
-  }
-};
-var TransientError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "TransientError";
-  }
-};
-function billingConsoleUrl(owner, anchor) {
-  return `https://pullfrog.com/console/${encodeURIComponent(owner)}#${anchor}`;
-}
-function formatBillingErrorSummary(error49, owner) {
-  if (error49.code === "router_requires_card") {
-    return [
-      "**Add a card to start using Pullfrog Router.**",
-      "",
-      "Router proxies OpenRouter at raw cost \u2014 no platform markup. Add a card and we'll auto-reload your wallet so runs keep flowing.",
-      "",
-      `[Add a card \u2192](${billingConsoleUrl(owner, "model-access")})`
-    ].join("\n");
-  }
-  if (error49.code === "router_balance_exhausted") {
-    return [
-      "**Your Pullfrog Router balance is exhausted.**",
-      "",
-      "You have a card on file but auto-reload is disabled, so runs paused once your balance went past the overdraft buffer.",
-      "",
-      `[Top up balance \u2192](${billingConsoleUrl(owner, "billing")}) \xB7 [Enable auto-reload \u2192](${billingConsoleUrl(owner, "model-access")})`
-    ].join("\n");
-  }
-  if (error49.code === "router_keylimit_exhausted") {
-    return [
-      "**This run was cut short \u2014 your Pullfrog Router balance ran out mid-run.**",
-      "",
-      "OpenRouter stopped the agent because the per-run budget was exhausted. Your wallet is now negative; top up or enable auto-reload to keep runs flowing.",
-      "",
-      `[Top up balance \u2192](${billingConsoleUrl(owner, "billing")}) \xB7 [Enable auto-reload \u2192](${billingConsoleUrl(owner, "model-access")})`
-    ].join("\n");
-  }
-  if (error49.needsReauthentication) {
-    const code = error49.declineCode ?? "authentication_required";
-    return [
-      `**Your card issuer requires 3D Secure on every charge** (\`${code}\`).`,
-      "",
-      "Pullfrog can't complete a 3DS challenge from inside a workflow. Top up your Router balance once in Stripe Checkout \u2014 subsequent runs draw from the prepaid balance without re-triggering 3DS.",
-      "",
-      `[Top up balance \u2192](${billingConsoleUrl(owner, "billing")})`
-    ].join("\n");
-  }
-  if (error49.declineCode) {
-    return [
-      `**Your card was declined** (\`${error49.declineCode}\`).`,
-      "",
-      "Update your payment method and Pullfrog will retry on the next run.",
-      "",
-      `[Update payment method \u2192](${billingConsoleUrl(owner, "billing")})`
-    ].join("\n");
-  }
-  return [
-    "**Your Pullfrog balance is empty.**",
-    "",
-    "Top up your balance or enable auto-reload to keep runs flowing.",
-    "",
-    `[Manage billing \u2192](${billingConsoleUrl(owner, "billing")})`
-  ].join("\n");
-}
-function formatTransientErrorSummary(error49, owner) {
-  return [
-    "**Pullfrog billing is temporarily unavailable.**",
-    "",
-    error49.message,
-    "",
-    `Usually transient \u2014 the next dispatch should succeed. If it persists, check [status.pullfrog.com](https://status.pullfrog.com) or [your console](${billingConsoleUrl(owner, "billing")}).`
-  ].join("\n");
-}
-async function mintProxyKey(ctx) {
-  try {
-    const headers = await buildProxyTokenHeaders(ctx);
-    if (!headers) return null;
-    const response = await apiFetch({
-      path: "/api/proxy-token",
-      method: "POST",
-      headers
-    });
-    if (response.status === 402) {
-      const body = await response.json().catch(() => null);
-      throw new BillingError(body?.error ?? "insufficient balance", {
-        code: body?.code ?? null,
-        declineCode: body?.declineCode ?? null,
-        needsReauthentication: body?.needsReauthentication ?? false
-      });
-    }
-    if (response.status === 503) {
-      const body = await response.json().catch(() => null);
