test: trim extra blank lines in conversation recovery test

Keep the focused provider-resume test diff clean so the regression branch stays easy to review. Co-Authored-By: Claude Opus 4.6 <noreply@openclaude.dev>
test: move provider-sensitive resume coverage behind module mocks
2026-04-07 15:27:39 +02:00 · 2026-04-07 15:02:41 +02:00 · 2026-04-07 15:02:41 +02:00 · 2026-04-07 15:02:41 +02:00 · 2026-04-07 15:02:13 +02:00 · 2026-04-07 17:26:00 +08:00
913 changed files with 31141 additions and 7484 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,250 @@
+# =============================================================================
+# OpenClaude Environment Configuration
+# =============================================================================
+# Copy this file to .env and fill in your values:
+#   cp .env.example .env
+#
+# Only set the variables for the provider you want to use.
+# All other sections can be left commented out.
+# =============================================================================
+
+# =============================================================================
+# SYSTEM-WIDE SETUP (OPTIONAL)
+# =============================================================================
+# Instead of using a .env file per project, you can set these variables
+# system-wide so OpenClaude works from any directory on your machine.
+#
+# STEP 1: Pick your provider variables from the list below.
+# STEP 2: Set them using the method for your OS (see further down).
+#
+# ── Provider variables ───────────────────────────────────────────────
+#
+#   Option 1 — Anthropic:
+#     ANTHROPIC_API_KEY=sk-ant-your-key-here
+#     ANTHROPIC_MODEL=claude-sonnet-4-5              (optional)
+#     ANTHROPIC_BASE_URL=https://api.anthropic.com   (optional)
+#
+#   Option 2 — OpenAI:
+#     CLAUDE_CODE_USE_OPENAI=1
+#     OPENAI_API_KEY=sk-your-key-here
+#     OPENAI_MODEL=gpt-4o
+#     OPENAI_BASE_URL=https://api.openai.com/v1      (optional)
+#
+#   Option 3 — Google Gemini:
+#     CLAUDE_CODE_USE_GEMINI=1
+#     GEMINI_API_KEY=your-gemini-key-here
+#     GEMINI_MODEL=gemini-2.0-flash
+#     GEMINI_BASE_URL=https://generativelanguage.googleapis.com  (optional)
+#
+#   Option 4 — GitHub Models:
+#     CLAUDE_CODE_USE_GITHUB=1
+#     GITHUB_TOKEN=ghp_your-token-here
+#
+#   Option 5 — Ollama (local):
+#     CLAUDE_CODE_USE_OPENAI=1
+#     OPENAI_BASE_URL=http://localhost:11434/v1
+#     OPENAI_API_KEY=ollama
+#     OPENAI_MODEL=llama3.2
+#
+#   Option 6 — LM Studio (local):
+#     CLAUDE_CODE_USE_OPENAI=1
+#     OPENAI_BASE_URL=http://localhost:1234/v1
+#     OPENAI_MODEL=your-model-id-here
+#     OPENAI_API_KEY=lmstudio                        (optional)
+#
+#   Option 7 — AWS Bedrock (may also need: aws configure):
+#     CLAUDE_CODE_USE_BEDROCK=1
+#     AWS_REGION=us-east-1
+#     AWS_DEFAULT_REGION=us-east-1
+#     AWS_BEARER_TOKEN_BEDROCK=your-bearer-token-here
+#     ANTHROPIC_BEDROCK_BASE_URL=https://bedrock-runtime.us-east-1.amazonaws.com
+#
+#   Option 8 — Google Vertex AI:
+#     CLAUDE_CODE_USE_VERTEX=1
+#     ANTHROPIC_VERTEX_PROJECT_ID=your-gcp-project-id
+#     CLOUD_ML_REGION=us-east5
+#     GOOGLE_CLOUD_PROJECT=your-gcp-project-id
+#
+# ── How to set variables on each OS ──────────────────────────────────
+#
+# macOS (zsh):
+#   1. Open:  nano ~/.zshrc
+#   2. Add each variable as:  export VAR_NAME=value
+#   3. Save and reload:  source ~/.zshrc
+#
+# Linux (bash):
+#   1. Open:  nano ~/.bashrc
+#   2. Add each variable as:  export VAR_NAME=value
+#   3. Save and reload:  source ~/.bashrc
+#
+# Windows (PowerShell):
+#   Run for each variable:
+#     [System.Environment]::SetEnvironmentVariable('VAR_NAME', 'value', 'User')
+#   Then restart your terminal.
+#
+# Windows (Command Prompt):
+#   Run for each variable:
+#     setx VAR_NAME value
+#   Then restart your terminal.
+#
+# Windows (GUI):
+#   Settings > System > About > Advanced System Settings >
+#   Environment Variables > under "User variables" click New,
+#   then add each variable.
+#
+# ── Important notes ──────────────────────────────────────────────────
+#
+# LOCAL SERVERS: If using LM Studio or Ollama, the server MUST be
+# running with a model loaded before you launch OpenClaude —
+# otherwise you'll get connection errors.
+#
+# SWITCHING PROVIDERS: To temporarily switch, unset the relevant
+# variables in your current terminal session:
+#
+#   macOS / Linux:
+#     unset VAR_NAME
+#     # e.g.: unset CLAUDE_CODE_USE_OPENAI OPENAI_BASE_URL OPENAI_MODEL
+#
+#   Windows (PowerShell — current session only):
+#     Remove-Item Env:VAR_NAME
+#
+#   To permanently remove a variable on Windows:
+#     [System.Environment]::SetEnvironmentVariable('VAR_NAME', $null, 'User')
+#
+# LOAD ORDER:
+#   Shell and system environment variables are inherited by the process.
+#   Project .env files are only used if your launcher or shell loads them
+#   before starting OpenClaude.
+# COMPATIBILITY:
+#   System-wide variables work regardless of how you run OpenClaude:
+#   npx, global npm install, bun run, or node directly. Any process
+#   launched from your terminal inherits your shell's environment.
+#
+# REMINDER: Make sure .env is in your .gitignore to avoid committing secrets.
+# =============================================================================
+
+# =============================================================================
+# PROVIDER SELECTION — uncomment ONE block below
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# Option 1: Anthropic (default — no provider flag needed)
+# -----------------------------------------------------------------------------
+ANTHROPIC_API_KEY=sk-ant-your-key-here
+
+# Override the default model (optional)
+# ANTHROPIC_MODEL=claude-sonnet-4-5
+
+# Use a custom Anthropic-compatible endpoint (optional)
+# ANTHROPIC_BASE_URL=https://api.anthropic.com
+
+
+# -----------------------------------------------------------------------------
+# Option 2: OpenAI
+# -----------------------------------------------------------------------------
+# CLAUDE_CODE_USE_OPENAI=1
+# OPENAI_API_KEY=sk-your-key-here
+# OPENAI_MODEL=gpt-4o
+
+# Use a custom OpenAI-compatible endpoint (optional — defaults to api.openai.com)
+# OPENAI_BASE_URL=https://api.openai.com/v1
+
+
+# -----------------------------------------------------------------------------
+# Option 3: Google Gemini
+# -----------------------------------------------------------------------------
+# CLAUDE_CODE_USE_GEMINI=1
+# GEMINI_API_KEY=your-gemini-key-here
+# GEMINI_MODEL=gemini-2.0-flash
+
+# Use a custom Gemini endpoint (optional)
+# GEMINI_BASE_URL=https://generativelanguage.googleapis.com/v1beta/openai
+
+
+# -----------------------------------------------------------------------------
+# Option 4: GitHub Models
+# -----------------------------------------------------------------------------
+# CLAUDE_CODE_USE_GITHUB=1
+# GITHUB_TOKEN=ghp_your-token-here
+
+
+# -----------------------------------------------------------------------------
+# Option 5: Ollama (local models)
+# -----------------------------------------------------------------------------
+# CLAUDE_CODE_USE_OPENAI=1
+# OPENAI_BASE_URL=http://localhost:11434/v1
+# OPENAI_API_KEY=ollama
+# OPENAI_MODEL=llama3.2
+
+# -----------------------------------------------------------------------------
+# Option 6: LM Studio (local models)
+# -----------------------------------------------------------------------------
+# LM Studio exposes an OpenAI-compatible API, so we use the OpenAI provider.
+# Make sure LM Studio is running with the Developer server enabled
+# (Developer tab > toggle server ON).
+#
+# Steps:
+#   1. Download and install LM Studio from https://lmstudio.ai
+#   2. Search for and download a model (e.g. any coding or instruct model)
+#   3. Load the model and start the Developer server
+#   4. Set OPENAI_MODEL to the model ID shown in LM Studio's Developer tab
+#
+# The default server URL is http://localhost:1234 — change the port below
+# if you've configured a different one in LM Studio.
+#
+# OPENAI_API_KEY is optional — LM Studio runs locally and ignores it.
+# Some clients require a non-empty value; if you get auth errors, set it
+# to any dummy value (e.g. "lmstudio").
+#
+# CLAUDE_CODE_USE_OPENAI=1
+# OPENAI_BASE_URL=http://localhost:1234/v1
+# OPENAI_MODEL=your-model-id-here
+
+
+# -----------------------------------------------------------------------------
+# Option 7: AWS Bedrock
+# -----------------------------------------------------------------------------
+
+# You may also need AWS CLI credentials configured (run: aws configure)
+# or have AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY set in your
+# environment in addition to the variables below.
+#
+# CLAUDE_CODE_USE_BEDROCK=1
+# AWS_REGION=us-east-1
+# AWS_DEFAULT_REGION=us-east-1
+# AWS_BEARER_TOKEN_BEDROCK=your-bearer-token-here
+# ANTHROPIC_BEDROCK_BASE_URL=https://bedrock-runtime.us-east-1.amazonaws.com
+
+
+# -----------------------------------------------------------------------------
+# Option 8: Google Vertex AI
+# -----------------------------------------------------------------------------
+# CLAUDE_CODE_USE_VERTEX=1
+# ANTHROPIC_VERTEX_PROJECT_ID=your-gcp-project-id
+# CLOUD_ML_REGION=us-east5
+# GOOGLE_CLOUD_PROJECT=your-gcp-project-id
+
+
+# =============================================================================
+# OPTIONAL TUNING
+# =============================================================================
+
+# Max number of API retries on failure (default: 10)
+# CLAUDE_CODE_MAX_RETRIES=10
+
+# Enable persistent retry mode for unattended/CI sessions
+# Retries 429/529 indefinitely with smart backoff
+# CLAUDE_CODE_UNATTENDED_RETRY=1
+
+# Enable extended key reporting (Kitty keyboard protocol)
+# Useful for iTerm2, WezTerm, Ghostty if modifier keys feel off
+# OPENCLAUDE_ENABLE_EXTENDED_KEYS=1
+
+# Disable "Co-authored-by" line in git commits made by OpenClaude
+# OPENCLAUDE_DISABLE_CO_AUTHORED_BY=1
+
+# Custom timeout for API requests in milliseconds (default: varies)
+# API_TIMEOUT_MS=60000
+
+# Enable debug logging
+# CLAUDE_DEBUG=1
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,41 @@
+---
+name: Bug report
+about: Report a reproducible problem in OpenClaude
+title: ""
+labels: ""
+assignees: ""
+---
+
+## Summary
+
+What is broken?
+
+## Steps to Reproduce
+
+1.
+2.
+3.
+
+## Expected Behavior
+
+What should have happened?
+
+## Actual Behavior
+
+What happened instead?
+
+## Environment
+
+- OpenClaude version:
+- OS:
+- Terminal:
+- Provider:
+- Model:
+
+## Logs / Screenshots
+
+Paste the exact error output or attach screenshots if useful.
+
+## Additional Context
+
+Anything else maintainers should know?
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
+blank_issues_enabled: true
+contact_links:
+  - name: OpenClaude Discussions
+    url: https://github.com/Gitlawb/openclaude/discussions
+    about: Use Discussions for setup help, questions, ideas, and community conversation.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,27 @@
+---
+name: Feature request
+about: Suggest an improvement or new capability for OpenClaude
+title: ""
+labels: ""
+assignees: ""
+---
+
+## Summary
+
+What would you like OpenClaude to do?
+
+## Problem
+
+What problem does this solve for you?
+
+## Proposed Direction
+
+Describe the smallest useful version of the feature if possible.
+
+## Alternatives Considered
+
+What are you doing today instead?
+
+## Additional Context
+
+Examples, screenshots, related projects, or prior art.
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -0,0 +1,21 @@
+## Summary
+
+- what changed
+- why it changed
+
+## Impact
+
+- user-facing impact:
+- developer/maintainer impact:
+
+## Testing
+
+- [ ] `bun run build`
+- [ ] `bun run smoke`
+- [ ] focused tests:
+
+## Notes
+
+- provider/model path tested:
+- screenshots attached (if UI changed):
+- follow-up work or known limitations:
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -6,21 +6,26 @@ on:
    branches:
      - main

+permissions:
+  contents: read
+
 jobs:
  smoke-and-tests:
    runs-on: ubuntu-latest

    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0

      - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 22

      - name: Set up Bun
-        uses: oven-sh/setup-bun@v2
+        uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 # v2.0.1
        with:
          bun-version: 1.3.11

@@ -30,6 +35,11 @@ jobs:
      - name: Smoke check
        run: bun run smoke

+      - name: Full unit test suite
+        run: bun test --max-concurrency=1
+
+      - name: Suspicious PR intent scan
+        run: bun run security:pr-scan -- --base ${{ github.event.pull_request.base.sha || 'origin/main' }}
      - name: Provider tests
        run: bun run test:provider

--- a/.gitignore
+++ b/.gitignore
@@ -3,5 +3,10 @@ dist/
 *.tsbuildinfo
 .env
 .env.*
+!.env.example
 .openclaude-profile.json
 reports/
+GEMINI.md
+package-lock.json
+/.claude
+coverage/
--- a/ANDROID_INSTALL.md
+++ b/ANDROID_INSTALL.md
@@ -0,0 +1,162 @@
+# OpenClaude on Android (Termux)
+
+A complete guide to running OpenClaude on Android using Termux + proot Ubuntu.
+
+---
+
+## Prerequisites
+
+- Android phone with ~700MB free storage
+- [Termux](https://f-droid.org/en/packages/com.termux/) installed from **F-Droid** (not Play Store)
+- An [OpenRouter](https://openrouter.ai) API key (free, no credit card required)
+
+---
+
+## Why This Setup?
+
+OpenClaude requires [Bun](https://bun.sh) to build, and Bun does not support Android natively. The workaround is running a real Ubuntu environment inside Termux via `proot-distro`, where Bun's Linux binary works correctly.
+
+---
+
+## Installation
+
+### Step 1 — Update Termux
+
+```bash
+pkg update && pkg upgrade
+```
+
+Press `N` or Enter for any config file conflict prompts.
+
+### Step 2 — Install dependencies
+
+```bash
+pkg install nodejs-lts git proot-distro
+```
+
+Verify Node.js:
+```bash
+node --version  # should be v20+
+```
+
+### Step 3 — Clone OpenClaude
+
+```bash
+git clone https://github.com/Gitlawb/openclaude.git
+cd openclaude
+npm install
+npm link
+```
+
+### Step 4 — Install Ubuntu via proot
+
+```bash
+proot-distro install ubuntu
+```
+
+This downloads ~200–400MB. Wait for it to complete.
+
+### Step 5 — Install Bun inside Ubuntu
+
+```bash
+proot-distro login ubuntu
+curl -fsSL https://bun.sh/install | bash
+source ~/.bashrc
+bun --version  # should show 1.3.11+
+```
+
+### Step 6 — Build OpenClaude
+
+```bash
+cd /data/data/com.termux/files/home/openclaude
+bun run build
+```
+
+You should see:
+```
+✓ Built openclaude v0.1.6 → dist/cli.mjs
+```
+
+### Step 7 — Save env vars permanently
+
+Still inside Ubuntu, add your OpenRouter config to `.bashrc`:
+
+```bash
+echo 'export CLAUDE_CODE_USE_OPENAI=1' >> ~/.bashrc
+echo 'export OPENAI_API_KEY=your_openrouter_key_here' >> ~/.bashrc
+echo 'export OPENAI_BASE_URL=https://openrouter.ai/api/v1' >> ~/.bashrc
+echo 'export OPENAI_MODEL=qwen/qwen3.6-plus-preview:free' >> ~/.bashrc
+source ~/.bashrc
+```
+
+Replace `your_openrouter_key_here` with your actual key from [openrouter.ai/keys](https://openrouter.ai/keys).
+
+### Step 8 — Run OpenClaude
+
+```bash
+node dist/cli.mjs
+```
+
+Select **3** (3rd-party platform) at the login screen. Your env vars will be detected automatically.
+
+---
+
+## Restarting After Closing Termux
+
+Every time you reopen Termux after killing it, run:
+
+```bash
+proot-distro login ubuntu
+cd /data/data/com.termux/files/home/openclaude
+node dist/cli.mjs
+```
+
+---
+
+## Recommended Free Model
+
+**`qwen/qwen3.6-plus-preview:free`** — Best free model on OpenRouter as of April 2026.
+
+- 1M token context window
+- Beats Claude 4.5 Opus on Terminal-Bench 2.0 agentic coding (61.6 vs 59.3)
+- Built-in chain-of-thought reasoning
+- Native tool use and function calling
+- $0/M tokens (preview period)
+
+> ⚠️ Free status may change when the preview period ends. Check [openrouter.ai](https://openrouter.ai/qwen/qwen3.6-plus-preview:free) for current pricing.
+
+---
+
+## Alternative Free Models (OpenRouter)
+
+| Model ID | Context | Notes |
+|---|---|---|
+| `qwen/qwen3-coder:free` | 262K | Best for pure coding tasks |
+| `openai/gpt-oss-120b:free` | 131K | OpenAI open model, strong tool calling |
+| `nvidia/nemotron-3-super-120b-a12b:free` | 262K | Hybrid MoE, good general use |
+| `meta-llama/llama-3.3-70b-instruct:free` | 66K | Reliable, widely tested |
+
+Switch models anytime:
+```bash
+export OPENAI_MODEL=qwen/qwen3-coder:free
+node dist/cli.mjs
+```
+
+---
+
+## Why Not Groq or Cerebras?
+
+Both were tested and fail due to OpenClaude's large system prompt (~50K tokens):
+
+- **Groq free tier**: TPM limits too low (6K–12K tokens/min)
+- **Cerebras free tier**: TPM limits exceeded, even on `llama3.1-8b`
+
+OpenRouter free models have no TPM restrictions — only 20 req/min and 200 req/day.
+
+---
+
+## Tips
+
+- **Don't swipe Termux away** from recent apps mid-session — use the home button to minimize instead.
+- The Ubuntu environment persists between Termux sessions; your build and config are saved.
+- Run `bun run build` again only if you pull updates to the OpenClaude repo.
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,126 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and maintainers pledge to make participation in
+our community a harassment-free experience for everyone, regardless of age,
+body size, visible or invisible disability, ethnicity, sex characteristics,
+gender identity and expression, level of experience, education, socio-economic
+status, nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for
+moderation decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the project maintainers through the repository maintainers or
+security/community contact paths available in the repository.
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/),
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html).
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity).
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq).
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,119 @@
+# Contributing to OpenClaude
+
+Thanks for contributing.
+
+OpenClaude is a fast-moving open-source coding-agent CLI with support for multiple providers, local backends, MCP, and a terminal-first workflow. The best contributions here are focused, well-tested, and easy to review.
+
+## Before You Start
+
+- Search existing [issues](https://github.com/Gitlawb/openclaude/issues) and [discussions](https://github.com/Gitlawb/openclaude/discussions) before opening a new thread.
+- Use issues for confirmed bugs and actionable feature work.
+- Use discussions for setup help, ideas, and general community conversation.
+- For larger changes, open an issue first so the scope is clear before implementation.
+- For security reports, follow [SECURITY.md](SECURITY.md).
+
+## Local Setup
+
+Install dependencies:
+
+```bash
+bun install
+```
+
+Build the CLI:
+
+```bash
+bun run build
+```
+
+Smoke test:
+
+```bash
+bun run smoke
+```
+
+Run the app locally:
+
+```bash
+bun run dev
+```
+
+If you are working on provider setup or saved profiles, useful commands include:
+
+```bash
+bun run profile:init
+bun run dev:profile
+```
+
+## Development Workflow
+
+- Keep PRs focused on one problem or feature.
+- Avoid mixing unrelated cleanup into the same change.
+- Preserve existing repo patterns unless the change is intentionally refactoring them.
+- Add or update tests when the change affects behavior.
+- Update docs when setup, commands, or user-facing behavior changes.
+
+## Validation
+
+At minimum, run the most relevant checks for your change.
+
+Common checks:
+
+```bash
+bun run build
+bun run smoke
+```
+
+Focused tests:
+
+```bash
+bun test ./path/to/test-file.test.ts
+```
+
+When working on provider/runtime setup, this can also help:
+
+```bash
+bun run doctor:runtime
+```
+
+## Pull Requests
+
+Good PRs usually include:
+
+- a short explanation of what changed
+- why it changed
+- the user or developer impact
+- the exact checks you ran
+
+If the PR touches UI, terminal presentation, or the VS Code extension, include screenshots when useful.
+
+If the PR changes provider behavior, mention which provider path was tested.
+
+## Code Style
+
+- Follow the existing code style in the touched files.
+- Prefer small, readable changes over broad rewrites.
+- Do not reformat unrelated files just because they are nearby.
+- Keep comments useful and concise.
+
+## Provider Changes
+
+OpenClaude supports multiple provider paths. If you change provider logic:
+
+- be explicit about which providers are affected
+- avoid breaking third-party providers while fixing first-party behavior
+- test the exact provider/model path you changed when possible
+- call out any limitations or follow-up work in the PR description
+
+## Community
+
+Please be respectful and constructive with other contributors.
+
+Maintainers may ask for:
+
+- narrower scope
+- focused follow-up PRs
+- stronger validation
+- docs updates for behavior changes
+
+That is normal and helps keep the project reviewable as it grows.
--- a/29
+++ b/29
@@ -0,0 +1,29 @@
+NOTICE
+
+This repository contains code derived from Anthropic's Claude Code CLI.
+
+The original Claude Code source is proprietary software:
+  Copyright (c) Anthropic PBC. All rights reserved.
+  Subject to Anthropic's Commercial Terms of Service.
+
+Modifications and additions by OpenClaude contributors are offered under
+the MIT License where legally permissible:
+
+  MIT License
+  Copyright (c) 2026 OpenClaude contributors (modifications only)
+
+  Permission is hereby granted, free of charge, to any person obtaining
+  a copy of the modifications made by OpenClaude contributors, to deal
+  in those modifications without restriction, including without limitation
+  the rights to use, copy, modify, merge, publish, distribute, sublicense,
+  and/or sell copies, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included
+  in all copies or substantial portions of the modifications.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND.
+
+The underlying derived code remains subject to Anthropic's copyright.
+This project does not have Anthropic's authorization to distribute
+their proprietary source. Users and contributors should evaluate their
+own legal position.
--- a/README.md
+++ b/README.md
@@ -1,377 +1,326 @@
 # OpenClaude

-Use Claude Code with **any LLM** — not just Claude.
+OpenClaude is an open-source coding-agent CLI for cloud and local model providers.

-OpenClaude is a fork of the [Claude Code source leak](https://gitlawb.com/node/repos/z6MkgKkb/instructkr-claude-code) (exposed via npm source maps on March 31, 2026). We added an OpenAI-compatible provider shim so you can plug in GPT-4o, DeepSeek, Gemini, Llama, Mistral, or any model that speaks the OpenAI chat completions API. It now also supports the ChatGPT Codex backend for `codexplan` and `codexspark`.
+Use OpenAI-compatible APIs, Gemini, GitHub Models, Codex, Ollama, Atomic Chat, and other supported backends while keeping one terminal-first workflow: prompts, tools, agents, MCP, slash commands, and streaming output.

-All of Claude Code's tools work — bash, file read/write/edit, grep, glob, agents, tasks, MCP — just powered by whatever model you choose.
+[![PR Checks](https://github.com/Gitlawb/openclaude/actions/workflows/pr-checks.yml/badge.svg?branch=main)](https://github.com/Gitlawb/openclaude/actions/workflows/pr-checks.yml)
+[![Release](https://img.shields.io/github/v/tag/Gitlawb/openclaude?label=release&color=0ea5e9)](https://github.com/Gitlawb/openclaude/tags)
+[![Discussions](https://img.shields.io/badge/discussions-open-7c3aed)](https://github.com/Gitlawb/openclaude/discussions)
+[![Security Policy](https://img.shields.io/badge/security-policy-0f766e)](SECURITY.md)
+[![License](https://img.shields.io/badge/license-MIT-2563eb)](LICENSE)

---
+[Quick Start](#quick-start) | [Setup Guides](#setup-guides) | [Providers](#supported-providers) | [Source Build](#source-build-and-local-development) | [VS Code Extension](#vs-code-extension) | [Community](#community)

-## Install
+## Why OpenClaude

-### Option A: npm (recommended)
+- Use one CLI across cloud APIs and local model backends
+- Save provider profiles inside the app with `/provider`
+- Run with OpenAI-compatible services, Gemini, GitHub Models, Codex, Ollama, Atomic Chat, and other supported providers
+- Keep coding-agent workflows in one place: bash, file tools, grep, glob, agents, tasks, MCP, and web tools
+- Use the bundled VS Code extension for launch integration and theme support
+
+## Quick Start
+
+### Install

 ```bash
 npm install -g @gitlawb/openclaude
 ```

-### Option B: From source (requires Bun)
+If the install later reports `ripgrep not found`, install ripgrep system-wide and confirm `rg --version` works in the same terminal before starting OpenClaude.

-Use Bun `1.3.11` or newer for source builds on Windows. Older Bun versions such as `1.3.4` can fail with a large batch of unresolved module errors during `bun run build`.
+### Start

 ```bash
-# Clone from gitlawb
-git clone https://node.gitlawb.com/z6MkqDnb7Siv3Cwj7pGJq4T5EsUisECqR8KpnDLwcaZq5TPr/openclaude.git
-cd openclaude
-
-# Install dependencies
-bun install
-
-# Build
-bun run build
-
-# Link globally (optional)
-npm link
+openclaude
 ```

-### Option C: Run directly with Bun (no build step)
+Inside OpenClaude:

-```bash
-git clone https://node.gitlawb.com/z6MkqDnb7Siv3Cwj7pGJq4T5EsUisECqR8KpnDLwcaZq5TPr/openclaude.git
-cd openclaude
-bun install
-bun run dev
-```
+- run `/provider` for guided provider setup and saved profiles
+- run `/onboard-github` for GitHub Models onboarding

---
+### Fastest OpenAI setup

-## Quick Start
-
-### 1. Set 3 environment variables
+macOS / Linux:

 ```bash
 export CLAUDE_CODE_USE_OPENAI=1
 export OPENAI_API_KEY=sk-your-key-here
 export OPENAI_MODEL=gpt-4o
-```
-
-### 2. Run it
-
-```bash
-# If installed via npm
-openclaude
-
-# If built from source
-bun run dev
-# or after build:
-node dist/cli.mjs
-```
-
-That's it. The tool system, streaming, file editing, multi-step reasoning — everything works through the model you picked.
-
-The npm package name is `@gitlawb/openclaude`, but the installed CLI command is still `openclaude`.
-
---
-
-## Provider Examples
-
-### OpenAI
-
-```bash
-export CLAUDE_CODE_USE_OPENAI=1
-export OPENAI_API_KEY=sk-...
-export OPENAI_MODEL=gpt-4o
-```
-
-### Codex via ChatGPT auth
-
-`codexplan` maps to GPT-5.4 on the Codex backend with high reasoning.
-`codexspark` maps to GPT-5.3 Codex Spark for faster loops.
-
-If you already use the Codex CLI, OpenClaude will read `~/.codex/auth.json`
-automatically. You can also point it elsewhere with `CODEX_AUTH_JSON_PATH` or
-override the token directly with `CODEX_API_KEY`.
-
-```bash
-export CLAUDE_CODE_USE_OPENAI=1
-export OPENAI_MODEL=codexplan
-
-# optional if you do not already have ~/.codex/auth.json
-export CODEX_API_KEY=...

 openclaude
 ```

-### DeepSeek
+Windows PowerShell:

-```bash
-export CLAUDE_CODE_USE_OPENAI=1
-export OPENAI_API_KEY=sk-...
-export OPENAI_BASE_URL=https://api.deepseek.com/v1
-export OPENAI_MODEL=deepseek-chat
+```powershell
+$env:CLAUDE_CODE_USE_OPENAI="1"
+$env:OPENAI_API_KEY="sk-your-key-here"
+$env:OPENAI_MODEL="gpt-4o"
+
+openclaude
 ```

-### Google Gemini (via OpenRouter)
+### Fastest local Ollama setup
+
+macOS / Linux:

 ```bash
-export CLAUDE_CODE_USE_OPENAI=1
-export OPENAI_API_KEY=sk-or-...
-export OPENAI_BASE_URL=https://openrouter.ai/api/v1
-export OPENAI_MODEL=google/gemini-2.0-flash
-```
-
-### Ollama (local, free)
-
-```bash
-ollama pull llama3.3:70b
-
 export CLAUDE_CODE_USE_OPENAI=1
 export OPENAI_BASE_URL=http://localhost:11434/v1
-export OPENAI_MODEL=llama3.3:70b
-# no API key needed for local models
+export OPENAI_MODEL=qwen2.5-coder:7b
+
+openclaude
 ```

-### LM Studio (local)
+Windows PowerShell:

-```bash
-export CLAUDE_CODE_USE_OPENAI=1
-export OPENAI_BASE_URL=http://localhost:1234/v1
-export OPENAI_MODEL=your-model-name
+```powershell
+$env:CLAUDE_CODE_USE_OPENAI="1"
+$env:OPENAI_BASE_URL="http://localhost:11434/v1"
+$env:OPENAI_MODEL="qwen2.5-coder:7b"
+
+openclaude
 ```

-### Together AI
+## Setup Guides

-```bash
-export CLAUDE_CODE_USE_OPENAI=1
-export OPENAI_API_KEY=...
-export OPENAI_BASE_URL=https://api.together.xyz/v1
-export OPENAI_MODEL=meta-llama/Llama-3.3-70B-Instruct-Turbo
-```
+Beginner-friendly guides:

-### Groq
+- [Non-Technical Setup](docs/non-technical-setup.md)
+- [Windows Quick Start](docs/quick-start-windows.md)
+- [macOS / Linux Quick Start](docs/quick-start-mac-linux.md)

-```bash
-export CLAUDE_CODE_USE_OPENAI=1
-export OPENAI_API_KEY=gsk_...
-export OPENAI_BASE_URL=https://api.groq.com/openai/v1
-export OPENAI_MODEL=llama-3.3-70b-versatile
-```
+Advanced and source-build guides:

-### Mistral
+- [Advanced Setup](docs/advanced-setup.md)
+- [Android Install](ANDROID_INSTALL.md)

-```bash
-export CLAUDE_CODE_USE_OPENAI=1
-export OPENAI_API_KEY=...
-export OPENAI_BASE_URL=https://api.mistral.ai/v1
-export OPENAI_MODEL=mistral-large-latest
-```
+## Supported Providers

-### Azure OpenAI
-
-```bash
-export CLAUDE_CODE_USE_OPENAI=1
-export OPENAI_API_KEY=your-azure-key
-export OPENAI_BASE_URL=https://your-resource.openai.azure.com/openai/deployments/your-deployment/v1
-export OPENAI_MODEL=gpt-4o
-```
-
---
-
-## Environment Variables
-
-| Variable | Required | Description |
-|----------|----------|-------------|
-| `CLAUDE_CODE_USE_OPENAI` | Yes | Set to `1` to enable the OpenAI provider |
-| `OPENAI_API_KEY` | Yes* | Your API key (*not needed for local models like Ollama) |
-| `OPENAI_MODEL` | Yes | Model name (e.g. `gpt-4o`, `deepseek-chat`, `llama3.3:70b`) |
-| `OPENAI_BASE_URL` | No | API endpoint (defaults to `https://api.openai.com/v1`) |
-| `CODEX_API_KEY` | Codex only | Codex/ChatGPT access token override |
-| `CODEX_AUTH_JSON_PATH` | Codex only | Path to a Codex CLI `auth.json` file |
-| `CODEX_HOME` | Codex only | Alternative Codex home directory (`auth.json` will be read from here) |
-| `OPENCLAUDE_DISABLE_CO_AUTHORED_BY` | No | Set to `1` to suppress the default `Co-Authored-By` trailer in generated git commit messages |
-
-You can also use `ANTHROPIC_MODEL` to override the model name. `OPENAI_MODEL` takes priority.
-
-OpenClaude PR bodies use OpenClaude branding by default. `OPENCLAUDE_DISABLE_CO_AUTHORED_BY` only affects the commit trailer, not PR attribution text.
-
---
-
-## Runtime Hardening
-
-Use these commands to keep the CLI stable and catch environment mistakes early:
-
-```bash
-# quick startup sanity check
-bun run smoke
-
-# validate provider env + reachability
-bun run doctor:runtime
-
-# print machine-readable runtime diagnostics
-bun run doctor:runtime:json
-
-# persist a diagnostics report to reports/doctor-runtime.json
-bun run doctor:report
-
-# full local hardening check (smoke + runtime doctor)
-bun run hardening:check
-
-# strict hardening (includes project-wide typecheck)
-bun run hardening:strict
-```
-
-Notes:
- `doctor:runtime` fails fast if `CLAUDE_CODE_USE_OPENAI=1` with a placeholder key (`SUA_CHAVE`) or a missing key for non-local providers.
- Local providers (for example `http://localhost:11434/v1`) can run without `OPENAI_API_KEY`.
- Codex profiles validate `CODEX_API_KEY` or the Codex CLI auth file and probe `POST /responses` instead of `GET /models`.
-
-### Provider Launch Profiles
-
-Use profile launchers to avoid repeated environment setup:
-
-```bash
-# one-time profile bootstrap (prefer viable local Ollama, otherwise OpenAI)
-bun run profile:init
-
-# preview the best provider/model for your goal
-bun run profile:recommend -- --goal coding --benchmark
-
-# auto-apply the best available local/openai provider/model for your goal
-bun run profile:auto -- --goal latency
-
-# codex bootstrap (defaults to codexplan and ~/.codex/auth.json)
-bun run profile:codex
-
-# openai bootstrap with explicit key
-bun run profile:init -- --provider openai --api-key sk-...
-
-# ollama bootstrap with custom model
-bun run profile:init -- --provider ollama --model llama3.1:8b
-
-# ollama bootstrap with intelligent model auto-selection
-bun run profile:init -- --provider ollama --goal coding
-
-# codex bootstrap with a fast model alias
-bun run profile:init -- --provider codex --model codexspark
-
-# launch using persisted profile (.openclaude-profile.json)
-bun run dev:profile
-
-# codex profile (uses CODEX_API_KEY or ~/.codex/auth.json)
-bun run dev:codex
-
-# OpenAI profile (requires OPENAI_API_KEY in your shell)
-bun run dev:openai
-
-# Ollama profile (defaults: localhost:11434, llama3.1:8b)
-bun run dev:ollama
-```
-
-`profile:recommend` ranks installed Ollama models for `latency`, `balanced`, or `coding`, and `profile:auto` can persist the recommendation directly.
-If no profile exists yet, `dev:profile` now uses the same goal-aware defaults when picking the initial model.
-
-Use `--provider ollama` when you want a local-only path. Auto mode falls back to OpenAI when no viable local chat model is installed.
-Goal-based Ollama selection only recommends among models that are already installed and reachable from Ollama.
-
-Use `profile:codex` or `--provider codex` when you want the ChatGPT Codex backend.
-
-`dev:openai`, `dev:ollama`, and `dev:codex` run `doctor:runtime` first and only launch the app if checks pass.
-For `dev:ollama`, make sure Ollama is running locally before launch.
-
---
+| Provider | Setup Path | Notes |
+| --- | --- | --- |
+| OpenAI-compatible | `/provider` or env vars | Works with OpenAI, OpenRouter, DeepSeek, Groq, Mistral, LM Studio, and other compatible `/v1` servers |
+| Gemini | `/provider` or env vars | Supports API key, access token, or local ADC workflow on current `main` |
+| GitHub Models | `/onboard-github` | Interactive onboarding with saved credentials |
+| Codex | `/provider` | Uses existing Codex credentials when available |
+| Ollama | `/provider` or env vars | Local inference with no API key |
+| Atomic Chat | advanced setup | Local Apple Silicon backend |
+| Bedrock / Vertex / Foundry | env vars | Additional provider integrations for supported environments |

 ## What Works

- **All tools**: Bash, FileRead, FileWrite, FileEdit, Glob, Grep, WebFetch, WebSearch, Agent, MCP, LSP, NotebookEdit, Tasks
- **Streaming**: Real-time token streaming
- **Tool calling**: Multi-step tool chains (the model calls tools, gets results, continues)
- **Images**: Base64 and URL images passed to vision models
- **Slash commands**: /commit, /review, /compact, /diff, /doctor, etc.
- **Sub-agents**: AgentTool spawns sub-agents using the same provider
- **Memory**: Persistent memory system
+- **Tool-driven coding workflows**: Bash, file read/write/edit, grep, glob, agents, tasks, MCP, and slash commands
+- **Streaming responses**: Real-time token output and tool progress
+- **Tool calling**: Multi-step tool loops with model calls, tool execution, and follow-up responses
+- **Images**: URL and base64 image inputs for providers that support vision
+- **Provider profiles**: Guided setup plus saved `.openclaude-profile.json` support
+- **Local and remote model backends**: Cloud APIs, local servers, and Apple Silicon local inference

-## What's Different
+## Provider Notes

- **No thinking mode**: Anthropic's extended thinking is disabled (OpenAI models use different reasoning)
- **No prompt caching**: Anthropic-specific cache headers are skipped
- **No beta features**: Anthropic-specific beta headers are ignored
- **Token limits**: Defaults to 32K max output — some models may cap lower, which is handled gracefully
+OpenClaude supports multiple providers, but behavior is not identical across all of them.

---
+- Anthropic-specific features may not exist on other providers
+- Tool quality depends heavily on the selected model
+- Smaller local models can struggle with long multi-step tool flows
+- Some providers impose lower output caps than the CLI defaults, and OpenClaude adapts where possible

-## How It Works
+For best results, use models with strong tool/function calling support.

-The shim (`src/services/api/openaiShim.ts`) sits between Claude Code and the LLM API:
+## Agent Routing

-```
-Claude Code Tool System
-        |
-        v
-  Anthropic SDK interface (duck-typed)
-        |
-        v
-  openaiShim.ts  <-- translates formats
-        |
-        v
-  OpenAI Chat Completions API
-        |
-        v
-  Any compatible model
+OpenClaude can route different agents to different models through settings-based routing. This is useful for cost optimization or splitting work by model strength.
+
+Add to `~/.claude/settings.json`:
+
+```json
+{
+  "agentModels": {
+    "deepseek-chat": {
+      "base_url": "https://api.deepseek.com/v1",
+      "api_key": "sk-your-key"
+    },
+    "gpt-4o": {
+      "base_url": "https://api.openai.com/v1",
+      "api_key": "sk-your-key"
+    }
+  },
+  "agentRouting": {
+    "Explore": "deepseek-chat",
+    "Plan": "gpt-4o",
+    "general-purpose": "gpt-4o",
+    "frontend-dev": "deepseek-chat",
+    "default": "gpt-4o"
+  }
+}
 ```

-It translates:
- Anthropic message blocks → OpenAI messages
- Anthropic tool_use/tool_result → OpenAI function calls
- OpenAI SSE streaming → Anthropic stream events
- Anthropic system prompt arrays → OpenAI system messages
+When no routing match is found, the global provider remains the fallback.

-The rest of Claude Code doesn't know it's talking to a different model.
+> **Note:** `api_key` values in `settings.json` are stored in plaintext. Keep this file private and do not commit it to version control.

---
+## Web Search and Fetch

-## Model Quality Notes
+By default, `WebSearch` works on non-Anthropic models using DuckDuckGo. This gives GPT-4o, DeepSeek, Gemini, Ollama, and other OpenAI-compatible providers a free web search path out of the box.

-Not all models are equal at agentic tool use. Here's a rough guide:
+> **Note:** DuckDuckGo fallback works by scraping search results and may be rate-limited, blocked, or subject to DuckDuckGo's Terms of Service. If you want a more reliable supported option, configure Firecrawl.

-| Model | Tool Calling | Code Quality | Speed |
-|-------|-------------|-------------|-------|
-| GPT-4o | Excellent | Excellent | Fast |
-| DeepSeek-V3 | Great | Great | Fast |
-| Gemini 2.0 Flash | Great | Good | Very Fast |
-| Llama 3.3 70B | Good | Good | Medium |
-| Mistral Large | Good | Good | Fast |
-| GPT-4o-mini | Good | Good | Very Fast |
-| Qwen 2.5 72B | Good | Good | Medium |
-| Smaller models (<7B) | Limited | Limited | Very Fast |
+For Anthropic-native backends and Codex responses, OpenClaude keeps the native provider web search behavior.

-For best results, use models with strong function/tool calling support.
+`WebFetch` works, but its basic HTTP plus HTML-to-markdown path can still fail on JavaScript-rendered sites or sites that block plain HTTP requests.

---
+Set a [Firecrawl](https://firecrawl.dev) API key if you want Firecrawl-powered search/fetch behavior:

-## Files Changed from Original
-
-```
-src/services/api/openaiShim.ts   — NEW: OpenAI-compatible API shim (724 lines)
-src/services/api/client.ts       — Routes to shim when CLAUDE_CODE_USE_OPENAI=1
-src/utils/model/providers.ts     — Added 'openai' provider type
-src/utils/model/configs.ts       — Added openai model mappings
-src/utils/model/model.ts         — Respects OPENAI_MODEL for defaults
-src/utils/auth.ts                — Recognizes OpenAI as valid 3P provider
+```bash
+export FIRECRAWL_API_KEY=your-key-here
 ```

-6 files changed. 786 lines added. Zero dependencies added.
+With Firecrawl enabled:
+
+- `WebSearch` can use Firecrawl's search API while DuckDuckGo remains the default free path for non-Claude models
+- `WebFetch` uses Firecrawl's scrape endpoint instead of raw HTTP, handling JS-rendered pages correctly
+
+Free tier at [firecrawl.dev](https://firecrawl.dev) includes 500 credits. The key is optional.

