zidane 5.5.4 → 5.6.0

package/dist/tui.js

@@ -1,10 +1,10 @@
-import { $ as useMcpAuthDispatch, $n as tryOpenBrowser, A as getSafelist, At as resolveChipColor, B as supportsOAuth, Br as accentColor, Bt as useDiscoveryOptional, Cn as mergeApprovalAndBodyOutcomes, Ct as SETTINGS_CHOICES, D as useSafeModeQueue, Dn as stripEditOutcomesAnnotation, Dr as getContextWindow, Dt as useSettings, E as useSafeModeActions, En as rewriteMultiEditHeader, Et as clampFps, F as suggestSafelistEntry, Fn as matchesBinding, H as filterModelCatalog, Hn as uniqueSkillNamesFromReferences, Ht as useConfig, Jt as isEditErrorResult, K as discoverProjectMcps, Kr as TODO_STATUS_GLYPHS, Kt as deriveSessionTitle, L as splitPromptSegments, Lt as createDiscoverySlot, Nn as ensureKeybindingsFile, Nr as piIdOf, On as summarizeOutcomes, Q as McpAuthProvider, Qn as buildLinearRamp, Qt as listSessionMeta, R as formatPathForCwd, Rt as DiscoveryProvider, St as DEFAULT_SETTINGS, T as SafeModeProvider, Tn as resolveApprovalForPayload, Tt as SettingsProvider, U as indexOfEntry, Ut as resolveConfig, V as buildModelCatalog, Vn as createSkillsCompletionProvider, Vt as ConfigProvider, W as buildMcpServers, Wn as createFilesCompletionProvider, Wt as EDIT_TOOL_NAMES, Xn as useCompletion, Xt as isVisible, Y as createFileMcpCredentialStore, Yt as isTurnHighlighted, Zn as blendHsl, Zt as lastContextSizeFromTurns, _ as turnContextSize, _n as previewEditPayload, _t as truncateTrailing, a as computeTurnAnchors, at as InteractionsProvider, b as defaultSkillScanPaths, bt as listProjectFiles, c as formatToolCall, cn as turnSelectionOwnership, ct as createInteractionTools, d as useSelectStyle, dn as buildContextualDiff, dt as pendingInteractionsFromTurns, en as marginTopFor, et as useMcpAuthState, f as useSurfaces, fn as buildUnifiedDiff, fr as shouldAutoCompact, g as finalizeStreamingMarkdownForOwner, gn as filetypeFromPath, gt as hintsLength, h as finalizeStreamingMarkdown, hn as extractEditPayload, ht as clipHintsToWidth, i as turnAsText, in as sumRunCosts, j as isOnSafelist, jt as resolveTheme, k as addToSafelist, kn as findGitRoot, kr as modelSupportsReasoning, l as ThemeProvider, ln as updateToolEventOutcomes, m as useTheme, mi as buildPlanSystem, mt as useInteractionsQueue, n as deleteTurnSafely, ni as useActiveTodos, nn as selectableTurnIds, nr as buildUpdateHint, o as TOOL_DISPLAY, on as toolCallPreview, pi as buildBuildSystem, pr as detectAuth, pt as useInteractionsActions, qt as eventsFromTurns, r as truncateTurnsAt, rn as stripSpawnTokensLine, rr as useUpdateCheck, rt as splitMarkdownCodeBlocks, s as displayNameFor, sn as toolResultText, st as buildResumedToolResultsTurn, tr as bootTick, tt as getMcpAuthStatus, u as useColors, ut as makeRequestInteraction, v as useStreamBuffer, w as writeSessionExport, wn as parseEditOutcomesFromResult, wt as SETTINGS_TOGGLES, x as discoverProjectSkills, xn as buildEditOutcomesAnnotation, xt as useEnabledToggleSet, y as buildSkillsConfig, yn as summarizeEditPayload, yr as setProviderCredential, yt as generateSessionTitle, z as runOAuthLogin, zt as useDiscovery } from "./turn-operations-CGf7wWF0.js";
-import { A as resolvePersistDir, B as formatTaskStatus, H as previewLine, I as ageString, L as compactPath, O as cleanupPersistedSession, R as fmtTokens, U as shortId, V as formatTaskSummary, j as resolveTasksDir, p as createAgent, z as formatDuration } from "./tools-Bbd0Ivwn.js";
-import { s as errorMessage } from "./errors-C5VSakmT.js";
-import { s as McpOAuthProvider, t as connectMcpServers } from "./mcp-BE43Viwi.js";
-import { C as summaryToTurn, a as selectFilesFromSession, r as buildPostCompactAttachments, s as compactConversation, t as loginMcpServer } from "./login-B_kfoGMP.js";
