typeclaw 0.24.0 → 0.26.0

package/src/channels/router.ts

@@ -4,6 +4,7 @@ import type { AssistantMessage } from '@mariozechner/pi-ai'
 import { SessionManager } from '@mariozechner/pi-coding-agent'
 
 import { createSession, renderTurnRoleAnchor, renderTurnTimeAnchor, type AgentSession } from '@/agent'
+import { forgetSharedLoopGuardTool } from '@/agent/plugin-tools'
 import { subscribeProviderErrors } from '@/agent/provider-error'
 import type { RestartHandoff } from '@/agent/restart-handoff'
 import type { ChannelParticipant, SessionOrigin } from '@/agent/session-origin'
@@ -15,6 +16,7 @@ import {
   recordTurnStart,
   runIdleContinuation,
 } from '@/agent/todo/continuation-wiring'
+import { SUBAGENT_OUTPUT_TOOL_NAME } from '@/agent/tools/subagent-output'
 import { type Command, type CommandPermission, type CommandResult, createCommandRegistry } from '@/commands'
 import { CORE_PERMISSIONS, type PermissionService } from '@/permissions'
 import type { HookBus } from '@/plugin'
@@ -669,6 +671,7 @@ export type ChannelRouter = {
     ok: boolean
     durationMs: number
     error?: string
+    channelKey?: { adapter: string; workspace: string; chat: string; thread: string | null }
   }) => { kind: 'delivered'; keyId: string } | { kind: 'no-live-session' }
   // Record that the agent invoked `skip_response` during the current turn
   // for the channel session identified by `parentSessionId`. The reason is
@@ -3219,6 +3222,49 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
     return { kind: 'unknown-command', name: lowered }
   }
 
+  const deliverCompletionReminder = (
+    live: LiveSession,
+    args: {
+      parentSessionId: string
+      subagent: string
+      taskId: string
+      ok: boolean
+      durationMs: number
+      error?: string
+    },
+  ): { kind: 'delivered'; keyId: string } => {
+    const adapter = live.keyId.split(':', 1)[0] ?? ''
+    const text = renderSubagentCompletionReminder({
+      subagent: args.subagent,
+      taskId: args.taskId,
+      ok: args.ok,
+      durationMs: args.durationMs,
+      ...(args.error !== undefined ? { error: args.error } : {}),
+      channel: true,
+      adapter,
+    })
+    live.pendingSystemReminders.push(text)
+    // The reminder tells the agent to fetch this result now; clear the
+    // subagent_output window so an earlier premature-polling streak can't
+    // hard-block that legitimate fetch.
+    forgetSharedLoopGuardTool(live.sessionId, SUBAGENT_OUTPUT_TOOL_NAME)
+    logger.info(`[channels] ${live.keyId}: subagent-completion reminder queued task=${args.taskId} ok=${args.ok}`)
+    // Wake the drain loop. If a turn is already in flight, the wakeup is
+    // a no-op because drain() will pick up the reminder on its next
+    // iteration (it now gates on promptQueue OR pendingSystemReminders).
+    // If the session is idle, fire drain() immediately rather than going
+    // through the debounce path — the reminder is not a user inbound,
+    // so the "coalesce nearby inbounds" rationale for debouncing does
+    // not apply. Mirrors the TUI path's `idle ? 'interrupt' : 'queue'`
+    // semantics: the channel router doesn't have a `delivery: interrupt`
+    // mechanism (no in-flight abort during a turn), but firing drain()
+    // immediately is the equivalent for an idle session.
+    if (!live.draining) {
+      void drain(live)
+    }
+    return { kind: 'delivered', keyId: live.keyId }
+  }
+
   const injectSubagentCompletionReminder = (args: {
     parentSessionId: string
     subagent: string
@@ -3226,34 +3272,28 @@ export function createChannelRouter(options: CreateChannelRouterOptions): Channe
     ok: boolean
     durationMs: number
     error?: string
+    channelKey?: { adapter: string; workspace: string; chat: string; thread: string | null }
   }): { kind: 'delivered'; keyId: string } | { kind: 'no-live-session' } => {
     for (const live of liveSessions.values()) {
       if (live.destroyed) continue
       if (live.sessionId !== args.parentSessionId) continue
-      const text = renderSubagentCompletionReminder({
-        subagent: args.subagent,
-        taskId: args.taskId,
-        ok: args.ok,
-        durationMs: args.durationMs,
-        ...(args.error !== undefined ? { error: args.error } : {}),
-        channel: true,
-      })
-      live.pendingSystemReminders.push(text)
-      logger.info(`[channels] ${live.keyId}: subagent-completion reminder queued task=${args.taskId} ok=${args.ok}`)
-      // Wake the drain loop. If a turn is already in flight, the wakeup is
-      // a no-op because drain() will pick up the reminder on its next
-      // iteration (it now gates on promptQueue OR pendingSystemReminders).
-      // If the session is idle, fire drain() immediately rather than going
-      // through the debounce path — the reminder is not a user inbound,
-      // so the "coalesce nearby inbounds" rationale for debouncing does
-      // not apply. Mirrors the TUI path's `idle ? 'interrupt' : 'queue'`
-      // semantics: the channel router doesn't have a `delivery: interrupt`
-      // mechanism (no in-flight abort during a turn), but firing drain()
-      // immediately is the equivalent for an idle session.
-      if (!live.draining) {
-        void drain(live)
+      return deliverCompletionReminder(live, args)
+    }
+    // The exact parent session is gone. If the subagent was spawned from a
+    // channel session, the conversation may have rolled over
+    // (SESSION_FRESHNESS_TTL_MS) or been idle-evicted onto a fresh sessionId
+    // for the same channel key while the subagent ran. Fall back to the live
+    // successor for that key so a finished review/result still surfaces
+    // instead of being silently dropped.
+    if (args.channelKey !== undefined) {
+      const targetKeyId = channelKeyId(args.channelKey)
+      const successor = liveSessions.get(targetKeyId)
+      if (successor !== undefined && !successor.destroyed) {
+        logger.info(
+          `[channels] ${targetKeyId}: subagent-completion reminder rerouted to live successor (parent ${args.parentSessionId} gone) task=${args.taskId}`,
+        )
+        return deliverCompletionReminder(successor, args)
       }
-      return { kind: 'delivered', keyId: live.keyId }
     }
     return { kind: 'no-live-session' }
   }