 ---

-## Origin
+## Headless gRPC Server

-This is a fork of [instructkr/claude-code](https://gitlawb.com/node/repos/z6MkgKkb/instructkr-claude-code), which mirrored the Claude Code source snapshot that became publicly accessible through an npm source map exposure on March 31, 2026.
+OpenClaude can be run as a headless gRPC service, allowing you to integrate its agentic capabilities (tools, bash, file editing) into other applications, CI/CD pipelines, or custom user interfaces. The server uses bidirectional streaming to send real-time text chunks, tool calls, and request permissions for sensitive commands.

-The original Claude Code source is the property of Anthropic. This repository is not affiliated with or endorsed by Anthropic.
+### 1. Start the gRPC Server
+
+Start the core engine as a gRPC service on `localhost:50051`:
+
+```bash
+npm run dev:grpc
+```
+
+#### Configuration
+
+| Variable | Default | Description |
+|-----------|-------------|------------------------------------------------|
+| `GRPC_PORT` | `50051` | Port the gRPC server listens on |
+| `GRPC_HOST` | `localhost` | Bind address. Use `0.0.0.0` to expose on all interfaces (not recommended without authentication) |
+
+### 2. Run the Test CLI Client
+
+We provide a lightweight CLI client that communicates exclusively over gRPC. It acts just like the main interactive CLI, rendering colors, streaming tokens, and prompting you for tool permissions (y/n) via the gRPC `action_required` event.
+
+In a separate terminal, run:
+
+```bash
+npm run dev:grpc:cli
+```
+
+*Note: The gRPC definitions are located in `src/proto/openclaude.proto`. You can use this file to generate clients in Python, Go, Rust, or any other language.*

 ---

+## Source Build And Local Development
+
+```bash
+bun install
+bun run build
+node dist/cli.mjs
+```
+
+Helpful commands:
+
+- `bun run dev`
+- `bun test`
+- `bun run test:coverage`
+- `bun run security:pr-scan -- --base origin/main`
+- `bun run smoke`
+- `bun run doctor:runtime`
+- `bun run verify:privacy`
+- focused `bun test ...` runs for the areas you touch
+
+## Testing And Coverage
+
+OpenClaude uses Bun's built-in test runner for unit tests.
+
+Run the full unit suite:
+
+```bash
+bun test
+```
+
+Generate unit test coverage:
+
+```bash
+bun run test:coverage
+```
+
+Open the visual coverage report:
+
+```bash
+open coverage/index.html
+```
+
+If you already have `coverage/lcov.info` and only want to rebuild the UI:
+
+```bash
+bun run test:coverage:ui
+```
+
+Use focused test runs when you only touch one area:
+
+- `bun run test:provider`
+- `bun run test:provider-recommendation`
+- `bun test path/to/file.test.ts`
+
+Recommended contributor validation before opening a PR:
+
+- `bun run build`
+- `bun run smoke`
+- `bun run test:coverage` for broader unit coverage when your change affects shared runtime or provider logic
+- focused `bun test ...` runs for the files and flows you changed
+
+Coverage output is written to `coverage/lcov.info`, and OpenClaude also generates a git-activity-style heatmap at `coverage/index.html`.
+## Repository Structure
+
+- `src/` - core CLI/runtime
+- `scripts/` - build, verification, and maintenance scripts
+- `docs/` - setup, contributor, and project documentation
+- `python/` - standalone Python helpers and their tests
+- `vscode-extension/openclaude-vscode/` - VS Code extension
+- `.github/` - repo automation, templates, and CI configuration
+- `bin/` - CLI launcher entrypoints
+
+## VS Code Extension
+
+The repo includes a VS Code extension in [`vscode-extension/openclaude-vscode`](vscode-extension/openclaude-vscode) for OpenClaude launch integration, provider-aware control-center UI, and theme support.
+
+## Security
+
+If you believe you found a security issue, see [SECURITY.md](SECURITY.md).
+
+## Community
+
+- Use [GitHub Discussions](https://github.com/Gitlawb/openclaude/discussions) for Q&A, ideas, and community conversation
+- Use [GitHub Issues](https://github.com/Gitlawb/openclaude/issues) for confirmed bugs and actionable feature work
+
+## Contributing
+
+Contributions are welcome.
+
+For larger changes, open an issue first so the scope is clear before implementation. Helpful validation commands include:
+
+- `bun run build`
+- `bun run test:coverage`
+- `bun run smoke`
+- focused `bun test ...` runs for touched areas
+
+## Disclaimer
+
+OpenClaude is an independent community project and is not affiliated with, endorsed by, or sponsored by Anthropic.
+
+OpenClaude originated from the Claude Code codebase and has since been substantially modified to support multiple providers and open use. "Claude" and "Claude Code" are trademarks of Anthropic PBC. See [LICENSE](LICENSE) for details.
+
 ## License

-This repository is provided for educational and research purposes. The original source code is subject to Anthropic's terms. The OpenAI shim additions are public domain.
+See [LICENSE](LICENSE).
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,69 @@
+# Security Policy
+
+## Supported Versions
+
+Open Claude is currently maintained on the latest `main` branch and the latest
+npm release only.
+
+| Version | Supported |
+| ------- | --------- |
+| Latest release | :white_check_mark: |
+| Older releases | :x: |
+| Unreleased forks / modified builds | :x: |
+
+Security fixes are generally released in the next patch version and may also be
+landed directly on `main` before a package release is published.
+
+## Reporting a Vulnerability
+
+If you believe you have found a security vulnerability in Open Claude, please
+report it privately.
+
+Preferred reporting channel:
+
+- GitHub Security Advisories / private vulnerability reporting for this
+  repository
+
+Please include:
+
+- a clear description of the issue
+- affected version, commit, or environment
+- reproduction steps or a proof of concept
+- impact assessment
+- any suggested remediation, if available
+
+Please do **not** open a public issue for an unpatched vulnerability.
+
+## Response Process
+
+Our general goals are:
+
+- initial triage acknowledgment within 7 days
+- follow-up after validation when we can reproduce the issue
+- coordinated disclosure after a fix is available
+
+Severity, exploitability, and maintenance bandwidth may affect timelines.
+
+## Disclosure and CVEs
+
+Valid reports may be fixed privately first and disclosed after a patch is
+available.
+
+If a report is accepted and the issue is significant enough to warrant formal
+tracking, we may publish a GitHub Security Advisory and request or assign a CVE
+through the appropriate channel. CVE issuance is not guaranteed for every
+report.
+
+## Scope
+
+This policy applies to:
+
+- the Open Claude source code in this repository
+- official release artifacts published from this repository
+- the `@gitlawb/openclaude` npm package
+
+This policy does not cover:
+
+- third-party model providers, endpoints, or hosted services
+- local misconfiguration on the reporter's machine
+- vulnerabilities in unofficial forks, mirrors, or downstream repackages
--- a/bin/import-specifier.mjs
+++ b/bin/import-specifier.mjs
@@ -1,7 +1,13 @@
-import { join } from 'path'
+import { join, win32 } from 'path'
 import { pathToFileURL } from 'url'

 export function getDistImportSpecifier(baseDir) {
-  const distPath = join(baseDir, '..', 'dist', 'cli.mjs')
+  if (/^[A-Za-z]:\\/.test(baseDir)) {
+    const distPath = win32.join(baseDir, '..', 'dist', 'cli.mjs')
+    return `file:///${distPath.replace(/\\/g, '/')}`
+  }
+
+  const joinImpl = join
+  const distPath = joinImpl(baseDir, '..', 'dist', 'cli.mjs')
  return pathToFileURL(distPath).href
 }
--- a/bun.lock
+++ b/bun.lock
@@ -5,85 +5,95 @@
    "": {
      "name": "openclaude",
      "dependencies": {
-        "@alcalzone/ansi-tokenize": "^0.3.0",
-        "@anthropic-ai/bedrock-sdk": "^0.26.0",
-        "@anthropic-ai/foundry-sdk": "^0.2.0",
-        "@anthropic-ai/sandbox-runtime": "^0.0.46",
-        "@anthropic-ai/sdk": "^0.81.0",
-        "@anthropic-ai/vertex-sdk": "^0.14.0",
-        "@commander-js/extra-typings": "^12.0.0",
-        "@growthbook/growthbook": "^1.3.0",
-        "@modelcontextprotocol/sdk": "^1.12.0",
-        "@opentelemetry/api": "^1.9.1",
-        "@opentelemetry/api-logs": "^0.214.0",
-        "@opentelemetry/core": "^2.6.1",
-        "@opentelemetry/exporter-logs-otlp-http": "^0.214.0",
-        "@opentelemetry/exporter-trace-otlp-grpc": "^0.57.0",
-        "@opentelemetry/resources": "^2.6.1",
-        "@opentelemetry/sdk-logs": "^0.214.0",
-        "@opentelemetry/sdk-metrics": "^2.6.1",
-        "@opentelemetry/sdk-trace-base": "^2.6.1",
-        "@opentelemetry/sdk-trace-node": "^2.6.1",
-        "@opentelemetry/semantic-conventions": "^1.40.0",
-        "ajv": "^8.17.0",
-        "auto-bind": "^5.0.1",
-        "axios": "^1.14.0",
-        "bidi-js": "^1.0.3",
-        "chalk": "^5.4.0",
-        "chokidar": "^4.0.0",
-        "cli-boxes": "^3.0.0",
-        "cli-highlight": "^2.1.0",
-        "code-excerpt": "^4.0.0",
-        "commander": "^12.0.0",
-        "diff": "^7.0.0",
-        "emoji-regex": "^10.4.0",
-        "env-paths": "^3.0.0",
-        "execa": "^9.5.0",
-        "fflate": "^0.8.2",
-        "figures": "^6.1.0",
-        "fuse.js": "^7.1.0",
-        "get-east-asian-width": "^1.3.0",
-        "google-auth-library": "^9.15.0",
-        "https-proxy-agent": "^7.0.6",
-        "ignore": "^7.0.0",
-        "indent-string": "^5.0.0",
-        "jsonc-parser": "^3.3.1",
-        "lodash-es": "^4.17.21",
-        "lru-cache": "^11.0.0",
-        "marked": "^15.0.0",
-        "p-map": "^7.0.3",
-        "picomatch": "^4.0.0",
-        "proper-lockfile": "^4.1.2",
-        "qrcode": "^1.5.4",
-        "react": "^19.2.4",
-        "react-compiler-runtime": "^1.0.0",
-        "react-reconciler": "^0.33.0",
-        "semver": "^7.6.3",
-        "shell-quote": "^1.8.2",
-        "signal-exit": "^4.1.0",
-        "stack-utils": "^2.0.6",
-        "strip-ansi": "^7.1.0",
-        "supports-hyperlinks": "^3.1.0",
-        "tree-kill": "^1.2.2",
-        "turndown": "^7.2.0",
-        "type-fest": "^4.30.0",
-        "undici": "^7.3.0",
-        "usehooks-ts": "^3.1.1",
-        "vscode-languageserver-protocol": "^3.17.5",
-        "wrap-ansi": "^9.0.0",
-        "ws": "^8.18.0",
-        "xss": "^1.0.15",
-        "yaml": "^2.7.0",
-        "zod": "^3.24.0",
+        "@alcalzone/ansi-tokenize": "0.3.0",
+        "@anthropic-ai/bedrock-sdk": "0.26.4",
+        "@anthropic-ai/foundry-sdk": "0.2.3",
+        "@anthropic-ai/sandbox-runtime": "0.0.46",
+        "@anthropic-ai/sdk": "0.81.0",
+        "@anthropic-ai/vertex-sdk": "0.14.4",
+        "@commander-js/extra-typings": "12.1.0",
+        "@growthbook/growthbook": "1.6.5",
+        "@grpc/grpc-js": "^1.14.3",
+        "@grpc/proto-loader": "^0.8.0",
+        "@mendable/firecrawl-js": "4.18.1",
+        "@modelcontextprotocol/sdk": "1.29.0",
+        "@opentelemetry/api": "1.9.1",
+        "@opentelemetry/api-logs": "0.214.0",
+        "@opentelemetry/core": "2.6.1",
+        "@opentelemetry/exporter-logs-otlp-http": "0.214.0",
+        "@opentelemetry/exporter-trace-otlp-grpc": "0.57.2",
+        "@opentelemetry/resources": "2.6.1",
+        "@opentelemetry/sdk-logs": "0.214.0",
+        "@opentelemetry/sdk-metrics": "2.6.1",
+        "@opentelemetry/sdk-trace-base": "2.6.1",
+        "@opentelemetry/sdk-trace-node": "2.6.1",
+        "@opentelemetry/semantic-conventions": "1.40.0",
+        "ajv": "8.18.0",
+        "auto-bind": "5.0.1",
+        "axios": "1.14.0",
+        "bidi-js": "1.0.3",
+        "chalk": "5.6.2",
+        "chokidar": "4.0.3",
+        "cli-boxes": "3.0.0",
+        "cli-highlight": "2.1.11",
+        "code-excerpt": "4.0.0",
+        "commander": "12.1.0",
+        "cross-spawn": "7.0.6",
+        "diff": "8.0.3",
+        "duck-duck-scrape": "^2.2.7",
+        "emoji-regex": "10.6.0",
+        "env-paths": "3.0.0",
+        "execa": "9.6.1",
+        "fflate": "0.8.2",
+        "figures": "6.1.0",
+        "fuse.js": "7.1.0",
+        "get-east-asian-width": "1.5.0",
+        "google-auth-library": "9.15.1",
+        "https-proxy-agent": "7.0.6",
+        "ignore": "7.0.5",
+        "indent-string": "5.0.0",
+        "jsonc-parser": "3.3.1",
+        "lodash-es": "4.18.1",
+        "lru-cache": "11.2.7",
+        "marked": "15.0.12",
+        "p-map": "7.0.4",
+        "picomatch": "4.0.4",
+        "proper-lockfile": "4.1.2",
+        "qrcode": "1.5.4",
+        "react": "19.2.4",
+        "react-compiler-runtime": "1.0.0",
+        "react-reconciler": "0.33.0",
+        "semver": "7.7.4",
+        "sharp": "^0.34.5",
+        "shell-quote": "1.8.3",
+        "signal-exit": "4.1.0",
+        "stack-utils": "2.0.6",
+        "strip-ansi": "7.2.0",
+        "supports-hyperlinks": "3.2.0",
+        "tree-kill": "1.2.2",
+        "turndown": "7.2.2",
+        "type-fest": "4.41.0",
+        "undici": "7.24.6",
+        "usehooks-ts": "3.1.1",
+        "vscode-languageserver-protocol": "3.17.5",
+        "wrap-ansi": "9.0.2",
+        "ws": "8.20.0",
+        "xss": "1.0.15",
+        "yaml": "2.8.3",
+        "zod": "3.25.76",
      },
      "devDependencies": {
-        "@types/bun": "^1.2.0",
-        "@types/node": "^25.5.0",
-        "@types/react": "^19.2.14",
-        "typescript": "^5.7.0",
+        "@types/bun": "1.3.11",
+        "@types/node": "25.5.0",
+        "@types/react": "19.2.14",
+        "tsx": "^4.21.0",
+        "typescript": "5.9.3",
      },
    },
  },
+  "overrides": {
+    "lodash-es": "4.18.1",
+  },
  "packages": {
    "@alcalzone/ansi-tokenize": ["@alcalzone/ansi-tokenize@0.3.0", "", { "dependencies": { "ansi-styles": "^6.2.1", "is-fullwidth-code-point": "^5.0.0" } }, "sha512-p+CMKJ93HFmLkjXKlXiVGlMQEuRb6H0MokBSwUsX+S6BRX8eV5naFZpQJFfJHjRZY0Hmnqy1/r6UWl3x+19zYA=="],

@@ -175,6 +185,60 @@

    "@commander-js/extra-typings": ["@commander-js/extra-typings@12.1.0", "", { "peerDependencies": { "commander": "~12.1.0" } }, "sha512-wf/lwQvWAA0goIghcb91dQYpkLBcyhOhQNqG/VgWhnKzgt+UOMvra7EX/2fv70arm5RW+PUHoQHHDa6/p77Eqg=="],

+    "@emnapi/runtime": ["@emnapi/runtime@1.9.2", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-3U4+MIWHImeyu1wnmVygh5WlgfYDtyf0k8AbLhMFxOipihf6nrWC4syIm/SwEeec0mNSafiiNnMJwbza/Is6Lw=="],
+
+    "@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.27.7", "", { "os": "aix", "cpu": "ppc64" }, "sha512-EKX3Qwmhz1eMdEJokhALr0YiD0lhQNwDqkPYyPhiSwKrh7/4KRjQc04sZ8db+5DVVnZ1LmbNDI1uAMPEUBnQPg=="],
+
+    "@esbuild/android-arm": ["@esbuild/android-arm@0.27.7", "", { "os": "android", "cpu": "arm" }, "sha512-jbPXvB4Yj2yBV7HUfE2KHe4GJX51QplCN1pGbYjvsyCZbQmies29EoJbkEc+vYuU5o45AfQn37vZlyXy4YJ8RQ=="],
+
+    "@esbuild/android-arm64": ["@esbuild/android-arm64@0.27.7", "", { "os": "android", "cpu": "arm64" }, "sha512-62dPZHpIXzvChfvfLJow3q5dDtiNMkwiRzPylSCfriLvZeq0a1bWChrGx/BbUbPwOrsWKMn8idSllklzBy+dgQ=="],
+
+    "@esbuild/android-x64": ["@esbuild/android-x64@0.27.7", "", { "os": "android", "cpu": "x64" }, "sha512-x5VpMODneVDb70PYV2VQOmIUUiBtY3D3mPBG8NxVk5CogneYhkR7MmM3yR/uMdITLrC1ml/NV1rj4bMJuy9MCg=="],
+
+    "@esbuild/darwin-arm64": ["@esbuild/darwin-arm64@0.27.7", "", { "os": "darwin", "cpu": "arm64" }, "sha512-5lckdqeuBPlKUwvoCXIgI2D9/ABmPq3Rdp7IfL70393YgaASt7tbju3Ac+ePVi3KDH6N2RqePfHnXkaDtY9fkw=="],
+
+    "@esbuild/darwin-x64": ["@esbuild/darwin-x64@0.27.7", "", { "os": "darwin", "cpu": "x64" }, "sha512-rYnXrKcXuT7Z+WL5K980jVFdvVKhCHhUwid+dDYQpH+qu+TefcomiMAJpIiC2EM3Rjtq0sO3StMV/+3w3MyyqQ=="],
+
+    "@esbuild/freebsd-arm64": ["@esbuild/freebsd-arm64@0.27.7", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-B48PqeCsEgOtzME2GbNM2roU29AMTuOIN91dsMO30t+Ydis3z/3Ngoj5hhnsOSSwNzS+6JppqWsuhTp6E82l2w=="],
+
+    "@esbuild/freebsd-x64": ["@esbuild/freebsd-x64@0.27.7", "", { "os": "freebsd", "cpu": "x64" }, "sha512-jOBDK5XEjA4m5IJK3bpAQF9/Lelu/Z9ZcdhTRLf4cajlB+8VEhFFRjWgfy3M1O4rO2GQ/b2dLwCUGpiF/eATNQ=="],
+
+    "@esbuild/linux-arm": ["@esbuild/linux-arm@0.27.7", "", { "os": "linux", "cpu": "arm" }, "sha512-RkT/YXYBTSULo3+af8Ib0ykH8u2MBh57o7q/DAs3lTJlyVQkgQvlrPTnjIzzRPQyavxtPtfg0EopvDyIt0j1rA=="],
+
+    "@esbuild/linux-arm64": ["@esbuild/linux-arm64@0.27.7", "", { "os": "linux", "cpu": "arm64" }, "sha512-RZPHBoxXuNnPQO9rvjh5jdkRmVizktkT7TCDkDmQ0W2SwHInKCAV95GRuvdSvA7w4VMwfCjUiPwDi0ZO6Nfe9A=="],
+
+    "@esbuild/linux-ia32": ["@esbuild/linux-ia32@0.27.7", "", { "os": "linux", "cpu": "ia32" }, "sha512-GA48aKNkyQDbd3KtkplYWT102C5sn/EZTY4XROkxONgruHPU72l+gW+FfF8tf2cFjeHaRbWpOYa/uRBz/Xq1Pg=="],
+
+    "@esbuild/linux-loong64": ["@esbuild/linux-loong64@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-a4POruNM2oWsD4WKvBSEKGIiWQF8fZOAsycHOt6JBpZ+JN2n2JH9WAv56SOyu9X5IqAjqSIPTaJkqN8F7XOQ5Q=="],
+
+    "@esbuild/linux-mips64el": ["@esbuild/linux-mips64el@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-KabT5I6StirGfIz0FMgl1I+R1H73Gp0ofL9A3nG3i/cYFJzKHhouBV5VWK1CSgKvVaG4q1RNpCTR2LuTVB3fIw=="],
+
+    "@esbuild/linux-ppc64": ["@esbuild/linux-ppc64@0.27.7", "", { "os": "linux", "cpu": "ppc64" }, "sha512-gRsL4x6wsGHGRqhtI+ifpN/vpOFTQtnbsupUF5R5YTAg+y/lKelYR1hXbnBdzDjGbMYjVJLJTd2OFmMewAgwlQ=="],
+
+    "@esbuild/linux-riscv64": ["@esbuild/linux-riscv64@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-hL25LbxO1QOngGzu2U5xeXtxXcW+/GvMN3ejANqXkxZ/opySAZMrc+9LY/WyjAan41unrR3YrmtTsUpwT66InQ=="],
+
+    "@esbuild/linux-s390x": ["@esbuild/linux-s390x@0.27.7", "", { "os": "linux", "cpu": "s390x" }, "sha512-2k8go8Ycu1Kb46vEelhu1vqEP+UeRVj2zY1pSuPdgvbd5ykAw82Lrro28vXUrRmzEsUV0NzCf54yARIK8r0fdw=="],
+
+    "@esbuild/linux-x64": ["@esbuild/linux-x64@0.27.7", "", { "os": "linux", "cpu": "x64" }, "sha512-hzznmADPt+OmsYzw1EE33ccA+HPdIqiCRq7cQeL1Jlq2gb1+OyWBkMCrYGBJ+sxVzve2ZJEVeePbLM2iEIZSxA=="],
+
+    "@esbuild/netbsd-arm64": ["@esbuild/netbsd-arm64@0.27.7", "", { "os": "none", "cpu": "arm64" }, "sha512-b6pqtrQdigZBwZxAn1UpazEisvwaIDvdbMbmrly7cDTMFnw/+3lVxxCTGOrkPVnsYIosJJXAsILG9XcQS+Yu6w=="],
+
+    "@esbuild/netbsd-x64": ["@esbuild/netbsd-x64@0.27.7", "", { "os": "none", "cpu": "x64" }, "sha512-OfatkLojr6U+WN5EDYuoQhtM+1xco+/6FSzJJnuWiUw5eVcicbyK3dq5EeV/QHT1uy6GoDhGbFpprUiHUYggrw=="],
+
+    "@esbuild/openbsd-arm64": ["@esbuild/openbsd-arm64@0.27.7", "", { "os": "openbsd", "cpu": "arm64" }, "sha512-AFuojMQTxAz75Fo8idVcqoQWEHIXFRbOc1TrVcFSgCZtQfSdc1RXgB3tjOn/krRHENUB4j00bfGjyl2mJrU37A=="],
+
+    "@esbuild/openbsd-x64": ["@esbuild/openbsd-x64@0.27.7", "", { "os": "openbsd", "cpu": "x64" }, "sha512-+A1NJmfM8WNDv5CLVQYJ5PshuRm/4cI6WMZRg1by1GwPIQPCTs1GLEUHwiiQGT5zDdyLiRM/l1G0Pv54gvtKIg=="],
+
+    "@esbuild/openharmony-arm64": ["@esbuild/openharmony-arm64@0.27.7", "", { "os": "none", "cpu": "arm64" }, "sha512-+KrvYb/C8zA9CU/g0sR6w2RBw7IGc5J2BPnc3dYc5VJxHCSF1yNMxTV5LQ7GuKteQXZtspjFbiuW5/dOj7H4Yw=="],
+
+    "@esbuild/sunos-x64": ["@esbuild/sunos-x64@0.27.7", "", { "os": "sunos", "cpu": "x64" }, "sha512-ikktIhFBzQNt/QDyOL580ti9+5mL/YZeUPKU2ivGtGjdTYoqz6jObj6nOMfhASpS4GU4Q/Clh1QtxWAvcYKamA=="],
+
+    "@esbuild/win32-arm64": ["@esbuild/win32-arm64@0.27.7", "", { "os": "win32", "cpu": "arm64" }, "sha512-7yRhbHvPqSpRUV7Q20VuDwbjW5kIMwTHpptuUzV+AA46kiPze5Z7qgt6CLCK3pWFrHeNfDd1VKgyP4O+ng17CA=="],
+
+    "@esbuild/win32-ia32": ["@esbuild/win32-ia32@0.27.7", "", { "os": "win32", "cpu": "ia32" }, "sha512-SmwKXe6VHIyZYbBLJrhOoCJRB/Z1tckzmgTLfFYOfpMAx63BJEaL9ExI8x7v0oAO3Zh6D/Oi1gVxEYr5oUCFhw=="],
+
+    "@esbuild/win32-x64": ["@esbuild/win32-x64@0.27.7", "", { "os": "win32", "cpu": "x64" }, "sha512-56hiAJPhwQ1R4i+21FVF7V8kSD5zZTdHcVuRFMW0hn753vVfQN8xlx4uOPT4xoGH0Z/oVATuR82AiqSTDIpaHg=="],
+
    "@growthbook/growthbook": ["@growthbook/growthbook@1.6.5", "", { "dependencies": { "dom-mutator": "^0.6.0" } }, "sha512-mUaMsgeUTpRIUOTn33EUXHRK6j7pxBjwqH4WpQyq+pukjd1AIzWlEa6w7i6bInJUcweGgP2beXZmaP6b6UPn7A=="],

    "@grpc/grpc-js": ["@grpc/grpc-js@1.14.3", "", { "dependencies": { "@grpc/proto-loader": "^0.8.0", "@js-sdsl/ordered-map": "^4.4.2" } }, "sha512-Iq8QQQ/7X3Sac15oB6p0FmUg/klxQvXLeileoqrTRGJYLV+/9tubbr9ipz0GKHjmXVsgFPo/+W+2cA8eNcR+XA=="],
@@ -183,8 +247,60 @@

    "@hono/node-server": ["@hono/node-server@1.19.12", "", { "peerDependencies": { "hono": "^4" } }, "sha512-txsUW4SQ1iilgE0l9/e9VQWmELXifEFvmdA1j6WFh/aFPj99hIntrSsq/if0UWyGVkmrRPKA1wCeP+UCr1B9Uw=="],

+    "@img/colour": ["@img/colour@1.1.0", "", {}, "sha512-Td76q7j57o/tLVdgS746cYARfSyxk8iEfRxewL9h4OMzYhbW4TAcppl0mT4eyqXddh6L/jwoM75mo7ixa/pCeQ=="],
+
+    "@img/sharp-darwin-arm64": ["@img/sharp-darwin-arm64@0.34.5", "", { "optionalDependencies": { "@img/sharp-libvips-darwin-arm64": "1.2.4" }, "os": "darwin", "cpu": "arm64" }, "sha512-imtQ3WMJXbMY4fxb/Ndp6HBTNVtWCUI0WdobyheGf5+ad6xX8VIDO8u2xE4qc/fr08CKG/7dDseFtn6M6g/r3w=="],
+
+    "@img/sharp-darwin-x64": ["@img/sharp-darwin-x64@0.34.5", "", { "optionalDependencies": { "@img/sharp-libvips-darwin-x64": "1.2.4" }, "os": "darwin", "cpu": "x64" }, "sha512-YNEFAF/4KQ/PeW0N+r+aVVsoIY0/qxxikF2SWdp+NRkmMB7y9LBZAVqQ4yhGCm/H3H270OSykqmQMKLBhBJDEw=="],
+
+    "@img/sharp-libvips-darwin-arm64": ["@img/sharp-libvips-darwin-arm64@1.2.4", "", { "os": "darwin", "cpu": "arm64" }, "sha512-zqjjo7RatFfFoP0MkQ51jfuFZBnVE2pRiaydKJ1G/rHZvnsrHAOcQALIi9sA5co5xenQdTugCvtb1cuf78Vf4g=="],
+
+    "@img/sharp-libvips-darwin-x64": ["@img/sharp-libvips-darwin-x64@1.2.4", "", { "os": "darwin", "cpu": "x64" }, "sha512-1IOd5xfVhlGwX+zXv2N93k0yMONvUlANylbJw1eTah8K/Jtpi15KC+WSiaX/nBmbm2HxRM1gZ0nSdjSsrZbGKg=="],
+
+    "@img/sharp-libvips-linux-arm": ["@img/sharp-libvips-linux-arm@1.2.4", "", { "os": "linux", "cpu": "arm" }, "sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A=="],
+
+    "@img/sharp-libvips-linux-arm64": ["@img/sharp-libvips-linux-arm64@1.2.4", "", { "os": "linux", "cpu": "arm64" }, "sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw=="],
+
+    "@img/sharp-libvips-linux-ppc64": ["@img/sharp-libvips-linux-ppc64@1.2.4", "", { "os": "linux", "cpu": "ppc64" }, "sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA=="],
+
+    "@img/sharp-libvips-linux-riscv64": ["@img/sharp-libvips-linux-riscv64@1.2.4", "", { "os": "linux", "cpu": "none" }, "sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA=="],
+
+    "@img/sharp-libvips-linux-s390x": ["@img/sharp-libvips-linux-s390x@1.2.4", "", { "os": "linux", "cpu": "s390x" }, "sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ=="],
+
+    "@img/sharp-libvips-linux-x64": ["@img/sharp-libvips-linux-x64@1.2.4", "", { "os": "linux", "cpu": "x64" }, "sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw=="],
+
+    "@img/sharp-libvips-linuxmusl-arm64": ["@img/sharp-libvips-linuxmusl-arm64@1.2.4", "", { "os": "linux", "cpu": "arm64" }, "sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw=="],
+
+    "@img/sharp-libvips-linuxmusl-x64": ["@img/sharp-libvips-linuxmusl-x64@1.2.4", "", { "os": "linux", "cpu": "x64" }, "sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg=="],
+
+    "@img/sharp-linux-arm": ["@img/sharp-linux-arm@0.34.5", "", { "optionalDependencies": { "@img/sharp-libvips-linux-arm": "1.2.4" }, "os": "linux", "cpu": "arm" }, "sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw=="],
+
+    "@img/sharp-linux-arm64": ["@img/sharp-linux-arm64@0.34.5", "", { "optionalDependencies": { "@img/sharp-libvips-linux-arm64": "1.2.4" }, "os": "linux", "cpu": "arm64" }, "sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg=="],
+
+    "@img/sharp-linux-ppc64": ["@img/sharp-linux-ppc64@0.34.5", "", { "optionalDependencies": { "@img/sharp-libvips-linux-ppc64": "1.2.4" }, "os": "linux", "cpu": "ppc64" }, "sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA=="],
+
+    "@img/sharp-linux-riscv64": ["@img/sharp-linux-riscv64@0.34.5", "", { "optionalDependencies": { "@img/sharp-libvips-linux-riscv64": "1.2.4" }, "os": "linux", "cpu": "none" }, "sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw=="],
+
+    "@img/sharp-linux-s390x": ["@img/sharp-linux-s390x@0.34.5", "", { "optionalDependencies": { "@img/sharp-libvips-linux-s390x": "1.2.4" }, "os": "linux", "cpu": "s390x" }, "sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg=="],
+
+    "@img/sharp-linux-x64": ["@img/sharp-linux-x64@0.34.5", "", { "optionalDependencies": { "@img/sharp-libvips-linux-x64": "1.2.4" }, "os": "linux", "cpu": "x64" }, "sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ=="],
+
+    "@img/sharp-linuxmusl-arm64": ["@img/sharp-linuxmusl-arm64@0.34.5", "", { "optionalDependencies": { "@img/sharp-libvips-linuxmusl-arm64": "1.2.4" }, "os": "linux", "cpu": "arm64" }, "sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg=="],
+
+    "@img/sharp-linuxmusl-x64": ["@img/sharp-linuxmusl-x64@0.34.5", "", { "optionalDependencies": { "@img/sharp-libvips-linuxmusl-x64": "1.2.4" }, "os": "linux", "cpu": "x64" }, "sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q=="],
+
+    "@img/sharp-wasm32": ["@img/sharp-wasm32@0.34.5", "", { "dependencies": { "@emnapi/runtime": "^1.7.0" }, "cpu": "none" }, "sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw=="],
+
+    "@img/sharp-win32-arm64": ["@img/sharp-win32-arm64@0.34.5", "", { "os": "win32", "cpu": "arm64" }, "sha512-WQ3AgWCWYSb2yt+IG8mnC6Jdk9Whs7O0gxphblsLvdhSpSTtmu69ZG1Gkb6NuvxsNACwiPV6cNSZNzt0KPsw7g=="],
+
+    "@img/sharp-win32-ia32": ["@img/sharp-win32-ia32@0.34.5", "", { "os": "win32", "cpu": "ia32" }, "sha512-FV9m/7NmeCmSHDD5j4+4pNI8Cp3aW+JvLoXcTUo0IqyjSfAZJ8dIUmijx1qaJsIiU+Hosw6xM5KijAWRJCSgNg=="],
+
+    "@img/sharp-win32-x64": ["@img/sharp-win32-x64@0.34.5", "", { "os": "win32", "cpu": "x64" }, "sha512-+29YMsqY2/9eFEiW93eqWnuLcWcufowXewwSNIT6UwZdUUCrM3oFjMWH/Z6/TMmb4hlFenmfAVbpWeup2jryCw=="],
+
    "@js-sdsl/ordered-map": ["@js-sdsl/ordered-map@4.4.2", "", {}, "sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw=="],

+    "@mendable/firecrawl-js": ["@mendable/firecrawl-js@4.18.1", "", { "dependencies": { "axios": "1.14.0", "firecrawl": "4.16.0", "typescript-event-target": "^1.1.1", "zod": "^3.23.8", "zod-to-json-schema": "^3.23.0" } }, "sha512-NfmJv+xcHoZthj8I3NP/8KAgO8EWcvOcTvCAvszxqs7/6sCs1CRss6Tum6RycZNSwJkr5RzQossN89IlixRfng=="],
+
    "@mixmark-io/domino": ["@mixmark-io/domino@2.2.0", "", {}, "sha512-Y28PR25bHXUg88kCV7nivXrP2Nj2RueZ3/l/jdx6J9f8J4nsEGcgX0Qe6lt7Pa+J79+kPiJU3LguR6O/6zrLOw=="],

    "@modelcontextprotocol/sdk": ["@modelcontextprotocol/sdk@1.29.0", "", { "dependencies": { "@hono/node-server": "^1.19.9", "ajv": "^8.17.1", "ajv-formats": "^3.0.1", "content-type": "^1.0.5", "cors": "^2.8.5", "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", "eventsource-parser": "^3.0.0", "express": "^5.2.1", "express-rate-limit": "^8.2.1", "hono": "^4.11.4", "jose": "^6.1.3", "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", "zod": "^3.25 || ^4.0", "zod-to-json-schema": "^3.25.1" }, "peerDependencies": { "@cfworker/json-schema": "^4.1.1" }, "optionalPeers": ["@cfworker/json-schema"] }, "sha512-zo37mZA9hJWpULgkRpowewez1y6ML5GsXJPY8FI0tBBCd77HEvza4jDqRKOXgHNn867PVGCyTdzqpz0izu5ZjQ=="],
@@ -395,7 +511,7 @@

    "cli-highlight": ["cli-highlight@2.1.11", "", { "dependencies": { "chalk": "^4.0.0", "highlight.js": "^10.7.1", "mz": "^2.4.0", "parse5": "^5.1.1", "parse5-htmlparser2-tree-adapter": "^6.0.0", "yargs": "^16.0.0" }, "bin": { "highlight": "bin/highlight" } }, "sha512-9KDcoEVwyUXrjcJNvHD0NFc/hiwe/WPVYIleQh2O1N2Zro5gWJZ/K+3DGn8w8P/F6FxOgzyC5bxDyHIgCSPhGg=="],

-    "cliui": ["cliui@7.0.4", "", { "dependencies": { "string-width": "^4.2.0", "strip-ansi": "^6.0.0", "wrap-ansi": "^7.0.0" } }, "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ=="],
+    "cliui": ["cliui@8.0.1", "", { "dependencies": { "string-width": "^4.2.0", "strip-ansi": "^6.0.1", "wrap-ansi": "^7.0.0" } }, "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ=="],

    "code-excerpt": ["code-excerpt@4.0.0", "", { "dependencies": { "convert-to-spaces": "^2.0.1" } }, "sha512-xxodCmBen3iy2i0WtAK8FlFNrRzjUqjRsMfho58xT/wvZU1YTM3fCnRjcy1gJPMepaRlgm/0e6w8SpWHpn3/cA=="],

@@ -433,12 +549,16 @@

    "depd": ["depd@2.0.0", "", {}, "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="],

-    "diff": ["diff@7.0.0", "", {}, "sha512-PJWHUb1RFevKCwaFA9RlG5tCd+FO5iRh9A8HEtkmBH2Li03iJriB6m6JIN4rGz3K3JLawI7/veA1xzRKP6ISBw=="],
+    "detect-libc": ["detect-libc@2.1.2", "", {}, "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ=="],
+
+    "diff": ["diff@8.0.3", "", {}, "sha512-qejHi7bcSD4hQAZE0tNAawRK1ZtafHDmMTMkrrIGgSLl7hTnQHmKCeB45xAcbfTqK2zowkM3j3bHt/4b/ARbYQ=="],

    "dijkstrajs": ["dijkstrajs@1.0.3", "", {}, "sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA=="],

    "dom-mutator": ["dom-mutator@0.6.0", "", {}, "sha512-iCt9o0aYfXMUkz/43ZOAUFQYotjGB+GNbYJiJdz4TgXkyToXbbRy5S6FbTp72lRBtfpUMwEc1KmpFEU4CZeoNg=="],

+    "duck-duck-scrape": ["duck-duck-scrape@2.2.7", "", { "dependencies": { "html-entities": "^2.3.3", "needle": "^3.2.0" } }, "sha512-BEcglwnfx5puJl90KQfX+Q2q5vCguqyMpZcSRPBWk8OY55qWwV93+E+7DbIkrGDW4qkqPfUvtOUdi0lXz6lEMQ=="],
+
    "dunder-proto": ["dunder-proto@1.0.1", "", { "dependencies": { "call-bind-apply-helpers": "^1.0.1", "es-errors": "^1.3.0", "gopd": "^1.2.0" } }, "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A=="],

    "ecdsa-sig-formatter": ["ecdsa-sig-formatter@1.0.11", "", { "dependencies": { "safe-buffer": "^5.0.1" } }, "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ=="],
@@ -459,6 +579,8 @@

    "es-set-tostringtag": ["es-set-tostringtag@2.1.0", "", { "dependencies": { "es-errors": "^1.3.0", "get-intrinsic": "^1.2.6", "has-tostringtag": "^1.0.2", "hasown": "^2.0.2" } }, "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA=="],

+    "esbuild": ["esbuild@0.27.7", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.27.7", "@esbuild/android-arm": "0.27.7", "@esbuild/android-arm64": "0.27.7", "@esbuild/android-x64": "0.27.7", "@esbuild/darwin-arm64": "0.27.7", "@esbuild/darwin-x64": "0.27.7", "@esbuild/freebsd-arm64": "0.27.7", "@esbuild/freebsd-x64": "0.27.7", "@esbuild/linux-arm": "0.27.7", "@esbuild/linux-arm64": "0.27.7", "@esbuild/linux-ia32": "0.27.7", "@esbuild/linux-loong64": "0.27.7", "@esbuild/linux-mips64el": "0.27.7", "@esbuild/linux-ppc64": "0.27.7", "@esbuild/linux-riscv64": "0.27.7", "@esbuild/linux-s390x": "0.27.7", "@esbuild/linux-x64": "0.27.7", "@esbuild/netbsd-arm64": "0.27.7", "@esbuild/netbsd-x64": "0.27.7", "@esbuild/openbsd-arm64": "0.27.7", "@esbuild/openbsd-x64": "0.27.7", "@esbuild/openharmony-arm64": "0.27.7", "@esbuild/sunos-x64": "0.27.7", "@esbuild/win32-arm64": "0.27.7", "@esbuild/win32-ia32": "0.27.7", "@esbuild/win32-x64": "0.27.7" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-IxpibTjyVnmrIQo5aqNpCgoACA/dTKLTlhMHihVHhdkxKyPO1uBBthumT0rdHmcsk9uMonIWS0m4FljWzILh3w=="],
+
    "escalade": ["escalade@3.2.0", "", {}, "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA=="],

    "escape-html": ["escape-html@1.0.3", "", {}, "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="],
@@ -495,6 +617,8 @@

    "find-up": ["find-up@4.1.0", "", { "dependencies": { "locate-path": "^5.0.0", "path-exists": "^4.0.0" } }, "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw=="],

+    "firecrawl": ["firecrawl@4.16.0", "", { "dependencies": { "axios": "^1.13.5", "typescript-event-target": "^1.1.1", "zod": "^3.23.8", "zod-to-json-schema": "^3.23.0" } }, "sha512-7SJ/FWhZBtW2gTCE/BsvU+gbfIpfTq+D9IH82l9MacauLVptaY6EdYAhrK3YSMC9yr5NxvxRcpZKcXG/nqjiiQ=="],
+
    "follow-redirects": ["follow-redirects@1.15.11", "", {}, "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ=="],

    "form-data": ["form-data@4.0.5", "", { "dependencies": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", "es-set-tostringtag": "^2.1.0", "hasown": "^2.0.2", "mime-types": "^2.1.12" } }, "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w=="],
@@ -503,6 +627,8 @@

    "fresh": ["fresh@2.0.0", "", {}, "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A=="],

+    "fsevents": ["fsevents@2.3.3", "", { "os": "darwin" }, "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw=="],
+
    "function-bind": ["function-bind@1.1.2", "", {}, "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA=="],

    "fuse.js": ["fuse.js@7.1.0", "", {}, "sha512-trLf4SzuuUxfusZADLINj+dE8clK1frKdmqiJNb1Es75fmI5oY6X2mxLVUciLLjxqw/xr72Dhy+lER6dGd02FQ=="],
@@ -521,6 +647,8 @@

    "get-stream": ["get-stream@9.0.1", "", { "dependencies": { "@sec-ant/readable-stream": "^0.4.1", "is-stream": "^4.0.1" } }, "sha512-kVCxPF3vQM/N0B1PmoqVUqgHP+EeVjmZSQn+1oCRPxd2P21P2F19lIgbR3HBosbB1PUhOAoctJnfEn2GbN2eZA=="],