+import { $n as blendHsl, $t as lastContextSizeFromTurns, A as getSafelist, An as summarizeOutcomes, Ar as getContextWindow, B as oauthUsesManualCodePaste, Bt as DiscoveryProvider, Cn as buildEditOutcomesAnnotation, Ct as useEnabledToggleSet, D as useSafeModeQueue, Dn as resolveApprovalForPayload, Dt as SettingsProvider, E as useSafeModeActions, En as parseEditOutcomesFromResult, Et as SETTINGS_TOGGLES, F as suggestSafelistEntry, Fn as ensureKeybindingsFile, G as indexOfEntry, Gt as resolveConfig, H as supportsOAuth, Ht as useDiscoveryOptional, Ir as piIdOf, J as discoverProjectMcps, Jt as deriveSessionTitle, K as buildMcpServers, Kn as createFilesCompletionProvider, Kt as EDIT_TOOL_NAMES, L as splitPromptSegments, Ln as matchesBinding, Mr as modelSupportsReasoning, Mt as resolveChipColor, Nt as resolveTheme, On as rewriteMultiEditHeader, Ot as clampFps, Qn as useCompletion, Qt as isVisible, R as formatPathForCwd, Sr as setProviderCredential, St as listProjectFiles, T as SafeModeProvider, Tn as mergeApprovalAndBodyOutcomes, Tt as SETTINGS_CHOICES, U as buildModelCatalog, Un as createSkillsCompletionProvider, Ur as accentColor, Ut as ConfigProvider, V as runOAuthLogin, Vt as useDiscovery, W as filterModelCatalog, Wn as uniqueSkillNamesFromReferences, Wt as useConfig, Xt as isEditErrorResult, Yr as TODO_STATUS_GLYPHS, Yt as eventsFromTurns, Z as createFileMcpCredentialStore, Zt as isTurnHighlighted, _ as turnContextSize, _i as buildPlanSystem, _n as extractEditPayload, _t as clipHintsToWidth, a as computeTurnAnchors, ai as useActiveTodos, an as stripSpawnTokensLine, ar as useUpdateCheck, at as splitMarkdownCodeBlocks, b as defaultSkillScanPaths, c as formatToolCall, cn as toolCallPreview, d as useSelectStyle, dn as updateToolEventOutcomes, en as listSessionMeta, er as buildLinearRamp, et as McpAuthProvider, f as useSurfaces, ft as makeRequestInteraction, g as finalizeStreamingMarkdownForOwner, gi as buildBuildSystem, gr as detectAuth, gt as useInteractionsQueue, h as finalizeStreamingMarkdown, hr as shouldAutoCompact, ht as useInteractionsActions, i as turnAsText, in as selectableTurnIds, ir as buildUpdateHint, j as isOnSafelist, jn as findGitRoot, k as addToSafelist, kn as stripEditOutcomesAnnotation, kt as useSettings, l as ThemeProvider, ln as toolResultText, lt as buildResumedToolResultsTurn, m as useTheme, mn as buildUnifiedDiff, mr as AUTO_COMPACT_MIN_GROWTH_FRACTION, n as deleteTurnSafely, nn as marginTopFor, nt as useMcpAuthState, o as TOOL_DISPLAY, on as sumRunCosts, pn as buildContextualDiff, pt as pendingInteractionsFromTurns, r as truncateTurnsAt, rr as bootTick, rt as getMcpAuthStatus, s as displayNameFor, st as InteractionsProvider, tr as tryOpenBrowser, tt as useMcpAuthDispatch, u as useColors, un as turnSelectionOwnership, ut as createInteractionTools, v as useStreamBuffer, vn as filetypeFromPath, vt as hintsLength, w as writeSessionExport, wt as DEFAULT_SETTINGS, x as discoverProjectSkills, xn as summarizeEditPayload, xt as generateSessionTitle, y as buildSkillsConfig, yn as previewEditPayload, yt as truncateTrailing, z as fetchOAuthRedirect, zt as createDiscoverySlot } from "./turn-operations-fhinWY4m.js";
+import { A as resolvePersistDir, B as formatTaskStatus, H as previewLine, I as ageString, L as compactPath, O as cleanupPersistedSession, R as fmtTokens, U as shortId, V as formatTaskSummary, j as resolveTasksDir, p as createAgent, z as formatDuration } from "./tools-Co3VYhgM.js";
+import { c as errorMessage } from "./errors-DdZXnyXE.js";
+import { s as McpOAuthProvider, t as connectMcpServers } from "./mcp-ngMS0S6N.js";
+import { C as summaryToTurn, a as selectFilesFromSession, r as buildPostCompactAttachments, s as compactConversation, t as loginMcpServer } from "./login-D5lQWoFx.js";
 import { n as formatTokenUsage } from "./stats-Lc3zL3RM.js";
-import { n as loadSession, t as createSession } from "./session-DzfRacU_.js";
+import { n as loadSession, t as createSession } from "./session-BoEW_wCR.js";
 import { createTuiStore } from "./session/sqlite.js";
 import { homedir } from "node:os";
 import { spawn } from "node:child_process";
@@ -4637,6 +4637,282 @@ function OptionList({ items, initialCursor, onPick }) {
 	});
 }
 //#endregion
+//#region src/tui/oauth-url-block.tsx
+/** @jsxImportSource @opentui/react */
+/**
+* Long URL rendered as N single-row OSC 8 hyperlinks instead of one
+* wrapped hyperlink.