package/src/channels/schema.ts

@@ -125,18 +125,60 @@ export const DEFAULT_GITHUB_EVENT_ALLOWLIST = [
   'discussion_comment.created',
   'issues.opened',
   'pull_request.opened',
+  'pull_request.ready_for_review',
   'pull_request.review_requested',
   'pull_request.review_request_removed',
   'discussion.created',
   'pull_request_review.submitted',
 ] as const
 
+// Prior values of DEFAULT_GITHUB_EVENT_ALLOWLIST that shipped in releases and
+// were seeded verbatim into typeclaw.json. Kept as historical record so the
+// migration can recognize and unfreeze configs created by those versions.
+// NEVER edit these in place — they are snapshots of what was on disk.
+//   - v1: 7-event default, shipped 0.5.1–0.10.0 (commit fe4f3a8)
+const GITHUB_EVENT_ALLOWLIST_V1 = [
+  'issue_comment.created',
+  'pull_request_review_comment.created',
+  'discussion_comment.created',
+  'issues.opened',
+  'pull_request.opened',
+  'discussion.created',
+  'pull_request_review.submitted',
+] as const
+//   - v2: added review_requested + review_request_removed, shipped 0.11.0+ (commit 4f365ce)
+const GITHUB_EVENT_ALLOWLIST_V2 = [
+  'issue_comment.created',
+  'pull_request_review_comment.created',
+  'discussion_comment.created',
+  'issues.opened',
+  'pull_request.opened',
+  'pull_request.review_requested',
+  'pull_request.review_request_removed',
+  'discussion.created',
+  'pull_request_review.submitted',
+] as const
+
+// Every event-allowlist that `channel add` / `init` has ever seeded verbatim
+// into typeclaw.json, oldest first, current default last. The legacy-shape
+// migration uses this to tell a seeded default (safe to strip so the config
+// re-tracks the shipped default) from a user's deliberate customization (must
+// be preserved). Append the prior array here — never edit in place — whenever
+// DEFAULT_GITHUB_EVENT_ALLOWLIST changes, or configs from the old version stay
+// frozen and the migration starts eating user edits.
+export const SEEDED_GITHUB_EVENT_ALLOWLISTS: readonly (readonly string[])[] = [
+  GITHUB_EVENT_ALLOWLIST_V1,
+  GITHUB_EVENT_ALLOWLIST_V2,
+  DEFAULT_GITHUB_EVENT_ALLOWLIST,
+]
+
 // Which pull_request webhook action triggers an agent code review. The two
 // event values are GitHub's bare PR action names (the `pull_request.` event
 // prefix is implied by this field living under the review config); `off` is the
 // disable sentinel, matching the `engagement.stickiness: 'off'` convention:
 //   - 'review_requested' — review only when the bot is requested (default)
-//   - 'opened'           — review every PR as soon as it opens
+//   - 'opened'           — review every non-draft PR as soon as it opens; draft
+//                          PRs are skipped until an explicit review_requested
 //   - 'off'              — disable code review entirely
 export const GITHUB_REVIEW_ON_VALUES = ['review_requested', 'opened', 'off'] as const
 