+    "get-tsconfig": ["get-tsconfig@4.13.7", "", { "dependencies": { "resolve-pkg-maps": "^1.0.0" } }, "sha512-7tN6rFgBlMgpBML5j8typ92BKFi2sFQvIdpAqLA2beia5avZDrMs0FLZiM5etShWq5irVyGcGMEA1jcDaK7A/Q=="],
+
    "google-auth-library": ["google-auth-library@9.15.1", "", { "dependencies": { "base64-js": "^1.3.0", "ecdsa-sig-formatter": "^1.0.11", "gaxios": "^6.1.1", "gcp-metadata": "^6.1.0", "gtoken": "^7.0.0", "jws": "^4.0.0" } }, "sha512-Jb6Z0+nvECVz+2lzSMt9u98UsoakXxA2HGHMCxh+so3n90XgYWkq5dur19JAJV7ONiJY22yBTyJB1TSkvPq9Ng=="],

    "google-logging-utils": ["google-logging-utils@0.0.2", "", {}, "sha512-NEgUnEcBiP5HrPzufUkBzJOD/Sxsco3rLNo1F1TNf7ieU8ryUzBhqba8r756CjLX7rn3fHl6iLEwPYuqpoKgQQ=="],
@@ -543,6 +671,8 @@

    "hono": ["hono@4.12.9", "", {}, "sha512-wy3T8Zm2bsEvxKZM5w21VdHDDcwVS1yUFFY6i8UobSsKfFceT7TOwhbhfKsDyx7tYQlmRM5FLpIuYvNFyjctiA=="],

+    "html-entities": ["html-entities@2.6.0", "", {}, "sha512-kig+rMn/QOVRvr7c86gQ8lWXq+Hkv6CbAH1hLu+RG338StTpE8Z0b44SDVaqVu7HGKf27frdmUYEs9hTUX/cLQ=="],
+
    "http-errors": ["http-errors@2.0.1", "", { "dependencies": { "depd": "~2.0.0", "inherits": "~2.0.4", "setprototypeof": "~1.2.0", "statuses": "~2.0.2", "toidentifier": "~1.0.1" } }, "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ=="],

    "https-proxy-agent": ["https-proxy-agent@7.0.6", "", { "dependencies": { "agent-base": "^7.1.2", "debug": "4" } }, "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw=="],
@@ -591,7 +721,7 @@

    "locate-path": ["locate-path@5.0.0", "", { "dependencies": { "p-locate": "^4.1.0" } }, "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g=="],

-    "lodash-es": ["lodash-es@4.17.23", "", {}, "sha512-kVI48u3PZr38HdYz98UmfPnXl2DXrpdctLrFLCd3kOx1xUkOmpFPx7gCWWM5MPkL/fD8zb+Ph0QzjGFs4+hHWg=="],
+    "lodash-es": ["lodash-es@4.18.1", "", {}, "sha512-J8xewKD/Gk22OZbhpOVSwcs60zhd95ESDwezOFuA3/099925PdHJ7OFHNTGtajL3AlZkykD32HykiMo+BIBI8A=="],

    "lodash.camelcase": ["lodash.camelcase@4.3.0", "", {}, "sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA=="],

@@ -617,6 +747,8 @@

    "mz": ["mz@2.7.0", "", { "dependencies": { "any-promise": "^1.0.0", "object-assign": "^4.0.1", "thenify-all": "^1.0.0" } }, "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q=="],

+    "needle": ["needle@3.5.0", "", { "dependencies": { "iconv-lite": "^0.6.3", "sax": "^1.2.4" }, "bin": { "needle": "bin/needle" } }, "sha512-jaQyPKKk2YokHrEg+vFDYxXIHTCBgiZwSHOoVx/8V3GIBS8/VN6NdVRmg8q1ERtPkMvmOvebsgga4sAj5hls/w=="],
+
    "negotiator": ["negotiator@1.0.0", "", {}, "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg=="],

    "node-fetch": ["node-fetch@2.7.0", "", { "dependencies": { "whatwg-url": "^5.0.0" }, "peerDependencies": { "encoding": "^0.1.0" }, "optionalPeers": ["encoding"] }, "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A=="],
@@ -693,6 +825,8 @@

    "require-main-filename": ["require-main-filename@2.0.0", "", {}, "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg=="],

+    "resolve-pkg-maps": ["resolve-pkg-maps@1.0.0", "", {}, "sha512-seS2Tj26TBVOC2NIc2rOe2y2ZO7efxITtLZcGSOnHHNOQ7CkiUBfw0Iw2ck6xkIhPwLhKNLS8BO+hEpngQlqzw=="],
+
    "retry": ["retry@0.12.0", "", {}, "sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow=="],

    "router": ["router@2.2.0", "", { "dependencies": { "debug": "^4.4.0", "depd": "^2.0.0", "is-promise": "^4.0.0", "parseurl": "^1.3.3", "path-to-regexp": "^8.0.0" } }, "sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ=="],
@@ -701,6 +835,8 @@

    "safer-buffer": ["safer-buffer@2.1.2", "", {}, "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="],

+    "sax": ["sax@1.6.0", "", {}, "sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA=="],
+
    "scheduler": ["scheduler@0.27.0", "", {}, "sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q=="],

    "semver": ["semver@7.7.4", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA=="],
@@ -713,6 +849,8 @@

    "setprototypeof": ["setprototypeof@1.2.0", "", {}, "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="],

+    "sharp": ["sharp@0.34.5", "", { "dependencies": { "@img/colour": "^1.0.0", "detect-libc": "^2.1.2", "semver": "^7.7.3" }, "optionalDependencies": { "@img/sharp-darwin-arm64": "0.34.5", "@img/sharp-darwin-x64": "0.34.5", "@img/sharp-libvips-darwin-arm64": "1.2.4", "@img/sharp-libvips-darwin-x64": "1.2.4", "@img/sharp-libvips-linux-arm": "1.2.4", "@img/sharp-libvips-linux-arm64": "1.2.4", "@img/sharp-libvips-linux-ppc64": "1.2.4", "@img/sharp-libvips-linux-riscv64": "1.2.4", "@img/sharp-libvips-linux-s390x": "1.2.4", "@img/sharp-libvips-linux-x64": "1.2.4", "@img/sharp-libvips-linuxmusl-arm64": "1.2.4", "@img/sharp-libvips-linuxmusl-x64": "1.2.4", "@img/sharp-linux-arm": "0.34.5", "@img/sharp-linux-arm64": "0.34.5", "@img/sharp-linux-ppc64": "0.34.5", "@img/sharp-linux-riscv64": "0.34.5", "@img/sharp-linux-s390x": "0.34.5", "@img/sharp-linux-x64": "0.34.5", "@img/sharp-linuxmusl-arm64": "0.34.5", "@img/sharp-linuxmusl-x64": "0.34.5", "@img/sharp-wasm32": "0.34.5", "@img/sharp-win32-arm64": "0.34.5", "@img/sharp-win32-ia32": "0.34.5", "@img/sharp-win32-x64": "0.34.5" } }, "sha512-Ou9I5Ft9WNcCbXrU9cMgPBcCK8LiwLqcbywW3t4oDV37n1pzpuNLsYiAV8eODnjbtQlSDwZ2cUEeQz4E54Hltg=="],
+
    "shebang-command": ["shebang-command@2.0.0", "", { "dependencies": { "shebang-regex": "^3.0.0" } }, "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA=="],

    "shebang-regex": ["shebang-regex@3.0.0", "", {}, "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A=="],
@@ -759,6 +897,8 @@

    "tslib": ["tslib@1.14.1", "", {}, "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="],

+    "tsx": ["tsx@4.21.0", "", { "dependencies": { "esbuild": "~0.27.0", "get-tsconfig": "^4.7.5" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "bin": { "tsx": "dist/cli.mjs" } }, "sha512-5C1sg4USs1lfG0GFb2RLXsdpXqBSEhAaA/0kPL01wxzpMqLILNxIxIOKiILz+cdg/pLnOUxFYOR5yhHU666wbw=="],
+
    "turndown": ["turndown@7.2.2", "", { "dependencies": { "@mixmark-io/domino": "^2.2.0" } }, "sha512-1F7db8BiExOKxjSMU2b7if62D/XOyQyZbPKq/nUwopfgnHlqXHqQ0lvfUTeUIr1lZJzOPFn43dODyMSIfvWRKQ=="],

    "type-fest": ["type-fest@4.41.0", "", {}, "sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA=="],
@@ -767,6 +907,8 @@

    "typescript": ["typescript@5.9.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw=="],

+    "typescript-event-target": ["typescript-event-target@1.1.2", "", {}, "sha512-TvkrTUpv7gCPlcnSoEwUVUBwsdheKm+HF5u2tPAKubkIGMfovdSizCTaZRY/NhR8+Ijy8iZZUapbVQAsNrkFrw=="],
+
    "undici": ["undici@7.24.6", "", {}, "sha512-Xi4agocCbRzt0yYMZGMA6ApD7gvtUFaxm4ZmeacWI4cZxaF6C+8I8QfofC20NAePiB/IcvZmzkJ7XPa471AEtA=="],

    "undici-types": ["undici-types@7.18.2", "", {}, "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w=="],
@@ -807,9 +949,9 @@

    "yaml": ["yaml@2.8.3", "", { "bin": { "yaml": "bin.mjs" } }, "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg=="],

-    "yargs": ["yargs@16.2.0", "", { "dependencies": { "cliui": "^7.0.2", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "require-directory": "^2.1.1", "string-width": "^4.2.0", "y18n": "^5.0.5", "yargs-parser": "^20.2.2" } }, "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw=="],
+    "yargs": ["yargs@17.7.2", "", { "dependencies": { "cliui": "^8.0.1", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "require-directory": "^2.1.1", "string-width": "^4.2.3", "y18n": "^5.0.5", "yargs-parser": "^21.1.1" } }, "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w=="],

-    "yargs-parser": ["yargs-parser@20.2.9", "", {}, "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w=="],
+    "yargs-parser": ["yargs-parser@21.1.1", "", {}, "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw=="],

    "yoctocolors": ["yoctocolors@2.1.2", "", {}, "sha512-CzhO+pFNo8ajLM2d2IW/R93ipy99LWjtwblvC1RsoSUMZgyLbYFr221TnSNT7GjGdYui6P459mw9JH/g/zW2ug=="],

@@ -1007,7 +1149,7 @@

    "@aws-sdk/xml-builder/tslib": ["tslib@2.8.1", "", {}, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],

-    "@grpc/proto-loader/yargs": ["yargs@17.7.2", "", { "dependencies": { "cliui": "^8.0.1", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "require-directory": "^2.1.1", "string-width": "^4.2.3", "y18n": "^5.0.5", "yargs-parser": "^21.1.1" } }, "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w=="],
+    "@emnapi/runtime/tslib": ["tslib@2.8.1", "", {}, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],

    "@opentelemetry/exporter-trace-otlp-grpc/@opentelemetry/core": ["@opentelemetry/core@1.30.1", "", { "dependencies": { "@opentelemetry/semantic-conventions": "1.28.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.0.0 <1.10.0" } }, "sha512-OOCM2C/QIURhJMuKaekP3TRBxBKxG/TWWA0TL2J6nXUtDnuCtccy49LUJF8xPFXMX+0LMcxFpCo8M9cGY1W6rQ=="],

@@ -1227,6 +1369,8 @@

    "cli-highlight/chalk": ["chalk@4.1.2", "", { "dependencies": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" } }, "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA=="],

+    "cli-highlight/yargs": ["yargs@16.2.0", "", { "dependencies": { "cliui": "^7.0.2", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "require-directory": "^2.1.1", "string-width": "^4.2.0", "y18n": "^5.0.5", "yargs-parser": "^20.2.2" } }, "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw=="],
+
    "cliui/string-width": ["string-width@4.2.3", "", { "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" } }, "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g=="],

    "cliui/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
@@ -1237,6 +1381,8 @@

    "gaxios/is-stream": ["is-stream@2.0.1", "", {}, "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg=="],

+    "needle/iconv-lite": ["iconv-lite@0.6.3", "", { "dependencies": { "safer-buffer": ">= 2.1.2 < 3.0.0" } }, "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw=="],
+
    "npm-run-path/path-key": ["path-key@4.0.0", "", {}, "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ=="],

    "parse5-htmlparser2-tree-adapter/parse5": ["parse5@6.0.1", "", {}, "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw=="],
@@ -1279,12 +1425,6 @@

    "@aws-sdk/nested-clients/@smithy/util-base64/@smithy/util-buffer-from": ["@smithy/util-buffer-from@4.2.2", "", { "dependencies": { "@smithy/is-array-buffer": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-FDXD7cvUoFWwN6vtQfEta540Y/YBe5JneK3SoZg9bThSoOAC/eGeYEua6RkBgKjGa/sz6Y+DuBZj3+YEY21y4Q=="],

-    "@grpc/proto-loader/yargs/cliui": ["cliui@8.0.1", "", { "dependencies": { "string-width": "^4.2.0", "strip-ansi": "^6.0.1", "wrap-ansi": "^7.0.0" } }, "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ=="],
-
-    "@grpc/proto-loader/yargs/string-width": ["string-width@4.2.3", "", { "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" } }, "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g=="],
-
-    "@grpc/proto-loader/yargs/yargs-parser": ["yargs-parser@21.1.1", "", {}, "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw=="],
-
    "@opentelemetry/exporter-trace-otlp-grpc/@opentelemetry/core/@opentelemetry/semantic-conventions": ["@opentelemetry/semantic-conventions@1.28.0", "", {}, "sha512-lp4qAiMTD4sNWW4DbKLBkfiMZ4jbAboJIGOQr5DvciMRI494OapieI9qiODpOt0XBr1LjIDy1xAGAnVs5supTA=="],

    "@opentelemetry/exporter-trace-otlp-grpc/@opentelemetry/otlp-transformer/@opentelemetry/api-logs": ["@opentelemetry/api-logs@0.57.2", "", { "dependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-uIX52NnTM0iBh84MShlpouI7UKqkZ7MrUszTmaypHBu4r7NofznSnQRfJ+uUeDtQDj6w8eFGg5KBLDAwAPz1+A=="],
@@ -1351,6 +1491,12 @@

    "cli-highlight/chalk/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="],

+    "cli-highlight/yargs/cliui": ["cliui@7.0.4", "", { "dependencies": { "string-width": "^4.2.0", "strip-ansi": "^6.0.0", "wrap-ansi": "^7.0.0" } }, "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ=="],
+
+    "cli-highlight/yargs/string-width": ["string-width@4.2.3", "", { "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" } }, "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g=="],
+
+    "cli-highlight/yargs/yargs-parser": ["yargs-parser@20.2.9", "", {}, "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w=="],
+
    "cliui/string-width/emoji-regex": ["emoji-regex@8.0.0", "", {}, "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="],

    "cliui/string-width/is-fullwidth-code-point": ["is-fullwidth-code-point@3.0.0", "", {}, "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg=="],
@@ -1391,16 +1537,6 @@

    "@aws-sdk/nested-clients/@smithy/util-base64/@smithy/util-buffer-from/@smithy/is-array-buffer": ["@smithy/is-array-buffer@4.2.2", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-n6rQ4N8Jj4YTQO3YFrlgZuwKodf4zUFs7EJIWH86pSCWBaAtAGBFfCM7Wx6D2bBJ2xqFNxGBSrUWswT3M0VJow=="],

-    "@grpc/proto-loader/yargs/cliui/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
-
-    "@grpc/proto-loader/yargs/cliui/wrap-ansi": ["wrap-ansi@7.0.0", "", { "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" } }, "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q=="],
-
-    "@grpc/proto-loader/yargs/string-width/emoji-regex": ["emoji-regex@8.0.0", "", {}, "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="],
-
-    "@grpc/proto-loader/yargs/string-width/is-fullwidth-code-point": ["is-fullwidth-code-point@3.0.0", "", {}, "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg=="],
-
-    "@grpc/proto-loader/yargs/string-width/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
-
    "@opentelemetry/otlp-grpc-exporter-base/@opentelemetry/otlp-transformer/@opentelemetry/resources/@opentelemetry/semantic-conventions": ["@opentelemetry/semantic-conventions@1.28.0", "", {}, "sha512-lp4qAiMTD4sNWW4DbKLBkfiMZ4jbAboJIGOQr5DvciMRI494OapieI9qiODpOt0XBr1LjIDy1xAGAnVs5supTA=="],

    "@opentelemetry/otlp-grpc-exporter-base/@opentelemetry/otlp-transformer/@opentelemetry/sdk-trace-base/@opentelemetry/semantic-conventions": ["@opentelemetry/semantic-conventions@1.28.0", "", {}, "sha512-lp4qAiMTD4sNWW4DbKLBkfiMZ4jbAboJIGOQr5DvciMRI494OapieI9qiODpOt0XBr1LjIDy1xAGAnVs5supTA=="],
@@ -1421,6 +1557,16 @@

    "@smithy/smithy-client/@smithy/util-stream/@smithy/node-http-handler/@smithy/querystring-builder": ["@smithy/querystring-builder@2.2.0", "", { "dependencies": { "@smithy/types": "^2.12.0", "@smithy/util-uri-escape": "^2.2.0", "tslib": "^2.6.2" } }, "sha512-L1kSeviUWL+emq3CUVSgdogoM/D9QMFaqxL/dd0X7PCNWmPXqt+ExtrBjqT0V7HLN03Vs9SuiLrG3zy3JGnE5A=="],

+    "cli-highlight/yargs/cliui/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
+
+    "cli-highlight/yargs/cliui/wrap-ansi": ["wrap-ansi@7.0.0", "", { "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" } }, "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q=="],
+
+    "cli-highlight/yargs/string-width/emoji-regex": ["emoji-regex@8.0.0", "", {}, "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="],
+
+    "cli-highlight/yargs/string-width/is-fullwidth-code-point": ["is-fullwidth-code-point@3.0.0", "", {}, "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg=="],
+
+    "cli-highlight/yargs/string-width/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
+
    "qrcode/yargs/cliui/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],

    "qrcode/yargs/cliui/wrap-ansi": ["wrap-ansi@6.2.0", "", { "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" } }, "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA=="],
@@ -1433,16 +1579,16 @@

    "yargs/string-width/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],

-    "@grpc/proto-loader/yargs/cliui/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
-
-    "@grpc/proto-loader/yargs/cliui/wrap-ansi/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="],
-
-    "@grpc/proto-loader/yargs/string-width/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
-
    "@smithy/smithy-client/@smithy/util-stream/@smithy/fetch-http-handler/@smithy/querystring-builder/@smithy/util-uri-escape": ["@smithy/util-uri-escape@2.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-jtmJMyt1xMD/d8OtbVJ2gFZOSKc+ueYJZPW20ULW1GOp/q/YIM0wNh+u8ZFao9UaIGz4WoPW8hC64qlWLIfoDA=="],

    "@smithy/smithy-client/@smithy/util-stream/@smithy/node-http-handler/@smithy/querystring-builder/@smithy/util-uri-escape": ["@smithy/util-uri-escape@2.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-jtmJMyt1xMD/d8OtbVJ2gFZOSKc+ueYJZPW20ULW1GOp/q/YIM0wNh+u8ZFao9UaIGz4WoPW8hC64qlWLIfoDA=="],

+    "cli-highlight/yargs/cliui/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
+
+    "cli-highlight/yargs/cliui/wrap-ansi/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="],
+
+    "cli-highlight/yargs/string-width/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
+
    "qrcode/yargs/cliui/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],

    "qrcode/yargs/cliui/wrap-ansi/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="],
--- a/docs/advanced-setup.md
+++ b/docs/advanced-setup.md
@@ -0,0 +1,262 @@
+# OpenClaude Advanced Setup
+
+This guide is for users who want source builds, Bun workflows, provider profiles, diagnostics, or more control over runtime behavior.
+
+## Install Options
+
+### Option A: npm
+
+```bash
+npm install -g @gitlawb/openclaude
+```
+
+### Option B: From source with Bun
+
+Use Bun `1.3.11` or newer for source builds on Windows. Older Bun versions can fail during `bun run build`.
+
+```bash
+git clone https://node.gitlawb.com/z6MkqDnb7Siv3Cwj7pGJq4T5EsUisECqR8KpnDLwcaZq5TPr/openclaude.git
+cd openclaude
+
+bun install
+bun run build
+npm link
+```
+
+### Option C: Run directly with Bun
+
+```bash
+git clone https://node.gitlawb.com/z6MkqDnb7Siv3Cwj7pGJq4T5EsUisECqR8KpnDLwcaZq5TPr/openclaude.git
+cd openclaude
+
+bun install
+bun run dev
+```
+
+## Provider Examples
+
+### OpenAI
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_API_KEY=sk-...
+export OPENAI_MODEL=gpt-4o
+```
+
+### Codex via ChatGPT auth
+
+`codexplan` maps to GPT-5.4 on the Codex backend with high reasoning.
+`codexspark` maps to GPT-5.3 Codex Spark for faster loops.
+
+If you already use the Codex CLI, OpenClaude reads `~/.codex/auth.json` automatically. You can also point it elsewhere with `CODEX_AUTH_JSON_PATH` or override the token directly with `CODEX_API_KEY`.
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_MODEL=codexplan
+
+# optional if you do not already have ~/.codex/auth.json
+export CODEX_API_KEY=...
+
+openclaude
+```
+
+### DeepSeek
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_API_KEY=sk-...
+export OPENAI_BASE_URL=https://api.deepseek.com/v1
+export OPENAI_MODEL=deepseek-chat
+```
+
+### Google Gemini via OpenRouter
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_API_KEY=sk-or-...
+export OPENAI_BASE_URL=https://openrouter.ai/api/v1
+export OPENAI_MODEL=google/gemini-2.0-flash-001
+```
+
+OpenRouter model availability changes over time. If a model stops working, try another current OpenRouter model before assuming the integration is broken.
+
+### Ollama
+
+```bash
+ollama pull llama3.3:70b
+
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_BASE_URL=http://localhost:11434/v1
+export OPENAI_MODEL=llama3.3:70b
+```
+
+### Atomic Chat (local, Apple Silicon)
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_BASE_URL=http://127.0.0.1:1337/v1
+export OPENAI_MODEL=your-model-name
+```
+
+No API key is needed for Atomic Chat local models.
+
+Or use the profile launcher:
+
+```bash
+bun run dev:atomic-chat
+```
+
+Download Atomic Chat from [atomic.chat](https://atomic.chat/). The app must be running with a model loaded before launching.
+
+### LM Studio
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_BASE_URL=http://localhost:1234/v1
+export OPENAI_MODEL=your-model-name
+```
+
+### Together AI
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_API_KEY=...
+export OPENAI_BASE_URL=https://api.together.xyz/v1
+export OPENAI_MODEL=meta-llama/Llama-3.3-70B-Instruct-Turbo
+```
+
+### Groq
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_API_KEY=gsk_...
+export OPENAI_BASE_URL=https://api.groq.com/openai/v1
+export OPENAI_MODEL=llama-3.3-70b-versatile
+```
+
+### Mistral
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_API_KEY=...
+export OPENAI_BASE_URL=https://api.mistral.ai/v1
+export OPENAI_MODEL=mistral-large-latest
+```
+
+### Azure OpenAI
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_API_KEY=your-azure-key
+export OPENAI_BASE_URL=https://your-resource.openai.azure.com/openai/deployments/your-deployment/v1
+export OPENAI_MODEL=gpt-4o
+```
+
+## Environment Variables
+
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `CLAUDE_CODE_USE_OPENAI` | Yes | Set to `1` to enable the OpenAI provider |
+| `OPENAI_API_KEY` | Yes* | Your API key (`*` not needed for local models like Ollama or Atomic Chat) |
+| `OPENAI_MODEL` | Yes | Model name such as `gpt-4o`, `deepseek-chat`, or `llama3.3:70b` |
+| `OPENAI_BASE_URL` | No | API endpoint, defaulting to `https://api.openai.com/v1` |
+| `CODEX_API_KEY` | Codex only | Codex or ChatGPT access token override |
+| `CODEX_AUTH_JSON_PATH` | Codex only | Path to a Codex CLI `auth.json` file |
+| `CODEX_HOME` | Codex only | Alternative Codex home directory |
+| `OPENCLAUDE_DISABLE_CO_AUTHORED_BY` | No | Suppress the default `Co-Authored-By` trailer in generated git commits |
+
+You can also use `ANTHROPIC_MODEL` to override the model name. `OPENAI_MODEL` takes priority.
+
+## Runtime Hardening
+
+Use these commands to validate your setup and catch mistakes early:
+
+```bash
+# quick startup sanity check
+bun run smoke
+
+# validate provider env + reachability
+bun run doctor:runtime
+
+# print machine-readable runtime diagnostics
+bun run doctor:runtime:json
+
+# persist a diagnostics report to reports/doctor-runtime.json
+bun run doctor:report
+
+# full local hardening check (smoke + runtime doctor)
+bun run hardening:check
+
+# strict hardening (includes project-wide typecheck)
+bun run hardening:strict
+```
+
+Notes:
+
+- `doctor:runtime` fails fast if `CLAUDE_CODE_USE_OPENAI=1` with a placeholder key or a missing key for non-local providers.
+- Local providers such as `http://localhost:11434/v1`, `http://10.0.0.1:11434/v1`, and `http://127.0.0.1:1337/v1` can run without `OPENAI_API_KEY`.
+- Codex profiles validate `CODEX_API_KEY` or the Codex CLI auth file and probe `POST /responses` instead of `GET /models`.
+
+## Provider Launch Profiles
+
+Use profile launchers to avoid repeated environment setup:
+
+```bash
+# one-time profile bootstrap (prefer viable local Ollama, otherwise OpenAI)
+bun run profile:init
+
+# preview the best provider/model for your goal
+bun run profile:recommend -- --goal coding --benchmark
+
+# auto-apply the best available local/openai provider/model for your goal
+bun run profile:auto -- --goal latency
+
+# codex bootstrap (defaults to codexplan and ~/.codex/auth.json)
+bun run profile:codex
+
+# openai bootstrap with explicit key
+bun run profile:init -- --provider openai --api-key sk-...
+
+# ollama bootstrap with custom model
+bun run profile:init -- --provider ollama --model llama3.1:8b
+
+# ollama bootstrap with intelligent model auto-selection
+bun run profile:init -- --provider ollama --goal coding
+
+# atomic-chat bootstrap (auto-detects running model)
+bun run profile:init -- --provider atomic-chat
+
+# codex bootstrap with a fast model alias
+bun run profile:init -- --provider codex --model codexspark
+
+# launch using persisted profile (.openclaude-profile.json)
+bun run dev:profile
+
+# codex profile (uses CODEX_API_KEY or ~/.codex/auth.json)
+bun run dev:codex
+
+# OpenAI profile (requires OPENAI_API_KEY in your shell)
+bun run dev:openai
+
+# Ollama profile (defaults: localhost:11434, llama3.1:8b)
+bun run dev:ollama
+
+# Atomic Chat profile (Apple Silicon local LLMs at 127.0.0.1:1337)
+bun run dev:atomic-chat
+```
+
+`profile:recommend` ranks installed Ollama models for `latency`, `balanced`, or `coding`, and `profile:auto` can persist the recommendation directly.
+
+If no profile exists yet, `dev:profile` uses the same goal-aware defaults when picking the initial model.
+
+Use `--provider ollama` when you want a local-only path. Auto mode falls back to OpenAI when no viable local chat model is installed.
+
+Use `--provider atomic-chat` when you want Atomic Chat as the local Apple Silicon provider.
+
+Use `profile:codex` or `--provider codex` when you want the ChatGPT Codex backend.
+
+`dev:openai`, `dev:ollama`, `dev:atomic-chat`, and `dev:codex` run `doctor:runtime` first and only launch the app if checks pass.
+
+For `dev:ollama`, make sure Ollama is running locally before launch.
+
+For `dev:atomic-chat`, make sure Atomic Chat is running with a model loaded before launch.
--- a/docs/litellm-setup.md
+++ b/docs/litellm-setup.md
@@ -0,0 +1,144 @@
+# LiteLLM Setup
+
+OpenClaude can connect to LiteLLM through LiteLLM's OpenAI-compatible proxy.
+
+## Overview
+
+LiteLLM is an open-source LLM gateway that provides a unified API to 100+ model providers. By running the LiteLLM Proxy, you can route OpenClaude requests through LiteLLM to access any of its supported providers — all while using OpenClaude's existing OpenAI-compatible provider path.
+
+## Prerequisites
+
+- LiteLLM installed (`pip install litellm[proxy]`)
+- A `litellm_config.yaml` or equivalent LiteLLM configuration
+- LiteLLM Proxy running on a local or remote port
+
+## 1. Start the LiteLLM Proxy
+
+### Basic installation
+
+```bash
+pip install litellm[proxy]
+```
+
+### Configure LiteLLM
+
+Create a `litellm_config.yaml` with your desired model aliases:
+
+```yaml
+model_list:
+  - model_name: gpt-4o
+    litellm_params:
+      model: openai/gpt-4o
+      api_key: os.environ/OPENAI_API_KEY
+
+  - model_name: claude-sonnet-4
+    litellm_params:
+      model: anthropic/claude-sonnet-4-5-20250929
+      api_key: os.environ/ANTHROPIC_API_KEY
+
+  - model_name: gemini-2.5-flash
+    litellm_params:
+      model: gemini/gemini-2.5-flash
+      api_key: os.environ/GEMINI_API_KEY
+
+  - model_name: llama-3.3-70b
+    litellm_params:
+      model: together_ai/meta-llama/Llama-3.3-70B-Instruct-Turbo
+      api_key: os.environ/TOGETHER_API_KEY
+```
+
+### Run the proxy
+
+```bash
+litellm --config litellm_config.yaml --port 4000
+```
+
+The proxy will start at `http://localhost:4000` by default.
+
+## 2. Point OpenClaude to LiteLLM
+
+### Option A: Environment Variables
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_BASE_URL=http://localhost:4000
+export OPENAI_API_KEY=<your-master-key-or-placeholder>
+export OPENAI_MODEL=<your-litellm-model-alias>
+openclaude
+```
+
+Replace `<your-litellm-model-alias>` with a model name from your `litellm_config.yaml` (e.g., `gpt-4o`, `claude-sonnet-4`, `gemini-2.5-flash`).
+
+### Option B: Using /provider
+
+1. Run `openclaude`
+2. Type `/provider` to open the provider setup flow
+3. Choose the **OpenAI-compatible** option
+4. When prompted for the API key, enter the key required by your LiteLLM proxy
+   If your local LiteLLM setup does not enforce auth, you may still need to enter a placeholder value
+      - 5. When prompted for the base URL, enter `http://localhost:4000`
+        6. 6. When prompted for the model, enter the LiteLLM model name or alias you configured
+           7. 7. Save the provider configuration
+
+## 3. Example LiteLLM Configs
+
+### Multi-provider routing with spend tracking
+
+```yaml
+model_list:
+  - model_name: gpt-4o
+    litellm_params:
+      model: openai/gpt-4o
+      api_key: os.environ/OPENAI_API_KEY
+
+  - model_name: claude-sonnet-4
+    litellm_params:
+      model: anthropic/claude-sonnet-4-5-20250929
+      api_key: os.environ/ANTHROPIC_API_KEY
+
+  - model_name: deepseek-chat
+    litellm_params:
+      model: deepseek/deepseek-chat
+      api_key: os.environ/DEEPSEEK_API_KEY
+
+litellm_settings:
+  set_verbose: false
+  num_retries: 3
+```
+
+### With a master key for auth
+
+```bash
+# Start proxy with a master key
+litellm --config litellm_config.yaml --port 4000 --master_key sk-my-master-key
+
+# Connect OpenClaude
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_BASE_URL=http://localhost:4000
+export OPENAI_API_KEY=sk-my-master-key
+export OPENAI_MODEL=gpt-4o
+openclaude
+```
+
+## 4. Notes
+
+- `OPENAI_MODEL` must match the **LiteLLM model alias** defined in your config, not the upstream raw provider model name.
+- If your proxy requires authentication, use the proxy key (or `master_key`) in `OPENAI_API_KEY`.
+- LiteLLM's OpenAI-compatible endpoint accepts the same request format as OpenAI, so OpenClaude works without any code changes.
+- You can switch between any provider configured in LiteLLM by simply changing the `OPENAI_MODEL` value — no need to reconfigure OpenClaude.
+
+## 5. Troubleshooting
+
+| Issue | Likely Cause | Fix |
+|-------|--------------|-----|
+| 404 or Model Not Found | Model alias doesn't exist in LiteLLM config | Verify the `model_name` in `litellm_config.yaml` matches `OPENAI_MODEL` |
+| Connection Refused | LiteLLM proxy isn't running | Start the proxy with `litellm --config litellm_config.yaml --port 4000` |
+| Auth Failed | Missing or wrong `master_key` | Set the correct key in `OPENAI_API_KEY` |
+| Upstream provider error | The backend provider key is missing or invalid | Ensure the upstream API key (e.g., `OPENAI_API_KEY`) is set in your LiteLLM proxy process environment |
+| Tools fail but chat works | The selected model has weak function/tool calling support | Switch to a model with strong tool support (e.g., GPT-4o, Claude Sonnet) |
+
+## 6. Resources
+
+- [LiteLLM Proxy Docs](https://docs.litellm.ai/docs/proxy/quick_start)
+- [LiteLLM Provider List](https://docs.litellm.ai/docs/providers)
+- [LiteLLM OpenAI-Compatible Endpoints](https://docs.litellm.ai/docs/proxy/openai_compatible_proxy)
--- a/docs/non-technical-setup.md
+++ b/docs/non-technical-setup.md
@@ -0,0 +1,116 @@
+# OpenClaude for Non-Technical Users
+
+This guide is for people who want the easiest setup path.
+
+You do not need to build from source. You do not need Bun. You do not need to understand the full codebase.
+
+If you can copy and paste commands into a terminal, you can set this up.
+
+## What OpenClaude Does
+
+OpenClaude lets you use an AI coding assistant with different model providers such as:
+
+- OpenAI
+- DeepSeek
+- Gemini
+- Ollama
+- Codex
+
+For most first-time users, OpenAI is the easiest option.
+
+## Before You Start
+
+You need:
+
+1. Node.js 20 or newer installed
+2. A terminal window
+3. An API key from your provider, unless you are using a local model like Ollama
+
+## Fastest Path
+
+1. Install OpenClaude with npm
+2. Set 3 environment variables
+3. Run `openclaude`
+
+## Choose Your Operating System
+
+- Windows: [Windows Quick Start](quick-start-windows.md)
+- macOS / Linux: [macOS / Linux Quick Start](quick-start-mac-linux.md)
+
+## Which Provider Should You Choose?
+
+### OpenAI
+
+Choose this if:
+
+- you want the easiest setup
+- you already have an OpenAI API key
+
+### Ollama
+
+Choose this if:
+
+- you want to run models locally
+- you do not want to depend on a cloud API for testing
+
+### Codex
+
+Choose this if:
+
+- you already use the Codex CLI
+- you already have Codex or ChatGPT auth configured
+
+## What Success Looks Like
+
+After you run `openclaude`, the CLI should start and wait for your prompt.
+
+At that point, you can ask it to:
+
+- explain code
+- edit files
+- run commands
+- review changes
+
+## Common Problems
+
+### `openclaude` command not found
+
+Cause:
+
+- npm installed the package, but your terminal has not refreshed yet
+
+Fix:
+
+1. Close the terminal
+2. Open a new terminal
+3. Run `openclaude` again
+
+### Invalid API key
+
+Cause:
+
+- the key is wrong, expired, or copied incorrectly
+
+Fix:
+
+1. Get a fresh key from your provider
+2. Paste it again carefully
+3. Re-run `openclaude`
+
+### Ollama not working
+
+Cause:
+
+- Ollama is not installed or not running
+
+Fix:
+
+1. Install Ollama from `https://ollama.com/download`
+2. Start Ollama
+3. Try again
+
+## Want More Control?
+
+If you want source builds, advanced provider profiles, diagnostics, or Bun-based workflows, use:
+
+- [Advanced Setup](advanced-setup.md)
--- a/docs/quick-start-mac-linux.md
+++ b/docs/quick-start-mac-linux.md
@@ -0,0 +1,143 @@
+# OpenClaude Quick Start for macOS and Linux
+
+This guide uses a standard shell such as Terminal, iTerm, bash, or zsh.
+
+## 1. Install Node.js
+
+Install Node.js 20 or newer from:
+
+- `https://nodejs.org/`
+
+Then check it:
+
+```bash
+node --version
+npm --version
+```
+
+## 2. Install OpenClaude
+
+```bash
+npm install -g @gitlawb/openclaude
+```
+
+## 3. Pick One Provider
+
+### Option A: OpenAI
+
+Replace `sk-your-key-here` with your real key.
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_API_KEY=sk-your-key-here
+export OPENAI_MODEL=gpt-4o
+
+openclaude
+```
+
+### Option B: DeepSeek
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_API_KEY=sk-your-key-here
+export OPENAI_BASE_URL=https://api.deepseek.com/v1
+export OPENAI_MODEL=deepseek-chat
+
+openclaude
+```
+
+### Option C: Ollama
+
+Install Ollama first from:
+
+- `https://ollama.com/download`
+
+Then run:
+
+```bash
+ollama pull llama3.1:8b
+
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_BASE_URL=http://localhost:11434/v1
+export OPENAI_MODEL=llama3.1:8b
+
+openclaude
+```
+
+No API key is needed for Ollama local models.
+
+### Option D: LM Studio
+
+Install LM Studio first from:
+
+- `https://lmstudio.ai/`
+
+Then in LM Studio:
+
+1. Download a model (e.g., Llama 3.1 8B, Mistral 7B)
+2. Go to the "Developer" tab
+3. Select your model and enable the server via the toggle
+
+Then run:
+
+```bash
+export CLAUDE_CODE_USE_OPENAI=1
+export OPENAI_BASE_URL=http://localhost:1234/v1
+export OPENAI_MODEL=your-model-name
+# export OPENAI_API_KEY=lmstudio  # optional: some users need a dummy key
+
+openclaude
+```
+
+Replace `your-model-name` with the model name shown in LM Studio.
+
+No API key is needed for LM Studio local models (but uncomment the `OPENAI_API_KEY` line if you hit auth errors).
+
+## 4. If `openclaude` Is Not Found
+
+Close the terminal, open a new one, and try again:
+
+```bash
+openclaude
+```
+
+## 5. If Your Provider Fails
+
+Check the basics:
+
+### For OpenAI or DeepSeek
+
+- make sure the key is real
+- make sure you copied it fully
+
+### For Ollama
+
+- make sure Ollama is installed
+- make sure Ollama is running
+- make sure the model was pulled successfully
+
+### For LM Studio
+
+- make sure LM Studio is installed
+- make sure LM Studio is running
+- make sure the server is enabled (toggle on in the "Developer" tab)
+- make sure a model is loaded in LM Studio
+- make sure the model name matches what you set in `OPENAI_MODEL`
+
+## 6. Updating OpenClaude
+
+```bash
+npm install -g @gitlawb/openclaude@latest
+```
+
+## 7. Uninstalling OpenClaude
+
+```bash
+npm uninstall -g @gitlawb/openclaude
+```
+
+## Need Advanced Setup?
+
+Use:
+
+- [Advanced Setup](advanced-setup.md)
--- a/docs/quick-start-windows.md
+++ b/docs/quick-start-windows.md
@@ -0,0 +1,143 @@
+# OpenClaude Quick Start for Windows
+
+This guide uses Windows PowerShell.
+
+## 1. Install Node.js
+
+Install Node.js 20 or newer from:
+
+- `https://nodejs.org/`
+
+Then open PowerShell and check it:
+
+```powershell
+node --version
+npm --version
+```
+
+## 2. Install OpenClaude
+
+```powershell
+npm install -g @gitlawb/openclaude
+```
+
+## 3. Pick One Provider
+
+### Option A: OpenAI
+
+Replace `sk-your-key-here` with your real key.
+
+```powershell
+$env:CLAUDE_CODE_USE_OPENAI="1"
+$env:OPENAI_API_KEY="sk-your-key-here"
+$env:OPENAI_MODEL="gpt-4o"
+
+openclaude
+```
+
+### Option B: DeepSeek
+
+```powershell
+$env:CLAUDE_CODE_USE_OPENAI="1"
+$env:OPENAI_API_KEY="sk-your-key-here"
+$env:OPENAI_BASE_URL="https://api.deepseek.com/v1"
+$env:OPENAI_MODEL="deepseek-chat"
+
+openclaude
+```
+
+### Option C: Ollama
+
+Install Ollama first from:
+
+- `https://ollama.com/download/windows`
+
+Then run:
+
+```powershell
+ollama pull llama3.1:8b
+
+$env:CLAUDE_CODE_USE_OPENAI="1"
+$env:OPENAI_BASE_URL="http://localhost:11434/v1"
+$env:OPENAI_MODEL="llama3.1:8b"
+
+openclaude
+```
+
+No API key is needed for Ollama local models.
+
+### Option D: LM Studio
+
+Install LM Studio first from:
+
+- `https://lmstudio.ai/`
+
+Then in LM Studio:
+
+1. Download a model (e.g., Llama 3.1 8B, Mistral 7B)
+2. Go to the "Developer" tab
+3. Select your model and enable the server via the toggle
+
+Then run:
+
+```powershell
+$env:CLAUDE_CODE_USE_OPENAI="1"
+$env:OPENAI_BASE_URL="http://localhost:1234/v1"
+$env:OPENAI_MODEL="your-model-name"
+# $env:OPENAI_API_KEY="lmstudio"  # optional: some users need a dummy key
+
+openclaude
+```
+
+Replace `your-model-name` with the model name shown in LM Studio.
+
+No API key is needed for LM Studio local models (but uncomment the `OPENAI_API_KEY` line if you hit auth errors).
+
+## 4. If `openclaude` Is Not Found
+
+Close PowerShell, open a new one, and try again:
+
+```powershell
+openclaude
+```
+
+## 5. If Your Provider Fails
+
+Check the basics:
+
+### For OpenAI or DeepSeek
+
+- make sure the key is real
+- make sure you copied it fully
+
+### For Ollama
+
+- make sure Ollama is installed
+- make sure Ollama is running
+- make sure the model was pulled successfully
+
+### For LM Studio
+
+- make sure LM Studio is installed
+- make sure LM Studio is running
+- make sure the server is enabled (toggle on in the "Developer" tab)
+- make sure a model is loaded in LM Studio
+- make sure the model name matches what you set in `OPENAI_MODEL`
+
+## 6. Updating OpenClaude
+
+```powershell
+npm install -g @gitlawb/openclaude@latest
+```
+
+## 7. Uninstalling OpenClaude
+
+```powershell
+npm uninstall -g @gitlawb/openclaude
+```
+
+## Need Advanced Setup?
+
+Use:
+
+- [Advanced Setup](advanced-setup.md)
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@gitlawb/openclaude",
-  "version": "0.1.6",
+  "version": "0.1.8",
  "description": "Claude Code opened to any LLM — OpenAI, Gemini, DeepSeek, Ollama, and 200+ models",
  "type": "module",
  "bin": {
@@ -21,6 +21,7 @@
    "dev:gemini": "bun run scripts/provider-launch.ts gemini",
    "dev:ollama": "bun run scripts/provider-launch.ts ollama",
    "dev:ollama:fast": "bun run scripts/provider-launch.ts ollama --fast --bare",
+    "dev:atomic-chat": "bun run scripts/provider-launch.ts atomic-chat",
    "profile:init": "bun run scripts/provider-bootstrap.ts",
    "profile:recommend": "bun run scripts/provider-recommend.ts",
    "profile:auto": "bun run scripts/provider-recommend.ts --apply",
@@ -29,10 +30,18 @@
    "profile:code": "bun run profile:init -- --provider ollama --model qwen2.5-coder:7b",
    "dev:fast": "bun run profile:fast && bun run dev:ollama:fast",
    "dev:code": "bun run profile:code && bun run dev:profile",
+    "dev:grpc": "bun run scripts/start-grpc.ts",
+    "dev:grpc:cli": "bun run scripts/grpc-cli.ts",
    "start": "node dist/cli.mjs",
-    "test:provider-recommendation": "node --test --experimental-strip-types src/utils/providerRecommendation.test.ts src/utils/providerProfile.test.ts",
+    "test": "bun test",
+    "test:coverage": "bun test --coverage --coverage-reporter=lcov --coverage-dir=coverage --max-concurrency=1 && bun run scripts/render-coverage-heatmap.ts",
+    "test:coverage:ui": "bun run scripts/render-coverage-heatmap.ts",
+    "security:pr-scan": "bun run scripts/pr-intent-scan.ts",
+    "test:provider-recommendation": "bun test src/utils/providerRecommendation.test.ts src/utils/providerProfile.test.ts",
    "typecheck": "tsc --noEmit",
    "smoke": "bun run build && node dist/cli.mjs --version",
+    "verify:privacy": "bun run scripts/verify-no-phone-home.ts",
+    "build:verified": "bun run build && bun run verify:privacy",
    "test:provider": "bun test src/services/api/*.test.ts src/utils/context.test.ts",
    "doctor:runtime": "bun run scripts/system-check.ts",
    "doctor:runtime:json": "bun run scripts/system-check.ts --json",
@@ -42,82 +51,89 @@
    "prepack": "npm run build"
  },
  "dependencies": {
-    "@alcalzone/ansi-tokenize": "^0.3.0",
-    "@anthropic-ai/bedrock-sdk": "^0.26.0",
-    "@anthropic-ai/foundry-sdk": "^0.2.0",
-    "@anthropic-ai/sandbox-runtime": "^0.0.46",
-    "@anthropic-ai/sdk": "^0.81.0",
-    "@anthropic-ai/vertex-sdk": "^0.14.0",
-    "@commander-js/extra-typings": "^12.0.0",
-    "@growthbook/growthbook": "^1.3.0",
-    "@modelcontextprotocol/sdk": "^1.12.0",
-    "@opentelemetry/api": "^1.9.1",
-    "@opentelemetry/api-logs": "^0.214.0",
-    "@opentelemetry/core": "^2.6.1",
-    "@opentelemetry/exporter-logs-otlp-http": "^0.214.0",
-    "@opentelemetry/exporter-trace-otlp-grpc": "^0.57.0",
-    "@opentelemetry/resources": "^2.6.1",
-    "@opentelemetry/sdk-logs": "^0.214.0",
-    "@opentelemetry/sdk-metrics": "^2.6.1",
-    "@opentelemetry/sdk-trace-base": "^2.6.1",
-    "@opentelemetry/sdk-trace-node": "^2.6.1",
-    "@opentelemetry/semantic-conventions": "^1.40.0",
-    "ajv": "^8.17.0",
-    "auto-bind": "^5.0.1",
-    "axios": "^1.14.0",
-    "bidi-js": "^1.0.3",
-    "chalk": "^5.4.0",
-    "chokidar": "^4.0.0",
-    "cli-boxes": "^3.0.0",
-    "cli-highlight": "^2.1.0",
-    "code-excerpt": "^4.0.0",
-    "commander": "^12.0.0",
-    "diff": "^7.0.0",
-    "emoji-regex": "^10.4.0",
-    "env-paths": "^3.0.0",
-    "execa": "^9.5.0",
-    "fflate": "^0.8.2",
-    "figures": "^6.1.0",
-    "fuse.js": "^7.1.0",
-    "get-east-asian-width": "^1.3.0",
-    "google-auth-library": "^9.15.0",
-    "https-proxy-agent": "^7.0.6",
-    "ignore": "^7.0.0",
-    "indent-string": "^5.0.0",
-    "jsonc-parser": "^3.3.1",
-    "lodash-es": "^4.17.21",
-    "lru-cache": "^11.0.0",
-    "marked": "^15.0.0",
-    "p-map": "^7.0.3",
-    "picomatch": "^4.0.0",
-    "proper-lockfile": "^4.1.2",
-    "qrcode": "^1.5.4",
-    "react": "^19.2.4",
-    "react-compiler-runtime": "^1.0.0",
-    "react-reconciler": "^0.33.0",
-    "semver": "^7.6.3",
-    "shell-quote": "^1.8.2",
-    "signal-exit": "^4.1.0",
-    "stack-utils": "^2.0.6",
-    "strip-ansi": "^7.1.0",
-    "supports-hyperlinks": "^3.1.0",
-    "tree-kill": "^1.2.2",
-    "turndown": "^7.2.0",
-    "type-fest": "^4.30.0",
-    "undici": "^7.3.0",
-    "usehooks-ts": "^3.1.1",
-    "vscode-languageserver-protocol": "^3.17.5",
-    "wrap-ansi": "^9.0.0",
-    "ws": "^8.18.0",
-    "xss": "^1.0.15",
-    "yaml": "^2.7.0",
-    "zod": "^3.24.0"
+    "@alcalzone/ansi-tokenize": "0.3.0",
+    "@anthropic-ai/bedrock-sdk": "0.26.4",
+    "@anthropic-ai/foundry-sdk": "0.2.3",
+    "@anthropic-ai/sandbox-runtime": "0.0.46",
+    "@anthropic-ai/sdk": "0.81.0",
+    "@anthropic-ai/vertex-sdk": "0.14.4",
+    "@commander-js/extra-typings": "12.1.0",
+    "@growthbook/growthbook": "1.6.5",
+    "@grpc/grpc-js": "^1.14.3",
+    "@grpc/proto-loader": "^0.8.0",
+    "@mendable/firecrawl-js": "4.18.1",
+    "@modelcontextprotocol/sdk": "1.29.0",
+    "@opentelemetry/api": "1.9.1",
+    "@opentelemetry/api-logs": "0.214.0",
+    "@opentelemetry/core": "2.6.1",
+    "@opentelemetry/exporter-logs-otlp-http": "0.214.0",
+    "@opentelemetry/exporter-trace-otlp-grpc": "0.57.2",
+    "@opentelemetry/resources": "2.6.1",
+    "@opentelemetry/sdk-logs": "0.214.0",
+    "@opentelemetry/sdk-metrics": "2.6.1",
+    "@opentelemetry/sdk-trace-base": "2.6.1",
+    "@opentelemetry/sdk-trace-node": "2.6.1",
+    "@opentelemetry/semantic-conventions": "1.40.0",
+    "ajv": "8.18.0",
+    "auto-bind": "5.0.1",
+    "axios": "1.14.0",
+    "bidi-js": "1.0.3",
+    "chalk": "5.6.2",
+    "chokidar": "4.0.3",
+    "cli-boxes": "3.0.0",
+    "cli-highlight": "2.1.11",
+    "code-excerpt": "4.0.0",
+    "commander": "12.1.0",
+    "cross-spawn": "7.0.6",
+    "diff": "8.0.3",
+    "duck-duck-scrape": "^2.2.7",
+    "emoji-regex": "10.6.0",
+    "env-paths": "3.0.0",
+    "execa": "9.6.1",
+    "fflate": "0.8.2",
+    "figures": "6.1.0",
+    "fuse.js": "7.1.0",
+    "get-east-asian-width": "1.5.0",
+    "google-auth-library": "9.15.1",
+    "https-proxy-agent": "7.0.6",
+    "ignore": "7.0.5",
+    "indent-string": "5.0.0",
+    "jsonc-parser": "3.3.1",
+    "lodash-es": "4.18.1",
+    "lru-cache": "11.2.7",
+    "marked": "15.0.12",
+    "p-map": "7.0.4",
+    "picomatch": "4.0.4",
+    "proper-lockfile": "4.1.2",
+    "qrcode": "1.5.4",
+    "react": "19.2.4",
+    "react-compiler-runtime": "1.0.0",
+    "react-reconciler": "0.33.0",
+    "semver": "7.7.4",
+    "sharp": "^0.34.5",
+    "shell-quote": "1.8.3",
+    "signal-exit": "4.1.0",
+    "stack-utils": "2.0.6",
+    "strip-ansi": "7.2.0",
+    "supports-hyperlinks": "3.2.0",
+    "tree-kill": "1.2.2",
+    "turndown": "7.2.2",
+    "type-fest": "4.41.0",
+    "undici": "7.24.6",
+    "usehooks-ts": "3.1.1",
+    "vscode-languageserver-protocol": "3.17.5",
+    "wrap-ansi": "9.0.2",
+    "ws": "8.20.0",
+    "xss": "1.0.15",
+    "yaml": "2.8.3",
+    "zod": "3.25.76"
  },
  "devDependencies": {
-    "@types/bun": "^1.2.0",
-    "@types/node": "^25.5.0",
-    "@types/react": "^19.2.14",
-    "typescript": "^5.7.0"
+    "@types/bun": "1.3.11",
+    "@types/node": "25.5.0",
+    "@types/react": "19.2.14",
+    "tsx": "^4.21.0",
+    "typescript": "5.9.3"
  },
  "engines": {
    "node": ">=20.0.0"
@@ -136,8 +152,11 @@
    "ollama",
    "gemini"
  ],
-  "license": "MIT",
+  "license": "SEE LICENSE FILE",
  "publishConfig": {
    "access": "public"
+  },
+  "overrides": {
+    "lodash-es": "4.18.1"
  }
 }
--- a/python/init.py
+++ b/python/init.py
@@ -0,0 +1 @@
+# Python helper package for standalone provider-side utilities.
--- a/python/atomic_chat_provider.py
+++ b/python/atomic_chat_provider.py
@@ -0,0 +1,146 @@
+"""
+atomic_chat_provider.py
+-----------------------
+Adds native Atomic Chat support to openclaude.
+Lets Claude Code route requests to any locally-running model via
+Atomic Chat (Apple Silicon only) at 127.0.0.1:1337.
+
+Atomic Chat exposes an OpenAI-compatible API, so messages are forwarded
+directly without translation.
+
+Usage (.env):
+    PREFERRED_PROVIDER=atomic-chat
+    ATOMIC_CHAT_BASE_URL=http://127.0.0.1:1337
+"""
+
+import httpx
+import json
+import logging
+import os
+from typing import AsyncIterator
+
+logger = logging.getLogger(__name__)
+ATOMIC_CHAT_BASE_URL = os.getenv("ATOMIC_CHAT_BASE_URL", "http://127.0.0.1:1337")
+
+
+def _api_url(path: str) -> str:
+    return f"{ATOMIC_CHAT_BASE_URL}/v1{path}"
+
+
+async def check_atomic_chat_running() -> bool:
+    try:
+        async with httpx.AsyncClient(timeout=3.0) as client:
+            resp = await client.get(_api_url("/models"))
+            return resp.status_code == 200
+    except Exception:
+        return False
+
+
+async def list_atomic_chat_models() -> list[str]:
+    try:
+        async with httpx.AsyncClient(timeout=5.0) as client:
+            resp = await client.get(_api_url("/models"))
+            resp.raise_for_status()
+            data = resp.json()
+            return [m["id"] for m in data.get("data", [])]
+    except Exception as e:
+        logger.warning(f"Could not list Atomic Chat models: {e}")
+        return []
+
+
+async def atomic_chat(
+    model: str,
+    messages: list[dict],
+    system: str | None = None,
+    max_tokens: int = 4096,
+    temperature: float = 1.0,
+) -> dict:
+    chat_messages = list(messages)
+    if system:
+        chat_messages.insert(0, {"role": "system", "content": system})
+
+    payload = {
+        "model": model,
+        "messages": chat_messages,
+        "max_tokens": max_tokens,
+        "temperature": temperature,
+        "stream": False,
+    }
+
+    async with httpx.AsyncClient(timeout=120.0) as client:
+        resp = await client.post(_api_url("/chat/completions"), json=payload)
+        resp.raise_for_status()
+        data = resp.json()
+
+    choice = data.get("choices", [{}])[0]
+    assistant_text = choice.get("message", {}).get("content", "")
+    usage = data.get("usage", {})
+
+    return {
+        "id": data.get("id", "msg_atomic_chat"),
+        "type": "message",
+        "role": "assistant",
+        "content": [{"type": "text", "text": assistant_text}],
+        "model": model,
+        "stop_reason": "end_turn",
+        "stop_sequence": None,
+        "usage": {
+            "input_tokens": usage.get("prompt_tokens", 0),
+            "output_tokens": usage.get("completion_tokens", 0),
+        },
+    }
+
+
+async def atomic_chat_stream(
+    model: str,
+    messages: list[dict],
+    system: str | None = None,
+    max_tokens: int = 4096,
+    temperature: float = 1.0,
+) -> AsyncIterator[str]:
+    chat_messages = list(messages)
+    if system:
+        chat_messages.insert(0, {"role": "system", "content": system})
+
+    payload = {
+        "model": model,
+        "messages": chat_messages,
+        "max_tokens": max_tokens,
+        "temperature": temperature,
+        "stream": True,
+    }
+
+    yield "event: message_start\n"
+    yield f'data: {json.dumps({"type": "message_start", "message": {"id": "msg_atomic_chat_stream", "type": "message", "role": "assistant", "content": [], "model": model, "stop_reason": None, "usage": {"input_tokens": 0, "output_tokens": 0}}})}\n\n'
+    yield "event: content_block_start\n"
+    yield f'data: {json.dumps({"type": "content_block_start", "index": 0, "content_block": {"type": "text", "text": ""}})}\n\n'
+
+    async with httpx.AsyncClient(timeout=120.0) as client:
+        async with client.stream("POST", _api_url("/chat/completions"), json=payload) as resp:
+            resp.raise_for_status()
+            async for line in resp.aiter_lines():
+                if not line or not line.startswith("data: "):
+                    continue
+                raw = line[len("data: "):]
+                if raw.strip() == "[DONE]":
+                    break
+                try:
+                    chunk = json.loads(raw)
+                    delta = chunk.get("choices", [{}])[0].get("delta", {})
+                    delta_text = delta.get("content", "")
+                    if delta_text:
+                        yield "event: content_block_delta\n"
+                        yield f'data: {json.dumps({"type": "content_block_delta", "index": 0, "delta": {"type": "text_delta", "text": delta_text}})}\n\n'
+
+                    finish_reason = chunk.get("choices", [{}])[0].get("finish_reason")
+                    if finish_reason:
+                        usage = chunk.get("usage", {})
+                        yield "event: content_block_stop\n"
+                        yield f'data: {json.dumps({"type": "content_block_stop", "index": 0})}\n\n'
+                        yield "event: message_delta\n"
+                        yield f'data: {json.dumps({"type": "message_delta", "delta": {"stop_reason": "end_turn", "stop_sequence": None}, "usage": {"output_tokens": usage.get("completion_tokens", 0)}})}\n\n'
+                        yield "event: message_stop\n"
+                        yield f'data: {json.dumps({"type": "message_stop"})}\n\n'
+                        break
+                except json.JSONDecodeError:
+                    continue
--- a/python/ollama_provider.py
+++ b/python/ollama_provider.py
@@ -49,6 +49,18 @@ def normalize_ollama_model(model_name: str) -> str:
    return model_name


