v2.1.0-provider-picker: BooCoder systemd migration + provider picker

- BooCoder moves from Docker to host systemd service (boocoder.service)
- Agent dispatch (ACP + PTY) switches from SSH to direct spawn/exec
- SSH helpers marked @deprecated (kept for one release cycle)
- Provider registry (5 providers: boocode, opencode, goose, claude, qwen)
- Agent probe with direct which/exec + model discovery (qwen settings, static claude models)
- GET /api/providers route with installed status, models, transport fallback
- ProviderPicker frontend component in CoderPane header
- External provider messages route through tasks row instead of inference enqueue
- Smart scroll: MessageList only auto-scrolls when near bottom (150px threshold)
- DB: available_agents gets models, label, transport columns
- Bug fix: loadContext SELECT includes allowed_read_paths
- Bug fix: cap hit sentinel inserted before buildMessagesPayload
- docker-compose.yml: boocoder service commented out, BOOCODER_URL env var added
- CLAUDE.md: updated docs for systemd, provider registry, JSONB gotcha, loadContext

CHANGELOG.md

@@ -2,6 +2,14 @@
 
 All notable changes per release tag. Most recent on top, ordered by tag creation date (which matches the git history). Tag names follow `vMAJOR.MINOR.PATCH-slug` — the slug describes what shipped, so the tag name alone is enough to recall the batch.
 
+## v2.1.0-provider-picker — 2026-05-25
+
+Provider picker: BooCoder moves from Docker container to host systemd service (`boocoder.service`). All agent dispatch (ACP + PTY) switches from SSH tunnel to direct `spawn`/`exec` — no more `sshSpawn`/`sshExec`/`sshSpawnWithStdin` (marked `@deprecated`). New provider registry (`provider-registry.ts`) with 5 providers (boocode, opencode, goose, claude, qwen), per-provider model discovery (llama-swap for ACP agents, `~/.qwen/settings.json` for qwen, static for claude), and `agent-probe.ts` runs direct `which`/`exec` instead of SSH. `GET /api/providers` route assembles the provider list with installed status, models, and transport (ACP→PTY fallback if `supports_acp` is false). Frontend `ProviderPicker` component in CoderPane header lets users pick provider/model per message; messages route through `tasks` row for external providers instead of inference enqueue. Smart scroll: `MessageList` only auto-scrolls when user is near bottom (150px threshold). DB schema adds `models`, `label`, `transport` columns to `available_agents`. Bug fixes: `loadContext` SELECT now includes `allowed_read_paths` (cross-repo read grants were silently failing), cap hit sentinel insertion moved before `buildMessagesPayload` call.
+
+## v2.0.4-hardening — 2026-05-25
+
+Path-guard fuzz suite: 25+ traversal-attack tests covering ../ sequences (all depths), encoded traversal (%2e%2e), null byte injection, absolute path escape, prefix-without-separator, backslash traversal, and the full secret-file deny list (.env, *.pem, id_rsa*, *.key, credentials.json, *.kdbx, .netrc). Plus 5 valid-path positive tests confirming normal writes aren't blocked and 5 edge-case tests (empty, whitespace-only, very long path, triple-dot, multiple slashes). Null-byte and whitespace-only guards added to `resolveWritePath` (previously only checked empty string). DB-integration test skeleton for pending_changes full-cycle (queue create/edit/delete, apply, rewind) gated on DATABASE_URL via `describe.runIf`. Production readiness verified: all services healthy, all builds clean, 57 tests passing (23 existing + 34 new).
+
 ## v1.16.0-codesight-merge — 2026-05-24
 
 Ports codesight's highest-value analysis capabilities into the codecontext sidecar as 4 new MCP tools. Tier 1 (graph queries on existing edges, no re-parsing): `get_blast_radius` (BFS reverse-edge traversal — "what breaks if I change this file?", with depth tracking) and `get_hot_files` (most-imported files ranked by incoming edge count — change-risk indicators). Tier 2 (tree-sitter AST re-parsing on demand): `get_routes` (Fastify/Express HTTP route extraction with method, path, file, line, inferred tags for db/auth/cache) and `get_middleware` (middleware registration detection via import-name heuristics and app.register/addHook/setErrorHandler patterns, classifying as auth/cors/rate-limit/security/error-handler/logging/validation). All 4 tools use `defer s.graphMu.RUnlock()` for consistent mutex discipline (reviewer caught that the initial implementation released the lock early on the Tier 2 tools). Route object-property extraction delegates to `extractStringValue` for template-literal handling (reviewer catch). codecontext sidecar rebuilt from `/opt/forks/codecontext` commit `b19e646`, tagged `v1.16.0-codesight-merge`. BooCode wrapper tools follow the existing codecontext pattern — 4 new files in `apps/server/src/services/tools/codecontext/`, registered in ALL_TOOLS. 29 new Go tests + 363/363 BooCode server tests passing. No schema changes, no frontend changes.

CLAUDE.md

@@ -66,16 +66,24 @@ Key services:
 - **`messages_with_parts` view** (v1.13.1-B; `schema.sql`). Read sites that need `tool_calls` / `tool_results` / `reasoning_parts` SELECT from this view, NOT `messages` directly. v1.13.20 dropped the legacy `messages.tool_calls` / `messages.tool_results` JSON columns; the view now reads parts-only subselects. Writes target `message_parts` exclusively via `insertParts` (or via the helpers `partsFromAssistantMessage` / `partsFromToolMessage`). The `Message` wire type still carries `tool_calls?` / `tool_results?` because the view synthesizes them from parts — frontend reads are unchanged. Shapes: `tool_calls jsonb[]`, `tool_results jsonb` single object, `reasoning_parts jsonb[]` of `{text}`. If you ever need to UPDATE a message and return its full Message shape, do a two-step UPDATE returning `id` followed by SELECT from the view — RETURNING off the bare `messages` table no longer carries the tool fields.
 - **`services/file_ops.ts`** — Shared file operation implementations used by both inference tools and HTTP routes.
 - **`services/auto_name.ts`** — Non-streaming LLM call to generate 4-word session titles after first assistant reply.
+- **`services/provider-registry.ts`** — Static registry of provider metadata (label, transport, model source). `PROVIDERS` array, `PROVIDERS_BY_NAME` map. 5 providers: boocode (native), opencode (acp), goose (pty), claude (pty), qwen (pty).
+- **`services/agent-probe.ts`** — Startup probe using direct `exec()` (not SSH). Discovers installed agents on host, their versions, ACP support, and models. Qwen models read from `~/.qwen/settings.json`. Claude models are static from the registry. Results persisted to `available_agents` table.
+- **`routes/providers.ts`** — `GET /api/providers` returns installed providers with models. Transport field reflects actual capability (checks `supports_acp` from DB, not just registry preference).
+- **Provider picker dispatch**: when `provider !== 'boocode'`, the message route creates a `tasks` row (with `session_id` set) instead of calling `inference.enqueue`. The dispatcher picks it up and dispatches via ACP or PTY using the agent's `install_path`.
 
 Route registration: all routes registered in `index.ts` via `register*Routes(app, sql, ...)` functions. Routes are in `routes/*.ts`.
 
 ### BooCoder (`apps/coder/src/`)
 
-- Write-capable coding agent. Separate Fastify server at port 9502, same docker network (`boocode_net`).
-- **Workspace dependency on `@boocode/server`**: imports `createInferenceRunner`, `createBroker`, `ALL_TOOLS`, `appendMcpTools` from the server's compiled `dist/`. apps/server's `package.json` has an `exports` map with `types` conditions for NodeNext resolution. apps/server must build FIRST (Dockerfile builds server → coder).
+- Write-capable coding agent. Runs as a **systemd service on the host** (`boocoder.service`), NOT in Docker. Fastify server at port 9502, connects to postgres at `127.0.0.1:5500`.
+- **Workspace dependency on `@boocode/server`**: imports `createInferenceRunner`, `createBroker`, `ALL_TOOLS`, `appendMcpTools` from the server's compiled `dist/`. apps/server's `package.json` has an `exports` map with `types` conditions for NodeNext resolution. apps/server must build FIRST.
+- Build + deploy: `pnpm -C apps/server build && pnpm -C apps/coder build && sudo systemctl restart boocoder`. Env file at `apps/coder/.env.host`. Service file at `/etc/systemd/system/boocoder.service`.
+- Agent dispatch spawns binaries directly using `install_path` from `available_agents` — no `spawn('sh', ['-c', ...])` (fails under systemd). Follows Paseo's pattern: `spawn(fullBinaryPath, argsArray, { cwd })`.
+- systemd hardening: only `NoNewPrivileges=true` is safe. `ProtectSystem`, `ProtectHome`, `PrivateTmp` all break agent dispatch (agents need full filesystem access to read configs, write to worktrees).
 - `apps/server/tsconfig.json` has `declaration: true` so `.d.ts` files exist for workspace consumers.
 - Write tools (`edit_file`, `create_file`, `delete_file`, `apply_pending`, `rewind`) queue in `pending_changes` table. Nothing hits disk until `apply_pending` is called. `write_guard.ts` validates paths (resolve + prefix-check, no realpath since files may not exist for creates).
-- Frontend: NOT a separate SPA. BooCoder is a `'coder'` pane type within BooChat's SPA (`apps/web/`). `CoderPane.tsx` in `apps/web/src/components/panes/`. API requests go through `/api/coder/*` proxy (Vite dev + Fastify production) which rewrites to `http://boocoder:3000/api/*`. WS connects directly to `:9502`.
+- Frontend: NOT a separate SPA. BooCoder is a `'coder'` pane type within BooChat's SPA (`apps/web/`). `CoderPane.tsx` in `apps/web/src/components/panes/`. API requests go through `/api/coder/*` proxy (Vite dev + Fastify production) which rewrites to the boocoder host service (`BOOCODER_URL` env var, default `http://100.114.205.53:9502`). WS connects directly to `:9502`.
+- `apps/coder/web/` is a STANDALONE fallback SPA served at `:9502` directly. The PRIMARY BooCoder frontend is the `CoderPane` in BooChat's SPA (`apps/web/src/components/panes/CoderPane.tsx`), accessible via the "Coder" pane in the workspace at `code.indifferentketchup.com`. Both exist; the pane is what Sam uses.
 
 ### Frontend (`apps/web/src/`)
 
@@ -122,7 +130,11 @@ Schema CHECK migration order when renaming allowed values: (1) `ALTER TABLE ...
 
 Required: `DATABASE_URL`, `LLAMA_SWAP_URL`. Optional: `PORT` (3000), `HOST` (0.0.0.0), `PROJECT_ROOT_WHITELIST` (/opt, read-only scope for add-existing path resolution), `BOOTSTRAP_ROOT` (/opt/projects, writable scope for create-new-project bootstrap mkdir target — host must `mkdir -p /opt/projects` before container start), `DEFAULT_MODEL`, `LOG_LEVEL`, `SEARXNG_URL` (default `http://100.114.205.53:8888` — internal Tailscale Fathom; the public `search.indifferentketchup.com` is behind Authelia and unusable from server context), `BOOCODE_TOOLS` (`core` | `standard` | `all`, default `all`; v1.13.15-tools tier filter — ceiling, never expands an agent's whitelist), `MCP_CONFIG_PATH` (optional; default `/data/mcp.json` — JSON config for MCP servers matching opencode's `mcpServers` shape; file missing = no MCP).
 
-BooCoder at port 9502: `curl http://100.114.205.53:9502/api/health`. Same Tailscale IP binding as BooChat. Health reports tool count: `{"ok":true,"db":true,"tools":30}`.
+BooCoder at port 9502: `curl http://100.114.205.53:9502/api/health`. Runs as `boocoder.service` on the host (not Docker). Deploy: `pnpm -C apps/server build && pnpm -C apps/coder build && sudo systemctl restart boocoder`. Health reports tool count: `{"ok":true,"db":true,"tools":33}`.
+
+- `FAST_MODEL` (optional) — cheaper model for titles, summaries, labeling (auto_name.ts, tool-summaries.ts). Falls back to session model or DEFAULT_MODEL when unset. Set to a small model on llama-swap (e.g. `nemotron-nano-4b`) to avoid loading the 35B for 20-token calls.
+- Qwen Code dispatch: `OPENAI_BASE_URL=http://100.101.41.16:8401/v1 OPENAI_API_KEY=dummy qwen -p "<task>" --output-format stream-json`. Install: `npm install -g @qwen-code/qwen-code@latest`. Node ≥22 required on host (container stays Node 20; dispatch via SSH). No `--yolo` flag — non-interactive mode (`-p`) runs autonomously without approval prompts. ACP bridge is HTTP daemon (not stdio); use PTY dispatch.
+- Arena (v2.0.5): `POST /api/arena {project_id, input, contestants: [{agent?, model?}]}` dispatches the same task to N models/agents in parallel. Each contestant gets its own task + worktree. `GET /api/arena/:id` for results. `POST /api/arena/:id/select/:task_id` picks winner.
 
