feat: relicense AGPL-3.0 → MIT (v2.7.0)

Clear the 3 Unsloth-Studio-derived AGPL files and flip LICENSE + 5 package.json from AGPL-3.0-only to MIT. - html-to-md.ts → MIT node-html-markdown (parse5 dropped) - llama-args-validator.ts → clean-room (flag denylist = facts) - tool-call-parser.ts → delete dead Unsloth-ported code; keep extractToolCallBlocks/stripToolMarkup byte-identical (no behavior change) - LICENSE → MIT (Copyright (c) 2026 indifferentketchup); 5 package.json → MIT; AGPL SPDX headers removed; README License section; license-mit guard test - roadmap License-debt batch marked shipped; openspec/changes/license-debt-mit Decouples the relicense from the native-parsing retirement (the ported parser was dead code). Server suite 519 passing; build + coder typecheck clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Merge v2611-followups: v2.6.11 apps/server close-hook caller + DiffPanel staging hint
2026-06-01 08:16:03 +00:00 · 2026-06-01 02:35:21 +00:00 · 2026-06-01 02:35:21 +00:00 · 2026-06-01 02:35:11 +00:00 · 2026-06-01 01:10:16 +00:00 · 2026-06-01 01:10:16 +00:00
39 changed files with 2487 additions and 1612 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,18 @@
 All notable changes per release tag. Most recent on top, ordered by tag creation date (which matches the git history). Tag names follow `vMAJOR.MINOR.PATCH-slug` — the slug describes what shipped, so the tag name alone is enough to recall the batch.
 ## v2.7.0-mit — 2026-06-01
 Relicenses BooCode from AGPL-3.0 back to MIT by clearing the three Unsloth-Studio-derived files the `v2.4.0`/`v2.4.1` lifts pulled in — the root `LICENSE` and all five `package.json` had been `AGPL-3.0-only`, making the network-served work AGPL §13-encumbered. The enabling finding decoupled the relicense from the long-planned native-llama-server-parsing retirement: `tool-call-parser.ts`'s Unsloth-ported algorithm (`parseToolCallsFromText`/`scanBalancedBraces` + unused nudge constants) was **dead code** with no production import, so it was simply deleted while the load-bearing `extractToolCallBlocks`/`stripToolMarkup` (BooCode-authored streaming helpers) were kept byte-identical — no behavior change to the live tool-call path. `html-to-md.ts` was swapped to the MIT `node-html-markdown` library (`parse5` dropped; the only behavior delta is column-aligned tables, GFM hard-break `<br>`, and `<ol start>` renumbering, all feeding the LLM via `web_fetch`), and `llama-args-validator.ts` was clean-room rewritten with the managed-flag denylist re-derived from the public llama-server flag list (facts, not copyrightable). The license flip set `LICENSE` to MIT (`Copyright (c) 2026 indifferentketchup`), the five `package.json` to `MIT`, removed every AGPL SPDX header, added a README License section, and added a `license-mit` guard test that fails if AGPL provenance returns. Built by three parallel agents over the disjoint files; full server suite 519 passing (incl. 9 new guard tests), server build + coder typecheck clean. Resolves `boocode_code_review_v2.md` §1 #1 / §5k and the roadmap's `License-debt` batch (openspec `license-debt-mit`); supersedes that batch's original staged plan, which had entangled the flip with a live qwen3.6 validation window.
 ## v2.6.11-close-hooks-staging — 2026-06-01
 The two v2.6 follow-ups left after `v2.6.10-lifecycle-hardening`. **Server close-hook caller:** `apps/server` (BooChat) now fire-and-forgets BooCoder's Phase-3 close hooks so warm agent backends + worktrees tear down *immediately* on delete/archive instead of waiting for the idle-evict/reaper backstop — a new `coder-notify.ts` `notifyCoderClose(kind,id)` (reusing the v2.6.2 `BOOCODER_URL` reach, never-rejects) is `void`-called after the WS frame at session-delete (`POST /api/sessions/:id/close`) and chat archive / archive-all / delete (`POST /api/chats/:id/close`); an unreachable coder can never block or fail the user's delete/archive. **Staging-boundary hint (task 3.7):** the BooCoder DiffPanel now shows a muted one-liner when the selected provider can't see another agent's unapplied worktree edits — native boocode selected + external-agent-staged changes (or vice-versa) → "<agent>'s edits live in its worktree — BooCode won't see them until applied" — derived purely from the per-change `agent` + current provider, no new state. 6 new server tests (`coder-notify`), 537 server tests pass; web + server tsc/build clean. **With these the v2.6 openspec is fully closed** — only the live Smoke 2/2b/3 remain (manual exercise).
 ## v2.6.10-lifecycle-hardening — 2026-06-01
 v2.6 Phase 3 (the last phase) — lifecycle hardening of the warm-process backends. **Idle eviction + LRU cap:** the agent pool runs a 60s sweep that evicts backends/sessions idle past `AGENT_POOL_IDLE_TTL_MS` (30 min default) and any beyond `AGENT_POOL_MAX_LIVE` (10, LRU) — **never a busy one** (in-flight turn, double-checked via a new `isBusy()` backend hook); the worktree persists (DB-backed) and the next turn re-spawns + reattaches. The eviction/LRU/restart decisions are factored into a pure `lifecycle-decisions.ts` (modeled on the inference `selectPruneTargets` pattern). **Crash recovery:** lifts openchamber's health-monitor + busy-aware-restart + consecutive-failure + stale-busy-grace state machine into `opencode-server.ts` (with port reclaim) and `warm-acp.ts` — an opencode server crash settles in-flight turns as failed, marks the rows `crashed`, and recreates fresh sessions (a fresh server can't hold the old in-memory id), while a warm-ACP child crash re-`session/new`s next turn; the F.1 turn-guard and U.6 usage are preserved (their tests still pass). **Worktree reaper:** a periodic reaper removes orphan on-disk worktrees (no live `worktrees` row, 1h grace) behind a superset-style preflight that skips dirty/unpushed/unmerged work, with Paseo-style soft-delete (`status='archived'`). Plus close hooks (`/api/chats/:id/close`, `/api/sessions/:id/close`, awaiting the apps/server caller) and diff re-baseline after `apply_pending`. Built test-first — 35 new tests (`lifecycle-decisions` 22, `agent-pool` 13) + a DB-opt-in reconnect integration test; 215 coder tests pass, tsc + build clean. **This completes v2.6** (Phase 0–3 + F.1 + Phase 1-UX). Remaining follow-ups (out of v2.6 scope): the apps/server close-hook caller, the 3.7 DiffPanel staging-boundary hint (frontend), and live Smoke 2/2b/3.
 ## v2.6.9-warm-acp — 2026-05-31
 v2.6 Phase 2: goose and qwen now run as **warm ACP backends** instead of one-shot-per-task. A new `WarmAcpBackend` (`backends/warm-acp.ts`, implementing the same `AgentBackend` interface as the opencode warm server) holds one persistent `goose acp` / `qwen --acp` child + `ClientSideConnection` + ACP session per `(chat, agent)`, running `initialize` + `session/new` once and reusing the connection across turns; per-turn abort cancels the in-flight prompt (`session/cancel`) without killing the child, and a child exit marks `agent_sessions.status='crashed'` for re-spawn on the next turn. The dispatcher routes `goose`/`qwen` chat-tab tasks to the pooled warm backend via a pure `shouldUseWarmBackend(task)` predicate (warm only when both `session_id` and `chat_id` are set), keeping the one-shot `runExternalAgent` path as the fallback for session-less creators (arena, MCP, `new_task`); broker frames + `persistExternalAgentTurn` + the latest-wins `pending_changes` diff are identical to the opencode path. The `acp-dispatch.ts` `handleSessionUpdate` switch was extracted into a pure shared `acp-event-map.ts` mapper used by both the one-shot and warm paths (one-shot behavior byte-identical, all existing acp tests green). The design's `unstable_resumeSession` concern is resolved — the installed `@agentclientprotocol/sdk@^0.22.1` exposes stable `resumeSession`/`loadSession`, but resume is moot in the hot path (warm reuse needs none); cross-restart resume + idle eviction are deferred to Phase 3. Built test-first (15 new tests: `warm-acp-routing`, `acp-event-map`); 180 coder tests pass, tsc + build clean. **Smoke 2/2b (live two-message warm reuse + the opencode→boocode→opencode switch round-trip) to be run post-deploy.** Phase 3 (lifecycle hardening) is the last v2.6 phase.
--- a/682
+++ b/682
@@ -1,661 +1,21 @@
-                    GNU AFFERO GENERAL PUBLIC LICENSE
+MIT License
-                       Version 3, 19 November 2007
+
-
+Copyright (c) 2026 indifferentketchup
- Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+
- Everyone is permitted to copy and distribute verbatim copies
+Permission is hereby granted, free of charge, to any person obtaining a copy
- of this license document, but changing it is not allowed.
+of this software and associated documentation files (the "Software"), to deal
-
+in the Software without restriction, including without limitation the rights
-                            Preamble
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-
+copies of the Software, and to permit persons to whom the Software is
-  The GNU Affero General Public License is a free, copyleft license for
+furnished to do so, subject to the following conditions:
-software and other kinds of works, specifically designed to ensure
+
-cooperation with the community in the case of network server software.
+The above copyright notice and this permission notice shall be included in all
-
+copies or substantial portions of the Software.
-  The licenses for most software and other practical works are designed
+
-to take away your freedom to share and change the works.  By contrast,
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-our General Public Licenses are intended to guarantee your freedom to
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-share and change all versions of a program--to make sure it remains free
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-software for all its users.
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-  When we speak of free software, we are referring to freedom, not
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-price.  Our General Public Licenses are designed to make sure that you
+SOFTWARE.
 have the freedom to distribute copies of free software (and charge for
 them if you wish), that you receive source code or can get it if you
 want it, that you can change the software or use pieces of it in new
 free programs, and that you know you can do these things.
  Developers that use our General Public Licenses protect your rights
 with two steps: (1) assert copyright on the software, and (2) offer
 you this License which gives you legal permission to copy, distribute
 and/or modify the software.
  A secondary benefit of defending all users' freedom is that
 improvements made in alternate versions of the program, if they
 receive widespread use, become available for other developers to
 incorporate.  Many developers of free software are heartened and
 encouraged by the resulting cooperation.  However, in the case of
 software used on network servers, this result may fail to come about.
 The GNU General Public License permits making a modified version and
 letting the public access it on a server without ever releasing its
 source code to the public.
  The GNU Affero General Public License is designed specifically to
 ensure that, in such cases, the modified source code becomes available
 to the community.  It requires the operator of a network server to
 provide the source code of the modified version running there to the
 users of that server.  Therefore, public use of a modified version, on
 a publicly accessible server, gives the public access to the source
 code of the modified version.
  An older license, called the Affero General Public License and
 published by Affero, was designed to accomplish similar goals.  This is
 a different license, not a version of the Affero GPL, but Affero has
 released a new version of the Affero GPL which permits relicensing under
 this license.
  The precise terms and conditions for copying, distribution and
 modification follow.
                       TERMS AND CONDITIONS
  0. Definitions.
  "This License" refers to version 3 of the GNU Affero General Public License.
  "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
  "The Program" refers to any copyrightable work licensed under this
 License.  Each licensee is addressed as "you".  "Licensees" and
 "recipients" may be individuals or organizations.
  To "modify" a work means to copy from or adapt all or part of the work
 in a fashion requiring copyright permission, other than the making of an
 exact copy.  The resulting work is called a "modified version" of the
 earlier work or a work "based on" the earlier work.
  A "covered work" means either the unmodified Program or a work based
 on the Program.
  To "propagate" a work means to do anything with it that, without
 permission, would make you directly or secondarily liable for
 infringement under applicable copyright law, except executing it on a
 computer or modifying a private copy.  Propagation includes copying,
 distribution (with or without modification), making available to the
 public, and in some countries other activities as well.
  To "convey" a work means any kind of propagation that enables other
 parties to make or receive copies.  Mere interaction with a user through
 a computer network, with no transfer of a copy, is not conveying.
  An interactive user interface displays "Appropriate Legal Notices"
 to the extent that it includes a convenient and prominently visible
 feature that (1) displays an appropriate copyright notice, and (2)
 tells the user that there is no warranty for the work (except to the
 extent that warranties are provided), that licensees may convey the
 work under this License, and how to view a copy of this License.  If
 the interface presents a list of user commands or options, such as a
 menu, a prominent item in the list meets this criterion.
  1. Source Code.
  The "source code" for a work means the preferred form of the work
 for making modifications to it.  "Object code" means any non-source
 form of a work.
  A "Standard Interface" means an interface that either is an official
 standard defined by a recognized standards body, or, in the case of
 interfaces specified for a particular programming language, one that
 is widely used among developers working in that language.
  The "System Libraries" of an executable work include anything, other
 than the work as a whole, that (a) is included in the normal form of
 packaging a Major Component, but which is not part of that Major
 Component, and (b) serves only to enable use of the work with that
 Major Component, or to implement a Standard Interface for which an
 implementation is available to the public in source code form.  A
 "Major Component", in this context, means a major essential component
 (kernel, window system, and so on) of the specific operating system
 (if any) on which the executable work runs, or a compiler used to
 produce the work, or an object code interpreter used to run it.
  The "Corresponding Source" for a work in object code form means all
 the source code needed to generate, install, and (for an executable
 work) run the object code and to modify the work, including scripts to
 control those activities.  However, it does not include the work's
 System Libraries, or general-purpose tools or generally available free
 programs which are used unmodified in performing those activities but
 which are not part of the work.  For example, Corresponding Source
 includes interface definition files associated with source files for
 the work, and the source code for shared libraries and dynamically
 linked subprograms that the work is specifically designed to require,
 such as by intimate data communication or control flow between those
 subprograms and other parts of the work.
  The Corresponding Source need not include anything that users
 can regenerate automatically from other parts of the Corresponding
 Source.
  The Corresponding Source for a work in source code form is that
 same work.
  2. Basic Permissions.
  All rights granted under this License are granted for the term of
 copyright on the Program, and are irrevocable provided the stated
 conditions are met.  This License explicitly affirms your unlimited
 permission to run the unmodified Program.  The output from running a
 covered work is covered by this License only if the output, given its
 content, constitutes a covered work.  This License acknowledges your
 rights of fair use or other equivalent, as provided by copyright law.
  You may make, run and propagate covered works that you do not
 convey, without conditions so long as your license otherwise remains
 in force.  You may convey covered works to others for the sole purpose
 of having them make modifications exclusively for you, or provide you
 with facilities for running those works, provided that you comply with
 the terms of this License in conveying all material for which you do
 not control copyright.  Those thus making or running the covered works
 for you must do so exclusively on your behalf, under your direction
 and control, on terms that prohibit them from making any copies of
 your copyrighted material outside their relationship with you.
  Conveying under any other circumstances is permitted solely under
 the conditions stated below.  Sublicensing is not allowed; section 10
 makes it unnecessary.
  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
  No covered work shall be deemed part of an effective technological
 measure under any applicable law fulfilling obligations under article
 11 of the WIPO copyright treaty adopted on 20 December 1996, or
 similar laws prohibiting or restricting circumvention of such
 measures.
  When you convey a covered work, you waive any legal power to forbid
 circumvention of technological measures to the extent such circumvention
 is effected by exercising rights under this License with respect to
 the covered work, and you disclaim any intention to limit operation or
 modification of the work as a means of enforcing, against the work's
 users, your or third parties' legal rights to forbid circumvention of
 technological measures.
  4. Conveying Verbatim Copies.
  You may convey verbatim copies of the Program's source code as you
 receive it, in any medium, provided that you conspicuously and
 appropriately publish on each copy an appropriate copyright notice;
 keep intact all notices stating that this License and any
 non-permissive terms added in accord with section 7 apply to the code;
 keep intact all notices of the absence of any warranty; and give all
 recipients a copy of this License along with the Program.
  You may charge any price or no price for each copy that you convey,
 and you may offer support or warranty protection for a fee.
  5. Conveying Modified Source Versions.
  You may convey a work based on the Program, or the modifications to
 produce it from the Program, in the form of source code under the
 terms of section 4, provided that you also meet all of these conditions:
    a) The work must carry prominent notices stating that you modified
    it, and giving a relevant date.
    b) The work must carry prominent notices stating that it is
    released under this License and any conditions added under section
    7.  This requirement modifies the requirement in section 4 to
    "keep intact all notices".
    c) You must license the entire work, as a whole, under this
    License to anyone who comes into possession of a copy.  This
    License will therefore apply, along with any applicable section 7
    additional terms, to the whole of the work, and all its parts,
    regardless of how they are packaged.  This License gives no
    permission to license the work in any other way, but it does not
    invalidate such permission if you have separately received it.
    d) If the work has interactive user interfaces, each must display
    Appropriate Legal Notices; however, if the Program has interactive
    interfaces that do not display Appropriate Legal Notices, your
    work need not make them do so.
  A compilation of a covered work with other separate and independent
 works, which are not by their nature extensions of the covered work,
 and which are not combined with it such as to form a larger program,
 in or on a volume of a storage or distribution medium, is called an
 "aggregate" if the compilation and its resulting copyright are not
 used to limit the access or legal rights of the compilation's users
 beyond what the individual works permit.  Inclusion of a covered work
 in an aggregate does not cause this License to apply to the other
 parts of the aggregate.
  6. Conveying Non-Source Forms.
  You may convey a covered work in object code form under the terms
 of sections 4 and 5, provided that you also convey the
 machine-readable Corresponding Source under the terms of this License,
 in one of these ways:
    a) Convey the object code in, or embodied in, a physical product
    (including a physical distribution medium), accompanied by the
    Corresponding Source fixed on a durable physical medium
    customarily used for software interchange.
    b) Convey the object code in, or embodied in, a physical product
    (including a physical distribution medium), accompanied by a
    written offer, valid for at least three years and valid for as
    long as you offer spare parts or customer support for that product
    model, to give anyone who possesses the object code either (1) a
    copy of the Corresponding Source for all the software in the
    product that is covered by this License, on a durable physical
    medium customarily used for software interchange, for a price no
    more than your reasonable cost of physically performing this
    conveying of source, or (2) access to copy the
    Corresponding Source from a network server at no charge.
    c) Convey individual copies of the object code with a copy of the
    written offer to provide the Corresponding Source.  This
    alternative is allowed only occasionally and noncommercially, and
    only if you received the object code with such an offer, in accord
    with subsection 6b.
    d) Convey the object code by offering access from a designated
    place (gratis or for a charge), and offer equivalent access to the
    Corresponding Source in the same way through the same place at no
    further charge.  You need not require recipients to copy the
    Corresponding Source along with the object code.  If the place to
    copy the object code is a network server, the Corresponding Source
    may be on a different server (operated by you or a third party)
    that supports equivalent copying facilities, provided you maintain
    clear directions next to the object code saying where to find the
    Corresponding Source.  Regardless of what server hosts the
    Corresponding Source, you remain obligated to ensure that it is
    available for as long as needed to satisfy these requirements.
    e) Convey the object code using peer-to-peer transmission, provided
    you inform other peers where the object code and Corresponding
    Source of the work are being offered to the general public at no
    charge under subsection 6d.
  A separable portion of the object code, whose source code is excluded
 from the Corresponding Source as a System Library, need not be
 included in conveying the object code work.
  A "User Product" is either (1) a "consumer product", which means any
 tangible personal property which is normally used for personal, family,
 or household purposes, or (2) anything designed or sold for incorporation
 into a dwelling.  In determining whether a product is a consumer product,
 doubtful cases shall be resolved in favor of coverage.  For a particular
 product received by a particular user, "normally used" refers to a
 typical or common use of that class of product, regardless of the status
 of the particular user or of the way in which the particular user
 actually uses, or expects or is expected to use, the product.  A product
 is a consumer product regardless of whether the product has substantial
 commercial, industrial or non-consumer uses, unless such uses represent
 the only significant mode of use of the product.
  "Installation Information" for a User Product means any methods,
 procedures, authorization keys, or other information required to install
 and execute modified versions of a covered work in that User Product from
 a modified version of its Corresponding Source.  The information must
 suffice to ensure that the continued functioning of the modified object
 code is in no case prevented or interfered with solely because
 modification has been made.
  If you convey an object code work under this section in, or with, or
 specifically for use in, a User Product, and the conveying occurs as
 part of a transaction in which the right of possession and use of the
 User Product is transferred to the recipient in perpetuity or for a
 fixed term (regardless of how the transaction is characterized), the
 Corresponding Source conveyed under this section must be accompanied
 by the Installation Information.  But this requirement does not apply
 if neither you nor any third party retains the ability to install
 modified object code on the User Product (for example, the work has
 been installed in ROM).
  The requirement to provide Installation Information does not include a
 requirement to continue to provide support service, warranty, or updates
 for a work that has been modified or installed by the recipient, or for
 the User Product in which it has been modified or installed.  Access to a
 network may be denied when the modification itself materially and
 adversely affects the operation of the network or violates the rules and
 protocols for communication across the network.
  Corresponding Source conveyed, and Installation Information provided,
 in accord with this section must be in a format that is publicly
 documented (and with an implementation available to the public in
 source code form), and must require no special password or key for
 unpacking, reading or copying.
  7. Additional Terms.
  "Additional permissions" are terms that supplement the terms of this
 License by making exceptions from one or more of its conditions.
 Additional permissions that are applicable to the entire Program shall
 be treated as though they were included in this License, to the extent
 that they are valid under applicable law.  If additional permissions
 apply only to part of the Program, that part may be used separately
 under those permissions, but the entire Program remains governed by
 this License without regard to the additional permissions.
  When you convey a copy of a covered work, you may at your option
 remove any additional permissions from that copy, or from any part of
 it.  (Additional permissions may be written to require their own
 removal in certain cases when you modify the work.)  You may place
 additional permissions on material, added by you to a covered work,
 for which you have or can give appropriate copyright permission.
  Notwithstanding any other provision of this License, for material you
 add to a covered work, you may (if authorized by the copyright holders of
 that material) supplement the terms of this License with terms:
    a) Disclaiming warranty or limiting liability differently from the
    terms of sections 15 and 16 of this License; or
    b) Requiring preservation of specified reasonable legal notices or
    author attributions in that material or in the Appropriate Legal
    Notices displayed by works containing it; or
    c) Prohibiting misrepresentation of the origin of that material, or
    requiring that modified versions of such material be marked in
    reasonable ways as different from the original version; or
    d) Limiting the use for publicity purposes of names of licensors or
    authors of the material; or
    e) Declining to grant rights under trademark law for use of some
    trade names, trademarks, or service marks; or
    f) Requiring indemnification of licensors and authors of that
    material by anyone who conveys the material (or modified versions of
    it) with contractual assumptions of liability to the recipient, for
    any liability that these contractual assumptions directly impose on
    those licensors and authors.
  All other non-permissive additional terms are considered "further
 restrictions" within the meaning of section 10.  If the Program as you
 received it, or any part of it, contains a notice stating that it is
 governed by this License along with a term that is a further
 restriction, you may remove that term.  If a license document contains
 a further restriction but permits relicensing or conveying under this
 License, you may add to a covered work material governed by the terms
 of that license document, provided that the further restriction does
 not survive such relicensing or conveying.
  If you add terms to a covered work in accord with this section, you
 must place, in the relevant source files, a statement of the
 additional terms that apply to those files, or a notice indicating
 where to find the applicable terms.
  Additional terms, permissive or non-permissive, may be stated in the
 form of a separately written license, or stated as exceptions;
 the above requirements apply either way.
  8. Termination.
  You may not propagate or modify a covered work except as expressly
 provided under this License.  Any attempt otherwise to propagate or
 modify it is void, and will automatically terminate your rights under
 this License (including any patent licenses granted under the third
 paragraph of section 11).
  However, if you cease all violation of this License, then your
 license from a particular copyright holder is reinstated (a)
 provisionally, unless and until the copyright holder explicitly and
 finally terminates your license, and (b) permanently, if the copyright
 holder fails to notify you of the violation by some reasonable means
 prior to 60 days after the cessation.
  Moreover, your license from a particular copyright holder is
 reinstated permanently if the copyright holder notifies you of the
 violation by some reasonable means, this is the first time you have
 received notice of violation of this License (for any work) from that
 copyright holder, and you cure the violation prior to 30 days after
 your receipt of the notice.
  Termination of your rights under this section does not terminate the
 licenses of parties who have received copies or rights from you under
 this License.  If your rights have been terminated and not permanently
 reinstated, you do not qualify to receive new licenses for the same
 material under section 10.
  9. Acceptance Not Required for Having Copies.
  You are not required to accept this License in order to receive or
 run a copy of the Program.  Ancillary propagation of a covered work
 occurring solely as a consequence of using peer-to-peer transmission
 to receive a copy likewise does not require acceptance.  However,
 nothing other than this License grants you permission to propagate or
 modify any covered work.  These actions infringe copyright if you do
 not accept this License.  Therefore, by modifying or propagating a
 covered work, you indicate your acceptance of this License to do so.
  10. Automatic Licensing of Downstream Recipients.
  Each time you convey a covered work, the recipient automatically
 receives a license from the original licensors, to run, modify and
 propagate that work, subject to this License.  You are not responsible
 for enforcing compliance by third parties with this License.
  An "entity transaction" is a transaction transferring control of an
 organization, or substantially all assets of one, or subdividing an
 organization, or merging organizations.  If propagation of a covered
 work results from an entity transaction, each party to that
 transaction who receives a copy of the work also receives whatever
 licenses to the work the party's predecessor in interest had or could
 give under the previous paragraph, plus a right to possession of the
 Corresponding Source of the work from the predecessor in interest, if
 the predecessor has it or can get it with reasonable efforts.
  You may not impose any further restrictions on the exercise of the
 rights granted or affirmed under this License.  For example, you may
 not impose a license fee, royalty, or other charge for exercise of
 rights granted under this License, and you may not initiate litigation
 (including a cross-claim or counterclaim in a lawsuit) alleging that
 any patent claim is infringed by making, using, selling, offering for
 sale, or importing the Program or any portion of it.
  11. Patents.
  A "contributor" is a copyright holder who authorizes use under this
 License of the Program or a work on which the Program is based.  The
 work thus licensed is called the contributor's "contributor version".
  A contributor's "essential patent claims" are all patent claims
 owned or controlled by the contributor, whether already acquired or
 hereafter acquired, that would be infringed by some manner, permitted
 by this License, of making, using, or selling its contributor version,
 but do not include claims that would be infringed only as a
 consequence of further modification of the contributor version.  For
 purposes of this definition, "control" includes the right to grant
 patent sublicenses in a manner consistent with the requirements of
 this License.
  Each contributor grants you a non-exclusive, worldwide, royalty-free
 patent license under the contributor's essential patent claims, to
 make, use, sell, offer for sale, import and otherwise run, modify and
 propagate the contents of its contributor version.
  In the following three paragraphs, a "patent license" is any express
 agreement or commitment, however denominated, not to enforce a patent
 (such as an express permission to practice a patent or covenant not to
 sue for patent infringement).  To "grant" such a patent license to a
 party means to make such an agreement or commitment not to enforce a
 patent against the party.
  If you convey a covered work, knowingly relying on a patent license,
 and the Corresponding Source of the work is not available for anyone
 to copy, free of charge and under the terms of this License, through a
 publicly available network server or other readily accessible means,
 then you must either (1) cause the Corresponding Source to be so
 available, or (2) arrange to deprive yourself of the benefit of the
 patent license for this particular work, or (3) arrange, in a manner
 consistent with the requirements of this License, to extend the patent
 license to downstream recipients.  "Knowingly relying" means you have
 actual knowledge that, but for the patent license, your conveying the
 covered work in a country, or your recipient's use of the covered work
 in a country, would infringe one or more identifiable patents in that
 country that you have reason to believe are valid.