+def _extract_ollama_image_data(block: dict) -> str | None:
+    source = block.get("source")
+    if not isinstance(source, dict):
+        return None
+    if source.get("type") != "base64":
+        return None
+    data = source.get("data")
+    if isinstance(data, str) and data:
+        return data
+    return None
+
+
 def anthropic_to_ollama_messages(messages: list[dict]) -> list[dict]:
    ollama_messages = []
    for msg in messages:
@@ -58,15 +70,23 @@ def anthropic_to_ollama_messages(messages: list[dict]) -> list[dict]:
            ollama_messages.append({"role": role, "content": content})
        elif isinstance(content, list):
            text_parts = []
+            image_parts = []
            for block in content:
                if isinstance(block, dict):
                    if block.get("type") == "text":
                        text_parts.append(block.get("text", ""))
                    elif block.get("type") == "image":
-                        text_parts.append("[image]")
+                        image_data = _extract_ollama_image_data(block)
+                        if image_data:
+                            image_parts.append(image_data)
+                        else:
+                            text_parts.append("[image]")
                elif isinstance(block, str):
                    text_parts.append(block)
-            ollama_messages.append({"role": role, "content": "\n".join(text_parts)})
+            ollama_message = {"role": role, "content": "\n".join(text_parts)}
+            if image_parts:
+                ollama_message["images"] = image_parts
+            ollama_messages.append(ollama_message)
    return ollama_messages


--- a/python/smart_router.py
+++ b/python/smart_router.py
@@ -57,8 +57,8 @@ class Provider:
    @property
    def is_configured(self) -> bool:
        """True if the provider has an API key set."""
-        if self.name == "ollama":
-            return True  # Ollama needs no API key
+        if self.name in ("ollama", "atomic-chat"):
+            return True  # Local providers need no API key
        return bool(self.api_key)

    @property
@@ -93,6 +93,7 @@ def build_default_providers() -> list[Provider]:
    big = os.getenv("BIG_MODEL", "gpt-4.1")
    small = os.getenv("SMALL_MODEL", "gpt-4.1-mini")
    ollama_url = os.getenv("OLLAMA_BASE_URL", "http://localhost:11434")
+    atomic_chat_url = os.getenv("ATOMIC_CHAT_BASE_URL", "http://127.0.0.1:1337")

    return [
        Provider(
@@ -119,6 +120,14 @@ def build_default_providers() -> list[Provider]:
            big_model=big if "gemini" not in big and "gpt" not in big else "llama3:8b",
            small_model=small if "gemini" not in small and "gpt" not in small else "llama3:8b",
        ),
+        Provider(
+            name="atomic-chat",
+            ping_url=f"{atomic_chat_url}/v1/models",
+            api_key_env="",
+            cost_per_1k_tokens=0.0,   # free — local (Apple Silicon)
+            big_model=big if "gemini" not in big and "gpt" not in big else "llama3:8b",
+            small_model=small if "gemini" not in small and "gpt" not in small else "llama3:8b",
+        ),
    ]


@@ -219,9 +228,14 @@ class SmartRouter:
        return min(available, key=lambda p: p.score(self.strategy))

    def get_model_for_provider(
-        self, provider: Provider, claude_model: str
+        self,
+        provider: Provider,
+        claude_model: str,
+        is_large_request: bool = False,
    ) -> str:
        """Map a Claude model name to the provider's actual model."""
+        if is_large_request:
+            return provider.big_model
        is_large = any(
            keyword in claude_model.lower()
            for keyword in ["opus", "sonnet", "large", "big"]
@@ -280,7 +294,11 @@ class SmartRouter:
            )

        provider = min(available, key=lambda p: p.score(self.strategy))
-        model = self.get_model_for_provider(provider, claude_model)
+        model = self.get_model_for_provider(
+            provider,
+            claude_model,
+            is_large_request=large,
+        )

        logger.debug(
            f"SmartRouter: routing to {provider.name}/{model} "
--- a/python/tests/init.py
+++ b/python/tests/init.py
@@ -0,0 +1 @@
+# Pytest package marker for the Python helper test suite.
--- a/python/tests/conftest.py
+++ b/python/tests/conftest.py
@@ -0,0 +1,5 @@
+from pathlib import Path
+import sys
+
+# Make the sibling `python/` helper modules importable from this test package.
+sys.path.insert(0, str(Path(__file__).resolve().parents[1]))
--- a/python/tests/test_atomic_chat_provider.py
+++ b/python/tests/test_atomic_chat_provider.py
@@ -0,0 +1,130 @@
+"""
+test_atomic_chat_provider.py
+Run: pytest python/tests/test_atomic_chat_provider.py -v
+"""
+
+import pytest
+from unittest.mock import AsyncMock, MagicMock, patch
+from atomic_chat_provider import (
+    atomic_chat,
+    list_atomic_chat_models,
+    check_atomic_chat_running,
+)
+
+
+@pytest.mark.asyncio
+async def test_atomic_chat_running_true():
+    mock_response = MagicMock()
+    mock_response.status_code = 200
+    with patch("atomic_chat_provider.httpx.AsyncClient") as MockClient:
+        MockClient.return_value.__aenter__.return_value.get = AsyncMock(return_value=mock_response)
+        result = await check_atomic_chat_running()
+    assert result is True
+
+
+@pytest.mark.asyncio
+async def test_atomic_chat_running_false_on_exception():
+    with patch("atomic_chat_provider.httpx.AsyncClient") as MockClient:
+        MockClient.return_value.__aenter__.return_value.get = AsyncMock(side_effect=Exception("refused"))
+        result = await check_atomic_chat_running()
+    assert result is False
+
+
+@pytest.mark.asyncio
+async def test_list_models_returns_ids():
+    mock_response = MagicMock()
+    mock_response.status_code = 200
+    mock_response.json.return_value = {
+        "data": [{"id": "llama-3.1-8b"}, {"id": "mistral-7b"}],
+    }
+    mock_response.raise_for_status = MagicMock()
+    with patch("atomic_chat_provider.httpx.AsyncClient") as MockClient:
+        MockClient.return_value.__aenter__.return_value.get = AsyncMock(return_value=mock_response)
+        models = await list_atomic_chat_models()
+    assert "llama-3.1-8b" in models
+    assert "mistral-7b" in models
+
+
+@pytest.mark.asyncio
+async def test_list_models_empty_on_failure():
+    with patch("atomic_chat_provider.httpx.AsyncClient") as MockClient:
+        MockClient.return_value.__aenter__.return_value.get = AsyncMock(side_effect=Exception("down"))
+        models = await list_atomic_chat_models()
+    assert models == []
+
+
+@pytest.mark.asyncio
+async def test_atomic_chat_returns_anthropic_format():
+    mock_response = MagicMock()
+    mock_response.raise_for_status = MagicMock()
+    mock_response.json.return_value = {
+        "id": "chatcmpl-abc123",
+        "choices": [{"message": {"content": "42 is the answer."}}],
+        "usage": {"prompt_tokens": 10, "completion_tokens": 8},
+    }
+    with patch("atomic_chat_provider.httpx.AsyncClient") as MockClient:
+        MockClient.return_value.__aenter__.return_value.post = AsyncMock(return_value=mock_response)
+        result = await atomic_chat(
+            model="llama-3.1-8b",
+            messages=[{"role": "user", "content": "What is 6*7?"}],
+        )
+    assert result["type"] == "message"
+    assert result["role"] == "assistant"
+    assert "42" in result["content"][0]["text"]
+    assert result["usage"]["input_tokens"] == 10
+    assert result["usage"]["output_tokens"] == 8
+
+
+@pytest.mark.asyncio
+async def test_atomic_chat_prepends_system():
+    captured = {}
+
+    async def mock_post(url, json=None, **kwargs):
+        captured.update(json or {})
+        m = MagicMock()
+        m.raise_for_status = MagicMock()
+        m.json.return_value = {
+            "id": "chatcmpl-xyz",
+            "choices": [{"message": {"content": "ok"}}],
+            "usage": {"prompt_tokens": 1, "completion_tokens": 1},
+        }
+        return m
+
+    with patch("atomic_chat_provider.httpx.AsyncClient") as MockClient:
+        MockClient.return_value.__aenter__.return_value.post = mock_post
+        await atomic_chat(
+            model="llama-3.1-8b",
+            messages=[{"role": "user", "content": "Hi"}],
+            system="Be helpful.",
+        )
+    assert captured["messages"][0]["role"] == "system"
+    assert "helpful" in captured["messages"][0]["content"]
+
+
+@pytest.mark.asyncio
+async def test_atomic_chat_sends_correct_payload():
+    captured = {}
+
+    async def mock_post(url, json=None, **kwargs):
+        captured.update(json or {})
+        m = MagicMock()
+        m.raise_for_status = MagicMock()
+        m.json.return_value = {
+            "id": "chatcmpl-xyz",
+            "choices": [{"message": {"content": "ok"}}],
+            "usage": {"prompt_tokens": 1, "completion_tokens": 1},
+        }
+        return m
+
+    with patch("atomic_chat_provider.httpx.AsyncClient") as MockClient:
+        MockClient.return_value.__aenter__.return_value.post = mock_post
+        await atomic_chat(
+            model="test-model",
+            messages=[{"role": "user", "content": "Test"}],
+            max_tokens=2048,
+            temperature=0.5,
+        )
+    assert captured["model"] == "test-model"
+    assert captured["max_tokens"] == 2048
+    assert captured["temperature"] == 0.5
+    assert captured["stream"] is False
--- a/python/tests/test_ollama_provider.py
+++ b/python/tests/test_ollama_provider.py
@@ -1,6 +1,6 @@
 """
 test_ollama_provider.py
-Run: pytest test_ollama_provider.py -v
+Run: pytest python/tests/test_ollama_provider.py -v
 """

 import pytest
@@ -13,31 +13,57 @@ from ollama_provider import (
    check_ollama_running,
 )

+
 def test_normalize_strips_prefix():
    assert normalize_ollama_model("ollama/llama3:8b") == "llama3:8b"

+
 def test_normalize_no_prefix():
    assert normalize_ollama_model("codellama:34b") == "codellama:34b"

+
 def test_normalize_empty():
    assert normalize_ollama_model("") == ""

+
 def test_converts_string_content():
    messages = [{"role": "user", "content": "Hello!"}]
    result = anthropic_to_ollama_messages(messages)
    assert result == [{"role": "user", "content": "Hello!"}]

+
 def test_converts_text_block_list():
    messages = [{"role": "user", "content": [{"type": "text", "text": "What is Python?"}]}]
    result = anthropic_to_ollama_messages(messages)
    assert result[0]["content"] == "What is Python?"

+
 def test_converts_image_block_to_placeholder():
    messages = [{"role": "user", "content": [{"type": "image", "source": {}}, {"type": "text", "text": "Describe this"}]}]
    result = anthropic_to_ollama_messages(messages)
    assert "[image]" in result[0]["content"]
    assert "Describe this" in result[0]["content"]

+
+def test_converts_base64_image_block_to_ollama_images():
+    messages = [{
+        "role": "user",
+        "content": [
+            {
+                "type": "image",
+                "source": {
+                    "type": "base64",
+                    "media_type": "image/png",
+                    "data": "YWJjMTIz",
+                },
+            },
+            {"type": "text", "text": "Describe this"},
+        ],
+    }]
+    result = anthropic_to_ollama_messages(messages)
+    assert result[0]["images"] == ["YWJjMTIz"]
+    assert "Describe this" in result[0]["content"]
+
 def test_converts_multi_turn():
    messages = [
        {"role": "user", "content": "Hi"},
@@ -48,6 +74,7 @@ def test_converts_multi_turn():
    assert len(result) == 3
    assert result[1]["role"] == "assistant"

+
@pytest.mark.asyncio
 async def test_ollama_running_true():
    mock_response = MagicMock()
@@ -57,6 +84,7 @@ async def test_ollama_running_true():
        result = await check_ollama_running()
    assert result is True

+
@pytest.mark.asyncio
 async def test_ollama_running_false_on_exception():
    with patch("ollama_provider.httpx.AsyncClient") as MockClient:
@@ -64,6 +92,7 @@ async def test_ollama_running_false_on_exception():
        result = await check_ollama_running()
    assert result is False

+
@pytest.mark.asyncio
 async def test_list_models_returns_names():
    mock_response = MagicMock()
@@ -75,6 +104,7 @@ async def test_list_models_returns_names():
        models = await list_ollama_models()
    assert "llama3:8b" in models

+
@pytest.mark.asyncio
 async def test_ollama_chat_returns_anthropic_format():
    mock_response = MagicMock()
@@ -95,9 +125,11 @@ async def test_ollama_chat_returns_anthropic_format():
    assert result["role"] == "assistant"
    assert "42" in result["content"][0]["text"]

+
@pytest.mark.asyncio
 async def test_ollama_chat_prepends_system():
    captured = {}
+
    async def mock_post(url, json=None, **kwargs):
        captured.update(json or {})
        m = MagicMock()
@@ -114,7 +146,47 @@ async def test_ollama_chat_prepends_system():
        await ollama_chat(
            model="llama3:8b",
            messages=[{"role": "user", "content": "Hi"}],
-            system="Be helpful."
+            system="Be helpful.",
        )
    assert captured["messages"][0]["role"] == "system"
    assert "helpful" in captured["messages"][0]["content"]
+
+
+@pytest.mark.asyncio
+async def test_ollama_chat_includes_base64_images_in_payload():
+    captured = {}
+
+    async def mock_post(url, json=None, **kwargs):
+        captured.update(json or {})
+        m = MagicMock()
+        m.raise_for_status = MagicMock()
+        m.json.return_value = {
+            "message": {"content": "ok"},
+            "created_at": "",
+            "prompt_eval_count": 1,
+            "eval_count": 1,
+        }
+        return m
+
+    with patch("ollama_provider.httpx.AsyncClient") as MockClient:
+        MockClient.return_value.__aenter__.return_value.post = mock_post
+        await ollama_chat(
+            model="llama3:8b",
+            messages=[{
+                "role": "user",
+                "content": [
+                    {
+                        "type": "image",
+                        "source": {
+                            "type": "base64",
+                            "media_type": "image/jpeg",
+                            "data": "ZHVtbXk=",
+                        },
+                    },
+                    {"type": "text", "text": "What is in this image?"},
+                ],
+            }],
+        )
+
+    assert captured["messages"][0]["images"] == ["ZHVtbXk="]
+    assert "What is in this image?" in captured["messages"][0]["content"]
--- a/python/tests/test_smart_router.py
+++ b/python/tests/test_smart_router.py
@@ -2,7 +2,7 @@
 test_smart_router.py
 --------------------
 Tests for the SmartRouter.
-Run: pytest test_smart_router.py -v
+Run: pytest python/tests/test_smart_router.py -v
 """

 import pytest
@@ -13,6 +13,12 @@ from smart_router import SmartRouter, Provider

 # ── Fixtures ──────────────────────────────────────────────────────────────────

+
+@pytest.fixture(autouse=True)
+def fake_api_key(monkeypatch):
+    monkeypatch.setenv("FAKE_KEY", "test-key")
+
+
 def make_provider(name, healthy=True, configured=True,
                  latency=100.0, cost=0.002, errors=0, requests=0):
    p = Provider(
@@ -28,7 +34,7 @@ def make_provider(name, healthy=True, configured=True,
    p.error_count = errors
    p.request_count = requests
    if not configured:
-        p.api_key_env = ""  # makes is_configured False for non-ollama
+        p.api_key_env = ""  # makes is_configured False for non-local providers
    return p


@@ -122,6 +128,13 @@ def test_get_model_large_request():
    assert model == "openai-big"


+def test_get_model_large_message_overrides_claude_label():
+    p = make_provider("openai")
+    r = make_router()
+    model = r.get_model_for_provider(p, "claude-haiku", is_large_request=True)
+    assert model == "openai-big"
+
+
 def test_get_model_small_request():
    p = make_provider("openai")
    r = make_router()
@@ -140,6 +153,16 @@ async def test_route_returns_best_provider():
    assert result["provider"] == "cheap"


+@pytest.mark.asyncio
+async def test_route_uses_big_model_for_large_message_bodies():
+    p = make_provider("openai")
+    r = make_router(providers=[p])
+    result = await r.route([
+        {"role": "user", "content": "x" * 3001},
+    ], "claude-haiku")
+    assert result["model"] == "openai-big"
+
+
@pytest.mark.asyncio
 async def test_route_raises_when_no_providers():
    p = make_provider("a", healthy=False)
--- a/scripts/build.ts
+++ b/scripts/build.ts
@@ -3,18 +3,20 @@
 * distributable JS file using Bun's bundler.
 *
 * Handles:
- * - bun:bundle feature() flags → all false (disables internal-only features)
+ * - bun:bundle feature() flags for the open build
 * - MACRO.* globals → inlined version/build-time constants
 * - src/ path aliases
 */

 import { readFileSync } from 'fs'
+import { noTelemetryPlugin } from './no-telemetry-plugin'

 const pkg = JSON.parse(readFileSync('./package.json', 'utf-8'))
 const version = pkg.version