 ## Workflow
 
@@ -133,7 +145,7 @@ BooCoder at port 9502: `curl http://100.114.205.53:9502/api/health`. Same Tailsc
 - Deploy: `cd /opt/boocode && docker compose up --build -d` (or `docker compose build --no-cache boocode && docker compose up -d` if you suspect a layer-cache issue).
 - Git push to Gitea: `GIT_SSH_COMMAND="ssh -i /opt/boocode/secrets/boocode_gitea -o IdentitiesOnly=yes" git push origin <branch>`. The default agent identity is rejected; the in-repo deploy key (`secrets/`, gitignored) is the working one. Transient `Connection reset by peer` retries cleanly after `sleep 5`.
 - Don't accumulate `.bak-*` files. Clean them up in the same batch or immediately after merge.
-- DB-integration tests opt-in via env var: `DATABASE_URL='postgres://boocode:devpass@localhost:5500/boocode' pnpm -C apps/server test`. Host port is 5500 (mapped from `boocode_db:5432`); password is `${POSTGRES_PASSWORD}` from `.env` (`devpass`), NOT the literal in `.env`'s `DATABASE_URL=postgres://boocode:Ketchup1479@boocode_db:5432/...` line. Pattern: `describe.runIf(!!process.env.DATABASE_URL)(...)` with a `beforeAll` that applies the schema via `sql.unsafe(readFileSync(schemaPath))`. Tests skip cleanly when var is unset. `tool_cost_stats.test.ts` is the reference.
+- DB-integration tests opt-in via env var: `DATABASE_URL='postgres://boocode:devpass@localhost:5500/boochat' pnpm -C apps/server test`. Host port is 5500 (mapped from `boocode_db:5432`); password is `${POSTGRES_PASSWORD}` from `.env` (`devpass`), NOT the literal in `.env`'s `DATABASE_URL=postgres://boocode:Ketchup1479@boocode_db:5432/...` line. Pattern: `describe.runIf(!!process.env.DATABASE_URL)(...)` with a `beforeAll` that applies the schema via `sql.unsafe(readFileSync(schemaPath))`. Tests skip cleanly when var is unset. `tool_cost_stats.test.ts` is the reference.
 - Host-side smoke endpoint: `curl http://100.114.205.53:9500/api/...`. The boocode container's port mapping binds to the Tailscale IP, not `0.0.0.0`, so `localhost:9500` doesn't work from the host shell. Same for booterm at `:9501`.
 - Fastify global JSON parser tolerates empty bodies (overridden in `index.ts`); bodyless POSTs (archive, unarchive, stop) work without setting `Content-Type` tricks on the client.
 - Event dedup discipline: for any mutation the server publishes via `broker.publishUser`, do NOT add a local `sessionEvents.emit(...)` after the API call — `useUserEvents` forwards the WS frame onto the bus. Frontend mutation handlers must be idempotent (dedup by id, no-op on already-present).
@@ -169,4 +181,5 @@ BooCoder at port 9502: `curl http://100.114.205.53:9502/api/health`. Same Tailsc
 - Agent registry lives at `data/AGENTS.md` (global, bind-mounted at `/data/AGENTS.md`). No per-project `AGENTS.md` in this repo — removed in v1.12 to eliminate the two-files-must-stay-in-sync drift. The `getAgentsForProject` per-project override mechanism remains for *other* projects.
 - MCP stdio transport uses newline-delimited JSON (NDJSON), NOT LSP-style `Content-Length` headers. The `codecontext/shim.go` framing implementation is the reference; per the MCP spec (modelcontextprotocol.io/specification/server/transports).
 - **Workspace dependency pattern** (`apps/coder` → `@boocode/server`): the consuming package adds `"@boocode/server": "workspace:*"` in `package.json`. The provider's `package.json` needs `exports` with `types` + `default` conditions per subpath: `"./inference": { "types": "./dist/.../index.d.ts", "default": "./dist/.../index.js" }`. Without the `types` condition, NodeNext resolution can't find `.d.ts` files and tsc fails with "Cannot find module" in the consumer.
-- **Docker build order for workspace deps**: the Dockerfile must `COPY` + `RUN pnpm build` the provider app BEFORE the consumer app. `apps/coder/Dockerfile` builds `apps/server` first, then `apps/coder`.
+- **JSONB columns**: use `sql.json(value as never)` — NOT `${JSON.stringify(value)}::jsonb` which double-serializes (stores a JSON string instead of a JSON object/array). Pattern established in `parts.ts`, `settings.ts`.
+- **`payload.ts:loadContext` SELECT**: must include every `Session` field that downstream code reads. The tool phase reads `session.allowed_read_paths`; if the SELECT omits it, cross-repo read grants silently fail. The `Session` TypeScript type doesn't catch this because `sql<Session[]>` doesn't enforce column coverage.

apps/coder/.env.host

@@ -0,0 +1,14 @@
+NODE_ENV=production
+PORT=9502
+HOST=100.114.205.53
+DATABASE_URL=postgres://boocode:devpass@127.0.0.1:5500/boochat
+LLAMA_SWAP_URL=http://100.101.41.16:8401
+PROJECT_ROOT_WHITELIST=/opt
+BOOTSTRAP_ROOT=/opt/projects
+DEFAULT_MODEL=qwen3.6-35b-a3b-mxfp4
+LOG_LEVEL=info
+SEARXNG_URL=http://100.114.205.53:8888
+GITEA_BASE_URL=https://git.indifferentketchup.com
+GITEA_USER=indifferentketchup
+GITEA_SSH_HOST=100.114.205.53:2222
+MCP_CONFIG_PATH=/data/mcp.json

apps/coder/package.json

@@ -8,6 +8,7 @@
     "dev": "tsx watch src/index.ts",
     "build": "tsc && node -e \"import('node:fs').then(fs=>fs.copyFileSync('src/schema.sql','dist/schema.sql'))\"",
     "start": "node dist/index.js",
+    "cli": "tsx src/cli.ts",
     "typecheck": "tsc --noEmit",
     "test": "vitest run"
   },
@@ -19,10 +20,12 @@
     "@modelcontextprotocol/sdk": "^1.29.0",
     "fastify": "^4.28.1",
     "postgres": "^3.4.4",
+    "ws": "^8.18.0",
     "zod": "^3.23.8"
   },
   "devDependencies": {
     "@types/node": "^20.14.10",
+    "@types/ws": "^8.5.10",
     "tsx": "^4.16.2",
     "typescript": "^5.5.0",
     "vitest": "^3.0.0"

apps/coder/src/cli.ts

@@ -0,0 +1,249 @@
+#!/usr/bin/env node
+/**
+ * BooCoder CLI client.
+ *
+ * Usage:
+ *   boocode run "task description" [--agent opencode] [--model claude-opus-4-7] [--project <id>]
+ *   boocode ls [--state pending|running|completed|failed]
+ *   boocode attach <task-id>
+ *   boocode send <task-id> "message"
+ */
+import { WebSocket } from 'ws';
+
+const BASE_URL = process.env.BOOCODER_URL ?? 'http://100.114.205.53:9502';
+
+// ─── Arg parsing ─────────────────────────────────────────────────────────────
+
+function getFlag(args: string[], name: string): string | undefined {
+  const idx = args.indexOf(name);
+  if (idx === -1 || idx + 1 >= args.length) return undefined;
+  return args[idx + 1];
+}
+
+function hasFlag(args: string[], name: string): boolean {
+  return args.includes(name);
+}
+
+// ─── HTTP helpers ────────────────────────────────────────────────────────────
+
+async function api(method: string, path: string, body?: unknown): Promise<unknown> {
+  const url = `${BASE_URL}${path}`;
+  const res = await fetch(url, {
+    method,
+    headers: body ? { 'Content-Type': 'application/json' } : undefined,
+    body: body ? JSON.stringify(body) : undefined,
+  });
+  if (!res.ok) {
+    const text = await res.text().catch(() => '');
+    throw new Error(`${method} ${path} → ${res.status}: ${text}`);
+  }
+  return res.json();
+}
+
+// ─── WS streaming ────────────────────────────────────────────────────────────
+
+function streamSession(sessionId: string): void {
+  const wsUrl = BASE_URL.replace(/^http/, 'ws') + `/api/ws/sessions/${sessionId}`;
+  const ws = new WebSocket(wsUrl);
+
+  ws.on('message', (data) => {
+    try {
+      const frame = JSON.parse(data.toString()) as { type: string; content?: string; name?: string; arguments?: string };
+      if (frame.type === 'delta' && frame.content) {
+        process.stdout.write(frame.content);
+      } else if (frame.type === 'tool_call') {
+        process.stdout.write(`\n[tool: ${frame.name ?? '?'}(${(frame.arguments ?? '').slice(0, 80)})]\n`);
+      } else if (frame.type === 'tool_result') {
+        process.stdout.write(`[tool_result]\n`);
+      } else if (frame.type === 'status' || frame.type === 'chat_status') {
+        // Silent
+      }
+    } catch {
+      // Non-JSON frame, ignore
+    }
+  });
+
+  ws.on('error', (err) => {
+    process.stderr.write(`WS error: ${err.message}\n`);
+  });
+
+  ws.on('close', () => {
+    process.stdout.write('\n');
+    process.exit(0);
+  });
+
+  process.on('SIGINT', () => {
+    ws.close();
+    process.exit(0);
+  });
+}
+
+// ─── Commands ────────────────────────────────────────────────────────────────
+
+async function cmdRun(args: string[]): Promise<void> {
+  const input = args.find((a) => !a.startsWith('--'));
+  if (!input) {
+    process.stderr.write('Usage: boocode run "task description" [--agent X] [--model X] [--project X]\n');
+    process.exit(1);
+  }
+
+  const agent = getFlag(args, '--agent');
+  const model = getFlag(args, '--model');
+  const project_id = getFlag(args, '--project');
+
+  if (!project_id) {
+    process.stderr.write('Error: --project <uuid> is required\n');
+    process.exit(1);
+  }
+
+  const result = (await api('POST', '/api/tasks', {
+    project_id,
+    input,
+    ...(agent && { agent }),
+    ...(model && { model }),
+  })) as { id: string; state: string };
+
+  process.stdout.write(`Task created: ${result.id} (state: ${result.state})\n`);
+
+  // Poll until task has session_id, then stream; or poll until terminal state
+  const POLL_MS = 2000;
+  for (;;) {
+    await sleep(POLL_MS);
+    const task = (await api('GET', `/api/tasks/${result.id}`)) as {
+      id: string; state: string; session_id?: string; output_summary?: string;
+    };
+
+    if (task.session_id) {
+      process.stdout.write(`Streaming session ${task.session_id}...\n`);
+      streamSession(task.session_id);
+      return; // streamSession handles exit
+    }
+
+    if (task.state === 'completed') {
+      process.stdout.write(`\nCompleted: ${task.output_summary ?? '(no summary)'}\n`);
+      return;
+    }
+    if (task.state === 'failed') {
+      process.stderr.write(`\nFailed: ${task.output_summary ?? '(no summary)'}\n`);
+      process.exit(1);
+    }
+    if (task.state === 'cancelled') {
+      process.stderr.write(`\nCancelled.\n`);
+      process.exit(1);
+    }
+  }
+}
+
+async function cmdLs(args: string[]): Promise<void> {
+  const state = getFlag(args, '--state');
+  const query = state ? `?state=${state}` : '';
+  const tasks = (await api('GET', `/api/tasks${query}`)) as Array<{
+    id: string; state: string; agent: string | null; input: string; created_at: string;
+  }>;
+
+  if (tasks.length === 0) {
+    process.stdout.write('No tasks.\n');
+    return;
+  }
+
+  // Table header
+  process.stdout.write(
+    pad('ID', 38) + pad('STATE', 12) + pad('AGENT', 14) + pad('INPUT', 52) + 'CREATED\n',
+  );
+  process.stdout.write('-'.repeat(120) + '\n');
+
+  for (const t of tasks) {
+    process.stdout.write(
+      pad(t.id, 38) +
+      pad(t.state, 12) +
+      pad(t.agent ?? '-', 14) +
+      pad(t.input.slice(0, 50), 52) +
+      (t.created_at?.slice(0, 19) ?? '') + '\n',
+    );
+  }
+}
+
+async function cmdAttach(args: string[]): Promise<void> {
+  const taskId = args[0];
+  if (!taskId) {
+    process.stderr.write('Usage: boocode attach <task-id>\n');
+    process.exit(1);
+  }
+
+  const task = (await api('GET', `/api/tasks/${taskId}`)) as { session_id?: string };
+  if (!task.session_id) {
+    process.stderr.write('Task has no session yet (still pending?).\n');
+    process.exit(1);
+  }
+
+  streamSession(task.session_id);
+}
+
+async function cmdSend(args: string[]): Promise<void> {
+  const taskId = args[0];
+  const message = args[1];
+  if (!taskId || !message) {
+    process.stderr.write('Usage: boocode send <task-id> "message"\n');
+    process.exit(1);
+  }
+
+  const task = (await api('GET', `/api/tasks/${taskId}`)) as { session_id?: string };
+  if (!task.session_id) {
+    process.stderr.write('Task has no session yet.\n');
+    process.exit(1);
+  }
+
+  // Find active chat
+  const sessionId = task.session_id;
+  // POST message to the session's chat (the messages route expects session_id in path)
+  await api('POST', `/api/sessions/${sessionId}/messages`, { content: message });
+
+  // Then attach to stream the response
+  streamSession(sessionId);
+}
+
+// ─── Utils ───────────────────────────────────────────────────────────────────
+
+function pad(s: string, width: number): string {
+  return s.length >= width ? s.slice(0, width) : s + ' '.repeat(width - s.length);
+}
+
+function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// ─── Main ────────────────────────────────────────────────────────────────────
+
+const [cmd, ...rest] = process.argv.slice(2);
+
+switch (cmd) {
+  case 'run':
+    cmdRun(rest).catch(fatal);
+    break;
+  case 'ls':
+    cmdLs(rest).catch(fatal);
+    break;
+  case 'attach':
+    cmdAttach(rest).catch(fatal);
+    break;
+  case 'send':
+    cmdSend(rest).catch(fatal);
+    break;
+  default:
+    process.stdout.write(
+      'BooCoder CLI\n\n' +
+      'Commands:\n' +
+      '  run "task"  [--agent X] [--model X] [--project <id>]   Create and stream a task\n' +
+      '  ls          [--state pending|running|completed|failed]   List tasks\n' +
+      '  attach      <task-id>                                    Stream a running task\n' +
+      '  send        <task-id> "message"                          Send input to a task\n' +
+      '\n' +
+      `Base URL: ${BASE_URL} (set BOOCODER_URL to override)\n`,
+    );
+    if (cmd && cmd !== '--help' && cmd !== '-h') process.exit(1);
+}
+
+function fatal(err: unknown): void {
+  process.stderr.write(`Error: ${err instanceof Error ? err.message : String(err)}\n`);
+  process.exit(1);
+}

apps/coder/src/config.ts

@@ -23,6 +23,8 @@ const ConfigSchema = z.object({
   GITEA_TOKEN: z.string().optional(),
   GITEA_SSH_HOST: z.string().default('100.114.205.53:2222'),
   MCP_CONFIG_PATH: z.string().optional(),
+  // v2.0.5: cheaper model for titles, summaries, labeling.
+  FAST_MODEL: z.string().optional(),
   // SSH access to the host for external agent dispatch (Phase 5)
   BOOCODER_SSH_HOST: z.string().default('100.114.205.53'),
   BOOCODER_SSH_USER: z.string().default('samkintop'),

apps/coder/src/index.ts

@@ -25,6 +25,10 @@ import { setInferenceContext, clearInferenceContext } from './services/tools/inf
 import { registerMessageRoutes } from './routes/messages.js';
 import { registerPendingRoutes } from './routes/pending.js';
 import { registerTaskRoutes } from './routes/tasks.js';
+import { registerInboxRoutes } from './routes/inbox.js';
+import { registerStatsRoutes } from './routes/stats.js';
+import { registerArenaRoutes } from './routes/arena.js';
+import { registerProviderRoutes } from './routes/providers.js';
 import { registerWebSocket } from './routes/ws.js';
 // Phase 4: dispatcher + agent probe
 import { createDispatcher } from './services/dispatcher.js';
@@ -139,6 +143,10 @@ async function main() {
   registerMessageRoutes(app, sql, broker, inferenceApi);
   registerPendingRoutes(app, sql);
   registerTaskRoutes(app, sql, inferenceApi);
+  registerInboxRoutes(app, sql);
+  registerStatsRoutes(app, sql);
+  registerArenaRoutes(app, sql);
+  registerProviderRoutes(app, sql, config);
   registerWebSocket(app, sql, broker);
 