  If, pursuant to or in connection with a single transaction or
 arrangement, you convey, or propagate by procuring conveyance of, a
 covered work, and grant a patent license to some of the parties
 receiving the covered work authorizing them to use, propagate, modify
 or convey a specific copy of the covered work, then the patent license
 you grant is automatically extended to all recipients of the covered
 work and works based on it.
  A patent license is "discriminatory" if it does not include within
 the scope of its coverage, prohibits the exercise of, or is
 conditioned on the non-exercise of one or more of the rights that are
 specifically granted under this License.  You may not convey a covered
 work if you are a party to an arrangement with a third party that is
 in the business of distributing software, under which you make payment
 to the third party based on the extent of your activity of conveying
 the work, and under which the third party grants, to any of the
 parties who would receive the covered work from you, a discriminatory
 patent license (a) in connection with copies of the covered work
 conveyed by you (or copies made from those copies), or (b) primarily
 for and in connection with specific products or compilations that
 contain the covered work, unless you entered into that arrangement,
 or that patent license was granted, prior to 28 March 2007.
  Nothing in this License shall be construed as excluding or limiting
 any implied license or other defenses to infringement that may
 otherwise be available to you under applicable patent law.
  12. No Surrender of Others' Freedom.
  If conditions are imposed on you (whether by court order, agreement or
 otherwise) that contradict the conditions of this License, they do not
 excuse you from the conditions of this License.  If you cannot convey a
 covered work so as to satisfy simultaneously your obligations under this
 License and any other pertinent obligations, then as a consequence you may
 not convey it at all.  For example, if you agree to terms that obligate you
 to collect a royalty for further conveying from those to whom you convey
 the Program, the only way you could satisfy both those terms and this
 License would be to refrain entirely from conveying the Program.
  13. Remote Network Interaction; Use with the GNU General Public License.
  Notwithstanding any other provision of this License, if you modify the
 Program, your modified version must prominently offer all users
 interacting with it remotely through a computer network (if your version
 supports such interaction) an opportunity to receive the Corresponding
 Source of your version by providing access to the Corresponding Source
 from a network server at no charge, through some standard or customary
 means of facilitating copying of software.  This Corresponding Source
 shall include the Corresponding Source for any work covered by version 3
 of the GNU General Public License that is incorporated pursuant to the
 following paragraph.
  Notwithstanding any other provision of this License, you have
 permission to link or combine any covered work with a work licensed
 under version 3 of the GNU General Public License into a single
 combined work, and to convey the resulting work.  The terms of this
 License will continue to apply to the part which is the covered work,
 but the work with which it is combined will remain governed by version
 3 of the GNU General Public License.
  14. Revised Versions of this License.
  The Free Software Foundation may publish revised and/or new versions of
 the GNU Affero General Public License from time to time.  Such new versions
 will be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
  Each version is given a distinguishing version number.  If the
 Program specifies that a certain numbered version of the GNU Affero General
 Public License "or any later version" applies to it, you have the
 option of following the terms and conditions either of that numbered
 version or of any later version published by the Free Software
 Foundation.  If the Program does not specify a version number of the
 GNU Affero General Public License, you may choose any version ever published
 by the Free Software Foundation.
  If the Program specifies that a proxy can decide which future
 versions of the GNU Affero General Public License can be used, that proxy's
 public statement of acceptance of a version permanently authorizes you
 to choose that version for the Program.
  Later license versions may give you additional or different
 permissions.  However, no additional obligations are imposed on any
 author or copyright holder as a result of your choosing to follow a
 later version.
  15. Disclaimer of Warranty.
  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
 APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
 HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
 OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
 THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
 IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
 ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
  16. Limitation of Liability.
  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
 THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
 GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
 USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
 DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
 PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
 EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
 SUCH DAMAGES.
  17. Interpretation of Sections 15 and 16.
  If the disclaimer of warranty and limitation of liability provided
 above cannot be given local legal effect according to their terms,
 reviewing courts shall apply local law that most closely approximates
 an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
                     END OF TERMS AND CONDITIONS
            How to Apply These Terms to Your New Programs
  If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
 free software which everyone can redistribute and change under these terms.
  To do so, attach the following notices to the program.  It is safest
 to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) <year>  <name of author>
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU Affero General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU Affero General Public License for more details.
    You should have received a copy of the GNU Affero General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 Also add information on how to contact you by electronic and paper mail.
  If your software can interact with users remotely through a computer
 network, you should also make sure that it provides a way for users to
 get its source.  For example, if your program is a web application, its
 interface could display a "Source" link that leads users to an archive
 of the code.  There are many ways you could offer source, and different
 solutions will be better for different programs; see section 13 for the
 specific requirements.
  You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU AGPL, see
 <https://www.gnu.org/licenses/>.
--- a/README.md
+++ b/README.md
@@ -84,3 +84,7 @@ See [`boocode_roadmap.md`](boocode_roadmap.md) for full version history. Highlig
 ## Planned
 - **v2.3 provider lifecycle** — config-backed provider registry (`/data/coder-providers.json`), enable/disable toggles, two-tier probe (openspec drafted). See [`CURRENT.md`](CURRENT.md).
 ## License
 MIT — see [`LICENSE`](LICENSE).
--- a/apps/booterm/package.json
+++ b/apps/booterm/package.json
@@ -24,5 +24,5 @@
    "tsx": "^4.16.2",
    "typescript": "^5.5.0"
  },
-  "license": "AGPL-3.0-only"
+  "license": "MIT"
 }
--- a/apps/coder/package.json
+++ b/apps/coder/package.json
@@ -31,5 +31,5 @@
    "typescript": "^5.5.0",
    "vitest": "^3.0.0"
  },
-  "license": "AGPL-3.0-only"
+  "license": "MIT"
 }
--- a/apps/coder/src/config.ts
+++ b/apps/coder/src/config.ts
@@ -35,6 +35,21 @@ const ConfigSchema = z.object({
  // SSH access to the host for external agent dispatch (Phase 5)
  BOOCODER_SSH_HOST: z.string().default('100.114.205.53'),
  BOOCODER_SSH_USER: z.string().default('samkintop'),
  // v2.6 Phase 3 (lifecycle hardening). Idle TTL: evict a non-busy warm backend
  // (opencode server / warm-ACP child) after this long with no turn — its worktree
  // + agent_sessions row persist, so the next turn re-spawns + reattaches. 30 min
  // default (design §6).
  AGENT_POOL_IDLE_TTL_MS: z.coerce.number().int().positive().default(1_800_000),
  // LRU cap: max live warm backends before the least-recently-used (non-busy) ones
  // are evicted. Bounds the long-lived-daemon's per-(chat,agent) Map growth.
  AGENT_POOL_MAX_LIVE: z.coerce.number().int().positive().default(10),
  // Periodic sweep cadence (idle/LRU pool eviction + orphan-worktree reap). 60s
  // mirrors the apps/server truncation/stale-streaming sweeper.
  LIFECYCLE_SWEEP_INTERVAL_MS: z.coerce.number().int().positive().default(60_000),
  // Orphan-worktree grace: an on-disk worktree dir with no live `worktrees` row is
  // only reaped after it's been untouched this long (avoids sweeping a dir mid
  // ensureSessionWorktree create). 1h default.
  ORPHAN_WORKTREE_GRACE_MS: z.coerce.number().int().positive().default(3_600_000),
 });
 export type Config = z.infer<typeof ConfigSchema>;
--- a/apps/coder/src/index.ts
+++ b/apps/coder/src/index.ts
@@ -32,10 +32,12 @@ import { registerStatsRoutes } from './routes/stats.js';
 import { registerArenaRoutes } from './routes/arena.js';
 import { registerProviderRoutes } from './routes/providers.js';
 import { registerWorktreeSafetyRoutes } from './routes/worktree-safety.js';
 import { registerLifecycleRoutes } from './routes/lifecycle.js';
 import { registerWebSocket } from './routes/ws.js';
 // Phase 4: dispatcher + agent probe
 import { createDispatcher } from './services/dispatcher.js';
 import { agentPool } from './services/agent-pool.js';
 import { createOrphanWorktreeReaper } from './services/orphan-worktree-reaper.js';
 import { probeAgents } from './services/agent-probe.js';
 import { getProviderSnapshot, persistProbedModels } from './services/provider-snapshot.js';
 import { setPermissionHooks } from './services/permission-waiter.js';
@@ -181,10 +183,30 @@ async function main() {
  // Phase 4: dispatcher — polls tasks table and runs inference
  const dispatcher = createDispatcher({ sql, inference: inferenceApi, broker, log: app.log, config });
  dispatcher.start();
  // v2.6 Phase 3: configure + start the agent-pool lifecycle sweep (idle-TTL +
  // LRU-cap eviction of warm backends, plus each backend's proactive health probe)
  // and the orphan-worktree reaper. Both run on the same periodic timer.
  agentPool.configure({
    idleTtlMs: config.AGENT_POOL_IDLE_TTL_MS,
    maxLive: config.AGENT_POOL_MAX_LIVE,
    sweepIntervalMs: config.LIFECYCLE_SWEEP_INTERVAL_MS,
    log: app.log,
  });
  agentPool.startReaper(app.log);
  const orphanReaper = createOrphanWorktreeReaper({
    sql,
    log: app.log,
    intervalMs: config.LIFECYCLE_SWEEP_INTERVAL_MS,
    graceMs: config.ORPHAN_WORKTREE_GRACE_MS,
  });
  orphanReaper.start();
  app.addHook('onClose', async () => {
-    // stop() first so in-flight dispatcher turns settle, then drain the pool.
+    // stop() first so in-flight dispatcher turns settle, then stop the reapers and
-    // Pool is empty in Phase 0 (nothing spawns yet) — dispose() is inert.
+    // drain the pool (kills opencode server + warm ACP children).
    await dispatcher.stop();
    orphanReaper.stop();
    await agentPool.dispose();
  });
@@ -199,6 +221,7 @@ async function main() {
  registerArenaRoutes(app, sql);
  registerProviderRoutes(app, sql, config);
  registerWorktreeSafetyRoutes(app, sql);
  registerLifecycleRoutes(app, sql);
  registerWebSocket(app, sql, broker);
  // Serve static frontend (built web app). In production, the dist/ is
--- a/apps/coder/src/routes/lifecycle.ts
+++ b/apps/coder/src/routes/lifecycle.ts
@@ -0,0 +1,122 @@
 /**
 * v2.6 Phase 3 (3.3) — chat/session close-or-archive cleanup hook (coder side).
 *
 * Chat/session close + archive + delete all live in apps/server (Docker), which
 * cannot see the host worktree dirs (/tmp/booworktrees), run git on them, or reach
 * the warm agent processes the dispatcher pooled in THIS (host systemd) process. So
 * — exactly like the `worktree-risk` guard — the server signals the coder when a
 * chat/session closes, and the coder does the real teardown:
 *   1. dispose the chat's warm-ACP backends (`agentPool.closeChat`) — kills the
 *      goose/qwen child processes for that chat,
 *   2. close the chat's opencode session on the shared server (`closeSession`),
 *   3. mark every `agent_sessions` row for the chat 'closed' + (when the session's
 *      last open chat closes) remove the shared session worktree, preflighting
 *      work-at-risk so uncommitted/unmerged work is never silently dropped
 *      (`closeChatBackendState`).
 *
 * Idempotent: closing an already-closed chat is a no-op (0 rows, no backend).
 *
 * SERVER WIRING (not done here — apps/server, out of this batch's scope): the
 * server's `POST /api/chats/:id/archive`, `DELETE /api/chats/:id`, and the
 * session archive/delete routes should fire-and-forget
 *   fetch(`${BOOCODER_URL}/api/chats/${id}/close`, { method: 'POST' })
 * after publishing their WS frame (best-effort; the orphan-worktree reaper +
 * idle-pool eviction are the backstop if the call is missed).
 */
 import type { FastifyInstance } from 'fastify';
 import type { Sql } from '../db.js';
 import { agentPool, OPENCODE_POOL_KEY } from '../services/agent-pool.js';
 import { closeChatBackendState } from '../services/worktrees.js';
 import type { AgentSessionHandle } from '../services/agent-backend.js';
 export function registerLifecycleRoutes(app: FastifyInstance, sql: Sql): void {
  // POST /api/chats/:chatId/close — tear down all warm state for a chat tab.
  app.post<{ Params: { chatId: string }; Querystring: { force?: string } }>(
    '/api/chats/:chatId/close',
    async (req) => {
      const chatId = req.params.chatId;
      const force = req.query.force === 'true' || req.query.force === '1';
      // 1. Close the chat's opencode session on the SHARED server (the server is
      //    not chat-keyed, so agentPool.closeChat won't touch it). Resolve the
      //    stored opencode session id and ask the backend to drop it.
      const ocRows = await sql<{ agent: string; agent_session_id: string | null; worktree_id: string | null; session_id: string | null }[]>`
        SELECT agent, agent_session_id, worktree_id, session_id
        FROM agent_sessions
        WHERE chat_id = ${chatId} AND backend = 'opencode_server'
      `;
      const ocBackend = agentPool.peek(OPENCODE_POOL_KEY, 'opencode');
      if (ocBackend) {
        for (const row of ocRows) {
          if (!row.agent_session_id) continue;
          const handle: AgentSessionHandle = {
            sessionId: row.session_id ?? '',
            agent: row.agent,
            backend: 'opencode_server',
            chatId,
            worktreeId: row.worktree_id ?? '',
            agentSessionId: row.agent_session_id,
            serverPort: null,
          };
          await ocBackend.closeSession(handle).catch((err) => {
            app.log.warn({ err: err instanceof Error ? err.message : String(err), chatId }, 'lifecycle: opencode closeSession threw');
          });
        }
      }
      // 2. Dispose any warm-ACP backends pooled under this chat (kills the
      //    goose/qwen child + marks its agent row closed via the backend).
      const disposed = await agentPool.closeChat(chatId);
      // 3. DB + worktree truth: mark agent rows closed; remove the shared session
      //    worktree iff this was the session's last open chat (preflight at-risk).
      const result = await closeChatBackendState(sql, chatId, { force });
      app.log.info({ chatId, disposed, ...result }, 'lifecycle: chat closed');
      return { ok: true, disposed, ...result };
    },
  );
  // POST /api/sessions/:sessionId/close — close every open chat in a session
  // (session archive/delete). Loops the chat-close path so the same preflight +
  // teardown applies per chat; the worktree is removed on the last one.
  app.post<{ Params: { sessionId: string }; Querystring: { force?: string } }>(
    '/api/sessions/:sessionId/close',
    async (req) => {
      const sessionId = req.params.sessionId;
      const force = req.query.force === 'true' || req.query.force === '1';
      const chats = await sql<{ id: string }[]>`
        SELECT id FROM chats WHERE session_id = ${sessionId}
      `;
      const results: { chatId: string; disposed: string[]; worktreeRemoved: boolean; worktreeAtRisk: boolean }[] = [];
      for (const c of chats) {
        const ocBackend = agentPool.peek(OPENCODE_POOL_KEY, 'opencode');
        if (ocBackend) {
          const ocRows = await sql<{ agent: string; agent_session_id: string | null; worktree_id: string | null; session_id: string | null }[]>`
            SELECT agent, agent_session_id, worktree_id, session_id
            FROM agent_sessions WHERE chat_id = ${c.id} AND backend = 'opencode_server'
          `;
          for (const row of ocRows) {
            if (!row.agent_session_id) continue;
            await ocBackend.closeSession({
              sessionId: row.session_id ?? '',
              agent: row.agent,
              backend: 'opencode_server',
              chatId: c.id,
              worktreeId: row.worktree_id ?? '',
              agentSessionId: row.agent_session_id,
              serverPort: null,
            }).catch(() => {});
          }
        }
        const disposed = await agentPool.closeChat(c.id);
        const r = await closeChatBackendState(sql, c.id, { force });
        results.push({ chatId: c.id, disposed, worktreeRemoved: r.worktreeRemoved, worktreeAtRisk: r.worktreeAtRisk });
      }
      app.log.info({ sessionId, chats: results.length }, 'lifecycle: session closed');
      return { ok: true, results };
    },
  );
 }
--- a/apps/coder/src/routes/pending.ts
+++ b/apps/coder/src/routes/pending.ts
@@ -10,6 +10,7 @@ import {
  queueCreate,
 } from '../services/pending_changes.js';
 import { WriteGuardError } from '../services/write_guard.js';
 import { rebaselineWorktreeAfterApply } from '../services/worktrees.js';
 const CreateBody = z.object({
  file_path: z.string().min(1),
@@ -117,6 +118,15 @@ export function registerPendingRoutes(app: FastifyInstance, sql: Sql): void {
      }
      const results = await applyAll(sql, sessionId, projectRoot);
      // v2.6 Phase 3 (3.5): re-baseline the session worktree's diff to the applied
      // state, so the next external-agent turn diffs against applied-not-original
      // and doesn't re-surface the just-applied changes. Best-effort: a worktree
      // session may not exist (native-only chat), and a re-baseline hiccup must not
      // fail the apply the user just requested.
      if (results.some((r) => r.success)) {
        await rebaselineWorktreeAfterApply(sql, sessionId).catch(() => {});
      }
      return { results };
    },
  );
@@ -136,6 +146,15 @@ export function registerPendingRoutes(app: FastifyInstance, sql: Sql): void {
      const result = await applyOne(sql, changeId, projectRoot);
      if (!result.success) {
        reply.code(422);
      } else {
        // v2.6 Phase 3 (3.5): re-baseline the session worktree after a successful
        // apply so the next external-agent turn diffs against applied-not-original.
        // Resolve the change's session; best-effort, never fails the apply.
        const sessRows = await sql<{ session_id: string }[]>`
          SELECT session_id FROM pending_changes WHERE id = ${changeId}
        `;
        const sessionId = sessRows[0]?.session_id;
        if (sessionId) await rebaselineWorktreeAfterApply(sql, sessionId).catch(() => {});
      }
      return result;
    },
--- a/apps/coder/src/services/tests/agent-pool.test.ts
+++ b/apps/coder/src/services/tests/agent-pool.test.ts
@@ -0,0 +1,233 @@
 import { describe, it, expect, vi } from 'vitest';
 import { AgentPool, OPENCODE_POOL_KEY } from '../agent-pool.js';
 import type {
  AgentBackend,
  AgentSessionHandle,
  EnsureSessionOpts,
  PromptCtx,
  TurnResult,
 } from '../agent-backend.js';
 /**
 * v2.6 Phase 3 — AgentPool lifecycle unit test (T.1). No DB / no child process:
 * a fake AgentBackend records dispose + reports busy/health, so we exercise
 * get-or-create, idle eviction, the LRU cap, the busy-never-evict rule, closeChat,
 * and dispose-drains directly. The pure decisions are covered separately in
 * backends/__tests__/lifecycle-decisions.test.ts; this verifies the wiring.
 */
 class FakeBackend implements AgentBackend {
  disposed = 0;
  closedSessions = 0;
  private busyFlag = false;
  tickHealthCalls = 0;
  constructor(public readonly name = 'fake') {}
  setBusy(b: boolean): void {
    this.busyFlag = b;
  }
  // — AgentBackend —
  async ensureSession(sessionId: string, opts: EnsureSessionOpts): Promise<AgentSessionHandle> {
    return {
      sessionId,
      agent: opts.agent,
      backend: 'acp_warm',
      chatId: opts.chatId,
      worktreeId: opts.worktreeId,
      agentSessionId: 'fake-session',
      serverPort: null,
    };
  }
  async prompt(_h: AgentSessionHandle, _input: string, _ctx: PromptCtx): Promise<TurnResult> {
    return { ok: true };
  }
  async closeSession(): Promise<void> {
    this.closedSessions++;
  }
  async dispose(): Promise<void> {
    this.disposed++;
  }
  health(): 'up' | 'down' {
    return 'up';
  }
  isBusy(): boolean {
    return this.busyFlag;
  }
  async tickHealth(): Promise<void> {
    this.tickHealthCalls++;
  }
 }
 describe('AgentPool — get/register/touch (3.1)', () => {
  it('register then get returns the same backend', () => {
    const pool = new AgentPool();
    const b = new FakeBackend();
    pool.register('chat-1', 'goose', b);
    expect(pool.get('chat-1', 'goose')).toBe(b);
    expect(pool.get('chat-1', 'qwen')).toBeUndefined();
  });
  it('peek does NOT exist for a missing key', () => {
    const pool = new AgentPool();
    expect(pool.peek('nope', 'goose')).toBeUndefined();
  });
  it('health reports size + busy count', () => {
    const pool = new AgentPool();
    const a = new FakeBackend();
    const b = new FakeBackend();
    b.setBusy(true);
    pool.register('c1', 'goose', a);
    pool.register('c2', 'qwen', b);
    expect(pool.health()).toEqual({ size: 2, busy: 1 });
  });
 });
 describe('AgentPool.sweep — idle TTL eviction (3.1)', () => {
  it('evicts an idle backend past the TTL and disposes it', async () => {
    const pool = new AgentPool({ idleTtlMs: 1_000, maxLive: 100 });
    const b = new FakeBackend();
    pool.register('c1', 'goose', b);
    // Sweep with now far past the registration → idle → evicted.
    const { evicted } = await pool.sweep(Date.now() + 10_000);
    expect(evicted).toEqual(['c1:goose']);
    expect(b.disposed).toBe(1);
    expect(pool.get('c1', 'goose')).toBeUndefined();
  });
  it('never evicts a busy backend even past the TTL', async () => {
    const pool = new AgentPool({ idleTtlMs: 1_000, maxLive: 100 });
    const b = new FakeBackend();
    b.setBusy(true);
    pool.register('c1', 'goose', b);
    const { evicted } = await pool.sweep(Date.now() + 10_000);
    expect(evicted).toEqual([]);
    expect(b.disposed).toBe(0);
    expect(pool.get('c1', 'goose')).toBe(b);
  });
  it('touch keeps a backend warm so the TTL measures from the last turn', async () => {
    const pool = new AgentPool({ idleTtlMs: 5_000, maxLive: 100 });
    const b = new FakeBackend();
    pool.register('c1', 'goose', b);
    const base = Date.now();
    // 4s later, touch — resets activity. A sweep at +6s from base is only +2s from
    // the touch → still within TTL → not evicted.
    vi.spyOn(Date, 'now').mockReturnValue(base + 4_000);
    pool.touch('c1', 'goose');
    vi.restoreAllMocks();
    const { evicted } = await pool.sweep(base + 6_000);
    expect(evicted).toEqual([]);
  });
 });
 describe('AgentPool.sweep — LRU cap (3.4)', () => {
  it('evicts the least-recently-used beyond the cap', async () => {
    const pool = new AgentPool({ idleTtlMs: 1_000_000, maxLive: 2 });
    const base = 1_000_000;
    const mk = (key: string, regAt: number) => {
      vi.spyOn(Date, 'now').mockReturnValue(regAt);
      const b = new FakeBackend(key);
      const [chat, agent] = key.split(':');
      pool.register(chat!, agent!, b);
      vi.restoreAllMocks();
      return b;
    };
    const a = mk('c1:goose', base + 100);
    const b = mk('c2:goose', base + 300);
    const c = mk('c3:goose', base + 200);
    // 3 entries, cap 2, all within idle TTL → LRU (oldest = a@+100) evicted.
    const { evicted } = await pool.sweep(base + 1_000);
    expect(evicted).toEqual(['c1:goose']);
    expect(a.disposed).toBe(1);
    expect(b.disposed).toBe(0);
    expect(c.disposed).toBe(0);
  });
 });
 describe('AgentPool.sweep — proactive health probe (3.2)', () => {
  it('drives each backend tickHealth before eviction', async () => {
    const pool = new AgentPool({ idleTtlMs: 1_000_000, maxLive: 100 });
    const b = new FakeBackend();
    pool.register('c1', 'opencode', b);
    await pool.sweep(Date.now());
    expect(b.tickHealthCalls).toBe(1);
  });
 });
 describe('AgentPool.closeChat — chat-close teardown (3.3)', () => {
  it('disposes only the matching chat keys, leaving others + the shared server', async () => {
    const pool = new AgentPool();
    const goose = new FakeBackend('goose');
    const qwen = new FakeBackend('qwen');
    const other = new FakeBackend('other-chat');
    const ocServer = new FakeBackend('opencode-server');
    pool.register('chat-1', 'goose', goose);
    pool.register('chat-1', 'qwen', qwen);
    pool.register('chat-2', 'goose', other);
    pool.register(OPENCODE_POOL_KEY, 'opencode', ocServer);
    const removed = await pool.closeChat('chat-1');
    expect(removed.sort()).toEqual(['chat-1:goose', 'chat-1:qwen']);
    expect(goose.disposed).toBe(1);
    expect(qwen.disposed).toBe(1);
    // other chat + shared opencode server untouched.
    expect(other.disposed).toBe(0);
    expect(ocServer.disposed).toBe(0);
    expect(pool.peek('chat-2', 'goose')).toBe(other);
    expect(pool.peek(OPENCODE_POOL_KEY, 'opencode')).toBe(ocServer);
  });
  it('does not dispose a busy backend on closeChat', async () => {
    const pool = new AgentPool();
    const b = new FakeBackend();
    b.setBusy(true);
    pool.register('chat-1', 'goose', b);
    const removed = await pool.closeChat('chat-1');
    expect(removed).toEqual([]);
    expect(b.disposed).toBe(0);
  });
  it('does not match a chat id that is a prefix of another', async () => {
    // 'chat-1' must not match 'chat-10' — keys are `${chatId}:${agent}` so the
    // colon delimiter prevents the prefix collision.
    const pool = new AgentPool();
    const a = new FakeBackend();
    const b = new FakeBackend();
    pool.register('chat-1', 'goose', a);
    pool.register('chat-10', 'goose', b);
    await pool.closeChat('chat-1');
    expect(a.disposed).toBe(1);
    expect(b.disposed).toBe(0);
    expect(pool.peek('chat-10', 'goose')).toBe(b);
  });
 });
 describe('AgentPool.dispose — drain all (T.1)', () => {
  it('disposes every backend and clears the map', async () => {
    const pool = new AgentPool();
    const a = new FakeBackend();
    const b = new FakeBackend();
    pool.register('c1', 'goose', a);
    pool.register('c2', 'qwen', b);
    await pool.dispose();
    expect(a.disposed).toBe(1);
    expect(b.disposed).toBe(1);
    expect(pool.health()).toEqual({ size: 0, busy: 0 });
  });
  it('tolerates a backend whose dispose throws', async () => {
    const pool = new AgentPool();
    const good = new FakeBackend();
    const bad = new FakeBackend();
    bad.dispose = async () => {
      throw new Error('boom');
    };
    pool.register('c1', 'goose', bad);
    pool.register('c2', 'qwen', good);
    await expect(pool.dispose()).resolves.toBeUndefined();
    expect(good.disposed).toBe(1);
  });
 });
--- a/apps/coder/src/services/tests/reconnect_integration.test.ts
+++ b/apps/coder/src/services/tests/reconnect_integration.test.ts
@@ -0,0 +1,170 @@
 import { describe, it, expect, beforeAll, afterAll } from 'vitest';
 import { readFileSync, existsSync } from 'node:fs';
 import { rm, mkdir } from 'node:fs/promises';
 import { resolve } from 'node:path';
 import postgres from 'postgres';
 import {
  ensureSessionWorktree,
  closeChatBackendState,
  rebaselineWorktreeAfterApply,
 } from '../worktrees.js';
 import { reapOrphanWorktrees } from '../orphan-worktree-reaper.js';
 import { hostExec } from '../host-exec.js';
 /**
 * v2.6 Phase 3 (3.6) — reconnect-after-restart integration test.