-// Feature flags — all disabled for the open build.
-// These gate Anthropic-internal features (voice, proactive, kairos, etc.)
+// Feature flags for the open build.
+// Most Anthropic-internal features stay off; open-build features can be
+// selectively enabled here when their full source exists in the mirror.
 const featureFlags: Record<string, boolean> = {
  VOICE_MODE: false,
  PROACTIVE: false,
@@ -36,7 +38,7 @@ const featureFlags: Record<string, boolean> = {
  TRANSCRIPT_CLASSIFIER: false,
  WEB_BROWSER_TOOL: false,
  MESSAGE_ACTIONS: false,
-  BUDDY: false,
+  BUDDY: true,
  CHICAGO_MCP: false,
  COWORKER_TYPE_TELEMETRY: false,
 }
@@ -64,6 +66,7 @@ const result = await Bun.build({
    'MACRO.NATIVE_PACKAGE_URL': 'undefined',
  },
  plugins: [
+    noTelemetryPlugin,
    {
      name: 'bun-bundle-shim',
      setup(build) {
@@ -108,7 +111,7 @@ export async function handleBgFlag() { throw new Error("Background sessions are
        build.onLoad(
          { filter: /.*/, namespace: 'bun-bundle-shim' },
          () => ({
-            contents: `export function feature(name) { return false; }`,
+            contents: `const featureFlags = ${JSON.stringify(featureFlags)};\nexport function feature(name) { return featureFlags[name] ?? false; }`,
            loader: 'js',
          }),
        )
@@ -156,7 +159,6 @@ export async function handleBgFlag() { throw new Error("Background sessions are
          'modifiers-napi',
          'url-handler-napi',
          'color-diff-napi',
-          'sharp',
          '@anthropic-ai/mcpb',
          '@ant/claude-for-chrome-mcp',
          '@anthropic-ai/sandbox-runtime',
@@ -249,6 +251,103 @@ export const SeverityNumber = {};
            loader: 'js',
          }),
        )
+
+        // Pre-scan: find all missing modules that need stubbing
+        // (Bun's onResolve corrupts module graph even when returning null,
+        //  so we use exact-match resolvers instead of catch-all patterns)
+        const fs = require('fs')
+        const pathMod = require('path')
+        const srcDir = pathMod.resolve(__dirname, '..', 'src')
+        const missingModules = new Set<string>()
+        const missingModuleExports = new Map<string, Set<string>>()
+
+        // Known missing external packages
+        for (const pkg of [
+          '@ant/computer-use-mcp',
+          '@ant/computer-use-mcp/sentinelApps',
+          '@ant/computer-use-mcp/types',
+          '@ant/computer-use-swift',
+          '@ant/computer-use-input',
+        ]) {
+          missingModules.add(pkg)
+        }
+
+        // Scan source to find imports that can't resolve
+        function scanForMissingImports() {
+          function walk(dir: string) {
+            for (const ent of fs.readdirSync(dir, { withFileTypes: true })) {
+              const full = pathMod.join(dir, ent.name)
+              if (ent.isDirectory()) { walk(full); continue }
+              if (!/\.(ts|tsx)$/.test(ent.name)) continue
+              const code: string = fs.readFileSync(full, 'utf-8')
+              // Collect all imports
+              for (const m of code.matchAll(/import\s+(?:\{([^}]*)\}|(\w+))?\s*(?:,\s*\{([^}]*)\})?\s*from\s+['"](.*?)['"]/g)) {
+                const specifier = m[4]
+                const namedPart = m[1] || m[3] || ''
+                const names = namedPart.split(',')
+                  .map((s: string) => s.trim().replace(/^type\s+/, ''))
+                  .filter((s: string) => s && !s.startsWith('type '))
+
+                // Check src/tasks/ non-relative imports
+                if (specifier.startsWith('src/tasks/')) {
+                  const resolved = pathMod.resolve(__dirname, '..', specifier)
+                  const candidates = [
+                    resolved,
+                    `${resolved}.ts`, `${resolved}.tsx`,
+                    resolved.replace(/\.js$/, '.ts'), resolved.replace(/\.js$/, '.tsx'),
+                    pathMod.join(resolved, 'index.ts'), pathMod.join(resolved, 'index.tsx'),
+                  ]
+                  if (!candidates.some((c: string) => fs.existsSync(c))) {
+                    missingModules.add(specifier)
+                  }
+                }
+                // Check relative .js imports
+                else if (specifier.endsWith('.js') && (specifier.startsWith('./') || specifier.startsWith('../'))) {
+                  const dir2 = pathMod.dirname(full)
+                  const resolved = pathMod.resolve(dir2, specifier)
+                  const tsVariant = resolved.replace(/\.js$/, '.ts')
+                  const tsxVariant = resolved.replace(/\.js$/, '.tsx')
+                  if (!fs.existsSync(resolved) && !fs.existsSync(tsVariant) && !fs.existsSync(tsxVariant)) {
+                    missingModules.add(specifier)
+                  }
+                }
+
+                // Track named exports for missing modules
+                if (names.length > 0) {
+                  if (!missingModuleExports.has(specifier)) missingModuleExports.set(specifier, new Set())
+                  for (const n of names) missingModuleExports.get(specifier)!.add(n)
+                }
+              }
+            }
+          }
+          walk(srcDir)
+        }
+        scanForMissingImports()
+
+        // Register exact-match resolvers for each missing module
+        for (const mod of missingModules) {
+          const escaped = mod.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
+          build.onResolve({ filter: new RegExp(`^${escaped}$`) }, () => ({
+            path: mod,
+            namespace: 'missing-module-stub',
+          }))
+        }
+
+        build.onLoad(
+          { filter: /.*/, namespace: 'missing-module-stub' },
+          (args) => {
+            const names = missingModuleExports.get(args.path) ?? new Set()
+            const exports = [...names].map(n => `export const ${n} = noop;`).join('\n')
+            return {
+              contents: `
+const noop = () => null;
+export default noop;
+${exports}
+`,
+              loader: 'js',
+            }
+          },
+        )
      },
    },
  ],
@@ -273,6 +372,8 @@ export const SeverityNumber = {};
    '@opentelemetry/sdk-logs',
    '@opentelemetry/sdk-metrics',
    '@opentelemetry/semantic-conventions',
+    // Native image processing
+    'sharp',
    // Cloud provider SDKs
    '@aws-sdk/client-bedrock',
    '@aws-sdk/client-bedrock-runtime',
--- a/scripts/grpc-cli.ts
+++ b/scripts/grpc-cli.ts
@@ -0,0 +1,121 @@
+import * as grpc from '@grpc/grpc-js'
+import * as protoLoader from '@grpc/proto-loader'
+import path from 'path'
+import * as readline from 'readline'
+
+const PROTO_PATH = path.resolve(import.meta.dirname, '../src/proto/openclaude.proto')
+
+const packageDefinition = protoLoader.loadSync(PROTO_PATH, {
+  keepCase: true,
+  longs: String,
+  enums: String,
+  defaults: true,
+  oneofs: true,
+})
+
+const protoDescriptor = grpc.loadPackageDefinition(packageDefinition) as any
+const openclaudeProto = protoDescriptor.openclaude.v1
+
+const rl = readline.createInterface({
+  input: process.stdin,
+  output: process.stdout
+})
+
+function askQuestion(query: string): Promise<string> {
+  return new Promise(resolve => {
+    rl.question(query, resolve)
+  })
+}
+
+async function main() {
+  const host = process.env.GRPC_HOST || 'localhost'
+  const port = process.env.GRPC_PORT || '50051'
+  const client = new openclaudeProto.AgentService(
+    `${host}:${port}`,
+    grpc.credentials.createInsecure()
+  )
+
+  let call: grpc.ClientDuplexStream<any, any> | null = null
+
+  const startStream = () => {
+    call = client.Chat()
+    let textStreamed = false
+
+    call.on('data', async (serverMessage: any) => {
+      if (serverMessage.text_chunk) {
+        process.stdout.write(serverMessage.text_chunk.text)
+        textStreamed = true
+      } else if (serverMessage.tool_start) {
+        console.log(`\n\x1b[36m[Tool Call]\x1b[0m \x1b[1m${serverMessage.tool_start.tool_name}\x1b[0m`)
+        console.log(`\x1b[90m${serverMessage.tool_start.arguments_json}\x1b[0m\n`)
+      } else if (serverMessage.tool_result) {
+        console.log(`\n\x1b[32m[Tool Result]\x1b[0m \x1b[1m${serverMessage.tool_result.tool_name}\x1b[0m`)
+        const out = serverMessage.tool_result.output
+        if (out.length > 500) {
+          console.log(`\x1b[90m${out.substring(0, 500)}...\n(Output truncated, total length: ${out.length})\x1b[0m`)
+        } else {
+          console.log(`\x1b[90m${out}\x1b[0m`)
+        }
+      } else if (serverMessage.action_required) {
+        const action = serverMessage.action_required
+        console.log(`\n\x1b[33m[Action Required]\x1b[0m`)
+        const reply = await askQuestion(`\x1b[1m${action.question}\x1b[0m (y/n) > `)
+        
+        call?.write({
+          input: {
+            prompt_id: action.prompt_id,
+            reply: reply.trim()
+          }
+        })
+      } else if (serverMessage.done) {
+        if (!textStreamed && serverMessage.done.full_text) {
+          process.stdout.write(serverMessage.done.full_text)
+        }
+        textStreamed = false
+        console.log('\n\x1b[32m[Generation Complete]\x1b[0m')
+        promptUser()
+      } else if (serverMessage.error) {
+        console.error(`\n\x1b[31m[Server Error]\x1b[0m ${serverMessage.error.message}`)
+        promptUser()
+      }
+    })
+
+    call.on('end', () => {
+      console.log('\n\x1b[90m[Stream closed by server]\x1b[0m')
+      // Don't prompt user here, let 'done' or 'error' handlers do it
+    })
+
+    call.on('error', (err: Error) => {
+      console.error('\n\x1b[31m[Stream Error]\x1b[0m', err.message)
+      promptUser()
+    })
+  }
+
+  const promptUser = async () => {
+    const message = await askQuestion('\n\x1b[35m> \x1b[0m')
+    
+    if (message.trim().toLowerCase() === '/exit' || message.trim().toLowerCase() === '/quit') {
+      console.log('Bye!')
+      rl.close()
+      process.exit(0)
+    }
+
+    if (!call || call.destroyed) {
+      startStream()
+    }
+
+    call!.write({
+      request: {
+        session_id: 'cli-session-1',
+        message: message,
+        working_directory: process.cwd()
+      }
+    })
+  }
+
+  console.log('\x1b[32mOpenClaude gRPC CLI\x1b[0m')
+  console.log('\x1b[90mType /exit to quit.\x1b[0m')
+  promptUser()
+}
+
+main()
--- a/scripts/no-telemetry-plugin.ts
+++ b/scripts/no-telemetry-plugin.ts
@@ -0,0 +1,286 @@
+/**
+ * No-Telemetry Build Plugin for OpenClaude
+ *
+ * Replaces all analytics, telemetry, and phone-home modules with no-op stubs
+ * at compile time. Zero runtime cost, zero network calls to Anthropic.
+ *
+ * This file is NOT tracked upstream — merge conflicts are impossible.
+ * Only build.ts needs a one-line import + one-line array entry.
+ *
+ * Kills:
+ *   - GrowthBook remote feature flags (api.anthropic.com)
+ *   - Datadog event intake
+ *   - 1P event logging (api.anthropic.com/api/event_logging/batch)
+ *   - BigQuery metrics exporter (api.anthropic.com/api/claude_code/metrics)
+ *   - Perfetto / OpenTelemetry session tracing
+ *   - Auto-updater (storage.googleapis.com, npm registry)
+ *   - Plugin fetch telemetry
+ *   - Transcript / feedback sharing
+ */
+
+import type { BunPlugin } from 'bun'
+
+// Module path (relative to src/, without extension) → stub source
+const stubs: Record<string, string> = {
+
+	// ─── Analytics core ─────────────────────────────────────────────
+
+	'services/analytics/index': `
+export function stripProtoFields(metadata) { return metadata; }
+export function attachAnalyticsSink() {}
+export function logEvent() {}
+export async function logEventAsync() {}
+export function _resetForTesting() {}
+`,
+
+	'services/analytics/growthbook': `
+const noop = () => {};
+export function onGrowthBookRefresh() { return noop; }
+export function hasGrowthBookEnvOverride() { return false; }
+export function getAllGrowthBookFeatures() { return {}; }
+export function getGrowthBookConfigOverrides() { return {}; }
+export function setGrowthBookConfigOverride() {}
+export function clearGrowthBookConfigOverrides() {}
+export function getApiBaseUrlHost() { return undefined; }
+export const initializeGrowthBook = async () => null;
+export async function getFeatureValue_DEPRECATED(feature, defaultValue) { return defaultValue; }
+export function getFeatureValue_CACHED_MAY_BE_STALE(feature, defaultValue) { return defaultValue; }
+export function getFeatureValue_CACHED_WITH_REFRESH(feature, defaultValue) { return defaultValue; }
+export function checkStatsigFeatureGate_CACHED_MAY_BE_STALE() { return false; }
+export async function checkSecurityRestrictionGate() { return false; }
+export async function checkGate_CACHED_OR_BLOCKING() { return false; }
+export function refreshGrowthBookAfterAuthChange() {}
+export function resetGrowthBook() {}
+export async function refreshGrowthBookFeatures() {}
+export function setupPeriodicGrowthBookRefresh() {}
+export function stopPeriodicGrowthBookRefresh() {}
+export async function getDynamicConfig_BLOCKS_ON_INIT(configName, defaultValue) { return defaultValue; }
+export function getDynamicConfig_CACHED_MAY_BE_STALE(configName, defaultValue) { return defaultValue; }
+`,
+
+	'services/analytics/sink': `
+export function initializeAnalyticsGates() {}
+export function initializeAnalyticsSink() {}
+`,
+
+	'services/analytics/config': `
+export function isAnalyticsDisabled() { return true; }
+export function isFeedbackSurveyDisabled() { return true; }
+`,
+
+	'services/analytics/datadog': `
+export const initializeDatadog = async () => false;
+export async function shutdownDatadog() {}
+export async function trackDatadogEvent() {}
+`,
+
+	'services/analytics/firstPartyEventLogger': `
+export function getEventSamplingConfig() { return {}; }
+export function shouldSampleEvent() { return null; }
+export async function shutdown1PEventLogging() {}
+export function is1PEventLoggingEnabled() { return false; }
+export function logEventTo1P() {}
+export function logGrowthBookExperimentTo1P() {}
+export function initialize1PEventLogging() {}
+export async function reinitialize1PEventLoggingIfConfigChanged() {}
+`,
+
+	'services/analytics/firstPartyEventLoggingExporter': `
+export class FirstPartyEventLoggingExporter {
+	constructor() {}
+	async export(logs, resultCallback) { resultCallback({ code: 0 }); }
+	async getQueuedEventCount() { return 0; }
+	async shutdown() {}
+	async forceFlush() {}
+}
+`,
+
+	'services/analytics/metadata': `
+export function sanitizeToolNameForAnalytics(toolName) { return toolName; }
+export function isToolDetailsLoggingEnabled() { return false; }
+export function isAnalyticsToolDetailsLoggingEnabled() { return false; }
+export function mcpToolDetailsForAnalytics() { return {}; }
+export function extractMcpToolDetails() { return undefined; }
+export function extractSkillName() { return undefined; }
+export function extractToolInputForTelemetry() { return undefined; }
+export function getFileExtensionForAnalytics() { return undefined; }
+export function getFileExtensionsFromBashCommand() { return undefined; }
+export async function getEventMetadata() { return {}; }
+export function to1PEventFormat() { return {}; }
+`,
+
+	// ─── Telemetry subsystems ───────────────────────────────────────
+
+	'utils/telemetry/bigqueryExporter': `
+export class BigQueryMetricsExporter {
+	constructor() {}
+	async export(metrics, resultCallback) { resultCallback({ code: 0 }); }
+	async shutdown() {}
+	async forceFlush() {}
+	selectAggregationTemporality() { return 0; }
+}
+`,
+
+	'utils/telemetry/perfettoTracing': `
+export function initializePerfettoTracing() {}
+export function isPerfettoTracingEnabled() { return false; }
+export function registerAgent() {}
+export function unregisterAgent() {}
+export function startLLMRequestPerfettoSpan() { return ''; }
+export function endLLMRequestPerfettoSpan() {}
+export function startToolPerfettoSpan() { return ''; }
+export function endToolPerfettoSpan() {}
+export function startUserInputPerfettoSpan() { return ''; }
+export function endUserInputPerfettoSpan() {}
+export function emitPerfettoInstant() {}
+export function emitPerfettoCounter() {}
+export function startInteractionPerfettoSpan() { return ''; }
+export function endInteractionPerfettoSpan() {}
+export function getPerfettoEvents() { return []; }
+export function resetPerfettoTracer() {}
+export async function triggerPeriodicWriteForTesting() {}
+export function evictStaleSpansForTesting() {}
+export const MAX_EVENTS_FOR_TESTING = 0;
+export function evictOldestEventsForTesting() {}
+`,
+
+	'utils/telemetry/sessionTracing': `
+const noopSpan = {
+	end() {}, setAttribute() {}, setStatus() {},
+	recordException() {}, addEvent() {}, isRecording() { return false; },
+};
+export function isBetaTracingEnabled() { return false; }
+export function isEnhancedTelemetryEnabled() { return false; }
+export function startInteractionSpan() { return noopSpan; }
+export function endInteractionSpan() {}
+export function startLLMRequestSpan() { return noopSpan; }
+export function endLLMRequestSpan() {}
+export function startToolSpan() { return noopSpan; }
+export function startToolBlockedOnUserSpan() { return noopSpan; }
+export function endToolBlockedOnUserSpan() {}
+export function startToolExecutionSpan() { return noopSpan; }
+export function endToolExecutionSpan() {}
+export function endToolSpan() {}
+export function addToolContentEvent() {}
+export function getCurrentSpan() { return null; }
+export async function executeInSpan(spanName, fn) { return fn(noopSpan); }
+export function startHookSpan() { return noopSpan; }
+export function endHookSpan() {}
+`,
+
+	// ─── Auto-updater (phones home to GCS + npm) ──────────────────
+
+	'utils/autoUpdater': `
+export async function assertMinVersion() {}
+export async function getMaxVersion() { return undefined; }
+export async function getMaxVersionMessage() { return undefined; }
+export function shouldSkipVersion() { return true; }
+export function getLockFilePath() { return '/tmp/openclaude-update.lock'; }
+export async function checkGlobalInstallPermissions() { return { hasPermissions: false, npmPrefix: null }; }
+export async function getLatestVersion() { return null; }
+export async function getNpmDistTags() { return { latest: null, stable: null }; }
+export async function getLatestVersionFromGcs() { return null; }
+export async function getGcsDistTags() { return { latest: null, stable: null }; }
+export async function getVersionHistory() { return []; }
+export async function installGlobalPackage() { return 'success'; }
+`,
+
+	// ─── Plugin fetch telemetry (not the marketplace itself) ───────
+
+	'utils/plugins/fetchTelemetry': `
+export function logPluginFetch() {}
+export function classifyFetchError() { return 'disabled'; }
+`,
+
+	// ─── Transcript / feedback sharing ─────────────────────────────
+
+	'components/FeedbackSurvey/submitTranscriptShare': `
+export async function submitTranscriptShare() { return { success: false }; }
+`,
+
+	// ─── Internal employee logging (not needed in the external build) ─────
+
+	'services/internalLogging': `
+export async function logPermissionContextForAnts() {}
+export const getContainerId = async () => null;
+`,
+
+	// ─── Deleted Anthropic-internal modules ───────────────────────────────
+
+	'services/api/dumpPrompts': `
+export function createDumpPromptsFetch() { return undefined; }
+export function getDumpPromptsPath() { return ''; }
+export function getLastApiRequests() { return []; }
+export function clearApiRequestCache() {}
+export function clearDumpState() {}
+export function clearAllDumpState() {}
+export function addApiRequestToCache() {}
+`,
+
+	'utils/undercover': `
+export function isUndercover() { return false; }
+export function getUndercoverInstructions() { return ''; }
+export function shouldShowUndercoverAutoNotice() { return false; }
+`,
+
+	'types/generated/events_mono/claude_code/v1/claude_code_internal_event': `
+export const ClaudeCodeInternalEvent = {
+  fromJSON: value => value,
+  toJSON: value => value,
+  create: value => value ?? {},
+  fromPartial: value => value ?? {},
+};
+`,
+
+	'types/generated/events_mono/growthbook/v1/growthbook_experiment_event': `
+export const GrowthbookExperimentEvent = {
+  fromJSON: value => value,
+  toJSON: value => value,
+  create: value => value ?? {},
+  fromPartial: value => value ?? {},
+};
+`,
+
+	'types/generated/events_mono/common/v1/auth': `
+export const PublicApiAuth = {
+  fromJSON: value => value,
+  toJSON: value => value,
+  create: value => value ?? {},
+  fromPartial: value => value ?? {},
+};
+`,
+
+	'types/generated/google/protobuf/timestamp': `
+export const Timestamp = {
+  fromJSON: value => value,
+  toJSON: value => value,
+  create: value => value ?? {},
+  fromPartial: value => value ?? {},
+};
+`,
+}
+
+function escapeForResolvedPathRegex(modulePath: string): string {
+	return modulePath
+		.replace(/[|\\{}()[\]^$+*?.]/g, '\\$&')
+		.replace(/\//g, '[/\\\\]')
+}
+
+export const noTelemetryPlugin: BunPlugin = {
+	name: 'no-telemetry',
+	setup(build) {
+		for (const [modulePath, contents] of Object.entries(stubs)) {
+			// Build regex that matches the resolved file path on any OS
+			// e.g. "services/analytics/growthbook" → /services[/\\]analytics[/\\]growthbook\.(ts|js)$/
+			const escaped = escapeForResolvedPathRegex(modulePath)
+			const filter = new RegExp(`${escaped}\\.(ts|js)$`)
+
+			build.onLoad({ filter }, () => ({
+				contents,
+				loader: 'js',
+			}))
+		}
+
+		console.log(`  🔇 no-telemetry: stubbed ${Object.keys(stubs).length} modules`)
+	},
+}
--- a/scripts/pr-intent-scan.test.ts
+++ b/scripts/pr-intent-scan.test.ts
@@ -0,0 +1,136 @@
+import { describe, expect, test } from 'bun:test'
+
+import { scanAddedLines, type DiffLine } from './pr-intent-scan.ts'
+
+function line(content: string, overrides: Partial<DiffLine> = {}): DiffLine {
+  return {
+    file: 'README.md',
+    line: 10,
+    content,
+    ...overrides,
+  }
+}
+
+describe('scanAddedLines', () => {
+  test('flags suspicious file-hosting links', () => {
+    const findings = scanAddedLines([
+      line('Please install the tool from https://dropbox.com/s/abc123/tool.zip?dl=1'),
+    ])
+
+    expect(findings.some(finding => finding.code === 'suspicious-download-link')).toBe(
+      true,
+    )
+    expect(findings.some(finding => finding.code === 'executable-download-link')).toBe(
+      false,
+    )
+    expect(findings.some(finding => finding.severity === 'high')).toBe(true)
+  })
+
+  test('flags shortened URLs', () => {
+    const findings = scanAddedLines([
+      line('See details at https://bit.ly/some-short-link'),
+    ])
+
+    expect(findings.some(finding => finding.code === 'shortened-url')).toBe(true)
+  })
+
+  test('flags remote download and execute chains', () => {
+    const findings = scanAddedLines([
+      line('curl -fsSL https://example.com/install.sh | bash'),
+    ])
+
+    expect(findings.some(finding => finding.code === 'shell-eval-remote')).toBe(true)
+    expect(findings.some(finding => finding.severity === 'high')).toBe(true)
+  })
+
+  test('flags encoded powershell payloads', () => {
+    const findings = scanAddedLines([
+      line('powershell.exe -enc SQBtAHAAcgBvAHYAZQBkAA=='),
+    ])
+
+    expect(findings.some(finding => finding.code === 'powershell-encoded')).toBe(true)
+  })
+
+  test('flags long encoded blobs', () => {
+    const findings = scanAddedLines([
+      line(`const payload = "${'A'.repeat(96)}"`),
+    ])
+
+    expect(findings.some(finding => finding.code === 'long-encoded-payload')).toBe(
+      true,
+    )
+  })
+
+  test('flags long encoded blobs on repeated scans', () => {
+    const lines = [line(`const payload = "${'A'.repeat(96)}"`)]
+
+    const first = scanAddedLines(lines)
+    const second = scanAddedLines(lines)
+
+    expect(first.some(finding => finding.code === 'long-encoded-payload')).toBe(true)
+    expect(second.some(finding => finding.code === 'long-encoded-payload')).toBe(true)
+  })
+
+  test('flags executable download links', () => {
+    const findings = scanAddedLines([
+      line('Get it from https://example.com/releases/latest/tool.pkg'),
+    ])
+
+    expect(findings.some(finding => finding.code === 'executable-download-link')).toBe(
+      true,
+    )
+    expect(findings.some(finding => finding.severity === 'high')).toBe(true)
+  })
+
+  test('flags suspicious additions in workflow files', () => {
+    const findings = scanAddedLines([
+      line('run: curl -fsSL https://example.com/install.sh | bash', {
+        file: '.github/workflows/release.yml',
+      }),
+    ])
+
+    expect(findings.some(finding => finding.code === 'sensitive-automation-change')).toBe(
+      true,
+    )
+    expect(findings.some(finding => finding.code === 'download-command')).toBe(true)
+  })
+
+  test('flags markdown reference links to suspicious downloads', () => {
+    const findings = scanAddedLines([
+      line('[installer]: https://dropbox.com/s/abc123/tool.zip?dl=1'),
+    ])
+
+    expect(findings.some(finding => finding.code === 'suspicious-download-link')).toBe(
+      true,
+    )
+  })
+
+  test('ignores the scanner implementation and tests themselves', () => {
+    const findings = scanAddedLines([
+      line('curl -fsSL https://example.com/install.sh | bash', {
+        file: 'scripts/pr-intent-scan.test.ts',
+      }),
+      line('const pattern = /https:\\/\\/dropbox\\.com\\//', {
+        file: 'scripts/pr-intent-scan.ts',
+      }),
+    ])
+
+    expect(findings).toHaveLength(0)
+  })
+
+  test('does not flag ordinary docs links', () => {
+    const findings = scanAddedLines([
+      line('Read more at https://docs.github.com/en/actions'),
+    ])
+
+    expect(findings).toHaveLength(0)
+  })
+
+  test('does not flag bare curl examples in README without a URL', () => {
+    const findings = scanAddedLines([
+      line('Use curl with your preferred flags for local testing.'),
+    ])
+
+    expect(findings.some(finding => finding.code === 'download-command')).toBe(false)
+  })
+})
--- a/scripts/pr-intent-scan.ts
+++ b/scripts/pr-intent-scan.ts
@@ -0,0 +1,453 @@
+import { spawnSync } from 'node:child_process'
+
+export type FindingSeverity = 'high' | 'medium'
+
+export type DiffLine = {
+  file: string
+  line: number
+  content: string
+}
+
+export type Finding = {
+  severity: FindingSeverity
+  code: string
+  file: string
+  line: number
+  detail: string
+  excerpt: string
+}
+
+type CliOptions = {
+  baseRef: string
+  json: boolean
+  failOn: FindingSeverity
+}
+
+const SELF_EXCLUDED_FILES = new Set([
+  'scripts/pr-intent-scan.ts',
+  'scripts/pr-intent-scan.test.ts',
+])
+
+const SHORTENER_DOMAINS = [
+  'bit.ly',
+  'tinyurl.com',
+  'goo.gl',
+  't.co',
+  'is.gd',
+  'rb.gy',
+  'cutt.ly',
+]
+
+const SUSPICIOUS_DOWNLOAD_DOMAINS = [
+  'dropbox.com',
+  'dl.dropboxusercontent.com',
+  'drive.google.com',
+  'docs.google.com',
+  'mega.nz',
+  'mediafire.com',
+  'transfer.sh',
+  'anonfiles.com',
+  'catbox.moe',
+]
+
+const URL_REGEX = /\bhttps?:\/\/[^\s)>"']+/gi
+const LONG_BASE64_REGEX = /\b(?:[A-Za-z0-9+/]{80,}={0,2}|[A-Za-z0-9_-]{80,})\b/
+const EXECUTABLE_PATH_REGEX =
+  /\.(?:sh|bash|zsh|ps1|exe|msi|pkg|deb|rpm|zip|tar|tgz|gz|xz|dmg|appimage)(?:$|[?#])/i
+const SENSITIVE_PATH_REGEX =
+  /^(?:\.github\/workflows\/|scripts\/|bin\/|install(?:\/|\.|$)|.*(?:Dockerfile|docker-compose|compose\.ya?ml)$)/i
+
+function parseOptions(argv: string[]): CliOptions {
+  const options: CliOptions = {
+    baseRef: 'origin/main',
+    json: false,
+    failOn: 'high',
+  }
+
+  for (let index = 0; index < argv.length; index++) {
+    const arg = argv[index]
+    if (arg === '--json') {
+      options.json = true
+      continue
+    }
+    if (arg === '--base') {
+      const next = argv[index + 1]
+      if (next && !next.startsWith('--')) {
+        options.baseRef = next
+        index++
+      }
+      continue
+    }
+    if (arg === '--fail-on') {
+      const next = argv[index + 1]
+      if (next === 'high' || next === 'medium') {
+        options.failOn = next
+        index++
+      }
+    }
+  }
+
+  return options
+}
+
+function trimExcerpt(content: string): string {
+  const compact = content.trim().replace(/\s+/g, ' ')
+  return compact.length > 140 ? `${compact.slice(0, 137)}...` : compact
+}
+
+function uniqueFindings(findings: Finding[]): Finding[] {
+  const seen = new Set<string>()
+  return findings.filter(finding => {
+    const key = `${finding.code}:${finding.file}:${finding.line}:${finding.detail}`
+    if (seen.has(key)) {
+      return false
+    }
+    seen.add(key)
+    return true
+  })
+}
+
+function parseAddedLines(diffText: string): DiffLine[] {
+  const lines = diffText.split('\n')
+  const added: DiffLine[] = []
+  let currentFile: string | null = null
+  let currentLine = 0
+
+  for (const rawLine of lines) {
+    if (rawLine.startsWith('+++ b/')) {
+      currentFile = rawLine.slice('+++ b/'.length)
+      continue
+    }
+
+    if (rawLine.startsWith('@@')) {
+      const match = /\+(\d+)(?:,(\d+))?/.exec(rawLine)
+      if (match) {
+        currentLine = Number(match[1])
+      }
+      continue
+    }
+
+    if (!currentFile) {
+      continue
+    }
+
+    if (rawLine.startsWith('+') && !rawLine.startsWith('+++')) {
+      added.push({
+        file: currentFile,
+        line: currentLine,
+        content: rawLine.slice(1),
+      })
+      currentLine += 1
+      continue
+    }
+
+    if (rawLine.startsWith('-') && !rawLine.startsWith('---')) {
+      continue
+    }
+
+    if (!rawLine.startsWith('\\')) {
+      currentLine += 1
+    }
+  }
+
+  return added
+}
+
+function tryParseUrl(value: string): URL | null {
+  try {
+    return new URL(value)
+  } catch {
+    return null
+  }
+}
+
+function hostMatches(hostname: string, domain: string): boolean {
+  return hostname === domain || hostname.endsWith(`.${domain}`)
+}
+
+function hasSuspiciousDownloadIndicators(url: URL): boolean {
+  const combined = `${url.pathname}${url.search}`.toLowerCase()
+  return (
+    combined.includes('dl=1') ||
+    combined.includes('raw=1') ||
+    combined.includes('export=download') ||
+    combined.includes('/download') ||
+    combined.includes('/uc?export=download')
+  )
+}
+
+function findUrlFindings(line: DiffLine): Finding[] {
+  const findings: Finding[] = []
+  const matches = line.content.match(URL_REGEX) ?? []
+
+  for (const match of matches) {
+    const parsed = tryParseUrl(match)
+    if (!parsed) continue
+
+    const hostname = parsed.hostname.toLowerCase()
+
+    for (const domain of SHORTENER_DOMAINS) {
+      if (hostMatches(hostname, domain)) {
+        findings.push({
+          severity: 'medium',
+          code: 'shortened-url',
+          file: line.file,
+          line: line.line,
+          detail: `Added shortened URL: ${hostname}`,
+          excerpt: trimExcerpt(line.content),
+        })
+      }
+    }
+
+    const isSuspiciousHost = SUSPICIOUS_DOWNLOAD_DOMAINS.some(domain =>
+      hostMatches(hostname, domain),
+    )
+    const isExecutableDownload = EXECUTABLE_PATH_REGEX.test(
+      `${parsed.pathname}${parsed.search}`,
+    )
+
+    if (isSuspiciousHost) {
+      findings.push({
+        severity:
+          hasSuspiciousDownloadIndicators(parsed) || isExecutableDownload
+            ? 'high'
+            : 'medium',
+        code: 'suspicious-download-link',
+        file: line.file,
+        line: line.line,
+        detail: `Added external file-hosting link: ${hostname}`,
+        excerpt: trimExcerpt(line.content),
+      })
+    } else if (isExecutableDownload) {
+      findings.push({
+        severity: 'high',
+        code: 'executable-download-link',
+        file: line.file,
+        line: line.line,
+        detail: `Added direct link to executable or archive payload: ${hostname}`,
+        excerpt: trimExcerpt(line.content),
+      })
+    }
+  }
+
+  return findings
+}
+
+function findSensitivePathFindings(line: DiffLine): Finding[] {
+  if (!SENSITIVE_PATH_REGEX.test(line.file)) {
+    return []
+  }
+
+  const lower = line.content.toLowerCase()
+
+  if (
+    /\b(curl|wget|invoke-webrequest|iwr|powershell|bash|sh|chmod\s+\+x)\b/i.test(
+      line.content,
+    ) ||
+    URL_REGEX.test(line.content) ||
+    lower.includes('download')
+  ) {
+    return [
+      {
+        severity: 'medium',
+        code: 'sensitive-automation-change',
+        file: line.file,
+        line: line.line,
+        detail:
+          'Added network, execution, or download-related content in a sensitive automation file',
+        excerpt: trimExcerpt(line.content),
+      },
+    ]
+  }
+
+  return []
+}
+
+function findCommandFindings(line: DiffLine): Finding[] {
+  const findings: Finding[] = []
+  const lower = line.content.toLowerCase()
+
+  const highPatterns: Array<[string, RegExp, string]> = [
+    [
+      'download-exec-chain',
+      /\b(curl|wget|invoke-webrequest|iwr)\b.*(\|\s*(sh|bash|zsh)|;\s*chmod\s+\+x|&&\s*\.\.?\/|>\s*\/tmp\/)/i,
+      'Added remote download followed by execution or staging',
+    ],
+    [
+      'powershell-encoded',
+      /\bpowershell(?:\.exe)?\b.*(?:-enc|-encodedcommand)\b/i,
+      'Added encoded PowerShell invocation',
+    ],
+    [
+      'shell-eval-remote',
+      /\b(curl|wget)\b.*\|\s*(sh|bash|zsh)\b/i,
+      'Added shell pipe from remote content into interpreter',
+    ],
+    [
+      'binary-lolbin',
+      /\b(mshta|rundll32|regsvr32|certutil)\b/i,
+      'Added living-off-the-land binary often used for payload staging',
+    ],
+    [
+      'invoke-expression',
+      /\b(iex|invoke-expression)\b/i,
+      'Added PowerShell expression execution',
+    ],
+  ]
+
+  const mediumPatterns: Array<[string, RegExp, string]> = [
+    [
+      'download-command',
+      /\b(curl|wget|invoke-webrequest|iwr)\b.*https?:\/\//i,
+      'Added command that downloads remote content',
+    ],
+    [
+      'archive-extract-exec',
+      /\b(unzip|tar|7z)\b.*(&&|;).*\b(chmod|node|python|bash|sh)\b/i,
+      'Added archive extraction followed by execution',
+    ],
+    [
+      'base64-decode',
+      /\b(base64\s+-d|openssl\s+base64\s+-d|python .*b64decode)\b/i,
+      'Added explicit payload decode step',
+    ],
+  ]
+
+  for (const [code, pattern, detail] of highPatterns) {
+    if (pattern.test(line.content)) {
+      findings.push({
+        severity: 'high',
+        code,
+        file: line.file,
+        line: line.line,
+        detail,
+        excerpt: trimExcerpt(line.content),
+      })
+    }
+  }
+
+  for (const [code, pattern, detail] of mediumPatterns) {
+    if (code === 'download-command' && !SENSITIVE_PATH_REGEX.test(line.file)) {
+      continue
+    }
+    if (pattern.test(line.content)) {
+      findings.push({
+        severity: 'medium',
+        code,
+        file: line.file,
+        line: line.line,
+        detail,
+        excerpt: trimExcerpt(line.content),
+      })
+    }
+  }
+
+  if (LONG_BASE64_REGEX.test(line.content) && !lower.includes('sha256') && !lower.includes('sha512')) {
+    findings.push({
+      severity: 'medium',
+      code: 'long-encoded-payload',
+      file: line.file,
+      line: line.line,
+      detail: 'Added long encoded blob or token-like payload',
+      excerpt: trimExcerpt(line.content),
+    })
+  }
+
+  return findings
+}
+
+export function scanAddedLines(lines: DiffLine[]): Finding[] {
+  const findings = lines
+    .filter(line => !SELF_EXCLUDED_FILES.has(line.file))
+    .flatMap(line => [
+    ...findUrlFindings(line),
+    ...findCommandFindings(line),
+    ...findSensitivePathFindings(line),
+  ])
+  return uniqueFindings(findings)
+}
+
+export function getGitDiff(baseRef: string): string {
+  const mergeBase = spawnSync('git', ['merge-base', baseRef, 'HEAD'], {
+    encoding: 'utf8',
+  })
+
+  if (mergeBase.status !== 0) {
+    throw new Error(
+      `Could not determine merge-base with ${baseRef}: ${mergeBase.stderr.trim() || mergeBase.stdout.trim()}`,
+    )
+  }
+
+  const base = mergeBase.stdout.trim()
+  const diff = spawnSync(
+    'git',
+    ['diff', '--unified=0', '--no-ext-diff', `${base}...HEAD`],
+    { encoding: 'utf8' },
+  )
+
+  if (diff.status !== 0) {
+    throw new Error(`git diff failed: ${diff.stderr.trim() || diff.stdout.trim()}`)
+  }
+
+  return diff.stdout
+}
+
+function shouldFail(findings: Finding[], failOn: FindingSeverity): boolean {
+  if (failOn === 'medium') {
+    return findings.length > 0
+  }
+  return findings.some(finding => finding.severity === 'high')
+}
+
+function renderText(findings: Finding[]): string {
+  if (findings.length === 0) {
+    return 'PR intent scan: no suspicious additions found.'
+  }
+
+  const high = findings.filter(f => f.severity === 'high')
+  const medium = findings.filter(f => f.severity === 'medium')
+  const lines = [
+    `PR intent scan: ${findings.length} finding(s)`,
+    `- high: ${high.length}`,
+    `- medium: ${medium.length}`,
+    '',
+  ]
+
+  for (const finding of findings) {
+    lines.push(
+      `[${finding.severity.toUpperCase()}] ${finding.file}:${finding.line} ${finding.detail}`,
+    )
+    lines.push(`  ${finding.excerpt}`)
+  }
+
+  return lines.join('\n')
+}
+
+export function run(options: CliOptions): number {
+  const diff = getGitDiff(options.baseRef)
+  const addedLines = parseAddedLines(diff)
+  const findings = scanAddedLines(addedLines)
+
+  if (options.json) {
+    process.stdout.write(
+      `${JSON.stringify(
+        {
+          baseRef: options.baseRef,
+          addedLines: addedLines.length,
+          findings,
+        },
+        null,
+        2,
+      )}\n`,
+    )
+  } else {
+    process.stdout.write(`${renderText(findings)}\n`)
+  }
+
+  return shouldFail(findings, options.failOn) ? 1 : 0
+}
+
+if (import.meta.main) {
+  const options = parseOptions(process.argv.slice(2))
+  process.exitCode = run(options)
+}
--- a/scripts/provider-bootstrap.ts
+++ b/scripts/provider-bootstrap.ts
@@ -1,6 +1,4 @@
 // @ts-nocheck
-import { writeFileSync } from 'node:fs'
-import { resolve } from 'node:path'
 import {
  resolveCodexApiCredentials,
 } from '../src/services/api/providerConfig.js'
@@ -10,18 +8,23 @@ import {
  recommendOllamaModel,
 } from '../src/utils/providerRecommendation.ts'
 import {
+  buildAtomicChatProfileEnv,
  buildCodexProfileEnv,
  buildGeminiProfileEnv,
  buildOllamaProfileEnv,
  buildOpenAIProfileEnv,
  createProfileFile,
+  saveProfileFile,
  selectAutoProfile,
  type ProfileFile,
  type ProviderProfile,
 } from '../src/utils/providerProfile.ts'
 import {
+  getAtomicChatChatBaseUrl,
  getOllamaChatBaseUrl,
+  hasLocalAtomicChat,
  hasLocalOllama,
+  listAtomicChatModels,
  listOllamaModels,
 } from './provider-discovery.ts'

@@ -34,7 +37,7 @@ function parseArg(name: string): string | null {

 function parseProviderArg(): ProviderProfile | 'auto' {
  const p = parseArg('--provider')?.toLowerCase()
-  if (p === 'openai' || p === 'ollama' || p === 'codex' || p === 'gemini') return p
+  if (p === 'openai' || p === 'ollama' || p === 'codex' || p === 'gemini' || p === 'atomic-chat') return p
  return 'auto'
 }

@@ -102,6 +105,21 @@ async function main(): Promise<void> {
        getOllamaChatBaseUrl,
      },
    )
+  } else if (selected === 'atomic-chat') {
+    const model = argModel || (await listAtomicChatModels(argBaseUrl || undefined))[0]
+    if (!model) {
+      if (!(await hasLocalAtomicChat(argBaseUrl || undefined))) {
+        console.error('Atomic Chat is not running (could not connect to 127.0.0.1:1337).\n  Download from https://atomic.chat/ and launch the application.')
+      } else {
+        console.error('Atomic Chat is running but no model is loaded. Open Atomic Chat and download or start a model first.')
+      }
+      process.exit(1)
+    }
+
+    env = buildAtomicChatProfileEnv(model, {
+      baseUrl: argBaseUrl,
+      getAtomicChatChatBaseUrl,
+    })
  } else if (selected === 'codex') {
    const builtEnv = buildCodexProfileEnv({
      model: argModel,
@@ -147,8 +165,7 @@ async function main(): Promise<void> {

  const profile = createProfileFile(selected, env)

-  const outputPath = resolve(process.cwd(), '.openclaude-profile.json')
-  writeFileSync(outputPath, JSON.stringify(profile, null, 2), { encoding: 'utf8', mode: 0o600 })
+  const outputPath = saveProfileFile(profile)

  console.log(`Saved profile: ${selected}`)
  console.log(`Goal: ${goal}`)
--- a/scripts/provider-discovery.ts
+++ b/scripts/provider-discovery.ts
@@ -1,129 +1,13 @@
-import type { OllamaModelDescriptor } from '../src/utils/providerRecommendation.ts'
-
-export const DEFAULT_OLLAMA_BASE_URL = 'http://localhost:11434'
-
-function withTimeoutSignal(timeoutMs: number): {
-  signal: AbortSignal
-  clear: () => void
-} {
-  const controller = new AbortController()
-  const timeout = setTimeout(() => controller.abort(), timeoutMs)
-  return {
-    signal: controller.signal,
-    clear: () => clearTimeout(timeout),
-  }
-}
-
-function trimTrailingSlash(value: string): string {
-  return value.replace(/\/+$/, '')
-}
-
-export function getOllamaApiBaseUrl(baseUrl?: string): string {
-  const parsed = new URL(
-    baseUrl || process.env.OLLAMA_BASE_URL || DEFAULT_OLLAMA_BASE_URL,
-  )
-  const pathname = trimTrailingSlash(parsed.pathname)
-  parsed.pathname = pathname.endsWith('/v1')
-    ? pathname.slice(0, -3) || '/'
-    : pathname || '/'
-  parsed.search = ''
-  parsed.hash = ''
-  return trimTrailingSlash(parsed.toString())
-}
-
-export function getOllamaChatBaseUrl(baseUrl?: string): string {
-  return `${getOllamaApiBaseUrl(baseUrl)}/v1`
-}
-
-export async function hasLocalOllama(baseUrl?: string): Promise<boolean> {
-  const { signal, clear } = withTimeoutSignal(1200)
-  try {
-    const response = await fetch(`${getOllamaApiBaseUrl(baseUrl)}/api/tags`, {
-      method: 'GET',
-      signal,
-    })
-    return response.ok
-  } catch {
-    return false
-  } finally {
-    clear()
-  }
-}
-
-export async function listOllamaModels(
-  baseUrl?: string,
-): Promise<OllamaModelDescriptor[]> {
-  const { signal, clear } = withTimeoutSignal(5000)
-  try {
-    const response = await fetch(`${getOllamaApiBaseUrl(baseUrl)}/api/tags`, {
-      method: 'GET',
-      signal,
-    })
-    if (!response.ok) {
-      return []
-    }
-
-    const data = await response.json() as {
-      models?: Array<{
-        name?: string
-        size?: number
-        details?: {
-          family?: string
-          families?: string[]
-          parameter_size?: string
-          quantization_level?: string
-        }
-      }>
-    }
-
-    return (data.models ?? [])
-      .filter(model => Boolean(model.name))
-      .map(model => ({
-        name: model.name!,
-        sizeBytes: typeof model.size === 'number' ? model.size : null,
-        family: model.details?.family ?? null,
-        families: model.details?.families ?? [],
-        parameterSize: model.details?.parameter_size ?? null,
-        quantizationLevel: model.details?.quantization_level ?? null,
-      }))
-  } catch {
-    return []
-  } finally {
-    clear()
-  }
-}
-
-export async function benchmarkOllamaModel(
-  modelName: string,
-  baseUrl?: string,
-): Promise<number | null> {
-  const start = Date.now()
-  const { signal, clear } = withTimeoutSignal(20000)
-  try {
-    const response = await fetch(`${getOllamaApiBaseUrl(baseUrl)}/api/chat`, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      signal,
-      body: JSON.stringify({
-        model: modelName,
-        stream: false,
-        messages: [{ role: 'user', content: 'Reply with OK.' }],
-        options: {
-          temperature: 0,
-          num_predict: 8,
-        },
-      }),
-    })
-    if (!response.ok) {
-      return null
-    }
-    await response.json()
-    return Date.now() - start
-  } catch {
-    return null
-  } finally {
-    clear()
-  }
-}
+export {
+  benchmarkOllamaModel,
+  DEFAULT_ATOMIC_CHAT_BASE_URL,
+  DEFAULT_OLLAMA_BASE_URL,
+  getAtomicChatApiBaseUrl,
+  getAtomicChatChatBaseUrl,
+  getOllamaApiBaseUrl,
+  getOllamaChatBaseUrl,
+  hasLocalAtomicChat,
+  hasLocalOllama,
+  listAtomicChatModels,
+  listOllamaModels,
+} from '../src/utils/providerDiscovery.ts'
--- a/scripts/provider-launch.ts
+++ b/scripts/provider-launch.ts
@@ -1,7 +1,5 @@
 // @ts-nocheck
 import { spawn } from 'node:child_process'
-import { existsSync, readFileSync } from 'node:fs'
-import { resolve } from 'node:path'
 import {
  resolveCodexApiCredentials,
 } from '../src/services/api/providerConfig.js'
@@ -11,13 +9,17 @@ import {
 } from '../src/utils/providerRecommendation.ts'
 import {
  buildLaunchEnv,
+  loadProfileFile,
  selectAutoProfile,
  type ProfileFile,
  type ProviderProfile,
 } from '../src/utils/providerProfile.ts'
 import {
+  getAtomicChatChatBaseUrl,
  getOllamaChatBaseUrl,
+  hasLocalAtomicChat,
  hasLocalOllama,
+  listAtomicChatModels,
  listOllamaModels,
 } from './provider-discovery.ts'

@@ -48,7 +50,7 @@ function parseLaunchOptions(argv: string[]): LaunchOptions {
      continue
    }

-    if ((lower === 'auto' || lower === 'openai' || lower === 'ollama' || lower === 'codex' || lower === 'gemini') && requestedProfile === 'auto') {
+    if ((lower === 'auto' || lower === 'openai' || lower === 'ollama' || lower === 'codex' || lower === 'gemini' || lower === 'atomic-chat') && requestedProfile === 'auto') {
      requestedProfile = lower as ProviderProfile | 'auto'
      continue
    }
@@ -75,17 +77,7 @@ function parseLaunchOptions(argv: string[]): LaunchOptions {
 }

 function loadPersistedProfile(): ProfileFile | null {
-  const path = resolve(process.cwd(), '.openclaude-profile.json')
-  if (!existsSync(path)) return null
-  try {
-    const parsed = JSON.parse(readFileSync(path, 'utf8')) as ProfileFile
-    if (parsed.profile === 'openai' || parsed.profile === 'ollama' || parsed.profile === 'codex' || parsed.profile === 'gemini') {
-      return parsed
-    }
-    return null
-  } catch {
-    return null
-  }
+  return loadProfileFile()
 }

 async function resolveOllamaDefaultModel(
@@ -96,6 +88,11 @@ async function resolveOllamaDefaultModel(
  return recommended?.name ?? null
 }

+async function resolveAtomicChatDefaultModel(): Promise<string | null> {
+  const models = await listAtomicChatModels()
+  return models[0] ?? null
+}
+
 function runCommand(command: string, env: NodeJS.ProcessEnv): Promise<number> {
  return runProcess(command, [], env)
 }
@@ -123,19 +120,18 @@ function applyFastFlags(env: NodeJS.ProcessEnv): NodeJS.ProcessEnv {
  return env
 }

-function printSummary(profile: ProviderProfile, env: NodeJS.ProcessEnv): void {
+function printSummary(profile: ProviderProfile): void {
  console.log(`Launching profile: ${profile}`)
  if (profile === 'gemini') {
-    console.log(`GEMINI_MODEL=${env.GEMINI_MODEL}`)
-    console.log(`GEMINI_API_KEY_SET=${Boolean(env.GEMINI_API_KEY)}`)
+    console.log('Using configured Gemini provider settings.')
  } else if (profile === 'codex') {
-    console.log(`OPENAI_BASE_URL=${env.OPENAI_BASE_URL}`)
-    console.log(`OPENAI_MODEL=${env.OPENAI_MODEL}`)
-    console.log(`CODEX_API_KEY_SET=${Boolean(resolveCodexApiCredentials(env).apiKey)}`)
+    console.log('Using configured Codex/OpenAI-compatible provider settings.')
+  } else if (profile === 'atomic-chat') {
+    console.log('Using configured Atomic Chat provider settings.')
+  } else if (profile === 'ollama') {
+    console.log('Using configured Ollama provider settings.')
  } else {
-    console.log(`OPENAI_BASE_URL=${env.OPENAI_BASE_URL}`)
-    console.log(`OPENAI_MODEL=${env.OPENAI_MODEL}`)
-    console.log(`OPENAI_API_KEY_SET=${Boolean(env.OPENAI_API_KEY)}`)
+    console.log('Using configured OpenAI-compatible provider settings.')
  }
 }

@@ -143,7 +139,7 @@ async function main(): Promise<void> {
  const options = parseLaunchOptions(process.argv.slice(2))
  const requestedProfile = options.requestedProfile
  if (!requestedProfile) {
-    console.error('Usage: bun run scripts/provider-launch.ts [openai|ollama|codex|gemini|auto] [--fast] [--goal <latency|balanced|coding>] [-- <cli args>]')
+    console.error('Usage: bun run scripts/provider-launch.ts [openai|ollama|codex|gemini|atomic-chat|auto] [--fast] [--goal <latency|balanced|coding>] [-- <cli args>]')
    process.exit(1)
  }