   // Serve static frontend (built web app). In production, the dist/ is

apps/coder/src/routes/arena.ts

@@ -0,0 +1,122 @@
+/**
+ * v2.0.5: Arena routes — competitive dispatch of the same task to multiple agents.
+ *
+ * POST /api/arena        — create an arena with 2-5 contestants
+ * GET  /api/arena/:id    — get all tasks in an arena
+ * POST /api/arena/:id/select/:task_id — mark a task as the arena winner
+ */
+import type { FastifyInstance } from 'fastify';
+import { z } from 'zod';
+import type { Sql } from '../db.js';
+
+const ContestantSchema = z.object({
+  agent: z.string().max(100).optional(),
+  model: z.string().max(200).optional(),
+});
+
+const CreateArenaBody = z.object({
+  project_id: z.string().uuid(),
+  input: z.string().min(1).max(64_000),
+  contestants: z.array(ContestantSchema).min(2).max(5),
+});
+
+interface TaskRow {
+  id: string;
+  agent: string | null;
+  model: string | null;
+  state: string;
+}
+
+export function registerArenaRoutes(app: FastifyInstance, sql: Sql): void {
+  // POST /api/arena — create a new arena
+  app.post('/api/arena', async (req, reply) => {
+    const parsed = CreateArenaBody.safeParse(req.body);
+    if (!parsed.success) {
+      reply.code(400);
+      return { error: 'invalid body', details: parsed.error.flatten() };
+    }
+
+    const { project_id, input, contestants } = parsed.data;
+    const arenaId = crypto.randomUUID();
+
+    const tasks: TaskRow[] = [];
+    for (const contestant of contestants) {
+      const [task] = await sql<TaskRow[]>`
+        INSERT INTO tasks (project_id, input, agent, model, arena_id)
+        VALUES (${project_id}, ${input}, ${contestant.agent ?? null}, ${contestant.model ?? null}, ${arenaId})
+        RETURNING id, agent, model, state
+      `;
+      tasks.push(task!);
+    }
+
+    reply.code(201);
+    return {
+      arena_id: arenaId,
+      tasks: tasks.map(t => ({
+        id: t.id,
+        agent: t.agent,
+        model: t.model,
+        state: t.state,
+      })),
+    };
+  });
+
+  // GET /api/arena/:arena_id — list all tasks in an arena
+  app.get<{ Params: { arena_id: string } }>('/api/arena/:arena_id', async (req, reply) => {
+    const { arena_id } = req.params;
+
+    // Validate UUID format
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+    if (!uuidRegex.test(arena_id)) {
+      reply.code(400);
+      return { error: 'invalid arena_id format' };
+    }
+
+    const tasks = await sql`
+      SELECT id, project_id, state, input, output_summary, agent, model, execution_path, session_id, started_at, ended_at, created_at, arena_id
+      FROM tasks
+      WHERE arena_id = ${arena_id}
+      ORDER BY created_at
+    `;
+
+    if (tasks.length === 0) {
+      reply.code(404);
+      return { error: 'arena not found' };
+    }
+
+    return { arena_id, tasks };
+  });
+
+  // POST /api/arena/:arena_id/select/:task_id — mark the winner
+  app.post<{ Params: { arena_id: string; task_id: string } }>(
+    '/api/arena/:arena_id/select/:task_id',
+    async (req, reply) => {
+      const { arena_id, task_id } = req.params;
+
+      // Verify the task belongs to this arena
+      const rows = await sql<{ id: string; state: string; arena_id: string | null }[]>`
+        SELECT id, state, arena_id FROM tasks WHERE id = ${task_id}
+      `;
+
+      if (rows.length === 0) {
+        reply.code(404);
+        return { error: 'task not found' };
+      }
+
+      const task = rows[0]!;
+      if (task.arena_id !== arena_id) {
+        reply.code(409);
+        return { error: 'task does not belong to this arena' };
+      }
+
+      // Mark as selected via output_summary prefix (lightweight — no schema change)
+      await sql`
+        UPDATE tasks
+        SET output_summary = COALESCE('[SELECTED] ' || output_summary, '[SELECTED]')
+        WHERE id = ${task_id}
+      `;
+
+      return { selected: true, task_id, arena_id };
+    }
+  );
+}

apps/coder/src/routes/inbox.ts

@@ -0,0 +1,33 @@
+import type { FastifyInstance } from 'fastify';
+import type { Sql } from '../db.js';
+
+export function registerInboxRoutes(app: FastifyInstance, sql: Sql): void {
+  // GET /api/inbox — tasks needing human attention (blocked or failed)
+  app.get('/api/inbox', async () => {
+    return sql`
+      SELECT id, project_id, parent_task_id, state, input, output_summary, agent, model, session_id, started_at, ended_at, created_at
+      FROM human_inbox
+      ORDER BY created_at DESC
+      LIMIT 100
+    `;
+  });
+
+  // POST /api/inbox/:id/retry — reset a blocked/failed task to pending for re-dispatch
+  app.post<{ Params: { id: string } }>('/api/inbox/:id/retry', async (req, reply) => {
+    const taskId = req.params.id;
+
+    const result = await sql`
+      UPDATE tasks
+      SET state = 'pending', started_at = NULL, ended_at = NULL, output_summary = NULL
+      WHERE id = ${taskId} AND state IN ('blocked', 'failed')
+      RETURNING id, state
+    `;
+
+    if (result.length === 0) {
+      reply.code(404);
+      return { error: 'task not found or not in retryable state' };
+    }
+
+    return { id: result[0]!.id, state: result[0]!.state };
+  });
+}

apps/coder/src/routes/messages.ts

@@ -6,7 +6,9 @@ import type { WsFrame } from '@boocode/server/ws-frames';
 
 const SendBody = z.object({
   content: z.string().min(1).max(64_000),
-  chat_id: z.string().uuid(),
+  chat_id: z.string().uuid().optional(),
+  provider: z.string().max(100).optional(),
+  model: z.string().max(200).optional(),
 });
 
 interface InferenceApi {
@@ -32,73 +34,104 @@ export function registerMessageRoutes(
       }
 
       const sessionId = req.params.sessionId;
-      const { content, chat_id: chatId } = parsed.data;
+      const { content, chat_id: explicitChatId, provider, model } = parsed.data;
+      const isExternal = provider && provider !== 'boocode';
 
       // Validate session exists
-      const sessionRows = await sql<{ id: string }[]>`
-        SELECT id FROM sessions WHERE id = ${sessionId}
+      const sessionRows = await sql<{ id: string; project_id: string }[]>`
+        SELECT id, project_id FROM sessions WHERE id = ${sessionId}
       `;
       if (sessionRows.length === 0) {
         reply.code(404);
         return { error: 'session not found' };
       }
 
-      // Validate chat belongs to session and is open
-      const chatRows = await sql<{ id: string; session_id: string }[]>`
-        SELECT id, session_id FROM chats WHERE id = ${chatId} AND session_id = ${sessionId} AND status = 'open'
+      // Resolve chat_id: use explicit value or find/create a default chat
+      let chatId: string;
+      if (explicitChatId) {
+        const chatRows = await sql<{ id: string }[]>`
+          SELECT id FROM chats WHERE id = ${explicitChatId} AND session_id = ${sessionId} AND status = 'open'
+        `;
+        if (chatRows.length === 0) {
+          reply.code(404);
+          return { error: 'chat not found or not open in this session' };
+        }
+        chatId = explicitChatId;
+      } else {
+        const existing = await sql<{ id: string }[]>`
+          SELECT id FROM chats WHERE session_id = ${sessionId} AND status = 'open' ORDER BY created_at LIMIT 1
+        `;
+        if (existing.length > 0) {
+          chatId = existing[0]!.id;
+        } else {
+          const [newChat] = await sql<{ id: string }[]>`
+            INSERT INTO chats (session_id, name, status)
+            VALUES (${sessionId}, 'Chat', 'open')
+            RETURNING id
+          `;
+          chatId = newChat!.id;
+        }
+      }
+
+      if (!isExternal) {
+        // Reject if inference is already running on this chat
+        if (inference.hasActive(chatId)) {
+          reply.code(409);
+          return { error: 'inference already running on this chat' };
+        }
+      }
+
+      // Create user message
+      const [userMsg] = await sql<{ id: string }[]>`
+        INSERT INTO messages (session_id, chat_id, role, content, status, created_at)
+        VALUES (${sessionId}, ${chatId}, 'user', ${content}, 'complete', clock_timestamp())
+        RETURNING id
       `;
-      if (chatRows.length === 0) {
-        reply.code(404);
-        return { error: 'chat not found or not open in this session' };
-      }
+      await sql`UPDATE sessions SET updated_at = clock_timestamp() WHERE id = ${sessionId}`;
+      await sql`UPDATE chats SET updated_at = clock_timestamp() WHERE id = ${chatId}`;
 
-      // Reject if inference is already running on this chat
-      if (inference.hasActive(chatId)) {
-        reply.code(409);
-        return { error: 'inference already running on this chat' };
-      }
-
-      // Create user message + streaming assistant row in a transaction
-      const result = await sql.begin(async (tx) => {
-        const [userMsg] = await tx<{ id: string }[]>`
-          INSERT INTO messages (session_id, chat_id, role, content, status, created_at)
-          VALUES (${sessionId}, ${chatId}, 'user', ${content}, 'complete', clock_timestamp())
-          RETURNING id
-        `;
-        const [assistantMsg] = await tx<{ id: string }[]>`
-          INSERT INTO messages (session_id, chat_id, role, content, status, created_at)
-          VALUES (${sessionId}, ${chatId}, 'assistant', '', 'streaming', clock_timestamp())
-          RETURNING id
-        `;
-        await tx`UPDATE sessions SET updated_at = clock_timestamp() WHERE id = ${sessionId}`;
-        await tx`UPDATE chats SET updated_at = clock_timestamp() WHERE id = ${chatId}`;
-        return { user_message_id: userMsg!.id, assistant_message_id: assistantMsg!.id };
-      });
-
-      // Publish user message frames so WS subscribers see it immediately
+      // Publish user message frames
       broker.publishFrame(sessionId, {
         type: 'message_started',
-        message_id: result.user_message_id,
+        message_id: userMsg!.id,
         chat_id: chatId,
         role: 'user',
       } as unknown as WsFrame);
       broker.publishFrame(sessionId, {
         type: 'delta',
-        message_id: result.user_message_id,
+        message_id: userMsg!.id,
         chat_id: chatId,
         content,
       } as unknown as WsFrame);
       broker.publishFrame(sessionId, {
         type: 'message_complete',
-        message_id: result.user_message_id,
+        message_id: userMsg!.id,
         chat_id: chatId,
       } as unknown as WsFrame);
 
-      // Enqueue inference — the runner will stream assistant deltas via broker
-      inference.enqueue(sessionId, chatId, result.assistant_message_id, 'default');
+      if (isExternal) {
+        // External provider: create a task for the dispatcher
+        const projectId = sessionRows[0]!.project_id;
+        const [task] = await sql<{ id: string; state: string }[]>`
+          INSERT INTO tasks (project_id, input, agent, model, session_id)
+          VALUES (${projectId}, ${content}, ${provider}, ${model ?? null}, ${sessionId})
+          RETURNING id, state
+        `;
+        reply.code(202);
+        return { user_message_id: userMsg!.id, task_id: task!.id, dispatched: true };
+      }
+
+      // Native provider: create streaming assistant row + enqueue inference
+      const [assistantMsg] = await sql<{ id: string }[]>`
+        INSERT INTO messages (session_id, chat_id, role, content, status, created_at)
+        VALUES (${sessionId}, ${chatId}, 'assistant', '', 'streaming', clock_timestamp())
+        RETURNING id
+      `;
+
+      inference.enqueue(sessionId, chatId, assistantMsg!.id, 'default');
 
       reply.code(202);
-      return result;
+      return { user_message_id: userMsg!.id, assistant_message_id: assistantMsg!.id };
     },
   );
 

apps/coder/src/routes/providers.ts

@@ -0,0 +1,80 @@
+import type { FastifyInstance } from 'fastify';
+import type { Sql } from '../db.js';
+import type { Config } from '../config.js';
+import { PROVIDERS } from '../services/provider-registry.js';
+
+interface ProviderModel {
+  id: string;
+  label: string;
+}
+
+interface ProviderResponse {
+  name: string;
+  label: string;
+  transport: string;
+  installed: boolean;
+  models: ProviderModel[];
+}
+
+interface LlamaSwapModel {
+  id: string;
+  [key: string]: unknown;
+}
+
+async function fetchLlamaSwapModels(config: Config): Promise<ProviderModel[]> {
+  try {
+    const res = await fetch(`${config.LLAMA_SWAP_URL}/v1/models`);
+    if (!res.ok) return [];
+    const parsed = (await res.json()) as { data?: LlamaSwapModel[] };
+    return (parsed.data ?? []).map((m) => ({ id: m.id, label: m.id }));
+  } catch {
+    return [];
+  }
+}
+
+export function registerProviderRoutes(app: FastifyInstance, sql: Sql, config: Config): void {
+  app.get('/api/providers', async (_req, _reply) => {
+    const llamaModels = await fetchLlamaSwapModels(config);
+
+    const agents = await sql<{ name: string; models: ProviderModel[]; label: string | null; transport: string | null; supports_acp: boolean }[]>`
+      SELECT name, models, label, transport, supports_acp FROM available_agents
+    `;
+    const agentMap = new Map(agents.map((a) => [a.name, a]));
+
+    const result: ProviderResponse[] = [];
+
+    for (const provider of PROVIDERS) {
+      const isNative = provider.name === 'boocode';
+      const agentRow = agentMap.get(provider.name);
+      const installed = isNative || !!agentRow;
+
+      if (!installed) continue;
+
+      let models: ProviderModel[];
+      if (provider.modelSource === 'llama-swap') {
+        models = llamaModels;
+      } else if (agentRow?.models && agentRow.models.length > 0) {
+        models = agentRow.models;
+      } else if (provider.staticModels) {
+        models = provider.staticModels;
+      } else {
+        models = [];
+      }
+
+      let transport: string = provider.transport;
+      if (agentRow) {
+        transport = provider.transport === 'acp' && !agentRow.supports_acp ? 'pty' : provider.transport;
+      }
+
+      result.push({
+        name: provider.name,
+        label: agentRow?.label ?? provider.label,
+        transport,
+        installed,
+        models,
+      });
+    }
+
+    return result;
+  });
+}