 *
 * Proves the DB-truth side of crash/restart recovery: a BooCoder restart wipes the
 * in-memory pool, but the persistent `worktrees` + `agent_sessions` rows survive,
 * so the "next turn" re-resolves the SAME worktree (reattach, no new dir) and the
 * agent-session row is still there to resume from. Also exercises the chat-close
 * hook (3.3), the apply re-baseline (3.5), and the orphan reaper (3.4) end-to-end
 * against a real git repo + postgres.
 *
 * Requires DATABASE_URL (DB-opt-in; skips cleanly otherwise) AND git on PATH. Runs:
 *   DATABASE_URL='postgres://boocode:devpass@localhost:5500/boochat' pnpm -C apps/coder test
 */
 describe.runIf(!!process.env.DATABASE_URL)('reconnect after restart (Phase 3)', () => {
  let sql: ReturnType<typeof postgres>;
  const stamp = Date.now();
  const projectDir = `/tmp/boocode-reconnect-proj-${stamp}`;
  let projectId: string;
  let sessionId: string;
  let chatId: string;
  beforeAll(async () => {
    sql = postgres(process.env.DATABASE_URL!, { max: 3 });
    // Both schemas land in the one boochat DB: server owns sessions/chats/projects,
    // coder owns worktrees/agent_sessions (FK targets must pre-exist → server first).
    const serverSchema = resolve(__dirname, '../../../../server/src/schema.sql');
    const coderSchema = resolve(__dirname, '../../schema.sql');
    await sql.unsafe(readFileSync(serverSchema, 'utf8'));
    await sql.unsafe(readFileSync(coderSchema, 'utf8'));
    // A real git repo with one commit so worktree add / diff / rev-parse work.
    await mkdir(projectDir, { recursive: true });
    await hostExec(
      `cd ${projectDir} && git init -q && git config user.email t@t && git config user.name t ` +
        `&& echo hello > README.md && git add -A && git commit -qm init`,
      { timeoutMs: 20_000 },
    );
    const [project] = await sql<{ id: string }[]>`
      INSERT INTO projects (name, path, status) VALUES ('reconnect-test', ${projectDir}, 'open') RETURNING id
    `;
    projectId = project!.id;
    const [session] = await sql<{ id: string }[]>`
      INSERT INTO sessions (project_id, name, model, status)
      VALUES (${projectId}, 'recon', 'm', 'open') RETURNING id
    `;
    sessionId = session!.id;
    const [chat] = await sql<{ id: string }[]>`
      INSERT INTO chats (session_id, name, status) VALUES (${sessionId}, 'tab', 'open') RETURNING id
    `;
    chatId = chat!.id;
  });
  afterAll(async () => {
    if (sql) {
      // Best-effort worktree cleanup before dropping rows.
      const rows = await sql<{ path: string }[]>`SELECT path FROM worktrees WHERE session_id = ${sessionId}`.catch(() => []);
      for (const r of rows) {
        await hostExec(`git -C ${projectDir} worktree remove ${r.path} --force`, { timeoutMs: 10_000 }).catch(() => {});
      }
      await sql`DELETE FROM agent_sessions WHERE chat_id = ${chatId}`.catch(() => {});
      await sql`DELETE FROM worktrees WHERE session_id = ${sessionId}`.catch(() => {});
      await sql`DELETE FROM chats WHERE id = ${chatId}`.catch(() => {});
      await sql`DELETE FROM sessions WHERE id = ${sessionId}`.catch(() => {});
      await sql`DELETE FROM projects WHERE id = ${projectId}`.catch(() => {});
      await sql.end({ timeout: 5 });
    }
    await rm(projectDir, { recursive: true, force: true });
  });
  it('reattaches the SAME worktree across a simulated restart (no new dir)', async () => {
    // "Turn 1" — first ensureSessionWorktree creates the worktree + row.
    const first = await ensureSessionWorktree(sql, projectDir, sessionId);
    expect(existsSync(first.worktreePath)).toBe(true);
    expect(first.baseCommit).toBeTruthy();
    // Simulate an agent_sessions row written by turn 1 (opencode).
    await sql`
      INSERT INTO agent_sessions (chat_id, session_id, worktree_id, agent, backend, agent_session_id, status, last_active_at)
      VALUES (${chatId}, ${sessionId}, ${first.worktreeId}, 'opencode', 'opencode_server', 'oc-sess-1', 'active', clock_timestamp())
      ON CONFLICT (chat_id, agent) DO NOTHING
    `;
    // "Restart" = brand-new resolution with NO in-memory state. ensureSessionWorktree
    // must return the EXISTING row (same id + path), proving reattach not re-create.
    const second = await ensureSessionWorktree(sql, projectDir, sessionId);
    expect(second.worktreeId).toBe(first.worktreeId);
    expect(second.worktreePath).toBe(first.worktreePath);
    expect(second.baseCommit).toBe(first.baseCommit);
    // The agent_sessions row survived the "restart" with its resume handle intact.
    const [row] = await sql<{ agent_session_id: string; status: string }[]>`
      SELECT agent_session_id, status FROM agent_sessions WHERE chat_id = ${chatId} AND agent = 'opencode'
    `;
    expect(row!.agent_session_id).toBe('oc-sess-1');
  });
  it('re-baselines the worktree diff after apply (3.5)', async () => {
    const wt = await ensureSessionWorktree(sql, projectDir, sessionId);
    const baseBefore = wt.baseCommit;
    // Make a change in the worktree (as an external agent would).
    await hostExec(`cd ${wt.worktreePath} && echo change >> README.md`, { timeoutMs: 10_000 });
    const r = await rebaselineWorktreeAfterApply(sql, sessionId);
    expect(r.rebaselined).toBe(true);
    expect(r.newBaseCommit).toBeTruthy();
    expect(r.newBaseCommit).not.toBe(baseBefore);
    const [row] = await sql<{ base_commit: string }[]>`
      SELECT base_commit FROM worktrees WHERE session_id = ${sessionId} AND status = 'active'
    `;
    expect(row!.base_commit).toBe(r.newBaseCommit);
    // Idempotent: a second re-baseline with no new edits is a no-op.
    const r2 = await rebaselineWorktreeAfterApply(sql, sessionId);
    expect(r2.rebaselined).toBe(false);
  });
  it('chat-close hook closes agent rows + removes the worktree on the last chat (3.3)', async () => {
    // Sanity: an active worktree + agent row exist from the prior tests.
    const beforeWt = await sql<{ id: string }[]>`SELECT id FROM worktrees WHERE session_id = ${sessionId} AND status = 'active'`;
    expect(beforeWt.length).toBe(1);
    const result = await closeChatBackendState(sql, chatId);
    expect(result.agentRowsClosed).toBeGreaterThanOrEqual(1);
    // chatId is the session's only chat → worktree removed (it was clean after the
    // re-baseline commit), not at-risk.
    expect(result.worktreeAtRisk).toBe(false);
    expect(result.worktreeRemoved).toBe(true);
    const [agentRow] = await sql<{ status: string }[]>`
      SELECT status FROM agent_sessions WHERE chat_id = ${chatId} AND agent = 'opencode'
    `;
    expect(agentRow!.status).toBe('closed');
    const activeWt = await sql<{ id: string }[]>`SELECT id FROM worktrees WHERE session_id = ${sessionId} AND status = 'active'`;
    expect(activeWt.length).toBe(0); // archived, no longer active
  });
  it('orphan reaper leaves a live worktree alone and reaps a row-less dir (3.4)', async () => {
    // Recreate a live worktree for this session (the close test archived the old one).
    const live = await ensureSessionWorktree(sql, projectDir, sessionId);
    expect(existsSync(live.worktreePath)).toBe(true);
    // A live worktree (active row) with grace 0 must NOT be reaped.
    const r1 = await reapOrphanWorktrees(sql, console as never, 0, Date.now());
    expect(r1.reaped).not.toContain(live.worktreePath);
    // Now archive its row (simulating a leaked dir) and reap again — it becomes an
    // orphan and is reclaimed (it's clean → not at-risk).
    await sql`UPDATE worktrees SET status = 'archived' WHERE id = ${live.worktreeId}`;
    const r2 = await reapOrphanWorktrees(sql, console as never, 0, Date.now());
    expect(r2.reaped).toContain(live.worktreePath);
    expect(existsSync(live.worktreePath)).toBe(false);
  });
 });
--- a/apps/coder/src/services/agent-backend.ts
+++ b/apps/coder/src/services/agent-backend.ts
@@ -99,4 +99,21 @@ export interface AgentBackend {
  dispose(): Promise<void>;
  /** Liveness for health endpoint + dispatcher fallback decision. §2 */
  health(): 'up' | 'down';
  /**
   * v2.6 Phase 3: true iff a turn is in flight on this backend. The pool's idle
   * eviction + LRU cap NEVER evict a busy backend (design §6 busy rule); the
   * health-monitor defers a restart while busy (stale-grace). Optional so the
   * Phase-0 scaffold and any test double stay compatible — absent ⇒ treated as
   * not busy. opencode-server (multi-session) is busy iff ANY session has an
   * active turn; warm-acp (single session) iff its one slot is active.
   */
  isBusy?(): boolean;
  /**
   * v2.6 Phase 3: optional proactive health probe + busy-aware self-restart, run
   * by the pool's periodic sweep. The opencode-server backend implements it
   * (detects a hung-but-not-exited server and restarts when non-busy). Backends
   * with no long-lived shared process (warm-ACP recovers lazily on its own child
   * exit) can omit it. Must never throw — the sweep ignores rejections.
   */
  tickHealth?(now?: number): Promise<void>;
 }
--- a/apps/coder/src/services/agent-pool.ts
+++ b/apps/coder/src/services/agent-pool.ts
@@ -1,44 +1,246 @@
 /**
- * v2.6 — AgentPool (Phase 0 scaffold).
+ * v2.6 — AgentPool.
 *
 * Lazy get-or-create registry of `AgentBackend` instances keyed by
- * `${sessionId}:${agent}`. Phase 0 ships the skeleton only: an in-memory Map,
+ * `${primary}:${agent}` (primary = chatId for warm-ACP, a fixed sentinel for the
- * lookup / register / health, and clean disposal wired to the server's onClose.
+ * single shared opencode server). Phase 0 shipped the skeleton (Map + health +
- * Spawning lands in Phase 1/2; nothing populates the map yet.
+ * dispose). Phase 3 adds the LIFECYCLE: per-entry idle tracking, a periodic
 * idle-TTL + LRU-cap sweep (the pure decisions live in
 * `backends/lifecycle-decisions.ts`), and a `closeChat` helper for the chat-close
 * hook. Reattach after eviction is implicit — the next turn's `ensureSession`
 * rebuilds the backend from `agent_sessions` / `worktrees` (DB is the source of
 * truth; the in-memory pool is a warm cache).
 *
- * Spec: openspec/changes/v2-6-persistent-agent-sessions/design.md §2.
+ * The hard rule (design §6): NEVER evict a busy backend (one with an in-flight
 * turn). `selectIdleEvictionTargets` / `selectLruEvictionTargets` enforce it via
 * `backend.isBusy()`; a long turn that outlives the TTL is left alone.
 *
 * Spec: openspec/changes/v2-6-persistent-agent-sessions/design.md §2 / §6.
 */
 import type { FastifyBaseLogger } from 'fastify';
 import type { AgentBackend } from './agent-backend.js';
 import {
  selectIdleEvictionTargets,
  selectLruEvictionTargets,
  DEFAULT_IDLE_TTL_MS,
  DEFAULT_MAX_LIVE_BACKENDS,
 } from './backends/lifecycle-decisions.js';
 interface PoolEntry {
  primary: string;
  agent: string;
  backend: AgentBackend;
  /** Epoch ms of the last turn boundary (register or touch). Drives idle/LRU. */
  lastActiveAt: number;
 }
 export interface AgentPoolOpts {
  /** Idle TTL before a non-busy backend is evicted. Default 30 min. */
  idleTtlMs?: number;
  /** Max live backends before the LRU cap evicts the least-recently-used. */
  maxLive?: number;
  /** Sweep cadence. Default 60s (mirrors the server's periodic sweeper). */
  sweepIntervalMs?: number;
  log?: FastifyBaseLogger;
 }
 const DEFAULT_SWEEP_INTERVAL_MS = 60_000;
 export class AgentPool {
-  private readonly backends = new Map<string, AgentBackend>();
+  private readonly backends = new Map<string, PoolEntry>();
  private idleTtlMs: number;
  private maxLive: number;
  private sweepIntervalMs: number;
  private log: FastifyBaseLogger | undefined;
  private sweepTimer: ReturnType<typeof setInterval> | null = null;
  /** Serializes sweep runs so a slow eviction can't overlap the next tick. */
  private sweeping = false;
-  private key(sessionId: string, agent: string): string {
+  constructor(opts: AgentPoolOpts = {}) {
-    return `${sessionId}:${agent}`;
+    this.idleTtlMs = opts.idleTtlMs ?? DEFAULT_IDLE_TTL_MS;
    this.maxLive = opts.maxLive ?? DEFAULT_MAX_LIVE_BACKENDS;
    this.sweepIntervalMs = opts.sweepIntervalMs ?? DEFAULT_SWEEP_INTERVAL_MS;
    this.log = opts.log;
  }
-  /** Map lookup only. Spawning is Phase 1/2 — never creates here. */
+  /** Apply env-derived knobs to the module singleton at bootstrap (before
-  get(sessionId: string, agent: string): AgentBackend | undefined {
+   *  startReaper). Only overrides explicitly-provided fields. */
-    return this.backends.get(this.key(sessionId, agent));
+  configure(opts: AgentPoolOpts): void {
    if (opts.idleTtlMs != null) this.idleTtlMs = opts.idleTtlMs;
    if (opts.maxLive != null) this.maxLive = opts.maxLive;
    if (opts.sweepIntervalMs != null) this.sweepIntervalMs = opts.sweepIntervalMs;
    if (opts.log) this.log = opts.log;
  }
-  /** Store a backend instance for this (session, agent). */
+  private key(primary: string, agent: string): string {
-  register(sessionId: string, agent: string, backend: AgentBackend): void {
+    return `${primary}:${agent}`;
-    this.backends.set(this.key(sessionId, agent), backend);
+  }
  /** Map lookup only. Spawning happens in the dispatcher (Phase 1/2). A hit also
   *  marks the entry recently-active so a resolve-without-prompt doesn't get it
   *  evicted out from under an imminent turn. */
  get(primary: string, agent: string): AgentBackend | undefined {
    const entry = this.backends.get(this.key(primary, agent));
    if (entry) entry.lastActiveAt = Date.now();
    return entry?.backend;
  }
  /** Store a backend instance for this (primary, agent). */
  register(primary: string, agent: string, backend: AgentBackend): void {
    this.backends.set(this.key(primary, agent), { primary, agent, backend, lastActiveAt: Date.now() });
  }
  /** Mark a backend recently-active (call at turn start AND settle so a long turn
   *  keeps its slot warm). No-op if the key isn't pooled. */
  touch(primary: string, agent: string): void {
    const entry = this.backends.get(this.key(primary, agent));
    if (entry) entry.lastActiveAt = Date.now();
  }
  /** Snapshot for the decision helpers (busy is read live from the backend). */
  private snapshots(): { key: string; lastActiveAt: number; busy: boolean }[] {
    const out: { key: string; lastActiveAt: number; busy: boolean }[] = [];
    for (const [key, e] of this.backends) {
      out.push({ key, lastActiveAt: e.lastActiveAt, busy: e.backend.isBusy?.() ?? false });
    }
    return out;
  }
  /** Summary for the health endpoint. */
-  health(): { size: number } {
+  health(): { size: number; busy: number } {
-    return { size: this.backends.size };
+    let busy = 0;
    for (const e of this.backends.values()) if (e.backend.isBusy?.()) busy++;
    return { size: this.backends.size, busy };
  }
  // ─── Phase 3: idle-TTL + LRU eviction sweep ──────────────────────────────────
  /** Start the periodic idle + LRU sweep. Idempotent; unref'd so it never holds
   *  the process open on its own. */
  startReaper(log?: FastifyBaseLogger): void {
    if (log) this.log = log;
    if (this.sweepTimer) return;
    this.sweepTimer = setInterval(() => {
      void this.sweep().catch((err) => {
        this.log?.warn({ err: errMsg(err) }, 'agent-pool: sweep error');
      });
    }, this.sweepIntervalMs);
    this.sweepTimer.unref?.();
  }
  stopReaper(): void {
    if (this.sweepTimer) {
      clearInterval(this.sweepTimer);
      this.sweepTimer = null;
    }
  }
  /**
   * One sweep pass: evict idle-past-TTL backends, then enforce the LRU cap.
   * Deduped (a key can't appear in both lists for one pass). Busy backends are
   * excluded by the decision helpers — a live turn is never torn down.
   */
  async sweep(now: number = Date.now()): Promise<{ evicted: string[] }> {
    if (this.sweeping) return { evicted: [] };
    this.sweeping = true;
    try {
      // Phase 3: drive each backend's optional proactive health probe first (the
      // opencode server's busy-aware hung-detect + self-restart). Best-effort —
      // a probe must never fail the sweep.
      for (const e of this.backends.values()) {
        if (e.backend.tickHealth) {
          await e.backend.tickHealth(now).catch((err) => {
            this.log?.warn({ key: this.key(e.primary, e.agent), err: errMsg(err) }, 'agent-pool: tickHealth threw');
          });
        }
      }
      const snaps = this.snapshots();
      const idle = selectIdleEvictionTargets(snaps, now, this.idleTtlMs);
      // LRU runs on what remains after idle eviction, so the two never double-evict.
      const idleSet = new Set(idle);
      const remaining = snaps.filter((s) => !idleSet.has(s.key));
      const lru = selectLruEvictionTargets(remaining, this.maxLive);
      const targets = [...idle, ...lru];
      if (targets.length === 0) return { evicted: [] };
      const evicted: string[] = [];
      for (const key of targets) {
        const entry = this.backends.get(key);
        if (!entry) continue;
        // Re-check busy right before teardown — a turn may have started since the
        // snapshot. Defensive; the decision already excluded busy at snapshot time.
        if (entry.backend.isBusy?.()) continue;
        this.backends.delete(key);
        try {
          await entry.backend.dispose();
        } catch (err) {
          this.log?.warn({ key, err: errMsg(err) }, 'agent-pool: backend dispose threw during eviction');
        }
        evicted.push(key);
      }
      if (evicted.length > 0) {
        this.log?.info({ evicted, size: this.backends.size }, 'agent-pool: evicted idle/over-cap backends');
      }
      return { evicted };
    } finally {
      this.sweeping = false;
    }
  }
  // ─── Phase 3: chat-close cleanup (3.3) ───────────────────────────────────────
  /**
   * Tear down every pooled backend whose key is for this chat. Used by the
   * chat-close hook. The opencode server is shared (keyed on a sentinel, not the
   * chat), so it is NOT disposed here — only its session is closed via
   * `closeSession`, which the hook calls directly with the per-(chat,agent)
   * handle. Returns the keys it removed. Skips busy entries (a close mid-turn is
   * rare but must not kill a live stream — the idle sweep reaps it shortly after).
   */
  async closeChat(chatId: string): Promise<string[]> {
    const removed: string[] = [];
    const prefix = `${chatId}:`;
    for (const [key, entry] of [...this.backends]) {
      if (!key.startsWith(prefix)) continue;
      if (entry.backend.isBusy?.()) continue;
      this.backends.delete(key);
      try {
        await entry.backend.dispose();
      } catch (err) {
        this.log?.warn({ key, err: errMsg(err) }, 'agent-pool: dispose threw during closeChat');
      }
      removed.push(key);
    }
    return removed;
  }
  /** Look up a backend by exact key without bumping its activity (for closeSession). */
  peek(primary: string, agent: string): AgentBackend | undefined {
    return this.backends.get(this.key(primary, agent))?.backend;
  }
  /** Dispose every backend and clear the map. Tolerates throwing backends. */
  async dispose(): Promise<void> {
    this.stopReaper();
    const entries = [...this.backends.values()];
    this.backends.clear();
-    await Promise.allSettled(entries.map((b) => b.dispose()));
+    await Promise.allSettled(entries.map((e) => e.backend.dispose()));
  }
 }
-/** Single shared instance — referenced only by the server's onClose hook in Phase 0. */
+function errMsg(e: unknown): string {
  return e instanceof Error ? e.message : String(e);
 }
 /**
 * The shared opencode server is pooled under a FIXED sentinel (one server per
 * BooCoder process, multiplexing all opencode sessions internally) rather than a
 * chat id — so it is NOT torn down by `closeChat(chatId)` (only its per-chat
 * session is closed). Exported so the dispatcher + the lifecycle close-hook agree
 * on the key without drift.
 */
 export const OPENCODE_POOL_KEY = '__opencode_server__';
 /** Single shared instance — registered by the dispatcher, swept + drained by the
 *  server's onClose hook. */
 export const agentPool = new AgentPool();
--- a/apps/coder/src/services/backends/tests/lifecycle-decisions.test.ts
+++ b/apps/coder/src/services/backends/tests/lifecycle-decisions.test.ts
@@ -0,0 +1,176 @@
 import { describe, it, expect } from 'vitest';
 import {
  selectIdleEvictionTargets,
  selectLruEvictionTargets,
  decideRestart,
  selectOrphanWorktreeTargets,
  DEFAULT_IDLE_TTL_MS,
  DEFAULT_MAX_LIVE_BACKENDS,
  type PoolEntrySnapshot,
 } from '../lifecycle-decisions.js';
 /**
 * v2.6 Phase 3 — pure lifecycle decisions. No DB, no children, no timers; `now`
 * is injected. Models prune.ts:selectPruneTargets — the caller acts on the keys.
 */
 const NOW = 1_000_000_000_000;
 function entry(key: string, ageMs: number, busy = false): PoolEntrySnapshot {
  return { key, lastActiveAt: NOW - ageMs, busy };
 }
 describe('selectIdleEvictionTargets (3.1)', () => {
  it('evicts entries idle past the TTL', () => {
    const entries = [
      entry('a:opencode', DEFAULT_IDLE_TTL_MS + 1),
      entry('b:goose', DEFAULT_IDLE_TTL_MS - 1),
    ];
    expect(selectIdleEvictionTargets(entries, NOW)).toEqual(['a:opencode']);
  });
  it('never evicts a busy entry even when idle past the TTL', () => {
    const entries = [entry('a:opencode', DEFAULT_IDLE_TTL_MS * 10, /* busy */ true)];
    expect(selectIdleEvictionTargets(entries, NOW)).toEqual([]);
  });
  it('respects a custom TTL', () => {
    const entries = [entry('a:goose', 5_000), entry('b:qwen', 500)];
    expect(selectIdleEvictionTargets(entries, NOW, 1_000)).toEqual(['a:goose']);
  });
  it('treats exactly-at-TTL as evictable (>=)', () => {
    expect(selectIdleEvictionTargets([entry('a:x', 1_000)], NOW, 1_000)).toEqual(['a:x']);
  });
  it('returns empty for an empty pool', () => {
    expect(selectIdleEvictionTargets([], NOW)).toEqual([]);
  });
 });
 describe('selectLruEvictionTargets (3.4)', () => {
  it('returns nothing when at or under the cap', () => {
    const entries = [entry('a:x', 10), entry('b:y', 20)];
    expect(selectLruEvictionTargets(entries, 2)).toEqual([]);
    expect(selectLruEvictionTargets(entries, 5)).toEqual([]);
  });
  it('evicts the least-recently-used beyond the cap', () => {
    // oldest first: c (300ms ago) is LRU, then a (100ms), then b (10ms).
    const entries = [entry('a:x', 100), entry('b:y', 10), entry('c:z', 300)];
    expect(selectLruEvictionTargets(entries, 2)).toEqual(['c:z']);
  });
  it('evicts multiple LRU entries to reach the cap', () => {
    const entries = [
      entry('a:x', 100),
      entry('b:y', 10),
      entry('c:z', 300),
      entry('d:w', 200),
    ];
    // cap 1: must remove 3, oldest-first c(300), d(200), a(100).
    expect(selectLruEvictionTargets(entries, 1)).toEqual(['c:z', 'd:w', 'a:x']);
  });
  it('never evicts a busy entry even if it is the LRU', () => {
    // c is LRU but busy → it cannot be evicted; fall to the next-oldest (a).
    const entries = [entry('a:x', 100), entry('b:y', 10), entry('c:z', 300, true)];
    expect(selectLruEvictionTargets(entries, 2)).toEqual(['a:x']);
  });
  it('can transiently exceed the cap when too many are busy', () => {
    // cap 1, but both old entries busy → only the single idle one is evictable.
    const entries = [entry('a:x', 100, true), entry('c:z', 300, true), entry('b:y', 10)];
    expect(selectLruEvictionTargets(entries, 1)).toEqual(['b:y']);
  });
  it('uses the default cap when omitted', () => {
    const entries = Array.from({ length: DEFAULT_MAX_LIVE_BACKENDS + 1 }, (_, i) =>
      entry(`k${String(i).padStart(2, '0')}:a`, (i + 1) * 1000),
    );
    const evicted = selectLruEvictionTargets(entries);
    // exactly one over the default cap → evict the single LRU (largest age).
    expect(evicted).toHaveLength(1);
    expect(evicted[0]).toBe(`k${String(DEFAULT_MAX_LIVE_BACKENDS).padStart(2, '0')}:a`);
  });
 });
 describe('decideRestart (3.2, busy-aware)', () => {
  const base = {
    consecutiveFailures: 0,
    busy: false,
    unhealthyBusySince: 0,
    now: NOW,
    failureThreshold: 3,
    staleBusyGraceMs: 120_000,
  };
  it('does nothing when healthy', () => {
    expect(decideRestart({ ...base, processExited: false, healthy: true }))
      .toEqual({ action: 'none', reason: 'healthy' });
  });
  it('restarts immediately when the process exited', () => {
    expect(decideRestart({ ...base, processExited: true, busy: true }))
      .toEqual({ action: 'restart', reason: 'process-exited' });
  });
  it('waits below the failure threshold', () => {
    expect(decideRestart({ ...base, processExited: false, consecutiveFailures: 2 }))
      .toEqual({ action: 'wait', reason: 'below-threshold' });
  });
  it('restarts at the threshold when idle', () => {
    expect(decideRestart({ ...base, processExited: false, consecutiveFailures: 3 }))
      .toEqual({ action: 'restart', reason: 'threshold' });
  });
  it('defers a restart while busy within the grace window', () => {
    expect(decideRestart({
      ...base, processExited: false, consecutiveFailures: 5, busy: true,
      unhealthyBusySince: NOW - 1_000,
    })).toEqual({ action: 'wait', reason: 'busy-grace' });
  });
  it('force-restarts a busy backend after the stale-busy grace', () => {
    expect(decideRestart({
      ...base, processExited: false, consecutiveFailures: 5, busy: true,
      unhealthyBusySince: NOW - 120_001,
    })).toEqual({ action: 'restart', reason: 'stale-busy-grace' });
  });
  it('waits (busy-grace) when busy + threshold but the window just started', () => {
    // unhealthyBusySince === 0 means the caller is about to stamp it this cycle.
    expect(decideRestart({
      ...base, processExited: false, consecutiveFailures: 5, busy: true,
      unhealthyBusySince: 0,
    })).toEqual({ action: 'wait', reason: 'busy-grace' });
  });
 });
 describe('selectOrphanWorktreeTargets (3.4)', () => {
  it('skips dirs tracked by a live worktrees row', () => {
    const onDisk = [{ path: '/wt/sess-a', mtimeMs: NOW - 10_000_000 }];
    expect(selectOrphanWorktreeTargets(onDisk, new Set(['/wt/sess-a']), NOW, 1000)).toEqual([]);
  });
  it('reaps an untracked dir older than the grace', () => {
    const onDisk = [{ path: '/wt/sess-orphan', mtimeMs: NOW - 5000 }];
    expect(selectOrphanWorktreeTargets(onDisk, new Set(), NOW, 1000)).toEqual(['/wt/sess-orphan']);
  });
  it('never reaps a dir younger than the grace (mid-create race)', () => {
    const onDisk = [{ path: '/wt/sess-fresh', mtimeMs: NOW - 500 }];
    expect(selectOrphanWorktreeTargets(onDisk, new Set(), NOW, 1000)).toEqual([]);
  });
  it('mixes tracked, fresh, and orphaned correctly', () => {
    const onDisk = [
      { path: '/wt/sess-live', mtimeMs: NOW - 10_000 },
      { path: '/wt/sess-fresh', mtimeMs: NOW - 100 },
      { path: '/wt/sess-orphan', mtimeMs: NOW - 10_000 },
    ];
    expect(selectOrphanWorktreeTargets(onDisk, new Set(['/wt/sess-live']), NOW, 1000))
      .toEqual(['/wt/sess-orphan']);
  });
 });
--- a/apps/coder/src/services/backends/lifecycle-decisions.ts
+++ b/apps/coder/src/services/backends/lifecycle-decisions.ts
@@ -0,0 +1,197 @@
 /**
 * v2.6 Phase 3 — pure lifecycle decision helpers.