@@ -175,12 +171,30 @@ async function main(): Promise<void> {
    }
  }

+  let resolvedAtomicChatModel: string | null = null
+  if (
+    profile === 'atomic-chat' &&
+    (persisted?.profile !== 'atomic-chat' || !persisted?.env?.OPENAI_MODEL)
+  ) {
+    if (!(await hasLocalAtomicChat())) {
+      console.error('Atomic Chat is not running (could not connect to 127.0.0.1:1337).\n  Download from https://atomic.chat/ and launch the application.')
+      process.exit(1)
+    }
+    resolvedAtomicChatModel = await resolveAtomicChatDefaultModel()
+    if (!resolvedAtomicChatModel) {
+      console.error('Atomic Chat is running but no model is loaded. Open Atomic Chat and download or start a model first.')
+      process.exit(1)
+    }
+  }
+
  const env = await buildLaunchEnv({
    profile,
    persisted,
    goal: options.goal,
    getOllamaChatBaseUrl,
    resolveOllamaDefaultModel: async () => resolvedOllamaModel || 'llama3.1:8b',
+    getAtomicChatChatBaseUrl,
+    resolveAtomicChatDefaultModel: async () => resolvedAtomicChatModel,
  })
  if (options.fast) {
    applyFastFlags(env)
@@ -212,7 +226,7 @@ async function main(): Promise<void> {
    }
  }

-  printSummary(profile, env)
+  printSummary(profile)

  const doctorCode = await runProcess('bun', ['run', 'scripts/system-check.ts'], env)
  if (doctorCode !== 0) {
--- a/scripts/provider-recommend.ts
+++ b/scripts/provider-recommend.ts
@@ -1,6 +1,4 @@
 // @ts-nocheck
-import { writeFileSync } from 'node:fs'
-import { resolve } from 'node:path'

 import {
  applyBenchmarkLatency,
@@ -16,6 +14,7 @@ import {
  buildOllamaProfileEnv,
  buildOpenAIProfileEnv,
  createProfileFile,
+  saveProfileFile,
  sanitizeApiKey,
  type ProfileFile,
  type ProviderProfile,
@@ -153,11 +152,7 @@ async function maybeApplyProfile(

  const profileFile = createProfileFile(profile, env)

-  writeFileSync(
-    resolve(process.cwd(), '.openclaude-profile.json'),
-    JSON.stringify(profileFile, null, 2),
-    'utf8',
-  )
+  saveProfileFile(profileFile)
  return true
 }

--- a/scripts/render-coverage-heatmap.ts
+++ b/scripts/render-coverage-heatmap.ts
@@ -0,0 +1,393 @@
+import { mkdir, readFile, writeFile } from 'fs/promises'
+import { dirname, resolve } from 'path'
+
+type FileCoverage = {
+  path: string
+  found: number
+  hit: number
+  chunks: number[]
+}
+
+type DirectoryCoverage = {
+  path: string
+  found: number
+  hit: number
+}
+
+const LCOV_PATH = resolve(process.cwd(), 'coverage/lcov.info')
+const HTML_PATH = resolve(process.cwd(), 'coverage/index.html')
+const CHUNK_COUNT = 20
+
+function escapeHtml(value: string): string {
+  return value
+    .replaceAll('&', '&amp;')
+    .replaceAll('<', '&lt;')
+    .replaceAll('>', '&gt;')
+    .replaceAll('"', '&quot;')
+}
+
+function bucketColor(ratio: number): string {
+  if (ratio >= 0.9) return '#166534'
+  if (ratio >= 0.75) return '#15803d'
+  if (ratio >= 0.5) return '#65a30d'
+  if (ratio > 0) return '#a3a3a3'
+  return '#262626'
+}
+
+function coverageLabel(ratio: number): string {
+  return `${Math.round(ratio * 100)}%`
+}
+
+function coverageRatio(found: number, hit: number): number {
+  return found === 0 ? 0 : hit / found
+}
+
+function bucketGlyph(ratio: number): string {
+  if (ratio >= 0.9) return '█'
+  if (ratio >= 0.75) return '▓'
+  if (ratio >= 0.5) return '▒'
+  if (ratio > 0) return '░'
+  return '·'
+}
+
+function terminalBar(chunks: number[]): string {
+  return chunks.map(bucketGlyph).join('')
+}
+
+function summarizeDirectories(files: FileCoverage[]): DirectoryCoverage[] {
+  const dirs = new Map<string, DirectoryCoverage>()
+
+  for (const file of files) {
+    const dir =
+      file.path.includes('/') ? file.path.slice(0, file.path.lastIndexOf('/')) : '.'
+    const current = dirs.get(dir) ?? { path: dir, found: 0, hit: 0 }
+    current.found += file.found
+    current.hit += file.hit
+    dirs.set(dir, current)
+  }
+
+  return [...dirs.values()].sort((a, b) => {
+    const left = coverageRatio(a.found, a.hit)
+    const right = coverageRatio(b.found, b.hit)
+    if (right !== left) return right - left
+    return b.found - a.found
+  })
+}
+
+function buildTerminalReport(files: FileCoverage[]): string {
+  const totalFound = files.reduce((sum, file) => sum + file.found, 0)
+  const totalHit = files.reduce((sum, file) => sum + file.hit, 0)
+  const totalRatio = coverageRatio(totalFound, totalHit)
+  const overallChunks = new Array(CHUNK_COUNT).fill(totalRatio)
+  const topDirectories = summarizeDirectories(files)
+    .filter(dir => dir.found > 0)
+    .slice(0, 8)
+  const lowestFiles = [...files]
+    .filter(file => file.found >= 20)
+    .sort((a, b) => {
+      const left = coverageRatio(a.found, a.hit)
+      const right = coverageRatio(b.found, b.hit)
+      if (left !== right) return left - right
+      return b.found - a.found
+    })
+    .slice(0, 10)
+
+  const lines = [
+    '',
+    'Coverage Activity',
+    `${terminalBar(overallChunks)}  ${coverageLabel(totalRatio)}  ${totalHit}/${totalFound} lines  ${files.length} files`,
+    '',
+    'Top Directories',
+  ]
+
+  for (const dir of topDirectories) {
+    const ratio = coverageRatio(dir.found, dir.hit)
+    lines.push(
+      `${terminalBar(new Array(12).fill(ratio))}  ${coverageLabel(ratio).padStart(4)}  ${String(dir.hit).padStart(5)}/${String(dir.found).padEnd(5)}  ${dir.path}`,
+    )
+  }
+
+  lines.push('', 'Lowest Coverage Files')
+
+  for (const file of lowestFiles) {
+    const ratio = coverageRatio(file.found, file.hit)
+    lines.push(
+      `${terminalBar(file.chunks).padEnd(CHUNK_COUNT)}  ${coverageLabel(ratio).padStart(4)}  ${String(file.hit).padStart(5)}/${String(file.found).padEnd(5)}  ${file.path}`,
+    )
+  }
+
+  lines.push('', `HTML report: ${HTML_PATH}`)
+  return lines.join('\n')
+}
+
+function parseLcov(content: string): FileCoverage[] {
+  const files: FileCoverage[] = []
+  const sections = content.split('end_of_record')
+
+  for (const rawSection of sections) {
+    const section = rawSection.trim()
+    if (!section) continue
+
+    const lines = section.split('\n')
+    let filePath = ''
+    const lineHits = new Map<number, number>()
+
+    for (const line of lines) {
+      if (line.startsWith('SF:')) {
+        filePath = line.slice(3).trim()
+      } else if (line.startsWith('DA:')) {
+        const [lineNumberText, hitText] = line.slice(3).split(',')
+        const lineNumber = Number(lineNumberText)
+        const hits = Number(hitText)
+        if (Number.isFinite(lineNumber) && Number.isFinite(hits)) {
+          lineHits.set(lineNumber, hits)
+        }
+      }
+    }
+
+    if (!filePath || lineHits.size === 0) continue
+
+    const ordered = [...lineHits.entries()].sort((a, b) => a[0] - b[0])
+    const found = ordered.length
+    const hit = ordered.filter(([, hits]) => hits > 0).length
+    const chunkSize = Math.max(1, Math.ceil(found / CHUNK_COUNT))
+    const chunks: number[] = []
+
+    for (let index = 0; index < found; index += chunkSize) {
+      const slice = ordered.slice(index, index + chunkSize)
+      const covered = slice.filter(([, hits]) => hits > 0).length
+      chunks.push(slice.length === 0 ? 0 : covered / slice.length)
+    }
+
+    while (chunks.length < CHUNK_COUNT) {
+      chunks.push(0)
+    }
+
+    files.push({
+      path: filePath,
+      found,
+      hit,
+      chunks: chunks.slice(0, CHUNK_COUNT),
+    })
+  }
+
+  return files.sort((a, b) => {
+    const left = a.found === 0 ? 0 : a.hit / a.found
+    const right = b.found === 0 ? 0 : b.hit / b.found
+    if (right !== left) return right - left
+    return a.path.localeCompare(b.path)
+  })
+}
+
+function buildHtml(files: FileCoverage[]): string {
+  const totalFound = files.reduce((sum, file) => sum + file.found, 0)
+  const totalHit = files.reduce((sum, file) => sum + file.hit, 0)
+  const totalRatio = totalFound === 0 ? 0 : totalHit / totalFound
+
+  const cards = [
+    ['Files', String(files.length)],
+    ['Covered Lines', `${totalHit}/${totalFound}`],
+    ['Line Coverage', coverageLabel(totalRatio)],
+  ]
+
+  const rows = files
+    .map(file => {
+      const ratio = file.found === 0 ? 0 : file.hit / file.found
+      const squares = file.chunks
+        .map(
+          (chunk, index) =>
+            `<span class="cell" title="Chunk ${index + 1}: ${coverageLabel(chunk)}" style="background:${bucketColor(chunk)}"></span>`,
+        )
+        .join('')
+
+      return `
+        <tr>
+          <td class="file">${escapeHtml(file.path)}</td>
+          <td class="percent">${coverageLabel(ratio)}</td>
+          <td class="lines">${file.hit}/${file.found}</td>
+          <td class="heatmap">${squares}</td>
+        </tr>
+      `
+    })
+    .join('')
+
+  const summary = cards
+    .map(
+      ([label, value]) => `
+        <div class="card">
+          <div class="card-label">${escapeHtml(label)}</div>
+          <div class="card-value">${escapeHtml(value)}</div>
+        </div>
+      `,
+    )
+    .join('')
+
+  return `<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>OpenClaude Coverage</title>
+    <style>
+      :root {
+        color-scheme: dark;
+        --bg: #09090b;
+        --panel: #111113;
+        --panel-2: #18181b;
+        --border: #27272a;
+        --text: #fafafa;
+        --muted: #a1a1aa;
+      }
+      * { box-sizing: border-box; }
+      body {
+        margin: 0;
+        background: linear-gradient(180deg, #09090b 0%, #0f0f12 100%);
+        color: var(--text);
+        font: 14px/1.4 ui-monospace, SFMono-Regular, Menlo, monospace;
+      }
+      main {
+        max-width: 1440px;
+        margin: 0 auto;
+        padding: 32px 24px 48px;
+      }
+      h1 {
+        margin: 0 0 8px;
+        font-size: 32px;
+        letter-spacing: -0.04em;
+      }
+      p {
+        margin: 0;
+        color: var(--muted);
+      }
+      .summary {
+        display: grid;
+        grid-template-columns: repeat(3, minmax(0, 1fr));
+        gap: 12px;
+        margin: 24px 0;
+      }
+      .card {
+        background: rgba(24, 24, 27, 0.92);
+        border: 1px solid var(--border);
+        border-radius: 16px;
+        padding: 16px 18px;
+      }
+      .card-label {
+        color: var(--muted);
+        margin-bottom: 8px;
+      }
+      .card-value {
+        font-size: 28px;
+        font-weight: 700;
+      }
+      .table-wrap {
+        background: rgba(17, 17, 19, 0.94);
+        border: 1px solid var(--border);
+        border-radius: 18px;
+        overflow: hidden;
+      }
+      table {
+        width: 100%;
+        border-collapse: collapse;
+      }
+      thead th {
+        text-align: left;
+        color: var(--muted);
+        font-weight: 500;
+        background: rgba(24, 24, 27, 0.95);
+        border-bottom: 1px solid var(--border);
+      }
+      th, td {
+        padding: 12px 16px;
+        vertical-align: middle;
+      }
+      tbody tr + tr td {
+        border-top: 1px solid rgba(39, 39, 42, 0.65);
+      }
+      .file {
+        width: 48%;
+        word-break: break-all;
+      }
+      .percent, .lines {
+        white-space: nowrap;
+      }
+      .heatmap {
+        width: 32%;
+        min-width: 280px;
+      }
+      .cell {
+        display: inline-block;
+        width: 12px;
+        height: 12px;
+        margin-right: 4px;
+        border-radius: 3px;
+        border: 1px solid rgba(255,255,255,0.05);
+      }
+      .legend {
+        display: flex;
+        align-items: center;
+        gap: 10px;
+        margin-top: 16px;
+        color: var(--muted);
+      }
+      .legend-scale {
+        display: flex;
+        gap: 4px;
+      }
+      @media (max-width: 900px) {
+        .summary {
+          grid-template-columns: 1fr;
+        }
+        .heatmap {
+          min-width: 220px;
+        }
+        th, td {
+          padding: 10px 12px;
+        }
+      }
+    </style>
+  </head>
+  <body>
+    <main>
+      <h1>Coverage Activity</h1>
+      <p>Git-style heatmap generated from coverage/lcov.info</p>
+      <section class="summary">${summary}</section>
+      <section class="table-wrap">
+        <table>
+          <thead>
+            <tr>
+              <th>File</th>
+              <th>Coverage</th>
+              <th>Lines</th>
+              <th>Activity</th>
+            </tr>
+          </thead>
+          <tbody>${rows}</tbody>
+        </table>
+      </section>
+      <div class="legend">
+        <span>Less</span>
+        <div class="legend-scale">
+          <span class="cell" style="background:#262626"></span>
+          <span class="cell" style="background:#a3a3a3"></span>
+          <span class="cell" style="background:#65a30d"></span>
+          <span class="cell" style="background:#15803d"></span>
+          <span class="cell" style="background:#166534"></span>
+        </div>
+        <span>More</span>
+      </div>
+    </main>
+  </body>
+</html>`
+}
+
+async function main() {
+  const content = await readFile(LCOV_PATH, 'utf8')
+  const files = parseLcov(content)
+  const html = buildHtml(files)
+  await mkdir(dirname(HTML_PATH), { recursive: true })
+  await writeFile(HTML_PATH, html, 'utf8')
+  console.log(buildTerminalReport(files))
+  console.log(`coverage heatmap written to ${HTML_PATH}`)
+}
+
+await main()
--- a/scripts/start-grpc.ts
+++ b/scripts/start-grpc.ts
@@ -0,0 +1,50 @@
+import { GrpcServer } from '../src/grpc/server.ts'
+import { init } from '../src/entrypoints/init.ts'
+
+// Polyfill MACRO which is normally injected by the bundler
+Object.assign(globalThis, {
+  MACRO: {
+    VERSION: '0.1.7',
+    DISPLAY_VERSION: '0.1.7',
+    PACKAGE_URL: '@gitlawb/openclaude',
+  }
+})
+
+async function main() {
+  console.log('Starting OpenClaude gRPC Server...')
+  await init()
+
+  // Mirror CLI bootstrap: hydrate secure tokens and resolve provider profile
+  const { enableConfigs } = await import('../src/utils/config.js')
+  enableConfigs()
+  const { applySafeConfigEnvironmentVariables } = await import('../src/utils/managedEnv.js')
+  applySafeConfigEnvironmentVariables()
+  const { hydrateGeminiAccessTokenFromSecureStorage } = await import('../src/utils/geminiCredentials.js')
+  hydrateGeminiAccessTokenFromSecureStorage()
+  const { hydrateGithubModelsTokenFromSecureStorage } = await import('../src/utils/githubModelsCredentials.js')
+  hydrateGithubModelsTokenFromSecureStorage()
+
+  const { buildStartupEnvFromProfile, applyProfileEnvToProcessEnv } = await import('../src/utils/providerProfile.js')
+  const { getProviderValidationError, validateProviderEnvOrExit } = await import('../src/utils/providerValidation.js')
+  const startupEnv = await buildStartupEnvFromProfile({ processEnv: process.env })
+  if (startupEnv !== process.env) {
+    const startupProfileError = await getProviderValidationError(startupEnv)
+    if (startupProfileError) {
+      console.warn(`Warning: ignoring saved provider profile. ${startupProfileError}`)
+    } else {
+      applyProfileEnvToProcessEnv(process.env, startupEnv)
+    }
+  }
+  await validateProviderEnvOrExit()
+
+  const port = process.env.GRPC_PORT ? parseInt(process.env.GRPC_PORT, 10) : 50051
+  const host = process.env.GRPC_HOST || 'localhost'
+  const server = new GrpcServer()
+
+  server.start(port, host)
+}
+
+main().catch((err) => {
+  console.error('Fatal error starting gRPC server:', err)
+  process.exit(1)
+})
--- a/scripts/system-check.test.ts
+++ b/scripts/system-check.test.ts
@@ -0,0 +1,42 @@
+import { describe, expect, test } from 'bun:test'
+
+import { formatReachabilityFailureDetail } from './system-check.ts'
+
+describe('formatReachabilityFailureDetail', () => {
+  test('returns generic failure detail for non-codex transport', () => {
+    const detail = formatReachabilityFailureDetail(
+      'https://api.openai.com/v1/models',
+      429,
+      '{"error":"rate_limit"}',
+      {
+        transport: 'chat_completions',
+        requestedModel: 'gpt-4o',
+        resolvedModel: 'gpt-4o',
+      },
+    )
+
+    expect(detail).toBe(
+      'Unexpected status 429 from https://api.openai.com/v1/models. Body: {"error":"rate_limit"}',
+    )
+  })
+
+  test('adds alias/entitlement hint for codex model support 400s', () => {
+    const detail = formatReachabilityFailureDetail(
+      'https://chatgpt.com/backend-api/codex/responses',
+      400,
+      '{"detail":"The \\"gpt-5.3-codex-spark\\" model is not supported when using Codex with a ChatGPT account."}',
+      {
+        transport: 'codex_responses',
+        requestedModel: 'codexspark',
+        resolvedModel: 'gpt-5.3-codex-spark',
+      },
+    )
+
+    expect(detail).toContain(
+      'model alias "codexspark" resolved to "gpt-5.3-codex-spark"',
+    )
+    expect(detail).toContain(
+      'Try "codexplan" or another entitled Codex model.',
+    )
+  })
+})
--- a/scripts/system-check.ts
+++ b/scripts/system-check.ts
@@ -58,6 +58,31 @@ function parseOptions(argv: string[]): CliOptions {
  return options
 }

+export function formatReachabilityFailureDetail(
+  endpoint: string,
+  status: number,
+  responseBody: string,
+  request: {
+    transport: string
+    requestedModel: string
+    resolvedModel: string
+  },
+): string {
+  const compactBody = responseBody.trim().replace(/\s+/g, ' ').slice(0, 240)
+  const base = `Unexpected status ${status} from ${endpoint}.`
+  const bodySuffix = compactBody ? ` Body: ${compactBody}` : ''
+
+  if (request.transport !== 'codex_responses' || status !== 400) {
+    return `${base}${bodySuffix}`
+  }
+
+  if (!/not supported.*chatgpt account/i.test(responseBody)) {
+    return `${base}${bodySuffix}`
+  }
+
+  return `${base}${bodySuffix} Hint: model alias "${request.requestedModel}" resolved to "${request.resolvedModel}", which this ChatGPT account does not currently allow. Try "codexplan" or another entitled Codex model.`
+}
+
 function checkNodeVersion(): CheckResult {
  const raw = process.versions.node
  const major = Number(raw.split('.')[0] ?? '0')
@@ -93,11 +118,15 @@ function isLocalBaseUrl(baseUrl: string): boolean {
 }

 const GEMINI_DEFAULT_BASE_URL = 'https://generativelanguage.googleapis.com/v1beta/openai'
+const GITHUB_MODELS_DEFAULT_BASE = 'https://models.github.ai/inference'

 function currentBaseUrl(): string {
  if (isTruthy(process.env.CLAUDE_CODE_USE_GEMINI)) {
    return process.env.GEMINI_BASE_URL ?? GEMINI_DEFAULT_BASE_URL
  }
+  if (isTruthy(process.env.CLAUDE_CODE_USE_GITHUB)) {
+    return process.env.OPENAI_BASE_URL ?? GITHUB_MODELS_DEFAULT_BASE
+  }
  return process.env.OPENAI_BASE_URL ?? 'https://api.openai.com/v1'
 }

@@ -126,15 +155,47 @@ function checkGeminiEnv(): CheckResult[] {
  return results
 }

+function checkGithubEnv(): CheckResult[] {
+  const results: CheckResult[] = []
+  const baseUrl = process.env.OPENAI_BASE_URL ?? GITHUB_MODELS_DEFAULT_BASE
+  results.push(pass('Provider mode', 'GitHub Models provider enabled.'))
+
+  const token = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN
+  if (!token?.trim()) {
+    results.push(fail('GITHUB_TOKEN', 'Missing. Set GITHUB_TOKEN or GH_TOKEN.'))
+  } else {
+    results.push(pass('GITHUB_TOKEN', 'Configured.'))
+  }
+
+  if (!process.env.OPENAI_MODEL) {
+    results.push(
+      pass(
+        'OPENAI_MODEL',
+        'Not set. Default github:copilot → openai/gpt-4.1 at runtime.',
+      ),
+    )
+  } else {
+    results.push(pass('OPENAI_MODEL', process.env.OPENAI_MODEL))
+  }
+
+  results.push(pass('OPENAI_BASE_URL', baseUrl))
+  return results
+}
+
 function checkOpenAIEnv(): CheckResult[] {
  const results: CheckResult[] = []
  const useGemini = isTruthy(process.env.CLAUDE_CODE_USE_GEMINI)
+  const useGithub = isTruthy(process.env.CLAUDE_CODE_USE_GITHUB)
  const useOpenAI = isTruthy(process.env.CLAUDE_CODE_USE_OPENAI)

  if (useGemini) {
    return checkGeminiEnv()
  }

+  if (useGithub && !useOpenAI) {
+    return checkGithubEnv()
+  }
+
  if (!useOpenAI) {
    results.push(pass('Provider mode', 'Anthropic login flow enabled (CLAUDE_CODE_USE_OPENAI is off).'))
    return results
@@ -181,12 +242,21 @@ function checkOpenAIEnv(): CheckResult[] {
  }

  const key = process.env.OPENAI_API_KEY
+  const githubToken = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN
  if (key === 'SUA_CHAVE') {
    results.push(fail('OPENAI_API_KEY', 'Placeholder value detected: SUA_CHAVE.'))
-  } else if (!key && !isLocalBaseUrl(request.baseUrl)) {
+  } else if (
+    !key &&
+    !isLocalBaseUrl(request.baseUrl) &&
+    !(useGithub && githubToken?.trim())
+  ) {
    results.push(fail('OPENAI_API_KEY', 'Missing key for non-local provider URL.'))
+  } else if (!key && useGithub && githubToken?.trim()) {
+    results.push(
+      pass('OPENAI_API_KEY', 'Not set; GITHUB_TOKEN/GH_TOKEN will be used for GitHub Models.'),
+    )
  } else if (!key) {
-    results.push(pass('OPENAI_API_KEY', 'Not set (allowed for local providers like Ollama/LM Studio).'))
+    results.push(pass('OPENAI_API_KEY', 'Not set (allowed for local providers like Atomic Chat/Ollama/LM Studio).'))
  } else {
    results.push(pass('OPENAI_API_KEY', 'Configured.'))
  }
@@ -197,11 +267,19 @@ function checkOpenAIEnv(): CheckResult[] {
 async function checkBaseUrlReachability(): Promise<CheckResult> {
  const useGemini = isTruthy(process.env.CLAUDE_CODE_USE_GEMINI)
  const useOpenAI = isTruthy(process.env.CLAUDE_CODE_USE_OPENAI)
+  const useGithub = isTruthy(process.env.CLAUDE_CODE_USE_GITHUB)

-  if (!useGemini && !useOpenAI) {
+  if (!useGemini && !useOpenAI && !useGithub) {
    return pass('Provider reachability', 'Skipped (OpenAI-compatible mode disabled).')
  }

+  if (useGithub) {
+    return pass(
+      'Provider reachability',
+      'Skipped for GitHub Models (inference endpoint differs from OpenAI /models probe).',
+    )
+  }
+
  const geminiBaseUrl = 'https://generativelanguage.googleapis.com/v1beta/openai'
  const resolvedBaseUrl = useGemini
    ? (process.env.GEMINI_BASE_URL ?? geminiBaseUrl)
@@ -231,6 +309,7 @@ async function checkBaseUrlReachability(): Promise<CheckResult> {
        headers['chatgpt-account-id'] = credentials.accountId
      }
      headers['Content-Type'] = 'application/json'
+      headers.originator = 'openclaude'
      method = 'POST'
      body = JSON.stringify({
        model: request.resolvedModel,
@@ -262,7 +341,17 @@ async function checkBaseUrlReachability(): Promise<CheckResult> {
      return pass('Provider reachability', `Reached ${endpoint} (status ${response.status}).`)
    }

-    return fail('Provider reachability', `Unexpected status ${response.status} from ${endpoint}.`)
+    const responseBody = await response.text().catch(() => '')
+    const detail = formatReachabilityFailureDetail(
+      endpoint,
+      response.status,
+      responseBody,
+      request,
+    )
+    return fail(
+      'Provider reachability',
+      detail,
+    )
  } catch (error) {
    const message = error instanceof Error ? error.message : String(error)
    return fail('Provider reachability', `Failed to reach ${endpoint}: ${message}`)
@@ -271,8 +360,21 @@ async function checkBaseUrlReachability(): Promise<CheckResult> {
  }
 }

+function isAtomicChatUrl(baseUrl: string): boolean {
+  try {
+    const parsed = new URL(baseUrl)
+    return parsed.port === '1337' && isLocalBaseUrl(baseUrl)
+  } catch {
+    return false
+  }
+}
+
 function checkOllamaProcessorMode(): CheckResult {
-  if (!isTruthy(process.env.CLAUDE_CODE_USE_OPENAI) || isTruthy(process.env.CLAUDE_CODE_USE_GEMINI)) {
+  if (
+    !isTruthy(process.env.CLAUDE_CODE_USE_OPENAI) ||
+    isTruthy(process.env.CLAUDE_CODE_USE_GEMINI) ||
+    isTruthy(process.env.CLAUDE_CODE_USE_GITHUB)
+  ) {
    return pass('Ollama processor mode', 'Skipped (OpenAI-compatible mode disabled).')
  }

@@ -281,6 +383,10 @@ function checkOllamaProcessorMode(): CheckResult {
    return pass('Ollama processor mode', 'Skipped (provider URL is not local).')
  }

+  if (isAtomicChatUrl(baseUrl)) {
+    return pass('Ollama processor mode', 'Skipped (Atomic Chat local provider detected, not Ollama).')
+  }
+
  const result = spawnSync('ollama', ['ps'], {
    cwd: process.cwd(),
    encoding: 'utf8',
@@ -289,7 +395,7 @@ function checkOllamaProcessorMode(): CheckResult {

  if (result.status !== 0) {
    const detail = (result.stderr || result.stdout || 'Unable to run ollama ps').trim()
-    return fail('Ollama processor mode', detail)
+    return pass('Ollama processor mode', `Native CLI check failed (${detail}). Assuming valid Docker/remote backend since HTTP ping passed.`)
  }

  const output = (result.stdout || '').trim()
@@ -319,6 +425,22 @@ function serializeSafeEnvSummary(): Record<string, string | boolean> {
      GEMINI_API_KEY_SET: Boolean(process.env.GEMINI_API_KEY ?? process.env.GOOGLE_API_KEY),
    }
  }
+  if (
+    isTruthy(process.env.CLAUDE_CODE_USE_GITHUB) &&
+    !isTruthy(process.env.CLAUDE_CODE_USE_OPENAI)
+  ) {
+    return {
+      CLAUDE_CODE_USE_GITHUB: true,
+      OPENAI_MODEL:
+        process.env.OPENAI_MODEL ??
+        '(unset, default: github:copilot → openai/gpt-4.1)',
+      OPENAI_BASE_URL:
+        process.env.OPENAI_BASE_URL ?? GITHUB_MODELS_DEFAULT_BASE,
+      GITHUB_TOKEN_SET: Boolean(
+        process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN,
+      ),
+    }
+  }
  const request = resolveProviderRequest({
    model: process.env.OPENAI_MODEL,
    baseUrl: process.env.OPENAI_BASE_URL,
@@ -344,6 +466,7 @@ function writeJsonReport(
  options: CliOptions,
  results: CheckResult[],
 ): void {
+  const envSummary = serializeSafeEnvSummary()
  const payload = {
    timestamp: new Date().toISOString(),
    cwd: process.cwd(),
@@ -352,12 +475,24 @@ function writeJsonReport(
      passed: results.filter(result => result.ok).length,
      failed: results.filter(result => !result.ok).length,
    },
-    env: serializeSafeEnvSummary(),
+    env: envSummary,
    results,
  }

  if (options.json) {
-    console.log(JSON.stringify(payload, null, 2))
+    console.log(
+      JSON.stringify(
+        {
+          timestamp: payload.timestamp,
+          cwd: payload.cwd,
+          summary: payload.summary,
+          env: '[redacted in console JSON output; use --out-file for the full report]',
+          results: payload.results,
+        },
+        null,
+        2,
+      ),
+    )
  }

  if (options.outFile) {
@@ -374,6 +509,13 @@ async function main(): Promise<void> {
  const options = parseOptions(process.argv.slice(2))
  const results: CheckResult[] = []

+  const { enableConfigs } = await import('../src/utils/config.js')
+  enableConfigs()
+  const { applySafeConfigEnvironmentVariables } = await import('../src/utils/managedEnv.js')
+  applySafeConfigEnvironmentVariables()
+  const { hydrateGithubModelsTokenFromSecureStorage } = await import('../src/utils/githubModelsCredentials.js')
+  hydrateGithubModelsTokenFromSecureStorage()
+
  results.push(checkNodeVersion())
  results.push(checkBunRuntime())
  results.push(checkBuildArtifacts())
@@ -398,6 +540,8 @@ async function main(): Promise<void> {
  }
 }

-await main()
+if (import.meta.main) {
+  await main()
+}

 export {}
--- a/scripts/verify-no-phone-home.sh
+++ b/scripts/verify-no-phone-home.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+set -euo pipefail
+
+DIST="dist/cli.mjs"
+
+if [ ! -f "$DIST" ]; then
+  echo "ERROR: $DIST not found. Run 'bun run build' first."
+  exit 1
+fi
+
+EXIT=0
+
+BANNED=(
+  "datadoghq.com"
+  "api/event_logging/batch"
+  "api/claude_code/metrics"
+  "getKubernetesNamespace"
+  "/var/run/secrets/kubernetes"
+  "/proc/self/mountinfo"
+  "tengu_internal_record_permission_context"
+  "anthropic-serve"
+  "infra.ant.dev"
+  "claude-code-feedback"
+  "C07VBSHV7EV"
+)
+
+echo "Checking $DIST for banned patterns..."
+echo ""
+
+for pattern in "${BANNED[@]}"; do
+  COUNT=$(grep -F -c "$pattern" "$DIST" 2>/dev/null || true)
+  COUNT=${COUNT:-0}
+  if [ "$COUNT" -gt 0 ]; then
+    echo "  FAIL: '$pattern' found ($COUNT occurrences)"
+    EXIT=1
+  else
+    echo "  PASS: '$pattern' not found"
+  fi
+done
+
+echo ""
+
+if [ "$EXIT" -eq 0 ]; then
+  echo "✓ All checks passed — no banned patterns in build output"
+else
+  echo "✗ FAILED — banned patterns found in build output"
+fi
+
+exit $EXIT
--- a/scripts/verify-no-phone-home.ts
+++ b/scripts/verify-no-phone-home.ts
@@ -0,0 +1,47 @@
+import { existsSync, readFileSync } from 'node:fs'
+
+const DIST = 'dist/cli.mjs'
+const BANNED_PATTERNS = [
+  'datadoghq.com',
+  'api/event_logging/batch',
+  'api/claude_code/metrics',
+  'getKubernetesNamespace',
+  '/var/run/secrets/kubernetes',
+  '/proc/self/mountinfo',
+  'tengu_internal_record_permission_context',
+  'anthropic-serve',
+  'infra.ant.dev',
+  'claude-code-feedback',
+  'C07VBSHV7EV',
+] as const
+
+if (!existsSync(DIST)) {
+  console.error(`ERROR: ${DIST} not found. Run 'bun run build' first.`)
+  process.exit(1)
+}
+
+const contents = readFileSync(DIST, 'utf8')
+let exitCode = 0
+
+console.log(`Checking ${DIST} for banned patterns...`)
+console.log('')
+
+for (const pattern of BANNED_PATTERNS) {
+  const count = contents.split(pattern).length - 1
+  if (count > 0) {
+    console.log(`  FAIL: '${pattern}' found (${count} occurrences)`)
+    exitCode = 1
+  } else {
+    console.log(`  PASS: '${pattern}' not found`)
+  }
+}
+
+console.log('')
+
+if (exitCode === 0) {
+  console.log('✓ All checks passed — no banned patterns in build output')
+} else {
+  console.log('✗ FAILED — banned patterns found in build output')
+}
+
+process.exit(exitCode)
--- a/src/QueryEngine.ts
+++ b/src/QueryEngine.ts
@@ -46,6 +46,7 @@ import type { AttributionState } from './utils/commitAttribution.js'
 import { getGlobalConfig } from './utils/config.js'
 import { getCwd } from './utils/cwd.js'
 import { isBareMode, isEnvTruthy } from './utils/envUtils.js'
+import { logForDebugging } from './utils/debug.js'
 import { getFastModeState } from './utils/fastMode.js'
 import {
  type FileHistoryState,
@@ -695,9 +696,11 @@ export class QueryEngine {
        // progress are now recorded inline (their switch cases below), but
        // this flush still matters for the preservedSegment tail walk.
        // If the SDK subprocess restarts before then (claude-desktop kills
-        // between turns), tailUuid points to a never-written message →
-        // applyPreservedSegmentRelinks fails its tail→head walk → returns
-        // without pruning → resume loads full pre-compact history.
+        // between turns), tailUuid can point to a never-written message. In
+        // that case strip preservedSegment before transcript persistence so
+        // resume falls back to ordinary boundary pruning instead of relying on
+        // broken relink metadata.
+        let transcriptMessage = message
        if (
          persistSession &&
          message.type === 'system' &&
@@ -710,10 +713,21 @@ export class QueryEngine {
            )
            if (tailIdx !== -1) {
              await recordTranscript(this.mutableMessages.slice(0, tailIdx + 1))
+            } else {
+              transcriptMessage = {
+                ...message,
+                compactMetadata: {
+                  ...message.compactMetadata,
+                  preservedSegment: undefined,
+                },
+              }
+              logForDebugging(
+                `[QueryEngine] stripped preservedSegment before transcript write; missing tail ${tailUuid}`,
+              )
            }
          }
        }
-        messages.push(message)
+        messages.push(transcriptMessage)
        if (persistSession) {
          // Fire-and-forget for assistant messages. claude.ts yields one
          // assistant message per content block, then mutates the last
--- a/src/Task.ts
+++ b/src/Task.ts
@@ -1,4 +1,4 @@
-import { randomBytes } from 'crypto'
+import { randomInt } from 'crypto'
 import type { AppState } from './state/AppState.js'
 import type { AgentId } from './types/ids.js'
 import { getTaskOutputPath } from './utils/task/diskOutput.js'
@@ -97,10 +97,9 @@ const TASK_ID_ALPHABET = '0123456789abcdefghijklmnopqrstuvwxyz'

 export function generateTaskId(type: TaskType): string {
  const prefix = getTaskIdPrefix(type)
-  const bytes = randomBytes(8)
  let id = prefix
  for (let i = 0; i < 8; i++) {
-    id += TASK_ID_ALPHABET[bytes[i]! % TASK_ID_ALPHABET.length]
+    id += TASK_ID_ALPHABET[randomInt(TASK_ID_ALPHABET.length)]!
  }
  return id
 }
--- a/src/Tool.ts
+++ b/src/Tool.ts
@@ -176,6 +176,8 @@ export type ToolUseContext = {
    querySource?: QuerySource
    /** Optional callback to get the latest tools (e.g., after MCP servers connect mid-query) */
    refreshTools?: () => Tools
+    /** Per-agent provider override from agentRouting config */
+    providerOverride?: { model: string; baseURL: string; apiKey: string }
  }
  abortController: AbortController
  readFileState: FileStateCache
@@ -290,6 +292,14 @@ export type ToolUseContext = {
   * resumeAgentBackground threads one reconstructed from sidechain records.
   */
  contentReplacementState?: ContentReplacementState
+  /**
+   * Interactive REPL only: mirror persisted tool-result replacements back
+   * into the live transcript so the original oversized payloads can be
+   * released from heap once the replacement decision is known.
+   */
+  syncToolResultReplacements?: (
+    replacements: ReadonlyMap<string, string>,
+  ) => void
  /**
   * Parent's rendered system prompt bytes, frozen at turn start.
   * Used by fork subagents to share the parent's prompt cache — re-calling
--- a/src/bootstrap/state.ts
+++ b/src/bootstrap/state.ts
@@ -112,7 +112,7 @@ type State = {
  agentColorIndex: number
  // Last API request for bug reports
  lastAPIRequest: Omit<BetaMessageStreamParams, 'messages'> | null
-  // Messages from the last API request (ant-only; reference, not clone).
+  // Messages from the last API request (internal-only; reference, not clone).
  // Captures the exact post-compaction, CLAUDE.md-injected message set sent
  // to the API so /share's serialized_conversation.json reflects reality.
  lastAPIRequestMessages: BetaMessageStreamParams['messages'] | null
@@ -185,7 +185,7 @@ type State = {
      agentId: string | null
    }
  >
-  // Track slow operations for dev bar display (ant-only)
+  // Track slow operations for dev bar display (internal-only)
  slowOperations: Array<{
    operation: string
    durationMs: number
@@ -1756,3 +1756,12 @@ export function setPromptId(id: string | null): void {
  STATE.promptId = id
 }

+// Stub for feature-gated REPL bridge (not available in open build)
+export function isReplBridgeActive(): boolean {
+  return false
+}
+
+export function getReplBridgeHandle(): null {
+  return null
+}
+
--- a/src/bridge/bridgeConfig.ts
+++ b/src/bridge/bridgeConfig.ts
@@ -1,11 +1,11 @@
 /**
- * Shared bridge auth/URL resolution. Consolidates the ant-only
+ * Shared bridge auth/URL resolution. Consolidates the internal-only
 * CLAUDE_BRIDGE_* dev overrides that were previously copy-pasted across
 * a dozen files — inboundAttachments, BriefTool/upload, bridgeMain,
 * initReplBridge, remoteBridgeCore, daemon workers, /rename,
 * /remote-control.
 *
- * Two layers: *Override() returns the ant-only env var (or undefined);
+ * Two layers: *Override() returns the internal-only env var (or undefined);
 * the non-Override versions fall through to the real OAuth store/config.
 * Callers that compose with a different auth source (e.g. daemon workers
 * using IPC auth) use the Override getters directly.
--- a/src/bridge/bridgeEnabled.ts
+++ b/src/bridge/bridgeEnabled.ts
@@ -174,7 +174,7 @@ export function checkBridgeMinVersion(): string | null {

 /**
 * Default for remoteControlAtStartup when the user hasn't explicitly set it.
- * When the CCR_AUTO_CONNECT build flag is present (ant-only) and the
+ * When the CCR_AUTO_CONNECT build flag is present (internal-only) and the
 * tengu_cobalt_harbor GrowthBook gate is on, all sessions connect to CCR by
 * default — the user can still opt out by setting remoteControlAtStartup=false
 * in config (explicit settings always win over this default).
--- a/src/bridge/bridgeMain.ts
+++ b/src/bridge/bridgeMain.ts
@@ -1520,7 +1520,7 @@ export async function runBridgeLoop(
  // Skip when the loop exited fatally (env expired, auth failed, give-up) —
  // resume is impossible in those cases and the message would contradict the
  // error already printed.
-  // feature('KAIROS') gate: --session-id is ant-only; without the gate,
+  // feature('KAIROS') gate: --session-id is internal-only; without the gate,
  // revert to the pre-PR behavior (archive + deregister on every shutdown).
  if (
    feature('KAIROS') &&
@@ -1888,7 +1888,7 @@ export function parseArgs(args: string[]): ParsedArgs {

 async function printHelp(): Promise<void> {
  // Use EXTERNAL_PERMISSION_MODES for help text — internal modes (bubble)
-  // are ant-only and auto is feature-gated; they're still accepted by validation.
+  // are internal-only and auto is feature-gated; they're still accepted by validation.
  const { EXTERNAL_PERMISSION_MODES } = await import('../types/permissions.js')
  const modes = EXTERNAL_PERMISSION_MODES.join(', ')
  const showServer = await isMultiSessionSpawnEnabled()
@@ -2356,7 +2356,7 @@ export async function bridgeMain(args: string[]): Promise<void> {
  // environment_id and reuse that for registration (idempotent on the
  // backend). Left undefined otherwise — the backend rejects
  // client-generated UUIDs and will allocate a fresh environment.
-  // feature('KAIROS') gate: --session-id is ant-only; parseArgs already
+  // feature('KAIROS') gate: --session-id is internal-only; parseArgs already
  // rejects the flag when the gate is off, so resumeSessionId is always
  // undefined here in external builds — this guard is for tree-shaking.
  let reuseEnvironmentId: string | undefined
--- a/src/bridge/bridgeUI.ts
+++ b/src/bridge/bridgeUI.ts
@@ -223,7 +223,7 @@ export function createBridgeLogger(options: {

    if (process.env.USER_TYPE === 'ant' && debugLogPath) {
      writeStatus(
-        `${chalk.yellow('[ANT-ONLY] Logs:')} ${chalk.dim(debugLogPath)}\n`,
+        `${chalk.yellow('[internal] Logs:')} ${chalk.dim(debugLogPath)}\n`,
      )
    }
    writeStatus(`${indicatorColor(indicator)} ${stateText}${suffix}\n`)
--- a/src/bridge/initReplBridge.ts
+++ b/src/bridge/initReplBridge.ts
@@ -161,7 +161,7 @@ export async function initReplBridge(
    return null
  }