+*
+* Why split: OpenTUI packs a `linkId` per cell into the attribute
+* bitfield, but its renderer emits an OSC 8 open/close pair per visual
+* row without the spec's `id=` parameter. Terminals (notably iTerm2)
+* need a matching `id=` to stitch hyperlink fragments across rows —
+* without it, only one row of a wrapped link ends up clickable. We
+* pre-chunk the URL into rows that fit on one line and render each as
+* its own intact `<a href>` with `wrapMode="none"`, so the terminal
+* never sees a wrapped hyperlink and clicking any row opens the full
+* URL.
+*
+* Width: caller passes a hard cap (its container's content-area width).
+* We further clamp by the live terminal width minus `chromeWidth` so a
+* narrow terminal still chunks short enough to avoid forced wrap by
+* the layout engine. `chromeWidth` is the container's border + padding
+* budget — default 14 fits a typical modal; pass a smaller value for
+* less-padded containers (e.g. 6 for the auth wizard panel).
+*/
+function OAuthUrlBlock({ url, fg, maxLineWidth, chromeWidth = 14 }) {
+	const { width: termWidth } = useTerminalDimensions();
+	return /* @__PURE__ */ jsx(Fragment, { children: chunkString(url, Math.max(20, Math.min(maxLineWidth, termWidth - chromeWidth))).map((line, i) => /* @__PURE__ */ jsx("text", {
+		wrapMode: "none",
+		fg,
+		children: /* @__PURE__ */ jsx("a", {
+			href: url,
+			children: line
+		})
+	}, i)) });
+}
+function chunkString(s, n) {
+	if (s.length <= n) return [s];
+	const out = [];
+	for (let i = 0; i < s.length; i += n) out.push(s.slice(i, i + n));
+	return out;
+}
+//#endregion
+//#region src/tui/oauth-auth-block.tsx
+/** Keystroke shown next to the open-browser button. */
+const OPEN_BROWSER_KEY = "ctrl+b";
+/**
+* Unified affordance for surfacing an OAuth authorization URL in the TUI:
+*
+*   1. A prominent OSC 8 hyperlink button — "Click here to open auth URL in
+*      browser". Honored by every terminal that supports clickable links
+*      (iTerm2, Kitty, WezTerm, Ghostty, Alacritty, …). Lands on the user's
+*      LOCAL terminal even over SSH because OSC 8 is interpreted client-side.
+*   2. The full URL rendered greyed below, chunked into per-row hyperlinks
+*      via {@link OAuthUrlBlock}. Backup channel for terminals without OSC 8,
+*      and for users who'd rather copy via drag-select than click.
+*   3. Optional paste-back input. When `paste` is provided, an `<input>`
+*      renders below the URL so the user can paste the FULL redirect URL
+*      their browser ended up at after authorizing — useful when zidane runs
+*      over SSH and the browser-side redirect to loopback can't reach the
+*      remote callback server. The caller's `onSubmit` typically pipes the
+*      pasted value through {@link fetchOAuthRedirect} so the in-process
+*      server receives the request and the OAuth promise resolves through
+*      the same happy path a real browser would have taken.
+*
+* The component owns presentation only — keyboard focus, input ref, and
+* the submit handler stay with the caller so the affordance composes
+* cleanly with whatever picker / wizard / modal it lives in.