 *
 * The eviction / LRU-cap / busy-aware-restart / reaper-target logic, factored out
 * of AgentPool + the backends + the periodic sweeper so it's unit-testable with no
 * DB, no child processes, no timers (modeled on
 * apps/server/src/services/inference/prune.ts:selectPruneTargets — a pure decision
 * core the caller acts on).
 *
 * Three decisions live here:
 *   1. selectIdleEvictionTargets — which warm backends to evict for being idle.
 *   2. selectLruEvictionTargets — which warm backends to evict to honour a max-live
 *      cap (least-recently-used beyond the cap), NEVER a busy one.
 *   3. shouldRestartCrashedBackend (busy-aware) — openchamber's skip-while-busy +
 *      stale-grace state machine, re-implemented for BooCode's per-(chat,agent) pool.
 *
 * "Busy" = the backend has an in-flight turn. The hard rule (design §6, decisions):
 * never evict or force-restart a busy backend; defer with a stale-grace.
 */
 // ─── Idle TTL eviction (3.1) ─────────────────────────────────────────────────
 /** Default idle TTL before a warm backend/session is evicted (design §6 ~30 min). */
 export const DEFAULT_IDLE_TTL_MS = 30 * 60 * 1000;
 /** A pool entry as the decision helpers see it (no backend internals). */
 export interface PoolEntrySnapshot {
  /** Pool key `${primary}:${agent}` — opaque to the decision, used for selection. */
  key: string;
  /** Epoch ms of the last turn activity (start or settle) on this backend. */
  lastActiveAt: number;
  /** True iff a turn is in flight right now. Busy entries are never evicted. */
  busy: boolean;
 }
 /**
 * Idle eviction: an entry is evictable when it has been idle (no turn) for longer
 * than `ttlMs` AND is not currently busy. Returns the keys to evict.
 *
 * Pure: `now` is injected so tests don't depend on wall-clock. Busy entries are
 * categorically excluded — a long-running turn that exceeds the TTL must NOT be
 * torn down mid-stream (the §6 / openchamber busy rule).
 */
 export function selectIdleEvictionTargets(
  entries: ReadonlyArray<PoolEntrySnapshot>,
  now: number,
  ttlMs: number = DEFAULT_IDLE_TTL_MS,
 ): string[] {
  const out: string[] = [];
  for (const e of entries) {
    if (e.busy) continue;
    if (now - e.lastActiveAt >= ttlMs) out.push(e.key);
  }
  return out;
 }
 // ─── LRU cap (3.4) ───────────────────────────────────────────────────────────
 /** Default max live warm backends/worktrees before the LRU cap evicts (env-overridable). */
 export const DEFAULT_MAX_LIVE_BACKENDS = 10;
 /**
 * LRU cap: when more than `cap` non-busy entries are live, evict the
 * least-recently-used ones (oldest `lastActiveAt` first) until at most `cap`
 * remain. Busy entries are never evicted AND are not counted toward the cap's
 * "kept" budget being freed — i.e. we only ever evict idle entries, so a burst of
 * concurrent busy turns can transiently exceed the cap rather than kill live work.
 *
 * Returns the keys to evict, least-recently-used first. Pure / deterministic:
 * ties broken by key for stable test output.
 */
 export function selectLruEvictionTargets(
  entries: ReadonlyArray<PoolEntrySnapshot>,
  cap: number = DEFAULT_MAX_LIVE_BACKENDS,
 ): string[] {
  if (cap < 0) cap = 0;
  if (entries.length <= cap) return [];
  // Only idle entries are eligible to be evicted.
  const evictable = entries
    .filter((e) => !e.busy)
    .sort((a, b) => a.lastActiveAt - b.lastActiveAt || (a.key < b.key ? -1 : a.key > b.key ? 1 : 0));
  // We must shrink total live count down to `cap`. Busy entries can't be evicted,
  // so the number we CAN remove is bounded by the evictable pool; evict the oldest
  // (total - cap) of them, never more than exist.
  const overBy = entries.length - cap;
  const toEvict = evictable.slice(0, Math.max(0, overBy));
  return toEvict.map((e) => e.key);
 }
 // ─── Busy-aware crash restart (3.2) — openchamber lift ───────────────────────
 /**
 * Default grace after which a backend that has stayed unhealthy WHILE busy is
 * force-restarted anyway (openchamber's STALE_BUSY_GRACE_MS = 2 min). Guards
 * against a permanently-stuck "busy" turn wedging recovery forever.
 */
 export const DEFAULT_STALE_BUSY_GRACE_MS = 2 * 60 * 1000;
 /** Default consecutive health-check failures before a restart is attempted. */
 export const DEFAULT_HEALTH_FAILURE_THRESHOLD = 3;
 export interface RestartDecisionInput {
  /** True iff the process is actually dead (exited). A dead process restarts
   *  immediately regardless of busy/threshold — there's nothing to protect. */
  processExited: boolean;
  /** Consecutive failed health probes so far (including the current one). */
  consecutiveFailures: number;
  /** Whether the backend currently has an in-flight turn. */
  busy: boolean;
  /** Epoch ms when the unhealthy-while-busy window started, or 0 if not in one. */
  unhealthyBusySince: number;
  /** Injected clock. */
  now: number;
  failureThreshold?: number;
  staleBusyGraceMs?: number;
 }
 export type RestartDecision =
  | { action: 'restart'; reason: 'process-exited' | 'threshold' | 'stale-busy-grace' }
  | { action: 'wait'; reason: 'below-threshold' | 'busy-grace' }
  | { action: 'none'; reason: 'healthy' };
 /**
 * Decide whether to restart a backend after a health probe. Mirrors
 * openchamber's `runHealthCheckCycle` + `shouldSkipRestartForBusySessions`,
 * re-implemented as a pure function over injected state (the caller owns the
 * mutable counters + the actual restart side-effect).
 *
 * Order (matches openchamber):
 *   - process exited            → restart now (nothing live to protect).
 *   - below failure threshold   → wait (transient blip; the next probe re-checks).
 *   - threshold reached + idle   → restart now.
 *   - threshold reached + busy   → skip UNLESS the unhealthy-busy window exceeded
 *                                  the stale grace, then force restart.
 *
 * `healthy: true` callers don't reach here; included for completeness so the
 * caller can pass through and reset counters on a single code path.
 */
 export function decideRestart(input: RestartDecisionInput & { healthy?: boolean }): RestartDecision {
  if (input.healthy) return { action: 'none', reason: 'healthy' };
  if (input.processExited) return { action: 'restart', reason: 'process-exited' };
  const threshold = input.failureThreshold ?? DEFAULT_HEALTH_FAILURE_THRESHOLD;
  if (input.consecutiveFailures < threshold) {
    return { action: 'wait', reason: 'below-threshold' };
  }
  if (!input.busy) {
    return { action: 'restart', reason: 'threshold' };
  }
  // Busy + unhealthy at/over threshold: defer, but not forever.
  const grace = input.staleBusyGraceMs ?? DEFAULT_STALE_BUSY_GRACE_MS;
  if (input.unhealthyBusySince > 0 && input.now - input.unhealthyBusySince >= grace) {
    return { action: 'restart', reason: 'stale-busy-grace' };
  }
  return { action: 'wait', reason: 'busy-grace' };
 }
 // ─── Orphan worktree reaper target selection (3.4) ───────────────────────────
 /** Default TTL: an on-disk worktree dir with no live `worktrees` row is reaped
 *  only after it's been orphaned at least this long (mtime-based grace so a
 *  just-created dir mid-`ensureSessionWorktree` race is never swept). */
 export const DEFAULT_ORPHAN_WORKTREE_GRACE_MS = 60 * 60 * 1000; // 1h
 export interface OnDiskWorktree {
  /** Absolute path of the worktree dir on disk. */
  path: string;
  /** Last-modified epoch ms of the dir (newest of dir + contents, caller's choice). */
  mtimeMs: number;
 }
 /**
 * Reaper target selection: which on-disk worktree dirs are orphans safe to
 * inspect-and-reap. An orphan is a dir under the worktree base that has NO live
 * `worktrees` row (path not in `liveWorktreePaths`) AND whose mtime is older than
 * the grace window (so an in-flight create isn't swept).
 *
 * Pure — the caller (the sweeper) then runs the at-risk preflight (dirty/unpushed)
 * on each returned path and only physically removes the SAFE ones. This helper
 * never decides to remove work-at-risk; it only narrows the candidate set.
 */
 export function selectOrphanWorktreeTargets(
  onDisk: ReadonlyArray<OnDiskWorktree>,
  liveWorktreePaths: ReadonlySet<string>,
  now: number,
  graceMs: number = DEFAULT_ORPHAN_WORKTREE_GRACE_MS,
 ): string[] {
  const out: string[] = [];
  for (const w of onDisk) {
    if (liveWorktreePaths.has(w.path)) continue; // tracked → not an orphan
    if (now - w.mtimeMs < graceMs) continue; // too fresh → could be mid-create
    out.push(w.path);
  }
  return out;
 }
--- a/apps/coder/src/services/backends/opencode-server.ts
+++ b/apps/coder/src/services/backends/opencode-server.ts
@@ -21,9 +21,9 @@
 *   - promptAsync is fire-and-forget (204); the turn completes via a
 *     'session.idle' event for that opencode session id.
 */
-import { spawn, type ChildProcess } from 'node:child_process';
+import { spawn, spawnSync, type ChildProcess } from 'node:child_process';
 import { createHash } from 'node:crypto';
-import { createServer } from 'node:net';
+import { createServer, connect as netConnect } from 'node:net';
 import type { FastifyBaseLogger } from 'fastify';
 import {
  createOpencodeClient,
@@ -39,6 +39,7 @@ import type { Sql } from '../../db.js';
 import type { AcpToolSnapshot } from '../acp-tool-snapshot.js';
 import { armAbortGuard, noteTurnActivity, consumeTerminal } from './turn-guard.js';
 import { stepEndedToUsage, type StepUsage } from './opencode-usage.js';
 import { decideRestart, DEFAULT_HEALTH_FAILURE_THRESHOLD } from './lifecycle-decisions.js';
 import type {
  AgentBackend,
  AgentEvent,
@@ -104,6 +105,11 @@ export class OpenCodeServerBackend implements AgentBackend {
  private port: number | null = null;
  private up = false;
  private serverStarting: Promise<void> | null = null;
  // Phase 3 busy-aware health monitor (openchamber lift): consecutive failed
  // probes + the start of an unhealthy-while-busy window feed `decideRestart`.
  private consecutiveHealthFailures = 0;
  private unhealthyBusySince = 0;
  private restarting: Promise<void> | null = null;
  /** opencode session id → demux state. Maintained by ensureSession; read by the SSE loop. */
  private readonly byOpencodeId = new Map<string, SessionState>();
@@ -119,11 +125,30 @@ export class OpenCodeServerBackend implements AgentBackend {
    return this.up ? 'up' : 'down';
  }
-  // ─── Server lifecycle (1.2: spawn once + client + ready) ─────────────────────
+  /** Phase 3: busy iff ANY pooled opencode session has an in-flight turn. The
   *  pool reads this to skip idle/LRU eviction and the health-monitor to defer a
   *  restart (never tear down a session mid-stream). */
  isBusy(): boolean {
    for (const st of this.byOpencodeId.values()) {
      if (st.activeTurn) return true;
    }
    return false;
  }
-  /** Lazy: start the single server on first use. Idempotent — one server per backend. */
+  // ─── Server lifecycle (1.2: spawn once + client + ready; Phase 3 crash-restart) ──
  /**
   * Lazy: start the single server on first use; re-spawn after a crash. Idempotent
   * within one live server — `serverStarting` caches the in-flight start, and is
   * reset to null by the crash handler so the NEXT ensureServer re-spawns a fresh
   * server (Phase 3 crash recovery). A dead-but-not-yet-reaped child (exit handler
   * raced) is also treated as needing a restart.
   */
  private ensureServer(): Promise<void> {
-    if (!this.serverStarting) this.serverStarting = this.startServer();
+    const childDead = this.child != null && (this.child.exitCode !== null || this.child.signalCode !== null);
    if (!this.serverStarting || (!this.up && childDead)) {
      this.serverStarting = this.startServer();
    }
    return this.serverStarting;
  }
@@ -143,11 +168,15 @@ export class OpenCodeServerBackend implements AgentBackend {
    this.port = port;
    // Child lifetime is the backend's (the pool's), NOT a request's. We never tie
-    // it to a per-turn abort signal. On unexpected exit we mark down + log; crash
+    // it to a per-turn abort signal. Phase 3: on unexpected exit we recover —
-    // recovery is Phase 3.
+    // settle any in-flight turns as failed, mark their agent_sessions rows crashed,
    // and reset `serverStarting` so the next ensureServer re-spawns. opencode keeps
    // sessions on disk, but a fresh server's in-memory state is gone, so the next
    // turn's ensureSession (rows now 'crashed') creates fresh opencode sessions.
    child.on('exit', (code, signal) => {
-      this.up = false;
+      // Only react to THIS child's exit (a restart may have swapped in a new one).
-      this.log.warn({ code, signal, port }, 'opencode-server: child exited (recovery is Phase 3)');
+      if (this.child !== child) return;
      this.handleServerCrash(code, signal, port);
    });
    await waitForReady(child, READY_TIMEOUT_MS);
@@ -157,6 +186,136 @@ export class OpenCodeServerBackend implements AgentBackend {
    this.log.info({ port }, 'opencode-server: ready');
  }
  /**
   * Crash handler (Phase 3, lift of openchamber's restart-on-exit path). The
   * server died with N live opencode sessions; we can't restart it here (the next
   * turn does, lazily — avoids a restart storm if the binary is broken). We:
   *   1. fail every in-flight turn so its dispatcher unblocks + publishes an error,
   *   2. mark each session's agent_sessions row 'crashed' so ensureSession won't
   *      resume a now-dead native session id (it creates fresh),
   *   3. tear down the SSE loops + demux state (stale against the dead server),
   *   4. reclaim the port + reset state so the next ensureServer re-spawns.
   */
  private handleServerCrash(code: number | null, signal: NodeJS.Signals | null, port: number): void {
    this.up = false;
    const states = [...this.byOpencodeId.values()];
    this.log.warn(
      { code, signal, port, liveSessions: states.length },
      'opencode-server: child exited — recovering (fail in-flight, mark crashed, re-spawn next turn)',
    );
    const crashedIds: string[] = [];
    for (const st of states) {
      st.sseAbort?.abort();
      if (st.activeTurn) {
        st.activeTurn.settle({ ok: false, error: 'opencode server crashed mid-turn' });
        st.activeTurn = null;
      }
      if (st.watchdog) {
        clearTimeout(st.watchdog);
        st.watchdog = null;
      }
      crashedIds.push(st.agentSessionId);
    }
    // Drop the demux map: every session id is stale against a fresh server.
    this.byOpencodeId.clear();
    this.client = null;
    this.serverStarting = null; // force a re-spawn on the next ensureServer
    if (crashedIds.length > 0) {
      this.sql`
        UPDATE agent_sessions SET status = 'crashed'
        WHERE agent_session_id = ANY(${crashedIds}) AND status <> 'closed'
      `.catch((err) => {
        this.log.warn({ err: errMsg(err) }, 'opencode-server: failed to mark crashed sessions (non-fatal)');
      });
    }
    // Reclaim the port so a re-spawn on a fixed/leaked port isn't blocked. Best
    // effort; the next start uses a fresh ephemeral port anyway.
    reclaimPort(port);
  }
  /**
   * Phase 3 proactive health monitor (openchamber `runHealthCheckCycle` lift,
   * busy-aware). Probes the server's /global/health; on a sustained failure of a
   * NON-busy server, force a restart so the next turn isn't blocked by a wedged
   * (hung-but-not-exited) process. Busy servers are deferred via the stale-grace in
   * `decideRestart` — never tear down live work. Driven by the pool's periodic
   * sweep (best-effort; a crash-exit is already handled by `handleServerCrash` +
   * lazy `ensureServer` re-spawn, so this only catches the hung case). No-op when
   * the server was never started or a restart is already in flight.
   */
  async tickHealth(now: number = Date.now()): Promise<void> {
    if (!this.child || this.restarting) return;
    const childExited = this.child.exitCode !== null || this.child.signalCode !== null;
    // An exited child is recovered lazily by ensureServer; don't double-restart it.
    if (childExited) return;
    const healthy = await this.probeHealth();
    if (healthy) {
      this.consecutiveHealthFailures = 0;
      this.unhealthyBusySince = 0;
      return;
    }
    this.consecutiveHealthFailures += 1;
    const busy = this.isBusy();
    const decision = decideRestart({
      processExited: false,
      consecutiveFailures: this.consecutiveHealthFailures,
      busy,
      unhealthyBusySince: this.unhealthyBusySince,
      now,
      failureThreshold: DEFAULT_HEALTH_FAILURE_THRESHOLD,
    });
    // Stamp the start of an unhealthy-while-busy window so the stale-grace can fire.
    if (busy && this.unhealthyBusySince === 0) this.unhealthyBusySince = now;
    if (decision.action === 'restart') {
      this.log.warn(
        { failures: this.consecutiveHealthFailures, busy, reason: decision.reason },
        'opencode-server: health monitor forcing restart',
      );
      this.consecutiveHealthFailures = 0;
      this.unhealthyBusySince = 0;
      await this.restartServer();
    }
  }
  private async probeHealth(): Promise<boolean> {
    if (!this.client) return false;
    try {
      const res = await this.client.global.health();
      return !res.error;
    } catch {
      return false;
    }
  }
  /** Force-kill the current server + reclaim its port; the next ensureServer
   *  re-spawns (lazy). Mirrors handleServerCrash's state reset but is initiated by
   *  the health monitor rather than the OS. */
  private async restartServer(): Promise<void> {
    if (this.restarting) return this.restarting;
    this.restarting = (async () => {
      const child = this.child;
      const port = this.port;
      this.up = false;
      // Fail in-flight turns + mark sessions crashed via the same path as a crash.
      if (child) {
        this.handleServerCrash(null, null, port ?? 0);
        if (!child.killed) child.kill('SIGTERM');
      }
      if (port) {
        reclaimPort(port);
        await waitForPortRelease(port, 3_000);
      }
      this.child = null;
    })().finally(() => {
      this.restarting = null;
    });
    return this.restarting;
  }
  // ─── SSE read loop + demux + translate (1.3) + dedup (1.4) ───────────────────
  /** Per-session SSE subscription, scoped to the session's worktree directory.
@@ -756,6 +915,67 @@ function mapToolStatus(s: ToolState['status'] | undefined): ToolCallStatus | nul
  }
 }
 /**
 * Reclaim a loopback port a dead opencode child may still hold (lift of
 * openchamber `killProcessOnPort`). Best-effort, POSIX-only (`lsof`/`kill`); a
 * failure is harmless because the next spawn allocates a fresh ephemeral port.
 * Never kills this process. Synchronous + short-timeout so the crash handler
 * doesn't block.
 */
 function reclaimPort(port: number | null): void {
  if (!port || process.platform === 'win32') return;
  try {
    const res = spawnSync('lsof', ['-ti', `:${port}`], { encoding: 'utf8', timeout: 3_000, windowsHide: true });
    const out = res.stdout || '';
    const myPid = process.pid;
    for (const pidStr of out.split(/\s+/)) {
      const pid = parseInt(pidStr.trim(), 10);
      if (pid && pid !== myPid) {
        try {
          spawnSync('kill', ['-9', String(pid)], { stdio: 'ignore', timeout: 2_000 });
        } catch {
          // ignore — best effort
        }
      }
    }
  } catch {
    // lsof absent or failed — the fresh-ephemeral-port spawn doesn't need this.
  }
 }
 /**
 * Resolve true once nothing is listening on `port` (lift of openchamber
 * `waitForPortRelease`). Used before re-spawning on a fixed port; with ephemeral
 * ports it's a fast no-op. Probes 127.0.0.1; resolves false at the deadline.
 */
 function waitForPortRelease(port: number, timeoutMs: number): Promise<boolean> {
  const deadline = Date.now() + timeoutMs;
  return new Promise((resolve) => {
    const attempt = () => {
      const socket = netConnect({ port, host: '127.0.0.1' });
      let settled = false;
      const finish = (released: boolean) => {
        if (settled) return;
        settled = true;
        socket.removeAllListeners();
        socket.destroy();
        if (released || Date.now() >= deadline) {
          resolve(released);
          return;
        }
        setTimeout(attempt, 150);
      };
      socket.once('connect', () => finish(false));
      socket.once('error', (err: NodeJS.ErrnoException) => {
        if (err && (err.code === 'ECONNREFUSED' || err.code === 'EHOSTUNREACH')) finish(true);
        else finish(false);
      });
      socket.setTimeout(500, () => finish(true));
    };
    attempt();
  });
 }
 /** Bind-probe an ephemeral port on loopback. */
 function freePort(): Promise<number> {
  return new Promise((resolve, reject) => {
--- a/apps/coder/src/services/backends/warm-acp.ts
+++ b/apps/coder/src/services/backends/warm-acp.ts
@@ -132,6 +132,12 @@ export class WarmAcpBackend implements AgentBackend {
    return this.up ? 'up' : 'down';
  }
  /** Phase 3: busy iff this backend's single session has an in-flight turn. The
   *  pool reads this to skip idle/LRU eviction (never kill the child mid-prompt). */
  isBusy(): boolean {
    return this.activeTurn != null;
  }
  // ─── warm-process lifecycle (2.1 spawn + initialize + session/new ONCE) ───────
  /** Lazy: spawn the warm process on first use. Idempotent — one process per backend. */
--- a/apps/coder/src/services/dispatcher.ts
+++ b/apps/coder/src/services/dispatcher.ts
@@ -12,7 +12,7 @@ import { clearTaskCommands, setTaskCommands } from './agent-commands-cache.js';
 import { getManifestCommands } from './provider-commands.js';
 import { persistExternalAgentTurn } from './agent-turn-persist.js';
 import { snapshotToWireToolCall, type AcpToolSnapshot } from './acp-tool-snapshot.js';
-import { agentPool } from './agent-pool.js';
+import { agentPool, OPENCODE_POOL_KEY } from './agent-pool.js';
 import { OpenCodeServerBackend } from './backends/opencode-server.js';
 import { WarmAcpBackend } from './backends/warm-acp.js';
 import { shouldUseWarmBackend } from './backends/warm-acp-routing.js';
@@ -499,9 +499,8 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
  // OpenCode runs ONE server per BooCoder process, shared across all sessions
  // (the backend multiplexes sessions internally), so it's pooled under a fixed
-  // key rather than per-session. Warm ACP backends (Phase 2) will be per-session.
+  // key (OPENCODE_POOL_KEY, shared with the lifecycle close-hook) rather than
-  const OPENCODE_POOL_KEY = '__opencode_server__';
+  // per-session. Warm ACP backends (Phase 2) are per (chat, agent).
  function getOpenCodeBackend(installPath: string | null): AgentBackend {
    let backend = agentPool.get(OPENCODE_POOL_KEY, 'opencode');
    if (!backend) {
@@ -710,6 +709,9 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
        signal: ac.signal,
        onEvent,
      });
      // Phase 3: keep the pooled backend's slot warm across this (possibly long)
      // turn so the idle sweep measures from turn END, not start.
      agentPool.touch(OPENCODE_POOL_KEY, agent);
      // Flush any text held back mid-tag at stream end (complete tags stripped).
      const dcpTail = dcp.flush();
@@ -962,6 +964,8 @@ export function createDispatcher(deps: Deps): { start(): void; stop(): Promise<v
        taskId,
        modeId: task.mode_id ?? undefined,
      });
      // Phase 3: keep the pooled (chat,agent) backend warm across the turn.
      agentPool.touch(chatId, agent);
      const assistantContent = textChunks.join('').slice(0, 50_000);
      const reasoningText = reasoningChunks.join('').slice(0, 200_000);
--- a/apps/coder/src/services/orphan-worktree-reaper.ts
+++ b/apps/coder/src/services/orphan-worktree-reaper.ts
@@ -0,0 +1,170 @@
 /**
 * v2.6 Phase 3 (3.4) — orphan worktree reaper.
 *
 * Reclaims on-disk session worktree dirs under WORKTREE_BASE that have NO live
 * (`status='active'`) row in the `worktrees` table — leaks from a crash between
 * `git worktree add` and the DB insert, a missed chat-close hook, or a manual rm
 * of the DB row. Extends the periodic-sweeper pattern (apps/server's truncation +
 * stale-streaming reaper).
 *
 * SAFETY (Paseo worktree-archive cascade + superset destroy-saga lift): before
 * removing ANY dir, run `checkWorktreeWorkAtRisk` — a dirty / unpushed / unmerged
 * worktree is SKIPPED (logged), never force-removed. The pure orphan-target
 * selection (which dirs are candidates) lives in
 * `backends/lifecycle-decisions.ts:selectOrphanWorktreeTargets` and is unit-tested;
 * this module does the DB read + fs stat + git preflight + removal side-effects.
 *
 * The mtime grace (default 1h) means a dir mid-`ensureSessionWorktree` (created on
 * disk, row not yet committed) is never swept — the grace window covers the gap.