-  // When CLAUDE_BRIDGE_OAUTH_TOKEN is set (ant-only local dev), the bridge
+  // When CLAUDE_BRIDGE_OAUTH_TOKEN is set (internal-only local dev), the bridge
  // uses that token directly via getBridgeAccessToken() — keychain state is
  // irrelevant. Skip 2b/2c to preserve that decoupling: an expired keychain
  // token shouldn't block a bridge connection that doesn't use it.
--- a/src/bridge/remoteBridgeCore.ts
+++ b/src/bridge/remoteBridgeCore.ts
@@ -1,4 +1,4 @@
-// biome-ignore-all assist/source/organizeImports: ANT-ONLY import markers must not be reordered
+// biome-ignore-all assist/source/organizeImports: internal-only import markers must not be reordered
 /**
 * Env-less Remote Control bridge core.
 *
--- a/src/bridge/replBridge.ts
+++ b/src/bridge/replBridge.ts
@@ -1,4 +1,4 @@
-// biome-ignore-all assist/source/organizeImports: ANT-ONLY import markers must not be reordered
+// biome-ignore-all assist/source/organizeImports: internal-only import markers must not be reordered
 import { randomUUID } from 'crypto'
 import {
  createBridgeApiClient,
--- a/src/bridge/sessionRunner.test.ts
+++ b/src/bridge/sessionRunner.test.ts
@@ -0,0 +1,85 @@
+import { expect, test } from 'bun:test'
+import { buildChildEnv } from './sessionRunner.ts'
+
+// Finding #42-1: sessionRunner spreads the full parent process.env into the
+// child process environment, leaking API keys, DB credentials, proxy secrets.
+// Only CLAUDE_CODE_OAUTH_TOKEN was stripped. Fix: explicit allowlist.
+
+const baseOpts = {
+  accessToken: 'test-access-token',
+  useCcrV2: false as const,
+}
+
+test('buildChildEnv does not leak ANTHROPIC_API_KEY to child', () => {
+  const parentEnv = {
+    PATH: '/usr/bin',
+    HOME: '/home/user',
+    ANTHROPIC_API_KEY: 'sk-ant-secret-key',
+    CLAUDE_CODE_SESSION_ACCESS_TOKEN: 'will-be-overwritten',
+  }
+  const env = buildChildEnv(parentEnv, baseOpts)
+  expect(env.ANTHROPIC_API_KEY).toBeUndefined()
+})
+
+test('buildChildEnv does not leak OPENAI_API_KEY to child', () => {
+  const parentEnv = {
+    PATH: '/usr/bin',
+    HOME: '/home/user',
+    OPENAI_API_KEY: 'sk-openai-secret',
+  }
+  const env = buildChildEnv(parentEnv, baseOpts)
+  expect(env.OPENAI_API_KEY).toBeUndefined()
+})
+
+test('buildChildEnv does not leak arbitrary secrets to child', () => {
+  const parentEnv = {
+    PATH: '/usr/bin',
+    HOME: '/home/user',
+    DB_PASSWORD: 'super-secret',
+    AWS_SECRET_ACCESS_KEY: 'aws-secret',
+    GITHUB_TOKEN: 'ghp_token',
+  }
+  const env = buildChildEnv(parentEnv, baseOpts)
+  expect(env.DB_PASSWORD).toBeUndefined()
+  expect(env.AWS_SECRET_ACCESS_KEY).toBeUndefined()
+  expect(env.GITHUB_TOKEN).toBeUndefined()
+})
+
+test('buildChildEnv includes PATH and HOME from parent', () => {
+  const parentEnv = {
+    PATH: '/usr/bin:/usr/local/bin',
+    HOME: '/home/user',
+    ANTHROPIC_API_KEY: 'sk-secret',
+  }
+  const env = buildChildEnv(parentEnv, baseOpts)
+  expect(env.PATH).toBe('/usr/bin:/usr/local/bin')
+  expect(env.HOME).toBe('/home/user')
+})
+
+test('buildChildEnv sets CLAUDE_CODE_SESSION_ACCESS_TOKEN from opts', () => {
+  const env = buildChildEnv({ PATH: '/usr/bin' }, { ...baseOpts, accessToken: 'my-token' })
+  expect(env.CLAUDE_CODE_SESSION_ACCESS_TOKEN).toBe('my-token')
+})
+
+test('buildChildEnv sets CLAUDE_CODE_ENVIRONMENT_KIND to bridge', () => {
+  const env = buildChildEnv({ PATH: '/usr/bin' }, baseOpts)
+  expect(env.CLAUDE_CODE_ENVIRONMENT_KIND).toBe('bridge')
+})
+
+test('buildChildEnv does not pass CLAUDE_CODE_OAUTH_TOKEN to child', () => {
+  const parentEnv = {
+    PATH: '/usr/bin',
+    CLAUDE_CODE_OAUTH_TOKEN: 'oauth-token-to-strip',
+  }
+  const env = buildChildEnv(parentEnv, baseOpts)
+  expect(env.CLAUDE_CODE_OAUTH_TOKEN).toBeUndefined()
+})
+
+test('buildChildEnv sets CCR v2 vars when useCcrV2 is true', () => {
+  const env = buildChildEnv(
+    { PATH: '/usr/bin' },
+    { accessToken: 'tok', useCcrV2: true, workerEpoch: 42 },
+  )
+  expect(env.CLAUDE_CODE_USE_CCR_V2).toBe('1')
+  expect(env.CLAUDE_CODE_WORKER_EPOCH).toBe('42')
+})
--- a/src/bridge/sessionRunner.ts
+++ b/src/bridge/sessionRunner.ts
@@ -16,6 +16,69 @@ import type {
 const MAX_ACTIVITIES = 10
 const MAX_STDERR_LINES = 10

+/**
+ * Safe OS and runtime variables that the child process needs to function.
+ * Everything else (API keys, DB passwords, proxy secrets, etc.) must not
+ * be inherited — the child authenticates via CLAUDE_CODE_SESSION_ACCESS_TOKEN.
+ */
+const CHILD_ENV_ALLOWLIST = new Set([
+  // System / shell
+  'PATH', 'HOME', 'USERPROFILE', 'HOMEPATH', 'HOMEDRIVE',
+  'USERNAME', 'USER', 'LOGNAME',
+  'TEMP', 'TMP', 'TMPDIR',
+  'SYSTEMROOT', 'SYSTEMDRIVE', 'COMSPEC', 'WINDIR',
+  'LANG', 'LC_ALL', 'LC_CTYPE',
+  // Node.js runtime
+  'NODE_OPTIONS', 'NODE_PATH', 'NODE_ENV',
+  // OpenClaude session / bridge (non-secret)
+  'CLAUDE_CODE_ENVIRONMENT_KIND',
+  'CLAUDE_CODE_FORCE_SANDBOX',
+  'CLAUDE_CODE_BUBBLEWRAP',
+  'CLAUDE_CODE_ENTRYPOINT',
+  'CLAUDE_CODE_COORDINATOR_MODE',
+  'CLAUDE_CODE_PERMISSIONS_VERSION',
+  'CLAUDE_CODE_PERMISSIONS_SETTING',
+  // Display / terminal
+  'TERM', 'COLORTERM', 'FORCE_COLOR', 'NO_COLOR',
+])
+
+type BuildChildEnvOpts = {
+  accessToken: string
+  useCcrV2: boolean
+  workerEpoch?: number
+  sandbox?: boolean
+}
+
+/**
+ * Build the environment for the child CC process from an explicit allowlist.
+ * This prevents the parent's API keys and credentials from leaking to the child.
+ */
+export function buildChildEnv(
+  parentEnv: NodeJS.ProcessEnv,
+  opts: BuildChildEnvOpts,
+): NodeJS.ProcessEnv {
+  // Start from allowlisted parent vars only
+  const env: NodeJS.ProcessEnv = {}
+  for (const key of Object.keys(parentEnv)) {
+    if (CHILD_ENV_ALLOWLIST.has(key)) {
+      env[key] = parentEnv[key]
+    }
+  }
+
+  // Bridge-required overrides
+  env.CLAUDE_CODE_OAUTH_TOKEN = undefined // explicitly strip
+  env.CLAUDE_CODE_ENVIRONMENT_KIND = 'bridge'
+  if (opts.sandbox) env.CLAUDE_CODE_FORCE_SANDBOX = '1'
+  env.CLAUDE_CODE_SESSION_ACCESS_TOKEN = opts.accessToken
+  env.CLAUDE_CODE_POST_FOR_SESSION_INGRESS_V2 = '1'
+  if (opts.useCcrV2) {
+    env.CLAUDE_CODE_USE_CCR_V2 = '1'
+    env.CLAUDE_CODE_WORKER_EPOCH = String(opts.workerEpoch)
+  }
+
+  return env
+}
+
 /**
 * Sanitize a session ID for use in file names.
 * Strips any characters that could cause path traversal (e.g. `../`, `/`)
@@ -303,24 +366,12 @@ export function createSessionSpawner(deps: SessionSpawnerDeps): SessionSpawner {
          : []),
      ]

-      const env: NodeJS.ProcessEnv = {
-        ...deps.env,
-        // Strip the bridge's OAuth token so the child CC process uses
-        // the session access token for inference instead.
-        CLAUDE_CODE_OAUTH_TOKEN: undefined,
-        CLAUDE_CODE_ENVIRONMENT_KIND: 'bridge',
-        ...(deps.sandbox && { CLAUDE_CODE_FORCE_SANDBOX: '1' }),
-        CLAUDE_CODE_SESSION_ACCESS_TOKEN: opts.accessToken,
-        // v1: HybridTransport (WS reads + POST writes) to Session-Ingress.
-        // Harmless in v2 mode — transportUtils checks CLAUDE_CODE_USE_CCR_V2 first.
-        CLAUDE_CODE_POST_FOR_SESSION_INGRESS_V2: '1',
-        // v2: SSETransport + CCRClient to CCR's /v1/code/sessions/* endpoints.
-        // Same env vars environment-manager sets in the container path.
-        ...(opts.useCcrV2 && {
-          CLAUDE_CODE_USE_CCR_V2: '1',
-          CLAUDE_CODE_WORKER_EPOCH: String(opts.workerEpoch),
-        }),
-      }
+      const env = buildChildEnv(deps.env, {
+        accessToken: opts.accessToken,
+        useCcrV2: opts.useCcrV2,
+        workerEpoch: opts.workerEpoch,
+        sandbox: deps.sandbox,
+      })

      deps.onDebug(
        `[bridge:session] Spawning sessionId=${opts.sessionId} sdkUrl=${opts.sdkUrl} accessToken=${opts.accessToken ? 'present' : 'MISSING'}`,
--- a/src/bridge/trustedDevice.ts
+++ b/src/bridge/trustedDevice.ts
@@ -17,7 +17,7 @@ import { jsonStringify } from '../utils/slowOperations.js'
 *
 * Bridge sessions have SecurityTier=ELEVATED on the server (CCR v2).
 * The server gates ConnectBridgeWorker on its own flag
- * (sessions_elevated_auth_enforcement in Anthropic Main); this CLI-side
+ * (sessions_elevated_auth_enforcement in the server-side main deployment); this CLI-side
 * flag controls whether the CLI sends X-Trusted-Device-Token at all.
 * Two flags so rollout can be staged: flip CLI-side first (headers
 * start flowing, server still no-ops), then flip server-side.
--- a/src/bridge/workSecret.test.ts
+++ b/src/bridge/workSecret.test.ts
@@ -0,0 +1,36 @@
+import { expect, test } from 'bun:test'
+import { buildSdkUrl } from './workSecret.ts'
+
+// Finding #42-5: buildSdkUrl uses string.includes() on the full URL,
+// so a remote URL containing "localhost" in its path gets ws:// (unencrypted).
+
+test('buildSdkUrl uses wss for remote URL that contains localhost in path', () => {
+  const url = buildSdkUrl('https://remote.example.com/proxy/localhost/api', 'sess-1')
+  expect(url).toContain('wss://')
+  expect(url).not.toContain('ws://')
+})
+
+test('buildSdkUrl uses ws for actual localhost hostname', () => {
+  const url = buildSdkUrl('http://localhost:8080', 'sess-1')
+  expect(url).toContain('ws://')
+})
+
+test('buildSdkUrl uses ws for 127.0.0.1 hostname', () => {
+  const url = buildSdkUrl('http://127.0.0.1:3000', 'sess-1')
+  expect(url).toContain('ws://')
+})
+
+test('buildSdkUrl uses wss for regular remote hostname', () => {
+  const url = buildSdkUrl('https://api.example.com', 'sess-1')
+  expect(url).toContain('wss://')
+})
+
+test('buildSdkUrl uses v2 path for localhost', () => {
+  const url = buildSdkUrl('http://localhost:8080', 'sess-abc')
+  expect(url).toContain('/v2/session_ingress/ws/sess-abc')
+})
+
+test('buildSdkUrl uses v1 path for remote', () => {
+  const url = buildSdkUrl('https://api.example.com', 'sess-abc')
+  expect(url).toContain('/v1/session_ingress/ws/sess-abc')
+})
--- a/src/bridge/workSecret.ts
+++ b/src/bridge/workSecret.ts
@@ -39,8 +39,8 @@ export function decodeWorkSecret(secret: string): WorkSecret {
 * and /v1/ for production (Envoy rewrites /v1/ → /v2/).
 */
 export function buildSdkUrl(apiBaseUrl: string, sessionId: string): string {
-  const isLocalhost =
-    apiBaseUrl.includes('localhost') || apiBaseUrl.includes('127.0.0.1')
+  const hostname = new URL(apiBaseUrl).hostname
+  const isLocalhost = hostname === 'localhost' || hostname === '127.0.0.1'
  const protocol = isLocalhost ? 'ws' : 'wss'
  const version = isLocalhost ? 'v2' : 'v1'
  const host = apiBaseUrl.replace(/^https?:\/\//, '').replace(/\/+$/, '')
--- a/src/buddy/CompanionSprite.tsx
+++ b/src/buddy/CompanionSprite.tsx
--- a/src/buddy/feature.ts
+++ b/src/buddy/feature.ts
@@ -0,0 +1,3 @@
+export function isBuddyEnabled(): boolean {
+  return true
+}
--- a/src/buddy/observer.ts
+++ b/src/buddy/observer.ts
@@ -0,0 +1,65 @@
+import type { Message } from '../types/message.js'
+import { getGlobalConfig } from '../utils/config.js'
+import { getUserMessageText } from '../utils/messages.js'
+import { getCompanion } from './companion.js'
+
+const DIRECT_REPLIES = [
+  'I am observing.',
+  'I am helping from the corner.',
+  'I saw that.',
+  'Still here.',
+  'Watching closely.',
+] as const
+
+const PET_REPLIES = [
+  'happy chirp',
+  'tiny victory dance',
+  'quietly approves',
+  'wiggles with joy',
+  'looks pleased',
+] as const
+
+function hashString(s: string): number {
+  let h = 2166136261
+  for (let i = 0; i < s.length; i++) {
+    h ^= s.charCodeAt(i)
+    h = Math.imul(h, 16777619)
+  }
+  return h >>> 0
+}
+
+function pickDeterministic<T>(items: readonly T[], seed: string): T {
+  return items[hashString(seed) % items.length]!
+}
+
+export async function fireCompanionObserver(
+  messages: Message[],
+  onReaction: (reaction: string | undefined) => void,
+): Promise<void> {
+  const companion = getCompanion()
+  if (!companion || getGlobalConfig().companionMuted) return
+
+  const lastUser = [...messages].reverse().find(msg => msg.type === 'user')
+  if (!lastUser) return
+
+  const text = getUserMessageText(lastUser)?.trim()
+  if (!text) return
+
+  const lower = text.toLowerCase()
+  const companionName = companion.name.toLowerCase()
+
+  if (lower.includes('/buddy')) {
+    onReaction(pickDeterministic(PET_REPLIES, text + companion.name))
+    return
+  }
+
+  if (
+    lower.includes(companionName) ||
+    lower.includes('buddy') ||
+    lower.includes('companion')
+  ) {
+    onReaction(
+      `${companion.name}: ${pickDeterministic(DIRECT_REPLIES, text + companion.personality)}`,
+    )
+  }
+}
--- a/src/buddy/prompt.ts
+++ b/src/buddy/prompt.ts
@@ -1,8 +1,8 @@
-import { feature } from 'bun:bundle'
 import type { Message } from '../types/message.js'
 import type { Attachment } from '../utils/attachments.js'
 import { getGlobalConfig } from '../utils/config.js'
 import { getCompanion } from './companion.js'
+import { isBuddyEnabled } from './feature.js'

 export function companionIntroText(name: string, species: string): string {
  return `# Companion
@@ -15,7 +15,7 @@ When the user addresses ${name} directly (by name), its bubble will answer. Your
 export function getCompanionIntroAttachment(
  messages: Message[] | undefined,
 ): Attachment[] {
-  if (!feature('BUDDY')) return []
+  if (!isBuddyEnabled()) return []
  const companion = getCompanion()
  if (!companion || getGlobalConfig().companionMuted) return []

--- a/src/buddy/useBuddyNotification.tsx
+++ b/src/buddy/useBuddyNotification.tsx
--- a/src/cli/handlers/autoMode.ts
+++ b/src/cli/handlers/autoMode.ts
@@ -116,7 +116,6 @@ export async function autoModeCritiqueHandler(options: {
      querySource: 'auto_mode_critique',
      model,
      system: CRITIQUE_SYSTEM_PROMPT,
-      skipSystemPromptPrefix: true,
      max_tokens: 4096,
      messages: [
        {
--- a/src/cli/handlers/mcp.tsx
+++ b/src/cli/handlers/mcp.tsx
--- a/src/cli/handlers/util.tsx
+++ b/src/cli/handlers/util.tsx
--- a/src/cli/print.ts
+++ b/src/cli/print.ts
@@ -1,4 +1,4 @@
-// biome-ignore-all assist/source/organizeImports: ANT-ONLY import markers must not be reordered
+// biome-ignore-all assist/source/organizeImports: internal-only import markers must not be reordered
 import { feature } from 'bun:bundle'
 import { readFile, stat } from 'fs/promises'
 import { dirname } from 'path'
@@ -2829,7 +2829,7 @@ function runHeadlessStreaming(

      if (message.type === 'control_request') {
        if (message.request.subtype === 'interrupt') {
-          // Track escapes for attribution (ant-only feature)
+          // Track escapes for attribution (internal-only feature)
          if (feature('COMMIT_ATTRIBUTION')) {
            setAppState(prev => ({
              ...prev,
@@ -3765,7 +3765,7 @@ function runHeadlessStreaming(
            ...getSettingsWithSources(),
            applied: {
              model,
-              // Numeric effort (ant-only) → null; SDK schema is string-level only.
+              // Numeric effort (internal-only) → null; SDK schema is string-level only.
              effort: typeof effort === 'string' ? effort : null,
            },
          })
@@ -5025,7 +5025,7 @@ async function loadInitialMessages(
  }

  // Handle resume in print mode (accepts session ID or URL)
-  // URLs are [ANT-ONLY]
+  // URLs are [internal-only]
  if (options.resume) {
    try {
      logEvent('tengu_resume_print', {})
--- a/src/cli/update.ts
+++ b/src/cli/update.ts
@@ -1,4 +1,5 @@
 import chalk from 'chalk'
+import { getAPIProvider } from 'src/utils/model/providers.js'
 import { logEvent } from 'src/services/analytics/index.js'
 import {
  getLatestVersion,
@@ -28,6 +29,19 @@ import { gte } from 'src/utils/semver.js'
 import { getInitialSettings } from 'src/utils/settings/settings.js'

 export async function update() {
+  // Block updates for third-party providers. The update mechanism downloads
+  // from the first-party distribution bucket, which would silently replace the
+  // OpenClaude build (with the OpenAI shim) with the upstream Claude Code
+  // binary (without it).
+  if (getAPIProvider() !== 'firstParty') {
+    writeToStdout(
+      chalk.yellow('Auto-update is not available for third-party provider builds.\n') +
+      'To update, pull the latest source from the repository and rebuild:\n' +
+      '  git pull && bun install && bun run build\n',
+    )
+    return
+  }
+
  logEvent('tengu_update_check', {})
  writeToStdout(`Current version: ${MACRO.VERSION}\n`)

--- a/src/commands.ts
+++ b/src/commands.ts
@@ -1,4 +1,4 @@
-// biome-ignore-all assist/source/organizeImports: ANT-ONLY import markers must not be reordered
+// biome-ignore-all assist/source/organizeImports: internal-only import markers must not be reordered
 import addDir from './commands/add-dir/index.js'
 import autofixPr from './commands/autofix-pr/index.js'
 import backfillSessions from './commands/backfill-sessions/index.js'
@@ -17,8 +17,10 @@ import config from './commands/config/index.js'
 import { context, contextNonInteractive } from './commands/context/index.js'
 import cost from './commands/cost/index.js'
 import diff from './commands/diff/index.js'
+import dream from './commands/dream/index.js'
 import ctx_viz from './commands/ctx_viz/index.js'
 import doctor from './commands/doctor/index.js'
+import onboardGithub from './commands/onboard-github/index.js'
 import memory from './commands/memory/index.js'
 import help from './commands/help/index.js'
 import ide from './commands/ide/index.js'
@@ -57,6 +59,7 @@ import usage from './commands/usage/index.js'
 import theme from './commands/theme/index.js'
 import vim from './commands/vim/index.js'
 import { feature } from 'bun:bundle'
+import { isBuddyEnabled } from './buddy/feature.js'
 // Dead code elimination: conditional imports
 /* eslint-disable @typescript-eslint/no-require-imports */
 const proactive =
@@ -115,7 +118,7 @@ const forkCmd = feature('FORK_SUBAGENT')
      require('./commands/fork/index.js') as typeof import('./commands/fork/index.js')
    ).default
  : null
-const buddy = feature('BUDDY')
+const buddy = isBuddyEnabled()
  ? (
      require('./commands/buddy/index.js') as typeof import('./commands/buddy/index.js')
    ).default
@@ -128,6 +131,7 @@ import plan from './commands/plan/index.js'
 import fast from './commands/fast/index.js'
 import passes from './commands/passes/index.js'
 import privacySettings from './commands/privacy-settings/index.js'
+import provider from './commands/provider/index.js'
 import hooks from './commands/hooks/index.js'
 import files from './commands/files/index.js'
 import branch from './commands/branch/index.js'
@@ -272,6 +276,7 @@ const COMMANDS = memoize((): Command[] => [
  contextNonInteractive,
  cost,
  diff,
+  dream,
  doctor,
  effort,
  exit,
@@ -288,9 +293,11 @@ const COMMANDS = memoize((): Command[] => [
  memory,
  mobile,
  model,
+  onboardGithub,
  outputStyle,
  remoteEnv,
  plugin,
+  provider,
  pr_comments,
  releaseNotes,
  reloadPlugins,
--- a/src/commands/add-dir/add-dir.tsx
+++ b/src/commands/add-dir/add-dir.tsx
--- a/src/commands/agents/agents.tsx
+++ b/src/commands/agents/agents.tsx
@@ -9,4 +9,3 @@ export async function call(onDone: LocalJSXCommandOnDone, context: ToolUseContex
  const tools = getTools(permissionContext);
  return <AgentsMenu tools={tools} onExit={onDone} />;
 }
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJSZWFjdCIsIkFnZW50c01lbnUiLCJUb29sVXNlQ29udGV4dCIsImdldFRvb2xzIiwiTG9jYWxKU1hDb21tYW5kT25Eb25lIiwiY2FsbCIsIm9uRG9uZSIsImNvbnRleHQiLCJQcm9taXNlIiwiUmVhY3ROb2RlIiwiYXBwU3RhdGUiLCJnZXRBcHBTdGF0ZSIsInBlcm1pc3Npb25Db250ZXh0IiwidG9vbFBlcm1pc3Npb25Db250ZXh0IiwidG9vbHMiXSwic291cmNlcyI6WyJhZ2VudHMudHN4Il0sInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIFJlYWN0IGZyb20gJ3JlYWN0J1xuaW1wb3J0IHsgQWdlbnRzTWVudSB9IGZyb20gJy4uLy4uL2NvbXBvbmVudHMvYWdlbnRzL0FnZW50c01lbnUuanMnXG5pbXBvcnQgdHlwZSB7IFRvb2xVc2VDb250ZXh0IH0gZnJvbSAnLi4vLi4vVG9vbC5qcydcbmltcG9ydCB7IGdldFRvb2xzIH0gZnJvbSAnLi4vLi4vdG9vbHMuanMnXG5pbXBvcnQgdHlwZSB7IExvY2FsSlNYQ29tbWFuZE9uRG9uZSB9IGZyb20gJy4uLy4uL3R5cGVzL2NvbW1hbmQuanMnXG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBjYWxsKFxuICBvbkRvbmU6IExvY2FsSlNYQ29tbWFuZE9uRG9uZSxcbiAgY29udGV4dDogVG9vbFVzZUNvbnRleHQsXG4pOiBQcm9taXNlPFJlYWN0LlJlYWN0Tm9kZT4ge1xuICBjb25zdCBhcHBTdGF0ZSA9IGNvbnRleHQuZ2V0QXBwU3RhdGUoKVxuICBjb25zdCBwZXJtaXNzaW9uQ29udGV4dCA9IGFwcFN0YXRlLnRvb2xQZXJtaXNzaW9uQ29udGV4dFxuICBjb25zdCB0b29scyA9IGdldFRvb2xzKHBlcm1pc3Npb25Db250ZXh0KVxuXG4gIHJldHVybiA8QWdlbnRzTWVudSB0b29scz17dG9vbHN9IG9uRXhpdD17b25Eb25lfSAvPlxufVxuIl0sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUtBLEtBQUssTUFBTSxPQUFPO0FBQzlCLFNBQVNDLFVBQVUsUUFBUSx1Q0FBdUM7QUFDbEUsY0FBY0MsY0FBYyxRQUFRLGVBQWU7QUFDbkQsU0FBU0MsUUFBUSxRQUFRLGdCQUFnQjtBQUN6QyxjQUFjQyxxQkFBcUIsUUFBUSx3QkFBd0I7QUFFbkUsT0FBTyxlQUFlQyxJQUFJQSxDQUN4QkMsTUFBTSxFQUFFRixxQkFBcUIsRUFDN0JHLE9BQU8sRUFBRUwsY0FBYyxDQUN4QixFQUFFTSxPQUFPLENBQUNSLEtBQUssQ0FBQ1MsU0FBUyxDQUFDLENBQUM7RUFDMUIsTUFBTUMsUUFBUSxHQUFHSCxPQUFPLENBQUNJLFdBQVcsQ0FBQyxDQUFDO0VBQ3RDLE1BQU1DLGlCQUFpQixHQUFHRixRQUFRLENBQUNHLHFCQUFxQjtFQUN4RCxNQUFNQyxLQUFLLEdBQUdYLFFBQVEsQ0FBQ1MsaUJBQWlCLENBQUM7RUFFekMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQ0UsS0FBSyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUNSLE1BQU0sQ0FBQyxHQUFHO0FBQ3JEIiwiaWdub3JlTGlzdCI6W119
--- a/src/commands/bridge/bridge.tsx
+++ b/src/commands/bridge/bridge.tsx
--- a/src/commands/btw/btw.tsx
+++ b/src/commands/btw/btw.tsx
--- a/src/commands/buddy/buddy.tsx
+++ b/src/commands/buddy/buddy.tsx
@@ -0,0 +1,185 @@
+import type { LocalJSXCommandContext, LocalJSXCommandOnDone } from '../../types/command.js'
+import { getGlobalConfig, saveGlobalConfig } from '../../utils/config.js'
+import { companionUserId, getCompanion, rollWithSeed } from '../../buddy/companion.js'
+import type { StoredCompanion } from '../../buddy/types.js'
+import { COMMON_HELP_ARGS, COMMON_INFO_ARGS } from '../../constants/xml.js'
+
+const NAME_PREFIXES = [
+  'Byte',
+  'Echo',
+  'Glint',
+  'Miso',
+  'Nova',
+  'Pixel',
+  'Rune',
+  'Static',
+  'Vector',
+  'Whisk',
+] as const
+
+const NAME_SUFFIXES = [
+  'bean',
+  'bit',
+  'bud',
+  'dot',
+  'ling',
+  'loop',
+  'moss',
+  'patch',
+  'puff',
+  'spark',
+] as const
+
+const PERSONALITIES = [
+  'Curious and quietly encouraging',
+  'A patient little watcher with strong debugging instincts',
+  'Playful, observant, and suspicious of flaky tests',
+  'Calm under pressure and fond of clean diffs',
+  'A tiny terminal gremlin who likes successful builds',
+] as const
+
+const PET_REACTIONS = [
+  'leans into the headpat',
+  'does a proud little bounce',
+  'emits a content beep',
+  'looks delighted',
+  'wiggles happily',
+] as const
+
+function hashString(s: string): number {
+  let h = 2166136261
+  for (let i = 0; i < s.length; i++) {
+    h ^= s.charCodeAt(i)
+    h = Math.imul(h, 16777619)
+  }
+  return h >>> 0
+}
+
+function pickDeterministic<T>(items: readonly T[], seed: string): T {
+  return items[hashString(seed) % items.length]!
+}
+
+function titleCase(s: string): string {
+  return s.charAt(0).toUpperCase() + s.slice(1)
+}
+
+function createStoredCompanion(): StoredCompanion {
+  const userId = companionUserId()
+  const { bones } = rollWithSeed(`${userId}:buddy`)
+  const prefix = pickDeterministic(NAME_PREFIXES, `${userId}:prefix`)
+  const suffix = pickDeterministic(NAME_SUFFIXES, `${userId}:suffix`)
+  const personality = pickDeterministic(PERSONALITIES, `${userId}:personality`)
+
+  return {
+    name: `${prefix}${suffix}`,
+    personality: `${personality}.`,
+    hatchedAt: Date.now(),
+  }
+}
+
+function setCompanionReaction(
+  context: LocalJSXCommandContext,
+  reaction: string | undefined,
+  pet = false,
+): void {
+  context.setAppState(prev => ({
+    ...prev,
+    companionReaction: reaction,
+    companionPetAt: pet ? Date.now() : prev.companionPetAt,
+  }))
+}
+
+function showHelp(onDone: LocalJSXCommandOnDone): void {
+  onDone(
+    'Usage: /buddy [status|mute|unmute]\n\nRun /buddy with no args to hatch your companion the first time, then pet it on later runs.',
+    { display: 'system' },
+  )
+}
+
+export async function call(
+  onDone: LocalJSXCommandOnDone,
+  context: LocalJSXCommandContext,
+  args?: string,
+): Promise<null> {
+  const arg = args?.trim().toLowerCase() ?? ''
+
+  if (COMMON_HELP_ARGS.includes(arg) || arg === '') {
+    const existing = getCompanion()
+    if (arg !== '' || existing) {
+      if (arg !== '') {
+        showHelp(onDone)
+        return null
+      }
+    }
+  }
+
+  if (COMMON_HELP_ARGS.includes(arg)) {
+    showHelp(onDone)
+    return null
+  }
+
+  if (COMMON_INFO_ARGS.includes(arg) || arg === 'status') {
+    const companion = getCompanion()
+    if (!companion) {
+      onDone('No buddy hatched yet. Run /buddy to hatch one.', {
+        display: 'system',
+      })
+      return null
+    }
+    onDone(
+      `${companion.name} is your ${titleCase(companion.rarity)} ${companion.species}. ${companion.personality}`,
+      { display: 'system' },
+    )
+    return null
+  }
+
+  if (arg === 'mute' || arg === 'unmute') {
+    const muted = arg === 'mute'
+    saveGlobalConfig(current => ({
+      ...current,
+      companionMuted: muted,
+    }))
+    if (muted) {
+      setCompanionReaction(context, undefined)
+    }
+    onDone(`Buddy ${muted ? 'muted' : 'unmuted'}.`, { display: 'system' })
+    return null
+  }
+
+  if (arg !== '') {
+    showHelp(onDone)
+    return null
+  }
+
+  let companion = getCompanion()
+  if (!companion) {
+    const stored = createStoredCompanion()
+    saveGlobalConfig(current => ({
+      ...current,
+      companion: stored,
+      companionMuted: false,
+    }))
+    companion = {
+      ...rollWithSeed(`${companionUserId()}:buddy`).bones,
+      ...stored,
+    }
+    setCompanionReaction(
+      context,
+      `${companion.name} the ${companion.species} has hatched.`,
+      true,
+    )
+    onDone(
+      `${companion.name} the ${companion.species} is now your buddy. Run /buddy again to pet them.`,
+      { display: 'system' },
+    )
+    return null
+  }
+
+  const reaction = `${companion.name} ${pickDeterministic(
+    PET_REACTIONS,
+    `${Date.now()}:${companion.name}`,
+  )}`
+  setCompanionReaction(context, reaction, true)
+  onDone(undefined, { display: 'skip' })
+  return null
+}
--- a/src/commands/buddy/index.ts
+++ b/src/commands/buddy/index.ts
@@ -0,0 +1,12 @@
+import type { Command } from '../../commands.js'
+
+const buddy = {
+  type: 'local-jsx',
+  name: 'buddy',
+  description: 'Hatch, pet, and manage your Open Claude companion',
+  immediate: true,
+  argumentHint: '[status|mute|unmute|help]',
+  load: () => import('./buddy.js'),
+} satisfies Command
+
+export default buddy
--- a/src/commands/chrome/chrome.tsx
+++ b/src/commands/chrome/chrome.tsx
--- a/src/commands/config/config.tsx
+++ b/src/commands/config/config.tsx
@@ -4,4 +4,3 @@ import type { LocalJSXCommandCall } from '../../types/command.js';
 export const call: LocalJSXCommandCall = async (onDone, context) => {
  return <Settings onClose={onDone} context={context} defaultTab="Config" />;
 };
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJSZWFjdCIsIlNldHRpbmdzIiwiTG9jYWxKU1hDb21tYW5kQ2FsbCIsImNhbGwiLCJvbkRvbmUiLCJjb250ZXh0Il0sInNvdXJjZXMiOlsiY29uZmlnLnRzeCJdLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBSZWFjdCBmcm9tICdyZWFjdCdcbmltcG9ydCB7IFNldHRpbmdzIH0gZnJvbSAnLi4vLi4vY29tcG9uZW50cy9TZXR0aW5ncy9TZXR0aW5ncy5qcydcbmltcG9ydCB0eXBlIHsgTG9jYWxKU1hDb21tYW5kQ2FsbCB9IGZyb20gJy4uLy4uL3R5cGVzL2NvbW1hbmQuanMnXG5cbmV4cG9ydCBjb25zdCBjYWxsOiBMb2NhbEpTWENvbW1hbmRDYWxsID0gYXN5bmMgKG9uRG9uZSwgY29udGV4dCkgPT4ge1xuICByZXR1cm4gPFNldHRpbmdzIG9uQ2xvc2U9e29uRG9uZX0gY29udGV4dD17Y29udGV4dH0gZGVmYXVsdFRhYj1cIkNvbmZpZ1wiIC8+XG59XG4iXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBS0EsS0FBSyxNQUFNLE9BQU87QUFDOUIsU0FBU0MsUUFBUSxRQUFRLHVDQUF1QztBQUNoRSxjQUFjQyxtQkFBbUIsUUFBUSx3QkFBd0I7QUFFakUsT0FBTyxNQUFNQyxJQUFJLEVBQUVELG1CQUFtQixHQUFHLE1BQUFDLENBQU9DLE1BQU0sRUFBRUMsT0FBTyxLQUFLO0VBQ2xFLE9BQU8sQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUNELE1BQU0sQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDQyxPQUFPLENBQUMsQ0FBQyxVQUFVLENBQUMsUUFBUSxHQUFHO0FBQzVFLENBQUMiLCJpZ25vcmVMaXN0IjpbXX0=
--- a/src/commands/context/context-noninteractive.ts
+++ b/src/commands/context/context-noninteractive.ts
@@ -199,13 +199,13 @@ function formatContextAsMarkdownTable(data: ContextData): string {
    output += `\n`
  }

-  // System tools (ant-only)
+  // System tools (internal-only)
  if (
    systemTools &&
    systemTools.length > 0 &&
    process.env.USER_TYPE === 'ant'
  ) {
-    output += `### [ANT-ONLY] System Tools\n\n`
+    output += `### [internal] System Tools\n\n`
    output += `| Tool | Tokens |\n`
    output += `|------|--------|\n`
    for (const tool of systemTools) {
@@ -214,13 +214,13 @@ function formatContextAsMarkdownTable(data: ContextData): string {
    output += `\n`
  }

-  // System prompt sections (ant-only)
+  // System prompt sections (internal-only)
  if (
    systemPromptSections &&
    systemPromptSections.length > 0 &&
    process.env.USER_TYPE === 'ant'
  ) {
-    output += `### [ANT-ONLY] System Prompt Sections\n\n`
+    output += `### [internal] System Prompt Sections\n\n`
    output += `| Section | Tokens |\n`
    output += `|---------|--------|\n`
    for (const section of systemPromptSections) {
@@ -288,9 +288,9 @@ function formatContextAsMarkdownTable(data: ContextData): string {
    output += `\n`
  }