-      throw new TransientError(
-        body?.error ?? "billing service temporarily unavailable \u2014 retry shortly"
-      );
-    }
-    if (!response.ok) {
-      log.warning(`proxy key mint failed (${response.status})`);
-      return null;
-    }
-    const data = await response.json();
-    return data.key;
-  } catch (error49) {
-    if (error49 instanceof BillingError) throw error49;
-    if (error49 instanceof TransientError) throw error49;
-    log.warning(`proxy key mint error: ${error49 instanceof Error ? error49.message : String(error49)}`);
-    return null;
-  } finally {
-    delete process.env.ACTIONS_ID_TOKEN_REQUEST_URL;
-    delete process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN;
-  }
-}
-async function buildProxyTokenHeaders(ctx) {
-  if (ctx.oidcCredentials) {
-    process.env.ACTIONS_ID_TOKEN_REQUEST_URL = ctx.oidcCredentials.requestUrl;
-    process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN = ctx.oidcCredentials.requestToken;
-    const oidcToken = await core7.getIDToken("pullfrog-api");
-    delete process.env.ACTIONS_ID_TOKEN_REQUEST_URL;
-    delete process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN;
-    return { Authorization: `Bearer ${oidcToken}` };
-  }
-  if (isLocalApiUrl()) {
-    log.info(`\xBB proxy: dev bypass (x-dev-repo) for ${ctx.repo.owner}/${ctx.repo.name}`);
-    return { "x-dev-repo": `${ctx.repo.owner}/${ctx.repo.name}` };
-  }
-  return null;
-}
-async function resolveProxyModel(ctx) {
-  if (process.env.PULLFROG_MODEL?.trim()) return;
-  const needsProxy = isInfraCovered({ isOss: ctx.oss, plan: ctx.plan }) && ctx.proxyModel;
-  if (!needsProxy) return;
-  if (!ctx.oidcCredentials && !isLocalApiUrl()) {
-    log.warning("\xBB proxy requested but no OIDC credentials available \u2014 skipping");
-    return;
-  }
-  const key = await mintProxyKey({ oidcCredentials: ctx.oidcCredentials, repo: ctx.repo });
-  if (!key) return;
-  process.env.OPENROUTER_API_KEY = key;
-  core7.setSecret(key);
-  ctx.payload.proxyModel = ctx.proxyModel;
-  const label = ctx.oss ? "oss" : "router";
-  log.info(`\xBB proxy: ${label} \u2192 ${ctx.proxyModel}`);
-}
-async function fetchPreviousSnapshot(ctx, prNumber) {
-  if (!ctx.githubInstallationToken) return null;
-  try {
-    const response = await apiFetch({
-      path: `/api/repo/${ctx.repo.owner}/${ctx.repo.name}/pr/${prNumber}/summary-comment`,
-      method: "GET",
-      headers: { authorization: `Bearer ${ctx.githubInstallationToken}` },
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (!response.ok) return null;
-    const data = await response.json();
-    return typeof data.snapshot === "string" && data.snapshot.length > 0 ? data.snapshot : null;
-  } catch {
-    return null;
-  }
-}
-async function persistLearnings(ctx) {
-  const filePath = ctx.toolState.learningsFilePath;
-  if (!filePath) return;
-  if (ctx.toolState.learningsPersistAttempted) return;
-  ctx.toolState.learningsPersistAttempted = true;
-  const current = await readLearningsFile(filePath);
-  if (current === null) {
-    log.debug(`learnings tmpfile missing or unreadable at ${filePath} \u2014 skipping persist`);
-    return;
-  }
-  const seed = ctx.toolState.learningsSeed?.trim() ?? "";
-  if (current === seed) {
-    log.debug("learnings tmpfile unchanged from seed \u2014 skipping persist");
-    return;
-  }
-  try {
-    const response = await apiFetch({
-      path: `/api/repo/${ctx.repo.owner}/${ctx.repo.name}/learnings`,
-      method: "PATCH",
-      headers: {
-        authorization: `Bearer ${ctx.apiToken}`,
-        "content-type": "application/json"
-      },
-      body: JSON.stringify({
-        learnings: current,
-        model: ctx.toolState.model
-      }),