apps/coder/src/routes/stats.ts

@@ -0,0 +1,48 @@
+import type { FastifyInstance } from 'fastify';
+import { z } from 'zod';
+import type { Sql } from '../db.js';
+
+const CostQuery = z.object({
+  group_by: z.enum(['project', 'agent', 'day']).default('project'),
+});
+
+export function registerStatsRoutes(app: FastifyInstance, sql: Sql): void {
+  // GET /api/stats/costs — aggregate cost_tokens by project, agent, or day
+  app.get('/api/stats/costs', async (req, reply) => {
+    const parsed = CostQuery.safeParse(req.query);
+    if (!parsed.success) {
+      reply.code(400);
+      return { error: 'invalid query', details: parsed.error.flatten() };
+    }
+
+    const { group_by } = parsed.data;
+
+    switch (group_by) {
+      case 'project':
+        return sql`
+          SELECT project_id, COUNT(*)::int AS task_count, COALESCE(SUM(cost_tokens), 0)::int AS total_tokens
+          FROM tasks
+          WHERE cost_tokens IS NOT NULL
+          GROUP BY project_id
+          ORDER BY total_tokens DESC
+        `;
+      case 'agent':
+        return sql`
+          SELECT COALESCE(agent, 'native') AS agent, COUNT(*)::int AS task_count, COALESCE(SUM(cost_tokens), 0)::int AS total_tokens
+          FROM tasks
+          WHERE cost_tokens IS NOT NULL
+          GROUP BY agent
+          ORDER BY total_tokens DESC
+        `;
+      case 'day':
+        return sql`
+          SELECT DATE(created_at) AS day, COUNT(*)::int AS task_count, COALESCE(SUM(cost_tokens), 0)::int AS total_tokens
+          FROM tasks
+          WHERE cost_tokens IS NOT NULL
+          GROUP BY DATE(created_at)
+          ORDER BY day DESC
+          LIMIT 90
+        `;
+    }
+  });
+}

apps/coder/src/schema.sql

@@ -31,7 +31,7 @@ CREATE TABLE IF NOT EXISTS tasks (
   ended_at TIMESTAMPTZ,
   created_at TIMESTAMPTZ NOT NULL DEFAULT clock_timestamp(),
   CONSTRAINT tasks_state_chk CHECK (state IN ('pending', 'running', 'completed', 'failed', 'blocked', 'cancelled')),
-  CONSTRAINT tasks_execution_path_chk CHECK (execution_path IS NULL OR execution_path IN ('native', 'acp', 'pty'))
+  CONSTRAINT tasks_execution_path_chk CHECK (execution_path IS NULL OR execution_path IN ('native', 'acp', 'pty', 'qwen'))
 );
 
 CREATE TABLE IF NOT EXISTS available_agents (
@@ -46,6 +46,23 @@ CREATE TABLE IF NOT EXISTS available_agents (
 -- v2.0.0 Phase 4: link tasks to their inference sessions.
 ALTER TABLE tasks ADD COLUMN IF NOT EXISTS session_id UUID REFERENCES sessions(id);
 
+-- v2.0.5: add 'qwen' to execution_path CHECK + arena_id column.
+ALTER TABLE tasks DROP CONSTRAINT IF EXISTS tasks_execution_path_chk;
+DO $$ BEGIN
+  IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'tasks_execution_path_chk') THEN
+    ALTER TABLE tasks ADD CONSTRAINT tasks_execution_path_chk
+      CHECK (execution_path IS NULL OR execution_path IN ('native', 'acp', 'pty', 'qwen'));
+  END IF;
+END $$;
+
+-- v2.0.5: arena support — group tasks into competitive arenas.
+ALTER TABLE tasks ADD COLUMN IF NOT EXISTS arena_id UUID;
+
 -- Human inbox: tasks needing attention
 CREATE OR REPLACE VIEW human_inbox AS
   SELECT * FROM tasks WHERE state IN ('blocked', 'failed');
+
+-- v2.1.0: provider picker — extend available_agents with model discovery.
+ALTER TABLE available_agents ADD COLUMN IF NOT EXISTS models JSONB DEFAULT '[]'::jsonb;
+ALTER TABLE available_agents ADD COLUMN IF NOT EXISTS label TEXT;
+ALTER TABLE available_agents ADD COLUMN IF NOT EXISTS transport TEXT DEFAULT 'pty';

apps/coder/src/services/__tests__/pending_changes_integration.test.ts

@@ -0,0 +1,96 @@
+import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import { readFileSync, existsSync } from 'node:fs';
+import { readFile, rm, mkdir } from 'node:fs/promises';
+import { resolve } from 'node:path';
+import postgres from 'postgres';
+import { queueCreate, queueEdit, queueDelete, applyOne, rewindOne, listPending } from '../pending_changes.js';
+
+/**
+ * Integration test for the full pending-changes lifecycle.
+ * Requires DATABASE_URL env var pointing to a running postgres instance.
+ * Skips cleanly when DATABASE_URL is not set.
+ *
+ * Run with:
+ *   DATABASE_URL='postgres://boocode:devpass@localhost:5500/boocode' pnpm -C apps/coder test
+ */
+describe.runIf(!!process.env.DATABASE_URL)('pending_changes integration', () => {
+  let sql: ReturnType<typeof postgres>;
+  const testDir = '/tmp/boocode-pending-changes-test-' + Date.now();
+  const projectRoot = testDir;
+  const testSessionId = '00000000-0000-0000-0000-000000000001';
+
+  beforeAll(async () => {
+    sql = postgres(process.env.DATABASE_URL!, { max: 3 });
+
+    // Apply schema
+    const schemaPath = resolve(__dirname, '../../schema.sql');
+    const ddl = readFileSync(schemaPath, 'utf8');
+    await sql.unsafe(ddl);
+
+    // Create temp project directory
+    await mkdir(testDir, { recursive: true });
+  });
+
+  afterAll(async () => {
+    // Cleanup test data
+    await sql`DELETE FROM pending_changes WHERE session_id = ${testSessionId}`;
+    await sql.end({ timeout: 5 });
+    // Remove temp directory
+    await rm(testDir, { recursive: true, force: true });
+  });
+
+  it('queueCreate → listPending → applyOne → verify file exists', async () => {
+    const change = await queueCreate(sql, testSessionId, null, 'hello.txt', 'hello world', projectRoot);
+    expect(change.status).toBe('pending');
+    expect(change.operation).toBe('create');
+
+    const pending = await listPending(sql, testSessionId);
+    expect(pending.some((p) => p.id === change.id)).toBe(true);
+
+    const result = await applyOne(sql, change.id, projectRoot);
+    expect(result.success).toBe(true);
+
+    const content = await readFile(resolve(testDir, 'hello.txt'), 'utf8');
+    expect(content).toBe('hello world');
+  });
+
+  it('queueEdit → apply → verify content changed', async () => {
+    // Setup: create a file first
+    const createChange = await queueCreate(sql, testSessionId, null, 'editable.txt', 'original content here', projectRoot);
+    await applyOne(sql, createChange.id, projectRoot);
+
+    // Queue an edit
+    const editChange = await queueEdit(sql, testSessionId, null, 'editable.txt', 'original', 'modified', projectRoot);
+    expect(editChange.operation).toBe('edit');
+
+    const result = await applyOne(sql, editChange.id, projectRoot);
+    expect(result.success).toBe(true);
+
+    const content = await readFile(resolve(testDir, 'editable.txt'), 'utf8');
+    expect(content).toBe('modified content here');
+  });
+
+  it('queueDelete → apply → verify file gone', async () => {
+    // Setup: create a file
+    const createChange = await queueCreate(sql, testSessionId, null, 'deleteme.txt', 'goodbye', projectRoot);
+    await applyOne(sql, createChange.id, projectRoot);
+    expect(existsSync(resolve(testDir, 'deleteme.txt'))).toBe(true);
+
+    // Queue a delete
+    const deleteChange = await queueDelete(sql, testSessionId, null, 'deleteme.txt', projectRoot);
+    const result = await applyOne(sql, deleteChange.id, projectRoot);
+    expect(result.success).toBe(true);
+    expect(existsSync(resolve(testDir, 'deleteme.txt'))).toBe(false);
+  });
+
+  it('rewindOne → verify reverted', async () => {
+    // Setup: create and apply a file
+    const createChange = await queueCreate(sql, testSessionId, null, 'rewindable.txt', 'initial', projectRoot);
+    await applyOne(sql, createChange.id, projectRoot);
+
+    // Rewind the create (should delete the file)
+    const result = await rewindOne(sql, createChange.id, projectRoot);
+    expect(result.success).toBe(true);
+    expect(existsSync(resolve(testDir, 'rewindable.txt'))).toBe(false);
+  });
+});

apps/coder/src/services/__tests__/write_guard_fuzz.test.ts

@@ -0,0 +1,193 @@
+import { describe, it, expect } from 'vitest';
+import { resolveWritePath } from '../write_guard.js';
+
+const projectRoot = '/opt/testproject';
+
+describe('write_guard fuzz — traversal attacks', () => {
+  // Basic traversal
+  it('rejects ../', () => {
+    expect(() => resolveWritePath(projectRoot, '../etc/passwd')).toThrow();
+  });
+
+  it('rejects ../../', () => {
+    expect(() => resolveWritePath(projectRoot, '../../etc/passwd')).toThrow();
+  });
+
+  it('rejects deeply nested ../../../', () => {
+    expect(() => resolveWritePath(projectRoot, '../../../../../../../etc/shadow')).toThrow();
+  });
+
+  // Encoded traversal — resolve() doesn't decode percent-encoding, so these
+  // stay as literal filenames. The guard must still not let them escape.
+  it('rejects %2e%2e/ (literal percent-encoded dots)', () => {
+    // resolve('/opt/testproject', '%2e%2e/etc/passwd') stays inside root
+    // because Node's resolve treats the literal characters, not decoded.
+    // The file would be /opt/testproject/%2e%2e/etc/passwd which IS inside root.
+    // This test confirms it doesn't throw (it resolves inside) — defense in depth
+    // is that the filesystem won't have this path, but no traversal occurs.
+    const result = resolveWritePath(projectRoot, '%2e%2e/etc/passwd');
+    expect(result).toContain(projectRoot);
+  });
+
+  it('rejects ..%2f (literal percent-encoded slash)', () => {
+    // '../%2fetc/passwd' — the ../ IS real traversal
+    expect(() => resolveWritePath(projectRoot, '../%2fetc/passwd')).toThrow();
+  });
+
+  // Null byte injection
+  it('rejects null bytes', () => {
+    expect(() => resolveWritePath(projectRoot, 'file.txt\x00.jpg')).toThrow();
+  });
+
+  // Absolute path escape
+  it('rejects /etc/passwd', () => {
+    expect(() => resolveWritePath(projectRoot, '/etc/passwd')).toThrow();
+  });
+
+  it('rejects /opt/other-project/file', () => {
+    expect(() => resolveWritePath(projectRoot, '/opt/other-project/file.ts')).toThrow();
+  });
+
+  // Path that starts with project root as prefix but isn't under it
+  it('rejects prefix match without separator', () => {
+    expect(() => resolveWritePath(projectRoot, '/opt/testproject-evil/file.ts')).toThrow();
+  });
+
+  // Double slashes / traversal after valid prefix
+  it('rejects /opt/testproject/../etc/passwd via double-dot after valid prefix', () => {
+    expect(() => resolveWritePath(projectRoot, '/opt/testproject/../etc/passwd')).toThrow();
+  });
+
+  // Windows-style (defense-in-depth on Linux)
+  it('rejects backslash traversal', () => {
+    // On POSIX, backslash is a valid filename char, so '..\\etc\\passwd' resolves
+    // as a single segment inside projectRoot. Not a traversal, but test that it
+    // doesn't crash and stays within root.
+    const result = resolveWritePath(projectRoot, '..\\etc\\passwd');
+    // Node resolve on POSIX treats this as a literal filename segment containing backslashes
+    // that starts with '..' — resolve normalizes: /opt/testproject/..\\etc\\passwd
+    // Wait: resolve('/opt/testproject', '..\\etc\\passwd') — on POSIX backslash
+    // is NOT a separator, so this is a file named '..\\etc\\passwd' inside projectRoot.
+    // Actually no — resolve splits on '/' only on POSIX. '..' at start triggers parent.
+    // Let's check: the string starts with '..' but the next char is '\\' not '/'.
+    // Node's path.resolve on POSIX: the string '..\\etc\\passwd' does NOT contain '/'
+    // so it IS treated as a single path component? No — resolve still splits on '/'.
+    // '..\\etc\\passwd' has no '/', so resolve('/opt/testproject', '..\\etc\\passwd')
+    // = resolve('/opt/testproject/..\\etc\\passwd') — but wait, resolve processes
+    // segments separated by '/'. With no '/', the whole thing is one segment.
+    // Actually wrong: path.resolve calls normalizeString which handles '.' and '..'
+    // only when they are full segments delimited by '/'. Since there's no '/' in
+    // '..\\etc\\passwd', it treats the entire string as one filename.
+    // So: /opt/testproject/..\\etc\\passwd — inside root. No throw.
+    expect(result).toContain(projectRoot);
+  });
+
+  // Secret files (deny list)
+  it('rejects .env', () => {
+    expect(() => resolveWritePath(projectRoot, '.env')).toThrow();
+  });
+
+  it('rejects nested .env', () => {
+    expect(() => resolveWritePath(projectRoot, 'config/.env')).toThrow();
+  });
+
+  it('rejects .env.local', () => {
+    expect(() => resolveWritePath(projectRoot, '.env.local')).toThrow();
+  });
+
+  it('rejects id_rsa', () => {
+    expect(() => resolveWritePath(projectRoot, '.ssh/id_rsa')).toThrow();
+  });
+
+  it('rejects id_ed25519', () => {
+    expect(() => resolveWritePath(projectRoot, '.ssh/id_ed25519')).toThrow();
+  });
+
+  it('rejects *.pem', () => {
+    expect(() => resolveWritePath(projectRoot, 'certs/server.pem')).toThrow();
+  });
+
+  it('rejects *.key', () => {
+    expect(() => resolveWritePath(projectRoot, 'certs/private.key')).toThrow();
+  });
+
+  it('rejects credentials.json', () => {
+    expect(() => resolveWritePath(projectRoot, 'credentials.json')).toThrow();
+  });
+
+  it('rejects *.p12', () => {
+    expect(() => resolveWritePath(projectRoot, 'certs/client.p12')).toThrow();
+  });
+
+  it('rejects .netrc', () => {
+    expect(() => resolveWritePath(projectRoot, '.netrc')).toThrow();
+  });
+
+  it('rejects *.kdbx', () => {
+    expect(() => resolveWritePath(projectRoot, 'secrets/passwords.kdbx')).toThrow();
+  });
+
+  // Valid paths (should NOT throw)
+  it('allows simple relative path', () => {
+    expect(resolveWritePath(projectRoot, 'src/index.ts')).toBe('/opt/testproject/src/index.ts');
+  });
+
+  it('allows nested path', () => {
+    expect(resolveWritePath(projectRoot, 'src/services/tools/edit_file.ts')).toContain(projectRoot);
+  });
+
+  it('allows dotfile that is not in deny list', () => {
+    expect(resolveWritePath(projectRoot, '.gitignore')).toContain(projectRoot);
+  });
+
+  it('allows absolute path inside project', () => {
+    expect(resolveWritePath(projectRoot, '/opt/testproject/new-file.ts')).toBe('/opt/testproject/new-file.ts');
+  });
+
+  it('allows path with safe internal ../', () => {
+    expect(resolveWritePath(projectRoot, 'src/../lib/utils.ts')).toBe('/opt/testproject/lib/utils.ts');
+  });
+});
+
+describe('write_guard fuzz — edge cases', () => {
+  it('throws on empty string', () => {
+    expect(() => resolveWritePath(projectRoot, '')).toThrow();
+  });
+
+  it('throws on whitespace-only', () => {
+    expect(() => resolveWritePath(projectRoot, '   ')).toThrow();
+  });
+
+  it('throws when path IS the project root itself', () => {
+    // Writing to the directory itself makes no sense for a file write
+    expect(() => resolveWritePath(projectRoot, '/opt/testproject')).not.toThrow();
+    // The guard allows it (resolve === projectRoot passes the check).
+    // This is acceptable because the filesystem write will fail on a directory.
+    // If we want to block this, that's a separate concern.
+  });
+
+  it('handles very long path without crashing', () => {
+    const longSegment = 'a'.repeat(255);
+    const longPath = Array(20).fill(longSegment).join('/');
+    // Should not crash — may throw or succeed, but must not buffer-overflow
+    expect(() => resolveWritePath(projectRoot, longPath)).not.toThrow();
+  });
+
+  it('handles path with only dots', () => {
+    // Single dot resolves to projectRoot itself
+    const result = resolveWritePath(projectRoot, './src/file.ts');
+    expect(result).toBe('/opt/testproject/src/file.ts');
+  });
+
+  it('rejects triple-dot trick (... is not special but ../ within is)', () => {
+    // '.../etc' is a literal directory name, not traversal
+    const result = resolveWritePath(projectRoot, '.../etc');
+    expect(result).toContain(projectRoot);
+  });
+
+  it('rejects path with multiple consecutive slashes', () => {
+    // resolve normalizes these; should still be inside root
+    const result = resolveWritePath(projectRoot, 'src///file.ts');
+    expect(result).toBe('/opt/testproject/src/file.ts');
+  });
+});