-  // Message breakdown (ant-only)
+  // Message breakdown (internal-only)
  if (messageBreakdown && process.env.USER_TYPE === 'ant') {
-    output += `### [ANT-ONLY] Message Breakdown\n\n`
+    output += `### [internal] Message Breakdown\n\n`
    output += `| Category | Tokens |\n`
    output += `|----------|--------|\n`
    output += `| Tool calls | ${formatTokens(messageBreakdown.toolCallTokens)} |\n`
--- a/src/commands/context/context.tsx
+++ b/src/commands/context/context.tsx
--- a/src/commands/copy/copy.tsx
+++ b/src/commands/copy/copy.tsx
--- a/src/commands/cost/cost.ts
+++ b/src/commands/cost/cost.ts
@@ -16,7 +16,7 @@ export const call: LocalCommandCall = async () => {
    }

    if (process.env.USER_TYPE === 'ant') {
-      value += `\n\n[ANT-ONLY] Showing cost anyway:\n ${formatTotalCost()}`
+      value += `\n\n[internal-only] Showing cost anyway:\n ${formatTotalCost()}`
    }
    return { type: 'text', value }
  }
--- a/src/commands/desktop/desktop.tsx
+++ b/src/commands/desktop/desktop.tsx
@@ -6,4 +6,3 @@ export async function call(onDone: (result?: string, options?: {
 }) => void): Promise<React.ReactNode> {
  return <DesktopHandoff onDone={onDone} />;
 }
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJSZWFjdCIsIkNvbW1hbmRSZXN1bHREaXNwbGF5IiwiRGVza3RvcEhhbmRvZmYiLCJjYWxsIiwib25Eb25lIiwicmVzdWx0Iiwib3B0aW9ucyIsImRpc3BsYXkiLCJQcm9taXNlIiwiUmVhY3ROb2RlIl0sInNvdXJjZXMiOlsiZGVza3RvcC50c3giXSwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IFJlYWN0IGZyb20gJ3JlYWN0J1xuaW1wb3J0IHR5cGUgeyBDb21tYW5kUmVzdWx0RGlzcGxheSB9IGZyb20gJy4uLy4uL2NvbW1hbmRzLmpzJ1xuaW1wb3J0IHsgRGVza3RvcEhhbmRvZmYgfSBmcm9tICcuLi8uLi9jb21wb25lbnRzL0Rlc2t0b3BIYW5kb2ZmLmpzJ1xuXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gY2FsbChcbiAgb25Eb25lOiAoXG4gICAgcmVzdWx0Pzogc3RyaW5nLFxuICAgIG9wdGlvbnM/OiB7IGRpc3BsYXk/OiBDb21tYW5kUmVzdWx0RGlzcGxheSB9LFxuICApID0+IHZvaWQsXG4pOiBQcm9taXNlPFJlYWN0LlJlYWN0Tm9kZT4ge1xuICByZXR1cm4gPERlc2t0b3BIYW5kb2ZmIG9uRG9uZT17b25Eb25lfSAvPlxufVxuIl0sIm1hcHBpbmdzIjoiQUFBQSxPQUFPQSxLQUFLLE1BQU0sT0FBTztBQUN6QixjQUFjQyxvQkFBb0IsUUFBUSxtQkFBbUI7QUFDN0QsU0FBU0MsY0FBYyxRQUFRLG9DQUFvQztBQUVuRSxPQUFPLGVBQWVDLElBQUlBLENBQ3hCQyxNQUFNLEVBQUUsQ0FDTkMsTUFBZSxDQUFSLEVBQUUsTUFBTSxFQUNmQyxPQUE0QyxDQUFwQyxFQUFFO0VBQUVDLE9BQU8sQ0FBQyxFQUFFTixvQkFBb0I7QUFBQyxDQUFDLEVBQzVDLEdBQUcsSUFBSSxDQUNWLEVBQUVPLE9BQU8sQ0FBQ1IsS0FBSyxDQUFDUyxTQUFTLENBQUMsQ0FBQztFQUMxQixPQUFPLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxDQUFDTCxNQUFNLENBQUMsR0FBRztBQUMzQyIsImlnbm9yZUxpc3QiOltdfQ==
--- a/src/commands/diff/diff.tsx
+++ b/src/commands/diff/diff.tsx
@@ -6,4 +6,3 @@ export const call: LocalJSXCommandCall = async (onDone, context) => {
  } = await import('../../components/diff/DiffDialog.js');
  return <DiffDialog messages={context.messages} onDone={onDone} />;
 };
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJSZWFjdCIsIkxvY2FsSlNYQ29tbWFuZENhbGwiLCJjYWxsIiwib25Eb25lIiwiY29udGV4dCIsIkRpZmZEaWFsb2ciLCJtZXNzYWdlcyJdLCJzb3VyY2VzIjpbImRpZmYudHN4Il0sInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIFJlYWN0IGZyb20gJ3JlYWN0J1xuaW1wb3J0IHR5cGUgeyBMb2NhbEpTWENvbW1hbmRDYWxsIH0gZnJvbSAnLi4vLi4vdHlwZXMvY29tbWFuZC5qcydcblxuZXhwb3J0IGNvbnN0IGNhbGw6IExvY2FsSlNYQ29tbWFuZENhbGwgPSBhc3luYyAob25Eb25lLCBjb250ZXh0KSA9PiB7XG4gIGNvbnN0IHsgRGlmZkRpYWxvZyB9ID0gYXdhaXQgaW1wb3J0KCcuLi8uLi9jb21wb25lbnRzL2RpZmYvRGlmZkRpYWxvZy5qcycpXG4gIHJldHVybiA8RGlmZkRpYWxvZyBtZXNzYWdlcz17Y29udGV4dC5tZXNzYWdlc30gb25Eb25lPXtvbkRvbmV9IC8+XG59XG4iXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBS0EsS0FBSyxNQUFNLE9BQU87QUFDOUIsY0FBY0MsbUJBQW1CLFFBQVEsd0JBQXdCO0FBRWpFLE9BQU8sTUFBTUMsSUFBSSxFQUFFRCxtQkFBbUIsR0FBRyxNQUFBQyxDQUFPQyxNQUFNLEVBQUVDLE9BQU8sS0FBSztFQUNsRSxNQUFNO0lBQUVDO0VBQVcsQ0FBQyxHQUFHLE1BQU0sTUFBTSxDQUFDLHFDQUFxQyxDQUFDO0VBQzFFLE9BQU8sQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLENBQUNELE9BQU8sQ0FBQ0UsUUFBUSxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUNILE1BQU0sQ0FBQyxHQUFHO0FBQ25FLENBQUMiLCJpZ25vcmVMaXN0IjpbXX0=
--- a/src/commands/doctor/doctor.tsx
+++ b/src/commands/doctor/doctor.tsx
@@ -4,4 +4,3 @@ import type { LocalJSXCommandCall } from '../../types/command.js';
 export const call: LocalJSXCommandCall = (onDone, _context, _args) => {
  return Promise.resolve(<Doctor onDone={onDone} />);
 };
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJSZWFjdCIsIkRvY3RvciIsIkxvY2FsSlNYQ29tbWFuZENhbGwiLCJjYWxsIiwib25Eb25lIiwiX2NvbnRleHQiLCJfYXJncyIsIlByb21pc2UiLCJyZXNvbHZlIl0sInNvdXJjZXMiOlsiZG9jdG9yLnRzeCJdLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgUmVhY3QgZnJvbSAncmVhY3QnXG5pbXBvcnQgeyBEb2N0b3IgfSBmcm9tICcuLi8uLi9zY3JlZW5zL0RvY3Rvci5qcydcbmltcG9ydCB0eXBlIHsgTG9jYWxKU1hDb21tYW5kQ2FsbCB9IGZyb20gJy4uLy4uL3R5cGVzL2NvbW1hbmQuanMnXG5cbmV4cG9ydCBjb25zdCBjYWxsOiBMb2NhbEpTWENvbW1hbmRDYWxsID0gKG9uRG9uZSwgX2NvbnRleHQsIF9hcmdzKSA9PiB7XG4gIHJldHVybiBQcm9taXNlLnJlc29sdmUoPERvY3RvciBvbkRvbmU9e29uRG9uZX0gLz4pXG59XG4iXSwibWFwcGluZ3MiOiJBQUFBLE9BQU9BLEtBQUssTUFBTSxPQUFPO0FBQ3pCLFNBQVNDLE1BQU0sUUFBUSx5QkFBeUI7QUFDaEQsY0FBY0MsbUJBQW1CLFFBQVEsd0JBQXdCO0FBRWpFLE9BQU8sTUFBTUMsSUFBSSxFQUFFRCxtQkFBbUIsR0FBR0MsQ0FBQ0MsTUFBTSxFQUFFQyxRQUFRLEVBQUVDLEtBQUssS0FBSztFQUNwRSxPQUFPQyxPQUFPLENBQUNDLE9BQU8sQ0FBQyxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQ0osTUFBTSxDQUFDLEdBQUcsQ0FBQztBQUNwRCxDQUFDIiwiaWdub3JlTGlzdCI6W119
--- a/src/commands/dream/dream.ts
+++ b/src/commands/dream/dream.ts
@@ -0,0 +1,68 @@
+import type { ContentBlockParam } from '@anthropic-ai/sdk/resources/messages.mjs'
+import type { Command } from '../../commands.js'
+import { isAutoMemoryEnabled, getAutoMemPath } from '../../memdir/paths.js'
+import { getProjectDir } from '../../utils/sessionStorage.js'
+import { getOriginalCwd, getSessionId } from '../../bootstrap/state.js'
+import { buildConsolidationPrompt } from '../../services/autoDream/consolidationPrompt.js'
+import {
+  readLastConsolidatedAt,
+  listSessionsTouchedSince,
+  recordConsolidation,
+} from '../../services/autoDream/consolidationLock.js'
+
+const command = {
+  type: 'prompt',
+  name: 'dream',
+  description:
+    'Run memory consolidation — synthesize recent sessions into durable memories',
+  isEnabled: () => isAutoMemoryEnabled(),
+  progressMessage: 'consolidating memories',
+  contentLength: 0,
+  source: 'builtin',
+  async getPromptForCommand(): Promise<ContentBlockParam[]> {
+    const memoryRoot = getAutoMemPath()
+    const transcriptDir = getProjectDir(getOriginalCwd())
+
+    let lastAt: number
+    try {
+      lastAt = await readLastConsolidatedAt()
+    } catch {
+      lastAt = 0
+    }
+
+    let sessionIds: string[]
+    try {
+      sessionIds = await listSessionsTouchedSince(lastAt)
+    } catch {
+      sessionIds = []
+    }
+
+    const currentSession = getSessionId()
+    sessionIds = sessionIds.filter(id => id !== currentSession)
+
+    if (sessionIds.length === 0) {
+      sessionIds = [currentSession]
+    }
+
+    const hoursSince =
+      lastAt > 0
+        ? `${((Date.now() - lastAt) / 3_600_000).toFixed(1)}h ago`
+        : 'never'
+
+    const extra = `
+**Manually triggered by user via /dream.**
+
+Sessions since last consolidation (${sessionIds.length}, last run: ${hoursSince}):
+${sessionIds.map(id => `- ${id}`).join('\n')}`
+
+    const prompt = buildConsolidationPrompt(memoryRoot, transcriptDir, extra)
+
+    // Record consolidation timestamp programmatically so auto-dream
+    // knows when the last manual run happened.
+    await recordConsolidation()
+
+    return [{ type: 'text', text: prompt }]
+  },
+} satisfies Command
+
+export default command
--- a/src/commands/dream/index.ts
+++ b/src/commands/dream/index.ts
@@ -0,0 +1 @@
+export { default } from './dream.js'
--- a/src/commands/effort/effort.tsx
+++ b/src/commands/effort/effort.tsx
--- a/src/commands/exit/exit.tsx
+++ b/src/commands/exit/exit.tsx
@@ -30,4 +30,3 @@ export async function call(onDone: LocalJSXCommandOnDone): Promise<React.ReactNo
  await gracefulShutdown(0, 'prompt_input_exit');
  return null;
 }
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJmZWF0dXJlIiwic3Bhd25TeW5jIiwic2FtcGxlIiwiUmVhY3QiLCJFeGl0RmxvdyIsIkxvY2FsSlNYQ29tbWFuZE9uRG9uZSIsImlzQmdTZXNzaW9uIiwiZ3JhY2VmdWxTaHV0ZG93biIsImdldEN1cnJlbnRXb3JrdHJlZVNlc3Npb24iLCJHT09EQllFX01FU1NBR0VTIiwiZ2V0UmFuZG9tR29vZGJ5ZU1lc3NhZ2UiLCJjYWxsIiwib25Eb25lIiwiUHJvbWlzZSIsIlJlYWN0Tm9kZSIsInN0ZGlvIiwic2hvd1dvcmt0cmVlIl0sInNvdXJjZXMiOlsiZXhpdC50c3giXSwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgZmVhdHVyZSB9IGZyb20gJ2J1bjpidW5kbGUnXG5pbXBvcnQgeyBzcGF3blN5bmMgfSBmcm9tICdjaGlsZF9wcm9jZXNzJ1xuaW1wb3J0IHNhbXBsZSBmcm9tICdsb2Rhc2gtZXMvc2FtcGxlLmpzJ1xuaW1wb3J0ICogYXMgUmVhY3QgZnJvbSAncmVhY3QnXG5pbXBvcnQgeyBFeGl0RmxvdyB9IGZyb20gJy4uLy4uL2NvbXBvbmVudHMvRXhpdEZsb3cuanMnXG5pbXBvcnQgdHlwZSB7IExvY2FsSlNYQ29tbWFuZE9uRG9uZSB9IGZyb20gJy4uLy4uL3R5cGVzL2NvbW1hbmQuanMnXG5pbXBvcnQgeyBpc0JnU2Vzc2lvbiB9IGZyb20gJy4uLy4uL3V0aWxzL2NvbmN1cnJlbnRTZXNzaW9ucy5qcydcbmltcG9ydCB7IGdyYWNlZnVsU2h1dGRvd24gfSBmcm9tICcuLi8uLi91dGlscy9ncmFjZWZ1bFNodXRkb3duLmpzJ1xuaW1wb3J0IHsgZ2V0Q3VycmVudFdvcmt0cmVlU2Vzc2lvbiB9IGZyb20gJy4uLy4uL3V0aWxzL3dvcmt0cmVlLmpzJ1xuXG5jb25zdCBHT09EQllFX01FU1NBR0VTID0gWydHb29kYnllIScsICdTZWUgeWEhJywgJ0J5ZSEnLCAnQ2F0Y2ggeW91IGxhdGVyISddXG5cbmZ1bmN0aW9uIGdldFJhbmRvbUdvb2RieWVNZXNzYWdlKCk6IHN0cmluZyB7XG4gIHJldHVybiBzYW1wbGUoR09PREJZRV9NRVNTQUdFUykgPz8gJ0dvb2RieWUhJ1xufVxuXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gY2FsbChcbiAgb25Eb25lOiBMb2NhbEpTWENvbW1hbmRPbkRvbmUsXG4pOiBQcm9taXNlPFJlYWN0LlJlYWN0Tm9kZT4ge1xuICAvLyBJbnNpZGUgYSBgY2xhdWRlIC0tYmdgIHRtdXggc2Vzc2lvbjogZGV0YWNoIGluc3RlYWQgb2Yga2lsbC4gVGhlIFJFUExcbiAgLy8ga2VlcHMgcnVubmluZzsgYGNsYXVkZSBhdHRhY2hgIGNhbiByZWNvbm5lY3QuIENvdmVycyAvZXhpdCwgL3F1aXQsXG4gIC8vIGN0cmwrYywgY3RybCtkIOKAlCBhbGwgZnVubmVsIHRocm91Z2ggaGVyZSB2aWEgUkVQTCdzIGhhbmRsZUV4aXQuXG4gIGlmIChmZWF0dXJlKCdCR19TRVNTSU9OUycpICYmIGlzQmdTZXNzaW9uKCkpIHtcbiAgICBvbkRvbmUoKVxuICAgIHNwYXduU3luYygndG11eCcsIFsnZGV0YWNoLWNsaWVudCddLCB7IHN0ZGlvOiAnaWdub3JlJyB9KVxuICAgIHJldHVybiBudWxsXG4gIH1cblxuICBjb25zdCBzaG93V29ya3RyZWUgPSBnZXRDdXJyZW50V29ya3RyZWVTZXNzaW9uKCkgIT09IG51bGxcblxuICBpZiAoc2hvd1dvcmt0cmVlKSB7XG4gICAgcmV0dXJuIChcbiAgICAgIDxFeGl0Rmxvd1xuICAgICAgICBzaG93V29ya3RyZWU9e3Nob3dXb3JrdHJlZX1cbiAgICAgICAgb25Eb25lPXtvbkRvbmV9XG4gICAgICAgIG9uQ2FuY2VsPXsoKSA9PiBvbkRvbmUoKX1cbiAgICAgIC8+XG4gICAgKVxuICB9XG5cbiAgb25Eb25lKGdldFJhbmRvbUdvb2RieWVNZXNzYWdlKCkpXG4gIGF3YWl0IGdyYWNlZnVsU2h1dGRvd24oMCwgJ3Byb21wdF9pbnB1dF9leGl0JylcbiAgcmV0dXJuIG51bGxcbn1cbiJdLCJtYXBwaW5ncyI6IkFBQUEsU0FBU0EsT0FBTyxRQUFRLFlBQVk7QUFDcEMsU0FBU0MsU0FBUyxRQUFRLGVBQWU7QUFDekMsT0FBT0MsTUFBTSxNQUFNLHFCQUFxQjtBQUN4QyxPQUFPLEtBQUtDLEtBQUssTUFBTSxPQUFPO0FBQzlCLFNBQVNDLFFBQVEsUUFBUSw4QkFBOEI7QUFDdkQsY0FBY0MscUJBQXFCLFFBQVEsd0JBQXdCO0FBQ25FLFNBQVNDLFdBQVcsUUFBUSxtQ0FBbUM7QUFDL0QsU0FBU0MsZ0JBQWdCLFFBQVEsaUNBQWlDO0FBQ2xFLFNBQVNDLHlCQUF5QixRQUFRLHlCQUF5QjtBQUVuRSxNQUFNQyxnQkFBZ0IsR0FBRyxDQUFDLFVBQVUsRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLGtCQUFrQixDQUFDO0FBRTVFLFNBQVNDLHVCQUF1QkEsQ0FBQSxDQUFFLEVBQUUsTUFBTSxDQUFDO0VBQ3pDLE9BQU9SLE1BQU0sQ0FBQ08sZ0JBQWdCLENBQUMsSUFBSSxVQUFVO0FBQy9DO0FBRUEsT0FBTyxlQUFlRSxJQUFJQSxDQUN4QkMsTUFBTSxFQUFFUCxxQkFBcUIsQ0FDOUIsRUFBRVEsT0FBTyxDQUFDVixLQUFLLENBQUNXLFNBQVMsQ0FBQyxDQUFDO0VBQzFCO0VBQ0E7RUFDQTtFQUNBLElBQUlkLE9BQU8sQ0FBQyxhQUFhLENBQUMsSUFBSU0sV0FBVyxDQUFDLENBQUMsRUFBRTtJQUMzQ00sTUFBTSxDQUFDLENBQUM7SUFDUlgsU0FBUyxDQUFDLE1BQU0sRUFBRSxDQUFDLGVBQWUsQ0FBQyxFQUFFO01BQUVjLEtBQUssRUFBRTtJQUFTLENBQUMsQ0FBQztJQUN6RCxPQUFPLElBQUk7RUFDYjtFQUVBLE1BQU1DLFlBQVksR0FBR1IseUJBQXlCLENBQUMsQ0FBQyxLQUFLLElBQUk7RUFFekQsSUFBSVEsWUFBWSxFQUFFO0lBQ2hCLE9BQ0UsQ0FBQyxRQUFRLENBQ1AsWUFBWSxDQUFDLENBQUNBLFlBQVksQ0FBQyxDQUMzQixNQUFNLENBQUMsQ0FBQ0osTUFBTSxDQUFDLENBQ2YsUUFBUSxDQUFDLENBQUMsTUFBTUEsTUFBTSxDQUFDLENBQUMsQ0FBQyxHQUN6QjtFQUVOO0VBRUFBLE1BQU0sQ0FBQ0YsdUJBQXVCLENBQUMsQ0FBQyxDQUFDO0VBQ2pDLE1BQU1ILGdCQUFnQixDQUFDLENBQUMsRUFBRSxtQkFBbUIsQ0FBQztFQUM5QyxPQUFPLElBQUk7QUFDYiIsImlnbm9yZUxpc3QiOltdfQ==
--- a/src/commands/export/export.tsx
+++ b/src/commands/export/export.tsx
--- a/src/commands/extra-usage/extra-usage.tsx
+++ b/src/commands/extra-usage/extra-usage.tsx
@@ -14,4 +14,3 @@ export async function call(onDone: LocalJSXCommandOnDone, context: LocalJSXComma
    onDone(success ? 'Login successful' : 'Login interrupted');
  }} />;
 }
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJSZWFjdCIsIkxvY2FsSlNYQ29tbWFuZENvbnRleHQiLCJMb2NhbEpTWENvbW1hbmRPbkRvbmUiLCJMb2dpbiIsInJ1bkV4dHJhVXNhZ2UiLCJjYWxsIiwib25Eb25lIiwiY29udGV4dCIsIlByb21pc2UiLCJSZWFjdE5vZGUiLCJyZXN1bHQiLCJ0eXBlIiwidmFsdWUiLCJzdWNjZXNzIiwib25DaGFuZ2VBUElLZXkiXSwic291cmNlcyI6WyJleHRyYS11c2FnZS50c3giXSwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IFJlYWN0IGZyb20gJ3JlYWN0J1xuaW1wb3J0IHR5cGUgeyBMb2NhbEpTWENvbW1hbmRDb250ZXh0IH0gZnJvbSAnLi4vLi4vY29tbWFuZHMuanMnXG5pbXBvcnQgdHlwZSB7IExvY2FsSlNYQ29tbWFuZE9uRG9uZSB9IGZyb20gJy4uLy4uL3R5cGVzL2NvbW1hbmQuanMnXG5pbXBvcnQgeyBMb2dpbiB9IGZyb20gJy4uL2xvZ2luL2xvZ2luLmpzJ1xuaW1wb3J0IHsgcnVuRXh0cmFVc2FnZSB9IGZyb20gJy4vZXh0cmEtdXNhZ2UtY29yZS5qcydcblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGNhbGwoXG4gIG9uRG9uZTogTG9jYWxKU1hDb21tYW5kT25Eb25lLFxuICBjb250ZXh0OiBMb2NhbEpTWENvbW1hbmRDb250ZXh0LFxuKTogUHJvbWlzZTxSZWFjdC5SZWFjdE5vZGUgfCBudWxsPiB7XG4gIGNvbnN0IHJlc3VsdCA9IGF3YWl0IHJ1bkV4dHJhVXNhZ2UoKVxuXG4gIGlmIChyZXN1bHQudHlwZSA9PT0gJ21lc3NhZ2UnKSB7XG4gICAgb25Eb25lKHJlc3VsdC52YWx1ZSlcbiAgICByZXR1cm4gbnVsbFxuICB9XG5cbiAgcmV0dXJuIChcbiAgICA8TG9naW5cbiAgICAgIHN0YXJ0aW5nTWVzc2FnZT17XG4gICAgICAgICdTdGFydGluZyBuZXcgbG9naW4gZm9sbG93aW5nIC9leHRyYS11c2FnZS4gRXhpdCB3aXRoIEN0cmwtQyB0byB1c2UgZXhpc3RpbmcgYWNjb3VudC4nXG4gICAgICB9XG4gICAgICBvbkRvbmU9e3N1Y2Nlc3MgPT4ge1xuICAgICAgICBjb250ZXh0Lm9uQ2hhbmdlQVBJS2V5KClcbiAgICAgICAgb25Eb25lKHN1Y2Nlc3MgPyAnTG9naW4gc3VjY2Vzc2Z1bCcgOiAnTG9naW4gaW50ZXJydXB0ZWQnKVxuICAgICAgfX1cbiAgICAvPlxuICApXG59XG4iXSwibWFwcGluZ3MiOiJBQUFBLE9BQU9BLEtBQUssTUFBTSxPQUFPO0FBQ3pCLGNBQWNDLHNCQUFzQixRQUFRLG1CQUFtQjtBQUMvRCxjQUFjQyxxQkFBcUIsUUFBUSx3QkFBd0I7QUFDbkUsU0FBU0MsS0FBSyxRQUFRLG1CQUFtQjtBQUN6QyxTQUFTQyxhQUFhLFFBQVEsdUJBQXVCO0FBRXJELE9BQU8sZUFBZUMsSUFBSUEsQ0FDeEJDLE1BQU0sRUFBRUoscUJBQXFCLEVBQzdCSyxPQUFPLEVBQUVOLHNCQUFzQixDQUNoQyxFQUFFTyxPQUFPLENBQUNSLEtBQUssQ0FBQ1MsU0FBUyxHQUFHLElBQUksQ0FBQyxDQUFDO0VBQ2pDLE1BQU1DLE1BQU0sR0FBRyxNQUFNTixhQUFhLENBQUMsQ0FBQztFQUVwQyxJQUFJTSxNQUFNLENBQUNDLElBQUksS0FBSyxTQUFTLEVBQUU7SUFDN0JMLE1BQU0sQ0FBQ0ksTUFBTSxDQUFDRSxLQUFLLENBQUM7SUFDcEIsT0FBTyxJQUFJO0VBQ2I7RUFFQSxPQUNFLENBQUMsS0FBSyxDQUNKLGVBQWUsQ0FBQyxDQUNkLHNGQUNGLENBQUMsQ0FDRCxNQUFNLENBQUMsQ0FBQ0MsT0FBTyxJQUFJO0lBQ2pCTixPQUFPLENBQUNPLGNBQWMsQ0FBQyxDQUFDO0lBQ3hCUixNQUFNLENBQUNPLE9BQU8sR0FBRyxrQkFBa0IsR0FBRyxtQkFBbUIsQ0FBQztFQUM1RCxDQUFDLENBQUMsR0FDRjtBQUVOIiwiaWdub3JlTGlzdCI6W119
--- a/src/commands/fast/fast.tsx
+++ b/src/commands/fast/fast.tsx
--- a/src/commands/feedback/feedback.tsx
+++ b/src/commands/feedback/feedback.tsx
@@ -22,4 +22,3 @@ export async function call(onDone: LocalJSXCommandOnDone, context: LocalJSXComma
  const initialDescription = args || '';
  return renderFeedbackComponent(onDone, context.abortController.signal, context.messages, initialDescription);
 }
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJSZWFjdCIsIkNvbW1hbmRSZXN1bHREaXNwbGF5IiwiTG9jYWxKU1hDb21tYW5kQ29udGV4dCIsIkZlZWRiYWNrIiwiTG9jYWxKU1hDb21tYW5kT25Eb25lIiwiTWVzc2FnZSIsInJlbmRlckZlZWRiYWNrQ29tcG9uZW50Iiwib25Eb25lIiwicmVzdWx0Iiwib3B0aW9ucyIsImRpc3BsYXkiLCJhYm9ydFNpZ25hbCIsIkFib3J0U2lnbmFsIiwibWVzc2FnZXMiLCJpbml0aWFsRGVzY3JpcHRpb24iLCJiYWNrZ3JvdW5kVGFza3MiLCJ0YXNrSWQiLCJ0eXBlIiwiaWRlbnRpdHkiLCJhZ2VudElkIiwiUmVhY3ROb2RlIiwiY2FsbCIsImNvbnRleHQiLCJhcmdzIiwiUHJvbWlzZSIsImFib3J0Q29udHJvbGxlciIsInNpZ25hbCJdLCJzb3VyY2VzIjpbImZlZWRiYWNrLnRzeCJdLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBSZWFjdCBmcm9tICdyZWFjdCdcbmltcG9ydCB0eXBlIHtcbiAgQ29tbWFuZFJlc3VsdERpc3BsYXksXG4gIExvY2FsSlNYQ29tbWFuZENvbnRleHQsXG59IGZyb20gJy4uLy4uL2NvbW1hbmRzLmpzJ1xuaW1wb3J0IHsgRmVlZGJhY2sgfSBmcm9tICcuLi8uLi9jb21wb25lbnRzL0ZlZWRiYWNrLmpzJ1xuaW1wb3J0IHR5cGUgeyBMb2NhbEpTWENvbW1hbmRPbkRvbmUgfSBmcm9tICcuLi8uLi90eXBlcy9jb21tYW5kLmpzJ1xuaW1wb3J0IHR5cGUgeyBNZXNzYWdlIH0gZnJvbSAnLi4vLi4vdHlwZXMvbWVzc2FnZS5qcydcblxuLy8gU2hhcmVkIGZ1bmN0aW9uIHRvIHJlbmRlciB0aGUgRmVlZGJhY2sgY29tcG9uZW50XG5leHBvcnQgZnVuY3Rpb24gcmVuZGVyRmVlZGJhY2tDb21wb25lbnQoXG4gIG9uRG9uZTogKFxuICAgIHJlc3VsdD86IHN0cmluZyxcbiAgICBvcHRpb25zPzogeyBkaXNwbGF5PzogQ29tbWFuZFJlc3VsdERpc3BsYXkgfSxcbiAgKSA9PiB2b2lkLFxuICBhYm9ydFNpZ25hbDogQWJvcnRTaWduYWwsXG4gIG1lc3NhZ2VzOiBNZXNzYWdlW10sXG4gIGluaXRpYWxEZXNjcmlwdGlvbjogc3RyaW5nID0gJycsXG4gIGJhY2tncm91bmRUYXNrczoge1xuICAgIFt0YXNrSWQ6IHN0cmluZ106IHtcbiAgICAgIHR5cGU6IHN0cmluZ1xuICAgICAgaWRlbnRpdHk/OiB7IGFnZW50SWQ6IHN0cmluZyB9XG4gICAgICBtZXNzYWdlcz86IE1lc3NhZ2VbXVxuICAgIH1cbiAgfSA9IHt9LFxuKTogUmVhY3QuUmVhY3ROb2RlIHtcbiAgcmV0dXJuIChcbiAgICA8RmVlZGJhY2tcbiAgICAgIGFib3J0U2lnbmFsPXthYm9ydFNpZ25hbH1cbiAgICAgIG1lc3NhZ2VzPXttZXNzYWdlc31cbiAgICAgIGluaXRpYWxEZXNjcmlwdGlvbj17aW5pdGlhbERlc2NyaXB0aW9ufVxuICAgICAgb25Eb25lPXtvbkRvbmV9XG4gICAgICBiYWNrZ3JvdW5kVGFza3M9e2JhY2tncm91bmRUYXNrc31cbiAgICAvPlxuICApXG59XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBjYWxsKFxuICBvbkRvbmU6IExvY2FsSlNYQ29tbWFuZE9uRG9uZSxcbiAgY29udGV4dDogTG9jYWxKU1hDb21tYW5kQ29udGV4dCxcbiAgYXJncz86IHN0cmluZyxcbik6IFByb21pc2U8UmVhY3QuUmVhY3ROb2RlPiB7XG4gIGNvbnN0IGluaXRpYWxEZXNjcmlwdGlvbiA9IGFyZ3MgfHwgJydcbiAgcmV0dXJuIHJlbmRlckZlZWRiYWNrQ29tcG9uZW50KFxuICAgIG9uRG9uZSxcbiAgICBjb250ZXh0LmFib3J0Q29udHJvbGxlci5zaWduYWwsXG4gICAgY29udGV4dC5tZXNzYWdlcyxcbiAgICBpbml0aWFsRGVzY3JpcHRpb24sXG4gIClcbn1cbiJdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLQSxLQUFLLE1BQU0sT0FBTztBQUM5QixjQUNFQyxvQkFBb0IsRUFDcEJDLHNCQUFzQixRQUNqQixtQkFBbUI7QUFDMUIsU0FBU0MsUUFBUSxRQUFRLDhCQUE4QjtBQUN2RCxjQUFjQyxxQkFBcUIsUUFBUSx3QkFBd0I7QUFDbkUsY0FBY0MsT0FBTyxRQUFRLHdCQUF3Qjs7QUFFckQ7QUFDQSxPQUFPLFNBQVNDLHVCQUF1QkEsQ0FDckNDLE1BQU0sRUFBRSxDQUNOQyxNQUFlLENBQVIsRUFBRSxNQUFNLEVBQ2ZDLE9BQTRDLENBQXBDLEVBQUU7RUFBRUMsT0FBTyxDQUFDLEVBQUVULG9CQUFvQjtBQUFDLENBQUMsRUFDNUMsR0FBRyxJQUFJLEVBQ1RVLFdBQVcsRUFBRUMsV0FBVyxFQUN4QkMsUUFBUSxFQUFFUixPQUFPLEVBQUUsRUFDbkJTLGtCQUFrQixFQUFFLE1BQU0sR0FBRyxFQUFFLEVBQy9CQyxlQUFlLEVBQUU7RUFDZixDQUFDQyxNQUFNLEVBQUUsTUFBTSxDQUFDLEVBQUU7SUFDaEJDLElBQUksRUFBRSxNQUFNO0lBQ1pDLFFBQVEsQ0FBQyxFQUFFO01BQUVDLE9BQU8sRUFBRSxNQUFNO0lBQUMsQ0FBQztJQUM5Qk4sUUFBUSxDQUFDLEVBQUVSLE9BQU8sRUFBRTtFQUN0QixDQUFDO0FBQ0gsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUNQLEVBQUVMLEtBQUssQ0FBQ29CLFNBQVMsQ0FBQztFQUNqQixPQUNFLENBQUMsUUFBUSxDQUNQLFdBQVcsQ0FBQyxDQUFDVCxXQUFXLENBQUMsQ0FDekIsUUFBUSxDQUFDLENBQUNFLFFBQVEsQ0FBQyxDQUNuQixrQkFBa0IsQ0FBQyxDQUFDQyxrQkFBa0IsQ0FBQyxDQUN2QyxNQUFNLENBQUMsQ0FBQ1AsTUFBTSxDQUFDLENBQ2YsZUFBZSxDQUFDLENBQUNRLGVBQWUsQ0FBQyxHQUNqQztBQUVOO0FBRUEsT0FBTyxlQUFlTSxJQUFJQSxDQUN4QmQsTUFBTSxFQUFFSCxxQkFBcUIsRUFDN0JrQixPQUFPLEVBQUVwQixzQkFBc0IsRUFDL0JxQixJQUFhLENBQVIsRUFBRSxNQUFNLENBQ2QsRUFBRUMsT0FBTyxDQUFDeEIsS0FBSyxDQUFDb0IsU0FBUyxDQUFDLENBQUM7RUFDMUIsTUFBTU4sa0JBQWtCLEdBQUdTLElBQUksSUFBSSxFQUFFO0VBQ3JDLE9BQU9qQix1QkFBdUIsQ0FDNUJDLE1BQU0sRUFDTmUsT0FBTyxDQUFDRyxlQUFlLENBQUNDLE1BQU0sRUFDOUJKLE9BQU8sQ0FBQ1QsUUFBUSxFQUNoQkMsa0JBQ0YsQ0FBQztBQUNIIiwiaWdub3JlTGlzdCI6W119
--- a/src/commands/help/help.tsx
+++ b/src/commands/help/help.tsx
@@ -8,4 +8,3 @@ export const call: LocalJSXCommandCall = async (onDone, {
 }) => {
  return <HelpV2 commands={commands} onClose={onDone} />;
 };
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJSZWFjdCIsIkhlbHBWMiIsIkxvY2FsSlNYQ29tbWFuZENhbGwiLCJjYWxsIiwib25Eb25lIiwib3B0aW9ucyIsImNvbW1hbmRzIl0sInNvdXJjZXMiOlsiaGVscC50c3giXSwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgUmVhY3QgZnJvbSAncmVhY3QnXG5pbXBvcnQgeyBIZWxwVjIgfSBmcm9tICcuLi8uLi9jb21wb25lbnRzL0hlbHBWMi9IZWxwVjIuanMnXG5pbXBvcnQgdHlwZSB7IExvY2FsSlNYQ29tbWFuZENhbGwgfSBmcm9tICcuLi8uLi90eXBlcy9jb21tYW5kLmpzJ1xuXG5leHBvcnQgY29uc3QgY2FsbDogTG9jYWxKU1hDb21tYW5kQ2FsbCA9IGFzeW5jIChcbiAgb25Eb25lLFxuICB7IG9wdGlvbnM6IHsgY29tbWFuZHMgfSB9LFxuKSA9PiB7XG4gIHJldHVybiA8SGVscFYyIGNvbW1hbmRzPXtjb21tYW5kc30gb25DbG9zZT17b25Eb25lfSAvPlxufVxuIl0sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUtBLEtBQUssTUFBTSxPQUFPO0FBQzlCLFNBQVNDLE1BQU0sUUFBUSxtQ0FBbUM7QUFDMUQsY0FBY0MsbUJBQW1CLFFBQVEsd0JBQXdCO0FBRWpFLE9BQU8sTUFBTUMsSUFBSSxFQUFFRCxtQkFBbUIsR0FBRyxNQUFBQyxDQUN2Q0MsTUFBTSxFQUNOO0VBQUVDLE9BQU8sRUFBRTtJQUFFQztFQUFTO0FBQUUsQ0FBQyxLQUN0QjtFQUNILE9BQU8sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUNBLFFBQVEsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDRixNQUFNLENBQUMsR0FBRztBQUN4RCxDQUFDIiwiaWdub3JlTGlzdCI6W119
--- a/src/commands/hooks/hooks.tsx
+++ b/src/commands/hooks/hooks.tsx
@@ -10,4 +10,3 @@ export const call: LocalJSXCommandCall = async (onDone, context) => {
  const toolNames = getTools(permissionContext).map(tool => tool.name);
  return <HooksConfigMenu toolNames={toolNames} onExit={onDone} />;
 };
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJSZWFjdCIsIkhvb2tzQ29uZmlnTWVudSIsImxvZ0V2ZW50IiwiZ2V0VG9vbHMiLCJMb2NhbEpTWENvbW1hbmRDYWxsIiwiY2FsbCIsIm9uRG9uZSIsImNvbnRleHQiLCJhcHBTdGF0ZSIsImdldEFwcFN0YXRlIiwicGVybWlzc2lvbkNvbnRleHQiLCJ0b29sUGVybWlzc2lvbkNvbnRleHQiLCJ0b29sTmFtZXMiLCJtYXAiLCJ0b29sIiwibmFtZSJdLCJzb3VyY2VzIjpbImhvb2tzLnRzeCJdLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBSZWFjdCBmcm9tICdyZWFjdCdcbmltcG9ydCB7IEhvb2tzQ29uZmlnTWVudSB9IGZyb20gJy4uLy4uL2NvbXBvbmVudHMvaG9va3MvSG9va3NDb25maWdNZW51LmpzJ1xuaW1wb3J0IHsgbG9nRXZlbnQgfSBmcm9tICcuLi8uLi9zZXJ2aWNlcy9hbmFseXRpY3MvaW5kZXguanMnXG5pbXBvcnQgeyBnZXRUb29scyB9IGZyb20gJy4uLy4uL3Rvb2xzLmpzJ1xuaW1wb3J0IHR5cGUgeyBMb2NhbEpTWENvbW1hbmRDYWxsIH0gZnJvbSAnLi4vLi4vdHlwZXMvY29tbWFuZC5qcydcblxuZXhwb3J0IGNvbnN0IGNhbGw6IExvY2FsSlNYQ29tbWFuZENhbGwgPSBhc3luYyAob25Eb25lLCBjb250ZXh0KSA9PiB7XG4gIGxvZ0V2ZW50KCd0ZW5ndV9ob29rc19jb21tYW5kJywge30pXG4gIGNvbnN0IGFwcFN0YXRlID0gY29udGV4dC5nZXRBcHBTdGF0ZSgpXG4gIGNvbnN0IHBlcm1pc3Npb25Db250ZXh0ID0gYXBwU3RhdGUudG9vbFBlcm1pc3Npb25Db250ZXh0XG4gIGNvbnN0IHRvb2xOYW1lcyA9IGdldFRvb2xzKHBlcm1pc3Npb25Db250ZXh0KS5tYXAodG9vbCA9PiB0b29sLm5hbWUpXG4gIHJldHVybiA8SG9va3NDb25maWdNZW51IHRvb2xOYW1lcz17dG9vbE5hbWVzfSBvbkV4aXQ9e29uRG9uZX0gLz5cbn1cbiJdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLQSxLQUFLLE1BQU0sT0FBTztBQUM5QixTQUFTQyxlQUFlLFFBQVEsMkNBQTJDO0FBQzNFLFNBQVNDLFFBQVEsUUFBUSxtQ0FBbUM7QUFDNUQsU0FBU0MsUUFBUSxRQUFRLGdCQUFnQjtBQUN6QyxjQUFjQyxtQkFBbUIsUUFBUSx3QkFBd0I7QUFFakUsT0FBTyxNQUFNQyxJQUFJLEVBQUVELG1CQUFtQixHQUFHLE1BQUFDLENBQU9DLE1BQU0sRUFBRUMsT0FBTyxLQUFLO0VBQ2xFTCxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQyxDQUFDLENBQUM7RUFDbkMsTUFBTU0sUUFBUSxHQUFHRCxPQUFPLENBQUNFLFdBQVcsQ0FBQyxDQUFDO0VBQ3RDLE1BQU1DLGlCQUFpQixHQUFHRixRQUFRLENBQUNHLHFCQUFxQjtFQUN4RCxNQUFNQyxTQUFTLEdBQUdULFFBQVEsQ0FBQ08saUJBQWlCLENBQUMsQ0FBQ0csR0FBRyxDQUFDQyxJQUFJLElBQUlBLElBQUksQ0FBQ0MsSUFBSSxDQUFDO0VBQ3BFLE9BQU8sQ0FBQyxlQUFlLENBQUMsU0FBUyxDQUFDLENBQUNILFNBQVMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDTixNQUFNLENBQUMsR0FBRztBQUNsRSxDQUFDIiwiaWdub3JlTGlzdCI6W119
--- a/src/commands/ide/ide.tsx
+++ b/src/commands/ide/ide.tsx
--- a/src/commands/init.ts
+++ b/src/commands/init.ts
@@ -70,7 +70,7 @@ If the user chose personal CLAUDE.local.md or both: ask about them, not the code
  - Only if Phase 2 found multiple git worktrees: ask whether their worktrees are nested inside the main repo (e.g., \`.claude/worktrees/<name>/\`) or siblings/external (e.g., \`../myrepo-feature/\`). If nested, the upward file walk finds the main repo's CLAUDE.local.md automatically — no special handling needed. If sibling/external, the personal content should live in a home-directory file (e.g., \`~/.claude/<project-name>-instructions.md\`) and each worktree gets a one-line CLAUDE.local.md stub that imports it: \`@~/.claude/<project-name>-instructions.md\`. Never put this import in the project CLAUDE.md — that would check a personal reference into the team-shared file.
  - Any communication preferences? (e.g., "be terse", "always explain tradeoffs", "don't summarize at the end")

-**Synthesize a proposal from Phase 2 findings** — e.g., format-on-edit if a formatter exists, a \`/verify\` skill if tests exist, a CLAUDE.md note for anything from the gap-fill answers that's a guideline rather than a workflow. For each, pick the artifact type that fits, **constrained by the Phase 1 skills+hooks choice**:
+**Synthesize a proposal from Phase 2 findings** — e.g., format-on-edit if a formatter exists, a project verification workflow if tests exist, a CLAUDE.md note for anything from the gap-fill answers that's a guideline rather than a workflow. For each, pick the artifact type that fits, **constrained by the Phase 1 skills+hooks choice**:

  - **Hook** (stricter) — deterministic shell command on a tool event; Claude can't skip it. Fits mechanical, fast, per-edit steps: formatting, linting, running a quick test on the changed file.
  - **Skill** (on-demand) — you or Claude invoke \`/skill-name\` when you want it. Fits workflows that don't belong on every edit: deep verification, session reports, deploys.
@@ -85,7 +85,7 @@ If the user chose personal CLAUDE.local.md or both: ask about them, not the code
  - **Keep previews compact — the preview box truncates with no scrolling.** One line per item, no blank lines between items, no header. Example preview content:

    • **Format-on-edit hook** (automatic) — \`ruff format <file>\` via PostToolUse
-    • **/verify skill** (on-demand) — \`make lint && make typecheck && make test\`
+    • **Verification workflow** (on-demand) — \`make lint && make typecheck && make test\`
    • **CLAUDE.md note** (guideline) — "run lint/typecheck/test before marking done"

  - Option labels stay short ("Looks good", "Drop the hook", "Drop the skill") — the tool auto-adds an "Other" free-text option, so don't add your own catch-all.
@@ -157,7 +157,7 @@ Skills add capabilities Claude can use on demand without bloating every session.

 **First, consume \`skill\` entries from the Phase 3 preference queue.** Each queued skill preference becomes a SKILL.md tailored to what the user described. For each:
 - Name it from the preference (e.g., "verify-deep", "session-report", "deploy-sandbox")
- Write the body using the user's own words from the interview plus whatever Phase 2 found (test commands, report format, deploy target). If the preference maps to an existing bundled skill (e.g., \`/verify\`), write a project skill that adds the user's specific constraints on top — tell the user the bundled one still exists and theirs is additive.
+- Write the body using the user's own words from the interview plus whatever Phase 2 found (test commands, report format, deploy target). If the preference maps to an existing project workflow, write a project skill that captures the user's specific constraints on top.
 - Ask a quick follow-up if the preference is underspecified (e.g., "which test command should verify-deep run?")

 **Then suggest additional skills** beyond the queue when you find:
--- a/src/commands/insights.ts
+++ b/src/commands/insights.ts
@@ -2187,7 +2187,7 @@ function generateHtmlReport(
    `
      : ''

-  // Build Team Feedback section (collapsible, ant-only)
+  // Build Team Feedback section (collapsible, internal-only)
  const ccImprovements =
    process.env.USER_TYPE === 'ant'
      ? insights.cc_team_improvements?.improvements || []
@@ -2804,7 +2804,7 @@ export async function generateUsageReport(options?: {
 }> {
  let remoteStats: { hosts: RemoteHostInfo[]; totalCopied: number } | undefined

-  // Optionally collect data from remote hosts first (ant-only)
+  // Optionally collect data from remote hosts first (internal-only)
  if (process.env.USER_TYPE === 'ant' && options?.collectRemote) {
    const destDir = join(getClaudeConfigHomeDir(), 'projects')
    const { hosts, totalCopied } = await collectAllRemoteHostData(destDir)
@@ -3072,33 +3072,6 @@ const usageReport: Command = {
    let reportUrl = `file://${htmlPath}`
    let uploadHint = ''

-    if (process.env.USER_TYPE === 'ant') {
-      // Try to upload to S3
-      const timestamp = new Date()
-        .toISOString()
-        .replace(/[-:]/g, '')
-        .replace('T', '_')
-        .slice(0, 15)
-      const username = process.env.SAFEUSER || process.env.USER || 'unknown'
-      const filename = `${username}_insights_${timestamp}.html`
-      const s3Path = `s3://anthropic-serve/atamkin/cc-user-reports/${filename}`
-      const s3Url = `https://s3-frontend.infra.ant.dev/anthropic-serve/atamkin/cc-user-reports/${filename}`
-
-      reportUrl = s3Url
-      try {
-        execFileSync('ff', ['cp', htmlPath, s3Path], {
-          timeout: 60000,
-          stdio: 'pipe', // Suppress output
-        })
-      } catch {
-        // Upload failed - fall back to local file and show upload command
-        reportUrl = `file://${htmlPath}`
-        uploadHint = `\nAutomatic upload failed. Are you on the boron namespace? Try \`use-bo\` and ensure you've run \`sso\`.
-To share, run: ff cp ${htmlPath} ${s3Path}
-Then access at: ${s3Url}`
-      }
-    }
-
    // Build header with stats
    const sessionLabel =
      data.total_sessions_scanned &&
@@ -3112,7 +3085,7 @@ Then access at: ${s3Url}`
      `${data.git_commits} commits`,
    ].join(' · ')

-    // Build remote host info (ant-only)
+    // Build remote host info (internal-only)
    let remoteInfo = ''
    if (process.env.USER_TYPE === 'ant') {
      if (remoteStats && remoteStats.totalCopied > 0) {
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`# Python helper package for standalone provider-side utilities.`
				`@@ -0,0 +1 @@`
				`# Pytest package marker for the Python helper test suite.`