zidane 5.6.14 → 5.7.4

package/dist/{tools-DhrLrOEr.js → tools-BGtJK0vo.js}

@@ -1,15 +1,21 @@
-import { n as createProcessContext } from "./contexts-BOtMvzli.js";
-import { c as errorMessage, i as AgentProviderError, n as AgentBudgetExceededError, o as AgentToolPairingError, t as AgentAbortedError, u as toTypedError } from "./errors-DdZXnyXE.js";
-import { n as toolOutputByteLength, t as DEFAULT_AGENT_CLOCK } from "./types-oKPBdCmL.js";
-import { E as appendStaticSection, a as detectTurnInterruption, c as filterUnresolvedToolUses, n as SYNTHETIC_TOOL_RESULT_PLACEHOLDER, o as ensureEndsWithUserMessage, s as ensureToolResultPairing } from "./messages-Dym8S_YH.js";
-import { t as connectMcpServers } from "./mcp-DGeB7-3D.js";
-import { _ as validateResourcePath, b as createSkillActivationState, d as escapeXml, n as resolveSkills, p as installAllowedToolsGate, t as interpolateShellCommands, u as buildCatalog } from "./interpolate-DM1UcKeQ.js";
-import { n as formatTokenUsage, t as flattenTurns } from "./stats-Lc3zL3RM.js";
+import { c as formatTaskStatus, f as buildContextBreakdown, h as utf8ByteLength, l as formatTaskSummary, n as stripLineNumberPrefixes, r as styleReplacementForVia, s as formatDuration, t as resolveOldString, u as previewLine } from "./edit-utils-DnfNoj16.js";
+import { a as createCursorOAuthProvider, c as anthropic, d as ANTHROPIC_EXTRA_MODELS, f as FAST_MODE_OPTIONS, n as openai, o as generatePkce, r as local, s as cerebras, t as openrouter } from "./providers-h4HJPbbv.js";
+import { f as toTypedError, i as AgentProviderError, l as errorMessage, n as AgentBudgetExceededError, o as AgentToolPairingError, t as AgentAbortedError } from "./errors-CoQnKRf1.js";
+import { E as appendStaticSection, a as detectTurnInterruption, c as filterUnresolvedToolUses, k as renderSystemForWire, n as SYNTHETIC_TOOL_RESULT_PLACEHOLDER, o as ensureEndsWithUserMessage, s as ensureToolResultPairing } from "./messages-CvRQTdbR.js";
+import { t as reconcileImageMediaType } from "./image-sniff-B7uFSNO1.js";
+import { n as createProcessContext } from "./contexts-BD2U_xpi.js";
+import { n as toolOutputByteLength, t as DEFAULT_AGENT_CLOCK } from "./types-BPw_i5vb.js";
+import { b as escapeXml, f as installAllowedToolsGate, g as validateResourcePath, n as resolveSkills, t as interpolateShellCommands, u as buildCatalog, y as createSkillActivationState } from "./interpolate-TySiqKzc.js";
+import { t as connectMcpServers } from "./mcp-Kqzz-Rs_.js";
+import { n as flattenTurns, r as formatTokenUsage, t as effectiveInputFromTurn } from "./stats-DAKBEKjc.js";
 import { dirname, isAbsolute, join, resolve } from "node:path";
 import { createHooks } from "hookable";
-import { homedir } from "node:os";
-import { glob, mkdir, readdir, rename, rm, stat, unlink, writeFile } from "node:fs/promises";
+import { getModel, getModels } from "@earendil-works/pi-ai";
 import { Buffer } from "node:buffer";
+import { refreshAnthropicToken, refreshOpenAICodexToken, registerOAuthProvider } from "@earendil-works/pi-ai/oauth";
+import { createServer } from "node:http";
+import { randomBytes } from "node:crypto";
+import { glob, mkdir, readdir, rename, rm, stat, unlink, writeFile } from "node:fs/promises";
 //#region src/aliasing.ts
 /**
 * Build alias lookup maps from a `toolAliases` record.
@@ -143,126 +149,966 @@ function rewriteMessagesToWire(messages, maps) {
 	}));
 }
 //#endregion
-//#region src/chat/format.ts
-/** Compact token formatter — 12_415 → "12.4k", 1_234_567 → "1.23M". */
-function fmtTokens(n) {
-	if (n < 1e3) return String(n);
-	if (n < 1e6) return `${(n / 1e3).toFixed(n < 1e4 ? 2 : 1)}k`;
-	return `${(n / 1e6).toFixed(2)}M`;
-}
-/** Compact relative-time formatter — "just now / 5m / 3h / 2d". */
-function ageString(ts, now = Date.now()) {
-	const m = Math.floor((now - ts) / 6e4);
-	if (m < 1) return "just now";
-	if (m < 60) return `${m}m ago`;
-	const h = Math.floor(m / 60);
-	if (h < 24) return `${h}h ago`;
-	return `${Math.floor(h / 24)}d ago`;
-}
-/** Six-char short form of a session id for headers and lists. */
-function shortId(id) {
-	return id.replace(/-/g, "").slice(0, 6);
-}
-/**
-* Single-line preview of a multi-line string, capped at `max` chars and
-* ellipsis-terminated when truncated.
-*
-* Whitespace runs (newlines, tabs, multiple spaces) collapse into one
-* space so the rendered output stays on a single visual row no matter
-* how the input was shaped. Used by every transcript "preview" surface
-* (spawn-start task, `tool: shell (background): <command>`,
-* `<task-notification>` summary line, etc.) — without the whitespace
-* collapse, a 60-char `slice` on a string with an inline `\n\n` paints
-* the second paragraph below the first, producing the visible
-* "preview text spills onto multiple lines" bug (and, downstream,
-* misaligned spawn markers when the wrapped lines collide with
-* other events).
-*
-* Reserves one slot for the `…` so the displayed width is exactly
-* `max` when truncation kicks in.
-*/
-function previewLine(s, max) {
-	const single = s.replace(/\s+/g, " ").trim();
-	if (single.length <= max) return single;
-	return `${single.slice(0, max - 1)}…`;
-}
-/**
-* Compact human-readable duration formatter shared by background-task
-* surfaces (the `<task-notification>` summary, the TUI banner, the
-* `shell_kill` tool result, etc.).
-*
-* Format ladder:
-*   - `< 1s`   →  `"Nms"`
-*   - `< 10s`  →  `"N.Ns"` (one decimal)
-*   - `< 1m`   →  `"Ns"`   (whole seconds)
-*   - `< 1h`   →  `"NmNs"` / `"Nm"` when seconds round to 0
-*   - `≥ 1h`   →  `"NhNm"` / `"Nh"` when minutes round to 0
-*
-* Single source of truth so a 60s task renders the same across the
-* model-facing XML summary and the user-facing banner. Earlier
-* separate formatters disagreed (XML said `"60.0s"`, banner said `"1m"`)
-* which was confusing to the user reading both side by side.
-*/
-function formatDuration(ms) {
-	if (ms < 0) ms = 0;
-	if (ms < 1e3) return `${ms}ms`;
-	if (ms < 6e4) return `${(ms / 1e3).toFixed(ms < 1e4 ? 1 : 0)}s`;
-	const minutes = Math.floor(ms / 6e4);
-	const seconds = Math.floor(ms % 6e4 / 1e3);
-	if (minutes < 60) return seconds > 0 ? `${minutes}m${seconds}s` : `${minutes}m`;
-	const hours = Math.floor(minutes / 60);
-	const remMinutes = minutes % 60;
-	return remMinutes > 0 ? `${hours}h${remMinutes}m` : `${hours}h`;
-}
-/**
-* Status label for a terminated background task — `"exited <code>"`
-* for natural exits, `"killed"` (with the signal name when known)
-* for our-issued SIGTERMs.
-*
-* Pulled out as its own function so the `<task-notification>` XML
-* summary, the TUI banner header, the `shell_kill` tool result, and
-* future surfaces all read the same string.
-*/
-function formatTaskStatus(info) {
-	return info.status === "killed" ? `killed${info.signal ? ` (${info.signal})` : ""}` : `exited ${info.exitCode}`;
-}
-/**
-* One-line summary of a terminated background task — the shape used by
-* the `<task-notification>` XML's `<summary>` tag AND the TUI banner's
-* `event.text` fallback string. Three dot-separated segments:
-*
-*   `<command preview · status · duration>`
-*
-* Centralizes the format so live + replay + wire all agree, and so a
-* future cosmetic tweak (separator glyph, segment ordering) lands in
-* exactly one place.
-*/
-function formatTaskSummary(info, maxCommandChars = 80) {
-	return `${previewLine(info.command, maxCommandChars)} · ${formatTaskStatus(info)} · ${formatDuration(info.durationMs)}`;
-}
-/**
-* Compact an absolute path for display: replace the user's `$HOME`
-* prefix with `~` (so `/Users/yael/Code/zidane` → `~/Code/zidane`),
-* and optionally left-truncate with an ellipsis when the result
-* still exceeds `maxWidth` (so the path's *tail* — the part the user
-* recognizes — stays visible: `…/zidane` rather than `/Users/yaeluil…`).
-*
-* `maxWidth` is the maximum *display width* in cells. Omit to skip
-* truncation. Paths outside `$HOME` are returned verbatim modulo
-* truncation. The ellipsis (`…`) counts as one cell.
-*
-* `home` overrides `os.homedir()` for tests; production callers leave
-* it undefined and pay the cheap one-syscall lookup per call.
+//#region src/chat/oauth-page/server.ts
+const CALLBACK_HOST = process.env.PI_OAUTH_CALLBACK_HOST || "127.0.0.1";
+function buildRequestHandler(opts, pending) {
+	return (req, res) => {
+		try {
+			const url = new URL(req.url || "", "http://localhost");
+			if (url.pathname !== opts.path) {
+				respondError(res, 404, opts, "Callback route not found.");
+				return;
+			}
+			const error = url.searchParams.get("error");
+			if (error) {
+				respondError(res, 400, opts, `${opts.providerName} authentication did not complete.`, `Error: ${error}`);
+				return;
+			}
+			const code = url.searchParams.get("code");
+			const state = url.searchParams.get("state");
+			if (!code || !state) {
+				respondError(res, 400, opts, "Missing code or state parameter.");
+				return;
+			}
+			if (state !== opts.expectedState) {
+				respondError(res, 400, opts, "State mismatch.");
+				return;
+			}
+			res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+			res.end(opts.renderPage({
+				kind: "success",
+				provider: opts.providerName,
+				message: opts.successMessage
+			}));
+			pending.settle({
+				code,
+				state
+			});
+		} catch {
+			respondError(res, 500, opts, "Internal error while processing the callback.");
+		}
+	};
+}
+function respondError(res, status, opts, message, details) {
+	res.writeHead(status, { "Content-Type": "text/html; charset=utf-8" });
+	res.end(opts.renderPage({
+		kind: "error",
+		provider: opts.providerName,
+		message,
+		details
+	}));
+}
+function buildStubHandle(redirectUri, server) {
+	return {
+		redirectUri,
+		waitForCode: async () => null,
+		cancelWait: () => {},
+		close: () => {
+			try {
+				server?.close();
+			} catch {}
+		}
+	};
+}
+/**
+* Start the loopback HTTP callback server. The returned handle is the
+* caller's contract — they `await waitForCode()`, race it against manual
+* paste, then `close()` in a `finally`.