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (!response.ok) {
-      const error49 = await response.text().catch(() => "(no body)");
-      log.warning(`learnings persist failed (${response.status}): ${error49}`);
-      return;
-    }
-    log.info("\xBB learnings updated");
-  } catch (err) {
-    log.warning(`learnings persist failed: ${err instanceof Error ? err.message : String(err)}`);
-  }
-}
-async function persistSummary(ctx) {
-  const filePath = ctx.toolState.summaryFilePath;
-  if (!filePath) return;
-  if (ctx.toolState.summaryPersistAttempted) return;
-  ctx.toolState.summaryPersistAttempted = true;
-  const snapshot2 = await readSummaryFile(filePath);
-  if (!snapshot2) {
-    log.debug(`pr summary tmpfile missing or invalid at ${filePath} \u2014 skipping persist`);
-    return;
-  }
-  const seed = ctx.toolState.summarySeed?.trim();
-  if (seed !== void 0 && snapshot2 === seed) {
-    log.warning(
-      "\xBB pr summary tmpfile unchanged from seed \u2014 skipping persist (agent did not edit it)"
-    );
-    return;
-  }
-  await patchWorkflowRunFields(ctx, { summarySnapshot: snapshot2 }).catch((err) => {
-    log.debug(`pr summary persist failed: ${err instanceof Error ? err.message : String(err)}`);
-  });
-}
-async function writeJobSummary(toolState, finalOutput) {
-  const usageSummary = formatUsageSummary(toolState.usageEntries);
-  const body = toolState.lastProgressBody || finalOutput;
-  const summaryParts = [body, usageSummary].filter(Boolean);
-  if (summaryParts.length > 0) {
-    await writeSummary(summaryParts.join("\n\n"));
-  }
-}
 async function main() {
   var _stack2 = [];
   try {
     normalizeEnv();
+    const overridesRaw = process.env.UNSAFE_OVERRIDES ?? "";
+    if (overridesRaw.trim()) {
+      const result = applyOverrides({ raw: overridesRaw, env: process.env });
+      if (result.applied.length > 0) {
+        log.info(`\xBB applied ${result.applied.length} env override(s): ${result.applied.join(", ")}`);
+      }
+      if (result.denied.length > 0) {
+        log.warning(
+          `\xBB refused to override ${result.denied.length} protected env var(s): ${result.denied.join(", ")}`
+        );
+      }
+    }
     const usageSummaryPath = process.env.PULLFROG_USAGE_SUMMARY_PATH;
     if (usageSummaryPath) {
       onExitSignal(() => writeGitHubUsageSummaryToFile(usageSummaryPath));
@@ -154568,34 +155133,14 @@ async function main() {
       delete process.env.ACTIONS_ID_TOKEN_REQUEST_URL;
       delete process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN;
     }
-    try {
-      await resolveProxyModel({
-        payload,
-        oss: runContext.oss,
-        plan: runContext.plan,
-        proxyModel: runContext.proxyModel,
-        oidcCredentials,
-        repo: runContext.repo
-      });
-    } catch (error49) {
-      if (error49 instanceof BillingError) {
-        const summary2 = formatBillingErrorSummary(error49, runContext.repo.owner);
-        await writeSummary(summary2).catch(() => {
-        });
-        await reportErrorToComment({ toolState, error: summary2 }).catch(() => {
-        });
-        throw error49;
-      }
-      if (error49 instanceof TransientError) {
-        const summary2 = formatTransientErrorSummary(error49, runContext.repo.owner);
-        await writeSummary(summary2).catch(() => {
-        });
-        await reportErrorToComment({ toolState, error: summary2 }).catch(() => {
-        });
-        throw error49;
-      }
-      throw error49;
-    }
+    await runProxyResolution({
+      payload,
+      oss: runContext.oss,
+      proxyModel: runContext.proxyModel,
+      oidcCredentials,
+      repo: runContext.repo,
+      toolState
+    });
     const octokit = createOctokit(tokenRef.mcpToken);
     const runInfo = await resolveRun({ octokit });