+*/
+function OAuthAuthBlock({ authUrl, maxLineWidth, chromeWidth = 14, paste }) {
+	const COLOR = useColors();
+	return /* @__PURE__ */ jsxs("box", {
+		style: {
+			flexDirection: "column",
+			gap: 1
+		},
+		children: [
+			/* @__PURE__ */ jsx(OpenBrowserButton, { authUrl }),
+			/* @__PURE__ */ jsxs("box", {
+				style: { flexDirection: "column" },
+				children: [/* @__PURE__ */ jsx("text", {
+					fg: COLOR.mute,
+					children: "or copy the URL manually:"
+				}), /* @__PURE__ */ jsx(OAuthUrlBlock, {
+					url: authUrl,
+					fg: COLOR.dim,
+					maxLineWidth,
+					chromeWidth
+				})]
+			}),
+			paste && /* @__PURE__ */ jsxs("box", {
+				style: { flexDirection: "column" },
+				children: [
+					/* @__PURE__ */ jsx("text", {
+						fg: COLOR.mute,
+						children: "or — if the browser couldn't reach this machine (SSH, firewall) — paste the URL it tried to redirect to:"
+					}),
+					paste.hint && /* @__PURE__ */ jsx("text", {
+						fg: toneColor(paste.hint.tone, COLOR),
+						children: paste.hint.text
+					}),
+					/* @__PURE__ */ jsx("box", {
+						style: {
+							border: true,
+							borderColor: paste.focused ? COLOR.borderActive : COLOR.border,
+							paddingLeft: 1,
+							paddingRight: 1,
+							height: 3
+						},
+						children: /* @__PURE__ */ jsx("input", {
+							ref: paste.inputRef,
+							focused: paste.focused,
+							placeholder: paste.placeholder ?? "paste redirect URL and press enter…",
+							onSubmit: paste.onSubmit,
+							style: { flexGrow: 1 }
+						})
+					})
+				]
+			})
+		]
+	});
+}
+/**
+* Real button: a bordered, brand-colored box hosting a labeled keystroke
+* hint. Pressing `ctrl+b` (anywhere this block is mounted) calls
+* {@link tryOpenBrowser} to launch the URL via the OS handler AND
+* {@link writeToClipboard} so the URL also lands in the user's clipboard
+* (OSC 52 → works over SSH, native helper → works locally). Both fire
+* because either alone can fail silently — `open`/`xdg-open` are no-ops
+* on a headless box, and OSC 52 is disabled on some terminals — and the
+* combination covers both failure modes without prompting again.
+*
+* The visible label is also wrapped in an OSC 8 hyperlink so a mouse
+* click in a supporting terminal (iTerm2, Kitty, WezTerm, …) reaches the
+* same browser. The keybind is the authoritative path — it doesn't
+* depend on terminal capability — and the hyperlink is the bonus.
+*/
+function OpenBrowserButton({ authUrl }) {
+	const COLOR = useColors();
+	const [feedback, setFeedback] = useState(null);
+	const feedbackTimer = useRef(null);
+	const trigger = useCallback(() => {
+		tryOpenBrowser(authUrl);
+		setFeedback(writeToClipboard(authUrl) ? "opened in browser · URL copied to clipboard" : "opened in browser");
+		if (feedbackTimer.current) clearTimeout(feedbackTimer.current);
+		feedbackTimer.current = setTimeout(setFeedback, 4e3, null);
+	}, [authUrl]);
+	useKeyboard((key) => {
+		if (key.ctrl && key.name === "b") {
+			key.preventDefault();
+			trigger();
+		}
+	});
+	useEffect(() => () => {
+		if (feedbackTimer.current) clearTimeout(feedbackTimer.current);
+	}, []);
+	return /* @__PURE__ */ jsxs("box", {
+		style: { flexDirection: "column" },
+		children: [/* @__PURE__ */ jsx("box", {
+			style: {
+				border: true,
+				borderColor: COLOR.brand,
+				paddingLeft: 1,
+				paddingRight: 1,
+				alignSelf: "flex-start"
+			},
+			children: /* @__PURE__ */ jsxs("text", {
+				wrapMode: "none",
+				children: [
+					/* @__PURE__ */ jsx("a", {
+						href: authUrl,
+						fg: COLOR.brand,
+						children: "↗ Open auth URL in browser"
+					}),
+					/* @__PURE__ */ jsx("span", {
+						fg: COLOR.mute,
+						children: "   "
+					}),
+					/* @__PURE__ */ jsx("span", {
+						fg: COLOR.warn,
+						children: OPEN_BROWSER_KEY
+					}),
+					/* @__PURE__ */ jsx("span", {
+						fg: COLOR.mute,
+						children: " open · click also works"
+					})
+				]
+			})
+		}), feedback && /* @__PURE__ */ jsx("text", {
+			fg: COLOR.accent,
+			children: `✓ ${feedback}`
+		})]
+	});
+}
+function toneColor(tone, COLOR) {
+	switch (tone) {
+		case "error": return COLOR.error;
+		case "accent": return COLOR.accent;
+		case "dim": return COLOR.dim;
+	}
+}
+/**
+* Self-contained MCP authorizing panel:
+*
+*   - Renders the {@link OAuthAuthBlock} for the URL + paste input.