+*/
+async function startCallbackServer(opts) {
+	const onListenError = opts.onListenError ?? "reject";
+	const redirectUri = `http://localhost:${opts.port}${opts.path}`;
+	return new Promise((resolve, reject) => {
+		let settled = false;
+		const pending = { settle: () => {} };
+		const waitPromise = new Promise((resolveWait) => {
+			pending.settle = (value) => {
+				if (settled) return;
+				settled = true;
+				resolveWait(value);
+			};
+		});
+		const server = createServer(buildRequestHandler(opts, pending));
+		server.on("error", (err) => {
+			if (onListenError === "resolveWithStub") {
+				pending.settle(null);
+				resolve(buildStubHandle(redirectUri, server));
+				return;
+			}
+			reject(err);
+		});
+		server.listen(opts.port, CALLBACK_HOST, () => {
+			resolve({
+				redirectUri,
+				waitForCode: () => waitPromise,
+				cancelWait: () => pending.settle(null),
+				close: () => {
+					try {
+						server.close();
+					} catch {}
+				}
+			});
+		});
+	});
+}
+//#endregion
+//#region src/chat/oauth-page/anthropic.ts
+const CLIENT_ID$1 = atob("OWQxYzI1MGEtZTYxYi00NGQ5LTg4ZWQtNTk0NGQxOTYyZjVl");
+const AUTHORIZE_URL$1 = "https://claude.ai/oauth/authorize";
+const TOKEN_URL$1 = "https://platform.claude.com/v1/oauth/token";
+const CALLBACK_PORT$1 = 53692;
+const CALLBACK_PATH$1 = "/callback";
+const SCOPES = "org:create_api_key user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload";
+const PROVIDER_NAME$1 = "Anthropic";
+/**
+* Parse what the user pasted into the manual-code prompt. Accepts:
+*   - the bare authorization code
+*   - the full `redirect_uri?code=...&state=...` URL
+*   - the `code#state` shorthand Anthropic surfaces on the page
+*   - a raw query string with `code=...&state=...`
+*
+* Matches pi-ai's parse table so an existing user's muscle memory still works.
+*/
+function parseAuthorizationInput$1(input) {
+	const value = input.trim();
+	if (!value) return {};
+	try {
+		const url = new URL(value);
+		return {
+			code: url.searchParams.get("code") ?? void 0,
+			state: url.searchParams.get("state") ?? void 0
+		};
+	} catch {}
+	if (value.includes("#")) {
+		const [code, state] = value.split("#", 2);
+		return {
+			code,
+			state
+		};
+	}
+	if (value.includes("code=")) {
+		const params = new URLSearchParams(value);
+		return {
+			code: params.get("code") ?? void 0,
+			state: params.get("state") ?? void 0
+		};
+	}
+	return { code: value };
+}
+async function postJson(url, body) {
+	const response = await fetch(url, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/json",
+			"Accept": "application/json"
+		},
+		body: JSON.stringify(body),
+		signal: AbortSignal.timeout(3e4)
+	});
+	const responseBody = await response.text();
+	if (!response.ok) throw new Error(`HTTP request failed. status=${response.status}; url=${url}; body=${responseBody}`);
+	return responseBody;
+}
+async function exchangeAuthorizationCode$1(code, state, verifier, redirectUri) {
+	const responseBody = await postJson(TOKEN_URL$1, {
+		grant_type: "authorization_code",
+		client_id: CLIENT_ID$1,
+		code,
+		state,
+		redirect_uri: redirectUri,
+		code_verifier: verifier
+	});
+	const tokenData = JSON.parse(responseBody);
+	return {
+		refresh: tokenData.refresh_token,
+		access: tokenData.access_token,
+		expires: Date.now() + tokenData.expires_in * 1e3 - 300 * 1e3
+	};
+}
+async function loginAnthropicWithCustomPage(options) {
+	const { verifier, challenge } = await generatePkce();
+	const server = await startCallbackServer({
+		port: CALLBACK_PORT$1,
+		path: CALLBACK_PATH$1,
+		expectedState: verifier,
+		providerName: PROVIDER_NAME$1,
+		renderPage: options.renderPage,
+		successMessage: "Anthropic authentication completed. You can close this window.",
+		onListenError: "reject"
+	});
+	let code;
+	let state;
+	try {
+		const authParams = new URLSearchParams({
+			code: "true",
+			client_id: CLIENT_ID$1,
+			response_type: "code",
+			redirect_uri: server.redirectUri,
+			scope: SCOPES,
+			code_challenge: challenge,
+			code_challenge_method: "S256",
+			state: verifier
+		});
+		options.onAuth({
+			url: `${AUTHORIZE_URL$1}?${authParams.toString()}`,
+			instructions: "Complete login in your browser. If the browser is on another machine, paste the final redirect URL here."
+		});
+		if (options.onManualCodeInput) {
+			let manualInput;
+			let manualError;
+			const manualPromise = options.onManualCodeInput().then((input) => {
+				manualInput = input;
+				server.cancelWait();
+			}).catch((err) => {
+				manualError = err instanceof Error ? err : new Error(String(err));
+				server.cancelWait();
+			});
+			const result = await server.waitForCode();
+			if (manualError) throw manualError;
+			if (result?.code) {
+				code = result.code;
+				state = result.state;
+			} else if (manualInput) {
+				const parsed = parseAuthorizationInput$1(manualInput);
+				if (parsed.state && parsed.state !== verifier) throw new Error("OAuth state mismatch");
+				code = parsed.code;
+				state = parsed.state ?? verifier;
+			}
+			if (!code) {
+				await manualPromise;
+				if (manualError) throw manualError;
+				if (manualInput) {
+					const parsed = parseAuthorizationInput$1(manualInput);
+					if (parsed.state && parsed.state !== verifier) throw new Error("OAuth state mismatch");
+					code = parsed.code;
+					state = parsed.state ?? verifier;
+				}
+			}
+		} else {
+			const result = await server.waitForCode();
+			if (result?.code) {
+				code = result.code;
+				state = result.state;
+			}
+		}
+		if (!code) {
+			const parsed = parseAuthorizationInput$1(await options.onPrompt({
+				message: "Paste the authorization code or full redirect URL:",
+				placeholder: server.redirectUri
+			}));
+			if (parsed.state && parsed.state !== verifier) throw new Error("OAuth state mismatch");
+			code = parsed.code;
+			state = parsed.state ?? verifier;
+		}
+		if (!code) throw new Error("Missing authorization code");
+		if (!state) throw new Error("Missing OAuth state");
+		options.onProgress?.("Exchanging authorization code for tokens...");
+		return await exchangeAuthorizationCode$1(code, state, verifier, server.redirectUri);
+	} finally {
+		server.close();
+	}
+}
+/**
+* Build an `OAuthProviderInterface` that behaves identically to pi-ai's
+* `anthropicOAuthProvider` except for the callback page HTML. Drop this
+* onto `ProviderDescriptor.oauthProvider` to override.
+*/
+function createAnthropicOAuthProviderWithCustomPage(renderPage) {
+	return {
+		id: "anthropic",
+		name: "Anthropic (Claude Pro/Max)",
+		usesCallbackServer: true,
+		async login(callbacks) {
+			return loginAnthropicWithCustomPage({
+				renderPage,
+				onAuth: callbacks.onAuth,
+				onPrompt: callbacks.onPrompt,
+				onProgress: callbacks.onProgress,
+				onManualCodeInput: callbacks.onManualCodeInput
+			});
+		},
+		async refreshToken(credentials) {
+			return refreshAnthropicToken(credentials.refresh);
+		},
+		getApiKey(credentials) {
+			return credentials.access;
+		}
+	};
+}
+//#endregion
+//#region src/chat/oauth-page/openai-codex.ts
+const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+const AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize";
+const TOKEN_URL = "https://auth.openai.com/oauth/token";
+const CALLBACK_PORT = 1455;
+const CALLBACK_PATH = "/auth/callback";
+const SCOPE = "openid profile email offline_access";
+const JWT_CLAIM_PATH = "https://api.openai.com/auth";
+const PROVIDER_NAME = "OpenAI";
+function createState() {
+	return randomBytes(16).toString("hex");
+}
+function parseAuthorizationInput(input) {
+	const value = input.trim();
+	if (!value) return {};
+	try {
+		const url = new URL(value);
+		return {
+			code: url.searchParams.get("code") ?? void 0,
+			state: url.searchParams.get("state") ?? void 0
+		};
+	} catch {}
+	if (value.includes("#")) {
+		const [code, state] = value.split("#", 2);
+		return {
+			code,
+			state
+		};
+	}
+	if (value.includes("code=")) {
+		const params = new URLSearchParams(value);
+		return {
+			code: params.get("code") ?? void 0,
+			state: params.get("state") ?? void 0
+		};
+	}
+	return { code: value };
+}
+function decodeJwt(token) {
+	try {
+		const parts = token.split(".");
+		if (parts.length !== 3) return null;
+		const payload = parts[1] ?? "";
+		const decoded = atob(payload);
+		return JSON.parse(decoded);
+	} catch {
+		return null;
+	}
+}
+function getAccountId(accessToken) {
+	const accountId = (decodeJwt(accessToken)?.[JWT_CLAIM_PATH])?.chatgpt_account_id;
+	return typeof accountId === "string" && accountId.length > 0 ? accountId : null;
+}
+async function exchangeAuthorizationCode(code, verifier, redirectUri) {
+	const response = await fetch(TOKEN_URL, {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded" },
+		body: new URLSearchParams({
+			grant_type: "authorization_code",
+			client_id: CLIENT_ID,
+			code,
+			code_verifier: verifier,
+			redirect_uri: redirectUri
+		})
+	});
+	if (!response.ok) {
+		const text = await response.text().catch(() => "");
+		return {
+			type: "failed",
+			message: `OpenAI Codex token exchange failed (${response.status}): ${text || response.statusText}`
+		};
+	}
+	const json = await response.json();
+	if (!json.access_token || !json.refresh_token || typeof json.expires_in !== "number") return {
+		type: "failed",
+		message: `OpenAI Codex token exchange response missing fields: ${JSON.stringify(json)}`
+	};
+	return {
+		type: "success",
+		access: json.access_token,
+		refresh: json.refresh_token,
+		expires: Date.now() + json.expires_in * 1e3
+	};
+}
+async function loginOpenAICodexWithCustomPage(options) {
+	const { verifier, challenge } = await generatePkce();
+	const state = createState();
+	const originator = options.originator ?? "pi";
+	const server = await startCallbackServer({
+		port: CALLBACK_PORT,
+		path: CALLBACK_PATH,
+		expectedState: state,
+		providerName: PROVIDER_NAME,
+		renderPage: options.renderPage,
+		successMessage: "OpenAI authentication completed. You can close this window.",
+		onListenError: "resolveWithStub"
+	});
+	const authUrl = new URL(AUTHORIZE_URL);
+	authUrl.searchParams.set("response_type", "code");
+	authUrl.searchParams.set("client_id", CLIENT_ID);
+	authUrl.searchParams.set("redirect_uri", server.redirectUri);
+	authUrl.searchParams.set("scope", SCOPE);
+	authUrl.searchParams.set("code_challenge", challenge);
+	authUrl.searchParams.set("code_challenge_method", "S256");
+	authUrl.searchParams.set("state", state);
+	authUrl.searchParams.set("id_token_add_organizations", "true");
+	authUrl.searchParams.set("codex_cli_simplified_flow", "true");
+	authUrl.searchParams.set("originator", originator);
+	options.onAuth({
+		url: authUrl.toString(),
+		instructions: "A browser window should open. Complete login to finish."