package/src/channels/subagent-completion-bridge.ts

@@ -47,27 +47,23 @@ const consoleLogger: SubagentCompletionBridgeLogger = {
 // `LiveSession`, so the lookup is O(N) over live sessions with N small
 // (one per active conversation).
 //
-// On `no-live-session`, we silently drop. Three observable paths reach
-// this branch in production:
+// On `no-live-session`, we drop the reminder. When the parent was a
+// channel session, the broadcast now carries the channel-key coordinate
+// `{ adapter, workspace, chat, thread }`, and the router first tries to
+// reroute to the live successor session for that key — covering the two
+// common drop paths where the exact sessionId is gone but the
+// conversation lives on:
 //
 //   - The parent session was GC'd by the idle-eviction tick
 //     (SESSION_IDLE_MS) while the subagent was running.
 //   - The parent session rolled over (SESSION_FRESHNESS_TTL_MS) when a
-//     new inbound arrived during a long-running subagent — the channel
-//     conversation continues on the new sessionId, but the broadcast
-//     still carries the old one.
-//   - The parent was a TUI session (the TUI bridge in
-//     src/server/index.ts handles it).
+//     new inbound arrived during a long-running subagent.
 //
-// The right fix for the first two paths is for the broadcast to carry
-// the channel-key coordinate `{ adapter, workspace, chat, thread }` so
-// the bridge can fall back to "any live session for the same channel
-// key" when the exact sessionId no longer matches. That requires
-// extending the broadcast payload (consumed by TUI and channel paths)
-// and gating spawn_subagent to capture the origin coordinates — both
-// non-trivial. Deferred until we see this drop pattern in production
-// logs; the info log line below makes the case diagnosable from logs
-// alone.
+// A reminder still reaching this branch means there is no live session
+// for the key at all (the whole conversation went idle), or the parent
+// was a TUI session (handled by the TUI bridge in src/server/index.ts).
+// Logged at warn with the channel key so an undelivered completion is
+// diagnosable from logs alone.
 export function createSubagentCompletionBridge(options: SubagentCompletionBridgeOptions): SubagentCompletionBridge {
   const logger = options.logger ?? consoleLogger
   const unsubscribe = options.stream.subscribe({ target: { kind: 'broadcast' } }, (msg) => {
@@ -75,8 +71,12 @@ export function createSubagentCompletionBridge(options: SubagentCompletionBridge
     if (parsed === null) return
     const result = options.router.injectSubagentCompletionReminder(parsed)
     if (result.kind === 'no-live-session') {
-      logger.info(
-        `[channels] subagent-completion reminder dropped: no live session for parentSessionId=${parsed.parentSessionId} task=${parsed.taskId}`,
+      const keyInfo =
+        parsed.channelKey !== undefined
+          ? ` channelKey=${parsed.channelKey.adapter}:${parsed.channelKey.workspace}:${parsed.channelKey.chat}:${parsed.channelKey.thread ?? ''}`
+          : ''
+      logger.warn(
+        `[channels] subagent-completion reminder dropped: no live session for parentSessionId=${parsed.parentSessionId} task=${parsed.taskId}${keyInfo}`,
       )
     }
   })