+*   - Owns the input ref, the submit handler, and the hint state.
+*   - Auto-fetches the pasted URL via {@link fetchOAuthRedirect} so the
+*     MCP SDK's loopback callback server resolves the OAuth promise
+*     through the same code path a real browser-redirect would have
+*     taken — works over SSH where the browser can't reach the remote
+*     callback server directly.
+*
+* `inputFocused` is forwarded as the input's `focused` prop AND read by
+* the parent picker's `useKeyboard` (via a ref) to suppress single-key
+* shortcuts (`l` / `o` / `r`) while the user is typing into the input.
+*/
+function McpAuthorizingPanel({ serverName, authUrl, maxLineWidth, chromeWidth, inputFocused }) {
+	const COLOR = useColors();
+	const inputRef = useRef(null);
+	const [hint, setHint] = useState(null);
+	const onSubmit = useCallback(() => {
+		const value = inputRef.current?.value?.trim() ?? "";
+		if (!value) return;
+		setHint({
+			text: "submitting redirect URL…",
+			tone: "dim"
+		});
+		(async () => {
+			try {
+				const result = await fetchOAuthRedirect(value);
+				if (result.status >= 200 && result.status < 300) setHint({
+					text: "redirect accepted — finalizing…",
+					tone: "accent"
+				});
+				else setHint({
+					text: `callback server rejected the URL (${result.status}${result.message ? `: ${result.message}` : ""}). Cancel and retry.`,
+					tone: "error"
+				});
+			} catch (err) {
+				setHint({
+					text: errorMessage(err),
+					tone: "error"
+				});
+			}
+		})();
+	}, []);
+	return /* @__PURE__ */ jsxs("box", {
+		style: {
+			flexDirection: "column",
+			border: ["top"],
+			borderColor: COLOR.border,
+			paddingTop: 1
+		},
+		children: [
+			/* @__PURE__ */ jsx("text", {
+				fg: COLOR.brand,
+				children: `Authorizing ${serverName}`
+			}),
+			/* @__PURE__ */ jsx("text", {
+				fg: COLOR.dim,
+				children: "Your browser should have opened — complete the login, then return here."
+			}),
+			/* @__PURE__ */ jsx(OAuthAuthBlock, {
+				authUrl,
+				maxLineWidth,
+				chromeWidth,
+				paste: {
+					inputRef,
+					focused: inputFocused,
+					onSubmit,
+					placeholder: "paste redirect URL and press enter…",
+					hint: hint ?? void 0
+				}
+			})
+		]
+	});
+}
+//#endregion
 //#region src/tui/todo-indicator.tsx
 /**
 * Layout budget when truncating the content. The bar never wraps —
@@ -5085,9 +5361,15 @@ function EnterApiKeyStep({ descriptor, error, onSubmit }) {
 	});
 }
 function OAuthRunningStep({ descriptor, dataDir, onSuccess, onError }) {
+	const usesManualPaste = oauthUsesManualCodePaste(descriptor);
 	const [url, setUrl] = useState(null);
-	const [status, setStatus] = useState("starting browser…");
-	const COLOR = useColors();
+	const [status, setStatus] = useState(usesManualPaste ? "opening browser…" : "starting browser…");
+	const [pending, setPending] = useState(null);
+	const [pasteHint, setPasteHint] = useState(null);
+	const focused = useModalAwareFocus();
+	const inputRef = useRef(null);
+	const pendingRef = useRef(null);
+	pendingRef.current = pending;
 	useEffect(() => {
 		const ac = new AbortController();
 		let cancelled = false;
@@ -5097,8 +5379,22 @@ function OAuthRunningStep({ descriptor, dataDir, onSuccess, onError }) {
 					onUrl: (loginUrl) => {
 						if (cancelled) return;
 						setUrl(loginUrl);
-						setStatus("waiting for browser callback…");
+						setStatus(usesManualPaste ? "complete the login in your browser, then paste the code below" : "waiting for browser callback…");
 					},
+					onPrompt: (prompt) => new Promise((resolve, reject) => {
+						if (cancelled) {
+							reject(/* @__PURE__ */ new Error("OAuth flow cancelled"));
+							return;
+						}
+						pendingRef.current?.reject(/* @__PURE__ */ new Error("superseded by a newer OAuth prompt"));
+						setPending({
+							message: prompt.message,
+							placeholder: prompt.placeholder,
+							allowEmpty: prompt.allowEmpty,
+							resolve,
+							reject
+						});
+					}),
 					onProgress: (message) => {
 						if (!cancelled) setStatus(message);
 					},
@@ -5117,31 +5413,70 @@ function OAuthRunningStep({ descriptor, dataDir, onSuccess, onError }) {
 		})();
 		return () => {