+	});
+	let code;
+	try {
+		if (options.onManualCodeInput) {
+			let manualCode;
+			let manualError;
+			const manualPromise = options.onManualCodeInput().then((input) => {
+				manualCode = input;
+				server.cancelWait();
+			}).catch((err) => {
+				manualError = err instanceof Error ? err : new Error(String(err));
+				server.cancelWait();
+			});
+			const result = await server.waitForCode();
+			if (manualError) throw manualError;
+			if (result?.code) code = result.code;
+			else if (manualCode) {
+				const parsed = parseAuthorizationInput(manualCode);
+				if (parsed.state && parsed.state !== state) throw new Error("State mismatch");
+				code = parsed.code;
+			}
+			if (!code) {
+				await manualPromise;
+				if (manualError) throw manualError;
+				if (manualCode) {
+					const parsed = parseAuthorizationInput(manualCode);
+					if (parsed.state && parsed.state !== state) throw new Error("State mismatch");
+					code = parsed.code;
+				}
+			}
+		} else {
+			const result = await server.waitForCode();
+			if (result?.code) code = result.code;
+		}
+		if (!code) {
+			const parsed = parseAuthorizationInput(await options.onPrompt({ message: "Paste the authorization code (or full redirect URL):" }));
+			if (parsed.state && parsed.state !== state) throw new Error("State mismatch");
+			code = parsed.code;
+		}
+		if (!code) throw new Error("Missing authorization code");
+		const tokenResult = await exchangeAuthorizationCode(code, verifier, server.redirectUri);
+		if (tokenResult.type !== "success") throw new Error(tokenResult.message);
+		const accountId = getAccountId(tokenResult.access);
+		if (!accountId) throw new Error("Failed to extract accountId from token");
+		return {
+			access: tokenResult.access,
+			refresh: tokenResult.refresh,
+			expires: tokenResult.expires,
+			accountId
+		};
+	} finally {
+		server.close();
+	}
+}
+/**
+* Build an `OAuthProviderInterface` that behaves identically to pi-ai's
+* `openaiCodexOAuthProvider` except for the callback page HTML.
+*/
+function createOpenAICodexOAuthProviderWithCustomPage(renderPage) {
+	return {
+		id: "openai-codex",
+		name: "ChatGPT Plus/Pro (Codex Subscription)",
+		usesCallbackServer: true,
+		async login(callbacks) {
+			return loginOpenAICodexWithCustomPage({
+				renderPage,
+				onAuth: callbacks.onAuth,
+				onPrompt: callbacks.onPrompt,
+				onProgress: callbacks.onProgress,
+				onManualCodeInput: callbacks.onManualCodeInput
+			});
+		},
+		async refreshToken(credentials) {
+			return refreshOpenAICodexToken(credentials.refresh);
+		},
+		getApiKey(credentials) {
+			return credentials.access;
+		}
+	};
+}
+//#endregion
+//#region src/chat/oauth-page/render.ts
+function escapeHtml(value) {
+	return value.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;").replaceAll("\"", "&quot;").replaceAll("'", "&#39;");
+}
+/**
+* Default zidane-themed page. Visually neutral but distinguishable from
+* pi-ai's stock page — dark background, mono headings, no logo (host can
+* pass a custom renderer to add one).
+*/
+const renderDefaultCallbackPage = (page) => {
+	const heading = escapeHtml(page.kind === "success" ? `Signed in to ${page.provider}` : `Could not sign in to ${page.provider}`);
+	const message = escapeHtml(page.message);
+	const details = page.details ? escapeHtml(page.details) : void 0;
+	return `<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>${heading}</title>
+  <style>
+    :root {
+      --text: #f4f4f5;
+      --text-dim: #a1a1aa;
+      --accent: ${page.kind === "success" ? "#22d3ee" : "#f87171"};
+      --page-bg: #0a0a0a;
+      --panel-bg: #131316;
+      --border: #27272a;
+      --font-sans: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+      --font-mono: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace;
+    }
+    * { box-sizing: border-box; }
+    html { color-scheme: dark; }
+    body {
+      margin: 0;
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      padding: 24px;
+      background: var(--page-bg);
+      color: var(--text);
+      font-family: var(--font-sans);
+    }
+    main {
+      width: 100%;
+      max-width: 520px;
+      padding: 32px;
+      background: var(--panel-bg);
+      border: 1px solid var(--border);
+      border-radius: 12px;
+    }
+    .label {
+      font-family: var(--font-mono);
+      font-size: 12px;
+      letter-spacing: 0.08em;
+      text-transform: uppercase;
+      color: var(--accent);
+      margin-bottom: 12px;
+    }
+    h1 {
+      margin: 0 0 12px;
+      font-size: 22px;
+      font-weight: 600;
+      letter-spacing: -0.01em;
+      color: var(--text);
+    }
+    p {
+      margin: 0;
+      line-height: 1.6;
+      color: var(--text-dim);
+      font-size: 14px;
+    }
+    .details {
+      margin-top: 18px;
+      padding: 12px 14px;
+      background: var(--page-bg);
+      border: 1px solid var(--border);
+      border-radius: 8px;
+      font-family: var(--font-mono);
+      font-size: 12px;
+      color: var(--text-dim);
+      white-space: pre-wrap;
+      word-break: break-word;
+    }
+  </style>
+</head>
+<body>
+  <main>
+    <div class="label">zidane · OAuth · ${escapeHtml(page.provider)}</div>
+    <h1>${heading}</h1>
+    <p>${message}</p>
+    ${details ? `<div class="details">${details}</div>` : ""}
+  </main>
+</body>
+</html>`;
+};
+//#endregion
+//#region src/chat/oauth-page/index.ts
+/**
+* Bundle helper — returns both Anthropic + OpenAI Codex providers wired
+* with the same renderer. Hosts that want different renderers per provider
+* should call the individual `create…WithCustomPage` factories instead.
+*/
+function createCustomCallbackOAuthProviders(renderPage) {
+	return {
+		anthropic: createAnthropicOAuthProviderWithCustomPage(renderPage),
+		openaiCodex: createOpenAICodexOAuthProviderWithCustomPage(renderPage)
+	};
+}
+let cursorRegistered = false;
+/**
+* Register Cursor with pi-ai's OAuth registry.
+*
+* Unlike Anthropic / Codex, Cursor is **not** built into pi-ai, so
+* `getOAuthApiKey('cursor', …)` (used by `resolveOAuthApiKey` for lazy
+* token refresh) would throw "Unknown OAuth provider" until we register it.
+* Call once at startup from both the CLI auth path and the TUI. Idempotent.
 */
-function compactPath(path, maxWidth, home) {
-	const h = home ?? homedir();
-	let display = path;
-	if (h) {
-		if (path === h) display = "~";
-		else if (path.startsWith(`${h}/`)) display = `~${path.slice(h.length)}`;
+function registerCursorOAuthProvider() {
+	const provider = createCursorOAuthProvider();
+	if (!cursorRegistered) {
+		registerOAuthProvider(provider);
+		cursorRegistered = true;
 	}
-	if (maxWidth !== void 0 && maxWidth > 1 && display.length > maxWidth) return `…${display.slice(display.length - maxWidth + 1)}`;
-	return display;
+	return provider;
+}
+//#endregion
+//#region src/chat/providers.ts
+/**
+* pi-ai's stock Anthropic + Codex OAuth providers bake their own callback
+* HTML; we route both through `renderDefaultCallbackPage` so the post-redirect
+* page matches zidane's theme. The override lives in `src/chat/oauth-page/`
+* — see that folder's `index.ts` for the deletion path once pi-ai exposes
+* a `renderCallbackPage` hook upstream.
+*/
+const { anthropic: anthropicOAuthProvider, openaiCodex: openaiCodexOAuthProvider } = createCustomCallbackOAuthProviders(renderDefaultCallbackPage);
+registerCursorOAuthProvider();
+/** Convenience accessor — returns `credentialFileKey ?? key`. */
+function credKeyOf(desc) {
+	return desc.credentialFileKey ?? desc.key;
+}
+/** Convenience accessor — returns `piProviderId ?? key`. */
+function piIdOf(desc) {
+	return desc.piProviderId ?? desc.key;
+}
+const anthropicDescriptor = {
+	key: "anthropic",
+	label: "Anthropic",
+	factory: anthropic,
+	defaultModel: "claude-opus-4-8",
+	envKey: "ANTHROPIC_API_KEY",
+	apiKeyPlaceholder: "sk-ant-…",
+	oauthProvider: anthropicOAuthProvider,
+	oauthHint: "Claude Pro/Max subscription",
+	extraModels: ANTHROPIC_EXTRA_MODELS,
+	optionsFor: (id) => FAST_MODE_OPTIONS[id] ? [FAST_MODE_OPTIONS[id]] : void 0
+};
+const openaiDescriptor = {
+	key: "openai",
+	label: "OpenAI",
+	factory: openai,
+	defaultModel: "gpt-5.5",
+	envKey: "OPENAI_CODEX_API_KEY",
+	credentialFileKey: "openai-codex",
+	piProviderId: "openai-codex",
+	apiKeyPlaceholder: "sk-… or eyJ… (Codex)",
+	oauthProvider: openaiCodexOAuthProvider
+};
+const openrouterDescriptor = {
+	key: "openrouter",
+	label: "OpenRouter",
+	factory: openrouter,
+	defaultModel: "anthropic/claude-sonnet-4-6",
+	envKey: "OPENROUTER_API_KEY",
+	apiKeyPlaceholder: "sk-or-…"
+};
+const cerebrasDescriptor = {
+	key: "cerebras",
+	label: "Cerebras",
+	factory: cerebras,
+	defaultModel: "zai-glm-4.7",
+	envKey: "CEREBRAS_API_KEY",
+	apiKeyPlaceholder: "csk-…"
+};
+/**
+* Conservative context-window assumption for a user-configured local model.
+* Local runtimes expose no reliable per-model metadata over the OpenAI-compat
+* `/v1/models` endpoint (it returns ids, not context sizes), so we pick a
+* floor that fits the smallest mainstream OSS models (Llama 3.x 8B, Qwen2.5)
+* without over-promising. The footer's context indicator and auto-compaction
+* lean on this — under-estimating is the safe direction (compact early rather
+* than overflow the server's real window).
+*
+* Users running larger-context models (e.g. a 128K Qwen) can raise it via the
+* `LOCAL_LLM_CONTEXT_WINDOW` env var / customField, which supports a single
+* value or a per-model map (resolved by {@link resolveContextWindow}).
+*/
+const LOCAL_DEFAULT_CONTEXT_WINDOW = 8192;
+/**
+* Local OpenAI-compatible LLM (Ollama, vLLM, LM Studio, Lemonade, llama.cpp).
+*
+* No fixed base URL or model catalogue — both come from the user via
+* `customFields`. No `envKey`, so the wizard skips the API-key prompt and
+* treats the customFields-only credential as the auth signal (see
+* `applyApiKeyEnv` + `detectAuth`).
+*
+* Vision / cache / reasoning are off by default in the factory — flip them
+* by passing a custom descriptor that calls `local({ capabilities })`.
+*
+* `models` is a getter, not a static list: there's no fixed catalogue to ship,
+* but once the user has configured a default model (mirrored into
+* `LOCAL_LLM_DEFAULT_MODEL` by `applyApiKeyEnv`), we surface it as a
+* single-entry list so the model picker + footer aren't empty. Resolved at
+* access time because the env var is populated at TUI launch, after this
+* module loads. Empty list when unconfigured — the picker hides, the user
+* types a slug at the prompt as before.