 */
 import { readdir, stat } from 'node:fs/promises';
 import { join } from 'node:path';
 import type { FastifyBaseLogger } from 'fastify';
 import type { Sql } from '../db.js';
 import { WORKTREE_BASE, checkWorktreeWorkAtRisk } from './worktrees.js';
 import { hostExec } from './host-exec.js';
 import {
  selectOrphanWorktreeTargets,
  DEFAULT_ORPHAN_WORKTREE_GRACE_MS,
 } from './backends/lifecycle-decisions.js';
 export interface OrphanWorktreeReaperDeps {
  sql: Sql;
  log: FastifyBaseLogger;
  intervalMs: number;
  graceMs?: number;
 }
 export interface OrphanReaperResult {
  scanned: number;
  candidates: number;
  reaped: string[];
  skippedAtRisk: string[];
 }
 /** Single-pass reap: select orphan candidates, preflight at-risk, remove the safe. */
 export async function reapOrphanWorktrees(
  sql: Sql,
  log: FastifyBaseLogger,
  graceMs: number = DEFAULT_ORPHAN_WORKTREE_GRACE_MS,
  now: number = Date.now(),
 ): Promise<OrphanReaperResult> {
  // Enumerate on-disk session worktree dirs (`sess-*`). Per-task worktrees
  // (arena/new_task/MCP) are cleaned up inline by the one-shot path, so we only
  // own the persistent session dirs the warm paths leave behind.
  let dirents: string[];
  try {
    dirents = await readdir(WORKTREE_BASE);
  } catch {
    return { scanned: 0, candidates: 0, reaped: [], skippedAtRisk: [] }; // base absent → nothing to do
  }
  const onDisk: { path: string; mtimeMs: number }[] = [];
  for (const name of dirents) {
    if (!name.startsWith('sess-')) continue; // only persistent session worktrees
    const path = join(WORKTREE_BASE, name);
    try {
      const s = await stat(path);
      if (!s.isDirectory()) continue;
      onDisk.push({ path, mtimeMs: s.mtimeMs });
    } catch {
      // vanished between readdir and stat — skip
    }
  }
  // Live worktree paths from the DB (active rows only — archived/removed rows are
  // not "live", so their leftover dirs are reapable orphans).
  const liveRows = await sql<{ path: string }[]>`
    SELECT path FROM worktrees WHERE status = 'active'
  `;
  const live = new Set(liveRows.map((r) => r.path));
  const candidates = selectOrphanWorktreeTargets(onDisk, live, now, graceMs);
  const reaped: string[] = [];
  const skippedAtRisk: string[] = [];
  for (const path of candidates) {
    // Preflight: never reap work at risk. A git error forces atRisk=true (fail
    // closed), so a half-broken worktree is kept, not silently destroyed.
    const risk = await checkWorktreeWorkAtRisk(path);
    if (risk.atRisk) {
      skippedAtRisk.push(path);
      log.warn({ path, dirty: risk.dirty, unmerged: risk.unmerged, error: risk.error }, 'orphan-reaper: skipping at-risk orphan worktree');
      continue;
    }
    const removed = await removeOrphanDir(path);
    if (removed) reaped.push(path);
  }
  if (reaped.length > 0 || skippedAtRisk.length > 0) {
    log.info({ scanned: onDisk.length, candidates: candidates.length, reaped, skippedAtRisk }, 'orphan-reaper: pass complete');
  }
  return { scanned: onDisk.length, candidates: candidates.length, reaped, skippedAtRisk };
 }
 /**
 * Remove a single orphan worktree dir. Resolve its main repo via the git
 * common-dir, run `worktree remove --force` from there + prune, then rm the dir as
 * a backstop. Best-effort: every step is independently fault-tolerant so a partial
 * state (dir present, git untracked) still gets reclaimed.
 */
 async function removeOrphanDir(path: string): Promise<boolean> {
  // Find the owning repo (the common git dir's parent). When the dir isn't a valid
  // worktree anymore, this fails and we fall back to a plain rm.
  const common = await hostExec(
    `git -C ${shellEscape(path)} rev-parse --path-format=absolute --git-common-dir`,
    { timeoutMs: 10_000 },
  ).catch(() => null);
  const commonDir = common && common.exitCode === 0 ? common.stdout.trim() : '';
  // The repo worktree root is the parent of the .git common dir (strip trailing /.git).
  const repoRoot = commonDir.replace(/\/\.git\/?$/, '').replace(/\/\.git$/, '');
  if (repoRoot && repoRoot !== commonDir) {
    await hostExec(
      `git -C ${shellEscape(repoRoot)} worktree remove ${shellEscape(path)} --force`,
      { timeoutMs: 15_000 },
    ).catch(() => {});
    await hostExec(
      `git -C ${shellEscape(repoRoot)} worktree prune`,
      { timeoutMs: 10_000 },
    ).catch(() => {});
  }
  // Backstop: ensure the dir is gone even if the git remove no-op'd.
  const rm = await hostExec(`rm -rf ${shellEscape(path)}`, { timeoutMs: 15_000 }).catch(() => null);
  return rm != null && rm.exitCode === 0;
 }
 /** Minimal single-quote shell escape (mirrors worktrees.ts). */
 function shellEscape(s: string): string {
  return "'" + s.replace(/'/g, "'\\''") + "'";
 }
 /** Periodic orphan-worktree reaper, started/stopped by the bootstrap. Unref'd. */
 export function createOrphanWorktreeReaper(deps: OrphanWorktreeReaperDeps): { start(): void; stop(): void } {
  const { sql, log, intervalMs } = deps;
  const graceMs = deps.graceMs ?? DEFAULT_ORPHAN_WORKTREE_GRACE_MS;
  let timer: ReturnType<typeof setInterval> | null = null;
  let running = false;
  return {
    start() {
      if (timer) return;
      timer = setInterval(() => {
        if (running) return; // a slow pass must not overlap the next tick
        running = true;
        void reapOrphanWorktrees(sql, log, graceMs)
          .catch((err) => log.warn({ err: err instanceof Error ? err.message : String(err) }, 'orphan-reaper: pass error'))
          .finally(() => {
            running = false;
          });
      }, intervalMs);
      timer.unref?.();
      log.info({ intervalMs, graceMs }, 'orphan-reaper: started');
    },
    stop() {
      if (timer) {
        clearInterval(timer);
        timer = null;
      }
    },
  };
 }
--- a/apps/coder/src/services/worktrees.ts
+++ b/apps/coder/src/services/worktrees.ts
@@ -9,7 +9,7 @@
 import type { Sql } from '../db.js';
 import { hostExec } from './host-exec.js';
-const WORKTREE_BASE = '/tmp/booworktrees';
+export const WORKTREE_BASE = '/tmp/booworktrees';
 /**
 * Create a git worktree for a task on the host.
@@ -197,6 +197,187 @@ export async function ensureSessionWorktree(
  };
 }
 /**
 * v2.6 Phase 3 (3.3 / 3.4): physically remove a session's persistent worktree —
 * the git worktree dir + its branch — and archive its `worktrees` row. Used by the
 * chat/session-close hook (when the last chat in a session closes) and the orphan
 * reaper. Best-effort on the git side (a dir already gone is not an error); the DB
 * row is flipped to 'archived' (soft-delete, Paseo's worktree-archive pattern) so
 * history/attribution survives and a re-run is idempotent.
 *
 * SAFETY: callers MUST run `checkWorktreeWorkAtRisk` first and skip at-risk
 * worktrees — this function force-removes (`--force`), so it never silently drops
 * uncommitted/unmerged work unless the caller already cleared/accepted the risk.
 */
 export async function removeSessionWorktree(
  sql: Sql,
  projectPath: string,
  worktree: { id: string; path: string; branch?: string | null },
  opts?: { signal?: AbortSignal },
 ): Promise<void> {
  await hostExec(
    `git -C ${shellEscape(projectPath)} worktree remove ${shellEscape(worktree.path)} --force`,
    { signal: opts?.signal, timeoutMs: 15_000 },
  ).catch(() => {});
  const branch = worktree.branch ?? null;
  if (branch) {
    await hostExec(
      `git -C ${shellEscape(projectPath)} branch -D ${shellEscape(branch)}`,
      { signal: opts?.signal, timeoutMs: 10_000 },
    ).catch(() => {});
  }
  // Prune any stale worktree administrative entries left behind by a partial remove.
  await hostExec(
    `git -C ${shellEscape(projectPath)} worktree prune`,
    { signal: opts?.signal, timeoutMs: 10_000 },
  ).catch(() => {});
  await sql`UPDATE worktrees SET status = 'archived' WHERE id = ${worktree.id}`.catch(() => {});
 }
 /**
 * v2.6 Phase 3 (3.3): the chat-close cleanup. Mark every `agent_sessions` row for
 * the chat 'closed', then — only if this was the session's LAST open chat — remove
 * the shared session worktree (a worktree is one-per-session, shared across the
 * session's chat tabs, so closing one tab must not pull the rug from sibling tabs).
 *
 * Returns what it did so the route can report it. The actual backend (process /
 * server-session) teardown is the pool's job (`agentPool.closeChat` +
 * `backend.closeSession`); this owns the DB + git truth.
 *
 * `worktreeRemoved` is false when other open chats remain (worktree kept) OR when
 * the worktree held work at risk (preflight blocked it — never silently dropped).
 */
 export interface ChatCloseResult {
  agentRowsClosed: number;
  worktreeRemoved: boolean;
  worktreeAtRisk: boolean;
 }
 export async function closeChatBackendState(
  sql: Sql,
  chatId: string,
  opts?: { signal?: AbortSignal; force?: boolean },
 ): Promise<ChatCloseResult> {
  // Resolve the chat's session (and that session's project path) before we touch
  // anything — a deleted chat row leaves agent_sessions/worktrees pointing nowhere.
  const [chatRow] = await sql<{ session_id: string | null }[]>`
    SELECT session_id FROM chats WHERE id = ${chatId}
  `;
  // chat row may already be gone (delete fired first); fall back to agent_sessions'
  // session_id link, which SET NULLs only on session delete, not chat delete.
  let sessionId = chatRow?.session_id ?? null;
  if (!sessionId) {
    const [as] = await sql<{ session_id: string | null }[]>`
      SELECT session_id FROM agent_sessions WHERE chat_id = ${chatId} AND session_id IS NOT NULL LIMIT 1
    `;
    sessionId = as?.session_id ?? null;
  }
  // Mark this chat's (chat,agent) backend rows closed (idempotent).
  const closedRows = await sql<{ agent: string }[]>`
    UPDATE agent_sessions SET status = 'closed'
    WHERE chat_id = ${chatId} AND status <> 'closed'
    RETURNING agent
  `;
  let worktreeRemoved = false;
  let worktreeAtRisk = false;
  if (sessionId) {
    // Other open chats still sharing the session worktree? If so, keep it.
    const openRows = await sql<{ open_count: number }[]>`
      SELECT COUNT(*)::int AS open_count FROM chats
      WHERE session_id = ${sessionId} AND status = 'open' AND id <> ${chatId}
    `;
    const openCount = openRows[0]?.open_count ?? 0;
    if (openCount === 0) {
      const [wt] = await sql<{ id: string; path: string; branch: string | null }[]>`
        SELECT id, path, branch FROM worktrees
        WHERE session_id = ${sessionId} AND status = 'active' LIMIT 1
      `;
      if (wt) {
        const projRows = await sql<{ path: string | null }[]>`
          SELECT p.path FROM sessions s JOIN projects p ON p.id = s.project_id WHERE s.id = ${sessionId}
        `;
        const projectPath = projRows[0]?.path ?? null;
        // Preflight (close-hook semantics): a DELIBERATE chat/session close — the
        // server's session-delete already ran the full work-at-risk gate
        // (dirty/unpushed/unmerged) before calling us, and chat-close discards the
        // tab's staged review intentionally. So here we only block on UNCOMMITTED
        // working-tree changes (`dirty`) — work the user never even staged into the
        // review diff. The session branch's own commits (the diff-staging
        // mechanism) are NOT a block; treating them as "unmerged risk" would make
        // the worktree un-removable on every real session (the orphan reaper keeps
        // the full at-risk gate because it runs unattended). `force` skips this.
        if (!opts?.force) {
          const risk = await checkWorktreeWorkAtRisk(wt.path, opts);
          worktreeAtRisk = risk.dirty || risk.error != null;
        }
        if (projectPath && (opts?.force || !worktreeAtRisk)) {
          await removeSessionWorktree(sql, projectPath, wt, opts);
          worktreeRemoved = true;
        }
      }
    }
  }
  return { agentRowsClosed: closedRows.length, worktreeRemoved, worktreeAtRisk };
 }
 /**
 * v2.6 Phase 3 (3.5): re-baseline a session's worktree diff after a successful
 * `apply_pending`. The applied changes were written to the PROJECT ROOT; the
 * worktree branch still holds the same delta against the ORIGINAL `base_commit`,
 * so the next turn's `diffWorktree(base_commit...worktree-HEAD)` would re-surface
 * the already-applied changes as "pending" — a confusing double-count.
 *
 * Fix: advance the stored `base_commit` to the worktree's CURRENT HEAD (the
 * `diffWorktree` path commits the worktree's accumulated changes before diffing,
 * so HEAD already encodes the applied state). The next turn then diffs against
 * that, surfacing only edits made AFTER the apply. Idempotent: if the worktree has
 * no new commits, the base is unchanged.
 *
 * Diff-baseline-correctness note (design §7): we re-baseline to the worktree's own
 * HEAD, NOT to a moving project HEAD — so an out-of-band edit to the project root
 * after apply doesn't corrupt the baseline. The trade-off is that a manual project
 * edit isn't reflected as "already there"; acceptable, and matches the stored-base
 * (not moving-target) decision in §7.
 */
 export async function rebaselineWorktreeAfterApply(
  sql: Sql,
  sessionId: string,
  opts?: { signal?: AbortSignal },
 ): Promise<{ rebaselined: boolean; newBaseCommit: string | null }> {
  const [wt] = await sql<{ id: string; path: string; base_commit: string | null }[]>`
    SELECT id, path, base_commit FROM worktrees
    WHERE session_id = ${sessionId} AND status = 'active' LIMIT 1
  `;
  if (!wt) return { rebaselined: false, newBaseCommit: null };
  // Make sure the worktree's accumulated edits are committed so HEAD encodes the
  // just-applied state (the diff path normally does this, but apply may run with no
  // prior diff this turn). Commit ONLY when something is staged — NO --allow-empty,
  // so a re-baseline with no new edits doesn't advance HEAD and stays idempotent.
  await hostExec(
    `cd ${shellEscape(wt.path)} && git add -A && ` +
      `git diff --cached --quiet || ` +
      `git -c user.email=boocoder@local -c user.name=BooCoder commit -q -m "rebaseline after apply"`,
    { signal: opts?.signal, timeoutMs: 15_000 },
  ).catch(() => {});
  const headRes = await hostExec(
    `git -C ${shellEscape(wt.path)} rev-parse HEAD`,
    { signal: opts?.signal, timeoutMs: 10_000 },
  ).catch(() => null);
  const newBase = headRes && headRes.exitCode === 0 ? headRes.stdout.trim() || null : null;
  if (!newBase || newBase === wt.base_commit) {
    return { rebaselined: false, newBaseCommit: wt.base_commit };
  }
  await sql`UPDATE worktrees SET base_commit = ${newBase} WHERE id = ${wt.id}`;
  return { rebaselined: true, newBaseCommit: newBase };
 }
 // ─── Session-delete work-loss guard ─────────────────────────────────────────
 /**
--- a/apps/server/package.json
+++ b/apps/server/package.json
@@ -87,7 +87,7 @@
    "@modelcontextprotocol/sdk": "^1.29.0",
    "ai": "^6.0.190",
    "fastify": "^4.28.1",
-    "parse5": "^8.0.1",
+    "node-html-markdown": "^1.3.0",
    "postgres": "^3.4.4",
    "ws": "^8.18.0",
    "zod": "^3.23.8"
@@ -99,5 +99,5 @@
    "typescript": "^5.5.0",
    "vitest": "^3.2.4"
  },
-  "license": "AGPL-3.0-only"
+  "license": "MIT"
 }
--- a/apps/server/src/routes/chats.ts
+++ b/apps/server/src/routes/chats.ts
@@ -4,6 +4,7 @@ import type { Sql } from '../db.js';
 import type { Broker } from '../services/broker.js';
 import type { Chat, Message } from '../types/api.js';
 import { getModelContext } from '../services/model-context.js';
 import { notifyCoderClose } from '../services/coder-notify.js';
 const CreateBody = z.object({
  name: z.string().min(1).max(200).optional(),
@@ -167,6 +168,9 @@ export function registerChatRoutes(
          chat_id: id,
          session_id: req.params.id,
        });
        // Fire-and-forget per archived chat: tear down its warm agent backends
        // on the coder. Best-effort — never blocks/fails the bulk archive.
        void notifyCoderClose('chat', id, req.log);
      }
      return { archived: ids.length, ids };
    }
@@ -208,6 +212,9 @@ export function registerChatRoutes(
        chat_id: row.id,
        session_id: row.session_id,
      });
      // Fire-and-forget: tear down this chat's warm agent backends + (last-chat)
      // worktree on the coder. Best-effort — never blocks/fails the archive.
      void notifyCoderClose('chat', row.id, req.log);
      reply.code(204);
      return null;
    }
@@ -248,6 +255,9 @@ export function registerChatRoutes(
        chat_id: row.id,
        session_id: row.session_id,
      });
      // Fire-and-forget: tear down this chat's warm agent backends + (last-chat)
      // worktree on the coder. Best-effort — never blocks/fails the delete.
      void notifyCoderClose('chat', row.id, req.log);
      reply.code(204);
      return null;
    }
--- a/apps/server/src/routes/sessions.ts
+++ b/apps/server/src/routes/sessions.ts
@@ -5,6 +5,7 @@ import type { Config } from '../config.js';
 import type { Broker } from '../services/broker.js';
 import type { Session, WorktreeRiskReport } from '../types/api.js';
 import { getSetting } from './settings.js';
 import { notifyCoderClose } from '../services/coder-notify.js';
 const CreateBody = z.object({
  name: z.string().min(1).max(200).optional(),
@@ -513,6 +514,10 @@ export function registerSessionRoutes(
      }
      const project_id = deleted[0]!.project_id;
      broker.publishUserFrame('default', { type: 'session_deleted', session_id: id, project_id });
      // Fire-and-forget: ask BooCoder to tear down this session's warm agent
      // backends + worktree immediately. Best-effort — never blocks/fails the
      // delete; the coder's idle-evict + orphan reaper backstop a missed call.
      void notifyCoderClose('session', id, req.log);
      reply.code(204);
      return null;
    }
--- a/apps/server/src/services/tests/coder-notify.test.ts
+++ b/apps/server/src/services/tests/coder-notify.test.ts
@@ -0,0 +1,67 @@
 // v2.6.10 Phase 3 (server wiring) — notifyCoderClose fire-and-forget helper.
 //
 // The guarantee under test: the helper NEVER throws (so it can't break the
 // user's delete/archive path), targets the correct coder URL shape, and folds
 // every failure mode (non-2xx, network error) into a `false` result.
 import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
 import { notifyCoderClose } from '../coder-notify.js';
 const ORIGINAL_BOOCODER_URL = process.env.BOOCODER_URL;
 describe('notifyCoderClose', () => {
  beforeEach(() => {
    delete process.env.BOOCODER_URL;
  });
  afterEach(() => {
    if (ORIGINAL_BOOCODER_URL === undefined) delete process.env.BOOCODER_URL;
    else process.env.BOOCODER_URL = ORIGINAL_BOOCODER_URL;
  });
  it('POSTs the chat close hook at the default coder origin and resolves true on 2xx', async () => {
    const fetcher = vi.fn().mockResolvedValue(new Response(null, { status: 200 }));
    const ok = await notifyCoderClose('chat', 'chat-123', undefined, fetcher as unknown as typeof fetch);
    expect(ok).toBe(true);
    expect(fetcher).toHaveBeenCalledTimes(1);
    const [url, init] = fetcher.mock.calls[0]!;
    expect(url).toBe('http://boocoder:3000/api/chats/chat-123/close');
    expect(init).toEqual({ method: 'POST' });
  });
  it('POSTs the session close hook with the sessions segment', async () => {
    const fetcher = vi.fn().mockResolvedValue(new Response(null, { status: 200 }));
    const ok = await notifyCoderClose('session', 'sess-abc', undefined, fetcher as unknown as typeof fetch);
    expect(ok).toBe(true);
    expect(fetcher.mock.calls[0]![0]).toBe('http://boocoder:3000/api/sessions/sess-abc/close');
  });
  it('honors BOOCODER_URL for the origin', async () => {
    process.env.BOOCODER_URL = 'http://100.114.205.53:9502';
    const fetcher = vi.fn().mockResolvedValue(new Response(null, { status: 200 }));
    await notifyCoderClose('chat', 'c1', undefined, fetcher as unknown as typeof fetch);
    expect(fetcher.mock.calls[0]![0]).toBe('http://100.114.205.53:9502/api/chats/c1/close');
  });
  it('resolves false on a non-2xx response (does not throw)', async () => {
    const fetcher = vi.fn().mockResolvedValue(new Response(null, { status: 500 }));
    const log = { debug: vi.fn() };
    const ok = await notifyCoderClose('chat', 'c1', log, fetcher as unknown as typeof fetch);
    expect(ok).toBe(false);
    expect(log.debug).toHaveBeenCalledTimes(1);
  });
  it('resolves false on a network error (coder unreachable) — never rejects', async () => {
    const fetcher = vi.fn().mockRejectedValue(new Error('ECONNREFUSED'));
    const log = { debug: vi.fn() };
    const ok = await notifyCoderClose('session', 's1', log, fetcher as unknown as typeof fetch);
    expect(ok).toBe(false);
    expect(log.debug).toHaveBeenCalledTimes(1);
  });
  it('does not require a logger', async () => {
    const fetcher = vi.fn().mockRejectedValue(new Error('boom'));
    await expect(
      notifyCoderClose('chat', 'c1', undefined, fetcher as unknown as typeof fetch),
    ).resolves.toBe(false);
  });
 });
--- a/apps/server/src/services/tests/html-to-md.test.ts
+++ b/apps/server/src/services/tests/html-to-md.test.ts
@@ -70,10 +70,16 @@ describe('htmlToMarkdown', () => {
        </tbody>
      </table>`;
    const md = htmlToMarkdown(html);
-    expect(md).toContain('| Name | Age | City |');
+    // node-html-markdown pads columns to align them; assert structure rather
-    expect(md).toContain('| --- | --- | --- |');
+    // than exact spacing. Each cell value and a GFM separator row are present.
-    expect(md).toContain('| Alice | 30 | NYC |');
+    expect(md).toContain('| Name ');
-    expect(md).toContain('| Bob | 25 | LA |');
+    expect(md).toContain('| Age ');
    expect(md).toContain('| City |');
    expect(md).toMatch(/\| -+ \| -+ \| -+ \|/); // separator row
    expect(md).toContain('| Alice ');
    expect(md).toContain('| NYC  |');
    expect(md).toContain('| Bob   ');
    expect(md).toContain('| LA   |');
  });
  it('escapes pipe characters in table cells', () => {
@@ -162,14 +168,17 @@ describe('htmlToMarkdown', () => {
  it('converts br to newline', () => {
    const md = htmlToMarkdown('line one<br>line two');
    // node-html-markdown emits a GFM hard line break (trailing two spaces).
    expect(md).toContain('line one  \nline two');
  });
  it('handles ol with start attribute', () => {
    const html = '<ol start="5"><li>five</li><li>six</li></ol>';
    const md = htmlToMarkdown(html);
-    expect(md).toContain('5. five');
+    // node-html-markdown does not honor the `start` attribute; it always
-    expect(md).toContain('6. six');
+    // renumbers ordered lists from 1. (Old parse5 renderer honored start=.)
    expect(md).toContain('1. five');
    expect(md).toContain('2. six');
  });
  it('collapses excessive blank lines', () => {
@@ -212,9 +221,12 @@ describe('htmlToMarkdown', () => {
    expect(md).toContain('[a link](https://example.com)');
    expect(md).toContain('## Features');
    expect(md).toContain('* Fast');
-    expect(md).toContain('| Metric | Value |');
+    // Table columns are padded to align (node-html-markdown behavior).