     let toolContext;
@@ -154622,12 +155167,24 @@ async function main() {
         const tmpdir3 = createTempDirectory();
         const gitAuthServer = __using(_stack, await startGitAuthServer(tmpdir3), true);
         setGitAuthServer(gitAuthServer);
-        const resolvedModel = payload.proxyModel ? void 0 : resolveModel({ slug: payload.model });
+        const initialResolvedModel = payload.proxyModel ? void 0 : resolveModel({ slug: payload.model });
+        const fallback = selectFallbackModelIfNeeded({
+          resolvedModel: initialResolvedModel,
+          proxyModel: payload.proxyModel
+        });
+        const effectiveSlug = fallback.fallback ? fallback.to : payload.model;
+        const resolvedModel = fallback.fallback ? fallback.to : initialResolvedModel;
+        if (fallback.fallback) {
+          log.warning(
+            `\xBB fell back from ${fallback.from} to ${fallback.to} \u2014 no BYOK key present in runner env. add a provider key in repo secrets to use ${fallback.from} instead.`
+          );
+          toolState.modelFallback = { from: fallback.from };
+        }
         const agent2 = resolveAgent({ model: resolvedModel });
-        toolState.model = payload.proxyModel ?? resolvedModel ?? payload.model;
+        toolState.model = payload.proxyModel ?? resolvedModel ?? effectiveSlug;
         validateAgentApiKey({
           agent: agent2,
-          model: payload.proxyModel ?? resolvedModel ?? payload.model,
+          model: payload.proxyModel ?? resolvedModel ?? effectiveSlug,
           owner: runContext.repo.owner,
           name: runContext.repo.name
         });
@@ -154710,14 +155267,7 @@ async function main() {
           onExitSignal(() => persistSummary(ctxForExit));
         }
         startInstallation(toolContext);
-        const modelForLog = resolveModelForLog({ payload, resolvedModel });
-        const agentForLog = resolveAgentForLog({ agentName: agent2.name, resolvedModel });
-        const timeoutForLog = resolveTimeoutForLog(payload.timeout);
-        log.info(`\xBB model:   ${modelForLog}`);
-        log.info(`\xBB agent:   ${agentForLog}`);
-        log.info(`\xBB push:    ${payload.push}`);
-        log.info(`\xBB shell:   ${payload.shell}`);
-        log.info(`\xBB timeout: ${timeoutForLog}`);
+        logRunStartup({ payload, resolvedModel, agentName: agent2.name });
         const instructions = resolveInstructions({
           payload,
           repo: runContext.repo,
@@ -154741,7 +155291,7 @@ ${instructions.user}` : null,
           log.info(instructions.full);
         });
         if (agentId === "opencode") {
-          const pluginDir = join17(process.cwd(), ".opencode", "plugin");
+          const pluginDir = join18(process.cwd(), ".opencode", "plugin");
           const hasPlugins = existsSync7(pluginDir) && readdirSync(pluginDir).some((f) => /\.[jt]sx?$/.test(f));
           if (hasPlugins && toolState.dependencyInstallation?.promise) {
             log.info(
@@ -154801,6 +155351,7 @@ ${instructions.user}` : null,
           todoTracker,
           stopScript: runContext.repoSettings.stopScript,
           toolState,
+          apiToken: runContext.apiToken,
           onActivityTimeout: onInnerActivityTimeout,
           onToolUse: (event) => {
             const wasTracked = recordDiffReadFromToolUse({
@@ -154850,42 +155401,7 @@ ${instructions.user}` : null,
             "output_schema was provided but agent did not call set_output \u2014 structured output is required"
           );
         }
-        if (toolContext) {
-          await postReviewCleanup(toolContext).catch((error49) => {
-            log.debug(`post-review cleanup failed: ${error49}`);
-          });
-        }
-        if (toolContext) {