+*/
+const localDescriptor = {
+	key: "local",
+	label: "Local LLM",
+	factory: local,
+	get models() {
+		const configured = process.env.LOCAL_LLM_DEFAULT_MODEL?.trim();
+		if (!configured) return [];
+		return [{
+			id: configured,
+			name: configured,
+			contextWindow: resolveContextWindow(process.env.LOCAL_LLM_CONTEXT_WINDOW, configured) ?? LOCAL_DEFAULT_CONTEXT_WINDOW,
+			input: ["text"]
+		}];
+	},
+	customFields: [
+		{
+			key: "baseURL",
+			label: "Base URL",
+			envVar: "LOCAL_LLM_BASE_URL",
+			placeholder: "http://localhost:11434/v1",
+			hint: "Where your local LLM server is reachable. Examples: Ollama → http://localhost:11434/v1, vLLM → http://localhost:8000/v1, LM Studio → http://localhost:1234/v1.",
+			required: true
+		},
+		{
+			key: "apiKey",
+			label: "API key",
+			envVar: "LOCAL_LLM_API_KEY",
+			placeholder: "leave blank if your server is unauthenticated"
+		},
+		{
+			key: "model",
+			label: "Default model",
+			envVar: "LOCAL_LLM_DEFAULT_MODEL",
+			placeholder: "e.g. llama3.1:8b, qwen2.5-coder, mistral-small",
+			hint: "Model id your server exposes. Leave blank to pick later from the model picker."
+		},
+		{
+			key: "contextWindow",
+			label: "Context window (tokens)",
+			envVar: "LOCAL_LLM_CONTEXT_WINDOW",
+			placeholder: "e.g. 32768  ·  or per-model: llama3.1:8b=32768, qwen2.5-coder=128k, 64k",
+			hint: "Context length(s) for your local model(s) — local runtimes don't advertise this, so set it here to enable the context indicator and auto-compaction. Use a single value (32768, 128k) for all models, or a comma-separated map of `model=window` with an optional bare value as the fallback. Press"
+		}
+	],
+	contextWindowEnvVar: "LOCAL_LLM_CONTEXT_WINDOW"
+};
+/**
+* Default provider registry. Passed verbatim when `runTui` is invoked without
+* an explicit `providers` option. Hosts that want to override per-provider
+* metadata can spread this and replace specific entries:
+*
+* ```ts
+* runTui({ providers: { ...BUILTIN_PROVIDERS, anthropic: myOwnAnthropicDescriptor } })
+* ```
+*
+* `cursor` is intentionally NOT registered here: OAuth works, but inference
+* isn't wired (`cursor.stream()` throws — Cursor speaks a protobuf/HTTP-2
+* agent protocol, not OpenAI-compat). Shipping it in the picker only lets users
+* select a model that errors every turn. The descriptor stays exported so a
+* host can opt in (`{ ...BUILTIN_PROVIDERS, cursor: cursorDescriptor }`) once
+* the transport lands — re-add it here at that point.
+*/
+const BUILTIN_PROVIDERS = {
+	anthropic: anthropicDescriptor,
+	openai: openaiDescriptor,
+	openrouter: openrouterDescriptor,
+	cerebras: cerebrasDescriptor,
+	local: localDescriptor
+};
+/**
+* Resolve the model list for a given provider. Honors `descriptor.models`
+* when set; otherwise queries pi-ai via `descriptor.piProviderId`. Returns
+* `[]` for descriptors with no known mapping (custom providers without a
+* model list) — callers should hide the model picker in that case.
+*/
+function modelsForDescriptor(descriptor) {
+	if (descriptor.models) return descriptor.models;
+	let bundled;
+	try {
+		bundled = getModels(piIdOf(descriptor));
+	} catch {
+		bundled = [];
+	}
+	if (descriptor.extraModels?.length) {
+		const bundledIds = new Set(bundled.map((m) => m.id));
+		bundled = [...descriptor.extraModels.filter((m) => !bundledIds.has(m.id)), ...bundled];
+	}
+	return descriptor.optionsFor ? bundled.map((m) => decorateOptions(m, descriptor)) : bundled;
+}
+/**
+* Attach descriptor-resolved {@link ModelOption}s to a model that doesn't
+* already declare its own. Pure / non-mutating — returns the input untouched
+* when the model has options already or the descriptor resolves none.
+*/
+function decorateOptions(model, descriptor) {
+	if (model.options?.length || !descriptor.optionsFor) return model;
+	const options = descriptor.optionsFor(model.id);
+	return options?.length ? {
+		...model,
+		options
+	} : model;
+}
+/**
+* Resolve a single model's metadata via the descriptor's model source.
+* Mirrors {@link modelsForDescriptor} routing: descriptor's own list wins,
+* pi-ai's registry is the fallback. Returns `null` when the model isn't
+* known.
+*/
+function getModelInfo(descriptor, modelId) {
+	if (descriptor.models) return descriptor.models.find((m) => m.id === modelId) ?? null;
+	try {
+		const bundled = getModel(piIdOf(descriptor), modelId);
+		if (bundled) return decorateOptions(bundled, descriptor);
+	} catch {}
+	const extra = descriptor.extraModels?.find((m) => m.id === modelId);
+	return extra ? decorateOptions(extra, descriptor) : null;
+}
+/**
+* Parse a user-supplied context-window string into a token count.
+*
+* Accepts a plain integer (`"32768"`), or a number with a `k`/`m` suffix
+* (×1_000 / ×1_000_000, case-insensitive, optional space) — so `"128k"`
+* yields `128_000`, matching how the footer renders windows (`fmtTokens`).
+* Fractional values are floored (`"1.5k"` → `1500`). Returns `null` for
+* empty, malformed, zero, or negative input so callers fall through to
+* "window unknown" rather than a bogus ceiling.
+*/
+function parseContextWindow(raw) {
+	if (raw == null) return null;
+	const trimmed = raw.trim();
+	if (trimmed.length === 0) return null;
+	const match = /^(\d+(?:\.\d+)?)\s*([km])?$/i.exec(trimmed);
+	if (!match) return null;
+	const suffix = match[2]?.toLowerCase();
+	const mult = suffix === "k" ? 1e3 : suffix === "m" ? 1e6 : 1;
+	const value = Math.floor(Number.parseFloat(match[1]) * mult);
+	return value >= 1 ? value : null;
+}
+/**
+* Resolve a per-model context window from a user-supplied spec string.
+*
+* A spec is a comma-separated list of entries. An entry is either:
+*   - `model=window` — a per-model override (split on the **first** `=`, so
+*     model ids containing `:` or `/` survive), or
+*   - a bare `window` — the fallback applied to any model not named above.
+*
+* Windows are parsed by {@link parseContextWindow} (plain int or k/m suffix).
+* Whitespace around entries and the `=` is ignored; malformed entries are
+* skipped rather than poisoning the whole spec; a later duplicate key wins.
+*
+* Lookup order for `modelId`: exact map entry → bare fallback → `null`. A
+* lone bare value (`"32768"`) therefore behaves as a single global window,
+* keeping the simple single-model config working.
+*
+* @example resolveContextWindow('llama3.1:8b=32768, qwen=128k, 64k', 'qwen') // 128000
+*/
+function resolveContextWindow(spec, modelId) {
+	if (spec == null) return null;
+	const overrides = /* @__PURE__ */ new Map();
+	let fallback = null;
+	for (const entry of spec.split(",")) {
+		const eq = entry.indexOf("=");
+		if (eq === -1) {
+			const bare = parseContextWindow(entry);
+			if (bare != null) fallback = bare;
+			continue;
+		}
+		const key = entry.slice(0, eq).trim();
+		const window = parseContextWindow(entry.slice(eq + 1));
+		if (key.length > 0 && window != null) overrides.set(key, window);
+	}
+	return overrides.get(modelId) ?? fallback;
+}
+/**
+* Look up the model's max context window via the descriptor's model source.
+* Falls back to {@link ProviderDescriptor.contextWindowEnvVar} (parsed via
+* {@link resolveContextWindow}, which supports a per-model map) when the
+* registry has nothing — this is how local LLMs, whose runtimes don't
+* advertise a window, get one. Returns `null` when neither source resolves a
+* value (custom slugs, providers without a registry or a configured window);
+* callers should hide the context indicator and skip auto-compaction then.
+*/
+function getContextWindow(descriptor, modelId) {
+	const fromRegistry = getModelInfo(descriptor, modelId)?.contextWindow;
+	if (fromRegistry != null) return fromRegistry;
+	if (descriptor.contextWindowEnvVar) return resolveContextWindow(process.env[descriptor.contextWindowEnvVar], modelId);
+	return null;
+}
+/**
+* Reserved output budget subtracted from the raw context window when
+* computing the effective ceiling for compaction / warning thresholds.
+*
+* Aligned with Claude Code's `COMPACT_MAX_OUTPUT_TOKENS = 20_000`
+* (`utils/context.ts:12`) — covers p99.99 of summary + response output.
+* A turn that consumed N input tokens leaves `effectiveWindow - N`
+* headroom for the next prompt's response; once headroom shrinks
+* below the threshold, auto-compaction fires.
+*/
+const OUTPUT_RESERVE_TOKENS = 2e4;
+/**
+* Effective context window — what the next user turn can actually pack
+* before the provider reserves space for the assistant's reply. Equals
+* `rawWindow - OUTPUT_RESERVE_TOKENS`, clamped to `>= 1` so a tiny
+* (or absurd) window doesn't yield zero / negative thresholds.
+*
+* Used by both the footer's context indicator and the auto-compact
+* trigger so the two surfaces agree on "how full are we, really".
+* Pass `null` through unchanged so callers can pipe `getContextWindow`
+* directly without an intermediate check.
+*/
+function effectiveContextWindow(rawWindow) {
+	if (rawWindow === null) return null;
+	return Math.max(1, rawWindow - OUTPUT_RESERVE_TOKENS);
+}
+/**
+* Whether the given model exposes a reasoning / extended-thinking knob.
+* Drives the TUI's effort picker visibility — the `ctrl+n` shortcut and
+* the bottom-bar `effortName` segment only surface when this is `true`.
+* Returns `false` for unknown models (no registry entry → no advertised
+* capability).
+*/
+function modelSupportsReasoning(descriptor, modelId) {
+	return getModelInfo(descriptor, modelId)?.reasoning === true;
+}
+/**
+* Custom {@link ModelOption}s the given model supports (e.g. fast mode), or `[]`
+* when none. Drives the TUI/GUI options picker visibility — surfaces only when
+* non-empty.
+*/
+function modelOptionsFor(descriptor, modelId) {
+	return getModelInfo(descriptor, modelId)?.options ?? [];
+}
+/**
+* Normalize a model-options blob to an enabled-only `{ id: true }` map.
+*
+* Single source of truth shared by every surface that reads or persists model
+* options — the TUI run path, the GUI engine reader, and the GUI IPC handlers.
+* Tolerant of arbitrary input (persisted JSON metadata may be anything): a
+* non-object → `{}`, and only entries strictly equal to `true` survive. This
+* keeps the persisted shape minimal (no `{ fast: false }` noise) and means
+* callers never forward a disabled option to `agent.run`.
+*/
+function enabledModelOptions(raw) {
+	if (!raw || typeof raw !== "object") return {};
+	const out = {};
+	for (const [id, on] of Object.entries(raw)) if (on === true) out[id] = true;
+	return out;
+}
+/**
+* Resolve a model's remembered options for a (re)pick: keep only options the
+* model still declares AND that are enabled, dropping any that no longer apply
+* (e.g. switching away from a model that supported `fast`). Returns `undefined`
+* when nothing applies so callers can omit the field entirely.
+*
+* Shared by the TUI pick path and the launch-time resume path so "which options
+* survive a model switch / relaunch" is decided in exactly one place.