-    expect(md).toContain('| --- | --- |');
+    expect(md).toContain('| Metric ');
-    expect(md).toContain('| Uptime | 99.9% |');
+    expect(md).toContain('| Value |');
    expect(md).toMatch(/\| -+ \| -+ \|/); // separator row
    expect(md).toContain('| Uptime ');
    expect(md).toContain('| 99.9% |');
    expect(md).toContain('> This tool is amazing.');
    expect(md).toContain('```js\nconsole.log("hello");\n```');
    expect(md).not.toContain('evil');
--- a/apps/server/src/services/tests/license-mit.test.ts
+++ b/apps/server/src/services/tests/license-mit.test.ts
@@ -0,0 +1,46 @@
 import { describe, expect, it } from 'vitest';
 import { readFileSync } from 'node:fs';
 import { fileURLToPath } from 'node:url';
 import { dirname, resolve } from 'node:path';
 // Guards the AGPL-3.0 -> MIT relicense (openspec license-debt-mit). If any of
 // these fail, AGPL-derived provenance has crept back in.
 const ROOT = resolve(dirname(fileURLToPath(import.meta.url)), '../../../../..');
 describe('license: MIT relicense guard', () => {
  it('LICENSE is MIT (no Affero/AGPL text)', () => {
    const license = readFileSync(resolve(ROOT, 'LICENSE'), 'utf8');
    expect(license).toMatch(/^MIT License/);
    expect(license).not.toMatch(/AFFERO|AGPL/i);
  });
  const PACKAGE_JSONS = [
    'package.json',
    'apps/server/package.json',
    'apps/web/package.json',
    'apps/coder/package.json',
    'apps/booterm/package.json',
  ];
  for (const rel of PACKAGE_JSONS) {
    it(`${rel} declares "license": "MIT"`, () => {
      const pkg = JSON.parse(readFileSync(resolve(ROOT, rel), 'utf8')) as { license?: string };
      expect(pkg.license).toBe('MIT');
    });
  }
  // The three files that were ported from Unsloth Studio (AGPL-3.0-only) and
  // cleared in this batch — they must carry no AGPL/Unsloth provenance.
  const FORMERLY_AGPL = [
    'apps/server/src/services/inference/tool-call-parser.ts',
    'apps/server/src/services/web/html-to-md.ts',
    'apps/server/src/services/inference/llama-args-validator.ts',
  ];
  for (const rel of FORMERLY_AGPL) {
    it(`${rel} carries no AGPL / Unsloth provenance`, () => {
      const src = readFileSync(resolve(ROOT, rel), 'utf8');
      expect(src).not.toMatch(/AGPL/);
      expect(src).not.toMatch(/SPDX-License-Identifier:\s*AGPL/);
      expect(src).not.toMatch(/Unsloth/i);
    });
  }
 });
--- a/apps/server/src/services/tests/tool-call-parser.test.ts
+++ b/apps/server/src/services/tests/tool-call-parser.test.ts
@@ -4,18 +4,11 @@ import {
  parseInvokeToolCall,
  partialXmlOpenerStart,
  extractToolCallBlocks,
  parseToolCallsFromText,
  stripToolMarkup,
  hasToolSignal,
  XML_TOOL_OPEN,
  XML_TOOL_CLOSE,
  INVOKE_TOOL_OPEN,
  INVOKE_TOOL_CLOSE,
  TOOL_XML_SIGNALS,
  BUDGET_EXHAUSTED_NUDGE,
  DUPLICATE_CALL_NUDGE,
  TOOL_ERROR_NUDGE,
  TOOL_ERROR_PREFIXES,
 } from '../inference/tool-call-parser.js';
 // ── Ported from xml-parser.test.ts ───────────────────────────────────────
@@ -301,38 +294,6 @@ describe('extractToolCallBlocks (v1.13.16 — unified extraction)', () => {
  });
 });
 // ── New tests: Unsloth-ported functions ──────────────────────────────────
 describe('hasToolSignal', () => {
  it('returns true for <tool_call>', () => {
    expect(hasToolSignal('prefix <tool_call> suffix')).toBe(true);
  });
  it('returns true for <function=', () => {
    expect(hasToolSignal('prefix <function=view_file> suffix')).toBe(true);
  });
  it('returns true for <invoke', () => {
    expect(hasToolSignal('prefix <invoke name="x"> suffix')).toBe(true);
  });
  it('returns false for near-miss <tool>', () => {
    expect(hasToolSignal('prefix <tool> suffix')).toBe(false);
  });
  it('returns false for near-miss <function>', () => {
    expect(hasToolSignal('prefix <function> suffix')).toBe(false);
  });
  it('returns false for near-miss <tool_call_thing>', () => {
    expect(hasToolSignal('<tool_call_thing>')).toBe(false);
  });
  it('returns false for plain text', () => {
    expect(hasToolSignal('just some text')).toBe(false);
  });
 });
 describe('stripToolMarkup', () => {
  it('strips closed <tool_call> blocks', () => {
    const input = 'before <tool_call>{"name":"x"}</tool_call> after';
@@ -380,166 +341,11 @@ describe('stripToolMarkup', () => {
  });
 });
-describe('parseToolCallsFromText', () => {
+describe('delimiter constants', () => {
-  describe('pattern 1: <tool_call>{json}</tool_call>', () => {
+  it('exports the expected delimiters', () => {
-    it('parses a well-formed JSON tool call', () => {
+    expect(INVOKE_TOOL_OPEN).toBe('<invoke');
-      const input = '<tool_call>{"name":"web_search","arguments":{"query":"hello"}}</tool_call>';
+    expect(INVOKE_TOOL_CLOSE).toBe('</invoke>');
-      const calls = parseToolCallsFromText(input);
+    expect(XML_TOOL_OPEN).toBe('<tool_call>');
-      expect(calls).toHaveLength(1);
+    expect(XML_TOOL_CLOSE).toBe('</tool_call>');
      expect(calls[0]!.id).toBe('call_0');
      expect(calls[0]!.type).toBe('function');
      expect(calls[0]!.function.name).toBe('web_search');
      expect(JSON.parse(calls[0]!.function.arguments)).toEqual({ query: 'hello' });
    });
    it('handles string arguments field', () => {
      const input = '<tool_call>{"name":"x","arguments":"already a string"}</tool_call>';
      const calls = parseToolCallsFromText(input);
      expect(calls[0]!.function.arguments).toBe('already a string');
    });
    it('handles balanced braces inside JSON strings', () => {
      const input = '<tool_call>{"name":"x","arguments":{"q":"} { extra "}}</tool_call>';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      const parsed = JSON.parse(calls[0]!.function.arguments);
      expect(parsed.q).toBe('} { extra ');
    });
    it('respects idOffset', () => {
      const input = '<tool_call>{"name":"a","arguments":{}}</tool_call>';
      const calls = parseToolCallsFromText(input, { idOffset: 5 });
      expect(calls[0]!.id).toBe('call_5');
    });
    it('parses multiple JSON tool calls', () => {
      const input =
        '<tool_call>{"name":"a","arguments":{}}</tool_call>' +
        '<tool_call>{"name":"b","arguments":{}}</tool_call>';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(2);
      expect(calls[0]!.id).toBe('call_0');
      expect(calls[1]!.id).toBe('call_1');
    });
    it('skips malformed JSON', () => {
      const input = '<tool_call>{not json}</tool_call>';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(0);
    });
    it('handles missing closing tag', () => {
      const input = '<tool_call>{"name":"x","arguments":{"q":"hello"}}';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      expect(calls[0]!.function.name).toBe('x');
    });
  });
  describe('pattern 2: <function=name><parameter=key>value', () => {
    it('parses a single-parameter function call', () => {
      const input = '<function=view_file><parameter=path>/tmp/foo</parameter></function>';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      expect(calls[0]!.function.name).toBe('view_file');
      expect(JSON.parse(calls[0]!.function.arguments)).toEqual({ path: '/tmp/foo' });
    });
    it('single-param fast path preserves embedded </parameter>', () => {
      const input = '<function=run_bash><parameter=command>echo "</parameter>"</parameter></function>';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      expect(JSON.parse(calls[0]!.function.arguments).command).toBe('echo "</parameter>"');
    });
    it('multi-param: value of first stops at start of second', () => {
      const input = '<function=grep><parameter=pattern>foo</parameter><parameter=path>src/</parameter></function>';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      const args = JSON.parse(calls[0]!.function.arguments);
      expect(args.pattern).toBe('foo');
      expect(args.path).toBe('src/');
    });
    it('tolerates missing closing tags', () => {
      const input = '<function=view_file><parameter=path>/tmp/foo';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      expect(calls[0]!.function.name).toBe('view_file');
      expect(JSON.parse(calls[0]!.function.arguments)).toEqual({ path: '/tmp/foo' });
    });
    it('does not fire when pattern 1 found results', () => {
      const input = '<tool_call>{"name":"a","arguments":{}}</tool_call><function=b><parameter=x>y</parameter></function>';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      expect(calls[0]!.function.name).toBe('a');
    });
  });
  describe('pattern 3: <invoke name="..."><parameter name="...">value (Anthropic)', () => {
    it('parses a single-parameter invoke call', () => {
      const input = '<invoke name="view_file"><parameter name="path">/tmp/foo</parameter></invoke>';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      expect(calls[0]!.function.name).toBe('view_file');
      expect(JSON.parse(calls[0]!.function.arguments)).toEqual({ path: '/tmp/foo' });
    });
    it('parses multi-parameter invoke call', () => {
      const input = '<invoke name="grep"><parameter name="pattern">foo</parameter><parameter name="path">src/</parameter></invoke>';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      const args = JSON.parse(calls[0]!.function.arguments);
      expect(args.pattern).toBe('foo');
      expect(args.path).toBe('src/');
    });
    it('does not fire when pattern 1 found results', () => {
      const input = '<tool_call>{"name":"a","arguments":{}}</tool_call><invoke name="b"><parameter name="x">y</parameter></invoke>';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      expect(calls[0]!.function.name).toBe('a');
    });
    it('does not fire when pattern 2 found results', () => {
      const input = '<function=a><parameter=x>y</parameter></function><invoke name="b"><parameter name="x">y</parameter></invoke>';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      expect(calls[0]!.function.name).toBe('a');
    });
    it('tolerates missing closing tags', () => {
      const input = '<invoke name="view_file"><parameter name="path">/tmp/foo';
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      expect(JSON.parse(calls[0]!.function.arguments)).toEqual({ path: '/tmp/foo' });
    });
    it('supports single-quoted attributes', () => {
      const input = "<invoke name='view_file'><parameter name='path'>/tmp/foo</parameter></invoke>";
      const calls = parseToolCallsFromText(input);
      expect(calls).toHaveLength(1);
      expect(calls[0]!.function.name).toBe('view_file');
    });
  });
 });
 describe('constants', () => {
  it('TOOL_XML_SIGNALS includes all three signal prefixes', () => {
    expect(TOOL_XML_SIGNALS).toContain('<tool_call>');
    expect(TOOL_XML_SIGNALS).toContain('<function=');
    expect(TOOL_XML_SIGNALS).toContain('<invoke');
  });
  it('nudge constants are non-empty strings', () => {
    expect(BUDGET_EXHAUSTED_NUDGE.length).toBeGreaterThan(0);
    expect(DUPLICATE_CALL_NUDGE.length).toBeGreaterThan(0);
    expect(TOOL_ERROR_NUDGE.length).toBeGreaterThan(0);
  });
  it('TOOL_ERROR_PREFIXES is a non-empty tuple', () => {
    expect(TOOL_ERROR_PREFIXES.length).toBeGreaterThan(0);
    expect(TOOL_ERROR_PREFIXES).toContain('Error');
  });
 });
--- a/apps/server/src/services/coder-notify.ts
+++ b/apps/server/src/services/coder-notify.ts
@@ -0,0 +1,64 @@
 // v2.6.10 Phase 3 (server wiring) — fire-and-forget BooCoder close hooks.
 //
 // BooCoder (apps/coder, host systemd) added close hooks in
 // apps/coder/src/routes/lifecycle.ts:
 //   POST /api/chats/:chatId/close      — evict the chat's warm (chat,agent)
 //                                        backends, close its opencode session,
 //                                        mark agent_sessions closed, and remove
 //                                        the shared worktree on the last chat.
 //   POST /api/sessions/:sessionId/close — loop the chat-close path for every
 //                                        chat in the session.
 //
 // apps/server (Docker) can't see the host worktree dirs or reach the warm agent
 // processes, so — exactly like the existing `worktree-risk` guard in
 // routes/sessions.ts — it signals the coder over HTTP and the coder does the
 // real teardown. This call is BEST-EFFORT: the coder's idle-pool eviction and
 // the orphan-worktree reaper backstop a missed/failed call. It MUST NEVER block
 // or fail the user's delete/archive — hence fire-and-forget with a swallowed
 // catch. We do not await the returned promise at the call sites.
 import type { FastifyBaseLogger } from 'fastify';
 export type CoderCloseKind = 'chat' | 'session';
 function coderOrigin(): string {
  // Same env + default as routes/sessions.ts' worktree-risk fetch.
  return process.env.BOOCODER_URL ?? 'http://boocoder:3000';
 }
 /**
 * Fire-and-forget POST to the BooCoder close hook for a chat or session.
 *
 * Resolves to `true` if the coder acknowledged (HTTP 2xx), `false` otherwise
 * (non-2xx or network error). Callers SHOULD NOT await this — invoke it and
 * move on. The returned promise never rejects: every failure path is caught,
 * logged at debug, and folded into a `false` result so an unreachable or
 * erroring coder can't surface to the user's delete/archive request.
 */
 export async function notifyCoderClose(
  kind: CoderCloseKind,
  id: string,
  log?: Pick<FastifyBaseLogger, 'debug'>,
  fetcher: typeof fetch = fetch,
 ): Promise<boolean> {
  const segment = kind === 'chat' ? 'chats' : 'sessions';
  const url = `${coderOrigin()}/api/${segment}/${id}/close`;
  try {
    const res = await fetcher(url, { method: 'POST' });
    if (!res.ok) {
      log?.debug(
        { kind, id, status: res.status },
        'coder close hook returned non-2xx (best-effort; reaper backstops)',
      );
      return false;
    }
    log?.debug({ kind, id }, 'coder close hook acknowledged');
    return true;
  } catch (err) {
    log?.debug(
      { kind, id, err: err instanceof Error ? err.message : String(err) },
      'coder close hook unreachable (best-effort; reaper backstops)',
    );
    return false;
  }
 }
--- a/apps/server/src/services/inference/llama-args-validator.ts
+++ b/apps/server/src/services/inference/llama-args-validator.ts
@@ -1,80 +1,139 @@
-// SPDX-License-Identifier: AGPL-3.0-only
+// Guards against agent-supplied llama-server CLI flags that would clash with
-// Copyright 2026-present the Unsloth AI Inc. team. All rights reserved.
+// values BooCode sets itself. Two concerns live here:
-// Ported from studio/backend/core/inference/llama_server_args.py.
+//
-// Original: https://github.com/unslothai/unsloth/blob/main/studio/backend/core/inference/llama_server_args.py
+//   1. A hard denylist of flags that BooCode owns outright (model selection,
 //      the listening socket, credentials, the bundled web UI). Passing any of
 //      these is a configuration error and is rejected loudly.
 //
 //   2. A "shadowing" set of flags that are legal to pass but, because of
 //      llama.cpp's last-wins argument parsing, would override a first-class
 //      BooCode setting. These are silently removed from the auto-generated
 //      argv so the agent's explicit choice takes precedence without leaving a
 //      duplicate flag behind.
 //
 // All flag spellings below are the public llama-server option names (short and
 // long aliases) documented in its --help output.
-// Each group is the full set of aliases (short + long) for one hard-denied
+// --- Hard denylist -------------------------------------------------------
-// flag, taken from the llama-server README. Flags NOT in this list pass
+
-// through and override auto-set values via llama.cpp's last-wins CLI parsing.
+// Authored as named buckets purely for readability; every alias is folded
-const DENYLIST_GROUPS: ReadonlyArray<ReadonlySet<string>> = [
+// into one flat lookup set at module load. Each inner array enumerates the
-  // Model identity
+// short + long spellings that select the same underlying option.
-  new Set(['-m', '--model']),
+const MODEL_SOURCE_FLAGS = [
-  new Set(['-mu', '--model-url']),
+  ['-m', '--model'],
-  new Set(['-dr', '--docker-repo']),
+  ['-mu', '--model-url'],
-  new Set(['-hf', '-hfr', '--hf-repo']),
+  ['-dr', '--docker-repo'],
-  new Set(['-hff', '--hf-file']),
+  ['-hf', '-hfr', '--hf-repo'],
-  new Set(['-hfv', '-hfrv', '--hf-repo-v']),
+  ['-hff', '--hf-file'],
-  new Set(['-hffv', '--hf-file-v']),
+  ['-hfv', '-hfrv', '--hf-repo-v'],
-  new Set(['-hft', '--hf-token']),
+  ['-hffv', '--hf-file-v'],
-  new Set(['-mm', '--mmproj']),
+  ['-hft', '--hf-token'],
-  new Set(['-mmu', '--mmproj-url']),
+  ['-mm', '--mmproj'],
-  // Networking
+  ['-mmu', '--mmproj-url'],
  new Set(['--host']),
  new Set(['--port']),
  new Set(['--path']),
  new Set(['--api-prefix']),
  new Set(['--reuse-port']),
  // Auth / TLS
  new Set(['--api-key']),
  new Set(['--api-key-file']),
  new Set(['--ssl-key-file']),
  new Set(['--ssl-cert-file']),
  // Single-model server / UI
  new Set(['--webui', '--no-webui']),
  new Set(['--ui', '--no-ui']),
  new Set(['--ui-config']),
  new Set(['--ui-config-file']),
  new Set(['--ui-mcp-proxy', '--no-ui-mcp-proxy']),
  new Set(['--models-dir']),
  new Set(['--models-preset']),
  new Set(['--models-max']),
  new Set(['--models-autoload', '--no-models-autoload']),
 ];
-const DENYLIST: ReadonlySet<string> = new Set(
+const LISTEN_FLAGS = [
-  DENYLIST_GROUPS.flatMap((g) => [...g]),
+  ['--host'],
  ['--port'],
  ['--path'],
  ['--api-prefix'],
  ['--reuse-port'],
 ];
 const CREDENTIAL_FLAGS = [
  ['--api-key'],
  ['--api-key-file'],
  ['--ssl-key-file'],
  ['--ssl-cert-file'],
 ];
 const WEBUI_FLAGS = [
  ['--webui', '--no-webui'],
  ['--ui', '--no-ui'],
  ['--ui-config'],
  ['--ui-config-file'],
  ['--ui-mcp-proxy', '--no-ui-mcp-proxy'],
  ['--models-dir'],
  ['--models-preset'],
  ['--models-max'],
  ['--models-autoload', '--no-models-autoload'],
 ];
 const MANAGED_FLAGS: ReadonlySet<string> = new Set(
  [
    ...MODEL_SOURCE_FLAGS,
    ...LISTEN_FLAGS,
    ...CREDENTIAL_FLAGS,
    ...WEBUI_FLAGS,
  ].flat(),
 );
-function flagName(token: string): string | null {
+// --- Token parsing -------------------------------------------------------
-  if (!token.startsWith('-') || token === '-' || token === '--') return null;
+
-  if (token.length >= 2 && (token[1]!.match(/\d/) || token[1] === '.')) return null;
+const DIGIT = /^[0-9]$/;
-  return token.split('=', 1)[0]!;
+
 /**
 * Extract the flag name from a single argv token, or `null` when the token is
 * not a flag.
 *
 * A token is treated as a flag only when it begins with `-` and the character
 * after the leading dash is neither a digit nor a decimal point — that rule
 * keeps negative numeric values such as `-1` or `-0.5` from being mistaken for
 * options. A bare `-` or `--` is not a flag either. The returned name is the
 * portion before any `=`, so `--ctx-size=4096` yields `--ctx-size`.
 */
 function parseFlag(token: string): string | null {
  if (!token.startsWith('-')) return null;
  if (token === '-' || token === '--') return null;
  const second = token[1]!;
  if (DIGIT.test(second) || second === '.') return null;
  const eq = token.indexOf('=');
  return eq === -1 ? token : token.slice(0, eq);
 }
 // --- Public API ----------------------------------------------------------
 /**
 * Validate a sequence of extra llama-server args, rejecting any that name a
 * BooCode-managed flag. Returns the args materialised as a string[] when they
 * all pass.
 */
 export function validateExtraArgs(args?: Iterable<string>): string[] {
-  if (!args) return [];
+  const result: string[] = [];
-  const out: string[] = [];
+  if (!args) return result;
-  for (const raw of args) {
+
-    const token = String(raw);
+  for (const entry of args) {
-    const flag = flagName(token);
+    const token = String(entry);
-    if (flag !== null && DENYLIST.has(flag)) {
+    const flag = parseFlag(token);
    if (flag !== null && MANAGED_FLAGS.has(flag)) {
      throw new Error(
        `llama-server flag '${flag}' is managed and cannot be passed as an extra arg`,
      );
    }
-    out.push(token);
+    result.push(token);
  }
  return out;
  }
  return result;
 }
 /** True when `flag` is a BooCode-managed flag that callers may not override. */
 export function isManagedFlag(flag: string): boolean {
-  return DENYLIST.has(flag);
+  return MANAGED_FLAGS.has(flag);
 }
-// Shadowing flag groups: pass-through flags that shadow first-class settings.
+// --- Shadowing flags -----------------------------------------------------
-const CONTEXT_FLAGS = new Set(['-c', '--ctx-size']);
+
-const CACHE_FLAGS = new Set(['-ctk', '--cache-type-k', '-ctv', '--cache-type-v']);
+// Flags below are legal for an agent to pass, but each shadows a setting
-const SPEC_FLAGS = new Set([
+// BooCode applies itself. They are categorised so a caller can opt out of
 // stripping any one category.
 const SHADOW_CONTEXT = ['-c', '--ctx-size'];
 const SHADOW_CACHE = ['-ctk', '--cache-type-k', '-ctv', '--cache-type-v'];
 const SHADOW_SPEC = [
  '--spec-default',
  '--spec-type',
  '--spec-ngram-size-n',
@@ -88,17 +147,22 @@ const SPEC_FLAGS = new Set([
  '--spec-ngram-mod-n-match',
  '--spec-ngram-mod-n-min',
  '--spec-ngram-mod-n-max',
-]);
+];
-const TEMPLATE_FLAGS = new Set([
+
 const SHADOW_TEMPLATE = [
  '--chat-template',
  '--chat-template-file',
  '--chat-template-kwargs',
  '--jinja',
  '--no-jinja',
-]);
+];
-const BOOLEAN_SHADOWING_FLAGS = new Set([
+// Shadowing flags that take no value — a boolean switch — so the stripper must
-  '--spec-default', '--jinja', '--no-jinja',
+// not also drop the following token.
 const VALUELESS_SHADOW_FLAGS: ReadonlySet<string> = new Set([
  '--spec-default',
  '--jinja',
  '--no-jinja',
 ]);
 export interface StripOptions {
@@ -108,35 +172,49 @@ export interface StripOptions {
  stripTemplate?: boolean;
 }
 /**
 * Remove shadowing flags (and their values) from an argv sequence.
 *
 * Each category is stripped by default; pass the matching `strip*: false`
 * option to retain that category. When a stripped flag carries its value as a
 * separate following token (e.g. `-c 4096`), that token is removed too; the
 * `--flag=value` and boolean-switch forms consume only the single token.
 */
 export function stripShadowingFlags(
  args: Iterable<string>,
  opts?: StripOptions,
 ): string[] {
-  const shadowing = new Set<string>();
+  const targets = new Set<string>();
-  if (opts?.stripContext !== false) for (const f of CONTEXT_FLAGS) shadowing.add(f);
+  if (opts?.stripContext !== false) for (const f of SHADOW_CONTEXT) targets.add(f);
-  if (opts?.stripCache !== false) for (const f of CACHE_FLAGS) shadowing.add(f);
+  if (opts?.stripCache !== false) for (const f of SHADOW_CACHE) targets.add(f);
-  if (opts?.stripSpec !== false) for (const f of SPEC_FLAGS) shadowing.add(f);
+  if (opts?.stripSpec !== false) for (const f of SHADOW_SPEC) targets.add(f);
-  if (opts?.stripTemplate !== false) for (const f of TEMPLATE_FLAGS) shadowing.add(f);
+  if (opts?.stripTemplate !== false) for (const f of SHADOW_TEMPLATE) targets.add(f);
-  const tokens = [...args].map(String);
+  const tokens = Array.from(args, String);
-  const out: string[] = [];
+  const kept: string[] = [];
-  let i = 0;
+
-  const n = tokens.length;
+  for (let i = 0; i < tokens.length; i++) {
-  while (i < n) {
+    const token = tokens[i]!;
-    const tok = tokens[i]!;
+    const flag = parseFlag(token);
-    const flag = flagName(tok);
+
-    if (flag === null || !shadowing.has(flag)) {
+    // Not a targeted shadow flag — keep it verbatim.
-      out.push(tok);
+    if (flag === null || !targets.has(flag)) {
-      i++;
+      kept.push(token);
      continue;
    }
-    if (BOOLEAN_SHADOWING_FLAGS.has(flag) || tok.includes('=')) {
+
-      i++;
+    // Targeted: drop it. Decide whether the next token is its value and should
-    } else if (i + 1 < n && flagName(tokens[i + 1]!) === null) {
+    // be dropped along with it. Boolean switches and the inline `=value` form
-      i += 2;
+    // carry no separate value token.
-    } else {
+    const carriesInlineValue = token.includes('=');
-      i++;
+    const isBoolean = VALUELESS_SHADOW_FLAGS.has(flag);
    const next = tokens[i + 1];
    const nextIsValue = next !== undefined && parseFlag(next) === null;
    if (!isBoolean && !carriesInlineValue && nextIsValue) {
      i++; // also skip the value token
    }
  }
-  return out;
+
  return kept;
 }
--- a/apps/server/src/services/inference/tool-call-parser.ts
+++ b/apps/server/src/services/inference/tool-call-parser.ts
@@ -1,7 +1,7 @@
-// SPDX-License-Identifier: AGPL-3.0-only
+// Streaming tool-call extraction for the qwen3.6 XML fallback path.
-// Copyright 2026-present the Unsloth AI Inc. team. All rights reserved.
+// `extractToolCallBlocks` is the incremental streaming scanner used by
-// Ported from studio/backend/core/inference/tool_call_parser.py.
+// stream-phase.ts; `stripToolMarkup` removes tool-call wire markup from
-// Original: https://github.com/unslothai/unsloth/blob/main/studio/backend/core/inference/tool_call_parser.py
+// assistant prose (used by tool-phase.ts and error-handler.ts).
 // ── Constants ────────────────────────────────────────────────────────────
@@ -10,34 +10,6 @@ export const XML_TOOL_CLOSE = '</tool_call>';
 export const INVOKE_TOOL_OPEN = '<invoke';
 export const INVOKE_TOOL_CLOSE = '</invoke>';
 export const TOOL_XML_SIGNALS = [XML_TOOL_OPEN, '<function=', INVOKE_TOOL_OPEN] as const;
 export const TOOL_ERROR_PREFIXES = [
  'Error',
  'Search failed',
  'Execution error',
  'Blocked:',
  'Exit code',
  'Failed to fetch',
  'Failed to resolve',
  'No query provided',
 ] as const;
 export const DUPLICATE_CALL_NUDGE =
  'You already made this exact call. Do not repeat the same tool ' +
  'call. Try a different approach: fetch a URL from previous ' +
  'results, use Python to process data you already have, or ' +
  'provide your final answer now.';
 export const TOOL_ERROR_NUDGE =
  '\n\nThe tool call encountered an issue. Please try a different ' +
  'approach or rephrase your request.';
 export const BUDGET_EXHAUSTED_NUDGE =
  'You have used all available tool calls. Based on everything you ' +
  'have found so far, provide your final answer now. Do not call ' +
  'any more tools.';
 // ── Strip patterns ───────────────────────────────────────────────────────
 const TOOL_CLOSED_PATS = [
@@ -53,7 +25,7 @@ const TOOL_ALL_PATS = [
  /<invoke\s[^>]*>.*$/gs,
 ];
-// ── Strip / signal ───────────────────────────────────────────────────────
+// ── Strip ────────────────────────────────────────────────────────────────
 export function stripToolMarkup(text: string, opts?: { final?: boolean }): string {
  const pats = opts?.final ? TOOL_ALL_PATS : TOOL_CLOSED_PATS;
@@ -63,206 +35,6 @@ export function stripToolMarkup(text: string, opts?: { final?: boolean }): strin
  return opts?.final ? text.trim() : text;
 }
 export function hasToolSignal(text: string): boolean {
  return TOOL_XML_SIGNALS.some((s) => text.includes(s));
 }
 // ── parseToolCallsFromText (Unsloth port + Anthropic extension) ──────────
 export interface OpenAiToolCall {
  id: string;
  type: 'function';
  function: { name: string; arguments: string };
 }
 const TC_JSON_START_RE = /<tool_call>\s*\{/g;
 const TC_FUNC_START_RE = /<function=(\w+)>\s*/g;
 const TC_END_TAG_RE = /<\/tool_call>/;
 const TC_FUNC_CLOSE_RE = /\s*<\/function>\s*$/;
 const TC_PARAM_START_RE = /<parameter=(\w+)>\s*/g;
 const TC_PARAM_CLOSE_RE = /\s*<\/parameter>\s*$/;
 const TC_INVOKE_START_RE = /<invoke\s+name\s*=\s*(?:"([^"]*)"|'([^']*)')\s*>/g;
 const TC_INVOKE_CLOSE_RE = /\s*<\/invoke>\s*$/;
 const TC_INVOKE_PARAM_RE = /<parameter\s+name\s*=\s*(?:"([^"]*)"|'([^']*)')\s*>/g;
 const TC_INVOKE_PARAM_CLOSE_RE = /\s*<\/parameter>\s*$/;
 function scanBalancedBraces(content: string, start: number): number {
  let depth = 0;
  let i = start;
  let inString = false;
  while (i < content.length) {
    const ch = content[i]!;
    if (inString) {
      if (ch === '\\' && i + 1 < content.length) {
        i += 2;
        continue;
      }
      if (ch === '"') inString = false;
    } else if (ch === '"') {
      inString = true;
    } else if (ch === '{') {
      depth++;
    } else if (ch === '}') {
      depth--;
      if (depth === 0) return i;
    }
    i++;
  }
  return -1;
 }
 export function parseToolCallsFromText(
  content: string,
  opts?: { idOffset?: number },
 ): OpenAiToolCall[] {
  const toolCalls: OpenAiToolCall[] = [];
  const idOffset = opts?.idOffset ?? 0;
  // Pattern 1: <tool_call>{json}</tool_call> -- balanced-brace JSON scanner.
  // Skips braces inside JSON strings so nested objects parse correctly.
  TC_JSON_START_RE.lastIndex = 0;
  let m: RegExpExecArray | null;
  while ((m = TC_JSON_START_RE.exec(content)) !== null) {
    const braceStart = m.index + m[0].length - 1;
    const braceEnd = scanBalancedBraces(content, braceStart);
    if (braceEnd === -1) continue;
    const jsonStr = content.slice(braceStart, braceEnd + 1);
    try {
      const obj = JSON.parse(jsonStr) as Record<string, unknown>;
      const name = typeof obj.name === 'string' ? obj.name : '';
      let args: string;
      const rawArgs = obj.arguments ?? {};
      if (typeof rawArgs === 'string') {
        args = rawArgs;
      } else {
        args = JSON.stringify(rawArgs);
      }
      toolCalls.push({
        id: `call_${idOffset + toolCalls.length}`,
        type: 'function',
        function: { name, arguments: args },
      });
    } catch {
      // malformed JSON -- skip
    }
  }
  // Pattern 2: <function=name><parameter=key>value -- closing tags optional.