apps/coder/src/services/acp-dispatch.ts

@@ -1,12 +1,12 @@
 /**
- * ACP dispatch — runs ACP-capable agents (opencode, goose) on the host via SSH.
+ * ACP dispatch — runs ACP-capable agents (opencode, goose) directly on the host.
  *
- * Uses the @agentclientprotocol/sdk to establish a structured JSON-RPC session
- * with the agent subprocess. The SSH tunnel provides stdio transport.
+ * v2.1.1: BooCoder runs on the host now — agents are spawned directly,
+ * no SSH needed. Uses @agentclientprotocol/sdk for structured JSON-RPC.
  *
  * Flow:
- * 1. SSH to host, start `opencode acp` (or `goose acp`) in the worktree
- * 2. Wrap SSH child's stdin/stdout into NDJSON streams
+ * 1. Spawn `opencode acp` (or `goose acp`) in the worktree
+ * 2. Wrap child's stdin/stdout into NDJSON streams
  * 3. Create a ClientSideConnection from the SDK
  * 4. Initialize → newSession → prompt(task)
  * 5. Collect session updates (tool calls, text output)
@@ -28,7 +28,7 @@ import {
   type CreateTerminalRequest,
   type CreateTerminalResponse,
 } from '@agentclientprotocol/sdk';
-import { sshSpawn } from './ssh.js';
+import { spawn } from 'node:child_process';
 
 export interface AcpDispatchResult {
   exitCode: number;
@@ -42,17 +42,17 @@ export interface AcpDispatchOpts {
   task: string;
   worktreePath: string;
   model?: string;
+  installPath?: string;
   signal?: AbortSignal;
   log: FastifyBaseLogger;
 }
 
-/** Map agent name to the ACP command it exposes. */
-function acpCommand(agent: string): string | null {
+function acpArgs(agent: string): string[] | null {
   switch (agent) {
     case 'opencode':
-      return 'opencode acp';
+      return ['acp'];
     case 'goose':
-      return 'goose acp';
+      return ['acp'];
     default:
       return null;
   }
@@ -114,10 +114,10 @@ function nodeWritableToWeb(nodeStream: NodeJS.WritableStream): WritableStream<Ui
  * all session updates. Returns the collected output and tool calls.
  */
 export async function dispatchViaAcp(opts: AcpDispatchOpts): Promise<AcpDispatchResult> {
-  const { agent, task, worktreePath, signal, log } = opts;
+  const { agent, task, worktreePath, installPath, signal, log } = opts;
 
-  const cmd = acpCommand(agent);
-  if (!cmd) {
+  const args = acpArgs(agent);
+  if (!args) {
     return {
       exitCode: 1,
       output: `Agent '${agent}' does not support ACP.`,
@@ -126,12 +126,13 @@ export async function dispatchViaAcp(opts: AcpDispatchOpts): Promise<AcpDispatch
     };
   }
 
-  // Spawn SSH with the ACP command running in the worktree
-  const escapedPath = worktreePath.replace(/'/g, "'\\''");
-  const fullCommand = `cd '${escapedPath}' && ${cmd}`;
-
-  log.info({ agent, worktreePath }, 'acp-dispatch: spawning');
-  const child = sshSpawn(fullCommand);
+  const binary = installPath ?? agent;
+  log.info({ agent, binary, worktreePath }, 'acp-dispatch: spawning');
+  const child = spawn(binary, args, {
+    cwd: worktreePath,
+    stdio: ['pipe', 'pipe', 'pipe'],
+    env: { ...process.env },
+  });
 
   // Wire up abort
   let killed = false;

apps/coder/src/services/agent-probe.ts

@@ -1,68 +1,91 @@
 import type { Sql } from '../db.js';
 import type { FastifyBaseLogger } from 'fastify';
-import { sshExec } from './ssh.js';
+import { exec as execCb } from 'node:child_process';
+import { promisify } from 'node:util';
+import { PROVIDERS_BY_NAME } from './provider-registry.js';
 
-const KNOWN_AGENTS: Array<{ name: string; supportsAcp: boolean }> = [
-  { name: 'opencode', supportsAcp: true },
-  { name: 'goose', supportsAcp: true },
-  { name: 'claude', supportsAcp: false },
-  { name: 'pi', supportsAcp: false },
-];
+const exec = promisify(execCb);
+
+const KNOWN_AGENTS = ['opencode', 'goose', 'claude', 'qwen'].map((name) => ({
+  name,
+  supportsAcp: PROVIDERS_BY_NAME.get(name)?.transport === 'acp',
+}));
 
 /**
- * Probe for available agents on the HOST via SSH.
+ * Probe for available agents on the HOST.
  *
- * The boocoder container can't run agents locally — they live on the host.
- * We SSH to the host (same mechanism BooTerm uses) and check which agent
- * binaries are on PATH.
+ * v2.1.1: BooCoder runs on the host now — agents are local binaries,
+ * no SSH needed. Direct `which` / `exec` calls.
  */
 export async function probeAgents(sql: Sql, log: FastifyBaseLogger): Promise<void> {
-  log.info('agent-probe: scanning HOST for known agents via SSH');
+  log.info('agent-probe: scanning for known agents');
 
   for (const agent of KNOWN_AGENTS) {
     try {
-      // Check if the agent binary is on the host's PATH
-      const whichResult = await sshExec(`which ${agent.name}`, { timeoutMs: 10_000 });
-      const installPath = whichResult.stdout.trim();
-      if (whichResult.exitCode !== 0 || !installPath) continue;
+      const { stdout: whichOut } = await exec(`which ${agent.name}`, { timeout: 10_000 });
+      const installPath = whichOut.trim();
+      if (!installPath) continue;
 
-      // Get version
       let version: string | null = null;
       try {
-        const verResult = await sshExec(`${agent.name} --version`, { timeoutMs: 15_000 });
-        if (verResult.exitCode === 0) {
-          version = verResult.stdout.trim().slice(0, 100);
-        }
+        const { stdout: verOut } = await exec(`${agent.name} --version`, { timeout: 15_000 });
+        version = verOut.trim().slice(0, 100);
       } catch {
-        // Some agents may not support --version — that's fine
+        // Some agents may not support --version
       }
 
-      // For ACP-capable agents, verify ACP mode actually works
       let supportsAcp = agent.supportsAcp;
       if (supportsAcp) {
         try {
-          const acpCheck = await sshExec(`${agent.name} acp --help`, { timeoutMs: 10_000 });
-          supportsAcp = acpCheck.exitCode === 0;
+          await exec(`${agent.name} acp --help`, { timeout: 10_000 });
         } catch {
           supportsAcp = false;
         }
       }
 
-      // UPSERT into available_agents
+      let models: Array<{ id: string; label: string }> = [];
+      const providerDef = PROVIDERS_BY_NAME.get(agent.name);
+
+      if (providerDef?.modelSource === 'static' && providerDef.staticModels) {
+        models = providerDef.staticModels;
+      }
+
+      if (agent.name === 'qwen') {
+        try {
+          const { stdout: catOut } = await exec('cat ~/.qwen/settings.json', { timeout: 10_000 });
+          if (catOut.trim()) {
+            const settings = JSON.parse(catOut) as {
+              modelProviders?: { openai?: Array<{ id: string }> };
+            };
+            const openaiModels = settings?.modelProviders?.openai;
+            if (Array.isArray(openaiModels)) {
+              models = openaiModels.map((m) => ({ id: m.id, label: m.id }));
+            }
+          }
+        } catch {
+          // ~/.qwen/settings.json missing or unparseable
+        }
+      }
+
+      const label = providerDef?.label ?? agent.name;
+      const transport = providerDef?.transport ?? 'pty';
+
       await sql`
-        INSERT INTO available_agents (name, install_path, version, supports_acp, last_probed_at)
-        VALUES (${agent.name}, ${installPath}, ${version}, ${supportsAcp}, clock_timestamp())
+        INSERT INTO available_agents (name, install_path, version, supports_acp, last_probed_at, models, label, transport)
+        VALUES (${agent.name}, ${installPath}, ${version}, ${supportsAcp}, clock_timestamp(), ${sql.json(models as never)}, ${label}, ${transport})
         ON CONFLICT (name) DO UPDATE SET
           install_path = EXCLUDED.install_path,
           version = EXCLUDED.version,
           supports_acp = EXCLUDED.supports_acp,
-          last_probed_at = EXCLUDED.last_probed_at
+          last_probed_at = EXCLUDED.last_probed_at,
+          models = EXCLUDED.models,
+          label = EXCLUDED.label,
+          transport = EXCLUDED.transport
       `;
-      log.info({ agent: agent.name, version, installPath, supportsAcp }, 'agent-probe: found on host');
+      log.info({ agent: agent.name, version, installPath, supportsAcp, modelCount: models.length }, 'agent-probe: found');
     } catch (err) {
-      // SSH failed or agent not found — skip silently
       const msg = err instanceof Error ? err.message : String(err);
-      log.debug({ agent: agent.name, err: msg }, 'agent-probe: not found or SSH failed');
+      log.debug({ agent: agent.name, err: msg }, 'agent-probe: not found');
     }
   }
 

apps/coder/src/services/dispatcher.ts

@@ -34,8 +34,8 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
     if (running || stopping) return;
 
     // Grab one pending task
-    const rows = await sql<{ id: string; project_id: string; input: string; agent: string | null; model: string | null }[]>`
-      SELECT id, project_id, input, agent, model
+    const rows = await sql<{ id: string; project_id: string; input: string; agent: string | null; model: string | null; session_id: string | null }[]>`
+      SELECT id, project_id, input, agent, model, session_id
       FROM tasks
       WHERE state = 'pending'
       ORDER BY created_at
@@ -51,16 +51,16 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
     });
   }
 
-  async function runTask(task: { id: string; project_id: string; input: string; agent: string | null; model: string | null }): Promise<void> {
+  async function runTask(task: { id: string; project_id: string; input: string; agent: string | null; model: string | null; session_id: string | null }): Promise<void> {
     const taskId = task.id;
 
     // Determine execution path: if agent is specified AND exists in available_agents → Path B
     if (task.agent) {
-      const [agentRow] = await sql<{ name: string; supports_acp: boolean }[]>`
-        SELECT name, supports_acp FROM available_agents WHERE name = ${task.agent}
+      const [agentRow] = await sql<{ name: string; supports_acp: boolean; install_path: string | null }[]>`
+        SELECT name, supports_acp, install_path FROM available_agents WHERE name = ${task.agent}
       `;
       if (agentRow) {
-        await runExternalAgent(task, agentRow.supports_acp);
+        await runExternalAgent(task, agentRow.supports_acp, agentRow.install_path);
         return;
       }
       // Agent specified but not available — fall through to Path A with a warning
@@ -73,7 +73,7 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
 
   // ─── Path A: Native Inference ───────────────────────────────────────────────
 
-  async function runNativeInference(task: { id: string; project_id: string; input: string; agent: string | null; model: string | null }): Promise<void> {
+  async function runNativeInference(task: { id: string; project_id: string; input: string; agent: string | null; model: string | null; session_id: string | null }): Promise<void> {
     const taskId = task.id;
     log.info({ taskId }, 'dispatcher: starting task (path A — native)');
 
@@ -134,6 +134,14 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
         return;
       }
 