-          await persistSummary(toolContext);
-        }
-        if (toolContext) {
-          await persistLearnings(toolContext);
-        }
-        if (!result.success && toolContext && toolState.progressComment) {
-          const rawError = result.error || "agent run failed";
-          const errorBody = isApiKeyAuthError(rawError) ? formatApiKeyErrorSummary({
-            owner: runContext.repo.owner,
-            name: runContext.repo.name,
-            raw: rawError
-          }) : rawError;
-          await reportErrorToComment({ toolState, error: errorBody }).catch((error49) => {
-            log.debug(`failure error report failed: ${error49}`);
-          });
-        }
-        if (toolContext && result.success && toolState.progressComment && !toolState.finalSummaryWritten) {
-          await deleteProgressComment(toolContext).catch((error49) => {
-            log.debug(`stranded progress comment cleanup failed: ${error49}`);
-          });
-        }
-        try {
-          await writeJobSummary(toolState, result.output);
-        } catch (error49) {
-          log.debug(`job summary write failed: ${error49}`);
-        }
-        if (toolState.output) {
-          log.info(`::pullfrog-output::${Buffer.from(toolState.output).toString("base64")}`);
-          core7.setOutput("result", toolState.output);
-        }
+        await finalizeSuccessRun({ toolContext, toolState, result, repo: runContext.repo });
         return await handleAgentResult({
           result,
           toolState,
@@ -154903,43 +155419,14 @@ ${instructions.user}` : null,
       todoTracker?.cancel();
       killTrackedChildren();
       log.error(errorMessage);
-      const billingError = isRouterKeylimitExhaustedError(errorMessage) ? new BillingError(errorMessage, { code: "router_keylimit_exhausted" }) : null;
-      const isHang = errorMessage.startsWith("activity timeout") || errorMessage.startsWith("agent still pending");
-      const hangBody = isHang ? formatAgentHangBody({ diagnostic: toolState.agentDiagnostic, isHang: true, errorMessage }) : null;
-      const apiKeySource = hangBody ?? errorMessage;
-      const apiKeyErrorSummary = !billingError && isApiKeyAuthError(apiKeySource) ? formatApiKeyErrorSummary({
-        owner: runContext.repo.owner,
-        name: runContext.repo.name,
-        raw: apiKeySource
-      }) : null;
-      try {
-        const errorSummary = billingError ? formatBillingErrorSummary(billingError, runContext.repo.owner) : apiKeyErrorSummary ?? (hangBody ? `### \u274C Pullfrog failed
-
-${hangBody}` : `### \u274C Pullfrog failed
-
-\`\`\`
-${errorMessage}
-\`\`\``);
-        const usageSummary = formatUsageSummary(toolState.usageEntries);
-        const parts = [errorSummary, toolState.lastProgressBody, usageSummary].filter(Boolean);
-        await writeSummary(parts.join("\n\n"));
-      } catch {
-      }
-      try {
-        const commentBody = billingError ? formatBillingErrorSummary(billingError, runContext.repo.owner) : apiKeyErrorSummary ?? hangBody ?? errorMessage;
-        await reportErrorToComment({ toolState, error: commentBody });
-      } catch {
-      }
-      if (toolContext) {
-        await postReviewCleanup(toolContext).catch((error50) => {
-          log.debug(`post-review cleanup failed: ${error50}`);
-        });
-      }
-      if (toolContext) {
-        await persistSummary(toolContext);
-      }
+      const rendered = renderRunError({
+        errorMessage,
+        repo: runContext.repo,
+        agentDiagnostic: toolState.agentDiagnostic
+      });
+      await writeRunErrorOutputs({ rendered, toolState });
       if (toolContext) {
-        await persistLearnings(toolContext);
+        await persistRunArtifacts(toolContext);
       }
       return {
         success: false,