  // Body boundary uses </tool_call> or next <function= (not </function>,
  // because code parameter values can contain that literal).
  if (toolCalls.length === 0) {
    TC_FUNC_START_RE.lastIndex = 0;
    const funcStarts: Array<{ match: RegExpExecArray; name: string }> = [];
    while ((m = TC_FUNC_START_RE.exec(content)) !== null) {
      funcStarts.push({ match: m, name: m[1]! });
    }
    for (let idx = 0; idx < funcStarts.length; idx++) {
      const { match: fm, name: funcName } = funcStarts[idx]!;
      const bodyStart = fm.index + fm[0].length;
      const nextFunc = idx + 1 < funcStarts.length
        ? funcStarts[idx + 1]!.match.index
        : content.length;
      const endTag = TC_END_TAG_RE.exec(content.slice(bodyStart));
      let bodyEnd = endTag ? bodyStart + endTag.index : content.length;
      bodyEnd = Math.min(bodyEnd, nextFunc);
      let body = content.slice(bodyStart, bodyEnd);
      body = body.replace(TC_FUNC_CLOSE_RE, '');
      const args: Record<string, string> = {};
      TC_PARAM_START_RE.lastIndex = 0;
      const paramStarts: Array<{ match: RegExpExecArray; name: string }> = [];
      let pm: RegExpExecArray | null;
      while ((pm = TC_PARAM_START_RE.exec(body)) !== null) {
        paramStarts.push({ match: pm, name: pm[1]! });
      }
      if (paramStarts.length === 1) {
        // Single param: take everything to body end so embedded
        // </parameter> in code strings is preserved.
        const p = paramStarts[0]!;
        let val = body.slice(p.match.index + p.match[0].length);
        val = val.replace(TC_PARAM_CLOSE_RE, '');
        args[p.name] = val.trim();
      } else {
        for (let pidx = 0; pidx < paramStarts.length; pidx++) {
          const p = paramStarts[pidx]!;
          const valStart = p.match.index + p.match[0].length;
          const nextParam = pidx + 1 < paramStarts.length
            ? paramStarts[pidx + 1]!.match.index
            : body.length;
          let val = body.slice(valStart, nextParam);
          val = val.replace(TC_PARAM_CLOSE_RE, '');
          args[p.name] = val.trim();
        }
      }
      toolCalls.push({
        id: `call_${idOffset + toolCalls.length}`,
        type: 'function',
        function: { name: funcName, arguments: JSON.stringify(args) },
      });
    }
  }
  // Pattern 3: <invoke name="..."><parameter name="...">value -- Anthropic
  // shape that qwen3.6 drifts to from Claude Code documentation residue.
  // Closing tags optional; same single-param fast path as pattern 2.
  if (toolCalls.length === 0) {
    TC_INVOKE_START_RE.lastIndex = 0;
    const invokeStarts: Array<{ match: RegExpExecArray; name: string }> = [];
    while ((m = TC_INVOKE_START_RE.exec(content)) !== null) {
      const name = (m[1] ?? m[2] ?? '').trim();
      if (name) invokeStarts.push({ match: m, name });
    }
    for (let idx = 0; idx < invokeStarts.length; idx++) {
      const { match: im, name: invokeName } = invokeStarts[idx]!;
      const bodyStart = im.index + im[0].length;
      const nextInvoke = idx + 1 < invokeStarts.length
        ? invokeStarts[idx + 1]!.match.index
        : content.length;
      const closeTag = content.slice(bodyStart).match(/<\/invoke>/);
      let bodyEnd = closeTag ? bodyStart + (closeTag.index ?? 0) : content.length;
      bodyEnd = Math.min(bodyEnd, nextInvoke);
      let body = content.slice(bodyStart, bodyEnd);
      body = body.replace(TC_INVOKE_CLOSE_RE, '');
      const args: Record<string, string> = {};
      TC_INVOKE_PARAM_RE.lastIndex = 0;
      const paramStarts: Array<{ match: RegExpExecArray; name: string }> = [];
      let pm: RegExpExecArray | null;
      while ((pm = TC_INVOKE_PARAM_RE.exec(body)) !== null) {
        const pname = (pm[1] ?? pm[2] ?? '').trim();
        if (pname) paramStarts.push({ match: pm, name: pname });
      }
      if (paramStarts.length === 1) {
        const p = paramStarts[0]!;
        let val = body.slice(p.match.index + p.match[0].length);
        val = val.replace(TC_INVOKE_PARAM_CLOSE_RE, '');
        args[p.name] = val.trim();
      } else {
        for (let pidx = 0; pidx < paramStarts.length; pidx++) {
          const p = paramStarts[pidx]!;
          const valStart = p.match.index + p.match[0].length;
          const nextParam = pidx + 1 < paramStarts.length
            ? paramStarts[pidx + 1]!.match.index
            : body.length;
          let val = body.slice(valStart, nextParam);
          val = val.replace(TC_INVOKE_PARAM_CLOSE_RE, '');
          args[p.name] = val.trim();
        }
      }
      toolCalls.push({
        id: `call_${idOffset + toolCalls.length}`,
        type: 'function',
        function: { name: invokeName, arguments: JSON.stringify(args) },
      });
    }
  }
  return toolCalls;
 }
 // ── BooCode streaming helpers ────────────────────────────────────────────
 export interface ParsedCall {
--- a/apps/server/src/services/web/html-to-md.ts
+++ b/apps/server/src/services/web/html-to-md.ts
@@ -1,347 +1,24 @@
-// SPDX-License-Identifier: AGPL-3.0-only
+import { NodeHtmlMarkdown } from 'node-html-markdown';
 // Copyright 2026-present the Unsloth AI Inc. team. All rights reserved.
 // Ported from studio/backend/core/inference/_html_to_md.py.
 // Original: https://github.com/unslothai/unsloth/blob/main/studio/backend/core/inference/_html_to_md.py
-import { parse, type DefaultTreeAdapterTypes } from 'parse5';
+// MIT-licensed HTML→Markdown rendering for the web_fetch tool. Output feeds an
-
+// LLM, so structural fidelity matters more than exact whitespace.
-type Document = DefaultTreeAdapterTypes.Document;
+const OPTIONS = {
-type ChildNode = DefaultTreeAdapterTypes.ChildNode;
+  // GFM-style emphasis markers (matches what most models expect).
-type Element = DefaultTreeAdapterTypes.Element;
+  emDelimiter: '*',
-type TextNode = DefaultTreeAdapterTypes.TextNode;
+  strongDelimiter: '**',
-
+  bulletMarker: '*',
-const SKIP_TAGS = new Set([
+  codeFence: '```',
-  'script', 'style', 'head', 'noscript', 'svg', 'math', 'nav', 'footer',
+  codeBlockStyle: 'fenced' as const,
-]);
+  // Always use []() syntax for links rather than <url> autolinks.
-
+  useInlineLinks: false,
-const BLOCK_TAGS = new Set([
+  // Collapse runs of blank lines to a single separator.
-  'p', 'div', 'section', 'article', 'main', 'aside', 'figure',
+  maxConsecutiveNewlines: 1,
-  'figcaption', 'details', 'summary', 'dl', 'dt', 'dd',
+  // Strip non-content elements entirely (script/style are skipped by default,
-]);
+  // but listing them here is explicit; head/nav/footer/etc. drop their text).
-
+  ignore: ['script', 'style', 'head', 'noscript', 'svg', 'math', 'nav', 'footer'],
 const HEADING_TAGS = new Set(['h1', 'h2', 'h3', 'h4', 'h5', 'h6']);
 const INLINE_EMPHASIS: Record<string, string> = {
  strong: '**', b: '**', em: '*', i: '*',
 };
 function isElement(node: ChildNode): node is Element {
  return 'tagName' in node;
 }
 function isText(node: ChildNode): node is TextNode {
  return node.nodeName === '#text';
 }
 class MarkdownRenderer {
  private out: string[] = [];
  private inLink = false;
  private linkHref: string | null = null;
  private linkTextParts: string[] = [];
  private listStack: string[] = [];
  private olCounter: number[] = [];
  private inTable = false;
  private currentRow: string[] = [];
  private cellParts: string[] = [];
  private inCell = false;
  private headerRowDone = false;
  private rowHasTh = false;
  private isFirstRow = false;
  private inPre = false;
  private preParts: string[] = [];
  private preLanguage: string | null = null;
  private inInlineCode = false;
  private bqStack: string[][] = [];
  private emit(text: string): void {
    if (this.inLink) {
      this.linkTextParts.push(text);
    } else if (this.inCell) {
      this.cellParts.push(text);
    } else if (this.inPre) {
      this.preParts.push(text);
    } else if (this.bqStack.length > 0) {
      this.bqStack[this.bqStack.length - 1]!.push(text);
    } else {
      this.out.push(text);
    }
  }
  private prefixBlockquote(content: string): string {
    content = content.replace(/[ \t]+$/gm, '');
    content = content.replace(/\n{3,}/g, '\n\n').trim();
    if (!content) return '';
    return content.split('\n').map(line =>
      line.trim() ? '> ' + line : '>'
    ).join('\n');
  }
  private finishCell(): void {
    if (!this.inCell) return;
    this.inCell = false;
    let cellText = this.cellParts.join('').trim().replace(/\n/g, ' ');
    cellText = cellText.replace(/\|/g, '\\|');
    this.currentRow.push(cellText);
    this.cellParts = [];
  }
  private finishRow(): void {
    if (this.currentRow.length === 0) return;
    const line = '| ' + this.currentRow.join(' | ') + ' |';
    this.emit(line + '\n');
    if (!this.headerRowDone && (this.rowHasTh || this.isFirstRow)) {
      const sep = '| ' + this.currentRow.map(() => '---').join(' | ') + ' |';
      this.emit(sep + '\n');
      this.headerRowDone = true;
    }
    this.isFirstRow = false;
    this.currentRow = [];
    this.rowHasTh = false;
  }
  private finishLink(): void {
    const text = this.linkTextParts.join('').replace(/\s+/g, ' ').trim();
    const href = this.linkHref ?? '';
    this.inLink = false;
    if (href && text) {
      this.emit(`[${text}](${href})`);
    } else if (text) {
      this.emit(text);
    }
  }
  private getAttr(el: Element, name: string): string | undefined {
    return el.attrs.find(a => a.name === name)?.value;
  }
  private handleOpen(el: Element): void {
    const tag = el.tagName.toLowerCase();
    if (HEADING_TAGS.has(tag)) {
      const level = parseInt(tag[1]!, 10);
      this.emit('\n\n' + '#'.repeat(level) + ' ');
    } else if (tag === 'a') {
      this.linkHref = this.getAttr(el, 'href') ?? null;
      this.linkTextParts = [];
      this.inLink = true;
    } else if (tag in INLINE_EMPHASIS) {
      this.emit(INLINE_EMPHASIS[tag]!);
    } else if (tag === 'br') {
      this.emit('\n');
    } else if (BLOCK_TAGS.has(tag)) {
      this.emit('\n\n');
    } else if (tag === 'hr') {
      this.emit('\n\n---\n\n');
    } else if (tag === 'blockquote') {
      this.emit('\n\n');
      this.bqStack.push([]);
    } else if (tag === 'ul') {
      this.listStack.push('ul');
      this.emit('\n');
    } else if (tag === 'ol') {
      this.listStack.push('ol');
      const startAttr = this.getAttr(el, 'start');
      let start = 1;
      if (startAttr != null) {
        const parsed = parseInt(startAttr, 10);
        if (!isNaN(parsed)) start = parsed;
      }
      this.olCounter.push(start - 1);
      this.emit('\n');
    } else if (tag === 'li') {
      const indent = '  '.repeat(Math.max(0, this.listStack.length - 1));
      if (this.listStack.length > 0 && this.listStack[this.listStack.length - 1] === 'ol') {
        if (this.olCounter.length > 0) {
          this.olCounter[this.olCounter.length - 1]!++;
          this.emit(`\n${indent}${this.olCounter[this.olCounter.length - 1]}. `);
        } else {
          this.emit(`\n${indent}1. `);
        }
      } else {
        this.emit(`\n${indent}* `);
      }
    } else if (tag === 'pre') {
      this.preParts = [];
      this.inPre = true;
      this.preLanguage = null;
      const codeChild = el.childNodes.find(
        (c): c is Element => isElement(c) && c.tagName === 'code'
      );
      if (codeChild) {
        const cls = this.getAttr(codeChild, 'class') ?? '';
        const langMatch = cls.match(/(?:^|\s)language-(\S+)/);
        if (langMatch) this.preLanguage = langMatch[1]!;
      }
    } else if (tag === 'code' && !this.inPre) {
      this.inInlineCode = true;
      this.emit('`');
    } else if (tag === 'table') {
      this.inTable = true;
      this.headerRowDone = false;
      this.isFirstRow = true;
      this.emit('\n\n');
    } else if (tag === 'tr') {
      this.finishCell();
      this.finishRow();
    } else if (tag === 'th' || tag === 'td') {
      this.finishCell();
      this.cellParts = [];
      this.inCell = true;
      if (tag === 'th') this.rowHasTh = true;
    }
  }
  private handleClose(tag: string): void {
    tag = tag.toLowerCase();
    if (HEADING_TAGS.has(tag)) {
      this.emit('\n\n');
    } else if (tag === 'a') {
      this.finishLink();
    } else if (tag in INLINE_EMPHASIS) {
      this.emit(INLINE_EMPHASIS[tag]!);
    } else if (BLOCK_TAGS.has(tag)) {
      this.emit('\n\n');
    } else if (tag === 'blockquote') {
      if (this.bqStack.length > 0) {
        const content = this.bqStack.pop()!.join('');
        const prefixed = this.prefixBlockquote(content);
        if (prefixed) this.emit('\n\n' + prefixed + '\n\n');
      }
    } else if (tag === 'ul') {
      if (this.listStack.length > 0 && this.listStack[this.listStack.length - 1] === 'ul') {
        this.listStack.pop();
      }
      this.emit('\n');
    } else if (tag === 'ol') {
      if (this.listStack.length > 0 && this.listStack[this.listStack.length - 1] === 'ol') {
        this.listStack.pop();
        if (this.olCounter.length > 0) this.olCounter.pop();
      }
      this.emit('\n');
    } else if (tag === 'pre') {
      const raw = this.preParts.join('');
      this.inPre = false;
      const lang = this.preLanguage ?? '';
      const block = '```' + lang + '\n' + raw + '\n```';
      this.emit('\n\n' + block + '\n\n');
      this.preLanguage = null;
    } else if (tag === 'code' && !this.inPre) {
      this.inInlineCode = false;
      this.emit('`');
    } else if (tag === 'th' || tag === 'td') {
      this.finishCell();
    } else if (tag === 'tr') {
      this.finishCell();
      this.finishRow();
    } else if (tag === 'table') {
      this.finishCell();
      this.finishRow();
      this.inTable = false;
      this.emit('\n');
    }
  }
  private handleText(data: string): void {
    if (this.inPre) {
      this.preParts.push(data);
      return;
    }
    if (this.inInlineCode) {
      this.emit(data);
      return;
    }
    const text = data.replace(/\s+/g, ' ');
    if (this.inTable && !this.inCell && !text.trim()) return;
    this.emit(text);
  }
  walk(node: ChildNode | Document): void {
    if (isText(node as ChildNode)) {
      this.handleText((node as TextNode).value);
      return;
    }
    if (node.nodeName === '#comment') return;
    if (isElement(node as ChildNode)) {
      const el = node as Element;
      const tag = el.tagName.toLowerCase();
      if (SKIP_TAGS.has(tag)) return;
      if (tag === 'img') return;
      this.handleOpen(el);
      if (tag === 'pre') {
        for (const child of el.childNodes) {
          if (isElement(child) && child.tagName === 'code') {
            for (const grandchild of child.childNodes) {
              this.walk(grandchild);
            }
          } else {
            this.walk(child);
          }
        }
      } else {
        for (const child of el.childNodes) {
          this.walk(child);
        }
      }
      this.handleClose(tag);
      return;
    }
    if ('childNodes' in node) {
      for (const child of (node as Document).childNodes) {
        this.walk(child);
      }
    }
  }
  getOutput(): string {
    return this.out.join('');
  }
 }
 function cleanup(text: string): string {
  const lines = text.split('\n');
  const out: string[] = [];
  let inFence = false;
  let blankRun = 0;
  for (const line of lines) {
    const stripped = line.replace(/[ \t]+$/, '');
    if (stripped.startsWith('```')) {
      inFence = !inFence;
      blankRun = 0;
      out.push(stripped);
      continue;
    }
    if (inFence) {
      out.push(line);
      continue;
    }
    if (!stripped) {
      blankRun++;
      if (blankRun <= 1) out.push('');
      continue;
    }
    blankRun = 0;
    out.push(stripped);
  }
  return out.join('\n').trim();
 }
 export function htmlToMarkdown(sourceHtml: string): string {
-  sourceHtml = sourceHtml.replace(/\r\n/g, '\n').replace(/\r/g, '\n');
+  if (!sourceHtml) return '';
-  const doc = parse(sourceHtml);
+  return NodeHtmlMarkdown.translate(sourceHtml, OPTIONS).trim();
  const renderer = new MarkdownRenderer();
  renderer.walk(doc);
  return cleanup(renderer.getOutput());
 }
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -44,5 +44,5 @@
    "typescript": "^5.5.0",
    "vite": "^5.3.4"
  },
-  "license": "AGPL-3.0-only"
+  "license": "MIT"
 }
--- a/apps/web/src/components/panes/CoderPane.tsx
+++ b/apps/web/src/components/panes/CoderPane.tsx
@@ -388,12 +388,14 @@ function usePendingChanges(sessionId: string) {
 function DiffPanel({
  changes,
  loading,
  currentProvider,
  onRefresh,
  onApprove,
  onReject,
 }: {
  changes: PendingChange[];
  loading: boolean;
  currentProvider: string;
  onRefresh: () => void;
  onApprove: (id: string) => void;
  onReject: (id: string) => void;
@@ -409,6 +411,29 @@ function DiffPanel({
      ? `Changes from ${distinctAgents.map((a) => providerLabel(a)).join(', ')}`
      : null;
  // v2.6 §9c: staging-boundary caveat. External agents (opencode/goose/qwen/
  // claude) edit *inside their worktree*; native boocode reads/writes the
  // *project root* via pending_changes. Unapplied edits don't cross that
  // boundary. When the currently-selected provider can't see another side's
  // staged-but-unapplied edits, surface a muted one-liner. agent===null
  // (manual) is boundary-neutral. Pure derivation — no new state/fetch.
  const isNativeProvider = currentProvider === 'boocode';
  const boundaryHint = (() => {
    if (isNativeProvider) {
      // Native boocode is selected: it won't see external-worktree edits.
      const external = distinctAgents.filter((a) => a !== null && a !== 'boocode');
      if (external.length === 0) return null;
      const who =
        external.length === 1
          ? providerLabel(external[0]!)
          : external.map((a) => providerLabel(a)).join(', ');
      return `${who}'s edits live in its worktree — BooCode won't see them until applied.`;
    }
    // An external agent is selected: it won't see boocode's project-root edits.
    if (!distinctAgents.includes('boocode')) return null;
    return `BooCode's edits live in the project root — ${providerLabel(currentProvider)} won't see them until applied.`;
  })();
  return (
    <div className="flex flex-col h-full border-t border-border">
      <div className="flex items-center justify-between px-3 py-1.5 border-b border-border bg-muted/30">
@@ -430,6 +455,14 @@ function DiffPanel({
          {mixedNote}
        </div>
      )}
      {boundaryHint && (
        <div
          className="px-3 py-1 border-b border-border bg-muted/10 text-xs text-muted-foreground"
          title={boundaryHint}
        >
          {boundaryHint}
        </div>
      )}
      <div className="flex-1 overflow-y-auto">
        {pending.length === 0 ? (
          <div className="flex items-center justify-center h-full text-sm text-muted-foreground">
@@ -914,6 +947,7 @@ export function CoderPane({
          <DiffPanel
            changes={changes}
            loading={loading}
            currentProvider={agentConfig.provider}
            onRefresh={refresh}
            onApprove={approve}
            onReject={reject}
--- a/boocode_roadmap.md
+++ b/boocode_roadmap.md
@@ -348,7 +348,7 @@ Per-session Docker sandbox spawned by BooCoder on first write. Only project path
 -----
-## Shipped (v2.2.2–v2.6.9 — interactive ACP, provider lifecycle, persistent agent sessions, workspace UX)
+## Shipped (v2.2.2–v2.6.11 — interactive ACP, provider lifecycle, persistent agent sessions, workspace UX)
 All tags `vMAJOR.MINOR.PATCH-slug`, monotonic per minor, assigned at ship time (planning slugs differ — see the numbering-discipline note below). `CHANGELOG.md` is the canonical per-tag record. **Note on numbering divergence:** the *planned-feature* "v2.3 — Provider lifecycle" actually shipped under the **v2.5.4–v2.5.13** tags; the *planned-feature* "v2.4 — BooCoder as ACP agent" remains **unshipped** even though v2.4.0/v2.4.1 *tags* shipped unrelated content (Unsloth lifts, sidecar routing). The patch-tag thread and the conceptual-milestone thread have diverged — read tags as the ship record, the `## v2.x` feature sections below as the milestone plan. The v2.3.0–v2.5.1 tags were never CHANGELOG-backfilled; summarized here from commit bodies.
@@ -384,6 +384,8 @@ All tags `vMAJOR.MINOR.PATCH-slug`, monotonic per minor, assigned at ship time (
 - `v2.6.7-interrupt-guard` — **F.1 fix:** post-interrupt stale-terminal bug in the opencode warm-server backend (one-click reachable since `v2.6.5`'s Stop button). opencode emits one trailing `session.idle`/`session.error` for a cancelled turn (sessionID only, no turn id) that settled the *next* turn early as success. Pure per-session guard (`backends/turn-guard.ts` — arm-on-abort / swallow-one-orphan / self-heal-on-activity) wired into `opencode-server.ts`; 3 regression tests (TDD). First item of the v2.6 openspec "remaining" plan; Phase 1-UX / 2 / 3 still open
 - `v2.6.8-agent-attribution` — **v2.6 Phase 1-UX** (U.1–U.6), built by 3 parallel subagents over disjoint files. Backend: `pending_changes.agent` stamped at every queue site + flows through `listPending`; new `GET /api/sessions/:id/agent-sessions` route; opencode warm-server consumes `session.next.step.ended` → accumulates `input_tokens`/`output_tokens`/`cost` on `agent_sessions`. Frontend: DiffPanel per-row agent badges + multi-agent note; AgentComposerBar resumed/history/new-session chip (gated on optional `sessionId`, BooChat unaffected); shared `providerIcons.tsx` + `useAgentSessions` hook. 9 new tests; web+coder tsc clean. Both surfaces deployed (boocoder restart + `boocode` Docker rebuild). Phase 2/3 remain
 - `v2.6.9-warm-acp` — **v2.6 Phase 2:** goose/qwen run as **warm ACP backends** (one persistent `goose acp`/`qwen --acp` child + `ClientSideConnection` + ACP session per `(chat,agent)`, `initialize`+`session/new` once, reused across turns) instead of one-shot. New `WarmAcpBackend` (same `AgentBackend` interface as opencode); abort = `session/cancel` the prompt only (never kills the child); dispatcher routes goose/qwen chat-tab tasks via pure `shouldUseWarmBackend` (one-shot fallback kept for arena/MCP/`new_task`); `handleSessionUpdate` extracted to a shared pure `acp-event-map.ts` (one-shot path byte-identical). SDK concern resolved (`@agentclientprotocol/sdk@^0.22.1` has stable resume; moot warm, deferred to Phase 3). 15 new tests, 180 coder tests pass. Backend-only deploy (boocoder restart). **Smoke 2/2b pending live.** Phase 3 (lifecycle hardening) is the last v2.6 phase
 - `v2.6.10-lifecycle-hardening` — **v2.6 Phase 3 (final phase — completes v2.6).** Idle TTL eviction (`AGENT_POOL_IDLE_TTL_MS`=30min) + LRU cap (`AGENT_POOL_MAX_LIVE`=10), busy backends never evicted; pure `lifecycle-decisions.ts`. Crash recovery via openchamber's health-monitor + busy-aware-restart + stale-grace state machine in `opencode-server.ts` (+ port reclaim) + `warm-acp.ts` (opencode → fresh sessions; ACP → re-`session/new`; F.1 guard + U.6 usage preserved). Orphan worktree reaper (1h grace, superset-style dirty/unpushed preflight, Paseo soft-delete) + close hooks + re-baseline after apply. 35 new tests + DB-opt-in reconnect test; 215 coder tests pass. Backend-only deploy. **Follow-ups (out of v2.6 scope): apps/server close-hook caller, 3.7 DiffPanel staging hint (frontend), live Smoke 2/2b/3.** With this, **v2.6 persistent agent sessions is complete** (Phase 0–3 + F.1 + Phase 1-UX)
 - `v2.6.11-close-hooks-staging` — the two v2.6 follow-ups. **apps/server close-hook caller:** BooChat fire-and-forgets BooCoder's Phase-3 close hooks (new `coder-notify.ts`, never-rejects) on session-delete + chat archive/delete, so warm backends + worktrees tear down immediately (the idle-evict/reaper was the backstop). **Task 3.7 staging hint:** BooCoder DiffPanel shows a muted one-liner when the selected provider can't see another agent's unapplied worktree edits (pure derivation from per-change `agent` + current provider). 6 new server tests; web+server tsc/build clean; deploys via the `boocode` Docker container. **The v2.6 openspec is now fully closed** — only live Smoke 2/2b/3 remain (manual)
 -----
@@ -445,24 +447,22 @@ All tags `vMAJOR.MINOR.PATCH-slug`, monotonic per minor, assigned at ship time (
 -----
-## License-debt — relicense AGPL-3.0 → MIT (planned)
+## License-debt — relicense AGPL-3.0 → MIT (shipped 2026-06-01)
-**Status: planned, not started.** Recorded 2026-05-31 from the v2 external review (`boocode_code_review_v2.md` §5k) + a direct tree audit. **Decision (Sam, 2026-05-31): relicense the project back to MIT.**
+**Status: SHIPPED 2026-06-01** (openspec `license-debt-mit`). Recorded 2026-05-31 from the v2 external review (`boocode_code_review_v2.md` §5k) + a direct tree audit. **Decision (Sam, 2026-05-31): relicense the project back to MIT.**
-**Current state (the problem):** the tree is **currently AGPL-3.0** — root `LICENSE` is GNU Affero GPL v3 and all five `package.json` declare `"license": "AGPL-3.0-only"`. Cause: the `v2.4.0`/`v2.4.1` Unsloth-Studio lifts pulled in AGPL-3.0-only code, which makes the whole network-served work AGPL-encumbered. This batch clears that so the MIT flip is valid; **nothing else AGPL remains once these files are gone.**
+**What was the problem:** the tree was AGPL-3.0 — root `LICENSE` was GNU Affero GPL v3 and all five `package.json` declared `"license": "AGPL-3.0-only"`. Cause: the `v2.4.0`/`v2.4.1` Unsloth-Studio lifts pulled in three AGPL-3.0-only files, making the whole network-served work AGPL-encumbered (AGPL §13 network-copyleft). Clearing those three files made the MIT flip valid.