+*/
+function restoreModelOptions(descriptor, modelId, remembered) {
+	const validIds = new Set(modelOptionsFor(descriptor, modelId).map((o) => o.id));
+	if (validIds.size === 0) return void 0;
+	const enabled = enabledModelOptions(remembered?.[modelId]);
+	const filtered = {};
+	for (const id of Object.keys(enabled)) if (validIds.has(id)) filtered[id] = true;
+	return Object.keys(filtered).length > 0 ? filtered : void 0;
 }
 //#endregion
 //#region src/tools/read-state.ts
@@ -685,7 +1531,7 @@ function buildPersistedStub(input) {
 	const { slice: previewSlice, bytes: previewBytes } = sliceFirstBytes(input.output, PERSISTENCE_PREVIEW_BYTES);
 	const previewMarker = previewSlice.length < input.output.length ? `\n…(${input.originalBytes - previewBytes} more bytes in persisted file)` : "";
 	return [
-		`${PERSISTED_STUB_PREFIX}${escapeAttr(input.toolName)}" bytes="${input.originalBytes}" path="${escapeAttr(input.persistedPath)}">`,
+		`${PERSISTED_STUB_PREFIX}${escapeXml(input.toolName)}" bytes="${input.originalBytes}" path="${escapeXml(input.persistedPath)}">`,
 		`${previewSlice}${previewMarker}`,
 		"</persisted-output>"
 	].join("\n");
@@ -738,14 +1584,6 @@ async function writeAtomic(path, content) {
 	}
 }
 /**
-* Byte length of a UTF-8 string. `Buffer.byteLength` is the canonical
-* answer; pulling it through a small helper keeps `node:buffer` out of
-* call sites that don't otherwise need it.
-*/
-function byteLength(text) {
-	return Buffer.byteLength(text, "utf8");
-}
-/**
 * Take the first `cap` bytes of `text` without splitting a UTF-8
 * codepoint. Returns the substring AND its exact UTF-8 byte length so
 * the caller doesn't repeat the byte walk (the truncation marker in
@@ -769,7 +1607,7 @@ function sliceFirstBytes(text, cap) {
 		slice: "",
 		bytes: 0
 	};
-	const total = byteLength(text);
+	const total = utf8ByteLength(text);
 	if (total <= cap) return {
 		slice: text,
 		bytes: total
@@ -777,7 +1615,7 @@ function sliceFirstBytes(text, cap) {
 	let bytes = 0;
 	let charIdx = 0;
 	for (const ch of text) {
-		const chBytes = byteLength(ch);
+		const chBytes = utf8ByteLength(ch);
 		if (bytes + chBytes > cap) break;
 		bytes += chBytes;
 		charIdx += ch.length;
@@ -787,18 +1625,6 @@ function sliceFirstBytes(text, cap) {
 		bytes
 	};
 }
-/**
-* Escape `&`, `"`, and `<` for safe inclusion in an XML attribute. The
-* stub format embeds tool names and filesystem paths verbatim — both
-* theoretically could contain one of these (Windows paths can't, but a
-* tool alias is user-controlled). Keeping the attribute well-formed
-* prevents a malicious or unusual tool name from breaking the wrapper
-* parse. `&` is escaped first so the subsequent replacements don't
-* double-encode the entities we just emitted.
-*/
-function escapeAttr(text) {
-	return text.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;");
-}
 //#endregion
 //#region src/tools/validation.ts
 const TRUE_STRINGS = new Set([
@@ -1856,6 +2682,7 @@ async function executeTurn(ctx, turn, priorUsage) {
 		maxTokens: ctx.maxTokens ?? 16384,
 		thinking: ctx.thinking,
 		thinkingBudget: effectiveThinkingBudget,
+		...ctx.modelOptions ? { modelOptions: ctx.modelOptions } : {},
 		cache: ctx.cache ?? true,
 		signal: ctx.signal
 	};
@@ -1916,6 +2743,22 @@ async function executeTurn(ctx, turn, priorUsage) {
 						turnId
 					});
 				},
+				onServerToolUse({ id, name, input }) {
+					ctx.hooks.callHook("stream:server_tool_use", {
+						id,
+						name,
+						input,
+						turnId
+					});
+				},
+				onServerToolResult({ toolUseId, toolName, content }) {
+					ctx.hooks.callHook("stream:server_tool_result", {
+						toolUseId,
+						toolName,
+						content,
+						turnId
+					});
+				},
 				onOAuthRefresh(refreshCtx) {
 					return ctx.hooks.callHook("oauth:refresh", refreshCtx);
 				}
@@ -2385,10 +3228,10 @@ async function runSingleToolDispatch(ctx, call, turnId, fixed) {
 		let removeAbortListener;
 		const cancellationPromise = new Promise((_, reject) => {
 			if (perCallAbort.signal.aborted) {
-				reject(new Error(CANCELLED_BY_USER_SENTINEL));
+				reject(/* @__PURE__ */ new Error(CANCELLED_BY_USER_SENTINEL));
 				return;
 			}
-			const onAbort = () => reject(new Error(CANCELLED_BY_USER_SENTINEL));
+			const onAbort = () => reject(/* @__PURE__ */ new Error(CANCELLED_BY_USER_SENTINEL));
 			perCallAbort.signal.addEventListener("abort", onAbort, { once: true });
 			removeAbortListener = () => perCallAbort.signal.removeEventListener("abort", onAbort);
 		});
@@ -2644,6 +3487,20 @@ async function executeToolBatch(ctx, toolCalls, turnId) {
 	const drain = async () => {
 		if (inFlight.size > 0) await Promise.all([...inFlight.values()]);
 	};
+	/**
+	* Free a SINGLE slot: wait for the first in-flight call to settle rather
+	* than the whole fleet. Used when an all-safe fleet hits `maxConcurrent` —
+	* a sliding window dispatches the next safe call the moment ANY sibling
+	* finishes, instead of stalling the entire batch on the slowest one (which
+	* a full `drain()` would do). `dispatch()` never rejects (it captures both
+	* outcomes into `results[]`), so `Promise.race` here can't throw. Each
+	* dispatched promise carries a `.finally` that deletes its own slot from
+	* `inFlight` BEFORE the promise resolves, so on return `inFlight.size` has
+	* dropped by at least one and a dispatch is guaranteed to fit under the cap.
+	*/
+	const waitForSlot = async () => {
+		if (inFlight.size > 0) await Promise.race([...inFlight.values()]);
+	};
 	/** Whether every in-flight call is concurrency-safe. */
 	const fleetAllSafe = () => {
 		for (const idx of inFlight.keys()) if (!safe[idx]) return false;
@@ -2665,7 +3522,8 @@ async function executeToolBatch(ctx, toolCalls, turnId) {
 	};
 	try {
 		for (let i = 0; i < N; i++) {
-			if (!safe[i] || !fleetAllSafe() || inFlight.size >= maxConcurrent) await drain();
+			if (!safe[i] || !fleetAllSafe()) await drain();
+			else if (inFlight.size >= maxConcurrent) await waitForSlot();
 			if (ctx.signal.aborted) {
 				await drain();
 				fillUnstarted(i, INTERRUPT_MESSAGE_FOR_TOOL_USE);
@@ -3757,6 +4615,81 @@ function createToolSearchTool(options) {
 //#endregion
 //#region src/agent.ts
 /**
+* Single builder for a {@link ContextAssembly}, shared by the per-run snapshot
+* and the pre-run assembly so the two can't drift on optionality / field
+* ordering. Callers pass every piece (optional fields may be `undefined`); this
+* normalizes the spread-conditional shape both producers previously inlined.
+*/
+function assembleContextSnapshot(input) {
+	return {
+		modelId: input.modelId,
+		system: input.system,
+		baseSystem: input.baseSystem,
+		...input.rulesBlock ? { rulesBlock: input.rulesBlock } : {},
+		...input.rulesFiles?.length ? { rulesFiles: input.rulesFiles } : {},
+		disclosedTools: input.disclosedTools,
+		deferredEntries: input.deferredEntries,
+		...input.mcpInstructions ? { mcpInstructions: input.mcpInstructions } : {},
+		...input.skillsCatalog ? { skillsCatalog: input.skillsCatalog } : {},
+		...input.subagentDefs ? { subagentDefs: input.subagentDefs } : {},
+		wireTools: input.wireTools
+	};
+}
+/**
+* Lazily serialize an assembly's tool inputs into the byte-sized buckets the
+* context breakdown consumes. Deferred so the per-run snapshot stays cheap —
+* the `JSON.stringify` here only runs when `getContextBreakdown()` is called.
+*
+* MCP grouping preserves first-seen server order; native tools stay flat. The
+* output is byte-identical to the eager partition it replaced.
+*/
+function materializeAssemblyTools(assembly) {
+	const toolsJson = [];
+	const disclosedMcp = /* @__PURE__ */ new Map();
+	for (const t of assembly.disclosedTools) {
+		const json = JSON.stringify({
+			name: t.name,
+			description: t.description,
+			inputSchema: t.inputSchema
+		});
+		if (t.mcpServer !== void 0) {
+			const bucket = disclosedMcp.get(t.mcpServer) ?? [];
+			bucket.push({
+				name: t.name,
+				json
+			});
+			disclosedMcp.set(t.mcpServer, bucket);
+		} else toolsJson.push(json);
+	}
+	const deferredToolsJson = [];
+	const deferredMcp = /* @__PURE__ */ new Map();
+	for (const entry of assembly.deferredEntries) {
+		const json = JSON.stringify({
+			name: entry.name,
+			description: entry.description,
+			inputSchema: entry.inputSchema
+		});
+		if (entry.server !== void 0) {
+			const bucket = deferredMcp.get(entry.server) ?? [];
+			bucket.push({
+				name: entry.name,
+				json
+			});
+			deferredMcp.set(entry.server, bucket);
+		} else deferredToolsJson.push(json);
+	}
+	const toGroups = (m) => [...m.entries()].map(([server, list]) => ({
+		server,
+		tools: list
+	}));
+	return {
+		toolsJson,
+		deferredToolsJson,
+		mcpGroups: toGroups(disclosedMcp),
+		deferredMcpGroups: toGroups(deferredMcp)
+	};
+}
+/**
 * Authoritative list of hook event names. Kept in sync with `AgentHooks` at
 * compile time: the `satisfies` assertion below rejects any drift.
 */
@@ -3799,6 +4732,8 @@ const HOOK_EVENT_SET = new Set([
 	"stream:text",
 	"stream:end",
 	"stream:thinking",
+	"stream:server_tool_use",
+	"stream:server_tool_result",
 	"stream:error",
 	"stream:retry",
 	"oauth:refresh",
@@ -3821,6 +4756,8 @@ const HOOK_EVENT_SET = new Set([
 	"child:stream:text",
 	"child:stream:thinking",
 	"child:stream:end",
+	"child:stream:server_tool_use",
+	"child:stream:server_tool_result",
 	"child:stream:error",
 	"child:tool:gate",
 	"child:mcp:tool:gate",
@@ -3938,6 +4875,7 @@ function resolveBehavior(agentBehavior, runBehavior) {
 		maxTotalTokens: runBehavior?.maxTotalTokens ?? agentBehavior?.maxTotalTokens,
 		maxTokens: runBehavior?.maxTokens ?? agentBehavior?.maxTokens,
 		thinkingBudget: runBehavior?.thinkingBudget ?? agentBehavior?.thinkingBudget,
+		modelOptions: runBehavior?.modelOptions ?? agentBehavior?.modelOptions,
 		schema: runBehavior?.schema ?? agentBehavior?.schema,
 		cache: runBehavior?.cache ?? agentBehavior?.cache ?? true,
 		toolOutputBudget: runBehavior?.toolOutputBudget ?? agentBehavior?.toolOutputBudget,
@@ -4119,29 +5057,43 @@ function renderMcpInstructionsSection(instructions) {
 	return parts.join("\n");
 }
 /**
-* Pick the next safe value for `runCounter` so `run_${++counter}` mints
-* an id that doesn't collide with any runId already referenced by the
-* session — whether the runId lives in `session.runs` or only in
-* `session.turns[].runId`. The regex matches the canonical `run_<int>`
-* shape minted by this module; any caller-supplied custom id schemes
-* are ignored (they don't conflict with `run_N`).