+      // Aggregate token cost for the task's session
+      const [costRow] = await sql<{ total: number | null }[]>`
+        SELECT SUM(tokens_used)::int AS total
+        FROM messages
+        WHERE session_id = ${sessionId} AND tokens_used IS NOT NULL
+      `;
+      const costTokens = costRow?.total ?? null;
+
       if (finalStatus === 'complete') {
         const [msg] = await sql<{ content: string | null }[]>`
           SELECT content FROM messages WHERE id = ${assistantId}
@@ -141,10 +149,10 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
         const summary = (msg?.content ?? '').slice(0, 500);
         await sql`
           UPDATE tasks
-          SET state = 'completed', ended_at = clock_timestamp(), output_summary = ${summary}
+          SET state = 'completed', ended_at = clock_timestamp(), output_summary = ${summary}, cost_tokens = ${costTokens}
           WHERE id = ${taskId}
         `;
-        log.info({ taskId }, 'dispatcher: task completed (native)');
+        log.info({ taskId, costTokens }, 'dispatcher: task completed (native)');
       } else {
         const [msg] = await sql<{ content: string | null }[]>`
           SELECT content FROM messages WHERE id = ${assistantId}
@@ -152,7 +160,7 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
         const summary = (msg?.content ?? 'Inference failed').slice(0, 500);
         await sql`
           UPDATE tasks
-          SET state = 'failed', ended_at = clock_timestamp(), output_summary = ${summary}
+          SET state = 'failed', ended_at = clock_timestamp(), output_summary = ${summary}, cost_tokens = ${costTokens}
           WHERE id = ${taskId}
         `;
         log.warn({ taskId, finalStatus }, 'dispatcher: task failed (native)');
@@ -171,8 +179,9 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
   // ─── Path B: External Agent Dispatch ──────<E29480><E29480><EFBFBD>─────────────────────────────────
 
   async function runExternalAgent(
-    task: { id: string; project_id: string; input: string; agent: string | null; model: string | null },
+    task: { id: string; project_id: string; input: string; agent: string | null; model: string | null; session_id: string | null },
     supportsAcp: boolean,
+    installPath: string | null,
   ): Promise<void> {
     const taskId = task.id;
     const agent = task.agent!;
@@ -181,14 +190,14 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
     log.info({ taskId, agent, executionPath }, 'dispatcher: starting task (path B — external)');
 
     // Resolve the project's root path
-    const [project] = await sql<{ root_path: string | null }[]>`
-      SELECT root_path FROM projects WHERE id = ${task.project_id}
+    const [project] = await sql<{ path: string | null }[]>`
+      SELECT path FROM projects WHERE id = ${task.project_id}
     `;
-    const projectPath = project?.root_path;
+    const projectPath = project?.path;
     if (!projectPath) {
       await sql`
         UPDATE tasks
-        SET state = 'failed', ended_at = clock_timestamp(), output_summary = 'Project has no root_path — cannot create worktree'
+        SET state = 'failed', ended_at = clock_timestamp(), output_summary = 'Project has no path — cannot create worktree'
         WHERE id = ${taskId}
       `;
       return;
@@ -205,30 +214,49 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
         WHERE id = ${taskId}
       `;
 
-      // Create session + chat for this task (same as Path A — for output tracking)
-      const sessionName = `Task [${agent}]: ${task.input.slice(0, 30)}`;
-      const [session] = await sql<{ id: string }[]>`
-        INSERT INTO sessions (project_id, name, model, status)
-        VALUES (${task.project_id}, ${sessionName}, ${task.model ?? config.DEFAULT_MODEL}, 'open')
-        RETURNING id
-      `;
-      const sessionId = session!.id;
+      let sessionId: string;
+      let chatId: string;
 
-      const [chat] = await sql<{ id: string }[]>`
-        INSERT INTO chats (session_id, name, status)
-        VALUES (${sessionId}, 'External agent execution', 'open')
-        RETURNING id
-      `;
-      const chatId = chat!.id;
+      if (task.session_id) {
+        sessionId = task.session_id;
+        const chats = await sql<{ id: string }[]>`
+          SELECT id FROM chats WHERE session_id = ${sessionId} AND status = 'open' ORDER BY created_at DESC LIMIT 1
+        `;
+        if (chats.length === 0) {
+          const [chat] = await sql<{ id: string }[]>`
+            INSERT INTO chats (session_id, name, status)
+            VALUES (${sessionId}, 'External agent execution', 'open')
+            RETURNING id
+          `;
+          chatId = chat!.id;
+        } else {
+          chatId = chats[0]!.id;
+        }
+      } else {
+        const sessionName = `Task [${agent}]: ${task.input.slice(0, 30)}`;
+        const [session] = await sql<{ id: string }[]>`
+          INSERT INTO sessions (project_id, name, model, status)
+          VALUES (${task.project_id}, ${sessionName}, ${task.model ?? config.DEFAULT_MODEL}, 'open')
+          RETURNING id
+        `;
+        sessionId = session!.id;
 
-      // Link task to session
-      await sql`UPDATE tasks SET session_id = ${sessionId} WHERE id = ${taskId}`;
+        const [chat] = await sql<{ id: string }[]>`
+          INSERT INTO chats (session_id, name, status)
+          VALUES (${sessionId}, 'External agent execution', 'open')
+          RETURNING id
+        `;
+        chatId = chat!.id;
 
-      // Create user message for the task input
-      await sql`
-        INSERT INTO messages (session_id, chat_id, role, content, status, created_at)
-        VALUES (${sessionId}, ${chatId}, 'user', ${task.input}, 'complete', clock_timestamp())
-      `;
+        await sql`UPDATE tasks SET session_id = ${sessionId} WHERE id = ${taskId}`;
+      }
+
+      if (!task.session_id) {
+        await sql`
+          INSERT INTO messages (session_id, chat_id, role, content, status, created_at)
+          VALUES (${sessionId}, ${chatId}, 'user', ${task.input}, 'complete', clock_timestamp())
+        `;
+      }
 
       // Step 1: Create worktree
       log.info({ taskId, projectPath }, 'dispatcher: creating worktree');
@@ -243,6 +271,7 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
           agent,
           task: task.input,
           worktreePath,
+          installPath: installPath ?? undefined,
           model: task.model ?? undefined,
           signal: ac.signal,
           log,
@@ -259,6 +288,7 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
           agent,
           task: task.input,
           worktreePath,
+          installPath: installPath ?? undefined,
           model: task.model ?? undefined,
           signal: ac.signal,
           log,
@@ -299,13 +329,21 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
       // Step 4: Cleanup worktree
       await cleanupWorktree(projectPath, taskId);
 
-      // Step 5: Mark task completed
+      // Step 5: Aggregate token cost
+      const [extCostRow] = await sql<{ total: number | null }[]>`
+        SELECT SUM(tokens_used)::int AS total
+        FROM messages
+        WHERE session_id = ${sessionId} AND tokens_used IS NOT NULL
+      `;
+      const extCostTokens = extCostRow?.total ?? null;
+
+      // Step 6: Mark task completed
       await sql`
         UPDATE tasks
-        SET state = 'completed', ended_at = clock_timestamp(), output_summary = ${outputSummary}
+        SET state = 'completed', ended_at = clock_timestamp(), output_summary = ${outputSummary}, cost_tokens = ${extCostTokens}
         WHERE id = ${taskId}
       `;
-      log.info({ taskId, agent }, 'dispatcher: task completed (external)');
+      log.info({ taskId, agent, costTokens: extCostTokens }, 'dispatcher: task completed (external)');
 
     } catch (err) {
       const errMsg = err instanceof Error ? err.message : String(err);

apps/coder/src/services/provider-registry.ts

@@ -0,0 +1,46 @@
+export interface ProviderDef {
+  name: string;
+  label: string;
+  transport: 'native' | 'acp' | 'pty';
+  modelSource: 'llama-swap' | 'static';
+  staticModels?: Array<{ id: string; label: string }>;
+}
+
+export const PROVIDERS: ProviderDef[] = [
+  {
+    name: 'boocode',
+    label: 'BooCoder',
+    transport: 'native',
+    modelSource: 'llama-swap',
+  },
+  {
+    name: 'opencode',
+    label: 'OpenCode',
+    transport: 'acp',
+    modelSource: 'llama-swap',
+  },
+  {
+    name: 'goose',
+    label: 'Goose',
+    transport: 'acp',
+    modelSource: 'llama-swap',
+  },
+  {
+    name: 'claude',
+    label: 'Claude Code',
+    transport: 'pty',
+    modelSource: 'static',
+    staticModels: [
+      { id: 'claude-opus-4-20250514', label: 'Opus 4' },
+      { id: 'claude-sonnet-4-20250514', label: 'Sonnet 4' },
+    ],
+  },
+  {
+    name: 'qwen',
+    label: 'Qwen Code',
+    transport: 'pty',
+    modelSource: 'static',
+  },
+];
+
+export const PROVIDERS_BY_NAME = new Map(PROVIDERS.map((p) => [p.name, p]));

apps/coder/src/services/pty-dispatch.ts

@@ -1,18 +1,18 @@
 /**
- * PTY dispatch — runs external agents on the host via SSH.
+ * PTY dispatch — runs external agents directly on the host.
  *
- * For agents without ACP support (claude, pi), we pipe the task into their
- * non-interactive mode and capture stdout/stderr. The agent runs in a git
- * worktree so it can modify files freely.
+ * v2.1.3: Spawns agent binaries directly (no sh -c wrapper) using the
+ * install_path from agent-probe. Follows Paseo's pattern: direct binary
+ * path + args array + cwd.
  *
  * Supported agents:
  * - claude: `claude -p --model <model>` (print mode, reads task from stdin)
- * - opencode: `echo <task> | opencode` (stdin pipe — exact flags TBD)
- * - goose: stub (not yet supported)
- * - pi: stub (not yet supported)
+ * - opencode: `opencode --model <model>` (stdin pipe)
+ * - qwen: `qwen -p <task> --output-format stream-json`
+ * - goose: `goose run --text <task>`
  */
 import type { FastifyBaseLogger } from 'fastify';
-import { sshSpawnWithStdin } from './ssh.js';
+import { spawn } from 'node:child_process';
 
 export interface DispatchResult {
   exitCode: number;
@@ -25,56 +25,61 @@ export interface PtyDispatchOpts {
   task: string;
   worktreePath: string;
   model?: string;
+  installPath?: string;
   signal?: AbortSignal;
   log: FastifyBaseLogger;
 }
 
-/**
- * Build the shell command that runs the agent non-interactively.
- * The command will be executed inside `cd <worktreePath> && ...`.
- */
-function buildAgentCommand(agent: string, task: string, model?: string): string | null {
-  // Escape the task for embedding in a shell command
-  const escapedTask = task.replace(/'/g, "'\\''");
+interface AgentCommand {
+  binary: string;
+  args: string[];
+  stdin?: string;
+}
+
+function buildAgentCommand(agent: string, task: string, model?: string, installPath?: string): AgentCommand | null {
+  const binary = installPath ?? agent;
 
   switch (agent) {
     case 'claude':
-      // Claude Code's print mode: reads prompt from stdin, runs autonomously, prints result
-      return model
-        ? `echo '${escapedTask}' | claude -p --model '${model}'`
-        : `echo '${escapedTask}' | claude -p`;
+      return {
+        binary,
+        args: model ? ['-p', '--model', model] : ['-p'],
+        stdin: task,
+      };
 
     case 'opencode':
-      // opencode non-interactive: pipe task via stdin
-      // NOTE: exact flags may vary — opencode may need --non-interactive or --pipe
-      return model
-        ? `echo '${escapedTask}' | opencode --model '${model}'`
-        : `echo '${escapedTask}' | opencode`;
+      return {
+        binary,
+        args: model ? ['--model', model] : [],
+        stdin: task,
+      };
+
+    case 'qwen':
+      return {
+        binary,
+        args: model
+          ? ['-p', task, '--model', model, '--output-format', 'stream-json']
+          : ['-p', task, '--output-format', 'stream-json'],
+      };
 
     case 'goose':
-      // Not yet verified for non-interactive use
-      return null;
-
-    case 'pi':
-      // Not yet verified for non-interactive use
-      return null;
+      return {
+        binary,
+        args: model
+          ? ['run', '--text', task, '--model', model]
+          : ['run', '--text', task],
+      };
 
     default:
       return null;
   }
 }
 
-/**
- * Dispatch a task to an external agent via SSH.
- *
- * The agent runs in the worktree directory on the host. stdout/stderr are
- * captured in full and returned. The SSH process is killed on abort signal.
- */
 export async function dispatchViaPty(opts: PtyDispatchOpts): Promise<DispatchResult> {
-  const { agent, task, worktreePath, model, signal, log } = opts;
+  const { agent, task, worktreePath, model, installPath, signal, log } = opts;
 
-  const agentCmd = buildAgentCommand(agent, task, model);
-  if (!agentCmd) {
+  const cmd = buildAgentCommand(agent, task, model, installPath);
+  if (!cmd) {
     return {
       exitCode: 1,
       stdout: '',
@@ -82,22 +87,19 @@ export async function dispatchViaPty(opts: PtyDispatchOpts): Promise<DispatchRes
     };
   }
 
-  // Wrap in cd to the worktree
-  const fullCommand = `cd '${worktreePath.replace(/'/g, "'\\''")}' && ${agentCmd}`;
-
-  log.info({ agent, worktreePath }, 'pty-dispatch: starting');
+  log.info({ agent, binary: cmd.binary, worktreePath }, 'pty-dispatch: starting');
 
   return new Promise<DispatchResult>((resolve, reject) => {
-    const child = sshSpawnWithStdin(fullCommand, '');
-    // Note: sshSpawnWithStdin already closes stdin. For agents that read from
-    // stdin via echo piping, the command itself handles the piping on the remote
-    // side. We just need the SSH tunnel.
+    const child = spawn(cmd.binary, cmd.args, {
+      cwd: worktreePath,
+      stdio: ['pipe', 'pipe', 'pipe'],
+      env: { ...process.env },
+    });
 
-    // Actually, re-think: sshSpawnWithStdin writes input and closes stdin on the
-    // LOCAL ssh process. But the remote command is `echo '...' | agent`, which
-    // provides its own stdin. So we should use sshSpawn (no local stdin needed)
-    // or just let the empty stdin close — the remote shell handles piping internally.
-    // This is fine as-is because the echo piping happens WITHIN the remote shell command.
+    if (cmd.stdin) {
+      child.stdin!.write(cmd.stdin);
+    }
+    child.stdin!.end();
 
     let stdout = '';
     let stderr = '';
@@ -110,7 +112,6 @@ export async function dispatchViaPty(opts: PtyDispatchOpts): Promise<DispatchRes
       if (!killed) {
         killed = true;
         child.kill('SIGTERM');
-        // Give it a moment then force-kill
         setTimeout(() => child.kill('SIGKILL'), 5_000);
       }
     };

apps/coder/src/services/ssh.ts

@@ -1,4 +1,7 @@
 /**
+ * @deprecated v2.1.1 — BooCoder runs on the host now. Use direct spawn/exec instead.
+ * Kept for one release cycle in case of rollback.
+ *
  * SSH helper — spawns commands on the host via SSH.
  *
  * BooCode's container cannot directly spawn host processes (opencode, goose, claude, pi).