package/src/channels/types.ts

@@ -382,6 +382,6 @@ export type ReviewThreadResolveResult =
 // support review threads never register one; the router answers `unsupported`.
 export type ReviewThreadResolver = (req: ReviewThreadResolveRequest) => Promise<ReviewThreadResolveResult>
 
-export function channelKeyId(key: ChannelKey): string {
+export function channelKeyId(key: { adapter: string; workspace: string; chat: string; thread: string | null }): string {
   return `${key.adapter}:${key.workspace}:${key.chat}:${key.thread ?? ''}`
 }

package/src/cli/inspect-controller.ts

@@ -1,11 +1,17 @@
-// Pure controller for the inspect CLI's esc/ctrl-c key dispatch.
-// Owns the AbortController lifecycle and the bare-ESC debounce timer,
-// independent of process.stdin / TTY raw mode (which is wired in src/cli/inspect.ts).
-// Extracted for testability: the lifecycle bug we want to pin is "armForStream's
-// signal must remain valid across pause()/resume() cycles" — verifying that without
-// a real TTY requires this seam.
+// Pure controller for the inspect CLI's esc/ctrl-c/quit key dispatch.
+// Owns the AbortController lifecycle and a VT-input parser, independent of
+// process.stdin / TTY raw mode (which is wired in src/cli/inspect.ts).
+//
+// Input is parsed byte-by-byte through a small escape-sequence state machine so
+// that arrow keys and other CSI/SS3 sequences can never be mistaken for a bare
+// ESC — regardless of how the bytes are split across 'data' events. The old
+// implementation used a 50ms wall-clock debounce to tell "ESC" from "ESC ["; on
+// a laggy SSH link the inter-byte gap of a single arrow key routinely exceeds
+// 50ms, so the leading ESC fired 'back' mid-keystroke and bounced the user out
+// of the viewer. The parser below makes CSI/SS3 always win, with a much longer
+// idle fallback used ONLY to resolve a genuinely-trailing bare ESC.
 
-export type EscChunkResult = { sigint: boolean }
+export type EscChunkResult = { sigint: boolean; quit: boolean }
 
 export type EscController = {
   armForStream: () => AbortSignal
@@ -14,17 +20,58 @@ export type EscController = {
   dispose: () => void
 }
 
+const ESC = 0x1b
+const CSI_INTRODUCER = 0x5b
+const SS3_INTRODUCER = 0x4f
+const CTRL_C = 0x03
 const QUIT_KEY = 0x71
 
+type ParseState = 'idle' | 'sawEsc' | 'csi' | 'ss3'
+
+// A CSI sequence ends at a final byte in 0x40..0x7e (e.g. arrow keys 'A'..'D',
+// '~' for nav keys, 'M'/'m' for mouse). Parameter/intermediate bytes (0x20..0x3f)
+// are consumed without ending it.
+function isCsiFinal(byte: number): boolean {
+  return byte >= 0x40 && byte <= 0x7e
+}
+
+// C0 controls (0x00..0x1f plus DEL 0x7f) are not legal sequence-body bytes.
+function isC0Control(byte: number): boolean {
+  return byte <= 0x1f || byte === 0x7f
+}
+
 export function createEscController({ debounceMs }: { debounceMs: number }): EscController {
   let currentCtrl: AbortController | null = null
+  let state: ParseState = 'idle'
   let pendingEsc: ReturnType<typeof setTimeout> | null = null
+  // A trailing ESC with no following byte cannot be proven "bare" without
+  // waiting. Use a generous idle window (>= debounceMs) so SSH-fragmented
+  // sequences whose continuation is still in flight are never misread.
+  const bareEscIdleMs = Math.max(debounceMs, 500)
 