-*
-* Returning 0 for a sessionless / clean session preserves the original
-* "first run is run_1" semantics.
+* Set of runIds belonging to subagent (depth > 0) runs in a session. Used to
+* filter child-run turns out of the resumed conversation and out of
+* last-turn-usage accounting — both need "everything a subagent produced",
+* keyed by `runId`. Returns an empty set for a sessionless agent.
 */
-function initialRunCounter(session) {
-	if (!session) return 0;
-	let max = 0;
-	const consider = (id) => {
-		if (!id) return;
-		const m = /^run_(\d+)$/.exec(id);
-		if (!m) return;
-		const n = Number.parseInt(m[1], 10);
-		if (Number.isFinite(n) && n > max) max = n;
-	};
-	for (const r of session.runs) consider(r.id);
-	for (const t of session.turns) consider(t.runId);
-	return max;
+function childRunIdSet(session) {
+	const ids = /* @__PURE__ */ new Set();
+	for (const r of session?.runs ?? []) if ((r.depth ?? 0) > 0) ids.add(r.id);
+	return ids;
+}
+/**
+* Validate `agent.run()`'s prompt/resume preconditions and compute the
+* unresolved-tool-filtered resume view (returned for reuse in the seed block).
+*
+* `prompt` is required unless resuming a session that already has turns. The
+* resume guard inspects the trailing turn AFTER filtering unresolved tool_uses
+* (L1) — a session that ended on an orphan assistant turn (process death
+* mid-tool, `kill -9`) gets its trailing assistant dropped before the
+* "trailing must be user" check, so a recoverable session doesn't get a
+* spurious `cannot resume without prompt` error.
+*
+* Throws on an unrecoverable resume request; otherwise returns the filtered
+* turns (or `undefined` when the session has no turns).
+*/
+function validateAndPrepareResume(session, prompt) {
+	const hasSessionTurns = !!session && session.turns.length > 0;
+	if (!prompt && !hasSessionTurns) throw new Error("prompt is required when no session with existing turns is provided");
+	let resumeFilteredTurns;
+	if (hasSessionTurns) resumeFilteredTurns = filterUnresolvedToolUses(session.turns);
+	if (!prompt && resumeFilteredTurns) {
+		const lastTurn = resumeFilteredTurns.at(-1);
+		if (lastTurn && lastTurn.role !== "user") {
+			const detail = detectTurnInterruption(resumeFilteredTurns) === "completed" ? "last turn is a completed assistant message" : "last turn is mid-stream assistant content";
+			throw new Error(`cannot resume without prompt: ${detail}. Pass a prompt to agent.run({ prompt: … }).`);
+		}
+	}
+	return resumeFilteredTurns;
 }
 function createAgent({ provider, name: agentName, system: agentSystem, tools: agentTools, toolAliases, behavior: agentBehavior, execution, mcpServers, session, readState: agentReadState, skills: agentSkills, mcpConnector, eager, hooks: initialHooks, clock: agentClock }) {
 	const hooks = createHooks();
@@ -4159,16 +5111,43 @@ function createAgent({ provider, name: agentName, system: agentSystem, tools: ag
 	let running = false;
 	let idleResolve;
 	let idlePromise;
+	function resetRunScope() {
+		running = false;
+		abortController = void 0;
+		idleResolve?.();
+		idlePromise = void 0;
+		idleResolve = void 0;
+	}
 	const pendingTaskNotifications = /* @__PURE__ */ new Map();
 	const pendingToolCancels = /* @__PURE__ */ new Map();
 	let executionHandle = null;
 	let mcpConnection = null;
+	let lastContextAssembly = null;
 	let mcpWarmupPromise = null;
 	const allMcpServers = mcpServers ?? [];
 	const steeringQueue = [];
 	const followUpQueue = [];
 	let conversationTurns = session?.turns.slice() ?? [];
-	let runCounter = initialRunCounter(session);
+	let runCounter = 0;
+	let scannedRuns = 0;
+	let scannedTurns = 0;
+	const considerRunId = (id) => {
+		if (!id) return;
+		const m = /^run_(\d+)$/.exec(id);
+		if (!m) return;
+		const n = Number.parseInt(m[1], 10);
+		if (Number.isFinite(n) && n > runCounter) runCounter = n;
+	};
+	function syncRunCounter() {
+		if (!session) return;
+		if (session.runs.length < scannedRuns) scannedRuns = 0;
+		if (session.turns.length < scannedTurns) scannedTurns = 0;
+		for (let i = scannedRuns; i < session.runs.length; i++) considerRunId(session.runs[i].id);
+		for (let i = scannedTurns; i < session.turns.length; i++) considerRunId(session.turns[i].runId);
+		scannedRuns = session.runs.length;
+		scannedTurns = session.turns.length;
+	}
+	syncRunCounter();
 	const skillsConfig = agentSkills;
 	const skillsEnabledValue = skillsConfig?.enabled;
 	const skillsDisabled = skillsEnabledValue === false || Array.isArray(skillsEnabledValue) && skillsEnabledValue.length === 0;
@@ -4212,24 +5191,14 @@ function createAgent({ provider, name: agentName, system: agentSystem, tools: ag
 	const skillActivationState = createSkillActivationState({ maxActive: skillsConfig?.maxActive });
 	async function run(options) {
 		if (running) throw new Error("Agent is already running. Use steer() or followUp() to queue messages, or waitForIdle().");
-		const hasSessionTurns = session && session.turns.length > 0;
-		if (!options.prompt && !hasSessionTurns) throw new Error("prompt is required when no session with existing turns is provided");
-		let resumeFilteredTurns;
-		if (hasSessionTurns) resumeFilteredTurns = filterUnresolvedToolUses(session.turns);
-		if (!options.prompt && resumeFilteredTurns) {
-			const lastTurn = resumeFilteredTurns.at(-1);
-			if (lastTurn && lastTurn.role !== "user") {
-				const detail = detectTurnInterruption(resumeFilteredTurns) === "completed" ? "last turn is a completed assistant message" : "last turn is mid-stream assistant content";
-				throw new Error(`cannot resume without prompt: ${detail}. Pass a prompt to agent.run({ prompt: … }).`);
-			}
-		}
+		const resumeFilteredTurns = validateAndPrepareResume(session, options.prompt);
 		const clock = options.clock ?? agentClock ?? DEFAULT_AGENT_CLOCK;
 		let externalAbortListener;
 		const externalSignal = options.signal;
 		running = true;
 		try {
 			abortController = new AbortController();
-			runCounter = Math.max(runCounter, initialRunCounter(session));
+			syncRunCounter();
 			const runId = `run_${++runCounter}`;
 			const promptLabel = typeof options.prompt === "string" ? options.prompt : Array.isArray(options.prompt) ? options.prompt.filter((p) => p.type === "text").map((p) => p.text).join("\n") : "";
 			session?.startRun(runId, promptLabel, {
@@ -4305,8 +5274,10 @@ function createAgent({ provider, name: agentName, system: agentSystem, tools: ag
 			const thinking = options.thinking ?? "off";
 			const model = options.model ?? provider.meta.defaultModel;
 			const resolvedBehavior = resolveBehavior(agentBehavior, options.behavior);
-			const { maxConcurrentTools, maxTurns, maxCostUsd, maxTotalTokens, maxTokens, retry, thinkingBudget, schema, cache, toolOutputBudget, toolOutputBudgetExcludeTools, compactStrategy, compactThreshold, compactKeepTurns, thinkingDecay, dedupTools, toolBudgets, elideStaleReads, toolDisclosure, toolSearch, surfaceMcpInstructions, persistThreshold, persistExcludeTools, persistDir, persistMaxBytes, strictToolPairing, maxConsecutivePauseTurns } = resolvedBehavior;
+			const { maxConcurrentTools, maxTurns, maxCostUsd, maxTotalTokens, maxTokens, retry, thinkingBudget, modelOptions: behaviorModelOptions, schema, cache, toolOutputBudget, toolOutputBudgetExcludeTools, compactStrategy, compactThreshold, compactKeepTurns, thinkingDecay, dedupTools, toolBudgets, elideStaleReads, toolDisclosure, toolSearch, surfaceMcpInstructions, persistThreshold, persistExcludeTools, persistDir, persistMaxBytes, strictToolPairing, maxConsecutivePauseTurns } = resolvedBehavior;
+			const modelOptions = options.modelOptions ?? behaviorModelOptions;
 			let system = options.system || agentSystem || "You are a helpful assistant.";
+			const baseSystemForBreakdown = renderSystemForWire(system);
 			if (skillsCatalog) system = appendStaticSection(system, skillsCatalog);
 			const runBaseTools = options.tools !== void 0 ? options.tools : mcpConnection ? {
 				...sourceTools,
@@ -4367,14 +5338,20 @@ function createAgent({ provider, name: agentName, system: agentSystem, tools: ag
 				initialUnlocked.add(toolSearchTool.spec.name);
 			}
 			const discoveryToolName = shouldInjectToolSearch ? "tool_search" : hostDefinedToolSearch ? toolAliases?.tool_search ?? "tool_search" : null;
-			if (disclosure.lazyEntries.length > 0) system = appendStaticSection(system, buildSearchableCatalog(disclosure.lazyEntries, { discoveryToolName }));
+			let searchableCatalogText;
+			if (disclosure.lazyEntries.length > 0) {
+				searchableCatalogText = buildSearchableCatalog(disclosure.lazyEntries, { discoveryToolName });
+				system = appendStaticSection(system, searchableCatalogText);
+			}
 			if (surfaceMcpInstructions && mcpConnection?.instructions && mcpConnection.instructions.size > 0) {
 				const section = renderMcpInstructionsSection(mcpConnection.instructions);
 				if (section.length > 0) system = appendStaticSection(system, section);
 			}
 			const aliasMaps = buildAliasMaps(toolAliases, Object.keys(tools));
 			augmentMcpDoubleUnderscoreAliases(aliasMaps, Object.keys(tools));
+			let formattedToolsCache = null;
 			function buildFormattedTools() {
+				if (formattedToolsCache && formattedToolsCache.tailLen === dynamicUnlockOrder.length) return formattedToolsCache.value;
 				const specs = [];
 				for (const t of Object.values(tools)) {
 					if (!initialUnlocked.has(t.spec.name)) continue;
@@ -4393,12 +5370,52 @@ function createAgent({ provider, name: agentName, system: agentSystem, tools: ag
 						inputSchema: t.spec.inputSchema
 					});
 				}
-				return specs.length > 0 ? provider.formatTools(specs) : [];
+				const value = specs.length > 0 ? provider.formatTools(specs) : [];
+				formattedToolsCache = {
+					tailLen: dynamicUnlockOrder.length,
+					value
+				};
+				return value;
 			}
 			const formattedTools = buildFormattedTools();
+			{
+				const disclosedTools = [];
+				for (const t of Object.values(tools)) {
+					if (!unlocked.has(t.spec.name)) continue;
+					const wireName = aliasMaps.aliasByCanonical.get(t.spec.name) ?? t.spec.name;
+					disclosedTools.push({
+						name: wireName,
+						description: t.spec.description || "",
+						inputSchema: t.spec.inputSchema,
+						...mcpToolNames.has(t.spec.name) ? { mcpServer: "mcp" } : {}
+					});
+				}
+				const deferredEntries = disclosure.lazyEntries.map((entry) => ({
+					name: entry.name,
+					description: entry.description || "",
+					inputSchema: entry.inputSchema,
+					...entry.server ? { server: entry.server } : {}
+				}));
+				const mcpInstructionsText = surfaceMcpInstructions && mcpConnection?.instructions && mcpConnection.instructions.size > 0 ? renderMcpInstructionsSection(mcpConnection.instructions) : void 0;
+				const rulesBlock = options.contextSections?.rulesBlock;
+				const rulesFiles = options.contextSections?.rulesFiles;
+				lastContextAssembly = assembleContextSnapshot({
+					modelId: model,
+					system: renderSystemForWire(system),
+					baseSystem: baseSystemForBreakdown,
+					rulesBlock,
+					rulesFiles,
+					disclosedTools,
+					deferredEntries,
+					mcpInstructions: mcpInstructionsText,
+					skillsCatalog,
+					subagentDefs: searchableCatalogText,
+					wireTools: formattedTools
+				});
+			}
 			const turns = [];
 			if (session && session.turns.length > 0 && (session.runs.length > 0 || !options.prompt) && !options.parentRunId) {
-				const childRunIds = new Set(session.runs.filter((r) => (r.depth ?? 0) > 0).map((r) => r.id));
+				const childRunIds = childRunIdSet(session);
 				const resumed = childRunIds.size === 0 ? session.turns : session.turns.filter((t) => !t.runId || !childRunIds.has(t.runId));
 				const filteredForRuntime = resumeFilteredTurns && resumed === session.turns ? resumeFilteredTurns : filterUnresolvedToolUses(resumed);
 				turns.push(...filteredForRuntime);
@@ -4537,6 +5554,7 @@ function createAgent({ provider, name: agentName, system: agentSystem, tools: ag
 					...options.parentRunId ? { parentRunId: options.parentRunId } : {},
 					depth: runDepth,
 					thinkingBudget,
+					...modelOptions ? { modelOptions } : {},
 					schema,
 					cache,
 					toolOutputBudget,
@@ -4645,20 +5663,12 @@ function createAgent({ provider, name: agentName, system: agentSystem, tools: ag
 				unregisterTurnSync?.();
 				unregisterToolResultsSync?.();
 				for (const unregister of perRunUnregisters) unregister();
-				running = false;
-				abortController = void 0;
 				steeringQueue.length = 0;
 				followUpQueue.length = 0;
-				idleResolve?.();
-				idlePromise = void 0;
-				idleResolve = void 0;
+				resetRunScope();
 			}
 		} finally {
-			running = false;
-			abortController = void 0;
-			idleResolve?.();
-			idlePromise = void 0;
-			idleResolve = void 0;
+			resetRunScope();
 			if (externalSignal && externalAbortListener) externalSignal.removeEventListener("abort", externalAbortListener);
 		}
 	}
@@ -4690,6 +5700,7 @@ function createAgent({ provider, name: agentName, system: agentSystem, tools: ag
 		conversationTurns = [];
 		steeringQueue.length = 0;
 		followUpQueue.length = 0;
+		lastContextAssembly = null;
 		pendingTaskNotifications.clear();
 		const cleared = skillActivationState.clear();
 		for (const record of cleared) await hooks.callHook("skills:deactivate", {
@@ -4814,6 +5825,151 @@ function createAgent({ provider, name: agentName, system: agentSystem, tools: ag
 		pendingTaskNotifications.clear();
 		skillsCleanup();
 		skillsCleanup = () => {};
+		lastContextAssembly = null;
+	}
+	/**
+	* Last parent-run `TurnUsage` from the in-memory conversation — mirrors
+	* `lastContextSizeFromTurns` (chat/store) but reads the live agent turns and
+	* returns the full usage so callers can break out cache read/write/input.