 			cancelled = true;
+			pendingRef.current?.reject(/* @__PURE__ */ new Error("OAuth flow cancelled"));
+			pendingRef.current = null;
 			ac.abort();
 		};
 	}, [
 		descriptor,
 		dataDir,
 		onSuccess,
-		onError
+		onError,
+		usesManualPaste
 	]);
+	const submitInput = useCallback(() => {
+		const value = inputRef.current?.value?.trim() ?? "";
+		const current = pendingRef.current;
+		if (current) {
+			if (!value && !current.allowEmpty) return;
+			pendingRef.current = null;
+			setPending(null);
+			setStatus("exchanging code…");
+			current.resolve(value);
+			return;
+		}
+		if (!value) return;
+		setPasteHint({
+			text: "submitting redirect URL…",
+			tone: "dim"
+		});
+		(async () => {
+			try {
+				const result = await fetchOAuthRedirect(value);
+				if (result.status >= 200 && result.status < 300) {
+					setPasteHint({
+						text: "redirect accepted — exchanging code…",
+						tone: "accent"
+					});
+					setStatus("exchanging code…");
+				} else setPasteHint({
+					text: `callback server rejected the URL (${result.status}${result.message ? `: ${result.message}` : ""}). Try again or restart the flow.`,
+					tone: "error"
+				});
+			} catch (err) {
+				setPasteHint({
+					text: errorMessage(err),
+					tone: "error"
+				});
+			}
+		})();
+	}, []);
 	return /* @__PURE__ */ jsxs(WizardPanel, {
 		title: `configure ${descriptor.label} — OAuth`,
 		children: [
 			/* @__PURE__ */ jsx(WizardEscHint, {}),
-			/* @__PURE__ */ jsx(Spinner, { label: status }),
-			url && /* @__PURE__ */ jsxs("box", {
-				style: {
-					flexDirection: "column",
-					gap: 0
-				},
-				children: [/* @__PURE__ */ jsx("text", {
-					fg: COLOR.dim,
-					children: "If the browser didn't open, visit:"
-				}), /* @__PURE__ */ jsx("text", {
-					fg: COLOR.model,
-					children: url
-				})]
+			pending ? /* @__PURE__ */ jsx(Spinner, { label: pending.message }) : /* @__PURE__ */ jsx(Spinner, { label: status }),
+			url && /* @__PURE__ */ jsx(OAuthAuthBlock, {
+				authUrl: url,
+				maxLineWidth: 200,
+				chromeWidth: 6,
+				paste: {
+					inputRef,
+					focused,
+					onSubmit: submitInput,
+					placeholder: pending?.placeholder ?? "paste redirect URL (or code) and press enter…",
+					hint: pasteHint ?? void 0
+				}
 			})
 		]
 	});
@@ -7106,7 +7441,13 @@ function SettingsModal({ skillsCatalog: skillsCatalogProp, mcpsCatalog: mcpsCata
 	]);
 	const focusedMcp = filteredMcps[cursor];
 	const focusedMcpStatus = focusedMcp ? getMcpAuthStatus(authState, focusedMcp.config.name) : void 0;
+	const oauthPasteActive = activeTab === "mcps" && focusedMcpStatus?.kind === "authorizing" && !!focusedMcpStatus.url;
 	useKeyboard((key) => {
+		if (key.name === "escape" && oauthPasteActive && focusedMcp) {
+			actions?.onCancelLoginMcp?.(focusedMcp.config.name);
+			return;
+		}
+		if (oauthPasteActive) return;
 		if (!key.ctrl && !key.meta && !key.shift && (key.name === "left" || key.name === "right")) {
 			key.preventDefault();
 			const idx = TAB_ORDER.indexOf(activeTab);
@@ -7203,7 +7544,7 @@ function SettingsModal({ skillsCatalog: skillsCatalogProp, mcpsCatalog: mcpsCata
 				},
 				children: /* @__PURE__ */ jsx("input", {
 					ref: inputRef,
-					focused: true,
+					focused: !oauthPasteActive,
 					placeholder: searchPlaceholder(activeTab),
 					onInput: handleQueryChange,
 					onSubmit: () => {},
@@ -7623,35 +7964,29 @@ function EmptyRow({ label }) {
 	});
 }
 function renderMcpDetailPanel(entry, status, COLOR) {
-	if (status.kind === "authorizing") return /* @__PURE__ */ jsxs("box", {
-		style: {
-			flexDirection: "column",
-			border: ["top"],
-			borderColor: COLOR.border,
-			paddingTop: 1
-		},
-		children: [
-			/* @__PURE__ */ jsx("text", {
+	if (status.kind === "authorizing") {
+		if (!status.url) return /* @__PURE__ */ jsxs("box", {
+			style: {
+				flexDirection: "column",
+				border: ["top"],
+				borderColor: COLOR.border,
+				paddingTop: 1
+			},
+			children: [/* @__PURE__ */ jsx("text", {
 				fg: COLOR.brand,
 				children: `Authorizing ${entry.config.name}`
-			}),
-			/* @__PURE__ */ jsx("text", {
-				fg: COLOR.dim,
-				children: "Your browser should have opened — complete the login, then return here."