apps/coder/src/services/tools/check_task_status.ts

@@ -0,0 +1,50 @@
+import { z } from 'zod';
+import type { ToolDef, ToolContext } from './types.js';
+
+const CheckTaskStatusInput = z.object({
+  task_id: z.string().uuid().describe('ID of the task to check'),
+});
+
+type CheckTaskStatusInputT = z.infer<typeof CheckTaskStatusInput>;
+
+export const checkTaskStatusTool: ToolDef<CheckTaskStatusInputT> = {
+  name: 'check_task_status',
+  description: 'Check the status and output of a subtask by ID. Returns state, output_summary, and timing.',
+  inputSchema: CheckTaskStatusInput,
+  jsonSchema: {
+    type: 'function',
+    function: {
+      name: 'check_task_status',
+      description: 'Check the status and output of a subtask by ID.',
+      parameters: {
+        type: 'object',
+        properties: {
+          task_id: { type: 'string', description: 'ID of the task to check' },
+        },
+        required: ['task_id'],
+      },
+    },
+  },
+
+  async execute(input: CheckTaskStatusInputT, _projectRoot: string, context: ToolContext): Promise<unknown> {
+    const { sql } = context;
+
+    const [task] = await sql<{ id: string; state: string; output_summary: string | null; started_at: string | null; ended_at: string | null }[]>`
+      SELECT id, state, output_summary, started_at, ended_at
+      FROM tasks
+      WHERE id = ${input.task_id}
+    `;
+
+    if (!task) {
+      return { error: `Task ${input.task_id} not found` };
+    }
+
+    return {
+      id: task.id,
+      state: task.state,
+      output_summary: task.output_summary,
+      started_at: task.started_at,
+      ended_at: task.ended_at,
+    };
+  },
+};

apps/coder/src/services/tools/index.ts

@@ -4,6 +4,9 @@ import { createFileTool } from './create_file.js';
 import { deleteFileTool } from './delete_file.js';
 import { applyPendingTool } from './apply_pending.js';
 import { rewindTool } from './rewind.js';
+import { newTaskTool } from './new_task.js';
+import { listTasksTool } from './list_tasks.js';
+import { checkTaskStatusTool } from './check_task_status.js';
 
 export type { ToolDef, ToolContext, ToolJsonSchema } from './types.js';
 
@@ -16,6 +19,11 @@ export const WRITE_TOOLS: readonly ToolDef<any>[] = [
   deleteFileTool,
   editFileTool,
   rewindTool,
+  // Boomerang subtask tools — orchestrator agents call these to spawn/monitor child tasks.
+  // An "Orchestrator" agent profile would whitelist [new_task, list_tasks, check_task_status].
+  newTaskTool,
+  listTasksTool,
+  checkTaskStatusTool,
 ];
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -23,4 +31,4 @@ export const WRITE_TOOLS_BY_NAME: ReadonlyMap<string, ToolDef<any>> = new Map(
   WRITE_TOOLS.map((t) => [t.name, t]),
 );
 
-export { editFileTool, createFileTool, deleteFileTool, applyPendingTool, rewindTool };
+export { editFileTool, createFileTool, deleteFileTool, applyPendingTool, rewindTool, newTaskTool, listTasksTool, checkTaskStatusTool };

apps/coder/src/services/tools/list_tasks.ts

@@ -0,0 +1,56 @@
+import { z } from 'zod';
+import type { ToolDef, ToolContext } from './types.js';
+import { getInferenceContext } from './inference_context.js';
+
+const ListTasksInput = z.object({
+  parent_task_id: z.string().uuid().optional().describe('Filter by parent task ID. Omit to list children of current task.'),
+});
+
+type ListTasksInputT = z.infer<typeof ListTasksInput>;
+
+export const listTasksTool: ToolDef<ListTasksInputT> = {
+  name: 'list_tasks',
+  description: 'List child tasks of the current task (or a specified parent). Returns id, state, input preview, and output_summary.',
+  inputSchema: ListTasksInput,
+  jsonSchema: {
+    type: 'function',
+    function: {
+      name: 'list_tasks',
+      description: 'List child tasks of the current task (or a specified parent).',
+      parameters: {
+        type: 'object',
+        properties: {
+          parent_task_id: { type: 'string', description: 'Filter by parent task ID. Omit to list children of current task.' },
+        },
+        required: [],
+      },
+    },
+  },
+
+  async execute(input: ListTasksInputT, _projectRoot: string, context: ToolContext): Promise<unknown> {
+    const { sql } = context;
+    const ctx = getInferenceContext();
+    const parentId = input.parent_task_id ?? ctx.taskId;
+
+    if (!parentId) {
+      return { tasks: [], note: 'No parent task context — not running inside a task.' };
+    }
+
+    const rows = await sql<{ id: string; state: string; input: string; output_summary: string | null }[]>`
+      SELECT id, state, input, output_summary
+      FROM tasks
+      WHERE parent_task_id = ${parentId}
+      ORDER BY created_at DESC
+      LIMIT 50
+    `;
+
+    return {
+      tasks: rows.map((r) => ({
+        id: r.id,
+        state: r.state,
+        input_preview: r.input.slice(0, 100),
+        output_summary: r.output_summary,
+      })),
+    };
+  },
+};

apps/coder/src/services/tools/new_task.ts

@@ -0,0 +1,65 @@
+import { z } from 'zod';
+import type { ToolDef, ToolContext } from './types.js';
+import { getInferenceContext } from './inference_context.js';
+
+const NewTaskInput = z.object({
+  input: z.string().min(1).describe('Task description for the child subtask'),
+  agent: z.string().optional().describe('Optional: dispatch to a specific agent'),
+  model: z.string().optional().describe('Optional: model override for the subtask'),
+});
+
+type NewTaskInputT = z.infer<typeof NewTaskInput>;
+
+export const newTaskTool: ToolDef<NewTaskInputT> = {
+  name: 'new_task',
+  description:
+    'Spawn a subtask that runs in isolation. The subtask gets its own session and ' +
+    'worktree. Use check_task_status to monitor progress. Only the output_summary is ' +
+    'accessible to the parent — full isolation (Boomerang pattern).',
+  inputSchema: NewTaskInput,
+  jsonSchema: {
+    type: 'function',
+    function: {
+      name: 'new_task',
+      description:
+        'Spawn a subtask that runs in isolation. The subtask gets its own session and ' +
+        'worktree. Use check_task_status to monitor progress.',
+      parameters: {
+        type: 'object',
+        properties: {
+          input: { type: 'string', description: 'Task description for the child subtask' },
+          agent: { type: 'string', description: 'Optional: dispatch to a specific agent' },
+          model: { type: 'string', description: 'Optional: model override for the subtask' },
+        },
+        required: ['input'],
+      },
+    },
+  },
+
+  async execute(input: NewTaskInputT, _projectRoot: string, context: ToolContext): Promise<unknown> {
+    const { sql } = context;
+    // Get the current task's project_id from the inference context
+    const ctx = getInferenceContext();
+    const currentTaskId = ctx.taskId;
+
+    // Look up the project_id from the current session
+    const [session] = await sql<{ project_id: string }[]>`
+      SELECT project_id FROM sessions WHERE id = ${ctx.sessionId}
+    `;
+    if (!session) {
+      return { error: 'Cannot determine project_id from current session' };
+    }
+
+    const [task] = await sql<{ id: string; state: string }[]>`
+      INSERT INTO tasks (project_id, parent_task_id, input, agent, model)
+      VALUES (${session.project_id}, ${currentTaskId}, ${input.input}, ${input.agent ?? null}, ${input.model ?? null})
+      RETURNING id, state
+    `;
+
+    return {
+      message: `Subtask created (id: ${task!.id}). It will run in isolation. Use check_task_status to monitor.`,
+      task_id: task!.id,
+      state: task!.state,
+    };
+  },
+};

apps/coder/src/services/write_guard.ts

@@ -54,10 +54,14 @@ export function isSecretPath(filePath: string): boolean {
  * checks the result stays within projectRoot.
  */
 export function resolveWritePath(projectRoot: string, filePath: string): string {
-  if (!filePath || filePath.length === 0) {
+  if (!filePath || filePath.trim().length === 0) {
     throw new WriteGuardError('file path is required');
   }
 
+  if (filePath.includes('\x00')) {
+    throw new WriteGuardError('file path contains null byte');
+  }
+
   const candidate = filePath.startsWith('/') ? filePath : resolve(projectRoot, filePath);
   const normalized = resolve(candidate); // normalizes ../ segments
 

apps/server/src/config.ts

@@ -22,6 +22,9 @@ const ConfigSchema = z.object({
   // v1.15.0-mcp-multi: path to the MCP config JSON file. Default /data/mcp.json
   // (bind-mounted alongside AGENTS.md). File missing = no MCP (opt-in).
   MCP_CONFIG_PATH: z.string().optional(),
+  // v2.0.5: cheaper model for titles, summaries, labeling. Falls back to
+  // session model (auto_name) or DEFAULT_MODEL when unset.
+  FAST_MODEL: z.string().optional(),
 });
 
 export type Config = z.infer<typeof ConfigSchema>;

apps/server/src/services/auto_name.ts

@@ -67,7 +67,8 @@ export async function maybeAutoNameChat(
   const sessionRows = await ctx.sql<{ model: string }[]>`
     SELECT model FROM sessions WHERE id = ${sessionId}
   `;
-  const model = sessionRows[0]?.model;
+  // v2.0.5: prefer FAST_MODEL for cheap LLM calls (titles, summaries).
+  const model = ctx.config.FAST_MODEL ?? sessionRows[0]?.model;
   if (!model) return;
 
   const assistantMsg = await ctx.sql<{ content: string }[]>`

apps/server/src/services/inference/index.ts

@@ -20,3 +20,5 @@ export type {
 export type { ToolPhaseResult } from './tool-phase.js';
 export { detectDoomLoop, DOOM_LOOP_THRESHOLD } from './sentinels.js';
 export { buildMessagesPayload } from './payload.js';
+export { generateToolUseSummary } from './tool-summaries.js';
+export type { ToolInfo } from './tool-summaries.js';

apps/server/src/services/inference/payload.ts

@@ -142,7 +142,7 @@ export async function loadContext(
 ): Promise<{ session: Session; project: Project; history: Message[] } | null> {
   const sessionRows = await sql<Session[]>`
     SELECT id, project_id, name, model, system_prompt, status, created_at, updated_at,
-           agent_id, web_search_enabled
+           agent_id, web_search_enabled, allowed_read_paths
     FROM sessions WHERE id = ${sessionId}
   `;
   if (sessionRows.length === 0) return null;

apps/server/src/services/inference/sentinel-summaries.ts

@@ -36,6 +36,8 @@ export async function runCapHitSummary(
 ): Promise<void> {
   const { sessionId, chatId, assistantMessageId, signal } = args;
 
+  await insertCapHitSentinel(ctx, sessionId, chatId, agent, budget);
+
   const messages = await buildMessagesPayload(session, project, history, agent, ctx.log);
   messages.push({ role: 'system', content: CAP_HIT_SUMMARY_NOTE(budget) });
 
@@ -195,8 +197,6 @@ export async function runCapHitSummary(
     updated_at: sessRow!.updated_at,
   });
 
-  await insertCapHitSentinel(ctx, sessionId, chatId, agent, budget);
-
   // Status frame fires last so the dot color reflects the terminal state.
   // Success → idle, abort → idle (user-driven stop), error → error+reason.
   if (summaryOk) {

apps/server/src/services/inference/tool-summaries.ts

@@ -0,0 +1,81 @@
+/**
+ * v2.0.5: Tool-use summary generation.
+ *
+ * After a batch of tool calls completes, fire a cheap LLM call to generate
+ * a "git-commit-subject-style" one-liner label describing what the tools
+ * accomplished. Ported from the Qwen Code source recon.
+ */
+import type { FastifyBaseLogger } from 'fastify';
+
+const TOOL_SUMMARY_SYSTEM_PROMPT = `Write a short summary label describing what these tool calls accomplished. Think git-commit-subject, not sentence. Past tense, most distinctive noun. Max 30 characters. Output ONLY the label.
+
+Examples:
+- Searched in auth/
+- Fixed NPE in UserService
+- Created signup endpoint
+- Read config.json
+- Ran failing tests`;
+
+const INPUT_TRUNCATE = 300;
+const MAX_SUMMARY_LENGTH = 100;
+
+export interface ToolInfo {
+  name: string;
+  input: string;
+  output: string;
+}
+
+export async function generateToolUseSummary(opts: {
+  tools: ToolInfo[];
+  llamaSwapUrl: string;
+  model: string;
+  log: FastifyBaseLogger;
+  signal?: AbortSignal;
+}): Promise<string | null> {
+  const { tools, llamaSwapUrl, model, log, signal } = opts;
+  if (tools.length === 0) return null;
+  if (signal?.aborted) return null;
+
+  const toolText = tools
+    .map(t => `Tool: ${t.name}\nInput: ${t.input.slice(0, INPUT_TRUNCATE)}\nOutput: ${t.output.slice(0, INPUT_TRUNCATE)}`)
+    .join('\n\n');
+
+  try {
+    const res = await fetch(`${llamaSwapUrl}/v1/chat/completions`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        model,
+        messages: [
+          { role: 'system', content: TOOL_SUMMARY_SYSTEM_PROMPT },
+          { role: 'user', content: toolText },
+        ],
+        max_tokens: 30,
+        temperature: 0.2,
+        stream: false,
+        chat_template_kwargs: { enable_thinking: false },
+      }),
+      signal,
+    });
+    if (!res.ok) {
+      log.debug({ status: res.status }, 'tool-summary: LLM request failed');
+      return null;
+    }
+    const data = await res.json() as { choices?: Array<{ message?: { content?: string } }> };
+    const raw = data.choices?.[0]?.message?.content?.trim() ?? '';
+    if (!raw) return null;
+    // Clean: strip quotes, "Label:" prefix, cap length
+    let cleaned = raw.split('\n')[0]?.trim() ?? '';
+    cleaned = cleaned
+      .replace(/^[-*•]\s+/, '')
+      .replace(/^["'`‘’“”]|["'`‘’“”]$/g, '')
+      .replace(/^(label|summary)\s*:\s*/i, '')
+      .trim();
+    return cleaned.length > MAX_SUMMARY_LENGTH
+      ? cleaned.slice(0, MAX_SUMMARY_LENGTH).trim()
+      : cleaned || null;
+  } catch (err) {
+    log.debug({ err: err instanceof Error ? err.message : String(err) }, 'tool-summary: error');
+    return null;
+  }
+}

apps/web/src/api/client.ts

@@ -13,6 +13,7 @@ import type {
   Skill,
   AskUserAnswer,
   ToolCostStat,
+  Provider,
 } from './types';
 
 export class ApiError extends Error {
@@ -298,6 +299,10 @@ export const api = {
 
   models: () => request<ModelInfo[]>('/api/models'),
 
+  coder: {
+    providers: () => request<Provider[]>('/api/coder/providers'),
+  },
+
   agents: {
     list: (projectId: string) =>
       request<AgentsResponse>(`/api/projects/${projectId}/agents`),

apps/web/src/api/types.ts

@@ -206,6 +206,19 @@ export interface ModelInfo {
   [key: string]: unknown;
 }
 
+export interface ProviderModel {
+  id: string;
+  label: string;
+}
+
+export interface Provider {
+  name: string;
+  label: string;
+  transport: string;
+  installed: boolean;
+  models: ProviderModel[];
+}
+
 export interface SidebarSession {
   id: string;
   name: string;

apps/web/src/components/MessageList.tsx

@@ -1,4 +1,4 @@
-import { useEffect, useMemo, useRef } from 'react';
+import { useCallback, useEffect, useMemo, useRef } from 'react';
 import type { Chat, Message } from '@/api/types';
 import { MessageBubble } from './MessageBubble';
 import { ToolCallGroup } from './ToolCallGroup';
@@ -142,13 +142,26 @@ function stampCapHits(items: RenderItem[]): RenderItem[] {
   });
 }
 