+	* Skips subagent (depth > 0) and zero-usage turns.
+	*/
+	function lastTurnUsage() {
+		const childRunIds = childRunIdSet(session);
+		for (let i = conversationTurns.length - 1; i >= 0; i--) {
+			const turn = conversationTurns[i];
+			if (turn.role !== "assistant" || !turn.usage) continue;
+			if (turn.runId && childRunIds.has(turn.runId)) continue;
+			if (effectiveInputFromTurn(turn.usage) === 0) continue;
+			return turn.usage;
+		}
+		return null;
+	}
+	/**
+	* Best-effort context assembly BEFORE the first run, so the breakdown is
+	* available the moment the chat screen opens (no "send a message first").
+	*
+	* Resolves skills + MCP via `warmup()`, then assembles the same static pieces
+	* `run()` captures — system prompt (with skills catalog + MCP instructions),
+	* the wire tool specs, and MCP groupings. The disclosure subtleties don't
+	* matter pre-run (nothing has been unlocked yet); we treat every native +
+	* MCP tool as disclosed, matching the eager seed of a fresh run.
+	*/
+	async function buildPreRunAssembly(modelOverride) {
+		if (destroyed) return null;
+		try {
+			await ensureSkillsResolved();
+		} catch {}
+		const model = modelOverride ?? provider.meta.defaultModel;
+		const base = agentSystem || "You are a helpful assistant.";
+		const baseSystem = renderSystemForWire(base);
+		let system = base;
+		if (skillsCatalog) system = appendStaticSection(system, skillsCatalog);
+		const baseTools = mcpConnection ? {
+			...sourceTools,
+			...mcpConnection.tools
+		} : sourceTools;
+		const mcpNames = new Set(mcpConnection ? Object.keys(mcpConnection.tools) : []);
+		const disclosedTools = [];
+		const nativeSpecs = [];
+		const mcpSpecs = [];
+		for (const t of Object.values(baseTools)) {
+			const spec = {
+				name: t.spec.name,
+				description: t.spec.description || "",
+				inputSchema: t.spec.inputSchema
+			};
+			if (mcpNames.has(t.spec.name)) mcpSpecs.push(spec);
+			else nativeSpecs.push(spec);
+		}
+		for (const spec of nativeSpecs) disclosedTools.push({
+			name: spec.name,
+			description: spec.description || "",
+			inputSchema: spec.inputSchema
+		});
+		for (const spec of mcpSpecs) disclosedTools.push({
+			name: spec.name,
+			description: spec.description || "",
+			inputSchema: spec.inputSchema,
+			mcpServer: "mcp"
+		});
+		const wireTools = nativeSpecs.length + mcpSpecs.length > 0 ? provider.formatTools([...nativeSpecs, ...mcpSpecs]) : [];
+		const mcpInstructionsText = mcpConnection?.instructions && mcpConnection.instructions.size > 0 ? renderMcpInstructionsSection(mcpConnection.instructions) : void 0;
+		if (mcpInstructionsText) system = appendStaticSection(system, mcpInstructionsText);
+		return assembleContextSnapshot({
+			modelId: model,
+			system: renderSystemForWire(system),
+			baseSystem,
+			disclosedTools,
+			deferredEntries: [],
+			mcpInstructions: mcpInstructionsText,
+			skillsCatalog,
+			wireTools
+		});
+	}
+	async function getContextBreakdown(opts) {
+		if (destroyed) return null;
+		const assembly = lastContextAssembly ?? await buildPreRunAssembly(opts?.model);
+		if (!assembly) return null;
+		const usage = lastTurnUsage();
+		const used = effectiveInputFromTurn(usage);
+		const effectiveWindow = opts?.effectiveWindow ?? used;
+		const autocompactBuffer = opts?.compactThreshold !== void 0 && opts.compactThreshold > 0 && opts.compactThreshold < 1 ? Math.max(0, Math.round((1 - opts.compactThreshold) * effectiveWindow)) : opts?.autocompactBuffer ?? 2e4;
+		let exact;
+		if (typeof provider.countTokens === "function") {
+			const BASELINE = ".";
+			const dummy = [{
+				role: "user",
+				content: [{
+					type: "text",
+					text: "."
+				}]
+			}];
+			const count = (system, tools) => provider.countTokens({
+				model: assembly.modelId,
+				system,
+				tools,
+				messages: dummy
+			}, opts?.signal);
+			try {
+				const [base, sysProbe, sysToolsProbe] = await Promise.all([
+					count(BASELINE, []),
+					count(assembly.system, []),
+					count(assembly.system, assembly.wireTools)
+				]);
+				if (base !== null && sysProbe !== null) exact = {
+					system: Math.max(0, sysProbe - base),
+					...sysToolsProbe !== null ? { systemAndTools: Math.max(0, sysToolsProbe - base) } : {}
+				};
+			} catch {
+				exact = void 0;
+			}
+		}
+		const materializedTools = materializeAssemblyTools(assembly);
+		return buildContextBreakdown({
+			modelId: assembly.modelId,
+			system: assembly.system,
+			baseSystem: assembly.baseSystem,
+			...assembly.rulesBlock ? { rulesBlock: assembly.rulesBlock } : {},
+			...assembly.rulesFiles?.length ? { rulesFiles: assembly.rulesFiles } : {},
+			toolsJson: materializedTools.toolsJson,
+			deferredToolsJson: materializedTools.deferredToolsJson,
+			mcpGroups: materializedTools.mcpGroups,
+			deferredMcpGroups: materializedTools.deferredMcpGroups,
+			...assembly.mcpInstructions ? { mcpInstructions: assembly.mcpInstructions } : {},
+			...assembly.skillsCatalog ? { skillsCatalog: assembly.skillsCatalog } : {},
+			...assembly.subagentDefs ? { subagentDefs: assembly.subagentDefs } : {},
+			used,
+			effectiveWindow,
+			autocompactBuffer,
+			...exact ? { exact } : {},
+			...usage ? { usage: {
+				input: usage.input ?? 0,
+				cacheRead: usage.cacheRead ?? 0,
+				cacheCreation: usage.cacheCreation ?? 0,
+				output: usage.output ?? 0
+			} } : {},
+			...skillActivationState.active().length > 0 ? { activeSkills: skillActivationState.active().map((s) => s.skill.name) } : {}
+		});
 	}
 	const eagerHasWork = allMcpServers.length > 0 || !skillsDisabled && !!skillsConfig;
 	if (eager && eagerHasWork) warmup().catch(() => {});
@@ -4850,225 +6006,11 @@ function createAgent({ provider, name: agentName, system: agentSystem, tools: ag
 			return skillActivationState.active();
 		},
 		meta: Object.freeze({ ...provider.meta }),
+		getContextBreakdown,
 		[Symbol.asyncDispose]: destroy
 	};
 }
 //#endregion
-//#region src/tools/edit-utils.ts
-/**
-* Internal helpers shared between the `edit` and `multi_edit` tools.
-*
-* Not part of the public API — intentionally not re-exported from `tools/index.ts`
-* or the package barrel.
-*/
-/**
-* Count exact (non-overlapping) occurrences of `needle` in `haystack`.
-* Returns 0 for an empty needle — both edit tools reject empty `old_string`
-* up front, so this branch is defensive rather than semantic.
-*/
-function countExactMatches(haystack, needle) {
-	if (needle.length === 0) return 0;
-	let count = 0;
-	let idx = 0;
-	while (true) {
-		const next = haystack.indexOf(needle, idx);
-		if (next === -1) break;
-		count++;
-		idx = next + needle.length;
-	}
-	return count;
-}
-/** Map curly quotes (any of the four) to their straight ASCII equivalents. */
-function normalizeQuotes(str) {
-	return str.replaceAll("‘", "'").replaceAll("’", "'").replaceAll("“", "\"").replaceAll("”", "\"");
-}
-/**
-* Substitutions Anthropic's API applies to assistant output before the model
-* sees it. The model emits the sanitized form; the file on disk contains the
-* unsanitized form. We undo the substitutions on `old_string` so the search
-* lands on the actual file contents.
-*
-* Verbatim from `claude-code/tools/FileEditTool/utils.ts`.