-			}),
-			status.url && /* @__PURE__ */ jsxs(Fragment, { children: [/* @__PURE__ */ jsx("text", {
-				fg: COLOR.mute,
-				children: "If it didn't, click the URL below (or copy it):"
 			}), /* @__PURE__ */ jsx("text", {
-				wrapMode: "char",
-				fg: COLOR.model,
-				children: /* @__PURE__ */ jsx("a", {
-					href: status.url,
-					children: status.url
-				})
-			})] })
-		]
-	});
+				fg: COLOR.dim,
+				children: "Starting login flow…"
+			})]
+		});
+		return /* @__PURE__ */ jsx(McpAuthorizingPanel, {
+			serverName: entry.config.name,
+			authUrl: status.url,
+			maxLineWidth: 134,
+			inputFocused: true
+		});
+	}
 	if (status.kind === "error") return /* @__PURE__ */ jsxs("box", {
 		style: {
 			flexDirection: "column",
@@ -8591,6 +8926,15 @@ function AppShell() {
 	useEffect(() => {
 		autoCompactThresholdRef.current = settings.autoCompactThreshold;
 	}, [settings.autoCompactThreshold]);
+	/**
+	* Post-compaction baseline for the hysteresis check in
+	* {@link shouldAutoCompact}. Latched to the effective post-compact token
+	* count whenever a compaction lands (see {@link onCompactSession}), reset
+	* to `undefined` on session change so the first compaction in a fresh
+	* session fires off the absolute threshold without any growth gating.
+	* Pairs with {@link AUTO_COMPACT_MIN_GROWTH_FRACTION} in the predicate.
+	*/
+	const lastCompactedInputTokensRef = useRef(void 0);
 	const smoothStreamingRef = useRef(settings.smoothStreaming);
 	useEffect(() => {
 		smoothStreamingRef.current = settings.smoothStreaming;
@@ -9470,6 +9814,7 @@ function AppShell() {
 		const replayedTokens = lastContextSizeFromTurns(session.turns, session.runs);
 		setLastInputTokens(replayedTokens);
 		lastInputTokensRef.current = replayedTokens;
+		lastCompactedInputTokensRef.current = void 0;
 		setSessionCost(sumRunCosts(session.runs));
 		setCurrentSession({
 			id: session.id,
@@ -10048,6 +10393,7 @@ function AppShell() {
 		const replayedTokens = lastContextSizeFromTurns(session.turns, session.runs);
 		setLastInputTokens(replayedTokens);
 		lastInputTokensRef.current = replayedTokens;
+		lastCompactedInputTokensRef.current = void 0;
 		setSessionCost(sumRunCosts(session.runs));
 		setCurrentSession((prev) => prev ? {
 			...prev,
@@ -10085,6 +10431,7 @@ function AppShell() {
 		const replayedTokens = lastContextSizeFromTurns(session.turns, session.runs);
 		setLastInputTokens(replayedTokens);
 		lastInputTokensRef.current = replayedTokens;
+		lastCompactedInputTokensRef.current = void 0;
 		setCurrentSession((prev) => prev ? {
 			...prev,
 			updatedAt: Date.now()
@@ -10241,6 +10588,7 @@ function AppShell() {
 				setEvents(eventsFromTurns(liveSession.turns, liveSession.runs));
 				setLastInputTokens(effectiveTokens);
 				lastInputTokensRef.current = effectiveTokens;
+				lastCompactedInputTokensRef.current = effectiveTokens;
 			}
 			setCurrentSession((prev) => prev && prev.id === sessionId ? {
 				...prev,
@@ -10283,7 +10631,9 @@ function AppShell() {
 			threshold: autoCompactThresholdRef.current,
 			inputTokens: lastInputTokensRef.current,
 			rawContextWindow: rawWindow,
-			alreadyCompacting: !!autoCompactInFlightRef.current
+			alreadyCompacting: !!autoCompactInFlightRef.current,
+			...lastCompactedInputTokensRef.current !== void 0 ? { lastCompactedInputTokens: lastCompactedInputTokensRef.current } : {},
+			minGrowthFraction: AUTO_COMPACT_MIN_GROWTH_FRACTION
 		});