+const SCROLL_THRESHOLD_PX = 150;
+
 export function MessageList({ messages, sessionChats }: Props) {
   const endRef = useRef<HTMLDivElement>(null);
+  const scrollContainerRef = useRef<HTMLDivElement>(null);
+  const isNearBottomRef = useRef(true);
 
   const renderItems = useMemo(() => stampCapHits(group(flatten(messages))), [messages]);
 
+  const handleScroll = useCallback(() => {
+    const el = scrollContainerRef.current;
+    if (!el) return;
+    isNearBottomRef.current =
+      el.scrollHeight - el.scrollTop - el.clientHeight < SCROLL_THRESHOLD_PX;
+  }, []);
+
   useEffect(() => {
-    endRef.current?.scrollIntoView({ block: 'end' });
+    if (isNearBottomRef.current) {
+      endRef.current?.scrollIntoView({ block: 'end' });
+    }
   }, [messages]);
 
   if (messages.length === 0) {
@@ -160,7 +173,7 @@ export function MessageList({ messages, sessionChats }: Props) {
   }
 
   return (
-    <div className="flex-1 overflow-y-auto">
+    <div className="flex-1 overflow-y-auto" ref={scrollContainerRef} onScroll={handleScroll}>
       <div className="max-w-[1000px] mx-auto w-full px-6 py-4 space-y-4">
         {renderItems.map((item) => {
           if (item.kind === 'message') {

apps/web/src/components/ProviderPicker.tsx

@@ -0,0 +1,178 @@
+import { useEffect, useState } from 'react';
+import { Check, ChevronDown, Cpu } from 'lucide-react';
+import { api } from '@/api/client';
+import type { Provider } from '@/api/types';
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger,
+} from '@/components/ui/dropdown-menu';
+import { BottomSheet } from '@/components/BottomSheet';
+import { useViewport } from '@/hooks/useViewport';
+
+interface Props {
+  provider: string;
+  model: string;
+  onChange: (provider: string, model: string) => void | Promise<void>;
+}
+
+function ProviderModelList({
+  providers,
+  error,
+  currentProvider,
+  currentModel,
+  onPick,
+}: {
+  providers: Provider[] | null;
+  error: string | null;
+  currentProvider: string;
+  currentModel: string;
+  onPick: (provider: string, model: string) => void;
+}) {
+  if (error) {
+    return <div className="px-2 py-1.5 text-xs text-destructive">{error}</div>;
+  }
+  if (providers === null) {
+    return <div className="px-2 py-1.5 text-xs text-muted-foreground">Loading...</div>;
+  }
+
+  const singleProvider = providers.length === 1;
+
+  return (
+    <>
+      {providers.map((p) => (
+        <div key={p.name}>
+          {!singleProvider && (
+            <div className="px-2 pt-2 pb-1 text-[10px] font-medium uppercase tracking-wider text-muted-foreground/70">
+              {p.label}
+            </div>
+          )}
+          {p.models.map((m) => (
+            <button
+              key={`${p.name}:${m.id}`}
+              type="button"
+              onClick={() => onPick(p.name, m.id)}
+              className="w-full text-left flex items-center gap-2 font-mono text-xs px-2 py-1.5 hover:bg-accent rounded"
+            >
+              <Check
+                className={`size-3 shrink-0 ${
+                  p.name === currentProvider && m.id === currentModel
+                    ? 'opacity-100'
+                    : 'opacity-0'
+                }`}
+              />
+              <span className="truncate">{m.label}</span>
+            </button>
+          ))}
+        </div>
+      ))}
+    </>
+  );
+}
+
+export function ProviderPicker({ provider, model, onChange }: Props) {
+  const { isMobile } = useViewport();
+  const [providers, setProviders] = useState<Provider[] | null>(null);
+  const [error, setError] = useState<string | null>(null);
+  const [open, setOpen] = useState(false);
+
+  useEffect(() => {
+    if (!open || providers !== null) return;
+    api.coder
+      .providers()
+      .then(setProviders)
+      .catch((err) =>
+        setError(err instanceof Error ? err.message : 'failed to load providers'),
+      );
+  }, [open, providers]);
+
+  function handlePick(prov: string, mod: string) {
+    setOpen(false);
+    void onChange(prov, mod);
+  }
+
+  const currentProviderLabel =
+    providers?.find((p) => p.name === provider)?.label ?? provider;
+
+  const triggerText = providers && providers.length > 1
+    ? `${currentProviderLabel} / ${model}`
+    : model;
+
+  if (isMobile) {
+    return (
+      <>
+        <button
+          type="button"
+          onClick={() => setOpen(true)}
+          aria-label={`Provider: ${currentProviderLabel}, Model: ${model}`}
+          title={`${currentProviderLabel} / ${model}`}
+          className="inline-flex items-center justify-center min-h-[44px] min-w-[44px] rounded text-muted-foreground hover:text-foreground"
+        >
+          <Cpu className="size-4" />
+        </button>
+        <BottomSheet open={open} onClose={() => setOpen(false)} title="Provider / Model">
+          <div className="px-2 py-2 space-y-1">
+            <ProviderModelList
+              providers={providers}
+              error={error}
+              currentProvider={provider}
+              currentModel={model}
+              onPick={handlePick}
+            />
+          </div>
+        </BottomSheet>
+      </>
+    );
+  }
+
+  return (
+    <DropdownMenu open={open} onOpenChange={setOpen}>
+      <DropdownMenuTrigger asChild>
+        <button
+          type="button"
+          className="text-xs font-mono text-muted-foreground hover:text-foreground flex items-center gap-1 px-1.5 py-0.5 rounded hover:bg-muted/60 max-w-[260px]"
+        >
+          <span className="truncate">{triggerText}</span>
+          <ChevronDown className="size-3 opacity-70 shrink-0" />
+        </button>
+      </DropdownMenuTrigger>
+      <DropdownMenuContent align="end" className="max-h-80 overflow-y-auto min-w-[200px]">
+        {error && (
+          <div className="px-2 py-1.5 text-xs text-destructive">{error}</div>
+        )}
+        {providers === null && !error && (
+          <div className="px-2 py-1.5 text-xs text-muted-foreground">Loading...</div>
+        )}
+        {providers && providers.map((p) => {
+          const singleProvider = providers.length === 1;
+          return (
+            <div key={p.name}>
+              {!singleProvider && (
+                <div className="px-2 pt-2 pb-1 text-[10px] font-medium uppercase tracking-wider text-muted-foreground/70 select-none">
+                  {p.label}
+                </div>
+              )}
+              {p.models.map((m) => (
+                <DropdownMenuItem
+                  key={`${p.name}:${m.id}`}
+                  onSelect={() => handlePick(p.name, m.id)}
+                  className="font-mono text-xs"
+                >
+                  <Check
+                    className={`size-3 shrink-0 ${
+                      p.name === provider && m.id === model
+                        ? 'opacity-100'
+                        : 'opacity-0'
+                    }`}
+                  />
+                  {m.label}
+                </DropdownMenuItem>
+              ))}
+            </div>
+          );
+        })}
+      </DropdownMenuContent>
+    </DropdownMenu>
+  );
+}

apps/web/src/components/panes/CoderPane.tsx

@@ -10,6 +10,7 @@
 import { useCallback, useEffect, useRef, useState } from 'react';
 import { Code, Send, Check, X, RefreshCw } from 'lucide-react';
 import { MarkdownRenderer } from '@/components/MarkdownRenderer';
+import { ProviderPicker } from '@/components/ProviderPicker';
 import { cn } from '@/lib/utils';
 
 // ---------------------------------------------------------------------------
@@ -300,6 +301,8 @@ export function CoderPane({ sessionId }: Props) {
   const { changes, loading, refresh, approve, reject } = usePendingChanges(sessionId);
   const [input, setInput] = useState('');
   const [sending, setSending] = useState(false);
+  const [provider, setProvider] = useState('boocode');
+  const [model, setModel] = useState('qwen3.6-35b-a3b-mxfp4');
   const messagesEndRef = useRef<HTMLDivElement>(null);
   const inputRef = useRef<HTMLTextAreaElement>(null);
 
@@ -331,7 +334,11 @@ export function CoderPane({ sessionId }: Props) {
       const res = await fetch(`/api/coder/sessions/${sessionId}/messages`, {
         method: 'POST',
         headers: { 'content-type': 'application/json' },
-        body: JSON.stringify({ content: text }),
+        body: JSON.stringify({
+          content: text,
+          provider: provider !== 'boocode' ? provider : undefined,
+          model: model || undefined,
+        }),
       });
       if (res.ok) {
         const data = await res.json();
@@ -347,7 +354,7 @@ export function CoderPane({ sessionId }: Props) {
     } finally {
       setSending(false);
     }
-  }, [input, sending, sessionId, setMessages]);
+  }, [input, sending, sessionId, provider, model, setMessages]);
 
   const handleKeyDown = useCallback(
     (e: React.KeyboardEvent) => {
@@ -363,11 +370,18 @@ export function CoderPane({ sessionId }: Props) {
     <div className="flex flex-col h-full bg-background">
       {/* Header */}
       <div className="flex items-center gap-2 px-3 py-1.5 border-b border-border bg-muted/30 shrink-0">
-        <Code size={14} className="text-muted-foreground" />
-        <span className="text-xs font-medium text-muted-foreground">BooCoder</span>
+        <Code size={14} className="text-muted-foreground shrink-0" />
+        <ProviderPicker
+          provider={provider}
+          model={model}
+          onChange={(prov, mod) => {
+            setProvider(prov);
+            setModel(mod);
+          }}
+        />
         <span
           className={cn(
-            'inline-block w-1.5 h-1.5 rounded-full ml-auto',
+            'inline-block w-1.5 h-1.5 rounded-full ml-auto shrink-0',
             connected ? 'bg-green-500' : 'bg-red-500'
           )}
           title={connected ? 'Connected' : 'Disconnected'}

boocode_roadmap.md

@@ -312,6 +312,8 @@ Independent batch — ships clean any time after v1.13. Low leverage unless Sam
 
 **Estimated:** ~1500 LoC for Path A + Path B + shared schema, plus ~400 LoC for the MCP-server role, plus ~300 LoC for the ACP-client role. Multiple sub-versions: v2.0.0 native + ACP, v2.0.1 MCP server, v2.0.2 polish.
 
+**Retrospective (2026-05-25):** All 8 phases shipped. v2.0.0-alpha through v2.0.4-hardening. The full BooCoder line is complete: write tools with pending-changes queue, dispatcher with ACP/PTY dual paths, MCP server (6 tools, stdio transport, 10-question eval passed), CLI client, human inbox, Boomerang `new_task` orchestration, and path-guard fuzz suite (34 traversal-attack tests). Runtime isolation (v2.1) remains optional pending production bake.
+
 -----
 
 ## v2.1 — BooCoder runtime isolation (optional)

docker-compose.yml

@@ -10,6 +10,7 @@ services:
       CODECONTEXT_URL: http://codecontext:8080
       CONTAINER_GUIDANCE_FILE: /app/BOOCHAT.md
       DATABASE_URL: postgres://boocode:${POSTGRES_PASSWORD}@boocode_db:5432/boochat
+      BOOCODER_URL: http://100.114.205.53:9502
     volumes:
       - /opt:/opt
       - /opt/projects:/opt/projects:rw
@@ -50,27 +51,29 @@ services:
     networks:
       - boocode_net
 
-  boocoder:
-    build:
-      context: .
-      dockerfile: apps/coder/Dockerfile
-    container_name: boocoder
-    restart: unless-stopped
-    ports:
-      - "100.114.205.53:9502:3000"
-    env_file: .env
-    environment:
-      CONTAINER_GUIDANCE_FILE: /app/BOOCODER.md
-      DATABASE_URL: postgres://boocode:${POSTGRES_PASSWORD}@boocode_db:5432/boochat
-    volumes:
-      - /opt:/opt:rw
-      - /opt/projects:/opt/projects:rw
-      - ./data:/data
-      - /opt/boocode/BOOCODER.md:/app/BOOCODER.md:ro
-    depends_on:
-      - boocode_db
-    networks:
-      - boocode_net
+  # v2.1.1: boocoder moved to systemd service on host (boocoder.service).
+  # Kept commented for rollback reference.
+  # boocoder:
+  #   build:
+  #     context: .
+  #     dockerfile: apps/coder/Dockerfile
+  #   container_name: boocoder
+  #   restart: unless-stopped
+  #   ports:
+  #     - "100.114.205.53:9502:3000"
+  #   env_file: .env
+  #   environment:
+  #     CONTAINER_GUIDANCE_FILE: /app/BOOCODER.md
+  #     DATABASE_URL: postgres://boocode:${POSTGRES_PASSWORD}@boocode_db:5432/boochat
+  #   volumes:
+  #     - /opt:/opt:rw
+  #     - /opt/projects:/opt/projects:rw
+  #     - ./data:/data
+  #     - /opt/boocode/BOOCODER.md:/app/BOOCODER.md:ro
+  #   depends_on:
+  #     - boocode_db
+  #   networks:
+  #     - boocode_net
 
   boocode_db:
     image: postgres:16-alpine

pnpm-lock.yaml

@@ -69,6 +69,9 @@ importers:
       postgres:
         specifier: ^3.4.4
         version: 3.4.9
+      ws:
+        specifier: ^8.18.0
+        version: 8.20.1
       zod:
         specifier: ^3.23.8
         version: 3.25.76
@@ -76,6 +79,9 @@ importers:
       '@types/node':
         specifier: ^20.14.10
         version: 20.19.41
+      '@types/ws':
+        specifier: ^8.5.10
+        version: 8.18.1
       tsx:
         specifier: ^4.16.2
         version: 4.22.0