-*/
-const DESANITIZATIONS = [
-	["<fnr>", "<function_results>"],
-	["<n>", "<name>"],
-	["</n>", "</name>"],
-	["<o>", "<output>"],
-	["</o>", "</output>"],
-	["<e>", "<error>"],
-	["</e>", "</error>"],
-	["<s>", "<system>"],
-	["</s>", "</system>"],
-	["<r>", "<result>"],
-	["</r>", "</result>"],
-	["< META_START >", "<META_START>"],
-	["< META_END >", "<META_END>"],
-	["< EOT >", "<EOT>"],
-	["< META >", "<META>"],
-	["< SOS >", "<SOS>"],
-	["\n\nH:", "\n\nHuman:"],
-	["\n\nA:", "\n\nAssistant:"]
-];
-/**
-* Apply the SDK desanitization table to a string. Exported so the edit tools
-* can apply it to `new_string` whenever `old_string` matched via a
-* desanitize-class fallback — keeps the file's unsanitized form on disk
-* instead of writing the model's abbreviated form back.
-*/
-function desanitize(s) {
-	let out = s;
-	for (const [from, to] of DESANITIZATIONS) out = out.replaceAll(from, to);
-	return out;
-}
-/**
-* Strip line-number prefixes from each line of a needle, used as a recovery
-* fallback when the model pastes a `read_file` chunk verbatim into
-* `old_string` — the on-disk file doesn't carry the metadata prefix.
-*
-* Accepts three separator characters so a model that learned on a different
-* agent stack still works here: `\t` (Claude Code compact, our default),
-* `|`, and `→`. Pattern: optional leading whitespace, 1-9 digits, then one
-* of `\t | →`. The 9-digit ceiling covers files up to ~1B lines without
-* overshooting into legitimate `\d{N}<sep>` content like Markdown table
-* cells with long numeric IDs.
-*/
-const LINE_NUMBER_PREFIX_RE = /^[ \t]*\d{1,9}[\t|\u2192]/gm;
-function stripLineNumberPrefixes(s) {
-	return s.replace(LINE_NUMBER_PREFIX_RE, "");
-}
-/**
-* Search `target` in `normFile` and slice the matching span out of the
-* original `haystack`, counting all non-overlapping occurrences. `normFile`
-* is the haystack with whatever transform (quotes / desanitize / combined)
-* was applied to make the indices align — slicing the original haystack
-* preserves the file's actual typography so `replace_all` writes back the
-* file's form, not the model's.
-*
-* Pre-condition: `normFile.length === haystack.length` (every transform
-* we use is one-to-one). Returns null on miss.
-*/
-function locateAndCount(haystack, normFile, target, via) {
-	const idx = normFile.indexOf(target);
-	if (idx === -1) return null;
-	const actual = haystack.slice(idx, idx + target.length);
-	let occ = 0;
-	let cursor = 0;
-	while (true) {
-		const next = normFile.indexOf(target, cursor);
-		if (next === -1) break;
-		occ++;
-		cursor = next + target.length;
-	}
-	return {
-		actual,
-		occurrences: occ,
-		via
-	};
-}
-function resolveOldString(haystack, needle) {
-	const exact = countExactMatches(haystack, needle);
-	if (exact > 0) return {
-		actual: needle,
-		occurrences: exact,
-		via: "exact"
-	};
-	const normNeedle = normalizeQuotes(needle);
-	const normFile = normalizeQuotes(haystack);
-	if (normNeedle !== needle || normFile !== haystack) {
-		const m = locateAndCount(haystack, normFile, normNeedle, "quotes");
-		if (m) return m;
-	}
-	const desan = desanitize(needle);
-	if (desan !== needle) {
-		const desanCount = countExactMatches(haystack, desan);
-		if (desanCount > 0) return {
-			actual: desan,
-			occurrences: desanCount,
-			via: "desanitize"
-		};
-	}
-	const combo = desanitize(normNeedle);
-	if (combo !== needle) {
-		const m = locateAndCount(haystack, normFile, combo, "quotes+desanitize");
-		if (m) return m;
-	}
-	const stripped = stripLineNumberPrefixes(needle);
-	if (stripped !== needle && stripped.trim().length > 0) {
-		const count = countExactMatches(haystack, stripped);
-		if (count > 0) return {
-			actual: stripped,
-			occurrences: count,
-			via: "line-numbers"
-		};
-		const strippedNorm = normalizeQuotes(stripped);
-		if (strippedNorm !== stripped || normFile !== haystack) {
-			const m = locateAndCount(haystack, normFile, strippedNorm, "quotes+line-numbers");
-			if (m) return m;
-		}
-	}
-	return null;
-}
-/**
-* Apply the same recovery transforms used to find `old_string` to
-* `new_string`, so the file gets back its native form: desanitize when
-* the model emitted `<n>` for `<name>`, strip line-number prefixes when
-* the match required them, then re-curlify when the match required
-* quote normalization. Shared between `edit` and `multi_edit`.
-*/
-function styleReplacementForVia(replacement, via, actual) {
-	let out = replacement;
-	if (via === "desanitize" || via === "quotes+desanitize") out = desanitize(out);
-	if (via === "line-numbers" || via === "quotes+line-numbers") out = stripLineNumberPrefixes(out);
-	if (via === "quotes" || via === "quotes+desanitize" || via === "quotes+line-numbers") out = preserveQuoteStyle(actual, out);
-	return out;
-}
-/**
-* When `old_string` matched via curly-quote normalization, re-style
-* `new_string` so the file's typography is preserved across the edit.
-* Detects whether the matched file region had curly singles, doubles, or
-* both, and applies the matching curlification to the replacement.
-*
-* Apostrophes in contractions (`don't`, `it's`) get the right-single curly
-* quote regardless of opening context — that's the canonical typographer's
-* convention for English. Other quotes use a simple
-* preceded-by-whitespace-or-opening-punctuation heuristic.
-*/
-function preserveQuoteStyle(actual, replacement) {
-	const hasDouble = actual.includes("“") || actual.includes("”");
-	const hasSingle = actual.includes("‘") || actual.includes("’");
-	if (!hasDouble && !hasSingle) return replacement;
-	let out = replacement;
-	if (hasDouble) out = applyCurly(out, "\"", "“", "”", false);
-	if (hasSingle) out = applyCurly(out, "'", "‘", "’", true);
-	return out;
-}
-function applyCurly(s, straight, left, right, contractionAware) {
-	const chars = [...s];
-	const result = [];
-	for (let i = 0; i < chars.length; i++) {
-		if (chars[i] !== straight) {
-			result.push(chars[i]);
-			continue;
-		}
-		if (contractionAware) {
-			const prev = i > 0 ? chars[i - 1] : "";
-			const next = i < chars.length - 1 ? chars[i + 1] : "";
-			if (/\p{L}/u.test(prev) && /\p{L}/u.test(next)) {
-				result.push(right);
-				continue;
-			}
-		}
-		result.push(isOpeningContext(chars, i) ? left : right);
-	}
-	return result.join("");
-}
-function isOpeningContext(chars, i) {
-	if (i === 0) return true;
-	const prev = chars[i - 1];
-	return prev === " " || prev === "	" || prev === "\n" || prev === "\r" || prev === "(" || prev === "[" || prev === "{" || prev === "—" || prev === "–";
-}
-//#endregion
 //#region src/tools/path-suggest.ts
 /**
 * Find a sibling file in the same directory sharing `path`'s basename
@@ -5864,12 +6806,13 @@ const readFile$1 = {
 		}
 	},
 	async execute({ path, offset, limit, maxBytes, lineNumbers }, ctx) {
-		const imgMedia = imageMediaTypeFor(path);
-		if (imgMedia) {
+		const extMedia = imageMediaTypeFor(path);
+		if (extMedia) {
 			const sizeCap = maxBytes !== void 0 ? normalizeInteger(maxBytes, DEFAULT_IMAGE_BYTE_CAP) : DEFAULT_IMAGE_BYTE_CAP;
 			try {
 				const { base64, byteLength } = await readFileAsBase64(ctx.execution, ctx.handle, path);
 				if (sizeCap > 0 && byteLength > sizeCap) return `[image too large to inline: ${path}, ${byteLength} bytes (cap ${sizeCap}). Raise maxBytes, or use shell to inspect.]`;
+				const imgMedia = reconcileImageMediaType(extMedia, base64);
 				return [{
 					type: "text",
 					text: `Image: ${path} (${byteLength} bytes, ${imgMedia})`
@@ -6006,6 +6949,8 @@ const BUBBLED_EVENTS = [
 	"stream:thinking",
 	"stream:end",
 	"stream:error",
+	"stream:server_tool_use",
+	"stream:server_tool_result",
 	"tool:dispatched",
 	"tool:before",
 	"tool:after",
@@ -6026,6 +6971,8 @@ const CHILD_EVENT_NAME = {
 	"stream:thinking": "child:stream:thinking",
 	"stream:end": "child:stream:end",
 	"stream:error": "child:stream:error",
+	"stream:server_tool_use": "child:stream:server_tool_use",
+	"stream:server_tool_result": "child:stream:server_tool_result",
 	"tool:dispatched": "child:tool:dispatched",
 	"tool:before": "child:tool:before",
 	"tool:after": "child:tool:after",
@@ -6522,6 +7469,6 @@ const writeFile$1 = {
 	}
 };
 //#endregion
-export { resolvePersistDir as A, formatTaskStatus as B, TOOL_USE_SKIPPED_MESSAGE as C, buildPersistedStub as D, PERSISTENCE_PREVIEW_BYTES as E, resolveReadStateMap as F, previewLine as H, ageString as I, compactPath as L, getReadState as M, hashContent as N, cleanupPersistedSession as O, readStateKey as P, fmtTokens as R, TOOL_USE_CANCELLED_MESSAGE as S, PERSISTED_STUB_PREFIX as T, shortId as U, formatTaskSummary as V, createSkillsReadTool as _, multiEdit as a, INTERRUPT_MESSAGE_FOR_TOOL_USE as b, grep as c, resolveOldString as d, styleReplacementForVia as f, createSkillsRunScriptTool as g, createSkillsUseTool as h, readFile$1 as i, resolveTasksDir as j, maybePersistToolResult as k, glob$1 as l, createToolSearchTool as m, createSpawnTool as n, listFiles as o, createAgent as p, shellKill as r, createInteractionTool as s, writeFile$1 as t, edit as u, createShellTool as v, validateToolArgs as w, SHELL_CASCADE_CANCEL_MESSAGE as x, shell as y, formatDuration as z };
+export { getReadState as A, enabledModelOptions as B, PERSISTED_STUB_PREFIX as C, maybePersistToolResult as D, cleanupPersistedSession as E, OUTPUT_RESERVE_TOKENS as F, modelSupportsReasoning as G, getModelInfo as H, anthropicDescriptor as I, openrouterDescriptor as J, modelsForDescriptor as K, cerebrasDescriptor as L, readStateKey as M, resolveReadStateMap as N, resolvePersistDir as O, BUILTIN_PROVIDERS as P, credKeyOf as R, validateToolArgs as S, buildPersistedStub as T, localDescriptor as U, getContextWindow as V, modelOptionsFor as W, restoreModelOptions as X, piIdOf as Y, shell as _, multiEdit as a, TOOL_USE_CANCELLED_MESSAGE as b, grep as c, createAgent as d, createToolSearchTool as f, createShellTool as g, createSkillsReadTool as h, readFile$1 as i, hashContent as j, resolveTasksDir as k, glob$1 as l, createSkillsRunScriptTool as m, createSpawnTool as n, listFiles as o, createSkillsUseTool as p, openaiDescriptor as q, shellKill as r, createInteractionTool as s, writeFile$1 as t, edit as u, INTERRUPT_MESSAGE_FOR_TOOL_USE as v, PERSISTENCE_PREVIEW_BYTES as w, TOOL_USE_SKIPPED_MESSAGE as x, SHELL_CASCADE_CANCEL_MESSAGE as y, effectiveContextWindow as z };
 
-//# sourceMappingURL=tools-DhrLrOEr.js.map
+//# sourceMappingURL=tools-BGtJK0vo.js.map