   const clearPending = (): void => {
     if (pendingEsc !== null) {
       clearTimeout(pendingEsc)
       pendingEsc = null
     }
+    state = 'idle'
+  }
+
+  const scheduleBareEsc = (): void => {
+    if (pendingEsc !== null) clearTimeout(pendingEsc)
+    const ctrl = currentCtrl
+    pendingEsc = setTimeout(() => {
+      pendingEsc = null
+      state = 'idle'
+      ctrl?.abort()
+    }, bareEscIdleMs)
+  }
+
+  const cancelPendingTimer = (): void => {
+    if (pendingEsc !== null) {
+      clearTimeout(pendingEsc)
+      pendingEsc = null
+    }
   }
 
   return {
@@ -34,34 +81,81 @@ export function createEscController({ debounceMs }: { debounceMs: number }): Esc
       return currentCtrl.signal
     },
     onChunk: (chunk) => {
-      if (chunk.length === 0) return { sigint: false }
-      if (chunk[0] === 0x03) {
-        // Ctrl-C in raw mode arrives as a byte (terminal driver does not generate
-        // SIGINT). Surface to the caller so it can re-issue SIGINT via the OS;
-        // we deliberately keep the AbortController lifecycle separate from SIGINT.
-        return { sigint: true }
+      let sigint = false
+      let quit = false
+      for (const byte of chunk) {
+        switch (state) {
+          case 'idle':
+            if (byte === ESC) {
+              state = 'sawEsc'
+              scheduleBareEsc()
+            } else if (byte === CTRL_C) {
+              sigint = true
+            } else if (byte === QUIT_KEY) {
+              quit = true
+            }
+            break
+          case 'sawEsc':
+            if (byte === CSI_INTRODUCER) {
+              cancelPendingTimer()
+              state = 'csi'
+            } else if (byte === SS3_INTRODUCER) {
+              cancelPendingTimer()
+              state = 'ss3'
+            } else if (byte === CTRL_C || byte === QUIT_KEY) {
+              // ESC then an exit key: exit must win over the pending bare-ESC
+              // 'back'. Drop the pending ESC WITHOUT aborting (abort would settle
+              // 'back' synchronously and pre-empt the exit), and surface the key.
+              cancelPendingTimer()
+              state = 'idle'
+              if (byte === CTRL_C) sigint = true
+              else quit = true
+            } else if (byte === ESC) {
+              // The first ESC was bare; abort now and keep this ESC pending.
+              cancelPendingTimer()
+              currentCtrl?.abort()
+              state = 'sawEsc'
+              scheduleBareEsc()
+            } else {
+              // ESC + an ordinary byte: the ESC was bare. Abort to 'back' and
+              // drop the trailing byte (e.g. Alt+key is treated as a bare ESC).
+              cancelPendingTimer()
+              currentCtrl?.abort()
+              state = 'idle'
+            }
+            break
+          case 'csi':
+          case 'ss3':
+            // A C0 control byte is never a legal part of a CSI/SS3 body. A
+            // truncated or malformed sequence (e.g. dropped final byte over a
+            // lossy SSH link) must not strand the parser swallowing the user's
+            // exit keys. ESC resynchronizes to a new sequence; Ctrl-C surfaces
+            // immediately; any other C0 control just abandons the sequence.
+            if (byte === ESC) {
+              state = 'sawEsc'
+              scheduleBareEsc()
+            } else if (byte === CTRL_C) {
+              cancelPendingTimer()
+              state = 'idle'
+              sigint = true
+            } else if (isC0Control(byte)) {
+              cancelPendingTimer()
+              state = 'idle'
+            } else if (state === 'csi') {
+              if (isCsiFinal(byte)) state = 'idle'
+            } else {
+              // SS3 carries exactly one final byte (e.g. application-mode arrows).
+              state = 'idle'
+            }
+            break
+        }
       }
-      if (chunk.length === 1 && chunk[0] === 0x1b) {
-        // Bare ESC: schedule the abort. A follow-up byte within debounceMs (CSI
-        // sequences from arrow keys, mouse, paste) cancels the pending fire.
-        // Snapshot currentCtrl so a late-firing timer can't abort a controller
-        // created by a subsequent armForStream() call.
-        clearPending()
-        const ctrl = currentCtrl
-        pendingEsc = setTimeout(() => {
-          pendingEsc = null
-          ctrl?.abort()
-        }, debounceMs)
-        return { sigint: false }
-      }
-      // Any other byte arriving within the ESC window is the second byte of a CSI
-      // sequence; cancel the pending abort.
-      clearPending()
-      return { sigint: false }
+      return { sigint, quit }
     },
     clearPending,
     dispose: () => {
-      clearPending()
+      cancelPendingTimer()
+      state = 'idle'
       currentCtrl = null
     },
   }
@@ -113,13 +207,11 @@ export function createTailScope(opts: { debounceMs: number; input?: RawInput; pr
 