 		if (decision.kind !== "fire") return;
 		const pct = Math.round(decision.usedFraction * 100);
@@ -11104,7 +11454,18 @@ function McpsSettingsModal({ catalog, errors, onLogin, onLogout, onCancelLogin,
 		return ((prev + delta) % catalog.length + catalog.length) % catalog.length;
 	}), [catalog.length]);
 	const safeCursor = Math.min(cursor, Math.max(0, catalog.length - 1));
+	const focusedEntry = catalog[safeCursor];
+	const focusedStatus = focusedEntry ? getMcpAuthStatus(authState, focusedEntry.config.name) : void 0;
+	const inputActive = focusedStatus?.kind === "authorizing" && !!focusedStatus.url;
 	useKeyboard((key) => {
+		if (key.name === "escape" && focusedEntry) {
+			const name = focusedEntry.config.name;
+			if (getMcpAuthStatus(authState, name).kind === "authorizing") {
+				onCancelLogin(name);
+				return;
+			}
+		}
+		if (inputActive) return;
 		if (key.name === "up" || key.name === "k" || key.ctrl && key.name === "p") {
 			moveCursor(-1);
 			return;
@@ -11118,10 +11479,6 @@ function McpsSettingsModal({ catalog, errors, onLogin, onLogout, onCancelLogin,
 		if (!entry) return;
 		const name = entry.config.name;
 		const status = getMcpAuthStatus(authState, name);
-		if (key.name === "escape" && status.kind === "authorizing") {
-			onCancelLogin(name);
-			return;
-		}
 		if (key.name === "return" || key.name === "space") {
 			toggle(name);
 			return;
@@ -11209,8 +11566,6 @@ function McpsSettingsModal({ catalog, errors, onLogin, onLogout, onCancelLogin,
 			})
 		]
 	});
-	const focusedEntry = catalog[safeCursor];
-	const focusedStatus = focusedEntry ? getMcpAuthStatus(authState, focusedEntry.config.name) : void 0;
 	return /* @__PURE__ */ jsxs(Modal, {
 		title: ` mcp servers · ${enabledSet.size} / ${catalog.length} enabled `,
 		children: [
@@ -11300,35 +11655,29 @@ function renderInlineBadge(status, COLOR) {
 * itself to the content automatically).
 */
 function renderDetailPanel(entry, status, COLOR) {
-	if (status.kind === "authorizing") return /* @__PURE__ */ jsxs("box", {
-		style: {
-			flexDirection: "column",
-			border: ["top"],
-			borderColor: COLOR.border,
-			paddingTop: 1
-		},
-		children: [
-			/* @__PURE__ */ jsx("text", {
+	if (status.kind === "authorizing") {
+		if (!status.url) return /* @__PURE__ */ jsxs("box", {
+			style: {
+				flexDirection: "column",
+				border: ["top"],
+				borderColor: COLOR.border,
+				paddingTop: 1
+			},
+			children: [/* @__PURE__ */ jsx("text", {
 				fg: COLOR.brand,
 				children: `Authorizing ${entry.config.name}`
-			}),
-			/* @__PURE__ */ jsx("text", {
-				fg: COLOR.dim,
-				children: "Your browser should have opened — complete the login, then return here."
-			}),
-			status.url && /* @__PURE__ */ jsxs(Fragment, { children: [/* @__PURE__ */ jsx("text", {
-				fg: COLOR.mute,
-				children: "If it didn't, click the URL below (or copy it):"
 			}), /* @__PURE__ */ jsx("text", {
-				wrapMode: "char",
-				fg: COLOR.model,
-				children: /* @__PURE__ */ jsx("a", {
-					href: status.url,
-					children: status.url
-				})
-			})] })
-		]
-	});
+				fg: COLOR.dim,
+				children: "Starting login flow…"
+			})]
+		});
+		return /* @__PURE__ */ jsx(McpAuthorizingPanel, {
+			serverName: entry.config.name,
+			authUrl: status.url,
+			maxLineWidth: 86,
+			inputFocused: true
+		});
+	}
 	if (status.kind === "error") return /* @__PURE__ */ jsxs("box", {
 		style: {
 			flexDirection: "column",