-**The three AGPL-3.0-only files to clear** (each `SPDX-License-Identifier: AGPL-3.0-only`, ported from Unsloth Studio):
+**The three AGPL-3.0-only files (cleared):**
-1. `apps/server/src/services/inference/tool-call-parser.ts` (← `tool_call_parser.py`) — remove by routing tool-call parsing to **native llama-server** template parsing + a **clean-room `<invoke>`-only fallback** (no Unsloth provenance).
+1. `apps/server/src/services/inference/tool-call-parser.ts` (← `tool_call_parser.py`) — the Unsloth-ported algorithm (`parseToolCallsFromText`/`scanBalancedBraces` + unused nudge constants) was **dead code** (no production import; only the file + its test referenced it). Deleted it. The load-bearing parser (`extractToolCallBlocks` + the BooCode-authored streaming helpers) and `stripToolMarkup` were kept byte-identical and the AGPL header dropped. **No behavior change to the live tool-call path.**
-2. `apps/server/src/services/web/html-to-md.ts` (← `_html_to_md.py`, used by `web_fetch`) — replace with a permissively-licensed library (`turndown` / `node-html-markdown`) or a clean-room walker.
+2. `apps/server/src/services/web/html-to-md.ts` (← `_html_to_md.py`, used by `web_fetch`) — **swapped** to the MIT `node-html-markdown` library (a distinct third-party lib, not a rewrite-from-memory); `parse5` dropped. `htmlToMarkdown(html): string` signature preserved.
-3. `apps/server/src/services/inference/llama-args-validator.ts` (← `llama_server_args.py`, the v2.4.1 sidecar flag-denylist) — clean-room rewrite from the llama-server README flag list (the denylist is facts, not copyrightable).
+3. `apps/server/src/services/inference/llama-args-validator.ts` (← `llama_server_args.py`) — **clean-room rewrite** with independent structure; the managed-flag denylist re-derived from the public llama-server flag list (facts, not copyrightable).
-**Steps:**
+**Key correction to the original plan:** the native-llama-server-parsing retirement (which would have needed a live qwen3.6 validation window "behind a flag for one release") was **decoupled** from the relicense and proved unnecessary — the ported parser code was already dead, so the relicense stripped *provenance, not capability*. The native-parsing retirement remains a separate, optional future optimization.
 1. Confirm native llama-server tool-parsing on **live qwen3.6** (jinja gate already green — `--jinja` + qwen3.x template live; llama.cpp server-side template parser, v2 review §4a).
 2. Run native parsing **behind a flag for one release** (qwen3.6 was historically unreliable — validate before deleting).
 3. **Delete** the ~250 Unsloth-derived parser lines + clean-room the `<invoke>` fallback; replace `html-to-md.ts`; clean-room `llama-args-validator.ts`.
 4. **Flip the license:** root `LICENSE` AGPL→MIT, the five `package.json` `license` fields `AGPL-3.0-only`→`MIT`, remove the per-file AGPL SPDX headers, and update roadmap/README prose. After this, **no AGPL remains in the tree** and the "BooCode is MIT" claim becomes true.
-**Source:** `boocode_code_review_v2.md` §1 #1, §5k. **Prerequisite for the license flip — this batch is the blocker, not optional.**
+**License flip:** root `LICENSE` AGPL→MIT (`Copyright (c) 2026 indifferentketchup`); the five `package.json` `license` fields → `MIT`; AGPL SPDX headers removed from all three files; a `## License` section added to `README.md`; a guard test asserts no AGPL header / SPDX-AGPL survives. The `boocode_code_review*.md` point-in-time snapshots were left as-is. **No AGPL remains in the tree.**
 **Source:** `boocode_code_review_v2.md` §1 #1, §5k; openspec `license-debt-mit`.
 -----
@@ -706,7 +706,6 @@ Full per-tag detail in the **Shipped (v2.2.2–v2.6.6)** section above and in `C
 ### In flight
 - **License-debt → relicense AGPL-3.0 → MIT** — see the planned batch above; the tree is currently AGPL-3.0 and three Unsloth-derived files must be cleared before the MIT flip. Prerequisite, blocker-status.
 - **v2.6 persistent agent sessions — Phase 2/3** — warm ACP backend for goose/qwen (persistent process reused across turns) + lifecycle hardening (idle eviction, crash recovery, worktree cleanup/reaper, post-apply re-baseline) + the Phase-1 UX attribution work (DiffPanel agent badges, resumed/new-session chip). See openspec `v2-6-persistent-agent-sessions/tasks.md`.
 ### Numbering and scope-revision discipline during v1.13.x (2026-05-23)
--- a/openspec/changes/license-debt-mit/proposal.md
+++ b/openspec/changes/license-debt-mit/proposal.md
@@ -0,0 +1,51 @@
 # License-debt — relicense AGPL-3.0 → MIT
 **Status:** in progress (started 2026-06-01)
 **Decision:** Sam, 2026-05-31 — relicense BooCode back to MIT.
 **Source:** `boocode_code_review_v2.md` §1 #1, §5k; roadmap `## License-debt` batch.
 ## Why
 The tree is **currently AGPL-3.0** — root `LICENSE` is GNU Affero GPL v3 and all five
 `package.json` declare `"license": "AGPL-3.0-only"`. Cause: the `v2.4.0`/`v2.4.1`
 Unsloth-Studio lifts pulled in three AGPL-3.0-only files. BooCode is network-served, so
 AGPL §13 network-copyleft is a live liability. Clearing the three files makes the MIT flip
 valid; nothing else AGPL remains once they are gone.
 ## Core insight (supersedes the roadmap's staged steps)
 The roadmap entangled the relicense with retiring `tool-call-parser.ts` behind a live
 qwen3.6 validation window. That is **not necessary**: the Unsloth-ported algorithm
 (`parseToolCallsFromText` / `scanBalancedBraces` + unused constants) is **dead code** —
 no production consumer imports it (verified: only the file and its test reference it). The
 load-bearing parser (`extractToolCallBlocks`, under the file's own "BooCode streaming
 helpers" banner) and `stripToolMarkup` are BooCode-authored. So the relicense **strips
 provenance, not capability** — zero behavior change, no validation gate. The
 native-llama-server-parsing retirement remains a separate, optional future optimization.
 ## The three AGPL-3.0-only files to clear
 1. `apps/server/src/services/web/html-to-md.ts` (← `_html_to_md.py`) — **swap** to
   `node-html-markdown` (MIT). A different third-party library, not a rewrite-from-memory
   (which would still be a derivative). Consumed by `web_fetch` via `web/index.ts`;
   `htmlToMarkdown(html): string` signature preserved.
 2. `apps/server/src/services/inference/llama-args-validator.ts` (← `llama_server_args.py`)
   — **clean-room** re-derive the flag denylist from the public llama-server README (CLI
   flag names are facts, not copyrightable); the shadowing logic is already BooCode's own.
 3. `apps/server/src/services/inference/tool-call-parser.ts` (← `tool_call_parser.py`) —
   **delete** the dead Unsloth-ported code; keep BooCode's streaming helpers +
   `stripToolMarkup` (re-derive its strip regexes from qwen's wire format); drop the header.
   No change to the live tool-call path.
 ## Decisions (Sam, 2026-06-01)
 - html-to-md library: **node-html-markdown** (single MIT dep, GFM tables built-in).
 - tool-call-parser: **relicense-only** — defer native-parsing retirement.
 - MIT copyright line: **`Copyright (c) 2026 indifferentketchup`**.
 - Leave `boocode_code_review*.md` (point-in-time snapshots) untouched; update the roadmap
  batch (planned → shipped) and add a README License section.
 ## Out of scope
 - Retiring `tool-call-parser` patterns 1 & 2 in favour of native llama-server parsing.
 - Bumping the stale README "Latest release" line / AGENTS.md pointer.
--- a/openspec/changes/license-debt-mit/tasks.md
+++ b/openspec/changes/license-debt-mit/tasks.md
@@ -0,0 +1,51 @@
 # Tasks — relicense AGPL-3.0 → MIT
 Four units. A/B/C are disjoint files (parallelizable); D is the join (runs after A/B/C).
 The shared `node-html-markdown` dependency swap + `pnpm install` is done before A so the
 parallel agents don't race on `apps/server/package.json`.
 ## Pre: dependency swap (done by coordinator)
 - [ ] Add `node-html-markdown` to `apps/server/package.json` dependencies; remove `parse5`
      (only html-to-md consumed it).
 - [ ] `pnpm install`.
 ## A — html-to-md → node-html-markdown
 - [ ] Replace `apps/server/src/services/web/html-to-md.ts` with a thin MIT wrapper exporting
      `htmlToMarkdown(sourceHtml: string): string` over `NodeHtmlMarkdown.translate`.
 - [ ] Drop the AGPL/Unsloth SPDX header.
 - [ ] Update `html-to-md.test.ts` to the new library's output (structure-level `.toContain`
      where whitespace differs; output feeds an LLM so exact format is not load-bearing).
 - [ ] Keep `web/index.ts` re-export and `web_fetch.ts` untouched.
 ## B — llama-args-validator → clean-room
 - [ ] Rewrite `apps/server/src/services/inference/llama-args-validator.ts`: re-derive the
      managed-flag denylist from the public llama-server README; keep the BooCode
      shadowing-flag logic. Same exports (`validateExtraArgs`, `isManagedFlag`,
      `stripShadowingFlags`, `StripOptions`).
 - [ ] Drop the AGPL/Unsloth SPDX header.
 - [ ] Keep `llama-args-validator.test.ts` green (it pins the contract).
 ## C — tool-call-parser → minimal clean (relicense-only)
 - [ ] Delete dead Unsloth-ported exports: `parseToolCallsFromText`, `scanBalancedBraces`,
      `OpenAiToolCall`, `hasToolSignal`, and the unused nudge constants
      (`DUPLICATE_CALL_NUDGE`, `TOOL_ERROR_NUDGE`, `TOOL_ERROR_PREFIXES`,
      `BUDGET_EXHAUSTED_NUDGE`).
 - [ ] Keep `extractToolCallBlocks` + streaming helpers + `stripToolMarkup` (re-derive its
      strip regexes from qwen's wire format). Drop the AGPL/Unsloth SPDX header.
 - [ ] Remove the now-dead tests from `tool-call-parser.test.ts`; keep streaming/strip tests.
 - [ ] Verify `stream-phase.ts` (`extractToolCallBlocks`) + `tool-phase.ts` / `error-handler.ts`
      (`stripToolMarkup`) still compile.
 ## D — license flip (join)
 - [ ] `LICENSE`: replace AGPL-3.0 text with MIT, `Copyright (c) 2026 indifferentketchup`.
 - [ ] Flip `"license"` to `"MIT"` in all 5 `package.json` (root, server, web, coder, booterm).
 - [ ] Confirm no `SPDX-License-Identifier: AGPL` header survives in the 3 files.
 - [ ] Roadmap `License-debt` batch: planned → shipped (note the decoupled-from-parser-retirement
      approach). Add a `## License` section to `README.md` (MIT).
 - [ ] Optional guard test: assert no `AGPL` SPDX header in `apps/**` and all 5 `package.json`
      are MIT.
 ## Verify
 - [ ] `pnpm -C apps/server test`
 - [ ] `pnpm -C apps/server build`
 - [ ] root `npx tsc --noEmit`
--- a/openspec/changes/v2-6-persistent-agent-sessions/tasks.md
+++ b/openspec/changes/v2-6-persistent-agent-sessions/tasks.md
@@ -54,20 +54,17 @@ ACP follows; hardening last.
      resumes the SAME `agent_session_id` (memory intact), boocode saw opencode's turns as
      history, all three shared the one worktree, and no agent was locked to the chat.
-## Phase 3 — Lifecycle hardening — ⬜ REMAINING
+## Phase 3 — Lifecycle hardening — ✅ COMPLETE (`v2.6.10` 3.1–3.6; `v2.6.11` closed 3.7 + the apps/server close-hook caller)
 > **Lift (design §10):** hardening from **openchamber** (MIT, same warm-opencode-server architecture) — health-monitor + crash auto-restart + busy-aware restart + port reclaim (`killProcessOnPort`/`waitForPortRelease`) + stall-SSE = a concrete state machine for 3.1/3.2/3.6. Reaper (3.3/3.4): Paseo worktree-archive cascade + superset destroy-saga (preflight dirty/unpushed inspect) + LRU cap on warm-server Maps. Do crash-recovery + reaper together (shared supervision loop).
- [ ] 3.1 Idle TTL eviction keyed per `(chat, agent)`; reattach-on-next-turn from `agent_sessions`.
+- [x] 3.1 Idle TTL eviction per `(chat, agent)` (`AGENT_POOL_IDLE_TTL_MS`=30min) + LRU cap (`AGENT_POOL_MAX_LIVE`=10), busy never evicted; reattach next turn. Pure `lifecycle-decisions.ts` (TDD).
- [ ] 3.2 Crash recovery: opencode server restart recreates sessions; ACP re-`session/new`.
+- [x] 3.2 Crash recovery: openchamber health-monitor + busy-aware-restart + stale-grace state machine in `opencode-server.ts` (+ port reclaim) + `warm-acp.ts`. opencode → fresh sessions; ACP → re-`session/new`. F.1 guard + U.6 usage preserved.
- [ ] 3.3 Chat close/archive hook → `closeSession` for every `(chat, agent)` + remove the
+- [x] 3.3 Close hooks (`/api/chats/:id/close`, `/api/sessions/:id/close`) → `closeChat` evicts backends + archives the `worktrees` row + removes the worktree. **apps/server caller wired in `v2.6.11`** (`coder-notify.ts`, fire-and-forget on session-delete + chat archive/delete).
-      chat's **`worktrees`** row + worktree (NOT `session_worktrees` — superseded P1.5-b); mark agent rows `status='closed'`.
+- [x] 3.4 Orphan worktree reaper (periodic, 1h grace, superset-style dirty/unpushed preflight, Paseo soft-delete) + LRU cap on the pool.
- [ ] 3.4 Orphan worktree reaper (extend periodic sweeper) + max-live-worktrees LRU cap.
+- [x] 3.5 Re-baseline `worktrees.base_commit` after a successful `apply_pending` (both apply routes).
- [ ] 3.5 Re-baseline worktree diff after `apply_pending`.
+- [x] 3.6 Reconnect integration test (DB-opt-in): restart mid-session → next turn reattaches/recreates from `agent_sessions`/`worktrees`.
- [ ] 3.6 Reconnect test: restart BooCoder mid-session → next turn reattaches/recreates cleanly.
+- [x] 3.7 Staging-boundary hint in DiffPanel (§9c) — `v2.6.11`: muted one-liner when the selected provider can't see another agent's unapplied worktree edits (derived from per-change `agent` + current provider; no new state).
 - [ ] 3.7 Staging-boundary hint in DiffPanel (§9c): muted one-liner when the selected
      provider can't see another agent's unapplied worktree edits (derived from per-change
      `agent` + current provider; no new state).
 ## Tests — ⬜ REMAINING (none of T.1–T.3 exist yet)
--- a/package.json
+++ b/package.json
@@ -11,5 +11,5 @@
  "devDependencies": {
    "typescript": "^5.5.0"
  },
-  "license": "AGPL-3.0-only"
+  "license": "MIT"
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -158,9 +158,9 @@ importers:
      fastify:
        specifier: ^4.28.1
        version: 4.29.1
-      parse5:
+      node-html-markdown:
-        specifier: ^8.0.1
+        specifier: ^1.3.0
-        version: 8.0.1
+        version: 1.3.0
      postgres:
        specifier: ^3.4.4
        version: 3.4.9
@@ -2108,6 +2108,9 @@ packages:
    resolution: {integrity: sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA==}
    engines: {node: '>=18'}
  boolbase@1.0.0:
    resolution: {integrity: sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==}
  brace-expansion@2.1.0:
    resolution: {integrity: sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==}
@@ -2270,6 +2273,13 @@ packages:
    resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
    engines: {node: '>= 8'}
  css-select@5.2.2:
    resolution: {integrity: sha512-TizTzUddG/xYLA3NXodFM0fSbNizXjOKhqiQQwvhlspadZokn1KDy0NZFS0wuEubIYAV5/c1/lAr0TaaFXEXzw==}
  css-what@6.2.2:
    resolution: {integrity: sha512-u/O3vwbptzhMs3L1fQE82ZSLHQQfto5gyZzwteVIEyeaY5Fc7R4dapF/BvRoSYFeqfBk4m0V1Vafq5Pjv25wvA==}
    engines: {node: '>= 6'}
  cssesc@3.0.0:
    resolution: {integrity: sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==}
    engines: {node: '>=4'}
@@ -2344,6 +2354,19 @@ packages:
    resolution: {integrity: sha512-DPi0FmjiSU5EvQV0++GFDOJ9ASQUVFh5kD+OzOnYdi7n3Wpm9hWWGfB/O2blfHcMVTL5WkQXSnRiK9makhrcnw==}
    engines: {node: '>=0.3.1'}
  dom-serializer@2.0.0:
    resolution: {integrity: sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==}
  domelementtype@2.3.0:
    resolution: {integrity: sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==}
  domhandler@5.0.3:
    resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==}
    engines: {node: '>= 4'}
  domutils@3.2.2:
    resolution: {integrity: sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==}
  dotenv@17.4.2:
    resolution: {integrity: sha512-nI4U3TottKAcAD9LLud4Cb7b2QztQMUEfHbvhTH09bqXTxnSie8WnjPALV/WMCrJZ6UV/qHJ6L03OqO3LcdYZw==}
    engines: {node: '>=12'}
@@ -2391,9 +2414,9 @@ packages:
    resolution: {integrity: sha512-QyL119InA+XXEkNLNTPCXPugSvOfhwv0JOlGNzvxs0hZaiHLNvXSpudUWsOlsXGWJh8G6ckCScEkVHfX3kw/2Q==}
    engines: {node: '>=10.13.0'}
-  entities@8.0.0:
+  entities@4.5.0:
-    resolution: {integrity: sha512-zwfzJecQ/Uej6tusMqwAqU/6KL2XaB2VZ2Jg54Je6ahNBGNH6Ek6g3jjNCF0fG9EWQKGZNddNjU5F1ZQn/sBnA==}
+    resolution: {integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==}
-    engines: {node: '>=20.19.0'}
+    engines: {node: '>=0.12'}
  env-paths@2.2.1:
    resolution: {integrity: sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A==}
@@ -2662,6 +2685,10 @@ packages:
  hast-util-whitespace@3.0.0:
    resolution: {integrity: sha512-88JUN06ipLwsnv+dVn+OIYOvAuvBMy/Qoi6O7mQHxdPXpjy+Cd6xRkWwux7DKO+4sYILtLBRIKgsdpS2gQc7qw==}
  he@1.2.0:
    resolution: {integrity: sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==}
    hasBin: true
  headers-polyfill@5.0.1:
    resolution: {integrity: sha512-1TJ6Fih/b8h5TIcv+1+Hw0PDQWJTKDKzFZzcKOiW1wJza3XoAQlkCuXLbymPYB8+ZQyw8mHvdw560e8zVFIWyA==}
@@ -3210,6 +3237,13 @@ packages:
    resolution: {integrity: sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==}
    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
  node-html-markdown@1.3.0:
    resolution: {integrity: sha512-OeFi3QwC/cPjvVKZ114tzzu+YoR+v9UXW5RwSXGUqGb0qCl0DvP406tzdL7SFn8pZrMyzXoisfG2zcuF9+zw4g==}
    engines: {node: '>=10.0.0'}
  node-html-parser@6.1.13:
    resolution: {integrity: sha512-qIsTMOY4C/dAa5Q5vsobRpOOvPfC4pB61UVW2uSwZNUp0QU/jCekTal1vMmbO0DgdHeLUJpv/ARmDqErVxA3Sg==}
  node-pty@1.1.0:
    resolution: {integrity: sha512-20JqtutY6JPXTUnL0ij1uad7Qe1baT46lyolh2sSENDd4sTzKZ4nmAFkeAARDKwmlLjPx6XKRlwRUxwjOy+lUg==}
@@ -3224,6 +3258,9 @@ packages:
    resolution: {integrity: sha512-9qny7Z9DsQU8Ou39ERsPU4OZQlSTP47ShQzuKZ6PRXpYLtIFgl/DEBYEXKlvcEa+9tHVcK8CF81Y2V72qaZhWA==}
    engines: {node: '>=18'}
  nth-check@2.1.1:
    resolution: {integrity: sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==}
  object-assign@4.1.1:
    resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==}
    engines: {node: '>=0.10.0'}
@@ -3287,9 +3324,6 @@ packages:
    resolution: {integrity: sha512-TXfryirbmq34y8QBwgqCVLi+8oA3oWx2eAnSn62ITyEhEYaWRlVZ2DvMM9eZbMs/RfxPu/PK/aBLyGj4IrqMHw==}
    engines: {node: '>=18'}
  parse5@8.0.1:
    resolution: {integrity: sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==}
  parseurl@1.3.3:
    resolution: {integrity: sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==}
    engines: {node: '>= 0.8'}
@@ -5904,6 +5938,8 @@ snapshots:
    transitivePeerDependencies:
      - supports-color
  boolbase@1.0.0: {}
  brace-expansion@2.1.0:
    dependencies:
      balanced-match: 1.0.2
@@ -6040,6 +6076,16 @@ snapshots:
      shebang-command: 2.0.0
      which: 2.0.2
  css-select@5.2.2:
    dependencies:
      boolbase: 1.0.0
      css-what: 6.2.2
      domhandler: 5.0.3
      domutils: 3.2.2
      nth-check: 2.1.1
  css-what@6.2.2: {}
  cssesc@3.0.0: {}
  csstype@3.2.3: {}
@@ -6083,6 +6129,24 @@ snapshots:
  diff@8.0.4: {}
  dom-serializer@2.0.0:
    dependencies:
      domelementtype: 2.3.0
      domhandler: 5.0.3
      entities: 4.5.0
  domelementtype@2.3.0: {}
  domhandler@5.0.3:
    dependencies:
      domelementtype: 2.3.0
  domutils@3.2.2:
    dependencies:
      dom-serializer: 2.0.0
      domelementtype: 2.3.0
      domhandler: 5.0.3
  dotenv@17.4.2: {}
  dunder-proto@1.0.1:
@@ -6130,7 +6194,7 @@ snapshots:
      graceful-fs: 4.2.11
      tapable: 2.3.3
-  entities@8.0.0: {}
+  entities@4.5.0: {}
  env-paths@2.2.1: {}
@@ -6519,6 +6583,8 @@ snapshots:
    dependencies:
      '@types/hast': 3.0.4
  he@1.2.0: {}
  headers-polyfill@5.0.1:
    dependencies:
      '@types/set-cookie-parser': 2.4.10
@@ -7196,6 +7262,15 @@ snapshots:
      fetch-blob: 3.2.0
      formdata-polyfill: 4.0.10
  node-html-markdown@1.3.0:
    dependencies:
      node-html-parser: 6.1.13
  node-html-parser@6.1.13:
    dependencies:
      css-select: 5.2.2
      he: 1.2.0
  node-pty@1.1.0:
    dependencies:
      node-addon-api: 7.1.1
@@ -7211,6 +7286,10 @@ snapshots:
      path-key: 4.0.0
      unicorn-magic: 0.3.0
  nth-check@2.1.1:
    dependencies:
      boolbase: 1.0.0
  object-assign@4.1.1: {}
  object-inspect@1.13.4: {}
@@ -7289,10 +7368,6 @@ snapshots:
  parse-ms@4.0.0: {}
  parse5@8.0.1:
    dependencies:
      entities: 8.0.0
  parseurl@1.3.3: {}
  path-browserify@1.0.1: {}
Author	SHA1	Message	Date
indifferentketchup	a8bfde8f8d	feat: relicense AGPL-3.0 → MIT (v2.7.0) Clear the 3 Unsloth-Studio-derived AGPL files and flip LICENSE + 5 package.json from AGPL-3.0-only to MIT. - html-to-md.ts → MIT node-html-markdown (parse5 dropped) - llama-args-validator.ts → clean-room (flag denylist = facts) - tool-call-parser.ts → delete dead Unsloth-ported code; keep extractToolCallBlocks/stripToolMarkup byte-identical (no behavior change) - LICENSE → MIT (Copyright (c) 2026 indifferentketchup); 5 package.json → MIT; AGPL SPDX headers removed; README License section; license-mit guard test - roadmap License-debt batch marked shipped; openspec/changes/license-debt-mit Decouples the relicense from the native-parsing retirement (the ported parser was dead code). Server suite 519 passing; build + coder typecheck clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-01 08:16:03 +00:00
indifferentketchup	9c1ddcaa7c	Merge v2611-followups: v2.6.11 apps/server close-hook caller + DiffPanel staging hint	2026-06-01 02:35:21 +00:00
indifferentketchup	217f487395	docs(changelog): v2.6.11-close-hooks-staging (closes the v2.6 openspec) CHANGELOG + roadmap (through v2.6.11) + openspec v2-6 Phase 3 fully closed (3.7 + apps/server close-hook caller done). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-01 02:35:21 +00:00
indifferentketchup	2dfbef4c41	feat: v2.6 follow-ups — apps/server close-hook caller + DiffPanel staging hint (3.7) apps/server fire-and-forgets BooCoder's Phase-3 close hooks (new coder-notify.ts, reuses BOOCODER_URL, never-rejects) on session-delete + chat archive/archive-all/delete, so warm backends + worktrees tear down immediately (idle-evict/reaper was the backstop). 3.7: BooCoder DiffPanel shows a muted one-liner when the selected provider can't see another agent's unapplied worktree edits (pure derivation from per-change agent + current provider, no new state). 6 new server tests (coder-notify); 537 server tests pass; web+server tsc/build clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-01 02:35:11 +00:00
indifferentketchup	c7a8128059	Merge phase3-lifecycle: v2.6.10 lifecycle hardening (completes v2.6 persistent agent sessions)	2026-06-01 01:10:16 +00:00
indifferentketchup	986c8a83a9	docs(changelog): v2.6.10-lifecycle-hardening (completes v2.6) CHANGELOG + roadmap (through v2.6.10; v2.6 marked complete) + openspec v2-6 Phase 3 checked off (3.1-3.6; 3.7 frontend + apps/server caller as follow-ups). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-01 01:10:16 +00:00
indifferentketchup	aa3797e356	feat(coder): v2.6 Phase 3 — lifecycle hardening (idle evict, crash recovery, worktree reaper) Idle TTL eviction per (chat,agent) + LRU cap (never a busy backend); pure lifecycle-decisions.ts (TDD). Crash recovery lifts openchamber's health-monitor + busy-aware-restart + stale-grace state machine into opencode-server.ts (+ port reclaim) and warm-acp.ts; opencode crash -> fresh sessions, ACP -> re-session/new. F.1 turn-guard + U.6 usage preserved (their tests pass). Orphan worktree reaper (1h grace, superset-style dirty/unpushed preflight, Paseo soft-delete) + close hooks + diff re-baseline after apply_pending. 35 new tests + DB-opt-in reconnect test; 215 coder tests pass; tsc + build clean. Completes v2.6. Follow-ups out of scope: apps/server close-hook caller, 3.7 DiffPanel staging hint, live smokes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-01 01:10:09 +00:00
indifferentketchup	850d48853f	Merge phase2-warm-acp: v2.6.9 warm ACP backend for goose/qwen	2026-05-31 23:57:14 +00:00