   const onData = (chunk: Buffer): void => {
     if (esc === null) return
-    if (chunk[0] === QUIT_KEY) {
-      // q mirrors dreams' quit key and is symmetric with Ctrl-C in live tail.
-      settle('exit')
-      return
-    }
-    const { sigint } = esc.onChunk(chunk)
-    if (sigint) settle('exit')
+    // Route every byte through the parser so arrow keys (CSI/SS3) are consumed
+    // as no-ops and q/ctrl-c are detected even when batched with other bytes.
+    // q mirrors dreams' quit key and is symmetric with Ctrl-C in live tail.
+    const { sigint, quit } = esc.onChunk(chunk)
+    if (sigint || quit) settle('exit')
   }
 
   const dispose = (): void => {

package/src/config/config.ts

@@ -5,7 +5,7 @@ import { isAbsolute, join, resolve } from 'node:path'
 import type { Model } from '@mariozechner/pi-ai'
 import { z } from 'zod'
 
-import { channelsSchema } from '@/channels/schema'
+import { channelsSchema, SEEDED_GITHUB_EVENT_ALLOWLISTS } from '@/channels/schema'
 import { commitSystemFileSync } from '@/git/system-commit'
 import { rolesConfigSchema } from '@/permissions/schema'
 import { secretFieldSchema } from '@/secrets/resolve'
@@ -810,6 +810,7 @@ export type MigrationStep =
   | { kind: 'strip-permissions-gate-channel-respond' }
   | { kind: 'model-to-models'; ref: string }
   | { kind: 'drop-stale-model'; ref: string }
+  | { kind: 'drop-github-seeded-event-allowlist' }
 
 export type MigrationResult = { json: unknown; changed: boolean; applied: MigrationStep[] }
 
@@ -830,13 +831,15 @@ export function migrateLegacyConfigShape(json: unknown): MigrationResult {
   // silently — same precedence rule as the dockerfile/gitignore migrations.
   const hasLegacyModel = 'model' in obj && !('models' in obj) && typeof obj.model === 'string'
   const hasStaleModelAlongsideModels = 'model' in obj && 'models' in obj
+  const hasSeededGithubEventAllowlist = isSeededGithubEventAllowlist(obj)
   if (
     !hasLegacyDockerfile &&
     !hasLegacyGitignore &&
     !channelsAllowMigration.found &&
     !hasLegacyGateChannelRespond &&
     !hasLegacyModel &&
-    !hasStaleModelAlongsideModels
+    !hasStaleModelAlongsideModels &&
+    !hasSeededGithubEventAllowlist
   ) {
     return { json, changed: false, applied: [] }
   }
@@ -897,9 +900,43 @@ export function migrateLegacyConfigShape(json: unknown): MigrationResult {
     delete next.model
     applied.push({ kind: 'drop-stale-model', ref })
   }
+  if (hasSeededGithubEventAllowlist) {
+    dropSeededGithubEventAllowlist(next)
+    applied.push({ kind: 'drop-github-seeded-event-allowlist' })
+  }
   return { json: next, changed: true, applied }
 }
 
+// True when channels.github.eventAllowlist deep-equals an allowlist that
+// `channel add` / `init` has previously seeded verbatim. Such a value is
+// indistinguishable from "the default at that time", so stripping it lets the
+// config re-track the shipped default. A user who hand-edited to any other set
+// (added/removed/reordered an event) fails this check and is preserved.
+function isSeededGithubEventAllowlist(obj: Record<string, unknown>): boolean {
+  const github = isPlainObject(obj.channels) ? obj.channels.github : undefined
+  if (!isPlainObject(github)) return false
+  const list = github.eventAllowlist
+  if (!Array.isArray(list)) return false
+  return SEEDED_GITHUB_EVENT_ALLOWLISTS.some((seeded) => arraysEqual(list, seeded))
+}
+
+function dropSeededGithubEventAllowlist(next: Record<string, unknown>): void {
+  const channels = next.channels
+  if (!isPlainObject(channels)) return
+  const github = channels.github
+  if (!isPlainObject(github)) return
+  const { eventAllowlist: _dropped, ...rest } = github
+  next.channels = { ...channels, github: rest }
+}
+
+function arraysEqual(a: readonly unknown[], b: readonly unknown[]): boolean {
+  if (a.length !== b.length) return false
+  for (let i = 0; i < a.length; i++) {
+    if (a[i] !== b[i]) return false
+  }
+  return true
+}
+
 // Builds a meaningful one-line git commit subject for a typeclaw.json
 // migration. Single-step migrations get a specific subject; multi-step ones
 // fall back to a stable summary subject with the count. The body (after the
@@ -949,6 +986,8 @@ function shortStepLabel(step: MigrationStep): string {
       return 'lift model → models.default'
     case 'drop-stale-model':
       return 'drop stale legacy model alongside models'
+    case 'drop-github-seeded-event-allowlist':
+      return 'drop seeded channels.github.eventAllowlist'
   }
 }
 
@@ -972,6 +1011,8 @@ function describeStep(step: MigrationStep): string {
       return step.ref !== ''
         ? `drop stale top-level model (${step.ref}) — models block takes precedence`
         : 'drop stale top-level model — models block takes precedence'
+    case 'drop-github-seeded-event-allowlist':
+      return 'drop seeded channels.github.eventAllowlist so it re-tracks the shipped default'
   }
 }
 

package/src/container/start.ts

@@ -4,6 +4,7 @@ import { readFile, writeFile } from 'node:fs/promises'
 import { isAbsolute, join, resolve } from 'node:path'
 
 import { expandMountPath, loadConfigSync, type Config } from '@/config'
+import { commitGitignoreWithUntracks, untrackTrulyIgnoredFiles } from '@/git/reconcile-ignored'
 import { commitSystemFile as commitSystemFileShared } from '@/git/system-commit'
 import { send as sendToDaemon } from '@/hostd/client'
 import type { HttpInfoResult } from '@/hostd/protocol'
@@ -188,7 +189,12 @@ export async function start({
     // trigger the migration commit if the file was legacy.
     await refreshGitignore(cwd)
     const pkgRefresh = await refreshPackageJson(cwd)
-    await commitSystemFile(cwd, GITIGNORE_FILE, 'Update .gitignore')
+    const { untracked } = await untrackTrulyIgnoredFiles(cwd, (await loadTypeclawConfig(cwd)).git.ignore.append)
+    if (untracked.length > 0) {
+      await commitGitignoreWithUntracks(cwd, GITIGNORE_FILE, untracked, 'Untrack newly-ignored files')
+    } else {
+      await commitSystemFile(cwd, GITIGNORE_FILE, 'Update .gitignore')
+    }
     if (pkgRefresh.changed) {
       await commitSystemFile(cwd, pkgRefresh.files, 'Enable bun workspaces (packages/*)')
     }

package/src/git/mutex.ts

@@ -0,0 +1,22 @@
+const chains = new Map<string, Promise<void>>()
+
+export async function withGitLock<T>(key: string, fn: () => Promise<T>): Promise<T> {
+  const previous = chains.get(key) ?? Promise.resolve()
+  let release!: () => void
+  const current = new Promise<void>((resolve) => {
+    release = resolve
+  })
+  const next = previous.then(
+    () => current,
+    () => current,
+  )
+  chains.set(key, next)
+
+  await previous.catch(() => undefined)
+  try {
+    return await fn()
+  } finally {
+    release()
+    if (chains.get(key) === next) chains.delete(key)
+  }
+}